module clixon-config { yang-version 1.1; namespace "http://clicon.org/config"; prefix cc; import clixon-restconf { prefix clrc; } import clixon-autocli { prefix autocli; } import clixon-lib { prefix cl; } organization "Clicon / Clixon"; contact "Olof Hagsand "; description "Clixon configuration file ***** BEGIN LICENSE BLOCK ***** Copyright (C) 2009-2019 Olof Hagsand Copyright (C) 2020-2022 Olof Hagsand and Rubicon Communications, LLC(Netgate) This file is part of CLIXON Licensed under the Apache License, Version 2.0 (the \"License\"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Alternatively, the contents of this file may be used under the terms of the GNU General Public License Version 3 or later (the \"GPL\"), in which case the provisions of the GPL are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of the GPL, and not to allow others to use your version of this file under the terms of Apache License version 2, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the GPL. If you do not delete the provisions above, a recipient may use your version of this file under the terms of any one of the Apache License version 2 or the GPL. ***** END LICENSE BLOCK *****"; revision 2024-08-01 { description "Added options: CLICON_YANG_DOMAIN_DIR CLICON_YANG_USE_ORIGINAL Released in Clixon 7.2"; } revision 2024-04-01 { description "Added options: CLICON_NETCONF_DUPLICATE_ALLOW: Disable duplicate check in NETCONF messages. CLICON_LOG_DESTINATION: Default log destination CLICON_LOG_FILE: Which file to log to if file logging CLICON_DEBUG: Debug flags. CLICON_YANG_SCHEMA_MOUNT_SHARE: Share same YANGs of equal moint-points. CLICON_SOCK_PRIO: Enable socket event priority CLICON_XMLDB_MULTI: Split datastore into multiple sub files CLICON_CLI_OUTPUT_FORMAT: Default CLI output format CLICON_AUTOLOCK: Implicit locks Released in Clixon 7.1"; } revision 2024-01-01 { description "Changed semantics: CLICON_VALIDATE_STATE_XML - disable return sanity checks if false Marked as obsolete: CLICON_DATASTORE_CACHE CLICON_NETCONF_CREATOR_ATTR Changed semantics of Released in Clixon 7.0"; } revision 2023-11-01 { description "Added options: CLICON_NETCONF_CREATOR_ATTR Released in Clixon 6.5"; } revision 2023-05-01 { description "Added options: CLICON_CONFIG_EXTEND CLICON_PLUGIN_DLOPEN_GLOBAL Moved datastore-format datatype to clixon-lib Released in Clixon 6.3"; } revision 2023-03-01 { description "Added options: CLICON_RESTCONF_NOALPN_DEFAULT Extended datastore-format with CLI and text Released in Clixon 6.2"; } revision 2022-12-01 { description "Added options: CLICON_YANG_SCHEMA_MOUNT Removed (previosly marked) obsolete options: CLICON_MODULE_LIBRARY_RFC7895 Released in Clixon 6.1"; } revision 2022-11-01 { description "Added option: CLICON_NETCONF_MONITORING CLICON_NETCONF_MONITORING_LOCATION Released in Clixon 6.0"; } revision 2022-03-21 { description "Added option: CLICON_RESTCONF_API_ROOT CLICON_NETCONF_BASE_CAPABILITY CLICON_HTTP_DATA_PATH CLICON_HTTP_DATA_ROOT CLICON_CLI_EXPAND_LEAFREF Released in Clixon 5.7"; } revision 2022-02-11 { description "Added option: CLICON_LOG_STRING_LIMIT CLICON_YANG_LIBRARY Changed default value: CLICON_MODULE_LIBRARY_RFC7895 to false Removed (previosly marked) obsolete options: CLICON_RESTCONF_PATH CLICON_RESTCONF_PRETTY CLICON_CLI_GENMODEL CLICON_CLI_GENMODEL_TYPE CLICON_CLI_GENMODEL_COMPLETION CLICON_CLI_AUTOCLI_EXCLUDE CLICON_CLI_MODEL_TREENAME Released in Clixon 5.6"; } revision 2021-12-05 { description "Imported clixon-autocli.yang Removed (previosly marked) obsolete options: CLICON_YANG_LIST_CHECK Marked as obsolete: CLICON_CLI_GENMODEL (use autocli/enable-autocli instead) CLICON_CLI_GENMODEL_TYPE (use autocli/list-keyword-default and compress rules instead) CLICON_CLI_GENMODEL_COMPLETION (use autocli/completion-default instead) CLICON_CLI_AUTOCLI_EXCLUDE (use autocli/module-default, rule/enable logic instead) CLICON_CLI_MODEL_TREENAME (use constant AUTOCLI_TREENAME instead) Released in Clixon 5.5"; } revision 2021-11-11 { description "Added option: CLICON_PLUGIN_CALLBACK_CHECK CLICON_YANG_AUGMENT_ACCEPT_BROKEN Modified options: CLICON_CLI_GENMODEL_TYPE: added OC_COMPRESS enum CLICON_YANG_DIR: recursive search Released in Clixon 5.4"; } revision 2021-07-11 { description "Added option: CLICON_RESTCONF_HTTP2_PLAIN Removed default value: CLICON_RESTCONF_INSTALLDIR Marked as obsolete: CLICON_YANG_LIST_CHECK Released in Clixon 5.3"; } revision 2021-05-20 { description "Added option: CLICON_RESTCONF_USER CLICON_RESTCONF_PRIVILEGES CLICON_RESTCONF_INSTALLDIR CLICON_RESTCONF_STARTUP_DONTUPDATE CLICON_NETCONF_MESSAGE_ID_OPTIONAL Released in Clixon 5.2"; } revision 2021-03-08 { description "Added option: CLICON_NETCONF_HELLO_OPTIONAL CLICON_CLI_AUTOCLI_EXCLUDE CLICON_XMLDB_UPGRADE_CHECKOLD Released in Clixon 5.1"; } revision 2020-12-30 { description "Added option: CLICON_ANONYMOUS_USER Removed obsolete options: CLICON_RESTCONF_IPV4_ADDR CLICON_RESTCONF_IPV6_ADDR CLICON_RESTCONF_HTTP_PORT CLICON_RESTCONF_HTTPS_PORT CLICON_SSL_SERVER_CERT CLICON_SSL_SERVER_KEY CLICON_SSL_CA_CERT CLICON_TRANSACTION_MOD Marked as obsolete and moved to clixon-restconf.yang: CLICON_RESTCONF_PATH CLICON_RESTCONF_PRETTY"; } revision 2020-11-03 { description "Added CLICON_BACKEND_RESTCONF_PROCESS Copied to clixon-restconf.yang and marked as obsolete: CLICON_RESTCONF_IPV4_ADDR CLICON_RESTCONF_IPV6_ADDR CLICON_RESTCONF_HTTP_PORT CLICON_RESTCONF_HTTPS_PORT CLICON_SSL_SERVER_CERT CLICON_SSL_SERVER_KEY CLICON_SSL_CA_CERT Removed obsolete option CLICON_TRANSACTION_MOD"; } revision 2020-10-01 { description "Added: CLICON_CONFIGDIR."; } revision 2020-08-17 { description "Added: CLICON_RESTCONF_IPV4_ADDR, CLICON_RESTCONF_IPV6_ADDR, CLICON_RESTCONF_HTTP_PORT, CLICON_RESTCONF_HTTPS_PORT CLICON_NAMESPACE_NETCONF_DEFAULT, CLICON_CLI_HELPSTRING_TRUNCATE, CLICON_CLI_HELPSTRING_LINES"; } revision 2020-06-17 { description "Added: CLICON_CLI_LINES_DEFAULT Added enum HIDE to CLICON_CLI_GENMODEL Added CLICON_SSL_SERVER_CERT, CLICON_SSL_SERVER_KEY, CLICON_SSL_CA_CERT Added CLICON_NACM_DISABLED_ON_EMPTY Removed default valude of CLICON_NACM_RECOVERY_USER"; } revision 2020-04-23 { description "Added: CLICON_YANG_UNKNOWN_ANYDATA to treat unknown XML (wrt YANG) as anydata. Deleted: xml-stats non-config data (replaced by rpc stats in clixon-lib.yang)"; } revision 2020-02-22 { description "Added: search index extension, Added: clixon-stats state for clixon XML and memory statistics. Added: CLICON_CLI_BUF_START and CLICON_CLI_BUF_THRESHOLD for quadratic and linear growth of CLIgen buffers (cbuf:s) Added: CLICON_VALIDATE_STATE_XML for controling validation of user state XML Added: CLICON_CLICON_YANG_LIST_CHECK to skip list key checks"; } revision 2019-09-11 { description "Added: CLICON_BACKEND_USER: drop of privileges to user, CLICON_BACKEND_PRIVILEGES: how to drop privileges CLICON_NACM_CREDENTIALS: If and how to check backend sock privileges with NACM CLICON_NACM_RECOVERY_USER: Name of NACM recovery user."; } revision 2019-06-05 { description "Added: CLICON_YANG_REGEXP, CLICON_CLI_TAB_MODE, CLICON_CLI_HIST_FILE, CLICON_CLI_HIST_SIZE, CLICON_XML_CHANGELOG, CLICON_XML_CHANGELOG_FILE; Renamed CLICON_XMLDB_CACHE to CLICON_DATASTORE_CACHE (changed type) Deleted: CLICON_XMLDB_PLUGIN, CLICON_USE_STARTUP_CONFIG"; } revision 2019-03-05{ description "Changed URN. Changed top-level symbol to clixon-config. Released in Clixon 3.10"; } revision 2019-02-06 { description "Released in Clixon 3.9"; } revision 2018-10-21 { description "Released in Clixon 3.8"; } extension search_index { description "This list argument acts as a search index using optimized binary search. "; } typedef startup_mode{ description "Which method to boot/start clicon backend. The methods differ in how they reach a running state Which source database to commit from, if any."; type enumeration{ enum none{ description "Do not touch running state Typically after crash when running state and db are synched"; } enum init{ description "Initialize running state. Start with a completely clean running state"; } enum running{ description "Commit running db configuration into running state After reboot if a persistent running db exists"; } enum startup{ description "Commit startup configuration into running state After reboot when no persistent running db exists"; } enum running-startup{ description "First try running db, if it is empty try startup db."; } } } typedef datastore_cache{ description "XML configuration, ie running/candididate/ datastore cache behaviour."; type enumeration{ enum nocache{ description "No cache always work directly with file"; } enum cache{ description "Use in-memory cache. Make copies when accessing internally."; } enum cache-zerocopy{ description "Use in-memory cache and dont copy. Fastest but opens up for callbacks changing cache."; } } } typedef nacm_mode{ description "Mode of RFC8341 Network Configuration Access Control Model. It is unclear from the RFC whether NACM rules are internal in a configuration (ie embedded in regular config) or external/OOB in s separate, specific NACM-config"; type enumeration{ enum disabled{ description "NACM is disabled"; } enum internal{ description "NACM is enabled and available in the regular config"; } enum external{ description "NACM is enabled and available in a separate config"; } } } typedef regexp_mode{ description "The regular expression engine Clixon uses in its validation of Yang patterns, and in the CLI. Yang RFC 7950 stipulates XSD XML Schema regexps according to W3 CXML Schema Part 2: Datatypes Second Edition, see http://www.w3.org/TR/2004/REC-xmlschema-2-20041028#regexs"; type enumeration{ enum posix { description "Translate XSD XML Schema regexp:s to Posix regexp. This is not a complete translation, but can be considered good-enough for Yang use-cases as defined by openconfig and yang-models for example."; } enum libxml2 { description "Use libxml2 XSD XML Schema regexp engine. This is a complete XSD regexp engine.. Requires libxml2 to be available at configure time (HAVE_LIBXML2 should be set)"; } } } typedef priv_mode{ description "Privilege mode, used for dropping (or not) privileges to a non-provileged user after initialization"; type enumeration{ enum none { description "Make no drop/change in privileges."; } enum drop_perm { description "After initialization, drop privileges permanently to a uid"; } enum drop_temp { description "After initialization, drop privileges temporarily to a euid"; } } } typedef nacm_cred_mode{ description "How NACM user should be matched with unix socket peer credentials. This means nacm user must match socket peer user accessing the backend socket. For IP sockets only mode none makes sense."; type enumeration{ enum none { description "Dont match NACM user to any user credentials. Any user can pose as any other user. Set this for IP sockets, or dont use NACM."; } enum exact { description "Exact match between NACM user and unix socket peer user."; } enum except { description "Exact match between NACM user and unix socket peer user, except for root and www user (restconf)."; } } } typedef socket_address_family { description "Address family for internal socket"; type enumeration{ enum UNIX { description "Unix domain socket"; } enum IPv4 { description "IPv4"; } enum IPv6 { description "IPv6"; } } } typedef log_destination_t { description "Log destination flags Can also be given directly as -l to clixon commands Note there are also constants in the code (logdstmap) that need to be in sync with these values. The duplication is because of bootstrapping, logging is needed before YANG loaded"; type bits { bit syslog { position 0; description "Syslog"; } bit stderr { position 1; description "Standard I/O Error"; } bit stdout { position 2; description "Standard I/O Output"; } bit file { position 3; description "Log to file. By default clixon.log int current directory"; } } } container clixon-config { container restconf { uses clrc:clixon-restconf; } container autocli { uses autocli:clixon-autocli; } leaf-list CLICON_FEATURE { description "Supported features as used by YANG feature/if-feature value is: :, where and are either names, or the special character '*'. *:* means enable all features :* means enable all features in the specified module *: means enable the specific feature in all modules"; type string; } /* Configuration */ leaf CLICON_CONFIGFILE{ type string; description "Location of the main configuration-file. Default is CLIXON_DEFAULT_CONFIG=/usr/local/etc/clicon.xml set in configure. Note that due to bootstrapping, this value is not actually read from file and therefore a default value would be meaningless."; } leaf CLICON_CONFIGDIR{ type string; description "Location of directory of extra configuration files. If not given, only main configfile is read. If given, and if the directory exists, all files in this directory will be loaded AFTER the main config file (CLICON_CONFIGFILE) in the following way: - leaf values are overwritten - leaf-list values are appended The files in this directory are loaded alphabetically. Only files ending with .xml are read Sub-structures, eg are replaced with the latest (alphabetically) If the dir is given but does not exist will result in an error. You can override file setting with -E command-line option. Note that due to bootstraping this value is only meaningful in the main config file"; } leaf CLICON_CONFIG_EXTEND { type string; description "If specified load an application-specific configuration YANG that overrides this config. Normally, that YANG imports clixon-config. This field is a 'bootstrap' field. "; } /* YANG */ leaf-list CLICON_YANG_DIR { ordered-by user; type string; description "Yang directory path for finding module and submodule files. A list of these options should be in the configuration. When loading a Yang module, Clixon searches this list in the order they appear. Note since Clixon 5.4 such a directory is searched recursively, not just the directory itself. Ensure that YANG_INSTALLDIR (default /usr/local/share/clixon) is present in the path"; } leaf CLICON_YANG_MAIN_FILE { type string; description "If specified load a yang module in a specific absolute filename. This corresponds to the -y command-line option in most CLixon programs."; } leaf CLICON_YANG_MAIN_DIR { type string; description "If given, load all modules in this directory (all .yang files) See also CLICON_YANG_DIR which specifies a path of dirs"; } leaf CLICON_YANG_DOMAIN_DIR { type string; description "Virtual domain directory for RFC 8528 mount-points. If set and domain is given, instead of loading from CLICON_YANG_MAIN_DIR, look for .yang files first in CLICON_YANG_DOMAIN_DIR/domain, where domain is given as yangmnt:mount-point ; Useful in eg mountpoints where another YANG domain may be required, even isolated from the main YANG context, as well as from other moint-points. Note that CLICON_YANG_DIR that may be given as library YANGs are not isolated. If not set, use CLICON_YANG_MAIN_DIR as default."; } leaf CLICON_YANG_MODULE_MAIN { type string; description "Option used to construct initial yang file: [@]"; } leaf CLICON_YANG_MODULE_REVISION { type string; description "Option used to construct initial yang file: [@]. Used together with CLICON_YANG_MODULE_MAIN"; } leaf CLICON_YANG_REGEXP { type regexp_mode; default posix; description "The regular expression engine Clixon uses in its validation of Yang patterns, and in the CLI. There is a 'good-enough' posix translation mode and a complete libxml2 mode"; } leaf CLICON_YANG_UNKNOWN_ANYDATA{ type boolean; default false; description "Treat unknown XML/JSON nodes as anydata when loading from startup db. This does not apply to namespaces, which means a top-level node: xxx:yyy is accepted only if yyy is unknown, not xxx. Note that this option has several caveats which needs to be fixed. Please use with care. The primary issue is that the unknown->anydata handling is not restricted to only loading from startup but may occur in other circumstances as well. This means that sanity checks of erroneous XML/JSON may not be properly signalled. Note this is similar to what happens to YANG nodes that are disabled by a false if-feature statement."; } leaf CLICON_YANG_SCHEMA_MOUNT{ type boolean; description "YANG schema mount, RFC 8528. When enabled, mount-points as defined by the 'yangmnt:mount-point' extension can be populated by other YANGs than the root. This is controlled by the ca_yang_mount plugin callback by returning a assigning a yanglib module-set section that corresponds to the mounted YANGs. Also, schema mount statistics is added to state data Further, autocli syntax is added by definining a tree resolve wrapper"; default false; } leaf CLICON_YANG_SCHEMA_MOUNT_SHARE { type boolean; description "For optimization purposes, share same YANGs of equal moint-points. The mount-points need to be 'equal' in the sense that it has the same YANG (yangmnt:mount-point is on same node). A comparison is made between yang modules and revision and must match exactly. If so, a new yang-spec is not created, instead the other is used. Only if CLICON_YANG_SCHEMA_MOUNT is enabled"; default false; } leaf CLICON_YANG_AUGMENT_ACCEPT_BROKEN { type boolean; default false; description "Debug option. If enabled, accept broken augments on the form: augment { ... } where is an XPath which MUST be an existing node but for many yangmodels do not. There are several cases why this may be the case: - syntax errors, - features that need to be enabled - wrong XPaths, etc This option should be enabled only for passing some testcases it should normally never be enabled in system YANGs that are used in a system."; } leaf CLICON_YANG_LIBRARY { type boolean; default true; description "Enable YANG library support as state data according to RFC8525. If enabled, module info will appear when doing netconf get or restconf GET. The module state data is on the form: ... instead where the module state is on the form: ... See also CLICON_XMLDB_MODSTATE where the module state info is used to tag datastores with module information."; } leaf CLICON_YANG_USE_ORIGINAL{ type boolean; default false; description "YANG memory optimization. If set, for a selected set of YANG nodes, (see uses_orig_ptr()): For augmented and grouping/uses, use original YANG node instead of the derived node. This is safe if all content of derived node is not changed (eg read-only). It is not safe if the derived node is in some way different than the original node. "; } /* Backend */ leaf CLICON_BACKEND_DIR { type string; description "Location of backend .so plugins. Load all .so plugins in this dir as backend plugins"; } leaf CLICON_BACKEND_REGEXP { type string; description "Regexp of matching backend plugins in CLICON_BACKEND_DIR"; default "(.so)$"; } leaf CLICON_BACKEND_USER { type string; description "User name for backend (both foreground and daemonized). If you set this value the backend if started as root will lower the privileges after initialization. The ownership of files created by the backend will also be set to this user (eg datastores). It also sets the backend unix socket owner to this user, but its group is set by CLICON_SOCK_GROUP. See also CLICON_BACKEND_PRIVILEGES setting"; } leaf CLICON_BACKEND_PRIVILEGES { type priv_mode; default none; description "Backend privileges mode. If CLICON_BACKEND_USER user is set, mode can be set to drop_perm or drop_temp. Drop privs may not be used together with CLICON_XMLDB_MULTI"; } leaf CLICON_BACKEND_PIDFILE { type string; mandatory true; description "Process-id file of backend daemon"; } leaf CLICON_BACKEND_RESTCONF_PROCESS { type boolean; default false; description "If set, enable process-control of restconf daemon, ie start/stop restconf daemon internally from backend daemon. Also, if set, restconf daemon queries backend for its config if not set, restconf daemon reads its config from main config file It uses clixon-restconf.yang for config and clixon-lib.yang for RPC Process control of restconf daemon is as follows: - on RPC start, if enable is true, start the service, if false, error or ignore it - on RPC stop, stop the service - on backend start make the state as configured - on enable change, make the state as configured Disable if you start the restconf daemon by other means."; } /* Netconf */ leaf CLICON_NETCONF_DIR{ type string; description "Location of netconf (frontend) .so plugins"; } leaf CLICON_NETCONF_HELLO_OPTIONAL { type boolean; default false; description "This option relates to RFC 6241 Sec 8.1 Capabilies Exchange where it says: When the NETCONF session is opened, each peer (both client and server) MUST send a element... If true, an RPC can be processed directly with no preceeding hello message. This is legacy clixon but invalid according to the RFC. If false, NETCONF hello messages are mandatory before any RPC can be processed. That is, if clixon receives an rpc with no previous hello message, an error is returned, which conforms to the RFC. Note this applies only to external NETCONF, not the internal (IPC) netconf"; } leaf CLICON_NETCONF_MESSAGE_ID_OPTIONAL { type boolean; default false; description "This option relates to RFC 6241 Sec 4.1 Element The element has a mandatory attribute 'message-id', which is a string chosen by the sender of the RPC. If true, an RPC can be sent without a message-id. This applies to both external NETCONF and internal (IPC) netconf"; } leaf CLICON_NETCONF_BASE_CAPABILITY { type int32; default 1; description "This option relates to RFC6241 Sec 8.1 capabilities exchange. This number is the highest netconf base capability announced during the hello protocol. Specifically, If the option number is 0, only 'urn:ietf:params:netconf:base:1.0' is announced, if it is 1, both 'urn:ietf:params:netconf:base:1.0' and 'urn:ietf:params:netconf:base:1.1' are announced. Base capability '1' includes switching over to chunked framing as defined in RFC6242 for example. This only applies to the external NETCONF"; } leaf CLICON_NETCONF_CREATOR_ATTR { type boolean; default false; description "If set, clixon will accept the 'creator' attribute as defined by the creator annotation in clixon-lib. It can be used when several clients (such as a 'service') can create the same object. If one such client/service is deleted, the object is deleted only if all services that created the object are deleted. The clixon controller uses this feature, but could in principle be used by other applications. Marked as obsolete in 7.0 since creators attribute replaced by clixon-lib creators config"; status obsolete; } leaf CLICON_NETCONF_MONITORING { type boolean; default true; description "Enable Netconf monitoring support as state data according to RFC6022. If enabled, netconf monitoring info will appear when doing netconf get or restconf GET."; } leaf CLICON_NETCONF_MONITORING_LOCATION { type string; description "Extra Netconf monitoring location directory where schemas can be retrieved apart from NETCONF. Only if CLICON_NETCONF_MONITORING"; } leaf CLICON_NETCONF_DUPLICATE_ALLOW { type boolean; default false; description "Disable duplicate check in NETCONF messages. In Clixon 7.0, a stricter check of duplicate entries in incoming NETCONF messages was made. More specifically: lists and leaf-lists with non-unique entries. Enable to disable this check, and to allow duplicates in incoming NETCONF messages. Note that this is an error by such a client, but there is some legacy code that uses this"; } /* HTTP and Restconf */ leaf CLICON_RESTCONF_API_ROOT { type string; default "/restconf"; description "The RESTCONF API root path See RFC 8040 Sec 1.16 and 3.1"; } leaf CLICON_RESTCONF_DIR { type string; description "Location of restconf (frontend) .so plugins. Load all .so plugins in this dir as restconf code plugins Note: This cannot be moved to clixon-restconf.yang because it is needed early in the bootstrapping phase, before clixon-restconf.yang config may be loaded."; } leaf CLICON_RESTCONF_INSTALLDIR { type string; description "If set, path to dir of clixon-restconf daemon binary as used by backend if started internally (run-time). If this path is not set, clixon_restconf will be looked for according to configured installdir: $(sbindir) (install-time) Since programs can be moved around at install/cross-compile time the installed dir may be difficult to know at install time, which is the reason why CLICON_RESTCONF_INSTALLDIR exists, in order to override the Makefile installdir. Note on the installdir, DESTDIR is not included since according to man pages: by specifying DESTDIR should not change the operation of the software in any way, so its value should not be included in any file contents. "; } leaf CLICON_RESTCONF_STARTUP_DONTUPDATE { type boolean; default false; description "According to RFC 8040 Sec 1.4: If the NETCONF server supports :startup, the RESTCONF server MUST automatically update the [...] startup configuration [...] as a consequence of a RESTCONF edit operation. Setting this option disables this behaviour, ie the startup configuration is NOT automatically updated. If this option is false, the startup is automatically updated following the RFC"; } leaf CLICON_RESTCONF_USER { type string; description "Run clixon_daemon as this user When drop privileges is used, the daemon will drop privileges to this user. In pre-5.2 code this was configured as compile-time constant WWWUSER with default value www-data See also CLICON_PRIVILEGES setting"; default www-data; } leaf CLICON_RESTCONF_PRIVILEGES { type priv_mode; default drop_perm; description "Restconf privileges mode. If drop_perm or drop_temp then drop privileges to CLICON_RESTCONF_USER. If the platform does not support getresuid and accompanying functions, the mode must be set to 'none'. "; } leaf CLICON_RESTCONF_HTTP2_PLAIN { type boolean; default false; description "Applies to plain (non-tls) http/2 ie when clixon is configured with --enable-nghttp2 If false, disable direct and upgrade for plain(non-tls) HTTP/2. If true, allow direct and upgrade for plain(non-tls) HTTP/2. It may especially useful to disable in http/1 + http/2 mode to avoid the complex upgrade/switch from http/1 to http/2. Note this also disables plain http/2 in prior-knowledge, that is, in http/2-only mode. HTTP/2 in https(TLS) is unaffected"; } leaf CLICON_NOALPN_DEFAULT { type string; description "By default Clixon Restconf over TLS/HTTPS uses ALPN for protocol selection. This option controls the behavior if a client does NOT use ALPN for TLS. AND both http/1 and http/2 is configured in Clixon. If the value is not set (or other value), Clixon closes the socket(reset) If the value is 'http/1.1' then HTTP/1.1 is selected If the value is 'http/2' then HTTP/2 is selected Note that if Clixon is configured for only HTTP/1 (--disable-nghttp2), then HTTP/1 is selected if the client does not use ALPN. Likewise, if Clixon is configured for only HTTP/2 (--disable-http1), then HTTP/2 is selected if the client does not use ALPN. This option does not apply for plain (non-TLS) HTTP"; } leaf CLICON_HTTP_DATA_PATH { if-feature "clrc:http-data"; default "/"; type string; description "URI match for http-data serving files specified by CLICON_HTTP_DATA_ROOT. Must start with / (example: /) Restconf paths at /restconf is always done before data (or streams) The PATH is appended to CLICON_HTTP_DATA_ROOT to find a file. Example, if PATH is /data and ROOT is /www, and a GET /index.html, the corresponding file is '/www/data/index.html' Both feature clixon-restconf:http-data and restconf/enable-http-data must be enabled for this match to occur."; } leaf CLICON_HTTP_DATA_ROOT{ if-feature "clrc:http-data"; type string; default "/var/www"; description "Location in file system where http-data files are looked for. Soft links, '..', '~' etc are not followed. See also CLICON_HTTP_DATA_PATH Both feature clixon-restconf:http-data and restconf/enable-http-data must be enabled for this match to occur."; } /* Clixon CLI */ leaf CLICON_CLI_DIR { type string; description "Directory containing frontend cli loadable plugins. Load all .so plugins in this directory as CLI object plugins"; } leaf CLICON_CLISPEC_DIR { type string; description "Directory containing frontend cligen spec files. Load all .cli files in this directory as CLI specification files. See also CLICON_CLISPEC_FILE."; } leaf CLICON_CLISPEC_FILE { type string; description "Specific frontend cligen spec file as alternative or complement to CLICON_CLISPEC_DIR. Also available as -c in clixon_cli."; } leaf CLICON_CLI_MODE { type string; default "base"; description "Startup CLI mode. This should match a CLICON_MODE variable set in one of the clispec files"; } leaf CLICON_CLI_VARONLY { type int32; default 1; description "Dont include keys in cvec in cli vars callbacks, ie a & k in 'a k ' ignored (consider boolean)"; } leaf CLICON_CLI_LINESCROLLING { type int32; default 1; description "Set to 0 if you want CLI INPUT to wrap to next line. Set to 1 if you want CLI INPUT to scroll sideways when approaching right margin"; } leaf CLICON_CLI_LINES_DEFAULT { type int32; default 24; description "Set to number of CLI terminal rows for scrolling. 