Gitiles
Code Review Sign In
gerrit.cesnet.cz / CzechLight / velia / refs/heads/master / . / yang / czechlight-system@2022-07-08.yang
blob: 63278363de99a888c2ddf849b7293e224cfbf1c4 [file] [log] [blame]
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]1module czechlight-system {
2 yang-version 1.1;
3 namespace
4 "http://czechlight.cesnet.cz/yang/czechlight-system";
5
6 prefix "cla-sys";
7
Tomáš Peckae566fd42024-01-02 17:00:10 +0100[diff] [blame]8 import ietf-inet-types {
9 prefix inet;
10 }
11
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]12 import ietf-yang-types {
13 prefix yang;
14 }
15
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]16 import ietf-netconf-acm {
17 prefix nacm;
18 }
19
Jan Kundrát9eea4ba2021-02-19 01:05:25 +0100[diff] [blame]20 import ietf-system {
21 prefix "sys";
22 }
23
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]24 organization "CESNET";
25 contact "photonic@cesnet.cz";
26 description
27 "YANG model for system administration in Czechlight devices.";
28
29 revision 2021-01-13 {
30 description "Initial release";
31 }
32
Jan Kundrát7a30cf42022-07-12 22:24:09 +0200[diff] [blame]33 revision 2022-07-08 {
34 description "Extended firmware slot properties and actions";
35 }
36
Tomáš Peckab6c06e12021-04-20 20:09:44 +0200[diff] [blame]37 typedef percent {
38 type uint8 {
39 range "0 .. 100";
40 }
41 }
42
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]43 container firmware {
44 config false;
45
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]46 list firmware-slot {
47 key name;
48
49 leaf name {
50 description "Identifier of the slot.";
51 type string;
52 }
53
54 leaf version {
55 description "Firmware version installed in the slot.";
56 type string;
57 }
58
59 leaf installed {
60 description "Datetime of the last installation performed in this slot.";
61 type yang:date-and-time;
62 }
63
Jan Kundrát58b39ae2022-07-08 18:54:10 +0200[diff] [blame]64 leaf is-booted-now {
65 description "Is the system running from this slot?";
66 type boolean;
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]67 }
68
Jan Kundrát58b39ae2022-07-08 18:54:10 +0200[diff] [blame]69 leaf is-healthy {
70 description "Only healthy slots are considered for booting. Slots which failed during a boot are marked as non-healthy.";
71 type boolean;
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]72 }
Jan Kundráte55b56b2022-07-13 12:51:44 +0200[diff] [blame]73
74 leaf will-boot-next {
75 description "Is this slot selected for booting after the next reboot?";
76 type boolean;
77 }
Jan Kundrát3795cab2022-07-13 18:08:19 +0200[diff] [blame]78
79 action set-active-after-reboot {
80 description "Schedule this slot for activation after the next reboot";
81 }
82
83 action set-unhealthy {
84 description "Mark this slot as having faulted during the last boot";
85 }
Tomáš Peckaad32af22021-01-27 17:39:57 +0100[diff] [blame]86 }
87
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]88 container installation {
89 leaf status {
90 description "Informs about the status of the current (or last) installation.";
91
92 type enumeration {
93 enum none;
94 enum in-progress;
95 enum succeeded;
96 enum failed;
97 }
98 }
99
100 leaf message {
101 description "The last message from the installation process. This MAY contain the last error message.";
102 type string;
103 }
104
105 notification update {
106 description "Notifies clients about installation progress.";
107
108 leaf message {
109 description "Progress status.";
110 type string;
111 }
112
113 leaf progress {
114 description "Progress of the installation in percents.";
115
116 type int8 {
117 range "0 .. 100";
118 }
119 }
120 }
121
122 action install {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]123 nacm:default-deny-all;
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]124 description "Download and install a new firmware image to the inactive FW slot";
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]125 input {
126 leaf url {
127 description "URL or path to the new firmware.";
128 type string;
129 mandatory true;
130 }
131 }
132 }
133 }
134 }
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]135
136 typedef username-type {
137 type string {
138 pattern "[a-z][a-z0-9-]{0,30}";
139 }
140 }
141
Václav Kubernátac257f32021-02-08 19:24:52 +0100[diff] [blame]142 typedef password-type {
143 type string {
144 pattern "[^\\r\\n]*";
145 }
146 }
147
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]148 grouping authentication-rpc-result {
149 leaf result {
150 mandatory true;
151 type enumeration {
152 enum success;
153 enum failure;
154 }
155 }
156
157 leaf message {
158 description "Can be used to supply and error message.";
159 type string;
160 }
161 }
162
163 typedef authorized-key-format {
164 description "Pubkey in the authorized_keys format for sshd.";
