c73091967d
This patch adds a test scenario which deploys a squid proxy on the AIO host and uses deployment_environment_variables to direct all http and https traffic through that proxy. In order to make the test reasonably realistic eth0 is removed from all containers which means they have no default route and must retrieve all external dependencies via the proxy. As eth0 is removed we can no longer use it to NAT the traffic to the neutron public ip address range during tempest tests. Instead we add static routes to those address ranges to eth1 in the containers and expect the host to forward via br-mgmt. Depends-On: https://review.openstack.org/625312 Depends-On: https://review.openstack.org/625670 Change-Id: I554cfd149374f0863ac058f26862b5439c5d53d8
21 lines
573 B
SquidConf
21 lines
573 B
SquidConf
acl SSL_ports port 443
|
|
acl CONNECT method CONNECT
|
|
acl lan src 172.29.236.0/22
|
|
|
|
http_access deny CONNECT !SSL_ports
|
|
http_access allow localhost manager
|
|
http_access allow lan
|
|
http_access deny manager
|
|
http_access allow localhost
|
|
http_access deny all
|
|
|
|
http_port 3128
|
|
|
|
coredump_dir /var/spool/squid
|
|
|
|
refresh_pattern ^ftp: 1440 20% 10080
|
|
refresh_pattern ^gopher: 1440 0% 1440
|
|
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
|
|
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
|
|
refresh_pattern . 0 20% 4320
|