module netconfd {
yang-version 1;
namespace
"http://netconfcentral.org/ns/netconfd";
prefix nd;
import yuma-ncx {
prefix ncx;
}
import yuma-types {
prefix nt;
}
import yuma-app-common {
prefix ncxapp;
}
import ietf-inet-types {
prefix inet;
}
organization "Netconf Central";
contact
"Andy Bierman <support@netconfcentral.org>.";
description
"Configuration Parameters for netconfd;
This module is not advertised by the server.
It contains only CLI parameters.";
revision "2011-12-15" {
description
"Add --running-error parameter.";
}
revision "2011-10-08" {
description "Add --home parameter.";
}
revision "2011-08-27" {
description
"Add --runpath parameter.
Add --factory-startup parameter.";
}
revision "2011-07-20" {
description
"Add --audit-log and --audit-log-append CLI parameters.
Add --system-sorted CLI parameter.
Make with-defaults enum local to prevent report-all-tagged
from being accepted as a basic mode.";
}
revision "2011-05-29" {
description
"Removed superuser YANG default to disable by default,
to make sure an admin has to explicitly enable
this feature.";
}
revision "2011-04-24" {
description
"Added --protocols parameter via uses ProtocolsParm.
Not available in yuma v1 branch.";
}
revision "2011-04-02" {
description
"Added --delete-np-containers parameter.";
}
revision "2010-05-13" {
description
"Added --with-url to enable :url capability.";
}
revision "2010-01-14" {
description
"Initial version for 0.9.9 release.";
}
grouping StartupChoice {
choice start {
description
"select startup config for boot load";
leaf no-startup {
type empty;
description
"If present, do not load the startup config file.
Use the factory default settings but do not
overwrite the NV-storage startup unless it
is altered. This option does not delete the startup
config file if it exists.";
}
leaf factory-startup {
type empty;
description
"Force the system to use the factory configuration
and delete the startup config file if it exists.
Force the NV-storage startup to
contain the factory default configuration.";
}
leaf startup {
type string;
description
"The full or relative filespec of the startup config
file to use.
If present, overrides the default startup config
file name 'startup-cfg.xml', This will also
override the YUMA_DATAPATH environment variable
and the datapath CLI parameter, if the first
character is the forward slash '/', indicating
an absolute file path.";
}
} // choice start
} // grouping StartupChoice
container netconfd {
ncx:cli;
description
"Server CLI for the NETCONF protocol.
Usage:
netconfd [parameters]";
leaf access-control {
type enumeration {
enum "enforcing" {
value 0;
description
"All configured access control rules will be
enforced.";
}
enum "permissive" {
value 1;
description
"All configured access control rules will be
enforced for write and execute requests.
All read requests will be allowed, unless
the requested object contains the
'nacm:very-secure' extension. In that case,
all configured access control rules will
be enforced.";
}
enum "disabled" {
value 2;
description
"All read, write, and execute requests will be
allowed, unless the object contains the
'nacm:secure' or 'nacm:very-secure' extension.
If the 'nacm:secure' extension is in effect,
then all configured access control rules
will be enforced for write and execute requests.
If the 'nacm:very-secure' extension is in effect,
then all configured access control rules
will be enforced for all requests.
Use this mode with caution.";
}
enum "off" {
value 3;
description
"All access control enforcement is disabled.
Use this mode with extreme caution.";
}
}
default 'enforcing';
description
"Controls how access control is initially enforced by the
server.";
}
leaf audit-log {
type string;
description
"Filespec for the server audit log file to use in addition
to the normal log file or STDOUT.";
}
leaf audit-log-append {
type empty;
description
"If present, the audit log will be appended not over-written.
If not, the audit log will be over-written.
Only meaningful if the 'audit-log' parameter is
also present.";
}
leaf default-style {
type enumeration {
enum "report-all" {
value 0;
}
enum "trim" {
value 1;
}
enum "explicit" {
value 2;
}
}
default 'explicit';
description
"Selects the type of filtering behavior the server will
advertise as the 'basic' behavior in the 'with-defaults'
capability. The server will use this default handling
behavior if the 'with-defaults' parameter is not
explicitly set.
Also, when saving a configuration to NV-storage,
this value will be used for filtering defaults
from the saved configuration.
See wd:with-defaults leaf for enumeration details.";
}
leaf delete-empty-npcontainers {
type boolean;
default 'false';
description
"An empty non-presence container has no meaning
in NETCONF/YANG so it may be deleted by the server.
This takes non-trivial processing time for large
databases, but uses less memory.
Disabling this parameter will result in a larger
database in both memory and NV-save.";
}
leaf eventlog-size {
type uint32;
default '1000';
description
"Specifies the maximum number of notification events
that will be saved in the notification replay buffer.
The oldest entries will be deleted first.";
}
leaf hello-timeout {
type uint32 {
range "0 | 10 .. 3600";
}
units "seconds";
default '600';
description
"Specifies the number of seconds that a session
may exist before the hello PDU is received.
