On Wed, Aug 4, 2021 at 6:39 AM Jürgen Schönwälder < j.schoenwael...@jacobs-university.de> wrote:
> The figure in RFC 8342 section 5 documents what was agreed upon > before. System configuration flows into <operational> but not upwards > into <running>. Over the years, we discussed several corner cases > (including things like configuring a new user and the system > automatically assigns an unused uid, which afterwards needs to be kept > stable). While there are for sure tricky corner cases, I am not > convinced that the model defined in RFC 8342 for the general cases is > wrong and that merging a new system datastore into <running> is the > right approach. If people want to change the model documented in RFC > 8342, then they should make an explicit statement about this and > provide strong reasons that the model is flawed or incomplete. > > Note that the model does allow having a system client merging config > into <running> (ideally controlled by an ACM so that such a client can > be turned off if it leads to surprises). > This is a solved problem in proprietary ways. It is simple to treat system config as an access control issue. I am quite concerned that NMDA is getting extended in ways that lead to confusion and poor interoperability. Adding a new datastore is very serious. IMO ANY new datastore (even factory default) should be standardized in a new version of NMDA (replacing RFC 8342). A datastore has a lot of baggage - YANG library - YANG XPath evaluation - subtree and XPath filtered retrieval - usage in RPC operations (ds:datastore data type parameter) Every time a datastore is added, all the existing RPC operations that use datastores need to be clarified wrt/ support for the new datastore. (Of course this is never done, leading to lots of interoperability issues) I am quite confused by the XPath discussions because XPath can only access existing nodes (i.e. the "accessible tree") https://datatracker.ietf.org/doc/html/rfc7950#section-6.4.1 So what does it mean for the system datastore to contain possible values that cannot be represented in <operational>? The accessible tree cannot include these values, so XPath-based validation cannot use them. > /js > > Andy > On Wed, Aug 04, 2021 at 12:34:45PM +0000, Kent Watsen wrote: > > > > I am confused by the confusion ;) > > > > You all know that JUNOS implemented this concept before YANG was even a > thing, right? > > > > Admittedly, it’s not a “datastore“, but flexing the NMDA is where we can > do better. > > > > A “with-system” mechanism could also work. The only downside is the > inability for a client to get only the system configuration, without the > rest of <running>. > > > > Please stop stating/suggesting “config true” nodes are referencing > “config false” nodes, or that config is referencing operational state. > There is no intention to break either of these tenants here. > > > > I think that some folks just joined the conversation and may have missed > out when we covered all this before. > > > > The draft needs to be updated to more clearly identify the goals. > > > > K. > > > > > > > > _______________________________________________ > > netmod mailing list > > netmod@ietf.org > > https://www.ietf.org/mailman/listinfo/netmod > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > Fax: +49 421 200 3103 <https://www.jacobs-university.de/> >
_______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod