WIP: moving the Dockerfiles used for the profiling images to scripts/docker/profiling

Author: marc-casavant

scripts/docker/docker.mk

@@ -18,12 +18,18 @@ CB_DIR:=$(dir $(realpath $(lastword $(MAKEFILE_LIST))))
 # Where the docker directories are
 DT:=$(CB_DIR)/build
 
+# Where the profiling docker directories are
+PT:=$(CB_DIR)/profiling
+
 # Location of top-level m4 template
 DOCKER_TMPL:=$(CB_DIR)/m4/Dockerfile.m4
 
 # List of all the docker images (sorted for "docker.info")
 IMAGES:=$(sort $(patsubst $(DT)/%,%,$(wildcard $(DT)/*)))
 
+# List of all profiling images (sorted)
+PROF_IMAGES:=$(sort $(patsubst $(PT)/%,%,$(wildcard $(PT)/*)))
+
 # Don't use the Docker cache if asked
 ifneq "$(NOCACHE)" ""
     DOCKER_BUILD_OPTS += " --no-cache"
@@ -122,14 +128,29 @@ $(foreach IMAGE,$(IMAGES),\
   $(eval $(call CROSSBUILD_IMAGE_RULE,$(IMAGE))))
 
 #
-#  Build the LDAP image for profiling tests.
+#  Define rules for building a profiling image
+#
+define PROFILING_IMAGE_RULE
+
+.PHONY: docker.${1}.prof
+docker.${1}.prof:
+	${Q}echo "BUILD ${1} ($(D_IPREFIX)/${1}-prof) from $(PT)/${1}/Dockerfile"
+
+	${Q}docker buildx build \
+		$(DOCKER_BUILD_OPTS) \
+		--progress=plain \
+		. \
+		-f $(PT)/${1}/Dockerfile \
+		-t $(D_IPREFIX)/${1}-prof
+
+endef
+
+#
+#  Add all the profiling image building rules
 #
-.PHONY: docker.openldap.build
-docker.openldap.build:
-	${Q}echo "BUILD openldap:latest from $(DT)/openldap/Dockerfile"
-	${Q}docker build \
-		$(DT)/openldap \
-		-t openldap:latest
+$(foreach IMAGE,$(PROF_IMAGES),\
+  $(eval $(call PROFILING_IMAGE_RULE,$(IMAGE))))
+
 
 # if docker is defined
 endif

scripts/docker/profiling/openldap/Dockerfile

@@ -0,0 +1,30 @@
+FROM debian:bookworm-slim
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN echo "slapd slapd/password1 password adminpassword" | debconf-set-selections \
+ && echo "slapd slapd/password2 password adminpassword" | debconf-set-selections \
+ && echo "slapd slapd/domain string example.com" | debconf-set-selections \
+ && echo "slapd shared/organization string Example" | debconf-set-selections \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends slapd ldap-utils \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
+
+COPY scripts/docker/profiling/openldap/users.ldif /etc/ldap/users.ldif
+
+# Pre-populate the database during the build so the container is ready on start
+RUN slapd -h "ldapi:///" -u openldap -g openldap & \
+    for i in $(seq 1 30); do \
+        ldapsearch -x -H ldapi:/// -D "cn=admin,dc=example,dc=com" \
+            -w adminpassword -b "dc=example,dc=com" > /dev/null 2>&1 && break; \
+        sleep 1; \
+    done && \
+    ldapadd -x -H ldapi:/// -D "cn=admin,dc=example,dc=com" \
+        -w adminpassword -f /etc/ldap/users.ldif && \
+    kill "$(pidof slapd)" && \
+    sleep 2
+
+EXPOSE 389
+
+CMD ["slapd", "-h", "ldap:///", "-u", "openldap", "-g", "openldap", "-d", "0"]

scripts/docker/profiling/openldap/users.ldif

@@ -0,0 +1,16 @@
+dn: ou=users,dc=example,dc=com
+objectClass: organizationalUnit
+ou: users
+
+dn: uid=testuser,ou=users,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: testuser
+sn: User
+cn: testuser
+uidNumber: 10000
+gidNumber: 10000
+userPassword: testpass
+loginShell: /bin/bash
+homeDirectory: /home/testuser