0 means unlimited. The number is set statically UNLESS: - there is no terminal, such as file input, in which case nr lines is 0 - there is a terminal sufficiently powerful to read the number of lines from ioctl calls. In other words, this setting is used ONLY on raw terminals such as serial consoles."; } leaf CLICON_CLI_TAB_MODE { type int8; default 0; description "Set CLI tab mode. This is a bitfield of three bits: bit 1: 0: shows short info of available commands 1: has same output as , ie line per command bit 2: 0: On , select a command over a if both exist 1: Commands and vars have same preference. bit 3: 0: On , never complete more than one level per 1: Complete all levels at once if possible. "; } leaf CLICON_CLI_UTF8 { type int8; default 0; description "Set to 1 to enable CLIgen UTF-8 experimental mode. Note that this feature is EXPERIMENTAL and may not properly handle scrolling, control characters, etc (consider boolean)"; } leaf CLICON_CLI_HIST_FILE { type string; default "~/.clixon_cli_history"; description "Name of CLI history file. If not given, history is not saved. The number of lines is saved is given by CLICON_CLI_HIST_SIZE."; } leaf CLICON_CLI_HIST_SIZE { type int32; default 300; description "Number of lines to save in CLI history. Also, if CLICON_CLI_HIST_FILE is set, also the size in lines of the saved history."; } leaf CLICON_CLI_BUF_START { type uint32; default 256; description "CLIgen buffer (cbuf) initial size. When the buffer needs to grow, the allocation grows quadratic up to a threshold after which linear growth continues. See CLICON_CLI_BUF_THRESHOLD"; } leaf CLICON_CLI_BUF_THRESHOLD { type uint32; default 65536; description "CLIgen buffer (cbuf) threshold size. When the buffer exceeds the threshold, the allocation grows by adding the threshold value to the buffer length. If 0, the growth continues with quadratic growth. See CLICON_CLI_BUF_THRESHOLD"; } leaf CLICON_CLI_HELPSTRING_TRUNCATE { type boolean; default false; description "CLIgen help string on query (?): Truncate help string on right margin mode This only applies if you have long help strings, such as when generating them from a spec such as the autocli"; } leaf CLICON_CLI_HELPSTRING_LINES { type int32; default 0; description "CLIgen help string on query (?) limit of number of lines to show, 0 means unlimited. This only applies if you have multi-line help strings, such as when generating from a spec, such as in the autocli."; } leaf CLICON_CLI_EXPAND_LEAFREF { type boolean; default false; description "If true, then CLI expansion of leafrefs (in expand_dbvar) are done using the source values, not the references. This applies to the autocli but also in a handcrafted CLI if expand_dbvar is used. Example, assume ifref with leafref pointing to source if values: abc b If true, expansion will suggest a, b, c (source if values) If false, expansion will suggest b (destination ifref values) While setting this value makes sense for adding new values, it makes less sense for deleting."; } leaf CLICON_CLI_OUTPUT_FORMAT { type cl:datastore_format; default xml; description "Default CLI output format."; } /* Internal socket */ leaf CLICON_SOCK_FAMILY { type socket_address_family; default UNIX; description "Address family for communicating with clixon_backend with one of: Note IPv6 not implemented. Note that UNIX socket makes credential check as follows: (1) client needs rw access to the socket (2) NACM credentials can be checked according to CLICON_NACM_CREDENTIALS Warning: Only UNIX (not IPv4) sockets have credential mechanism. "; } leaf CLICON_SOCK { type string; mandatory true; description "String description of Clixon Internal (IPC) socket that connects a clixon client to the clixon backend. This string is dependent on family. If CLICON_SOCK_FAMILY is: - UNIX: The value is a Unix socket path - IPv4: IPv4 address string - IPv6: IPv6 address string (NYI)"; } leaf CLICON_SOCK_PORT { type int32; default 4535; description "Inet socket port for communicating with clixon_backend (only IPv4|IPv6)"; } leaf CLICON_SOCK_GROUP { type string; default "clicon"; description "Group membership to access clixon_backend unix socket and gid for deamon"; } leaf CLICON_SOCK_PRIO { type boolean; default false; description "Enable socket event priority. If enabled, a file-descriptor can be registered as high prio. Presently, the backend socket has higher prio than others. (should be made more generic) Note that a side-effect of enabling this option is that fairness of non-prio events is disabled This is useful if the backend opens other sockets, such as the controller"; } leaf CLICON_AUTOCOMMIT { type int32; default 0; description "Set if all configuration changes are committed automatically on every edit change. Explicit commit commands unnecessary If confirm-commit, follow RESTCONF semantics: commit ephemeral but fail on persistent