diff --git a/yang/clixon/clixon-config@2024-08-01.yang b/yang/clixon/clixon-config@2024-08-01.yang deleted file mode 100644 index 2d8d980d..00000000 --- a/yang/clixon/clixon-config@2024-08-01.yang +++ /dev/null @@ -1,1441 +0,0 @@ -module clixon-config { - yang-version 1.1; - namespace "http://clicon.org/config"; - prefix cc; - - import clixon-restconf { - prefix clrc; - } - import clixon-autocli { - prefix autocli; - } - import clixon-lib { - prefix cl; - } - organization - "Clicon / Clixon"; - - contact - "Olof Hagsand "; - - description - "Clixon configuration file - ***** BEGIN LICENSE BLOCK ***** - Copyright (C) 2009-2019 Olof Hagsand - Copyright (C) 2020-2022 Olof Hagsand and Rubicon Communications, LLC(Netgate) - - This file is part of CLIXON - - Licensed under the Apache License, Version 2.0 (the \"License\"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an \"AS IS\" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - Alternatively, the contents of this file may be used under the terms of - the GNU General Public License Version 3 or later (the \"GPL\"), - in which case the provisions of the GPL are applicable instead - of those above. If you wish to allow use of your version of this file only - under the terms of the GPL, and not to allow others to - use your version of this file under the terms of Apache License version 2, - indicate your decision by deleting the provisions above and replace them with - the notice and other provisions required by the GPL. If you do not delete - the provisions above, a recipient may use your version of this file under - the terms of any one of the Apache License version 2 or the GPL. - - ***** END LICENSE BLOCK *****"; - - revision 2024-08-01 { - description - "Added options: - CLICON_YANG_DOMAIN_DIR - CLICON_YANG_USE_ORIGINAL - Released in Clixon 7.2"; - } - revision 2024-04-01 { - description - "Added options: - CLICON_NETCONF_DUPLICATE_ALLOW: Disable duplicate check in NETCONF messages. - CLICON_LOG_DESTINATION: Default log destination - CLICON_LOG_FILE: Which file to log to if file logging - CLICON_DEBUG: Debug flags. - CLICON_YANG_SCHEMA_MOUNT_SHARE: Share same YANGs of equal moint-points. - CLICON_SOCK_PRIO: Enable socket event priority - CLICON_XMLDB_MULTI: Split datastore into multiple sub files - CLICON_CLI_OUTPUT_FORMAT: Default CLI output format - CLICON_AUTOLOCK: Implicit locks - Released in Clixon 7.1"; - } - revision 2024-01-01 { - description - "Changed semantics: - CLICON_VALIDATE_STATE_XML - disable return sanity checks if false - Marked as obsolete: - CLICON_DATASTORE_CACHE - CLICON_NETCONF_CREATOR_ATTR - Changed semantics of - Released in Clixon 7.0"; - } - revision 2023-11-01 { - description - "Added options: - CLICON_NETCONF_CREATOR_ATTR - Released in Clixon 6.5"; - } - revision 2023-05-01 { - description - "Added options: - CLICON_CONFIG_EXTEND - CLICON_PLUGIN_DLOPEN_GLOBAL - Moved datastore-format datatype to clixon-lib - Released in Clixon 6.3"; - } - revision 2023-03-01 { - description - "Added options: - CLICON_RESTCONF_NOALPN_DEFAULT - Extended datastore-format with CLI and text - Released in Clixon 6.2"; - } - revision 2022-12-01 { - description - "Added options: - CLICON_YANG_SCHEMA_MOUNT - Removed (previosly marked) obsolete options: - CLICON_MODULE_LIBRARY_RFC7895 - Released in Clixon 6.1"; - } - revision 2022-11-01 { - description - "Added option: - CLICON_NETCONF_MONITORING - CLICON_NETCONF_MONITORING_LOCATION - Released in Clixon 6.0"; - } - revision 2022-03-21 { - description - "Added option: - CLICON_RESTCONF_API_ROOT - CLICON_NETCONF_BASE_CAPABILITY - CLICON_HTTP_DATA_PATH - CLICON_HTTP_DATA_ROOT - CLICON_CLI_EXPAND_LEAFREF - Released in Clixon 5.7"; - } - revision 2022-02-11 { - description - "Added option: - CLICON_LOG_STRING_LIMIT - CLICON_YANG_LIBRARY - Changed default value: - CLICON_MODULE_LIBRARY_RFC7895 to false - Removed (previosly marked) obsolete options: - CLICON_RESTCONF_PATH - CLICON_RESTCONF_PRETTY - CLICON_CLI_GENMODEL - CLICON_CLI_GENMODEL_TYPE - CLICON_CLI_GENMODEL_COMPLETION - CLICON_CLI_AUTOCLI_EXCLUDE - CLICON_CLI_MODEL_TREENAME - Released in Clixon 5.6"; - } - revision 2021-12-05 { - description - "Imported - clixon-autocli.yang - Removed (previosly marked) obsolete options: - CLICON_YANG_LIST_CHECK - Marked as obsolete: - CLICON_CLI_GENMODEL (use autocli/enable-autocli instead) - CLICON_CLI_GENMODEL_TYPE (use autocli/list-keyword-default and compress rules instead) - CLICON_CLI_GENMODEL_COMPLETION (use autocli/completion-default instead) - CLICON_CLI_AUTOCLI_EXCLUDE (use autocli/module-default, rule/enable logic instead) - CLICON_CLI_MODEL_TREENAME (use constant AUTOCLI_TREENAME instead) - Released in Clixon 5.5"; - } - revision 2021-11-11 { - description - "Added option: - CLICON_PLUGIN_CALLBACK_CHECK - CLICON_YANG_AUGMENT_ACCEPT_BROKEN - Modified options: - CLICON_CLI_GENMODEL_TYPE: added OC_COMPRESS enum - CLICON_YANG_DIR: recursive search - Released in Clixon 5.4"; - } - revision 2021-07-11 { - description - "Added option: - CLICON_RESTCONF_HTTP2_PLAIN - Removed default value: - CLICON_RESTCONF_INSTALLDIR - Marked as obsolete: - CLICON_YANG_LIST_CHECK - Released in Clixon 5.3"; - } - revision 2021-05-20 { - description - "Added option: - CLICON_RESTCONF_USER - CLICON_RESTCONF_PRIVILEGES - CLICON_RESTCONF_INSTALLDIR - CLICON_RESTCONF_STARTUP_DONTUPDATE - CLICON_NETCONF_MESSAGE_ID_OPTIONAL - Released in Clixon 5.2"; - } - revision 2021-03-08 { - description - "Added option: - CLICON_NETCONF_HELLO_OPTIONAL - CLICON_CLI_AUTOCLI_EXCLUDE - CLICON_XMLDB_UPGRADE_CHECKOLD - Released in Clixon 5.1"; - } - revision 2020-12-30 { - description - "Added option: - CLICON_ANONYMOUS_USER - Removed obsolete options: - CLICON_RESTCONF_IPV4_ADDR - CLICON_RESTCONF_IPV6_ADDR - CLICON_RESTCONF_HTTP_PORT - CLICON_RESTCONF_HTTPS_PORT - CLICON_SSL_SERVER_CERT - CLICON_SSL_SERVER_KEY - CLICON_SSL_CA_CERT - CLICON_TRANSACTION_MOD - Marked as obsolete and moved to clixon-restconf.yang: - CLICON_RESTCONF_PATH - CLICON_RESTCONF_PRETTY"; - } - revision 2020-11-03 { - description - "Added CLICON_BACKEND_RESTCONF_PROCESS - Copied to clixon-restconf.yang and marked as obsolete: - CLICON_RESTCONF_IPV4_ADDR - CLICON_RESTCONF_IPV6_ADDR - CLICON_RESTCONF_HTTP_PORT - CLICON_RESTCONF_HTTPS_PORT - CLICON_SSL_SERVER_CERT - CLICON_SSL_SERVER_KEY - CLICON_SSL_CA_CERT - Removed obsolete option CLICON_TRANSACTION_MOD"; - } - revision 2020-10-01 { - description - "Added: CLICON_CONFIGDIR."; - } - revision 2020-08-17 { - description - "Added: CLICON_RESTCONF_IPV4_ADDR, CLICON_RESTCONF_IPV6_ADDR, - CLICON_RESTCONF_HTTP_PORT, CLICON_RESTCONF_HTTPS_PORT - CLICON_NAMESPACE_NETCONF_DEFAULT, - CLICON_CLI_HELPSTRING_TRUNCATE, CLICON_CLI_HELPSTRING_LINES"; - } - revision 2020-06-17 { - description - "Added: CLICON_CLI_LINES_DEFAULT - Added enum HIDE to CLICON_CLI_GENMODEL - Added CLICON_SSL_SERVER_CERT, CLICON_SSL_SERVER_KEY, CLICON_SSL_CA_CERT - Added CLICON_NACM_DISABLED_ON_EMPTY - Removed default valude of CLICON_NACM_RECOVERY_USER"; - } - revision 2020-04-23 { - description - "Added: CLICON_YANG_UNKNOWN_ANYDATA to treat unknown XML (wrt YANG) as anydata. - Deleted: xml-stats non-config data (replaced by rpc stats in clixon-lib.yang)"; - } - revision 2020-02-22 { - description - "Added: search index extension, - Added: clixon-stats state for clixon XML and memory statistics. - Added: CLICON_CLI_BUF_START and CLICON_CLI_BUF_THRESHOLD for quadratic and linear - growth of CLIgen buffers (cbuf:s) - Added: CLICON_VALIDATE_STATE_XML for controling validation of user state XML - Added: CLICON_CLICON_YANG_LIST_CHECK to skip list key checks"; - } - revision 2019-09-11 { - description - "Added: CLICON_BACKEND_USER: drop of privileges to user, - CLICON_BACKEND_PRIVILEGES: how to drop privileges - CLICON_NACM_CREDENTIALS: If and how to check backend sock privileges with NACM - CLICON_NACM_RECOVERY_USER: Name of NACM recovery user."; - } - revision 2019-06-05 { - description - "Added: CLICON_YANG_REGEXP, CLICON_CLI_TAB_MODE, - CLICON_CLI_HIST_FILE, CLICON_CLI_HIST_SIZE, - CLICON_XML_CHANGELOG, CLICON_XML_CHANGELOG_FILE; - Renamed CLICON_XMLDB_CACHE to CLICON_DATASTORE_CACHE (changed type) - Deleted: CLICON_XMLDB_PLUGIN, CLICON_USE_STARTUP_CONFIG"; - } - revision 2019-03-05{ - description - "Changed URN. Changed top-level symbol to clixon-config. - Released in Clixon 3.10"; - } - revision 2019-02-06 { - description - "Released in Clixon 3.9"; - } - revision 2018-10-21 { - description - "Released in Clixon 3.8"; - } - extension search_index { - description "This list argument acts as a search index using optimized binary search. - "; - } - typedef startup_mode{ - description - "Which method to boot/start clicon backend. - The methods differ in how they reach a running state - Which source database to commit from, if any."; - type enumeration{ - enum none{ - description - "Do not touch running state - Typically after crash when running state and db are synched"; - } - enum init{ - description - "Initialize running state. - Start with a completely clean running state"; - } - enum running{ - description - "Commit running db configuration into running state - After reboot if a persistent running db exists"; - } - enum startup{ - description - "Commit startup configuration into running state - After reboot when no persistent running db exists"; - } - enum running-startup{ - description - "First try running db, if it is empty try startup db."; - } - } - } - typedef datastore_cache{ - description - "XML configuration, ie running/candididate/ datastore cache behaviour."; - type enumeration{ - enum nocache{ - description "No cache always work directly with file"; - } - enum cache{ - description "Use in-memory cache. - Make copies when accessing internally."; - } - enum cache-zerocopy{ - description "Use in-memory cache and dont copy. - Fastest but opens up for callbacks changing cache."; - } - } - } - typedef nacm_mode{ - description - "Mode of RFC8341 Network Configuration Access Control Model. - It is unclear from the RFC whether NACM rules are internal - in a configuration (ie embedded in regular config) or external/OOB - in s separate, specific NACM-config"; - type enumeration{ - enum disabled{ - description "NACM is disabled"; - } - enum internal{ - description "NACM is enabled and available in the regular config"; - } - enum external{ - description "NACM is enabled and available in a separate config"; - } - } - } - typedef regexp_mode{ - description - "The regular expression engine Clixon uses in its validation of - Yang patterns, and in the CLI. - Yang RFC 7950 stipulates XSD XML Schema regexps - according to W3 CXML Schema Part 2: Datatypes Second Edition, - see http://www.w3.org/TR/2004/REC-xmlschema-2-20041028#regexs"; - type enumeration{ - enum posix { - description - "Translate XSD XML Schema regexp:s to Posix regexp. This is - not a complete translation, but can be considered good-enough - for Yang use-cases as defined by openconfig and yang-models - for example."; - } - enum libxml2 { - description - "Use libxml2 XSD XML Schema regexp engine. This is a complete - XSD regexp engine.. - Requires libxml2 to be available at configure time - (HAVE_LIBXML2 should be set)"; - } - } - } - typedef priv_mode{ - description - "Privilege mode, used for dropping (or not) privileges to a non-provileged - user after initialization"; - type enumeration{ - enum none { - description - "Make no drop/change in privileges."; - } - enum drop_perm { - description - "After initialization, drop privileges permanently to a uid"; - } - enum drop_temp { - description - "After initialization, drop privileges temporarily to a euid"; - } - } - } - typedef nacm_cred_mode{ - description - "How NACM user should be matched with unix socket peer credentials. - This means nacm user must match socket peer user accessing the - backend socket. For IP sockets only mode none makes sense."; - type enumeration{ - enum none { - description - "Dont match NACM user to any user credentials. Any user can pose - as any other user. Set this for IP sockets, or dont use NACM."; - } - enum exact { - description - "Exact match between NACM user and unix socket peer user."; - } - enum except { - description - "Exact match between NACM user and unix socket peer user, except - for root and www user (restconf)."; - } - } - } - typedef socket_address_family { - description "Address family for internal socket"; - type enumeration{ - enum UNIX { - description "Unix domain socket"; - } - enum IPv4 { - description "IPv4"; - } - enum IPv6 { - description "IPv6"; - } - } - } - typedef log_destination_t { - description - "Log destination flags - Can also be given directly as -l to clixon commands - Note there are also constants in the code (logdstmap) that need to be - in sync with these values. - The duplication is because of bootstrapping, logging is needed before YANG - loaded"; - type bits { - bit syslog { - position 0; - description "Syslog"; - } - bit stderr { - position 1; - description "Standard I/O Error"; - } - bit stdout { - position 2; - description "Standard I/O Output"; - } - bit file { - position 3; - description "Log to file. By default clixon.log int current directory"; - } - } - } - container clixon-config { - container restconf { - uses clrc:clixon-restconf; - } - container autocli { - uses autocli:clixon-autocli; - } - leaf-list CLICON_FEATURE { - description - "Supported features as used by YANG feature/if-feature - value is: :, where and - are either names, or the special character '*'. - *:* means enable all features - :* means enable all features in the specified module - *: means enable the specific feature in all modules"; - type string; - } - /* Configuration */ - leaf CLICON_CONFIGFILE{ - type string; - description - "Location of the main configuration-file. - Default is CLIXON_DEFAULT_CONFIG=/usr/local/etc/clicon.xml set in configure. - Note that due to bootstrapping, this value is not actually read from file - and therefore a default value would be meaningless."; - } - leaf CLICON_CONFIGDIR{ - type string; - description - "Location of directory of extra configuration files. - If not given, only main configfile is read. - If given, and if the directory exists, all files in this directory will be loaded - AFTER the main config file (CLICON_CONFIGFILE) in the following way: - - leaf values are overwritten - - leaf-list values are appended - The files in this directory are loaded alphabetically. - Only files ending with .xml are read - Sub-structures, eg are replaced with the latest (alphabetically) - If the dir is given but does not exist will result in an error. - You can override file setting with -E command-line option. - Note that due to bootstraping this value is only meaningful in the main config file"; - } - leaf CLICON_CONFIG_EXTEND { - type string; - description - "If specified load an application-specific configuration YANG that overrides - this config. - Normally, that YANG imports clixon-config. - This field is a 'bootstrap' field. - "; - } - /* YANG */ - leaf-list CLICON_YANG_DIR { - ordered-by user; - type string; - description - "Yang directory path for finding module and submodule files. - A list of these options should be in the configuration. - When loading a Yang module, Clixon searches this list in the order - they appear. - Note since Clixon 5.4 such a directory is searched recursively, not just the - directory itself. - Ensure that YANG_INSTALLDIR (default - /usr/local/share/clixon) is present in the path"; - } - leaf CLICON_YANG_MAIN_FILE { - type string; - description - "If specified load a yang module in a specific absolute filename. - This corresponds to the -y command-line option in most CLixon - programs."; - } - leaf CLICON_YANG_MAIN_DIR { - type string; - description - "If given, load all modules in this directory (all .yang files) - See also CLICON_YANG_DIR which specifies a path of dirs"; - } - leaf CLICON_YANG_DOMAIN_DIR { - type string; - description - "Virtual domain directory for RFC 8528 mount-points. - If set and domain is given, instead of loading from CLICON_YANG_MAIN_DIR, - look for .yang files first in CLICON_YANG_DOMAIN_DIR/domain, - where domain is given as yangmnt:mount-point ; - Useful in eg mountpoints where another YANG domain may be required, - even isolated from the main YANG context, as well as from other moint-points. - Note that CLICON_YANG_DIR that may be given as library YANGs are not isolated. - If not set, use CLICON_YANG_MAIN_DIR as default."; - } - leaf CLICON_YANG_MODULE_MAIN { - type string; - description - "Option used to construct initial yang file: - [@]"; - } - leaf CLICON_YANG_MODULE_REVISION { - type string; - description - "Option used to construct initial yang file: - [@]. - Used together with CLICON_YANG_MODULE_MAIN"; - } - leaf CLICON_YANG_REGEXP { - type regexp_mode; - default posix; - description - "The regular expression engine Clixon uses in its validation of - Yang patterns, and in the CLI. - There is a 'good-enough' posix translation mode and a complete - libxml2 mode"; - } - leaf CLICON_YANG_UNKNOWN_ANYDATA{ - type boolean; - default false; - description - "Treat unknown XML/JSON nodes as anydata when loading from startup db. - This does not apply to namespaces, which means a top-level node: xxx:yyy - is accepted only if yyy is unknown, not xxx. - Note that this option has several caveats which needs to be fixed. Please - use with care. - The primary issue is that the unknown->anydata handling is not restricted to - only loading from startup but may occur in other circumstances as well. This - means that sanity checks of erroneous XML/JSON may not be properly signalled. - Note this is similar to what happens to YANG nodes that are disabled by a false - if-feature statement."; - } - leaf CLICON_YANG_SCHEMA_MOUNT{ - type boolean; - description - "YANG schema mount, RFC 8528. - When enabled, mount-points as defined by the 'yangmnt:mount-point' extension can - be populated by other YANGs than the root. - This is controlled by the ca_yang_mount plugin callback by returning a assigning a - yanglib module-set section that corresponds to the mounted YANGs. - Also, schema mount