Initial baseline load-generator -> 5 home server tests.#5723
Initial baseline load-generator -> 5 home server tests.#5723marc-casavant wants to merge 59 commits intoFreeRADIUS:masterfrom
Conversation
| @@ -0,0 +1,224 @@ | |||
| # -*- text -*- | |||
There was a problem hiding this comment.
It's probably worth removing everything you don't need from this file (and others). i.e. there isn't value in having all of the document and comments in the test framework.
Plus, if the comments are duplicated here, they can get out of sync with the main configuration files. so it's best to just simplify these examples.
The only comments in the configuration files here should be explanations as to why this particular configuration was chosen.
There was a problem hiding this comment.
Good point. Would we want to keep empty sections in the config file as placeholders?
In ../homeserver/radiusd.conf for example, we do not need to configure "thread pool". We could however refer to the config section:
thread pool {
}
| transport = step | ||
| step { | ||
|
|
||
| # - filename (required) |
There was a problem hiding this comment.
similar here, delete the default comments. add a comment explaining why this configuration has the given value.
|
|
||
| send Access-Request { | ||
| stats | ||
| ok |
There was a problem hiding this comment.
Why is the ok here in every section? It shouldn't be needed.
If the server authenticates the user, then everything should just work.
| if (!Event-Timestamp) { | ||
| Event-Timestamp := %time.request() - %{Acct-Delay-Time || 0} | ||
| } | ||
| acct_unique |
There was a problem hiding this comment.
this is likely not needed. It's main use is when writing to SQL, and we're not doing that.
| # # requests to the upstream RADIUS server(s). | ||
| # | ||
| # if (!Event-Timestamp) { | ||
| # Event-Timestamp := %time.request() - %{Acct-Delay-Time || 0} |
There was a problem hiding this comment.
this is only needed for crappy NAS equipment. It's better to just do:
Event.Timestamp := %timerequest()
since the timestamp changes every second, and therefore can't be put into a static packet.
| secret = testing123 | ||
| require_message_authenticator = auto | ||
| imit_proxy_state = auto | ||
| limit { |
There was a problem hiding this comment.
the "limit" section is for TCP, and isn't needed for UDP packets. You can delete it.
| ipaddr = $ENV{TEST_SUBNET} | ||
| secret = testing123 | ||
| require_message_authenticator = auto | ||
| imit_proxy_state = auto |
| escape_filenames = no | ||
| } | ||
|
|
||
| pool { |
There was a problem hiding this comment.
I don't think we need a pool configuration for files? You might need to check the linelog source code.
If the default linelog module comments aren't clear, we can update them to explain this issue.
| } | ||
| } | ||
|
|
||
| dictionary { |
There was a problem hiding this comment.
If you're not using this, just delete it.
|
|
||
| send Access-Challenge { | ||
| attr_filter.access_challenge | ||
| handled |
There was a problem hiding this comment.
You can delete this line. It's only needed for esoteric corner cases where the server is creating a challenge/response thing itself via unlang
| attr_filter.access_reject | ||
| eap | ||
| remove_reply_message_if_eap | ||
| delay_reject |
There was a problem hiding this comment.
delete this. We don't need to delay rejects in the CI tests.
| } | ||
|
|
||
| recv Accounting-Request { | ||
| acct_unique |
There was a problem hiding this comment.
delete this, as per other comments
| } | ||
|
|
||
| accounting Start { | ||
| -sql |
There was a problem hiding this comment.
we're not using SQL, so just delete all -sql things, and leave the sections empty.
| escape_filenames = no | ||
| } | ||
|
|
||
| pool { |
There was a problem hiding this comment.
the pool configuration is likely not needed.
| free_delay = 10 | ||
| } | ||
| } | ||
| Access-Request { |
There was a problem hiding this comment.
This is a large block of text which is copied multiple times.
perhaps create a directory common/, and then put the large common blocks there. the configurations can then do $INCLUDE common/foo.conf
I'm a big fan of "don't repeat yourself". If the same thing shows up 2-3 times, find a way to re-use a common block.
| response_window = 15 | ||
| zombie_period = 10 | ||
| revive_interval = 3600 | ||
| status_check { |
There was a problem hiding this comment.
the status check configs can likely go into a common block, too. Perhaps even more of the radius configuration block, too.
| $INCLUDE global.d/ | ||
| } | ||
|
|
||
| migrate { |
There was a problem hiding this comment.
