Community discussions

MikroTik App
 
kctech99
just joined
Topic Author
Posts: 1
Joined: Tue Dec 15, 2020 7:05 pm

Auto update problems

Tue Dec 15, 2020 7:08 pm

#####Local variables defined######

local updateReport ""
local closingStatement ""

local deviceName [/system identity get name]
local deviceDate [/system clock get date]
local deviceTime [/system clock get time]
local hwModel [/system routerboard get model]
local osVersion [/system package get system version]
local currentFirmware [/system routerboard get current-firmware]
local upgradeFirmware [/system routerboard get upgrade-firmware]


#####Report formatted with basic info######

set updateReport ($updateReport . "Router Update Report for $deviceName\n")
set updateReport ($updateReport . "Report generated on $deviceDate at $deviceTime\n\n")
set updateReport ($updateReport . "Hardware Model: $hwModel\n")
set updateReport ($updateReport . "Router OS Version: $osVersion\n")
set updateReport ($updateReport . "Current Firmware: $currentFirmware\n")
set updateReport ($updateReport . "Upgrade firmware: $upgradeFirmware\n")
set closingStatement ($closingStatement . "The current firmware for [$deviceName] is up to date\n")


#####If statement that compares the firmware, updates, and sends email######
#####Confirms or denies need for update######

if ($currentFirmware > $upgradeFirmware)
do={
/system routerboard upgrade;
/tool e-mail send subject="[$deviceName] firmware was successfully Updated" to="address@gmail.com" body=$closingStatement
/system reboot;
}
else={
/tool e-mail sent subject="[$deviceName] firmware didn't need Updating" to="address@gmail.com" body="The Firmware for [$deviceName] didn't need to be updated. Current firmware [$currentFirmware] is up to date."
}
 
tomislav91
Member Candidate
Member Candidate
Posts: 172
Joined: Fri May 26, 2017 12:47 pm

