#!/bin/sh

set -eu

community="public"
if [ "${1:-}" = "-f" ]; then
    force=true
else
    force=false
fi

tlsdir="$(openssl version -d | sed -e 's/^OPENSSLDIR: "\(.\+\)"$/\1/')"
LDAPTLS_KEY="${tlsdir}/private/$(hostname -f).key"
LDAPTLS_CERT="${tlsdir}/certs/$(hostname -f).crt"
export LDAPTLS_KEY LDAPTLS_CERT

# only run script if first vrrp interface is in master state if not forced
if ! $force; then
    for state in /run/keepalived/*.state ; do
        if [ "$(cat "$state")" != "MASTER" ]; then
            exit 0
        fi
        break
    done
fi

version="$(find /srv/web/oob.foo.sh/routeros/ -name \*.npk \
    -exec basename {} .npk \; | awk -F- '{ print $2 }' | sort -nr | head -n 1)"

ldapsearch -Q -LLL -Y EXTERNAL "(&(objectClass=device)(description=MikroTik *))" cn | \
    awk '{ if ($1 == "cn:") print $2 }' | while read -r host
do
    current="$(snmpget -v 1 -c "$community" "$host" -Oqv -m MIKROTIK-MIB \
        "MIKROTIK-MIB::mtxrFirmwareUpgradeVersion.0")"
    if [ "$current" != "$version" ]; then
        echo "${host}: Running old version (${current}) of RouterOS"
    elif $force; then
        echo "${host}: Up to date"
    fi
done