Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 06613e9e35fa37b83c87ef7f03ca8923752b83dc / . / models / microsemi / src / main / yang / ietf-system.yang
blob: 12e6a9f3ad6d253ff08ade79579aec5004db17f5 [file] [log] [blame]
Sean Condonfae8e662016-12-15 10:25:13 +0000[diff] [blame]1module ietf-system {
2 namespace "urn:ietf:params:xml:ns:yang:ietf-system";
3 prefix "sys";
4
5 import ietf-yang-types {
6 prefix yang;
7 }
8
9 import ietf-inet-types {
10 prefix inet;
11 }
12
13 import ietf-netconf-acm {
14 prefix nacm;
15 }
16
17 import iana-crypt-hash {
18 prefix ianach;
19 }
20
21 import msea-types {
22 prefix msea;
23 revision-date 2016-02-29;
24 }
25
26 organization
27 "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
28
29 contact
30 "WG Web: <http://tools.ietf.org/wg/netmod/>
31 WG List: <mailto:netmod@ietf.org>
32
33 WG Chair: Thomas Nadeau
34 <mailto:tnadeau@lucidvision.com>
35
36 WG Chair: Juergen Schoenwaelder
37 <mailto:j.schoenwaelder@jacobs-university.de>
38
39 Editor: Andy Bierman
40 <mailto:andy@yumaworks.com>
41
42 Editor: Martin Bjorklund
43 <mailto:mbj@tail-f.com>";
44
45 description
46 "This module contains a collection of YANG definitions for the
47 configuration and identification of some common system
48 properties within a device containing a NETCONF server. This
49 includes data node definitions for system identification,
50 time-of-day management, user management, DNS resolver
51 configuration, and some protocol operations for system
52 management.
53
54 Copyright (c) 2014 IETF Trust and the persons identified as
55 authors of the code. All rights reserved.
56
57 Redistribution and use in source and binary forms, with or
58 without modification, is permitted pursuant to, and subject
59 to the license terms contained in, the Simplified BSD License
60 set forth in Section 4.c of the IETF Trust's Legal Provisions
61 Relating to IETF Documents
62 (http://trustee.ietf.org/license-info).
63
64 This version of this YANG module is part of RFC 7317; see
65 the RFC itself for full legal notices.";
66
67 revision 2014-08-06 {
68 description
69 "Initial revision.";
70 reference
71 "RFC 7317: A YANG Data Model for System Management";
72 }
73
74 /*
75 * Typedefs
76 */
77
78 typedef timezone-name {
79 type string;
80 description
81 "A time zone name as used by the Time Zone Database,
82 sometimes referred to as the 'Olson Database'.
83
84 The exact set of valid values is an implementation-specific
85 matter. Client discovery of the exact set of time zone names
86 for a particular server is out of scope.";
87 reference
88 "RFC 6557: Procedures for Maintaining the Time Zone Database";
89 }
90
91 /*
92 * Features
93 */
94
95 feature radius {
96 description
97 "Indicates that the device can be configured as a RADIUS
98 client.";
99 reference
100 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
101 }
102
103 feature authentication {
104 description
105 "Indicates that the device supports configuration of
106 user authentication.";
107 }
108
109 feature local-users {
110 if-feature authentication;
111 description
112 "Indicates that the device supports configuration of
113 local user authentication.";
114 }
115
116 feature radius-authentication {
117 if-feature radius;
118 if-feature authentication;
119 description
120 "Indicates that the device supports configuration of user
121 authentication over RADIUS.";
122 reference
123 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
124 RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
125 Authorization for Network Access Server (NAS)
126 Management";
127 }
128
129 feature ntp {
130 description
131 "Indicates that the device can be configured to use one or
132 more NTP servers to set the system date and time.";
133 }
134
135 feature ntp-udp-port {
136 if-feature ntp;
137 description
138 "Indicates that the device supports the configuration of
139 the UDP port for NTP servers.
140
141 This is a 'feature', since many implementations do not support
142 any port other than the default port.";
143 }
144
145 feature timezone-name {
146 description
147 "Indicates that the local time zone on the device
148 can be configured to use the TZ database
149 to set the time zone and manage daylight saving time.";
150 reference
151 "RFC 6557: Procedures for Maintaining the Time Zone Database";
152 }
153
154 feature dns-udp-tcp-port {
155 description
156 "Indicates that the device supports the configuration of
157 the UDP and TCP port for DNS servers.
