Skip to content

Conversation

@sjpb
Copy link
Collaborator

@sjpb sjpb commented Jun 24, 2025

  • Fixes an issue where http_access did not depend on defined ACLs for squid
  • Adds squid_auth_param to allow setting auth parameter configuration for squid

This allows configuration squid auth, e.g. for basic auth:

# environments/$ENV/inventory/group_vars/all/squid.yml:
squid_acls:
    - acl ncsa_users proxy_auth REQUIRED
squid_auth_param: |
    auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
    auth_param basic children 5
    auth_param basic credentialsttl 1 minute

See the squid docs for more information.

sjpb added a commit that referenced this pull request Jun 24, 2025
no-checks: true

# Please enter the commit message for your changes. Lines starting
# with '#' will be kept; you may remove them yourself if you want to.
# An empty message aborts the commit.
#
# Date:      Tue Jun 24 15:30:50 2025 +0000
#
# On branch feat/isolated-env-2
# Your branch is ahead of 'origin/feat/isolated-env-2' by 1 commit.
#   (use "git push" to publish your local commits)
#
# Changes to be committed:
#	modified:   ansible/roles/squid/README.md
#	modified:   ansible/roles/squid/defaults/main.yml
#	modified:   ansible/roles/squid/templates/squid.conf.j2
#
# Changes not staged for commit:
#	modified:   ansible/slurm.yml
#	modified:   environments/.stackhpc/hooks/pre.yml
#	modified:   environments/.stackhpc/inventory/group_vars/all/bastion.yml
#	modified:   environments/.stackhpc/tofu/SMS.tfvars
#	modified:   environments/.stackhpc/tofu/cluster_image.auto.tfvars.json
#	modified:   environments/.stackhpc/tofu/main.tf
#
# Untracked files:
#	NOTES-feat-isolated-env.md
#	NOTES.md
#	activate
#	ansible/image-pull.yml
#	ansible/roles/basic_users/filter_plugins/__pycache__/
#	environments/.stackhpc/SMS-steveb.pkrvars.hcl
#	environments/.stackhpc/inventory/group_vars/all/squid.yml.orig
#	environments/.stackhpc/inventory/group_vars/all/steveb_ark.yml
#	environments/.stackhpc/inventory/hosts.yml
#	environments/.stackhpc/inventory/network_groups
#	environments/.stackhpc/tofu/SMS-NO-GATEWAY.tfvars
#	environments/.stackhpc/tofu/cluster_name.auto.tfvars
#	packer/sms-build.sh
#
@sjpb sjpb changed the title Allow squid to be configured for squid Enable auth to be configured for squid Jun 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant