forked from acouzens/open5gs
409 lines
9.1 KiB
YAML
409 lines
9.1 KiB
YAML
#
|
|
# logger:
|
|
#
|
|
# o Set OGS_LOG_INFO to all domain level
|
|
# - If `level` is omitted, the default level is OGS_LOG_INFO)
|
|
# - If `domain` is omitted, the all domain level is set from 'level'
|
|
# (Nothing is needed)
|
|
#
|
|
# o Set OGS_LOG_ERROR to all domain level
|
|
# - `level` can be set with none, fatal, error, warn, info, debug, trace
|
|
# level: error
|
|
#
|
|
# o Set OGS_LOG_DEBUG to mme/emm domain level
|
|
# level: debug
|
|
# domain: mme,emm
|
|
#
|
|
# o Set OGS_LOG_TRACE to all domain level
|
|
# level: trace
|
|
# domain: core,sbi,udm,event,tlv,mem,sock
|
|
#
|
|
logger:
|
|
file: @localstatedir@/log/open5gs/udm.log
|
|
|
|
#
|
|
# tls:
|
|
# enabled: auto|yes|no
|
|
# - auto: Default. Use TLS only if key/cert is available
|
|
# - yes: Use TLS always;
|
|
# reject if no key/cert available
|
|
# - no: Don't use TLS if there is an key/cert available
|
|
#
|
|
# o Server-side Key and Certficiate
|
|
# server:
|
|
# key: /etc/open5gs/tls/udm.key
|
|
# cert: /etc/open5gs/tls/udm.crt
|
|
#
|
|
# o Client-side does not use TLS
|
|
# client:
|
|
# enabled: no
|
|
# key: /etc/open5gs/tls/udm.key
|
|
# cert: /etc/open5gs/tls/udm.crt
|
|
#
|
|
# o Use the specified certificate to verify client
|
|
# server
|
|
# cacert: /etc/open5gs/tls/ca.crt
|
|
#
|
|
# o Use the specified certificate to verify server
|
|
# client
|
|
# cacert: /etc/open5gs/tls/ca.crt
|
|
#
|
|
tls:
|
|
enabled: no
|
|
server:
|
|
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
|
key: @sysconfdir@/open5gs/tls/udm.key
|
|
cert: @sysconfdir@/open5gs/tls/udm.crt
|
|
client:
|
|
cacert: @sysconfdir@/open5gs/tls/ca.crt
|
|
key: @sysconfdir@/open5gs/tls/udm.key
|
|
cert: @sysconfdir@/open5gs/tls/udm.crt
|
|
|
|
#
|
|
# o Generate the private key as below.
|
|
# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
|
|
# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
|
|
#
|
|
# o The private and public keys can be viewed with the command.
|
|
# The public key is used when creating the SIM.
|
|
# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
|
|
# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
|
|
#
|
|
# hnet:
|
|
# o Home network public key identifier(PKI) value : 1
|
|
# Protection scheme identifier : ECIES scheme profile A
|
|
# - id: 1
|
|
# scheme: 1
|
|
# key: /etc/open5gs/hnet/curve25519-1.key
|
|
#
|
|
# o Home network public key identifier(PKI) value : 2
|
|
# Protection scheme identifier : ECIES scheme profile B
|
|
# - id: 2
|
|
# scheme: 2
|
|
# key: /etc/open5gs/hnet/secp256r1-2.key
|
|
#
|
|
# o Home network public key identifier(PKI) value : 3
|
|
# Protection scheme identifier : ECIES scheme profile A
|
|
# - id: 3
|
|
# scheme: 1
|
|
# key: /etc/open5gs/hnet/curve25519-1.key
|
|
#
|
|
# o Home network public key identifier(PKI) value : 4
|
|
# Protection scheme identifier : ECIES scheme profile B
|
|
# - id: 4
|
|
# scheme: 2
|
|
# key: /etc/open5gs/hnet/secp256r1-2.key
|
|
#
|
|
hnet:
|
|
- id: 1
|
|
scheme: 1
|
|
key: @sysconfdir@/open5gs/hnet/curve25519-1.key
|
|
- id: 2
|
|
scheme: 2
|
|
key: @sysconfdir@/open5gs/hnet/secp256r1-2.key
|
|
- id: 3
|
|
scheme: 1
|
|
key: @sysconfdir@/open5gs/hnet/curve25519-3.key
|
|
- id: 4
|
|
scheme: 2
|
|
key: @sysconfdir@/open5gs/hnet/secp256r1-4.key
|
|
- id: 5
|
|
scheme: 1
|
|
key: @sysconfdir@/open5gs/hnet/curve25519-5.key
|
|
- id: 6
|
|
scheme: 2
|
|
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
|
|
|
|
#
|
|
# udm:
|
|
#
|
|
# <SBI Server>
|
|
#
|
|
# o SBI Server(http://<all address available>:80)
|
|
# sbi:
|
|
#
|
|
# o SBI Server(http://<any address>:7777)
|
|
# sbi:
|
|
# - addr:
|
|
# - 0.0.0.0
|
|
# - ::0
|
|
# port: 7777
|
|
#
|
|
# o SBI Server(https://<all address available>:443)
|
|
# tls:
|
|
# server:
|
|
# key: /etc/open5gs/tls/udm.key
|
|
# cert: /etc/open5gs/tls/udm.crt
|
|
# udm:
|
|
# sbi:
|
|
#
|
|
# o SBI Server(http://127.0.0.5:80, http://[::1]:80)
|
|
# tls:
|
|
# enabled: no
|
|
# server:
|
|
# key: /etc/open5gs/tls/udm.key
|
|
# cert: /etc/open5gs/tls/udm.crt
|
|
# udm:
|
|
# sbi:
|
|
# - addr: 127.0.0.5
|
|
# - addr: ::1
|
|
#
|
|
# o SBI Server(https://udm.open5gs.org:443)
|
|
# Use the specified certificate to verify client
|
|
#
|
|
# tls:
|
|
# server:
|
|
# cacert: /etc/open5gs/tls/ca.crt
|
|
# udm:
|
|
# sbi:
|
|
# - name: udm.open5gs.org
|
|
#
|
|
# o SBI Server(http://127.0.0.12:7777)
|
|
# sbi:
|
|
# - addr: 127.0.0.12
|
|
# port: 7777
|
|
#
|
|
# o SBI Server(http://<eth0 IP address>:80)
|
|
# sbi:
|
|
# - dev: eth0
|
|
#
|
|
# o Provide custom SBI address to be advertised to NRF
|
|
# sbi:
|
|
# - dev: eth0
|
|
# advertise: open5gs-udm.svc.local
|
|
#
|
|
# sbi:
|
|
# - addr: localhost
|
|
# advertise:
|
|
# - 127.0.0.99
|
|
# - ::1
|
|
#
|
|
# o SBI Option (Default)
|
|
# - tcp_nodelay : true
|
|
# - so_linger.l_onoff : false
|
|
#
|
|
# sbi:
|
|
# addr: 127.0.0.12
|
|
# option:
|
|
# tcp_nodelay: false
|
|
# so_linger:
|
|
# l_onoff: true
|
|
# l_linger: 10
|
|
#
|
|
# <NF Service>
|
|
#
|
|
# o NF Service Name(Default : all NF services available)
|
|
# service_name:
|
|
#
|
|
# o NF Service Name(Only some NF services are available)
|
|
# service_name:
|
|
# - nudm-sdm
|
|
# - nudm-uecm
|
|
# - nudm-ueau
|
|
#
|
|
# <NF Discovery Query Parameter>
|
|
#
|
|
# o (Default) If you do not set Query Parameter as shown below,
|
|
#
|
|
# sbi:
|
|
# - addr: 127.0.0.12
|
|
# port: 7777
|
|
#
|
|
# - 'service-names' is included.
|
|
#
|
|
# sbi:
|
|
# - addr: 127.0.0.12
|
|
# port: 7777
|
|
# discovery:
|
|
# option:
|
|
# no_service_names: false
|
|
#
|
|
# o To remove 'service-names' from URI query parameters in NS Discovery
|
|
# no_service_names: true
|
|
#
|
|
# * For Indirect Communication with Delegated Discovery,
|
|
# 'service-names' is always included in the URI query parameter.
|
|
# * That is, 'no_service_names' has no effect.
|
|
#
|
|
# <For Indirect Communication with Delegated Discovery>
|
|
#
|
|
# o (Default) If you do not set Delegated Discovery as shown below,
|
|
#
|
|
# sbi:
|
|
# - addr: 127.0.0.12
|
|
# port: 7777
|
|
#
|
|
# - Use SCP if SCP avaiable. Otherwise NRF is used.
|
|
# => App fails if both NRF and SCP are unavailable.
|
|
#
|
|
# sbi:
|
|
# - addr: 127.0.0.12
|
|
# port: 7777
|
|
# discovery:
|
|
# delegated: auto
|
|
#
|
|
# o To use SCP always => App fails if no SCP available.
|
