external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Squid won't auto-create /library/cache, hence 'proxy_user: proxy'

Browse source
This commit is contained in:
root 2021-08-16 15:24:13 -04:00
parent a8114e65dd
commit e2bf2578e2
2 changed files with 24 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
roles/network/tasks/squid.yml
View file

@ -20,12 +20,24 @@
createhome: False createhome: False
shell: /bin/false shell: /bin/false
# 2021-08-16: Squid runs as 'nobody' when started as root:
# http://www.squid-cache.org/Doc/config/cache_effective_user/
# Much more detail here, but neither directive is recommended:
# http://www.squid-cache.org/Doc/config/cache_effective_group/
#
# So nobody:root or root:root ownership don't work for cache_dir /library/cache
#
# Squid auto-creation of cache_dir (or the old way, 'squid -z') both fail:
# "FATAL: Failed to make swap directory /library/cache: (13) Permission denied"
#
# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/network/templates/squid/squid.conf.j2#L10-L30
- name: Create Squid directory /library/cache ({{ proxy_user }}:{{ proxy_user }}, 0750) - name: Create Squid directory /library/cache ({{ proxy_user }}:{{ proxy_user }}, 0750)
file: file:
state: directory state: directory
path: /library/cache path: /library/cache
owner: "{{ proxy_user }}" # Squid runs as 'nobody' according to http://www.squid-cache.org/Doc/config/cache_effective_user/ owner: "{{ proxy_user }}"
group: "{{ proxy_user }}" # So root:root ownership doesn't work for dir /library/cache group: "{{ proxy_user }}"
mode: 0750 mode: 0750
- name: Install site allowlists/whitelists /etc/{{ proxy }}/allow_dst_domains, /etc/{{ proxy }}/allow_url_regexs from template (root:root, 0644 by default) - name: Install site allowlists/whitelists /etc/{{ proxy }}/allow_dst_domains, /etc/{{ proxy }}/allow_url_regexs from template (root:root, 0644 by default)

16
roles/network/templates/squid/squid.conf.j2
View file

@ -12,18 +12,22 @@ client_netmask 255.255.255.0
http_access allow localhost manager http_access allow localhost manager
http_access deny manager http_access deny manager
# Where is the cache stored on disk ? # 2021-08-16: Squid's auto-creation of cache_dir (or the old way, 'squid -z')
# Parameters # don't work well in recent years. So we do it manually, as explained here:
# https://github.com/iiab/iiab/blob/master/roles/network/tasks/squid.yml#L17-L41
# Where is the cache stored on disk? http://www.squid-cache.org/Doc/config/cache_dir/
#
# Type (ufs, aufs, or COSS) # Type (ufs, aufs, or COSS)
# | Where # | Where
# | | Size (in MB) # | | Size (in MB)
# | | | # | | |
# | | | L1 (directories) # | | | L1 (directories)
# | | | | L2 (directories) # | | | | L2 (directories)
# | | | | | # | | | | |
#cache_dir aufs /library/cache 20000 32 256 #cache_dir aufs /library/cache 20000 32 256
cache_dir ufs /library/cache 200 16 128 cache_dir ufs /library/cache 200 16 128
# Remove the line above IF YOU WANT SQUID'S CACHE IN MEMORY INSTEAD OF DISK # Remove the line above IF YOU WANT SQUID'S CACHE IN MEMORY INSTEAD OF DISK!
{% if gw_squid_whitelist %} {% if gw_squid_whitelist %}
#acl allow_src_ips src "/etc/squid/allow_src_ips" #acl allow_src_ips src "/etc/squid/allow_src_ips"