Cli Tools and Management Tool Scripts

LTE
Radio Access, Rel. LTE
17A, Operating
Documentation, Issue 03
Command Line Interface Tools
and Management Scripts in
LTE OMS
DN0962949
Issue 12
Approval Date 2017-07-24

Command Line Interface Tools and Management Scripts in LTE OMS
The information in this document applies solely to the hardware/software product (“Product”) specified
herein, and only as specified herein. Reference to “Nokia” later in this document shall mean the respective
company within Nokia Group of Companies with whom you have entered into the Agreement (as defined
below).
This document is intended for use by Nokia's customers (“You”) only, and it may not be used except for the
purposes defined in the agreement between You and Nokia (“Agreement”) under which this document is
distributed. No part of this document may be used, copied, reproduced, modified or transmitted in any form
or means without the prior written permission of Nokia. If You have not entered into an Agreement
applicable to the Product, or if that Agreement has expired or has been terminated, You may not use this
document in any manner and You are obliged to return it to Nokia and destroy or delete any copies thereof.
The document has been prepared to be used by professional and properly trained personnel, and You
assume full responsibility when using it. Nokia welcomes your comments as part of the process of
continuous development and improvement of the documentation.
This document and its contents are provided as a convenience to You. Any information or statements
concerning the suitability, capacity, fitness for purpose or performance of the Product are given solely on
an “as is” and “as available” basis in this document, and Nokia reserves the right to change any such
information and statements without notice. Nokia has made all reasonable efforts to ensure that the
content of this document is adequate and free of material errors and omissions, and Nokia will correct
errors that You identify in this document. Nokia's total liability for any errors in the document is strictly
limited to the correction of such error(s). Nokia does not warrant that the use of the software in the Product
will be uninterrupted or error-free.
NO WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
ANY WARRANTY OF AVAILABILITY, ACCURACY, RELIABILITY, TITLE, NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, IS MADE IN RELATION TO THE
CONTENT OF THIS DOCUMENT. IN NO EVENT WILL NOKIA BE LIABLE FOR ANY DAMAGES,
INCLUDING BUT NOT LIMITED TO SPECIAL, DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL
OR ANY LOSSES, SUCH AS BUT NOT LIMITED TO LOSS OF PROFIT, REVENUE, BUSINESS
INTERRUPTION, BUSINESS OPPORTUNITY OR DATA THAT MAY ARISE FROM THE USE OF THIS
DOCUMENT OR THE INFORMATION IN IT, EVEN IN THE CASE OF ERRORS IN OR OMISSIONS
FROM THIS DOCUMENT OR ITS CONTENT.
This document is Nokia proprietary and confidential information, which may not be distributed or disclosed
to any third parties without the prior written consent of Nokia.
Nokia is a registered trademark of Nokia Corporation. Other product names mentioned in this document
may be trademarks of their respective owners.
Copyright © 2018 Nokia. All rights reserved.
f Important Notice on Product Safety
This product may present safety risks due to laser, electricity, heat, and other sources of danger.
Only trained and qualified personnel may install, operate, maintain or otherwise handle this
product and only after having carefully read the safety information applicable to this product.
The safety information is provided in the Safety Information section in the “Legal, Safety and
Environmental Information” part of this document or documentation set.
Nokia is continually striving to reduce the adverse environmental effects of its products and services. We
would like to encourage you as our customers and users to join us in working towards a cleaner, safer
environment. Please recycle product packaging and follow the recommendations for power use and proper
disposal of our products and their components.
If you should have questions regarding our Environmental Policy or any of the environmental services we
offer, please contact us at Nokia for any additional information.
2 © 2018 Nokia DN0962949 Issue: 12
Table of Contents
This document has 112 pages

Summary of changes..................................................................... 7

1 Introduction.................................................................................... 8

2 Software management................................................................... 9
2.1 fstestcli........................................................................................... 9
2.2 omsbr_backup..............................................................................10
2.3 omsbr_restore.............................................................................. 11
2.4 omsswm_activate.........................................................................12
2.5 omsswm_helper........................................................................... 13
2.6 omsswm_install............................................................................ 13
2.7 omsswm_major for baremetal OMS.............................................14
2.8 omsswm_major for virtual OMS................................................... 16
2.9 omsswm_minor............................................................................ 17
2.10 screen.......................................................................................... 17
2.11 zsplitbackup.sh.............................................................................20
2.12 vomsswm_helper.py.....................................................................21

3 Configuration management..........................................................23
3.1 fsbios............................................................................................23
3.2 fsdistribute....................................................................................24
3.3 fshascli......................................................................................... 24
3.4 ns_listall....................................................................................... 28
3.5 zaddldif.........................................................................................29
3.6 zchangecluster-id ........................................................................ 30
3.7 zchangetimezone......................................................................... 30
3.8 zldap.............................................................................................32
3.9 zmodldif........................................................................................32
3.10 zomscli......................................................................................... 32
3.11 zpr................................................................................................ 33
3.12 zrg................................................................................................ 33
3.13 zru................................................................................................ 34
3.14 zsetti............................................................................................. 34
3.15 ztopocli......................................................................................... 34
3.16 zupt.............................................................................................. 36

4 Network management.................................................................. 37
4.1 fsgetaddress.................................................................................37
4.2 fsipaddress...................................................................................37
4.3 fsipbond........................................................................................39
4.4 fsipinternalnet...............................................................................41
4.5 fsipmgmtnet..................................................................................43
4.6 fsipnet...........................................................................................44
DN0962949 Issue: 12 © 2018 Nokia 3
4.7 fsipreconfigure..............................................................................50
4.8 fsiproute....................................................................................... 51
4.9 fsiprule..........................................................................................53
4.10 fsipsocket..................................................................................... 54
4.11 fsipvlan......................................................................................... 55
4.12 gbip.............................................................................................. 57
4.13 oms_reinstall_topology_db.sh......................................................58
4.14 zmodifyNetworkSettings...............................................................59
4.15 zModifyOMSDomain.sh............................................................... 61
4.16 zmodifyomseth............................................................................. 61
4.17 zmodifyOMSHTTPandFTPPorts.................................................. 62
4.18 zmodifyOMSSettings....................................................................62
4.19 zship.............................................................................................64

5 Security management.................................................................. 65
5.1 create-cracklib-dict....................................................................... 65
5.2 fsfirewall....................................................................................... 65
5.3 ipmop........................................................................................... 67
5.4 omscertificate............................................................................... 68
5.4.1 cmp-init-sequence........................................................................69
5.4.2 install-ee-cert................................................................................70
5.4.3 install-ca-cert................................................................................ 70
5.4.4 install-ca-certs.............................................................................. 71
5.4.5 delete-ca-cert............................................................................... 71
5.4.6 configure-cmp-client.....................................................................71
5.4.7 configure-ca-cr............................................................................. 72
5.4.8 import-pkcs12...............................................................................73
5.4.9 show-cmp-config.......................................................................... 73
5.4.10 show-ca-cr-config.........................................................................73
5.4.11 show-ee-cert................................................................................ 74
5.4.12 show-ca-cert.................................................................................74
5.4.13 cmp-key-update........................................................................... 74
5.4.14 configure-crl-client........................................................................74
5.4.15 install-crl....................................................................................... 75
5.4.16 update-crl..................................................................................... 76
5.4.17 show-crl........................................................................................ 76
5.4.18 show-crl-status............................................................................. 76
5.4.19 delete-crl...................................................................................... 76
5.4.20 add-crl-url..................................................................................... 77
5.4.21 delete-crl-url................................................................................. 77
5.4.22 create-csr-request........................................................................ 78
5.4.23 show-cmp-insta-bug-prevention...................................................79
5.4.24 set-cmp-insta-bug-prevention...................................................... 80
5.5 fsciphercli..................................................................................... 81

6 User management........................................................................83
4 © 2018 Nokia DN0962949 Issue: 12
6.1 fsacclock...................................................................................... 83
6.2 fscontrolRUIM.............................................................................. 84
6.3 fsdumpgroups.............................................................................. 85
6.4 fsdumpperm................................................................................. 85
6.5 fsdumpusers.................................................................................86
6.6 fsgetcred...................................................................................... 86
6.7 fsgpasswd.................................................................................... 86
6.8 fsgroupadd................................................................................... 87
6.9 fsgroupdel.................................................................................... 87
6.10 fsgroupperm................................................................................. 88
6.11 fsmkpasswd................................................................................. 88
6.12 fsperm2sudo.sh............................................................................89
6.13 fspermadd.................................................................................... 89
6.14 fspermdel..................................................................................... 90
6.15 fsruimrepcli................................................................................... 91
6.16 fssetcred.......................................................................................93
6.17 fsuidsetter.....................................................................................95
6.18 fsuseradd..................................................................................... 95
6.19 fsuserdel.......................................................................................97
6.20 fsusermod.................................................................................... 98
6.21 omsftppasswordscript.sh..............................................................99

7 Fault management..................................................................... 101
7.1 create_anew_AlarmDB.sh......................................................... 101
7.2 fsalarm....................................................................................... 102
7.3 zaho........................................................................................... 102
7.4 zahp........................................................................................... 103

8 Troubleshooting..........................................................................106
8.1 fsauditcli..................................................................................... 106
8.2 fsremotesyslog........................................................................... 108
8.3 zcollectlogs.................................................................................109
8.4 zcollectNElogs............................................................................109
8.5 znwi3logging...............................................................................110
8.6 ztracecli...................................................................................... 110

9 System health and status........................................................... 112
9.1 cluster_uptime............................................................................ 112
9.2 zstatus........................................................................................ 112
DN0962949 Issue: 12 © 2018 Nokia 5
List of Tables
Table 1 Time zone regions.............................................................................. 30
6 © 2018 Nokia DN0962949 Issue: 12

Command Line Interface Tools and Management Summary of changes
Scripts in LTE OMS
Summary of changes
Changes between document issues are cumulative. Therefore, the latest document
issue contains all changes made to previous issues.
Changes between issues 11A (2017-06-07, FDD-LTE 17 SP) and 12 (2017-07-24, LTE
17A)
Configuration management
• The examples in ztopocli have been updated.
Changes between issues 11 (2017-03-07, FDD-LTE 17) and 11A (2017-06-07, FDD-
LTE 17 SP)
Software management
• A note has been added in these sections: omsbr_backup, omsbr_restore, and
zsplitbackup.sh.
• The sections vomsswm_helper.py and omsswm_major for virtual OMS have been
added.
Security management
• Updated the fsfirewall section.
User management
• Updated the fsacclock section.
Changes between issues 10 (2016-06-06, FDD-LTE 16A) and 11 (2017-03-07, FDD-
LTE 17)
Security management
• Added the following command options in fsfirewall section:
– fsfirewall help
– fsfirewall open-port
– fsfirewall close-port
– fsfirewall open-protocol
– fsfirewall close-protocol
– fsfirewall limit-peer
– fsfirewall permit-peer
– fsfirewall rate-limitation
DN0962949 Issue: 12 © 2018 Nokia 7

Introduction Command Line Interface Tools and Management
Scripts in LTE OMS
1 Introduction
Certain features of LTE OMS can be managed with command line interface (CLI) tools.
The CLI tools can be used for configuring, commissioning, and maintaining the OMS
software as well as managing user and user group data in the LTE OMS internal LDAP.
The command syntax of the CLI tools is as follows:
command [option ...] <operand ...>
[option ...] represents one or more optional arguments for the command.
<operand ...> represents one or more mandatory arguments for the command.
Note that the LTE OMS CLI tools should be used only by experienced users with
knowledge of the Linux operating system.
LTE OMS additions to Linux shell interface
The CLI tools for managing the LTE OMS system are implemented as additions to the
Linux shell interface and they can be used as the usual Linux shell commands.
There are CLI tools for the following purposes:
• configuring and controlling high availability services (HAS)
• managing hardware data
• configuring and managing IP services and IPSec
• managing software deliveries and sets
• managing data in the internal LDAP directory
• controlling Common Object Request Broker Architecture (CORBA) security
• controlling Centralized User Authentication and Authorization (CUAA)
• managing user accounts, user groups and permissions
For more information about the tools, see the man or help page for each tool in the
system.
8 © 2018 Nokia DN0962949 Issue: 12

Command Line Interface Tools and Management Software management
Scripts in LTE OMS
2 Software management
Related CLI commands use in OMS software management
2.1 fstestcli
The fstestcli command enables automated execution of FASBV-compatible
(Framework for Automated SW Build Verification) test cases stored in the target system,
to verify the functionality of the currently active features in the target system.
The OMS reboots after executing the fstestcli command command.
Test cases are executed by default when option for listing has not been given.
Synopsis:
fstestcli [--list=<all|level|feature|descr|timeout>] [--
include_ss=<subsystem>,...] [--exclude_ss=<subsystem>,...] [--
include_ss_file=<filename>] [--exclude_ss_file=<file>] [--
intrusive|--non-intrusive] [[--asbv|--diag|--stab|--sst]...]
[--feature=<feature name>] [--descr=<text>] [--
level=<basic|advanced>] [--force] [--test-case=<name>,...]
[subsystem_list...] [--log-file=<filename>] [-h|--help]
Options:
--intrusive - Enable filter which includes all the intrusive FASBV-compatible test
cases found in the target system under the <SS home
directory>/test/{ASBV,DIAG,SST,STAB}/I in operation.
--non-intrusive - Enable filter which includes all the non-intrusive FASBV
-compatible test cases found in the target system under <SS home
directory>/test/{ASBV,DIAG,SST,STAB} in operation.
--list=<all|level|feature|descr|timeout> - List all the FASBV-compatible
test cases found from the target system. This option can be combined with other options
to filter out specific test cases. The path to the test case is listed by default. More
detailed information can be outputted by giving a qualifier. The qualifiers all, level,
feature, descr, and timeout are valid and can be combined in a comma-delimited
list. The qualifiers list either all or named metadata for the target test case(s). If the
qualifier all is given, all other qualifiers are ignored and all metadata is printed out
without any duplicate info.
--force - Continue execution of the FASBV-compatible test cases even if some test
case returns a non-zero return value.
subsystem ... - Specify a space delimited list of subsystems from where FASBV
-compatible test cases are to be executed.
--test-case=<path,...> - Execute only specific test case. A full path to the given
test case must be provided.
--logfile=<name> - Specify a logfile where the results should be stored into.
DN0962949 Issue: 12 © 2018 Nokia 9

Software management Command Line Interface Tools and Management
Scripts in LTE OMS
--feature=<name> - Filter for feature with values given in comma delimited list.
--descr=<text> - Filter for for matching tests with certain description.
--level=<basic|advanced> - Filter for level of the test case.
--asbv - Filter for Automated SW Build Verification tests.
--diag - Filter for Diagnostics tests.
--stab - Filter for Stability tests.
--sst - Filter for Service Specific tests.
--include_ss=<name> - Specify a comma- delimited of subsystems taking part in
operation.
--exclude_ss=<name> - Specify a comma-delimited list of subsystems which are
excluded from the operation.
--include_ss_file=<file> - Specify a file containing subsystems included in
operation on consecutive lines.
--exclude_ss_file=<file> - Specify a file containing subsystems excluded from
operation on consecutive lines.
--help, -h - Print help.
Examples:
• Execute all FASBV-compatible (intrusive and non-intrusive) test cases found from the
target system.
fstestcli
• Execute all FASBV-compatible non-intrusive test cases and continue even if some
test case fails.
fstescli --non-intrusive --force
• Execute a single specific FASBV-compatible test case.
fstestcli --test-case
/opt/Nokia_BP/SS_XYX/test/ASBV/test_XYX.sh
• Execute all FASBV-compatible non-intrusive test cases under sub-system XYX.
fstestcli --non-intrusive SS_XYX
2.2 omsbr_backup
The omsbr_backup command provides backup operations using Flexi scripts. It is
possible to run three different backup modes: full, partial, and custom backup.
g Note: The omsbr_backup command is only valid for standalone OMS. For virtual
OMS, the backup and restore operations are performed by using the
vomsswm_helper.py script.
Synopsis:
omsbr_backup [options]
omsbr_backup -h
10 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
omsbr_backup -f [-a <filename>]

omsbr_backup -p [-a <filename>]
omsbr_backup -c [-d [<database name>]] [ -l ] [ -S | -s ] [ -
r ] [ -P ] [-F ] [-a <filename>]
Options:
-f|--full - Make a full backup - entire system image backup.
-p|--partial - Make a partial backup (equivalent to: -c -d -l -s -r).
-c|--custom - Make a custom backup.
-d|--database [<database name>] - Make a database backup. If a database
name is given, only that database is copied, otherwise all databases are copied.
-l|--ldap - Make a backup content of the master LDAP database.
-S|--sysimg - Make a system image backup. This parameter cannot be combined
with -s.
-s|--sysconf - Make the configuration files and variable data on the system image.
This parameter cannot be combined with -S.
-r|--restoretools - Make a restoration tools backup.
-P|--homedir - Make a content of home directories backup.
-F|--appfilesystem - Make an Application File System backup.
-v <on|off> | --verbose <on|off> - Show what is being done (default: on).
-a|--archive <filename> - Specify output (backup archive) file name.
--force - Overwrite an already existing backup file (for example, omsbr_backup -p
-a test --force).
-h|--help - Print help.
2.3 omsbr_restore
The omsbr_restore command provides restore operations. It is possible to run two
different restore modes: partial and custom restore.
g Note: The omsbr_restore command is only valid for standalone OMS. For virtual
Synopsis:
omsbr_restore [options]
omsbr_restore <file name>
omsbr_restore { -h }
omsbr_restore -p <file name>
DN0962949 Issue: 12 © 2018 Nokia 11

Scripts in LTE OMS
omsbr_restore -c [ -d [<database name>]] [ -l ] [ -s [<file or

directory>]] [ -P ] [ -F ] <file name>
Options:
-p|--partial - Make a partial restore.
-c|--custom - Make a custom restore.
-d|--database [<database name>] - Make a database restore.
-l|--ldap - Make an LDAP restore.
-s|--sysconf [<file or directory>] - Make a sysconf restore.
-P|--homedir - Make a home directory restore.
-F|--appfilesystem - Make an Application file system restore.
-v <on|off> | --verbose <on|off> - Show current operation (default is on).
2.4 omsswm_activate
The omsswm_activate command copies Postactivation Scripts to Execution Directory
and activates desired Software Set. Software Set was created by omsswm_install
and is in passive state.
Synopsis:
omsswm_activate [options] PATH
Options:
PATH - It is a path to the targetBD file.
-g|--get-info - Get current software configuration.
-l|--validate - Check input requirements.
-c|--copy - Copy Postactivation Scripts to Execution Directory.
-a|--activate - Activate requested Software Set.
-s|--single - Activate Software Set on single hard disk (do not check for locked
disks).
-H|--handsfree - Execute script without user interaction. It can be used only with the
-f (--full) parameter.
-v <on|off> | --verbose <on|off> - Show what is being done (by default:
on).
12 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
2.5 omsswm_helper
The omsswm_helper command returns information about the Software Sets and the
Staging Area.
Synopsis:
omsswm_helper option [TARGETBD|SWSET|DELIVERY]
Options:
-s|--sa-current - Get current delivery correction level in Staging Area.
-b|--sa-base - Get base delivery.
-a|--sa-all - Get all installed deliveries (base delivery name and correction names).
-m|--sa-rpm DELIVERY - Get names of RPM packages provided with specified
delivery DELIVERY.
-v|--sa-remove PACKAGE - Remove package/correction from staging area. For
example, assuming that six corrections are installed, the command omsswm_helper
--sa-remove R_GOMS6_1.115.1.0.corr4 removes correction 4, 5, and 6, while
the command omsswm_helper --sa-remove R_GOMS6_1.115.1.0.corr6
removes only correction 6 .
-l|--set-list - Get list of installed software sets.
-c|--set-current - Get active software set.
-p|--set-passive - Get list of passive software sets.
-r|--set-remove SWSET - Remove specified software set (SWSET)
-t|--set-time SWSET - Get software set (SWSET) creation time.
-d|--set-desired|--sa-desired TARGETBD - Parse targetBD xml file
(TARGETBD) to get requested correction level.
-e|--major-state - Check whether major upgrade is already being performed and
displays detailed status of ongoing postconfiguration and basic checking in the new
release.
-f|--check-postact - Check software set postactivation status.
--commissioned - Get OMS commissioned delivery correction level.
--single - Remove set on single hard disk (do not check for locked disks).
-h - Print help.
2.6 omsswm_install
The omsswm_install command installs/uninstalls Minor Upgrade Software
Packages.
DN0962949 Issue: 12 © 2018 Nokia 13

Scripts in LTE OMS
Synopsis:
omsswm_install [options] PATH
Options:
PATH - It is a path to the targetBD file; directory with targetBD file contains all archives
needed during installation of Minor Upgrade Software Package TAR archives.
-f|--full - Install the software set specified in targetBD (PATH) performing all
necessary operations (listed below)
-g|--get-info - Get current software configuration.
-p|--get-packages - Get Minor Upgrade Software Packages needed during
installation
-l|--validate - Check input requirements.
-s|--disk-space - Check disk space, remove oldest passive software sets if
needed.
-e|--extract - Extract Minor Upgrade Software Package TAR archives.
-i|--install - Install Software Set.
-u|--ldap-upgrade - Upgrade LDAP database.
-r|--rm-passive - Check and, if needed, remove oldest passive software sets.
-d|--disable-notifications - Disable notifying NetAct after making set.
-n|--set-number <nr> - Override the maximum number of SW Sets defined in
LDAP (<nr> is a new software set limit)
-f (--full) parameter.
-v <on|off> | --verbose <on|off> - Show what is being done (by default: on)
2.7 omsswm_major for baremetal OMS
The omsswm_major command executes the OMS major software upgrade procedure.
It is mandatory to use the omsswm_major script provided within the Major Software
Upgrade package before the OMS cutover phase (before the OMS restarts
automatically) instead of the script available from the base build. The following modes
can be executed only from the MSU package:
• --check
• --separate
• --install
• --convert
• --activate
• --msu_installation
14 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
• --conversion_activation
• --full
Synopsis:
omsswm_major <targetBD file>
omsswm_major [modes] [execution switches] <targetBD file>
omsswm_major [standalone switches]
Options:
targetBD file - Specify name of the xml targetBD file. It is an obligatory parameter
in modes below except separate mode.
Modes:
--check - Perform preparation step (targetBD xml checking, md5s checking,
conversion scripts checking, and so on).
--separate - Lock disk.
--install - Install disk image.
--convert - Run conversion scripts.
--activate - Perform system cutover.
--msu_installation - Perform checking, separation, and installation (default
mode).
--conversion_activation - Perform conversion and activation.
--full - Execute all steps including activation.
--commit - Commit changes.
--rollback - Rollback to previous release version.
Execution switches:
--noHLF - Do not perform High Level Fallback. This switch works only with full and
activate mode.
--noNetActchecking - Do not perform High Level Fallback only in case of NWI3
connection failure. This switch works only with full and activate mode.
--disk <disk name> - This parameter indicates which disk is locked. This switch
works only with full, upgrade and separate mode.
<disk name> - The acceptable values can be checked using the omsswm_major --
diskstate command.
Standalone switches:
-d, --diskstate - Show disk state (locked / unlocked).
-l, --disklock - Lock disk.
-u, --diskunlock - Unlock disk.
-h, --help - Print help.
DN0962949 Issue: 12 © 2018 Nokia 15

