Version information
This version is compatible with:
- Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.6.1 < 5.0.0
- , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'puppet-squid', '0.5.0'
Learn more about managing modules with a PuppetfileDocumentation
Puppet module for Squid
Description
Puppet module for configuring the squid caching service.
Usage
The set up a simple squid server with a cache to forward http port 80 requests.
class{'::squid':}
squid::acl{'Safe_ports':
type => port,
entries => ['80'],
}
squid::http_access{'Safe_ports':
action => allow,
}
squid::http_access{'!Safe_ports':
action => deny,
}
Parameters for squid Class
Parameters to the squid class almost map 1 to 1 to squid.conf parameters themselves.
ensure_service
The ensure value of the squid service, defaults torunning
.enable_service
The enable value of the squid service, defaults totrue
.config
Location of squid.conf file, defaults to/etc/squid/squid.conf
.config_user
user which owns the config file, default depends on$operatingsystem
config_group
group which owns the config file, default depends on$operatingsystem
daemon_user
user which runs the squid daemon, this is used for ownership of the cache directory, default depends on$operatingsystem
daemon_group
group which runs the squid daemon, this is used for ownership of the cache directory, default depends on$operatingsystem
cache_mem
defaults to256 MB
. cache_mem docs.memory_cache_shared
defaults to undef. memory_cache_shared docs.maximum_object_size_in_memory
defaults to512 KB
. maximum_object_size_in_memory docsaccess_log
defaults todaemon:/var/logs/squid/access.log squid
. access_log docscoredump_dir
defaults to undef. coredump_dir docs.package_name
name of the squid package to manage, default depends on$operatingsystem
service_name
name of the squid service to manage, default depends on$operatingsystem
max_filedescriptors
defaults to undef. max_filedescriptors docs.workers
defaults to undef. workers docs.acls
defaults to undef. If you pass in a hash of acl entries, they will be defined automatically. acl entries.http_access
defaults to undef. If you pass in a hash of http_access entries, they will be defined automatically. http_access entries.http_ports
defaults to undef. If you pass in a hash of http_port entries, they will be defined automatically. http_port entries.https_ports
defaults to undef. If you pass in a hash of https_port entries, they will be defined automatically. https_port entries.icp_access
defaults to undef. If you pass in a hash of icp_access entries, they will be defined automatically. icp_access entries.snmp_ports
defaults to undef. If you pass in a hash of snmp_port entries, they will be defined automatically. snmp_port entries.cache_dirs
defaults to undef. If you pass in a hash of cache_dir entries, they will be defined automatically. cache_dir entries.ssl_bump
defaults to undef. If you pass in a hash of ssl_bump entries, they will be defined automatically. ssl_bump entries.sslproxy_cert_error
defaults to undef. If you pass in a hash of sslproxy_cert_error entries, they will be defined automatically. sslproxy_cert_error entries.extra_config_sections
defaults to empty hash. If you pass in a hash ofextra_config_section
resources, they will be defined automatically.
class{'::squid':
cache_mem => '512 MB',
workers => 3,
coredump_dir => '/var/spool/squid',
}
class{'::squid':
cache_mem => '512 MB',
workers => 3,
coredump_dir => '/var/spool/squid',
acls => { 'remote_urls' => {
type => 'url_regex',
entries => ['http://example.org/path',
'http://example.com/anotherpath'],
},
},
http_access => { 'our_networks hosts' => { action => 'allow', },
http_ports => { '10000' => { options => 'accel vhost'} },
snmp_ports => { '1000' => { process_number => 3 },
cache_dirs => { '/data/' => { type => 'ufs', options => '15000 32 256 min-size=32769', process_number => 2 }},
}
The acls, http_access, http_ports, snmp_port, cache_dirs lines above are equivalent to their examples below.
Defined Type squid::acl
Defines acl entries for a squid server.
squid::acl{'remote_urls':
type => 'url_regex',
entries => ['http://example.org/path',
'http://example.com/anotherpath'],
}
would result in a multi entry squid acl
acl remote_urls url_regex http://example.org/path
acl remote_urls url_regex http://example.com/anotherpath
These may be defined as a hash passed to ::squid
Parameters for Type squid::acl
type
The acltype of the acl, must be defined, e.g url_regex, urlpath_regex, port, ..aclname
The name of acl, defaults to thetitle
.entries
An array of acl entries, multiple members results in multiple lines in squid.conf.order
Each ACL has an order05
by default this can be specified if order of ACL definition matters.
Defined Type squid::cache_dir
Defines cache_dir entries for a squid server.
squid::cache_dir{'/data':
type => 'ufs',
options => '15000 32 256 min-size=32769',
process_number => 2,
}
Results in the squid configuration of
if ${processor} = 2
cache_dir ufs 15000 32 256 min-size=32769
endif
Parameters for Type squid::cache_dir
type
the type of cache, e.g ufs. defaults toufs
.path
defaults to the namevar, file path to cache.options
String of options for the cache. Defaults to empty string.process_number
if specfied as an integer the cache will be wrapped in aif $proceess_number
statement so the cache will be used by only one process. Default is undef.
Defined Type squid::http_access
Defines http_access entries for a squid server.
squid::http_access{'our_networks hosts':
action => 'allow',
}
Adds a squid.conf line
# http_access fragment for out_networks hosts
http_access allow our_networks hosts
squid::http_access{'our_networks hosts':
action => 'allow',
comment => 'Our networks hosts are allowed',
}
Adds a squid.conf line
# Our networks hosts are allowed
http_access allow our_networks hosts
These may be defined as a hash passed to ::squid
Defined Type squid::icp_access
Defines icp_access entries for a squid server.
squid::icp_access{'our_networks hosts':
action => 'allow',
}
Adds a squid.conf line
icp_access allow our_networks hosts
These may be defined as a hash passed to ::squid
Parameters for Type squid::http_allow
value
defaults to thenamevar
the rule to allow or deny.action
must bedeny
orallow
. By default it is allow. The squid.conf file is ordered so by default all allows appear before all denys. This can be overidden with theorder
parameter.order
by default is05
Defined Type Squid::Http_port
Defines http_port entries for a squid server.
