Ansible Pilot

Deploy a proxy server squid on RedHat-like systems - Ansible modules yum, template, service and firewalld

How to automate the configuration of squid proxy server on Red Hat like target Linux system installing the packages, set the configuration files, run the service immediately and after boot and open the relevant firewall port. RedHat Enterprise Linux, CentOS, CentOS Stream, Fedora, ClearOS, Oracle Linux, EuroLinux, Fermi Linux, EulerOS, ROSA Linux, Springdale Linux, Asianux

February 18, 2022
Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

How to deploy a proxy server squid on RedHat-like systems with Ansible?

I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

Deploy a proxy server squid on RedHat-like

Today we’re talking about how to deploy a proxy server squid on RedHat-like Linux systems. The full process requires four steps that you could automate with different Ansible modules. Firstly you need to install the squid package and dependency using the ansible.builtin.yum Ansible module. Secondly, you need to create the custom configuration with the ansible.builtin.template Ansible module. Thirsty you need to start the squid service and enable it on boot and all the dependant using the ansible.builtin.service Ansible module. Fourthly you need to open the relevant firewall service-related ports using the ansible.posix.firewalld Ansible module.

The Best Resources For Ansible

Video Course

Books

demo

Deploy a proxy server squid on RedHat-like with Ansible Playbook.

code

---
- name: setup proxy
  hosts: all
  become: true
  vars:
    squid_port: 3128
    localnet: "192.168.0.0/24"
  tasks:
    - name: squid installed
      ansible.builtin.yum:
        name: squid
        state: latest
    - name: squid configuration
      ansible.builtin.template:
        src: "templates/squid.conf.j2"
        dest: "/etc/squid/squid.conf"
    - name: squid service enabled
      ansible.builtin.service:
        name: squid
        enabled: true
        state: started
    - name: open firewall
      ansible.posix.firewalld:
        port: "{{ squid_port }}/tcp"
        state: enabled
        immediate: true
        permanent: true
acl localnet src {{ localnet }}
acl SSL_ports port 443
acl CONNECT method CONNECT
acl Safe_ports port 21
acl Safe_ports port 80
acl Safe_ports port 443
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port {{ squid_port }}
coredump_dir /var/spool/squid 10000 16 256
refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .  0 20% 4320

execution

ansible-pilot $ ansible-playbook -i virtualmachines/proxy/inventory services/proxy_redhat.yml
PLAY [setup proxy] ********************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [proxy.example.com]
TASK [squid installed] ****************************************************************************
changed: [proxy.example.com]
TASK [squid configuration] ************************************************************************
changed: [proxy.example.com]
TASK [squid service enabled] **********************************************************************
changed: [proxy.example.com]
TASK [open firewall] ******************************************************************************
changed: [proxy.example.com]
PLAY RECAP ****************************************************************************************
proxy.example.com          : ok=5    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

idempotency

ansible-pilot $ ansible-playbook -i virtualmachines/proxy/inventory services/proxy_redhat.yml
PLAY [setup proxy] ********************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [proxy.example.com]
TASK [squid installed] ****************************************************************************
ok: [proxy.example.com]
TASK [squid configuration] ************************************************************************
ok: [proxy.example.com]
TASK [squid service enabled] **********************************************************************
ok: [proxy.example.com]
TASK [open firewall] ******************************************************************************
ok: [proxy.example.com]
PLAY RECAP ****************************************************************************************
proxy.example.com          : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

before execution

ansible-pilot $ ssh [email protected]
Last login: Fri Feb 18 11:25:15 2022 from 192.168.0.59
[[email protected] ~]$ sudo su
[[email protected] devops]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
[[email protected] devops]# dnf list installed squid
Waiting for process with pid 5699 to finish.
Error: No matching Packages to list
[[email protected] devops]# rpm -qa | grep squid
[[email protected] devops]# cat /etc/squid/squid.conf
cat: /etc/squid/squid.conf: No such file or directory
[[email protected] devops]# exit
exit
[[email protected] ~]$ exit
logout
Connection to proxy.example.com closed.
ansible-pilot $ curl -O -L "https://www.ansiblepilot.com/index.html" -x "proxy.example.com:3128"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to proxy.example.com port 3128: Connection refused
ansible-pilot $

after execution

ansible-pilot $ ssh [email protected]
Last login: Fri Feb 18 11:29:25 2022 from 192.168.0.59
[[email protected] ~]$ sudo su
[[email protected] devops]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
[[email protected] devops]# dnf list installed squid
Updating Subscription Management repositories.
Installed Packages
squid.x86_64        7:4.15-1.module+el8.5.0+11469+24c223d9        @rhel-8-for-x86_64-appstream-rpms
[[email protected] devops]# rpm -qa | grep squid
squid-4.15-1.module+el8.5.0+11469+24c223d9.x86_64
[[email protected] devops]# cat /etc/squid/squid.conf
acl localnet src 192.168.0.0/24
acl SSL_ports port 443
acl CONNECT method CONNECT
acl Safe_ports port 21
acl Safe_ports port 80
acl Safe_ports port 443
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid 10000 16 256
refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .  0 20% 4320
[[email protected] devops]# ls -al /var/spool/squid/
total 0
drwxr-x---. 2 squid squid  6 Jun 18  2021 .
drwxr-xr-x. 9 root  root  97 Feb 18 11:17 ..
[[email protected] devops]# exit
exit
[[email protected] ~]$ exit
logout
Connection to proxy.example.com closed.
ansible-pilot $ curl -O -L "https://www.ansiblepilot.com/index.html" -x "proxy.example.com:3128"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 49405    0 49405    0     0  49306      0 --:--:--  0:00:01 --:--:-- 49306
ansible-pilot $ less index.html 
ansible-pilot $ rm index.html
ansible-pilot $ ssh [email protected]
Last login: Fri Feb 18 11:29:54 2022 from 192.168.0.59
[[email protected] ~]$ sudo su
[[email protected] devops]# cat /var/log/squid/access.log 
1645183932.399   1002 192.168.0.59 TCP_TUNNEL/200 53662 CONNECT www.ansiblepilot.com:443 - HIER_DIRECT/172.67.206.66 -
[[email protected] devops]#

code with ❤️ in GitHub

Recap

Now you know how to deploy a proxy server squid on RedHat-like with Ansible. Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 200+ Ansible code

Want to keep this project going? Please donate

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons
Trustpilot
Follow me

Subscribe not to miss any new releases

FREE Top 10 Best Practices

Top 10 Best Practices of Ansible Automation: save time, reduce errors and stress