netconfcentral logo

yumaworks-server@2018-04-21



  module yumaworks-server {

    yang-version 1;

    namespace
      "http://yumaworks.com/ns/yumaworks-server";

    prefix yser;

    import ietf-netconf-acm {
      prefix nacm;
    }
    import netconfd-pro {
      prefix ndpro;
    }
    import yumaworks-extensions {
      prefix ywx;
    }

    organization "YumaWorks, Inc.";

    contact
      "Support <support at yumaworks.com>";

    description
      "Runtime access to netconfd-pro server parameters.
        The following parameters can be changed at run-time
        and the new value will be activated immediately.

        * allowed-user
        * eventlog-size
        * hello-timeout
        * idle-timeout
        * log-level
        * max-burst
        * max-cli-sessions
        * max-getbulk
        * max-sessions
        * subsys-timeout

        The rest of the CLI parameters can be edited for
        activation at the next reboot.

        If the server has write permission to the
        configuration file (e.g., netconfd-pro.conf) then
        the parameters will be saved when the server exits.


     Copyright (c) 2017 - 2018, YumaWorks, Inc. All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject
     to the license terms contained in, the BSD 3-Clause License
     http://opensource.org/licenses/BSD-3-Clause";

    revision "2018-04-21" {
      description "Add no-nvstore to server";
    }

    revision "2017-12-30" {
      description "Initial version";
    }


    container server {
      nacm:default-deny-all;
      ywx:no-nvstore;
      description
        "Runtime access to netconfd-pro CLI parameters for
         immediate change or activate-on-restart";
      leaf help {
        type empty;
        description
          "Print program help file and exit.";
      }

      choice help-mode {
        default "normal";
        leaf brief {
          type empty;
          description "Show brief help text";
        }
        leaf normal {
          type empty;
          description
            "Show normal help text";
        }
        leaf full {
          type empty;
          description "Show full help text";
        }
      }  // choice help-mode

      leaf indent {
        type yt:IndentType;
        description
          "Number of spaces to indent (0..9) in formatted output.";
      }

      leaf log {
        type string;
        description
          "Filespec for the log file to use instead of STDOUT.

If this parameter is used on the command line then
the --log-append parameter must also be present
on the command line if append mode is desired.";
      }

      leaf log-append {
        type empty;
        description
          "If present, the log will be appended not over-written.
If not, the log will be over-written.
Only meaningful if the 'log' parameter is
also present.";
      }

      leaf log-level {
        type yt:NcDebugType;
        description
          "Sets the debug logging level for the program.";
      }

      leaf modpath {
        type yt:NcPathList;
        description
          "Directory search path for YANG or YIN modules.
Overrides the YUMA_MODPATH environment variable.";
      }

      leaf version {
        type empty;
        description
          "Print program version string and exit.";
      }

      leaf warn-error {
        type boolean;
        default "false";
        description
          "Control whether all warnings are upgraded to errors.
If 'true' then all warnings will be treated as errors
unless a warn-off parameter is set to disable a
specific warning.";
      }

      leaf warn-idlen {
        type uint32 {
          range "0 | 8 .. 1023";
        }
        default "64";
        description
          "Control whether identifier length warnings will be
generated.  The value zero disables all identifier
length checking.  If non-zero, then a warning will
be generated if an identifier is defined which
has a length is greater than this amount.";
      }

      leaf warn-linelen {
        type uint32 {
          range "0 | 40 .. 4095";
        }
        default "0";
        description
          "Control whether line length warnings will be
generated.  The value zero disables all line length
checking.  If non-zero, then a warning will
be generated if the line length is greater than
this amount.  Tab characters are counted as 8 spaces.";
      }

      leaf-list warn-off {
        type uint32 {
          range "1000 .. 1999";
        }
        description
          "Control whether the specified warning number will be
generated and counted in the warning total for the
module being parsed.";
      }

      leaf-list warn-up {
        type uint32 {
          range "1000 .. 1999";
        }
        description
          "Control whether the specified warning number will be
upgraded to an error and counted in the error total
for the module being parsed.";
      }

      choice config-choice {
        leaf config {
          type string;
          description
            "The name of the configuration file to use.
Any parameter except this one can be set in the config file.
The default config file will be not be checked if this
parameter is present.";
        }
        leaf no-config {
          type empty;
          description
            "Do not the default .conf file even if it exists.";
        }
      }  // choice config-choice

      leaf feature-enable-default {
        type boolean;
        default "true";
        description
          "If true, then features will be enabled by default.
If false, then features will be disabled by default.";
      }

      leaf-list feature-enable {
        type yt:FeatureSpec;
        description
          "Identifies a feature which should be considered
enabled.";
      }

      leaf-list feature-disable {
        type yt:FeatureSpec;
        description
          "Identifies a feature which should be considered
disabled.";
      }

      leaf binary-display-maxlen {
        type uint32;
        default "0";
        description
          "The maximum number of bytes to display when dumping
the contents of a binary value. Normally a message
will be displayed showing the name and length.

If this parameter is set to a value greater than zero
then a standard 8-byte per line hex dump of the
binary type will also be displayed for a maximum number
of bytes set by this parameter.";
      }

      leaf-list errmsg {
        type string;
        description
          "Specifies a replacement string for a specific error number.
Can specify error message for 1 specific language.

The 'num' component must match the <error-number>
found in status_enum.h. New error enums are always added
at the end of the list, so the numbers will not change.

The 'lang' component should use the ISO-639-1 code
Max length is 7 characters.

The string has the format: '<num>:<lang>:error string'
where:
    <num> = error number to use for error message
    <lang> = language code (en for English)
    error string = error string text

Example:

  Replace error 117 (ERR_WB_WRITE_FAILED) 'db write failed'

  errmsg='117:en:The database could not be written'
";
      }

      leaf errmsg-lang {
        type string {
          length "1 .. 7";
        }
        default "en";
        description
          "Specifies the language code for the error-message
language. This is only relevant if there are errmsg
parameters for multiple languages loaded in the program.
This value should use the ISO-639-1 code.
";
      }

      leaf home {
        type string {
          length "1..max";
        }
        description
          "Directory specification for the home directory
to use instead of HOME.";
      }

      leaf log-backtrace {
        type uint32 {
          range "0 .. 100";
        }
        description
          "If present, log output will include traceback
detail for each log message, subject to further
filtering by --log-backtrace-level and/or
log-backtrace-stream qualifiers";
      }

      leaf log-backtrace-detail {
        type empty;
        description
          "If present in conjunction with --log-backtrace
log messages will include 'detailed' backtrace
information (if supported by the compiler).";
      }

      leaf log-backtrace-level {
        type bits {
          bit write {
            position 0;
            description
              "Include backtrace info in write messages.";
          }
          bit dev0 {
            position 1;
            description
              "Include backtrace info in developer
level 0 messages.";
          }
          bit error {
            position 2;
            description
              "Include backtrace info in error messages.";
          }
          bit warn {
            position 3;
            description
              "Include backtrace info in warning messages.";
          }
          bit info {
            position 4;
            description
              "Include backtrace info in info messages.";
          }
          bit dev1 {
            position 5;
            description
              "Include backtrace info in developer
level 1 messages.";
          }
          bit debug {
            position 6;
            description
              "Include backtrace info in debug messages.";
          }
          bit debug2 {
            position 7;
            description
              "Include backtrace info in debug2 messages.";
          }
          bit debug3 {
            position 8;
            description
              "Include backtrace info in debug3 messages.";
          }
          bit debug4 {
            position 9;
            description
              "Include backtrace info in debug4 messages.";
          }
        }
        description
          "Indicates for which debug level(s) backtrace
             info will be generated. Param string is an XSD
             list: a double quoted series of whitespace
             separated (level) strings like "error warn debug"";
      }

      leaf log-backtrace-stream {
        type bits {
          bit logfile {
            position 0;
            description
              "Include backtrace in logfile stream.";
          }
          bit stderr {
            position 1;
            description
              "Include backtrace in stderr stream.";
          }
          bit stdout {
            position 2;
            description
              "Include backtrace in stdout stream.";
          }
          bit syslog {
            position 3;
            description
              "Include backtrace in syslog stream.";
          }
          bit vendor {
            position 4;
            description
              "Include backtrace in vendor stream.";
          }
        }
        description
          "Indicates in which log stream(s) backtrace info
             will be included. Param string is an XSD list:
             a double quoted series of whitespace separated
             (log stream) strings like "logfile syslog"";
      }

      leaf log-header {
        type bits {
          bit custom {
            position 0;
            description
              "Include date, time, and level.";
          }
          bit localtime {
            position 1;
            description
              "Include localtime instead of Yang canonical format.";
          }
        }
        description
          "Indicates what header elements to include in
             header output. Param string is an XSD list:
             a double quoted series of whitespace separated
             (element) strings like "custom localtime"";
      }

