Deploy Squid Proxy on RedHat Systems with Ansible

Name: Ansible Automation Platform By Example
Author: Luca Berton

Learn to deploy and configure a Squid proxy server on RedHat-like systems using Ansible. Follow our step-by-step guide with simple Ansible code examples.

Deploy Squid Proxy on RedHat Systems with Ansible

February 18, 2022
Posted by Luca Berton
ansible, server, linux, proxy, squid, web, RHEL, CentOS, CentOS Stream, Fedora, yum, dnf, template, service, firewalld

How to deploy a proxy server squid on RedHat-like systems with Ansible?

I’m going to show you a live Playbook with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

Deploy a proxy server squid on RedHat-like

install packages => ansible.builtin.yum
configuration => ansible.builtin.template
start service => ansible.builtin.service
open firewall => ansible.posix.firewalld

Today we’re talking about how to deploy a proxy server squid on RedHat-like Linux systems. The full process requires four steps that you could automate with different Ansible modules. Firstly you need to install the squid package and dependency using the ansible.builtin.yum Ansible module. Secondly, you need to create the custom configuration with the ansible.builtin.template Ansible module. Thirsty you need to start the squid service and enable it on boot and all the dependant using the ansible.builtin.service Ansible module. Fourthly you need to open the relevant firewall service-related ports using the ansible.posix.firewalld Ansible module.

Join 50+ hours of courses in our exclusive community

Playbook

Deploy a proxy server squid on RedHat-like with Ansible Playbook.

code

proxy_redhat.yml

---
- name: setup proxy
  hosts: all
  become: true
  vars:
    squid_port: 3128
    localnet: "192.168.0.0/24"
  tasks:
    - name: squid installed
      ansible.builtin.yum:
        name: squid
        state: latest
    - name: squid configuration
      ansible.builtin.template:
        src: "templates/squid.conf.j2"
        dest: "/etc/squid/squid.conf"
    - name: squid service enabled
      ansible.builtin.service:
        name: squid
        enabled: true
        state: started
    - name: open firewall
      ansible.posix.firewalld:
        port: "{{ squid_port }}/tcp"
        state: enabled
        immediate: true
        permanent: true

templates/squid.conf.j2

acl localnet src {{ localnet }}
acl SSL_ports port 443
acl CONNECT method CONNECT
acl Safe_ports port 21
acl Safe_ports port 80
acl Safe_ports port 443
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port {{ squid_port }}
coredump_dir /var/spool/squid 10000 16 256
refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .  0 20% 4320

execution

ansible-pilot $ ansible-playbook -i virtualmachines/proxy/inventory services/proxy_redhat.yml
PLAY [setup proxy] ********************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [proxy.example.com]
TASK [squid installed] ****************************************************************************
changed: [proxy.example.com]
TASK [squid configuration] ************************************************************************
changed: [proxy.example.com]
TASK [squid service enabled] **********************************************************************
changed: [proxy.example.com]
TASK [open firewall] ******************************************************************************
changed: [proxy.example.com]
PLAY RECAP ****************************************************************************************
proxy.example.com          : ok=5    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

idempotency

ansible-pilot $ ansible-playbook -i virtualmachines/proxy/inventory services/proxy_redhat.yml
PLAY [setup proxy] ********************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [proxy.example.com]
TASK [squid installed] ****************************************************************************
ok: [proxy.example.com]
TASK [squid configuration] ************************************************************************
ok: [proxy.example.com]
TASK [squid service enabled] **********************************************************************
ok: [proxy.example.com]
TASK [open firewall] ******************************************************************************
ok: [proxy.example.com]
PLAY RECAP ****************************************************************************************
proxy.example.com          : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

before execution

ansible-pilot $ ssh [email protected]
Last login: Fri Feb 18 11:25:15 2022 from 192.168.0.59
[devops@proxy ~]$ sudo su
[root@proxy devops]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
[root@proxy devops]# dnf list installed squid
Waiting for process with pid 5699 to finish.
Error: No matching Packages to list
[root@proxy devops]# rpm -qa | grep squid
[root@proxy devops]# cat /etc/squid/squid.conf
cat: /etc/squid/squid.conf: No such file or directory
[root@proxy devops]# exit
exit
[devops@proxy ~]$ exit
logout
Connection to proxy.example.com closed.
ansible-pilot $ curl -O -L "https://www.ansiblepilot.com/index.html" -x "proxy.example.com:3128"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to proxy.example.com port 3128: Connection refused
ansible-pilot $

after execution

ansible-pilot $ ssh [email protected]
Last login: Fri Feb 18 11:29:25 2022 from 192.168.0.59
[devops@proxy ~]$ sudo su
[root@proxy devops]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
[root@proxy devops]# dnf list installed squid
Updating Subscription Management repositories.
Installed Packages
squid.x86_64        7:4.15-1.module+el8.5.0+11469+24c223d9        @rhel-8-for-x86_64-appstream-rpms
[root@proxy devops]# rpm -qa | grep squid
squid-4.15-1.module+el8.5.0+11469+24c223d9.x86_64
[root@proxy devops]# cat /etc/squid/squid.conf
acl localnet src 192.168.0.0/24
acl SSL_ports port 443
acl CONNECT method CONNECT
acl Safe_ports port 21
acl Safe_ports port 80
acl Safe_ports port 443
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid 10000 16 256
refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern .  0 20% 4320
[root@proxy devops]# ls -al /var/spool/squid/
total 0
drwxr-x---. 2 squid squid  6 Jun 18  2021 .
drwxr-xr-x. 9 root  root  97 Feb 18 11:17 ..
[root@proxy devops]# exit
exit
[devops@proxy ~]$ exit
logout
Connection to proxy.example.com closed.
ansible-pilot $ curl -O -L "https://www.ansiblepilot.com/index.html" -x "proxy.example.com:3128"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 49405    0 49405    0     0  49306      0 --:--:--  0:00:01 --:--:-- 49306
ansible-pilot $ less index.html 
ansible-pilot $ rm index.html
ansible-pilot $ ssh [email protected]
Last login: Fri Feb 18 11:29:54 2022 from 192.168.0.59
[devops@proxy ~]$ sudo su
[root@proxy devops]# cat /var/log/squid/access.log 
1645183932.399   1002 192.168.0.59 TCP_TUNNEL/200 53662 CONNECT www.ansiblepilot.com:443 - HIER_DIRECT/172.67.206.66 -
[root@proxy devops]#

code with ❤️ in GitHub

Conclusion

Now you know how to deploy a proxy server squid on RedHat-like with Ansible. Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Donate

Want to keep this project going? Please donate

Patreon Buy me a Pizza