Difference between revisions of "Yuma Quickstart Guide"
(Created page with '<center>'''Yuma Quickstart Guide'''</center> <center>YANG-Based Unified Modular Automation Tools</center> <center>Client/Server Quickstart Guide</center> <center>Version 2.…') |
|||
Line 8: | Line 8: | ||
− | <center>Version 2. |
+ | <center>Version yuma123-2.5</center> |
− | <center>Last Updated: |
+ | <center>Last Updated: 2015-12-09</center> |
+ | = Preface = |
||
− | 1 Preface4 |
||
− | |||
− | 1.1 Legal Statements4 |
||
− | |||
− | 1.2 Additional Resources4 |
||
− | |||
− | 1.2.1 WEB Sites4 |
||
− | |||
− | 1.2.2 Mailing Lists5 |
||
− | |||
− | 1.3 Conventions Used in this Document5 |
||
− | |||
− | 2 Introduction6 |
||
− | |||
− | 2.1 Intended Audience6 |
||
− | |||
− | 2.2 What is NETCONF and YANG?6 |
||
− | |||
− | 2.3 How Does an Operator Use NETCONF and YANG?7 |
||
− | |||
− | 2.4 How Does a Developer Use NETCONF and YANG?7 |
||
− | |||
− | 3 Getting Started with toaster.yang8 |
||
− | |||
− | 3.1 What is libtoaster?8 |
||
− | |||
− | 3.2 Start the netconfd server8 |
||
− | |||
− | 3.2.1 Configuration Defaults8 |
||
− | |||
− | 3.2.2 SSH Server9 |
||
− | |||
− | 3.2.3 NETCONF Server9 |
||
− | |||
− | 3.3 Start the yangcli client10 |
||
− | |||
− | 3.3.1 Configuration Defaults10 |
||
− | |||
− | 3.3.2 Run yangcli10 |
||
− | |||
− | 3.3.3 Startup Screen11 |
||
− | |||
− | 3.3.4 Command Line Editing11 |
||
− | |||
− | 3.3.5 Escape Commands11 |
||
− | |||
− | 3.4 Getting Context Sensitive Help11 |
||
− | |||
− | 3.4.1 Tab Key for Command Completion12 |
||
− | |||
− | 3.4.2 The '?' and '??' Escape Sequences12 |
||
− | |||
− | 3.4.3 The 'help' Command13 |
||
− | |||
− | 3.5 Start a NETCONF session14 |
||
− | |||
− | 3.5.1 The connect Command14 |
||
− | |||
− | 3.5.2 Fixing Connection Problems14 |
||
− | |||
− | 3.6 Enable Notification Delivery15 |
||
− | |||
− | 3.7 Load the Toaster Module15 |
||
− | |||
− | 3.8 Enable the Toaster16 |
||
− | |||
− | 3.8.1 Lock the Databases17 |
||
− | |||
− | 3.8.2 Create the toaster Container17 |
||
− | |||
− | 3.8.3 Save the Database Changes17 |
||
− | |||
− | 3.8.4 Unlock the Databases18 |
||
− | |||
− | 3.9 Get the Toaster State Information18 |
||
− | |||
− | 3.10 Start Making Toast19 |
||
− | |||
− | 3.11 Stop Making Toast20 |
||
− | |||
− | 3.12 Close the NETCONF Session20 |
||
− | |||
− | 4 Advanced Topics21 |
||
− | |||
− | 4.1 Data Retrieval21 |
||
− | |||
− | 4.1.1 Basic NETCONF Retrieval Operations21 |
||
− | |||
− | 4.1.2 Default Value Filtering22 |
||
− | |||
− | 4.1.3 Special Retrieval Operations22 |
||
− | |||
− | 4.2 Notifications23 |
||
− | |||
− | 4.2.1 Notification Contents23 |
||
− | |||
− | 4.2.2 Notification Replay25 |
||
− | |||
− | 4.2.3 The interleave capability26 |
||
− | |||
− | 4.3 Database Editing26 |
||
− | |||
− | 4.3.1 The Target Database26 |
||
− | |||
− | 4.3.2 Database Locking27 |
||
− | |||
− | 4.3.3 Non-Volatile Storage27 |
||
− | |||
− | 4.3.4 Editing Commands27 |
||
− | |||
− | 4.4 Access Control28 |
||
− | |||
− | 4.5 Variables28 |
||
− | |||
− | 4.6 Scripts30 |
||
− | |||
− | 5 toaster.yang31= Preface = |
||
== Legal Statements == |
== Legal Statements == |
||
Copyright 2009 - 2012, Andy Bierman, All Rights Reserved. |
Copyright 2009 - 2012, Andy Bierman, All Rights Reserved. |
||
+ | |||
+ | Copyright 2013 – 2015, Vladimir Vassilev, All Rights Reserved. |
||
== Additional Resources == |
== Additional Resources == |
||
This document assumes you have successfully set up the software as described in the printed document: |
This document assumes you have successfully set up the software as described in the printed document: |
||
− | Yuma |
+ | [[Yuma Installation Guide]] |
− | |||
Other documentation includes: |
Other documentation includes: |
||
− | Yuma User Manual |
+ | [[Yuma User Manual]] |
− | |||
− | Yuma<sup> </sup>netconfd Manual |
||
− | |||
− | Yuma<sup> </sup>yangcli Manual |
||
− | |||
− | Yuma<sup> </sup>yangdiff Manual |
||
− | |||
− | Yuma yangdump Manual |
||
− | |||
− | Yuma<sup> </sup>Developer Manual |
||
− | |||
− | |||
− | To obtain additional support you may join the yuma-users group on sourceforge.net and send email to this e-mail address: |
||
− | |||
− | yuma-users@lists.sourceforge.net |
||
+ | [[Yuma netconfd Manual]] |
||
− | The SourceForge.net Support Page for Yuma can be found at this WEB page: |
||
+ | [[Yuma yangcli Manual]] |
||
− | [http://sourceforge.net/projects/yuma/support http://sourceforge.net/projects/yuma/support] |
||
+ | [[Yuma Developer Manual]] |
||
There are several sources of free information and tools for use with YANG and/or NETCONF. |
There are several sources of free information and tools for use with YANG and/or NETCONF. |
||
Line 170: | Line 41: | ||
** [http://www.netconfcentral.org/ http://www.netconfcentral.org/] |
** [http://www.netconfcentral.org/ http://www.netconfcentral.org/] |
||
** Yuma Home Page |
** Yuma Home Page |
||
− | + | ** Free information on NETCONF and YANG, tutorials, on-line YANG module validation and documentation database |
|
− | * ''' |
+ | * '''Yuma123 SourceForge open source project''' |
− | ** [http://sourceforge.net/projects/ |
+ | ** [http://sourceforge.net/projects/yuma123/ http://sourceforge.net/projects/yuma123/] |
− | + | ** Download Yuma source and documentation |
|
* '''Yang Central''' |
* '''Yang Central''' |
||
** [http://www.yang-central.org/ http://www.yang-central.org] |
** [http://www.yang-central.org/ http://www.yang-central.org] |
||
Line 190: | Line 61: | ||
** Offers support, training, and consulting for Yuma. |
** Offers support, training, and consulting for Yuma. |
||
** Offers YumaPro, a professional version of Yuma that includes concurrency, external database support, sub-agent support, multiple northbound interfaces, and more. API compatible with Yuma. Availability: September, 2012. Licensed. |
** Offers YumaPro, a professional version of Yuma that includes concurrency, external database support, sub-agent support, multiple northbound interfaces, and more. API compatible with Yuma. Availability: September, 2012. Licensed. |
||
+ | * '''Transpacket''' |
||
+ | ** [http://www.transpacket.com/ http://www.transpacket.com] |
||
+ | ** Offers Linux based embedded operating system distribution which uses Yuma for configuration and monitoring. |
||
+ | ** Offers support, training, and consulting for YANG and netconf. |
||
=== Mailing Lists === |
=== Mailing Lists === |
||
Line 202: | Line 77: | ||
The following formatting conventions are used throughout this document: |
The following formatting conventions are used throughout this document: |
||
− | <center>'''Documentation Conventions'''</center> |
||
− | |||
− | |||
− | |||
− | {| style="border-spacing:0;" |
||
− | ! <center>Convention</center> |
||
− | ! <center>Description</center> |
||
+ | {| class="wikitable" border="1" |
||
+ | !Convention |
||
+ | !Description |
||
|- |
|- |
||
+ | | '''--foo''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''--foo''' |
||
+ | | CLI parameter foo |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| CLI parameter foo |
||
− | |||
|- |
|- |
||
+ | | '''<nowiki><foo></nowiki>''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''<nowiki><foo></nowiki>''' |
||
+ | | XML parameter foo |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| XML parameter foo |
||
− | |||
|- |
|- |
||
+ | | '''foo''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''foo''' |
||
+ | | '''yangcli''' command or parameter |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| '''yangcli''' command or parameter |
||
− | |||
|- |
|- |
||
+ | | '''$FOO''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''$FOO''' |
||
+ | | Environment variable FOO |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| Environment variable FOO |
||
− | |||
|- |
|- |
||
+ | | '''$$foo''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''$$foo''' |
||
+ | | '''yangcli''' global variable foo |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| '''yangcli''' global variable foo |
||
− | |||
|- |
|- |
||
+ | | |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| some text |
||
+ | some text |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| Example command or PDU |
||
+ | | Example command or PDU |
||
− | |||
|- |
|- |
||
+ | | some text |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| some text |
||
+ | | Plain text |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| Plain text |
||
+ | |} |
||
− | |} |
||
= Introduction = |
= Introduction = |
||
− | [[Image:]] |
+ | [[Image:yuma-tools.png]] |
− | Refer to section 3 of the Yuma User Manual for a complete introduction to Yuma Tools. |
+ | Refer to section 3 of the [[Yuma User Manual]] for a complete introduction to Yuma Tools. |
This section focuses on the client and server tools within the Yuma Tools programs. |
This section focuses on the client and server tools within the Yuma Tools programs. |
||
Line 278: | Line 144: | ||
Much of the NETCONF protocol related code is handled by the NETCONF stack, based on the YANG module contents. Therefore, the most important task for a developer is designing a good YANG module. |
Much of the NETCONF protocol related code is handled by the NETCONF stack, based on the YANG module contents. Therefore, the most important task for a developer is designing a good YANG module. |
||
− | After the YANG module is written, the |
+ | After the YANG module is written, the device instrumentation code for the YANG module is then added by the developer. The code uses the Yuma API to register callbacks and access the YANG database. The 'callback code' is called from the NETCONF stack when database operation requests for the object(s) in the YANG module are received by the server. |
Once this library is completed, the YANG module and its binary server instrumentation library (SIL) can be loaded into the NETCONF server at run-time. There is no need to recompile the '''netconfd''' server, or even reboot it. |
Once this library is completed, the YANG module and its binary server instrumentation library (SIL) can be loaded into the NETCONF server at run-time. There is no need to recompile the '''netconfd''' server, or even reboot it. |
||
− | |||
− | Once the YANG module and its instrumentation code is completed, it needs be published, so operators and application developers can use the WEB documentation and other tools to access the information in the NETCONF server. |
||
= Getting Started with toaster.yang = |
= Getting Started with toaster.yang = |
||
This section will demonstrate the basic operation of Yuma Tools to use a NETCONF session to manage a remote device with a YANG data model. The Yuma Tools programs and libraries must already be installed. Refer to the Yuma Tools Installation Guide if this has not yet been done. |
This section will demonstrate the basic operation of Yuma Tools to use a NETCONF session to manage a remote device with a YANG data model. The Yuma Tools programs and libraries must already be installed. Refer to the Yuma Tools Installation Guide if this has not yet been done. |
||
− | The '''yangcli''' client program and '''netconfd''' server program do not need to be |
+ | The '''yangcli''' client program and '''netconfd''' server program do not need to be installed on the same machine. For simplicity, the server address 'localhost' is used in the examples below. |
Line 295: | Line 159: | ||
The new YANG version of the TOASTER-MIB is different is some ways: |
The new YANG version of the TOASTER-MIB is different is some ways: |
||
− | * extensible YANG identities are |
+ | * extensible YANG identities are used to identify the bread type, instead of a hard-wired enumerated list. |
− | * <nowiki>protocol operations (<make-toast> and <cancel-toast>) are instead of an 'up/down' switch within the database. </nowiki>NETCONF databases are intended to contain persistent data structures, and 'actions' such as starting or stopping the toaster are done with new protocol operations, instead of editing the database with the standard operations. |
+ | * <nowiki>protocol operations (<make-toast> and <cancel-toast>) are used instead of an 'up/down' switch within the database. </nowiki>NETCONF databases are intended to contain persistent data structures, and 'actions' such as starting or stopping the toaster are done with new protocol operations, instead of editing the database with the standard operations. |
* A simple configuration 'presence container' object is used to enable and disable the toaster service, instead of hard-wiring the toaster service availability. |
* A simple configuration 'presence container' object is used to enable and disable the toaster service, instead of hard-wiring the toaster service availability. |
||
* A notification is generated when the toast is done or canceled. This notification can be used instead of polling the toaster status object. |
