-
Notifications
You must be signed in to change notification settings - Fork 4
1411 lines (1403 loc) · 62.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
module clixon-config {
yang-version 1.1;
namespace "http://clicon.org/config";
prefix cc;
import clixon-restconf {
prefix clrc;
}
import clixon-autocli {
prefix autocli;
}
import clixon-lib {
prefix cl;
}
organization
"Clicon / Clixon";
contact
"Olof Hagsand <[email protected]>";
description
"Clixon configuration file
***** BEGIN LICENSE BLOCK *****
Copyright (C) 2009-2019 Olof Hagsand
Copyright (C) 2020-2022 Olof Hagsand and Rubicon Communications, LLC(Netgate)
This file is part of CLIXON
Licensed under the Apache License, Version 2.0 (the \"License\");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an \"AS IS\" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Alternatively, the contents of this file may be used under the terms of
the GNU General Public License Version 3 or later (the \"GPL\"),
in which case the provisions of the GPL are applicable instead
of those above. If you wish to allow use of your version of this file only
under the terms of the GPL, and not to allow others to
use your version of this file under the terms of Apache License version 2,
indicate your decision by deleting the provisions above and replace them with
the notice and other provisions required by the GPL. If you do not delete
the provisions above, a recipient may use your version of this file under
the terms of any one of the Apache License version 2 or the GPL.
***** END LICENSE BLOCK *****";
revision 2024-04-01 {
description
"Added options:
CLICON_NETCONF_DUPLICATE_ALLOW: Disable duplicate check in NETCONF messages.
CLICON_LOG_DESTINATION: Default log destination
CLICON_LOG_FILE: Which file to log to if file logging
CLICON_DEBUG: Debug flags.
CLICON_YANG_SCHEMA_MOUNT_SHARE: Share same YANGs of equal moint-points.
CLICON_SOCK_PRIO: Enable socket event priority
CLICON_XMLDB_MULTI: Split datastore into multiple sub files
CLICON_CLI_OUTPUT_FORMAT: Default CLI output format
CLICON_AUTOLOCK: Implicit locks
Released in Clixon 7.1";
}
revision 2024-01-01 {
description
"Changed semantics:
CLICON_VALIDATE_STATE_XML - disable return sanity checks if false
Marked as obsolete:
CLICON_DATASTORE_CACHE
CLICON_NETCONF_CREATOR_ATTR
Changed semantics of
Released in Clixon 7.0";
}
revision 2023-11-01 {
description
"Added options:
CLICON_NETCONF_CREATOR_ATTR
Released in Clixon 6.5";
}
revision 2023-05-01 {
description
"Added options:
CLICON_CONFIG_EXTEND
CLICON_PLUGIN_DLOPEN_GLOBAL
Moved datastore-format datatype to clixon-lib
Released in Clixon 6.3";
}
revision 2023-03-01 {
description
"Added options:
CLICON_RESTCONF_NOALPN_DEFAULT
Extended datastore-format with CLI and text
Released in Clixon 6.2";
}
revision 2022-12-01 {
description
"Added options:
CLICON_YANG_SCHEMA_MOUNT
Removed (previosly marked) obsolete options:
CLICON_MODULE_LIBRARY_RFC7895
Released in Clixon 6.1";
}
revision 2022-11-01 {
description
"Added option:
CLICON_NETCONF_MONITORING
CLICON_NETCONF_MONITORING_LOCATION
Released in Clixon 6.0";
}
revision 2022-03-21 {
description
"Added option:
CLICON_RESTCONF_API_ROOT
CLICON_NETCONF_BASE_CAPABILITY
CLICON_HTTP_DATA_PATH
CLICON_HTTP_DATA_ROOT
CLICON_CLI_EXPAND_LEAFREF
Released in Clixon 5.7";
}
revision 2022-02-11 {
description
"Added option:
CLICON_LOG_STRING_LIMIT
CLICON_YANG_LIBRARY
Changed default value:
CLICON_MODULE_LIBRARY_RFC7895 to false
Removed (previosly marked) obsolete options:
CLICON_RESTCONF_PATH
CLICON_RESTCONF_PRETTY
CLICON_CLI_GENMODEL
CLICON_CLI_GENMODEL_TYPE
CLICON_CLI_GENMODEL_COMPLETION
CLICON_CLI_AUTOCLI_EXCLUDE
CLICON_CLI_MODEL_TREENAME
Released in Clixon 5.6";
}
revision 2021-12-05 {
description
"Imported
clixon-autocli.yang
Removed (previosly marked) obsolete options:
CLICON_YANG_LIST_CHECK
Marked as obsolete:
CLICON_CLI_GENMODEL (use autocli/enable-autocli instead)
CLICON_CLI_GENMODEL_TYPE (use autocli/list-keyword-default and compress rules instead)
CLICON_CLI_GENMODEL_COMPLETION (use autocli/completion-default instead)
CLICON_CLI_AUTOCLI_EXCLUDE (use autocli/module-default, rule/enable logic instead)
CLICON_CLI_MODEL_TREENAME (use constant AUTOCLI_TREENAME instead)
Released in Clixon 5.5";
}
revision 2021-11-11 {
description
"Added option:
CLICON_PLUGIN_CALLBACK_CHECK
CLICON_YANG_AUGMENT_ACCEPT_BROKEN
Modified options:
CLICON_CLI_GENMODEL_TYPE: added OC_COMPRESS enum
CLICON_YANG_DIR: recursive search
Released in Clixon 5.4";
}
revision 2021-07-11 {
description
"Added option:
CLICON_RESTCONF_HTTP2_PLAIN
Removed default value:
CLICON_RESTCONF_INSTALLDIR
Marked as obsolete:
CLICON_YANG_LIST_CHECK
Released in Clixon 5.3";
}
revision 2021-05-20 {
description
"Added option:
CLICON_RESTCONF_USER
CLICON_RESTCONF_PRIVILEGES
CLICON_RESTCONF_INSTALLDIR
CLICON_RESTCONF_STARTUP_DONTUPDATE
CLICON_NETCONF_MESSAGE_ID_OPTIONAL
Released in Clixon 5.2";
}
revision 2021-03-08 {
description
"Added option:
CLICON_NETCONF_HELLO_OPTIONAL
CLICON_CLI_AUTOCLI_EXCLUDE
CLICON_XMLDB_UPGRADE_CHECKOLD
Released in Clixon 5.1";
}
revision 2020-12-30 {
description
"Added option:
CLICON_ANONYMOUS_USER
Removed obsolete options:
CLICON_RESTCONF_IPV4_ADDR
CLICON_RESTCONF_IPV6_ADDR
CLICON_RESTCONF_HTTP_PORT
CLICON_RESTCONF_HTTPS_PORT
CLICON_SSL_SERVER_CERT
CLICON_SSL_SERVER_KEY
CLICON_SSL_CA_CERT
CLICON_TRANSACTION_MOD
Marked as obsolete and moved to clixon-restconf.yang:
CLICON_RESTCONF_PATH
CLICON_RESTCONF_PRETTY";
}
revision 2020-11-03 {
description
"Added CLICON_BACKEND_RESTCONF_PROCESS
Copied to clixon-restconf.yang and marked as obsolete:
CLICON_RESTCONF_IPV4_ADDR
CLICON_RESTCONF_IPV6_ADDR
CLICON_RESTCONF_HTTP_PORT
CLICON_RESTCONF_HTTPS_PORT
CLICON_SSL_SERVER_CERT
CLICON_SSL_SERVER_KEY
CLICON_SSL_CA_CERT
Removed obsolete option CLICON_TRANSACTION_MOD";
}
revision 2020-10-01 {
description
"Added: CLICON_CONFIGDIR.";
}
revision 2020-08-17 {
description
"Added: CLICON_RESTCONF_IPV4_ADDR, CLICON_RESTCONF_IPV6_ADDR,
CLICON_RESTCONF_HTTP_PORT, CLICON_RESTCONF_HTTPS_PORT
CLICON_NAMESPACE_NETCONF_DEFAULT,
CLICON_CLI_HELPSTRING_TRUNCATE, CLICON_CLI_HELPSTRING_LINES";
}
revision 2020-06-17 {
description
"Added: CLICON_CLI_LINES_DEFAULT
Added enum HIDE to CLICON_CLI_GENMODEL
Added CLICON_SSL_SERVER_CERT, CLICON_SSL_SERVER_KEY, CLICON_SSL_CA_CERT
Added CLICON_NACM_DISABLED_ON_EMPTY
Removed default valude of CLICON_NACM_RECOVERY_USER";
}
revision 2020-04-23 {
description
"Added: CLICON_YANG_UNKNOWN_ANYDATA to treat unknown XML (wrt YANG) as anydata.
Deleted: xml-stats non-config data (replaced by rpc stats in clixon-lib.yang)";
}
revision 2020-02-22 {
description
"Added: search index extension,
Added: clixon-stats state for clixon XML and memory statistics.
Added: CLICON_CLI_BUF_START and CLICON_CLI_BUF_THRESHOLD for quadratic and linear
growth of CLIgen buffers (cbuf:s)
Added: CLICON_VALIDATE_STATE_XML for controling validation of user state XML
Added: CLICON_CLICON_YANG_LIST_CHECK to skip list key checks";
}
revision 2019-09-11 {
description
"Added: CLICON_BACKEND_USER: drop of privileges to user,
CLICON_BACKEND_PRIVILEGES: how to drop privileges
CLICON_NACM_CREDENTIALS: If and how to check backend sock privileges with NACM
CLICON_NACM_RECOVERY_USER: Name of NACM recovery user.";
}
revision 2019-06-05 {
description
"Added: CLICON_YANG_REGEXP, CLICON_CLI_TAB_MODE,
CLICON_CLI_HIST_FILE, CLICON_CLI_HIST_SIZE,
CLICON_XML_CHANGELOG, CLICON_XML_CHANGELOG_FILE;
Renamed CLICON_XMLDB_CACHE to CLICON_DATASTORE_CACHE (changed type)
Deleted: CLICON_XMLDB_PLUGIN, CLICON_USE_STARTUP_CONFIG";
}
revision 2019-03-05{
description
"Changed URN. Changed top-level symbol to clixon-config.
Released in Clixon 3.10";
}
revision 2019-02-06 {
description
"Released in Clixon 3.9";
}
revision 2018-10-21 {
description
"Released in Clixon 3.8";
}
extension search_index {
description "This list argument acts as a search index using optimized binary search.
";
}
typedef startup_mode{
description
"Which method to boot/start clicon backend.
The methods differ in how they reach a running state
Which source database to commit from, if any.";
type enumeration{
enum none{
description
"Do not touch running state
Typically after crash when running state and db are synched";
}
enum init{
description
"Initialize running state.
Start with a completely clean running state";
}
enum running{
description
"Commit running db configuration into running state
After reboot if a persistent running db exists";
}
enum startup{
description
"Commit startup configuration into running state
After reboot when no persistent running db exists";
}
enum running-startup{
description
"First try running db, if it is empty try startup db.";
}
}
}
typedef datastore_cache{
description
"XML configuration, ie running/candididate/ datastore cache behaviour.";
type enumeration{
enum nocache{
description "No cache always work directly with file";
}
enum cache{
description "Use in-memory cache.
Make copies when accessing internally.";
}
enum cache-zerocopy{
description "Use in-memory cache and dont copy.
Fastest but opens up for callbacks changing cache.";
}
}
}
typedef nacm_mode{
description
"Mode of RFC8341 Network Configuration Access Control Model.
It is unclear from the RFC whether NACM rules are internal
in a configuration (ie embedded in regular config) or external/OOB
in s separate, specific NACM-config";
type enumeration{
enum disabled{
description "NACM is disabled";
}
enum internal{
description "NACM is enabled and available in the regular config";
}
enum external{
description "NACM is enabled and available in a separate config";
}
}
}
typedef regexp_mode{
description
"The regular expression engine Clixon uses in its validation of
Yang patterns, and in the CLI.
Yang RFC 7950 stipulates XSD XML Schema regexps
according to W3 CXML Schema Part 2: Datatypes Second Edition,
see http://www.w3.org/TR/2004/REC-xmlschema-2-20041028#regexs";
type enumeration{
enum posix {
description
"Translate XSD XML Schema regexp:s to Posix regexp. This is
not a complete translation, but can be considered good-enough
for Yang use-cases as defined by openconfig and yang-models
for example.";
}
enum libxml2 {
description
"Use libxml2 XSD XML Schema regexp engine. This is a complete
XSD regexp engine..