statistics is added to state data - Further, autocli syntax is added by definining a tree resolve wrapper"; - default false; - } - leaf CLICON_YANG_SCHEMA_MOUNT_SHARE { - type boolean; - description - "For optimization purposes, share same YANGs of equal moint-points. - The mount-points need to be 'equal' in the sense that it has the same YANG - (yangmnt:mount-point is on same node). - A comparison is made between yang modules and revision and must match exactly. - If so, a new yang-spec is not created, instead the other is used. - Only if CLICON_YANG_SCHEMA_MOUNT is enabled"; - default false; - } - leaf CLICON_YANG_AUGMENT_ACCEPT_BROKEN { - type boolean; - default false; - description - "Debug option. If enabled, accept broken augments on the form: - augment { ... } - where is an XPath which MUST be an existing node but for many - yangmodels do not. - There are several cases why this may be the case: - - syntax errors, - - features that need to be enabled - - wrong XPaths, etc - This option should be enabled only for passing some testcases it should - normally never be enabled in system YANGs that are used in a system."; - } - leaf CLICON_YANG_LIBRARY { - type boolean; - default true; - description - "Enable YANG library support as state data according to RFC8525. - If enabled, module info will appear when doing netconf get or - restconf GET. - The module state data is on the form: - ... - instead where the module state is on the form: - ... - See also CLICON_XMLDB_MODSTATE where the module state info is used to tag datastores - with module information."; - } - leaf CLICON_YANG_USE_ORIGINAL{ - type boolean; - default false; - description - "YANG memory optimization. - If set, for a selected set of YANG nodes, (see uses_orig_ptr()): - For augmented and grouping/uses, use original YANG node instead of the derived node. - This is safe if all content of derived node is not changed (eg read-only). - It is not safe if the derived node is in some way different than the original node. - "; - } - /* Backend */ - leaf CLICON_BACKEND_DIR { - type string; - description - "Location of backend .so plugins. Load all .so - plugins in this dir as backend plugins"; - } - leaf CLICON_BACKEND_REGEXP { - type string; - description - "Regexp of matching backend plugins in CLICON_BACKEND_DIR"; - default "(.so)$"; - } - leaf CLICON_BACKEND_USER { - type string; - description - "User name for backend (both foreground and daemonized). - If you set this value the backend if started as root will lower - the privileges after initialization. - The ownership of files created by the backend will also be set to this - user (eg datastores). - It also sets the backend unix socket owner to this user, but its group - is set by CLICON_SOCK_GROUP. - See also CLICON_BACKEND_PRIVILEGES setting"; - } - leaf CLICON_BACKEND_PRIVILEGES { - type priv_mode; - default none; - description - "Backend privileges mode. - If CLICON_BACKEND_USER user is set, mode can be set to drop_perm or - drop_temp. - Drop privs may not be used together with CLICON_XMLDB_MULTI"; - } - leaf CLICON_BACKEND_PIDFILE { - type string; - mandatory true; - description "Process-id file of backend daemon"; - } - leaf CLICON_BACKEND_RESTCONF_PROCESS { - type boolean; - default false; - description - "If set, enable process-control of restconf daemon, ie start/stop restconf - daemon internally from backend daemon. - Also, if set, restconf daemon queries backend for its config - if not set, restconf daemon reads its config from main config file - It uses clixon-restconf.yang for config and clixon-lib.yang for RPC - Process control of restconf daemon is as follows: - - on RPC start, if enable is true, start the service, if false, error or ignore it - - on RPC stop, stop the service - - on backend start make the state as configured - - on enable change, make the state as configured - Disable if you start the restconf daemon by other means."; - } - /* Netconf */ - leaf CLICON_NETCONF_DIR{ - type string; - description "Location of netconf (frontend) .so plugins"; - } - leaf CLICON_NETCONF_HELLO_OPTIONAL { - type boolean; - default false; - description - "This option relates to RFC 6241 Sec 8.1 Capabilies Exchange where it says: - When the NETCONF session is opened, each peer (both client and server) MUST - send a element... - If true, an RPC can be processed directly with no preceeding hello message. - This is legacy clixon but invalid according to the RFC. - If false, NETCONF hello messages are mandatory before any RPC can be processed. - That is, if clixon receives an rpc with no previous hello message, an error - is returned, which conforms to the RFC. - Note this applies only to external NETCONF, not the internal (IPC) netconf"; - } - leaf CLICON_NETCONF_MESSAGE_ID_OPTIONAL { - type boolean; - default false; - description - "This option relates to RFC 6241 Sec 4.1 Element - The element has a mandatory attribute 'message-id', which is a - string chosen by the sender of the RPC. - If true, an RPC can be sent without a message-id. - This applies to both external NETCONF and internal (IPC) netconf"; - } - leaf CLICON_NETCONF_BASE_CAPABILITY { - type int32; - default 1; - description - "This option relates to RFC6241 Sec 8.1 capabilities exchange. - This number is the highest netconf base capability announced during - the hello protocol. - Specifically, If the option number is 0, only 'urn:ietf:params:netconf:base:1.0' - is announced, if it is 1, both 'urn:ietf:params:netconf:base:1.0' and - 'urn:ietf:params:netconf:base:1.1' are announced. - Base capability '1' includes switching over to chunked framing as defined in - RFC6242 for example. - This only applies to the external NETCONF"; - } - leaf CLICON_NETCONF_CREATOR_ATTR { - type boolean; - default false; - description - "If set, clixon will accept the 'creator' attribute as defined by the - creator annotation in clixon-lib. - It can be used when several clients (such as a 'service') can create the same object. - If one such client/service is deleted, the object is deleted only if all services - that created the object are deleted. - The clixon controller uses this feature, but could in principle be used by other - applications. - Marked as obsolete in 7.0 since creators attribute replaced by clixon-lib creators - config"; - status obsolete; - } - leaf CLICON_NETCONF_MONITORING { - type boolean; - default true; - description - "Enable Netconf monitoring support as state data according to RFC6022. - If enabled, netconf monitoring info will appear when doing netconf get or - restconf GET."; - } - leaf CLICON_NETCONF_MONITORING_LOCATION { - type string; - description - "Extra Netconf monitoring location directory where schemas can be retrieved - apart from NETCONF. - Only if CLICON_NETCONF_MONITORING"; - } - leaf CLICON_NETCONF_DUPLICATE_ALLOW { - type boolean; - default false; - description - "Disable duplicate check in NETCONF messages. - In Clixon 7.0, a stricter check of duplicate entries in incoming NETCONF messages was made. - More specifically: lists and leaf-lists with non-unique entries. - Enable to disable this check, and to allow duplicates in incoming NETCONF messages. - Note that this is an error by such a client, but there is some legacy code that uses this"; - } - /* HTTP and Restconf */ - leaf CLICON_RESTCONF_API_ROOT { - type string; - default "/restconf"; - description - "The RESTCONF API root path - See RFC 8040 Sec 1.16 and 3.1"; - } - leaf CLICON_RESTCONF_DIR { - type string; - description - "Location of restconf (frontend) .so plugins. Load all .so - plugins in this dir as restconf code plugins - Note: This cannot be moved to clixon-restconf.yang because it is needed - early in the bootstrapping phase, before clixon-restconf.yang config may - be loaded."; - } - leaf CLICON_RESTCONF_INSTALLDIR { - type string; - description - "If set, path to dir of clixon-restconf daemon binary as used by backend if - started internally (run-time). - If this path is not set, clixon_restconf will be looked for according to - configured installdir: $(sbindir) (install-time) - Since programs can be moved around at install/cross-compile time the installed - dir may be difficult to know at install time, which is the reason why - CLICON_RESTCONF_INSTALLDIR exists, in order to override the Makefile - installdir. - Note on the installdir, DESTDIR is not included since according to man pages: - by specifying DESTDIR should not change the operation of the software in - any way, so its value should not be included in any file contents. "; - } - leaf CLICON_RESTCONF_STARTUP_DONTUPDATE { - type boolean; - default false; - description - "According to RFC 8040 Sec 1.4: - If the NETCONF server supports :startup, the RESTCONF server MUST automatically - update the [...] startup configuration [...] as a consequence of a RESTCONF - edit operation. - Setting this option disables this behaviour, ie the startup configuration is NOT - automatically updated. - If this option is false, the startup is automatically updated following the RFC"; - } - leaf CLICON_RESTCONF_USER { - type