Gitiles
Code Review Sign In
gerrit.nordix.org / onap / ccsdk / apps / ec42fbdf2e1b1f985777cd6adc1a3287f842b28f / . / sdnr / model / yang / ietf-system@2014-08-06.yang
blob: de3096c4c03e2992b0e1c216267b904c281caa5c [file] [log] [blame]
demx8as69872fa02018-07-06 10:27:37 +0200[diff] [blame]1module ietf-system {
2 namespace "urn:ietf:params:xml:ns:yang:ietf-system";
3 prefix "sys";
4
5 import ietf-yang-types {
6 prefix yang;
7 }
8
9 import ietf-inet-types {
10 prefix inet;
11 }
12
13 import ietf-netconf-acm {
14 prefix nacm;
15 }
16
17 import iana-crypt-hash {
18 prefix ianach;
19 }
20
21 organization
22 "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
23
24
25
26
27
28
29
30 contact
31 "WG Web: <http://tools.ietf.org/wg/netmod/>
32 WG List: <mailto:netmod@ietf.org>
33
34 WG Chair: Thomas Nadeau
35 <mailto:tnadeau@lucidvision.com>
36
37 WG Chair: Juergen Schoenwaelder
38 <mailto:j.schoenwaelder@jacobs-university.de>
39
40 Editor: Andy Bierman
41 <mailto:andy@yumaworks.com>
42
43 Editor: Martin Bjorklund
44 <mailto:mbj@tail-f.com>";
45
46 description
47 "This module contains a collection of YANG definitions for the
48 configuration and identification of some common system
49 properties within a device containing a NETCONF server. This
50 includes data node definitions for system identification,
51 time-of-day management, user management, DNS resolver
52 configuration, and some protocol operations for system
53 management.
54
55 Copyright (c) 2014 IETF Trust and the persons identified as
56 authors of the code. All rights reserved.
57
58 Redistribution and use in source and binary forms, with or
59 without modification, is permitted pursuant to, and subject
60 to the license terms contained in, the Simplified BSD License
61 set forth in Section 4.c of the IETF Trust's Legal Provisions
62 Relating to IETF Documents
63 (http://trustee.ietf.org/license-info).
64
65 This version of this YANG module is part of RFC 7317; see
66 the RFC itself for full legal notices.";
67
68 revision 2014-08-06 {
69 description
70 "Initial revision.";
71 reference
72 "RFC 7317: A YANG Data Model for System Management";
73 }
74
75
76
77
78 /*
79 * Typedefs
80 */
81
82 typedef timezone-name {
83 type string;
84 description
85 "A time zone name as used by the Time Zone Database,
86 sometimes referred to as the 'Olson Database'.
87
88 The exact set of valid values is an implementation-specific
89 matter. Client discovery of the exact set of time zone names
90 for a particular server is out of scope.";
91 reference
92 "RFC 6557: Procedures for Maintaining the Time Zone Database";
93 }
94
95 /*
96 * Features
97 */
98
99 feature radius {
100 description
101 "Indicates that the device can be configured as a RADIUS
102 client.";
103 reference
104 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
105 }
106
107 feature authentication {
108 description
109 "Indicates that the device supports configuration of
110 user authentication.";
111 }
112
113 feature local-users {
114 if-feature authentication;
115 description
116 "Indicates that the device supports configuration of
117 local user authentication.";
118 }
119
120
121
122
123
124
125
126 feature radius-authentication {
127 if-feature radius;
128 if-feature authentication;
129 description
130 "Indicates that the device supports configuration of user
131 authentication over RADIUS.";
132 reference
133 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
134 RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
135 Authorization for Network Access Server (NAS)
136 Management";
137 }
138
139 feature ntp {
140 description
141 "Indicates that the device can be configured to use one or
142 more NTP servers to set the system date and time.";
143 }
144
145 feature ntp-udp-port {
146 if-feature ntp;
147 description
148 "Indicates that the device supports the configuration of
149 the UDP port for NTP servers.
150
151 This is a 'feature', since many implementations do not support
152 any port other than the default port.";
153 }
154
155 feature timezone-name {
156 description
157 "Indicates that the local time zone on the device
158 can be configured to use the TZ database
159 to set the time zone and manage daylight saving time.";
160 reference
161 "RFC 6557: Procedures for Maintaining the Time Zone Database";
162 }
163
164 feature dns-udp-tcp-port {
165 description
166 "Indicates that the device supports the configuration of
167 the UDP and TCP port for DNS servers.
168
169 This is a 'feature', since many implementations do not support
170 any port other than the default port.";
171 }
172
173
174 /*
175 * Identities
176 */
177
178 identity authentication-method {
179 description
180 "Base identity for user authentication methods.";
181 }
182
183 identity radius {
184 base authentication-method;
185 description
186 "Indicates user authentication using RADIUS.";
187 reference
188 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
189 RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
190 Authorization for Network Access Server (NAS)
191 Management";
192 }
193
194 identity local-users {
195 base authentication-method;
196 description
197 "Indicates password-based authentication of locally
198 configured users.";
199 }
200
201 identity radius-authentication-type {
202 description
203 "Base identity for RADIUS authentication types.";
204 }
205
206 identity radius-pap {
207 base radius-authentication-type;
208 description
209 "The device requests Password Authentication Protocol (PAP)
210 authentication from the RADIUS server.";
211 reference
212 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
213 }
214
215
216
217
218
219
220
221
222 identity radius-chap {
223 base radius-authentication-type;
224 description
225 "The device requests Challenge Handshake Authentication
226 Protocol (CHAP) authentication from the RADIUS server.";
227 reference
228 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
229 }
230
231 /*
232 * Configuration data nodes
233 */
234
235 container system {
236 description
237 "System group configuration.";
238
239 leaf contact {
240 type string;
241 description
242 "The administrator contact information for the system.
243
244 A server implementation MAY map this leaf to the sysContact
245 MIB object. Such an implementation needs to use some
246 mechanism to handle the differences in size and characters
247 allowed between this leaf and sysContact. The definition of
248 such a mechanism is outside the scope of this document.";
249 reference
250 "RFC 3418: Management Information Base (MIB) for the
251 Simple Network Management Protocol (SNMP)
252 SNMPv2-MIB.sysContact";
253 }
254 leaf hostname {
255 type inet:domain-name;
256 description
257 "The name of the host. This name can be a single domain
258 label or the fully qualified domain name of the host.";
259 }
260 leaf location {
261 type string;
262 description
263 "The system location.
264
265 A server implementation MAY map this leaf to the sysLocation
266 MIB object. Such an implementation needs to use some
267 mechanism to handle the differences in size and characters
268 allowed between this leaf and sysLocation. The definition
269 of such a mechanism is outside the scope of this document.";
270 reference
271 "RFC 3418: Management Information Base (MIB) for the
272 Simple Network Management Protocol (SNMP)
273 SNMPv2-MIB.sysLocation";
274 }
275
276 container clock {
277 description
278 "Configuration of the system date and time properties.";
279
280 choice timezone {
281 description
282 "The system time zone information.";
283
284 case timezone-name {
285 if-feature timezone-name;
286 leaf timezone-name {
287 type timezone-name;
288 description
289 "The TZ database name to use for the system, such
290 as 'Europe/Stockholm'.";
291 }
292 }
293 case timezone-utc-offset {
294 leaf timezone-utc-offset {
295 type int16 {
296 range "-1500 .. 1500";
297 }
298 units "minutes";
299 description
300 "The number of minutes to add to UTC time to
301 identify the time zone for this system. For example,
302 'UTC - 8:00 hours' would be represented as '-480'.
