diff --git a/config-models/openconfig/.helmignore b/config-models/openconfig/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/config-models/openconfig/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/config-models/openconfig/Chart.yaml b/config-models/openconfig/Chart.yaml new file mode 100644 index 00000000..229883fb --- /dev/null +++ b/config-models/openconfig/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: config-model-openconfig +version: 1.0.0 +kubeVersion: ">=1.18.0" +appVersion: 1.0.0 +description: OpenConfig model +keywords: + - onos + - sdn + - config +home: https://onosproject.org +maintainers: + - name: ONOS Support + email: support@opennetworking.org +dependencies: + - name: config-model-ietf + repository: https://charts.onosproject.org + version: 1.0.0 \ No newline at end of file diff --git a/config-models/openconfig/files/yang/openconfig-aaa-radius@2017-07-06.yang b/config-models/openconfig/files/yang/openconfig-aaa-radius@2017-07-06.yang new file mode 100644 index 00000000..e0ad1dd2 --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-aaa-radius@2017-07-06.yang @@ -0,0 +1,174 @@ +submodule openconfig-aaa-radius { + + yang-version "1"; + + belongs-to "openconfig-aaa" { + prefix "oc-aaa"; + } + + // import some basic types + import ietf-inet-types { prefix inet; } + import openconfig-extensions { prefix oc-ext; } + import openconfig-aaa-types { prefix oc-aaa-types; } + import openconfig-types { prefix oc-types; } + import openconfig-yang-types { prefix oc-yang; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state data + related to the RADIUS protocol for authentication, + authorization, and accounting."; + + oc-ext:openconfig-version "0.2.0"; + + revision "2017-07-06" { + description + "Move to oc-inet types, add IETF attribution, add RADIUS + counters, changed password leaf names to indicate hashed"; + reference "0.2.0"; + } + + revision "2017-01-29" { + description + "Initial public release"; + reference "0.1.0"; + } + + // extension statements + + // feature statements + + // identity statements + + identity RADIUS { + base oc-aaa-types:AAA_SERVER_TYPE; + description + "Remote Authentication Dial In User Service (RADIUS) AAA + server"; + reference + "RFC 2865 - Remote Authentication Dial In User Service + (RADIUS)"; + } + + // typedef statements + + // grouping statements + + grouping aaa-radius-server-config { + description + "Configuration data for a RADIUS server"; + + leaf auth-port { + type inet:port-number; + default 1812; + description + "Port number for authentication requests"; + } + + leaf acct-port { + type inet:port-number; + default 1813; + description + "Port number for accounting requests"; + } + + leaf secret-key { + type oc-types:routing-password; + description + "The unencrypted shared key used between the authentication + server and the device."; + } + + leaf source-address { + type inet:ip-address; + description + "Source IP address to use in messages to the RADIUS server"; + } + + leaf retransmit-attempts { + type uint8; + description + "Number of times the system may resend a request to the + RADIUS server when it is unresponsive"; + } + } + + grouping aaa-radius-server-state { + description + "Operational state data for a RADIUS server"; + + container counters { + description + "A collection of RADIUS related state objects."; + + leaf retried-access-requests { + type oc-yang:counter64; + description + "Retransmitted Access-Request messages."; + } + + leaf access-accepts { + type oc-yang:counter64; + description + "Received Access-Accept messages."; + } + + leaf access-rejects { + type oc-yang:counter64; + description + "Received Access-Reject messages."; + } + + leaf timeout-access-requests { + type oc-yang:counter64; + description + "Access-Request messages that have timed-out, + requiring retransmission."; + } + } + } + + grouping aaa-radius-server-top { + description + "Top-level grouping for RADIUS server data"; + + container radius { + description + "Top-level container for RADIUS server data"; + + container config { + description + "Configuration data for RADIUS servers"; + + uses aaa-radius-server-config; + } + + container state { + + config false; + + description + "Operational state data for RADIUS servers"; + + uses aaa-radius-server-config; + uses aaa-radius-server-state; + } + } + } + + // data definition statements + + // augment statements + + // rpc statements + + // notification statements + +} diff --git a/config-models/openconfig/files/yang/openconfig-aaa-tacacs@2017-07-06.yang b/config-models/openconfig/files/yang/openconfig-aaa-tacacs@2017-07-06.yang new file mode 100644 index 00000000..b1f6472d --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-aaa-tacacs@2017-07-06.yang @@ -0,0 +1,130 @@ +submodule openconfig-aaa-tacacs { + + yang-version "1"; + + belongs-to "openconfig-aaa" { + prefix "oc-aaa"; + } + + // import some basic types + import ietf-inet-types { prefix inet; } + import openconfig-extensions { prefix oc-ext; } + import openconfig-aaa-types { prefix oc-aaa-types; } + import openconfig-types { prefix oc-types; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state data + related to the TACACS+ protocol for authentication, + authorization, and accounting."; + + oc-ext:openconfig-version "0.2.0"; + + revision "2017-07-06" { + description + "Move to oc-inet types, add IETF attribution, add RADIUS + counters, changed password leaf names to indicate hashed"; + reference "0.2.0"; + } + + revision "2017-01-29" { + description + "Initial public release"; + reference "0.1.0"; + } + + // extension statements + + // feature statements + + // identity statements + + identity TACACS { + base oc-aaa-types:AAA_SERVER_TYPE; + description + "Terminal Access Controller Access Control System (TACACS+) + AAA server"; + reference + "The TACACS+ Protocol (draft-ietf-opsawg-tacacs-05) + RFC 1492 - An Access Control Protocol, Sometimes Called + TACACS"; + } + + // typedef statements + + // grouping statements + + grouping aaa-tacacs-server-config { + description + "Configuration data for a TACACS+ server"; + + leaf port { + type inet:port-number; + default 49; + description + "The port number on which to contact the TACACS server"; + } + + leaf secret-key { + type oc-types:routing-password; + description + "The unencrypted shared key used between the authentication + server and the device."; + } + + leaf source-address { + type inet:ip-address; + description + "Source IP address to use in messages to the TACACS server"; + } + } + + grouping aaa-tacacs-server-state { + description + "Operational state data for a TACACS+ server"; + } + + grouping aaa-tacacs-server-top { + description + "Top-level grouping for TACACS+ sever data"; + + container tacacs { + description + "Top-level container for TACACS+ server data"; + + container config { + description + "Configuration data for TACACS+ server"; + + uses aaa-tacacs-server-config; + } + + container state { + + config false; + + description + "Operational state data for TACACS+ server"; + + uses aaa-tacacs-server-config; + uses aaa-tacacs-server-state; + } + } + } + + // data definition statements + + // augment statements + + // rpc statements + + // notification statements + +} \ No newline at end of file diff --git a/config-models/openconfig/files/yang/openconfig-aaa-types@2017-07-06.yang b/config-models/openconfig/files/yang/openconfig-aaa-types@2017-07-06.yang new file mode 100644 index 00000000..a42802f2 --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-aaa-types@2017-07-06.yang @@ -0,0 +1,150 @@ +module openconfig-aaa-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/aaa/types"; + + prefix "oc-aaa-types"; + + // import some basic types + import openconfig-extensions { prefix oc-ext; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines shared types for data related to AAA + (authentication, authorization, accounting)."; + + oc-ext:openconfig-version "0.2.0"; + + revision "2017-07-06" { + description + "Move to oc-inet types, add IETF attribution, add RADIUS + counters, changed password leaf names to indicate hashed"; + reference "0.2.0"; + } + + revision "2017-01-29" { + description + "Initial public release"; + reference "0.1.0"; + } + + + // identity statements + + identity AAA_SERVER_TYPE { + description + "Base identity for types of AAA servers"; + } + + + identity SYSTEM_DEFINED_ROLES { + description + "Base identity for system_defined roles that can be assigned + to users."; + } + + identity SYSTEM_ROLE_ADMIN { + base SYSTEM_DEFINED_ROLES; + description + "Built-in role that allows the equivalent of superuser + permission for all configuration and operational commands + on the device."; + } + + identity AAA_ACCOUNTING_EVENT_TYPE { + description + "Base identity for specifying events types that should be + sent to AAA server for accounting"; + } + + identity AAA_ACCOUNTING_EVENT_COMMAND { + base AAA_ACCOUNTING_EVENT_TYPE; + description + "Specifies interactive command events for AAA accounting"; + } + + identity AAA_ACCOUNTING_EVENT_LOGIN { + base AAA_ACCOUNTING_EVENT_TYPE; + description + "Specifies login events for AAA accounting"; + } + + identity AAA_AUTHORIZATION_EVENT_TYPE { + description + "Base identity for specifying activities that should be + sent to AAA server for authorization"; + } + + identity AAA_AUTHORIZATION_EVENT_COMMAND { + base AAA_ACCOUNTING_EVENT_TYPE; + description + "Specifies interactive command events for AAA authorization"; + } + + identity AAA_AUTHORIZATION_EVENT_CONFIG { + base AAA_ACCOUNTING_EVENT_TYPE; + description + "Specifies configuration (e.g., EXEC) events for AAA + authorization"; + } + + identity AAA_METHOD_TYPE { + description + "Base identity to define well-known methods for AAA + operations"; + } + + identity TACACS_ALL { + base AAA_METHOD_TYPE; + description + "The group of all TACACS+ servers."; + } + + identity RADIUS_ALL { + base AAA_METHOD_TYPE; + description + "The group of all RADIUS servers."; + } + + identity LOCAL { + base AAA_METHOD_TYPE; + description + "Locally configured method for AAA operations."; + } + + + // typedef statements + + typedef crypt-password-type { + type string; + description + "A password that is hashed based on the hash algorithm + indicated by the prefix in the string. The string + takes the following form, based on the Unix crypt function: + + $[$=(,=)*][$[$]] + + Common hash functions include: + + id | hash function + ---+--------------- + 1 | MD5 + 2a| Blowfish + 2y| Blowfish (correct handling of 8-bit chars) + 5 | SHA-256 + 6 | SHA-512 + + These may not all be supported by a target device."; + } + + +} diff --git a/config-models/openconfig/files/yang/openconfig-aaa@2017-07-06.yang b/config-models/openconfig/files/yang/openconfig-aaa@2017-07-06.yang new file mode 100644 index 00000000..5a68c47b --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-aaa@2017-07-06.yang @@ -0,0 +1,791 @@ +module openconfig-aaa { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/aaa"; + + prefix "oc-aaa"; + + // import some basic types + import openconfig-extensions { prefix oc-ext; } + import ietf-inet-types { prefix inet; } + import ietf-yang-types { prefix yang; } + import openconfig-aaa-types { prefix oc-aaa-types; } + + include openconfig-aaa-tacacs; + include openconfig-aaa-radius; + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state data + related to authorization, authentication, and accounting (AAA) + management. + + Portions of this model reuse data definitions or structure from + RFC 7317 - A YANG Data Model for System Management"; + + oc-ext:openconfig-version "0.2.0"; + + revision "2017-07-06" { + description + "Move to oc-inet types, add IETF attribution, add RADIUS + counters, changed password leaf names to indicate hashed"; + reference "0.2.0"; + } + + revision "2017-01-29" { + description + "Initial public release"; + reference "0.1.0"; + } + + // identity statements + + // grouping statements + grouping aaa-servergroup-common-config { + description + "Configuration data for AAA server groups"; + + leaf name { + type string; + description + "Name for the server group"; + } + + leaf type { + type identityref { + base oc-aaa-types:AAA_SERVER_TYPE; + } + description + "AAA server type -- all servers in the group must be of this + type"; + } + } + + grouping aaa-servergroup-common-state { + description + "Operational state data for AAA server groups"; + + //TODO: add list of group members as opstate + } + + grouping aaa-servergroup-common-top { + description + "Top-level grouping for AAA server groups"; + + container server-groups { + description + "Enclosing container for AAA server groups"; + + list server-group { + key "name"; + description + "List of AAA server groups. All servers in a group + must have the same type as indicated by the server + type."; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to configured name of the server group"; + } + + container config { + description + "Configuration data for each server group"; + + uses aaa-servergroup-common-config; + } + + container state { + config false; + + description + "Operational state data for each server group"; + + uses aaa-servergroup-common-config; + uses aaa-servergroup-common-state; + } + + uses aaa-server-top; + } + } + } + + grouping aaa-server-config { + description + "Common configuration data for AAA servers"; + + leaf name { + type string; + description + "Name assigned to the server"; + } + + + leaf address { + type inet:ip-address; + description "Address of the authentication server"; + } + + leaf timeout { + type uint16; + units seconds; + description + "Set the timeout in seconds on responses from the AAA + server"; + } + } + + grouping aaa-server-state { + description + "Common operational state data for AAA servers"; + + leaf connection-opens { + type yang:counter64; + description + "Number of new connection requests sent to the server, e.g. + socket open"; + } + + leaf connection-closes { + type yang:counter64; + description + "Number of connection close requests sent to the server, e.g. + socket close"; + } + + leaf connection-aborts { + type yang:counter64; + description + "Number of aborted connections to the server. These do + not include connections that are close gracefully."; + } + + leaf connection-failures { + type yang:counter64; + description + "Number of connection failures to the server"; + } + + leaf connection-timeouts { + type yang:counter64; + description + "Number of connection timeouts to the server"; + } + + leaf messages-sent { + type yang:counter64; + description + "Number of messages sent to the server"; + } + + leaf messages-received { + type yang:counter64; + description + "Number of messages received by the server"; + } + + leaf errors-received { + type yang:counter64; + description + "Number of error messages received from the server"; + } + + } + + grouping aaa-server-top { + description + "Top-level grouping for list of AAA servers"; + + container servers { + description + "Enclosing container the list of servers"; + + list server { + key "address"; + description + "List of AAA servers"; + + leaf address { + type leafref { + path "../config/address"; + } + description + "Reference to the configured address of the AAA server"; + } + + container config { + description + "Configuration data "; + + uses aaa-server-config; + } + + container state { + config false; + + description + "Operational state data "; + + uses aaa-server-config; + uses aaa-server-state; + } + uses aaa-tacacs-server-top; + uses aaa-radius-server-top; + } + } + } + + grouping aaa-admin-config { + description + "Configuration data for the system built-in + administrator / root user account"; + + leaf admin-password { + type string; + oc-ext:openconfig-hashed-value; + description + "The admin/root password, supplied as a cleartext string. + The system should hash and only store the password as a + hashed value."; + } + + leaf admin-password-hashed { + type oc-aaa-types:crypt-password-type; + description + "The admin/root password, supplied as a hashed value + using the notation described in the definition of the + crypt-password-type."; + } + } + + grouping aaa-admin-state { + description + "Operational state data for the root user"; + + leaf admin-username { + type string; + description + "Name of the administrator