857 lines
20 KiB
YANG
857 lines
20 KiB
YANG
module openconfig-system {
|
|
|
|
yang-version "1";
|
|
|
|
// namespace
|
|
namespace "http://openconfig.net/yang/system";
|
|
|
|
prefix "oc-sys";
|
|
|
|
// import some basic types
|
|
import ietf-inet-types { prefix inet; }
|
|
import ietf-yang-types { prefix yang; }
|
|
import openconfig-types { prefix oc-types; }
|
|
import openconfig-extensions { prefix oc-ext; }
|
|
import openconfig-aaa { prefix oc-aaa; }
|
|
import openconfig-system-logging { prefix oc-log; }
|
|
import openconfig-system-terminal { prefix oc-sys-term; }
|
|
import openconfig-procmon { prefix oc-proc; }
|
|
|
|
|
|
|
|
// meta
|
|
organization "OpenConfig working group";
|
|
|
|
contact
|
|
"OpenConfig working group
|
|
netopenconfig@googlegroups.com";
|
|
|
|
description
|
|
"Model for managing system-wide services and functions on
|
|
network devices.
|
|
|
|
This model leverages parts of the IETF system management model
|
|
described in RFC 7317 - A YANG Data Model for System
|
|
Management.";
|
|
|
|
oc-ext:openconfig-version "0.1.0";
|
|
|
|
revision "2017-01-29" {
|
|
description
|
|
"Initial public release";
|
|
reference "0.1.0";
|
|
}
|
|
|
|
// extension statements
|
|
|
|
// feature statements
|
|
|
|
// identity statements
|
|
|
|
identity NTP_AUTH_TYPE {
|
|
description
|
|
"Base identity for encryption schemes supported for NTP
|
|
authentication keys";
|
|
}
|
|
|
|
identity NTP_AUTH_MD5 {
|
|
base NTP_AUTH_TYPE;
|
|
description
|
|
"MD5 encryption method";
|
|
}
|
|
|
|
// typedef statements
|
|
|
|
typedef timezone-name-type {
|
|
type string;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
A time zone name as used by the Time Zone Database,
|
|
sometimes referred to as the 'Olson Database'.
|
|
|
|
The exact set of valid values is an implementation-specific
|
|
matter. Client discovery of the exact set of time zone names
|
|
for a particular server is out of scope.";
|
|
reference
|
|
"BCP 175: Procedures for Maintaining the Time Zone Database";
|
|
}
|
|
|
|
// grouping statements
|
|
|
|
grouping system-clock-config {
|
|
description
|
|
"Configuration data for system-wide clock configuration";
|
|
|
|
leaf timezone-name {
|
|
type timezone-name-type;
|
|
description
|
|
"The TZ database name to use for the system, such
|
|
as 'Europe/Stockholm'.";
|
|
reference "IANA Time Zone Database
|
|
http://www.iana.org/time-zones";
|
|
}
|
|
}
|
|
|
|
grouping system-clock-state {
|
|
description
|
|
"Operational state data for system-wide clock configuration";
|
|
}
|
|
|
|
grouping system-clock-top {
|
|
description
|
|
"Top-level grouping for system-wide clock configuration";
|
|
|
|
container clock {
|
|
description
|
|
"Top-level container for clock configuration data";
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for system clock";
|
|
|
|
uses system-clock-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for system clock";
|
|
|
|
uses system-clock-config;
|
|
uses system-clock-state;
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping system-global-config {
|
|
description "system-wide configuration parameters";
|
|
|
|
leaf hostname {
|
|
type inet:domain-name;
|
|
description
|
|
"The hostname of the device -- should be a single domain
|
|
label, without the domain.";
|
|
}
|
|
|
|
leaf domain-name {
|
|
type inet:domain-name;
|
|
description
|
|
"Specifies the domain name used to form fully qualified name
|
|
for unqualified hostnames.";
|
|
}
|
|
|
|
leaf login-banner {
|
|
type string;
|
|
description
|
|
"The console login message displayed before the login prompt,
|
|
i.e., before a user logs into the system.";
|
|
}
|
|
|
|
leaf motd-banner {
|
|
type string;
|
|
description
|
|
"The console message displayed after a user logs into the
|
|
system. They system may append additional standard
|
|
information such as the current system date and time, uptime,
