RE: [squid-users] Cache dir problem with LVM

From: Frenette, Jean-Sébastien <[email protected]>
Date: Wed, 24 Oct 2007 14:05:55 -0400

How about turning selinux off since that server only serve as a proxy-cache and is protected by a firewall on both side of it's connection (we have a firewall on the lan and wan around that station)

-----Message d'origine-----
De : Colin Campbell [mailto:sgcccdc@citec.qld.gov.au]
Envoyé : 23 octobre 2007 19:40
À : Frenette, Jean-Sébastien
Cc : squid-users@squid-cache.org
Objet : RE: [squid-users] Cache dir problem with LVM

Hi,

On Tue, 2007-10-23 at 19:28 -0400, Frenette, Jean-Sébastien wrote:
> I'm running fedora core 6.
>
> I already put squid so it can connect to any port in selinux, but it seems it's not the same conf as you are saying.
>
> What I di dis:
>
> setsebool -P squid_connect_any=1

You're probably running into all sorts of issues with selinux. I'm no
expert on it but you might need to investigate "fixfiles". It could be
that the new filesystem isn't properly configured as far as selinux is
concerned to allwo squid to use it. Using "audit2allow" will soon let
you know if that's the case.

Here's a script I use for "fixing" my local policy.

-------------------------------------8<------------------------------
#! /bin/sh
audit2allow -m local -l -i /var/log/messages || exit
/bin/echo -n "Continue? [Y|n]: "
read yorn
if [ "$yorn" = "n" -o "$yorn" = "N" ]; then
        :
else
        cd /root/selinux
        audit2allow -m local -l -i /var/log/messages >> local.te
        vi local.te
        /bin/echo -n "Load policy? [Y|n]: "
        read yorn
        if [ "$yorn" = "n" -o "$yorn" = "N" ]; then
                :
        else
                checkmodule -M -m -o local.mod local.te
                semodule_package -o local.pp -m local.mod
                semodule -i local.pp
        fi
fi
echo Done.
-------------------------------------8<------------------------------

Bear in mind you usually need to run it quite a few times before
something will work. That's because you can find things like:

- start some program
- file creation being blocked
- fix selinux policy
- start some program
- file read being blocked
- fix selinux policy
- start some program
- file write being blocked
- fix selinux policy
.....

Alternatively just set selinux to permissive, get things working and
check the logs. Then you can fix everything for selinux and then change
it to enforcing.

