Yuma User Manual
Contents
1. The mandatory statement indicates that the choice list or leaf must be provided by the client It will not be created by the server Most parameters are not mandatory however so the default is false if this Page 17 Version 2 2 Yuma User Manual statement is missing max elements number unbounded Specifies the maximum number of instances that a list or leaf list object can have in a valid database The default is unbounded if this statement is not present min elements number Specifies the minimum number of instances that a list or leaf list object must have in a valid database The default is zero if this statement is not present must xpath expr If the object containing the must statement exists then the XPath expression must evaluate to true for the database to be valid This provides referential integrity checks among related parameters pattern pattern string The pattern statement specifies a regular expression that must evaluate to true in order for the corresponding string leaf or leaf list object to be valid Multiple patterns encountered in a nested typedef chain must all evaluate to true for the object to be valid range range spec string The type statement can specify the range of a numeric type Since typedefs can be nested in YANG the range statements are nested also and constitute an AND expression i e all the range tests must pass in th2. If the subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched 3 The HOME modules directory is checked If the subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched 4 The YUMA_HOME modules directory is checked If the subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched 5 The YUMA_INSTALL modules directory is checked If the subdirs fasle parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched Data Search Path Yuma programs can store data used during operation An example of a data file is the startup configuration file used by netconfd usually called startup cfg xml 1 If the file name has an absolute path specification then that exact file location is tried If no match is found then the search will terminate in failure 2 Each directory specified in the YUMA_DATAPATH environment variable or set with the datapath configuration parameter is checked 1 If the subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched The current working directory is checked No sub directories are che
3. format copy The NETCONF client is an application that initiates and utilizes NETCONF sessions to control and monitor a NETCONF server Yuma includes the yangcli application for this purpose It can be used as a stand alone tool with any NETCONF server Page 23 Version 2 2 Yuma User Manual The NETCONF server is a server application that is always running on the managed device It listens for NETCONF session requests from a NETCONF client and allows specific users to access specific subsets of the available content operations database access and notifications It processes all incoming protocol operation requests from the client and insulates all the instrumentation code from these protocol operations Yuma includes the netconfd application for this purpose It can be run on several different platforms or easily adapted to embedded platforms Page 24 Version 2 2 Yuma User Manual 4 System Configuration The Yuma programs use YANG to define its configuration parameters The ncx cli extension is used within a container with the same name as the program to define all CLI parameters Some parameters are shared see yuma app common yang so they are not located directly in the container container yangcli nex cli yangcli CLI parameters defined as choices and leafs here The following YANG modules are provided which contain all the configuration parameters for Yuma yuma types yang contains common data types use
4. 359 360 361 362 363 364 365 366 367 368 369 370 371 512 373 374 Bus 376 Bo 378 379 380 381 382 383 384 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 Yuma User Manual leafref path loop variable not found variable is read only decimal64 base number overflow decimal64 fraction precision overflow when stmt tested false no matches found missing refine target candidate cannot be locked discard changes needed timeout occurred multiple module revisions exist XPath result not a nodeset XPath node set result is empty node is protected by a partial lock cannot perform the operation with confirmed commit pending cannot directly load a submodule cannot write to a read only object cannot write to this configuration directly YANG file missing right brace invalid protocol framing characters received base 1 1 protocol not enabled persistent confirmed commit not active multiple matches found no schema default for this node expected key leaf in list top level mandatory objects are not allowed duplicate source include file not found invalid command line value invalid command line option command line option unknown invalid command line syntax missing command line value invalid form input invalid form no instance found session closed by remote peer duplicate import duplicate
5. sys system gt lt nc get gt lt nc rpc gt Note the text xmlns sys http netconfcentral org ns yuma system This xmins attribute does not have to appear exactly as specified or within the lt rpc gt element It can appear in any legal manner Refer to the XML Namespaces 1 0 specification for more details Example request not using XML namespaces in an XPath expression lt xml version 1 0 encoding UTF 8 gt lt nc rpc xmlns nc urn ietf params xml ns netconf base 1 0 Page 42 Version 2 2 Yuma User Manual message id 3 gt lt nc get gt lt nc filter type xpath select system gt lt nc get gt lt nc rpc gt If the yuma system yang module is loaded within the program and if the system node is enabled e g not removed via a YANG deviation then the XML prefix sys in this example can be omitted The YANG language requires some minor changes and additions to the XPath 1 0 specification The current function from XPath 2 0 is supported The NULL XML namespace is mapped to the current YANG module XML namespace when processing an XPath expression within a YANG module e g must statement A NETCONF database is treated as a conceptual XML instance document with zero or more top level elements This is consistent with XSLT behavior XML 1 0 requires a single top level element so external XML documents representing a NETCONF database always start with the lt nc config gt eleme
6. or just whitespace with no equals sign character 4 value a quoted or unquoted string an empty string is only allowed if quotes are entered The following example shows some ways the leaf foo could be entered as a CLI parameter leaf foo type uint32 foo 7 fo0 7 f00 7 foo foo 7 foo 7 foo foo 7 foo 7 foo 7 The nex cli extension is used in in YANG container definitions which represent the program CLI parameters not NETCONF database parameters It does not take any parameters and is defined in yuma ncx yang container yangcli nex cli all the yangcli CLI parameters If this extension is present then netconfd will ignore the container when loading the database object definitions Only the program with the same name as the container will use the CLI parameter definition The ncx default parm extension is used within a container with an nex cli extension or within an input section of an RPC operation definition It is defined in yuma ncx yang Page 40 Version 2 2 Yuma User Manual If no parameter name is found when processing CLI parameter input and the ncx default parm extension is present in the container or RPC input being processed then the specified parameter name will be used instead of generating an error The value must be valid for the parameter syntax according to its YANG definition This means that for the default parameter only the lt value gt component of the complete pa
7. a complete network management system and development environment which implements the following standards e Network Configuration Protocol RFC 4741 e NETCONF over SSH RFC 4742 NETCONF Notifications RFC 5277 e Partial Lock RPC for NETCONF RFC 5717 e YANG Data Modeling Language RFC 6020 Common YANG Data Types RFC 6021 NETCONF Monitoring Schema RFC 6022 e With defaults capability for NETCONF RFC TBD e SSH2 RFC 4252 4254 e XML 1 0 e XPath 1 0 YANG Data modeling language RFC 6020 The following programs are included in the Yuma suite yangdump validates YANG modules and uses them to generate other formats such as HTML XSD SQL and C source code e yangdiff reports semantic differences between two revisions of a YANG module and generates YANG revision statements e yangcli NETCONF over SSH client providing a simple but powerful command line interface for management of any NETCONF content defined in YANG netconfd NETCONF over SSH server providing complete and automated support for the YANG content accessible with the NETCONF protocol e netconf subsystem thin client used to allow OpenSSH to communicate with the netconfd program This is documented as part of the netconfd program since they must be used together Although any arbitrary YANG file can be automatically supported by Yuma the following content YANG modules is built into the netconfd server and supported by the
