NOC:ctwug init

From CTWUG Wiki
Jump to: navigation, search

Purpose

First script that is ever loaded, and is done so manually. Assimilates the RB into the management system by:

  • Ensuring the RB uses 172.18.1.1 as its name server.
  • Make sure your identity is correct.
  • Your Wind details must be up to date.

Please note this is historic reference information. NOC has been replaced by WMS


  • Fetching the following URL:

http://noc.ctwug.za.net/web/api/update?id=FID&serial=SERIAL&init=1

FID is substituted with /system identity get name.

SERIAL is substituted with /system routerboard get serial-number.

Response from the HTTP GET request is saved as "ctwug_version.rsc" and then imported with /import.


Example GET response: 

/system script
:if ([find name=ctwug_init] != "" ) do=[remove ctwug_init]
add name=ctwug_init policy=read,write,test source=":local fid [/system identity get name]\n:local fserial [/system routerboard get serial-number]\n:local ffile \"ctwug_version.rsc\"\n:local fdns 0\n:local oldDns \"\"\n\n:foreach server in [/ip dns get servers] do={\n :if (\$server = \"172.18.1.1\") do={ :set fdns 1; }\n :set oldDns (\$oldDns.\$server.\",\")\n}\n:if (\$fdns = 0) do={\n :set oldDns (\$oldDns.\"172.18.1.1\")\n /ip dns set servers=\$oldDns\n}\n\n:local fpath (\"web/api/update?id=\".\$fid.\"&serial=\".\$fserial.\"&init=1\")\n:local fpath2 \$fpath\n:local fpath \"\"\n:for i from=0 to=( [:len \$fpath2] - 1) do={\n  :local fchar [:pick \$fpath2 \$i]\n  :if ( \$fchar = \" \") do={\n    :set fchar \"%20\"\n  }\n  :set fpath (\$fpath.\$fchar)\n}\n\n/tool fetch host=noc.ctwug.za.net address=noc.ctwug.za.net src-path=\$fpath dst-path=\$ffile mode=http\n:delay 1\n:local temp [/file get \$ffile size]\n:if ( \$temp > 2) do={\n  /import \$ffile\n}\n"

/system script set ctwug_init policy=reboot,read,write,policy,test,password,sniff,sensitive

/system script
:if ([find name=ctwug_version] != "" ) do=[remove ctwug_version]
add name=ctwug_version policy=read,write,test source=":local fid [/system identity get name]\n:local fserial [/system routerboard get serial-number]\n:local fver [/system resource get version]\n:local fcpu [/system resource get cpu]\n:local fcpufreq [/system resource get cpu-frequency]\n:local farch [/system resource get architecture-name]\n:local fboard [/system resource get board-name]\n:local ffw [/system routerboard get current-firmware]\n:local fip [/ip address get 0 address]\n:local ffile \"ctwug_version.rsc\"\n:local fpolicy 0\n\n/user\n:local fospf 0\n:foreach id in [/user find name=ctwug_ospf] do={\n  :set fospf 1\n}\n\n:if ([/system script find name=ctwug_init] != \"\" ) do={\n  :local fpolicys [/system script get ctwug_init policy]\n  :for i from=0 to=([:len \$fpolicys] -1) do={\n    :local fchar [:pick \$fpolicys \$i]\n    :if (\$fchar = \"reboot\") do={:set fpolicy (\$fpolicy+1)}\n    :if (\$fchar = \"read\") do={:set fpolicy (\$fpolicy+2)}\n    :if (\$fchar = \"write\") do={:set fpolicy (\$fpolicy+4)}\n    :if (\$fchar = \"policy\") do={:set fpolicy (\$fpolicy+8)}\n    :if (\$fchar = \"test\") do={:set fpolicy (\$fpolicy+16)}\n    :if (\$fchar = \"password\") do={:set fpolicy (\$fpolicy+32)}\n    :if (\$fchar = \"sniff\") do={:set fpolicy (\$fpolicy+64)}\n    :if (\$fchar = \"sensitive\") do={:set fpolicy (\$fpolicy+128)}\n  }\n}\n\n:local fpath (\"web/api/update?id=\".\$fid.\"&serial=\".\$fserial.\"&update=2&version=\".\$fver.\"&cpu=\".\$fcpu.\"&freq=\".\$fcpufreq.\"&arch=\".\$farch.\"&board=\".\$fboard.\"&fw=\".\$ffw.\"&ip=\".\$fip.\"&ospf=\".\$fospf.\"&policy=\".\$fpolicy)\n:local fpath2 \$fpath\n:local fpath \"\"\n:for i from=0 to=( [:len \$fpath2] - 1) do={\n  :local fchar [:pick \$fpath2 \$i]\n  :if (\$fchar = \" \") do={\n    :set fchar \"%20\"\n  }\n  :set fpath (\$fpath.\$fchar)\n}\n\n/tool fetch host=noc.ctwug.za.net address=noc.ctwug.za.net src-path=\$fpath dst-path=\$ffile mode=http\n:delay 1\n:local temp [/file get \$ffile size]\n:if ( \$temp > 2) do={\n  /import \$ffile\n}"

