diff --git a/README.md b/README.md index 990aef9..70d3ff5 100644 --- a/README.md +++ b/README.md @@ -204,6 +204,7 @@ Available scripts * [Use wireless network with daily psk](doc/daily-psk.md) * [Comment DHCP leases with info from access list](doc/dhcp-lease-comment.md) * [Create DNS records for DHCP leases](doc/dhcp-to-dns.md) +* [Automatically upgrade firmware and reboot](doc/firmware-upgrade-reboot.md) * [Wait for global functions und modules](doc/global-wait.md) * [Send GPS position to server](doc/gps-track.md) * [Use WPA2 network with hotspot credentials](doc/hotspot-to-wpa.md) diff --git a/check-routeros-update b/check-routeros-update index 0f687a5..8cad07a 100644 --- a/check-routeros-update +++ b/check-routeros-update @@ -108,7 +108,7 @@ $LogPrintExit2 debug $0 ("Checking for updates...") false; :if ([ $ScriptFromTerminal $0 ] = true) do={ :put ("Do you want to install RouterOS version " . $Update->"latest-version" . "? [y/N]"); - :if (([ :terminal inkey timeout=60 ] % 32) = 25) do={ + :if (([ / terminal inkey timeout=60 ] % 32) = 25) do={ $DoUpdate; } else={ :put "Canceled..."; diff --git a/doc/check-routeros-update.md b/doc/check-routeros-update.md index 9385341..d55fa08 100644 --- a/doc/check-routeros-update.md +++ b/doc/check-routeros-update.md @@ -61,6 +61,7 @@ Installing script [packages-update](packages-update.md) gives extra options. See also -------- +* [Automatically upgrade firmware and reboot](firmware-upgrade-reboot.md) * [Manage system update](packages-update.md) --- diff --git a/doc/firmware-upgrade-reboot.md b/doc/firmware-upgrade-reboot.md new file mode 100644 index 0000000..6afc40e --- /dev/null +++ b/doc/firmware-upgrade-reboot.md @@ -0,0 +1,36 @@ +Automatically upgrade firmware and reboot +========================================= + +[◀ Go back to main README](../README.md) + +🛈 This script can not be used on its own but requires the base installation. +See [main README](../README.md) for details. + +Description +----------- + +RouterOS and firmware are upgraded separately, activating the latter +requires an extra reboot. This script handles upgrade and reboot. + +⚠️ **Warning**: This *should* be bullet proof, but I can not guarantee. In +worst case it has potential to cause a boot loop, so handle with care! + +Requirements and installation +----------------------------- + +Just install the script and create a scheduler: + + $ScriptInstallUpdate firmware-upgrade-reboot; + / system scheduler add name=firmware-upgrade-reboot on-event="/ system script run firmware-upgrade-reboot;" start-time=startup; + +Enjoy firmware being up to date and in sync with RouterOS. + +See also +-------- + +* [Notify on RouterOS update](check-routeros-update.md) +* [Manage system update](packages-update.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/netwatch-notify.md b/doc/netwatch-notify.md index 78a0eed..dc107f2 100644 --- a/doc/netwatch-notify.md +++ b/doc/netwatch-notify.md @@ -38,6 +38,8 @@ The hosts to be checked have to be added to netwatch with specific comment: / tool netwatch add comment="notify, hostname=example.com" host=[ :resolve "example.com" ]; +### Hooks + It is possible to run an up hook command (`up-hook`) or down hook command (`down-hook`) when a notification is triggered. This has to be added in comment, note that some characters need extra escaping: @@ -48,10 +50,14 @@ Also there is a `pre-down-hook` that fires at two thirds of failed checks required for the notification. The idea is to fix the issue before a notification is sent. +### Count threshould + The count threshould (default is 5 checks) is configurable as well: / tool netwatch add comment="notify, hostname=example.com, count=10" host=104.18.144.11; +### Parents & dependencies + If the host is behind another checked host add a dependency, this will suppress notification if the parent host is down: @@ -61,6 +67,8 @@ suppress notification if the parent host is down: Note that every configured parent in a chain increases the check count threshould by one. +### Update from DNS + The host address can be updated dynamically. Give extra parameter `resolve` with a resolvable name: @@ -70,6 +78,16 @@ But be warned: Dynamic updates will probably cause issues if the name has more than one record in dns - a high rate of configuration changes (and flash writes) at least. +### No notification on host down + +Also suppressing the notification on host down is possible with parameter +`no-down-notification`. This may be desired for devices that are usually +powered off, but accessibility is of interest. + + / tool netwatch add comment="notify, hostname=printer, no-down-notification" host=10.0.0.30; + +Go and get your coffee ☕️ before sending the print job. + Also notification settings are required for e-mail, matrix and/or telegram. Tips & Tricks diff --git a/doc/packages-update.md b/doc/packages-update.md index ac69301..a56f68e 100644 --- a/doc/packages-update.md +++ b/doc/packages-update.md @@ -41,8 +41,10 @@ See also -------- * [Notify on RouterOS update](check-routeros-update.md) +* [Upload backup to Mikrotik cloud](backup-cloud.md) * [Send backup via e-mail](backup-email.md) * [Upload backup to server](backup-upload.md) +* [Automatically upgrade firmware and reboot](firmware-upgrade-reboot.md) --- [◀ Go back to main README](../README.md) diff --git a/firmware-upgrade-reboot b/firmware-upgrade-reboot new file mode 100644 index 0000000..b3cb621 --- /dev/null +++ b/firmware-upgrade-reboot @@ -0,0 +1,32 @@ +#!rsc by RouterOS +# RouterOS script: firmware-upgrade-reboot +# Copyright (c) 2022 Christian Hesse +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# install firmware upgrade, and reboot +# https://git.eworm.de/cgit/routeros-scripts/about/doc/firmware-upgrade-reboot.md + +:local 0 "firmware-upgrade-reboot"; +:global GlobalFunctionsReady; +:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } + +:global LogPrintExit2; + +:local RouterBoard [ / system routerboard get ]; +:if ($RouterBoard->"current-firmware" = $RouterBoard->"upgrade-firmware") do={ + $LogPrintExit2 info $0 ("Firmware is already up to date.") true; +} + +:if ([ / system routerboard settings get auto-upgrade ] = false) do={ + $LogPrintExit2 info $0 ("Firmware version " . $RouterBoard->"upgrade-firmware" . \ + " is available, upgrading.") false; + / system routerboard upgrade; +} + +:while ([ :len [ / log find where topics=({"system";"info";"critical"}) \ + message="Firmware upgraded successfully, please reboot for changes to take effect!" ] ] = 0) do={ + :delay 1s; +} + +$LogPrintExit2 info $0 ("Firmware upgrade successful, rebooting.") false; +/ system reboot; diff --git a/global-config b/global-config index 024e52f..0554cdb 100644 --- a/global-config +++ b/global-config @@ -8,7 +8,7 @@ # Make sure all configuration properties are up to date and this # value is in sync with value in script 'global-functions'! -:global GlobalConfigVersion 74; +:global GlobalConfigVersion 77; # This is used for DNS and backup file. :global Domain "example.com"; diff --git a/global-config-overlay b/global-config-overlay index 37f78cf..9075df5 100644 --- a/global-config-overlay +++ b/global-config-overlay @@ -8,7 +8,10 @@ # Make sure all configuration properties are up to date and this # value is in sync with value in script 'global-functions'! # Comment or remove to disable news and change notifications. -:global GlobalConfigVersion 74; +:global GlobalConfigVersion 77; + +# Use branch routeros-v6 with RouterOS v6: +:global ScriptUpdatesUrlSuffix "\?h=routeros-v6"; # Copy configuration from global-config here and modify it. diff --git a/global-config.changes b/global-config.changes index a070ecd..d8cd39d 100644 --- a/global-config.changes +++ b/global-config.changes @@ -78,6 +78,9 @@ 72="Introduced new script 'netwatch-dns' to manage DNS and DoH servers from netwatch."; 73="Renamed backup scripts ('cloud-backup' -> 'backup-cloud', 'email-backup' -> 'backup-email', 'upload-backup' -> 'backup-upload')."; 74="Extended 'hotspot-to-wpa', it can now read additional configuration from templates and hotspot users."; + 75="You are using the branch 'routeros-v6', well done."; + 76="Added an option to suppress notifications on host down with 'netwatch-notify'."; + 77="Introduced new script 'firmware-upgrade-reboot'. Handle with care!"; }; # Migration steps to be applied on script updates diff --git a/global-functions b/global-functions index 625bbe4..0a0b1ff 100644 --- a/global-functions +++ b/global-functions @@ -8,7 +8,7 @@ # https://git.eworm.de/cgit/routeros-scripts/about/ # expected configuration version -:global ExpectedConfigVersion 74; +:global ExpectedConfigVersion 77; # global variables not to be changed by user :global GlobalFunctionsReady false; @@ -252,6 +252,7 @@ :global CleanFilePath; :global LogPrintExit2; :global MkDir; + :global VersionToNum; :global WaitForFile; :if ([ :len $PkgName ] = 0) do={ :return false; } @@ -259,6 +260,9 @@ :if ([ :len $PkgArch ] = 0) do={ :set PkgArch [ / system resource get architecture-name ]; } :local PkgFile ($PkgName . "-" . $PkgVer . "-" . $PkgArch . ".npk"); + :if ([ $VersionToNum $PkgVer ] < [ $VersionToNum "7.0" ] && $PkgName = "routeros") do={ + :set PkgFile ($PkgName . "-" . $PkgArch . "-" . $PkgVer . ".npk"); + } :if ($PkgArch = "x86_64" || $PkgName ~ "^routeros-") do={ :set PkgFile ($PkgName . "-" . $PkgVer . ".npk"); } @@ -278,13 +282,13 @@ $LogPrintExit2 error $0 ("Downloading required certificate failed.") true; } + :local Url ("https://upgrade.mikrotik.com/routeros/" . $PkgVer . "/" . $PkgFile); $LogPrintExit2 info $0 ("Downloading package file '" . $PkgName . "'...") false; + $LogPrintExit2 debug $0 ("... from url: " . $Url) false; :local Retry 3; :while ($Retry > 0) do={ :do { - / tool fetch check-certificate=yes-without-crl \ - ("https://upgrade.mikrotik.com/routeros/" . $PkgVer . "/" . $PkgFile) \ - dst-path=$PkgDest; + / tool fetch check-certificate=yes-without-crl $Url dst-path=$PkgDest; $WaitForFile $PkgDest; :if ([ / file get [ find where name=$PkgDest ] type ] = "package") do={ @@ -719,28 +723,28 @@ :foreach Scheduler in=[ / system scheduler find where on-event~("\\b" . $ScriptVal->"name" . "\\b") ] do={ :local SchedulerVal [ / system scheduler get $Scheduler ]; :if ($ScriptVal->"policy" != $SchedulerVal->"policy") do={ - $LogPrintExit2 warning $0 ("Policies differ for script " . $ScriptVal->"name" . \ - " and its scheduler " . $SchedulerVal->"name" . "!") false; + $LogPrintExit2 warning $0 ("Policies differ for script '" . $ScriptVal->"name" . \ + "' and its scheduler '" . $SchedulerVal->"name" . "'!") false; } } :if ([ :len $SourceNew ] = 0 && $ScriptUpdatesFetch = true) do={ :local Comment [ $ParseKeyValueStore ($ScriptVal->"comment") ]; :if (!($Comment->"ignore" = true)) do={ - $LogPrintExit2 debug $0 ("Fetching script from url: " . $ScriptVal->"name") false; :do { :local BaseUrl $ScriptUpdatesBaseUrl; :local UrlSuffix $ScriptUpdatesUrlSuffix; :if ([ :typeof ($Comment->"base-url") ] = "str") do={ :set BaseUrl ($Comment->"base-url"); } :if ([ :typeof ($Comment->"url-suffix") ] = "str") do={ :set UrlSuffix ($Comment->"url-suffix"); } + :local Url ($BaseUrl . $ScriptVal->"name" . $UrlSuffix); - :local Result [ / tool fetch check-certificate=yes-without-crl \ - ($BaseUrl . $ScriptVal->"name" . $UrlSuffix) output=user as-value ]; + $LogPrintExit2 debug $0 ("Fetching script '" . $ScriptVal->"name" . "' from url: " . $Url) false; + :local Result [ / tool fetch check-certificate=yes-without-crl $Url output=user as-value ]; :if ($Result->"status" = "finished") do={ :set SourceNew ($Result->"data"); } } on-error={ - $LogPrintExit2 warning $0 ("Failed fetching " . $ScriptVal->"name") false; + $LogPrintExit2 warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "'!") false; } } } @@ -761,18 +765,18 @@ :set ReloadGlobalFunctions true; } } else={ - $LogPrintExit2 warning $0 ("Syntax validation for script " . $ScriptVal->"name" . \ - " failed! Ignoring!") false; + $LogPrintExit2 warning $0 ("Syntax validation for script '" . $ScriptVal->"name" . \ + "' failed! Ignoring!") false; } } else={ - $LogPrintExit2 warning $0 ("Looks like new script " . $ScriptVal->"name" . \ - " is not valid (missing shebang). Ignoring!") false; + $LogPrintExit2 warning $0 ("Looks like new script '" . $ScriptVal->"name" . \ + "' is not valid (missing shebang). Ignoring!") false; } } else={ - $LogPrintExit2 debug $0 ("Script " . $ScriptVal->"name" . " did not change.") false; + $LogPrintExit2 debug $0 ("Script '" . $ScriptVal->"name" . "' did not change.") false; } } else={ - $LogPrintExit2 debug $0 ("No update for script " . $ScriptVal->"name" . ".") false; + $LogPrintExit2 debug $0 ("No update for script '" . $ScriptVal->"name" . "'.") false; } } @@ -800,11 +804,10 @@ :global GlobalConfigMigration; :local ChangeLogCode; - $LogPrintExit2 debug $0 ("Fetching news, changes and migration.") false; :do { - :local Result [ / tool fetch check-certificate=yes-without-crl \ - ($ScriptUpdatesBaseUrl . "global-config.changes" . $ScriptUpdatesUrlSuffix) \ - output=user as-value ]; + :local Url ($ScriptUpdatesBaseUrl . "global-config.changes" . $ScriptUpdatesUrlSuffix); + $LogPrintExit2 debug $0 ("Fetching news, changes and migration: " . $Url) false; + :local Result [ / tool fetch check-certificate=yes-without-crl $Url output=user as-value ]; :if ($Result->"status" = "finished") do={ :set ChangeLogCode ($Result->"data"); } diff --git a/netwatch-dns b/netwatch-dns index e731d95..e2fcfa3 100644 --- a/netwatch-dns +++ b/netwatch-dns @@ -43,12 +43,14 @@ $ScriptLock $0; :if ($DnsServers != $DnsCurrent) do={ $LogPrintExit2 info $0 ("Updating DNS servers: " . [ :tostr $DnsServers ]) false; / ip dns set servers=$DnsServers; + / ip dns cache flush; } } else={ :if ([ :len $DnsFallback ] > 0) do={ :if ($DnsFallback != $DnsCurrent) do={ $LogPrintExit2 info $0 ("Updating DNS servers to fallback: " . [ :tostr $DnsFallback ]) false; / ip dns set servers=$DnsFallback; + / ip dns cache flush; } } } @@ -69,10 +71,12 @@ $ScriptLock $0; :if ($DohServer != $DohCurrent) do={ $LogPrintExit2 info $0 ("Updating DoH server: " . $DohServer) false; / ip dns set use-doh-server=$DohServer; + / ip dns cache flush; } } else={ :if ($DohCurrent != "") do={ $LogPrintExit2 info $0 ("DoH server (" . $DohCurrent . ") is down, disabling.") false; / ip dns set use-doh-server=""; + / ip dns cache flush; } } diff --git a/netwatch-notify b/netwatch-notify index ae89cfb..34a9e8f 100644 --- a/netwatch-notify +++ b/netwatch-notify @@ -66,21 +66,23 @@ $ScriptLock $0; :set $Metric ($NetwatchNotify->$HostName); } - :if ([ :typeof ($HostInfo->"resolve") ] = "str" && [ $DNSIsResolving ] = true) do={ - :do { - :local Resolve [ :resolve ($HostInfo->"resolve") ]; - :if ($Resolve != $HostVal->"host") do={ - $LogPrintExit2 info $0 ("Name '" . $HostInfo->"resolve" . [ $IfThenElse ($HostInfo->"resolve" != \ - $HostInfo->"hostname") ("' for host '" . $HostInfo->"hostname") "" ] . \ - "' resolves to different address " . $Resolve . ", updating.") false; - / tool netwatch set host=$Resolve $Host; - :set ($Metric->"resolve-failed") false; - } - } on-error={ - :if ($Metric->"resolve-failed" != true) do={ - $LogPrintExit2 warning $0 ("Resolving name '" . $HostInfo->"resolve" . [ $IfThenElse ($HostInfo->"resolve" != \ - $HostInfo->"hostname") ("' for host '" . $HostInfo->"hostname") "" ] . "' failed.") false; - :set ($Metric->"resolve-failed") true; + :if ([ :typeof ($HostInfo->"resolve") ] = "str") do={ + :if ([ $DNSIsResolving ] = true) do={ + :do { + :local Resolve [ :resolve ($HostInfo->"resolve") ]; + :if ($Resolve != $HostVal->"host") do={ + $LogPrintExit2 info $0 ("Name '" . $HostInfo->"resolve" . [ $IfThenElse ($HostInfo->"resolve" != \ + $HostInfo->"hostname") ("' for host '" . $HostInfo->"hostname") "" ] . \ + "' resolves to different address " . $Resolve . ", updating.") false; + / tool netwatch set host=$Resolve $Host; + :set ($Metric->"resolve-failed") false; + } + } on-error={ + :if ($Metric->"resolve-failed" != true) do={ + $LogPrintExit2 warning $0 ("Resolving name '" . $HostInfo->"resolve" . [ $IfThenElse ($HostInfo->"resolve" != \ + $HostInfo->"hostname") ("' for host '" . $HostInfo->"hostname") "" ] . "' failed.") false; + :set ($Metric->"resolve-failed") true; + } } } } @@ -122,10 +124,10 @@ $ScriptLock $0; :set Parent ($NetwatchNotify->$Parent->"parent"); } } - $LogPrintExit2 info $0 ("Host " . $HostName . " (" . $HostVal->"host" . ") is down for " . \ - $Metric->"count" . " checks, " . [ $IfThenElse ($ParentNotified = false) [ $IfThenElse \ - ($Metric->"notified" = true) ("already notified.") ($Count - $Metric->"count" . " to go.") ] \ - ("parent host " . $Parent . " is down.") ]) false; + $LogPrintExit2 [ $IfThenElse ($HostInfo->"no-down-notification" != true) info debug ] $0 \ + ("Host " . $HostName . " (" . $HostVal->"host" . ") is down for " . $Metric->"count" . " checks, " . \ + [ $IfThenElse ($ParentNotified = false) [ $IfThenElse ($Metric->"notified" = true) ("already notified.") \ + ($Count - $Metric->"count" . " to go.") ] ("parent host " . $Parent . " is down.") ]) false; :if ((($Count * 2) - ($Metric->"count" * 3)) / 2 = 0 && [ :typeof ($HostInfo->"pre-down-hook") ] = "str") do={ $NetwatchNotifyHook $HostName "pre-down" ($HostInfo->"pre-down-hook"); } @@ -134,9 +136,11 @@ $ScriptLock $0; :if ([ :typeof ($HostInfo->"down-hook") ] = "str") do={ :set Message ($Message . "\n\n" . [ $NetwatchNotifyHook $HostName "down" ($HostInfo->"down-hook") ]); } - $SendNotification2 ({ origin=$0; \ - subject=([ $SymbolForNotification "cross-mark" ] . "Netwatch Notify: " . $HostName . " down"); \ - message=$Message }); + :if ($HostInfo->"no-down-notification" != true) do={ + $SendNotification2 ({ origin=$0; \ + subject=([ $SymbolForNotification "cross-mark" ] . "Netwatch Notify: " . $HostName . " down"); \ + message=$Message }); + } :set ($Metric->"notified") true; } } diff --git a/packages-update b/packages-update index b6b0524..2e6d8be 100644 --- a/packages-update +++ b/packages-update @@ -35,7 +35,7 @@ $ScriptLock $0; :if ($NumInstalled > $NumLatest) do={ :if ([ $ScriptFromTerminal $0 ] = true) do={ :put "Latest version is older than installed one. Want to downgrade? [y/N]"; - :if (([ :terminal inkey timeout=60 ] % 32) = 25) do={ + :if (([ / terminal inkey timeout=60 ] % 32) = 25) do={ :set DoDowngrade true; } else={ :put "Canceled..."; @@ -61,7 +61,7 @@ $ScriptLock $0; $LogPrintExit2 warning $0 ("Running backup script " . $ScriptName . " before update failed!") false; :if ([ $ScriptFromTerminal $0 ] = true) do={ :put "Do you want to continue anyway? [y/N]"; - :if (([ :terminal inkey timeout=60 ] % 32) = 25) do={ + :if (([ / terminal inkey timeout=60 ] % 32) = 25) do={ $LogPrintExit2 info $0 ("User requested to continue anyway.") false; } else={ $LogPrintExit2 info $0 ("Canceled update...") true; @@ -80,7 +80,7 @@ $ScriptLock $0; :if ([ $ScriptFromTerminal $0 ] = true) do={ :put "Do you want to (s)chedule reboot or (r)eboot now? [s/R]"; - :if (([ :terminal inkey timeout=60 ] % 32) = 19) do={ + :if (([ / terminal inkey timeout=60 ] % 32) = 19) do={ / system scheduler add name="reboot-for-update" start-time=03:00:00 interval=1d \ on-event=(":global RandomDelay; \$RandomDelay 3600; " . \ "/ system scheduler remove reboot-for-update; / system reboot;");