303 Note that automatic daylight saving time adjustment
304 is not provided if this object is used.";
305 }
306 }
307 }
308 }
309
310 container ntp {
311 if-feature ntp;
312 presence
313 "Enables the NTP client unless the 'enabled' leaf
314 (which defaults to 'true') is set to 'false'";
315 description
316 "Configuration of the NTP client.";
317
318 leaf enabled {
319 type boolean;
320 default true;
321 description
322 "Indicates that the system should attempt to
323 synchronize the system clock with an NTP server
324 from the 'ntp/server' list.";
325 }
326 list server {
327 key name;
328 description
329 "List of NTP servers to use for system clock
330 synchronization. If '/system/ntp/enabled'
331 is 'true', then the system will attempt to
332 contact and utilize the specified NTP servers.";
333
334 leaf name {
335 type string;
336 description
337 "An arbitrary name for the NTP server.";
338 }
339 choice transport {
340 mandatory true;
341 description
342 "The transport-protocol-specific parameters for this
343 server.";
344
345 case udp {
346 container udp {
347 description
348 "Contains UDP-specific configuration parameters
349 for NTP.";
350 leaf address {
351 type inet:host;
352 mandatory true;
353 description
354 "The address of the NTP server.";
355 }
356 leaf port {
357 if-feature ntp-udp-port;
358 type inet:port-number;
359 default 123;
360 description
361 "The port number of the NTP server.";
362 }
363 }
364 }
365 }
366 leaf association-type {
367 type enumeration {
368 enum server {
369 description
370 "Use client association mode. This device
371 will not provide synchronization to the
372 configured NTP server.";
373 }
374 enum peer {
375 description
376 "Use symmetric active association mode.
377 This device may provide synchronization
378 to the configured NTP server.";
379 }
380 enum pool {
381 description
382 "Use client association mode with one or
383 more of the NTP servers found by DNS
384 resolution of the domain name given by
385 the 'address' leaf. This device will not
386 provide synchronization to the servers.";
387 }
388 }
389 default server;
390 description
391 "The desired association type for this NTP server.";
392 }
393 leaf iburst {
394 type boolean;
395 default false;
396 description
397 "Indicates whether this server should enable burst
398 synchronization or not.";
399 }
400 leaf prefer {
401 type boolean;
402 default false;
403 description
404 "Indicates whether this server should be preferred
405 or not.";
406 }
407 }
408 }
409
410 container dns-resolver {
411 description
412 "Configuration of the DNS resolver.";
413
414 leaf-list search {
415 type inet:domain-name;
416 ordered-by user;
417 description
418 "An ordered list of domains to search when resolving
419 a host name.";
420 }
421 list server {
422 key name;
423 ordered-by user;
424 description
425 "List of the DNS servers that the resolver should query.
426
427 When the resolver is invoked by a calling application, it
428 sends the query to the first name server in this list. If
429 no response has been received within 'timeout' seconds,
430 the resolver continues with the next server in the list.
431 If no response is received from any server, the resolver
432 continues with the first server again. When the resolver
433 has traversed the list 'attempts' times without receiving
434 any response, it gives up and returns an error to the
435 calling application.
436
437 Implementations MAY limit the number of entries in this
438 list.";
439
440 leaf name {
441 type string;
442 description
443 "An arbitrary name for the DNS server.";
444 }
445 choice transport {
446 mandatory true;
447 description
448 "The transport-protocol-specific parameters for this
449 server.";
450
451 case udp-and-tcp {
452 container udp-and-tcp {
453 description
454 "Contains UDP- and TCP-specific configuration
455 parameters for DNS.";
456 reference
457 "RFC 1035: Domain Names - Implementation and
458 Specification
459 RFC 5966: DNS Transport over TCP - Implementation
460 Requirements";
461
462 leaf address {
463 type inet:ip-address;
464 mandatory true;
465 description
466 "The address of the DNS server.";
467 }
468 leaf port {
469 if-feature dns-udp-tcp-port;
470 type inet:port-number;
471 default 53;
472 description
473 "The UDP and TCP port number of the DNS server.";
474 }
475 }
476 }
477 }
478 }
479 container options {
480 description
481 "Resolver options. The set of available options has been
482 limited to those that are generally available across
483 different resolver implementations and generally useful.";
484 leaf timeout {
485 type uint8 {
486 range "1..max";
487 }
488 units "seconds";
489 default "5";
490 description
491 "The amount of time the resolver will wait for a
492 response from each remote name server before
493 retrying the query via a different name server.";
494 }
495 leaf attempts {
496 type uint8 {
497 range "1..max";
498 }
499 default "2";
500 description
501 "The number of times the resolver will send a query to
502 all of its name servers before giving up and returning
503 an error to the calling application.";
504 }
505 }
506 }
507
508
509
510 container radius {
511 if-feature radius;
512
513 description
514 "Configuration of the RADIUS client.";
515
516 list server {
517 key name;
518 ordered-by user;
519 description
520 "List of RADIUS servers used by the device.
