NSO 4.4 Release Note

tail-f_expert · ‎05-10-2017

NSO 4.4 is now downloadable, quotable, orderable, and ready for shipping.

Customers can download the new version from Download Software - Cisco Systems. The release is available from the Software Jive subspace if you are an NSO ATP partner.

Customers are recommended to upgrade to the latest NSO release at least annually, in order to take advantage of the latest features, and to remain on a supported version, as well as benefiting from the latest security updates.

The End-of-Life (EOL) policy is available at http://www.cisco.com/c/en/us/products/eos-eol-policy.html. Cisco NSO EOL notifications are at http://www.cisco.com/c/en/us/products/cloud-systems-management/network-services-orchestrator/eos-eol-notice-listing.html

This release includes the following changes:

NSO-4.4 [March 20, 2017]

========================

Removals:

- ncs: Previously deprecated leaf device-modifications in service-data

grouping has been removed. Action get-modifications should be used

instead of it.

Non-backwards compatible enhancements:

- ncs: In many cases it takes a long time to generate the changeset

towards the device (especially for CLI devices) due to large

configurations and/or quadratic dependency calculations. This means

that in systems where there is a high demand on throughput we would

like to calculate the changeset outside of the transaction lock. This

gives us the benefit that the lock could be released almost as soon as

the service code has been executed. It also gives us the benefit of

being able to support 'from' (pre-commit running) and 'to' (running)

transactions leveraged by the Network Element Drivers, no-overwrite

feature and reverse diff calculation if the device fails in the queue.

The key enabler to support these cases mentioned above is to allow

different views of the database to live beyond the commit. This is

implemented by keeping a snapshot database of the configuration tree

for devices and store changesets towards this snapshot database on a

per device basis. The snapshot database is updated when a device in the

queue has been processed (typically when a queue item has been

processed). This snapshot database is stored on disk for persistence

(the S.cdb file in the cdb directory).

In this scheme the snapshot database always represents the 'from'

(pre-commit running) transaction. The changeset towards the device is

the 'to' (running) transaction. When the device is processed the

changeset is applied to its backend, the snapshot database. If the

queue item or device has been removed from the queue the changeset

still needs to be applied in the order it would have been executed so

that the snapshot database still reflects how running looked at a

certain point in time. Even when a commit with no changes bound for the

commit queue is performed the snapshot database needs to be updated to

be in sync with CDB.

The snapshot database could be populated in two ways. This is

controlled by the /ncs-config/cdb/snapshot/pre-populate setting in the

ncs.conf file. This parameter controls if the snapshot datastore should

be pre-populated during upgrade. Switching this on or off implies

different trade-offs.

If set to 'false', NCS is optimized for using normal transaction

commits. The snapshot database is populated in a lazy manner (when a

device is committed through the commit queue for the first time). The

drawback is that this commit will suffer performance wise, which is

especially true for devices with large configurations. Subsequent

commits on the same devices will not have the same penalty.

If 'true', NCS is optimized for systems using the commit queue

extensively. This will lead to better performance when committing using

the commit queue with no additional penalty for the first time commits.

The drawbacks are that upgrade times will increase and an almost

doubling of NCS memory consumption.

- ncs: The no-overwrite now takes precedence over various kinds of

check-sync flags (out-of-sync-commit-behaviour=accept,

use-transaction-id=true, and commit no-out-of-sync-check). The

no-overwrite could now also be enabled by default on a per device level

with /devices/device/no-overwrite/enabled-by-default

(Issue tracker: #24328)

- ncs: NCS will now give an error on unknown attribute is encountered in

a service or config template. This is done to prevent typos and logical

mistakes e.g. when NETCONF 'operation' attribute is used instead of

'tags' attribute.

(Issue tracker: #24428)

- ncs: NSO is now able to issue RPC requests to a group of devices.

Added /devices/device-group/rpc

(Issue tracker: #24725)

- ncs: For devices the with want-reverse=true the reverse diff is now

sent when the device fails in the commit queue.

- ncs: The ncs-setup command is no longer included in a "system install",

since it is not usable in such an installation.

(Issue tracker: #26357)

- ncs: The --etc-setup option has been removed from the ncs-setup command

- this functionality is subsumed by the --system-install option to the

installer.

- JSON-RPC: The default for /ncs-config/webui/audit has been changed to

"false".

(Issue tracker: #21655)

- Python API: Python 3 support has been improved. NCS now requires at

least Python 3.4. In earlier releases only Python 3.3 was supported

(even though the docs claimed otherwise).

(Issue tracker: #24887)

- Python API: Assigning binary leafs using maagic now requires the value

to be in the same format as is returned when reading the value.

- Toolchain: The version of pyang that is included in the release no

longer checks the tailf-specific statements. Note that this does not

affect the ncsc compiler.

- Toolchain: By default, the YANG source module and submodules files are

now included in the .fxs file by the compiler, when the module is

exported to NETCONF or RESTCONF. This means that it is no longer

necessary to copy the YANG files to the loadPath in order to use

<get-schema>. If a YANG file is found both in the loadPath and in the

.fxs file, the file in the loadPath is used by the system.

The command line flag --no-yang-source can be used to not store the

YANG source in the .fxs file. Also, ncsc --strip-yang-source can be

used to remove the YANG source from an .fxs file.

Enhancements:

- ncs: NCS now ensures that validation of service input parameters is

done before the create code is called.

- ncs: It is now possible to manually manipulate the list of device's

capabilities during pre-provisioning (before the device is connected

for the first time). This can be done with the help of new actions

introduced with this feature:

- /devices/device/copy-capabilities

- /devices/device/find-capabilities

- /devices/device/add-capability

- /devices/device/capability/remove

In addition to this it is now possible to configure capability

profiles under /devices/profiles/capabilities-profile. For detailed

description of these actions refer to tailf-ncs-devices.yang.

(Issue tracker: #17466, #19525)

- ncs: Configurable range of allowed group size, the SSH server responds

to the client during a "diffie-hellman-group-exchange". The range will

be the intersection of what the client requests, if there is none the

key exchange will be aborted.

(Issue tracker: #18489, #22149)

- ncs: A new YANG extension, tailf:ned-default-handling ''mode'', has

been added. If used it will override the NED's native default handling

mode for that leaf.

(Issue tracker: #25189)

- ncs: The kickers are enhanced with a notification-kicker that makes it

possible to trigger on received netconf notifications. For more on this

see the development guide.

- ncs: New Yang annotation: tailf:ned-ignore-compare-config that can be

used to remove a changed leaf from compare-config.

For the tailf:aes-cfb-128-encrypted-string and the

tailf:des3-cbc-encrypted-string type, proper decryption/encryption will

be made of the data exchanged with a Netconf device.

(Issue tracker: #25826)

- ncs: NSO can now make a show command to copy parts of the device

configuration when doing no-overwrite for CLI and generic devices if

the NED supports it.

- ncs: It is now possible to execute commit dry-run outformat native

without establishing connection to the actual device. NEDs need to

implement this feature. It is implemented in NSO for NETCONF and SNMP

devices, while CLI and generic NEDs will by default fall back to the

previous behaviour which is to establish connection to the device.

In order to be able to execute commit dry-run outformat native offline

the implementation for NETCONF and SNMP devices requires the

capabilities of the device to be known, i.e. /devices/device/capability

list to contain relevant entries. This list is populated when

connecting to the device for the first time, or it can be manually

populated with add-capability or copy-capabilities actions. Other NEDs

(CLI or generic) implementing this feature might not have this

requirement, or have other requirements.

(Issue tracker: #25280)

- ncs: It is now possible to set the rollback "Label" and/or "Comment"

via MAAPI. See Maapi.setLabel(), Maapi.setComment(),

Maapi.candidateCommitInfo(), and Maapi.candidateConfirmedCommitInfo().

(Issue tracker: #25510, #26378)

- ncs: The information returned by Maapi.listRollback() now includes the

"Label" and/or "Comment" for each rollback.

(Issue tracker: #26378)

- ncs: Previously out-of-band changes for a non-transactional device with

a CLI or generic NED could be overwritten when a commit towards the

device failed and the reverse diff-set was sent to the device. This has

now been fixed.

- ncs: It is now possible to specify a "guard" for an insert operation on

ordered-by user list and leaf-list in service or API templates. A guard

identifies a range of elements in ordered-by user list or leaf-list so

that if all of the target elements to be inserted already exist in the

same order within this range, then their current position is preserved.

This is useful to avoid reordering a list or a leaf-list every time a

service is re-deployed, while being able to impose constraints on

elements' position in the list or leaf-list.

