Community discussions

MikroTik App
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Fri Apr 10, 2020 10:18 pm

/system backup containing previous version of edited scripts?

Wed Apr 29, 2020 3:38 pm

Dear all,

When opening in notepad the backup file resulting from the /system backup command (https://wiki.mikrotik.com/wiki/Manual:System/Backup), I realize that it contains a track record of several iteration of my scripts.
The /system backup command outputs a .backup file that lists the same script in several stages of edition.
For a lack of better term, it looks as if the backup file contains a recollection of all "past steps" that brought up to the current version when the backup command was run.

Is this normal behavior?
It's as if the backup file is ready to handle several "undo" request, just after being used to restore a device.

As a consequence, it makes the backup file quite heavier than what it could be.

Is there a way to trim the backup file to only show the current config, without the "past steps"?

I'm aware of the export function, I also use it.
And this export function produces a clean output: ie the rsc file that is outputted doesn't show this recollection of all past steps.

Thanks
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Fri Apr 10, 2020 10:18 pm

Re: /system backup containing previous version of edited scripts?

Sat May 09, 2020 4:42 pm

Anyone having a view on this?

is having .backup files bloated with past steps a feature or a bug?
If a feature, can this be deactivated to reduce the filesize?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: /system backup containing previous version of edited scripts?  [SOLVED]

Sat May 09, 2020 5:27 pm

I think it is to be expected. Not only for "undo" but also because it is just a dump of binary configuration as it is now.
Just like memory in your computer or a dump of a disk, it will include old items that have only some "deleted" bit set but not the actual content erased.

As you know, the /export does not have this problem, but it takes longer to generate (visible on old and slow models).
I rarely use System Backup for many reasons. I use /export and store it in a version control system (e.g. git), so I also have historic info.
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Fri Apr 10, 2020 10:18 pm

Re: /system backup containing previous version of edited scripts?

Sat May 09, 2020 5:37 pm

I think it is to be expected. Not only for "undo" but also because it is just a dump of binary configuration as it is now.
Just like memory in your computer or a dump of a disk, it will include old items that have only some "deleted" bit set but not the actual content erased.

As you know, the /export does not have this problem, but it takes longer to generate (visible on old and slow models).
I rarely use System Backup for many reasons. I use /export and store it in a version control system (e.g. git), so I also have historic info.
Thanks for the response, your point makes sense.

I reached similar conclusions as yours when it comes to favor /export, and likewise I have a scheduler to output one export regularly with dates/time on filename to enable rollbacks

Thanks
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: /system backup containing previous version of edited scripts?

Sat May 09, 2020 5:43 pm

Unfortunately rollbacks are not so easy with /export info (it is not a matter of loading a previous version, you would have to reset without defaults which means you can only do that from a tool that allows MAC-level connection e.g. winbox on the local network) but usually one wants to see what has been changed an possibly undo part of that, and for this the /export is the best output as you can use file compare tools to see what has changed, possibly cut out a single command from that and paste it back to the router.
 
eguun
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Fri Apr 10, 2020 10:18 pm

Re: /system backup containing previous version of edited scripts?

Sat May 09, 2020 6:06 pm

Unfortunately rollbacks are not so easy with /export info (it is not a matter of loading a previous version, you would have to reset without defaults which means you can only do that from a tool that allows MAC-level connection e.g. winbox on the local network) but usually one wants to see what has been changed an possibly undo part of that, and for this the /export is the best output as you can use file compare tools to see what has changed, possibly cut out a single command from that and paste it back to the router.
thanks for the tip. I haven't experienced the pain of having to use these exports when in dire need
will keep your words in mind then
 
iegg
just joined
Posts: 18
Joined: Thu May 27, 2021 10:13 pm

Re: /system backup containing previous version of edited scripts?

Thu Oct 28, 2021 9:39 pm

Could we maybe get a response from Mikrotik? In my opinion a backup should only contain the current state, or in other words: old data should really be removed instead of just setting a removed flag, not only for backups but in general.
In my specific case I put e-mail config from my personal gmail account into /tool email. After reflection I came to the conclusion that it was probably a bad idea to do so since in case my router gets hacked, the attackers would also have my personal e-mail credentials, which would give them access to a lot of other stuff. That's why I created a new e-mail account specifically for e-mail notifications sent from routeros. I then just removed the old config via winbox and created a new one containing the new e-mail address credentials. In case those e-mail credentials get leaked it wouldn't be a big deal because I do not use that e-mail address for other stuff. However it turns out those old e-mail settings are still leaking into the config somewhere.
So a bad scenario would be: My router gets hacked, attackers would get access to my personal e-mail credentials (that were actually deleted) by creating a backup (or maybe some other way). In my opinion this is a security concern.

It also means if I want to restore a clean backup made via /export (as opposed to /system backup), i would not be able to do so via VPN, because i first would have to reset the router. After the reset i wouldn't be able to access via VPN anymore because all the VPN config would be gone.

Any opinions?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: /system backup containing previous version of edited scripts?

Thu Oct 28, 2021 10:43 pm

In my opinion the whole mechanism around save/restore/migrate of router configuration in RouterOS is a big mess.
Once v7 betatesting is finalized and it becomes the current version there really has to be some development in this area.
There have to be facilities for restoring backups of one device onto another without as much pain as there currently is.
That could be by improving the export/import mechanism (making "backup" as it exists now redundant), and/or by improving
the backup/restore mechanism (enabling restore on a different device, both of the same and of different type).
In the process, it is probably easy to solve the issue you see in backup now.
 
iegg
just joined
Posts: 18
Joined: Thu May 27, 2021 10:13 pm

Re: /system backup containing previous version of edited scripts?

Fri Oct 29, 2021 9:10 am

@pe1chl, I agree. Maybe they could at least propose a reset with subsequent execution of a script, so basically a reset that would factory reset everything except a specific location on the disk where those scripts can be placed to before reset. After the reset ROS could check the presence of a file at that disk location, and if present, just execute it.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: /system backup containing previous version of edited scripts?

Fri Oct 29, 2021 11:22 am

Well, that already exists! You can place an export file on a router (in a 16MB flash router you need to put it in the flash folder) and then you can start a reset-configuration with run-after-reset option with the name of that file. (also use the option to not make a backup and not install the defaults)
That will import the file right after the reset and the router should be back. And indeed, I have used that before on a remote router where I had the suspicion that the binary configuration was somehow out of sync with the viewable text version. Which turned out not to be the case.

There are issues with it. After some version somewhere in the 6.35..6.39 timeframe it stopped working because the script was started "too soon" after the boot and the router was not ready to accept the config commands. So it silently failed. This has not been fixed even today, but it can be remedied by putting a /delay 30 at the top of the file. (download it, edit it, and re-upload)

However, there are other possible issues! I have recently posted 2 of them in the 6.49 thread. Sometimes the export is just invalid and has to be edited before being imported, and as you cannot see what goes wrong in those run-after-reset scripts it is very hard to find out what it is.

I had more luck using the method of resetting the router without defaults, then use winbox to connect to MAC address (can only be done on a local router...) and then use /import verbose=yes filename. This will print the imported file while it imports, so when it stops you can see what it is importing at that time. You can also continue the import on the next line (with the skip option to skip the lines before).

But it is a tedious process that can only be performed by a person with good knowledge of RouterOS. There should be more clever handling of issues encountered during import that are not really fatal.
 
iegg
just joined
Posts: 18
Joined: Thu May 27, 2021 10:13 pm

Re: /system backup containing previous version of edited scripts?

Fri Oct 29, 2021 2:31 pm

Thanks! I was not aware of that config. But yes, what you describe sounds extremely buggy.
BTW: Do you know what 'Keep User Configuration' means in Reset Configuration? What is the purpose of keeping the user config when resetting? Not sure if I got it right.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: /system backup containing previous version of edited scripts?

Fri Oct 29, 2021 4:35 pm

'keep user configuration' refers to the username/password entries. when you do not keep that, you get reset back to having only the 'admin' user with no password.
(you could read it as 'any configuration applied by the user' but that is not what it is, it is 'configuration as made under the /user menu')

This BTW is another case of buggy export. When you keep the user config it also keeps the user groups. But these are in the export as well. So when you have added your own groups and import an earlier made export after that, it will error out on "group with that name already exists" and stop further processing of the import. GRRRR.

Who is online

Users browsing this forum: andrep, boocko, gigabyte091, Google Adsense [Bot], mtkvvv and 53 guests