Colin


>
> -----Message d'origine-----
> De : Colin Campbell [mailto:sgcccdc@citec.qld.gov.au]
> Envoyé : 23 octobre 2007 18:56
> À : Frenette, Jean-Sébastien
> Cc : squid-users@squid-cache.org
> Objet : RE: [squid-users] Cache dir problem with LVM
>
> Hi,
>
> On Tue, 2007-10-23 at 16:57 -0400, Frenette, Jean-Sébastien wrote:
> > I'm running selinux. Weird thing is that it failed only when I mount the lvm, if I put it anywhere else, it work.
>
> In that case you need to do one of the following:
>
> a) turn selinux off or
> b) set selinux to permissive or
> c) configure selinux to allow what you're trying to do - read up on
> "audit2allow". It's behaviour varies with OS release (eg RHEL4 is very
> different to RHEL5) so I can't give you instructions without knowing
> your OS.
>
> Colin
>
> >
> > JS
> >
> >
> > -----Message d'origine-----
> > De : Colin Campbell [mailto:sgcccdc@citec.qld.gov.au]
> > Envoyé : 22 octobre 2007 20:56
> > À : Amos Jeffries
> > Cc : Frenette@treenetnz.com; Frenette, Jean-Sébastien; squid-users@squid-cache.org
> > Objet : RE: [squid-users] Cache dir problem with LVM
> >
> > Hi,
> >
> > All the permissions look okay. Are you running selinux or similar?
> >
> > Colin
> >
> > On Tue, 2007-10-23 at 12:08 +1300, Amos Jeffries wrote:
> > > Just a thought:
> > >
> > > What path does squid.conf have for all *_log and cache_dir settings?
> > > (and any other that require filenames)
> > >
> > > Amos
> > >
> > >
> > > > umount
> > > > # ls -ld /var/spool/squid
> > > > drwxr-x--- 2 squid squid 4096 oct 17 13:43 /var/spool/squid
> > > >
> > > > mount
> > > > ls -ld /var/spool/squid
> > > > drwxr-x--- 20 squid squid 4096 oct 22 10:04 /var/spool/squid
> > > >
> > > > It's the same.
> > > >
> > > > mount
> > > > ls -l /var/spool/squid
> > > > total 152
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 00
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 01
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 02
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 03
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 04
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 05
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 06
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 07
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 08
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 09
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 0A
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 0B
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 0C
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 0D
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 0E
> > > > drwxr-x--- 258 squid squid 4096 oct 22 10:04 0F
> > > > drwxr-x--- 18 squid squid 4096 oct 19 05:47 1
> > > > drwxr-x--- 2 squid squid 16384 oct 15 14:45 lost+found
> > > >
> > > > Here's what was created after squid -z ran.
> > > >
> > > > Jean-Sébastien Frenette
> > > > Technicien Informatique
> > > > Centre d'Assistance Technique
> > > > Département Informatique
> > > > Collège Montmorency
> > > > (450) 975-6100Â poste 6108
> > > > Â
> > > > jsfrenette@cmontmorency.qc.ca
> > > >
> > > >
> > > > -----Message d'origine-----
> > > > De : Colin Campbell [mailto:sgcccdc@citec.qld.gov.au]
> > > > Envoyé : 21 octobre 2007 19:17
> > > > À : Frenette, Jean-Sébastien
> > > > Cc : squid-users@squid-cache.org
> > > > Objet : RE: [squid-users] Cache dir problem with LVM
> > > >
> > > > Hi,
> > > >
> > > > Can you show us the following.
> > > >
> > > > 1. Unmount /var/spool/squid
> > > > ls -ld /var/spool/squid
> > > >
> > > > 2. Mount /var/spool/squid
> > > > ls -ld /var/spool/squid
> > > >
> > > > Colin
> > > >
> > > >> On Fri, 2007-10-19 at 09:52 -0400, Frenette, Jean-Sébastien wrote:
> > > >> I only have 1 squid. Before I did squid -z, the only thing that was in
> > > >> the LVM is lost+found, which is normal. Then, when starting squid, I had
> > > >> an error to the swap too, same error saying permission is denied. Then,
> > > >> I saw the squid -z command and ran it. It created the swap and all the
