From 89562ec46a08430f7540fcb88209a6b042cf631b Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Tue, 5 Jun 2018 20:42:23 +0100 Subject: [PATCH] Add support for squid 3.x --- cookbooks/squid/attributes/default.rb | 2 +- cookbooks/squid/recipes/default.rb | 52 +++++++++++++++++-- .../squid/templates/default/squid.conf.erb | 18 +++++++ 3 files changed, 66 insertions(+), 6 deletions(-) diff --git a/cookbooks/squid/attributes/default.rb b/cookbooks/squid/attributes/default.rb index f26853fa8..6a7c649d3 100644 --- a/cookbooks/squid/attributes/default.rb +++ b/cookbooks/squid/attributes/default.rb @@ -1,4 +1,4 @@ - +default[:squid][:version] = "2" default[:squid][:cache_mem] = "256 MB" default[:squid][:cache_dir] = "ufs /var/spool/squid 256 16 256" default[:squid][:access_log] = "/var/log/squid/access.log openstreetmap" diff --git a/cookbooks/squid/recipes/default.rb b/cookbooks/squid/recipes/default.rb index c0e240190..720c159d7 100644 --- a/cookbooks/squid/recipes/default.rb +++ b/cookbooks/squid/recipes/default.rb @@ -17,6 +17,30 @@ # limitations under the License. # +if node[:squid][:version] == "3" + package "squid" do + action :remove + only_if "dpkg-query -W squid | fgrep -q 2." + end + + package "squid-common" do + action :remove + only_if "dpkg-query -W squid-common | fgrep -q 2." + end + + apt_package "squid" do + action :unlock + end + + apt_package "squid-common" do + action :unlock + end + + file "/store/squid/coss-01" do + action :delete + end +end + package "squid" package "squidclient" @@ -40,21 +64,39 @@ directory "/etc/squid/squid.conf.d" do mode 0o755 end +if node[:squid][:cache_dir] =~ /^coss (\S+) / + cache_dir = File.dirname(Regexp.last_match(1)) +elsif node[:squid][:cache_dir] =~ /^\S+ (\S+) / + cache_dir = Regexp.last_match(1) +end + +directory cache_dir do + owner "proxy" + group "proxy" + mode 0o750 + recursive true +end + +systemd_tmpfile "/var/run/squid" do + type "d" + owner "proxy" + group "proxy" + mode "0755" +end + systemd_service "squid" do description "Squid caching proxy" after ["network.target", "nss-lookup.target"] + type "forking" limit_nofile 65536 - environment "SQUID_ARGS" => "-D" - environment_file "/etc/default/squid" - exec_start_pre "/usr/sbin/squid $SQUID_ARGS -z" - exec_start "/usr/sbin/squid -N $SQUID_ARGS" + exec_start_pre "/usr/sbin/squid -z" + exec_start "/usr/sbin/squid" exec_reload "/usr/sbin/squid -k reconfigure" exec_stop "/usr/sbin/squid -k shutdown" private_tmp true private_devices true protect_system "full" protect_home true - no_new_privileges true restart "on-failure" timeout_sec 0 end diff --git a/cookbooks/squid/templates/default/squid.conf.erb b/cookbooks/squid/templates/default/squid.conf.erb index f290f730d..b92ed1ec3 100644 --- a/cookbooks/squid/templates/default/squid.conf.erb +++ b/cookbooks/squid/templates/default/squid.conf.erb @@ -12,14 +12,23 @@ icp_port 3130 log_icp_queries off #FIXME - configurable +<% if node[:squid][:version] == "2" -%> http_port 80 accel defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 http11 +<% else -%> +http_port 80 accel defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 + +#prefer IPv4 until everything is upgraded +dns_v4_first on +<% end -%> cache_effective_user proxy cache_effective_group proxy #FIXME - configurable cache_dir <%= node[:squid][:cache_dir] %> +<% if node[:squid][:version] == "2" -%> cache_swap_log /var/spool/squid/%s +<% end -%> cache_mgr webmaster@openstreetmap.org @@ -39,7 +48,11 @@ persistent_request_timeout 1 minutes negative_ttl 15 seconds half_closed_clients off +<% if node[:squid][:version] == "2" -%> pipeline_prefetch on +<% else -%> +pipeline_prefetch 1 +<% end -%> read_timeout 90 seconds request_timeout 90 seconds @@ -84,8 +97,13 @@ http_access deny purge forwarded_for on follow_x_forwarded_for allow localhost +<% if node[:squid][:version] == "2" -%> logformat openstreetmap %ts.%03tu %tr %>a %Ss/%03Hs %h" "%{User-Agent}>h" access_log <%= node[:squid][:access_log] %> +<% else -%> +logformat openstreetmap %ts.%03tu %tr %>a %Ss/%03>Hs %rp %Sh/%h" "%{User-Agent}>h" +access_log daemon:<%= node[:squid][:access_log] %> +<% end -%> cache_log /var/log/squid/cache.log cache_store_log none buffered_logs on -- 2.39.5