diff --git a/config.ini.sample b/config.ini.sample index 538cf73..696e2b7 100644 --- a/config.ini.sample +++ b/config.ini.sample @@ -1,240 +1,243 @@ [Relay] ; A list of dispatchers to connect to, separated by spaces. The format is ; "host[:port] [host[:port] ...]". If a port is not specified the default port ; of 25060 will be used. "host" can be one of the following: ; - A domain name that has a SRV record for a SIP proxy, i.e. at ; "_sip._udp.". If the DNS lookup for this succeeds the relay ; will connect to the IP address of the SIP proxy on the port specified in ; this configuration. ; - A hostname. The lookup for this will be performed if the SRV lookup ; fails. ; - An IP address. The relay will connect directly to this address. ; Both the SRV and hostname lookups will be periodically refreshed (see ; "dns_check_interval" below). ; ;dispatchers = example.com 1.2.3.4:12345 ; Specify extra checks to be performed on the dispatcher TLS credentials before ; considering the connection with the dispatcher successful. The passport is ; specified as a list of attribute/value pairs in the form: ; AN:value[, AN:value...] ; where the attribute name (AN) is one of the available attribute names from ; the X509 certificate subject: O, OU, CN, C, L, ST, EMAIL. The value is a ; string that has to match with the corresponding attribute value from the ; dispatcher certificate. A wildcard (*) can be used in the value at the ; beginning or the end of the string to indicate that the corresponding ; attribute from the dispatcher certificate must end with respectively to ; start with the given string (excluding the wildcard). ; For example using this passport: ; passport = O:AG Projects, CN:*dispatcher ; means that a connection with a dispatcher will only be accepted if the ; dispatcher certificate subject has organization set to "AG Projects" and ; the common name ends with "dispatcher". To specify that no additional ; identity checks need to be performed, use the keyword None. If passport ; is None, then only the certificate signature is verified against the ; certificate authority in tls/ca.pem (signature is always verified even ; when passport is None). ; ; Default value is None. ; ;passport = None ; The host IP address used for relaying streams. The default for this value ; is to use the IP address of the interface that has the default route. This ; is the most appropriate choice for almost any situation. Unless you need to ; use a very specific interface, which is not the default one, there is no need ; to set this option. Leave this option commented to use the default value. ;relay_ip = ; The IP address of the relay can be replaced with the IP address of the ; interface coreponding to the sourceIP and destinationIP of the call. ; if set to False the relay_ip will be used instead ;auto_detect_interfaces = False ; The host IP address to return when a session is allocated in the relay. This ; could be of use in case the relay is behind NAT but it has a 1 to 1 mapping ; with a public IP address, like Amazon EC2, for example. ; If set, auto_detect_interfaces setting will be ignored. ;advertised_ip = ; The port range to use for relaying media streams in the form start:end with ; start and end being even numbers in the [1024, 65536] range and start < end -; The default range is 50000:60000. You should allocate 4 times the number of +; The default range is 40000:60000. You should allocate 4 times the number of ; streams you plan for the relay to handle simultaneously. The default range -; having 10000 ports, is able to handle up to 2500 streams. +; having 20000 ports, is able to handle up to 5000 streams. ; -;port_range = 50000:60000 +; IMPORTANT NOTE: under heavy CPS attempts, the available ports may be +; exhaused before the calls setup +; +;port_range = 40000:60000 ; Logging level (one of CRITICAL, ERROR, WARNING, INFO or DEBUG) ;log_level = INFO ; The amount of time to wait for a stream in a new SDP offer to start sending ; data before the relay decides that it has timed out. The default value is 90 ; seconds. This only applies to the initial setup stage, before the first ; packet for a stream is received (from both ends). After the stream is started ; and the conntrack rule is in place, the idle timeout (how long before the ; conntrack rule expires when no traffic is received) is controlled by a kernel ; setting that defaults to 180 seconds and can be adjusted in: ; /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream ; ;stream_timeout = 90 ; Amount of time a call can be on hold before it is declared expired by the ; relay. The default value