[squid-users] Squid.out reports errors for lines that do not exist in squid.conf

Cheadle, Edward Edward.Cheadle at cambiahealth.com
Thu Jun 7 16:07:39 UTC 2018


Thanks a lot for all the information; It is helping.   

But the service command is not a systemd command.  On servers with systemd on them, the service command is some sort of alias.
This version of Amazon linux does not use systemd, I got on one and ran systemctl and all that is returned is command not found. (I wanted to prove it to myself, amazon linux is new to me.)

I don't remember the history of the service command, but redhat had it in RHEL5 and maybe even before.   It was used instead of running
commands like /etc/init.d/squid restart.  Like systemd it made managing services easier.

The other suggestions people have made are useful, I haven't tracked down the issue, but my approach will be to get all of the servers reporting
no errors on boot, then after I get them all settled, I will upgrade my development servers with the latest version and move forward.  We are beginning 
the move to next version of AWS linux, so it is time to make the transition.   

Thanks for all of the suggestions. I have the Packt book and am beginning to read the documentation on the website, but this list has been valuable to speed up my learning.
    
    Message: 1
    Date: Thu, 7 Jun 2018 14:39:16 +1200
    From: Amos Jeffries <squid3 at treenet.co.nz>
    To: squid-users at lists.squid-cache.org
    Subject: Re: [squid-users] Squid.out reports errors for lines that do
            not exist in squid.conf
    Message-ID: <08cd358c-2209-7628-beeb-82456e6440cf at treenet.co.nz>
    Content-Type: text/plain; charset=utf-8
    
    On 07/06/18 11:11, Cheadle, Edward wrote:
    > Squid version 3.5.27-1.el6
    >
    ...
    >
    > The FATAL error messages below  is because I added a line with dstdomain
    > in it when there were already an entry with dstdom_regex in it.
    >
    > I assume that is the “type” that is talked about.
    >
    
    Correct.
    
    >
    > 2018/06/06 20:49:29| aclParseAclLine: ACL 'aws_s3' already exists with
    > different type.
    >
    > FATAL: Bungled /etc/squid/squid.conf line 254: acl aws_s3   dstdomain -n
    > .s3.amazonaws.com
    >
    >
    >
    > The issue is that I removed line 254 and I removed both of the lines
    > above and yet I restart squid and continue to get these errors.
    >
    
    Exact same line and issue? or other ones elsewhere in the config?
    
    NP: "squid -k parse" should be used to find any issues after an upgrade.
    It does not halt on the first FATAL/ERROR if there are many.
    
    
    >
    > Does squid compile the rules and keep them somewhere, and I need to do
    > something else than service squid restart to get rid of rules?
    
    By "service squid restart" I take it that you are using systemd to
    control a Squid-3 proxy. systemd cannot cope at all well with software
    like Squid which is itself a daemon manager.
    
    Try stopping Squid with the "squid -k shutdown" command (repeat of
    necessary) and making sure Squid is fully stopped with no processes
    still running before you start it again.
    
    With systemd the "squid -k ..." commands (or init.d script, if any)
    should be used to manage Squid-3 instead of systemd's "service ..."
    commands.
    
    NP: these issues have been resolved in Squid-4. So this is a temporary
    situation until you can upgrade.
    
    Amos
    
    
    ------------------------------
    
    Message: 2
    Date: Thu, 7 Jun 2018 09:13:59 +0300
    From: "Eliezer Croitoru" <eliezer at ngtech.co.il>
    To: <squid-users at lists.squid-cache.org>
    Subject: Re: [squid-users] Squid.out reports errors for lines that do
            not     exist in squid.conf
    Message-ID: <045101d3fe26$bc3f3e30$34bdba90$@ngtech.co.il>
    Content-Type: text/plain;       charset="UTF-8"
    
    Amos,
    
    Systemd can be define to run a specific command for a "reload" and even if nobody wrote the line in a service file it's there since almost day one of systemd services.
    
    And.. if the version is el6 I believe it's still a sysVinit based system.
    Squid -kparse should detect and squid -kreconf should resolve any issue if it's not a fatal one that stopped the service.
    
    Not directly related but.. only if Squid doesn't release at all any memory it catches then a restart would be a must at some point.
    >From what I have seen in the 2.7 and 3.x code in the past it seems that there should be some level of memory cleanup\release.
    Also I have systems that has up-time of almost a year so I am a bit confused why should a restart would be requied?
    ... if I have acls handled by an external acl or ICAP service then why should I restart?
    
