[squid-users] Portal Splash Page 4.7 -> 5.7 FATAL: (ext_session_acl): Failed to open session db
MATYAS, Tibor
tibor.matyas at dsi-as.de
Wed Feb 22 08:10:48 UTC 2023
Here are the results of my further investigations and debug sessions:
#1 external_acl_type session concurrency=100 ttl=3 %SRC
/usr/libexec/squid/ext_session_acl -a -T 10800
without -b -> use RAM for storing the session: same error result.
#2 ext_session_acl cannot be compiled without tdb, even if I compile
squid 5 without tdb:
ldd ext_session_acl
linux-vdso.so.1 (0x00007ffe88d43000)
libtdb.so.1 => /usr/lib64/libtdb.so.1 (0x00007fe62eba1000)
...
Installed tdb version is 1.4.7 .... error result
#3 try older tdb versions 1.4.0 ... 1.4.7 same error result
test with tdb v1.3 not done, since more overhead, also v1.3 old!
note: all tests made on a gentoo system, all packages are compiled from
source.
So in my opinion it can be a tdb version issue or a gentoo specific issue...
A list member gave me the motivation to write an own session helper.
I looked around and switched (on the test server) to my own helper with
redis backend (ttl built-in :-) ).
br, Tibor
Am 17.02.2023 um 20:43 schrieb Alex Rousskov:
> On 2/17/23 14:27, MATYAS, Tibor wrote:
>
>> A statement, that that part has no regressions, works also in the 5.x
>> versions would give me hope :-D
>
> Hopefully, somebody using the session db helper would be able to
> confirm that for you.
>
> FWIW, some of the code involved in your test is not a part of our
> automatic regression testing suite (yet?), and the session helper code
> itself was changed since Squid v4, so regressions are very much possible.
>
>
> Good luck,
>
> Alex.
>
>
>> Am 17.02.2023 um 17:30 schrieb Alex Rousskov:
>>> On 2/17/23 09:20, MATYAS, Tibor wrote:
>>>
>>>> FATAL: (ext_session_acl): Failed to open session db
>>>> '/tmp/session/session'
>>>
>>>> An empty session file with zero byte is always created (with or
>>>> without tdb), and then the error flow.
>>>
>>> This is a long shot, but check permissions of that file (and its
>>> directory). Will Squid effective user be able to open that file for
>>> writing? I would expect the helper to not be able to create a file
>>> at all if this is a permissions issue, but it is easy to check.
>>>
>>> If checking permissions does not give you an answer, I would try
>>> wrapping the helper in a script to strace it (or equivalent). If you
>>> are lucky, you will see a failed helper system call just before the
>>> helper system calls that emit the above error message. That failure
>>> may explain what is going on.
>>>
>>> If nothing helps, I would attach gdb to the helper, but that
>>> requires even more work.
>>>
>>>
>>> HTH,
>>>
>>> Alex.
>>>
>>>
>>>> Am 17.02.2023 um 10:09 schrieb MATYAS, Tibor:
>>>>> Hello List,
>>>>>
>>>>> trying to move from 4.7 to 5.7 (on gentoo Linux).
>>>>> Splash portal is in use
>>>>> https://wiki.squid-cache.org/ConfigExamples/Portal/Splash
>>>>>
>>>>> squid -k parse -> OK
>>>>> /var/lib/squid/session/ is clean, old berkeleyDB session files
>>>>> deleted.
>>>>> Owner of the folder is the squid user.
>>>>>
>>>>> Squid compiled with tdb:
>>>>>
>>>>> Squid Cache: Version 5.7
>>>>> Service Name: squid
>>>>> Gentoo squid-5.7-r1 (r: NONE)
>>>>> This binary uses OpenSSL 1.1.1t 7 Feb 2023. For legal
>>>>> restrictions on distribution see
>>>>> https://www.openssl.org/source/license.html
>>>>> configure options: '--prefix=/usr' '--build=x86_64-pc-linux-gnu'
>>>>> '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man'
>>>>> '--infodir=/usr/share/info' '--datadir=/usr/share'
>>>>> '--sysconfdir=/etc' '--localstatedir=/var/lib'
>>>>> '--datarootdir=/usr/share' '--disable-dependency-tracking'
>>>>> '--disable-silent-rules' '--disable-static'
>>>>> '--docdir=/usr/share/doc/squid-5.7-r1'
>>>>> '--htmldir=/usr/share/doc/squid-5.7-r1/html' '--with-sysroot=/'
>>>>> '--libdir=/usr/lib64' '--datadir=/usr/share/squid'
>>>>> '--libexecdir=/usr/libexec/squid' '--localstatedir=/var'
>>>>> '--sysconfdir=/etc/squid' '--with-default-user=squid'
