Adding OpenConfig YANG models.
Change-Id: I0a2fdd5826e80933cf4b9ae939ff3051acec02aa
diff --git a/models/openconfig/src/main/yang/system/openconfig-aaa-radius.yang b/models/openconfig/src/main/yang/system/openconfig-aaa-radius.yang
new file mode 100644
index 0000000..e0ad1dd
--- /dev/null
+++ b/models/openconfig/src/main/yang/system/openconfig-aaa-radius.yang
@@ -0,0 +1,174 @@
+submodule openconfig-aaa-radius {
+
+ yang-version "1";
+
+ belongs-to "openconfig-aaa" {
+ prefix "oc-aaa";
+ }
+
+ // import some basic types
+ import ietf-inet-types { prefix inet; }
+ import openconfig-extensions { prefix oc-ext; }
+ import openconfig-aaa-types { prefix oc-aaa-types; }
+ import openconfig-types { prefix oc-types; }
+ import openconfig-yang-types { prefix oc-yang; }
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines configuration and operational state data
+ related to the RADIUS protocol for authentication,
+ authorization, and accounting.";
+
+ oc-ext:openconfig-version "0.2.0";
+
+ revision "2017-07-06" {
+ description
+ "Move to oc-inet types, add IETF attribution, add RADIUS
+ counters, changed password leaf names to indicate hashed";
+ reference "0.2.0";
+ }
+
+ revision "2017-01-29" {
+ description
+ "Initial public release";
+ reference "0.1.0";
+ }
+
+ // extension statements
+
+ // feature statements
+
+ // identity statements
+
+ identity RADIUS {
+ base oc-aaa-types:AAA_SERVER_TYPE;
+ description
+ "Remote Authentication Dial In User Service (RADIUS) AAA
+ server";
+ reference
+ "RFC 2865 - Remote Authentication Dial In User Service
+ (RADIUS)";
+ }
+
+ // typedef statements
+
+ // grouping statements
+
+ grouping aaa-radius-server-config {
+ description
+ "Configuration data for a RADIUS server";
+
+ leaf auth-port {
+ type inet:port-number;
+ default 1812;
+ description
+ "Port number for authentication requests";
+ }
+
+ leaf acct-port {
+ type inet:port-number;
+ default 1813;
+ description
+ "Port number for accounting requests";
+ }
+
+ leaf secret-key {
+ type oc-types:routing-password;
+ description
+ "The unencrypted shared key used between the authentication
+ server and the device.";
+ }
+
+ leaf source-address {
+ type inet:ip-address;
+ description
+ "Source IP address to use in messages to the RADIUS server";
+ }
+
+ leaf retransmit-attempts {
+ type uint8;
+ description
+ "Number of times the system may resend a request to the
+ RADIUS server when it is unresponsive";
+ }
+ }
+
+ grouping aaa-radius-server-state {
+ description
+ "Operational state data for a RADIUS server";
+
+ container counters {
+ description
+ "A collection of RADIUS related state objects.";
+
+ leaf retried-access-requests {
+ type oc-yang:counter64;
+ description
+ "Retransmitted Access-Request messages.";
+ }
+
+ leaf access-accepts {
+ type oc-yang:counter64;
+ description
+ "Received Access-Accept messages.";
+ }
+
+ leaf access-rejects {
+ type oc-yang:counter64;
+ description
+ "Received Access-Reject messages.";
+ }
+
+ leaf timeout-access-requests {
+ type oc-yang:counter64;
+ description
+ "Access-Request messages that have timed-out,
+ requiring retransmission.";
+ }
+ }
+ }
+
+ grouping aaa-radius-server-top {
+ description
+ "Top-level grouping for RADIUS server data";
+
+ container radius {
+ description
+ "Top-level container for RADIUS server data";
+
+ container config {
+ description
+ "Configuration data for RADIUS servers";
+
+ uses aaa-radius-server-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for RADIUS servers";
+
+ uses aaa-radius-server-config;
+ uses aaa-radius-server-state;
+ }
+ }
+ }
+
+ // data definition statements
+
+ // augment statements
+
+ // rpc statements
+
+ // notification statements
+
+}
diff --git a/models/openconfig/src/main/yang/system/openconfig-aaa-tacacs.yang b/models/openconfig/src/main/yang/system/openconfig-aaa-tacacs.yang
new file mode 100644
index 0000000..b1f6472
--- /dev/null
+++ b/models/openconfig/src/main/yang/system/openconfig-aaa-tacacs.yang
@@ -0,0 +1,130 @@
+submodule openconfig-aaa-tacacs {
+
+ yang-version "1";
+
+ belongs-to "openconfig-aaa" {
+ prefix "oc-aaa";
+ }
+
+ // import some basic types
+ import ietf-inet-types { prefix inet; }
+ import openconfig-extensions { prefix oc-ext; }
+ import openconfig-aaa-types { prefix oc-aaa-types; }
+ import openconfig-types { prefix oc-types; }
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines configuration and operational state data
+ related to the TACACS+ protocol for authentication,
+ authorization, and accounting.";
+
+ oc-ext:openconfig-version "0.2.0";
+
+ revision "2017-07-06" {
+ description
+ "Move to oc-inet types, add IETF attribution, add RADIUS
+ counters, changed password leaf names to indicate hashed";
+ reference "0.2.0";
+ }
+
+ revision "2017-01-29" {
+ description
+ "Initial public release";
+ reference "0.1.0";
+ }
+
+ // extension statements
+
+ // feature statements
+
+ // identity statements
+
+ identity TACACS {
+ base oc-aaa-types:AAA_SERVER_TYPE;
+ description
+ "Terminal Access Controller Access Control System (TACACS+)
+ AAA server";
+ reference
+ "The TACACS+ Protocol (draft-ietf-opsawg-tacacs-05)
+ RFC 1492 - An Access Control Protocol, Sometimes Called
+ TACACS";
+ }
+
+ // typedef statements
+
+ // grouping statements
+
+ grouping aaa-tacacs-server-config {
+ description
+ "Configuration data for a TACACS+ server";
+
+ leaf port {
+ type inet:port-number;
+ default 49;
+ description
+ "The port number on which to contact the TACACS server";
+ }
+
+ leaf secret-key {
+ type oc-types:routing-password;
+ description
+ "The unencrypted shared key used between the authentication
+ server and the device.";
+ }
+
+ leaf source-address {
+ type inet:ip-address;
+ description
+ "Source IP address to use in messages to the TACACS server";
+ }
+ }
+
+ grouping aaa-tacacs-server-state {
+ description
+ "Operational state data for a TACACS+ server";
+ }
+
+ grouping aaa-tacacs-server-top {
+ description
+ "Top-level grouping for TACACS+ sever data";
+
+ container tacacs {
+ description
+ "Top-level container for TACACS+ server data";
+
+ container config {
+ description
+ "Configuration data for TACACS+ server";
+
+ uses aaa-tacacs-server-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for TACACS+ server";
+
+ uses aaa-tacacs-server-config;
+ uses aaa-tacacs-server-state;
+ }
+ }
+ }
+
+ // data definition statements
+
+ // augment statements
+
+ // rpc statements
+
+ // notification statements
+
+}
\ No newline at end of file
diff --git a/models/openconfig/src/main/yang/system/openconfig-aaa-types.yang b/models/openconfig/src/main/yang/system/openconfig-aaa-types.yang
new file mode 100644
index 0000000..a42802f
--- /dev/null
