From 8395d9d7360b2c3f4c42cd3151b09de79d7dbfab Mon Sep 17 00:00:00 2001 From: Uwe Kretschmer Date: Fri, 16 Dec 2016 14:21:29 +0100 Subject: [PATCH 1/2] Using base parameter of grains.filter_by enables less reduntant configuration. --- squid/map.jinja | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/squid/map.jinja b/squid/map.jinja index 154d5b5..1111268 100644 --- a/squid/map.jinja +++ b/squid/map.jinja @@ -1,3 +1,5 @@ +{# All default values are defined in the 'Ubuntu' section. It is set as base, therefor only +different values has to be set for other operating systems. This lowers configuration redundancy. #} {% set map = salt['grains.filter_by']({ 'Ubuntu': { 'pkgs': ['squid'], @@ -10,14 +12,9 @@ 'pkgs': ['squid3'], 'service': 'squid3', 'conf_dir': '/etc/squid3', - 'conf_file': 'squid.conf', - 'cache': '/var/spool/squid', }, 'FreeBSD': { - 'pkgs': ['squid'], - 'service': 'squid', 'conf_dir': '/usr/local/etc/squid', - 'conf_file': 'squid.conf', 'cache': '/var/squid/cache', }, -}, grain='os', merge=salt['pillar.get']('squid:lookup')) %} +}, grain='os', merge=salt['pillar.get']('squid:lookup'), base='Ubuntu') %} From 64f2437d596984c31060aae7f58c9ce467355f2f Mon Sep 17 00:00:00 2001 From: Uwe Kretschmer Date: Fri, 16 Dec 2016 14:31:23 +0100 Subject: [PATCH 2/2] Moving default values of allowed_src, safe_ports and http_port to map.jinja to centralize configuration. --- squid/files/squid.conf | 6 +++--- squid/map.jinja | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/squid/files/squid.conf b/squid/files/squid.conf index 0b4e896..8859d03 100644 --- a/squid/files/squid.conf +++ b/squid/files/squid.conf @@ -9,7 +9,7 @@ # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed -{%- for src in cfg_squid.get('allowed_src', ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', 'fc00::/7', 'fe80::/10']) %} +{%- for src in cfg_squid.get('allowed_src', map.allowed_src) %} acl localnet src {{ src }} {%- endfor %} @@ -22,7 +22,7 @@ acl manager url_regex -i ^cache_object:// /squid-internal-mgr/ acl SSL_ports port 443 -{%- for port in cfg_squid.get('safe_ports', ['80', '21', '443', '70', '210', '1025-65535', '280', '488', '591', '777']) %} +{%- for port in cfg_squid.get('safe_ports', map.safe_ports) %} acl Safe_ports port {{ port }} {%- endfor %} @@ -108,7 +108,7 @@ http_access {{rule}} http_access deny all # Squid normally listens to port 3128 -{%- for http_port in cfg_squid.get('http_port', ['3128']) %} +{%- for http_port in cfg_squid.get('http_port', map.http_port) %} http_port {{http_port}} {%- endfor %} diff --git a/squid/map.jinja b/squid/map.jinja index 1111268..4a38661 100644 --- a/squid/map.jinja +++ b/squid/map.jinja @@ -7,6 +7,9 @@ different values has to be set for other operating systems. This lowers configur 'conf_dir': '/etc/squid', 'conf_file': 'squid.conf', 'cache': '/var/spool/squid', + 'allowed_src': ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', 'fc00::/7', 'fe80::/10'], + 'safe_ports': ['80', '21', '443', '70', '210', '1025-65535', '280', '488', '591', '777'], + 'http_port': ['3128'], }, 'Debian': { 'pkgs': ['squid3'],