aboutsummaryrefslogtreecommitdiffstats
path: root/sdnr/model/yang/ietf-system@2014-08-06.yang
diff options
context:
space:
mode:
Diffstat (limited to 'sdnr/model/yang/ietf-system@2014-08-06.yang')
-rw-r--r--sdnr/model/yang/ietf-system@2014-08-06.yang842
1 files changed, 0 insertions, 842 deletions
diff --git a/sdnr/model/yang/ietf-system@2014-08-06.yang b/sdnr/model/yang/ietf-system@2014-08-06.yang
deleted file mode 100644
index de3096c4..00000000
--- a/sdnr/model/yang/ietf-system@2014-08-06.yang
+++ /dev/null
@@ -1,842 +0,0 @@
-module ietf-system {
- namespace "urn:ietf:params:xml:ns:yang:ietf-system";
- prefix "sys";
-
- import ietf-yang-types {
- prefix yang;
- }
-
- import ietf-inet-types {
- prefix inet;
- }
-
- import ietf-netconf-acm {
- prefix nacm;
- }
-
- import iana-crypt-hash {
- prefix ianach;
- }
-
- organization
- "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
-
-
-
-
-
-
-
- contact
- "WG Web: <http://tools.ietf.org/wg/netmod/>
- WG List: <mailto:netmod@ietf.org>
-
- WG Chair: Thomas Nadeau
- <mailto:tnadeau@lucidvision.com>
-
- WG Chair: Juergen Schoenwaelder
- <mailto:j.schoenwaelder@jacobs-university.de>
-
- Editor: Andy Bierman
- <mailto:andy@yumaworks.com>
-
- Editor: Martin Bjorklund
- <mailto:mbj@tail-f.com>";
-
- description
- "This module contains a collection of YANG definitions for the
- configuration and identification of some common system
- properties within a device containing a NETCONF server. This
- includes data node definitions for system identification,
- time-of-day management, user management, DNS resolver
- configuration, and some protocol operations for system
- management.
-
- Copyright (c) 2014 IETF Trust and the persons identified as
- authors of the code. All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, is permitted pursuant to, and subject
- to the license terms contained in, the Simplified BSD License
- set forth in Section 4.c of the IETF Trust's Legal Provisions
- Relating to IETF Documents
- (http://trustee.ietf.org/license-info).
-
- This version of this YANG module is part of RFC 7317; see
- the RFC itself for full legal notices.";
-
- revision 2014-08-06 {
- description
- "Initial revision.";
- reference
- "RFC 7317: A YANG Data Model for System Management";
- }
-
-
-
-
- /*
- * Typedefs
- */
-
- typedef timezone-name {
- type string;
- description
- "A time zone name as used by the Time Zone Database,
- sometimes referred to as the 'Olson Database'.
-
- The exact set of valid values is an implementation-specific
- matter. Client discovery of the exact set of time zone names
- for a particular server is out of scope.";
- reference
- "RFC 6557: Procedures for Maintaining the Time Zone Database";
- }
-
- /*
- * Features
- */
-
- feature radius {
- description
- "Indicates that the device can be configured as a RADIUS
- client.";
- reference
- "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
- }
-
- feature authentication {
- description
- "Indicates that the device supports configuration of
- user authentication.";
- }
-
- feature local-users {
- if-feature authentication;
- description
- "Indicates that the device supports configuration of
- local user authentication.";
- }
-
-
-
-
-
-
-
- feature radius-authentication {
- if-feature radius;
- if-feature authentication;
- description
- "Indicates that the device supports configuration of user
- authentication over RADIUS.";
- reference
- "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
- RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
- Authorization for Network Access Server (NAS)
- Management";
- }
-
- feature ntp {
- description
- "Indicates that the device can be configured to use one or
- more NTP servers to set the system date and time.";
- }
-
- feature ntp-udp-port {
- if-feature ntp;
- description
- "Indicates that the device supports the configuration of
- the UDP port for NTP servers.
-
- This is a 'feature', since many implementations do not support
- any port other than the default port.";
- }
-
- feature timezone-name {
- description
- "Indicates that the local time zone on the device
- can be configured to use the TZ database
- to set the time zone and manage daylight saving time.";
- reference
- "RFC 6557: Procedures for Maintaining the Time Zone Database";
- }
-
- feature dns-udp-tcp-port {
- description
- "Indicates that the device supports the configuration of
- the UDP and TCP port for DNS servers.
-
- This is a 'feature', since many implementations do not support
- any port other than the default port.";
- }
-
-
- /*
- * Identities
- */
-
- identity authentication-method {
- description
- "Base identity for user authentication methods.";
- }
-
- identity radius {
- base authentication-method;
- description
- "Indicates user authentication using RADIUS.";
- reference
- "RFC 2865: Remote Authentication Dial In User Service (RADIUS)
- RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
- Authorization for Network Access Server (NAS)
- Management";
- }
-
- identity local-users {
- base authentication-method;
- description
- "Indicates password-based authentication of locally
- configured users.";
- }
-
- identity radius-authentication-type {
- description
- "Base identity for RADIUS authentication types.";
- }
-
- identity radius-pap {
- base radius-authentication-type;
- description
- "The device requests Password Authentication Protocol (PAP)
- authentication from the RADIUS server.";
- reference
- "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
- }
-
-
-
-
-
-
-
-
- identity radius-chap {
- base radius-authentication-type;
- description
- "The device requests Challenge Handshake Authentication
- Protocol (CHAP) authentication from the RADIUS server.";
- reference
- "RFC 2865: Remote Authentication Dial In User Service (RADIUS)";
- }
-
- /*
- * Configuration data nodes
- */
-
- container system {
- description
- "System group configuration.";
-
- leaf contact {
- type string;
- description
- "The administrator contact information for the system.
-
- A server implementation MAY map this leaf to the sysContact
- MIB object. Such an implementation needs to use some
- mechanism to handle the differences in size and characters
- allowed between this leaf and sysContact. The definition of
- such a mechanism is outside the scope of this document.";
- reference
- "RFC 3418: Management Information Base (MIB) for the
- Simple Network Management Protocol (SNMP)
- SNMPv2-MIB.sysContact";
- }
- leaf hostname {
- type inet:domain-name;
- description
- "The name of the host. This name can be a single domain
- label or the fully qualified domain name of the host.";
- }
- leaf location {
- type string;
- description
- "The system location.
-
- A server implementation MAY map this leaf to the sysLocation
- MIB object. Such an implementation needs to use some
- mechanism to handle the differences in size and characters
- allowed between this leaf and sysLocation. The definition
- of such a mechanism is outside the scope of this document.";
- reference
- "RFC 3418: Management Information Base (MIB) for the
- Simple Network Management Protocol (SNMP)
- SNMPv2-MIB.sysLocation";
- }
-
- container clock {
- description
- "Configuration of the system date and time properties.";
-
- choice timezone {
- description
- "The system time zone information.";
-
- case timezone-name {
- if-feature timezone-name;
- leaf timezone-name {
- type timezone-name;
- description
- "The TZ database name to use for the system, such
- as 'Europe/Stockholm'.";
- }
- }
- case timezone-utc-offset {
- leaf timezone-utc-offset {
- type int16 {
- range "-1500 .. 1500";
- }
- units "minutes";
- description
- "The number of minutes to add to UTC time to
- identify the time zone for this system. For example,
- 'UTC - 8:00 hours' would be represented as '-480'.
- Note that automatic daylight saving time adjustment
- is not provided if this object is used.";
- }
- }
- }
- }
-
- container ntp {
- if-feature ntp;
- presence
- "Enables the NTP client unless the 'enabled' leaf
- (which defaults to 'true') is set to 'false'";
- description
- "Configuration of the NTP client.";
-
- leaf enabled {
- type boolean;
- default true;
- description
- "Indicates that the system should attempt to
- synchronize the system clock with an NTP server
- from the 'ntp/server' list.";
- }
- list server {
- key name;
- description
- "List of NTP servers to use for system clock
- synchronization. If '/system/ntp/enabled'
- is 'true', then the system will attempt to
- contact and utilize the specified NTP servers.";
-
- leaf name {
- type string;
- description
- "An arbitrary name for the NTP server.";
- }
- choice transport {
- mandatory true;
- description
- "The transport-protocol-specific parameters for this
- server.";
-
- case udp {
- container udp {
- description
- "Contains UDP-specific configuration parameters
- for NTP.";
- leaf address {
- type inet:host;
- mandatory true;
- description
- "The address of the NTP server.";
- }
- leaf port {
- if-feature ntp-udp-port;
- type inet:port-number;
- default 123;
- description
- "The port number of the NTP server.";
- }
- }
- }
- }
- leaf association-type {
- type enumeration {
- enum server {
- description
- "Use client association mode. This device
- will not provide synchronization to the
- configured NTP server.";
- }
- enum peer {
- description
- "Use symmetric active association mode.
- This device may provide synchronization
- to the configured NTP server.";
- }
- enum pool {
- description
- "Use client association mode with one or
- more of the NTP servers found by DNS
- resolution of the domain name given by
- the 'address' leaf. This device will not
- provide synchronization to the servers.";
- }
- }
- default server;
- description
- "The desired association type for this NTP server.";
- }
- leaf iburst {
- type boolean;
- default false;
- description
- "Indicates whether this server should enable burst
- synchronization or not.";
- }
- leaf prefer {
- type boolean;
- default false;
- description
- "Indicates whether this server should be preferred
- or not.";
- }
- }
- }
-
- container dns-resolver {
- description
- "Configuration of the DNS resolver.";
-
- leaf-list search {
- type inet:domain-name;
- ordered-by user;
- description
- "An ordered list of domains to search when resolving
- a host name.";
- }
- list server {
- key name;
- ordered-by user;
- description
- "List of the DNS servers that the resolver should query.
-
- When the resolver is invoked by a calling application, it
- sends the query to the first name server in this list. If
- no response has been received within 'timeout' seconds,
- the resolver continues with the next server in the list.
- If no response is received from any server, the resolver
- continues with the first server again. When the resolver
- has traversed the list 'attempts' times without receiving
- any response, it gives up and returns an error to the
- calling application.
-
- Implementations MAY limit the number of entries in this
- list.";
-
- leaf name {
- type string;
- description
- "An arbitrary name for the DNS server.";
- }
- choice transport {
- mandatory true;
- description
- "The transport-protocol-specific parameters for this
- server.";
-
- case udp-and-tcp {
- container udp-and-tcp {
- description
- "Contains UDP- and TCP-specific configuration
- parameters for DNS.";
- reference
- "RFC 1035: Domain Names - Implementation and
- Specification
- RFC 5966: DNS Transport over TCP - Implementation
- Requirements";
-
- leaf address {
- type inet:ip-address;
- mandatory true;
- description
- "The address of the DNS server.";
- }
- leaf port {
- if-feature dns-udp-tcp-port;
- type inet:port-number;
- default 53;
- description
- "The UDP and TCP port number of the DNS server.";
- }
- }
- }
- }
- }
- container options {
- description
- "Resolver options. The set of available options has been
- limited to those that are generally available across
- different resolver implementations and generally useful.";
- leaf timeout {
- type uint8 {
- range "1..max";
- }
- units "seconds";
- default "5";
- description
- "The amount of time the resolver will wait for a
- response from each remote name server before
- retrying the query via a different name server.";
- }
- leaf attempts {
- type uint8 {
- range "1..max";
- }
- default "2";
- description
- "The number of times the resolver will send a query to
- all of its name servers before giving up and returning
- an error to the calling application.";
- }
- }
- }
-
-
-
- container radius {
- if-feature radius;
-
- description
- "Configuration of the RADIUS client.";
-
- list server {
- key name;
- ordered-by user;
- description
- "List of RADIUS servers used by the device.
-
- When the RADIUS client is invoked by a calling
- application, it sends the query to the first server in
- this list. If no response has been received within
- 'timeout' seconds, the client continues with the next
- server in the list. If no response is received from any
- server, the client continues with the first server again.
- When the client has traversed the list 'attempts' times
- without receiving any response, it gives up and returns an
- error to the calling application.";
-
- leaf name {
- type string;
- description
- "An arbitrary name for the RADIUS server.";
- }
- choice transport {
- mandatory true;
- description
- "The transport-protocol-specific parameters for this
- server.";
-
- case udp {
- container udp {
- description
- "Contains UDP-specific configuration parameters
- for RADIUS.";
- leaf address {
- type inet:host;
- mandatory true;
- description
- "The address of the RADIUS server.";
- }
-
-
-
-
- leaf authentication-port {
- type inet:port-number;
- default "1812";
- description
- "The port number of the RADIUS server.";
- }
- leaf shared-secret {
- type string;
- mandatory true;
- nacm:default-deny-all;
- description
- "The shared secret, which is known to both the
- RADIUS client and server.";
- reference
- "RFC 2865: Remote Authentication Dial In User
- Service (RADIUS)";
- }
- }
- }
- }
- leaf authentication-type {
- type identityref {
- base radius-authentication-type;
- }
- default radius-pap;
- description
- "The authentication type requested from the RADIUS
- server.";
- }
- }
- container options {
- description
- "RADIUS client options.";
-
- leaf timeout {
- type uint8 {
- range "1..max";
- }
- units "seconds";
- default "5";
- description
- "The number of seconds the device will wait for a
- response from each RADIUS server before trying with a
- different server.";
- }
-
-
-
- leaf attempts {
- type uint8 {
- range "1..max";
- }
- default "2";
- description
- "The number of times the device will send a query to
- all of its RADIUS servers before giving up.";
- }
- }
- }
-
- container authentication {
- nacm:default-deny-write;
- if-feature authentication;
-
- description
- "The authentication configuration subtree.";
-
- leaf-list user-authentication-order {
- type identityref {
- base authentication-method;
- }
- must '(. != "sys:radius" or ../../radius/server)' {
- error-message
- "When 'radius' is used, a RADIUS server"
- + " must be configured.";
- description
- "When 'radius' is used as an authentication method,
- a RADIUS server must be configured.";
- }
- ordered-by user;
-
- description
- "When the device authenticates a user with a password,
- it tries the authentication methods in this leaf-list in
- order. If authentication with one method fails, the next
- method is used. If no method succeeds, the user is
- denied access.
-
- An empty user-authentication-order leaf-list still allows
- authentication of users using mechanisms that do not
- involve a password.
-
- If the 'radius-authentication' feature is advertised by
- the NETCONF server, the 'radius' identity can be added to
- this list.
-
- If the 'local-users' feature is advertised by the
- NETCONF server, the 'local-users' identity can be
- added to this list.";
- }
-
- list user {
- if-feature local-users;
- key name;
- description
- "The list of local users configured on this device.";
-
- leaf name {
- type string;
- description
- "The user name string identifying this entry.";
- }
- leaf password {
- type ianach:crypt-hash;
- description
- "The password for this entry.";
- }
- list authorized-key {
- key name;
- description
- "A list of public SSH keys for this user. These keys
- are allowed for SSH authentication, as described in
- RFC 4253.";
- reference
- "RFC 4253: The Secure Shell (SSH) Transport Layer
- Protocol";
-
- leaf name {
- type string;
- description
- "An arbitrary name for the SSH key.";
- }
-
-
-
-
-
-
-
-
-
-
-
-
- leaf algorithm {
- type string;
- mandatory true;
- description
- "The public key algorithm name for this SSH key.
-
- Valid values are the values in the IANA 'Secure Shell
- (SSH) Protocol Parameters' registry, Public Key
- Algorithm Names.";
- reference
- "IANA 'Secure Shell (SSH) Protocol Parameters'
- registry, Public Key Algorithm Names";
- }
- leaf key-data {
- type binary;
- mandatory true;
- description
- "The binary public key data for this SSH key, as
- specified by RFC 4253, Section 6.6, i.e.:
-
- string certificate or public key format
- identifier
- byte[n] key/certificate data.";
- reference
- "RFC 4253: The Secure Shell (SSH) Transport Layer
- Protocol";
- }
- }
- }
- }
- }
-
- /*
- * Operational state data nodes
- */
-
- container system-state {
- config false;
- description
- "System group operational state.";
-
- container platform {
- description
- "Contains vendor-specific information for
- identifying the system platform and operating system.";
- reference
- "IEEE Std 1003.1-2008 - sys/utsname.h";
-
- leaf os-name {
- type string;
- description
- "The name of the operating system in use -
- for example, 'Linux'.";
- reference
- "IEEE Std 1003.1-2008 - utsname.sysname";
- }
- leaf os-release {
- type string;
- description
- "The current release level of the operating
- system in use. This string MAY indicate
- the OS source code revision.";
- reference
- "IEEE Std 1003.1-2008 - utsname.release";
- }
- leaf os-version {
- type string;
- description
- "The current version level of the operating
- system in use. This string MAY indicate
- the specific OS build date and target variant
- information.";
- reference
- "IEEE Std 1003.1-2008 - utsname.version";
- }
- leaf machine {
- type string;
- description
- "A vendor-specific identifier string representing
- the hardware in use.";
- reference
- "IEEE Std 1003.1-2008 - utsname.machine";
- }
- }
-
- container clock {
- description
- "Monitoring of the system date and time properties.";
-
- leaf current-datetime {
- type yang:date-and-time;
- description
- "The current system date and time.";
- }
-
-
- leaf boot-datetime {
- type yang:date-and-time;
- description
- "The system date and time when the system last restarted.";
- }
- }
- }
-
- rpc set-current-datetime {
- nacm:default-deny-all;
- description
- "Set the /system-state/clock/current-datetime leaf
- to the specified value.
-
- If the system is using NTP (i.e., /system/ntp/enabled
- is set to 'true'), then this operation will fail with
- error-tag 'operation-failed' and error-app-tag value of
- 'ntp-active'.";
- input {
- leaf current-datetime {
- type yang:date-and-time;
- mandatory true;
- description
- "The current system date and time.";
- }
- }
- }
-
- rpc system-restart {
- nacm:default-deny-all;
- description
- "Request that the entire system be restarted immediately.
- A server SHOULD send an rpc reply to the client before
- restarting the system.";
- }
-
- rpc system-shutdown {
- nacm:default-deny-all;
- description
- "Request that the entire system be shut down immediately.
- A server SHOULD send an rpc reply to the client before
- shutting down the system.";
- }
-
-} \ No newline at end of file