Configuration Parameters for netconfd; This module is not advertised by the server. It contains only CLI parameters. Copyright ...
Version: 2022-02-25
module netconfd-pro { yang-version 1.1; namespace "http://yumaworks.com/ns/netconfd-pro"; prefix ndpro; import yuma-ncx { prefix ncx; } import yuma-types { prefix nt; } import yumaworks-types { prefix ywt; } import yuma-app-common { prefix ncxapp; } import yumaworks-app-common { prefix ywapp; } import ietf-inet-types { prefix inet; } import ietf-restconf { prefix rc; } organization "YumaWorks, Inc."; contact "Support <support@yumaworks.org>."; description "Configuration Parameters for netconfd; This module is not advertised by the server. It contains only CLI parameters. Copyright (c) 2010 - 2022 YumaWorks, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the BSD 3-Clause License http://opensource.org/licenses/BSD-3-Clause"; revision "2022-02-25" { description "21.10 addition only: - Add --with-yumaworks-cert-usermap parameter. - Add --remove-schema-aug-leafs parameter."; } revision "2021-10-13" { description "21.10 addition only: - Add --with-grpc parameter. - Change superuser to a leaflist to allow multiple users to have this designation instead of just one."; } revision "2021-05-15" { description "Change event-stream related parameters so the type is NcxNumName instead of NcxName. All characters same as before accepted but first can have a number. All monitoring uses plain 'string' type. Only config parameters restrict the name."; } revision "2021-03-25" { description "Add --return-status parameter Add --with-yumaworks-event-stream parameter"; } revision "2021-02-27" { description "Add --wait-datastore-ready parameter"; } revision "2020-10-17" { description "Add --with-yumaworks-callhome parameter"; } revision "2020-08-16" { description "Add YANG Push paameters: --push-max-operational --push-max-periodic --push-min-dampening --push-min-period --push-simop-enabled --push-simop-patch-update --push-simop-period "; } revision "2020-05-29" { description "Add --no-log parameter. Add edit-data bit to audit-log-events object."; } revision "2020-05-19" { description "Add --with-yang-patch-running parameter."; } revision "2020-02-12" { description "Add --convert-subtree-filter parameter. Add --import-version-bestmatch parameter."; } revision "2019-12-28" { description "Add --startup-skip-validation parameter."; } revision "2019-12-11" { description "Add rpc-summary bit to --audit-log-events parameter."; } revision "2019-08-24" { description "Add --with-nmda parameter."; } revision "2019-08-18" { description "Add --event-stream parameter. Add --event-stream-map parameter."; } revision "2019-07-01" { description "Add --tls-crl-missing-ok parameter. Add --tls-crl-mode parameter."; } revision "2019-05-05" { description "Add --with-term-msg parameter. Add --max-strlen parameter. Add --with-yumaworks-config-change parameter."; } revision "2019-03-30" { description "Add use of binary-display-maxlen parameter"; } revision "2019-02-13" { description "18.10 additions only: Add --hide-module parameter."; } revision "2019-01-22" { description "18.10 additions only: Add --with-support-save parameter. Add --with-yuma-time-filter parameter. Add --with-yumaworks-event-filter parameter. Add --with-yumaworks-getbulk parameter. Add --with-yumaworks-ids parameter. Add --with-yumaworks-system parameter. Add --with-yumaworks-templates parameter. Add --with-db-lock parameter. Add --db-lock-retry-interval parameter. Add --db-lock-timeout parameter."; } revision "2018-12-31" { description "18.10 additions only: Add --callhome-reconnect parameter. Add --sil-test-get-when parameter."; } revision "2018-11-13" { description "18.10 addition only: Add --with-maintenance-mode parameter."; } revision "2018-09-24" { description "18.10 addition only: Add --sil-root-check-first parameter."; } revision "2018-09-23" { description "Add IPv6 support to callhome-server and callhome-tls-server CLI parameters"; } revision "2018-08-24" { description "18.10 addition only: Add --with-gnmi parameter. Change default on with-yuma-system to FALSE"; } revision "2018-08-23" { description "Add --sil-prio-reverse-for-deletes parameter."; } revision "2018-06-24" { description "Add --sil-invoke-for-defaults parameter."; } revision "2018-03-26" { description "Add errmsg and errmsg-lang parameters. Add startup-prune-ok parameter. Add --with-canonical parameter. Add --module-tagmap parameter. Add --with-modtags parameter."; } revision "2018-03-06" { description "Add trim-whitespace parameter. Add with-netconf-tls parameter. Add netconf-tls-address parameter. Add netconf-tls-port parameter. Add netconf-tls-certificate parameter. Add netconf-tls-key parameter. Add netconf-tls-trust-store parameter. Add insecure-ok parameter. Add cert-usermap parameter. Add cert-default-user parameter. Add callhome-tls-server parameter."; } revision "2017-12-22" { description "Add with-url-ftp parameter. Add with-url-tftp parameter. Add with-yuma-system parameter. Add with-rollback-on-error parameter. Convert to yang-data to support yumaworks-server module run-time change of CLI parameters, either take effect right away or on next reboot."; } revision "2017-11-02" { description "Add max-cli-sessions parameter. Add new SNMP specific parameters: - snmp-agent-role parameter - snmp-subagent-priority parameter"; } revision "2017-09-17" { description "Add confdir parameter. Add fallback enum to running-error and startup-error parameters. Add startup-factory-file parameter."; } revision "2017-06-27" { description "Add restconf-default-encoding parameter."; } revision "2017-06-03" { description "Add with-callhome parameter. Add callhome-server parameter. Add callhome-retry-interval parameter. Add callhome-retry-max parameter. Add callhome-sshd-command parameter. Add callhome-sshd-config parameter. Add callhome-subsys-command parameter. Add with-snmp parameter. Deprecate session-sync-mutex. Deprecate session-sync-mutex and with-yang-api. Add fileloc-fhs parameter. Add no-audit-log parameter."; } revision "2017-02-19" { description "Change socket-address from ipv4-address to ip-address to support IPv6 addresses."; } revision "2017-01-23" { description "Add no-nvstore parameter. Add with-yang11-hello parameter. Update 'restconf-strict-headers' leaf description, reference to RFC 8040 now."; } revision "2017-01-17" { description "Add create-empty-npcontainers parameter Make delete-empty-npcontainers parameter obsolete. Add with-config-id parameter"; } revision "2016-11-08" { description "Update --restconf-strict-accept parameter Changed it to restconf-strict-headers and updated the description of the parameter"; } revision "2016-07-03" { description "Add --ha-initial-active parameter."; } revision "2016-06-24" { description "Add --library-mode parameter."; } revision "2016-06-17" { description "Add --with-yp-coap parameter. Add --with-yp-coap-dtls parameter. Add --yp-coap-address parameter. Add --yp-coap-port parameter. Add --yp-coap-dtls-port parameter."; } revision "2016-06-06" { description "Add --netconf-capability parameter. Add --restconf-capability parameter. Deprecate system-sorted parameter."; } revision "2016-04-19" { description "These YP-HA parameters are not implemented in 15.10: Add --ha-enabled parameter. Add --ha-port parameter. Add --ha-server parameter. Add --ha-server-key parameter. Add --ha-sil-standby parameter. Add --server-id parameter. This parameter is implemented in 15.10: Add --with-warnings parameter."; } revision "2016-04-11" { description "Add --annotation parameter."; } revision "2016-01-18" { description "Add --with-yang-api parameter. Add --with-restconf parameter. Add --with-yp-shell parameter. Add --with-netconf parameter. Add --audit-log-console-level parameter. Add --audit-log-level parameter."; } revision "2015-11-02" { description "Add --max-getbulk parameter. Add --restconf-strict-accept parameter. Add --subsys-timeout parameter. Add --autodelete-pdu-error parameter."; } revision "2015-09-26" { description "Add --sil-validate-candidate parameter Add --audit-log-candidate parameter Add --allow-list-delete-all parameter Add --allow-leaflist-delete-all parameter"; } revision "2015-09-14" { description "Add --restconf-server-url parameter."; } revision "2015-06-29" { description "Add --no-watcher parameter. Add --watcher-interval parameter."; } revision "2014-10-16" { description "Add --save-owners parameter."; } revision "2014-07-11" { description "Add --socket-type, --socket-address, and --socket-port parameters."; } revision "2014-03-14" { description "Add --sil-skip-load parameter. Add --log-event-drops parameter. Add --sil-missing-error parameter."; } revision "2013-12-27" { description "Add --allowed-user parameter for added security."; } revision "2013-10-23" { description "Add --bundle parameter for SIL bundle support. Change --startup-error default from continue to stop. Change --max-sessions default from 0 to 8."; } revision "2013-08-13" { description "Add LoggingVendorParms due to grouping split."; } revision "2013-03-27" { description "Add session-sync-mutex and log-pthread-level params."; } revision "2013-03-15" { description "Add MatchParms parameters. Add yangapi-server-url parameter. Add with-notifications parameter."; } revision "2012-11-16" { description "Add message-indent parameter."; } revision "2012-09-29" { description "Add max-sessions CLI parameter. Add system-notifications parameter"; } revision "2012-08-16" { description "Split out from yangcli.yang."; } revision "2012-04-19" { description "Add abstract data struct for REST-API entry point resource."; } revision "2011-12-15" { description "Add --running-error parameter."; } revision "2011-10-08" { description "Add --home parameter."; } revision "2011-08-27" { description "Add --runpath parameter. Add --factory-startup parameter."; } revision "2011-07-20" { description "Add --audit-log and --audit-log-append CLI parameters. Add --system-sorted CLI parameter. Make with-defaults enum local to prevent report-all-tagged from being accepted as a basic mode."; } revision "2011-05-29" { description "Removed superuser YANG default to disable by default, to make sure an admin has to explicitly enable this feature."; } revision "2011-04-24" { description "Added --protocols parameter via uses ProtocolsParm. Not available in yuma v1 branch."; } revision "2011-04-02" { description "Added --delete-np-containers parameter."; } revision "2010-05-13" { description "Added --with-url to enable :url capability."; } revision "2010-01-14" { description "Initial version for 0.9.9 release."; } rc:yang-data "ncparms"; container netconfd-pro { ncx:cli; leaf access-control { type ywt:access-control-mode; default "enforcing"; description "Controls how access control is initially enforced by the server."; } leaf allow-leaflist-delete-all { type boolean; default "false"; description "If true, then the delete-all operation is enabled for deleting instances of leaf-list objects."; } leaf allow-list-delete-all { type boolean; default "false"; description "If true, then the delete-all operation is enabled for deleting instances