r/squid: Support custom cache rules

Instead of hard-coding a single cache directory and a set of refresh
patterns, the *squid* role can now have custom cache rules defined with
the `squid_cache_dir` variable (which now takes a list of `cache_dir`
settings) and the `squid_refresh_pattern` variable (which takes a list
of refresh patterns).  If neither of these are defined, the default
configuration is used.

This is a breaking change, since `squid_cache_dir` used to refer to a
directory, and the previous default was to configure one cache path.
There are no extant users of this role, though, so it doesn't really
matter.

roles/squid/defaults/main.yml

@@ -1,8 +1,5 @@
 squid_max_object_size: 4096 MB
 squid_cache_replacement_policy: heap LFUDA
-squid_cache_dir_type: aufs
+# squid_cache_dir:
-squid_cache_dir: /var/cache/squid
+# - aufs /var/cache/squid 51200 16 256
-squid_cache_dir_max_size: 51200
-squid_cache_dir_l1: 16
-squid_cache_dir_l2: 256
 squid_access_log: syslog:daemon.info

roles/squid/handlers/main.yml

@@ -1,3 +1,7 @@
+- name: initialize squid cache directories
+  command:
+    /usr/sbin/squid -N -z -F -f /etc/squid/squid.conf
+
 - name: reload squid
   service:
     name=squid

roles/squid/tasks/main.yml

@@ -7,12 +7,15 @@
 
 - name: ensure squid cache dir exists
   file:
-    path={{ squid_cache_dir }}
+    path: '{{ item.split()[1] }}'
-    owner=squid
+    owner: squid
-    group=squid
+    group: squid
-    mode=0750
+    mode: u=rwx,g=rx,o=
-    setype=squid_cache_t
+    setype: squid_cache_t
-    state=directory
+    state: directory
+  loop: '{{ squid_cache_dir|d([]) }}'
+  notify:
+  - initialize squid cache directories
 
 - name: ensure squid is configured
   template:
@@ -22,12 +25,9 @@
     owner=root
     group=squid
     setype=squid_conf_t
-  notify: reload squid
+  notify:
-
+  - initialize squid cache directories
-- name: ensure squid cache directory exists
+  - reload squid
-  command:
-    /usr/sbin/squid -N -z -F -f /etc/squid/squid.conf
-    creates={{ squid_cache_dir }}/00
 
 - meta: flush_handlers
 - name: ensure squid service starts at boot
@@ -46,3 +46,6 @@
     immediate=yes
     state=enabled
   notify: save firewalld configuration
+  when: host_uses_firewalld|d(true)
+  tags:
+  - firewall

roles/squid/templates/squid.conf.j2

@@ -78,11 +78,18 @@ maximum_object_size {{ squid_max_object_size }}
 cache_replacement_policy {{ squid_cache_replacement_policy }}
 
 # Uncomment and adjust the following to add a disk cache directory.
-cache_dir {{ squid_cache_dir_type }} {{ squid_cache_dir }} {{ squid_cache_dir_max_size }} {{ squid_cache_dir_l1 }} {{ squid_cache_dir_l2 }}
+{% if squid_cache_dir is not defined %}
+#cache_dir ufs /var/spool/squid 100 16 256
+{% else %}
+{% for item in squid_cache_dir %}
+cache_dir {{ item }}
+{% endfor %}
+{% endif %}
 
 # Leave coredumps in the first cache dir
 coredump_dir /var/spool/squid
 
+{% if squid_refresh_pattern is not defined %}
 # Never cache objects from internal servers
 refresh_pattern \.{{ ansible_domain|replace('.', '\\.') }}	0	0%	0
 # Never cache Yum repository metadata files
@@ -94,3 +101,8 @@ refresh_pattern ^ftp:		1440	20%	10080
 refresh_pattern ^gopher:	1440	0%	1440
 refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
 refresh_pattern .		0	20%	4320
+{% else %}
+{% for pattern in squid_refresh_pattern %}
+refresh_pattern {{ pattern }}
+{% endfor %}
+{% endif %}