Re: Portal Splash Page 4.7 -> 5.7 FATAL: (ext_session_acl): Failed to open session db

"MATYAS, Tibor" <tibor.matyas@xxxxxxxxx> · Wed, 22 Feb 2023 09:10:48 +0100

Here are the results of my further investigations and debug sessions:

#1 external_acl_type session concurrency=100 ttl=3 %SRC 
/usr/libexec/squid/ext_session_acl -a -T 10800
without -b -> use RAM for storing the session: same error result.

#2 ext_session_acl cannot be compiled without tdb, even if I compile 
squid 5 without tdb:
ldd ext_session_acl
        linux-vdso.so.1 (0x00007ffe88d43000)
        libtdb.so.1 => /usr/lib64/libtdb.so.1 (0x00007fe62eba1000)
        ...

Installed tdb version is 1.4.7 .... error result

#3 try older tdb versions 1.4.0 ... 1.4.7 same error result
test with tdb v1.3 not done, since more overhead, also v1.3 old!

note: all tests made on a gentoo system, all packages are compiled from 
source.
So in my opinion it can be a tdb version issue or a gentoo specific issue...

A list member gave me the motivation to write an own session helper.
I looked around and switched (on the test server) to my own helper with 
redis backend (ttl built-in :-) ).

br, Tibor

Am 17.02.2023 um 20:43 schrieb Alex Rousskov:
On 2/17/23 14:27, MATYAS, Tibor wrote:

A statement, that that part has no regressions, works also in the 5.x 
versions would give me hope :-D

Hopefully, somebody using the session db helper would be able to 
confirm that for you.

FWIW, some of the code involved in your test is not a part of our 
automatic regression testing suite (yet?), and the session helper code 
itself was changed since Squid v4, so regressions are very much possible.

Good luck,

Alex.

Am 17.02.2023 um 17:30 schrieb Alex Rousskov:
On 2/17/23 09:20, MATYAS, Tibor wrote:

FATAL: (ext_session_acl): Failed to open session db 
'/tmp/session/session'

An empty session file with zero byte is always created (with or
without tdb), and then the error flow.

This is a long shot, but check permissions of that file (and its 
directory). Will Squid effective user be able to open that file for 
writing? I would expect the helper to not be able to create a file 
at all if this is a permissions issue, but it is easy to check.

If checking permissions does not give you an answer, I would try 
wrapping the helper in a script to strace it (or equivalent). If you 
are lucky, you will see a failed helper system call just before the 
helper system calls that emit the above error message. That failure 
may explain what is going on.

If nothing helps, I would attach gdb to the helper, but that 
requires even more work.

HTH,

Alex.

Am 17.02.2023 um 10:09 schrieb MATYAS, Tibor:
Hello List,

trying to move from 4.7 to 5.7 (on gentoo Linux).
Splash portal is in use 
https://wiki.squid-cache.org/ConfigExamples/Portal/Splash

squid -k parse -> OK
/var/lib/squid/session/ is clean, old berkeleyDB session files 
deleted.
Owner of the folder is the squid user.

Squid compiled with tdb:

Squid Cache: Version 5.7
Service Name: squid
Gentoo squid-5.7-r1 (r: NONE)
This binary uses OpenSSL 1.1.1t  7 Feb 2023. For legal 
restrictions on distribution see 
https://www.openssl.org/source/license.html
configure options:  '--prefix=/usr' '--build=x86_64-pc-linux-gnu' 
'--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--datadir=/usr/share' 
'--sysconfdir=/etc' '--localstatedir=/var/lib' 
'--datarootdir=/usr/share' '--disable-dependency-tracking' 
'--disable-silent-rules' '--disable-static' 
'--docdir=/usr/share/doc/squid-5.7-r1' 
'--htmldir=/usr/share/doc/squid-5.7-r1/html' '--with-sysroot=/' 
'--libdir=/usr/lib64' '--datadir=/usr/share/squid' 
'--libexecdir=/usr/libexec/squid' '--localstatedir=/var' 
'--sysconfdir=/etc/squid' '--with-default-user=squid' 
'--with-logdir=/var/log/squid' '--with-pidfile=/run/squid.pid' 
'--enable-build-info=Gentoo squid-5.7-r1 (r: NONE)' 
'--enable-log-daemon-helpers' '--enable-url-rewrite-helpers' 
'--enable-cache-digests' '--enable-delay-pools' '--enable-disk-io' 
'--enable-eui' '--enable-icmp' '--enable-ipv6' 
'--enable-follow-x-forwarded-for' 
'--enable-removal-policies=lru,heap' 
'--disable-strict-error-checking' '--disable-arch-native' 
'--with-large-files' '--with-build-environment=default' 
'--with-tdb' '--without-included-ltdl' 
'--with-ltdl-include=/usr/include' '--with-ltdl-lib=/usr/lib64' 
'--with-libcap' '--enable-snmp' '--with-openssl' '--with-nettle' 
'--with-gnutls' '--enable-ssl-crtd' '--without-systemd' 
'--without-cppunit' '--disable-ecap' '--disable-esi' 
'--disable-expat' '--disable-libxml2' '--enable-htcp' 
'--enable-wccp' '--enable-wccpv2' '--without-mit-krb5' 
'--without-heimdal-krb5' '--enable-linux-netfilter' 
'--enable-storeio=aufs,diskd,rock,ufs' 
'--enable-auth-basic=NCSA,POP3,getpwnam,PAM' 
'--enable-auth-digest=file' '--enable-auth-ntlm=none' 
'--enable-auth-negotiate=none' 
'--enable-external-acl-helpers=file_userip,session,unix_group,delayer,time_quota' 
'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 
'CC=x86_64-pc-linux-gnu-gcc' 'CFLAGS=-march=nocona -O2 -pipe 
-fomit-frame-pointer' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed' 
'CXXFLAGS=-march=nocona -O2 -pipe -fomit-frame-pointer' 
'BUILDCXX=x86_64-pc-linux-gnu-g++' 'BUILDCXXFLAGS=-march=nocona 
-O2 -pipe -fomit-frame-pointer'

starting squid results in:

FATAL: (ext_session_acl): Failed to open session db 
'/var/lib/squid/session/session'
2023/02/17 09:21:11 kid1| WARNING: external_acl_type #Hlpr27652 
exited
    current master transaction: master3
2023/02/17 09:21:11 kid1| Too few external_acl_type processes are 
running (need 1/1)
    current master transaction: master3
2023/02/17 09:21:11 kid1| Starting new helpers
    current master transaction: master3
2023/02/17 09:21:11 kid1| helperOpenServers: Starting 1/1 
'ext_session_acl' processes
    current master transaction: master3

What am I missing?

Thanks a lot and br
Tibor

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

--------------------------------------------------
DSI Aerospace Technologie GmbH

Sitz der Gesellschaft: Otto-Lilienthal-Str. 1, D-28199 Bremen, Germany
Web: http://www.dsi-as.de

Geschaeftsfuehrer: Dr.-Ing. Christian Dierker
                   M. Sc. Elias Hashem

HRB 17726, Amtsgericht Bremen
USt-IdNr.: DE 192 681 774
--------------------------------------------------

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

--------------------------------------------------
DSI Aerospace Technologie GmbH

Sitz der Gesellschaft: Otto-Lilienthal-Str. 1, D-28199 Bremen, Germany
Web: http://www.dsi-as.de

Geschaeftsfuehrer: Dr.-Ing. Christian Dierker
                   M. Sc. Elias Hashem

HRB 17726, Amtsgericht Bremen
USt-IdNr.: DE 192 681 774
--------------------------------------------------

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

--------------------------------------------------
DSI Aerospace Technologie GmbH

Sitz der Gesellschaft: Otto-Lilienthal-Str. 1, D-28199 Bremen, Germany
Web: http://www.dsi-as.de

Geschaeftsfuehrer: Dr.-Ing. Christian Dierker
                  M. Sc. Elias Hashem

HRB 17726, Amtsgericht Bremen
USt-IdNr.: DE 192 681 774
--------------------------------------------------

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users