      leaf log-mirroring {
        type empty;
        description
          "If present in conjunction with --log, --log-syslog,
and/or --log-vendor, log output will be directed to
the normal stdout/stderr/logfile as well as
to the syslog or vendor log stream";
      }

      leaf log-console {
        type empty;
        description
          "User friendly synonym for --log-mirroring.";
      }

      leaf log-stderr {
        type empty;
        description
          "If present, error level output be directed to stderr
instead of stdout (as well as log file, if specified)";
      }

      leaf log-syslog {
        type empty;
        description
          "If present, log output will be directed to the
standard syslog interface. Yuma log priorities
will be translated into the appropriate syslog
equivalents.";
      }

      leaf log-syslog-level {
        type yt:NcDebugType;
        description
          "Sets the syslog debug logging level filter for output to
the syslog file for the program.";
      }

      leaf log-vendor {
        type empty;
        description
          "If present, log messages will be directed to a
customer-written and registered callback function.
This functionality is defined by an API specified in
the YumaWorks API Reference Manual. In the absence of
a registered callback, this parameter will direct
logging messages to syslog in order to facilitate
standalone testing.";
      }

      leaf log-vendor-level {
        type yt:NcDebugType;
        description
          "Sets the vendor debug logging level filter for output to
the vendor-specific log output file stream for the program.";
      }

      leaf message-indent {
        type int8 {
          range "-1 .. 9";
        }
        default "-1";
        description
          "The number of spaces to indent for each level of
output in a protocol message, e.g. NETCONF request.
The value zero means no indent, just line feeds.
The value -1 means no indent and no line feeds either.";
      }

      leaf yumapro-home {
        type string;
        description
          "Directory for the yumapro project root to use.
If present, this directory location will
override the 'YUMAPRO_HOME' environment variable,
if it is present.  If a zero-length string is
entered, then the YUMAPRO_HOME environment variable
will be ignored.";
      }

      leaf loadpath {
        type yt:NcPathList;
        description
          "Directory load path for YANG or YIN modules.
This will be checked before the modpath setting
if present when finding modules. After all module
and bundle parameters have been processed, this
load path will be checked and the server will
attempt to load any modules not already loaded.
Overrides the YUMA_LOADPATH environment variable.";
      }

      leaf subdirs {
        type boolean;
        default "true";
        description
          "If false, the file search paths for modules, scripts,
and data files will not include sub-directories if they
exist in the specified path.

If true, then these file search paths will include
sub-directories, if present.  Any directory name beginning
with a dot '.' character, or named 'CVS', will be ignored.";
      }

      leaf protocols {
        type bits {
          bit netconf1.0 {
            position 0;
            description "RFC 4741 base:1.0";
          }
          bit netconf1.1 {
            position 1;
            description "RFC 6241 base:1.1";
          }
          bit yang-api {
            position 2;
            status deprecated;
            description "YANG-API protocol";
            reference
              "draft-bierman-netconf-yang-api-01.txt";

          }
          bit restconf {
            position 3;
            description "RESTCONF Protocol";
            reference
              "RFC 8040";

          }
        }
        must ". != ''";
        description
          "Specifies which protocol versions the program or session
will attempt to use. Empty set is not allowed.";
      }

      leaf runpath {
        type yt:NcPathList;
        description
          "Internal file search path for executable modules.
Overrides the YUMA_RUNPATH environment variable.";
      }

      leaf match-names {
        type ywt:NameMatchMode;
        default "exact";
        description
          "Match mode to use for UrlPath name searches.";
      }

      leaf alt-names {
        type ywt:AltNameMode;
        default "true";
        description
          "Match mode to use for UrlPath name searches.";
      }

      leaf wildcard-keys {
        type boolean;
        default "false";
        description
          "Enable wildcards on key leaf values.
Set to 'true' if UrlPath targets for GET operations
are allowed to replace key values with the dash '-'
character to indicate that all instances of that key
are requested.

Set to false to treat the '-' character as a plain
character if entered as a key value in a UrlPath string.";
      }

      leaf access-control {
        type ywt:access-control-mode;
        default "enforcing";
        description
          "Controls how access control is initially enforced by the
server.";
      }

      leaf allow-list-delete-all {
        type boolean;
        default "false";
        description
          "If true, then the delete-all operation is enabled
for deleting instances of list objects.";
      }

      leaf allow-leaflist-delete-all {
        type boolean;
        default "false";
        description
          "If true, then the delete-all operation is enabled
for deleting instances of leaf-list objects.";
      }

      leaf-list allowed-user {
        type nt:NcxName;
        description
          "Name of a user that is allowed to have access to
the server via network management sessions.
If any configured then the user name must be in this list,
unless the user is the superuser account.";
      }

      choice audit-log-choice {
        leaf audit-log {
          type string;
          description
            "Filespec for the server audit log file to use in addition
to the normal log file or STDOUT.";
        }
        leaf no-audit-log {
          type empty;
          description
            "Flag indicating that no audit log at all will be created.
This is only relevant if --fileloc-fhs is 'true'.";
        }
      }  // choice audit-log-choice

      leaf audit-log-append {
        type empty;
        description
          "If present, the audit log will be appended not over-written.
If not, the audit log will be over-written.
Only meaningful if the 'audit-log' parameter is
also present.";
      }

      leaf audit-log-candidate {
        type boolean;
        default "true";
        description
          "If true, then transactions to the candidate datastore
will be recorded in the audit log.

If false, then transactions to the candidate datastore
will not be recorded in the audit log.";
      }

      leaf audit-log-console-level {
        type nt:NcDebugType;
        default "debug";
        description
          "Sets the minimum logging level needed to log datastore
audit records to the server console log. This does not
affect output to the audit log.";
      }

      leaf audit-log-events {
        type bits {
          bit edit-candidate {
            position 0;
            description
              "Save candidate datastore edit events in the audit log.
If the --audit-log-candidate parameter is set to true,
or the <candidate> datastore is not present, then this
bit will be ignored.";
          }
          bit edit-running {
            position 1;
            description
              "Save running datastore edit events in the audit log";
          }
          bit update-startup {
            position 2;
            description
              "Save startup datastore update events in the audit log.
If the <startup> datastore is not present then this
bit will be ignored.";
          }
          bit client-session {
            position 3;
            description
              "Save client session start and end events in the audit log";
          }
          bit control-session {
            position 4;
            description
              "Save YControl session start and end events in the audit log";
          }
          bit acm-write-error {
            position 5;
            description
              "Save access control write access denied events in
the audit log";
          }
          bit acm-exec-error {
            position 6;
            description
              "Save access control execute access denied events in
the audit log";
          }
          bit rpc-summary {
            position 7;
            description
              "Save <rpc> summary records in the audit log.";
          }
          bit edit-data {
            position 8;
            description
              "Add plain display output of the data that is being
edited in an edit transaction. This bit has no affect
unless the edit-candidate or edit-running bit is
also set.

Note that this added data could represent a security risk
since it could expose sensitive configuration data contents.
Use this option with caution!";
          }
        }
        default "edit-running";
        description
          "Configures the audit log events that will be saved as
audit records to the audit log.  This does not affect
debug logging to the server console log.";
      }

      leaf audit-log-level {
        type nt:NcDebugType;
        default "info";
        description
          "Sets the minimum logging level needed to log datastore
audit records to the audit log.  This does not affect
debug logging to the server console log.";
      }

      leaf autodelete-pdu-error {
        type boolean;
        default "true";
        description
          "If true, then configuration nodes provided in the
edit payload (e.g., <config> element) that are
conditional on 'when' statements must evaluate to
true or else an operation-failed error will be
returned.

If false, then such 'false when' will be silently
removed from the target datastore.";
      }

      leaf-list bundle {
        type nt:NcxName;
        description
          "Specifies the name of a SIL bundle to load into system
at boot-time.";
      }

      leaf callhome-reconnect {
        type boolean;
        default "false";
        description
          "If 'true' the server will attempt to start a new callhome
connection if the client closes the session.
If 'false' the server will not attempt to start a new
callhome session after the client closes the session.

Be careful that the server is running with proper
permissions because a successful connection that
fails during authentication will cause a reconnect
loop if this parameter is set to 'true'.";
      }

      leaf callhome-retry-interval {
        type uint16 {
          range "1 .. max";
        }
        units "seconds";
        default "60";
        description
          "Specifies the number of seconds to wait after a connect
attempt to the callhome server has failed before attempting
another connect attempt to that server.";
      }

      leaf callhome-retry-max {
        type uint16;
        default "10";
        description
          "Specifies the number of retry attempts the server should
attempt to the callhome server before giving up.
The value 0 indicates the server should never give up.";
      }

      leaf-list callhome-server {
        type string;
        description
          "Specifies a NETCONF over SSH callhome server that
this server should attempt to initiate a callhome
connection at boot-time.

