cf63d0f761
* New clixon-lib@2020-12-30.yang revision * Added callback to process-control RPC feature in clixon-lib.yang to manage processes * Changed behavior of starting restconf internally using `CLICON_BACKEND_RESTCONF_PROCESS` monitoring changes in enable flag, not only the RPC. * Changed: RPC process-control output parameter status to pid
891 lines
33 KiB
YANG
891 lines
33 KiB
YANG
module clixon-config {
|
|
yang-version 1.1;
|
|
namespace "http://clicon.org/config";
|
|
prefix cc;
|
|
|
|
import clixon-restconf {
|
|
prefix clrc;
|
|
}
|
|
organization
|
|
"Clicon / Clixon";
|
|
|
|
contact
|
|
"Olof Hagsand <olof@hagsand.se>";
|
|
|
|
description
|
|
"Clixon configuration file
|
|
***** BEGIN LICENSE BLOCK *****
|
|
Copyright (C) 2009-2019 Olof Hagsand
|
|
Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate)
|
|
|
|
This file is part of CLIXON
|
|
|
|
Licensed under the Apache License, Version 2.0 (the \"License\");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an \"AS IS\" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
|
|
Alternatively, the contents of this file may be used under the terms of
|
|
the GNU General Public License Version 3 or later (the \"GPL\"),
|
|
in which case the provisions of the GPL are applicable instead
|
|
of those above. If you wish to allow use of your version of this file only
|
|
under the terms of the GPL, and not to allow others to
|
|
use your version of this file under the terms of Apache License version 2,
|
|
indicate your decision by deleting the provisions above and replace them with
|
|
the notice and other provisions required by the GPL. If you do not delete
|
|
the provisions above, a recipient may use your version of this file under
|
|
the terms of any one of the Apache License version 2 or the GPL.
|
|
|
|
***** END LICENSE BLOCK *****";
|
|
|
|
revision 2020-12-30 {
|
|
description
|
|
"Removed obsolete options:
|
|
CLICON_RESTCONF_IPV4_ADDR
|
|
CLICON_RESTCONF_IPV6_ADDR
|
|
CLICON_RESTCONF_HTTP_PORT
|
|
CLICON_RESTCONF_HTTPS_PORT
|
|
CLICON_SSL_SERVER_CERT
|
|
CLICON_SSL_SERVER_KEY
|
|
CLICON_SSL_CA_CERT";
|
|
}
|
|
revision 2020-11-03 {
|
|
description
|
|
"Added CLICON_BACKEND_RESTCONF_PROCESS
|
|
Copied to clixon-restconf.yang and marked as obsolete:
|
|
CLICON_RESTCONF_IPV4_ADDR
|
|
CLICON_RESTCONF_IPV6_ADDR
|
|
CLICON_RESTCONF_HTTP_PORT
|
|
CLICON_RESTCONF_HTTPS_PORT
|
|
CLICON_SSL_SERVER_CERT
|
|
CLICON_SSL_SERVER_KEY
|
|
CLICON_SSL_CA_CERT
|
|
Removed obsolete option CLICON_TRANSACTION_MOD";
|
|
}
|
|
revision 2020-10-01 {
|
|
description
|
|
"Added: CLICON_CONFIGDIR.";
|
|
}
|
|
revision 2020-08-17 {
|
|
description
|
|
"Added: CLICON_RESTCONF_IPV4_ADDR, CLICON_RESTCONF_IPV6_ADDR,
|
|
CLICON_RESTCONF_HTTP_PORT, CLICON_RESTCONF_HTTPS_PORT
|
|
CLICON_NAMESPACE_NETCONF_DEFAULT,
|
|
CLICON_CLI_HELPSTRING_TRUNCATE, CLICON_CLI_HELPSTRING_LINES";
|
|
}
|
|
revision 2020-06-17 {
|
|
description
|
|
"Added: CLICON_CLI_LINES_DEFAULT
|
|
Added enum HIDE to CLICON_CLI_GENMODEL
|
|
Added CLICON_SSL_SERVER_CERT, CLICON_SSL_SERVER_KEY, CLICON_SSL_CA_CERT
|
|
Added CLICON_NACM_DISABLED_ON_EMPTY
|
|
Removed default valude of CLICON_NACM_RECOVERY_USER";
|
|
}
|
|
revision 2020-04-23 {
|
|
description
|
|
"Added: CLICON_YANG_UNKNOWN_ANYDATA to treat unknown XML (wrt YANG) as anydata.
