Hello everyone, and Mikrotik Staff,
Is there a way to perform a bulk device-mode upgrade for large-scale deployments, for example using FlashFig or another simple mass configuration tool?
Any suggestions or best practices would be greatly appreciated.
Regards
MikroTik doesn't give a damn about distributors or installers.
Otherwise, they wouldn't have made such a shi~~y device-mode (forced predefined activation on device update).
They only care about the "home" user who has a RouterBOARD at home to play with.
They don't care about CPEs, radio links, or whatever else,
otherwise they wouldn't have forced device-mode to be activated at will on peripherals already installed in radio links hours away by car/off-road vehicle...
Do you mean the one already installed on site (FORGET IT)
or the one you prepare before distributing to the installers (power off the device when script finish)???
You can use this on the last line of mass configuration script, simply power off the device at least within... 1 day...
/system device-mode update activation-timeout=1d mode=advanced flagged=no flagging-enabled=yes \
bandwidth-test=yes container=no email=yes fetch=yes hotspot=yes ipsec=yes l2tp=yes pptp=no \
proxy=no romon=yes scheduler=yes smb=no sniffer=yes socks=no traffic-gen=yes zerotier=yes \
install-any-version=no partitions=yes routerboard=yes authorized-public-key-hash=""
Yes, but we need a pre-staging to our default, because we remote config device located on our hub.
People that configuring the devices are different from people that manage the devices on our hub.
You can use this on the last line of mass configuration script, simply power off the device at least within... 1 day...
Nice input
To be precise and unambiguous: I literally mean removing the power without rebooting or shutting down first...
I refer to activation-timeout, as nice input.
yes, yes, is for be not ambiguos with other users that read this topic....
Do you know what the attribute authorized-public-key-hash does?
You asked the question in a past release thread, but I can't find any answers. And it's not in docs...
It apparently accepts a hash generated by e.g. from your public key.
openssl dgst -sha256 -hex ~/.ssh/id_rsa.pub
My best guess how it could probably work:
.pub file to the router./user ssh-keys private import user=<user> private-key-file=/files/id_rsa.pub
authorized-public-key-hash by/system/device-mode/update authorized-public-key-hash=<hash-of-public-key>
This probably still needs a power-cycle or mode/reset button press. However, any device mode updates after that may then be authorized using the SSH public key of executing user.
anyone wanna try in lab?
That what I've suspected since it first appeared... But I still haven't tried it ;).
But if someone already knows that be good. @rextended asked about in the 7.17 thread, but I couldn't find a reply.
Tried it on a 4011 with 7.19.2 and it didn’t seem to change the process that I could see. Asked to turn off power both when I added the hash, and after power off reboot with any changes.
Maybe someone here can get it.