scripts/docker/profiling/ubuntu24/Dockerfile

@@ -0,0 +1,136 @@
+# Auto generated for ubuntu24
+# from scripts/docker/m4/docker.deb.m4
+#
+# Rebuild this file with `make docker.ubuntu24.regen`
+#
+ARG from=ubuntu:24.04
+FROM ${from} AS build
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+#
+#  Install build tools
+#
+RUN apt-get update
+RUN apt-get install -y devscripts equivs git quilt gcc curl
+
+#
+#  Set up NetworkRADIUS extras repository
+#
+RUN install -d -o root -g root -m 0755 /etc/apt/keyrings \
+ && curl -o /etc/apt/keyrings/packages.networkradius.com.asc "https://packages.inkbridgenetworks.com/pgp/packages%40networkradius.com" \
+ && echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/ubuntu/noble noble main" > /etc/apt/sources.list.d/networkradius-extras.list \
+ && apt-get update
+
+#
+#  Create build directory
+#
+RUN mkdir -p /usr/local/src/repositories/freeradius-server
+WORKDIR /usr/local/src/repositories/freeradius-server/
+
+#
+#  Copy the FreeRADIUS directory in
+#
+COPY . .
+
+#
+#  Clean up tree - we want to build from the latest commit, not from
+#  any cruft left around on the local system
+#
+RUN git clean -fdxx \
+ && git reset --hard HEAD
+
+#
+#  Build libkqueue from source on non-amd64 architectures.
+#  The NetworkRADIUS extras repository only provides amd64 packages.
+#
+RUN if [ "$(dpkg --print-architecture)" != "amd64" ]; then \
+        apt-get install -y cmake && \
+        git clone --depth 1 https://github.com/mheily/libkqueue.git && \
+        cd libkqueue && \
+        cmake -G "Unix Makefiles" -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_LIBDIR=lib . && \
+        make && cpack -G DEB && dpkg -i *.deb && \
+        cp *.deb /usr/local/src/repositories/ && \
+        cd .. && rm -rf libkqueue; \
+    fi
+
+#
+#  Install build dependencies
+#  Debian sid fails if debian/control doesn't exist due to an issue
+#  in one of the included make files, so we create a blank file.
+#
+RUN if [ -e ./debian/control.in ]; then \
+        touch -t 202001010000 debian/control; \
+        debian/rules debian/control; \
+    fi; \
+    echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control
+
+#
+#  Build the server
+#
+RUN make -j$(nproc) deb
+
+#
+#  Clean environment and run the server
+#
+FROM ${from}
+ARG DEBIAN_FRONTEND=noninteractive
+
+COPY --from=build /usr/local/src/repositories/*.deb /tmp/
+
+#
+#  Set up NetworkRADIUS extras repository
+#  Reuse the signing key from the build stage instead of fetching it again
+#
+COPY --from=build /etc/apt/keyrings/packages.networkradius.com.asc /etc/apt/keyrings/packages.networkradius.com.asc
+RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/ubuntu/noble noble main" > /etc/apt/sources.list.d/networkradius-extras.list
+
+ARG freerad_uid=101
+ARG freerad_gid=101
+
+RUN groupadd -g ${freerad_gid} -r freerad \
+ && useradd -u ${freerad_uid} -g freerad -r -M -d /etc/freeradius -s /usr/sbin/nologin freerad \
+ && apt-get update \
+ && apt-get install -y /tmp/*.deb \
+ && apt-get install -y \
+    # Build essentials
+    build-essential \
+    cmake \
+    make \
+    git \
+    vim \
+    # SSL / compression / memory libs
+    libssl-dev \
+    libbrotli-dev \
+    libtalloc-dev \
+    # Google perf tools
+    libgoogle-perftools-dev \
+    google-perftools \
+    # Valgrind / heap profiling
+    valgrind \
+    heaptrack \
+    # Utilities
+    less \
+    psmisc \
+    # kcachegrind - GUI callgrind viewer (requires display/X11 forwarding or VNC)
+    # Pulls in heavy KDE/Qt dependencies (~200MB+).
+    # To use: run with `docker run -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix`
+    kcachegrind \
+    kio \
+    libkf5iconthemes5 \
+    libkf5parts5 \
+    libkf5textwidgets5 \
+    libqt5gui5 \
+    libqt5widgets5 \
+ && apt-get clean \
+ && rm -r /var/lib/apt/lists/* /tmp/*.deb \
+    \
+ && ln -s /etc/freeradius /etc/raddb
+
+WORKDIR /
+COPY scripts/docker/etc/docker-entrypoint.sh.deb docker-entrypoint.sh
+RUN chmod +x docker-entrypoint.sh
+
+EXPOSE 1812/udp 1813/udp
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["freeradius"]