|
|
Deleted: xml-stats non-config data (replaced by rpc stats in clixon-lib.yang)";
|
|
}
|
|
revision 2020-02-22 {
|
|
description
|
|
"Added: search index extension,
|
|
Added: clixon-stats state for clixon XML and memory statistics.
|
|
Added: CLICON_CLI_BUF_START and CLICON_CLI_BUF_THRESHOLD for quadratic and linear
|
|
growth of CLIgen buffers (cbuf:s)
|
|
Added: CLICON_VALIDATE_STATE_XML for controling validation of user state XML
|
|
Added: CLICON_CLICON_YANG_LIST_CHECK to skip list key checks";
|
|
}
|
|
revision 2019-09-11 {
|
|
description
|
|
"Added: CLICON_BACKEND_USER: drop of privileges to user,
|
|
CLICON_BACKEND_PRIVILEGES: how to drop privileges
|
|
CLICON_NACM_CREDENTIALS: If and how to check backend sock priveleges with NACM
|
|
CLICON_NACM_RECOVERY_USER: Name of NACM recovery user.";
|
|
}
|
|
revision 2019-06-05 {
|
|
description
|
|
"Added: CLICON_YANG_REGEXP, CLICON_CLI_TAB_MODE,
|
|
CLICON_CLI_HIST_FILE, CLICON_CLI_HIST_SIZE,
|
|
CLICON_XML_CHANGELOG, CLICON_XML_CHANGELOG_FILE;
|
|
Renamed CLICON_XMLDB_CACHE to CLICON_DATASTORE_CACHE (changed type)
|
|
Deleted: CLICON_XMLDB_PLUGIN, CLICON_USE_STARTUP_CONFIG";
|
|
}
|
|
revision 2019-03-05{
|
|
description
|
|
"Changed URN. Changed top-level symbol to clixon-config.
|
|
Released in Clixon 3.10";
|
|
}
|
|
revision 2019-02-06 {
|
|
description
|
|
"Released in Clixon 3.9";
|
|
}
|
|
revision 2018-10-21 {
|
|
description
|
|
"Released in Clixon 3.8";
|
|
}
|
|
extension search_index {
|
|
description "This list argument acts as a search index using optimized binary search.
|
|
";
|
|
}
|
|
typedef startup_mode{
|
|
description
|
|
"Which method to boot/start clicon backend.
|
|
The methods differ in how they reach a running state
|
|
Which source database to commit from, if any.";
|
|
type enumeration{
|
|
enum none{
|
|
description
|
|
"Do not touch running state
|
|
Typically after crash when running state and db are synched";
|
|
}
|
|
enum init{
|
|
description
|
|
"Initialize running state.
|
|
Start with a completely clean running state";
|
|
}
|
|
enum running{
|
|
description
|
|
"Commit running db configuration into running state
|
|
After reboot if a persistent running db exists";
|
|
}
|
|
enum startup{
|
|
description
|
|
"Commit startup configuration into running state
|
|
After reboot when no persistent running db exists";
|
|
}
|
|
}
|
|
}
|
|
typedef datastore_format{
|
|
description
|
|
"Datastore format.";
|
|
type enumeration{
|
|
enum xml{
|
|
description "Save and load xmldb as XML";
|
|
}
|
|
enum json{
|
|
description "Save and load xmldb as JSON";
|
|
}
|
|
}
|
|
}
|
|
typedef datastore_cache{
|
|
description
|
|
"XML configuration, ie running/candididate/ datastore cache behaviour.";
|
|
type enumeration{
|
|
enum nocache{
|
|
description "No cache always work directly with file";
|
|
}
|
|
enum cache{
|
|
description "Use in-memory cache.
|
|
Make copies when accessing internally.";
|
|
}
|
|
enum cache-zerocopy{
|
|
description "Use in-memory cache and dont copy.
|
|
Fastest but opens up for callbacks changing cache.";
|
|
}
|
|
}
|
|
}
|
|
typedef cli_genmodel_type{
|
|
description
|
|
"How to generate CLI from YANG model,
|
|
eg {container c {list a{ key x; leaf x; leaf y;}}";
|
|
type enumeration{
|
|
enum NONE{
|
|
description "No extra keywords: c a <x> <y>";
|
|
}
|
|
enum VARS{
|
|
description "Keywords on non-key variables: c a <x> y <y>";
|
|
}
|
|
enum ALL{
|
|
description "Keywords on all variables: c a x <x> y <y>";
|
|
}
|
|
enum HIDE{
|
|
description "Keywords on non-key variables and hide container around lists: a <x> y <y>";
|
|
}
|
|
}
|
|
}
|
|
typedef nacm_mode{
|
|
description
|
|
"Mode of RFC8341 Network Configuration Access Control Model.
|
|
It is unclear from the RFC whether NACM rules are internal
|
|
in a configuration (ie embedded in regular config) or external/OOB
|
|
in s separate, specific NACM-config";
|
|
type enumeration{
|
|
enum disabled{
|
|
description "NACM is disabled";
|
|
}
|
|
enum internal{
|
|
description "NACM is enabled and available in the regular config";
|
|
}
|
|
enum external{
|
|
description "NACM is enabled and available in a separate config";
|
|
}
|
|
}
|
|
}
|
|
typedef regexp_mode{
|
|
description
|
|
"The regular expression engine Clixon uses in its validation of
|
|
Yang patterns, and in the CLI.
|
|
Yang RFC 7950 stipulates XSD XML Schema regexps
|
|
according to W3 CXML Schema Part 2: Datatypes Second Edition,
|
|
see http://www.w3.org/TR/2004/REC-xmlschema-2-20041028#regexs";
|
|
type enumeration{
|
|
enum posix {
|
|
description
|
|
"Translate XSD XML Schema regexp:s to Posix regexp. This is
|
|
not a complete translation, but can be considered good-enough
|
|
for Yang use-cases as defined by openconfig and yang-models
|
|
for example.";
|
|
}
|
|
enum libxml2 {
|
|
description
|
|
"Use libxml2 XSD XML Schema regexp engine. This is a complete
|
|
XSD regexp engine..
|
|
Requires libxml2 to be available at configure time
|
|
(HAVE_LIBXML2 should be set)";
|
|
}
|
|
}
|
|
}
|
|
typedef priv_mode{
|
|
description
|
|
"Privilege mode, used for dropping (or not) priveleges to a non-provileged
|
|
user after initialization";
|
|
type enumeration{
|
|
enum none {
|
|
description
|
|
"Make no drop/change in privileges.";
|
|
}
|
|
enum drop_perm {
|
|
description
|
|
"After initialization, drop privileges permanently to a uid";
|
|
}
|
|
enum drop_temp {
|
|
description
|
|
"After initialization, drop privileges temporarily to a euid";
|
|
}
|
|
}
|
|
}
|
|
typedef nacm_cred_mode{
|
|
description
|
|
"How NACM user should be matched with unix socket peer credentials.
|
|
This means nacm user must match socket peer user accessing the
|
|
backend socket. For IP sockets only mode none makes sense.";
|
|
type enumeration{
|
|
enum none {
|
|
description
|
|
"Dont match NACM user to any user credentials. Any user can pose
|
|
as any other user. Set this for IP sockets, or dont use NACM.";
|
|
}
|
|
enum exact {
|
|
description
|
|
"Exact match between NACM user and unix socket peer user.";
|
|
}
|
|
enum except {
|
|
description
|
|
"Exact match between NACM user and unix socket peer user, except
|
|
for root and www user (restconf).";
|
|
}
|
|
}
|
|
}
|
|
typedef socket_address_family {
|
|
description "Address family for internal socket";
|
|
type enumeration{
|
|
enum UNIX {
|
|
description "Unix domain socket";
|
|
}
|
|
enum IPv4 {
|
|
description "IPv4";
|
|
}
|
|
}
|
|
}
|
|
|
|
container clixon-config {
|
|
container restconf {
|
|
uses clrc:clixon-restconf;
|
|
}
|
|
leaf-list CLICON_FEATURE {
|
|
description
|
|
"Supported features as used by YANG feature/if-feature
|
|
value is: <module>:<feature>, where <module> and <feature>
|
|
are either names, or the special character '*'.
|
|
*:* means enable all features
|
|
<module>:* means enable all features in the specified module
|
|
*:<feature> means enable the specific feature in all modules";
|
|
type string;
|
|
}
|
|
leaf-list CLICON_YANG_DIR {
|
|
ordered-by user;
|
|
type string;
|
|
description
|
|
"Yang directory path for finding module and submodule files.
|
|
A list of these options should be in the configuration.
|
|
When loading a Yang module, Clixon searches this list in the order
|
|
they appear. Ensure that YANG_INSTALLDIR(default
|
|
/usr/local/share/clixon) is present in the path";
|
|
}
|
|
leaf CLICON_CONFIGFILE{
|
|
type string;
|
|
description
|
|
"Location of the main configuration-file.
|
|
Default is CLIXON_DEFAULT_CONFIG=/usr/local/etc/clicon.xml set in configure.
|
|
Note that due to bootstrapping, this value is not actually read from file
|
|
and therefore a default value would be meaningless.";
|
|
}
|
|
leaf CLICON_CONFIGDIR{
|
|
type string;
|
|
description
|
|
"Location of directory of extra configuration files.
|
|
If not given, only main configfile is read.
|
|
If given, and if the directory exists, all files in this directory will be loaded
|
|
AFTER the main config file (CLICON_CONFIGFILE) in the following way:
|
|
- leaf values are overwritten
|
|
- leaf-list values are appended
|
|
The files in this directory will be loaded alphabetically.
|
|
If the dir is given but does not exist will result in an error.
|
|
You can override file setting with -E <dir> command-line option.
|
|
Note that due to bootstraping this value is only meaningful in the main config file";
|
|
}
|
|
leaf CLICON_YANG_MAIN_FILE {
|
|
type string;
|
|
description
|
|
"If specified load a yang module in a specific absolute filename.
|
|
This corresponds to the -y command-line option in most CLixon
|
|
programs.";
|
|
}
|
|
leaf CLICON_YANG_MAIN_DIR {
|
|
type string;
|
|
description
|
|
"If given, load all modules in this directory (all .yang files)
|
|
See also CLICON_YANG_DIR which specifies a path of dirs";
|
|
}
|
|
leaf CLICON_YANG_MODULE_MAIN {
|
|
type string;
|
|
description
|
|
"Option used to construct initial yang file:
|
|
<module>[@<revision>]";
|
|
}
|
|
leaf CLICON_YANG_MODULE_REVISION {
|
|
type string;
|
|
description
|
|
"Option used to construct initial yang file:
|
|
<module>[@<revision>].
|
|
Used together with CLICON_YANG_MODULE_MAIN";
|
|
}
|
|
leaf CLICON_YANG_REGEXP {
|
|
type regexp_mode;
|
|
default posix;
|
|
description
|
|
"The regular expression engine Clixon uses in its validation of
|
|
Yang patterns, and in the CLI.
|
|
There is a 'good-enough' posix translation mode and a complete
|
|
libxml2 mode";
|
|
}
|
|
leaf CLICON_YANG_LIST_CHECK {
|
|
type boolean;
|
|
default true;
|
|
description
|
|
"If false, skip Yang list check sanity checks from RFC 7950, Sec 7.8.2:
|
|
The 'key' statement, which MUST be present if the list represents configuration.
|
|
Some yang specs seem not to fulfil this. However, if you reset this, there may
|
|
be follow-up errors due to code that assumes a configuration list has keys";
|
|
}
|
|
leaf CLICON_YANG_UNKNOWN_ANYDATA{
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"Treat unknown XML/JSON nodes as anydata when loading from startup db.
|
|
This does not apply to namespaces, which means a top-level node: xxx:yyy
|
|
is accepted only if yyy is unknown, not xxx.
|
|
Note that this option has several caveats which needs to be fixed. Please
|
|
use with care.
|
|
The primary issue is that the unknown->anydata handling is not restricted to
|
|
only loading from startup but may occur in other circumstances as well. This
|
|
means that sanity checks of erroneous XML/JSON may not be properly signalled.";
|
|
}
|
|
leaf CLICON_BACKEND_DIR {
|
|
type string;
|
|
description
|
|
"Location of backend .so plugins. Load all .so
|
|
plugins in this dir as backend plugins";
|
|
}
|
|
leaf CLICON_BACKEND_REGEXP {
|
|
type string;
|
|
description
|
|
"Regexp of matching backend plugins in CLICON_BACKEND_DIR";
|
|
default "(.so)$";
|
|
}
|
|
leaf CLICON_NETCONF_DIR {
|
|
type string;
|
|
description "Location of netconf (frontend) .so plugins";
|
|
}
|
|
leaf CLICON_RESTCONF_DIR {
|
|
type string;
|
|
description
|
|
"Location of restconf (frontend) .so plugins. Load all .so
|
|
plugins in this dir as restconf code plugins";
|
|
}
|
|
leaf CLICON_RESTCONF_PATH {
|
|
type string;
|
|
default "/www-data/fastcgi_restconf.sock";
|
|
description
|
|
"FastCGI unix socket. Should be specified in webserver
|
|
Eg in nginx: fastcgi_pass unix:/www-data/clicon_restconf.sock
|
|
Only if with-restconf=fcgi, NOT evhtp";
|
|
}
|
|
leaf CLICON_RESTCONF_PRETTY {
|
|
type boolean;
|
|
default true;
|
|
description
|
|
"Restconf return value pretty print.
|
|
Restconf clients may add HTTP header:
|
|
Accept: application/yang-data+json, or
|
|
Accept: application/yang-data+xml
|
|
to get return value in XML or JSON.