This string has the format:

 <server-id> '@' <server-ipv4-addr> [ ':' <port-num> ]

    server1@192.168.0.101
    server1@192.168.0.101:12040

 <server-id> '@' <server-ipv6-addr> [ '$' <port-num> ]

    server1@2605:e000:7e92:3f00:9e:aa5a:fd7f
    server1@2605:e000:7e92:3f00:9e:aa5a:fd7f$6666

 The server-id parameter is used for logging purposes.
 This parameter is ignored if the --with-callhome
 parameter is set to 'false'.

 The default NETCONF over SSH CallHome port number
 (netconf-ch-ssh 4334) is used if the 'port' field is
 not present.
";
      }

      leaf callhome-sshd-command {
        type string;
        default "/usr/sbin/sshd";
        description
          "Specifies the command string used to invoke the SSH server
when a NETCONF over SSH callhome session is initiated.";
      }

      leaf callhome-sshd-config {
        type string;
        description
          "Specifies the SSH server configuration file to use when
invoking the SSH server when a NETCONF over SSH callhome
session is initiated. The default config file to use is
a dynamic string using the pattern ch_sshd_config.<client>.
It is located in the $HOME/.yumapro directory.";
      }

      leaf callhome-subsys-command {
        type string;
        default
          "/usr/sbin/netconf-subsystem-pro";
        description
          "Specifies the netconf subsystem to use in the default
ch_sshd_config files to specify the NETCONF subsystem
for the incoming NETCONF session expected on the
NETCONF over SSH callhome session.";
      }

      leaf-list callhome-tls-server {
        type string;
        description
          "Specifies a NETCONF over TLS callhome server that
this server should attempt to initiate a callhome
connection at boot-time.

This string has the format:

 <server-id> '@' <server-ipv4-addr> [ ':' <port-num> ]

    server1@192.168.0.101
    server1@192.168.0.101:12040

 <server-id> '@' <server-ipv6-addr> [ '$' <port-num> ]

    server1@2605:e000:7e92:3f00:9e:aa5a:fd7f
    server1@2605:e000:7e92:3f00:9e:aa5a:fd7f$6666

 The server-id parameter is used for logging purposes.
 This parameter is ignored if the --with-callhome
 parameter is set to 'false'.

 The default NETCONF over TLS callhome port number
 (netconf-ch-tls 4335) is used if the 'port' field is
 not present.
";
      }

      leaf cert-default-user {
        type string;
        description
          "The username to use if no username mapping is found
for a NETCONF over TLS session. This parameter is
non-standard and should only be used for debugging.
This parameter is not available unless image is built
with DEBUG=1 parameter.";
      }

      leaf-list cert-usermap {
        type string;
        ordered-by user;
        description
          "Each entry specifies a certificate to user name mapping
for NETCONF over TLS sessions. A mapping is a structured
string using the form <user>@<fingerprint>.

The 'user' field is the case-sensitive user name
for the mapping.

The 'fingerprint' field is a hex-string representation
of the SHA-1 fingerprint for the X.509 certificate.
It does not have to be complete. Usually 6 bytes should
be sufficient to ensure uniqueness. The hex digits
are not case-sensitive.  At least 6 hex digits must
be provided. A maximum of 20 hex digits can be provided.

Example: admin@60:C8:5C:08:82:55

A printable fingerprint can be generated with the
openssl command:

 'openssl x509 -noout -fingerprint -sha1 -inform pem
   -in [certificate-file.crt]'
";
      }

      leaf confdir {
        type string;
        default
          "/etc/yumapro/netconfd-pro.d";
        description
          "Specifies the CLI parameter configuration directory
to use for extra configuration files. The server
will check this directory for files that end with
the suffix '.conf' and process them similar to
the main configuration file. Other files will be
ignored.

Files will be processed in alphabetical order.
The server will keep the first value set if a
CLI leaf parameter is set multiple times.

The CLI parameters are set in the following order:

 1) netconfd-pro command line
 2) --config file or /etc/yumapro/netconfd-pro.conf
 3) --confdir files or /etc/yumapro/netconfd-pro.d/

If the --no-config parameter is present in step (1)
then steps (2) and (3) will be skipped, and this
parameter will be ignored. If this parameter is
encountered in step (3) it will be ignored.

Extra configuration files in step (3) have the exact
same syntax as the configuration file used in step (2).

Example extra config file testmods.conf:

   netconfd-pro {
     module acme-test1
     module acme-test2
     log-level debug2
     message-indent 1
     idle-timeout 0
   }

";
      }

      leaf convert-subtree-filter {
        type boolean;
        default "false";
        description
          "If set to 'true' then subtree filters for retrieval
operations might be converted to XPath expressions
for processing.

The subtree filtering algorithm has a minor flaw
which can cause subtree containment nodes to be
printed in the output even though a nested selection
filter does not match. A containment node should
be completely pruned from the result no selection
filters within it produce a match.  This only affects
data that needs to be retrieved by the server with
a GET2 callback.

This issue has been fixed by converting a subtree filter
to XPath and processing as if it were an XPath filter.
If this parameter is set to 'true' then the conversion
will be attempted. The conversion will be skipped
if any of the following conditions are true

  - output format is not XML
  - input format is not XML
  - subtree filter contains any attribute match expressions

This bugfix is not enabled by default because it might
change filter output which was previously incorrect,
but a client might be relying on the incorrect output
anyway.";
      }

      leaf create-empty-npcontainers {
        type boolean;
        default "true";
        description
          "An empty non-presence container has no meaning
in NETCONF/YANG so it may be created by the server.
In particular, the presence of the container
node with no child nodes is semantically
equivalent to the absence of the container node.
This is the default style.

If this parameter is set to false, then the server
will not create empty NP containers.";
      }

      leaf db-lock-retry-interval {
        type uint32 {
          range "10 .. 60000";
        }
        units "milli-seconds";
        default "500";
        description
          "The number of milli-seconds to wait before attempting
to get a DB-Config-Lock from the DB-API subsystem.";
      }

      leaf db-lock-timeout {
        type uint32 {
          range "min .. 3600";
        }
        units "seconds";
        default "30";
        description
          "The total number of seconds to wait before giving
up on a DB-Config-Lock from the DB-API subsystem.
The value zero indicates that no retries will be
attempted if the lock is busy.";
      }

      leaf default-style {
        type enumeration {
          enum "report-all" {
            value 0;
          }
          enum "trim" {
            value 1;
          }
          enum "explicit" {
            value 2;
          }
        }
        default "explicit";
        description
          "Selects the type of filtering behavior the server will
advertise as the 'basic' behavior in the 'with-defaults'
capability.  The server will use this default handling
behavior if the 'with-defaults' parameter is not
explicitly set.

Also, when saving a configuration to NV-storage,
this value will be used for filtering defaults
from the saved configuration.

See wd:with-defaults leaf for enumeration details.";
      }

      leaf delete-empty-npcontainers {
        type boolean;
        default "false";
        status obsolete;
        description
          "An empty non-presence container has no meaning
in NETCONF/YANG so it may be deleted by the server.
This takes non-trivial processing time for large
databases, but uses less memory.
Disabling this parameter will result in a larger
database in both memory and NV-save.";
      }

      leaf eventlog-size {
        type uint32;
        default "1000";
        description
          "Specifies the maximum number of notification events
that will be saved in each notification replay buffer.
The oldest entries will be deleted first.
The value 0 will cause the server to periodically
clean out the messages that have already been
delivered. The eventlog-size is per event stream,
not total size.";
      }

      leaf-list event-stream {
        type nt:NcxName;
        description
          "Specifies the name of a NETCONF event stream that
should be created by the server. Each event stream has
its own subscriptions and notification replay buffer.
Each event stream has the same replay buffer size, using
the shared eventlog-size parameter.

Each generated notification is sent to one event stream.
The YANG module instrumentation will select an event stream
to use or the default event stream will be used. Copies
of the same notification can be sent to multiple event
streams. If the event-stream specified by the instrumentation
is not available, then a warning will be generated in
the log and the default event stream will be used instead.

The default event stream is named 'NETCONF'. It cannot be
replaced or removed. No other event stream can have
this name.  The standard NETCONF notification events
are always sent to this event stream, unless there is
an event-stream-map assigning the module to a different
event stream.";
      }

      leaf-list event-stream-map {
        type string;
        description
          "Each entry specifies a module name to event-stream mapping
for notification handling. A mapping is a structured
string using the form <module-name>@<stream-name>.

The 'module-name' field is the case-sensitive module name
for the mapping.

