1 module org-openroadm-manifest-file {
2 namespace "http://org/openroadm/manifest-file";
3 prefix org-openroadm-manifest-file;
10 "YANG definitions of sw-manifest-file
12 Copyright of the Members of the Open ROADM MSA Agreement dated (c) 2017,
13 All other rights reserved.
15 Redistribution and use in source and binary forms, with or without modification,
16 are permitted provided that the following conditions are met:
18 * Redistributions of source code must retain the above copyright notice, this
19 list of conditions and the following disclaimer.
20 * Redistributions in binary form must reproduce the above copyright notice,
21 this list of conditions and the following disclaimer in the documentation and/or
22 other materials provided with the distribution.
23 * Neither the Members of the Open ROADM MSA Agreement nor the names of its
24 contributors may be used to endorse or promote products derived from this software
25 without specific prior written permission.
27 THIS SOFTWARE IS PROVIDED BY THE MEMBERS OF THE OPEN ROADM MSA AGREEMENT ''AS IS''
28 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
29 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30 IN NO EVENT THE MEMBERS OF THE OPEN ROADM MSA AGREEMENT BE LIABLE FOR ANY DIRECT,
31 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32 NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
33 OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
34 WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 POSSIBILITY OF SUCH DAMAGE.
38 Also contains code components extracted from IETF netconf. These code components
39 are copyrighted and licensed as follows:
41 Copyright (c) 2016 IETF Trust and the persons identified as the document authors.
44 This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating
45 to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of
46 publication of this document. Please review these documents carefully, as they
47 describe your rights and restrictions with respect to this document. Code Components
48 extracted from this document must include Simplified BSD License text as described in
49 Section 4.e of the Trust Legal Provisions and are provided without warranty as
50 described in the Simplified BSD License.";
76 "This module serves as the manifest file reference.";
79 identity manifest-commands {
81 "base identity for defining manifest-commands.";
84 identity download-file {
85 base manifest-commands;
87 "download-file (transfer from OWB-C to Device)";
90 identity upload-file {
91 base manifest-commands;
93 "upload-file (transfer from Device to OWB-C)";
96 identity delete-file {
97 base manifest-commands;
99 "delete-file from device";
102 identity sw-manifest-commands {
103 base manifest-commands;
105 "base identity for defining manifest-commands specific to sw-manifest.";
109 base sw-manifest-commands;
111 "sw-stage sw-manifest-command";
114 identity sw-activate {
115 base sw-manifest-commands;
117 "sw-activate sw-manifest-command";
120 identity cancel-validation-timer {
121 base sw-manifest-commands;
123 "cancel-validation-timer sw-manifest-command";
126 identity db-backup-manifest-commands {
127 base manifest-commands;
129 "base identity for defining manifest-commands specific to db-backup-manifest.";
133 base db-backup-manifest-commands;
135 "db-backup db-backup-manifest-command";
138 identity db-restore-manifest-commands {
139 base manifest-commands;
141 "base identity for defining manifest-commands specific to db-restore-manifest.";
144 identity db-restore {
145 base db-restore-manifest-commands;
147 "db-restore db-restore-manifest-command";
150 identity db-activate {
151 base db-restore-manifest-commands;
153 "db-activate db-restore-manifest-command";
156 identity cancel-rollback-timer {
157 base db-restore-manifest-commands;
159 "cancel-rollback-timer db-restore-manifest-command";
162 grouping base-manifest {
164 "base set of variables in all manifest files";
169 "This field should match the /org-openroadm-device/info/vendor.
170 It is assumed that the vendor value does not change during the
171 processing of the manifest file.
173 The controller agent would use the vendor and model to find the
174 manifest for an Open ROADM NE. The controller agent would also
175 use the vendor and model to validate that this is a valid manifest
176 for the Open ROADM NE.
183 "This field should match the /org-openroadm-device/info/model.
184 It is assumed that the model value does not change during the
185 processing of the manifest file.
187 The controller agent would use the vendor and model to find the
188 manifest for an Open ROADM NE. The controller agent would also
189 use the vendor and model to validate that this is a valid manifest
190 for the Open ROADM NE.