* A notification is generated when the toast is done or canceled. This notification can be used instead of polling the toaster status object. |
||
Line 305: | Line 169: | ||
If the '''netconfd''' server is already running, then skip this section. |
If the '''netconfd''' server is already running, then skip this section. |
||
− | Details for all the '''netconfd''' configuration parameters can be found in the |
+ | Details for all the '''netconfd''' configuration parameters can be found in the [[Yuma netconfd Manual]]. |
− | |||
− | There is also a sample configuration file (default location): |
||
− | |||
− | * '''/etc/yuma/sample-netconfd.conf''' |
||
− | |||
− | This file contains all the default settings for the configuration parameters. |
||
− | |||
− | To change the default settings, copy and edit this file (example commands) |
||
− | |||
− | |||
− | mydir> '''sudo cp /etc/yuma/sample-netconfd.conf /etc/yuma/netconfd.conf''' |
||
− | mydir> '''sudo emacs /etc/yuma/netconfd.conf''' |
||
=== Configuration Defaults === |
=== Configuration Defaults === |
||
Line 340: | Line 192: | ||
=== SSH Server === |
=== SSH Server === |
||
To start the NETCONF server, make sure that the '''sshd''' server is running, and the following configuration is included in '''/etc/ssh/sshd_config.''' |
To start the NETCONF server, make sure that the '''sshd''' server is running, and the following configuration is included in '''/etc/ssh/sshd_config.''' |
||
− | |||
'''Port 22''' |
'''Port 22''' |
||
Line 352: | Line 203: | ||
To start the '''netconfd''' server in the foreground: |
To start the '''netconfd''' server in the foreground: |
||
− | |||
mydir> '''/usr/sbin/netconfd --superuser=joe''' |
mydir> '''/usr/sbin/netconfd --superuser=joe''' |
||
Starting netconfd... |
Starting netconfd... |
||
Copyright (c) 2009, Netconf Central, Inc., All Rights Reserved. |
Copyright (c) 2009, Netconf Central, Inc., All Rights Reserved. |
||
+ | |||
+ | Default startup config file (startup-cfg.xml) not found. |
||
+ | Booting with default running configuration! |
||
+ | If no startup configuration is available, then the server defaults will be used instead. Any message about 'startup-cfg.xml' not found can be ignored. It just means the server booted with the factory default configuration. |
||
− | agt: Startup config loaded OK |
||
− | Source: /home/joe/data/startup-cfg.xml |
||
− | |||
− | This example shows that the '$HOME/data' directory in the data search path contained the startup configuration file. If no startup configuration is available, then the server defaults will be used instead. Any message about 'startup-cfg.xml' not found can be ignored. It just means the server booted with the factory default configuration. |
||
− | |||
To start the '''netconfd''' server in the background: |
To start the '''netconfd''' server in the background: |
||
+ | mydir> /usr/sbin/netconfd --superuser=joe --log=~/mylog & |
||
− | |||
− | mydir> '''/usr/sbin/netconfd --superuser=joe --log=~/mylog &''' |
||
mydir> |
mydir> |
||
Line 390: | Line 238: | ||
=== Run yangcli === |
=== Run yangcli === |
||
− | The yangcli program should be |
+ | The yangcli program should be found in the PATH environment variable. |
− | |||
mydir> '''yangcli''' |
mydir> '''yangcli''' |
||
If the yangcli program is not found, then try the full path: |
If the yangcli program is not found, then try the full path: |
||
− | |||
mydir> '''/usr/bin/yangcli''' |
mydir> '''/usr/bin/yangcli''' |
||
Line 413: | Line 259: | ||
Any previous command line (except a password parameter line) can be recalled and used again. |
Any previous command line (except a password parameter line) can be recalled and used again. |
||
− | Any command in the command buffer (current or recalled) can be edited. The default key settings are aligned with the emacs editor. Refer to the Yuma |
+ | Any command in the command buffer (current or recalled) can be edited. The default key settings are aligned with the emacs editor. Refer to the [[Yuma yangcli Manual]] for more details. |
=== Escape Commands === |
=== Escape Commands === |
||
Line 419: | Line 265: | ||
It is possible to get help, skip a parameter, or even cancel the entire command during one of these sub-command modes, by using an escape command. This is a 1 or 2 character command, followed by the 'enter' key (as usual to end a command). |
It is possible to get help, skip a parameter, or even cancel the entire command during one of these sub-command modes, by using an escape command. This is a 1 or 2 character command, followed by the 'enter' key (as usual to end a command). |
||
− | |||
<center>'''Escape Command Summary'''</center> |
<center>'''Escape Command Summary'''</center> |
||
+ | {| class="wikitable" border="1" |
||
− | |||
+ | ! command |
||
− | {| style="border-spacing:0;" |
||
+ | ! description |
||
− | ! <center>command</center> |
||
− | ! <center>description</center> |
||
− | |||
|- |
|- |
||
+ | | ?s |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| ?s |
||
+ | | skip the current parameter |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| skip the current parameter |
||
− | |||
|- |
|- |
||
+ | | ?c |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| ?c |
||
+ | | cancel the current command |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| cancel the current command |
||
− | |||
|- |
|- |
||
+ | | ? |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| ? |
||
+ | | get help |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| get help |
||
− | |||
|- |
|- |
||
+ | | ?? |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| ?? |
||
+ | | get full help |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| get full help |
||
− | |||
|} |
|} |
||
<nowiki>Using the '?s' command to skip a parameter may cause the <rpc> request to be invalid.</nowiki> |
<nowiki>Using the '?s' command to skip a parameter may cause the <rpc> request to be invalid.</nowiki> |
||
Line 469: | Line 308: | ||
<center>'''Help Escape Sequences'''</center> |
<center>'''Help Escape Sequences'''</center> |
||
+ | {| class="wikitable" border="1" |
||
− | |||
+ | ! sequence |
||
− | |||
+ | ! description |
||
− | {| style="border-spacing:0;" |
||
− | ! <center>sequence</center> |
||
− | ! <center>description</center> |
||
− | |||
|- |
|- |
||
+ | | ? |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| ? |
||
− | + | | Print some help text, but not description statements and some other information. |
|
− | |||
|- |
|- |
||
+ | | ?? |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| ?? |
||
+ | | Print maximum help text. |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| Print maximum help text. |
||
+ | |} |
||
− | |} |
||
The following example shows the help text for the 'user' parameter for the 'connect' operation: |
The following example shows the help text for the 'user' parameter for the 'connect' operation: |
||
yangcli> '''connect''' |
yangcli> '''connect''' |
||
+ | |||
− | |||
<nowiki>Enter string value for leaf <user> </nowiki> |
<nowiki>Enter string value for leaf <user> </nowiki> |
||
yangcli:connect> '''? ''' |
yangcli:connect> '''? ''' |
||
+ | |||
− | |||
<nowiki>leaf user [NcxUserName] </nowiki> |
<nowiki>leaf user [NcxUserName] </nowiki> |
||
length: 1..63 |
length: 1..63 |
||
<nowiki>pattern: [a-z,A-Z][a-z,A-Z,0-9,\-,_,\.]{0,62} </nowiki> |
<nowiki>pattern: [a-z,A-Z][a-z,A-Z,0-9,\-,_,\.]{0,62} </nowiki> |
||
+ | |||
− | |||
<nowiki>Enter string value for leaf <user> </nowiki> |
<nowiki>Enter string value for leaf <user> </nowiki> |
||
yangcli:connect> |
yangcli:connect> |
||
Line 502: | Line 337: | ||
After that, the previous prompt will be redisplayed. |
After that, the previous prompt will be redisplayed. |
||
− | |||
=== The 'help' Command === |
=== The 'help' Command === |
||
Line 510: | Line 344: | ||
+ | {| class="wikitable" border="1" |
||
− | |||
+ | ! command |
||
− | {| style="border-spacing:0;" |
||
+ | ! description |
||
− | ! <center>command</center> |
||
− | ! <center>description</center> |
||
− | |||
|- |
|- |
||
− | + | | <nowiki>help <comand-name></nowiki>help command <nowiki><command-name></nowiki> |
|
− | + | | Display help for the specified yangcli command or YANG rpc statement. |
|
− | |||
|- |
|- |
||
+ | | help commands |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| help commands |
||
− | + | | Display help text for all commands. |
|
− | |||
|- |
|- |
||
− | + | | <nowiki>help object <object-name></nowiki> |
|
− | + | | Display help text for a YANG database top-level object (only if its module is available). |
|
− | |||
|- |
|- |
||
− | + | | help notification <nowiki><notification-name></nowiki> |
|
− | + | | Display help text for a YANG notification event (only if its module is available). |
|
− | |||
|- |
|- |
||
− | + | | <nowiki>help type <type-name></nowiki> |
|
− | + | | Display help text for an exported YANG data type (only if its module is available). |
|
− | |||
|} |
|} |
||
Each of the help command variants also accepts a 'help-mode' parameter to control how much help text is displayed: |
Each of the help command variants also accepts a 'help-mode' parameter to control how much help text is displayed: |
||
Line 542: | Line 369: | ||
− | {| |
+ | {| class="wikitable" border="1" |
− | ! |
+ | ! mode |
− | ! |
+ | ! description |
− | |||
|- |
|- |
||
+ | | --brief |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| --brief |
||
+ | | Display minimal help text. |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| Display minimal help text. |
||
− | |||
|- |
|- |
||
+ | | --normal |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| --normal |
||
− | + | | Display a lot, but not always all the help text available (default mode). |
|
− | |||
|- |
|- |
||
+ | | --full |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| --full |
||
− | + | | Display all available help text, including description statements. |
|
− | |||
|} |
|} |
||
The following table shows some valid help commands: |
The following table shows some valid help commands: |
||
Line 563: | Line 386: | ||
− | {| |
+ | {| class="wikitable" border="1" |
− | ! |
+ | ! command |
− | ! |
+ | ! description |
− | |||
|- |
|- |
||
+ | | help help |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| help help |
||
− | + | | Get normal help for the help command. |
|
− | |||
|- |
|- |
||
+ | | help commands brief |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| help commands brief |
||
− | + | | Get a 1 line description of each command. |
|
− | |||
|- |
|- |
||
+ | | help object system full |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| help object system full |
||
− | + | | Get all available help for the /system container and all its descendant nodes. |
|
− | |||
|- |
|- |
||
+ | | help type NcxIdentifier |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| help type NcxIdentifier |
||
− | + | | Get summary and description of the data type called 'NcxIdentifier'. |
|
− | |||
|- |
|- |
||
− | + | | help notification sysSessionStart |
|
− | + | | Get a summary of the 'sysSessionStart' notification, and each of objects in its payload. |
|
+ | |} |
||
− | |} |
||
== Start a NETCONF session == |
== Start a NETCONF session == |
||
Each yangcli program instance can run 1 NETCONF session at a time. |
Each yangcli program instance can run 1 NETCONF session at a time. |
||
If no session is currently active, then the prompt will contain just the program name, indicating that the 'connect' command is available: |
If no session is currently active, then the prompt will contain just the program name, indicating that the 'connect' command is available: |
||
− | |||
yangcli> |
yangcli> |
||
Line 609: | Line 426: | ||
If a partial command is given, then yangcli will prompt for any missing mandatory parameters. In this example, the complete command is given at once: |
If a partial command is given, then yangcli will prompt for any missing mandatory parameters. In this example, the complete command is given at once: |
||
+ | yangcli'''>''' '''connect server=localhost user=joe password=yangrocks''' |
||
− | |||
− | yangcli'''>''' '''connect server=localhost user=guest password=yangrocks''' |
||
After this command is entered, '''yangcli''' will generate some informational log messages to the screen. |
After this command is entered, '''yangcli''' will generate some informational log messages to the screen. |
||
Line 616: | Line 432: | ||
If the session is started successfully, a summary of the server session capabilities and available modules should be displayed. Also, the command prompt will change to indicate that a NETCONF session is currently active. |
If the session is started successfully, a summary of the server session capabilities and available modules should be displayed. Also, the command prompt will change to indicate that a NETCONF session is currently active. |
||
+ | yangcli joe@localhost> |
||
− | |||
− | yangcli guest@localhost> |
||
At this point any command supported by the server can be entered, in addition to any '''yangcli''' command (except 'connect'). |
At this point any command supported by the server can be entered, in addition to any '''yangcli''' command (except 'connect'). |
||
Line 638: | Line 453: | ||
− | yangcli |
+ | yangcli joe@localhost> '''create-subscription''' |
+ | |||
− | |||
RPC OK Reply 2 for session 1: |
RPC OK Reply 2 for session 1: |
||
+ | |||
− | |||
− | yangcli |
+ | yangcli joe@localhost> |
Depending on other activity within the NETCONF server, it is possible other notification events, such as 'sysSessionStart' or 'sysSessionEnd' will be generated. Notifications are displayed in their entirety, but not during 'rpc reply output'. If a command is being entered, the notification will be displayed, and then the command line restored. |
Depending on other activity within the NETCONF server, it is possible other notification events, such as 'sysSessionStart' or 'sysSessionEnd' will be generated. Notifications are displayed in their entirety, but not during 'rpc reply output'. If a command is being entered, the notification will be displayed, and then the command line restored. |
||
Line 654: | Line 469: | ||
− | yangcli |
+ | yangcli joe@localhost> '''load toaster''' |
+ | |||
− | |||
RPC Data Reply 2 for session 1: |
RPC Data Reply 2 for session 1: |
||
+ | |||
− | |||
rpc-reply { |
rpc-reply { |
||
mod-revision 2009-11-20 |
mod-revision 2009-11-20 |
||
} |
} |
||
+ | |||
− | |||
Incoming notification: |
Incoming notification: |
||
notification { |
notification { |
||
Line 667: | Line 482: | ||
sysCapabilityChange { |
sysCapabilityChange { |
||
changed-by { |
changed-by { |
||
− | userName |
+ | userName joe |
sessionId 1 |
sessionId 1 |
||
remoteHost 127.0.0.1 |
remoteHost 127.0.0.1 |
||
Line 676: | Line 491: | ||
sequence-id 3 |
sequence-id 3 |
||
} |
} |
||
+ | |||
− | |||
− | yangcli |
+ | yangcli joe@localhost> |
Line 685: | Line 500: | ||
− | yangcli |
+ | yangcli joe@localhost> '''mgrload toaster''' |
+ | |||
− | |||
Load module 'toaster' OK |
Load module 'toaster' OK |
||
+ | |||
− | |||
− | yangcli |
+ | yangcli joe@localhost> |
== Enable the Toaster == |
== Enable the Toaster == |
||
Try to make some toast, using the 'make-toast' command: |
Try to make some toast, using the 'make-toast' command: |
||
+ | yangcli joe@localhost> '''make-toast''' |
||
− | |||
+ | |||
− | yangcli guest@localhost> '''make-toast''' |
||
− | |||
RPC Error Reply 4 for session 1: |
RPC Error Reply 4 for session 1: |
||
+ | |||
− | |||
rpc-reply { |
rpc-reply { |
||
rpc-error { |
rpc-error { |
||
Line 711: | Line 525: | ||
} |
} |
||
} |
} |
||
+ | |||
− | |||
− | yangcli |
+ | yangcli joe@localhost> |
What happened? |
What happened? |
||
Line 724: | Line 538: | ||
The yangcli program has a high-level command to deal with locking, called 'get-locks'. It will handle retries for any missing locks, until an overall timeout occurs or all the locks needed are acquired. |
The yangcli program has a high-level command to deal with locking, called 'get-locks'. It will handle retries for any missing locks, until an overall timeout occurs or all the locks needed are acquired. |
||
+ | yangcli joe@localhost>''' get-locks''' |
||
− | |||
+ | |||
− | yangcli guest@localhost>''' get-locks''' |
||
− | |||
<nowiki>Sending <lock> operations for get-locks... </nowiki> |
<nowiki>Sending <lock> operations for get-locks... </nowiki> |
||
+ | |||
− | |||
get-locks finished OK |
get-locks finished OK |
||
− | yangcli |
+ | yangcli joe@localhost> |
=== Create the toaster Container === |
=== Create the toaster Container === |
||
Line 740: | Line 553: | ||
− | yangcli |
+ | yangcli joe@localhost>''' create /toaster''' |
+ | |||
− | |||
Filling container /toaster: |
Filling container /toaster: |
||
RPC OK Reply 5 for session 1: |
RPC OK Reply 5 for session 1: |
||
+ | |||
− | |||
− | yangcli |
+ | yangcli joe@localhost> |
<nowiki>Now the /toaster node is created in the <candidate> database.</nowiki> |
<nowiki>Now the /toaster node is created in the <candidate> database.</nowiki> |
||
+ | === Commit the Database Changes === |
||
+ | In order to activate these changes, the 'commit' command needs to be issued. |
||
+ | yangcli joe@localhost> '''commit''' |
||
− | === Save the Database Changes === |
||
+ | |||
− | In order to activate these changes, the 'save' command needs to be issued. |
||
− | |||
− | This is a high-level '''yangcli''' operation that issues the 'commit' or 'copy-config' operation, depending on the database target for the current session. |
||
− | |||
− | |||
− | yangcli guest@localhost> '''save''' |
||
− | |||
− | Saving configuration to non-volative storage |
||
RPC OK Reply 6 for session 1: |
RPC OK Reply 6 for session 1: |
||
+ | |||
− | |||
Incoming notification: |
Incoming notification: |
||
notification { |
notification { |
||
eventTime 2009-12-28T00:59:58Z |
eventTime 2009-12-28T00:59:58Z |
||
sysConfigChange { |
sysConfigChange { |
||
− | userName |
+ | userName joe |
sessionId 1 |
sessionId 1 |
||
remoteHost 127.0.0.1 |
remoteHost 127.0.0.1 |
||
Line 776: | Line 584: | ||
} |
} |
||
− | The 'RPC OK' message indicate that the server successfully |
+ | The 'RPC OK' message indicate that the server successfully commited the configuration. |
The 'sysConfigChange' notification indicates what was changed in the running configuration, and who made the change(s). |
The 'sysConfigChange' notification indicates what was changed in the running configuration, and who made the change(s). |
||
Line 788: | Line 596: | ||
− | yangcli |
+ | yangcli joe@localhost> '''release-locks ''' |
+ | |||
− | |||
<nowiki>Sending <unlock> operations for release-locks... </nowiki> |
<nowiki>Sending <unlock> operations for release-locks... </nowiki> |
||
+ | |||
− | |||
− | yangcli |
+ | yangcli joe@localhost> |
== Get the Toaster State Information == |
== Get the Toaster State Information == |
||
Line 799: | Line 607: | ||
<nowiki>The 'sget' command is high-level subtree filter handler for the <get> operation:</nowiki> |
<nowiki>The 'sget' command is high-level subtree filter handler for the <get> operation:</nowiki> |
||
+ | yangcli joe@localhost> '''sget /toaster''' |
||
− | |||
− | yangcli guest@localhost> '''sget /toaster''' |
||
<nowiki>The 'xget' command is high-level XPath filter handler for the <get> operation. </nowiki>It is only available if the NETCONF server supports the ''':xpath '''capability (like '''netconfd'''). |
<nowiki>The 'xget' command is high-level XPath filter handler for the <get> operation. </nowiki>It is only available if the NETCONF server supports the ''':xpath '''capability (like '''netconfd'''). |
||
+ | yangcli joe@localhost> '''xget /toaster''' |
||
− | |||
− | yangcli guest@localhost> '''xget /toaster''' |
||
Both commands should return the same data: |
Both commands should return the same data: |
||
− | |||
Filling container /toaster: |
Filling container /toaster: |
||
RPC Data Reply 7 for session 1: |
RPC Data Reply 7 for session 1: |
||
+ | |||
− | |||
rpc-reply { |
rpc-reply { |
||
data { |
data { |
||
Line 830: | Line 635: | ||
Instead of using the default parameter values, let's make a frozen waffle a little less done than normal: |
Instead of using the default parameter values, let's make a frozen waffle a little less done than normal: |
||
+ | yangcli joe@localhost> '''make-toast toasterDoneness=4 toasterToastType=toast:frozen-waffle ''' |
||
− | |||
+ | |||
− | yangcli guest@localhost> '''make-toast toasterDoneness=4 toasterToastType=toast:frozen-waffle ''' |
||
− | |||
RPC OK Reply 8 for session 1: |
RPC OK Reply 8 for session 1: |
||
Line 838: | Line 642: | ||
After about 40 seconds, the 'toastDone' notification should be received: |
After about 40 seconds, the 'toastDone' notification should be received: |
||
− | |||
Incoming notification: |
Incoming notification: |
||
Line 850: | Line 653: | ||
This 'toastDone' event shows that the toast was completed, and is ready to eat. |
This 'toastDone' event shows that the toast was completed, and is ready to eat. |
||
− | |||
== Stop Making Toast == |
== Stop Making Toast == |
||
Line 857: | Line 659: | ||
Repeat the previous command (Control-P should recall the previous command): |
Repeat the previous command (Control-P should recall the previous command): |
||
+ | yangcli joe@localhost> '''make-toast toasterDoneness=4 toasterToastType=toast:frozen-waffle ''' |
||
− | |||
+ | |||
− | yangcli guest@localhost> '''make-toast toasterDoneness=4 toasterToastType=toast:frozen-waffle ''' |
||
− | |||
RPC OK Reply 9 for session 1: |
RPC OK Reply 9 for session 1: |
||
Now enter the 'cancel-toast' command right away, before the waffle finishes: |
Now enter the 'cancel-toast' command right away, before the waffle finishes: |
||
+ | yangcli joe@localhost> '''cancel-toast ''' |
||
− | |||
+ | |||
− | yangcli guest@localhost> '''cancel-toast ''' |
||
− | |||
RPC OK Reply 10 for session 1: |
RPC OK Reply 10 for session 1: |
||
+ | |||
− | |||
Incoming notification: |
Incoming notification: |
||
notification { |
notification { |
||
Line 883: | Line 683: | ||
To close the NETCONF session, use the 'close-session' command: |
To close the NETCONF session, use the 'close-session' command: |
||
+ | yangcli joe@localhost> '''close-session''' |
||
− | |||
+ | |||
− | yangcli guest@localhost> '''close-session''' |
||
− | |||
RPC OK Reply 11 for session 1: |
RPC OK Reply 11 for session 1: |
||
+ | |||
− | |||
ses: session 1 shut by remote peer |
ses: session 1 shut by remote peer |
||
yangcli> |
yangcli> |
||
Line 894: | Line 693: | ||
The terminate the yangcli program, use the 'quit' command: |
The terminate the yangcli program, use the 'quit' command: |
||
− | |||
yangcli> '''quit ''' |
yangcli> '''quit ''' |
||
+ | |||
− | |||
− | mydir> |
+ | mydir> |
= Advanced Topics = |
= Advanced Topics = |
||
This section introduces some advanced features of the NETCONF protocol and YANG data modeling language. |
This section introduces some advanced features of the NETCONF protocol and YANG data modeling language. |
||
− | |||
== Data Retrieval == |
== Data Retrieval == |
||
Line 926: | Line 723: | ||
− | {| |
+ | {| class="wikitable" border="1" |
− | ! |
+ | ! command |
− | ! |
+ | ! description |
− | ! |
+ | ! example |
− | |||
|- |
|- |
||
+ | | '''get''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''get''' |
||
− | + | | <nowiki>plain <get> operation</nowiki> |
|
+ | | get with-defaults=trim |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| get with-defaults=trim |
||
− | |||
|- |
|- |
||
+ | | '''get-config''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''get-config''' |
||
− | + | | <nowiki>plain <get-config> operation</nowiki> |
|
+ | | get-config source=candidate |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| get-config source=candidate |
||
− | |||
|- |
|- |
||
+ | | '''sget''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''sget''' |
||
− | + | | <nowiki><get> with a subtree filter</nowiki> |
|
+ | | sget /system |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| sget /system |
||
− | |||
|- |
|- |
||
+ | | '''sget-config''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''sget-config''' |
||
− | + | | <nowiki><get-config> with a subtree filter</nowiki> |
|
− | + | | sget-config source=running /nacm/rules |
|
− | |||
|- |
|- |
||
+ | | '''xget''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''xget''' |
||
− | + | | <nowiki><get> with an XPath filter</nowiki> |
|
+ | | xget "/interfaces-state/interface/statistics" |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:0.05pt solid #000000;padding:0.0382in;"| xget "//interface/counters" |
||
− | |||
|- |
|- |
||
+ | | '''xget-config''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''xget-config''' |
||
− | + | | <nowiki><get-config> with an XPath filter</nowiki> |
|
− | + | | <nowiki>xget-config source=candidate "/interface[name='eth0']"</nowiki> |
|
+ | |} |
||
+ | |||
− | |} |
||
<nowiki>The retrieval commands return an element named <data> containing the requested XML subtrees.</nowiki> |
<nowiki>The retrieval commands return an element named <data> containing the requested XML subtrees.</nowiki> |
||
If any identifier nodes (YANG key leafs) are needed to distinguish the data in the reply, they will be added as needed by the server. <nowiki>In the 'xget' example above, the <name> element for each interface would be returned, even though it was not directly requested by the XPath expression.</nowiki> |
If any identifier nodes (YANG key leafs) are needed to distinguish the data in the reply, they will be added as needed by the server. <nowiki>In the 'xget' example above, the <name> element for each interface would be returned, even though it was not directly requested by the XPath expression.</nowiki> |