+++ b/models/openconfig/src/main/yang/system/openconfig-aaa-types.yang
@@ -0,0 +1,150 @@
+module openconfig-aaa-types {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/aaa/types";
+
+ prefix "oc-aaa-types";
+
+ // import some basic types
+ import openconfig-extensions { prefix oc-ext; }
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines shared types for data related to AAA
+ (authentication, authorization, accounting).";
+
+ oc-ext:openconfig-version "0.2.0";
+
+ revision "2017-07-06" {
+ description
+ "Move to oc-inet types, add IETF attribution, add RADIUS
+ counters, changed password leaf names to indicate hashed";
+ reference "0.2.0";
+ }
+
+ revision "2017-01-29" {
+ description
+ "Initial public release";
+ reference "0.1.0";
+ }
+
+
+ // identity statements
+
+ identity AAA_SERVER_TYPE {
+ description
+ "Base identity for types of AAA servers";
+ }
+
+
+ identity SYSTEM_DEFINED_ROLES {
+ description
+ "Base identity for system_defined roles that can be assigned
+ to users.";
+ }
+
+ identity SYSTEM_ROLE_ADMIN {
+ base SYSTEM_DEFINED_ROLES;
+ description
+ "Built-in role that allows the equivalent of superuser
+ permission for all configuration and operational commands
+ on the device.";
+ }
+
+ identity AAA_ACCOUNTING_EVENT_TYPE {
+ description
+ "Base identity for specifying events types that should be
+ sent to AAA server for accounting";
+ }
+
+ identity AAA_ACCOUNTING_EVENT_COMMAND {
+ base AAA_ACCOUNTING_EVENT_TYPE;
+ description
+ "Specifies interactive command events for AAA accounting";
+ }
+
+ identity AAA_ACCOUNTING_EVENT_LOGIN {
+ base AAA_ACCOUNTING_EVENT_TYPE;
+ description
+ "Specifies login events for AAA accounting";
+ }
+
+ identity AAA_AUTHORIZATION_EVENT_TYPE {
+ description
+ "Base identity for specifying activities that should be
+ sent to AAA server for authorization";
+ }
+
+ identity AAA_AUTHORIZATION_EVENT_COMMAND {
+ base AAA_ACCOUNTING_EVENT_TYPE;
+ description
+ "Specifies interactive command events for AAA authorization";
+ }
+
+ identity AAA_AUTHORIZATION_EVENT_CONFIG {
+ base AAA_ACCOUNTING_EVENT_TYPE;
+ description
+ "Specifies configuration (e.g., EXEC) events for AAA
+ authorization";
+ }
+
+ identity AAA_METHOD_TYPE {
+ description
+ "Base identity to define well-known methods for AAA
+ operations";
+ }
+
+ identity TACACS_ALL {
+ base AAA_METHOD_TYPE;
+ description
+ "The group of all TACACS+ servers.";
+ }
+
+ identity RADIUS_ALL {
+ base AAA_METHOD_TYPE;
+ description
+ "The group of all RADIUS servers.";
+ }
+
+ identity LOCAL {
+ base AAA_METHOD_TYPE;
+ description
+ "Locally configured method for AAA operations.";
+ }
+
+
+ // typedef statements
+
+ typedef crypt-password-type {
+ type string;
+ description
+ "A password that is hashed based on the hash algorithm
+ indicated by the prefix in the string. The string
+ takes the following form, based on the Unix crypt function:
+
+ $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
+
+ Common hash functions include:
+
+ id | hash function
+ ---+---------------
+ 1 | MD5
+ 2a| Blowfish
+ 2y| Blowfish (correct handling of 8-bit chars)
+ 5 | SHA-256
+ 6 | SHA-512
+
+ These may not all be supported by a target device.";
+ }
+
+
+}
diff --git a/models/openconfig/src/main/yang/system/openconfig-aaa.yang b/models/openconfig/src/main/yang/system/openconfig-aaa.yang
new file mode 100644
index 0000000..5a68c47
--- /dev/null
+++ b/models/openconfig/src/main/yang/system/openconfig-aaa.yang
@@ -0,0 +1,791 @@
+module openconfig-aaa {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/aaa";
+
+ prefix "oc-aaa";
+
+ // import some basic types
+ import openconfig-extensions { prefix oc-ext; }
+ import ietf-inet-types { prefix inet; }
+ import ietf-yang-types { prefix yang; }
+ import openconfig-aaa-types { prefix oc-aaa-types; }
+
+ include openconfig-aaa-tacacs;
+ include openconfig-aaa-radius;
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines configuration and operational state data
+ related to authorization, authentication, and accounting (AAA)
+ management.
+
+ Portions of this model reuse data definitions or structure from
+ RFC 7317 - A YANG Data Model for System Management";
+
+ oc-ext:openconfig-version "0.2.0";
+
+ revision "2017-07-06" {
+ description
+ "Move to oc-inet types, add IETF attribution, add RADIUS
+ counters, changed password leaf names to indicate hashed";
+ reference "0.2.0";
+ }
+
+ revision "2017-01-29" {
+ description
+ "Initial public release";
+ reference "0.1.0";
+ }
+
+ // identity statements
+
+ // grouping statements
+ grouping aaa-servergroup-common-config {
+ description
+ "Configuration data for AAA server groups";
+
+ leaf name {
+ type string;
+ description
+ "Name for the server group";
+ }
+
+ leaf type {
+ type identityref {
+ base oc-aaa-types:AAA_SERVER_TYPE;
+ }
+ description
+ "AAA server type -- all servers in the group must be of this
+ type";
+ }
+ }
+
+ grouping aaa-servergroup-common-state {
+ description
+ "Operational state data for AAA server groups";
+
+ //TODO: add list of group members as opstate
+ }
+
+ grouping aaa-servergroup-common-top {
+ description
+ "Top-level grouping for AAA server groups";
+
+ container server-groups {
+ description
+ "Enclosing container for AAA server groups";
+
+ list server-group {
+ key "name";
+ description
+ "List of AAA server groups. All servers in a group
+ must have the same type as indicated by the server
+ type.";
+
+ leaf name {
+ type leafref {
+ path "../config/name";
+ }
+ description
+ "Reference to configured name of the server group";
+ }
+
+ container config {
+ description
+ "Configuration data for each server group";
+
+ uses aaa-servergroup-common-config;
+ }
+
+ container state {
+ config false;
+
+ description
+ "Operational state data for each server group";
+
+ uses aaa-servergroup-common-config;
+ uses aaa-servergroup-common-state;
+ }
+
+ uses aaa-server-top;
+ }
+ }
+ }
+
+ grouping aaa-server-config {
+ description
+ "Common configuration data for AAA servers";
+
+ leaf name {
+ type string;
+ description
+ "Name assigned to the server";
+ }
+
+
+ leaf address {
+ type inet:ip-address;
+ description "Address of the authentication server";
+ }
+
+ leaf timeout {
+ type uint16;
+ units seconds;
+ description
+ "Set the timeout in seconds on responses from the AAA
+ server";
+ }
+ }
+
+ grouping aaa-server-state {
+ description
+ "Common operational state data for AAA servers";
+
+ leaf connection-opens {
+ type yang:counter64;
+ description
+ "Number of new connection requests sent to the server, e.g.
+ socket open";
+ }
+
+ leaf connection-closes {
+ type yang:counter64;
+ description
+ "Number of connection close requests sent to the server, e.g.
