diff --git a/roles/routeros/files/routeros-check-versions.sh b/roles/routeros/files/routeros-check-versions.sh new file mode 100755 index 0000000..57ed144 --- /dev/null +++ b/roles/routeros/files/routeros-check-versions.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +set -eu + +community="public" +if [ "${1:-}" = "-f" ]; then + force=true +else + force=false +fi + +tlsdir="$(openssl version -d | sed -e 's/^OPENSSLDIR: "\(.\+\)"$/\1/')" +LDAPTLS_KEY="${tlsdir}/private/$(hostname -f).key" +LDAPTLS_CERT="${tlsdir}/certs/$(hostname -f).crt" +export LDAPTLS_KEY LDAPTLS_CERT + +# only run script if first vrrp interface is in master state if not forced +if ! $force; then + for state in /run/keepalived/*.state ; do + if [ "$(cat "$state")" != "MASTER" ]; then + exit 0 + fi + break + done +fi + +version="$(find /srv/web/oob.foo.sh/routeros/ -name \*.npk \ + -exec basename {} .npk \; | awk -F- '{ print $2 }' | sort -nr | head -n 1)" + +ldapsearch -Q -LLL -Y EXTERNAL "(&(objectClass=device)(description=MikroTik *))" cn | \ + awk '{ if ($1 == "cn:") print $2 }' | while read -r host +do + current="$(snmpget -v 1 -c "$community" "$host" -Oqv -m MIKROTIK-MIB \ + "MIKROTIK-MIB::mtxrFirmwareUpgradeVersion.0")" + if [ "$current" != "$version" ]; then + echo "${host}: Running old version (${current}) of RouterOS" + elif $force; then + echo "${host}: Up to date" + fi +done diff --git a/roles/routeros/tasks/main.yml b/roles/routeros/tasks/main.yml index f9693ad..e0f7e4d 100644 --- a/roles/routeros/tasks/main.yml +++ b/roles/routeros/tasks/main.yml @@ -77,3 +77,19 @@ job: /usr/local/bin/routeros-poe-mqtt-publish user: routeros minute: "*/5" + +- name: Install version check script + ansible.builtin.copy: + dest: /usr/local/bin/routeros-check-versions + src: routeros-check-versions.sh + mode: "0755" + owner: root + group: "{{ ansible_wheel }}" + +- name: Install version check cron job + ansible.builtin.cron: + name: routeros-check-versions + job: /usr/local/bin/routeros-check-versions + user: routeros + hour: "05" + minute: "30"