165 type string;
166 }
167
168
169 container authentication {
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]170 description "User management";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]171 list users {
172 config false;
173 key 'name';
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]174 description "All user accounts which are configured in the Linux system";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]175
176 leaf name {
177 type username-type;
178 }
179
180 leaf password-last-change {
Tomáš Pecka3414e432024-01-17 19:11:39 +0100[diff] [blame]181 nacm:default-deny-all;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]182 type string;
183 }
184
185 list authorized-keys {
Tomáš Pecka3414e432024-01-17 19:11:39 +0100[diff] [blame]186 nacm:default-deny-all;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]187 key 'index';
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]188 description "List of SSH keys which are recognized for this user";
189
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]190 leaf index {
191 type int32;
192 }
193
194 leaf public-key {
195 mandatory true;
196 type authorized-key-format;
197 }
198
199 action remove {
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]200 description "Remove the selected SSH authentication key of the selected user";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]201 output {
202 uses authentication-rpc-result;
203 }
204 }
205 }
206
207 action change-password {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]208 nacm:default-deny-all;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]209 input {
210 leaf password-cleartext {
211 mandatory true;
212 description "This is supposed to be a plaintext password. Make sure it's not logged anywhere.";
Václav Kubernátac257f32021-02-08 19:24:52 +0100[diff] [blame]213 type password-type;
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]214 }
215 }
216
217 output {
218 uses authentication-rpc-result;
219 }
220 }
221
222 action add-authorized-key {
Václav Kubernát4107b782021-02-18 05:40:01 +0100[diff] [blame]223 nacm:default-deny-all;
Jan Kundrát13b13592021-12-04 15:28:44 +0100[diff] [blame]224 description "Add a new SSH public key for authentication as the selected user";
Václav Kubernát59c19c12021-01-26 08:48:11 +0100[diff] [blame]225 input {
226 leaf key {
227 mandatory true;
228 type authorized-key-format;
229 }
230 }
231
232 output {
233 uses authentication-rpc-result;
234 }
235 }
236 }
237 }
Tomáš Peckad26a3ce2021-02-15 20:39:26 +0100[diff] [blame]238
Tomáš Peckab6c06e12021-04-20 20:09:44 +0200[diff] [blame]239 container leds {
240 config false;
241 description "Current status of LEDs.";
242
243 list led {
244 key 'name';
245
246 leaf name {
247 type string;
248 description "Name of the LED";
249 }
250
251 leaf brightness {
252 mandatory true;
253 description "Current brightness of the LED in percents of the maximal possible brightness of the LED.";
254 type percent;
255 }
256 }
Tomáš Pecka5be83e42021-04-21 17:26:40 +0200[diff] [blame]257
258 action uid {
259 input {
260 leaf state {
261 mandatory true;
262 description "Change state of the UID led (turn off, on, or keep blinking).";
263 type enumeration {
264 enum off;
265 enum on;
266 enum blinking;
267 }
268 }
269 }
270 }
Tomáš Peckab6c06e12021-04-20 20:09:44 +0200[diff] [blame]271 }
272
Tomáš Peckae566fd42024-01-02 17:00:10 +0100[diff] [blame]273 container journal-upload {
274 presence "Enable systemd-journal-upload service";
275 description "Configures systemd-journal-upload.service. If the container is present,
276 then systemd-journal-upload service is set up with the URL composed of
277 the leafs in this container. See --url in
278 https://www.freedesktop.org/software/systemd/man/252/systemd-journal-upload.service.html";
279
280 leaf protocol {
281 type enumeration {
282 enum "http";
283 enum "https";
284 }
285
286 default "https";
287 description "Sets the URL protocol. See --url in https://www.freedesktop.org/software/systemd/man/252/systemd-journal-upload.service.html";
288 }
289
290 leaf host {
291 mandatory true;
292 type inet:host;
293 description "Sets the host. See --url in https://www.freedesktop.org/software/systemd/man/252/systemd-journal-upload.service.html";
294 }
295
296 leaf port {
297 type inet:port-number;
298 default "19532";
299 description "Sets the port. See --url in https://www.freedesktop.org/software/systemd/man/252/systemd-journal-upload.service.html";
300 }
301 }
302
Jan Kundrát9eea4ba2021-02-19 01:05:25 +0100[diff] [blame]303 deviation /sys:system-shutdown { deviate not-supported; }
Tomáš Pecka79344c82021-09-16 18:25:59 +0200[diff] [blame]304 deviation /sys:system/sys:dns-resolver { deviate add { config false; } }
Tomáš Pecka9a02c3f2021-01-21 15:27:22 +0100[diff] [blame]305}