Scripts in LTE OMS
-s, --status - Check whether an OMS major software upgrade is ongoing. If the
MSU phase is ongoing, the status option returns the current phase. If there are no MSU
phases in progress, the status option returns the last phase it had executed along with
information on whether it was successful or not.
-v, --version - Show omsswm_major script version.
-c, --collect - Mounts compatibility partition, zips file of all files, and unmount.
Examples:
• Execute MSU in the upgrade mode.
omsswm_major
targetBD_GOMS6_1.45.1.0.c20_88_to_GOMS6_1.89.oms64.c8.xml
• Execute MSU in a fully automated mode without High Level Fallback with the
/dev/sdb disk locked.
omsswm_major --full --noHLF --disk /dev/sdb
targetBD_GOMS6_1.45.1.0.c20_88_to_GOMS6_1.89.oms64.c8.xml
• Commit changes.
omsswm_major --commit
2.8 omsswm_major for virtual OMS
The omsswm_major executes OMS major software upgrade procedure. It works in
msu_installation mode by default.
Synopsis
omsswm_major [modes] [execution switches]
Example
omsswm_major --virtual
Modes
--virtual Run the full MSU procedure for virtual cloud OMS.
--cloud_mount Mount the cloud upgrade partition.
--cloud_run Runs MSU scripts on cloud upgrade partition.
--cloud_umount Umount the cloud upgrade partition.
Execution switches
--noHLF Do not perform High Level Fallback. This switch works only with
virtual mode.
--noNetActchecking Do not perform High Level Fallback only in case of
NWI3 connection failure. This switch works only
with virtual mode.
Standalone switches
16 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
-c, -- Mounts compatibility partition, zips file of all files, and umount.
collect
2.9 omsswm_minor
The omsswm_minor command installs/uninstalls and activates Minor Upgrade
Software Packages.
Synopsis:
omsswm_minor [options] PATH
Options:
PATH - It is a path to the targetBD file; directory with targetBD file contains all needed
during installation Minor Upgrade Software Package TAR archives
-n|--set-number <nr> - Override the maximum number of software sets defined in
LDAP (<nr> is a new SW Set limit)
-s|--single - Activate software set on single hard disk (do not check for locked
disks)
-f (--full) parameter
-v <on|off> | --verbose <on|off> - Show what is being done (by default:
on).
2.10 screen
The screen command is a full-screen window manager that multiplexes a physical
terminal between several processes (typically interactive shells).
When screen is called, it creates a single window with a shell in it (or the specified
command) and then gets out of your way so that you can use the program as you
normally would. Then, at any time, you can create new (full-screen) windows with other
programs in them (including more shells), kill existing windows, view a list of windows,
turn output logging on and off, copy-and-paste text between windows, view the
scrollback history, switch between windows in whatever manner you wish, and so on. All
windows run their programs completely independent of each other. Programs continue to
run when their window is currently not visible and even when the whole screen session
is detached from the user's terminal. When a program terminates, screen (per default)
kills the window that contained it. If this window was in the foreground, the display
switches to the previous window; if none are left, screen exits.
Synopsis:
screen [ -options ] [ cmd [ args ] ]
DN0962949 Issue: 12 © 2018 Nokia 17

Scripts in LTE OMS
screen -r [[pid.]tty[.host]]
screen -r sessionowner/[[pid.]tty[.host]]
Options:
-a - Include all capabilities (with some minor exceptions) in each window's termcap,
even if screen must redraw parts of the display in order to implement a function.
-A - Adapt the sizes of all windows to the size of the current terminal. By default,
screen tries to restore its old window sizes when attaching to resizable terminals (those
with "WS" in its description, for example, suncmd or some xterm).
-c file - Override the default configuration file from $HOME/.screenrc to file.
-d|-D [pid.tty.host] - Do not start screen, but detach the elsewhere running
screen session. It has the same effect as typing "C-a d" ( Ctrl + a + d keys) from
screen's controlling terminal.-D is the equivalent to the power detach key. If no session
can be detached, this option is ignored. In combination with the -r/-R option more
powerful effects can be achieved:
• -d -r - Reattach a session and if necessary detach it first.
• -d -R - Reattach a session and if necessary detach or even create it first.
• -d -RR - Reattach a session and if necessary detach or create it. Use the first
session if more than one session is available.
• -D -r - Reattach a session. If necessary detach and logout remotely first.
• -D -R - Attach here and now. In detail this means: If a session is running, then
reattach. If necessary detach and logout remotely first. If it was not running create it
and notify the user.
• -D -RR - Attach here and now. Whatever that means, just do it. It is always a good
idea to check the status of your sessions by means of screen -list.
-e xy - Specify the command character to be x and the character generating a literal
command character to y (when typed after the command character). The default is C-a
( Ctrl + a ) and a, which can be specified as -eÂa. When creating a screen session,
this option sets the default command character. In a multiuser session all users added
start off with this command character. But when attaching to an already running session,
this option changes only the command character of the attaching user. This option is
equivalent to either the commands defescape or escape respectively.
-f, -fn, and -fa - Turn flow-control on, off, or "automatic switching mode".
-h num - Specify the history scrollback buffer to be num lines high.
-i - Cause the interrupt key (usually Ctrl + c ) to interrupt the display immediately when
flow-control is on.
-l and -ln - Turn login mode on or off (for /var/run/utmp updating).
-ls and -list - Do not start screen, but print a list of pid.tty.host strings and
creation timestamps identifying your screen sessions. Sessions marked as `detached'
can be resumed with screen -r. Those marked as àttached' are running and have a
controlling terminal. If the session runs in a multiuser mode, it is marked as `multi'.
Sessions marked as ùnreachable' either live on a different host or are `dead'. An
unreachable session is considered dead, when its name matches either the name of the
local host, or the specified parameter, if any. See the -r flag for a description how to
construct matches. Sessions marked as `dead' should be thoroughly checked and
removed. Remove sessions with the -wipe option.
18 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
-L - Turn on automatic output logging for the windows.
-m - Ignore the $STY environment variable. With screen -m creation of a new session
is enforced, regardless whether screen is called from within another screen session
or not. This flag has a special meaning in connection with the -d option:
• -d -m - Start screen in a "detached" mode. This creates a new session but does
not attach to it. This is useful for system startup scripts.
• -D -m - Start screen in a "detached" mode, but do not fork a new process. The
command exits if the session terminates.
-O - Select a more optimal output mode for your terminal rather than true VT100
emulation (only affects auto-margin terminals without `LP').
-p number_or_name - Preselect a window. This is useful when you want to reattach
to a specific window or you want to send a command using the -X option to a specific
window. As with screen's select command, - selects the blank window. As a special
case for reattach, = brings up the windowlist on the blank window.
-q - Suppress printing of error messages. In combination with -ls the exit value is as
follows:
• 9 indicates a directory without sessions.
• 10 indicates a directory with running but not attachable sessions.
• 11 (or more) indicates 1 (or more) usable sessions.
In combination with -r the exit value is as follows:
• 10 indicates that there is no session to resume.
• 12 (or more) indicates that there are two (or more) sessions to resume and you
should specify which one to choose.
In all other cases -q has no effect.
-r [pid.tty.host], -r sessionowner/[pid.tty.host] - Resume a
detached screen session. No other options (except combinations with -d/-D) may be
specified, though an optional prefix of [pid.]tty.host may be needed to distinguish
between multiple detached screen sessions. The second form is used to connect to
another user's screen session which runs in multiuser mode. This indicates that
screen should look for sessions in another user's directory. This requires setuid-root.
-R - Attempt to resume the youngest (in terms of creation time) detached screen
session. If successful, all other command-line options are ignored. If no detached
session exists, screen starts a new session using the specified options, just as if -R
had not been specified. The option is set by default if screen is run as a login-shell
(actually screen uses -xRR in that case).
-s - Set the default shell to the program specified, instead of the value in the
environment variable $SHELL (or /bin/sh if not defined).
-S sessionname - When creating a new session, this option can be used to specify a
meaningful name for the session. This name identifies the session for screen -list
and screen -r actions. It substitutes the default [tty.host] suffix.
-t name - Set the title or the default shell or specified program.
-U - Run screen in the UTF-8 mode. This option tells screen that your terminal sends
and understands the UTF-8 encoded characters. It also sets the default encoding for
new windows to ùtf8'.
DN0962949 Issue: 12 © 2018 Nokia 19

Scripts in LTE OMS
-v - Print version number.
-wipe [match] - Do the same as screen -ls, but remove destroyed sessions
instead of marking them as `dead'. An unreachable session is considered dead, when its
name matches either the name of the local host, or the explicitly given parameter, if any.
See the -r flag for a description how to construct matches.
-x - Attach to a not detached screen session. (Multi display mode).screen refuses to
attach from within itself. But when cascading multiple screens, loops are not detected.
-X - Send the specified command to a running screen session. You can use the -d or
-r option to tell screen to look only for attached or detached screen sessions. Note
that this command does not work if the session is password protected.
2.11 zsplitbackup.sh
The zsplitbackup.sh script splits OMS backup file into smaller parts.
g Note: The zsplitbackup.sh command is only valid for standalone OMS. For virtual
Synopsis:
zsplitbackup.sh [input file] [optional parameters]
Options:
-d - Provide different destination folder where split parts will be saved (optional).
-s - Change single part size in MB (default 1024 MB = 1 GB).
-o - Remove already created/existing parts prior to creating new ones in the same
folder.
-q - Turn on quiet mode.
-v - Turn on verbose mode.
-c - Calculate source file md5 checksum and save it to a separate file.
-r - Remove source file if split was successful.
-p - Create directory path (folders) structure if it does not exist.
-h - Print help.
Example:
# zsplitbackup FULL_R_GOMS6_1.5.debug_oms.corr78_20110126_153601.tar.gz
> source file:
/var/mnt/local/backup/SS_Backup/FULL_R_GOMS6_1.5.debug_oms.corr78_20110126_1
53601.tar.gz
> destination folder: /var/mnt/local/backup/SS_Backup
> part size: 1024 MB
> file size: 4105 MB (4304455680 B)
> parts to create: 5
20 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
> parts prefix: FULL_R_GOMS6_1.5.debug_oms.corr78_20110126_153601_

> Splitting in progress...
creating file
`/var/mnt/local/backup/SS_Backup/FULL_R_GOMS6_1.5.debug_oms.corr78_20110126_
153601_aa'
creating file
153601_ab'
creating file
153601_ac'
creating file
153601_ad'
creating file
153601_ae'
> Split complete!
2.12 vomsswm_helper.py
The vomsswm_helper tool is used to upgrade the virtual OMS image (for MSU
purpose), as well as to rollback the software to the previous release, and allows to
perform volumes of snapshot creation and snapshot restore for virtual OMS backup and
restore purpose.
Synopsis
python vomsswm_helper.py [Command] [Options]
Commands
-u, -- Upgrades the software of VM with OMS image.
upgrade
Example: python vomsswm_helper.py -u -i <new-
image> --vnf-ssh-ip <IP>
-r, -- Rollbacks the software to previous release.
rollback
Example: python vomsswm_helper.py -r --vnf-ssh-ip
<IP>
-cs, Creates snapshot of instance.
--
crea Example: python vomsswm_helper.py -cs --vnf-ssh-ip <IP>
te- --snapshot- name <Name>
snap
shot
-rs, Restores OMS from snapshot.
--
rest Example: python vomsswm_helper.py -rs --vnf-ssh-ip <IP>
ore- --snapshot- name <Name>
DN0962949 Issue: 12 © 2018 Nokia 21

Scripts in LTE OMS
snap
shot
-h, -- Shows the help message and exit.
help
-v, -- Shows the version of the tool.
version
Options
-i Specifies the ID or name of the new image which the operator
NEW_IMAGE, wants to upgrade to.
--new-image
NEW_IMAGE
--vnf-ssh-ip SSH IP of VNF.
IP
--noHLF Prevents High Level Fallback when new SW release is deployed.
--noNetActchecking High Level Fallback won't be performed only in
case of NWI3 connection failure.
--snapshot-name Name of VNF that will be created from image.
SNAPSHOT_NAME
--force-handsfree Script will not ask any additional questions,
default answer will always be yes.
--lock Script will apply lock, so no other operation can be executed by tenant
until current one is done.
--os-username Specifies the user name of tenant. The default value is
USER_NAME env[OS_USERNAME].
--os-tenant-name Specifies the tenant name. The default value is
TENANT_NAME env[OS_TENANT_NAME].
--os-password Specifies the user password of tenant. The default value is
USER_PASSWD env[OS_PASSWORD].
--os-auth-url Specifies the authentication URL of tenant. The default value is
AUTH_URL env[OS_AUTH_URL].
22 © 2018 Nokia DN0962949 Issue: 12

Command Line Interface Tools and Management Configuration management
Scripts in LTE OMS
3 Configuration management
Related CLI commands use in OMS configuration management
3.1 fsbios
The fsbios command automates the process of checking the boot order in OMS BIOS
and enables or disables booting from USB without the need of restarting OMS, for
example, if the USB device cannot be physically removed during boot.
The tool periodically checks the USB_Drive_Key_Enumeration option. When fsbios
detects an incorrect value (Enabled), it raises the 70384 INCORRECT BIOS
SETTINGS alarm. The alarm is automatically canceled during the next checking period if
the BIOS settings are correct.
The automatic USB_Drive_Key_Enumeration change is possible only during OMS
startup. After that only manual change is possible.
Synopsis:
fsbios [check] [status] [enable | disable] [enable_checking |
disable_checking] [enable_checking_at_startup |
disable_checking_at_startup] usb_drive_key_enumeration
Options:
check - Verify if your BIOS supports changing value of the
USB_Drive_Key_Enumeration BIOS option.
status - Display the current value of the USB_Drive_Key_Enumeration BIOS
option.
enable - Enable booting from USB.
disable - Disable booting from USB.
enable_checking - Enable periodical check of value of the
disable_checking - Disable periodical check of value of the
enable_checking_at_startup - Enable check of value of the
USB_Drive_Key_Enumeration BIOS option during operating system start-up.
disable_checking_at_startup - Enable check of value of the
USB_Drive_Key_Enumeration BIOS option during operating system start-up.
Examples:
• Set the value of the USB_Drive_Key_Enumeration BIOS option to Enabled.
fsbios enable usb_drive_key_enumeration
DN0962949 Issue: 12 © 2018 Nokia 23

Configuration management Command Line Interface Tools and Management
Scripts in LTE OMS
• Disable periodical check of value of the USB_Drive_Key_Enumeration BIOS
option.
fsbios disable_checking usb_drive_key_enumeration
3.2 fsdistribute
The fsdistribute command synchronizes files and directories between the system
and local images, and the OMS-specific /etc hierarchy.
w NOTICE: Use fsdistribute to distribute files in the /etc directory only.
Synopsis:
fsdistribute [-d] [-l <log file>] [-r] [-s] [-v] <file or
directory>...
Options:
-d, --disks-only - Do not modify the content of any RAM disk.
-l, --log-file <log file> - Log operations and errors to <log file>.
-r, --remove - Remove the files and directories from all images instead of
distributing them.
-s, --shared-only - Do not distribute to (or remove from) other nodes when
processing node-specific items.
-v, --verbose - Turn on verbose mode.
3.3 fshascli
The fshascli command is a tool for executing administrative operations (for example,
switchover, shutdown, lock) on Managed Objects and for querying the state and status
attributes of Managed Objects. Non-root users have limited access to execute fshascli
commands.
Synopsis:
fshascli [OPTION ...] [MOName ...]
Options:
MOName - Name of the Managed Object (MO). The MO can be Cluster, Node, Recovery
Group, Recovery Unit, Process, Service Instance or Component Service Instance. Any
option can be applied to one or more Managed Objects. Pattern matching with '*' and '?'
can be used in MONames and regular expressions can be used with --regex option to
match MONames. MOName can be either a HAS MOName or a distinguished name
(dn). For example, the names below are two ways to referring to the same MO:
24 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
• HAS MOName: /ExampleHARG
• dn: fshaRecoveryGroupName=ExampleHARG,
fsFragmentId=RecoveryGroups, fsFragmentId=HA,
fsClusterId=ClusterRoot
-l, --lock - Lock the Managed Object. The MO can be Cluster, Node, Recovery
Group, Recovery Unit or Service Instance. Options -n, -F and -N can be used with this
command. Example usage: fshascli -l /TA-A/ExampleHARU-A
The lock option brutally terminates the MO and its child MOs. For graceful shutdown, the
-X option should be used instead.
-u, --unlock - Unlock the Managed Object. The MO can be Cluster, Node, Recovery
Group, Recovery Unit or Service Instance. Example usage: fshascli -u /TA-
A/ExampleHARU-A
-w, --switchover - Execute a forced switchover for the given Recovery Group,
Recovery Unit or Service Instance. Options -n and -F can be used with this command.
Example usage: fshascli -w /ExampleHARG
-r, --restart - Restart the Managed Object. If the Managed Object is currently
operational, it is ungracefully terminated and then restarted. If a Recovery Unit, process
or Service Instance managed object is faulty (disabled), the restart operation enables it
and the managed object is started if it's role is ACTIVE. Option -n can be used with this
command. Example usage: fshascli -r /TA-A/ExampleHARU-A
-p, --power {ON|OFF} - Switch power ON or OFF for the node or cluster. Option
-n can be used with this command. Example usage: fshascli -p OFF /TA-A
-B, --heartbeat {ON|OFF} - Set active supervision to ON or OFF for the process.
Example usage: fshascli -B OFF /TA-A/ExampleHARU-A/example
-X, --shutdown - Shut down the Managed Object gracefully. The MO can be Cluster,
Node, Recovery Group, Recovery Unit or Service Instance. The command waits until the
MO shuts itself down successfully. Options -n, -F, -t, and -N can be used with this
command. With the -t option, graceful shutdown turns into lock operation after the
timeout if the shutdown operation has not finished before that. Example usage:
fshascli -X -t 10 /TA-A/ExampleHARU-A If shutdown with timeout option is
given two or more times for the same MO, the timeout value is overridden by the last
shutdown command.
-i, --isolate - Set a faulty node that cannot be reset as isolated. When the
operator wants to physically remove a node, they may set the node as isolated so that
HAS knows that the node is down. This allows HAS to safely perform recovery actions
(that is, switchovers) that reassign shared resources (for example, IP addresses or file
system mounts) previously owned by the node to other nodes. Example usage:
fshascli -i /TA-A
-v, --view [-g|--recoverygroup] - View the HAS configuration. With the -g
option, the command prints the HAS configuration from the recovery groups down to the
processes. If the MOName is given, the command prints the HAS configuration starting
from the MOName. Example usage:
• fshascli -v - Show the whole HAS configuration view.
• fshascli -v -g - Show the recovery group view.
• fshascli -v /TA-A/ExampleHARU-A - Show the contents of recovery unit
/TA-A/ExampleHARU-A and all its processes.
DN0962949 Issue: 12 © 2018 Nokia 25

Scripts in LTE OMS
--bare MOType[,MOType...] - View MONames by MOType. MOName is not
accepted as parameter. Accepted MOTypes are the same as in option --filter.
Example usage: fshascli --bare rg shows the MONames of recovery groups.
--parent - Print the MOName of parent. In case of recovery unit, also the parent
recovery group is printed. Example usage: fshascli --parent /TA-
A/ExampleHARU-A
--children - Print MONames of children. Example usage: fshascli --children
/ExampleHARG
-s, --state [STATE_SUB-OPTION ...] - These are state, status and dynamic
attributes of the Managed Object. Query one or more state, status or dynamic attributes
of the MO. The available STATE SUB-OPTIONs are listed below:
• -a, --administrative - Query the administrative state. The possible values
are: LOCKED, SHUTTINGDOWN, and UNLOCKED.
• -o, --operational - Query the operational state. The possible values are:
DISABLED and ENABLED.
• -U, --usage - Query the usage state. The possible value is one of IDLE,
ACTIVE and BUSY.
• -P, --procedural - Query the procedural status. The possible value is either
empty or one of INITIALIZATIONREQUIRED, NOTINITIALIZED,
INITIALIZING, REPORTING , and TERMINATING. If none of the values above
are returned, the attribute is empty and ( ) is shown to the user.
• -V, --availability - Query the availability status. The possible value is empty
or one or more of INTEST, FAILED, POWEROFF, OFFLINE, OFFDUTY,
DEPENDENCY, DEGRADED, NOTINSTALLED and LOGFULL. If none of the values
above are returned, the attribute is empty and ( ) is shown to the user.
• -k, --unknown - Query the unknown status. The possible value is one of TRUE
and FALSE.
• -m, --alarm - Query the alarm status. The possible value is either empty or one
of CRITICAL, MAJOR, MINOR, and OUTSTANDING. If none of the values above are
returned, the attribute is empty and ( ) is shown to the user.
• -R, --role - Query the role of a recovery unit or recovery group. The possible
value is either empty or one of ACTIVE, HOTSTANDBY, COLDSTANDBY and NONE. If
none of the values above are returned, the attribute is empty and ( ) is shown to
the user.
• -D, --dynamic - Query dynamic attributes.
• -H, --dynamic-hidden - Query dynamic attributes. Includes hidden attributes
beginning with ".".
• -A, --assignments - Query the assignments. Example usage:
– fshascli -s /TA-A - Query all the states and the status of /TA-A.
– fshascli -s -a /TA-A - Query the administrative state of /TA-A.
– fshascli -soVP /TA-A - Query the operational state and the availability
and procedural status of /TA-A.
-n, --nowarning - With this option, no warning message is shown to the user. The
option can be used after -l, -w, -r, -p, or -X. Example usage: fshascli -l -n
/TA-A
26 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
-t, --timeout TIMEOUT[SUFFIX] - This option specifies the timeout for the

command. The SUFFIX may be s for seconds, m for minutes, h for hours or d for days.
Capital letters can be also used. If no SUFFIX is given, the TIMEOUT is treated as
seconds. The minimum value is 1 second and the maximum value is 68 years
(=0x7FFFFFFE). This option can only be used after the -X option. Example usage:
• fshascli -X -t 60 /TA-A/ExampleHARU-A
• fshascli -X -t 1m /TA-B/ExampleHARU-B
-F, --force - This option can be used with lock, shutdown and switchover
commands in case the Managed Object is critical. Otherwise, it has no effect. Example
usage: fshascli -l -F /Directory
-N, --noblock - With this option, fshascli does not wait for the operation to be
completed. This option can only be used after the -l or -X options. Example usage:
• fshascli -X -N -n /ExampleHARG
• fshascli -l -N -n /TA-B/ExampleHARU-B
-e, --regex - MOName list is considered to be a list of regular expressions. The
regular expression must be inside quotation marks. Example usage: fshascli --
unlock --regex "^/TA-[A-Z]$"
-E, --noerror - Continue executing MOName list although the command fails with
some MOName(s) in the list. Without this option execution stops to the first failing
MOName in the list. Example usage: fshascli -u --noerror "/TA-?"
--logerrors - Write error messages also to syslog. This may be useful if
fshascli is run from scripts. Alternatively, it is possible to set environment variable
FSHASCLI_LOG_ERRORS, which has the same effect as giving this option. Example
usage: fshascli --lock --logerrors /Directory
FSHASCLI_LOG_ERRORS= fshascli --lock /Directory
--filter MOType[,MOType...] MOName [ MOName...] - Filter input
MONames based on their type. This option is used in other commands to filter
MONames. The accepted MOTypes are:
• cluster - cluster
• node - all nodes
• rg - all recovery groups
• ru - all recovery units
• process - all processes
• si - all service instances
• csi - all component service instances
• proxy - all proxy processes
• proxied - all proxied components
Example usage: fshascli -s --filter rg,ru "/HAS*" "/*/HAS*"

--dn - Prints a list of MONames and distinguished names. This option can be used with
-v and --bare. Example usage:
• fshascli -v --dn /ExampleHARG
• fshascli --bare rg,ru --dn
DN0962949 Issue: 12 © 2018 Nokia 27

Scripts in LTE OMS
-I, --inert-mode {ON|OFF} - Sets inert mode for a Managed Object. The MO

can be Cluster, or one or more Nodes. Inert mode prevents recovery actions within the
Nodes or the Cluster. It should be used only for debugging purposes. Example usage:
• fshascli -I on /
• fshascli --inert-mode off /CLA-0 /CLA-1
-S, --set <name>=<value> - Set dynamic attributes for a Managed Object. The

MO can be any Managed Object. A dynamic attribute is a name value pair. An attribute is
deleted by setting an empty string as a value of the attribute. Example usage:
fshascli -S APPLICATION_ID=ExampleId /ExampleHARG
fshascli --set APPLICATION_ID=
-C, --reconfigure - Command HAS to reload the configuration in all nodes without
restarting the nodes. Notice, that if the new configuration contains errors, it may (or may
not) be partly taken into use. In this case you should return the original configuration or
correct the problems and then issue another reconfigure command. Example usage:
fshascli --reconfigure
3.4 ns_listall
The ns_listall command is used for listing the content of the FlexiServer CORBA
Naming Service graph.
The ns_listall command provides an alternative mode where the IOR and a
description of a single object in the naming graph, that is a naming context or an object
reference, are displayed.
The ns_listall command can also be used for fixing certain problems in the naming
graph, such as a dangling context.
Synopsis:
ns_listall [ --? | --help ] [ --debug ] [--
ldap=ldap_host:port ] [ pub-lic | private ] [ --host=host ]
[ --port=port ] [ --context=initial_context_name ] [--
depth=list_depth ] [ --fix ] [ --yes ] [--
resolve=full_compound_name ]
Options:
(none) - Connect to the private Naming Service of the cluster and print out the whole
naming graph.
--help, --? - Display a short description of options as well as the default values
used.
--debug - Turn on internal tracing messages. This option is meant for debugging
purposes. Define it as the first argument for full tracing.
28 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
--ldap=ldap_host:port - This option can be used for overriding the LDAP
host:port used by the parameter management in case GetBindIP library is used
(public | private option is used). The value must be of format host:port, for
example, flegrp13:3114. This option needs to be defined before the public |
private option.
private - Connect to the private Naming Service of the cluster. The host of the private
Naming Service is resolved using the GetBindIP library. If the GetBindIP library is
not able to resolve the host, the default value is used (default values are displayed with
the --? option.)
public - Connect to the public Naming Service of the cluster. The host of the public
Naming Service is resolved using the GetBindIP library. If the GetBindIP library is
not able to resolve the host, the default value is used (default values are displayed with
the --? option.)
--host=host - Define the host name or address of the Naming Service. The given
value overrides the default value.
--port=port - Define the port of the Naming Service. The given value overrides the
default value.
--context=initial_context_name - Define the initial context name of the
Naming Service. The given value overrides the default value.
--depth=list_depth - Define the maximum depth of listed context. When the
maximum depth is reached, ns_listall aborts the listing of current context and
moves to the next one. The given value overrides the default value.
--fix - Turn on the feature that tries to fix corrupted naming graph entries. Typically,
naming graph corruption may happen if a client or a Naming Service is forcefully killed
during context removal which may leave so-called dangling context into the naming
graph. Dangling context may also be created by a badly behaving client that destroys
context without unbinding it from its parent context. Dangling context can be recognized
by the displayed CORBA::OBJ_ADAPTER (in FS2/Visibroker5) or
CORBA::OBJECT_NOT_EXIST (FS3/Visibroker 6.5) exceptions.
--yes - It is the non-interactive mode. Answer yes to all questions. Interaction is
typically required when using the --fix option.
--resolve=full_compound_name - It is the resolve mode. Instead of listing the
whole graph, resolve the given context or object reference denoted by its full compound
name in the naming graph. In addition to displaying the IOR of the object, additional
information such as IIOP profile host, port and repository ID is shown. The existence of
the object is also checked by invoking the CORBA::Object::_non_existent()
operation on the object denoted by the IOR. For decoding the shown IOR, pass it to the
printIOR tool found from the Visibroker installation directory.
3.5 zaddldif
The zaddldif command Adds an LDIF file to LDAP.
Synopsis:
zaddldif <hostname> <portnumber> [ldif name]
DN0962949 Issue: 12 © 2018 Nokia 29

Scripts in LTE OMS
Examples:
/opt/Nokia_BP/sbin/zaddldif localhost 389 fsHA.ldif
3.6 zchangecluster-id
The zchangecluster-id command updates the OMS cluster ID provided by the
operator.
Synopsis:
zchangecluster-id
Examples:
Give new OMS id number <1-65535>:
3.7 zchangetimezone
The zchangetimezone command Changes the OMS timezone. OMS reboot is
needed to activate the new timezone.
Synopsis:
zchangetimezone
Examples:
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
1) Africa
2) Americas
3) Antarctica
4) Arctic Ocean
5) Asia
6) Atlantic Ocean
7) Australia
8) Europe
9) Indian Ocean
10) Pacific Ocean
11) none - I want to specify the time zone using the Posix TZ format.
#? 8
Please select a country.
Table 1 Time zone regions
1) Aaland Islands 18) Greece 35) Norway
2) Albania 19) Guernsey 36) Poland
3) Andorra 20) Hungary 37) Portugal
4) Austria 21) Ireland 38) Romania
30 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
Table 1 Time zone regions (Cont.)
5) Belarus 22) Isle of Man 39) Russia
6) Belgium 23) Italy 40) San Marino
7) Bosnia & Herzegovina 24) Jersey 41) Serbia
8) Britain (UK) 25) Latvia 42) Slovakia
9) Bulgaria 26) Liechtenstein 43) Slovenia
10) Croatia 27) Lithuania 44) Spain
11) Czech Republic 28) Luxembourg 45) Sweden
12) Denmark 29) Macedonia 46) Switzerland
13) Estonia 30) Malta 47) Turkey
14) Finland 31) Moldova 48) Ukraine
15) France 32) Monaco 49) Vatican City
16) Germany 33) Montenegro
17) Gibraltar 34) Netherlands
#? 14
The following information has been given:

Finland
Therefore TZ='Europe/Helsinki' will be used.

Local time is now: Mon Jan 26 12:11:43 EET 2009.
Universal Time is now: Mon Jan 26 10:11:43 UTC 2009.
Is the above information OK?
1) Yes
2) No
#? 1
You can make this change permanent for yourself by appending the line
TZ='Europe/Helsinki'; export TZ
to the file '.profile' in your home directory; then log out and log in
again.
Here is that TZ value again, this time on standard output so that you
can use the /usr/bin/tzselect command in shell scripts:
Timezone: Europe/Helsinki set to OMS

System restart needed...
/ is the cluster. The request will restart all the nodes in it.
Are you sure you want to proceed? [y/n] y
DN0962949 Issue: 12 © 2018 Nokia 31

Scripts in LTE OMS
3.8 zldap
The zldap command opens a connection from OMS to OMS LDAP for managing LDAP
information.
Synopsis:
zldap
Examples:
LDAP LOGIN> root
LDAP PASSWORD> root
Nokia OMS, LDAP CLI

Copyright (c) Nokia 2005. All rights reserved.
*** Not authenticated to the server, working with anonymous access ***
*** Reason: Invalid DN Syntax ***
anonymous>
3.9 zmodldif
The zmodldif command modifies LDAP data according to the LDIF file.
Synopsis:
zmodldif <hostname> <portnumber> [ldif name]
Examples:
zmodldif localhost 389 fsHA.ldif
3.10 zomscli
The zomscli command executes the fshascli [OPTION] command to all OMS
software except databases.
Synopsis:
zomscli OPTION[n=no warning]
Options:
-l - lock
-u - unlock
32 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
-w - switchover
-r - restart
-v - view
-s - state
Examples:
• Execute fshascli -l[n] [all OMS SW]:
zomscli -l
or:
zomscli -ln
For more information about the fshascli command, see fshascli.
3.11 zpr
The zpr command lists OMS processes.
Synopsis:
zpr [ -all | -u | -l | -d | -e ] [<node_name>]
Options:
-all - List all processes at <node_name>.
-u - List unlocked processes at <node_name>.
-l - List locked processes at <node_name>.
-d - List disabled processes at <node_name>.
-e - List enabled processes at <node_name>.
3.12 zrg
The zrg command lists OMS recovery groups.
Synopsis:
zrg [ -all | -u | -l | -d | -e ]
Options:
-all - List all recovery groups at OMS.
-u - List unlocked recovery groups at OMS.
-l - List locked recovery groups at OMS.
-d - List disabled recovery groups at OMS.
DN0962949 Issue: 12 © 2018 Nokia 33

Scripts in LTE OMS
-e - List enabled recovery groups at OMS.
3.13 zru
The zru command lists OMS recovery units.
Synopsis:
zru [ -all | -u | -l | -d | -e | -a | -s ] [<node_name>]
Options:
-all - List all recovery units at <node_name>.
-u - List unlocked recovery units at <node_name>.
-l - List locked recovery units at <node_name>.
-d - List disabled recovery units at <node_name>.
-e - List enabled recovery units at <node_name>.
-a - List active recovery units at <node_name>.
-s - List coldstandby recovery units at <node_name>.
3.14 zsetti
This command goes to current set folder
/var/mnt/remote/sysimg/flexiserver/sets.
Synopsis:
zsetti
3.15 ztopocli
The ztopocli command investigates OMS topology DB content by listing connected,
disconnected, or all southbound elements in the database.
The ztopocli command allows to delete disconnected root topology objects (MRBTS).
To upload the whole topology DB, use the oms_reinstall_topology_db.sh script.
Synopsis:
ztopocli OPTION [NE]
Options:
-l - List network elements in the OMS topology database.
34 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
-lc - List connected network elements in the OMS topology database.
-ld - List disconnected network elements in the OMS topology database.
-r NE - Remove network element from the OMS topology, for example, ztopocli -r
RNC-2.
g Note: Removing the MRBTS object is not possible if the status is connected (this can
be checked using the # ztopocli -lc command). Only disconnected MRBTS
Objects can be removed (the status can be checked using the # ztopocli -ld
command).
Examples of ztopocli command
Removing connected MRBTS object:
• # ztopocli -l
OMS topology database contains following network elements:
1. MRBTS-1 172.16.48.11
2. MRBTS-2 172.16.48.12
3. MRBTS-3 172.16.48.13
• # ztopocli -lc
OMS topology database contains following connected network
elements:
1. MRBTS-1 172.16.48.11
2. MRBTS-2 172.16.48.12
3. MRBTS-3 172.16.48.13
• # ztopocli -r MRBTS-1
Remove MRBTS-1 from OMS topology (y/n)? y
Operation failed. NE cannot be deleted, connection to the
NE is open.
Removing disconnected MRBTS object:
• # ztopocli -l
OMS topology database contains following network elements:
1. MRBTS-1 172.16.48.11
2. MRBTS-2 172.16.48.12
3. MRBTS-3 172.16.48.13
• # ztopocli -ld
OMS topology database contains following disconnected
network elements:
1. MRBTS-1 172.16.48.11
2. MRBTS-2 172.16.48.12
3. MRBTS-3 172.16.48.13
• # ztopocli -r MRBTS-1
Remove MRBTS-1 from OMS topology (y/n)? y
Operation succeeded
DN0962949 Issue: 12 © 2018 Nokia 35

Scripts in LTE OMS
3.16 zupt
The zupt command prints the OMS up time.
Synopsis:
zupt
36 © 2018 Nokia DN0962949 Issue: 12

Command Line Interface Tools and Management Network management
Scripts in LTE OMS
4 Network management
Related CLI commands use in OMS network management
4.1 fsgetaddress
The fsgetaddress command resolves names to IP addresses.
Synopsis:
fsgetaddress [ OPTIONS ] [ NAME ... ]
Options:
-1, --first-only - Output only the first address if several addresses are found.
-a, --all - Resolve IPv4 and IPv6 addresses.
-4, --inet - Resolve only IPv4 addresses (default).
-6, --inet6 - Resolve only IPv6 addresses.
All non-option arguments are treated as names to resolve. 0-n names can be given.
4.2 fsipaddress
The fsipaddress command adds or deletes external IP addresses into/from LDAP.
In addition to the address itself, any other needed IP configuration is automatically
added/deleted.
Changes made to configuration database are propagated to run-time environment by the
fsipreconfigure commit command.
Synopsis:
fsipaddress dedicated add IP-ADDRESS/MASK iface IFACE-NAME
owner { NODE | RG } [ via GWRG-NAME ] [ role STRING ... ]
[ user { RG | RU } ... ] [ table 10-254 ]
fsipaddress dedicated delete IP-ADDRESS/MASK owner { NODE |
RG } iface IFACE-NAME [ via GVRG-NAME ]
fsipaddress perimeter add IP-ADDRESS/MASK owner { NODE | RG }
iface IFACE-NAME [ role STRING ... ] [ user { RG | RU } ... ]
fsipaddress perimeter delete IP-ADDRESS/MASK owner { NODE |
RG } iface IFACE-NAM
DN0962949 Issue: 12 © 2018 Nokia 37

Network management Command Line Interface Tools and Management
Scripts in LTE OMS
fsipaddress virtual add IP-ADDRESS/MASK iface IFACE-NAME via

GWRG-NAME owner RG [ role STRING ... ] [ user { RG | RU }
... ]
fsipaddress virtual delete IP-ADDRESS/MASK owner RG via GWRG-
NAME iface IFACE-NAME
Options:
Options may appear anywhere on the command line, except between the attribute name
and value.
-h, --help - Print help. Help is displayed for the level on which the option appears on
the command line. If the help option is given after TYPE, help is given on the commands
available for the given address type. If the help option is given after COMMAND, help is
given on the attributes for the given command on the given address type.
-v level, --verbose=level - Set verbosity level. level is an integer or a
case-insensitive level name:
• -1 critical
• 0 error
• 1 warning (default)
• 2 info
• 3 debug
Types:
dedicated - It is an IP address that can be assigned to only one node at a time.
perimeter - It is an IP address which is assigned to the network interfaces in NICs
(Network Interface Cards) that connect the cluster to the external network.
virtual - It is an IP address which is assigned to multiple network interfaces in the
cluster. It allows the address to be used as a target of a load-balanced service.
Commands:
add - adds an IP address
delete - deletes an IP address
Attributes:
The IP address itself is always given as the first attribute on the command line as a value
without a name.
iface - It is a name of the interface to which the address is assigned.
owner - It is an owner of the address. NODE value simply means location of the
address in the RTE. RG value means that the address is located only in the same node
as currently-active RU of this RG is deployed.
role - It is a role(s) for the address.
table - It is a routing table identifier.
user - It is a user(s) of the address.
via - It is a the name of the gateway recovery group.
38 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
Attribute values:
IP-ADDRESS - IPv4 or IPv6 address
MASK - 0-32 for IPv4 address, 0-128 for IPv6 address
IFACE-NAME - interface name - a non-empty string with a maximum of 15 characters,
containing no whitespace or the character ":"
NODE - node-managed object name (/CLA-0)
RG - recovery-group-managed object name (for example, /Directory)
RU - recovery-unit-management object name (for example, /CLA-
0/FSDirectoryServer)
GWRG-NAME - name of a gateway recovery group (for example, IPDManager-0)
Examples:
• Add dedicated IPv4 address, which is routed via IPDManager-0, for Directory
service:
fsipaddress dedicated add 10.99.100.3/24 iface bond1.100
owner /Directory via IPDManager-0
• Delete the dedicated address:
fsipaddress dedicated delete 10.99.100.3/24 iface bond1.100
owner /Directory via IPDManager-0
• Add dedicated IPv6 address, which is routed via IPDMAnager-0 to Directory service:
fsipaddress dedicated add 2001:490:ff0:abcd::81/64 iface
bond1.100 owner /Directory via IPDManager-0
• Add perimeter address for IPDManager-0:
fsipaddress perimeter add 10.99.100.2/24 iface bond1.100
owner /IPDManager-0
• Create virtual address for a load sharing recovery group and make it visible via
IPDManager-0:
fsipaddress virtual add 10.99.101.10/24 iface bond1.101
owner /TestLB via IPDManager-0 role test-1
• Create dedicated address shared with /ClusterDNS and /ClusterNTP recovery
groups:
fsipaddress dedicated add 10.99.120.3/24 iface bond0.120
owner /CLA-0 user /ClusterDNS user /ClusterNTP
4.3 fsipbond
The fsipbond command adds, deletes, or modifies bonding interfaces into/from LDAP.
Slave interfaces must be of plain Ethernet or virtual types. VLAN interfaces cannot be
enslaved. If active attribute is not specified, the first slave is preselected as active. It can
be changed by RSTP if the rstp attribute is set to yes.
Changes made to configuration database are propagated to run-time environment by the
Synopsis:
DN0962949 Issue: 12 © 2018 Nokia 39

Scripts in LTE OMS
fsipbond add IFACE-NAME slave IFACE-NAME [ slave IFACE-NAME ]

owner { NODE | RG } [ rstp { yes | no } ] [ mtu 1-65535 ]
[ active IFACE-NAME ]
fsipbond modify IFACE-NAME owner { NODE | RG } [ mtu 1-65535 ]
fsipbond delete IFACE-NAME owner { NODE | RG }
Options:
-h, --help - Print help for the level on which the option appears on the command
line. If the help option is given before COMMAND, help is given on the commands
available. If the help option is given after COMMAND, help is given on the attributes for
the given command.
-v level, --verbose=level - Set verbosity level. level is an integer or a
case-insensitive level name:
• -1 critical
• 0 error
• 2 info
• 3 debug
Commands:
add - Add a bonding interface.
modify - Modify a bonding interface.
delete - Delete a bonding interface.
Attributes:
Bonding interface name is always given first on the command line without an attribute
name.
owner - It is the owner of the bonding interface. NODE value simply means the location
of the bonding interface in RTE. RG value means that the bonding interface is located
only in the same node as the currently active RU of this RG is deployed.
slave - slave interface
active - initially active slave interface
rstp - bonding interface RSTP monitoring status (default set to yes)
mtu - MTU (maximum transmission unit) of the bonding interface (default set to 1500)
Attribute values:
IFACE-NAME - a string of maximum 15 characters long, containing no whitespace nor
colon
NODE - node-managed object name (/CLA-0)
RG - recovery-group-managed object name (for example, /Directory)
Examples
40 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
• Create external bonding interface:
fsipbond add bond1 slave eth1 slave eth2 rstp yes owner
/CLA-0
• Modify MTU of the above-created bonding interface and its slave(s):
fsipbond modify bond1 mtu 9000 owner /CLA-0
• Delete the above-added VLAN interface:
fsipbond delete bond1 owner /CLA-0
4.4 fsipinternalnet
The fsipinternalnet command adds and lists internal network configurations in
LDAP.
The internal network configuration information includes network interface, IP addresses,
MTU, and parameters defining how OMS boots up.
There is no limit how many internal networks can be created, but in order for the
environment to start-up correctly one IPv4 internal network with the name internalnet
must exist.
Changes made to the configuration database are propagated to run-time environment by
the fsipreconfigure commit command.
Synopsis:
fsipinternalnet add iface IFACE-NAME [ name STRING ]
[ bootable { yes | no } ] [ mtu 1-65535 ] [ net IP-NET/MASK ]
[ nodes STRING ... ] [ reserve NAME:COUNT ... ]
fsipinternalnet reconfig [ { -f | --force } ] [ nodes STRING
... ] [ name STRING ] [ family { inet | inet6 } ] [ reserve
NAME:COUNT ... ]
fsipinternalnet get [ name STRING ] [ family { inet | inet6 }
]
fsipinternalnet rac-cluster add net IPv4-NET/MASK nodes
HOSTNAME[,HOSTNAME,..] name STRING vid 0-4095
fsipinternalnet loopback add [ net IP-NET/MASK ]
fsipinternalnet cluster add [ net IP-NET/MASK ] [ reserve
NAME:COUNT ... ] [ nodes STRING ... ] [ mtu 1-65535 ]
Options:
-f, --force - Overwrite any existing information. Option can only be used after
fsipinternalnet reconfig and before any attributes.
the command line. If the help option is given before COMMAND, help is given on the
commands available. If the help option is given after COMMAND, help is given on the
attributes for the given command.
DN0962949 Issue: 12 © 2018 Nokia 41

