NISH client

NISH client overview

This section describes some of the main features of the NISH client, including the interface for managing multiple SR OS nodes, navigation options, help and assistance options, direct access to Linux, SR OS node configuration, and operational state management.

SR OS node management

The NISH client provides an MD-CLI interface to multiple SR OS nodes. The NISH client uses the model-driven networking capabilities built into SR OS to identify the software version and obtain the MD-CLI schema for each SR OS node. This allows the NISH MD-CLI to generate the correct CLI tree that can be navigated within each SR OS node context. It also ensures that each node context is specific to its own software version.

The NISH client also allows the operator to issue Linux commands on the local machine, without leaving the MD-CLI shell. This capability provides increased productivity during extended management activities.

When launched, the NISH client provides an extensible MD-CLI interface. After the trademark, legal, and disclaimer information, NISH displays the following.

Starting nish application...
admin's password:
Connecting to test1 port 57400
!!! Creating unsecure connection !!!
 
Reading MD-CLI service capabilities...
 
Reading MD-CLI service event context...
[==============================================================================]
 
Reading MD-CLI service schemas...
[==============================================================================]
 
[]
A:admin@test1# ?
 
 admin                 + Enter the admin context
 configure             + Enter the configuration context
 environment           + Enter the environment configuration context
 file                  + Enter the file management context for file operations
 li                    + Enter the lawful intercept context
 password              - Change password command
 state                 + Show state information
 
 Global commands:
 back                  - Move back one or more levels
 delete                - Delete an element from the candidate datastore
 edit-config           - Enter a candidate configuration mode
 enable                - Enable administrative mode
 exec                  - Execute commands from a file
 exit                  - Return to the previous working context or to the → 
operational root
 history               - Show the most recently entered commands
 logout                - Exit the CLI session
 oam                   - Enter the oam context
 ping                  - Ping an IP address or DNS name
 pwc                   - Show the present working context
 ssh                   - Execute ssh command
 telnet                - Telnet to IP address or DNS name
 top                   - Move to the top level of the context
 traceroute            - Trace route to a destination
 tree                  - Show the command tree under the present working context

[]
A:admin@test1#

SR OS life cycle support

Beginning in Release 21.5.R1, the NISH client supports up to two prior SR OS major releases. This backwards compatibility is effective from SR OS Release 20.10.R1. As a hypothetical example, the NISH client instance with a version number 23.5.R1 supports SR OS Release 21.2.R1 and later.

The NISH client ensures that the SR OS version of the device that it connects to conforms to the supported release interval. If the SR OS version is outside the supported range, the client fails to connect and provides an error message.

MD-CLI navigation in NISH client

Navigating in the NISH client MD-CLI interface is similar to navigating in the MD-CLI interface directly attached to a node. The NISH MD-CLI provides a YANG model-aware tree structure generated by the SR OS. Users can navigate the tree structure using the tree, back, top, and exit commands, enter a branch by typing the branch name into the CLI, and enter a list by typing the list name and key.

See the 7450 ESS, 7750 SR, 7950 XRS, and VSR MD-CLI User Guide, for more information about navigating in MD-CLI.

NISH help and assistance

Context-sensitive help and auto-completion are supported within the NISH MD-CLI.

The Linux man pages provide usage assistance for NISH; see Accessing the Linux man pages for more information about how to access Linux man pages.

Linux direct access using NISH MD-CLI hybrid shell

Unlike operating directly in MD-CLI, the NISH MD-CLI provides a hybrid shell that allows users to execute Linux commands directly on the local workstation, without leaving the MD-CLI shell. This provides a flexible working environment for managing multiple nodes.

The following example shows output of a configure system setup, with execution of both Linux and MD-CLI commands.

(pr)[configure system]
A:admin@test1# ls -la
total 96
dr-xr-x---.  7 root root  4096 Jun 11 13:06 .
dr-xr-xr-x. 18 root root   261 Apr 15 13:21 ..
-rw-------.  1 root root  1860 Apr 15 12:00 anaconda-ks.cfg
-rw-------   1 root root 21113 Jun 11 13:06 .bash_history
-rw-r--r--.  1 root root    18 May 11  2019 .bash_logout
-rw-r--r--.  1 root root   176 May 11  2019 .bash_profile
-rw-r--r--   1 root root   290 May 11 18:24 .bashrc
drwx------   4 root root    32 May 22 12:30 .cache
drwx------   3 root root    18 Apr 15 15:44 .config
-rw-r--r--   1 root root     0 May 22 11:04 config
-rw-r--r--.  1 root root   100 May 11  2019 .cshrc
drwxr-xr-x   2 root root    25 May  6 17:23 .docker
-rw-r--r--   1 root root    62 May  6 13:06 .gitconfig
-rw-------   1 root root    97 Jun  1 14:58 .lesshst
lrwxrwxrwx   1 root root    23 Apr 15 13:28 misc_vol -> /media/gluster/misc_vol
-rw-------   1 root root     0 Jun  4 12:16 .python_history
-rw-r--r--   1 root root 30123 May  6 16:14 screenlog.0
drwx------   2 root root    57 May  6 13:26 .ssh
-rw-r--r--.  1 root root   129 May 11  2019 .tcshrc
-rw-------   1 root root   533 Apr 15 14:50 .viminfo

(pr)[configure system]
A:admin@test1# cat .bashrc
# .bashrc

# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc

fi

If a command exists in both the MD-CLI and the Linux shell, the MD-CLI command takes precedence. This is shown in the following output example, which uses the time command.

(pr)[configure system]
A:admin@test1# time echo ‟hello world”
                    ^^^^
MINOR: MGMT_CORE #2201: Unknown element - 'echo'
(pr)[configure system]
A:admin@test1# time 
(pr)[configure system time]
A:admin@test1# time echo ‟hello world” 
"hello world"
0.00user 0.00system 0:00.00elapsed 93%CPU (0avgtext+0avgdata 1944maxresident)k
0inputs+0outputs (0major+84minor)pagefaults 0swaps

(pr)[configure system time]
A:admin@test1#

SR OS node configuration using NISH MD-CLI

The NISH MD-CLI provides the ability to see and edit individual router configurations using the transactional configuration modes available in MD-CLI (private, exclusive, global, and read-only).

The following example shows this ability.

[]
A:admin@test1# edit-config private
INFO: CLI #2070: Entering private configuration mode
INFO: CLI #2061: Uncommitted changes are discarded on configuration mode exit

(pr)[]
A:admin@test1# configure system

(pr)[configure system]
A:admin@test1# name example

*(pr)[configure system]
A:admin@test1# compare
-   name "test1"
+   name "example"

*(pr)[configure system]
A:admin@test1# commit

(pr)[configure system]
A:admin@example#

Obtaining the SR OS node operational state using NISH MD-CLI

The NISH MD-CLI provides the ability to obtain the operational state of the SR OS node, using the info command within the state tree, as shown in the following example.

[]
A:admin@example# /state

[state]
A:admin@example# system

[state system]
A:admin@example# info | match oper-name
    oper-name "example"

NISH client installation

The NISH client is delivered as a set of RPM packages and is supported on the CentOS 7 Linux distribution.

The NISH RPMs are placed into a local directory on the target machine and installed using the YUM package manager built into CentOS 7.

Installation process

The NISH installation process performs the following activities:

installs the NISH client into /usr/bin/nish
installs the End User License Agreement (EULA) in /usr/share/licenses/nish/EULA
installs an example connections file in /etc/nish/connections
installs an example local schema file in /etc/nish/local-schema
installs the global NISH run commands (rc) file into /etc/nish/nishrc
installs the Linux man pages for the nish command

See Connections file, Local schema file, and NISH rc files, respectively, for more information about connections, local schema files, NISH rc files, and the features they support.

See Installing the NISH client for the procedure to install the NISH client.

Installing the NISH client

Before performing the installation, ensure that you have the following:

RPMs downloaded from the Nokia support portal
CentOS 7
Linux administrative user access rights

To install the NISH client, perform the following steps:

Put the NISH client RPM packages in a local directory on the target machine.

Use the YUM package manager built into CentOS 7 to install the NISH RPMs.

[root@server ~]# yum localinstall -y nish-23.3-R1.el7.x86_64.rpm 
# Last metadata expiration check: 2:33:56 ago on Sun 1 Jan 2023 11:42:12 CEST.
Dependencies resolved.
===================================================================================
Package     Architecture    Version       Repository            Size
===================================================================================
Installing:
 nish       x86_64          23.3-R1.el7   @commandline          1.4 M
Transaction Summary
===================================================================================
Install  2 Packages
Total size: 5.3 M
Installed size: 18 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :
1/1  Installing       : nish-23.3-R1.el7.x86_64
1/1  Running scriptlet: nish-23.3-R1.el7.x86_64
1/1  Verifying        : nish-23.3-R1.el7.x86_64
Complete!

