ISPadmin 5.01 stable

Share
22. 03. 2019

MikroTik ROS 6.x update

  • As a consequence of problems related to a well-known MikroTik ROS vulnerability (Winbox port vulnerability, more information to be found here: https://blog.mikrotik.com), we have decided to integrate into ISPadmin an update utility that will make the entire ROS 6.x update process much easier.
  • In Hardware / Routers / Router status / Routers, you can check which MikroTik devices are running the latest stable version of MikroTik ROS and which are not. There is a new column Version status in the table. In it, one of the following icons can appear:
    • Red Cross icon: : Router not active.
    • Exclamation Point icon: OS not up to date. Checked every hour. When you click on this icon, the corresponding router is added to the update queue and a Clock icon appears.
    • Clock icon: Ready for update. When you click on this icon, the corresponding router is removed from the update queue and the Exclamation Point icon appears. Update is launched from the ISPadmin server console (root user). More information can be found below.
    • Thumb Up icon: Software downloaded. Waiting for installation.
    • Green Check Mark icon: Latest stable version of OS.
  • Routers can be added to or removed from the queue in bulk using the checkboxes in the first column and the select box in the lower-left corner.
  • Update itself is launched using the following script: /usr/local/script/ispadmin/bin/updateMikrotikSW.pl
  • You can use an optional parameter that allows you to set a time in minutes after which reboot and ROS installation ensue. Example: /usr/local/script/ispadmin/bin/updateMikrotikSW.pl 450
  • With the help of this parameter, you can thus schedule the bulk reboot of all MikroTik routers for a convenient time when there is little traffic.
  • The time is measured from the moment the script was launched.
  • If you use the delayed start feature, it is necessary to bear in mind the fact that ROS download may take some time, which is why you should make allowance for that.
  • If you do not use it, the script will immediately start connecting to one device after another and perform ROS installation. The script checks whether the next device in the queue is available (ping – 3 times). You can skip this step by pressing any key, which causes the script to move to the next device.
  • If you launch the script again, you can set a different time. Routers that are already up to date are not updated again.
  • You can watch the entire process unfold in the server console.
  • !!! To be able to perform ROS updates, you need to allow outgoing traffic to the Internet. The script does not check the firewall and NAT settings. It is up to the network administrator to make any changes to the relevant settings.
  • First of all, try updating just one single MikroTik device. If the API works all right after update (see changelog here: https://mikrotik.com/download/changelogs), it is possible to update the rest of the MikroTik devices in bulk. Bulk update at your own risk.
  • !!! If you are updating from one of the older versions of ROS (for example, 6.15), to the latest version, you might encounter problems with HostKey (MikroTik log: Corrupt host's key, regenerating it! Reboot required!). If that happens, it is necessary to regenerate the key on a given MikroTik router: /ip ssh regenerate-host-key. And then: /system reboot .

Further changes

  • The following system variables have been added: $BILLING_EMAIL$ (invoice group email address) and $BILLING_WWW$(invoice group website).
  • Hardware / Settings / End devices: It is possible to specify the protocol - HTTP nebo HTTPS.
  • Other / Bulk / Email:It is possible to send bulk emails to those who do not use a particular type of service.
  • Reported bugs have been fixed.
  • Further optimization has been performed.
Did this article help you?