8. allowed rights gt lt nacm allowed group gt nacm admin lt nacm allowed group gt lt nacm moduleRule gt lt nacm rules gt lt nacm nacm gt lt nd config gt The Yuma text configuration file format is based on some common Unix conf file formats A hash mark until EOLN is treated as a comment this is a comment log level info this is also a comment e All text is case sensitive e Whitespace before or within a line is not significant The end a line EOLN character n is used to end a command so whitespace at the end of a line is significant e To enter a command on multiple lines use an escaped EOLN backslash EOLN for all but the last line Page 37 Version 2 2 Yuma User Manual this is a command line this is the start of a long three line command this is a new command A YANG container parameter is represented by the container name followed by a left curly brace zero or more child nodes and then a right curly brace yangdump set some display control parameters log level debug2 warn linelen 72 indent 4 A YANG list parameter is represented by the list name followed by a whitespace separated sequence of key leaf values followed by a left curly brace zero or more child nodes and then a right curly brace ifStackEntry 11 42 the key leafs will also printed here ifStackHigherLayer 11 ifStackLowerLayer 42 ifStackStatus active e Configura
9. and tutorials on YANG free YANG tools for download NETCONF Working Group Wiki Page o http trac tools ietf org wg netconf trac wiki o Free information on NETCONF standardization activities and NETCONF implementations NETCONF WG Status Page o http tools ietf org wg netconf o IETF Internet draft status for NETCONF documents libsmi Home Page o http www ibr cs tu bs de projects libsmi o Free tools such as smidump to convert SMlv2 to YANG NETCONF Working Group o http www ietf org html charters netconf charter html o Technical issues related to the NETCONF protocol are discussed on the NETCONF WG mailing list Refer to the instructions on the WEB page for joining the mailing list NETMOD Working Group o http www ietf org html charters netmod charter html o Technical issues related to the YANG language and YANG data types are discussed on the NETMOD WG mailing list Refer to the instructions on the WEB page for joining the mailing list The following formatting conventions are used throughout this document Documentation Conventions Convention Description foo CLI parameter foo lt foo gt XML parameter foo foo yangcli command or parameter FOO Environment variable FOO foo yangcli global variable foo some text Example command or PDU some text Plain text Page 4 Version 2 2 Yuma User Manual 2 Summary 2 1 What is Yuma Yuma is a set of programs providing
10. command line history file for yangcli The search paths used to find these files are discussed in detail in the System Configuration section Default Directory Layout startup cfg xml Module Revisions Page 21 Version 2 2 Yuma User Manual YANG has extensive module lifecycle support Each module or submodule has a revision date and multiple revisions of the same module or submodule may be used at once within the same server The YANG module repository is the authoritative source of common management information for the netconfd server However different platform implementations of the same data model need to be adjusted slightly to reflect differences in the feature support available on each platform Yuma has an extensive set of mechanisms to automate the maintenance of these platform specific special requirements A single YANG module plus patches and deviations as needed for each platform can be published instead of a separate version of the YANG module for each platform Cooked Modules Platform X Platform X Platform X Language Extensions Enabled Features Object Deviations YANG module common source Platform X Platform X Platform X Enabled Capabilities Module Revision XPath Variables Platform specific schema created automatically Module Naming Conventions YANG module names are usually lower case Hyphen underscore _ and period characters are allowed after the first
11. data structures to actual XML documents for XPath processing All functionality defined in the XPath 1 0 specification is supported There are some restrictions which are specific to the YANG standard The attribute and processing instruction axes are always empty YANG identityref leaf values need to be entered within quotes or they will be interpreted as XML qualified node names The server may not maintain consistent XML document order for system ordered data This affects expressions which rely on XML document order to be precise and completely static A NETCONF server is only required to maintain XML document order for user ordered lists and leaf lists and only relative to a particular object not the entire document The XPath implementation allows a more liberal syntax than the XPath 1 0 specification allows Specifically if a node identifier does is unqualified i e there is no namespace specified with a default namespace or an explicit namespace declaration then all known XML namespaces known by the program will be checked for a top level element with the same name If XML namespaces are used they must be used correctly Example request using XML namespaces in an XPath expression lt xml version 1 0 encoding UTF 8 gt lt nc rpc xmlns nc urn ietf params xml ns netconf base 1 0 message id 2 xmlns sys http netconfcentral org ns yuma system gt lt nc get gt lt nc filter type xpath select
12. digit unsigned integers in the range 1 to 999 The number O is reserved for the NO ERR constant which is the same as the lt ok gt status returned by the server Error Number Types range description 100 to 199 system errors 200 to 399 user errors 400 to 899 warnings 900 to 999 informational messages The current list of error numbers and default error messages can be obtained with the yangdump program show errors parameter The default error message can be replaced for some error conditions with the YANG error message statement The following list shows the default error messages for all error numbers currently in use yangdump errors and warnings yangdump 2 2 1 errors and warnings 0 ok 1 EOF reached 2 NULL pointer 3 malloc failed 4 invalid internal value 5 internal buffering failed 6 invalid queue deletion 7 wrong init sequence 8 queue node not header 9 queue node not data 10 invalid queue header 1 entry already queued 12 too many entries 13 libxml2 operation failed 100 cannot open file 101 cannot read file 102 cannot close file Page 46 Version 2 2 Page 47 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 Yuma User Manual cannot write file
13. dra a dae ci ada cb 43 5 4 1 module loaded O 43 54 2 Teature enablCd essas irao we oun a O 44 O coll 0 gel oa hl C Pee Re ene ee rr A A RR ae 46 a A A ABEL te A DST O Ses as 46 Page 2 Version 2 2 Yuma User Manual 1 Preface Copyright 2009 2012 Andy Bierman All Rights Reserved This document assumes you have successfully set up the software as described in the printed document Yuma Installation Guide Other documentation includes Yuma Quickstart Guide Yuma netconfd Manual Yuma yangcli Manual Yuma yangdiff Manual Yuma yangdump Manual Yuma Developer Manual To obtain additional support you may join the yuma users group on sourceforge net and send email to this e mail address yuma users lists sourceforge net The SourceForge net Support Page for Yuma can be found at this WEB page http sourceforge net projects yuma support There are several sources of free information and tools for use with YANG and or NETCONF The following section lists the resources available at this time Netconf Central o http www netconfcentral org o Yuma Home Page Free information on NETCONF and YANG tutorials on line YANG module validation and documentation database Yuma SourceFource OpenSource Project o http sourceforge net projects yuma Page 3 Version 2 2 Yuma User Manual Download Yuma source and binaries project forums and help Yang Central o http www yang central org o Free information
14. if entered from the command line log log messages to the specified file instead of STDOUT log level set the logging verbosity level log append use the existing log file if any instead of overwriting it modpath use the specified module search path This will override the YUMA_MODPATH environment variable if it is set yuma home use the specified project root This will override the YUMA HOME environment variable if it is set Refer to the Yuma CLI Reference for more details on these configuration parameters Command line parameters are used to provide input to Yuma programs when they are invoked They are also used extensively by the yangcli program to represent RPC method input parameters and database nodes which are part of NETCONF operation content such as the lt config gt parameter within the lt edit config gt operation A CLI parameter has 2 forms Parameter contains a YANG type of empty or a zero length string lt prefix gt lt parameter name gt Everything else lt prefix gt lt parameter name gt lt separator gt lt value gt Page 39 Version 2 2 Yuma User Manual There are up to 4 components in a CLI parameter 1 prefix consists of O 1 or 2 consecutive dash characters 2 parameter name name of the parameter A partial name may be used if it is unique 3 separator either consists of the equals sign character which may be preceded or followed by whitespace
15. import with different prefix value local typedef not used local grouping not used import not used duplicate unique stmt argument statement ignored duplicate include include not used revision date before 1970 revision date in the future enum value order bit position order invalid status for child node duplicate sibling node name from external augment duplicate if feature statement using deprecated definition XPath object predicate check limit reached empty XPath result in must or when expr no ancestor node available no parent node available no child node available no descendant node available Version 2 2 Yuma User Manual Page 51 Version 2 2
16. revision If no file name with the specified revision date value is found then the module search path is checked for a file with no revision date in the file name import foo prefix foo If the file foo yang is found then it is used regardless of the most current revision date if any found in the module If it is not found then the module search failed Note The first instance of foo yang in the module search path will be used even if a more current version is available later in the search path Yuma uses configurable search paths to find the various files that are needed during operation Module Search Path e If the module parameter is specified with a path or file suffix the that filespec is tried relative to the current working directory If it is not found or not the correct revision date then the search terminates in failure module test yang Page 33 Version 2 2 Yuma User Manual e If the module is specified without any path or file extension fields then the module search path is checked in order The first step which produces a match terminates the search successfully If all steps are exhauted and no match is found then the search terminates in failure module foo 1 The current working directory is checked No sub directories are checked if any are present 2 Each directory specified in the YUMA_MODPATH environment variable or set with the modpath configuration parameter is checked
17. that the database object is a very secure object Only the superuser will be allowed to access the object by default ncx xsdlist list type Declares that a string data type is really an XSD style list list type is a valid type name with optional YANG prefix List processing within lt edit config gt will be automatically handled by netconfd ncx xpath Declares that a string data type is really an XPath expression XML prefixes and all XPath processing will be done automatically by yangcli and netconfd The Yuma programs all use the same centralized YANG language parser The complete YANG language is supported as defined in the latest version draft ietf netmod yang 13 txt The file naming conventions defined in this specification must be used along with all the language definition rules Definitions can be contained in modules and or sub modules Any number of revisions of a module or submodule can be used concurrently The import by revision and include by revision features of YANG are fully supported Refer to the section Searching for Files for more details All extension usage within YANG files is supported and saved The application data is available to all Yuma programs including netconfd server instrumentation Refer to the YANG User Guide for details on writing YANG files and using the extensions built into Yuma Note The smidump is not part of Yuma but it can be utilized to convert M
18. 1 Environment Variables si Sievers asad cs oot id elm lular atu 25 4T SOME ds wt dare de ad ot ats E A da a iy Qa alate NDS DAS at 26 At GTM HOME as apos O PE EO PG ee 26 AS I Pie INSTALE ts otario pen UN Sere Rae de envied gat 27 4 Te STUMA MODA Tis ta A A Aa lend LA 27 AS ES A A O aa 28 4 1 6 MUMASRUNPA TH esos renacer ene ada Ge Ur a PD aR iste 29 4 2 Searching TOM FIOS ROS 29 4 21 Tuma Work Directory sema que ad aos elas te sealed sve odo cotas lcd o a in alte 31 4 2 2 Parameter SCAICNES ta dE AS AED A a ES 31 4 2 3 Importinelude Searches aviador Maen di 32 A mms ssa EIS Ea DUE R UG cat a sale PSD aaa ca aa ada oa wees 33 453 Configuration please da 35 4 3 1 XML Configuration FIOS ic i 36 4 32 Text C nfiguration RIOS ta A 37 4 4 Bootstrap Clic ai a a cauda 39 4 5 Configuration Para Mete Sicilia A ta et 39 4 5 1 Parameter A O e au ace ao a 39 a EXEONSIO N esee reesen nease eid so besides tweens ES ACASiNE dm ccakuuncaGetecasubel cent E Saia 40 4 5 3 ncx default parm EXESMSION assar asseio e va vey a ls 40 5 XPath ROTOLQNCE A 41 5 1 XPath IO cosewsrcesssarsanase nanii ada EA NEERA Load 42 DAME Nes Da CES nearer o E a A ade E ASEET 42 5 2 YANG Specific XPath Beni ER 43 Page 1 Version 2 2 Yuma User Manual 53 Custom XPath Wala OES usassem iunasuruhidba ieii cstdut lube de E KNN a 43 BS USC le iara itinerante ra end sudan tra da Dad ad led su a dna ad stag EEAS NO i nada sabes 43 5 4 Custom XPath FORNCHONS ainda rasa rai Ss
19. IB modules written in SMlv2 into YANG modules which can then be implemented in netconfd and managed with yangcli The freely available libsmi library contains the smidump program Page 20 Version 2 2 Yuma User Manual The central system component is the set of YANG data model modules which define all available management information This set of modules is expected to grow over time and there is usually a high degree of reuse and inter dependence between the modules YANG modules can import other modules to reuse any definitions and to augment objects in other modules Each module represents one unique XML namespace used within the NETCONF protocol A module can be partitioned into any number of submodules each in a separate YANG file The submodules are conceptually combined and only the entire module is accessible to other modules Directory Layout Yuma can utilize several directories to store files used during operation By default a root directory and all of its sub directories are searched for these files Several different roots can be searched Generally there is one centralized root YUMA INSTALL shared by all users and one or more project roots YUMA HOME which can be shared but may belong to a single user The Yuma programs need to find and store the following types of files during operations YANG modules and submodules yang e XML and text data files usually txt or xml command scripts for yangcli e
20. Many reports can also be generated e exported symbols exports imported modules dependencies e object identifiers identifiers The yangdump program is also used to generate other files derived from the YANG content XML Schema Document XSD extends the NETCONF XSD with the YANG content layer definitions format xsd e HTML lt div gt or full file output hyper linked color coded formatting of YANG modules to support netconf central or other WEB based documentation system There are several options for configuring the output and all formatting is done with Cascading style sheets CSS format html netconf central documentation SQL database input file supports the automated online documentation of YANG content format sqldb Refer to the netconfcentral sql file for details on this output in the Developer Manual server instrumentation code stubs the instrumentation callback functions used in netconfd for activating specific YANG content can be generated This procedure is described in more detail in the Developer Manual e canonical YANG a YANG file can be reformatted so all statements are indented uniformly and always appear in the same order Objects maked as hidden see the hidden extension in yuma ncx yang will not be generated format yang Copy YANG and set name A YANG module can be validated and then copied if no errors to another location adding the revision date to the file name
21. UMA INSTALL YUMA MODPATH YUMA DATAPATH YUMA RUNPATH The HOME environment variable contains the directory specification of the user s home directory and is expected to be set by the system shell before use The Yuma programs expect by default that sub directories and files contained in this directory will be readable and writable Default value none CLI override none C shell example setenv HOME home andy Bash shell example export HOME home andy The YUMA_HOME environment variable contains the directory specification of the current Yuma project root directory This is the path to the netconf directory within a Yuma source tree Default value none CLI override yuma home CLI example yuma home home andy swdev yuma trunk netconf C shell example Page 26 Version 2 2 Yuma User Manual setenv YUMA HOME home andy swdev yuma trunk netconf Bash shell example export YUMA HOME home andy swdev yuma trunk netconf The YUMA INSTALL environment variable contains the directory specification of the Yuma installation root directory Default value usr share yuma CLI override none C shell example setenv YUMA INSTALL sw yuma Bash shell example export YUMA INSTALL sw yuma The YUMA MODPATH environment variable contains a list of directory specifications that should be searched in order to find YANG or YIN modules and submodules It can be used to extend the search path beyond the defaul
