module ietf-restconf-server {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-restconf-server";
prefix "rcserver";
//import ietf-netconf-acm {
// prefix nacm; // RFC 6536
//}
import ietf-inet-types { // RFC 6991
prefix inet;
}
import ietf-x509-cert-to-name { // RFC 7407
prefix x509c2n;
}
import ietf-tls-server { // RFC VVVV
prefix ts;
revision-date 2015-10-09;
}
organization
"IETF NETCONF (Network Configuration) Working Group";
contact
"WG Web:
WG List:
WG Chair: Mehmet Ersue
WG Chair: Mahesh Jethanandani
Editor: Kent Watsen
";
description
"This module contains a collection of YANG definitions for
configuring RESTCONF servers.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC VVVV; see
the RFC itself for full legal notices.";
revision "2015-10-09" {
description
"Initial version";
reference
"RFC VVVV: NETCONF Server and RESTCONF Server Configuration
Models";
}
// Features
feature tls-listen {
description
"The listen feature indicates that the RESTCONF server
supports opening a port to listen for incoming RESTCONF
client connections.";
reference
"RFC XXXX: RESTCONF Protocol";
}
feature tls-call-home {
description
"The call-home feature indicates that the RESTCONF server
supports initiating connections to RESTCONF clients.";
reference
"RFC YYYY: NETCONF Call Home and RESTCONF Call Home";
}
feature client-cert-auth {
description
"The client-cert-auth feature indicates that the RESTCONF
server supports the ClientCertificate authentication scheme.";
reference
"RFC ZZZZ: Client Authentication over New TLS Connection";
}
// top-level container
container restconf-server {
description
"Top-level container for RESTCONF server configuration.";
container listen {
if-feature tls-listen;
description
"Configures listen behavior";
leaf max-sessions {
type uint16;
default 0; // should this be 'max'?
description
"Specifies the maximum number of concurrent sessions
that can be active at one time. The value 0 indicates
that no artificial session limit should be used.";
}
list endpoint {
key name;
description
"List of endpoints to listen for RESTCONF connections on.";
leaf name {
type string;
description
"An arbitrary name for the RESTCONF listen endpoint.";
}
choice transport {
mandatory true;
description
"Selects between available transports.";
case tls {
if-feature tls-listen;
container tls {
description
"TLS-specific listening configuration for inbound
connections.";
uses ts:listening-tls-server-grouping {
refine port {
default 443;
}
augment "client-auth" {
description
"Augments in the cert-to-name structure.";
uses cert-maps-grouping;
}
}
}
}
}
}
}
container call-home {
if-feature tls-call-home;
description
"Configures call-home behavior";
list restconf-client {
key name;
description
"List of RESTCONF clients the RESTCONF server is to
initiate call-home connections to.";
leaf name {
type string;
description
"An arbitrary name for the remote RESTCONF client.";
}
choice transport {
mandatory true;
description
"Selects between TLS and any transports augmented in.";
case tls {
if-feature tls-call-home;
container tls {
description
"Specifies TLS-specific call-home transport
configuration.";
uses endpoints-container {
refine endpoints/endpoint/port {
default 9999;
}
}
uses ts:non-listening-tls-server-grouping {
augment "client-auth" {
description
"Augments in the cert-to-name structure.";
uses cert-maps-grouping;
}
}
}
}
}
container connection-type {
description
"Indicates the RESTCONF client's preference for how the
RESTCONF server's connection is maintained.";
choice connection-type {
description
"Selects between available connection types.";
case persistent-connection {
container persistent {
presence true;
description
"Maintain a persistent connection to the RESTCONF
client. If the connection goes down, immediately
start trying to reconnect to it, using the
reconnection strategy.
This connection type minimizes any RESTCONF client
to RESTCONF server data-transfer delay, albeit at
the expense of holding resources longer.";
container keep-alives {
description
"Configures the keep-alive policy, to proactively
test the aliveness of the TLS client. An
unresponsive TLS client will be dropped after
approximately (max-attempts * max-wait) seconds.";
reference
"RFC YYYY: NETCONF Call Home and RESTCONF Call Home,
Section 3.1, item S6";
leaf max-wait {
type uint16 {
range "1..max";
}
units seconds;
default 30;
description
"Sets the amount of time in seconds after which
if no data has been received from the TLS
client, a TLS-level message will be sent to
test the aliveness of the TLS client.";
}
leaf max-attempts {
type uint8;
default 3;
description
"Sets the number of sequential keep-alive messages
that can fail to obtain a response from the TLS
client before assuming the TLS client is no
longer alive.";
}
}
}
}
case periodic-connection {
container periodic {
presence true;
description
"Periodically connect to the RESTCONF client, so that
the RESTCONF client may deliver messages pending for
the RESTCONF server. The RESTCONF client is expected
to close the connection when it is ready to release
it, thus starting the RESTCONF server's timer until
next connection.";
leaf reconnect-timeout {
type uint16 {
range "1..max";
}
units minutes;
default 60;
description
"The maximum amount of unconnected time the RESTCONF
server will wait before re-establishing a connection
to the RESTCONF client. The RESTCONF server may
initiate a connection before this time if desired
(e.g., to deliver a notification).";
}
}
}
}
}
container reconnect-strategy {
description
"The reconnection strategy guides how a RESTCONF server
reconnects to an RESTCONF client, after losing a connection
to it, even if due to a reboot. The RESTCONF server starts
with the specified endpoint and tries to connect to it
max-attempts times before trying the next endpoint in the
list (round robin).";
leaf start-with {
type enumeration {
enum first-listed {
description
"Indicates that reconnections should start with
the first endpoint listed.";
}
enum last-connected {
description
"Indicates that reconnections should start with
the endpoint last connected to. If no previous
connection has ever been established, then the
first endpoint configured is used. RESTCONF
servers SHOULD be able to remember the last
endpoint connected to across reboots.";
}
}
default first-listed;
description
"Specifies which of the RESTCONF client's endpoints the
RESTCONF server should start with when trying to connect
to the RESTCONF client.";
}
leaf max-attempts {
type uint8 {
range "1..max";
}
default 3;
description
"Specifies the number times the RESTCONF server tries to
connect to a specific endpoint before moving on to the
next endpoint in the list (round robin).";
}
}
}
}
}
grouping cert-maps-grouping {
description
"A grouping that defines a container around the
cert-to-name structure defined in RFC 7407.";
container cert-maps {
uses x509c2n:cert-to-name;
description
"The cert-maps container is used by a TLS-based RESTCONF
server to map the RESTCONF client's presented X.509
certificate to a RESTCONF username. If no matching and
valid cert-to-name list entry can be found, then the
RESTCONF server MUST close the connection, and MUST NOT
accept RESTCONF messages over it.";
reference
"RFC XXXX: The RESTCONF Protocol";
}
}
grouping endpoints-container {
description
"This grouping is used by tls container for call-home
configurations.";
container endpoints {
description
"Container for the list of endpoints.";
list endpoint {
key name;
min-elements 1;
ordered-by user;
description
"User-ordered list of endpoints for this RESTCONF client.
Defining more than one enables high-availability.";
leaf name {
type string;
description
"An arbitrary name for this endpoint.";
}
leaf address {
type inet:host;
mandatory true;
description
"The IP address or hostname of the endpoint. If a
hostname is configured and the DNS resolution results
in more than one IP address, the RESTCONF server
will process the IP addresses as if they had been
explicitly configured in place of the hostname.";
}
leaf port {
type inet:port-number;
description
"The IP port for this endpoint. The RESTCONF server will
use the IANA-assigned well-known port if no value is
specified.";
}
}
}
}
}