1 <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1">
2 <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"><?xml version="1.0" encoding="UTF-8"?>
3 <module name="ietf-system"
4 xmlns="urn:ietf:params:xml:ns:yang:yin:1"
5 xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-system"
6 xmlns:yang="urn:ietf:params:xml:ns:yang:ietf-yang-types"
7 xmlns:inet="urn:ietf:params:xml:ns:yang:ietf-inet-types"
8 xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"
9 xmlns:ianach="urn:ietf:params:xml:ns:yang:iana-crypt-hash">
10 <namespace uri="urn:ietf:params:xml:ns:yang:ietf-system"/>
11 <prefix value="sys"/>
12 <import module="ietf-yang-types">
13 <prefix value="yang"/>
15 <import module="ietf-inet-types">
16 <prefix value="inet"/>
18 <import module="ietf-netconf-acm">
19 <prefix value="nacm"/>
21 <import module="iana-crypt-hash">
22 <prefix value="ianach"/>
25 <text>IETF NETMOD (NETCONF Data Modeling Language) Working Group</text>
28 <text>WG Web: &lt;http://tools.ietf.org/wg/netmod/&gt;
29 WG List: &lt;mailto:netmod@ietf.org&gt;
31 WG Chair: Thomas Nadeau
32 &lt;mailto:tnadeau@lucidvision.com&gt;
34 WG Chair: Juergen Schoenwaelder
35 &lt;mailto:j.schoenwaelder@jacobs-university.de&gt;
38 &lt;mailto:andy@yumaworks.com&gt;
40 Editor: Martin Bjorklund
41 &lt;mailto:mbj@tail-f.com&gt;</text>
44 <text>This module contains a collection of YANG definitions for the
45 configuration and identification of some common system
46 properties within a device containing a NETCONF server. This
47 includes data node definitions for system identification,
48 time-of-day management, user management, DNS resolver
49 configuration, and some protocol operations for system
52 Copyright (c) 2014 IETF Trust and the persons identified as
53 authors of the code. All rights reserved.
55 Redistribution and use in source and binary forms, with or
56 without modification, is permitted pursuant to, and subject
57 to the license terms contained in, the Simplified BSD License
58 set forth in Section 4.c of the IETF Trust's Legal Provisions
59 Relating to IETF Documents
60 (http://trustee.ietf.org/license-info).
62 This version of this YANG module is part of RFC 7317; see
63 the RFC itself for full legal notices.</text>
65 <revision date="2014-08-06">
67 <text>Initial revision.</text>
70 <text>RFC 7317: A YANG Data Model for System Management</text>
73 <feature name="radius">
75 <text>Indicates that the device can be configured as a RADIUS
79 <text>RFC 2865: Remote Authentication Dial In User Service (RADIUS)</text>
82 <feature name="authentication">
84 <text>Indicates that the device supports configuration of
85 user authentication.</text>
88 <feature name="local-users">
89 <if-feature name="authentication"/>
91 <text>Indicates that the device supports configuration of
92 local user authentication.</text>
95 <feature name="radius-authentication">
96 <if-feature name="radius"/>
97 <if-feature name="authentication"/>
99 <text>Indicates that the device supports configuration of user
100 authentication over RADIUS.</text>
103 <text>RFC 2865: Remote Authentication Dial In User Service (RADIUS)
104 RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
105 Authorization for Network Access Server (NAS)
106 Management</text>
109 <feature name="ntp">
111 <text>Indicates that the device can be configured to use one or
112 more NTP servers to set the system date and time.</text>
115 <feature name="ntp-udp-port">
116 <if-feature name="ntp"/>
118 <text>Indicates that the device supports the configuration of
119 the UDP port for NTP servers.
121 This is a 'feature', since many implementations do not support
122 any port other than the default port.</text>
125 <feature name="timezone-name">
127 <text>Indicates that the local time zone on the device
128 can be configured to use the TZ database
129 to set the time zone and manage daylight saving time.</text>
132 <text>RFC 6557: Procedures for Maintaining the Time Zone Database</text>
135 <feature name="dns-udp-tcp-port">
137 <text>Indicates that the device supports the configuration of
138 the UDP and TCP port for DNS servers.
140 This is a 'feature', since many implementations do not support
141 any port other than the default port.</text>
144 <identity name="authentication-method">
146 <text>Base identity for user authentication methods.</text>
149 <identity name="radius">
150 <base name="authentication-method"/>
152 <text>Indicates user authentication using RADIUS.</text>
155 <text>RFC 2865: Remote Authentication Dial In User Service (RADIUS)
156 RFC 5607: Remote Authentication Dial-In User Service (RADIUS)
157 Authorization for Network Access Server (NAS)
158 Management</text>
161 <identity name="local-users">
162 <base name="authentication-method"/>
164 <text>Indicates password-based authentication of locally
165 configured users.</text>
168 <identity name="radius-authentication-type">
170 <text>Base identity for RADIUS authentication types.</text>
173 <identity name="radius-pap">
174 <base name="radius-authentication-type"/>
176 <text>The device requests Password Authentication Protocol (PAP)
177 authentication from the RADIUS server.</text>
180 <text>RFC 2865: Remote Authentication Dial In User Service (RADIUS)</text>
183 <identity name="radius-chap">
184 <base name="radius-authentication-type"/>
186 <text>The device requests Challenge Handshake Authentication
187 Protocol (CHAP) authentication from the RADIUS server.</text>
190 <text>RFC 2865: Remote Authentication Dial In User Service (RADIUS)</text>
193 <typedef name="timezone-name">
194 <type name="string"/>
196 <text>A time zone name as used by the Time Zone Database,
197 sometimes referred to as the 'Olson Database'.
199 The exact set of valid values is an implementation-specific
200 matter. Client discovery of the exact set of time zone names
201 for a particular server is out of scope.</text>
204 <text>RFC 6557: Procedures for Maintaining the Time Zone Database</text>
207 <container name="system">
209 <text>System group configuration.</text>
211 <leaf name="contact">
212 <type name="string"/>
214 <text>The administrator contact information for the system.
216 A server implementation MAY map this leaf to the sysContact
217 MIB object. Such an implementation needs to use some
218 mechanism to handle the differences in size and characters
219 allowed between this leaf and sysContact. The definition of
220 such a mechanism is outside the scope of this document.</text>
223 <text>RFC 3418: Management Information Base (MIB) for the
224 Simple Network Management Protocol (SNMP)
225 SNMPv2-MIB.sysContact</text>
228 <leaf name="hostname">
229 <type name="inet:domain-name"/>
231 <text>The name of the host. This name can be a single domain
232 label or the fully qualified domain name of the host.</text>
235 <leaf name="location">
236 <type name="string"/>
238 <text>The system location.
240 A server implementation MAY map this leaf to the sysLocation
241 MIB object. Such an implementation needs to use some
242 mechanism to handle the differences in size and characters
243 allowed between this leaf and sysLocation. The definition
244 of such a mechanism is outside the scope of this document.</text>
247 <text>RFC 3418: Management Information Base (MIB) for the
248 Simple Network Management Protocol (SNMP)
249 SNMPv2-MIB.sysLocation</text>
252 <container name="clock">
254 <text>Configuration of the system date and time properties.</text>
256 <choice name="timezone">
258 <text>The system time zone information.</text>
260 <case name="timezone-name">
261 <if-feature name="timezone-name"/>
262 <leaf name="timezone-name">
263 <type name="timezone-name"/>
265 <text>The TZ database name to use for the system, such
266 as 'Europe/Stockholm'.</text>
270 <case name="timezone-utc-offset">
271 <leaf name="timezone-utc-offset">
272 <type name="int16">
273 <range value="-1500 .. 1500"/>
275 <units name="minutes"/>
277 <text>The number of minutes to add to UTC time to
278 identify the time zone for this system. For example,
279 'UTC - 8:00 hours' would be represented as '-480'.
280 Note that automatic daylight saving time adjustment
281 is not provided if this object is used.</text>
287 <container name="ntp">
288 <if-feature name="ntp"/>
289 <presence value="Enables the NTP client unless the 'enabled' leaf
290 (which defaults to 'true') is set to 'false'"/>
292 <text>Configuration of the NTP client.</text>
294 <leaf name="enabled">
295 <type name="boolean"/>
296 <default value="true"/>
298 <text>Indicates that the system should attempt to
299 synchronize the system clock with an NTP server
300 from the 'ntp/server' list.</text>
303 <list name="server">
304 <key value="name"/>
306 <text>List of NTP servers to use for system clock
307 synchronization. If '/system/ntp/enabled'
308 is 'true', then the system will attempt to
309 contact and utilize the specified NTP servers.</text>
311 <leaf name="name">
312 <type name="string"/>
314 <text>An arbitrary name for the NTP server.</text>
317 <choice name="transport">
318 <mandatory value="true"/>
320 <text>The transport-protocol-specific parameters for this
323 <case name="udp">
324 <container name="udp">
326 <text>Contains UDP-specific configuration parameters
327 for NTP.</text>
329 <leaf name="address">
330 <type name="inet:host"/>
331 <mandatory value="true"/>
333 <text>The address of the NTP server.</text>
336 <leaf name="port">
337 <if-feature name="ntp-udp-port"/>
338 <type name="inet:port-number"/>
339 <default value="123"/>
341 <text>The port number of the NTP server.</text>
347 <leaf name="association-type">
348 <type name="enumeration">
349 <enum name="server">
351 <text>Use client association mode. This device
352 will not provide synchronization to the
353 configured NTP server.</text>
356 <enum name="peer">
358 <text>Use symmetric active association mode.
359 This device may provide synchronization
360 to the configured NTP server.</text>
363 <enum name="pool">
365 <text>Use client association mode with one or
366 more of the NTP servers found by DNS
367 resolution of the domain name given by
368 the 'address' leaf. This device will not
369 provide synchronization to the servers.</text>
373 <default value="server"/>
375 <text>The desired association type for this NTP server.</text>
378 <leaf name="iburst">
379 <type name="boolean"/>
380 <default value="false"/>
382 <text>Indicates whether this server should enable burst
383 synchronization or not.</text>
386 <leaf name="prefer">
387 <type name="boolean"/>
388 <default value="false"/>
390 <text>Indicates whether this server should be preferred
396 <container name="dns-resolver">
398 <text>Configuration of the DNS resolver.</text>
400 <leaf-list name="search">
401 <type name="inet:domain-name"/>
402 <ordered-by value="user"/>
404 <text>An ordered list of domains to search when resolving
405 a host name.</text>
408 <list name="server">
409 <key value="name"/>
410 <ordered-by value="user"/>
412 <text>List of the DNS servers that the resolver should query.
414 When the resolver is invoked by a calling application, it
415 sends the query to the first name server in this list. If
416 no response has been received within 'timeout' seconds,
417 the resolver continues with the next server in the list.
418 If no response is received from any server, the resolver
419 continues with the first server again. When the resolver
420 has traversed the list 'attempts' times without receiving
421 any response, it gives up and returns an error to the
424 Implementations MAY limit the number of entries in this
427 <leaf name="name">
428 <type name="string"/>
430 <text>An arbitrary name for the DNS server.</text>
433 <choice name="transport">
434 <mandatory value="true"/>
436 <text>The transport-protocol-specific parameters for this
439 <case name="udp-and-tcp">
440 <container name="udp-and-tcp">
442 <text>Contains UDP- and TCP-specific configuration
443 parameters for DNS.</text>
446 <text>RFC 1035: Domain Names - Implementation and
448 RFC 5966: DNS Transport over TCP - Implementation
449 Requirements</text>
451 <leaf name="address">
452 <type name="inet:ip-address"/>
453 <mandatory value="true"/>
455 <text>The address of the DNS server.</text>
458 <leaf name="port">
459 <if-feature name="dns-udp-tcp-port"/>
460 <type name="inet:port-number"/>
461 <default value="53"/>
463 <text>The UDP and TCP port number of the DNS server.</text>
470 <container name="options">
472 <text>Resolver options. The set of available options has been
473 limited to those that are generally available across
474 different resolver implementations and generally useful.</text>
476 <leaf name="timeout">
477 <type name="uint8">
478 <range value="1..max"/>
480 <units name="seconds"/>
481 <default value="5"/>
483 <text>The amount of time the resolver will wait for a
484 response from each remote name server before
485 retrying the query via a different name server.</text>
488 <leaf name="attempts">
489 <type name="uint8">
490 <range value="1..max"/>
492 <default value="2"/>
494 <text>The number of times the resolver will send a query to
495 all of its name servers before giving up and returning
496 an error to the calling application.</text>
501 <container name="radius">
502 <if-feature name="radius"/>
504 <text>Configuration of the RADIUS client.</text>
506 <list name="server">
507 <key value="name"/>
508 <ordered-by value="user"/>
510 <text>List of RADIUS servers used by the device.