is 7200 seconds (2 hours). ; ;on_hold_timeout = 7200 ; How often to check in DNS if the SRV and A records for the dispatcher have ; changed. Interval is in seconds and the default value is 60 seconds. ; ;dns_check_interval = 60 ; If the relay cannot connect to a dispatcher is should retry after this ; amount of seconds. The default value is 10 seconds. ; ;reconnect_delay = 10 ; How often to sample the aggregate amount of data processed by the relay, in ; order to compute an average of the relayed traffic over that period. The ; value is expressed in seconds and the default value is 15 seconds. ; Use 0 to disable it in case you have to many streams processed by the relay ; and it warns you in syslog that gathering this information takes too long. ; ;traffic_sampling_period = 15 ; Specify a list of network ranges (in CIDR notation) for which media is relayed ; even if no packet was received from the endpoint and the IP address is private. ;routable_private_ranges = 192.168.1.0/24 [Dispatcher] ; Local socket on which to communicate with OpenSIPS. The OpenSIPS mediaproxy ; module should be configured to connect to this socket. If a relative path, ; the runtime directory will be prepended. Default value is dispatcher.sock. ; ;socket_path = dispatcher.sock ; Listen address for incoming connections from the relays. The format is ; "ip[:port]". If the ip is "0.0.0.0" or the keyword "any", the dispatcher ; will listen on all interfaces of this host. If the port is not specified, ; the dispatcher will listen on the default port of 25060. ; ;listen = 0.0.0.0 ; Listen address for incoming management interface connections. Clients can ; connect to this and issue commands to query the status of the relays and ; their sessions. The format is "ip[:port]". If the ip is "0.0.0.0" or the ; keyword "any", the dispatcher will listen on all interfaces of this host. ; If the port is not specified, the dispatcher will listen on the default ; port of 25061. ; ;listen_management = 0.0.0.0 ; Whether or not to use TLS on the management interface. Note that the same ; TLS credentials are used for both the relay and the management interface ; connections. ; ; Default value is yes. ; ;management_use_tls = yes ; Specify extra checks to be performed on the relay TLS credentials before ; considering the connection with the relay successful. The passport is ; specified as a list of attribute/value pairs in the form: ; AN:value[, AN:value...] ; where the attribute name (AN) is one of the available attribute names from ; the X509 certificate subject: O, OU, CN, C, L, ST, EMAIL. The value is a ; string that has to match with the corresponding attribute value from the ; relay certificate. A wildcard (*) can be used in the value at the beginning ; or the end of the string to indicate that the corresponding attribute from ; the relay certificate must end with respectively to start with the given ; string (excluding the wildcard). ; For example using this passport: ; passport = O:AG Projects, CN:relay* ; means that a connection with a relay will only be accepted if the relay ; certificate subject has organization set to "AG Projects" and the common ; name starts with "relay". To specify that no additional identity checks ; need to be performed, use the keyword None. If passport is None, then only ; the certificate signature is verified against the certificate authority in ; tls/ca.pem (signature is always verified even when passport is None). ; ; Default value is None. ; ;passport = None ; This option is similar to passport above, but applies to the management ; interface connections instead of relay connections. It specifies extra ; checks to be performed on the TLS credentials supplied by an entity that ; connects to the management interface. Please consult passport above for ; a detailed description of the possible values for this option. ; ; If management_use_tls is false, this option is ignored. ; ; Default value is None. ; ;management_passport = None ; Logging level (one of CRITICAL, ERROR, WARNING, INFO or DEBUG) ;log_level = INFO ; Timeout value in second for individual relays. When a command is sent from ; the dispatcher to a relay it will wait this amount of seconds for a reply. ; The default is 5 seconds. ; ;relay_timeout = 5 ; A comma separated list of accounting backends that will be used to save ; accounting data with the session information once a session has finished. ; Currently 2 backends are available: "radius" and "database". If enabled ; they can be configured below in their respective sections. The default ; is to use no accounting backend. ; ;accounting = [TLS] ; Path to the certificates. If relative, it will be looked up in both the ; application directory (for a standalone installation) and /etc/mediaproxy, ; the former taking precedence if found. ; ;certs_path = tls ; How often (in seconds) to verify the peer certificate for expiration and ; revocation. Default value is 300 seconds (5 minutes) ; ;verify_interval = 300 [Database] ; This section needs to be configured if database accounting is enabled ; Database URI in the form: scheme://user:password@host/database ;dburi = mysql://mediaproxy:CHANGEME@localhost/mediaproxy ; Name for the table. ;sessions_table = media_sessions ; Column names. Columns are strings except for info which is a BLOB ; ;callid_column = call_id ;fromtag_column = from_tag ;totag_column = to_tag ;info_column = info [Radius] ; This section needs to be configured if radius accounting is enabled ; OpenSIPS RADIUS configuration file. All RADIUS configuration parameters ; will be read from this file, including dictionary files. ; ;config_file = /etc/opensips/radius/client.conf ; Additional dictionary file with MediaProxy specific attributes. ;additional_dictionary = radius/dictionary [OpenSIPS] ; Configure interaction between the media dispatcher and OpenSIPS ; Path to OpenSIPS's UNIX filesystem socket from the mi_datagram module. ;socket_path = /run/opensips/socket diff --git a/mediaproxy/configuration/__init__.py b/mediaproxy/configuration/__init__.py index 60a3ba6..03b38fc 100644 --- a/mediaproxy/configuration/__init__.py +++ b/mediaproxy/configuration/__init__.py @@ -1,91 +1,91 @@ from application import log from application.configuration import ConfigSection, ConfigSetting from application.configuration.datatypes import IPAddress, LogLevel, NetworkRangeList from application.system import host from mediaproxy import configuration_file from mediaproxy.configuration.datatypes import AccountingModuleList, DispatcherIPAddress, DispatcherAddressList, DispatcherManagementAddress, PortRange, PositiveInteger, SIPThorDomain, X509NameValidator class DispatcherConfig(ConfigSection): __cfgfile__ = configuration_file __section__ = 'Dispatcher' socket_path = 'dispatcher.sock' listen = ConfigSetting(type=DispatcherIPAddress, value=DispatcherIPAddress('any')) listen_management = ConfigSetting(type=DispatcherManagementAddress, value=DispatcherManagementAddress('any')) relay_timeout = 5 # How much to wait for an answer from a relay relay_recover_interval = 60 # How much to wait for an unresponsive relay to recover, before disconnecting it cleanup_dead_relays_after = 43200 # 12 hours cleanup_expired_sessions_after = 86400 # 24 hours management_use_tls = True accounting = ConfigSetting(type=AccountingModuleList, value=[]) passport = ConfigSetting(type=X509NameValidator, value=None) management_passport = ConfigSetting(type=X509NameValidator, value=None) log_level = ConfigSetting(type=LogLevel, value=log.level.INFO) class RelayConfig(ConfigSection): __cfgfile__ = configuration_file __section__ = 'Relay' relay_ip = ConfigSetting(type=IPAddress, value=host.default_ip) advertised_ip = ConfigSetting(type=IPAddress, value=None) auto_detect_interfaces = False stream_timeout = 90 on_hold_timeout = 7200 traffic_sampling_period = 15 userspace_transmit_every = 1 dispatchers = ConfigSetting(type=DispatcherAddressList, value=[]) - port_range = PortRange('50000:60000') + port_range = PortRange('40000:60000') dns_check_interval = PositiveInteger(60) keepalive_interval = PositiveInteger(10) reconnect_delay = PositiveInteger(10) passport = ConfigSetting(type=X509NameValidator, value=None) routable_private_ranges = ConfigSetting(type=NetworkRangeList, value=[]) log_level = ConfigSetting(type=LogLevel, value=log.level.INFO) class OpenSIPSConfig(ConfigSection): __cfgfile__ = configuration_file __section__ = 'OpenSIPS' socket_path = '/run/opensips/socket' location_table = 'location' class RadiusConfig(ConfigSection): __cfgfile__ = configuration_file __section__ = 'Radius' config_file = '/etc/opensips/radius/client.conf' additional_dictionary = 'radius/dictionary' class DatabaseConfig(ConfigSection): __cfgfile__ = configuration_file __section__ = 'Database' dburi = '' sessions_table = 'media_sessions' callid_column = 'call_id' fromtag_column = 'from_tag' totag_column = 'to_tag' info_column = 'info' class TLSConfig(ConfigSection): __cfgfile__ = configuration_file __section__ = 'TLS' certs_path = 'tls' verify_interval = 300 class ThorNetworkConfig(ConfigSection): __cfgfile__ = configuration_file __section__ = 'ThorNetwork' domain = ConfigSetting(type=SIPThorDomain, value=None) node_ip = host.default_ip