string; - description - "Run clixon_daemon as this user - When drop privileges is used, the daemon will drop privileges to this user. - In pre-5.2 code this was configured as compile-time constant WWWUSER with - default value www-data - See also CLICON_PRIVILEGES setting"; - default www-data; - } - leaf CLICON_RESTCONF_PRIVILEGES { - type priv_mode; - default drop_perm; - description - "Restconf privileges mode. - If drop_perm or drop_temp then drop privileges to CLICON_RESTCONF_USER. - If the platform does not support getresuid and accompanying functions, the mode - must be set to 'none'. - "; - } - leaf CLICON_RESTCONF_HTTP2_PLAIN { - type boolean; - default false; - description - "Applies to plain (non-tls) http/2 ie when clixon is configured with --enable-nghttp2 - If false, disable direct and upgrade for plain(non-tls) HTTP/2. - If true, allow direct and upgrade for plain(non-tls) HTTP/2. - It may especially useful to disable in http/1 + http/2 mode to avoid the complex - upgrade/switch from http/1 to http/2. - Note this also disables plain http/2 in prior-knowledge, that is, in http/2-only mode. - HTTP/2 in https(TLS) is unaffected"; - } - leaf CLICON_NOALPN_DEFAULT { - type string; - description - "By default Clixon Restconf over TLS/HTTPS uses ALPN for protocol selection. - This option controls the behavior if a client does NOT use ALPN for TLS. - AND both http/1 and http/2 is configured in Clixon. - If the value is not set (or other value), Clixon closes the socket(reset) - If the value is 'http/1.1' then HTTP/1.1 is selected - If the value is 'http/2' then HTTP/2 is selected - Note that if Clixon is configured for only HTTP/1 (--disable-nghttp2), - then HTTP/1 is selected if the client does not use ALPN. - Likewise, if Clixon is configured for only HTTP/2 (--disable-http1), - then HTTP/2 is selected if the client does not use ALPN. - This option does not apply for plain (non-TLS) HTTP"; - } - leaf CLICON_HTTP_DATA_PATH { - if-feature "clrc:http-data"; - default "/"; - type string; - description - "URI match for http-data serving files specified by CLICON_HTTP_DATA_ROOT. - Must start with / (example: /) - Restconf paths at /restconf is always done before data (or streams) - The PATH is appended to CLICON_HTTP_DATA_ROOT to find a file. - Example, if PATH is /data and ROOT is /www, and a GET /index.html, the - corresponding file is '/www/data/index.html' - Both feature clixon-restconf:http-data and restconf/enable-http-data - must be enabled for this match to occur."; - } - leaf CLICON_HTTP_DATA_ROOT{ - if-feature "clrc:http-data"; - type string; - default "/var/www"; - description - "Location in file system where http-data files are looked for. - Soft links, '..', '~' etc are not followed. - See also CLICON_HTTP_DATA_PATH - Both feature clixon-restconf:http-data and restconf/enable-http-data - must be enabled for this match to occur."; - } - /* Clixon CLI */ - leaf CLICON_CLI_DIR { - type string; - description - "Directory containing frontend cli loadable plugins. Load all .so - plugins in this directory as CLI object plugins"; - } - leaf CLICON_CLISPEC_DIR { - type string; - description - "Directory containing frontend cligen spec files. Load all .cli - files in this directory as CLI specification files. - See also CLICON_CLISPEC_FILE."; - } - leaf CLICON_CLISPEC_FILE { - type string; - description - "Specific frontend cligen spec file as alternative or complement - to CLICON_CLISPEC_DIR. Also available as -c in clixon_cli."; - } - leaf CLICON_CLI_MODE { - type string; - default "base"; - description - "Startup CLI mode. This should match a CLICON_MODE variable set in - one of the clispec files"; - } - leaf CLICON_CLI_VARONLY { - type int32; - default 1; - description - "Dont include keys in cvec in cli vars callbacks, - ie a & k in 'a k ' ignored - (consider boolean)"; - } - leaf CLICON_CLI_LINESCROLLING { - type int32; - default 1; - description - "Set to 0 if you want CLI INPUT to wrap to next line. - Set to 1 if you want CLI INPUT to scroll sideways when approaching - right margin"; - } - leaf CLICON_CLI_LINES_DEFAULT { - type int32; - default 24; - description - "Set to number of CLI terminal rows for scrolling. 0 means unlimited. - The number is set statically UNLESS: - - there is no terminal, such as file input, in which case nr lines is 0 - - there is a terminal sufficiently powerful to read the number of lines from - ioctl calls. - In other words, this setting is used ONLY on raw terminals such as serial - consoles."; - } - leaf CLICON_CLI_TAB_MODE { - type int8; - default 0; - description - "Set CLI tab mode. This is a bitfield of three bits: - bit 1: 0: shows short info of available commands - 1: has same output as , ie line per command - bit 2: 0: On , select a command over a if both exist - 1: Commands and vars have same preference. - bit 3: 0: On , never complete more than one level per - 1: Complete all levels at once if possible. - "; - } - leaf CLICON_CLI_UTF8 { - type int8; - default 0; - description - "Set to 1 to enable CLIgen UTF-8 experimental mode. - Note that this feature is EXPERIMENTAL and may not properly handle - scrolling, control characters, etc - (consider boolean)"; - } - leaf CLICON_CLI_HIST_FILE { - type string; - default "~/.clixon_cli_history"; - description - "Name of CLI history file. If not given, history is not saved. - The number of lines is saved is given by CLICON_CLI_HIST_SIZE."; - } - leaf CLICON_CLI_HIST_SIZE { - type int32; - default 300; - description - "Number of lines to save in CLI history. - Also, if CLICON_CLI_HIST_FILE is set, also the size in lines - of the saved history."; - } - leaf CLICON_CLI_BUF_START { - type uint32; - default 256; - description - "CLIgen buffer (cbuf) initial size. - When the buffer needs to grow, the allocation grows quadratic up to a threshold - after which linear growth continues. - See CLICON_CLI_BUF_THRESHOLD"; - } - leaf CLICON_CLI_BUF_THRESHOLD { - type uint32; - default 65536; - description - "CLIgen buffer (cbuf) threshold size. - When the buffer exceeds the threshold, the allocation grows by adding the threshold - value to the buffer length. - If 0, the growth continues with quadratic growth. - See CLICON_CLI_BUF_THRESHOLD"; - } - leaf CLICON_CLI_HELPSTRING_TRUNCATE { - type boolean; - default false; - description - "CLIgen help string on query (?): Truncate help string on right margin mode - This only applies if you have long help strings, such as when generating them from a - spec such as the autocli"; - } - leaf CLICON_CLI_HELPSTRING_LINES { - type int32; - default 0; - description - "CLIgen help string on query (?) limit of number of lines to show, 0 means unlimited. - This only applies if you have multi-line help strings, such as when generating - from a spec, such as in the autocli."; - } - leaf CLICON_CLI_EXPAND_LEAFREF { - type boolean; - default false; - description - "If true, then CLI expansion of leafrefs (in expand_dbvar) are done using the - source values, not the references. - This applies to the autocli but also in a handcrafted CLI if expand_dbvar is used. - Example, assume ifref with leafref pointing to source if values: - abc - b - If true, expansion will suggest a, b, c (source if values) - If false, expansion will suggest b (destination ifref values) - While setting this value makes sense for adding new values, it makes less sense for - deleting."; - } - leaf CLICON_CLI_OUTPUT_FORMAT { - type cl:datastore_format; - default xml; - description - "Default CLI output format."; - } - /* Internal socket */ - leaf CLICON_SOCK_FAMILY { - type socket_address_family; - default UNIX; - description - "Address family for communicating with clixon_backend with one of: - Note IPv6 not implemented. - Note that UNIX socket makes credential check as follows: - (1) client needs rw access to the socket - (2) NACM credentials can be checked according to CLICON_NACM_CREDENTIALS - Warning: Only UNIX (not IPv4) sockets have credential mechanism. - "; - } - leaf CLICON_SOCK { - type string; - mandatory true; - description - "String description of Clixon Internal (IPC) socket that connects a clixon - client to the clixon backend. This string is dependent on family. - If CLICON_SOCK_FAMILY is: - - UNIX: The value is a Unix socket path - - IPv4: IPv4 address string - - IPv6: IPv6 address string (NYI)"; - } - leaf CLICON_SOCK_PORT { - type int32; - default 4535; - description - "Inet socket port for communicating with clixon_backend - (only IPv4|IPv6)"; - } - leaf CLICON_SOCK_GROUP { - type string; - default "clicon"; - description - "Group membership to access clixon_backend unix socket and gid for - deamon"; - } - leaf CLICON_SOCK_PRIO { - type boolean; - default false; - description - "Enable socket event priority. - If enabled, a file-descriptor can be registered as high prio. - Presently, the backend socket has higher prio than others. - (should be made more generic) - Note that a side-effect of enabling this option is that fairness of - non-prio events is disabled - This is useful if the backend opens other sockets, such as the