draft-ietf-netmod-system-mgmt-02.txt   draft-ietf-netmod-system-mgmt-03.txt 
Network Working Group A. Bierman Network Working Group A. Bierman
Internet-Draft YumaWorks Internet-Draft YumaWorks
Intended status: Standards Track M. Bjorklund Intended status: Standards Track M. Bjorklund
Expires: January 12, 2013 Tail-f Systems Expires: March 11, 2013 Tail-f Systems
July 11, 2012 September 7, 2012
YANG Data Model for System Management YANG Data Model for System Management
draft-ietf-netmod-system-mgmt-02 draft-ietf-netmod-system-mgmt-03
Abstract Abstract
This document defines a YANG data model for the configuration and This document defines a YANG data model for the configuration and
identification of the management system of a device. identification of the management system of a device.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 12, 2013. This Internet-Draft will expire on March 11, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 25 skipping to change at page 2, line 25
3.1. System Identification . . . . . . . . . . . . . . . . . . 5 3.1. System Identification . . . . . . . . . . . . . . . . . . 5
3.2. System Time Management . . . . . . . . . . . . . . . . . . 5 3.2. System Time Management . . . . . . . . . . . . . . . . . . 5
3.3. DNS Resolver Model . . . . . . . . . . . . . . . . . . . . 5 3.3. DNS Resolver Model . . . . . . . . . . . . . . . . . . . . 5
3.4. RADIUS Client Model . . . . . . . . . . . . . . . . . . . 6 3.4. RADIUS Client Model . . . . . . . . . . . . . . . . . . . 6
3.5. User Authentication Model . . . . . . . . . . . . . . . . 6 3.5. User Authentication Model . . . . . . . . . . . . . . . . 6
3.5.1. SSH Public Key Authentication . . . . . . . . . . . . 7 3.5.1. SSH Public Key Authentication . . . . . . . . . . . . 7
3.5.2. Local User Password Authentication . . . . . . . . . . 7 3.5.2. Local User Password Authentication . . . . . . . . . . 7
3.5.3. RADIUS Password Authentication . . . . . . . . . . . . 7 3.5.3. RADIUS Password Authentication . . . . . . . . . . . . 7
3.6. System Control . . . . . . . . . . . . . . . . . . . . . . 8 3.6. System Control . . . . . . . . . . . . . . . . . . . . . . 8
4. System YANG module . . . . . . . . . . . . . . . . . . . . . . 9 4. System YANG module . . . . . . . . . . . . . . . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
6. Security Considerations . . . . . . . . . . . . . . . . . . . 26 6. Security Considerations . . . . . . . . . . . . . . . . . . . 25
7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 28 7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 28 7.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.2. 01-02 . . . . . . . . . . . . . . . . . . . . . . . . . . 28 7.2. 01-02 . . . . . . . . . . . . . . . . . . . . . . . . . . 27
8. Normative References . . . . . . . . . . . . . . . . . . . . . 29 7.3. 02-03 . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 31 8. Normative References . . . . . . . . . . . . . . . . . . . . . 28
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30
1. Introduction 1. Introduction
This document defines a YANG [RFC6020] data model for the This document defines a YANG [RFC6020] data model for the
configuration and identification of the management system of a configuration and identification of the management system of a
device. device.
Devices that are managed by NETCONF and perhaps other mechanisms have Devices that are managed by NETCONF and perhaps other mechanisms have
common properties that need to be configured and monitored in a common properties that need to be configured and monitored in a
standard way. standard way.
The YANG module defined in this document provides the following The "ietf-system" YANG module defined in this document provides the
features: following features:
o system administrative data configuration o system administrative data configuration
o system identification monitoring o system identification monitoring
o system time-of-day configuration and monitoring o system time-of-day configuration and monitoring
o user authentication configuration o user authentication configuration
o local users configuration o local users configuration
skipping to change at page 5, line 38 skipping to change at page 5, line 38
+--rw clock +--rw clock
| +--ro current-datetime? yang:date-and-time | +--ro current-datetime? yang:date-and-time
| +--ro boot-datetime? yang:date-and-time | +--ro boot-datetime? yang:date-and-time
| +--rw (timezone)? | +--rw (timezone)?
| +--:(timezone-location) | +--:(timezone-location)
| | +--rw timezone-location? string | | +--rw timezone-location? string
| +--:(timezone-utc-offset) | +--:(timezone-utc-offset)
| +--rw timezone-utc-offset? int16 | +--rw timezone-utc-offset? int16
+--rw ntp +--rw ntp
+--rw use-ntp? boolean +--rw use-ntp? boolean
+--rw configuration-source* identityref
+--rw ntp-server [address] +--rw ntp-server [address]
+--rw association-type? enumeration +--rw association-type? enumeration
+--rw address inet:host +--rw address inet:host
+--rw enabled? boolean +--rw enabled? boolean
+--rw iburst? boolean +--rw iburst? boolean
+--rw prefer? boolean +--rw prefer? boolean
3.3. DNS Resolver Model 3.3. DNS Resolver Model
The data model for configuration of the DNS resolver has the The data model for configuration of the DNS resolver has the
following structure: following structure:
+--rw system +--rw system
+--rw dns +--rw dns
+--rw configuration-source* identityref
+--rw search* inet:host +--rw search* inet:host
+--rw server* inet:ip-address +--rw server* inet:ip-address
+--rw options +--rw options
+--rw ndots? uint8 +--rw ndots? uint8
+--rw timeout? uint8 +--rw timeout? uint8
+--rw attempts? uint8 +--rw attempts? uint8
3.4. RADIUS Client Model 3.4. RADIUS Client Model
The data model for configuration of the RADIUS client has the The data model for configuration of the RADIUS client has the
skipping to change at page 9, line 15 skipping to change at page 9, line 15
4. System YANG module 4. System YANG module
This YANG module imports YANG extensions from [RFC6536], and imports This YANG module imports YANG extensions from [RFC6536], and imports
YANG types from [RFC6021] and [I-D.lange-netmod-iana-timezones]. It YANG types from [RFC6021] and [I-D.lange-netmod-iana-timezones]. It
also references [RFC1321], [RFC2865], [RFC3418], [RFC5607], also references [RFC1321], [RFC2865], [RFC3418], [RFC5607],
[IEEE-1003.1-2008], and [FIPS.180-3.2008]. [IEEE-1003.1-2008], and [FIPS.180-3.2008].
RFC Ed.: update the date below with the date of RFC publication and RFC Ed.: update the date below with the date of RFC publication and
remove this note. remove this note.
<CODE BEGINS> file "ietf-system@2012-07-11.yang" <CODE BEGINS> file "ietf-system@2012-09-07.yang"
module ietf-system { module ietf-system {
namespace "urn:ietf:params:xml:ns:yang:ietf-system"; namespace "urn:ietf:params:xml:ns:yang:ietf-system";
prefix "sys"; prefix "sys";
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
} }
import ietf-inet-types { import ietf-inet-types {
skipping to change at page 10, line 30 skipping to change at page 10, line 30
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
// RFC Ed.: remove this note // RFC Ed.: remove this note
// Note: extracted from draft-ietf-netmod-system-mgmt-02.txt // Note: extracted from draft-ietf-netmod-system-mgmt-03.txt
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision "2012-07-11" { revision "2012-09-07" {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for System Management"; "RFC XXXX: A YANG Data Model for System Management";
} }
/* /*
* Typedefs * Typedefs
*/ */
skipping to change at page 14, line 14 skipping to change at page 14, line 14
} }
identity local-users { identity local-users {
base authentication-method; base authentication-method;
description description
"Indicates password-based authentication of locally "Indicates password-based authentication of locally
configured users."; configured users.";
} }
identity configuration-source {
description "Base for all configuration sources.";
}
identity local-config {
base configuration-source;
description "Local configuration source.";
}
identity dhcp {
base configuration-source;
description "DHCP configuration source.";
}
/* /*
* Top-level container * Top-level container
*/ */
container system { container system {
description description
"System group configuration."; "System group configuration.";
leaf contact { leaf contact {
type string { type string {
skipping to change at page 17, line 4 skipping to change at page 16, line 37
"The current system date and time."; "The current system date and time.";