/system script set ctwug_version policy=reboot,read,write,policy,test,password,sniff,sensitive

/system script
:if ([find name=ctwug_backup] != "" ) do=[remove ctwug_backup]
add name=ctwug_backup policy=read,write,test source=":local fid [/system identity get name]\n:local fserial [/system routerboard get serial-number]\n\n:if ( [/file find name=ctwug-auto.backup] != \"\" ) do=[/file remove ctwug-auto.backup]\n:delay 1\n/system backup save name=ctwug-auto\n:local fwait 1\n:local fcnt 0\n:while ( \$fwait = 1 ) do={\n  :set fcnt (\$fcnt+1)\n  :log info (\"ctwug_backup sleep \".\$fcnt)\n  :delay 1\n  if ([/file find name=ctwug-auto.backup] != \"\") do={ :set fwait 0; }\n  if ( \$fcnt = 20) do={\n    :log info \"ctwug_backup FAILED\";\n    :set fwait 0;\n  };\n};\n:local femail backup@ctwug.za.net\n:local fserver 172.18.55.25\n/tool e-mail send server=\$fserver from=\$femail to=\$femail subject=\"\$fid/\$fserial\" file=ctwug-auto.backup"

/system script set ctwug_backup policy=reboot,read,write,policy,test,password,sniff,sensitive

/system script
:if ([find name=ctwug_updated] != "" ) do=[remove ctwug_updated]
add name=ctwug_updated policy=read,write,test source=":local fid [/system identity get name]\n:local fserial [/system routerboard get serial-number]\n:local ffile \"ctwug_version.rsc\"\n\n:local fpath (\"web/api/update?id=\".\$fid.\"&serial=\".\$fserial.\"&update=1\")\n:local fpath2 \$fpath\n:local fpath \"\"\n:for i from=0 to=( [:len \$fpath2] - 1) do={\n  :local fchar [:pick \$fpath2 \$i]\n  :if ( \$fchar = \" \") do={\n    :set fchar \"%20\"\n  }\n  :set fpath (\$fpath.\$fchar)\n}\n\n/tool fetch host=noc.ctwug.za.net address=noc.ctwug.za.net src-path=\$fpath dst-path=\$ffile mode=http\n:delay 1\n:log info [/file get \$ffile contents]"

/system script
:if ([find name=ctwug_global_settings] != "" ) do=[remove ctwug_global_settings]
add name=ctwug_global_settings policy=read,write,test source="#/ip dns set allow-remote-requests=yes primary-dns=172.18.1.1\n/system clock set time-zone-name=Africa/Johannesburg\n/system ntp client set enabled=yes mode=unicast primary-ntp=172.18.1.1\n/snmp set enabled=yes\n/ip firewall connection tracking set enabled=yes\n\n/radius\n:local id\n:local fto 00:00:02\n:local fadd 172.18.0.1\n:local ffound 0\n:foreach id in [find comment=CTWUG] do={\n  :if ( [get \$id timeout] != \$fto ) do=[set \$id timeout=\$fto]\n  :if ( [get \$id address] != \$fadd ) do=[set \$id address=\$fadd]\n  set \$id comment=CTWUG\n  :set ffound 1\n}\n:if (\$ffound = 0) do={\n :foreach id in [find] do={\n   :if ( [get \$id timeout] != \$fto ) do=[set \$id timeout=\$fto]\n   :if ( [get \$id address] != \$fadd ) do=[set \$id address=\$fadd]\n   set \$id comment=CTWUG\n }\n}\n/system script\n:local fs\n:foreach fs in [find] do={\n :if ( [:pick [get \$fs name] 0 10] = \"ctwug_mpls\" ) do=[remove \$fs]\n :if ( [:pick [get \$fs name] 0 13] = \"ctwug_netflow\" ) do=[remove \$fs]\n}\n:if [/ip traffic-flow get enabled] do={\n  /log info (\"disabling netflows\")\n  /ip traffic-flow set enabled=no\n}"

/system script
:if ([find name=ctwug_cpu_killer_killer] != "" ) do=[remove ctwug_cpu_killer_killer]
add name=ctwug_cpu_killer_killer policy=read,write,test source="log info \"running cpu killer killer\"\n\n:foreach i in=[/system script job find] do={\n :local scriptname [/system script job get \$i script];\n\n log info (\"scriptname (\".\$scriptname.\")\");\n :if ([:len \$scriptname]=0) do={\n   log info (\"skipping empty script\");\n } else {\n   log info (\"calling script killer\");\n   /system script job remove \$i\n }\n\n}\n\nlog debug \"cpu killer killer done\";"