521
522 When the RADIUS client is invoked by a calling
523 application, it sends the query to the first server in
524 this list. If no response has been received within
525 'timeout' seconds, the client continues with the next
526 server in the list. If no response is received from any
527 server, the client continues with the first server again.
528 When the client has traversed the list 'attempts' times
529 without receiving any response, it gives up and returns an
530 error to the calling application.";
531
532 leaf name {
533 type string;
534 description
535 "An arbitrary name for the RADIUS server.";
536 }
537 choice transport {
538 mandatory true;
539 description
540 "The transport-protocol-specific parameters for this
541 server.";
542
543 case udp {
544 container udp {
545 description
546 "Contains UDP-specific configuration parameters
547 for RADIUS.";
548 leaf address {
549 type inet:host;
550 mandatory true;
551 description
552 "The address of the RADIUS server.";
553 }
554
555
556
557
558 leaf authentication-port {
559 type inet:port-number;
560 default "1812";
561 description
562 "The port number of the RADIUS server.";
563 }
564 leaf shared-secret {
565 type string;
566 mandatory true;
567 nacm:default-deny-all;
568 description
569 "The shared secret, which is known to both the
570 RADIUS client and server.";
571 reference
572 "RFC 2865: Remote Authentication Dial In User
573 Service (RADIUS)";
574 }
575 }
576 }
577 }
578 leaf authentication-type {
579 type identityref {
580 base radius-authentication-type;
581 }
582 default radius-pap;
583 description
584 "The authentication type requested from the RADIUS
585 server.";
586 }
587 }
588 container options {
589 description
590 "RADIUS client options.";
591
592 leaf timeout {
593 type uint8 {
594 range "1..max";
595 }
596 units "seconds";
597 default "5";
598 description
599 "The number of seconds the device will wait for a
600 response from each RADIUS server before trying with a
601 different server.";
602 }
603
604
605
606 leaf attempts {
607 type uint8 {
608 range "1..max";
609 }
610 default "2";
611 description
612 "The number of times the device will send a query to
613 all of its RADIUS servers before giving up.";
614 }
615 }
616 }
617
618 container authentication {
619 nacm:default-deny-write;
620 if-feature authentication;
621
622 description
623 "The authentication configuration subtree.";
624
625 leaf-list user-authentication-order {
626 type identityref {
627 base authentication-method;
628 }
629 must '(. != "sys:radius" or ../../radius/server)' {
630 error-message
631 "When 'radius' is used, a RADIUS server"
632 + " must be configured.";
633 description
634 "When 'radius' is used as an authentication method,
635 a RADIUS server must be configured.";
636 }
637 ordered-by user;
638
639 description
640 "When the device authenticates a user with a password,
641 it tries the authentication methods in this leaf-list in
642 order. If authentication with one method fails, the next
643 method is used. If no method succeeds, the user is
644 denied access.
645
646 An empty user-authentication-order leaf-list still allows
647 authentication of users using mechanisms that do not
648 involve a password.
649
650 If the 'radius-authentication' feature is advertised by
651 the NETCONF server, the 'radius' identity can be added to
652 this list.
