routeros: Add script to check switch versions

roles/routeros/files/routeros-check-versions.sh

@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -eu
+
+community="public"
+if [ "${1:-}" = "-f" ]; then
+    force=true
+else
+    force=false
+fi
+
+tlsdir="$(openssl version -d | sed -e 's/^OPENSSLDIR: "\(.\+\)"$/\1/')"
+LDAPTLS_KEY="${tlsdir}/private/$(hostname -f).key"
+LDAPTLS_CERT="${tlsdir}/certs/$(hostname -f).crt"
+export LDAPTLS_KEY LDAPTLS_CERT
+
+# only run script if first vrrp interface is in master state if not forced
+if ! $force; then
+    for state in /run/keepalived/*.state ; do
+        if [ "$(cat "$state")" != "MASTER" ]; then
+            exit 0
+        fi
+        break
+    done
+fi
+
+version="$(find /srv/web/oob.foo.sh/routeros/ -name \*.npk \
+    -exec basename {} .npk \; | awk -F- '{ print $2 }' | sort -nr | head -n 1)"
+
+ldapsearch -Q -LLL -Y EXTERNAL "(&(objectClass=device)(description=MikroTik *))" cn | \
+    awk '{ if ($1 == "cn:") print $2 }' | while read -r host
+do
+    current="$(snmpget -v 1 -c "$community" "$host" -Oqv -m MIKROTIK-MIB \
+        "MIKROTIK-MIB::mtxrFirmwareUpgradeVersion.0")"
+    if [ "$current" != "$version" ]; then
+        echo "${host}: Running old version (${current}) of RouterOS"
+    elif $force; then
+        echo "${host}: Up to date"
+    fi
+done

roles/routeros/tasks/main.yml

@@ -77,3 +77,19 @@
     job: /usr/local/bin/routeros-poe-mqtt-publish
     user: routeros
     minute: "*/5"
+
+- name: Install version check script
+  ansible.builtin.copy:
+    dest: /usr/local/bin/routeros-check-versions
+    src: routeros-check-versions.sh
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Install version check cron job
+  ansible.builtin.cron:
+    name: routeros-check-versions
+    job: /usr/local/bin/routeros-check-versions
+    user: routeros
+    hour: "05"
+    minute: "30"