v7.1rc3 adds container support

Wed Sep 08, 2021 2:29 pm

Discussion topic about release from here:
viewtopic.php?f=1&t=178341

Manual (being updated): https://help.mikrotik.com/docs/x/KYAPBQ

1. you need a container tar archive
2. relevant menus:

 
  interface/veth
  container

3. super basic example:

1. Get Docker image as tar archive and copy to router (currently there is no 'pull' command in RouterOS, so containers should be exported from a working Docker environment). Also note that container's architecture should match with the router's.
-----------------------------------------------------

  $ docker pull docker/example-container
  $ docker save docker/example-container > my-container.tar

2. Add veth interface for the container
---------------------------------------

  [admin@MikroTik] > /interface/veth/add name=veth1 address=172.17.0.2/16 gateway=172.17.0.1


3. Create bridge for containers and add veth to it
--------------------------------------------------

  [admin@MikroTik] > /interface/bridge/add name=docker
  [admin@MikroTik] > /ip/address/add address=172.17.0.1/16 interface=docker
  [admin@MikroTik] > /interface/bridge/port add bridge=docker interface=veth1


4. Setup NAT for outgoing traffic
---------------------------------

  [admin@MikroTik] > /ip/firewall/nat/add chain=srcnat action=masquerade src-address=172.17.0.0/16


5. Create environment variables for container if needed
-------------------------------------------------------

  [admin@MikroTik] > /container/envs/add list=foo name=SECRET value=12345678
  [admin@MikroTik] > /container/envs/add list=foo name=FOO value=bar


6. Define mounts if needed
--------------------------

  [admin@MikroTik] > /container/mounts/add name=etc src=disk1/etc dst=/etc
  [admin@MikroTik] > /container/mounts/add name=opt src=disk1/opt dst=/opt

If ``src`` directory does not exist on first time use then it will be populated
with whatever container have in ``dst`` location.


7. Create container from image tar
----------------------------------

  [admin@MikroTik] > /container/add file=my-container.tar interface=veth1 envlist=foo root-dir=disk1/foo mounts=etc,opt

Use ``logging=yes`` to see container output in log with tags
``container,debug,info``.


8. Make sure container has been added and status is stopped
-----------------------------------------------------------

  [admin@MikroTik] > container/print

9. Redirect port 8080 traffic to container
------------------------------------------

  [admin@MikroTik] > /ip/firewall/nat/add chain=dstnat action=dst-nat to-addresses=172.17.0.2 to-ports=80 protocol=tcp dst-port=8080


10. Start container
-------------------

  [admin@MikroTik] > /container/start 0

mkx · Wed Sep 08, 2021 2:36 pm

Answering to @anav (question posted in generic v7.1rc3 thread) ...

rextended you seem excited about docker.
Can you please elaborate if this is a feature I can use at home or is this something for those running ISPs??

Docker is one of many implementations for running containers. More about containerization.

In short: this is advanced stuff that will replace metarouter, but is much more flexible. If one doesn't know what to do with metarouter, then likely he won't know what to do with docker.

rextended · Wed Sep 08, 2021 2:37 pm

In future versions there is support for making a total backup of routerboard than contain docker, or like user-manager separate .tar file?

and export the single Docker on .tar for put it on another RouterBOARD?

pe1chl · Wed Sep 08, 2021 2:42 pm

Wow! They did it!
That should put an end to the many +1 +1 +1 topics once and for all.
Now most requested features can simply be added by users, instead of always having to go to MikroTik with requests for niche stuff.

rextended · Wed Sep 08, 2021 2:48 pm

niche stuff.

Exactly (really not all, but the majority are useless for 99,9% of users...)

rextended · Wed Sep 08, 2021 2:55 pm

At this point I must change my signature...

krisjanisj · Wed Sep 08, 2021 3:01 pm

An example of how to use container package to run PiHole in RouterOS can be found here

mkx · Wed Sep 08, 2021 3:03 pm

niche stuff.
Exactly (really not all, but the majority are useless for 99,9% of users...)

Actually we can start a few +1 threads about removing some useless functionality from system package ... One prime example would be support for SMB (file services). Or (borken) DNS service. Or (your suggestion here).

aliclubb · Wed Sep 08, 2021 3:10 pm

Hmmm. Container menu is missing for me on my RB4011 and CHR. I upgraded via the built-in upgrade facility. User error or MikroTik build error?

[ali@chr01] > /container
bad command name container (line 1 column 2)

krisjanisj · Wed Sep 08, 2021 3:11 pm

Hmmm. Container menu is missing for me on my RB4011 and CHR. I upgraded via the built-in upgrade facility. User error or MikroTik build error?
Code: Select all
[ali@chr01] > /container
bad command name container (line 1 column 2)

Have You installed the container.npk package (as with ZeroTier - container is a seperate package)

aliclubb · Wed Sep 08, 2021 3:13 pm

Hmmm. Container menu is missing for me on my RB4011 and CHR. I upgraded via the built-in upgrade facility. User error or MikroTik build error?
Code: Select all
[ali@chr01] > /container
bad command name container (line 1 column 2)
Have You installed the container.npk package (as with ZeroTier - container is a seperate package)

Thanks for that! Where was that info? Didn't see that when scrolling through the release notes, the forum posts or the wiki docs. Am I being blind?

rextended · Wed Sep 08, 2021 3:16 pm

*) added Zerotier (TM) support for ARM and ARM64;
= download separate package zerotier because now this RouterOS support this

*) added support for running Docker (TM) containers;
= download separate package container because now this RouterOS support this

pe1chl · Wed Sep 08, 2021 3:19 pm

Have You installed the container.npk package (as with ZeroTier - container is a seperate package)

It would be nice when available packages could be listed and installed from the packages menu!
Either on a separate window or by just listing all packages and have some status like not installed, disabled, installed.
(so you can install a package just as easily as you can uninstall, disable or upgrade it)

rextended · Wed Sep 08, 2021 3:20 pm

NO, PLEASE NO!

dumb user still exist...
Device "bricked" because the space is depleted (hAP ac)...

viewtopic.php?f=2&t=178319

xvo · Wed Sep 08, 2021 3:24 pm

That is simply awesome!

r00t · Wed Sep 08, 2021 3:40 pm

100% nice addition to ROS!
Kudos to bringing this feature to 7.1, it opens great possibilities of finally running your own code on ROS.

mafiosa · Wed Sep 08, 2021 3:46 pm

An example of how to use container package to run PiHole in RouterOS can be found here

Please add an example to run mDNS using container.

rextended · Wed Sep 08, 2021 3:51 pm

Write yourself the Docker

semaja2 · Wed Sep 08, 2021 3:53 pm

How do we get any logging output, or attach to a container console?

I have attempted to import the Alpine Armv6/v7 container to a RB4011 and neither will start and there is no log output

This is a great feature as it will enable things like running a small Zabbix proxy on a CHR or onsite router

rextended · Wed Sep 08, 2021 3:56 pm

Just searched on Google mDNS proxy Docker
https://hub.docker.com/r/hausgold/mdns-proxy/

krisjanisj · Wed Sep 08, 2021 3:58 pm

How do we get any logging output, or attach to a container console?

I have attempted to import the Alpine Armv6/v7 container to a RB4011 and neither will start and there is no log output

This is a great feature as it will enable things like running a small Zabbix proxy on a CHR or onsite router

When adding container did You also specified "logging=yes"?

Nevexo · Wed Sep 08, 2021 4:08 pm

Just searched on Google mDNS proxy Docker
https://hub.docker.com/r/hausgold/mdns-proxy/

There's also https://hub.docker.com/r/flungo/avahi - which is the Avahi daemon directly.

IGHOR · Wed Sep 08, 2021 4:09 pm

Looks like it supports only one container at time?
Please add an example how to start multiple containers.

brimfulnick · Wed Sep 08, 2021 4:10 pm

This could be quite useful for the likes of ARM or amd64, however tile and *mips are going to be out of luck without the ability to build out a container for them.

krisjanisj · Wed Sep 08, 2021 4:11 pm

Looks like it supports only one container at time?
Please add an example how to start multiple containers.

There are no software limitations (except hardware capabilities).
Repeat steps to create a second veth interface, add it to the already-created docker bridge and create a second container with specified second veth interface

xh116 · Wed Sep 08, 2021 4:16 pm

Very nice feature to make a closed-source project flexible.
But a little suspect about the performance since the Routerboards' cpu are not that powerful..

loloski · Wed Sep 08, 2021 4:28 pm

wow! ^_^ but the question is where is the link for container.npk? hehhehe care to share

rextended · Wed Sep 08, 2021 4:32 pm

on the same place: the download section on mikrotik website.

krisjanisj · Wed Sep 08, 2021 4:33 pm

wow! ^_^ but the question is where is the link for container.npk? hehhehe care to share

It's under "Extra packages", available here (just choose the right architecture for Your device)

semaja2 · Wed Sep 08, 2021 4:39 pm

When adding container did You also specified "logging=yes"?

Yes as well as enable "container" logging under "logging"

Is it possible to attach to the container?

krisjanisj · Wed Sep 08, 2021 4:43 pm

Yes as well as enable "container" logging under "logging"

Is it possible to attach to the container?

Currently there is no option for interactive console for containers.
Please generate and send us a supout.rif file to support@mikrotik.com (referencing this forum discussion) so we can look into Your issue.

StubArea51 · Wed Sep 08, 2021 4:56 pm

This is fantastic work and it's going to open up so many possibilities. Thanks for the effort from the MikroTik team.

dksoft · Wed Sep 08, 2021 5:00 pm

The pihole example is 384MB in size. Both CCR2004 have only 128MB of storage.
CCR1s are Tile based.

Will there be any use of the Docker feature on the Cloud Core Router devices?

jvanhambelgium · Wed Sep 08, 2021 5:01 pm

We have similar features on eg. Cisco Catalyst 9300 models and up (in SDx fabric) where you can deploy various "apps" on the switches aka "app hosting"
There are some strict guidelines to follow and off course resource management is important (eg. apps cannot take more then 25% CPU etc)

But I like the concept and who knows when/if I migrate to RouterOS 7.x.....

Cablenut9 · Wed Sep 08, 2021 5:02 pm

Currently there is no option for interactive console for containers.

This is a deal-breaker for things like PiHole, as many management functions are handled only through the console.

krisjanisj · Wed Sep 08, 2021 5:07 pm

The pihole example is 384MB in size. Both CCR2004 have only 128MB of storage.
CCR1s are Tile based.

Will there be any use of the Docker feature on the Cloud Core Router devices?

As noted here You can use external storage (via USB ports) to keep .tar files (which can be deleted after container has been created) and container data itself (by using "root-dir=" when creating a container)

anthonws · Wed Sep 08, 2021 5:08 pm

An example of how to use container package to run PiHole in RouterOS can be found here

Wow! Very interesting! One less device eating power and occupying rack space (RPi4).

Any thoughts about adding info on preferred HW for a given container? What kind of guardrails exist to ensure RouterOS works as expected?

For the ones that already tried PiHole (as an example), how is it performing (HW info also please)?

I must say I am amazed with the exhibited flexibility/extensibility from Mikrotik over the last couple of 7.1 RC releases.

Kudos to the whole team!

loloski · Wed Sep 08, 2021 5:10 pm

wow! ^_^ but the question is where is the link for container.npk? hehhehe care to share
It's under "Extra packages", available here (just choose the right architecture for Your device)

Thanks a ton, this is my excuse to buy RB5009 to my wife

and put haproxy in the container endless possibilities!!! MT you rock thanks guys!

pe1chl · Wed Sep 08, 2021 5:13 pm

The pihole example is 384MB in size. Both CCR2004 have only 128MB of storage.
CCR1s are Tile based.

Will there be any use of the Docker feature on the Cloud Core Router devices?

Unfortunately the CCR2004 has no USB or SD card interfaces so you cannot expand the storage.
It would be possible to use ramdisk for storage when it would be made available by MikroTik (request to make ramdisk available on all models is long outstanding), but of course you would need to load it on powerup from some external source and you would lose it on power fail.
Older CCR models have USB and SD card interfaces so they can be used to expand disk storage for this purpose.

Paternot · Wed Sep 08, 2021 5:25 pm

This is great news! And, suddenly, the RB1100AHx4 Dude Edition gets quite interesting, with its dual SATA/M2 ports! Too bad one can't upgrade RAM...
https://mikrotik.com/product/RB1100Dx4

felixka · Wed Sep 08, 2021 5:42 pm

Unfortunately the CCR2004 has no USB or SD card interfaces so you cannot expand the storage.

Not entirely true. The CCR2004-16G-2S+ does indeed have a USB 3.0 Type A port. The CCR2004-1G-12S+2XS does not.

reddin · Wed Sep 08, 2021 5:52 pm

Anyone managed to make dns in container work?
I added dns="1.1.1.1" to container and still no luck. This is what I get from container

ResolveHostName failed error: -3 (Try again) 22

dksoft · Wed Sep 08, 2021 6:00 pm

As noted here You can use external storage (via USB ports) to keep .tar files (which can be deleted after container has been created) and container data itself (by using "root-dir=" when creating a container)

So a CCR2004-16G-2S+ would be able to execute a 400MB docker image from an attached USB stick?

usern · Wed Sep 08, 2021 6:01 pm

MT keeps on delivering, thanks!

mkx · Wed Sep 08, 2021 6:05 pm

Currently there is no option for interactive console for containers.
This is a deal-breaker for things like PiHole, as many management functions are handled only through the console.

Create container which (with other things) includes ssh service, make container start sshd (in parallel to whatever service container is supposed to deliver, e.g. PiHole), configure DST-NAT to forward a random port to port 22 in container ... and ssh into it. It's not exactly a console, but it's command line session into container.

pe1chl · Wed Sep 08, 2021 6:13 pm

Anyone managed to make dns in container work?
I added dns="1.1.1.1" to container and still no luck.

Of course you need to configure working routing for this kind of thing to work. Including NAT, usually. See the documentation page.

krisjanisj · Wed Sep 08, 2021 6:14 pm

So a CCR2004-16G-2S+ would be able to execute a 400MB docker image from an attached USB stick?

It will indeed be able to add a container from a image, that's on a USB drive. You can also put the whole container on a USB stick, so no container files exist on devices internal storage.

reddin · Wed Sep 08, 2021 6:23 pm

Anyone managed to make dns in container work?
I added dns="1.1.1.1" to container and still no luck.
Of course you need to configure working routing for this kind of thing to work. Including NAT, usually. See the documentation page.

You were correct. Totally forgot about nat because in linux systems docker does it for you

Thanks!

anav · Wed Sep 08, 2021 6:27 pm

So will TILE get docker?? If so it looks like I'm docker ready
Front:
USB - can be used for storage?
Smart Card - can be used for storage?
Back:
Micro SD - can be used for storage?

Got me wondering what everybody uses these three slots for ???

docker.jpg

krisjanisj · Wed Sep 08, 2021 6:30 pm

So will TILE get docker?? If so it looks like I'm docker ready
Front:
USB - can be used for storage?
Smart Card - can be used for storage?
Back:
Micro SD - can be used for storage?

Got me wondering what everybody uses these three slots for ???

Container package is available under "Extra packages". Currently the limiting factor is finding or creating a container file for said architecture.

r00t · Wed Sep 08, 2021 6:51 pm

Currently the limiting factor is finding or creating a container file for said architecture.

