Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 9a618ed4b86b17a20c835f0045a55287d79c22ce / . / models / common / src / main / yang / ietf-system@2014-08-06.yang
blob: 1618242bcc10d8501eb4fd0347ff3c9aa1c08bbc [file] [log] [blame]
Gaurav Agrawal28920d82017-10-06 17:39:42 +0530[diff] [blame]1module ietf-system {
2 namespace "urn:ietf:params:xml:ns:yang:ietf-system";
3 prefix "sys";
4
5 import ietf-yang-types {
6 prefix yang;
7 }
8
9 import ietf-inet-types {
10 prefix inet;
11 }
12
13 import ietf-netconf-acm {
14 prefix nacm;
15 }
16
17 import iana-crypt-hash {
18 prefix ianach;
19 }
20
21 organization
22 "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
23
24 contact
25 "WG Web: <http://tools.ietf.org/wg/netmod/>
26 WG List: <mailto:netmod@ietf.org>
27
28 WG Chair: Thomas Nadeau
29 <mailto:tnadeau@lucidvision.com>
30
31 WG Chair: Juergen Schoenwaelder
32 <mailto:j.schoenwaelder@jacobs-university.de>
33
34 Editor: Andy Bierman
35 <mailto:andy@yumaworks.com>
36
37 Editor: Martin Bjorklund
38 <mailto:mbj@tail-f.com>";
39
40 description
41 "This module contains a collection of YANG definitions for the
42 configuration and identification of some common system
43 properties within a device containing a NETCONF server. This
44 includes data node definitions for system identification,
45 time-of-day management, user management, DNS resolver
46 configuration, and some protocol operations for system
47 management.
48
49 Copyright (c) 2014 IETF Trust and the persons identified as
50 authors of the code. All rights reserved.
51
52 Redistribution and use in source and binary forms, with or
53 without modification, is permitted pursuant to, and subject
54 to the license terms contained in, the Simplified BSD License
55 set forth in Section 4.c of the IETF Trust's Legal Provisions
56 Relating to IETF Documents
57 (http://trustee.ietf.org/license-info).
58
59 This version of this YANG module is part of RFC 7317; see
60 the RFC itself for full legal notices.";
61
62 revision 2014-08-06 {
63 description
64 "Initial revision.";
65 reference
66 "RFC 7317: A YANG Data Model for System Management";
67 }
68
69 /*
70 * Typedefs
71 */
72
73 typedef timezone-name {
74 type string;
75 description
76 "A time zone name as used by the Time Zone Database,
77 sometimes referred to as the 'Olson Database'.
78
79 The exact set of valid values is an implementation-specific
80 matter. Client discovery of the exact set of time zone names
81 for a particular server is out of scope.";
82 reference
83 "RFC 6557: Procedures for Maintaining the Time Zone Database";
84 }
85
86 /*
87 * Features
88 */
89
90 feature radius {
91 description
92 "Indicates that the device can be configured as a RADIUS
93 client.";
94 reference
95 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
96 }
97
98 feature authentication {
99 description
100 "Indicates that the device supports configuration of
101 user authentication.";
102 }
103
104 feature local-users {
105 if-feature authentication;
106 description
107 "Indicates that the device supports configuration of
108 local user authentication.";
109 }
110
111 feature radius-authentication {
112 if-feature radius;
113 if-feature authentication;
114 description
115 "Indicates that the device supports configuration of user
116 authentication over RADIUS.";
117 reference
118 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
119 RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
120 Authorization for Network Access Server (NAS)
121 Management";
122 }
123
124 feature ntp {
125 description
126 "Indicates that the device can be configured to use one or
127 more NTP servers to set the system date and time.";
128 }
129
130 feature ntp-udp-port {
131 if-feature ntp;
132 description
133 "Indicates that the device supports the configuration of
134 the UDP port for NTP servers.
