[EXT] How make freeradius - rlm_exec run multithreaded?
Matthew Newton
mcn at freeradius.org
Sat Jan 11 11:45:38 CET 2020
On Fri, 2020-01-10 at 17:18 -0700, Ryan Allen wrote:
> In the above file, it runs:
> exec freeradius -f "$@"
>
> I don't think it is in debug mode. When it starts there is only one
> line in docker logs which is:
> Sat Jan 11 00:00:20 2020 : Info: Ready to process requests
You shouldn't see any debug output, normally.
> I deployed the code to an enterprise Linux server that is hit by an
> enterprise server. Then two of us tried to sign-in at the same time.
> We could see that only one request was processed at a time while the
> other waited.
It works fine with the official freeradius docker image:
https://hub.docker.com/r/freeradius/freeradius-server
$ find .
./raddb
./raddb/clients.conf
./raddb/mods-config
./raddb/mods-config/files
./raddb/mods-config/files/authorize
./raddb/mods-available
./raddb/mods-available/exec
./Dockerfile
$
There's only one file added to the examples given with the docker
instructions:
$ cat ./raddb/mods-available/exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
timeout = 10
program = "/bin/sleep 5"
}
Testing:
$ docker build -t rad .
Multi-threaded mode:
$ docker run -d --name radius -p 1812-1813:1812-1813/udp -it rad
0371c99e0257fc2fdf600c9bfd4dcf25eade9b42bc3ec43e94bb4c9e05aa7179
$ time ( radtest bob test 127.0.0.1 0 testing123 & radtest bob test
127.0.0.1 0 testing123 & wait )
...
real 0m5.146s
$ docker container logs radius
...nothing...
$ docker container kill radius
radius
$ docker container rm radius
radius
Whereas in single-threaded debug mode:
$ docker run -d --name radius -p 1812-1813:1812-1813/udp -it rad -X
96144c2969062a838c9bb7b4ceec540533207d35f208550cbce1110648703a2c
$ time ( radtest bob test 127.0.0.1 0 testing123 & radtest bob test
127.0.0.1 0 testing123 & wait )
...
real 0m10.034s
$ docker container logs radius
...lots of logs...
$ docker container kill
radius
radius
$ docker container rm radius
radius
You need to check your Dockerfile, or how you're invoking it.
Take a look at the process list on the docker host; that should give a
quick answer as to whether it's being run with -X or similar. Standard
process in the official docker image for example will be running as
"freeradius -f", e.g.
$ docker run -d --name radius -p 1812-1813:1812-1813/udp -it rad
67f5f6d3a83d988b7cbed7500fc9d106ebbd1e30587d2039f260d08dcbb02d4c
$ ps -ef | grep radius | grep -v grep
systemd+ 10457 10425 0 10:33 pts/0 00:00:00 freeradius -f
$ docker kill radius
radius
Use the parameters Alan gave, and as he said, using exec is really not
recommended anyway.
--
Matthew
More information about the Freeradius-Users
mailing list