653
654 If the 'local-users' feature is advertised by the
655 NETCONF server, the 'local-users' identity can be
656 added to this list.";
657 }
658
659 list user {
660 if-feature local-users;
661 key name;
662 description
663 "The list of local users configured on this device.";
664
665 leaf name {
666 type string;
667 description
668 "The user name string identifying this entry.";
669 }
670 leaf password {
671 type ianach:crypt-hash;
672 description
673 "The password for this entry.";
674 }
675 list authorized-key {
676 key name;
677 description
678 "A list of public SSH keys for this user. These keys
679 are allowed for SSH authentication, as described in
680 RFC 4253.";
681 reference
682 "RFC 4253: The Secure Shell (SSH) Transport Layer
683 Protocol";
684
685 leaf name {
686 type string;
687 description
688 "An arbitrary name for the SSH key.";
689 }
690
691
692
693
694
695
696
697
698
699
700
701
702 leaf algorithm {
703 type string;
704 mandatory true;
705 description
706 "The public key algorithm name for this SSH key.
707
708 Valid values are the values in the IANA 'Secure Shell
709 (SSH) Protocol Parameters' registry, Public Key
710 Algorithm Names.";
711 reference
712 "IANA 'Secure Shell (SSH) Protocol Parameters'
713 registry, Public Key Algorithm Names";
714 }
715 leaf key-data {
716 type binary;
717 mandatory true;
718 description
719 "The binary public key data for this SSH key, as
720 specified by RFC 4253, Section 6.6, i.e.:
721
722 string certificate or public key format
723 identifier
724 byte[n] key/certificate data.";
725 reference
726 "RFC 4253: The Secure Shell (SSH) Transport Layer
727 Protocol";
728 }
729 }
730 }
731 }
732 }
733
734 /*
735 * Operational state data nodes
736 */
737
738 container system-state {
739 config false;
740 description
741 "System group operational state.";
742
743 container platform {
744 description
745 "Contains vendor-specific information for
746 identifying the system platform and operating system.";
747 reference
748 "IEEE Std 1003.1-2008 - sys/utsname.h";
749
750 leaf os-name {
751 type string;
752 description
753 "The name of the operating system in use -
754 for example, 'Linux'.";
755 reference
756 "IEEE Std 1003.1-2008 - utsname.sysname";
757 }
758 leaf os-release {
759 type string;
760 description
761 "The current release level of the operating
762 system in use. This string MAY indicate
763 the OS source code revision.";
764 reference
765 "IEEE Std 1003.1-2008 - utsname.release";
766 }
767 leaf os-version {
768 type string;
769 description
770 "The current version level of the operating
771 system in use. This string MAY indicate
772 the specific OS build date and target variant
773 information.";
774 reference
775 "IEEE Std 1003.1-2008 - utsname.version";
776 }
777 leaf machine {
778 type string;
779 description
780 "A vendor-specific identifier string representing
781 the hardware in use.";
782 reference
783 "IEEE Std 1003.1-2008 - utsname.machine";
784 }
785 }
786
787 container clock {
788 description
789 "Monitoring of the system date and time properties.";
790
791 leaf current-datetime {
792 type yang:date-and-time;
793 description
794 "The current system date and time.";
795 }
796
797
798 leaf boot-datetime {
799 type yang:date-and-time;
800 description
801 "The system date and time when the system last restarted.";
802 }
803 }
804 }
805
806 rpc set-current-datetime {
807 nacm:default-deny-all;
808 description
809 "Set the /system-state/clock/current-datetime leaf
810 to the specified value.
811
812 If the system is using NTP (i.e., /system/ntp/enabled
813 is set to 'true'), then this operation will fail with
814 error-tag 'operation-failed' and error-app-tag value of
815 'ntp-active'.";
816 input {
817 leaf current-datetime {
818 type yang:date-and-time;
819 mandatory true;
820 description
821 "The current system date and time.";
822 }
823 }
824 }
825
826 rpc system-restart {
827 nacm:default-deny-all;
828 description
829 "Request that the entire system be restarted immediately.
830 A server SHOULD send an rpc reply to the client before
831 restarting the system.";
832 }
833
834 rpc system-shutdown {
835 nacm:default-deny-all;
836 description
837 "Request that the entire system be shut down immediately.
838 A server SHOULD send an rpc reply to the client before
839 shutting down the system.";
840 }
841
842}