/usr/share/yuma/modules/yuma123/netconfd.yang is in libyuma-base 2.10-1build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 | module netconfd {
namespace "http://yuma123.org/ns/netconfd";
prefix "nd";
import yuma-ncx { prefix ncx; }
import yuma-types { prefix nt; }
import yuma-app-common { prefix ncxapp; }
import ietf-inet-types { prefix inet; }
organization "yuma123";
contact "Vladimir Vassilev <vladimir@transpacket.com>.";
description
"Configuration Parameters for netconfd;
This module is not advertised by the server.
It contains only CLI parameters.";
revision 2017-07-25 {
description
"Changed --startup-error default value to 'stop'.
Changed responsible contact from Netconf central to yuma123";
}
revision 2012-10-05 {
description
"Add uses for YumaHomeParm";
}
revision 2011-12-15 {
description
"Add --running-error parameter.";
}
revision 2011-10-08 {
description
"Add --home parameter.";
}
revision 2011-08-27 {
description
"Add --runpath parameter.
Add --factory-startup parameter.";
}
revision 2011-07-20 {
description
"Add --audit-log and --audit-log-append CLI parameters.
Add --system-sorted CLI parameter.
Make with-defaults enum local to prevent report-all-tagged
from being accepted as a basic mode.";
}
revision 2011-05-29 {
description
"Removed superuser YANG default to disable by default,
to make sure an admin has to explicitly enable
this feature.";
}
revision 2011-04-24 {
description
"Added --protocols parameter via uses ProtocolsParm.
Not available in yuma v1 branch.";
}
revision 2011-04-02 {
description
"Added --delete-np-containers parameter.";
}
revision 2010-05-13 {
description
"Added --with-url to enable :url capability.";
}
revision 2010-01-14 {
description
"Initial version for 0.9.9 release.";
}
grouping StartupChoice {
choice start {
description "select startup config for boot load";
// default is set in the agt_profile
leaf no-startup {
description
"If present, do not load the startup config file.
Use the factory default settings but do not
overwrite the NV-storage startup unless it
is altered. This option does not delete the startup
config file if it exists.";
type empty;
}
leaf factory-startup {
description
"Force the system to use the factory configuration
and delete the startup config file if it exists.
Force the NV-storage startup to
contain the factory default configuration.";
type empty;
}
leaf startup {
description
"The full or relative filespec of the startup config
file to use.
If present, overrides the default startup config
file name 'startup-cfg.xml', This will also
override the YUMA_DATAPATH environment variable
and the datapath CLI parameter, if the first
character is the forward slash '/', indicating
an absolute file path.";
type string;
}
}
}
container netconfd {
ncx:cli;
description
"Server CLI for the NETCONF protocol.
Usage:
netconfd [parameters]";
uses ncxapp:NcxAppCommon;
uses ncxapp:ConfigParm;
uses ncxapp:YumaHomeParm;
uses ncxapp:CommonFeatureParms;
uses ncxapp:HomeParm;
uses ncxapp:SubdirsParm;
uses ncxapp:ProtocolsParm;
uses ncxapp:RunpathParm;
leaf access-control {
description
"Controls how access control is initially enforced by the
server.";
type enumeration {
enum enforcing {
description
"All configured access control rules will be
enforced.";
}
enum permissive {
description
"All configured access control rules will be
enforced for write and execute requests.
All read requests will be allowed, unless
the requested object contains the
'nacm:very-secure' extension. In that case,
all configured access control rules will
be enforced.";
}
enum disabled {
description
"All read, write, and execute requests will be
allowed, unless the object contains the
'nacm:secure' or 'nacm:very-secure' extension.
If the 'nacm:secure' extension is in effect,
then all configured access control rules
will be enforced for write and execute requests.
If the 'nacm:very-secure' extension is in effect,
then all configured access control rules
will be enforced for all requests.
Use this mode with caution.";
}
enum off {
description
"All access control enforcement is disabled.
Use this mode with extreme caution.";
}
}
default enforcing;
}
leaf audit-log {
description
"Filespec for the server audit log file to use in addition
to the normal log file or STDOUT.";
type string;
}
leaf audit-log-append {
description
"If present, the audit log will be appended not over-written.
If not, the audit log will be over-written.
Only meaningful if the 'audit-log' parameter is
also present.";
type empty;
}
leaf default-style {
description
"Selects the type of filtering behavior the server will
advertise as the 'basic' behavior in the 'with-defaults'
capability. The server will use this default handling
behavior if the 'with-defaults' parameter is not
explicitly set.
Also, when saving a configuration to NV-storage,
this value will be used for filtering defaults
from the saved configuration.
See wd:with-defaults leaf for enumeration details.";
type enumeration {
enum report-all;
enum trim;
enum explicit;
}
default explicit;
}
leaf delete-empty-npcontainers {
description
"An empty non-presence container has no meaning
in NETCONF/YANG so it may be deleted by the server.