By setting optional ssl
parameter to true
will create https_port entries instead.
squid::http_port{'10000':
options => 'accel vhost'
}
squid::http_port{'10001':
ssl => true,
options => 'cert=/etc/squid/ssl_cert/server.cert key=/etc/squid/ssl_cert/server.key'
}
Results in a squid configuration of
http_port 10000 accel vhost
https_port 10001 cert=/etc/squid/ssl_cert/server.cert key=/etc/squid/ssl_cert/server.key
Parameters for Type squid::http_port
port
defaults to the namevar and is the port number.options
A string to specify any options for the default. By default and empty string.ssl
A boolean. When set totrue
creates https_port entries. Defaults tofalse
.
Defined Type Squid::Https_port
Defines https_port entries for a squid server.
As an alternative to using the Squid::Http_port defined type with ssl
set to true
, you can use this type instead. The result is the same. Internally this type uses Squid::Http_port to create the configuration entries.
Parameters for Type squid::https_port
port
defaults to the namevar and is the port number.options
A string to specify any options to add to the https_port line. Defaults to an empty string.
Defined Type Squid::Snmp_port
Defines snmp_port entries for a squid server.
squid::snmp_port{'1000':
process_number => 3
}
Results in a squid configuration of
if ${process_number} = 3
snmp_port 1000
endif
Parameters for Type squid::http_port
port
defaults to the namevar and is the port number.options
A string to specify any options for the default. By default and empty string.process_number
If set to and integer the snmp_port is enabled only for a particular squid thread. Defaults to undef.
Defined Type squid::auth_param
Defines auth_param entries for a squid server.
squid::auth_param{ 'basic auth_param':
scheme => 'basic',
entries => ['program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd',
'children 5',
'realm Squid Basic Authentication',
'credentialsttl 5 hours'],
}
would result in multi entry squid auth_param
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 5 hours
These may be defined as a hash passed to ::squid
Parameters for Type squid::auth_param
scheme
the scheme used for authentication must be definedentries
An array of entries, multiple members results in multiple lines in squid.conforder
by default is '40'
Defined Type squid::ssl_bump
Defines ssl_bump entries for a squid server.
squid::ssl_bump{'all':
action => 'bump',
}
Adds a squid.conf line
ssl_bump bump all
These may be defined as a hash passed to ::squid
Parameters for Type squid::ssl_bump
value
The type of the ssl_bump, must be defined, e.g bump, peek, ..action
The name of acl, defaults tobump
.order
by default is05
Defined Type squid::sslproxy_cert_error
Defines sslproxy_cert_error entries for a squid server.
squid::sslproxy_cert_error{'all':
action => 'allow',
}
Adds a squid.conf line
sslproxy_cert_error allow all
These may be defined as a hash passed to ::squid
Parameters for Type squid::sslproxy_cert_error
value
defaults to thenamevar
the rule to allow or deny.action
must bedeny
orallow
. By default it is allow. The squid.conf file is ordered so by default all allows appear before all denys. This can be overidden with theorder
parameter.order
by default is05
Defined Type squid::extra_config_section
Squid has a large number of configuration directives. Not all of these have been exposed individually in this module. For those that haven't, the extra_config_section
defined type can be used.
squid::extra_config_section {'mail settings':
order => '60',
config_entries => {
'mail_from' => 'squid@example.com',
'mail_program' => 'mail',
},
}
Results in a squid configuration of
# mail settings
mail_from squid@example.com
mail_program mail
Parameters for Type squid::extra_config_section
comment
defaults to the namevar and is used as a section comment insquid.conf
.config_entries
A hash of configuration entries to create in this section. The hash key is the name of the configuration directive. The value is either a string, or an array of strings to use as the configuration directive options.order
by default is '60'. It can be used to configure where insquid.conf
this configuration section should occur.
Changelog
2017-03-30 - Release 0.5.0
- Add beaker acceptance tests
- An optional $comment param for http_access and acl (#47)
- Add support for freebsd
2017-01-12 - Release 0.4.0
Last release with Puppet 3 support!
- Fix minor syntax issue in README example code
- rubocop: fix RSpec/ImplicitExpect
- adds logformat directive to squid.conf header
- adds test for ::logformat parameter
- Added ssl_bump and sslproxy_cert_error support
- Added support for icp_access Squid conf setting
- Fix ordering issue with missing squid user for cache_dir
2016-09-19 - Release 0.3.0
- Add
https_port
defined type. - Add
extra_config_section
permits extra random configuration. - The
auth_params
defintions now appear before ACLs as it should. - New parameters to specify owner of configuration, daemon name and executer to control cache directory.
- Addition of debian and ubuntu support.
2016-06-01 - Release 0.2.2
- Correct documentation examples.
2016-06-01 - Release 0.2.1
- All defined types can now be loaded as a hash to init and so can be loaded easily from hiera. e.g
class{'squid:
http_ports => {'10000' => { options => 'accel vhost'},
'3000' => {},
}
2016-04-18 - Release 0.1.1
- Add tags to module metadata.
2016-04-13 - Release 0.1.0
Dependencies
- puppetlabs-concat (>= 1.2.5 < 3.0.0)
- puppetlabs-stdlib (>= 4.6.0 < 5.0.0)
Puppet Squid Module Copyright (C) 2016 CERN Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.