- ncs: For services that also have a plan, there is a new container

error-info in the plan container (see tailf-ncs-plan.yang). If a

transaction (updating the service) fails then the plan data "failed"

leaf is set and a reference to the service-log entry can be found in

the error-info container.

- ncs: The speed of the sync-from operation for CLI NEDs has been

improved. Improvements are mainly for large configurations and has been

measured to range from reducing the execution time by half to a fourth

but the improvement varies greatly between different NEDs and

configurations.

- ncs: Memory usage and processing time when a large commit is done for a

model with many 'when' expressions has been optimized.

(Issue tracker: #27185, #27210)

- CDB: Added CDB_GET_MODS_SUPPRESS_DEFAULTS flag for

cdb_get_modifications(), see confd_lib_cdb(3) for details.

(Issue tracker: #26542)

- CLI: Do not print 'tailf:cli-show-obu-comments' comments if a list is

currently being created.

(Issue tracker: #24734)

- CLI: Optimization to tailf:cli-diff-dependency. Making deletions faster

by not evaluating unnecessary dependencies.

(Issue tracker: #25131)

- CLI: When the difference between newly loaded cfg file and the one

existing on the device contains only comment, running 'show

configuration' caused an internal error. The comment shall be treated

as configuration difference in this case. This has now been fixed.

- CLI: The southbound interfaces of the CLI are now started already in

phase1. The northbound interfaces start in phase2 as before.

(Issue tracker: #26023)

- Cluster: Upgrade performance has been improved on service node in

cluster.

(Issue tracker: #25860)

- Documentation: Clarified documentation on 'tailf:meta-data'.

(Issue tracker: #26511)

- JSON-RPC: The method 'set_value' didn't support native JSON types for

the 'value' parameter. This is now supported.

(Issue tracker: #26405)

- NETCONF: It is now possible to invoke RPCs/actions on remote NETCONF

devices with output parameters containing an anyxml node.

- Python API: It was not possible to e.g. call an action from inside

another action or service if they were both registered to the same

ncs.dp.Daemon. This has been fixed.

- Python API: It was possible to assign random attributes to a Maagic

Node instance. This made it hard to spot code mistakes where attribute

names were misspelled. Assigning an unknown attribute now results in a

raised Exception.

- RESTCONF: Updated RESTCONF documentation to reflect current

implementation, based on RFC 8040. Also add sections briefly explaining

capabilities, schema resource, and tailf extensions.

- Smart Licensing: The NSO smart licensing integration now supports

configuration of proxy servers.

- Toolchain: ncsc now accepts deviation of unknown extension statements,

and checks the grammar for validity of deviations of known extensions.

(Issue tracker: #26728)

- Web Server: The SSL server has been updated to use a stronger default

prime number for Diffie-Hellman key exchange.

(Issue tracker: #26779)

Non-backwards compatible corrections:

- ncs: Previously you could get an internal error when configuring a

timeout value with a very high number and then performing an action

where this value is used, e.g. configuring the read-timeout value and

then connecting to the device. This has now been fixed.

- ncs: When a device supports transaction id we have the possibility to

detect out of band changes. This is used in normal commits. Before this

correction out of band changes were ignored when the commit queue was

used. To get the old behavior set the out-of-sync-commit-behavior in

the configuration:

set devices device XXXX out-of-sync-commit-behaviour accept

- Java API: NavuList.elem() method used to throw a runtime

StringIndexOutOfBoundsException when the argument was empty string.

This has been changed, so now it throws a NavuException instead.

(Issue tracker: #26621)

- Java API: Japi - CdbSubscription.getModification() methods only

accepted one CdbGetModificationFlag as an argument instead of an

EnumSet<CdbGetModificationFlag> to be able to set several flags in

combination. This has been fixed and the old methods have been

deprecated.

Also the result of getModification() did not correctly represent

deleted list entries which should be represented as a

ConfXMLParamStartDel instance followed by a ConfXMLParamStop in the end

of the listelement. This constitutes the backward incompatible change.

(Issue tracker: #26542)

- Python API: Creating or accessing a maagic list element with a single

string key when the key value contained a space character wasn't

possible without escaping the space. This has been fixed.

