draft-ietf-netmod-system-mgmt-08.txt   draft-ietf-netmod-system-mgmt-09.txt 
Network Working Group A. Bierman Network Working Group A. Bierman
Internet-Draft YumaWorks Internet-Draft YumaWorks
Intended status: Standards Track M. Bjorklund Intended status: Standards Track M. Bjorklund
Expires: January 5, 2014 Tail-f Systems Expires: May 11, 2014 Tail-f Systems
July 4, 2013 November 7, 2013
YANG Data Model for System Management YANG Data Model for System Management
draft-ietf-netmod-system-mgmt-08 draft-ietf-netmod-system-mgmt-09
Abstract Abstract
This document defines a YANG data model for the configuration and This document defines a YANG data model for the configuration and
identification of some common system properties within a device identification of some common system properties within a device
containing a NETCONF server. This includes data node definitions for containing a NETCONF server. This includes data node definitions for
system identification, time-of-day management, user management, DNS system identification, time-of-day management, user management, DNS
resolver configuration, and some protocol operations for system resolver configuration, and some protocol operations for system
management. management.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 5, 2014. This Internet-Draft will expire on May 11, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 40 skipping to change at page 2, line 40
6. Security Considerations . . . . . . . . . . . . . . . . . . . 30 6. Security Considerations . . . . . . . . . . . . . . . . . . . 30
7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.2. 01-02 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.2. 01-02 . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.3. 02-03 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.3. 02-03 . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.4. 03-04 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.4. 03-04 . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.5. 04-05 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.5. 04-05 . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.6. 05-06 . . . . . . . . . . . . . . . . . . . . . . . . . . 33 7.6. 05-06 . . . . . . . . . . . . . . . . . . . . . . . . . . 33
7.7. 06-07 . . . . . . . . . . . . . . . . . . . . . . . . . . 33 7.7. 06-07 . . . . . . . . . . . . . . . . . . . . . . . . . . 33
7.8. 07-08 . . . . . . . . . . . . . . . . . . . . . . . . . . 34 7.8. 07-08 . . . . . . . . . . . . . . . . . . . . . . . . . . 34
7.9. 08-09 . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.1. Normative References . . . . . . . . . . . . . . . . . . . 35 8.1. Normative References . . . . . . . . . . . . . . . . . . . 35
8.2. Informative References . . . . . . . . . . . . . . . . . . 36 8.2. Informative References . . . . . . . . . . . . . . . . . . 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 37 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction 1. Introduction
This document defines a YANG [RFC6020] data model for the This document defines a YANG [RFC6020] data model for the
configuration and identification of some common properties within a configuration and identification of some common properties within a
device containing a NETCONF server. device containing a NETCONF server.
skipping to change at page 3, line 48 skipping to change at page 3, line 48
A simplified graphical representation of the data model is used in A simplified graphical representation of the data model is used in
this document. The meaning of the symbols in these diagrams is as this document. The meaning of the symbols in these diagrams is as
follows: follows:
o Brackets "[" and "]" enclose list keys. o Brackets "[" and "]" enclose list keys.
o Abbreviations before data node names: "rw" means configuration o Abbreviations before data node names: "rw" means configuration
(read-write) and "ro" state data (read-only). (read-write) and "ro" state data (read-only).
o Symbols after data node names: "?" means an optional node and "*" o Symbols after data node names: "?" means an optional node, "!"
denotes a "list" and "leaf-list". means a presence container, and "*" denotes a list and leaf-list.
o Parentheses enclose choice and case nodes, and case nodes are also o Parentheses enclose choice and case nodes, and case nodes are also
marked with a colon (":"). marked with a colon (":").
o Ellipsis ("...") stands for contents of subtrees that are not o Ellipsis ("...") stands for contents of subtrees that are not
shown. shown.
2. Objectives 2. Objectives
2.1. System Identification 2.1. System Identification
skipping to change at page 7, line 34 skipping to change at page 7, line 34
The data model for system time management has the following The data model for system time management has the following
structure: structure:
+--rw system +--rw system
| +--rw clock | +--rw clock
| | +--rw (timezone)? | | +--rw (timezone)?
| | +--:(timezone-location) | | +--:(timezone-location)
| | | +--rw timezone-location? ianatz:iana-timezone | | | +--rw timezone-location? ianatz:iana-timezone
| | +--:(timezone-utc-offset) | | +--:(timezone-utc-offset)
| | +--rw timezone-utc-offset? int16 | | +--rw timezone-utc-offset? int16
| +--rw ntp | +--rw ntp!
| +--rw enabled? boolean | +--rw enabled? boolean
| +--rw server* [name] | +--rw server* [name]
| +--rw name string | +--rw name string
| +--rw (transport) | +--rw (transport)
| | +--:(udp) | | +--:(udp)
| | +--rw udp | | +--rw udp
| | +--rw address inet:host | | +--rw address inet:host
| | +--rw port? inet:port-number | | +--rw port? inet:port-number
| +--rw association-type? enumeration | +--rw association-type? enumeration
| +--rw iburst? boolean | +--rw iburst? boolean
skipping to change at page 10, line 38 skipping to change at page 10, line 38
For NETCONF transport protocols that support password authentication, For NETCONF transport protocols that support password authentication,
the leaf-list "user-authentication-order" is used to control if the leaf-list "user-authentication-order" is used to control if
RADIUS password authentication should be used. RADIUS password authentication should be used.
In SSH, password authentication is requested by the client. Other In SSH, password authentication is requested by the client. Other
NETCONF transport protocols MAY also support password authentication. NETCONF transport protocols MAY also support password authentication.
3.6. System Control 3.6. System Control
The following operations are defined:
set-current-datetime
system-restart
system-shutdown
Two protocol operations are included to restart or shutdown the Two protocol operations are included to restart or shutdown the
system. The 'system-restart' operation can be used to restart the system. The 'system-restart' operation can be used to restart the
entire system (not just the NETCONF server). The 'system-shutdown' entire system (not just the NETCONF server). The 'system-shutdown'
operation can be used to power off the entire system. operation can be used to power off the entire system.
4. System YANG module 4. System YANG module
This YANG module imports YANG extensions from [RFC6536], and imports This YANG module imports YANG extensions from [RFC6536], and imports
YANG types from [I-D.ietf-netmod-rfc6021-bis] and YANG types from [RFC6991] and [I-D.ietf-netmod-iana-timezones]. It
[I-D.ietf-netmod-iana-timezones]. It also references [RFC1035], also references [RFC1035], [RFC1321], [RFC2865], [RFC3418],
[RFC1321], [RFC2865], [RFC3418], [RFC5607], [RFC5966], [RFC5607], [RFC5966], [IEEE-1003.1-2008], and [FIPS.180-3.2008].
[IEEE-1003.1-2008], and [FIPS.180-3.2008].
RFC Ed.: update the date below with the date of RFC publication and RFC Ed.: update the date below with the date of RFC publication and
remove this note. remove this note.
<CODE BEGINS> file "ietf-system@2013-07-04.yang" <CODE BEGINS> file "ietf-system@2013-11-07.yang"
module ietf-system { module ietf-system {
namespace "urn:ietf:params:xml:ns:yang:ietf-system"; namespace "urn:ietf:params:xml:ns:yang:ietf-system";
prefix "sys"; prefix "sys";
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
} }
import ietf-inet-types { import ietf-inet-types {
skipping to change at page 12, line 38 skipping to change at page 12, line 38
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
// RFC Ed.: remove this note // RFC Ed.: remove this note
// Note: extracted from draft-ietf-netmod-system-mgmt-07.txt // Note: extracted from draft-ietf-netmod-system-mgmt-07.txt
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision "2013-07-04" { revision "2013-11-07" {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for System Management"; "RFC XXXX: A YANG Data Model for System Management";
} }
/* /*
* Typedefs * Typedefs
*/ */
skipping to change at page 17, line 10 skipping to change at page 17, line 10
base radius-authentication-type; base radius-authentication-type;
description description
"The device requests CHAP authentication from the RADIUS "The device requests CHAP authentication from the RADIUS
server."; server.";
reference reference
"RFC 2865: Remote Authentication Dial In User Service"; "RFC 2865: Remote Authentication Dial In User Service";
} }
/* /*
* Top-level container * Configuration data nodes
*/ */
container system { container system {
description description
"System group configuration."; "System group configuration.";
leaf contact { leaf contact {
type string; type string;
description description
"The administrator contact information for the system. "The administrator contact information for the system.