Requires libxml2 to be available at configure time
(HAVE_LIBXML2 should be set)";
}
}
}
typedef priv_mode{
description
"Privilege mode, used for dropping (or not) privileges to a non-provileged
user after initialization";
type enumeration{
enum none {
description
"Make no drop/change in privileges.";
}
enum drop_perm {
description
"After initialization, drop privileges permanently to a uid";
}
enum drop_temp {
description
"After initialization, drop privileges temporarily to a euid";
}
}
}
typedef nacm_cred_mode{
description
"How NACM user should be matched with unix socket peer credentials.
This means nacm user must match socket peer user accessing the
backend socket. For IP sockets only mode none makes sense.";
type enumeration{
enum none {
description
"Dont match NACM user to any user credentials. Any user can pose
as any other user. Set this for IP sockets, or dont use NACM.";
}
enum exact {
description
"Exact match between NACM user and unix socket peer user.";
}
enum except {
description
"Exact match between NACM user and unix socket peer user, except
for root and www user (restconf).";
}
}
}
typedef socket_address_family {
description "Address family for internal socket";
type enumeration{
enum UNIX {
description "Unix domain socket";
}
enum IPv4 {
description "IPv4";
}
enum IPv6 {
description "IPv6";
}
}
}
typedef log_destination_t {
description
"Log destination flags
Can also be given directly as -l <flag> to clixon commands
Note there are also constants in the code (logdstmap) that need to be
in sync with these values.
The duplication is because of bootstrapping, logging is needed before YANG
loaded";
type bits {
bit syslog {
position 0;
description "Syslog";
}
bit stderr {
position 1;
description "Standard I/O Error";
}
bit stdout {
position 2;
description "Standard I/O Output";
}
bit file {
position 3;
description "Log to file. By default clixon.log int current directory";
}
}
}
container clixon-config {
container restconf {
uses clrc:clixon-restconf;
}
container autocli {
uses autocli:clixon-autocli;
}
leaf-list CLICON_FEATURE {
description
"Supported features as used by YANG feature/if-feature
value is: <module>:<feature>, where <module> and <feature>
are either names, or the special character '*'.
*:* means enable all features
<module>:* means enable all features in the specified module
*:<feature> means enable the specific feature in all modules";
type string;
}
leaf-list CLICON_YANG_DIR {
ordered-by user;
type string;
description
"Yang directory path for finding module and submodule files.
A list of these options should be in the configuration.
When loading a Yang module, Clixon searches this list in the order
they appear.
Note since Clixon 5.4 such a directory is searched recursively, not just the
directory itself.
Ensure that YANG_INSTALLDIR (default
/usr/local/share/clixon) is present in the path";
}
/* Configuration */
leaf CLICON_CONFIGFILE{
type string;
description
"Location of the main configuration-file.
Default is CLIXON_DEFAULT_CONFIG=/usr/local/etc/clicon.xml set in configure.
Note that due to bootstrapping, this value is not actually read from file
and therefore a default value would be meaningless.";
}
leaf CLICON_CONFIGDIR{
type string;
description
"Location of directory of extra configuration files.
If not given, only main configfile is read.
If given, and if the directory exists, all files in this directory will be loaded
AFTER the main config file (CLICON_CONFIGFILE) in the following way:
- leaf values are overwritten
- leaf-list values are appended
The files in this directory are loaded alphabetically.
Only files ending with .xml are read
Sub-structures, eg <autocli> are replaced with the latest (alphabetically)
If the dir is given but does not exist will result in an error.
You can override file setting with -E <dir> command-line option.
Note that due to bootstraping this value is only meaningful in the main config file";
}
leaf CLICON_CONFIG_EXTEND {
type string;
description
"If specified load an application-specific configuration YANG that overrides
this config.
Normally, that YANG imports clixon-config.
This field is a 'bootstrap' field.
";
}
/* YANG */
leaf CLICON_YANG_MAIN_FILE {
type string;
description
"If specified load a yang module in a specific absolute filename.
