--- 1/draft-ietf-netmod-system-mgmt-08.txt 2013-11-07 14:14:27.979089039 -0800 +++ 2/draft-ietf-netmod-system-mgmt-09.txt 2013-11-07 14:14:28.039090554 -0800 @@ -1,19 +1,19 @@ Network Working Group A. Bierman Internet-Draft YumaWorks Intended status: Standards Track M. Bjorklund -Expires: January 5, 2014 Tail-f Systems - July 4, 2013 +Expires: May 11, 2014 Tail-f Systems + November 7, 2013 YANG Data Model for System Management - draft-ietf-netmod-system-mgmt-08 + draft-ietf-netmod-system-mgmt-09 Abstract This document defines a YANG data model for the configuration and identification of some common system properties within a device containing a NETCONF server. This includes data node definitions for system identification, time-of-day management, user management, DNS resolver configuration, and some protocol operations for system management. @@ -25,21 +25,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on January 5, 2014. + This Internet-Draft will expire on May 11, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -75,20 +75,21 @@ 6. Security Considerations . . . . . . . . . . . . . . . . . . . 30 7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.2. 01-02 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.3. 02-03 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.4. 03-04 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.5. 04-05 . . . . . . . . . . . . . . . . . . . . . . . . . . 32 7.6. 05-06 . . . . . . . . . . . . . . . . . . . . . . . . . . 33 7.7. 06-07 . . . . . . . . . . . . . . . . . . . . . . . . . . 33 7.8. 07-08 . . . . . . . . . . . . . . . . . . . . . . . . . . 34 + 7.9. 08-09 . . . . . . . . . . . . . . . . . . . . . . . . . . 34 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35 8.1. Normative References . . . . . . . . . . . . . . . . . . . 35 8.2. Informative References . . . . . . . . . . . . . . . . . . 36 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 37 1. Introduction This document defines a YANG [RFC6020] data model for the configuration and identification of some common properties within a device containing a NETCONF server. @@ -123,22 +124,22 @@ A simplified graphical representation of the data model is used in this document. The meaning of the symbols in these diagrams is as follows: o Brackets "[" and "]" enclose list keys. o Abbreviations before data node names: "rw" means configuration (read-write) and "ro" state data (read-only). - o Symbols after data node names: "?" means an optional node and "*" - denotes a "list" and "leaf-list". + o Symbols after data node names: "?" means an optional node, "!" + means a presence container, and "*" denotes a list and leaf-list. o Parentheses enclose choice and case nodes, and case nodes are also marked with a colon (":"). o Ellipsis ("...") stands for contents of subtrees that are not shown. 2. Objectives 2.1. System Identification @@ -212,21 +213,21 @@ The data model for system time management has the following structure: +--rw system | +--rw clock | | +--rw (timezone)? | | +--:(timezone-location) | | | +--rw timezone-location? ianatz:iana-timezone | | +--:(timezone-utc-offset) | | +--rw timezone-utc-offset? int16 - | +--rw ntp + | +--rw ntp! | +--rw enabled? boolean | +--rw server* [name] | +--rw name string | +--rw (transport) | | +--:(udp) | | +--rw udp | | +--rw address inet:host | | +--rw port? inet:port-number | +--rw association-type? enumeration | +--rw iburst? boolean @@ -359,37 +360,42 @@ For NETCONF transport protocols that support password authentication, the leaf-list "user-authentication-order" is used to control if RADIUS password authentication should be used. In SSH, password authentication is requested by the client. Other NETCONF transport protocols MAY also support password authentication. 3.6. System Control + The following operations are defined: + + set-current-datetime + system-restart + system-shutdown + Two protocol operations are included to restart or shutdown the system. The 'system-restart' operation can be used to restart the entire system (not just the NETCONF server). The 'system-shutdown' operation can be used to power off the entire system. 4. System YANG module This YANG module imports YANG extensions from [RFC6536], and imports - YANG types from [I-D.ietf-netmod-rfc6021-bis] and - [I-D.ietf-netmod-iana-timezones]. It also references [RFC1035], - [RFC1321], [RFC2865], [RFC3418], [RFC5607], [RFC5966], - [IEEE-1003.1-2008], and [FIPS.180-3.2008]. + YANG types from [RFC6991] and [I-D.ietf-netmod-iana-timezones]. It + also references [RFC1035], [RFC1321], [RFC2865], [RFC3418], + [RFC5607], [RFC5966], [IEEE-1003.1-2008], and [FIPS.180-3.2008]. RFC Ed.: update the date below with the date of RFC publication and remove this note. - file "ietf-system@2013-07-04.yang" + file "ietf-system@2013-11-07.yang" module ietf-system { namespace "urn:ietf:params:xml:ns:yang:ietf-system"; prefix "sys"; import ietf-yang-types { prefix yang; } import ietf-inet-types { @@ -446,21 +452,21 @@ the RFC itself for full legal notices."; // RFC Ed.: replace XXXX with actual RFC number and remove this // note. // RFC Ed.: remove this note // Note: extracted from draft-ietf-netmod-system-mgmt-07.txt // RFC Ed.: update the date below with the date of RFC publication // and remove this note. - revision "2013-07-04" { + revision "2013-11-07" { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for System Management"; } /* * Typedefs */ @@ -661,56 +667,57 @@ base radius-authentication-type; description "The device requests CHAP authentication from the RADIUS server."; reference "RFC 2865: Remote Authentication Dial In User Service"; } /* - * Top-level container + * Configuration data nodes */ container system { description "System group configuration."; leaf contact { type string; description "The administrator contact information for the system. The server MAY restrict the size and characters in order to maintain compatibility with the sysContact MIB object."; reference - "RFC 3418 - Management Information Base (MIB) for the + "RFC 3418: Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) SNMPv2-MIB.sysContact"; } leaf hostname { type inet:domain-name; description "The name of the host. This name can be a single domain label, or the fully qualified domain name of the host."; } leaf location { type string; description "The system location. The server MAY restrict the size and characters in order to maintain compatibility with the sysLocation MIB object."; reference - "RFC 3418 - Management Information Base (MIB) for the + "RFC 3418: Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) SNMPv2-MIB.sysLocation"; } + container clock { description "Configuration of the system date and time properties."; choice timezone { description "The system timezone information."; case timezone-location { if-feature timezone-location; @@ -733,20 +740,23 @@ 'UTC - 8:00 hours' would be represented as '-480'. Note that automatic daylight savings time adjustment is not provided, if this object is used."; } } } } container ntp { if-feature ntp; + presence + "Enables the NTP client unless the 'enabled' leaf + (which defaults to 'true') is set to 'false'"; description "Configuration of the NTP client."; leaf enabled { type boolean; default true; description "Indicates that the system should attempt to synchronize the system clock with an NTP server from the 'ntp/server' list."; @@ -1117,27 +1127,30 @@ type binary; mandatory true; description "The binary key data for this ssh key."; } } } } } + /* + * Operational state data nodes + */ + container system-state { config false; description "System group operational state."; container platform { - config false; description "Contains vendor-specific information for identifying the system platform and operating system."; reference "IEEE Std 1003.1-2008 - sys/utsname.h"; leaf os-name { type string; description "The name of the operating system in use, @@ -1166,40 +1179,39 @@ } leaf machine { type string; description "A vendor-specific identifier string representing the hardware in use."; reference "IEEE Std 1003.1-2008 - utsname.machine"; } } + container clock { description "Monitoring of the system date and time properties."; leaf current-datetime { type yang:date-and-time; - config false; description "The current system date and time."; } leaf boot-datetime { type yang:date-and-time; - config false; description "The system date and time when the system last restarted."; } } - } + rpc set-current-datetime { nacm:default-deny-all; description "Set the /system-state/clock/current-datetime leaf to the specified value. If the system is using NTP (i.e., /system/ntp/enabled is set to 'true'), then this operation will fail with error-tag 'operation-failed', and error-app-tag value of 'ntp-active'"; @@ -1306,20 +1318,23 @@ important to control access to these operations. These are the operations and their sensitivity/vulnerability: o set-current-datetime: Changes the current date and time on the device. o system-restart: Reboots the device. o system-shutdown: Shuts down the device. + This YANG model defines a type "crypt-hash" that can be used to store + MD5 hashes. [RFC6151] discusses security considerations for MD5. + 7. Change Log -- RFC Ed.: remove this section before publication. 7.1. 00-01 o added configuration-source identities o added configuration-source leaf to ntp and dns (via grouping) to choose configuration source @@ -1412,40 +1427,45 @@ o updated the Security Considerations section with a reference to NACM. 7.8. 07-08 o renamed the DNS transport to 'udp-and-tcp' and added references. o moved the operational state nodes into /system-state. +7.9. 08-09 + + o made "ntp" node a presence container + + o added reference to RFC 6151 + + o updated reference from 6021-bis to RFC 6991 + + o cleaned up usage of config false in the YANG module + 8. References 8.1. Normative References [FIPS.180-3.2008] National Institute of Standards and Technology, "Secure Hash Standard", FIPS PUB 180-3, October 2008, . [I-D.ietf-netmod-iana-timezones] Lange, J., "IANA Timezone Database YANG Module", draft-ietf-netmod-iana-timezones-00 (work in progress), July 2012. - [I-D.ietf-netmod-rfc6021-bis] - Schoenwaelder, J., "Common YANG Data Types", - draft-ietf-netmod-rfc6021-bis-03 (work in progress), - June 2013. - [IEEE-1003.1-2008] Institute of Electrical and Electronics Engineers, "POSIX.1-2008", IEEE Standard 1003.1, March 2008. [RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987. [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992. @@ -1470,31 +1490,38 @@ User Service (RADIUS) Authorization for Network Access Server (NAS) Management", RFC 5607, July 2009. [RFC5966] Bellis, R., "DNS Transport over TCP - Implementation Requirements", RFC 5966, August 2010. [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)", RFC 6020, October 2010. + [RFC6151] Turner, S. and L. Chen, "Updated Security Considerations + for the MD5 Message-Digest and the HMAC-MD5 Algorithms", + RFC 6151, March 2011. + [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, June 2011. [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure Shell (SSH)", RFC 6242, June 2011. [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration Protocol (NETCONF) Access Control Model", RFC 6536, March 2012. + [RFC6991] Schoenwaelder, J., "Common YANG Data Types", RFC 6991, + July 2013. + 8.2. Informative References [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004. [RFC6557] Lear, E. and P. Eggert, "Procedures for Maintaining the Time Zone Database", BCP 175, RFC 6557, February 2012. Authors' Addresses