||
− | |||
=== Default Value Filtering === |
=== Default Value Filtering === |
||
Line 979: | Line 770: | ||
− | yangcli |
+ | yangcli joe@localhost>''' set-my-session with-defaults=report-all ''' |
+ | |||
− | |||
RPC OK Reply 12 for session 1: |
RPC OK Reply 12 for session 1: |
||
+ | |||
− | |||
− | yangcli |
+ | yangcli joe@localhost> |
In this example, the 'basic' behavior is changed from 'explicit' to 'report-all', but just for session 1. This setting is temporary, and will not be remembered when the session is terminated. <nowiki>If the <with-defaults> parameter is present, it will be used instead of this value.</nowiki> |
In this example, the 'basic' behavior is changed from 'explicit' to 'report-all', but just for session 1. This setting is temporary, and will not be remembered when the session is terminated. <nowiki>If the <with-defaults> parameter is present, it will be used instead of this value.</nowiki> |
||
Line 995: | Line 786: | ||
There are 2 custom retrieval operations supported by '''netconfd''': |
There are 2 custom retrieval operations supported by '''netconfd''': |
||
− | |||
<center>'''Special Retrieval Operations'''</center> |
<center>'''Special Retrieval Operations'''</center> |
||
+ | {| class="wikitable" border="1" |
||
− | |||
+ | ! operation |
||
− | |||
+ | ! description |
||
− | {| style="border-spacing:0;" |
||
− | ! <center>operation</center> |
||
− | ! <center>description</center> |
||
− | |||
|- |
|- |
||
+ | | '''get-schema''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''get-schema''' |
||
− | + | | Retrieve the YANG or YIN source file for one of the modules advertised by the server.This is a standard operation defined in the '''ietf-netconf-monitoring''' module. |
|
− | |||
|- |
|- |
||
+ | | '''get-my-session''' |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| '''get-my-session''' |
||
− | + | | Retrieve the customizable settings for my session. This is a proprietary operation defined in the '''yuma-my-session''' module. |
|
+ | |} |
||
− | |} |
||
== Notifications == |
== Notifications == |
||
Notifications are used in NETCONF to send server event information to the client application. |
Notifications are used in NETCONF to send server event information to the client application. |
||
Line 1,026: | Line 812: | ||
=== Notification Contents === |
=== Notification Contents === |
||
− | [[Image:]] |
+ | [[Image:notification-structure.png]] |
The 'notification' element is sent from the server to the client, if an event occurs, and the client has created a notification subscription. |
The 'notification' element is sent from the server to the client, if an event occurs, and the client has created a notification subscription. |
||
Line 1,037: | Line 823: | ||
=== Notification Replay === |
=== Notification Replay === |
||
− | [[Image:]] |
+ | [[Image:notification-replay-buffer.png]] |
The NETCONF server will maintain an ordered buffer of saved notification events, if the :notification-replay capability is supported by the server. For the '''netconfd''' server, this is a configurable feature, set by the '''--eventlog-size''' parameter. |
The NETCONF server will maintain an ordered buffer of saved notification events, if the :notification-replay capability is supported by the server. For the '''netconfd''' server, this is a configurable feature, set by the '''--eventlog-size''' parameter. |
||
Line 1,043: | Line 829: | ||
The '''netconfd''' default is to save the most recent 1000 notification events. |
The '''netconfd''' default is to save the most recent 1000 notification events. |
||
− | Only system events are saved and are available for retrieval. The ' |
+ | Only system events are saved and are available for retrieval. The 'replayComplete' and 'subscriptionComplete' events are session-specific events, and are therefore not saved in the replay buffer. |
The 'create-subscription' command has 2 parameters to request that stored notifications be delivered to the client session: |
The 'create-subscription' command has 2 parameters to request that stored notifications be delivered to the client session: |
||
Line 1,064: | Line 850: | ||
<nowiki>Every NETCONF server must allow arbitrary partial (and concurrent) editing to its configuration with the <edit-config> operation. </nowiki>Refer to the Yuma Tools User Manual for complete details on this NETCONF operation. The '''yangcli''' program has simplified editing commands, which are explained below. |
<nowiki>Every NETCONF server must allow arbitrary partial (and concurrent) editing to its configuration with the <edit-config> operation. </nowiki>Refer to the Yuma Tools User Manual for complete details on this NETCONF operation. The '''yangcli''' program has simplified editing commands, which are explained below. |
||
− | <nowiki>The <config> element within an <edit-config> PDU represents the 'root node' (/) in the path expression for each node in the conceptual database. </nowiki>Each top-level YANG object that is supported and configured will be represented as child nodes this root node. The conceptual database can be processed as an XML instance document with multiple top nodes (similar to XSLT rules). |
+ | <nowiki>The <config> element within an <edit-config> PDU represents the 'root node' (/) in the path expression for each node in the conceptual database. </nowiki>Each top-level YANG object that is supported and configured will be represented as child nodes to this root node. The conceptual database can be processed as an XML instance document with multiple top nodes (similar to XSLT rules). |
Database editing in NETCONF has several variants, but basically, it follows this simple procedure: |
Database editing in NETCONF has several variants, but basically, it follows this simple procedure: |
||
Line 1,070: | Line 856: | ||
# Lock the database(s) that will be affected. |
# Lock the database(s) that will be affected. |
||
# <nowiki>Use <edit-config> or <copy-config> on the target database to make changes.</nowiki> |
# <nowiki>Use <edit-config> or <copy-config> on the target database to make changes.</nowiki> |
||
− | # Activate and save the database edits. |
+ | # Activate and save/commit the database edits. |
# Unlock the database(s) that were previously locked. |
# Unlock the database(s) that were previously locked. |
||
Line 1,079: | Line 865: | ||
The '''yangcli''' program will automatically handle the target database management, based on the server capabilities reported each session, if the 'save' command is used. <nowiki>The manual procedure (<commit> and/or maybe <copy-config> operations) is also supported, but do not mix them within the same editing session.</nowiki> |
The '''yangcli''' program will automatically handle the target database management, based on the server capabilities reported each session, if the 'save' command is used. <nowiki>The manual procedure (<commit> and/or maybe <copy-config> operations) is also supported, but do not mix them within the same editing session.</nowiki> |
||
− | |||
=== Database Locking === |
=== Database Locking === |
||
Line 1,109: | Line 894: | ||
=== Editing Commands === |
=== Editing Commands === |
||
− | <nowiki>The <edit-config> operation should be used make configuration changes. </nowiki><nowiki>The <copy-config> operation can also be used, but this is a blunt hammer approach. </nowiki>Although the '''netconfd''' server will always analyze the edit request and only affect the nodes that actually changed, this is not a requirement in the standard. |
+ | <nowiki>The <edit-config> operation should be used to make configuration changes. </nowiki><nowiki>The <copy-config> operation can also be used, but this is a blunt hammer approach. </nowiki>Although the '''netconfd''' server will always analyze the edit request and only affect the nodes that actually changed, this is not a requirement in the standard. |
<nowiki>The <edit-config> operation allows the operator to have precise control of the server. </nowiki>These database edits are performed by the server using a combination of 3 factors: |
<nowiki>The <edit-config> operation allows the operator to have precise control of the server. </nowiki>These database edits are performed by the server using a combination of 3 factors: |
||
Line 1,118: | Line 903: | ||
The '''yangcli'''<nowiki> program provides some high-level commands to automatically handle the complexity of the <edit-config> operation. </nowiki>These commands use XPath expressions and a series of interactive prompts (e.g., for the mandatory nodes and key leafs) to fill in the specified data structures, and construct an optimized NETCONF message. |
The '''yangcli'''<nowiki> program provides some high-level commands to automatically handle the complexity of the <edit-config> operation. </nowiki>These commands use XPath expressions and a series of interactive prompts (e.g., for the mandatory nodes and key leafs) to fill in the specified data structures, and construct an optimized NETCONF message. |
||
− | |||
<center>'''yangcli Editing Commands'''</center> |
<center>'''yangcli Editing Commands'''</center> |
||
+ | {| class="wikitable" border="1" |
||
− | |||
− | |||
− | {| style="border-spacing:0;" |
||
! <center>command</center> |
! <center>command</center> |
||
! <center>description</center> |
! <center>description</center> |
||
− | |||
|- |
|- |
||
+ | | create |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| create |
||
− | + | | Create a new sub-tree, only if it does not already exist |
|
− | |||
|- |
|- |
||
+ | | delete |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| delete |
||
− | + | | Delete an existing sub-tree, only if it exists |
|
− | |||
|- |
|- |
||
+ | | merge |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| merge |
||
− | + | | Merge the source sub-tree into the target sub-tree, keeping any existing nodes that are not explicitly contained in the source. |
|
− | |||
|- |
|- |
||
+ | | replace |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| replace |
||
− | + | | Merge the source sub-tree into the target sub-tree, deleting any existing nodes that are not explicitly contained in the source. <nowiki>This is the mode used for the <copy-config> operation.</nowiki> |
|
− | |||
|- |
|- |
||
+ | | insert |
||
− | | style="border-top:none;border-bottom:0.05pt solid #000000;border-left:0.05pt solid #000000;border-right:none;padding:0.0382in;"| insert |
||
− | + | | Insert or move a YANG list or leaf-list entry |
|
+ | |} |
||
− | |} |
||
Refer to the Yuma Tools User Manual for details on these commands. |
Refer to the Yuma Tools User Manual for details on these commands. |
||
Line 1,175: | Line 952: | ||
Variables are set with assignment statements. Here are some examples: |
Variables are set with assignment statements. Here are some examples: |
||
+ | yangcli joe@localhost>''' $$backup = get-config source=running''' |
||
− | |||
+ | yangcli joe@localhost>''' $$bad-data = "warn"''' |
||
− | |||
− | yangcli |
+ | yangcli joe@localhost>'''<nowiki> $itf = "//interface[name='eth0']"</nowiki>''' |
− | yangcli guest@localhost>''' $$bad-data = "warn"''' |
||
− | yangcli guest@localhost>'''<nowiki> $itf = "//interface[name='eth0']"</nowiki>''' |
||
Note that in order to assign a string value (e.g., $$bad-data = "warn" above), single or double quotes must be used. An unquoted string will be interpreted as a command name, not a simple string value. |
Note that in order to assign a string value (e.g., $$bad-data = "warn" above), single or double quotes must be used. An unquoted string will be interpreted as a command name, not a simple string value. |
||
− | |||
Variables are referenced in a similar manner, except the variable is on the right-hand side of the equation. These commands are equivalent in this example: |
Variables are referenced in a similar manner, except the variable is on the right-hand side of the equation. These commands are equivalent in this example: |
||
+ | yangcli joe@localhost>''' @myfile.xml = xget select=$itf''' |
||
− | |||
− | yangcli |
+ | yangcli joe@localhost>'''<nowiki> @myfile.xml = xget //interface[name='eth0']</nowiki>''' |
− | yangcli guest@localhost>'''<nowiki> @myfile.xml = xget //interface[name='eth0']</nowiki>''' |
||
Complex variable substitution is also supported: |
Complex variable substitution is also supported: |
||
+ | yangcli joe@localhost>''' copy-config source=$$backup target=candidate''' |
||
− | |||
− | |||
− | yangcli guest@localhost>''' copy-config source=$$backup target=candidate''' |
||
Note that '''yangcli''' will attempt to figure out the structure of the parameter (e.g., 'source' and 'target' above), and adjust the NETCONF operation content. In the example above, since 'source' and 'target' are choices, the real nodes within the cases are examined, and the most appropriate case is selected. <nowiki>The 'source' parameter will contain an in-line <config> element with all the child nodes in the </nowiki>'''$$backup''' variable, and the target parameter will contain an empty element named '''<nowiki><candidate>.</nowiki>''' |