Yeah, already trying to make container with basic busybox and it's not easy.
@krisjanisj:
It would be great to share basic busybox containers with SSH server for different architectures if you have them. That would make testing it on different architectures much easier.
Or at least list of architectures you have to use to make containers for different ROS devices... or some tips.
For ARM, I can probably just do it on rPI, but for others, using QEMU is an option (running MIPS and PPC versions of OpenWRT with build environment should be enough).
No idea for TILE, that's just too exotic...

reddin · Wed Sep 08, 2021 7:24 pm

Currently the limiting factor is finding or creating a container file for said architecture.
Yeah, already trying to make container with basic busybox and it's not easy.
@krisjanisj:
It would be great to share basic busybox containers with SSH server for different architectures if you have them. That would make testing it on different architectures much easier.
Or at least list of architectures you have to use to make containers for different ROS devices... or some tips.
For ARM, I can probably just do it on rPI, but for others, using QEMU is an option (running MIPS and PPC versions of OpenWRT with build environment should be enough).
No idea for TILE, that's just too exotic...

SSH in containers isn't working right now. Just tried it.

PTY allocation request failed on channel 0

infabo · Wed Sep 08, 2021 8:39 pm

Nice. Finally a real use-case for the USB port.

i15e · Wed Sep 08, 2021 9:35 pm

This is very cool and something I've been wishing for for a long time!

1. you need a container tar archive

Are there any hard requirements on Docker-isms for the archives? Or will any generic OCI image work?

i15e · Wed Sep 08, 2021 9:40 pm

SSH in containers isn't working right now. Just tried it.
Code: Select all
PTY allocation request failed on channel 0 

Does the container have a devpts filesystem mounted? Try running:

mount | grep ^devpts

If nothing is returned then try mounting it (probably won't work given the container environment, but it's worth a shot):

mount -t devpts devpts /dev/pts

Edit: after trying things out myself tonight I was able to build a container based on the vanilla

debian

image complete with

openssh-server

and it appears to be working ok - I can SSH into it without issue.

SSadistic · Wed Sep 08, 2021 9:45 pm

Quick question.. Can I use minidlna from docker? Can save me a lot of trouble

Hominidae · Wed Sep 08, 2021 11:21 pm

An example of how to use container package to run PiHole in RouterOS can be found here

....really great stuff coming along....but my first choice of a docker to import would have been portainer, would it not (sorry don*t have a RB to spare and try atm)?

inwlan · Thu Sep 09, 2021 6:38 am

Have successfully run independent DNS service in RouterOS

WechatIMG847.png

Docker image：https://hub.docker.com/r/nodecloud/dns

inwlan · Thu Sep 09, 2021 6:59 am

An example of how to use container package to run PiHole in RouterOS can be found here
....really great stuff coming along....but my first choice of a docker to import would have been portainer, would it not (sorry don*t have a RB to spare and try atm)?

portainer Should be unavailable ，He needs to read the docker interface

reddin · Thu Sep 09, 2021 8:24 am

SSH in containers isn't working right now. Just tried it.
Code: Select all
PTY allocation request failed on channel 0 
Does the container have a devpts filesystem mounted? Try running:
Code: Select all
mount | grep ^devpts
If nothing is returned then try mounting it (probably won't work given the container environment, but it's worth a shot):
Code: Select all
mount -t devpts devpts /dev/pts
Edit: after trying things out myself tonight I was able to build a container based on the vanilla
Code: Select all
debian
image complete with
Code: Select all
openssh-server
and it appears to be working ok - I can SSH into it without issue.

Can you share it? Or at least configs

Cause I tried to build openssh container on debian with s6-init and had no luck.

edit: made my own image on latest debian and connected just fine. SSH is working boys!

joegoldman · Thu Sep 09, 2021 9:23 am

HAHA omg the first docker im going to use is likely to be....

....unifi controller!

This is actually super handy.

Clients can have unifi controller in the router - maybe small pbx if required
Bottom of tower can have local nagios,cacti or other monitoring tools
Self hosted dynamic hotspot login webserver

I'm very curious about ALL these possibilities xD

mkx · Thu Sep 09, 2021 10:31 am

I'm very curious about ALL these possibilities xD

I guess everybody wanting to run several apps in docker (either one super-container or several separate containers, the later will be easier to get running but consuming more resources) will soon run into RAM shortage. So containers are probably not feasible on devices with less than 256MB RAM (or even more if one wants to run wave2 wireless driver at the same time.

Quasar · Thu Sep 09, 2021 10:50 am

Is Alpine working for anyone?

I saved current Alpine for armv7, which runs just fine on my aarch64 machine:

# podman pull --arch=arm --variant=v7 alpine:3.13
Resolved "alpine" as an alias (/var/cache/containers/short-name-aliases.conf)
Trying to pull docker.io/library/alpine:3.13...
Getting image source signatures
Copying blob 48fad15491f9 [--------------------------------------] 0.0b / 0.0b
Copying config 057ad4ee62 done
Writing manifest to image destination
Storing signatures
057ad4ee621986edcaa3c070eb2c7671504d67b29e8b55a077a457a5d60de603

# podman run --rm -it 057ad4ee621986edcaa3c070eb2c7671504d67b29e8b55a077a457a5d60de603 /usr/bin/id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

# podman save 057ad4ee621986edcaa3c070eb2c7671504d67b29e8b55a077a457a5d60de603 > mikrotik_v2.tar
Copying blob dad0c8287181 done
Copying config 057ad4ee62 done
Writing manifest to image destination
Storing signatures

I then configured logging (or at least tried to) and a container:

/system/logging/export
# sep/09/2021 09:38:56 by RouterOS 7.1rc3
#
# model = RBD52G-5HacD2HnD
/system logging
add topics=container
add topics=container,debug
add topics=container,debug,info

[admin@MikroTik] /container> /container/start 0

[admin@MikroTik] /container> /container/print
 0 file=disk1/mikrotik_v2.tar name="0247c45d-bb43-4eef-bab6-37ac050b6840" tag="" os="linux" arch="arm" interface=docker-veth cmd="/usr/bin/id" mounts="" dns="" hostname="alpine" logging=yes status=stopped

The container stopped, but that is to be expected I guess - however I see *zero* messages in the logs from container (nothing related to loading, no output of /usr/bin/id)?

I was actually trying to run dropbear, but as that didn't work I figured at least /usr/bin/id should be able to output to the logs?

nescafe2002 · Thu Sep 09, 2021 11:50 am

It works if you set the entrypoint to /usr/bin/id in the image.

Dockerfile:

FROM alpine:3.13@sha256:7bf024556a224584c0fff680d650b4be2ad560b17f6f627b11e0e2d5beb4b597

ENTRYPOINT /usr/bin/id

Build on host:

~/alpid$ docker build -t alpid .
~/alpid$ docker save alpid > alpid.tar

Transfer tar to device, then:

[admin@MikroTik] > /interface/veth/add name=veth1 address=172.17.0.2/16 gateway=172.17.0.1
[admin@MikroTik] > /interface/bridge/add name=docker
[admin@MikroTik] > /ip/address/add address=172.17.0.1/16 interface=docker
[admin@MikroTik] > /interface/bridge/port add bridge=docker interface=veth1
[admin@MikroTik] > /container
[admin@MikroTik] /container> add file=alpid.tar interface=veth1
[admin@MikroTik] /container> print
 0 file=alpid.tar name="71211403-2816-4401-bfc2-d7956679e20f" tag="alpid:latest" os="linux" arch="arm" interface=veth1 mounts="" dns="" status=stopped 
[admin@MikroTik] /container> set 0 logging=yes
[admin@MikroTik] /container> start 0
[admin@MikroTik] /container> /system logging add topics=container
[admin@MikroTik] /container> /log/print
 10:44:44 container,info,debug uid=0(root) gid=0(root)

Edit

Turns out this is not necessary, you can set the entrypoint/cmd in the container config:

On Linux:

~$ docker save alpine:3.13@sha256:7bf024556a224584c0fff680d650b4be2ad560b17f6f627b11e0e2d5beb4b597 > alpine.tar
~$ scp alpine.tar admin@MikroTik:/

On MikroTik:

/container
add cmd=/usr/bin/id file=alpine.tar interface=veth1 logging=yes
print
start 0
/log print
 08:12:03 container,info,debug uid=0(root) gid=0(root)

EduardNOV · Thu Sep 09, 2021 1:05 pm

Hello,

How can I start autmatically container after router reboot?

Thu Sep 09, 2021 1:19 pm

system scheduler

wintech2003 · Thu Sep 09, 2021 1:26 pm

Great stuff, a nice use case would be running routinator (https://github.com/NLnetLabs/routinator) for RPKI https://help.mikrotik.com/docs/pages/vi ... d=59277471

genesispro · Thu Sep 09, 2021 2:31 pm

You gave me a reason to start using dockers !!!

dksoft · Thu Sep 09, 2021 4:17 pm

Can it be that envs variables are not updated internally, when their value changes?
E.g. I have changed the variable "ServerIP" and it now looks like:

[admin@router] /container/envs> print
 0 list="pihole" name="TZ" value="Europe/Berlin" 

 1 list="pihole" name="WEBPASSWORD" value="password1" 

 2 list="pihole" name="ServerIP" value="1.2.3.4"

But when I startup the container I see in the log:

Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"ServerIP" => "1.2.3.4",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"ServerIP" => "1.2.3.4",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"VIRTUAL_HOST" => "1.2.3.4",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"VIRTUAL_HOST" => "1.2.3.4",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"ServerIP" => "0.0.0.0",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"ServerIP" => "0.0.0.0",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"VIRTUAL_HOST" => "0.0.0.0",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"VIRTUAL_HOST" => "0.0.0.0",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"ServerIP" => "10.0.0.212",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"ServerIP" => "10.0.0.212",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"VIRTUAL_HOST" => "10.0.0.212",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"VIRTUAL_HOST" => "10.0.0.212",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"ServerIP" => "172.17.0.2",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"ServerIP" => "172.17.0.2",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"CORS_HOSTS" => "",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"CORS_HOSTS" => "",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"VIRTUAL_HOST" => "172.17.0.2",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"VIRTUAL_HOST" => "172.17.0.2",

Which are actually all the values that I have set it to once before. Also removing the variable does not change their value.

Babujnik · Thu Sep 09, 2021 4:22 pm

from what I've seen - anytime you change variable, you need to remove and create new container.

dksoft · Thu Sep 09, 2021 4:46 pm

from what I've seen - anytime you change variable, you need to remove and create new container.

Right, that helped. Thank you!
But it's still strange. I have the tar on a USB stick and create a container using:

add envlist=pihole file=disk1/docker/pihole.tar hostname=PiHole interface=veth1 logging=yes mounts=pihole,dnsmasq.d

After removing the container twice, the internal disk filled up. It's a RB5009 with 1GB of storage and now it's full without any existing container.

mkx · Thu Sep 09, 2021 5:10 pm

After removing the container twice, the internal disk filled up.

That's a well known "feature" of docker: it doesn't automatically remove container images ... sometimes they can be re-used so I guess savings in "compile time" are the idea behind this decission. I don't know how docker images are named in ROS ... in linux they have undecryptable long names and it takes quite some effort to relate container to image. I suspect that will be impossible to do in ROS (unless MT provides a really good UI to containers), so while experimenting the best way is to clean up containers occasionally: remove containers and remove also container images (directly in /file).

dksoft · Thu Sep 09, 2021 5:27 pm

... the best way is to clean up containers occasionally: remove containers and remove also container images (directly in /file).

No chance: /file is empty. Usage says 941.9 of 1025 used.

Any no containers installed:

[admin@router] /container> export
# sep/09/2021 16:27:45 by RouterOS 7.1rc3
# software id = Y8sdfsdfS1-H5dsfdfQM
#
# model = RB5009UG+S+
# serial number = EC1dfdsfCF52
[admin@router] /container>

dksoft · Thu Sep 09, 2021 5:58 pm

I did reset the configuration and the router was empty but the space still allocated.
Then I netinstalled the device and now the space is back again.

Looks like container and variables are only added but never purged if you chance or remove them.

hecatae · Thu Sep 09, 2021 5:59 pm

Anyone tried running adguard?
https://hub.docker.com/r/adguard/adguardhome

krisjanisj · Thu Sep 09, 2021 6:02 pm

@dksoft
Please send us a supout.rif file to support@mikrotik.com (referencing this forum discussion) so we can have look into this, as on "/container/remove" container data should have been cleared.

dksoft · Thu Sep 09, 2021 6:37 pm

@dksoft
Please send us a supout.rif file to support@mikrotik.com (referencing this forum discussion) so we can have look into this, as on "/container/remove" container data should have been cleared.

Thanks for taking care of this. Please see SUP-59989.
But the device is already netinstalled. So I am not sure if this is of any help.
Meanwhile you could have a look at SUP-59296

dksoft · Thu Sep 09, 2021 6:54 pm

There is another problem: If you install a container to USB like root-dir=disk1/containers/pihole, a whole bunch of files are extracted.

Now if you want to add another container you get as far as "/container/add file=" then the shell hangs.
I guess this is because the command line completion scans the whole disk and directories.

reddin · Thu Sep 09, 2021 7:27 pm

Anyone tried running adguard?
https://hub.docker.com/r/adguard/adguardhome

Working just fune

Quasar · Thu Sep 09, 2021 9:55 pm

It works if you set the entrypoint to /usr/bin/id in the image.

Thanks a lot for the transcript. Unfortunately, it still doesn't work - I copied your commands and docker steps verbatim (also switched to docker instead of podman).

Can you upload the container tar somewhere so I can rule that out?

nescafe2002 · Thu Sep 09, 2021 10:02 pm

Can you upload the container tar somewhere so I can rule that out?

Just uploaded here: http://www.filedropper.com/alpid

Quasar · Thu Sep 09, 2021 10:11 pm

Thanks. Still doesn't work. I guess I'll contact support.

Hominidae · Thu Sep 09, 2021 10:41 pm

portainer Should be unavailable ，He needs to read the docker interface

Yes, well...if there's a docker daemon runi`nng, there needs to be a local control interface, that can be used.
Should be true for ROS "linux" as well, shouldn't it?

kenyloveg · Fri Sep 10, 2021 6:06 am

For me, if Mikrotik implemented competitve DNS module to pihole/adguardhome/or any dns forwarders with DOH/DOT... support, I would not lay my hands on docker.
It may not be the right direction, just my 2 cents.

jvanhambelgium · Fri Sep 10, 2021 8:44 am

For me, if Mikrotik implemented competitve DNS module to pihole/adguardhome/or any dns forwarders with DOH/DOT... support, I would not lay my hands on docker.
It may not be the right direction, just my 2 cents.

Mostly agree. This docker-toy may look fun, but this should be tightly controlled too. Yet another attack-vector if people start loading images coming from whatever sources.
You can turn your device into a huge security nightmare if you are not careful.
So an ecosystem of signed/audited/tested/reviewed images available for installation of some sort might be the correct approach if you are really serious about security.

floaty · Fri Sep 10, 2021 9:20 am

Thanks. Still doesn't work. I guess I'll contact support.

same here ... totally numb ... like nothing

floaty · Fri Sep 10, 2021 9:22 am

It works ...

.
may I ask on which hardware do you startet it ?!

nescafe2002 · Fri Sep 10, 2021 9:26 am

Good question. It works on a hAP ac³. It also works on a RB4011 if it's the single container.

It doesn't work if you have multiple containers (start 1 actually runs iperf3)

/container> print 
 0 file=iperf.tar name="2df45158-b892-4e06-af32-9ed00c0a1b9a" tag="" os="linux" arch="arm" interface=veth1 mounts="" dns="" status=running 

 1 file=alpine.tar name="2df45158-b892-4e06-af32-9ed00c0a1b9a" tag="" os="linux" arch="arm" interface=veth2 cmd="/usr/bin/id" mounts="" dns="" 
   logging=yes status=stopped

Ah, I see I have a naming conflict.. solved by recreating container with different host name.

floaty · Fri Sep 10, 2021 11:19 am

hAP ac³ is IPQ-4019 ... my test was on hAP ac² IPQ-4018 ??
... so when it's a hardware-limitation ... probably RAM ?!
could not find a document with min. requirements running docker ( ... are there min. requirements ??)

