X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/90a349e0bc558441e65156eabb585c578d93fbfd..c451a92d76bd7ec60a20ad8d2b578c947ba3d499:/cookbooks/squid/recipes/default.rb

diff --git a/cookbooks/squid/recipes/default.rb b/cookbooks/squid/recipes/default.rb
index 54e6e4af4..484f24e6b 100644
--- a/cookbooks/squid/recipes/default.rb
+++ b/cookbooks/squid/recipes/default.rb
@@ -8,7 +8,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,6 +17,30 @@
 # limitations under the License.
 #
 
+if node[:squid][:version] == "3"
+  apt_package "squid" do
+    action :unlock
+  end
+
+  apt_package "squid-common" do
+    action :unlock
+  end
+
+  package "squid" do
+    action :remove
+    only_if "dpkg-query -W squid | fgrep -q 2."
+  end
+
+  package "squid-common" do
+    action :remove
+    only_if "dpkg-query -W squid-common | fgrep -q 2."
+  end
+
+  file "/store/squid/coss-01" do
+    action :delete
+  end
+end
+
 package "squid"
 package "squidclient"
 
@@ -40,21 +64,39 @@ directory "/etc/squid/squid.conf.d" do
   mode 0o755
 end
 
+if node[:squid][:cache_dir] =~ /^coss (\S+) /
+  cache_dir = File.dirname(Regexp.last_match(1))
+elsif node[:squid][:cache_dir] =~ /^\S+ (\S+) /
+  cache_dir = Regexp.last_match(1)
+end
+
+directory cache_dir do
+  owner "proxy"
+  group "proxy"
+  mode 0o750
+  recursive true
+end
+
+systemd_tmpfile "/var/run/squid" do
+  type "d"
+  owner "proxy"
+  group "proxy"
+  mode "0755"
+end
+
 systemd_service "squid" do
   description "Squid caching proxy"
   after ["network.target", "nss-lookup.target"]
+  type "forking"
   limit_nofile 65536
-  environment "SQUID_ARGS" => "-D"
-  environment_file "/etc/default/squid"
-  exec_start_pre "/usr/sbin/squid $SQUID_ARGS -z"
-  exec_start "/usr/sbin/squid -N $SQUID_ARGS"
+  exec_start_pre "/usr/sbin/squid -N -z"
+  exec_start "/usr/sbin/squid"
   exec_reload "/usr/sbin/squid -k reconfigure"
   exec_stop "/usr/sbin/squid -k shutdown"
   private_tmp true
   private_devices true
   protect_system "full"
   protect_home true
-  no_new_privileges true
   restart "on-failure"
   timeout_sec 0
 end
@@ -85,3 +127,7 @@ munin_plugin "squid_icp"
 munin_plugin "squid_objectsize"
 munin_plugin "squid_requests"
 munin_plugin "squid_traffic"
+
+Dir.glob("/var/log/squid/zere.log*") do |log|
+  File.unlink(log)
+end