Re: [netmod] YANG 1.1 Y12 (initialized-by-system)
"Sterne, Jason (Jason)" <jason.sterne@alcatel-lucent.com> Thu, 18 September 2014 21:08 UTC
Return-Path: <jason.sterne@alcatel-lucent.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E24EC1A88A9 for <netmod@ietfa.amsl.com>; Thu, 18 Sep 2014 14:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.552
X-Spam-Level:
X-Spam-Status: No, score=-3.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.652] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sJwuNC_Sy6ds for <netmod@ietfa.amsl.com>; Thu, 18 Sep 2014 14:08:28 -0700 (PDT)
Received: from smtp-us.alcatel-lucent.com (us-hpswa-esg-01.alcatel-lucent.com [135.245.18.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB06E1A8929 for <netmod@ietf.org>; Thu, 18 Sep 2014 14:08:28 -0700 (PDT)
Received: from us70tusmtp1.zam.alcatel-lucent.com (unknown [135.5.2.63]) by Websense Email Security Gateway with ESMTPS id 86FC2E41C01B9; Thu, 18 Sep 2014 21:08:23 +0000 (GMT)
Received: from US70UWXCHHUB01.zam.alcatel-lucent.com (us70uwxchhub01.zam.alcatel-lucent.com [135.5.2.48]) by us70tusmtp1.zam.alcatel-lucent.com (GMO) with ESMTP id s8IL8Qqv008818 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 18 Sep 2014 17:08:26 -0400
Received: from US70TWXCHMBA11.zam.alcatel-lucent.com ([169.254.5.186]) by US70UWXCHHUB01.zam.alcatel-lucent.com ([135.5.2.48]) with mapi id 14.03.0195.001; Thu, 18 Sep 2014 17:08:26 -0400
From: "Sterne, Jason (Jason)" <jason.sterne@alcatel-lucent.com>
To: Ladislav Lhotka <lhotka@nic.cz>, Balazs Lengyel <balazs.lengyel@ericsson.com>
Thread-Topic: [netmod] YANG 1.1 Y12 (initialized-by-system)
Thread-Index: Ac/MY97+sqNJWhnwQHW0OUsseK+t2QAK+SKAABfXXgAAAQrhgAGjQ+XA
Date: Thu, 18 Sep 2014 21:08:25 +0000
Message-ID: <A125E53CE190A749957C19483DC79F9F5C946F47@US70TWXCHMBA11.zam.alcatel-lucent.com>
References: <A125E53CE190A749957C19483DC79F9F5C940D1D@US70TWXCHMBA11.zam.alcatel-lucent.com> <20140909.224005.02423221.mbj@tail-f.com> <541005A4.50209@ericsson.com> <9D8CC12B-E4CE-4A4E-9830-D7B372FF7F47@nic.cz>
In-Reply-To: <9D8CC12B-E4CE-4A4E-9830-D7B372FF7F47@nic.cz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.5.27.17]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/LedxvORqFC36kc7QQHY9pnFU6C0
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] YANG 1.1 Y12 (initialized-by-system)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Sep 2014 21:08:31 -0000
Hi guys, I can't immediately see how initialized-by-system is more complicated or unclear than its use with a leaf-list but I may be missing something. It would be a statement that simply tells the client that they should read the list to find pre-populated entries. WRT Martin's comment when I mentioned a system created 'admin' user and 'system' interface: "This is already possible today. Most systems come with some kind of factory default config. When a client connects the very first time, it cannot assume that the config is empty." That is true but doesn't the same argument hold for the use of initialized-by-system for leafs and leaf-lists ? You don't *need* initialized-by-system for leafs, leaf-lists or lists but it is useful to know what areas might have pre-populated config. I agree the system-controlled interfaces in RFC 7223 are a bit different than this initialized-by-system concept in Y12. System-controlled (RFC 7223) is simply operational data (not part of the config ds). There is also a need to handle items that are initialized by the system but are also considered part of the config datastore. Some of these items can be deleted by the operator (e.g. for security they don't want the pre-populated 'admin' user). Deletion of these entries can be done with an <edit-config> operation='delete' but things get a little difficult when you support a startup datastore. When you delete the pre-initialized "admin" user in the running config, and then copy the running config to the startup config, how do you indicate in the startup config that the router should remove the "admin" user during startup ? I can't see how to model that