I have been working on getting my network setup with RouterOS devices, a mix of CHRs, RBs, and CCRs. Ideally I would like all of the configs stored in a git repo and be able to load them onto a new device as well as be able to apply the configs to existing devices when changes are made. Currently I have a bunch of RouterOS scripts that I created and setup a way to use fetch to get them from the repo, then apply them. There are two problems here. First this requires network config to be pushed before it can download. Second this current setup requires that the router gets reset to defaults then run a specified script on restart which is not the preferred way. Ideally I would do something like typical server config management that reads the current state and if it does not match the requested state run the appropriate commands to make it match.
Is there a recommended way of doing this? Am I expecting too much and should just like push some basic config then continue with what I was doing before?
RouterOS configuration differs a bit from other platforms where you simply can’t just apply commands over and over again, or just activate another configuration on the fly. The best apporach is probably (and the one we use when deploying) is to begin with a remove [find] when dealing with lists, such as /ip address or /ip firewall filter. For example.
# remove all but defconfig
/ip address remove [find comment!~"defconf.+"]
/ip address add address=1.2.3.4/24 interface=ether2
/ip address add address=5.6.7.8/24 interface=ether3
I am aware of how to script it out on the RouterOS systems and have scripts to do that. I looked at Unimus before but I believe it has the same issue that everything else has that I have looked at, basically it communicates over API or SSH and therefore requires some configuration to be on the device first. Not an impossible task, but it would be ideal if I could push it over serial for an initial config.
Also need to setup configuration for labs that people would likely run on their local system in virtual machines I don’t think that use case is really covered there. My initial thoughts with using Ansible seem much more promising on that part.
I will also point out that Unimus does not seem to be actual config management and instead appears to be just a managed backup service with some diffing and the ability to do some mass push. A config management would have ideally templating and applying the templated configs with some type of source control backing it.