NISH client operation modes

When installed on the Linux platform, the NISH client offers the following three modes of operation:

1:1 direct mode

In 1:1 direct mode, the NISH client connects directly to a single SR OS node and operates the MD-CLI from a local Linux workstation; see Using the NISH client in 1:1 direct mode.
1:n static mode

In 1:n static mode, the NISH client manages multiple SR OS nodes from a single MD-CLI shell, operates the MD-CLI from a local Linux workstation, and defines the SR nodes statically in a local configuration file; see Using the NISH client in 1:n static mode.
1:n manager mode

In 1:n manager mode, the NISH client manages multiple SR OS nodes from a single MD-CLI shell, operates the MD-CLI from a local Linux workstation, uses a Linux service to dynamically identify the SR OS nodes that are available, and automatically tracks additions and removals from the SR OS node clusters; see Using the NISH client in 1:n manager mode.

Note: The 1:n manager mode requires the installation of the NISH Manager service; see NISH manager.

NISH client operation modes shows the node configurations for the modes of operation supported by the NISH client.

Using the NISH client in 1:1 direct mode

In 1:1 direct mode, the NISH client connects directly to a single SR OS node and operates the MD-CLI from a local Linux workstation.

The following figure shows the communication for 1:1 direct mode.

Figure 2. Communication between the NISH client and the SR OS node

Review the following requirements before using the NISH client in 1:1 direct mode:

Ensure that you have permission to access the gRPC interface and the MD-CLI gRPC service of the target node.
The nish command can be issued from the command line, providing a username, hostname (or IP address), and port number of the target SR OS node. Alternatively, the hostname and the port number can be defined using environment variables or in a NISH rc file. In this case, the nish command can be entered without these arguments. See NISH rc files for more information about configuring rc files.

Note: The arguments defined in environment variables or in the NISH rc file must be supported in the current mode of operation. If arguments for another mode of operation are defined, the NISH client fails and returns an error.

To use the NISH client in 1:1 direct mode, perform the following steps:

Execute the nish command from the command line, providing a username, hostname (or IP address), and port number of the target SR OS node:
nish [OPTIONS] [-l user] [-p port-number] [user]@hostname

You can specify the user with the -l flag or --login-name option, together with the hostname in the format user@hostname, or in the $NISH_USER environment variable. If you do not specify a user with any of these options, the default $USER environment variable is used.

The port number defines the target node TCP port. If it is not set, the default port 57400 is used. To specify a non-default port number use the -p flag or --port option.

The hostname defines the target SR OS node. FQDN, hostname, IPv4 address, or IPv6 address formats are accepted. See Command options, for information about other command options.

The following is an example of nish command usage.
```
[root@server ~]# nish admin@test1
```
In this example:
- The name of the SR OS node user who has the required permissions is admin.
- The hostname of the node is test1.
- 57400 is the default port and does not need to be specified explicitly.
Note: If the user, target host, and target port are defined in environment variables or in a NISH rc file, and no other options are needed, the nish command can be used without these arguments.
Enter the password for the SR OS node when prompted.

Using the NISH client in 1:n static mode

Review the following requirements before using the NISH client in 1:n static mode:

A connections file is required. The connections file contains the details of the SR OS nodes that are available for direct connections. The connections file may list multiple SR OS nodes. For more information, see Connections file.

Note: The presence of a node in the connections file does not guarantee that the referenced node is online and available to receive NISH connections.
The referenced node must be configured correctly with gRPC, a user with gRPC access, and the gRPC MD-CLI service.
The correct TLS-enabled connectivity is recommended.

See the 7450 ESS, 7750 SR, 7950 XRS, and VSR documentation for more information.

To use the NISH client in 1:n static mode, perform the following steps:

Execute the nish command from the command line, providing the relative or absolute path to the connections file.
nish [OPTIONS] [-s local-schema-file] -c connection-file

You can specify the absolute or relative path to the connections file with the -c flag or --connection-file, in a NISH rc file or in an environment variable; see NISH rc files. In this case, the nish command can be entered without this argument. Arguments defined in the NISH rc file or using the environment variable must be supported in the current mode of operation. If an argument for another mode of operation is defined, the NISH client fails and returns an error.

Note: If the path to the connections file is missing or incorrect, the NISH application starts without available nodes. The output of the command shows that the connections file is missing.

The local schema file contains the details of the locally defined NISH MD-CLI schema; see Local schema file. For information about the other options, see Command options.