of list objects."; } leaf-list allowed-user { type nt:NcxName; description "Name of a user that is allowed to have access to the server via network management sessions. If any configured then the user name must be in this list, unless the user is the superuser account."; } leaf alt-names { type ywt:AltNameMode; default "true"; description "Match mode to use for UrlPath name searches."; } leaf-list annotation { type yt:NcModuleSpec; description "YANG deviation file representing model annotations. Processed the same as a deviation parameter except the module is not advertised to any client sessions. Only the deviation 'deviate add' operation can be used to transfer extension statements to another model. The annotations will be applied to a data definition statement, as if they were defined as sub-statements of the deviation target. --annotation=acme-dev1 Example object annotations (contents of acme-dev1) deviation /if:interfaces { deviate add { ncx:sil-delete-chilren-first; } } deviation /if:interfaces/if:interface { deviate add { ncx:sil-delete-chilren-first; acme:my-deviation1 'the deviation parm'; } } "; } leaf audit-log-append { type empty; description "If present, the audit log will be appended not over-written. If not, the audit log will be over-written. Only meaningful if the 'audit-log' parameter is also present."; } leaf audit-log-candidate { type boolean; default "true"; description "If true, then transactions to the candidate datastore will be recorded in the audit log. If false, then transactions to the candidate datastore will not be recorded in the audit log."; } choice audit-log-choice { leaf audit-log { type string; description "Filespec for the server audit log file to use in addition to the normal log file or STDOUT."; } leaf no-audit-log { type empty; description "Flag indicating that no audit log at all will be created. This is only relevant if --fileloc-fhs is 'true'."; } } // choice audit-log-choice leaf audit-log-console-level { type nt:NcDebugType; default "debug"; description "Sets the minimum logging level needed to log datastore audit records to the server console log. This does not affect output to the audit log."; } leaf audit-log-events { type bits { bit edit-candidate { position 0; description "Save candidate datastore edit events in the audit log. If the --audit-log-candidate parameter is set to true, or the <candidate> datastore is not present, then this bit will be ignored."; } bit edit-running { position 1; description "Save running datastore edit events in the audit log"; } bit update-startup { position 2; description "Save startup datastore update events in the audit log. If the <startup> datastore is not present then this bit will be ignored."; } bit client-session { position 3; description "Save client session start and end events in the audit log"; } bit control-session { position 4; description "Save YControl session start and end events in the audit log"; } bit acm-write-error { position 5; description "Save access control write access denied events in the audit log"; } bit acm-exec-error { position 6; description "Save access control execute access denied events in the audit log"; } bit rpc-summary { position 7; description "Save <rpc> summary records in the audit log."; } bit edit-data { position 8; description "Add plain display output of the data that is being edited in an edit transaction. This bit has no affect unless the edit-candidate or edit-running bit is also set. Note that this added data could represent a security risk since it could expose sensitive configuration data contents. Use this option with caution!"; } } default "edit-running"; description "Configures the audit log events that will be saved as audit records to the audit log. This does not affect debug logging to the server console log."; } leaf audit-log-level { type nt:NcDebugType; default "info"; description "Sets the minimum logging level needed to log datastore audit records to the audit log. This does not affect debug logging to the server console log."; } leaf autodelete-pdu-error { type boolean; default "true"; description "If true, then configuration nodes provided in the edit payload (e.g., <config> element) that are conditional on 'when' statements must evaluate to true or else an operation-failed error will be returned. If false, then such 'false when' will be silently removed from the target datastore."; } leaf binary-display-maxlen { type uint32; default "0"; description "The maximum number of bytes to display when dumping the contents of a binary value. Normally a message will be displayed showing the name and length. If this parameter is set to a value greater than zero then a standard 8-byte per line hex dump of the binary type will also be displayed for a maximum number of bytes set by this parameter."; } leaf-list bundle { type nt:NcxName; description "Specifies the name of a SIL bundle to load into system at boot-time."; } leaf callhome-reconnect { type boolean; default "false"; description "If 'true' the server will attempt to start a new callhome connection if the client closes the session. If 'false' the server will not attempt to start a new callhome session after the client closes the session. Be careful that the server is running with proper permissions because a successful connection that fails during authentication will cause a reconnect loop if this parameter is set to 'true'."; } leaf callhome-retry-interval { type uint16 { range "1 .. max"; } units "seconds"; default "60"; description "Specifies the number of seconds to wait after a connect attempt to the callhome server has failed before attempting another connect attempt to that server."; } leaf callhome-retry-max { type uint16; default "10"; description "Specifies the number of retry attempts the server should attempt to the callhome server before giving up. The value 0 indicates the server should never give up."; } leaf-list callhome-server { type string; description "Specifies a NETCONF over SSH callhome server that this server should attempt to initiate a callhome connection at boot-time. This string has the format: <server-id> '@' <server-ipv4-addr> [ ':' <port-num> ] server1@192.168.0.101 server1@192.168.0.101:12040 <server-id> '@' <server-ipv6-addr> [ '$' <port-num> ] server1@2605:e000:7e92:3f00:9e:aa5a:fd7f server1@2605:e000:7e92:3f00:9e:aa5a:fd7f$6666 The server-id parameter is used for logging purposes. This parameter is ignored if the --with-callhome parameter is set to 'false'. The default NETCONF over SSH CallHome port number (netconf-ch-ssh 4334) is used if the 'port' field is not present. "; } leaf callhome-sshd-command { type string; default "/usr/sbin/sshd"; description "Specifies the command string used to invoke the SSH server when a NETCONF over SSH callhome session is initiated."; } leaf callhome-sshd-config { type string; description "Specifies the SSH server configuration file to use when invoking the SSH server when a NETCONF over SSH callhome session is initiated. The default config file to use is a dynamic string using the pattern ch_sshd_config.<client>. It is located in the $HOME/.yumapro directory."; } leaf callhome-subsys-command { type string; default "/usr/sbin/netconf-subsystem-pro"; description "Specifies the netconf subsystem to use in the default ch_sshd_config files to specify the NETCONF subsystem for the incoming NETCONF session expected on the NETCONF over SSH callhome session."; } leaf-list callhome-tls-server { type string; description "Specifies a NETCONF over TLS callhome server that this server should attempt to initiate a callhome connection at boot-time. This string has the format: <server-id> '@' <server-ipv4-addr> [ ':' <port-num> ] server1@192.168.0.101 server1@192.168.0.101:12040 <server-id> '@' <server-ipv6-addr> [ '$' <port-num> ] server1@2605:e000:7e92:3f00:9e:aa5a:fd7f server1@2605:e000:7e92:3f00:9e:aa5a:fd7f$6666 The server-id parameter is used for logging purposes. This parameter is ignored if the --with-callhome parameter is set to 'false'. The default NETCONF over TLS callhome port number (netconf-ch-tls 4335) is used if the 'port' field is not present. "; } leaf cert-default-user { type string; description "The username to use if no username mapping is found for a NETCONF over TLS session. This parameter is non-standard and should only be used for debugging. This parameter will be ignored unless the image is built with the DEBUG=1 make flag."; } leaf-list cert-usermap { type string; ordered-by user; description "Each entry specifies a certificate to user name mapping for NETCONF over TLS sessions. A mapping is a structured string using the form <user>@<fingerprint>. The 'user' field is the case-sensitive user name for the mapping. The 'fingerprint' field is a hex-string representation of the SHA-1 fingerprint for the X.509 certificate. It does not have to be complete. Usually 6 bytes should be sufficient to ensure uniqueness. The hex digits are not case-sensitive. At least 6 hex digits must be provided. A maximum of 20 hex digits can be provided. Example: admin@60:C8:5C:08:82:55 A printable fingerprint can be generated with the openssl command: 'openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]' "; } leaf confdir { type string; default "/etc/yumapro/netconfd-pro.d"; description "Specifies the CLI parameter configuration directory to use for extra configuration files. The server will check this directory for files that end with the suffix '.conf' and process them similar to the main configuration file. Other files will be ignored. Files will be processed in alphabetical order. The server will keep the first value set if a CLI leaf parameter is set multiple times. The CLI parameters are set in the following order: 1) netconfd-pro command line 2) --config file or /etc/yumapro/netconfd-pro.conf 3) --confdir files or /etc/yumapro/netconfd-pro.d/ If the --no-config parameter is present in step (1) then steps (2) and (3) will be skipped, and this parameter will be ignored. If this parameter is encountered in step (3) it will be ignored. Extra configuration files in step (3) have the exact same syntax as the configuration file used in step (2). Example extra config file testmods.conf: netconfd-pro { module acme-test1 module acme-test2 log-level debug2 message-indent 1 idle-timeout 0 } "; } choice config-choice { leaf config { type string; description "The name of the configuration file to use. Any parameter except this one can be set in the config file. The default config file will be not be checked if this parameter is present."; } leaf no-config { type empty; description "Do not the default .conf file even if it exists."; } } // choice config-choice leaf convert-subtree-filter { type boolean; default "false"; description "If set to 'true' then subtree filters for retrieval operations might be converted to XPath expressions for processing. The subtree filtering algorithm has a minor flaw which can cause subtree containment nodes to be printed in the output even though a nested selection filter does not match. A containment node should be completely pruned from the result no selection filters within it produce a match. This only affects data that needs to be retrieved by the server with a GET2 callback. This issue has been fixed by converting a subtree filter to XPath and processing as if it were an XPath filter. If this parameter is set to 'true' then the conversion will be attempted. The conversion will be skipped if any of the following conditions are true - output format is not XML - input format is not XML - subtree filter contains any attribute match expressions This bugfix is not enabled by default because it might change filter output which was previously incorrect, but a client might be relying on the incorrect output anyway."; } leaf create-empty-npcontainers { type boolean; default "true"; description "An empty non-presence container has no meaning in NETCONF/YANG so it may be created by the server. In particular, the presence of the container node with no child nodes is semantically equivalent to the absence of the container node. This is the default style. If this parameter is set to false, then the server will not create empty NP containers."; } leaf datapath { type yt:NcPathList; description "Internal file search path for config files. Overrides the YUMA_DATAPATH environment variable."; } leaf db-lock-retry-interval { type uint32 { range "10 .. 