Runtime access to netconfd-pro server parameters. The following parameters can be changed at run-time and the new value will be ...
Version: 2018-04-21
module yumaworks-server { yang-version 1; namespace "http://yumaworks.com/ns/yumaworks-server"; prefix yser; import ietf-netconf-acm { prefix nacm; } import netconfd-pro { prefix ndpro; } import yumaworks-extensions { prefix ywx; } organization "YumaWorks, Inc."; contact "Support <support at yumaworks.com>"; description "Runtime access to netconfd-pro server parameters. The following parameters can be changed at run-time and the new value will be activated immediately. * allowed-user * eventlog-size * hello-timeout * idle-timeout * log-level * max-burst * max-cli-sessions * max-getbulk * max-sessions * subsys-timeout The rest of the CLI parameters can be edited for activation at the next reboot. If the server has write permission to the configuration file (e.g., netconfd-pro.conf) then the parameters will be saved when the server exits. Copyright (c) 2017 - 2018, YumaWorks, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the BSD 3-Clause License http://opensource.org/licenses/BSD-3-Clause"; revision "2018-04-21" { description "Add no-nvstore to server"; } revision "2017-12-30" { description "Initial version"; } container server { nacm:default-deny-all; ywx:no-nvstore; description "Runtime access to netconfd-pro CLI parameters for immediate change or activate-on-restart"; leaf help { type empty; description "Print program help file and exit."; } choice help-mode { default "normal"; leaf brief { type empty; description "Show brief help text"; } leaf normal { type empty; description "Show normal help text"; } leaf full { type empty; description "Show full help text"; } } // choice help-mode leaf indent { type yt:IndentType; description "Number of spaces to indent (0..9) in formatted output."; } leaf log { type string; description "Filespec for the log file to use instead of STDOUT. If this parameter is used on the command line then the --log-append parameter must also be present on the command line if append mode is desired."; } leaf log-append { type empty; description "If present, the log will be appended not over-written. If not, the log will be over-written. Only meaningful if the 'log' parameter is also present."; } leaf log-level { type yt:NcDebugType; description "Sets the debug logging level for the program."; } leaf modpath { type yt:NcPathList; description "Directory search path for YANG or YIN modules. Overrides the YUMA_MODPATH environment variable."; } leaf version { type empty; description "Print program version string and exit."; } leaf warn-error { type boolean; default "false"; description "Control whether all warnings are upgraded to errors. If 'true' then all warnings will be treated as errors unless a warn-off parameter is set to disable a specific warning."; } leaf warn-idlen { type uint32 { range "0 | 8 .. 1023"; } default "64"; description "Control whether identifier length warnings will be generated. The value zero disables all identifier length checking. If non-zero, then a warning will be generated if an identifier is defined which has a length is greater than this amount."; } leaf warn-linelen { type uint32 { range "0 | 40 .. 4095"; } default "0"; description "Control whether line length warnings will be generated. The value zero disables all line length checking. If non-zero, then a warning will be generated if the line length is greater than this amount. Tab characters are counted as 8 spaces."; } leaf-list warn-off { type uint32 { range "1000 .. 1999"; } description "Control whether the specified warning number will be generated and counted in the warning total for the module being parsed."; } leaf-list warn-up { type uint32 { range "1000 .. 1999"; } description "Control whether the specified warning number will be upgraded to an error and counted in the error total for the module being parsed."; } choice config-choice { leaf config { type string; description "The name of the configuration file to use. Any parameter except this one can be set in the config file. The default config file will be not be checked if this parameter is present."; } leaf no-config { type empty; description "Do not the default .conf file even if it exists."; } } // choice config-choice leaf feature-enable-default { type boolean; default "true"; description "If true, then features will be enabled by default. If false, then features will be disabled by default."; } leaf-list feature-enable { type yt:FeatureSpec; description "Identifies a feature which should be considered enabled."; } leaf-list feature-disable { type yt:FeatureSpec; description "Identifies a feature which should be considered disabled."; } leaf binary-display-maxlen { type uint32; default "0"; description "The maximum number of bytes to display when dumping the contents of a binary value. Normally a message will be displayed showing the name and length. If this parameter is set to a value greater than zero then a standard 8-byte per line hex dump of the binary type will also be displayed for a maximum number of bytes set by this parameter."; } leaf-list errmsg { type string; description "Specifies a replacement string for a specific error number. Can specify error message for 1 specific language. The 'num' component must match the <error-number> found in status_enum.h. New error enums are always added at the end of the list, so the numbers will not change. The 'lang' component should use the ISO-639-1 code Max length is 7 characters. The string has the format: '<num>:<lang>:error string' where: <num> = error number to use for error message <lang> = language code (en for English) error string = error string text Example: Replace error 117 (ERR_WB_WRITE_FAILED) 'db write failed' errmsg='117:en:The database could not be written' "; } leaf errmsg-lang { type string { length "1 .. 7"; } default "en"; description "Specifies the language code for the error-message language. This is only relevant if there are errmsg parameters for multiple languages loaded in the program. This value should use the ISO-639-1 code. "; } leaf home { type string { length "1..max"; } description "Directory specification for the home directory to use instead of HOME."; } leaf log-backtrace { type uint32 { range "0 .. 100"; } description "If present, log output will include traceback detail for each log message, subject to further filtering by --log-backtrace-level and/or log-backtrace-stream qualifiers"; } leaf log-backtrace-detail { type empty; description "If present in conjunction with --log-backtrace log messages will include 'detailed' backtrace information (if supported by the compiler)."; } leaf log-backtrace-level { type bits { bit write { position 0; description "Include backtrace info in write messages."; } bit dev0 { position 1; description "Include backtrace info in developer level 0 messages."; } bit error { position 2; description "Include backtrace info in error messages."; } bit warn { position 3; description "Include backtrace info in warning messages."; } bit info { position 4; description "Include backtrace info in info messages."; } bit dev1 { position 5; description "Include backtrace info in developer level 1 messages."; } bit debug { position 6; description "Include backtrace info in debug messages."; } bit debug2 { position 7; description "Include backtrace info in debug2 messages."; } bit debug3 { position 8; description "Include backtrace info in debug3 messages."; } bit debug4 { position 9; description "Include backtrace info in debug4 messages."; } } description "Indicates for which debug level(s) backtrace info will be generated. Param string is an XSD list: a double quoted series of whitespace separated (level) strings like "error warn debug""; } leaf log-backtrace-stream { type bits { bit logfile { position 0; description "Include backtrace in logfile stream."; } bit stderr { position 1; description "Include backtrace in stderr stream."; } bit stdout { position 2; description "Include backtrace in stdout stream."; } bit syslog { position 3; description "Include backtrace in syslog stream."; } bit vendor { position 4; description "Include backtrace in vendor stream."; } } description "Indicates in which log stream(s) backtrace info will be included. Param string is an XSD list: a double quoted series of whitespace separated (log stream) strings like "logfile syslog""; } leaf log-header { type bits { bit custom { position 0; description "Include date, time, and level."; } bit localtime { position 1; description "Include localtime instead of Yang canonical format."; } } description "Indicates what header elements to include in header output. Param string is an XSD list: a double quoted series of whitespace separated (element) strings like "custom localtime""; } leaf log-mirroring { type empty; description "If present in conjunction with --log, --log-syslog, and/or --log-vendor, log output will be directed to the normal stdout/stderr/logfile as well as to the syslog or vendor log stream"; } leaf log-console { type empty; description "User friendly synonym for --log-mirroring."; } leaf log-stderr { type empty; description "If present, error level output be directed to stderr instead of stdout (as well as log file, if specified)"; } leaf log-syslog { type empty; description "If present, log output will be directed to the standard syslog interface. Yuma log priorities will be translated into the appropriate syslog equivalents."; } leaf log-syslog-level { type yt:NcDebugType; description "Sets the syslog debug logging level filter for output to the syslog file for the program."; } leaf log-highres-datetime { type boolean; default "false"; description "If set to 'true' then a log timestamp string will contain a microseconds field. If 'false' then this field will not contain a microseconds field. This field is always 6 digits long and represents a fraction of one second as the number of microseconds. The log-header parameter is affected by this setting."; } leaf log-vendor { type empty; description "If present, log messages will be directed to a customer-written and registered callback function. This functionality is defined by an API specified in the YumaWorks API Reference Manual. In the absence of a registered callback, this parameter will direct logging messages to syslog in order to facilitate standalone testing."; } leaf log-vendor-level { type yt:NcDebugType; description "Sets the vendor debug logging level filter for output to the vendor-specific log output file stream for the program."; } leaf message-indent { type int8 { range "-1 .. 