135
136 This is a 'feature', since many implementations do not support
137 any port other than the default port.";
138 }
139
140 feature timezone-name {
141 description
142 "Indicates that the local time zone on the device
143 can be configured to use the TZ database
144 to set the time zone and manage daylight saving time.";
145 reference
146 "RFC 6557: Procedures for Maintaining the Time Zone Database";
147 }
148
149 feature dns-udp-tcp-port {
150 description
151 "Indicates that the device supports the configuration of
152 the UDP and TCP port for DNS servers.
153
154 This is a 'feature', since many implementations do not support
155 any port other than the default port.";
156 }
157
158 /*
159 * Identities
160 */
161
162 identity authentication-method {
163 description
164 "Base identity for user authentication methods.";
165 }
166
167 identity radius {
168 base authentication-method;
169 description
170 "Indicates user authentication using RADIUS.";
171 reference
172 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
173 RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
174 Authorization for Network Access Server (NAS)
175 Management";
176 }
177
178 identity local-users {
179 base authentication-method;
180 description
181 "Indicates password-based authentication of locally
182 configured users.";
183 }
184
185 identity radius-authentication-type {
186 description
187 "Base identity for RADIUS authentication types.";
188 }
189
190 identity radius-pap {
191 base radius-authentication-type;
192 description
193 "The device requests Password Authentication Protocol (PAP)
194 authentication from the RADIUS server.";
195 reference
196 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
197 }
198
199 identity radius-chap {
200 base radius-authentication-type;
201 description
202 "The device requests Challenge Handshake Authentication
203 Protocol (CHAP) authentication from the RADIUS server.";
204 reference
205 "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
206 }
207
208 /*
209 * Configuration data nodes
210 */
211
212 container system {
213 description
214 "System group configuration.";
215
216 leaf contact {
217 type string;
218 description
219 "The administrator contact information for the system.
220
221 A server implementation MAY map this leaf to the sysContact
222 MIB object. Such an implementation needs to use some
223 mechanism to handle the differences in size and characters
224 allowed between this leaf and sysContact. The definition of
225 such a mechanism is outside the scope of this document.";
226 reference
227 "RFC 3418: Management Information Base (MIB) for the
228 Simple Network Management Protocol (SNMP)
229 SNMPv2-MIB.sysContact";
230 }
231 leaf hostname {
232 type inet:domain-name;
233 description
234 "The name of the host. This name can be a single domain
235 label or the fully qualified domain name of the host.";
236 }
237 leaf location {
238 type string;
239 description
240 "The system location.
241
242 A server implementation MAY map this leaf to the sysLocation
243 MIB object. Such an implementation needs to use some
244 mechanism to handle the differences in size and characters
245 allowed between this leaf and sysLocation. The definition
246 of such a mechanism is outside the scope of this document.";
247 reference
248 "RFC 3418: Management Information Base (MIB) for the
249 Simple Network Management Protocol (SNMP)
250 SNMPv2-MIB.sysLocation";
251 }
252
253 container clock {
254 description
255 "Configuration of the system date and time properties.";
256
257 choice timezone {
258 description
259 "The system time zone information.";
260
261 case timezone-name {
262 if-feature timezone-name;
263 leaf timezone-name {
264 type timezone-name;
265 description
266 "The TZ database name to use for the system, such
267 as 'Europe/Stockholm'.";
268 }
269 }
270 case timezone-utc-offset {
271 leaf timezone-utc-offset {
272 type int16 {
273 range "-1500 .. 1500";
274 }
275 units "minutes";
276 description
277 "The number of minutes to add to UTC time to
278 identify the time zone for this system. For example,
279 'UTC - 8:00 hours' would be represented as '-480'.