|
|
RFC 8040 examples print XML and JSON in pretty-printed form.
|
|
Setting this value to false makes restconf return not pretty-printed
|
|
which may be desirable for performance or tests";
|
|
}
|
|
leaf CLICON_CLI_DIR {
|
|
type string;
|
|
description
|
|
"Directory containing frontend cli loadable plugins. Load all .so
|
|
plugins in this directory as CLI object plugins";
|
|
}
|
|
leaf CLICON_CLISPEC_DIR {
|
|
type string;
|
|
description
|
|
"Directory containing frontend cligen spec files. Load all .cli
|
|
files in this directory as CLI specification files.
|
|
See also CLICON_CLISPEC_FILE.";
|
|
}
|
|
leaf CLICON_CLISPEC_FILE {
|
|
type string;
|
|
description
|
|
"Specific frontend cligen spec file as aletrnative or complement
|
|
to CLICON_CLISPEC_DIR. Also available as -c in clixon_cli.";
|
|
}
|
|
leaf CLICON_CLI_MODE {
|
|
type string;
|
|
default "base";
|
|
description
|
|
"Startup CLI mode. This should match a CLICON_MODE variable set in
|
|
one of the clispec files";
|
|
}
|
|
leaf CLICON_CLI_GENMODEL {
|
|
type int32;
|
|
default 1;
|
|
description
|
|
"0: Do not generate CLISPEC syntax for the auto-cli.
|
|
1: Generate a CLI specification for CLI completion of all loaded Yang modules.
|
|
This CLI tree can be accessed in CLI-spec files using the tree reference syntax (eg
|
|
@datamodel).
|
|
2: Same including state syntax in a tree called @datamodelstate and @datamodelshow
|
|
See also CLICON_CLI_MODEL_TREENAME.";
|
|
}
|
|
leaf CLICON_CLI_MODEL_TREENAME {
|
|
type string;
|
|
default "datamodel";
|
|
description
|
|
"If CLICON_CLI_GENMOEL is set, CLI specs can reference the
|
|
model syntax using a model tree set by this option.
|
|
Three trees are generated with this name as a base, (assuming base is datamodel):
|
|
- @datamodel - a clispec for navigating in editing a configuration (set/merge/delete)
|
|
- @datamodelshow - a clispec for navigating in showing a configuration
|
|
- @datamodelstate - a clispec for navigating in showing a configuration WITH state
|
|
Example: set @datamodel, cli_set();
|
|
show @datamodelshow, cli_show_auto();
|
|
show state @datamodelstate, cli_show_auto_state();
|
|
";
|
|
}
|
|
leaf CLICON_CLI_GENMODEL_COMPLETION {
|
|
type int32;
|
|
default 1;
|
|
description "Generate code for CLI completion of existing db symbols.
|
|
(consider boolean)";
|
|
}
|
|
leaf CLICON_CLI_GENMODEL_TYPE {
|
|
type cli_genmodel_type;
|
|
default "VARS";
|
|
description "How to generate and show CLI syntax: VARS|ALL";
|
|
}
|
|
leaf CLICON_CLI_VARONLY {
|
|
type int32;
|
|
default 1;
|
|
description
|
|
"Dont include keys in cvec in cli vars callbacks,
|
|
ie a & k in 'a <b> k <c>' ignored
|
|
(consider boolean)";
|
|
}
|
|
leaf CLICON_CLI_LINESCROLLING {
|
|
type int32;
|
|
default 1;
|
|
description
|
|
"Set to 0 if you want CLI to wrap to next line.
|
|
Set to 1 if you want CLI to scroll sideways when approaching
|
|
right margin";
|
|
}
|
|
leaf CLICON_CLI_LINES_DEFAULT {
|
|
type int32;
|
|
default 24;
|
|
description
|
|
"Set to number of CLI terminal rows for pageing/scrolling. 0 means unlimited.
|
|
The number is set statically UNLESS:
|
|
- there is no terminal, such as file input, in which case nr lines is 0
|
|
- there is a terminal sufficiently powerful to read the number of lines from
|
|
ioctl calls.
|
|
In other words, this setting is used ONLY on raw terminals such as serial
|
|
consoles.";
|
|
}
|
|
leaf CLICON_CLI_TAB_MODE {
|
|
type int8;
|
|
default 0;
|
|
description
|
|
"Set CLI tab mode. This is actually a bitfield of three
|
|
combinations:
|
|
bit 1: 0: <tab> shows short info of available commands
|
|
1: <tab> has same output as <?>, ie line per command
|
|
bit 2: 0: On <tab>, select a command over a <var> if both exist
|
|
1: Commands and vars have same preference.
