firmware upgrade/reboot over CAPSMAN

genesispro · August 8, 2016, 11:13am

is there a way to force a firmware upgrade/reboot from CAPSMAN cause when I update eg 100 CAPSMAN clients then if a firmware upgrade is needed I have to login to each one and do the upgrade and reboot.

I already made a script to upgrade them all over telnet but it only works if the devices have no password (during my initial installation)

squeezypiano · August 8, 2016, 7:09pm

CAPsMAN can auto-upgrade the CAPs after the manager is upgraded. Setting is:

/caps-man manager upgrade-policy (none | require-same-version | suggest-same-upgrade)

Require and suggest will both attempt to upgrade the CAP, require will only provision the CAP if the upgrade is successful. This will, however, do them all at the same time and works best if the CAPsMAN and CAPs use the same package as it will just take the one installed on the CAPsMAN. It is a bit more involved (but not much) if it is a different package, e.g. PPC on CAPsMAN and MIPSBE on the CAPs.

genesispro · August 8, 2016, 7:40pm

Are you sure you mean firmware and not update?
I mean the
/system routerboard upgrade
function

cdiedrich · August 9, 2016, 10:50am

I added a scheduler item for this.
Triggered on startup. Checks if there’s a newer version available and updates automagically.:

/system scheduler
add name=UpgradeFirmware on-event="if ([/system routerboard get current-firmware] < [/system routerboard get upgrade-firmware]) do={\r\
    \n/system routerboard upgrade\r\
    \n:delay 1\r\
    \n/system reboot\r\
    \n}\r\
    \n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=startup

To push this scheduler into each CAP, create an address list with all the IP addresses of your CAPs, save the code above in a file named scheduler.rsc and then add this to your scripts repository and run it once:

/system script
add name=addschedulerupdate policy=ftp,read,write,policy,test,winbox,password,sniff,sensitive,api source="
:foreach i in=[/ip firewall address-list find list=accesspoints] do={
[/tool fetch  address=[/ip firewall address-list  get $i address] mode=ftp user=login password=password src-path=/scheduler.rsc dst-path=scheduler.auto.rsc upload=yes];
}

-Chris

squeezypiano · August 9, 2016, 2:15pm

Apologies, yes, I misread. cdiedrich’s answer is almost identical to what we do.

genesispro · August 10, 2016, 9:18am

thx I got the idea… I totally forgot the auto run script over ftp… I was always doing it over ssh but after setting a password it would become more tricky with the certificates to autologin and run the script