Community discussions

MikroTik App
 
SDTikker1
just joined
Topic Author
Posts: 14
Joined: Mon Sep 16, 2019 9:18 am

Firmware mirror and automatic updates

Tue Jul 06, 2021 1:50 am

Hello:
There are numerous articles on how to create an automatic firmware update script on Mikrotik devices. Those work nicely for the most part. However, those aren't very practical for larger deployment scenarios. I would like to create a local firmware repo that I can update automatically (scripted) and then have all the Mikrotik devices update from that.
However, I haven't seen any practical manner to create an auto syncing firmware repo. Has anyone tackled this challenge?
Thank you!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Firmware mirror and automatic updates

Tue Jul 06, 2021 1:53 am

Yes, his name is The Dude.
You can select only one, two, three... or all, no difference, and send the firmware you want installed on that devices.
 
SDTikker1
just joined
Topic Author
Posts: 14
Joined: Mon Sep 16, 2019 9:18 am

Re: Firmware mirror and automatic updates

Sat Jul 10, 2021 7:37 am

Sorry, I don't get it. How does DUDE solve my issue?
Thank you.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Firmware mirror and automatic updates

Sat Jul 10, 2021 10:16 am

Ok, the scripting part is missing, but if you put the firmware packages on The Dude, and select, multi-select or mass select your devices visible on the dude,
you can select on right menù "upgrade" and select version.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Firmware mirror and automatic updates

Sat Jul 10, 2021 12:49 pm

However, I haven't seen any practical manner to create an auto syncing firmware repo. Has anyone tackled this challenge?
Thank you!
There is a menu item "Auto Upgrade" under "System" that seems to be orphaned... it is barely documented.
But it appears to do (or have done in the past) exactly what you like.
You can setup an update source in your network and have other devices auto-upgrade from that.

Unfortunately the source has to be a MikroTik router. It would have been nice if it could be a generic Linux system and probably that can be done, but you would have to reverse-engineer the methods used to find and download the updates (probably just FTP)
However, if you have some router with a lot of storage (e.g. RB1100AHx4-dude or some router with a USB external storage device) it could be an option to use that.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Firmware mirror and automatic updates

Sat Jul 10, 2021 1:45 pm

FOR ME is very bad practice to do auto-upgrade/auto-update , or for be more clear, doing unattended updates is just madness in the production environment.
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Firmware mirror and automatic updates

Sat Jul 10, 2021 2:04 pm

Yes, the "Auto Upgrade" seems abandoned, and require another Mikrotik as server.

We use Ansible for distributing updates. It checks the current version and looks if's it should download a new. Then it creates a scheduled task to reboot.
 
SDTikker1
just joined
Topic Author
Posts: 14
Joined: Mon Sep 16, 2019 9:18 am

Re: Firmware mirror and automatic updates

Tue Jul 13, 2021 4:54 pm

FOR ME is very bad practice to do auto-upgrade/auto-update , or for be more clear, doing unattended updates is just madness in the production environment.
That isn't the topic of this thread. No thread jacking please.

---

Let me clarify folks. The issue isn't the auto update feature of RouterOS, that seems to work nicely. The issue is that if I have a 100 devices, I don't want them all downloading over my public ISP line. I want to create a local firmware mirror that can be scripted. At the moment, the only way to do so is via manual firmware updates from the Mikrotik site. When an org has many devices, the best practice is to cache it locally and serve from that mirror rather than download the firmware over and over again.
Thanks!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Firmware mirror and automatic updates

Tue Jul 13, 2021 5:09 pm

1) I want to create a local firmware mirror that can be scripted.
2) At the moment, the only way to do so is via manual firmware updates from the Mikrotik site.
3) When an org has many devices, the best practice is to cache it locally and serve from that mirror rather than download the firmware over and over again.
1a) Is possible creating a ftp repository inside one or some RouterBOARD with enough space and use it as source for upgrade-package-sources
1b) I already suggest you The Dude on previous topic, but you are too busy to read it and reply something.
2) False, I do not want "thread jacking", the OP is too much sensitive about that, and my solution for do that is OP.
3) True, and perfectly logical
 
tangent
Forum Guru
Forum Guru
Posts: 1333
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Firmware mirror and automatic updates

Tue Jul 13, 2021 5:30 pm

I want to create a local firmware mirror that can be scripted.

Easy in principle:

  1. Create a user on each MT box that has a full-capability user with an authorized SSH key
  2. "scp new-firmware.npk mtbox:"
  3. "ssh mtbox reboot"

That will reboot that one router, which will see an *.npk file on boot at the root of its file system, and so will automatically upgrade to that version.

Putting this into a loop to iterate over all available routers is not difficult. The tricky bit is sending the right version of the firmware to each subset of boxes that has a different CPU, or needs a different version than the others, and so on. Perhaps your existing Ansible setup will suffice for this.

Alternately, there are MNDP (MikroTik Neighbor Discovery Protocol) programs which give output you can use to drive the upgrade loop. The MNDP reply message doesn't appear to include the CPU type string in the form that MikroTik uses in naming firmware upgrade packages, but it does have a "Board" string you can map to the CPU type, which then tells you which file to send. The reply also includes a version string you can use to decide which routers need an upgrade and which to skip.

I hear the devops crowd likes Go, so this particular implemnentation may be of special interest since it gives you a golang library you can use to write your own program with. The associated "discover" program isn't really written to produce output suitable for parsing in a script, but it's a pretty trivial shell around the actual "mndp" library.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Firmware mirror and automatic updates

Tue Jul 13, 2021 5:33 pm

If the OP easy can
"Create a user on each MT box that has a full-capability user with an authorized SSH key"
and
"Putting this into a loop to iterate over all available routers"
has already the soluction to do "/sys pack up in" without think about architecture arm, mipsbe / right extra packages like ntp, user-manager / reboot routerboard / etc.

Are you aiming too high, do you want to show off?
Then so you no longer see us down here with these simple solutions ...

Ansible?
The OP (if I'm not wrong) do not use Ansible...
Last edited by rextended on Tue Jul 13, 2021 5:42 pm, edited 2 times in total.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Firmware mirror and automatic updates

Tue Jul 13, 2021 5:42 pm

We typically use Unimus for this as it works well at large scale. You can schedule the upgrade so that it's automated on whatever code lifecycle makes sense for the organization.

https://unimus.net/blog/network-wide-mi ... grade.html

We can typically upgrade several thousand MikroTik routers within 10 to 15 minutes and get a list of any failed upgrades to go check.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Firmware mirror and automatic updates

Tue Jul 13, 2021 5:44 pm

You know what Unimus use for connect to every single RouterBOARD?
 
SDTikker1
just joined
Topic Author
Posts: 14
Joined: Mon Sep 16, 2019 9:18 am

Re: Firmware mirror and automatic updates

Thu Jul 15, 2021 1:18 am

Folks:
Has anyone figured out a way to create SCRIPTED firmware mirrors from Mikrotik?
Thank you!
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Firmware mirror and automatic updates

Thu Jul 15, 2021 4:34 am

To mass upgrade thousands of Mikrotiks with the push of a button , I do this:

I use a Linux ( Ubuntu ) computer. It has the following scripts:
- site survey ( including site-survey on remote wireless client Mikrotiks ) , save results on my Linux server.
- Get information from remote Mikrotiks ( anything I want , version , signal strength, ROS version, export ) , save results on my Linux server.
- Update/upgrade the ROS version on all Mikrotiks everywhere.
- Update the sys-ro BIOS

It's pretty simple. Just create the following files:
- A text file of each IP address of mikrotiks you manage.
- Expect script ( a for line in text file do a ( telnet/ssh , login , do some commands )

My expect scripts process the text file , if a Mikrotik pings , then continue. It's actually pretty easy stuff.

My expect script can process one Mikrotik at a time until finished with the text file , or process all mikrotiks in the text file at the same time , or process Mikrotiks in groups ( 10 to any amount ) untill finished.

just read up on Linux expect.

North Idaho Tom Jones
 
SDTikker1
just joined
Topic Author
Posts: 14
Joined: Mon Sep 16, 2019 9:18 am

Re: Firmware mirror and automatic updates

Thu Jul 15, 2021 5:25 am

Tom:
But how do you grab new firmware from Mikrotik automatically?
Thanks!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Firmware mirror and automatic updates

Thu Jul 15, 2021 10:00 am

Is that the question from start but no one reply, or reply with something other.

Must be really two questions:

1) How duplicate RouterOS repository, all type of architecture, the long-term and stable version (I hope no testing and no development) on another machine
[And choice what be considerered thah on own repository, like I want still use on device 6.47.10 not 6.47.11]

2) How to force/set the RouterOS to use that duplicate repository than main site.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Firmware mirror and automatic updates

Thu Jul 15, 2021 11:04 am

But how do you grab new firmware from Mikrotik automatically?
Thanks!
I would't advise to do that. Make the updates to the repository (downloading from MikroTik) a manual operation, only make the updating of the routers in your network from the repository automatic.
That way you remain in control over what software is running. You would not want to upgrade all routers overnight to the version released earlier that day.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Firmware mirror and automatic updates

Thu Jul 15, 2021 12:54 pm

@pe1chl
Don't give him advice, he doesn't give a damn.
Read what he replied to a piece of advice about this ...
FOR ME is very bad practice to do auto-upgrade/auto-update , or for be more clear, doing unattended updates is just madness in the production environment.
That isn't the topic of this thread. No thread jacking please.
If you can help him do what he wants, great.
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Firmware mirror and automatic updates

Thu Jul 15, 2021 1:53 pm

Another is simply to have a scheduled scripts that does a /fetch http://... from a known URL then reboots. "known URL" can be geo-balanced with DNS or scripted as well.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Firmware mirror and automatic updates

Thu Jul 15, 2021 5:46 pm

IMO

I don't think it is a good idea to have an automatic schedule script that checks for updates then auto updates if/when a newer version is available.
I will always manually do a test upgrade/update on some Mikrotiks that I can afford to loose or brick. Then after a day or so , if everything looks good/stable and I don't find any issues in these forums, then I will script auto-update a close-to-the-office zone of Mikrotiks and wait another day or so.
Then when there are still no problems, then I will flip the switch and begin bulk upgrades to all Mikrotik devices everywhere.

After everything everywhere is updated, I will then run another script from time to time that connects to all Mikrotiks in my network and checks to see if there are any Mikrotiks that did not get updated ( possibly because the customer had them powered off or something ). I usually find that most of my snow-bird go-south-for-the-winter accounts often have everything at their home powered-off which prevented any auto-updates. So from time to time, I will find some customer Mikrotiks that have not been updated.

Knock on wood ,,, haven't lost a Mikrotik yet when doing bulk updates ...

North Idaho Tom Jones
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Firmware mirror and automatic updates

Thu Jul 15, 2021 6:10 pm

@TomjNorthIdaho The OP don't want opinions.

Read what he wrote to me:
FOR ME is very bad practice to do auto-upgrade/auto-update , or for be more clear, doing unattended updates is just madness in the production environment.
That isn't the topic of this thread. No thread jacking please.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Firmware mirror and automatic updates

Thu Jul 15, 2021 6:36 pm

Re: ... doing unattended updates is just madness in the production environment ...

Well , if you have the staff and the time and the money ( or have no experience and only 10 customers ), I suppose it is possible to manually update hundreds to thousands of Mikrotik devices one at a time.

My issue with manual updates in bulk one-at-a-time is that humans makes mistakes. Scrips are good at looping over and over again and again and not making typo errors/mistakes.
 
SDTikker1
just joined
Topic Author
Posts: 14
Joined: Mon Sep 16, 2019 9:18 am

Re: Firmware mirror and automatic updates

Sat Jul 17, 2021 5:41 am

@TomjNorthIdaho The OP don't want opinions.

Read what he wrote to me:
FOR ME is very bad practice to do auto-upgrade/auto-update , or for be more clear, doing unattended updates is just madness in the production environment.
That isn't the topic of this thread. No thread jacking please.
rextended: you are correct, I am not looking for opinions, just suggestions on how to create an automated firmware mirror. I am fully equipped to evaluate the risk posture of mass firmware deployment.
 
chubbs596
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Fri Dec 06, 2013 6:07 pm

Re: Firmware mirror and automatic updates

Thu Nov 10, 2022 2:04 pm

Yes, the "Auto Upgrade" seems abandoned, and require another Mikrotik as server.

We use Ansible for distributing updates. It checks the current version and looks if's it should download a new. Then it creates a scheduled task to reboot.
Hi,

Would you mind to share you playbook/ansible setup?
 
User avatar
BrianHiggins
Forum Veteran
Forum Veteran
Posts: 702
Joined: Mon Jan 16, 2006 6:07 am
Location: Norwalk, CT
Contact:

Re: Firmware mirror and automatic updates

Thu Nov 10, 2022 3:04 pm

For cpes I have a check in script that runs hourly, and a web server that, among many other tasks that client / server relationship does, decides when to release a update to them, when it does it sends the download url to the cpe and the script downloads and reboots.

For core routers I wrote something that in addition to setting ALL config on the devices (no one ever logs into the MT once the initial IP address has been set), also connects to them through the API and command them to download the update and reboot.

I can/do push updates to thousands of devices in minutes this way.

Who is online

Users browsing this forum: No registered users and 53 guests