60000"; } units "milli-seconds"; default "500"; description "The number of milli-seconds to wait before attempting to get a DB-Config-Lock from the DB-API subsystem."; } leaf db-lock-timeout { type uint32 { range "min .. 3600"; } units "seconds"; default "30"; description "The total number of seconds to wait before giving up on a DB-Config-Lock from the DB-API subsystem. The value zero indicates that no retries will be attempted if the lock is busy."; } leaf default-style { type enumeration { enum "report-all" { value 0; } enum "trim" { value 1; } enum "explicit" { value 2; } } default "explicit"; description "Selects the type of filtering behavior the server will advertise as the 'basic' behavior in the 'with-defaults' capability. The server will use this default handling behavior if the 'with-defaults' parameter is not explicitly set. Also, when saving a configuration to NV-storage, this value will be used for filtering defaults from the saved configuration. See wd:with-defaults leaf for enumeration details."; } leaf delete-empty-npcontainers { type boolean; default "false"; status obsolete; description "An empty non-presence container has no meaning in NETCONF/YANG so it may be deleted by the server. This takes non-trivial processing time for large databases, but uses less memory. Disabling this parameter will result in a larger database in both memory and NV-save."; } leaf-list deviation { type yt:NcModuleSpec; description "YANG deviation file. This parameter identifies a YANG module that should only be checked for deviation statements for external modules. These will be collected and applied to the real module(s) being processed. Deviations are applied as patches to the target module. Since they are not identified in the target module at all (ala imports), they have to be specified explicitly, so they will be correctly processed. If this string represents a filespec, ending with the '.yang' or '.yin' extension, then only that file location will be checked. If this string represents a module name, then the module search path will be checked for a file with the module name and the '.yang' or '.yin' extension. If this string begins with a '~' character, then a username is expected to follow or a directory separator character. If it begins with a '$' character, then an environment variable name is expected to follow. ~/some/path ==> <my-home-dir>/some/path ~fred/some/path ==> <fred-home-dir>/some/path $workdir/some/path ==> <workdir-env-var>/some/path "; } leaf-list errmsg { type string; description "Specifies a replacement string for a specific error number. Can specify error message for 1 specific language. The 'num' component must match the <error-number> found in status_enum.h. New error enums are always added at the end of the list, so the numbers will not change. The 'lang' component should use the ISO-639-1 code Max length is 7 characters. The string has the format: '<num>:<lang>:error string' where: <num> = error number to use for error message <lang> = language code (en for English) error string = error string text Example: Replace error 117 (ERR_WB_WRITE_FAILED) 'db write failed' errmsg='117:en:The database could not be written' "; } leaf errmsg-lang { type string { length "1 .. 7"; } default "en"; description "Specifies the language code for the error-message language. This is only relevant if there are errmsg parameters for multiple languages loaded in the program. This value should use the ISO-639-1 code. "; } leaf-list event-stream { type ywt:NcxNumName; description "Specifies the name of a NETCONF event stream that should be created by the server. Each event stream has its own subscriptions and notification replay buffer. Each event stream has the same replay buffer size, using the shared eventlog-size parameter. Each generated notification is sent to one event stream. The YANG module instrumentation will select an event stream to use or the default event stream will be used. Copies of the same notification can be sent to multiple event streams. If the event-stream specified by the instrumentation is not available, then a warning will be generated in the log and the default event stream will be used instead. The default event stream is named 'NETCONF'. It cannot be replaced or removed. No other event stream can have this name. The standard NETCONF notification events are always sent to this event stream, unless there is an event-stream-map assigning the module to a different event stream."; } leaf-list event-stream-map { type string; description "Each entry specifies a module name to event-stream mapping for notification handling. A mapping is a structured string using the form <module-name>@<stream-name>. The 'module-name' field is the case-sensitive module name for the mapping. The 'stream-name' field is the case-sensitive stream name for the mapping. It must match an 'event-stream' parameter or the default 'NETCONF'. Note there is no need to define a mapping for the 'NETCONF' stream since it will be picked if no other stream is selected. The name must conform to the NcxNumName data type. The built-in notifications such as 'replayComplete' and 'notificationComplete' are subscription-specific and always sent only to the subscription, not the event stream. Therefore these notifications are not affected by this parameter."; } leaf eventlog-size { type uint32; default "1000"; description "Specifies the maximum number of notification events that will be saved in each notification replay buffer. The oldest entries will be deleted first. The value 0 will cause the server to periodically clean out the messages that have already been delivered. The eventlog-size is per event stream, not total size."; } leaf-list feature-disable { type yt:FeatureSpec; description "Identifies a feature which should be considered disabled."; } leaf-list feature-enable { type yt:FeatureSpec; description "Identifies a feature which should be considered enabled."; } leaf feature-enable-default { type boolean; default "true"; description "If true, then features will be enabled by default. If false, then features will be disabled by default."; } leaf fileloc-fhs { type boolean; default "false"; description "If true, then the server should use Filesystem Hierarchy Standard (FHS) directory locations to create and store server data. May need to run as root. The FHS server log file will be created by default unless the 'log' parameter is used, then that location will be used instead. The FHS audit log file will be created by default unless the 'audit-log' parameter is used, then that location will be used instead. If the 'no-audit-log' parameter is present then no audit log will be created. File Type Example ---------------------------------------------------- server log: /var/log/netconfd-pro/server.log audit log: /var/log/netconfd-pro/audit.log config file: /var/lib/netconfd-pro/startup-cfg.xml TXID file: /var/lib/netconfd-pro/startup-cfg-txid.txt backups: /var/lib/netconfd-pro/backups/backup1.xml PID file: /var/run/netconfd-pro/netconfd-pro.pid AF socket: /var/run/netconfd-pro/ncxserver.sock If false then the server will use $HOME/.yumapro and other file locations to store server data. File Type Example ---------------------------------------------------- server log: STDOUT; no server log created by default audit log: STDOUT; no audit log created by default config file: $HOME/.yumapro/startup-cfg.xml TXID file: $HOME/.yumapro/startup-cfg-txid.txt backups: $HOME/.yumapro/backups/backup1.xml PID file: $HOME/.yumapro/netconfd-pro.pid AF socket: /tmp/ncxserver.sock "; } leaf ha-enabled { type boolean; default "false"; description "Specifies whether the YP-HA protocol should be enabled, allowing High Availability Datastore Replication mode to be supported. If this parameter is enabled then the following parameters must be configured or the server will exit with an error: - ha-server - ha-server-key - server-id - socket-type=tcp - socket-address - socket-port "; } leaf ha-initial-active { type nt:NcxName; description "Specifies the server name for the initial YP-HA active server. This is ignored unless ha-enabled=true. There is no default. This parameter is used to hardwire the initial High Availability roles instead of setting it in the yp-system init1 or init2 callback functions. If this parameter is the same as 'server-id' then this server will be the initial YP-HA active server. This parameter is intended for debug mode only. The real operational mode should use signaling only to set the HA mode. Otherwise if the server reboots it will use the configured HA mode, which may not be correct if it has been changed during runtime."; } leaf ha-port { type inet:port-number; default "8088"; description "Specifies the default port to use for YP-HA protocol messages. Unless otherwise specified, this port number will be used by a standby server attempting to connect to the active server. (This parameter is not used yet)."; } leaf-list ha-server { type string; description "Specifies a server in the YP-HA server pool. This string has the format: <server-id> '@' <server-addr> [ ':' <port-num> ] server1@192.168.0.101 server1@192.168.0.101:12040 The server running with this configuration must be listed in the ha-server pool. The server-id parameter must match the entry for this server. There must be at least 2 entries present to configure an HA server pool. This must be done if ha-enabled parameter is set to 'true'. "; } leaf ha-server-key { type string; description "Specifies the string the standby server must present to the active server during registration. Used to prevent servers from going the wrong HA pool. If not set then the active server will reject the YP-HA connection. This parameter must be set if the ha-enabled parameter is set to 'true'."; } leaf ha-sil-standby { type boolean; default "false"; description "Specifies whether the edit callbacks such as SIL, SIL-SA and HOOK instrumentation will be invoked if the server is operating in HA standby mode"; } leaf hello-timeout { type uint32 { range "0 | 10 .. 3600"; } units "seconds"; default "600"; description "Specifies the number of seconds that a NETCONF session may exist before the client hello PDU is received. A session will be dropped if no hello PDU is received before this number of seconds elapses. If this parameter is set to zero, then the server will wait forever for a hello message, and not drop any sessions stuck in 'hello-wait' state. The hello timer starts when a session is started within the server, and therefore using a session resource that counts against the 'max-sessions' limit. For NETCONF over SSH sessions the session starts after the SSH session is setup and the 'netconf' subsystem is invoked. The SSH server has its own timeout values for maximum session startup time. For NETCONF over TLS sessions the session starts when the TCP connection is accepted. Setting this parameter to zero may permit denial of service attacks, since only a limited number of concurrent sessions are supported by the server."; } leaf help { type empty; description "Print program help file and exit."; } choice help-mode { default "normal"; leaf brief { type empty; description "Show brief help text"; } leaf full { type empty; description "Show full help text"; } leaf normal { type empty; description "Show normal help text"; } } // choice help-mode leaf-list hide-module { type nt:NcxName; description "Specifies the name of a module to hide from advertisements to client sessions. If the specified module name is loaded into the server, then this parameter will cause it to be omitted from the following data structures: - YANG 1.0 <hello> message - /netconf-state/schemas/schema list - /modules-state/module list This parameter will prevent the client from knowing about the hidden module. If an advertised module imports a hidden module then it is very likely a client will not be able to use the advertised module because of the missing imports. This parameter can be dangerous! It does not prevent loading or enabling of the module. The SIL code is responsible for not returning any data to a client using a hidden module. Use of this parameter violates conformance to NETCONF, RESTCONF, and the YANG Library. Use with caution, only for modules that are not accessible by clients."; } leaf home { type string { length "1..max"; } description "Directory specification for the home directory to use instead of HOME."; } leaf idle-timeout { type uint32 { range "0 | 10 .. 360000"; } units "seconds"; default "3600"; description "Specifies the number of seconds that a session may remain idle without issuing any RPC requests. A session will be dropped if it is idle for an interval longer than this number of seconds. Sessions that have a notification subscription active are never dropped. If this parameter is set to zero, then the server will never drop a session because it is idle."; } leaf import-version-bestmatch { type boolean; default "false"; description "Specifies if the bestmatch search feature should be used for import resolution when no revision-date field is specified in the import-stmt. If 'true' then the server will scan the module search path during startup and determine the most recent revisions of each module. If a module is loaded or imported and no revision date is specified then the bestmatch revision will be used. This feature requires some additional memory and bootup processing time. It should be avoided if possible. The module search path on the server should only contain the modules and revisions that are needed by the server. If set to 'false', then the bestmatch feature will not be enabled. It is possible for the server to find and load the wrong version of a module during imports processing. For example, while loading module A, it imports module B. Then module B is loaded but a revision is specified (e.g., --module=B@2019-06-20). This can cause errors during callback registration such as 'definition not found' or 'segment not found', depending on how the module has changed. "; } leaf indent { type yt:IndentType; description "Number of spaces to indent (0..9) in formatted output."; } leaf insecure-ok { type boolean; default "false"; description "Specifies if insecure NETCONF over TLS should be allowed. If true then X.509 certificates will be accepted even if they cannot be verified. Used for debugging only! This parameter is only available if the image was built with the DEBUG=1 parameter."; } leaf library-mode { type boolean; default "false"; description "If true, then the server will operate in YANG module library mode. It will find all the YANG modules and make them available for <get-schema> operations. The following NETCONF operations are available when the server is operating in library mode: ietf-netconf:get ietf-netconf:get-config ietf-netconf-monitoring:get-schema if --with-yuma-system='true': yuma-system:restart yuma-system:shutdown "; } leaf loadpath { type yt:NcPathList; description "Directory load path for YANG or YIN modules. This will be checked before the modpath setting if present when finding modules. After all module and bundle parameters have been processed, this load path will be checked and the server will attempt to load any modules not already loaded. Overrides the YUMA_LOADPATH environment variable."; } leaf log { type string; description "Filespec for the log file to use instead of STDOUT. If this parameter is used on the command line then the --log-append parameter must also be present on the command line if append mode is desired."; } leaf log-append { type empty; description "If present, the log will be appended not over-written. If not, the log will be over-written. Only meaningful if the 'log' parameter is also present."; } leaf log-backtrace { type uint32 { range "0 .. 100"; } description "If present, log output will include traceback detail for each log message, subject to further filtering by --log-backtrace-level and/or log-backtrace-stream qualifiers"; } leaf log-backtrace-detail { type empty; description "If present in conjunction with --log-backtrace log messages will include 'detailed' backtrace information (if supported by the compiler)."; } leaf log-backtrace-level { type bits { bit write { position 0; description "Include backtrace info in write messages."; } bit dev0 { position 1; description "Include backtrace info in developer level 0 messages."; } bit error { position 2; description "Include backtrace info in error messages."; } bit warn { position 3; description "Include backtrace info in warning messages."; } bit info { position 4; description "Include backtrace info in info messages."; } bit dev1 { position 5; description "Include backtrace info in developer level 1 messages."; } bit debug { position 6; description "Include backtrace info in debug messages."; } bit debug2 { position 7; description "Include backtrace info in debug2 messages."; } bit debug3 { position 8; description "Include backtrace info in debug3 messages."; } bit debug4 { position 9; description "Include backtrace info in debug4 messages."; } } description "Indicates for which debug level(s) backtrace info will be generated. Param string is an XSD list: a double quoted series of whitespace separated (level) strings like "error warn debug""; } leaf log-backtrace-stream { type bits { bit logfile { position 0; description "Include backtrace in logfile stream."; } bit stderr { position 1; description "Include backtrace in stderr stream."; } bit stdout { position 2; description "Include backtrace in stdout stream."; } bit syslog { position 3; description "Include backtrace in syslog stream."; } bit vendor { position 4; description "Include backtrace in vendor stream."; } } description "Indicates in which log stream(s) backtrace info will be included. Param string is an XSD list: a double quoted series of whitespace separated (log stream) strings like "logfile syslog""; } leaf log-console { type empty; description "User friendly synonym for --log-mirroring."; } leaf log-event-drops { type boolean; default "false"; description "Indicates if a log entry would be generated when a notification is dropped because the specific notification events are disabled with an event-filter configuration entry."; } leaf log-header { type bits { bit custom { position 0; description "Include date, time, and level."; } bit localtime { position 1; description "Include localtime instead of Yang canonical format."; } } description "Indicates what header elements to include in header output. Param string is an XSD list: a double quoted series of whitespace separated (element) strings like "custom localtime""; } leaf log-level { type yt:NcDebugType; description "Sets the debug logging level for the program."; } leaf log-mirroring { type empty; description "If present in conjunction with --log, --log-syslog, and/or --log-vendor, log output will be directed to the normal stdout/stderr/logfile as well as to the syslog or vendor log stream"; } leaf log-pthread-level { type nt:NcDebugType; description "Sets the pthread debug logging level filter for the program."; } leaf log-stderr { type empty; description "If present, error level output be directed to stderr instead of stdout (as well as log file, if specified)"; } leaf log-syslog { type empty; description "If present, log output will be directed to the standard syslog interface. Yuma log priorities will be translated into the appropriate syslog equivalents."; } leaf log-syslog-level { type yt:NcDebugType; description "Sets the syslog debug logging level filter for output to the syslog file for the program."; } leaf log-vendor { type empty; description "If present, log messages will be directed to a customer-written and registered callback function. This functionality is defined by an API specified in the YumaWorks API Reference Manual. In the absence of a registered callback, this parameter will direct logging messages to syslog in order to facilitate standalone testing."; } leaf log-vendor-level { type yt:NcDebugType; description "Sets the vendor debug logging level filter for output to the vendor-specific log output file stream for the program."; } leaf match-names { type ywt:NameMatchMode; default "exact"; description "Match mode to use for UrlPath name searches."; } leaf max-burst { type uint32; default "10"; description "Specifies the maximum number of notifications that should be sent to one session, within a one second time interval. The value 0 indicates that the server should not limit notification bursts at all."; } leaf max-cli-sessions { type uint16 { range "0 .. 1024"; } default "0"; description "Specifies the maximum number of concurrent CLI sessions that can be active at one time. The value 0 indicates that no artificial session limit should be used. The max-sessions parameter has precedence, so setting this parameter higher than 'max-sessions' will have no effect."; } leaf max-getbulk { type uint32; default "10"; description "Specifies the maximum number of getbulk entries to request from a GET2 callback. This value will be used in the get2cb 'max_entries' field. The value 0 is used to indicate there is no max and the GET2 callback can return as many getbulk entries as desired. This is the default for leaf-list GET2 callbacks"; } leaf max-sessions { type uint16 { range "0 .. 1024"; } default "8"; description "Specifies the maximum number of concurrent sessions that can be active at one time. The value 0 indicates that no artificial session limit should be used."; } leaf max-strlen { type int32 { range "65536 .. max"; } units "bytes"; default "262144"; description "The maximum number of bytes in length that will be accepted for a quoted string, by the internal token parser. This affects YANG and JSON input processing. Set this value to allow large binary leafs to be parsed by the server. This value includes 1 byte for the string termination character."; } leaf message-indent { type int8 { range "-1 .. 9"; } default "-1"; description "The number of spaces to indent for each level of output in a protocol message, e.g. NETCONF request. The value zero means no indent, just line feeds. The value -1 means no indent and no line feeds either."; } leaf modpath { type yt:NcPathList; description "Directory search path for YANG or YIN modules. Overrides the YUMA_MODPATH environment variable."; } leaf-list module { type yt:NcModuleSpec; description "YANG source module name to use."; } leaf-list module-tagmap { type string; description "Specifies a module tag mapping for use in module tags registry. The format is <modname>@<tag-string>. Examples: ietf-system@ietf:system-management openconfig-system@vendor:openconfig:system-management example-system@vendor:example.com:system-management "; } leaf-list netconf-capability { type inet:uri; description "Specifies a URI value that should be added to the server NETCONF <hello> message as a NETCONF <capability> URI and monitoring data in the /netconf-state/capabilities container."; } leaf netconf-tls-address { type inet:ip-address; default "0.0.0.0"; description "Specifies the IP address to listen on for NETCONF over TLS messages."; reference "RFC 7589: NETCONF over TLS"; } leaf netconf-tls-certificate { type string { length "1 .. max"; } default "$HOME/.ssl/netconfd-pro.crt"; description "Contains the file path specification for the file containing the server SSL certificate, used for the NETCONF over TLS protocol."; } leaf netconf-tls-key { type string { length "1 .. max"; } default "$HOME/.ssl/netconfd-pro.key"; description "Contains the file path specification for the file containing the server SSL key, used for the NETCONF over TLS protocol."; } leaf netconf-tls-port { type inet:port-number; default "6513"; description "Specifies the TCP port to listen for NETCONF over TLS messages."; reference "RFC 7589: NETCONF over TLS"; } leaf netconf-tls-trust-store { type string { length "1 .. max"; } default "$HOME/.ssl/trust-store.pem"; description "Contains the file path specification for the file containing the server SSL trust-store, or the path specification for the directory to use for finding trusted certificates. If the default value is used and the file is not found, then the default directory location '/etc/ssl/certs' will be used."; } leaf no-log { type empty; description "Flag indicating that no main log file will be created. This is usually only relevant if --fileloc-fhs is 'true'. In this case the default log file will not be created. The --log-level parameter will be set to 'off'. This parameter will be ignored if the --log parameter is set. This parameter has no affect on the audit-log or syslog logging."; } leaf no-nvstore { type empty; description "Specifies that the server should not load or save using the normal APIs during transaction management. The 'start' choice will be ignored (e.g., --no-startup)) and the server will not attempt to load a startup-cfg.xml file. Transactions will not be saved to NV-storage at all. Any external NV-storage callbacks will be ignored. Use this mode if NV-load and NV-storage are handled internally and not via the startup-cfg.xml file. This parameter is only enabled if it is present."; } leaf-list port { type inet:port-number; max-elements 4; description "Specifies the TCP ports that the server will accept connections from. These ports must also be configured in the /etc/ssh/sshd_config file for the SSH master server to accept the connection and invoke the netconf subsystem. Up to 4 port numbers can be configured. If any ports are configured, then only those values will be accepted by the server. If no ports are configured, then the server will accept connections on the netconf-ssh port (tcp/830)."; } leaf protocols { type bits { bit netconf1.0 { position 0; description "RFC 4741 base:1.0"; } bit netconf1.1 { position 1; description "RFC 6241 base:1.1"; } bit yang-api { position 2; status deprecated; description "YANG-API protocol"; reference "draft-bierman-netconf-yang-api-01.txt"; } bit restconf { position 3; description "RESTCONF Protocol"; reference "RFC 8040"; } } must ". != ''"; description "Specifies which protocol versions the program or session will attempt to use. Empty set is not allowed."; } leaf push-max-operational { type uint32; units "subscriptions"; default "4"; description "Specifies the maximum number of on-change push subscriptions that can be in use at once for the <operational> datastore. The value zero will disable on-change subscriptions for the <operational> datastore. Setting this parameter to a high value can increase the resources used by the server. Use with extreme caution."; } leaf push-max-periodic { type uint32; units "subscriptions"; default "16"; description "Specifies the maximum number of periodic push subscriptions that can be in use at once. The value zero will disable periodic subscriptions. Setting this parameter to a high value can increase the resources used by the server. Use with extreme caution."; } leaf push-min-dampening { type uint16 { range "1 .. max"; } units "centiseconds"; default "100"; description "Specifies the minimum value for the 'dampening-period' parameter that will be accepted for an on-change push subscription. Setting this parameter to a low value can increase the resources used by the server. Use with extreme caution."; } leaf push-min-period { type uint16 { range "1 .. max"; } units "centiseconds"; default "100"; description "Specifies the minimum value for the 'period' parameter that will be accepted for a periodic push subscription. Setting this parameter to a low value can increase the resources used by the server. Use with extreme caution."; } leaf push-simop-enabled { type boolean; default "true"; description "Specifies if the simulated on-change push subscriptions should be enabled for the <operational> datastore. The value false will disable simulated on-change subscriptions for the <operational> datastore. Real on-change subscriptions reported from subsystems are not affected by this parameter."; } leaf push-simop-patch-update { type boolean; default "true"; description "Specifies the notification message that should be used for a simulated on-change push subscription. If 'true' then the standard <push-change-update> notification will be used for the report. This format uses YANG Patch to report individual edits. If 'false' then the standard <push-update> notification will be used for the report. This will make the subscription similar to a periodic subscription, except that an update is only sent when the content changes. This is not conformant with RFC 8641 requirements. Real on-change subscriptions reported from subsystems are not affected by this parameter."; } leaf push-simop-period { type uint16 { range "1 .. max"; } units "centiseconds"; default "500"; description "Specifies the value for the 'period' parameter that will be used for simulated operational on-change push subscription. The current value will be checked periodically using this parameter value. If an update is sent then the dampening-period for this subscription will be enforced. Setting this parameter to a low value will increase the resources used by the server. Use with extreme caution."; } leaf remove-schema-aug-leafs { type boolean; default "false"; description "Remove the 'conformance' and 'module-type' leafs from the /netconf-state/schemas/schema list. The deprecated leafs are added if --with-yumaworks-system is true. They will be removed from the 22.10 release train when the status is changed to obsolete. This parameter will be forced to the value 'true' if the server is built with the REMOVE_SCHEMA_AUG_LEAFS=1 compile flag. The default is 'false' to maintain backward compatibilty with previous releases. The value 'true' should be used since the information from these deprecated leafs is available in the YANG Library data structures."; } leaf-list restconf-capability { type inet:uri; description "Specifies a URI value that should be added to the server as monitoring data in the /restconf-state/capabilities container."; } leaf restconf-default-encoding { type enumeration { enum "json" { value 0; description "Use JSON message encoding as the default."; } enum "xml" { value 1; description "Use XML message encoding as the default."; } } default "json"; description "Specifies the default response encoding to use if the incoming request does not have an indication of preferred content type (e.g., no Content-Type header, no Accept header). "; } leaf restconf-server-url { type inet:uri; default "http://localhost"; description "The starting string for the server URL to use in Location header lines returned by RESTCONF."; } leaf restconf-strict-headers { type boolean; default "false"; description "If set to 'true' the server will only accept requests with normative Accept and Content-Type headers entries specified in the RFC 8040 The Accept header must not be empty; otherwise 'not acceptable' error will be returned. Normative Accept header: application/yang-data+xml,application/yang-data+json;q=0.9 Normative Content-Type header: application/yang-data+xml application/yang-patch+json If set to 'false', the server will try to accept not normative header entries. Acceptable not normative Accept header: application/xml,application/json;q=0.9 Acceptable not normative Content-Type headers: application/xml application/json text/xml "; } leaf return-status { type boolean; default "false"; description "Controls whether the server will return the status code or return zero, when it exits. If 'true' then the server will return the 'status_t' enumeration number for the error that occurred, or zero if no error occurred. Note that these error codes do not follow Linux conventions. Values above 255 (but less than 2000) can be returned. If 'false' then the server will always return zero. This is the existing server behavior and therefore the default behavior."; } leaf running-error { type enumeration { enum "stop" { value 0; description "Terminate the program if any errors are encountered in the running configuration."; } enum "continue" { value 1; description "Continue the program if any errors are encountered in the running configuration. Altering the running configuration will fail until the commit validation tests succeed."; } enum "fallback" { value 2; description "Fallback to the factory configuration if errors are encountered in the running configuration at boot time. The server will restart as if the --factory-startup configuration parameter was used."; } } default "stop"; description "Controls the server behavior if any errors are encountered while validating the running database during the initial load of the running configuration at boot-time."; } leaf runpath { type yt:NcPathList; description "Internal file search path for executable modules. Overrides the YUMA_RUNPATH environment variable."; } leaf save-owners { type boolean; default "false"; description "Indicates if owner names should be saved for data in the running configuration, and startup configuration if supported."; } leaf server-id { type nt:NcxName; default "server1"; description "Server Identifier string to use for this server. Used in YControl and SIL-SA messages to identifier the server to all subsystems. Used in YP-HA to identify this server in the YP-HA server pool"; } leaf session-sync-mutex { type empty; status deprecated; description "If present, force synchronous request processing (pthread version only). Ignored by the server"; } leaf sil-delete-children-first { type boolean; default "false"; description "If 'true', the server default behavior will be to treat all data deletion operations as if the ncx:sil-delete-children-first extension is present. A child node will be checked for a SIL callback before it is deleted. If 'false' the server default behavior will be to invoke SIL callbacks for deletion of child nodes only if the ncx:sil-delete-children-first extension is present."; } leaf sil-invoke-for-defaults { type boolean; default "true"; description "If 'true' then when a SIL or SIL-SA callback will be invoked for default data nodes during the load and load_config operations. If 'false' then a SIL or SIL-SA callback will not be invoked for default data nodes."; } leaf sil-missing-error { type boolean; default "false"; description "If 'true' then when a module is loaded, but the SIL library code for the module is not found, an error will be returned instead of a warning printed. If 'false' then when a module is loaded, but the SIL library code for the module is not found, no error will be returned. Instead, only a warning will be printed."; } leaf sil-prio-reverse-for-deletes { type boolean; default "false"; description "Specifies whether edit transactions are validated by the regular SIL priority of should be reversed for DELETE edits. This parameter can be used to delete leafref nodes with referenced by node in reverse order. If 'false' then the SIL priority will not be reversed."; } leaf sil-root-check-first { type boolean; default "true"; description "If 'true', the server will perform a YANG validation check before the SIL validate callbacks are invoked for an edit-config operation. This is always done for a load-config or commit operation. If 'false', the server will invoke the SIL validate callbacks before performing a YANG validation check. Instead the validation will be done before the SIL apply callback. This is the only behavior in the 17.10 release train."; } leaf sil-skip-load { type empty; description "If present, the server will not invoke the SIL callbacks during initial system initialization when the startup configuration file is loaded into the running datastore."; } leaf sil-test-get-when { type boolean; default "false"; description "If 'true', the server will evaluate 'when' statements for GET2 callback requests for config=false nodes. If 'false' then the SIL or SIL-SA callback is expected to test the 'when' condition internally somehow and return a no-instance error if the condition is 'false'. This parameter can be overridden by the ywx:sil-test-get-when YANG extension. If that extension is found for an operational data node then its value will be used instead of this parameter."; } leaf sil-validate-candidate { type boolean; default "true"; description "If true, the server will invoke the VALIDATE phase for SIL and SIL-SA callbacks when each edit is made to the candidate datastore. If false, the server will not invoke the VALIDATE phase for SIL and SIL-SA callbacks when each edit is made to the candidate datastore. Transaction performance will be improved if the extra VALIDATE phase callbacks are skipped. Acceptance of an individual edit to the candidate does not mean the SIL or SIL-SA will accept that edit when combined with all edits (during the commit operation). In either case the server will invoke the VALIDATE phase callbacks when an attempt to commit the candidate datastore is done or when a <validate> operation is done on the candidate datastore."; } leaf simple-json-names { type boolean; default "false"; description "If true, the server will NOT output name of the module in which the data node is defined. If false, a namespace-qualified member name will be used for all members of a top-level JSON object and then also whenever the namespaces of the data node and its parent node are different."; } leaf snmp-agent-role { type enumeration { enum "master" { value 0; description "A 'master' agent that is available on the standard transport address and that accepts SNMP protocol messages."; } enum "subagent" { value 1; description "An agent acting in a subagent role performs the following functions: - Initiates AgentX sessions with the master agent - Registers MIB regions with the master agent - Instantiates managed objects - Binds OIDs within its registered MIB regions to actual variables - Performs management operations on variables"; reference "RFC 2741"; } } default "master"; description "Specifies the SNMP agent role."; } leaf snmp-subagent-priority { type uint16 { range "1 .. 255"; } default "127"; description "A value between 1 and 255, used to achieve a desired configuration when different sessions register identical or overlapping regions. Subagents with no particular knowledge of priority should register with the default value of 127. In the master agent's dispatching algorithm, smaller values of priority take precedence over larger values, as described in section 7.1.4.1, 'Handling Duplicate and Overlapping Subtrees'."; reference "RFC 2741"; } leaf socket-address { type inet:ip-address; default "0.0.0.0"; description "Specifies the IP address to listen on when the socket-type parameter is set to 'tcp'. Ignored if the socket-type is 'aflocal'. Note that this parameter specifies the IP address for internal <ncx-connect> protocol messages. The server will accept NETCONF sessions over SSH, as specified in the OpenSSH config file."; } leaf socket-port { type inet:port-number; default "2023"; description "Specifies the TCP port number to listen on when the socket-type parameter is set to 'tcp'. Ignored if the socket-type is 'aflocal'. Note that this parameter specifies the port number for internal <ncx-connect> protocol messages. The server will accept NETCONF sessions over SSH, specified with the 'port' parameter (e.g. 830)."; } leaf socket-type { type enumeration { enum "aflocal" { value 0; description "An AF_LOCAL socket will be used for incoming sessions."; } enum "tcp" { value 1; description "An AF_INET socket will be used for incoming sessions."; } } default "aflocal"; description "Specifies which type of socket the server should create for incoming <ncx-connect> protocol sessions. Note that this parameter specifies the socket type for internal <ncx-connect> protocol messages. The server will use TCP connections for NETCONF sessions over SSH."; } choice start { description "select startup config for boot load"; leaf factory-startup { type empty; description "Force the system to use the factory configuration and delete the startup config file if it exists. Force the NV-storage startup to contain the factory default configuration."; } leaf no-startup { type empty; description "If present, do not load the startup config file. Use the factory default settings but do not overwrite the NV-storage startup unless it is altered. This option does not delete the startup config file if it exists."; } leaf startup { type string; description "The full or relative filespec of the startup config file to use. If present, overrides the default startup config file name 'startup-cfg.xml', This will also override the YUMAPRO_DATAPATH environment variable and the datapath CLI parameter, if the first character is the forward slash '/', indicating an absolute file path."; } } // choice start leaf startup-error { type enumeration { enum "stop" { value 0; description "Terminate the program if any errors are encountered in the startup configuration."; } enum "continue" { value 1; description "Continue the program if any errors are encountered in the startup configuration. The entire module-specific data structure(s) containing the error node(s) will not be added to the running configuration at boot-time."; } enum "fallback" { value 2; description "Fallback to the factory configuration if errors are encountered in the startup configuration. The server will restart as if the --factory-startup configuration parameter was used."; } } default "stop"; description "Controls the server behavior if any errors are encountered while loading the startup configuration file into the running configuration at boot-time. It is possible for the startup configuration to contain errors within optional nodes. If this parameter is set to 'continue', then the validation tests on the running config (controlled by running-error) should not fail due to missing optional nodes."; } leaf startup-factory-file { type string; default "factory-startup-cfg.xml"; description "The full or relative filespec of the factory startup config file to use. If the --factory-startup parameter is used, or no startup file is specified or found, then the server will look for this filespec. If found, then it will copied to the startup config file used to load the server. If the value represents a relative filespec then the server will check the server data file search path for the first matching filespec. If this parameter is set and the filespec is not found then the server will exit with an error. If the default filespec is not found then an empty datastore will be used to load the running configuration datastore at boot-time."; } leaf startup-prune-ok { type boolean; default "false"; description "If set to 'true' then the server will prune unknown data nodes from the startup configuration instead of treating this as an error. A log_info message will be printed. If other known data nodes depend on the pruned nodes, then an error may occur anyway. If so, the 'startup-error' parameter will determine how this is handled. If set to 'false' then unknown data nodes found in the startup configuration will cause an error. Unknown data nodes can occur if modules were previously loaded dynamically, or if a YANG feature is configured from enabled to disabled."; } leaf startup-skip-validation { type boolean; default "false"; description "If set to 'true' then