|
|
last login timestamp, etc.";
|
|
}
|
|
}
|
|
|
|
grouping system-global-state {
|
|
description
|
|
"Global operational state data for the system";
|
|
|
|
leaf current-datetime {
|
|
type yang:date-and-time;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
The current system date and time.";
|
|
}
|
|
|
|
leaf boot-time {
|
|
type oc-types:timeticks64;
|
|
description
|
|
"This timestamp indicates the time that the system was last
|
|
restarted. The value is the timestamp in seconds relative
|
|
to the Unix Epoch (Jan 1, 1970 00:00:00 UTC).";
|
|
}
|
|
|
|
}
|
|
|
|
grouping system-dns-config {
|
|
description "DNS / resolver related configuration data";
|
|
|
|
leaf-list search {
|
|
type inet:domain-name;
|
|
ordered-by user;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
An ordered list of domains to search when resolving
|
|
a host name.";
|
|
}
|
|
}
|
|
|
|
grouping system-dns-state {
|
|
description
|
|
"Operational state data for system DNS resolver";
|
|
|
|
}
|
|
|
|
grouping system-dns-servers-config {
|
|
description
|
|
"Configuration data for DNS resolvers";
|
|
|
|
//RFC 7317 includes a single-value choice statement to for
|
|
//TCP and UDP transport. This has been removed since it the
|
|
//transport protocol is not generally available as an options
|
|
//on target devices. It may be added back if and when needed.
|
|
|
|
leaf address {
|
|
type inet:ip-address;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
The address of the DNS server, can be either IPv4
|
|
or IPv6.";
|
|
}
|
|
|
|
leaf port {
|
|
type inet:port-number;
|
|
default 53;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
The port number of the DNS server.";
|
|
}
|
|
|
|
//RFC 7317 includes resolver timeout and attempts options. These
|
|
//have been omitted as they are not available on many targets. If
|
|
//and when they are required, they may be added back in.
|
|
}
|
|
|
|
grouping system-dns-static-config {
|
|
description
|
|
"Configuration data for static host entries";
|
|
|
|
leaf hostname {
|
|
type string;
|
|
description
|
|
"Hostname for the static DNS entry";
|
|
}
|
|
|
|
leaf-list alias {
|
|
type string;
|
|
description
|
|
"Additional aliases for the hostname";
|
|
}
|
|
|
|
leaf-list ipv4-address {
|
|
type inet:ipv4-address;
|
|
description
|
|
"List of IPv4 addressses for the host entry";
|
|
}
|
|
|
|
leaf-list ipv6-address {
|
|
type inet:ipv6-address;
|
|
description
|
|
"List of IPv6 addresses for the host entry";
|
|
}
|
|
}
|
|
|
|
grouping system-dns-static-state {
|
|
description
|
|
"Operational state data for static host entries";
|
|
}
|
|
|
|
grouping system-dns-static-top {
|
|
description
|
|
"Top-level grouping for static DNS host entries";
|
|
|
|
container host-entries {
|
|
description
|
|
"Enclosing container for list of static host entries";
|
|
|
|
list host-entry {
|
|
key "hostname";
|
|
description
|
|
"List of static host entries";
|
|
|
|
leaf hostname {
|
|
type leafref {
|
|
path "../config/hostname";
|
|
}
|
|
description
|
|
"Reference to the hostname list key";
|
|
}
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for static host entries";
|
|
|
|
uses system-dns-static-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for static host entries";
|
|
|
|
uses system-dns-static-config;
|
|
uses system-dns-static-state;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping system-dns-servers-state {
|
|
description
|
|
"Operational state data for DNS resolvers";
|
|
|
|
}
|
|
|
|
grouping system-dns-servers-top {
|
|
description
|
|
"Top-level grouping for the list of DNS resolvers.";
|
|
|
|
container servers {
|
|
description
|
|
"Enclosing container for DNS resolver list";
|
|
|
|
list server {
|
|
key "address";
|
|
ordered-by user;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
List of the DNS servers that the resolver should query.
