blob: d784b11e3952ef14da2a74a17b7fda183a940f66 [file] [log] [blame]
Thomas Vachuska6655bee2017-08-24 16:12:59 -07001module openconfig-system {
2
3 yang-version "1";
4
5 // namespace
6 namespace "http://openconfig.net/yang/system";
7
8 prefix "oc-sys";
9
10 // import some basic types
11 import openconfig-inet-types { prefix oc-inet; }
12 import ietf-yang-types { prefix yang; }
13 import openconfig-types { prefix oc-types; }
14 import openconfig-extensions { prefix oc-ext; }
15 import openconfig-aaa { prefix oc-aaa; }
16 import openconfig-system-logging { prefix oc-log; }
17 import openconfig-system-terminal { prefix oc-sys-term; }
18 import openconfig-procmon { prefix oc-proc; }
19
20
21
22 // meta
23 organization "OpenConfig working group";
24
25 contact
26 "OpenConfig working group
27 netopenconfig@googlegroups.com";
28
29 description
30 "Model for managing system-wide services and functions on
31 network devices.
32
33 Portions of this code were derived from IETF RFC 7317.
34 Please reproduce this note if possible.
35
36 IETF code is subject to the following copyright and license:
37 Copyright (c) IETF Trust and the persons identified as authors of
38 the code.
39 All rights reserved.
40
41 Redistribution and use in source and binary forms, with or without
42 modification, is permitted pursuant to, and subject to the license
43 terms contained in, the Simplified BSD License set forth in
44 Section 4.c of the IETF Trust's Legal Provisions Relating
45 to IETF Documents (http://trustee.ietf.org/license-info).";
46
47 oc-ext:openconfig-version "0.2.0";
48
49 revision "2017-07-06" {
50 description
51 "Move to oc-inet types, add IETF attribution, add RADIUS
52 counters, changed password leaf names to indicate hashed";
53 reference "0.2.0";
54 }
55
56 revision "2017-01-29" {
57 description
58 "Initial public release";
59 reference "0.1.0";
60 }
61
62 // extension statements
63
64 // feature statements
65
66 // identity statements
67
68 identity NTP_AUTH_TYPE {
69 description
70 "Base identity for encryption schemes supported for NTP
71 authentication keys";
72 }
73
74 identity NTP_AUTH_MD5 {
75 base NTP_AUTH_TYPE;
76 description
77 "MD5 encryption method";
78 }
79
80 // typedef statements
81
82 typedef timezone-name-type {
83 type string;
84 description
85 "A time zone name as used by the Time Zone Database,
86 sometimes referred to as the 'Olson Database'.
87
88 The exact set of valid values is an implementation-specific
89 matter. Client discovery of the exact set of time zone names
90 for a particular server is out of scope.";
91 reference
92 "BCP 175: Procedures for Maintaining the Time Zone Database";
93 }
94
95 // grouping statements
96
97 grouping system-clock-config {
98 description
99 "Configuration data for system-wide clock configuration";
100
101 leaf timezone-name {
102 type timezone-name-type;
103 description
104 "The TZ database name to use for the system, such
105 as 'Europe/Stockholm'.";
106 reference "IANA Time Zone Database
107 http://www.iana.org/time-zones";
108 }
109 }
110
111 grouping system-clock-state {
112 description
113 "Operational state data for system-wide clock configuration";
114 }
115
116 grouping system-clock-top {
117 description
118 "Top-level grouping for system-wide clock configuration";
119
120 container clock {
121 description
122 "Top-level container for clock configuration data";
123
124 container config {
125 description
126 "Configuration data for system clock";
127
128 uses system-clock-config;
129 }
130
131 container state {
132
133 config false;
134
135 description
136 "Operational state data for system clock";
137
138 uses system-clock-config;
139 uses system-clock-state;
140 }
141 }
142 }
143
144 grouping system-global-config {
145 description "system-wide configuration parameters";
146
147 leaf hostname {
148 type oc-inet:domain-name;
149 description
150 "The hostname of the device -- should be a single domain
151 label, without the domain.";
152 }
153
154 leaf domain-name {
155 type oc-inet:domain-name;
156 description
157 "Specifies the domain name used to form fully qualified name
158 for unqualified hostnames.";
159 }
160
161 leaf login-banner {
162 type string;
163 description
164 "The console login message displayed before the login prompt,
165 i.e., before a user logs into the system.";
166 }
167
168 leaf motd-banner {
169 type string;
170 description
171 "The console message displayed after a user logs into the
172 system. They system may append additional standard
173 information such as the current system date and time, uptime,
174 last login timestamp, etc.";
175 }
176 }
177
178 grouping system-global-state {
179 description
180 "Global operational state data for the system";
181
182 leaf current-datetime {
183 type yang:date-and-time;
184 description
185 "The current system date and time.";
186 }
187
188 leaf boot-time {
189 type oc-types:timeticks64;
190 description
191 "This timestamp indicates the time that the system was last
192 restarted. The value is the timestamp in seconds relative
193 to the Unix Epoch (Jan 1, 1970 00:00:00 UTC).";
194 }
195
196 }
197
198 grouping system-dns-config {
199 description "DNS / resolver related configuration data";
200
201 leaf-list search {
202 type oc-inet:domain-name;
203 ordered-by user;
204 description
205 "An ordered list of domains to search when resolving
206 a host name.";
207 }
208 }
209
210 grouping system-dns-state {
211 description
212 "Operational state data for system DNS resolver";
213
214 }
215
216 grouping system-dns-servers-config {
217 description
218 "Configuration data for DNS resolvers";
219
220 //RFC 7317 includes a single-value choice statement to for
221 //TCP and UDP transport. This has been removed since it the
222 //transport protocol is not generally available as an options
223 //on target devices. It may be added back if and when needed.