This takes non-trivial processing time for large
databases, but uses less memory.
Disabling this parameter will result in a larger
database in both memory and NV-save.";
type boolean;
default false;
}
leaf eventlog-size {
description
"Specifies the maximum number of notification events
that will be saved in the notification replay buffer.
The oldest entries will be deleted first.";
type uint32;
default 1000;
}
leaf hello-timeout {
description
"Specifies the number of seconds that a session
may exist before the hello PDU is received.
A session will be dropped if no hello PDU
is received before this number of seconds elapses.
If this parameter is set to zero, then the server
will wait forever for a hello message, and not
drop any sessions stuck in 'hello-wait' state.
Setting this parameter to zero may permit
denial of service attacks, since only a limited
number of concurrent sessions are supported
by the server.";
type uint32 {
range "0 | 10 .. 3600";
}
units seconds;
default 600; // 10 minutes
}
leaf idle-timeout {
description
"Specifies the number of seconds that a session
may remain idle without issuing any RPC requests.
A session will be dropped if it is idle for an
interval longer than this number of seconds.
Sessions that have a notification subscription
active are never dropped.
If this parameter is set to zero, then the server
will never drop a session because it is idle.";
type uint32 {
range "0 | 10 .. 360000";
}
units seconds;
default 3600; // 1 hour
}
leaf max-burst {
description
"Specifies the maximum number of notifications
that should be sent to one session, within a
one second time interval. The value 0 indicates
that the server should not limit notification
bursts at all.";
type uint32;
default 10;
}
leaf-list port {
max-elements 4;
description
"Specifies the TCP ports that the server will accept
connections from. These ports must also be configured
in the /etc/ssh/sshd_config file for the SSH master
server to accept the connection and invoke the netconf
subsystem.
Up to 4 port numbers can be configured.
If any ports are configured, then only those values
will be accepted by the server.
If no ports are configured, then the server will accept
connections on the netconf-ssh port (tcp/830).";
type inet:port-number;
}
uses ncxapp:ModuleParm;
uses ncxapp:DeviationParm;
uses ncxapp:DatapathParm;
leaf running-error {
description
"Controls the server behavior if any errors are
encountered while validating the running database
during the initial load of the running configuration
at boot-time.";
type enumeration {
enum stop {
description
"Terminate the program if any errors are
encountered in the running configuration.";
}
enum continue {
description
"Continue the program if any errors are
encountered in the running configuration.
Altering the running configuration will fail
until the commit validation tests succeed.";
}
}
default stop;
}
uses StartupChoice;
leaf startup-error {
description
"Controls the server behavior if any errors are
encountered while loading the startup configuration
file into the running configuration at boot-time.
It is possible for the startup configuration
to contain errors within optional nodes. If this
parameter is set to 'continue', then the validation
tests on the running config (controlled by running-error)
should not fail due to missing optional nodes.";
type enumeration {
enum stop {
description
"Terminate the program if any errors are
encountered in the startup configuration.";
}
enum continue {
description
"Continue the program if any errors are
encountered in the startup configuration.
The entire module-specific data structure(s)
containing the error node(s) will not be added
to the running configuration at boot-time.";
}
}
default stop;
}
leaf superuser {
description
"The user name to use as the superuser account.
Any session associated with this user name
will bypass all access control enforcement.
See yuma-nacm.yang for more details.
To disable the superuser account completely,
set this parameter to the empty string or do
not set it at all. The default mode is to
disable superuser access.";
type union {
type nt:NcxName;
type string { length 0; }
}
}
leaf system-sorted {
description
"Indicates whether ordered-by system leaf-lists
and lists will be kept in sorted order.";
type boolean;
default true;
}
leaf target {
description
"The database to use as the target of edit-config
operations.";
type enumeration {
enum running {
description
"Write to the running config and support
the :writable-running capability.";
}
enum candidate {
description
"Write to the candidate config and support
the :candidate and :confirmed-commit
capabilities.";
}
}
// default is set in the agt_profile
default candidate;
}
leaf usexmlorder {
description
"If present, then XML element order will be enforced.
Otherwise, XML element order errors will not be
generated if possible. Default is no enforcement of
strict XML order.";
type empty;
}
leaf with-startup {
description
"If set to 'true', then the :startup capability will be
enabled. Otherwise, the :startup capability
will not be enabled. This capability
makes the NV-save operation an explicit operation
instead of an automatic save.";
type boolean;
default false;
}
leaf with-url {
description
"If set to 'true', then the :url capability will be
enabled. Otherwise, the :url capability
will not be enabled. This capability requires a
file system and may introduce security risks
because internal files such as startup-cfg.xml
and backup-cfg.xml will be exposed.";
type boolean;
default true;
}
leaf with-validate {
description
"If set to 'true', then the :validate capability will be
enabled. Otherwise, the :validate capability
will not be enabled. This capability requires
extensive memory resources.";
type boolean;
default true;
}
}
}
|