9"; } default "-1"; description "The number of spaces to indent for each level of output in a protocol message, e.g. NETCONF request. The value zero means no indent, just line feeds. The value -1 means no indent and no line feeds either."; } leaf yumapro-home { type string; description "Directory for the yumapro project root to use. If present, this directory location will override the 'YUMAPRO_HOME' environment variable, if it is present. If a zero-length string is entered, then the YUMAPRO_HOME environment variable will be ignored."; } leaf loadpath { type yt:NcPathList; description "Directory load path for YANG or YIN modules. This will be checked before the modpath setting if present when finding modules. After all module and bundle parameters have been processed, this load path will be checked and the server will attempt to load any modules not already loaded. Overrides the YUMA_LOADPATH environment variable."; } leaf subdirs { type boolean; default "true"; description "If false, the file search paths for modules, scripts, and data files will not include sub-directories if they exist in the specified path. If true, then these file search paths will include sub-directories, if present. Any directory name beginning with a dot '.' character, or named 'CVS', will be ignored."; } leaf tcp-connect-timeout { type uint16; units "seconds"; default "10"; description "The number of seconds to wait for a TCP connect operation to complete before timing out. - The value zero indicates that blocking mode should be used. - A non-zero value indicates the timeout value for the 'connect' function in non-blocking mode. The connect may timeout before this number of seconds, but should not be longer. This parameter introduced in 22.10-6. For all prior releases, the 'connect' function is invoked in blocking mode. A typical TCP connect timeout is different depending on the target address. If this parameter is set to zero then the system configured timeout will be used. - local network, reached but connection refused: takes about 10 milliseconds. - local network, no answer: takes about 2 seconds - non-local network, no answer: takes up to 135 seconds "; } leaf protocols { type bits { bit netconf1.0 { position 0; description "RFC 4741 base:1.0"; } bit netconf1.1 { position 1; description "RFC 6241 base:1.1"; } bit yang-api { position 2; status deprecated; description "YANG-API protocol"; reference "draft-bierman-netconf-yang-api-01.txt"; } bit restconf { position 3; description "RESTCONF Protocol"; reference "RFC 8040"; } } must ". != ''"; description "Specifies which protocol versions the program or session will attempt to use. Empty set is not allowed."; } leaf runpath { type yt:NcPathList; description "Internal file search path for executable modules. Overrides the YUMA_RUNPATH environment variable."; } leaf match-names { type ywt:NameMatchMode; default "exact"; description "Match mode to use for UrlPath name searches."; } leaf alt-names { type ywt:AltNameMode; default "true"; description "Match mode to use for UrlPath name searches."; } leaf wildcard-keys { type boolean; default "false"; description "Enable wildcards on key leaf values. Set to 'true' if UrlPath targets for GET operations are allowed to replace key values with the dash '-' character to indicate that all instances of that key are requested. Set to false to treat the '-' character as a plain character if entered as a key value in a UrlPath string."; } leaf access-control { type ywt:access-control-mode; default "enforcing"; description "Controls how access control is initially enforced by the server."; } leaf allow-list-delete-all { type boolean; default "false"; description "If true, then the delete-all operation is enabled for deleting instances of list objects."; } leaf allow-leaflist-delete-all { type boolean; default "false"; description "If true, then the delete-all operation is enabled for deleting instances of leaf-list objects."; } leaf-list allowed-user { type nt:NcxName; description "Name of a user that is allowed to have access to the server via network management sessions. If any configured then the user name must be in this list, unless the user is the superuser account."; } choice audit-log-choice { leaf audit-log { type string; description "Filespec for the server audit log file to use in addition to the normal log file or STDOUT."; } leaf no-audit-log { type empty; description "Flag indicating that no audit log at all will be created. This is only relevant if --fileloc-fhs is 'true'."; } } // choice audit-log-choice leaf audit-log-append { type empty; description "If present, the audit log will be appended not over-written. If not, the audit log will be over-written. Only meaningful if the 'audit-log' parameter is also present."; } leaf audit-log-candidate { type boolean; default "true"; description "If true, then transactions to the candidate datastore will be recorded in the audit log. If false, then transactions to the candidate datastore will not be recorded in the audit log."; } leaf audit-log-console-level { type nt:NcDebugType; default "debug"; description "Sets the minimum logging level needed to log datastore audit records to the server console log. This does not affect output to the audit log."; } leaf audit-log-events { type bits { bit edit-candidate { position 0; description "Save candidate datastore edit events in the audit log. If the --audit-log-candidate parameter is set to true, or the <candidate> datastore is not present, then this bit will be ignored."; } bit edit-running { position 1; description "Save running datastore edit events in the audit log"; } bit update-startup { position 2; description "Save startup datastore update events in the audit log. If the <startup> datastore is not present then this bit will be ignored."; } bit client-session { position 3; description "Save client session start and end events in the audit log"; } bit control-session { position 4; description "Save YControl session start and end events in the audit log"; } bit acm-write-error { position 5; description "Save access control write access denied events in the audit log"; } bit acm-exec-error { position 6; description "Save access control execute access denied events in the audit log"; } bit rpc-summary { position 7; description "Save <rpc> summary records in the audit log."; } bit edit-data { position 8; description "Add plain display output of the data that is being edited in an edit transaction. This bit has no affect unless the edit-candidate or edit-running bit is also set. Note that this added data could represent a security risk since it could expose sensitive configuration data contents. Use this option with caution!"; } bit rpc-error { position 9; description "Add an audit record for an RPC operation that causes an 'rpc-error' element to be returned to the client. If the 'rpc-summary' bit is enabled, then an rpc-error report will be added to the RPC summary records that have a 'status' or 'error'. If the 'rpc-summary' bit is not enabled then an RPC summary with rpc-error report will be added for RPC operations that cause an error to be returned."; } } default "edit-running"; description "Configures the audit log events that will be saved as audit records to the audit log. This does not affect debug logging to the server console log."; } leaf audit-log-level { type nt:NcDebugType; default "info"; description "Sets the minimum logging level needed to log datastore audit records to the audit log. This does not affect debug logging to the server console log."; } leaf audit-log-localtime { type boolean; default "false"; description "If true, the audit log will include timestamps in the local time zone. If false, it will not include in the local time zone."; } leaf autodelete-pdu-error { type boolean; default "true"; description "If true, then configuration nodes provided in the edit payload (e.g., <config> element) that are conditional on 'when' statements must evaluate to true or else an operation-failed error will be returned. If false, then such 'false when' will be silently removed from the target datastore."; } leaf-list bundle { type nt:NcxName; description "Specifies the name of a SIL bundle to load into system at boot-time."; } leaf callhome-reconnect { type boolean; default "false"; description "If 'true' the server will attempt to start a new callhome connection if the client closes the session. If 'false' the server will not attempt to start a new callhome session after the client closes the session. Be careful that the server is running with proper permissions because a successful connection that fails during authentication will cause a reconnect loop if this parameter is set to 'true'."; } leaf callhome-retry-interval { type uint16 { range "1 .. max"; } units "seconds"; default "60"; description "Specifies the number of seconds to wait after a connect attempt to the callhome server has failed before attempting another connect attempt to that server."; } leaf callhome-retry-max { type uint16; default "10"; description "Specifies the number of retry attempts the server should attempt to the callhome server before giving up. The value 0 indicates the server should never give up."; } leaf-list callhome-server { type string; description "Specifies a NETCONF over SSH callhome server that this server should attempt to initiate a callhome connection at boot-time. This string has the format: <server-id> '@' <server-ipv4-addr> [ ':' <port-num> ] server1@192.168.0.101 server1@192.168.0.101:12040 <server-id> '@' <server-ipv6-addr> [ '$' <port-num> ] server1@2605:e000:7e92:3f00:9e:aa5a:fd7f server1@2605:e000:7e92:3f00:9e:aa5a:fd7f$6666 The server-id parameter is used for logging purposes. This parameter is ignored if the --with-callhome parameter is set to 'false'. The default NETCONF over SSH CallHome port number (netconf-ch-ssh 4334) is used if the 'port' field is not present. "; } leaf callhome-sshd-command { type string; default "/usr/sbin/sshd"; description "Specifies the command string used to invoke the SSH server when a NETCONF over SSH callhome session is initiated."; } leaf callhome-sshd-config { type string; description "Specifies the SSH server configuration file to use when invoking the SSH server when a NETCONF over SSH callhome session is initiated. The default config file to use is a dynamic string using the pattern ch_sshd_config.<client>. It is located in the $HOME/.yumapro directory."; } leaf callhome-subsys-command { type string; default "/usr/sbin/netconf-subsystem-pro"; description "Specifies the netconf subsystem to use in the default ch_sshd_config files to specify the NETCONF subsystem for the incoming NETCONF session expected on the NETCONF over SSH callhome session."; } leaf-list callhome-tls-server { type string; description "Specifies a NETCONF over TLS callhome server that this server should attempt to initiate a callhome connection at boot-time. This string has the format: <server-id> '@' <server-ipv4-addr> [ ':' <port-num> ] server1@192.168.0.101 server1@192.168.0.101:12040 <server-id> '@' <server-ipv6-addr> [ '$' <port-num> ] server1@2605:e000:7e92:3f00:9e:aa5a:fd7f server1@2605:e000:7e92:3f00:9e:aa5a:fd7f$6666 The server-id parameter is used for logging purposes. This parameter is ignored if the --with-callhome parameter is set to 'false'. The default NETCONF over TLS callhome port number (netconf-ch-tls 4335) is used if the 'port' field is not present. "; } leaf cert-default-user { type string; description "The username to use if no username mapping is found for a NETCONF over TLS session. This parameter is non-standard and should only be used for debugging. This parameter will be ignored unless the image is built with the DEBUG=1 make flag."; } leaf-list cert-usermap { type string; ordered-by user; description "Each entry specifies a certificate to user name mapping for NETCONF over TLS sessions. A mapping is a structured string using the form <user>@<fingerprint>. The 'user' field is the case-sensitive user name for the mapping. The 'fingerprint' field is a hex-string representation of the SHA-1 fingerprint for the X.509 certificate. It does not have to be complete. Usually 6 bytes should be sufficient to ensure uniqueness. The hex digits are not case-sensitive. At least 6 hex digits must be provided. A maximum of 20 hex digits can be provided. Example: admin@60:C8:5C:08:82:55 A printable fingerprint can be generated with the openssl command: 'openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]' The Hash Type SHA-1 (the -sha1 parameter in this example) must be used for this parameter. This fingerprint string is not the same format as the 'tls-fingerprint' type defined in the ietf-x509-cert-to-name module. This string does not have any hash type octet to start the string. "; } leaf confdir { type string; default "/etc/yumapro/netconfd-pro.d"; description "Specifies the CLI parameter configuration directory to use for extra configuration files. The server will check this directory for files that end with the suffix '.conf' and process them similar to the main configuration file. Other files will be ignored. Files will be processed in alphabetical order. The server will keep the first value set if a CLI leaf parameter is set multiple times. The CLI parameters are set in the following order: 1) netconfd-pro command line 2) --config file or /etc/yumapro/netconfd-pro.conf 3) --confdir files or /etc/yumapro/netconfd-pro.d/ If the --no-config parameter is present in step (1) then steps (2) and (3) will be skipped, and this parameter will be ignored. If this parameter is encountered in step (3) it will be ignored. Extra configuration files in step (3) have the exact same syntax as the configuration file used in step (2). Example extra config file testmods.conf: netconfd-pro { module acme-test1 module acme-test2 log-level debug2 message-indent 1 idle-timeout 0 } "; } leaf convert-subtree-filter { type boolean; default "false"; description "If set to 'true' then subtree filters for retrieval operations might be converted to XPath expressions for processing. The subtree filtering algorithm has a minor flaw which can cause subtree containment nodes to be printed in the output even though a nested selection filter does not match. A containment node should be completely pruned from the result no selection filters within it produce a match. This only affects data that needs to be retrieved by the server with a GET2 callback. This issue has been fixed by converting a subtree filter to XPath and processing as if it were an XPath filter. If this parameter is set to 'true' then the conversion will be attempted. The conversion will be skipped if any of the following conditions are true - output format is not XML - input format is not XML - subtree filter contains any attribute match expressions This bugfix is not enabled by default because it might change filter output which was previously incorrect, but a client might be relying on the incorrect output anyway."; } leaf create-empty-npcontainers { type boolean; default "true"; status deprecated; description "An empty non-presence container has no meaning in NETCONF/YANG so it may be created by the server. In particular, the presence of the container node with no child nodes is semantically equivalent to the absence of the container node. This is the default style. If this parameter is set to false, then the server will not create empty NP containers. This parameter MUST be set to true for proper server XPath evaluation. It is now deprecated. It may be set to 'obsolete' in a future release train. Set 'return-empty-npcontainers' to 'false' instead of setting this parameter to 'false'."; } leaf create-empty-npcontainers-ro { type boolean; default "false"; status deprecated; description "If the create-empty-npcontainers parameter is set to 'true' then this parameter is not relevant and ignored. Otherwise this parameter controls whether empty non-presence containers will be created if there are no default child nodes but there are read-only child nodes. If this parameter is set to 'false', then the server will not create empty NP containers in this case. If this parameter is set to 'true', then the server will create empty NP containers in this case. This parameter MUST be set to 'true' for proper server XPath evaluation. It is now deprecated. It may be set to 'obsolete' in a future release train. Set 'return-empty-npcontainers' to 'false' instead of setting this parameter to 'true. "; } leaf db-lock-retry-interval { type uint32 { range "10 .. 60000"; } units "milli-seconds"; default "500"; description "The number of milli-seconds to wait before attempting to get a DB-Config-Lock from the DB-API subsystem."; } leaf db-lock-timeout { type uint32 { range "min .. 3600"; } units "seconds"; default "30"; description "The total number of seconds to wait before giving up on a DB-Config-Lock from the DB-API subsystem. The value zero indicates that no retries will be attempted if the lock is busy."; } leaf default-style { type enumeration { enum "report-all" { value 0; } enum "trim" { value 1; } enum "explicit" { value 2; } } default "explicit"; description "Selects the type of filtering behavior the server will advertise as the 'basic' behavior in the 'with-defaults' capability. The server will use this default handling behavior if the 'with-defaults' parameter is not explicitly set. Also, when saving a configuration to NV-storage, this value will be used for filtering defaults from the saved configuration. See wd:with-defaults leaf for enumeration details."; } leaf delete-empty-npcontainers { type boolean; default "false"; status obsolete; description "An empty non-presence container has no meaning in NETCONF/YANG so it may be deleted by the server. This takes non-trivial processing time for large databases, but uses less memory. Disabling this parameter will result in a larger database in both memory and NV-save."; } leaf disabled-protocols { type bits { bit netconf { position 0; description "Disable NETCONF sessions. - Ignored unless --with-netconf=true or --with-netconf-tls=true. - Ignored by callhome-server connections. Callhome will fail if the bit is present. "; } bit restconf { position 1; description "Disable RESTCONF sessions. - Ignored unless WITH_RESTCONF=1 used to build server - Ignored unless --with-restconf=true "; } bit cli { position 2; description "Disable yp-shell CLI sessions. - Ignored unless WITH_CLI=1 used to build server - Ignored unless --with-yp-shell=true "; } bit gnmi { position 3; description "Disable gNMI sessions. - Ignored unless WITH_GNMI WITH_RESTCONF WITH_YCONTROL all defined - Ignored unless --with-gnmi=true "; } bit grpc { position 4; description "Disable gRPC sessions. - Ignored unless WITH_GRPC is defined - Ignored unless --with-grpc=true "; } } default ""; description "Allows sessions for client protocols to be disabled at boot-time. Sessions can then be enabled at run-time; e.g., using the <protocol-control> operation. This parameter only affects session admission control. The protocol must be enabled and initialized properly for this parameter to have any effect. If the protocol bit is set in this parameter, and the protocol has not been enabled at run-time, then incoming protocol sessions for that protocol will be dropped. Use maintenence mode to temporarily disable client sessions instead of this parameter."; } leaf disable-imported-ok { type boolean; default "true"; description "Specifies whether the server should disable objects that are only imported, and not loaded via module or bundle parameter. These modules are marked as conformance-type='import' the YANG Library. - Old behavior is 'false' which incorrectly adds all objects from the module into the schema tree and datastores - New behavior is to mark these objects as disabled in the obj_is_enabled() function. - Added in 23.10T-9 - NOTE: Default is to change server behavior! MUST set to 'false' to preserve the old incorrect behavior."; } leaf eventlog-size { type uint32; default "1000"; description "Specifies the maximum number of notification events that will be saved in each notification replay buffer. The oldest entries will be deleted first. The value 0 will cause the server to periodically clean out the messages that have already been delivered. The eventlog-size is per event stream, not total size."; } leaf-list event-stream { type ywt:NcxNumName; description "Specifies the name of a NETCONF event stream that should be created by the server. Each event stream has its own subscriptions and notification replay buffer. Each event stream has the same replay buffer size, using the shared eventlog-size parameter. Each generated notification is sent to one event stream. The YANG module instrumentation will select an event stream to use or the default event stream will be used. Copies of the same notification can be sent to multiple event streams. If the event-stream specified by the instrumentation is not available, then a warning will be generated in the log and the default event stream will be used instead. The default event stream is named 'NETCONF'. It cannot be replaced or removed. No other event stream can have this name. The standard NETCONF notification events are always sent to this event stream, unless there is an event-stream-map assigning the module to a different event stream."; } leaf-list event-stream-map { type string; description "Each entry specifies a module name to event-stream mapping for notification handling. A mapping is a structured string using the form <module-name>@<stream-name>. The 'module-name' field is the case-sensitive module name for the mapping. The 'stream-name' field is the case-sensitive stream name for the mapping. It must match an 'event-stream' parameter or the default 'NETCONF'. Note there is no need to define a mapping for the 'NETCONF' stream since it will be picked if no other stream is selected. The name must conform to the NcxNumName data type. The built-in notifications such as 'replayComplete' and 'notificationComplete' are subscription-specific and always sent only to the subscription, not the event stream. Therefore these notifications are not affected by this parameter."; } leaf fileloc-fhs { type boolean; default "false"; description "If true, then the server should use Filesystem Hierarchy Standard (FHS) directory locations to create and store server data. May need to run as root. The FHS server log file will be created by default unless the 'log' parameter is used, then that location will be used instead. If this parameter is provided on the command line and set to 'true' then the --server-root parameter must also be provided on the command-line (if it is used). The FHS audit log file will be created by default unless the 'audit-log' parameter is used, then that location will be used instead. If the 'no-audit-log' parameter is present then no audit log will be created. File Type Example ---------------------------------------------------- server log: /var/log/netconfd-pro/server.log audit log: /var/log/netconfd-pro/audit.log config file: /var/lib/netconfd-pro/startup-cfg.xml TXID file: /var/lib/netconfd-pro/startup-cfg-txid.txt backups: /var/lib/netconfd-pro/backups/backup1.xml PID file: /var/run/netconfd-pro/netconfd-pro.pid AF socket: /var/run/netconfd-pro/ncxserver.sock If false then the server will use $HOME/.yumapro and other file locations to store server data. File Type Example ---------------------------------------------------- server log: STDOUT; no server log created by default audit log: STDOUT; no audit log created by default config file: $HOME/.yumapro/startup-cfg.xml TXID file: $HOME/.yumapro/startup-cfg-txid.txt backups: $HOME/.yumapro/backups/backup1.xml PID file: $HOME/.yumapro/netconfd-pro.pid AF socket: /tmp/ncxserver.sock "; } leaf ha-enabled { type boolean; default "false"; description "Specifies whether the YP-HA protocol should be enabled, allowing High Availability Datastore Replication mode to be supported. If this parameter is enabled then the following parameters must be configured or the server will exit with an error: - ha-server - ha-server-key - server-id - socket-type=tcp - socket-address - socket-port "; } leaf ha-initial-active { type nt:NcxName; description "Specifies the server name for the initial YP-HA active server. This is ignored unless ha-enabled=true. There is no default. This parameter is used to hardwire the initial High Availability roles instead of setting it in the yp-system init1 or init2 callback functions. If this parameter is the same as 'server-id' then this server will be the initial YP-HA active server. This parameter is intended for debug mode only. The real operational mode should use signaling only to set the HA mode. Otherwise if the server reboots it will use the configured HA mode, which may not be correct if it has been changed during runtime."; } leaf ha-port { type inet:port-number; default "8088"; description "Specifies the default port to use for YP-HA protocol messages. Unless otherwise specified, this port number will be used by a standby server attempting to connect to the active server. (This parameter is not used yet)."; } leaf-list ha-server { type string; description "Specifies a server in the YP-HA server pool. This string has the format: <server-id> '@' <server-addr> [ ':' <port-num> ] server1@192.168.0.101 server1@192.168.0.101:12040 The server running with this configuration must be listed in the ha-server pool. The server-id parameter must match the entry for this server. There must be at least 2 entries present to configure an HA server pool. This must be done if ha-enabled parameter is set to 'true'. "; } leaf ha-server-key { type string; description "Specifies the string the standby server must present to the active server during registration. Used to prevent servers from going the wrong HA pool. If not set then the active server will reject the YP-HA connection. This parameter must be set if the ha-enabled parameter is set to 'true'."; } leaf ha-sil-standby { type boolean; default "false"; description "Specifies whether the edit callbacks such as SIL, SIL-SA and HOOK instrumentation will be invoked if the server is operating in HA standby mode"; } leaf hello-timeout { type uint32 { range "0 | 10 .. 3600"; } units "seconds"; default "600"; description "Specifies the number of seconds that a NETCONF session may exist before the client hello PDU is received. A session will be dropped if no hello PDU is received before this number of seconds elapses. If this parameter is set to zero, then the server will wait forever for a hello message, and not drop any sessions stuck in 'hello-wait' state. The hello timer starts when a session is started within the server, and therefore using a session resource that counts against the 'max-sessions' limit. For NETCONF over SSH sessions the session starts after the SSH session is setup and the 'netconf' subsystem is invoked. The SSH server has its own timeout values for maximum session startup time. For NETCONF over TLS sessions the session starts when the TCP connection is accepted. Setting this parameter to zero may permit denial of service attacks, since only a limited number of concurrent sessions are supported by the server."; } leaf-list hide-module { type nt:NcxName; description "Specifies the name of a module to hide from advertisements to client sessions. If the specified module name is loaded into the server, then this parameter will cause it to be omitted from the following data structures: - YANG 1.0 <hello> message - /netconf-state/schemas/schema list - /modules-state/module list This parameter will prevent the client from knowing about the hidden module. If an advertised module imports a hidden module then it is very likely a client will not be able to use the advertised module because of the missing imports. This parameter can be dangerous! It does not prevent loading or enabling of the module. The SIL code is responsible for not returning any data to a client using a hidden module. Use of this parameter violates conformance to NETCONF, RESTCONF, and the YANG Library. Use with caution, only for modules that are not accessible by clients."; } leaf highres-event-time { type boolean; default "true"; description "If set to 'true' then the 'eventTime' leaf value in all <notification> messages will contain a microseconds field. If 'false' then this field will not contain a microseconds field. This field is always 6 digits long and represents a fraction of one second as the number of microseconds. Note: the default behavior is different than the low resolution format used in previous releases. The date-and-time data type includes this optional field so a client should accept the value."; } leaf idle-timeout { type uint32 { range "0 | 10 .. 360000"; } units "seconds"; default "3600"; description "Specifies the number of seconds that a session may remain idle without issuing any RPC requests. A session will be dropped if it is idle for an interval longer than this number of seconds. Sessions that have a notification subscription active are never dropped. If this parameter is set to zero, then the server will never drop a session because it is idle."; } leaf import-version-bestmatch { type boolean; default "false"; description "Specifies if the bestmatch search feature should be used for import resolution when no revision-date field is specified in the import-stmt. If 'true' then the server will scan the module search path during startup and determine the most recent revisions of each module. If a module is loaded or imported and no revision date is specified then the bestmatch revision will be used. This feature requires some additional memory and bootup processing time. It should be avoided if possible. The module search path on the server should only contain the modules and revisions that are needed by the server. If set to 'false', then the bestmatch feature will not be enabled. It is possible for the server to find and load the wrong version of a module during imports processing. For example, while loading module A, it imports module B. Then module B is loaded but a revision is specified (e.g., --module=B@2019-06-20). This can cause errors during callback registration such as 'definition not found' or 'segment not found', depending on how the module has changed. "; } leaf insecure-ok { type boolean; default "false"; description "Specifies if insecure NETCONF over TLS should be allowed. If true then X.509 certificates will be accepted even if they cannot be verified. Used for debugging only! This parameter is only available if the image was built with the DEBUG=1 parameter."; } leaf library-mode { type boolean; default "false"; description "If true, then the server will operate in YANG module library mode. It will find all the YANG modules and make them available for <get-schema> operations. The following NETCONF operations are available when the server is operating in library mode: ietf-netconf:get ietf-netconf:get-config ietf-netconf-monitoring:get-schema if --with-yuma-system='true': yuma-system:restart yuma-system:shutdown "; } leaf max-burst { type uint32; default "10"; description "Specifies the maximum number of notifications that should be sent to one session, within a one second time interval. The value 0 indicates that the server should not limit notification bursts at all."; } leaf max-getbulk { type uint32; default "10"; description "Specifies the maximum number of getbulk entries to request from a GET2 callback. This value will be used in the get2cb 'max_entries' field. The value 0 is used to indicate there is no max and the GET2 callback can return as many getbulk entries as desired. This is the default for leaf-list GET2 callbacks"; } leaf max-lock-hold-time { type uint16 { range "0 | 5 .. max"; } units "seconds"; default "0"; description "Specifies the maximum number of seconds to allow a session to hold a global NETCONF datastore lock. If zero, then no maximum lock hold time will be used. This is the behavior specified by RFC 6241. If non-zero, then the standard will not be followed. Instead, a global lock will be released if held by a session too long. This timeout only applies to the 'lock' operation. Partial locks are not affected at all by this parameter. If a lock is released, then the locking session will not be warned or notified in anyway. An 'info' log entry is generated such as: Max Lock Hold Time timeout for datastore running Locked by session 3 at 2023-03-21T23:35:55Z If a session has an active notification subscription, or if the client sends at least one request periodically, then the '--idle-timeout' parameter will not be enforced. It is possible for a NETCONF session to hold a global datastore lock indefinitely. This parameter allows the datastore lock time to be configured so it does not depend on the '--idle-timeout' parameter setting. Using this parameter with a value greater than zero will violate RFC 6241 procedures for the 'lock' operation. A minimum lock hold time of 5 seconds is allowed. - If a timeout occurs the datastore lock will be dropped, but the session will not be dropped. - If an edit is in progress, it will not be affected. Only the NETCONF lock will be released. - The server will output an 'info' log message if a datastore lock is released by the server due to the lock hold time exceeding this value. "; } leaf max-sessions { type uint16 { range "0 .. 1024"; } default "8"; description "Specifies the maximum number of concurrent sessions that can be active at one time. The value 0 indicates that no artificial session limit should be used. This parameter does not apply to YControl sessions."; } leaf max-cli-sessions { type uint16 { range "0 .. 1024"; } default "0"; description "Specifies the maximum number of concurrent CLI sessions that can be active at one time. The value 0 indicates that no artificial session limit should be used. The max-sessions parameter has precedence, so setting this parameter higher than 'max-sessions' will have no effect. This parameter does not apply to YControl sessions."; } leaf max-user-sessions { type uint16 { range "0 .. 1024"; } default "0"; description "Specifies the maximum number of concurrent sessions that can be active at one time by one user. The value 0 indicates that no artificial session limit should be used. The max-sessions parameter has precedence, so setting this parameter higher than 'max-sessions' will have no effect. This parameter does not apply to YControl sessions."; } leaf-list max-per-user-sessions { type string { length "3 .. 1029"; } description "Specifies the maximum number of concurrent sessions that can be active at one time by the specified user. This parameter will override the 'max-user-sessions' parameter for the specified username, if both are present. The max-sessions parameter has precedence, so setting this parameter higher than 'max-sessions' will have no effect. This parameter does not apply to YControl sessions. The value is a formatted string and it must not contain any whitespace. username:number The username field must be between 1 and 1024 characters, and must not contain a colon ':' character. The username field must be followed by a single colon ':' character, which must be followed by the number field. This value will be compared to the username assigned to a client session when it is started. The client session will be dropped if the session limit is exceeded. The number field must be between 0 and 1024. This must be in decimal with no leading zeroes, and must contain between 1 and 4 characters. The value 0 indicates that no artificial session limit should be used for the specified user. Errors: - Invalid entries will cause the server to terminate with an error. - A duplicate username will be ignored and a warning will be printed to the log. Available starting in 23.10-5. Example: - limit total concurrent client sessions to 10 - limit total number of concurrent sessions by a single user to 2 - except user 'admin1', and a limit of 5 for user 'admin2': max-sessions 10 max-user-sessions 2 max-per-user-sessions admin1:0 max-per-user-sessions admin2:5 "; } leaf max-strlen { type int32 { range "65536 .. max"; } units "bytes"; default "262144"; description "The maximum number of bytes in length that will be accepted for a quoted string, by the internal token parser. This affects YANG and JSON input processing. Set this value to allow large binary leafs to be parsed by the server. This value includes 1 byte for the string termination character."; } leaf-list module-tagmap { type string; description "Specifies a module tag mapping for use in module tags registry. The format is <modname>@<tag-string>. Examples: ietf-system@ietf:system-management openconfig-system@vendor:openconfig:system-management example-system@vendor:example.com:system-management "; } leaf-list netconf-capability { type inet:uri; description "Specifies a URI value that should be added to the server NETCONF <hello> message as a NETCONF <capability> URI and monitoring data in the /netconf-state/capabilities container."; } leaf netconf-tls-address { type inet:ip-address; default "0.0.0.0"; description "Specifies the IP address to listen on for NETCONF over TLS messages."; reference "RFC 7589: NETCONF over TLS"; } leaf netconf-tls-certificate { type string { length "1 .. max"; } default "$HOME/.ssl/netconfd-pro.crt"; description "Contains the file path specification for the file containing the server SSL certificate, used for the NETCONF over TLS protocol."; } leaf netconf-tls-key { type string { length "1 .. max"; } default "$HOME/.ssl/netconfd-pro.key"; description "Contains the file path specification for the file containing the server SSL key, used for the NETCONF over TLS protocol."; } leaf netconf-tls-port { type inet:port-number; default "6513"; description "Specifies the TCP port to listen for NETCONF over TLS messages."; reference "RFC 7589: NETCONF over TLS"; } leaf netconf-tls-trust-store { type string { length "1 .. max"; } default "$HOME/.ssl/trust-store.pem"; description "Contains the file path specification for the file containing the server SSL trust-store, or the path specification for the directory to use for finding trusted certificates. If the default value is used and the file is not found, then the default directory location '/etc/ssl/certs' will be used."; } leaf no-log { type empty; description "Flag indicating that no main log file will be created. This is usually only relevant if --fileloc-fhs is 'true'. In this case the default log file will not be created. The --log-level parameter will be set to 'off'. This parameter will be ignored if the --log parameter is set. This parameter has no affect on the audit-log or syslog logging."; } leaf no-nvstore { type empty; description "Specifies that the server should not load or save using the normal APIs during transaction management. The 'start' choice will be ignored (e.g., --no-startup)) and the server will not attempt to load a startup-cfg.xml file. Transactions will not be saved to NV-storage at all. Any external NV-storage callbacks will be ignored. Use this mode if NV-load and NV-storage are handled internally and not via the startup-cfg.xml file. This parameter is only enabled if it is present."; } leaf-list port { type inet:port-number; max-elements 4; description "Specifies the TCP ports that the server will accept connections from for NETCONF over SSH sessions. These ports must also be configured in the /etc/ssh/sshd_config file for the SSH master server to accept the connection and invoke the netconf subsystem. Up to 4 port numbers can be configured. If any ports are configured, then only those values will be accepted by the server. If the server is running in Single-Instance Mode, then if no ports are configured, the server will accept connections on the netconf-ssh port (tcp/830). If the server is running in Multi-Instance Mode (i.e., --server-root is set), then any port configured on the SSH server will be accepted. For CallHome connections, if the connection port is over 10000 then the connection will be accepted and this list will be ignored."; } leaf-list module { type yt:NcModuleSpec; description "YANG source module name to use."; } leaf-list deviation { type yt:NcModuleSpec; description "YANG deviation file. This parameter identifies a YANG module that should only be checked for deviation statements for external modules. These will be collected and applied to the real module(s) being processed. Deviations are applied as patches to the target module. Since they are not identified in the target module at all (ala imports), they have to be specified explicitly, so they will be correctly processed. If this string represents a filespec, ending with the '.yang' or '.yin' extension, then only that file location will be checked. If this string represents a module name, then the module search path will be checked for a file with the module name and the '.yang' or '.yin' extension. If this string begins with a '~' character, then a username is expected to follow or a directory separator character. If it begins with a '$' character, then an environment variable name is expected to follow. ~/some/path ==> <my-home-dir>/some/path ~fred/some/path ==> <fred-home-dir>/some/path $workdir/some/path ==> <workdir-env-var>/some/path "; } leaf-list annotation { type yt:NcModuleSpec; description "YANG deviation file representing model annotations. Processed the same as a deviation parameter except the module is not advertised to any client sessions. Only the deviation 'deviate add' operation can be used to transfer extension statements to another model. The annotations will be applied to a data definition statement, as if they were defined as sub-statements of the deviation target. --annotation=acme-dev1 Example object annotations (contents of acme-dev1) deviation /if:interfaces { deviate add { ncx:sil-delete-chilren-first; } } deviation /if:interfaces/if:interface { deviate add { ncx:sil-delete-chilren-first; acme:my-deviation1 'the deviation parm'; } } "; } leaf datapath { type yt:NcPathList; description "Internal file search path for config files. Overrides the YUMA_DATAPATH environment variable."; } leaf push-max-operational { type uint32; units "subscriptions"; default "4"; description "Specifies the maximum number of on-change push subscriptions that can be in use at once for the <operational> datastore. The value zero will disable on-change subscriptions for the <operational> datastore. Setting this parameter to a high value can increase the resources used by the server. Use with extreme caution."; } leaf push-max-periodic { type uint32; units "subscriptions"; default "16"; description "Specifies the maximum number of periodic push subscriptions that can be in use at once. The value zero will disable periodic subscriptions. Setting this parameter to a high value can increase the resources used by the server. Use with extreme caution."; } leaf push-min-dampening { type uint16 { range "1 .. max"; } units "centiseconds"; default "100"; description "Specifies the minimum value for the 'dampening-period' parameter that will be accepted for an on-change push subscription. Setting this parameter to a low value can increase the resources used by the server. Use with extreme caution."; } leaf push-min-period { type uint16 { range "1 .. max"; } units "centiseconds"; default "100"; description "Specifies the minimum value for the 'period' parameter that will be accepted for a periodic push subscription. Setting this parameter to a low value can increase the resources used by the server. Use with extreme caution."; } leaf push-simop-enabled { type boolean; default "true"; description "Specifies if the simulated on-change push subscriptions should be enabled for the <operational> datastore. The value false will disable simulated on-change subscriptions for the <operational> datastore. Real on-change subscriptions reported from subsystems are not affected by this parameter."; } leaf push-simop-patch-update { type boolean; default "true"; description "Specifies the notification message that should be used for a simulated on-change push subscription. If 'true' then the standard <push-change-update> notification will be used for the report. This format uses YANG Patch to report individual edits. If 'false' then the standard <push-update> notification will be used for the report. This will make the subscription similar to a periodic subscription, except that an update is only sent when the content changes. This is not conformant with RFC 8641 requirements. Real on-change subscriptions reported from subsystems are not affected by this parameter."; } leaf push-simop-period { type uint16 { range "1 .. max"; } units "centiseconds"; default "500"; description "Specifies the value for the 'period' parameter that will be used for simulated operational on-change push subscription. The current value will be checked periodically using this parameter value. If an update is sent then the dampening-period for this subscription will be enforced. Setting this parameter to a low value will increase the resources used by the server. Use with extreme caution."; } leaf remove-schema-aug-leafs { type boolean; default "false"; description "Remove the 'conformance' and 'module-type' leafs from the /netconf-state/schemas/schema list. The deprecated leafs are added if --with-yumaworks-system is true. They will be removed from the 22.10 release train when the status is changed to obsolete. This parameter will be forced to the value 'true' if the server is built with the REMOVE_SCHEMA_AUG_LEAFS=1 compile flag. The default is 'false' to maintain backward compatibility with previous releases. The value 'true' should be used since the information from these deprecated leafs is available in the YANG Library data structures."; } leaf-list restconf-capability { type inet:uri; description "Specifies a URI value that should be added to the server as monitoring data in the /restconf-state/capabilities container."; } leaf restconf-default-encoding { type enumeration { enum "json" { value 0; description "Use JSON message encoding as the default."; } enum "xml" { value 1; description "Use XML message encoding as the default."; } } default "json"; description "Specifies the default response encoding to use if the incoming request does not have an indication of preferred content type (e.g., no Content-Type header, no Accept header). "; } leaf restconf-strict-headers { type boolean; default "false"; description "If set to 'true' the server will only accept requests with normative Accept and Content-Type headers entries specified in the RFC 8040 The Accept header must not be empty; otherwise 'not acceptable' error will be returned. Normative Accept header: application/yang-data+xml,application/yang-data+json;q=0.9 Normative Content-Type header: application/yang-data+xml application/yang-patch+json If set to 'false', the server will try to accept not normative header entries. Acceptable not normative Accept header: application/xml,application/json;q=0.9 Acceptable not normative Content-Type headers: application/xml application/json text/xml "; } leaf return-empty-npcontainers { type boolean; default "true"; description "If set to 'true' then empty configuration NP containers that do not have any read-only child nodes are returned in retrieval operations. An empty NP container is defined an a non-presence container that has no child nodes or only child nodes that are empty NP containers. The container is not empty if it has: - any child nodes besides empty NP containers - any default child nodes - any read-only child node Normally these empty NP containers are returned only if the 'with-defaults' retrieval parameter or 'default-style' CLI parameter is 'report-all'. If this parameter is 'false' then empty NP containers will not be returned in retrieval operations at all. Introduced in 23.10-6. The default setting is 'true' for backward compatibility but the recommended setting is 'false'. "; } leaf return-error-with-data { type boolean; default "false"; description "Controls whether <rpc-error> nodes will be returned in RPC output for retrieval operations - get - get-data on <operational> If true, and if a GET2 callback returns an error, an <rpc-error> will be returned after all data has been returned. Make sure the client is capable of handing this non-standard extension to the <rpc-reply> element encoding. If 'false', then no RPC errors will be returned in addition to data, for these operations. Introduced in 23.10T-7 "; } leaf return-status { type boolean; default "false"; description "Controls whether the server will return the status code or return zero, when it exits. If 'true' then the server will return the 'status_t' enumeration number for the error that occurred, or zero if no error occurred. Note that these error codes do not follow Linux conventions. Values above 255 (but less than 2000) can be returned. If 'false' then the server will always return zero. This is the existing server behavior and therefore the default behavior."; } leaf running-error { type enumeration { enum "stop" { value 0; description "Terminate the program if any errors are encountered in the running configuration."; } enum "continue" { value 1; description "Continue the program if any errors are encountered in the running configuration. Altering the running configuration will fail until the commit validation tests succeed."; } enum "fallback" { value 2; description "Fallback to the factory configuration if errors are encountered in the running configuration at boot time. The server will restart as if the --factory-startup configuration parameter was used."; } } default "stop"; description "Controls the server behavior if any errors are encountered while validating the running database during the initial load of the running configuration at boot-time."; } leaf save-owners { type boolean; default "false"; description "Indicates if owner names should be saved for data in the running configuration, and startup configuration if supported."; } leaf sil-cc-callback-all { type boolean; default "false"; description "If 'true', the server will invoke Commit Completeness callbacks for all edit transactions, not just for the <commit> operation. The following operations will cause Commit Completeness callbacks to be invoked: - <commit> - <copy-config> - <edit-config> - <load-config> (internal boot) - <load-config> (confirmed commit timeout) - <restore> - <validate> All Commit Completeness callbacks are invoked if the target is the <running> datastore. The Validate Complete Callback is invoked for the <candidate> datastore only if the --sil-validate-candidate parameter is set to 'true'. The Apply Complete, Commit Complete, and Rollback Complete callbacks are only invoked if the target is the <running> datastore. The callback input parameters may be different for each operation. Refer to the YumaPro Developer Manual for details. If 'false', the server will invoke Commit Completeness callbacks only for the <commit> operation. Introduced in 22.10-8."; } leaf sil-delete-children-first { type boolean; default "false"; description "If 'true', the server default behavior will be to treat all data deletion operations as if the ncx:sil-delete-children-first extension is present. A child node will be checked for a SIL callback before it is deleted. If 'false' the server default behavior will be to invoke SIL callbacks for deletion of child nodes only if the ncx:sil-delete-children-first extension is present."; } leaf sil-invoke-for-defaults { type boolean; default "true"; description "If 'true' then a SIL or SIL-SA callback will be invoked for default data nodes during the load and load_config operations. If 'false' then a SIL or SIL-SA callback will not be invoked for default data nodes."; } leaf sil-missing-error { type boolean; default "false"; description "If 'true' then when a module is loaded, but the SIL library code for the module is not found, an error will be returned instead of a warning printed. If 'false' then when a module is loaded, but the SIL library code for the module is not found, no error will be returned. Instead, only a warning will be printed."; } leaf sil-prio-reverse-for-deletes { type boolean; default "false"; description "Specifies whether edit transactions are validated by the regular SIL priority of should be reversed for DELETE edits. This parameter can be used to delete leafref nodes with referenced by node in reverse order. If 'false' then the SIL priority will not be reversed."; } leaf sil-root-check-first { type boolean; default "true"; description "If 'true', the server will perform a YANG validation check before the SIL validate callbacks are invoked for an edit-config operation. This is always done for a load-config or commit operation. If 'false', the server will invoke the SIL validate callbacks before performing a YANG validation check. Instead the validation will be done before the SIL apply callback. This is the only behavior in the 17.10 release train."; } leaf sil-skip-load { type empty; description "If present, the server will not invoke the SIL callbacks during initial system initialization when the startup configuration file is loaded into the running datastore."; } leaf sil-test-get-when { type boolean; default "false"; description "If 'true', the server will evaluate 'when' statements for GET2 callback requests for config=false nodes. If 'false' then the SIL or SIL-SA callback is expected to test the 'when' condition internally somehow and return a no-instance error if the condition is 'false'. This parameter can be overridden by the ywx:sil-test-get-when YANG extension. If that extension is found for an operational data node then its value will be used instead of this parameter."; } leaf sil-validate-candidate { type boolean; default "true"; description "If true, the server will invoke the VALIDATE phase for SIL and SIL-SA callbacks when each edit is made to the candidate datastore. If false, the server will not invoke the VALIDATE phase for SIL and SIL-SA callbacks when each edit is made to the candidate datastore. Transaction performance will be improved if the extra VALIDATE phase callbacks are skipped. Acceptance of an individual edit to the candidate does not mean the SIL or SIL-SA will accept that edit when combined with all edits (during the commit operation). In either case the server will invoke the VALIDATE phase callbacks when an attempt to commit the candidate datastore is done or when a <validate> operation is done on the candidate datastore."; } leaf simple-json-names { type boolean; default "false"; description "If true, the server will NOT output name of the module in which the data node is defined. If false, a namespace-qualified member name will be used for all members of a top-level JSON object and then also whenever the namespaces of the data node and its parent node are different."; } leaf sm-config { type string; description "Specifies the XML or JSON file to read which contains the configuration data needed to create desired mount-points. This config file controls what is in the YANG Library for each mount-point label. If this parameter is set then the file must be found and be valid or the server will exit with an error. If --with-schema-mount=false this parameter is ignored."; } leaf sm-config-encoding { type enumeration { enum "json" { value 0; description "Identify JSON encoding."; } enum "xml" { value 1; description "Identify XML encoding."; } } default "json"; description "Specifies the Schema Mount Config file encoding. Based on this encoding the server will parse the config file accordingly. If --with-schema-mount=false this parameter is ignored."; } leaf snmp-agent-role { type enumeration { enum "master" { value 0; description "A 'master' agent that is available on the standard transport address and that accepts SNMP protocol messages."; } enum "subagent" { value 1; description "An agent acting in a subagent role performs the following functions: - Initiates AgentX sessions with the master agent - Registers MIB regions with the master agent - Instantiates managed objects - Binds OIDs within its registered MIB regions to actual variables - Performs management operations on variables"; reference "RFC 2741"; } } default "master"; description "Specifies the SNMP agent role."; } leaf snmp-subagent-priority { type uint16 { range "1 .. 255"; } default "127"; description "A value between 1 and 255, used to achieve a desired configuration when different sessions register identical or overlapping regions. Subagents with no particular knowledge of priority should register with the default value of 127. In the master agent's dispatching algorithm, smaller values of priority take precedence over larger values, as described in section 7.1.4.1, 'Handling Duplicate and Overlapping Subtrees'."; reference "RFC 2741"; } leaf socket-address { type inet:ip-address; default "0.0.0.0"; description "Specifies the IP address to listen on when the socket-type parameter is set to 'tcp'. Ignored if the socket-type is 'aflocal'. Note that this parameter specifies the IP address for internal <ncx-connect> protocol messages. The server will accept NETCONF sessions over SSH, as specified in the OpenSSH config file."; } leaf socket-port { type inet:port-number; default "2023"; description "Specifies the TCP port number to listen on when the socket-type parameter is set to 'tcp'. Ignored if the socket-type is 'aflocal'. Note that this parameter specifies the port number for internal <ncx-connect> protocol messages. The server will accept NETCONF sessions over SSH, specified with the 'port' parameter (e.g. 830)."; } leaf socket-type { type enumeration { enum "aflocal" { value 0; description "An AF_LOCAL socket will be used for incoming sessions."; } enum "tcp" { value 1; description "An AF_INET socket will be used for incoming sessions."; } } default "aflocal"; description "Specifies which type of socket the server should create for incoming <ncx-connect> protocol sessions. Note that this parameter specifies the socket type for internal <ncx-connect> protocol messages. The server will use TCP connections for NETCONF sessions over SSH."; } choice start { description "select startup config for boot load"; leaf no-startup { type empty; description "If present, do not load the startup config file. Use the factory default settings but do not overwrite the NV-storage startup unless it is altered. This option does not delete the startup config file if it exists."; } leaf factory-startup { type empty; description "Force the system to use the factory configuration and delete the startup config file if it exists. Force the NV-storage startup to contain the factory default configuration."; } leaf startup { type string; description "The full or relative filespec of the startup config file to use. If present, overrides the default startup config file name 'startup-cfg.xml', This will also override the YUMAPRO_DATAPATH environment variable and the datapath CLI parameter, if the first character is the forward slash '/', indicating an absolute file path."; } } // choice start leaf startup-error { type enumeration { enum "stop" { value 0; description "Terminate the program if any errors are encountered in the startup configuration."; } enum "continue" { value 1; description "Continue the program if any errors are encountered in the startup configuration. The entire module-specific data structure(s) containing the error node(s) will not be added to the running configuration at boot-time."; } enum "fallback" { value 2; description "Fallback to the factory configuration if errors are encountered in the startup configuration. The server will restart as if the --factory-startup configuration parameter was used."; } } default "stop"; description "Controls the server behavior if any errors are encountered while loading the startup configuration file into the running configuration at boot-time. It is possible for the startup configuration to contain errors within optional nodes. If this parameter is set to 'continue', then the validation tests on the running config (controlled by running-error) should not fail due to missing optional nodes."; } leaf startup-factory-file { type string; default "factory-startup-cfg.xml"; description "The full or relative filespec of the factory startup config file to use. If the --factory-startup parameter is used, or no startup file is specified or found, then the server will look for this filespec. If found, then it will copied to the startup config file used to load the server. If the value represents a relative filespec then the server will check the server data file search path for the first matching filespec. If this parameter is set and the filespec is not found then the server will exit with an error. If the default filespec is not found then an empty datastore will be used to load the running configuration datastore at boot-time."; } leaf startup-prune-ok { type boolean; default "false"; description "If set to 'true' then the server will prune unknown data nodes from the startup configuration instead of treating this as an error. A log_info message will be printed. If other known data nodes depend on the pruned nodes, then an error may occur anyway. If so, the 'startup-error' parameter will determine how this is handled. If set to 'false' then unknown data nodes found in the startup configuration will cause an error. Unknown data nodes can occur if modules were previously loaded dynamically, or if a YANG feature is configured from enabled to disabled."; } leaf startup-skip-validation { type boolean; default "false"; description "If set to 'true' then the server will skip all YANG validation of the startup configuration when it is loaded into the running configuration at boot-time. This should make the server boot faster but it assumes the startup configuration is already valid. Only the initial startup load operation is affected by this parameter. This parameter affects the 'root check' only. This includes the following datastore validation: - must - when (see note) - leafref path - unique - min-elements - max-elements - mandatory This parameter does not affect 'default' processing or 'when' statement processing for default nodes. It does affect 'when' statement processing for nodes provided in the startup configuration. It is possible that any invalid configuration will need to be fixed before any edits can be made to the <running> datastore. The full datastore can be checked using the <validate> operation. If the startup configuration is completely valid such that all validation tests would have passed, then this parameter should be safe to use. If the startup configuration contains data that does not pass the affected validation tests, then it may not be safe to use this parameter. This is extremely dangerous and can lead to incorrect processing of datastore editing operations. The server does not validate the complete datastore unless the <validate> operation is used. Any <edit-config> and <commit> operations done on a datastore that contains invalid YANG data may produce incorrect results. It is possible that edits will fail because the server detects invalid nodes from the startup during processing of the requested edit. The <restore> operation is not affected by this parameter. It is possible to save an invalid configuration that cannot be restored. Use the <validate> operation before using the <backup> operation to ensure a backup configuration can be restored later. If set to 'false' then startup validation is not skipped."; } leaf subsys-timeout { type uint16; units "seconds"; default "30"; description "The number of seconds to wait for a response from a sub-system before declaring a timeout. The value '0' indicates that no timeout should be used."; } leaf-list superuser { type union { type nt:NcxName; type string { length "0"; } } description "Each entry specifies a user name to use as the superuser account. Any session associated with this user name will bypass all access control enforcement. See ietf-netconf-acm.yang for more details. To disable the superuser account completely, do not set this parameter at all. The default mode is to not allow any superuser access. Do not set this parameter to an empty string. This mode is deprecated and should not be used."; } leaf system-notifications { type bits { bit ietf { position 0; description "Use ietf-netconf-notifications module."; reference "RFC 6470"; } bit yuma { position 1; description "Use yuma-system module. Ignored if with-yuma-system is set to 'false'"; } } default "ietf"; description "Indicates which YANG module(s) should be used for system notifications."; } leaf system-sort-type { type enumeration { enum "off" { value 0; description "No sorting will be done"; } enum "ascending" { value 1; description "Entries will be sorted in ascending order."; } enum "descending" { value 2; description "Entries will be sorted in descending order."; } } default "off"; description "Indicates the sort type for system-ordered configuration lists and leaf-lists. This parameter is ignored if 'system-ordered' is set to 'false'. Otherwise this parameter determines the default sort order. The YANG extension 'ywx:sort-type' can be used to override this default setting to select the setting for a specific list or leaf-list object. Added in 23.10-6 release."; } leaf system-sorted { type boolean; default "false"; description "Indicates whether ordered-by system leaf-lists and lists will be kept in sorted order. This parameter is no longer ignored, starting in 23.10-6. It is used with the 'system-sort-type' leaf to determine if and how value instances will be sorted when inserted into the configuration."; } leaf target { type enumeration { enum "running" { value 0; description "Write to the running config and support the :writable-running capability."; } enum "candidate" { value 1; description "Write to the candidate config and support the :candidate and :confirmed-commit capabilities."; } } default "candidate"; description "The database to use as the target of edit-config operations."; } leaf tls-crl-missing-ok { type boolean; default "false"; description "If true then a missing CRL Distribution Points within a client or CA certificate will be ignored. Not relevant unless tls-crl-mode is set to 'client' or 'ca'. If false, and CRL verification is enabled for the certificate, the TLS session will not be accepted."; } leaf tls-crl-mode { type enumeration { enum "off" { value 0; description "Do not use CRL verification when verifying any certificates."; } enum "client" { value 1; description "Use CRL verification when verifying client certificates."; } enum "ca" { value 2; description "Use CRL verification when verifying client and CA certificates."; } } default "off"; description "Specifies how Certificate Revocation List checking should be done for NETCONF over TLS sessions. This has no affect unless --with-netconf-tls=true is set."; } leaf tls-cipherlist { type string { length "1 .. 256"; } description "The cipherlist parameter to use to configure the server using the SSL_CTX_set_cipher_list function in openssl. This parameter is passed directly and not checked. Warning! For Advanced OpenSSL Users Only! Refer to the OpenSSL documentation for all details and support. OpenSSL problems due to use of this parameter are not supported. - https://www.openssl.org/docs/man1.0.2/man3/ SSL_set_cipher_list.html - https://www.openssl.org/docs/man1.0.2/man1/ciphers.html - https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html - https://www.iana.org/assignments/tls-parameters/ tls-parameters.xhtml#tls-parameters-4 "; } leaf tls-debug { type boolean; default "false"; description "Enable extra NETCONF over TLS session debugging. Used with the --log-level parameter to increase the amount of debugging info printed."; } leaf tls-deprecated-ok { type boolean; default "false"; description "Allow deprecated versions of TLS to be used in NETCONF over TLS sessions. If 'true' then any TLS version used will be accepted. If 'false' then only TLS versions 1.2 and 1.3 will be accepted. The default value is false, which is not backward-compatible with server versions prior to YumaPro version 22.10-3."; } leaf trim-whitespace { type boolean; default "false"; description "If true, then trim leading and trailing whitespace from XML string nodes. If false, adhere to the standard and do not trim any leading or trailing whitespace. The server previously would trim whitespace but no longer does this by default. This leaf must be set to trim this whitespace now."; } leaf log-event-drops { type boolean; default "false"; description "Indicates if a log entry would be generated when a notification is dropped because the specific notification events are disabled with an event-filter configuration entry."; } leaf log-pthread-level { type nt:NcDebugType; description "Sets the pthread debug logging level filter for the program."; } leaf session-sync-mutex { type empty; status deprecated; description "If present, force synchronous request processing (pthread version only). Ignored by the server"; } leaf server-id { type nt:NcxName; default "server1"; description "Server Identifier string to use for this server. Used in YControl and SIL-SA messages to identifier the server to all subsystems. Used in YP-HA to identify this server in the YP-HA server pool"; } leaf server-root { type nt:NcxName; description "Server Root Identifier string to use for this server. Used to run the server in Multi-Instance Mode. Every server running on the same host must have a unique server-root value. If this leaf is not present, then the server will run in Single-Instance Mode. This value must match a Server Root ID in a mapping in the server-multi-info.txt file usually located in the /etc directory. If this parameter is provided on the command line then the --fileloc-fhs parameter must also be provided on the command-line (if it is set to 'true'). TBD: All differences between 2 modes "; } leaf usexmlorder { type empty; description "If present, then XML element order will be enforced. Otherwise, XML element order errors will not be generated if possible. Default is no enforcement of strict XML order."; } leaf user-parm { type string { length "1 .. 8192"; } description "Optional user parameter that can be accessed by the server instrumentation code within netconfd-pro. This parameter has no defined purpose or structure. It can be accessed with the 'agt_get_user_parm' API function from agt.h"; } choice watcher-parm { description "Automatic server state monitoring support. ypwatcher program periodically checks if the server is alive and if not restart the server and write the event into syslog."; leaf no-watcher { type empty; description "Control the ypwatcher program. If present, do not launch ypwatcher program. If this parameter is present, then the --watcher-interval parameter cannot be present."; } leaf watcher-interval { type uint32 { range "1 .. max"; } default "10"; description "Specifies the sleep interval between ypwatcher program attempts to check availability of the server. Provided value is in seconds. The server does not accept the value of 0 for this parameter. The minimal acceptable value is 1 second. The default value is 10."; } } // choice watcher-parm leaf wait-datastore-ready { type boolean; default "false"; description "Determines if client sessions will be available even if the running datastore is not ready to use yet. For example, if SIL-SA bundles are used then the server must wait until all of them have been loaded (by subsystems) before the startup configuration can be loaded into the running datastore. The running datastore is not ready to use in this state. If 'true' then client sessions will be locked until the datastores are ready. Protocol operations that do not access the datastores can be used in this state. If 'false' then client session connections will be rejected until the datastores are ready. The default is 'false' only to be backwards-compatible. The 'true' setting should be used in most cases."; } leaf with-error-number { type boolean; default "true"; description "If set to 'true', then the <error-info> element will include the proprietary <error-number> element. If set to 'false', then the <error-info> element will not include the proprietary <error-number> element. This leaf corresponds to the error status enumerations defined in 'status_enum.h'. "; } leaf with-maintenance-mode { type boolean; default "true"; description "If set to 'true', then allow the maintenance mode to be used. Otherwise, ignore all requests to place the server in maintenance mode."; } leaf with-notifications { type boolean; default "true"; description "If set to 'true', then the :notification:1.0 and :interleave:1.0 capabilities will be enabled. Otherwise, these capabilities will not be enabled."; } leaf with-db-lock { type boolean; default "false"; description "If set to 'true', then the server will use the DB-API DB-Config-Lock service for all configuration edit transactions to the <running> datastore. All client edits will be require this lock be granted or it will fail. The server will use the db-lock-retry-interval and db-lock-timeout CLI parameters to control how lock retries will be done. If set to 'false', the DB-Config-Lock will not be used by the server."; } leaf with-callhome { type boolean; default "false"; description "This feature is only available if the server image is built with the WITH_CALLHOME=1 compiler flag. If set to 'true', then the IETF Callhome for SSH feature will be enabled. If set to 'false', then this feature will be disabled and the following CLI parameters will be ignored: - callhome-retry-max - callhome-retry-interval - callhome-server "; } leaf with-canonical { type boolean; default "true"; description "If set to 'true', then the server will automatically convert XML and JSON input parameters to the canonical format for the YANG data type, if possible. The following built-in YANG data types are affected: - ipv6-address - ipv6-address-no-zone - domain-name - phys-address - mac-address - hex-string - uuid Any canonical callbacks for user-defined data types are also affected by this parameter. Internal values can be manually converted to canonical format using the val_set_canonical API. "; } leaf with-config-id { type boolean; default "true"; description "If set to 'true', then the YumaWorks :config-id capability will be enabled. This is used to help cache device configurations. It is an enterprise capability URI, not a standard YANG module URI. If set to 'false', then the YumaWorks :config-id capability will be disabled."; } leaf with-grpc { type boolean; default "false"; description "If set to 'true', then the gRPC protocol will be enabled. Otherwise, the gRPC protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-gnmi { type boolean; default "false"; description "If set to 'true', then the gNMI protocol will be enabled. Otherwise, the gNMI protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-modtags { type boolean; default "true"; description "If set to 'true', then the module tags feature will be enabled. Otherwise, this feature will be disabled. If disabled, the module-tagmap parameter will be ignored and the ietf-module-tags module will not be loaded."; } leaf with-new-notifs { type boolean; default "true"; description "If set to 'true', then the new notification operations defined in RFC 8639 will be used, even if 'bundle yang-push' is not used. This will cause the 'ietf-subscribed-notifications' module to be loaded by the server. This parameter is ignored if any of the following are true: * --with-notifications=false. * Server not built with WITH_YANG_PUSH=1 compiler flag * --bundle=yang-push is used "; } leaf with-new-yanglib { type boolean; default "true"; description "If set to 'true', then the new YANG Library from