224
225 leaf address {
226 type oc-inet:ip-address;
227 description
228 "The address of the DNS server, can be either IPv4
229 or IPv6.";
230 }
231
232 leaf port {
233 type oc-inet:port-number;
234 default 53;
235 description
236 "The port number of the DNS server.";
237 }
238
239 //RFC 7317 includes resolver timeout and attempts options. These
240 //have been omitted as they are not available on many targets. If
241 //and when they are required, they may be added back in.
242 }
243
244 grouping system-dns-static-config {
245 description
246 "Configuration data for static host entries";
247
248 leaf hostname {
249 type string;
250 description
251 "Hostname for the static DNS entry";
252 }
253
254 leaf-list alias {
255 type string;
256 description
257 "Additional aliases for the hostname";
258 }
259
260 leaf-list ipv4-address {
261 type oc-inet:ipv4-address;
262 description
263 "List of IPv4 addressses for the host entry";
264 }
265
266 leaf-list ipv6-address {
267 type oc-inet:ipv6-address;
268 description
269 "List of IPv6 addresses for the host entry";
270 }
271 }
272
273 grouping system-dns-static-state {
274 description
275 "Operational state data for static host entries";
276 }
277
278 grouping system-dns-static-top {
279 description
280 "Top-level grouping for static DNS host entries";
281
282 container host-entries {
283 description
284 "Enclosing container for list of static host entries";
285
286 list host-entry {
287 key "hostname";
288 description
289 "List of static host entries";
290
291 leaf hostname {
292 type leafref {
293 path "../config/hostname";
294 }
295 description
296 "Reference to the hostname list key";
297 }
298
299 container config {
300 description
301 "Configuration data for static host entries";
302
303 uses system-dns-static-config;
304 }
305
306 container state {
307
308 config false;
309
310 description
311 "Operational state data for static host entries";
312
313 uses system-dns-static-config;
314 uses system-dns-static-state;
315 }
316 }
317 }
318 }
319
320 grouping system-dns-servers-state {
321 description
322 "Operational state data for DNS resolvers";
323
324 }
325
326 grouping system-dns-servers-top {
327 description
328 "Top-level grouping for the list of DNS resolvers.";
329
330 container servers {
331 description
332 "Enclosing container for DNS resolver list";
333
334 list server {
335 key "address";
336 ordered-by user;
337 description
338 "List of the DNS servers that the resolver should query.
339
340 When the resolver is invoked by a calling application, it
341 sends the query to the first name server in this list. If
342 no response has been received within 'timeout' seconds,
343 the resolver continues with the next server in the list.
344 If no response is received from any server, the resolver
345 continues with the first server again. When the resolver
346 has traversed the list 'attempts' times without receiving
347 any response, it gives up and returns an error to the
348 calling application.
349
350 Implementations MAY limit the number of entries in this
351 list.";
352
353 leaf address {
354 type leafref {
355 path "../config/address";
356 }
357 description
358 "References the configured address of the DNS server";
359 }
360
361 container config {
362 description
363 "Configuration data for each DNS resolver";
364
365 uses system-dns-servers-config;
366 }
367
368 container state {
369
370 config false;
371
372 description
373 "Operational state data for each DNS resolver";
374
375 uses system-dns-servers-config;
376 uses system-dns-servers-state;
377 }
378
379 }
380 }
381 }
382
383 grouping system-dns-top {
384 description
385 "Top-level grouping for DNS / resolver config and operational
386 state data";
387
388 container dns {
389 description
390 "Enclosing container for DNS resolver data";
391
392 container config {
393 description
394 "Configuration data for the DNS resolver";
395
396 uses system-dns-config;
397
398 }
399
400 container state {
401
402 config false;
403
404 description
405 "Operational state data for the DNS resolver";
406
407 uses system-dns-config;
408 uses system-dns-state;
409
410 }
411
412 uses system-dns-servers-top;
413 uses system-dns-static-top;
414 }
415 }
416
417 grouping system-ntp-server-config {
418 description
419 "Configuration data for NTP servers";
420
421 leaf address {
422 type oc-inet:host;
423 description
424 "The address or hostname of the NTP server.";
425 }
426
427 leaf port {
428 type oc-inet:port-number;
429 default 123;
430 description
431 "The port number of the NTP server.";
432 }
433
434 leaf version {
435 type uint8 {
436 range 1..4;
437 }
438 default 4;
439 description
440 "Version number to put in outgoing NTP packets";
441 }
442
443 leaf association-type {
444 type enumeration {
445 enum SERVER {
446 description
447 "Use client association mode. This device
448 will not provide synchronization to the
449 configured NTP server.";
450 }
451 enum PEER {
452 description
453 "Use symmetric active association mode.