In the following example, the locally defined schema file is absent and the connections file is present in the same directory as the nish command.
```
[root@server ~]# nish -c connections-demo
```
When the path to the connections file is present and correct and no local schema file is defined, NISH starts with a minimal built-in MD-CLI schema. This schema defines a number of standard commands and some MD-CLI branches. The following output shows an example.
```
Starting nish application...
Reading local schema...
[==============================================================================]
[]
root@#
 connections           + Configuration of all devices.
 environment           + Enter the environment configuration context
 Global commands:
 back                  - Move back one or more levels
 delete                - Delete an element from the candidate datastore
 exec                  - Execute commands from a file
 exit                  - Return to the previous working context or to →
the operational root
 history               - Show the most recently entered commands
 logout                - Exit the CLI session
 pwc                   - Show the present working context
 top                   - Move to the top level of the context
 tree                  - Show the command tree under the present working context
```
Navigate to the connections branch to access the SR OS node (where each node is shown under the connection list) by entering the connection command followed by the name of the node.

When navigating to the SR OS node in the tree, NISH prompts for the username and password of an SR OS user with the appropriate access and permissions.
Enter your SR OS username and password with the appropriate access and permissions.
```
[connections]
root@# connection <tab>
 test1
 test2

[connections]
root@# connection test1
Login: admin
admin's password: password

Connecting to 172.16.123.1 port 57400
!!! Creating unsecure connection !!!

Reading MD-CLI service capabilities...
WARNING: Unknown capability
Reading MD-CLI service event context...
[==============================================================================]

Reading MD-CLI service schemas...
[==============================================================================]

[connections connection "test1"]
A:admin@test1#
```
The connection list name is a device label. The connection device label is a reserved label and displays all routers that can be managed by NISH, regardless of any more granular groupings. For more information about device labels, see Device labels.

Navigation to alternative SR OS nodes within the MD-CLI interface is supported using the usual navigation techniques. When entering a new node, NISH prompts for the user name and password for that node. The credentials for each node are cached during the established session between the NISH client and the SR OS node. See Authentication credentials for more information about credentials.

Use the usual MD-CLI navigation techniques to navigate to alternative SR OS nodes within the MD-CLI interface.

The following example shows a multinode navigation.

Starting nish application...
Reading local schema...
[==============================================================================]
[]
root@# connections connection ?

 test1
 test2

[]
root@# connections connection test1
Login: admin
admin's password: password
Connecting to 172.16.123.1 port 57400
!!! Creating unsecure connection !!!

Reading MD-CLI service capabilities...
Reading MD-CLI service event context...
[==============================================================================]
Reading MD-CLI service schemas...
[==============================================================================]

[connections connection "test1"]
A:admin@test1# back
[]
root@# connections connection test2

Login: admin
admin's password: password
Connecting to 172.16.123.2 port 57400
!!! Creating unsecure connection !!!

Reading MD-CLI service capabilities...
Reading MD-CLI service event context...
[==============================================================================]
Reading MD-CLI service schemas...
[==============================================================================]

[connections connection "test2"]
A:admin@test2# back

[]
root@# connections connection test1

[connections connection "test1"]
A:admin@test1#

Using the NISH client in 1:n manager mode

Review the following requirements before using the NISH client in 1:n manager mode:

A working NISH manager with known IP address and port number is required; see NISH manager.
If the NISH manager is on a different host from the NISH client, the firewall permissions between the NISH client and the NISH manager must be set correctly.

To use the NISH client in 1:n manager mode, perform the following steps:

Execute the nish command from the command line, providing the IP address and port number to which the NISH manager service is bound:
nish [OPTIONS] [-s local-schema-file] -maddress:port

You can specify the IP address and port number of the NISH manager with the --manager option or -m flag, in a NISH rc file or in an environment variable; see NISH rc files.
Note: If the IP address and port number of the NISH manager are defined in environment variables or in a NISH rc file, you can enter the nish command without these arguments. The arguments defined using environment variables or in the NISH rc file must be supported in the current mode of operation. If arguments for another mode of operation are defined, the NISH client fails and returns an error.

The local schema file contains the details of the locally defined NISH MD-CLI schema; see Local schema file. For information about the other options, see Command options.

In the following example, the local schema file is absent and the NISH manager service is bound to IP address 127.0.0.1 (the localhost) and port number 57400.
```
[root@server ~]# nish -m 127.0.0.1:57400
```
Navigate and operate in NISH manager mode using the same methods used in NISH static mode.

The navigation and operation of NISH in manager mode is the same as in static mode. The NISH client makes direct connections to the nodes and traverses into them within the NISH MD-CLI; see Using the NISH client in 1:n static mode.

