Configuration Parameters for netconfd; This module is not advertised by the server. It contains only CLI parameters. Copyright ...
Version: 2024-01-27
module netconfd-pro { yang-version 1.1; namespace "http://yumaworks.com/ns/netconfd-pro"; prefix ndpro; import yuma-ncx { prefix ncx; } import yuma-types { prefix nt; } import yumaworks-types { prefix ywt; } import yuma-app-common { prefix ncxapp; } import yumaworks-app-common { prefix ywapp; } import ietf-inet-types { prefix inet; } import ietf-yang-structure-ext { prefix sx; } organization "YumaWorks, Inc."; contact "Support <support@yumaworks.org>."; description "Configuration Parameters for netconfd; This module is not advertised by the server. It contains only CLI parameters. Copyright (c) 2010 - 2023 YumaWorks, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the BSD 3-Clause License http://opensource.org/licenses/BSD-3-Clause"; revision "2024-01-27" { description "23.10-5: - Add --max-per-user-sessions CLI parameter "; } revision "2023-12-30" { description "23.10-4: - Add --create-empty-npcontainers-ro CLI parameter "; } revision "2023-10-08" { description "23.10-1: - Add --user-parm CLI parameter "; } revision "2023-08-21" { description "23.10T-0: - Add --server-root parameter "; } revision "2023-08-04" { description "22.10T-11: - Change CLI parameters to use sx:structure; rc:yang-data is deprecated "; } revision "2023-05-12" { description "22.10-8: - Add --with-error-number parameter - Add --with-yumaworks-lock parameter - Add --sil-cc-callback-all parameter - Change with-yang11-hello default to true for standards compliance "; } revision "2023-03-21" { description "22.10-7: Add --max-lock-hold-time parameter."; } revision "2023-03-06" { description "22.10-6: Add --tcp-connect-timeout parameter."; } revision "2022-11-26" { description "22.10-3 addition: - Add --tls-deprecated-ok CLI parameter"; } revision "2022-09-24" { description "22.10T addition only: - Add --with-yumaworks-sm-yanglib CLI parameter. - Add --with-yang-cbor parameter. - Add --yang-sid-mode parameter."; } revision "2022-09-17" { description "22.10 addition: - Add --highres-event-time CLI parameter"; } revision "2022-07-25" { description "21.10 addition only: - Deprecate --create-empty-npcontainers parameter."; } revision "2022-07-02" { description "21.10 addition only: - Add --tls-debug parameter. - Add --tls-cipherlist parameter."; } revision "2022-02-25" { description "21.10 addition only: - Add --with-yumaworks-cert-usermap parameter. - Add --remove-schema-aug-leafs parameter. - Add --with-schema-mount parameter. - Add --sm-config parameter. - Add --sm-config-encoding parameter."; } revision "2021-10-13" { description "21.10 addition only: - Add --with-grpc parameter. - Change superuser to a leaflist to allow multiple users to have this designation instead of just one."; } revision "2021-05-15" { description "Change event-stream related parameters so the type is NcxNumName instead of NcxName. All characters same as before accepted but first can have a number. All monitoring uses plain 'string' type. Only config parameters restrict the name."; } revision "2021-03-25" { description "Add --return-status parameter Add --with-yumaworks-event-stream parameter"; } revision "2021-02-27" { description "Add --wait-datastore-ready parameter"; } revision "2020-10-17" { description "Add --with-yumaworks-callhome parameter"; } revision "2020-08-16" { description "Add YANG Push parameters: --push-max-operational --push-max-periodic --push-min-dampening --push-min-period --push-simop-enabled --push-simop-patch-update --push-simop-period "; } revision "2020-05-29" { description "Add --no-log parameter. Add edit-data bit to audit-log-events object."; } revision "2020-05-19" { description "Add --with-yang-patch-running parameter."; } revision "2020-02-12" { description "Add --convert-subtree-filter parameter. Add --import-version-bestmatch parameter."; } revision "2019-12-28" { description "Add --startup-skip-validation parameter."; } revision "2019-12-11" { description "Add rpc-summary bit to --audit-log-events parameter."; } revision "2019-08-24" { description "Add --with-nmda parameter."; } revision "2019-08-18" { description "Add --event-stream parameter. Add --event-stream-map parameter."; } revision "2019-07-01" { description "Add --tls-crl-missing-ok parameter. Add --tls-crl-mode parameter."; } revision "2019-05-05" { description "Add --with-term-msg parameter. Add --max-strlen parameter. Add --with-yumaworks-config-change parameter."; } revision "2019-03-30" { description "Add use of binary-display-maxlen parameter"; } revision "2019-02-13" { description "18.10 additions only: Add --hide-module parameter."; } revision "2019-01-22" { description "18.10 additions only: Add --with-support-save parameter. Add --with-yuma-time-filter parameter. Add --with-yumaworks-event-filter parameter. Add --with-yumaworks-getbulk parameter. Add --with-yumaworks-ids parameter. Add --with-yumaworks-system parameter. Add --with-yumaworks-templates parameter. Add --with-db-lock parameter. Add --db-lock-retry-interval parameter. Add --db-lock-timeout parameter."; } revision "2018-12-31" { description "18.10 additions only: Add --callhome-reconnect parameter. Add --sil-test-get-when parameter."; } revision "2018-11-13" { description "18.10 addition only: Add --with-maintenance-mode parameter."; } revision "2018-09-24" { description "18.10 addition only: Add --sil-root-check-first parameter."; } revision "2018-09-23" { description "Add IPv6 support to callhome-server and callhome-tls-server CLI parameters"; } revision "2018-08-24" { description "18.10 addition only: Add --with-gnmi parameter. Change default on with-yuma-system to FALSE"; } revision "2018-08-23" { description "Add --sil-prio-reverse-for-deletes parameter."; } revision "2018-06-24" { description "Add --sil-invoke-for-defaults parameter."; } revision "2018-03-26" { description "Add errmsg and errmsg-lang parameters. Add startup-prune-ok parameter. Add --with-canonical parameter. Add --module-tagmap parameter. Add --with-modtags parameter."; } revision "2018-03-06" { description "Add trim-whitespace parameter. Add with-netconf-tls parameter. Add netconf-tls-address parameter. Add netconf-tls-port parameter. Add netconf-tls-certificate parameter. Add netconf-tls-key parameter. Add netconf-tls-trust-store parameter. Add insecure-ok parameter. Add cert-usermap parameter. Add cert-default-user parameter. Add callhome-tls-server parameter."; } revision "2017-12-22" { description "Add with-url-ftp parameter. Add with-url-tftp parameter. Add with-yuma-system parameter. Add with-rollback-on-error parameter. Convert to yang-data to support yumaworks-server module run-time change of CLI parameters, either take effect right away or on next reboot."; } revision "2017-11-02" { description "Add max-cli-sessions parameter. Add new SNMP specific parameters: - snmp-agent-role parameter - snmp-subagent-priority parameter"; } revision "2017-09-17" { description "Add confdir parameter. Add fallback enum to running-error and startup-error parameters. Add startup-factory-file parameter."; } revision "2017-06-27" { description "Add restconf-default-encoding parameter."; } revision "2017-06-03" { description "Add with-callhome parameter. Add callhome-server parameter. Add callhome-retry-interval parameter. Add callhome-retry-max parameter. Add callhome-sshd-command parameter. Add callhome-sshd-config parameter. Add callhome-subsys-command parameter. Add with-snmp parameter. Deprecate session-sync-mutex. Deprecate session-sync-mutex and with-yang-api. Add fileloc-fhs parameter. Add no-audit-log parameter."; } revision "2017-02-19" { description "Change socket-address from ipv4-address to ip-address to support IPv6 addresses."; } revision "2017-01-23" { description "Add no-nvstore parameter. Add with-yang11-hello parameter. Update 'restconf-strict-headers' leaf description, reference to RFC 8040 now."; } revision "2017-01-17" { description "Add create-empty-npcontainers parameter Make delete-empty-npcontainers parameter obsolete. Add with-config-id parameter"; } revision "2016-11-08" { description "Update --restconf-strict-accept parameter Changed it to restconf-strict-headers and updated the description of the parameter"; } revision "2016-07-03" { description "Add --ha-initial-active parameter."; } revision "2016-06-24" { description "Add --library-mode parameter."; } revision "2016-06-17" { description "Add --with-yp-coap parameter. Add --with-yp-coap-dtls parameter. Add --yp-coap-address parameter. Add --yp-coap-port parameter. Add --yp-coap-dtls-port parameter."; } revision "2016-06-06" { description "Add --netconf-capability parameter. Add --restconf-capability parameter. Deprecate system-sorted parameter."; } revision "2016-04-19" { description "These YP-HA parameters are not implemented in 15.10: Add --ha-enabled parameter. Add --ha-port parameter. Add --ha-server parameter. Add --ha-server-key parameter. Add --ha-sil-standby parameter. Add --server-id parameter. This parameter is implemented in 15.10: Add --with-warnings parameter."; } revision "2016-04-11" { description "Add --annotation parameter."; } revision "2016-01-18" { description "Add --with-yang-api parameter. Add --with-restconf parameter. Add --with-yp-shell parameter. Add --with-netconf parameter. Add --audit-log-console-level parameter. Add --audit-log-level parameter."; } revision "2015-11-02" { description "Add --max-getbulk parameter. Add --restconf-strict-accept parameter. Add --subsys-timeout parameter. Add --autodelete-pdu-error parameter."; } revision "2015-09-26" { description "Add --sil-validate-candidate parameter Add --audit-log-candidate parameter Add --allow-list-delete-all parameter Add --allow-leaflist-delete-all parameter"; } revision "2015-09-14" { description "Add --restconf-server-url parameter."; } revision "2015-06-29" { description "Add --no-watcher parameter. Add --watcher-interval parameter."; } revision "2014-10-16" { description "Add --save-owners parameter."; } revision "2014-07-11" { description "Add --socket-type, --socket-address, and --socket-port parameters."; } revision "2014-03-14" { description "Add --sil-skip-load parameter. Add --log-event-drops parameter. Add --sil-missing-error parameter."; } revision "2013-12-27" { description "Add --allowed-user parameter for added security."; } revision "2013-10-23" { description "Add --bundle parameter for SIL bundle support. Change --startup-error default from continue to stop. Change --max-sessions default from 0 to 8."; } revision "2013-08-13" { description "Add LoggingVendorParms due to grouping split."; } revision "2013-03-27" { description "Add session-sync-mutex and log-pthread-level params."; } revision "2013-03-15" { description "Add MatchParms parameters. Add yangapi-server-url parameter. Add with-notifications parameter."; } revision "2012-11-16" { description "Add message-indent parameter."; } revision "2012-09-29" { description "Add max-sessions CLI parameter. Add system-notifications parameter"; } revision "2012-08-16" { description "Split out from yangcli.yang."; } revision "2012-04-19" { description "Add abstract data struct for REST-API entry point resource."; } revision "2011-12-15" { description "Add --running-error parameter."; } revision "2011-10-08" { description "Add --home parameter."; } revision "2011-08-27" { description "Add --runpath parameter. Add --factory-startup parameter."; } revision "2011-07-20" { description "Add --audit-log and --audit-log-append CLI parameters. Add --system-sorted CLI parameter. Make with-defaults enum local to prevent report-all-tagged from being accepted as a basic mode."; } revision "2011-05-29" { description "Removed superuser YANG default to disable by default, to make sure an admin has to explicitly enable this feature."; } revision "2011-04-24" { description "Added --protocols parameter via uses ProtocolsParm. Not available in yuma v1 branch."; } revision "2011-04-02" { description "Added --delete-np-containers parameter."; } revision "2010-05-13" { description "Added --with-url to enable :url capability."; } revision "2010-01-14" { description "Initial version for 0.9.9 release."; } sx:structure "netconfd-pro"; grouping StartupChoice { choice start { description "select startup config for boot load"; leaf no-startup { type empty; description "If present, do not load the startup config file. Use the factory default settings but do not overwrite the NV-storage startup unless it is altered. This option does not delete the startup config file if it exists."; } leaf factory-startup { type empty; description "Force the system to use the factory configuration and delete the startup config file if it exists. Force the NV-storage startup to contain the factory default configuration."; } leaf startup { type string; description "The full or relative filespec of the startup config file to use. If present, overrides the default startup config file name 'startup-cfg.xml', This will also override the YUMAPRO_DATAPATH environment variable and the datapath CLI parameter, if the first character is the forward slash '/', indicating an absolute file path."; } } // choice start } // grouping StartupChoice grouping WatcherChoice { choice watcher-parm { description "Automatic server state monitoring support. ypwatcher program periodically checks if the server is alive and if not restart the server and write the event into syslog."; leaf no-watcher { type empty; description "Control the ypwatcher program. If present, do not launch ypwatcher program. If this parameter is present, then the --watcher-interval parameter cannot be present."; } leaf watcher-interval { type uint32 { range "1 .. max"; } default "10"; description "Specifies the sleep interval between ypwatcher program attempts to check availability of the server. Provided value is in seconds. The server does not accept the value of 0 for this parameter. The minimal acceptable value is 1 second. The default value is 10."; } } // choice watcher-parm } // grouping WatcherChoice grouping netconfd-tls-parms { leaf netconf-tls-address { type inet:ip-address; default "0.0.0.0"; description "Specifies the IP address to listen on for NETCONF over TLS messages."; reference "RFC 7589: NETCONF over TLS"; } leaf netconf-tls-certificate { type string { length "1 .. max"; } default "$HOME/.ssl/netconfd-pro.crt"; description "Contains the file path specification for the file containing the server SSL certificate, used for the NETCONF over TLS protocol."; } leaf netconf-tls-key { type string { length "1 .. max"; } default "$HOME/.ssl/netconfd-pro.key"; description "Contains the file path specification for the file containing the server SSL key, used for the NETCONF over TLS protocol."; } leaf netconf-tls-port { type inet:port-number; default "6513"; description "Specifies the TCP port to listen for NETCONF over TLS messages."; reference "RFC 7589: NETCONF over TLS"; } leaf netconf-tls-trust-store { type string { length "1 .. max"; } default "$HOME/.ssl/trust-store.pem"; description "Contains the file path specification for the file containing the server SSL trust-store, or the path specification for the directory to use for finding trusted certificates. If the default value is used and the file is not found, then the default directory location '/etc/ssl/certs' will be used."; } } // grouping netconfd-tls-parms grouping BundleParm { leaf-list bundle { type nt:NcxName; description "Specifies the name of a SIL bundle to load into system at boot-time."; } } // grouping BundleParm grouping AllowedUserParm { leaf-list allowed-user { type nt:NcxName; description "Name of a user that is allowed to have access to the server via network management sessions. If any configured then the user name must be in this list, unless the user is the superuser account."; } } // grouping AllowedUserParm grouping netconfd-pro-parms { description "Server CLI for the NETCONF protocol. Usage: netconfd-pro [parameters]"; uses ncxapp:NcxAppCommon; uses ncxapp:NewConfigParm; uses ncxapp:CommonFeatureParms; uses ywapp:BinaryDisplayMaxlenParm; uses ywapp:ErrMsgParm; uses ywapp:ErrMsgLangParm; uses ncxapp:HomeParm; uses ywapp:LoggingCommonParms; uses ywapp:LoggingVendorParms; uses ywapp:MessageIndentParm; uses ywapp:YumaproHomeParm; uses ywapp:LoadPathParm; uses ncxapp:SubdirsParm; uses ywapp:TcpConnectParms; uses ncxapp:ProtocolsParm; uses ncxapp:RunpathParm; uses ywapp:MatchParms { refine match-names { default "exact"; } refine alt-names { default "true"; } refine wildcard-keys { default "false"; } } leaf access-control { type ywt:access-control-mode; default "enforcing"; description "Controls how access control is initially enforced by the server."; } leaf allow-list-delete-all { type boolean; default "false"; description "If true, then the delete-all operation is enabled for deleting instances of list objects."; } leaf allow-leaflist-delete-all { type boolean; default "false"; description "If true, then the delete-all operation is enabled for deleting instances of leaf-list objects."; } uses AllowedUserParm; choice audit-log-choice { leaf audit-log { type string; description "Filespec for the server audit log file to use in addition to the normal log file or STDOUT."; } leaf no-audit-log { type empty; description "Flag indicating that no audit log at all will be created. This is only relevant if --fileloc-fhs is 'true'."; } } // choice audit-log-choice leaf audit-log-append { type empty; description "If present, the audit log will be appended not over-written. If not, the audit log will be over-written. Only meaningful if the 'audit-log' parameter is also present."; } leaf audit-log-candidate { type boolean; default "true"; description "If true, then transactions to the candidate datastore will be recorded in the audit log. If false, then transactions to the candidate datastore will not be recorded in the audit log."; } leaf audit-log-console-level { type nt:NcDebugType; default "debug"; description "Sets the minimum logging level needed to log datastore audit records to the server console log. This does not affect output to the audit log."; } leaf audit-log-events { type bits { bit edit-candidate { position 0; description "Save candidate datastore edit events in the audit log. If the --audit-log-candidate parameter is set to true, or the <candidate> datastore is not present, then this bit will be ignored."; } bit edit-running { position 1; description "Save running datastore edit events in the audit log"; } bit update-startup { position 2; description "Save startup datastore update events in the audit log. If the <startup> datastore is not present then this bit will be ignored."; } bit client-session { position 3; description "Save client session start and end events in the audit log"; } bit control-session { position 4; description "Save YControl session start and end events in the audit log"; } bit acm-write-error { position 5; description "Save access control write access denied events in the audit log"; } bit acm-exec-error { position 6; description "Save access control execute access denied events in the audit log"; } bit rpc-summary { position 7; description "Save <rpc> summary records in the audit log."; } bit edit-data { position 8; description "Add plain display output of the data that is being edited in an edit transaction. This bit has no affect unless the edit-candidate or edit-running bit is also set. Note that this added data could represent a security risk since it could expose sensitive configuration data contents. Use this option with caution!"; } } default "edit-running"; description "Configures the audit log events that will be saved as audit records to the audit log. This does not affect debug logging to the server console log."; } leaf audit-log-level { type nt:NcDebugType; default "info"; description "Sets the minimum logging level needed to log datastore audit records to the audit log. This does not affect debug logging to the server console log."; } leaf autodelete-pdu-error { type boolean; default "true"; description "If true, then configuration nodes provided in the edit payload (e.g., <config> element) that are conditional on 'when' statements must evaluate to true or else an operation-failed error will be returned. If false, then such 'false when' will be silently removed from the target datastore."; } uses BundleParm; leaf callhome-reconnect { type boolean; default "false"; description "If 'true' the server will attempt to start a new callhome connection if the client closes the session. If 'false' the server will not attempt to start a new callhome session after the client closes the session. Be careful that the server is running with proper permissions because a successful connection that fails during authentication will cause a reconnect loop if this parameter is set to 'true'."; } leaf callhome-retry-interval { type uint16 { range "1 .. max"; } units "seconds"; default "60"; description "Specifies the number of seconds to wait after a connect attempt to the callhome server has failed before attempting another connect attempt to that server."; } leaf callhome-retry-max { type uint16; default "10"; description "Specifies the number of retry attempts the server should attempt to the callhome server before giving up. The value 0 indicates the server should never give up."; } leaf-list callhome-server { type string; description "Specifies a NETCONF over SSH callhome server that this server should attempt to initiate a callhome connection at boot-time. This string has the format: <server-id> '@' <server-ipv4-addr> [ ':' <port-num> ] server1@192.168.0.101 server1@192.168.0.101:12040 <server-id> '@' <server-ipv6-addr> [ '$' <port-num> ] server1@2605:e000:7e92:3f00:9e:aa5a:fd7f server1@2605:e000:7e92:3f00:9e:aa5a:fd7f$6666 The server-id parameter is used for logging purposes. This parameter is ignored if the --with-callhome parameter is set to 'false'. The default NETCONF over SSH CallHome port number (netconf-ch-ssh 4334) is used if the 'port' field is not present. "; } leaf callhome-sshd-command { type string; default "/usr/sbin/sshd"; description "Specifies the command string used to invoke the SSH server when a NETCONF over SSH callhome session is initiated."; } leaf callhome-sshd-config { type string; description "Specifies the SSH server configuration file to use when invoking the SSH server when a NETCONF over SSH callhome session is initiated. The default config file to use is a dynamic string using the pattern ch_sshd_config.