confirming commit. (consider boolean)"; } leaf CLICON_AUTOLOCK { type boolean; default false; description "Set if all edit-config implicitly locks without the need of an explicit lock-db In short, the lock is obtained by edit-config and copy-config and released by discard and commit. Also, any edits in candidate are discarded if the client closes the connection. This effectively disables shared candidate"; } /* Datastore XMLDB */ leaf CLICON_DATASTORE_CACHE { type datastore_cache; default cache; description "Clixon datastore cache behaviour. There are three values: no cache, cache with copy, or cache without copy. Note: 'cache' is default value and supported with regressions etc. Others are experimental (in Clixon 5.5) Note that from 7.0 this is OBSOLETED, only datastore_cache is supported"; status obsolete; } leaf CLICON_XMLDB_DIR { type string; mandatory true; description "Directory where datastores such as \"running\", \"candidate\" and \"startup\" are placed. If CLICON_XMLDB_MULTI is enabled, this is the directory where a datastore subdir is stored, such as \"running.d/\" "; } leaf CLICON_XMLDB_FORMAT { type cl:datastore_format; default xml; description "XMLDB datastore format."; } leaf CLICON_XMLDB_PRETTY { type boolean; default true; description "XMLDB datastore pretty print. If set, insert spaces and line-feeds making the XML/JSON human readable. If not set, make the XML/JSON more compact."; } leaf CLICON_XMLDB_MODSTATE { type boolean; default false; description "If set, tag datastores with RFC 8525 YANG Module Library info. By default, modstate is added last in datastore. When loaded at startup, a check is made if the system yang modules match."; } leaf CLICON_XMLDB_UPGRADE_CHECKOLD { type boolean; default true; description "Controls behavior of check of startup in upgrade scenarios. If set, yang bind and check datastore syntax against the old Yang. The old yang must be accessible via YANG_DIR. Will fail startup if old yang not found or if old config does not match. If not set, no yang check of old config is made until it is upgraded to new yang."; } leaf CLICON_XMLDB_MULTI { type boolean; default false; description "Split configure datastore into multiple sub files Uses .d/ directory structure with .xml and 0.xml as root JSON not supported. Splits are marked in YANG using extension xl:xmldb-split, (typical usage is mount-points). Note that algorithm for not updating unchanged files only applies to edits, commit copies all files regardless. May not work together with CLICON_BACKEND_PRIVILEGES=drop and root, since new files need to be created in XMLDB_DIR"; } leaf CLICON_XML_CHANGELOG { type boolean; default false; description "If true enable automatic upgrade using yang clixon changelog."; } leaf CLICON_XML_CHANGELOG_FILE { type string; description "Name of file with module revision changelog. If CLICON_XML_CHANGELOG is true, Clixon reads the module changelog from this file."; } leaf CLICON_VALIDATE_STATE_XML { type boolean; default false; description "Validate user state callback content. AND NETCONF reply sanity (misnomer) Users may register state callbacks using ca_statedata callback When set, the XML returned from the callback is validated after merging with the running db. If it fails, an internal error is returned to the originating user. If the option is not set, the XML returned by the user is not validated. Note that enabling currently causes a large performance overhead for large lists, therefore it is recommended to enable it during development and debugging but disable it in production, until this has been resolved."; } leaf CLICON_PLUGIN_CALLBACK_CHECK { type int32; default 0; description "Debug option. If >0, make a check of resources before and after each plugin callback code to check if the plugin violated resources. This is primarily intended for development and debugging but may also be enabled in a running system. If 1, errors will be logged to syslog as WARNINGs. If 2, the program will abort using assert() on first error The checks are currently made by plugin_context_check() and include: - termios settings - signal vectors The checks will be made for all callbacks as defined in struct clixon_plugin_api as well as the CLIgen callbacks. See https://clixon-docs.readthedocs.io/en/latest/backend.html#plugin-callback-guidelines"; } leaf CLICON_PLUGIN_DLOPEN_GLOBAL { type boolean; default false; description "Local/global flag for dlopen as described in the man page. This applies to the opening of all clixon plugins (backend/cli/netconf/restconf) when loading the shared .so file with dlopen. If false: Symbols defined in this shared object are not made available to resolve references in subsequently loaded shared objects (default). If true: The symbols defined by this shared object will be made available for symbol res‐ olution of subsequently loaded shared objects."; } leaf CLICON_NAMESPACE_NETCONF_DEFAULT { type boolean; default false; description "Undefine if you want to ensure strict namespace assignment on all netconf and XML statements according to the standard RFC 6241. If defined, top-level rpc calls need not have namespaces (eg using xmlns=) since the default NETCONF namespace will be assumed. (This is not standard). See rfc6241 3.1: urn:ietf:params:xml:ns:netconf:base:1.0."; } leaf CLICON_STARTUP_MODE { type startup_mode; description "Which method to boot/start clicon backend"; } leaf CLICON_ANONYMOUS_USER { type string; default "anonymous"; description "Name of anonymous user. The current only case where such a user is used is in RESTCONF authentication when auth-type=none and no known user is known."; } /* Network Configuration Access