Re: Auto update problems

Mon Dec 21, 2020 2:51 pm

This is what i use
/system script
add dont-require-permissions=no name=firmware-updater owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\
    \r\
    \n\r\
    \n\r\
    \n# Script name: firmware-updater\r\
    \n\r\
    \n########## Set variables\r\
    \n\r\
    \n\r\
    \n## Backup encryption password, no encryption if no password.\r\
    \n:local backupPassword \"\"\r\
    \n## If true, passwords will be included in exported config\r\
    \n:local sensetiveDataInConfig false;\r\
    \n\r\
    \n## Update channel. Possible values: stable, long-term\r\
    \n:local updateChannel \"stable\";\r\
    \n\r\
    \n## Install only patch versions of firmware updates.\r\
    \n## Means that new update will be installed only if major and minor versi\
    on numbers are the same as currently installed firmware.\r\
    \n## Example: v6.43.6 => major.minor.PATCH\r\
    \n:local onlyPatchUpdates\tfalse;\r\
    \n##########\r\
    \n\r\
    \n## !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\
    \_YOU ARE DOING !!!! ##\r\
    \n\r\
    \n############### vvvvvvvvv GLOBAL FUNCTIONS vvvvvvvvv ###############\r\
    \n# Function converts standard mikrotik build versions to the number.\r\
    \n# Possible arguments: osVer\r\
    \n# Example:\r\
    \n# :put [\$getOsVerNum osVer=[/system routerboard get current-firmware]];\
    \r\
    \n# result will be: 64301, because current-firmware value is: 6.43.1\r\
    \n:global getOsVerNum do={\r\
    \n\t:local osVerNum;\r\
    \n\t:local osVerMicroPart;\r\
    \n\t:local zro 0;\r\
    \n\t:local tmp;\r\
    \n\t\r\
    \n\t:local dotPos1 [:find \$osVer \".\" 0];\r\
    \n\r\
    \n\t:if (\$dotPos1 > 0) do={ \r\
    \n\r\
    \n\t\t# AA\r\
    \n\t\t:set osVerNum  [:pick \$osVer 0 \$dotPos1];\r\
    \n\t\t\r\
    \n\t\t:local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\
    \n\t\t\r\
    \n\t\t#Taking minor version, everything after first dot\r\
    \n\t\t:if ([:len \$dotPos2] = 0) \tdo={:set tmp [:pick \$osVer (\$dotPos1+\
    1) [:len \$osVer]];}\r\
    \n\t\t#Taking minor version, everything between first and second dots\r\
    \n\t\t:if (\$dotPos2 > 0) \t\t\tdo={:set tmp [:pick \$osVer (\$dotPos1+1) \
    \$dotPos2];}\r\
    \n\t\t\r\
    \n\t\t# AA 0B\r\
    \n\t\t:if ([:len \$tmp] = 1) \tdo={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
    }\r\
    \n\t\t# AA BB\r\
    \n\t\t:if ([:len \$tmp] = 2) \tdo={:set osVerNum \"\$osVerNum\$tmp\";}\r\
    \n\t\t\r\
    \n\t\t:if (\$dotPos2 > 0) do={ \r\
    \n\t\t\t:set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\
    \n\t\t\t# AA BB 0C\r\
    \n\t\t\t:if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
    }\r\
    \n\t\t\t# AA BB CC\r\
    \n\t\t\t:if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\
    \n\t\t} else={\r\
    \n\t\t\t# AA BB 00\r\
    \n\t\t\t:set osVerNum \"\$osVerNum\$zro\$zro\";\r\
    \n\t\t}\r\
    \n\t} else={\r\
    \n\t\t# AA 00 00\r\
    \n\t\t:set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\
    \n\t}\r\
    \n\r\
    \n\t:return \$osVerNum;\r\
    \n}\r\
    \n############### ^^^^^^^^^ GLOBAL FUNCTIONS ^^^^^^^^^ ###############\r\
    \n\r\
    \n\r\
    \n:log info (\"Firmware checking and upgrade process has started\");   \r\
    \n#load global var\r\
    \n:global beePatchUpdateInapplicable;\r\
    \n## Set global var to the local one, then delete it form the global envir\
    onment\r\
    \n:global beeGlobalUpdateStep;\r\
    \n:local updateStep \$beeGlobalUpdateStep;\r\
    \n/system script environment remove beeGlobalUpdateStep;\r\
    \n\r\
    \n:log info (\"Update step: \$updateStep\");   \r\
    \n\r\
    \n## if it is a very first step\r\
    \n:if ([:len \$updateStep] = 0) do={\r\
    \n\r\
    \n\t# Convert current version to numeric (6.43.8 => 64308)\r\
    \n\t:local osVerCurrent [/system package update get installed-version];\r\
    \n\t:local osVerCurrentNum [\$getOsVerNum osVer=\$osVerCurrent];\r\
    \n\r\
    \n\t## We need this part to keep compatibility with firmware older than 6.\
    43.7\r\
    \n\t:if (\$osVerCurrentNum < 64307 and [:len [:find \"bugfix current relea\
    se-candidate\" \$updateChannel 0]] = 0) do={\r\
    \n\t\t:if (\$updateChannel = \"stable\") do={\r\
    \n\t\t\t:set updateChannel \"current\";\r\
    \n\t\t} else={\r\
    \n\t\t\t:if (\$updateChannel = \"long-term\") do={\r\
    \n\t\t\t\t:set updateChannel \"bugfix\";\r\
    \n\t\t\t} else={\r\
    \n\t\t\t\t:if (\$updateChannel = \"testing\") do={\r\
    \n\t\t\t\t\t:set updateChannel \"release-candidate\";\r\
    \n\t\t\t\t}\r\