(Issue tracker: #25282)

- Toolchain: The treatment of backslash in double quoted strings in YANG

modules has changed. In YANG 1.1, it is illegal to have any character

except 'n' 't' '"' or '\' immediately after the backslash. In YANG 1

this is a warning (see

https://www.rfc-editor.org/errata_search.php?eid=4911)

The ncsc compiler now detects this and gives a warning if such a

string is found in a YANG version 1 module, and an error for a YANG

version 1.1 module.

- Web Server: Cipher suites using RC4 are no longer supported for the

SSL/TLS server, since this algorithm is not considered secure.

Corrections:

- ncs: A 'when'-expression could cause unsuccessful deletion of data

during rollbacks. This has now been fixed.

- ncs: A corrupt candidate (read-write mode) DB caused an internal error

during startup. This has now been fixed.

(Issue tracker: #24878)

- ncs: Re-deploying a service using a NED having the default handling

mode 'report-all' would in some cases cause the device to be out of

sync. This has been fixed.

(Issue tracker: #25189)

- ncs: When using commit queues from JSON RPC and specifying sync the RPC

would not wait until the transaction was done. This has been fixed.

Also, if there were any errors when communicating with some devices

they would not be reported, nor would they be displayed in the CLI when

executing 'commit commit-queue sync'. This has been fixed. Also, the

default behavior for commit queues was to perform an unlimited number

of retries when a transient error occurred when communicating with a

device. A new setting called

devices global commit-queue connection-failure-reconnect-retries

has been introduced to control this behavior. The default is

'unlimited'. Also, any non-transient errors that occured when

communicating with a device that initially could not be reached due to

transient errors, would be silently ignored and the commit queue system

would continue to try to reach the device. This has been fixed.

- ncs: The rename command could fail if a set-hook was invoked creating

node(s) that are currently being created by the rename command itself.

This has now been fixed.

(Issue tracker: #25519, #26634)

- ncs: Previously NCS failed to re-deploy or un-deploy a service that had

made changes to a leaf-list which through a schema upgrade was changed

to a leaf of the same type. This has now been fixed.

(Issue tracker: #26215, #26427)

- ncs: When connecting a new HA slave and at the same time doing a

controlled shutdown (e.g. ncs --stop) of the new to-be-slave, we could

end up sending faulty synchronization data to the master node which

could lead to a dead-lock in the master node. This has been fixed.

(Issue tracker: #25908)

- ncs: A 'choice' statement with a mandatory 'case' located beneath a

'when' statement could cause an internal error. This has now been

fixed.

(Issue tracker: #26397)

- ncs: Issuing certain commit queue actions would lead to an internal

error in none or slave HA mode. This has now been fixed.

- ncs: If NCS was started in a directory with frequently changing

contents such as /tmp, it could eventually crash due to filling up its

"atom table". This has been fixed.

(Issue tracker: #26516)

- ncs: If a data model had a symlink to a node that was augmented by

another model, the augmented nodes would in some cases not appear under

the symlink. This bug has been fixed.

(Issue tracker: #26689)

- ncs: Removed spurious debug output from 'ncs_cmd'.

(Issue tracker: #26724)

- ncs: Previously error messaged when doing move operations on a Juniper

devices was ignored. This has now been fixed.

(Issue tracker: #26823)

- ncs: NSO could sometimes fail during upgrade if there was inactive

configuration to be upgraded. This has been fixed.

(Issue tracker: #26794)

- ncs: Calling the action "packages reload" via MAAPI (e.g. using the

Python API) without providing input parameters resulted in an internal

error. This has been fixed.

(Issue tracker: #26697)

- ncs: Fixed bug where setting

/alarms/control/max-status-change-entries-per-alarm to 0 would generate

a harmless error message.

- ncs: When using dry-run for the device actions sync-to and sync-from

the action ignored the dry-run input parameter if the outformat was not

specified. This has now been corrected. The default cli format is used

in this case.

- ncs: An error was introduced in NSO 4.3 where RPC errors from Juniper

devices was ignored. This has now been fixed.

(Issue tracker: #27192, #27065, #26966)

- ncs: Previously when doing an XPath query through a JSONRPC request and

specifying a context node with an empty key an internal error would

occur. This has now been fixed.

(Issue tracker: #27063)

- ncs: During a deep-check-sync operation NSO could complain about failed

'when' expressions in an internal transaction used to evaluate the

result. This has been fixed so the 'when' expression are not checked

due to temporary nature of such transaction.