} }
leaf boot-datetime { leaf boot-datetime {
type yang:date-and-time; type yang:date-and-time;
config false; config false;
description description
"The system date and time when the NETCONF "The system date and time when the NETCONF
server last restarted."; server last restarted.";
} }
choice timezone { choice timezone {
description description
"Configure the system timezone information."; "The system timezone information.";
leaf timezone-location { leaf timezone-location {
if-feature timezone-location; if-feature timezone-location;
type ianatz:iana-timezone; type ianatz:iana-timezone;
description description
"The TZ database location identifier string "The TZ database location identifier string
to use for the system, such as 'Europe/Stockholm'."; to use for the system, such as 'Europe/Stockholm'.";
} }
leaf timezone-utc-offset { leaf timezone-utc-offset {
type int16 { type int16 {
range "-1439 .. 1439"; range "-1500 .. 1500";
} }
units "minutes";
description description
"The number of minutes to add to UTC time to "The number of minutes to add to UTC time to
identify the timezone for this system. identify the timezone for this system.
For example, 'UTC - 8:00 hours' would be For example, 'UTC - 8:00 hours' would be
represented as '-480'. Note that automatic represented as '-480'. Note that automatic
daylight savings time adjustment is not provided, daylight savings time adjustment is not provided,
if this object is used."; if this object is used.";
} }
} }
} }
grouping configuration-source {
leaf-list configuration-source {
ordered-by user;
type identityref {
base configuration-source;
}
description
"Indicates the ordered list of configuration source(s)
that the server should use for the service.";
}
}
container ntp { container ntp {
if-feature ntp; if-feature ntp;
description description
"Configuration of the NTP client."; "Configuration of the NTP client.";
leaf use-ntp { leaf use-ntp {
type boolean; type boolean;
default true; default true;
description description
"Indicates that the system should attempt "Indicates that the system should attempt
to synchronize the system clock with an to synchronize the system clock with an
NTP server from the 'ntp-server' list."; NTP server from the 'ntp-server' list.";
} }
uses configuration-source;
list ntp-server { list ntp-server {
key address; key address;
description description
"List of NTP servers to use for "List of NTP servers to use for
system clock synchronization. If 'use-ntp' system clock synchronization. If 'use-ntp'
is 'true', then the system will attempt to is 'true', then the system will attempt to
contact and utilize the specified NTP servers."; contact and utilize the specified NTP servers.";
leaf association-type { leaf association-type {
type enumeration { type enumeration {
skipping to change at page 18, line 41 skipping to change at page 18, line 13
may be expected to synchronize with the may be expected to synchronize with the
configured NTP server."; configured NTP server.";
} }
enum pool { enum pool {
description description
"Use pool association mode. This device "Use pool association mode. This device
is not expected to synchronize with the is not expected to synchronize with the
configured NTP server."; configured NTP server.";
} }
} }
default server;
description description
"The desired association type for this NTP server."; "The desired association type for this NTP server.";
default server;
} }
leaf address { leaf address {
type inet:host; type inet:host;
description description
"The IP address or domain name of the NTP server."; "The IP address or domain name of the NTP server.";
} }
leaf enabled { leaf enabled {
type boolean; type boolean;
default true; default true;
description description
skipping to change at page 19, line 30 skipping to change at page 18, line 50
"Indicates whether this server should be preferred "Indicates whether this server should be preferred
or not."; or not.";
} }
} }
} }
container dns { container dns {
description description
"Configuration of the DNS resolver."; "Configuration of the DNS resolver.";
uses configuration-source;
leaf-list search { leaf-list search {
type inet:host; type inet:host;
ordered-by user; ordered-by user;
description description
"An ordered list of domains to search when resolving "An ordered list of domains to search when resolving
a host name."; a host name.";
} }
leaf-list server { leaf-list server {
type inet:ip-address; type inet:ip-address;
ordered-by user; ordered-by user;
skipping to change at page 23, line 36 skipping to change at page 23, line 4
"The binary key data for this ssh key."; "The binary key data for this ssh key.";
} }
} }
} }
} }
} }
rpc set-current-datetime { rpc set-current-datetime {
nacm:default-deny-all; nacm:default-deny-all;
description description
"Manually set the /system/clock/current-datetime leaf "Set the /system/clock/current-datetime leaf
to the specified value. to the specified value.
If the system is using NTP (e.g., /system/ntp/use-ntp If the system is using NTP (e.g., /system/ntp/use-ntp
is set to 'true'), then this operation will is set to 'true'), then this operation will
fail with error-tag 'operation-failed', fail with error-tag 'operation-failed',
and error-app-tag value of 'ntp-active'"; and error-app-tag value of 'ntp-active'";
input { input {
leaf current-datetime { leaf current-datetime {
type yang:date-and-time; type yang:date-and-time;
mandatory true; mandatory true;
skipping to change at page 25, line 7 skipping to change at page 24, line 7
A server SHOULD send an rpc reply to the client before A server SHOULD send an rpc reply to the client before
shutting down the system."; shutting down the system.";
} }
} }
<CODE ENDS> <CODE ENDS>
5. IANA Considerations 5. IANA Considerations
This document registers a URI in the IETF XML registry [RFC3688]. This document registers one URI in the IETF XML registry [RFC3688].
Following the format in RFC 3688, the following registration is Following the format in RFC 3688, the following registration is
requested to be made. requested to be made.
URI: urn:ietf:params:xml:ns:yang:ietf-system URI: urn:ietf:params:xml:ns:yang:ietf-system
Registrant Contact: The NETMOD WG of the IETF. Registrant Contact: The NETMOD WG of the IETF.
XML: N/A, the requested URI is an XML namespace. XML: N/A, the requested URI is an XML namespace.
This document registers a YANG module in the YANG Module Names This document registers one YANG module in the YANG Module Names
registry [RFC6020]. registry [RFC6020].
name: ietf-system name: ietf-system
namespace: urn:ietf:params:xml:ns:yang:ietf-system namespace: urn:ietf:params:xml:ns:yang:ietf-system
prefix: sys prefix: sys
reference: RFC XXXX reference: RFC XXXX
6. Security Considerations 6. Security Considerations
The YANG module defined in this memo is designed to be accessed via The YANG module defined in this memo is designed to be accessed via
skipping to change at page 29, line 5 skipping to change at page 27, line 34
o removed '/system/ntp/server/true' leaf from data model o removed '/system/ntp/server/true' leaf from data model
7.2. 01-02 7.2. 01-02
o added default-stmts to ntp-server/iburst and ntp-server/prefer o added default-stmts to ntp-server/iburst and ntp-server/prefer
leafs leafs
o changed timezone-location leaf to use iana-timezone typedef o changed timezone-location leaf to use iana-timezone typedef
instead of a string instead of a string
7.3. 02-03
o removed configuration-source identities and leafs
8. Normative References 8. Normative References
[FIPS.180-3.2008] [FIPS.180-3.2008]
National Institute of Standards and Technology, "Secure National Institute of Standards and Technology, "Secure
Hash Standard", FIPS PUB 180-3, October 2008, <http:// Hash Standard", FIPS PUB 180-3, October 2008, <http://
csrc.nist.gov/publications/fips/fips180-3/ csrc.nist.gov/publications/fips/fips180-3/
fips180-3_final.pdf>. fips180-3_final.pdf>.
[I-D.lange-netmod-iana-timezones] [I-D.lange-netmod-iana-timezones]
Lange, J., "IANA Timezone Database YANG Modul", Lange, J., "IANA Timezone Database YANG Modul",
 End of changes. 26 change blocks. 
56 lines changed or deleted 30 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/