Scripts in LTE OMS
-v level, --verbose=level - Set verbosity level. level is an integer or a case-
insensitive level name:
• -1 critical
• 0 error
• 2 info
• 3 debug
Commands:
add - Add a new internal network.
reconfig - Reconfigure the existing internal network.
get - Show information about the existing internal networks.
Attributes:
bootable - It defines whether the network is bootable or not. The default value is no.
family - IP family. The default value is any.
iface - It refers to the used network interface. It is a string no less than 1 and no more
than 15 characters long, containing no whitespace nor colon.
mtu - MTU (maximum transmission unit). The default value is 1500.
name - It is a name of the network.
net - It is a network address and a mask of the network.
nodes - It is a pattern describing the nodes belonging to the network. The default value
is "*", meaning all nodes.
reserve - It reserves the required size block of addresses.
vid - It is a VLAN identifier.
Examples:
• Create default internal network:
fsipinternalnet loopback add
• Create IPv6 internal network for IPD-* nodes:
fsipinternalnet add net fe80::/64 iface bond0 nodes 'IPD-*'
• Create Oracle subcluster network for node CLA-0:
fsipinternalnet rac-cluster add net 192.169.0.0/24 nodes
CLA-0 vid 199 name rac-subcluster
• List all internal networks:
fsipinternalnet get
• List all IPv6 internal networks:
fsipinternalnet get family inet6
42 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
4.5 fsipmgmtnet
The fsipmgmtnet command adds management network information to LDAP. It is
used mainly during commissioning.
The management network creation must be done in three phases: a template file is
created, all needed information is filled into the template file, and the configuration is
populated to LDAP, based on the information in template file.
fsipmgmtnet template command creates a template file with all needed configuration
options. By default all the values for the configuration options are filled with the 'X'
characters, but to ease the filling of the template the values can be given with the
attributes vid and address. The VLAN identifier can be filled in to the template by the
vid attribute. The addresses are assigned to the template in numerical order starting
from the given address. If the given network is not long enough, the remaining addresses
are filled with the 'X' characters. In addition to the mandatory configuration options, there
are also some optional configuration options. These optional configuration options are
filled in to the template as commented-out lines (that is, lines starting with a '#' mark).
Before creating the management network configuration, finalize the template file. A value
must be given for all mandatory configuration options and any needed optional options
must be taken into use by uncommenting the necessary lines.
The fsipmgmtnet add command verifies the contents of the template file before
doing anything else. Any missing mandatory options or options having incorrect values
cause the command to fail.
Synopsis:
fsipmgmtnet template [ --uncomment-hints ] { FILE-NAME | - }
[ address IPv4-ADDRESS/MASK ] [ hwtype { HPBladeSystem |
IBMBladeCenter | SUNRackMount } ] [ vid 0-4095 ]
fsipmgmtnet add [ --ignore-non-existent ] [ --ignore-missing ]
FILE-NAME [ hwtype { HPBladeSystem | IBMBladeCenter |
SUNRackMount } ]
Options:
and value.
• -1 critical
• 0 error
DN0962949 Issue: 12 © 2018 Nokia 43

Scripts in LTE OMS
• 2 info
• 3 debug
Commands:
add - Create management network configuration.
template - Generate template file needed to create management network.
Attributes:
address - It is a start address to be used for automatic filling-in of addresses to the
template.
hwtype - It overwrites the used environment defined by the HW_PLATFORM
environment variable. Supported environments are HPBladeSystem and
IBMBladeCenter.
vid - It is a VLAN identifier of the management network.
Attribute values:
FILE-NAME - Template file name or special value '-' for standard input or output.
IPv4-ADDRESS - IPv4 address
MASK - 0-32
Examples:
• Create template file with name bc-mgmtnet.conf:
fsipmgmtnet template bc-mgmtnet.conf
• Create management network configuration based on information filled in template file
named bc-mgmtnet.conf:
fsipmgmtnet add bc-mgmtnet.conf
• Fill in template using VLAN identifier 151 and automatic addresses starting from
192.169.10.1/24:
fsipmgmtnet template bc-mgmtnet.conf vid 151 address
192.169.10.1/24
4.6 fsipnet
The fsipnet command adds, shows, modifies, or deletes IP Management objects in
LDAP.
Changes in configuration database are not immediately reflected in the run-time
environment.
Note that fsipnet is a very powerful tool, thus it is usually better to use one of the other
fsip* tools. However, fsipnet [ OBJECT ] get operations are always safe.
Each object type has a predefined set of attributes. Each attribute has a name, type and
a list of values. The type of each attribute is listed in Section DETAILED LIST. Most
attribute types fall into the following categories:
44 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
• integral types - Attribute's values are integers. Some range(s) may define the valid
values.
• string types - Freeform strings, possibly with some limitations. Names, paths,
FQDNs, and so on.
• enumeration - A set of predefined strings define the valid values.
Attributes differ in how many values they must and may have. This is reflected in the
fsipnet command line. A subset of attributes identifies an object uniquely. These
attributes are called key attributes. Typically one of the key attributes is always given as
the first attribute on the command line, as a value without a name. These are called
naming attributes.
Some object types are children to other objects, for example, the socket object is a child
to an address object. In these cases also the parent object's key attributes must be
specified when referring to the child object, since identical objects can exist in LDAP, as
long as they are children to different parent objects.
The add command adds a new object in LDAP. The object must be fully specified on the
command line. The key attribute values must be given on the command line. These
identify the new object uniquely and an object with the same key attribute values must
not already exist. If the new object is a child, the parent object must already exist.
The delete command deletes an existing object. Key attributes may be specified to
identify the object. These are used as search criteria. If only one matching leaf object is
found, it is deleted. If multiple objects are found, an error message is printed and nothing
is deleted.
The --force option can be used to delete all matching objects. Non-leaf objects cannot
be deleted, delete the child objects first. If other objects depend on the object being
deleted according to their dependency attributes, an error message is printed and the
object is not deleted. The --force option can be used to delete objects regardless of
dependencies. In this case a warning message is printed if dependencies exist.
The get command shows objects based on search criteria. The more generic command
fsipnet get (object type unspecified) accepts search criteria as unverified LDAP filter
strings for attributes of any object type. The search criteria may match objects of several
different object types. fsipnet OBJECT get, on the other hand, matches the
specified object type only. In this case the criteria can include only attributes of the
specified object type.
The output of a get command is a list of fsipnet add commands, which, if executed,
adds into the configuration database the objects that were found from the database. If no
objects match the search criteria, fsipnet prints nothing and returns 0 (success).
The modify command modifies the attribute values of an existing object. Key attributes
identify the object. These are used as a search criteria. Only one object must be found
with the search criteria, otherwise an error message is printed and no object is modified.
Given attributes are used to modify the existing object in the database. Attributes not
specified on the command line retain their values.
Synopsis:
fsipnet [ OPTION ... ] [ OBJECT ] COMMAND [ ATTRIBUTE ... ]
Options:
-f, --force - Delete all objects that match the given criteria and ignore
dependencies.
DN0962949 Issue: 12 © 2018 Nokia 45

Scripts in LTE OMS
the command line. If the help option is given after OBJECT, help is given on the
commands available for the given object. If the help option is given after COMMAND,
help is given on the attributes for the given command on the given object.
• -1 critical
• 0 error
• 2 info
• 3 debug
Objects
address - IPv4 or IPv6 address with a type and role(s)
bond - bonding interface
ethiface - ethernet interface
hostname - Host name information for an IP address. These are used in creating
internal DNS zone files and the /etc/hosts file.
iface - basic interface
internalnet - IP Management helper for internal networks
netctl - network related sysctl(8) value
networkrange - an address range on an internal network
nexthop - interface, gateway and weight information for the nexthop of a certain route
proxy - proxy ARP or NDISC entries for making the host to reply to ARP arp(8)
requests or NDISC solicitations with its own MAC address
route - static routing table entry
rule - IPv4 rule in routing policy database
service - IP Management service specification
socket - protocol and port combination
viface - virtual interface
vlan - VLAN interface
Commands:
add - It adds an IP Management object. This must be a leaf object.
delete - It deletes an IP Management object. This must be a leaf object.
get - It shows IP Management object(s) based on some search criteria.
modify - It modifies the attributes of an IP Management object.
Attributes:
46 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
With the modify command, given a multi-valued attribute name, addname adds a new
value to the value list and delname deletes an existing value from the value list.
delname can also be used with the modify command to remove an existing value of
an optional single-valued attribute.
active - initially active Bonding Interface slave
addphase - the phase in which the object is added to RTE
address - the MAC address of the interface (default is RTE)
addvalue - the value used when adding the setting
advertise - when to advertise the address (default is never)
alias - alias name for the host name
begin - the IPv4 or IPv6 address from which the network range begins
bootable - defines if the network is used for booting or not
cname - CNAME for the host name
daemon - specifies whether the interface is controlled by the DIfacedaemon
delphase - the phase when the object is deleted from RTE
delvalue - the value used when deleting the setting
dependency - object(s) that this object depends on
dst - the destination address (default is /0 for rule)
dynamic - specifies whether dynamic updates are allowed (default is yes)
end - the IPv4 or IPv6 address to which the network range ends
extractor - name of the extractor tool used for creating the configuration
forwarder - forwarder for the service
from - name of the interface from which the MAC address is inherited
gindex - global index of the interface used for distributed interfaces
hw - link to the HW in case of physical interface
id - Id for the internal network used only as the naming attribute (default is formed from
the key attribute values, separated with "@")
iface - name of the interface
label - label of the address emulating the old ifconfig(8) functionality
lbs - a socket's user LBS
mtu - MTU for the object
name - Name of the object. Default is formed from the object type and key values,
separated by "@". For socket and nexthop objects, the default is formed from the key
values, separated with "@".
nfmark - Nfmark selector for the rule
node - The Node, Switch or ManagementModule the object resides in
owner - owner of the object
DN0962949 Issue: 12 © 2018 Nokia 47

Scripts in LTE OMS
pattern - pattern identifying nodes belonging to the network
postaddcmd - command(s) to be executed after adding object to RTE
postdelcmd - command(s) to be executed after deleting object from RTE
preaddcmd - command(s) to be executed before adding object to RTE
predelcmd - command(s) to be executed before deleting object from RTE
port - port number for the socket
priority - The priority of the object. This controls the order in which objects are added
to the RTE and removed from the RTE. Objects with a lower priority value are added
first, and removed last. Default depends on the object type.
protocol - protocol for the socket
realgindex - global index of the real interface
remotemac - Specifies where the MAC address is taken from. If yes, the MAC address
of the real interface is pulled to this interface. If no, the MAC address of this interface is
pushed to the real interface.
role - role(s) for the object
rulepriority - a unique priority for a rule
lbs - the Load Balancing Service(s) (LBS) that use this socket
rstp - specify whether RSTP monitoring is done
short - short name for the host
slave - specify the slave(s) for the bonding interface
src - the source address for the object. Default is 0.0.0.0 for virtual interface, /0 for
rule.
srciface - the source interface selector for the rule
table - route table or rule table (default is 254)
template - template file used for configuration
tiface - the transport interface for the tunnel
tos - type of service for the route (default is 0)
type - type of route or address. Default is unknown for address, unicast for route.
user - user(s) of the object
via - the gateway of the nexthop
vid - the VLAN tag
weight - The weight of the route (default is 1)
Attribute values:
IP-ADDRESS-FILTER - { "inet" | "inet6" | STRING } [ "/" MASK ]
IP-ADDRESS - { IPv4-ADDRESS | IPv6-ADDRESS }
IPv4-ADDRESS - IPv4 address (without a mask)
48 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
IPv6-ADDRESS - IPv6 address (without a mask)
STRING - LDAP filter string. According to RFC 2254, the character "*" may be used as a
wildcard. If so, a value must be quoted.
MASK - 0-32 for IPv4 address, 0-128 for IPv6 address.
IFACE-NAME - Interface name. A STRING no less than 1 and no more than 15
characters long, containing neither whitespace nor colon.
HOSTNAME - Host name. A non-empty STRING, containing no white space or any of the
following characters: ",~:!@#$%^&'(){}_.".
FQDN - fully qualified domain name
PATH - Filesystem path. Essentially STRING.
MAC-ADDRESS - Ethernet MAC address. 6 hexadecimal bytes separated with ":".
Examples:
• Add a netctl object.
fsipnet netctl add /proc/sys/net/ipv4/ip_forward node CLA-0
owner /CLA-0 addvalue 1 delvalue 0 addphase nwmgrstart
delphase nwmgrstop
• Show all netctl objects in the CLA-0 node.
fsipnet netctl get '*' node CLA-0
• Modify an existing netctl object.
fsipnet netctl modify /proc/sys/net/ipv4/ip_forward node
CLA-0 priority 3145729
• Delete a netctl object.
fsipnet netctl delete /proc/sys/net/ipv4/ip_forward node
CLA-0
• Show all IP Management objects (this can be redirected to a file to create a low-level
backup of the current IP configuration).
fsipnet get
• Show all objects in the CLA-0 node.
fsipnet get node CLA-0
• Show all objects with an MTU of 1500.
fsipnet get mtu 1500
• Show all objects of any type that have an MTU attribute.
fsipnet get mtu '*'
• Show all objects of any type that depend on the given object (spaces inserted in the
DN for layout reasons).
fsipnet get dependency
'fsipNetworkObjectName=FSIPRule@20000,fsFragmentId=Network,
fsipHostName=IPD-0-
A,fsFragmentId=Nodes,fsFragmentId=HA,fsClusterId=ClusterRoo
t'
• Show all rules with a destination address matching the given wildcarded criteria.
fsipnet get ruledst '10.*.0'
• Show all rules in the CLA-0 node that have a destination address with mask length of
24.
fsipnet get node CLA-0 ruledst /24
• Show all ethernet interfaces.
DN0962949 Issue: 12 © 2018 Nokia 49

Scripts in LTE OMS
fsipnet ethiface get

• Show all ethernet interfaces in all CLA nodes
fsipnet ethiface get '*' node 'CLA-*'
• Show a specific ethernet interface (all key values given).
fsipnet ethiface get eth0 node CLA-0
4.7 fsipreconfigure
The fsipreconfigure command updates IP configuration after cluster expansion
(addnode) or cluster shrinking (deletenode) operations.
The execution of the fsipreconfigure addnode and fsipreconfigure
deletenode commands are included in the fsconfigure command and usually
should not be executed manually.
fsipreconfigure also propagates modified IP configuration to RTE (commit) after
any changes to IP configuration.
Synopsis:
fsipreconfigure addnode NODE-NAME
fsipreconfigure deletenode NODE-NAME
fsipreconfigure commit
Options:
and the value.
• -1 critical
• 0 error
• 2 info
• 3 debug
Commands:
addnode - Update IP configuration after adding a new node to the system.
deletenode - Update IP configuration before removing a node from the system.
commit - Commit changes from the configuration database to the RTE.
Attribute values:
50 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
NODE-NAME - node name
Examples:
• Add a new node named AS-6.
fsipreconfigure addnode AS-6
• Delete the node named AS-6.
fsipreconfigure deletenode AS-6
• Take modified IP configuration into use.
fsipreconfigure commit
4.8 fsiproute
The fsiproute command adds or deletes routes to external networks into/from LDAP.
Internal routes - routes from a cluster node to a gateway node - are added automatically.
Routing tables #2-#9 are reserved for this purpose. They are not modifiable by
fsiproute.
fsipreconfigure commit command. Route entries in the kernel routing tables
keep information about the paths to other networked nodes. Routing entry requires
destination network address and gateway address or output interface name, as well as
optional filtering information (such as TOS and source address) and routing table to be
placed to. At start-up time Linux kernel creates two routing tables #255 (local) and #254
(main). Table #255 (local) is not modifiable by the fsiproute tool.
If link-local address (from network fe80::/10) is given as a gateway address, an output
interface name is mandatory.
Current Linux IPv6 implementation does not support multiple routing tables. All IPv6
routing entries are stored in main table #254.
Synopsis:
fsiproute add IP-NET/MASK owner { NODE | RG } [ iface IFACE-
NAME ] [ mtu 1-65535 ] [ source IP-ADDRESS ] [ table 10-254 ]
[ tos 0-255 ] [ via IP-ADDRESS ]
fsiproute delete IP-NET/MASK owner { NODE | RG } [ table 10-
254 ] [ tos 0-255 ]
Options:
and the value.
DN0962949 Issue: 12 © 2018 Nokia 51

Scripts in LTE OMS
• -1 critical
• 0 error
• 2 info
• 3 debug
Commands:
add - Add a route.
delete - Delete a route.
Attributes:
owner - Owner of the route entry. NODE value simply means location of the route entry
in the RTE. RG value means that the route entry is located only in the same node as
currently active recovery unit (RU) of this recovery group (RG) is deployed.
iface - output interface name
via - IP address of the nexthop gateway
mtu - MTU (maximum transmission unit) (default 1500)
source - source IP address
table - Routing table (default 254)
tos - type of service (default 0)
Attribute values:
IFACE-NAME - a string no less than 1 and no more than 15 characters long, containing
no white space nor colon
IP-ADDRESS - IPv4 or IPv6 address without a mask
IP-NET/MASK - IPv4 or IPv6 network address with a mask. Minimum network length is
1.
NODE - node managed object name (for example, /IPD-0-A)
RG - recovery group managed object name (for example, /IPDManager-0)
Examples:
• Create a gateway route towards a non-directly-connected network into IPD-0-* nodes
using an external gateway IP address.
Note that the gateway nodes must belong to the same subnet as the external
gateway.
fsiproute add 0.0.0.0/0 via 10.99.100.1 owner /IPDManager-0
• Create an interface route in table 20 towards a directly-connected network into IPD-
0-* nodes using the nexthop interface name.
fsiproute add 10.99.101.0/24 iface bond1.101 owner
/IPDManager-0 table 20
• Delete the above added routes.
fsiproute delete 0.0.0.0/0 owner /IPDManager-0 fsiproute
delete 10.99.101.0/24 owner /IPDManager-0 table 20
52 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
4.9 fsiprule
The fsiprule command adds or deletes rules for external communication policy
routing into/from LDAP.
Internal network rules are added automatically. Priorities 10000-19999 are reserved for
this purpose per network element. These rules are not modifiable by the fsiprule tool.
Rules in the routing policy database control the routing table selection algorithm in an
ascending order of the rule priority. Rule priorities are unique per network element. This
means that rules with a priority below the internal network rules priority range have
higher precedence and may, if selected, break internal communication. These rules are
not recommended to be used in routing policy configuration.
the fsipreconfigure commit command. At start-up time Linux kernel creates
default rules with priorities 0, 32766, and 32767. These rules are not modifiable by
fsiprule tool.
Current Linux IPv6 implementation does not support policy routing.
Synopsis:
fsiprule add { 1-9999 | 20000-32765 } owner { NODE | RG }
[ dst IPv4-NET/MASK ] [ src IPv4-NET/MASK ] [ srciface IFACE-
NAME ] [ table 10-254 ] [ type { unicast | blackhole |
unreachable | prohibit } ]
fsiprule delete { 1-9999 | 20000-32765 } owner { NODE | RG }
Options:
and the value.
• -1 critical
• 0 error
• 2 info
• 3 debug
Commands:
add - Add a rule.
delete - Delete a rule.
DN0962949 Issue: 12 © 2018 Nokia 53

Scripts in LTE OMS
Attributes:
owner - Owner of the rule interface. NODE value means the location of the rule in RTE.
RG value means that the rule is located only in the same node as the currently active
recovery unit (RU) of this recovery group (RG) is deployed.
src - source subnet address
srciface - source interface
dst - destination subnet address
table - routing table (default 254)
type - rule type (default value is unicast)
Attribute values:
IFACE-NAME - A string no less than 1 and no more than 15 characters long, containing
no whitespace nor colon.
IPv4-ADDRESS/MASK - IPv4 address and subnetwork mask length
NODE - node managed object name (for example, /IPD-0-A)
Examples:
• Create a policy routing database entry into IPD-0-* nodes.
fsiprule add 30000 owner /IPDManager-0 src 10.10.10.0/24
table 253
• Delete the above added rule
fsiprule delete 30000 owner /IPDManager-0
4.10 fsipsocket
The fsipsocket command adds or deletes socket into/from LDAP.
Sockets are used mainly for configuring load balancing services, but other services may
also use them.
Synopsis:
fsipsocket add IP-ADDRESS/MASK port 0-65535 protocol { 0-255 |
UDP | TCP | SCTP } [ lbs STRING ] [ role STRING ... ]
fsipsocket delete IP-ADDRESS/MASK protocol { 0-255 | UDP | TCP
| SCTP } port 0-65535
Options:
and the value.
54 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
• -1 critical
• 0 error
• 2 info
• 3 debug
Commands:
add - Add a socket.
delete - Delete a socket.
Attributes:
The IP address is always given first on the command line.
role - It is the role for the socket. The service using the socket might set requirements
for the applicable values.
port - port number for the socket
protocol - protocol for the socket
lbs - the load balancing service that provides load balancing for this socket.
Attribute values:
IP-ADDRESS/MASK - IP address for the socket
Examples:
• Add a socket to load balance www traffic
fsipsocket add 10.99.0.10/24 port 80 protocol TCP lbs
LBSTest-0 role www
• Delete the socket
fsipsocket delete 10.99.0.10/24 port 80 protocol TCP
4.11 fsipvlan
The fsipvlan command adds, deletes, or modifies VLAN interfaces into/from LDAP.
The real interface must be of Ethernet (including both bond and virtual) type. VLAN
stacking is not supported.
If the specified mtu value is greater then the real interface mtu value, it is silently
downgraded to that value.
DN0962949 Issue: 12 © 2018 Nokia 55

Scripts in LTE OMS
Synopsis:
fsipvlan add IFACE-NAME owner { NODE | RG } vid 0-4095 [ mtu
1-65535 ]
fsipvlan modify VLANIFACE-NAME owner { NODE | RG } [ mtu 1-
65535 ]
fsipvlan delete VLANIFACE-NAME owner { NODE | RG }
Options:
and the value.
• -1 critical
• 0 error
• 2 info
• 3 debug
Commands:
add - Add a VLAN interface.
modify - Modify a VLAN interface.
delete - Delete a VLAN interface.
Attributes:
owner - Owner of the VLAN interface. NODE value means location of the VLAN interface
in the RTE. RG value means that the VLAN interface is located only in the same node as
currently-active recovery unit (RU) of this recovery group (RG) is deployed.
vid - VLAN identifier
mtu - MTU (maximum transmission unit) for the VLAN interface (default value is the real
interface MTU)
Attribute values:
IFACE-NAME - A string containing no white space nor colon. Maximum length is set so
that the total length of VLANIFACE-NAME concatenated from IFACE-NAME, "." sign
and VID is no more than 15 characters long.
VLANIFACE-NAME - A string of maximum 15 characters and has the following syntax:
IFACE-NAME.VID
56 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
VID - an integer in a range of 0-4095
NODE - node-managed object name (for example, /AS-0)
Examples:
• Add a VLAN to the IPD-0-* external interfaces.
fsipvlan add bond1 vid 99 owner /IPDManager-0
• Modify the MTU of the above-added VLAN interface. Assuming that the real interface
MTU is no less than given here.
fsipvlan modify bond1.99 mtu 1600 owner /IPDManager-0
• Delete the above-added VLAN interface
fsipvlan delete bond1.99 owner /IPDManager-0
4.12 gbip
The gbip command acquires an IP address, socket, and port number information for
any process which is a managed object.
Synopsis:
gbip [OPTIONS] COMMAND
Options:
--ldap-server server - Override the default LDAP server used by the Pmgmt API.
Multiple servers can be given either by separating them with spaces or by giving the
option multiple times.
--hasmoname has-mo-name - Use the given HAS Managed Object Name instead of
the one defined by the _HAS_MO_NAME environment variable.
--debug - Run the GetBindIPCpp library in debug mode.
--first-only, -1 - Output only the first address, socket or port number that
matched the query.
--no-error - Do not consider a failed search an error. If this option is not given, empty
searches are considered errors and the exit value of gbip is non-zero.
--output-format format, -o format - Use the given output format instead of
the default one. The following format specifiers may be used:
• %% - % character
• %a - IP address
• %f - address family
• %r - address role
• %R - socket role
• %i - interface
• %o - list of owners separated with spaces
DN0962949 Issue: 12 © 2018 Nokia 57