22. Yuma User Manual YANG Based Unified Modular Automation Tools Common User Manual Version 2 2 Last Updated January 26 2012 Yuma User Manual Table Of Contents Yuma User Manual T PRE GAC Gy sussa ses sar aco RE sas danosa aan PSU SEU snub ans ada ada gaia E 3 Dede beGal tato GCS nasal saldo Ara co aca ca aC LL Lo IO RI eo e tbat 3 1 2 Additional RESQUICES cent parada do catia ir aE AS aaa Encanador dos AAE EA aia 3 1 2 E NVEB SIS otra a a a aro aa nando A eco mtas aa ondo 3 ERIN LIS ES ener O eRe Rand 4 1 3 Conventions Used in this DocUME NT occcccccccnccnccnconcnnconnnnconnnncnnnnnconnonnnnnnannnncnnnnnnos 4 SARA DE RIA iES ARROIO PRN RTPN APIS RR RPM RE OS DOU ac eb blak hil ND O tuk 5 AN RR DE RAR RONNIE O ACERTAR a NERVOS RNA EO 5 2 2 Intended AUGIGNCC saca paass co gees sad das eU dis aed a aa da a a aaa aa a 6 SIERO UCA RACER NARA RIPAR DIS UT ode e aaa aiiai 7 Jul System COMPONEN ii Ad AT 7 MUEVAN GA A gained nova ET A AE TA E Malan ia cold 9 361 2 NETICONP nener sa Tunas id A EEE a 11 3 1 3 YANG based AUtOMALION cccccecccee teense cece eee e eee ene ere ttnt rrenan cena ee acena nana nene nana 14 3 1 4 YANG Language EXPCNSIONS sa 19 3 L5YANG COMP cs cessa areas pise asas Das Una tia 20 3 1 6 YANG Module Elba te a a iaa 20 Bibel YANG FIOS O A O 23 3 1 8 NETCONF Managers uva rs a 23 LA NE PONG AG CUS ii dle cas dies du dad coi 23 4 System Configuratio Nisser enee nE ensinando aa O Ta EE PAA EKE 25 4
23. ameter is set then only each top level directory will be checked If it is not set then sub directories will be searched 2 The HOME scripts directory is checked If the subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched 3 The YUMA_HOME scripts directory is checked If the subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched 4 The YUMA_INSTALL scripts directory is checked If the subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched 4 3 Configuration Files The Yuma program configuration parameters can be stored in text or XML files The config parameter is used to specify that configuration parameters should be retrieved from a file instead of the command line Any other configuration parameter except config can be stored in a configuration file used for program input Page 35 Version 2 2 Yuma User Manual Default Linux Data Directories CLI config files YANG XML other files The XML format for these files follows the structure of the NETCONF lt config gt element Each parameter is stored within a container identifying the application which it is being configured The netconfd stores its non volatile lt startup gt database in this f
24. c sa There are many more machine readable constructs in YANG and more powerful data modeling features The complicated YANG features are optional so traditional DESCRIPTION clause based semantics are still supported The more machine readable YANG clauses that are used the more the yangcli client and netconfd server can automate the entire NETCONF protocol implementation Page 15 Version 2 2 Yuma User Manual NETCONF Development Costs Platform Networking instrumentation feature NETCONF database Platform access instrumentation NETCONF operations Without automation With YANG automation The YANG language includes many ways to specify conditions for database validity which traditionally are only documented in DESCRIPTION clauses YANG Automation Constructs YANG statement description config boolean The config statement indicates if the object is writable or read only The server uses this information when automatically skipping config false entries for the lt get config gt operation default string The default statement specifies the mandatory to use default value if no leaf is provided Unlike SMlv2 DEFVAL it is not a suggestion and the client can rely on it Defaults can be specified in typedef or leaf statements If both are defined then the leaf default will be used deviation deviation The deviation statement allows any YANG object be target path customized fo
25. cannot change directory cannot stat file buffer overflow error cannot delete file cannot access file db connect failed db entry exists db not found db query failed db delete failed wrong checksum wrong tag type db read failed db write failed db init failed beep init failed beep init nc failed xml reader internal open directory failed read directory failed no config file no source file POST read input bad drive bad path bad filename duplicate value pair page not handled page access denied missing form params invalid form state duplicate namespace xml reader start failed xml reader read failed wrong XML node type xml reader null name xml reader null value xml reader wrong name xml reader wrong value xml reader wrong element xml reader extra nodes xml reader EOF wrong length entry exists duplicate entry not found missing file unknown parameter invalid name unknown namespace wrong namespace wrong data type wrong value missing parameter extra parameter empty value module not found max length exceeded invalid token Version 2 2 Page 48 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 239 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 215 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 Yuma User Manual unended quoted string read failed
26. character which must be a letter It is suggested that only the at sign O character be used as a separator between module name string components YANG files must use the suffix yang YIN files must use the suffix yin There are two forms of YANG file names with and without a revision date module yang ietf netconf monitoring yang no revision or unspecified revision module revision date yang ietf netconf monitoring 2009 04 17 yang must be the 2009 04 17 version Page 22 Version 2 2 Yuma User Manual These naming conventions are important when Yuma needs to resolve an import or include statement in a YANG file Refer to section 4 2 for more details on YANG module search paths and the import by revision feature of YANG YANG modules and submodules are text files encoded in UTF 8 There is also an alternate XML encoding called YIN Sometimes the term YANG module is used to refer to the conceptual module whether it is encoded in YANG format or YIN format All Yuma Tools programs will accept either encoding format however line and column numbers are not correct in log messages for YIN encoded modules Instead each XML node is given a monotonically increasing value and the XML document order is used instead of line numbers in error warning messages for YIN files The column number is always 1 for YIN files A module can be validated and checked for possible programming mistakes by using the yangdump program
27. cked if any are present 4 The HOME data directory is checked 1 If the subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched 5 The YUMA_HOME data directory is checked 1 If the subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched Page 34 Version 2 2 Yuma User Manual 6 The HOME yuma directory is checked The YUMA INSTALL data directory is checked 1 Ifthe subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched N 8 The usr share yuma data directory is checked 1 Ifthe subdirs false parameter is set then only each top level directory will be checked If it is not set then sub directories will be searched 9 The etc yuma directory is checked Script Search Path The yangcli program can store script files used during operation 1 If the file name has an absolute path specification then that exact file location is tried If no match is found then the search will terminate in failure 2 The current working directory is checked No sub directories are checked if any are present Each directory specified in the YUMA_RUNPATH environment variable or set with the runpath configuration parameter is checked If the subdirs false par
28. d in the Yuma applications yuma app common yang contains common CLI parameters used in all Yuma applications yuma ncx yang contains YANG extensions used in any YANG module including Yuma application modules yangdump yang configuration parameters for the yangdump application yangdiff yang configuration parameters for the yangdiff application yangcli yang configuration parameters and local commands for the yangcli application netconfd yang configuration parameters for the netconfd server The netconf subsystem program does not have any configuration parameters at this time so there is no YANG file defined for it The openssh SSH server is configured separately using the sshd config file The libtecla library used by the yangcli program for command line editing support has its own configuration file tecla to override the default emacs editing key assignments Yuma applications can accept configuration parameters from 3 sources checked in the following order 1 environment variables 2 command line parameters 3 configuration file 4 1 Environment Variables The Yuma programs utilize system environment variables to customize and simplify configuration and operation of the programs These environment variables typically specify file search paths or default directory locations Page 25 Version 2 2 Yuma User Manual The following environment variables are used within Yuma HOME YUMA HOME Y