+ socket close";
+ }
+
+ leaf connection-aborts {
+ type yang:counter64;
+ description
+ "Number of aborted connections to the server. These do
+ not include connections that are close gracefully.";
+ }
+
+ leaf connection-failures {
+ type yang:counter64;
+ description
+ "Number of connection failures to the server";
+ }
+
+ leaf connection-timeouts {
+ type yang:counter64;
+ description
+ "Number of connection timeouts to the server";
+ }
+
+ leaf messages-sent {
+ type yang:counter64;
+ description
+ "Number of messages sent to the server";
+ }
+
+ leaf messages-received {
+ type yang:counter64;
+ description
+ "Number of messages received by the server";
+ }
+
+ leaf errors-received {
+ type yang:counter64;
+ description
+ "Number of error messages received from the server";
+ }
+
+ }
+
+ grouping aaa-server-top {
+ description
+ "Top-level grouping for list of AAA servers";
+
+ container servers {
+ description
+ "Enclosing container the list of servers";
+
+ list server {
+ key "address";
+ description
+ "List of AAA servers";
+
+ leaf address {
+ type leafref {
+ path "../config/address";
+ }
+ description
+ "Reference to the configured address of the AAA server";
+ }
+
+ container config {
+ description
+ "Configuration data ";
+
+ uses aaa-server-config;
+ }
+
+ container state {
+ config false;
+
+ description
+ "Operational state data ";
+
+ uses aaa-server-config;
+ uses aaa-server-state;
+ }
+ uses aaa-tacacs-server-top;
+ uses aaa-radius-server-top;
+ }
+ }
+ }
+
+ grouping aaa-admin-config {
+ description
+ "Configuration data for the system built-in
+ administrator / root user account";
+
+ leaf admin-password {
+ type string;
+ oc-ext:openconfig-hashed-value;
+ description
+ "The admin/root password, supplied as a cleartext string.
+ The system should hash and only store the password as a
+ hashed value.";
+ }
+
+ leaf admin-password-hashed {
+ type oc-aaa-types:crypt-password-type;
+ description
+ "The admin/root password, supplied as a hashed value
+ using the notation described in the definition of the
+ crypt-password-type.";
+ }
+ }
+
+ grouping aaa-admin-state {
+ description
+ "Operational state data for the root user";
+
+ leaf admin-username {
+ type string;
+ description
+ "Name of the administrator user account, e.g., admin, root,
+ etc.";
+ }
+ }
+
+ grouping aaa-authentication-admin-top {
+ description
+ "Top-level grouping for root user configuration and state
+ data";
+
+ container admin-user {
+ description
+ "Top-level container for the system root or admin user
+ configuration and operational state";
+
+ container config {
+ description
+ "Configuration data for the root user account";
+
+ uses aaa-admin-config;
+ }
+
+ container state {
+ config false;
+
+ description
+ "Operational state data for the root user account";
+
+ uses aaa-admin-config;
+ uses aaa-admin-state;
+ }
+ }
+ }
+ grouping aaa-authentication-user-config {
+ description
+ "Configuration data for local users";
+
+ leaf username {
+ type string;
+ description
+ "Assigned username for this user";
+ }
+
+ leaf password {
+ type string;
+ oc-ext:openconfig-hashed-value;
+ description
+ "The user password, supplied as cleartext. The system
+ must hash the value and only store the hashed value.";
+ }
+
+ leaf password-hashed {
+ type oc-aaa-types:crypt-password-type;
+ description
+ "The user password, supplied as a hashed value
+ using the notation described in the definition of the
+ crypt-password-type.";
+ }
+
+ leaf ssh-key {
+ type string;
+ description
+ "SSH public key for the user (RSA or DSA)";
+ }
+
+ leaf role {
+ type union {
+ type string;
+ type identityref {
+ base oc-aaa-types:SYSTEM_DEFINED_ROLES;
+ }
+ }
+ description
+ "Role assigned to the user. The role may be supplied
+ as a string or a role defined by the SYSTEM_DEFINED_ROLES
+ identity.";
+ }
+ }
+
+ grouping aaa-authentication-user-state {
+ description
+ "Operational state data for local users";
+ }
+
+ grouping aaa-authentication-user-top {
+ description
+ "Top-level grouping for local users";
+
+ container users {
+ description
+ "Enclosing container list of local users";
+
+ list user {
+ key "username";
+ description
+ "List of local users on the system";
+
+ leaf username {
+ type leafref {
+ path "../config/username";
+ }
+ description
+ "References the configured username for the user";
+ }
+
+ container config {
+ description
+ "Configuration data for local users";
+
+ uses aaa-authentication-user-config;
+ }
+
+ container state {
+ config false;
+
+ description
+ "Operational state data for local users";
+
+ uses aaa-authentication-user-config;
+ uses aaa-authentication-user-state;
+ }
+ }
+
+ }
+ }
+
+ grouping aaa-accounting-methods-common {
+ description
+ "Common definitions for accounting methods";
+
+ leaf-list accounting-method {
+ type union {
+ type identityref {
+ base oc-aaa-types:AAA_METHOD_TYPE;
+ }
+ type string;
+ //TODO: in YANG 1.1 this should be converted to a leafref to
+ //point to the server group name.
+ }
+ description
+ "The method used for AAA accounting for this event
+ type. The method is defined by the destination for
+ accounting data, which may be specified as the group of
+ all TACACS+/RADIUS servers, a defined server group, or
+ the local system.";
+ }
+ }
+
+
+ grouping aaa-accounting-events-config {
+ description
+ "Configuration data for AAA accounting events";
+
+ leaf event-type {
+ type identityref {
+ base oc-aaa-types:AAA_ACCOUNTING_EVENT_TYPE;
+ }
+ description
+ "The type of activity to record at the AAA accounting
+ server";
+ }
+
+ leaf record {
+ type enumeration {
+ enum START_STOP {
+ description
+ "Send START record to the accounting server at the
+ beginning of the activity, and STOP record at the
+ end of the activity.";
+ }
+ enum STOP {
+ description
+ "Send STOP record to the accounting server when the
+ user activity completes";
+ }
+ }
+ description
+ "Type of record to send to the accounting server for this
+ activity type";
+ }
+ }
+
+ grouping aaa-accounting-events-state {
+ description
+ "Operational state data for accounting events";
+ }
+
+ grouping aaa-accounting-events-top {
+ description
+ "Top-level grouping for accounting events";
+
+ container events {
+ description
+ "Enclosing container for defining handling of events
+ for accounting";
+
+ list event {
+ key "event-type";
+ description
+ "List of events subject to accounting";
+
+ leaf event-type {
+ type leafref {
+ path "../config/event-type";
+ }
+ description
+ "Reference to the event-type being logged at the
+ accounting server";
+ }
+
+ container config {
+ description
+ "Configuration data for accounting events";
+
+ uses aaa-accounting-events-config;
+ }
+
+ container state {
+ config false;
+
+ description
+ "Operational state data for accounting events";
+
+ uses aaa-accounting-events-config;
+ uses aaa-accounting-events-state;
+ }
+ }
+ }
+ }
+
+ grouping aaa-accounting-config {
+ description
+ "Configuration data for event accounting";
+
+ uses aaa-accounting-methods-common;
+
+ }
+
+ grouping aaa-accounting-state {
+ description
+ "Operational state data for event accounting services";
+ }
+
+ grouping aaa-accounting-top {
+ description
+ "Top-level grouping for user activity accounting";
+
+ container accounting {
+ description
+ "Top-level container for AAA accounting";
+
+ container config {
+ description
+ "Configuration data for user activity accounting.";
+
+ uses aaa-accounting-config;
+ }
+
+ container state {
+ config false;
+
+ description
+ "Operational state data for user accounting.";
+
+ uses aaa-accounting-config;
+ uses aaa-accounting-state;
+ }
+
+ uses aaa-accounting-events-top;
+
+ }
+ }
+
+ grouping aaa-authorization-methods-config {
+ description
+ "Common definitions for authorization methods for global
+ and per-event type";
+
+ leaf-list authorization-method {
+ type union {
+ type identityref {
+ base oc-aaa-types:AAA_METHOD_TYPE;
+ }
+ type string;
+ }
+ description
+ "Ordered list of methods for authorizing commands. The first
