Home Explore Help
Sign In
blaine
/
infra
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

add squid-proxy role

Blaine Story 3 years ago
parent
bcd314c632
commit
8b1451cad7
5 changed files with 80 additions and 0 deletions
Unified View Show Diff Stats
  1. 10 0
      roles/squid-proxy/handlers/main.yml
  2. 44 0
      roles/squid-proxy/tasks/main.yml
  3. 7 0
      roles/squid-proxy/templates/squid-proxy.conf.j2
  4. 9 0
      roles/squid-proxy/templates/squid.conf.j2
  5. 10 0
      roles/squid-proxy/vars/main.yml

+ 10 - 0
roles/squid-proxy/handlers/main.yml
View File 

@@ -0,0 +1,10 @@
 
+---
 
+- name: Restart squid
 
+  systemd:
 
+    name: squid
 
+    state: restarted
 
+
 
+- name: Restart nginx
 
+  systemd:
 
+    name: nginx
 
+    state: restarted

+ 44 - 0
roles/squid-proxy/tasks/main.yml
View File 

@@ -0,0 +1,44 @@
 
+---
 
+- name: Ensure packages are installed
 
+  yum:
 
+    name:
 
+      - nginx
 
+      - squid
 
+
 
+- name: Configure squid
 
+  template:
 
+    src: squid.conf.j2
 
+    dest: /etc/squid/squid.conf
 
+    owner: root
 
+    group: root
 
+    mode: '0644'
 
+  notify:
 
+   - Restart squid
 
+
 
+- name: Configure nginx
 
+  template:
 
+    src: squid-proxy.conf.j2
 
+    dest: /etc/nginx/default.d/squid-proxy.conf
 
+    owner: root
 
+    group: root
 
+    mode: '0644'
 
+  notify:
 
+    - Restart nginx
 
+
 
+- name: Ensure firewall ports are opened
 
+  firewalld:
 
+    service: "{{ item }}"
 
+    permanent: yes
 
+    state: enabled
 
+  with_items:
 
+    - squid
 
+    - http
 
+
 
+- name: Ensure services are enabled
 
+  systemd:
 
+    name: "{{ item }}"
 
+    enabled: yes
 
+    state: started
 
+  with_items:
 
+    - squid
 
+    - nginx

+ 7 - 0
roles/squid-proxy/templates/squid-proxy.conf.j2
View File 

@@ -0,0 +1,7 @@
 
+{% for repo in squid_repos %}
 
+location /{{ repo.location }}/ {
 
+    proxy_pass http://localhost:3128/{{ repo.proxy_path }}/;
 
+    proxy_set_header Host $host;
 
+}
 
+
 
+{% endfor %}

+ 9 - 0
roles/squid-proxy/templates/squid.conf.j2
View File 

@@ -0,0 +1,9 @@
 
+http_port 3128 accel allow-direct defaultsite={{ squid_mirror_hostname }}
 
+cache_peer {{ squid_mirror_hostname }} parent 80 0 no-query originserver
 
+http_access allow all
 
+
 
+cache_dir ufs /var/spool/squid {{ squid_cache_gb|int * 1024 }} 16 256
 
+maximum_object_size 535388 KB
 
+range_offset_limit -1
 
+
 
+access_log /var/log/squid/access.log

+ 10 - 0
roles/squid-proxy/vars/main.yml
View File 

@@ -0,0 +1,10 @@
 
+---
 
+squid_mirror_hostname: mirrors.ocf.berkeley.edu
 
+squid_cache_gb: 10
 
+
 
+squid_repos:
 
+  - location: fedora
 
+    proxy_path: fedora/fedora
 
+
 
+  - location: rpmfusion
 
+    proxy_path: rpmfusion