From 1babedaf5552ae5a049c1630e07c4423d477bab4 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Wed, 12 Jun 2024 18:54:29 -0500 Subject: [PATCH] gw1: squid: Cache RPMs and installer images Installing Fedora on a bunch of machines, simultaneously or in rapid succession, can be painfully slow, as several large files need to be downloaded. To speed this up, we download those files via the proxy and cache them on the proxy server. As a side-effect, the proxy needs to allow access to the Kickstart "server" (i.e. my workstation, at least for now), since Anaconda will use the configured proxy for everything it downloads. --- host_vars/gw1.pyrocufflink.blue/squid.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/host_vars/gw1.pyrocufflink.blue/squid.yml b/host_vars/gw1.pyrocufflink.blue/squid.yml index 235fd67..05cf9ee 100644 --- a/host_vars/gw1.pyrocufflink.blue/squid.yml +++ b/host_vars/gw1.pyrocufflink.blue/squid.yml @@ -5,6 +5,8 @@ squid_acl: - 'src 192.168.0.0/16 # RFC 1918 local private network (LAN)' - 'src fc00::/7 # RFC 4193 local private network range' - 'src fe80::/10 # RFC 4291 link-local (directly plugged) machines' + trusted: + - src 172.30.0.0/26 SSL_ports: - port 443 Safe_ports: @@ -12,6 +14,8 @@ squid_acl: - 'port 443 # https' CONNECT: - method CONNECT + kickstart: + - url_regex rosalina.pyrocufflink.blue/~dustin/kickstart/.*\.ks$ fcos_updates: - dstdomain updates.coreos.fedoraproject.org - dstdomain ostree.fedoraproject.org @@ -34,6 +38,14 @@ squid_http_access: - allow localnet fedora_repo - allow localnet grafana_rpm - allow google_fonts +- allow trusted kickstart - deny all -squid_cache_dir: [] +squid_cache_dir: +- ufs /var/cache/squid 20480 16 256 + +squid_refresh_pattern: +- \.{{ ansible_domain|replace('.', '\.') }} 0 0% 0 +- repomd\.xml$ 0 0% 0 +- (vmlinuz|(initrd|squashfs|install)\.img)$ 480 20% 10080 +- \.rpm$ 86400 80% 2592000