Difference between revisions of "Upgrade rsc files"

From MikroTik Wiki
Jump to: navigation, search
(Setting the CPE to check for ROS upgrade on startup)
Line 96: Line 96:
 
== Setting the CPE to check for ROS upgrade on startup ==
 
== Setting the CPE to check for ROS upgrade on startup ==
  
This script clears the script name "start_upgrade" if it exists, so that it can create it's own version under this name. What the scheduled routine will do everytime the CPE is powered up, is it will run the script called "upgrade" (created on the previous page), which will check the CPE's ROS version against the ROS files on the repository, and upgrade if neccessary. This is to catch those clients who have a habit of powering their units down and may miss the 172.16.0.2 trigger when you enable it for a netwrok wide ROS upgrade.
+
This script clears the script name "start_upgrade" if it exists, so that it can create it's own version under this name. What the scheduled routine will do everytime the CPE is powered up, is it will run the script called "upgrade" (created on the previous page), which will check the CPE's ROS version against the ROS files on the repository, and upgrade if neccessary. This is to catch those clients who have a habit of powering their units down and may miss the 172.16.0.2 trigger when you enable it for a network wide ROS upgrade.
  
 
   :if ([/system scheduler find name="start_upgrade"]!="") do={/system scheduler remove start_upgrade}
 
   :if ([/system scheduler find name="start_upgrade"]!="") do={/system scheduler remove start_upgrade}

Revision as of 20:45, 20 August 2012

Introduction

Now that you have installed on all your CPE's, the rscfetch script and netwatch to trigger the script that will download the upgrade.rsc and import it into your CPE's, here are few examples of how it can be useful to do things you would not have thought of doing because of the pain of manually logging into every CPE, one by one by a few hundred.

The file upgrade.rsc is the key component to mass roll-outs of CPE setting changes and script additions. By creating this file and uploading to main mikrotik AP/router, changing hundreds of CPE's within a few seconds is only moments away. Enable the trigger IP (in our case 172.16.0.1), sit back and watch all your CPE's log in via ftp, collect the upgrade.rsc file and import it on all the CPE's.

Below are few examples of upgrade.rsc files. You MUST test these on a single local CPE to see that no negative reactions occur, before rolling out for network wide implementation. As always, used at your own risk.

Upgrade.rsc file header

Every upgrade.rsc has the same first 6 lines. So we will not include these lines in each file. Please not ignore this, you do need to do maintenance of the number of files on your CPE's and this is the simplest method.

:if ([file find type=".rif file"]!="") do={/file remove [find type=".rif file"]}
:if ([file find type=".tar file"]!="") do={/file remove [find type=".tar file"]}
:if ([file find type="backup"]!="") do={/file remove [find type="backup"]}
:if ([file find type="script"]!="") do={/file remove [find type="script"]}
/system backup save;
:delay 10s;

Mangle Rules and Queue Tree Setup

This set of scripts will setup mangle rules and a queue tree on the CPE. WARNING all existing mangle rules and queues (tree) will be removed. This would be used for simple traffic shaping on the CPE. You need to ensure that the interface setting matches what is on the all CPE's.

{:log info "Remove Mangle Rules - Script Start"
:local counter 0
:local delaytime 5
:local numloops 1
:while ($counter < $numloops) do={ \
:log info "Removing Mangle Rules"
:foreach i in=[/ip firewall mangle find] do={ \
/ip firewall mangle remove $i
:log info "Removed $i"
}
:set counter ($counter+1)
:log info "delaying..."
:delay $delaytime
   }
}
/ip firewall mangle
add action=mark-connection chain=prerouting comment="HTTP and E-Mail" disabled=no dst-port=\
 80,25,110,995,5222,8080,6600-6700,7000,9010,2086,443,465 new-connection-mark=http_conn passthrough=yes  \
   protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http_conn disabled=no new-packet-mark=http \
   passthrough=no
add action=mark-connection chain=prerouting comment=Admin disabled=no dst-port=\
   22,23,53,123,161,162,2210,2211,8291 in-interface=ether1 new-connection-mark=admin_conn passthrough=yes \
   protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=53,123,161,162 in-interface=ether1 \
   new-connection-mark=admin_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no new-connection-mark=admin_conn passthrough=yes \
   protocol=icmp
add action=mark-packet chain=prerouting connection-mark=admin_conn disabled=no new-packet-mark=admin \
   passthrough=no
add action=mark-connection chain=prerouting comment=FTP disabled=no dst-port=21 in-interface=ether1 \
   new-connection-mark=ftp_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ftp_conn disabled=no new-packet-mark=ftp \
   passthrough=no
add action=mark-connection chain=prerouting comment=P2P disabled=no in-interface=ether1 \
   new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-packet chain=prerouting connection-mark=p2p_conn disabled=no new-packet-mark=p2p \
   passthrough=no
add action=mark-connection chain=prerouting comment="Other Traffic" disabled=no in-interface=ether1 \
   new-connection-mark=other_conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=other_conn disabled=no new-packet-mark=other \
   passthrough=no
{:log info "Remove Queue Tree - Script Start"
:local counter 0
:local delaytime 5
:local numloops 1
:while ($counter < $numloops) do={ \
:log info "Removing Queue Trees"
:foreach i in=[/queue tree find] do={ \
/queue tree remove $i
:log info "Removed $i"
}
:set counter ($counter+1)
:log info "delaying..."
:delay $delaytime
}
}
/queue tree
 add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=Global_In \
   packet-mark="" parent=global-in priority=1
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=admin_in \
   packet-mark=admin parent=Global_In priority=1 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=http_in \
   packet-mark=http parent=Global_In priority=2 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=ftp_in \
   packet-mark=ftp parent=Global_In priority=3 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=P2P_in \
   packet-mark=p2p parent=Global_In priority=8 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=other_in \
   packet-mark=other parent=Global_In priority=5 queue=default


Setting the CPE to check for ROS upgrade on startup

This script clears the script name "start_upgrade" if it exists, so that it can create it's own version under this name. What the scheduled routine will do everytime the CPE is powered up, is it will run the script called "upgrade" (created on the previous page), which will check the CPE's ROS version against the ROS files on the repository, and upgrade if neccessary. This is to catch those clients who have a habit of powering their units down and may miss the 172.16.0.2 trigger when you enable it for a network wide ROS upgrade.

 :if ([/system scheduler find name="start_upgrade"]!="") do={/system scheduler remove start_upgrade}
 :if ([/system scheduler find name="start_upgrade"]="") do={/system scheduler add disabled=no  /
      name=start_upgrade on-event=upgrade start-time=startup}
 

And that all for now, will add more as time permits...