Using Ansible to update MikroTik routers

15th Nov 2015

Administering a large installed base of MikroTik routers can be difficult. You can use The Dude, but this has not been updated in some time, and MikroTik have not made their long term intentions clear in relation to the continued development of the software.

We use Ansible internally to remotely configure machines, so it seemed a natural choice to update the firmware of the MikroTik routers we have installed.

Firstly, you need to generate an appropriate DSA SSH key. Refer to: MikroTik Wiki for full instructions.

From the source server, test the SSH connection works: ssh admin-ssh@remoteserver.com

If you do not immediately connect, you may need to add the appropriate identity file to ~/.ssh/config IdentityFile ~/.ssh/mikrotik_dsa

Then attempt re-connection.

You should see the MikroTik banner message and the [admin-ssh@remotesite] > command prompt. Just disconnect for now: quit

Once the connection is working OK, we can then add the relevant routers to /etc/ansible/hosts. In our setup, these are in the [mikrotik] group.

The actual playbook we use is very simple. It checks if package updates are available, and if so, updates the MikroTik. BE CAREFUL - it reboots the remote router when the task is complete.

---
# An Ansible Playbook to mass update the ROS version on MikroTik routers
# Version 1 - 2015/11/15
#
# Copyright Jaytag Computer Limited 2015 - www.jaytag.co.uk
#
# You may use or modify this script as you wish as long as this copyright
# message remains. Redistribution prohibited.
- name: Mikrotik Update
hosts: mikrotik
# forces the connection to work one-by-one (note, this will stop the whole playbook if the host is unreachable)
# serial: 1

connection: paramiko
user: admin
gather_facts: no
tasks:
- name: Check if updates required
raw: /system package update check-for-updates
register: updatecheck

- name: Run package updates and reboot if needed
when: updatecheck.stdout.find('System is already up to date') == -1
raw: /system package update download
register: download
until: download.stdout.find('please reboot router') > -1
retries: 3
delay: 60

- name: Reboot the Router if the download is successful
when: (updatecheck.stdout.find('System is already up to date') == -1) and
(download.stdout.find('please reboot router') > -1)
raw: /system reboot
register: reboot
async: 0
poll: 0

Previous Post Next Post