The 'stream-name' field is the case-sensitive stream
name for the mapping. It must match an 'event-stream'
parameter or the default 'NETCONF'. Note there is no
need to define a mapping for the 'NETCONF' stream
since it will be picked if no other stream is selected.

The built-in notifications such as 'replayComplete' and
'notificationComplete' are subscription-specific and
always sent only to the subscription, not the event stream.
Therefore these notifications are not affected by
this parameter.";
      }

      leaf fileloc-fhs {
        type boolean;
        default "false";
        description
          "If true, then the server should use Filesystem
Hierarchy Standard (FHS) directory locations to create
and store server data. May need to run as root.

The FHS server log file will be created by default
unless the 'log' parameter is used, then that location
will be used instead.

The FHS audit log file will be created by default
unless the 'audit-log' parameter is used, then that
location will be used instead. If the 'no-audit-log'
parameter is present then no audit log will be created.

  File Type     Example
  ----------------------------------------------------
  server log:  /var/log/netconfd-pro/server.log
  audit log:   /var/log/netconfd-pro/audit.log
  config file: /var/lib/netconfd-pro/startup-cfg.xml
  TXID file:   /var/lib/netconfd-pro/startup-cfg-txid.txt
  backups:     /var/lib/netconfd-pro/backups/backup1.xml
  PID file:    /var/run/netconfd-pro/netconfd-pro.pid
  AF socket:   /var/run/netconfd-pro/ncxserver.sock

If false then the server will use $HOME/.yumapro and
other file locations to store server data.

  File Type     Example
  ----------------------------------------------------
  server log:  STDOUT; no server log created by default
  audit log:   STDOUT; no audit log created by default
  config file: $HOME/.yumapro/startup-cfg.xml
  TXID file:   $HOME/.yumapro/startup-cfg-txid.txt
  backups:     $HOME/.yumapro/backups/backup1.xml
  PID file:    $HOME/.yumapro/netconfd-pro.pid
  AF socket:   /tmp/ncxserver.sock
";
      }

      leaf ha-enabled {
        type boolean;
        default "false";
        description
          "Specifies whether the YP-HA protocol should be enabled,
allowing High Availability Datastore Replication
mode to be supported.  If this parameter is enabled
then the following parameters must be configured
or the server will exit with an error:

 - ha-server
 - ha-server-key
 - server-id
 - socket-type=tcp
 - socket-address
 - socket-port
";
      }

      leaf ha-initial-active {
        type nt:NcxName;
        description
          "Specifies the server name for the initial YP-HA active
server. This is ignored unless ha-enabled=true. There is
no default.

This parameter is used to hardwire the initial
High Availability roles instead of setting it
in the yp-system init1 or init2 callback functions.
If this parameter is the same as 'server-id' then this
server will be the initial YP-HA active server.

This parameter is intended for debug mode only.
The real operational mode should use signaling only
to set the HA mode.  Otherwise if the server reboots
it will use the configured HA mode, which may not be
correct if it has been changed during runtime.";
      }

      leaf ha-port {
        type inet:port-number;
        default "8088";
        description
          "Specifies the default port to use for YP-HA protocol
messages. Unless otherwise specified, this port number
will be used by a standby server attempting to connect
to the active server.
(This parameter is not used yet).";
      }

      leaf-list ha-server {
        type string;
        description
          "Specifies a server in the YP-HA server pool.
This string has the format:

   <server-id> '@' <server-addr> [ ':' <port-num> ]

    server1@192.168.0.101
    server1@192.168.0.101:12040

 The server running with this configuration must be
 listed in the ha-server pool.  The server-id parameter
 must match the entry for this server.

 There must be at least 2 entries present to
 configure an HA server pool. This must be done if
 ha-enabled parameter is set to 'true'.
";
      }

      leaf ha-server-key {
        type string;
        description
          "Specifies the string the standby server must present
to the active server during registration.  Used to prevent
servers from going the wrong HA pool.  If not set then
the active server will reject the YP-HA connection.
This parameter must be set if the ha-enabled parameter
is set to 'true'.";
      }

      leaf ha-sil-standby {
        type boolean;
        default "false";
        description
          "Specifies whether the edit callbacks such as SIL,
SIL-SA and HOOK instrumentation will be invoked if
the server is operating in HA standby mode";
      }

      leaf hello-timeout {
        type uint32 {
          range "0 | 10 .. 3600";
        }
        units "seconds";
        default "600";
        description
          "Specifies the number of seconds that a NETCONF session
may exist before the client hello PDU is received.
A session will be dropped if no hello PDU
is received before this number of seconds elapses.

If this parameter is set to zero, then the server
will wait forever for a hello message, and not
drop any sessions stuck in 'hello-wait' state.

The hello timer starts when a session is started
within the server, and therefore using a session resource
that counts against the 'max-sessions' limit.

For NETCONF over SSH sessions the session starts
after the SSH session is setup and the 'netconf'
subsystem is invoked. The SSH server has its own
timeout values for maximum session startup time.
For NETCONF over TLS sessions the session starts
when the TCP connection is accepted.

Setting this parameter to zero may permit
denial of service attacks, since only a limited
number of concurrent sessions are supported
by the server.";
      }

      leaf-list hide-module {
        type nt:NcxName;
        description
          "Specifies the name of a module to hide from
advertisements to client sessions. If the
specified module name is loaded into the server,
then this parameter will cause it to be
omitted from the following data structures:

  - YANG 1.0 <hello> message
  - /netconf-state/schemas/schema list
  - /modules-state/module list

This parameter will prevent the client from knowing
about the hidden module. If an advertised module imports
a hidden module then it is very likely a client will
not be able to use the advertised module because
of the missing imports.

This parameter can be dangerous! It does not prevent
loading or enabling of the module.  The SIL code is
responsible for not returning any data to a client
using a hidden module.

Use of this parameter violates conformance to NETCONF,
RESTCONF, and the YANG Library. Use with caution,
only for modules that are not accessible by clients.";
      }

      leaf idle-timeout {
        type uint32 {
          range "0 | 10 .. 360000";
        }
        units "seconds";
        default "3600";
        description
          "Specifies the number of seconds that a session
may remain idle without issuing any RPC requests.
A session will be dropped if it is idle for an
interval longer than this number of seconds.

Sessions that have a notification subscription
active are never dropped.

If this parameter is set to zero, then the server
will never drop a session because it is idle.";
      }

      leaf import-version-bestmatch {
        type boolean;
        default "false";
        description
          "Specifies if the bestmatch search feature should
be used for import resolution when no revision-date
field is specified in the import-stmt.

If 'true' then the server will scan the module search
path during startup and determine the most recent
revisions of each module. If a module is loaded or
imported and no revision date is specified then the
bestmatch revision will be used.

This feature requires some additional memory and
bootup processing time. It should be avoided if possible.
The module search path on the server should only contain
the modules and revisions that are needed by the server.

If set to 'false', then the bestmatch feature will
not be enabled. It is possible for the server to find and load
the wrong version of a module during imports processing.
For example, while loading module A, it imports module B.
Then module B is loaded but a revision is specified
(e.g., --module=B@2019-06-20). This can cause errors
during callback registration such as 'definition not found'
or 'segment not found', depending on how the module has changed.
";
      }

      leaf insecure-ok {
        type boolean;
        default "false";
        description
          "Specifies if insecure NETCONF over TLS should be allowed.
If true then X.509 certificates will be accepted even
if they cannot be verified. Used for debugging only!
This parameter is only available if the image was built
with the DEBUG=1 parameter.";
      }

      leaf library-mode {
        type boolean;
        default "false";
        description
          "If true, then the server will operate in YANG module
library mode. It will find all the YANG modules
and make them available for <get-schema> operations.

The following NETCONF operations are available when
the server is operating in library mode:

  ietf-netconf:get
  ietf-netconf:get-config
  ietf-netconf-monitoring:get-schema

  if --with-yuma-system='true':
    yuma-system:restart
    yuma-system:shutdown
";
      }

      leaf max-burst {
        type uint32;
        default "10";
        description
          "Specifies the maximum number of notifications
that should be sent to one session, within a
one second time interval.  The value 0 indicates
that the server should not limit notification
bursts at all.";
      }

      leaf max-getbulk {
        type uint32;
        default "10";
        description
          "Specifies the maximum number of getbulk entries to
request from a GET2 callback. This value will be used
in the get2cb 'max_entries' field.
The value 0 is used to indicate there is no max and
the GET2 callback can return as many getbulk entries
as desired. This is the default for leaf-list
GET2 callbacks";
      }

      leaf max-sessions {
        type uint16 {
          range "0 .. 1024";
        }
        default "8";
        description
          "Specifies the maximum number of concurrent sessions
that can be active at one time.  The value 0 indicates
that no artificial session limit should be used.";
      }

      leaf max-cli-sessions {
        type uint16 {
          range "0 .. 1024";
        }
        default "0";
        description
          "Specifies the maximum number of concurrent CLI sessions
that can be active at one time.  The value 0 indicates
that no artificial session limit should be used.

