Disable IPv6 support in squid on machines with no IPv6

diff --git a/cookbooks/squid/recipes/default.rb b/cookbooks/squid/recipes/default.rb
index fe5077bcd68a45bbac842349f5fb020978cc5b77..e3faae46be9c2cf15ca9fbace7964a4e28d4cb67 100644 (file)
--- a/cookbooks/squid/recipes/default.rb
+++ b/cookbooks/squid/recipes/default.rb
@@ -85,6 +85,10 @@ systemd_tmpfile "/var/run/squid" do
   mode "0755"
 end
 
   mode "0755"
 end
 

+address_families = %w[AF_UNIX AF_INET]
+
+address_families << "AF_INET6" unless node.interfaces(:family => :inet6).empty?
+

 systemd_service "squid" do
   description "Squid caching proxy"
   after ["network.target", "nss-lookup.target"]
 systemd_service "squid" do
   description "Squid caching proxy"
   after ["network.target", "nss-lookup.target"]


@@ -98,6 +102,7 @@ systemd_service "squid" do
   private_devices true
   protect_system "full"
   protect_home true
   private_devices true
   protect_system "full"
   protect_home true

+  restrict_address_families address_families

   restart "on-failure"
   timeout_sec 0
 end
   restart "on-failure"
   timeout_sec 0
 end

diff --git a/cookbooks/squid/templates/default/squid.conf.erb b/cookbooks/squid/templates/default/squid.conf.erb
index 2861daa92a9d4b739a4a2c40ff2288d89c3a4899..775f5ec6cea2702248aef5624ac48dbcd2e06bd3 100644 (file)
--- a/cookbooks/squid/templates/default/squid.conf.erb
+++ b/cookbooks/squid/templates/default/squid.conf.erb
@@ -19,9 +19,6 @@ log_icp_queries off
 http_port 80 accel defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 http11
 <% else -%>
 http_port 80 accel no-vhost defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6
 http_port 80 accel defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 http11
 <% else -%>
 http_port 80 accel no-vhost defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6

-
-#prefer IPv4 until everything is upgraded
-dns_v4_first on

 <% end -%>
 
 cache_effective_user proxy
 <% end -%>
 
 cache_effective_user proxy

diff --git a/cookbooks/systemd/resources/service.rb b/cookbooks/systemd/resources/service.rb
index b01f6787ba2a547fa0de5fe7fcc46a179d20d67e..2f677f775b2eabe502af26280cdb27891113f755 100644 (file)
--- a/cookbooks/systemd/resources/service.rb
+++ b/cookbooks/systemd/resources/service.rb
@@ -57,6 +57,7 @@ property :private_devices, [TrueClass, FalseClass]
 property :private_network, [TrueClass, FalseClass]
 property :protect_system, [TrueClass, FalseClass, String]
 property :protect_home, [TrueClass, FalseClass, String]
 property :private_network, [TrueClass, FalseClass]
 property :protect_system, [TrueClass, FalseClass, String]
 property :protect_home, [TrueClass, FalseClass, String]

+property :restrict_address_families, [String, Array]

 property :no_new_privileges, [TrueClass, FalseClass]
 property :timeout_sec, Integer
 property :pid_file, String
 property :no_new_privileges, [TrueClass, FalseClass]
 property :timeout_sec, Integer
 property :pid_file, String

diff --git a/cookbooks/systemd/templates/default/service.erb b/cookbooks/systemd/templates/default/service.erb
index 9620d1c8d2760526cde080a417617db69bc6c90e..ed117c24e51932c849cce0ed0c0ea42792c4798c 100644 (file)
--- a/cookbooks/systemd/templates/default/service.erb
+++ b/cookbooks/systemd/templates/default/service.erb
@@ -93,6 +93,9 @@ ProtectSystem=<%= @protect_system %>
 <% if @protect_home -%>
 ProtectHome=<%= @protect_home %>
 <% end -%>
 <% if @protect_home -%>
 ProtectHome=<%= @protect_home %>
 <% end -%>

+<% if @restrict_address_families -%>
+RestrictAddressFamilies=<%= Array(@restrict_address_families).join(" ") %>
+<% end -%>

 <% if @no_new_privileges -%>
 NoNewPrivileges=<%= @no_new_privileges %>
 <% end -%>
 <% if @no_new_privileges -%>
 NoNewPrivileges=<%= @no_new_privileges %>
 <% end -%>