Three new valgrind profiling tests to profile straight accepts, the use of files module and connected to an ldap server.

Author: marc-casavant

src/tests/multi-server/all.mk

@@ -7,12 +7,15 @@
 #
 # Usage:
 #   make -f src/tests/multi-server/all.mk test.multi-server                         # run all tests
-#   make -f src/tests/multi-server/all.mk test.multi-server.5hs-autoaccept.short    # run single test
+#   make -f src/tests/multi-server/all.mk test.multi-server.ci                      # run all ci tests
+#   make -f src/tests/multi-server/all.mk test.multi-server.proxy-accept.short_ci   # run single test
 #   make -f src/tests/multi-server/all.mk clean.test.multi-server                   # clean logs
 #
 
 SHELL := /bin/bash
 
+PROFILE ?= profiling1
+
 #
 #  Allow for stand-alone builds from the local directory.
 #
@@ -139,6 +142,9 @@ TEST_MULTI_SERVER_RENDERED.${1}.${2}     := $$(patsubst $$(DIR)/tests/${1}/%.j2,
 
 $$(foreach j,$$(TEST_MULTI_SERVER_JINJA_FILES.${1}.${2}),$$(eval $$(call TEST_MULTI_SERVER_RENDER,${1},${2},${3},$$j)))
 
+.PHONY: render.test.multi-server.${1}.${2}
+render.test.multi-server.${1}.${2}: $$(TEST_MULTI_SERVER_RENDERED.${1}.${2})
+
 .PHONY: test.multi-server.${1}.${2}
 test.multi-server.${1}.${2}: $$(TEST_MULTI_SERVER_RENDERED.${1}.${2})
 	$$(eval CMD := cd $(TEST_MULTI_SERVER_FRAMEWORK_DIR) && . .venv/bin/activate && DATA_PATH="${4}" python3 -m src.multi_server_test $(TEST_MULTI_SERVER_FLAGS) --project-name "${1}-${2}" --compose "${4}/environment.yml" --test "${4}/template.yml" --use-files --listener-dir "${4}/listener" --log-dir "${4}/logs" --output "${4}/logs/result.log")
@@ -171,7 +177,7 @@ endef
 #  Discovers *.yml param files in the suite directory and generates
 #  render + test targets for each.
 #
-#  ${1} = suite dir name (e.g., 5hs-autoaccept)
+#  ${1} = suite dir name (e.g. proxy-accept)
 #
 define TEST_MULTI_SERVER
 TEST_MULTI_SERVER_PARAM_FILES.${1} := $$(wildcard $$(DIR)/tests/${1}/*.test.yml)
@@ -195,6 +201,8 @@ $(foreach s,$(TEST_MULTI_SERVER_SUITES),$(eval $(call TEST_MULTI_SERVER,$s)))
 
 TEST_MULTI_SERVER_ALL_TESTS := $(foreach s,$(TEST_MULTI_SERVER_SUITES),$(TEST_MULTI_SERVER_TESTS.$(s)))
 
+TEST_MULTI_SERVER_PROF_TESTS := $(foreach s,$(filter prof-%,$(TEST_MULTI_SERVER_SUITES)),$(TEST_MULTI_SERVER_TESTS.$(s)))
+
 ######################################################################
 #
 #  Top-level targets
@@ -215,6 +223,61 @@ TEST_MULTI_SERVER_CI_TESTS := $(filter %_ci,$(TEST_MULTI_SERVER_ALL_TESTS))
 .PHONY: test.multi-server.ci
 test.multi-server.ci: $(TEST_MULTI_SERVER_CI_TESTS)
 