<client>. It is located in the $HOME/.yumapro directory."; } leaf callhome-subsys-command { type string; default "/usr/sbin/netconf-subsystem-pro"; description "Specifies the netconf subsystem to use in the default ch_sshd_config files to specify the NETCONF subsystem for the incoming NETCONF session expected on the NETCONF over SSH callhome session."; } leaf-list callhome-tls-server { type string; description "Specifies a NETCONF over TLS callhome server that this server should attempt to initiate a callhome connection at boot-time. This string has the format: <server-id> '@' <server-ipv4-addr> [ ':' <port-num> ] server1@192.168.0.101 server1@192.168.0.101:12040 <server-id> '@' <server-ipv6-addr> [ '$' <port-num> ] server1@2605:e000:7e92:3f00:9e:aa5a:fd7f server1@2605:e000:7e92:3f00:9e:aa5a:fd7f$6666 The server-id parameter is used for logging purposes. This parameter is ignored if the --with-callhome parameter is set to 'false'. The default NETCONF over TLS callhome port number (netconf-ch-tls 4335) is used if the 'port' field is not present. "; } leaf cert-default-user { type string; description "The username to use if no username mapping is found for a NETCONF over TLS session. This parameter is non-standard and should only be used for debugging. This parameter will be ignored unless the image is built with the DEBUG=1 make flag."; } leaf-list cert-usermap { type string; ordered-by user; description "Each entry specifies a certificate to user name mapping for NETCONF over TLS sessions. A mapping is a structured string using the form <user>@<fingerprint>. The 'user' field is the case-sensitive user name for the mapping. The 'fingerprint' field is a hex-string representation of the SHA-1 fingerprint for the X.509 certificate. It does not have to be complete. Usually 6 bytes should be sufficient to ensure uniqueness. The hex digits are not case-sensitive. At least 6 hex digits must be provided. A maximum of 20 hex digits can be provided. Example: admin@60:C8:5C:08:82:55 A printable fingerprint can be generated with the openssl command: 'openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]' The Hash Type SHA-1 (the -sha1 parameter in this example) must be used for this parameter. This fingerprint string is not the same format as the 'tls-fingerprint' type defined in the ietf-x509-cert-to-name module. This string does not have any hash type octet to start the string. "; } leaf confdir { type string; default "/etc/yumapro/netconfd-pro.d"; description "Specifies the CLI parameter configuration directory to use for extra configuration files. The server will check this directory for files that end with the suffix '.conf' and process them similar to the main configuration file. Other files will be ignored. Files will be processed in alphabetical order. The server will keep the first value set if a CLI leaf parameter is set multiple times. The CLI parameters are set in the following order: 1) netconfd-pro command line 2) --config file or /etc/yumapro/netconfd-pro.conf 3) --confdir files or /etc/yumapro/netconfd-pro.d/ If the --no-config parameter is present in step (1) then steps (2) and (3) will be skipped, and this parameter will be ignored. If this parameter is encountered in step (3) it will be ignored. Extra configuration files in step (3) have the exact same syntax as the configuration file used in step (2). Example extra config file testmods.conf: netconfd-pro { module acme-test1 module acme-test2 log-level debug2 message-indent 1 idle-timeout 0 } "; } leaf convert-subtree-filter { type boolean; default "false"; description "If set to 'true' then subtree filters for retrieval operations might be converted to XPath expressions for processing. The subtree filtering algorithm has a minor flaw which can cause subtree containment nodes to be printed in the output even though a nested selection filter does not match. A containment node should be completely pruned from the result no selection filters within it produce a match. This only affects data that needs to be retrieved by the server with a GET2 callback. This issue has been fixed by converting a subtree filter to XPath and processing as if it were an XPath filter. If this parameter is set to 'true' then the conversion will be attempted. The conversion will be skipped if any of the following conditions are true - output format is not XML - input format is not XML - subtree filter contains any attribute match expressions This bugfix is not enabled by default because it might change filter output which was previously incorrect, but a client might be relying on the incorrect output anyway."; } leaf create-empty-npcontainers { type boolean; default "true"; status deprecated; description "An empty non-presence container has no meaning in NETCONF/YANG so it may be created by the server. In particular, the presence of the container node with no child nodes is semantically equivalent to the absence of the container node. This is the default style. If this parameter is set to false, then the server will not create empty NP containers. This parameter MUST be set to true for proper server XPath evaluation. It is now deprecated. It will be set to 'obsolete' in the next release train."; } leaf create-empty-npcontainers-ro { type boolean; default "false"; description "If the create-empty-npcontainers parameter is set to 'true' then this parameter is not relevant and ignored. Otherwise this parameter controls whether empty non-presence containers will be created if there are no default child nodes but there are read-only child nodes. If this parameter is set to 'false', then the server will not create empty NP containers in this case. If this parameter is set to 'true', then the server will create empty NP containers in this case. This parameter MUST be set to 'true' for proper server XPath evaluation. "; } leaf db-lock-retry-interval { type uint32 { range "10 .. 60000"; } units "milli-seconds"; default "500"; description "The number of milli-seconds to wait before attempting to get a DB-Config-Lock from the DB-API subsystem."; } leaf db-lock-timeout { type uint32 { range "min .. 3600"; } units "seconds"; default "30"; description "The total number of seconds to wait before giving up on a DB-Config-Lock from the DB-API subsystem. The value zero indicates that no retries will be attempted if the lock is busy."; } leaf default-style { type enumeration { enum "report-all" { value 0; } enum "trim" { value 1; } enum "explicit" { value 2; } } default "explicit"; description "Selects the type of filtering behavior the server will advertise as the 'basic' behavior in the 'with-defaults' capability. The server will use this default handling behavior if the 'with-defaults' parameter is not explicitly set. Also, when saving a configuration to NV-storage, this value will be used for filtering defaults from the saved configuration. See wd:with-defaults leaf for enumeration details."; } leaf delete-empty-npcontainers { type boolean; default "false"; status obsolete; description "An empty non-presence container has no meaning in NETCONF/YANG so it may be deleted by the server. This takes non-trivial processing time for large databases, but uses less memory. Disabling this parameter will result in a larger database in both memory and NV-save."; } leaf eventlog-size { type uint32; default "1000"; description "Specifies the maximum number of notification events that will be saved in each notification replay buffer. The oldest entries will be deleted first. The value 0 will cause the server to periodically clean out the messages that have already been delivered. The eventlog-size is per event stream, not total size."; } leaf-list event-stream { type ywt:NcxNumName; description "Specifies the name of a NETCONF event stream that should be created by the server. Each event stream has its own subscriptions and notification replay buffer. Each event stream has the same replay buffer size, using the shared eventlog-size parameter. Each generated notification is sent to one event stream. The YANG module instrumentation will select an event stream to use or the default event stream will be used. Copies of the same notification can be sent to multiple event streams. If the event-stream specified by the instrumentation is not available, then a warning will be generated in the log and the default event stream will be used instead. The default event stream is named 'NETCONF'. It cannot be replaced or removed. No other event stream can have this name. The standard NETCONF notification events are always sent to this event stream, unless there is an event-stream-map assigning the module to a different event stream."; } leaf-list event-stream-map { type string; description "Each entry specifies a module name to event-stream mapping for notification handling. A mapping is a structured string using the form <module-name>@<stream-name>. The 'module-name' field is the case-sensitive module name for the mapping. The 'stream-name' field is the case-sensitive stream name for the mapping. It must match an 'event-stream' parameter or the default 'NETCONF'. Note there is no need to define a mapping for the 'NETCONF' stream since it will be picked if no other stream is selected. The name must conform to the NcxNumName data type. The built-in notifications such as 'replayComplete' and 'notificationComplete' are subscription-specific and always sent only to the subscription, not the event stream. Therefore these notifications are not affected by this parameter."; } leaf fileloc-fhs { type boolean; default "false"; description "If true, then the server should use Filesystem Hierarchy Standard (FHS) directory locations to create and store server data. May need to run as root. The FHS server log file will be created by default unless the 'log' parameter is used, then that location will be used instead. If this parameter is provided on the command line and set to 'true' then the --server-root parameter must also be provided on the command-line (if it is used). The FHS audit log file will be created by default unless the 'audit-log' parameter is used, then that location will be used instead. If the 'no-audit-log' parameter is present then no audit log will be created. File Type Example ---------------------------------------------------- server log: /var/log/netconfd-pro/server.log audit log: /var/log/netconfd-pro/audit.log config file: /var/lib/netconfd-pro/startup-cfg.xml TXID file: /var/lib/netconfd-pro/startup-cfg-txid.txt backups: /var/lib/netconfd-pro/backups/backup1.xml PID file: /var/run/netconfd-pro/netconfd-pro.pid AF socket: /var/run/netconfd-pro/ncxserver.sock If false then the server will use $HOME/.yumapro and other file locations to store server data. File Type Example ---------------------------------------------------- server log: STDOUT; no server log created by default audit log: STDOUT; no audit log created by default config file: $HOME/.yumapro/startup-cfg.xml TXID file: $HOME/.yumapro/startup-cfg-txid.txt backups: $HOME/.yumapro/backups/backup1.xml PID file: $HOME/.yumapro/netconfd-pro.pid