+ method that provides a response (positive or negative) should
+ be used. The list may contain a well-defined method such
+ as the set of all TACACS or RADIUS servers, or the name of
+ a defined AAA server group. The system must validate
+ that the named server group exists.";
+ }
+ }
+
+ grouping aaa-authorization-events-config {
+ description
+ "Configuration data for AAA authorization events";
+
+ leaf event-type {
+ type identityref {
+ base oc-aaa-types:AAA_AUTHORIZATION_EVENT_TYPE;
+ }
+ description
+ "The type of event to record at the AAA authorization
+ server";
+ }
+ }
+
+ grouping aaa-authorization-events-state {
+ description
+ "Operational state data for AAA authorization events";
+ }
+
+ grouping aaa-authorization-events-top {
+ description
+ "Top-level grouping for authorization events";
+
+ container events {
+ description
+ "Enclosing container for the set of events subject
+ to authorization";
+
+ list event {
+ key "event-type";
+ description
+ "List of events subject to AAA authorization";
+
+ leaf event-type {
+ type leafref {
+ path "../config/event-type";
+ }
+ description
+ "Reference to the event-type list key";
+ }
+
+ container config {
+ description
+ "Configuration data for each authorized event";
+
+ uses aaa-authorization-events-config;
+ }
+
+ container state {
+ config false;
+
+ description
+ "Operational state data for each authorized activity";
+
+ uses aaa-authorization-events-config;
+ uses aaa-authorization-events-state;
+ }
+ }
+ }
+ }
+
+ grouping aaa-authorization-config {
+ description
+ "Configuration data for AAA authorization";
+
+ uses aaa-authorization-methods-config;
+ }
+
+ grouping aaa-authorization-state {
+ description
+ "Operational state data for AAA authorization";
+ }
+
+ grouping aaa-authorization-top {
+ description
+ "Top-level grouping for AAA authorization";
+
+ container authorization {
+ description
+ "Top-level container for AAA authorization configuration
+ and operational state data";
+
+ container config {
+ description
+ "Configuration data for authorization based on AAA
+ methods";
+
+ uses aaa-authorization-config;
+ }
+
+ container state {
+ config false;
+
+ description
+ "Operational state data for authorization based on AAA";
+
+ uses aaa-authorization-config;
+ uses aaa-authorization-state;
+ }
+
+ uses aaa-authorization-events-top;
+
+ }
+ }
+
+ grouping aaa-authentication-config {
+ description
+ "Configuration data for global authentication";
+
+ leaf-list authentication-method {
+ type union {
+ type identityref {
+ base oc-aaa-types:AAA_METHOD_TYPE;
+ }
+ type string;
+ //TODO: string should be a leafref to a defined
+ //server group. this will be possible in YANG 1.1
+ //type leafref {
+ //path "/aaa/server-groups/server-group/config/name";
+ //}
+ }
+ ordered-by user;
+ description
+ "Ordered list of authentication methods for users. This
+ can be either a reference to a server group, or a well-
+ defined designation in the AAA_METHOD_TYPE identity. If
+ authentication fails with one method, the next defined
+ method is tried -- failure of all methods results in the
+ user being denied access.";
+ }
+ }
+
+ grouping aaa-authentication-state {
+ description
+ "Operational state data for global authentication";
+ }
+
+ grouping aaa-authentication-top {
+ description
+ "Top-level grouping for top-level authentication";
+
+ container authentication {
+ description
+ "Top-level container for global authentication data";
+
+ container config {
+ description
+ "Configuration data for global authentication services";
+
+ uses aaa-authentication-config;
+ }
+
+ container state {
+ config false;
+
+ description
+ "Operational state data for global authentication
+ services";
+
+ uses aaa-authentication-config;
+ uses aaa-authentication-state;
+ }
+
+ uses aaa-authentication-admin-top;
+ uses aaa-authentication-user-top;
+ }
+ }
+
+ grouping aaa-config {
+ description
+ "Configuration data for top level AAA";
+ }
+
+ grouping aaa-state {
+ description
+ "Operational state data for top level AAA";
+ }
+
+ grouping aaa-top {
+ description
+ "Top-level grouping for AAA services";
+
+ container aaa {
+ description
+ "Top-level container for AAA services";
+
+ container config {
+ description
+ "Configuration data for top level AAA services";
+
+ uses aaa-config;
+ }
+
+ container state {
+ config false;
+
+ description
+ "Operational state data for top level AAA services ";
+
+ uses aaa-config;
+ uses aaa-state;
+ }
+
+ uses aaa-authentication-top;
+ uses aaa-authorization-top;
+ uses aaa-accounting-top;
+ uses aaa-servergroup-common-top;
+
+ }
+ }
+
+
+
+ // data definition statements
+
+
+}
diff --git a/models/openconfig/src/main/yang/system/openconfig-procmon.yang b/models/openconfig/src/main/yang/system/openconfig-procmon.yang
new file mode 100644
index 0000000..6422541
--- /dev/null
+++ b/models/openconfig/src/main/yang/system/openconfig-procmon.yang
@@ -0,0 +1,159 @@
+module openconfig-procmon {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/system/procmon";
+
+ prefix "oc-proc";
+
+
+ // import some basic types
+ import openconfig-extensions { prefix oc-ext; }
+ import openconfig-types { prefix oc-types; }
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module provides data definitions for process health
+ monitoring of one or more processes running on the system.";
+
+ oc-ext:openconfig-version "0.2.0";
+
+ revision "2017-07-06" {
+ description
+ "Move to oc-inet types, add IETF attribution, add RADIUS
+ counters, changed password leaf names to indicate hashed";
+ reference "0.2.0";
+ }
+
+ revision "2017-01-29" {
+ description
+ "Initial public release";
+ reference "0.1.0";
+ }
+
+
+ // grouping statements
+
+ grouping procmon-processes-top {
+ description
+ "Top level grouping for attributes for processes.";
+
+ container processes {
+ description
+ "Parameters related to all monitored processes";
+
+ list process {
+ key "pid";
+ config false;
+ description
+ "List of monitored processes";
+
+ leaf pid {
+ type leafref {
+ path "../state/pid";
+ }
+ description
+ "Reference to the process pid key";
+ }
+
+ container state {
+ config false;
+ description
+ "State parameters related to monitored processes";
+
+ uses procmon-process-attributes-state;
+ }
+ }
+ }
+ }
+
+ grouping procmon-process-attributes-state {
+ description
+ "Attributes state definitions for a process";
+
+ leaf pid {
+ type uint64;
+ description
+ "The process pid";
+ }
+
+ leaf name {
+ type string;
+ description
+ "The process name";
+ }
+
+ leaf-list args {
+ type string;
+ description
+ "Current process command line arguments. Arguments with
+ a parameter (e.g., --option 10 or -option=10) should be
+ represented as a single element of the list with the
+ argument name and parameter together. Flag arguments, i.e.,
+ those without a parameter should also be in their own list
+ element.";
+ }
+
+ leaf start-time {
+ type uint64;
+ units "ns";
+ description
+ "The time at which this process started,
+ reported as nanoseconds since the UNIX epoch. The
+ system must be synchronized such that the start-time
+ can be reported accurately, otherwise it should not be
+ reported.";
+ }
+
+ leaf uptime {
+ type oc-types:timeticks64;
+ description
+ "Amount of time elapsed since this process started.";
+ }
+
+ leaf cpu-usage-user {
+ type oc-types:timeticks64;
+ description
+ "CPU time consumed by this process in user mode.";
+ }
+
+ leaf cpu-usage-system {
+ type oc-types:timeticks64;
+ description
+ "CPU time consumed by this process in kernel mode.";
+ }
+
+ leaf cpu-utilization {
+ type oc-types:percentage;
+ description
+ "The percentage of CPU that is being used by the process.";
+ }
+
+ leaf memory-usage {
+ type uint64;
+ units "bytes";
+ description
+ "Bytes allocated and still in use by the process";
+ }
+
+ leaf memory-utilization {
+ type oc-types:percentage;
+ description
+ "The percentage of RAM that is being used by the process.";
+ }
+ }
+
+ // augment statements