|
|
|
|
When the resolver is invoked by a calling application, it
|
|
sends the query to the first name server in this list. If
|
|
no response has been received within 'timeout' seconds,
|
|
the resolver continues with the next server in the list.
|
|
If no response is received from any server, the resolver
|
|
continues with the first server again. When the resolver
|
|
has traversed the list 'attempts' times without receiving
|
|
any response, it gives up and returns an error to the
|
|
calling application.
|
|
|
|
Implementations MAY limit the number of entries in this
|
|
list.";
|
|
|
|
leaf address {
|
|
type leafref {
|
|
path "../config/address";
|
|
}
|
|
description
|
|
"References the configured address of the DNS server";
|
|
}
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for each DNS resolver";
|
|
|
|
uses system-dns-servers-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for each DNS resolver";
|
|
|
|
uses system-dns-servers-config;
|
|
uses system-dns-servers-state;
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping system-dns-top {
|
|
description
|
|
"Top-level grouping for DNS / resolver config and operational
|
|
state data";
|
|
|
|
container dns {
|
|
description
|
|
"Enclosing container for DNS resolver data";
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for the DNS resolver";
|
|
|
|
uses system-dns-config;
|
|
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for the DNS resolver";
|
|
|
|
uses system-dns-config;
|
|
uses system-dns-state;
|
|
|
|
}
|
|
|
|
uses system-dns-servers-top;
|
|
uses system-dns-static-top;
|
|
}
|
|
}
|
|
|
|
grouping system-ntp-server-config {
|
|
description
|
|
"Configuration data for NTP servers";
|
|
|
|
leaf address {
|
|
type inet:host;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
The address or hostname of the NTP server.";
|
|
}
|
|
|
|
leaf port {
|
|
type inet:port-number;
|
|
default 123;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
The port number of the NTP server.";
|
|
}
|
|
|
|
leaf version {
|
|
type uint8 {
|
|
range 1..4;
|
|
}
|
|
default 4;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
Version number to put in outgoing NTP packets";
|
|
}
|
|
|
|
leaf association-type {
|
|
type enumeration {
|
|
enum SERVER {
|
|
description
|
|
"Use client association mode. This device
|
|
will not provide synchronization to the
|
|
configured NTP server.";
|
|
}
|
|
enum PEER {
|
|
description
|
|
"Use symmetric active association mode.
|
|
This device may provide synchronization
|
|
to the configured NTP server.";
|
|
}
|
|
enum POOL {
|
|
description
|
|
"Use client association mode with one or
|
|
more of the NTP servers found by DNS
|
|
resolution of the domain name given by
|
|
the 'address' leaf. This device will not
|
|
provide synchronization to the servers.";
|
|
}
|
|
}
|
|
default SERVER;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
The desired association type for this NTP server.";
|
|
}
|
|
leaf iburst {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
Indicates whether this server should enable burst
|
|
synchronization or not.";
|
|
}
|
|
leaf prefer {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
Indicates whether this server should be preferred
|
|
or not.";
|
|
}
|
|
}
|
|
|
|
grouping system-ntp-server-state {
|
|
description
|
|
"Operational state data for NTP servers";
|
|
|
|
leaf stratum {
|
|
type uint8;
|
|
description
|
|
"Indicates the level of the server in the NTP hierarchy. As
|
|
stratum number increases, the accuracy is degraded. Primary
|
|
servers are stratum while a maximum value of 16 indicates
|
|
unsynchronized. The values have the following specific
|
|
semantics:
|
|
|
|
| 0 | unspecified or invalid
|
|
| 1 | primary server (e.g., equipped with a GPS receiver)
|
|
| 2-15 | secondary server (via NTP)
|
|
| 16 | unsynchronized
|
|
| 17-255 | reserved";
|
|
reference
|
|
"RFC 5905 - Network Time Protocol Version 4: Protocol and
|
|
Algorithms Specification";
|
|
}
|
|
|
|
leaf root-delay {
|
|
type uint32;
|
|
// TODO: reconsider units for these values -- the spec defines
|
|
// rootdelay and rootdisperson as 2 16-bit integers for seconds
|
|
// and fractional seconds, respectively. This gives a
|
|
// precision of ~15 us (2^-16). Using milliseconds here based
|
|
// on what implementations typically provide and likely lack
|
|
// of utility for less than millisecond precision with NTP
|
|
// time sync.
