Re: [squid-users] squid 3.4.0.2 + smp + rock storage error

From: Alexandre Chappaz <alexandrechappaz_at_gmail.com>
Date: Wed, 20 Nov 2013 10:19:57 +0100

Hi,

I have the same kind of error but what bugs me is that I cannot
reproduce this systematically. I am really wondering if this is a
permission PB on shm mount point and / or /var/run/squid permissions
:

some times the service starts normally ( worker kids stay up ) and
some times some or all of the the worker kids die with this error :

FATAL: Ipc::Mem::Segment::open failed to
shm_open(/squid-cache_mem.shm): (2) No such file or directory.

attached is the cache.log, and here below the squid.conf.

Best regards

# pour le debogage (ne pas mettre plus de 2)
#debug_options ALL,2

# Utilisateurs
cache_effective_user nobody
cache_effective_group nobody

# Format access.log
strip_query_terms off
#logformat Squid %ts.%03tu %6tr %>a %Ss/%>Hs %<st %rm %ru %un %Sh/%<A %mt
logformat PAS-Bdx %ts.%03tu %6tr %>a %Ss/%>Hs %<st %rm %ru %un %Sh/%<A
%mt %rv %tl "%{Referer}>h" "%{User-Agent}>h"

# chemins
coredump_dir /var/cache/squid
pid_filename /var/run/squid/squid.pid
access_log stdio:/var/log/squid/access.log PAS-Bdx
cache_log /var/log/squid/cache.log
cache_store_log none
mime_table /etc/squid/mime.conf
error_directory /etc/squid/errors
error_default_language fr
err_page_stylesheet /etc/squid/errorpage.css

# Fichier hosts
hosts_file /etc/hosts

# SNMP
acl snmpcommunity snmp_community read_only_user
snmp_access allow snmpcommunity
snmp_port 3401

###########################
# FONCTIONNEMENT DU PROXY #
###########################

#SMP
workers 4

#Ports d'ecoute
http_port 3128

#localhost a droit au cachemanager
http_access allow localhost manager
http_access deny manager

#localhost a droit a purger le cache
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE

# Les requetes intranet sont retournees en erreur
acl ip_intranet dst 10.0.0.0/8
http_access deny ip_intranet

acl PLSU_SIE_USERAGENT browser PLSU_SIE
acl PLSU_SIE_DEST dstdomain "/etc/squid/acl/dest/PLSU_SIE.dst"

http_access allow PLSU_SIE_USERAGENT PLSU_SIE_DEST
http_access deny PLSU_SIE_USERAGENT

#définition de la VIP des squid Père
#cache_peer 192.168.1.129 parent 3128 0 default no-query no-digest
cache_peer 192.168.1.201 parent 3128 0 sourcehash no-query no-digest
cache_peer 192.168.1.202 parent 3128 0 sourcehash no-query no-digest
cache_peer 192.168.1.203 parent 3128 0 sourcehash no-query no-digest
cache_peer 192.168.1.204 parent 3128 0 sourcehash no-query no-digest

# Time Out / Time To Live
negative_ttl 1 seconds
read_timeout 15 minutes
request_timeout 5 minutes
client_lifetime 4 hours
positive_dns_ttl 2 hours
negative_dns_ttl 5 minutes
shutdown_lifetime 5 seconds
dns_nameservers 127.0.0.1

# Divers
ftp_passive on
ftp_epsv off
logfile_rotate 2
request_header_access Via deny all
request_header_access X-Forwarded-For allow all
refresh_all_ims on

###########################
# FONCTIONNEMENT DU CACHE #
###########################

#Rafraichissement du cache
memory_cache_shared on
cache_mem 2 GB
max_filedesc 65535
maximum_object_size 512 MB
maximum_object_size_in_memory 2048 KB
ipcache_size 8192
fqdncache_size 8192