+
+ // rpc statements
+
+ // notification statements
+}
diff --git a/models/openconfig/src/main/yang/system/openconfig-system-logging.yang b/models/openconfig/src/main/yang/system/openconfig-system-logging.yang
new file mode 100644
index 0000000..aee367d
--- /dev/null
+++ b/models/openconfig/src/main/yang/system/openconfig-system-logging.yang
@@ -0,0 +1,486 @@
+module openconfig-system-logging {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/system/logging";
+
+ prefix "oc-log";
+
+ // import some basic types
+ import openconfig-extensions { prefix oc-ext; }
+ import ietf-inet-types { prefix inet; }
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines configuration and operational state data
+ for common logging facilities on network systems.";
+
+ oc-ext:openconfig-version "0.2.0";
+
+ revision "2017-07-06" {
+ description
+ "Move to oc-inet types, add IETF attribution, add RADIUS
+ counters, changed password leaf names to indicate hashed";
+ reference "0.2.0";
+ }
+
+ revision "2017-01-29" {
+ description
+ "Initial public release";
+ reference "0.1.0";
+ }
+
+ // extension statements
+
+ // feature statements
+
+ // identity statements
+
+ identity SYSLOG_FACILITY {
+ description
+ "Base identity for Syslog message facilities.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity ALL {
+ base SYSLOG_FACILITY;
+ description
+ "All supported facilities";
+ }
+
+ identity KERNEL {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for kernel messages";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity USER {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for user-level messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity MAIL {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for the mail system.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity SYSTEM_DAEMON {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for the system daemons.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity AUTH {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for security/authorization messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity SYSLOG {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for messages generated internally by syslogd
+ facility.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity AUTHPRIV {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for privileged security/authorization messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+
+ identity NTP {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for the NTP subsystem.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity AUDIT {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for log audit messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity CONSOLE {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for log alert messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity LOCAL0 {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for local use 0 messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity LOCAL1 {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for local use 1 messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity LOCAL2 {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for local use 2 messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity LOCAL3 {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for local use 3 messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity LOCAL4 {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for local use 4 messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity LOCAL5 {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for local use 5 messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity LOCAL6 {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for local use 6 messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity LOCAL7 {
+ base SYSLOG_FACILITY;
+ description
+ "The facility for local use 7 messages.";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ identity LOG_DESTINATION_TYPE {
+ description
+ "Base identity for destination for logging messages";
+ }
+
+ identity DEST_CONSOLE {
+ base LOG_DESTINATION_TYPE;
+ description
+ "Directs log messages to the console";
+ }
+
+ identity DEST_BUFFER {
+ base LOG_DESTINATION_TYPE;
+ description
+ "Directs log messages to and in-memory circular buffer";
+ }
+
+ identity DEST_FILE {
+ base LOG_DESTINATION_TYPE;
+ description
+ "Directs log messages to a local file";
+ }
+
+ identity DEST_REMOTE {
+ base LOG_DESTINATION_TYPE;
+ description
+ "Directs log messages to a remote syslog server";
+ }
+
+ // typedef statements
+
+ typedef syslog-severity {
+ type enumeration {
+ enum EMERGENCY {
+ description
+ "Emergency: system is unusable (0)";
+ }
+ enum ALERT {
+ description
+ "Alert: action must be taken immediately (1)";
+ }
+ enum CRITICAL {
+ description
+ "Critical: critical conditions (2)";
+ }
+ enum ERROR {
+ description
+ "Error: error conditions (3)";
+ }
+ enum WARNING {
+ description
+ "Warning: warning conditions (4)";
+ }
+ enum NOTICE {
+ description
+ "Notice: normal but significant condition(5)";
+ }
+ enum INFORMATIONAL {
+ description
+ "Informational: informational messages (6)";
+ }
+ enum DEBUG {
+ description
+ "Debug: debug-level messages (7)";
+ }
+ }
+ description
+ "Syslog message severities";
+ reference
+ "IETF RFC 5424 - The Syslog Protocol";
+ }
+
+ // grouping statements
+
+ grouping logging-selectors-config {
+ description
+ "Configuration data for logging selectors";
+
+ leaf facility {
+ type identityref {
+ base SYSLOG_FACILITY;
+ }
+ description
+ "Specifies the facility, or class of messages to log";
+ }
+
+ leaf severity {
+ type syslog-severity;
+ description
+ "Specifies that only messages of the given severity (or
+ greater severity) for the corresonding facility are logged";
+ }
+ }
+
+ grouping logging-selectors-state {
+ description
+ "Operational state data for logging selectors";
+ }
+
+ grouping logging-selectors-top {
+ description
+ "Top-level grouping for the logging selector list";
+
+ container selectors {
+ description
+ "Enclosing container ";
+
+ list selector {
+ key "facility severity";
+ description
+ "List of selectors for log messages";
+
+ leaf facility {
+ type leafref {
+ path "../config/facility";
+ }
+ description
+ "Reference to facility list key";
+ }
+
+ leaf severity {
+ type leafref {
+ path "../config/severity";
+ }
+ description
+ "Reference to severity list key";
+ }
+
+ container config {
+ description
+ "Configuration data ";
+
+ uses logging-selectors-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data ";
+
+ uses logging-selectors-config;
+ uses logging-selectors-state;
+ }
+ }
+ }
+ }
+
+ grouping logging-console-config {
+ description
+ "Configuration data for console logging";
+ }
+
+ grouping logging-console-state {
+ description
+ "Operational state data for console logging";
+ }
+
+ grouping logging-console-top {
+ description
+ "Top-level grouping for console logging data";
+
+ container console {
+ description
+ "Top-level container for data related to console-based
+ logging";
+
+ container config {
+ description
+ "Configuration data for console logging";
+
+ uses logging-console-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for console logging";
+
+ uses logging-console-config;
+ uses logging-console-state;
+ }
+
+ uses logging-selectors-top;
+ }
+ }
+
+ grouping logging-remote-config {
+ description
+ "Configuration data for remote log servers";
+
+ leaf host {
+ type inet:host;
+ description
+ "IP address or hostname of the remote log server";
+ }
+
+ leaf source-address {
+ type inet:ip-address;
+ description
+ "Source IP address for packets to the log server";
+ }
+
+ leaf remote-port {
+ type inet:port-number;
+ default 514;
+ description
+ "Sets the destination port number for syslog UDP messages to
+ the server. The default for syslog is 514.";
+ }
+ }
+
+ grouping logging-remote-state {
+ description
+ "Operational state data for remote log servers";