This corresponds to the -y command-line option in most CLixon
programs.";
}
leaf CLICON_YANG_MAIN_DIR {
type string;
description
"If given, load all modules in this directory (all .yang files)
See also CLICON_YANG_DIR which specifies a path of dirs";
}
leaf CLICON_YANG_MODULE_MAIN {
type string;
description
"Option used to construct initial yang file:
<module>[@<revision>]";
}
leaf CLICON_YANG_MODULE_REVISION {
type string;
description
"Option used to construct initial yang file:
<module>[@<revision>].
Used together with CLICON_YANG_MODULE_MAIN";
}
leaf CLICON_YANG_REGEXP {
type regexp_mode;
default posix;
description
"The regular expression engine Clixon uses in its validation of
Yang patterns, and in the CLI.
There is a 'good-enough' posix translation mode and a complete
libxml2 mode";
}
leaf CLICON_YANG_UNKNOWN_ANYDATA{
type boolean;
default false;
description
"Treat unknown XML/JSON nodes as anydata when loading from startup db.
This does not apply to namespaces, which means a top-level node: xxx:yyy
is accepted only if yyy is unknown, not xxx.
Note that this option has several caveats which needs to be fixed. Please
use with care.
The primary issue is that the unknown->anydata handling is not restricted to
only loading from startup but may occur in other circumstances as well. This
means that sanity checks of erroneous XML/JSON may not be properly signalled.
Note this is similar to what happens to YANG nodes that are disabled by a false
if-feature statement.";
}
leaf CLICON_YANG_SCHEMA_MOUNT{
type boolean;
description
"YANG schema mount, RFC 8528.
When enabled, mount-points as defined by the 'yangmnt:mount-point' extension can
be populated by other YANGs than the root.
This is controlled by the ca_yang_mount plugin callback by returning a assigning a
yanglib module-set section that corresponds to the mounted YANGs.
Also, schema mount statistics is added to state data
Further, autocli syntax is added by definining a tree resolve wrapper";
default false;
}
leaf CLICON_YANG_SCHEMA_MOUNT_SHARE {
type boolean;
description
"For optimization purposes, share same YANGs of equal moint-points.
The mount-points need to be 'equal' in the sense that it has the same YANG
(yangmnt:mount-point is on same node).
A comparison is made between yang modules and revision and must match exactly.
If so, a new yang-spec is not created, instead the other is used.
Only if CLICON_YANG_SCHEMA_MOUNT is enabled";
default false;
}
leaf CLICON_YANG_AUGMENT_ACCEPT_BROKEN {
type boolean;
default false;
description
"Debug option. If enabled, accept broken augments on the form:
augment <target> { ... }
where <target> is an XPath which MUST be an existing node but for many
yangmodels do not.
There are several cases why this may be the case:
- syntax errors,
- features that need to be enabled
- wrong XPaths, etc
This option should be enabled only for passing some testcases it should
normally never be enabled in system YANGs that are used in a system.";
}
leaf CLICON_YANG_LIBRARY {
type boolean;
default true;
description
"Enable YANG library support as state data according to RFC8525.
If enabled, module info will appear when doing netconf get or
restconf GET.
The module state data is on the form:
<yang-library><module-set>...
instead where the module state is on the form:
<modules-state>...
See also CLICON_XMLDB_MODSTATE where the module state info is used to tag datastores
with module information.";
}
/* Backend */
leaf CLICON_BACKEND_DIR {
type string;
description
"Location of backend .so plugins. Load all .so
plugins in this dir as backend plugins";
}
leaf CLICON_BACKEND_REGEXP {
type string;
description
"Regexp of matching backend plugins in CLICON_BACKEND_DIR";
default "(.so)$";
}
leaf CLICON_BACKEND_USER {
type string;
description
"User name for backend (both foreground and daemonized).
If you set this value the backend if started as root will lower
the privileges after initialization.
The ownership of files created by the backend will also be set to this
user (eg datastores).
It also sets the backend unix socket owner to this user, but its group
is set by CLICON_SOCK_GROUP.
See also CLICON_BACKEND_PRIVILEGES setting";
}
leaf CLICON_BACKEND_PRIVILEGES {
type priv_mode;
default none;
description
"Backend privileges mode.
If CLICON_BACKEND_USER user is set, mode can be set to drop_perm or
drop_temp.
Drop privs may not be used together with CLICON_XMLDB_MULTI";
}
leaf CLICON_BACKEND_PIDFILE {
type string;
mandatory true;
description "Process-id file of backend daemon";
}
leaf CLICON_BACKEND_RESTCONF_PROCESS {
type boolean;
default false;
description
"If set, enable process-control of restconf daemon, ie start/stop restconf
daemon internally from backend daemon.
Also, if set, restconf daemon queries backend for its config
if not set, restconf daemon reads its config from main config file
It uses clixon-restconf.yang for config and clixon-lib.yang for RPC
Process control of restconf daemon is as follows:
- on RPC start, if enable is true, start the service, if false, error or ignore it
- on RPC stop, stop the service
- on backend start make the state as configured
- on enable change, make the state as configured
Disable if you start the restconf daemon by other means.";
}
/* Netconf */
leaf CLICON_NETCONF_DIR{
type string;
description "Location of netconf (frontend) .so plugins";
}
leaf CLICON_NETCONF_HELLO_OPTIONAL {
type boolean;
default false;
description
"This option relates to RFC 6241 Sec 8.1 Capabilies Exchange where it says:
When the NETCONF session is opened, each peer (both client and server) MUST
send a <hello> element...
If true, an RPC can be processed directly with no preceeding hello message.
This is legacy clixon but invalid according to the RFC.
If false, NETCONF hello messages are mandatory before any RPC can be processed.
That is, if clixon receives an rpc with no previous hello message, an error
is returned, which conforms to the RFC.
Note this applies only to external NETCONF, not the internal (IPC) netconf";
}
leaf CLICON_NETCONF_MESSAGE_ID_OPTIONAL {
type boolean;
default false;
description
"This option relates to RFC 6241 Sec 4.1 <rpc> Element
The <rpc> element has a mandatory attribute 'message-id', which is a
string chosen by the sender of the RPC.
If true, an RPC can be sent without a message-id.
This applies to both external NETCONF and internal (IPC) netconf";
}
leaf CLICON_NETCONF_BASE_CAPABILITY {
type int32;
default 1;
description
"This option relates to RFC6241 Sec 8.1 capabilities exchange.
This number is the highest netconf base capability announced during
the hello protocol.
Specifically, If the option number is 0, only 'urn:ietf:params:netconf:base:1.0'
is announced, if it is 1, both 'urn:ietf:params:netconf:base:1.0' and
'urn:ietf:params:netconf:base:1.1' are announced.
Base capability '1' includes switching over to chunked framing as defined in
RFC6242 for example.
This only applies to the external NETCONF";
}
leaf CLICON_NETCONF_CREATOR_ATTR {
type boolean;
default false;
description
"If set, clixon will accept the 'creator' attribute as defined by the
creator annotation in clixon-lib.
It can be used when several clients (such as a 'service') can create the same object.
If one such client/service is deleted, the object is deleted only if all services
that created the object are deleted.
The clixon controller uses this feature, but could in principle be used by other
applications.
Marked as obsolete in 7.0 since creators attribute replaced by clixon-lib creators
config";
status obsolete;
}
leaf CLICON_NETCONF_MONITORING {
type boolean;
default true;
description
"Enable Netconf monitoring support as state data according to RFC6022.
If enabled, netconf monitoring info will appear when doing netconf get or
restconf GET.";
}
leaf CLICON_NETCONF_MONITORING_LOCATION {
type string;
description
"Extra Netconf monitoring location directory where schemas can be retrieved
apart from NETCONF.
Only if CLICON_NETCONF_MONITORING";
}
leaf CLICON_NETCONF_DUPLICATE_ALLOW {
type boolean;
default false;
description
"Disable duplicate check in NETCONF messages.
In Clixon 7.0, a stricter check of duplicate entries in incoming NETCONF messages was made.
More specifically: lists and leaf-lists with non-unique entries.
Enable to disable this check, and to allow duplicates in incoming NETCONF messages.
