Community discussions

MikroTik App
  4. RouterOS
  5. Scripting

[Mikrotik follow-up needed] Router OS 6.37.1 - scheduled script cannot execute script

Post Reply
 
jeroenp
Member Candidate
Member Candidate
Topic Author
Posts: 159
Joined: Mon Mar 17, 2014 11:30 am
Location: Amsterdam
Contact:
Contact jeroenp

[Mikrotik follow-up needed] Router OS 6.37.1 - scheduled script cannot execute script

Sun Oct 23, 2016 8:44 am

I've read the proposed workaround at Problem with global variables with Scripts running from the scheduler

The below code fails in RouterOS 6.37.1:

1. Create a global variable having a function
2. Access that variable from a script (getting typeinfo or running it) then log the results
3. Run the script from the schedule
4. Wait for the scheduler to run
5. Print log results

The code has been carefully crafted after reading http://wiki.mikrotik.com/wiki/Manual:Scripting and http://wiki.mikrotik.com/wiki/Manual:System/Scheduler but apparently I'm doing something wrong.

What?

The code below prints these log entries:
Code: Select all
07:32:38 script,info direct execution of testFunction 
07:32:38 script,info testFunctionScript 
07:32:38 script,info testFunctionType=str 
07:32:38 script,info testFunctionResult=1w6d01:00:04 
07:32:38 script,info testFunction=;testFunction=(code) 
07:32:38 system,info script removed by jeroenp 
07:32:38 system,info new script added by jeroenp 
07:32:38 script,info execution of testFunction via testFunctionScript 
07:32:38 script,info testFunctionScript 
07:32:38 script,info testFunctionType=str 
07:32:38 script,info testFunctionResult=1w6d01:00:04 
07:32:38 script,info testFunction=;testFunction=(code) 
07:32:39 system,info script removed from scheduler by jeroenp 
07:32:39 system,info new script scheduled by jeroenp 
07:32:39 script,info execution of testFunction via testFunctionScriptSchedule calling testFunctionScript 
07:32:59 system,info changed scheduled script settings by jeroenp
and this scheduler info:
Code: Select all
Flags: X - disabled 
 0 X name="testFunctionScriptSchedule" start-date=sep/22/2015 start-time=12:02:37 interval=10s on-event=testFunctionScript owner="jeroenp" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive run-count=2

This means that:

- the direct execution of the function from the console works
- the execution of the function from a script works
- the scheduler executed the testFunctionScriptSchedule twice, but no information gets logged

The test code to reproduce this:
Code: Select all
## logon as user jeroenp

/system script environment remove [ /system script environment find where name="testFunction" ];
:global testFunction do={
  :local result [/system resource get uptime];
  :return $result;
}

/system script environment print detail where name=testFunction
# 0 name="testFunction" value=";(eval /system scheduler  (eval /localname=$result;value=(eval (eval /system resource getvalue-name=uptime))) (eval /returnvalue=$result))" 

:log info "direct execution of testFunction"

{
:global testFunction;
:local testFunctionType [:typeof testFunction];
:local testFunctionResult [$testFunction];
:log info "testFunctionScript";
:log info "testFunctionType=$testFunctionType";
:log info "testFunctionResult=$testFunctionResult";
:log info "testFunction=$testFunction";
}

/log print where buffer=memory && (message~"testFunction" || topics~"info")

/system script remove [ /system script find where name="testFunctionScript" ];
/system script add name=testFunctionScript owner=jeroenp policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global testFunction;\r\
    \n:log info \"testFunctionScript\";\r\
    \n:local testFunctionType [:typeof testFunction];\r\
    \n:local testFunctionResult [\$testFunction];\r\
    \n:log info \"testFunctionType=\$testFunctionType\";\r\
    \n:log info \"testFunctionResult=\$testFunctionResult\";\r\
    \n:log info \"testFunction=\$testFunction\";\r\
    \n"

:log info "execution of testFunction via testFunctionScript"

/system script run testFunctionScript

/log print where buffer=memory && (message~"testFunction" || topics~"info")

/system scheduler remove [ /system scheduler find where name="testFunctionScriptSchedule" ];
/system scheduler add interval=10s name=testFunctionScriptSchedule on-event=testFunctionScript policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=sep/22/2015 start-time=12:02:37

:log info "execution of testFunction via testFunctionScriptSchedule calling testFunctionScript"
:delay 20s
/system scheduler disable testFunctionScriptSchedule

/log print where buffer=memory && (message~"testFunction" || topics~"info")