|
|
bit 3: 0: On <tab>, never complete more than one level per <tab>
|
|
1: Complete all levels at once if possible.
|
|
";
|
|
}
|
|
leaf CLICON_CLI_UTF8 {
|
|
type int8;
|
|
default 0;
|
|
description
|
|
"Set to 1 to enable CLIgen UTF-8 experimental mode.
|
|
Note that this feature is EXPERIMENTAL and may not properly handle
|
|
scrolling, control characters, etc
|
|
(consider boolean)";
|
|
}
|
|
leaf CLICON_CLI_HIST_FILE {
|
|
type string;
|
|
default "~/.clixon_cli_history";
|
|
description
|
|
"Name of CLI history file. If not given, history is not saved.
|
|
The number of lines is saved is given by CLICON_CLI_HIST_SIZE.";
|
|
}
|
|
leaf CLICON_CLI_HIST_SIZE {
|
|
type int32;
|
|
default 300;
|
|
description
|
|
"Number of lines to save in CLI history.
|
|
Also, if CLICON_CLI_HIST_FILE is set, also the size in lines
|
|
of the saved history.";
|
|
}
|
|
leaf CLICON_CLI_BUF_START {
|
|
type uint32;
|
|
default 256;
|
|
description
|
|
"CLIgen buffer (cbuf) initial size.
|
|
When the buffer needs to grow, the allocation grows quadratic up to a threshold
|
|
after which linear growth continues.
|
|
See CLICON_CLI_BUF_THRESHOLD";
|
|
}
|
|
leaf CLICON_CLI_BUF_THRESHOLD {
|
|
type uint32;
|
|
default 65536;
|
|
description
|
|
"CLIgen buffer (cbuf) threshold size.
|
|
When the buffer exceeds the threshold, the allocation grows by adding the threshold
|
|
value to the buffer length.
|
|
If 0, the growth continues with quadratic growth.
|
|
See CLICON_CLI_BUF_THRESHOLD";
|
|
}
|
|
leaf CLICON_CLI_HELPSTRING_TRUNCATE {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"CLIgen help string on query (?): Truncate help string on right margin mode
|
|
This only applies if you have long help strings, such as when generating them from a
|
|
spec such as the autocli";
|
|
}
|
|
leaf CLICON_CLI_HELPSTRING_LINES {
|
|
type int32;
|
|
default 0;
|
|
description
|
|
"CLIgen help string on query (?) limit of number of lines to show, 0 means unlimited.
|
|
This only applies if you have multi-line help strings, such as when generating
|
|
from a spec, such as in the autocli.";
|
|
}
|
|
leaf CLICON_SOCK_FAMILY {
|
|
type socket_address_family;
|
|
default UNIX;
|
|
description
|
|
"Address family for communicating with clixon_backend with one of:
|
|
Note IPv6 not implemented.
|
|
Note that UNIX socket makes credential check as follows:
|
|
(1) client needs rw access to the socket
|
|
(2) NACM credentials can be checked according to CLICON_NACM_CREDENTIALS
|
|
Warning: Only UNIX (not IPv4) sockets have credential mechanism.
|
|
";
|
|
}
|
|
leaf CLICON_SOCK {
|
|
type string;
|
|
mandatory true;
|
|
description
|
|
"If family above is AF_UNIX: Unix socket for communicating
|
|
with clixon_backend. If family is AF_INET: IPv4 address";
|
|
}
|
|
leaf CLICON_SOCK_PORT {
|
|
type int32;
|
|
default 4535;
|
|
description
|
|
"Inet socket port for communicating with clixon_backend
|
|
(only IPv4|IPv6)";
|
|
}
|
|
leaf CLICON_SOCK_GROUP {
|
|
type string;
|
|
default "clicon";
|
|
description
|
|
"Group membership to access clixon_backend unix socket and gid for
|
|
deamon";
|
|
}
|
|
leaf CLICON_BACKEND_USER {
|
|
type string;
|
|
description
|
|
"User name for backend (both foreground and daemonized).
|
|
If you set this value the backend if started as root will lower
|
|
the privileges after initialization.
|
|
The ownership of files created by the backend will also be set to this
|
|
user (eg datastores).
|
|
It also sets the backend unix socket owner to this user, but its group
|
|
is set by CLICON_SOCK_GROUP.
|
|
See also CLICON_PRIVILEGES setting";
|
|
}
|
|
leaf CLICON_BACKEND_PRIVILEGES {
|
|
type priv_mode;
|
|
default none;
|
|
description
|
|
"Backend privileges mode.
|
|
If CLICON_BACKEND_USER user is set, mode can be set to drop_perm or
|
|
drop_temp.";
|
|
}
|
|
leaf CLICON_BACKEND_PIDFILE {
|
|
type string;
|
|
mandatory true;
|
|
description "Process-id file of backend daemon";
|
|
}
|
|
leaf CLICON_BACKEND_RESTCONF_PROCESS {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"If set, enable process-control of restconf daemon, ie start/stop restconf
|
|
daemon internally from backend daemon.
|
|
It uses clixon-restconf.yang for config and clixon-lib.yang for RPC
|
|
Process control of restconf daemon is as follows:
|
|
- on RPC start, if enable is true, start the service, if false, error or ignore it
|
|
- on RPC stop, stop the service
|
|
- on backend start make the state as configured
|
|
- on enable change, make the state as configured
|
|
Disable if you start the restconf daemon by other means.";
|
|
}
|
|
leaf CLICON_AUTOCOMMIT {
|
|
type int32;
|
|
default 0;
|
|
description
|
|
"Set if all configuration changes are committed automatically
|
|
on every edit change. Explicit commit commands unnecessary
|
|
(consider boolean)";
|
|
}
|
|
leaf CLICON_XMLDB_DIR {
|
|
type string;
|
|
mandatory true;
|
|
description
|
|
"Directory where \"running\", \"candidate\" and \"startup\" are placed.";
|
|
}
|
|
leaf CLICON_DATASTORE_CACHE {
|
|
type datastore_cache;
|
|
default cache;
|
|
description
|
|
"Clixon datastore cache behaviour. There are three values: no cache,
|
|
cache with copy, or cache without copy.";
|
|
}
|
|
leaf CLICON_XMLDB_FORMAT {
|
|
type datastore_format;
|
|
default xml;
|
|
description "XMLDB datastore format.";
|
|
}
|
|
leaf CLICON_XMLDB_PRETTY {
|
|
type boolean;
|
|
default true;
|
|
description
|
|
"XMLDB datastore pretty print.
|
|
If set, insert spaces and line-feeds making the XML/JSON human
|
|
readable. If not set, make the XML/JSON more compact.";
|
|
}
|
|
leaf CLICON_XMLDB_MODSTATE {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"If set, tag datastores with RFC 7895 YANG Module Library
|
|
info. When loaded at startup, a check is made if the system
|
|
yang modules match.
|
|
See also CLICON_MODULE_LIBRARY_RFC7895";
|
|
}
|
|
leaf CLICON_XML_CHANGELOG {
|
|
type boolean;
|
|
default false;
|
|
description "If true enable automatic upgrade using yang clixon
|
|
changelog.";
|
|
}
|
|
leaf CLICON_XML_CHANGELOG_FILE {
|
|
type string;
|
|
description "Name of file with module revision changelog.
|
|
If CLICON_XML_CHANGELOG is true, Clixon
|
|
reads the module changelog from this file.";
|
|
}
|
|
leaf CLICON_VALIDATE_STATE_XML {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"Validate user state callback content.
|
|
Users may register state callbacks using ca_statedata callback
|
|
When set, the XML returned from the callback is validated after merging with
|
|
the running db. If it fails, an internal error is returned to the originating
|
|
user.
|
|
If the option is not set, the XML returned by the user is not validated.
|
|
Note that enabling currently causes a large performance overhead for large
|
|
lists, therefore it is recommended to enable it during development and debugging
|
|
but disable it in production, until this has been resolved.";
|
|
}
|
|
leaf CLICON_NAMESPACE_NETCONF_DEFAULT {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"Undefine if you want to ensure strict namespace assignment on all netconf
|
|
and XML statements according to the standard RFC 6241.
|
|
If defined, top-level rpc calls need not have namespaces (eg using xmlns=<ns>)
|
|
since the default NETCONF namespace will be assumed. (This is not standard).
|
|
See rfc6241 3.1: urn:ietf:params:xml:ns:netconf:base:1.0.";
|
|
|
|
}
|
|
leaf CLICON_STARTUP_MODE {
|
|
type startup_mode;
|
|
description "Which method to boot/start clicon backend";
|
|
}
|
|
leaf CLICON_TRANSACTION_MOD {
|
|
type boolean;
|
|
default false;
|
|
description "If set, modifications in validation and commit
|
|
callbacks are written back into the datastore.
|
|
This is a bad idea and therefore obsoleted.";
|
|
status obsolete;
|
|
}
|
|
leaf CLICON_NACM_MODE {
|
|
type nacm_mode;
|
|
default disabled;
|
|
description
|
|
"RFC8341 network access configuration control model (NACM) mode: disabled,
|
|
in regular (internal) config or separate external file given by CLICON_NACM_FILE";
|
|
}
|
|
leaf CLICON_NACM_FILE {
|
|
type string;
|
|
description
|
|
"RFC8341 NACM external configuration file (if CLIXON_NACM_MODE is external)";
|
|
}
|
|
leaf CLICON_NACM_CREDENTIALS {
|
|
type nacm_cred_mode;
|
|
default except;
|
|
description
|
|
"Verify nacm user credentials with unix socket peer cred.
|
|
This means nacm user must match unix user accessing the backend
|
|
socket.";
|
|
}
|
|
leaf CLICON_NACM_RECOVERY_USER {
|
|
type string;
|
|
description
|
|
"RFC8341 defines a 'recovery session' as outside its scope. Clixon
|
|
defines this user as having special admin rights to exempt from
|
|
all access control enforcements.
|
|
Note setting of CLICON_NACM_CREDENTIALS is important, if set to
|
|
exact for example, this user must exist and be used, otherwise
|
|
another user (such as root or www) can pose as the recovery user.";
|
|
}
|
|
leaf CLICON_NACM_DISABLED_ON_EMPTY {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"RFC 8341 and ietf-netconf-acm@2018-02-14.yang defines enable-nacm as true by
|
|
default. Since also write-default is deny by default it leads to that empty
|
|
configs can not be edited.
|
|
This means that a startup config must always have a NACM configuration or
|
|
that the NACM recovery session is used to edit an empty config.
|
|
If this option is set, Clixon disables NACM if a datastore does NOT contain a
|
|
NACM config on load.";
|
|
}
|
|
leaf CLICON_MODULE_LIBRARY_RFC7895 {
|
|
type boolean;
|
|
default true;
|
|
description
|
|
"Enable RFC 7895 YANG Module library support as state data. If
|
|
enabled, module info will appear when doing netconf get or
|
|
restconf GET.
|
|
See also CLICON_XMLDB_MODSTATE";
|
|
}
|
|
leaf CLICON_MODULE_SET_ID {
|
|
type string;
|
|
default "0";
|
|
description "If RFC 7895 YANG Module library enabled:
|
|
Contains a server-specific identifier representing
|
|
the current set of modules and submodules. The
|
|
server MUST change the value of this leaf if the
|
|
information represented by the 'module' list instances
|
|
has changed.";
|
|
}
|
|
leaf CLICON_STREAM_DISCOVERY_RFC5277 {
|
|
type boolean;
|
|
default false;
|
|
description "Enable event stream discovery as described in RFC 5277
|
|
sections 3.2. If enabled, available streams will appear
|
|
when doing netconf get or restconf GET";
|
|
}
|
|
leaf CLICON_STREAM_DISCOVERY_RFC8040 {
|
|
type boolean;
|
|
default false;
|
|
description
|
|
"Enable monitoring information for the RESTCONF protocol from RFC 8040";
|
|
}
|
|
leaf CLICON_STREAM_PATH {
|
|
type string;
|
|
default "streams";
|
|
description "Stream path appended to CLICON_STREAM_URL to form
|
|
stream subscription URL.";
|
|
}
|
|
leaf CLICON_STREAM_URL {
|
|
type string;
|
|
default "https://localhost";
|
|
description "Prepend this to CLICON_STREAM_PATH to form URL.
|
|
See RFC 8040 Sec 9.3 location leaf:
|
|
'Contains a URL that represents the entry point for
|
|
establishing notification delivery via server-sent events.'
|
|
Prepend this constant to name of stream.
|
|
Example: https://localhost/streams/NETCONF. Note this is the
|
|
external URL, not local behind a reverse-proxy.
|
|
Note that -s <stream> command-line option to clixon_restconf
|
|
should correspond to last path of url (eg 'streams')";
|
|
}
|
|
leaf CLICON_STREAM_PUB {
|
|
type string;
|
|
description "For stream publish using eg nchan, the base address
|
|
to publish to. Example value: http://localhost/pub
|
|
Example: stream NETCONF would then be pushed to
|
|
http://localhost/pub/NETCONF.
|
|
Note this may be a local/provate URL behind reverse-proxy.
|
|
If not given, do NOT enable stream publishing using NCHAN.";
|
|
}
|
|
leaf CLICON_STREAM_RETENTION {
|
|
type uint32;
|
|
default 3600;
|
|
units s;
|
|
description "Retention for stream replay buffers in seconds, ie how much
|
|
data to store before dropping. 0 means no retention";
|
|
|
|
}
|
|
}
|
|
}
|