RFC 8525 will be used, even if --with-nmda=false. This will cause the '/yang-library' subtree to be present. It does not cause the '/modules-state' subtree to be removed. "; } leaf with-nmda { type boolean; default "false"; description "If set to 'true', then NMDA operations and YANG modules will be enabled: - ietf-datastores - ietf-origin - ietf-netconf-nmda "; } leaf with-ocpattern { type boolean; default "false"; description "If true, then OpenConfig patterns with be checked. If the module name starts with the string 'openconfig-' then all pattern statements within that module are treated as POSIX patterns, not YANG patterns. If false, then the pattern statements in all modules will be checked as YANG patterns. "; } leaf with-schema-mount { type boolean; default "true"; description "This feature is only available if the server image is built with the WITH_SCHEMA_MOUNT=1 compiler flag. If set to 'true', then the Schema Mount feature will be enabled and the Schema Mount related YANG modules and SIL code will be loaded. Additional configuration will be required. The server needs to know which YANG modules should be mounted at a given mount-point. Refer to --sm-config parameter."; } leaf with-startup { type boolean; default "false"; description "If set to 'true', then the :startup capability will be enabled. Otherwise, the :startup capability will not be enabled. This capability makes the NV-save operation an explicit operation instead of an automatic save."; } leaf with-term-msg { type boolean; default "true"; description "If set to 'true', then the yumaworks-term-msg module will be loaded and enabled. Otherwise, this module will not be loaded. The <term-msg> notification is used by yp-shell for displaying terminal diagnostic messages."; } leaf with-url { type boolean; default "true"; description "If set to 'true', then the :url capability will be enabled and the 'file' scheme will be enabled. Otherwise, the :url capability will not be enabled. This capability requires a file system and may introduce security risks because internal files such as startup-cfg.xml and backup-cfg.xml could be exposed."; } leaf with-url-ftp { type boolean; default "false"; description "If set to 'true', then the 'ftp' protocol scheme will be enabled for the 'url' capability. Ignored if the 'with-url' parameter is false."; } leaf with-url-tftp { type boolean; default "false"; description "If set to 'true', then the 'tftp' protocol scheme will be enabled for the 'url' capability. Ignored if the 'with-url' parameter is false."; } leaf with-validate { type boolean; default "true"; description "If set to 'true', then the :validate capability will be enabled. Otherwise, the :validate capability will not be enabled. This capability requires extensive memory resources."; } leaf with-netconf { type boolean; default "true"; description "If set to 'true', then the NETCONF over SSH protocol will be enabled. Otherwise, the NETCONF over SSH protocol will not be enabled. An incoming connection will be dropped if the protocol is disabled."; } leaf with-netconf-tls { type boolean; default "false"; description "If set to 'true', then the NETCONF over TLS protocol will be enabled. Otherwise, the NETCONF over TLS protocol will not be enabled. An incoming connection will be dropped if the protocol is disabled. The default is set to false because the server will terminate if the server certificates are not found and this parameter is set to 'true'."; } leaf with-restconf { type boolean; default "true"; description "If set to 'true', then the RESTCONF protocol will be enabled. Otherwise, the RESTCONF protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-rollback-on-error { type boolean; default "true"; description "If set to 'true', then the NETCONF :rollback-on-error capability and feature will be enabled and advertised. Otherwise, this feature will not be enabled or advertised."; } leaf with-snmp { type boolean; default "false"; description "If set to 'true', then the SNMP protocol will be enabled. Otherwise, the SNMP protocol will not be enabled. Incoming SNMP requests will be dropped if the protocol is disabled."; } leaf with-support-save { type boolean; default "true"; description "If set to 'true', then the yumaworks-support-save module will be loaded and enabled. Otherwise, this module will not be loaded. Ignored if the server image is not built with the WITH_SUPPORT_SAVE=1 compiler flag. This module provides the <get-support-save> operation to collect bug report information."; } leaf with-warnings { type boolean; default "false"; description "If set to 'true', then the agt_record_warning function will be enabled, allowing the error-severity field to be incorrectly set to 'warning'. This violates the NETCONF standard and client software may reject the <error-severity> data as invalid if this is used. If 'false' then error-severity will not be set to warning even if agt_record_warning is used."; } leaf with-yang-api { type boolean; default "false"; status deprecated; description "If set to 'true', then the YANG-API protocol will be enabled. Otherwise, the YANG-API protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-yang11-hello { type boolean; default "true"; description "Control whether the NETCONF hello message should conform to the standard and leave out YANG 1.1 modules. If set to 'true', then leave out YANG 1.1 modules from <capability> used in <hello>. Also keep out of monitoring <capabilities> list. If 'false' then ignore the standard and advertise YANG 1.1 module capabilities. Changed default to true in 22.10T-8 for RFC 7950 compliance."; } leaf with-yang-patch-running { type boolean; default "false"; description "If set to 'true', the YANG-PATCH will be enabled when the server supports only the :writable-running capability. If 'false' then the YANG-PATCH requests will be rejected."; } leaf with-yang-cbor { type boolean; default "false"; description "If set to 'true', the YANG to CBOR binary encoding will be enabled. This parameter has no effect unless the WITH_YANG_CBOR=1 make parameter is used in the build. If 'false' then the YANG to CBOR binary encoding is disabled."; } leaf with-yp-coap { type boolean; default "false"; description "If set to 'true', then the YP-CoAP protocol will be enabled. Otherwise, the YP-CoAP protocol will not be enabled. This protocol is NOT SECURE. It SHOULD NOT be used unless privacy is provided by some other means."; } leaf with-yp-coap-dtls { type boolean; default "false"; description "If set to 'true', then the YP-CoAP over DTLS protocol will be enabled. Otherwise, the YP-CoAP over DTLS protocol will not be enabled. This protocol is secure. It SHOULD be used instead of YP-CoAP without DTLS."; } leaf with-yp-shell { type boolean; default "true"; description "If set to 'true', then the YP-SHELL protocol will be enabled. Otherwise, the YP-SHELL protocol will not be enabled. The incoming connection will be dropped if the protocol is disabled."; } leaf with-yuma-system { type boolean; default "false"; description "If set to 'true', then the yuma-system module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf with-yuma-time-filter { type boolean; default "true"; description "If set to 'true', then the yuma-time-filter module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf with-yumaworks-config-change { type boolean; default "false"; description "If set to 'true', then the yumaworks-config-change module will be loaded and enabled. Otherwise, this module will not be loaded. This modules adds data to the 'netconf-config-change' notification. This data represents a security risk since it is not subject to the same access control rules within a notification as within a datastore. NACM does not provide access control for the contents of a notification, only for the notification event type. Use this module with caution! Only allow a superuser administrator access to the 'netconf-config-change' notification if this module is used."; } leaf with-yumaworks-event-filter { type boolean; default "true"; description "If set to 'true', then the yumaworks-event-filter module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf with-yumaworks-getbulk { type boolean; default "true"; description "If set to 'true', then the yumaworks-getbulk module will be loaded and enabled. Otherwise, this module will not be loaded. If disabled the <get-bulk> operation will not be available."; } leaf with-yumaworks-lock { type boolean; default "true"; description "If set to 'true', then the yumaworks-lock module will be loaded and enabled. Otherwise, this module will not be loaded. If disabled the <lock-all> and <unlock-all> operations will not be available."; } leaf with-yumaworks-callhome { type boolean; default "true"; description "If set to 'true', then the yumaworks-callhome module will be loaded and enabled. Otherwise, this module will not be loaded. If not enabled then the run-time configuration of CallHome servers will not be available. This parameter has no effect if the WITH_CALLHOME=1 option is not used when building the server binary."; } leaf with-yumaworks-event-stream { type boolean; default "true"; description "If set to 'true', then the yumaworks-event-stream module will be loaded and enabled. Otherwise, this module will not be loaded. If disabled the /event-streams subtree will not be available."; } leaf with-yumaworks-ids { type boolean; default "true"; description "If set to 'true', then the yumaworks-ids module will be loaded and enabled. Otherwise, this module will not be loaded. If not enabled then the extra transport types for netconfd-pro specific transports and control sessions will not be available."; } leaf with-yumaworks-sm-yanglib { type boolean; default "true"; description "If set to 'true', then the yumaworks-sm-yanglib module will be loaded and enabled. Otherwise, this module will not be loaded and the <get-sm-yanglib> operation will not be available. This parameter is ignored unless the Schema Mount feature is enabled and configured in the server."; } leaf with-yumaworks-system { type boolean; default "true"; description "If set to 'true', then the yumaworks-system module will be loaded and enabled. Otherwise, this module will not be loaded. The <load>, <unload>, <load-bundle>, and <unload-bundle> operations will not be available. Other operations and data model augments will not be available."; } leaf with-yumaworks-templates { type boolean; default "true"; description "If set to 'true', then the yumaworks-templates module will be loaded and enabled. Otherwise, this module will not be loaded. Ignored unless the server is built with the WITH_TEMPLATES=1 compiler flag."; } leaf yang-sid-mode { type ywt:yang-sid-mode; default "sid-file"; description "The mode to use for the source of YANG SID assignments. This parameter has no effect unless the WITH_YANG_CBOR=1 make parameter is used in the build and the --with-yang-cbor parameter is set to 'true'."; } leaf with-yumaworks-cert-usermap { type boolean; default "true"; description "If set to 'true', then the yumaworks-cert-usermap module will be loaded and enabled. Otherwise, this module will not be loaded."; } leaf yangapi-server-url { type inet:uri; default "http://localhost"; description "The starting string for the server URL to use in Location header lines returned by YANG-API."; } leaf yp-coap-address { type inet:ip-address; default "0.0.0.0"; description "The IP address that the YP-CoAP protocol will use to listen for incoming requests. This will also be used as the source address in YP-CoAP packets sent by the server."; } leaf yp-coap-port { type inet:port-number; default "5683"; description "The UDP port number that the YP-CoAP protocol will use to listen for incoming requests. This will also be used as the source port number in YP-CoAP packets sent by the server."; } leaf yp-coap-dtls-port { type inet:port-number; default "5684"; description "The UDP port number that the YP-CoAP protocol will use to listen for incoming requests for CoAP over DTLS. This will also be used as the source port number in YP-CoAP packets sent by the server."; } leaf restconf-server-url { type inet:uri; default "http://localhost"; description "The starting string for the server URL to use in Location header lines returned by RESTCONF."; } } // container server } // module yumaworks-server
© 2023 YumaWorks, Inc. All rights reserved.