controller"; - } - leaf CLICON_AUTOCOMMIT { - type int32; - default 0; - description - "Set if all configuration changes are committed automatically - on every edit change. Explicit commit commands unnecessary - If confirm-commit, follow RESTCONF semantics: commit ephemeral but fail on - persistent confirming commit. - (consider boolean)"; - } - leaf CLICON_AUTOLOCK { - type boolean; - default false; - description - "Set if all edit-config implicitly locks without the need of an explicit lock-db - In short, the lock is obtained by edit-config and copy-config and released by - discard and commit. - Also, any edits in candidate are discarded if the client closes the connection. - This effectively disables shared candidate"; - } - /* Datastore XMLDB */ - leaf CLICON_DATASTORE_CACHE { - type datastore_cache; - default cache; - description - "Clixon datastore cache behaviour. There are three values: no cache, - cache with copy, or cache without copy. - Note: 'cache' is default value and supported with regressions etc. - Others are experimental (in Clixon 5.5) - Note that from 7.0 this is OBSOLETED, only datastore_cache is supported"; - status obsolete; - } - leaf CLICON_XMLDB_DIR { - type string; - mandatory true; - description - "Directory where datastores such as \"running\", \"candidate\" and \"startup\" - are placed. - If CLICON_XMLDB_MULTI is enabled, this is the directory where a datastore - subdir is stored, such as \"running.d/\" - "; - } - leaf CLICON_XMLDB_FORMAT { - type cl:datastore_format; - default xml; - description "XMLDB datastore format."; - } - leaf CLICON_XMLDB_PRETTY { - type boolean; - default true; - description - "XMLDB datastore pretty print. - If set, insert spaces and line-feeds making the XML/JSON human - readable. If not set, make the XML/JSON more compact."; - } - leaf CLICON_XMLDB_MODSTATE { - type boolean; - default false; - description - "If set, tag datastores with RFC 8525 YANG Module Library - info. - By default, modstate is added last in datastore. - When loaded at startup, a check is made if the system - yang modules match."; - } - leaf CLICON_XMLDB_UPGRADE_CHECKOLD { - type boolean; - default true; - description - "Controls behavior of check of startup in upgrade scenarios. - If set, yang bind and check datastore syntax against the old Yang. - The old yang must be accessible via YANG_DIR. - Will fail startup if old yang not found or if old config does not match. - If not set, no yang check of old config is made until it is upgraded to new yang."; - } - leaf CLICON_XMLDB_MULTI { - type boolean; - default false; - description - "Split configure datastore into multiple sub files - Uses .d/ directory structure with .xml and 0.xml as root - JSON not supported. - Splits are marked in YANG using extension xl:xmldb-split, (typical usage is - mount-points). - Note that algorithm for not updating unchanged files only applies to edits, - commit copies all files regardless. - May not work together with CLICON_BACKEND_PRIVILEGES=drop and root, since - new files need to be created in XMLDB_DIR"; - } - leaf CLICON_XML_CHANGELOG { - type boolean; - default false; - description "If true enable automatic upgrade using yang clixon - changelog."; - } - leaf CLICON_XML_CHANGELOG_FILE { - type string; - description "Name of file with module revision changelog. - If CLICON_XML_CHANGELOG is true, Clixon - reads the module changelog from this file."; - } - leaf CLICON_VALIDATE_STATE_XML { - type boolean; - default false; - description - "Validate user state callback content. - AND NETCONF reply sanity (misnomer) - Users may register state callbacks using ca_statedata callback - When set, the XML returned from the callback is validated after merging with - the running db. If it fails, an internal error is returned to the originating - user. - If the option is not set, the XML returned by the user is not validated. - Note that enabling currently causes a large performance overhead for large - lists, therefore it is recommended to enable it during development and debugging - but disable it in production, until this has been resolved."; - } - leaf CLICON_PLUGIN_CALLBACK_CHECK { - type int32; - default 0; - description - "Debug option. - If >0, make a check of resources before and after each plugin callback code - to check if the plugin violated resources. - This is primarily intended for development and debugging but may also be enabled - in a running system. - If 1, errors will be logged to syslog as WARNINGs. - If 2, the program will abort using assert() on first error - The checks are currently made by plugin_context_check() and include: - - termios settings - - signal vectors - The checks will be made for all callbacks as defined in struct clixon_plugin_api - as well as the CLIgen callbacks. - See https://clixon-docs.readthedocs.io/en/latest/backend.html#plugin-callback-guidelines"; - } - leaf CLICON_PLUGIN_DLOPEN_GLOBAL { - type boolean; - default false; - description - "Local/global flag for dlopen as described in the man page. - This applies to the opening of all clixon plugins (backend/cli/netconf/restconf) - when loading the shared .so file with dlopen. - If false: Symbols defined in this shared object are not made available to resolve - references in subsequently loaded shared objects (default). - If true: The symbols defined by this shared object will be made available for symbol res‐ - olution of subsequently loaded shared objects."; - } - leaf CLICON_NAMESPACE_NETCONF_DEFAULT { - type boolean; - default false; - description - "Undefine if you want to ensure strict namespace assignment on all netconf - and XML statements according to the standard RFC 6241. - If defined, top-level rpc calls need not have namespaces (eg using xmlns=) - since the default NETCONF namespace will be assumed. (This is not standard). - See rfc6241 3.1: urn:ietf:params:xml:ns:netconf:base:1.0."; - } - leaf CLICON_STARTUP_MODE { - type startup_mode; - description "Which method to boot/start clicon backend"; - } - leaf CLICON_ANONYMOUS_USER { - type string; - default "anonymous"; - description - "Name of anonymous user. - The current only case where such a user is used is in RESTCONF authentication when - auth-type=none and no known user is known."; - } - /* Network Configuration Access Control Model (NACM) */ - leaf CLICON_NACM_MODE { - type nacm_mode; - default disabled; - description - "RFC8341 network access configuration control model (NACM) mode: disabled, - in regular (internal) config or separate external file given by CLICON_NACM_FILE"; - } - leaf CLICON_NACM_FILE { - type string; - description - "RFC8341 NACM external configuration file (if CLIXON_NACM_MODE is external)"; - } - leaf CLICON_NACM_CREDENTIALS { - type nacm_cred_mode; - default except; - description - "Verify nacm user credentials with unix socket peer cred. - This means nacm user must match unix user accessing the backend - socket."; - } - leaf CLICON_NACM_RECOVERY_USER { - type string; - description - "RFC8341 defines a 'recovery session' as outside its scope. Clixon - defines this user as having special admin rights to exempt from - all access control enforcements. - Note setting of CLICON_NACM_CREDENTIALS is important, if set to - exact for example, this user must exist and be used, otherwise - another user (such as root or www) can pose as the recovery user."; - } - leaf CLICON_NACM_DISABLED_ON_EMPTY { - type boolean; - default false; - description - "RFC 8341 and ietf-netconf-acm@2018-02-14.yang defines enable-nacm as true by - default. Since also write-default is deny by default it leads to that empty - configs can not be edited. - This means that a startup config must always have a NACM configuration or - that the NACM recovery session is used to edit an empty config. - If this option is set, Clixon disables NACM if a datastore does NOT contain a - NACM config on load."; - } - leaf CLICON_MODULE_SET_ID { - type string; - default "0"; - description - "Only if CLICON_YANG_LIBRARY enabled. - Contains a server-specific identifier representing the current set of modules - and submodules. The server MUST change the value of this leaf if the - information represented by the 'module' list instances has changed. - The /yang-library/content-id state-data leaf is set with this value - If CLICON_MODULE_LIBRARY_RFC7895 is enabled, it sets the modules-state/module-set-id - instead"; - } - /* Notification streams */ - leaf CLICON_STREAM_DISCOVERY_RFC5277 { - type boolean; - default false; - description - "Enable event stream discovery as described in RFC 5277 - section 3.2. If enabled, available streams will appear - when doing netconf get or restconf GET"; - } - leaf CLICON_STREAM_DISCOVERY_RFC8040 { - type boolean; - default false; - description - "Enable monitoring information for the RESTCONF protocol from RFC 8040 as specified - in module ietf-restconf-monitoring.yang - Note that the name of this option is misleading, the monitoring module defines state - for both capabilities and streams, not only streams which the name indicates. - Also, consider changinf default to true."; - } - leaf