Delete this section. It's long out of date.
| https://github.com/marc-casavant/freeradius-server/tree/dev-docker-build-from-src | ||
| ```bash | ||
| freeradius-server % docker build --no-cache -t freeradius-dev-ubuntu24 -f scripts/docker/dev/build/ubuntu24/Dockerfile . | ||
| ``` |
There was a problem hiding this comment.
Get the crossbuild images to work on MacOS. Either get arm versions of libkqueue, or submit a CI task for the libkqueue repo to build the .deb files from x86 and arm.
src/tests/multi-server/README.md
Outdated
| ### Multi-server test run | ||
|
|
||
| ```bash | ||
| DATA_PATH=$HOME/sandbox/freeradius-server/src/tests/multi-server/environments/configs make test-framework-custom-config-path -- -x -vvvv --compose $HOME/sandbox/freeradius-server/src/tests/multi-server/environments/docker-compose/env-loadgen-5hs.yml --test $HOME/sandbox/freeradius-server/src/tests/multi-server/test-5hs-autoaccept.yml --use-files --listener-dir $HOME/freeradius-listener-logs |
There was a problem hiding this comment.
Should be integrated into the FreeRADIUS make framework. Add an all.mk that adds a tests.multi target, with correct prereqs to build the docker images using crossbuild.
There was a problem hiding this comment.
Get Ethan to publish the multi-server test packages to PyPi.
There was a problem hiding this comment.
Any use of $HOME should be substituted for paths in build/tests/multi.
src/tests/multi-server/README.md
Outdated
|
|
||
| freeradius-multi-server % source .venv/bin/activate | ||
|
|
||
| (.venv) freeradius-multi-server % TEST_LOGGER_CONFIG=linelog_file DATA_PATH=$HOME/sandbox/freeradius-server/src/tests/multi-server/environments/configs LISTENER_DIR=$HOME/freeradius-listener-logs docker compose -p custom_test-env-loadgen-5hs -f $HOME/sandbox/freeradius-server/src/tests/multi-server/environments/docker-compose/env-loadgen-5hs.yml up |
There was a problem hiding this comment.
This be should be created automatically in build/tests/multi so we can reinitialise the state easily.
| certdir = ${confdir}/certs | ||
| cadir = ${confdir}/certs | ||
| run_dir = ${localstatedir}/run/${name} | ||
| db_dir = ${localstatedir}/lib/${name} |
There was a problem hiding this comment.
Almost all the paths can be removed
|
|
||
| libdir = /usr/lib/freeradius | ||
|
|
||
| pidfile = ${run_dir}/${name}.pid |
| destination = null | ||
| colourise = no | ||
| timestamp = yes | ||
| } |
There was a problem hiding this comment.
log debug {} specifically or from the request {} section ... up to log debug {}?
| } | ||
|
|
||
| security { | ||
| user = freerad |
There was a problem hiding this comment.
No need to set a user or group here, it can just run as root.
|
|
||
| thread pool { | ||
|
|
||
| } |
src/tests/multi-server/environments/configs/freeradius/homeserver/radiusd.conf.j2
Show resolved
Hide resolved
| type = Access-Request | ||
| type = Status-Server | ||
| transport = udp | ||
| require_message_authenticator = auto |
|
|
||
| rm -f /etc/raddb/sites-enabled/default | ||
| ln -sf /etc/raddb/sites-available/hs-auto-accept /etc/raddb/sites-enabled/hs-auto-accept | ||
| ln -sf /etc/raddb/mods-available/linelog_test_framework /etc/raddb/mods-enabled/linelog_test_framework |
There was a problem hiding this comment.
I removed the soft link to enable the radius module since it is not needed. However, the soft link to enable the linelog_test_framework config is required since it is a custom linelog configuration pulled in from the test framework.
There was a problem hiding this comment.
In general all these homeserver entries should be removed except one, and that should be added into the middle of a Jinja loop. This lets you parameterise the environment too, so it's N backends instead of 5.
…ent expects it to be.
…logs. Also using env variables to make it easy to change the OS used for the docker build.
…o steps to help debug missing [Passed] and [Failed] expected labels.
…ramework's jinja template rendering script.
…line with the compose file name used for a test.
…t easier to know where they are used during Jinja template rendering.
…runners and self-hosted runners. Turning off self-hosted option for sanity check.
…server from source before running a test.
…ackages are now pre-installed on the runner.
3 participants
The following new files include all files required to run a short and longer (5 minutes) running tests running on a baseline load-generator -> 5 home server multi-server environment. Files include FreeRADIUS server related config files, a docker-compose environment and testcase configurations.
These new tests require the freeradius-multi-server repo to be available on the same system running the tests.