TR069 and show-sensitive
Posted: Tue Oct 29, 2024 11:26 am
Hello,
A few years ago, I created an application to manage our mikrotik devices. It generates a configuration file for each router, based on how the router is modeled in the application, and uses TR069 to get the configuration on the routers themself. After the configuration is pushed to the routers, it also monitors them for changes and reverts any manual change. The way it does this is by having the routers upload their configuration at a certain interval and the application checks if changes are needed.
And it's this last part where I ran into an issue when adding support for mikrotik v7. It now requires the show-sensitive parameter in the export command to see all passwords and ipsec keys for example, but the TR069 upload command still uses a regular 'export'. This way, my application cannot detect any changes in the passwords and even thinks all keys and passwords are missing from the configuration and tries to push them again.
So 2 ways I can think of that would fix this are:
- There is some way to make the show-sensitive option default in v7
- There is some extra/other parameter in the TR069 implementation that will send the full config (it's using "1 Vendor Configuration File" now which translates to a regular "export").
I cannot find anything about such options so I don't think they exist ? Is there maybe another way that I can get a full config through TR069 ? If not, I have to find another way to get the sensitive config back to the application but I would really like to avoid that.
Any suggestions are welcome.
A few years ago, I created an application to manage our mikrotik devices. It generates a configuration file for each router, based on how the router is modeled in the application, and uses TR069 to get the configuration on the routers themself. After the configuration is pushed to the routers, it also monitors them for changes and reverts any manual change. The way it does this is by having the routers upload their configuration at a certain interval and the application checks if changes are needed.
And it's this last part where I ran into an issue when adding support for mikrotik v7. It now requires the show-sensitive parameter in the export command to see all passwords and ipsec keys for example, but the TR069 upload command still uses a regular 'export'. This way, my application cannot detect any changes in the passwords and even thinks all keys and passwords are missing from the configuration and tries to push them again.
So 2 ways I can think of that would fix this are:
- There is some way to make the show-sensitive option default in v7
- There is some extra/other parameter in the TR069 implementation that will send the full config (it's using "1 Vendor Configuration File" now which translates to a regular "export").
I cannot find anything about such options so I don't think they exist ? Is there maybe another way that I can get a full config through TR069 ? If not, I have to find another way to get the sensitive config back to the application but I would really like to avoid that.
Any suggestions are welcome.