Community discussions

MikroTik App
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25275
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 2:29 pm

Discussion topic about release from here:
viewtopic.php?f=1&t=178341

Manual (being updated): https://help.mikrotik.com/docs/x/KYAPBQ

1. you need a container tar archive
2. relevant menus:
 
  interface/veth
  container
3. super basic example:
1. Get Docker image as tar archive and copy to router (currently there is no 'pull' command in RouterOS, so containers should be exported from a working Docker environment). Also note that container's architecture should match with the router's.
-----------------------------------------------------

  $ docker pull docker/example-container
  $ docker save docker/example-container > my-container.tar

2. Add veth interface for the container
---------------------------------------

  [admin@MikroTik] > /interface/veth/add name=veth1 address=172.17.0.2/16 gateway=172.17.0.1


3. Create bridge for containers and add veth to it
--------------------------------------------------

  [admin@MikroTik] > /interface/bridge/add name=docker
  [admin@MikroTik] > /ip/address/add address=172.17.0.1/16 interface=docker
  [admin@MikroTik] > /interface/bridge/port add bridge=docker interface=veth1


4. Setup NAT for outgoing traffic
---------------------------------

  [admin@MikroTik] > /ip/firewall/nat/add chain=srcnat action=masquerade src-address=172.17.0.0/16


5. Create environment variables for container if needed
-------------------------------------------------------

  [admin@MikroTik] > /container/envs/add list=foo name=SECRET value=12345678
  [admin@MikroTik] > /container/envs/add list=foo name=FOO value=bar


6. Define mounts if needed
--------------------------

  [admin@MikroTik] > /container/mounts/add name=etc src=disk1/etc dst=/etc
  [admin@MikroTik] > /container/mounts/add name=opt src=disk1/opt dst=/opt

If ``src`` directory does not exist on first time use then it will be populated
with whatever container have in ``dst`` location.


7. Create container from image tar
----------------------------------

  [admin@MikroTik] > /container/add file=my-container.tar interface=veth1 envlist=foo root-dir=disk1/foo mounts=etc,opt

Use ``logging=yes`` to see container output in log with tags
``container,debug,info``.


8. Make sure container has been added and status is stopped
-----------------------------------------------------------

  [admin@MikroTik] > container/print

9. Redirect port 8080 traffic to container
------------------------------------------

  [admin@MikroTik] > /ip/firewall/nat/add chain=dstnat action=dst-nat to-addresses=172.17.0.2 to-ports=80 protocol=tcp dst-port=8080


10. Start container
-------------------

  [admin@MikroTik] > /container/start 0
No answer to your question? How to write posts
 
mkx
Forum Guru
Forum Guru
Posts: 8501
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 2:36 pm

Answering to @anav (question posted in generic v7.1rc3 thread) ...

rextended you seem excited about docker. ;-)
Can you please elaborate if this is a feature I can use at home or is this something for those running ISPs??

Docker is one of many implementations for running containers. More about containerization.

In short: this is advanced stuff that will replace metarouter, but is much more flexible. If one doesn't know what to do with metarouter, then likely he won't know what to do with docker.
Last edited by mkx on Wed Sep 08, 2021 2:37 pm, edited 1 time in total.
BR,
Metod
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 8943
Joined: Tue Feb 25, 2014 12:49 pm
Location: 🇮🇹, my 💔 is in 🇺🇦

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 2:37 pm

In future versions there is support for making a total backup of routerboard than contain docker, or like user-manager separate .tar file?

and export the single Docker on .tar for put it on another RouterBOARD?
✂ Rextended Fragments of Snippets

Vld4UmVHUkdhelJUTTJzOQ==
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 2:42 pm

Wow! They did it!
That should put an end to the many +1 +1 +1 topics once and for all.
Now most requested features can simply be added by users, instead of always having to go to MikroTik with requests for niche stuff.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 8943
Joined: Tue Feb 25, 2014 12:49 pm
Location: 🇮🇹, my 💔 is in 🇺🇦

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 2:48 pm

niche stuff.
Exactly (really not all, but the majority are useless for 99,9% of users...)
✂ Rextended Fragments of Snippets

Vld4UmVHUkdhelJUTTJzOQ==
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 8943
Joined: Tue Feb 25, 2014 12:49 pm
Location: 🇮🇹, my 💔 is in 🇺🇦

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 2:55 pm

At this point I must change my signature...
✂ Rextended Fragments of Snippets

Vld4UmVHUkdhelJUTTJzOQ==
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:01 pm

An example of how to use container package to run PiHole in RouterOS can be found here
 
mkx
Forum Guru
Forum Guru
Posts: 8501
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:03 pm

niche stuff.
Exactly (really not all, but the majority are useless for 99,9% of users...)

Actually we can start a few +1 threads about removing some useless functionality from system package ... One prime example would be support for SMB (file services). Or (borken) DNS service. Or (your suggestion here).
BR,
Metod
 
aliclubb
newbie
Posts: 26
Joined: Tue Mar 07, 2017 12:29 pm
Location: Cambridge, UK

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:10 pm

Hmmm. Container menu is missing for me on my RB4011 and CHR. I upgraded via the built-in upgrade facility. User error or MikroTik build error? ;)
[ali@chr01] > /container
bad command name container (line 1 column 2)
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:11 pm

Hmmm. Container menu is missing for me on my RB4011 and CHR. I upgraded via the built-in upgrade facility. User error or MikroTik build error? ;)
[ali@chr01] > /container
bad command name container (line 1 column 2)
Have You installed the container.npk package (as with ZeroTier - container is a seperate package)
 
aliclubb
newbie
Posts: 26
Joined: Tue Mar 07, 2017 12:29 pm
Location: Cambridge, UK

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:13 pm

Hmmm. Container menu is missing for me on my RB4011 and CHR. I upgraded via the built-in upgrade facility. User error or MikroTik build error? ;)
[ali@chr01] > /container
bad command name container (line 1 column 2)
Have You installed the container.npk package (as with ZeroTier - container is a seperate package)
Thanks for that! Where was that info? Didn't see that when scrolling through the release notes, the forum posts or the wiki docs. Am I being blind?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 8943
Joined: Tue Feb 25, 2014 12:49 pm
Location: 🇮🇹, my 💔 is in 🇺🇦

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:16 pm

*) added Zerotier (TM) support for ARM and ARM64;
= download separate package zerotier because now this RouterOS support this

*) added support for running Docker (TM) containers;
= download separate package container because now this RouterOS support this
Last edited by rextended on Wed Sep 08, 2021 3:19 pm, edited 1 time in total.
✂ Rextended Fragments of Snippets

Vld4UmVHUkdhelJUTTJzOQ==
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:19 pm

Have You installed the container.npk package (as with ZeroTier - container is a seperate package)
It would be nice when available packages could be listed and installed from the packages menu!
Either on a separate window or by just listing all packages and have some status like not installed, disabled, installed.
(so you can install a package just as easily as you can uninstall, disable or upgrade it)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 8943
Joined: Tue Feb 25, 2014 12:49 pm
Location: 🇮🇹, my 💔 is in 🇺🇦

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:20 pm

NO, PLEASE NO!

dumb user still exist...
Device "bricked" because the space is depleted (hAP ac)...
Image
viewtopic.php?f=2&t=178319
Last edited by rextended on Wed Sep 08, 2021 3:24 pm, edited 1 time in total.
✂ Rextended Fragments of Snippets

Vld4UmVHUkdhelJUTTJzOQ==
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1237
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:24 pm

That is simply awesome!
 
r00t
Long time Member
Long time Member
Posts: 574
Joined: Tue Nov 28, 2017 2:14 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:40 pm

100% nice addition to ROS!
Kudos to bringing this feature to 7.1, it opens great possibilities of finally running your own code on ROS.
 
mafiosa
Member Candidate
Member Candidate
Posts: 258
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:46 pm

An example of how to use container package to run PiHole in RouterOS can be found here
Please add an example to run mDNS using container.
Running Bugtik v7.7 beta6 on RB3011-UiAS-RM, HAP AC^2 & RB5009, VyOS 1.3.2 on Proxmox VE 7.2-14
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 8943
Joined: Tue Feb 25, 2014 12:49 pm
Location: 🇮🇹, my 💔 is in 🇺🇦

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:51 pm

Write yourself the Docker
✂ Rextended Fragments of Snippets

Vld4UmVHUkdhelJUTTJzOQ==
 
semaja2
newbie
Posts: 29
Joined: Wed Sep 08, 2021 3:50 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:53 pm

How do we get any logging output, or attach to a container console?

I have attempted to import the Alpine Armv6/v7 container to a RB4011 and neither will start and there is no log output

This is a great feature as it will enable things like running a small Zabbix proxy on a CHR or onsite router
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 8943
Joined: Tue Feb 25, 2014 12:49 pm
Location: 🇮🇹, my 💔 is in 🇺🇦

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:56 pm

Just searched on Google mDNS proxy Docker
https://hub.docker.com/r/hausgold/mdns-proxy/
✂ Rextended Fragments of Snippets

Vld4UmVHUkdhelJUTTJzOQ==
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 3:58 pm

How do we get any logging output, or attach to a container console?

I have attempted to import the Alpine Armv6/v7 container to a RB4011 and neither will start and there is no log output

This is a great feature as it will enable things like running a small Zabbix proxy on a CHR or onsite router
When adding container did You also specified "logging=yes"?
 
User avatar
Nevexo
just joined
Posts: 3
Joined: Fri Jun 14, 2019 8:59 pm
Location: United Kingdom
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:08 pm

Just searched on Google mDNS proxy Docker
https://hub.docker.com/r/hausgold/mdns-proxy/
There's also https://hub.docker.com/r/flungo/avahi - which is the Avahi daemon directly.
 
User avatar
IGHOR
just joined
Posts: 7
Joined: Tue Oct 21, 2014 12:36 am
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:09 pm

Looks like it supports only one container at time?
Please add an example how to start multiple containers.
 
brimfulnick
just joined
Posts: 4
Joined: Fri Sep 06, 2019 3:42 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:10 pm

This could be quite useful for the likes of ARM or amd64, however tile and *mips are going to be out of luck without the ability to build out a container for them.
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:11 pm

Looks like it supports only one container at time?
Please add an example how to start multiple containers.
There are no software limitations (except hardware capabilities).
Repeat steps to create a second veth interface, add it to the already-created docker bridge and create a second container with specified second veth interface
 
xh116
just joined
Posts: 16
Joined: Wed Oct 17, 2018 3:44 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:16 pm

Very nice feature to make a closed-source project flexible.
But a little suspect about the performance since the Routerboards' cpu are not that powerful..
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 167
Joined: Mon Mar 15, 2021 9:10 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:28 pm

wow! ^_^ but the question is where is the link for container.npk? hehhehe care to share
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 8943
Joined: Tue Feb 25, 2014 12:49 pm
Location: 🇮🇹, my 💔 is in 🇺🇦

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:32 pm

on the same place: the download section on mikrotik website.
Last edited by rextended on Wed Sep 08, 2021 4:33 pm, edited 1 time in total.
✂ Rextended Fragments of Snippets

Vld4UmVHUkdhelJUTTJzOQ==
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:33 pm

wow! ^_^ but the question is where is the link for container.npk? hehhehe care to share
It's under "Extra packages", available here (just choose the right architecture for Your device)
 
semaja2
newbie
Posts: 29
Joined: Wed Sep 08, 2021 3:50 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:39 pm

When adding container did You also specified "logging=yes"?
Yes as well as enable "container" logging under "logging"

Is it possible to attach to the container?
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:43 pm


Yes as well as enable "container" logging under "logging"

Is it possible to attach to the container?
Currently there is no option for interactive console for containers.
Please generate and send us a supout.rif file to support@mikrotik.com (referencing this forum discussion) so we can look into Your issue.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1643
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 4:56 pm

This is fantastic work and it's going to open up so many possibilities. Thanks for the effort from the MikroTik team. 8)
Global - MikroTik Support & Consulting - English | Español +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 5:00 pm

The pihole example is 384MB in size. Both CCR2004 have only 128MB of storage.
CCR1s are Tile based.