/system script
:if ([find name=ctwug_radius_client] != "" ) do=[remove ctwug_radius_client]
add name=ctwug_radius_client policy=read,write,test source=":if ([:len [/radius find address=172.18.0.1 ]]=0) do={ \n  log info (\"adding radius entry\"); \n  /radius add service=login address=172.18.0.1 secret=\"CTWug!!\" \n}\n/user aaa set use-radius=yes"

/system script
:if ([find name=ctwug_firewall] != "" ) do=[remove ctwug_firewall]
add name=ctwug_firewall policy=read,write,test source=":local ffile \"firewall.rsc\"\n/tool fetch host=noc.ctwug.za.net address=noc.ctwug.za.net src-path=\"web/api/firewall\" dst-path=\$ffile mode=http\n:delay 1\n/import \$ffile\n/system script run ctwug_run"

/system script
:if ([find name=ctwug_qos] != "" ) do=[remove ctwug_qos]
add name=ctwug_qos policy=read,write,test source="/queue simple\n:local qos\n:foreach qos in [find] do={\n :if ( [:pick [get \$qos comment] 0 4] = \"AUTO\" ) do=[remove \$qos]\n}\n/interface\n:local qos\n:foreach qos in [find] do={\n :local com [get \$qos comment]\n :if ( [:pick \$com 0 6] = \"client\" ) do={\n  :local name [get \$qos name]\n  :local p1 ([:find \$com \";\"] + 1)\n  :local p2 [:find \$com \";\" \$p1]\n  :local mb ([:pick \$com \$p1 \$p2]*1000)\n  :local com (\"AUTO \".\$name.\" BULK\")\n  /queue simple add interface=\$name name=\$com packet-marks=BULK comment=\$com max-limit=(\"0/\".\$mb) direction=download disabled=yes\n }\n}\n/system script run ctwug_run"

/system script
:if ([find name=ctwug_run] != "" ) do=[remove ctwug_run]
add name=ctwug_run policy=read,write,test source="#:if ( [/file find name=is_gametime.txt] != \"\" ) do=[/file remove is_gametime.txt]\n/tool fetch host=noc.ctwug.za.net address=noc.ctwug.za.net src-path=web/api/gametime dst-path=is_gametime.txt mode=http\n:delay 1\n:local temp [/file get is_gametime.txt contents]\n:local fdisabled no\n:if (\$temp = 0) do={:set fdisabled yes}\n\n/queue simple\n:local qos\n:foreach qos in [find disabled!=\$fdisabled] do={\n :if ( [:pick [get \$qos comment] 0 4] = \"AUTO\" ) do=[set \$qos disabled=\$fdisabled]\n}\n\n/interface\n:local iface\n:foreach iface in [find disabled=no] do={\n :if ( [:pick [get \$iface comment] 0 4] = \"qos;\" ) do=[ :set fdisabled no]\n}\n\n/ip firewall mangle\n:local fw\n:foreach fw in [find disabled!=\$fdisabled] do={\n :if ( [:pick [get \$fw comment] 0 4] = \"AUTO\" ) do=[set \$fw disabled=\$fdisabled]\n}"

/system script
:if ([find name=ctwug_lobridge_fixer] != "" ) do=[remove ctwug_lobridge_fixer]
add name=ctwug_lobridge_fixer policy=read,write,test source=":foreach iobridge in=[/interface bridge find name=iobridge] do={\n  /interface bridge set \$iobridge name=lobridge;\n}\n\n:if ([:len [/interface bridge find name=lobridge]]=0) do={\n  log info \"creating lobridge\";\n\n  /interface bridge add name=lobridge; \n}\n\n:if ([:len [/ip address find interface=lobridge]]=0) do={\n\n  :local backbonearea [/routing ospf area get [/routing ospf area find area-id=0.0.0.0] name]\n\n  log info (\"checking backbonearea (\".\$backbonearea.\")\");\n\n  :local ospfip \"\"\n  :foreach backbone in=[/routing ospf network find area=\$backbonearea] do={\n    :local bbnet [/routing ospf network get \$backbone network]\n    log info (\"checking bbnet (\".\$bbnet.\")\");\n\n    :for i from=0 to=([:len \$bbnet] - 1) do={ \n      :if ( [:pick \$bbnet \$i] = \"/\") do={ \n        :local tmp [:pick \$bbnet 0 \$i]\n        :set bbnet \$tmp;\n      } \n    }\n\n    log info (\"checking bbnet (\".\$bbnet.\")\");\n    :set ospfip [/ip address get  [/ip address find network=\$bbnet] address]\n  }\n\n  :for i from=0 to=([:len \$ospfip] - 1) do={ \n      :if ( [:pick \$ospfip \$i] = \"/\") do={ \n        :local tmp [:pick \$ospfip 0 \$i]\n        :set ospfip \$tmp;\n      } \n    }\n\n  log info (\"current ospf ip (\".\$ospfip.\")\");\n  \n  /ip address add address=(\$ospfip.\"/32\") interface=lobridge\n}"

