diff --git a/src/sonic-yang-models/doc/Configuration.md b/src/sonic-yang-models/doc/Configuration.md index bb0b2f87c630..aea5fb1abd09 100644 --- a/src/sonic-yang-models/doc/Configuration.md +++ b/src/sonic-yang-models/doc/Configuration.md @@ -2618,20 +2618,41 @@ There are 4 classes } ``` +### SERIAL_CONSOLE + +In this table collected configuration of the next serial-console attributes: +- inactivity_timeout - Inactivity timeout for serial-console session, allowed values: 0-35000 (minutes), default value: 15 +- sysrq_capabilities - Enabling or disabling SysRq functionality for serial-console session, allowed values: enabled/disabled, default value disabled + +``` +{ + SERIAL_CONSOLE:{ + "POLICIES":{ + "inactivity_timeout": 15 + "sysrq_capabilities": "disabled" + } + } +} +``` + ### SSH_SERVER -In this table, we allow configuring ssh server global settings. This will feature includes 3 configurations: +In this table, we allow configuring ssh server global settings. This will feature includes 5 configurations: - authentication_retries - number of login attepmts 1-100 - login_timeout - Timeout in seconds for login session for user to connect 1-600 - ports - Ssh port numbers - string of port numbers seperated by ',' +- inactivity_timeout - Inactivity timeout for SSH session, allowed values: 0-35000 (min), default value: 15 (min) +- max_sessions - Max number of concurrent logins, allowed values: 0-100 (where 0 means no limit), default value: 0 ``` { "SSH_SERVER": { "POLICIES":{ "authentication_retries": "6", "login_timeout": "120", - "ports": "22" + "ports": "22", + "inactivity_timeout": "15", + "max_sessions": "0" } } } diff --git a/src/sonic-yang-models/setup.py b/src/sonic-yang-models/setup.py index bf0372b8f61c..0d891b21ad76 100644 --- a/src/sonic-yang-models/setup.py +++ b/src/sonic-yang-models/setup.py @@ -201,6 +201,7 @@ def run(self): './yang-models/sonic-macsec.yang', './yang-models/sonic-bgp-sentinel.yang', './yang-models/sonic-bmp.yang', + './yang-models/sonic-serial-console.yang', './yang-models/sonic-smart-switch.yang',]), ('cvlyang-models', ['./cvlyang-models/sonic-acl.yang', './cvlyang-models/sonic-banner.yang', @@ -243,6 +244,7 @@ def run(self): './cvlyang-models/sonic-nat.yang', './cvlyang-models/sonic-nvgre-tunnel.yang', './cvlyang-models/sonic-pbh.yang', + './cvlyang-models/sonic-ssh-server.yang', './cvlyang-models/sonic-policer.yang', './cvlyang-models/sonic-port.yang', './cvlyang-models/sonic-portchannel.yang', @@ -278,6 +280,7 @@ def run(self): './cvlyang-models/sonic-system-port.yang', './cvlyang-models/sonic-macsec.yang', './cvlyang-models/sonic-bmp.yang', + './cvlyang-models/sonic-serial-console.yang', './cvlyang-models/sonic-bgp-sentinel.yang']), ], zip_safe=False, diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json index 4cf42f535c60..d7486e42d015 100644 --- a/src/sonic-yang-models/tests/files/sample_config_db.json +++ b/src/sonic-yang-models/tests/files/sample_config_db.json @@ -2410,7 +2410,16 @@ "POLICIES":{ "authentication_retries": "6", "login_timeout": "120", - "ports": "22" + "ports": "22", + "inactivity_timeout": "15", + "max_sessions": "0" + } + }, + + "SERIAL_CONSOLE": { + "POLICIES":{ + "inactivity_timeout": "15", + "sysrq_capabilities": "disabled" } }, diff --git a/src/sonic-yang-models/yang-models/sonic-serial-console.yang b/src/sonic-yang-models/yang-models/sonic-serial-console.yang new file mode 100644 index 000000000000..7d9c0394421e --- /dev/null +++ b/src/sonic-yang-models/yang-models/sonic-serial-console.yang @@ -0,0 +1,37 @@ +//filename: sonic-serial-console.yang +module sonic-serial-console { + yang-version 1.1; + namespace "http://github.com/Azure/sonic-serial-console"; + prefix cli-sessions; + description "SERIAL_CONSOLE YANG Module for SONiC-based OS"; + revision 2023-06-07 { + description "First Revision"; + } + container sonic-serial-console { + container SERIAL_CONSOLE { + description "SERIAL_CONSOLE part of config_db.json"; + container POLICIES { + leaf inactivity_timeout { + description "serial-console inactivity-timeout timer value in minutes"; + type int32 { + range "0..35000"; + } + default 15; + } + + leaf sysrq_capabilities { + description "managing SysRq capabilities"; + type enumeration { + enum disabled; + enum enabled; + } + default disabled; + } + } + /* end of container POLICIES */ + } + /* end of container SERIAL_CONSOLE */ + } + /* end of top level container */ +} +/* end of module sonic-serial-console */ diff --git a/src/sonic-yang-models/yang-models/sonic-ssh-server.yang b/src/sonic-yang-models/yang-models/sonic-ssh-server.yang index a53fddac5bfc..fb17159eea94 100644 --- a/src/sonic-yang-models/yang-models/sonic-ssh-server.yang +++ b/src/sonic-yang-models/yang-models/sonic-ssh-server.yang @@ -11,6 +11,11 @@ module sonic-ssh-server { description "First Revision"; } + + revision 2023-06-07 { + description + "Introduce inactivity timeout and max syslogins options"; + } container sonic-ssh-server { container SSH_SERVER { @@ -40,6 +45,20 @@ module sonic-ssh-server { } } } + leaf inactivity_timeout { + description "inactivity timeout (in minutes), 0 means no timeout"; + default 15; + type uint32 { + range 0..35000; + } + } + leaf max_sessions { + description "limit of concurrent system logins, 0 means no limit"; + default 0; + type uint32 { + range 0..100; + } + } }/*container policies */ } /* container SSH_SERVER */ }/* container sonic-ssh-server */