Following on a previous posters [iredden] idea, I created a script to automate batch commands from a linux host.
First, you have to setup the SSH for the server you will be running this from.
See http://wiki.mikrotik.com/wiki/Use_SSH_to_execute_commands_(DSA_key_login)
Create listing of Mikrotik Routers…
admin@watchdog:/$ cat /opt/ros/routers.txt
172.16.48.1
172.16.48.35
172.16.48.37
Create listing of commands…
admin@watchdog:/$ cat /opt/ros/ros-commands
/system identity print
/system resource print
Create username/password file
admin@watchdog:/usr/sbin# cat /etc/monitor.passwd
remote||password
And then launch the script below like so…
ros-remote /opt/ros/ros-commands
#!/usr/bin/perl
# By Matthew D. Smith (c) 2007 with help of the orignal script by
# by Ian Redden
# Purpose: To get info or execute commands on a Mikrotik RouterOS.
#
# Prerequisites: Expect, IO::Tty, IO:Stty
#
# Script will log into each router one a time (from ROUTER_LIST) and issue the commands from CMD_LIST one at a time.
#
# Usage: ros-remote [filename] ie; #ros-remote /opt/ros/ros-commands.txt
#
#
#######################CONFIGURATION########################################
# Text Listing of Routers - Insert Your Filename Here
my $ROUTER_LIST = '/opt/ros/routers.txt';
######################END CONFIGURATION#####################################
#############DO NOT ALTER BELOW THIS LINE###################################
# Open File
open DATA, "$ROUTER_LIST" or die "can't open $ROUTER_LIST $!";
# Assign array to Router List
my @routers_array = <DATA>;
# Close File - Done.
close (DATA);
# Assign variable to command file passed to script
my $CMD_LIST = "$ARGV[0]";
# Loop through each router in Array
foreach my $line (@routers_array)
{
# Use Expect
use Expect;
# Where is SSH?
$ssh = "/usr/bin/ssh";
# Get Username/Password
open(PS,"/etc/monitor.passwd");
while (<PS>) {
chomp;
($usernm,$pass) = split(/\|\|/, $_);
}
close(PS);
# Command to launch SSH
$command = "$ssh -l $usernm -i /root/.ssh/id_dsa $line";
# Use Expect to connect to Router
$ssh = Expect->spawn("$command");
# Do not echo Router Banner
$ssh->log_stdout(0);
# Send Password - enable if user account has password
# if ($ssh->expect(undef, "password:")) {
# print $ssh "$pass\r";
# }
# Send Commands From File
open( FILE, "< $CMD_LIST" ) or die "can't open $CMD_LIST $!";
if ($ssh->expect(undef, ">")) {
while ($cmd = <FILE>) {
# Echo Commands
$ssh->log_stdout(1);
print $ssh "$cmd\r";
$ssh->expect(undef, ">");
}
}
# Close File
close FILE;
#Quit SSH Session
print $ssh "/quit\r";
}
print "\r";
I plan on using this to distribute a common list of firewall rules to all of my Routers once I figure out how to either remove all existing firewall rules or how to avoid duplicate rules…
I’m planning on elaborating on this in the future such as polling MT’s neighbor viewer to get router listing, some sort of php/mysql interface to maintain listing of commands/routers, etc. Any help would be appreciated!
I know SNMP Write is coming in 3.0, but hopefully this helps out anyone who planning on using 2.x for a while…
-Matt