user account, e.g., admin, root, + etc."; + } + } + + grouping aaa-authentication-admin-top { + description + "Top-level grouping for root user configuration and state + data"; + + container admin-user { + description + "Top-level container for the system root or admin user + configuration and operational state"; + + container config { + description + "Configuration data for the root user account"; + + uses aaa-admin-config; + } + + container state { + config false; + + description + "Operational state data for the root user account"; + + uses aaa-admin-config; + uses aaa-admin-state; + } + } + } + grouping aaa-authentication-user-config { + description + "Configuration data for local users"; + + leaf username { + type string; + description + "Assigned username for this user"; + } + + leaf password { + type string; + oc-ext:openconfig-hashed-value; + description + "The user password, supplied as cleartext. The system + must hash the value and only store the hashed value."; + } + + leaf password-hashed { + type oc-aaa-types:crypt-password-type; + description + "The user password, supplied as a hashed value + using the notation described in the definition of the + crypt-password-type."; + } + + leaf ssh-key { + type string; + description + "SSH public key for the user (RSA or DSA)"; + } + + leaf role { + type union { + type string; + type identityref { + base oc-aaa-types:SYSTEM_DEFINED_ROLES; + } + } + description + "Role assigned to the user. The role may be supplied + as a string or a role defined by the SYSTEM_DEFINED_ROLES + identity."; + } + } + + grouping aaa-authentication-user-state { + description + "Operational state data for local users"; + } + + grouping aaa-authentication-user-top { + description + "Top-level grouping for local users"; + + container users { + description + "Enclosing container list of local users"; + + list user { + key "username"; + description + "List of local users on the system"; + + leaf username { + type leafref { + path "../config/username"; + } + description + "References the configured username for the user"; + } + + container config { + description + "Configuration data for local users"; + + uses aaa-authentication-user-config; + } + + container state { + config false; + + description + "Operational state data for local users"; + + uses aaa-authentication-user-config; + uses aaa-authentication-user-state; + } + } + + } + } + + grouping aaa-accounting-methods-common { + description + "Common definitions for accounting methods"; + + leaf-list accounting-method { + type union { + type identityref { + base oc-aaa-types:AAA_METHOD_TYPE; + } + type string; + //TODO: in YANG 1.1 this should be converted to a leafref to + //point to the server group name. + } + description + "The method used for AAA accounting for this event + type. The method is defined by the destination for + accounting data, which may be specified as the group of + all TACACS+/RADIUS servers, a defined server group, or + the local system."; + } + } + + + grouping aaa-accounting-events-config { + description + "Configuration data for AAA accounting events"; + + leaf event-type { + type identityref { + base oc-aaa-types:AAA_ACCOUNTING_EVENT_TYPE; + } + description + "The type of activity to record at the AAA accounting + server"; + } + + leaf record { + type enumeration { + enum START_STOP { + description + "Send START record to the accounting server at the + beginning of the activity, and STOP record at the + end of the activity."; + } + enum STOP { + description + "Send STOP record to the accounting server when the + user activity completes"; + } + } + description + "Type of record to send to the accounting server for this + activity type"; + } + } + + grouping aaa-accounting-events-state { + description + "Operational state data for accounting events"; + } + + grouping aaa-accounting-events-top { + description + "Top-level grouping for accounting events"; + + container events { + description + "Enclosing container for defining handling of events + for accounting"; + + list event { + key "event-type"; + description + "List of events subject to accounting"; + + leaf event-type { + type leafref { + path "../config/event-type"; + } + description + "Reference to the event-type being logged at the + accounting server"; + } + + container config { + description + "Configuration data for accounting events"; + + uses aaa-accounting-events-config; + } + + container state { + config false; + + description + "Operational state data for accounting events"; + + uses aaa-accounting-events-config; + uses aaa-accounting-events-state; + } + } + } + } + + grouping aaa-accounting-config { + description + "Configuration data for event accounting"; + + uses aaa-accounting-methods-common; + + } + + grouping aaa-accounting-state { + description + "Operational state data for event accounting services"; + } + + grouping aaa-accounting-top { + description + "Top-level grouping for user activity accounting"; + + container accounting { + description + "Top-level container for AAA accounting"; + + container config { + description + "Configuration data for user activity accounting."; + + uses aaa-accounting-config; + } + + container state { + config false; + + description + "Operational state data for user accounting."; + + uses aaa-accounting-config; + uses aaa-accounting-state; + } + + uses aaa-accounting-events-top; + + } + } + + grouping aaa-authorization-methods-config { + description + "Common definitions for authorization methods for global + and per-event type"; + + leaf-list authorization-method { + type union { + type identityref { + base oc-aaa-types:AAA_METHOD_TYPE; + } + type string; + } + description + "Ordered list of methods for authorizing commands. The first + method that provides a response (positive or negative) should + be used. The list may contain a well-defined method such + as the set of all TACACS or RADIUS servers, or the name of + a defined AAA server group. The system must validate + that the named server group exists."; + } + } + + grouping aaa-authorization-events-config { + description + "Configuration data for AAA authorization events"; + + leaf event-type { + type identityref { + base oc-aaa-types:AAA_AUTHORIZATION_EVENT_TYPE; + } + description + "The type of event to record at the AAA authorization + server"; + } + } + + grouping aaa-authorization-events-state { + description + "Operational state data for AAA authorization events"; + } + + grouping aaa-authorization-events-top { + description + "Top-level grouping for authorization events"; + + container events { + description + "Enclosing container for the set of events subject + to authorization"; + + list event { + key "event-type"; + description + "List of events subject to AAA authorization"; + + leaf event-type { + type leafref { + path "../config/event-type"; + } + description + "Reference to the event-type list key"; + } + + container config { + description + "Configuration data for each authorized event"; + + uses aaa-authorization-events-config; + } + + container state { + config false; + + description + "Operational state data for each authorized activity"; + + uses aaa-authorization-events-config; + uses aaa-authorization-events-state; + } + } + } + } + + grouping aaa-authorization-config { + description + "Configuration data for AAA authorization"; + + uses aaa-authorization-methods-config; + } + + grouping aaa-authorization-state { + description + "Operational state data for AAA authorization"; + } + + grouping aaa-authorization-top { + description + "Top-level grouping for AAA authorization"; + + container authorization { + description + "Top-level container for AAA authorization configuration + and operational state data"; + + container config { + description + "Configuration data for authorization based on AAA + methods"; + + uses aaa-authorization-config; + } + + container state { + config false; + + description + "Operational state data for authorization based on AAA"; + + uses aaa-authorization-config; + uses aaa-authorization-state; + } + + uses aaa-authorization-events-top; + + } + } + + grouping aaa-authentication-config { + description + "Configuration data for global authentication"; + + leaf-list authentication-method { + type union { + type identityref { + base oc-aaa-types:AAA_METHOD_TYPE; + } + type string; + //TODO: string should be a leafref to a defined + //server group. this will be possible in YANG 1.1 + //type leafref { + //path "/aaa/server-groups/server-group/config/name"; + //} + } + ordered-by user; + description + "Ordered list of authentication methods for users. This + can be either a reference to a server group, or a well- + defined designation in the AAA_METHOD_TYPE identity. If + authentication fails with one method, the next defined + method is tried -- failure of all methods results in the + user being denied access."; + } + } + + grouping aaa-authentication-state { + description + "Operational state data for global authentication"; + } + + grouping aaa-authentication-top { + description + "Top-level grouping for top-level authentication"; + + container authentication { + description + "Top-level container for global authentication data"; + + container config { + description + "Configuration data for global authentication services"; + + uses aaa-authentication-config; + } + + container state { + config false; + + description + "Operational state data for global authentication + services"; + + uses aaa-authentication-config; + uses aaa-authentication-state; + } + + uses aaa-authentication-admin-top; + uses aaa-authentication-user-top; + } + } + + grouping aaa-config { + description + "Configuration data for top level AAA"; + } + + grouping aaa-state { + description + "Operational state data for top level AAA"; + } + + grouping aaa-top { + description + "Top-level grouping for AAA services"; + + container aaa { + description + "Top-level container for AAA services"; + + container config { + description + "Configuration data for top level AAA services"; + + uses aaa-config; + } + + container state { + config false; + + description + "Operational state data for top level AAA services "; + + uses aaa-config; + uses aaa-state; + } + + uses aaa-authentication-top; + uses aaa-authorization-top; + uses aaa-accounting-top; + uses aaa-servergroup-common-top; + + } + } + + + + // data definition statements + + +} diff --git a/config-models/openconfig/files/yang/openconfig-extensions@2017-04-11.yang b/config-models/openconfig/files/yang/openconfig-extensions@2017-04-11.yang new file mode 100644 index 00000000..f39ecf66 --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-extensions@2017-04-11.yang @@ -0,0 +1,91 @@ +module openconfig-extensions { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/openconfig-ext"; + + prefix "oc-ext"; + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module provides extensions to the YANG language to allow + OpenConfig specific functionality and meta-data to be defined."; + + revision "2017-04-11" { + description + "rename password type to 'hashed' and clarify description"; + reference "0.3.0"; + } + + revision "2017-01-29" { + description + "Added extension for annotating encrypted values."; + reference "0.2.0"; + } + + revision "2015-10-09" { + description + "Initial OpenConfig public release"; + reference "0.1.0"; + } + + + // extension statements + extension openconfig-version { + argument "semver" { + yin-element false; + } + description + "The OpenConfig version number for the module. This is + expressed as a semantic version number of the form: + x.y.z + where: + * x corresponds to the major version, + * y corresponds to a minor version, + * z corresponds to a patch version. + This version corresponds to the model file within which it is + defined, and does not cover the whole set of OpenConfig models. + Where several modules are used to build up a single block of + functionality, the same module version is specified across each + file that makes up the module. + + A major version number of 0 indicates that this model is still + in development (whether within OpenConfig or with industry + partners), and is potentially subject to change. + + Following a release of major version 1, all modules will + increment major revision number where backwards incompatible + changes to the model are made. + + The minor version is changed when features are added to the + model that do not impact current clients use of the model. + + The patch-level version is incremented when non-feature changes + (such as bugfixes or clarifications to human-readable + descriptions that do not impact model functionality) are made + that maintain backwards compatibility. + + The version number is stored in the module meta-data."; + } + + extension openconfig-hashed-value { + description + "This extension provides an annotation on schema nodes to + indicate that the corresponding value should be stored and + reported in hashed form. + + Hash algorithms are by definition not reversible. Clients + reading the configuration or applied configuration for the node + should expect to receive only the hashed value. Values written + in cleartext will be hashed. This annotation may be used on + nodes such as secure passwords in which the device never reports + a cleartext value, even if the input is provided as cleartext."; + } +} diff --git a/config-models/openconfig/files/yang/openconfig-inet-types@2017-07-06.yang b/config-models/openconfig/files/yang/openconfig-inet-types@2017-07-06.yang new file mode 100644 index 00000000..498a6e40 --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-inet-types@2017-07-06.yang @@ -0,0 +1,316 @@ +module openconfig-inet-types { + + yang-version "1"; + namespace "http://openconfig.net/yang/types/inet"; + prefix "oc-inet"; + + import openconfig-extensions { prefix "oc-ext"; } + + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module contains a set of Internet address related + types for use in OpenConfig modules. + + Portions of this code were derived from IETF RFC 6021. + Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "0.3.0"; + + revision 2017-07-06 { + description + "Add domain-name and host typedefs"; + reference "0.3.0"; + } + + revision 2017-04-03 { + description + "Add ip-version typedef."; + reference "0.2.0"; + } + + revision 2017-04-03 { + description + "Update copyright notice."; + reference "0.1.1"; + } + + revision 2017-01-26 { + description + "Initial module for inet types"; + reference "0.1.0"; + } + + // IPv4 and IPv6 types. + + typedef ipv4-address { + type string { + pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + + '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + + '[0-9]|25[0-5])$'; + } + description + "An IPv4 address in dotted quad notation using the default + zone."; + } + + typedef ipv4-address-zoned { + type string { + pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + + '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + + '[0-9]|25[0-5])(%[a-zA-Z0-9_]+)$'; + } + description + "An IPv4 address in dotted quad notation. This type allows + specification of a zone index to disambiguate identical + address values. For link-local addresses, the index is + typically the interface index or interface name."; + } + + typedef ipv6-address { + type string { + pattern + // Must support compression through different lengths + // therefore this regexp is complex. + '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')$'; + } + description + "An IPv6 address represented as either a full address; shortened + or mixed-shortened formats, using the default zone."; + } + + typedef ipv6-address-zoned { + type string { + pattern + // Must support compression through different lengths + // therefore this regexp is complex. + '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')(%[a-zA-Z0-9_]+)$'; + } + description + "An IPv6 address represented as either a full address; shortened + or mixed-shortened formats. This type allows specification of + a zone index to disambiguate identical address values. For + link-local addresses, the index is typically the interface + index or interface name."; + } + + typedef ipv4-prefix { + type string { + pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + + '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + + '[0-9]|25[0-5])/(([0-9])|([1-2][0-9])|(3[0-2]))$'; + } + description + "An IPv4 prefix represented in dotted quad notation followed by + a slash and a CIDR mask (0 <= mask <= 32)."; + } + + typedef ipv6-prefix { + type string { + pattern + '^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|' + + '([0-9a-fA-F]{1,4}:){1,7}:|' + + '([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}' + + '([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|' + + '([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|' + + '([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|' + + '([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|' + + '[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|' + + ':((:[0-9a-fA-F]{1,4}){1,7}|:)' + + ')/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9])$'; + } + description + "An IPv6 prefix represented in full, shortened, or mixed + shortened format followed by a slash and CIDR mask + (0 <= mask <= 128)."; + } + + typedef ip-address { + type union { + type ipv4-address; + type ipv6-address; + } + description + "An IPv4 or IPv6 address with no prefix specified."; + } + + typedef ip-prefix { + type union { + type ipv4-prefix; + type ipv6-prefix; + } + description + "An IPv4 or IPv6 prefix."; + } + + typedef ip-version { + type enumeration { + enum UNKNOWN { + value 0; + description + "An unknown or unspecified version of the Internet + protocol."; + } + enum IPV4 { + value 4; + description + "The IPv4 protocol as defined in RFC 791."; + } + enum IPV6 { + value 6; + description + "The IPv6 protocol as defined in RFC 2460."; + } + } + description + "This value represents the version of the IP protocol. + Note that integer representation of the enumerated values + are not specified, and are not required to follow the + InetVersion textual convention in SMIv2."; + reference + "RFC 791: Internet Protocol + RFC 2460: Internet Protocol, Version 6 (IPv6) Specification + RFC 4001: Textual Conventions for Internet Network Addresses"; + } + + typedef domain-name { + type string { + length "1..253"; + pattern + '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' + + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)' + + '|\.'; + } + description + "The domain-name type represents a DNS domain name. + Fully quallified left to the models which utilize this type. + + Internet domain names are only loosely specified. Section + 3.5 of RFC 1034 recommends a syntax (modified in Section + 2.1 of RFC 1123). The pattern above is intended to allow + for current practice in domain name use, and some possible + future expansion. It is designed to hold various types of + domain names, including names used for A or AAAA records + (host names) and other records, such as SRV records. Note + that Internet host names have a stricter syntax (described + in RFC 952) than the DNS recommendations in RFCs 1034 and + 1123, and that systems that want to store host names in + schema nodes using the domain-name type are recommended to + adhere to this stricter standard to ensure interoperability. + + The encoding of DNS names in the DNS protocol is limited + to 255 characters. Since the encoding consists of labels + prefixed by a length bytes and there is a trailing NULL + byte, only 253 characters can appear in the textual dotted + notation. + + Domain-name values use the US-ASCII encoding. Their canonical + format uses lowercase US-ASCII characters. Internationalized + domain names MUST be encoded in punycode as described in RFC + 3492"; + } + + typedef host { + type union { + type ip-address; + type domain-name; + } + description + "The host type represents either an unzoned IP address or a DNS + domain name."; + } + + typedef as-number { + type uint32; + description + "A numeric identifier for an autonomous system (AS). An AS is a + single domain, under common administrative control, which forms + a unit of routing policy. Autonomous systems can be assigned a + 2-byte identifier, or a 4-byte identifier which may have public + or private scope. Private ASNs are assigned from dedicated + ranges. Public ASNs are assigned from ranges allocated by IANA + to the regional internet registries (RIRs)."; + reference + "RFC 1930 Guidelines for creation, selection, and registration + of an Autonomous System (AS) + RFC 4271 A Border Gateway Protocol 4 (BGP-4)"; + } + + typedef dscp { + type uint8 { + range "0..63"; + } + description + "A differentiated services code point (DSCP) marking within the + IP header."; + reference + "RFC 2474 Definition of the Differentiated Services Field + (DS Field) in the IPv4 and IPv6 Headers"; + } + + typedef ipv6-flow-label { + type uint32 { + range "0..1048575"; + } + description + "The IPv6 flow-label is a 20-bit value within the IPv6 header + which is optionally used by the source of the IPv6 packet to + label sets of packets for which special handling may be + required."; + reference + "RFC 2460 Internet Protocol, Version 6 (IPv6) Specification"; + } + + typedef port-number { + type uint16; + description + "A 16-bit port number used by a transport protocol such as TCP + or UDP."; + reference + "RFC 768 User Datagram Protocol + RFC 793 Transmission Control Protocol"; + } + + typedef uri { + type string; + description + "An ASCII-encoded Uniform Resource Identifier (URI) as defined + in RFC 3986."; + reference + "RFC 3986 Uniform Resource Identifier (URI): Generic Syntax"; + } +} diff --git a/config-models/openconfig/files/yang/openconfig-interfaces@2017-07-14.yang b/config-models/openconfig/files/yang/openconfig-interfaces@2017-07-14.yang new file mode 100644 index 00000000..b5c928ec --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-interfaces@2017-07-14.yang @@ -0,0 +1,965 @@ +module openconfig-interfaces { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/interfaces"; + + prefix "oc-if"; + + // import some basic types + import ietf-interfaces { prefix ietf-if; } + import openconfig-yang-types { prefix oc-yang; } + import openconfig-types { prefix oc-types; } + import openconfig-extensions { prefix oc-ext; } + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "Model for managing network interfaces and subinterfaces. This + module also defines convenience types / groupings for other + models to create references to interfaces: + + base-interface-ref (type) - reference to a base interface + interface-ref (grouping) - container for reference to a + interface + subinterface + interface-ref-state (grouping) - container for read-only + (opstate) reference to interface + subinterface + + This model reuses data items defined in the IETF YANG model for + interfaces described by RFC 7223 with an alternate structure + (particularly for operational state data) and with + additional configuration items. + + Portions of this code were derived from IETF RFC 7223. + Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "2.0.0"; + + revision "2017-07-14" { + description + "Added Ethernet/IP state data; Add dhcp-client; + migrate to OpenConfig types modules; Removed or + renamed opstate values"; + reference "2.0.0"; + } + + revision "2017-04-03" { + description + "Update copyright notice."; + reference "1.1.1"; + } + + revision "2016-12-22" { + description + "Fixes to Ethernet interfaces model"; + reference "1.1.0"; + } + + + // typedef statements + + typedef base-interface-ref { + type leafref { + path "/oc-if:interfaces/oc-if:interface/oc-if:name"; + } + description + "Reusable type for by-name reference to a base interface. + This type may be used in cases where ability to reference + a subinterface is not required."; + } + + typedef interface-id { + type string; + description + "User-defined identifier for an interface, generally used to + name a interface reference. The id can be arbitrary but a + useful convention is to use a combination of base interface + name and subinterface index."; + } + + // grouping statements + + grouping interface-ref-common { + description + "Reference leafrefs to interface / subinterface"; + + leaf interface { + type leafref { + path "/oc-if:interfaces/oc-if:interface/oc-if:name"; + } + description + "Reference to a base interface. If a reference to a + subinterface is required, this leaf must be specified + to indicate the base interface."; + } + + leaf subinterface { + type leafref { + path "/oc-if:interfaces/" + + "oc-if:interface[oc-if:name=current()/../interface]/" + + "oc-if:subinterfaces/oc-if:subinterface/oc-if:index"; + } + description + "Reference to a subinterface -- this requires the base + interface to be specified using the interface leaf in + this container. If only a reference to a base interface + is requuired, this leaf should not be set."; + } + } + + grouping interface-ref-state-container { + description + "Reusable opstate w/container for a reference to an + interface or subinterface"; + + container state { + config false; + description + "Operational state for interface-ref"; + + uses interface-ref-common; + } + } + + grouping interface-ref { + description + "Reusable definition for a reference to an interface or + subinterface"; + + container interface-ref { + description + "Reference to an interface or subinterface"; + + container config { + description + "Configured reference to interface / subinterface"; + + uses interface-ref-common; + } + + uses interface-ref-state-container; + } + } + + grouping interface-ref-state { + description + "Reusable opstate w/container for a reference to an + interface or subinterface"; + + container interface-ref { + description + "Reference to an interface or subinterface"; + + uses interface-ref-state-container; + } + } + + grouping base-interface-ref-state { + description + "Reusable opstate w/container for a reference to a + base interface (no subinterface)."; + + container state { + config false; + description + "Operational state for base interface reference"; + + leaf interface { + type base-interface-ref; + description + "Reference to a base interface."; + } + } + } + + + grouping interface-common-config { + description + "Configuration data data nodes common to physical interfaces + and subinterfaces"; + + leaf description { + type string; + description + "A textual description of the interface. + + A server implementation MAY map this leaf to the ifAlias + MIB object. Such an implementation needs to use some + mechanism to handle the differences in size and characters + allowed between this leaf and ifAlias. The definition of + such a mechanism is outside the scope of this document. + + Since ifAlias is defined to be stored in non-volatile + storage, the MIB implementation MUST map ifAlias to the + value of 'description' in the persistently stored + datastore. + + Specifically, if the device supports ':startup', when + ifAlias is read the device MUST return the value of + 'description' in the 'startup' datastore, and when it is + written, it MUST be written to the 'running' and 'startup' + datastores. Note that it is up to the implementation to + + decide whether to modify this single leaf in 'startup' or + perform an implicit copy-config from 'running' to + 'startup'. + + If the device does not support ':startup', ifAlias MUST + be mapped to the 'description' leaf in the 'running' + datastore."; + reference + "RFC 2863: The Interfaces Group MIB - ifAlias"; + } + + leaf enabled { + type boolean; + default "true"; + description + "This leaf contains the configured, desired state of the + interface. + + Systems that implement the IF-MIB use the value of this + leaf in the 'running' datastore to set + IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry + has been initialized, as described in RFC 2863. + + Changes in this leaf in the 'running' datastore are + reflected in ifAdminStatus, but if ifAdminStatus is + changed over SNMP, this leaf is not affected."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + } + + grouping interface-phys-config { + description + "Configuration data for physical interfaces"; + + leaf name { + type string; + description + "The name of the interface. + + A device MAY restrict the allowed values for this leaf, + possibly depending on the type of the interface. + For system-controlled interfaces, this leaf is the + device-specific name of the interface. The 'config false' + list interfaces/interface[name]/state contains the currently + existing interfaces on the device. + + If a client tries to create configuration for a + system-controlled interface that is not present in the + corresponding state list, the server MAY reject + the request if the implementation does not support + pre-provisioning of interfaces or if the name refers to + an interface that can never exist in the system. A + NETCONF server MUST reply with an rpc-error with the + error-tag 'invalid-value' in this case. + + The IETF model in RFC 7223 provides YANG features for the + following (i.e., pre-provisioning and arbitrary-names), + however they are omitted here: + + If the device supports pre-provisioning of interface + configuration, the 'pre-provisioning' feature is + advertised. + + If the device allows arbitrarily named user-controlled + interfaces, the 'arbitrary-names' feature is advertised. + + When a configured user-controlled interface is created by + the system, it is instantiated with the same name in the + /interfaces/interface[name]/state list."; + } + + leaf type { + type identityref { + base ietf-if:interface-type; + } + mandatory true; + description + "The type of the interface. + + When an interface entry is created, a server MAY + initialize the type leaf with a valid value, e.g., if it + is possible to derive the type from the name of the + interface. + + If a client tries to set the type of an interface to a + value that can never be used by the system, e.g., if the + type is not supported or if the type does not match the + name of the interface, the server MUST reject the request. + A NETCONF server MUST reply with an rpc-error with the + error-tag 'invalid-value' in this case."; + reference + "RFC 2863: The Interfaces Group MIB - ifType"; + } + + leaf mtu { + type uint16; + description + "Set the max transmission unit size in octets + for the physical interface. If this is not set, the mtu is + set to the operational default -- e.g., 1514 bytes on an + Ethernet interface."; + } + + uses interface-common-config; + } + + grouping interface-phys-holdtime-config { + description + "Configuration data for interface hold-time settings -- + applies to physical interfaces."; + + leaf up { + type uint32; + units milliseconds; + default 0; + description + "Dampens advertisement when the interface + transitions from down to up. A zero value means dampening + is turned off, i.e., immediate notification."; + } + + leaf down { + type uint32; + units milliseconds; + default 0; + description + "Dampens advertisement when the interface transitions from + up to down. A zero value means dampening is turned off, + i.e., immediate notification."; + } + } + + grouping interface-phys-holdtime-state { + description + "Operational state data for interface hold-time."; + } + + grouping interface-phys-holdtime-top { + description + "Top-level grouping for setting link transition + dampening on physical and other types of interfaces."; + + container hold-time { + description + "Top-level container for hold-time settings to enable + dampening advertisements of interface transitions."; + + container config { + description + "Configuration data for interface hold-time settings."; + + uses interface-phys-holdtime-config; + } + + container state { + + config false; + + description + "Operational state data for interface hold-time."; + + uses interface-phys-holdtime-config; + uses interface-phys-holdtime-state; + } + } + } + + grouping interface-common-state { + description + "Operational state data (in addition to intended configuration) + at the global level for this interface"; + + leaf ifindex { + type uint32; + description + "System assigned number for each interface. Corresponds to + ifIndex object in SNMP Interface MIB"; + reference + "RFC 2863 - The Interfaces Group MIB"; + } + + leaf admin-status { + type enumeration { + enum UP { + description + "Ready to pass packets."; + } + enum DOWN { + description + "Not ready to pass packets and not in some test mode."; + } + enum TESTING { + //TODO: This is generally not supported as a configured + //admin state, though it's in the standard interfaces MIB. + //Consider removing it. + description + "In some test mode."; + } + } + //TODO:consider converting to an identity to have the + //flexibility to remove some values defined by RFC 7223 that + //are not used or not implemented consistently. + mandatory true; + description + "The desired state of the interface. In RFC 7223 this leaf + has the same read semantics as ifAdminStatus. Here, it + reflects the administrative state as set by enabling or + disabling the interface."; + reference + "RFC 2863: The Interfaces Group MIB - ifAdminStatus"; + } + + leaf oper-status { + type enumeration { + enum UP { + value 1; + description + "Ready to pass packets."; + } + enum DOWN { + value 2; + description + "The interface does not pass any packets."; + } + enum TESTING { + value 3; + description + "In some test mode. No operational packets can + be passed."; + } + enum UNKNOWN { + value 4; + description + "Status cannot be determined for some reason."; + } + enum DORMANT { + value 5; + description + "Waiting for some external event."; + } + enum NOT_PRESENT { + value 6; + description + "Some component (typically hardware) is missing."; + } + enum LOWER_LAYER_DOWN { + value 7; + description + "Down due to state of lower-layer interface(s)."; + } + } + //TODO:consider converting to an identity to have the + //flexibility to remove some values defined by RFC 7223 that + //are not used or not implemented consistently. + mandatory true; + description + "The current operational state of the interface. + + This leaf has the same semantics as ifOperStatus."; + reference + "RFC 2863: The Interfaces Group MIB - ifOperStatus"; + } + + leaf last-change { + type oc-types:timeticks64; + units nanoseconds; + description + "This timestamp indicates the time of the last state change + of the interface (e.g., up-to-down transition). This + corresponds to the ifLastChange object in the standard + interface MIB. + + The value is the timestamp in nanoseconds relative to + the Unix Epoch (Jan 1, 1970 00:00:00 UTC)."; + reference + "RFC 2863: The Interfaces Group MIB - ifLastChange"; + } + + } + + + grouping interface-counters-state { + description + "Operational state representing interface counters + and statistics."; + + //TODO: we may need to break this list of counters into those + //that would appear for physical vs. subinterface or logical + //interfaces. For now, just replicating the full stats + //grouping to both interface and subinterface. + + container counters { + description + "A collection of interface-related statistics objects."; + + leaf in-octets { + type oc-yang:counter64; + description + "The total number of octets received on the interface, + including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInOctets"; + } + + leaf in-unicast-pkts { + type oc-yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were not addressed to a + multicast or broadcast address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCInUcastPkts"; + } + + leaf in-broadcast-pkts { + type oc-yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a broadcast + address at this sub-layer. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInBroadcastPkts"; + } + + leaf in-multicast-pkts { + type oc-yang:counter64; + description + "The number of packets, delivered by this sub-layer to a + higher (sub-)layer, that were addressed to a multicast + address at this sub-layer. For a MAC-layer protocol, + this includes both Group and Functional addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCInMulticastPkts"; + } + + leaf in-discards { + type oc-yang:counter64; + description + "The number of inbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being deliverable to a higher-layer + protocol. One possible reason for discarding such a + packet could be to free up buffer space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + + + reference + "RFC 2863: The Interfaces Group MIB - ifInDiscards"; + } + + leaf in-errors { + type oc-yang:counter64; + description + "For packet-oriented interfaces, the number of inbound + packets that contained errors preventing them from being + deliverable to a higher-layer protocol. For character- + oriented or fixed-length interfaces, the number of + inbound transmission units that contained errors + preventing them from being deliverable to a higher-layer + protocol. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInErrors"; + } + + leaf in-unknown-protos { + type oc-yang:counter64; + description + "For packet-oriented interfaces, the number of packets + received via the interface that were discarded because + of an unknown or unsupported protocol. For + character-oriented or fixed-length interfaces that + support protocol multiplexing, the number of + transmission units received via the interface that were + discarded because of an unknown or unsupported protocol. + For any interface that does not support protocol + multiplexing, this counter is not present. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifInUnknownProtos"; + } + + leaf in-fcs-errors { + type oc-yang:counter64; + description + "Number of received packets which had errors in the + frame check sequence (FCS), i.e., framing errors. + + Discontinuities in the value of this counter can occur + when the device is re-initialization as indicated by the + value of 'last-clear'."; + } + + leaf out-octets { + type oc-yang:counter64; + description + "The total number of octets transmitted out of the + interface, including framing characters. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutOctets"; + } + + leaf out-unicast-pkts { + type oc-yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted, and that were not addressed + to a multicast or broadcast address at this sub-layer, + including those that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifHCOutUcastPkts"; + } + + leaf out-broadcast-pkts { + type oc-yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted, and that were addressed to a + broadcast address at this sub-layer, including those + that were discarded or not sent. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutBroadcastPkts"; + } + + + leaf out-multicast-pkts { + type oc-yang:counter64; + description + "The total number of packets that higher-level protocols + requested be transmitted, and that were addressed to a + multicast address at this sub-layer, including those + that were discarded or not sent. For a MAC-layer + protocol, this includes both Group and Functional + addresses. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - + ifHCOutMulticastPkts"; + } + + leaf out-discards { + type oc-yang:counter64; + description + "The number of outbound packets that were chosen to be + discarded even though no errors had been detected to + prevent their being transmitted. One possible reason + for discarding such a packet could be to free up buffer + space. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutDiscards"; + } + + leaf out-errors { + type oc-yang:counter64; + description + "For packet-oriented interfaces, the number of outbound + packets that could not be transmitted because of errors. + For character-oriented or fixed-length interfaces, the + number of outbound transmission units that could not be + transmitted because of errors. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + 'last-clear'."; + reference + "RFC 2863: The Interfaces Group MIB - ifOutErrors"; + } + + leaf carrier-transitions { + type oc-yang:counter64; + description + "Number of times the interface state has transitioned + between up and down since the time the device restarted + or the last-clear time, whichever is most recent."; + } + + leaf last-clear { + type oc-types:timeticks64; + units nanoseconds; + description + "Timestamp of the last time the interface counters were + cleared. + + The value is the timestamp in nanoseconds relative to + the Unix Epoch (Jan 1, 1970 00:00:00 UTC)."; + } + } + } + + // data definition statements + + grouping sub-unnumbered-config { + description + "Configuration data for unnumbered subinterfaces"; + + leaf enabled { + type boolean; + default false; + description + "Indicates that the subinterface is unnumbered. By default + the subinterface is numbered, i.e., expected to have an + IP address configuration."; + } + } + + grouping sub-unnumbered-state { + description + "Operational state data unnumbered subinterfaces"; + } + + grouping sub-unnumbered-top { + description + "Top-level grouping unnumbered subinterfaces"; + + container unnumbered { + description + "Top-level container for setting unnumbered interfaces. + Includes reference the interface that provides the + address information"; + + container config { + description + "Configuration data for unnumbered interface"; + + uses sub-unnumbered-config; + } + + container state { + + config false; + + description + "Operational state data for unnumbered interfaces"; + + uses sub-unnumbered-config; + uses sub-unnumbered-state; + } + + uses oc-if:interface-ref; + } + } + + grouping subinterfaces-config { + description + "Configuration data for subinterfaces"; + + leaf index { + type uint32; + default 0; + description + "The index of the subinterface, or logical interface number. + On systems with no support for subinterfaces, or not using + subinterfaces, this value should default to 0, i.e., the + default subinterface."; + } + + uses interface-common-config; + + } + + grouping subinterfaces-state { + description + "Operational state data for subinterfaces"; + + leaf name { + type string; + description + "The system-assigned name for the sub-interface. This MAY + be a combination of the base interface name and the + subinterface index, or some other convention used by the + system."; + } + + uses interface-common-state; + uses interface-counters-state; + } + + grouping subinterfaces-top { + description + "Subinterface data for logical interfaces associated with a + given interface"; + + container subinterfaces { + description + "Enclosing container for the list of subinterfaces associated + with a physical interface"; + + list subinterface { + key "index"; + + description + "The list of subinterfaces (logical interfaces) associated + with a physical interface"; + + leaf index { + type leafref { + path "../config/index"; + } + description + "The index number of the subinterface -- used to address + the logical interface"; + } + + container config { + description + "Configurable items at the subinterface level"; + + uses subinterfaces-config; + } + + container state { + + config false; + description + "Operational state data for logical interfaces"; + + uses subinterfaces-config; + uses subinterfaces-state; + } + } + } + } + + grouping interfaces-top { + description + "Top-level grouping for interface configuration and + operational state data"; + + container interfaces { + description + "Top level container for interfaces, including configuration + and state data."; + + + list interface { + key "name"; + + description + "The list of named interfaces on the device."; + + leaf name { + type leafref { + path "../config/name"; + } + description + "References the configured name of the interface"; + //TODO: need to consider whether this should actually + //reference the name in the state subtree, which + //presumably would be the system-assigned name, or the + //configured name. Points to the config/name now + //because of YANG 1.0 limitation that the list + //key must have the same "config" as the list, and + //also can't point to a non-config node. + } + + container config { + description + "Configurable items at the global, physical interface + level"; + + uses interface-phys-config; + } + + container state { + + config false; + description + "Operational state data at the global interface level"; + + uses interface-phys-config; + uses interface-common-state; + uses interface-counters-state; + } + + uses interface-phys-holdtime-top; + uses subinterfaces-top; + } + } + } + + uses interfaces-top; + + +} diff --git a/config-models/openconfig/files/yang/openconfig-openflow-types@2017-06-01.yang b/config-models/openconfig/files/yang/openconfig-openflow-types@2017-06-01.yang new file mode 100644 index 00000000..d08676b9 --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-openflow-types@2017-06-01.yang @@ -0,0 +1,87 @@ +module openconfig-openflow-types { + + yang-version "1"; + + namespace "http://openconfig.net/yang/openflow/types"; + + prefix "openflow-types"; + + import openconfig-extensions { prefix oc-ext; } + + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines types related to the Openflow configuration + and operational state model."; + + oc-ext:openconfig-version "0.1.0"; + + revision "2017-06-01" { + description + "Initial revision"; + reference "0.1.0"; + } + + + typedef failure-mode { + type enumeration { + enum SECURE { + description + "Packets and messages destined to the controllers are + dropped. Flow entries continue to expire according to + their timeouts."; + } + enum STANDALONE { + description + "Processes all packets using the OFPP_NORMAL reserved + port. The switch acts as a legacy Ethernet switch or + router."; + } + } + description + "Type to define Openflow failure mode."; + } + + typedef transport { + type enumeration { + enum TCP { + description + "Transmission Control Protocol (TCP)."; + } + enum TLS { + description + "Transport Layer Security (TLS)."; + } + } + description + "Type to define Openflow transport protocol."; + } + + typedef auxiliary-id { + type uint8 { + range "0..15"; + } + description + "A Controller may have multiple auxiliary connections as + specified by the Openflow protocol. The main Controller + connection should always have the auxiliary-id set to zero. + All other connections must have an auxiliary-id different + from 0."; + } + + typedef datapath-id { + type string { + pattern '^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){7}$'; + } + description + "The datapath-id type represents an OpenFlow + datapath identifier. The lower 48-bits are for + a MAC address, while the upper 16-bits are + implementer-defined."; + } + +} diff --git a/config-models/openconfig/files/yang/openconfig-openflow@2017-06-01.yang b/config-models/openconfig/files/yang/openconfig-openflow@2017-06-01.yang new file mode 100644 index 00000000..a7b8489e --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-openflow@2017-06-01.yang @@ -0,0 +1,300 @@ +module openconfig-openflow { + + yang-version "1"; + + namespace "http://openconfig.net/yang/openflow"; + + prefix "openflow"; + + import openconfig-extensions { prefix oc-ext; } + import openconfig-inet-types { prefix oc-inet; } + import openconfig-interfaces { prefix oc-if; } + import openconfig-openflow-types { prefix of-types; } + import openconfig-system { prefix oc-sys; } + + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state data for + Openflow."; + + oc-ext:openconfig-version "0.1.0"; + + revision "2017-06-01" { + description + "Initial revision"; + reference "0.1.0"; + } + + grouping openflow-controller-config { + description + "Openflow controller config"; + + leaf name { + type string; + description "Name of this Openflow controller. All connections + for the same controller need to have the same name."; + } + } + + grouping openflow-controller-state { + description + "Openflow controller state"; + } + + grouping openflow-controllers-top { + description + "Top-level for the Openflow controllers model"; + + container controllers { + description + "Container for the Openflow controllers model"; + + list controller { + key "name"; + + description + "The Openflow Switch connects to all Openflow controllers + configured"; + + leaf name { + type leafref { + path "../config/name"; + } + description + "The name identifies the controller."; + } + + container config { + description + "Container for the Openflow controller config."; + + uses openflow-controller-config; + } + + container state { + config false; + + description + "Container for the Openflow controller state."; + + uses openflow-controller-config; + uses openflow-controller-state; + } + + uses openflow-connections-top; + } + } + } + + + grouping openflow-connections-config { + description + "Configuration data for OpenFlow controller connections"; + + leaf aux-id { + type of-types:auxiliary-id; + description + "Controller auxiliary ID. Must be 0 for the main controller. + One controller may have multiple auxiliary connections as + specified by the Openflow protocol. Besides configuring the + main controller, it is also possible to configure auxiliary + connections. The main controller must have the aux-id + set to zero. All others must have an aux-id different + from 0."; + } + + leaf priority { + type uint8; + description + "Optional value for servicing auxiliary connections with + different priorities."; + } + + leaf address { + type oc-inet:ip-address; + description + "The IP address of the controller."; + } + + leaf port { + type oc-inet:port-number; + default 6653; + description + "Controller port to use."; + } + + leaf transport { + type of-types:transport; + default TCP; + description + "Controller transport protocol used."; + } + + leaf source-interface { + type oc-if:base-interface-ref; + description + "Optionally specify the source interface for the + controller connection."; + } + } + + grouping openflow-connections-state { + description + "Operational state data for OpenFlow controller connections"; + + leaf connected { + type boolean; + description + "When set to true, indicates the connection between the + switch and controller is established."; + } + } + + grouping openflow-connections-top { + description + "Top-level grouping for OpenFlow controller connections"; + + container connections { + description + "Enclosing container for list of controller connections"; + + list connection { + key "aux-id"; + description + "List of connections to the OpenFlow controller. + The Openflow switch always connects to configured Openflow + controllers. Each controller can have more than one + connection, called auxiliary Openflow connections."; + + leaf aux-id { + type leafref { + path "../config/aux-id"; + } + description + "Reference to auxiliary id list key"; + } + + container config { + description + "Configuration data for OpenFlow controller connections"; + + uses openflow-connections-config; + } + + container state { + + config false; + + description + "Operational state data for OpenFlow controller + connections"; + + uses openflow-connections-config; + uses openflow-connections-state; + } + } + } + } + + + grouping openflow-agent-config { + description + "Openflow agent config"; + + leaf datapath-id { + type of-types:datapath-id; + description + "Datapath unique ID. The lower 48-bits are for + a MAC address, while the upper 16-bits are + implementer-defined."; + } + + leaf failure-mode { + type of-types:failure-mode; + description + "Failure mode for Openflow."; + } + + leaf backoff-interval { + type uint32; + units seconds; + description + "Openflow agent connection backoff interval."; + } + + leaf max-backoff { + type uint32; + units seconds; + description + "Openflow agent max backoff time."; + } + + leaf inactivity-probe { + type uint32; + units seconds; + description + "Openflow agent inactivity probe period."; + } + } + + grouping openflow-agent-state { + description + "Openflow agent state"; + } + + grouping openflow-agent-top { + description + "Top-level for the Openflow agent model"; + + container agent { + description + "Container for the Openflow agent model."; + + container config { + description + "Container for the Openflow agent config."; + + uses openflow-agent-config; + } + + container state { + config false; + + description + "Container for the Openflow agent state."; + + uses openflow-agent-config; + uses openflow-agent-state; + } + } + } + + + grouping openflow-top { + description + "Top-level for the Openflow model"; + + container openflow { + description + "Container for Openflow model"; + + + uses openflow-controllers-top; + uses openflow-agent-top; + } + } + + + augment "/oc-sys:system" { + description + "Adding OpenConfig data to the system model"; + + uses openflow-top; + } + +} diff --git a/config-models/openconfig/files/yang/openconfig-platform-types@2016-12-22.yang b/config-models/openconfig/files/yang/openconfig-platform-types@2016-12-22.yang new file mode 100644 index 00000000..5a22584b --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-platform-types@2016-12-22.yang @@ -0,0 +1,169 @@ +module openconfig-platform-types { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/platform-types"; + + prefix "oc-platform-types"; + + import openconfig-extensions { prefix oc-ext; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines data types (e.g., YANG identities) + to support the OpenConfig component inventory model."; + + oc-ext:openconfig-version "0.5.0"; + + revision "2016-12-22" { + description + "Added temperature state variable to component"; + reference "0.5.0"; + } + + // grouping statements + + grouping avg-min-max-instant-stats-precision1-celsius { + description + "Common grouping for recording temperature values in + Celsius with 1 decimal precision. Values include the + instantaneous, average, minimum, and maximum statistics"; + + leaf instant { + type decimal64 { + fraction-digits 1; + } + units celsius; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 1; + } + units celsius; + description + "The arithmetic mean value of the statistic over the + sampling period."; + } + + leaf min { + type decimal64 { + fraction-digits 1; + } + units celsius; + description + "The minimum value of the statistic over the sampling + period"; + } + + leaf max { + type decimal64 { + fraction-digits 1; + } + units celsius; + description + "The maximum value of the statistic over the sampling + period"; + } + } + + // identity statements + + identity OPENCONFIG_HARDWARE_COMPONENT { + description + "Base identity for hardware related components in a managed + device. Derived identities are partially based on contents + of the IANA Entity MIB."; + reference + "IANA Entity MIB and RFC 6933"; + } + + + identity OPENCONFIG_SOFTWARE_COMPONENT { + description + "Base identity for software-related components in a managed + device"; + } + + // hardware types + + identity CHASSIS { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Chassis component, typically with multiple slots / shelves"; + } + + identity BACKPLANE { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Backplane component for aggregating traffic, typically + contained in a chassis component"; + } + + identity POWER_SUPPLY { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Component that is supplying power to the device"; + } + + identity FAN { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Cooling fan, or could be some other heat-reduction component"; + } + + identity SENSOR { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Physical sensor, e.g., a temperature sensor in a chassis"; + } + + identity MODULE { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Replaceable hardware module, e.g., a daughtercard"; + } + + identity LINECARD { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Linecard component, typically inserted into a chassis slot"; + } + + identity PORT { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Physical port, e.g., for attaching pluggables and networking + cables"; + } + + identity TRANSCEIVER { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Pluggable module present in a port"; + } + + identity CPU { + base OPENCONFIG_HARDWARE_COMPONENT; + description + "Processing unit, e.g., a management processor"; + } + + identity OPERATING_SYSTEM { + base OPENCONFIG_SOFTWARE_COMPONENT; + description + "Operating system running on a component"; + } + + +} diff --git a/config-models/openconfig/files/yang/openconfig-platform@2016-12-22.yang b/config-models/openconfig/files/yang/openconfig-platform@2016-12-22.yang new file mode 100644 index 00000000..377a6404 --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-platform@2016-12-22.yang @@ -0,0 +1,376 @@ +module openconfig-platform { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/platform"; + + prefix "oc-platform"; + + import openconfig-platform-types { prefix oc-platform-types; } + import openconfig-interfaces { prefix oc-if; } + import openconfig-extensions { prefix oc-ext; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines a data model for representing a system + component inventory, which can include hardware or software + elements arranged in an arbitrary structure. The primary + relationship supported by the model is containment, e.g., + components containing subcomponents. + + It is expected that this model reflects every field replacable + unit on the device at a minimum (i.e., additional information + may be supplied about non-replacable components). + + Every element in the inventory is termed a 'component' with each + component expected to have a unique name and type, and optionally + a unique system-assigned identifier and FRU number. The + uniqueness is guaranteed by the system within the device. + + Components may have properties defined by the system that are + modeled as a list of key-value pairs. These may or may not be + user-configurable. The model provides a flag for the system + to optionally indicate which properties are user configurable. + + Each component also has a list of 'subcomponents' which are + references to other components. Appearance in a list of + subcomponents indicates a containment relationship as described + above. For example, a linecard component may have a list of + references to port components that reside on the linecard. + + This schema is generic to allow devices to express their own + platform-specific structure. It may be augmented by additional + component type-specific schemas that provide a common structure + for well-known component types. In these cases, the system is + expected to populate the common component schema, and may + optionally also represent the component and its properties in the + generic structure. + + The properties for each component may include dynamic values, + e.g., in the 'state' part of the schema. For example, a CPU + component may report its utilization, temperature, or other + physical properties. The intent is to capture all platform- + specific physical data in one location, including inventory + (presence or absence of a component) and state (physical + attributes or status)."; + + oc-ext:openconfig-version "0.5.0"; + + revision "2016-12-22" { + description + "Added temperature state variable to component"; + reference "0.5.0"; + } + + // grouping statements + + + grouping platform-component-properties-config { + description + "System-defined configuration data for component properties"; + + leaf name { + type string; + description + "System-supplied name of the property -- this is typically + non-configurable"; + } + + leaf value { + type union { + type string; + type boolean; + type int64; + type uint64; + type decimal64 { + fraction-digits 2; + } + } + description + "Property values can take on a variety of types. Signed and + unsigned integer types may be provided in smaller sizes, + e.g., int8, uint16, etc."; + } + } + + grouping platform-component-properties-state { + description + "Operational state data for component properties"; + + leaf configurable { + type boolean; + description + "Indication whether the property is user-configurable"; + } + } + + grouping platform-component-properties-top { + description + "Top-level grouping "; + + container properties { + description + "Enclosing container "; + + list property { + key "name"; + description + "List of system properties for the component"; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to the property name."; + } + + container config { + description + "Configuration data for each property"; + + uses platform-component-properties-config; + } + + container state { + + config false; + + description + "Operational state data for each property"; + + uses platform-component-properties-config; + uses platform-component-properties-state; + } + } + } + } + + grouping platform-subcomponent-ref-config { + description + "Configuration data for subcomponent references"; + + leaf name { + type leafref { + path "../../../../../component/config/name"; + } + description + "Reference to the name of the subcomponent"; + } + } + + grouping platform-subcomponent-ref-state { + description + "Operational state data for subcomponent references"; + + } + + grouping platform-subcomponent-ref-top { + description + "Top-level grouping for list of subcomponent references"; + + container subcomponents { + description + "Enclosing container for subcomponent references"; + + list subcomponent { + key "name"; + description + "List of subcomponent references"; + + leaf name { + type leafref { + path "../config/name"; + } + description + "Reference to the name list key"; + } + + container config { + description + "Configuration data "; + + uses platform-subcomponent-ref-config; + } + + container state { + + config false; + + description + "Operational state data "; + + uses platform-subcomponent-ref-config; + uses platform-subcomponent-ref-state; + } + } + } + } + + grouping platform-component-config { + description + "Configuration data for components"; + + leaf name { + type string; + description + "Device name for the component -- this will not be a + configurable parameter on many implementations"; + } + } + + grouping platform-component-state { + description + "Operational state data for device components."; + + leaf type { + type union { + type identityref { + base oc-platform-types:OPENCONFIG_HARDWARE_COMPONENT; + } + type identityref { + base oc-platform-types:OPENCONFIG_SOFTWARE_COMPONENT; + } + } + description + "Type of component as identified by the system"; + } + + leaf id { + type string; + description + "Unique identifier assigned by the system for the + component"; + } + + leaf description { + type string; + description + "System-supplied description of the component"; + } + + leaf mfg-name { + type string; + description + "System-supplied identifier for the manufacturer of the + component. This data is particularly useful when a + component manufacturer is different than the overall + device vendor."; + } + + leaf version { + type string; + description + "System-defined version string for a hardware, firmware, + or software component."; + } + + leaf serial-no { + type string; + description + "System-assigned serial number of the component."; + } + + leaf part-no { + type string; + description + "System-assigned part number for the component. This should + be present in particular if the component is also an FRU + (field replacable unit)"; + } + } + + grouping platform-component-temp-state { + description + "Temperature state data for device components"; + + container temperature { + description + "Temperature in degrees Celsius of the component. Values include + the instantaneous, average, minimum, and maximum statistics. If + avg/min/max statistics are not supported, the target is expected + to just supply the instant value"; + + uses oc-platform-types:avg-min-max-instant-stats-precision1-celsius; + } + } + + grouping platform-component-top { + description + "Top-level grouping for components in the device inventory"; + + container components { + description + "Enclosing container for the components in the system."; + + list component { + key "name"; + description + "List of components, keyed by component name."; + + leaf name { + type leafref { + path "../config/name"; + } + description + "References the component name"; + } + + container config { + description + "Configuration data for each component"; + + uses platform-component-config; + } + + container state { + + config false; + + description + "Operational state data for each component"; + + uses platform-component-config; + uses platform-component-state; + uses platform-component-temp-state; + } + + uses platform-component-properties-top; + uses platform-subcomponent-ref-top; + } + } + } + + // data definition statements + + uses platform-component-top; + + + // augments + + augment "/oc-if:interfaces/oc-if:interface/oc-if:state" { + //TODO: add 'when' or other condition to make sure this + //leafref points to a component of type PORT. + description + "Adds a reference from the base interface to the