I suspect his will be somewhat controversial and I hope to get many different “insightful” opinions
I have seen and dabbled with some the of the auto update scripts that are out there. Some of them do alerting, backups, stable/long-term channel choice, etc… - really well done. My question is, conceptually - would you use this in a production environment?
I am sure this will be a different answer for many as we all use Mikrotik differently. I don’t mange 600 routers - more like 60 in SMB and enterprise environments. I am not a WISP. I use a different product for wireless. I use consistent RB models and scripts. If I managed 600 routers I would approach this very differently with a dedicated people, process, and tool. I am a one man show. When vulnerabilities are exposed and patches pushed, I am left to scramble and figure out an upgrade process. I am trying to avoid that and keep these better up to date. This has forced me to think about my management and support process differently as well, but I digress…
The bad FUD - I have been doing this long enough to see how updates have broken many things. Scripts, interface lists, and bridge changes immediately come to mind… ugh. I guess the real question is - am I willing to assume the breakage risk to keep these systems better updated? With proper documentation and proper backups - for me, I am leaning toward yes…
Somebody talk me out of this . What is your opinion on this?
It is good and recommended to keep your Device up to date. But i do not think that this means that we should update to every single new release that comes out unless it Fixes a Security issue or a Bug that was causing problems to our setup… But this is just my opinion…
My opinion, as you’ve explicitly asked for it, is “yes to automatic update in terms of not logging in manually to every single device in my network, but no to each device blindly upgrading to the newest LTS release as soon as it appears on Mikrotik web”.
Whoever manages a large installed base is forced to use a limited number of unified configurations (except maybe autists who can remember dates of all the Sundays since the Gregorian calendar has been introduced, I do know such people), so it should be reasonably safe to test each new release on each model you use in your managed base, using all the variants of unified configuration for that model, and only after all of them survive the upgrade without issues, publish that release for that model on your own upgrade server so that the clients’ devices could fetch it from there and use it.
But I personally also handle much less than 100 Tik devices, almost each of them serving a completely different purpose, so no unified configurations in my case, just same approach to the same particular task on all.
Agree 100% with Sindy.
There has been several times over the last year that an update has broken some on the router or change some that did make some stop.
One thing I remember was change in some Wifi settings where user has set some that was not default. The upgrade did change some parameters so that Wifi stopped working.
So an automatically system where you can control when to do the upgrade after you have tested the image on your product should be a good solution.
Not just; new version? upgrade.