196 "This field should match the
197 /org-openroadm-device/info/softwareVersion.
198 This is the value in the info tree AFTER an upgrade.
201 leaf global-async-timeout {
205 "global-async-timeout - time in seconds to wait for command processing to
208 Upon timeout, the controller may either:
211 - poll the device to determine success/failure of the operation
213 This global-async-timeout applies to any asynchronous command.
216 leaf global-sync-timeout {
219 "global-sync-timeout - time in seconds to wait for the rpc response for
220 synchronous commands.
222 This global-sync-timeout applies to any synchronous command.
224 Upon timeout, the controller may either:
227 - poll the device to determine success/failure of the operation
229 No default is modeled; if not provided, defaults to the global
230 timeout supported by the controller for rpc responses.
235 grouping timeout-command {
237 "timeout-command is to be used by any manifest command supporting a timeout";
241 "See command for additional details.
243 - overrides the global-async-timeout;
244 - defaults to the global-async-timeout if not provided.
246 - overrides the global-sync-timeout;
247 - defaults to the global-sync-timeout if not provided.
252 grouping is-async-command {
254 "is-async-command is to be supported by all manifest commands even if only
255 supported as sync or async. In such cases, a must statement should be
256 included to limit support to either sync or async.";
261 "command can be supported as either an async or sync command by a vendor.
262 When supported as a sync command, the OWB-C will determine the success/failure
263 of the command based on the RPC response instead of waiting for transient
264 notifications from the device.";
268 grouping transfer-command {
270 "transfer-command defines the common set of variables used by download-file
272 leaf remote-filename {
276 "See command for detailed description.";
278 leaf local-file-path {
282 "See command for detailed description.";
284 uses timeout-command;
285 uses is-async-command;
288 grouping file-command {
290 "file-command is used by all manifest files needing a filename";
294 "filename is mandatory for delete-file; optional otherwise.
295 See command for detailed description.";
299 grouping command-reboot {
301 "command-reboot is used by manifest commands which result in a
307 "See command for detailed description.";
311 grouping download-file-command {
314 container download-file {
315 when "../command = 'download-file'";
317 "Transfer a file from the SFTP server to the device.
318 format: download-file remote-filename local-file-path [timeout]
320 remote-filename is the filename of the file to transfer on the SFTP
321 server. The filename can include a relative path that represents the
322 subdirectory structure of the vendor's software directory. This file
323 (and optional path) must exist in the software release directory on
326 local-file-path is the local path and filename to transfer the file on
329 timeout - see timeout-command grouping for basic details;
331 - Receipt of an in-progress (version 2)
332 transfer-notification resets the timeout.
334 Maps to the transfer rpc with
336 local-file-path = local-file-path
338 sftp://user:password@host[:port]/path/remote-filename
340 The remote-file-path attribute on the transfer command would be
341 constructed by the software download agent by appending the sftp URL
342 (which includes username, password, host, port, and path to the
343 software release directory) with the remote_filename.
345 In the context of the transfer, remote is the SFTP server (e.g., located
346 on the software download agent) and local is on the Open ROADM device.
348 Expected notifications: transfer-notification
350 uses transfer-command;
354 grouping upload-file-command {
356 "upload-file-command";
357 container upload-file {
358 when "../command = 'upload-file'";
360 "Transfer a file from the device to the SFTP server.
361 format: upload-file remote-filename local-file-path [timeout]
363 remote-filename is the filename of the file to receive the upload
364 on the SFTP server. The filename can include a relative path that
365 represents the subdirectory structure of the vendor's software
368 local-file-path is the local path and filename of the file on
369 the device to be uploaded to the SFTP server. This file must exist on
372 timeout - see timeout-command grouping for basic details;
374 - Receipt of an in-progress (version 2)
375 transfer-notification resets the timeout.
377 Maps to the transfer rpc with
379 local-file-path = local-file-path
381 sftp://user:password@host[:port]/path/remote-filename
383 The remote-file-path attribute on the transfer command would be
384 constructed by the software download agent by appending the sftp URL
385 (which includes username, password, host, port, and path to the
386 software release directory) with the remote_filename.
