Export and Import on backup and clone device problem !

spazio · July 20, 2021, 2:21pm

Hi All!
I’m in a jam and can’t figure out what’s the problem…
I just landed a new job and have proposed mikrotik hardware to replace more closed minded vendor ( so to speak, hahaha )
For mikrotik product to be accepted.I have to do a proof of concept of a common remote office config with export/import/backup/restore to facilitate deployment and remote managing.
And IT JUST NOT WORKING!

So I began with CHR - https://wiki.mikrotik.com/wiki/Manual:CHR plateform on GNS3 and realise there was a bug with dhcp-client on reset-config.
Look here for bug details: http://forum.mikrotik.com/t/chr-problem-with-dhcp-client-after-reboot/116337/1

So /system reset-configuration no-defaults=yes run-after-reset=/flash/defaultscript.rsc
CAN’T BE USED! Any script with this way will stop and EXIT at the dhcp-client with message

failure: action already exists with such a name

That there is an interface or something else with this name or something like that ( sorry, I didn’t copied the error message on every try last week! YES I’ve been over this for WEEEEEEEKKKKKSSSSS!

To bypass this bug! I manually remove the dhcp-client every time and try with
/import /flash/defaultscript.rsc

defaultscript.rsc is the default script from a rb2011 default script that I copied. Here it is:

#| Welcome to RouterOS!
#|    1) Set a strong router password in the System > Users menu
#|    2) Upgrade the software in the System > Packages menu
#|    3) Enable firewall on untrusted networks
#| -----------------------------------------------------------------------------
#| RouterMode:
#|  * WAN port is protected by firewall and enabled DHCP client
#|  * Ethernet interfaces (except WAN port/s) are part of LAN bridge
#| LAN Configuration:
#|     IP address 192.168.88.1/24 is set on bridge (LAN port)
#|     DHCP Server: enabled;
#|     DNS: enabled;
#| WAN (gateway) Configuration:
#|     gateway:  ether1 ;
#|     ip4 firewall:  enabled;
#|     NAT:   enabled;
#|     DHCP Client: enabled;

:global defconfMode;
:log info "Starting defconf script";
#-------------------------------------------------------------------------------
# Apply configuration.
# these commands are executed after installation or configuration reset
#-------------------------------------------------------------------------------
:if ($action = "apply") do={
  # wait for interfaces
  :local count 0;
  :while ([/interface ethernet find] = "") do={
    :if ($count = 30) do={
      :log warning "DefConf: Unable to find ethernet interfaces";
      /quit;
    }
    :delay 1s; :set count ($count +1); 
  };
 /interface list add name=WAN comment="defconf"
 /interface list add name=LAN comment="defconf"
 /interface bridge
   add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
 :local bMACIsSet 0;
 :foreach k in=[/interface find where !(slave=yes  || name="ether1" || name~"bridge")] do={
   :local tmpPortName [/interface get $k name];
   :if ($bMACIsSet = 0) do={
     :if ([/interface get $k type] = "ether") do={
       /interface bridge set "bridge" auto-mac=no admin-mac=[/interface ethernet get $tmpPortName mac-address];
       :set bMACIsSet 1;
     }
   }
   /interface bridge port
     add bridge=bridge interface=$tmpPortName comment=defconf;
 }
   /ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
   /ip dhcp-server
     add name=defconf address-pool="default-dhcp" interface=bridge lease-time=10m disabled=no;
   /ip dhcp-server network
     add address=192.168.88.0/24 gateway=192.168.88.1 comment="defconf";
  /ip address add address=192.168.88.1/24 interface=bridge comment="defconf";
 /ip dns {
     set allow-remote-requests=yes
     static add name=router.lan address=192.168.88.1 comment=defconf
 }

   /ip dhcp-client add interface=ether1 disabled=no comment="defconf";
 /interface list member add list=LAN interface=bridge comment="defconf"
 /interface list member add list=WAN interface=ether1 comment="defconf"
 /ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"
 /ip firewall {
   filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
   filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
   filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
   filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
   filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
   filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
   filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
   filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
   filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
   filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
   filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
 }
   /ip neighbor discovery-settings set discover-interface-list=LAN
   /tool mac-server set allowed-interface-list=LAN
   /tool mac-server mac-winbox set allowed-interface-list=LAN
}
#-------------------------------------------------------------------------------
# Revert configuration.
# these commands are executed if user requests to remove default configuration
#-------------------------------------------------------------------------------
:if ($action = "revert") do={
/user set admin password=""
 /system routerboard mode-button set enabled=no
 /system routerboard mode-button set on-event=""
 /system script remove [find comment~"defconf"]
 /ip firewall filter remove [find comment~"defconf"]
 /ip firewall nat remove [find comment~"defconf"]
 /interface list member remove [find comment~"defconf"]
 /interface detect-internet set detect-interface-list=none
 /interface detect-internet set lan-interface-list=none
 /interface detect-internet set wan-interface-list=none
 /interface detect-internet set internet-interface-list=none
 /interface list remove [find comment~"defconf"]
 /tool mac-server set allowed-interface-list=all
 /tool mac-server mac-winbox set allowed-interface-list=all
 /ip neighbor discovery-settings set discover-interface-list=!dynamic
   :local o [/ip dhcp-server network find comment="defconf"]
   :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
   :local o [/ip dhcp-server find name="defconf" !disabled]
   :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
   /ip pool {
     :local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
     :if ([:len $o] != 0) do={ remove $o }
   }
   :local o [/ip dhcp-client find comment="defconf"]
   :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
 /ip dns {
   set allow-remote-requests=no
   :local o [static find comment="defconf"]
   :if ([:len $o] != 0) do={ static remove $o }
 }
 /ip address {
   :local o [find comment="defconf"]
   :if ([:len $o] != 0) do={ remove $o }
 }
 :foreach iface in=[/interface ethernet find] do={
   /interface ethernet set $iface name=[get $iface default-name]
 }
 /interface bridge port remove [find comment="defconf"]
 /interface bridge remove [find comment="defconf"]
 /interface bonding remove [find comment="defconf"]
 /interface wireless cap set enabled=no interfaces="" caps-man-addresses=""
  /caps-man manager set enabled=no
  /caps-man manager interface remove [find comment="defconf"]
  /caps-man manager interface set [ find default=yes ] forbid=no
  /caps-man provisioning remove [find comment="defconf"]
  /caps-man configuration remove [find comment="defconf"]
}
:log info Defconf_script_finished;
:set defconfMode;