AF socket: /tmp/ncxserver.sock "; } leaf ha-enabled { type boolean; default "false"; description "Specifies whether the YP-HA protocol should be enabled, allowing High Availability Datastore Replication mode to be supported. If this parameter is enabled then the following parameters must be configured or the server will exit with an error: - ha-server - ha-server-key - server-id - socket-type=tcp - socket-address - socket-port "; } leaf ha-initial-active { type nt:NcxName; description "Specifies the server name for the initial YP-HA active server. This is ignored unless ha-enabled=true. There is no default. This parameter is used to hardwire the initial High Availability roles instead of setting it in the yp-system init1 or init2 callback functions. If this parameter is the same as 'server-id' then this server will be the initial YP-HA active server. This parameter is intended for debug mode only. The real operational mode should use signaling only to set the HA mode. Otherwise if the server reboots it will use the configured HA mode, which may not be correct if it has been changed during runtime."; } leaf ha-port { type inet:port-number; default "8088"; description "Specifies the default port to use for YP-HA protocol messages. Unless otherwise specified, this port number will be used by a standby server attempting to connect to the active server. (This parameter is not used yet)."; } leaf-list ha-server { type string; description "Specifies a server in the YP-HA server pool. This string has the format: <server-id> '@' <server-addr> [ ':' <port-num> ] server1@192.168.0.101 server1@192.168.0.101:12040 The server running with this configuration must be listed in the ha-server pool. The server-id parameter must match the entry for this server. There must be at least 2 entries present to configure an HA server pool. This must be done if ha-enabled parameter is set to 'true'. "; } leaf ha-server-key { type string; description "Specifies the string the standby server must present to the active server during registration. Used to prevent servers from going the wrong HA pool. If not set then the active server will reject the YP-HA connection. This parameter must be set if the ha-enabled parameter is set to 'true'."; } leaf ha-sil-standby { type boolean; default "false"; description "Specifies whether the edit callbacks such as SIL, SIL-SA and HOOK instrumentation will be invoked if the server is operating in HA standby mode"; } leaf hello-timeout { type uint32 { range "0 | 10 .. 3600"; } units "seconds"; default "600"; description "Specifies the number of seconds that a NETCONF session may exist before the client hello PDU is received. A session will be dropped if no hello PDU is received before this number of seconds elapses. If this parameter is set to zero, then the server will wait forever for a hello message, and not drop any sessions stuck in 'hello-wait' state. The hello timer starts when a session is started within the server, and therefore using a session resource that counts against the 'max-sessions' limit. For NETCONF over SSH sessions the session starts after the SSH session is setup and the 'netconf' subsystem is invoked. The SSH server has its own timeout values for maximum session startup time. For NETCONF over TLS sessions the session starts when the TCP connection is accepted. Setting this parameter to zero may permit denial of service attacks, since only a limited number of concurrent sessions are supported by the server."; } leaf-list hide-module { type nt:NcxName; description "Specifies the name of a module to hide from advertisements to client sessions. If the specified module name is loaded into the server, then this parameter will cause it to be omitted from the following data structures: - YANG 1.0 <hello> message - /netconf-state/schemas/schema list - /modules-state/module list This parameter will prevent the client from knowing about the hidden module. If an advertised module imports a hidden module then it is very likely a client will not be able to use the advertised module because of the missing imports. This parameter can be dangerous! It does not prevent loading or enabling of the module. The SIL code is responsible for not returning any data to a client using a hidden module. Use of this parameter violates conformance to NETCONF, RESTCONF, and the YANG Library. Use with caution, only for modules that are not accessible by clients."; } leaf highres-event-time { type boolean; default "true"; description "If set to 'true' then the 'eventTime' leaf value in all <notification> messages will contain a microseconds field. If 'false' then this field will not contain a microseconds field. This field is always 6 digits long and represents a fraction of one second as the number of microseconds. Note: the default behavior is different than the low resolution format used in previous releases. The date-and-time data type includes this optional field so a client should accept the value."; } leaf idle-timeout { type uint32 { range "0 | 10 .. 360000"; } units "seconds"; default "3600"; description "Specifies the number of seconds that a session may remain idle without issuing any RPC requests. A session will be dropped if it is idle for an interval longer than this number of seconds. Sessions that have a notification subscription active are never dropped. If this parameter is set to zero, then the server will never drop a session because it is idle."; } leaf import-version-bestmatch { type boolean; default "false"; description "Specifies if the bestmatch search feature should be used for import resolution when no revision-date field is specified in the import-stmt. If 'true' then the server will scan the module search path during startup and determine the most recent revisions of each module. If a module is loaded or imported and no revision date is specified then the bestmatch revision will be used. This feature requires some additional memory and bootup processing time. It should be avoided if possible. The module search path on the server should only contain the modules and revisions that are needed by the server. If set to 'false', then the bestmatch feature will not be enabled. It is possible for the server to find and load the wrong version of a module during imports processing. For example, while loading module A, it imports module B. Then module B is loaded but a revision is specified (e.g., --module=B@2019-06-20). This can cause errors during callback registration such as 'definition not found' or 'segment not found', depending on how the module has changed. "; } uses ywapp:InsecureOkParm; leaf library-mode { type boolean; default "false"; description "If true, then the server will operate in YANG module library mode. It will find all the YANG modules and make them available for <get-schema> operations. The following NETCONF operations are available when the server is operating in library mode: ietf-netconf:get ietf-netconf:get-config ietf-netconf-monitoring:get-schema if --with-yuma-system='true': yuma-system:restart yuma-system:shutdown "; } leaf max-burst { type uint32; default "10"; description "Specifies the maximum number of notifications that should be sent to one session, within a one second time interval. The value 0 indicates that the server should not limit notification bursts at all."; } leaf max-getbulk { type uint32; default "10"; description "Specifies the maximum number of getbulk entries to request from a GET2 callback. This value will be used in the get2cb 'max_entries' field. The value 0 is used to indicate there is no max and the GET2 callback can return as many getbulk entries as desired. This is the default for leaf-list GET2 callbacks"; } leaf max-lock-hold-time { type uint16 { range "0 | 5 .. max"; } units "seconds"; default "0"; description "Specifies the maximum number of seconds to allow a session to hold a global NETCONF datastore lock. If zero, then no maximum lock hold time will be used. This is the behavior specified by RFC 6241. If non-zero, then the standard will not be followed. Instead, a global lock will be released if held by a session too long. This timeout only applies to the 'lock' operation. Partial locks are not affected at all by this parameter. If a lock is released, then the locking session will not be warned or notified in anyway. An 'info' log entry is generated such as: Max Lock Hold Time timeout for datastore running Locked by session 3 at 2023-03-21T23:35:55Z If a session has an active notification subscription, or if the client sends at least one request periodically, then the '--idle-timeout' parameter will not be enforced. It is possible for a NETCONF session to hold a global datastore lock indefinitely. This parameter allows the datastore lock time to be configured so it does not depend on the '--idle-timeout' parameter setting. Using this parameter with a value greater than zero will violate RFC 6241 procedures for the 'lock' operation. A minimum lock hold time of 5 seconds is allowed. - If a timeout occurs the datastore lock will be dropped, but the session will not be dropped. - If an edit is in progress, it will not be affected. Only the NETCONF lock will be released. - The server will output an 'info' log message if a datastore lock is released by the server due to the lock hold time exceeding this value. "; } leaf max-sessions { type uint16 { range "0 .. 1024"; } default "8"; description "Specifies the maximum number of concurrent sessions that can be active at one time. The value 0 indicates that no artificial session limit should be used. This parameter does not apply to YControl sessions."; } leaf max-cli-sessions { type uint16 { range "0 .. 1024"; } default "0"; description "Specifies the maximum number of concurrent CLI sessions that can be active at one time. The value 0 indicates that no artificial session limit should be used. The max-sessions parameter has precedence, so setting this parameter higher than 'max-sessions' will have no effect. This parameter does not apply to YControl sessions."; } leaf max-user-sessions { type uint16 { range "0 .. 1024"; } default "0"; description "Specifies the maximum number of concurrent sessions that can be active at one time by one user. The value 0 indicates that no artificial session limit should be used. The max-sessions parameter has precedence, so setting this parameter higher than 'max-sessions' will have no effect. This parameter does not apply to YControl sessions."; } leaf-list max-per-user-sessions { type string { length "3 .. 