[squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

[Eliezer Croitoru]

Hey Alex,

I still believe that an upgrade will improve since it's hard for me to imagine that only two admins are having trouble with it.
What will scare me is that If indeed many admins are having such issues and they do not ask or report about these.
I hope that with this thread we will be one step smarter and one step closer to a satisfying solution rather then the currently used options.

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


-----Original Message-----
From: Alex Rousskov [mailto:rousskov at measurement-factory.com] 
Sent: Friday, March 3, 2017 5:56 PM
To: squid-users at lists.squid-cache.org
Cc: Eliezer Croitoru <eliezer at ngtech.co.il>
Subject: Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

On 03/03/2017 06:17 AM, Eliezer Croitoru wrote:

> one of the options is to fence the ssl_crtd with some kind of lock
> mechanism for the DB rebuild time.

ssl_crtd already has a lock mechanism. If that mechanism is buggy, it
needs to be fixed, but it does not make sense to add another one.

There is still a lot of room for improvements, of course. For example,
compared to a log-monitoring watchdog mentioned by Yuri:

* Teaching ssl_crtd to run a sysadmin-provided script on database
failures will allow the sysadmin to handle such failures almost
transparently to the users and may reduce configuration headaches
associated with ssl_crtd message text changes.

* Teaching Squid to run a sysadmin-provided script on helper crashes
will allow the sysadmin to handle such failures more transparently to
the users and may reduce configuration headaches associated with helper
message text changes.


Alex.