280 Note that automatic daylight saving time adjustment
281 is not provided if this object is used.";
282 }
283 }
284 }
285 }
286
287 container ntp {
288 if-feature ntp;
289 presence
290 "Enables the NTP client unless the 'enabled' leaf
291 (which defaults to 'true') is set to 'false'";
292 description
293 "Configuration of the NTP client.";
294
295 leaf enabled {
296 type boolean;
297 default true;
298 description
299 "Indicates that the system should attempt to
300 synchronize the system clock with an NTP server
301 from the 'ntp/server' list.";
302 }
303 list server {
304 key name;
305 description
306 "List of NTP servers to use for system clock
307 synchronization. If '/system/ntp/enabled'
308 is 'true', then the system will attempt to
309 contact and utilize the specified NTP servers.";
310
311 leaf name {
312 type string;
313 description
314 "An arbitrary name for the NTP server.";
315 }
316 choice transport {
317 mandatory true;
318 description
319 "The transport-protocol-specific parameters for this
320 server.";
321
322 case udp {
323 container udp {
324 description
325 "Contains UDP-specific configuration parameters
326 for NTP.";
327 leaf address {
328 type inet:host;
329 mandatory true;
330 description
331 "The address of the NTP server.";
332 }
333 leaf port {
334 if-feature ntp-udp-port;
335 type inet:port-number;
336 default 123;
337 description
338 "The port number of the NTP server.";
339 }
340 }
341 }
342 }
343 leaf association-type {
344 type enumeration {
345 enum server {
346 description
347 "Use client association mode. This device
348 will not provide synchronization to the
349 configured NTP server.";
350 }
351 enum peer {
352 description
353 "Use symmetric active association mode.
354 This device may provide synchronization
355 to the configured NTP server.";
356 }
357 enum pool {
358 description
359 "Use client association mode with one or
360 more of the NTP servers found by DNS
361 resolution of the domain name given by
362 the 'address' leaf. This device will not
363 provide synchronization to the servers.";
364 }
365 }
366 default server;
367 description
368 "The desired association type for this NTP server.";
369 }
370 leaf iburst {
371 type boolean;
372 default false;
373 description
374 "Indicates whether this server should enable burst
375 synchronization or not.";
376 }
377 leaf prefer {
378 type boolean;
379 default false;
380 description
381 "Indicates whether this server should be preferred
382 or not.";
383 }
384 }
385 }
386
387 container dns-resolver {
388 description
389 "Configuration of the DNS resolver.";
390
391 leaf-list search {
392 type inet:domain-name;
393 ordered-by user;
394 description
395 "An ordered list of domains to search when resolving
396 a host name.";
397 }
398 list server {
399 key name;
400 ordered-by user;
401 description
402 "List of the DNS servers that the resolver should query.
403
404 When the resolver is invoked by a calling application, it
405 sends the query to the first name server in this list. If
406 no response has been received within 'timeout' seconds,
407 the resolver continues with the next server in the list.
408 If no response is received from any server, the resolver
409 continues with the first server again. When the resolver
410 has traversed the list 'attempts' times without receiving
411 any response, it gives up and returns an error to the
412 calling application.
413
414 Implementations MAY limit the number of entries in this
415 list.";
416
417 leaf name {
418 type string;
419 description
420 "An arbitrary name for the DNS server.";
421 }
422 choice transport {
423 mandatory true;
424 description
425 "The transport-protocol-specific parameters for this
426 server.";
427
428 case udp-and-tcp {
429 container udp-and-tcp {
430 description
431 "Contains UDP- and TCP-specific configuration
432 parameters for DNS.";
433 reference
434 "RFC 1035: Domain Names - Implementation and
435 Specification
436 RFC 5966: DNS Transport over TCP - Implementation
437 Requirements";
438
439 leaf address {
440 type inet:ip-address;
441 mandatory true;
442 description
443 "The address of the DNS server.";
444 }
445 leaf port {
446 if-feature dns-udp-tcp-port;
447 type inet:port-number;
448 default 53;
449 description
450 "The UDP and TCP port number of the DNS server.";
451 }
452 }
453 }
454 }
455 }
456 container options {
457 description
458 "Resolver options. The set of available options has been
459 limited to those that are generally available across
460 different resolver implementations and generally useful.";
461 leaf timeout {
462 type uint8 {
463 range "1..max";
464 }
465 units "seconds";
466 default "5";
467 description
468 "The amount of time the resolver will wait for a
469 response from each remote name server before
470 retrying the query via a different name server.";
471 }
472 leaf attempts {
473 type uint8 {
474 range "1..max";
475 }
476 default "2";
477 description
478 "The number of times the resolver will send a query to
479 all of its name servers before giving up and returning
480 an error to the calling application.";
481 }
482 }
483 }
484
485 container radius {
486 if-feature radius;
487
488 description
489 "Configuration of the RADIUS client.";
490
491 list server {
492 key name;
493 ordered-by user;
494 description
495 "List of RADIUS servers used by the device.
496
497 When the RADIUS client is invoked by a calling
498 application, it sends the query to the first server in
499 this list. If no response has been received within
500 'timeout' seconds, the client continues with the next
501 server in the list. If no response is received from any
502 server, the client continues with the first server again.
503 When the client has traversed the list 'attempts' times
504 without receiving any response, it gives up and returns an
505 error to the calling application.";
506
507 leaf name {
508 type string;
509 description
510 "An arbitrary name for the RADIUS server.";
511 }
512 choice transport {
513 mandatory true;
514 description
515 "The transport-protocol-specific parameters for this
516 server.";
517
518 case udp {
519 container udp {
520 description
521 "Contains UDP-specific configuration parameters
522 for RADIUS.";
523 leaf address {
524 type inet:host;
525 mandatory true;
526 description
527 "The address of the RADIUS server.";
528 }
529
530 leaf authentication-port {
531 type inet:port-number;
532 default "1812";
533 description
534 "The port number of the RADIUS server.";
535 }
536 leaf shared-secret {
537 type string;
538 mandatory true;
539 nacm:default-deny-all;
540 description
541 "The shared secret, which is known to both the
542 RADIUS client and server.";
543 reference
544 "RFC 2865: Remote Authentication Dial In User
545 Service (RADIUS)";
546 }
547 }
548 }
549 }
550 leaf authentication-type {
551 type identityref {
552 base radius-authentication-type;
553 }
554 default radius-pap;
555 description
556 "The authentication type requested from the RADIUS
557 server.";
558 }
559 }
560 container options {
561 description
562 "RADIUS client options.";
563
564 leaf timeout {
565 type uint8 {
566 range "1..max";
567 }
568 units "seconds";
569 default "5";
570 description
571 "The number of seconds the device will wait for a
572 response from each RADIUS server before trying with a
573 different server.";
574 }
575
576 leaf attempts {
577 type uint8 {
578 range "1..max";
579 }
580 default "2";
581 description
582 "The number of times the device will send a query to
583 all of its RADIUS servers before giving up.";
584 }
585 }
586 }
587
588 container authentication {
589 nacm:default-deny-write;
590 if-feature authentication;
591
592 description
593 "The authentication configuration subtree.";
594
595 leaf-list user-authentication-order {
596 type identityref {
597 base authentication-method;
598 }
599 must '(. != "sys:radius" or ../../radius/server)' {
600 error-message
601 "When 'radius' is used, a RADIUS server"
602 + " must be configured.";
603 description
604 "When 'radius' is used as an authentication method,
605 a RADIUS server must be configured.";
606 }
607 ordered-by user;
608
609 description
610 "When the device authenticates a user with a password,
611 it tries the authentication methods in this leaf-list in
612 order. If authentication with one method fails, the next
613 method is used. If no method succeeds, the user is
614 denied access.
615
616 An empty user-authentication-order leaf-list still allows
617 authentication of users using mechanisms that do not
618 involve a password.
619
620 If the 'radius-authentication' feature is advertised by
621 the NETCONF server, the 'radius' identity can be added to
622 this list.