    \n\t\t\t}\r\
    \n\t\t}\r\
    \n\t}\r\
    \n\tlog info (\"Checking for new firmware version. Current version is: \$o\
    sVerCurrent\");\r\
    \n\t/system package update set channel=\$updateChannel;\r\
    \n\t/system package update check-for-updates;\r\
    \n\t:delay 5s;\r\
    \n\r\
    \n\t# Getting info about new available firmware version\r\
    \n\t:local osVerNew [/system package update get latest-version];\r\
    \n\t:delay 5s;\r\
    \n\t\r\
    \n\t# If there is a problem getting information about available firmware f\
    rom server\r\
    \n\t:if ([:len \$osVerNew] = 0) do={\r\
    \n\t\t:log info (\"There is a problem getting information about available \
    firmware from server. No internet connection \\\?\");\r\
    \n\t\t:error \"Error during firmware-updater script execution, please see \
    log.\";\r\
    \n\t}\r\
    \n\t\r\
    \n\t# Convert new version to numeric (6.43.8 => 64308)\r\
    \n\t:local osVerNewNum [\$getOsVerNum osVer=\$osVerNew];\r\
    \n\t# Remove function getOsVerNum from global environment to keep it fresh\
    \_and clean.\r\
    \n\t:set getOsVerNum;\r\
    \n\r\
    \n\t# Compare new and current versions\r\
    \n\t:local isUpdateAvailable false;\r\
    \n\t:if (\$osVerNewNum > \$osVerCurrentNum) do={\r\
    \n\t\t:set isUpdateAvailable true;\r\
    \n\t\t:log info (\"New firmware version found: \$osVerNew\");\r\
    \n\t} else={\r\
    \n\t\t:log info (\"New firmware version not found.\")\r\
    \n\t}\r\
    \n\r\
    \n\t# If only patch updates are allowed\r\
    \n\t:if (\$onlyPatchUpdates = true and \$isUpdateAvailable = true) do={\r\
    \n\t\t#Check if Major and Minor builds are the same.\r\
    \n\t\t:if ([:pick \$osVerCurrentNum 0 ([:len \$osVerCurrentNum]-2)] = [:pi\
    ck \$osVerNewNum 0 ([:len \$osVerNewNum]-2)]) do={\r\
    \n\t\t\t:log info (\"New patch version of RouterOS firmware is available.\
    \");   \r\
    \n\t\t} else={\r\
    \n\t\t\t:log info (\"New major version of RouterOS firmware is available. \
    You have to update it manually.\");   \r\
    \n\t\t\t:set isUpdateAvailable false;\r\
    \n\t\t\t#Send email just once\r\
    \n\t\t\t:if (\$beePatchUpdateInapplicable != true and \$emailEnabled = tru\
    e) do={\r\
    \n\t\t\t\t:log info (\"Email was sent just once.\");   \r\
    \n\t\t\t\t/tool e-mail send to=\"\$emailAddress\" subject=\"Router: \$[/sy\
    stem identity get name], new major version of RouterOS firmware is availab\
    le: v\$osVerNew\" body=\"New major version of RouterOS firmware is availab\
    le. You have to update it manually.. \\r\\n\\r\\nRouter name: \$[/system i\
    dentity get name]\\r\\nCurrent RouterOS version: \$osVerCurrent; Routerboa\
    rd firmware: \$[/system routerboard get current-firmware]; Update channel:\
    \_\$[/system package update get channel]; \\r\\nBoard name: \$[/system res\
    ource get board-name]; Serial number: \$[/system routerboard get serial-nu\
    mber]; \\r\\n\\r\\n Changelog: https://mikrotik.com/download/changelogs/cu\
    rrent-release-tree\"; \r\
    \n\t\t\t\t:delay 5s;\r\
    \n\t\t\t\t# If notification was sent, we no longer bother with it.\r\
    \n\t\t\t\t:if ([/tool e-mail get last-status] = \"succeeded\") do={\r\
    \n\t\t\t\t\t:global beePatchUpdateInapplicable true;\r\
    \n\t\t\t\t}\r\
    \n\t\t\t}\r\
    \n\t\t}\r\
    \n\t}\r\
    \n\r\
    \n\t#Keep environment clean\r\
    \n\t:if (\$isUpdateAvailable = true and \$beePatchUpdateInapplicable = tru\
    e) do={\r\
    \n\t\t/system script environment remove beePatchUpdateInapplicable;\r\
    \n\t}\r\
    \n\r\
    \n\t# If we found some updates\r\
    \n\t:if (\$isUpdateAvailable = true) do={ \r\
    \n\t\t## New version of RouterOS available, let's upgrade\r\
    \n\t\t:log info (\"Going to update RouterOS firmware from \$osVerCurrent t\
    o \$osVerNew (channel:\$updateChannel)\");   \r\
    \n\t\t\r\
    \n\t\t:if (\$emailEnabled = true) do={\r\
    \n\t\t\t:local attachments;\r\
    \n\t\t\t\r\
    \n\t\t\t#M# acking system backups to attach them in email.\r\
    \n\t\t\t:if (\$sendBackupToEmail = true) do={\r\
    \n\t\t\t\t:log info (\"Making system backups.\");   \r\
    \n\t\t\t\t## date and time in format: 2018aug06-215139\r\
    \n\t\t\t\t:local dtame ([:pick [/system clock get date] 7 11] . [:pick [/s\
    ystem clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" \
    . [:pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3\
    \_5] . [:pick [/system clock get time] 6 8]);\r\
    \n\t\t\t\t## unified backup file name without extension\r\
    \n\t\t\t\t:local bname \"\$[/system identity get name].\$[/system routerbo\