(Issue tracker: #26973)

- C-API: If tailf:meta-data was used on the first toplevel node in a YANG

module, the loaded schema would have a pointer to invalid data for the

meta-data. This has been fixed.

(Issue tracker: #26839)

- C-API: The confd_ha_connect() function could in some cases write a NUL

character outside an array on the stack. This has been fixed.

(Issue tracker: #26979)

- CDB: Fix race condition for transactions involving *both* config true

and false data. Transactions involving only config true data were not

affected. The race condition could lead to CDB ending up in a hung

state and a transaction commit never returning. A lock for the

operational part of CDB was partially and prematurely removed and other

transactions waiting for the lock were never processed.

Another side effect of the race condition was that some combinations

of transactions, e.g., starting a new transaction in a subscriber might

actually succeed (due to a lock being released prematurely), where it

should not. This might affect existing code.

To decrease the risk of deadlock for transactions involving

operational (config false) data, the lock taking for the operational

part of CDB has been moved to the commit, resulting in the lock being

held for a shorter duration. Locks for the operational part of CDB have

also been made (somewhat) more fine grained, so that a transaction

writing only in one namespace will not lock the whole operational part

CDB. Previously this might have been the case, depending on where in

the tree data was written.

The typical use-case where this fix can have an effect is with CDB

subscribers. It is known that writing config true data to CDB (using

Maapi) will deadlock if executed before the CDB_SUBSCRIBE_DONE call.

There is now a risk for the same deadlock for config false data (using

CDB or Maapi). To be safe all data written by a CDB subscriber should

be done after the CDB_SUBSCRIBE_DONE call and in an separate thread.

The recommendation is to use Kickers instead of CDB subscribers. Kicker

are safe in respect of this deadlock scenario.

- CDB: Fix bug when setting an operational choice using MAAPI. Changing

the case value did not work as intended when using an ordinary

transaction (allowing writes to both config true and false data).

Using an operational (config false) only transaction was not affected.

- CLI: When doing package upgrading, and then "commit dry-run outformat

cli", an error was encountered in certain cases. This has been fixed.

(Issue tracker: #17605, #20971, #24538, #25131, #26103, #25639)

- CLI: Auto completion in the CLI could miss displaying a <cr> or other

leafs when combining empty leafs with sequence commands. This has been

fixed.

- CLI: Add missing <cr> for '?' when displaying completion for leaf-list

type.

(Issue tracker: #22307)

- CLI: Fixed internal error in the CLI, that appeared when

'tailf:cli-flatten-container' was used and then

'tailf:cli-drop-node-name' was used in a child leaf.

- CLI: Description for the 'display' pipe 'service-meta-data' was

incorrect. This has been fixed.

- CLI: Combining lists with tailf:cli-sequence-commands and

tailf:cli-compact-syntax the CLI could miss printing out some data

nodes. This has been fixed.

(Issue tracker: #25367)

- CLI: The extension 'tailf:show-obu-comments' would sometimes not make

NEDs change the order of lists. This has been fixed.

(Issue tracker: #24289)

- CLI: Japanese characters in error-message got corrupted. This has now

been fixed.

(Issue tracker: #26764)

- CLI: Disallow empty string as a command when using abbreviated commands

in the CLI.

(Issue tracker: #26755)

- CLI: The performance of the CLI caching that was introduced has

degraded the overall performance of the CLI. This has been fixed.

- CLI: When giving a *leaf* in a list the same name as the parent list,

the CLI pipe target 'display xml' would not work properly. This has

been fixed.

(Issue tracker: #27056)

- Cluster: NCS cluster service nodes left open NETCONF sessions when

using dry-run. This has been fixed.

(Issue tracker: #25400)

- Cluster: If NSO was set up to run in cluster mode (i.e. when

/cluster/remote-node list is not empty) and packages reload was

initiated while NSO is running, then it would fail with "subagent

error". This has been fixed.

- Documentation: Corrected typo in kicker documentation.

(Issue tracker: #26887)

- Java API: Japi - Navu navigation over a choice with an empty case

yielded a NullPointerException. This has been fixed.

(Issue tracker: #26422)

- Java API: Setting a leaf or leaf-list to a value containing unicode

characters could fail with internal error. This has been fixed.

(Issue tracker: #27066)

- JSON-RPC: When a list had a key of type leafref the method

'get_leafref_values' didn't always return the correct values. This has

been fixed.