The server MAY restrict the size and characters in The server MAY restrict the size and characters in
order to maintain compatibility with the sysContact order to maintain compatibility with the sysContact
MIB object."; MIB object.";
reference reference
"RFC 3418 - Management Information Base (MIB) for the "RFC 3418: Management Information Base (MIB) for the
Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP)
SNMPv2-MIB.sysContact"; SNMPv2-MIB.sysContact";
} }
leaf hostname { leaf hostname {
type inet:domain-name; type inet:domain-name;
description description
"The name of the host. This name can be a single domain "The name of the host. This name can be a single domain
label, or the fully qualified domain name of the host."; label, or the fully qualified domain name of the host.";
} }
leaf location { leaf location {
type string; type string;
description description
"The system location. The server MAY restrict the size "The system location. The server MAY restrict the size
and characters in order to maintain compatibility with and characters in order to maintain compatibility with
the sysLocation MIB object."; the sysLocation MIB object.";
reference reference
"RFC 3418 - Management Information Base (MIB) for the "RFC 3418: Management Information Base (MIB) for the
Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP)
SNMPv2-MIB.sysLocation"; SNMPv2-MIB.sysLocation";
} }
container clock { container clock {
description description
"Configuration of the system date and time properties."; "Configuration of the system date and time properties.";
choice timezone { choice timezone {
description description
"The system timezone information."; "The system timezone information.";
case timezone-location { case timezone-location {
if-feature timezone-location; if-feature timezone-location;
skipping to change at page 18, line 33 skipping to change at page 18, line 34
'UTC - 8:00 hours' would be represented as '-480'. 'UTC - 8:00 hours' would be represented as '-480'.
Note that automatic daylight savings time adjustment Note that automatic daylight savings time adjustment
is not provided, if this object is used."; is not provided, if this object is used.";
} }
} }
} }
} }
container ntp { container ntp {
if-feature ntp; if-feature ntp;
presence
"Enables the NTP client unless the 'enabled' leaf
(which defaults to 'true') is set to 'false'";
description description
"Configuration of the NTP client."; "Configuration of the NTP client.";
leaf enabled { leaf enabled {
type boolean; type boolean;
default true; default true;
description description
"Indicates that the system should attempt "Indicates that the system should attempt
to synchronize the system clock with an to synchronize the system clock with an
NTP server from the 'ntp/server' list."; NTP server from the 'ntp/server' list.";
skipping to change at page 26, line 31 skipping to change at page 26, line 35
type binary; type binary;
mandatory true; mandatory true;
description description
"The binary key data for this ssh key."; "The binary key data for this ssh key.";
} }
} }
} }
} }
} }
/*
* Operational state data nodes
*/
container system-state { container system-state {
config false; config false;
description description
"System group operational state."; "System group operational state.";
container platform { container platform {
config false;
description description
"Contains vendor-specific information for "Contains vendor-specific information for
identifying the system platform and operating system."; identifying the system platform and operating system.";
reference reference
"IEEE Std 1003.1-2008 - sys/utsname.h"; "IEEE Std 1003.1-2008 - sys/utsname.h";
leaf os-name { leaf os-name {
type string; type string;
description description
"The name of the operating system in use, "The name of the operating system in use,
skipping to change at page 27, line 32 skipping to change at page 27, line 39
} }
leaf machine { leaf machine {
type string; type string;
description description
"A vendor-specific identifier string representing "A vendor-specific identifier string representing
the hardware in use."; the hardware in use.";
reference reference
"IEEE Std 1003.1-2008 - utsname.machine"; "IEEE Std 1003.1-2008 - utsname.machine";
} }
} }
container clock { container clock {
description description
"Monitoring of the system "Monitoring of the system
date and time properties."; date and time properties.";
leaf current-datetime { leaf current-datetime {
type yang:date-and-time; type yang:date-and-time;
config false;
description description
"The current system date and time."; "The current system date and time.";
} }
leaf boot-datetime { leaf boot-datetime {
type yang:date-and-time; type yang:date-and-time;
config false;
description description
"The system date and time when the system last restarted."; "The system date and time when the system last restarted.";
} }
} }
} }
rpc set-current-datetime { rpc set-current-datetime {
nacm:default-deny-all; nacm:default-deny-all;
description description
"Set the /system-state/clock/current-datetime leaf "Set the /system-state/clock/current-datetime leaf
to the specified value. to the specified value.
If the system is using NTP (i.e., /system/ntp/enabled If the system is using NTP (i.e., /system/ntp/enabled
is set to 'true'), then this operation will is set to 'true'), then this operation will
fail with error-tag 'operation-failed', fail with error-tag 'operation-failed',
and error-app-tag value of 'ntp-active'"; and error-app-tag value of 'ntp-active'";
skipping to change at page 32, line 5 skipping to change at page 31, line 18
important to control access to these operations. These are the important to control access to these operations. These are the
operations and their sensitivity/vulnerability: operations and their sensitivity/vulnerability:
o set-current-datetime: Changes the current date and time on the o set-current-datetime: Changes the current date and time on the
device. device.
o system-restart: Reboots the device. o system-restart: Reboots the device.
o system-shutdown: Shuts down the device. o system-shutdown: Shuts down the device.
This YANG model defines a type "crypt-hash" that can be used to store
MD5 hashes. [RFC6151] discusses security considerations for MD5.
7. Change Log 7. Change Log
-- RFC Ed.: remove this section before publication. -- RFC Ed.: remove this section before publication.
7.1. 00-01 7.1. 00-01
o added configuration-source identities o added configuration-source identities
o added configuration-source leaf to ntp and dns (via grouping) to o added configuration-source leaf to ntp and dns (via grouping) to
choose configuration source choose configuration source
skipping to change at page 35, line 5 skipping to change at page 34, line 17
o updated the Security Considerations section with a reference to o updated the Security Considerations section with a reference to
NACM. NACM.
7.8. 07-08 7.8. 07-08
o renamed the DNS transport to 'udp-and-tcp' and added references. o renamed the DNS transport to 'udp-and-tcp' and added references.
o moved the operational state nodes into /system-state. o moved the operational state nodes into /system-state.
7.9. 08-09
o made "ntp" node a presence container
o added reference to RFC 6151
o updated reference from 6021-bis to RFC 6991
o cleaned up usage of config false in the YANG module
8. References 8. References
8.1. Normative References 8.1. Normative References
[FIPS.180-3.2008] [FIPS.180-3.2008]
National Institute of Standards and Technology, "Secure National Institute of Standards and Technology, "Secure
Hash Standard", FIPS PUB 180-3, October 2008, <http:// Hash Standard", FIPS PUB 180-3, October 2008, <http://
csrc.nist.gov/publications/fips/fips180-3/ csrc.nist.gov/publications/fips/fips180-3/
fips180-3_final.pdf>. fips180-3_final.pdf>.
[I-D.ietf-netmod-iana-timezones] [I-D.ietf-netmod-iana-timezones]
Lange, J., "IANA Timezone Database YANG Module", Lange, J., "IANA Timezone Database YANG Module",
draft-ietf-netmod-iana-timezones-00 (work in progress), draft-ietf-netmod-iana-timezones-00 (work in progress),
July 2012. July 2012.
[I-D.ietf-netmod-rfc6021-bis]
Schoenwaelder, J., "Common YANG Data Types",
draft-ietf-netmod-rfc6021-bis-03 (work in progress),
June 2013.
[IEEE-1003.1-2008] [IEEE-1003.1-2008]
Institute of Electrical and Electronics Engineers, Institute of Electrical and Electronics Engineers,
"POSIX.1-2008", IEEE Standard 1003.1, March 2008. "POSIX.1-2008", IEEE Standard 1003.1, March 2008.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992. April 1992.
skipping to change at page 36, line 14 skipping to change at page 36, line 9
User Service (RADIUS) Authorization for Network Access User Service (RADIUS) Authorization for Network Access
Server (NAS) Management", RFC 5607, July 2009. Server (NAS) Management", RFC 5607, July 2009.
[RFC5966] Bellis, R., "DNS Transport over TCP - Implementation [RFC5966] Bellis, R., "DNS Transport over TCP - Implementation
Requirements", RFC 5966, August 2010. Requirements", RFC 5966, August 2010.
[RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the
Network Configuration Protocol (NETCONF)", RFC 6020, Network Configuration Protocol (NETCONF)", RFC 6020,
October 2010. October 2010.
[RFC6151] Turner, S. and L. Chen, "Updated Security Considerations
for the MD5 Message-Digest and the HMAC-MD5 Algorithms",
RFC 6151, March 2011.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, June 2011. (NETCONF)", RFC 6241, June 2011.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, June 2011. Shell (SSH)", RFC 6242, June 2011.
[RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
Protocol (NETCONF) Access Control Model", RFC 6536, Protocol (NETCONF) Access Control Model", RFC 6536,
March 2012. March 2012.
[RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991,
July 2013.
8.2. Informative References 8.2. Informative References
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004. January 2004.
[RFC6557] Lear, E. and P. Eggert, "Procedures for Maintaining the [RFC6557] Lear, E. and P. Eggert, "Procedures for Maintaining the
Time Zone Database", BCP 175, RFC 6557, February 2012. Time Zone Database", BCP 175, RFC 6557, February 2012.
Authors' Addresses Authors' Addresses
 End of changes. 27 change blocks. 
29 lines changed or deleted 56 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/