Will there be any use of the Docker feature on the Cloud Core Router devices?
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 825
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 5:01 pm

We have similar features on eg. Cisco Catalyst 9300 models and up (in SDx fabric) where you can deploy various "apps" on the switches aka "app hosting"
There are some strict guidelines to follow and off course resource management is important (eg. apps cannot take more then 25% CPU etc)

But I like the concept and who knows when/if I migrate to RouterOS 7.x.....
 
Cablenut9
Long time Member
Long time Member
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 5:02 pm

Currently there is no option for interactive console for containers.
This is a deal-breaker for things like PiHole, as many management functions are handled only through the console.
Serial question asker
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 5:07 pm

The pihole example is 384MB in size. Both CCR2004 have only 128MB of storage.
CCR1s are Tile based.

Will there be any use of the Docker feature on the Cloud Core Router devices?
As noted here You can use external storage (via USB ports) to keep .tar files (which can be deleted after container has been created) and container data itself (by using "root-dir=" when creating a container)
 
User avatar
anthonws
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Sat Jan 09, 2016 6:46 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 5:08 pm

An example of how to use container package to run PiHole in RouterOS can be found here
Wow! Very interesting! One less device eating power and occupying rack space (RPi4).

Any thoughts about adding info on preferred HW for a given container? What kind of guardrails exist to ensure RouterOS works as expected?

For the ones that already tried PiHole (as an example), how is it performing (HW info also please)?

I must say I am amazed with the exhibited flexibility/extensibility from Mikrotik over the last couple of 7.1 RC releases.

Kudos to the whole team!
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 167
Joined: Mon Mar 15, 2021 9:10 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 5:10 pm

wow! ^_^ but the question is where is the link for container.npk? hehhehe care to share
It's under "Extra packages", available here (just choose the right architecture for Your device)
Thanks a ton, this is my excuse to buy RB5009 to my wife :) and put haproxy in the container endless possibilities!!! MT you rock thanks guys!
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 5:13 pm

The pihole example is 384MB in size. Both CCR2004 have only 128MB of storage.
CCR1s are Tile based.

Will there be any use of the Docker feature on the Cloud Core Router devices?
Unfortunately the CCR2004 has no USB or SD card interfaces so you cannot expand the storage.
It would be possible to use ramdisk for storage when it would be made available by MikroTik (request to make ramdisk available on all models is long outstanding), but of course you would need to load it on powerup from some external source and you would lose it on power fail.
Older CCR models have USB and SD card interfaces so they can be used to expand disk storage for this purpose.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 931
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 5:25 pm

This is great news! And, suddenly, the RB1100AHx4 Dude Edition gets quite interesting, with its dual SATA/M2 ports! Too bad one can't upgrade RAM...
https://mikrotik.com/product/RB1100Dx4
 
felixka
newbie
Posts: 44
Joined: Mon Oct 19, 2020 4:12 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 5:42 pm

Unfortunately the CCR2004 has no USB or SD card interfaces so you cannot expand the storage.
Not entirely true. The CCR2004-16G-2S+ does indeed have a USB 3.0 Type A port. The CCR2004-1G-12S+2XS does not.
 
reddin
just joined
Posts: 13
Joined: Mon May 04, 2020 11:46 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 5:52 pm

Anyone managed to make dns in container work?
I added dns="1.1.1.1" to container and still no luck. This is what I get from container
ResolveHostName failed error: -3 (Try again) 22
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 6:00 pm

As noted here You can use external storage (via USB ports) to keep .tar files (which can be deleted after container has been created) and container data itself (by using "root-dir=" when creating a container)
So a CCR2004-16G-2S+ would be able to execute a 400MB docker image from an attached USB stick?
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
usern
just joined
Posts: 6
Joined: Sat May 30, 2020 2:37 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 6:01 pm

MT keeps on delivering, thanks!
 
mkx
Forum Guru
Forum Guru
Posts: 8501
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 6:05 pm

Currently there is no option for interactive console for containers.
This is a deal-breaker for things like PiHole, as many management functions are handled only through the console.
Create container which (with other things) includes ssh service, make container start sshd (in parallel to whatever service container is supposed to deliver, e.g. PiHole), configure DST-NAT to forward a random port to port 22 in container ... and ssh into it. It's not exactly a console, but it's command line session into container.
BR,
Metod
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 6:13 pm

Anyone managed to make dns in container work?
I added dns="1.1.1.1" to container and still no luck.
Of course you need to configure working routing for this kind of thing to work. Including NAT, usually. See the documentation page.
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 6:14 pm

So a CCR2004-16G-2S+ would be able to execute a 400MB docker image from an attached USB stick?
It will indeed be able to add a container from a image, that's on a USB drive. You can also put the whole container on a USB stick, so no container files exist on devices internal storage.
 
reddin
just joined
Posts: 13
Joined: Mon May 04, 2020 11:46 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 6:23 pm

Anyone managed to make dns in container work?
I added dns="1.1.1.1" to container and still no luck.
Of course you need to configure working routing for this kind of thing to work. Including NAT, usually. See the documentation page.
You were correct. Totally forgot about nat because in linux systems docker does it for you :) Thanks!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 13743
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 6:27 pm

So will TILE get docker?? If so it looks like I'm docker ready
Front:
USB - can be used for storage?
Smart Card - can be used for storage?
Back:
Micro SD - can be used for storage?

Got me wondering what everybody uses these three slots for ???

docker.jpg
You do not have the required permissions to view the files attached to this post.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
PS. I only scratch the surface!
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 6:30 pm

So will TILE get docker?? If so it looks like I'm docker ready
Front:
USB - can be used for storage?
Smart Card - can be used for storage?
Back:
Micro SD - can be used for storage?

Got me wondering what everybody uses these three slots for ???
Container package is available under "Extra packages". Currently the limiting factor is finding or creating a container file for said architecture.
 
r00t
Long time Member
Long time Member
Posts: 574
Joined: Tue Nov 28, 2017 2:14 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 6:51 pm

Currently the limiting factor is finding or creating a container file for said architecture.
Yeah, already trying to make container with basic busybox and it's not easy.
@krisjanisj:
It would be great to share basic busybox containers with SSH server for different architectures if you have them. That would make testing it on different architectures much easier.
Or at least list of architectures you have to use to make containers for different ROS devices... or some tips.
For ARM, I can probably just do it on rPI, but for others, using QEMU is an option (running MIPS and PPC versions of OpenWRT with build environment should be enough).
No idea for TILE, that's just too exotic...
 
reddin
just joined
Posts: 13
Joined: Mon May 04, 2020 11:46 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 7:24 pm

Currently the limiting factor is finding or creating a container file for said architecture.
Yeah, already trying to make container with basic busybox and it's not easy.
@krisjanisj:
It would be great to share basic busybox containers with SSH server for different architectures if you have them. That would make testing it on different architectures much easier.
Or at least list of architectures you have to use to make containers for different ROS devices... or some tips.
For ARM, I can probably just do it on rPI, but for others, using QEMU is an option (running MIPS and PPC versions of OpenWRT with build environment should be enough).
No idea for TILE, that's just too exotic...
SSH in containers isn't working right now. Just tried it.
PTY allocation request failed on channel 0 
 
infabo
Member
Member
Posts: 310
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 8:39 pm

Nice. Finally a real use-case for the USB port.
 
i15e
just joined
Posts: 2
Joined: Wed Sep 08, 2021 9:20 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 9:35 pm

This is very cool and something I've been wishing for for a long time!
1. you need a container tar archive
Are there any hard requirements on Docker-isms for the archives? Or will any generic OCI image work?
 
i15e
just joined
Posts: 2
Joined: Wed Sep 08, 2021 9:20 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 9:40 pm

SSH in containers isn't working right now. Just tried it.
PTY allocation request failed on channel 0 
Does the container have a devpts filesystem mounted? Try running:
mount | grep ^devpts
If nothing is returned then try mounting it (probably won't work given the container environment, but it's worth a shot):
mount -t devpts devpts /dev/pts
Edit: after trying things out myself tonight I was able to build a container based on the vanilla
debian
image complete with
openssh-server
and it appears to be working ok - I can SSH into it without issue.
Last edited by i15e on Thu Sep 09, 2021 8:01 am, edited 2 times in total.
 
SSadistic
just joined
Posts: 21
Joined: Mon Jun 17, 2019 1:28 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 9:45 pm

Quick question.. Can I use minidlna from docker? Can save me a lot of trouble
 
User avatar
Hominidae
Member Candidate
Member Candidate
Posts: 296
Joined: Thu Oct 19, 2017 12:50 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 08, 2021 11:21 pm

An example of how to use container package to run PiHole in RouterOS can be found here
....really great stuff coming along....but my first choice of a docker to import would have been portainer, would it not (sorry don*t have a RB to spare and try atm)?
 
User avatar
inwlan
just joined
Posts: 2
Joined: Thu Sep 09, 2021 6:32 am
Location: China BeiJing

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 6:38 am

Have successfully run independent DNS service in RouterOS
WechatIMG847.png
Docker image:https://hub.docker.com/r/nodecloud/dns
You do not have the required permissions to view the files attached to this post.
Last edited by inwlan on Thu Sep 09, 2021 6:49 am, edited 1 time in total.
keyboard
 
User avatar
inwlan
just joined
Posts: 2
Joined: Thu Sep 09, 2021 6:32 am
Location: China BeiJing

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 6:59 am

An example of how to use container package to run PiHole in RouterOS can be found here
....really great stuff coming along....but my first choice of a docker to import would have been portainer, would it not (sorry don*t have a RB to spare and try atm)?
portainer Should be unavailable ,He needs to read the docker interface
keyboard
 
reddin
just joined
Posts: 13
Joined: Mon May 04, 2020 11:46 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 8:24 am

SSH in containers isn't working right now. Just tried it.
PTY allocation request failed on channel 0 
Does the container have a devpts filesystem mounted? Try running:
mount | grep ^devpts
If nothing is returned then try mounting it (probably won't work given the container environment, but it's worth a shot):
mount -t devpts devpts /dev/pts
Edit: after trying things out myself tonight I was able to build a container based on the vanilla
debian
image complete with
openssh-server
and it appears to be working ok - I can SSH into it without issue.
Can you share it? Or at least configs :)
Cause I tried to build openssh container on debian with s6-init and had no luck.

edit: made my own image on latest debian and connected just fine. SSH is working boys!
Last edited by reddin on Thu Sep 09, 2021 9:27 am, edited 1 time in total.
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 752
Joined: Mon May 27, 2013 2:05 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 9:23 am

HAHA omg the first docker im going to use is likely to be....

....unifi controller!

This is actually super handy.

Clients can have unifi controller in the router - maybe small pbx if required
Bottom of tower can have local nagios,cacti or other monitoring tools
Self hosted dynamic hotspot login webserver

I'm very curious about ALL these possibilities xD
 
mkx
Forum Guru
Forum Guru
Posts: 8501
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 10:31 am

I'm very curious about ALL these possibilities xD

I guess everybody wanting to run several apps in docker (either one super-container or several separate containers, the later will be easier to get running but consuming more resources) will soon run into RAM shortage. So containers are probably not feasible on devices with less than 256MB RAM (or even more if one wants to run wave2 wireless driver at the same time.
BR,
Metod
 
Quasar
newbie
Posts: 32
Joined: Sun Oct 05, 2014 1:11 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 10:50 am

Is Alpine working for anyone?

I saved current Alpine for armv7, which runs just fine on my aarch64 machine:
# podman pull --arch=arm --variant=v7 alpine:3.13
Resolved "alpine" as an alias (/var/cache/containers/short-name-aliases.conf)
Trying to pull docker.io/library/alpine:3.13...
Getting image source signatures
Copying blob 48fad15491f9 [--------------------------------------] 0.0b / 0.0b
Copying config 057ad4ee62 done
Writing manifest to image destination
Storing signatures
057ad4ee621986edcaa3c070eb2c7671504d67b29e8b55a077a457a5d60de603

# podman run --rm -it 057ad4ee621986edcaa3c070eb2c7671504d67b29e8b55a077a457a5d60de603 /usr/bin/id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

# podman save 057ad4ee621986edcaa3c070eb2c7671504d67b29e8b55a077a457a5d60de603 > mikrotik_v2.tar
Copying blob dad0c8287181 done
Copying config 057ad4ee62 done
Writing manifest to image destination
Storing signatures
I then configured logging (or at least tried to) and a container:
/system/logging/export
# sep/09/2021 09:38:56 by RouterOS 7.1rc3
#
# model = RBD52G-5HacD2HnD
/system logging
add topics=container
add topics=container,debug
add topics=container,debug,info

[admin@MikroTik] /container> /container/start 0

[admin@MikroTik] /container> /container/print
 0 file=disk1/mikrotik_v2.tar name="0247c45d-bb43-4eef-bab6-37ac050b6840" tag="" os="linux" arch="arm" interface=docker-veth cmd="/usr/bin/id" mounts="" dns="" hostname="alpine" logging=yes status=stopped
The container stopped, but that is to be expected I guess - however I see *zero* messages in the logs from container (nothing related to loading, no output of /usr/bin/id)?