scripts/docker/profiling/ubuntu24/Dockerfile.cb

@@ -0,0 +1,125 @@
+# Auto generated for ubuntu24-prof
+# from scripts/docker/m4/crossbuild.deb.m4
+#
+# Rebuild this file with `make crossbuild.ubuntu24-prof.regen`
+#
+ARG from=ubuntu:24.04
+FROM ${from} AS build
+
+SHELL ["/usr/bin/nice", "-n", "5", "/usr/bin/ionice", "-c", "3", "/bin/sh", "-x", "-c"]
+
+ARG APT_OPTS="-y --option=Dpkg::options::=--force-unsafe-io --no-install-recommends"
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+
+#
+#  Install add-apt-repository (may be needed for clang) and
+#  package development utilities
+#
+RUN apt-get update && \
+    apt-get install $APT_OPTS \
+        # Build essentials
+        build-essential \
+        cmake \
+        make \
+        git \
+        # SSL / compression / memory libs
+        libssl-dev \
+        libbrotli-dev \
+        libtalloc-dev \
+        # Google perf tools
+        libgoogle-perftools-dev \
+        google-perftools \
+        # Valgrind / heap profiling
+        valgrind \
+        heaptrack \
+        # Utilities
+        less \
+        psmisc \
+        # kcachegrind - GUI callgrind viewer (requires display/X11 forwarding or VNC)
+        # Pulls in heavy KDE/Qt dependencies (~200MB+).
+        # To use: run with `docker run -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix`
+        kcachegrind \
+        kio \
+        libkf5iconthemes5 \
+        libkf5parts5 \
+        libkf5textwidgets5 \
+        libqt5gui5 \
+        libqt5widgets5 \
+        # Original build dependencies from the old Dockerfile, may be needed for some build steps
+        devscripts \
+        equivs \
+        gnupg2 \
+        lsb-release \
+        procps \
+        quilt \
+        rsync \
+        wget && \
+    apt-get clean && \
+    rm -r /var/lib/apt/lists/*
+
+
+#
+#  Set up NetworkRADIUS extras repository
+#
+RUN install -d -o root -g root -m 0755 /etc/apt/keyrings && \
+    wget -O /etc/apt/keyrings/packages.networkradius.com.asc "https://packages.networkradius.com/pgp/packages%40networkradius.com" && \
+    echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/ubuntu/noble noble main" > /etc/apt/sources.list.d/networkradius-extras.list && \
+    apt-get update
+
+
+#
+#  Install compilers
+#
+RUN apt-get install $APT_OPTS \
+        g++ \
+        llvm clang lldb
+
+
+
+
+
+#
+#  Install some extra packages
+#
+RUN apt-get install $APT_OPTS \
+        libnl-3-dev \
+        libnl-genl-3-dev \
+        gdb \
+        less \
+        lldb \
+        vim \
+        oathtool
+
+
+#
+#  Setup a src dir in /usr/local
+#
+RUN mkdir -p /usr/local/src/repositories
+WORKDIR /usr/local/src/repositories
+
+
+#
+#  Shallow clone the FreeRADIUS source
+#
+WORKDIR /usr/local/src/repositories
+ARG source=https://github.com/FreeRADIUS/freeradius-server.git
+RUN git clone --depth 1 --no-single-branch ${source}
+
+#
+#  Install build dependencies for all branches from v4 onwards
+#  Debian sid fails if debian/control doesn't exist due to an issue
+#  in one of the included make files, so we create a blank file.
+#
+WORKDIR freeradius-server
+RUN for i in $(git for-each-ref --format='%(refname:short)' refs/remotes/origin 2>/dev/null | sed -e 's#origin/##' | egrep "^(v[4-9]*\.[0-9x]*\.x|master|${branch})$" | sort -u); \
+    do \
+        git checkout $i; \
+        if [ -e ./debian/control.in ] ; then \
+	    touch -t 202001010000 debian/control; \
+            debian/rules debian/control ; \
+        fi ; \
+        mk-build-deps -irt"apt-get -o Debug::pkgProblemResolver=yes $APT_OPTS" debian/control ; \
+        apt-get -y remove libiodbc2-dev ; \
+    done

src/tests/multi-server/all.mk

@@ -214,13 +214,14 @@ test.multi-server.ci: $(TEST_MULTI_SERVER_CI_TESTS)
 
 #
 #  Ensure the ldap image is present before running prof-ldap tests.
-#  Builds it automatically via docker.ldap.build if not found.
+#  Builds it automatically via docker.openldap.prof if not found.
 #
 .PHONY: openldap.image
 openldap.image:
-	${Q}if [ -z "$$(docker images -q openldap:latest 2>/dev/null)" ]; then \
-		$(MAKE) -C $(top_srcdir) docker.openldap.build; \
+	${Q}if [ -z "$$(docker images -q freeradius4/openldap-prof:latest 2>/dev/null)" ]; then \
+		$(MAKE) -C $(top_srcdir) docker.openldap.prof; \
 	fi
+	${Q}docker tag freeradius4/openldap-prof:latest openldap:latest
 
 $(TEST_MULTI_SERVER_TESTS.prof-ldap): openldap.image