Hi normis,baldaszti how would you use this? why do you need to reset something, and keep the users? reset means reset, remove all config. if you want to reconfigure only some part, use IMPORT command to set new values to existing config, without reset.
As I mentioned I cannot edit the RSC file (nor by manually due to number of devices, nor by script due to company policy). Why is it a big deal to keep keys like user information during reset? Call it "keep-identity" if you like. Please, we cannot use your devices until there's a method of saving and restoring configuration in a human readable format (containing cli commands) without loosing the router's identity. I wouldn't ask if I could find any other solution.not necessarily. you can edit the RSC file and issue "remove" commands before adding the new addresses. RSC (Import) file is basically a file that contains RouterOS commands. whatever you can do in console, you can do from this file. This way you can issue commands to remove all other config, and apply only what is needed.
You are wrong. To do so you would need a key authenticated ssh prompt (which I cannot use now, since the router's identity changes).that would mean, that someone could completely reconfigure your router
"keep-identity" looks quite universal to me. I'm not talking about routes, wifis and other provided services, but the safe identification of the router itself on management side.creating a new function in RouterOS is not so easy.
somebody else will ask for "keep wireless keys", "keep user manager db", "keep routes" etc. we need to figure out a solution that helps everyone
Flashfig is not an option since the routers are not on the same l2 network (in fact they are hundreds of km away), neither use our cms windows. I've already integrated routeros to our cms, I can read and upload configuration perfectly, I only need a way to load an unmodified /extract output without failures or loosing the router's identity.for rapid config of routers with RSC files, you can also use Flashfig:
http://wiki.mikrotik.com/wiki/Manual:Flashfig
As I've told you by hand it would take too much time, and our company policy does not allow scripts (no home-made configuration manipulating script would ever pass on audit, it's a question of responsibility).why can't you edit the RSC files?
I cannot. We're administrating a huge amount of devices from different manufacturers, and RouterOS is the only one that fails. And it's not the management that write the rules, we got them from the auditor.anyway, you still have only one option. tell the management that their policy is blocking your goal.
Editing 1 configuration and about 20 DOES TAKE considerably more time. Not to mention the possibility of errors (typos or pasting the same management ip for more routers and other problems).editing by hand will not take a lot of time. not more than configuring one router. just paste needed commands in a text file, that's it.
Sorry, but you're wrong. They use different ip addresses for example (as I wrote before) which involves human error that we cannot afford.while you were writing this post, you would have completed editing the file. you only need to do this once, as you will use it for all the routers.
In this case why can't I import a config generated from export without modifications (adding plus remove commands)? Shouldn't it be so?sorry but I can't help you in any other way. import/export was designed for this reason.
to import 'file.rsc', try "/system reset-configuration run-after-reset=file.rsc"why can't I import a config generated from export without modifications (adding plus remove commands)? Shouldn't it be so?
good point. I would be happy with this, it would solve my problem.1) well, if 'keep-users' parameter of 'reset-configuration' is intended to save authentication info after reset, why can't it save SSH keys?..
That's exactly what I'm trying to do. It works fine, the only problem is the loss of authentication (ssh key changed).2) to import 'file.rsc', try "/system reset-configuration run-after-reset=file.rsc"
Indeed. I'd also rather like this.So what about preserving keys if "keep-users=yes" flag used? No new function involved, you don't even have to alter the documentation... Please, I really need this, and you can bet I'm not the only one who wants to restore full configuration.
What new fetaures of configuration do you mean?The router 5.6 is great one and having the new features of configuration as well as the modulation of access and sharing.
[admin@MikroTik] > /export file=test.rsc
[admin@MikroTik] > /import file=test.rsc
Opening script file test.rsc
Script file loaded successfullyfailure: pool with such name exists
[admin@MikroTik] >
/system reset-configuration run-after-reset=test.rsc
where is the bug? that you ran import on a configured system? please read the manual on how import/export works.It seems to me that 5.6 is even buggier than 5.5.
Dear normis,where is the bug? that you ran import on a configured system? please read the manual on how import/export works.It seems to me that 5.6 is even buggier than 5.5.
no, what our tests show, is that the import fails at user groups. the router is accessible over MAC address, basically you can say that it works like a regular system reset, and just doesn't import correctly.doesn't work? but why even mac-winbox didn't work after reset?..
I was unable to use winbox with MAC address (the popup list was empty). I suppose because the import was incorrect, the router left in an unspecified state. I can run further tests if you like and if it could help. I can also test it on a ppc based router as well (I used mips-be), but I don't think it would make any difference.no, what our tests show, is that the import fails at user groups. the router is accessible over MAC address, basically you can say that it works like a regular system reset, and just doesn't import correctly.
