Can you verify if SELINUX is enabled\enforced?
If so change it to disabled as a basic test to the ssl_crtd issue.
Eliezer
On 06/26/2014 07:37 AM, Mike wrote:
I am looking for suggestions on a newer or slightly altered startup
script for use with squid 3.4.5 and CentOS based system (Scientific
Linux 6.5).
The issue is after a system reboot, during startup the ssl_crtd helpers
are crashing causing squid to not load on startup. Yet we can do a
"service squid start" immediately after it stops, and it starts and
works fine until the next reboot. I suspect there is something needed in
the script to avert this issue since it is a newer squid. I tried the
one that came with the 3.4.5 (squid.rc) but it is not functioning
properly on this system.
We have tried a delay script of up to 2 minutes and that is not helping,
any initial statup still has the same problem.
This is a remote server and we need it to work on startup without
needing to do extra time via SSH after it reboots to start it up every
time, especially once we roll this out to the 5 other servers. I've
checked the squid.out, cache.log and other squid and system related logs
and none of them give us any idea of why it is doing that only at startup.
12 seconds after initial startup attempt and multiple ssl_crtd helper
crashes:
Jun 25 23:25:47 i3540 (squid-1): The ssl_crtd helpers are crashing too
rapidly, need help!
Jun 25 23:25:47 i3540 squid[1674]: Squid Parent: (squid-1) process 1762
exited with status 1
Jun 25 23:25:47 i3540 squid[1674]: Squid Parent: (squid-1) process 1762
will not be restarted due to repeated, frequent failures
Jun 25 23:25:47 i3540 squid[1674]: Exiting due to repeated, frequent
failures
Then after we do a "service squid start":
Jun 25 23:26:24 i3540 squid[1810]: Squid Parent: will start 1 kids
Jun 25 23:26:25 i3540 squid[1810]: Squid Parent: (squid-1) process 1812
started
and no more crashes.
I have tried at least 3 or 4 versions online and none of them work.
Either they do not work properly with "service squid start" or there are
other issues.
My current squid init script which was borrowed from a previous version
(3.1.10). again, everything works except the ssl_crtd crashing ONLY on
startup after a reboot:
=====
#!/bin/bash
# chkconfig: - 90 25
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
#
### BEGIN INIT INFO
# Provides: squid
# Short-Description: starting and stopping Squid Internet Object Cache
# Description: Squid - Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to
the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
### END INIT INFO
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
fi
# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-""}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-60}
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
SQUID_PIDFILE_DIR="/var/run/squid"
SQUID_USER="squid"
SQUID_DIR="squid"
# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid
prog="$SQUID"
# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
grep cache_dir | awk '{ print $3 }'`
RETVAL=0
probe() {
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1
[ `id -u` -ne 0 ] && exit 4
# check if the squid conf file is present
[ -f $SQUID_CONF ] || exit 6
}
start() {
# echo "1 minute startup delay - to give ssl_crtd time to restart
properly"
# sleep 60
# Check if $SQUID_PIDFILE_DIR exists and if not, lets create it
and give squid permissions.
if [ ! -d $SQUID_PIDFILE_DIR ] ; then mkdir $SQUID_PIDFILE_DIR
; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi
probe
parse=`$SQUID -k parse -f $SQUID_CONF 2>&1`
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo -n $"Starting $prog: "
echo_failure
echo
echo "$parse"
return 1
fi
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
$SQUID -z -F -f $SQUID_CONF >>
/var/log/squid/squid.out 2>&1
fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
timeout=10;
while : ; do
[ ! -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
RETVAL=1
break
fi
sleep 10 && echo -n "."
timeout=$((timeout+1))
done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
$SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown -f $SQUID_CONF &
rm -f /var/lock/subsys/$SQUID
timeout=0
while : ; do
[ -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
if [ ! -e /var/lock/subsys/$SQUID ]; then
RETVAL=0
fi
echo
fi
rm -rf $SQUID_PIDFILE_DIR/*
return $RETVAL
}
reload() {
$SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF
}
restart() {
stop
rm -rf $SQUID_PIDFILE_DIR/*
start
}
condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}
rhstatus() {
status $SQUID && $SQUID -k check -f $SQUID_CONF
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload|force-reload)
reload
;;
restart)
restart
;;
condrestart|try-restart)
condrestart
;;
status)
rhstatus
;;
probe)
probe
;;
*)
echo $"Usage: $0
{start|stop|status|reload|force-reload|restart|try-restart|probe}"
exit 2
esac
exit $?
=====
Any help on this would be appreciated
Mike
