I would like to give voice to the growing community configuring their infrastructure with reproducable and declaritve templates.
There’s a shift from doing click-ops towards writing the desired state of configurations in terraform (/OpenTofu?) and I would love to see best practices and modules from Mikrotik with contributuions from the community.
I would also love to see this supported officially or at least contributions towards best practices and options/modules providing different options like e.g. Google Fabric directly from Mikrotik. https://github.com/GoogleCloudPlatform/cloud-foundation-fabric
It would make it possible to be less-relyant on Winbox and WebFig and be able to reproduce setups across a whole fleet of routers simultaneously in one/a few single commands.
Please have a look at it. Thanks!
I think I saw this some time ago but got scared off by all the drama surrounding terraform licensing and just haven’t looked into it anymore.
Terraform and Ansible were some of the first things I looked into after getting a Mikrotik device. Coming from a software dev background I could never understand how net eng as an industry got by with click ops and shelling in to boxes and bailing out. It’s still kinda silly IMO and I have no idea how big networks stay stable or have sane operators.
I also feel like the Network engineering background folks that I talk to really think that NETCONF and GNMIC and YANG and that whole ecosystem is becoming the standard. Perhaps that’s not a conflict with terraform since they kinda operate at different levels—terraform is more operating on state, and the other Network automation standards are more protocol level—but in any case terraform never seems to get much attention around here.
There is the mikrotik devices controller thread, but I’m not sure if that’s the same thing, to me that seems more like a pro-sumer API client for the REST api that solves different problems. I wish an Infrastructure-as-code layer was a component of that upcoming system but we’ll have to see.
My only conclusion is that network automation across the industry is still an absolute hot mess, and the only folks that are really great at it are the hyper-scalers whose solutions just don’t look at anything like what someone who’s running a MikroTik network is going to want. Someone more experienced plz chime in
I am not a Network Engineer, but I have done my fair share of Terraform with network components. I am seeing more and more support for terraform with network devices (both cloud, of course, and on prem).
Let me give an example of how I am starting to use the provider that @Tassmeister is referred to… In my homelab right now, i am building Kubernetes clusters as code. I am provisioning/deprovisioning them fully and ready to use from mostly Terraform. This includes talking to other services and devices (like Hashicorp Vault for secrets and ssl) and now includes Mikrotik where it can configure DNS on the fly. I can also configure BGP for my MetalLB setup in Kubernetes. In another scenario at my job, I can configure a Netscaler load balancer on the fly when setting up a Kubernetes cluster. When I am done with the cluster, I terraform destroy it and it will deprovision that from the network components.
I guess what I am saying is that maybe Network folks are using some of that other tech, however, think of portability and re-usability amongst many teams and different devices. A network admin could create a custom module for other people to consume and provision their resources. That way, it is a proven template by the experts, but allows people to self service too. So it is not just for managing the devices, but also to give more capabilities to the other users.
You are not competing with Hashicorp? If not, you’re grand, can still use terraform as usual.
The license change was for third-party that offers cloud provisioning utility using terraform, and charging customers to provision resources with it, using proprietary means. It was a fiasco that should never have had happened but it is what it is and a shame too.
Did look at that when I first acquisitioned a MT device, am still wet behind the ears so-to-speak and still learning my way around it, and definitely watching this space.
Using IAC with terraform to provision switches et al looks to be a the right way to go, especially, if deploying mulitple same devices in different locations, with the variations in the configuration.
There may be reasons that the hot-mess is still around, usually, by the infrastructure team, to not use terraform et al for provisioning routers/switches, network engineers are not software developers so may struggle with the concepts of using nuances of terraform code blocks and source control. Maybe its lack of
getting approvals/agreements from powers that be, for running apply/runbooks on devices while keeping blast radius to minimum
establishment of coding style guidelines with best practices in approach
change control process
last but most important - costs to train/educate etc
But for home usage, think it is fantastic to explore that arena.
