YumaWorks Enhancements to Standard YANG Modules : YumaWorks

The netconfd-pro server supports several enhancements to standard modules.

NETCONF Monitoring
NACM Configuration
NETCONF Operations
NETCONF Notifications

NETCONF Monitoring Enhancements

Standard Module: ietf-netconf-monitoring

YumaWorks Module: yumaworks-system

Configuration Parameter: --with-yumaworks-system

Configuration Default: true

Configuration Example:

> netconfd-pro --with-yumaworks-system=true

Augment Path: /netconf-state

Enhancement: Backup Configuration Monitoring

  augment /ncm:netconf-state:
    +--ro backup-files
       +--ro backup-file* [name]
          +--ro name           ywt:NcxFileName
          +--ro backup-time?   yang:date-and-time

Description:

The "backup-files" container is added to the /netconf-state container to report the available backup configuration files that exist as a result of the "backup" operation.

Each "backup-file" entry contains the following leafs:

leaf name:
- The name of the backup file
leaf backup-time
- The data and time the backup file was created or last over-written

Example Entry:

<data>
  <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">
   <backup-files xmlns="http://yumaworks.com/ns/yumaworks-system">
    <backup-file>
     <name>push1.xml</name>
     <backup-time>2020-08-29T20:10:23Z</backup-time>
    </backup-file>
    <backup-file>
     <name>push2.xml</name>
     <backup-time>2020-08-29T20:50:35Z</backup-time>
    </backup-file>
    <backup-file>
     <name>test-snap.xml</name>
     <backup-time>2020-10-11T20:25:34Z</backup-time>
    </backup-file>
   </backup-files>
  </netconf-state>
 </data>

Augment Path: /netconf-state/schemas/schema

Enhancement: YANG Module Monitoring

  augment /ncm:netconf-state/ncm:schemas/ncm:schema:
    +--ro conformance?   boolean
    +--ro module-type?   enumeration

Description:

The "schema" list is augmented with 2 leafs to provide more detailed information about the YANG module.

This information is now in the ietf-yang-library module, which should be used instead of the "schema" list/

leaf conformance
- The value 'true' indicates that the server implements the module for conformance.
- The value 'false' indicates that the server only imports the YANG module and does not implement it for conformance
leaf module-type
- The value 'module' indicates this schema entry represents a YANG module
- The value 'submodule' indicates this schema entry represents a YANG submodule

Example Entry:

<data>
  <netconf-state xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">
   <schemas>
    <schema>
     <identifier>ietf-netconf</identifier>
     <version>2011-06-01</version>
     <format xmlns:ncm="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"
          >ncm:yang</format>
     <namespace>urn:ietf:params:xml:ns:netconf:base:1.0</namespace>
     <location>NETCONF</location>
     <conformance xmlns="http://yumaworks.com/ns/yumaworks-system"
          >true</conformance>
     <module-type xmlns="http://yumaworks.com/ns/yumaworks-system"
          >module</module-type>
    </schema>
   </schemas>
  </netconf-state>
 </data>

NACM Configuration Enhancements

Standard Module: ietf-netconf-acm

YumaWorks Module: yumaworks-system

Configuration Parameter: --with-yumaworks-system

Configuration Default: true

Configuration Example:

> netconfd-pro --with-yumaworks-system=true

Augment Path: /nacm/rule-list/rule/rule-type

Enhancement: NACM Filtering by Module Tag

  augment /nacm:nacm/nacm:rule-list/nacm:rule/nacm:rule-type:
    +--:(module-tags)
       +--rw module-tag*   string

Description:

The "module-tags" case is added to the "rule-type" choice within a NACM rule list entry. This allows the NACM rule to be scoped to the specified list of module tag strings.

The "module-tags" case contains the following leaf-list:

leaf-list module-tag:
- The name of a module-tag to use to match to the associated NACM rule

Example Entry:

<data>
  <nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
   <rule-list>
    <name>routing-config</name>
    <group>admin</group>
    <rule>
     <name>allow-routing</name>
     <module-name>*</module-name>
     <module-tag xmlns="http://yumaworks.com/ns/yumaworks-system"
            >ietf:routing</module-tag>
     <access-operations>*</access-operations>
     <action>permit</action>
     <comment>allow access to all routing modules</comment>
    </rule>
   </rule-list>
  </nacm>
 </data>

NETCONF Operation Enhancements

Standard Module: ietf-netconf

YumaWorks Module: yumaworks-system

Configuration Parameter: --with-yumaworks-system

Configuration Default: true

Configuration Example:

> netconfd-pro --with-yumaworks-system=true

Augment Path: /commit/input

Enhancement: Commit Comment

  augment /nc:commit/nc:input:
    +---w comment?   string

Description:

The "comment" leaf is added to the "commit" operation input.. This comment appears in the audit-log and debug log outputs.

leaf comment
- A comment string associated with the edit transaction that is being commited.

Example Operation:

<rpc message-id="2"
 xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
 <commit>
  <comment xmlns="http://yumaworks.com/ns/yumaworks-system"
       >add NACM rule to allow routing module access</comment>
 </commit>
</rpc>

Augment Path: /get-config/input

Augment Path: /get/input

Enhancement: NETCONF Monitoring Improvements

 augment /nc:get-config/nc:input:
    +---w with-owners?   empty
    +---w depth?         union
    +---w module-tag*    string
 augment /nc:get/nc:input:
    +---w with-owners?   empty
    +---w depth?         union
    +---w module-tag*    string

Description:

Three parameters which modify the retrieval request are provided:

leaf with-owners
- If 'true' then include metadata to identify the owner of the configuration data. If the --save-owners parameter is set to 'true' then the owner strings can be retrieved with configuration data.
leaf depth
- The RESTCONF "depth" parameter is supported for the"get-config" operation. This is used to limit the depth of the subtrees returned in the response.
leaf-list module-tag
- A list of module tags that should be used as a filter to return data from modules that match at least one of the module tags.

