[squid-users] New Squid 3.5 reconfigure causes service down
Nicola Ferrari (#554252)
nick-liste at posteo.eu
Thu Oct 5 09:20:39 UTC 2017
Hi List!
We're experiencing problems with a just-upgraded squid install (from
Debian 8 to Debian 9, using packages in repos). Here are the details
from squid -version:
Squid Cache: Version 3.5.23
Service Name: squid
Debian linux
We use "negotiate kerberos" authenticators to offer Active Directory SSO.
We're also running squidguard.
Lines in config file are:
[...]
# NEGOTIATE KERBEROS AUTH
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth
--ntlm /usr/$
auth_param negotiate children 60
auth_param negotiate keep_alive off
[...]
url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf
The problem is that, issuing the "squid -k reconfigure" command (i.e. to
adjust acls in conf file) the result is not just a configuration reload,
but authenticators processes are restarting, causing an "out-of-service"
for all users, for a courple of minutes.
Basically the same issue as in this thread:
https://serverfault.com/questions/247835/squid-3-reloading-makes-it-stop-serving-requests
I'm in doubt if reducing helpers number would be a good idea, since we
need to serve ca. 300 simultaneous users.
Before the recent upgrade, with the previous Debian8, reload took some
seconds only..
Is there any best-practice to get an "Hot-Configurable" system?
Do you have any suggestion?
Thanks!
Best regards,
PS: English isn't my first language, so please excuse any mistakes..
--
+---------------------+
| Linux User #554252 |
+---------------------+
More information about the squid-users
mailing list