Age | Commit message (Expand) | Author | Files | Lines |
2020-03-20 | check-certificates: exclude certificates issued by SCEP | Christian Hesse | 1 | -2/+2 |
2020-03-05 | check-certificates: use $LogPrintExit for debug | Christian Hesse | 1 | -5/+5 |
2020-02-28 | global-functions: sort alphabetically | Christian Hesse | 1 | -3/+3 |
2020-02-26 | global-functions: merge $LogAnd{Error,Put} to $LogPrintExit ...•••... and fix logging.
Logging with severity from variable (:log $severity ...) is not
possible, this is considered a syntax error. Also the 'workaround' with
parsing code failed with missing message in log.
The reliable code is a lot longer, so merge the two functions to save a
lot of duplicate code.
| Christian Hesse | 1 | -7/+6 |
2020-02-26 | check-certificates: use $LogAndPut | Christian Hesse | 1 | -2/+3 |
2020-02-26 | check-certificates: use $LogAndError | Christian Hesse | 1 | -2/+1 |
2020-02-26 | global-functions: $LogAndError: add severity | Christian Hesse | 1 | -1/+1 |
2020-02-26 | check-certificates: use $LogAndError | Christian Hesse | 1 | -2/+2 |
2020-02-24 | check-certificates: check for synced time | Christian Hesse | 1 | -0/+6 |
2020-02-06 | check-certificates: rename all certificates by their common names | Christian Hesse | 1 | -0/+5 |
2020-01-01 | update copyright for 2020 | Christian Hesse | 1 | -1/+1 |
2019-11-11 | check-certificates: make renew notification silent | Christian Hesse | 1 | -1/+1 |
2019-07-31 | check-certificates: fix renewing certificate in place | Christian Hesse | 1 | -14/+18 |
2019-07-18 | check-certificates: use $ParseKeyValueStore | Christian Hesse | 1 | -11/+3 |
2019-05-21 | check-certificates: get certificate values into array | Christian Hesse | 1 | -43/+28 |
2019-05-02 | check-certificates: do not try to renew locally issued certificates | Christian Hesse | 1 | -1/+1 |
2019-05-02 | check-certificates: give issuer info on locally issued certificates•••Certificates issued locally do not have an 'issuer' property, but a
'ca' one. Looks like either of both is filled, so just concatenate.
| Christian Hesse | 1 | -1/+2 |
2019-04-30 | global-functions: add $WaitForFile, wait for file on fetch•••The fetch command is asynchronous, the file is not guaranteed to be
available when command terminates.
I opened an issue at Mikrotik support (Ticket#2019041722004999),
their answer:
> You should perform a check in a loop.
> :delay until file exist
>
> That can happen also with any configuration not just files.
So add a function to wait for a file with given name.
I have not seen this with other configuration, though.
| Christian Hesse | 1 | -1/+4 |
2019-04-11 | check-certificates: make sure fingerprint is a string•••This makes sure the condition below works for certificate templates,
which do not have a fingerprint.
| Christian Hesse | 1 | -1/+1 |
2019-04-11 | check-certificates: do not send notification for templates | Christian Hesse | 1 | -1/+1 |
2019-04-11 | check-certificates: always return a string in $GetIssuerCN | Christian Hesse | 1 | -0/+1 |
2019-04-10 | check-certificates: add url encoding for certificate download | Christian Hesse | 1 | -4/+6 |
2019-04-10 | check-certificates: try to fetch PEM and P12 file | Christian Hesse | 1 | -4/+10 |
2019-04-10 | check-certificates: use full path...•••... to make sure syntax does not break if package is not installed.
| Christian Hesse | 1 | -3/+3 |
2019-04-10 | check-certificates: just change certificates, no loop | Christian Hesse | 1 | -12/+4 |
2019-04-09 | drop deprecated mode= for fetch | Christian Hesse | 1 | -1/+1 |
2019-04-03 | always write warnings and errors to log | Christian Hesse | 1 | -0/+1 |
2019-04-01 | check-certificates: support multiple passphraseschange-3 | Christian Hesse | 1 | -1/+3 |
2019-03-28 | check-certificates: show remaining time | Christian Hesse | 1 | -8/+16 |
2019-03-25 | check-certificates: update certificates for ipsec identities | Christian Hesse | 1 | -1/+12 |
2019-03-06 | check-certificates: split loop for certificate renew and warning•••This allows to have differnt time values.
