I was configuring a newly installed Squid cache on newly installed CentOS 5.2 to use a new partition for it’s cache dir.
Squid version:
[root@localhost ~]# squid -v
Squid Cache: Version 2.6.STABLE6
configure options: '--build=i686-redhat-linux-gnu' '--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--datadir=/usr/share' '--sysconfdir=/etc/squid' '--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru' '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl' '--with-openssl=/usr/kerberos' '--enable-delay-pools' '--enable-linux-netfilter' '--with-pthreads' '--enable-ntlm-auth-helpers=SMB,fakeauth' '--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group' '--enable-auth=basic,digest,ntlm' '--enable-digest-auth-helpers=password' '--with-winbind-auth-challenge' '--enable-useragent-log' '--enable-referer-log' '--disable-dependency-tracking' '--enable-cachemgr-hostname=localhost' '--enable-underscores' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL' '--enable-cache-digests' '--enable-ident-lookups' '--with-large-files' '--enable-follow-x-forwarded-for' '--enable-wccpv2' '--enable-fd-config' '--with-maxfd=16384' 'CFLAGS=-fPIE -Os -g -pipe -fsigned-char' 'LDFLAGS=-pie' 'build_alias=i686-redhat-linux-gnu' 'host_alias=i686-redhat-linux-gnu' 'target_alias=i386-redhat-linux-gnu'
[root@localhost ~]#
Added a new disk, partitioned and formatted as ext3.
Related entry in /etc/fstab:
/dev/sdb1 /squid ext3 user,defaults 0 0
Adding related entry in /etc/squid/squid.conf:
...
cache_dir ufs /squid/cache 900 16 256
...
Creating cache dir:
[root@localhost /]# squid -z -F
2010/06/01 17:44:52| Creating Swap Directories
[root@localhost /]# ls -o /squid/cache/
total 128
drwxr-x--- 258 squid 4096 Jun 1 17:44 00
drwxr-x--- 258 squid 4096 Jun 1 17:44 01
drwxr-x--- 258 squid 4096 Jun 1 17:44 02
drwxr-x--- 258 squid 4096 Jun 1 17:44 03
drwxr-x--- 258 squid 4096 Jun 1 17:44 04
drwxr-x--- 258 squid 4096 Jun 1 17:44 05
drwxr-x--- 258 squid 4096 Jun 1 17:44 06
drwxr-x--- 258 squid 4096 Jun 1 17:44 07
drwxr-x--- 258 squid 4096 Jun 1 17:44 08
drwxr-x--- 258 squid 4096 Jun 1 17:44 09
drwxr-x--- 258 squid 4096 Jun 1 17:44 0A
drwxr-x--- 258 squid 4096 Jun 1 17:44 0B
drwxr-x--- 258 squid 4096 Jun 1 17:44 0C
drwxr-x--- 258 squid 4096 Jun 1 17:44 0D
drwxr-x--- 258 squid 4096 Jun 1 17:44 0E
drwxr-x--- 258 squid 4096 Jun 1 17:44 0F
[root@localhost /]#
Run Squid:
[root@localhost /]# service squid start
Starting squid: /etc/init.d/squid: line 53: 2276 Aborted $SQUID $SQUID_OPTS >> /var/log/squid/squid.out 2>&1
[FAILED]
Related entries in /var/log/messages
Jun 1 17:47:54 localhost kernel: NET: Registered protocol family 10
Jun 1 17:47:54 localhost kernel: lo: Disabled Privacy Extensions
Jun 1 17:47:54 localhost kernel: IPv6 over IPv4 tunneling driver
Jun 1 17:47:54 localhost kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Jun 1 17:47:54 localhost kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Jun 1 17:47:54 localhost kernel: Netfilter messages via NETLINK v0.30.
Jun 1 17:47:54 localhost kernel: ip_conntrack version 2.4 (1024 buckets, 8192 max) - 228 bytes per conntrack
Jun 1 17:47:54 localhost kernel: eth0: link up
Jun 1 17:47:56 localhost kernel: audit(1275389276.752:4): avc: denied { search } for pid=1776 comm="squid" name="/" dev=sdb1 ino=2 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Jun 1 17:47:56 localhost squid: cache_dir /squid/cache: (13) Permission denied
In my case the culprit was SELinux. To disable SELinux:
nano /etc/selinux/config
Set SELINUX to disabled:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
Save and exit nano.
Apply the new SELinux state (without restarting the machine):
setenforce 0
Its also worth checking the owner of the cache_dir
Set the owner of cache_dir to squid:
chown -R squid:squid /squid/cache
Remove the contents of cache dir:
rm -fr /squid/cache/*
Re-create cache dir:
squid -z -F
2010/06/01 17:54:12| Creating Swap Directories
Start squid:
service squid start
Good luck!
No Comments