>>>>> '--with-logdir=/var/log/squid' '--with-pidfile=/run/squid.pid'
>>>>> '--enable-build-info=Gentoo squid-5.7-r1 (r: NONE)'
>>>>> '--enable-log-daemon-helpers' '--enable-url-rewrite-helpers'
>>>>> '--enable-cache-digests' '--enable-delay-pools' '--enable-disk-io'
>>>>> '--enable-eui' '--enable-icmp' '--enable-ipv6'
>>>>> '--enable-follow-x-forwarded-for'
>>>>> '--enable-removal-policies=lru,heap'
>>>>> '--disable-strict-error-checking' '--disable-arch-native'
>>>>> '--with-large-files' '--with-build-environment=default'
>>>>> '--with-tdb' '--without-included-ltdl'
>>>>> '--with-ltdl-include=/usr/include' '--with-ltdl-lib=/usr/lib64'
>>>>> '--with-libcap' '--enable-snmp' '--with-openssl' '--with-nettle'
>>>>> '--with-gnutls' '--enable-ssl-crtd' '--without-systemd'
>>>>> '--without-cppunit' '--disable-ecap' '--disable-esi'
>>>>> '--disable-expat' '--disable-libxml2' '--enable-htcp'
>>>>> '--enable-wccp' '--enable-wccpv2' '--without-mit-krb5'
>>>>> '--without-heimdal-krb5' '--enable-linux-netfilter'
>>>>> '--enable-storeio=aufs,diskd,rock,ufs'
>>>>> '--enable-auth-basic=NCSA,POP3,getpwnam,PAM'
>>>>> '--enable-auth-digest=file' '--enable-auth-ntlm=none'
>>>>> '--enable-auth-negotiate=none'
>>>>> '--enable-external-acl-helpers=file_userip,session,unix_group,delayer,time_quota'
>>>>> 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu'
>>>>> 'CC=x86_64-pc-linux-gnu-gcc' 'CFLAGS=-march=nocona -O2 -pipe
>>>>> -fomit-frame-pointer' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed'
>>>>> 'CXXFLAGS=-march=nocona -O2 -pipe -fomit-frame-pointer'
>>>>> 'BUILDCXX=x86_64-pc-linux-gnu-g++' 'BUILDCXXFLAGS=-march=nocona
>>>>> -O2 -pipe -fomit-frame-pointer'
>>>>>
>>>>> starting squid results in:
>>>>>
>>>>> FATAL: (ext_session_acl): Failed to open session db
>>>>> '/var/lib/squid/session/session'
>>>>> 2023/02/17 09:21:11 kid1| WARNING: external_acl_type #Hlpr27652
>>>>> exited
>>>>> current master transaction: master3
>>>>> 2023/02/17 09:21:11 kid1| Too few external_acl_type processes are
>>>>> running (need 1/1)
>>>>> current master transaction: master3
>>>>> 2023/02/17 09:21:11 kid1| Starting new helpers
>>>>> current master transaction: master3
>>>>> 2023/02/17 09:21:11 kid1| helperOpenServers: Starting 1/1
>>>>> 'ext_session_acl' processes
>>>>> current master transaction: master3
>>>>>
>>>>> What am I missing?
>>>>>
>>>>> Thanks a lot and br
>>>>> Tibor
>>>>>
>>>>> _______________________________________________
>>>>> squid-users mailing list
>>>>> squid-users at lists.squid-cache.org
>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>
>>>>
>>>>
>>>> --------------------------------------------------
>>>> DSI Aerospace Technologie GmbH
>>>>
>>>> Sitz der Gesellschaft: Otto-Lilienthal-Str. 1, D-28199 Bremen, Germany
>>>> Web: http://www.dsi-as.de
>>>>
>>>> Geschaeftsfuehrer: Dr.-Ing. Christian Dierker
>>>> M. Sc. Elias Hashem
>>>>
>>>> HRB 17726, Amtsgericht Bremen
>>>> USt-IdNr.: DE 192 681 774
>>>> --------------------------------------------------
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> squid-users mailing list
>>>> squid-users at lists.squid-cache.org
>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>>
>> --------------------------------------------------
>> DSI Aerospace Technologie GmbH
>>
>> Sitz der Gesellschaft: Otto-Lilienthal-Str. 1, D-28199 Bremen, Germany
>> Web: http://www.dsi-as.de
>>
>> Geschaeftsfuehrer: Dr.-Ing. Christian Dierker
>> M. Sc. Elias Hashem
>>
>> HRB 17726, Amtsgericht Bremen
>> USt-IdNr.: DE 192 681 774
>> --------------------------------------------------
>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
--------------------------------------------------
DSI Aerospace Technologie GmbH
Sitz der Gesellschaft: Otto-Lilienthal-Str. 1, D-28199 Bremen, Germany
Web: http://www.dsi-as.de
Geschaeftsfuehrer: Dr.-Ing. Christian Dierker
M. Sc. Elias Hashem
HRB 17726, Amtsgericht Bremen
USt-IdNr.: DE 192 681 774
--------------------------------------------------
More information about the squid-users
mailing list