| Christian Hesse | 1 | -20/+27 |
2019-01-12 | check-certificates: strip prefix from issuer CN | Christian Hesse | 1 | -1/+1 |
2019-01-12 | check-certificates: properly handle expired certificates | Christian Hesse | 1 | -4/+11 |
2019-01-09 | check-certificates: move conditions to loop | Christian Hesse | 1 | -60/+50 |
2019-01-09 | check-certificates: shorten key for detailed infos | Christian Hesse | 1 | -10/+10 |
2019-01-09 | check-certificates: show issuer CN only | Christian Hesse | 1 | -2/+11 |
2019-01-09 | check-certificates: include the issuer in notifications | Christian Hesse | 1 | -0/+4 |
2019-01-09 | check-certificates: update CommonName after renewal | Christian Hesse | 1 | -0/+1 |
2019-01-09 | check-certificates: use time functionality•••No need to calculate that...
| Christian Hesse | 1 | -25/+10 |
2019-01-09 | check-certificates: send notification on renewal | Christian Hesse | 1 | -8/+18 |
2019-01-09 | check-certificates: drop extra warning•••A sent notification implies that renewal failed.
| Christian Hesse | 1 | -2/+0 |
2019-01-04 | global: variable names are CamelCase••• ___ _ ___ __
/ _ )(_)__ _ / _/__ _/ /_
/ _ / / _ `/ / _/ _ `/ __/
/____/_/\_, / /_/ \_,_/\__/
_ __ /___/ _ __
| | / /___ __________ (_)___ ____ _/ /
| | /| / / __ `/ ___/ __ \/ / __ \/ __ `/ /
| |/ |/ / /_/ / / / / / / / / / / /_/ /_/
|__/|__/\__,_/_/ /_/ /_/_/_/ /_/\__, (_)
/____/
RouterOS has some odd behavior when it comes to variable names. Let's
have a look at the interfaces:
[admin@MikroTik] > / interface print where name=en1
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU
0 RS en1 ether 1500 1598
That looks ok. Now we use a script:
{ :local interface "en1";
/ interface print where name=$interface; }
And the result...
[admin@MikroTik] > { :local interface "en1";
{... / interface print where name=$interface; }
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU
0 RS en1 ether 1500 1598
... still looks ok.
We make a little modification to the script:
{ :local name "en1";
/ interface print where name=$name; }
And the result:
[admin@MikroTik] > { :local name "en1";
{... / interface print where name=$name; }
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU
0 RS en1 ether 1500 1598
1 S en2 ether 1500 1598
2 S en3 ether 1500 1598
3 S en4 ether 1500 1598
4 S en5 ether 1500 1598
5 R br-local bridge 1500 1598
Ups! The filter has no effect!
That happens whenever the variable name ($name) matches the property
name (name=).
And another modification:
{ :local type "en1";
/ interface print where name=$type; }
And the result:
[admin@MikroTik] > { :local type "en1";
{... / interface print where name=$type; }
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU
Ups! Nothing?
Even if the variable name ($type) matches whatever property name (type=)
things go wrong.
The answer from MikroTik support (in Ticket#2019010222000454):
> This is how scripting works in RouterOS and we will not fix it.
To get around this we use variable names in CamelCase. Let's hope
Mikrotik never ever introduces property names in CamelCase...
*fingers crossed*
| Christian Hesse | 1 | -47/+46 |
2019-01-02 | update copyright for 2019 | Christian Hesse | 1 | -1/+1 |
2018-12-20 | check-certificates: support auto-renew of certificates | Christian Hesse | 1 | -10/+44 |
2018-11-28 | global-functions: add identity tag in $SendNotification•••... and send subject in telegram message.
| Christian Hesse | 1 | -1/+1 |
2018-10-10 | global: remove unused variables | Christian Hesse | 1 | -2/+0 |
2018-10-09 | check-certificates: use function for notification | Christian Hesse | 1 | -3/+4 |
2018-09-27 | start scripts with a magic token / shebang | Christian Hesse | 1 | -1/+1 |
2018-08-24 | add empty comment at first line...•••... for better formatting in export.
| Christian Hesse | 1 | -0/+1 |
2018-07-05 | add scripts | Christian Hesse | 1 | -0/+52 |