diff --git a/roles/lmn_vm/files/usersquid.service b/roles/lmn_vm/files/usersquid.service new file mode 100644 index 0000000..bae6d11 --- /dev/null +++ b/roles/lmn_vm/files/usersquid.service @@ -0,0 +1,10 @@ +[Unit] +Description=Run squid in usermode using user kerberos ticket + +[Service] +Type=simple +ExecStart=/usr/local/bin/startusersquid.sh +Restart=on-failure + +#[Install] +#WantedBy=default.target diff --git a/roles/lmn_vm/files/vm-run b/roles/lmn_vm/files/vm-run index 8c4355d..1200b39 100755 --- a/roles/lmn_vm/files/vm-run +++ b/roles/lmn_vm/files/vm-run @@ -287,11 +287,7 @@ fi VM_NAME=$1 -# check, if we have to start squid -if ! killall -s 0 squid; then - echo "starting squid." - /usr/sbin/squid -f /etc/squid/squid-usermode.conf -fi +systemctl --user restart usersquid.service & # check, if persistent VM is really wanted if [[ "${PERSISTENT}" == 1 ]] && [[ ! -f "${VM_DIR_PERSISTENT}/${VM_NAME}.qcow2" ]]; then diff --git a/roles/lmn_vm/handlers/main.yml b/roles/lmn_vm/handlers/main.yml index 6af3160..8f7c2e3 100644 --- a/roles/lmn_vm/handlers/main.yml +++ b/roles/lmn_vm/handlers/main.yml @@ -3,6 +3,11 @@ name: libvirtd.service listen: reload libvirtd +- name: Just force systemd to reread configs + ansible.builtin.systemd_service: + daemon_reload: true + listen: daemon reload + - name: Run update-desktop-database command: update-desktop-database "{{ item }}" loop: diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml index 5a7e004..6145959 100644 --- a/roles/lmn_vm/tasks/main.yml +++ b/roles/lmn_vm/tasks/main.yml @@ -147,9 +147,25 @@ - name: Deploy squid user mode configuration template: - src: squid-usermode.conf.j2 - dest: /etc/squid/squid-usermode.conf + src: "{{ item }}.j2" + dest: "/etc/squid/{{ item }}" mode: '0644' + loop: + - squid-usermode.conf + - squid-usermode-external.conf + +- name: Deploy startusersquid script + template: + src: startusersquid.sh.j2 + dest: /usr/local/bin/startusersquid.sh + mode: '0755' + notify: daemon reload + +- name: Provide usersquid service + copy: + src: usersquid.service + dest: /etc/systemd/user/usersquid.service + mode: 0644 - name: Deploy sudo configurations copy: diff --git a/roles/lmn_vm/templates/squid-usermode-external.conf.j2 b/roles/lmn_vm/templates/squid-usermode-external.conf.j2 new file mode 100644 index 0000000..ba1b2c7 --- /dev/null +++ b/roles/lmn_vm/templates/squid-usermode-external.conf.j2 @@ -0,0 +1,11 @@ +acl local-servers dstdomain .{{ domain }} +cache_peer firewall.{{ domain }} parent 3128 0 no-query default login=NEGOTIATE auth-no-keytab +never_direct deny local-servers +always_direct allow all +#access_log stdio:/tmp/access.log squid +access_log none +cache_log /dev/null +logfile_rotate 0 +pid_filename none +http_port 192.168.122.1:3128 +http_access allow all diff --git a/roles/lmn_vm/templates/squid-usermode.conf.j2 b/roles/lmn_vm/templates/squid-usermode.conf.j2 index ba1b2c7..586dbb1 100644 --- a/roles/lmn_vm/templates/squid-usermode.conf.j2 +++ b/roles/lmn_vm/templates/squid-usermode.conf.j2 @@ -1,7 +1,7 @@ acl local-servers dstdomain .{{ domain }} cache_peer firewall.{{ domain }} parent 3128 0 no-query default login=NEGOTIATE auth-no-keytab never_direct deny local-servers -always_direct allow all +never_direct allow all #access_log stdio:/tmp/access.log squid access_log none cache_log /dev/null