The script finish but no config has change! It’s not working!
I can see the comments in the log!

13:53:10 system,info,account user admin logged in from 10.1.1.208 via ssh
13:53:15 script,info Starting defconf script
13:53:15 script,info Defconf_script_finished

So I tried something else. I took a rb2011 and did a working configuration and did:

/export file=myrtrbackup

also

/export terse file=myrtrbackup

The config is pretty standard. One thing that I need is some custom script running on the router. One example of this is.
I have This script from the wiki:
https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Client#Lease_script_example

Here the code to add the config script to the router.

/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=ether2 script="{\r\
    \n    :local rmark \"WAN1\"\r\
    \n    :local count [/ip route print count-only where comment=\"WAN1\"]\r\
    \n    :if (\$bound=1) do={\r\
    \n        :if (\$count = 0) do={\r\
    \n            /ip route add gateway=\$\"gateway-address\" comment=\"WAN1\" routing-mark=\$rmark\r\
    \n        } else={\r\
    \n            :if (\$count = 1) do={\r\
    \n                :local test [/ip route find where comment=\"WAN1\"]\r\
    \n                :if ([/ip route get \$test gateway] != \$\"gateway-address\") do={\r\
    \n                    /ip route set \$test gateway=\$\"gateway-address\"\r\
    \n                }\r\
    \n            } else={\r\
    \n                :error \"Multiple routes found\"\r\
    \n            }\r\
    \n        }\r\
    \n    } else={\r\
    \n        /ip route remove [find comment=\"WAN1\"]\r\
    \n    }\r\
    \n}\r\
    \n"

After exporting the WORKING config from the router to another hardware and trying with winbox in system reset-configuration
Or directly with cli trying to import the config

/system reset-configuration no-defaults=yes run-after-reset=flash/export.rsc

I get this message:

[admin@MikroTik] /file> /import flash/export.rsc

cannot open import file, \t\t    file does not exist
[admin@MikroTik] /file>

I’M stuck and not able to make config export and restore working. Since I’m on a limited time budget to demonstrate that mikrotik IS THE hardware road to take!
Anybody has been successful in exporting/importing configs with script?
Any help would be appreciated…

Thanks in advance
Spazio

rextended · July 20, 2021, 3:05pm

IT: E adesso che fai, ti rifai vivo tra qualche anno come il solito?
EN: And now what are you doing, will you come back in a few years as usual?

Everything you’ve written is just nonsense.

the “bug with dhcp-client on reset-config” it has nothing to do with it

if you not know how the things works, don’t blame others
the script do not work runned from console, but only when you reset the device

[...]
#-------------------------------------------------------------------------------
# Apply configuration.
# these commands are executed after installation or configuration reset
#-------------------------------------------------------------------------------
:if ($action = "apply") do={
[...]
}
#-------------------------------------------------------------------------------
# Revert configuration.
# these commands are executed if user requests to remove default configuration
#-------------------------------------------------------------------------------
:if ($action = "revert") do={
[...]
}

spazio · July 20, 2021, 5:51pm

LIKEWISE ! “rextended”

What you say just DOESN’T work on CHR !!! It’s the first test on my post!
I Tested that script with a reset and IT DOESN’ T WORK!!!

/system reset-configuration no-defaults=yes run-after-reset=flash/defaultscript.rsc

And that’s just one of the script that doesn’t work!!!

PLEASE READ THE POST COMPLETELY and UNDERSTAND IT before replying to it to part of it! Thinking you’ve solved it!
Just don’t reply with partial comprehension of a problem or If you don’t know! Some have tested thing before posting !!!

Thanks anyway for the reply…

rextended · July 20, 2021, 6:13pm

READ THIS: I want help you, but you must post the “the WORKING config from the router” instead, only censored, not with deleted parts.

you can only write “DOESN’T work”?

Is not what you do, from your reply.

there is nothing to test, you still to not understand what the script do.
:if ($action = “apply”) do={

I don’t say anything,

it’s you who insist
you cannot import the original defconf script, neither run it from the command line.
the script work only on “his” hardware at reset-configuration time

I have read the post more than three times to understand the mess.

spazio · July 20, 2021, 7:59pm

Either I was too close to see it or I didn’t want to see it!
I’ll start over and retry everything with the working exported configs from scratch!

Thanks!