#definition du cache
#8Gb of shared rock cache, for 32Ko objects max
cache_dir rock /var/cache/squid/mem/ 8192 max-size=32768

if ${process_number} =1
# Filtrage avec squidGuard
url_rewrite_program /usr/local/squidGuard/bin/squidGuard
url_rewrite_children 1000 startup=15 idle=15 concurrency=0
cache_dir aufs /var/cache/squid/mem/W${process_number} 2048 16 256
min-size=32768 max-size=131072
cache_dir aufs /var/cache/squid/W${process_number} 12000 16 256 min-size=131072
endif
if ${process_number} =2
# Filtrage avec squidGuard
url_rewrite_program /usr/local/squidGuard/bin/squidGuard
url_rewrite_children 1000 startup=15 idle=15 concurrency=0
cache_dir aufs /var/cache/squid/mem/W${process_number} 2048 16 256
min-size=32768 max-size=131072
cache_dir aufs /var/cache/squid/W${process_number} 12000 16 256 min-size=131072
endif
if ${process_number} =3
# Filtrage avec squidGuard
url_rewrite_program /usr/local/squidGuard/bin/squidGuard
url_rewrite_children 1000 startup=15 idle=15 concurrency=0
cache_dir aufs /var/cache/squid/mem/W${process_number} 2048 16 256
min-size=32768 max-size=131072
cache_dir aufs /var/cache/squid/W${process_number} 12000 16 256 min-size=131072
endif
if ${process_number} =4
# Filtrage avec squidGuard
url_rewrite_program /usr/local/squidGuard/bin/squidGuard
url_rewrite_children 1000 startup=15 idle=15 concurrency=0
cache_dir aufs /var/cache/squid/mem/W${process_number} 2048 16 256
min-size=32768 max-size=131072
cache_dir aufs /var/cache/squid/W${process_number} 12000 16 256 min-size=131072
endif

# pages dynamiques non mises en cache
acl QUERY urlpath_regex cgi-bin \? \.fcgi \.cgi \.pl \.php3 \.asp \.php \.do
no_cache deny QUERY

# Reecriture des regles de gestion du cache pour certains domaines
gros consommateurs
acl forcedcache urlpath_regex .lefigaro\.fr .leparisien\.fr
.20minutes\.fr .lemde\.fr .lemonde\.fr .lepoint\.fr .lexpress\.fr
.meteofrance\.com .ouest-france\.fr .nouvelobs\.com .wikimedia\.org
.spiegel\.de .boursorama\.com .latribune\.fr
refresh_pattern forcedcache 10800 80% 10800 reload-into-ims
ignore-reload override-lastmod override-expire ignore-no-cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# definition de la politique de gestion du cache
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA

# pas de redirecteur
server_persistent_connections on
client_persistent_connections on
half_closed_clients off

#tout le trafic passe par le squid père sauf les pages d'erreur
always_direct allow to_localhost
never_direct allow all

###########################
# FILTRAGE D'URL #
###########################

# Interdiction d'accès certaines extensions illegales ( .hlp, .chm)
acl illegal_ext urlpath_regex -i "/etc/squid/acl/dest/illegal_ext.dst"
http_access deny illegal_ext
http_reply_access deny illegal_ext