Note that this is an error by such a client, but there is some legacy code that uses this";
}
/* HTTP and Restconf */
leaf CLICON_RESTCONF_API_ROOT {
type string;
default "/restconf";
description
"The RESTCONF API root path
See RFC 8040 Sec 1.16 and 3.1";
}
leaf CLICON_RESTCONF_DIR {
type string;
description
"Location of restconf (frontend) .so plugins. Load all .so
plugins in this dir as restconf code plugins
Note: This cannot be moved to clixon-restconf.yang because it is needed
early in the bootstrapping phase, before clixon-restconf.yang config may
be loaded.";
}
leaf CLICON_RESTCONF_INSTALLDIR {
type string;
description
"If set, path to dir of clixon-restconf daemon binary as used by backend if
started internally (run-time).
If this path is not set, clixon_restconf will be looked for according to
configured installdir: $(sbindir) (install-time)
Since programs can be moved around at install/cross-compile time the installed
dir may be difficult to know at install time, which is the reason why
CLICON_RESTCONF_INSTALLDIR exists, in order to override the Makefile
installdir.
Note on the installdir, DESTDIR is not included since according to man pages:
by specifying DESTDIR should not change the operation of the software in
any way, so its value should not be included in any file contents. ";
}
leaf CLICON_RESTCONF_STARTUP_DONTUPDATE {
type boolean;
default false;
description
"According to RFC 8040 Sec 1.4:
If the NETCONF server supports :startup, the RESTCONF server MUST automatically
update the [...] startup configuration [...] as a consequence of a RESTCONF
edit operation.
Setting this option disables this behaviour, ie the startup configuration is NOT
automatically updated.
If this option is false, the startup is automatically updated following the RFC";
}
leaf CLICON_RESTCONF_USER {
type string;
description
"Run clixon_daemon as this user
When drop privileges is used, the daemon will drop privileges to this user.
In pre-5.2 code this was configured as compile-time constant WWWUSER with
default value www-data
See also CLICON_PRIVILEGES setting";
default www-data;
}
leaf CLICON_RESTCONF_PRIVILEGES {
type priv_mode;
default drop_perm;
description
"Restconf privileges mode.
If drop_perm or drop_temp then drop privileges to CLICON_RESTCONF_USER.
If the platform does not support getresuid and accompanying functions, the mode
must be set to 'none'.
";
}
leaf CLICON_RESTCONF_HTTP2_PLAIN {
type boolean;
default false;
description
"Applies to plain (non-tls) http/2 ie when clixon is configured with --enable-nghttp2
If false, disable direct and upgrade for plain(non-tls) HTTP/2.
If true, allow direct and upgrade for plain(non-tls) HTTP/2.
It may especially useful to disable in http/1 + http/2 mode to avoid the complex
upgrade/switch from http/1 to http/2.
Note this also disables plain http/2 in prior-knowledge, that is, in http/2-only mode.
HTTP/2 in https(TLS) is unaffected";
}
leaf CLICON_NOALPN_DEFAULT {
type string;
description
"By default Clixon Restconf over TLS/HTTPS uses ALPN for protocol selection.
This option controls the behavior if a client does NOT use ALPN for TLS.
AND both http/1 and http/2 is configured in Clixon.
If the value is not set (or other value), Clixon closes the socket(reset)
If the value is 'http/1.1' then HTTP/1.1 is selected
If the value is 'http/2' then HTTP/2 is selected
Note that if Clixon is configured for only HTTP/1 (--disable-nghttp2),
then HTTP/1 is selected if the client does not use ALPN.
Likewise, if Clixon is configured for only HTTP/2 (--disable-http1),
then HTTP/2 is selected if the client does not use ALPN.
This option does not apply for plain (non-TLS) HTTP";
}
leaf CLICON_HTTP_DATA_PATH {
if-feature "clrc:http-data";
default "/";
type string;
description
"URI match for http-data serving files specified by CLICON_HTTP_DATA_ROOT.
Must start with / (example: /)
Restconf paths at /restconf is always done before data (or streams)
The PATH is appended to CLICON_HTTP_DATA_ROOT to find a file.
Example, if PATH is /data and ROOT is /www, and a GET /index.html, the
corresponding file is '/www/data/index.html'
Both feature clixon-restconf:http-data and restconf/enable-http-data
must be enabled for this match to occur.";
}
leaf CLICON_HTTP_DATA_ROOT{
if-feature "clrc:http-data";
type string;
default "/var/www";
description
"Location in file system where http-data files are looked for.
