Gitiles
Code Review Sign In
gerrit.cesnet.cz / CzechLight / velia / 82e41c3ce331ff288689124e4892a54f793551e9 / . / yang / czechlight-system@2022-07-08.yang
blob: 98fade2288ae08e7b3d88854f2cf67571657b6f4 [file] [log] [blame]
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]1module czechlight-system {
2 yang-version 1.1;
3 namespace
4 "http://czechlight.cesnet.cz/yang/czechlight-system";
5
6 prefix "cla-sys";
7
Tomáš Peckae566fd42024-01-02 17:00:10 +0100[diff] [blame]8 import ietf-inet-types {
9 prefix inet;
10 }
11
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]12 import ietf-yang-types {
13 prefix yang;
14 }
15
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]16 import ietf-netconf-acm {
17 prefix nacm;
18 }
19
Jan Kundrát9eea4ba2021-02-19 01:05:25 +0100[diff] [blame]20 import ietf-system {
21 prefix "sys";
22 }
23
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]24 organization "CESNET";
25 contact "photonic@cesnet.cz";
26 description
27 "YANG model for system administration in Czechlight devices.";
28
29 revision 2021-01-13 {
30 description "Initial release";
31 }
32
Jan Kundrát7a30cf42022-07-12 22:24:09 +0200[diff] [blame]33 revision 2022-07-08 {
34 description "Extended firmware slot properties and actions";
35 }
36
Tomáš Peckab6c06e12021-04-20 20:09:44 +0200[diff] [blame]37 typedef percent {
38 type uint8 {
39 range "0 .. 100";
40 }
41 }
42
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]43 container firmware {
44 config false;
45
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]46 list firmware-slot {
47 key name;
48
49 leaf name {
50 description "Identifier of the slot.";
51 type string;
52 }
53
54 leaf version {
55 description "Firmware version installed in the slot.";
56 type string;
57 }
58
59 leaf installed {
60 description "Datetime of the last installation performed in this slot.";
61 type yang:date-and-time;
62 }
63
Jan Kundrát58b39ae2022-07-08 18:54:10 +0200[diff] [blame]64 leaf is-booted-now {
65 description "Is the system running from this slot?";
66 type boolean;
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]67 }
68
Jan Kundrát58b39ae2022-07-08 18:54:10 +0200[diff] [blame]69 leaf is-healthy {
70 description "Only healthy slots are considered for booting. Slots which failed during a boot are marked as non-healthy.";
71 type boolean;
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]72 }
Jan Kundráte55b56b2022-07-13 12:51:44 +0200[diff] [blame]73
74 leaf will-boot-next {
75 description "Is this slot selected for booting after the next reboot?";
76 type boolean;
77 }
Jan Kundrát3795cab2022-07-13 18:08:19 +0200[diff] [blame]78
79 action set-active-after-reboot {
80 description "Schedule this slot for activation after the next reboot";
81 }
82
83 action set-unhealthy {
84 description "Mark this slot as having faulted during the last boot";
85 }
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]86 }
87
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]88 container installation {
89 leaf status {
90 description "Informs about the status of the current (or last) installation.";
91
92 type enumeration {
93 enum none;
94 enum in-progress;
95 enum succeeded;
96 enum failed;
97 }
98 }
99
100 leaf message {
101 description "The last message from the installation process. This MAY contain the last error message.";
102 type string;
103 }
104
105 notification update {
106 description "Notifies clients about installation progress.";
107
108 leaf message {
109 description "Progress status.";
110 type string;
111 }
112
113 leaf progress {
114 description "Progress of the installation in percents.";
115
116 type int8 {
117 range "0 .. 100";
118 }
119 }
120 }
121
122 action install {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]123 nacm:default-deny-all;
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]124 description "Download and install a new firmware image to the inactive FW slot";
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]125 input {
126 leaf url {
127 description "URL or path to the new firmware.";
128 type string;
129 mandatory true;
130 }
131 }
132 }
133 }
134 }
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]135
136 typedef username-type {
137 type string {
138 pattern "[a-z][a-z0-9-]{0,30}";
139 }
140 }
141
Václav Kubernátac257f32021-02-08 19:24:52 +0100[diff] [blame]142 typedef password-type {
143 type string {
144 pattern "[^\\r\\n]*";
145 }
146 }
147
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]148 grouping authentication-rpc-result {
149 leaf result {
150 mandatory true;
151 type enumeration {
152 enum success;
153 enum failure;
154 }
155 }
156
157 leaf message {
158 description "Can be used to supply and error message.";
