| module openconfig-system { |
| |
| yang-version "1"; |
| |
| // namespace |
| namespace "http://openconfig.net/yang/system"; |
| |
| prefix "oc-sys"; |
| |
| // import some basic types |
| import openconfig-inet-types { prefix oc-inet; } |
| import ietf-yang-types { prefix yang; } |
| import openconfig-types { prefix oc-types; } |
| import openconfig-extensions { prefix oc-ext; } |
| import openconfig-aaa { prefix oc-aaa; } |
| import openconfig-system-logging { prefix oc-log; } |
| import openconfig-system-terminal { prefix oc-sys-term; } |
| import openconfig-procmon { prefix oc-proc; } |
| |
| |
| |
| // meta |
| organization "OpenConfig working group"; |
| |
| contact |
| "OpenConfig working group |
| netopenconfig@googlegroups.com"; |
| |
| description |
| "Model for managing system-wide services and functions on |
| network devices. |
| |
| Portions of this code were derived from IETF RFC 7317. |
| Please reproduce this note if possible. |
| |
| IETF code is subject to the following copyright and license: |
| Copyright (c) IETF Trust and the persons identified as authors of |
| the code. |
| All rights reserved. |
| |
| Redistribution and use in source and binary forms, with or without |
| modification, is permitted pursuant to, and subject to the license |
| terms contained in, the Simplified BSD License set forth in |
| Section 4.c of the IETF Trust's Legal Provisions Relating |
| to IETF Documents (http://trustee.ietf.org/license-info)."; |
| |
| oc-ext:openconfig-version "0.2.0"; |
| |
| revision "2017-07-06" { |
| description |
| "Move to oc-inet types, add IETF attribution, add RADIUS |
| counters, changed password leaf names to indicate hashed"; |
| reference "0.2.0"; |
| } |
| |
| revision "2017-01-29" { |
| description |
| "Initial public release"; |
| reference "0.1.0"; |
| } |
| |
| // extension statements |
| |
| // feature statements |
| |
| // identity statements |
| |
| identity NTP_AUTH_TYPE { |
| description |
| "Base identity for encryption schemes supported for NTP |
| authentication keys"; |
| } |
| |
| identity NTP_AUTH_MD5 { |
| base NTP_AUTH_TYPE; |
| description |
| "MD5 encryption method"; |
| } |
| |
| // typedef statements |
| |
| typedef timezone-name-type { |
| type string; |
| description |
| "A time zone name as used by the Time Zone Database, |
| sometimes referred to as the 'Olson Database'. |
| |
| The exact set of valid values is an implementation-specific |
| matter. Client discovery of the exact set of time zone names |
| for a particular server is out of scope."; |
| reference |
| "BCP 175: Procedures for Maintaining the Time Zone Database"; |
| } |
| |
| // grouping statements |
| |
| grouping system-clock-config { |
| description |
| "Configuration data for system-wide clock configuration"; |
| |
| leaf timezone-name { |
| type timezone-name-type; |
| description |
| "The TZ database name to use for the system, such |
| as 'Europe/Stockholm'."; |
| reference "IANA Time Zone Database |
| http://www.iana.org/time-zones"; |
| } |
| } |
| |
| grouping system-clock-state { |
| description |
| "Operational state data for system-wide clock configuration"; |
| } |
| |
| grouping system-clock-top { |
| description |
| "Top-level grouping for system-wide clock configuration"; |
| |
| container clock { |
| description |
| "Top-level container for clock configuration data"; |
| |
| container config { |
| description |
| "Configuration data for system clock"; |
| |
| uses system-clock-config; |
| } |
| |
| container state { |
| |
| config false; |
| |
| description |
| "Operational state data for system clock"; |
| |
| uses system-clock-config; |
| uses system-clock-state; |
| } |
| } |
| } |
| |
| grouping system-global-config { |
| description "system-wide configuration parameters"; |
| |
| leaf hostname { |
| type oc-inet:domain-name; |
| description |
| "The hostname of the device -- should be a single domain |
| label, without the domain."; |
| } |