# Full internet
acl fullinternet src "/etc/squid/acl/src/domaines.src"
acl fullinternet src "/etc/squid/acl/src/full001.src"
acl fullinternet src "/etc/squid/acl/src/full002.src"
acl fullinternet src "/etc/squid/acl/src/full003.src"
acl fullinternet src "/etc/squid/acl/src/full004.src"
acl fullinternet src "/etc/squid/acl/src/full005.src"
acl fullinternet src "/etc/squid/acl/src/full006.src"
acl fullinternet src "/etc/squid/acl/src/full007.src"
acl fullinternet src "/etc/squid/acl/src/full008.src"
acl fullinternet src "/etc/squid/acl/src/full009.src"
acl fullinternet src "/etc/squid/acl/src/full010.src"
acl fullinternet src "/etc/squid/acl/src/full011.src"
acl fullinternet src "/etc/squid/acl/src/full012.src"
acl fullinternet src "/etc/squid/acl/src/full013.src"
acl fullinternet src "/etc/squid/acl/src/full014.src"
acl fullinternet src "/etc/squid/acl/src/full015.src"
acl fullinternet src "/etc/squid/acl/src/full016.src"
acl fullinternet src "/etc/squid/acl/src/full017.src"
acl fullinternet src "/etc/squid/acl/src/full018.src"
acl fullinternet src "/etc/squid/acl/src/full019.src"
acl fullinternet src "/etc/squid/acl/src/full020.src"
acl fullinternet src "/etc/squid/acl/src/full021.src"
acl fullinternet src "/etc/squid/acl/src/full022.src"
acl fullinternet src "/etc/squid/acl/src/full023.src"
acl fullinternet src "/etc/squid/acl/src/full024.src"
acl fullinternet src "/etc/squid/acl/src/full025.src"
acl fullinternet src "/etc/squid/acl/src/full026.src"
acl fullinternet src "/etc/squid/acl/src/full027.src"
acl fullinternet src "/etc/squid/acl/src/full028.src"
acl fullinternet src "/etc/squid/acl/src/full029.src"
acl fullinternet src "/etc/squid/acl/src/full030.src"
acl fullinternet src "/etc/squid/acl/src/full031.src"
acl fullinternet src "/etc/squid/acl/src/full032.src"
acl fullinternet src "/etc/squid/acl/src/full033.src"
acl fullinternet src "/etc/squid/acl/src/full034.src"
acl fullinternet src "/etc/squid/acl/src/full035.src"
acl fullinternet src "/etc/squid/acl/src/full036.src"
acl fullinternet src "/etc/squid/acl/src/full037.src"
acl fullinternet src "/etc/squid/acl/src/full038.src"
acl fullinternet src "/etc/squid/acl/src/full039.src"
acl fullinternet src "/etc/squid/acl/src/full040.src"
acl fullinternet src "/etc/squid/acl/src/full041.src"
acl fullinternet src "/etc/squid/acl/src/full042.src"
acl fullinternet src "/etc/squid/acl/src/full043.src"
acl fullinternet src "/etc/squid/acl/src/full044.src"
acl fullinternet src "/etc/squid/acl/src/full045.src"
acl fullinternet src "/etc/squid/acl/src/full046.src"
acl fullinternet src "/etc/squid/acl/src/full047.src"
acl fullinternet src "/etc/squid/acl/src/full048.src"
acl fullinternet src "/etc/squid/acl/src/full049.src"
acl fullinternet src "/etc/squid/acl/src/full050.src"
acl fullinternet src "/etc/squid/acl/src/full051.src"
acl fullinternet src "/etc/squid/acl/src/full052.src"
acl fullinternet src "/etc/squid/acl/src/full053.src"
acl fullinternet src "/etc/squid/acl/src/full054.src"
acl fullinternet src "/etc/squid/acl/src/full055.src"
acl fullinternet src "/etc/squid/acl/src/full056.src"
acl fullinternet src "/etc/squid/acl/src/full057.src"
acl fullinternet src "/etc/squid/acl/src/full058.src"
acl fullinternet src "/etc/squid/acl/src/full059.src"
acl fullinternet src "/etc/squid/acl/src/full060.src"
acl fullinternet src "/etc/squid/acl/src/full061.src"
acl fullinternet src "/etc/squid/acl/src/full062.src"
acl fullinternet src "/etc/squid/acl/src/full063.src"
acl fullinternet src "/etc/squid/acl/src/full064.src"
acl fullinternet src "/etc/squid/acl/src/full065.src"
acl fullinternet src "/etc/squid/acl/src/full066.src"
acl fullinternet src "/etc/squid/acl/src/full067.src"
acl fullinternet src "/etc/squid/acl/src/full068.src"
acl fullinternet src "/etc/squid/acl/src/full069.src"
acl fullinternet src "/etc/squid/acl/src/full070.src"
acl fullinternet src "/etc/squid/acl/src/full071.src"