the server will skip all YANG validation of the startup configuration when it is loaded into the running configuration at boot-time. This should make the server boot faster but it assumes the startup configuration is already valid. Only the initial startup load operation is affected by this parameter. This parameter affects the 'root check' only. This includes the following datastore validation: - must - when (see note) - leafref path - unique - min-elements - max-elements - mandatory This parameter does not affect 'default' processing or 'when' statement processing for default nodes. It does affect 'when' statement processing for nodes provided in the startup configuration. It is possible that any invalid configuration will need to be fixed before any edits can be made to the <running> datastore. The full datastore can be checked using the <validate> operation. If the startup configuration is completely valid such that all validation tests would have passed, then this parameter should be safe to use. If the startup configuration contains data that does not pass the affected validation tests, then it may not be safe to use this parameter. This is extremely dangerous and can lead to incorrect processing of datastore editing operations. The server does not validate the complete datastore unless the <validate> operation is used. Any <edit-config> and <commit> operations done on a datastore that contains invalid YANG data may produce incorrect results. It is possible that edits will fail because the server detects invalid nodes from the startup during processing of the requested edit. The <restore> operation is not affected by this parameter. It is possible to save an invalid configuration that cannot be restored. Use the <validate> operation before using the <backup> operation to ensure a backup configuration can be restored later. If set to 'false' then startup validation is not skipped."; } leaf subdirs { type boolean; default "true"; description "If false, the file search paths for modules, scripts, and data files will not include sub-directories if they exist in the specified path. If true, then these file search paths will include sub-directories, if present. Any directory name beginning with a dot '.' character, or named 'CVS', will be ignored."; } leaf subsys-timeout { type uint16; units "seconds"; default "30"; description "The number of seconds to wait for a response from a sub-system before declaring a timeout. The value '0' indicates that no timeout should be used."; } leaf-list superuser { type union { type nt:NcxName; type string { length "0"; } } description "Each entry specifies a user name to use as the superuser account. Any session associated with this user name will bypass all access control enforcement. See ietf-netconf-acm.yang for more details. To disable the superuser account completely, do not set this parameter at all. The default mode is to not allow any superuser access. Do not set this parameter to an empty string. This mode is deprecated and should not be used."; } leaf system-notifications { type bits { bit ietf { position 0; description "Use ietf-netconf-notifications module."; reference "RFC 6470"; } bit yuma { position 1; description "Use yuma-system module. Ignored if with-yuma-system is set to 'false'"; } } default "ietf"; description "Indicates which YANG module(s) should be used for system notifications."; } leaf system-sorted { type boolean; default "false"; status deprecated; description "Indicates whether ordered-by system leaf-lists and lists will be kept in sorted order. NOTE: This parameter is ignored. The server does not sort any list or leaf-list objects because YANG only requires that ordered-by user instances maintain the user-provided order."; } leaf target { type enumeration { enum "running" { value 0; description "Write to the running config and support the :writable-running capability."; } enum "candidate" { value 1; description "Write to the candidate config and support the :candidate and :confirmed-commit capabilities."; } } default "candidate"; description "The database to use as the target of edit-config operations."; } leaf tls-crl-missing-ok { type boolean; default "false"; description "If true then a missing CRL Distribution Points within a client or CA certificate will be ignored. Not relevant unless tls-crl-mode is set to 'client' or 'ca'. If false, and CRL verification is enabled for the certificate, the TLS session will not be accepted."; } leaf tls-crl-mode { type enumeration { enum "off" { value 0; description "Do not use CRL verification when verifying any certificates."; } enum "client" { value 1; description "Use CRL verification when verifying client certificates."; } enum "ca" { value 2; description "Use CRL verification when verifying client and CA certificates."; } } default "off"; description "Specifies how Certificate Revocation List checking should be done for NETCONF over TLS sessions. This has no affect unless --with-netconf-tls=true is set."; } leaf trim-whitespace { type boolean; default "false"; description "If true, then trim leading and trailing whitespace from XML string nodes. If false, adhere to the standard and do not trim any leading or trailing whitespace. The server previously would trim whitespace but no longer does this by default. This leaf must be set to trim this whitespace now."; } leaf usexmlorder { type empty; description "If present, then XML element order will be enforced. Otherwise, XML element order errors will not be generated if possible. Default is no enforcement of strict XML order."; } leaf version { type empty; description "Print program version string and exit."; } leaf wait-datastore-ready { type boolean; default "false"; description "Determines if client sessions will be available even if the running datastore is not ready to use yet. For example, if SIL-SA bundles are used then the server must wait until all of them have been loaded (by subsystems) before the startup configuration can be loaded into the running datastore. The running datastore is not ready to use in this state. If 'true' then client sessions will be locked until the datastores are ready. Protocol operations that do not access the datastores can be used in this state. If 'false' then client session connections will be rejected until the datastores are ready. The default is 'false' only to be backwards-compatible. The 'true' setting should be used in most cases."; } leaf warn-error { type boolean; default "false"; description "Control whether all warnings are upgraded to errors. If 'true' then all warnings will be treated as errors unless a warn-off parameter is set to disable a specific warning."; } leaf warn-idlen { type uint32 { range "0 | 8 .. 1023"; } default "64"; description "Control whether identifier length warnings will be generated. The value zero disables all identifier length checking. If non-zero, then a warning will be generated if an identifier is defined which has a length is greater than this amount."; } leaf warn-linelen { type uint32 { range "0 | 40 .. 4095"; } default "0"; description "Control whether line length warnings will be generated. The value zero disables all line length checking. If non-zero, then a warning will be generated if the line length is greater than this amount. Tab characters are counted as 8 spaces."; } leaf-list warn-off { type uint32 { range "1000 .. 1999"; } description "Control whether the specified warning number will be generated and counted in the warning total for the module being parsed."; } leaf-list warn-up { type uint32 { range "1000 .. 1999"; } description "Control whether the specified warning number will be upgraded to an error and counted in the error total for the module being parsed."; } choice watcher-parm { description "Automatic server state monitoring support. ypwatcher program periodically checks if the server is alive and if not restart the server and write the event into syslog."; leaf no-watcher { type empty; description "Control the ypwatcher program. If present, do not launch ypwatcher program. If this parameter is present, then the --watcher-interval parameter cannot be present."; } leaf watcher-interval { type uint32 { range "1 .. max"; } default "10"; description "Specifies the sleep interval between ypwatcher program attempts to check availability of the server. Provided value is in seconds. The server does not accept the value of 0 for this parameter. The minimal acceptable value is 1 second. The default value is 10."; } } // choice watcher-parm leaf wildcard-keys { type boolean; default "false"; description "Enable wildcards on key leaf values. Set to 'true' if UrlPath targets for GET operations are allowed to replace key values with the dash '-' character to indicate that all instances of that key are requested. Set to false to treat the '-' character as a plain character if entered as a key value in a UrlPath string."; } leaf with-callhome { type boolean; default "false"; description "This feature is only available if the server image is built with the flags WITH_CALLHOME=1. If set to 'true', then the IETF Callhome for SSH feature will be enabled. If set to 'false', then this feature will be disabled and the following CLI parameters will be ignored: - callhome-retry-max - callhome-retry-interval - callhome-server "; } leaf with-canonical { type boolean; default "true"; description "If set to 'true', then the server will automatically convert XML and JSON input parameters to the canonical format for the YANG data type, if possible. The following built-in YANG data types are affected: - ipv6-address - ipv6-address-no-zone - domain-name - phys-address - mac-address - hex-string - uuid Any canonical callbacks for user-defined data types are also affected by this parameter. Internal values can be manually converted to canonical format using the val_set_canonical API. "; } leaf with-config-id { type boolean; default "true"; description "If set to 'true', then the YumaWorks :config-id capability will be enabled. This is used to help cache device configurations. It is an enterprise capability URI, not a standard YANG module URI. If set to 'false', then the YumaWorks :config-id capability will be disabled."; } leaf with-db-lock { type boolean; default "false"; description "If set to 'true', then the server will use the DB-API DB-Config-Lock service for all configuration edit transactions to the <running> datastore. All client edits will be require this lock be granted or it will fail. The server will use the db-lock-retry-interval and db-lock-timeout CLI parameters to control how lock retries will be done. If set to 'false', the DB-Config-Lock will not be used by the server."; } leaf with-gnmi { type boolean; default "false"; description "If set to 'true', then the gNMI protocol will be enabled. Otherwise, the gNMI protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-grpc { type boolean; default "false"; description "If set to 'true', then the gRPC protocol will be enabled. Otherwise, the gRPC protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-maintenance-mode { type boolean; default "true"; description "If