158
159 This is a 'feature', since many implementations do not support
160 any port other than the default port.";
161 }
162
163 /*
164 * Identities
165 */
166
167 identity authentication-method {
168 description
169 "Base identity for user authentication methods.";
170 }
171
172 identity radius {
173 base authentication-method;
174 description
175 "Indicates user authentication using RADIUS.";
176 reference
177 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
178 RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
179 Authorization for Network Access Server (NAS)
180 Management";
181 }
182
183 identity local-users {
184 base authentication-method;
185 description
186 "Indicates password-based authentication of locally
187 configured users.";
188 }
189
190 identity radius-authentication-type {
191 description
192 "Base identity for RADIUS authentication types.";
193 }
194
195 identity radius-pap {
196 base radius-authentication-type;
197 description
198 "The device requests Password Authentication Protocol (PAP)
199 authentication from the RADIUS server.";
200 reference
201 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
202 }
203
204 identity radius-chap {
205 base radius-authentication-type;
206 description
207 "The device requests Challenge Handshake Authentication
208 Protocol (CHAP) authentication from the RADIUS server.";
209 reference
210 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
211 }
212
213 /*
214 * Configuration data nodes
215 */
216
217 container system {
218 description
219 "System group configuration.";
220
221 leaf contact {
222 type string;
223 description
224 "The administrator contact information for the system.
225
226 A server implementation MAY map this leaf to the sysContact
227 MIB object. Such an implementation needs to use some
228 mechanism to handle the differences in size and characters
229 allowed between this leaf and sysContact. The definition of
230 such a mechanism is outside the scope of this document.";
231 reference
232 "RFC 3418: Management Information Base (MIB) for the
233 Simple Network Management Protocol (SNMP)
234 SNMPv2-MIB.sysContact";
235 }
236
237 leaf hostname {
238 type inet:domain-name;
239 description
240 "The name of the host. This name can be a single domain
241 label or the fully qualified domain name of the host.";
242
243 }
244
245 leaf location {
246 type string;
247 description
248 "The system location.
249
250 A server implementation MAY map this leaf to the sysLocation
251 MIB object. Such an implementation needs to use some
252 mechanism to handle the differences in size and characters
253 allowed between this leaf and sysLocation. The definition
254 of such a mechanism is outside the scope of this document.";
255
256 reference
257 "RFC 3418: Management Information Base (MIB) for the
258 Simple Network Management Protocol (SNMP)
259 SNMPv2-MIB.sysLocation";
260 }
261
262 container clock {
263 description
264 "Configuration of the system date and time properties.";
265
266 choice timezone {
267 description
268 "The system time zone information.";
269
270 case timezone-name {
271 if-feature timezone-name;
272 leaf timezone-name {
273 type timezone-name;
274 description
275 "The TZ database name to use for the system, such
276 as 'Europe/Stockholm'.";
277 }
278 }
279 case timezone-utc-offset {
280 leaf timezone-utc-offset {
281 type int16 {
282 range "-1500 .. 1500";
283 }
284 units "minutes";
285 description
286 "The number of minutes to add to UTC time to
287 identify the time zone for this system. For example,
288 'UTC - 8:00 hours' would be represented as '-480'.
289 Note that automatic daylight saving time adjustment
290 is not provided if this object is used.";
291 }
292 }
293 }
294 }
295
296 container ntp {
297 if-feature ntp;
298 presence
299 "Enables the NTP client unless the 'enabled' leaf
300 (which defaults to 'true') is set to 'false'";
301 description
302 "Configuration of the NTP client.";
303
304 leaf enabled {
305 type boolean;
306 default true;
307 description
308 "Indicates that the system should attempt to
309 synchronize the system clock with an NTP server
310 from the 'ntp/server' list.";
311 }
312 list server {
313 key name;
314 max-elements 3;
315 description
316 "List of NTP servers to use for system clock
317 synchronization. If '/system/ntp/enabled'
318 is 'true', then the system will attempt to
319 contact and utilize the specified NTP servers.
