module netconfd {
yang-version 1;
namespace "http://netconfcentral.org/ns/netconfd";
prefix "nd";
import yuma-ncx {
prefix "ncx";
}
import yuma-types {
prefix "nt";
}
import yuma-app-common {
prefix "ncxapp";
}
import ietf-inet-types {
prefix "inet";
}
import ietf-netconf-with-defaults {
prefix "wd";
}
organization "Netconf Central";
contact
"Andy Bierman <support@netconfcentral.org>.";
description
"Configuration Parameters for netconfd;
This module is not advertised by the server.
It contains only CLI parameters.";
revision "2010-05-13" {
description
"Added --with-url to enable :url capability.";
}
revision "2010-01-14" {
description "Initial version for 0.9.9 release.";
}
grouping StartupChoice {
choice start {
description "select startup config for boot load";
leaf no-startup {
type empty;
description
"If present, do not load the startup config file.";
}
leaf startup {
type string;
description
"The full or relative filespec of the startup config
file to use.
If present, overrides the default startup config
file name 'startup-cfg.xml', This will also
override the YUMA_DATAPATH environment variable
and the datapath CLI parameter, if the first
character is the forward slash '/', indicating
an absolute file path.";
}
} // choice start
} // grouping StartupChoice
container netconfd {
description
"Server CLI for the NETCONF protocol.
Usage:
netconfd [parameters]";
leaf access-control {
type enumeration {
enum "enforcing" {
value 0;
description
"All configured access control rules will be
enforced.";
}
enum "permissive" {
value 1;
description
"All configured access control rules will be
enforced for write and execute requests.
All read requests will be allowed, unless
the requested object contains the
'nacm:very-secure' extension. In that case,
all configured access control rules will
be enforced.";
}
enum "disabled" {
value 2;
description
"All read, write, and execute requests will be
allowed, unless the object contains the
'nacm:secure' or 'nacm:very-secure' extension.
If the 'nacm:secure' extension is in effect,
then all configured access control rules
will be enforced for write and execute requests.
If the 'nacm:very-secure' extension is in effect,
then all configured access control rules
will be enforced for all requests.
Use this mode with caution.";
}
enum "off" {
value 3;
description
"All access control enforcement is disabled.
Use this mode with extreme caution.";
}
}
default "enforcing";
description
"Controls how access control is enforced by the server.";
}
leaf default-style {
type wd:with-defaults-mode;
default "explicit";
description
"Selects the type of filtering behavior the server will
advertise as the 'basic' behavior in the 'with-defaults'
capability. The server will use this default handling
behavior if the 'with-defaults' parameter is not
explicitly set.
Also, when saving a configuration to NV-storage,
this value will be used for filtering defaults
from the saved configuration.";
}
leaf eventlog-size {
type uint32;
default "1000";
description
"Specifies the maximum number of notification events
that will be saved in the notification replay buffer.
The oldest entries will be deleted first.";
}
leaf hello-timeout {
type uint32 {
range "0 | 10 .. 3600";
}
units "seconds";
default "600";
description
"Specifies the number of seconds that a session
may exist before the hello PDU is received.
A session will be dropped if no hello PDU
is received before this number of seconds elapses.
If this parameter is set to zero, then the server
will wait forever for a hello message, and not
drop any sessions stuck in 'hello-wait' state.
Setting this parameter to zero may permit
denial of service attacks, since only a limited
number of concurrent sessions are supported
by the server.";
}
leaf idle-timeout {
type uint32 {
range "0 | 10 .. 360000";
}
units "seconds";
default "3600";
description
"Specifies the number of seconds that a session
may remain idle without issuing any RPC requests.
A session will be dropped if it is idle for an
interval longer than this number of seconds.
Sessions that have a notification subscription
active are never dropped.
If this parameter is set to zero, then the server
will never drop a session because it is idle.";
}
leaf max-burst {
type uint32;
default "10";
description
"Specifies the maximum number of notifications
that should be sent to one session, within a
one second time interval. The value 0 indicates
that the server should not limit notification
bursts at all.";
}
leaf-list port {
type inet:port-number;
max-elements "4";
description
"Specifies the TCP ports that the server will accept
connections from. These ports must also be configured
in the /etc/ssh/sshd_config file for the SSH master
server to accept the connection and invoke the netconf
subsystem.
Up to 4 port numbers can be configured.
If any ports are configured, then only those values
will be accepted by the server.
If no ports are configured, then the server will accept
connections on the netconf-ssh port (tcp/830).";
}
leaf startup-error {
type enumeration {
enum "stop" {
value 0;
description
"Terminate the program if any errors are
encountered in the startup configuration.";
}
enum "continue" {
value 1;
description
"Continue the program if any errors are
encountered in the startup configuration.
The entire module-specific data structure(s)
containing the error node(s) will not be added
to the running configuration at boot-time.";
}
}
default "continue";
description
"Controls the server behavior if any errors are
encountered while loading the startup configuration
file into the running configuration at boot-time.";
}
leaf superuser {
type union {
type nt:NcxName;
type string {
length "0";
}
}
default "superuser";
description
"The user name to use as the superuser account.
Any session associated with this user name
will bypass all access control enforcement.
See yuma-nacm.yang for more details.
To disable the superuser account completely,
set this parameter to the empty string.";
}
leaf target {
type enumeration {
enum "running" {
value 0;
description
"Write to the running config and support
the :writable-running capability.";
}
enum "candidate" {
value 1;
description
"Write to the candidate config and support
the :candidate and :confirmed-commit
capabilities.";
}
}
default "candidate";
description
"The database to use as the target of edit-config
operations.";
}
leaf usexmlorder {
type empty;
description
"If present, then XML element order will be enforced.
Otherwise, XML element order errors will not be
generated if possible. Default is no enforcement of
strict XML order.";
}
leaf with-startup {
type boolean;
default "false";
description
"If set to 'true', then the :startup capability will be
enabled. Otherwise, the :startup capability
will not be enabled. This capability
makes the NV-save operation an explicit operation
instead of an automatic save.";
}
leaf with-url {
type boolean;
default "true";
description
"If set to 'true', then the :url capability will be
enabled. Otherwise, the :url capability
will not be enabled. This capability requires a
file system and may introduce security risks
because internal files such as startup-cfg.xml
and backup-cfg.xml will be exposed.";
}
leaf with-validate {
type boolean;
default "true";
description
"If set to 'true', then the :validate capability will be
enabled. Otherwise, the :validate capability
will not be enabled. This capability requires
extensive memory resources.";
}
uses ncxapp:NcxAppCommon;
uses ncxapp:SubdirsParm;
uses ncxapp:ModuleParm;
uses ncxapp:DeviationParm;
uses ncxapp:DatapathParm;
uses StartupChoice;
ncx:cli;
} // container netconfd
} // module netconfd