set to 'true', then allow the maintenance mode to be used. Otherwise, ignore all requests to place the server in maintenance mode."; } leaf with-modtags { type boolean; default "true"; description "If set to 'true', then the module tags feature will be enabled. Otherwise, this feature will be disabled. If disabled, the module-tagmap parameter will be ignored and the ietf-module-tags module will not be loaded."; } leaf with-netconf { type boolean; default "true"; description "If set to 'true', then the NETCONF over SSH protocol will be enabled. Otherwise, the NETCONF over SSH protocol will not be enabled. An incoming connection will be dropped if the protocol is disabled."; } leaf with-netconf-tls { type boolean; default "false"; description "If set to 'true', then the NETCONF over TLS protocol will be enabled. Otherwise, the NETCONF over TLS protocol will not be enabled. An incoming connection will be dropped if the protocol is disabled. The default is set to false because the server will terminate if the server certificates are not found and this parameter is set to 'true'."; } leaf with-nmda { type boolean; default "false"; description "If set to 'true', then NMDA operations and YANG modules will be enabled: - ietf-datastores - ietf-origin - ietf-netconf-nmda "; } leaf with-notifications { type boolean; default "true"; description "If set to 'true', then the :notification:1.0 and :interleave:1.0 capabilities will be enabled. Otherwise, these capabilities will not be enabled."; } leaf with-ocpattern { type boolean; default "false"; description "If true, then OpenConfig patterns with be checked. If the module name starts with the string 'openconfig-' then all pattern statements within that module are treated as POSIX patterns, not YANG patterns. If false, then the pattern statements in all modules will be checked as YANG patterns. "; } leaf with-restconf { type boolean; default "true"; description "If set to 'true', then the RESTCONF protocol will be enabled. Otherwise, the RESTCONF protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-rollback-on-error { type boolean; default "true"; description "If set to 'true', then the NETCONF :rollback-on-error capability and feature will be enabled and advertised. Otherwise, this feature will not be enabled or advertised."; } leaf with-snmp { type boolean; default "false"; description "If set to 'true', then the SNMP protocol will be enabled. Otherwise, the SNMP protocol will not be enabled. Incoming SNMP requests will be dropped if the protocol is disabled."; } leaf with-startup { type boolean; default "false"; description "If set to 'true', then the :startup capability will be enabled. Otherwise, the :startup capability will not be enabled. This capability makes the NV-save operation an explicit operation instead of an automatic save."; } leaf with-support-save { type boolean; default "true"; description "If set to 'true', then the yumaworks-support-save module will be loaded and enabled. Otherwise, this module will not be loaded. Ignored if the server image is not built with the WITH_SUPPORT_SAVE=1 compile flag. This module provides the <get-support-save> operation to collect bug report information."; } leaf with-term-msg { type boolean; default "true"; description "If set to 'true', then the yumaworks-term-msg module will be loaded and enabled. Otherwise, this module will not be loaded. The <term-msg> notification is used by yp-shell for displaying terminal diagnostic messages."; } leaf with-url { type boolean; default "true"; description "If set to 'true', then the :url capability will be enabled and the 'file' scheme will be enabled. Otherwise, the :url capability will not be enabled. This capability requires a file system and may introduce security risks because internal files such as startup-cfg.xml and backup-cfg.xml could be exposed."; } leaf with-url-ftp { type boolean; default "false"; description "If set to 'true', then the 'ftp' protocol scheme will be enabled for the 'url' capability. Ignored if the 'with-url' parameter is false."; } leaf with-url-tftp { type boolean; default "false"; description "If set to 'true', then the 'tftp' protocol scheme will be enabled for the 'url' capability. Ignored if the 'with-url' parameter is false."; } leaf with-validate { type boolean; default "true"; description "If set to 'true', then the :validate capability will be enabled. Otherwise, the :validate capability will not be enabled. This capability requires extensive memory resources."; } leaf with-warnings { type boolean; default "false"; description "If set to 'true', then the agt_record_warning function will be enabled, allowing the error-severity field to be incorrectly set to 'warning'. This violates the NETCONF standard and client software may reject the <error-severity> data as invalid if this is used. If 'false' then error-severity will not be set to warning even if agt_record_warning is used."; } leaf with-yang-api { type boolean; default "false"; status deprecated; description "If set to 'true', then the YANG-API protocol will be enabled. Otherwise, the YANG-API protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-yang-patch-running { type boolean; default "false"; description "If set to 'true', the YANG-PATCH will be enabled when the server supports only the :writable-running capability. If 'false' then the YANG-PATCH requests will be rejected."; } leaf with-yang11-hello { type boolean; default "false"; description "Control whether the NETCONF hello message should conform to the standard and leave out YANG 1.1 modules. If set to 'true', then leave out YANG 1.1 modules from <capability> used in <hello>. Also keep out of monitoring <capabilities> list. If 'false' then ignore the standard and advertise YANG 1.1 module capabilities"; } leaf with-yp-coap { type boolean; default "false"; description "If set to 'true', then the YP-CoAP protocol will be enabled. Otherwise, the YP-CoAP protocol will not be enabled. This protocol is NOT SECURE. It SHOULD NOT be used unless privacy is provided by some other means."; } leaf with-yp-coap-dtls { type boolean; default "false"; description "If set to 'true', then the YP-CoAP over DTLS protocol will be enabled. Otherwise, the YP-CoAP over DTLS protocol will not be enabled. This protocol is secure. It SHOULD be used instead of YP-CoAP without DTLS."; } leaf with-yp-shell { type boolean; default "true"; description "If set to 'true', then the YP-SHELL protocol will be enabled. Otherwise, the YP-SHELL protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-yuma-system { type boolean; default "false"; description "If set to 'true', then the yuma-system module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf with-yuma-time-filter { type boolean; default "true"; description "If set to 'true', then the yuma-time-filter module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf with-yumaworks-callhome { type boolean; default "true"; description "If set to 'true', then the yumaworks-callhome module will be loaded and enabled. Otherwise, this module will not be loaded. If not enabled then the run-time configuration of CallHome servers will not be available. This parameter has no effect if the WITH_CALLHOME=1 option is not used when building the server binary."; } leaf with-yumaworks-cert-usermap { type boolean; default "true"; description "If set to 'true', then the yumaworks-cert-usermap module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf with-yumaworks-config-change { type boolean; default "false"; description "If set to 'true', then the yumaworks-config-change module will be loaded and enabled. Otherwise, this module will not be loaded. This modules adds data to the 'netconf-config-change' notification. This data represents a security risk since it is not subject to the same access control rules within a notification as within a datastore. NACM does not provide access control for the contents of a notification, only for the notification event type. Use this module with caution! Only allow a superuser administrator access to the 'netconf-config-change' notification if this module is used."; } leaf with-yumaworks-event-filter { type boolean; default "true"; description "If set to 'true', then the yumaworks-event-filter module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf with-yumaworks-event-stream { type boolean; default "true"; description "If set to 'true', then the yumaworks-event-stream module will be loaded and enabled. Otherwise, this module will not be loaded. If disabled the /event-streams subtree will not be available."; } leaf with-yumaworks-getbulk { type boolean; default "true"; description "If set to 'true', then the yumaworks-getbulk module will be loaded and enabled. Otherwise, this module will not be loaded. If disabled the <get-bulk> operation will not be available."; } leaf with-yumaworks-ids { type boolean; default "true"; description "If set to 'true', then the yumaworks-ids module will be loaded and enabled. Otherwise, this module will not be loaded. If not enabled then the extra transport types for netconfd-pro specific transports and control sessions will not be available."; } leaf with-yumaworks-system { type boolean; default "true"; description "If set to 'true', then the yumaworks-system module will be loaded and enabled. Otherwise, this module will not be loaded. The <load>, <unload>, <load-bundle>, and <unload-bundle> operations will not be available. Other operations and data model augments will not be available."; } leaf with-yumaworks-templates { type boolean; default "true"; description "If set to 'true', then the yumaworks-templates module will be loaded and enabled. Otherwise, this module will not be loaded. Ignored unless the server is built with the WITH_TEMPLATES=1 compiler flag."; } leaf yangapi-server-url { type inet:uri; default "http://localhost"; description "The starting string for the server URL to use in Location header lines returned by YANG-API."; } leaf yp-coap-address { type inet:ip-address; default "0.0.0.0"; description "The IP address that the YP-CoAP protocol will use to listen for incoming requests. This will also be used as the source address in YP-CoAP packets sent by the server."; } leaf yp-coap-dtls-port { type inet:port-number; default "5684"; description "The UDP port number that the YP-CoAP protocol will use to listen for incoming requests for CoAP over DTLS. This will also be used as the source port number in YP-CoAP packets sent by the server."; } leaf yp-coap-port { type inet:port-number; default "5683"; description "The UDP port number that the YP-CoAP protocol will use to listen for incoming requests. This will also be used as the source port number in YP-CoAP packets sent by the server."; } leaf yumapro-home { type string; description "Directory for the yumapro project root to use. If present, this directory location will override the 'YUMAPRO_HOME' environment variable, if it is present. If a zero-length string is entered, then the YUMAPRO_HOME environment variable will be ignored."; } } // container netconfd-pro } // module netconfd-pro
© 2023 YumaWorks, Inc. All rights reserved.