512 When the RADIUS client is invoked by a calling
513 application, it sends the query to the first server in
514 this list. If no response has been received within
515 'timeout' seconds, the client continues with the next
516 server in the list. If no response is received from any
517 server, the client continues with the first server again.
518 When the client has traversed the list 'attempts' times
519 without receiving any response, it gives up and returns an
520 error to the calling application.</text>
522 <leaf name="name">
523 <type name="string"/>
525 <text>An arbitrary name for the RADIUS server.</text>
528 <choice name="transport">
529 <mandatory value="true"/>
531 <text>The transport-protocol-specific parameters for this
534 <case name="udp">
535 <container name="udp">
537 <text>Contains UDP-specific configuration parameters
538 for RADIUS.</text>
540 <leaf name="address">
541 <type name="inet:host"/>
542 <mandatory value="true"/>
544 <text>The address of the RADIUS server.</text>
547 <leaf name="authentication-port">
548 <type name="inet:port-number"/>
549 <default value="1812"/>
551 <text>The port number of the RADIUS server.</text>
554 <leaf name="shared-secret">
555 <nacm:default-deny-all/>
556 <type name="string"/>
557 <mandatory value="true"/>
559 <text>The shared secret, which is known to both the
560 RADIUS client and server.</text>
563 <text>RFC 2865: Remote Authentication Dial In User
564 Service (RADIUS)</text>
570 <leaf name="authentication-type">
571 <type name="identityref">
572 <base name="radius-authentication-type"/>
574 <default value="radius-pap"/>
576 <text>The authentication type requested from the RADIUS
581 <container name="options">
583 <text>RADIUS client options.</text>
585 <leaf name="timeout">
586 <type name="uint8">
587 <range value="1..max"/>
589 <units name="seconds"/>
590 <default value="5"/>
592 <text>The number of seconds the device will wait for a
593 response from each RADIUS server before trying with a
594 different server.</text>
597 <leaf name="attempts">
598 <type name="uint8">
599 <range value="1..max"/>
601 <default value="2"/>
603 <text>The number of times the device will send a query to
604 all of its RADIUS servers before giving up.</text>
609 <container name="authentication">
610 <nacm:default-deny-write/>
611 <if-feature name="authentication"/>
613 <text>The authentication configuration subtree.</text>
615 <leaf-list name="user-authentication-order">
616 <type name="identityref">
617 <base name="authentication-method"/>
619 <must condition="(. != &quot;sys:radius&quot; or ../../radius/server)">
620 <error-message>
621 <value>When 'radius' is used, a RADIUS server must be configured.</value>
622 </error-message>
624 <text>When 'radius' is used as an authentication method,
625 a RADIUS server must be configured.</text>
628 <ordered-by value="user"/>
630 <text>When the device authenticates a user with a password,
631 it tries the authentication methods in this leaf-list in
632 order. If authentication with one method fails, the next
633 method is used. If no method succeeds, the user is
636 An empty user-authentication-order leaf-list still allows
637 authentication of users using mechanisms that do not
640 If the 'radius-authentication' feature is advertised by
641 the NETCONF server, the 'radius' identity can be added to
644 If the 'local-users' feature is advertised by the
645 NETCONF server, the 'local-users' identity can be
646 added to this list.</text>
649 <list name="user">
650 <if-feature name="local-users"/>
651 <key value="name"/>
653 <text>The list of local users configured on this device.</text>
655 <leaf name="name">
656 <type name="string"/>
658 <text>The user name string identifying this entry.</text>
661 <leaf name="password">
662 <type name="ianach:crypt-hash"/>
664 <text>The password for this entry.</text>
667 <list name="authorized-key">
668 <key value="name"/>
670 <text>A list of public SSH keys for this user. These keys
671 are allowed for SSH authentication, as described in
672 RFC 4253.</text>
675 <text>RFC 4253: The Secure Shell (SSH) Transport Layer
676 Protocol</text>
678 <leaf name="name">
679 <type name="string"/>
681 <text>An arbitrary name for the SSH key.</text>
684 <leaf name="algorithm">
685 <type name="string"/>
686 <mandatory value="true"/>
688 <text>The public key algorithm name for this SSH key.
690 Valid values are the values in the IANA 'Secure Shell
691 (SSH) Protocol Parameters' registry, Public Key
692 Algorithm Names.</text>
695 <text>IANA 'Secure Shell (SSH) Protocol Parameters'
696 registry, Public Key Algorithm Names</text>
699 <leaf name="key-data">
700 <type name="binary"/>
701 <mandatory value="true"/>
703 <text>The binary public key data for this SSH key, as
704 specified by RFC 4253, Section 6.6, i.e.:
706 string certificate or public key format
708 byte[n] key/certificate data.</text>
711 <text>RFC 4253: The Secure Shell (SSH) Transport Layer
712 Protocol</text>
719 <container name="system-state">
720 <config value="false"/>
722 <text>System group operational state.</text>
724 <container name="platform">
726 <text>Contains vendor-specific information for
727 identifying the system platform and operating system.</text>
730 <text>IEEE Std 1003.1-2008 - sys/utsname.h</text>
732 <leaf name="os-name">
733 <type name="string"/>
735 <text>The name of the operating system in use -
736 for example, 'Linux'.</text>
739 <text>IEEE Std 1003.1-2008 - utsname.sysname</text>
742 <leaf name="os-release">
743 <type name="string"/>
745 <text>The current release level of the operating
746 system in use. This string MAY indicate
747 the OS source code revision.</text>
750 <text>IEEE Std 1003.1-2008 - utsname.release</text>
753 <leaf name="os-version">
754 <type name="string"/>
756 <text>The current version level of the operating
757 system in use. This string MAY indicate
758 the specific OS build date and target variant
759 information.</text>
762 <text>IEEE Std 1003.1-2008 - utsname.version</text>
765 <leaf name="machine">
766 <type name="string"/>
768 <text>A vendor-specific identifier string representing
769 the hardware in use.</text>
772 <text>IEEE Std 1003.1-2008 - utsname.machine</text>
776 <container name="clock">
778 <text>Monitoring of the system date and time properties.</text>
780 <leaf name="current-datetime">
781 <type name="yang:date-and-time"/>
783 <text>The current system date and time.</text>
786 <leaf name="boot-datetime">
787 <type name="yang:date-and-time"/>
789 <text>The system date and time when the system last restarted.</text>
794 <rpc name="set-current-datetime">
795 <nacm:default-deny-all/>
797 <text>Set the /system-state/clock/current-datetime leaf
798 to the specified value.
800 If the system is using NTP (i.e., /system/ntp/enabled
801 is set to 'true'), then this operation will fail with
802 error-tag 'operation-failed' and error-app-tag value of
803 'ntp-active'.</text>
806 <leaf name="current-datetime">
807 <type name="yang:date-and-time"/>
808 <mandatory value="true"/>
810 <text>The current system date and time.</text>
815 <rpc name="system-restart">
816 <nacm:default-deny-all/>
818 <text>Request that the entire system be restarted immediately.
819 A server SHOULD send an rpc reply to the client before
820 restarting the system.</text>
823 <rpc name="system-shutdown">
824 <nacm:default-deny-all/>
826 <text>Request that the entire system be shut down immediately.
827 A server SHOULD send an rpc reply to the client before
828 shutting down the system.</text>
Code Review / demo.git / blob