Soft links, '..', '~' etc are not followed.
See also CLICON_HTTP_DATA_PATH
Both feature clixon-restconf:http-data and restconf/enable-http-data
must be enabled for this match to occur.";
}
/* Clixon CLI */
leaf CLICON_CLI_DIR {
type string;
description
"Directory containing frontend cli loadable plugins. Load all .so
plugins in this directory as CLI object plugins";
}
leaf CLICON_CLISPEC_DIR {
type string;
description
"Directory containing frontend cligen spec files. Load all .cli
files in this directory as CLI specification files.
See also CLICON_CLISPEC_FILE.";
}
leaf CLICON_CLISPEC_FILE {
type string;
description
"Specific frontend cligen spec file as alternative or complement
to CLICON_CLISPEC_DIR. Also available as -c in clixon_cli.";
}
leaf CLICON_CLI_MODE {
type string;
default "base";
description
"Startup CLI mode. This should match a CLICON_MODE variable set in
one of the clispec files";
}
leaf CLICON_CLI_VARONLY {
type int32;
default 1;
description
"Dont include keys in cvec in cli vars callbacks,
ie a & k in 'a <b> k <c>' ignored
(consider boolean)";
}
leaf CLICON_CLI_LINESCROLLING {
type int32;
default 1;
description
"Set to 0 if you want CLI INPUT to wrap to next line.
Set to 1 if you want CLI INPUT to scroll sideways when approaching
right margin";
}
leaf CLICON_CLI_LINES_DEFAULT {
type int32;
default 24;
description
"Set to number of CLI terminal rows for scrolling. 0 means unlimited.
The number is set statically UNLESS:
- there is no terminal, such as file input, in which case nr lines is 0
- there is a terminal sufficiently powerful to read the number of lines from
ioctl calls.
In other words, this setting is used ONLY on raw terminals such as serial
consoles.";
}
leaf CLICON_CLI_TAB_MODE {
type int8;
default 0;
description
"Set CLI tab mode. This is a bitfield of three bits:
bit 1: 0: <tab> shows short info of available commands
1: <tab> has same output as <?>, ie line per command
bit 2: 0: On <tab>, select a command over a <var> if both exist
1: Commands and vars have same preference.
bit 3: 0: On <tab>, never complete more than one level per <tab>
1: Complete all levels at once if possible.
";
}
leaf CLICON_CLI_UTF8 {
type int8;
default 0;
description
"Set to 1 to enable CLIgen UTF-8 experimental mode.
Note that this feature is EXPERIMENTAL and may not properly handle
scrolling, control characters, etc
(consider boolean)";
}
leaf CLICON_CLI_HIST_FILE {
type string;
default "~/.clixon_cli_history";
description
"Name of CLI history file. If not given, history is not saved.
The number of lines is saved is given by CLICON_CLI_HIST_SIZE.";
}
leaf CLICON_CLI_HIST_SIZE {
type int32;
default 300;
description
"Number of lines to save in CLI history.
Also, if CLICON_CLI_HIST_FILE is set, also the size in lines
of the saved history.";
}
leaf CLICON_CLI_BUF_START {
type uint32;
default 256;
description
"CLIgen buffer (cbuf) initial size.
When the buffer needs to grow, the allocation grows quadratic up to a threshold
after which linear growth continues.
See CLICON_CLI_BUF_THRESHOLD";
}
leaf CLICON_CLI_BUF_THRESHOLD {
type uint32;
default 65536;
description
"CLIgen buffer (cbuf) threshold size.
When the buffer exceeds the threshold, the allocation grows by adding the threshold
value to the buffer length.
If 0, the growth continues with quadratic growth.
See CLICON_CLI_BUF_THRESHOLD";
}
leaf CLICON_CLI_HELPSTRING_TRUNCATE {
type boolean;
default false;
description
"CLIgen help string on query (?): Truncate help string on right margin mode
This only applies if you have long help strings, such as when generating them from a
spec such as the autocli";
}
leaf CLICON_CLI_HELPSTRING_LINES {
type int32;