1029"; } description "Specifies the maximum number of concurrent sessions that can be active at one time by the specified user. This parameter will override the 'max-user-sessions' parameter for the specified username, if both are present. The max-sessions parameter has precedence, so setting this parameter higher than 'max-sessions' will have no effect. This parameter does not apply to YControl sessions. The value is a formatted string and it must not contain any whitespace. username:number The username field must be between 1 and 1024 characters, and must not contain a colon ':' character. The username field must be followed by a single colon ':' character, which must be followed by the number field. This value will be compared to the username assigned to a client session when it is started. The client session will be dropped if the session limit is exceeded. The number field must be between 0 and 1024. This must be in decimal with no leading zeroes, and must contain between 1 and 4 characters. The value 0 indicates that no artificial session limit should be used for the specified user. Errors: - Invalid entries will cause the server to terminate with an error. - A duplicate username will be ignored and a warning will be printed to the log. Available starting in 23.10-5. Example: - limit total concurrent client sessions to 10 - limit total number of concurrent sessions by a single user to 2 - except user 'admin1', and a limit of 5 for user 'admin2': max-sessions 10 max-user-sessions 2 max-per-user-sessions admin1:0 max-per-user-sessions admin2:5 "; } leaf max-strlen { type int32 { range "65536 .. max"; } units "bytes"; default "262144"; description "The maximum number of bytes in length that will be accepted for a quoted string, by the internal token parser. This affects YANG and JSON input processing. Set this value to allow large binary leafs to be parsed by the server. This value includes 1 byte for the string termination character."; } leaf-list module-tagmap { type string; description "Specifies a module tag mapping for use in module tags registry. The format is <modname>@<tag-string>. Examples: ietf-system@ietf:system-management openconfig-system@vendor:openconfig:system-management example-system@vendor:example.com:system-management "; } leaf-list netconf-capability { type inet:uri; description "Specifies a URI value that should be added to the server NETCONF <hello> message as a NETCONF <capability> URI and monitoring data in the /netconf-state/capabilities container."; } uses netconfd-tls-parms; leaf no-log { type empty; description "Flag indicating that no main log file will be created. This is usually only relevant if --fileloc-fhs is 'true'. In this case the default log file will not be created. The --log-level parameter will be set to 'off'. This parameter will be ignored if the --log parameter is set. This parameter has no affect on the audit-log or syslog logging."; } leaf no-nvstore { type empty; description "Specifies that the server should not load or save using the normal APIs during transaction management. The 'start' choice will be ignored (e.g., --no-startup)) and the server will not attempt to load a startup-cfg.xml file. Transactions will not be saved to NV-storage at all. Any external NV-storage callbacks will be ignored. Use this mode if NV-load and NV-storage are handled internally and not via the startup-cfg.xml file. This parameter is only enabled if it is present."; } leaf-list port { type inet:port-number; max-elements 4; description "Specifies the TCP ports that the server will accept connections from for NETCONF over SSH sessions. These ports must also be configured in the /etc/ssh/sshd_config file for the SSH master server to accept the connection and invoke the netconf subsystem. Up to 4 port numbers can be configured. If any ports are configured, then only those values will be accepted by the server. If the server is running in Single-Instance Mode, then if no ports are configured, the server will accept connections on the netconf-ssh port (tcp/830). If the server is running in Multi-Instance Mode (i.e., --server-root is set), then any port configured on the SSH server will be accepted. For CallHome connections, if the connection port is over 10000 then the connection will be accepted and this list will be ignored."; } uses ncxapp:ModuleParm; uses ncxapp:DeviationParm; uses ywapp:AnnotationParm; uses ncxapp:DatapathParm; leaf push-max-operational { type uint32; units "subscriptions"; default "4"; description "Specifies the maximum number of on-change push subscriptions that can be in use at once for the <operational> datastore. The value zero will disable on-change subscriptions for the <operational> datastore. Setting this parameter to a high value can increase the resources used by the server. Use with extreme caution."; } leaf push-max-periodic { type uint32; units "subscriptions"; default "16"; description "Specifies the maximum number of periodic push subscriptions that can be in use at once. The value zero will disable periodic subscriptions. Setting this parameter to a high value can increase the resources used by the server. Use with extreme caution."; } leaf push-min-dampening { type uint16 { range "1 .. max"; } units "centiseconds"; default "100"; description "Specifies the minimum value for the 'dampening-period' parameter that will be accepted for an on-change push subscription. Setting this parameter to a low value can increase the resources used by the server. Use with extreme caution."; } leaf push-min-period { type uint16 { range "1 .. max"; } units "centiseconds"; default "100"; description "Specifies the minimum value for the 'period' parameter that will be accepted for a periodic push subscription. Setting this parameter to a low value can increase the resources used by the server. Use with extreme caution."; } leaf push-simop-enabled { type boolean; default "true"; description "Specifies if the simulated on-change push subscriptions should be enabled for the <operational> datastore. The value false will disable simulated on-change subscriptions for the <operational> datastore. Real on-change subscriptions reported from subsystems are not affected by this parameter."; } leaf push-simop-patch-update { type boolean; default "true"; description "Specifies the notification message that should be used for a simulated on-change push subscription. If 'true' then the standard <push-change-update> notification will be used for the report. This format uses YANG Patch to report individual edits. If 'false' then the standard <push-update> notification will be used for the report. This will make the subscription similar to a periodic subscription, except that an update is only sent when the content changes. This is not conformant with RFC 8641 requirements. Real on-change subscriptions reported from subsystems are not affected by this parameter."; } leaf push-simop-period { type uint16 { range "1 .. max"; } units "centiseconds"; default "500"; description "Specifies the value for the 'period' parameter that will be used for simulated operational on-change push subscription. The current value will be checked periodically using this parameter value. If an update is sent then the dampening-period for this subscription will be enforced. Setting this parameter to a low value will increase the resources used by the server. Use with extreme caution."; } leaf remove-schema-aug-leafs { type boolean; default "false"; description "Remove the 'conformance' and 'module-type' leafs from the /netconf-state/schemas/schema list. The deprecated leafs are added if --with-yumaworks-system is true. They will be removed from the 22.10 release train when the status is changed to obsolete. This parameter will be forced to the value 'true' if the server is built with the REMOVE_SCHEMA_AUG_LEAFS=1 compile flag. The default is 'false' to maintain backward compatibility with previous releases. The value 'true' should be used since the information from these deprecated leafs is available in the YANG Library data structures."; } leaf-list restconf-capability { type inet:uri; description "Specifies a URI value that should be added to the server as monitoring data in the /restconf-state/capabilities container."; } leaf restconf-default-encoding { type enumeration { enum "json" { value 0; description "Use JSON message encoding as the default."; } enum "xml" { value 1; description "Use XML message encoding as the default."; } } default "json"; description "Specifies the default response encoding to use if the incoming request does not have an indication of preferred content type (e.g., no Content-Type header, no Accept header). "; } leaf restconf-strict-headers { type boolean; default "false"; description "If set to 'true' the server will only accept requests with normative Accept and Content-Type headers entries specified in the RFC 8040 The Accept header must not be empty; otherwise 'not acceptable' error will be returned. Normative Accept header: application/yang-data+xml,application/yang-data+json;q=0.9 Normative Content-Type header: application/yang-data+xml application/yang-patch+json If set to 'false', the server will try to accept not normative header entries. Acceptable not normative Accept header: application/xml,application/json;q=0.9 Acceptable not normative Content-Type headers: application/xml application/json text/xml "; } leaf return-status { type boolean; default "false"; description "Controls whether the server will return the status code or return zero, when it exits. If 'true' then the server will return the 'status_t' enumeration number for the error that occurred, or zero if no error occurred. Note that these error codes do not follow Linux conventions. Values above 255 (but less than 2000) can be returned. If 'false' then the server will always return zero. This is the existing server behavior and therefore the default behavior."; } leaf running-error { type enumeration { enum "stop" { value 0; description "Terminate the program if any errors are encountered in the running configuration."; } enum "continue" { value 1; description "Continue the program if any errors are encountered in the running configuration. Altering the running configuration will fail until the commit validation tests succeed."; } enum "fallback" { value 2; description "Fallback to the factory configuration if errors are encountered in the running configuration at boot time. The server will restart as if the --factory-startup configuration parameter was used."; } } default "stop"; description "Controls the server behavior if any errors are encountered while validating the running database during the initial load of the running configuration at boot-time."; } leaf save-owners { type boolean; default "false"; description "Indicates if owner names should be saved for data in the running configuration, and startup configuration if supported."; } leaf sil-cc-callback-all { type boolean; default "false"; description "If 'true', the server will invoke Commit Completeness callbacks for all edit transactions, not just for the <commit> operation. The following operations will cause Commit Completeness callbacks to be invoked: - <commit> - <copy-config> - <edit-config> - <load-config> (internal boot) - <load-config> (confirmed commit timeout) - <restore> - <validate> All Commit Completeness callbacks are invoked if the target is the <running> datastore. The Validate Complete Callback is invoked for the <candidate> datastore only if the --sil-validate-candidate parameter is set to 'true'. The Apply Complete, Commit Complete, and Rollback Complete callbacks are only invoked if the target is the <running> datastore. The callback input parameters may be different for each operation. Refer to the YumaPro Developer Manual for details. If 'false', the server will invoke Commit Completeness callbacks