module ietf-zerotouch-bootstrap-server {
yang-version "1.1";
namespace
"urn:ietf:params:xml:ns:yang:ietf-zerotouch-bootstrap-server";
prefix "ztbs";
import ietf-inet-types {
prefix inet;
reference "RFC 6991: Common YANG Data Types";
}
organization
"IETF NETCONF (Network Configuration) Working Group";
contact
"WG Web:
WG List:
Author: Kent Watsen
";
description
"This module defines an interface for bootstrap servers, as defined
by RFC XXXX: Zero Touch Provisioning for NETCONF or RESTCONF based
Management.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, is permitted pursuant to, and subject to the license
terms contained in, the Simplified BSD License set forth in Section
4.c of the IETF Trust's Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see the RFC
itself for full legal notices.";
revision "2016-10-31" {
description
"Initial version";
reference
"RFC XXXX: Zero Touch Provisioning for NETCONF or RESTCONF based
Management";
}
list device {
key unique-id;
description
"A device's record entry. This is the only RESTCONF resource
that a device will GET, as described in Section 8.2 in RFC XXXX.
Getting just this top-level node provides a device with all the
data it needs in a single request.";
reference
"RFC XXXX: Zero Touch Provisioning for NETCONF or
RESTCONF based Management";
leaf unique-id {
type string;
description
"A unique identifier for the device (e.g., serial number).
Each device accesses its bootstrapping record by its unique
identifier.";
}
choice information-type {
mandatory true;
description
"This choice statement ensures the response only contains
redirect-information or bootstrap-information. Note that
this is the only mandatory true node, as the other nodes
are not needed when the device trusts the bootstrap server,
in which case the data does not need to be signed.";
container redirect-information {
description
"This is redirect information, as described in Section 3.1
in RFC XXXX. Its purpose is to redirect a device to another
bootstrap server.";
reference
"RFC XXXX: Zero Touch Provisioning for NETCONF or RESTCONF
based Management";
list bootstrap-server {
key address;
description
"A bootstrap server entry.";
leaf address {
type inet:host;
mandatory true;
description
"The IP address or hostname of the bootstrap server the
device should redirect to.";
}
leaf port {
type inet:port-number;
default 443;
description
"The port number the bootstrap server listens on.";
}
leaf trust-anchor { //should there be two fields like voucher?
type binary;
description
"An X.509 v3 certificate structure as specified by RFC
5280, Section 4, encoded using ASN.1 distinguished
encoding rules (DER), as specified in ITU-T X.690. A
certificate that a device can use as a trust anchor
to authenticate the bootstrap server it is being
redirected to.";
reference
"RFC 5280:
Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile.
ITU-T X.690:
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
Encoding Rules (DER).";
}
}
}
container bootstrap-information {
description
"This is bootstrap information, as described in Section 3.2 in
RFC XXXX. Its purpose is to provide the device everything it
needs to bootstrap itself.";
reference
"RFC XXXX: Zero Touch Provisioning for NETCONF or RESTCONF
based Management";
container boot-image {
description
"Specifies criteria for the boot image the device MUST
be running.";
leaf name { // maybe this should be a regex?
type string;
mandatory true;
description
"The name of a software image that the device MUST
be running in order to process the remaining nodes.";
}
choice hash-algorithm {
mandatory true;
description
"Identifies the hash algorithm used.";
leaf sha256 {
type string;
description
"The hex-encoded SHA-256 hash over the boot
image file. This is used by the device to
verify a downloaded boot image file.";
reference
"RFC 6234: US Secure Hash Algorithms.";
}
}
leaf-list uri {
type inet:uri;
min-elements 1;
description
"An ordered list of URIs to where the boot-image file MAY
be obtained. Deployments MUST know in which URI schemes
(http, ftp, etc.) a device supports. If a secure scheme
(e.g., https) is provided, a device MAY establish a
provisional connection to the server, by blindly
accepting the server's credentials (e.g., its TLS
certificate)";
}
}
leaf configuration-handling {
type enumeration {
enum merge {
description
"Merge configuration into existing running configuration.";
}
enum replace {
description
"Replace existing running configuration with the passed
configuration.";
}
}
description
"This enumeration indicates how the server should process
the provided configuration. When not specified, the device
MAY determine how to process the configuration using other
means (e.g., vendor-specific metadata).";
}
leaf pre-configuration-script {
type script;
description
"A script that, when present, is executed before the
configuration has been processed.";
}
anydata configuration {
must "../configuration-handling";
description
"Any configuration data model known to the device. It may
contain manufacturer-specific and/or standards-based data
models.";
}
leaf post-configuration-script {
type script;
description
"A script that, when present, is executed after the
configuration has been processed.";
}
}
}
leaf signature {
type binary;
must "../information-type" {
description
"An information type must be present whenever an
signature is present.";
}
description
"A PKCS#7 SignedData structure, as specified by Section 9.1
of RFC 2315, containing just the signature (no content,
certificates, or CRLs), encoded using ASN.1 distinguished
encoding rules (DER), as specified in ITU-T X.690.
This signature is generated by the device's owner using
the private key associated with the owner certificate
over the information-type node, exactly as it's presented
to the device. The device MUST use text-level operations
to extract the information-type node from the larger
'device' response in order to verify it. It is not
important if the extracted text is itself a valid
encoding (e.g., XML or JSON).";
reference
"RFC 2315:
PKCS #7: Cryptographic Message Syntax Version 1.5
ITU-T X.690:
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
Encoding Rules (DER).";
}
leaf ownership-voucher {
type binary;
must "../signature" {
description
"A signature must be present whenever an ownership voucher
is presented.";
}
must "../owner-certificate" {
description
"An owner certificate must be present whenever an ownership
voucher is presented.";
}
description
"A 'voucher' structure, per draft-kwatsen-netconf-voucher.
The voucher needs to reference the device's unique identifier
and also specify the owner certificate's identity and a CA
certificate in the owner certificate's chain of trust.";
reference
"draft-kwatsen-netconf-voucher:
Voucher and Voucher Revocation Profiles for Bootstrapping
Protocols";
}
leaf owner-certificate {
type binary;
must "../signature" {
description
"A signature must be present whenever an owner certificate
is presented.";
}
must "../ownership-voucher" {
description
"An ownership voucher must be present whenever an owner
certificate is presented.";
}
description
"An unsigned PKCS #7 SignedData structure, as specified
by Section 9.1 in RFC 2315, containing just certificates
(no content, signatures, or CRLs), encoded using ASN.1
distinguished encoding rules (DER), as specified in
ITU-T X.690.
This structure contains, in order, the owner certificate
itself and all intermediate certificates leading up to a
trust anchor certificate. The owner certificate MAY
optionally include the trust anchor certificate.";
reference
"RFC 2315:
PKCS #7: Cryptographic Message Syntax Version 1.5.
ITU-T X.690:
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
Encoding Rules (DER).";
}
leaf voucher-revocation {
type binary;
must "../ownership-voucher" {
description
"An ownership voucher must be present whenever a voucher
revocation is presented.";
}
description
"A 'voucher-revocation' structure, as defined in
draft-kwatsen-netconf-voucher. The voucher revocation
definitively states whether a voucher is valid or not.";
reference
"draft-kwatsen-netconf-voucher:
Voucher and Voucher Revocation Profiles for Bootstrapping
Protocols";
}
leaf certificate-revocation {
type binary;
must "../owner-certificate" {
description
"An owner certificate must be present whenever an voucher
revocation is presented.";
}
description
"An unsigned PKCS #7 SignedData structure, as specified by
Section 9.1 in RFC 2315, containing just CRLs (no content,
signatures, or certificates), encoded using ASN.1
distinguished encoding rules (DER), as specified in
ITU-T X.690.
This structure contains, in order, the CRL for the owner
certificate itself and the CRLs for all intermediate
certificates leading up to but not including a trust
anchor certificate.";
reference
"RFC 5280:
Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile.
ITU-T X.690:
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
Encoding Rules (DER).";
}
action notification {
input {
leaf notification-type {
type enumeration {
enum bootstrap-initiated {
description
"Indicates that the device has just accessed the
bootstrap server. The 'message' field below MAY
contain any additional information that the
manufacturer thinks might be useful.";
}
enum validation-error {
description
"Indicates that the device had an issue validating
the response from the bootstrap server. The
'message' field below SHOULD indicate the specific
error. This message also indicates that the device
has abandoned trying to bootstrap off this bootstrap
server.";
}
enum signature-validation-error {
description
"Indicates that the device had an issue validating the
bootstrapping data. For instance, this could be due
to the device expecting signed data, but only found
unsigned data, or because the ownership voucher didn't
include the device's unique identifier, or because the
signature didn't match. The 'message' field below
SHOULD indicate the specific error. This message also
indicates that the device has abandoned trying to
bootstrap off this bootstrap server.";
}
enum image-mismatch {
description
"Indicates that the device has determined that its
running image does not match the specified criteria.
The 'message' field below SHOULD indicate both what
image the device is currently running.";
}
enum image-download-error {
description
"Indicates that the device had an issue downloading
the image, which could be for reasons such as a file
server being unreachable to the downloaded file
being the incorrect file (signature mismatch). The
'message' field about SHOULD indicate the specific
error. This message also indicates that the device
has abandoned trying to bootstrap off this bootstrap
server.";
}
enum pre-script-warning {
description
"Indicates that the device obtained a greater than
zero exit status code from the script when it was
executed. The 'message' field below SHOULD indicate
both the resulting exit status code, as well as
capture any stdout/stderr messages the script may
have produced.";
}
enum pre-script-error {
description
"Indicates that the device obtained a less than zero
exit status code from the script when it was executed.
