Hello:
There are numerous articles on how to create an automatic firmware update script on Mikrotik devices. Those work nicely for the most part. However, those aren’t very practical for larger deployment scenarios. I would like to create a local firmware repo that I can update automatically (scripted) and then have all the Mikrotik devices update from that.
However, I haven’t seen any practical manner to create an auto syncing firmware repo. Has anyone tackled this challenge?
Thank you!
Yes, his name is The Dude.
You can select only one, two, three… or all, no difference, and send the firmware you want installed on that devices.
Sorry, I don’t get it. How does DUDE solve my issue?
Thank you.
Ok, the scripting part is missing, but if you put the firmware packages on The Dude, and select, multi-select or mass select your devices visible on the dude,
you can select on right menù “upgrade” and select version.
There is a menu item “Auto Upgrade” under “System” that seems to be orphaned… it is barely documented.
But it appears to do (or have done in the past) exactly what you like.
You can setup an update source in your network and have other devices auto-upgrade from that.
Unfortunately the source has to be a MikroTik router. It would have been nice if it could be a generic Linux system and probably that can be done, but you would have to reverse-engineer the methods used to find and download the updates (probably just FTP)
However, if you have some router with a lot of storage (e.g. RB1100AHx4-dude or some router with a USB external storage device) it could be an option to use that.
FOR ME is very bad practice to do auto-upgrade/auto-update , or for be more clear, doing unattended updates is just madness in the production environment.
Yes, the “Auto Upgrade” seems abandoned, and require another Mikrotik as server.
We use Ansible for distributing updates. It checks the current version and looks if’s it should download a new. Then it creates a scheduled task to reboot.
That isn't the topic of this thread. No thread jacking please.
Let me clarify folks. The issue isn't the auto update feature of RouterOS, that seems to work nicely. The issue is that if I have a 100 devices, I don't want them all downloading over my public ISP line. I want to create a local firmware mirror that can be scripted. At the moment, the only way to do so is via manual firmware updates from the Mikrotik site. When an org has many devices, the best practice is to cache it locally and serve from that mirror rather than download the firmware over and over again.
Thanks!
1a) Is possible creating a ftp repository inside one or some RouterBOARD with enough space and use it as source for upgrade-package-sources
1b) I already suggest you The Dude on previous topic, but you are too busy to read it and reply something.
2) False, I do not want “thread jacking”, the OP is too much sensitive about that, and my solution for do that is OP.
3) True, and perfectly logical
Easy in principle:
- Create a user on each MT box that has a full-capability user with an authorized SSH key
- “scp new-firmware.npk mtbox:”
- “ssh mtbox reboot”
That will reboot that one router, which will see an *.npk file on boot at the root of its file system, and so will automatically upgrade to that version.
Putting this into a loop to iterate over all available routers is not difficult. The tricky bit is sending the right version of the firmware to each subset of boxes that has a different CPU, or needs a different version than the others, and so on. Perhaps your existing Ansible setup will suffice for this.
Alternately, there are MNDP (MikroTik Neighbor Discovery Protocol) programs which give output you can use to drive the upgrade loop. The MNDP reply message doesn’t appear to include the CPU type string in the form that MikroTik uses in naming firmware upgrade packages, but it does have a “Board” string you can map to the CPU type, which then tells you which file to send. The reply also includes a version string you can use to decide which routers need an upgrade and which to skip.
I hear the devops crowd likes Go, so this particular implemnentation may be of special interest since it gives you a golang library you can use to write your own program with. The associated “discover” program isn’t really written to produce output suitable for parsing in a script, but it’s a pretty trivial shell around the actual “mndp” library.
If the OP easy can
“Create a user on each MT box that has a full-capability user with an authorized SSH key”
and
“Putting this into a loop to iterate over all available routers”
has already the soluction to do “/sys pack up in” without think about architecture arm, mipsbe / right extra packages like ntp, user-manager / reboot routerboard / etc.
Are you aiming too high, do you want to show off?
Then so you no longer see us down here with these simple solutions …
Ansible?
The OP (if I’m not wrong) do not use Ansible…
We typically use Unimus for this as it works well at large scale. You can schedule the upgrade so that it’s automated on whatever code lifecycle makes sense for the organization.
https://unimus.net/blog/network-wide-mikrotik-routeros-upgrade.html
We can typically upgrade several thousand MikroTik routers within 10 to 15 minutes and get a list of any failed upgrades to go check.
Folks:
Has anyone figured out a way to create SCRIPTED firmware mirrors from Mikrotik?
Thank you!
To mass upgrade thousands of Mikrotiks with the push of a button , I do this:
I use a Linux ( Ubuntu ) computer. It has the following scripts:
- site survey ( including site-survey on remote wireless client Mikrotiks ) , save results on my Linux server.
- Get information from remote Mikrotiks ( anything I want , version , signal strength, ROS version, export ) , save results on my Linux server.
- Update/upgrade the ROS version on all Mikrotiks everywhere.
- Update the sys-ro BIOS
It’s pretty simple. Just create the following files:
- A text file of each IP address of mikrotiks you manage.
- Expect script ( a for line in text file do a ( telnet/ssh , login , do some commands )
My expect scripts process the text file , if a Mikrotik pings , then continue. It’s actually pretty easy stuff.
My expect script can process one Mikrotik at a time until finished with the text file , or process all mikrotiks in the text file at the same time , or process Mikrotiks in groups ( 10 to any amount ) untill finished.
just read up on Linux expect.
North Idaho Tom Jones
Tom:
But how do you grab new firmware from Mikrotik automatically?
Thanks!
Is that the question from start but no one reply, or reply with something other.
Must be really two questions:
-
How duplicate RouterOS repository, all type of architecture, the long-term and stable version (I hope no testing and no development) on another machine
[And choice what be considerered thah on own repository, like I want still use on device 6.47.10 not 6.47.11] -
How to force/set the RouterOS to use that duplicate repository than main site.
I would’t advise to do that. Make the updates to the repository (downloading from MikroTik) a manual operation, only make the updating of the routers in your network from the repository automatic.
That way you remain in control over what software is running. You would not want to upgrade all routers overnight to the version released earlier that day.
@pe1chl
Don't give him advice, he doesn't give a damn.
Read what he replied to a piece of advice about this ...
If you can help him do what he wants, great.
Another is simply to have a scheduled scripts that does a /fetch http://… from a known URL then reboots. “known URL” can be geo-balanced with DNS or scripted as well.