only for the <commit> operation. Introduced in 22.10-8."; } leaf sil-delete-children-first { type boolean; default "false"; description "If 'true', the server default behavior will be to treat all data deletion operations as if the ncx:sil-delete-children-first extension is present. A child node will be checked for a SIL callback before it is deleted. If 'false' the server default behavior will be to invoke SIL callbacks for deletion of child nodes only if the ncx:sil-delete-children-first extension is present."; } leaf sil-invoke-for-defaults { type boolean; default "true"; description "If 'true' then when a SIL or SIL-SA callback will be invoked for default data nodes during the load and load_config operations. If 'false' then a SIL or SIL-SA callback will not be invoked for default data nodes."; } leaf sil-missing-error { type boolean; default "false"; description "If 'true' then when a module is loaded, but the SIL library code for the module is not found, an error will be returned instead of a warning printed. If 'false' then when a module is loaded, but the SIL library code for the module is not found, no error will be returned. Instead, only a warning will be printed."; } leaf sil-prio-reverse-for-deletes { type boolean; default "false"; description "Specifies whether edit transactions are validated by the regular SIL priority of should be reversed for DELETE edits. This parameter can be used to delete leafref nodes with referenced by node in reverse order. If 'false' then the SIL priority will not be reversed."; } leaf sil-root-check-first { type boolean; default "true"; description "If 'true', the server will perform a YANG validation check before the SIL validate callbacks are invoked for an edit-config operation. This is always done for a load-config or commit operation. If 'false', the server will invoke the SIL validate callbacks before performing a YANG validation check. Instead the validation will be done before the SIL apply callback. This is the only behavior in the 17.10 release train."; } leaf sil-skip-load { type empty; description "If present, the server will not invoke the SIL callbacks during initial system initialization when the startup configuration file is loaded into the running datastore."; } leaf sil-test-get-when { type boolean; default "false"; description "If 'true', the server will evaluate 'when' statements for GET2 callback requests for config=false nodes. If 'false' then the SIL or SIL-SA callback is expected to test the 'when' condition internally somehow and return a no-instance error if the condition is 'false'. This parameter can be overridden by the ywx:sil-test-get-when YANG extension. If that extension is found for an operational data node then its value will be used instead of this parameter."; } leaf sil-validate-candidate { type boolean; default "true"; description "If true, the server will invoke the VALIDATE phase for SIL and SIL-SA callbacks when each edit is made to the candidate datastore. If false, the server will not invoke the VALIDATE phase for SIL and SIL-SA callbacks when each edit is made to the candidate datastore. Transaction performance will be improved if the extra VALIDATE phase callbacks are skipped. Acceptance of an individual edit to the candidate does not mean the SIL or SIL-SA will accept that edit when combined with all edits (during the commit operation). In either case the server will invoke the VALIDATE phase callbacks when an attempt to commit the candidate datastore is done or when a <validate> operation is done on the candidate datastore."; } leaf simple-json-names { type boolean; default "false"; description "If true, the server will NOT output name of the module in which the data node is defined. If false, a namespace-qualified member name will be used for all members of a top-level JSON object and then also whenever the namespaces of the data node and its parent node are different."; } leaf sm-config { type string; description "Specifies the XML or JSON file to read which contains the configuration data needed to create desired mount-points. This config file controls what is in the YANG Library for each mount-point label. If this parameter is set then the file must be found and be valid or the server will exit with an error. If --with-schema-mount=false this parameter is ignored."; } leaf sm-config-encoding { type enumeration { enum "json" { value 0; description "Identify JSON encoding."; } enum "xml" { value 1; description "Identify XML encoding."; } } default "json"; description "Specifies the Schema Mount Config file encoding. Based on this encoding the server will parse the config file accordingly. If --with-schema-mount=false this parameter is ignored."; } leaf snmp-agent-role { type enumeration { enum "master" { value 0; description "A 'master' agent that is available on the standard transport address and that accepts SNMP protocol messages."; } enum "subagent" { value 1; description "An agent acting in a subagent role performs the following functions: - Initiates AgentX sessions with the master agent - Registers MIB regions with the master agent - Instantiates managed objects - Binds OIDs within its registered MIB regions to actual variables - Performs management operations on variables"; reference "RFC 2741"; } } default "master"; description "Specifies the SNMP agent role."; } leaf snmp-subagent-priority { type uint16 { range "1 .. 255"; } default "127"; description "A value between 1 and 255, used to achieve a desired configuration when different sessions register identical or overlapping regions. Subagents with no particular knowledge of priority should register with the default value of 127. In the master agent's dispatching algorithm, smaller values of priority take precedence over larger values, as described in section 7.1.4.1, 'Handling Duplicate and Overlapping Subtrees'."; reference "RFC 2741"; } leaf socket-address { type inet:ip-address; default "0.0.0.0"; description "Specifies the IP address to listen on when the socket-type parameter is set to 'tcp'. Ignored if the socket-type is 'aflocal'. Note that this parameter specifies the IP address for internal <ncx-connect> protocol messages. The server will accept NETCONF sessions over SSH, as specified in the OpenSSH config file."; } leaf socket-port { type inet:port-number; default "2023"; description "Specifies the TCP port number to listen on when the socket-type parameter is set to 'tcp'. Ignored if the socket-type is 'aflocal'. Note that this parameter specifies the port number for internal <ncx-connect> protocol messages. The server will accept NETCONF sessions over SSH, specified with the 'port' parameter (e.g. 830)."; } leaf socket-type { type enumeration { enum "aflocal" { value 0; description "An AF_LOCAL socket will be used for incoming sessions."; } enum "tcp" { value 1; description "An AF_INET socket will be used for incoming sessions."; } } default "aflocal"; description "Specifies which type of socket the server should create for incoming <ncx-connect> protocol sessions. Note that this parameter specifies the socket type for internal <ncx-connect> protocol messages. The server will use TCP connections for NETCONF sessions over SSH."; } uses StartupChoice; leaf startup-error { type enumeration { enum "stop" { value 0; description "Terminate the program if any errors are encountered in the startup configuration."; } enum "continue" { value 1; description "Continue the program if any errors are encountered in the startup configuration. The entire module-specific data structure(s) containing the error node(s) will not be added to the running configuration at boot-time."; } enum "fallback" { value 2; description "Fallback to the factory configuration if errors are encountered in the startup configuration. The server will restart as if the --factory-startup configuration parameter was used."; } } default "stop"; description "Controls the server behavior if any errors are encountered while loading the startup configuration file into the running configuration at boot-time. It is possible for the startup configuration to contain errors within optional nodes. If this parameter is set to 'continue', then the validation tests on the running config (controlled by running-error) should not fail due to missing optional nodes."; } leaf startup-factory-file { type string; default "factory-startup-cfg.xml"; description "The full or relative filespec of the factory startup config file to use. If the --factory-startup parameter is used, or no startup file is specified or found, then the server will look for this filespec. If found, then it will copied to the startup config file used to load the server. If the value represents a relative filespec then the server will check the server data file search path for the first matching filespec. If this parameter is set and the filespec is not found then the server will exit with an error. If the default filespec is not found then an empty datastore will be used to load the running configuration datastore at boot-time."; } leaf startup-prune-ok { type boolean; default "false"; description "If set to 'true' then the server will prune unknown data nodes from the startup configuration instead of treating this as an error. A log_info message will be printed. If other known data nodes depend on the pruned nodes, then an error may occur anyway. If so, the 'startup-error' parameter will determine how this is handled. If set to 'false' then unknown data nodes found in the startup configuration will cause an error. Unknown data nodes can occur if modules were previously loaded dynamically, or if a YANG feature is configured from enabled to disabled."; } leaf startup-skip-validation { type boolean; default "false"; description "If set to 'true' then the server will skip all YANG validation of the startup configuration when it is loaded into the running configuration at boot-time. This should make the server boot faster but it assumes the startup configuration is already valid. Only the initial startup load operation is affected by this parameter. This parameter affects the 'root check' only. This includes the following datastore validation: - must - when (see note) - leafref path - unique - min-elements - max-elements - mandatory This parameter does not affect 'default' processing or 'when' statement processing for default nodes. It does affect 'when' statement processing for nodes provided in the startup configuration. It is possible that any invalid configuration will need to be fixed before any edits can be made to the <running> datastore. The full datastore can be checked using the <validate> operation. If the startup configuration is completely valid such that all validation tests would have passed, then this parameter should be safe to use. If the startup configuration contains data that does not pass the affected validation tests, then it may not be safe to use this parameter. This is extremely dangerous and can lead to incorrect processing of datastore editing operations. The server does not validate the complete datastore unless the <validate> operation is used. Any <edit-config> and <commit> operations done on a datastore that contains invalid