> > > >> 00 01 02 03... folders. Since then, no more swap error but the cache dir
> > > >> error still happen
> > > >>
> > > >> Jean-Sébastien Frenette
> > > >> Technicien Informatique
> > > >> Centre d'Assistance Technique
> > > >> Département Informatique
> > > >> Collège Montmorency
> > > >> (450) 975-6100 poste 6108
> > > >>
> > > >> jsfrenette@cmontmorency.qc.ca
> > > >>
> > > >> -----Message d'origine-----
> > > >> De : Amos Jeffries [mailto:squid3@treenet.co.nz]
> > > >> Envoyé : 18 octobre 2007 21:53
> > > >> À : Frenette@treenetnz.com; Frenette, Jean-Sébastien
> > > >> Cc : squid-users@squid-cache.org
> > > >> Objet : RE: [squid-users] Cache dir problem with LVM
> > > >>
> > > >> > Hello,
> > > >> >
> > > >> > I already did chown and chmod like stated in my last email, problem
> > > >> isn't
> > > >> > perm setting on folder since even if I log in squid, I can write in
> > > >> those
> > > >> > folder.
> > > >> >
> > > >> > JSF
> > > >> >
> > > >>
> > > >> You say you had the same problem in swap until you ran squid -z for
> > > >> that.
> > > >> But have not indicated whether you used squid -z to create the LVM
> > > >> structure too?
> > > >> It may be a matter of erasing the cache in LVM, mounting the clean
> > > >> folder
> > > >> and running squid -z.
> > > >>
> > > >> Also, note that each squid needs a unique cache, no sharing is possible
> > > >> yet.
> > > >>
> > > >> Amos
> > > >>
> > > >> > -----Message d'origine-----
> > > >> > De : ajcorrea@gmail.com [mailto:ajcorrea@gmail.com] De la part de
> > > >> > Alexandre Correa
> > > >> > Envoyé : 17 octobre 2007 21:43
> > > >> > À : squid-users@squid-cache.org
> > > >> > Cc : Frenette, Jean-Sébastien
> > > >> > Objet : Re: [squid-users] Cache dir problem with LVM
> > > >> >
> > > >> > try this,
> > > >> > whit lvm mounted on /var/spool/squid
> > > >> >
> > > >> > chown squid:squid /var/spool/squid
> > > >> > chown squid:squid -R /var/spool/squid/*
> > > >> >
> > > >> > chmod 744 /var/spool/squid
> > > >> > chmod 744 -R /var/spool/squid/*
> > > >> >
> > > >> > maybe this can work :)
> > > >> >
> > > >> > regards,
> > > >> >
> > > >> > AlexandrE
> > > >> >
> > > >> > On 10/17/07, Frenette, Jean-Sébastien
> > > >> <JSFrenette@cmontmorency.qc.ca>
> > > >> > wrote:
> > > >> >> Hi everyone,
> > > >> >>
> > > >> >> I have a little problem. For my squid cache folder, I've set a Raid
> > > >> >> (LVM) volume name « VolGroup00-LogVolSquidCache1 » that I mount to
> > > >> >> /var/spool/squid/ (this is where my cache folder point to).
> > > >> >>
> > > >> >> Now, when I start squid, I get:
> > > >> >> FATAL: cache_dir /var/spool/squid/1/: (13) Permission denied Squid
> > > >> Cache
> > > >> >> (Version 2.6.STABLE13): Terminated abnormally.
> > > >> >> CPU Usage: 0.012 seconds = 0.008 user + 0.004 sys Maximum Resident
> > > >> Size:
> > > >> >> 0 KB Page faults with physical i/o: 0
> > > >> >>
> > > >> >> I've changed the own to squid.squid so everything in /var/spool/squid
> > > >> is
> > > >> >> chown -R squid.squid
> > > >> >>
> > > >> >> Samething for the logs.
> > > >> >>
> > > >> >> I had the same problem with the swap drive until I ran squid -z,
> > > >> which
> > > >> >> created all the folder.
> > > >> >>
> > > >> >> Anywhere I mount my LVM volume and then point my cache there, it
> > > >> failed.
> > > >> >> If I point anywhere else, it work.
> > > >> >>
> > > >> >> Anybody have an answer?
> > > >> >>
> > > >> >> Thanks
> > > >> >>
> > > >> >> JSF
> > > >> >>
> > > >> >
> > > >> > --
> > > >> > Sds.
> > > >> >
> > > >> > Alexandre Jeronimo Correa
> > > >> >
> > > >> > Onda Internet - http://www.ondainternet.com.br
> > > >> > OPinguim Hosting - http://www.opinguim.net
> > > >> >
> > > >> > Linux User ID #142329
> > > >> >
> > > >> > UNOTEL S/A - http://www.unotel.com.br
> > > >> >
> > > >>
> > > >>
> > > >>
> > > > --
> > > > Colin Campbell
> > > > Unix Support/Postmaster/Hostmaster
> > > > Citec
> > > > +61 7 3227 6334
> > > >
> > >
> > >
--
Colin Campbell
Unix Support/Postmaster/Hostmaster
Citec
+61 7 3227 6334
Received on Wed Oct 24 2007 - 12:05:05 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:02 MDT