module netconfd { namespace "http://netconfcentral.org/ns/netconfd"; prefix "nd"; import yuma-ncx { prefix ncx; } import yuma-types { prefix nt; } import yuma-app-common { prefix ncxapp; } import ietf-inet-types { prefix inet; } organization "Netconf Central"; contact "Andy Bierman ."; description "Configuration Parameters for netconfd; This module is not advertised by the server. It contains only CLI parameters."; revision 2011-10-08 { description "Add --home parameter."; } revision 2011-08-27 { description "Add --runpath parameter. Add --factory-startup parameter."; } revision 2011-07-20 { description "Add --audit-log and --audit-log-append CLI parameters. Add --system-sorted CLI parameter. Make with-defaults enum local to prevent report-all-tagged from being accepted as a basic mode."; } revision 2011-05-29 { description "Removed superuser YANG default to disable by default, to make sure an admin has to explicitly enable this feature."; } revision 2011-04-24 { description "Added --protocols parameter via uses ProtocolsParm. Not available in yuma v1 branch."; } revision 2011-04-02 { description "Added --delete-np-containers parameter."; } revision 2010-05-13 { description "Added --with-url to enable :url capability."; } revision 2010-01-14 { description "Initial version for 0.9.9 release."; } grouping StartupChoice { choice start { description "select startup config for boot load"; // default is set in the agt_profile leaf no-startup { description "If present, do not load the startup config file. Use the factory default settings but do not overwrite the NV-storage startup unless it is altered. This option does not delete the startup config file if it exists."; type empty; } leaf factory-startup { description "Force the system to use the factory configuration and delete the startup config file if it exists. Force the NV-storage startup to contain the factory default configuration."; type empty; } leaf startup { description "The full or relative filespec of the startup config file to use. If present, overrides the default startup config file name 'startup-cfg.xml', This will also override the YUMA_DATAPATH environment variable and the datapath CLI parameter, if the first character is the forward slash '/', indicating an absolute file path."; type string; } } } container netconfd { ncx:cli; description "Server CLI for the NETCONF protocol. Usage: netconfd [parameters]"; uses ncxapp:NcxAppCommon; uses ncxapp:CommonFeatureParms; uses ncxapp:HomeParm; uses ncxapp:SubdirsParm; uses ncxapp:ProtocolsParm; uses ncxapp:RunpathParm; leaf access-control { description "Controls how access control is enforced by the server."; type enumeration { enum enforcing { description "All configured access control rules will be enforced."; } enum permissive { description "All configured access control rules will be enforced for write and execute requests. All read requests will be allowed, unless the requested object contains the 'nacm:very-secure' extension. In that case, all configured access control rules will be enforced."; } enum disabled { description "All read, write, and execute requests will be allowed, unless the object contains the 'nacm:secure' or 'nacm:very-secure' extension. If the 'nacm:secure' extension is in effect, then all configured access control rules will be enforced for write and execute requests. If the 'nacm:very-secure' extension is in effect, then all configured access control rules will be enforced for all requests. Use this mode with caution."; } enum off { description "All access control enforcement is disabled. Use this mode with extreme caution."; } } default enforcing; } leaf audit-log { description "Filespec for the server audit log file to use in addition to the normal log file or STDOUT."; type string; } leaf audit-log-append { description "If present, the audit log will be appended not over-written. If not, the audit log will be over-written. Only meaningful if the 'audit-log' parameter is also present."; type empty; } leaf default-style { description "Selects the type of filtering behavior the server will advertise as the 'basic' behavior in the 'with-defaults' capability. The server will use this default handling behavior if the 'with-defaults' parameter is not explicitly set. Also, when saving a configuration to NV-storage, this value will be used for filtering defaults from the saved configuration. See wd:with-defaults leaf for enumeration details."; type enumeration { enum report-all; enum trim; enum explicit; } default explicit; } leaf delete-empty-npcontainers { description "An empty non-presence container has no meaning in NETCONF/YANG so it may be deleted by the server. This takes non-trivial processing time for large databases, but uses less memory. Disabling this parameter will result in a larger database in both memory and