When the NISH client starts in manager mode, it makes a gRPC connection to the NISH manager service and obtains the inventory of nodes. The NISH manager uses an ON_CHANGE gRPC streaming method to ensure the inventory of nodes is continually updated.

Command options

The Linux man pages provide an overview of the options and arguments for the nish command. The following table describes some of the options and flags that can be used when starting the NISH client.

Table 1. Options and flags for the nish command
Option or flag	Description	References
--credential-cache	Enables caching of SR OS node credentials in static or manager mode	See Authentication credentials
--ca-cert -t	Specifies TLS mode	See Configuring NISH security
--color NISH_COLORS	Specifies the color scheme for the NISH environment	See NISH rc files
--no-proxy	Disables system-defined proxy settings and ignores the http_proxy and https_proxy environment variables	—
--disable-auto-completion-authorization	Disables authorization checks for the auto-completion command ^¹	—

Authentication credentials

By default, the NISH client prompts for user credentials when connecting to each SR OS node. The user credentials are cached for the duration of the NISH client session with the node.

It is common in SR OS node cluster deployments for a user’s credentials to be the same over all devices. This is either because a centralized provisioning and management system configures the user manually on all devices, or because an external system such as TACACS or RADIUS manages the user.

The NISH client can streamline such environments by caching a single username and password combination and automatically authenticating against each node as the user navigates into them, without further prompting.

To enable this feature, start the NISH client with the --credential-cache option.

When the NISH client starts with this feature enabled, it prompts immediately for the username and password combination, and caches this information until it closes.

When the credentials are cached and a user connects to a specific node, the NISH client attempts to authenticate using the global cached password. If this password is incorrect, the user is prompted to re-enter the password. If the authentication is successful, the password is cached for the duration of the NISH client session for that node only. This process is repeated each time the user connects to another node.

Credential caching can also be enabled in the NISH rc file; see NISH rc file variables. If credential caching is enabled within the NISH rc file but is not needed for a specific session, you can disable it using the --no-credential-cache option.

Note: Both the NISH client static and manager modes support caching of credentials.

Device labels

Using device labels, an operator can group SR OS nodes within the NISH MD-CLI schema. A device label is a string value chosen by the operator to reference a group of SR OS nodes.

The connection device label is present by default and contains all SR OS nodes.

Groups are not predefined. The operator has the freedom to group nodes in the best way for the organization. The following are examples of SR OS node groupings:

In a BNG CUPS deployment, the operator groups the user plane nodes with the UPF device label and the control plane nodes with the CPF device label.
In a multi-platform deployment, the operator groups the SR OS nodes running on physical 7750 SR routers with the Physical device label and the VSR nodes with the Virtual device label.

Note: Device labels can only contain letters and integers. Special characters are not supported.

The operator defines the device labels in a local schema file. The NISH schema in the NISH MD-CLI uses the device labels in the local schema file to group SR OS nodes; see Local schema file.

In the NISH client static mode, the operator applies the device labels defined in the local schema file to the nodes in the connections file; see Connections file.

In the NISH client manager mode, the operator applies the device labels defined in the local schema file to the nodes, using the SR OS remote management feature. For more information about the configuration of remote management on an SR OS device, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide, section ‟gRPC MD-CLI”.

When the device labels are defined in the local schema file and applied to the SR OS nodes, the NISH MD-CLI shows the SR OS nodes in the branch that matches the device label, as shown in the following example:

test1 is configured with the device label UPF.
test2 is configured with the device label CPF.

[]
root@# connections <tab>
 connection  UPF  CPF
[]
root@# connections UPF <tab>
 <ip>
 test1
[]
root@# connections CPF <tab>
 <ip>
 test2
[]
root@# connections connection <tab>
 <ip>
 test1
 test2

Note: A device can have only one user-defined device label and has by default the system-defined connection device label.

If the operator applies to an SR OS node a device label that is not defined in the local schema file, the node appears only under the connection device label. Only device labels defined in the local schema file are visible in the NISH MD-CLI.

If the operator defines a device label in the local schema file and does not apply it to a node, the device label appears in the NISH MD-CLI without any member nodes.

Connections file

A NISH client operating in static mode uses a connections file. The connections file is a text file that contains the details of the SR OS nodes that are available within the NISH MD-CLI.

There are no requirements for the filename.

The following are required for the connection file:

The NISH client must have access to the file location.
The Linux user running the NISH client must have read permissions for the file.