388 In the context of the transfer, remote is the SFTP server (e.g., located
389 on the software download agent) and local is on the Open ROADM device.
391 Expected notifications: transfer-notification
393 uses transfer-command;
397 grouping delete-file-command {
399 "delete-file-command";
400 container delete-file {
401 when "../command = 'delete-file'";
402 must "is-async != 'false'" {
403 error-message "delete-file is only supported as sync command";
406 "Delete a file from the device's file system.
407 format: delete-file filename [timeout]
409 filename is the filename to be deleted from the device. The filename
410 may include path information.
412 timeout - overrides the global-sync-timeout; defaults to the
413 global-sync-timeout if not provided.
415 Maps to the delete-file rpc:
423 uses timeout-command;
424 uses is-async-command;
428 grouping sw-stage-command {
432 when "../command = 'sw-stage'";
434 "Stage a file in the device. The details of what a device does during
435 the staging operation is vendor specific. However, the vendor may
436 initiate additional file transfers from the SFTP server during the
437 staging operation. It is expected that the files will only be
438 transferred from the software release directory.
440 format: sw-stage [filename] [timeout]
442 filename is the filename of the file to stage. If filename is not
443 provided, the software download application will send the sw-stage
444 command without a filename.
446 timeout - overrides the global-async-timeout; defaults to the
447 global-async-timeout if not provided.
450 Maps to the sw-stage rpc:
453 Expected notifications: sw-stage-notification
456 uses timeout-command;
457 uses is-async-command;
461 grouping wait-time-command {
463 "Wait timer starting from the completion of sw-activate or db-activate before canceling the validation timer or rollback timer";
468 "See command for detailed description.";
472 grouping sw-activate-command {
474 "sw-activate-command";
475 container sw-activate {
476 when "../command = 'sw-activate'";
477 must "is-async != 'true'" {
478 error-message "sw-activate is only supported as async command";
481 "Activate a software load in a device. The details of what a device does
482 during the activation phase is vendor specific. The device initiates
483 an automatic reboot as part of the activation.
485 format: sw-activate version [validation-timer] [timeout] auto-reboot
487 version: The version of software that is being activated. (The current
488 YANG model indicates that version is optional; however, version should
489 be a mandatory attribute of the sw-activate command in the manifest
492 validation-timer: Validation timer setting for the software activation.
493 Format is expected to be in the form HH-MM-SS per the YANG model. The
494 software download application expects this format in order to treat
495 00-00-00 and no validation timer as the same use case.
497 timeout - overrides the global-async-timeout; defaults to the
498 global-async-timeout if not provided. This timer begins as soon as the
499 sw-activate processing begins. timeout must be greater than the
502 auto-reboot: time (in seconds) to wait to for the device to reboot.
503 This is the device restart time (e.g. the length of time from device
504 comm loss until the device is ready for login). This timer begins when
505 the controller detects the comm-loss from the device. If login is not
506 successful when this timer expires, the sw-activate is failed.
508 NOTE: if controller swdl application is not doing the login directly,
509 the controller may need to augment the auto-reboot timer to account for
512 Maps to the sw-activate rpc:
513 sw-activate version [validationTimer]
515 Expected notifications: sw-activate-notification
516 When no validation timer (or validation-timer = 00-00-00), two
517 notifications will be expected: one for activate, the other for
518 commit. Otherwise, only the activate notification is expected.
520 NOTE: the sw-activate-notifications (for activate) may be received
521 before or after the reboot; it is assumed the sw-activate-notification
522 (for commit) always occurs after the reboot. Any polling due to missed
523 sw-activate-notifications (activate and/or commit) should not be done
524 until after the reboot login; processing of sw-activate does not
525 complete until after receipt of the notifications and the reboot login.
531 "Although version is optional in the sw-activate rpc, it is
532 mandatory in the manifest file command.";
534 leaf validation-timer {
539 uses timeout-command;
541 uses is-async-command;
545 grouping cancel-validation-timer-command {
547 "cancel-validation-timer-command";
548 container cancel-validation-timer {
549 when "../command = 'cancel-validation-timer'";
551 "Command to automatically cancel the validation timer after wait-time.