454 This device may provide synchronization
455 to the configured NTP server.";
456 }
457 enum POOL {
458 description
459 "Use client association mode with one or
460 more of the NTP servers found by DNS
461 resolution of the domain name given by
462 the 'address' leaf. This device will not
463 provide synchronization to the servers.";
464 }
465 }
466 default SERVER;
467 description
468 "The desired association type for this NTP server.";
469 }
470 leaf iburst {
471 type boolean;
472 default false;
473 description
474 "Indicates whether this server should enable burst
475 synchronization or not.";
476 }
477 leaf prefer {
478 type boolean;
479 default false;
480 description
481 "Indicates whether this server should be preferred
482 or not.";
483 }
484 }
485
486 grouping system-ntp-server-state {
487 description
488 "Operational state data for NTP servers";
489
490 leaf stratum {
491 type uint8;
492 description
493 "Indicates the level of the server in the NTP hierarchy. As
494 stratum number increases, the accuracy is degraded. Primary
495 servers are stratum while a maximum value of 16 indicates
496 unsynchronized. The values have the following specific
497 semantics:
498
499 | 0 | unspecified or invalid
500 | 1 | primary server (e.g., equipped with a GPS receiver)
501 | 2-15 | secondary server (via NTP)
502 | 16 | unsynchronized
503 | 17-255 | reserved";
504 reference
505 "RFC 5905 - Network Time Protocol Version 4: Protocol and
506 Algorithms Specification";
507 }
508
509 leaf root-delay {
510 type uint32;
511 // TODO: reconsider units for these values -- the spec defines
512 // rootdelay and rootdisperson as 2 16-bit integers for seconds
513 // and fractional seconds, respectively. This gives a
514 // precision of ~15 us (2^-16). Using milliseconds here based
515 // on what implementations typically provide and likely lack
516 // of utility for less than millisecond precision with NTP
517 // time sync.
518 units "milliseconds";
519 description
520 "The round-trip delay to the server, in milliseconds.";
521 reference
522 "RFC 5905 - Network Time Protocol Version 4: Protocol and
523 Algorithms Specification";
524 }
525
526 leaf root-dispersion {
527 type uint64;
528 units "milliseconds";
529 description
530 "Dispersion (epsilon) represents the maximum error inherent
531 in the measurement";
532 reference
533 "RFC 5905 - Network Time Protocol Version 4: Protocol and
534 Algorithms Specification";
535 }
536
537 leaf offset {
538 type uint64;
539 units "milliseconds";
540 description
541 "Estimate of the current time offset from the peer. This is
542 the time difference between the local and reference clock.";
543 }
544
545 leaf poll-interval {
546 type uint32;
547 units "seconds";
548 description
549 "Polling interval of the peer";
550 }
551 }
552
553 grouping system-ntp-server-top {
554 description
555 "Top-level grouping for the list of NTP servers";
556
557 container servers {
558 description
559 "Enclosing container for the list of NTP servers";
560
561 list server {
562 key "address";
563 description
564 "List of NTP servers to use for system clock
565 synchronization. If '/system/ntp/enabled'
566 is 'true', then the system will attempt to
567 contact and utilize the specified NTP servers.";
568
569 leaf address {
570 type leafref {
571 path "../config/address";
572 }
573 description
574 "References the configured address or hostname of the
575 NTP server.";
576 }
577
578 container config {
579 description
580 "Configuration data for an NTP server.";
581
582 uses system-ntp-server-config;
583 }
584
585 container state {
586
587 config false;
588
589 description
590 "Operational state data for an NTP server.";
591
592 uses system-ntp-server-config;
593 uses system-ntp-server-state;
594 }
595
596 }
597 }
598 }
599
600 grouping system-ntp-auth-keys-config {
601 description
602 "Configuration data ";
603
604 leaf key-id {
605 type uint16;
606 description
607 "Integer identifier used by the client and server to
608 designate a secret key. The client and server must use
609 the same key id.";
610 }
611
612 leaf key-type {
613 type identityref {
614 base NTP_AUTH_TYPE;
615 }
616 description
617 "Encryption type used for the NTP authentication key";
618 }
619
620 leaf key-value {
621 type string;
622 description
623 "NTP authentication key value";
624 }
625 }
626
627 grouping system-ntp-auth-keys-state {
628 description
629 "Operational state data for NTP auth key data";
630 }
631