29. e chain of type definitions THe keywords min and max indicate the minimum and maximum values from the parent typedef if any not the built in type refine refine target path a3 The refine statement is defined within a uses statement and allows the specific grouping to be customized for each individual copy of the grouping contents The tools can automatically support the refined objects based on the sub statements within the refine statement revision revision date The revision statement identifies the most current version of a YANG module or sub module Multiple versions at once are supported in YANG unique unique node list The unique statement indicates an arbitrary tuple of descendant nodes within a list which have to be unique within the list These nodes are not keys and can be nested anywhere within a single list entry uses grouping name The uses statement inserts an instance of a reusable grouping replacing the uses node within the conceptual data tree when xpath expr The object containing the when statement is only allowed to exist if the XPath expression evaluates to true This provides a SPARSE AUGMENTS capability when combined with the augment statement Page 18 Version 2 2 Yuma User Manual There are several YANG extensions that are supported by Yuma They are all defined in the YANG file named yuma ncx yang They are used to tag YANG de
30. e matching file is found There are two types of module searches 1 searches on behalf of configuration parameters 2 searches on behalf of YANG import or include statements The first term in a path specification may contain special character sequences e Ifthe first character is the forward slash then the entire path specification is used as an absolute path specification usr share yang modules e Ifthe first character is not the forward slash and no special characters are found instead then the entire path specification is used as an relative path specification starting from the current working directory more modules test7 yang this dir my module yang testmodule yang old modules version7 e Ifthe first character is the tilde character followed by the forward slash character then the file search will start in the current user s HOME directory modules test test yang e Ifthe first character is the tilde character followed by a user name and then the forward slash character then the file search will start in the specified user s HOME directory If the user is unknown then the path specification is invalid andy modules test test yang fred scripts e Ifthe first character is the dollar sign character followed by an environment variable name and then the forward slash character then the file search will start in the directory indicated by the contents
31. ent revision statement Mode 1 import by revision In this example an import statement is causing a search for a module named foo with a revision date of 2009 01 15 If a revision date is used in the import or include statement then the module search path will be checked as follows First find a file with the same revision date in the file name import foo revision date 2009 01 15 prefix foo If the file foo 2009 01 15 yang is found and the current revision statement in the module is equal to 2009 01 15 then the search is successfully terminated file foo 2009 01 15 yang module foo namespace http example com ns foo prefix foo rest of header follows revision 2009 01 15 description Initial version rest of module follows If the file is not found or the most current revision date is not correct then the module search is repeated for foo yang If the file foo yang is found and the current revision statement in the module is equal to 2009 01 15 then the search is successfully terminated Page 32 Version 2 2 Yuma User Manual file foo yang module foo namespace http example com ns foo prefix foo rest of header follows revision 2009 01 15 description Initial version rest of module follows If the file is not found or the most current revision date is not correct then the module search failed Mode 2 import any
32. finitions for some sort of automatic processing by Yuma programs Extensions are position sensitive and if not used in the proper context they will be ignored A YANG extension statement must be defined somewhere for every extension used in a YANG file or an error will be occur Most of these extensions apply to netconfd server behavior but not all of them For example the ncx hidden extension will prevent yangcli from displaying help for an object containing this extension Also yangdump will skip this object in HTML output mode The following table describes the supported YANG language extensions All other YANG extension statements will be ignored by Yuma if encountered in a YANG file YANG Language Extensions extension description ncx hidden Declares that the object definition should be hidden from all automatic documentation generation Help will not be available for the object in yangcli ncx metadata Defines a qualified XML attribute in the module attr type namespace attr name Allowed within an RPC input parameter attr type is a valid type name with optional YANG prefix attr name is the name of the XML attribute ncx no duplicates Declares that the ncx xsdlist data type is not allowed to contain duplicate values The default is to allow duplicate token strings within an ncx xsdlist value ncx password Declares that a string data type is really a password and will not be displayed or ma
33. invalid number invalid hex number invalid real number EOF reached wrong token type wrong token value buffer overflow invalid range overlapping range definition not found definition segment not found type not allowed in index index type not found type not mdata meta data not allowed top not found resource in use invalid value too big missing attribute bad attribute unknown attribute missing element bad element unknown element unknown namespace access denied lock denied resource denied rollback failed data exists data missing operation not supported operation failed partial operation wrong namespace wrong node depth wrong owner wrong element wrong order extra node wrong node type expecting complex node type expecting string node type wrong data type wrong data value invalid number length value not in range wrong number type invalid enum value value not in set extra list string found unknown object extra parameter instance extra case in choice missing mandatory choice wrong config state unknown application Version 2 2 Page 49 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 Boy 358 Yuma User Manual unknown data type access control violation c
34. ioned into mandatory and conditional object groups All objects with the corresponding if feature statement will be present only if the feature is supported by the server if feature feature name Construct containing the if feature statement is only included if the specified feature is supported by the server Otherwise the object does not exist on the server import by revision The import statement allows definitions from other modules to be used A specific revision date can be used within the entire module However it is possible that different versions of imported typedefs and groupings can be used if one imported module also imports some modules include by revision The include statement provides the exact same features as the import statement except it applied to sub modules included within a module or other sub modules instead of other modules It allows multiple sub modules to be combined to create one conceptual YANG module key key leaf list The key statement indicates a set of one or more top level leafs within the list that are used to name a specific instance of the particular list object All protocol operations such as lt edit config gt can be fully automated based on the information in this statement length length spec string The length statement is exactly like the range statement except it limits the length of string leaf and leaf list objects mandatory boolean
35. ml is also affected by this environment variable This file contains the contents of the non volatile lt startup gt database which is loaded into the lt running gt database when the server boots The syntax for this parameter is a string containing the desired directory paths separated by colon characters If the trailing forward slash character is missing then it will be added when searching for files By default each entire directory and all its sub directory contents will be searched for the requested file This can be overridden with the subdirs parameter Refer to the Command Line Parameter Reference for more details If subdirs false is used then only the specified directory will be searched instead Note This parameter specifies the exact directory locations when searching for files This is different than the HOME YUMA_HOME and YUMA_INSTALL environment variables which specify a Yuma root directory Default value none CLI override datapath CLI example datapath HOME mydata HOME project1 data C shell example setenv YUMA DATAPATH S HOME mydata HOME projectl data Page 28 Version 2 2 Yuma User Manual Bash shell example export YUMA DATAPATH HOME mydata HOME project1 data The YUMA RUNPATH environment variable contains a list of directory specifications that should be searched in order to find script files used by Yuma applications It can be used to extend the search