552 Accept will be set to True if this command is used.
554 format: cancel-validation-timer wait-time [time-out]
557 wait-time - wait timer starting from the completion of
558 sw-activate before canceling the validation timer.
560 timeout - see timeout-command grouping for basic details.
562 Expected notifications: sw-activate-notification
563 commit notification is expected.
565 uses wait-time-command;
566 uses timeout-command;
567 uses is-async-command;
571 grouping db-backup-command {
574 container db-backup {
575 when "../command = 'db-backup'";
577 "Perform a database backup on the device.
579 format: db-backup [filename] [timeout]
581 filename is the filename of the backup file to be generated on the
582 device. If filename is not provided, the database backup application
583 will send the db-backup command without a filename. It's possible the
584 filename will not be statically provided in the manifest file, but
585 provided by the database backup application.
587 timeout - see timeout-command grouping for basic details;
589 Maps to the db-backup rpc:
592 Expected notifications: db-backup-notification
595 uses timeout-command;
596 uses is-async-command;
600 grouping db-restore-command {
602 "db-restore-command";
603 container db-restore {
604 when "../command = 'db-restore'";
606 "Perform a database restore on the device.
608 format: db-restore [filename] [node-id-check] [timeout]
610 filename is the filename of the file to be restored on the
611 device. If filename is not provided, the database restore application
612 will send the db-restore command without a filename. It's possible the
613 filename will not be statically provided in the manifest file, but
614 provided by the database restore application.
616 node-id-check is a boolean indicating whether sysNameCheck is required.
618 timeout - see timeout-command grouping for basic details;
620 Maps to the db-restore rpc:
621 db-restore [filename] [nodeIDCheck]
623 Expected notifications: db-restore-notification
630 "Defined as an string here so that manifest file can parameterize
631 the value for user input. __NODE-ID-CHECK is used for that purpose. Other valid
632 values are true or false. Maps to a boolean value in the rpc invocation.";
634 uses timeout-command;
635 uses is-async-command;
639 grouping cancel-rollback-timer-command {
641 "cancel-rollback-timer-command";
642 container cancel-rollback-timer {
643 when "../command = 'cancel-rollback-timer'";
645 "Command to automatically cancel the rollback timer after wait-time.
646 Accept will be set to True if this command is used.
648 format: cancel-rollback-timer wait-time [timeout]
650 wait-time - Wait timer starting from the completion of
651 db-activate before canceling the rollback timer.
653 timeout - see timeout-command grouping for basic details.
655 Expected notifications: db-activate-notification
656 commit notification is expected.
658 uses wait-time-command;
659 uses timeout-command;
660 uses is-async-command;
664 grouping db-activate-command {
666 "db-activate-command";
667 container db-activate {
668 when "../command = 'db-activate'";
669 must "is-async != 'true'" {
670 error-message "db-activate is only supported as async command";
673 "Activate a database on a device. The details of what a device does
674 during the activation phase is vendor specific. The device initiates
675 an automatic reboot as part of the activation.
677 format: db-activate [rollback-timer] [timeout] auto-reboot
679 rollback-timer: Rollback timer setting for the database activation.
680 Format is expected to be in the form HH-MM-SS per the YANG model. The
681 database activation application expects this format in order to treat
682 00-00-00 and no validation timer as the same use case.
684 timeout - overrides the global-async-timeout; defaults to the
685 global-async-timeout if not provided. This timer begins as soon as the
686 db-activate processing begins. timeout must be greater than the
689 auto-reboot: time (in seconds) to wait to for the device to reboot.
690 This is the device restart time (e.g. the length of time from device
691 comm loss until the device is ready for login). This timer begins when
692 the controller detects the comm-loss from the device. If login is not
693 successful when this timer expires, the db-activate is failed.
695 NOTE: if controller database application is not doing the login
696 directly, the controller may need to augment the auto-reboot timer to
697 account for the login time.