I was actually trying to run dropbear, but as that didn't work I figured at least /usr/bin/id should be able to output to the logs?
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 865
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 11:50 am

It works if you set the entrypoint to /usr/bin/id in the image.

Dockerfile:

FROM alpine:3.13@sha256:7bf024556a224584c0fff680d650b4be2ad560b17f6f627b11e0e2d5beb4b597

ENTRYPOINT /usr/bin/id

Build on host:

~/alpid$ docker build -t alpid .
~/alpid$ docker save alpid > alpid.tar

Transfer tar to device, then:

[admin@MikroTik] > /interface/veth/add name=veth1 address=172.17.0.2/16 gateway=172.17.0.1
[admin@MikroTik] > /interface/bridge/add name=docker
[admin@MikroTik] > /ip/address/add address=172.17.0.1/16 interface=docker
[admin@MikroTik] > /interface/bridge/port add bridge=docker interface=veth1
[admin@MikroTik] > /container
[admin@MikroTik] /container> add file=alpid.tar interface=veth1
[admin@MikroTik] /container> print
 0 file=alpid.tar name="71211403-2816-4401-bfc2-d7956679e20f" tag="alpid:latest" os="linux" arch="arm" interface=veth1 mounts="" dns="" status=stopped 
[admin@MikroTik] /container> set 0 logging=yes
[admin@MikroTik] /container> start 0
[admin@MikroTik] /container> /system logging add topics=container
[admin@MikroTik] /container> /log/print
 10:44:44 container,info,debug uid=0(root) gid=0(root)

Edit

Turns out this is not necessary, you can set the entrypoint/cmd in the container config:
On Linux:

~$ docker save alpine:3.13@sha256:7bf024556a224584c0fff680d650b4be2ad560b17f6f627b11e0e2d5beb4b597 > alpine.tar
~$ scp alpine.tar admin@MikroTik:/

On MikroTik:

/container
add cmd=/usr/bin/id file=alpine.tar interface=veth1 logging=yes
print
start 0
/log print
 08:12:03 container,info,debug uid=0(root) gid=0(root)
Last edited by nescafe2002 on Fri Sep 10, 2021 9:14 am, edited 1 time in total.
 
EduardNOV
just joined
Posts: 6
Joined: Wed Sep 01, 2021 1:57 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 1:05 pm

Hello,

How can I start autmatically container after router reboot?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6776
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 1:19 pm

system scheduler
 
wintech2003
just joined
Posts: 8
Joined: Fri Jun 09, 2006 6:56 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 1:26 pm

Great stuff, a nice use case would be running routinator (https://github.com/NLnetLabs/routinator) for RPKI https://help.mikrotik.com/docs/pages/vi ... d=59277471
 
User avatar
genesispro
Member Candidate
Member Candidate
Posts: 261
Joined: Fri Mar 14, 2014 12:33 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 2:31 pm

You gave me a reason to start using dockers !!!
Mikrotik Rulez
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 4:17 pm

Can it be that envs variables are not updated internally, when their value changes?
E.g. I have changed the variable "ServerIP" and it now looks like:
[admin@router] /container/envs> print
 0 list="pihole" name="TZ" value="Europe/Berlin" 

 1 list="pihole" name="WEBPASSWORD" value="password1" 

 2 list="pihole" name="ServerIP" value="1.2.3.4" 
 
But when I startup the container I see in the log:
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"ServerIP" => "1.2.3.4",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"ServerIP" => "1.2.3.4",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"VIRTUAL_HOST" => "1.2.3.4",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"VIRTUAL_HOST" => "1.2.3.4",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"ServerIP" => "0.0.0.0",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"ServerIP" => "0.0.0.0",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"VIRTUAL_HOST" => "0.0.0.0",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"VIRTUAL_HOST" => "0.0.0.0",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"ServerIP" => "10.0.0.212",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"ServerIP" => "10.0.0.212",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"VIRTUAL_HOST" => "10.0.0.212",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"VIRTUAL_HOST" => "10.0.0.212",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"ServerIP" => "172.17.0.2",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"ServerIP" => "172.17.0.2",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"CORS_HOSTS" => "",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"CORS_HOSTS" => "",
Sep  9 15:13:09 router container,info,debug INFO: #011#011#011"VIRTUAL_HOST" => "172.17.0.2",
Sep  9 15:13:09 router container,info,debug DEBUG: #011#011#011"VIRTUAL_HOST" => "172.17.0.2",
Which are actually all the values that I have set it to once before. Also removing the variable does not change their value.
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
Babujnik
just joined
Posts: 24
Joined: Fri May 05, 2017 2:15 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 4:22 pm

from what I've seen - anytime you change variable, you need to remove and create new container.
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 4:46 pm

from what I've seen - anytime you change variable, you need to remove and create new container.
Right, that helped. Thank you!
But it's still strange. I have the tar on a USB stick and create a container using:
add envlist=pihole file=disk1/docker/pihole.tar hostname=PiHole interface=veth1 logging=yes mounts=pihole,dnsmasq.d
After removing the container twice, the internal disk filled up. It's a RB5009 with 1GB of storage and now it's full without any existing container.
You do not have the required permissions to view the files attached to this post.
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
mkx
Forum Guru
Forum Guru
Posts: 8501
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 5:10 pm

After removing the container twice, the internal disk filled up.

That's a well known "feature" of docker: it doesn't automatically remove container images ... sometimes they can be re-used so I guess savings in "compile time" are the idea behind this decission. I don't know how docker images are named in ROS ... in linux they have undecryptable long names and it takes quite some effort to relate container to image. I suspect that will be impossible to do in ROS (unless MT provides a really good UI to containers), so while experimenting the best way is to clean up containers occasionally: remove containers and remove also container images (directly in /file).
BR,
Metod
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 5:27 pm

... the best way is to clean up containers occasionally: remove containers and remove also container images (directly in /file).
No chance: /file is empty. Usage says 941.9 of 1025 used.

Any no containers installed:
[admin@router] /container> export
# sep/09/2021 16:27:45 by RouterOS 7.1rc3
# software id = Y8sdfsdfS1-H5dsfdfQM
#
# model = RB5009UG+S+
# serial number = EC1dfdsfCF52
[admin@router] /container> 

You do not have the required permissions to view the files attached to this post.
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 5:58 pm

I did reset the configuration and the router was empty but the space still allocated.
Then I netinstalled the device and now the space is back again.

Looks like container and variables are only added but never purged if you chance or remove them.
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
hecatae
Member Candidate
Member Candidate
Posts: 209
Joined: Thu May 21, 2020 2:34 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 5:59 pm

Anyone tried running adguard?
https://hub.docker.com/r/adguard/adguardhome
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 6:02 pm

@dksoft
Please send us a supout.rif file to support@mikrotik.com (referencing this forum discussion) so we can have look into this, as on "/container/remove" container data should have been cleared.
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 6:37 pm

@dksoft
Please send us a supout.rif file to support@mikrotik.com (referencing this forum discussion) so we can have look into this, as on "/container/remove" container data should have been cleared.
Thanks for taking care of this. Please see SUP-59989.
But the device is already netinstalled. So I am not sure if this is of any help.
Meanwhile you could have a look at SUP-59296 :-)
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 6:54 pm

There is another problem: If you install a container to USB like root-dir=disk1/containers/pihole, a whole bunch of files are extracted.

Now if you want to add another container you get as far as "/container/add file=" then the shell hangs.
I guess this is because the command line completion scans the whole disk and directories.
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
reddin
just joined
Posts: 13
Joined: Mon May 04, 2020 11:46 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 7:27 pm

Anyone tried running adguard?
https://hub.docker.com/r/adguard/adguardhome
Working just fune


Image
 
Quasar
newbie
Posts: 32
Joined: Sun Oct 05, 2014 1:11 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 9:55 pm

It works if you set the entrypoint to /usr/bin/id in the image.
Thanks a lot for the transcript. Unfortunately, it still doesn't work - I copied your commands and docker steps verbatim (also switched to docker instead of podman).

Can you upload the container tar somewhere so I can rule that out?
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 865
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 10:02 pm

Can you upload the container tar somewhere so I can rule that out?

Just uploaded here: http://www.filedropper.com/alpid
 
Quasar
newbie
Posts: 32
Joined: Sun Oct 05, 2014 1:11 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 10:11 pm

Thanks. Still doesn't work. I guess I'll contact support.
 
User avatar
Hominidae
Member Candidate
Member Candidate
Posts: 296
Joined: Thu Oct 19, 2017 12:50 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 09, 2021 10:41 pm

portainer Should be unavailable ,He needs to read the docker interface
Yes, well...if there's a docker daemon runi`nng, there needs to be a local control interface, that can be used.
Should be true for ROS "linux" as well, shouldn't it?
 
kenyloveg
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Tue Jul 14, 2009 3:25 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 6:06 am

For me, if Mikrotik implemented competitve DNS module to pihole/adguardhome/or any dns forwarders with DOH/DOT... support, I would not lay my hands on docker.
It may not be the right direction, just my 2 cents.
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 825
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 8:44 am

For me, if Mikrotik implemented competitve DNS module to pihole/adguardhome/or any dns forwarders with DOH/DOT... support, I would not lay my hands on docker.
It may not be the right direction, just my 2 cents.
Mostly agree. This docker-toy may look fun, but this should be tightly controlled too. Yet another attack-vector if people start loading images coming from whatever sources.
You can turn your device into a huge security nightmare if you are not careful.
So an ecosystem of signed/audited/tested/reviewed images available for installation of some sort might be the correct approach if you are really serious about security.
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 9:20 am

Thanks. Still doesn't work. I guess I'll contact support.
same here ... totally numb ... like nothing
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 9:22 am

It works ...
.
may I ask on which hardware do you startet it ?!
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 865
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 9:26 am

Good question. It works on a hAP ac³. It also works on a RB4011 if it's the single container.

It doesn't work if you have multiple containers (start 1 actually runs iperf3)
/container> print 
 0 file=iperf.tar name="2df45158-b892-4e06-af32-9ed00c0a1b9a" tag="" os="linux" arch="arm" interface=veth1 mounts="" dns="" status=running 

 1 file=alpine.tar name="2df45158-b892-4e06-af32-9ed00c0a1b9a" tag="" os="linux" arch="arm" interface=veth2 cmd="/usr/bin/id" mounts="" dns="" 
   logging=yes status=stopped
Ah, I see I have a naming conflict.. solved by recreating container with different host name.
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 11:19 am

hAP ac³ is IPQ-4019 ... my test was on hAP ac² IPQ-4018 ??
... so when it's a hardware-limitation ... probably RAM ?!
could not find a document with min. requirements running docker ( ... are there min. requirements ??)
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
Quasar
newbie
Posts: 32
Joined: Sun Oct 05, 2014 1:11 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 11:38 am

same here ... totally numb ... like nothing
I've got a very helpful response from MikroTik support which made it work (and probably makes it work for you or anyone else struggling as well).

The root-dir= parameter is used to specify the location where the container root file system is extracted (that is my observation at least). Adding root-dir=disk1/container made it work in my case.

I suppose the tar you provide is extracted to some (invisible) place on flash by default. For devices with limited storage you'll need to provide external storage.
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 11:56 am

tried that too ...
next idea was to vandalize customer spare-parts and give it a try on RB1100Dx4
... but 7.1rc3 seems on hold in the moment ? ... maybe rc4 is in the oven ?
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 1:01 pm

rc3 still avail for download on the MT-website ...
and ... positive ... works on RB1100AHx4
.
[admin@MikroTik] /container> print
 0 file=alpid.tar name="2df45158-b892-4e06-af32-9ed00c0a1b9a" tag="alpid:latest" os="linux" arch="arm" interface=veth1 cmd="/usr/bin/id" mounts="" dns="" logging=yes status=stopped 
[admin@MikroTik] /container> 
[admin@MikroTik] /container> start 0
[admin@MikroTik] /container> 
11:52:51 echo: container,info,debug uid=0(root) gid=0(root)
[admin@MikroTik] /container> 
[admin@MikroTik] /container> .. system/resource/print
             uptime: 14m30s
            version: 7.1rc3 (testing)
         build-time: Sep/08/2021 10:29:39
   factory-software: 6.41.3
        free-memory: 935.7MiB
       total-memory: 1024.0MiB
                cpu: ARMv7
          cpu-count: 4
           cpu-load: 0%
     free-hdd-space: 84.0MiB
    total-hdd-space: 128.2MiB
  architecture-name: arm
         board-name: RB1100AHx4 Dude Edition
           platform: MikroTik
[admin@MikroTik] /container> 
.
so it seems hAPac² isn't part of the equation yet ... doesn't even look like a reliable container-fortress
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25275
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 2:58 pm

Yes, why wouldn't RC3 be available? It has been released publicly
No answer to your question? How to write posts
 
kivimart
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Thu Oct 10, 2013 3:06 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 3:45 pm

I get this message on a hapac2 and pihole container

Fri Sep 10 12:43:36 2021 (826): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

I have put the mount on disk1
anybody knows this mean
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 3:50 pm

I get this message on a hapac2 and pihole container

Fri Sep 10 12:43:36 2021 (826): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

I have put the mount on disk1
anybody knows this mean
Was this with "root-dir=disk1/containers/pihole"?
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 5:26 pm

Yes, why wouldn't RC3 be available? It has been released publicly
.
.
could'nt install via winbox ... it was possible to update from 6.45 to 6.49 in winbox ...
but developement-update was stuck while "computize download size" ... something like that
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
kivimart
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Thu Oct 10, 2013 3:06 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 5:32 pm

I get this message on a hapac2 and pihole container

Fri Sep 10 12:43:36 2021 (826): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

I have put the mount on disk1
anybody knows this mean
Was this with "root-dir=disk1/containers/pihole"?
root-dir=disk1/containers/pihole
Its the same

On a USB formated to ext3
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 5:44 pm

could'nt install via winbox ... it was possible to update from 6.45 to 6.49 in winbox ...
but developement-update was stuck while "computize download size" ... something like that
You cannot upgrade from v6 to v7 that way. You need to download the appropriate v7 package from the website, upload it to the router, and reboot.
Once you are on a v7 version you can (usually, unless something was broken) do those in-place upgrades via winbox again.
 
mhaluska
just joined
Posts: 22
Joined: Sat Jun 13, 2020 1:20 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 6:03 pm

This docker implementation looks nice, but I don't think it's good idea, plus I think Mikrotik should invest their development time on more important RouterOS things - like they did with ZeroTier. It makes no sense to use docker container on some boards (maybe most of them) due to low memory or no HDD/SSD/USB available. I can find use case on my CCR2004-12S+ for example for pihole, but with missing USB there is no place for data, even if there will be, I'll not want to wear internal NAND. Isn't better buy cheap RaspberryPi (or 2 for HA) for this purpose? I expect/hope Mikrotik will be releasing new HW capable to use this feature.
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 6:47 pm

This docker implementation looks nice, but I don't think it's good idea, plus I think Mikrotik should invest their development time on more important RouterOS things - like they did with ZeroTier.
To the contrary! When the docker implementation had been made earlier, MikroTik would have had zero development time to invest on things like ZeroTier, that could have been entirely made by the company behind it and released as a docker container.
I thin the docker container is the greatest addition to RouterOS made in a long time.
 
r00t
Long time Member
Long time Member
Posts: 574
Joined: Tue Nov 28, 2017 2:14 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 7:10 pm

Single purpose containers can be very small, easily fitting into devices even with just 16MB of flash. I'm trying to get UDPXY working and it's looking like it will be <100kB container. Same for things like MQTT. Tiny containers with just a single compiled program and minimum required chroot. Sure, you CAN run huge applications as containers, but you don't have to. There's a lot of tiny programs that will greatly improve ROS functionality and finally we can run them without ugly overhead of VM.
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 825
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 7:30 pm

Single purpose containers can be very small, easily fitting into devices even with just 16MB of flash. I'm trying to get UDPXY working and it's looking like it will be <100kB container. Same for things like MQTT. Tiny containers with just a single compiled program and minimum required chroot. Sure, you CAN run huge applications as containers, but you don't have to. There's a lot of tiny programs that will greatly improve ROS functionality and finally we can run them without ugly overhead of VM.
for example, getting a MQTT container "up" is 1 thing, but still Mikrotik will have to do RouterOS development for integration. You want your MQTT to be able to publish some events coming out of RouterOS or react to some events on its suscribed topics.
With something like a "Pihole" container its more easy because there is already some DNS "logic" in RouterOS where you can set DNS-servers and have the pihole-container handle it from there. The rest is routing etc.
A mDNS-proxy (eg. Avahi) would also be quite autonomous as long as you can give it 2 interfaces across 2 different networks to do its magic. No real "hooks" into RouterOS needed aparte from the networking side.

Agree the overhead is very very low.
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 7:43 pm

### snip ###
You cannot upgrade from v6 to v7 that way. You need to download the appropriate v7 package from the website, upload it to the router, and reboot.
Once you are on a v7 version you can (usually, unless something was broken) do those in-place upgrades via winbox again.
[/quote]
.
pretty shure I made exactly the same thing, with my hapac² yesterday ... but nobody knows ... it's the devil ... all the time
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 10, 2021 8:02 pm

### snip ###
To the contrary! When the docker implementation had been made earlier, MikroTik would have had zero development time to invest on things like ZeroTier, that could have been entirely made by the company behind it and released as a docker container.
I thin the docker container is the greatest addition to RouterOS made in a long time.
.
guess this is an evolutionary process ... MT had LUA support earlier (even netzilla had LUA support in their famous PIX/ASA'saurus-family)
... what happens, when the next-big-thing comes up ? ... and docker goes to the 'lebenshof' ?
'python' 'go' 'rust' ... 'ruby-on-rails*' (nobody knows anymore*)
.
there's always coffee in the cup ... principles ... (not like "real principles") never change
... and whats real ? ... (even this time ?) basically nothing ...
[guess this is ... already ... the weekend-chablis]
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
kayzersoze86
just joined
Posts: 4
Joined: Thu Aug 19, 2021 6:08 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 11, 2021 11:28 am

The usecase for pihole docker is not usable on rb4011. Since the device has only 512mb of usable space when extracting the image.tar, the device runs out of space. No usb or sdcard interface. Any way to mount a external file system only to host the tar files?
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 11, 2021 12:01 pm

The usecase for pihole docker is not usable on rb4011. Since the device has only 512mb of usable space when extracting the image.tar, the device runs out of space. No usb or sdcard interface. Any way to mount a external file system only to host the tar files?
The Pihole developers or some other contributor should develop a more lean version that is geared towards running in a container with minimal size.
 
zainarbani
newbie
Posts: 25
Joined: Thu Jul 22, 2021 9:42 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 11, 2021 3:10 pm

Awesome

Image
 
ntblade
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Mon Oct 01, 2012 2:47 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 11, 2021 3:45 pm

Hi all,
I've tried several times following the pihole example but my container doesn't start and there's no logging. I'm using a USB flash drive as the root:
/container mounts
add dst=/etc/pihole name=pihole src=disk1/containers/pihole
add dst=/etc/dnsmasq.d name=dnsmasq.d src=disk1/containers/dnsmasqd
/container
add envlist=pihole file=disk1/containers/pihole/pihole.tar hostname=PiHole interface=veth1 logging=yes mounts=pihole,dnsmasq.d root-dir=disk1/containers/pihole
/container envs
add list=pihole name=TZ value=Europe/London
add list=pihole name=ServerIP value=172.17.0.2
add list=pihole name=WEBPASSWORD value=********

/system logging
add topics=container
Running on RB3011, fresh install

Any ideas anyone?
Thanks,
N
 
kivimart
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Thu Oct 10, 2013 3:06 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 11, 2021 8:20 pm

Hi all,
I've tried several times following the pihole example but my container doesn't start and there's no logging. I'm using a USB flash drive as the root:
/container mounts
add dst=/etc/pihole name=pihole src=disk1/containers/pihole
add dst=/etc/dnsmasq.d name=dnsmasq.d src=disk1/containers/dnsmasqd
/container
add envlist=pihole file=disk1/containers/pihole/pihole.tar hostname=PiHole interface=veth1 logging=yes mounts=pihole,dnsmasq.d root-dir=disk1/containers/pihole
/container envs
add list=pihole name=TZ value=Europe/London
add list=pihole name=ServerIP value=172.17.0.2
add list=pihole name=WEBPASSWORD value=********

/system logging
add topics=container
Running on RB3011, fresh install

Any ideas anyone?
Thanks,
N
Create the folders on the usb that your config points to, and put the tar file in container root so it not will get deleted when you delete the container.
 
devin122
just joined
Posts: 8
Joined: Sat Sep 11, 2021 8:36 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 11, 2021 8:40 pm

Anybody have any luck with mips? I created a container from the openwrt mips imagebut after running `/container start 0` but the container still says its stopped, and nothing is showing up in the logs
 
User avatar
jr0dd
just joined
Posts: 14
Joined: Fri Feb 10, 2017 4:46 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 11, 2021 8:43 pm

Time to get CoreDNS loaded with k8s_gateway. 🚀
Although I would have rather seen podman instead of docker with the direction docker is going with subscriptions.
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Sep 12, 2021 1:18 am

hAP ac³ is IPQ-4019 ... my test was on hAP ac² IPQ-4018 ??
... so when it's a hardware-limitation ... probably RAM ?!
could not find a document with min. requirements running docker ( ... are there min. requirements ??)
.
case closed ... filesystem related !!? ... reformated the usb-flash drive: problem solved ... ffin' simple
.
[admin@hapac2] /container> add file=zdisk2/alpine-pex.tar interface=veth1 cmd="/bin/ping 192.168.222.254" root-dir=zdisk2/container/alpine logging=yes hostname=alp
[admin@hapac2] /container> start 0
[admin@hapac2] /container> 
00:05:34 echo: container,info,debug PING 192.168.222.254 (192.168.222.254): 56 data bytes
00:05:34 echo: container,info,debug 64 bytes from 192.168.222.254: seq=0 ttl=255 time=0.827 ms
[admin@hapac2] /container> 
00:05:35 echo: container,info,debug 64 bytes from 192.168.222.254: seq=1 ttl=255 time=0.448 ms
[admin@hapac2] /container> 
00:05:41 echo: container,info,debug 64 bytes from 192.168.222.254: seq=7 ttl=255 time=0.405 ms
[admin@hapac2] /container> 
00:05:42 echo: container,info,debug 64 bytes from 192.168.222.254: seq=8 ttl=255 time=0.417 ms
[admin@hapac2] /container> stop 0

00:05:44 echo: container,info,debug 64 bytes from 192.168.222.254: seq=10 ttl=255 time=0.430 ms
[admin@hapac2] /container> 
00:05:47 echo: container,info,debug 64 bytes from 192.168.222.254: seq=13 ttl=255 time=0.423 ms
[admin@hapac2] /container>
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Sep 12, 2021 1:37 am

Huh I've been trying to run a container in my RB750Gr3 but seems like docker images like hello or busybox etc.. only have mips64le. Seems like I have to create images from scratch.
 
devin122
just joined
Posts: 8
Joined: Sat Sep 11, 2021 8:36 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Sep 12, 2021 1:49 am

Huh I've been trying to run a container in my RB750Gr3 but seems like docker images like hello or busybox etc.. only have mips64le. Seems like I have to create images from scratch.
openwrt has rootfs images, however it looks like docker only supports mips64[le] https://github.com/docker/cli/blob/a32c ... til.go#L22 If you try anything else you get "unsupported os/arch combination: ..."
 
ntblade
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Mon Oct 01, 2012 2:47 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Sep 12, 2021 1:34 pm

@kivimart, thanks for the reply

Started again from scratch and after wait extraction seems complete one of my CPUs is constantly utilising a lot of "management"
console         0  0%   
ssh             0  0%   
networking      0  0%   
winbox          0  0%   
management      0  8%   
profiling       0  0%   
unclassified    0  2%   
cpu0               10%  
lcd             1  0%   
console         1  0%   
ssh             1  0%   
networking      1  0.5% 
logging         1  0%   
management      1  73%  
unclassified    1  17.5%
cpu1               91%  
And I get an error when starting.
[admin@RouterOS] > container/start number=0 ;log/print follow-only 

11:24:16 container,info,debug exec: Exec format error 
11:24:16 container,info,debug close: Bad file descriptor 
Thanks
N
 
SSadistic
just joined
Posts: 21
Joined: Mon Jun 17, 2019 1:28 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Sep 12, 2021 5:01 pm

Anyone tried running adguard?
https://hub.docker.com/r/adguard/adguardhome
Working just fune


Image
Can you give a quickl tutorial, please
 
shom
just joined
Posts: 1
Joined: Sun Sep 12, 2021 6:13 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Sep 12, 2021 6:21 pm

How to mount a file instead of a folder ?
I want mount config.json
[admin@MikroTik] > container/mounts/print 
 0 name="godns" src="/config.json" dst="/etc/config.json" 
log
Error occurs while reading config file, please make sure config file exists!
time="2021-09-12T15:10:41Z" level=fatal msg="open ./config.json: no such file or directory"
 
mkx
Forum Guru
Forum Guru
Posts: 8501
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Sep 12, 2021 9:05 pm

How to mount a file instead of a folder ?