36. much more powerful and extensible YANG provides the ability to define a detailed programmatic interface utilizing all protocol features e reusable derived data types e reusable groupings of objects RPC operations database objects e notifications Network management software developers creating a new management feature start by defining the YANG module s for the NETCONF representation of the feature This can include any mixture of new operations data and notifications Existing YANG modules can be augmented as well YANG provides complex nested data structures and choices which allows data modelers to design management interfaces which closely resemble the native data structures within the server implementation It is easy to get started with YANG and there are many optional advanced features that can be utilized as well YANG provides many machine readable constructs which allow Yuma to automate many aspects of network management software development YANG modules revision 1 revision 2 submodule Y submodule Y revision 1 revision 2 submodule Z revision 1 Page 9 Yuma User Manual Semantics and details that are usually only found in description clauses can be understood and implemented automatically by the software tools A YANG module can be a single file or it can be split into an arbitrary number of files using sub modules A YANG submodule is essentially the same as a main module except that the name
37. nt config element in the NETCONF XML namespace The XPath specification supports system variables to be accessed within XPath expressions Within the yangcli program all user and system variables available to a script are also available as XPath variables within XPath expression evaluation e g if eval and while commands For example a variable named myvar would be accessed within an XPath expression as myvar An XPath variable called user is supported in the yangcli and netconfd programs It is equal to the NETCONF user name associated with the session evaluating the XPath expression It is provided to be used in data rules within the NETCONF Access Control Model NACM The following XPath functions are added to the XPath 1 0 Function Library in addition to the current function from XPath 2 0 The module loaded function tests whether the specified module is loaded within the program boolean module loaded module name revision date Parameters Parameter 1 o Type String o Usage Mandatory Page 43 Version 2 2 Yuma User Manual o Purpose Specifies the module name to check e Parameter 2 o Type String o Usage Optional o Purpose Specifies the YANG revision date string for module indicated by parameter 1 Returns Boolean e true the specified module is loaded e false the specified module is not loaded possibly not known Errors e Missing parameter error if no parameters provided e Extra parameters e
38. of the environment variable If the variable is unknown or its contents do not represent a valid directory location then the path specification is invalid WORKDIR tests test all interfaces YUMA HOME data startup cfg xml Note Whenever Yuma searches a directory it checks for the expected file type but ignores the following e all files and sub directories that begin with the period character Page 30 Version 2 2 Yuma User Manual any directory named CVS e symbolic links for regular files The following environment variables affect file searches HOME YUMA HOME YUMA_MODPATH YUMA DATAPATH YUMA_RUNPATH The following configuration parameters affect file searches yuma home e modpath e datapath e runpath e subdirs There is a directory HOME yuma created by yangcli or netconfd for data files and temporary files It is called yuma and it is created in the users home directory if the HOME environment variable is defined This directory will be used as the default location to save the startup cfg xm file by netconfd if no startup file is specified in the CLI parameters and no existing startup file is found in the data file search path This directory is also used as the default location to store the yangcli_history file for yangcli command line history recall The HOME yuma tmp directory is used by yangcli to create session specific sub directories where all the YANG modules f
39. onfig data notif Operations Client Methods NETCONF Configuration Database YANG is used to define the syntax and the semantics of the data in this database The NETCONF protocol is used to provide secure access all YANG content The server maintains a database which is accessed as ifit was an XML instance document Page 12 Version 2 2 Yuma User Manual NETCONF Concepts Top down Top Level Remote Procedure Call Model Y me Key 2 Level RPC Parameters N 3 Level Database Access Data can be retrieved with XML subtree or XPath filters Changes can be validated before being activated Databases can be locked to prevent multiple managers from interfering with each other Custom operations can be used to perform complex actions and perhaps return some data as well Page 13 Version 2 2 Yuma User Manual NETCONF Concepts Bottom up Types Types are abstractions like TCs in SMI which represent templates for leafs Leafs represent the smallest unit of conceptual teats data that the NETCONF protocol can manipulate This corresponds to an XML simple type Leaf lists containers lists and choices provide important data manipulation capabilities notifications _ Notifications can contain data of any type Recs Remote procedure calls are used for all direct manager access to NETCONF databases NETCONF can utilize several secure transport protocols The mandatory transport SSH2 is u
40. onfig locked wrong config state max access exceeded wrong index type wrong instance type missing index component config not found extra attribute instance s found required attribute not found required value instance not found extra value instance s found target is read only invalid pattern wrong version connect failed unknown host session failed authentication failed end of comment not found invalid string concatenation import not found missing typedef sub section restriction not allowed for this type specified refinement not allowed definition loop detected default case contains mandatory object s import loop include loop expecting module expecting submodule undefined prefix imported module has errors pattern match failed invalid data type change mandatory object not allowed unique stmt test failed max elements exceeded min elements not reached must stmt test failed data restriction violation missing instance for insert operation object not config invalid conditional object using obsolete definition invalid augment target duplicate refine sub clause invalid deviate sub clause invalid XPath expression syntax invalid instance identifier syntax require instance test failed key or select attribute not allowed invalid unique stmt node invalid duplicate import stmt invalid duplicate include stmt ambiguous command unknown module unknown version value not supported Version 2 2 Page 50
41. ormat XML configuration file contents can appear in any order The following configuration parameters affect the generation and display of XML configuration files by netconfd e jndent e with defaults The following configuration parameter affects the location of XML configuration files by netconfd e datapath YUMA_DATAPATH environment variable Page 36 Version 2 2 Yuma User Manual Note The IETF may standardize this container format soon Do not rely on the top level namespace URI Any top level element name lt config gt in any namespace even none should be expected to contain a complete NETCONF database or a subset of a NETCONF database The following example show some database objects from the NETCONF Access Control Model yuma nacm yang in XML configuration file format file startup cfg xml lt xml version 1 0 encoding UTF 8 gt lt nd config xmlns nd http netconfcentral org ns netconfd gt lt nacm nacm xmlns nacm http netconfcentral org ns yuma nacm gt lt nacm groups gt lt nacm group gt lt nacm groupldentity gt nacm admin lt nacm groupldentity gt lt nacm userName gt andy lt nacm userName gt lt nacm userName gt fred lt nacm userName gt lt nacm userName gt barney lt nacm userName gt lt nacm group gt lt nacm groups gt lt nacm rules gt lt nacm moduleRule gt lt nacm moduleName gt netconf lt nacm moduleName gt lt nacm allowed rights gt read write exec lt nacm
42. path beyond the default locations Script files used by the yangcli program are affected by this environment variable The syntax for this parameter is a string containing the desired directory paths separated by colon characters If the trailing forward slash character is missing then it will be added when searching for files By default each entire directory and all its sub directory contents will be searched for the requested file This can be overridden with the subdirs parameter Refer to the Command Line Parameter Reference for more details If subdirs false is used then only the specified directory will be searched instead Note This parameter specifies the exact directory locations when searching for files This is different than the HOME YUMA HOME and YUMA INSTALL environment variables which specify a Yuma root directory Default value none CLI override runpath CLI example runpath HOME scripts usr local scripts C shell example setenv YUMA RUNPATH HOME scripts usr local scripts Bash shell example export YUMA RUNPATH HOME scripts usr local scripts All Yuma programs search for YANG and other files in the same manner using the same configuration parameters The current working directory is included in this search path so it is important to consider Page 29 Version 2 2 Yuma User Manual the directory in which a Yuma program is invoked The search ends as soon as a suitabl
