external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge branch 'iiab:master' into master

Browse source
This commit is contained in:
lemueldsouza 2021-08-17 22:24:28 +05:30 committed by GitHub
commit 587d44568e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
roles/network/tasks/squid.yml
View file

@ -14,11 +14,15 @@
state: stopped state: stopped
when: squid_installed is undefined when: squid_installed is undefined
- name: Create Squid user:group '{{ proxy_user }}' to own /library/cache # 2021-08-17: This stanza is gratuitous on most distros, where the user 'proxy'
# or 'squid' is preinstalled (typically with UID and GID 13 in /etc/passwd) but
# let's be sure, as distro internals / favorite distros change without warning.
- name: Ensure Linux user:group '{{ proxy_user }}:{{ proxy_user }}' exists, to own /library/cache -- and for recent versions of /usr/lib/systemd/system/squid.service that use 'Group=proxy'
user: user:
name: "{{ proxy_user }}" # proxy (or 'squid' on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml) name: "{{ proxy_user }}" # proxy (or 'squid' on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml)
createhome: False group: "{{ proxy_user }}"
shell: /bin/false create_home: False
shell: /bin/false # UNIX norm should work across all distros, overriding Debian/Ubuntu norm /usr/sbin/nologin
# 2021-08-16: Squid runs as 'nobody' when started as root: # 2021-08-16: Squid runs as 'nobody' when started as root:
# http://www.squid-cache.org/Doc/config/cache_effective_user/ # http://www.squid-cache.org/Doc/config/cache_effective_user/

2
roles/network/templates/squid/squid.conf.j2
View file

@ -14,7 +14,7 @@ http_access deny manager
# 2021-08-16: Squid's auto-creation of cache_dir (or the old way, 'squid -z') # 2021-08-16: Squid's auto-creation of cache_dir (or the old way, 'squid -z')
# don't work well in recent years. So we do it manually, as explained here: # don't work well in recent years. So we do it manually, as explained here:
# https://github.com/iiab/iiab/blob/master/roles/network/tasks/squid.yml#L17-L41 # https://github.com/iiab/iiab/blob/master/roles/network/tasks/squid.yml#L17-L45
# Where is the cache stored on disk? http://www.squid-cache.org/Doc/config/cache_dir/ # Where is the cache stored on disk? http://www.squid-cache.org/Doc/config/cache_dir/
# #