CLICON_STREAM_PATH { - type string; - default "streams"; - description - "Stream path appended to CLICON_STREAM_URL to form - stream subscription URL. - See CLICON_RESTCONF_API_ROOT and CLICON_HTTP_DATA_ROOT - Should be changed to include '/' "; - } - leaf CLICON_STREAM_URL { - type string; - default "https://localhost"; - description "Prepend this to CLICON_STREAM_PATH to form URL. - See RFC 8040 Sec 9.3 location leaf: - 'Contains a URL that represents the entry point for - establishing notification delivery via server-sent events.' - Prepend this constant to name of stream. - Example: https://localhost/streams/NETCONF. Note this is the - external URL, not local behind a reverse-proxy. - Note that -s command-line option to clixon_restconf - should correspond to last path of url (eg 'streams')"; - } - leaf CLICON_STREAM_PUB { - type string; - description "For stream publish using eg nchan, the base address - to publish to. Example value: http://localhost/pub - Example: stream NETCONF would then be pushed to - http://localhost/pub/NETCONF. - Note this may be a local/provate URL behind reverse-proxy. - If not given, do NOT enable stream publishing using NCHAN."; - } - leaf CLICON_STREAM_RETENTION { - type uint32; - default 3600; - units s; - description "Retention for stream replay buffers in seconds, ie how much - data to store before dropping. 0 means no retention"; - } - /* Log and debug */ - leaf CLICON_DEBUG{ - type cl:clixon_debug_t; - description - "Debug flags as bitfields. - Can also be given directly as -D to clixon commands (which overrides this)."; - } - leaf CLICON_LOG_DESTINATION { - type log_destination_t; - description - "Log destination. - If not given, default log destination is syslog for all applications, - except clixon_cli where default is stderr. - See also command-line option -l "; - } - leaf CLICON_LOG_FILE { - type string; - description - "Which file to log to if log destination is file - That is CLIXON_LOG_DESTINATION is FILE or command started with -l f"; - } - leaf CLICON_LOG_STRING_LIMIT { - type uint32; - default 0; - description - "Length limitation of debug and log strings. - Especially useful for dynamic debug strings, such as packet dumps. - 0 means no limit"; - } - /* SNMP */ - leaf-list CLICON_SNMP_MIB { - description - "Names of MIBs that are used by clixon_snmp. - For each MIB M, a YANG file M.yang is expected to be found. - If not found, an error is genereated. - The YANG file M.yang is typically generated from the source MIB but can also - be handcrafted. An example of such a script is scripts/mib_to_yang.sh. - A list of these options should be in the configuration."; - type string; - } - leaf CLICON_SNMP_AGENT_SOCK { - type string; - default "unix:/tmp/clixon_snmp.sock"; - description - "String description of AgentX socket that clixon_snmp listens to. - For example, for net-snmpd, the socket is created by using the following: - --agentXSocket=unix: - This string currently only supports UNIX socket path. - Note also that the user should consider setting permissions appropriately - XXX: This should be in later yang revision and documented as added when - merged with master"; - } - } -} diff --git a/yang/clixon/clixon-lib@2024-04-01.yang b/yang/clixon/clixon-lib@2024-04-01.yang deleted file mode 100644 index e8e252c3..00000000 --- a/yang/clixon/clixon-lib@2024-04-01.yang +++ /dev/null @@ -1,523 +0,0 @@ -module clixon-lib { - yang-version 1.1; - namespace "http://clicon.org/lib"; - prefix cl; - - import ietf-yang-types { - prefix yang; - } - import ietf-netconf-monitoring { - prefix ncm; - } - import ietf-yang-metadata { - prefix "md"; - } - organization - "Clicon / Clixon"; - - contact - "Olof Hagsand "; - - description - "***** BEGIN LICENSE BLOCK ***** - Copyright (C) 2009-2019 Olof Hagsand - Copyright (C) 2020-2022 Olof Hagsand and Rubicon Communications, LLC(Netgate) - - This file is part of CLIXON - - Licensed under the Apache License, Version 2.0 (the \"License\"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an \"AS IS\" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - Alternatively, the contents of this file may be used under the terms of - the GNU General Public License Version 3 or later (the \"GPL\"), - in which case the provisions of the GPL are applicable instead - of those above. If you wish to allow use of your version of this file only - under the terms of the GPL, and not to allow others to - use your version of this file under the terms of Apache License version 2, - indicate your decision by deleting the provisions above and replace them with - the notice and other provisions required by the GPL. If you do not delete - the provisions above, a recipient may use your version of this file under - the terms of any one of the Apache License version 2 or the GPL. - - ***** END LICENSE BLOCK ***** - - Clixon Netconf extensions for communication between clients and backend. - This scheme adds: - - Added values of RFC6022 transport identityref - - RPCs for debug, stats and process-control - - Informal description of attributes - - Clixon also extends NETCONF for internal use with some internal attributes. These - are not visible for external usage bit belongs to the namespace of this YANG. - The internal attributes are: - - content (also RESTCONF) - - depth (also RESTCONF) - - username - - autocommit - - copystartup - - transport (see RFC6022) - - source-host (see RFC6022) - - objectcreate - - objectexisted - - link # For split multiple XML files - "; - revision 2024-04-01 { - description - "Added: debug bits type - Added: xmldb-split extension - Added: Default format - Released in Clixon 7.1"; - } - revision 2024-01-01 { - description - "Removed container creators from 6.5 - Released in 7.0"; - } - revision 2023-11-01 { - description - "Added ignore-compare extension - Added creator meta configuration - Removed obsolete extension autocli-op - Released in 6.5.0"; - } - revision 2023-05-01 { - description - "Restructured and extended stats rpc to schema mountpoints - Moved datastore-format typedef from clixon-config - "; - } - revision 2023-03-01 { - description - "Added creator meta-object"; - } - revision 2022-12-01 { - description - "Added values of RFC6022 transport identityref - Added description of internal netconf attributes"; - } - revision 2021-12-05 { - description - "Obsoleted: extension autocli-op"; - } - revision 2021-11-11 { - description - "Changed: RPC stats extended with YANG stats"; - } - revision 2021-03-08 { - description - "Changed: RPC process-control output to choice dependent on operation"; - } - revision 2020-12-30 { - description - "Changed: RPC process-control output parameter status to pid"; - } - revision 2020-12-08 { - description - "Added: autocli-op extension. - rpc process-control for process/daemon management - Released in clixon 4.9"; - } - revision 2020-04-23 { - description - "Added: stats RPC for clixon XML and memory statistics. - Added: restart-plugin RPC for restarting individual plugins without restarting backend."; - } - revision 2019-08-13 { - description - "No changes (reverted change)"; - } - revision 2019-06-05 { - description - "ping rpc added for liveness"; - } - revision 2019-01-02 { - description - "Released in Clixon 3.9"; - } - typedef service-operation { - type enumeration { - enum start { - description - "Start if not already running"; - } - enum stop { - description - "Stop if running"; - } - enum restart { - description - "Stop if running, then start"; - } - enum status { - description - "Check status"; - } - } - description - "Common operations that can be performed on a service"; - } - typedef datastore_format{ - description - "Datastore format (only xml and json implemented in actual data."; - type enumeration{ - enum xml{ - description - "Save and load xmldb as XML - More specifically, such a file looks like: ... provided - DATASTORE_TOP_SYMBOL is 'config'"; - } - enum json{ - description "Save and load xmldb as JSON"; - } - enum text{ - description "'Curly' C-like text format"; - } - enum cli{ - description "CLI format"; - } - enum default{ - description "Default format"; - } - } - } - typedef clixon_debug_t { - description - "Debug flags. - Flags are seperated into subject areas and detail - Can also be given directly as -D to clixon commands - Note there are also constants in the code that need to be in sync with these values"; - type bits { - /* Subjects: */ - bit default { - description "Default logs"; - position 0; - } - bit msg { - description "In/out messages"; - position 1; - } - bit init { - description "Initialization"; - position 2; - } - bit xml { - description "XML processing"; - position 3; - } - bit xpath { - description "XPath processing"; - position 4; - } - bit yang { - description "YANG processing"; - position 5; - } - bit backend { - description "Backend-specific"; - position 6; - } - bit cli { - description "CLI frontend"; - position 7; - } - bit netconf { - description "NETCONF frontend"; - position 8; - } - bit restconf { - description "RESTCONF frontend"; - position 9; - } - bit snmp { - description "SNMP frontend"; - position 10; - } - bit nacm { - description "NACM processing"; - position 11; - } - bit proc { - description "Process handling"; - position 12; - } - bit datastore { - description "Datastore xmldb management"; - position 13; - } - bit event { - description "Event processing"; - position 14; - } - bit rpc { - description "RPC handling"; - position 15; - } - bit stream { - description "Notification streams"; - position 16; - } - bit parse { - description "Parser: XML,YANG, etc"; - position 17; - } - bit app { - description "External applications"; - position 20; - } - bit app2 { - description "External application"; - position 21; - } - bit app3 { - description "External application 2"; - position 22; - } - /* Detail level: */ - bit detail { - description "Details: traces, parse trees, etc"; - position 24; - } - bit detail2 { - description "Extra details"; - position 25; - } - bit detail3 { - description "Probably more detail than you want"; - position 26; - } - } - } - identity snmp { - description - "SNMP"; - base ncm:transport; - } - identity netconf { - description - "Just NETCONF without specific underlying transport, - Clixon uses stdio for its netconf client and therefore does not know whether it is - invoked in a script, by a NETCONF/SSH subsystem, etc"; - base ncm:transport; - } - identity restconf { - description - "RESTCONF either as HTTP/1 or /2, TLS or not, reverse proxy (eg fcgi/nginx) or native"; - base ncm:transport; - } - identity cli { - description - "A CLI session"; - base ncm:transport; - } - extension ignore-compare { - description - "The object should be ignored when comparing device configs for equality. - The object should never be added, modified, or deleted on target. - Essentially a read-only object - One example is auto-created objects by the controller, such as uid."; - } - extension xmldb-split { - description - "When split configuration stores are used, ie CLICON_XMLDB_MULTI is set, - This extension marks where in the configuration tree, one file terminates - and a new sub-file is written. - A designer adds the 'xmldb-split' extension to a YANG node which should be split. - For example, a split could be made at mountpoints. - See also the 'link 'attribute. - "; - } - md:annotation creator { - type string; - description - "This annotation contains the name of a creator of an object. - One application is the clixon controller where multiple services can - create the same object. When such a service is deleted (or changed) one needs to keep - track of which service created what. - Limitations: only objects that are actually added or deleted. - A sub-object will not be noted"; - } - rpc debug { - description - "Set debug flags of backend. - Note only numerical values"; - input { - leaf level { - type uint32; - } - } - } - rpc ping { - description "Check aliveness of backend daemon."; - } - rpc stats { /* Could be moved to state */ - description "Clixon yang and datastore statistics."; - input { - leaf modules { - description "If enabled include per-module statistics"; - type boolean; - mandatory false; - } - } - output { - container global{ - description - "Clixon global statistics. - These are global counters incremented by new() and decreased by free() calls. - This number is higher than the sum of all datastore/module residing objects, since - objects may be used for other purposes than datastore/modules"; - leaf xmlnr{ - description - "Number of existing XML objects: number of residing xml/json objects - in the internal 'cxobj' representation."; - type uint64; - } - leaf yangnr{ - description - "Number of resident YANG objects. "; - type uint64; - } - } - container datastores{ - list datastore{ - description "Per datastore statistics for cxobj"; - key "name"; - leaf name{ - description "Name of datastore (eg running)."; - type string; - } - leaf nr{ - description "Number of XML objects. That is number of residing xml/json objects - in the internal 'cxobj' representation."; - type uint64; - } - leaf size{ - description "Size in bytes of internal datastore cache of datastore tree."; - type uint64; - } - } - } - container module-sets{ - list module-set{ - description "Statistics per domain, eg top-level and mount-points"; - key "name"; - leaf name{ - description "Name of YANG domain."; - type string; - } - leaf nr{ - description - "Total number of YANG objects in set"; - type uint64; - } - leaf size{ - description - "Total size in bytes of internal YANG object representation for module set"; - type uint64; - } - list module{ - description "Statistics per module (if modules set in input)"; - key "name"; - leaf name{ - description "Name of YANG module."; - type string; - } - leaf nr{ - description - "Number of YANG objects. That is number of residing YANG objects"; - type uint64; - } - leaf size{ - description - "Size in bytes of internal YANG object representation."; - type uint64; - } - } - } - } - } - } - rpc restart-plugin { - description "Restart specific backend plugins."; - input { - leaf-list plugin { - description "Name of plugin to restart"; - type string; - } - } - } - rpc process-control { - description - "Control a specific process or daemon: start/stop, etc. - This is for direct managing of a process by the backend. - Alternatively one can manage a daemon via systemd, containerd, kubernetes, etc."; - input { - leaf name { - description "Name of process"; - type string; - mandatory true; - } - leaf operation { - type service-operation; - mandatory true; - description - "One of the strings 'start', 'stop', 'restart', or 'status'."; - } - } - output { - choice result { - case status { - description - "Output from status rpc"; - leaf active { - description - "True if process is running, false if not. - More specifically, there is a process-id and it exists (in Linux: kill(pid,0). - Note that this is actual state and status is administrative state, - which means that changing the administrative state, eg stopped->running - may not immediately switch active to true."; - type boolean; - } - leaf description { - type string; - description "Description of process. This is a static string"; - } - leaf command { - type string; - description "Start command with arguments"; - } - leaf status { - description - "Administrative status (except on external kill where it enters stopped - directly from running): - stopped: pid=0, No process running - running: pid set, Process started and believed to be running - exiting: pid set, Process is killed by parent but not waited for"; - type string; - } - leaf starttime { - description "Time of starting process UTC"; - type yang:date-and-time; - } - leaf pid { - description "Process-id of main running process (if active)"; - type uint32; - } - } - case other { - description - "Output from start/stop/restart rpc"; - leaf ok { - type empty; - } - } - } - } - } -} diff --git a/yang/clixon/clixon-restconf@2022-08-01.yang b/yang/clixon/clixon-restconf@2022-08-01.yang deleted file mode 100644 index cfaf0e17..00000000 --- a/yang/clixon/clixon-restconf@2022-08-01.yang +++ /dev/null @@ -1,327 +0,0 @@ -module clixon-restconf { - yang-version 1.1; - namespace "http://clicon.org/restconf"; - prefix "clrc"; - - import ietf-inet-types { - prefix inet; - } - - organization - "Clixon"; - - contact - "Olof Hagsand "; - - description - "This YANG module provides a data-model for the Clixon RESTCONF daemon. - There is also clixon-config also including some restconf options. - The separation is not always logical but there are some reasons for the split: - 1. Some data (ie 'socket') is structurally complex and cannot be expressed as a - simple option - 2. clixon-restconf is defined as a macro/grouping and can be included in - other YANGs. In particular, it can be used inside a datastore, which - is not possible for clixon-config. - 3. Related to (2), options that should not be settable in a datastore should be - in clixon-config - - Some of this spec if in-lined from ietf-restconf-server@2022-05-24.yang - "; - revision 2022-08-01 { - description - "Added socket/call-home container - Released in Clixon 5.9"; - } - revision 2022-03-21 { - description - "Added feature: - http-data - Limited static http server - Released in Clixon 5.7"; - } - revision 2021-05-20 { - description - "Added log-destination for restconf - Released in Clixon 5.2"; - } - revision 2021-03-15 { - description - "make authentication-type none a feature - Added flag to enable core dumps - Released in Clixon 5.1"; - } - revision 2020-12-30 { - description - "Added: debug field - Added 'none' as default value for auth-type - Changed http-auth-type enum from 'password' to 'user'"; - } - revision 2020-10-30 { - description - "Initial release"; - } - feature fcgi { - description - "This feature indicates that the restconf server supports the fast-cgi reverse - proxy solution. - That is, a reverse proxy is the HTTP front-end and the restconf daemon listens - to a fcgi socket. - The alternative is the internal native HTTP solution."; - } - - feature allow-auth-none { - description - "This feature