acl fullinternet src "/etc/squid/acl/src/full072.src"
acl fullinternet src "/etc/squid/acl/src/full073.src"
acl fullinternet src "/etc/squid/acl/src/full074.src"
acl fullinternet src "/etc/squid/acl/src/full075.src"
acl fullinternet src "/etc/squid/acl/src/full076.src"
acl fullinternet src "/etc/squid/acl/src/full077.src"
acl fullinternet src "/etc/squid/acl/src/full078.src"
acl fullinternet src "/etc/squid/acl/src/full079.src"
acl fullinternet src "/etc/squid/acl/src/full080.src"
acl fullinternet src "/etc/squid/acl/src/full081.src"
acl fullinternet src "/etc/squid/acl/src/full082.src"
acl fullinternet src "/etc/squid/acl/src/full083.src"
acl fullinternet src "/etc/squid/acl/src/full084.src"
acl fullinternet src "/etc/squid/acl/src/full085.src"
acl fullinternet src "/etc/squid/acl/src/full086.src"
acl fullinternet src "/etc/squid/acl/src/full087.src"
acl fullinternet src "/etc/squid/acl/src/full088.src"
acl fullinternet src "/etc/squid/acl/src/full089.src"
acl fullinternet src "/etc/squid/acl/src/full090.src"
acl fullinternet src "/etc/squid/acl/src/full091.src"
acl fullinternet src "/etc/squid/acl/src/full092.src"
acl fullinternet src "/etc/squid/acl/src/full093.src"
acl fullinternet src "/etc/squid/acl/src/full094.src"
acl fullinternet src "/etc/squid/acl/src/full095.src"
acl fullinternet src "/etc/squid/acl/src/full096.src"
acl fullinternet src "/etc/squid/acl/src/full097.src"
acl fullinternet src "/etc/squid/acl/src/full098.src"
acl fullinternet src "/etc/squid/acl/src/full099.src"
acl fullinternet src "/etc/squid/acl/src/full100.src"
acl fullinternet src "/etc/squid/acl/src/full101.src"
acl fullinternet src "/etc/squid/acl/src/full103.src"
acl fullinternet src "/etc/squid/acl/src/full104.src"
acl fullinternet src "/etc/squid/acl/src/full105.src"
acl fullinternet src "/etc/squid/acl/src/full106.src"
acl fullinternet src "/etc/squid/acl/src/full107.src"
acl fullinternet src "/etc/squid/acl/src/full108.src"
acl fullinternet src "/etc/squid/acl/src/full110.src"
acl fullinternet src "/etc/squid/acl/src/full114.src"
acl fullinternet src "/etc/squid/acl/src/full127.src"
acl fullinternet src "/etc/squid/acl/src/full133.src"
acl fullinternet src "/etc/squid/acl/src/full151.src"
acl fullinternet src "/etc/squid/acl/src/full153.src"
acl fullinternet src "/etc/squid/acl/src/full154.src"
acl fullinternet src "/etc/squid/acl/src/full155.src"
acl fullinternet src "/etc/squid/acl/src/full156.src"
acl fullinternet src "/etc/squid/acl/src/full157.src"
acl fullinternet src "/etc/squid/acl/src/full158.src"
acl fullinternet src "/etc/squid/acl/src/full159.src"
acl fullinternet src "/etc/squid/acl/src/full160.src"
acl fullinternet src "/etc/squid/acl/src/full161.src"
acl fullinternet src "/etc/squid/acl/src/full162.src"
acl fullinternet src "/etc/squid/acl/src/full163.src"
acl fullinternet src "/etc/squid/acl/src/full164.src"
acl fullinternet src "/etc/squid/acl/src/full165.src"
acl fullinternet src "/etc/squid/acl/src/full166.src"
acl fullinternet src "/etc/squid/acl/src/full167.src"
acl fullinternet src "/etc/squid/acl/src/full168.src"
acl fullinternet src "/etc/squid/acl/src/full169.src"
acl fullinternet src "/etc/squid/acl/src/full170.src"
acl fullinternet src "/etc/squid/acl/src/full171.src"
acl fullinternet src "/etc/squid/acl/src/full172.src"
acl fullinternet src "/etc/squid/acl/src/full173.src"
acl fullinternet src "/etc/squid/acl/src/full174.src"
acl fullinternet src "/etc/squid/acl/src/full175.src"
acl fullinternet src "/etc/squid/acl/src/full176.src"
acl fullinternet src "/etc/squid/acl/src/full177.src"
acl fullinternet src "/etc/squid/acl/src/full178.src"
acl fullinternet src "/etc/squid/acl/src/full179.src"
acl fullinternet src "/etc/squid/acl/src/full180.src"
acl fullinternet src "/etc/squid/acl/src/full181.src"
acl fullinternet src "/etc/squid/acl/src/full182.src"
acl fullinternet src "/etc/squid/acl/src/full183.src"
