module netconfd {
yang-version 1;
namespace
"http://netconfcentral.org/ns/netconfd";
prefix nd;
import yuma-ncx {
prefix ncx;
}
import yuma-types {
prefix nt;
}
import yuma-app-common {
prefix ncxapp;
}
import ietf-inet-types {
prefix inet;
}
organization "Netconf Central";
contact
"Andy Bierman <support@netconfcentral.org>.";
description
"Configuration Parameters for netconfd;
This module is not advertised by the server.
It contains only CLI parameters.";
revision "2011-12-15" {
description
"Add --running-error parameter.";
}
revision "2011-10-08" {
description "Add --home parameter.";
}
revision "2011-08-27" {
description
"Add --runpath parameter.
Add --factory-startup parameter.";
}
revision "2011-07-20" {
description
"Add --audit-log and --audit-log-append CLI parameters.
Add --system-sorted CLI parameter.
Make with-defaults enum local to prevent report-all-tagged
from being accepted as a basic mode.";
}
revision "2011-05-29" {
description
"Removed superuser YANG default to disable by default,
to make sure an admin has to explicitly enable
this feature.";
}
revision "2011-04-24" {
description
"Added --protocols parameter via uses ProtocolsParm.
Not available in yuma v1 branch.";
}
revision "2011-04-02" {
description
"Added --delete-np-containers parameter.";
}
revision "2010-05-13" {
description
"Added --with-url to enable :url capability.";
}
revision "2010-01-14" {
description
"Initial version for 0.9.9 release.";
}
container netconfd {
ncx:cli;
description
"Server CLI for the NETCONF protocol.
Usage:
netconfd [parameters]";
leaf access-control {
type enumeration {
enum "enforcing" {
value 0;
description
"All configured access control rules will be
enforced.";
}
enum "permissive" {
value 1;
description
"All configured access control rules will be
enforced for write and execute requests.
All read requests will be allowed, unless
the requested object contains the
'nacm:very-secure' extension. In that case,
all configured access control rules will
be enforced.";
}
enum "disabled" {
value 2;
description
"All read, write, and execute requests will be
allowed, unless the object contains the
'nacm:secure' or 'nacm:very-secure' extension.
If the 'nacm:secure' extension is in effect,
then all configured access control rules
will be enforced for write and execute requests.
If the 'nacm:very-secure' extension is in effect,
then all configured access control rules
will be enforced for all requests.
Use this mode with caution.";
}
enum "off" {
value 3;
description
"All access control enforcement is disabled.
Use this mode with extreme caution.";
}
}
default 'enforcing';
description
"Controls how access control is initially enforced by the
server.";
}
leaf audit-log {
type string;
description
"Filespec for the server audit log file to use in addition
to the normal log file or STDOUT.";
}
leaf audit-log-append {
type empty;
description
"If present, the audit log will be appended not over-written.
If not, the audit log will be over-written.
Only meaningful if the 'audit-log' parameter is
also present.";
}
leaf config {
type string;
description
"The name of the configuration file to use.
Any parameter except this one can be set in the config file.
The default config file will be not be checked if this
parameter is present.";
}
leaf datapath {
type yt:NcPathList;
description
"Internal file search path for config files.
Overrides the YUMA_DATAPATH environment variable.";
}
leaf default-style {
type enumeration {
enum "report-all" {
value 0;
}
enum "trim" {
value 1;
}
enum "explicit" {
value 2;
}
}
default 'explicit';
description
"Selects the type of filtering behavior the server will
advertise as the 'basic' behavior in the 'with-defaults'
capability. The server will use this default handling
behavior if the 'with-defaults' parameter is not
explicitly set.
Also, when saving a configuration to NV-storage,
this value will be used for filtering defaults
from the saved configuration.
See wd:with-defaults leaf for enumeration details.";
}
leaf delete-empty-npcontainers {
type boolean;
default 'false';
description
"An empty non-presence container has no meaning
in NETCONF/YANG so it may be deleted by the server.
This takes non-trivial processing time for large
databases, but uses less memory.
Disabling this parameter will result in a larger
database in both memory and NV-save.";
}
leaf-list deviation {
type yt:NcModuleSpec;
description
"YANG deviation file.
This parameter identifies a YANG module that
should only be checked for deviation statements
for external modules. These will be collected
and applied to the real module(s) being processed.
Deviations are applied as patches to the target module.
Since they are not identified in the target module at
all (ala imports), they have to be specified
explicitly, so they will be correctly processed.
If this string represents a filespec,
ending with the '.yang' or '.yin' extension,
then only that file location will be checked.
If this string represents a module name, then
the module search path will be checked for
a file with the module name and the '.yang'
or '.yin' extension.