43. r a particular platform or implementation The tools can automatically support the altered objects based on the sub statements within the deviation statement These changes can be of any nature even those normally not allowed in YANG The intent of the deviation statement os to accurately describe the object implementation so the tools can automate the protocol operations correctly even for non standard Page 16 Version 2 2 Yuma User Manual implementations error app tag apptag string The error app tag statement can be used within the range length and pattern statements If a value is invalid due to the corresponding error then the lt error app tag gt field in the lt rpc error gt sent by the server will be set to the apptag string value error message errmsg string extension The error message statement can be used within the range length and pattern statements Ifa value is invalid due to the corresponding error then the lt error message gt field in the lt rpc error gt sent by the server will be set to the errmsg string value The extension statement allows a vendor to add language extensions and all YANG implementations must be able to parse the extension correctly However only implementations which actually understand the extension will support it All others will simply ignore the extension feature The feature statement allows a module to be conceptually partit
44. rameter syntax may be used as well as the normal forms container yangdump ncx cli ncx default parm module all the yangdump CLI parameters When invoking the yangdump program the default CLI parameter is module These two command lines are equivalent yangdump module testl module test2 yangdump testl test2 A string that does not start with any dashes will still be tried as a parameter name before trying the default parameter If the value used for a default parameter conflicts with another parameter name then the normal form must be used instead of this form yangdump log app testl Even if there was a module named log app it would not be tried as a module parameter since it also matches the log append parameter Note the default parameter form is can be used in conjunction with shell wildcard characters depending on the shell yangdump yang yangdump subtree These commands are equivalent in the yangdump program 5 XPath Reference The XPath 1 0 path specification language is supported in all Yuma Tools programs as specified in the YANG language specification There are also some additional variables and XPath functions available in all XPath expressions Page 41 Version 2 2 Yuma User Manual A custom XPath implementation is used which is based on the internal data structures maintained within the program i e object tree or data tree No CPU or memory is wasted converting these
45. rietary NETCONF Access Control Model test pass yang Several modules are included for testing YANG and NETCONF behavior test fail yang Several modules with errors are included for testing YANG compiler behavior Intended Audience This document is intended for users of the programs in the Yuma suite It contains the following information Page 6 Introduction to YANG and NETCONF based Network Management Yuma Configuration Yuma User Guides Yuma CLI Reference Yuma Error Reference Version 2 2 Yuma User Manual 3 Introduction The Yuma Tools suite provides automated support for development and usage of network management information All management data is defined with the YANG data modeling language All management operations are encoded in XML 1 0 and performed with standard NETCONF protocol operations Software Components NETCONF client NETCONF server sito yangcli netconfd o flibioaster DEZ netconf yangdiff yangdump opensshd ISS SSH2 server The following external program is used by Yuma and needs to be pre installed opensshd o The SSH2 server code does not link with Yuma Instead the netconf subsystem program is invoked and local connections are made to the netconfd server from this SSH2 subsystem Page 7 Version 2 2 Yuma User Manual The following external libraries are used by Yuma and need to be pre installed They are usually installed by default and do not need
46. rom the server for the current session are stored If the autoload false parameter is used then these temporary directories will not be created by yangcli A parameter search is started on behalf of a CLI parameter such as the module parameter used by the yangdump program A search of this type can include directory path and file extension in the search parameter If a filename with a file extension must be yang is given then only that exact file will be checked The current working directory will be used in this case if no directory path or a relative directory path is provided module test yang module more modules test302009 04 01 yang If the exact filename is not found then the search failed Page 31 Version 2 2 Yuma User Manual If a parameter based search does not have any directory path or file extension fields present then a parameter search is the same as an import include search An import or include search is started on behalf of a YANG import or include statement A search of this type includes only the module or submodule name with no directory or file extension present An optional revision date statement can be used in YANG which means only a version of the YANG file with that exact current revision date will be used There are separate search algorithms depending on whether the revision date is used in the YANG import or include statement and whether the imported or included module has a curr
47. rror if more than 2 parameters provided All unknown parameter values cause a false result Example yangcli gt if module loaded yuma system 2009 12 27 yangcli gt log info correct yuma system module loaded yangcli gt else yangcli gt log error Wrong yuma system module loaded yangcli gt end The feature enabled function tests whether the specified YANG feature is enabled within the program boolean feature enabled module name feature name Parameters e Parameter 1 o Type String o Usage Mandatory o Purpose Specifies the module name to check e Parameter 2 o Type String o Usage Mandatory o Purpose Specifies the YANG feature name defined within the module indicated by parameter 1 Returns Boolean e true the specified feature is enabled e false the specified feature is not enabled possibly not known Errors e Missing parameter error if less than 2 parameters provided e Extra parameters error if more than 2 parameters provided Page 44 Version 2 2 Yuma User Manual All unknown parameter values cause a false result Example Page 45 yangcli gt yangcli gt yangcli gt yangcli gt yangcli gt if els end feature enabled mymodule myfeature log info myfeature is enabled e log error myfeature is not enabled Version 2 2 Yuma User Manual 6 Error Reference All Yuma programs use the same set of error numbers and error messages Error numbers are 3
48. sed by Yuma The OpenSSH server is used in the netconfd implementation and libssh2 library is used in the yangcli implementation to provide all SSH2 layer support By default TCP port 830 netconf over ssh is used for all NETCONF communications between yangcli and netconfd TCP port 22 ssh is also supported by default and additional TCP ports can be configured NETCONF security is session based Privileges are granted to a session based on the username provided in the SSH connection setup Access control is configurable via yuma nacm yang based on group membership The access control rules permit or deny access to one or more groups to a subset of the YANG content Separate defaults for read write and exec RPC operation access are provided Yuma is a 100 native YANG implementation This means that YANG modules are used directly by all the tools to control all aspects of NETCONF protocol usage There are no lossy translations or complicated configuration steps in order to use a YANG module Simply load a module and start using it The automation concepts will be familiar to SNMP developers who use SMlv2 to write MIB modules The SMlv2 language contains enough machine readable clauses so a client and server can automate certain aspects of the SNMP protocol implmentation Page 14 Version 2 2 Yuma User Manual YANG does the same thing for NETCONF developers only 10 times better YANG as Source Code CE is o e