320 If DHCP retrieves NTP servers then these values
321 are used in addition to those";
322
323 leaf name {
324 type string;
325 description
326 "An arbitrary name for the NTP server.";
327 }
328 choice transport {
329 mandatory true;
330 description
331 "The transport-protocol-specific parameters for this
332 server.";
333
334 case udp {
335 container udp {
336 description
337 "Contains UDP-specific configuration parameters
338 for NTP.";
339 leaf address {
340 type inet:host;
341 mandatory true;
342 description
343 "The address of the NTP server.";
344 }
345// leaf port {
346// if-feature ntp-udp-port;
347// type inet:port-number;
348// default 123;
349// description
350// "The port number of the NTP server.";
351// }
352 }
353 }
354 }
355
356// leaf association-type { //These elements are omitted because MSEA1000 does not support these options
357// type enumeration {
358// enum server {
359// description
360// "Use client association mode. This device
361// will not provide synchronization to the
362// configured NTP server.";
363// }
364// enum peer {
365// description
366// "Use symmetric active association mode.
367// This device may provide synchronization
368// to the configured NTP server.";
369// }
370// enum pool {
371// description
372// "Use client association mode with one or
373// more of the NTP servers found by DNS
374// resolution of the domain name given by
375// the 'address' leaf. This device will not
376// provide synchronization to the servers.";
377// }
378// }
379// default server;
380// description
381// "The desired association type for this NTP server.";
382// }
383// leaf iburst {
384// type boolean;
385// default false;
386// description
387// "Indicates whether this server should enable burst
388// synchronization or not.";
389// }
390// leaf prefer {
391// type boolean;
392// default false;
393// description
394// "Indicates whether this server should be preferred
395// or not.";
396// }
397 }
398 }
399
400 container dns-resolver {
401 presence "If defined enables the DNS servers to be configured.";
402
403 description
404 "Configuration of the DNS resolver. If DHCP retrieves DNS
405 servers or search domains then these values are used in
406 addition to those";
407
408 leaf-list search {
409 type inet:domain-name;
410 max-elements 3;
411 ordered-by user;
412 description
413 "An ordered list of domains to search when resolving
414 a host name.";
415 }
416 list server {
417 key name;
418 max-elements 3;
419 ordered-by user;
420 description
421 "List of the DNS servers that the resolver should query.
422
423 When the resolver is invoked by a calling application, it
424 sends the query to the first name server in this list. If
425 no response has been received within 'timeout' seconds,
426 the resolver continues with the next server in the list.
427 If no response is received from any server, the resolver
428 continues with the first server again. When the resolver
429 has traversed the list 'attempts' times without receiving
430 any response, it gives up and returns an error to the
431 calling application.
432
433 Implementations MAY limit the number of entries in this
434 list.";
435
436 leaf name {
437 type string;
438 description
439 "An arbitrary name for the DNS server.";
440 }
441 choice transport {
442 mandatory true;
443 description
444 "The transport-protocol-specific parameters for this
445 server.";
446
447 case udp-and-tcp {
448 container udp-and-tcp {
449 description
450 "Contains UDP- and TCP-specific configuration
451 parameters for DNS.";
452 reference
453 "RFC 1035: Domain Names - Implementation and
454 Specification
455 RFC 5966: DNS Transport over TCP - Implementation
456 Requirements";
457
458 leaf address {
459 type inet:ip-address;
460 mandatory true;
461 description
462 "The address of the DNS server.";
463 }
464// leaf port {
465// if-feature dns-udp-tcp-port;
466// type inet:port-number;
467// default 53;
468// description
469// "The UDP and TCP port number of the DNS server.";
470// }
471 }
472 }
473 }
474 }
475// container options { //These elements are omitted because MSEA1000 does not support these options
476// description
477// "Resolver options. The set of available options has been
478// limited to those that are generally available across
479// different resolver implementations and generally useful.";
480// leaf timeout {
481// type uint8 {
482// range "1..max";
483// }
484// units "seconds";
485// default "5";
486// description
487// "The amount of time the resolver will wait for a
488// response from each remote name server before
489// retrying the query via a different name server.";
490// }
491// leaf attempts {
492// type uint8 {
493// range "1..max";
494// }
495// default "2";
496// description
497// "The number of times the resolver will send a query to
498// all of its name servers before giving up and returning
499// an error to the calling application.";
500// }
501// }
502 }
503
504 container radius {
505 if-feature radius;
506
507 description
508 "Configuration of the RADIUS client.";
509
510 list server {
511 key name;
512 ordered-by user;
513 description
514 "List of RADIUS servers used by the device.