Note that '''yangcli''' will attempt to figure out the structure of the parameter (e.g., 'source' and 'target' above), and adjust the NETCONF operation content. In the example above, since 'source' and 'target' are choices, the real nodes within the cases are examined, and the most appropriate case is selected. <nowiki>The 'source' parameter will contain an in-line <config> element with all the child nodes in the </nowiki>'''$$backup''' variable, and the target parameter will contain an empty element named '''<nowiki><candidate>.</nowiki>''' |
||
Line 1,206: | Line 977: | ||
The command 'show vars' can be used to see the current value of all program variables: |
The command 'show vars' can be used to see the current value of all program variables: |
||
− | |||
yangcli andy@localhost> '''show vars ''' |
yangcli andy@localhost> '''show vars ''' |
||
+ | |||
− | |||
No CLI variables |
No CLI variables |
||
+ | |||
− | |||
Read-only system variables |
Read-only system variables |
||
+ | |||
− | |||
− | HOME /home/ |
+ | HOME /home/joe |
HOSTNAME |
HOSTNAME |
||
LANG en_US.UTF-8 |
LANG en_US.UTF-8 |
||
− | PWD /home/ |
+ | PWD /home/joe |
SHELL /bin/bash |
SHELL /bin/bash |
||
− | USER |
+ | USER joe |
YUMA_DATAPATH |
YUMA_DATAPATH |
||
− | YUMA_HOME |
+ | YUMA_HOME |
YUMA_MODPATH |
YUMA_MODPATH |
||
YUMA_RUNPATH |
YUMA_RUNPATH |
||
+ | |||
− | |||
Read-write system variables |
Read-write system variables |
||
+ | |||
− | |||
autocomp true |
autocomp true |
||
autoload true |
autoload true |
||
Line 1,240: | Line 1,010: | ||
test-option none |
test-option none |
||
timeout 30 |
timeout 30 |
||
− | user |
+ | user joe |
with-defaults none |
with-defaults none |
||
+ | |||
− | |||
No global variables |
No global variables |
||
+ | |||
− | |||
No local variables |
No local variables |
||
+ | |||
− | |||
− | yangcli |
+ | yangcli joe@localhost> |
== Scripts == |
== Scripts == |
||
Line 1,264: | Line 1,034: | ||
= toaster.yang = |
= toaster.yang = |
||
The toaster.yang module is included here for reference. |
The toaster.yang module is included here for reference. |
||
− | |||
module toaster { |
module toaster { |
||
+ | |||
− | |||
− | namespace "http://netconfcentral. |
+ | namespace "http://netconfcentral.org/ns/toaster"; |
+ | |||
− | |||
prefix "toast"; |
prefix "toast"; |
||
+ | |||
− | |||
organization |
organization |
||
− | "Netconf Central |
+ | "Netconf Central"; |
+ | |||
− | |||
contact |
contact |
||
− | + | "Andy Bierman <andy@netconfcentral.org>"; |
|
+ | |||
− | |||
description |
description |
||
"YANG version of the TOASTER-MIB."; |
"YANG version of the TOASTER-MIB."; |
||
+ | |||
− | |||
+ | |||
revision 2009-11-20 { |
revision 2009-11-20 { |
||
description "Toaster module in progress."; |
description "Toaster module in progress."; |
||
} |
} |
||
+ | |||
− | |||
identity toast-type { |
identity toast-type { |
||
description |
description |
||
Line 1,291: | Line 1,061: | ||
future."; |
future."; |
||
} |
} |
||
+ | |||
− | |||
identity white-bread { |
identity white-bread { |
||
description |
description |
||
Line 1,297: | Line 1,067: | ||
base toast:toast-type; |
base toast:toast-type; |
||
} |
} |
||
+ | |||
− | |||
identity wheat-bread { |
identity wheat-bread { |
||
description |
description |
||
Line 1,303: | Line 1,073: | ||
base toast-type; |
base toast-type; |
||
} |
} |
||
+ | |||
− | |||
identity wonder-bread { |
identity wonder-bread { |
||
description |
description |
||
Line 1,309: | Line 1,079: | ||
base toast-type; |
base toast-type; |
||
} |
} |
||
+ | |||
− | |||
identity frozen-waffle { |
identity frozen-waffle { |
||
description |
description |
||
Line 1,315: | Line 1,085: | ||
base toast-type; |
base toast-type; |
||
} |
} |
||
+ | |||
− | |||
identity frozen-bagel { |
identity frozen-bagel { |
||
description |
description |
||
Line 1,321: | Line 1,091: | ||
base toast-type; |
base toast-type; |
||
} |
} |
||
+ | |||
− | |||
identity hash-brown { |
identity hash-brown { |
||
description |
description |
||
Line 1,327: | Line 1,097: | ||
base toast-type; |
base toast-type; |
||
} |
} |
||
+ | |||
− | |||
typedef DisplayString { |
typedef DisplayString { |
||
description |
description |
||
Line 1,336: | Line 1,106: | ||
} |
} |
||
} |
} |
||
+ | |||
− | |||
container toaster { |
container toaster { |
||
presence |
presence |
||
"Indicates the toaster service is available"; |
"Indicates the toaster service is available"; |
||
+ | |||
− | |||
description |
description |
||
"Top-level container for all toaster database objects."; |
"Top-level container for all toaster database objects."; |
||
+ | |||
− | |||
leaf toasterManufacturer { |
leaf toasterManufacturer { |
||
type DisplayString; |
type DisplayString; |
||
Line 1,352: | Line 1,122: | ||
Microsoft Toaster."; |
Microsoft Toaster."; |
||
} |
} |
||
+ | |||
− | |||
leaf toasterModelNumber { |
leaf toasterModelNumber { |
||
type DisplayString; |
type DisplayString; |
||
Line 1,361: | Line 1,131: | ||
Radiant Automatic."; |
Radiant Automatic."; |
||
} |
} |
||
+ | |||
− | |||
leaf toasterStatus { |
leaf toasterStatus { |
||
type enumeration { |
type enumeration { |
||
Line 1,375: | Line 1,145: | ||
"The toaster knob position is down. |
"The toaster knob position is down. |
||
Toast is being made now."; |
Toast is being made now."; |
||
+ | |||
− | |||
} |
} |
||
} |
} |
||
Line 1,385: | Line 1,155: | ||
} |
} |
||
} |
} |
||
+ | |||
− | |||
rpc make-toast { |
rpc make-toast { |
||
description |
description |
||
Line 1,423: | Line 1,193: | ||
} |
} |
||
} |
} |
||
+ | |||
− | |||
rpc cancel-toast { |
rpc cancel-toast { |
||
description |
description |
||
Line 1,430: | Line 1,200: | ||
if the toaster service is disabled."; |
if the toaster service is disabled."; |
||
} |
} |
||
+ | |||
− | |||
notification toastDone { |
notification toastDone { |
||
description |
description |
||
"Indicates that the toast in progress has completed."; |
"Indicates that the toast in progress has completed."; |
||
+ | |||
− | |||
leaf toastStatus { |
leaf toastStatus { |
||
description |
description |
||
Line 1,455: | Line 1,225: | ||
} |
} |
||
} |
} |
||
+ | |||
− | |||
− | + | ||
+ | /************************************************************* |
||
− | |||
+ | |||
Original TOASTER-MIB |
Original TOASTER-MIB |
||
+ | |||
− | |||
TOASTER-MIB DEFINITIONS ::= BEGIN |
TOASTER-MIB DEFINITIONS ::= BEGIN |
||
+ | |||
− | |||
IMPORTS |
IMPORTS |
||
enterprises |
enterprises |
||
Line 1,469: | Line 1,240: | ||
DisplayString |
DisplayString |
||
FROM RFC-1213; |
FROM RFC-1213; |
||
+ | |||
− | |||
epilogue OBJECT IDENTIFIER ::= {enterprises 12} |
epilogue OBJECT IDENTIFIER ::= {enterprises 12} |
||
toaster OBJECT IDENTIFIER ::= {epilogue 2} |
toaster OBJECT IDENTIFIER ::= {epilogue 2} |
||
+ | |||
− | |||
+ | |||
toasterManufacturer OBJECT-TYPE |
toasterManufacturer OBJECT-TYPE |
||
SYNTAX DisplayString |
SYNTAX DisplayString |
||
Line 1,481: | Line 1,253: | ||
Microsoft Toaster." |
Microsoft Toaster." |
||
::= {toaster 1} |
::= {toaster 1} |
||
+ | |||
− | |||
toasterModelNumber OBJECT-TYPE |
toasterModelNumber OBJECT-TYPE |
||
SYNTAX DisplayString |
SYNTAX DisplayString |
||
Line 1,490: | Line 1,262: | ||
Radiant Automatic." |
Radiant Automatic." |
||
::= {toaster 2} |
::= {toaster 2} |
||
+ | |||
− | |||
toasterControl OBJECT-TYPE |
toasterControl OBJECT-TYPE |
||
SYNTAX INTEGER {up (1), down (2)} |
SYNTAX INTEGER {up (1), down (2)} |
||
Line 1,500: | Line 1,272: | ||
(perhaps in the event of an emergency), set it to up (2)." |
(perhaps in the event of an emergency), set it to up (2)." |
||
::= {toaster 3} |
::= {toaster 3} |
||
+ | |||
− | |||
toasterDoneness OBJECT-TYPE |
toasterDoneness OBJECT-TYPE |
||
SYNTAX INTEGER (1..10) |
SYNTAX INTEGER (1..10) |
||
Line 1,512: | Line 1,284: | ||
lightly." |
lightly." |
||
::= {toaster 4} |
::= {toaster 4} |
||
+ | |||
− | |||
toasterToastType OBJECT-TYPE |
toasterToastType OBJECT-TYPE |
||
SYNTAX INTEGER { |
SYNTAX INTEGER { |
||
Line 1,533: | Line 1,305: | ||
the required doneness." |
the required doneness." |
||
::= {toaster 5} |
::= {toaster 5} |
||
+ | |||
− | |||
END |
END |
||
+ | |||
− | <nowiki>*************************************************************/</nowiki> |
||
+ | *************************************************************/ |
||
+ | |||
+ | |||
} |
} |
Revision as of 17:24, 10 December 2015
Contents
- 1 Preface
- 2 Introduction
- 3 Getting Started with toaster.yang
- 3.1 What is libtoaster?
- 3.2 Start the netconfd server
- 3.3 Start the yangcli client
- 3.4 Getting Context Sensitive Help
- 3.5 Start a NETCONF session
- 3.6 Enable Notification Delivery
- 3.7 Load the Toaster Module
- 3.8 Enable the Toaster
- 3.9 Get the Toaster State Information
- 3.10 Start Making Toast
- 3.11 Stop Making Toast
- 3.12 Close the NETCONF Session
- 4 Advanced Topics
- 5 toaster.yang
Preface
Legal Statements
Copyright 2009 - 2012, Andy Bierman, All Rights Reserved.
Copyright 2013 – 2015, Vladimir Vassilev, All Rights Reserved.
Additional Resources
This document assumes you have successfully set up the software as described in the printed document:
Other documentation includes:
There are several sources of free information and tools for use with YANG and/or NETCONF.
The following section lists the resources available at this time.
WEB Sites
- Netconf Central
- http://www.netconfcentral.org/
- Yuma Home Page
- Free information on NETCONF and YANG, tutorials, on-line YANG module validation and documentation database
- Yuma123 SourceForge open source project
- http://sourceforge.net/projects/yuma123/
- Download Yuma source and documentation
- Yang Central
- http://www.yang-central.org
- Free information and tutorials on YANG, free YANG tools for download
- NETCONF Working Group Wiki Page
- http://trac.tools.ietf.org/wg/netconf/trac/wiki
- Free information on NETCONF standardization activities and NETCONF implementations
- NETCONF WG Status Page
- http://tools.ietf.org/wg/netconf/
- IETF Internet draft status for NETCONF documents
- libsmi Home Page
- http://www.ibr.cs.tu-bs.de/projects/libsmi/
- Free tools such as smidump, to convert SMIv2 to YANG
- YumaWorks
- http://www.yumaworks.com
- Offers support, training, and consulting for Yuma.
- Offers YumaPro, a professional version of Yuma that includes concurrency, external database support, sub-agent support, multiple northbound interfaces, and more. API compatible with Yuma. Availability: September, 2012. Licensed.
- Transpacket
- http://www.transpacket.com
- Offers Linux based embedded operating system distribution which uses Yuma for configuration and monitoring.
- Offers support, training, and consulting for YANG and netconf.
Mailing Lists
- NETCONF Working Group
- http://www.ietf.org/html.charters/netconf-charter.html
- Technical issues related to the NETCONF protocol are discussed on the NETCONF WG mailing list. Refer to the instructions on the WEB page for joining the mailing list.
- NETMOD Working Group
- http://www.ietf.org/html.charters/netmod-charter.html
- Technical issues related to the YANG language and YANG data types are discussed on the NETMOD WG mailing list. Refer to the instructions on the WEB page for joining the mailing list.
Conventions Used in this Document
The following formatting conventions are used throughout this document:
Convention | Description |
---|---|
--foo | CLI parameter foo |
<foo> | XML parameter foo |
foo | yangcli command or parameter |
$FOO | Environment variable FOO |
$$foo | yangcli global variable foo |
some text |
Example command or PDU |
some text | Plain text |
Introduction
Refer to section 3 of the Yuma User Manual for a complete introduction to Yuma Tools.
This section focuses on the client and server tools within the Yuma Tools programs.
Intended Audience
This document is intended for users of the Yuma Tools NETCONF client and server programs. It covers the basic usage of the yangcli client application and the netconfd server.
What is NETCONF and YANG?
The Yuma Tools suite provides automated support for development and usage of network management information. Information is exchanged in XML encoding within a session between a client and a server.
The IETF "Network Configuration Protocol" (NETCONF) is used to provide the management sessions, operations, and database framework available on the server. The operations, notifications, and the database contents supported by a particular NETCONF server are extensible, and defined with a modular and easy-to-learn language called YANG. The database is used to contain YANG data structures which represent the configuration of the device containing the NETCONF server. This configuration can be saved in non-volatile storage so the configuration can be restored upon reboot.
The IETF "YANG Data Modeling Language" is used to define the syntax and semantics of the NETCONF operations, notification events, and database content. Machine and human readable semantics and constraints are used by YANG tools (including Yuma Tools) to automate behavior within the NETCONF protocol for clients and servers.
For people familiar with SNMP and SMIv2, NETCONF is like an XML-based, high-level version of SNMP, and a YANG module is like a MIB module, except MIB tables can be nested and much more complex than in SMIv2. Instead of Enterprise IDs and OBJECT-IDENTIFIERs, YANG uses XML namespaces and XPath path expressions to identify module ownership and contents within the protocol PDUs.
How Does an Operator Use NETCONF and YANG?
An operator uses a NETCONF session almost like it was a CLI session, except there are structured, schema-defined requests and responses, encoded in XML. YANG modules are like MIB modules for CLI content. Instead of ad-hoc unstructured documentation like CLI, NETCONF uses a data definition language to define management modules. The actual modules that a server supports will vary, just like MIB (SMIv2) modules.
The NETCONF protocol is available for many different transports. The most popular is the SSH2 protocol. The 'netconf' subsystem is used (on TCP port 830) to start a special SSH session with the NETCONF server.
Using NETCONF over SSH is just like using CLI over SSH to manage a networking device, except the messages are exchanged in XML, not plain-text. SSH user names and passwords are used for session authentication and authorization.
NETCONF is designed to provide a programmatic interface, so it is usually used with a management application, instead of a direct (raw) SSH terminal application. The yangcli program within Yuma Tools is a YANG-driven NETCONF client application that supports scripts, XPath, and many automated features to simplify management of NETCONF servers.
Once a session is started, similar to a CLI session, the operator issues commands (NETCONF operations) to the server, and the server performs each requested operation in order, and returns a status message and/or some data to the client. Notifications can also be received, if the session has requested them with the <create-subscription> operation.
When a NETCONF session starts, a <hello> message is sent by the server that has all the NETCONF capabilities and YANG modules supported by the server. Capabilities are optional protocol mechanisms, beyond those defined in the base protocol (RFC 4741). The client application knows what operations, notification events, and database contents are supported on the server, based on the information in the <hello> message.
NETCONF has a set of basic database (CRUD) operations for managing the configuration database. In addition, any YANG module can define new protocol operations and notification events.
How Does a Developer Use NETCONF and YANG?
A NETCONF server developer decides what modules need to be supported by the NETCONF server, and implements the device instrumentation code for those modules.
Much of the NETCONF protocol related code is handled by the NETCONF stack, based on the YANG module contents. Therefore, the most important task for a developer is designing a good YANG module.
After the YANG module is written, the device instrumentation code for the YANG module is then added by the developer. The code uses the Yuma API to register callbacks and access the YANG database. The 'callback code' is called from the NETCONF stack when database operation requests for the object(s) in the YANG module are received by the server.
Once this library is completed, the YANG module and its binary server instrumentation library (SIL) can be loaded into the NETCONF server at run-time. There is no need to recompile the netconfd server, or even reboot it.
Getting Started with toaster.yang
This section will demonstrate the basic operation of Yuma Tools to use a NETCONF session to manage a remote device with a YANG data model. The Yuma Tools programs and libraries must already be installed. Refer to the Yuma Tools Installation Guide if this has not yet been done.
The yangcli client program and netconfd server program do not need to be installed on the same machine. For simplicity, the server address 'localhost' is used in the examples below.
What is libtoaster?
There is a sample server instrumentation library (SIL) included, named libtoaster. This is the module-specific server instrumentation code for the management data defined in toaster.yang. This is based on the original TOASTER-MIB by Epilogue. This YANG module provides simple operations to make toast, and some simple NETCONF database objects to enable and monitor the toaster.
The new YANG version of the TOASTER-MIB is different is some ways:
- extensible YANG identities are used to identify the bread type, instead of a hard-wired enumerated list.
- protocol operations (<make-toast> and <cancel-toast>) are used instead of an 'up/down' switch within the database. NETCONF databases are intended to contain persistent data structures, and 'actions' such as starting or stopping the toaster are done with new protocol operations, instead of editing the database with the standard operations.
- A simple configuration 'presence container' object is used to enable and disable the toaster service, instead of hard-wiring the toaster service availability.
- A notification is generated when the toast is done or canceled. This notification can be used instead of polling the toaster status object.
The complete text of toaster.yang and TOASTER-MIB can be found at the end of this document.
Start the netconfd server
If the netconfd server is already running, then skip this section.
Details for all the netconfd configuration parameters can be found in the Yuma netconfd Manual.
Configuration Defaults
To keep the example simple, the default settings will be used:
- the server will accept sessions on TCP port 830
- the target database is <candidate>
- no <startup> database (mirrored NV-save)
- the <validate> operation is supported
- the access control mode is 'enforcing'
- the super user account name is 'superuser'
- the server will search startup-cfg.xml using the default search path
- the default <with-defaults> behavior is 'explicit'
- notification replay is enabled with a buffer size of 1000 events and a maximum message burst per session of 10 notifications
- the <hello> exchange timeout is 10 minutes
- the session idle timeout is 1 hour
- the default session indent amount is 2 spaces
- the default session line-size is 72 characters
- violation of strict YANG XML ordering will not cause errors
- logging level 'info' is enabled and sent to STDOUT
SSH Server
To start the NETCONF server, make sure that the sshd server is running, and the following configuration is included in /etc/ssh/sshd_config.
Port 22 Port 830 Subsystem netconf /usr/sbin/netconf-subsystem
The 'Subsystem' command may be different if netconf-subsystem has been installed in a different location than /usr/local/sbin. The 'Port 22' command is needed to make sure the SSH server will accept SSH sessions in addition to NETCONF sessions.
NETCONF Server
For this example, the superuser account needs to be enabled. This is done with a CLI parameter, and the user name 'joe' is used. Replace 'joe' with your username.
To start the netconfd server in the foreground:
mydir> /usr/sbin/netconfd --superuser=joe Starting netconfd... Copyright (c) 2009, Netconf Central, Inc., All Rights Reserved. Default startup config file (startup-cfg.xml) not found. Booting with default running configuration!
If no startup configuration is available, then the server defaults will be used instead. Any message about 'startup-cfg.xml' not found can be ignored. It just means the server booted with the factory default configuration.
To start the netconfd server in the background:
mydir> /usr/sbin/netconfd --superuser=joe --log=~/mylog & mydir>
This example shows that a logfile in the user's home directory called 'mylog' will be used for all server log messages. The '&' at the end causes the command to be run in the background.
Start the yangcli client
Once the NETCONF server is running, it will accept client sessions If running netconfd interactively on localhost, then start a new terminal window to continue.
Configuration Defaults
To keep the example simple, the default settings will be used:
- the client will attempt to start sessions on TCP port 830
- the client will attempt to automatically complete partial commands
- the command line history will be automatically loaded upon startup, and saved upon exit
- the client will attempt to automatically load any YANG modules advertised in the server <hello> message
- the client will check before using invalid parameter values
- the plain display mode will be used, with 72 characters per line
- each nest level of displayed data will be indented 2 spaces
- the XML order of messages sent to the server will be corrected, as needed
- the logging level of 'info' is set, and log messages are sent to STDOUT
- the client will wait 30 seconds for responses
Run yangcli
The yangcli program should be found in the PATH environment variable.
mydir> yangcli
If the yangcli program is not found, then try the full path:
mydir> /usr/bin/yangcli
Startup Screen
The startup screen shows the following information:
- program version and copyright
- tab key can be used for command and parameter completion
- basic help instructions
- basic statement instructions
Command Line Editing
The command lines are stored in a history buffer.
Any previous command line (except a password parameter line) can be recalled and used again.
Any command in the command buffer (current or recalled) can be edited. The default key settings are aligned with the emacs editor. Refer to the Yuma yangcli Manual for more details.
Escape Commands
Not all parameters need to be entered at one time. If yangcli needs more information, based on the initial command line, then 1 or more missing parameters will be requested, in sequence.
It is possible to get help, skip a parameter, or even cancel the entire command during one of these sub-command modes, by using an escape command. This is a 1 or 2 character command, followed by the 'enter' key (as usual to end a command).
command | description |
---|---|
?s | skip the current parameter |
?c | cancel the current command |
? | get help |
?? | get full help |
Using the '?s' command to skip a parameter may cause the <rpc> request to be invalid.
Depending on the setting of the --bad-data configuration parameter, this may or may not be allowed. The default setting is to warn and confirm. This configuration parameter also affects parameter values that are invalid according to the YANG module definition.
Getting Context Sensitive Help
The yangcli program provides context-sensitive help based on the current NETCONF session status and the set of YANG modules currently loaded.
When a NETCONF session is active, the set of modules advertised in the <hello> message by the server will be used to generate help text, if available. The 'mgrload' command can be used to force yangcli to use different or additional YANG modules.
If the yangcli program does not have the advertised revision of a particular module available in the module search path, and the NETCONF server supports the standard <get-schema> operation, then the module will be retrieved from the server, and used just for that session.
If any features or deviations are advertised for a YANG module, then they will be applied to the modules used just for the current session. The help text and the error checking done for the module will be based on this 'patched' module, not the 'plain' module specified in the capability URI string.
Tab Key for Command Completion
The 'tab' key can be used at any time to see a list of the possible completions that the command interpreter will accept. The list will be displayed for command names and some command parameters.
When a NETCONF session is active, all the NETCONF operations will be available. Additional commands may also be available if the server advertised any YANG modules containing 'rpc' statements.
The '?' and '??' Escape Sequences
If a partial command is entered, or if a data structure is being filled, then the help escape sequences are available to get help about that parameter or data node. Use one question mark for help, and two question marks for maximum help.
sequence | description |
---|---|
? | Print some help text, but not description statements and some other information. |
?? | Print maximum help text. |
The following example shows the help text for the 'user' parameter for the 'connect' operation:
yangcli> connect Enter string value for leaf <user> yangcli:connect> ? leaf user [NcxUserName] length: 1..63 pattern: [a-z,A-Z][a-z,A-Z,0-9,\-,_,\.]{0,62} Enter string value for leaf <user> yangcli:connect>
The type of object, its name, data type, and any restrictions, will be printed.
After that, the previous prompt will be redisplayed.
The 'help' Command
The help command can be used to display all kinds of information about the yangcli program and the YANG data module contents in use at the time.
command | description |
---|---|
help <comand-name>help command <command-name> | Display help for the specified yangcli command or YANG rpc statement. |
help commands | Display help text for all commands. |
help object <object-name> | Display help text for a YANG database top-level object (only if its module is available). |
help notification <notification-name> | Display help text for a YANG notification event (only if its module is available). |
help type <type-name> | Display help text for an exported YANG data type (only if its module is available). |
Each of the help command variants also accepts a 'help-mode' parameter to control how much help text is displayed:
mode | description |
---|---|
--brief | Display minimal help text. |
--normal | Display a lot, but not always all the help text available (default mode). |
--full | Display all available help text, including description statements. |
The following table shows some valid help commands:
command | description |
---|---|
help help | Get normal help for the help command. |
help commands brief | Get a 1 line description of each command. |
help object system full | Get all available help for the /system container and all its descendant nodes. |
help type NcxIdentifier | Get summary and description of the data type called 'NcxIdentifier'. |
help notification sysSessionStart | Get a summary of the 'sysSessionStart' notification, and each of objects in its payload. |
Start a NETCONF session
Each yangcli program instance can run 1 NETCONF session at a time.
If no session is currently active, then the prompt will contain just the program name, indicating that the 'connect' command is available:
yangcli>
The connect Command
The 'connect' command is used to start a NETCONF session.
There are 3 mandatory parameters for this command:
- user: the system (or SSH) user name to use
- server: the IP address or DNS name of the NETCONF server to use
- password: the password string to use
Make sure you have a user name and password already configured on the NETCONF server.
If a partial command is given, then yangcli will prompt for any missing mandatory parameters. In this example, the complete command is given at once:
yangcli> connect server=localhost user=joe password=yangrocks
After this command is entered, yangcli will generate some informational log messages to the screen.
If the session is started successfully, a summary of the server session capabilities and available modules should be displayed. Also, the command prompt will change to indicate that a NETCONF session is currently active.
yangcli joe@localhost>
At this point any command supported by the server can be entered, in addition to any yangcli command (except 'connect').
Fixing Connection Problems
If the session did not start correctly, check the error messages to fix the problem. Some common problems:
- Make sure the netconfd program is running.
- Make sure the netconf-subsystem program is properly installed.
- Check if the SSH configuration contains the portion for NETCONF.
- If the SSH configuration looks correct, then try restarting the SSH server to make sure that configuration file is the one being used.