Scripts in LTE OMS
• %p - protocol
• %P - port number
• %l - Linked LBS
• %n - netmask length
• %m - netmask as a dotted IP address (valid only with IPv4 addresses)
• %d - LDAP Distinguished Name
• \\ - backslash
• \n - new line
• \r - carriage return
• \t - horizontal tab
--address-family family, -f family - Set the address family filter to the

given value (inet or inet6).
--address-type type, -t type - Set the address type filter to the given value
(Node, Redundant, Dedicated, Virtual, or Perimeter).
--address-role role, -r role - Set the address role filter to the given value.
--address address, -a address - Set the IP address filter to the given value.
--interface interface, -i interface - Set the interface filter to the given
value.
--socket-role role, -R role - Set the socket role filter to the given value.
--protocol protocol, -p protocol - Set the socket protocol filter to the given
value.
--port port, -P port - Set the socket port number filter to the given value.
--linked-lbs LBS, -l LBS - Set the linked LBS filter to the given value.
Commands:
help - Print help.
addresses - It queries addresses.
sockets - It queries sockets.
ports - It queries dedicated ports.
internalnet - It queries internal IPv4 subnet.
4.13 oms_reinstall_topology_db.sh
The oms_reinstall_topology_db.sh script is used to ensure the connection
between OMS and other network elements in the network.
Check whether the LTE topology is fully uploaded. If there are problems with the
topology view, use the script to reload the LTE topology.
Synopsis:
oms_reinstall_topology_db.sh
58 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
Example:
# /opt/Nokia/SS_Affe/script/oms_reinstall_topology_db.sh
> Detecting OMS type...
> OMS type: lte.
> Shutting down CMaus and OMSBTSOM processes for database cleanup...
/OMSBTSOM is locked successfully
/CMaus is locked successfully
> Importing /opt/Nokia/SS_Affe/script/DB_Topology_LTE.sql
Warning: Using a password on the command line interface can be insecure.
> Restarting required processes. It may take about 20 seconds...
/RNWEvent is restarted successfully
/FMAdapter is restarted successfully
/TomcatPlat is restarted successfully
/NWI3CM is restarted successfully
> Starting up CMaus and OMSBTSOM processes for database cleanup...
/OMSBTSOM is unlocked successfully
/CMaus is unlocked successfully
---------------------------
> Operation completed.
---------------------------
4.14 zmodifyNetworkSettings
The zmodifyNetworkSettings command changes the OMS network settings, such
as IPs, network mask, gateway, NTP IP, and DNS IP.
All values have to be given. If the new values are used for the first time, enter the current
value.
OMS has to be rebooted before the new values are used for the first time.
Synopsis:
zmodifyNetworkSettings
Examples:
# zmodifyNetworkSettings
Modifying network settings...
Enter parameters
GOMS IP (northbound):
10.0.0.5
GOMS IP (southbound):
10.0.0.6
NETMASK: (in bits e.g. 24)

24
DNS IP:
10.0.0.10
DN0962949 Issue: 12 © 2018 Nokia 59

Scripts in LTE OMS
NTP IP:
10.0.0.11
DEFAULT GATEWAY:
10.0.0.1
Parameters
GOMS IP (northbound): 10.0.0.5
GOMS IP (southbound): 10.0.0.6
NETMASK: /24
DNS IP: 10.0.0.10
NTP IP: 10.0.0.11
DEFAULT GATEWAY: 10.0.0.1
These are used variables, continue? (yes/no)?

yes
Executing modifyNetworkSettings, please wait...
Executing pleas wait...

Importing interfaces from HW fragment
Creating internal loopback network for single node
Internal network created
Creating fsifsetup.sh
Creating hosts for CLA-0
Creating resolv.conf for CLA-0
IP configuration files created
IP-script executed successfully
+ set -e
+ '[' 1 -eq 0 ']'
+ '[' 1 -eq 1 ']'
+ '[' -runtime = -runtime ']'
+ :
+ SLIST='user /ClusterNTP user /OMSBTSOM'
+ NLIST='user /Directory user /ClusterDNS user /SNMPMediator user
/MasterSnmpAgent user /HTTPDPlat user /NWI3Adapter user /FTP user /RNWEvent
user /NWI3TU user /FMAdapter user /PMPres user /NWI3CM user /MeaHandler user
/FMUIGate user /PMGeneric user /OMSEventHandler user /Nwi3SWAgent user
/CMaus user /THRKPI'
+ fsipbond add bond0 owner /CLA-0 slave eth0 slave eth1 rstp yes
+ fsipaddress dedicated add 10.0.0.5/24 iface bond0 owner /CLA-0 user
/Directory user /ClusterDNS user /SNMPMediator user /MasterSnmpAgent user
/HTTPDPlat user /NWI3Adapter user /FTP user /RNWEvent user /NWI3TU user
/FMAdapter user /PMPres user /NWI3CM user /MeaHandler user /FMUIGate user
/PMGeneric user /OMSEventHandler user /Nwi3SWAgent user /CMaus user /THRKPI
+ fsipaddress dedicated add 10.0.0.6/24 iface bond0 owner /CLA-0 user
/ClusterNTP user /OMSBTSOM
+ fsiproute add 0.0.0.0/0 via 10.8.122.1 iface bond0 owner /CLA-0
+ fsipnet service add ClusterNTP forwarder 10.0.0.11
+ fsipnet service add ClusterDNS forwarder 10.0.0.10
+ exit 0
SYSTEM RESTART NEEDED
/ is the cluster. The request will restart all the nodes in it.
Are you sure you want to proceed? (yes/no)
yes
60 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
4.15 zModifyOMSDomain.sh
The zModifyOMSDomain.sh script modifies OMS settings, such as domain name and
hostname.
Synopsis:
/opt/Nokia/SS_OMSINST/script/zModifyOMSDomain.sh
Examples:
****************************************************************************
***** Host and Domain Configuration script (OMS) **************************
****************************************************************************
***** This script should be executed at OMS installation ******************
***** and whenever there is a need to change ******************************
***** OMS host and domain configuration **********************************
****************************************************************************
***** At first execution time the script will add new entries to LDAP *****
***** Each following execution will change them **************************
****************************************************************************
OMS HostName value from LDAP - found: OMS-43

OMS DomainName value from LDAP - found: OMS-43
Do you want to modify current OMS HostName and DomainName? (y/n) [y]: y
Enter new OMS HostName (max 63 chars):
OMS-43
Enter new DomainName (max 192 chars):
OMS-43
New values: OMS-43.OMS-43
Modifying LDAP entries
ldap_initialize( ldap://Directory:389 )
Configuring FlexiPlatform..
Restarting CMaus Server...
****************************************************************************
******
***** Hostname and domain configuration script has ended.
*********************************
****************************************************************************
******
4.16 zmodifyomseth
The zmodifyomseth script enables or disables alarm monitoring for eth1 when OMS
is connected only with a single network cable. T
o provide network redundancy, OMS binds eth0 and eth1.
Synopsis:
DN0962949 Issue: 12 © 2018 Nokia 61

Scripts in LTE OMS
zmodifyomseth
Examples:
Do you want to disable alarm monitoring for eth1?
answer 1 to disable eth1 alarms and restart FSNodeOSServer

answer 2 to enable eth1 alarms and restart FSNodeOSServer
answer 3 to exit
4.17 zmodifyOMSHTTPandFTPPorts
The zmodifyOMSHTTPandFTPPorts script enables or disables the HTTP and FTP
ports defined in the OMS firewall policy file for south- and northbound interfaces.
Synopsis:
zmodifyOMSHTTPandFTPPorts
Example:
# zmodifyOMSHTTPandFTPPorts
*************************************************************************
***** ModifyOMSHTTPandFTPPortScript start **************
*************************************************************************
Read South IP from LDAP = 10.44.143.227

Read North IP from LDAP = 10.44.143.227
Would you like to [enable/disable] HTTP port (tcp,80) for IP [10.44.143.227]
(e/d) ?
e
Would you like to [enable/disable] HTTP port (tcp,80) for IP [10.44.143.227]
(e/d) ?
e
Would you like to [enable/disable] FTP port (tcp,21) for IP [10.44.143.227]
(e/d) ?
e
Would you like to [enable/disable] FTP port (tcp,21) for IP [10.44.143.227]
(e/d) ?
e
Choices: e e e e
Enabling HTTP port (80) for IPs 10.44.143.227 and 10.44.143.227.
Enabling FTP-CTRL port (21) for IPs 10.44.143.227 and 10.44.143.227.
*************************************************************************
***** ModifyOMSHTTPandFTPPortScript end **************
*************************************************************************
4.18 zmodifyOMSSettings
The zmodifyOMSSettings command changes the OMS FTP user password.
62 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
To apply this setting, you must restart OMS applications and the NWI3 Adapter with the
zomscli script. For more information on usage, see zomscli.
Synopsis:
zmodifyOMSSettings
Options:
# /opt/Nokia/SS_OMSINST/script/modifyOMSSettings.sh
Executing modifyOMSSettings.sh
Using Perimeter IP address
OMS FTP server IP address is 10.1.1.5

Type omsFtpUser password [press ENTER to use default]:
You set following settings:

OMS FTP IP = 10.1.1.5
FTP Username = omsFtpUser
FTP Password = ******
Are these parameters correct (yes/no)?

yes
writing settings to LDAP
ldap_initialize( ldap://Directory:389 )
replace omsParameterValue:
10.1.1.5
modifying entry "omsParameterId=szIPAddress,omsFragmentId=OMS,
omsFragmentId=CUAccess,omsFragmentId=Network,omsFragmentId=System,fsFragment
Id=OMS,
fsClusterId=ClusterRoot"
modify complete
omsFtpUser
modifying entry
"omsParameterId=szFTPUserName,omsFragmentId=OMS,omsFragmentId=CUAccess,
omsFragmentId=Network,omsFragmentId=System,fsFragmentId=OMS,fsClusterId=Clus
terRoot"
modify complete
crypt:ivqFQbIWagY22jZvdH64ig==
modifying entry
"omsParameterId=szFTPPassword,omsFragmentId=OMS,omsFragmentId=CUAccess,
omsFragmentId=Network,omsFragmentId=System,fsFragmentId=OMS,fsClusterId=Clus
terRoot"
modify complete
Changing password to ldap

Changing password for user omsFtpUser.
passwd: all authentication tokens updated successfully.
modifyOMSSettings.sh finished SUCCESSFULLY
DN0962949 Issue: 12 © 2018 Nokia 63

Scripts in LTE OMS
4.19 zship
The zship command prints the current OMS north- and southbound IP address.
Synopsis:
zship
64 © 2018 Nokia DN0962949 Issue: 12

Command Line Interface Tools and Management Security management
Scripts in LTE OMS
5 Security management
Related CLI commands use in OMS security management
5.1 create-cracklib-dict
The create-cracklib-dict command adds new words to the cracklib dictionary
pool for password strength checking.
To add new words into the pool, create a text file containing desired words (one per row)
and copy it to the /usr/share/dict directory along with other possibly already
existing word files (or you can edit the existing files). Then, run create-cracklib-
dict /usr/share/dict/* and your password strength checking gets updated. The
dictionary is now combination of all word files located in /usr/share/dict
To disable the dictionary checking, run the create-cracklib-dict
/usr/share/dict/default command. The file /usr/share/dict/default
contains only one line, that is, NSN. After this command that becomes the only password
in the dictionary list and all other checks are disabled.
To restore the extensive checks, run create-cracklib-dict
/usr/share/dict/*
Synopsis:
create-cracklib-dict <names of the word files>
5.2 fsfirewall
The fsfirewall command is used to manage the OMS firewall. This includes
enabling and disabling the OMS firewall and, displaying and reloading its rules.
Synopsis:
Common Usage:
fsfirewall status
fsfirewall enable
fsfirewall disable
fsfirewall reload
fsfirewall help
fsfirewall open-port [--protocol|-l udp|tcp] <--dest_address|-
d dest_address[,dest_address...]> <--port|-p
port[,port...]|port_from-port_to> [--source_address|-s
source_address[,source_address...]]
DN0962949 Issue: 12 © 2018 Nokia 65

Security management Command Line Interface Tools and Management
Scripts in LTE OMS
fsfirewall close-port [--protocol|-l udp|tcp] <--

dest_address|-d dest_address[,dest_address...]> <--port|-p
System Usage only:
fsfirewall open-protocol <esp|ah>
fsfirewall close-protocol <esp|ah>
TLS Renegotiation options for System Usage only:
fsfirewall limit-peer <--source_address|-s
source_address[/mask][,source_address[/mask],...]> <--port|-p
port[,port...]|port_from-port_to>
fsfirewall permit-peer <--source_address|-s
source_address[/mask][,source_address[/mask],...]> <--port|-p
port[,port...]|port_from-port_to>
fsfirewall rate-limitation <amount/quantum,burst>
Options:
enable - This option allows the user to re-enable OMS firewall configuration if
previously disabled.
disable - This option allows the user to disable OMS firewall configuration.
reload - This option reloads OMS firewall rules.
status - This option shows the current settings in OMS firewall.
help - This option shows the CLI user’s guide of the fsfirewall command. To view
the complete syntax, use help --all.
open-port - This option allows the user to add firewall settings in OMS.
close-port - This option allows the user to remove firewall settings in OMS.
Options not recommended to be used by end users:
open-protocol - This option adds IPsec traffic header forwarding in OMS firewall
which is added by default.
close-protocol - This option removes IPsec traffic header forwarding in OMS
firewall.
limit-peer - This option restricts the use of TLS secure renegotiation on the selected
network element.
permit-peer - This option allows the use of TLS secure renegotiation on the selected
network element.
rate-limitation - This option allows the user to limit the number of TLS secure
renegotiations between OMS and peer to avoid vulnerability to DOS attack.
Attributes
--protocol | -l - This attribute refers to the network protocol of the firewall setting.
Values: udp, tcp
66 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
--dest_address | -d - This attribute refers to the destination IP address of the
firewall configuration. This can be a comma-delimited list of IP addresses.
--source_address | -d - This attribute refers to the source IP address of the
firewall configuration. This can be a comma-delimited list of IP addresses. In the case of
limit-peer/permit-peer options, this can be comma-delimited list of IP addresses and the
corresponding network mask bit.
--port | -p - This attribute refers to the network port of the IP address of the firewall
configuration. This can be comma-delimited list of network ports or a port range.
IPSec traffic for Open-Protocol/Close-Protocol command:
esp - This pertains to IPsec Encapsulating Security Protocol traffic.
ah - This pertains to Authentication Header traffic.
TLS secure renegotiation parameters:
amount - This refers to the number of TLS secure renegotiations to match.
quantum - This refers to the unit of time for the only allowed number of TLS secure
renegotiations in OMS.
burst - This refers to the maximum initial number of TLS packets to match in a time
slice.
g Note: The proposed maximum rate limit of TLS secure renegotiation in OMS is 5
renegotiations per minute with a burst of 3 initial packets.
Example:
# fsfirewall help --all
Usage:
/opt/Nokia_BP/sbin/fsfirewall status|enable|disable|reload|help
/opt/Nokia_BP/sbin/fsfirewall open-port|close-port [--protocol|-l
udp|tcp] <--dest_address|-d dest_address[,dest_address...]> <--port|-p
/opt/Nokia_BP/sbin/fsfirewall open-protocol|close-protocol <esp|ah>
- system usage only
/opt/Nokia_BP/sbin/fsfirewall limit-peer|permit-peer <--
source_address|-s source_address[/mask][,source_address[/mask],...]> <--
port|-p port[,port...]|port_from-port_to> - system usage only
(limit/permit TLS secure renegotiation)
/opt/Nokia_BP/sbin/fsfirewall rate-limitation <amount/quantum,burst>
- system usage only
amount/quantum - match if the rate limitation of TLS secure
renegotiation is above amount/[second|minute|hour|day|s|m|h|d]
burst - maximum initial number of TLS packets to
match
5.3 ipmop
The ipmop command is used to manage and check for statistics and other information
concerning the IPSec policy manager and IPSec.
DN0962949 Issue: 12 © 2018 Nokia 67

Scripts in LTE OMS
The ipmop command must be executed on the active IP Director node (IPD-0-A or IPD-
0-B).
Synopsis:
ipmop [ OPTIONS ]
Options:
--help - List all possible flags for the given object.
-show-policy - List the policy database.
-show-ipsec - List the IPSec SA database.
-show-ike - Show IKE SA information.
-show-stat - Display the global IPSec statistics.
-show-config - Display the current configuration settings.
-show-rkey - Display information of the remote key connection.
-reload - Reload the policy.
-kill - Close and exits the ipm program.
-v - Provide verbosity to the commands listed above.
Files:
/opt/Nokia/SS_IPM/ - directory containing related files
/opt/Nokia/etc/IPSec/ipsec-policy.xml - the IPSec policy file
ipsec-policy.dtd - file containing the IPSec policies
/opt/Nokia/SS_IPM/bin - directory containing the ipm executable
5.4 omscertificate
The omscertificate command provides an interface to manage the certificate
configuration in OMS.
The omscertificate command is used to manually configure or import actual
certificates and related private keys. It supports requesting certificates automatically from
a central certificate or registration authority within the operators network using the
certificate management protocol (CMP).
omscertificate is used for executing various commands like:
• cmp-init-sequence - This command requests and installs End Entity certificate
and Certificate Authority certificate(s) from a CMP server.
• install-ee-cert - The command installs the end entity certificate into LDAP.
• install-ca-cert - The command installs the Certificate Authority (CA) certificate
into LDAP.
68 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
• install-ca-certs - The command installs the Certificate Authority (CA)
certificates from a given directory into LDAP.
• delete-ca-cert - The command deletes the Certificate Authority (CA) certificate
from LDAP based on issuer-id and serial number.
• configure-cmp-client - The command sets certificate management protocol
(CMP) server related configuration parameters.
• configure-ca-cr - The command sets the configuration parameters of the
external LDAP CA repository.
• import-pkcs12 - The command parses the PKCS#12 container and installs CA
certificates and End Entity key and certificate.
• show-cmp-config - The command shows the certificate management protocol
(CMP) server related configuration parameters.
• show-ca-cr-config - The command displays the configuration parameters of the
• show-ee-cert - The command displays the End Entity certificate.
• show-ca-cert - The command displays the Certificate Authority (CA) certificate.
• cmp-key-update - The command requests and installs End Entity certificate and
Certificate Authority certificate(s) from a CMP server.
• install-crl - The command installs the CRL file (for example, locally generated).
• delete-crl - The command deletes the CRL file.
• show-crl - The command shows the installed CRL contents.
• configure-crl-client - The command configures the CRL client.
• add-crl-url - The command adds a CRL Uniform Resource Locator.
• delete-crl-url - The command removes a CRL Uniform Resource Locator.
• show-crl-status - The command displays configuration of the CRL functionality
and the CRL statuses.
• update-crl - The command updates all CRLs.
• show-cmp-insta-bug-prevention - The command displays settings for
protecting OMS against fault in CMP kup message, which might be received from
Insta Certifier CMP server.
• set-cmp-insta-bug-prevention - The command modifies settings for
protecting OMS against fault in CMP kup message, which might be received from
Insta Certifier CMP server.
If no command exists then the error message Incorrect usage of command

appears.
For detailed instructions on how to use the omscertificate command, see
Certificates management in Administering and Security in LTE OMS.
Synopsis:
omscertificate command [ command args ]
5.4.1 cmp-init-sequence
The cmp-init-sequence command requests and installs End Entity certificate and
Certificate Authority certificate(s) from a CMP server.
Synopsis:
DN0962949 Issue: 12 © 2018 Nokia 69

Scripts in LTE OMS
omscertificate cmp-init-sequence
Examples:
omscertificate cmp-init-sequence
5.4.2 install-ee-cert
The install-ee-cert command installs the end entity certificate into LDAP.
g Note: OMS does not support a private key file in encrypted form.
Synopsis:
omscertificate install-ee-cert <-cert-file cert_file> <-key-
file key_file>
Options:
-cert-file - It is a path to the end entity certificate file (in PEM format). The maximum
allowed length is 300 characters.
-key-file - It is the path to the end entity key file (in PEM format). The maximum
Examples:
omscertificate install-ee-cert -cert-file /home/cert.pem -key-
file /home/key.pem
5.4.3 install-ca-cert
The install-ca-cert command installs the Certificate Authority (CA) certificate into
LDAP.
Synopsis:
omscertificate install-ca-cert <-cert-file cert_file> [-
overwrite]
Options:
-cert-file - It is a path to the CA certificate file (in PEM format).The maximum
-overwrite - Overwrite the existing certificate contents in LDAP. It is an optional token
and by default it is not specified.
Examples:
omscertificate install-ca-cert -cert-file /home/cert.pem
70 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
5.4.4 install-ca-certs
The install-ca-certs command installs the Certificate Authority (CA) certificates
from a given directory into LDAP.
Synopsis:
omscertificate install-ca-certs <-cert-dir cert_directory> [-
overwrite]
Options:
-cert-dir - It is a path to the CA certificate directory. The maximum allowed length is
300 characters.
-overwrite - Overwrite the existing certificate contents in LDAP. It is an optional token
and by default it is not specified.
Examples:
omscertificate install-ca-certs -cert-dir
/home/ca_certificates
5.4.5 delete-ca-cert
The delete-ca-cert command deletes the Certificate Authority (CA) certificate from
LDAP based on issuer-id and serial number.
Synopsis:
omscertificate delete-ca-cert <-issuer-id issuer_id> <-serial-
nr serial_number>
Options:
-issuer-id - It is the issuer ID of the CA certificate to delete. The maximum allowed
length is 10000 characters.
-serial-nr - It is the serial number of the CA certificate. The maximum allowed length
is 100 characters.
Examples:
omscertificate delete-ca-cert -issuer-id 123 -serial-nr abc
5.4.6 configure-cmp-client
The configure-cmp-client command sets certificate management protocol (CMP)
server related configuration parameters.
Synopsis:
DN0962949 Issue: 12 © 2018 Nokia 71

Scripts in LTE OMS
omscertificate configure-cmp-client [-ip-addr ip_addr] [-port

port] [-protocol-version version] [-server-path path] [-ee-
subject-name ee_subject] [-ca-subject-name ca_subject] [-psk
psk] [-ref-num ref_number]
Options:
-ip-addr - It is the IP address of the CMP server. Only IPv4 format is supported.
-port - It is the port of the CMP server. Port value must be in the range of 1 to 65535.
-psk - It is the pre-shared key used for the authentication of the CMP requests. The
maximum allowed value is 128 characters.
-ref-num - It is the reference number used to identify the CMP requests. The
maximum allowed value is 30 characters.
-protocol-version - It is the certificate management protocol version. Allowed
protocol versions are: rfc-4210, cryptlib, insta-certifier, or insta-
certifier-3-3.
-server-path - It is the CMP server URL path, for example, pkix/
-ee-subject-name - It is the end entity subject name to be used in the CMP
requests, for example,C=FI, O=MyOrg,CN=*.example.org. The maximum allowed
length is 10000.
-ca-subject-name - The CA subject name to be used in the CMP requests, for
example,"C=FI, O=MyOrg,CN=*.example.org". The maximum allowed length is 10000.
Examples:
omscertificate configure-cmp-client -ip-addr 1.2.3.4 -port
8080 -ca-subject-name "C=FI"
5.4.7 configure-ca-cr
The configure-ca-cr command sets the configuration parameters of the external
LDAP CA repository.
Synopsis:
omscertificate configure-ca-cr [-ip-addr ip_addr] [-port port]
[-base-dn LDAP_base_dn] [-search-filter LDAP_search_filter]
Options:
-ip-addr - It is the IP address of the LDAP CA repository. Only IPv4 format is
supported.
-port - It is the port of the LDAP CA repository. Port value must be in the range of 1 to
65535.
-base-dn - It is the LDAP base dn to be used when retrieving the CA certificate.
-search-filter - It is the LDAP search filter is used when retrieving the CA
certificate.
Examples:
72 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
omscertificate configure-ca-cr -base-dn c=fi -ip-addr

10.102.230.170 -port 389 -search-filter cmp975cert31
5.4.8 import-pkcs12
The import-pkcs12 command installs the certificate authority (CA) certificate and
end entity private key and certificate.
g Note: OMS does not support a private key file in encrypted form at PKCS#12 file.
Synopsis:
omscertificate import-pkcs12 <-pkcs12-file PKCS#12_file>
Options:
-pkcs12-file - It is the path to the PKCS#12 certificates container.
Examples:
omscertificate import-pkcs12 -pkcs12-file
/home/certs_container.p12
5.4.9 show-cmp-config
The show-cmp-config command shows the certificate management protocol (CMP)
server related configuration parameters.
Synopsis:
omscertificate show-cmp-config
Examples:
omscertificate show-cmp-config
5.4.10 show-ca-cr-config
The show-ca-cr-config command displays the configuration parameters of the
Synopsis:
omscertificate show_ca_cr_config
Examples:
omscertificate show_ca_cr_config
DN0962949 Issue: 12 © 2018 Nokia 73

Scripts in LTE OMS
5.4.11 show-ee-cert
The show-ee-cert command displays the End Entity certificate.
Synopsis:
omscertificate show-ee-cert
Examples:
omscertificate show-ee-cert
5.4.12 show-ca-cert
The show-ca-cert command displays the Certificate Authority (CA) certificate.
Synopsis:
omscertificate show-ca-cert <-ca-id ca_id>
omscertificate show-ca-cert all
Options:
all - Display all installed CA certificates.
-ca-id - Display only the CA certificate with the unique identifier/common name. The
maximum allowed length is 10000.
Examples:
• Display the CA certificate(s) installed under the ca id newcaid:
omscertificate show-ca-cert -ca-id newcaid
• This command displays all installed CA certificates:
omscertificate show-ca-cert all
5.4.13 cmp-key-update
The cmp-key-update command requests and installs End Entity certificate and
Certificate Authority (CA) certificate(s) from a CMP server.
Synopsis:
omscertificate cmp-key-update
Examples:
omscertificate cmp-key-update
5.4.14 configure-crl-client
The configure-crl-client command configures the CRL client.
74 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
Synopsis:
omscertificate configure-crl-client [-crl-checking
enabled/disabled] [-user-crl enabled/disabled] [-cert-crl
enabled/disabled] [-crl-allow-missing enabled/disabled] [-crl-
bg-download enabled/disabled]
Options:
-crl-checking - Disable or enable CRL checking. When the CRL checking
parameter is disabled, the periodic CRL download operation is also not done.
-user-crl - Disable or enable fetching CRL from user-defined CRL Distribution
Point(s).
-cert-crl - Disable or enable fetching from CRL DP defined in certificate extensions.
-crl-allow-missing - Disable or enable allowing secure connection if CRL is not
available.
-crl-bg-download - Disable or enable downloading CRL for peer certificates in
background. When the CRL is not available in secure connection establishment, the
decision is based on other settings, for example, -crl-allow-missing, and the
system tries to fetch the CRL for later usage. When the option is disabled, the CRL (if not
available) for certificate verification against CRL is fetched during the secure connection
establishment.
Examples:
omscertificate configure-crl-client -crl-checking enabled
-user-crl disabled -cert-crl enabled -crl-allow-missing
enabled -crl-bg-download enabled
5.4.15 install-crl
The install-crl command installs a CRL file (for example, locally generated).
Synopsis:
omscertificate install-crl <-crl-file crl_file> <-ca-id ca_id>
[-cert-type cert_type]
Options:
-crl-file - It is the path to the CRL file which is installed.
-ca-id - It is the CA ID for which the CRL is installed.
-cert-type - It is the certificate type where the CRL is installed (possible values:
new-with-new, old-with-old, old-with-new, new-with-old, default value:
new-with-new).
Examples:
omscertificate install-crl -ca-id rootCA -crl-file
/home/crl.pem
DN0962949 Issue: 12 © 2018 Nokia 75

Scripts in LTE OMS
5.4.16 update-crl
The update-crl command updates all installed CRLs.
Synopsis:
omscertificate update-crl
Examples:
omscertificate update-crl
5.4.17 show-crl
The show-crl command shows the installed CRL contents.
Synopsis:
omscertificate show-crl [-ca-id ca_id]
omscertificate show-crl
Options:
-ca-id - It is the CA ID for which CRL is shown. If the parameter is not set, all CRLs
are displayed.
Examples:
• Display the CRL installed under the ca-id rootCA:
omscertificate show-crl -ca-id rootCA
• Display all installed CRLs:
omscertificate show-crl
5.4.18 show-crl-status
The show-crl-status command displays configuration of the CRL functionality and
the CRL statuses.
Synopsis:
omscertificate show-crl-status
Examples:
omscertificate show-crl-status
5.4.19 delete-crl
The delete-crl command deletes the CRL file.
Synopsis:
76 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
omscertificate delete-crl <-ca-id ca_id>
Options:
-ca-id - It is the CA ID for which CRL is deleted.
Examples:
omscertificate delete-crl -ca-id rootCA
5.4.20 add-crl-url
The add-crl-url command adds Uniform Resource Locator (URL) of CRL
Distribution Points.
Synopsis:
omscertificate add-crl-url <-ca-id ca_id> <-url CRLDP> [-cert-
type cert_type]
Options:
-ca-id - It is the CA ID for which CRL is configured.
-url - It is the CRL distribution point used to install CRL from (remote URL).
-cert-type - It is the certificate type to which CRL Distribution Point is configured
(default: new-with-new).
Examples:
omscertificate add-crl-url -ca-id "CN:CRL_testing-CRL_testing"
-url
"ldap://10.121.207.10/cn=CRL_testing?certificateRevocationList
;binary"
5.4.21 delete-crl-url
The delete-crl-url command removes CRL Uniform Resource Locator (URL).
Synopsis:
omscertificate delete-crl-url <-ca-id ca_id> <-url CRLDP> [-
cert-type cert_type]
Options:
-ca-id - It is the CA ID for which CRL is configured.
-url - It is the CRL distribution point to remove (remote URL).
-cert-type - It is the certificate type to which CRL is configured (default: new-with-
new).
Examples:
DN0962949 Issue: 12 © 2018 Nokia 77

Scripts in LTE OMS
omscertificate delete-crl-url -ca-id "CN:CRL_testing-

CRL_testing" -url
"ldap://10.121.207.10/cn=CRL_testing?certificateRevocationList
;binary"
5.4.22 create-csr-request
The create-csr-request command manually creates a CSR file.
g Note: OMS does not support a private key file in encrypted form.
Synopsis:
omscertificate create-csr-request -csr-filename csr_filename
-csr-dirpath csr_dirpath -key-filepath key_filepath -cn-name
cn_name
Options:
-csr-filename The name of the csr file to be created, such as
filename.csr.
-csr-dirpath The path to the directory where the csr file is stored. It
always end with a forward slash (/).
g Note: If this is not provided, then the csr file is
saved to the current directory.
-key-filepath The path where the private key is located, such as
/directory/folder/priveekey.pem.
-cn-name Common name.
g Note: The -csr-dirpath,
-key-filepath, and -cn-name are
optional parameters. If either of the
parameters are not included, then a default
value is provided automatically.
Examples:
omscertificate create-csr-request <-csr-filename csr_filename>
[-csr-dirpath csr_dirpath] [-key-filepath key_filepath] [-cn-
name cn_name]
where:
<...> - it is mandatory to be included when executing the command.
[...] - it is optional to include upon execution.
78 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
Possible combinations for execution:
omscertificate create-csr-request -csr-filename “csr_filename” -csr-
dirpath “csr_dirpath” -key-filepath “key_filepath” -cn-name “cn_name”
omscertificate create-csr-request -csr-filename “csr_filename”
dirpath “csr_dirpath”
omscertificate create-csr-request -csr-filename “csr_filename” -key-
filepath “key_filepath”
omscertificate create-csr-request -csr-filename “csr_filename” -cn-name
“cn_name”
dirpath “csr_dirpath” -key-filepath “key_filepath”
dirpath “csr_dirpath” -cn-name “cn_name”
omscertificate create-csr-request -csr-filename “csr_filename” -key-
filepath “key_filepath” -cn-name “cn_name”
5.4.23 show-cmp-insta-bug-prevention
The show-cmp-insta-bug-prevention command shows the parameter that
controls the functionality to protect OMS against incorrect data, which could be received
from Insta Certifier CMP server in response to CMP key update operation.
The problem can occur when CMP key update request (triggered either automatically or
manually) is sent to Insta Certifier CMP server with older software version and the EE
certificate installed in OMS has not been generated by the CMP server but has been
generated and installed manually by the operator.
g Note: OMS allows to optionally block sending of CMP key update request when OMS
EE certificate has been installed manually. The Insta Certifier CMP server has a SW
bug resulting in incorrect, very high value of the iterationCount parameter (of
protectionAlg.PBMParameter structure) in Key Update Response (kup)
message when the CMP key update request is rejected due to
"CRMF oldCertId not matched against cert". The issue has been fixed in
release 7.0 build 20793 of Insta Certifier CMP server.
OMS can receive such a message in case of a triggered CMP key update when an EE
certificate has been installed manually and is not consistent with the data stored in the
CMP server. In such situation, OMS can fall into trouble receiving that message as it
results in high CPU usage due to forced intensive processing related to applying the
protective algorithm as many times as value of iterationCount parameter
specifies.
The option to block sending the CMP key update request should be enabled when the
operator uses the Insta Certifier CMP server with an older release or build version and
there is a risk that the EE certificate might have been installed manually (the output of
omscertificate show-ee-cert command shows relevant information how the
EE certificate has been installed). Otherwise, protection enabling is not needed.
Synopsis:
omscertificate show-cmp-insta-bug-prevention
DN0962949 Issue: 12 © 2018 Nokia 79

Scripts in LTE OMS
Example:
# omscertificate show-cmp-insta-bug-prevention
Prevention mode for CMP Insta server bug is set to: disabled
5.4.24 set-cmp-insta-bug-prevention
The set-cmp-insta-bug-prevention command sets the parameter that controls
the functionality to protect OMS against incorrect data, which could be received from
Insta Certifier CMP server in response to CMP key update operation.
The problem can occur when CMP key update request (triggered either automatically or
manually) is sent to Insta Certifier CMP server with older software version and the EE
certificate installed in OMS has not been generated by the CMP server but has been
generated and installed manually by the operator.
g Note: OMS allows to optionally block sending of CMP key update request when OMS
EE certificate has been installed manually. The Insta Certifier CMP server has a SW
bug resulting in incorrect, very high value of the iterationCount parameter (of
protectionAlg.PBMParameter structure) in Key Update Response (kup)
message when the CMP key update request is rejected due to
"CRMF oldCertId not matched against cert". The issue has been fixed in
release 7.0 build 20793 of Insta Certifier CMP server.
OMS can receive such a message in case of a triggered CMP key update when an EE
certificate has been installed manually and is not consistent with the data stored in the
CMP server. In such situation, OMS can fall into trouble receiving that message as it
results in high CPU usage due to forced intensive processing related to applying the
protective algorithm as many times as value of iterationCount parameter
specifies.
The option to block sending the CMP key update request should be enabled when the
operator uses the Insta Certifier CMP server with an older release or build version and
there is a risk that the EE certificate might have been installed manually (the output of
omscertificate show-ee-cert command shows relevant information how the
EE certificate has been installed. Otherwise, protection enabling is not needed.
Synopsis:
omscertificate set-cmp-insta-bug-prevention <-prevention
enabled/disabled>
Options:
-prevention Prevention can be enabled or disabled.
Example:
# omscertificate set-cmp-insta-bug-prevention -prevention enabled
Prevention mode for CMP Insta server bug has been set to: enabled
80 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
5.5 fsciphercli
The fsciphercli command is used for configuring cipher suites for OMS-related
components.
Non-root users have limited access to execute fsciphercli commands.
Synopsis:
fsciphercli [OPTION]... [cipher|cipher-suite]...
Options:
-c, -- Component name for which the cipher suite has to be configured.
component
-a, --add Adds one or more ciphers to the existing cipher suite. The ciphers
are colon-separated.
-r, --remove Removes one or more ciphers from the existing cipher suite. The
ciphers are colon-separated.
-d, -- Sets the default cipher suite for the given component. The --
default add|--remove parameters are ignored.
-v, -- Displays detailed information.
verbose
-h, --help Prints a help message and exits. Other parameters are ignored.
g Note:
• If the --component option contains an unknown or unsupported component
name, the list of available OMS components and an error message is printed to the
console.
• If the --add and --remove option contains multiple ciphers, they must be
separated by a colon, otherwise an error message is printed to the console.
• If the --add and --remove option contains unknown or unsupported cipher, such
a cipher is ignored; a warning message is printed to the console.
• A component that has been successfully configured must be restarted using the
fshascli command.
• The fsciphercli -c <component name> command displays the list of
available ciphers for that component.
• If the operator adds or removes ciphers for a given component, then the related
service must be manually restarted with the use of the fshascli command in
order to apply the changes, for example:
1. Modify the cipher suite for LDAP.
fsciphercli -c LDAP -a [ciphers] -r [ciphers]
2. Manually restart the LDAP server.
fshascli -rn /CLA-0/FSDirectoryServer/LDAPServer
DN0962949 Issue: 12 © 2018 Nokia 81

Scripts in LTE OMS
g Note: Supported OMS component/interface:
• LDAP
• HTTPD
Examples:
fsciphercli -c Displays default cipher suite and existing cipher suite for
LDAP the OMS LDAP component.
fsciphercli -c Sets default cipher suite for the OMS HTTPD component.
HTTPD -d The current cipher suite is overwritten.
fsciphercli -c Adds AES128-SHA cipher to the existing cipher suite for
LDAP -a AES128-SHA the OMS LDAP component.
fsciphercli -c Adds AES256-SHA256 and AES128-SHA256 ciphers to
HTTPD -a AES256- the existing suite and removes AES256-SHA and
SHA256:AES128- AES128-SHA ciphers for the OMS HTTPD component in
SHA256 -r AES256- verbose mode.
SHA:AES128-SHA -v
82 © 2018 Nokia DN0962949 Issue: 12

Command Line Interface Tools and Management User management
Scripts in LTE OMS
6 User management
Related CLI commands use in OMS user management
6.1 fsacclock
The fsacclock command enables or disables automatic locking of a specified user
account. It also checks the current setting for a specified account.
The fsacclock command can be used for any local system account or user account in
OMS except centralized user accounts. The fsacclock command cannot be used for
centralized user accounts because automatic account locking locally on OMS is
disallowed on these accounts. However, disabling of automatic account locking must
only be used on rare, reasonable cases. This is because disabling exposes the user
account on a risk of potential dictionary or brute force attack since automatic account
locking mechanism is ignored for the given account in case of repeated failed login
attempts.
g Note: Disabling of automatic account locking is relatively safe in case of the system
accounts omsFtpUser1 and omsFtpUser2 as the system changes their password once
every four hours. For any other account with automatic account locking disabled, it is
highly recommended to regularly change the account password.
Synopsis:
fsacclock [-h | --help][-e | --enable <username>][-d | --
disable <username>][-s | --status <username>]
Options:
-h | --help - Print help.
-e | --enable <username> - Enable automatic account locking for a specified
<username> (default).
-d | --disable <username> - Disable automatic account locking for a specified
<username>.
-s | --status <username> - Check the status of the automatic locking account
functionality for a specified <username>.
Examples:
Enable automatic user locking of the omsFtpUser1 user:
# fsacclock -e omsFtpUser1
Generating pam configs...
Generating fpcorba.osldapnoruim from fpcorba.osldapnoruim_template
Generating fpcorba.osldapruim from fpcorba.osldapruim_template
Generating fpftp.osldapnoruim from fpftp.osldapnoruim_template
Generating fpftp.osldapruim from fpftp.osldapruim_template
Generating fpgui.osldapnoruim from fpgui.osldapnoruim_template
Generating fpgui.osldapruim from fpgui.osldapruim_template
DN0962949 Issue: 12 © 2018 Nokia 83

User management Command Line Interface Tools and Management
Scripts in LTE OMS
Generating fphttpd.osldapnoruim from fphttpd.osldapnoruim_template

Generating fphttpd.osldapruim from fphttpd.osldapruim_template
Generating fpjaas.osldapnoruim from fpjaas.osldapnoruim_template
Generating fpjaas.osldapruim from fpjaas.osldapruim_template
Generating fpldapok from fpldapok_template
Generating fplogin.osldapnoruim from fplogin.osldapnoruim_template
Generating fplogin.osldapruim from fplogin.osldapruim_template
Generating fppapok from fppapok_template
Generating fpssh.osldapnoruim from fpssh.osldapnoruim_template
Generating fpssh.osldapruim from fpssh.osldapruim_template
Generating fpsu.osldapnoruim from fpsu.osldapnoruim_template
Generating fpsu.osldapruim from fpsu.osldapruim_template
Copying fpcorba.osldapnoruim to fpcorba
Copying fpgui.osldapnoruim to fpgui
Copying fphttpd.osldapnoruim to fphttpd
Copying fpjaas.osldapnoruim to fpjaas
Copying fplogin.osldapnoruim to fplogin
Copying fpssh.osldapnoruim to fpssh
Copying fpsu.osldapnoruim to fpsu
Copying fpftp.osldapnoruim to fpftp
Distributing changes to other nodes
Enabling locking for omsFtpUser1 is successful.
6.2 fscontrolRUIM
The fscontrolRUIM command enables or disables the Centralized User
Authentication and Authorization (CUAA) feature by performing modifications on
configurations files and the internal LDAP.
The fscontrolRUIM command edits files related to PAM, CUAA fragment in LDAP,
NSS, and NWI3Adapter fragment in LDAP. The files are:
• PAM: /etc/pam.d/fp*
• NSS: /etc/nsswitch.con
• NWI3Adapter: an LDIF file is added to the local LDAP
The values used during editing are supplied in a configuration file. The default
configuration file name is fscontrolRUIM.conf, located in the SS_AAA subsystem
directory /opt/Nokia_BP/SS_AAA/etc. It is possible to override this with the --
config option. The LDIF file necessary to update the NWI3Adpater mediator fragment
in the LDAP must be specified if NWI3Adapter mediator fragment is to be configured.
Synopsis:
fscontrolRUIM [-e|--enable] [-d|--disable] [-c|--config
filename] [-p|--no-pam] [-r|--no-ruim] [-n|--no-nss] [-w|--no-
nwi3] [-u|--no-restart] [-i|--ignore-rg-check] [-nl|--nwi3-
ldif filename]
Options:
-e|--enable - Enable CUAA feature.
-d|--disable - Disable CUAA feature.
84 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
-c|--config filename - Specify a configuration file to use. For more comments on
each value, see the template configuration file.
-p|--no-pam - Skip doing configurations related to PAM. This option is ignored when
disabling CUAA.
-r|--no-ruim - Skip removing replicated user accounts from the CUAA cache in
LDAP
-n|--no-nss - Skip doing configurations related to nsswitch file.
-w|--no-nwi3 - Skip doing configurations related to NWI3 in LDAP. Note that this
option has no effect when disabling CUAA.
-u|--no-restart - Skip doing restart for recovery groups.
-i|--ignore-rg-check - Skip checking if CUAA Recovery Groups are unlocked.
-nl|--nwi3-ldif filename - Specify the LDIF file containing initial and NE
accounts to be updated in NWI3 mediator fragment.
6.3 fsdumpgroups
The command prints group accounts from LDAP security fragment:
fsClusterId=ClusterRoot,fsFragmentId=Security,ou=Group.
Synopsis:
fsdumpgroups [-h] [-G] [-g gid[,...]]
Options:
-h - Print help.
-G - Print also group data from /etc/group
-g gid[,...] - Print selected group(s), where gid is the name or number of group in
LDAP.
6.4 fsdumpperm
The fsdumpperm command prints permissions from LDAP security fragment:
fsClusterId=ClusterRoot,fsFragmentId=Security,fsFragmentId=Per
missions.
Synopsis:
fsdumpperm [-h] [-p permId[,...]]
Options:
-h - Print help.
-p permId[,...] - Print selected permission(s), where permId is the name of the
permission in LDAP.
DN0962949 Issue: 12 © 2018 Nokia 85