The connections file defines a registration for each SR OS node. Each registration has the following fields:

id

The id field is the identifier string, which is usually the system name.
label

The label field may contain an optional device label, which can be used to add the node to a group; see Device labels for more information.
address

The address field consists of the IP address and port number to which the gRPC server on the SR OS node is bound. If a proxy server is used to facilitate IP address or port redirection, the IP address or port number of the proxy server can be entered.

The following example shows a connections file with one registration.

registration {
  id: "routername"
  label: "myLabel"
  address {
    address: "10.11.12.13"
    port: 57400
  }
}

Note: String fields are enclosed in quotation marks.

Multiple devices are added in serial order within a connections file. The following example shows a connections file with two registrations.

registration {
  id: "test1"
  label: "UPF"
  address {
    address: "172.16.123.1"
    port: 57400
  }
}
registration {
  id: "test2"
  label: "CPF"
  address {
    address: "172.16.123.2"
    port: 57400
  }
}

After installation, there is an example connections file in /etc/nish/connections. The connections file can be edited at any time. The NISH client periodically reads the connections file and updates the list of nodes.

Note: If the connections file is updated while using the NISH client, the operator should disable auto-save.

Local schema file

When the NISH client starts, it provides an initial MD-CLI tree to the user. This MD-CLI environment is based on a local MD-CLI schema definition. The NISH client provides a default built-in local schema. To enable user extensibility in the MD-CLI environment, the operator can create a locally defined MD-CLI schema file.

The local schema file is a text file that contains the details of the locally defined NISH MD-CLI schema extensibility definitions. It can be used in static and manager mode. There are no requirements for the filename.

The following are the requirements for the local schema file:

The NISH client requires access to the file location.
The Linux user running the NISH client requires read permissions for the file.

Note: It is not mandatory for the local schema to be the same for all users of the NISH client in static or manager modes. This allows administrators and users to define customized MD-CLI schemas for their own purposes.

To use a local schema file, start the NISH client with the --local-schema-file option or --s flag followed by the relative or absolute path to the local schema file, or define the path to the local schema file in an environment variable or a NISH rc file. See NISH rc files.

The local schema file defines a structure called a schema that contains one or more schema branches that can be linked hierarchically. The schema branches are either local or remote:

local schema

Local schemas define branches in the NISH MD-CLI tree that operate locally on the Linux host; these are currently not supported.
remote schema

Remote schemas define branches in the NISH MD-CLI tree that connect to SR OS nodes.

The schema names create hierarchical structures within the MD-CLI and define device labels. The connection and all device labels are reserved and cannot be used; see Device labels.

The following example shows a local schema file with a branch containing two remote schemas. The devices schema defines the devices branch within the NISH MD-CLI. The sub-schemas UPF and CPF are remote schemas under the devices branch.

schemas {
  schema {
    name: "devices"
    shortDescription: "Configuration of all devices"
    schema {
      name: "UPF"
      shortDescription: "User plane devices"
      schemaType: remote
    }
    schema {
      name: "CPF"
      shortDescription: "control plane function devices"
      schemaType: remote
    }
  }
}

Note: If reserved device labels are used in the local schema file, the NISH client exits with an error, as shown in the following example.

ERROR: Specified local-schema-file contains reserved schema name 'connection'

After the initial installation, there is an example local schema file in /etc/nish/local-schema.

NISH rc files

NISH provides the ability to place commonly used attributes into one or more run command (rc) files. A NISH rc file defines variables used when starting the NISH client on the command line. When a NISH rc file is present, the user does not need to enter the defined variables manually on the command line.

After the NISH client installation, there is an example NISH rc file in /etc/nish/nishrc.

A NISH rc file can be located in the file system as follows:

The file can be present in /etc/nish/nishrc where it has global significance. All user instances of the NISH client use the global file.
The file can be present in ~/.nishrc where it has local user significance (the tilde symbol (~) is equivalent to the user’s home directory, or could also be referenced as $HOME/.nishrc). The specific user instance of the NISH client uses the local file. The local file takes precedence over the global file.

A user can also set the variables supported in the NISH rc file as Linux environment variables. The user-defined environment variables take precedence over the local and central NISH rc file.

User-specific command line arguments take precedence over all variables defined in the global file, the local file, or in user-defined environment variables.

NISH rc file variables describes the supported variables in a NISH rc file.