+ }
+
+ grouping logging-remote-top {
+ description
+ "Top-level grouping for remote log servers";
+
+ container remote-servers {
+ description
+ "Enclosing container for the list of remote log servers";
+
+ list remote-server {
+ key "host";
+ description
+ "List of remote log servers";
+
+ leaf host {
+ type leafref {
+ path "../config/host";
+ }
+ description
+ "Reference to the host list key";
+ }
+
+ container config {
+ description
+ "Configuration data for remote log servers";
+
+ uses logging-remote-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for remote log servers";
+
+ uses logging-remote-config;
+ uses logging-remote-state;
+ }
+ uses logging-selectors-top;
+ }
+ }
+ }
+
+ grouping logging-top {
+ description
+ "Top-level grouping for logging data";
+
+ container logging {
+ description
+ "Top-level container for data related to logging / syslog";
+
+ uses logging-console-top;
+ uses logging-remote-top;
+ }
+ }
+ // data definition statements
+
+ // augment statements
+
+
+}
\ No newline at end of file
diff --git a/models/openconfig/src/main/yang/system/openconfig-system-terminal.yang b/models/openconfig/src/main/yang/system/openconfig-system-terminal.yang
new file mode 100644
index 0000000..f835e35
--- /dev/null
+++ b/models/openconfig/src/main/yang/system/openconfig-system-terminal.yang
@@ -0,0 +1,233 @@
+module openconfig-system-terminal {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/system/terminal";
+
+ prefix "oc-sys-term";
+
+ // import some basic types
+ import openconfig-extensions { prefix oc-ext; }
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ www.openconfig.net";
+
+ description
+ "This module defines configuration and operational state data
+ related to remote terminal services such as ssh and telnet.";
+
+ oc-ext:openconfig-version "0.2.0";
+
+ revision "2017-07-06" {
+ description
+ "Move to oc-inet types, add IETF attribution, add RADIUS
+ counters, changed password leaf names to indicate hashed";
+ reference "0.2.0";
+ }
+
+ revision "2017-01-29" {
+ description
+ "Initial public release";
+ reference "0.1.0";
+ }
+
+
+ // identity statements
+
+ // typedef statements
+
+ // grouping statements
+
+ grouping system-terminal-common-config {
+ description
+ "Common configuration data for terminal services";
+
+ leaf timeout {
+ type uint16;
+ units seconds;
+ description
+ "Set the idle timeout in seconds on terminal connections to
+ the system for the protocol.";
+ }
+
+ leaf rate-limit {
+ type uint16;
+ units "conn/min";
+ description
+ "Set a limit on the number of connection attempts per
+ minute to the system for the protocol.";
+ }
+
+ leaf session-limit {
+ type uint16;
+ description
+ "Set a limit on the number of simultaneous active terminal
+ sessions to the system for the protocol (e.g., ssh,
+ telnet, ...) ";
+ }
+ }
+
+ grouping system-terminal-common-state {
+ description
+ "Common operational state data for terminal services";
+ }
+
+ grouping system-terminal-common-top {
+ description
+ "Top-level grouping for common terminal service data";
+
+ container terminal-servers {
+ description
+ "Top-level container for terminal services";
+
+ container config {
+ description
+ "Configuration data for terminal services";
+
+ uses system-terminal-common-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data ";
+
+ uses system-terminal-common-config;
+ uses system-terminal-common-state;
+ }
+ }
+ }
+
+ grouping system-ssh-server-config {
+ description
+ "Configuration data for system ssh configuration";
+
+ leaf enable {
+ type boolean;
+ default true;
+ description
+ "Enables the ssh server. The ssh server is enabled by
+ default.";
+ }
+
+ leaf protocol-version {
+ type enumeration {
+ enum V2 {
+ description
+ "Use SSH v2 only";
+ }
+ enum V1 {
+ description
+ "Use SSH v1 only";
+ }
+ enum V1_V2 {
+ description
+ "Use either SSH v1 or v2";
+ }
+ }
+ default V2;
+ description
+ "Set the protocol version for SSH connections to the system";
+ }
+
+ uses system-terminal-common-config;
+ }
+
+ grouping system-ssh-server-state {
+ description
+ "Operational state data for ssh server";
+ }
+
+ grouping system-ssh-server-top {
+ description
+ "Top-level grouping for ssh server data";
+
+ container ssh-server {
+ description
+ "Top-level container for ssh server";
+
+ container config {
+ description
+ "Configuration data for the system ssh server";
+
+ uses system-ssh-server-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for the system ssh server";
+
+ uses system-ssh-server-config;
+ uses system-ssh-server-state;
+ }
+ }
+ }
+
+ grouping system-telnet-server-config {
+ description
+ "Configuration data for telnet server";
+
+ leaf enable {
+ type boolean;
+ default false;
+ description
+ "Enables the telnet server. Telnet is disabled by
+ default";
+ }
+ uses system-terminal-common-config;
+
+ }
+
+ grouping system-telnet-server-state {
+ description
+ "Operational state data for telnet server";
+ }
+
+ grouping system-telnet-server-top {
+ description
+ "Top-level grouping for telnet server ";
+
+ container telnet-server {
+ description
+ "Top-level container for telnet terminal servers";
+
+ container config {
+ description
+ "Configuration data for telnet";
+
+ uses system-telnet-server-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for telnet";
+
+ uses system-telnet-server-config;
+ uses system-telnet-server-state;
+ }
+ }
+ }
+
+ // data definition statements
+
+ // augment statements
+
+ // rpc statements
+
+ // notification statements
+
+}
\ No newline at end of file
diff --git a/models/openconfig/src/main/yang/system/openconfig-system.yang b/models/openconfig/src/main/yang/system/openconfig-system.yang
new file mode 100644
index 0000000..d784b11
--- /dev/null
+++ b/models/openconfig/src/main/yang/system/openconfig-system.yang
@@ -0,0 +1,843 @@
+module openconfig-system {
+
+ yang-version "1";
+
+ // namespace
+ namespace "http://openconfig.net/yang/system";
+
+ prefix "oc-sys";
+
+ // import some basic types
+ import openconfig-inet-types { prefix oc-inet; }
+ import ietf-yang-types { prefix yang; }
+ import openconfig-types { prefix oc-types; }
+ import openconfig-extensions { prefix oc-ext; }
+ import openconfig-aaa { prefix oc-aaa; }
+ import openconfig-system-logging { prefix oc-log; }
+ import openconfig-system-terminal { prefix oc-sys-term; }
+ import openconfig-procmon { prefix oc-proc; }
+
+
+
+ // meta
+ organization "OpenConfig working group";
+
+ contact
+ "OpenConfig working group
+ netopenconfig@googlegroups.com";
+
+ description
+ "Model for managing system-wide services and functions on
+ network devices.
+
+ Portions of this code were derived from IETF RFC 7317.
+ Please reproduce this note if possible.
+
+ IETF code is subject to the following copyright and license:
+ Copyright (c) IETF Trust and the persons identified as authors of
+ the code.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, is permitted pursuant to, and subject to the license
+ terms contained in, the Simplified BSD License set forth in
+ Section 4.c of the IETF Trust's Legal Provisions Relating
+ to IETF Documents (http://trustee.ietf.org/license-info).";
+
+ oc-ext:openconfig-version "0.2.0";
+
+ revision "2017-07-06" {
+ description
+ "Move to oc-inet types, add IETF attribution, add RADIUS
+ counters, changed password leaf names to indicate hashed";
+ reference "0.2.0";
+ }
+
+ revision "2017-01-29" {
+ description
+ "Initial public release";
+ reference "0.1.0";
+ }
+
+ // extension statements
+
+ // feature statements
+
+ // identity statements
+
+ identity NTP_AUTH_TYPE {
+ description
+ "Base identity for encryption schemes supported for NTP
+ authentication keys";
+ }
+
+ identity NTP_AUTH_MD5 {
+ base NTP_AUTH_TYPE;
+ description
+ "MD5 encryption method";
+ }
+
+ // typedef statements
+
+ typedef timezone-name-type {
+ type string;
+ description
+ "A time zone name as used by the Time Zone Database,
+ sometimes referred to as the 'Olson Database'.