The 'message' field below SHOULD indicate both the
resulting exit status code, as well as capture any
stdout/stderr messages the script may have produced.
This message also indicates that the device has
abandoned trying to bootstrap off this bootstrap
server.";
}
enum config-warning {
description
"Indicates that the device obtained warning messages
when it committed the initial configuration. The
'message' field below SHOULD indicate the warning
messages that were generated.";
}
enum config-error {
description
"Indicates that the device obtained error messages
when it committed the initial configuration. The
'message' field below SHOULD indicate the error
messages that were generated. This message also
indicates that the device has abandoned trying to
bootstrap off this bootstrap server.";
}
enum post-script-warning {
description
"Indicates that the device obtained a greater than
zero exit status code from the script when it was
executed. The 'message' field below SHOULD indicate
both the resulting exit status code, as well as
capture any stdout/stderr messages the script may
have produced.";
}
enum post-script-error {
description
"Indicates that the device obtained a less than zero
exit status code from the script when it was executed.
The 'message' field below SHOULD indicate both the
resulting exit status code, as well as capture any
stdout/stderr messages the script may have produced.
This message also indicates that the device has
abandoned trying to bootstrap off this bootstrap
server.";
}
enum bootstrap-complete {
description
"Indicates that the device successfully processed the
all the bootstrapping data and that it is ready to
be managed. The 'message' field below MAY contain
any additional information that the manufacturer
thinks might be useful. After sending this message,
the device is not expected to access the bootstrap
server again.";
}
enum informational {
description
"Indicates any additional information not captured by
any of the other notification-type. The 'message'
field below SHOULD contain any additional information
that the manufacturer thinks might be useful.";
}
}
mandatory true;
description
"The type of notification provided.";
}
leaf message {
type string;
description
"An optional human-readable value.";
}
container ssh-host-keys {
description
"A list of SSH host keys an NMS may use to authenticate
a NETCONF connection to the device with.";
list ssh-host-key {
when "../type = bootstrap-complete" {
description
"SSH host keys are only sent when the notification
type is 'bootstrap-complete'.";
}
description
"An SSH host-key";
leaf format {
type enumeration {
enum ssh-dss { description "ssh-dss"; }
enum ssh-rsa { description "ssh-rsa"; }
}
mandatory true;
description
"The format of the SSH host key.";
}
leaf key-data {
type string;
mandatory true;
description
"The key data for the SSH host key";
}
}
}
container trust-anchors {
description
"A list of trust anchor certificates an NMS may use to
authenticate a NETCONF or RESTCONF connection to the
device with.";
list trust-anchor {
when "../type = bootstrap-complete" {
description
"Trust anchors are only sent when the notification
type is 'bootstrap-complete'.";
}
description
"A list of trust anchor certificates an NMS may use to
authenticate a NETCONF or RESTCONF connection to the
device with.";
leaf-list protocol {
type enumeration {
enum netconf-ssh { description "netconf-ssh"; }
enum netconf-tls { description "netconf-tls"; }
enum restconf-tls { description "restconf-tls"; }
enum netconf-ch-ssh { description "netconf-ch-ssh"; }
enum netconf-ch-tls { description "netconf-ch-tls"; }
enum restconf-ch-tls { description "restconf-ch-tls"; }
}
min-elements 1;
description
"The protocols that this trust anchor secures.";
}
leaf certificate {
type binary;
mandatory true;
description
"An X.509 v3 certificate structure, as specified by
Section 4 in RFC5280, encoded using ASN.1 distinguished
encoding rules (DER), as specified in ITU-T X.690.";
reference
"RFC 5280:
Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile.
ITU-T X.690:
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER),
Canonical Encoding Rules (CER) and Distinguished
Encoding Rules (DER).";
}
}
}
}
} // end action
} // end device
typedef script {
type binary;
description
"A device specific script that enables the execution of commands
to perform actions not possible thru configuration alone.
No attempt is made to standardize the contents, running context,
or programming language of the script. The contents of the
script are considered specific to the vendor, product line,
and/or model of the device.
If a script is erroneously provided to a device that does not
support the execution of scripts, the device SHOULD send a
'script-warning' notification message, but otherwise continue
processing the bootstrapping data as if the script had not
been present.
The script returns exit status code '0' on success and non-zero
on error, with accompanying stderr/stdout for logging purposes.
In the case of an error, the exit status code will specify what
the device should do.
If the exit status code is greater than zero, then the device
should assume that the script had a soft error, which the
script believes does not affect manageability. If the device
obtained the bootstrap information from a bootstrap server,
it SHOULD send a 'script-warning' notification message.
If the exit status code is less than zero, the device should
assume the script had a hard error, which the script believes
will affect manageability. In this case, the device SHOULD
send a 'script-error' notification message followed by a
reset that will force a new boot-image install (wiping out
anything the script may have done) and restart the entire
bootstrapping process again.";
}
}