623
624 If the 'local-users' feature is advertised by the
625 NETCONF server, the 'local-users' identity can be
626 added to this list.";
627 }
628
629 list user {
630 if-feature local-users;
631 key name;
632 description
633 "The list of local users configured on this device.";
634
635 leaf name {
636 type string;
637 description
638 "The user name string identifying this entry.";
639 }
640 leaf password {
641 type ianach:crypt-hash;
642 description
643 "The password for this entry.";
644 }
645 list authorized-key {
646 key name;
647 description
648 "A list of public SSH keys for this user. These keys
649 are allowed for SSH authentication, as described in
650 RFC 4253.";
651 reference
652 "RFC 4253: The Secure Shell (SSH) Transport Layer
653 Protocol";
654
655 leaf name {
656 type string;
657 description
658 "An arbitrary name for the SSH key.";
659 }
660
661 leaf algorithm {
662 type string;
663 mandatory true;
664 description
665 "The public key algorithm name for this SSH key.
666
667 Valid values are the values in the IANA 'Secure Shell
668 (SSH) Protocol Parameters' registry, Public Key
669 Algorithm Names.";
670 reference
671 "IANA 'Secure Shell (SSH) Protocol Parameters'
672 registry, Public Key Algorithm Names";
673 }
674 leaf key-data {
675 type binary;
676 mandatory true;
677 description
678 "The binary public key data for this SSH key, as
679 specified by RFC 4253, Section 6.6, i.e.:
680
681 string certificate or public key format
682 identifier
683 byte[n] key/certificate data.";
684 reference
685 "RFC 4253: The Secure Shell (SSH) Transport Layer
686 Protocol";
687 }
688 }
689 }
690 }
691 }
692
693 /*
694 * Operational state data nodes
695 */
696
697 container system-state {
698 config false;
699 description
700 "System group operational state.";
701
702 container platform {
703 description
704 "Contains vendor-specific information for
705 identifying the system platform and operating system.";
706 reference
707 "IEEE Std 1003.1-2008 - sys/utsname.h";
708
709 leaf os-name {
710 type string;
711 description
712 "The name of the operating system in use -
713 for example, 'Linux'.";
714 reference
715 "IEEE Std 1003.1-2008 - utsname.sysname";
716 }
717 leaf os-release {
718 type string;
719 description
720 "The current release level of the operating
721 system in use. This string MAY indicate
722 the OS source code revision.";
723 reference
724 "IEEE Std 1003.1-2008 - utsname.release";
725 }
726 leaf os-version {
727 type string;
728 description
729 "The current version level of the operating
730 system in use. This string MAY indicate
731 the specific OS build date and target variant
732 information.";
733 reference
734 "IEEE Std 1003.1-2008 - utsname.version";
735 }
736 leaf machine {
737 type string;
738 description
739 "A vendor-specific identifier string representing
740 the hardware in use.";
741 reference
742 "IEEE Std 1003.1-2008 - utsname.machine";
743 }
744 }
745
746 container clock {
747 description
748 "Monitoring of the system date and time properties.";
749
750 leaf current-datetime {
751 type yang:date-and-time;
752 description
753 "The current system date and time.";
754 }
755
756 leaf boot-datetime {
757 type yang:date-and-time;
758 description
759 "The system date and time when the system last restarted.";
760 }
761 }
762 }
763
764 rpc set-current-datetime {
765 nacm:default-deny-all;
766 description
767 "Set the /system-state/clock/current-datetime leaf
768 to the specified value.
769
770 If the system is using NTP (i.e., /system/ntp/enabled
771 is set to 'true'), then this operation will fail with
772 error-tag 'operation-failed' and error-app-tag value of
773 'ntp-active'.";
774 input {
775 leaf current-datetime {
776 type yang:date-and-time;
777 mandatory true;
778 description
779 "The current system date and time.";
780 }
781 }
782 }
783
784 rpc system-restart {
785 nacm:default-deny-all;
786 description
787 "Request that the entire system be restarted immediately.
788 A server SHOULD send an rpc reply to the client before
789 restarting the system.";
790 }
791
792 rpc system-shutdown {
793 nacm:default-deny-all;
794 description
795 "Request that the entire system be shut down immediately.
796 A server SHOULD send an rpc reply to the client before
797 shutting down the system.";
798 }
799
800}