Quasar · Fri Sep 10, 2021 11:38 am

same here ... totally numb ... like nothing

I've got a very helpful response from MikroTik support which made it work (and probably makes it work for you or anyone else struggling as well).

The root-dir= parameter is used to specify the location where the container root file system is extracted (that is my observation at least). Adding root-dir=disk1/container made it work in my case.

I suppose the tar you provide is extracted to some (invisible) place on flash by default. For devices with limited storage you'll need to provide external storage.

floaty · Fri Sep 10, 2021 11:56 am

tried that too ...
next idea was to vandalize customer spare-parts and give it a try on RB1100Dx4
... but 7.1rc3 seems on hold in the moment ? ... maybe rc4 is in the oven ?

floaty · Fri Sep 10, 2021 1:01 pm

rc3 still avail for download on the MT-website ...
and ... positive ... works on RB1100AHx4
.

[admin@MikroTik] /container> print
 0 file=alpid.tar name="2df45158-b892-4e06-af32-9ed00c0a1b9a" tag="alpid:latest" os="linux" arch="arm" interface=veth1 cmd="/usr/bin/id" mounts="" dns="" logging=yes status=stopped 
[admin@MikroTik] /container> 
[admin@MikroTik] /container> start 0
[admin@MikroTik] /container> 
11:52:51 echo: container,info,debug uid=0(root) gid=0(root)
[admin@MikroTik] /container> 
[admin@MikroTik] /container> .. system/resource/print
             uptime: 14m30s
            version: 7.1rc3 (testing)
         build-time: Sep/08/2021 10:29:39
   factory-software: 6.41.3
        free-memory: 935.7MiB
       total-memory: 1024.0MiB
                cpu: ARMv7
          cpu-count: 4
           cpu-load: 0%
     free-hdd-space: 84.0MiB
    total-hdd-space: 128.2MiB
  architecture-name: arm
         board-name: RB1100AHx4 Dude Edition
           platform: MikroTik
[admin@MikroTik] /container>

.
so it seems hAPac² isn't part of the equation yet ... doesn't even look like a reliable container-fortress

Fri Sep 10, 2021 2:58 pm

Yes, why wouldn't RC3 be available? It has been released publicly

kivimart · Fri Sep 10, 2021 3:45 pm

I get this message on a hapac2 and pihole container

Fri Sep 10 12:43:36 2021 (826): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

I have put the mount on disk1
anybody knows this mean

krisjanisj · Fri Sep 10, 2021 3:50 pm

I get this message on a hapac2 and pihole container

Fri Sep 10 12:43:36 2021 (826): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

I have put the mount on disk1
anybody knows this mean

Was this with "root-dir=disk1/containers/pihole"?

floaty · Fri Sep 10, 2021 5:26 pm

Yes, why wouldn't RC3 be available? It has been released publicly

.
.
could'nt install via winbox ... it was possible to update from 6.45 to 6.49 in winbox ...
but developement-update was stuck while "computize download size" ... something like that

kivimart · Fri Sep 10, 2021 5:32 pm

I get this message on a hapac2 and pihole container

Fri Sep 10 12:43:36 2021 (826): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

I have put the mount on disk1
anybody knows this mean
Was this with "root-dir=disk1/containers/pihole"?

root-dir=disk1/containers/pihole
Its the same

On a USB formated to ext3

pe1chl · Fri Sep 10, 2021 5:44 pm

could'nt install via winbox ... it was possible to update from 6.45 to 6.49 in winbox ...
but developement-update was stuck while "computize download size" ... something like that

You cannot upgrade from v6 to v7 that way. You need to download the appropriate v7 package from the website, upload it to the router, and reboot.
Once you are on a v7 version you can (usually, unless something was broken) do those in-place upgrades via winbox again.

mhaluska · Fri Sep 10, 2021 6:03 pm

This docker implementation looks nice, but I don't think it's good idea, plus I think Mikrotik should invest their development time on more important RouterOS things - like they did with ZeroTier. It makes no sense to use docker container on some boards (maybe most of them) due to low memory or no HDD/SSD/USB available. I can find use case on my CCR2004-12S+ for example for pihole, but with missing USB there is no place for data, even if there will be, I'll not want to wear internal NAND. Isn't better buy cheap RaspberryPi (or 2 for HA) for this purpose? I expect/hope Mikrotik will be releasing new HW capable to use this feature.

pe1chl · Fri Sep 10, 2021 6:47 pm

This docker implementation looks nice, but I don't think it's good idea, plus I think Mikrotik should invest their development time on more important RouterOS things - like they did with ZeroTier.

To the contrary! When the docker implementation had been made earlier, MikroTik would have had zero development time to invest on things like ZeroTier, that could have been entirely made by the company behind it and released as a docker container.
I thin the docker container is the greatest addition to RouterOS made in a long time.

r00t · Fri Sep 10, 2021 7:10 pm

Single purpose containers can be very small, easily fitting into devices even with just 16MB of flash. I'm trying to get UDPXY working and it's looking like it will be <100kB container. Same for things like MQTT. Tiny containers with just a single compiled program and minimum required chroot. Sure, you CAN run huge applications as containers, but you don't have to. There's a lot of tiny programs that will greatly improve ROS functionality and finally we can run them without ugly overhead of VM.

jvanhambelgium · Fri Sep 10, 2021 7:30 pm

Single purpose containers can be very small, easily fitting into devices even with just 16MB of flash. I'm trying to get UDPXY working and it's looking like it will be <100kB container. Same for things like MQTT. Tiny containers with just a single compiled program and minimum required chroot. Sure, you CAN run huge applications as containers, but you don't have to. There's a lot of tiny programs that will greatly improve ROS functionality and finally we can run them without ugly overhead of VM.

for example, getting a MQTT container "up" is 1 thing, but still Mikrotik will have to do RouterOS development for integration. You want your MQTT to be able to publish some events coming out of RouterOS or react to some events on its suscribed topics.
With something like a "Pihole" container its more easy because there is already some DNS "logic" in RouterOS where you can set DNS-servers and have the pihole-container handle it from there. The rest is routing etc.
A mDNS-proxy (eg. Avahi) would also be quite autonomous as long as you can give it 2 interfaces across 2 different networks to do its magic. No real "hooks" into RouterOS needed aparte from the networking side.

Agree the overhead is very very low.

floaty · Fri Sep 10, 2021 7:43 pm

### snip ###

You cannot upgrade from v6 to v7 that way. You need to download the appropriate v7 package from the website, upload it to the router, and reboot.
Once you are on a v7 version you can (usually, unless something was broken) do those in-place upgrades via winbox again.
[/quote]
.
pretty shure I made exactly the same thing, with my hapac² yesterday ... but nobody knows ... it's the devil ... all the time

floaty · Fri Sep 10, 2021 8:02 pm

### snip ###
To the contrary! When the docker implementation had been made earlier, MikroTik would have had zero development time to invest on things like ZeroTier, that could have been entirely made by the company behind it and released as a docker container.
I thin the docker container is the greatest addition to RouterOS made in a long time.

.
guess this is an evolutionary process ... MT had LUA support earlier (even netzilla had LUA support in their famous PIX/ASA'saurus-family)
... what happens, when the next-big-thing comes up ? ... and docker goes to the 'lebenshof' ?
'python' 'go' 'rust' ... 'ruby-on-rails*' (nobody knows anymore*)
.
there's always coffee in the cup ... principles ... (not like "real principles") never change
... and whats real ? ... (even this time ?) basically nothing ...
[guess this is ... already ... the weekend-chablis]

kayzersoze86 · Sat Sep 11, 2021 11:28 am

The usecase for pihole docker is not usable on rb4011. Since the device has only 512mb of usable space when extracting the image.tar, the device runs out of space. No usb or sdcard interface. Any way to mount a external file system only to host the tar files?

pe1chl · Sat Sep 11, 2021 12:01 pm

The usecase for pihole docker is not usable on rb4011. Since the device has only 512mb of usable space when extracting the image.tar, the device runs out of space. No usb or sdcard interface. Any way to mount a external file system only to host the tar files?

The Pihole developers or some other contributor should develop a more lean version that is geared towards running in a container with minimal size.

zainarbani · Sat Sep 11, 2021 3:10 pm

Awesome

ntblade · Sat Sep 11, 2021 3:45 pm

Hi all,
I've tried several times following the pihole example but my container doesn't start and there's no logging. I'm using a USB flash drive as the root:

/container mounts
add dst=/etc/pihole name=pihole src=disk1/containers/pihole
add dst=/etc/dnsmasq.d name=dnsmasq.d src=disk1/containers/dnsmasqd
/container
add envlist=pihole file=disk1/containers/pihole/pihole.tar hostname=PiHole interface=veth1 logging=yes mounts=pihole,dnsmasq.d root-dir=disk1/containers/pihole
/container envs
add list=pihole name=TZ value=Europe/London
add list=pihole name=ServerIP value=172.17.0.2
add list=pihole name=WEBPASSWORD value=********

/system logging
add topics=container

Running on RB3011, fresh install

Any ideas anyone?
Thanks,
N

kivimart · Sat Sep 11, 2021 8:20 pm

Hi all,
I've tried several times following the pihole example but my container doesn't start and there's no logging. I'm using a USB flash drive as the root:
Code: Select all
/container mounts
add dst=/etc/pihole name=pihole src=disk1/containers/pihole
add dst=/etc/dnsmasq.d name=dnsmasq.d src=disk1/containers/dnsmasqd
/container
add envlist=pihole file=disk1/containers/pihole/pihole.tar hostname=PiHole interface=veth1 logging=yes mounts=pihole,dnsmasq.d root-dir=disk1/containers/pihole
/container envs
add list=pihole name=TZ value=Europe/London
add list=pihole name=ServerIP value=172.17.0.2
add list=pihole name=WEBPASSWORD value=********

/system logging
add topics=container
Running on RB3011, fresh install

Any ideas anyone?
Thanks,
N

Create the folders on the usb that your config points to, and put the tar file in container root so it not will get deleted when you delete the container.

devin122 · Sat Sep 11, 2021 8:40 pm

Anybody have any luck with mips? I created a container from the openwrt mips imagebut after running `/container start 0` but the container still says its stopped, and nothing is showing up in the logs

jr0dd · Sat Sep 11, 2021 8:43 pm

Time to get CoreDNS loaded with k8s_gateway.

Although I would have rather seen podman instead of docker with the direction docker is going with subscriptions.

floaty · Sun Sep 12, 2021 1:18 am

hAP ac³ is IPQ-4019 ... my test was on hAP ac² IPQ-4018 ??
... so when it's a hardware-limitation ... probably RAM ?!
could not find a document with min. requirements running docker ( ... are there min. requirements ??)

.
case closed ... filesystem related !!? ... reformated the usb-flash drive: problem solved ... ffin' simple
.

[admin@hapac2] /container> add file=zdisk2/alpine-pex.tar interface=veth1 cmd="/bin/ping 192.168.222.254" root-dir=zdisk2/container/alpine logging=yes hostname=alp
[admin@hapac2] /container> start 0
[admin@hapac2] /container> 
00:05:34 echo: container,info,debug PING 192.168.222.254 (192.168.222.254): 56 data bytes
00:05:34 echo: container,info,debug 64 bytes from 192.168.222.254: seq=0 ttl=255 time=0.827 ms
[admin@hapac2] /container> 
00:05:35 echo: container,info,debug 64 bytes from 192.168.222.254: seq=1 ttl=255 time=0.448 ms
[admin@hapac2] /container> 
00:05:41 echo: container,info,debug 64 bytes from 192.168.222.254: seq=7 ttl=255 time=0.405 ms
[admin@hapac2] /container> 
00:05:42 echo: container,info,debug 64 bytes from 192.168.222.254: seq=8 ttl=255 time=0.417 ms
[admin@hapac2] /container> stop 0

00:05:44 echo: container,info,debug 64 bytes from 192.168.222.254: seq=10 ttl=255 time=0.430 ms
[admin@hapac2] /container> 
00:05:47 echo: container,info,debug 64 bytes from 192.168.222.254: seq=13 ttl=255 time=0.423 ms
[admin@hapac2] /container>

gittubaba · Sun Sep 12, 2021 1:37 am

Huh I've been trying to run a container in my RB750Gr3 but seems like docker images like hello or busybox etc.. only have mips64le. Seems like I have to create images from scratch.

devin122 · Sun Sep 12, 2021 1:49 am

Huh I've been trying to run a container in my RB750Gr3 but seems like docker images like hello or busybox etc.. only have mips64le. Seems like I have to create images from scratch.

openwrt has rootfs images, however it looks like docker only supports mips64[le] https://github.com/docker/cli/blob/a32c ... til.go#L22 If you try anything else you get "unsupported os/arch combination: ..."

ntblade · Sun Sep 12, 2021 1:34 pm

@kivimart, thanks for the reply

Started again from scratch and after wait extraction seems complete one of my CPUs is constantly utilising a lot of "management"

console         0  0%   
ssh             0  0%   
networking      0  0%   
winbox          0  0%   
management      0  8%   
profiling       0  0%   
unclassified    0  2%   
cpu0               10%  
lcd             1  0%   
console         1  0%   
ssh             1  0%   
networking      1  0.5% 
logging         1  0%   
management      1  73%  
unclassified    1  17.5%
cpu1               91%

And I get an error when starting.

[admin@RouterOS] > container/start number=0 ;log/print follow-only 

11:24:16 container,info,debug exec: Exec format error 
11:24:16 container,info,debug close: Bad file descriptor

Thanks
N

SSadistic · Sun Sep 12, 2021 5:01 pm

Anyone tried running adguard?
https://hub.docker.com/r/adguard/adguardhome
Working just fune

Can you give a quickl tutorial, please

shom · Sun Sep 12, 2021 6:21 pm

How to mount a file instead of a folder ?
I want mount config.json

[admin@MikroTik] > container/mounts/print 
 0 name="godns" src="/config.json" dst="/etc/config.json"

log

Error occurs while reading config file, please make sure config file exists!
time="2021-09-12T15:10:41Z" level=fatal msg="open ./config.json: no such file or directory"

mkx · Sun Sep 12, 2021 9:05 pm

How to mount a file instead of a folder ?

You can't. The way linux works is that you can only mount a folder. Because mount point is always a folder. Usually application, run inside container, wants to open configuration file.

So you'll have to prepare a folder containing configuration file and mount that folder.

wtraylor · Mon Sep 13, 2021 12:39 am

Has anyone managed to build your own container for mips architecture?

krisjanisj · Mon Sep 13, 2021 9:39 am

@kivimart, thanks for the reply

Started again from scratch and after wait extraction seems complete one of my CPUs is constantly utilising a lot of "management"

console         0  0%   
ssh             0  0%   
networking      0  0%   
winbox          0  0%   
management      0  8%   
profiling       0  0%   
unclassified    0  2%   
cpu0               10%  
lcd             1  0%   
console         1  0%   
ssh             1  0%   
networking      1  0.5% 
logging         1  0%   
management      1  73%  
unclassified    1  17.5%
cpu1               91%

And I get an error when starting.

[admin@RouterOS] > container/start number=0 ;log/print follow-only 

11:24:16 container,info,debug exec: Exec format error 
11:24:16 container,info,debug close: Bad file descriptor

Thanks
N

The error means that either .tar file is corrupted/incomplete or build for the wrong arch

schadom · Mon Sep 13, 2021 2:25 pm

Is https://hub.docker.com/r/frrouting/frr supported?

brotherdust · Mon Sep 13, 2021 10:09 pm

Is https://hub.docker.com/r/frrouting/frr supported?