(Issue tracker: #24557)

- JSON-RPC: When calling "get_schema" with the option

"evaluate_when_entries" set to true, the resulting

"evaluated_when_entry" attribute was sometimes set to true when it

shouldn't. This has been fixed.

(Issue tracker: #25572)

- JSON-RPC: When a list had a key of type leafref the method

'get_leafref_values' didn't always return the correct values. This has

been fixed.

(Issue tracker: #26146, #26611)

- JSON-RPC: Re-added possibility to receive "new_user" and "del_user"

messages on the Comet channel when doing "subscribe_messages".

(Issue tracker: #26668)

- JSON-RPC: When calling an action through the 'run_action' method and

the action was broken in such a way that it returned something other

than was specified in the yang file, the session would be terminated

and all subsequent calls on that session would fail (in the WebUI you

would be logged out). This has been fixed.

- NETCONF: If a NETCONF device only advertised YANG 1.1 modules to NCS,

NCS would fail to connect to the device with the error:

Device <dev> does not have a Network Element Driver registered

This bug has been fixed.

- NETCONF: A leaf of type empty augmented from another module into the

'input' of an rpc caused a nortbound NETCONF session to terminate, and

the same for an action was delivered to the callback as an empty

container (i.e. with begin/end tags). These bugs have been fixed.

(Issue tracker: #27057, #27068)

- Python API: Iterating over a maagic container node didn't work and left

the user with an error message that was hard to understand. This has

been fixed by making all maagic nodes with children iterable.

(Issue tracker: #26514)

- Python API: A maagic Enum or Case could not be compared using the != or

<> operators. This has been fixed.

(Issue tracker: #26614)

- Python API: When enabling IPC access check in ncs.conf packages written

in Python didn't work. This has been fixed.

(Issue tracker: #27279)

- Python API: When a python service is changed or re-deployed the back

pointer and reference counter was lost. This has now been corrected.

To correct this for already instantiated python services do:

request /path-to-python-service * re-deploy

If the '*' is not accepted as input the service YANG file needs to be

updated by importing the tailf-common module:

import tailf-common {

prefix tailf; }

and add the tailf:cli-allow-range annotation to the key leaf node of

the service.

- REST API: If the candidate datastore is enabled and also the running

datastore is writable (aka writable running), the candidate is a

separate datastore which might be out-of-sync or empty. This would

result in empty results or missing values from the unified datastore.

To fix this, GET requests to the unified datastore now always query

the running datastore even when candidate and writable running are

enabled.

- REST API: REST/RESTCONF may now return multiple error messages.

- REST API: REST now returns more diversified error codes and messages at

action failures.

(Issue tracker: #26291)

- REST API: If RESTCONF was enabled, but not the legacy REST API,

accessing the resource /restconf/data/ietf-yang-library:modules-state

would result in a 500 internal error. This bug has been fixed.

- REST API: After a package reload, the REST server would fail to

correctly format some error responses. This bug has been fixed.

- RESTCONF: Fixed erroneous JSON output when depth query parameter was

used together with containers.

- RESTCONF: Reloading NCS configuration did not pick up RESTCONF

configuration changes, this has now been fixed.

(Issue tracker: #26371)

- RESTCONF: If the candidate datastore is enabled and also the running

datastore is writable (aka writable running), the candidate is a

separate datastore which might be out-of-sync or empty. This would

result in empty results or missing values from the unified datastore.

To fix this, GET requests to the unified datastore now always query

the running datastore even when candidate and writable running are

enabled.

(Issue tracker: #26681)

- RESTCONF: The RESTCONF example had errors in the instructions, these

are now fixed.

- Toolchain: Strict ordering of elements in project-meta-data.xml is no

longer required when using ncs-project.

(Issue tracker: #26041)

- Toolchain: The new YANG 1.1 functions "derived-from" and

"derived-from-or-self" always returned false. This bug has been fixed.

(Issue tracker: #26264, #26927)

- Toolchain: ncsc did not reject some invalid command-line arguments.

This has been fixed.

- Toolchain: A newline has been added after printing comments in pyang.

(Issue tracker: #26484)

- Web UI: Fixed various compatibility issues for IE9.

(Issue tracker: #26573)

- Web UI: Leafrefs pointing to leaf-lists were displayed as standard text

input. This has now been fixed with a drop down.

(Issue tracker: #25507)