Bug#956581: Fwd: squid: Starting sdquid by systemd fails when local fs /var is not ready.

2020-05-23 Thread Amos Jeffries 
On Mon, 13 Apr 2020 11:27:31 +0200 Tilman Heinrich wrote:
> 
> I installed squid early when I set up a special router. The start
> repeatedlyfails by inaccessibility of files at the dedicated /var
> partition (dev/md1). The result was a stopped squid service due to a
> failed restart.
> 
> The first solution was to change the triggered path for restart in
> /etc/resolvconf/update-libc.d/squid from /usr/sbin to /var/log. Later I
> found that the unit decription in the systemd configuration file
> /lib/systemd/system/squid.service is incomlete, because of the omitted
> depency for the local-fs.target. So I copied the file to
> /etc/systemd/system/squid.service and added the missing depency to the
> "After=" statement - this should be the default for the unit description
> under /lib/systemd/system/ when started up by systemd.


The FHS paths are supposed to be mounted by systemd basic.target which
is itself supposed to be automatically added to the dependencies by
systemd itself.

It sounds like the non-local mounting is done in a non-systemd way on
your filesystem, or with some mount options that confuse systemd (not hard).


To integrate local requirements with squid.service defaults, run:

 sudo systemctl edit squid.service

then enter any systemd settings you need for the local customizations.
AFAIK, the settings there will be added to the Squid package ones. So
should be no need to copy the normal squid.service contents.


Amos

Bug#956581: Fwd: squid: Starting sdquid by systemd fails when local fs /var is not ready.

2020-04-13 Thread Tilman Heinrich 

Package: squid
Version: 4.6-1+deb10u1
Severity: important
Tags: patch

Dear Maintainer,

I installed squid early when I set up a special router. The start
repeatedlyfails by inaccessibility of files at the dedicated /var
partition (dev/md1). The result was a stopped squid service due to a
failed restart.

The first solution was to change the triggered path for restart in
/etc/resolvconf/update-libc.d/squid from /usr/sbin to /var/log. Later I
found that the unit decription in the systemd configuration file
/lib/systemd/system/squid.service is incomlete, because of the omitted
depency for the local-fs.target. So I copied the file to
/etc/systemd/system/squid.service and added the missing depency to the
"After=" statement - this should be the default for the unit description
under /lib/systemd/system/ when started up by systemd.

As long as /var is a local fs and not a remote one this should be
sufficient. I have not tested whether this solution (without the path
change in the updater configuration) eventually doesn't work, like
described in bug report #932593.

Regards Tilman

-- System Information:
Debian Release: 10.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages squid depends on:
ii adduser 3.118
ii libc6 2.28-10
ii libcap2 1:2.25-2
ii libcom-err2 1.44.5-1+deb10u3
ii libdb5.3 5.3.28+dfsg1-0.5
ii libdbi-perl 1.642-1+b1
ii libecap3 1.0.1-3.2
ii libexpat1 2.2.6-2+deb10u1
ii libgcc1 1:8.3.0-6
ii libgnutls30 3.6.7-4+deb10u3
ii libgssapi-krb5-2 1.17-3
ii libkrb5-3 1.17-3
ii libldap-2.4-2 2.4.47+dfsg-3+deb10u1
ii libltdl7 2.4.6-9
ii libnetfilter-conntrack3 1.0.7-1
ii libnettle6 3.4.1-1
ii libpam0g 1.3.1-5
ii libsasl2-2 2.1.27+dfsg-1+deb10u1
ii libstdc++6 8.3.0-6
ii libxml2 2.9.4+dfsg1-7+b3
ii logrotate 3.14.0-4
ii lsb-base 10.2019051400
ii netbase 5.6
ii squid-common 4.6-1+deb10u1

Versions of packages squid recommends:
ii ca-certificates 20190110
ii libcap2-bin 1:2.25-2

Versions of packages squid suggests:
ii resolvconf 1.79
pn smbclient 
pn squid-cgi 
pn squid-purge 
pn squidclient 
pn ufw 
pn winbind 

-- Configuration Files:
/etc/resolvconf/update-libc.d/squid changed:
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
if [ -d /var/log ] ; then
invoke-rc.d squid reload || true
fi

/etc/squid/squid.conf changed:
acl manager proto cache_object
acl localnet src 192.168.*.0/24 #rdbl.heinrich.intra - work zone
acl localdmz src 192.168.*.0/24 #rdbl.heinrich.intra - dmz zone
acl localhome src 192.168.*.0/24 #rdbl.heinrich.intra - home zone
acl SSL_ports port 443 563 873
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 488 # gss-http
acl Safe_ports port 1025-65535 # unregistered ports
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow localhost manager
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access allow localhome
http_access deny all
http_reply_access allow localnet
http_reply_access allow localhome
http_reply_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128
cache_mem 200 MB
maximum_object_size_in_memory 40 KB
cache_replacement_policy heap GDSF
cache_dir aufs /var/spool/squid 2048 16 256
maximum_object_size 40 MB
cache_swap_low 94
cache_swap_high 96
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
cache_effective_user proxy
forwarded_for off
coredump_dir /var/spool/squid


-- no debconf information

11c11
< After=network.target network-online.target nss-lookup.target
---
> After=local-fs.target network.target network-online.target nss-lookup.target