corresponding + port component in the device inventory."; + + leaf hardware-port { + type leafref { + path "/oc-platform:components/oc-platform:component/" + + "oc-platform:name"; + } + description + "References the hardware port in the device inventory"; + } + } + +} diff --git a/config-models/openconfig/files/yang/openconfig-procmon@2017-07-06.yang b/config-models/openconfig/files/yang/openconfig-procmon@2017-07-06.yang new file mode 100644 index 00000000..6422541d --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-procmon@2017-07-06.yang @@ -0,0 +1,159 @@ +module openconfig-procmon { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/system/procmon"; + + prefix "oc-proc"; + + + // import some basic types + import openconfig-extensions { prefix oc-ext; } + import openconfig-types { prefix oc-types; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module provides data definitions for process health + monitoring of one or more processes running on the system."; + + oc-ext:openconfig-version "0.2.0"; + + revision "2017-07-06" { + description + "Move to oc-inet types, add IETF attribution, add RADIUS + counters, changed password leaf names to indicate hashed"; + reference "0.2.0"; + } + + revision "2017-01-29" { + description + "Initial public release"; + reference "0.1.0"; + } + + + // grouping statements + + grouping procmon-processes-top { + description + "Top level grouping for attributes for processes."; + + container processes { + description + "Parameters related to all monitored processes"; + + list process { + key "pid"; + config false; + description + "List of monitored processes"; + + leaf pid { + type leafref { + path "../state/pid"; + } + description + "Reference to the process pid key"; + } + + container state { + config false; + description + "State parameters related to monitored processes"; + + uses procmon-process-attributes-state; + } + } + } + } + + grouping procmon-process-attributes-state { + description + "Attributes state definitions for a process"; + + leaf pid { + type uint64; + description + "The process pid"; + } + + leaf name { + type string; + description + "The process name"; + } + + leaf-list args { + type string; + description + "Current process command line arguments. Arguments with + a parameter (e.g., --option 10 or -option=10) should be + represented as a single element of the list with the + argument name and parameter together. Flag arguments, i.e., + those without a parameter should also be in their own list + element."; + } + + leaf start-time { + type uint64; + units "ns"; + description + "The time at which this process started, + reported as nanoseconds since the UNIX epoch. The + system must be synchronized such that the start-time + can be reported accurately, otherwise it should not be + reported."; + } + + leaf uptime { + type oc-types:timeticks64; + description + "Amount of time elapsed since this process started."; + } + + leaf cpu-usage-user { + type oc-types:timeticks64; + description + "CPU time consumed by this process in user mode."; + } + + leaf cpu-usage-system { + type oc-types:timeticks64; + description + "CPU time consumed by this process in kernel mode."; + } + + leaf cpu-utilization { + type oc-types:percentage; + description + "The percentage of CPU that is being used by the process."; + } + + leaf memory-usage { + type uint64; + units "bytes"; + description + "Bytes allocated and still in use by the process"; + } + + leaf memory-utilization { + type oc-types:percentage; + description + "The percentage of RAM that is being used by the process."; + } + } + + // augment statements + + // rpc statements + + // notification statements +} diff --git a/config-models/openconfig/files/yang/openconfig-system-logging@2017-07-06.yang b/config-models/openconfig/files/yang/openconfig-system-logging@2017-07-06.yang new file mode 100644 index 00000000..aee367d7 --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-system-logging@2017-07-06.yang @@ -0,0 +1,486 @@ +module openconfig-system-logging { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/system/logging"; + + prefix "oc-log"; + + // import some basic types + import openconfig-extensions { prefix oc-ext; } + import ietf-inet-types { prefix inet; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state data + for common logging facilities on network systems."; + + oc-ext:openconfig-version "0.2.0"; + + revision "2017-07-06" { + description + "Move to oc-inet types, add IETF attribution, add RADIUS + counters, changed password leaf names to indicate hashed"; + reference "0.2.0"; + } + + revision "2017-01-29" { + description + "Initial public release"; + reference "0.1.0"; + } + + // extension statements + + // feature statements + + // identity statements + + identity SYSLOG_FACILITY { + description + "Base identity for Syslog message facilities."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity ALL { + base SYSLOG_FACILITY; + description + "All supported facilities"; + } + + identity KERNEL { + base SYSLOG_FACILITY; + description + "The facility for kernel messages"; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity USER { + base SYSLOG_FACILITY; + description + "The facility for user-level messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity MAIL { + base SYSLOG_FACILITY; + description + "The facility for the mail system."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity SYSTEM_DAEMON { + base SYSLOG_FACILITY; + description + "The facility for the system daemons."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity AUTH { + base SYSLOG_FACILITY; + description + "The facility for security/authorization messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity SYSLOG { + base SYSLOG_FACILITY; + description + "The facility for messages generated internally by syslogd + facility."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity AUTHPRIV { + base SYSLOG_FACILITY; + description + "The facility for privileged security/authorization messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + + identity NTP { + base SYSLOG_FACILITY; + description + "The facility for the NTP subsystem."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity AUDIT { + base SYSLOG_FACILITY; + description + "The facility for log audit messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity CONSOLE { + base SYSLOG_FACILITY; + description + "The facility for log alert messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity LOCAL0 { + base SYSLOG_FACILITY; + description + "The facility for local use 0 messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity LOCAL1 { + base SYSLOG_FACILITY; + description + "The facility for local use 1 messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity LOCAL2 { + base SYSLOG_FACILITY; + description + "The facility for local use 2 messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity LOCAL3 { + base SYSLOG_FACILITY; + description + "The facility for local use 3 messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity LOCAL4 { + base SYSLOG_FACILITY; + description + "The facility for local use 4 messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity LOCAL5 { + base SYSLOG_FACILITY; + description + "The facility for local use 5 messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity LOCAL6 { + base SYSLOG_FACILITY; + description + "The facility for local use 6 messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity LOCAL7 { + base SYSLOG_FACILITY; + description + "The facility for local use 7 messages."; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + identity LOG_DESTINATION_TYPE { + description + "Base identity for destination for logging messages"; + } + + identity DEST_CONSOLE { + base LOG_DESTINATION_TYPE; + description + "Directs log messages to the console"; + } + + identity DEST_BUFFER { + base LOG_DESTINATION_TYPE; + description + "Directs log messages to and in-memory circular buffer"; + } + + identity DEST_FILE { + base LOG_DESTINATION_TYPE; + description + "Directs log messages to a local file"; + } + + identity DEST_REMOTE { + base LOG_DESTINATION_TYPE; + description + "Directs log messages to a remote syslog server"; + } + + // typedef statements + + typedef syslog-severity { + type enumeration { + enum EMERGENCY { + description + "Emergency: system is unusable (0)"; + } + enum ALERT { + description + "Alert: action must be taken immediately (1)"; + } + enum CRITICAL { + description + "Critical: critical conditions (2)"; + } + enum ERROR { + description + "Error: error conditions (3)"; + } + enum WARNING { + description + "Warning: warning conditions (4)"; + } + enum NOTICE { + description + "Notice: normal but significant condition(5)"; + } + enum INFORMATIONAL { + description + "Informational: informational messages (6)"; + } + enum DEBUG { + description + "Debug: debug-level messages (7)"; + } + } + description + "Syslog message severities"; + reference + "IETF RFC 5424 - The Syslog Protocol"; + } + + // grouping statements + + grouping logging-selectors-config { + description + "Configuration data for logging selectors"; + + leaf facility { + type identityref { + base SYSLOG_FACILITY; + } + description + "Specifies the facility, or class of messages to log"; + } + + leaf severity { + type syslog-severity; + description + "Specifies that only messages of the given severity (or + greater severity) for the corresonding facility are logged"; + } + } + + grouping logging-selectors-state { + description + "Operational state data for logging selectors"; + } + + grouping logging-selectors-top { + description + "Top-level grouping for the logging selector list"; + + container selectors { + description + "Enclosing container "; + + list selector { + key "facility severity"; + description + "List of selectors for log messages"; + + leaf facility { + type leafref { + path "../config/facility"; + } + description + "Reference to facility list key"; + } + + leaf severity { + type leafref { + path "../config/severity"; + } + description + "Reference to severity list key"; + } + + container config { + description + "Configuration data "; + + uses logging-selectors-config; + } + + container state { + + config false; + + description + "Operational state data "; + + uses logging-selectors-config; + uses logging-selectors-state; + } + } + } + } + + grouping logging-console-config { + description + "Configuration data for console logging"; + } + + grouping logging-console-state { + description + "Operational state data for console logging"; + } + + grouping logging-console-top { + description + "Top-level grouping for console logging data"; + + container console { + description + "Top-level container for data related to console-based + logging"; + + container config { + description + "Configuration data for console logging"; + + uses logging-console-config; + } + + container state { + + config false; + + description + "Operational state data for console logging"; + + uses logging-console-config; + uses logging-console-state; + } + + uses logging-selectors-top; + } + } + + grouping logging-remote-config { + description + "Configuration data for remote log servers"; + + leaf host { + type inet:host; + description + "IP address or hostname of the remote log server"; + } + + leaf source-address { + type inet:ip-address; + description + "Source IP address for packets to the log server"; + } + + leaf remote-port { + type inet:port-number; + default 514; + description + "Sets the destination port number for syslog UDP messages to + the server. The default for syslog is 514."; + } + } + + grouping logging-remote-state { + description + "Operational state data for remote log servers"; + } + + grouping logging-remote-top { + description + "Top-level grouping for remote log servers"; + + container remote-servers { + description + "Enclosing container for the list of remote log servers"; + + list remote-server { + key "host"; + description + "List of remote log servers"; + + leaf host { + type leafref { + path "../config/host"; + } + description + "Reference to the host list key"; + } + + container config { + description + "Configuration data for remote log servers"; + + uses logging-remote-config; + } + + container state { + + config false; + + description + "Operational state data for remote log servers"; + + uses logging-remote-config; + uses logging-remote-state; + } + uses logging-selectors-top; + } + } + } + + grouping logging-top { + description + "Top-level grouping for logging data"; + + container logging { + description + "Top-level container for data related to logging / syslog"; + + uses logging-console-top; + uses logging-remote-top; + } + } + // data definition statements + + // augment statements + + +} \ No newline at end of file diff --git a/config-models/openconfig/files/yang/openconfig-system-terminal@2017-07-06.yang b/config-models/openconfig/files/yang/openconfig-system-terminal@2017-07-06.yang new file mode 100644 index 00000000..f835e354 --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-system-terminal@2017-07-06.yang @@ -0,0 +1,233 @@ +module openconfig-system-terminal { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/system/terminal"; + + prefix "oc-sys-term"; + + // import some basic types + import openconfig-extensions { prefix oc-ext; } + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module defines configuration and operational state data + related to remote terminal services such as ssh and telnet."; + + oc-ext:openconfig-version "0.2.0"; + + revision "2017-07-06" { + description + "Move to oc-inet types, add IETF attribution, add RADIUS + counters, changed password leaf names to indicate hashed"; + reference "0.2.0"; + } + + revision "2017-01-29" { + description + "Initial public release"; + reference "0.1.0"; + } + + + // identity statements + + // typedef statements + + // grouping statements + + grouping system-terminal-common-config { + description + "Common configuration data for terminal services"; + + leaf timeout { + type uint16; + units seconds; + description + "Set the idle timeout in seconds on terminal connections to + the system for the protocol."; + } + + leaf rate-limit { + type uint16; + units "conn/min"; + description + "Set a limit on the number of connection attempts per + minute to the system for the protocol."; + } + + leaf session-limit { + type uint16; + description + "Set a limit on the number of simultaneous active terminal + sessions to the system for the protocol (e.g., ssh, + telnet, ...) "; + } + } + + grouping system-terminal-common-state { + description + "Common operational state data for terminal services"; + } + + grouping system-terminal-common-top { + description + "Top-level grouping for common terminal service data"; + + container terminal-servers { + description + "Top-level container for terminal services"; + + container config { + description + "Configuration data for terminal services"; + + uses system-terminal-common-config; + } + + container state { + + config false; + + description + "Operational state data "; + + uses system-terminal-common-config; + uses system-terminal-common-state; + } + } + } + + grouping system-ssh-server-config { + description + "Configuration data for system ssh configuration"; + + leaf enable { + type boolean; + default true; + description + "Enables the ssh server. The ssh server is enabled by + default."; + } + + leaf protocol-version { + type enumeration { + enum V2 { + description + "Use SSH v2 only"; + } + enum V1 { + description + "Use SSH v1 only"; + } + enum V1_V2 { + description + "Use either SSH v1 or v2"; + } + } + default V2; + description + "Set the protocol version for SSH connections to the system"; + } + + uses system-terminal-common-config; + } + + grouping system-ssh-server-state { + description + "Operational state data for ssh server"; + } + + grouping system-ssh-server-top { + description + "Top-level grouping for ssh server data"; + + container ssh-server { + description + "Top-level container for ssh server"; + + container config { + description + "Configuration data for the system ssh server"; + + uses system-ssh-server-config; + } + + container state { + + config false; + + description + "Operational state data for the system ssh server"; + + uses system-ssh-server-config; + uses