+
+ The exact set of valid values is an implementation-specific
+ matter. Client discovery of the exact set of time zone names
+ for a particular server is out of scope.";
+ reference
+ "BCP 175: Procedures for Maintaining the Time Zone Database";
+ }
+
+ // grouping statements
+
+ grouping system-clock-config {
+ description
+ "Configuration data for system-wide clock configuration";
+
+ leaf timezone-name {
+ type timezone-name-type;
+ description
+ "The TZ database name to use for the system, such
+ as 'Europe/Stockholm'.";
+ reference "IANA Time Zone Database
+ http://www.iana.org/time-zones";
+ }
+ }
+
+ grouping system-clock-state {
+ description
+ "Operational state data for system-wide clock configuration";
+ }
+
+ grouping system-clock-top {
+ description
+ "Top-level grouping for system-wide clock configuration";
+
+ container clock {
+ description
+ "Top-level container for clock configuration data";
+
+ container config {
+ description
+ "Configuration data for system clock";
+
+ uses system-clock-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for system clock";
+
+ uses system-clock-config;
+ uses system-clock-state;
+ }
+ }
+ }
+
+ grouping system-global-config {
+ description "system-wide configuration parameters";
+
+ leaf hostname {
+ type oc-inet:domain-name;
+ description
+ "The hostname of the device -- should be a single domain
+ label, without the domain.";
+ }
+
+ leaf domain-name {
+ type oc-inet:domain-name;
+ description
+ "Specifies the domain name used to form fully qualified name
+ for unqualified hostnames.";
+ }
+
+ leaf login-banner {
+ type string;
+ description
+ "The console login message displayed before the login prompt,
+ i.e., before a user logs into the system.";
+ }
+
+ leaf motd-banner {
+ type string;
+ description
+ "The console message displayed after a user logs into the
+ system. They system may append additional standard
+ information such as the current system date and time, uptime,
+ last login timestamp, etc.";
+ }
+ }
+
+ grouping system-global-state {
+ description
+ "Global operational state data for the system";
+
+ leaf current-datetime {
+ type yang:date-and-time;
+ description
+ "The current system date and time.";
+ }
+
+ leaf boot-time {
+ type oc-types:timeticks64;
+ description
+ "This timestamp indicates the time that the system was last
+ restarted. The value is the timestamp in seconds relative
+ to the Unix Epoch (Jan 1, 1970 00:00:00 UTC).";
+ }
+
+ }
+
+ grouping system-dns-config {
+ description "DNS / resolver related configuration data";
+
+ leaf-list search {
+ type oc-inet:domain-name;
+ ordered-by user;
+ description
+ "An ordered list of domains to search when resolving
+ a host name.";
+ }
+ }
+
+ grouping system-dns-state {
+ description
+ "Operational state data for system DNS resolver";
+
+ }
+
+ grouping system-dns-servers-config {
+ description
+ "Configuration data for DNS resolvers";
+
+ //RFC 7317 includes a single-value choice statement to for
+ //TCP and UDP transport. This has been removed since it the
+ //transport protocol is not generally available as an options
+ //on target devices. It may be added back if and when needed.
+
+ leaf address {
+ type oc-inet:ip-address;
+ description
+ "The address of the DNS server, can be either IPv4
+ or IPv6.";
+ }
+
+ leaf port {
+ type oc-inet:port-number;
+ default 53;
+ description
+ "The port number of the DNS server.";
+ }
+
+ //RFC 7317 includes resolver timeout and attempts options. These
+ //have been omitted as they are not available on many targets. If
+ //and when they are required, they may be added back in.
+ }
+
+ grouping system-dns-static-config {
+ description
+ "Configuration data for static host entries";
+
+ leaf hostname {
+ type string;
+ description
+ "Hostname for the static DNS entry";
+ }
+
+ leaf-list alias {
+ type string;
+ description
+ "Additional aliases for the hostname";
+ }
+
+ leaf-list ipv4-address {
+ type oc-inet:ipv4-address;
+ description
+ "List of IPv4 addressses for the host entry";
+ }
+
+ leaf-list ipv6-address {
+ type oc-inet:ipv6-address;
+ description
+ "List of IPv6 addresses for the host entry";
+ }
+ }
+
+ grouping system-dns-static-state {
+ description
+ "Operational state data for static host entries";
+ }
+
+ grouping system-dns-static-top {
+ description
+ "Top-level grouping for static DNS host entries";
+
+ container host-entries {
+ description
+ "Enclosing container for list of static host entries";
+
+ list host-entry {
+ key "hostname";
+ description
+ "List of static host entries";
+
+ leaf hostname {
+ type leafref {
+ path "../config/hostname";
+ }
+ description
+ "Reference to the hostname list key";
+ }
+
+ container config {
+ description
+ "Configuration data for static host entries";
+
+ uses system-dns-static-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for static host entries";
+
+ uses system-dns-static-config;
+ uses system-dns-static-state;
+ }
+ }
+ }
+ }
+
+ grouping system-dns-servers-state {
+ description
+ "Operational state data for DNS resolvers";
+
+ }
+
+ grouping system-dns-servers-top {
+ description
+ "Top-level grouping for the list of DNS resolvers.";
+
+ container servers {
+ description
+ "Enclosing container for DNS resolver list";
+
+ list server {
+ key "address";
+ ordered-by user;
+ description
+ "List of the DNS servers that the resolver should query.
+
+ When the resolver is invoked by a calling application, it
+ sends the query to the first name server in this list. If
+ no response has been received within 'timeout' seconds,
+ the resolver continues with the next server in the list.
+ If no response is received from any server, the resolver
+ continues with the first server again. When the resolver
+ has traversed the list 'attempts' times without receiving
+ any response, it gives up and returns an error to the
+ calling application.
+
+ Implementations MAY limit the number of entries in this
+ list.";
+
+ leaf address {
+ type leafref {
+ path "../config/address";
+ }
+ description
+ "References the configured address of the DNS server";
+ }
+
+ container config {
+ description
+ "Configuration data for each DNS resolver";
+
+ uses system-dns-servers-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for each DNS resolver";
+
+ uses system-dns-servers-config;
+ uses system-dns-servers-state;
+ }
+
+ }
+ }
+ }
+
+ grouping system-dns-top {
+ description
+ "Top-level grouping for DNS / resolver config and operational
+ state data";
+
+ container dns {
+ description
+ "Enclosing container for DNS resolver data";
+
+ container config {
+ description
+ "Configuration data for the DNS resolver";
+
+ uses system-dns-config;
+
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for the DNS resolver";
+
+ uses system-dns-config;
+ uses system-dns-state;
+
+ }
+
+ uses system-dns-servers-top;
+ uses system-dns-static-top;
+ }
+ }
+
+ grouping system-ntp-server-config {
+ description
+ "Configuration data for NTP servers";
+
+ leaf address {
+ type oc-inet:host;
+ description
+ "The address or hostname of the NTP server.";
+ }
+
+ leaf port {
+ type oc-inet:port-number;
+ default 123;
+ description
+ "The port number of the NTP server.";
+ }
+
+ leaf version {
+ type uint8 {
+ range 1..4;
+ }
+ default 4;
+ description
+ "Version number to put in outgoing NTP packets";
+ }
+
+ leaf association-type {
+ type enumeration {
+ enum SERVER {
+ description
+ "Use client association mode. This device
+ will not provide synchronization to the
+ configured NTP server.";
+ }
+ enum PEER {
+ description
+ "Use symmetric active association mode.