You can't. The way linux works is that you can only mount a folder. Because mount point is always a folder. Usually application, run inside container, wants to open configuration file.

So you'll have to prepare a folder containing configuration file and mount that folder.
BR,
Metod
 
wtraylor
just joined
Posts: 2
Joined: Mon Oct 08, 2018 2:47 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 13, 2021 12:39 am

Has anyone managed to build your own container for mips architecture?
Last edited by wtraylor on Mon Sep 13, 2021 9:18 pm, edited 1 time in total.
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 13, 2021 9:39 am

@kivimart, thanks for the reply

Started again from scratch and after wait extraction seems complete one of my CPUs is constantly utilising a lot of "management"
console         0  0%   
ssh             0  0%   
networking      0  0%   
winbox          0  0%   
management      0  8%   
profiling       0  0%   
unclassified    0  2%   
cpu0               10%  
lcd             1  0%   
console         1  0%   
ssh             1  0%   
networking      1  0.5% 
logging         1  0%   
management      1  73%  
unclassified    1  17.5%
cpu1               91%  
And I get an error when starting.
[admin@RouterOS] > container/start number=0 ;log/print follow-only 

11:24:16 container,info,debug exec: Exec format error 
11:24:16 container,info,debug close: Bad file descriptor 
Thanks
N
The error means that either .tar file is corrupted/incomplete or build for the wrong arch
 
schadom
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 13, 2021 2:25 pm

 
brotherdust
Member Candidate
Member Candidate
Posts: 121
Joined: Tue Jun 05, 2007 1:31 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 13, 2021 10:09 pm

I was going to ask the same thing. My guess is that containers aren’t allowed to make changes to the RouterOS routing table. This is based on the fact that one has to manually create interfaces for the containers. A workaround to this is to simply bridge physical interfaces with container interfaces. Not optimal as it’s going to have to copy each and every packet from one interface to the other.

Anyone else try this? If not, I might give it a go this week.
 
biomesh
Member
Member
Posts: 486
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 13, 2021 11:15 pm

Here is my config for the nextdns client for use on CHR. The nextdns client does have builds for ARM, so for those interested it would probably work there as well.

Dockerfile:
FROM debian:bullseye-slim
RUN apt-get update && apt-get install -y apt-transport-https curl && \ 
        curl -o /usr/share/keyrings/nextdns.gpg https://repo.nextdns.io/nextdns.gpg && \
        echo "deb [signed-by=/usr/share/keyrings/nextdns.gpg] https://repo.nextdns.io/deb stable main" | tee /etc/apt/sources.list.d/nextdns.list && \
        apt-get update && apt-get install -y nextdns    
EXPOSE 53/tcp 53/udp
CMD /usr/bin/nextdns run ${NEXTDNS_ARGUMENTS} -config ${NEXTDNS_ID}
Commands on CHR:
/interface bridge
add name=docker
/ip address
add address=172.17.0.1/16 interface=docker network=172.17.0.0
/interface veth
add address=172.17.0.2/16 gateway=172.17.0.1 name=veth1
/interface bridge port
add bridge=docker interface=veth1

/container envs
add list=nextdns name=NEXTDNS_ARGUMENTS value="-listen :53 -cache-max-age 0s -\
    report-client-info=true -detect-captive-portals=false -control /var/run/ne\
    xtdns.sock -timeout 5s -max-inflight-requests 256 -auto-activate=false -lo\
    g-queries=false -cache-size 10MB -max-ttl 0s -discovery-dns -use-hosts=false"
add list=nextdns name=NEXTDNS_ID value=abc123

/container
add dns=192.168.20.5,192.168.20.10 envlist=nextdns file=nextdns-09132021v1.tar \
    interface=veth1 logging=yes

/ip firewall nat
add action=masquerade chain=srcnat src-address=172.17.0.0/16
add action=dst-nat chain=dstnat dst-address=192.168.30.20 dst-port=53 \
    protocol=tcp to-addresses=172.17.0.2 to-ports=53
add action=dst-nat chain=dstnat dst-address=192.168.30.20 dst-port=53 \
    protocol=udp to-addresses=172.17.0.2 to-ports=53

/container start 0
 
almeiras
newbie
Posts: 39
Joined: Fri Nov 15, 2019 9:16 pm
Location: Spain

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 13, 2021 11:51 pm

NO, PLEASE NO!

dumb user still exist...
Device "bricked" because the space is depleted (hAP ac)...
Image
viewtopic.php?f=2&t=178319
DAMN IT! Me too... I just bricked my RB4011. I uploaded a .tar image too big. Container status never changed to "stopped" so I continued doing other things. When I restarted the router... silence. I'll try to unbrick.
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 13, 2021 11:52 pm

Has anyone managed to build your own container for mips architecture?
.
... guess the most un-thorny way would be installing qemu ...
running an open-wrt mips guest
installing docker-support
building a container
and copy it over to your target system
.
... if you're done ... copy it to a cloud-drive ...
... and I give it a check
.
(please:
- rancid-with-git;
- freeradius 802.1x-proxy
... and a
- full-featured frad-ldap-kerberos-AD-policy-daemon : )
.
docker-maybe.jpg
You do not have the required permissions to view the files attached to this post.
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 752
Joined: Mon May 27, 2013 2:05 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 14, 2021 1:49 am

Because it supports protocols that RouterOS doesn't?

As someone else alluded to - it runs contained so it won't affect the RouterOS routing table directly, but you could use a diff protocol to talk between your router and container, then the container use its different route protocols to build up its own route table and share those routes to RouterOS. Very hacky though.
 
rplant
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Fri Sep 29, 2017 11:42 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 14, 2021 3:49 am

Some issues:
Hap AC^2

Installed iperf3 docker container per
viewtopic.php?f=1&t=178383&sid=e0768ea7 ... 4460fe602c

Good when its working.

Doesn't remember the container setup properly on /system/ reboot.

Before Reboot

/container
add envlist=iperf file=disk1/docker/iperf.tar hostname=iperf interface=veth1 logging=yes \
root-dir=disk1/docker/iperf-r

After Reboot

/container
add envlist=iperf file=disk1/docker/iperf.tar root-dir=disk1/docker/iperf-r

Often gets into a mode (after running an iperf3 test) where looks to be using 1 core fully, and then router reboots.
and usually (eventually) deletes the root-dir folder.

** Also needs a disabled=yes option **
so on reboot it only attempts to start not disabled containers

** Actually perhaps a start mode setting like a windows service might be good.
automatic, delayed, manual, disabled
**
Last edited by rplant on Thu Sep 16, 2021 6:15 am, edited 2 times in total.
 
mkx
Forum Guru
Forum Guru
Posts: 8501
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 14, 2021 8:13 am

Because it supports protocols that RouterOS doesn't?

I wonder what's the point? Running container with routing engine ... on a router?

Why not take a decent RPI (more RAM, user can choose decently sized storage) and run FRR there? Pair RPI with a decent managed switch and you have a winning combination if you really need all those routing gems not available in ROS.
BR,
Metod
 
schadom
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 14, 2021 9:24 pm



Because it supports protocols that RouterOS doesn't?

I wonder what's the point? Running container with routing engine ... on a router?

Why not take a decent RPI (more RAM, user can choose decently sized storage) and run FRR there? Pair RPI with a decent managed switch and you have a winning combination if you really need all those routing gems not available in ROS.

Because I really love the Mikrotik hardware, but profoundly hate RouterOS.
If one could easily run Debian and frr on Mikrotik hardware, this would be insane!

Unfortunately I don't think that will ever happen...
 
wtraylor
just joined
Posts: 2
Joined: Mon Oct 08, 2018 2:47 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 14, 2021 9:48 pm

The idea to use openwrt the container build process is interesting! I looked into it and unfortunately it's going to be more complicated than that because it seems it relies on upstream base images, and there are no prebuild base images for mips big endian. All seem to be mipsle, and outdated (though that's not necessarily a problem.) For example Debian mips was last available for Buster (Debian 10.) I can probably use the Debian distro build scripts with some modifications to create a mipsbe image to be used as a base container for the Mikrotik. I looked into many distributions (Debian, Ubuntu, Gentoo, Fedora) and haven't found anything ready in mipsbe and Debian seems the most ready to work with. If anyone knows of a base image built for mips be, or a build process ready to go to build one from another distro that could be adapted, please let me know. Otherwise I'll probably do what I just described to try to make a mipsbe base image build from Debian Buster.

Has anyone managed to build your own container for mips architecture?
.
... guess the most un-thorny way would be installing qemu ...
running an open-wrt mips guest
installing docker-support
building a container
and copy it over to your target system
.
... if you're done ... copy it to a cloud-drive ...
... and I give it a check
.
(please:
- rancid-with-git;
- freeradius 802.1x-proxy
... and a
- full-featured frad-ldap-kerberos-AD-policy-daemon : )
.
docker-maybe.jpg
 
Z0ltan
just joined
Posts: 24
Joined: Sat Dec 15, 2018 3:07 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 14, 2021 10:56 pm



Because I really love the Mikrotik hardware, but profoundly hate RouterOS.
If one could easily run Debian and frr on Mikrotik hardware, this would be insane!

Unfortunately I don't think that will ever happen...
It already happened: https://www.earth.li/~noodles/blog/2020 ... nline.html
 
planetcoop
Member Candidate
Member Candidate
Posts: 140
Joined: Thu May 15, 2014 2:32 pm
Location: Sacramento, CA

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 14, 2021 11:06 pm

Discussion topic about release from here:
viewtopic.php?f=1&t=178341

Manual (being updated): https://help.mikrotik.com/docs/x/KYAPBQ

1. you need a container tar archive
2. relevant menus:
 
  interface/veth
  container
3. super basic example:
1. Get Docker image as tar archive and copy to router (currently there is no 'pull' command in RouterOS, so containers should be exported from a working Docker environment). Also note that container's architecture should match with the router's.
-----------------------------------------------------

  $ docker pull docker/example-container
  $ docker save docker/example-container > my-container.tar

2. Add veth interface for the container
---------------------------------------

  [admin@MikroTik] > /interface/veth/add name=veth1 address=172.17.0.2/16 gateway=172.17.0.1


3. Create bridge for containers and add veth to it
--------------------------------------------------

  [admin@MikroTik] > /interface/bridge/add name=docker
  [admin@MikroTik] > /ip/address/add address=172.17.0.1/16 interface=docker
  [admin@MikroTik] > /interface/bridge/port add bridge=docker interface=veth1


4. Setup NAT for outgoing traffic
---------------------------------

  [admin@MikroTik] > /ip/firewall/nat/add chain=srcnat action=masquerade src-address=172.17.0.0/16


5. Create environment variables for container if needed
-------------------------------------------------------

  [admin@MikroTik] > /container/envs/add list=foo name=SECRET value=12345678
  [admin@MikroTik] > /container/envs/add list=foo name=FOO value=bar


6. Define mounts if needed
--------------------------

  [admin@MikroTik] > /container/mounts/add name=etc src=disk1/etc dst=/etc
  [admin@MikroTik] > /container/mounts/add name=opt src=disk1/opt dst=/opt

If ``src`` directory does not exist on first time use then it will be populated
with whatever container have in ``dst`` location.