I was going to ask the same thing. My guess is that containers aren’t allowed to make changes to the RouterOS routing table. This is based on the fact that one has to manually create interfaces for the containers. A workaround to this is to simply bridge physical interfaces with container interfaces. Not optimal as it’s going to have to copy each and every packet from one interface to the other.

Anyone else try this? If not, I might give it a go this week.

biomesh · Mon Sep 13, 2021 11:15 pm

Here is my config for the nextdns client for use on CHR. The nextdns client does have builds for ARM, so for those interested it would probably work there as well.

Dockerfile:

FROM debian:bullseye-slim
RUN apt-get update && apt-get install -y apt-transport-https curl && \ 
        curl -o /usr/share/keyrings/nextdns.gpg https://repo.nextdns.io/nextdns.gpg && \
        echo "deb [signed-by=/usr/share/keyrings/nextdns.gpg] https://repo.nextdns.io/deb stable main" | tee /etc/apt/sources.list.d/nextdns.list && \
        apt-get update && apt-get install -y nextdns    
EXPOSE 53/tcp 53/udp
CMD /usr/bin/nextdns run ${NEXTDNS_ARGUMENTS} -config ${NEXTDNS_ID}

Commands on CHR:

/interface bridge
add name=docker
/ip address
add address=172.17.0.1/16 interface=docker network=172.17.0.0
/interface veth
add address=172.17.0.2/16 gateway=172.17.0.1 name=veth1
/interface bridge port
add bridge=docker interface=veth1

/container envs
add list=nextdns name=NEXTDNS_ARGUMENTS value="-listen :53 -cache-max-age 0s -\
    report-client-info=true -detect-captive-portals=false -control /var/run/ne\
    xtdns.sock -timeout 5s -max-inflight-requests 256 -auto-activate=false -lo\
    g-queries=false -cache-size 10MB -max-ttl 0s -discovery-dns -use-hosts=false"
add list=nextdns name=NEXTDNS_ID value=abc123

/container
add dns=192.168.20.5,192.168.20.10 envlist=nextdns file=nextdns-09132021v1.tar \
    interface=veth1 logging=yes

/ip firewall nat
add action=masquerade chain=srcnat src-address=172.17.0.0/16
add action=dst-nat chain=dstnat dst-address=192.168.30.20 dst-port=53 \
    protocol=tcp to-addresses=172.17.0.2 to-ports=53
add action=dst-nat chain=dstnat dst-address=192.168.30.20 dst-port=53 \
    protocol=udp to-addresses=172.17.0.2 to-ports=53

/container start 0

almeiras · Mon Sep 13, 2021 11:51 pm

NO, PLEASE NO!

dumb user still exist...
Device "bricked" because the space is depleted (hAP ac)...

viewtopic.php?f=2&t=178319

DAMN IT! Me too... I just bricked my RB4011. I uploaded a .tar image too big. Container status never changed to "stopped" so I continued doing other things. When I restarted the router... silence. I'll try to unbrick.

floaty · Mon Sep 13, 2021 11:52 pm

Has anyone managed to build your own container for mips architecture?

.
... guess the most un-thorny way would be installing qemu ...
running an open-wrt mips guest
installing docker-support
building a container
and copy it over to your target system
.
... if you're done ... copy it to a cloud-drive ...
... and I give it a check
.
(please:
- rancid-with-git;
- freeradius 802.1x-proxy
... and a
- full-featured frad-ldap-kerberos-AD-policy-daemon : )
.

docker-maybe.jpg

joegoldman · Tue Sep 14, 2021 1:49 am

Is https://hub.docker.com/r/frrouting/frr supported?

Because it supports protocols that RouterOS doesn't?

As someone else alluded to - it runs contained so it won't affect the RouterOS routing table directly, but you could use a diff protocol to talk between your router and container, then the container use its different route protocols to build up its own route table and share those routes to RouterOS. Very hacky though.

rplant · Tue Sep 14, 2021 3:49 am

Some issues:
Hap AC^2

Installed iperf3 docker container per
viewtopic.php?f=1&t=178383&sid=e0768ea7 ... 4460fe602c

Good when its working.

Doesn't remember the container setup properly on /system/ reboot.

Before Reboot

/container
add envlist=iperf file=disk1/docker/iperf.tar hostname=iperf interface=veth1 logging=yes \
root-dir=disk1/docker/iperf-r

After Reboot

/container
add envlist=iperf file=disk1/docker/iperf.tar root-dir=disk1/docker/iperf-r

Often gets into a mode (after running an iperf3 test) where looks to be using 1 core fully, and then router reboots.
and usually (eventually) deletes the root-dir folder.

** Also needs a disabled=yes option **
so on reboot it only attempts to start not disabled containers

** Actually perhaps a start mode setting like a windows service might be good.
automatic, delayed, manual, disabled
**

mkx · Tue Sep 14, 2021 8:13 am

Is https://hub.docker.com/r/frrouting/frr supported?
Because it supports protocols that RouterOS doesn't?

I wonder what's the point? Running container with routing engine ... on a router?

Why not take a decent RPI (more RAM, user can choose decently sized storage) and run FRR there? Pair RPI with a decent managed switch and you have a winning combination if you really need all those routing gems not available in ROS.

schadom · Tue Sep 14, 2021 9:24 pm

Because it supports protocols that RouterOS doesn't?

I wonder what's the point? Running container with routing engine ... on a router?

Why not take a decent RPI (more RAM, user can choose decently sized storage) and run FRR there? Pair RPI with a decent managed switch and you have a winning combination if you really need all those routing gems not available in ROS.

Because I really love the Mikrotik hardware, but profoundly hate RouterOS.
If one could easily run Debian and frr on Mikrotik hardware, this would be insane!

Unfortunately I don't think that will ever happen...

wtraylor · Tue Sep 14, 2021 9:48 pm

The idea to use openwrt the container build process is interesting! I looked into it and unfortunately it's going to be more complicated than that because it seems it relies on upstream base images, and there are no prebuild base images for mips big endian. All seem to be mipsle, and outdated (though that's not necessarily a problem.) For example Debian mips was last available for Buster (Debian 10.) I can probably use the Debian distro build scripts with some modifications to create a mipsbe image to be used as a base container for the Mikrotik. I looked into many distributions (Debian, Ubuntu, Gentoo, Fedora) and haven't found anything ready in mipsbe and Debian seems the most ready to work with. If anyone knows of a base image built for mips be, or a build process ready to go to build one from another distro that could be adapted, please let me know. Otherwise I'll probably do what I just described to try to make a mipsbe base image build from Debian Buster.

Has anyone managed to build your own container for mips architecture?
.
... guess the most un-thorny way would be installing qemu ...
running an open-wrt mips guest
installing docker-support
building a container
and copy it over to your target system
.
... if you're done ... copy it to a cloud-drive ...
... and I give it a check
.
(please:
- rancid-with-git;
- freeradius 802.1x-proxy
... and a
- full-featured frad-ldap-kerberos-AD-policy-daemon : )
.
docker-maybe.jpg

Z0ltan · Tue Sep 14, 2021 10:56 pm

Because I really love the Mikrotik hardware, but profoundly hate RouterOS.
If one could easily run Debian and frr on Mikrotik hardware, this would be insane!

Unfortunately I don't think that will ever happen...

It already happened: https://www.earth.li/~noodles/blog/2020 ... nline.html

planetcoop · Tue Sep 14, 2021 11:06 pm

Discussion topic about release from here:
viewtopic.php?f=1&t=178341

Manual (being updated): https://help.mikrotik.com/docs/x/KYAPBQ

1. you need a container tar archive
2. relevant menus:

 
  interface/veth
  container

3. super basic example:

1. Get Docker image as tar archive and copy to router (currently there is no 'pull' command in RouterOS, so containers should be exported from a working Docker environment). Also note that container's architecture should match with the router's.
-----------------------------------------------------

  $ docker pull docker/example-container
  $ docker save docker/example-container > my-container.tar

2. Add veth interface for the container
---------------------------------------

  [admin@MikroTik] > /interface/veth/add name=veth1 address=172.17.0.2/16 gateway=172.17.0.1


3. Create bridge for containers and add veth to it
--------------------------------------------------

  [admin@MikroTik] > /interface/bridge/add name=docker
  [admin@MikroTik] > /ip/address/add address=172.17.0.1/16 interface=docker
  [admin@MikroTik] > /interface/bridge/port add bridge=docker interface=veth1


4. Setup NAT for outgoing traffic
---------------------------------

  [admin@MikroTik] > /ip/firewall/nat/add chain=srcnat action=masquerade src-address=172.17.0.0/16


5. Create environment variables for container if needed
-------------------------------------------------------

  [admin@MikroTik] > /container/envs/add list=foo name=SECRET value=12345678
  [admin@MikroTik] > /container/envs/add list=foo name=FOO value=bar


6. Define mounts if needed
--------------------------

  [admin@MikroTik] > /container/mounts/add name=etc src=disk1/etc dst=/etc
  [admin@MikroTik] > /container/mounts/add name=opt src=disk1/opt dst=/opt

If ``src`` directory does not exist on first time use then it will be populated
with whatever container have in ``dst`` location.


7. Create container from image tar
----------------------------------

  [admin@MikroTik] > /container/add file=my-container.tar interface=veth1 envlist=foo root-dir=disk1/foo mounts=etc,opt

Use ``logging=yes`` to see container output in log with tags
``container,debug,info``.


8. Make sure container has been added and status is stopped
-----------------------------------------------------------

  [admin@MikroTik] > container/print

9. Redirect port 8080 traffic to container
------------------------------------------

  [admin@MikroTik] > /ip/firewall/nat/add chain=dstnat action=dst-nat to-addresses=172.17.0.2 to-ports=80 protocol=tcp dst-port=8080


10. Start container
-------------------

  [admin@MikroTik] > /container/start 0

normis - will there be pull support in the future? Im have tested a number of containers since the 7.1rc3 release and really look forward to the feature, just wish it had pull support.

Xtreme512 · Tue Sep 14, 2021 11:45 pm

Here is my config for the nextdns client for use on CHR. The nextdns client does have builds for ARM, so for those interested it would probably work there as well.

Dockerfile:

FROM debian:bullseye-slim
RUN apt-get update && apt-get install -y apt-transport-https curl && \ 
        curl -o /usr/share/keyrings/nextdns.gpg https://repo.nextdns.io/nextdns.gpg && \
        echo "deb [signed-by=/usr/share/keyrings/nextdns.gpg] https://repo.nextdns.io/deb stable main" | tee /etc/apt/sources.list.d/nextdns.list && \
        apt-get update && apt-get install -y nextdns    
EXPOSE 53/tcp 53/udp
CMD /usr/bin/nextdns run ${NEXTDNS_ARGUMENTS} -config ${NEXTDNS_ID}

Commands on CHR:

/interface bridge
add name=docker
/ip address
add address=172.17.0.1/16 interface=docker network=172.17.0.0
/interface veth
add address=172.17.0.2/16 gateway=172.17.0.1 name=veth1
/interface bridge port
add bridge=docker interface=veth1

/container envs
add list=nextdns name=NEXTDNS_ARGUMENTS value="-listen :53 -cache-max-age 0s -\
    report-client-info=true -detect-captive-portals=false -control /var/run/ne\
    xtdns.sock -timeout 5s -max-inflight-requests 256 -auto-activate=false -lo\
    g-queries=false -cache-size 10MB -max-ttl 0s -discovery-dns -use-hosts=false"
add list=nextdns name=NEXTDNS_ID value=abc123

/container
add dns=192.168.20.5,192.168.20.10 envlist=nextdns file=nextdns-09132021v1.tar \
    interface=veth1 logging=yes

/ip firewall nat
add action=masquerade chain=srcnat src-address=172.17.0.0/16
add action=dst-nat chain=dstnat dst-address=192.168.30.20 dst-port=53 \
    protocol=tcp to-addresses=172.17.0.2 to-ports=53
add action=dst-nat chain=dstnat dst-address=192.168.30.20 dst-port=53 \
    protocol=udp to-addresses=172.17.0.2 to-ports=53

/container start 0

about time someone tried to use nextdns. is it working well? sending client device names etc?

biomesh · Wed Sep 15, 2021 1:21 am

about time someone tried to use nextdns. is it working well? sending client device names etc?

It works just like the nextdns client that I run on some raspberrypis - no problems at all.

damianivereigh · Wed Sep 15, 2021 2:48 am

Adding docker to RouterOS opens up some interesting possibilities that I am wondering if Mikrotik are going to explore. Namely allowing a docker to get deeper into the workings of the RouterOS configuration (with appropriate permission of course). The low level packet manipulation of RouterOS is great but some of it's higher level features, like DHCP (e.g. adding traffic queues via radius) are missing features and if nothing else are complex to setup.

It would be awesome to optionally be able to offload these higher level features to docker where it would for example handle the DHCP requests and make the appropriate RouterOS config changes to suit. Others have mentioned running FRR, which essentially is also a high level application - having the ability of a docker container to add and remove dynamic routes from the routing table.

Because docker could run people's own software (or there may even be a place for a commercial market), much more complex and sophisticated things could done on the Mikrotik's without them having to decide if a feature is worth implementing and supporting.

On further thinking this could be mostly done with the docker talking through the API. However there would be a problem with figuring out the current state. Dynamic config entries are automatically wiped when ROS restarts whereas config entries created via the API would not. It would be hard for a docker to figure out it's state given there is no search pattern match functionality in the API (so you couldn't match on say a comment hashtag). It would be great if you could create dynamic entries through the API (or ones that could be tagged in a way that the docker could start by saying "give me a list of all the configs I created before").

pe1chl · Wed Sep 15, 2021 11:33 am

While the matching capabilities of the API are quite limited, in many cases you can match what is possible in the query, then retrieve the entire matched list and do the remainder of the matching in the client.
I have made several API programs (on external systems so far) that work this way, and it should work fine unless you are manipulating very long lists and want to see only a very small part of it.
For example, for some purpose I want to list open IPsec connections through a NAT router. In the API I query I query /ip/firewall/connection/print and there I match on protocol=udp and seen-reply=true, retrieve that entire list and in the client I match dst-address~":4500$".
Of course this means I am potentially retrieving a long list, but at least I cut out the tcp connections before transferring it (about 3/4 in our router). It handles lists of thousands of items just fine, but of course with hundreds of thousands of items that could be different.

floaty · Wed Sep 15, 2021 4:21 pm

... no prebuild base images for mips big endian. All seem to be mipsle, and outdated (though that's not necessarily a problem.) For example Debian mips was last available for Buster (Debian 10.)
.
indeed ... seems a mips-device isn't the golden choice to start a "mikrotik-docker-career",
since I'm a bloody docker-newbie I've build my first test-containers for my armv7-devices on a QNAP, which has pull-feature and the ability to export self-cooked docker-images
... not shure if there is similiar 'pre-supported' hardware out there for MIPS

.

devin122 · Wed Sep 15, 2021 6:00 pm

The idea to use openwrt the container build process is interesting! I looked into it and unfortunately it's going to be more complicated than that because it seems it relies on upstream base images, and there are no prebuild base images for mips big endian.

I've been using the mips_24kc-21.02.0 tag on https://hub.docker.com/r/openwrtorg/rootfs . However it appears to be a dead end at the moment as it looks like the mips kernel on the current release is not built with proper support for containers (viewtopic.php?f=1&t=178516)

rjow2021 · Wed Sep 15, 2021 6:16 pm

I run AdGuard Home on a Windows 10 box, but there is a docker image available.

How would an RB4011 fair with AdGuard Home docker installed, in docker, with OISD (8.7MB) block list?

Would this be possible?

jvanhambelgium · Wed Sep 15, 2021 6:26 pm

How it resource-management done on the way the docker/containerisation is implemented ?
What amount of resources (% cpu, i/o , mem) are maximum allowed to be consumed or is there no protection again resource-hoggers?
Because in principle, the routerOS core tasks must not be impacted if some container runs into issues, starts looping forever etc,etc.

pe1chl · Thu Sep 16, 2021 10:24 am

Linux is a multitasking operating system and has scheduling algorithms that make sure that all tasks get some CPU time, unless major foul-ups have been made setting realtime priority.
Even when one "regular" process (which I assume the containers are) is using 100% CPU, other similar processes still get CPU time.
It is like a process asking 100% CPU automatically gets a slightly lower priority than all others, so that it does not get 100% but rather "all remaining time".
That has always been the case in Linux (and Unix). On a typical Linux system there is more to fear from programs that use 100% of the disk bandwidth (either through file I/O or through swapping) than from programs using 100% CPU.

ParSor2 · Thu Sep 16, 2021 11:11 am

@kivimart, thanks for the reply
Code: Select all
[admin@RouterOS] > container/start number=0 ;log/print follow-only 

11:24:16 container,info,debug exec: Exec format error 
11:24:16 container,info,debug close: Bad file descriptor 
Thanks
N
The error means that either .tar file is corrupted/incomplete or build for the wrong arch

The reason is not in a broken .tar file, but in free space on the main disk. I have CHR, I install containers on an additional disk, but they deploy something on the main one. I saw that there was 0% free space on it. Removing all containers did not help, /files/print is empty, but there is no free space, reboot does not help, after installation and reboot, the containers have status = extracting.
Solution: I took the x86 .iso file, installed it on the 1Gb disk and all containers started working.

Another bug:
Using "root-dir" expands a huge number of files. When "/files" starts, the CPU load becomes 100% and either WinBox crashes or the VM is completely overloaded.

kowal · Thu Sep 16, 2021 5:12 pm

Maybe I'm doing something wrong.
After creating package with docker on windows, using links from wiki (not current) for arm architecture and putting it on hAP ac3 it always tells that it's build for amd64 not arm.
But unpacking pihole.tar and revieving files reveals that is buld for arm, amd64 is mentioned only in one *json file.
So if it's built for arm, i've changed that line in *json file and tried starting container. It creates some files and stops without any error.
Previously with first-build arm (in RoS it shows still amd64) when I tried to start container it showed eroor "bad file descriptor" but only once - removing, recreating containers using same file do not give any errors.

It's even possible that running:

arm
    docker pull pihole/pihole:latest@sha256:381a39fc1a131e5fa1bb7e1ea6241147758c61206ffa851446a3737c61cf4162
    docker save pihole/pihole:latest > pihole.tar

can build image for amd64 instead of arm? Size of package in my example is 340MB.

Maybe somebody who tried using docker will provide built image? I'm running out of ideas what's wrong...

dksoft · Thu Sep 16, 2021 5:42 pm

Try using docker pull --platform arm pihole/pihole instead of hash code.

dksoft · Thu Sep 16, 2021 5:46 pm

Another bug:
Using "root-dir" expands a huge number of files. When "/files" starts, the CPU load becomes 100% and either WinBox crashes or the VM is completely overloaded.

Spoiler: Fixed in rc4

kowal · Thu Sep 16, 2021 6:23 pm

Try using docker pull --platform arm pihole/pihole instead of hash code.

It doesn't help, it still shows amd64, I will try on another PC with fresh docker install

dksoft · Thu Sep 16, 2021 6:37 pm

Try using docker pull --platform arm pihole/pihole instead of hash code.
It doesn't help, it still shows amd64, I will try on another PC with fresh docker install

Check with docker images and remove all before pulling a cross platform one. That helped me getting it the other way, e.g. from arm to arm64.

kowal · Thu Sep 16, 2021 8:36 pm

I'm getting out of ideas - it still builds version for amd64, even on PC with fresh docker installed.

krisjanisj · Fri Sep 17, 2021 9:49 am

The `type=amd64` for PiHole containers is gonna be for every package they publish on every arch and can be ignored. Unfortunately that is a quirk and/or a bug on their end.
As for why pihole container would not run - please create a supout.rif file and send it to support@mikrotik.com (mentioning this forum discussion) so we can look into it.

zainarbani · Fri Sep 17, 2021 10:45 am

I'm getting out of ideas - it still builds version for amd64, even on PC with fresh docker installed.

its arm or arm64 board btw?

try pull 2021.09-armhf-buster tag,
or just this, https://dockerimagesave.akiel.dev/downl ... er.tar.zip (extract from .zip).

kowal · Fri Sep 17, 2021 4:37 pm

Thanks for that build.

After contacting Mikrotik Support, we have tracked the isssue( thanks Krisjanis!)
The issue was filesystem on external USB storage - it was FAT32, I've missed that when formatting disk to use as container storage.
After change of filesystem to ext3 container files have been unpacked properly and container finally works.
So always check filesystem on external storages

ParSor2 · Sat Sep 18, 2021 10:41 am

Bug:
the command "/interface/veth/set address =" does not actually change the address

[admin@RouterOS] > /interface/veth/add name=veth1 address=10.10.0.2/16 gateway=10.10.0.1
[admin@RouterOS] > /interface/bridge/add name=docker
[admin@RouterOS] > /ip/address/add address=10.10.0.1/16 interface=docker
[admin@RouterOS] > /interface/bridge/port add bridge=docker interface=veth1
[admin@RouterOS] > /interface/veth/print 
Flags: X - disabled; R - running 
 0  R name="veth1" address=10.10.0.2/16 gateway=10.10.0.1 

[admin@RouterOS] > ping 10.10.0.2
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                              
    0 10.10.0.2                                  56  64 93us      
    1 10.10.0.2                                  56  64 43us      
    2 10.10.0.2                                  56  64 44us      
    sent=3 received=3 packet-loss=0% min-rtt=43us avg-rtt=60us max-rtt=93us 

[admin@RouterOS] > /interface/veth/set numbers=0 address=10.10.0.3
[admin@RouterOS] > /interface/veth/print 
Flags: X - disabled; R - running 
 0  R name="veth1" address=10.10.0.3 gateway=10.10.0.1 

[admin@RouterOS] > ping 10.10.0.3
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                              
    0 10.10.0.3                                                    timeout                                                             
    1 10.10.0.3                                                    timeout                                                             
    2 10.10.0.3                                                    timeout                                                             
    sent=3 received=0 packet-loss=100% 

[admin@RouterOS] > ping 10.10.0.2
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                              
    0 10.10.0.2                                  56  64 33us      
    1 10.10.0.2                                  56  64 44us      
    2 10.10.0.2                                  56  64 45us      
    sent=3 received=3 packet-loss=0% min-rtt=33us avg-rtt=40us max-rtt=45us

after reboot

[admin@RouterOS] > /interface/veth/print 
Flags: X - disabled; R - running 
 0    name="veth1" address=10.10.0.3 gateway=10.10.0.1 
[admin@RouterOS] > ping 10.10.0.2
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                             
    0 10.10.0.2                                                    timeout                                                            
    1 10.10.0.2                                                    timeout                                                            
    sent=2 received=0 packet-loss=100% 

[admin@RouterOS] > ping 10.10.0.3
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                             
    0 10.10.0.3                                                    timeout                                                            
    1 10.10.0.3                                                    timeout                                                            
    sent=2 received=0 packet-loss=100%

it is possible to change the address only by deleting and adding an interface

gittubaba · Sat Sep 18, 2021 9:03 pm

Huh I've been trying to run a container in my RB750Gr3 but seems like docker images like hello or busybox etc.. only have mips64le. Seems like I have to create images from scratch.
openwrt has rootfs images, however it looks like docker only supports mips64[le] https://github.com/docker/cli/blob/a32c ... til.go#L22 If you try anything else you get "unsupported os/arch combination: ..."

huh, maybe we need to use a docker alternative that uses the same container protocols/ generates images in same format. I'm not a docker expert so don't know much about how to proceed. On that note, how did routeros dev team tested container functionality on mips? Maybe they can provide some test images....

IGHOR · Mon Sep 20, 2021 3:44 pm

huh, maybe we need to use a docker alternative that uses the same container protocols/ generates images in same format. I'm not a docker expert so don't know much about how to proceed. On that note, how did routeros dev team tested container functionality on mips? Maybe they can provide some test images....

It is not about MikroTik itself, but about mipsbe support by a linux distros, if you find one that supports mipsbe, you can use it with no problems.
Looks like there is only 20 mips supported images in the Docker hub https://hub.docker.com/search?type=imag ... cture=mips
Also you can compile mipsbe rootfs by yourself.

pe1chl · Mon Sep 20, 2021 4:17 pm

I have not yet studied what special requirements there are for making a docker image, but in the past I have compiled programs for MIPS without problem by installing a cross-development environment on my PC. It consists of a cross-compiling gcc, linker, libraries etc. all in a user directory I created for that.
Would that not work in this case?

gittubaba · Mon Sep 20, 2021 7:30 pm

huh, maybe we need to use a docker alternative that uses the same container protocols/ generates images in same format. I'm not a docker expert so don't know much about how to proceed. On that note, how did routeros dev team tested container functionality on mips? Maybe they can provide some test images....
It is not about MikroTik itself, but about mipsbe support by a linux distros, if you find one that supports mipsbe, you can use it with no problems.
Looks like there is only 20 mips supported images in the Docker hub https://hub.docker.com/search?type=imag ... cture=mips
Also you can compile mipsbe rootfs by yourself.

docker only supports mips64. So what I understood so far, even if you made a mips rootfs, you can't make a docker image/container with it, as the architecture is unsupported. From debian wiki

Through the Debian 10 ("buster") release, Debian currently provides 3 ports, 'mips', 'mipsel', and 'mips64el'

Also openwrt seems to support mips too. So linux is certainly available for mips, but the problem is to make a docker container out of it.

gittubaba · Mon Sep 20, 2021 10:59 pm

So I tried to run docker hello world example in RB750Gr3. After some research and looking at openwrt wiki and inspecting the binaries of routeros package, It concluded that its using mips little endian.

In ubuntu I compiled it using

mipsel-linux-gnu-gcc -mtune=24kc -static ../../hello.c -o hello

I tried with and without -mtune=24kc. I also tried mips-linux-gnu-gcc which is big endian.

My Dockerfile is just

FROM scratch
COPY hello /
CMD ["/hello"]

Then I build it using,

docker build --platform linux/mipsel -t sarim/hello-mips:0.6 .

I also tried linux/mips when using mips-linux-gnu-gcc.

Then

docker save sarim/hello-mips:0.6 -o hello-mips.tar

In routeros I added "container" to system/logging.

[admin@GittuTik] /container> add file=hello-mips.tar interface=veth1 logging=yes root-dir=disk4  
[admin@GittuTik] /container> print 
 0 file=hello-mips.tar name="98f82a3b-c4b6-49d0-b17d-bbd1aa409f27" tag="sarim/hello-mips:0.6" os="linux" arch="mipsel" 
   interface=veth1 root-dir=disk4 mounts="" dns="" workdir="/" logging=yes status=stopped
[admin@GittuTik] /container> start 0

[admin@GittuTik] /container> print 
 0 file=hello-mips.tar name="98f82a3b-c4b6-49d0-b17d-bbd1aa409f27" tag="sarim/hello-mips:0.6" os="linux" arch="mipsel" 
   interface=veth1 root-dir=disk4 mounts="" dns="" workdir="/" logging=yes status=stopped
[admin@GittuTik] /container>

I tried with and without root-dir=disk4 .With many variations the result is the same. after start 0 nothing happens. Nothing shows up in log. No error.

After several hours of digging I think its an bug with RB750Gr3 and routeros. I mean no matter what I do no error message shows up in log. Anyone got any idea what is going on? Should I contact support?

dhoulbrooke · Mon Sep 20, 2021 11:56 pm

docker only supports mips64. So what I understood so far, even if you made a mips rootfs, you can't make a docker image/container with it, as the architecture is unsupported. From debian wiki

mipsbe is supported in docker. Try the multiarch containers https://hub.docker.com/r/multiarch/debi ... ips-buster

There were some fixes in rc4 for mips arch containers. Previously they were not working.

docker pull multiarch/debian-debootstrap:mips-buster
docker save multiarch/debian-debootstrap > mips-buster.tar

RouterOS config:

/interface bridge
add name=docker
/interface veth
add address=172.17.0.2/16 gateway=172.17.0.1 name=veth1
/container
add cmd="uname -ar" file=mips-buster.tar hostname=debian interface=veth1 logging=yes
/interface bridge port
add bridge=docker interface=veth1
/ip address
add address=172.17.0.1/16 interface=docker network=172.17.0.0

Run the container and see the below in the logs:

Screenshot_20210921_084428.png

gittubaba · Tue Sep 21, 2021 12:46 am

docker only supports mips64. So what I understood so far, even if you made a mips rootfs, you can't make a docker image/container with it, as the architecture is unsupported. From debian wiki

mipsbe is supported in docker. Try the multiarch containers https://hub.docker.com/r/multiarch/debi ... ips-buster

There were some fixes in rc4 for mips arch containers. Previously they were not working.

What is your hardware? My router, RB750Gr3 is not mipsBE. In Routeros page its listed as Mmips. Nevertheless I tried the image you references, nothing happens. It extracts but then start does nothing. No log no error nothing.

dhoulbrooke · Tue Sep 21, 2021 1:50 am

What is your hardware?

mipsbe / RB450G

For a RB750Gr3 you could try the little endian containers and see if they work: https://hub.docker.com/r/multiarch/debi ... sel-buster

chrisfr · Tue Sep 21, 2021 10:37 am

I tried with very small container (arm32v7/busybox:stable-musl , tar size is about 1,4MB) on CRS305 and CRS309, but container never start (and nothing is write in logs despite logging=yes) :

[admin@CRS309-BU] /container> /container/print 
 0 file=arm32v7_busybox.tar name="3850934b-17c1-4403-8f04-65ead4703936" tag="arm32v7/busybox:stable-musl" os="linux" arch="arm" interface=veth1 mounts="" dns="" hostname="mybbox" logging=yes 
   status=stopped 
[admin@CRS309-BU] /container>
[admin@CRS309-BU] /container> /container/start number=0 ; /log/print follow-only

09:26:10 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:11 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:15 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:16 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:20 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:21 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:25 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:25 system,info,account user prometheus logged out from 192.168.0.182 via api

I guess as CRS3xx have very tiny SPI Flash, Mikrotik didn't test container on theses hardware. I tried with other docker images, but i always have the same result.

krisjanisj · Tue Sep 21, 2021 10:38 am

I tried with very small container (arm32v7/busybox:stable-musl , tar size is about 1,4MB) on CRS305 and CRS309, but container never start (and nothing is write in logs despite logging=yes) :

[admin@CRS309-BU] /container> /container/print 
 0 file=arm32v7_busybox.tar name="3850934b-17c1-4403-8f04-65ead4703936" tag="arm32v7/busybox:stable-musl" os="linux" arch="arm" interface=veth1 mounts="" dns="" hostname="mybbox" logging=yes 
   status=stopped 
[admin@CRS309-BU] /container>
[admin@CRS309-BU] /container> /container/start number=0 ; /log/print follow-only

09:26:10 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:11 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:15 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:16 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:20 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:21 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:25 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:25 system,info,account user prometheus logged out from 192.168.0.182 via api

I guess as CRS3xx have very tiny SPI Flash, Mikrotik didn't test container on theses hardware. I tried with other docker images, but i always have the same result.

Could You please generate a supout.rif file and send it to support@mikrotik.com so we can look into this further?

chrisfr · Tue Sep 21, 2021 12:29 pm

...
Could You please generate a supout.rif file and send it to support@mikrotik.com so we can look into this further?