+#
+#  Ensure the freeradius-prof image is present before running
+#  any of the profiling tests.
+#
+
+# Base profiling image, FreeRADIUS not built on this image
+FREERADIUS_PROF_IMAGE := freeradius4-$(PROFILE)/ubuntu24:latest
+# Multi-server profiling image; FreeRADIUS dev build specifically for profiling
+FREERADIUS_RADENV_PROF_IMAGE := freeradius-prof:latest
+
+.PHONY: freeradius-prof.image
+freeradius-prof.image:
+	${Q}if [ -n "$(FORCE_IMAGE_REBUILD)" ] || [ -z "$$(docker images -q $(FREERADIUS_RADENV_PROF_IMAGE) 2>/dev/null)" ]; then \
+		$(MAKE) -C $(top_srcdir) crossbuild.ubuntu24; \
+		$(MAKE) -C $(top_srcdir) crossbuild.ubuntu24.profile.build; \
+		./src/tests/multi-server/scripts/build_image.sh; \
+	else \
+		echo "$(FREERADIUS_RADENV_PROF_IMAGE) available, skipping image creation"; \
+	fi
+
+$(TEST_MULTI_SERVER_PROF_TESTS): freeradius-prof.image
+
+#
+#  Copy the valgrind profiling helper script into each prof test's output dir
+#  so it is available alongside the rendered test configs.
+#
+PROFILING_SCRIPT_SRC := $(DIR)/scripts/profiling/start_valgrind_profiling.sh
+
+define TEST_MULTI_SERVER_PROF_SCRIPT
+$(OUTPUT)/${1}/${2}/start_valgrind_profiling.sh: $(PROFILING_SCRIPT_SRC)
+	$${Q}mkdir -p $$(@D)
+	$${Q}cp $$< $$@
+
+test.multi-server.${1}.${2}: $(OUTPUT)/${1}/${2}/start_valgrind_profiling.sh
+endef
+
+$(foreach s,$(filter prof-%,$(TEST_MULTI_SERVER_SUITES)),$(foreach p,$(TEST_MULTI_SERVER_PARAM_FILES.$(s)),$(eval $(call TEST_MULTI_SERVER_PROF_SCRIPT,$(s),$(subst .,_,$(patsubst %.test.yml,%,$(notdir $(p))))))))
+
+#
+#  Ensure the ldap image is present before running prof-ldap tests.
+#  Builds it automatically via docker.openldap.prof if not found.
+#
+OPENLDAP_PROF_IMAGE := freeradius4/openldap-prof:latest
+
+.PHONY: openldap.image
+openldap.image:
+	${Q}if [ -n "$(FORCE_IMAGE_REBUILD)" ] || [ -z "$$(docker images -q $(OPENLDAP_PROF_IMAGE) 2>/dev/null)" ]; then \
+		$(MAKE) -C $(top_srcdir) docker.openldap.prof; \
+	else \
+		echo "$(OPENLDAP_PROF_IMAGE) available, skipping image creation"; \
+	fi
+	${Q}docker tag $(OPENLDAP_PROF_IMAGE) openldap:latest
+
+$(TEST_MULTI_SERVER_TESTS.prof-ldap): openldap.image
+
 .PHONY: clean.test.multi-server
 clean.test.multi-server:
 	rm -rf $(OUTPUT)

src/tests/multi-server/configs/freeradius/common/mods-available/ldap

@@ -0,0 +1,30 @@
+ldap {
+	server = 'openldap'
+	identity = 'cn=admin,dc=example,dc=com'
+	password = 'adminpassword'
+	base_dn = 'dc=example,dc=com'
+
+	update {
+		control.Password.With-Header	+= 'userPassword'
+	}
+
+	user {
+		base_dn = "${..base_dn}"
+		filter = "(uid=%{Stripped-User-Name || User-Name})"
+	}
+
+	options {
+		res_timeout = 10
+		srv_timelimit = 3
+		net_timeout = 10
+	}
+
+	pool {
+		start = 0
+		min = 1
+		max = 5
+		connecting = 2
+		uses = 0
+		lifetime = 0
+	}
+}

src/tests/multi-server/configs/freeradius/common/mods-available/pap

@@ -0,0 +1,4 @@
+
+pap {
+	password_attribute = User-Password
+}

src/tests/multi-server/configs/freeradius/profiling-ldap/load-generator-packets/packet.conf

@@ -0,0 +1,3 @@
+User-Name       = "testuser"
+User-Password   = "testpass"
+Calling-Station-ID = "F1-F2-F3-F4-F5-F6"

src/tests/multi-server/configs/freeradius/profiling-ldap/mods-config/files/authorize

@@ -0,0 +1 @@
+testuser Password.Cleartext := "testpass"

src/tests/multi-server/configs/freeradius/profiling-ldap/proto_load_config.env

@@ -0,0 +1,14 @@
+export TEST_LOADGEN_START_PPS="100"
+export TEST_LOADGEN_MAX_PPS="100"
+export TEST_LOADGEN_DURATION="60"
+export TEST_LOADGEN_STEP="100"
+export TEST_LOADGEN_PARALLEL="1"
+export TEST_LOADGEN_MAX_BACKLOG="1000"
+export TEST_LOADGEN_REPEAT="no"
+export TEST_LOADGEN_NUM_MESSAGES=0
+
+for ((pps=$TEST_LOADGEN_START_PPS; pps<=$TEST_LOADGEN_MAX_PPS; pps+=$TEST_LOADGEN_STEP)); do
+  TEST_LOADGEN_NUM_MESSAGES=$((TEST_LOADGEN_NUM_MESSAGES + TEST_LOADGEN_DURATION * pps))
+done
+
+export TEST_LOADGEN_NUM_MESSAGES

src/tests/multi-server/configs/freeradius/profiling-ldap/radiusd.conf.j2

@@ -0,0 +1,139 @@
+name       = profiling-server
+
+raddbdir   = /etc/freeradius
+confdir    = ${raddbdir}
+modconfdir = ${confdir}/mods-config
+logdir     = /var/log/freeradius
+radacctdir = ${logdir}/radacct
+
+security {
+	allow_core_dumps = yes
+}
+
+modules {
+
+	# Common ldap module configuration
+	{% include "freeradius/common/mods-available/ldap" %}
+
+	# Common pap module configuration
+	{% include "freeradius/common/mods-available/pap" %}
+
+	# Common always module configuration, required for the control policy
+	{% include "freeradius/common/mods-available/always" %}
+
+}
+
+policy {
+
+	# Common control policy configuration, needed for accept action
+	{% include "freeradius/common/policy.d/control" %}
+
+}
+
+server profiling-server {
+
+	namespace = radius
+
+	listen load {
+		handler = load
+		type = Access-Request
+		transport = step
+
+		step {
+
+			# Default packet config to use by proto_load module
+			filename = ${confdir}/load-generator-packets/packet.conf
+
+			# Saving proto_load statistics disabled by default, can be enabled for debugging purposes.
+			csv = ${confdir}/stats/load-generator-stats.csv
+
+			max_attributes = 64
+
+			#
+			# The load profile is configured via environment variables set
+			# in the testcase configuration files.
+			#
+			start_pps = $ENV{TEST_LOADGEN_START_PPS}
+			max_pps   = $ENV{TEST_LOADGEN_MAX_PPS}
+			duration  = $ENV{TEST_LOADGEN_DURATION}
+			step = $ENV{TEST_LOADGEN_STEP}
+			max_backlog = $ENV{TEST_LOADGEN_MAX_BACKLOG}
+			parallel = $ENV{TEST_LOADGEN_PARALLEL}
+			num_messages = $ENV{TEST_LOADGEN_NUM_MESSAGES}
+			repeat = no
+		}
+	}
+
+	listen authentication {
+		type = Access-Request
+		transport = udp
+		require_message_authenticator = auto
+		limit_proxy_state = auto
+
+		limit {
+			max_clients = 256
+			max_connections = 256
+			idle_timeout = 60.0
+			dynamic_timeout = 600.0
+			nak_lifetime = 30.0
+			cleanup_delay = 5.0
+		}
+
+		udp {
+			ipaddr = *
+			port = 1812
+			networks {
+				allow = 127/8
+				allow = 192.0.2/24
+			}
+		}
+
+		tcp {
+			ipaddr = *
+			port = 1812
+			networks {
+				allow = 127/8
+				allow = 192.0.2/24
+			}
+		}
+	}
+
+	listen authentication {
+		type = Access-Request
+		transport = tcp
+
+		tcp {
+			ipaddr = *
+			port = 1812
+			networks {
+				allow = 127/8
+				allow = 192.0.2/24
+			}
+		}
+	}
+
+	client localhost {
+		shortname = client-localhost
+		ipaddr = *
+		secret = testing123
+	}
+
+	recv Access-Request {
+		ldap
+		# pap module always listed last
+		pap
+	}
+
+	authenticate pap {
+		pap
+	}
+
+	send Access-Accept {
+
+	}
+
+	send Access-Reject {
+
+	}
+
+}

src/tests/multi-server/configs/freeradius/profiling-ldap/stats/load-generator-stats.csv

@@ -0,0 +1 @@
+"time","last_packet","rtt","rttvar","pps","pps_accepted","sent","received","backlog","max_backlog","<usec","us","10us","100us","ms","10ms","100ms","s","blocked"

src/tests/multi-server/configs/freeradius/profiling-ldap/template.d/virtual-server-templates

@@ -0,0 +1,3 @@
+#
+# virtual server templates placeholder
+#

src/tests/multi-server/configs/freeradius/profiling-server-pap-auth/load-generator-packets/packet.conf

@@ -0,0 +1,3 @@
+User-Name       = "testuser"
+User-Password   = "testpass"
+Calling-Station-ID = "F1-F2-F3-F4-F5-F6"