|
# delegated: yes
|
|
#
|
|
# o Don't use SCP server => App fails if no NRF available.
|
|
# delegated: no
|
|
#
|
|
udm:
|
|
sbi:
|
|
- addr: 127.0.0.12
|
|
port: 7777
|
|
|
|
#
|
|
# scp:
|
|
#
|
|
# <SBI Client>>
|
|
#
|
|
# o SBI Client(http://127.0.1.10:7777)
|
|
# sbi:
|
|
# addr: 127.0.1.10
|
|
# port: 7777
|
|
#
|
|
# o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80)
|
|
# sbi:
|
|
# - addr: 127.0.1.10
|
|
# tls:
|
|
# key: /etc/open5gs/tls/udm.key
|
|
# cert: /etc/open5gs/tls/udm.crt
|
|
# - name: scp.open5gs.org
|
|
#
|
|
# o SBI Client(https://scp.open5gs.org:443)
|
|
# Use the specified certificate to verify peer
|
|
#
|
|
# sbi:
|
|
# - name: scp.open5gs.org
|
|
# tls:
|
|
# cacert: /etc/open5gs/tls/ca.crt
|
|
#
|
|
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
|
|
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
|
|
#
|
|
# sbi:
|
|
# addr:
|
|
# - 127.0.1.10
|
|
# - fd69:f21d:873c:fb::1
|
|
#
|
|
# o SBI Option (Default)
|
|
# - tcp_nodelay : true
|
|
# - so_linger.l_onoff : false
|
|
#
|
|
# sbi:
|
|
# addr: 127.0.1.10
|
|
# option:
|
|
# tcp_nodelay: false
|
|
# so_linger:
|
|
# l_onoff: true
|
|
# l_linger: 10
|
|
#
|
|
#
|
|
scp:
|
|
sbi:
|
|
- addr: 127.0.1.10
|
|
port: 7777
|
|
|
|
#
|
|
# nrf:
|
|
#
|
|
# <SBI Client>>
|
|
#
|
|
# o SBI Client(http://127.0.0.10:7777)
|
|
# sbi:
|
|
# addr: 127.0.0.10
|
|
# port: 7777
|
|
#
|
|
# o SBI Client(https://127.0.0.10:443, https://[::1]:443)
|
|
# tls:
|
|
# client:
|
|
# key: /etc/open5gs/tls/udm.key
|
|
# cert: /etc/open5gs/tls/udm.crt
|
|
# nrf:
|
|
# sbi:
|
|
# - addr: 127.0.0.10
|
|
# - addr: ::1
|
|
#
|
|
# o SBI Client(https://nrf.open5gs.org:443)
|
|
# Use the specified certificate to verify server
|
|
#
|
|
# tls:
|
|
# client:
|
|
# cacert: /etc/open5gs/tls/ca.crt
|
|
# nrf:
|
|
# sbi:
|
|
# - name: nrf.open5gs.org
|
|
#
|
|
# o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
|
|
# If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
|
|
#
|
|
# sbi:
|
|
# addr:
|
|
# - 127.0.0.10
|
|
# - fd69:f21d:873c:fa::1
|
|
#
|
|
# o SBI Option (Default)
|
|
# - tcp_nodelay : true
|
|
# - so_linger.l_onoff : false
|
|
#
|
|
# sbi:
|
|
# addr: 127.0.0.10
|
|
# option:
|
|
# tcp_nodelay: false
|
|
# so_linger:
|
|
# l_onoff: true
|
|
# l_linger: 10
|
|
#
|
|
#nrf:
|
|
# sbi:
|
|
# - addr:
|
|
# - 127.0.0.10
|
|
# - ::1
|
|
# port: 7777
|
|
|
|
#
|
|
# parameter:
|
|
#
|
|
# o Disable use of IPv4 addresses (only IPv6)
|
|
# no_ipv4: true
|
|
#
|
|
# o Disable use of IPv6 addresses (only IPv4)
|
|
# no_ipv6: true
|
|
#
|
|
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
|
|
# prefer_ipv4: true
|
|
#
|
|
parameter:
|
|
|
|
#
|
|
# max:
|
|
#
|
|
# o Maximum Number of UE
|
|
# ue: 1024
|
|
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
|
|
# peer: 64
|
|
#
|
|
max:
|
|
|
|
#
|
|
# time:
|
|
#
|
|
# o NF Instance Heartbeat (Default : 0)
|
|
# NFs will not send heart-beat timer in NFProfile
|
|
# NRF will send heart-beat timer in NFProfile
|
|
#
|
|
# o NF Instance Heartbeat (20 seconds)
|
|
# NFs will send heart-beat timer (20 seconds) in NFProfile
|
|
# NRF can change heart-beat timer in NFProfile
|
|
#
|
|
# nf_instance:
|
|
# heartbeat: 20
|
|
#
|
|
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
|
|
#
|
|
# o Message Wait Duration (3000 ms)
|
|
# message:
|
|
# duration: 3000
|
|
time:
|