7. Create container from image tar
----------------------------------

  [admin@MikroTik] > /container/add file=my-container.tar interface=veth1 envlist=foo root-dir=disk1/foo mounts=etc,opt

Use ``logging=yes`` to see container output in log with tags
``container,debug,info``.


8. Make sure container has been added and status is stopped
-----------------------------------------------------------

  [admin@MikroTik] > container/print

9. Redirect port 8080 traffic to container
------------------------------------------

  [admin@MikroTik] > /ip/firewall/nat/add chain=dstnat action=dst-nat to-addresses=172.17.0.2 to-ports=80 protocol=tcp dst-port=8080


10. Start container
-------------------

  [admin@MikroTik] > /container/start 0
normis - will there be pull support in the future? Im have tested a number of containers since the 7.1rc3 release and really look forward to the feature, just wish it had pull support. :)
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 14, 2021 11:45 pm

Here is my config for the nextdns client for use on CHR. The nextdns client does have builds for ARM, so for those interested it would probably work there as well.

Dockerfile:
FROM debian:bullseye-slim
RUN apt-get update && apt-get install -y apt-transport-https curl && \ 
        curl -o /usr/share/keyrings/nextdns.gpg https://repo.nextdns.io/nextdns.gpg && \
        echo "deb [signed-by=/usr/share/keyrings/nextdns.gpg] https://repo.nextdns.io/deb stable main" | tee /etc/apt/sources.list.d/nextdns.list && \
        apt-get update && apt-get install -y nextdns    
EXPOSE 53/tcp 53/udp
CMD /usr/bin/nextdns run ${NEXTDNS_ARGUMENTS} -config ${NEXTDNS_ID}
Commands on CHR:
/interface bridge
add name=docker
/ip address
add address=172.17.0.1/16 interface=docker network=172.17.0.0
/interface veth
add address=172.17.0.2/16 gateway=172.17.0.1 name=veth1
/interface bridge port
add bridge=docker interface=veth1

/container envs
add list=nextdns name=NEXTDNS_ARGUMENTS value="-listen :53 -cache-max-age 0s -\
    report-client-info=true -detect-captive-portals=false -control /var/run/ne\
    xtdns.sock -timeout 5s -max-inflight-requests 256 -auto-activate=false -lo\
    g-queries=false -cache-size 10MB -max-ttl 0s -discovery-dns -use-hosts=false"
add list=nextdns name=NEXTDNS_ID value=abc123

/container
add dns=192.168.20.5,192.168.20.10 envlist=nextdns file=nextdns-09132021v1.tar \
    interface=veth1 logging=yes

/ip firewall nat
add action=masquerade chain=srcnat src-address=172.17.0.0/16
add action=dst-nat chain=dstnat dst-address=192.168.30.20 dst-port=53 \
    protocol=tcp to-addresses=172.17.0.2 to-ports=53
add action=dst-nat chain=dstnat dst-address=192.168.30.20 dst-port=53 \
    protocol=udp to-addresses=172.17.0.2 to-ports=53

/container start 0
about time someone tried to use nextdns. is it working well? sending client device names etc?
I Walk Alone
 
biomesh
Member
Member
Posts: 486
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 15, 2021 1:21 am

about time someone tried to use nextdns. is it working well? sending client device names etc?
It works just like the nextdns client that I run on some raspberrypis - no problems at all.
 
damianivereigh
just joined
Posts: 15
Joined: Sun May 22, 2016 1:06 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 15, 2021 2:48 am

Adding docker to RouterOS opens up some interesting possibilities that I am wondering if Mikrotik are going to explore. Namely allowing a docker to get deeper into the workings of the RouterOS configuration (with appropriate permission of course). The low level packet manipulation of RouterOS is great but some of it's higher level features, like DHCP (e.g. adding traffic queues via radius) are missing features and if nothing else are complex to setup.

It would be awesome to optionally be able to offload these higher level features to docker where it would for example handle the DHCP requests and make the appropriate RouterOS config changes to suit. Others have mentioned running FRR, which essentially is also a high level application - having the ability of a docker container to add and remove dynamic routes from the routing table.

Because docker could run people's own software (or there may even be a place for a commercial market), much more complex and sophisticated things could done on the Mikrotik's without them having to decide if a feature is worth implementing and supporting.

On further thinking this could be mostly done with the docker talking through the API. However there would be a problem with figuring out the current state. Dynamic config entries are automatically wiped when ROS restarts whereas config entries created via the API would not. It would be hard for a docker to figure out it's state given there is no search pattern match functionality in the API (so you couldn't match on say a comment hashtag). It would be great if you could create dynamic entries through the API (or ones that could be tagged in a way that the docker could start by saying "give me a list of all the configs I created before").
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 15, 2021 11:33 am

While the matching capabilities of the API are quite limited, in many cases you can match what is possible in the query, then retrieve the entire matched list and do the remainder of the matching in the client.
I have made several API programs (on external systems so far) that work this way, and it should work fine unless you are manipulating very long lists and want to see only a very small part of it.
For example, for some purpose I want to list open IPsec connections through a NAT router. In the API I query I query /ip/firewall/connection/print and there I match on protocol=udp and seen-reply=true, retrieve that entire list and in the client I match dst-address~":4500$".
Of course this means I am potentially retrieving a long list, but at least I cut out the tcp connections before transferring it (about 3/4 in our router). It handles lists of thousands of items just fine, but of course with hundreds of thousands of items that could be different.
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 267
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 15, 2021 4:21 pm

... no prebuild base images for mips big endian. All seem to be mipsle, and outdated (though that's not necessarily a problem.) For example Debian mips was last available for Buster (Debian 10.)
.
indeed ... seems a mips-device isn't the golden choice to start a "mikrotik-docker-career",
since I'm a bloody docker-newbie I've build my first test-containers for my armv7-devices on a QNAP, which has pull-feature and the ability to export self-cooked docker-images
... not shure if there is similiar 'pre-supported' hardware out there for MIPS



.
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
devin122
just joined
Posts: 8
Joined: Sat Sep 11, 2021 8:36 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 15, 2021 6:00 pm

The idea to use openwrt the container build process is interesting! I looked into it and unfortunately it's going to be more complicated than that because it seems it relies on upstream base images, and there are no prebuild base images for mips big endian.
I've been using the mips_24kc-21.02.0 tag on https://hub.docker.com/r/openwrtorg/rootfs . However it appears to be a dead end at the moment as it looks like the mips kernel on the current release is not built with proper support for containers (viewtopic.php?f=1&t=178516)
 
rjow2021
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Nov 19, 2020 6:26 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 15, 2021 6:16 pm

I run AdGuard Home on a Windows 10 box, but there is a docker image available.

How would an RB4011 fair with AdGuard Home docker installed, in docker, with OISD (8.7MB) block list?

Would this be possible?
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 825
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 15, 2021 6:26 pm

How it resource-management done on the way the docker/containerisation is implemented ?
What amount of resources (% cpu, i/o , mem) are maximum allowed to be consumed or is there no protection again resource-hoggers?
Because in principle, the routerOS core tasks must not be impacted if some container runs into issues, starts looping forever etc,etc.
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 16, 2021 10:24 am

Linux is a multitasking operating system and has scheduling algorithms that make sure that all tasks get some CPU time, unless major foul-ups have been made setting realtime priority.
Even when one "regular" process (which I assume the containers are) is using 100% CPU, other similar processes still get CPU time.
It is like a process asking 100% CPU automatically gets a slightly lower priority than all others, so that it does not get 100% but rather "all remaining time".
That has always been the case in Linux (and Unix). On a typical Linux system there is more to fear from programs that use 100% of the disk bandwidth (either through file I/O or through swapping) than from programs using 100% CPU.
 
ParSor2
just joined
Posts: 2
Joined: Thu Sep 16, 2021 10:32 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 16, 2021 11:11 am

@kivimart, thanks for the reply
[admin@RouterOS] > container/start number=0 ;log/print follow-only 

11:24:16 container,info,debug exec: Exec format error 
11:24:16 container,info,debug close: Bad file descriptor 
Thanks
N
The error means that either .tar file is corrupted/incomplete or build for the wrong arch
The reason is not in a broken .tar file, but in free space on the main disk. I have CHR, I install containers on an additional disk, but they deploy something on the main one. I saw that there was 0% free space on it. Removing all containers did not help, /files/print is empty, but there is no free space, reboot does not help, after installation and reboot, the containers have status = extracting.
Solution: I took the x86 .iso file, installed it on the 1Gb disk and all containers started working.

Another bug:
Using "root-dir" expands a huge number of files. When "/files" starts, the CPU load becomes 100% and either WinBox crashes or the VM is completely overloaded.
 
kowal
just joined
Posts: 23
Joined: Sun Jul 06, 2014 2:23 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 16, 2021 5:12 pm

Maybe I'm doing something wrong.
After creating package with docker on windows, using links from wiki (not current) for arm architecture and putting it on hAP ac3 it always tells that it's build for amd64 not arm.
But unpacking pihole.tar and revieving files reveals that is buld for arm, amd64 is mentioned only in one *json file.
So if it's built for arm, i've changed that line in *json file and tried starting container. It creates some files and stops without any error.
Previously with first-build arm (in RoS it shows still amd64) when I tried to start container it showed eroor "bad file descriptor" but only once - removing, recreating containers using same file do not give any errors.

It's even possible that running:
arm
    docker pull pihole/pihole:latest@sha256:381a39fc1a131e5fa1bb7e1ea6241147758c61206ffa851446a3737c61cf4162
    docker save pihole/pihole:latest > pihole.tar
can build image for amd64 instead of arm? Size of package in my example is 340MB.

Maybe somebody who tried using docker will provide built image? I'm running out of ideas what's wrong...
You do not have the required permissions to view the files attached to this post.
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 16, 2021 5:42 pm

Try using docker pull --platform arm pihole/pihole instead of hash code.
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 16, 2021 5:46 pm

Another bug:
Using "root-dir" expands a huge number of files. When "/files" starts, the CPU load becomes 100% and either WinBox crashes or the VM is completely overloaded.
Spoiler: Fixed in rc4
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
kowal
just joined
Posts: 23
Joined: Sun Jul 06, 2014 2:23 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 16, 2021 6:23 pm

Try using docker pull --platform arm pihole/pihole instead of hash code.
It doesn't help, it still shows amd64, I will try on another PC with fresh docker install
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 16, 2021 6:37 pm

Try using docker pull --platform arm pihole/pihole instead of hash code.
It doesn't help, it still shows amd64, I will try on another PC with fresh docker install
Check with docker images and remove all before pulling a cross platform one. That helped me getting it the other way, e.g. from arm to arm64.
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
kowal
just joined
Posts: 23
Joined: Sun Jul 06, 2014 2:23 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 16, 2021 8:36 pm

I'm getting out of ideas - it still builds version for amd64, even on PC with fresh docker installed.
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 17, 2021 9:49 am

The `type=amd64` for PiHole containers is gonna be for every package they publish on every arch and can be ignored. Unfortunately that is a quirk and/or a bug on their end.
As for why pihole container would not run - please create a supout.rif file and send it to support@mikrotik.com (mentioning this forum discussion) so we can look into it.
 
zainarbani
newbie
Posts: 25
Joined: Thu Jul 22, 2021 9:42 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 17, 2021 10:45 am

I'm getting out of ideas - it still builds version for amd64, even on PC with fresh docker installed.
its arm or arm64 board btw?

try pull 2021.09-armhf-buster tag,
or just this, https://dockerimagesave.akiel.dev/downl ... er.tar.zip (extract from .zip).
 
kowal
just joined
Posts: 23
Joined: Sun Jul 06, 2014 2:23 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 17, 2021 4:37 pm

Thanks for that build.