    Eliezer
    
    ----
    Eliezer Croitoru
    Linux System Administrator
    Mobile: +972-5-28704261
    Email: eliezer at ngtech.co.il
    
    
    
    -----Original Message-----
    From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
    Sent: Thursday, June 7, 2018 05:39
    To: squid-users at lists.squid-cache.org
    Subject: Re: [squid-users] Squid.out reports errors for lines that do not exist in squid.conf
    
    On 07/06/18 11:11, Cheadle, Edward wrote:
    > Squid version 3.5.27-1.el6
    >
    ...
    >
    > The FATAL error messages below  is because I added a line with dstdomain
    > in it when there were already an entry with dstdom_regex in it.
    >
    > I assume that is the “type” that is talked about.
    >
    
    Correct.
    
    >
    > 2018/06/06 20:49:29| aclParseAclLine: ACL 'aws_s3' already exists with
    > different type.
    >
    > FATAL: Bungled /etc/squid/squid.conf line 254: acl aws_s3   dstdomain -n
    > .s3.amazonaws.com
    >
    >
    >
    > The issue is that I removed line 254 and I removed both of the lines
    > above and yet I restart squid and continue to get these errors.
    >
    
    Exact same line and issue? or other ones elsewhere in the config?
    
    NP: "squid -k parse" should be used to find any issues after an upgrade.
    It does not halt on the first FATAL/ERROR if there are many.
    
    
    >
    > Does squid compile the rules and keep them somewhere, and I need to do
    > something else than service squid restart to get rid of rules?
    
    By "service squid restart" I take it that you are using systemd to
    control a Squid-3 proxy. systemd cannot cope at all well with software
    like Squid which is itself a daemon manager.
    
    Try stopping Squid with the "squid -k shutdown" command (repeat of
    necessary) and making sure Squid is fully stopped with no processes
    still running before you start it again.
    
    With systemd the "squid -k ..." commands (or init.d script, if any)
    should be used to manage Squid-3 instead of systemd's "service ..."
    commands.
    
    NP: these issues have been resolved in Squid-4. So this is a temporary
    situation until you can upgrade.
    
    Amos
    _______________________________________________
    squid-users mailing list
    squid-users at lists.squid-cache.org
    https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=02%7C01%7CEdward.Cheadle%40cambiahealth.com%7Cd08b3294d08e4355c2cb08d5cc60e485%7Ce964274919d44f7fb4df802b2b75a809%7C0%7C0%7C636639638878569750&sdata=SkhtUK%2BBouyVYnUFuI1LRXThdMEXMYUHxy%2F9iTBThhA%3D&reserved=0
    
    
    
    ------------------------------
    
    Message: 3
    Date: Thu, 7 Jun 2018 22:11:51 +1200
    From: Amos Jeffries <squid3 at treenet.co.nz>
    To: Eliezer Croitoru <eliezer at ngtech.co.il>,
            squid-users at lists.squid-cache.org
    Subject: Re: [squid-users] Squid.out reports errors for lines that do
            not exist in squid.conf
    Message-ID: <9dc90778-b817-7dad-c96d-fc3a621fd51f at treenet.co.nz>
    Content-Type: text/plain; charset=utf-8
    
    On 07/06/18 18:13, Eliezer Croitoru wrote:
    > Amos,
    >
    > Systemd can be define to run a specific command for a "reload" and even if nobody wrote the line in a service file it's there since almost day one of systemd services.
    >
    
    *If* that mechanism is used there is no difference in the commands. If
    it is not used, the systemd ones are actively dangerous. So no harm in
    advising the safe one be used in either case.
    
    
    > And.. if the version is el6 I believe it's still a sysVinit based system.
    
    Cheadle was using systemd's "service ..." commands. Which I am advising
    to avoid because something indeterminate is going wrong with the config
    loading and startup process. If the OS is actually SysV those systemd
    commands are even more inappropriate.
    
    
    > Squid -kparse should detect and squid -kreconf should resolve any issue if it's not a fatal one that stopped the service.
    >
    > Not directly related but.. only if Squid doesn't release at all any memory it catches then a restart would be a must at some point.
    > From what I have seen in the 2.7 and 3.x code in the past it seems that there should be some level of memory cleanup\release.
    > Also I have systems that has up-time of almost a year so I am a bit confused why should a restart would be requied?
    
    The admin has apparently got themselves into a difficult situation and
    it is no longer clear whether systemd or Squid master process is in
    control of the worker processes which are running and with what config.
    They both fight over "service ..." commands.
    
    The only thing which is guaranteed to restore Squid to known state is a
    full shutdown. Ensuring that everything has exited before proceeding
    with the start action.
    
