CORD-2409 HSS playbook
Change-Id: Ie7150633966908bf260d834f0ac7ffc9f34e20f4
diff --git a/xos/synchronizer/steps/roles/setup-sprint-hss/tasks/main.yml b/xos/synchronizer/steps/roles/setup-sprint-hss/tasks/main.yml
new file mode 100644
index 0000000..2bd8a1f
--- /dev/null
+++ b/xos/synchronizer/steps/roles/setup-sprint-hss/tasks/main.yml
@@ -0,0 +1,38 @@
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+- name: Copy templates
+ template:
+ src: "templates/{{ item }}.j2"
+ dest: "{{ source_path }}/conf/{{ item }}"
+ with_items:
+ - hss.conf
+ - hss.json
+
+- name: Run make_certs.sh command
+ shell: "bin/make_certs.sh hss {{ realm }}"
+ args:
+ chdir: "{{ source_path }}"
+
+- name: Load key
+ shell: "bin/hss -j conf/hss.json --onlyloadkey"
+ args:
+ chdir: "{{ source_path }}"
+
+- name: Run HSS
+ shell: "bin/hss -j conf/hss.json"
+ args:
+ chdir: "{{ source_path }}"
diff --git a/xos/synchronizer/steps/roles/setup-sprint-hss/templates/hss.conf.j2 b/xos/synchronizer/steps/roles/setup-sprint-hss/templates/hss.conf.j2
new file mode 100644
index 0000000..66bb8e2
--- /dev/null
+++ b/xos/synchronizer/steps/roles/setup-sprint-hss/templates/hss.conf.j2
@@ -0,0 +1,200 @@
+{#
+Copyright 2017-present Open Networking Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+#}
+# -------- Local ---------
+# The first parameter in this section is Identity, which will be used to
+# identify this peer in the Diameter network. The Diameter protocol mandates
+# that the Identity used is a valid FQDN for the peer. This parameter can be
+# omitted, in that case the framework will attempt to use system default value
+# (as returned by hostname --fqdn).
+Identity = "{{ identity }}";
+
+# In Diameter, all peers also belong to a Realm. If the realm is not specified,
+# the framework uses the part of the Identity after the first dot.
+Realm = "{{ realm }}";
+
+
+# This parameter is mandatory, even if it is possible to disable TLS for peers
+# connections. A valid certificate for this Diameter Identity is expected.
+TLS_Cred = "./conf/hss.cert.pem", "./conf/hss.key.pem";
+TLS_CA = "./conf/cacert.pem";
+
+
+# Disable use of TCP protocol (only listen and connect in SCTP)
+# Default : TCP enabled
+No_SCTP;
+
+
+# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
+# Prefer TCP instead of SCTP for establishing new connections.
+# This setting may be overwritten per peer in peer configuration blocs.
+# Default : SCTP is attempted first.
+Prefer_TCP;
+
+
+# Disable use of IPv6 addresses (only IP)
+# Default : IPv6 enabled
+No_IPv6;
+
+
+# Overwrite the number of SCTP streams. This value should be kept low,
+# especially if you are using TLS over SCTP, because it consumes a lot of
+# resources in that case. See tickets 19 and 27 for some additional details on
+# this.
+# Limit the number of SCTP streams
+SCTP_streams = 3;
+
+
+# By default, freeDiameter acts as a Diameter Relay Agent by forwarding all
+# messages it cannot handle locally. This parameter disables this behavior.
+NoRelay;
+
+
+# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed
+# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the
+# CER/CEA exchange on a dedicated secure port.
+# This parameter only affects outgoing connections.
+# The setting can be also defined per-peer (see Peers configuration section).
+# Default: use RFC6733 method with separate port for TLS.
+
+#TLS_old_method;
+
+
+# Number of parallel threads that will handle incoming application messages.
+# This parameter may be deprecated later in favor of a dynamic number of threads
+# depending on the load.
+AppServThreads = 4;
+
+# Specify the addresses on which to bind the listening server. This must be
+# specified if the framework is unable to auto-detect these addresses, or if the
+# auto-detected values are incorrect. Note that the list of addresses is sent
+# in CER or CEA message, so one should pay attention to this parameter if some
+# adresses should be kept hidden.
+#ListenOn = "127.0.0.1";
+
+Port = 3868;
+SecPort = 5868;
+
+LoadExtension = "acl_wl.fdx" : "./conf/acl.conf";
+
+# -------- Extensions ---------
+
+#LoadExtension = "/usr/local/lib/freeDiameter/_sample.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/app_acct.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/app_diameap.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/app_radgw.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/app_redirect.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/app_sip.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dbg_interactive.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dbg_monitor.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dbg_msg_dumps.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dbg_msg_timings.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dbg_rt.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_CreditControl.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_CxDx.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_Gx.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_NAS.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_Ro.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_Rx.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_S6mS6n.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_SGd.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_SLh.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_Sd.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_Sh.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_T4.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_T6aT6bT7.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_Tsp.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_dcca.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_dcca_3gpp.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_dcca_starent.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_eap.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_legacy_xml.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_mip6a.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_mip6i.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_nas_mipv6.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_nasreq.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_sip.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/rt_busypeers.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/rt_default.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/rt_ereg.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/rt_ignore_dh.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/rt_load_balance.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/rt_randomize.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/rt_redirect.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/test_acct.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/test_app.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/test_hss.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/test_netemul.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/test_rt_any.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/test_sip.fdx";
+#LoadExtension = "/usr/local/lib/freeDiameter/dict_Rf.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_S6as6d.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_S6t.fdx";
+LoadExtension = "/usr/local/lib/freeDiameter/dict_S6c.fdx";
+
+
+# Load RFC4072 dictionary objects
+#LoadExtension = "dict_eap.fdx";
+
+# Load the Diameter EAP server extension (requires diameap.conf)
+#LoadExtension = "app_diameap.fdx" : "diameap.conf";
+
+# Load the Accounting Server extension (requires app_acct.conf)
+#LoadExtension = "app_acct.fdx" : "app_acct.conf";
+
+# -------- Peers ---------
+
+# The framework will actively attempt to establish and maintain a connection
+# with the peers listed here.
+# For only accepting incoming connections, see the acl_wl.fx extension.
+
+#ConnectPeer = "peer1.localdomain" { ConnectTo = "127.0.0.1"; };
diff --git a/xos/synchronizer/steps/roles/setup-sprint-hss/templates/hss.json.j2 b/xos/synchronizer/steps/roles/setup-sprint-hss/templates/hss.json.j2
new file mode 100644
index 0000000..f35abb5
--- /dev/null
+++ b/xos/synchronizer/steps/roles/setup-sprint-hss/templates/hss.json.j2
@@ -0,0 +1,33 @@
+{#
+Copyright 2017-present Open Networking Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+#}
+{"common": {
+ "fdcfg": "conf/hss.conf",
+ "originhost": "{{ identity }}",
+ "originrealm": "{{ realm }}"
+ },
+ "hss": {
+ "gtwhost": "*",
+ "gtwport" : 9080,
+ "restport" : 9081,
+ "casssrv": "{{ db_ip }}",
+ "cassusr": "root",
+ "casspwd": "root",
+ "cassdb" : "vhss",
+ "randv" : true,
+ "optkey" : "63bfa50ee6523365ff14c1f45f88737d",
+ "reloadkey" : false
+ }
+}