| |
| leaf domain-name { |
| type oc-inet:domain-name; |
| description |
| "Specifies the domain name used to form fully qualified name |
| for unqualified hostnames."; |
| } |
| |
| leaf login-banner { |
| type string; |
| description |
| "The console login message displayed before the login prompt, |
| i.e., before a user logs into the system."; |
| } |
| |
| leaf motd-banner { |
| type string; |
| description |
| "The console message displayed after a user logs into the |
| system. They system may append additional standard |
| information such as the current system date and time, uptime, |
| last login timestamp, etc."; |
| } |
| } |
| |
| grouping system-global-state { |
| description |
| "Global operational state data for the system"; |
| |
| leaf current-datetime { |
| type yang:date-and-time; |
| description |
| "The current system date and time."; |
| } |
| |
| leaf boot-time { |
| type oc-types:timeticks64; |
| description |
| "This timestamp indicates the time that the system was last |
| restarted. The value is the timestamp in seconds relative |
| to the Unix Epoch (Jan 1, 1970 00:00:00 UTC)."; |
| } |
| |
| } |
| |
| grouping system-dns-config { |
| description "DNS / resolver related configuration data"; |
| |
| leaf-list search { |
| type oc-inet:domain-name; |
| ordered-by user; |
| description |
| "An ordered list of domains to search when resolving |
| a host name."; |
| } |
| } |
| |
| grouping system-dns-state { |
| description |
| "Operational state data for system DNS resolver"; |
| |
| } |
| |
| grouping system-dns-servers-config { |
| description |
| "Configuration data for DNS resolvers"; |
| |
| //RFC 7317 includes a single-value choice statement to for |
| //TCP and UDP transport. This has been removed since it the |
| //transport protocol is not generally available as an options |
| //on target devices. It may be added back if and when needed. |
| |
| leaf address { |
| type oc-inet:ip-address; |
| description |
| "The address of the DNS server, can be either IPv4 |
| or IPv6."; |
| } |
| |
| leaf port { |
| type oc-inet:port-number; |
| default 53; |
| description |
| "The port number of the DNS server."; |
| } |
| |
| //RFC 7317 includes resolver timeout and attempts options. These |
| //have been omitted as they are not available on many targets. If |
| //and when they are required, they may be added back in. |
| } |
| |
| grouping system-dns-static-config { |
| description |
| "Configuration data for static host entries"; |
| |
| leaf hostname { |
| type string; |
| description |
| "Hostname for the static DNS entry"; |
| } |
| |
| leaf-list alias { |
| type string; |
| description |
| "Additional aliases for the hostname"; |
| } |
| |
| leaf-list ipv4-address { |
| type oc-inet:ipv4-address; |
| description |
| "List of IPv4 addressses for the host entry"; |
| } |
| |
| leaf-list ipv6-address { |
| type oc-inet:ipv6-address; |
| description |
| "List of IPv6 addresses for the host entry"; |
| } |
| } |
| |
| grouping system-dns-static-state { |
| description |
| "Operational state data for static host entries"; |
| } |
| |
| grouping system-dns-static-top { |
| description |
| "Top-level grouping for static DNS host entries"; |
| |
| container host-entries { |
| description |
| "Enclosing container for list of static host entries"; |
| |
| list host-entry { |
| key "hostname"; |
| description |
| "List of static host entries"; |
| |
| leaf hostname { |
| type leafref { |
| path "../config/hostname"; |
| } |
| description |
| "Reference to the hostname list key"; |
| } |
| |
| container config { |
| description |
| "Configuration data for static host entries"; |
| |
| uses system-dns-static-config; |
| } |
| |
| container state { |
| |
| config false; |
| |
| description |
| "Operational state data for static host entries"; |
| |
| uses system-dns-static-config; |
| uses system-dns-static-state; |
| } |
| } |
| } |
| } |
| |
| grouping system-dns-servers-state { |
| description |
| "Operational state data for DNS resolvers"; |
| |
| } |
| |
| grouping system-dns-servers-top { |
| description |
| "Top-level grouping for the list of DNS resolvers."; |
| |
| container servers { |
| description |
| "Enclosing container for DNS resolver list"; |
| |
| list server { |
| key "address"; |
| ordered-by user; |
| description |
| "List of the DNS servers that the resolver should query. |
| |
| When the resolver is invoked by a calling application, it |
| sends the query to the first name server in this list. If |
| no response has been received within 'timeout' seconds, |
| the resolver continues with the next server in the list. |
| If no response is received from any server, the resolver |
| continues with the first server again. When the resolver |
| has traversed the list 'attempts' times without receiving |
| any response, it gives up and returns an error to the |
| calling application. |
| |
| Implementations MAY limit the number of entries in this |
| list."; |
| |
| leaf address { |
| type leafref { |
| path "../config/address"; |
| } |
| description |
| "References the configured address of the DNS server"; |
| } |
| |
| container config { |
| description |
| "Configuration data for each DNS resolver"; |
| |
| uses system-dns-servers-config; |
| } |
| |
| container state { |
| |
| config false; |
| |
| description |
| "Operational state data for each DNS resolver"; |
| |
| uses system-dns-servers-config; |
| uses system-dns-servers-state; |
| } |
| |
| } |
| } |
| } |
| |
| grouping system-dns-top { |
| description |
| "Top-level grouping for DNS / resolver config and operational |
| state data"; |
| |
| container dns { |
| description |
| "Enclosing container for DNS resolver data"; |
| |
| container config { |
| description |
| "Configuration data for the DNS resolver"; |
| |
| uses system-dns-config; |
| |
| } |
| |
| container state { |
| |
| config false; |
| |
| description |
| "Operational state data for the DNS resolver"; |
| |
| uses system-dns-config; |
| uses system-dns-state; |
| |
| } |
| |
| uses system-dns-servers-top; |
| uses system-dns-static-top; |
| } |
| } |
| |
| grouping system-ntp-server-config { |
| description |
| "Configuration data for NTP servers"; |
| |
| leaf address { |
| type oc-inet:host; |
| description |
| "The address or hostname of the NTP server."; |
| } |
| |
| leaf port { |
| type oc-inet:port-number; |
| default 123; |
| description |
| "The port number of the NTP server."; |
| } |
| |
| leaf version { |
| type uint8 { |
| range 1..4; |
| } |
| default 4; |
| description |
| "Version number to put in outgoing NTP packets"; |
| } |
| |
| leaf association-type { |
| type enumeration { |
| enum SERVER { |
| description |
| "Use client association mode. This device |
| will not provide synchronization to the |
| configured NTP server."; |
| } |
| enum PEER { |
| description |
| "Use symmetric active association mode. |
| This device may provide synchronization |
| to the configured NTP server."; |
| } |
| enum POOL { |
| description |
| "Use client association mode with one or |
| more of the NTP servers found by DNS |
| resolution of the domain name given by |
| the 'address' leaf. This device will not |
| provide synchronization to the servers."; |
| } |
| } |
| default SERVER; |
| description |
| "The desired association type for this NTP server."; |
| } |
| leaf iburst { |
| type boolean; |
| default false; |
| description |
| "Indicates whether this server should enable burst |
| synchronization or not."; |
| } |
| leaf prefer { |
| type boolean; |
| default false; |
| description |
| "Indicates whether this server should be preferred |
| or not."; |
| } |
| } |
| |
| grouping system-ntp-server-state { |
| description |
| "Operational state data for NTP servers"; |
| |
| leaf stratum { |
| type uint8; |
| description |
| "Indicates the level of the server in the NTP hierarchy. As |
| stratum number increases, the accuracy is degraded. Primary |
| servers are stratum while a maximum value of 16 indicates |
| unsynchronized. The values have the following specific |
| semantics: |
| |
| | 0 | unspecified or invalid |
| | 1 | primary server (e.g., equipped with a GPS receiver) |
| | 2-15 | secondary server (via NTP) |
| | 16 | unsynchronized |
| | 17-255 | reserved"; |
| reference |
| "RFC 5905 - Network Time Protocol Version 4: Protocol and |
| Algorithms Specification"; |
| } |
| |
| leaf root-delay { |
| type uint32; |
| // TODO: reconsider units for these values -- the spec defines |
| // rootdelay and rootdisperson as 2 16-bit integers for seconds |
| // and fractional seconds, respectively. This gives a |
| // precision of ~15 us (2^-16). Using milliseconds here based |
| // on what implementations typically provide and likely lack |
| // of utility for less than millisecond precision with NTP |
| // time sync. |
| units "milliseconds"; |
| description |
| "The round-trip delay to the server, in milliseconds."; |
| reference |
| "RFC 5905 - Network Time Protocol Version 4: Protocol and |
| Algorithms Specification"; |
| } |
| |
| leaf root-dispersion { |
| type uint64; |
| units "milliseconds"; |
| description |
| "Dispersion (epsilon) represents the maximum error inherent |
| in the measurement"; |
| reference |
| "RFC 5905 - Network Time Protocol Version 4: Protocol and |
| Algorithms Specification"; |
| } |
| |
| leaf offset { |
| type uint64; |
| units "milliseconds"; |
| description |
| "Estimate of the current time offset from the peer. This is |
| the time difference between the local and reference clock."; |
| } |
| |
| leaf poll-interval { |
| type uint32; |
| units "seconds"; |
| description |
| "Polling interval of the peer"; |
| } |
| } |
| |
| grouping system-ntp-server-top { |
| description |
| "Top-level grouping for the list of NTP servers"; |
| |
| container servers { |
| description |
| "Enclosing container for the list of NTP servers"; |
| |
| list server { |
| key "address"; |
| description |
| "List of NTP servers to use for system clock |
| synchronization. If '/system/ntp/enabled' |
| is 'true', then the system will attempt to |
| contact and utilize the specified NTP servers."; |
| |
| leaf address { |
| type leafref { |
| path "../config/address"; |
| } |
| description |
| "References the configured address or hostname of the |
| NTP server."; |
| } |
| |
| container config { |
| description |
| "Configuration data for an NTP server."; |
| |
| uses system-ntp-server-config; |
| } |
| |
| container state { |
| |
| config false; |
| |
| description |
| "Operational state data for an NTP server."; |
| |
| uses system-ntp-server-config; |
| uses system-ntp-server-state; |
| } |
| |
| } |
| } |
| } |
| |
| grouping system-ntp-auth-keys-config { |
| description |
| "Configuration data "; |
| |
| leaf key-id { |
| type uint16; |
| description |
| "Integer identifier used by the client and server to |
| designate a secret key. The client and server must use |
| the same key id."; |
| } |
| |
| leaf key-type { |
| type identityref { |
| base NTP_AUTH_TYPE; |
| } |
| description |
| "Encryption type used for the NTP authentication key"; |
| } |
| |
| leaf key-value { |
| type string; |
| description |
| "NTP authentication key value"; |
| } |
| } |
| |
| grouping system-ntp-auth-keys-state { |
| description |
| "Operational state data for NTP auth key data"; |
| } |
| |
| grouping system-ntp-auth-keys-top { |
| description |
| "Top-level grouping for NTP auth key data"; |
| |
| container ntp-keys { |
| description |
| "Enclosing container for list of NTP authentication keys"; |
| |
| list ntp-key { |
| key "key-id"; |
| description |
| "List of NTP authentication keys"; |
| |
| leaf key-id { |
| type leafref { |
| path "../config/key-id"; |
| } |
| description |
| "Reference to auth key-id list key"; |
| } |
| |
| container config { |
| description |
| "Configuration data for NTP auth keys"; |
| |
| uses system-ntp-auth-keys-config; |
| } |
| |
| container state { |
| |
| config false; |
| |
| description |
| "Operational state data for NTP auth keys"; |
| |
| uses system-ntp-auth-keys-config; |
| uses system-ntp-auth-keys-state; |
| } |
| } |
| } |
| } |
| |
| grouping system-ntp-config { |
| description |
| "Configuration data for system-wide NTP operation."; |
| |
| leaf enabled { |
| type boolean; |
| default false; |
| description |
| "Enables the NTP protocol and indicates that the system should |
| attempt to synchronize the system clock with an NTP server |
| from the servers defined in the 'ntp/server' list."; |
| } |
| |
| leaf ntp-source-address { |
| type oc-inet:ip-address; |
| description |
| "Source address to use on outgoing NTP packets"; |
| } |
| |
| leaf enable-ntp-auth { |
| type boolean; |
| default false; |
| description |
| "Enable or disable NTP authentication -- when enabled, the |
| system will only use packets containing a trusted |
| authentication key to synchronize the time."; |
| } |
| } |
| |
| grouping system-ntp-state { |
| description |
| "Operational state data for system-wide NTP operation."; |
| |
| leaf auth-mismatch { |
| type yang:counter64; |
| description |
| "Count of the number of NTP packets received that were not |
| processed due to authentication mismatch."; |
| } |
| } |
| |
| grouping system-ntp-top { |
| description |
| "Top-level grouping for configuration and state data for NTP"; |
| |
| container ntp { |
| description |
| "Top-level container for NTP configuration and state"; |
| |
| container config { |
| description |
| "Configuration data for NTP client."; |
| |
| uses system-ntp-config; |
| } |
| |
| container state { |
| |
| config false; |
| |
| description |
| "Operational state data for NTP services."; |
| |
| uses system-ntp-config; |
| uses system-ntp-state; |
| } |
| uses system-ntp-auth-keys-top; |
| uses system-ntp-server-top; |
| } |
| } |
| |
| grouping system-memory-config { |
| description |
| "Configuration data for system memory"; |
| } |
| |
| grouping system-memory-state { |
| description |
| "Operational state data for system memory"; |
| |
| leaf physical { |
| type uint64; |
| units bytes; |
| // TODO: consider making units in megabytes |
| description |
| "Reports the total physical memory available on the |
| system."; |
| } |
| |
| leaf reserved { |
| type uint64; |
| units bytes; |
| description |
| "Memory reserved for system use"; |
| } |
| } |
| |
| grouping system-memory-top { |
| description |
| "Top-level grouping for system memory data definitions"; |
| |
| container memory { |
| description |
| "Top-level container for system memory data"; |
| |
| container config { |
| description |
| "Configuration data for system memory"; |
| |
| uses system-memory-config; |
| } |
| |
| container state { |
| |
| config false; |
| |
| description |
| "Operational state data for system memory"; |
| |
| uses system-memory-config; |
| uses system-memory-state; |
| } |
| } |
| } |
| |
| |
| grouping system-top { |
| description |
| "Top level system data containers"; |
| |
| container system { |
| description |
| "Enclosing container for system-related configuration and |
| operational state data"; |
| |
| container config { |
| description "Global configuration data for the system"; |
| |
| uses system-global-config; |
| |
| } |
| |
| container state { |
| |
| config false; |
| |
| description "Global operational state data for the system"; |
| |
| uses system-global-config; |
| uses system-global-state; |
| |
| } |
| |
| uses system-clock-top; |
| uses system-dns-top; |
| uses system-ntp-top; |
| uses oc-sys-term:system-ssh-server-top; |
| uses oc-sys-term:system-telnet-server-top; |
| uses oc-log:logging-top; |
| uses oc-aaa:aaa-top; |
| uses system-memory-top; |
| uses oc-proc:procmon-processes-top; |
| } |
| } |
| |
| // data definition statements |
| |
| uses system-top; |
| |
| } |