I send it with also the tar image, thank you.

devin122 · Tue Sep 21, 2021 9:22 pm

I've managed to get containers on MIPSBE working with 7.1rc4, however when the container is running, cpu usage is pinned at 100% despite all the processes inside the container sitting pretty much idle

gittubaba · Tue Sep 21, 2021 10:21 pm

What is your hardware?

mipsbe / RB450G

For a RB750Gr3 you could try the little endian containers and see if they work: https://hub.docker.com/r/multiarch/debi ... sel-buster

Unfortunately nothing happens. I emailed support with supout.rif.

Amm0 · Wed Sep 22, 2021 5:50 am

Boy my lightly used RB1100 "dude" works pretty well with the new container support.

But some way to access to "console" would be very handy. It's not always easy to add SSH support to just any docker image, in particular some of the language runtimes like NodeJS, Julia or R - where you don't need SSH once you've packaged an image with the code you want. Certainly using a stock Linux/OS to "test" on the platform can work...but then your still left unwinding what the more basic version for docker be of that work.

While the Dockerfile on the host can add the need code/entry point before generating the tar – sometimes it's easier to try stuff out in the "running" docker image, then edit the Dockerfile to recreate your "diffs". Now ideally, the containers console would be like any ROS port redirected like any other ROS serial thing, but some "/container/console", similar to /system/serial-console command be very useful. I'd imagine it's be especially useful on the "more escotic" platform since there isn't some go-to stash of TILE base images, yet... and logging=yes will only get you so far at troubleshooting a greenfield like "docker-on-tile" – one way to make use of the unused cores on the TILE RBs.

One other thought, is the basic feature of MetaROUTER was running another ROS instance. I'm surprise that wasn't an example – be awfully handy to run ROS v6 on a ROS v7, since you'd have the dude (which seems forgot in v7 feature-blitz) and could more easily allow testing any differences between v7 and v6...

sszbv · Thu Sep 23, 2021 3:28 pm

Thanks for this awesome feature!

I'm running a domoticz container on a rb5009, works great.
It would be nice if you could add devices support, so I can connect USB or serial devices (like kwh meters).

The docker command line is:

docker run -d \
-p 8080:8080 \
-p 8443:443 \
-v <path for config files>:/opt/domoticz/userdata \
-e TZ=Europe/Amsterdam
--device=<device_id> \
--name=<container name> \
domoticz/domoticz

I mean the --device= part.
Maybe you can create a devices list, using the same approach as for the mounts and envs.

haedertowfeq · Fri Sep 24, 2021 1:51 am

Noop
How to ssh to pihole

To use command like
Pihole -u for update

bpwl · Fri Sep 24, 2021 9:10 pm

"docker exec -it" / "docker container exec" ??? Or is there no docker program?
For GUI comfort I use the "portainer" container, but without "docker exec" that would probably not work on RouterOS.
(https://docs.portainer.io/v/ce-2.6/user ... Fbin%2Fash.)

cfr : https://www.mankier.com/1/docker-exec

rplant · Sat Sep 25, 2021 8:12 am

Hi,
How do I connect a container to 2 network interfaces?
I thought I'd have a go at avahi as a reflector.

Thanks

Amm0 · Sat Sep 25, 2021 9:21 pm

How do I connect a container to 2 network interfaces?

Kinda depends on how the LANs (or VLANs...) your trying do mDNS reflection on ingress the router/switch. The simplest case would be using two bridges (bridgeA and bridgeB) and two virtual ethernets, vethA and vethB, for Avanti container. Assuming your "LAN A" (e.g. "computers/WiFi") is using ether1 and "LAN B" (e.g. "printers") is using ether2. You'd then add ether1 & vethA as bridge ports on bridgeA, same for ether2+vethB going as ports on bridgeB (on /interface/bridge/ports).

VLAN Filtering likely be better long term, be one bridge, but that adds complexity here. You'd add both vethA and vethB as interface to the /container. Like more, basically one bridge/veth per [V]LAN you want Avanti to use.

Where I think the trouble lies isn't bridging the L2 traffic – lots of way to do that in ROS. But finding a pre-compiled Dockerfile that exposes some UI to manage Avanti or has SSH enabled out-of-the box, AND is pre-compiled for the Mikrotik CPU your want to use, which need some "real" disk (USB, SSD, etc). Lots of Docker images for X86/AMD64, but only some number for ARM32 etc... You got a TILE, well, good luck but be interesting.

The current implementation doesn't allow "console access" so once you get the image running on the Mikrotik, you have to essentially start/stop the container and use /container/set 0 cmd="..." each time to modify the image. Normally you can just "compile" a Dockerfile, but unless you're on the same CPU arch, that get tricky – most people don't use an ARM32 as there desktop computer – docker supports "buildx" and scheme to deal with this BUT way more complex than L2 bridging on a Mikrotik part.

But, a poor-man function to proxy for a shell to the container looks like this, assuming you a container, it's working, and logging=yes. Add something like this (as example of concept):

:global DockerDo do={/container/stop $1; :delay 10s; /container/set $1 cmd="$2"; /container/start $1; /log/print follow where topics~"container" and time>([/system/clock/get time]-10s)}

To use this, you can issue a ONE command $DockerDo [container number, "0"] [cmd to run in container] against the docker image, which will start/stop in-between your commands. Since the output it shown via /log/print follow, you'll need to use Ctrl-C to then issue another command:

> $DockerDo 0 "uname -a"
                                            
12:55:51 container,info,debug Linux julia162 5.6.3 #15 SMP Mon Sep 20 07:31:39 UTC 2021 armv7l GNU/Linux 

> $DockerDo 0 "uname -a"

12:57:58 container,info,debug Linux julia162 5.6.3 #15 SMP Mon Sep 20 07:31:39 UTC 2021 armv7l GNU/Linux 

-- Ctrl-C to quit. Space prints separator. New entries will appear at bottom.

Although I've never been sold on the need for "reflecting" mDNS – kinda the point of subnetting is to limit broadcasting. If you just have some "well known printers" you want showing up on iPhone, using domain name in DHCP and some specfic DNS PTR/SRV records will do the same as mDNS broadcasts if that's what your after, see RFC6763 - https://www.ietf.org/rfc/rfc6763.txt

Now why Mikrotik has not added mDNS/avanti, just to stop the requests, is a different question. Guessing they are betting Docker is simpler answer, well see.

rplant · Sun Sep 26, 2021 3:13 am

How do I connect a container to 2 network interfaces?
Kinda depends on how the LANs (or VLANs...) your trying do mDNS reflection on ingress the router/switch. The simplest case would be using two bridges (bridgeA and bridgeB) and two virtual ethernets, vethA and vethB, for Avanti container. Assuming your "LAN A" (e.g. "computers/WiFi") is using ether1 and "LAN B" (e.g. "printers") is using ether2. You'd then add ether1 & vethA as bridge ports on bridgeA, same for ether2+vethB going as ports on bridgeB (on /interface/bridge/ports).
...

VLAN Filtering likely be better long term, be one bridge, but that adds complexity here.

Although I've never been sold on the need for "reflecting" mDNS – kinda the point of subnetting is to limit broadcasting. If you just have some "well known printers" you want showing up on iPhone, using domain name in DHCP and some specfic DNS PTR/SRV records will do the same as mDNS broadcasts if that's what your after, see RFC6763 - https://www.ietf.org/rfc/rfc6763.txt

Thanks,
I have tried the manual DNS thing in the past, but Mikrotik DNS doesn't support PTR records at present (maybe that will change), I did try on another DNS server, but never had much success.

Unfortunately I think I didn't explain myself very well
There seems to be no (obvious) way to add more than 1 interface to a container in the /container add command.

Perhaps VLan filtering might be what I need to use, with the 2 interfaces coming in on 1 veth, a native, and a vlan

I haven't tried this, but was thinking I could drop a netcat into the container's bin directory, and set cmd to "nc -L 5000 -e /bin/sh"
(nil security, but you can firewall access to it)

almeiras · Mon Sep 27, 2021 12:35 pm

Hello! Yet again I resurrected my RB4011. I updated it to 7.1 RC4. Then I used

/Container

to install a Docker image for iperf3, the beloved speedtest app. I picked this image from sk278 since it supports ARMv7 (32 bit ARM).

I leave here my steps for other newbies plus some doubts at the end.

First I created the virtual network interface and bridge for using with

/Container

. I sticked with the default network

172.17.0.0/24

from MT’s Container help. No environment variables or mountpoints were needed for this image.

Then I went to my computer and launched a console terminal app:

Code: Select all
```
docker manifest inspect sk278/iperf3
```
Get the right hash for your architecture, in my case, MikroTik RB4011 is ARMv7:
Code: Select all
```
sha256:823a7cd38cfeea8fce736639cac8146c069246759463f262be832cff340e3bfa
```
(latest image version is this one)

Download the image:

docker pull sk278/iperf3:latest@sha256:823a7cd38cfeea8fce736639cac8146c069246759463f262be832cff340e3bfa

Have the image compressed:
Code: Select all
```
docker save sk278/iperf3 > iperf3.tar
```
Upload it to the router filesystem using your preferred method (just drop it in “Files” section using Webfig).

Time to go to the router command prompt (via SSH, online terminal, serial cable…)

Create the container in using the image file you just uploaded:
Code: Select all
```
/container/add file=iperf3.tar interface=veth1 logging=yes
```
. (you can also add a
Code: Select all
```
hostname
```
if you want)

/container/start [find file=iperf3.tar]

Check if
Code: Select all
```
status=running
```
with
Code: Select all
```
/container/print detail
```
(it takes some time in bigger containers).

OK, now some questions arise in my head:

In my case, the container got itself the IP 172.16.0.2. Can anyone explain why? I mean, there is no environment variable for the IP as in PiHole`s image, nor any kind of negotiation that I’m aware of. Does this depend on the number of the container (0 gets first available IP, 1 gets second…)?
I tried to create a DHCP server for the containers, but I couldn’t since veth1 is a slave of a bridge. I tried creating the server for the bridge, but this made no effect since the Docker images are bound to
Code: Select all
```
veth1
```
, not the bridge (see
Code: Select all
```
/container/print
```
).
iperf3 speed looks to be limited to 100 Mbps, although all my network is 1 Gbps… I have no idea why is that, all physical interfaces look correct.
MikroTik support team, will you bring interactive terminal console to containers? Pretty please? We really need that.

Anyway, congratulations MikroTik for this breakthrough. These are exciting times for us, users. My Raspberry is going to have some rest.

almeiras · Mon Sep 27, 2021 2:01 pm

I tried the official Debian image: https://hub.docker.com/_/debian?tab=des ... st_updated

docker pull debian:stable@sha256:ae04ba555bd7342b5d49305425dcd9f233ea51321d16f1c04b26173a32918349

But once installed, it doesn't start. Architecture is correct. I also tried to stop the other image, but no effect, Debian remains stopped forever:

/container/print

 0 file=iperf3.tar name="0d8ad45e-b1c0-4380-b720-906baf7db7fc" tag="" os="linux" arch="arm" 
   interface=veth1 mounts="" dns="" hostname="iperf3" logging=yes status=stopped 

 1 file=debian.tar name="7274b731-37e4-45b0-8c5c-4f336218333e" tag="" os="linux" arch="arm" 
   interface=veth1 mounts="" dns="" logging=yes status=stopped

jr0dd · Mon Sep 27, 2021 4:10 pm

But once installed, it doesn't start. Architecture is correct. I also tried to stop the other image, but no effect, Debian remains stopped forever:

I’ve tried numerous containers and I can’t get 1 to start also on ARM.

vchrizz · Tue Sep 28, 2021 2:52 am

I've managed to get containers on MIPSBE working with 7.1rc4, however when the container is running, cpu usage is pinned at 100% despite all the processes inside the container sitting pretty much idle

what container(s) did you try? im looking for some working mipsbe images as examples.

or how would one manage to create docker images for mipsbe?
there is no docker.io package for mips/mipsbe in debian.
for debian/bullseye there is a docker.io package for mips64el and mipsel but not mips/mipsbe because debian dropped mips/mipsbe support since bullseye.
on other linux distros i also could not find possibilities to run docker on mipsbe to be able to create images (or tar files from images)

how else is it possible to create docker images without running docker on mipsbe arch?
(i crosscompiled an application already but am not able to create docker images for mipsbe)

thanks for any hints!

EDIT: i crosscompiled mipsbe binary which works fine on other mipsbe devices running debian. then i created a container (with docker on openwrt/mipsel), saved it to a tar file and uploaded it to a rb960pgs running ros v7.1rc4:

[admin@MikroTik] > /container/add file=mipsolsrd.tar interface=veth1 hostname=olsrd logging=yes
[admin@MikroTik] > /container/print
0 file=mipsolsrd.tar name="51b47d9f-9f81-4a26-9f57-1d59d715cbd3" tag="vchrizz/mipsolsrd:latest" os="linux" arch="mipsle" interface=veth1
mounts="" dns="" hostname="olsrd" logging=yes status=stopped
[admin@MikroTik] > /container/start number=0

[admin@MikroTik] > /container/print
0 file=mipsolsrd.tar name="51b47d9f-9f81-4a26-9f57-1d59d715cbd3" tag="vchrizz/mipsolsrd:latest" os="linux" arch="mipsle" interface=veth1
mounts="" dns="" hostname="olsrd" logging=yes status=stopped

seems to look ok but it does not start, nothing is shown in logs on why it did not start (i already added topic "container" to system/logging)

how to debug the container what is wrong to fix that?

gittubaba · Tue Sep 28, 2021 3:04 am

But once installed, it doesn't start. Architecture is correct. I also tried to stop the other image, but no effect, Debian remains stopped forever:
I’ve tried numerous containers and I can’t get 1 to start also on ARM.

Have you managed to get any errors / logs? No reply yet from support dev team, But the main problem is lack of logs / errors. How are you supposed to debug this if no log appears. NB: container topic is added in logging and logging=yes is set. But no log appears.

jr0dd · Wed Sep 29, 2021 7:51 am

Have you managed to get any errors / logs? No reply yet from support dev team, But the main problem is lack of logs / errors. How are you supposed to debug this if no log appears. NB: container topic is added in logging and logging=yes is set. But no log appears.

No logs of any kind. It just stays stopped.

almeiras · Wed Sep 29, 2021 11:07 am

I find interesting the possibility of running a RouterOS container (stable ROS version) inside your own router (development ROS version). This way you could use "The Dude server" (stable versions only) as well as the newer funcionalities (WG, Docker, Zerotier...).

This developer uses QEMU/KVM to run ROS in amd64: https://github.com/EvilFreelancer/docker-routeros; https://hub.docker.com/r/evilfreelancer/docker-routeros

And this one has ported the whole thing to arm64 https://kzits.info/phone/k31kZp-jvcqms2 ... l-mikrotik; https://hub.docker.com/r/mkv28/mikrotik-routeros

I can't test it since my RB4011 is armv7 (32 bit only), but it would be nice to hear from any of you. Maybe MT support team finds it interesting to maintain their own ROS image (@normis?). Thank you.

PS: This implementation would require a second ROS software key.

pe1chl · Wed Sep 29, 2021 11:32 am

I find interesting the possibility of running a RouterOS container (stable ROS version) inside your own router (development ROS version).

Well, this is essentially how it all started on old MikroTik models that offered "MetaROUTER" where you could run either RouterOS or another image.
This fell out of attention as later architectures do not offer it, and the current Docker support is more or less a successor of that.

antonatos · Wed Sep 29, 2021 7:38 pm

Hey folks,

I recently upgraded 1100 AHx4 to 7.1.rc4 in order to test containers.
Although I manage to make it work. I faced the below issues:

Transferring big files is causing kernel panic
Extracting tar image takes more than 15mins which consumes 1 CPU and cause packet drop and Capsman link drop
There is no exec to get a console in order to configure more.

Have you found any solution for the above?

Thanks,
Nikos

almeiras · Fri Oct 01, 2021 4:33 pm

Transferring big files is causing kernel panic

There is no exec to get a console in order to configure more.

No problem with file transfers in ny case. I use ‘scp’ and webfig for uploading (RB4011, ARMv7 32 bit).

Regarding the lack of interactive console shell, you have to settle for images with ssh, web config or environment variables. This is really annoying. I hope we get interactive shell soon. My kingdom for ‘docker exec -it bash‘

devin122 · Fri Oct 01, 2021 6:45 pm

I've managed to get containers on MIPSBE working with 7.1rc4, however when the container is running, cpu usage is pinned at 100% despite all the processes inside the container sitting pretty much idle
what container(s) did you try? im looking for some working mipsbe images as examples.

First I was using openwrt images (mips_24kc-21.02.0 tag on https://hub.docker.com/r/openwrtorg/rootfs) . However, I suspect something about their init system is causing the 100% cpu usage. Now I'm rolling my own images based on openwrt but without their init system.

or how would one manage to create docker images for mipsbe?

I have just been making tarballs of the root fs and then using

docker import

and

docker export

to add the necessary metadata

there is no docker.io package for mips/mipsbe in debian.

There won't be. Since mipsbe isn't officially supported by docker, it wont let you tag an image as being for it (see https://github.com/docker/cli/blob/a32c ... til.go#L22) . However other than displaying it in the UI, ROS seems to ignore the platform tag (my images all say AMD64, but they are running fine)

Have you managed to get any errors / logs? No reply yet from support dev team, But the main problem is lack of logs / errors. How are you supposed to debug this if no log appears. NB: container topic is added in logging and logging=yes is set. But no log appears.

adding logging=yes seems to just log stdout/stderr from inside the container, no info about debugging the container runtime itself. There is some limited debugging info available in supout.rif in the

@container@

sections

gittubaba · Fri Oct 01, 2021 11:10 pm

Have you managed to get any errors / logs? No reply yet from support dev team, But the main problem is lack of logs / errors. How are you supposed to debug this if no log appears. NB: container topic is added in logging and logging=yes is set. But no log appears.
adding logging=yes seems to just log stdout/stderr from inside the container, no info about debugging the container runtime itself. There is some limited debugging info available in supout.rif in the
Code: Select all
@container@
sections

How are you reading supout.rif? I viewed my supout.rif in mikrotik.com -> account but It doesn't contain a "container" section

EDIT: Thank you so much, finally a bit of hint of logging. I used a third party tool (github.com/farseeker/go-mikrotik-rif) to open the supout and found this.

@container@
2021.09.20-21:07:21.81@1: Starting container app.
2021.09.20-21:07:21.81@1: Running app...
2021.09.20-21:14:08.29@3: unable to copy resolv.conf
2021.09.20-21:14:08.30@3: clone: Invalid argument
2021.09.20-21:14:08.30@3: child spawn failed
2021.09.20-21:14:19.53@2: unable to copy resolv.conf
2021.09.20-21:14:19.53@2: clone: Invalid argument
2021.09.20-21:14:19.53@2: child spawn failed
2021.09.20-21:14:20.92@2: image not running
2021.09.20-21:25:41.33@1: no id
2021.09.20-21:40:04.07@3: clone: Invalid argument
2021.09.20-21:40:04.07@3: child spawn failed
2021.09.20-21:40:45.10@0: clone: Invalid argument
2021.09.20-21:40:45.10@0: child spawn failed
2021.09.20-21:41:12.92@2: clone: Invalid argument
2021.09.20-21:41:12.92@2: child spawn failed
2021.09.21-18:55:23.41@0: clone: Invalid argument
2021.09.21-18:55:23.41@0: child spawn failed
2021.09.21-18:55:45.42@1: clone: Invalid argument
2021.09.21-18:55:45.42@1: child spawn failed
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: --- signal=17 --------------------------------------------
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: pc=0x77fe4214 at=0x00000001 v0=0x00000004 v1=0x00000000
2021.09.21-18:57:16.72@1: a0=0x77ff9560 a1=0x00000002 a2=0xffffffff a3=0x00000001
2021.09.21-18:57:16.72@1: t0=0x00000001 t1=0x77f7aa90 t2=0x66206e77 t3=0x656c6961
2021.09.21-18:57:16.72@1: t4=0x7fffb780 t5=0x00000000 t6=0x00000000 t7=0x00420000
2021.09.21-18:57:16.72@1: s0=0x0000105c s1=0xffffffff s2=0x780014f4 s3=0x7fffbbc0
2021.09.21-18:57:16.72@1: s4=0x0000004f s5=0xffffffff s6=0x00000004 s7=0x00421558
2021.09.21-18:57:16.72@1: t8=0x004209a0 t9=0x77fe41d0 k0=0x00000000 k9=0x00000000
2021.09.21-18:57:16.72@1: gp=0x780018d0 sp=0x7fffbac8 s8=0x004217f8 ra=0x77fdc120
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: maps:
2021.09.21-18:57:16.72@1: 00400000-00411000 r-xp 00000000 07:01 8          /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: 00420000-00421000 rwxp 00010000 07:01 8          /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: 00421000-0042c000 rwxp 00000000 00:00 0          [heap]
2021.09.21-18:57:16.72@1: 77de5000-77ee5000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 77ee5000-77f07000 r-xp 00000000 07:00 241        /lib/libuc++.so
2021.09.21-18:57:16.72@1: 77f07000-77f08000 rwxp 00012000 07:00 241        /lib/libuc++.so
2021.09.21-18:57:16.72@1: 77f08000-77f77000 r-xp 00000000 07:00 243        /lib/libumsg.so
2021.09.21-18:57:16.72@1: 77f77000-77f79000 rwxp 0005f000 07:00 243        /lib/libumsg.so
2021.09.21-18:57:16.72@1: 77f79000-77f7b000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 77f7b000-77fa4000 r-xp 00000000 07:00 247        /lib/libubox.so
2021.09.21-18:57:16.72@1: 77fa4000-77fa5000 rwxp 00019000 07:00 247        /lib/libubox.so
2021.09.21-18:57:16.72@1: 77fa5000-77fea000 r-xp 00000000 07:00 240        /lib/libc.so
2021.09.21-18:57:16.72@1: 77ff6000-77ff7000 rwxs 00000000 00:0a 2052       /ram/rtrace/control
2021.09.21-18:57:16.72@1: 77ff7000-77ff9000 r-xp 0ea7c000 00:06 1326       /dev/jiffies
2021.09.21-18:57:16.72@1: 77ff9000-77ffb000 rwxp 00044000 07:00 240        /lib/libc.so
2021.09.21-18:57:16.72@1: 77ffb000-77ffc000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 7ffdb000-7fffc000 rwxp 00000000 00:00 0          [stack]
2021.09.21-18:57:16.72@1: 7fffc000-7fffd000 r-xp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: stack: 0x7fffc000 - 0x7fffbac8 
2021.09.21-18:57:16.72@1: 00 00 00 00 40 11 42 00 d0 f8 f7 77 58 15 42 00 00 00 00 00 00 00 00 00 d0 18 00 78 5c 10 00 00 
2021.09.21-18:57:16.72@1: 00 00 00 00 00 00 00 00 10 10 42 00 30 bb ff 7f ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: code: 0x77fe4214
2021.09.21-18:57:16.72@1: 10e00002 27bd0020 00021023 03e00008 00000000 8f998574 03200008 00000000 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: backtrace: 0x77fe4214 0x77fdc120 
2021.09.21-18:57:16.72@1:

Any idea anyone?

devin122 · Sun Oct 03, 2021 3:13 am

Any idea anyone?

What version are you running. I was seeing the same error on rc3 as the kernel was not built with full support for namespaces. Issue was resolved with rc4

gittubaba · Sun Oct 03, 2021 3:18 am

Any idea anyone?
What version are you running. I was seeing the same error on rc3 as the kernel was not built with full support for namespaces. Issue was resolved with rc4

7.1rc4. Then guess it wasn't solved for mmpis/RB750Gr3

fakejuke · Tue Oct 05, 2021 3:37 pm

Hello! Tried pihole and iperf on my ac3 with external usb flash. Both stuck on "extracting". Any ideas?

vchrizz · Wed Oct 06, 2021 4:34 pm

EDIT: Thank you so much, finally a bit of hint of logging. I used a third party tool go-mikrotik-rif to open the supout and found this.

@container@
2021.09.20-21:07:21.81@1: Starting container app.
2021.09.20-21:07:21.81@1: Running app...
2021.09.20-21:14:08.29@3: unable to copy resolv.conf
2021.09.20-21:14:08.30@3: clone: Invalid argument
2021.09.20-21:14:08.30@3: child spawn failed
2021.09.20-21:14:19.53@2: unable to copy resolv.conf
2021.09.20-21:14:19.53@2: clone: Invalid argument
2021.09.20-21:14:19.53@2: child spawn failed
2021.09.20-21:14:20.92@2: image not running
2021.09.20-21:25:41.33@1: no id
2021.09.20-21:40:04.07@3: clone: Invalid argument
2021.09.20-21:40:04.07@3: child spawn failed
2021.09.20-21:40:45.10@0: clone: Invalid argument
2021.09.20-21:40:45.10@0: child spawn failed
2021.09.20-21:41:12.92@2: clone: Invalid argument
2021.09.20-21:41:12.92@2: child spawn failed
2021.09.21-18:55:23.41@0: clone: Invalid argument
2021.09.21-18:55:23.41@0: child spawn failed
2021.09.21-18:55:45.42@1: clone: Invalid argument
2021.09.21-18:55:45.42@1: child spawn failed
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: --- signal=17 --------------------------------------------
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: pc=0x77fe4214 at=0x00000001 v0=0x00000004 v1=0x00000000
2021.09.21-18:57:16.72@1: a0=0x77ff9560 a1=0x00000002 a2=0xffffffff a3=0x00000001
2021.09.21-18:57:16.72@1: t0=0x00000001 t1=0x77f7aa90 t2=0x66206e77 t3=0x656c6961
2021.09.21-18:57:16.72@1: t4=0x7fffb780 t5=0x00000000 t6=0x00000000 t7=0x00420000
2021.09.21-18:57:16.72@1: s0=0x0000105c s1=0xffffffff s2=0x780014f4 s3=0x7fffbbc0
2021.09.21-18:57:16.72@1: s4=0x0000004f s5=0xffffffff s6=0x00000004 s7=0x00421558
2021.09.21-18:57:16.72@1: t8=0x004209a0 t9=0x77fe41d0 k0=0x00000000 k9=0x00000000
2021.09.21-18:57:16.72@1: gp=0x780018d0 sp=0x7fffbac8 s8=0x004217f8 ra=0x77fdc120
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: maps:
2021.09.21-18:57:16.72@1: 00400000-00411000 r-xp 00000000 07:01 8          /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: 00420000-00421000 rwxp 00010000 07:01 8          /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: 00421000-0042c000 rwxp 00000000 00:00 0          [heap]
2021.09.21-18:57:16.72@1: 77de5000-77ee5000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 77ee5000-77f07000 r-xp 00000000 07:00 241        /lib/libuc++.so
2021.09.21-18:57:16.72@1: 77f07000-77f08000 rwxp 00012000 07:00 241        /lib/libuc++.so
2021.09.21-18:57:16.72@1: 77f08000-77f77000 r-xp 00000000 07:00 243        /lib/libumsg.so
2021.09.21-18:57:16.72@1: 77f77000-77f79000 rwxp 0005f000 07:00 243        /lib/libumsg.so
2021.09.21-18:57:16.72@1: 77f79000-77f7b000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 77f7b000-77fa4000 r-xp 00000000 07:00 247        /lib/libubox.so
2021.09.21-18:57:16.72@1: 77fa4000-77fa5000 rwxp 00019000 07:00 247        /lib/libubox.so
2021.09.21-18:57:16.72@1: 77fa5000-77fea000 r-xp 00000000 07:00 240        /lib/libc.so
2021.09.21-18:57:16.72@1: 77ff6000-77ff7000 rwxs 00000000 00:0a 2052       /ram/rtrace/control
2021.09.21-18:57:16.72@1: 77ff7000-77ff9000 r-xp 0ea7c000 00:06 1326       /dev/jiffies
2021.09.21-18:57:16.72@1: 77ff9000-77ffb000 rwxp 00044000 07:00 240        /lib/libc.so
2021.09.21-18:57:16.72@1: 77ffb000-77ffc000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 7ffdb000-7fffc000 rwxp 00000000 00:00 0          [stack]
2021.09.21-18:57:16.72@1: 7fffc000-7fffd000 r-xp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: stack: 0x7fffc000 - 0x7fffbac8 
2021.09.21-18:57:16.72@1: 00 00 00 00 40 11 42 00 d0 f8 f7 77 58 15 42 00 00 00 00 00 00 00 00 00 d0 18 00 78 5c 10 00 00 
2021.09.21-18:57:16.72@1: 00 00 00 00 00 00 00 00 10 10 42 00 30 bb ff 7f ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: code: 0x77fe4214
2021.09.21-18:57:16.72@1: 10e00002 27bd0020 00021023 03e00008 00000000 8f998574 03200008 00000000 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: backtrace: 0x77fe4214 0x77fdc120 
2021.09.21-18:57:16.72@1:

thanks for the hint! looking at supout.rif with the tool go-mikrotik-rif i get similar stack trace:

@container@
2021.10.05-00:18:06.50@0: 
2021.10.05-00:18:06.50@0: 
2021.10.05-00:18:06.50@0: /ram/pckg/container/nova/bin/container
2021.10.05-00:18:06.50@0: --- signal=17 --------------------------------------------
2021.10.05-00:18:06.50@0: 
2021.10.05-00:18:06.50@0: pc=0x77fd4654 at=0x00000001 v0=0x00000004 v1=0x00000000
2021.10.05-00:18:06.51@0: a0=0x77f0ef00 a1=0x00000002 a2=0xffffffff a3=0x00000001
2021.10.05-00:18:06.51@0: t0=0x00000000 t1=0xfeffffff t2=0x00421064 t3=0x77f82fb0
2021.10.05-00:18:06.51@0: t4=0x00000001 t5=0x10000000 t6=0x77f82980 t7=0x77f20000
2021.10.05-00:18:06.51@0: s0=0x00421064 s1=0xffffffff s2=0x77f80000 s3=0x7fffabe0
2021.10.05-00:18:06.51@0: s4=0x0000004f s5=0xffffffff s6=0x00000004 s7=0x00421558
2021.10.05-00:18:06.51@0: t8=0x004208dc t9=0x77fd4640 k0=0x77f7f960 k9=0x00000000
2021.10.05-00:18:06.51@0: gp=0x78001370 sp=0x7fffab70 s8=0x004217f8 ra=0x77f33848
2021.10.05-00:18:06.51@0: 
2021.10.05-00:18:06.51@0: maps:
2021.10.05-00:18:06.51@0: 00400000-00411000 r-xp 00000000 07:01 8          /ram/pckg/container/nova/bin/container
2021.10.05-00:18:06.51@0: 00420000-00421000 rwxp 00010000 07:01 8          /ram/pckg/container/nova/bin/container
2021.10.05-00:18:06.51@0: 00421000-0042d000 rwxp 00000000 00:00 0          [heap]
2021.10.05-00:18:06.51@0: 77dec000-77eec000 rwxp 00000000 00:00 0 
2021.10.05-00:18:06.51@0: 77eec000-77f0e000 r-xp 00000000 07:00 240        /lib/libuc++.so
2021.10.05-00:18:06.51@0: 77f0e000-77f0f000 rwxp 00012000 07:00 240        /lib/libuc++.so
2021.10.05-00:18:06.51@0: 77f10000-77f7f000 r-xp 00000000 07:00 242        /lib/libumsg.so
2021.10.05-00:18:06.52@0: 77f7f000-77f81000 rwxp 0005f000 07:00 242        /lib/libumsg.so
2021.10.05-00:18:06.52@0: 77f81000-77f83000 rwxp 00000000 00:00 0 
2021.10.05-00:18:06.52@0: 77f84000-77fad000 r-xp 00000000 07:00 246        /lib/libubox.so
2021.10.05-00:18:06.52@0: 77fad000-77fae000 rwxp 00019000 07:00 246        /lib/libubox.so
2021.10.05-00:18:06.52@0: 77fae000-77fea000 r-xp 00000000 07:00 239        /lib/libc.so
2021.10.05-00:18:06.52@0: 77ff4000-77ff5000 rwxs 00000000 00:0a 370        /ram/rtrace/control
2021.10.05-00:18:06.52@0: 77ff6000-77ff8000 r-xp 0717c000 00:06 393        /dev/jiffies
2021.10.05-00:18:06.52@0: 77ff9000-77ffa000 rwxp 0003b000 07:00 239        /lib/libc.so
2021.10.05-00:18:06.52@0: 77ffa000-77ffb000 rwxp 00000000 00:00 0 
2021.10.05-00:18:06.52@0: 7ffda000-7fffb000 rwxp 00000000 00:00 0          [stack]
2021.10.05-00:18:06.52@0: 7fffb000-7fffc000 r-xp 00000000 00:00 0 
2021.10.05-00:18:06.52@0: 
2021.10.05-00:18:06.52@0: stack: 0x7fffb000 - 0x7fffab70 
2021.10.05-00:18:06.52@0: 77 f7 f9 60 00 00 00 00 7f ff ab a0 00 ff 00 00 77 f8 79 f0 77 f3 f6 0c 00 42 10 64 00 42 11 14 
2021.10.05-00:18:06.53@0: 7f ff ac 80 7f ff ab e0 00 00 00 4f ff ff ff ff 00 00 00 04 77 f3 3a a0 77 f8 2b 00 77 fc 0e a8 
2021.10.05-00:18:06.53@0: 
2021.10.05-00:18:06.53@0: code: 0x77fd4654
2021.10.05-00:18:06.53@0: 10e00002 00402025 00022023 8f998078 100099ea 00000000 00000000 3c1c0003 
2021.10.05-00:18:06.53@0: 
2021.10.05-00:18:06.53@0: backtrace: 0x77fd4654

from what i experimented so far with building a container from scratch, and trying to run it on an rb960pg (mipsbe) i can tell:
- if it stucks at status extracting, there is something wrong with the container image (tar file)
- if it does not start but extracts fine, container image seems ok but there is something wrong with the binaries within the container or the container was built/saved on wrong architecture.
- comparing architectures, with a container built on mips64 or mipsel i get stacktrace with signal 11 (SIGSEGV - Segmentation violation)
- saving the built container from a mips32 system i get signal 17 (SIGUSR2 - User-defined signal 2) stacktrace.

so not only the architecture has to match (what is clear to me), but also the build-tools have to match i guess?
i am trying to build the container on a qemu-mips (malta) VM running openwrt 21.02, which uses musl toolchain afaik.
the binaries which run fine in openwrt on mips32 seem not to work in the container on the rb960.
does anybody know what toolchain must be used for binaries in a container to run on a rb960pg (mipsbe) ?

Amm0 · Thu Oct 07, 2021 6:23 pm

I find interesting the possibility of running a RouterOS container (stable ROS version) inside your own router (development ROS version).
Well, this is essentially how it all started on old MikroTik models that offered "MetaROUTER" where you could run either RouterOS or another image.
This fell out of attention as later architectures do not offer it, and the current Docker support is more or less a successor of that.

What's old is new again. Mikrotik was ahead of it's time with MetaROUTER. And, yet still people wanting to run a full Linux distro with stuff PBX etc. But with MetaROUTER, the Wiki had a clear description of how to use with ROS – that's missing in v7 Containers IMO.

Just saying ROS-on-ROS is could be simplier for stuff like VRF, and likely good example of "SDN" potential of Containers. Since there are no examples of any containers for TILE, if Mikrotik had some examples of getting ROS in a working container, that be a good place to know if anyother container could on some hardware platform.

fakejuke · Fri Oct 08, 2021 10:55 pm

Hello! Tried pihole and iperf on my ac3 with external usb flash. Both stuck on "extracting". Any ideas?

Tried to create .tar in Linux invironment (instead of windows 10) and everything works!

vchrizz · Mon Oct 11, 2021 9:20 pm

First I was using openwrt images (mips_24kc-21.02.0 tag on https://hub.docker.com/r/openwrtorg/rootfs) . However, I suspect something about their init system is causing the 100% cpu usage. Now I'm rolling my own images based on openwrt but without their init system.

sorry, i overlooked that comment.
many many thanks for that information! based on that i also could finally get a container to work. based on that container i built my own container.

I have just been making tarballs of the root fs and then using
Code: Select all
docker import 
and
Code: Select all
docker export
to add the necessary metadata

i tried that but maybe i did something wrong because this didnt work for me, but based on the mips_24kc-21.02.0 openwrt container i could create a container myself and build it with "docker build -t mytag ." then "docker save mytag > mytag.tar" to use the tar file on the router.

so i got a working container on a rb960pgs which is really nice!

just giving feedback:
following things i noticed are not (yet) working correctly, but i guess they will be fixed in future ROS versions:

"sometimes" after stopping a container the file autosupout.rif is written and then starting a container is not possible any more until the router is rebootet. (in autosupout.rif i see signal 11 in the log)
when the container is running, after a usual reboot of the router, the container store and the tar-file/image is lost, but the configuration is still there, so i have to remove the container, upload the image and add it again.
are containers started automatically after router reboot? (assuming the previous mentioned problem is fixed)
"sometimes" i have to "/container/start number=0" more than once until the container starts correctly although nothing changed and i just uploaded the image again and re-added the container. looking in supout.rif i see signal 17 as described before.

thanks for this great feature, keep it up!

Janosch · Wed Oct 13, 2021 12:43 pm

Is it possible to get access to devices connected to the USB Bus from within Docker?
(=run Docker in piviledged mode?)
If yes, could you please post an example?

So I could interact with USB devices (IE Serial devices) from within Docker?

Thanks
Janosch

r00t · Wed Oct 13, 2021 3:18 pm

No, because entire point of having docker is to isolate it from rest of the ROS environment.
Maybe sharing USB block devices with docker container can be added as a feature later...

But for now you can use following workaround:
Set up serial port server(s) in ROS and then you can access your USB serial ports over TCP/IP, ie. even from the container.
As long as it's just serial port (and not some other device that would require libusb access) it should work without problems.

deadkat · Thu Oct 14, 2021 4:57 pm

I would like it if containers didn't have to be placed behind NAT....

Please Mikrotik, at least add the ability to use host networking. others would be potentially useful but limiting us to only bridge networking limits what can be done inside a container running on a mikrotik device. https://docs.docker.com/network/#network-drivers

rplant · Fri Oct 15, 2021 4:43 am

Avahi (mdns Reflector)

Hap AC^2 (256M)

It took a while to get working, but I was able to build an Avahi container. Using the cross build instructions at

https://hub.docker.com/r/taoyou/iperf3-alpine

And the avahi container at

https://github.com/flungo-docker/avahi

It came out a bit over 8M in size, so quite big.

It uses a couple of vlans (Vlan setup currently hard coded in the tar file) on it's veth to connect to the local networks.

It is configured as a mdns reflector.

While working out how to make it work, I used netcat from openwrt to provide a couple of cli sessions. The cli is very basic but works, (You need 2 for when you break one) Probably should learn how to setup a dropbear.

I used 7zip on my desktop to open the tar file, and edit config files, and insert the executables (netcat binary and runcat2.sh script)

It seems to work ok.
Not sure I really want it now though

mankomal · Mon Oct 18, 2021 6:40 am

Hey,
tried to run pi-hole on CHR getting this

 (445): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

[api@RouterOS] > container envs/pri
 0 list="pihole" name="TZ" value="Asia/Kolkata" 

 1 list="pihole" name="Server IP" value="172.16.10.2" 

 2 list="pihole" name="WEBPASSWORD" value="password" 
[api@RouterOS] > container/print 
 0 file=pihole.tar name="471a7373-e48f-480b-aca2-7c7ee7195241" 
   tag="pihole/pihole:latest" os="linux" arch="amd64" interface=veth1 
   envlist="pihole" mounts="" dns="" hostname="PiHole" logging=yes 
   status=stopped 
[api@RouterOS] > 
[api@RouterOS] > system resource prin
                   uptime: 2m41s
                  version: 7.1rc4 (testing)
               build-time: Sep/20/2021 10:18:44
              free-memory: 14.1MiB
             total-memory: 96.0MiB
                      cpu: Intel(R)
                cpu-count: 1
            cpu-frequency: 2599MHz
                 cpu-load: 1%
           free-hdd-space: 1416.3MiB
          total-hdd-space: 2038.1MiB
  write-sect-since-reboot: 1320
         write-sect-total: 1321
        architecture-name: x86_64
               board-name: CHR
                 platform: MikroTik

Any idea what could be the problem?

mankomal · Mon Oct 18, 2021 6:46 am

Hey,
tried to run pi-hole on CHR getting this

 (445): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

[api@RouterOS] > container envs/pri
 0 list="pihole" name="TZ" value="Asia/Kolkata" 

 1 list="pihole" name="Server IP" value="172.16.10.2" 

 2 list="pihole" name="WEBPASSWORD" value="password" 
[api@RouterOS] > container/print 
 0 file=pihole.tar name="471a7373-e48f-480b-aca2-7c7ee7195241" 
   tag="pihole/pihole:latest" os="linux" arch="amd64" interface=veth1 
   envlist="pihole" mounts="" dns="" hostname="PiHole" logging=yes 
   status=stopped 
[api@RouterOS] > 
[api@RouterOS] > system resource prin
                   uptime: 2m41s
                  version: 7.1rc4 (testing)
               build-time: Sep/20/2021 10:18:44
              free-memory: 14.1MiB
             total-memory: 96.0MiB
                      cpu: Intel(R)
                cpu-count: 1
            cpu-frequency: 2599MHz
                 cpu-load: 1%
           free-hdd-space: 1416.3MiB
          total-hdd-space: 2038.1MiB
  write-sect-since-reboot: 1320
         write-sect-total: 1321
        architecture-name: x86_64
               board-name: CHR
                 platform: MikroTik

Any idea what could be the problem?

This is the complete log that comes:

Oct/18/2021 09:14:06 container,info,debug [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
Oct/18/2021 09:14:07 container,info,debug [s6-init] ensuring user provided files have correct perms...exited 0.
Oct/18/2021 09:14:07 container,info,debug [fix-attrs.d] applying ownership & permissions fixes...
Oct/18/2021 09:14:07 container,info,debug [fix-attrs.d] 01-resolver-resolv: applying... 
Oct/18/2021 09:14:07 container,info,debug [fix-attrs.d] 01-resolver-resolv: exited 0.
Oct/18/2021 09:14:07 container,info,debug [fix-attrs.d] done.
Oct/18/2021 09:14:07 container,info,debug [cont-init.d] executing container initialization scripts...
Oct/18/2021 09:14:07 container,info,debug [cont-init.d] 20-start.sh: executing... 
Oct/18/2021 09:14:08 container,info,debug  ::: Starting docker specific checks & setup for docker pihole/pihole
Oct/18/2021 09:14:09 container,info,debug 
Oct/18/2021 09:14:09 container,info,debug   [i] Installing configs from /etc/.pihole...
Oct/18/2021 09:14:09 container,info,debug   [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
Oct/18/2021 09:14:09 container,info,debug   [i] Installing /etc/dnsmasq.d/01-pihole.conf...
[K  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
Oct/18/2021 09:14:09 container,info,debug   [i] Installing /etc/.pihole/advanced/06-rfc6761.conf...
[K  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
Oct/18/2021 09:14:14 container,info,debug Existing DNS servers detected in setupVars.conf. Leaving them alone
Oct/18/2021 09:14:14 container,info,debug ::: Pre existing WEBPASSWORD found
Oct/18/2021 09:14:14 container,info,debug DNSMasq binding to default interface: eth0
Oct/18/2021 09:14:14 container,info,debug Added ENV to php:
Oct/18/2021 09:14:14 container,info,debug 			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
Oct/18/2021 09:14:14 container,info,debug 			"ServerIP" => "0.0.0.0",
Oct/18/2021 09:14:14 container,info,debug 			"CORS_HOSTS" => "",
Oct/18/2021 09:14:14 container,info,debug 			"VIRTUAL_HOST" => "0.0.0.0",
Oct/18/2021 09:14:14 container,info,debug Using IPv4 and IPv6
Oct/18/2021 09:14:14 container,info,debug ::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
Oct/18/2021 09:14:14 container,info,debug https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
Oct/18/2021 09:14:15 container,info,debug ::: Testing pihole-FTL DNS: FTL started!
Oct/18/2021 09:14:18 container,info,debug ::: Testing lighttpd config: Syntax OK
Oct/18/2021 09:14:18 container,info,debug ::: All config checks passed, cleared for startup ...
Oct/18/2021 09:14:18 container,info,debug ::: Enabling Query Logging
Oct/18/2021 09:14:19 container,info,debug   [i] Enabling logging...
Oct/18/2021 09:14:19 container,info,debug 
[K  [✓] Logging has been enabled!
Oct/18/2021 09:14:19 container,info,debug  ::: Docker start setup complete
Oct/18/2021 09:14:19 container,info,debug   Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
Oct/18/2021 09:14:19 container,info,debug   Pi-hole version is v5.5 (Latest: v5.5)
Oct/18/2021 09:14:19 container,info,debug   AdminLTE version is v5.7 (Latest: v5.7)
Oct/18/2021 09:14:20 container,info,debug   Current FTL version is v5.10.2
Oct/18/2021 09:14:20 container,info,debug   Container tag is: 2021.10
Oct/18/2021 09:14:20 container,info,debug [cont-init.d] 20-start.sh: exited 0.
Oct/18/2021 09:14:20 container,info,debug [cont-init.d] done.
Oct/18/2021 09:14:20 container,info,debug [services.d] starting services
Oct/18/2021 09:14:20 container,info,debug [services.d] done.
Oct/18/2021 09:14:20 container,info,debug Starting pihole-FTL (no-daemon) as root
Oct/18/2021 09:14:20 container,info,debug Starting lighttpd
Oct/18/2021 09:14:20 container,info,debug Starting crond
Oct/18/2021 09:14:29 container,info,debug Mon Oct 18 03:44:29 2021 (423): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)
Oct/18/2021 09:14:34 container,info,debug Mon Oct 18 03:44:34 2021 (424): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)
Oct/18/2021 09:14:38 container,info,debug Mon Oct 18 03:44:38 2021 (425): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

after this CHR becomes unresponsive and reboots with a 'kernel panic'

frank333 · Mon Oct 18, 2021 9:29 am

having memory, there is portainer.io, should be installed as a normal docker image, and provides a simple graphical interface to install all the images you want. you can customize the run commands, extensions, ports, volumes, etc..

vchrizz · Mon Oct 18, 2021 3:59 pm

is it on purpose, that there is no container package for SMIPS architecture or was it just forgotten?
on all architectures i can find the container package in the all_packages-*-7.1rc4.zip file but not for SMIPS ?

pe1chl · Mon Oct 18, 2021 4:18 pm

is it on purpose, that there is no container package for SMIPS architecture or was it just forgotten?
on all architectures i can find the container package in the all_packages-*-7.1rc4.zip file but not for SMIPS ?

There is no SMIPS device with enough RAM to allow the use of Docker containers...