Automatic backup for 100 MKT

Harrybg · July 6, 2021, 12:00pm

Hi! I need a script for automated downloading of backup files on about 100 MikroTik routers. I have made a script to create backup file and I want to download it via centos7. Did you have any ideas how to do it?

rextended · July 21, 2021, 5:32pm

Better put one scheduled script on each routerboard than send you every night at random time the email with EXPORT, not backup, or upload the export on one ftp.

Jotne · July 21, 2021, 6:22pm

Email to an google account works fine. I do send both Export and backup file just to have both.

rextended · July 21, 2021, 6:33pm

Must clearly specified:

backup = …backup! but for a) same device, b) same software version and c) same packages active,
export certificates, ssh host key, login users internal database, but not the dude database,
export partially the user-manager (do not exports assigned profiles and other user-manager related thigs) and do not export the other files

a) different devices can cause loss of configuration on interface because MAC addresses do not correspond, and the “import” do not translate or adapt the change.
b) different software version have often differents commands, values and sections
c) obviously, if for example IPv6 is used on old and is disabled on new, IPv6 configuration is lost

export = …intelligent backup! but is little more difficult to restore the devices, a) must be “resetted” without default values (literally blank),
the old config is b) everytime readable do not export certificates, ssh host key, login users internal database, the dude database,
export partially the user-manager (do not exports assigned profiles and other user-manager related thigs), and do not export the other files.
But appropriate “export” or “save” can be made for save also the other things on red, except for the internal users passwords

a) the device must be blank, or any already present settings can interfere with import.
b) as text file, can be imported section-by-section, for find eventual differencies from original device and new (like less ethernet ports) or from different software version.
The config of not present packets or not present/changed interfaces is still readable.

This is how really made backup of all things on routerboard:
http://forum.mikrotik.com/t/router-crashes-are-wiping-the-config/149189/7

/certificate
:foreach cert in=[find] do={
 :local certname [get $cert name]
 export-certificate $cert file-name=("auto_$certname") type=pkcs12 export-passphrase=$certpass
}
# this create some files called auto_$certname.p12 for each certificate

/ip ssh export-host-key key-file-prefix=auto_host-key
# this create the files auto_host-key_dsa, auto_host-key_dsa.pub, auto_host-key_rsa, auto_host-key_rsa.pub to import back the host-key

/export file="auto_export"
# this create... auto_export.rsc

/user export file="auto_user_export"
# this create the export for internal user database auto_export.rsc but do not exports passwords!!!

/system backup save name="auto_backup" dont-encrypt=yes
# this create ... auto_backup.backup

/file remove [find where name="auto_user-manager.umb"]
/tool user-manager database save name="auto_user-manager"
# This create the User-Manager database backup auto_user-manager.umb but the already existant file must be deleted first

file remove [find where name="auto_thedude.db"]
/dude export-db backup-file="auto_thedude.db"
# This create the The Dude database backup auto_thedude.db but the already existant file must be deleted first


# And for all other files inside
/file
:foreach file in=[find where type!=disk && type!=directory && !(name~"dude/files/default") && !(name~"^auto_") && !(name~"dude.db\$") \
   && !(name~"db-...\$") && !(name~"user-manager")] do={
# place at this point a ricorsive /tool fetch upload than send the $file on ftp
}

Jotne · July 21, 2021, 8:15pm

~~[quote=fposavec post_id=868507 time=1626893242 user_id=45287]~~
you can try my script
[/quote]

Just a quick note to your script. You should not use old and obsoleted back-tics.

Wrong:
</s>datum=`date "+%Y-%m-%d"`<e>

Correct
</s>datum=$(date "+%Y-%m-%d")<e>

rextended · July 21, 2021, 9:45pm

Last update: 5 years ago, really recent…

Jotne · July 22, 2021, 7:47am

Would be nice if all certificate could go to one file. If you have many routers and a handfull of certificate on all of them, it would be a large list of files.

rextended · July 22, 2021, 7:53am

Actually this option on export do not exist :((
Is better if RouterOS permit to export internal users.db and cert.db for perfect backup and export to other devices…

Also why not include the internal user export when /export are done instead to
do /user export, not all users know this…

dmitris · July 22, 2021, 4:05pm

Personally i’m using two approaches, one is Oxidize which is pulling config to git over ssh and second is script on mikrotik itself, which is sending config to ftp.

P.S
How to push configs to backup server only if configuration was changed, any ideas?

rextended · July 22, 2021, 4:11pm

Is not possible directly,
send the previous and the actual backup and the export to a server,
inside the server with some script compare both old and new export,
if export are different, except first line containig time and date, send the backup

Why export and not directly the backup?
Because two consecutive backups can be different, for example just for dhcp server “store lease on disk”.