159 type string;
160 }
161 }
162
163 typedef authorized-key-format {
164 description "Pubkey in the authorized_keys format for sshd.";
165 type string;
166 }
167
168
169 container authentication {
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]170 description "User management";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]171 list users {
172 config false;
173 key 'name';
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]174 description "All user accounts which are configured in the Linux system";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]175
176 leaf name {
177 type username-type;
178 }
179
180 leaf password-last-change {
181 type string;
182 }
183
184 list authorized-keys {
185 key 'index';
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]186 description "List of SSH keys which are recognized for this user";
187
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]188 leaf index {
189 type int32;
190 }
191
192 leaf public-key {
193 mandatory true;
194 type authorized-key-format;
195 }
196
197 action remove {
Jan Kundrát7311fa92021-12-04 15:27:36 +0100[diff] [blame]198 nacm:default-deny-all;
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]199 description "Remove the selected SSH authentication key of the selected user";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]200 output {
201 uses authentication-rpc-result;
202 }
203 }
204 }
205
206 action change-password {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]207 nacm:default-deny-all;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]208 input {
209 leaf password-cleartext {
210 mandatory true;
211 description "This is supposed to be a plaintext password. Make sure it's not logged anywhere.";
Václav Kubernátac257f32021-02-08 19:24:52 +0100[diff] [blame]212 type password-type;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]213 }
214 }
215
216 output {
217 uses authentication-rpc-result;
218 }
219 }
220
221 action add-authorized-key {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]222 nacm:default-deny-all;
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]223 description "Add a new SSH public key for authentication as the selected user";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]224 input {
225 leaf key {
226 mandatory true;
227 type authorized-key-format;
228 }
229 }
230
231 output {
232 uses authentication-rpc-result;
233 }
234 }
235 }
236 }
Tomáš Peckad26a3ce2021-02-15 20:39:26 +0100[diff] [blame]237
Tomáš Peckab6c06e12021-04-20 20:09:44 +0200[diff] [blame]238 container leds {
239 config false;
240 description "Current status of LEDs.";
241
242 list led {
243 key 'name';
244
245 leaf name {
246 type string;
247 description "Name of the LED";
248 }
249
250 leaf brightness {
251 mandatory true;
252 description "Current brightness of the LED in percents of the maximal possible brightness of the LED.";
253 type percent;
254 }
255 }
Tomáš Pecka5be83e42021-04-21 17:26:40 +0200[diff] [blame]256
257 action uid {
258 input {
259 leaf state {
260 mandatory true;
261 description "Change state of the UID led (turn off, on, or keep blinking).";
262 type enumeration {
263 enum off;
264 enum on;
265 enum blinking;
266 }
267 }
268 }
269 }
Tomáš Peckab6c06e12021-04-20 20:09:44 +0200[diff] [blame]270 }
271
Tomáš Peckae566fd42024-01-02 17:00:10 +0100[diff] [blame]272 container journal-upload {
273 presence "Enable systemd-journal-upload service";
274 description "Configures systemd-journal-upload.service. If the container is present,
275 then systemd-journal-upload service is set up with the URL composed of
276 the leafs in this container. See --url in
277 https://www.freedesktop.org/software/systemd/man/252/systemd-journal-upload.service.html";
278
279 leaf protocol {
280 type enumeration {
281 enum "http";
282 enum "https";
283 }
284
285 default "https";
286 description "Sets the URL protocol. See --url in https://www.freedesktop.org/software/systemd/man/252/systemd-journal-upload.service.html";
287 }
288
289 leaf host {
290 mandatory true;
291 type inet:host;
292 description "Sets the host. See --url in https://www.freedesktop.org/software/systemd/man/252/systemd-journal-upload.service.html";
293 }
294
295 leaf port {
296 type inet:port-number;
297 default "19532";
298 description "Sets the port. See --url in https://www.freedesktop.org/software/systemd/man/252/systemd-journal-upload.service.html";
299 }
300 }
301
Jan Kundrát9eea4ba2021-02-19 01:05:25 +0100[diff] [blame]302 deviation /sys:system-shutdown { deviate not-supported; }
Tomáš Pecka79344c82021-09-16 18:25:59 +0200[diff] [blame]303 deviation /sys:system/sys:dns-resolver { deviate add { config false; } }
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]304}