Table 2. NISH rc file variables
Variable	Description	Notes
NISH_COLORS	Specifies the color scheme for the NISH environment, using the same syntax rules as the grep command	Options: mo - mode co - context uc - uncommitted changes cs - card slot un - username at - at (@) sn - system name pc - prompt character er - error message if - info message wa - warning message nt - normal text
NISH_CONNECTIONS_FILE	Defines the path to the connections file	See Connections file
NISH_CREDENTIAL_CACHE	Enables the credential cache	Boolean See Authentication credentials
NISH_HOST	Defines the address of the target node	—
NISH_LOCAL_SCHEMA_FILE	Defines the path to the local schema file	See Local schema file
NISH_MANAGER	Defines the IP address and port number of the NISH manager service in the format IP:PORT	See Using the NISH client in 1:n manager mode
NISH_PORT	Defines the port of the target node	—
NISH_SERVER_CACHE_PATH	Defines the location of the cached downloaded device schemas	—
NISH_USER	Defines the username that used to connect with the target node	—

Multinode operations

The NISH client provides the ability to manage multiple nodes from a single MD-CLI shell.

When operating in 1:n manager or 1:n static mode, the NISH client generates a pseudo-node named ‟all” within the connection device-label (/connections connection ‟all” in the MD-CLI path). The operator can navigate to this pseudo-node in the same way as to a single node within the NISH client. The pseudo-node addresses supported commands to all nodes that the NISH client knows about.

In 1:n manager or 1:n static mode, the NISH client also generates a pseudo-node named ‟all” in each device-label context it is aware of. By navigating into the pseudo-node within a specific device-label, the supported commands are addressed to all the nodes with that specific device-label that the NISH client knows about.

Multinode configuration modes

The exclusive candidate configuration mode is the only supported candidate configuration mode for NISH client multinode operation.

To access the exclusive candidate configuration mode, use the explicit edit-config exclusive command or the implicit configure exclusive command.

When the operator tries to access the exclusive candidate configuration mode within a multinode context, the NISH client attempts the following actions:

connects to each SR OS node prompting for authentication credentials, if required
obtains an exclusive lock on all the nodes

A warning is displayed for every node for which the NISH client cannot obtain an exclusive lock. The operator can optionally continue the configuration activities with the remaining nodes or exit from configuration mode.

A list of the nodes for which the NISH client has successfully obtained an exclusive candidate configuration lock is stored in memory, and the MD-CLI configuration commands are executed against this set of nodes.

Note: The list of nodes is created to ensure that operators have full knowledge of the set of nodes they are addressing with the configuration changes.

Any node that is added, removed, renamed, or re-labeled using the NISH connections file or from the NISH manager while the exclusive lock remains in force, is ignored until the operator returns to the operational mode.

When the operator is presented with the exclusive configuration mode, the prompt changes. When the operator leaves the exclusive configuration mode, all candidate configurations on all nodes are discarded.

Multinode info operation

The NISH client can perform the info operation on multiple SR OS nodes that share a specific device-label grouping.

If the output is identical on all the SR OS nodes in the device-label group, the info operation displays a single copy of the output.

If any of the output differs, the NISH client displays the SR OS node output with a banner separating the output of each node.

Multinode combined schemas

The NISH client can execute many SR OS operations on multiple SR OS nodes that share a specific device-label group.

The NISH client obtains details of the MD-CLI schema from each node in the device-label group and builds a combined schema. The generated combined schema includes all the fields that are common between the SR OS devices, along with the most restrictive set of validation rules. The NISH client then uses this combined schema for functions such as configuration, info, and compare, that are performed for the device-label group.

Note: The NISH client supports device-label groups that consist of SR OS nodes with different platform types and software versions. The more diverse these factors are, the smaller the supported combined schema.

Multinode compare operation

The NISH client can perform a compare operation on multiple SR OS nodes that share a specific device-label group. The multinode compare operation uses the combined schema; see Multinode combined schemas for more information.

If the output is identical on all the SR OS nodes in the device-label group, the compare operation displays a single copy of the output. If any of the node outputs differ, they are displayed separately with a banner between the output of each node.

Multinode interactive configuration

The NISH client can interactively configure multiple SR OS nodes that share a specific device-label group. Interactive configuration of multiple SR OS nodes uses the combined schema. This means that only configuration options that can be applied to all nodes in the group are available to the operator. Context-sensitive help and auto-completion are supported using the combined schema. See Multinode combined schemas for more information.

When you configure multinode interactive mode, the NISH client immediately places entries into the exclusively locked candidate configuration of every SR OS node in the group. Exiting the interactive configuration mode of a device-label group releases the exclusive lock on all devices that are part of the group. In-progress configuration changes that are stored in the candidate configuration but not committed are lost.