system-ssh-server-state; + } + } + } + + grouping system-telnet-server-config { + description + "Configuration data for telnet server"; + + leaf enable { + type boolean; + default false; + description + "Enables the telnet server. Telnet is disabled by + default"; + } + uses system-terminal-common-config; + + } + + grouping system-telnet-server-state { + description + "Operational state data for telnet server"; + } + + grouping system-telnet-server-top { + description + "Top-level grouping for telnet server "; + + container telnet-server { + description + "Top-level container for telnet terminal servers"; + + container config { + description + "Configuration data for telnet"; + + uses system-telnet-server-config; + } + + container state { + + config false; + + description + "Operational state data for telnet"; + + uses system-telnet-server-config; + uses system-telnet-server-state; + } + } + } + + // data definition statements + + // augment statements + + // rpc statements + + // notification statements + +} \ No newline at end of file diff --git a/config-models/openconfig/files/yang/openconfig-system@2017-07-06.yang b/config-models/openconfig/files/yang/openconfig-system@2017-07-06.yang new file mode 100644 index 00000000..d784b11e --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-system@2017-07-06.yang @@ -0,0 +1,843 @@ +module openconfig-system { + + yang-version "1"; + + // namespace + namespace "http://openconfig.net/yang/system"; + + prefix "oc-sys"; + + // import some basic types + import openconfig-inet-types { prefix oc-inet; } + import ietf-yang-types { prefix yang; } + import openconfig-types { prefix oc-types; } + import openconfig-extensions { prefix oc-ext; } + import openconfig-aaa { prefix oc-aaa; } + import openconfig-system-logging { prefix oc-log; } + import openconfig-system-terminal { prefix oc-sys-term; } + import openconfig-procmon { prefix oc-proc; } + + + + // meta + organization "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "Model for managing system-wide services and functions on + network devices. + + Portions of this code were derived from IETF RFC 7317. + Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "0.2.0"; + + revision "2017-07-06" { + description + "Move to oc-inet types, add IETF attribution, add RADIUS + counters, changed password leaf names to indicate hashed"; + reference "0.2.0"; + } + + revision "2017-01-29" { + description + "Initial public release"; + reference "0.1.0"; + } + + // extension statements + + // feature statements + + // identity statements + + identity NTP_AUTH_TYPE { + description + "Base identity for encryption schemes supported for NTP + authentication keys"; + } + + identity NTP_AUTH_MD5 { + base NTP_AUTH_TYPE; + description + "MD5 encryption method"; + } + + // typedef statements + + typedef timezone-name-type { + type string; + description + "A time zone name as used by the Time Zone Database, + sometimes referred to as the 'Olson Database'. + + The exact set of valid values is an implementation-specific + matter. Client discovery of the exact set of time zone names + for a particular server is out of scope."; + reference + "BCP 175: Procedures for Maintaining the Time Zone Database"; + } + + // grouping statements + + grouping system-clock-config { + description + "Configuration data for system-wide clock configuration"; + + leaf timezone-name { + type timezone-name-type; + description + "The TZ database name to use for the system, such + as 'Europe/Stockholm'."; + reference "IANA Time Zone Database + http://www.iana.org/time-zones"; + } + } + + grouping system-clock-state { + description + "Operational state data for system-wide clock configuration"; + } + + grouping system-clock-top { + description + "Top-level grouping for system-wide clock configuration"; + + container clock { + description + "Top-level container for clock configuration data"; + + container config { + description + "Configuration data for system clock"; + + uses system-clock-config; + } + + container state { + + config false; + + description + "Operational state data for system clock"; + + uses system-clock-config; + uses system-clock-state; + } + } + } + + grouping system-global-config { + description "system-wide configuration parameters"; + + leaf hostname { + type oc-inet:domain-name; + description + "The hostname of the device -- should be a single domain + label, without the domain."; + } + + leaf domain-name { + type oc-inet:domain-name; + description + "Specifies the domain name used to form fully qualified name + for unqualified hostnames."; + } + + leaf login-banner { + type string; + description + "The console login message displayed before the login prompt, + i.e., before a user logs into the system."; + } + + leaf motd-banner { + type string; + description + "The console message displayed after a user logs into the + system. They system may append additional standard + information such as the current system date and time, uptime, + last login timestamp, etc."; + } + } + + grouping system-global-state { + description + "Global operational state data for the system"; + + leaf current-datetime { + type yang:date-and-time; + description + "The current system date and time."; + } + + leaf boot-time { + type oc-types:timeticks64; + description + "This timestamp indicates the time that the system was last + restarted. The value is the timestamp in seconds relative + to the Unix Epoch (Jan 1, 1970 00:00:00 UTC)."; + } + + } + + grouping system-dns-config { + description "DNS / resolver related configuration data"; + + leaf-list search { + type oc-inet:domain-name; + ordered-by user; + description + "An ordered list of domains to search when resolving + a host name."; + } + } + + grouping system-dns-state { + description + "Operational state data for system DNS resolver"; + + } + + grouping system-dns-servers-config { + description + "Configuration data for DNS resolvers"; + + //RFC 7317 includes a single-value choice statement to for + //TCP and UDP transport. This has been removed since it the + //transport protocol is not generally available as an options + //on target devices. It may be added back if and when needed. + + leaf address { + type oc-inet:ip-address; + description + "The address of the DNS server, can be either IPv4 + or IPv6."; + } + + leaf port { + type oc-inet:port-number; + default 53; + description + "The port number of the DNS server."; + } + + //RFC 7317 includes resolver timeout and attempts options. These + //have been omitted as they are not available on many targets. If + //and when they are required, they may be added back in. + } + + grouping system-dns-static-config { + description + "Configuration data for static host entries"; + + leaf hostname { + type string; + description + "Hostname for the static DNS entry"; + } + + leaf-list alias { + type string; + description + "Additional aliases for the hostname"; + } + + leaf-list ipv4-address { + type oc-inet:ipv4-address; + description + "List of IPv4 addressses for the host entry"; + } + + leaf-list ipv6-address { + type oc-inet:ipv6-address; + description + "List of IPv6 addresses for the host entry"; + } + } + + grouping system-dns-static-state { + description + "Operational state data for static host entries"; + } + + grouping system-dns-static-top { + description + "Top-level grouping for static DNS host entries"; + + container host-entries { + description + "Enclosing container for list of static host entries"; + + list host-entry { + key "hostname"; + description + "List of static host entries"; + + leaf hostname { + type leafref { + path "../config/hostname"; + } + description + "Reference to the hostname list key"; + } + + container config { + description + "Configuration data for static host entries"; + + uses system-dns-static-config; + } + + container state { + + config false; + + description + "Operational state data for static host entries"; + + uses system-dns-static-config; + uses system-dns-static-state; + } + } + } + } + + grouping system-dns-servers-state { + description + "Operational state data for DNS resolvers"; + + } + + grouping system-dns-servers-top { + description + "Top-level grouping for the list of DNS resolvers."; + + container servers { + description + "Enclosing container for DNS resolver list"; + + list server { + key "address"; + ordered-by user; + description + "List of the DNS servers that the resolver should query. + + When the resolver is invoked by a calling application, it + sends the query to the first name server in this list. If + no response has been received within 'timeout' seconds, + the resolver continues with the next server in the list. + If no response is received from any server, the resolver + continues with the first server again. When the resolver + has traversed the list 'attempts' times without receiving + any response, it gives up and returns an error to the + calling application. + + Implementations MAY limit the number of entries in this + list."; + + leaf address { + type leafref { + path "../config/address"; + } + description + "References the configured address of the DNS server"; + } + + container config { + description + "Configuration data for each DNS resolver"; + + uses system-dns-servers-config; + } + + container state { + + config false; + + description + "Operational state data for each DNS resolver"; + + uses system-dns-servers-config; + uses system-dns-servers-state; + } + + } + } + } + + grouping system-dns-top { + description + "Top-level grouping for DNS / resolver config and operational + state data"; + + container dns { + description + "Enclosing container for DNS resolver data"; + + container config { + description + "Configuration data for the DNS resolver"; + + uses system-dns-config; + + } + + container state { + + config false; + + description + "Operational state data for the DNS resolver"; + + uses system-dns-config; + uses system-dns-state; + + } + + uses system-dns-servers-top; + uses system-dns-static-top; + } + } + + grouping system-ntp-server-config { + description + "Configuration data for NTP servers"; + + leaf address { + type oc-inet:host; + description + "The address or hostname of the NTP server."; + } + + leaf port { + type oc-inet:port-number; + default 123; + description + "The port number of the NTP server."; + } + + leaf version { + type uint8 { + range 1..4; + } + default 4; + description + "Version number to put in outgoing NTP packets"; + } + + leaf association-type { + type enumeration { + enum SERVER { + description + "Use client association mode. This device + will not provide synchronization to the + configured NTP server."; + } + enum PEER { + description + "Use symmetric active association mode. + This device may provide synchronization + to the configured NTP server."; + } + enum POOL { + description + "Use client association mode with one or + more of the NTP servers found by DNS + resolution of the domain name given by + the 'address' leaf. This device will not + provide synchronization to the servers."; + } + } + default SERVER; + description + "The desired association type for this NTP server."; + } + leaf iburst { + type boolean; + default false; + description + "Indicates whether this server should enable burst + synchronization or not."; + } + leaf prefer { + type boolean; + default false; + description + "Indicates whether this server should be preferred + or not."; + } + } + + grouping system-ntp-server-state { + description + "Operational state data for NTP servers"; + + leaf stratum { + type uint8; + description + "Indicates the level of the server in the NTP hierarchy. As + stratum number increases, the accuracy is degraded. Primary + servers are stratum while a maximum value of 16 indicates + unsynchronized. The values have the following specific + semantics: + + | 0 | unspecified or invalid + | 1 | primary server (e.g., equipped with a GPS receiver) + | 2-15 | secondary server (via NTP) + | 16 | unsynchronized + | 17-255 | reserved"; + reference + "RFC 5905 - Network Time Protocol Version 4: Protocol and + Algorithms Specification"; + } + + leaf root-delay { + type uint32; + // TODO: reconsider units for these values -- the spec defines + // rootdelay and rootdisperson as 2 16-bit integers for seconds + // and fractional seconds, respectively. This gives a + // precision of ~15 us (2^-16). Using milliseconds here based + // on what implementations typically provide and likely lack + // of utility for less than millisecond precision with NTP + // time sync. + units "milliseconds"; + description + "The round-trip delay to the server, in milliseconds."; + reference + "RFC 5905 - Network Time Protocol Version 4: Protocol and + Algorithms Specification"; + } + + leaf root-dispersion { + type uint64; + units "milliseconds"; + description + "Dispersion (epsilon) represents the maximum error inherent + in the measurement"; + reference + "RFC 5905 - Network Time Protocol Version 4: Protocol and + Algorithms Specification"; + } + + leaf offset { + type uint64; + units "milliseconds"; + description + "Estimate of the current time offset from the peer. This is + the time difference between the local and reference clock."; + } + + leaf poll-interval { + type uint32; + units "seconds"; + description + "Polling interval of the peer"; + } + } + + grouping system-ntp-server-top { + description + "Top-level grouping for the list of NTP servers"; + + container servers { + description + "Enclosing container for the list of NTP servers"; + + list server { + key "address"; + description + "List of NTP servers to use for system clock + synchronization. If '/system/ntp/enabled' + is 'true', then the system will attempt to + contact and utilize the specified NTP servers."; + + leaf address { + type leafref { + path "../config/address"; + } + description + "References the configured address or hostname of the + NTP server."; + } + + container config { + description + "Configuration data for an NTP server."; + + uses system-ntp-server-config; + } + + container state { + + config false; + + description + "Operational state data for an NTP server."; + + uses system-ntp-server-config; + uses system-ntp-server-state; + } + + } + } + } + + grouping system-ntp-auth-keys-config { + description + "Configuration data "; + + leaf key-id { + type uint16; + description + "Integer identifier used by the client and server to + designate a secret key. The client and server must use + the same key id."; + } + + leaf key-type { + type identityref { + base NTP_AUTH_TYPE; + } + description + "Encryption type used for the NTP authentication key"; + } + + leaf key-value { + type string; + description + "NTP authentication key value"; + } + } + + grouping system-ntp-auth-keys-state { + description + "Operational state data for NTP auth key data"; + } + + grouping system-ntp-auth-keys-top { + description + "Top-level grouping for NTP auth key data"; + + container ntp-keys { + description + "Enclosing container for list of NTP authentication keys"; + + list ntp-key { + key "key-id"; + description + "List of NTP authentication keys"; + + leaf key-id { + type leafref { + path "../config/key-id"; + } + description + "Reference to auth key-id list key"; + } + + container config { + description + "Configuration data for NTP auth keys"; + + uses system-ntp-auth-keys-config; + } + + container state { + + config false; + + description + "Operational state data for NTP auth keys"; + + uses system-ntp-auth-keys-config; + uses system-ntp-auth-keys-state; + } + } + } + } + + grouping system-ntp-config { + description + "Configuration data for system-wide NTP operation."; + + leaf enabled { + type boolean; + default false; + description + "Enables the NTP protocol and indicates that the system should + attempt to synchronize the system clock with an NTP server + from the servers defined in the 'ntp/server' list."; + } + + leaf ntp-source-address { + type oc-inet:ip-address; + description + "Source address to use on outgoing NTP packets"; + } + + leaf enable-ntp-auth { + type boolean; + default false; + description + "Enable or disable NTP authentication -- when enabled, the + system will only use packets containing a trusted + authentication key to synchronize the time."; + } + } + + grouping system-ntp-state { + description + "Operational state data for system-wide NTP operation."; + + leaf auth-mismatch { + type yang:counter64; + description + "Count of the number of NTP packets received that were not + processed due to authentication mismatch."; + } + } + + grouping system-ntp-top { + description + "Top-level grouping for configuration and state data for NTP"; + + container ntp { + description + "Top-level container for NTP configuration and state"; + + container config { + description + "Configuration data for NTP client."; + + uses system-ntp-config; + } + + container state { + + config false; + + description + "Operational state data for NTP services."; + + uses system-ntp-config; + uses system-ntp-state; + } + uses system-ntp-auth-keys-top; + uses system-ntp-server-top; + } + } + + grouping system-memory-config { + description + "Configuration data for system memory"; + } + + grouping system-memory-state { + description + "Operational state data for system memory"; + + leaf physical { + type uint64; + units bytes; + // TODO: consider making units in megabytes + description + "Reports the total physical memory available on the + system."; + } + + leaf reserved { + type uint64; + units bytes; + description + "Memory reserved for system use"; + } + } + + grouping system-memory-top { + description + "Top-level grouping for system memory data definitions"; + + container memory { + description + "Top-level container for system memory data"; + + container config { + description + "Configuration data for system memory"; + + uses system-memory-config; + } + + container state { + + config false; + + description + "Operational state data for system memory"; + + uses system-memory-config; + uses system-memory-state; + } + } + } + + + grouping system-top { + description + "Top level system data containers"; + + container system { + description + "Enclosing container for system-related configuration and + operational state data"; + + container config { + description "Global configuration data for the system"; + + uses system-global-config; + + } + + container state { + + config false; + + description "Global operational state data for the system"; + + uses system-global-config; + uses system-global-state; + + } + + uses system-clock-top; + uses system-dns-top; + uses system-ntp-top; + uses oc-sys-term:system-ssh-server-top; + uses oc-sys-term:system-telnet-server-top; + uses oc-log:logging-top; + uses oc-aaa:aaa-top; + uses system-memory-top; + uses oc-proc:procmon-processes-top; + } + } + + // data definition statements + + uses system-top; + +} diff --git a/config-models/openconfig/files/yang/openconfig-types@2017-08-16.yang b/config-models/openconfig/files/yang/openconfig-types@2017-08-16.yang new file mode 100644 index 00000000..fa76f801 --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-types@2017-08-16.yang @@ -0,0 +1,332 @@ +module openconfig-types { + yang-version "1"; + + namespace "http://openconfig.net/yang/openconfig-types"; + + prefix "oc-types"; + + // import statements + import openconfig-extensions { prefix oc-ext; } + + // meta + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + netopenconfig@googlegroups.com"; + + description + "This module contains a set of general type definitions that + are used across OpenConfig models. It can be imported by modules + that make use of these types."; + + oc-ext:openconfig-version "0.3.3"; + + revision "2017-08-16" { + description + "Apply fix for ieetfloat32 length parameter"; + reference "0.3.3"; + } + + revision "2017-01-13" { + description + "Add ADDRESS_FAMILY identity"; + reference "0.3.2"; + } + + revision "2016-11-14" { + description + "Correct length of ieeefloat32"; + reference "0.3.1"; + } + + revision "2016-11-11" { + description + "Additional types - ieeefloat32 and routing-password"; + reference "0.3.0"; + } + + revision "2016-05-31" { + description + "OpenConfig public release"; + reference "0.2.0"; + } + + typedef percentage { + type uint8 { + range "0..100"; + } + description + "Integer indicating a percentage value"; + } + + typedef std-regexp { + type string; + description + "This type definition is a placeholder for a standard + definition of a regular expression that can be utilised in + OpenConfig models. Further discussion is required to + consider the type of regular expressions that are to be + supported. An initial proposal is POSIX compatible."; + } + + typedef timeticks64 { + type uint64; + description + "This type is based on the timeticks type defined in + RFC 6991, but with 64-bit width. It represents the time, + modulo 2^64, in hundredths of a second between two epochs."; + reference + "RFC 6991 - Common YANG Data Types"; + } + + typedef ieeefloat32 { + type binary { + length "4"; + } + description + "An IEEE 32-bit floating point number. The format of this number + is of the form: + 1-bit sign + 8-bit exponent + 23-bit fraction + The floating point value is calculated using: + (-1)**S * 2**(Exponent-127) * (1+Fraction)"; + } + + typedef routing-password { + type string; + description + "This type is indicative of a password that is used within + a routing protocol which can be returned in plain text to the + NMS by the local system. Such passwords are typically stored + as encrypted strings. Since the encryption used is generally + well known, it is possible to extract the original value from + the string - and hence this format is not considered secure. + Leaves specified with this type should not be modified by + the system, and should be returned to the end-user in plain + text. This type exists to differentiate passwords, which + may be sensitive, from other string leaves. It could, for + example, be used by the NMS to censor this data when + viewed by particular users."; + } + + grouping avg-min-max-stats-precision1 { + description + "Common nodes for recording average, minimum, and + maximum values for a statistic. These values all have + fraction-digits set to 1."; + + leaf avg { + type decimal64 { + fraction-digits 1; + } + description + "The arithmetic mean value of the statistic over the + sampling period."; + } + + leaf min { + type decimal64 { + fraction-digits 1; + } + description + "The minimum value of the statistic over the sampling + period"; + } + + leaf max { + type decimal64 { + fraction-digits 1; + } + description + "The maximum value of the statitic over the sampling + period"; + } + } + + grouping avg-min-max-instant-stats-precision1 { + description + "Common grouping for recording an instantaneous statistic value + in addition to avg-min-max stats"; + + leaf instant { + type decimal64 { + fraction-digits 1; + } + description + "The instantaneous value of the statistic."; + } + + uses avg-min-max-stats-precision1; + } + + grouping avg-min-max-instant-stats-precision2-dB { + description + "Common grouping for recording dB values with 2 decimal + precision. Values include the instantaneous, average, + minimum, and maximum statistics"; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units dB; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units dB; + description + "The arithmetic mean value of the statistic over the + sampling period."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units dB; + description + "The minimum value of the statistic over the sampling + period"; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units dB; + description + "The maximum value of the statistic over the sampling + period"; + } + } + + grouping avg-min-max-instant-stats-precision2-dBm { + description + "Common grouping for recording dBm values with 2 decimal + precision. Values include the instantaneous, average, + minimum, and maximum statistics"; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units dBm; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units dBm; + description + "The arithmetic mean value of the statistic over the + sampling period."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units dBm; + description + "The minimum value of the statistic over the sampling + period"; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units dBm; + description + "The maximum value of the statistic over the sampling + period"; + } + } + + grouping avg-min-max-instant-stats-precision2-mA { + description + "Common grouping for recording mA values with 2 decimal + precision. Values include the instantaneous, average, + minimum, and maximum statistics"; + + leaf instant { + type decimal64 { + fraction-digits 2; + } + units mA; + description + "The instantaneous value of the statistic."; + } + + leaf avg { + type decimal64 { + fraction-digits 2; + } + units mA; + description + "The arithmetic mean value of the statistic over the + sampling period."; + } + + leaf min { + type decimal64 { + fraction-digits 2; + } + units mA; + description + "The minimum value of the statistic over the sampling + period"; + } + + leaf max { + type decimal64 { + fraction-digits 2; + } + units mA; + description + "The maximum value of the statistic over the sampling + period"; + } + } + + identity ADDRESS_FAMILY { + description + "A base identity for all address families"; + } + + identity IPV4 { + base ADDRESS_FAMILY; + description + "The IPv4 address family"; + } + + identity IPV6 { + base ADDRESS_FAMILY; + description + "The IPv6 address family"; + } + + identity MPLS { + base ADDRESS_FAMILY; + description + "The MPLS address family"; + } + + identity L2_ETHERNET { + base ADDRESS_FAMILY; + description + "The 802.3 Ethernet address family"; + } + +} diff --git a/config-models/openconfig/files/yang/openconfig-yang-types@2017-07-30.yang b/config-models/openconfig/files/yang/openconfig-yang-types@2017-07-30.yang new file mode 100644 index 00000000..749fac42 --- /dev/null +++ b/config-models/openconfig/files/yang/openconfig-yang-types@2017-07-30.yang @@ -0,0 +1,156 @@ +module openconfig-yang-types { + + yang-version "1"; + namespace "http://openconfig.net/yang/types/yang"; + prefix "oc-yang"; + + import openconfig-extensions { prefix "oc-ext"; } + + organization + "OpenConfig working group"; + + contact + "OpenConfig working group + www.openconfig.net"; + + description + "This module contains a set of extension types to the + YANG builtin types that are used across multiple + OpenConfig models. + + Portions of this code were derived from IETF RFC 6021. + Please reproduce this note if possible. + + IETF code is subject to the following copyright and license: + Copyright (c) IETF Trust and the persons identified as authors of + the code. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, is permitted pursuant to, and subject to the license + terms contained in, the Simplified BSD License set forth in + Section 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents (http://trustee.ietf.org/license-info)."; + + oc-ext:openconfig-version "0.1.2"; + + revision 2017-07-30 { + description + "Fixed unprintable character"; + reference "0.1.2"; + } + + revision 2017-04-03 { + description + "Update copyright notice."; + reference "0.1.1"; + } + + revision 2017-01-26 { + description + "Initial module for inet types"; + reference "0.1.0"; + } + + typedef dotted-quad { + type string { + pattern '^(([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|' + + '25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4]' + + '[0-9]|25[0-5])$'; + } + description + "An unsigned 32-bit integer expressed as a dotted quad. The + format is four octets written as decimal numbers separated + with a period character."; + } + + typedef hex-string { + type string { + pattern '^[0-9a-fA-F]*$'; + } + description + "A string consisting of a hexadecimal characters."; + } + + typedef counter32 { + type uint32; + description + + "A 32-bit counter. A counter value is a monotonically increasing + value which is used to express a count of a number of + occurrences of a particular event or entity. When the counter + reaches its maximum value, in this case 2^32-1, it wraps to 0. + + Discontinuities in the counter are generally triggered only when + the counter is reset to zero."; + } + + typedef counter64 { + type uint64; + description + + "A 64-bit counter. A counter value is a monotonically increasing + value which is used to express a count of a number of + occurrences of a particular event or entity. When a counter64 + reaches its maximum value, 2^64-1, it loops to zero. + Discontinuities in a counter are generally triggered only when + the counter is reset to zero, through operator or system + intervention."; + } + + typedef date-and-time { + type string { + pattern + '^[0-9]{4}\-[0-9]{2}\-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}' + + '(\.[0-9]+)?Z[+-][0-9]{2}:[0-9]{2}$'; + } + description + "A date and time, expressed in the format described in RFC3339. + That is to say: + + YYYY-MM-DDTHH:MM:SSZ+-hh:mm + + where YYYY is the year, MM is the month expressed as a two-digit + month (zero padding if required), DD is the day of the month, + expressed as a two digit value. T is the literal character 'T', + HH is the hour of the day expressed as a two digit number, using + the 24-hour clock, MM is the minute of the hour expressed as a + two digit number. Z is the literal character 'Z', followed by a + timezone offset expressed in hours (hh) and minutes (mm), both + expressed as two digit numbers. The time offset is specified as + a positive or negative offset to UTC using the '+' or '-' + character preceding the offset. + + Optionally, fractional seconds can be expressed after the minute + of the hour as a decimal number of unspecified precision + reflecting fractions of a second."; + reference + "RFC3339 - Date and Time on the Internet: Timestamps"; + } + + typedef gauge64 { + type uint64; + description + "A gauge value may increase or decrease - and reflects a value + at a particular point in time. If the value of the variable + being modeled using the gauge exceeds its maximum - 2^64-1 in + this case - the gauge is set to its maximum value."; + } + + typedef phys-address { + type string { + pattern '^([0-9a-fA-F]{2}(:[0-9a-fA-F]{2})*)?$'; + } + description + "A physical layer address, expressed as a series of pairs of + hexadecimal digits."; + } + + typedef mac-address { + type string { + pattern '^[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}$'; + } + description + "An IEEE 802 MAC address"; + } +} diff --git a/config-models/openconfig/templates/_helpers.tpl b/config-models/openconfig/templates/_helpers.tpl new file mode 100644 index 00000000..7c2caffa --- /dev/null +++ b/config-models/openconfig/templates/_helpers.tpl @@ -0,0 +1,48 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "openconfig.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "openconfig.fullname" -}} +{{- if contains "config-model-openconfig" .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-config-model-openconfig" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "openconfig.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{/* +Common labels +*/}} +{{- define "openconfig.labels" -}} +helm.sh/chart: {{ include "openconfig.chart" . }} +{{ include "openconfig.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "openconfig.selectorLabels" -}} +app.kubernetes.io/name: {{ include "openconfig.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/config-models/openconfig/templates/model.yaml b/config-models/openconfig/templates/model.yaml new file mode 100644 index 00000000..33bbd999 --- /dev/null +++ b/config-models/openconfig/templates/model.yaml @@ -0,0 +1,23 @@ +apiVersion: config.onosproject.org/v1beta1 +kind: Model +metadata: + name: {{ template "openconfig.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "openconfig.labels" . | nindent 4 }} +spec: + dependencies: + - name: {{ template "ietf.fullname" . }} + namespace: {{ .Release.Namespace }} + modules: + {{- range $path, $_ := $.Files.Glob "files/yang/*.yang" }} + {{- $base := base $path }} + {{- $names := split "@" $base }} + {{- $name := $names._0 }} + {{- $versions := split "." $names._1 }} + {{- $version := $versions._0 }} + - name: {{ $name | quote }} + version: {{ $version | quote }} + data: | +{{ $.Files.Get $path | indent 6 }} + {{- end }} \ No newline at end of file diff --git a/config-models/openconfig/values.yaml b/config-models/openconfig/values.yaml new file mode 100644 index 00000000..e69de29b