Gitiles
Code Review Sign In
gerrit.cesnet.cz / CzechLight / velia / b5fa10b532334f5070061a96a1c43fc849cf649c / . / yang / czechlight-system@2021-01-13.yang
blob: 3de55a89d3910d5702c29bf639eca406be2cc875 [file] [log] [blame]
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]1module czechlight-system {
2 yang-version 1.1;
3 namespace
4 "http://czechlight.cesnet.cz/yang/czechlight-system";
5
6 prefix "cla-sys";
7
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]8 import ietf-yang-types {
9 prefix yang;
10 }
11
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]12 import ietf-netconf-acm {
13 prefix nacm;
14 }
15
Jan Kundrát9eea4ba2021-02-19 01:05:25 +0100[diff] [blame]16 import ietf-system {
17 prefix "sys";
18 }
19
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]20 organization "CESNET";
21 contact "photonic@cesnet.cz";
22 description
23 "YANG model for system administration in Czechlight devices.";
24
25 revision 2021-01-13 {
26 description "Initial release";
27 }
28
29 container firmware {
30 config false;
31
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]32 list firmware-slot {
33 key name;
34
35 leaf name {
36 description "Identifier of the slot.";
37 type string;
38 }
39
40 leaf version {
41 description "Firmware version installed in the slot.";
42 type string;
43 }
44
45 leaf installed {
46 description "Datetime of the last installation performed in this slot.";
47 type yang:date-and-time;
48 }
49
50 leaf state {
51 description "Current state of the slot.";
52 type enumeration {
53 enum inactive;
54 enum booted;
55 }
56 }
57
58 leaf boot-status {
59 description "Boot status.";
60 type enumeration {
61 enum good;
62 enum bad;
63 }
64 }
65 }
66
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]67 container installation {
68 leaf status {
69 description "Informs about the status of the current (or last) installation.";
70
71 type enumeration {
72 enum none;
73 enum in-progress;
74 enum succeeded;
75 enum failed;
76 }
77 }
78
79 leaf message {
80 description "The last message from the installation process. This MAY contain the last error message.";
81 type string;
82 }
83
84 notification update {
85 description "Notifies clients about installation progress.";
86
87 leaf message {
88 description "Progress status.";
89 type string;
90 }
91
92 leaf progress {
93 description "Progress of the installation in percents.";
94
95 type int8 {
96 range "0 .. 100";
97 }
98 }
99 }
100
101 action install {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]102 nacm:default-deny-all;
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]103 input {
104 leaf url {
105 description "URL or path to the new firmware.";
106 type string;
107 mandatory true;
108 }
109 }
110 }
111 }
112 }
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]113
114 typedef username-type {
115 type string {
116 pattern "[a-z][a-z0-9-]{0,30}";
117 }
118 }
119
Václav Kubernátac257f32021-02-08 19:24:52 +0100[diff] [blame]120 typedef password-type {
121 type string {
122 pattern "[^\\r\\n]*";
123 }
124 }
125
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]126 grouping authentication-rpc-result {
127 leaf result {
128 mandatory true;
129 type enumeration {
130 enum success;
131 enum failure;
132 }
133 }
134
135 leaf message {
136 description "Can be used to supply and error message.";
137 type string;
138 }
139 }
140
141 typedef authorized-key-format {
142 description "Pubkey in the authorized_keys format for sshd.";
143 type string;
144 }
145
146
147 container authentication {
148 list users {
149 config false;
150 key 'name';
151
152 leaf name {
153 type username-type;
154 }
155
156 leaf password-last-change {
157 type string;
158 }
159
160 list authorized-keys {
161 key 'index';
162 leaf index {
163 type int32;
164 }
165
166 leaf public-key {
167 mandatory true;
168 type authorized-key-format;
169 }
170
171 action remove {
172 output {
173 uses authentication-rpc-result;
174 }
175 }
176 }
177
178 action change-password {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]179 nacm:default-deny-all;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]180 input {
181 leaf password-cleartext {
182 mandatory true;
183 description "This is supposed to be a plaintext password. Make sure it's not logged anywhere.";
Václav Kubernátac257f32021-02-08 19:24:52 +0100[diff] [blame]184 type password-type;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]185 }
186 }
187
188 output {
189 uses authentication-rpc-result;
190 }
191 }
192
193 action add-authorized-key {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]194 nacm:default-deny-all;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]195 input {
196 leaf key {
197 mandatory true;
198 type authorized-key-format;
199 }
200 }
201
202 output {
203 uses authentication-rpc-result;
204 }
205 }
206 }
207 }
Tomáš Peckad26a3ce2021-02-15 20:39:26 +0100[diff] [blame]208
209 container networking {
210 container standalone-eth1 {
211 presence "Presence of this container should make eth1 network interface standalone (not in any bridge).";
212 }
213 }
Jan Kundrát9eea4ba2021-02-19 01:05:25 +0100[diff] [blame]214
215 deviation /sys:system-shutdown { deviate not-supported; }
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]216}