The max-sessions parameter has precedence,
so setting this parameter higher than 'max-sessions'
will have no effect.";
      }

      leaf max-strlen {
        type int32 {
          range "65536 .. max";
        }
        units "bytes";
        default "262144";
        description
          "The maximum number of bytes in length that will be accepted
for a quoted string, by the internal token parser.
This affects YANG and JSON input processing.
Set this value to allow large binary leafs to be
parsed by the server. This value includes 1 byte for the
string termination character.";
      }

      leaf-list module-tagmap {
        type string;
        description
          "Specifies a module tag mapping for use in module tags registry.
The format is <modname>@<tag-string>.
Examples:
   ietf-system@ietf:system-management
   openconfig-system@vendor:openconfig:system-management
   example-system@vendor:example.com:system-management
";
      }

      leaf-list netconf-capability {
        type inet:uri;
        description
          "Specifies a URI value that should be added to the server
NETCONF <hello> message as a NETCONF <capability> URI and
monitoring data in the /netconf-state/capabilities
container.";
      }

      leaf netconf-tls-address {
        type inet:ip-address;
        default "0.0.0.0";
        description
          "Specifies the IP address to listen on for NETCONF
over TLS messages.";
        reference
          "RFC 7589: NETCONF over TLS";

      }

      leaf netconf-tls-certificate {
        type string {
          length "1 .. max";
        }
        default
          "$HOME/.ssl/netconfd-pro.crt";
        description
          "Contains the file path specification
for the file containing the server SSL certificate,
used for the NETCONF over TLS protocol.";
      }

      leaf netconf-tls-key {
        type string {
          length "1 .. max";
        }
        default
          "$HOME/.ssl/netconfd-pro.key";
        description
          "Contains the file path specification
for the file containing the server SSL key,
used for the NETCONF over TLS protocol.";
      }

      leaf netconf-tls-port {
        type inet:port-number;
        default "6513";
        description
          "Specifies the TCP port to listen for NETCONF over TLS
messages.";
        reference
          "RFC 7589: NETCONF over TLS";

      }

      leaf netconf-tls-trust-store {
        type string {
          length "1 .. max";
        }
        default "$HOME/.ssl/trust-store.pem";
        description
          "Contains the file path specification
for the file containing the server SSL trust-store,
or the path specification for the directory to use
for finding trusted certificates. If the default value
is used and the file is not found, then the default
directory location '/etc/ssl/certs' will be used.";
      }

      leaf no-log {
        type empty;
        description
          "Flag indicating that no main log file will be created.
This is usually only relevant if --fileloc-fhs is 'true'.
In this case the default log file will not be created.
The --log-level parameter will be set to 'off'.
This parameter will be ignored if the --log parameter
is set. This parameter has no affect on the audit-log
or syslog logging.";
      }

      leaf no-nvstore {
        type empty;
        description
          "Specifies that the server should not load or save
using the normal APIs during transaction management.
The 'start' choice will be ignored (e.g., --no-startup))
and the server will not attempt to load a startup-cfg.xml
file.  Transactions will not be saved to NV-storage
at all.  Any external NV-storage callbacks will be ignored.

Use this mode if NV-load and NV-storage are handled
internally and not via the startup-cfg.xml file.

This parameter is only enabled if it is present.";
      }

      leaf-list port {
        type inet:port-number;
        max-elements 4;
        description
          "Specifies the TCP ports that the server will accept
connections from.  These ports must also be configured
in the /etc/ssh/sshd_config file for the SSH master
server to accept the connection and invoke the netconf
subsystem.

Up to 4 port numbers can be configured.

If any ports are configured, then only those values
will be accepted by the server.

If no ports are configured, then the server will accept
connections on the netconf-ssh port (tcp/830).";
      }

      leaf-list module {
        type yt:NcModuleSpec;
        description
          "YANG source module name to use.";
      }

      leaf-list deviation {
        type yt:NcModuleSpec;
        description
          "YANG deviation file.

This parameter identifies a YANG module that
should only be checked for deviation statements
for external modules.  These will be collected
and applied to the real module(s) being processed.

Deviations are applied as patches to the target module.
Since they are not identified in the target module at
all (ala imports), they have to be specified
explicitly, so they will be correctly processed.

If this string represents a filespec,
ending with the '.yang' or '.yin' extension,
then only that file location will be checked.

If this string represents a module name, then
the module search path will be checked for
a file with the module name and the '.yang'
or '.yin' extension.

If this string begins with a '~' character,
then a username is expected to follow or
a directory separator character.  If it begins
with a '$' character, then an environment variable
name is expected to follow.

~/some/path ==> <my-home-dir>/some/path

~fred/some/path ==> <fred-home-dir>/some/path

$workdir/some/path ==> <workdir-env-var>/some/path
";
      }

      leaf-list annotation {
        type yt:NcModuleSpec;
        description
          "YANG deviation file representing model annotations.
Processed the same as a deviation parameter except
the module is not advertised to any client sessions.

Only the deviation 'deviate add' operation can be
used to transfer extension statements to another
model.

The annotations will be applied to a data definition
statement, as if they were defined as sub-statements
of the deviation target.

   --annotation=acme-dev1

Example object annotations (contents of acme-dev1)

  deviation /if:interfaces {
    deviate add {
      ncx:sil-delete-chilren-first;
    }
  }

  deviation /if:interfaces/if:interface {
    deviate add {
      ncx:sil-delete-chilren-first;
      acme:my-deviation1 'the deviation parm';
    }
  }
";
      }

      leaf datapath {
        type yt:NcPathList;
        description
          "Internal file search path for config files.
Overrides the YUMA_DATAPATH environment variable.";
      }

      leaf-list restconf-capability {
        type inet:uri;
        description
          "Specifies a URI value that should be added to the server
as monitoring data in the /restconf-state/capabilities
container.";
      }

      leaf restconf-default-encoding {
        type enumeration {
          enum "json" {
            value 0;
            description
              "Use JSON message encoding as the default.";
          }
          enum "xml" {
            value 1;
            description
              "Use XML message encoding as the default.";
          }
        }
        default "json";
        description
          "Specifies the default response encoding to use if the
incoming request does not have an indication of
preferred content type (e.g., no Content-Type header,
no Accept header).
";
      }

      leaf restconf-strict-headers {
        type boolean;
        default "false";
        description
          "If set to 'true' the server will only accept requests
with normative Accept and Content-Type headers entries
specified in the RFC 8040
The Accept header must not be empty; otherwise
'not acceptable' error will be returned.

Normative Accept header:
 application/yang-data+xml,application/yang-data+json;q=0.9

Normative Content-Type header:
 application/yang-data+xml
 application/yang-patch+json

If set to 'false', the server will try to accept
not normative header entries.

Acceptable not normative Accept header:
 application/xml,application/json;q=0.9

Acceptable not normative Content-Type headers:
 application/xml
 application/json
 text/xml

 ";
      }

      leaf running-error {
        type enumeration {
          enum "stop" {
            value 0;
            description
              "Terminate the program if any errors are
encountered in the running configuration.";
          }
          enum "continue" {
            value 1;
            description
              "Continue the program if any errors are
encountered in the running configuration.
Altering the running configuration will fail
until the commit validation tests succeed.";
          }
          enum "fallback" {
            value 2;
            description
              "Fallback to the factory configuration if errors
are encountered in the running configuration at
boot time. The server will restart as if the
--factory-startup configuration parameter was used.";
          }
        }
        default "stop";
        description
          "Controls the server behavior if any errors are
encountered while validating the running database
during the initial load of the running configuration
at boot-time.";
      }

      leaf save-owners {
        type boolean;
        default "false";
        description
          "Indicates if owner names should be saved for data in
the running configuration, and startup configuration
if supported.";
      }

      leaf sil-delete-children-first {
        type boolean;
        default "false";
        description
          "If 'true', the server default behavior will be to
treat all data deletion operations as if the
ncx:sil-delete-children-first extension is present.
A child node will be checked for a SIL callback
before it is deleted.

If 'false' the server default behavior will be to
invoke SIL callbacks for deletion of child nodes
only if the ncx:sil-delete-children-first extension
is present.";
      }

      leaf sil-invoke-for-defaults {
        type boolean;
        default "true";
        description
          "If 'true' then when a SIL or SIL-SA callback
will be invoked for default data nodes during
the load and load_config operations.

If 'false' then a SIL or SIL-SA callback will
not be invoked for default data nodes.";
      }

      leaf sil-missing-error {
        type boolean;
        default "false";
        description
          "If 'true' then when a module is loaded, but the SIL
library code for the module is not found, an error
will be returned instead of a warning printed.