699 Maps to the db-activate rpc:
700 db-activate [rollBackTimer]
702 Expected notifications: db-activate-notification
703 When no rollback timer (or rollback-timer = 00-00-00), two
704 notifications will be expected: one for activate, the other for
705 commit. Otherwise, only the activate notification is expected.
707 NOTE: the db-activate-notifications (for activate) may be received
708 before or after the reboot; it is assumed the db-activate-notification
709 (for commit) always occurs after the reboot. Any polling due to missed
710 db-activate-notifications (activate and/or commit) should not be done
711 until after the reboot login; processing of db-activate does not
712 complete until after receipt of the notifications and the reboot login.
714 leaf rollback-timer {
719 uses timeout-command;
721 uses is-async-command;
725 container sw-manifest {
726 presence "The sw-manifest instructions for swdl operations have been defined.";
728 "The manifest file provides instructions to a software download
729 application to download and install a new software load into a vendor's
732 Software download files
733 All vendor files for a software release should be stored in a
734 separate directory. A unique directory would be used for each vendor,
735 model and software release combination. This directory and all files in
736 that directory will be accessible by the SFTP server.
737 The software directory can be flat or hierarchical with
738 subdirectories. The manifest file should be in the root directory of the
740 A software directory must contain files for one and only one
744 Each software release directory shall contain a manifest file for
745 that release. The filename for the manifest file shall be sw-manifest.json.
748 refine "sw-version" {
752 list instruction-set {
755 "The instruction set for a list of sw-versions that can be upgraded to
756 the sw-version specified at the top of the manifest file.";
760 "The index for this instruction set.";
762 leaf-list from-sw-version {
765 "The optional list of sw-versions that can be upgraded to the
766 sw-version specified at the top of the sw-manifest file.
768 If not specified, this instruction set is used to upgrade from
769 any sw-version to the sw-version specified at the top of the
772 If multiple instruction sets are provided, from-sw-version
773 should always be defined.";
775 leaf is-commit-sw-activate-async {
779 "Is cancel-validation-timer (accept = true) supported as an
780 async or sync command on the device? If supported as sync, the rpc response
781 is used to determine success/failure instead of waiting for transient notifications
783 NOTE: cancel-validation-timer (accept = false) requires a reboot so is
784 always considered async";
786 leaf cancel-validation-timer-async-timeout {
789 "timeout value to use for cancel-validation-timer when supported as
790 an async command. If not specified, the global-async-timeout is used.";
792 leaf cancel-validation-timer-sync-timeout {
795 "timeout value to use for cancel-validation-timer (accept = true) when
796 supported as a sync command. If not specified, the global-sync-timeout
799 container sw-manifest-commands {
801 "The ordered list of commands to be processed. Since some yang
802 implementations do not support ordered-by user, the list is also
803 indexed by command-order. The commands should be processed
804 in the order of command-order.
806 Processing moves to the next command when:
807 1. command is synchronous and rpc returns a successful result.
808 2. command is asynchronous, the rpc returns a successful result,
810 2.1 expected successful notification(s) have been received; or
813 Processing of the manifest file is aborted when:
814 1. command is synchronous and rpc returns a failed result.
815 2. command is asynchronous, and:
816 2.1 the rpc returns a failed result; or
817 2.2 a failed notification is received; or
820 NOTE: behavior for timeouts (synchronous or asynchronous) may depend upon
821 controller implementation per command. It may be considered either:
822 - as a successful result
824 - as a success or failure based on polling the device
826 list sw-manifest-command {
830 "The list of commands to be processed.";
834 "The order in which commands should be processed.";
838 base sw-manifest-commands;
842 "The command to be processed.";
844 uses download-file-command;
845 uses delete-file-command;
846 uses sw-stage-command;
847 uses sw-activate-command;
848 uses cancel-validation-timer-command;
853 container db-backup-manifest {
854 presence "The db-backup-manifest template for db-backup operations has been defined.";
856 "The manifest file provides instructions to a database operations
857 application to backup the database on a device.
859 Since the files used for these operations are likely user selected,
860 these manifest files are more likely used by the controller as a
861 template to control the overall flow of a backup operation and provide
862 a means of providing customized timeout values.
