### Description
In our setup, we try to eliminate setup configuration in database and replace it with files. The advantage is, that we can maintain those files via puppet or ansible, and since we always rewrite the whole file, we don't have to take care about deleting obsolete entries. We can run different Kamailio versions without having problems with the version table when using the same database. And finally, we can stop all those local mysqld processes on a lot of machines.
Modules like the dispatcher module were easy to change. But the permissions module is not prepared to run without database, if you want to use `allow_trusted()` or `allow_source_address()` and similar. The only option to feed those functions with data is a database table.
### Expected behavior
We would like to place files for trusted and address into the Kamailio directory and have Kamailio read from those files during startup or after reload commands.
#### Actual observed behavior
Data for trusted and address have to reside inside a database.
One obvious workaround comparing to change in to the code would be to use something like dbtext or db_berkeley for this function.
As another solution, when using KEMI, I did it by defining a local map/array and then looping and using ipops functions, like next one in Lua:
``` ALLOWADDR={ "10.10.10.0/24",, "10.11.11.11/32" };
function ksr_is_src_trusted() local srcaddr = KSR.pv.get("$si"); for idx, val in pairs(ALLOWADDR) do if KSR.ipops.ip_is_in_subnet(srcaddr, val) > 0 then return true; end end return false; end ```
Then reload Lua script.
Also, if you match on IP only, then you can use dispatcher module, there are functions to match addresses in a group.
Then, permissions module has functionality to work with text files, but I am not sure they map on trusted or address table, never used those features, but I expect to be something documented in the readme.
Finally, I actually considered to implement an embedded solution in the module to work with a text file for address matching (I am not using allow_trusted(), only allow_address()), but I didn't get there yet, finding other variants so far when I wanted to avoid database.
Implemented for address table -- now its corresponding records can be in a file
Closed #2037.
-
Daniel-Constantin Mierla -
Henning Westerholt
-
Sebastian Damm