632 grouping system-ntp-auth-keys-top {
633 description
634 "Top-level grouping for NTP auth key data";
635
636 container ntp-keys {
637 description
638 "Enclosing container for list of NTP authentication keys";
639
640 list ntp-key {
641 key "key-id";
642 description
643 "List of NTP authentication keys";
644
645 leaf key-id {
646 type leafref {
647 path "../config/key-id";
648 }
649 description
650 "Reference to auth key-id list key";
651 }
652
653 container config {
654 description
655 "Configuration data for NTP auth keys";
656
657 uses system-ntp-auth-keys-config;
658 }
659
660 container state {
661
662 config false;
663
664 description
665 "Operational state data for NTP auth keys";
666
667 uses system-ntp-auth-keys-config;
668 uses system-ntp-auth-keys-state;
669 }
670 }
671 }
672 }
673
674 grouping system-ntp-config {
675 description
676 "Configuration data for system-wide NTP operation.";
677
678 leaf enabled {
679 type boolean;
680 default false;
681 description
682 "Enables the NTP protocol and indicates that the system should
683 attempt to synchronize the system clock with an NTP server
684 from the servers defined in the 'ntp/server' list.";
685 }
686
687 leaf ntp-source-address {
688 type oc-inet:ip-address;
689 description
690 "Source address to use on outgoing NTP packets";
691 }
692
693 leaf enable-ntp-auth {
694 type boolean;
695 default false;
696 description
697 "Enable or disable NTP authentication -- when enabled, the
698 system will only use packets containing a trusted
699 authentication key to synchronize the time.";
700 }
701 }
702
703 grouping system-ntp-state {
704 description
705 "Operational state data for system-wide NTP operation.";
706
707 leaf auth-mismatch {
708 type yang:counter64;
709 description
710 "Count of the number of NTP packets received that were not
711 processed due to authentication mismatch.";
712 }
713 }
714
715 grouping system-ntp-top {
716 description
717 "Top-level grouping for configuration and state data for NTP";
718
719 container ntp {
720 description
721 "Top-level container for NTP configuration and state";
722
723 container config {
724 description
725 "Configuration data for NTP client.";
726
727 uses system-ntp-config;
728 }
729
730 container state {
731
732 config false;
733
734 description
735 "Operational state data for NTP services.";
736
737 uses system-ntp-config;
738 uses system-ntp-state;
739 }
740 uses system-ntp-auth-keys-top;
741 uses system-ntp-server-top;
742 }
743 }
744
745 grouping system-memory-config {
746 description
747 "Configuration data for system memory";
748 }
749
750 grouping system-memory-state {
751 description
752 "Operational state data for system memory";
753
754 leaf physical {
755 type uint64;
756 units bytes;
757 // TODO: consider making units in megabytes
758 description
759 "Reports the total physical memory available on the
760 system.";
761 }
762
763 leaf reserved {
764 type uint64;
765 units bytes;
766 description
767 "Memory reserved for system use";
768 }
769 }
770
771 grouping system-memory-top {
772 description
773 "Top-level grouping for system memory data definitions";
774
775 container memory {
776 description
777 "Top-level container for system memory data";
778
779 container config {
780 description
781 "Configuration data for system memory";
782
783 uses system-memory-config;
784 }
785
786 container state {
787
788 config false;
789
790 description
791 "Operational state data for system memory";
792
793 uses system-memory-config;
794 uses system-memory-state;
795 }
796 }
797 }
798
799
800 grouping system-top {
801 description
802 "Top level system data containers";
803
804 container system {
805 description
806 "Enclosing container for system-related configuration and
807 operational state data";
808
809 container config {
810 description "Global configuration data for the system";
811
812 uses system-global-config;
813
814 }
815
816 container state {
817
818 config false;
819
820 description "Global operational state data for the system";
821
822 uses system-global-config;
823 uses system-global-state;
824
825 }
826
827 uses system-clock-top;
828 uses system-dns-top;
829 uses system-ntp-top;
830 uses oc-sys-term:system-ssh-server-top;
831 uses oc-sys-term:system-telnet-server-top;
832 uses oc-log:logging-top;
833 uses oc-aaa:aaa-top;
834 uses system-memory-top;
835 uses oc-proc:procmon-processes-top;
836 }
837 }
838
839 // data definition statements
840
841 uses system-top;
842
843}