Scripts in LTE OMS
6.5 fsdumpusers
The fsdumpusers command prints user accounts from LDAP security fragment:
fsClusterId=ClusterRoot,fsFragmentId=Security,ou=People.
Synopsis:
fsdumpusers [-h] [-g] [-p] [-u uid[,...]]
Options:
-h - Print help.
-g - Print also secondary groups.
-p - Print also user data from /etc/passwd
-u uid[,...] - Print selected user(s), where uid is user's login name or
uidNumber in LDAP.
6.6 fsgetcred
The fsgetcred command allows to obtain passwords from the FS Credential Service.
The default base path for the Credential Service can be changed by setting the
environment variable FS_CRED_SERV_PATH.
Synopsis:
fsgetcred <service> <username> OPTIONS
Options:
If <username> is not given, the command uses the current username of the user.
<service> is always a mandatory parameter.
6.7 fsgpasswd
The fsgpasswd command administers group accounts in LDAP security fragment:
Users can be added to a group or deleted from a group.
Synopsis:
fsgpasswd [-a|-d <uid group>] [-v] [-h]
86 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
Options:
-v - Ask for verification from user.
-h - Print help.
-a - Add a user to a group.
-d - Delete a user from a group.
uid - Check user's login name.
group - Check group’s name.
6.8 fsgroupadd
Thefsgroupadd command creates a new group account to LDAP security fragment:
Synopsis:
fsgroupadd [-g gidNumber] [-v] [--fast] [-f filter size] [-h]
[-r retry_count] [-t time_out] group
Options:
-h - Print help.
-g gidNumber - It is a group number attribute in LDAP. gidNumber must be a unique
number not reserved by any other group account. The default is the first free number
greater than GID_MIN and less than GID_MAX. Values between 0 and 499 are reserved
for Linux distribution. Values between 500 and 4999 are reserved for FlexiServer
platform. Values between 5000 and 10000 are reserved for FlexiServer applications.
Values between 10001 and 65000 should be used for end user groups.
-f filter size - It is the number of the gidNumbers in the LDAP search filter for
the first free gidNumber search. This option is for optimizing the speed of the search.
The most optimal size is usually about the number of the groups in the LDAP. The
default value is 128. The value must be between 2 and 2048.
--fast - It is the slave LDAP is not polled.
-r retrial_count - It is the number of times to retry the operation if the entry is not
added to the LDAP. The default is 30.
-t time_out - It is time to wait between retrials. It is in ms. The default is 400 ms.
group - It is a unique name of the group.
6.9 fsgroupdel
The fsgroupdel command removes a group account from LDAP security fragment:
DN0962949 Issue: 12 © 2018 Nokia 87

Scripts in LTE OMS
Synopsis:
fsgroupdel [-v] [-h] group
Options:
-h - Print help.
6.10 fsgroupperm
The fsgroupperm command administers group permissions in LDAP security
fragment:
missions.
Synopsis:
fsgroupperm [-a|-d group permission] [-v] [-h]
Options:
-h - Print help.
-a - Add a group to a permission.
-d - Delete a group from a permission.
permission - Check permission’s name.
6.11 fsmkpasswd
The fsmkpasswd command generates a random password of any length. The
password contains only A-Z, a-z, 0-9 characters.
Synopsis:
fsmkpasswd [OPTION]
Options:
-l length - Set password length (default 64).
-h - Print help.
88 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
6.12 fsperm2sudo.sh
The fsperm2sudo.sh command retrieves the FSSecCLIPermission objects from
the LDAP directory, and generates a corresponding sudoers file content into standard
output.
Note that output must be redirected into /etc/sudoers file manually to take the
modifications into use (it is done automatically once in the commissioning).
The CLI commands in the permission objects are values of the multi-valued
fssecPermissionCLICommand attribute. The script concatenates these values into
a multi-line argument of the Cmnd_Alias command in the sudoers file.
The script uses the name of executable file (given as the first part of the value of
fssecPermissionCLICommand attribute) in a permission object to retrieve the UID
of the owner of the file from the filesystem. The username of the owner of the executable
is used in the Runas_specs in the produced sudoers file.
Synopsis:
fsperm2sudo.sh <hostname> <port>
Options:
The default value for host is localhost and port 389.
6.13 fspermadd
The fspermadd command creates a new permission entry to LDAP security fragment:
missions.
Synopsis:
fspermadd [-c cliCommand[,...]] [-o objectClass[,...]] [-m
corbaMethod[,...]] [-g group[,...]] [-d description] [-v] [-h]
permId
Options:
-c cliCommand[,...] - It is a list of CLI commands, which are allowed by this
permission. Use full path names, for example, /opt/Nokia_BP/sbin/fshascli
--view*. The default value is empty.
-o objectClass[,...] - It is a list of object classes. The default value is
FSSecPermission. For CLI programs use FSSecPermission and
FSSecCLIPermission. For CORBA permissions use FSSecPermission and
FSSecCORBAMethodPermission. For J2EE permissions use FSSecPermission
and FSSecJ2EEPermission.
DN0962949 Issue: 12 © 2018 Nokia 89

Scripts in LTE OMS
-m corbaMethod[,...] - Add corba method(s) to
fssecCORBAAllowedMethodDescription attribute of FSSecCORBAMethodName
objectClass. Method name is actually a nested-module-names-plus-nested-interface-
names-plus-method-name, connected by '.', and where method-name there can be the '*'
wildcard, meaning all methods, for example: module1.interface1.method or
module2.interface2.interface3.*
-d description - Add a description to a permission. The default value is empty.
-g group[,...] - It is a list of groups to be assigned to this permission. The default
value is empty. fspermadd does not check if the groups really exist in the system.
-h - Print help.
permId - It is a permission ID attribute in LDAP containing the name of the permission.
For CLI permissions, use only capital letters, for example FSHASVIEW.
Note that the command does not check if some or all of the given entries already exist.
Examples:
The following command adds a new permission (or modifies an existing one) with the
permission ID myId, objectClasses FSSecPermission and
FSSecCORBAMethodPermission, sets description to some description, sets allowed
CORBA methods to module1.interface1.operation1 and
module2.interface2.*, and interactively verifies changes from the user.
fspermadd -v -d 'some description' -o
'FSSecPermission,FSSecCORBAMethodPermission' -m
'module1.interface1.operation1,module2.interface2.*' myId
6.14 fspermdel
The fspermdel command deletes a permission from LDAP security fragment:
missions.
Synopsis:
fspermdel [-v] [-h] permId
Options:
-h - Print help.
permId - It is a name of the permission.
90 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
6.15 fsruimrepcli
The fsruimrepcli command controls the RUIM replicator process which is
responsible for replicating RUIM user information from the remote LDAP(s) to the local
LDAP.
The fsruimrepcli command can be executed in any of the following modes:
• fsruimrepcli --cleanupusers - Remove a set of replicated RUIM user
accounts from local LDAP and optionally remove their home directories.
• fsruimrepcli --cleanupallusers - Remove all replicated RUIM users
accounts from local LDAP and optionally remove their home directories.
• fsruimrepcli --disableusers - Remove group membership for a set of
RUIM users. Once the group membership is removed, the user no longer has
permissions.
• fsruimrepcli --disableallusers - Remove group membership for all
RUIM users.
• fsruimrepcli --refreshusers - Get the information of a set of RUIM users
from the remote LDAP and store it to the local LDAP.
• fsruimrepcli --refreshcache - Refresh the information of all RUIM users
which exists in the local LDAP.
• fsruimrepcli --limitedmode - Stop replicating RUIM user accounts to the
local LDAP. Only the already replicated RUIM user accounts can be used to log in.
Note that if the --enablerefresh option is given, then the timed RUIM cache
refresh is still possible for the existing RUIM users. If the --
disableinvalidation option is given then cache expiry is disabled. By default,
when cache refresh is stopped then the timed RUIM cache refresh is disabled and
cache expiry is enabled. In this mode executing of the refreshusers command
fails while it is still possible to execute the refresh-cache command.
• fsruimrepcli --normalmode - Undo the effect caused by the limited-
mode command.
• fsruimrepcli --invalidateusers - Cleanup RUIM users which have
records in the local LDAP but are inactive for some time.
• fsruimrepcli --shutdown - Shutdown the Replicator process (HAS is not
used).
Synopsis:
fsruimrepcli --cleanupusers [--host hostname ] [--port
portnumber ] [--rmdir] [--timeout seconds ] [--user username ]
...
fsruimrepcli --cleanupallusers [--host hostname ] [--port
portnumber ] [--rmdir] [--timeout seconds ]
fsruimrepcli --disableusers [--host hostname ] [--port
portnumber ] [--timeout seconds ] [--user username ] ...
fsruimrepcli --disableallusers [--host hostname ] [--port
portnumber ] [--timeout seconds ]
DN0962949 Issue: 12 © 2018 Nokia 91

Scripts in LTE OMS
fsruimrepcli --refreshusers [--host hostname ] [--port

portnumber ] [--timeout seconds ] [--user username ] ...
fsruimrepcli --refreshcache [--host hostname ] [--port
fsruimrepcli --limitedmode [--host hostname ] [--port
portnumber ] [--timeout seconds ] [ --enablerefresh ] [--
disableinvalidation ]
fsruimrepcli --normalmode [--host hostname ] [--port
fsruimrepcli --invalidateusers [--host hostname ] [--port
portnumber ] [--timeout seconds ] [--invalidatetime time ]
fsruimrepcli --shutdown [--host hostname ] [--port
Options:
--host hostname - Specify the name or the IP address of the host where the
replicator is running. By default the replicator recovery group RuimRepServer is used.
--port portnumber - Specify the port to which the replicator is listening. By default
49700 is used.
--rmdir - Remove home directories for users that are to be cleaned up.
--user username - Specify a string representing the RUIM user name.
--enablerefresh - Allow timed cache refresh of the RUIM users accounts.
--disableinvalidation - Stop cache expiry of the RUIM users accounts.
--timeout time - Set the blocking time of the CLI when waiting for the reply from
replicator. Special value of -1 indicates that the CLI should return immediately after
sending the request to replicator without waiting for reply. A Special value of 0 indicates
that the CLI should not return until either it receives the reply or the connect with
replicator is broken. By default 0 is used.
--invalidatetime time - Set the time used when checking for inactive users that
are to be cleaned up. Note that in this case whether the home directory is removed or
not, depends on the replicator ruim.replicator.user_cleanup_policy. If
invalidatetime is set to 0 or it is not defined, then the value defined in
ruim.replicator.invalid_users_timeout policy is used.
Note that the time value can be specified in seconds, minutes, hours or days. The unit of
time can be specified after the number, for example, 10 or 10s for 10 seconds, 10m for
10 minutes, 10h for 10 hours, 10d for 10 days.
Examples:
• Refresh RUIM users cache in local LDAP. Wait for reply from replicator for a
maximum of 1 minute.
fsruimrepcli --refreshcache --timeout 1m
• Get information of RUIM users user1 and user2. Wait for reply from replicator for a
maximum of 30 seconds.
fsruimrepcli --refreshusers --user user1 --user user2 --
timeout 30s
92 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
• Cleanup RUIM users user1 and user2 from local RUIM cache. Remove home
directories for cleaned users.
fsruimrepcli --cleanupusers --user user1 --user user2 --
rmdir
• Cleanup all RUIM users from local RUIM cache. Remove home directories for
cleaned users.
fsruimrepcli --cleanupallusers --rmdir
• Disable RUIM user user1. The replicator is running on host node-x and is listening to
port 50000.
fsruimrepcli --disableusers --host node-x --port 50000 --
user user1
• Disable all RUIM users. The replicator is running on host node-x and is listening to
port 50000.
fsruimrepcli --disableallusers --host node-x --port 50000
• Invalidate RUIM users who have been inactive for 10 days.
fsruimrepcli --invalidateusers --invalidatetime 10d
• Disable cache refreshing for newly logged in RUIM users. Queue the request to
replicator and return immediately.
fsruimrepcli --limitedmode --timeout -1
• Disable cache refreshing for newly logged in RUIM users. Allow timed cache refresh
and disable cache expiry.
fsruimrepcli --limitedmode --enablerefresh --
disableinvalidation
• Enable cache refreshing.
fsruimrepcli --normalmode
• Start shutdown of a replicator process that is not started by HAS and which is
running in host node-x and listening to port 50000.
fsruimrepcli --shutdown --host node-x --port 50000
6.16 fssetcred
This command creates, modifies, and deletes passwords inside the FlexiServer
Credential Service. The new password can be given either using standard input, a file or
interactively from a console (default).
The command automatically makes a backup of the old password when it is modified or
deleted. Information on every creation, modification and deletion (successful/failed) is
printed to the screen and into /var/mnt/syslog.
The group and user ownership of the password (not for the backup) can be set when
creating or modifying them. By default the user owner is the current user and the group
owner is the primary group of the current user (this is the only mode for backups). The
permission for the passwords are -rw-r----- and for the backups -rw-------. By
default the command only modifies existing entries in the Credential Service, but with the
-c option new entries can be created. Note that this creates also the service directory if
it does not exist; the permissions for the directory are always -rw-r--r--. User owner
is the current user and the group owner is the primary group of the current user. The
service and username must always be given.
Synopsis:
DN0962949 Issue: 12 © 2018 Nokia 93

Scripts in LTE OMS
fssetcred <service> <username> OPTIONS
Options:
Precedence order of mutually exclusive options: -n, -h, -d, -r, -f, -p. The options -g
and -u have precedence over -k and -v.
-g, --groupname <group> - Set the group ownership of the CS password. If this
option is not given, fssetcred uses the primary group of the current user as the group
owner. If the given groupname does not exist in the system, fssetcred exits with
EINVAL (the program is given wrong number of options, they are in wrong order, the
password setting from console is inconsistent, the backup password to be restored does
not exist, a user and/or groupname do(es) not exist ). This option is also usable with the
-f, -u, -c, -p, -r, and -v options. Note that this option needs an alphabetic input;
numeric input results in an undefined behavior (though the resulting action is described
in printouts to console and syslog).
-u, --username <user> - Set the user ownership of the CS password. If this option
is not given, fssetcred uses the current user as the user owner. If the given username
does not exist in the system, fssetcred exits with EINVAL. This option is also usable
with the -f, -g, -c, -p, -r, and -k options. Note that this option needs an alphabetic
input; numeric input results in an undefined behavior (though the resulting action is
described in printouts to console and syslog).
-k, --groupid <groupid number> - Set the group ownership of the CS
password. If this option is not given, fssetcred uses the primary group of the current
user as the group owner. This option takes in the numeric ID of a group; the id does not
have to exist in the system. This option is also usable with the -f, -u, -c, -p, -r, and
-v options. Note that this option needs a numeric input; alphabetic input results in an
undefined behavior (though the resulting action is described in printouts to console and
syslog).
-v, --userid <userid number> - Set the user ownership of the CS password. If
this option is not given, fssetcred uses the current user as the group owner. This
option takes in the numeric ID of a user; the id does not have to exist in the system. This
option is also usable with the -f, -g, -c, -k, -p, and -r options. Note that this option
needs a numeric input; alphabetic input results in an undefined behavior (though the
resulting action is described in printouts to console and syslog).
-f, --file <filename> - Set the file from which the new password is to be read.
This option is also usable with the -g, -u, -c, -k, -v, -p, and -r options.
-p, --password - Set the new password using standard input. This option is also
usable with the -f, -u, -c, -k, -v, -g, and -r options.
-r, --restore - Restore the old password from an existing backup. This option is
also usable with the -f, -u, -c, -k, -v, -g, and -p options. If the password exists,
fssetcred swops between the current and the backup password. If the password does
not exist (but the backup does), fssetcred creates the new password out of the
backup data. If the backup does not exist, fssetcred bails out.
-d, --delete - Delete the password from CS. A backup of the password to be
deleted is created and is not deleted. The deleted password can be later resurrected by
using the -r option.
94 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
-c, --create - Create a new password entry if one does not yet exist (note that this
creates also the service directory if it does not exist). If the entry exists, it is modified
anyway (whether this option is defined or not). This option is usable with options -f, -u,
-k, -v, -g, and -p and also alone.
-n, --name - Print the path to the desired Credential Service file and exits. Note that
the path is always printed whether the file actually exists or not.
Example:
To set the password for the LDAP service for the user _nokfsFtpUser, to set the
group ownership of the credential file for the group _nokfssysnwi3adapter and to
create a new credential, enter the following command:
# fssetcred ldap _nokfsFtpUser -c -g _nokfssysnwi3adapter
Please give the new password:
Please confirm the new password:
Password file CREATED for service ldap and user _nokfsFtpUser by root.
User owner will be root (=default) and group owner will be
_nokfssysnwi3adapter.
Distributing data to all nodes...
6.17 fsuidsetter
The fsuidsetter command runs a target binary/script with the effective uid and gid
of the caller.
Synopsis:
fsuidsetter <target binary/script with the full path> <args
for the target>
6.18 fsuseradd
The fsuseradd command creates a new user account to the local LDAP security
fragment:
Synopsis:
fsuseradd [-c cn] [-u uidNumber] [-d homeDirectory] [-p
userPassword] [-e expire_date] [-f inactive_days] [-s
loginShell] [-G group[,...]] [-n mindays] [-x maxdays] [-w
warndays] [-l last_change] [--filter filter size] [--fast] [-
v] [-h] [-t time_out] [-r retrial_count] -g gidNumber uid
Options:
-c cn - It is a common name attribute in LDAP. This field is used for the full name of the
user, for example, "Jon Doe". The default value is empty.
DN0962949 Issue: 12 © 2018 Nokia 95

Scripts in LTE OMS
-u uidNumber - It is the UID number attribute in LDAP. This must be a unique number
not reserved by any other user account. The default value is the first free number greater
than UID_MIN and lesser than UID_MAX. If UID_MIN value or UID_MAX value is not
defined or is out of range of 1-57108863, then the values 10000 and 60000 are used
instead, respectively. The convention is as follows:
• values between 0 and 499 are reserved for Linux distribution
• values between 500 and 4999 are reserved for OMS platform
• values between 5000 and 9999 are reserved for OMS platform applications
• values between 10000 and 60000 should be used for end users
• values between 60001 and 2^32-1 are reserved for OMS platform internal use, for
example, when supporting Centralized User Authentication and Authorization
The value must be between 1 and 57108863. The value 0 is always reserved for the root
user and the values above 57108863 are reserved for the CUAA users.
-d homeDirectory - It is the user's home directory attribute in LDAP. The default
value is the result of the concatenation of the default path prefix and /'uid'. The default
path prefix is the value of HOME in /etc/default/useradd. If no default value is set,
the prefix defaults to /home.
-p userPassword - It is the encrypted password attribute in LDAP, encoded as
defined in IETF RFC 2307, for example, {crypt}X5/DBsssrWPOQQaI. Note that the
traditional /etc/shadow formatting using the $1$..$ style does not work for LDAP. The
Default is '*'.
-f inactive_days - Set the number of days after a password expires until the
account is permanently disabled. A value of 0 disables the account as soon as the
password has expired. The default value is the value of the INACTIVE in
/etc/defaults/useradd. If the default value is not numeric or negative or the
default value does not exist, then the default value is ignored. By default, in these cases,
nothing is written to the local LDAP.
-e expire_date - It is the user account expiration date. The user account is disabled
at 00:00:00 GMT on the date specified in the format YYYY- MM-DD (GMT) or in the
number of days from UNIX EPOCH (1970-01-01 GMT). The default value is the value of
the EXPIRE in /etc/defaults/useradd. If the default value is not numeric or
negative or the default value does not exist, then it is ignored. By default, in these cases,
nothing is written to the local LDAP.
-s loginShell - It is the default login shell attribute in LDAP. The default value is the
value of the SHELL in /etc/defaults/useradd. If no default value is set, it defaults
to /sbin/nologin.
-G group[,...] - It is a list of secondary groups in LDAP. By default it is empty. The
groups must exist in the system. If a group does not exist in LDAP, a warning is printed.
The user is added only to groups in LDAP (no update to /etc/group).
-n mindays - Set the number of days after the password change before which the
password cannot be changed. The default value is the value of the PASS_MIN_DAYS
in /etc/login.defs. If the default value is not numeric or negative or the default
value does not exist, then the default value is ignored. By default, in these cases, nothing
is written to the local LDAP.
96 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
-x maxdays - Set the number of days after the password change after which the
password must be changed. The default value is the value of the PASS_MAX_DAYS in
/etc/login.defs. If the default value is not numeric or negative or the default value
does not exist, then the default value is ignored. By default, in these cases, nothing is
written to the local LDAP.
-w warndays - Set the number of days before which the user is notified of the
password expiry. The default value is the value of the PASS_WARN_AGE in
/etc/login.defs. If the default value is not numeric or negative or the default value
does not exist, then the default value is ignored. By default, in these cases, nothing is
written to the local LDAP.
-l last_change - Set the user account password change date in the format YYYY-
MM-DD (GMT) or in the number of days from UNIX EPOCH (1970-01-01 GMT). The
value 0 forces the password update after the first login. The default value is the current
date.
--filter filter size - It is the initial number of the uidNumbers in the LDAP
search filter for the first free uidNumber search. This option is for optimizing the speed of
the search. The most optimal size is usually about the number of the users in the LDAP.
The default value is 128. The value must be between 2 and 2048.
--fast - Do not poll the slave LDAP. This option should only be used if subsequent
user management operations do not depend on the system-wide visibility of the newly
created account. Polling the LDAP server before returning guarantees that the newly
created account is system-wide visible.
-r retrial_count - Set the number of times to retry the operation if the entry is not
added to the LDAP. The default is 30.
-t time_out - It is the waiting interval between retrials in ms. The default is 400 ms.
-h - Print help.
-g gidNumber - It is the primary group attribute in LDAP. This can be either the
number or name of the group. The group must exist in the system. If the group does not
exist in LDAP, a warning is printed. Users are added only to the groups in LDAP (no
update to /etc/group).
uid - It is the user's login name attribute in LDAP.
6.19 fsuserdel
The fsuserdel command deletes a user account from LDAP security fragment:
Synopsis:
fsuserdel [-v] [-h] uid
Options:
-h - Print help.
DN0962949 Issue: 12 © 2018 Nokia 97

