Gitiles
Code Review Sign In
gerrit.cesnet.cz / CzechLight / velia / 14baf2e45279c9d63ac06a58fb87b047e2ddaf4d / . / yang / czechlight-system@2021-01-13.yang
blob: eac3a3f0934ca3674834e0114663df281e27c1d7 [file] [log] [blame]
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]1module czechlight-system {
2 yang-version 1.1;
3 namespace
4 "http://czechlight.cesnet.cz/yang/czechlight-system";
5
6 prefix "cla-sys";
7
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]8 import ietf-yang-types {
9 prefix yang;
10 }
11
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]12 import ietf-netconf-acm {
13 prefix nacm;
14 }
15
Jan Kundrát9eea4ba2021-02-19 01:05:25 +0100[diff] [blame]16 import ietf-system {
17 prefix "sys";
18 }
19
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]20 organization "CESNET";
21 contact "photonic@cesnet.cz";
22 description
23 "YANG model for system administration in Czechlight devices.";
24
25 revision 2021-01-13 {
26 description "Initial release";
27 }
28
Tomáš Peckab6c06e12021-04-20 20:09:44 +0200[diff] [blame]29 typedef percent {
30 type uint8 {
31 range "0 .. 100";
32 }
33 }
34
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]35 container firmware {
36 config false;
37
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]38 list firmware-slot {
39 key name;
40
41 leaf name {
42 description "Identifier of the slot.";
43 type string;
44 }
45
46 leaf version {
47 description "Firmware version installed in the slot.";
48 type string;
49 }
50
51 leaf installed {
52 description "Datetime of the last installation performed in this slot.";
53 type yang:date-and-time;
54 }
55
56 leaf state {
57 description "Current state of the slot.";
58 type enumeration {
59 enum inactive;
60 enum booted;
61 }
62 }
63
64 leaf boot-status {
65 description "Boot status.";
66 type enumeration {
67 enum good;
68 enum bad;
69 }
70 }
71 }
72
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]73 container installation {
74 leaf status {
75 description "Informs about the status of the current (or last) installation.";
76
77 type enumeration {
78 enum none;
79 enum in-progress;
80 enum succeeded;
81 enum failed;
82 }
83 }
84
85 leaf message {
86 description "The last message from the installation process. This MAY contain the last error message.";
87 type string;
88 }
89
90 notification update {
91 description "Notifies clients about installation progress.";
92
93 leaf message {
94 description "Progress status.";
95 type string;
96 }
97
98 leaf progress {
99 description "Progress of the installation in percents.";
100
101 type int8 {
102 range "0 .. 100";
103 }
104 }
105 }
106
107 action install {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]108 nacm:default-deny-all;
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]109 description "Download and install a new firmware image to the inactive FW slot";
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]110 input {
111 leaf url {
112 description "URL or path to the new firmware.";
113 type string;
114 mandatory true;
115 }
116 }
117 }
118 }
119 }
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]120
121 typedef username-type {
122 type string {
123 pattern "[a-z][a-z0-9-]{0,30}";
124 }
125 }
126
Václav Kubernátac257f32021-02-08 19:24:52 +0100[diff] [blame]127 typedef password-type {
128 type string {
129 pattern "[^\\r\\n]*";
130 }
131 }
132
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]133 grouping authentication-rpc-result {
134 leaf result {
135 mandatory true;
136 type enumeration {
137 enum success;
138 enum failure;
139 }
140 }
141
142 leaf message {
143 description "Can be used to supply and error message.";
144 type string;
145 }
146 }
147
148 typedef authorized-key-format {
149 description "Pubkey in the authorized_keys format for sshd.";
150 type string;
151 }
152
153
154 container authentication {
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]155 description "User management";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]156 list users {
157 config false;
158 key 'name';
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]159 description "All user accounts which are configured in the Linux system";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]160
161 leaf name {
162 type username-type;
163 }
164
165 leaf password-last-change {
166 type string;
167 }
168
169 list authorized-keys {
170 key 'index';
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]171 description "List of SSH keys which are recognized for this user";
172
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]173 leaf index {
174 type int32;
175 }
176
177 leaf public-key {
178 mandatory true;
179 type authorized-key-format;
180 }
181
182 action remove {
Jan Kundrát7311fa92021-12-04 15:27:36 +0100[diff] [blame]183 nacm:default-deny-all;
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]184 description "Remove the selected SSH authentication key of the selected user";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]185 output {
186 uses authentication-rpc-result;
187 }
188 }
189 }
190
191 action change-password {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]192 nacm:default-deny-all;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]193 input {
194 leaf password-cleartext {
195 mandatory true;
196 description "This is supposed to be a plaintext password. Make sure it's not logged anywhere.";
Václav Kubernátac257f32021-02-08 19:24:52 +0100[diff] [blame]197 type password-type;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]198 }
199 }
200
201 output {
202 uses authentication-rpc-result;
203 }
204 }
205
206 action add-authorized-key {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]207 nacm:default-deny-all;
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]208 description "Add a new SSH public key for authentication as the selected user";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]209 input {
210 leaf key {
211 mandatory true;
212 type authorized-key-format;
213 }
214 }
215
216 output {
217 uses authentication-rpc-result;
218 }
219 }
220 }
221 }
Tomáš Peckad26a3ce2021-02-15 20:39:26 +0100[diff] [blame]222
Tomáš Peckab6c06e12021-04-20 20:09:44 +0200[diff] [blame]223 container leds {
224 config false;
225 description "Current status of LEDs.";
226
227 list led {
228 key 'name';
229
230 leaf name {
231 type string;
232 description "Name of the LED";
233 }
234
235 leaf brightness {
236 mandatory true;
237 description "Current brightness of the LED in percents of the maximal possible brightness of the LED.";
238 type percent;
239 }
240 }
Tomáš Pecka5be83e42021-04-21 17:26:40 +0200[diff] [blame]241
242 action uid {
243 input {
244 leaf state {
245 mandatory true;
246 description "Change state of the UID led (turn off, on, or keep blinking).";
247 type enumeration {
248 enum off;
249 enum on;
250 enum blinking;
251 }
252 }
253 }
254 }
Tomáš Peckab6c06e12021-04-20 20:09:44 +0200[diff] [blame]255 }
256
Jan Kundrát9eea4ba2021-02-19 01:05:25 +0100[diff] [blame]257 deviation /sys:system-shutdown { deviate not-supported; }
Tomáš Pecka79344c82021-09-16 18:25:59 +0200[diff] [blame]258 deviation /sys:system/sys:dns-resolver { deviate add { config false; } }
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]259}