[squid-users] FATAL: shm_open(/squid-ssl_session_cache.shm)
Aaron Turner
synfinatic at gmail.com
Fri Aug 25 17:21:39 UTC 2017
So I'm trying to setup a config much like the one documented here for
squid v3.5.26:
https://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster
The frontend which is bumping the ssl connections however is throwing the error:
2017/08/25 17:11:40 kid1| Set Current Directory to /var/spool/squid
2017/08/25 17:11:40 kid1| Starting Squid Cache version 3.5.26 for
x86_64-redhat-linux-gnu...
2017/08/25 17:11:40 kid1| Service Name: squid
2017/08/25 17:11:40 kid1| Process ID 13817
2017/08/25 17:11:40 kid1| Process Roles: worker
2017/08/25 17:11:40 kid1| With 16384 file descriptors available
2017/08/25 17:11:40 kid1| Initializing IP Cache...
2017/08/25 17:11:40 kid1| DNS Socket created at [::], FD 12
2017/08/25 17:11:40 kid1| DNS Socket created at 0.0.0.0, FD 13
2017/08/25 17:11:40 kid1| Adding domain lab.ppops.net from /etc/resolv.conf
2017/08/25 17:11:40 kid1| Adding nameserver 10.21.43.21 from /etc/resolv.conf
2017/08/25 17:11:40 kid1| Adding nameserver 10.21.44.254 from /etc/resolv.conf
2017/08/25 17:11:40 kid1| Adding nameserver 10.21.44.255 from /etc/resolv.conf
2017/08/25 17:11:40 kid1| helperOpenServers: Starting 5/10 'ssl_crtd' processes
2017/08/25 17:11:40 kid1| storeDirWriteCleanLogs: Starting...
2017/08/25 17:11:40 kid1| Finished. Wrote 0 entries.
2017/08/25 17:11:40 kid1| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: Ipc::Mem::Segment::open failed to
shm_open(/squid-ssl_session_cache.shm): (2) No such file or directory
Squid Cache (Version 3.5.26): Terminated abnormally.
CPU Usage: 0.033 seconds = 0.023 user + 0.010 sys
Maximum Resident Size: 52512 KB
Page faults with physical i/o: 0
I've verified that /dev/shm is mounted and based on the list of files
in there, clearly squid is able to create files there, so it's not a
Linux/shm config issue.
my frontend.conf:
# BEGIN CONFIG
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=100MB cert=/etc/squid/ssl_cert/myCA.pem
ssl_bump bump all
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB
sslcrtd_children 10
sslproxy_session_cache_size 100 MB
# add user authentication and similar options here
http_access allow manager localhost
http_access deny manager
# add backends - one line for each additional worker you configured
# NOTE how the port number matches the kid number
cache_peer localhost parent 4002 0 carp login=PASS name=backend-kid2
cache_peer localhost parent 4003 0 carp login=PASS name=backend-kid3
#you want the frontend to have a significant cache_mem
cache_mem 10 GB
# change /tmp to your own log directory, e.g. /var/log/squid
access_log /var/log/squid/frontend.access.log
cache_log /var/log/squid/frontend.cache.log
# the frontend requires a different name to the backend(s)
visible_hostname frontend.company.com
forwarded_for transparent
#END CONFIG
So here's the funny thing... this worked fine until I enabled
ssl-bumping on the backends (I was debugging some problems and on a
whim I tried enabling it). That didn't solve my problem and so I
disabled ssl bumping on the backends. And that's when this SHM error
started happening with my frontend. Re-enabling ssl-bump on the
backends fixes the SHM error, but I don't think that would be a
correct config?
Seems like there's some stale state being left on the filesystem which
is causing this problem, but I'm at a loss to figure out where/what it
is.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothing,"
he said. This is profound thinking if you understand how unstable
"the truth" can be. -- Frank Herbert, Dune
More information about the squid-users
mailing list