module netconfd-pro { namespace "http://yumaworks.com/ns/netconfd-pro"; prefix "ndpro"; import yuma-ncx { prefix ncx; } import yuma-types { prefix nt; } import yumaworks-types { prefix ywt; } import yuma-app-common { prefix ncxapp; } import yumaworks-app-common { prefix ywapp; } import ietf-inet-types { prefix inet; } organization "YumaWorks, Inc."; contact "Support ."; description "Configuration Parameters for netconfd; This module is not advertised by the server. It contains only CLI parameters. Copyright (c) 2010 - 2017 YumaWorks, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the BSD 3-Clause License http://opensource.org/licenses/BSD-3-Clause"; revision 2017-11-02 { description "Add max-cli-sessions parameter."; } revision 2017-09-17 { description "Add confdir parameter. Add fallback enum to running-error and startup-error parameters. Add startup-factory-file parameter."; } revision 2017-06-27 { description "Add restconf-default-encoding parameter."; } revision 2017-06-03 { description "Add with-callhome parameter. Add callhome-server parameter. Add callhome-retry-interval parameter. Add callhome-retry-max parameter. Add callhome-sshd-command parameter. Add callhome-sshd-config parameter. Add callhome-subsys-command parameter. Add with-snmp parameter. Deprecate session-sync-mutex. Deprecate session-sync-mutex and with-yang-api. Add fileloc-fhs parameter. Add no-audit-log parameter."; } revision 2017-02-19 { description "Change socket-address from ipv4-address to ip-address to support IPv6 addresses."; } revision 2017-01-23 { description "Add no-nvstore parameter. Add with-yang11-hello parameter. Update 'restconf-strict-headers' leaf description, reference to RFC 8040 now."; } revision 2017-01-17 { description "Add create-empty-npcontainers parameter Make delete-empty-npcontainers parameter obsolete. Add with-config-id parameter"; } revision 2016-11-08 { description "Update --restconf-strict-accept parameter Changed it to restconf-strict-headers and updated the description of the parameter"; } revision 2016-07-03 { description "Add --ha-initial-active parameter."; } revision 2016-06-24 { description "Add --library-mode parameter."; } revision 2016-06-17 { description "Add --with-yp-coap parameter. Add --with-yp-coap-dtls parameter. Add --yp-coap-address parameter. Add --yp-coap-port parameter. Add --yp-coap-dtls-port parameter."; } revision 2016-06-06 { description "Add --netconf-capability parameter. Add --restconf-capability parameter. Deprecate system-sorted parameter."; } revision 2016-04-19 { description "These YP-HA parameters are not implemented in 15.10: Add --ha-enabled parameter. Add --ha-port parameter. Add --ha-server parameter. Add --ha-server-key parameter. Add --ha-sil-standby parameter. Add --server-id parameter. This parameter is implemented in 15.10: Add --with-warnings parameter."; } revision 2016-04-11 { description "Add --annotation parameter."; } revision 2016-01-18 { description "Add --with-yang-api parameter. Add --with-restconf parameter. Add --with-yp-shell parameter. Add --with-netconf parameter. Add --audit-log-console-level parameter. Add --audit-log-level parameter."; } revision 2015-11-02 { description "Add --max-getbulk parameter. Add --restconf-strict-accept parameter. Add --subsys-timeout parameter. Add --autodelete-pdu-error parameter."; } revision 2015-09-26 { description "Add --sil-validate-candidate parameter Add --audit-log-candidate parameter Add --allow-list-delete-all parameter Add --allow-leaflist-delete-all parameter"; } revision 2015-09-14 { description "Add --restconf-server-url parameter."; } revision 2015-06-29 { description "Add --no-watcher parameter. Add --watcher-interval parameter."; } revision 2014-10-16 { description "Add --save-owners parameter."; } revision 2014-07-11 { description "Add --socket-type, --socket-address, and --socket-port parameters."; } revision 2014-03-14 { description "Add --sil-skip-load parameter. Add --log-event-drops parameter. Add --sil-missing-error parameter."; } revision 2013-12-27 { description "Add --allowed-user parameter for added security."; } revision 2013-10-23 { description "Add --bundle parameter for SIL bundle support. Change --startup-error default from continue to stop. Change --max-sessions default from 0 to 8."; } revision 2013-08-13 { description "Add LoggingVendorParms due to grouping split."; } revision 2013-03-27 { description "Add session-sync-mutex and log-pthread-level params."; } revision 2013-03-15 { description "Add MatchParms parameters. Add yangapi-server-url parameter. Add with-notifications parameter."; } revision 2012-11-16 { description "Add message-indent parameter."; } revision 2012-09-29 { description "Add max-sessions CLI parameter. Add system-notifications parameter"; } revision 2012-08-16 { description "Split out from yangcli.yang."; } revision 2012-04-19 { description "Add abstract data struct for REST-API entry point resource."; } revision 2011-12-15 { description "Add --running-error parameter."; } revision 2011-10-08 { description "Add --home parameter."; } revision 2011-08-27 { description "Add --runpath parameter. Add --factory-startup parameter."; } revision 2011-07-20 { description "Add --audit-log and --audit-log-append CLI parameters. Add --system-sorted CLI parameter. Make with-defaults enum local to prevent report-all-tagged from being accepted as a basic mode."; } revision 2011-05-29 { description "Removed superuser YANG default to disable by default, to make sure an admin has to explicitly enable this feature."; } revision 2011-04-24 { description "Added --protocols parameter via uses ProtocolsParm. Not available in yuma v1 branch."; } revision 2011-04-02 { description "Added --delete-np-containers parameter."; } revision 2010-05-13 { description "Added --with-url to enable :url capability."; } revision 2010-01-14 { description "Initial version for 0.9.9 release."; } grouping StartupChoice { choice start { description "select startup config for boot load"; // default is set in the agt_profile leaf no-startup { description "If present, do not load the startup config file. Use the factory default settings but do not overwrite the NV-storage startup unless it is altered. This option does not delete the startup config file if it exists."; type empty; } leaf factory-startup { description "Force the system to use the factory configuration and delete the startup config file if it exists. Force the NV-storage startup to contain the factory default configuration."; type empty; } leaf startup { description "The full or relative filespec of the startup config file to use. If present, overrides the default startup config file name 'startup-cfg.xml', This will also override the YUMAPRO_DATAPATH environment variable and the datapath CLI parameter, if the first character is the forward slash '/', indicating an absolute file path."; type string; } } } grouping WatcherChoice { choice watcher-parm { description "Automatic server state monitoring support. ypwatcher program periodically checks if the server is alive and if not restart the server and write the event into syslog."; leaf no-watcher { description "Control the ypwatcher program. If present, do not launch ypwatcher program. If this parameter is present, then the --watcher-interval parameter cannot be present."; type empty; } leaf watcher-interval { description "Specifies the sleep interval between ypwatcher program attempts to check availability of the server. Provided value is in seconds. The server does not accept the value of 0 for this parameter. The minimal acceptable value is 1 second. The default value is 10."; type uint32; default 10; } } } container netconfd-pro { ncx:cli; description "Server CLI for the NETCONF protocol. Usage: netconfd-pro [parameters]"; uses ncxapp:NcxAppCommon; uses ncxapp:NewConfigParm; uses ncxapp:CommonFeatureParms; uses ncxapp:HomeParm; uses ywapp:LoggingCommonParms; uses ywapp:LoggingVendorParms; uses ywapp:MessageIndentParm; uses ywapp:YumaproHomeParm; uses ncxapp:SubdirsParm; uses ncxapp:ProtocolsParm; uses ncxapp:RunpathParm; uses ywapp:MatchParms { refine match-names { default exact; } refine alt-names { default true; } refine wildcard-keys { default false; } } leaf access-control { description "Controls how access control is initially enforced by the server."; type ywt:access-control-mode; default enforcing; } leaf allow-list-delete-all { description "If true, then the delete-all operation is enabled for deleting instances of list objects."; type boolean; default false; } leaf allow-leaflist-delete-all { description "If true, then the delete-all operation is enabled for deleting instances of leaf-list objects."; type boolean; default false; } leaf-list allowed-user { description "Name of a user that is allowed to have access to the server via network management sessions. If any configured then the user name must be in this list, unless the user is the superuser account."; type nt:NcxName; } choice audit-log-choice { leaf audit-log { description "Filespec for the server audit log file to use in addition to the normal log file or STDOUT."; type string; } leaf no-audit-log { description "Flag indicating that no audit log at all will be created. This is only relevant if --fileloc-fhs is 'true'."; type empty; } } leaf audit-log-append { description "If present, the audit log will be appended not over-written. If not, the audit log will be over-written. Only meaningful if the 'audit-log' parameter is also present."; type empty; } leaf audit-log-candidate { description "If true, then transactions to the candidate datastore will be recorded in the audit log. If false, then transactions to the candidate datastore will not be recorded in the audit log."; type boolean; default true; } leaf audit-log-console-level { description "Sets the minimum logging level needed to log datastore audit records to the server console log. This does not affect output to the audit log."; type nt:NcDebugType; default debug; } leaf audit-log-level { description "Sets the minimum logging level needed to log datastore audit records to the audit log. This does not affect debug logging to the server console log."; type nt:NcDebugType; default info; } leaf autodelete-pdu-error { description "If true, then configuration nodes provided in the edit payload (e.g., element) that are conditional on 'when' statements must evaluate to true or else an operation-failed error will be returned. If false, then such 'false when' will be silently removed from the target datastore."; type boolean; default true; } leaf-list bundle { description "Specifies the name of a SIL bundle to load into system at boot-time."; type nt:NcxName; } leaf callhome-retry-interval { description "Specifies the number of seconds to wait after a connect attempt to the callhome server has failed before attempting another connect attempt to that server."; units "seconds"; type uint16 { range "1 .. max"; } default 60; } leaf callhome-retry-max { description "Specifies the number of retry attempts the server should attempt to the callhome server before giving up. The value 0 indicates the server should never give up."; type uint16; default 10; } leaf-list callhome-server { description "Specifies a callhome/SSH server that this server should attempt to initiate a callhome connection at boot-time. This string has the format: '@' [ ':' ] server1@192.168.0.101 server1@192.168.0.101:12040 The server-id parameter is used for logging purposes. This parameter is ignored if the --with-callhome parameter is set to 'false'. "; type string; } leaf callhome-sshd-command { description "Specifies the command string used to invoke the SSH server when a callhome session is initiated."; type string; default "/usr/sbin/sshd"; } leaf callhome-sshd-config { description "Specifies the SSH server configuration file to use when invoking the SSH server when a callhome session is initiated. The default config file to use is a dynamic string using the pattern ch_sshd_config.. It is located in the $HOME/.yumapro directory."; type string; } leaf callhome-subsys-command { description "Specifies the netconf subsystem to use in the default ch_sshd_config files to specify the NETCONF subsystem for the incoming NETCONF session expected on the callhome session."; type string; default "/usr/sbin/netconf-subsystem-pro"; } leaf confdir { description "Specifies the CLI parameter configuration directory to use for extra configuration files. The server will check this directory for files that end with the suffix '.conf' and process them similar to the main configuration file. Other files will be ignored. Files will be processed in alphabetical order. The server will keep the first value set if a CLI leaf parameter is set multiple times. The CLI parameters are set in the following order: 1) netconfd-pro command line 2) --config file or /etc/yumapro/netconfd-pro.conf 3) --confdir files or /etc/yumapro/netconfd-pro.d/ If the --no-config parameter is present in step (1) then steps (2) and (3) will be skipped, and this parameter will be ignored. If this parameter is encountered in step (3) it will be ignored. Extra configuration files in step (3) have the exact same syntax as the configuration file used in step (2). Example extra config file testmods.conf: netconfd-pro { module acme-test1 module acme-test2 log-level debug2 message-indent 1 idle-timeout 0 } "; type string; default "/etc/yumapro/netconfd-pro.d"; } leaf create-empty-npcontainers { description "An empty non-presence container has no meaning in NETCONF/YANG so it may be created by the server. In particular, the presence of the container node with no child nodes is semantically equivalent to the absence of the container node. This is the default style. If this parameter is set to false, then the server will not create empty NP containers."; type boolean; default true; } leaf default-style { description "Selects the type of filtering behavior the server will advertise as the 'basic' behavior in the 'with-defaults' capability. The server will use this default handling behavior if the 'with-defaults' parameter is not explicitly set. Also, when saving a configuration to NV-storage, this value will be used for filtering defaults from the saved configuration. See wd:with-defaults leaf for enumeration details."; type enumeration { enum report-all; enum trim; enum explicit; } default explicit; } leaf delete-empty-npcontainers { description "An empty non-presence container has no meaning in NETCONF/YANG so it may be deleted by the server. This takes non-trivial processing time for large databases, but uses less memory. Disabling this parameter will result in a larger database in both memory and NV-save."; type boolean; default false; status obsolete; } leaf eventlog-size { description "Specifies the maximum number of notification events that will be saved in the notification replay buffer. The oldest entries will be deleted first."; type uint32; default 1000; } leaf fileloc-fhs { description "If true, then the server should use Filesystem Hierarchy Standard (FHS) directory locations to create and store server data. May need to run as root. The FHS server log file will be created by default unless the 'log' parameter is used, then that location will be used instead. The FHS audit log file will be created by default unless the 'audit-log' parameter is used, then that location will be used instead. If the 'no-audit-log' parameter is present then no audit log will be created. File Type Example ---------------------------------------------------- server log: /var/log/netconfd-pro/server.log audit log: /var/log/netconfd-pro/audit.log config file: /var/lib/netconfd-pro/startup-cfg.xml TXID file: /var/lib/netconfd-pro/startup-cfg-txid.txt backups: /var/lib/netconfd-pro/backups/backup1.xml PID file: /var/run/netconfd-pro/netconfd-pro.pid AF socket: /var/run/netconfd-pro/ncxserver.sock If false then the server will use $HOME/.yumapro and other file locations to store server data. File Type Example ---------------------------------------------------- server log: STDOUT; no server log created by default audit log: STDOUT; no audit log created by default config file: $HOME/.yumapro/startup-cfg.xml TXID file: $HOME/.yumapro/startup-cfg-txid.txt backups: $HOME/.yumapro/backups/backup1.xml PID file: $HOME/.yumapro/netconfd-pro.pid AF socket: /tmp/ncxserver.sock "; type boolean; default false; } leaf ha-enabled { description "Specifies whether the YP-HA protocol should be enabled, allowing High Availability Datastore Replication mode to be supported. If this parameter is enabled then the following parameters must be configured or the server will exit with an error: - ha-server - ha-server-key - server-id - socket-type=tcp - socket-address - socket-port "; type boolean; default false; } leaf ha-initial-active { description "Specifies the server name for the initial YP-HA active server. This is ignored unless ha-enabled=true. There is no default. This parameter is used to hardwire the initial High Availability roles instead of setting it in the yp-system init1 or init2 callback functions. If this parameter is the same as 'server-id' then this server will be the initial YP-HA active server. This parameter is intended for debug mode only. The real operational mode should use signaling only to set the HA mode. Otherwise if the server reboots it will use the configured HA mode, which may not be correct if it has been changed during runtime."; type nt:NcxName; } leaf ha-port { description "Specifies the default port to use for YP-HA protocol messages. Unless otherwise specified, this port number will be used by a standby server atempting to connect to the active server. (This parameter is not used yet)."; type inet:port-number; default 8088; } leaf-list ha-server { description "Specifies a server in the YP-HA server pool. This string has the format: '@' [ ':' ] server1@192.168.0.101 server1@192.168.0.101:12040 The server running with this configuration must be listed in the ha-server pool. The server-id parameter must match the entry for this server. There must be at least 2 entries present to configure an HA server pool. This must be done if ha-enabled parameter is set to 'true'. "; type string; } leaf-list ha-server-key { description "Specifies the string the standby server must present to the active server during registration. Used to prevent servers from going the wrong HA pool. If not set then the active server will reject the YP-HA connection. This parameter must be set if the ha-enabled parameter is set to 'true'."; type string; } leaf ha-sil-standby { description "Specifies whether the edit callbacks such as SIL, SIL-SA and HOOK instrumentation will be invoked if the server is operating in HA standby mode"; type boolean; default false; } leaf hello-timeout { description "Specifies the number of seconds that a session may exist before the hello PDU is received. A session will be dropped if no hello PDU is received before this number of seconds elapses. If this parameter is set to zero, then the server will wait forever for a hello message, and not drop any sessions stuck in 'hello-wait' state. Setting this parameter to zero may permit denial of service attacks, since only a limited number of concurrent sessions are supported by the server."; type uint32 { range "0 | 10 .. 3600"; } units seconds; default 600; // 10 minutes } leaf idle-timeout { description "Specifies the number of seconds that a session may remain idle without issuing any RPC requests. A session will be dropped if it is idle for an interval longer than this number of seconds. Sessions that have a notification subscription active are never dropped. If this parameter is set to zero, then the server will never drop a session because it is idle."; type uint32 { range "0 | 10 .. 360000"; } units seconds; default 3600; // 1 hour } leaf library-mode { description "If true, then the server will operate in YANG module library mode. It will find all the YANG modules and make them available for operations. The following NETCONF operations are available when the server is operating in library mode: ietf-netconf:get ietf-netconf:get-config ietf-netconf-monitoring:get-schema yuma-system:restart yuma-system:shutdown "; type boolean; default false; } leaf max-burst { description "Specifies the maximum number of notifications that should be sent to one session, within a one second time interval. The value 0 indicates that the server should not limit notification bursts at all."; type uint32; default 10; } leaf max-getbulk { description "Specifies the maximum number of getbulk entries to request from a GET2 callback. This value will be used in the get2cb 'max_entries' field. The value 0 is used to indicate there is no max and the GET2 callback can return as many getbulk entries as desired. This is the default for leaf-list GET2 callbacks"; type uint32; default 10; } leaf max-sessions { description "Specifies the maximum number of concurrent sessions that can be active at one time. The value 0 indicates that no artificial session limit should be used."; type uint16 { range "0 .. 1024"; } default 8; } leaf max-cli-sessions { description "Specifies the maximum number of concurrent CLI sessions that can be active at one time. The value 0 indicates that no artificial session limit should be used. The max-sessions parameter has precedence, so setting this parameter higher than 'max-sessions' will have no effect."; type uint16 { range "0 .. 1024"; } default 0; } leaf-list netconf-capability { description "Specifies a URI value that should be added to the server NETCONF message as a NETCONF URI and monitoring data in the /netconf-state/capabilities container."; type inet:uri; } leaf no-nvstore { description "Specifies that the server should not load or save using the normal APIs during transaction management. The 'start' choice will be ignored (e.g., --no-startup)) and the server will not attempt to load a startup-cfg.xml file. Transactions will not be saved to NV-storage at all. Any external NV-storage callbacks will be ignored. Use this mode if NV-load and NV-storage are handled internally and not via the startup-cfg.xml file. This parameter is only enabled if it is present."; type empty; } leaf-list port { max-elements 4; description "Specifies the TCP ports that the server will accept connections from. These ports must also be configured in the /etc/ssh/sshd_config file for the SSH master server to accept the connection and invoke the netconf subsystem. Up to 4 port numbers can be configured. If any ports are configured, then only those values will be accepted by the server. If no ports are configured, then the server will accept connections on the netconf-ssh port (tcp/830)."; type inet:port-number; } uses ncxapp:ModuleParm; uses ncxapp:DeviationParm; uses ywapp:AnnotationParm; uses ncxapp:DatapathParm; leaf-list restconf-capability { description "Specifies a URI value that should be added to the server as monitoring data in the /restconf-state/capabilities container."; type inet:uri; } leaf restconf-default-encoding { description "Specifies the default response encoding to use if the incoming request does not have an indication of preferred content type (e.g., no Content-Type header, no Accept header). "; type enumeration { enum json { description "Use JSON message encoding as the default."; } enum xml { description "Use XML message encoding as the default."; } } default json; } leaf restconf-strict-headers { description "If set to 'true' the server will only accept requests with normative Accept and Content-Type headers entries specified in the RFC 8040 The Accept header must not be empty; otherwise 'not accepteble' error will be returned. Normative Accept header: application/yang-data+xml,application/yang-data+json;q=0.9 Normative Content-Type header: application/yang-data+xml application/yang-patch+json If set to 'false', the server will try to accept not normative header entries. Acceptable not normative Accept header: application/xml,application/json;q=0.9 Acceptable not normative Content-Type headers: application/xml application/json text/xml "; type boolean; default false; } leaf running-error { description "Controls the server behavior if any errors are encountered while validating the running database during the initial load of the running configuration at boot-time."; type enumeration { enum stop { description "Terminate the program if any errors are encountered in the running configuration."; } enum continue { description "Continue the program if any errors are encountered in the running configuration. Altering the running configuration will fail until the commit validation tests succeed."; } enum fallback { description "Fallback to the factory configuration if errors are encountered in the running configuration at boot time. The server will restart as if the --factory-startup configuration parameter was used."; } } default stop; } leaf save-owners { type boolean; default false; description "Indicates if owner names should be saved for data in the running configuration, and startup configuration if supported."; } leaf sil-missing-error { description "If 'true' then when a module is loaded, but the SIL library code for the module is not found, an error will be returned instead of a warning printed. If 'false' then when a module is loaded, but the SIL library code for the module is not found, no error will be returned. Instead, only a warning will be printed."; type boolean; default false; } leaf sil-skip-load { description "If present, the server will not invoke the SIL callbacks during initial system initialization when the startup configuration file is loaded into the running datastore."; type empty; } leaf sil-validate-candidate { description "If true, the server will invoke the VALIDATE phase for SIL and SIL-SA callbacks when each edit is made to the candidate datastore. If false, the server will not invoke the VALIDATE phase for SIL and SIL-SA callbacks when each edit is made to the candidate datastore. Transaction performance will be improved if the extra VALIDATE phase callbacks are skipped. Acceptence of an individual edit to the candidate does not mean the SIL or SIL-SA will accept that edit when combined with all edits (during the commit operation). In either case the server will invoke the VALIDATE phase callbacks when an attempt to commit the candidate datastore is done or when a operation is done on the candidate datastore."; type boolean; default true; } leaf simple-json-names { description "If true, the server will NOT output name of the module in which the data node is defined. If false, a namespace-qualified member name will be used for all members of a top-level JSON object and then also whenever the namespaces of the data node and its parent node are different."; type boolean; default false; } leaf socket-address { description "Specifies the IPv4 address to listen on when the socket-type parameter is set to 'tcp'. Ignored if the socket-type is 'aflocal'. Note that this parameter specifies the IP address for internal protocol messages. The server will accept NETCONF sessions over SSH, as specified in the OpenSSH config file."; // changed type from ipv4-address to ip-address type inet:ip-address; default "0.0.0.0"; } leaf socket-port { description "Specifies the TCP port number to listen on when the socket-type parameter is set to 'tcp'. Ignored if the socket-type is 'aflocal'. Note that this parameter specifies the port number for internal protocol messages. The server will accept NETCONF sessions over SSH, specified with the 'port' parameter (e.g. 830)."; type inet:port-number; default 2023; } leaf socket-type { description "Specifies which type of socket the server should create for incoming protocol sessions. Note that this parameter specifies the socket type for internal protocol messages. The server will use TCP connections for NETCONF sessions over SSH."; type enumeration { enum aflocal { description "An AF_LOCAL socket will be used for incoming sessions."; } enum tcp { description "An AF_INET socket will be used for incoming sessions."; } } default aflocal; } uses StartupChoice; leaf startup-error { description "Controls the server behavior if any errors are encountered while loading the startup configuration file into the running configuration at boot-time. It is possible for the startup configuration to contain errors within optional nodes. If this parameter is set to 'continue', then the validation tests on the running config (controlled by running-error) should not fail due to missing optional nodes."; type enumeration { enum stop { description "Terminate the program if any errors are encountered in the startup configuration."; } enum continue { description "Continue the program if any errors are encountered in the startup configuration. The entire module-specific data structure(s) containing the error node(s) will not be added to the running configuration at boot-time."; } enum fallback { description "Fallback to the factory configuration if errors are encountered in the startup configuration. The server will restart as if the --factory-startup configuration parameter was used."; } } default stop; } leaf startup-factory-file { description "The full or relative filespec of the factory startup config file to use. If the --factory-startup parameter is used, or no startup file is specified or found, then the server will look for this filespec. If found, then it will copied to the startup config file used to load the server. If the value represents a relative filespec then the server will check the server data file search path for the first matching filespec. If this parameter is set and the filespec is not found then the server will exit with an error. If the default filespec is not found then an empty datastore will be used to load the running configuration datastore at boot-time."; type string; default "factory-startup-cfg.xml"; } leaf subsys-timeout { description "The number of seconds to wait for a response from a sub-system before declaring a timeout. The value '0' indicates that no timeout should be used."; type uint16; units seconds; default 30; } leaf superuser { description "The user name to use as the superuser account. Any session associated with this user name will bypass all access control enforcement. See yuma-nacm.yang for more details. To disable the superuser account completely, set this parameter to the empty string or do not set it at all. The default mode is to disable superuser access."; type union { type nt:NcxName; type string { length 0; } } } leaf system-notifications { description "Indicates which YANG module(s) should be used for system notifications."; type bits { bit ietf { description "Use ietf-netconf-notifications module."; reference "RFC 6470"; } bit yuma { description "Use yuma-system module."; } } default "ietf"; } leaf system-sorted { description "Indicates whether ordered-by system leaf-lists and lists will be kept in sorted order. NOTE: This parameter is ignored. The server does not sort any list or leaf-list objects because YANG only requires that ordered-by user instances maintain the user-provided order."; type boolean; default false; // CHANGED DEFAULT!! status deprecated; } leaf target { description "The database to use as the target of edit-config operations."; type enumeration { enum running { description "Write to the running config and support the :writable-running capability."; } enum candidate { description "Write to the candidate config and support the :candidate and :confirmed-commit capabilities."; } } // default is set in the agt_profile default candidate; } leaf log-event-drops { description "Indicates if a log entry would be generated when a notification is dropped because the specific notification events are disabled with an event-filter configuration entry."; type boolean; default false; } leaf log-pthread-level { description "Sets the pthread debug logging level filter for the program."; type nt:NcDebugType; } leaf session-sync-mutex { description "If present, force synchronous request processing (pthread version only). Ignored by the server"; type empty; status deprecated; } leaf server-id { description "Server Identifier string to use for this server. Used in YControl and SIL-SA messages to identifier the server to all subsystems. Used in YP-HA to identify this server in the YP-HSA server pool"; type nt:NcxName; default "server1"; } leaf usexmlorder { description "If present, then XML element order will be enforced. Otherwise, XML element order errors will not be generated if possible. Default is no enforcement of strict XML order."; type empty; } uses WatcherChoice; leaf with-notifications { description "If set to 'true', then the :notification:1.0 and :interleave:1.0 capabilities will be enabled. Otherwise, these capabilities will not be enabled."; type boolean; default true; } leaf with-callhome { description "This feature is only available if the server image is built with the flags WITH_CALLHOME=1. If set to 'true', then the IETF Callhome for SSH feature will be enabled. If set to 'false', then this feature will be disabled and the following CLI parameters will be ignored: - callhome-retry-max - callhome-retry-interval - callhome-server "; type boolean; default false; } leaf with-config-id { description "If set to 'true', then the YumaWorks :config-id capability will be enabled. This is used to help cache device configurations. It is an enterprise capability URI, not a standard YANG module URI. If set to 'false', then the YumaWorks :config-id capability will be disabled."; type boolean; default true; } uses ywapp:OcPatternParm; leaf with-startup { description "If set to 'true', then the :startup capability will be enabled. Otherwise, the :startup capability will not be enabled. This capability makes the NV-save operation an explicit operation instead of an automatic save."; type boolean; default false; } leaf with-url { description "If set to 'true', then the :url capability will be enabled. Otherwise, the :url capability will not be enabled. This capability requires a file system and may introduce security risks because internal files such as startup-cfg.xml and backup-cfg.xml will be exposed."; type boolean; default true; } leaf with-validate { description "If set to 'true', then the :validate capability will be enabled. Otherwise, the :validate capability will not be enabled. This capability requires extensive memory resources."; type boolean; default true; } leaf with-netconf { description "If set to 'true', then the NETCONF protocol will be enabled. Otherwise, the NETCONF protocol will not be enabled. The incoming connection will be droped if the protocol is disabled."; type boolean; default true; } leaf with-restconf { description "If set to 'true', then the RESTCONF protocol will be enabled. Otherwise, the RESTCONF protocol will not be enabled. The incoming connection will be droped if the protocol is disabled."; type boolean; default true; } leaf with-snmp { description "If set to 'true', then the SNMP protocol will be enabled. Otherwise, the SNMP protocol will not be enabled. Incoming SNMP requests will be dropped if the protocol is disabled."; type boolean; default false; } leaf with-warnings { description "If set to 'true', then the agt_record_warning function will be enabled, allowing the error-severity field to be incorrectly set to 'warning'. This violates the NETCONF standard and client software may reject the data as invalid if this is used. If flase then error-severity will not be set to warning even if agt_record_warning is used."; type boolean; default false; } leaf with-yang-api { description "If set to 'true', then the YANG-API protocol will be enabled. Otherwise, the YANG-API protocol will not be enabled. The incoming connection will be droped if the protocol is disabled."; type boolean; // default true; !! NOW DEPRECATED !! default false; status deprecated; } leaf with-yang11-hello { description "Control whether the NETCONF hello message should conform to the standard and leave out YANG 1.1 modules. If set to 'true', then leave out YANG 1.1 modules from used in . Also keep out of monitoring list. If 'false' then ignore the standard and advertise YANG 1.1 module capabilities"; type boolean; default false; } leaf with-yp-coap { description "If set to 'true', then the YP-CoAP protocol will be enabled. Otherwise, the YP-CoAP protocol will not be enabled. This protocol is NOT SECURE. It SHOULD NOT be used unless privacy is provided by some other means."; type boolean; default false; } // not implemented yet!!! leaf with-yp-coap-dtls { description "If set to 'true', then the YP-CoAP over DTLS protocol will be enabled. Otherwise, the YP-CoAP over DTLS protocol will not be enabled. This protocol is secure. It SHOULD be used instead of YP-CoAP without DTLS."; type boolean; default false; } leaf with-yp-shell { description "If set to 'true', then the YP-SHELL protocol will be enabled. Otherwise, the YP-SHELL protocol will not be enabled. The incoming connection will be droped if the protocol is disabled."; type boolean; default true; } leaf yangapi-server-url { description "The starting string for the server URL to use in Location header lines returned by YANG-API."; type inet:uri; default "http://localhost"; } leaf yp-coap-address { description "The IP address that the YP-CoAP protocol will use to listen for incoming requests. This will also be used as the source address in YP-CoAP packets sent by the server."; type inet:ip-address; default "0.0.0.0"; } leaf yp-coap-port { description "The UDP port number that the YP-CoAP protocol will use to listen for incoming requests. This will also be used as the source port number in YP-CoAP packets sent by the server."; type inet:port-number; default "5683"; } // not implemented yet!!! leaf yp-coap-dtls-port { description "The UDP port number that the YP-CoAP protocol will use to listen for incoming requests for CoAP over DTLS. This will also be used as the source port number in YP-CoAP packets sent by the server."; type inet:port-number; default "5684"; } leaf restconf-server-url { description "The starting string for the server URL to use in Location header lines returned by RESTCONF."; type inet:uri; default "http://localhost"; } } }