diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 60fec1d..f6ba569 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,6 +19,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Install depends - run: sudo apt-get install -qy j2cli make yamllint + run: sudo apt-get install -qy j2cli make yamllint openssl - name: Run Yaml lint run: make test diff --git a/config.yaml b/config.yaml index f3bfea5..173f3da 100644 --- a/config.yaml +++ b/config.yaml @@ -33,6 +33,10 @@ subnets: ipv4_address: 10.1.1.135 udr: ipv4_address: 10.1.1.136 + chf: + ipv4_address: 10.1.1.137 + webconsole: + ipv4_address: 10.1.1.138 control: gnb1: ipv4_address: 10.1.3.129 diff --git a/doc/addressing.md b/doc/addressing.md index 26d70d3..e45b512 100644 --- a/doc/addressing.md +++ b/doc/addressing.md @@ -35,63 +35,67 @@ > [!IMPORTANT] > IPv4 addresses ending with `.254` and IPv6 addresses ending with `:8000:0:1` are used by Docker internally (gateway). -| Name | Image | Network | IPv4 address | IPv6 address | Comment | -|-----------|-----------------------------------|-----------|-----------------|-------------------------|---------------------------------------------| -| ue1 | `louisroyer/ueransim-ue` | ran | auto | auto | | -| ue1 | `louisroyer/ueransim-ue` | slice0 | `10.2.0.1` | disabled | | -| ue2 | `louisroyer/ueransim-ue` | ran | auto | auto | | -| ue2 | `louisroyer/ueransim-ue` | slice0 | `10.2.0.2` | disabled | | -| gnb1 | `louisroyer/ueransim-gnb` | ran | `10.1.0.129` | `fd00:0:0:0:1:8000:0:2` | | -| gnb1 | `louisroyer/ueransim-gnb` | control | `10.1.3.129` | auto | | -| gnb1 | `louisroyer/ueransim-gnb` | dataplane | `10.1.4.129` | auto (not used) | Route to srgw0 | -| gnb2 | `louisroyer/ueransim-gnb` | ran | `10.1.0.130` | `fd00:0:0:0:1:8000:0:3` | | -| gnb2 | `louisroyer/ueransim-gnb` | control | `10.1.3.130` | auto | | -| gnb2 | `louisroyer/ueransim-gnb` | dataplane | `10.1.4.130` | auto (not used) | Route to srgw0 | -| srgw0 | `louisroyer/dev-nextmn-srv6` | control | `10.1.3.131` | `fd00:0:0:0:2:8000:0:2` | | -| srgw0 | `louisroyer/dev-nextmn-srv6` | dataplane | `10.1.4.131` | `fd00:0:0:0:3:8000:0:2` | IPv6 routes to SR domain (rr) | -| srgw0 | `louisroyer/dev-nextmn-srv6` | srgw0 | `10.3.0.1` | disabled | H.M.GTP4.D | -| srgw0 | `louisroyer/dev-nextmn-srv6` | srgw0 | disabled | `fc00:1:1::/48` | End.M.GTP4.E | -| srgw0 | `louisroyer/dev-nextmn-srv6` | nextmndb | auto | auto | | -| r0 | `louisroyer/dev-nextmn-srv6` | control | auto | `fd00:0:0:0:2:8000:0:4` | | -| r0 | `louisroyer/dev-nextmn-srv6` | dataplane | auto (not used) | `fd00:0:0:0:3:8000:0:3` | IPv6 routes to SR domain (r1, rr) | -| r0 | `louisroyer/dev-nextmn-srv6` | r0 | disabled | `fc00:2:1::/48` | End.DX4 | -| r0 | `louisroyer/dev-nextmn-srv6` | edge | `10.1.5.129` | disabled | H.Encaps + Route to instance in edge0 (s0) | -| r0 | `louisroyer/dev-nextmn-srv6` | nextmndb | auto | auto | | -| r1 | `louisroyer/dev-nextmn-srv6` | control | auto | `fd00:0:0:0:2:8000:0:5` | | -| r1 | `louisroyer/dev-nextmn-srv6` | dataplane | auto (not used) | `fd00:0:0:0:3:8000:0:4` | IPv6 routes to SR domain (r0, rr) | -| r1 | `louisroyer/dev-nextmn-srv6` | r1 | disabled | `fc00:3:1::/48` | End.DX4 | -| r1 | `louisroyer/dev-nextmn-srv6` | edge | `10.1.5.130` | disabled | H.Encaps + Route to instances in edge1 (s1) | -| r1 | `louisroyer/dev-nextmn-srv6` | nextmndb | auto | auto | | -| rr | `louisroyer/dev-nextmn-srv6` | control | auto | `fd00:0:0:0:2:8000:0:3` | | -| rr | `louisroyer/dev-nextmn-srv6` | dataplane | auto (not used) | `fd00:0:0:0:3:8000:0:3` | IPv6 routes to SR domain (srgw0, r0, r1) | -| rr | `louisroyer/dev-nextmn-srv6` | rr | disabled | `fc00:4:1::/48` | End | -| rr | `louisroyer/dev-nextmn-srv6` | nextmndb | auto | auto | | -| s0 | `nginx` | edge | `10.1.5.131` | disabled | Route to slice0 via r0 | -| s0 | `ngnix` | service | `10.4.0.1` | disabled | | -| s1 | `nginx` | edge | `10.1.5.132` | disabled | Route to slice0 via r1 | -| s1 | `ngnix` | service | `10.4.0.1` | disabled | | -| srv6-ctrl | `louisroyer/dev-nextmn-srv6-ctrl` | control | `10.1.3.132` | `fd00:0:0:0:2:8000:0:2` | | -| amf | `louisroyer/dev-free5gc-amf` | control | `10.1.3.133` | auto | | -| amf | `louisroyer/dev-free5gc-amf` | sbi | `10.1.1.129` | disabled | | -| smf | `louisroyer/dev-free5gc-smf` | control | `10.1.3.134` | auto | | -| smf | `louisroyer/dev-free5gc-smf` | sbi | `10.1.1.130` | disabled | | -| nrf | `louisroyer/dev-free5gc-nrf` | sbi | `10.1.1.131` | disabled | | -| nrf | `louisroyer/dev-free5gc-nrf` | db | auto | disabled | | -| ausf | `louisroyer/dev-free5gc-ausf` | sbi | `10.1.1.132` | disabled | | -| nssf | `louisroyer/dev-free5gc-nssf` | sbi | `10.1.1.133` | disabled | | -| pcf | `louisroyer/dev-free5gc-pcf` | sbi | `10.1.1.134` | disabled | | -| pcf | `louisroyer/dev-free5gc-pcf` | db | auto | disabled | | -| udm | `louisroyer/dev-free5gc-udm` | sbi | `10.1.1.135` | disabled | | -| udr | `louisroyer/dev-free5gc-udr` | sbi | `10.1.1.136` | disabled | | -| udr | `louisroyer/dev-free5gc-udr` | db | auto | disabled | | -| upfi | `louisroyer/dev-free5gc-upf` | control | `10.1.3.135` | auto | | -| upfi | `louisroyer/dev-free5gc-upf` | dataplane | `10.1.4.132` | auto (not used) | | -| upfa1 | `louisroyer/dev-free5gc-upf` | control | `10.1.3.136` | auto | | -| upfa1 | `louisroyer/dev-free5gc-upf` | dataplane | `10.1.4.133` | auto (not used) | | -| upfa1 | `louisroyer/dev-free5gc-upf` | edge | `10.1.4.133` | auto (not used) | | -| upfa2 | `louisroyer/dev-free5gc-upf` | control | `10.1.3.137` | auto | | -| upfa2 | `louisroyer/dev-free5gc-upf` | dataplane | `10.1.4.134` | auto (not used) | | -| upfa2 | `louisroyer/dev-free5gc-upf` | edge | `10.1.4.134` | auto (not used) | | -| populate | `louisroyer/free5gc-populate` | db | auto | disabled | | -| mongodb | `mongodb` | db | auto | disabled | | -| nextmndb | `postgres` | nextmndb | auto | auto | | +| Name | Image | Network | IPv4 address | IPv6 address | Comment | +|------------|-------------------------------------|-----------|-----------------|-------------------------|---------------------------------------------| +| ue1 | `louisroyer/ueransim-ue` | ran | auto | auto | | +| ue1 | `louisroyer/ueransim-ue` | slice0 | `10.2.0.1` | disabled | | +| ue2 | `louisroyer/ueransim-ue` | ran | auto | auto | | +| ue2 | `louisroyer/ueransim-ue` | slice0 | `10.2.0.2` | disabled | | +| gnb1 | `louisroyer/ueransim-gnb` | ran | `10.1.0.129` | `fd00:0:0:0:1:8000:0:2` | | +| gnb1 | `louisroyer/ueransim-gnb` | control | `10.1.3.129` | auto | | +| gnb1 | `louisroyer/ueransim-gnb` | dataplane | `10.1.4.129` | auto (not used) | Route to srgw0 | +| gnb2 | `louisroyer/ueransim-gnb` | ran | `10.1.0.130` | `fd00:0:0:0:1:8000:0:3` | | +| gnb2 | `louisroyer/ueransim-gnb` | control | `10.1.3.130` | auto | | +| gnb2 | `louisroyer/ueransim-gnb` | dataplane | `10.1.4.130` | auto (not used) | Route to srgw0 | +| srgw0 | `louisroyer/dev-nextmn-srv6` | control | `10.1.3.131` | `fd00:0:0:0:2:8000:0:2` | | +| srgw0 | `louisroyer/dev-nextmn-srv6` | dataplane | `10.1.4.131` | `fd00:0:0:0:3:8000:0:2` | IPv6 routes to SR domain (rr) | +| srgw0 | `louisroyer/dev-nextmn-srv6` | srgw0 | `10.3.0.1` | disabled | H.M.GTP4.D | +| srgw0 | `louisroyer/dev-nextmn-srv6` | srgw0 | disabled | `fc00:1:1::/48` | End.M.GTP4.E | +| srgw0 | `louisroyer/dev-nextmn-srv6` | nextmndb | auto | auto | | +| r0 | `louisroyer/dev-nextmn-srv6` | control | auto | `fd00:0:0:0:2:8000:0:4` | | +| r0 | `louisroyer/dev-nextmn-srv6` | dataplane | auto (not used) | `fd00:0:0:0:3:8000:0:3` | IPv6 routes to SR domain (r1, rr) | +| r0 | `louisroyer/dev-nextmn-srv6` | r0 | disabled | `fc00:2:1::/48` | End.DX4 | +| r0 | `louisroyer/dev-nextmn-srv6` | edge | `10.1.5.129` | disabled | H.Encaps + Route to instance in edge0 (s0) | +| r0 | `louisroyer/dev-nextmn-srv6` | nextmndb | auto | auto | | +| r1 | `louisroyer/dev-nextmn-srv6` | control | auto | `fd00:0:0:0:2:8000:0:5` | | +| r1 | `louisroyer/dev-nextmn-srv6` | dataplane | auto (not used) | `fd00:0:0:0:3:8000:0:4` | IPv6 routes to SR domain (r0, rr) | +| r1 | `louisroyer/dev-nextmn-srv6` | r1 | disabled | `fc00:3:1::/48` | End.DX4 | +| r1 | `louisroyer/dev-nextmn-srv6` | edge | `10.1.5.130` | disabled | H.Encaps + Route to instances in edge1 (s1) | +| r1 | `louisroyer/dev-nextmn-srv6` | nextmndb | auto | auto | | +| rr | `louisroyer/dev-nextmn-srv6` | control | auto | `fd00:0:0:0:2:8000:0:3` | | +| rr | `louisroyer/dev-nextmn-srv6` | dataplane | auto (not used) | `fd00:0:0:0:3:8000:0:3` | IPv6 routes to SR domain (srgw0, r0, r1) | +| rr | `louisroyer/dev-nextmn-srv6` | rr | disabled | `fc00:4:1::/48` | End | +| rr | `louisroyer/dev-nextmn-srv6` | nextmndb | auto | auto | | +| s0 | `nginx` | edge | `10.1.5.131` | disabled | Route to slice0 via r0 | +| s0 | `ngnix` | service | `10.4.0.1` | disabled | | +| s1 | `nginx` | edge | `10.1.5.132` | disabled | Route to slice0 via r1 | +| s1 | `ngnix` | service | `10.4.0.1` | disabled | | +| srv6-ctrl | `louisroyer/dev-nextmn-srv6-ctrl` | control | `10.1.3.132` | `fd00:0:0:0:2:8000:0:2` | | +| amf | `louisroyer/dev-free5gc-amf` | control | `10.1.3.133` | auto | | +| amf | `louisroyer/dev-free5gc-amf` | sbi | `10.1.1.129` | disabled | | +| smf | `louisroyer/dev-free5gc-smf` | control | `10.1.3.134` | auto | | +| smf | `louisroyer/dev-free5gc-smf` | sbi | `10.1.1.130` | disabled | | +| nrf | `louisroyer/dev-free5gc-nrf` | sbi | `10.1.1.131` | disabled | | +| nrf | `louisroyer/dev-free5gc-nrf` | db | auto | disabled | | +| ausf | `louisroyer/dev-free5gc-ausf` | sbi | `10.1.1.132` | disabled | | +| nssf | `louisroyer/dev-free5gc-nssf` | sbi | `10.1.1.133` | disabled | | +| pcf | `louisroyer/dev-free5gc-pcf` | sbi | `10.1.1.134` | disabled | | +| pcf | `louisroyer/dev-free5gc-pcf` | db | auto | disabled | | +| udm | `louisroyer/dev-free5gc-udm` | sbi | `10.1.1.135` | disabled | | +| udr | `louisroyer/dev-free5gc-udr` | sbi | `10.1.1.136` | disabled | | +| udr | `louisroyer/dev-free5gc-udr` | db | auto | disabled | | +| chf | `louisroyer/dev/free5gc-chf` | sbi | `10.1.1.137` | disabled | | +| chf | `louisroyer/dev/free5gc-chf` | db | auto | disabled | | +| webconsole | `louisroyer/dev/free5gc-webconsole` | sbi | `10.1.1.138` | disabled | | +| webconsole | `louisroyer/dev/free5gc-webconsole` | db | auto | disabled | | +| upfi | `louisroyer/dev-free5gc-upf` | control | `10.1.3.135` | auto | | +| upfi | `louisroyer/dev-free5gc-upf` | dataplane | `10.1.4.132` | auto (not used) | | +| upfa1 | `louisroyer/dev-free5gc-upf` | control | `10.1.3.136` | auto | | +| upfa1 | `louisroyer/dev-free5gc-upf` | dataplane | `10.1.4.133` | auto (not used) | | +| upfa1 | `louisroyer/dev-free5gc-upf` | edge | `10.1.4.133` | auto (not used) | | +| upfa2 | `louisroyer/dev-free5gc-upf` | control | `10.1.3.137` | auto | | +| upfa2 | `louisroyer/dev-free5gc-upf` | dataplane | `10.1.4.134` | auto (not used) | | +| upfa2 | `louisroyer/dev-free5gc-upf` | edge | `10.1.4.134` | auto (not used) | | +| populate | `louisroyer/free5gc-populate` | db | auto | disabled | | +| mongodb | `mongodb` | db | auto | disabled | | +| nextmndb | `postgres` | nextmndb | auto | auto | | diff --git a/scripts/jinja/customize.py b/scripts/jinja/customize.py index f5d2665..a5f2070 100644 --- a/scripts/jinja/customize.py +++ b/scripts/jinja/customize.py @@ -12,6 +12,7 @@ import functools import shutil import secrets +import subprocess class _Context: _context = {} @@ -111,9 +112,9 @@ def j2_environment_params(): ) @filter -def indent(s: str, width: typing.Union[int, str] = 2, first: bool = False, blank: bool = False) -> str: +def indent(s: str, width: typing.Union[int, str] = 1, first: bool = False, blank: bool = False) -> str: '''Replace default indent function with sane default values''' - return jinja2.filters.do_indent(s=s, width=width, first=first, blank=blank) + return jinja2.filters.do_indent(s=s, width=width*2, first=first, blank=blank) class _Dumper(yaml.Dumper): '''Indent yaml list correctly''' @@ -167,7 +168,7 @@ def volume_ro(s: str, s2: str) -> str: @function def secret(s: str) -> str: build, _ = build_and_template_dir() - build = os.path.join(build,'secrets', s) + build = os.path.join(build, 'secrets', s) os.makedirs(os.path.dirname(build), exist_ok=True) try: with open(build, 'x') as f: @@ -177,13 +178,61 @@ def secret(s: str) -> str: pass return f'{os.path.join("./secrets", s)}' +@function(output='json') +def openssl(host: str, subnet: str) -> str: + ip = ipv4(host, subnet) + build, _ = build_and_template_dir() + key_filename = f'{host}_{subnet}.key' + pem_filename = f'{host}_{subnet}.pem' + path_key = os.path.join(build, 'secrets', key_filename) + path_pem = os.path.join(build, 'secrets', pem_filename) + if not (os.path.isfile(path_key) and os.path.isfile(path_key)): + os.makedirs(os.path.join('build', 'secrets'), exist_ok=True) + print(f'Creating new openssl key and certificate for `{host}.{subnet}`') + try: + subprocess.run(['openssl', 'req', '-x509', + '-sha256', '-nodes', + '-days', '30', + '-subj', f'/CN={host}.{subnet}', + '-addext', f'subjectAltName=DNS:{host}.{subnet},IP.1:{ip}', + '-newkey', 'rsa:2048', + '-keyout', path_key, + '-out', path_pem + ], check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + except subprocess.CalledProcessError: + raise(Exception(f'Could not create openssl key and certificate for {host}.{subnet}')) + + s = { + f'openssl_{host}_{subnet}_key': { + 'file': os.path.join("./secrets", key_filename), + }, + f'openssl_{host}_{subnet}_pem': { + 'file': os.path.join("./secrets", pem_filename), + }, + } + return json.dumps(s) + +@function(output='json') +def openssl_secrets(host: str, subnet: str) -> str: + return json.dumps([f'openssl_{host}_{subnet}_key', f'openssl_{host}_{subnet}_pem']) +@function(output='json') +def openssl_secrets_pem(host: str, subnet: str) -> str: + return json.dumps([f'openssl_{host}_{subnet}_pem']) + +@function +def openssl_secret_key(host: str, subnet: str) -> str: + return f'/run/secrets/openssl_{host}_{subnet}_key' + +@function +def openssl_secret_pem(host: str, subnet: str) -> str: + return f'/run/secrets/openssl_{host}_{subnet}_pem' @function def ipv4(host: str, subnet: str, _context: _Context) -> str: try: addr = _context.dict['subnets'][subnet][host]['ipv4_address'] except: - raise('Unknown ip address') + raise(Exception(f'Unknown ipv4 address for {host}.{subnet}')) return addr @function @@ -191,7 +240,7 @@ def ipv6(host: str, subnet: str, _context: _Context) -> str: try: addr = _context.dict['subnets'][subnet][host]['ipv6_address'] except: - raise('Unknown ip address') + raise(Exception(f'Unknown ipv6 address for {host}.{subnet}')) return addr @function @@ -199,7 +248,7 @@ def ipv4_subnet(subnet: str, _context: _Context) -> str: try: addr = _context.dict['subnets'][subnet]['subnet']['ipv4_address'] except: - raise('Unknown ip subnet') + raise(Exception(f'Unknown ipv4 subnet: {subnet}')) return addr @function @@ -207,7 +256,7 @@ def ipv6_subnet(subnet: str, _context: _Context) -> str: try: addr = _context.dict['subnets'][subnet]['subnet']['ipv6_address'] except: - raise('Unknown ip subnet') + raise(Exception(f'Unknown ipv6 subnet: {subnet}')) return addr @function @@ -215,7 +264,7 @@ def ipv6_prefix(name: str, subnet: str, _context: _Context) -> str: try: addr = _context.dict['subnets'][subnet][name]['ipv6_prefix'] except: - raise('Unknown ip address') + raise(Exception(f'Unknown ipv6 prefix for subnet {subnet}')) return addr @function(output='json') diff --git a/templates/compose.yaml.j2 b/templates/compose.yaml.j2 index 1256870..972f345 100644 --- a/templates/compose.yaml.j2 +++ b/templates/compose.yaml.j2 @@ -171,6 +171,9 @@ services: MCC: "001" MNC: "01" NRF: "nrf.sbi:8000" + NRF_PEM: "{{ openssl_secret_pem('nrf', 'sbi') }}" + AMF_PEM: "{{ openssl_secret_pem('amf', 'sbi') }}" + AMF_KEY: "{{ openssl_secret_key('amf', 'sbi') }}" SUPPORT_DNN_LIST: |- #~ if not use_free5gc_upf - srv6 @@ -186,6 +189,9 @@ services: sd: 000002 #~ endif TAC: "000001" + secrets: + {{ openssl_secrets_pem_s('nrf', 'sbi') | indent(2) }} + {{ openssl_secrets_s('amf', 'sbi') | indent(2) }} networks: control: ipv4_address: "{{ ipv4('amf', 'control') }}" @@ -207,6 +213,10 @@ services: SBI_BINDING_PORT: "8000" MCC: "001" MNC: "01" + NRF_PEM: "{{ openssl_secret_pem('nrf', 'sbi') }}" + NRF_KEY: "{{ openssl_secret_key('nrf', 'sbi') }}" + secrets: + {{ openssl_secrets_s('nrf', 'sbi') | indent(2) }} networks: db: sbi: @@ -223,6 +233,9 @@ services: MCC: "001" MNC: "01" NRF: "nrf.sbi:8000" + NRF_PEM: "{{ openssl_secret_pem('nrf', 'sbi') }}" + AUSF_PEM: "{{ openssl_secret_pem('ausf', 'sbi') }}" + AUSF_KEY: "{{ openssl_secret_key('ausf', 'sbi') }}" networks: sbi: ipv4_address: "{{ ipv4('ausf', 'sbi') }}" @@ -236,6 +249,12 @@ services: SBI_BINDING_IP: "{{ ipv4('udm', 'sbi') }}" SBI_BINDING_PORT: "8000" NRF: "nrf.sbi:8000" + NRF_PEM: "{{ openssl_secret_pem('nrf', 'sbi') }}" + UDM_PEM: "{{ openssl_secret_pem('udm', 'sbi') }}" + UDM_KEY: "{{ openssl_secret_key('udm', 'sbi') }}" + secrets: + {{ openssl_secrets_pem_s('nrf', 'sbi') | indent(2) }} + {{ openssl_secrets_s('udm', 'sbi') | indent(2) }} networks: sbi: ipv4_address: "{{ ipv4('udm', 'sbi') }}" @@ -250,6 +269,12 @@ services: SBI_BINDING_IP: "{{ ipv4('udr', 'sbi') }}" SBI_BINDING_PORT: "8000" NRF: "nrf.sbi:8000" + NRF_PEM: "{{ openssl_secret_pem('nrf', 'sbi') }}" + UDR_PEM: "{{ openssl_secret_pem('udr', 'sbi') }}" + UDR_KEY: "{{ openssl_secret_key('udr', 'sbi') }}" + secrets: + {{ openssl_secrets_pem_s('nrf', 'sbi') | indent(2) }} + {{ openssl_secrets_s('udr', 'sbi') | indent(2) }} networks: db: sbi: @@ -265,11 +290,60 @@ services: SBI_BINDING_IP: "{{ ipv4('pcf', 'sbi') }}" SBI_BINDING_PORT: "8000" NRF: "nrf.sbi:8000" + NRF_PEM: "{{ openssl_secret_pem('nrf', 'sbi') }}" + PCF_PEM: "{{ openssl_secret_pem('pcf', 'sbi') }}" + PCF_KEY: "{{ openssl_secret_key('pcf', 'sbi') }}" + secrets: + {{ openssl_secrets_pem_s('nrf', 'sbi') | indent(2) }} + {{ openssl_secrets_s('pcf', 'sbi') | indent(2) }} networks: db: sbi: ipv4_address: "{{ ipv4('pcf', 'sbi') }}" + {{ container_s(name='chf', image='louisroyer/dev-free5gc-chf', restart='always') }} + depends_on: + nrf: # required to being able to deregister propertly + condition: service_started + webconsole: + condition: service_started + environment: + MONGO_HOST: "mongodb.db" + SBI_REGISTER_IP: "chf.sbi" + SBI_BINDING_IP: "{{ ipv4('chf', 'sbi') }}" + SBI_BINDING_PORT: "8000" + NRF: "nrf.sbi:8000" + NRF_PEM: "{{ openssl_secret_pem('nrf', 'sbi') }}" + BILLING_IP: "{{ ipv4('webconsole', 'sbi') }}" + CHF_PEM: "{{ openssl_secret_pem('chf', 'sbi') }}" + CHF_KEY: "{{ openssl_secret_key('chf', 'sbi') }}" + secrets: + {{ openssl_secrets_pem_s('nrf', 'sbi') | indent(2) }} + {{ openssl_secrets_s('chf', 'sbi') | indent(2) }} + networks: + db: + sbi: + ipv4_address: "{{ ipv4('chf', 'sbi') }}" + + {{ container_s(name='webconsole', image='louisroyer/dev-free5gc-webconsole', restart='always') }} + depends_on: + nrf: # required to being able to deregister propertly + condition: service_started + environment: + MONGO_HOST: "mongodb.db" + NRF: "nrf.sbi:8000" + NRF_PEM: "{{ openssl_secret_pem('nrf', 'sbi') }}" + BILLING_IP: "{{ ipv4('webconsole', 'sbi') }}" + CHF_PEM: "{{ openssl_secret_pem('chf', 'sbi') }}" + CHF_KEY: "{{ openssl_secret_key('chf', 'sbi') }}" + secrets: + {{ openssl_secrets_pem_s('nrf', 'sbi') | indent(2) }} + {{ openssl_secrets_s('chf', 'sbi') | indent(2) }} + networks: + db: + sbi: + ipv4_address: "{{ ipv4('webconsole', 'sbi') }}" + {{ container_s(name='smf', image='louisroyer/dev-free5gc-smf', restart='always') }} depends_on: nrf: # required to being able to deregister propertly @@ -279,6 +353,9 @@ services: SBI_BINDING_IP: "{{ ipv4('smf', 'sbi') }}" SBI_BINDING_PORT: "8000" NRF: "nrf.sbi:8000" + NRF_PEM: "{{ openssl_secret_pem('nrf', 'sbi') }}" + SMF_PEM: "{{ openssl_secret_pem('smf', 'sbi') }}" + SMF_KEY: "{{ openssl_secret_key('smf', 'sbi') }}" N4: "{{ ipv4('smf', 'control') }}" MCC: "001" MNC: "01" @@ -449,6 +526,9 @@ services: B: UPFA1 #~ endif #~ endif + secrets: + {{ openssl_secrets_pem_s('nrf', 'sbi') | indent(2) }} + {{ openssl_secrets_s('smf', 'sbi') | indent(2) }} networks: control: ipv4_address: "{{ ipv4('smf', 'control') }}" @@ -490,6 +570,9 @@ services: SBI_BINDING_IP: "{{ ipv4('nssf', 'sbi') }}" SBI_BINDING_PORT: "8000" NRF: "nrf.sbi:8000" + NRF_PEM: "{{ openssl_secret_pem('nrf', 'sbi') }}" + NSSF_PEM: "{{ openssl_secret_pem('nssf', 'sbi') }}" + NSSF_KEY: "{{ openssl_secret_key('nssf', 'sbi') }}" MCC: "001" MNC: "01" NSSF_NAME: "NSSF" @@ -584,6 +667,9 @@ services: sst: 1 sd: 00002 #~ endif + secrets: + {{ openssl_secrets_pem_s('nrf', 'sbi') | indent(2) }} + {{ openssl_secrets_s('nssf', 'sbi') | indent(2) }} networks: sbi: ipv4_address: "{{ ipv4('nssf', 'sbi') }}" @@ -952,8 +1038,17 @@ services: #~ endif #~ endif -#~ if not use_free5gc_upf secrets: + {{ openssl_s('amf', 'sbi') }} + {{ openssl_s('ausf', 'sbi') }} + {{ openssl_s('chf', 'sbi') }} + {{ openssl_s('nrf', 'sbi') }} + {{ openssl_s('nssf', 'sbi') }} + {{ openssl_s('pcf', 'sbi') }} + {{ openssl_s('smf', 'sbi') }} + {{ openssl_s('udm', 'sbi') }} + {{ openssl_s('udr', 'sbi') }} +#~ if not use_free5gc_upf rr_db_password: file: "{{ secret('rr_db_password.txt') }}" r0_db_password: