diff options
Diffstat (limited to 'vnfs/TestVNF/netconftemplates/netconftemplates/ietf-system@2014-08-06.yin')
| -rw-r--r-- | vnfs/TestVNF/netconftemplates/netconftemplates/ietf-system@2014-08-06.yin | 833 |
1 files changed, 833 insertions, 0 deletions
diff --git a/vnfs/TestVNF/netconftemplates/netconftemplates/ietf-system@2014-08-06.yin b/vnfs/TestVNF/netconftemplates/netconftemplates/ietf-system@2014-08-06.yin new file mode 100644 index 00000000..45ef3e51 --- /dev/null +++ b/vnfs/TestVNF/netconftemplates/netconftemplates/ietf-system@2014-08-06.yin @@ -0,0 +1,833 @@ +<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1"> + <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"><?xml version="1.0" encoding="UTF-8"?> +<module name="ietf-system" + xmlns="urn:ietf:params:xml:ns:yang:yin:1" + xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-system" + xmlns:yang="urn:ietf:params:xml:ns:yang:ietf-yang-types" + xmlns:inet="urn:ietf:params:xml:ns:yang:ietf-inet-types" + xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm" + xmlns:ianach="urn:ietf:params:xml:ns:yang:iana-crypt-hash"> + <namespace uri="urn:ietf:params:xml:ns:yang:ietf-system"/> + <prefix value="sys"/> + <import module="ietf-yang-types"> + <prefix value="yang"/> + </import> + <import module="ietf-inet-types"> + <prefix value="inet"/> + </import> + <import module="ietf-netconf-acm"> + <prefix value="nacm"/> + </import> + <import module="iana-crypt-hash"> + <prefix value="ianach"/> + </import> + <organization> + <text>IETF NETMOD (NETCONF Data Modeling Language) Working Group</text> + </organization> + <contact> + <text>WG Web: &lt;http://tools.ietf.org/wg/netmod/&gt; +WG List: &lt;mailto:netmod@ietf.org&gt; + +WG Chair: Thomas Nadeau + &lt;mailto:tnadeau@lucidvision.com&gt; + +WG Chair: Juergen Schoenwaelder + &lt;mailto:j.schoenwaelder@jacobs-university.de&gt; + +Editor: Andy Bierman + &lt;mailto:andy@yumaworks.com&gt; + +Editor: Martin Bjorklund + &lt;mailto:mbj@tail-f.com&gt;</text> + </contact> + <description> + <text>This module contains a collection of YANG definitions for the +configuration and identification of some common system +properties within a device containing a NETCONF server. This +includes data node definitions for system identification, +time-of-day management, user management, DNS resolver +configuration, and some protocol operations for system +management. + +Copyright (c) 2014 IETF Trust and the persons identified as +authors of the code. All rights reserved. + +Redistribution and use in source and binary forms, with or +without modification, is permitted pursuant to, and subject +to the license terms contained in, the Simplified BSD License +set forth in Section 4.c of the IETF Trust's Legal Provisions +Relating to IETF Documents +(http://trustee.ietf.org/license-info). + +This version of this YANG module is part of RFC 7317; see +the RFC itself for full legal notices.</text> + </description> + <revision date="2014-08-06"> + <description> + <text>Initial revision.</text> + </description> + <reference> + <text>RFC 7317: A YANG Data Model for System Management</text> + </reference> + </revision> + <feature name="radius"> + <description> + <text>Indicates that the device can be configured as a RADIUS +client.</text> + </description> + <reference> + <text>RFC 2865: Remote Authentication Dial In User Service (RADIUS)</text> + </reference> + </feature> + <feature name="authentication"> + <description> + <text>Indicates that the device supports configuration of +user authentication.</text> + </description> + </feature> + <feature name="local-users"> + <if-feature name="authentication"/> + <description> + <text>Indicates that the device supports configuration of +local user authentication.</text> + </description> + </feature> + <feature name="radius-authentication"> + <if-feature name="radius"/> + <if-feature name="authentication"/> + <description> + <text>Indicates that the device supports configuration of user +authentication over RADIUS.</text> + </description> + <reference> + <text>RFC 2865: Remote Authentication Dial In User Service (RADIUS) +RFC 5607: Remote Authentication Dial-In User Service (RADIUS) + Authorization for Network Access Server (NAS) + Management</text> + </reference> + </feature> + <feature name="ntp"> + <description> + <text>Indicates that the device can be configured to use one or +more NTP servers to set the system date and time.</text> + </description> + </feature> + <feature name="ntp-udp-port"> + <if-feature name="ntp"/> + <description> + <text>Indicates that the device supports the configuration of +the UDP port for NTP servers. + +This is a 'feature', since many implementations do not support +any port other than the default port.</text> + </description> + </feature> + <feature name="timezone-name"> + <description> + <text>Indicates that the local time zone on the device +can be configured to use the TZ database +to set the time zone and manage daylight saving time.</text> + </description> + <reference> + <text>RFC 6557: Procedures for Maintaining the Time Zone Database</text> + </reference> + </feature> + <feature name="dns-udp-tcp-port"> + <description> + <text>Indicates that the device supports the configuration of +the UDP and TCP port for DNS servers. + +This is a 'feature', since many implementations do not support +any port other than the default port.</text> + </description> + </feature> + <identity name="authentication-method"> + <description> + <text>Base identity for user authentication methods.</text> + </description> + </identity> + <identity name="radius"> + <base name="authentication-method"/> + <description> + <text>Indicates user authentication using RADIUS.</text> + </description> + <reference> + <text>RFC 2865: Remote Authentication Dial In User Service (RADIUS) +RFC 5607: Remote Authentication Dial-In User Service (RADIUS) + Authorization for Network Access Server (NAS) + Management</text> + </reference> + </identity> + <identity name="local-users"> + <base name="authentication-method"/> + <description> + <text>Indicates password-based authentication of locally +configured users.</text> + </description> + </identity> + <identity name="radius-authentication-type"> + <description> + <text>Base identity for RADIUS authentication types.</text> + </description> + </identity> + <identity name="radius-pap"> + <base name="radius-authentication-type"/> + <description> + <text>The device requests Password Authentication Protocol (PAP) +authentication from the RADIUS server.</text> + </description> + <reference> + <text>RFC 2865: Remote Authentication Dial In User Service (RADIUS)</text> + </reference> + </identity> + <identity name="radius-chap"> + <base name="radius-authentication-type"/> + <description> + <text>The device requests Challenge Handshake Authentication +Protocol (CHAP) authentication from the RADIUS server.</text> + </description> + <reference> + <text>RFC 2865: Remote Authentication Dial In User Service (RADIUS)</text> + </reference> + </identity> + <typedef name="timezone-name"> + <type name="string"/> + <description> + <text>A time zone name as used by the Time Zone Database, +sometimes referred to as the 'Olson Database'. + +The exact set of valid values is an implementation-specific +matter. Client discovery of the exact set of time zone names +for a particular server is out of scope.</text> + </description> + <reference> + <text>RFC 6557: Procedures for Maintaining the Time Zone Database</text> + </reference> + </typedef> + <container name="system"> + <description> + <text>System group configuration.</text> + </description> + <leaf name="contact"> + <type name="string"/> + <description> + <text>The administrator contact information for the system. + +A server implementation MAY map this leaf to the sysContact +MIB object. Such an implementation needs to use some +mechanism to handle the differences in size and characters +allowed between this leaf and sysContact. The definition of +such a mechanism is outside the scope of this document.</text> + </description> + <reference> + <text>RFC 3418: Management Information Base (MIB) for the + Simple Network Management Protocol (SNMP) + SNMPv2-MIB.sysContact</text> + </reference> + </leaf> + <leaf name="hostname"> + <type name="inet:domain-name"/> + <description> + <text>The name of the host. This name can be a single domain +label or the fully qualified domain name of the host.</text> + </description> + </leaf> + <leaf name="location"> + <type name="string"/> + <description> + <text>The system location. + +A server implementation MAY map this leaf to the sysLocation +MIB object. Such an implementation needs to use some +mechanism to handle the differences in size and characters +allowed between this leaf and sysLocation. The definition +of such a mechanism is outside the scope of this document.</text> + </description> + <reference> + <text>RFC 3418: Management Information Base (MIB) for the + Simple Network Management Protocol (SNMP) + SNMPv2-MIB.sysLocation</text> + </reference> + </leaf> + <container name="clock"> + <description> + <text>Configuration of the system date and time properties.</text> + </description> + <choice name="timezone"> + <description> + <text>The system time zone information.</text> + </description> + <case name="timezone-name"> + <if-feature name="timezone-name"/> + <leaf name="timezone-name"> + <type name="timezone-name"/> + <description> + <text>The TZ database name to use for the system, such +as 'Europe/Stockholm'.</text> + </description> + </leaf> + </case> + <case name="timezone-utc-offset"> + <leaf name="timezone-utc-offset"> + <type name="int16"> + <range value="-1500 .. 1500"/> + </type> + <units name="minutes"/> + <description> + <text>The number of minutes to add to UTC time to +identify the time zone for this system. For example, +'UTC - 8:00 hours' would be represented as '-480'. +Note that automatic daylight saving time adjustment +is not provided if this object is used.</text> + </description> + </leaf> + </case> + </choice> + </container> + <container name="ntp"> + <if-feature name="ntp"/> + <presence value="Enables the NTP client unless the 'enabled' leaf +(which defaults to 'true') is set to 'false'"/> + <description> + <text>Configuration of the NTP client.</text> + </description> + <leaf name="enabled"> + <type name="boolean"/> + <default value="true"/> + <description> + <text>Indicates that the system should attempt to +synchronize the system clock with an NTP server +from the 'ntp/server' list.</text> + </description> + </leaf> + <list name="server"> + <key value="name"/> + <description> + <text>List of NTP servers to use for system clock +synchronization. If '/system/ntp/enabled' +is 'true', then the system will attempt to +contact and utilize the specified NTP servers.</text> + </description> + <leaf name="name"> + <type name="string"/> + <description> + <text>An arbitrary name for the NTP server.</text> + </description> + </leaf> + <choice name="transport"> + <mandatory value="true"/> + <description> + <text>The transport-protocol-specific parameters for this +server.</text> + </description> + <case name="udp"> + <container name="udp"> + <description> + <text>Contains UDP-specific configuration parameters +for NTP.</text> + </description> + <leaf name="address"> + <type name="inet:host"/> + <mandatory value="true"/> + <description> + <text>The address of the NTP server.</text> + </description> + </leaf> + <leaf name="port"> + <if-feature name="ntp-udp-port"/> + <type name="inet:port-number"/> + <default value="123"/> + <description> + <text>The port number of the NTP server.</text> + </description> + </leaf> + </container> + </case> + </choice> + <leaf name="association-type"> + <type name="enumeration"> + <enum name="server"> + <description> + <text>Use client association mode. This device +will not provide synchronization to the +configured NTP server.</text> + </description> + </enum> + <enum name="peer"> + <description> + <text>Use symmetric active association mode. +This device may provide synchronization +to the configured NTP server.</text> + </description> + </enum> + <enum name="pool"> + <description> + <text>Use client association mode with one or +more of the NTP servers found by DNS +resolution of the domain name given by +the 'address' leaf. This device will not +provide synchronization to the servers.</text> + </description> + </enum> + </type> + <default value="server"/> + <description> + <text>The desired association type for this NTP server.</text> + </description> + </leaf> + <leaf name="iburst"> + <type name="boolean"/> + <default value="false"/> + <description> + <text>Indicates whether this server should enable burst +synchronization or not.</text> + </description> + </leaf> + <leaf name="prefer"> + <type name="boolean"/> + <default value="false"/> + <description> + <text>Indicates whether this server should be preferred +or not.</text> + </description> + </leaf> + </list> + </container> + <container name="dns-resolver"> + <description> + <text>Configuration of the DNS resolver.</text> + </description> + <leaf-list name="search"> + <type name="inet:domain-name"/> + <ordered-by value="user"/> + <description> + <text>An ordered list of domains to search when resolving +a host name.</text> + </description> + </leaf-list> + <list name="server"> + <key value="name"/> + <ordered-by value="user"/> + <description> + <text>List of the DNS servers that the resolver should query. + +When the resolver is invoked by a calling application, it +sends the query to the first name server in this list. If +no response has been received within 'timeout' seconds, +the resolver continues with the next server in the list. +If no response is received from any server, the resolver +continues with the first server again. When the resolver +has traversed the list 'attempts' times without receiving +any response, it gives up and returns an error to the +calling application. + +Implementations MAY limit the number of entries in this +list.</text> + </description> + <leaf name="name"> + <type name="string"/> + <description> + <text>An arbitrary name for the DNS server.</text> + </description> + </leaf> + <choice name="transport"> + <mandatory value="true"/> + <description> + <text>The transport-protocol-specific parameters for this +server.</text> + </description> + <case name="udp-and-tcp"> + <container name="udp-and-tcp"> + <description> + <text>Contains UDP- and TCP-specific configuration +parameters for DNS.</text> + </description> + <reference> + <text>RFC 1035: Domain Names - Implementation and + Specification +RFC 5966: DNS Transport over TCP - Implementation + Requirements</text> + </reference> + <leaf name="address"> + <type name="inet:ip-address"/> + <mandatory value="true"/> + <description> + <text>The address of the DNS server.</text> + </description> + </leaf> + <leaf name="port"> + <if-feature name="dns-udp-tcp-port"/> + <type name="inet:port-number"/> + <default value="53"/> + <description> + <text>The UDP and TCP port number of the DNS server.</text> + </description> + </leaf> + </container> + </case> + </choice> + </list> + <container name="options"> + <description> + <text>Resolver options. The set of available options has been +limited to those that are generally available across +different resolver implementations and generally useful.</text> + </description> + <leaf name="timeout"> + <type name="uint8"> + <range value="1..max"/> + </type> + <units name="seconds"/> + <default value="5"/> + <description> + <text>The amount of time the resolver will wait for a +response from each remote name server before +retrying the query via a different name server.</text> + </description> + </leaf> + <leaf name="attempts"> + <type name="uint8"> + <range value="1..max"/> + </type> + <default value="2"/> + <description> + <text>The number of times the resolver will send a query to +all of its name servers before giving up and returning +an error to the calling application.</text> + </description> + </leaf> + </container> + </container> + <container name="radius"> + <if-feature name="radius"/> + <description> + <text>Configuration of the RADIUS client.</text> + </description> + <list name="server"> + <key value="name"/> + <ordered-by value="user"/> + <description> + <text>List of RADIUS servers used by the device. + +When the RADIUS client is invoked by a calling +application, it sends the query to the first server in +this list. If no response has been received within +'timeout' seconds, the client continues with the next +server in the list. If no response is received from any +server, the client continues with the first server again. +When the client has traversed the list 'attempts' times +without receiving any response, it gives up and returns an +error to the calling application.</text> + </description> + <leaf name="name"> + <type name="string"/> + <description> + <text>An arbitrary name for the RADIUS server.</text> + </description> + </leaf> + <choice name="transport"> + <mandatory value="true"/> + <description> + <text>The transport-protocol-specific parameters for this +server.</text> + </description> + <case name="udp"> + <container name="udp"> + <description> + <text>Contains UDP-specific configuration parameters +for RADIUS.</text> + </description> + <leaf name="address"> + <type name="inet:host"/> + <mandatory value="true"/> + <description> + <text>The address of the RADIUS server.</text> + </description> + </leaf> + <leaf name="authentication-port"> + <type name="inet:port-number"/> + <default value="1812"/> + <description> + <text>The port number of the RADIUS server.</text> + </description> + </leaf> + <leaf name="shared-secret"> + <nacm:default-deny-all/> + <type name="string"/> + <mandatory value="true"/> + <description> + <text>The shared secret, which is known to both the +RADIUS client and server.</text> + </description> + <reference> + <text>RFC 2865: Remote Authentication Dial In User + Service (RADIUS)</text> + </reference> + </leaf> + </container> + </case> + </choice> + <leaf name="authentication-type"> + <type name="identityref"> + <base name="radius-authentication-type"/> + </type> + <default value="radius-pap"/> + <description> + <text>The authentication type requested from the RADIUS +server.</text> + </description> + </leaf> + </list> + <container name="options"> + <description> + <text>RADIUS client options.</text> + </description> + <leaf name="timeout"> + <type name="uint8"> + <range value="1..max"/> + </type> + <units name="seconds"/> + <default value="5"/> + <description> + <text>The number of seconds the device will wait for a +response from each RADIUS server before trying with a +different server.</text> + </description> + </leaf> + <leaf name="attempts"> + <type name="uint8"> + <range value="1..max"/> + </type> + <default value="2"/> + <description> + <text>The number of times the device will send a query to +all of its RADIUS servers before giving up.</text> + </description> + </leaf> + </container> + </container> + <container name="authentication"> + <nacm:default-deny-write/> + <if-feature name="authentication"/> + <description> + <text>The authentication configuration subtree.</text> + </description> + <leaf-list name="user-authentication-order"> + <type name="identityref"> + <base name="authentication-method"/> + </type> + <must condition="(. != &quot;sys:radius&quot; or ../../radius/server)"> + <error-message> + <value>When 'radius' is used, a RADIUS server must be configured.</value> + </error-message> + <description> + <text>When 'radius' is used as an authentication method, +a RADIUS server must be configured.</text> + </description> + </must> + <ordered-by value="user"/> + <description> + <text>When the device authenticates a user with a password, +it tries the authentication methods in this leaf-list in +order. If authentication with one method fails, the next +method is used. If no method succeeds, the user is +denied access. + +An empty user-authentication-order leaf-list still allows +authentication of users using mechanisms that do not +involve a password. + +If the 'radius-authentication' feature is advertised by +the NETCONF server, the 'radius' identity can be added to +this list. + +If the 'local-users' feature is advertised by the +NETCONF server, the 'local-users' identity can be +added to this list.</text> + </description> + </leaf-list> + <list name="user"> + <if-feature name="local-users"/> + <key value="name"/> + <description> + <text>The list of local users configured on this device.</text> + </description> + <leaf name="name"> + <type name="string"/> + <description> + <text>The user name string identifying this entry.</text> + </description> + </leaf> + <leaf name="password"> + <type name="ianach:crypt-hash"/> + <description> + <text>The password for this entry.</text> + </description> + </leaf> + <list name="authorized-key"> + <key value="name"/> + <description> + <text>A list of public SSH keys for this user. These keys +are allowed for SSH authentication, as described in +RFC 4253.</text> + </description> + <reference> + <text>RFC 4253: The Secure Shell (SSH) Transport Layer + Protocol</text> + </reference> + <leaf name="name"> + <type name="string"/> + <description> + <text>An arbitrary name for the SSH key.</text> + </description> + </leaf> + <leaf name="algorithm"> + <type name="string"/> + <mandatory value="true"/> + <description> + <text>The public key algorithm name for this SSH key. + +Valid values are the values in the IANA 'Secure Shell +(SSH) Protocol Parameters' registry, Public Key +Algorithm Names.</text> + </description> + <reference> + <text>IANA 'Secure Shell (SSH) Protocol Parameters' +registry, Public Key Algorithm Names</text> + </reference> + </leaf> + <leaf name="key-data"> + <type name="binary"/> + <mandatory value="true"/> + <description> + <text>The binary public key data for this SSH key, as +specified by RFC 4253, Section 6.6, i.e.: + + string certificate or public key format + identifier + byte[n] key/certificate data.</text> + </description> + <reference> + <text>RFC 4253: The Secure Shell (SSH) Transport Layer + Protocol</text> + </reference> + </leaf> + </list> + </list> + </container> + </container> + <container name="system-state"> + <config value="false"/> + <description> + <text>System group operational state.</text> + </description> + <container name="platform"> + <description> + <text>Contains vendor-specific information for +identifying the system platform and operating system.</text> + </description> + <reference> + <text>IEEE Std 1003.1-2008 - sys/utsname.h</text> + </reference> + <leaf name="os-name"> + <type name="string"/> + <description> + <text>The name of the operating system in use - +for example, 'Linux'.</text> + </description> + <reference> + <text>IEEE Std 1003.1-2008 - utsname.sysname</text> + </reference> + </leaf> + <leaf name="os-release"> + <type name="string"/> + <description> + <text>The current release level of the operating +system in use. This string MAY indicate +the OS source code revision.</text> + </description> + <reference> + <text>IEEE Std 1003.1-2008 - utsname.release</text> + </reference> + </leaf> + <leaf name="os-version"> + <type name="string"/> + <description> + <text>The current version level of the operating +system in use. This string MAY indicate +the specific OS build date and target variant +information.</text> + </description> + <reference> + <text>IEEE Std 1003.1-2008 - utsname.version</text> + </reference> + </leaf> + <leaf name="machine"> + <type name="string"/> + <description> + <text>A vendor-specific identifier string representing +the hardware in use.</text> + </description> + <reference> + <text>IEEE Std 1003.1-2008 - utsname.machine</text> + </reference> + </leaf> + </container> + <container name="clock"> + <description> + <text>Monitoring of the system date and time properties.</text> + </description> + <leaf name="current-datetime"> + <type name="yang:date-and-time"/> + <description> + <text>The current system date and time.</text> + </description> + </leaf> + <leaf name="boot-datetime"> + <type name="yang:date-and-time"/> + <description> + <text>The system date and time when the system last restarted.</text> + </description> + </leaf> + </container> + </container> + <rpc name="set-current-datetime"> + <nacm:default-deny-all/> + <description> + <text>Set the /system-state/clock/current-datetime leaf +to the specified value. + +If the system is using NTP (i.e., /system/ntp/enabled +is set to 'true'), then this operation will fail with +error-tag 'operation-failed' and error-app-tag value of +'ntp-active'.</text> + </description> + <input> + <leaf name="current-datetime"> + <type name="yang:date-and-time"/> + <mandatory value="true"/> + <description> + <text>The current system date and time.</text> + </description> + </leaf> + </input> + </rpc> + <rpc name="system-restart"> + <nacm:default-deny-all/> + <description> + <text>Request that the entire system be restarted immediately. +A server SHOULD send an rpc reply to the client before +restarting the system.</text> + </description> + </rpc> + <rpc name="system-shutdown"> + <nacm:default-deny-all/> + <description> + <text>Request that the entire system be shut down immediately. +A server SHOULD send an rpc reply to the client before +shutting down the system.</text> + </description> + </rpc> +</module> +</data> +</rpc-reply> |