Prerequisites:
-
The Dude server and client are already set up with some RouterOS devices discovered.
-
RouterOS Devices have a static user configured and have SSH enabled
-
A brownfield provisioning script for provisioning Minim
- Notepad++ is installed on the system running The Dude client
mt-bulk is a tool that can be used to run commands against many remote MikroTiks at once. It's an extremely flexible tool with lots of features but we'll only need one for our purposes: running a custom SSH command.
-
Install mt-bulk
a. Download mt-bulk for Windows
b. Extract the downloaded zip file to C:\. The full path to the mt-bulk executable should be C:\mt-bulk\mt-bulk.exe. -
Create mt-bulk configuration file
a. Open Notepad and create a new text file. Save the file as C:\mt-bulk\config.yml – ensure the file extension is .yml (and not .txt) or mt-bulk will be unable to read it.b. Use the following as a starting point for the contents of the configuration file.
Be sure to change the user and password values to match your setup.
Replace the body parameter with the full text of your customized provisioning script, but be sure to leave the single quotes (') surrounding the script.version: 2
verbose: true
skip_summary: false
service:
workers: 4
skip_version_check: false
mtbulk_database: 'db'
clients:
ssh:
verify_check_sleep_ms: 1000
retries: 3
port: 22
password: 'REPLACEME'
user: 'REPLACEME'
custom-ssh:
command:
- expect: 'provisioned'
body: '
{
:if ([:len [/interface find name=Minim-VPN]] = 1) do={
:put "Already provisioned with Minim";
:return;
};
/user add group=full name=autoconf password=autoconf address=10.0.0.0/8,172.16.0.0/12 comment="Minim Setup User";
/ip route add check-gateway=ping distance=1 dst-address=10.0.4.0/22 gateway=10.3.0.1 comment="Minim API Gateway";
/ppp profile add name=Minim use-encryption=yes comment="Minim setup profile";
/interface sstp-client add connect-to=tikvpn.minim.co disabled=yes name=Minim-setup-VPN password=autoconf profile=Minim user=autoconf_minim comment="Minim setup VPN";
/ip firewall filter add chain=input action=accept in-interface=Minim-setup-VPN place-before=1 comment="Trust traffic from Minim-setup-VPN";
/interface sstp-client set disabled=no [ find where name=Minim-setup-VPN ];
:put "Minim provisioned successfully";
}
'Some notes about the above configuration:
-
This example assumes a single user/pass is used across all devices, but multiple usernames and passwords can be specified for the user and password parameters, each separated by a comma. mt-bulk will try each combination to make a successful connection.
-
The above configuration expects that the provisioning script will print "provisioned" at some point. Be sure that your script includes :put provisioned for this match to work. Alternatively, modify the expect parameter in the configuration to match some output your script will produce.
- When modifying the body leave the ' ' at the beginning and the end of the script.
-
Export the devices from The Dude
a. Open The Dude client and connect to your server
b. Go to the Devices pane and click on the List tab.
c. Click the "CSV" button to export. Save the file as C:\mt-bulk\Devices.csv
-
Run mt-bulk
a. Open Command Prompt (Start -> Run -> Type in cmd and hit enter)
b. Run mt-bulk with the CSV export and configuration file specified:C:\mt-bulk\mt-bulk.exe custom-ssh --source-file=C:\mt-bulk\Devices.csv -C C:\mt-bulk\config.yml
The script will now connect to each MikroTik and run the Minim provisioning process. You can run this multiple times against a unit and it will skip provisioning if it is already running Minim.
Please contact our support team if you have any questions.
Comments
0 comments
Please sign in to leave a comment.