Only one device-label group at a time can hold the configuration lock. If the operator attempts to obtain a configuration lock from another device-label group, the system issues a prompt to release the previous lock. When the system releases the lock, all uncommitted configuration changes are discarded.

Configuration load operation

The NISH client provides the ability to provision a template-based configuration on multiple SR OS nodes with a specific device-label grouping. This operation is completed using the MD-CLI load command.

When using the load command within NISH for multinode configuration, the merge and full-replace options are supported. The referenced configuration file supplied to the load command must be accessible from each individual SR OS node within the addressed set of nodes, unless it is prefixed with the URL prefix nish://. When nish:// is used, the relative or absolute path or filename that follows nish:// is treated as local to the NISH client.

Note: The MD-CLI load command is the only supported method for multinode configuration from the NISH client.

The load command within a multi-device context (MDC) is atomic, that is, it succeeds on all addressed SR OS nodes or no SR OS nodes.

See the 7450 ESS, 7750 SR, 7950 XRS, and VSR MD-CLI Command Reference Guide for more information about the load command.

The following table describes examples of the supported file URL options that can be used to reference the configuration template file when using the load merge and load full-replace commands for multinode configuration from the NISH client. In the examples, a configuration file called myconfig.cfg is referenced.

Table 3. File URL reference options for NISH client load merge and replace
Command with file URL reference	Description
load merge cf3:/myconfig.cfg	The myconfig.cfg file containing the configuration changes must be accessible in the root directory of cf3:, on each node in the set of addressed nodes.
load merge ftp://`user`:`password`@100.0.0.1/myconfig.cfg	Each node in the set of addressed nodes must be able to successfully connect to the FTP server at 100.0.0.1 and authenticate using the user and password credentials.
load merge nish://myconfig.cfg	Each node in the set of addressed nodes is configured by merging the file myconfig.cfg located in the current working directory of the host operating system on which the NISH client is running.
load merge nish:///`home`/`username`/myconfig.cfg	Each node in the set of addressed nodes is configured by merging the myconfig.cfg file located in the home directory of the user on the host operating system on which the NISH client is running.

Multinode rollback operation

The NISH client supports rollback of configuration changes on multiple nodes at the same time, using the rollback command. Issuing the rollback command from a multinode context in the NISH client causes every node in the group to attempt to roll back to the specified checkpoint. If all the nodes successfully roll back to the specified checkpoint, the operation completes successfully. If any node in the group cannot roll back, the command fails and none of the nodes roll back.

Multinode commit operation

Committing configuration changes in a multinode environment from the NISH client is an atomic operation. This means that at the end of a commit operation for a specified set of nodes, every node successfully commits the configuration or all the nodes return to their configuration state before the commit.

To commit a configuration change in a multinode group, every node in the group must have automatic saving of configuration changes enabled in the MD-CLI. This is enabled by configuring the auto-config-save command in the configure system management-interface cli md-cli context on each device and committing this configuration change. The multinode commit process driven from the NISH client uses standard MD-CLI features to achieve the atomic commit. The two phases in the multinode commit operation are as follows:

conditional commit and validation phase (commit confirmed command)
confirmation phase (commit confirmed accept command)

At each stage, the nodes are processed in turn to ensure they are all in the expected state before the next stage.

Device name conflict resolution

The NISH client can manage multiple different devices that have the same device name. This may occur in the following situations:

Multiple devices have the same configured system-name within the SR OS configuration.
Multiple devices have the same device-name configured within the remote-management context.
An SR OS device is reached through different proxies on different TCP ports.

If a device-name conflict exists when the NISH client is managing multiple devices, the device is presented to the operator in the MD-CLI in the following format.

device-name-ip-address-tcp-port

For example, two devices both named ‟mydevice” with different IP addresses appear as follows.

mydevice-172.16.100.3-57400 
mydevice-172.16.200.5-57400

Note: Any device with the device name or system name ‟all” is always presented in the format device-name-ip-address-tcp-port.

Troubleshooting NISH client issues

When providing troubleshooting assistance, the Nokia support organization may request further information to diagnose issues that occur with the NISH client. This information is contained in a technical support (tech-support) file that the operator can generate and send to the Nokia technical support team.

To generate a tech-support file for NISH client issues, use the nish admin tech-support filename command.

The mandatory filename attribute describes the relative or absolute path to a file on the local file system where the NISH client is running. The resulting encrypted file contains troubleshooting information about the NISH client. It does not provide information about the routers to which the operator is connected.