    ard get serial-number].v\$[/system package update get installed-version]_\
    \$dtame\";\r\
    \n\t\t\t\t:local sysFileBackup \"\$bname.backup\";\r\
    \n\t\t\t\t:local configFileBackup \"\$bname.rsc\";\r\
    \n\t\t\t\t:set attachments {\$sysFileBackup;\$configFileBackup}\r\
    \n\r\
    \n\t\t\t\t## Make system backup\r\
    \n\t\t\t\t:if ([:len \$backupPassword] = 0) do={\r\
    \n\t\t\t\t\t/system backup save dont-encrypt=yes name=\$bname;\r\
    \n\t\t\t\t} else={\r\
    \n\t\t\t\t\t/system backup save password=\$backupPassword name=\$bname;\r\
    \n\t\t\t\t}\r\
    \n\t\t\t\t\r\
    \n\t\t\t\t## Export config file\r\
    \n\t\t\t\t:if (\$sensetiveDataInConfig = true) do={\r\
    \n\t\t\t\t\t/export compact file=\$bname;\r\
    \n\t\t\t\t} else={\r\
    \n\t\t\t\t\t/export compact hide-sensitive file=\$bname;\r\
    \n\t\t\t\t}\r\
    \n\t\t\t\t:delay 5s;\r\
    \n\t\t\t}\r\
    \n\t\t\t\r\
    \n\t\t\t\r\
    \n\t\t\t## Remove backups which we have already sent\r\
    \n\t\t\t:if (\$sendBackupToEmail = true && [/tool e-mail get last-status] \
    = \"succeeded\") do={\r\
    \n\t\t\t\t/file remove \$attachments; \r\
    \n\t\t\t}\r\
    \n\t\t\t\r\
    \n\t\t}\r\
    \n\t\t\r\
    \n\t\t## Set scheduled task to upgrade routerboard firmware on the next bo\
    ot, task will be deleted when upgrade is done. (That is why you should kee\
    p original script name)\r\
    \n\t\t/system schedule add name=BEE-UPGRADE-NEXT-BOOT on-event=\"/system s\
    cheduler remove BEE-UPGRADE-NEXT-BOOT; :global beeGlobalUpdateStep \\\"rou\
    terboardUpgrade\\\"; :delay 15s; /system script run firmware-updater;\" st\
    art-time=startup interval=0;\r\
    \n\t   \r\
    \n\t\t## command is reincarnation of the \"upgrade\" command - doing exact\
    ly the same but under a different name\r\
    \n\t\t/system package update install;\r\
    \n\t}\r\
    \n}\r\
    \n\r\
    \n\r\
    \n## Second step (after first reboot) routerboard firmware upgrade\r\
    \n:if ( \$updateStep = \"routerboardUpgrade\") do={\r\
    \n\t\r\
    \n\t## RouterOS latest, let's check for updated firmware\r\
    \n\r\
    \n\t:if ( [/system routerboard get current-firmware] != [/system routerboa\
    rd get upgrade-firmware]) do={\t\t\t\r\
    \n\t\t## New version of firmware available, let's upgrade\r\
    \n\t\t:log info (\"Upgrading firmware on router \$[/system identity get na\
    me], board name: \$[/system resource get board-name], serial number: \$[/s\
    ystem routerboard get serial-number] | From \$[/system routerboard get cur\
    rent-firmware] to \$[/system routerboard get upgrade-firmware]\");\r\
    \n\t\t\t\r\
    \n\t\t## Start the upgrading process\r\
    \n\t\t/system routerboard upgrade;\r\
    \n\t\t\r\
    \n\t\t## Wait until the upgrade is finished\r\
    \n\t\t:delay 5s;\r\
    \n\t\t\r\
    \n\t\t## Set scheduled task to send final report on the next boot, task wi\
    ll be deleted when is is done. (That is why you should keep original scrip\
    t name)\r\
    \n\t\t/system schedule add name=BEE-FINAL-REPORT-NEXT-BOOT on-event=\"/sys\
    tem scheduler remove BEE-FINAL-REPORT-NEXT-BOOT; :global beeGlobalUpdateSt\
    ep \\\"finalReport\\\"; :delay 15s; /system script run firmware-updater;\"\
    \_start-time=startup interval=0;\r\
    \n\t\r\
    \n\t\t## Reboot system to boot with new firmware\r\
    \n\t\t/system reboot;\r\
    \n\t}\r\
    \n}\r\
    \n\r\
    \n## Last step (after second reboot) sending final report\r\
    \n:if ( \$updateStep = \"finalReport\") do={\r\
    \n\t:log info \"Upgrading RouterOS and routerboard firmware finished. Curr\
    ent RouterOS version: \$[/system package update get installed-version], ro\
    uterboard firmware: \$[/system routerboard get current-firmware].\";\r\
    \n\t\r\
    \n\t:if (\$emailEnabled = true) do={\r\
    \n\t\t/tool e-mail send to=\"\$emailAddress\" subject=\"Router: \$[/system\
    \_identity get name] has been upgraded with new FW!\" body=\"Upgrading Rou\
    terOS and routerboard firmware finished. \\r\\n\\r\\nRouter name: \$[/syst\
    em identity get name]\\r\\nCurrent RouterOS version: \$[/system package up\
    date get installed-version]; Routerboard firmware: \$[/system routerboard \
    get current-firmware]; Update channel: \$[/system package update get chann\
    el]; \\r\\nBoard name: \$[/system resource get board-name]; Serial number:\
    \_\$[/system routerboard get serial-number]; \\r\\n\\r\\n Changelog: https\
    ://mikrotik.com/download/changelogs/current-release-tree\"; \r\
    \n\t}\r\
    \n}\r\
    \n\r\
    \n:log info (\"Firmware updater has finished it's job\");   "
	
