Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,11 @@ jobs:
HEALTHCHECK_SECRET=testing123
TZ=UTC
RADIUS_ALLOW_PRIVATE_NETWORKS=true
ACCT_REDIS_ENABLED=false
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
REDIS_DB=0
EOF
# Strip leading whitespace from .env
sed -i 's/^[[:space:]]*//' .env
Expand All @@ -209,7 +214,7 @@ jobs:
HEALTHY=$(docker compose ps --format json | grep -c '"healthy"' || true)
TOTAL=$(docker compose ps --format json | wc -l | tr -d ' ')
echo " Healthy: $HEALTHY / $TOTAL ($i/90)"
if [ "$HEALTHY" -ge 2 ] 2>/dev/null; then
if [ "$HEALTHY" -ge 3 ] 2>/dev/null; then
echo "All services are healthy!"
break
fi
Expand Down
5 changes: 4 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,7 @@ backups/

# Database dumps (prevent accidental commit of sensitive data)
**/*.sql.gz
**/*.sql
**/*.sql

# Allow SQL migration scripts
!scripts/*.sql
13 changes: 13 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Added

- Post-schema migration system: automatically applies InnoDB conversion and composite indexes after FreeRADIUS default schema import
- Optional Redis accounting: buffer Interim-Update packets in Redis for batch processing (`ACCT_REDIS_ENABLED=true`)
- Redis service in Docker Compose (always available, accounting opt-in via env var)
- Redis Deployment and Service for Kubernetes
- Redis StatefulSet for Helm chart with persistence and external Redis support
- New environment variables: `ACCT_REDIS_ENABLED`, `REDIS_HOST`, `REDIS_PORT`, `REDIS_PASSWORD`, `REDIS_DB`
- `freeradius-redis` package in Docker image for `rlm_redis` module

### Changed

- Tables `radcheck`, `radreply`, `radusergroup`, `radgroupcheck`, `radgroupreply` converted from MyISAM to InnoDB (enables transactions, row-level locking, crash recovery)
- Added composite indexes: `radusergroup(username, groupname)`, `radgroupcheck(groupname, attribute)`, `radgroupreply(groupname, attribute)`, `radacct(username, acctstoptime)`, `radpostauth(authdate)`

- Upgraded FreeRADIUS to 3.2.8 from Debian sid with apt pinning
- Replaced all `:latest` image tags with semantic versioning (`3.2.8`)
- Removed `:latest` tag from CI pipeline (only semantic versions pushed)
Expand Down
2 changes: 2 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
RUN apt-get update && apt-get install -y --no-install-recommends \
freeradius \
freeradius-mysql \
freeradius-redis \
freeradius-utils \
mariadb-client \
gosu \
Expand All @@ -55,13 +56,14 @@

# Copy entrypoint and set permissions
COPY --link --chmod=755 scripts/entrypoint.sh /entrypoint.sh
COPY --link scripts/post-schema.sql /entrypoint-post-schema.sql

EXPOSE 1812/udp 1813/udp

# Healthcheck secret (internal use only, localhost binding)
# IMPORTANT: Override this with a secure value in production
# This default is intentionally weak to remind users to change it
ENV HEALTHCHECK_SECRET=testing123

Check warning on line 66 in Dockerfile

View workflow job for this annotation

GitHub Actions / Build & Push Docker Image

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "HEALTHCHECK_SECRET") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Check warning on line 66 in Dockerfile

View workflow job for this annotation

GitHub Actions / Test Docker Image

Sensitive data should not be used in the ARG or ENV commands

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "HEALTHCHECK_SECRET") More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

# Healthcheck - uses internal status check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
Expand Down
Loading
Loading