RouterOS Italia

Versione completa: [Mikrotik] Semi-Automating CPE ROS/Firmware/script updates and setting changes
Al momento stai visualizzando i contenuti in una versione ridotta. Visualizza la versione completa e formattata.
Introduction
Imagine this scenario. You have numerous AP's and hundreds of CPE's, and you want to add a script or change a setting, or upgrade the RouterOS to the newest version, or check the firmware is at the latest available version. If you don't have a way of rolling this out automatically, then you are going to spend many hours logging into each CPE and doing it manually. So why not log in once more, implement this solution, and never have to log into a CPE's again to do these tasks?
By following the process below you will only have to manually access your existing client units one last time, to load the scripts below. Once the CPE's are loaded with the scripts they will automatically update their ROS versions and Firmwares when you trigger the scripts by enabling on the relevant IP's that the CPE netwatch routines will detect and run the update scripts. For your own peace of mind and general security considerations, you manually control when this happens.

At a Central Point

1. On a Mikrotik AP or Edge/Gateway Router - this is where you place upgrade script file and ROS update files in future.
Create IP addresses (a unique subnet) on an ethernet port as per the example below. These IP's do not have to be on a dedicated ethernet port,as Mikrotik allows creation multiple IP's/subnets on a single interface. Please note that these IP address's are disabled. They are only enabled when you wish to trigger the update routines on the CPE's.

Codice:
/ip address
add address=172.16.0.1/24 comment="CPE File Upgrade" disabled=yes interface=ether1 network=172.16.0.0
add address=172.16.0.2/24 comment="RouterOS Upgrade" disabled=yes interface=ether1 network=172.16.0.0
add address=172.16.0.3/24 comment="Firmware Upgrade" disabled=yes interface=ether1 network=172.16.0.0
add address=172.16.0.4/24 comment="Force CPE Reboot" disabled=yes interface=ether1 network=172.16.0.0
You will need to ensure that your network routing tables at each AP, know where to find the IP subnet created above, so the CPE's Netwatch routines you will soon create, will know where to find the trigger IP's.
On Each CPE
2. Now we create to script that fetches the client unit upgrade file (always called upgrade.rsc, unless you change it in the script below). This needs to be done ONCE on every CPR. It will be useful to add this script to the config.rsc file you use to setup new CPE's.
The "Upgrade Script" to be installed on all your CPE's:

Codice:
system script

Codice:
add name=rscfetch policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="{\r\

Codice:
\n:global ftpserver\r\

Codice:
\n:global usrnme\r\

Codice:
\n:global passwd\r\

Codice:
\n:global pckgname\r\

Codice:
\n\r\

Codice:
\n:set pckgname (\"upgrade.rsc\")\r\

Codice:
\n###########################################\r\

Codice:
\n# Set the package name above as you wish. Remember that your upgrade file (NOT the ROS files) must in \r\

Codice:
\n#       future, have the same name as what you set here.\r\

Codice:
\n# Set the IP below, to exactly the same as the trigger IP you added with the comment "CPE File Upgrade"\r\

Codice:
\n# in step 1. Replace "admin" and "password" below with the correct settings to allow ftp access to \r\

Codice:
\n# the server.\r\

Codice:
\n###########################################\r\

Codice:
\n:set ftpserver \"172.16.0.1\"\r\

Codice:
\n:set usrnme \"admin\"\r\

Codice:
\n:set passwd \"password\"\r\

Codice:
\n\r\

Codice:
\n:if ([:len [/file find name=\"upgrade\"]] = 0) do={:log error \"Downloading Upgrade File - \$pckgname\"\r\

Codice:
\n ;/tool fetch address=\"\$ftpserver\" src-path=\"\$pckgname\" user=\"\$usrnme\" \r\

Codice:
password=\"\$passwd\" mode=ftp;/import upgrade.rsc} else={:log error \"No Upgrade File Found\";}\r\

Codice:
  \n}"


3. Now add a netwatch routine to the CPE to trigger the script to fetch and load the upgrade.rsc file.
Codice:
tool netwatch

Codice:
add disabled=no down-script="" host=172.16.0.1 interval=1m timeout=1s up-script=rscfetch;


4. Add the source for future ROS upgrades. In our case we use the same IP as the trigger IP set in step 1 with the comment ""RouterOS Upgrade". You will be prompted for the password when you add this, it cannot be coded into the script.
Codice:
/system upgrade upgrade-package-source

Codice:
add address=172.16.0.2 user=admin


Summary of Steps 2 to 4, a single cut 'n paste, to terminal window on the CPE.
5. Summing up the required CPE scripts above, you can edit and load the following onto each CPE in one routine (cut and paste to a terminal window)
Summary CPE Code
Codice:
/system script

Codice:
 add name=rscfetch policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="{\r\

Codice:
  \n:global ftpserver\r\

Codice:
  \n:global usrnme\r\

Codice:
  \n:global passwd\r\

Codice:
  \n:global pckgname\r\

Codice:
  \n\r\

Codice:
  \n:set pckgname (\"upgrade.rsc\")\r\

Codice:
  \n:set ftpserver \"172.16.0.1\"\r\

Codice:
  \n:set usrnme \"admin\"\r\

Codice:
  \n:set passwd \"password\"\r\

Codice:
  \n\r\

Codice:
  \n:if ([:len [/file find name=\"upgrade\"]] = 0) do={:log error \"Downloading Upgrade File - \$pckgname\" \r\

Codice:
  \n;/tool fetch address=\"\$ftpserver\" src-path=\"\$pckgname\" user=\"\$usrnme\" \r\

Codice:
  \n password=\"\$passwd\" mode=ftp;/import upgrade.rsc} else={:log error \"No Upgrade File Found\";}\r\

Codice:
  \n}"

Codice:
 /tool netwatch

Codice:
 add disabled=no down-script="" host=172.16.0.1 interval=1m timeout=1s up-script=rscfetch;

Codice:
 /system upgrade upgrade-package-source

Codice:
 add address=172.16.0.2 user=admin;