YANG data may produce incorrect results. It is possible that edits will fail because the server detects invalid nodes from the startup during processing of the requested edit. The <restore> operation is not affected by this parameter. It is possible to save an invalid configuration that cannot be restored. Use the <validate> operation before using the <backup> operation to ensure a backup configuration can be restored later. If set to 'false' then startup validation is not skipped."; } leaf subsys-timeout { type uint16; units "seconds"; default "30"; description "The number of seconds to wait for a response from a sub-system before declaring a timeout. The value '0' indicates that no timeout should be used."; } leaf-list superuser { type union { type nt:NcxName; type string { length "0"; } } description "Each entry specifies a user name to use as the superuser account. Any session associated with this user name will bypass all access control enforcement. See ietf-netconf-acm.yang for more details. To disable the superuser account completely, do not set this parameter at all. The default mode is to not allow any superuser access. Do not set this parameter to an empty string. This mode is deprecated and should not be used."; } leaf system-notifications { type bits { bit ietf { position 0; description "Use ietf-netconf-notifications module."; reference "RFC 6470"; } bit yuma { position 1; description "Use yuma-system module. Ignored if with-yuma-system is set to 'false'"; } } default "ietf"; description "Indicates which YANG module(s) should be used for system notifications."; } leaf system-sorted { type boolean; default "false"; status deprecated; description "Indicates whether ordered-by system leaf-lists and lists will be kept in sorted order. NOTE: This parameter is ignored. The server does not sort any list or leaf-list objects because YANG only requires that ordered-by user instances maintain the user-provided order."; } leaf target { type enumeration { enum "running" { value 0; description "Write to the running config and support the :writable-running capability."; } enum "candidate" { value 1; description "Write to the candidate config and support the :candidate and :confirmed-commit capabilities."; } } default "candidate"; description "The database to use as the target of edit-config operations."; } leaf tls-crl-missing-ok { type boolean; default "false"; description "If true then a missing CRL Distribution Points within a client or CA certificate will be ignored. Not relevant unless tls-crl-mode is set to 'client' or 'ca'. If false, and CRL verification is enabled for the certificate, the TLS session will not be accepted."; } leaf tls-crl-mode { type enumeration { enum "off" { value 0; description "Do not use CRL verification when verifying any certificates."; } enum "client" { value 1; description "Use CRL verification when verifying client certificates."; } enum "ca" { value 2; description "Use CRL verification when verifying client and CA certificates."; } } default "off"; description "Specifies how Certificate Revocation List checking should be done for NETCONF over TLS sessions. This has no affect unless --with-netconf-tls=true is set."; } leaf tls-cipherlist { type string { length "1 .. 256"; } description "The cipherlist parameter to use to configure the server using the SSL_CTX_set_cipher_list function in openssl. This parameter is passed directly and not checked. Warning! For Advanced OpenSSL Users Only! Refer to the OpenSSL documentation for all details and support. OpenSSL problems due to use of this parameter are not supported. - https://www.openssl.org/docs/man1.0.2/man3/ SSL_set_cipher_list.html - https://www.openssl.org/docs/man1.0.2/man1/ciphers.html - https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html - https://www.iana.org/assignments/tls-parameters/ tls-parameters.xhtml#tls-parameters-4 "; } leaf tls-debug { type boolean; default "false"; description "Enable extra NETCONF over TLS session debugging. Used with the --log-level parameter to increase the amount of debugging info printed."; } leaf tls-deprecated-ok { type boolean; default "false"; description "Allow deprecated versions of TLS to be used in NETCONF over TLS sessions. If 'true' then any TLS version used will be accepted. If 'false' then only TLS versions 1.2 and 1.3 will be accepted. The default value is false, which is not backward-compatible with server versions prior to YumaPro version 22.10-3."; } leaf trim-whitespace { type boolean; default "false"; description "If true, then trim leading and trailing whitespace from XML string nodes. If false, adhere to the standard and do not trim any leading or trailing whitespace. The server previously would trim whitespace but no longer does this by default. This leaf must be set to trim this whitespace now."; } leaf log-event-drops { type boolean; default "false"; description "Indicates if a log entry would be generated when a notification is dropped because the specific notification events are disabled with an event-filter configuration entry."; } leaf log-pthread-level { type nt:NcDebugType; description "Sets the pthread debug logging level filter for the program."; } leaf session-sync-mutex { type empty; status deprecated; description "If present, force synchronous request processing (pthread version only). Ignored by the server"; } leaf server-id { type nt:NcxName; default "server1"; description "Server Identifier string to use for this server. Used in YControl and SIL-SA messages to identifier the server to all subsystems. Used in YP-HA to identify this server in the YP-HA server pool"; } leaf server-root { type nt:NcxName; description "Server Root Identifier string to use for this server. Used to run the server in Multi-Instance Mode. Every server running on the same host must have a unique server-root value. If this leaf is not present, then the server will run in Single-Instance Mode. This value must match a Server Root ID in a mapping in the server-multi-info.txt file usually located in the /etc directory. If this parameter is provided on the command line then the --fileloc-fhs parameter must also be provided on the command-line (if it is set to 'true'). TBD: All differences between 2 modes "; } leaf usexmlorder { type empty; description "If present, then XML element order will be enforced. Otherwise, XML element order errors will not be generated if possible. Default is no enforcement of strict XML order."; } leaf user-parm { type string { length "1 .. 8192"; } description "Optional user parameter that can be accessed by the server instrumentation code within netconfd-pro. This parameter has no defined purpose or structure. It can be accessed with the 'agt_get_user_parm' API function from agt.h"; } uses WatcherChoice; leaf wait-datastore-ready { type boolean; default "false"; description "Determines if client sessions will be available even if the running datastore is not ready to use yet. For example, if SIL-SA bundles are used then the server must wait until all of them have been loaded (by subsystems) before the startup configuration can be loaded into the running datastore. The running datastore is not ready to use in this state. If 'true' then client sessions will be locked until the datastores are ready. Protocol operations that do not access the datastores can be used in this state. If 'false' then client session connections will be rejected until the datastores are ready. The default is 'false' only to be backwards-compatible. The 'true' setting should be used in most cases."; } leaf with-error-number { type boolean; default "true"; description "If set to 'true', then the <error-info> element will include the proprietary <error-number> element. If set to 'false', then the <error-info> element will not include the proprietary <error-number> element. This leaf corresponds to the error status enumerations defined in 'status_enum.h'. "; } leaf with-maintenance-mode { type boolean; default "true"; description "If set to 'true', then allow the maintenance mode to be used. Otherwise, ignore all requests to place the server in maintenance mode."; } leaf with-notifications { type boolean; default "true"; description "If set to 'true', then the :notification:1.0 and :interleave:1.0 capabilities will be enabled. Otherwise, these capabilities will not be enabled."; } leaf with-db-lock { type boolean; default "false"; description "If set to 'true', then the server will use the DB-API DB-Config-Lock service for all configuration edit transactions to the <running> datastore. All client edits will be require this lock be granted or it will fail. The server will use the db-lock-retry-interval and db-lock-timeout CLI parameters to control how lock retries will be done. If set to 'false', the DB-Config-Lock will not be used by the server."; } leaf with-callhome { type boolean; default "false"; description "This feature is only available if the server image is built with the WITH_CALLHOME=1 compiler flag. If set to 'true', then the IETF Callhome for SSH feature will be enabled. If set to 'false', then this feature will be disabled and the following CLI parameters will be ignored: - callhome-retry-max - callhome-retry-interval - callhome-server "; } leaf with-canonical { type boolean; default "true"; description "If set to 'true', then the server will automatically convert XML and JSON input parameters to the canonical format for the YANG data type, if possible. The following built-in YANG data types are affected: - ipv6-address - ipv6-address-no-zone - domain-name - phys-address - mac-address - hex-string - uuid Any canonical callbacks for user-defined data types are also affected by this parameter. Internal values can be manually converted to canonical format using the val_set_canonical API. "; } leaf with-config-id { type boolean; default "true"; description "If set to 'true', then the YumaWorks :config-id capability will be enabled. This is used to help cache device configurations. It is an enterprise capability URI, not a standard YANG module URI. If set to 'false', then the YumaWorks :config-id capability will be disabled."; } leaf with-grpc { type boolean; default "false"; description "If set to 'true', then the gRPC protocol will be enabled. Otherwise, the gRPC protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-gnmi { type boolean; default "false"; description "If set to 'true', then the gNMI protocol will be enabled. Otherwise, the gNMI protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-modtags { type boolean; default "true"; description "If set to 'true', then the module tags feature will be enabled. Otherwise, this feature will be disabled. If disabled, the module-tagmap parameter will be ignored and the ietf-module-tags module will not be loaded."; } leaf with-nmda { type boolean; default "false"; description "If set to 'true', then NMDA operations and YANG modules will be enabled: - ietf-datastores - ietf-origin - ietf-netconf-nmda "; } uses ywapp:OcPatternParm; leaf with-schema-mount { type boolean; default "true"; description "This feature is only available if the server image is built with the WITH_SCHEMA_MOUNT=1 compiler flag. If set to 'true', then the