Bug 40091 - U@S40R2: squid - more auth helpers and URL redirectors by default
U@S40R2: squid - more auth helpers and URL redirectors by default
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Proxy services
UCS@school 4.0 R2
Other Linux
: P5 enhancement (vote)
: UCS@school 4.0 R2 Errata
Assigned To: Sönke Schwardt-Krummrich
Daniel Tröder
:
Depends on: 34045 40092 40094
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-24 21:54 CET by Sönke Schwardt-Krummrich
Modified: 2015-12-21 16:26 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2015-11-24 21:54:27 CET
This has to be fixed in UCS@school 4.0 R2, too. See Bug #34045.

+++ This bug was initially created as a clone of Bug #34045 +++

By default, squid.conf starts 5 authentication helpers and 5 URL redirector processes. That might not be enough for a school:

---cache.log
 WARNING: All ntlmauthenticator processes are busy.
 WARNING: 10 pending requests queued
 Consider increasing the number of ntlmauthenticator processes in your co
nfig file.
...
 WARNING: All redirector processes are busy.
 WARNING: 5 pending requests queued
 Consider increasing the number of redirector processes in your config file
---


 ucr set squid/ntlmauth/children=50
 ucr set  squid/basicauth/children=50

Since there is not an UCR variable like squid/redirect/children, the change has to be made in the local configuration file:

#---/etc/squid3/local.conf
#...
url_rewrite_children 20
#---

There is an old bug about this: Bug #18456
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2015-11-26 17:01:50 CET
Prepared erratum for UCS@school 4.0 R2:
ucs-school-webproxy now sets the following UCR variables if still unset:
- squid/rewrite/children?20
- squid/basicauth/children?50
- squid/ntlmauth/children?50
- squid/krb5auth/children?50

Exept for squid/ntlmauth/children all UCR variable should be unset if unmodified.
squid/ntlmauth/children is set to 10 by ucs-school-webproxy in previous versions.
If the UCR variable still holds a value of "10", the UCR variable is updated to 50 automatically.

xml changelog entry has been added

ucs-school-webproxy (11.0.8-2):
r65958 | Bug #40091: increased number of squid's helper processes
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2015-11-27 17:53:44 CET
Bug: squid/ntlmauth/children is still set to "10" after update.
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2015-11-30 13:07:21 CET
ucs-school-webproxy (11.0.8-3):
r65981 | Bug #40091: removed outdated code block that has never been called
r65980 | Bug #40091: automatically raise default of squid/ntlmauth/children to 50
r65958 | Bug #40091: increased number of squid's helper processes
Comment 4 Daniel Tröder univentionstaff 2015-11-30 17:45:30 CET
OK: code
OK: result:

root@dc2000:~# ucr search squid/.*/children
squid/basicauth/children: 50
squid/krb5auth/children: 50
squid/ntlmauth/children: 50
squid/rewrite/children: 20

root@dc2000:~# pstree | grep squid
     |-squid3---squid3-+-20*[squidGuard]
     |                 |-50*[squid_ldap_auth]
     |                 |-50*[squid_ldap_ntlm]
Comment 5 Sönke Schwardt-Krummrich univentionstaff 2015-12-21 16:26:09 CET
UCS@school 4.0 R2 v4 has been released:
http://docs.univention.de/release-notes-ucsschool-4.0R2v4-de.html

If this error occurs again, please use "Clone This Bug".