Squid Fails to Start After UnClean Shutdown

[jemate18]

I have squid in transparent mode..

When there is power interruption, and power goes back
sometimes squid doesn't start... But sometimes it does.

I don't know what is causing the "NOT STARTING".

I have squid_enable="YES" in my /etc/rc.conf

I have checked the permissions of squid.conf and squidGuard.conf
the group squid can read it.

I also checked /usr/local/squid/logs/cache.logs.
This are the errors.. it displays similar lines

IpIntercept.cc(316) PfInterception: PF open failed: (13) Permission denied

I googled it, and no luck.


Any ideas?

Regards,

 

[DutchDaemon]

Squid doesn't like to start on a dirty filesystem.

Set this in /etc/rc.conf

background_fsck="NO"

It may take a few minutes to boot after a crash, but at least Squid can then start on a clean filesystem.

The other error (not related to the situation above): /dev/pf should be readable for Squid. You can set this in /etc/devfs.conf:

# Allow Squid read acess to /dev/pf
own     pf      root:squid
perm    pf      0640

and run [cmd=]/etc/rc.d/devfs restart[/cmd]

 

[jemate18]

I tried the the devfs thing. then I restarted the server.. It worked
To try things out again, i restarted the server (properly).. it worked
The third time, I restarted it again (properly)... squid didn't start
Then 4th time I restarted it again (properly)... squid didn't start

Looks like it is on random?

Before I try the background_fsck="NO", what are it's disadvantage?
Power failure is prevalent in our area so I might expect something.

Regards

 

[jemate18]

Other info.

$ ls -l /dev/pf
crw-rw----  1 root  squid    0,  69 Mar  9 09:46 /dev/pf

$ ls -l /usr/local/etc/squid
total 310
-r--r--r--   1 root   wheel     419 Mar  2 11:08 cachemgr.conf
-r--r--r--   1 root   wheel     419 Mar  2 11:08 cachemgr.conf.default
-r--r--r--   1 root   wheel    1411 Mar  2 11:08 errorpage.css
-r--r--r--   1 root   wheel    1411 Mar  2 11:08 errorpage.css.default
drwxr-xr-x  43 root   squid    2560 Mar  2 11:08 errors
drwxr-xr-x   2 root   squid    1024 Mar  2 11:08 icons
-r--r--r--   1 root   wheel   30845 Mar  2 11:08 mib.txt
-r--r--r--   1 root   wheel   11651 Mar  2 11:08 mime.conf
-r--r--r--   1 root   wheel   11651 Mar  2 11:08 mime.conf.default
-r--r--r--   1 root   wheel     421 Mar  2 11:08 msntauth.conf
-r--r--r--   1 root   wheel     421 Mar  2 11:08 msntauth.conf.default
-r--r--r--   1 squid  squid    2787 Feb 10 10:07 squid.conf
-r--r--r--   1 root   wheel    2561 Mar  2 11:08 squid.conf.default
-r--r--r--   1 root   wheel  202342 Mar  2 11:08 squid.conf.documented
-rw-r--r--   1 squid  squid     473 Mar  3 11:58 squidGuard.conf
-rw-r--r--   1 squid  squid    1616 Feb  3 20:17 squidGuard.conf.sample

rc.conf

#Firewall
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"

#fix squid starting problems on dirty FS?
#But how about the FSCK thing on power failure?
#background_fsck="NO"

Even on a clean shutdown -r, sometimes squid doesn't start on boot.

 

[jemate18]

The title of this thread is not appropriate.. I'll post a new one.

here..
http://forums.freebsd.org/showthread.php?t=12107

Regards

 

[jemate18]

Squid Failrd to Start After UnClean Shutdown

Ok...

So I have a Gateway with transparent proxy squid and PF.

Here is my /etc/devfs.conf -> which makes squid able to access /dev/pf

own pf root:squid
perm pf 0660

Here is my /etc/rc.conf ->

fsck_y_enable="YES"
background_fsck="NO"

#Firewall
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"

#Services
squid_enable="YES"
sshd_enable="YES"
ftpproxy_enable="YES"
dnsmasq_enable="YES"
dhcpd_enable="YES"

With this conf, squid DOES start at boot so there is no problem.

However, if there is an unclean shutdown, squid does not restart. Our area
is having frequent power interruptions and that the server, once or twice a week
is unproperly shut off due to power losses.

Being the admin of that server, I notice that squid is NOT starting after an
unclean shutdown.


To be able to confirm this, I have tested the system here is the result

1. Manually Started Squid via /usr/local/etc/rc.d (right after the power failure)
2. Restart server properly via shutdown -r
3. ps ax | grep squid -> indicates squid is running
4. Restart server properly via shutdown -r
5. ps ax | grep squid -> indicates squid is running
6. Unplugged the power cable (Unclean shutdown)
7. ps ax | grep squid -> indicates squid is NOT running
8. Restart server properly via shutdown -r (BUT NOT Manually Starting squid.. it is off)
9. ps ax | grep squid -> indicates squid is NOT running
10. Manually Started Squid via /usr/local/etc/rc.d
11. Restart via clean shutdown
12. ps ax | grep squid -> indicates squid is running

In this test, I have confirmed that squid is NOT starting after unclean shutdown.

But how am I going to solve this? My rc.conf contains fsck_y_enable="YES" and background_fsck="NO"

The power failure happens mostly every SUNDAY.. I go to work on TUESDAYS, the problem is every MONDAY, gateway can't be used because there is no admin to turn ON the squid service manually right after the power failure

Please help.

 

[SirDice]

The title of this thread is not appropriate.. I'll post a new one.

Why don't you just edit the first post?

 

[DutchDaemon]

[ merged ]

Squid doesn't need write access to /dev/pf. Keep permissions to a minimum. This is enough.

perm    pf      0640

After an unclean reboot and a restart, setting background_fsck to NO will prevent anything from starting until the filesystem has been properly cleaned in the foreground (i.e. making everything else wait).

Any clues as to why Squid still isn't starting should be derived from running a tail on /usr/local/squid/logs/cache_log.

Do note that, after an unclean shutdown, Squid itself needs to run a sanity check on its cache directories, which can take quite some time when there are a lot of objects in them to (re)index. A tail -f on the cache logfile should show you the progress.

If there are other errors in there, post them here.

 

[kisscool-fr]

Power failures can damage your hardware if they're too frequent. You may have more problems than just the squid service not starting.

You should buy an ups for your squid server and other servers too. Some models are able to shutdown and restart properly your servers.

I had power failures too, but the squid service generally restart without problem when the fs is clean.

IpIntercept.cc(316) PfInterception: PF open failed: (13) Permission denied

Have you installed the squid server with pf support enabled ?

 

[jemate18]

Have you installed the squid server with pf support enabled ?

It all works now...