Control Model (NACM) */ leaf CLICON_NACM_MODE { type nacm_mode; default disabled; description "RFC8341 network access configuration control model (NACM) mode: disabled, in regular (internal) config or separate external file given by CLICON_NACM_FILE"; } leaf CLICON_NACM_FILE { type string; description "RFC8341 NACM external configuration file (if CLIXON_NACM_MODE is external)"; } leaf CLICON_NACM_CREDENTIALS { type nacm_cred_mode; default except; description "Verify nacm user credentials with unix socket peer cred. This means nacm user must match unix user accessing the backend socket."; } leaf CLICON_NACM_RECOVERY_USER { type string; description "RFC8341 defines a 'recovery session' as outside its scope. Clixon defines this user as having special admin rights to exempt from all access control enforcements. Note setting of CLICON_NACM_CREDENTIALS is important, if set to exact for example, this user must exist and be used, otherwise another user (such as root or www) can pose as the recovery user."; } leaf CLICON_NACM_DISABLED_ON_EMPTY { type boolean; default false; description "RFC 8341 and ietf-netconf-acm@2018-02-14.yang defines enable-nacm as true by default. Since also write-default is deny by default it leads to that empty configs can not be edited. This means that a startup config must always have a NACM configuration or that the NACM recovery session is used to edit an empty config. If this option is set, Clixon disables NACM if a datastore does NOT contain a NACM config on load."; } leaf CLICON_MODULE_SET_ID { type string; default "0"; description "Only if CLICON_YANG_LIBRARY enabled. Contains a server-specific identifier representing the current set of modules and submodules. The server MUST change the value of this leaf if the information represented by the 'module' list instances has changed. The /yang-library/content-id state-data leaf is set with this value If CLICON_MODULE_LIBRARY_RFC7895 is enabled, it sets the modules-state/module-set-id instead"; } /* Notification streams */ leaf CLICON_STREAM_DISCOVERY_RFC5277 { type boolean; default false; description "Enable event stream discovery as described in RFC 5277 section 3.2. If enabled, available streams will appear when doing netconf get or restconf GET"; } leaf CLICON_STREAM_DISCOVERY_RFC8040 { type boolean; default false; description "Enable monitoring information for the RESTCONF protocol from RFC 8040 as specified in module ietf-restconf-monitoring.yang Note that the name of this option is misleading, the monitoring module defines state for both capabilities and streams, not only streams which the name indicates. Also, consider changinf default to true."; } leaf CLICON_STREAM_PATH { type string; default "streams"; description "Stream path appended to CLICON_STREAM_URL to form stream subscription URL. See CLICON_RESTCONF_API_ROOT and CLICON_HTTP_DATA_ROOT Should be changed to include '/' "; } leaf CLICON_STREAM_URL { type string; default "https://localhost"; description "Prepend this to CLICON_STREAM_PATH to form URL. See RFC 8040 Sec 9.3 location leaf: 'Contains a URL that represents the entry point for establishing notification delivery via server-sent events.' Prepend this constant to name of stream. Example: https://localhost/streams/NETCONF. Note this is the external URL, not local behind a reverse-proxy. Note that -s command-line option to clixon_restconf should correspond to last path of url (eg 'streams')"; } leaf CLICON_STREAM_PUB { type string; description "For stream publish using eg nchan, the base address to publish to. Example value: http://localhost/pub Example: stream NETCONF would then be pushed to http://localhost/pub/NETCONF. Note this may be a local/provate URL behind reverse-proxy. If not given, do NOT enable stream publishing using NCHAN."; } leaf CLICON_STREAM_RETENTION { type uint32; default 3600; units s; description "Retention for stream replay buffers in seconds, ie how much data to store before dropping. 0 means no retention"; } /* Log and debug */ leaf CLICON_DEBUG{ type cl:clixon_debug_t; description "Debug flags as bitfields. Can also be given directly as -D to clixon commands (which overrides this)."; } leaf CLICON_LOG_DESTINATION { type log_destination_t; description "Log destination. If not given, default log destination is syslog for all applications, except clixon_cli where default is stderr. See also command-line option -l "; } leaf CLICON_LOG_FILE { type string; description "Which file to log to if log destination is file That is CLIXON_LOG_DESTINATION is FILE or command started with -l f"; } leaf CLICON_LOG_STRING_LIMIT { type uint32; default 0; description "Length limitation of debug and log strings. Especially useful for dynamic debug strings, such as packet dumps. 0 means no limit"; } /* SNMP */ leaf-list CLICON_SNMP_MIB { description "Names of MIBs that are used by clixon_snmp. For each MIB M, a YANG file M.yang is expected to be found. If not found, an error is genereated. The YANG file M.yang is typically generated from the source MIB but can also be handcrafted. An example of such a script is scripts/mib_to_yang.sh. A list of these options should be in the configuration."; type string; } leaf CLICON_SNMP_AGENT_SOCK { type string; default "unix:/tmp/clixon_snmp.sock"; description "String description of AgentX socket that clixon_snmp listens to. For example, for net-snmpd, the socket is created by using the following: --agentXSocket=unix: This string currently only supports UNIX socket path. Note also that the user should consider setting permissions appropriately XXX: This should be in later yang revision and documented as added when merged with master"; } } }