Saturday, March 15, 2008

Overload File Descriptor SQUID - OpenBSD 4.2

2008/03/12 10:57:47| sslWriteServer: FD 101: write failure: (32) Broken pipe.
2008/03/12 10:57:49| sslWriteServer: FD 57: write failure: (32) Broken pipe.
2008/03/12 10:57:49| sslWriteServer: FD 187: write failure: (32) Broken pipe.
2008/03/12 10:58:19| sslWriteServer: FD 100: write failure: (32) Broken pipe.
2008/03/12 11:01:01| httpReadReply: Excess data from "GET http://webcsp.msg.yahoo.com/crossdomain.xml"
2008/03/12 11:04:05| WARNING: All url_rewriter processes are busy.
2008/03/12 11:04:05| WARNING: up to 9 pending requests queued
2008/03/12 11:04:11| sslWriteServer: FD 235: write failure: (32) Broken pipe.
2008/03/12 11:04:37| Reconfiguring Squid Cache (version 2.6.STABLE13)...
2008/03/12 11:04:37| FD 24 Closing HTTP connection
2008/03/12 11:04:37| FD 26 Closing ICP connection
2008/03/12 11:04:37| FD 30 Closing SNMP socket

Saya menggunakan OpenBSD 4.2 sebagai squid proxy. Ketika banyak client menggunakan SSL maka akan terjadi hal seperti ini, koneksi SSL akan ngadat lama banget bahkan kadang error.

Gimana yah ngatasinnya:
1. Test pertama recompile squid dengan FD lebih besar
  • echo "kern.maxfiles=8192" >> /etc/sysconf.conf && sysctl -w  kern.maxfiles=8192
  • Edit /usr/port/www/squid/Makefile
    CONFIGURE_ARGS+=--datadir="${PREFIX}/share/squid" \
    --enable-auth="basic digest" \
    --enable-arp-acl \
    --enable-basic-auth-helpers="NCSA YP LDAP" \
    --enable-digest-auth-helpers="password ldap" \
    --enable-external-acl-helpers="ip_user unix_group ldap_group" \
    --enable-removal-policies="lru heap" \
    --enable-delay-pools \
    --enable-ssl \
    --enable-poll \
    --enable-htcp \
    --enable-underscores \
    --enable-referer-log \
    --enable-carp \
    --enable-useragent-log \
    --enable-large-files \
    --enable-cache-digests \
    --enable-storeio="ufs diskd null" \
    --localstatedir="${SQUIDDIR}"
    Save /usr/port/www/squid/Makefile &
    root@cache /usr/ports/www/squid # ulimit -n 8192
    root@cache /usr/ports/www/squid # env FLAVOR="snmp transparent" make

  • Ups errors komplain tentang LDAP Library :
    edit
    {PATH_BUILD}/build-i386-transparent-snmp/helpers/basic_auth/LDAP/Makefile
    {PATH_BUILD}/build-i386-transparent-snmp/helpers/external_acl/ldap_group/Makefile
    tambahkan:
    DEFAULT_INCLUDES= (old-option) -I/usr/local/include
    LDADD = (old-option) -L/usr/local/lib/
    Save &&
    root@cache /usr/ports/www/squid # env FLAVOR="snmp transparent" make
  • Ok tinggal tunggu performance dari squid kita
2. Modify /etc/login.conf && cap_mkdb /etc/login.conf && usermod -L squid _squid

1 comment:

戴眼镜的果栋 said...

Hello
We supply Industrial special floppy drive, 3.5 "the 720K, 2.0MB, 1.6MB, 1.0MB Floppy Disk Drive, TEAC floppy disk drive, SONY floppy disk drive, YE-DATA floppy disk drive, EPSON floppy disk drive, MITSUMI floppy disk drive, Panasonic floppy disk drive, Mitsubishi floppy disk drive, CITIZEN floppy disk drive, NEC floppy disk drive, IBM ZIP 250MB floppy disk drive.SCSI Hard Drives Hitachi (IBM) IC35L SCSI hard drives, Seagate SCSI drives, IBM SCSI hard drives,
MSN: szdomo@gmail.com
http://www.ruanqu.net
QQ: 309995857
OICQ: 497735365

Thanks & Regards,

xu peng