1

I'm currently fixing an issue with one of our production servers. The issue is related to squid not able to run properly.

When I try to run service squid start/stop, it throws an error:

2015/03/11 14:24:11| Processing Configuration File: /etc/squid/squid.conf (depth 0)

Doing service squid restart, throws this kind of error:

Stopping squid: /etc/init.d/squid: line 99: 13665 Segmentation fault      (core dumped) $SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
                                                           [FAILED]
Starting squid:                                            [FAILED]
2015/03/11 14:24:41| Processing Configuration File: /etc/squid/squid.conf (depth 0

Anyone experienced the same issue? I checked the logs and nothing gets written onto it. I'm using CentOS 6.5 64.

I have this /etc/squid/squid.conf

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80    # http
acl Safe_ports port 21    # ftp
acl Safe_ports port 443   # https
acl Safe_ports port 70    # gopher
acl Safe_ports port 210   # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280   # http-mgmt
acl Safe_ports port 488   # gss-http
acl Safe_ports port 591   # filemaker
acl Safe_ports port 777   # multiling http
acl CONNECT method CONNECT

acl PURGE method PURGE

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access allow all

http_access allow PURGE localhost
http_access deny PURGE

# Squid normally listens to port 3128
http_port 3128 accel defaultsite=thumbnails.digitalnz.org

# We recommend you to use at least the following line.
strip_query_terms off

# Uncomment and adjust the following to add a disk cache directory.
cache_dir aufs /ssd01/squid/data 50000 64 256

cache_replacement_policy heap LRU

# Leave coredumps in the first cache dir
coredump_dir /data/squid  

icp_hit_stale on

acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
acl our_sites dstdomain <site-urls-here>
http_access allow our_sites

cache_peer 127.0.0.1 parent 3110 0 originserver no-query round-robin name=thin0
cache_peer_access thin0 allow our_sites
cache_peer_access thin0 deny all
cache_peer 127.0.0.1 parent 3111 0 originserver no-query round-robin name=thin1
cache_peer_access thin1 allow our_sites
cache_peer_access thin1 deny all
cache_peer 127.0.0.1 parent 3112 0 originserver no-query round-robin name=thin2
cache_peer_access thin2 allow our_sites
cache_peer_access thin2 deny all
cache_peer 127.0.0.1 parent 3113 0 originserver no-query round-robin name=thin3
cache_peer_access thin3 allow our_sites
cache_peer_access thin3 deny all

cache_peer dnz01.ourhostname.com sibling 3128 3132  name= allow-miss
cache_peer_access  allow our_sites
cache_peer_access  deny all
cache_peer dnz04.ourhostname.com sibling 3128 3132  name=dnz04 allow-miss
cache_peer_access dnz04 allow our_sites
cache_peer_access dnz04 deny all

udp_incoming_address <server's ip address>
icp_port 3132
icp_access allow all
Ben
  • 243
  • 1
  • 3
  • 13
  • Start squid with `squid -k debug` and see where it fails; finally you may find this useful : http://wiki.squid-cache.org/SquidFaq/BugReporting –  Mar 11 '15 at 01:38
  • You can also try `squid -k parse` to see if your config has any errors. – dartonw Mar 11 '15 at 01:49
  • Hi @AndréDaniel, thanks for the info. I tried running it but it throws an error: `Segmentation fault (core dumped)`. – Ben Mar 11 '15 at 02:20
  • But does it print something before crashing ? –  Mar 11 '15 at 02:20
  • Hi @dartonw, I tried the command. Returned me this error: `2015/03/11 15:19:18| Processing Configuration File: /etc/squid/squid.conf (depth 0) Segmentation fault (core dumped)` – Ben Mar 11 '15 at 02:20
  • @AndréDaniel. http://showterm.io/a2871d43a8d320adace08 – Ben Mar 11 '15 at 02:28
  • I'm suspecting your "our_sites" ACL overdose makes the config file parsing fail. Why not turn the ACLs into a single `acl our_sites dstdomain "/etc/squid/our_sites"` and then put all domains into `/etc/squid/our_sites` (one per line) ? –  Mar 11 '15 at 02:31
  • @AndréDaniel. Thanks, We tried it, but the issue is still exists. :( – Ben Mar 11 '15 at 03:02
  • (I'm helping @hapiben fix this). I've run Squid through GDB and it's segfaulting right here (http://www.squid-cache.org/Doc/code/neighbors_8cc_source.html?#l01091). Seems to be when it's trying to resolve one our servers as a peer (tail end of running squid -k debug -X https://gist.github.com/UberMouse/d463a724101760c0e28c). We had some connection issues with HA Proxy to that server right before this started happening so it seems like some sort of connection issue. – UberMouse Mar 11 '15 at 03:29
  • It crashes on the strcasecmp call – UberMouse Mar 11 '15 at 03:36
  • 2
    Maybe on `name= allow-miss`? Can you put `name='' allow-miss` to see if the error continues? – fgbreel Mar 11 '15 at 03:41
  • I'll look into that tomorrow, but the config hasn't been changed recently so I don't think it's something in it. – UberMouse Mar 11 '15 at 11:05
  • 1
    Seems like that was it @fgbreel, I removed the space between name= and allow-miss and it started right up. Right strange because no one has changed the config. If you make your comment an answer hapiben can accept it. – UberMouse Mar 12 '15 at 01:41
  • Thanks @UberMouse, I will do that! I'm glad to help you! – fgbreel Mar 12 '15 at 13:09

1 Answers1

2

At line who has name= allow-miss try to put name='' allow-miss, squid configuration parser is trying to assign [space]allow-miss to name.

fgbreel
  • 663
  • 4
  • 13