- If the SSH server seems to be running correctly, then check if any firewall or other security mechanism is blocking TCP port 830. If so, either enable TCP port 830, or enable port 22 on the NETCONF server (by restarting the server), and include 'port=22' in the 'connect' command parameters.
- If no firewall or other security measure is blocking TCP port 830, try to establish a normal SSH session with the server.
- If a normal SSH session works correctly, then check the log messages on the NETCONF server for more information.
Enable Notification Delivery
In order to receive the 'toastDone' notification event, a notification subscription has to be enabled.
A default NETCONF notification stream can be started with the 'create-subscription' command:
yangcli joe@localhost> create-subscription RPC OK Reply 2 for session 1: yangcli joe@localhost>
Depending on other activity within the NETCONF server, it is possible other notification events, such as 'sysSessionStart' or 'sysSessionEnd' will be generated. Notifications are displayed in their entirety, but not during 'rpc reply output'. If a command is being entered, the notification will be displayed, and then the command line restored.
Load the Toaster Module
The toaster module is not a core system module, and is not available automatically.
The module has to be explicitly loaded by the NETCONF client.
To load the server-supported version of the toaster module, use the 'load' command:
yangcli joe@localhost> load toaster RPC Data Reply 2 for session 1: rpc-reply { mod-revision 2009-11-20 } Incoming notification: notification { eventTime 2009-12-28T00:44:45Z sysCapabilityChange { changed-by { userName joe sessionId 1 remoteHost 127.0.0.1 } added-capability http://netconfcentral.com/ns/toaster?module=toaster&revision=2009-11-20 } sequence-id 3 } yangcli joe@localhost>
If the module was successfully loaded, then a data response will be sent, containing the revision date of the toaster module that was loaded. This response will be returned even if the module was already loaded.
Note that the 'sysCapabilityChange' notification event will only be sent if the module has not already been loaded into the server. In this case, it was not advertised in the <hello> message for this session, and the toaster module needs to be loaded manually into yangcli with the 'mgrload' command:
yangcli joe@localhost> mgrload toaster Load module 'toaster' OK yangcli joe@localhost>
Enable the Toaster
Try to make some toast, using the 'make-toast' command:
yangcli joe@localhost> make-toast RPC Error Reply 4 for session 1: rpc-reply { rpc-error { error-type protocol error-tag resource-denied error-severity error error-app-tag no-access error-message 'resource denied' error-info { error-number 269 } } } yangcli joe@localhost>
What happened?
A 'resource-denied' error was returned instead of 'OK', because the toaster service is not enabled yet. A node has to be created in the NETCONF database before the 'make-toast' command can be used.
Lock the Databases
The first step is to lock the NETCONF databases for writing. Locks do not affect read operations.
The yangcli program has a high-level command to deal with locking, called 'get-locks'. It will handle retries for any missing locks, until an overall timeout occurs or all the locks needed are acquired.
yangcli joe@localhost> get-locks Sending <lock> operations for get-locks... get-locks finished OK yangcli joe@localhost>
Create the toaster Container
The toaster module uses a simple YANG 'presence' container to configure the toaster service.
Once the /toaster container is created, the read-only nodes within that container will be maintained by the server, and the toaster service will be enabled.
The first step is to create the /toaster node in the <candidate> configuration database:
yangcli joe@localhost> create /toaster Filling container /toaster: RPC OK Reply 5 for session 1: yangcli joe@localhost>
Now the /toaster node is created in the <candidate> database.
Commit the Database Changes
In order to activate these changes, the 'commit' command needs to be issued.
yangcli joe@localhost> commit RPC OK Reply 6 for session 1: Incoming notification: notification { eventTime 2009-12-28T00:59:58Z sysConfigChange { userName joe sessionId 1 remoteHost 127.0.0.1 edit { target /toast:toaster operation create } } sequence-id 4 }
The 'RPC OK' message indicate that the server successfully commited the configuration.
The 'sysConfigChange' notification indicates what was changed in the running configuration, and who made the change(s).
The toaster server should now be enabled.
Unlock the Databases
The database locks need to be released as soon as possible after the edits are completed or discarded.
The high-level command 'release-locks' must be used if 'get-locks' was used to acquire the database locks.
yangcli joe@localhost> release-locks Sending <unlock> operations for release-locks... yangcli joe@localhost>
Get the Toaster State Information
To discover the toaster model and its current status, the 'sget' or 'xget' commands can be used to retrieve just the toaster portion of the conceptual state data available on the server.
The 'sget' command is high-level subtree filter handler for the <get> operation:
yangcli joe@localhost> sget /toaster
The 'xget' command is high-level XPath filter handler for the <get> operation. It is only available if the NETCONF server supports the :xpath capability (like netconfd).
yangcli joe@localhost> xget /toaster
Both commands should return the same data:
Filling container /toaster: RPC Data Reply 7 for session 1: rpc-reply { data { toaster { toasterManufacturer 'Acme, Inc.' toasterModelNumber 'Super Toastamatic 2000' toasterStatus up } } }
This data shows that the 'Super Toastamatic 2000' is ready to make toast!
Start Making Toast
Now that the toaster is enabled, the 'make-toast' command should work.
Instead of using the default parameter values, let's make a frozen waffle a little less done than normal:
yangcli joe@localhost> make-toast toasterDoneness=4 toasterToastType=toast:frozen-waffle RPC OK Reply 8 for session 1:
At this point the toaster timer is running, and the simulated waffle is cooking,
After about 40 seconds, the 'toastDone' notification should be received:
Incoming notification: notification { eventTime 2009-12-29T01:20:05Z toastDone { toastStatus done } sequence-id 5 }
This 'toastDone' event shows that the toast was completed, and is ready to eat.
Stop Making Toast
What if you change your mind, and want wheat toast instead of a waffle?
Repeat the previous command (Control-P should recall the previous command):
yangcli joe@localhost> make-toast toasterDoneness=4 toasterToastType=toast:frozen-waffle RPC OK Reply 9 for session 1:
Now enter the 'cancel-toast' command right away, before the waffle finishes:
yangcli joe@localhost> cancel-toast RPC OK Reply 10 for session 1: Incoming notification: notification { eventTime 2009-12-29T01:24:36Z toastDone { toastStatus cancelled } sequence-id 6 }
This 'toastDone' event shows that the toast was cancelled.
Close the NETCONF Session
To close the NETCONF session, use the 'close-session' command:
yangcli joe@localhost> close-session RPC OK Reply 11 for session 1: ses: session 1 shut by remote peer yangcli>
Note that the prompt returned to the default form, once the session was dropped by the NETCONF server.
The terminate the yangcli program, use the 'quit' command:
yangcli> quit mydir>
Advanced Topics
This section introduces some advanced features of the NETCONF protocol and YANG data modeling language.
Data Retrieval
Basic NETCONF Retrieval Operations
The NETCONF protocol has 2 different retrieval operations:
- <get>: get state data and the running configuration database.
- <get-config>: get just the specified configuration database.
Each of these operations accepts a <filter> parameter, which has 2 forms:
- subtree filter: retrieve just the subtrees in the database that match the XML subtrees in the filter.
- XPath filter: retrieve just the subtrees that match the result node set produced by evaluating the specified XPath expression against the database. This mode cannot be used unless the :xpath capability must be advertised by the server.
The yangcli program supports 3 different forms of each command:
- plain: plain NETCONF operation with user-supplied filter
- subtree: XPath path expression or user variable is converted to XML for the <filter> parameter subtree XML.
- xpath: XPath path expression or user variable is converted to XML for the <filter> parameter 'select' XML attribute
command | description | example |
---|---|---|
get | plain <get> operation | get with-defaults=trim |
get-config | plain <get-config> operation | get-config source=candidate |
sget | <get> with a subtree filter | sget /system |
sget-config | <get-config> with a subtree filter | sget-config source=running /nacm/rules |
xget | <get> with an XPath filter | xget "/interfaces-state/interface/statistics" |
xget-config | <get-config> with an XPath filter | xget-config source=candidate "/interface[name='eth0']" |
The retrieval commands return an element named <data> containing the requested XML subtrees.
If any identifier nodes (YANG key leafs) are needed to distinguish the data in the reply, they will be added as needed by the server. In the 'xget' example above, the <name> element for each interface would be returned, even though it was not directly requested by the XPath expression.
Default Value Filtering
The data will also be filtered according to the defaults handling behavior of the server, unless the <with-defaults> parameter is added to the command. This parameter is only supported if the server advertised the 'with-defaults' capability, If not, the client does not get any indication from the server what type of defaults filtering is being done (if any).
There are 3 types of defaults filtering provided:
- report-all: no filtering -- return all nodes even those the server might normally suppress because they are considerer to be default values by the server.
- trim: return all nodes except skip any leaf nodes that match the schema defined default value
- explicit: return all nodes that were set by the client or the server to some value, even if the value happens to be the schema defined default. This is normally the default behavior for the netconfd server.
The defaults handling behavior can be changed just for a specific NETCONF session, using the <set-my-session> operation. This is only available on the netconfd server.
yangcli joe@localhost> set-my-session with-defaults=report-all RPC OK Reply 12 for session 1: yangcli joe@localhost>
In this example, the 'basic' behavior is changed from 'explicit' to 'report-all', but just for session 1. This setting is temporary, and will not be remembered when the session is terminated. If the <with-defaults> parameter is present, it will be used instead of this value.
Special Retrieval Operations
Any YANG module can add new operations with the 'rpc' statement.
New retrieval operations may also be added which are associated with a protocol capability.
Just like any other data model content, the operator (or application) needs to understand the YANG file definitions, including the description statements, to understand how each custom retrieval operation works.
There are 2 custom retrieval operations supported by netconfd:
operation | description |
---|---|
get-schema | Retrieve the YANG or YIN source file for one of the modules advertised by the server.This is a standard operation defined in the ietf-netconf-monitoring module. |
get-my-session | Retrieve the customizable settings for my session. This is a proprietary operation defined in the yuma-my-session module. |
Notifications
Notifications are used in NETCONF to send server event information to the client application.
A session must request notifications with the 'create-subscription' command.
Notifications are grouped into 'streams', but only the 'NETCONF' stream is defined at this time.
A notification subscription request specifies the stream name (and perhaps more parameters).
A NETCONF session on the netconfd server will never expire due to inactivity, while a notification subscription is active. This allows notification processing applications to maintain long-lived connections without worrying about a NETCONF timeout. Note that the SSH server may also be configured to drop idle SSH sessions, whether a notification subscription is active or not.
Notification Contents
The 'notification' element is sent from the server to the client, if an event occurs, and the client has created a notification subscription.
The child nodes of this element comprise the notification content, and it is divided into 3 sections:
- event generation time-stamp: This standard NETCONF leaf is always the first child element within the notification element.
- event payload: The module-specific event payload is represented as a container with the name of the notification. Any data nodes defined within the YANG notification statement appear (in order) as child nodes of the event type container.
- proprietary extensions: Zero or more vendor-specific elements may appear after the event payload element. For example, the monotonically increasing 'sequence-id' element is added to each notification saved in the netconfd event log.
Notification Replay
The NETCONF server will maintain an ordered buffer of saved notification events, if the :notification-replay capability is supported by the server. For the netconfd server, this is a configurable feature, set by the --eventlog-size parameter.
The netconfd default is to save the most recent 1000 notification events.
Only system events are saved and are available for retrieval. The 'replayComplete' and 'subscriptionComplete' events are session-specific events, and are therefore not saved in the replay buffer.
The 'create-subscription' command has 2 parameters to request that stored notifications be delivered to the client session:
- startTime: the date (or date-and-time) to compare against the event generation time-stamp. Only notification events that occurred after this time are delivered.
- stopTime: the date (or date-and-time) to compare against the event generation time-stamp. Only notification events that occurred before this time are delivered. This parameter can specify a time in the future. When that time has passed, the subscription will be terminated. The stopTime does not cause the server to wait that period of time to generate an event. If the stopTime is in the past, then the subscription will terminate after all the matching event timestamps in the replay buffer have been delivered.
Notifications are delivered in the order they are stored. Each new netconfd notification contains a monotonically increasing sequence-id (unsigned integer). This can be used to help determine if any configured notification filters are working as expected.
The interleave capability
The netconfd server supports the :interleave capability, which means that all commands (except create-subscription) will be accepted by the server. The client should expect <rpc-reply> and <notification> messages. The server will always maintain proper message serialization. These messages will always be sent in their entirety, which may impact applications (e.g., a really long <get> response on the same session will delay notification delivery).
If the NETCONF server does not support the :interleave capability, then it may only allow the <close-session> operation while the notification subscription is active. In this case, a new NETCONF session is required to perform any management operations.
This special mode is only applicable while a notification subscription is active. It is possible for a replay subscription to terminate, without terminating the session as well. In this case, the 'notificationComplete' event will be generated, and the session will return to accepting all possible operations.