Example Request:

<rpc message-id="1"
 xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
 <get-config>
  <source>
   <running/>
  </source>
  <depth xmlns="http://yumaworks.com/ns/yumaworks-system"
       >4</depth>
  <module-tag xmlns="http://yumaworks.com/ns/yumaworks-system"
        >ietf:security</module-tag>
  <with-owners xmlns="http://yumaworks.com/ns/yumaworks-system"/>
 </get-config>
</rpc>

Example Response:

<rpc-reply message-id="1" xmlns:ya="http://yumaworks.com/ns/yumaworks-attrs"
 xmlns:ncx="http://netconfcentral.org/ns/yuma-ncx"
 ncx:last-modified="2020-10-24T21:27:09Z" ncx:etag="540"
 xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
 <data>
  <nacm ya:owner="andy" xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
   <rule-list>
    <name>routing-config</name>
    <group>admin</group>
    <rule/>
   </rule-list>
  </nacm>
 </data>
</rpc-reply>

Augment Path: /copy-config/input

Enhancement: Configuration Management Improvements

 augment /nc:copy-config/nc:input:
    +---w with-owners?   empty
    +---w depth?         union

Description:

Two parameters which modify the copy request are provided:

leaf with-owners
- If 'true' then include metadata to identify the owner of the configuration data. If the --save-owners parameter is set to 'true' then the owner strings can be copied with configuration data.
leaf depth
- The RESTCONF "depth" parameter is supported for the"get-config" operation. This is used to limit the depth of the subtrees returned in the copy operation.

Example Operation:

<rpc message-id="2"
 xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
 <copy-config>
  <target>
   <url>ftp://admin@192.168.0.21/tmp/copy-config.xml</url>
  </target>
  <source>
   <running/>
  </source>
  <depth xmlns="http://yumaworks.com/ns/yumaworks-system">unbounded</depth>
  <with-defaults xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults">report-all-tagged</with-defaults>
  <with-owners xmlns="http://yumaworks.com/ns/yumaworks-system"/>
 </copy-config>
</rpc>

Standard Module: ietf-netconf

YumaWorks Module: yumaworks-templates

Configuration Parameter: --with-yumaworks-templates

Configuration Default: true

Configuration Example:

> netconfd-pro --with-yumaworks-templates=true

Augment Path: /edit-config/input

Enhancement: Configuration Management Improvements

  augment /nc:edit-config/nc:input:
    +---w with-template*   yang:yang-identifier

Description:

One parameter which requests that a list of configuration templates be applied to the edit operation is provided:

leaf-list with-template
- Identifies a configuration template to use for this edit operation. The 'target-path' parameter within the template will be matched to data in the configuration request. Templates will be checked in the order given, in case multiple templates for the same data node are provided.

Example Operation:

NETCONF Notification Enhancements

Standard Module: ietf-netconf-notifications

YumaWorks Module: yumaworks-config-change

Configuration Parameter: --with-yumaworks-config-change

Configuration Default: false

Configuration Example:

> netconfd-pro --with-yumaworks-config-change=true

Augment Path: /netconf-config-change/edit

Enhancement: Configuration Monitoring Improvements

  augment /ncn:netconf-config-change/ncn:edit:
    +-- new-value?   <anyxml>
    +-- old-value?   <anyxml>

Description:

Two parameters which report the old value and/or new value are added to each "edit" list entry in a "netconf-config-change" notification.

anyxml new-value
- Contains the new value for the associated 'target' if the operation is not 'delete' or 'remove'. This object should represent a container with one child node specifying the new value used in the associated edit.
anyxml old-value
- Contains the old value for the associate 'target' that was changed or deleted, if operation is not 'create', This object should represent a container with one child node specifying the current value used in the associated edit

Example Notification:

 <notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
  <eventTime>2020-10-28T02:35:02Z</eventTime>
  <netconf-config-change 
       xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-notifications">
   <changed-by>
    <username>andy</username>
    <session-id>3</session-id>
    <source-host>127.0.0.1</source-host>
   </changed-by>
   <datastore>running</datastore>
   <edit>
    <target xmlns:nacm="urn:ietf:params:xml:ns:yang:ietf-netconf-acm"
      >/nacm:nacm/nacm:rule-list[nacm:name="routing-config"]/nacm:rule[nacm:name="allow-routing"]/nacm:comment</target>
    <operation>replace</operation>
    <new-value
     xmlns="http://yumaworks.com/ns/yumaworks-config-change">
     <comment xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">allow access to IETF routing modules</comment>
    </new-value>
    <old-value xmlns="http://yumaworks.com/ns/yumaworks-config-change">
     <comment xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">allow access to all routing modules</comment>
    </old-value>
   </edit>
  </netconf-config-change>
 </notification>

YumaWorks

How can we help you today?

YumaWorks Enhancements to Standard YANG Modules Print

How can we help you today?

YumaWorks Enhancements to Standard YANG Modules Print

Related Articles