If this string begins with a '~' character,
then a username is expected to follow or
a directory separator character. If it begins
with a '$' character, then an environment variable
name is expected to follow.
~/some/path ==> <my-home-dir>/some/path
~fred/some/path ==> <fred-home-dir>/some/path
$workdir/some/path ==> <workdir-env-var>/some/path
";
}
leaf eventlog-size {
type uint32;
default '1000';
description
"Specifies the maximum number of notification events
that will be saved in the notification replay buffer.
The oldest entries will be deleted first.";
}
leaf-list feature-disable {
type yt:FeatureSpec;
description
"Identifies a feature which should be considered
disabled.";
}
leaf-list feature-enable {
type yt:FeatureSpec;
description
"Identifies a feature which should be considered
enabled.";
}
leaf feature-enable-default {
type boolean;
default "true";
description
"If true, then features will be enabled by default.
If false, then features will be disabled by default.";
}
leaf hello-timeout {
type uint32 {
range "0 | 10 .. 3600";
}
units "seconds";
default '600';
description
"Specifies the number of seconds that a session
may exist before the hello PDU is received.
A session will be dropped if no hello PDU
is received before this number of seconds elapses.
If this parameter is set to zero, then the server
will wait forever for a hello message, and not
drop any sessions stuck in 'hello-wait' state.
Setting this parameter to zero may permit
denial of service attacks, since only a limited
number of concurrent sessions are supported
by the server.";
}
leaf help {
type empty;
description
"Print program help file and exit.";
}
choice help-mode {
default "normal";
leaf brief {
type empty;
description "Show brief help text";
}
leaf full {
type empty;
description "Show full help text";
}
leaf normal {
type empty;
description
"Show normal help text";
}
} // choice help-mode
leaf home {
type string {
length "1..max";
}
description
"Directory specification for the home directory
to use instead of HOME.";
}
leaf idle-timeout {
type uint32 {
range "0 | 10 .. 360000";
}
units "seconds";
default '3600';
description
"Specifies the number of seconds that a session
may remain idle without issuing any RPC requests.
A session will be dropped if it is idle for an
interval longer than this number of seconds.
Sessions that have a notification subscription
active are never dropped.
If this parameter is set to zero, then the server
will never drop a session because it is idle.";
}
leaf indent {
type yt:IndentType;
description
"Number of spaces to indent (0..9) in formatted output.";
}
leaf log {
type string;
description
"Filespec for the log file to use instead of STDOUT.";
}
leaf log-append {
type empty;
description
"If present, the log will be appended not over-written.
If not, the log will be over-written.
Only meaningful if the 'log' parameter is
also present.";
}
leaf log-level {
type yt:NcDebugType;
description
"Sets the debug logging level for the program.";
}
leaf max-burst {
type uint32;
default '10';
description
"Specifies the maximum number of notifications
that should be sent to one session, within a
one second time interval. The value 0 indicates
that the server should not limit notification
bursts at all.";
}
leaf modpath {
type yt:NcPathList;
description
"Directory search path for YANG or YIN modules.
Overrides the YUMA_MODPATH environment variable.";
}
leaf-list module {
type yt:NcModuleSpec;
description
"YANG source module name to use.";
}
leaf-list port {
type inet:port-number;
max-elements 4;
description
"Specifies the TCP ports that the server will accept
connections from. These ports must also be configured
in the /etc/ssh/sshd_config file for the SSH master
server to accept the connection and invoke the netconf
subsystem.
Up to 4 port numbers can be configured.
If any ports are configured, then only those values
will be accepted by the server.
If no ports are configured, then the server will accept
connections on the netconf-ssh port (tcp/830).";
}
leaf protocols {
type bits {
bit netconf1.0 {
position 0;
description "RFC 4741 base:1.0";
}
bit netconf1.1 {
position 1;
description "RFC xxxx base:1.1";
}
}
must ". != ''";
description
"Specifies which protocol versions the program or session
will attempt to use. Empty set is not allowed.";
}
leaf running-error {
type enumeration {
enum "stop" {
value 0;
description
"Terminate the program if any errors are
encountered in the running configuration.";
}
enum "continue" {
value 1;
description
"Continue the program if any errors are
encountered in the running configuration.
Altering the running configuration will fail
until the commit validation tests succeed.";
}
}
default 'stop';
description
"Controls the server behavior if any errors are
encountered while validating the running database
during the initial load of the running configuration
at boot-time.";
}
leaf runpath {
type yt:NcPathList;
description
"Internal file search path for executable modules.