Schema Mount feature will be enabled and the Schema Mount related YANG modules and SIL code will be loaded. Additional configuration will be required. The server needs to know which YANG modules should be mounted at a given mount-point. Refer to --sm-config parameter."; } leaf with-startup { type boolean; default "false"; description "If set to 'true', then the :startup capability will be enabled. Otherwise, the :startup capability will not be enabled. This capability makes the NV-save operation an explicit operation instead of an automatic save."; } uses ywapp:WithTermMsgParm; leaf with-url { type boolean; default "true"; description "If set to 'true', then the :url capability will be enabled and the 'file' scheme will be enabled. Otherwise, the :url capability will not be enabled. This capability requires a file system and may introduce security risks because internal files such as startup-cfg.xml and backup-cfg.xml could be exposed."; } leaf with-url-ftp { type boolean; default "false"; description "If set to 'true', then the 'ftp' protocol scheme will be enabled for the 'url' capability. Ignored if the 'with-url' parameter is false."; } leaf with-url-tftp { type boolean; default "false"; description "If set to 'true', then the 'tftp' protocol scheme will be enabled for the 'url' capability. Ignored if the 'with-url' parameter is false."; } leaf with-validate { type boolean; default "true"; description "If set to 'true', then the :validate capability will be enabled. Otherwise, the :validate capability will not be enabled. This capability requires extensive memory resources."; } leaf with-netconf { type boolean; default "true"; description "If set to 'true', then the NETCONF over SSH protocol will be enabled. Otherwise, the NETCONF over SSH protocol will not be enabled. An incoming connection will be dropped if the protocol is disabled."; } leaf with-netconf-tls { type boolean; default "false"; description "If set to 'true', then the NETCONF over TLS protocol will be enabled. Otherwise, the NETCONF over TLS protocol will not be enabled. An incoming connection will be dropped if the protocol is disabled. The default is set to false because the server will terminate if the server certificates are not found and this parameter is set to 'true'."; } leaf with-restconf { type boolean; default "true"; description "If set to 'true', then the RESTCONF protocol will be enabled. Otherwise, the RESTCONF protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-rollback-on-error { type boolean; default "true"; description "If set to 'true', then the NETCONF :rollback-on-error capability and feature will be enabled and advertised. Otherwise, this feature will not be enabled or advertised."; } leaf with-snmp { type boolean; default "false"; description "If set to 'true', then the SNMP protocol will be enabled. Otherwise, the SNMP protocol will not be enabled. Incoming SNMP requests will be dropped if the protocol is disabled."; } leaf with-support-save { type boolean; default "true"; description "If set to 'true', then the yumaworks-support-save module will be loaded and enabled. Otherwise, this module will not be loaded. Ignored if the server image is not built with the WITH_SUPPORT_SAVE=1 compiler flag. This module provides the <get-support-save> operation to collect bug report information."; } leaf with-warnings { type boolean; default "false"; description "If set to 'true', then the agt_record_warning function will be enabled, allowing the error-severity field to be incorrectly set to 'warning'. This violates the NETCONF standard and client software may reject the <error-severity> data as invalid if this is used. If 'false' then error-severity will not be set to warning even if agt_record_warning is used."; } leaf with-yang-api { type boolean; default "false"; status deprecated; description "If set to 'true', then the YANG-API protocol will be enabled. Otherwise, the YANG-API protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-yang11-hello { type boolean; default "true"; description "Control whether the NETCONF hello message should conform to the standard and leave out YANG 1.1 modules. If set to 'true', then leave out YANG 1.1 modules from <capability> used in <hello>. Also keep out of monitoring <capabilities> list. If 'false' then ignore the standard and advertise YANG 1.1 module capabilities. Changed default to true in 22.10T-8 for RFC 7950 compliance."; } leaf with-yang-patch-running { type boolean; default "false"; description "If set to 'true', the YANG-PATCH will be enabled when the server supports only the :writable-running capability. If 'false' then the YANG-PATCH requests will be rejected."; } leaf with-yang-cbor { type boolean; default "false"; description "If set to 'true', the YANG to CBOR binary encoding will be enabled. This parameter has no effect unless the WITH_YANG_CBOR=1 make parameter is used in the build. If 'false' then the YANG to CBOR binary encoding is disabled."; } leaf with-yp-coap { type boolean; default "false"; description "If set to 'true', then the YP-CoAP protocol will be enabled. Otherwise, the YP-CoAP protocol will not be enabled. This protocol is NOT SECURE. It SHOULD NOT be used unless privacy is provided by some other means."; } leaf with-yp-coap-dtls { type boolean; default "false"; description "If set to 'true', then the YP-CoAP over DTLS protocol will be enabled. Otherwise, the YP-CoAP over DTLS protocol will not be enabled. This protocol is secure. It SHOULD be used instead of YP-CoAP without DTLS."; } leaf with-yp-shell { type boolean; default "true"; description "If set to 'true', then the YP-SHELL protocol will be enabled. Otherwise, the YP-SHELL protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-yuma-system { type boolean; default "false"; description "If set to 'true', then the yuma-system module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf with-yuma-time-filter { type boolean; default "true"; description "If set to 'true', then the yuma-time-filter module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf with-yumaworks-config-change { type boolean; default "false"; description "If set to 'true', then the yumaworks-config-change module will be loaded and enabled. Otherwise, this module will not be loaded. This modules adds data to the 'netconf-config-change' notification. This data represents a security risk since it is not subject to the same access control rules within a notification as within a datastore. NACM does not provide access control for the contents of a notification, only for the notification event type. Use this module with caution! Only allow a superuser administrator access to the 'netconf-config-change' notification if this module is used."; } leaf with-yumaworks-event-filter { type boolean; default "true"; description "If set to 'true', then the yumaworks-event-filter module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf with-yumaworks-getbulk { type boolean; default "true"; description "If set to 'true', then the yumaworks-getbulk module will be loaded and enabled. Otherwise, this module will not be loaded. If disabled the <get-bulk> operation will not be available."; } leaf with-yumaworks-lock { type boolean; default "true"; description "If set to 'true', then the yumaworks-lock module will be loaded and enabled. Otherwise, this module will not be loaded. If disabled the <lock-all> and <unlock-all> operations will not be available."; } leaf with-yumaworks-callhome { type boolean; default "true"; description "If set to 'true', then the yumaworks-callhome module will be loaded and enabled. Otherwise, this module will not be loaded. If not enabled then the run-time configuration of CallHome servers will not be available. This parameter has no effect if the WITH_CALLHOME=1 option is not used when building the server binary."; } leaf with-yumaworks-event-stream { type boolean; default "true"; description "If set to 'true', then the yumaworks-event-stream module will be loaded and enabled. Otherwise, this module will not be loaded. If disabled the /event-streams subtree will not be available."; } leaf with-yumaworks-ids { type boolean; default "true"; description "If set to 'true', then the yumaworks-ids module will be loaded and enabled. Otherwise, this module will not be loaded. If not enabled then the extra transport types for netconfd-pro specific transports and control sessions will not be available."; } leaf with-yumaworks-sm-yanglib { type boolean; default "true"; description "If set to 'true', then the yumaworks-sm-yanglib module will be loaded and enabled. Otherwise, this module will not be loaded and the <get-sm-yanglib> operation will not be available. This parameter is ignored unless the Schema Mount feature is enabled and configured in the server."; } leaf with-yumaworks-system { type boolean; default "true"; description "If set to 'true', then the yumaworks-system module will be loaded and enabled. Otherwise, this module will not be loaded. The <load>, <unload>, <load-bundle>, and <unload-bundle> operations will not be available. Other operations and data model augments will not be available."; } leaf with-yumaworks-templates { type boolean; default "true"; description "If set to 'true', then the yumaworks-templates module will be loaded and enabled. Otherwise, this module will not be loaded. Ignored unless the server is built with the WITH_TEMPLATES=1 compiler flag."; } leaf yang-sid-mode { type ywt:yang-sid-mode; default "sid-file"; description "The mode to use for the source of YANG SID assignments. This parameter has no effect unless the WITH_YANG_CBOR=1 make parameter is used in the build and the --with-yang-cbor parameter is set to 'true'."; } leaf with-yumaworks-cert-usermap { type boolean; default "true"; description "If set to 'true', then the yumaworks-cert-usermap module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf yangapi-server-url { type inet:uri; default "http://localhost"; description "The starting string for the server URL to use in Location header lines returned by YANG-API."; } leaf yp-coap-address { type inet:ip-address; default "0.0.0.0"; description "The IP address that the YP-CoAP protocol will use to listen for incoming requests. This will also be used as the source address in YP-CoAP packets sent by the server."; } leaf yp-coap-port { type inet:port-number; default "5683"; description "The UDP port number that the YP-CoAP protocol will use to listen for incoming requests. This will also be used as the source port number in YP-CoAP packets sent by the server."; } leaf yp-coap-dtls-port { type inet:port-number; default "5684"; description "The UDP port number that the YP-CoAP protocol will use to listen for incoming requests for CoAP over DTLS. This will also be used as the source port number in YP-CoAP packets sent by the server."; } leaf restconf-server-url { type inet:uri; default "http://localhost"; description "The starting string for the server URL to use in Location header lines returned by RESTCONF."; } } // grouping netconfd-pro-parms container netconfd-pro { ncx:cli; uses netconfd-pro-parms; } // container netconfd-pro } // module netconfd-pro
© 2023 YumaWorks, Inc. All rights reserved.