allows the use of authentication-type none."; - } - - feature http-data { - description - "This feature allows for a very limited static http-data function as - addition to RESTCONF. - It is limited to: - 1. path: Local static files within WWW_DATA_ROOT - 2. operation GET, HEAD, OPTIONS - 3. query parameters not supported - 4. indata should be NULL (no write operations) - 5. Limited media: text/html, JavaScript, image, and css - 6. Authentication as restconf - 7. HTTP/1+2, TLS as restconf"; - } - typedef http-auth-type { - type enumeration { - enum none { - if-feature "allow-auth-none"; - description - "Incoming message are set to authenticated by default. No ca-auth callback is called, - Authenticated user is set to special user 'none'. - Typically assumes NACM is not enabled."; - } - enum client-certificate { - description - "TLS client certificate validation is made on each incoming message. If it passes - the authenticated user is extracted from the SSL_CN parameter - The ca-auth callback can be used to revise this behavior."; - } - enum user { - description - "User-defined authentication as defined by the ca-auth callback. - One example is some form of password authentication, such as basic auth."; - } - } - description - "Enumeration of HTTP authorization types."; - } - typedef log-destination { - type enumeration { - enum syslog { - description - "Log to syslog with: - ident: clixon_restconf and PID - facility: LOG_USER"; - } - enum file { - description - "Log to generated file at /var/log/clixon_restconf.log"; - } - } - } - grouping clixon-restconf{ - description - "HTTP RESTCONF configuration."; - leaf enable { - type boolean; - default "false"; - description - "Enables RESTCONF functionality. - Note that starting/stopping of a restconf daemon is different from it being - enabled or not. - For example, if the restconf daemon is under systemd management, the restconf - daemon will only start if enable=true."; - } - leaf enable-http-data { - type boolean; - default "false"; - if-feature "http-data"; - description - "Enables Limited static http-data functionality. - enable must be true for this option to be meaningful."; - } - leaf auth-type { - type http-auth-type; - description - "The authentication type. - Note client-certificate applies only if ssl-enable is true and socket has ssl"; - default user; - } - leaf debug { - description - "Set debug level of restconf daemon. - 0 is no debug, 1 is debugging, more is detailed debug. - Debug logs will be directed to log-destination with LOG_DEBUG level (for syslog)"; - type uint32; - default 0; - } - leaf log-destination { - description - "Log destination. - If debug is not set, only notice, error and warning will be logged"; - type log-destination; - default syslog; - } - leaf enable-core-dump { - description - "enable core dumps. - this is a no-op on systems that don't support it."; - type boolean; - default false; - } - leaf pretty { - type boolean; - default true; - description - "Restconf return value pretty print. - Restconf clients may add HTTP header: - Accept: application/yang-data+json, or - Accept: application/yang-data+xml - to get return value in XML or JSON. - RFC 8040 examples print XML and JSON in pretty-printed form. - Setting this value to false makes restconf return not pretty-printed - which may be desirable for performance or tests - This replaces the CLICON_RESTCONF_PRETTY option in clixon-config.yang"; - } - /* From this point only specific options - * First fcgi-specific options - */ - leaf fcgi-socket { - if-feature fcgi; /* Set by default by fcgi clixon_restconf daemon */ - type string; - default "/www-data/fastcgi_restconf.sock"; - description - "Path to FastCGI unix socket. Should be specified in webserver - Eg in nginx: fastcgi_pass unix:/www-data/clicon_restconf.sock - Only if with-restconf=fcgi, NOT native - This replaces CLICON_RESTCONF_PATH option in clixon-config.yang"; - } - /* Second, local native options */ - leaf server-cert-path { - type string; - description - "Path to server certificate file. - Note only applies if socket has ssl enabled"; - } - leaf server-key-path { - type string; - description - "Path to server key file - Note only applies if socket has ssl enabled"; - } - leaf server-ca-cert-path { - type string; - description - "Path to server CA cert file - Note only applies if socket has ssl enabled"; - } - list socket { - description - "List of server sockets that the restconf daemon listens to. - Not fcgi"; - key "namespace address port"; - leaf namespace { - type string; - description - "Network namespace. - On platforms where namespaces are not suppported, 'default' - Default value can be changed by RESTCONF_NETNS_DEFAULT"; - } - leaf address { - type inet:ip-address; - description "IP address to bind to"; - } - leaf port { - type inet:port-number; - description "TCP port to bind to"; - } - leaf description{ - type string; - } - leaf ssl { - type boolean; - default true; - description "Enable for HTTPS otherwise HTTP protocol"; - } - /* Some of this in-lined from ietf-restconf-server@2022-05-24.yang */ - container call-home { - presence - "Identifies that the server has been configured to initiate - call home connections. - If set, address/port refers to destination."; - description - "See RFC 8071 NETCONF Call Home and RESTCONF Call Home"; - container connection-type { - description - "Indicates the RESTCONF server's preference for how the - RESTCONF connection is maintained."; - choice connection-type { - mandatory true; - description - "Selects between available connection types."; - case persistent-connection { - container persistent { - presence - "Indicates that a persistent connection is to be - maintained."; - } - } - case periodic-connection { - container periodic { - presence - "Indicates periodic connects"; - leaf period { - type uint32; /* XXX: note uit16 in std */ - units "seconds"; /* XXX: note minutes in draft */ - default "3600"; /* XXX: same: 60min in draft */ - description - "Duration of time between periodic connections."; - } - leaf idle-timeout { - type uint16; - units "seconds"; - default "120"; // two minutes - description - "Specifies the maximum number of seconds that - the underlying TCP session may remain idle. - A TCP session will be dropped if it is idle - for an interval longer than this number of - seconds. If set to zero, then the server - will never drop a session because it is idle."; - } - } - } - } - } - container reconnect-strategy { - leaf max-attempts { - type uint8 { - range "1..max"; - } - default "3"; - description - "Specifies the number times the RESTCONF server tries - to connect to a specific endpoint before moving on to - the next endpoint in the list (round robin)."; - } - } - } - } - } - container restconf { - description - "This presence is strictly not necessary since the enable flag - in clixon-restconf is the flag bearing the actual semantics. - However, removing the presence leads to default config in all - clixon installations, even those which do not use backend-started restconf. - One could see this as mostly cosmetically annoying. - Alternative would be to make the inclusion of this yang conditional."; - presence "Enables RESTCONF"; - uses clixon-restconf; - } -} diff --git a/yang/mandatory/ietf-list-pagination-nc@2024-07-08.yang b/yang/mandatory/ietf-list-pagination-nc@2024-10-21.yang similarity index 99% rename from yang/mandatory/ietf-list-pagination-nc@2024-07-08.yang rename to yang/mandatory/ietf-list-pagination-nc@2024-10-21.yang index 2505d2ef..87a304ab 100644 --- a/yang/mandatory/ietf-list-pagination-nc@2024-07-08.yang +++ b/yang/mandatory/ietf-list-pagination-nc@2024-10-21.yang @@ -54,7 +54,7 @@ module ietf-list-pagination-nc { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2024-07-08 { + revision 2024-10-21 { description "Initial revision."; reference diff --git a/yang/mandatory/ietf-list-pagination@2024-07-08.yang b/yang/mandatory/ietf-list-pagination@2024-10-21.yang similarity index 99% rename from yang/mandatory/ietf-list-pagination@2024-07-08.yang rename to yang/mandatory/ietf-list-pagination@2024-10-21.yang index f06477f4..4d857b46 100644 --- a/yang/mandatory/ietf-list-pagination@2024-07-08.yang +++ b/yang/mandatory/ietf-list-pagination@2024-10-21.yang @@ -9,7 +9,6 @@ module ietf-list-pagination { reference "RFC 8342: Network Management Datastore Architecture (NMDA)"; } - import ietf-yang-types { prefix yang; reference @@ -21,6 +20,7 @@ module ietf-list-pagination { reference "RFC 7952: Defining and Using Metadata with YANG"; } + import ietf-system-capabilities { prefix sysc; reference @@ -63,14 +63,13 @@ module ietf-list-pagination { (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision 2024-07-08 { + revision 2024-10-21 { description "Initial revision."; reference "RFC XXXX: List Pagination for YANG-driven Protocols"; } - // Annotations md:annotation remaining { @@ -343,6 +342,7 @@ module ietf-list-pagination { } // Protocol-accessible nodes + augment "/sysc:system-capabilities/sysc:datastore-capabilities" + "/sysc:per-node-capabilities" {