NV-save."; type boolean; default false; } leaf eventlog-size { description "Specifies the maximum number of notification events that will be saved in the notification replay buffer. The oldest entries will be deleted first."; type uint32; default 1000; } leaf hello-timeout { description "Specifies the number of seconds that a session may exist before the hello PDU is received. A session will be dropped if no hello PDU is received before this number of seconds elapses. If this parameter is set to zero, then the server will wait forever for a hello message, and not drop any sessions stuck in 'hello-wait' state. Setting this parameter to zero may permit denial of service attacks, since only a limited number of concurrent sessions are supported by the server."; type uint32 { range "0 | 10 .. 3600"; } units seconds; default 600; // 10 minutes } leaf idle-timeout { description "Specifies the number of seconds that a session may remain idle without issuing any RPC requests. A session will be dropped if it is idle for an interval longer than this number of seconds. Sessions that have a notification subscription active are never dropped. If this parameter is set to zero, then the server will never drop a session because it is idle."; type uint32 { range "0 | 10 .. 360000"; } units seconds; default 3600; // 1 hour } leaf max-burst { description "Specifies the maximum number of notifications that should be sent to one session, within a one second time interval. The value 0 indicates that the server should not limit notification bursts at all."; type uint32; default 10; } leaf-list port { max-elements 4; description "Specifies the TCP ports that the server will accept connections from. These ports must also be configured in the /etc/ssh/sshd_config file for the SSH master server to accept the connection and invoke the netconf subsystem. Up to 4 port numbers can be configured. If any ports are configured, then only those values will be accepted by the server. If no ports are configured, then the server will accept connections on the netconf-ssh port (tcp/830)."; type inet:port-number; } uses ncxapp:ModuleParm; uses ncxapp:DeviationParm; uses ncxapp:DatapathParm; uses StartupChoice; leaf startup-error { description "Controls the server behavior if any errors are encountered while loading the startup configuration file into the running configuration at boot-time."; type enumeration { enum stop { description "Terminate the program if any errors are encountered in the startup configuration."; } enum continue { description "Continue the program if any errors are encountered in the startup configuration. The entire module-specific data structure(s) containing the error node(s) will not be added to the running configuration at boot-time."; } } default continue; } leaf superuser { description "The user name to use as the superuser account. Any session associated with this user name will bypass all access control enforcement. See yuma-nacm.yang for more details. To disable the superuser account completely, set this parameter to the empty string or do not set it at all. The default mode is to disable superuser access."; type union { type nt:NcxName; type string { length 0; } } } leaf system-sorted { description "Indicates whether ordered-by system leaf-lists and lists will be kept in sorted order."; type boolean; default true; } leaf target { description "The database to use as the target of edit-config operations."; type enumeration { enum running { description "Write to the running config and support the :writable-running capability."; } enum candidate { description "Write to the candidate config and support the :candidate and :confirmed-commit capabilities."; } } // default is set in the agt_profile default candidate; } leaf usexmlorder { description "If present, then XML element order will be enforced. Otherwise, XML element order errors will not be generated if possible. Default is no enforcement of strict XML order."; type empty; } leaf with-startup { description "If set to 'true', then the :startup capability will be enabled. Otherwise, the :startup capability will not be enabled. This capability makes the NV-save operation an explicit operation instead of an automatic save."; type boolean; default false; } leaf with-url { description "If set to 'true', then the :url capability will be enabled. Otherwise, the :url capability will not be enabled. This capability requires a file system and may introduce security risks because internal files such as startup-cfg.xml and backup-cfg.xml will be exposed."; type boolean; default true; } leaf with-validate { description "If set to 'true', then the :validate capability will be enabled. Otherwise, the :validate capability will not be enabled. This capability requires extensive memory resources."; type boolean; default true; } } }