acl fullinternet src "/etc/squid/acl/src/full184.src"
acl fullinternet src "/etc/squid/acl/src/full185.src"
acl fullinternet src "/etc/squid/acl/src/full186.src"
acl fullinternet src "/etc/squid/acl/src/full187.src"
acl fullinternet src "/etc/squid/acl/src/full188.src"
acl fullinternet src "/etc/squid/acl/src/full189.src"
acl fullinternet src "/etc/squid/acl/src/full190.src"
acl fullinternet src "/etc/squid/acl/src/full191.src"
acl fullinternet src "/etc/squid/acl/src/full192.src"
acl fullinternet src "/etc/squid/acl/src/full193.src"
acl fullinternet src "/etc/squid/acl/src/full194.src"
acl fullinternet src "/etc/squid/acl/src/full195.src"
acl fullinternet src "/etc/squid/acl/src/full196.src"
acl fullinternet src "/etc/squid/acl/src/full197.src"
acl fullinternet src "/etc/squid/acl/src/full198.src"
acl fullinternet src "/etc/squid/acl/src/full199.src"
acl fullinternet src "/etc/squid/acl/src/full200.src"
acl fullinternet src "/etc/squid/acl/src/full201.src"
acl fullinternet src "/etc/squid/acl/src/full202.src"
acl fullinternet src "/etc/squid/acl/src/full203.src"
acl fullinternet src "/etc/squid/acl/src/full204.src"
acl fullinternet src "/etc/squid/acl/src/full205.src"
acl fullinternet src "/etc/squid/acl/src/full206.src"
acl fullinternet src "/etc/squid/acl/src/full207.src"
acl fullinternet src "/etc/squid/acl/src/full208.src"
acl fullinternet src "/etc/squid/acl/src/full209.src"
acl fullinternet src "/etc/squid/acl/src/full210.src"
acl fullinternet src "/etc/squid/acl/src/full211.src"
acl fullinternet src "/etc/squid/acl/src/full212.src"
acl fullinternet src "/etc/squid/acl/src/full213.src"
acl fullinternet src "/etc/squid/acl/src/full214.src"
acl fullinternet src "/etc/squid/acl/src/full215.src"
acl fullinternet src "/etc/squid/acl/src/full216.src"
acl fullinternet src "/etc/squid/acl/src/full217.src"
acl fullinternet src "/etc/squid/acl/src/full218.src"
acl fullinternet src "/etc/squid/acl/src/full219.src"
acl fullinternet src "/etc/squid/acl/src/full220.src"
acl fullinternet src "/etc/squid/acl/src/full221.src"
acl fullinternet src "/etc/squid/acl/src/full222.src"
acl fullinternet src "/etc/squid/acl/src/full223.src"
acl fullinternet src "/etc/squid/acl/src/full224.src"
acl fullinternet src "/etc/squid/acl/src/full225.src"
acl fullinternet src "/etc/squid/acl/src/full226.src"
acl fullinternet src "/etc/squid/acl/src/full227.src"
acl fullinternet src "/etc/squid/acl/src/full228.src"
acl fullinternet src "/etc/squid/acl/src/full229.src"
acl fullinternet src "/etc/squid/acl/src/full230.src"
acl fullinternet src "/etc/squid/acl/src/full231.src"
acl fullinternet src "/etc/squid/acl/src/full232.src"
acl fullinternet src "/etc/squid/acl/src/full233.src"
acl fullinternet src "/etc/squid/acl/src/full234.src"
acl fullinternet src "/etc/squid/acl/src/full235.src"
acl fullinternet src "/etc/squid/acl/src/full236.src"
acl fullinternet src "/etc/squid/acl/src/full237.src"
acl fullinternet src "/etc/squid/acl/src/full238.src"
acl fullinternet src "/etc/squid/acl/src/full239.src"
acl fullinternet src "/etc/squid/acl/src/full240.src"
acl fullinternet src "/etc/squid/acl/src/full241.src"
acl fullinternet src "/etc/squid/acl/src/full242.src"
acl fullinternet src "/etc/squid/acl/src/full243.src"
acl fullinternet src "/etc/squid/acl/src/full244.src"
acl fullinternet src "/etc/squid/acl/src/full245.src"
acl fullinternet src "/etc/squid/acl/src/full246.src"
acl fullinternet src "/etc/squid/acl/src/full247.src"
acl fullinternet src "/etc/squid/acl/src/full248.src"
acl fullinternet src "/etc/squid/acl/src/full249.src"
acl fullinternet src "/etc/squid/acl/src/full250.src"
acl fullinternet src "/etc/squid/acl/src/full251.src"
acl fullinternet src "/etc/squid/acl/src/full252.src"
acl fullinternet src "/etc/squid/acl/src/full253.src"
acl fullinternet src "/etc/squid/acl/src/full254.src"
acl exceptfull src "/etc/squid/acl/src/fullblacklist.src"