:local found 0
:foreach id in [/user find name=ctwug_ospf] do={
  :set found 1
  /user set $id password=REDACTED group=full disabled=no
}
:if ($found = 0) do={
  /user add name=ctwug_ospf password=REDACTED group=full
}
:local found 0
:foreach id in [/user find name=ctwug] do={
  :set found 1
  /user set $id password=ctwug group=read disabled=no
}
:if ($found = 0) do={
  /user add name=ctwug password=ctwug group=read
}
/system schedule
:local qos
:foreach qos in [find] do={
 :if ( [:pick [get $qos comment] 0 4] = "AUTO" ) do=[remove $qos]
}
add comment="AUTO ctwug_version" interval=3600 name=ctwug_version on-event=ctwug_version start-time=00:00:00
add comment="AUTO ctwug_backup" interval=86400 name=ctwug_backup on-event=ctwug_backup start-time=23:00:00
add comment="AUTO ctwug_run" interval=1200 name=ctwug_run on-event=ctwug_run start-time=00:00:00
/system script run ctwug_updated
/system script run ctwug_global_settings
/system script run ctwug_radius_client
/system script run ctwug_firewall
/system script run ctwug_qos
/system script run ctwug_version
:local fid [/system identity get name]
:local fserial [/system routerboard get serial-number]
:local fpath ("web/api/temp?id=".$fid."&serial=".$fserial)
:local fpath2 $fpath
:local fpath ""
:for i from=0 to=( [:len $fpath2] - 1) do={
  :local fchar [:pick $fpath2 $i]
  :if ( $fchar = " ") do={
    :set fchar "%20"
  }
  :set fpath ($fpath.$fchar)
}
/tool fetch host=noc.ctwug.za.net address=noc.ctwug.za.net src-path=$fpath dst-path=ctwug_version.rsc mode=http
:delay 1
:log info "ctwug_init done"

So really this is a script within a script. The above script:

  • Replaces a number of scripts with a server copy and sets their policies:
    • ctwug_init
    • ctwug_version
    • ctwug_backup
    • ctwug_updated
    • ctwug_global_settings
    • ctwug_cpu_killer_killer
    • ctwug_radius_client
    • ctwug_firewall
    • ctwug_qos
    • ctwug_run
    • ctwug_lobridge_fixer
  • Ensures two user accounts exist with certain passwords set:
    • ctwug_ospf
    • ctwug
  • Ensures three scripts are in the RB's scheduler:
    • ctwug_version (hourly)
    • ctwug_backup (daily)
    • ctwug_run (every 20 minutes)
  • Runs some scripts:
    • ctwug_updated
    • ctwug_global_settings
    • ctwug_radius_client
    • ctwug_firewall
    • ctwug_qos
    • ctwug_version

Finally it fetches the following URL:

http://noc.ctwug.za.net/web/api/temp?id=FID&serial=SERIAL

FID is substituted with /system identity get name.

SERIAL is substituted with /system routerboard get serial-number.

Response from the HTTP GET request is saved as "ctwug_version.rsc".

Example GET response: 

 done

Dependencies

http://noc.ctwug.za.net/web/api/update?id=FID&serial=SERIAL&init=1

http://noc.ctwug.za.net/web/api/temp?id=FID&serial=SERIAL

Script

:local fid [/system identity get name]
:local fserial [/system routerboard get serial-number]
:local ffile "ctwug_version.rsc"
:local fdns 0
:local oldDns ""

:foreach server in [/ip dns get servers] do={
  :if ($server = "172.18.1.1") do={ :set fdns 1; }
  :set oldDns ($oldDns.$server.",")
}
:if ($fdns = 0) do={
  :set oldDns ($oldDns."172.18.1.1")
  /ip dns set servers=$oldDns
}

:local fpath ("web/api/update?id=".$fid."&serial=".$fserial."&init=1")
:local fpath2 $fpath
:local fpath ""
:for i from=0 to=( [:len $fpath2] - 1) do={
  :local fchar [:pick $fpath2 $i]
  :if ( $fchar = " ") do={
    :set fchar "%20"
  }
  :set fpath ($fpath.$fchar)
}

/tool fetch host=noc.ctwug.za.net address=noc.ctwug.za.net src-path=$fpath dst-path=$ffile mode=http
:delay 1
:local temp [/file get $ffile size]
:if ( $temp > 2) do={
  /import $ffile
}
Retrieved from "https://wiki.ctwug.za.net/index.php?title=NOC:ctwug_init&oldid=10826"