    Amos
    
    
    ------------------------------
    
    Message: 4
    Date: Thu, 7 Jun 2018 10:17:30 +0000
    From: Stoica Bogdan Alexandru <bogdan.stoica at epfl.ch>
    To: "squid-users at lists.squid-cache.org"
            <squid-users at lists.squid-cache.org>
    Subject: [squid-users] Squid test-suite / benchmarks
    Message-ID: <ecb7106901294fbf9060c47a58ec91cf at rexe.intranet.epfl.ch>
    Content-Type: text/plain; charset="utf-8"
    
    Hi all,
    
    We're a small research team interested in benchmarking Squid for a research project.
    Ideally, we would like to have good code coverage while doing so. We have searched online for alternatives, but found little info.
    Are there any good benchmarks used for such purpose? Or, even better, is there a more comprehensive test suite apart from the one Squid comes with?
    Any suggestions are highly appreciated.
    
    Thanks a lot!
    
    B.
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20180607%2F9b07a907%2Fattachment-0001.html&data=02%7C01%7CEdward.Cheadle%40cambiahealth.com%7Cd08b3294d08e4355c2cb08d5cc60e485%7Ce964274919d44f7fb4df802b2b75a809%7C0%7C0%7C636639638878569750&sdata=nmB4gzsSbSFTqXq%2FRGClqy9ZGas3gQPurqoDxTdoqIU%3D&reserved=0>
    
    ------------------------------
    
    Message: 5
    Date: Thu, 7 Jun 2018 13:24:21 +0300
    From: Panagiotis Bariamis <akismpa at gmail.com>
    To: Stoica Bogdan Alexandru <bogdan.stoica at epfl.ch>
    Cc: squid-users at lists.squid-cache.org
    Subject: Re: [squid-users] Squid test-suite / benchmarks
    Message-ID:
            <CAPxN_PVGN7FzmO5YEbpQB9ZDB3reS5mQQ2SmSw6HnmCK0dYPKA at mail.gmail.com>
    Content-Type: text/plain; charset="utf-8"
    
    Hello,
    I just finished a same project . Only platform that worked well with most
    configurations of Squid is Web Polygraph.
    
    
    On Thu, Jun 7, 2018, 13:17 Stoica Bogdan Alexandru <bogdan.stoica at epfl.ch>
    wrote:
    
    > Hi all,
    >
    >
    >
    > We’re a small research team interested in benchmarking Squid for a
    > research project.
    >
    > Ideally, we would like to have good code coverage while doing so. We have
    > searched online for alternatives, but found little info.
    >
    > Are there any good benchmarks used for such purpose? Or, even better, is
    > there a more comprehensive test suite apart from the one Squid comes with?
    >
    > Any suggestions are highly appreciated.
    >
    >
    >
    > Thanks a lot!
    >
    >
    >
    > B.
    > _______________________________________________
    > squid-users mailing list
    > squid-users at lists.squid-cache.org
    > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=02%7C01%7CEdward.Cheadle%40cambiahealth.com%7Cd08b3294d08e4355c2cb08d5cc60e485%7Ce964274919d44f7fb4df802b2b75a809%7C0%7C0%7C636639638878569750&sdata=SkhtUK%2BBouyVYnUFuI1LRXThdMEXMYUHxy%2F9iTBThhA%3D&reserved=0
    >
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Fpipermail%2Fsquid-users%2Fattachments%2F20180607%2Ff3a24760%2Fattachment.html&data=02%7C01%7CEdward.Cheadle%40cambiahealth.com%7Cd08b3294d08e4355c2cb08d5cc60e485%7Ce964274919d44f7fb4df802b2b75a809%7C0%7C0%7C636639638878569750&sdata=V9hHJL6HD6%2BYshdosCVxiUe50JeIlVaRTbkXDe17iIY%3D&reserved=0>
    
    ------------------------------
    
    Subject: Digest Footer
    
    _______________________________________________
    squid-users mailing list
    squid-users at lists.squid-cache.org
    https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.squid-cache.org%2Flistinfo%2Fsquid-users&data=02%7C01%7CEdward.Cheadle%40cambiahealth.com%7Cd08b3294d08e4355c2cb08d5cc60e485%7Ce964274919d44f7fb4df802b2b75a809%7C0%7C0%7C636639638878569750&sdata=SkhtUK%2BBouyVYnUFuI1LRXThdMEXMYUHxy%2F9iTBThhA%3D&reserved=0
    
    
    ------------------------------
    
    End of squid-users Digest, Vol 46, Issue 10
    *******************************************
    Ensure a sustainable future - only print when necessary.
    


IMPORTANT NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed.  If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited.  Nothing in this email, including any attachment, is intended to be a legally binding signature.


More information about the squid-users mailing list