with netconf/yang (i.e. what would a <get-config> of that list look like for the "admin" user ? Absence of the user would not suppress the user during bootup). Some more comments below. Regards, Jason -----Original Message----- From: Ladislav Lhotka [mailto:lhotka@nic.cz] Sent: Wednesday, September 10, 2014 4:33 AM To: Balazs Lengyel Cc: Martin Björklund; Sterne, Jason (Jason); netmod@ietf.org Subject: Re: [netmod] YANG 1.1 Y12 (initialized-by-system) On 10 Sep 2014, at 10:02, Balazs Lengyel <balazs.lengyel@ericsson.com> wrote: > Hello, > IMHO initialized by system would be just as useful for lists as well. > > In Ericsson a big number of lists (managed objects) are created by the system. It is usually forbidden to remove these system created lists, but sometimes allowed. If it is forbidden, then it really looks like system-controlled list entries: http://tools.ietf.org/html/draft-ietf-netmod-routing-cfg-15#section-4.1 I think that letting the system (perhaps on behalf of other protocols like DHCP or HNCP) write to NETCONF datastores should not be considered normal. What if the datastore is locked when the write is supposed to happen? [>>JS] I don't think of it as a "NETCONF datastore". It is the system datastore and NETCONF is one protocol used to access and change it. Other interfaces may also change it (SNMP, CLI). Some interfaces like DHCP may affect behavior of the node and have saved state that isn't considered "config" and in that case it wouldn't be in the datastore (but may be in some ephemeral ds). I don't think we should get too deep into ephemeral datastores in this email thread but going back to the original point -> the system may need to write to the config datastore (especially during system initialization). That's also why I think we need to develop the concept of a separate operational datastore. The system could write there anytime without interfering with NETCONF datastores. [>>JS] Are you thinking the operator could do an <edit-config> on that "operational" datastore ? There may be a need to allow an operator to delete some of these system initialized objects. > We also have such items under user created lists: if the user creates the upper level list, then the system will automatically create the lower level ones. > E.g. HW can be detected by the system and the relevant list-entries created, while some leafs for the HW will be user settable. All this is covered by system-controlled list entries. [>>JS] Agreed if the entries can't be deleted or modified by an operator > > Why doesn't this apply to candidate? Actually, yes. If the system writes something only into running, then the client who happens to be editing candidate may not be able to perform commit anymore due to restricted access to the system-written data. Lada > regards Balazs > > > On 2014-09-09 22:40, Martin Bjorklund wrote: >>> Was there any previous discussion about having the >>> initialized-by-system concept somehow applying to lists (i.e. >>> indicating that the system might initialize some list instances/entries)? >> IIRC everyone agreed that this was not needed. Unclear use cases, >> and unclear how it would work. >> >> /martin > > -- > Balazs Lengyel Ericsson Hungary Ltd. > Senior Specialist > ECN: 831 7320 Tel: +36-1-437-7320 > Mobile: +36-70-330-7909 email: Balazs.Lengyel@ericsson.com > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod -- Ladislav Lhotka, CZ.NIC Labs PGP Key ID: E74E8C0C
- [netmod] YANG 1.1 Y12 (initialized-by-system) Sterne, Jason (Jason)
- Re: [netmod] YANG 1.1 Y12 (initialized-by-system) Martin Bjorklund
- Re: [netmod] YANG 1.1 Y12 (initialized-by-system) Ladislav Lhotka
- Re: [netmod] YANG 1.1 Y12 (initialized-by-system) Balazs Lengyel
- Re: [netmod] YANG 1.1 Y12 (initialized-by-system) Ladislav Lhotka
- Re: [netmod] YANG 1.1 Y12 (initialized-by-system) Sterne, Jason (Jason)
- Re: [netmod] YANG 1.1 Y12 (initialized-by-system) Martin Bjorklund
- Re: [netmod] YANG 1.1 Y12 (initialized-by-system) Sterne, Jason (Jason)
- [netmod] clear-text vs hashed values Sterne, Jason (Jason)