If 'false' then when a module is loaded, but the SIL
library code for the module is not found, no error
will be returned.  Instead, only a warning will
be printed.";
      }

      leaf sil-prio-reverse-for-deletes {
        type boolean;
        default "false";
        description
          "Specifies whether edit transactions are validated by
the regular SIL priority of should be reversed for DELETE edits.
This parameter can be used to delete leafref nodes with
referenced by node in reverse order.


If 'false' then the SIL priority will not be reversed.";
      }

      leaf sil-root-check-first {
        type boolean;
        default "true";
        description
          "If 'true', the server will perform a YANG validation check
before the SIL validate callbacks are invoked for an
edit-config operation. This is always done for a load-config
or commit operation.

If 'false', the server will invoke the SIL validate callbacks
before performing a YANG validation check. Instead the
validation will be done before the SIL apply callback.
This is the only behavior in the 17.10 release train.";
      }

      leaf sil-skip-load {
        type empty;
        description
          "If present, the server will not invoke the SIL callbacks
during initial system initialization when the startup
configuration file is loaded into the running datastore.";
      }

      leaf sil-test-get-when {
        type boolean;
        default "false";
        description
          "If 'true', the server will evaluate 'when' statements
for GET2 callback requests for config=false nodes.
If 'false' then the SIL or SIL-SA callback is expected to test
the 'when' condition internally somehow and return a no-instance
error if the condition is 'false'.

This parameter can be overridden by the ywx:sil-test-get-when
YANG extension. If that extension is found for an
operational data node then its value will be used instead
of this parameter.";
      }

      leaf sil-validate-candidate {
        type boolean;
        default "true";
        description
          "If true, the server will invoke the VALIDATE phase
for SIL and SIL-SA callbacks when each edit is made
to the candidate datastore.

If false, the server will not invoke the VALIDATE phase
for SIL and SIL-SA callbacks when each edit is made
to the candidate datastore.

Transaction performance will be improved if the extra
VALIDATE phase callbacks are skipped. Acceptance of
an individual edit to the candidate does not mean
the SIL or SIL-SA will accept that edit when combined
with all edits (during the commit operation).

In either case the server will invoke the VALIDATE phase
callbacks when an attempt to commit the candidate datastore
is done or when a <validate> operation is done on the
candidate datastore.";
      }

      leaf simple-json-names {
        type boolean;
        default "false";
        description
          "If true, the server will NOT output name of
the module in which the data node is defined.

If false, a namespace-qualified member name will be
used for all members of a top-level JSON object and
then also whenever the namespaces of the
data node and its parent node are different.";
      }

      leaf snmp-agent-role {
        type enumeration {
          enum "master" {
            value 0;
            description
              "A 'master' agent that is available on the standard transport
address and that accepts SNMP protocol messages.";
          }
          enum "subagent" {
            value 1;
            description
              "An agent acting in a subagent role performs the
following functions:
 -  Initiates AgentX sessions with the master agent
 -  Registers MIB regions with the master agent
 -  Instantiates managed objects
 -  Binds OIDs within its registered MIB regions to actual
    variables
 -  Performs management operations on variables";
            reference
              "RFC 2741";

          }
        }
        default "master";
        description
          "Specifies the SNMP agent role.";
      }

      leaf snmp-subagent-priority {
        type uint16 {
          range "1 .. 255";
        }
        default "127";
        description
          "A value between 1 and 255, used to achieve a desired
configuration when different sessions register identical or
overlapping regions. Subagents with no particular knowledge
of priority should register with the default value of 127.

In the master agent's dispatching algorithm, smaller values
of priority take precedence over larger values, as
described in section 7.1.4.1, 'Handling Duplicate and
Overlapping Subtrees'.";
        reference
          "RFC 2741";

      }

      leaf socket-address {
        type inet:ip-address;
        default "0.0.0.0";
        description
          "Specifies the IP address to listen on when the
socket-type parameter is set to 'tcp'. Ignored if the
socket-type is 'aflocal'.

Note that this parameter specifies the IP address for
internal <ncx-connect> protocol messages.  The server
will accept NETCONF sessions over SSH, as specified
in the OpenSSH config file.";
      }

      leaf socket-port {
        type inet:port-number;
        default "2023";
        description
          "Specifies the TCP port number to listen on when the
socket-type parameter is set to 'tcp'. Ignored if the
socket-type is 'aflocal'.

Note that this parameter specifies the port number for
internal <ncx-connect> protocol messages.  The server
will accept NETCONF sessions over SSH, specified with
the 'port' parameter (e.g. 830).";
      }

      leaf socket-type {
        type enumeration {
          enum "aflocal" {
            value 0;
            description
              "An AF_LOCAL socket will be used for incoming sessions.";
          }
          enum "tcp" {
            value 1;
            description
              "An AF_INET socket will be used for incoming sessions.";
          }
        }
        default "aflocal";
        description
          "Specifies which type of socket the server should create for
incoming <ncx-connect> protocol sessions.

Note that this parameter specifies the socket type for
internal <ncx-connect> protocol messages.  The server
will use TCP connections for NETCONF sessions over SSH.";
      }

      choice start {
        description
          "select startup config for boot load";
        leaf no-startup {
          type empty;
          description
            "If present, do not load the startup config file.
Use the factory default settings but do not
overwrite the NV-storage startup unless it
is altered. This option does not delete the startup
config file if it exists.";
        }
        leaf factory-startup {
          type empty;
          description
            "Force the system to use the factory configuration
and delete the startup config file if it exists.
Force the NV-storage startup to
contain the factory default configuration.";
        }
        leaf startup {
          type string;
          description
            "The full or relative filespec of the startup config
file to use.

If present, overrides the default startup config
file name 'startup-cfg.xml',  This will also
override the YUMAPRO_DATAPATH environment variable
and the datapath CLI parameter, if the first
character is the forward slash '/', indicating
an absolute file path.";
        }
      }  // choice start

      leaf startup-error {
        type enumeration {
          enum "stop" {
            value 0;
            description
              "Terminate the program if any errors are
encountered in the startup configuration.";
          }
          enum "continue" {
            value 1;
            description
              "Continue the program if any errors are
encountered in the startup configuration.
The entire module-specific data structure(s)
containing the error node(s) will not be added
to the running configuration at boot-time.";
          }
          enum "fallback" {
            value 2;
            description
              "Fallback to the factory configuration if errors
are encountered in the startup configuration.
The server will restart as if the --factory-startup
configuration parameter was used.";
          }
        }
        default "stop";
        description
          "Controls the server behavior if any errors are
encountered while loading the startup configuration
file into the running configuration at boot-time.
It is possible for the startup configuration
to contain errors within optional nodes.  If this
parameter is set to 'continue', then the validation
tests on the running config (controlled by running-error)
should not fail due to missing optional nodes.";
      }

      leaf startup-factory-file {
        type string;
        default "factory-startup-cfg.xml";
        description
          "The full or relative filespec of the factory startup
config file to use. If the --factory-startup parameter
is used, or no startup file is specified or found,
then the server will look for this filespec. If found,
then it will copied to the startup config file used to
load the server.

If the value represents a relative filespec then the
server will check the server data file search path
for the first matching filespec.

If this parameter is set and the filespec is not found
then the server will exit with an error. If the default
filespec is not found then an empty datastore will be
used to load the running configuration datastore at
 boot-time.";
      }

      leaf startup-prune-ok {
        type boolean;
        default "false";
        description
          "If set to 'true' then the server will prune unknown
data nodes from the startup configuration instead
of treating this as an error.  A log_info message
will be printed.  If other known data nodes depend
on the pruned nodes, then an error may occur anyway.
If so, the 'startup-error' parameter will determine
how this is handled.

If set to 'false' then unknown data nodes found in
the startup configuration will cause an error.

Unknown data nodes can occur if modules were previously
loaded dynamically, or if a YANG feature is configured
from enabled to disabled.";
      }

      leaf startup-skip-validation {
        type boolean;
        default "false";
        description
          "If set to 'true' then the server will skip all
YANG validation of the startup configuration
when it is loaded into the running configuration
at boot-time. This should make the server boot
faster but it assumes the startup configuration
is already valid.  Only the initial startup load
operation is affected by this parameter.

This parameter affects the 'root check' only.
This includes the following datastore validation:

  - must
  - when (see note)
  - leafref path
  - unique
  - min-elements
  - max-elements
  - mandatory

This parameter does not affect 'default' processing
or 'when' statement processing for default nodes.
It does affect 'when' statement processing for
nodes provided in the startup configuration.

It is possible that any invalid configuration will
need to be fixed before any edits can be made to
the <running> datastore.  The full datastore can
be checked using the <validate> operation.

