# Intro

This is how we make backups of Mikrotik device configurations using Kubernetes
Cronjob. This is easy to monitor with Prometheus and integrates well with the
rest of our montioring system. Also the script/manifest is less than 100 lines,
easy to follow and to fix.

Note that this does not have anything to do with
[ecadlabs/rosdump](https://github.com/ecadlabs/rosdump)
we initially used which just generated empty commits and
there was no easy way to monitor.

We also considered [ytti/oxidized](https://github.com/ytti/oxidized),
but it does not export Prometheus metrics either.


## Manually trigger cronjob
```sh
kubectl create job -n rosdump --from=cronjob/rosdump-cronjob rosdump-job-oneshot
```

## Updating SSH secrets
Secrets live and should be applied through secretspace.

### known_hosts
Make sure strong crypto is enabled on Mikrotik side:
```
/ip ssh set strong-crypto=yes allow-none-crypto=no
```

For when Mikrotik targets are added/removed and their SSH keys change.
```
(for j in $(kubectl get cm -n rosdump rosdump-config -o json | jq -r '.data.targets');  do ssh-keyscan -t rsa $j; done) > known_hosts
```

# Replacing SSH private key
The private key is used for both Gitea and Mikrotik targets.

Generate new key:
```
rm -fv rosdump rosdump.pub
ssh-keygen -P '' -b 2048 -m PEM -t rsa -f rosdump -C rosdump
```

Proceed to replace the public key in Gitea with `rosdump.pub`.