That's strange, I did what you asked, but on an RB1200 with routeros-powerpc-5.6.npk the problem does not show up. It fails to load the configuration, but I can access the device via winbox. It seems that the hangup problem is limited to routeros-mipbe-5.6.npk only (tested on RB750G). Is there any plus information that can help?try to do this on a router which has a serial port, and monitor what happens on the serial console. at least if MAC/IP connectivity is broken, you will still get access to RouterOS.
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 ether1
[admin@MikroTik] > /export file=test.rsc
[admin@MikroTik] > /system reset-configuration run-after-reset=test.rsc
Dangerous! Reset anyway? [y/N]:
y
system configuration will be reset
Rebooting...
Stopping services...
Restarting system.
RouterBOOT booter 2.33
RouterBoard 1200
CPU frequency: 1000 MHz
Memory size: 1024 MB
Press any key within 2 seconds to enter setup..
loading kernel from nand... OK
setting up elf image... OK
jumping to kernel code
Starting...
Generating SSH RSA key...
Generating SSH DSA key...
Starting services...
MikroTik 5.6
--- ascii art removed ---
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
[admin@MikroTik] >
I agree, I can't reproduce the error either, it had to be a one-time coincidence. So please forget it, and focus on config loading issue.I did my test on a RB751U (mips-be) and also didn't have the problem. Maybe it was a coincidence.
our developers already have fixed it, it will work in v5.7I agree, I can't reproduce the error either, it had to be a one-time coincidence. So please forget it, and focus on config loading issue.I did my test on a RB751U (mips-be) and also didn't have the problem. Maybe it was a coincidence.
Great, thanks! Is it possible by any chance that in v5.7 it will keep the keys if "keep-users=yes" used...?our developers already have fixed it, it will work in v5.7
Thank you very much!I will see what we can do about it.
line from the new 5.7 build (not public)Thank you very much!I will see what we can do about it.
What's new in 5.7 (2011-Aug-11 10:12):
*) system reset-configuration - if keep-users is specified ssh user keys are
preserved as well;
Starting...
Generating SSH RSA key...
Generating SSH DSA key...
It's not so soon. The time is irrelevant, the point is, if we need to upload the configuration from the central management sever, we can do it once, and never again. The reset is necessary because the /export command generates such clis that it gives error on /import (it's about using "set" and "add"). It can be loaded only if the device has empty config (that's fine, many company use this method). And we cannot use any tool that compares and generate clis, it's a question of responsibility (we have to send the commands unchanged to the device, so if an error occurs, it's the administrator's fault, not some program bug).Dear baldaszti,
Maybe I missed something in the discussion (forgive me...) o I am asking something obvious, but why you have to reconfigure the whole router so soon? I really can't understand.
I've used Milliscript for processing export files and never had a problem. Have you seen the latest version - http://wiki.mikrotik.com/wiki/Milliscript ?It's not so soon. The time is irrelevant, the point is, if we need to upload the configuration from the central management sever, we can do it once, and never again. The reset is necessary because the /export command generates such clis that it gives error on /import (it's about using "set" and "add"). It can be loaded only if the device has empty config (that's fine, many company use this method). And we cannot use any tool that compares and generate clis, it's a question of responsibility (we have to send the commands unchanged to the device, so if an error occurs, it's the administrator's fault, not some program bug).Dear baldaszti,
Maybe I missed something in the discussion (forgive me...) o I am asking something obvious, but why you have to reconfigure the whole router so soon? I really can't understand.
Thanks for the tip, it's really a great tool indeed, but it does not solve my problem. I cannot use third party tool to modify the configuration (question of responsibility), as I wrote before.I've used Milliscript for processing export files and never had a problem. Have you seen the latest version - http://wiki.mikrotik.com/wiki/Milliscript ?
It's a godsend!
Rgds,
Mark.
then let him a way to load reference config to working routerif you are that concerned about security you should know that keeping those keys is insecure when router is completely reconfigured.
I'm sorry but during all this time, you couldn't clearly explain things that you needed, and why. We added some new functionality, but apparently it wasn't enough.Dear Mikrotik,
Two months passed, the 5.7 is out, and host key still regenerating.
You did not manage to put a simple "if()" in your code within 2 months. This means your RouterOS is the only software in our arsenal that cannot save it's configuration in cli format and load it back again, so management decided to throw all of them out. Congratulations! I'm pretty sure you'll have no further orders from my government (the owner of our company).
Don't tell me you didn't had the chance. Sic transit gloria mundi!