If the startup configuration is completely valid
such that all validation tests would have passed,
then this parameter should be safe to use.
If the startup configuration contains data that
does not pass the affected validation tests,
then it may not be safe to use this parameter.

This is extremely dangerous and can lead to incorrect
processing of datastore editing operations. The
server does not validate the complete datastore
unless the <validate> operation is used. Any
<edit-config> and <commit> operations done on a
datastore that contains invalid YANG data may produce
incorrect results. It is possible that edits will
fail because the server detects invalid nodes from
the startup during processing of the requested edit.

The <restore> operation is not affected by this
parameter.  It is possible to save an invalid
configuration that cannot be restored.  Use the
<validate> operation before using the <backup>
operation to ensure a backup configuration can
be restored later.

If set to 'false' then startup validation is not skipped.";
      }

      leaf subsys-timeout {
        type uint16;
        units "seconds";
        default "30";
        description
          "The number of seconds to wait for a response from a
sub-system before declaring a timeout.  The value '0'
indicates that no timeout should be used.";
      }

      leaf superuser {
        type union {
          type nt:NcxName;
          type string {
            length "0";
          }
        }
        description
          "The user name to use as the superuser account.
Any session associated with this user name
will bypass all access control enforcement.
See yuma-nacm.yang for more details.

To disable the superuser account completely,
set this parameter to the empty string or do
not set it at all. The default mode is to
disable superuser access.";
      }

      leaf system-notifications {
        type bits {
          bit ietf {
            position 0;
            description
              "Use ietf-netconf-notifications module.";
            reference
              "RFC 6470";

          }
          bit yuma {
            position 1;
            description
              "Use yuma-system module. Ignored if with-yuma-system
is set to 'false'";
          }
        }
        default "ietf";
        description
          "Indicates which YANG module(s) should be used for
system notifications.";
      }

      leaf system-sorted {
        type boolean;
        default "false";
        status deprecated;
        description
          "Indicates whether ordered-by system leaf-lists
and lists will be kept in sorted order.

NOTE: This parameter is ignored.  The server does not
sort any list or leaf-list objects because YANG only
requires that ordered-by user instances maintain
the user-provided order.";
      }

      leaf target {
        type enumeration {
          enum "running" {
            value 0;
            description
              "Write to the running config and support
the :writable-running capability.";
          }
          enum "candidate" {
            value 1;
            description
              "Write to the candidate config and support
the :candidate and :confirmed-commit
capabilities.";
          }
        }
        default "candidate";
        description
          "The database to use as the target of edit-config
operations.";
      }

      leaf tls-crl-missing-ok {
        type boolean;
        default "false";
        description
          "If true then a missing CRL Distribution Points
within a client or CA certificate will be ignored.
Not relevant unless tls-crl-mode is set to 'client'
or 'ca'. If false, and CRL verification is enabled
for the certificate, the TLS session will not be
accepted.";
      }

      leaf tls-crl-mode {
        type enumeration {
          enum "off" {
            value 0;
            description
              "Do not use CRL verification when verifying any
certificates.";
          }
          enum "client" {
            value 1;
            description
              "Use CRL verification when verifying client
certificates.";
          }
          enum "ca" {
            value 2;
            description
              "Use CRL verification when verifying client and
CA certificates.";
          }
        }
        default "off";
        description
          "Specifies how Certificate  Revocation List checking
should be done for NETCONF over TLS sessions.
This has no affect unless --with-netconf-tls=true is set.";
      }

      leaf trim-whitespace {
        type boolean;
        default "false";
        description
          "If true, then trim leading and trailing whitespace from
XML string nodes. If false, adhere to the standard and
do not trim any leading or trailing whitespace.

The server previously would trim whitespace but no
longer does this by default. This leaf must be set
to trim this whitespace now.";
      }

      leaf log-event-drops {
        type boolean;
        default "false";
        description
          "Indicates if a log entry would be generated when a
notification is dropped because the specific notification
events are disabled with an event-filter configuration
entry.";
      }

      leaf log-pthread-level {
        type nt:NcDebugType;
        description
          "Sets the pthread debug logging level filter for
the program.";
      }

      leaf session-sync-mutex {
        type empty;
        status deprecated;
        description
          "If present, force synchronous request processing
(pthread version only). Ignored by the server";
      }

      leaf server-id {
        type nt:NcxName;
        default "server1";
        description
          "Server Identifier string to use for this server.
Used in YControl and SIL-SA messages to identifier
the server to all subsystems.  Used in YP-HA to
identify this server in the YP-HSA server pool";
      }

      leaf usexmlorder {
        type empty;
        description
          "If present, then XML element order will be enforced.
Otherwise, XML element order errors will not be
generated if possible. Default is no enforcement of
strict XML order.";
      }

      choice watcher-parm {
        description
          "Automatic server state monitoring support.
ypwatcher program periodically checks if the server
is alive and if not restart the server and write
the event into syslog.";
        leaf no-watcher {
          type empty;
          description
            "Control the ypwatcher program. If present, do not launch
ypwatcher program. If this parameter is present, then
the --watcher-interval parameter cannot be present.";
        }
        leaf watcher-interval {
          type uint32;
          default "10";
          description
            "Specifies the sleep interval between ypwatcher program
attempts to check availability of the server.
Provided value is in seconds.
The server  does not accept the value of 0 for
this parameter. The minimal acceptable value is 1 second.
The default value is 10.";
        }
      }  // choice watcher-parm

      leaf with-maintenance-mode {
        type boolean;
        default "true";
        description
          "If set to 'true', then allow the maintenance mode
to be used. Otherwise, ignore all requests to place
the server in maintenance mode.";
      }

      leaf with-notifications {
        type boolean;
        default "true";
        description
          "If set to 'true', then the :notification:1.0 and
:interleave:1.0 capabilities will be enabled.
Otherwise, these capabilities will not be enabled.";
      }

      leaf with-db-lock {
        type boolean;
        default "false";
        description
          "If set to 'true', then the server will use the
DB-API DB-Config-Lock service for all configuration
edit transactions to the <running> datastore.
All client edits will be require this lock be
granted or it will fail.

The server will use the db-lock-retry-interval
and db-lock-timeout CLI parameters to control
how lock retries will be done.

If set to 'false', the DB-Config-Lock will not be
used by the server.";
      }

      leaf with-callhome {
        type boolean;
        default "false";
        description
          "This feature is only available if the server image
is built with the flags WITH_CALLHOME=1.

If set to 'true', then the IETF Callhome for SSH
feature will be enabled. If set to 'false', then
this feature will be disabled and the following
CLI parameters will be ignored:
  - callhome-retry-max
  - callhome-retry-interval
  - callhome-server
";
      }

      leaf with-canonical {
        type boolean;
        default "true";
        description
          "If set to 'true', then the server will automatically
convert XML and JSON input parameters to the canonical
format for the YANG data type, if possible.

The following built-in YANG data types are affected:
  - ipv6-address
  - ipv6-address-no-zone
  - domain-name
  - phys-address
  - mac-address
  - hex-string
  - uuid

Any canonical callbacks for user-defined data types
are also affected by this parameter.

Internal values can be manually converted to canonical
format using the val_set_canonical API.
";
      }

      leaf with-config-id {
        type boolean;
        default "true";
        description
          "If set to 'true', then the YumaWorks :config-id
capability will be enabled.  This is used to help
cache device configurations.  It is an enterprise
capability URI, not a standard YANG module URI.
If set to 'false', then the YumaWorks :config-id
capability will be disabled.";
      }

      leaf with-gnmi {
        type boolean;
        default "false";
        description
          "If set to 'true', then the gNMI protocol will be
enabled. Otherwise, the gNMI protocol
will not be enabled. The incoming connection will be
dropped if the protocol is disabled.";
      }

      leaf with-modtags {
        type boolean;
        default "true";
        description
          "If set to 'true', then the module tags feature will be
enabled. Otherwise, this feature will be disabled.
If disabled, the module-tagmap parameter will be ignored
and the ietf-module-tags module will not be loaded.";
      }

      leaf with-nmda {
        type boolean;
        default "false";
        description
          "If set to 'true', then NMDA operations and YANG modules
will be enabled:
  - ietf-datastores
  - ietf-origin
  - ietf-netconf-nmda
";
      }

      leaf with-ocpattern {
        type boolean;
        default "false";
        description
          "If true, then OpenConfig patterns with be checked.
If the module name starts with the string 'openconfig-'
then all pattern statements within that module
are treated as POSIX patterns, not YANG patterns.