/system scheduler
add interval=1d name="Firmware Updater" on-event=\
    "/system script run firmware-updater;" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=aug/11/2019 start-time=06:00:00
	
or if you want something with email
/tool e-mail
set address=10.0.0.1 from=mikrotik@example.com password=xxx port=587 start-tls=yes user=mikrotik@example.com

/system scheduler
add interval=1w name=backup on-event="/system script run upgrade" start-date=jan/01/2000 start-time=22:00:00




:local recipient "mikrotik@example.com"
:local identity [/system identity get name]

/system package update check-for-update
:delay 5

:local current [/system package update get installed-version]
:local latest [/system package update get latest-version]

:if ([:tostr $latest] != "" && $current != $latest) do={
    :local mailbody ("Identity: " . $identity . "\r\nBoard name: " . [/system resource get board-name] . "\r\nSerial number: " . [/system routerboard get serial-number]  . "\r\nFrom version: " . $current . "\r\nTo version: " . $latest)
    /tool e-mail send to=$recipient subject=($identity . " - RouterOS has been upgraded") body=$mailbody
    /system package update install
}

 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1873
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Auto update problems

Thu Dec 24, 2020 8:18 am

Ï would never ever do an auto upgrade on routerOS. There has been so many times that stuff has gone wrong after update. You should have some form of remote check. If external webserver says no, do not update, if yes, then update should be done. This way you could delay update until you are sure you have had time to test all your router type to see that nothing breaks.
 
Why do not use Splunk to monitor your MikroTik Router(s)? Look at this page in how to set it up.

MikroTik->Splunk
 
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1873
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Auto update problems

Fri Dec 25, 2020 7:42 pm

Here is an good example why you should not auto upgrade.

viewtopic.php?p=836297#p836297
 
Why do not use Splunk to monitor your MikroTik Router(s)? Look at this page in how to set it up.

MikroTik->Splunk
 

Who is online

Users browsing this forum: No registered users and 49 guests