515
516 When the RADIUS client is invoked by a calling
517 application, it sends the query to the first server in
518 this list. If no response has been received within
519 'timeout' seconds, the client continues with the next
520 server in the list. If no response is received from any
521 server, the client continues with the first server again.
522 When the client has traversed the list 'attempts' times
523 without receiving any response, it gives up and returns an
524 error to the calling application.";
525
526 leaf name {
527 type string;
528 description
529 "An arbitrary name for the RADIUS server.";
530 }
531 choice transport {
532 mandatory true;
533 description
534 "The transport-protocol-specific parameters for this
535 server.";
536
537 case udp {
538 container udp {
539 description
540 "Contains UDP-specific configuration parameters
541 for RADIUS.";
542 leaf address {
543 type inet:host;
544 mandatory true;
545 description
546 "The address of the RADIUS server.";
547 }
548
549 leaf authentication-port {
550 type inet:port-number;
551 default "1812";
552 description
553 "The port number of the RADIUS server.";
554 }
555 leaf shared-secret {
556 type string;
557 mandatory true;
558// nacm:default-deny-all;
559 description
560 "The shared secret, which is known to both the
561 RADIUS client and server.";
562 reference
563 "RFC 2865: Remote Authentication Dial In User
564 Service (RADIUS)";
565 }
566 }
567 }
568 }
569 leaf authentication-type {
570 type identityref {
571 base radius-authentication-type;
572 }
573 default radius-pap;
574 description
575 "The authentication type requested from the RADIUS
576 server.";
577 }
578 }
579 container options {
580 description
581 "RADIUS client options.";
582
583 leaf timeout {
584 type uint8 {
585 range "1..max";
586 }
587 units "seconds";
588 default "5";
589 description
590 "The number of seconds the device will wait for a
591 response from each RADIUS server before trying with a
592 different server.";
593 }
594
595 leaf attempts {
596 type uint8 {
597 range "1..max";
598 }
599 default "2";
600 description
601 "The number of times the device will send a query to
602 all of its RADIUS servers before giving up.";
603 }
604 }
605 }
606
607 container authentication {
608// nacm:default-deny-write;
609 if-feature authentication;
610
611 description
612 "The authentication configuration subtree.";
613
614 leaf-list user-authentication-order {
615 type identityref {
616 base authentication-method;
617 }
618 must '(. != "sys:radius" or ../../radius/server)' {
619 error-message
620 "When 'radius' is used, a RADIUS server"
621 + " must be configured.";
622 description
623 "When 'radius' is used as an authentication method,
624 a RADIUS server must be configured.";
625 }
626 ordered-by user;
627
628 description
629 "When the device authenticates a user with a password,
630 it tries the authentication methods in this leaf-list in
631 order. If authentication with one method fails, the next
632 method is used. If no method succeeds, the user is
633 denied access.
634
635 An empty user-authentication-order leaf-list still allows
636 authentication of users using mechanisms that do not
637 involve a password.
638
639 If the 'radius-authentication' feature is advertised by
640 the NETCONF server, the 'radius' identity can be added to
641 this list.
