From 2cbcae981c10ed1fa1e21b0d424b53c2b9888267 Mon Sep 17 00:00:00 2001 From: Yevhen Fastiuk Date: Sat, 13 May 2023 16:04:59 +0300 Subject: [PATCH] Update Configuration reference Signed-off-by: Yevhen Fastiuk --- src/sonic-yang-models/doc/Configuration.md | 130 ++++++++++++++++++++- 1 file changed, 124 insertions(+), 6 deletions(-) diff --git a/src/sonic-yang-models/doc/Configuration.md b/src/sonic-yang-models/doc/Configuration.md index ab633a715850..e222b6725c2e 100644 --- a/src/sonic-yang-models/doc/Configuration.md +++ b/src/sonic-yang-models/doc/Configuration.md @@ -1474,6 +1474,35 @@ These configuration options are used to modify the way that ntp binds to the ports on the switch and which port it uses to make ntp update requests from. +***NTP Admin state*** + +If this option is set to `enabled` then ntp client will try to sync system time with configured NTP servers. +Otherwise, NTP client feature will be disabled. +``` +{ + "NTP": { + "global": { + "admin_state": "enabled" + } + } +} +``` + +***NTP Server role*** + +This option is used to control NTP server state on the switch. +If this option is set to `enabled` switch will act as NTP server. +By default `server_role` is `disabled`. +``` +{ + "NTP": { + "global": { + "server_role": "enabled" + } + } +} +``` + ***NTP VRF*** If this option is set to `default` then ntp will run within the default vrf @@ -1511,6 +1540,36 @@ for that address. } ``` +***NTP Authentication*** + +If this option is set to `enabled` then ntp will try to verify NTP servers it connects to. +This option **has no effect** if key is not set for NTP server. +By default it is `disabled` +``` +{ + "NTP": { + "global": { + "authentication": "enabled" + } + } +} +``` + +***NTP DHCP leases*** + +If this option is set to `enabled` then ntp client will try to use NTP servers provided by DHCP server. +If this option is set to `disabled` you will be able to use the user-configured NTP servers. +By default it is `enabled` +``` +{ + "NTP": { + "global": { + "dhcp": "enabled" + } + } +} +``` + ### NTP and SYSLOG servers These information are configured in individual tables. Domain name or IP @@ -1521,18 +1580,77 @@ attributes in those objects. ``` { "NTP_SERVER": { - "2.debian.pool.ntp.org": {}, - "1.debian.pool.ntp.org": {}, - "3.debian.pool.ntp.org": {}, - "0.debian.pool.ntp.org": {} + "2.debian.pool.ntp.org": { + "association_type": "pool", + "iburst": "on", + "admin_state": "enabled", + "version": 4 + }, + "1.debian.pool.ntp.org": { + "association_type": "pool", + "iburst": "off", + "admin_state": "enabled", + "version": 3 + }, + "3.debian.pool.ntp.org": { + "association_type": "pool", + "iburst": "on", + "admin_state": "disabled", + "version": 4 + }, + "0.debian.pool.ntp.org": { + "association_type": "pool", + "iburst": "off", + "admin_state": "disabled", + "version": 3 + } }, "NTP_SERVER": { - "23.92.29.245": {}, - "204.2.134.164": {} + "23.92.29.245": { + "association_type": "server", + "iburst": "on", + "admin_state": "enabled", + "version": 4, + "key": 3, + "trusted": "yes" + }, + "204.2.134.164": { + "association_type": "server", + "iburst": "on", + "admin_state": "enabled", + "version": 3 + } + } +} +``` +* `association_type` - is used to control the type of the server. It can be `server` or `pool`. +* `iburst` - agressive server polling `{on, off}`. +* `version` - NTP protool version to use `[3..4]`. +* `key` - authentication key id `[1..65535]` to use to auth the server. +* `admin_state` - enable or disable specific server. +* `trusted` - trust this server when auth is enabled. + +***NTP keys*** +``` +{ + "NTP_KEY": { + "1": { + "type": "md5", + "value": "bXlwYXNzd29yZA==", + "trusted": "yes" + }, + "42": { + "type": "sha1", + "value": "dGhlYW5zd2Vy", + "trusted": "no" + } } } ``` +* `type` - key type to use `{md5, sha1, sha256, sha384, sha512}`. +* `value` - base64 encoded key value. +* `trusted` - trust this NTP key `{yes, no}`. ***Syslog server*** ```