/system scheduler print detail where name="testFunctionScriptSchedule"
--jeroen
Last edited by jeroenp on Sun Oct 23, 2016 3:08 pm, edited 1 time in total.
Top
 
jeroenp
Member Candidate
Member Candidate
Topic Author
Posts: 159
Joined: Mon Mar 17, 2014 11:30 am
Location: Amsterdam
Contact:
Contact jeroenp

Re: Router OS 6.37.1 - scheduled script cannot execute script

Sun Oct 23, 2016 3:07 pm

Later:

I found out two things:

1. the `testFunctionScript` needs at least these policies to call a function: `read`, `write`, `policy`, `test`
2. a `schedule` needs at least the same permissions as a script in order to run the script at all

This is how the various permissions affect the `testFunctionScript` script:

- no policies only allow `:log info "testFunctionScript";`
- `read` allows the above and `:local testFunctionJobs [/system script job print as-value detail];` which then is be logged with `:log info "testFunctionJobs=$testFunctionJobs";`
- only `write` seems equivalent to no policies as it will only allow `:log info "testFunctionScript";`
- `read` and `write` is equivalent to `read`
- a lone `policy` or `test` policy (talk about confusion!) do not add functionality, so any combinations of just `policy` or `test`with `read` and/or `write` get the same functionality as above
- `policy` and `test` without any other seem equivalent to no policies as they result in only `:log info "testFunctionScript";` to execute
- the combined policies `read`, `write`, `policy`, `test` allow full script functionality including the function call and using the function call result

The above findings show that more logging is needed: the scheduler should log when (and why!) it does not have enough permissions to run a script. Right now you're in the dark on when (and why!) a script isn't ran by the scheduler.

The above findings show that these parts of the documentation need updating:

- http://wiki.mikrotik.com/wiki/Manual:Sc ... repository (update with info about the above policy combinations)
- http://wiki.mikrotik.com/wiki/Manual:Ro ... Properties (update with info about the above policy combinations)
- http://wiki.mikrotik.com/wiki/Manual:System/Scheduler (does not document anything about policies at all)

Below is a strike-through of my original text which - due to the bad documentation - was completely in the wrong direction taking me like a working day to find out the actual cause.

So please, please Mikrotik: fix your documentation!

--jeroen

After testing, it appears that a `schedule` needs the `romon` policy in able to run a `script`.

This is unbelievable as http://wiki.mikrotik.com/wiki/Manual:RoMON is a totally different concept than scripting and the romon policy is not documented at http://wiki.mikrotik.com/wiki/Manual:Sc ... repository or http://wiki.mikrotik.com/wiki/Manual:Ro ... Properties (it's only mentioned at the later place, but not explained let alone linked to scripting).

Please fix this (i.e. running scripts only requiring read/write policy at max) and the documentation!

fails:
Code: Select all
/system scheduler add interval=10s name=schedule2 on-event=testFunctionScript policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=sep/22/2015 start-time=12:02:37
works:
Code: Select all
/system scheduler add interval=10s name=schedule3 on-event=testFunctionScript policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=oct/23/2016 start-time=11:38:17
[/s]

--jeroen
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7198
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: [Mikrotik follow-up needed] Router OS 6.37.1 - scheduled script cannot execute script

Mon Oct 24, 2016 12:12 am

I think you got it completely wrong.

Problem why scheduler cannot execute script is because script as more permissions than scheduler

Permissions of you added scheduler:
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive

permissions of your added script:
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon

So for scheduler to be able to run the script either remove romon policy from script or add it to the sceduler
Top
 
jeroenp
Member Candidate
Member Candidate
Topic Author
Posts: 159
Joined: Mon Mar 17, 2014 11:30 am
Location: Amsterdam
Contact:
Contact jeroenp

Re: [Mikrotik follow-up needed] Router OS 6.37.1 - scheduled script cannot execute script

Mon Oct 24, 2016 9:56 am

I think you got it completely wrong.

Problem why scheduler cannot execute script is because script as more permissions than scheduler
Isn't that the point I made in2. of my previous post:
1. the `testFunctionScript` needs at least these policies to call a function: `read`, `write`, `policy`, `test`
2. a `schedule` needs at least the same permissions as a script in order to run the script at all
In that post I further indicate that both 1. and 2. are not documented so should be added to the documentation. I elaborated a bit on how I found out about 1. and what you might want to document.

--jeroen
Top
Post Reply
  4. RouterOS
  5. Scripting