864 The following strings will be recognized as parameters to be replaced
865 by the user selected values: __LOCAL-FILE-PATH, __REMOTE-FILENAME.
868 Each vendor/model combination can have a separate manifest file
869 defined for backup. These shall be named db-backup-manifest.json.
872 container db-backup-manifest-commands {
874 "The ordered list of commands to be processed. Since some yang
875 implementations do not support ordered-by user, the list is also
876 indexed by command-order. The commands should be processed
877 in the order of command-order.
879 Processing moves to the next command when:
880 1. command is synchronous and rpc returns a successful result.
881 2. command is asynchronous, the rpc returns a successful result,
883 2.1 expected successful notification(s) have been received; or
886 Processing of the manifest file is aborted when:
887 1. command is synchronous and rpc returns a failed result.
888 2. command is asynchronous, and:
889 2.1 the rpc returns a failed result; or
890 2.2 a failed notification is received; or
893 NOTE: behavior for timeouts (synchronous or asynchronous) may depend upon
894 controller implementation per command. It may be considered either:
895 - as a successful result
897 - as a success or failure based on polling the device
899 list db-backup-manifest-command {
903 "The list of commands to be processed.";
907 "The order in which commands should be processed.";
911 base db-backup-manifest-commands;
915 "The command to be processed.";
917 uses upload-file-command;
918 uses delete-file-command;
919 uses db-backup-command;
923 container db-restore-manifest {
924 presence "The db-restore-manifest template for db-restore operations has been defined.";
926 "The manifest file provides instructions to a database operations
927 application to restore the database on a device.
929 Since the files used for these operations are likely user selected,
930 these manifest files are more likely used by the controller as a
931 template to control the overall flow of a restore operation and provide
932 a means of providing customized timeout and auto-reboot values.
934 The following strings will be recognized as parameters to be replaced
935 by the user selected values: __LOCAL-FILE-PATH, __REMOTE-FILENAME,
939 Each vendor/model combination can have a separate manifest file
940 defined for restore. These shall be named db-restore-manifest.json.
943 leaf is-commit-db-activate-async {
947 "Is cancel-rollback-timer (accept = true) supported as an
948 async or sync command on the device? If supported as sync, the rpc response
949 is used to determine success/failure instead of waiting for transient notifications
951 NOTE: cancel-rollback-timer (accept = false) requires a reboot so is
952 always considered async";
954 leaf cancel-rollback-timer-async-timeout {
957 "timeout value to use for cancel-rollback-timer when supported as
958 an async command. If not specified, the global-async-timeout is used.";
960 leaf cancel-rollback-timer-sync-timeout {
963 "timeout value to use for cancel-rollback-timer (accept = true) when
964 supported as a sync command. If not specified, the global-sync-timeout
967 leaf database-init-sync-timeout {
970 "timeout value to use for database-init command. If not specified,
971 the global-sync-timeout is used.";
973 container db-restore-manifest-commands {
975 "The ordered list of commands to be processed. Since some yang
976 implementations do not support ordered-by user, the list is also
977 indexed by command-order. The commands should be processed
978 in the order of command-order.
980 Processing moves to the next command when:
981 1. command is synchronous and rpc returns a successful result.
982 2. command is asynchronous, the rpc returns a successful result,
984 2.1 expected successful notification(s) have been received; or
987 Processing of the manifest file is aborted when:
988 1. command is synchronous and rpc returns a failed result.
989 2. command is asynchronous, and:
990 2.1 the rpc returns a failed result; or
991 2.2 a failed notification is received; or
994 NOTE: behavior for timeouts (synchronous or asynchronous) may depend upon
995 controller implementation per command. It may be considered either:
996 - as a successful result
998 - as a success or failure based on polling the device
1000 list db-restore-manifest-command {
1001 key "command-order";
1004 "The list of commands to be processed.";
1005 leaf command-order {
1008 "The order in which commands should be processed.";
1012 base db-restore-manifest-commands;
1016 "The command to be processed.";
1018 uses download-file-command;
1019 uses delete-file-command;
1020 uses db-restore-command;
1021 uses db-activate-command;
1022 uses cancel-rollback-timer-command;