Database Editing
NETCONF supports multiple conceptual configuration databases. Only the 'running' database is actually active. All other databases are scratch-pad databases, or some other special-purpose off-line database.
Every NETCONF server must allow arbitrary partial (and concurrent) editing to its configuration with the <edit-config> operation. Refer to the Yuma Tools User Manual for complete details on this NETCONF operation. The yangcli program has simplified editing commands, which are explained below.
The <config> element within an <edit-config> PDU represents the 'root node' (/) in the path expression for each node in the conceptual database. Each top-level YANG object that is supported and configured will be represented as child nodes to this root node. The conceptual database can be processed as an XML instance document with multiple top nodes (similar to XSLT rules).
Database editing in NETCONF has several variants, but basically, it follows this simple procedure:
- Lock the database(s) that will be affected.
- Use <edit-config> or <copy-config> on the target database to make changes.
- Activate and save/commit the database edits.
- Unlock the database(s) that were previously locked.
The Target Database
Usually a NETCONF server supports the <edit-config> operation on only one database, which is either the candidate or the running database. This is called the 'target' database, which corresponds to the <target> parameter in the <edit-config> operation.
If the target database is the candidate configuration, then the <edit-config> operation does not always cause all possible database validation checking to be done by the server. Since the candidate database is just a scratch-pad for (possibly) incremental edits, the server is not required to completely validate its contents. Instead, these 'final validation' tests are only required to be done when the <commit> operation is invoked.
The yangcli program will automatically handle the target database management, based on the server capabilities reported each session, if the 'save' command is used. The manual procedure (<commit> and/or maybe <copy-config> operations) is also supported, but do not mix them within the same editing session.
Database Locking
NETCONF supports database locking so a session can have exclusive write access to the configuration.
These locks are intended to be short-lived, but there is no actual time limit on a lock. If the session terminates for any reason with any locks, they will be released automatically by the server.
All the databases that are involved in the edit should be locked. This always includes the running database, and the candidate and startup databases, if they are supported by the server.
The yangcli program has 2 special commands to handle all locking:
- get-locks: Wait until all database locks have been acquired or the timeout occurs
- release-locks: Rlease any locks that were obtained with get-locks
Refer to the Yuma Tools User Manual for more details on these commands.
Non-Volatile Storage
The startup configuration is the conceptual database used on the next reboot of the NETCONF server. It is important to know whether the NETCONF server supports the :startup capability or not. If yes, then the operator must explicitly save the running database to non-volatile storage (the startup database), using the <copy-config> operation. If no, then the server will keep the running and startup databases synchronized.
The yangcli program has a high-level 'save' command, used after the editing operations, that will automatically issue the correct protocol operations to complete the edit, and save the changes in non-volatile storage.
The startup database is configurable in the netconfd server. The --with-startup configuration parameter controls whether the startup database will be used or not. The --startup parameter can be used to control the initial load of the running configuration in 3 different ways:
- no startup: skip this step and just use factory defaults
- default startup: look for the default startup-cfg.xml file in the configured data path.
- specific startup: use a specified file, either absolute file-spec, or a relative path in the configured data path
Refer to the Yuma Tools User Manual for more details on controlling non-volatile storage.
Editing Commands
The <edit-config> operation should be used to make configuration changes. The <copy-config> operation can also be used, but this is a blunt hammer approach. Although the netconfd server will always analyze the edit request and only affect the nodes that actually changed, this is not a requirement in the standard.
The <edit-config> operation allows the operator to have precise control of the server. These database edits are performed by the server using a combination of 3 factors:
- The nodes that currently exist in the target database.
- The nodes that exist in the 'source' of the edits (either the inline <config> element or indirectly through the <url> element.
- The <default-operation> parameter and any XML attributes in the source XML elements (nc:operation attribute and YANG insert operation attributes).
The yangcli program provides some high-level commands to automatically handle the complexity of the <edit-config> operation. These commands use XPath expressions and a series of interactive prompts (e.g., for the mandatory nodes and key leafs) to fill in the specified data structures, and construct an optimized NETCONF message.
create | Create a new sub-tree, only if it does not already exist |
delete | Delete an existing sub-tree, only if it exists |
merge | Merge the source sub-tree into the target sub-tree, keeping any existing nodes that are not explicitly contained in the source. |
replace | Merge the source sub-tree into the target sub-tree, deleting any existing nodes that are not explicitly contained in the source. This is the mode used for the <copy-config> operation. |
insert | Insert or move a YANG list or leaf-list entry |
Refer to the Yuma Tools User Manual for details on these commands.
Access Control
The netconfd server can be configured to give precise access rights to each user (the SSH user name associated with the NETCONF session). Some important points to remember about access control:
- There are 3 types of access -- read, write, and execute.
- If a user does not have read access to some data, then it is silently omitted from the reply.
- The 'access-denied' error is not generated for read requests. It is only generated for write requests to the database, or <rpc> operation execution requests.
- An access request results in 1 of 2 outcomes: permit or deny
- The server resolves the access request by searching the access control rules. Either an explicit rule will apply, or the default access rights will be checked if no rule is found.
- The default access rights are configurable, but usually set as follows:
- read access is permitted
- write access is denied
- exec access is permitted
- The nacm:secure and nacm:very-secure extensions can be used by the YANG module author to override the default access rights, and deny access instead. For example, the <reboot> operation is not permitted by default.
- There is a configurable 'superuser' user name. If desired, a specific user name will be considered the 'super user' and all access control will be bypassed for this user. By default, this is the name 'superuser', not 'root', since root login to the SSH server is not recommended.
Variables
The yangcli program supports variables for easier reuse and script-based operations.
There are 2 types of variables:
- file variables: the variable name is a file name, and the contents of the variable are stored in this file.
- internal variables: the variable name is just an internal identifier, and the contents of the variable are stored in memory
Variables are set with assignment statements. Here are some examples:
yangcli joe@localhost> $$backup = get-config source=running yangcli joe@localhost> $$bad-data = "warn" yangcli joe@localhost> $itf = "//interface[name='eth0']"
Note that in order to assign a string value (e.g., $$bad-data = "warn" above), single or double quotes must be used. An unquoted string will be interpreted as a command name, not a simple string value.
Variables are referenced in a similar manner, except the variable is on the right-hand side of the equation. These commands are equivalent in this example:
yangcli joe@localhost> @myfile.xml = xget select=$itf yangcli joe@localhost> @myfile.xml = xget //interface[name='eth0']
Complex variable substitution is also supported:
yangcli joe@localhost> copy-config source=$$backup target=candidate
Note that yangcli will attempt to figure out the structure of the parameter (e.g., 'source' and 'target' above), and adjust the NETCONF operation content. In the example above, since 'source' and 'target' are choices, the real nodes within the cases are examined, and the most appropriate case is selected. The 'source' parameter will contain an in-line <config> element with all the child nodes in the $$backup variable, and the target parameter will contain an empty element named <candidate>.
There are several types of internal variables available in the yangcli program:
- read-only system variables ($$USER)
- read-write system variables ($$default-operation)
- global user variables, available at all 'runstack' levels ($$backup)
- local user variables available in the current 'runstack' level only ($itf)
The command 'show vars' can be used to see the current value of all program variables:
yangcli andy@localhost> show vars No CLI variables Read-only system variables HOME /home/joe HOSTNAME LANG en_US.UTF-8 PWD /home/joe SHELL /bin/bash USER joe YUMA_DATAPATH YUMA_HOME YUMA_MODPATH YUMA_RUNPATH Read-write system variables autocomp true autoload true bad-data check default-module default-operation none display-mode plain error-option none fixorder true log-level info optional false server test-option none timeout 30 user joe with-defaults none No global variables No local variables yangcli joe@localhost>
Scripts
Scripts are simply a collection of yangcli commands and/or assignment statements that are stored in a text file, instead of typed directly. Scripts can call other scripts (except loops are not allowed), and numbered parameters are available (e.g., --P1='fred' passed as parameter, the $1 expands to 'fred' inside the script).
The $YUMA_RUNPATH environment variable, or the --runpath configuration variable, can be used to set the directory path to look for script files. There is also a default path for finding files, explained in the Yuma Tools User Manual.
The command 'list scripts' can be used to show the potential script file available in the run path.
The command 'run foo' is used to invoke a script named 'foo' (with no file extension).
If a command fails during a script, execution is halted right away and no more commands in the script are executed. If 'get-locks' was used, then any locks obtained will be automatically released. All script runstack levels will be canceled, not just the current script.
Script syntax will be expanded in a future release to provide loops and conditional statements.
toaster.yang
The toaster.yang module is included here for reference.
module toaster { namespace "http://netconfcentral.org/ns/toaster"; prefix "toast"; organization "Netconf Central"; contact "Andy Bierman <andy@netconfcentral.org>"; description "YANG version of the TOASTER-MIB."; revision 2009-11-20 { description "Toaster module in progress."; } identity toast-type { description "Base for all bread types supported by the toaster. New bread types not listed here nay be added in the future."; } identity white-bread { description "White bread."; base toast:toast-type; } identity wheat-bread { description "Wheat bread."; base toast-type; } identity wonder-bread { description "Wonder bread."; base toast-type; } identity frozen-waffle { description "Frozen waffle."; base toast-type; } identity frozen-bagel { description "Frozen bagel."; base toast-type; } identity hash-brown { description "Hash browned potatos."; base toast-type; } typedef DisplayString { description "YANG version of the SMIv2 DisplayString TEXTUAL-CONVENTION."; reference "RFC 2579, section 2."; type string { length "0 .. 255"; } } container toaster { presence "Indicates the toaster service is available"; description "Top-level container for all toaster database objects."; leaf toasterManufacturer { type DisplayString; config false; mandatory true; description "The name of the toaster's manufacturer. For instance, Microsoft Toaster."; } leaf toasterModelNumber { type DisplayString; config false; mandatory true; description "The name of the toaster's model. For instance, Radiant Automatic."; } leaf toasterStatus { type enumeration { enum up { value 1; description "The toaster knob position is up. No toast is being made now."; } enum down { value 2; description "The toaster knob position is down. Toast is being made now."; } } config false; mandatory true; description "This variable indicates the current state of the toaster."; } } rpc make-toast { description "Make some toast. The toastDone notification will be sent when the toast is finished. An 'in-use' error will be returned if toast is already being made. A 'resource-denied' error will be returned if the toaster service is disabled."; input { leaf toasterDoneness { type uint32 { range "1 .. 10"; } default 5; description "This variable controls how well-done is the ensuing toast. It should be on a scale of 1 to 10. Toast made at 10 generally is considered unfit for human consumption; toast made at 1 is warmed lightly."; } leaf toasterToastType { type identityref { base toast:toast-type; } default toast:wheat-bread; description "This variable informs the toaster of the type of material that is being toasted. The toaster uses this information, combined with toasterDoneness, to compute for how long the material must be toasted to achieve the required doneness."; } } } rpc cancel-toast { description "Stop making toast, if any is being made. A 'resource-denied' error will be returned if the toaster service is disabled."; } notification toastDone { description "Indicates that the toast in progress has completed."; leaf toastStatus { description "Indicates the final toast status"; type enumeration { enum done { description "The toast is done."; } enum cancelled { description "The toast was cancelled."; } enum error { description "The toaster service was disabled or the toaster is broken."; } } } } /************************************************************* Original TOASTER-MIB TOASTER-MIB DEFINITIONS ::= BEGIN IMPORTS enterprises FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212 DisplayString FROM RFC-1213; epilogue OBJECT IDENTIFIER ::= {enterprises 12} toaster OBJECT IDENTIFIER ::= {epilogue 2} toasterManufacturer OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "The name of the toaster's manufacturer. For instance, Microsoft Toaster." ::= {toaster 1} toasterModelNumber OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "The name of the toaster's model. For instance, Radiant Automatic." ::= {toaster 2} toasterControl OBJECT-TYPE SYNTAX INTEGER {up (1), down (2)} ACCESS read-write STATUS mandatory DESCRIPTION "This variable controls the current state of the toaster. To begin toasting, set it to down (2). To abort toasting (perhaps in the event of an emergency), set it to up (2)." ::= {toaster 3} toasterDoneness OBJECT-TYPE SYNTAX INTEGER (1..10) ACCESS read-write STATUS mandatory DESCRIPTION "This variable controls how well-done is the ensuing toast. It should be on a scale of 1 to 10. Toast made at 10 generally is considered unfit for human consumption; toast made at 1 is warmed lightly." ::= {toaster 4} toasterToastType OBJECT-TYPE SYNTAX INTEGER { white-bread (1), wheat-bread (2), wonder-bread (3), frozen-waffle (4), frozen-bagel (5), hash-brown (6), other (7) } ACCESS read-write STATUS mandatory DESCRIPTION "This variable informs the toaster of the type of material that is being toasted. The toaster uses this information, combined with toasterToastDoneness, to compute for how long the material must be toasted to achieve the required doneness." ::= {toaster 5} END *************************************************************/ }