GUIDE: Running Netinstall Server on a Tik

Hi All,

Wasn’t sure where to best post this, but hopefully someone will find use of it

With the implementation of containers in ROSv7 it opened a whole world of abilities for a Tik, and for anyone that needs to do bulk netinstalls or remotely perform a netinstall in the field (eg. a Tik AP connected to a RB5009) then this might just be useful

Essentially I have bundled the Linux netinstall-cli into a container along with qemu-i386 to allow running the binary on alternate CPUs (eg. ARM/ARM64)

In my testing I was able to do this from a RB4011, and plan to test further with other devices that are capable of running containers (eg. RB5009/NetPower etc)

https://hub.docker.com/r/semaja2/mikrotik-netinstall

Steps
The below steps will create a container linking to ether5, and set netinstall to load the routeros-mipsbe-6.48.6.npk NPK file

• Enable containers and install package (refer wiki)
• Create folder images under disk1
• Upload npk files to images folder
• Create veth interface

/interface veth add address=192.168.88.6/24 gateway=192.168.88.1 name=veth1

• Create bridge

/interface bridge add name=dockers

• Add veth and physical port to bridge

/interface bridge port add bridge=dockers interface=veth1/interface bridge port add bridge=dockers interface=ether5

• Create mount to contain npk files

/container mounts add dst=/app/images name=images src=/disk1/images

• Create enviroment set, and specify npk file to use

/container envs add key=NETINSTALL_NPK name=NETINSTALL value=routeros-mipsbe-6.48.6.npk

• Create container

/container add remote-image=semaja2/mikrotik-netinstall:latest envlist=NETINSTALL interface=veth1 logging=yes mounts=images workdir=/app

After starting the container you can monitor via the logs of the host Tik

[admin@MikroTik] /container> /log/print where topics~“container”
18:42:50 container,info,debug Version: 7.5(2022-08-30 09:34:59)
18:42:50 container,info,debug client: DC:2C:6E:68:XX:XX
18:42:50 container,info,debug sendFile 4877676
18:43:17 container,info,debug Using server IP: 192.168.88.6
18:43:17 container,info,debug Use Netmask: 255.255.255.0
18:43:17 container,info,debug Starting PXE server
18:43:17 container,info,debug Waiting for RouterBOARD…
18:43:17 container,info,debug Discovered RouterBOARD…
18:43:17 container,info,debug Formatting…
18:43:17 container,info,debug Sending package routeros-mipsbe-6.48.6.npk …
18:43:17 container,info,debug Ready for reboot…
18:43:17 container,info,debug Sent reboot command

Congrats! but the link posted right before the Steps section asks for a login for some reason.
This works: https://hub.docker.com/r/semaja2/mikrotik-netinstall

Thanks for that, I have updated the post, looks like I copied the management URL

Nice; now we just need a native ARM build of netinstall from MikroTik. (Request already put in as SUP-89685, but reposting to add more votes might help.)

Instead of passing the name of a file in as an environment variable and mapping the storage for same in from a volume, I think it would be simpler to set the container image up generically, looking for something like “routeros.npk”. Then you have the end user create their own local container images using yours as a base:

FROM semaja2/mikrotik-netinstall:latest
COPY routeros-mipsbe-6.48.6.npk /routeros.npk

That gets you a local image which you export to a tarball and scp up to the ARM router and start without any parameters, because everything’s baked inside. If you need to change the version of RouterOS, you change the Dockerfile, rebuild, and redeploy.

From my testing there is actually no need for a native ARM build (besides being a nice to have)

This container actually uses qemu to run the x86 code on both ARM and ARM64 platforms (testing was done on a RB4011)

From an image perspective, I originally included the npk files but due to limited space on the tiks I broke this out into a seperate container (mikrotik-netinstall-bundle)

So if you have lots of storage, you can pull semaja2/mikrotik-netinstall-bundle:7.5-6.48.6 which will run Netinstall v7.5 and have all the npks for RouterOS 6.48.6

However what you suggested is a great way around it as well, however you would want to copy the npk to the /app/images path as this is where the container expects them

…says the guy with a gig of flash.

Those wanting containers for several CPU types on smaller routers will appreciate not having to pay the cost of a CPU emulator.

Nobody sane runs containers on internal flash.

While you do have a valid point for some remote contexts it may be the only alternative (running from flash during this “rescue” operation) to recover a neighboring device.
Or get in the car and be away for most of the day (or longer).

I will let you now how I go forcing it into smaller devices, but largely anything with an ARM CPU will be fine doing this x86 emulation from a CPU perspective, the netinstall process is not very CPU intensive

From a storage perspective I did try to strip out some parts of the container, but if anyone has recommendations on how to reduce the footprint further I am happy to take advice or pull requests

For a break down:

• Netinstall binary = 32.98MB
• qemu binary = 4.25MB (I might be able to optimise this more)
• debian base image = 28.66MB (maybe another base container could reduce this)

This one is functionally read-only. It shouldn’t materially shorten the lifetime of the host router.

After a bit of early testing, we now have the base container down to 5.35MB compressed (including the qemu part) so after we add netinstall the container comes to 38.72MB compressed

As a result I am successfully able to run the netinstall container on a Netpower16P and perform a netinstall onto a RB2011

However this did come with various limitations (eg. nothing could be in the files) so once it was loaded, I could then add the npk file

This version is available for testing if you want to try as well, simply use semaja2/mikrotik-netinstall:development instead of latest

I’ve read a bit about “distroless” containers but I have no experience yet with containers sadly outside my encounter with MikroTik containers and the few containers I’ve tested from docker hub.

There is probably potential for further optimisations, however we are reaching a point where there is little gains left (we talking 6MB from the distro now) the biggest space consumer is the actual net install binary at 50MB plus a npk file which is usually 10-15MB

I would say if you have a device with minimum 256MB RAM the new version is possible, the only way to get around less ram is for the tik to have proper storage of some sort (I’ll see if I can find my self a tik with 128MB RAM and a USB port)

Hello,

i follow the instalation guide but with no sucses…

I alwais get :
importing remote image: semaja2/mikrotik-netinstall, tag: latest
error parsing manifests

Setup:
Mikrotik RB4011GS+
ROS: 7.6 (firmware 7.6)

Also in tutorial there is mising Registry URL.

Thanks.

Can you post the output of the routers logs? I just did a test on a RB4011 with 7.6 and it worked without issue, potentially you ran into space issue?

The registry URL was not included as its assumed the base config from the MikroTik documentation was followed

/container/config/set registry-url=https://registry-1.docker.io

https://help.mikrotik.com/docs/display/ROS/Container

Can you share the Dockerfile file you originally used to build this?

It’s in the OP’s GitHub repo for this project.

Thanks for the pointer, was just about to ask for it too!

Very cleaver approach using QEMU. Yeah totally works on RB5009 at least.

Although using newer ramdisk feature might be good in instructions. Or I guess with ROSE, the RouterOS images could be an NFS mount now too.

If you dont have an arm64 device, MT is ready to sell you one, so you have to ditch all other MT products…
Everything is geared towards screwing anyone else…

In terms of limitations…
Another reason to put zerotrustcloudflare tunnel as an option package for ALL devices.