49. space URI value is shared between the main module and all its submodules A submodule is referenced with the include statement instead of the import statement Submodules can also include other submodules except a loop may not be formed by the include statements Conceptually the module is not nested All definitions in submodules appear at the top level of the YANG module even submodules included by other submodules All YANG modules and submodules have revision dates The example shows a simple version number but the actual revision strings are date strings in the form YYYY MM DD Yuma programs support concurrent usage of different revisions of the same module or submodule This can occur via groupings from external modules within the YANG language Only one revision of a module can be imported into a single module or submodule but any of these files may in turn import other modules It is possible that a different version of the same module could be indirectly imported in this case Deviation modules are normal YANG modules except they only contain deviation statements These deviation statements are used to alter patch the YANG modules with implementation specific differences A deviation module can contain any number of deviation statements and they can apply to an arbitrary number of objects from any module Multiple deviation statements for the same target will be combined by the server before using them and all deviate sta
50. t locations The syntax for this parameter is a string containing the desired directory paths separated by colon characters If the trailing forward slash character is missing then it will be added when searching for files By default each entire directory and all its sub directory contents will be searched for the requested file This can be overridden with the subdirs parameter Refer to the Command Line Parameter Reference for more details If subdirs false is used then only the specified directory will be searched instead Note This parameter specifies the exact directory locations when searching for files This is different than the HOME YUMA HOME and YUMA INSTALL environment variables which specify a Yuma root directory Default value none CLI override modpath CLI example Page 27 Version 2 2 Yuma User Manual modpath HOME modules2 usr local modules C shell example setenv YUMA MODPATH HOME modules2 usr local modules Bash shell example export YUMA MODPATH HOME modules2 usr local modules The YUMA_DATAPATH environment variable contains a list of directory specifications that should be searched in order to find data files used by Yuma applications It can be used to extend the search path beyond the default locations Data files used by the yangcli program are affected by this environment variable The location where the netconfd program keeps the file startup cfg x
51. tched by any filter ncx qname Declares that a string data type is really an XML qualified name XML prefixes will be properly generated by yangcli and netconfd ncx root Declares that the container parameter is really a NETCONF database root like lt config gt in the lt edit config gt operations The child nodes of this container are not specified in the YANG file Instead they are allowed to contain any top level object from any YANG file supported by the server ncx schema instance Declares that a string data type is really an special schema instance identifier string It is the same as an instance identifier built in type except the key leaf predicates are optional For example missing key values indicate wild cards that will match all values in nacm lt data rule gt expressions Page 19 Version 2 2 Yuma User Manual nacm secure Declares that the database object is a secure object If the object is an rpc statement then only the netconfd superuser will be allowed to invoke this operation by default Otherwise only read access will be allowed to this object by default Write access will only be allowed by the superuser by default ncx user write lt bits gt Declares the user write permissions that will be allowed for a config true data node The bits parameter contains the write permissions that will be allowed for the object create update delete nacm very secure Declares
52. tements for the same object will be validated together as if they were all contained in the same deviation statement The order of the deviation statements is irrelevant Deviations modules are processed first and the deviation statements save for later The import statements are ignored unlike real module processing Since deviation modules are not identified in any way Yuma programs use the module parameter to refer to a normal YANG module or submodule and the deviation parameter to refer to a deviation module Page 10 Version 2 2 Yuma User Manual YANG features container X The YANG feature statement is used to define a conceptual partition within the module Objects that contain the if feature statement for the corresponding feature are part of the feature If the server does not advertise a feature in its lt capabilities gt then it is not supported and all the objects that are part of the feature are not supported Multiple if feature statements form a logical AND expression All the referenced features must be enabled for the object to be available In the example above leaf YY2 is not present unless feature A and B are both advertised by the server The mandatory components of the NETCONF protocol are defined in RFC 4741 and RFC 4742 Page 11 Version 2 2 Yuma User Manual NETCONF Conceptual Layers NETCONF Protocol YANG is used to define the syntax and the semantics of this layer Content C
53. tion files which are used with command line parameters may include program parameters for multiple applications o Only the top level container that matches the name of the program will be used o Any other top level containers will be ignored o Only the first instance of the desired program container will be used Any additional containers will be ignored test conf yangdump common yangdump parameters here yangdiff common yangdiff parameters here Page 38 Version 2 2 Yuma User Manual Configuration file parameters can appear in any order Only list index strings need to appear in their defined order The following configuration parameters affect generation and display of text configuration files o indent o with defaults o display mode Since Yuma programs use YANG to define CLI parameters there needs to be an initial bootstrap CLI phase in order to process parameters which affect the way YANG files are processed The bootstrap CLI is not as flexible as the main CLI processor and the syntax is more strict Parameters must be entered in either of the following forms name name value If parameters are not entered in this format then they will be skipped until the main CLI parameter processing is done This may cause undesirable changes in key parameters such as the module search path The following configuration parameters are also bootstrap parameters and will take affect immediately
54. to be installed by you libc6 o unix system library ncurses o Curses terminal support needed on Fedora platforms only libxml2 o xmlTextReader XML parser o pattern support The following external library is built within Yuma and does not need to be pre installed libtecla o command line support for yangcli The following shared or static library is built by Yuma and used by almost all of its programs libnex o YANG parser o YANG validation o basic NETCONF support o XPath support o configuration database support The following libraries are built by Yuma and used within executables libagt o NETCONF server support libmgr o NETCONF client support libydump o yangdump translation functionality The following binaries are built by Yuma e netconfd o NETCONF server netconf subsystem o thin client between opensshd and NETCONF server e yangcli o NETCONF client yangdump o YANG validation e yangdiff o YANG compare Page 8 Version 2 2 Yuma User Manual The following sample netconfd module instrumentation library is provided as an example These libraries e g libfoo so can only be created with the Yuma SDK Refer to the Yuma Developer s Guide for details on creating server instrumentation libraries libtoaster Server instrumentation code for the YANG module libtoaster yang A YANG module define the semantics and syntax of a specific management feature They are similar to SMlv2 MIB modules but
55. yangcli client yuma netconf yang all the NETCONF protocol operations including all YANG extensions to the NETCONF protocol RFC 4741 This file contains meta data used in the yangcli and netconfd programs which is not available in the ietf netconf yang version ietf yang types yang the standard derived types library in progress for YANG This module is being developed by the NETMOD WG RFC 6021 Page 5 Version 2 2 2 2 Yuma User Manual ietf inet types yang the standard Internet address types library in progress for YANG This module is being developed by the NETMOD WG RFC 6021 ietf netconf monitoring yang the standard NETCONF monitoring module in progress by the NETCONF WG RFC 6022 ietf netconf partial lock yang the standard NETCONF module for multiple concurrent partial database locks RFC 5717 ietf with defaults yang the standard NETCONF default value control module in progress by the NETCONF WG draft ietf netconf with defaults 10 txt yuma interfaces yang interfaces monitoring and configuration scaffolding yuma mysession yang NETCONF session customization operations notifications yang the standard NETCONF create subscription command to start receiving NETCONF notifications RFC 5277 nc notifications yang the standard NETCONF notifications RFC 5277 yuma proc yang proc file system monitoring information yuma system yang Proprietary system group and common notifications yuma nacm yang Prop
Download Pdf Manuals
Related Search