Overrides the YUMA_RUNPATH environment variable.";
}
choice start {
description
"select startup config for boot load";
leaf factory-startup {
type empty;
description
"Force the system to use the factory configuration
and delete the startup config file if it exists.
Force the NV-storage startup to
contain the factory default configuration.";
}
leaf no-startup {
type empty;
description
"If present, do not load the startup config file.
Use the factory default settings but do not
overwrite the NV-storage startup unless it
is altered. This option does not delete the startup
config file if it exists.";
}
leaf startup {
type string;
description
"The full or relative filespec of the startup config
file to use.
If present, overrides the default startup config
file name 'startup-cfg.xml', This will also
override the YUMA_DATAPATH environment variable
and the datapath CLI parameter, if the first
character is the forward slash '/', indicating
an absolute file path.";
}
} // choice start
leaf startup-error {
type enumeration {
enum "stop" {
value 0;
description
"Terminate the program if any errors are
encountered in the startup configuration.";
}
enum "continue" {
value 1;
description
"Continue the program if any errors are
encountered in the startup configuration.
The entire module-specific data structure(s)
containing the error node(s) will not be added
to the running configuration at boot-time.";
}
}
default 'continue';
description
"Controls the server behavior if any errors are
encountered while loading the startup configuration
file into the running configuration at boot-time.
It is possible for the startup configuration
to contain errors within optional nodes. If this
parameter is set to 'continue', then the validation
tests on the running config (controlled by running-error)
should not fail due to missing optional nodes.";
}
leaf subdirs {
type boolean;
default "true";
description
"If false, the file search paths for modules, scripts,
and data files will not include sub-directories if they
exist in the specified path.
If true, then these file search paths will include
sub-directories, if present. Any directory name beginning
with a dot '.' character, or named 'CVS', will be ignored.";
}
leaf superuser {
type union {
type nt:NcxName;
type string {
length "0";
}
}
description
"The user name to use as the superuser account.
Any session associated with this user name
will bypass all access control enforcement.
See yuma-nacm.yang for more details.
To disable the superuser account completely,
set this parameter to the empty string or do
not set it at all. The default mode is to
disable superuser access.";
}
leaf system-sorted {
type boolean;
default 'true';
description
"Indicates whether ordered-by system leaf-lists
and lists will be kept in sorted order.";
}
leaf target {
type enumeration {
enum "running" {
value 0;
description
"Write to the running config and support
the :writable-running capability.";
}
enum "candidate" {
value 1;
description
"Write to the candidate config and support
the :candidate and :confirmed-commit
capabilities.";
}
}
default 'candidate';
description
"The database to use as the target of edit-config
operations.";
}
leaf usexmlorder {
type empty;
description
"If present, then XML element order will be enforced.
Otherwise, XML element order errors will not be
generated if possible. Default is no enforcement of
strict XML order.";
}
leaf version {
type empty;
description
"Print program version string and exit.";
}
leaf warn-idlen {
type uint32 {
range "0 | 8 .. 1023";
}
default "64";
description
"Control whether identifier length warnings will be
generated. The value zero disables all identifier
length checking. If non-zero, then a warning will
be generated if an identifier is defined which
has a length is greater than this amount.";
}
leaf warn-linelen {
type uint32 {
range "0 | 40 .. 4095";
}
default "0";
description
"Control whether line length warnings will be
generated. The value zero disables all line length
checking. If non-zero, then a warning will
be generated if the line length is greater than
this amount. Tab characters are counted as 8 spaces.";
}
leaf-list warn-off {
type uint32 {
range "400 .. 899";
}
description
"Control whether the specified warning number will be
generated and counted in the warning total for the
module being parsed.";
}
leaf with-startup {
type boolean;
default 'false';
description
"If set to 'true', then the :startup capability will be
enabled. Otherwise, the :startup capability
will not be enabled. This capability
makes the NV-save operation an explicit operation
instead of an automatic save.";
}
leaf with-url {
type boolean;
default 'true';
description
"If set to 'true', then the :url capability will be
enabled. Otherwise, the :url capability
will not be enabled. This capability requires a
file system and may introduce security risks
because internal files such as startup-cfg.xml
and backup-cfg.xml will be exposed.";
}
leaf with-validate {
type boolean;
default 'true';
description
"If set to 'true', then the :validate capability will be
enabled. Otherwise, the :validate capability
will not be enabled. This capability requires
extensive memory resources.";
}
leaf yuma-home {
type string;
description
"Directory for the yuma project root to use.
If present, this directory location will
override the 'YUMA_HOME' environment variable,
if it is present. If a zero-length string is
entered, then the YUMA_HOME environment variable
will be ignored.";
}
} // container netconfd
} // module netconfd