If false, then the pattern statements in all modules
will be checked as YANG patterns.
";
      }

      leaf with-startup {
        type boolean;
        default "false";
        description
          "If set to 'true', then the :startup capability will be
enabled. Otherwise, the :startup capability
will not be enabled.  This capability
makes the NV-save operation an explicit operation
instead of an automatic save.";
      }

      leaf with-term-msg {
        type boolean;
        default "true";
        description
          "If set to 'true', then the yumaworks-term-msg module
will be loaded and enabled. Otherwise, this module will
not be loaded. The <term-msg> notification is used by
yp-shell for displaying terminal diagnostic messages.";
      }

      leaf with-url {
        type boolean;
        default "true";
        description
          "If set to 'true', then the :url capability will be
enabled and the 'file' scheme will be enabled.
Otherwise, the :url capability will not be enabled.

This capability requires a file system and may introduce
security risks because internal files such as
startup-cfg.xml and backup-cfg.xml could be exposed.";
      }

      leaf with-url-ftp {
        type boolean;
        default "false";
        description
          "If set to 'true', then the 'ftp' protocol scheme will
be enabled for the 'url' capability. Ignored if
the 'with-url' parameter is false.";
      }

      leaf with-url-tftp {
        type boolean;
        default "false";
        description
          "If set to 'true', then the 'tftp' protocol scheme will
be enabled for the 'url' capability. Ignored if
the 'with-url' parameter is false.";
      }

      leaf with-validate {
        type boolean;
        default "true";
        description
          "If set to 'true', then the :validate capability will be
enabled. Otherwise, the :validate capability
will not be enabled.  This capability requires
extensive memory resources.";
      }

      leaf with-netconf {
        type boolean;
        default "true";
        description
          "If set to 'true', then the NETCONF over SSH protocol
will be enabled. Otherwise, the NETCONF over SSH protocol
will not be enabled. An incoming connection will be
dropped if the protocol is disabled.";
      }

      leaf with-netconf-tls {
        type boolean;
        default "false";
        description
          "If set to 'true', then the NETCONF over TLS protocol
will be enabled. Otherwise, the NETCONF over TLS
protocol will not be enabled. An incoming connection
will be dropped if the protocol is disabled.

The default is set to false because the server will
terminate if the server certificates are not found
and this parameter is set to 'true'.";
      }

      leaf with-restconf {
        type boolean;
        default "true";
        description
          "If set to 'true', then the RESTCONF protocol will be
enabled. Otherwise, the RESTCONF protocol
will not be enabled. The incoming connection will be
dropped if the protocol is disabled.";
      }

      leaf with-rollback-on-error {
        type boolean;
        default "true";
        description
          "If set to 'true', then the NETCONF :rollback-on-error
capability and feature will be enabled and advertised.
Otherwise, this feature will not be enabled or
advertised.";
      }

      leaf with-snmp {
        type boolean;
        default "false";
        description
          "If set to 'true', then the SNMP protocol will be
enabled. Otherwise, the SNMP protocol
will not be enabled. Incoming SNMP requests will be
dropped if the protocol is disabled.";
      }

      leaf with-support-save {
        type boolean;
        default "true";
        description
          "If set to 'true', then the yumaworks-support-save module
will be loaded and enabled. Otherwise, this module will
not be loaded. Ignored if the server image is not built
with the WITH_SUPPORT_SAVE=1 compile flag. This module
provides the <get-support-save> operation to collect
bug report information.";
      }

      leaf with-warnings {
        type boolean;
        default "false";
        description
          "If set to 'true', then the agt_record_warning function
will be enabled, allowing the error-severity field
to be incorrectly set to 'warning'.  This violates
the NETCONF standard and client software may reject
the <error-severity> data as invalid if this is used.
If 'false' then error-severity will not be set to warning
even if agt_record_warning is used.";
      }

      leaf with-yang-api {
        type boolean;
        default "false";
        status deprecated;
        description
          "If set to 'true', then the YANG-API protocol will be
enabled. Otherwise, the YANG-API protocol
will not be enabled. The incoming connection will be
dropped if the protocol is disabled.";
      }

      leaf with-yang11-hello {
        type boolean;
        default "false";
        description
          "Control whether the NETCONF hello message should
conform to the standard and leave out YANG 1.1 modules.
If set to 'true', then leave out YANG 1.1 modules
from <capability> used in <hello>. Also keep out of
monitoring <capabilities> list.
If 'false' then ignore the standard and advertise
YANG 1.1 module capabilities";
      }

      leaf with-yang-patch-running {
        type boolean;
        default "false";
        description
          "If set to 'true', the YANG-PATCH will be enabled when
the server supports only the :writable-running capability.
If 'false' then the YANG-PATCH requests will be rejected.";
      }

      leaf with-yp-coap {
        type boolean;
        default "false";
        description
          "If set to 'true', then the YP-CoAP protocol will be
enabled. Otherwise, the YP-CoAP protocol
will not be enabled.  This protocol is NOT SECURE.
It SHOULD NOT be used unless privacy is provided
by some other means.";
      }

      leaf with-yp-coap-dtls {
        type boolean;
        default "false";
        description
          "If set to 'true', then the YP-CoAP over DTLS protocol
will be enabled. Otherwise, the YP-CoAP over DTLS protocol
will not be enabled.  This protocol is secure.
It SHOULD be used instead of YP-CoAP without DTLS.";
      }

      leaf with-yp-shell {
        type boolean;
        default "true";
        description
          "If set to 'true', then the YP-SHELL protocol will be
enabled. Otherwise, the YP-SHELL protocol
will not be enabled. The incoming connection will be
dropped if the protocol is disabled.";
      }

      leaf with-yuma-system {
        type boolean;
        default "false";
        description
          "If set to 'true', then the yuma-system module will be
loaded and enabled. Otherwise, this module will not be
loaded.";
      }

      leaf with-yuma-time-filter {
        type boolean;
        default "true";
        description
          "If set to 'true', then the yuma-time-filter module will be
loaded and enabled. Otherwise, this module will not be
loaded.";
      }

      leaf with-yumaworks-config-change {
        type boolean;
        default "false";
        description
          "If set to 'true', then the yumaworks-config-change module
will be loaded and enabled. Otherwise, this module will
not be loaded. This modules adds data to the
'netconf-config-change' notification.

This data represents a security risk since it is not subject
to the same access control rules within a notification
as within a datastore.  NACM does not provide access control
for the contents of a notification, only for the notification
event type.   Use this module with caution!  Only allow a
superuser administrator access to the 'netconf-config-change'
notification if this module is used.";
      }

      leaf with-yumaworks-event-filter {
        type boolean;
        default "true";
        description
          "If set to 'true', then the yumaworks-event-filter module
will be loaded and enabled. Otherwise, this module will
not be loaded.";
      }

      leaf with-yumaworks-getbulk {
        type boolean;
        default "true";
        description
          "If set to 'true', then the yumaworks-getbulk module will
be loaded and enabled. Otherwise, this module will not be
loaded. If disabled the <get-bulk> operation will not
be available.";
      }

      leaf with-yumaworks-ids {
        type boolean;
        default "true";
        description
          "If set to 'true', then the yumaworks-ids module will
be loaded and enabled. Otherwise, this module will not be
loaded. If not enabled then the extra transport types
for netconfd-pro specific transports and control sessions
will not be available.";
      }

      leaf with-yumaworks-system {
        type boolean;
        default "true";
        description
          "If set to 'true', then the yumaworks-system module will be
loaded and enabled. Otherwise, this module will not be
loaded. The <load>, <unload>, <load-bundle>, and
<unload-bundle> operations will not be available.
Other operations and data model augments will not be
available.";
      }

      leaf with-yumaworks-templates {
        type boolean;
        default "true";
        description
          "If set to 'true', then the yumaworks-templates module will
be loaded and enabled. Otherwise, this module will not be
loaded. Ignored unless the server is built with the
WITH_TEMPLATES=1 compiler flag.";
      }

      leaf yangapi-server-url {
        type inet:uri;
        default "http://localhost";
        description
          "The starting string for the server URL to use
in Location header lines returned by YANG-API.";
      }

      leaf yp-coap-address {
        type inet:ip-address;
        default "0.0.0.0";
        description
          "The IP address that the YP-CoAP protocol will use to listen
for incoming requests. This will also be used as the source
address in YP-CoAP packets sent by the server.";
      }

      leaf yp-coap-port {
        type inet:port-number;
        default "5683";
        description
          "The UDP port number that the YP-CoAP protocol will use
to listen for incoming requests. This will also be used
as the source port number in YP-CoAP packets sent by the
server.";
      }

      leaf yp-coap-dtls-port {
        type inet:port-number;
        default "5684";
        description
          "The UDP port number that the YP-CoAP protocol will use
to listen for incoming requests for CoAP over DTLS.
This will also be used as the source port number in
YP-CoAP packets sent by the server.";
      }

      leaf restconf-server-url {
        type inet:uri;
        default "http://localhost";
        description
          "The starting string for the server URL to use
in Location header lines returned by RESTCONF.";
      }
    }  // container server
  }  // module yumaworks-server