After contacting Mikrotik Support, we have tracked the isssue( thanks Krisjanis!)
The issue was filesystem on external USB storage - it was FAT32, I've missed that when formatting disk to use as container storage.
After change of filesystem to ext3 container files have been unpacked properly and container finally works.
So always check filesystem on external storages :)
 
ParSor2
just joined
Posts: 2
Joined: Thu Sep 16, 2021 10:32 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 18, 2021 10:41 am

Bug:
the command "/interface/veth/set address =" does not actually change the address
[admin@RouterOS] > /interface/veth/add name=veth1 address=10.10.0.2/16 gateway=10.10.0.1
[admin@RouterOS] > /interface/bridge/add name=docker
[admin@RouterOS] > /ip/address/add address=10.10.0.1/16 interface=docker
[admin@RouterOS] > /interface/bridge/port add bridge=docker interface=veth1
[admin@RouterOS] > /interface/veth/print 
Flags: X - disabled; R - running 
 0  R name="veth1" address=10.10.0.2/16 gateway=10.10.0.1 

[admin@RouterOS] > ping 10.10.0.2
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                              
    0 10.10.0.2                                  56  64 93us      
    1 10.10.0.2                                  56  64 43us      
    2 10.10.0.2                                  56  64 44us      
    sent=3 received=3 packet-loss=0% min-rtt=43us avg-rtt=60us max-rtt=93us 

[admin@RouterOS] > /interface/veth/set numbers=0 address=10.10.0.3
[admin@RouterOS] > /interface/veth/print 
Flags: X - disabled; R - running 
 0  R name="veth1" address=10.10.0.3 gateway=10.10.0.1 

[admin@RouterOS] > ping 10.10.0.3
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                              
    0 10.10.0.3                                                    timeout                                                             
    1 10.10.0.3                                                    timeout                                                             
    2 10.10.0.3                                                    timeout                                                             
    sent=3 received=0 packet-loss=100% 

[admin@RouterOS] > ping 10.10.0.2
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                              
    0 10.10.0.2                                  56  64 33us      
    1 10.10.0.2                                  56  64 44us      
    2 10.10.0.2                                  56  64 45us      
    sent=3 received=3 packet-loss=0% min-rtt=33us avg-rtt=40us max-rtt=45us 
after reboot
[admin@RouterOS] > /interface/veth/print 
Flags: X - disabled; R - running 
 0    name="veth1" address=10.10.0.3 gateway=10.10.0.1 
[admin@RouterOS] > ping 10.10.0.2
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                             
    0 10.10.0.2                                                    timeout                                                            
    1 10.10.0.2                                                    timeout                                                            
    sent=2 received=0 packet-loss=100% 

[admin@RouterOS] > ping 10.10.0.3
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                             
    0 10.10.0.3                                                    timeout                                                            
    1 10.10.0.3                                                    timeout                                                            
    sent=2 received=0 packet-loss=100% 
it is possible to change the address only by deleting and adding an interface
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 18, 2021 9:03 pm

Huh I've been trying to run a container in my RB750Gr3 but seems like docker images like hello or busybox etc.. only have mips64le. Seems like I have to create images from scratch.
openwrt has rootfs images, however it looks like docker only supports mips64[le] https://github.com/docker/cli/blob/a32c ... til.go#L22 If you try anything else you get "unsupported os/arch combination: ..."
huh, maybe we need to use a docker alternative that uses the same container protocols/ generates images in same format. I'm not a docker expert so don't know much about how to proceed. On that note, how did routeros dev team tested container functionality on mips? Maybe they can provide some test images....
 
User avatar
IGHOR
just joined
Posts: 7
Joined: Tue Oct 21, 2014 12:36 am
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 20, 2021 3:44 pm

huh, maybe we need to use a docker alternative that uses the same container protocols/ generates images in same format. I'm not a docker expert so don't know much about how to proceed. On that note, how did routeros dev team tested container functionality on mips? Maybe they can provide some test images....
It is not about MikroTik itself, but about mipsbe support by a linux distros, if you find one that supports mipsbe, you can use it with no problems.
Looks like there is only 20 mips supported images in the Docker hub https://hub.docker.com/search?type=imag ... cture=mips
Also you can compile mipsbe rootfs by yourself.
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 20, 2021 4:17 pm

I have not yet studied what special requirements there are for making a docker image, but in the past I have compiled programs for MIPS without problem by installing a cross-development environment on my PC. It consists of a cross-compiling gcc, linker, libraries etc. all in a user directory I created for that.
Would that not work in this case?
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 20, 2021 7:30 pm

huh, maybe we need to use a docker alternative that uses the same container protocols/ generates images in same format. I'm not a docker expert so don't know much about how to proceed. On that note, how did routeros dev team tested container functionality on mips? Maybe they can provide some test images....
It is not about MikroTik itself, but about mipsbe support by a linux distros, if you find one that supports mipsbe, you can use it with no problems.
Looks like there is only 20 mips supported images in the Docker hub https://hub.docker.com/search?type=imag ... cture=mips
Also you can compile mipsbe rootfs by yourself.
docker only supports mips64. So what I understood so far, even if you made a mips rootfs, you can't make a docker image/container with it, as the architecture is unsupported. From debian wiki
Through the Debian 10 ("buster") release, Debian currently provides 3 ports, 'mips', 'mipsel', and 'mips64el'
Also openwrt seems to support mips too. So linux is certainly available for mips, but the problem is to make a docker container out of it.
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 20, 2021 10:59 pm

So I tried to run docker hello world example in RB750Gr3. After some research and looking at openwrt wiki and inspecting the binaries of routeros package, It concluded that its using mips little endian.

In ubuntu I compiled it using
mipsel-linux-gnu-gcc -mtune=24kc -static ../../hello.c -o hello
I tried with and without -mtune=24kc. I also tried mips-linux-gnu-gcc which is big endian.

My Dockerfile is just
FROM scratch
COPY hello /
CMD ["/hello"]
Then I build it using,
docker build --platform linux/mipsel -t sarim/hello-mips:0.6 .
I also tried linux/mips when using mips-linux-gnu-gcc.

Then
docker save sarim/hello-mips:0.6 -o hello-mips.tar
In routeros I added "container" to system/logging.
[admin@GittuTik] /container> add file=hello-mips.tar interface=veth1 logging=yes root-dir=disk4  
[admin@GittuTik] /container> print 
 0 file=hello-mips.tar name="98f82a3b-c4b6-49d0-b17d-bbd1aa409f27" tag="sarim/hello-mips:0.6" os="linux" arch="mipsel" 
   interface=veth1 root-dir=disk4 mounts="" dns="" workdir="/" logging=yes status=stopped
[admin@GittuTik] /container> start 0

[admin@GittuTik] /container> print 
 0 file=hello-mips.tar name="98f82a3b-c4b6-49d0-b17d-bbd1aa409f27" tag="sarim/hello-mips:0.6" os="linux" arch="mipsel" 
   interface=veth1 root-dir=disk4 mounts="" dns="" workdir="/" logging=yes status=stopped
[admin@GittuTik] /container> 
I tried with and without root-dir=disk4 .With many variations the result is the same. after start 0 nothing happens. Nothing shows up in log. No error.

After several hours of digging I think its an bug with RB750Gr3 and routeros. I mean no matter what I do no error message shows up in log. Anyone got any idea what is going on? Should I contact support?
 
dhoulbrooke
Frequent Visitor
Frequent Visitor
Posts: 64
Joined: Sun Apr 19, 2015 7:24 am
Location: Whakatāne, New Zealand

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 20, 2021 11:56 pm

docker only supports mips64. So what I understood so far, even if you made a mips rootfs, you can't make a docker image/container with it, as the architecture is unsupported. From debian wiki

mipsbe is supported in docker. Try the multiarch containers https://hub.docker.com/r/multiarch/debi ... ips-buster

There were some fixes in rc4 for mips arch containers. Previously they were not working.

docker pull multiarch/debian-debootstrap:mips-buster
docker save multiarch/debian-debootstrap > mips-buster.tar

RouterOS config:

/interface bridge
add name=docker
/interface veth
add address=172.17.0.2/16 gateway=172.17.0.1 name=veth1
/container
add cmd="uname -ar" file=mips-buster.tar hostname=debian interface=veth1 logging=yes
/interface bridge port
add bridge=docker interface=veth1
/ip address
add address=172.17.0.1/16 interface=docker network=172.17.0.0

Run the container and see the below in the logs:
Screenshot_20210921_084428.png
You do not have the required permissions to view the files attached to this post.
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 21, 2021 12:46 am

docker only supports mips64. So what I understood so far, even if you made a mips rootfs, you can't make a docker image/container with it, as the architecture is unsupported. From debian wiki

mipsbe is supported in docker. Try the multiarch containers https://hub.docker.com/r/multiarch/debi ... ips-buster

There were some fixes in rc4 for mips arch containers. Previously they were not working.
What is your hardware? My router, RB750Gr3 is not mipsBE. In Routeros page its listed as Mmips. Nevertheless I tried the image you references, nothing happens. It extracts but then start does nothing. No log no error nothing.
 
dhoulbrooke
Frequent Visitor
Frequent Visitor
Posts: 64
Joined: Sun Apr 19, 2015 7:24 am
Location: Whakatāne, New Zealand

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 21, 2021 1:50 am

What is your hardware?

mipsbe / RB450G


For a RB750Gr3 you could try the little endian containers and see if they work: https://hub.docker.com/r/multiarch/debi ... sel-buster
 
chrisfr
just joined
Posts: 5
Joined: Thu Sep 02, 2021 3:35 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 21, 2021 10:37 am

I tried with very small container (arm32v7/busybox:stable-musl , tar size is about 1,4MB) on CRS305 and CRS309, but container never start (and nothing is write in logs despite logging=yes) :
[admin@CRS309-BU] /container> /container/print 
 0 file=arm32v7_busybox.tar name="3850934b-17c1-4403-8f04-65ead4703936" tag="arm32v7/busybox:stable-musl" os="linux" arch="arm" interface=veth1 mounts="" dns="" hostname="mybbox" logging=yes 
   status=stopped 
[admin@CRS309-BU] /container>
[admin@CRS309-BU] /container> /container/start number=0 ; /log/print follow-only

09:26:10 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:11 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:15 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:16 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:20 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:21 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:25 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:25 system,info,account user prometheus logged out from 192.168.0.182 via api 

I guess as CRS3xx have very tiny SPI Flash, Mikrotik didn't test container on theses hardware. I tried with other docker images, but i always have the same result.
 
krisjanisj
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 21, 2021 10:38 am

I tried with very small container (arm32v7/busybox:stable-musl , tar size is about 1,4MB) on CRS305 and CRS309, but container never start (and nothing is write in logs despite logging=yes) :
[admin@CRS309-BU] /container> /container/print 
 0 file=arm32v7_busybox.tar name="3850934b-17c1-4403-8f04-65ead4703936" tag="arm32v7/busybox:stable-musl" os="linux" arch="arm" interface=veth1 mounts="" dns="" hostname="mybbox" logging=yes 
   status=stopped 
[admin@CRS309-BU] /container>
[admin@CRS309-BU] /container> /container/start number=0 ; /log/print follow-only

09:26:10 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:11 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:15 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:16 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:20 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:21 system,info,account user prometheus logged out from 192.168.0.182 via api 
09:26:25 system,info,account user prometheus logged in from 192.168.0.182 via api 
09:26:25 system,info,account user prometheus logged out from 192.168.0.182 via api 

I guess as CRS3xx have very tiny SPI Flash, Mikrotik didn't test container on theses hardware. I tried with other docker images, but i always have the same result.
Could You please generate a supout.rif file and send it to support@mikrotik.com so we can look into this further?
 
chrisfr
just joined
Posts: 5
Joined: Thu Sep 02, 2021 3:35 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 21, 2021 12:29 pm

...
Could You please generate a supout.rif file and send it to support@mikrotik.com so we can look into this further?
I send it with also the tar image, thank you.
 
devin122
just joined
Posts: 8
Joined: Sat Sep 11, 2021 8:36 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 21, 2021 9:22 pm

I've managed to get containers on MIPSBE working with 7.1rc4, however when the container is running, cpu usage is pinned at 100% despite all the processes inside the container sitting pretty much idle
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 21, 2021 10:21 pm

What is your hardware?

mipsbe / RB450G


For a RB750Gr3 you could try the little endian containers and see if they work: https://hub.docker.com/r/multiarch/debi ... sel-buster
Unfortunately nothing happens. I emailed support with supout.rif.
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 642
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 22, 2021 5:50 am

Boy my lightly used RB1100 "dude" works pretty well with the new container support.