http_access allow fullinternet !exceptfull

# Sites en liste blanche

acl domaines dstdomain "/etc/squid/acl/dest/domaines.dst"
acl regex url_regex "/etc/squid/acl/dest/regex.dst"
acl ips dst "/etc/squid/acl/dest/ipadress.dst"
http_access allow domaines
http_access allow regex
http_access allow ips

http_access deny all

2013/10/28 Ricardo Klein <klein.rfk_at_gmail.com>:
> Amos,
>
> in some way I did something wrong with those permissions (I checked
> them before post here, but, dont know why I didnt saw that they where
> wrong).
>
> Anyway, working 3.4.0.2 on Slackware 14.1 (rc2) with 2 workers and
> rock storage.....
> Next test will be with CentOS 6.4 + NTLM authentication and LDAP_group
> helper (we set permissions based on where the user is in AD groups,
> so, support people can change users access permissions without asking
> us).
>
>
> --
> Att...
>
> Ricardo Felipe Klein
> klein.rfk_at_gmail.com
>
>
> On Sat, Oct 26, 2013 at 12:25 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On 26/10/2013 1:13 p.m., Ricardo Klein wrote:
>>>
>>> I am trying to run latest squid (for test purposes) and even on 3.3.9
>>> I always get:
>>> Squid Cache (Version 3.4.0.2): Terminated abnormally.
>>> CPU Usage: 0.015 seconds = 0.012 user + 0.003 sys
>>> Maximum Resident Size: 24864 KB
>>> Page faults with physical i/o: 0
>>> FATAL: Ipc::Mem::Segment::open failed to
>>> shm_open(/squid-squid-page-pool.shm): (2) No such file or directory
>>>
>>> Anyone Know why?
>>
>>
>> The SHM socket/pipe for SMP worker communications cannot be opened by Squid.
>>
>> Check the permissions of /var/sun/squid.
>>
>> NP: if you are using MacOS there is something strange about the OS not
>> accepting the normal read/write flags needed to open it.
>>
>> Amos
Received on Wed Nov 20 2013 - 09:20:03 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 22 2013 - 12:00:04 MST