source "squid.conf.erb"
owner "root"
group "root"
- mode 0644
+ mode 0o644
end
template "/etc/default/squid" do
source "squid.erb"
owner "root"
group "root"
- mode 0644
+ mode 0o644
end
directory "/etc/squid/squid.conf.d" do
owner "root"
group "root"
- mode 0755
+ mode 0o755
end
-if node[:lsb][:release].to_f >= 15.10
- systemd_service "squid" do
- description "Squid caching proxy"
- after ["network.target", "nss-lookup.target"]
- limit_nofile 65536
- environment "SQUID_ARGS" => "-D"
- environment_file "/etc/default/squid"
- exec_start_pre "/usr/sbin/squid $SQUID_ARGS -z"
- exec_start "/usr/sbin/squid -N $SQUID_ARGS"
- exec_reload "/usr/sbin/squid -k reconfigure"
- exec_stop "/usr/sbin/squid -k shutdown"
- restart "on-failure"
- timeout_sec 0
- end
+systemd_service "squid" do
+ description "Squid caching proxy"
+ after ["network.target", "nss-lookup.target"]
+ limit_nofile 65536
+ environment "SQUID_ARGS" => "-D"
+ environment_file "/etc/default/squid"
+ exec_start_pre "/usr/sbin/squid $SQUID_ARGS -z"
+ exec_start "/usr/sbin/squid -N $SQUID_ARGS"
+ exec_reload "/usr/sbin/squid -k reconfigure"
+ exec_stop "/usr/sbin/squid -k shutdown"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ no_new_privileges true
+ restart "on-failure"
+ timeout_sec 0
+end
- service "squid" do
- provider Chef::Provider::Service::Systemd
- action [:enable, :start]
- supports :status => true, :restart => true, :reload => true
- subscribes :restart, "systemd_service[squid]"
- subscribes :reload, "template[/etc/squid/squid.conf]"
- subscribes :restart, "template[/etc/default/squid]"
- subscribes :reload, "template[/etc/resolv.conf]"
- end
-else
- service "squid" do
- provider Chef::Provider::Service::Upstart
- action [:enable, :start]
- supports :status => true, :restart => true, :reload => true
- subscribes :reload, "template[/etc/squid/squid.conf]"
- subscribes :restart, "template[/etc/default/squid]"
- subscribes :reload, "template[/etc/resolv.conf]"
+service "squid" do
+ action [:enable, :start]
+ subscribes :restart, "systemd_service[squid]"
+ subscribes :reload, "template[/etc/squid/squid.conf]"
+ subscribes :restart, "template[/etc/default/squid]"
+ subscribes :reload, "template[/etc/resolv.conf]"
+end
+
+log "squid-restart" do
+ message "Restarting squid due to counter wraparound"
+ notifies :restart, "service[squid]"
+ only_if do
+ IO.popen(["squidclient", "--host=127.0.0.1", "--port=80", "mgr:counters"]) do |io|
+ io.each.grep(/^[a-z][a-z_.]+ = -[0-9]+$/).count > 0
+ end
end
end
munin_plugin "squid_cache"
munin_plugin "squid_delay_pools"
+munin_plugin "squid_delay_pools_noreferer"
munin_plugin "squid_times"
munin_plugin "squid_icp"
munin_plugin "squid_objectsize"