Community discussions

MikroTik App
 
pythoner6
just joined
Topic Author
Posts: 4
Joined: Sat Nov 12, 2022 5:14 am

Declarative Configuration And Inconsistent Command Structure

Wed Nov 16, 2022 6:47 am

I'm currently trying to figure out how I can manage the configuration on a RouterOS switch (CRS328-24P-4S+) and I'm struggling to find a good way to do this. I really want a way to declaratively set the configuration of the switch - that is to have a single configuration file with the entire desired configuration and a way to set the configuration to exactly that. The closest I can find to this is using
/system/reset-configuration run-after-reset=...
Unfortunately this would mean restarting every single time a configuration change is made, even when it shouldn't be necessary. The next thing I looked to was export/import, but it doesn't look like this does what I want either. For example, if I have an existing configuration with
...
/ip dhcp-client
add interface=bridge
...
and I remove that, and then importing that changed configuration will not delete that entry in the configuration (and indeed will rerun any other existing adds, etc).

So I next turned my attention to how I could build this functionality by comparing an /export to a desired configuration and performing some kind of diff to construct a series of commands to converge the current state to the desired state. But I've run into a number of hurdles in attempting to do this as well. First, the exact syntax (and most specifically the subset which might be produced by /export) isn't really fully laid out anywhere I've been able to find. This is something that can be mostly overcome (at least to a satisfactory degree) by what documentation I have found and trial and error. What has caused me more trouble is the inconsistencies in how the various commands work. For example, under /ip/settings, there is only the set command, no reset or unset, and unsetting using ! as described here (https://wiki.mikrotik.com/wiki/Manual:S ... n_commands) also doesn't work. Then there's things like /ip/dhcp-client where there's a set, reset and unset, and while unset only works specifically for dhcp-options, though actually using unset on dhcp-options (or setting dhcp-options using the ! mentioned before) doesn't appear to actually change anything. There's also the script field which does not appear in even the verbose export if it's at the default of empty. These oddities/differences in behavior make it very hard to reason about how to properly (in an automated fashion) construct a set of commands to go from one state to another.

Has anyone else run into these kinds of issues? Or am I the only one trying to configure things declaratively like this?
 
pythoner6
just joined
Topic Author
Posts: 4
Joined: Sat Nov 12, 2022 5:14 am

Re: Declarative Configuration And Inconsistent Command Structure

Wed Nov 16, 2022 7:04 am

To provide a little more context around my confusion with /ip/dhcp-client settings, suppose I have a configuration like this:
[admin@switch1] /ip/dhcp-client> export
# nov/15/2022 23:49:10 by RouterOS 7.6
# ...
/ip dhcp-client
add interface=bridge
Suppose I then do this:
[admin@switch1] /ip/dhcp-client> set [find interface=bridge] dhcp-options=""
[admin@switch1] /ip/dhcp-client> export
# nov/15/2022 23:50:46 by RouterOS 7.6
# ...
/ip dhcp-client
add !dhcp-options interface=bridge
[admin@switch1] /ip/dhcp-client> reset [find interface=bridge] interface=bridge
[admin@switch1] /ip/dhcp-client> export
# nov/15/2022 23:54:05 by RouterOS 7.6
# ...
/ip dhcp-client
add interface=bridge
Ok, so far this makes sense, setting dhcp-options to an empty string seems to be the equivalent of having it unset, that makes sense. And resetting all the attributes (aside from interface) puts dhcp-options back to the default value (which can be seen using a verbose export to be hostname, clientid). But after resetting then running unset:
[admin@switch1] /ip/dhcp-client> unset [find interface=bridge] dhcp-options 
[admin@switch1] /ip/dhcp-client> export
# nov/15/2022 23:52:49 by RouterOS 7.6
# ...
/ip dhcp-client
add interface=bridge
Nothing happens. Additionally while almost every property appears when using the verbose export:
[admin@switch1] /ip/dhcp-client> export verbose
# nov/15/2022 23:57:11 by RouterOS 7.6
# ...
/ip dhcp-client option
...
/ip dhcp-client
add add-default-route=yes default-route-distance=1 dhcp-options=hostname,clientid disabled=no interface=bridge use-peer-dns=yes use-peer-ntp=yes
The script property does not show up, unless it first gets set to something. But at the same time none of these work:
[admin@switch1] /ip/dhcp-client> set [find interface=bridge] !script
syntax error (line 1 column 29)
[admin@switch1] /ip/dhcp-client> unset [find interface=bridge] script
input does not match any value of value-name
All of these issues combine to make automating dealing with arbitrary configuration very difficult
  • I cannot rely on using reset or unset, because not every property can be interacted with using these tools
  • Additionally, unset doesn't always even do anything
  • I cannot always know what the default value should be to use with set, even comparing with a complete verbose export, as evidenced by the script property in the example above.

Who is online

Users browsing this forum: Bing [Bot], Rhydu and 52 guests