642
643 If the 'local-users' feature is advertised by the
644 NETCONF server, the 'local-users' identity can be
645 added to this list.";
646 }
647
648 list user {
649 if-feature local-users;
650 key name;
651 description
652 "The list of local users configured on this device.";
653
654 leaf name {
655 type string;
656 description
657 "The user name string identifying this entry.";
658
659 must ".='netconf' or .='admin' or .='readonly'" {
660 error-message "The set of users is not changeable on this device. Must have admin, netconf and readonly";
661 error-app-tag "msea-sys-must-01";
662 }
663 }
664 leaf password {
665 type ianach:crypt-hash;
666 description
667 "The password for this entry.";
668 }
669 list authorized-key {
670 key name;
671 description
672 "A list of public SSH keys for this user. These keys
673 are allowed for SSH authentication, as described in
674 RFC 4253.";
675 reference
676 "RFC 4253: The Secure Shell (SSH) Transport Layer
677 Protocol";
678
679 leaf name {
680 type string;
681 description
682 "An arbitrary name for the SSH key.";
683 }
684
685 leaf algorithm {
686 type string;
687 mandatory true;
688 description
689 "The public key algorithm name for this SSH key.
690
691 Valid values are the values in the IANA 'Secure Shell
692 (SSH) Protocol Parameters' registry, Public Key
693 Algorithm Names.";
694 reference
695 "IANA 'Secure Shell (SSH) Protocol Parameters'
696 registry, Public Key Algorithm Names";
697 }
698 leaf key-data {
699 type binary;
700 mandatory true;
701 description
702 "The binary public key data for this SSH key, as
703 specified by RFC 4253, Section 6.6, i.e.:
704
705 string certificate or public key format
706 identifier
707 byte[n] key/certificate data.";
708 reference
709 "RFC 4253: The Secure Shell (SSH) Transport Layer
710 Protocol";
711 }
712 }
713 }
714 }
715 }
716
717 /*
718 * Operational state data nodes
719 */
720
721 container system-state {
722 config false;
723 description
724 "System group operational state.";
725
726 container platform {
727 description
728 "Contains vendor-specific information for
729 identifying the system platform and operating system.";
730 reference
731 "IEEE Std 1003.1-2008 - sys/utsname.h";
732
733 leaf os-name {
734 type string;
735 description
736 "The name of the operating system in use -
737 for example, 'Linux'.";
738 reference
739 "IEEE Std 1003.1-2008 - utsname.sysname";
740 }
741 leaf os-release {
742 type string;
743 description
744 "The current release level of the operating
745 system in use. This string MAY indicate
746 the OS source code revision.";
747 reference
748 "IEEE Std 1003.1-2008 - utsname.release";
749 }
750 leaf os-version {
751 type string;
752 description
753 "The current version level of the operating
754 system in use. This string MAY indicate
755 the specific OS build date and target variant
756 information.";
757 reference
758 "IEEE Std 1003.1-2008 - utsname.version";
759 }
760 leaf machine {
761 type string;
762 description
763 "A vendor-specific identifier string representing
764 the hardware in use.";
765 reference
766 "IEEE Std 1003.1-2008 - utsname.machine";
767 }
768 }
769
770 container clock {
771 description
772 "Monitoring of the system date and time properties.";
773
774 leaf current-datetime {
775 type yang:date-and-time;
776 description
777 "The current system date and time.";
778 }
779
780 leaf boot-datetime {
781 type yang:date-and-time;
782 description
783 "The system date and time when the system last restarted.";
784 }
785 }
786 }
787
788 rpc set-current-datetime {
789// nacm:default-deny-all;
790 description
791 "Set the /system-state/clock/current-datetime leaf
792 to the specified value.
793
794 If the system is using NTP (i.e., /system/ntp/enabled
795 is set to 'true'), then this operation will fail with
796 error-tag 'operation-failed' and error-app-tag value of
797 'ntp-active'.";
798 input {
799 leaf current-datetime {
800 type yang:date-and-time;
801 mandatory true;
802 description
803 "The current system date and time.";
804 }
805 }
806 }
807
808 rpc system-restart {
809// nacm:default-deny-all;
810 description
811 "Request that the entire system be restarted immediately.
812 A server SHOULD send an rpc reply to the client before
813 restarting the system.";
814 input {
815 leaf reset-option {
816 type msea:reset-config-options;
817 description "Optionally specify a parameter that can be
818 used to reset the configuration on the device or
819 reset it to factory defaults";
820 }
821 }
822 }
823
824 rpc system-shutdown {
825// nacm:default-deny-all;
826 description
827 "Request that the entire system be shut down immediately.
828 A server SHOULD send an rpc reply to the client before
829 shutting down the system.";
830 }
831
832}