+ This device may provide synchronization
+ to the configured NTP server.";
+ }
+ enum POOL {
+ description
+ "Use client association mode with one or
+ more of the NTP servers found by DNS
+ resolution of the domain name given by
+ the 'address' leaf. This device will not
+ provide synchronization to the servers.";
+ }
+ }
+ default SERVER;
+ description
+ "The desired association type for this NTP server.";
+ }
+ leaf iburst {
+ type boolean;
+ default false;
+ description
+ "Indicates whether this server should enable burst
+ synchronization or not.";
+ }
+ leaf prefer {
+ type boolean;
+ default false;
+ description
+ "Indicates whether this server should be preferred
+ or not.";
+ }
+ }
+
+ grouping system-ntp-server-state {
+ description
+ "Operational state data for NTP servers";
+
+ leaf stratum {
+ type uint8;
+ description
+ "Indicates the level of the server in the NTP hierarchy. As
+ stratum number increases, the accuracy is degraded. Primary
+ servers are stratum while a maximum value of 16 indicates
+ unsynchronized. The values have the following specific
+ semantics:
+
+ | 0 | unspecified or invalid
+ | 1 | primary server (e.g., equipped with a GPS receiver)
+ | 2-15 | secondary server (via NTP)
+ | 16 | unsynchronized
+ | 17-255 | reserved";
+ reference
+ "RFC 5905 - Network Time Protocol Version 4: Protocol and
+ Algorithms Specification";
+ }
+
+ leaf root-delay {
+ type uint32;
+ // TODO: reconsider units for these values -- the spec defines
+ // rootdelay and rootdisperson as 2 16-bit integers for seconds
+ // and fractional seconds, respectively. This gives a
+ // precision of ~15 us (2^-16). Using milliseconds here based
+ // on what implementations typically provide and likely lack
+ // of utility for less than millisecond precision with NTP
+ // time sync.
+ units "milliseconds";
+ description
+ "The round-trip delay to the server, in milliseconds.";
+ reference
+ "RFC 5905 - Network Time Protocol Version 4: Protocol and
+ Algorithms Specification";
+ }
+
+ leaf root-dispersion {
+ type uint64;
+ units "milliseconds";
+ description
+ "Dispersion (epsilon) represents the maximum error inherent
+ in the measurement";
+ reference
+ "RFC 5905 - Network Time Protocol Version 4: Protocol and
+ Algorithms Specification";
+ }
+
+ leaf offset {
+ type uint64;
+ units "milliseconds";
+ description
+ "Estimate of the current time offset from the peer. This is
+ the time difference between the local and reference clock.";
+ }
+
+ leaf poll-interval {
+ type uint32;
+ units "seconds";
+ description
+ "Polling interval of the peer";
+ }
+ }
+
+ grouping system-ntp-server-top {
+ description
+ "Top-level grouping for the list of NTP servers";
+
+ container servers {
+ description
+ "Enclosing container for the list of NTP servers";
+
+ list server {
+ key "address";
+ description
+ "List of NTP servers to use for system clock
+ synchronization. If '/system/ntp/enabled'
+ is 'true', then the system will attempt to
+ contact and utilize the specified NTP servers.";
+
+ leaf address {
+ type leafref {
+ path "../config/address";
+ }
+ description
+ "References the configured address or hostname of the
+ NTP server.";
+ }
+
+ container config {
+ description
+ "Configuration data for an NTP server.";
+
+ uses system-ntp-server-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for an NTP server.";
+
+ uses system-ntp-server-config;
+ uses system-ntp-server-state;
+ }
+
+ }
+ }
+ }
+
+ grouping system-ntp-auth-keys-config {
+ description
+ "Configuration data ";
+
+ leaf key-id {
+ type uint16;
+ description
+ "Integer identifier used by the client and server to
+ designate a secret key. The client and server must use
+ the same key id.";
+ }
+
+ leaf key-type {
+ type identityref {
+ base NTP_AUTH_TYPE;
+ }
+ description
+ "Encryption type used for the NTP authentication key";
+ }
+
+ leaf key-value {
+ type string;
+ description
+ "NTP authentication key value";
+ }
+ }
+
+ grouping system-ntp-auth-keys-state {
+ description
+ "Operational state data for NTP auth key data";
+ }
+
+ grouping system-ntp-auth-keys-top {
+ description
+ "Top-level grouping for NTP auth key data";
+
+ container ntp-keys {
+ description
+ "Enclosing container for list of NTP authentication keys";
+
+ list ntp-key {
+ key "key-id";
+ description
+ "List of NTP authentication keys";
+
+ leaf key-id {
+ type leafref {
+ path "../config/key-id";
+ }
+ description
+ "Reference to auth key-id list key";
+ }
+
+ container config {
+ description
+ "Configuration data for NTP auth keys";
+
+ uses system-ntp-auth-keys-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for NTP auth keys";
+
+ uses system-ntp-auth-keys-config;
+ uses system-ntp-auth-keys-state;
+ }
+ }
+ }
+ }
+
+ grouping system-ntp-config {
+ description
+ "Configuration data for system-wide NTP operation.";
+
+ leaf enabled {
+ type boolean;
+ default false;
+ description
+ "Enables the NTP protocol and indicates that the system should
+ attempt to synchronize the system clock with an NTP server
+ from the servers defined in the 'ntp/server' list.";
+ }
+
+ leaf ntp-source-address {
+ type oc-inet:ip-address;
+ description
+ "Source address to use on outgoing NTP packets";
+ }
+
+ leaf enable-ntp-auth {
+ type boolean;
+ default false;
+ description
+ "Enable or disable NTP authentication -- when enabled, the
+ system will only use packets containing a trusted
+ authentication key to synchronize the time.";
+ }
+ }
+
+ grouping system-ntp-state {
+ description
+ "Operational state data for system-wide NTP operation.";
+
+ leaf auth-mismatch {
+ type yang:counter64;
+ description
+ "Count of the number of NTP packets received that were not
+ processed due to authentication mismatch.";
+ }
+ }
+
+ grouping system-ntp-top {
+ description
+ "Top-level grouping for configuration and state data for NTP";
+
+ container ntp {
+ description
+ "Top-level container for NTP configuration and state";
+
+ container config {
+ description
+ "Configuration data for NTP client.";
+
+ uses system-ntp-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for NTP services.";
+
+ uses system-ntp-config;
+ uses system-ntp-state;
+ }
+ uses system-ntp-auth-keys-top;
+ uses system-ntp-server-top;
+ }
+ }
+
+ grouping system-memory-config {
+ description
+ "Configuration data for system memory";
+ }
+
+ grouping system-memory-state {
+ description
+ "Operational state data for system memory";
+
+ leaf physical {
+ type uint64;
+ units bytes;
+ // TODO: consider making units in megabytes
+ description
+ "Reports the total physical memory available on the
+ system.";
+ }
+
+ leaf reserved {
+ type uint64;
+ units bytes;
+ description
+ "Memory reserved for system use";
+ }
+ }
+
+ grouping system-memory-top {
+ description
+ "Top-level grouping for system memory data definitions";
+
+ container memory {
+ description
+ "Top-level container for system memory data";
+
+ container config {
+ description
+ "Configuration data for system memory";
+
+ uses system-memory-config;
+ }
+
+ container state {
+
+ config false;
+
+ description
+ "Operational state data for system memory";
+
+ uses system-memory-config;
+ uses system-memory-state;
+ }
+ }
+ }
+
+
+ grouping system-top {
+ description
+ "Top level system data containers";
+
+ container system {
+ description
+ "Enclosing container for system-related configuration and
+ operational state data";
+
+ container config {
+ description "Global configuration data for the system";
+
+ uses system-global-config;
+
+ }
+
+ container state {
+
+ config false;
+
+ description "Global operational state data for the system";
+
+ uses system-global-config;
+ uses system-global-state;
+
+ }
+
+ uses system-clock-top;
+ uses system-dns-top;
+ uses system-ntp-top;
+ uses oc-sys-term:system-ssh-server-top;
+ uses oc-sys-term:system-telnet-server-top;
+ uses oc-log:logging-top;
+ uses oc-aaa:aaa-top;
+ uses system-memory-top;
+ uses oc-proc:procmon-processes-top;
+ }
+ }
+
+ // data definition statements
+
+ uses system-top;
+
+}