Scripts in LTE OMS
uid - It is user's login name attribute in LDAP.
6.20 fsusermod
The fsusermod command modifies the user account to the local LDAP security
fragment,
fsClusterId=ClusterRoot,fsFragmentId=Security,ou=People, to reflect
the changes that are specified on the command line.
Synopsis:
fsusermod [-c cn] [-u uidNumber] [-d homeDirectory] [-e
expire_date] [-f inactive_time] [-s loginShell] [-G
group[,...]] [-n mindays] [-x maxdays] [-w warndays] [-l
last_change] [-v] [-h] [-g gidNumber] uid
Options:
-c cn - It is the new common name attribute in LDAP. This field is used for the full
name of the user, for example, "Jon Doe".
-u uidNumber - It is the UID number attribute in LDAP. This must be a unique number
not reserved by any other user account. The default value is the first free number greater
than UID_MIN and lesser than UID_MAX. If UID_MIN value or UID_MAX value is not
defined or is out of range of 1-57108863, then the values 10000 and 60000 are used
instead, respectively. The convention is as follows:
• values between 0 and 499 are reserved for Linux distribution
• values between 500 and 4999 are reserved for OMS platform
• values between 5000 and 9999 are reserved for OMS platform applications
• values between 10000 and 60000 should be used for end users
• values between 60001 and 2^32-1 are reserved for OMS platform internal use, for
example, when supporting Centralized User Authentication and Authorization
The value must be between 1 and 57108863. The value 0 is always reserved for the root
user and the values above 57108863 are reserved for the CUAA users.
-d homeDirectory - It is the user's home directory attribute in LDAP.
-f inactive_days - Set the new value for the number of days after a password
expires until the account is permanently disabled. A value of 0 disables the account as
soon as the password has expired.
-e expire_date - Is is the new user account expiration date. The user account will
be disabled at 00:00:00 GMT on the date specified in the format YYYY-MM-DD (GMT) or
in the number of days from UNIX EPOCH (1970-01-01 GMT).
-s loginShell - It is the new default login shell attribute in LDAP.
-G group[,...] - It is the new list of secondary groups in LDAP. The list is empty by
default. The groups must exist in the system. If a group does not exist in LDAP, a
warning is printed. The user is added only to groups in LDAP (no update to
/etc/group). The memberships to old supplementary groups is removed.
98 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
-n mindays - It is the new value for the number of days after the password change
before which the password cannot be changed.
-x maxdays - It is the new value for the number of days after the password change
after which the password must be changed.
-w warndays - It is the new value for the number of days before which the user is
notified of the password expiry.
-l last_change - It is the user account password change date in the format YYYY-
MM-DD (GMT) or in the number of days from UNIX EPOCH (1970-01-01 GMT).
-h - Print help.
-g gidNumber - Set the new primary group attribute in LDAP. This can be either a
number or the name of the group. The group must exist in the system. If the group does
not exist in LDAP, a warning is printed. Users are added only to the groups in LDAP (no
update to /etc/group).
uid - It is the user's login name attribute in LDAP. This attribute cannot be changed.
6.21 omsftppasswordscript.sh
The omsftppasswordscript.sh script changes passwords of omsFtpUser1 and
omsFtpUser2.
The omsftppasswordscript.sh script should be used when the accounts are
locked out. Unlock both account first and then use the script to create new passwords.
For information on how to unlock user accounts, see Account locked in Troubleshooting
LTE OMS.
Synopsis:
/opt/Nokia/SS_OMSINST/script/omsftppasswordscript.sh
Example:
# /opt/Nokia/SS_OMSINST/script/omsftppasswordscript.sh
*************************************************************************
***** ftp pw security script (OMS) ***********************************
*************************************************************************
***** This script should be executed once at OMS installation *****
***** and after that every other hour by cron *****
*************************************************************************
***** At first execution time the script will add new entries to LDAP **
***** Each following execution will change active FTP password **
*************************************************************************
Checking volumes presence (try 1 of 3)

1
1
1
DN0962949 Issue: 12 © 2018 Nokia 99

Scripts in LTE OMS
LDAP is up and running

Software Management lock file exist
OMS Minor Upgrade is not running
Setting trap
omsFtpUser1:x:5003:504::/var/opt/OMSftproot:/bin/sh
omsFtpUser2:x:5004:504::/var/opt/OMSftproot:/bin/sh
Read status for Password1 from LDAP = omsParameterValue: 1
Read status for Password2 from LDAP = omsParameterValue: 0
Found ftp pw entries.
Show which password has 0 in status information:
Status information for password1=
Status information for Password2= omsParameterValue: 0
Changing Password2 = crypt:0GchN0DQ944+vfdPWQ6u+Q==
Error (1) modyfying LDAP entries;
on_exit: rm -f /tmp/OMSFtp.gbAccQrIiGx15571
100 © 2018 Nokia DN0962949 Issue: 12

Command Line Interface Tools and Management Fault management
Scripts in LTE OMS
7 Fault management
Related CLI commands use in OMS fault management
7.1 create_anew_AlarmDB.sh
The create_anew_AlarmDB.sh script recreates alarms database which causes all
alarm history to be cleared.
Use the create_anew_AlarmDB.sh script if there are some major problems with
alarms system.
Example:
# /opt/Nokia/SS_OMSINST/script/create_anew_AlarmDB.sh
You are root, proceeding
This script cleans all active alarm data, alarm history data and creates
database AlarmDB anew
During this operation, alarmSystem and NWI3 interface are not working
Operation takes about 1 minutes
Do you want to continue? (y/n)

y
Locking the Fault Management applications
/FMUIGate is locked successfully
/FMAdapter is locked successfully
/AlarmSystem is locked successfully
/AlarmDB is locked successfully
mounting DB_Alarm partition
Some error text is printed here about non existing

/opt/Nokia/SS_TimesTen/script/DBDirectory.sh, it is OK
/opt/Nokia/SS_DBM/script/DBLib.sh: line 19:

/opt/Nokia/SS_TimesTen/script/DBDirectory.sh: No such file or directory
mdadm: /dev/md9 has been started with 2 drives.
Deleting all AlarmDatabase files and directories
unmounting DB_Alarm partition
Some error text is printed here about non existing

/opt/Nokia/SS_TimesTen/script/DBDirectory.sh, it is OK
/opt/Nokia/SS_DBM/script/DBLib.sh: line 19:

/opt/Nokia/SS_TimesTen/script/DBDirectory.sh: No such file or directory
Unlocking AlarmDB
/AlarmDB is unlocked successfully
Sleeping 30 seconds, DB creation ongoing
Updating OMS specifig alarm definitions
Move SS_OMSFM_updateDB.sql as SS_OMSFM_update.sh
DN0962949 Issue: 12 © 2018 Nokia 101

Fault management Command Line Interface Tools and Management
Scripts in LTE OMS
-rwxr-xr-x 3 root root 44359 Oct 2 13:16

/opt/Nokia/SS_OMSFM/script/SS_OMSFM_update.sh
Unlock for FMAdapter to update chenges to alarmDB
/FMAdapter is unlocked successfully
-rwxr-xr-x 3 root root 44359 Oct 2 13:16
/opt/Nokia/SS_OMSFM/script/SS_OMSFM_update.sql
Lock for FMAdapter
/FMAdapter is locked successfully
removing all alarm files and creting empty files
/NWI3Adapter is locked successfully
Removing all buffered NWI3 alarm events
Restarting syslogs
Unlocking Fault Management applications
/NWI3Adapter is unlocked successfully
/AlarmSystem is unlocked successfully
/FMAdapter is unlocked successfully
/FMUIGate is unlocked successfully
COMPLETED
7.2 fsalarm
The fsalarm is a command line interface for the Alarm System of OMS platform.
The fsalarm command can be used to send requests to Alarm System for fetching the
alarms and alarm history.
Synopsis:
fsalarm [-h|--help] [--alarms] [--history]
Options:
--alarms - Send a request to fetch alarms.
--uncleared-alarms - Fetch uncleared alarms in paged snapshot mode.
--history - Send a request to fetch alarm history (events).
Only --alarms, --history, --help, -h can be given in the command line at a time.
If no command is given, CLI enters the interactive mode, where user can select one of
the commands from the menu.
7.3 zaho
The zaho command prints a list of all active OMS alarms stored in the OMS alarm
database.
Synopsis:
zaho
102 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
Examples:
ACTIVE ALARMS
OMS-341: Thu Mar 13 12:30:50 CET 2014 CLA-0
Active alarm count: 47
*************************** 1. row ***************************

AlarmId: 79476
MOId: moid=NE-MRBTS-710/NE-LNBTS-
710,fsLogicalNetworkElemId=NE-MRBTS-
710,fsFragmentId=external,fsClusterId=ClusterRoot
SpecificProblem: 7401
IApplAdditionalInfo: si=additionalFaultId:1400;100 1 100 1400FSMF
1 0
ApplicationId: appid=NE-MRBTS-710/NE-LNBTS-
710,fsLogicalNetworkElemId=MRBTS-
AlarmTime: 1392645272000
LOCAL_AlarmTime: 2014-02-17 14:54:32
SystemTime: 1392645273015
LOCAL_SystemTime: 2014-02-17 14:54:33
OriginalTime: 1392645272000
LOCAL_OriginalTime: 2014-02-17 14:54:32
UtcShift: 60
Acked: 0
Cleared: 0
AlarmCount: 0
PerceivedSeverity: 4
ApplAdditionalInfo: afamily=crnc ai=NE-MRBTS-710/NE-LNBTS-710
atime=1392645272000 et=x3 fc=7 nid=2104911091 st=test utc=60
CorrelatedNotifications:
AckTime: 0
UserId:
SystemId:
TYPE_SpecificProblem: 7401
TYPE_ProbableCause: 0
TYPE_DefaultSeverity: 4
TYPE_AutoAcknowledged: 1
TYPE_SwitchOverUpdate: 1
TYPE_ClearingInfo: 1
TYPE_ClearingDelay: 10000
TYPE_InformingDelay: 10000
TYPE_TimeToLive: 0
TYPE_AlarmText: EXTERNAL AL 1
TYPE_OperationInstructions: Not defined
TYPE_ProbableCauseName: Indeterminate
TYPE_EventTypeName: x3
7.4 zahp
The zahp command prints the OMS alarm history. Heartbeats are not displayed.
DN0962949 Issue: 12 © 2018 Nokia 103

Fault management Command Line Interface Tools and Management
Scripts in LTE OMS
You can specify the number of alarms displayed (if not specified, all alarms are
displayed).
Synopsis:
zahp <number of alarms displayed>
Options:
<number of alarms displayed> - Specify the number of displayed alarms
(default: all alarms are displayed).
Examples:
# zahp 1
ALARM HISTORY
OMS-341: Thu Mar 13 12:26:24 CET 2014 CLA-0

Alarm history count: 50660
Limit requested, getting 1 alarms

*************************** 1. row ***************************
NotificationId: 148265
AlarmId: 96118
SpecificProblem: 7651
ProbableCause: 0
EventTypeName: x5
ExtendedEventTypeName: x3
AlarmTime: 1394706946001
LOCAL_AlarmTime: 2014-03-13 11:35:46
SystemTime: 1394706946551
LOCAL_SystemTime: 2014-03-13 11:35:46
OriginalTime: 1394706946001
LOCAL_OriginalTime: 2014-03-13 11:35:46
UtcShift: 60
ManagedObjectId: moid=NE-MRBTS-710/NE-LNBTS-
710,fsLogicalNetworkElemId=NE-MRBTS-
ApplicationId: appid=NE-MRBTS-710/NE-LNBTS-
710,fsLogicalNetworkElemId=MRBTS-
AckState: 1
ClearState: 1
PerceivedSeverity: 6
IApplAdditionalInfo: si=additionalFaultId:3080;100 1 100 1898FSMF
1 16
ApplAdditionalInfo: afamily=crnc ai=NE-MRBTS-710/NE-LNBTS-710
atime=1394706946001 et=x5 fc=7 nid=117689875 st=BTS reference clock missing
utc=60
ClearingInfo: 1
AlarmText: BASE STATION OPERATION DEGRADED
CorrelatedNotifications:
AckTime: 1394706946551
104 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
LOCAL_AckTime: 2014-03-13 11:35:46

UserId:
SystemId:
ControlIndicator: 7
TYPE_SpecificProblem: 7651
TYPE_ProbableCause: 0
TYPE_DefaultSeverity: 3
TYPE_AutoAcknowledged: 1
TYPE_SwitchOverUpdate: 1
TYPE_ClearingInfo: 1
TYPE_ClearingDelay: 10000
TYPE_InformingDelay: 10000
TYPE_TimeToLive: 0
TYPE_AlarmText: BASE STATION OPERATION DEGRADED
TYPE_OperationInstructions: Not defined
TYPE_ProbableCauseName: Indeterminate
TYPE_EventTypeName: x5
DN0962949 Issue: 12 © 2018 Nokia 105

Troubleshooting Command Line Interface Tools and Management
Scripts in LTE OMS
8 Troubleshooting
Related CLI commands use in OMS troubleshooting
8.1 fsauditcli
The fsauditcli is a command line interface for audit log system.
The fsauditcli command logs messages to the audit trail. Messages logged using
this tool will be logged in /var/log/auth.log.
Synopsis:
fsauditcli [-pri Priority] [-host remote hostname] [-addr
remote address] [-saddr server address] [-sport server port]
[-ses Session] [-fci facility] [-pid PID] [-uid UID] [-auid
AuditID] [-exe Executable name] [-user user name] [-targetid
target ID] [--]
Options:
-pri Priority - It is a message priority. This is optional, but if left out, info will be
used by default. It can be one of the following values:
• alert
• crit
• debug
• emerg
• err
• error
• info
• none
• notice
• panic
• warn
• warning
-host hostname - It is a remote hostname. By convention, it is the hostname of the
remote client if it is available.
-addr address - It is a remote address. By convention, it is the address of the remote
client.
-saddr address - It is a server address. By convention, it is the address used on the
server. It is useful for multi-homed applications.
-sport port number - It is a server port. By convention, it is the port on the server
from which the request came.
-ses - It is a session id.
106 © 2018 Nokia DN0962949 Issue: 12

Command Line Interface Tools and Management Troubleshooting
Scripts in LTE OMS
-fci facility - The default value is authpriv. The facility can be one of the
following values:
• auth
• authpriv
• cron
• daemon
• ftp
• kern
• lpr
• mail
• mark
• news
• security
• syslog
• user
• uucp
• local0
• local1
• local2
• local3
• local4
• local5
• local6
• local7
-pid - It is a process ID.
-uid - It is a user ID.
-auid - Is is an audit ID.
-exe - It is an executable file name.
-user - It is a user name.
-targetid - It is a target id.
-- - It signals the end of arguments. Everything past this sign will be part of the
message.
If an argument other than those specified above is used, from that point on the program
assumes the remainder as part of the message. All white space characters found in the
message are replaced by a single space. If you wish to preserve the white spaces,
include the message in double quotes. If no message is passed on the command line,
the program reads from the standard input. To terminate the program, send EOF (Ctr+D)
or type . followed by new line (Enter).
After issuing this command, a message is logged to the syslog.
DN0962949 Issue: 12 © 2018 Nokia 107

Scripts in LTE OMS
8.2 fsremotesyslog
The fsremotesyslog command configures remote syslogs transmissions using the
TCP or UDP protocols from network elements with the syslog client installed.
The possible commands for managing syslogs transmissions are as follows:
fsremotesyslog <enable|disable> <tcp-listener|udp-listener> -
Enable or disable a TCP or UDP transmission. To enable the TCP connection prepare
certificates using the Certificate Management in OMS. Note that TCP is enabled by
default.
fsremotesyslog commit - Save changes made in the remote syslog configuration.
fsremotesyslog <add|remove> source
<[tcp:|udp:]address|address/mask|any> - Add or remove a TCP or UDP
source.
fsremotesyslog restore-default - Set the default value in a temporary
configuration. Commit must be called separately. Using this option leads to the loss of
the current configuration setup. Use it only at your own risk.
fsremotesyslog status - Show the active configuration used by the running
instance of rsyslog.
fsremotesyslog help - Print help.
Synopsis:
fsremotesyslog <enable|disable> <tcp-listener|udp-listener>
fsremotesyslog commit
fsremotesyslog <add|remove> source
<[tcp:|udp:]address|address/mask|any>
fsremotesyslog restore-default
fsremotesyslog status
fsremotesyslog help
Examples:
• Enable the UDP connection.
fsremotesyslog enable udp-listener
fsremotesyslog add source udp:any
• Enable the TLS connection for client with the IP address 10.121.88.128.
fsremotesyslog enable tcp-listener
fsremotesyslog add source tcp:10.121.88.128
108 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
8.3 zcollectlogs
The zcollectlogs command collects all OMS log files to one zipped file.
By default, zcollectlogs stores the following:
• The most recent log files generated by the OMS SW platform
• The most recent log files generated by applications
• OMS installation log files
• Static hardware and software configuration of the OMS
• OMS local license and feature information
• CPU, MEMory and filesystem status
• Process status
• Active alarms
• OMS performance data (KPI)
In the full mode, zcollectlogs stores the following:
• All log files generated by the OMS SW platform
• All log files generated by applications
• Analysis from core files generated by process crashes
• Cluster Environment information (OMS platform environment camera tool)
Synopsis:
zcollectlogs [options]
Options:
--full - Collect more troubleshooting data (full mode).
--bzip2 - Use bzip2 instead of gzip.
-o <file> - Store troubleshooting data to <file> instead of default
(/var/log/oms/TroubleshootingData/TSUPL_OMS_GOMS-
1.100510095645.242455000.30684.tar.gz).
8.4 zcollectNElogs
The zcollectNElogs command triggers collection of the troubleshooting data from
OMS and enables sending the data collection file to NetAct.
By default, the program sends request to NE and exits.
Uploaded files are placed in /var/opt/OMSftproot/NE/TroubleshootingData
DN0962949 Issue: 12 © 2018 Nokia 109

Scripts in LTE OMS
All operations are written to the operation log file
/var/opt/Nokia/OMS/OMSPlatform/SS_NELogManager/NELogManagerOpe
rationLog.txt
Synopsis:
zcollectNElogs
Options:
-h [ --help ] - Display help.
-n [ --neid ] arg - Provide target NE.
-p [ --profile ] arg - Provide profile name.
-e [ --emptyprofile ] - Use empty profile name. Use this option directly to set
empty profile.
-f [ --foreground ] - Use the foreground mode. Use this option explicitly to run in
the foreground and receive callbacks.
-s [ --netactEvents ] - Enable NetAct events about received files. When this
option is used, OMS sends logs to NetAct and deletes them from
/var/opt/OMSftproot/NE/TroubleshootingData
8.5 znwi3logging
The znwi3logging command enables and disables NWI3Adapter logging.
Both the sessionmanager log and the managementsession log can be either
enabled or disabled.
Synopsis:
znwi3logging -e
znwi3logging -d
Options:
-e - Enable NWI3Adapter logging.
-d - Disable NWI3Adapter logging.
8.6 ztracecli
The ztracecli command handles the OMS trace log parameters, like on, off, max
log size.
Synopsis:
ztracecli [ -h | -v | -p | --on | --off | --level | -s]
110 © 2018 Nokia DN0962949 Issue: 12

Scripts in LTE OMS
Options:
-v, --verbose - Turn verbose on.
-p, --print - Print current values.
--on - Enable troubleshooting OMS logging. Set the log level to 5.
--off - Disable troubleshooting OMS logging. Set the log level to 2.
--level <log_level> - Set the log level (0-5). If not specified, 3 is set as the default
value.
It is advised that only advanced users with a profound understanding of the
troubleshooting logs collection mechanism use this option.
The log levels are as follows:
• 0 - off
• 1 - error level
• 2 - warning level
• 3 - info level (default)
• 4 - debug level
• 5 - trace level
-s, --size <size in kB> - Set the maximum trace log file size [1024..65536] or

give 'default' to set default (15360).
--vb {--on/--off} <RU list> - Turn on/off visibroker logs for defined RU list (for
example: /FMUIGate).
g Note: The --off / command disables Visibroker logging for all RUs.
DN0962949 Issue: 12 © 2018 Nokia 111

System health and status Command Line Interface Tools and Management
Scripts in LTE OMS
9 System health and status
Related CLI commands use in system health and status of the OMS
9.1 cluster_uptime
The cluster_uptime command displays the OMS restart date and time passed from
the first system restart.
Synopsis:
cluster_uptime [-m] [-f] [-h]
Options
-m - Show the OMS restart times.
-f - Show also OMS restart times occurred in the past.
-h - Print help.
9.2 zstatus
The zstatus command prints OMS status with different options.
Synopsis:
zstatus [ -all | [ -a |& -u |& -v |& -f |& -d |& -c ] ]
Options:
-all - Execute all tests.
-a - Execute zaho.
-u - Execute zupt.
-v - Execute vmstat.
-f - Execute free.
-d - Check disabled RG, RU and process.
-c - Check core dumps.
112 © 2018 Nokia DN0962949 Issue: 12

Cli Tools and Management Tool Scripts

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cli Tools and Management Tool Scripts

Uploaded by

Copyright:

Available Formats

LTE

omsbr_backup -f [-a <filename>]

omsbr_restore -c [ -d [<database name>]] [ -l ] [ -s [<file or

> parts prefix: FULL_R_GOMS6_1.5.debug_oms.corr78_20110126_153601_

> Split complete!

-t, --timeout TIMEOUT[SUFFIX] - This option specifies the timeout for the

Example usage: fshascli -s --filter rg,ru "/HAS*" "/*/HAS*"

-I, --inert-mode {ON|OFF} - Sets inert mode for a Managed Object. The MO

-S, --set <name>=<value> - Set dynamic attributes for a Managed Object. The

1) Aaland Islands 18) Greece 35) Norway

2) Albania 19) Guernsey 36) Poland

3) Andorra 20) Hungary 37) Portugal

4) Austria 21) Ireland 38) Romania

5) Belarus 22) Isle of Man 39) Russia

6) Belgium 23) Italy 40) San Marino

7) Bosnia & Herzegovina 24) Jersey 41) Serbia

8) Britain (UK) 25) Latvia 42) Slovakia

9) Bulgaria 26) Liechtenstein 43) Slovenia

10) Croatia 27) Lithuania 44) Spain

11) Czech Republic 28) Luxembourg 45) Sweden

12) Denmark 29) Macedonia 46) Switzerland

13) Estonia 30) Malta 47) Turkey

14) Finland 31) Moldova 48) Ukraine

15) France 32) Monaco 49) Vatican City

16) Germany 33) Montenegro

17) Gibraltar 34) Netherlands

The following information has been given:

Therefore TZ='Europe/Helsinki' will be used.

Timezone: Europe/Helsinki set to OMS

LDAP PASSWORD> root

Nokia OMS, LDAP CLI

• Execute fshascli -l[n] [all OMS SW]:

fsipaddress virtual add IP-ADDRESS/MASK iface IFACE-NAME via

fsipbond add IFACE-NAME slave IFACE-NAME [ slave IFACE-NAME ]

fsipnet ethiface get

--address-family family, -f family - Set the address family filter to the

NETMASK: (in bits e.g. 24)

These are used variables, continue? (yes/no)?

Executing pleas wait...

SYSTEM RESTART NEEDED

OMS HostName value from LDAP - found: OMS-43

answer 1 to disable eth1 alarms and restart FSNodeOSServer

Read South IP from LDAP = 10.44.143.227

Using Perimeter IP address

OMS FTP server IP address is 10.1.1.5

You set following settings:

Are these parameters correct (yes/no)?

Changing password to ldap

modifyOMSSettings.sh finished SUCCESSFULLY

fsfirewall close-port [--protocol|-l udp|tcp] <--

If no command exists then the error message Incorrect usage of command

omscertificate configure-cmp-client [-ip-addr ip_addr] [-port

omscertificate configure-ca-cr -base-dn c=fi -ip-addr

omscertificate delete-crl <-ca-id ca_id>

omscertificate delete-crl-url -ca-id "CN:CRL_testing-

Generating fphttpd.osldapnoruim from fphttpd.osldapnoruim_template

fsruimrepcli --refreshusers [--host hostname ] [--port

fssetcred <service> <username> OPTIONS

Checking volumes presence (try 1 of 3)

LDAP is up and running

100 © 2018 Nokia DN0962949 Issue: 12

Operation takes about 1 minutes

Do you want to continue? (y/n)

Some error text is printed here about non existing

Example usage: fshascli -s --filter rg,ru "/HAS" "//HAS*"

* 1. row *