Bulk flashing process

Hi everybody,

We are considering using these routers for client site rollouts, but find them quite annoying to setup in bulk. You first have to log in and change passwords, then connect to internet, potentially do a firmware update, then install Luci, then get into the admin interface and do a config restore.

Is there a quicker way? Perhaps using an SSH flashing tool or something?

Thanks

There are webAPIs for checking and triggering firmware updates. But this would require going through the upgrade process one router at a time (serially).

In my case, I run an out-of-the-box-setup script to initialize the admin password (see below), and then enroll the routers into GoodCloud management. Business users can request a “business” level GoodCloud account, which can perform firmware upgrades and apply configuration templates in bulk/parallel.

#!/bin/sh

# router by IP (default)
ROUTER='192.168.8.1'
# router by FQDN (undocumented?)
ROUTER='console.gl-inet.com'

BASE_URL="http://${ROUTER}/cgi-bin/api"
PASSWORD='SecretPassword'

# rudimentary JSON parser helper functions
if which jsonfilter > /dev/null ; then
	# when running on GL.inet routers, use built-in jsonfilter
	get_json_bool() { jsonfilter -s "$1" -e "@.$2"; }
	get_json_str()  { jsonfilter -s "$1" -e "@.$2"; }
else
	# when running on Linux/macOS, use bash regex as a polyfill
	get_json_bool() { expr "$1" : '.*"'$2'":\([^",}]*\).*'; }
	get_json_str()  { expr "$1" : '.*"'$2'":"\([^",}]*\)".*'; }
fi

## get router API authorization

echo "## GET authorization token"
json=$( curl -s "${BASE_URL}/router/hello" )
if [ $( get_json_bool "$json" 'configured' ) = 'false' ]; then
	json=$( curl -s "${BASE_URL}/router/initpwd" -d "newpwd=$PASSWORD" )
else
	json=$( curl -s "${BASE_URL}/router/login" -d "pwd=$PASSWORD" )
fi

auth=$( get_json_str "$json" 'token' )
if [ -z $auth ]; then
	echo "[ERROR] Router login failed (token missing from response)"
	echo $"$json\n"
	exit 1
fi
auth="Authorization:$auth"

## perform other provisioning steps/APIs here

# example POST call using the auth token
json=$( curl -sH $auth "${BASE_URL}/router/logout" -d '' )
1 Like

Got it, thanks. Such a shame that the save/restore config page is hidden under Luci which needs installing. Makes it a very time consuming process for what could ideally be a simple ‘send X, Y, Z files via SSH and reboot’ process.
Will have a think about whether this is workable. Thanks again

As far as I know, the GL firmware updates do preserve the router’s configs (managed by the GL UI).

My real setup script actually does these additional steps:

  1. prepare .ssh/config to work with multiple routers at the same IP/FQDN (disable host key check)
Host console.gl-inet.com 192.168.8.1
  User root
  IdentityFile ~/.ssh/id_glinet_rsa
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null
  1. copy SSH public key to the router; restart dropbear (public key auth works after this step)
  2. scp a “stage 2” provisioning script and run it on-device

The stage 2 script uses UCI extensively, and allows me to skip LUCI completely.

The save/restore config is actually just unzipping and copying a bunch of files to /etc. So if you have everything set up on one device the way you want it, you could copy those files off, then copy them back onto each new router.

I think you could also use imagebuilder to add a /files directory and then flash the image with all of the /etc stuff you want, including a post-flash script if you need it.

I’ve toyed with the idea but with only two travel routers It isn’t really a priority for me.

Mango 3.212 snapshot; Beryl 3.211 stable; Not affiliated with GL-iNet–just a user

Is there anything that I could copy to /etc/ that would break the router or lose device ID/serial/… information? Or can I safely overwrite anything in that folder?

The LuCI Backup / Flash Firmware function saves a specific set of files and directories. You can get the list by going to the Configuration tab on your standard/template router and clicking the Open List button. The Configuration tab also allows you to add more files and directories to include if you want.

For simplicity, you can do test to restore the entire folder on one router to see if it works. If it does not work, you can do a factory reset using the external button on the router. Note that /etc contains binary executables and is relatively large, so restoring the entire /etc will duplicate the files that are already in the /rom firmware, which requires sufficient flash storage and may cause problems when upgrading in the future. Make sure not to use static IPs, hostnames and other router-specific settings.

I do not work for and I do not have formal association with GL.iNet

2 Likes

How many device do you want to upgrade in bulk?

Maybe uboot upgrade is much quicker.

Thanks everybody, got a few things to test then.

What is uboot upgrade? Were probably talking 10 devices in the first batch, but could definitely grow to all sites/clients depending on how we get on and if this process is smooth.

Another option goes back to my I.T. days of setting up multiple corporate Windows PC’s by cloning their hard drives from a standard image.

With OpenWRT, you can extroot /overlay onto an external SD card or external USB flash drive, which would be mounted permanently in place of the router’s internal flash storage. The external storage would only contain files changed different from the /rom firmware and would be cloned for multiple routers.

I do not work for and I do not have formal association with GL.iNet

  1. Set your pc’s IP to 192.168.1.2
  2. Hold the reset button and power on the router. Let it go to uboot mode. Pls refere to uboot failsafe instructions for details.
  3. Use your browser access 192.168.1.1, upload your firmware. Done

Thank you, so this allows an easy way to perform the firmware upgrade, though I cannot access via SCP in uboot mode, in order to send the config file to the router.

It looks like OpenWRT allows SCP file access in uboot mode, but I cant find any details for the GLiNet devices. Is there a way of sending config files this way?

I can connect via SSH (using either u:root p:(blank) or u:root p:#PASS_SET_IN_BROWSER#) but I cannot connect via SCP based tools (either in WinSCP, FileZilla or scp in Ubuntu) - I just get disconnected. Do I need to enable SCP file access somehow or am I doing something wrong? If I can get SCP access then combined with uboot mode it looks like this will be an easy process.

Thanks again

I’m not sure scp allows null passwords but I thought it was built into dropbear.

Even after setting the password I cant seem to connect via SCP tools, only SSH ones… Is that a setting somewhere aswell?
(SSH works fine with or without a password)

You might try installing luci–apt install luci– and see if that makes a difference. I didn’t think it would be necessary, but I don’t think I’ve ever worked with my routers without having installed luci first.

Mango 3.212 snapshot; Beryl 3.211 stable; Not affiliated with GL-iNet–just a user

So where Im up to with this is that I need to do the firmware upgrade using uboot, then connect via SSH and run the command below to upgrade things and load luci, finally I can restore the config file through the luci webpage:

opkg update && opkg install luci-base && opkg install luci-mod-rpc && opkg install luci && opkg install openssh-sftp-server

I’d like to use the post below to try and get Goodcloud configured, and to perhaps do the firmware upgrade, but Im not totally sure how to do that using a script/ssh without adding loads of extra steps (e.g. sending a script via SFTP and then running it from SSH).

Below are some links to GoodCloud documentation.

The script sample I shared earlier can automate other aspects of the router setup/initialization and customized provisioning. You would run it from a Linux/macOS/WSL PC connected downstream of the router (LAN port).

My overall workflow:

  1. connect router device to power and WAN
  2. connect PC to router LAN
  3. run automated setup/initialization script
  4. use router web admin panel to enroll to GoodCloud management

After repeating the above for all routers (keep connected to WAN), then use the GoodCloud dashboard to batch configure/upgrade all at once.