Have Squid log to /dev/stdout to stream logs to Cloud Logging (#980)

GoogleCloudPlatform · Nov 16, 2022 · df539b5 · df539b5
1 parent ea36007
commit df539b5
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 5 deletions.
diff --git a/blueprints/networking/filtering-proxy-psc/main.tf b/blueprints/networking/filtering-proxy-psc/main.tf
@@ -27,7 +27,8 @@ module "project" {
   services = [
     "dns.googleapis.com",
     "compute.googleapis.com",
-    "logging.googleapis.com"
+    "logging.googleapis.com",
+    "monitoring.googleapis.com"
   ]
 }
 

diff --git a/blueprints/networking/filtering-proxy-psc/squid.conf b/blueprints/networking/filtering-proxy-psc/squid.conf
@@ -4,6 +4,14 @@ http_port 0.0.0.0:3128 require-proxy-header
 # only proxy, don't cache
 cache deny all
 
+# redirect all logs to /dev/stdout
+logfile_rotate 0
+cache_log stdio:/dev/stdout
+access_log stdio:/dev/stdout
+cache_store_log stdio:/dev/stdout
+
+pid_filename /var/run/squid/squid.pid
+
 acl ssl_ports port 443
 acl safe_ports port 80
 acl safe_ports port 443

diff --git a/modules/cloud-config-container/squid/cloud-config.yaml b/modules/cloud-config-container/squid/cloud-config.yaml
@@ -68,10 +68,10 @@ write_files:
       [Service]
       Environment="HOME=/home/squid"
       ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
-      ExecStart=/usr/bin/docker run --rm --name=squid  \
+      ExecStart=/usr/bin/docker run --rm --name=squid \
         --network host \
         -v /etc/squid:/etc/squid \
-        gcr.io/pso-cft-fabric/squid:0.10
+        gcr.io/pso-cft-fabric/squid:20221116
       ExecStop=/usr/bin/docker stop squid
       ExecStopPost=/usr/bin/docker rm squid
 

diff --git a/modules/cloud-config-container/squid/docker/Dockerfile b/modules/cloud-config-container/squid/docker/Dockerfile
@@ -17,6 +17,7 @@ FROM debian:buster-slim
 ENV SQUID_VERSION=4.6 \
   SQUID_CACHE_DIR=/var/spool/squid \
   SQUID_LOG_DIR=/var/log/squid \
+  SQUID_PID_DIR=/var/run/squid \
   SQUID_USER=proxy
 
 RUN apt-get update \
@@ -26,5 +27,12 @@ RUN apt-get update \
 COPY entrypoint.sh /sbin/entrypoint.sh
 RUN chmod 755 /sbin/entrypoint.sh
 
+# Create the PID file directory as root, as the non-privileged user squid is not
+# allowed to write in /var/run.
+RUN mkdir -p ${SQUID_PID_DIR} \
+  && chown ${SQUID_USER}:${SQUID_USER} ${SQUID_PID_DIR}
+
+USER ${SQUID_USER}
+
 EXPOSE 3128/tcp
 ENTRYPOINT ["/sbin/entrypoint.sh"]
diff --git a/modules/cloud-config-container/squid/docker/cloudbuild.yaml b/modules/cloud-config-container/squid/docker/cloudbuild.yaml
@@ -24,7 +24,7 @@ steps:
       - .
 
 substitutions:
-  _IMAGE_VERSION: "20210215"
+  _IMAGE_VERSION: "20221116"
 images:
   - "gcr.io/$PROJECT_ID/squid:${_IMAGE_VERSION}"
   - "gcr.io/$PROJECT_ID/squid:latest"
diff --git a/modules/cloud-config-container/squid/squid.conf b/modules/cloud-config-container/squid/squid.conf
@@ -4,6 +4,14 @@ http_port 0.0.0.0:3128
 # only proxy, don't cache
 cache deny all
 
+# redirect all logs to /dev/stdout
+logfile_rotate 0
+cache_log stdio:/dev/stdout
+access_log stdio:/dev/stdout
+cache_store_log stdio:/dev/stdout
+
+pid_filename /var/run/squid/squid.pid
+
 acl ssl_ports port 443
 acl safe_ports port 80
 acl safe_ports port 443

diff --git a/tests/blueprints/networking/filtering_proxy_psc/test_plan.py b/tests/blueprints/networking/filtering_proxy_psc/test_plan.py
@@ -16,4 +16,4 @@ def test_resources(e2e_plan_runner):
   "Test that plan works and the numbers of resources is as expected."
   modules, resources = e2e_plan_runner()
   assert len(modules) == 12
-  assert len(resources) == 33
+  assert len(resources) == 34