|
|
units "milliseconds";
|
|
description
|
|
"The round-trip delay to the server, in milliseconds.";
|
|
reference
|
|
"RFC 5905 - Network Time Protocol Version 4: Protocol and
|
|
Algorithms Specification";
|
|
}
|
|
|
|
leaf root-dispersion {
|
|
type uint64;
|
|
units "milliseconds";
|
|
description
|
|
"Dispersion (epsilon) represents the maximum error inherent
|
|
in the measurement";
|
|
reference
|
|
"RFC 5905 - Network Time Protocol Version 4: Protocol and
|
|
Algorithms Specification";
|
|
}
|
|
|
|
leaf offset {
|
|
type uint64;
|
|
units "milliseconds";
|
|
description
|
|
"Estimate of the current time offset from the peer. This is
|
|
the time difference between the local and reference clock.";
|
|
}
|
|
|
|
leaf poll-interval {
|
|
type uint32;
|
|
units "seconds";
|
|
description
|
|
"Polling interval of the peer";
|
|
}
|
|
}
|
|
|
|
grouping system-ntp-server-top {
|
|
description
|
|
"Top-level grouping for the list of NTP servers";
|
|
|
|
container servers {
|
|
description
|
|
"Enclosing container for the list of NTP servers";
|
|
|
|
list server {
|
|
key "address";
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
List of NTP servers to use for system clock
|
|
synchronization. If '/system/ntp/enabled'
|
|
is 'true', then the system will attempt to
|
|
contact and utilize the specified NTP servers.";
|
|
|
|
leaf address {
|
|
type leafref {
|
|
path "../config/address";
|
|
}
|
|
description
|
|
"References the configured address or hostname of the
|
|
NTP server.";
|
|
}
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for an NTP server.";
|
|
|
|
uses system-ntp-server-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for an NTP server.";
|
|
|
|
uses system-ntp-server-config;
|
|
uses system-ntp-server-state;
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping system-ntp-auth-keys-config {
|
|
description
|
|
"Configuration data ";
|
|
|
|
leaf key-id {
|
|
type uint16;
|
|
description
|
|
"Integer identifier used by the client and server to
|
|
designate a secret key. The client and server must use
|
|
the same key id.";
|
|
}
|
|
|
|
leaf key-type {
|
|
type identityref {
|
|
base NTP_AUTH_TYPE;
|
|
}
|
|
description
|
|
"Encryption type used for the NTP authentication key";
|
|
}
|
|
|
|
leaf key-value {
|
|
type string;
|
|
description
|
|
"NTP authentication key value";
|
|
}
|
|
}
|
|
|
|
grouping system-ntp-auth-keys-state {
|
|
description
|
|
"Operational state data for NTP auth key data";
|
|
}
|
|
|
|
grouping system-ntp-auth-keys-top {
|
|
description
|
|
"Top-level grouping for NTP auth key data";
|
|
|
|
container ntp-keys {
|
|
description
|
|
"Enclosing container for list of NTP authentication keys";
|
|
|
|
list ntp-key {
|
|
key "key-id";
|
|
description
|
|
"List of NTP authentication keys";
|
|
|
|
leaf key-id {
|
|
type leafref {
|
|
path "../config/key-id";
|
|
}
|
|
description
|
|
"Reference to auth key-id list key";
|
|
}
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for NTP auth keys";
|
|
|
|
uses system-ntp-auth-keys-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for NTP auth keys";
|
|
|
|
uses system-ntp-auth-keys-config;
|
|
uses system-ntp-auth-keys-state;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
grouping system-ntp-config {
|
|
description
|
|
"Configuration data for system-wide NTP operation.";
|
|
|
|
leaf enabled {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
Enables the NTP protocol and indicates that the system should
|
|
attempt to synchronize the system clock with an NTP server
|
|
from the servers defined in the 'ntp/server' list.";
|
|
}
|
|
|
|
leaf ntp-source-address {
|
|
type inet:ip-address;
|
|
description
|
|
"[adapted from IETF system model RFC 7317]
|
|
|
|
Source address to use on outgoing NTP packets";
|
|
}
|
|
|
|
leaf enable-ntp-auth {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"Enable or disable NTP authentication -- when enabled, the
|
|
system will only use packets containing a trusted
|
|
authentication key to synchronize the time.";
|
|
}
|
|
}
|
|
|
|
grouping system-ntp-state {
|
|
description
|
|
"Operational state data for system-wide NTP operation.";
|
|
|
|
leaf auth-mismatch {
|
|
type yang:counter64;
|
|
description
|
|
"Count of the number of NTP packets received that were not
|
|
processed due to authentication mismatch.";
|
|
}
|
|
}
|
|
|
|
grouping system-ntp-top {
|
|
description
|
|
"Top-level grouping for configuration and state data for NTP";
|
|
|
|
container ntp {
|
|
description
|
|
"Top-level container for NTP configuration and state";
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for NTP client.";
|
|
|
|
uses system-ntp-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for NTP services.";
|
|
|
|
uses system-ntp-config;
|
|
uses system-ntp-state;
|
|
}
|
|
uses system-ntp-auth-keys-top;
|
|
uses system-ntp-server-top;
|
|
}
|
|
}
|
|
|
|
grouping system-memory-config {
|
|
description
|
|
"Configuration data for system memory";
|
|
}
|
|
|
|
grouping system-memory-state {
|
|
description
|
|
"Operational state data for system memory";
|
|
|
|
leaf physical {
|
|
type uint64;
|
|
units bytes;
|
|
// TODO: consider making units in megabytes
|
|
description
|
|
"Reports the total physical memory available on the
|
|
system.";
|
|
}
|
|
|
|
leaf reserved {
|
|
type uint64;
|
|
units bytes;
|
|
description
|
|
"Memory reserved for system use";
|
|
}
|
|
}
|
|
|
|
grouping system-memory-top {
|
|
description
|
|
"Top-level grouping for system memory data definitions";
|
|
|
|
container memory {
|
|
description
|
|
"Top-level container for system memory data";
|
|
|
|
container config {
|
|
description
|
|
"Configuration data for system memory";
|
|
|
|
uses system-memory-config;
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description
|
|
"Operational state data for system memory";
|
|
|
|
uses system-memory-config;
|
|
uses system-memory-state;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
grouping system-top {
|
|
description
|
|
"Top level system data containers";
|
|
|
|
container system {
|
|
description
|
|
"Enclosing container for system-related configuration and
|
|
operational state data";
|
|
|
|
container config {
|
|
description "Global configuration data for the system";
|
|
|
|
uses system-global-config;
|
|
|
|
}
|
|
|
|
container state {
|
|
|
|
config false;
|
|
|
|
description "Global operational state data for the system";
|
|
|
|
uses system-global-config;
|
|
uses system-global-state;
|
|
|
|
}
|
|
|
|
uses system-clock-top;
|
|
uses system-dns-top;
|
|
uses system-ntp-top;
|
|
uses oc-sys-term:system-ssh-server-top;
|
|
uses oc-sys-term:system-telnet-server-top;
|
|
uses oc-log:logging-top;
|
|
uses oc-aaa:aaa-top;
|
|
uses system-memory-top;
|
|
uses oc-proc:procmon-processes-top;
|
|
}
|
|
}
|
|
|
|
// data definition statements
|
|
|
|
uses system-top;
|
|
|
|
}
|