A session will be dropped if no hello PDU
is received before this number of seconds elapses.
If this parameter is set to zero, then the server
will wait forever for a hello message, and not
drop any sessions stuck in 'hello-wait' state.
Setting this parameter to zero may permit
denial of service attacks, since only a limited
number of concurrent sessions are supported
by the server.";
}
leaf idle-timeout {
type uint32 {
range "0 | 10 .. 360000";
}
units "seconds";
default '3600';
description
"Specifies the number of seconds that a session
may remain idle without issuing any RPC requests.
A session will be dropped if it is idle for an
interval longer than this number of seconds.
Sessions that have a notification subscription
active are never dropped.
If this parameter is set to zero, then the server
will never drop a session because it is idle.";
}
leaf max-burst {
type uint32;
default '10';
description
"Specifies the maximum number of notifications
that should be sent to one session, within a
one second time interval. The value 0 indicates
that the server should not limit notification
bursts at all.";
}
leaf-list port {
type inet:port-number;
max-elements 4;
description
"Specifies the TCP ports that the server will accept
connections from. These ports must also be configured
in the /etc/ssh/sshd_config file for the SSH master
server to accept the connection and invoke the netconf
subsystem.
Up to 4 port numbers can be configured.
If any ports are configured, then only those values
will be accepted by the server.
If no ports are configured, then the server will accept
connections on the netconf-ssh port (tcp/830).";
}
leaf running-error {
type enumeration {
enum "stop" {
value 0;
description
"Terminate the program if any errors are
encountered in the running configuration.";
}
enum "continue" {
value 1;
description
"Continue the program if any errors are
encountered in the running configuration.
Altering the running configuration will fail
until the commit validation tests succeed.";
}
}
default 'stop';
description
"Controls the server behavior if any errors are
encountered while validating the running database
during the initial load of the running configuration
at boot-time.";
}
leaf startup-error {
type enumeration {
enum "stop" {
value 0;
description
"Terminate the program if any errors are
encountered in the startup configuration.";
}
enum "continue" {
value 1;
description
"Continue the program if any errors are
encountered in the startup configuration.
The entire module-specific data structure(s)
containing the error node(s) will not be added
to the running configuration at boot-time.";
}
}
default 'continue';
description
"Controls the server behavior if any errors are
encountered while loading the startup configuration
file into the running configuration at boot-time.
It is possible for the startup configuration
to contain errors within optional nodes. If this
parameter is set to 'continue', then the validation
tests on the running config (controlled by running-error)
should not fail due to missing optional nodes.";
}
leaf superuser {
type union {
type nt:NcxName;
type string {
length "0";
}
}
description
"The user name to use as the superuser account.
Any session associated with this user name
will bypass all access control enforcement.
See yuma-nacm.yang for more details.
To disable the superuser account completely,
set this parameter to the empty string or do
not set it at all. The default mode is to
disable superuser access.";
}
leaf system-sorted {
type boolean;
default 'true';
description
"Indicates whether ordered-by system leaf-lists
and lists will be kept in sorted order.";
}
leaf target {
type enumeration {
enum "running" {
value 0;
description
"Write to the running config and support
the :writable-running capability.";
}
enum "candidate" {
value 1;
description
"Write to the candidate config and support
the :candidate and :confirmed-commit
capabilities.";
}
}
default 'candidate';
description
"The database to use as the target of edit-config
operations.";
}
leaf usexmlorder {
type empty;
description
"If present, then XML element order will be enforced.
Otherwise, XML element order errors will not be
generated if possible. Default is no enforcement of
strict XML order.";
}
leaf with-startup {
type boolean;
default 'false';
description
"If set to 'true', then the :startup capability will be
enabled. Otherwise, the :startup capability
will not be enabled. This capability
makes the NV-save operation an explicit operation
instead of an automatic save.";
}
leaf with-url {
type boolean;
default 'true';
description
"If set to 'true', then the :url capability will be
enabled. Otherwise, the :url capability
will not be enabled. This capability requires a
file system and may introduce security risks
because internal files such as startup-cfg.xml
and backup-cfg.xml will be exposed.";
}
leaf with-validate {
type boolean;
default 'true';
description
"If set to 'true', then the :validate capability will be
enabled. Otherwise, the :validate capability
will not be enabled. This capability requires
extensive memory resources.";
}
uses ncxapp:NcxAppCommon;
uses ncxapp:CommonFeatureParms;
uses ncxapp:HomeParm;
uses ncxapp:SubdirsParm;
uses ncxapp:ProtocolsParm;
uses ncxapp:RunpathParm;
uses ncxapp:ModuleParm;
uses ncxapp:DeviationParm;
uses ncxapp:DatapathParm;
uses StartupChoice;
} // container netconfd
} // module netconfd
