From 1d94dc952802b45d22f8fe5d0a67f2d16b484c73 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 27 Jan 2024 19:57:19 -0600 Subject: [PATCH] r/squid: Support custom cache rules Instead of hard-coding a single cache directory and a set of refresh patterns, the *squid* role can now have custom cache rules defined with the `squid_cache_dir` variable (which now takes a list of `cache_dir` settings) and the `squid_refresh_pattern` variable (which takes a list of refresh patterns). If neither of these are defined, the default configuration is used. This is a breaking change, since `squid_cache_dir` used to refer to a directory, and the previous default was to configure one cache path. There are no extant users of this role, though, so it doesn't really matter. --- roles/squid/defaults/main.yml | 7 ++----- roles/squid/handlers/main.yml | 4 ++++ roles/squid/tasks/main.yml | 27 +++++++++++++++------------ roles/squid/templates/squid.conf.j2 | 14 +++++++++++++- 4 files changed, 34 insertions(+), 18 deletions(-) diff --git a/roles/squid/defaults/main.yml b/roles/squid/defaults/main.yml index 287bf35..de15b18 100644 --- a/roles/squid/defaults/main.yml +++ b/roles/squid/defaults/main.yml @@ -1,8 +1,5 @@ squid_max_object_size: 4096 MB squid_cache_replacement_policy: heap LFUDA -squid_cache_dir_type: aufs -squid_cache_dir: /var/cache/squid -squid_cache_dir_max_size: 51200 -squid_cache_dir_l1: 16 -squid_cache_dir_l2: 256 +# squid_cache_dir: +# - aufs /var/cache/squid 51200 16 256 squid_access_log: syslog:daemon.info diff --git a/roles/squid/handlers/main.yml b/roles/squid/handlers/main.yml index 5bca94b..5d4119b 100644 --- a/roles/squid/handlers/main.yml +++ b/roles/squid/handlers/main.yml @@ -1,3 +1,7 @@ +- name: initialize squid cache directories + command: + /usr/sbin/squid -N -z -F -f /etc/squid/squid.conf + - name: reload squid service: name=squid diff --git a/roles/squid/tasks/main.yml b/roles/squid/tasks/main.yml index f6bc187..2bc8530 100644 --- a/roles/squid/tasks/main.yml +++ b/roles/squid/tasks/main.yml @@ -7,12 +7,15 @@ - name: ensure squid cache dir exists file: - path={{ squid_cache_dir }} - owner=squid - group=squid - mode=0750 - setype=squid_cache_t - state=directory + path: '{{ item.split()[1] }}' + owner: squid + group: squid + mode: u=rwx,g=rx,o= + setype: squid_cache_t + state: directory + loop: '{{ squid_cache_dir|d([]) }}' + notify: + - initialize squid cache directories - name: ensure squid is configured template: @@ -22,12 +25,9 @@ owner=root group=squid setype=squid_conf_t - notify: reload squid - -- name: ensure squid cache directory exists - command: - /usr/sbin/squid -N -z -F -f /etc/squid/squid.conf - creates={{ squid_cache_dir }}/00 + notify: + - initialize squid cache directories + - reload squid - meta: flush_handlers - name: ensure squid service starts at boot @@ -46,3 +46,6 @@ immediate=yes state=enabled notify: save firewalld configuration + when: host_uses_firewalld|d(true) + tags: + - firewall diff --git a/roles/squid/templates/squid.conf.j2 b/roles/squid/templates/squid.conf.j2 index 66e5b30..91431b2 100644 --- a/roles/squid/templates/squid.conf.j2 +++ b/roles/squid/templates/squid.conf.j2 @@ -78,11 +78,18 @@ maximum_object_size {{ squid_max_object_size }} cache_replacement_policy {{ squid_cache_replacement_policy }} # Uncomment and adjust the following to add a disk cache directory. -cache_dir {{ squid_cache_dir_type }} {{ squid_cache_dir }} {{ squid_cache_dir_max_size }} {{ squid_cache_dir_l1 }} {{ squid_cache_dir_l2 }} +{% if squid_cache_dir is not defined %} +#cache_dir ufs /var/spool/squid 100 16 256 +{% else %} +{% for item in squid_cache_dir %} +cache_dir {{ item }} +{% endfor %} +{% endif %} # Leave coredumps in the first cache dir coredump_dir /var/spool/squid +{% if squid_refresh_pattern is not defined %} # Never cache objects from internal servers refresh_pattern \.{{ ansible_domain|replace('.', '\\.') }} 0 0% 0 # Never cache Yum repository metadata files @@ -94,3 +101,8 @@ refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 +{% else %} +{% for pattern in squid_refresh_pattern %} +refresh_pattern {{ pattern }} +{% endfor %} +{% endif %}