But some way to access to "console" would be very handy. It's not always easy to add SSH support to just any docker image, in particular some of the language runtimes like NodeJS, Julia or R - where you don't need SSH once you've packaged an image with the code you want. Certainly using a stock Linux/OS to "test" on the platform can work...but then your still left unwinding what the more basic version for docker be of that work.

While the Dockerfile on the host can add the need code/entry point before generating the tar – sometimes it's easier to try stuff out in the "running" docker image, then edit the Dockerfile to recreate your "diffs". Now ideally, the containers console would be like any ROS port redirected like any other ROS serial thing, but some "/container/console", similar to /system/serial-console command be very useful. I'd imagine it's be especially useful on the "more escotic" platform since there isn't some go-to stash of TILE base images, yet... and logging=yes will only get you so far at troubleshooting a greenfield like "docker-on-tile" – one way to make use of the unused cores on the TILE RBs.

One other thought, is the basic feature of MetaROUTER was running another ROS instance. I'm surprise that wasn't an example – be awfully handy to run ROS v6 on a ROS v7, since you'd have the dude (which seems forgot in v7 feature-blitz) and could more easily allow testing any differences between v7 and v6...
 
User avatar
sszbv
Trainer
Trainer
Posts: 9
Joined: Sun Oct 07, 2012 11:47 am
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Sep 23, 2021 3:28 pm

Thanks for this awesome feature!

I'm running a domoticz container on a rb5009, works great.
It would be nice if you could add devices support, so I can connect USB or serial devices (like kwh meters).

The docker command line is:

docker run -d \
-p 8080:8080 \
-p 8443:443 \
-v <path for config files>:/opt/domoticz/userdata \
-e TZ=Europe/Amsterdam
--device=<device_id> \
--name=<container name> \
domoticz/domoticz

I mean the --device= part.
Maybe you can create a devices list, using the same approach as for the mounts and envs.
 
haedertowfeq
just joined
Posts: 12
Joined: Thu Nov 19, 2020 5:58 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 24, 2021 1:51 am

Noop
How to ssh to pihole 🤔
To use command like
Pihole -u for update
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2365
Joined: Mon Apr 08, 2019 1:16 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Sep 24, 2021 9:10 pm

"docker exec -it" / "docker container exec" ??? Or is there no docker program?
For GUI comfort I use the "portainer" container, but without "docker exec" that would probably not work on RouterOS.
(https://docs.portainer.io/v/ce-2.6/user ... Fbin%2Fash.)

cfr : https://www.mankier.com/1/docker-exec
 
rplant
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Fri Sep 29, 2017 11:42 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 25, 2021 8:12 am

Hi,
How do I connect a container to 2 network interfaces?
I thought I'd have a go at avahi as a reflector.

Thanks
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 642
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Sep 25, 2021 9:21 pm

How do I connect a container to 2 network interfaces?
Kinda depends on how the LANs (or VLANs...) your trying do mDNS reflection on ingress the router/switch. The simplest case would be using two bridges (bridgeA and bridgeB) and two virtual ethernets, vethA and vethB, for Avanti container. Assuming your "LAN A" (e.g. "computers/WiFi") is using ether1 and "LAN B" (e.g. "printers") is using ether2. You'd then add ether1 & vethA as bridge ports on bridgeA, same for ether2+vethB going as ports on bridgeB (on /interface/bridge/ports).

VLAN Filtering likely be better long term, be one bridge, but that adds complexity here. You'd add both vethA and vethB as interface to the /container. Like more, basically one bridge/veth per [V]LAN you want Avanti to use.

Where I think the trouble lies isn't bridging the L2 traffic – lots of way to do that in ROS. But finding a pre-compiled Dockerfile that exposes some UI to manage Avanti or has SSH enabled out-of-the box, AND is pre-compiled for the Mikrotik CPU your want to use, which need some "real" disk (USB, SSD, etc). Lots of Docker images for X86/AMD64, but only some number for ARM32 etc... You got a TILE, well, good luck but be interesting.

The current implementation doesn't allow "console access" so once you get the image running on the Mikrotik, you have to essentially start/stop the container and use /container/set 0 cmd="..." each time to modify the image. Normally you can just "compile" a Dockerfile, but unless you're on the same CPU arch, that get tricky – most people don't use an ARM32 as there desktop computer – docker supports "buildx" and scheme to deal with this BUT way more complex than L2 bridging on a Mikrotik part.

But, a poor-man function to proxy for a shell to the container looks like this, assuming you a container, it's working, and logging=yes. Add something like this (as example of concept):

:global DockerDo do={/container/stop $1; :delay 10s; /container/set $1 cmd="$2"; /container/start $1; /log/print follow where topics~"container" and time>([/system/clock/get time]-10s)}

To use this, you can issue a ONE command $DockerDo [container number, "0"] [cmd to run in container] against the docker image, which will start/stop in-between your commands. Since the output it shown via /log/print follow, you'll need to use Ctrl-C to then issue another command:
> $DockerDo 0 "uname -a"
                                            
12:55:51 container,info,debug Linux julia162 5.6.3 #15 SMP Mon Sep 20 07:31:39 UTC 2021 armv7l GNU/Linux 

> $DockerDo 0 "uname -a"

12:57:58 container,info,debug Linux julia162 5.6.3 #15 SMP Mon Sep 20 07:31:39 UTC 2021 armv7l GNU/Linux 

-- Ctrl-C to quit. Space prints separator. New entries will appear at bottom.


Although I've never been sold on the need for "reflecting" mDNS – kinda the point of subnetting is to limit broadcasting. If you just have some "well known printers" you want showing up on iPhone, using domain name in DHCP and some specfic DNS PTR/SRV records will do the same as mDNS broadcasts if that's what your after, see RFC6763 - https://www.ietf.org/rfc/rfc6763.txt

Now why Mikrotik has not added mDNS/avanti, just to stop the requests, is a different question. Guessing they are betting Docker is simpler answer, well see.
 
rplant
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Fri Sep 29, 2017 11:42 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Sep 26, 2021 3:13 am

How do I connect a container to 2 network interfaces?
Kinda depends on how the LANs (or VLANs...) your trying do mDNS reflection on ingress the router/switch. The simplest case would be using two bridges (bridgeA and bridgeB) and two virtual ethernets, vethA and vethB, for Avanti container. Assuming your "LAN A" (e.g. "computers/WiFi") is using ether1 and "LAN B" (e.g. "printers") is using ether2. You'd then add ether1 & vethA as bridge ports on bridgeA, same for ether2+vethB going as ports on bridgeB (on /interface/bridge/ports).
...

VLAN Filtering likely be better long term, be one bridge, but that adds complexity here.

Although I've never been sold on the need for "reflecting" mDNS – kinda the point of subnetting is to limit broadcasting. If you just have some "well known printers" you want showing up on iPhone, using domain name in DHCP and some specfic DNS PTR/SRV records will do the same as mDNS broadcasts if that's what your after, see RFC6763 - https://www.ietf.org/rfc/rfc6763.txt
Thanks,
I have tried the manual DNS thing in the past, but Mikrotik DNS doesn't support PTR records at present (maybe that will change), I did try on another DNS server, but never had much success.

Unfortunately I think I didn't explain myself very well
There seems to be no (obvious) way to add more than 1 interface to a container in the /container add command.

Perhaps VLan filtering might be what I need to use, with the 2 interfaces coming in on 1 veth, a native, and a vlan

I haven't tried this, but was thinking I could drop a netcat into the container's bin directory, and set cmd to "nc -L 5000 -e /bin/sh"
(nil security, but you can firewall access to it)
 
almeiras
newbie
Posts: 39
Joined: Fri Nov 15, 2019 9:16 pm
Location: Spain

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 27, 2021 12:35 pm

Hello! Yet again I resurrected my RB4011. I updated it to 7.1 RC4. Then I used
/Container
to install a Docker image for iperf3, the beloved speedtest app. I picked this image from sk278 since it supports ARMv7 (32 bit ARM).

I leave here my steps for other newbies plus some doubts at the end.

First I created the virtual network interface and bridge for using with
/Container
. I sticked with the default network
172.17.0.0/24
from MT’s Container help. No environment variables or mountpoints were needed for this image.

Then I went to my computer and launched a console terminal app:
  1. docker manifest inspect sk278/iperf3
    
  2. Get the right hash for your architecture, in my case, MikroTik RB4011 is ARMv7:
    sha256:823a7cd38cfeea8fce736639cac8146c069246759463f262be832cff340e3bfa
    
    (latest image version is this one)
  3. Download the image:
    docker pull sk278/iperf3:latest@sha256:823a7cd38cfeea8fce736639cac8146c069246759463f262be832cff340e3bfa
    
  4. Have the image compressed:
    docker save sk278/iperf3 > iperf3.tar
    
  5. Upload it to the router filesystem using your preferred method (just drop it in “Files” section using Webfig).
Time to go to the router command prompt (via SSH, online terminal, serial cable…)
  1. Create the container in using the image file you just uploaded:
    /container/add file=iperf3.tar interface=veth1 logging=yes
    
    . (you can also add a
    hostname
    
    if you want)
  2. /container/start [find file=iperf3.tar]
    
  3. Check if
    status=running
    
    with
    /container/print detail
    
    (it takes some time in bigger containers).
OK, now some questions arise in my head:
  • In my case, the container got itself the IP 172.16.0.2. Can anyone explain why? I mean, there is no environment variable for the IP as in PiHole`s image, nor any kind of negotiation that I’m aware of. Does this depend on the number of the container (0 gets first available IP, 1 gets second…)?
  • I tried to create a DHCP server for the containers, but I couldn’t since veth1 is a slave of a bridge. I tried creating the server for the bridge, but this made no effect since the Docker images are bound to
    veth1
    
    , not the bridge (see
    /container/print
    
    ).
  • iperf3 speed looks to be limited to 100 Mbps, although all my network is 1 Gbps… I have no idea why is that, all physical interfaces look correct.
  • MikroTik support team, will you bring interactive terminal console to containers? Pretty please? We really need that.
Anyway, congratulations MikroTik for this breakthrough. These are exciting times for us, users. My Raspberry is going to have some rest.
 
almeiras
newbie
Posts: 39
Joined: Fri Nov 15, 2019 9:16 pm
Location: Spain

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 27, 2021 2:01 pm

I tried the official Debian image: https://hub.docker.com/_/debian?tab=des ... st_updated
docker pull debian:stable@sha256:ae04ba555bd7342b5d49305425dcd9f233ea51321d16f1c04b26173a32918349
But once installed, it doesn't start. Architecture is correct. I also tried to stop the other image, but no effect, Debian remains stopped forever:
/container/print 
 0 file=iperf3.tar name="0d8ad45e-b1c0-4380-b720-906baf7db7fc" tag="" os="linux" arch="arm" 
   interface=veth1 mounts="" dns="" hostname="iperf3" logging=yes status=stopped 

 1 file=debian.tar name="7274b731-37e4-45b0-8c5c-4f336218333e" tag="" os="linux" arch="arm" 
   interface=veth1 mounts="" dns="" logging=yes status=stopped 
 
User avatar
jr0dd
just joined
Posts: 14
Joined: Fri Feb 10, 2017 4:46 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Sep 27, 2021 4:10 pm


But once installed, it doesn't start. Architecture is correct. I also tried to stop the other image, but no effect, Debian remains stopped forever:
I’ve tried numerous containers and I can’t get 1 to start also on ARM.
 
vchrizz
just joined
Posts: 20
Joined: Sun Jul 10, 2016 11:07 am
Location: Austria, Vienna
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 28, 2021 2:52 am

I've managed to get containers on MIPSBE working with 7.1rc4, however when the container is running, cpu usage is pinned at 100% despite all the processes inside the container sitting pretty much idle
what container(s) did you try? im looking for some working mipsbe images as examples.

or how would one manage to create docker images for mipsbe?
there is no docker.io package for mips/mipsbe in debian.
for debian/bullseye there is a docker.io package for mips64el and mipsel but not mips/mipsbe because debian dropped mips/mipsbe support since bullseye.
on other linux distros i also could not find possibilities to run docker on mipsbe to be able to create images (or tar files from images)

how else is it possible to create docker images without running docker on mipsbe arch?
(i crosscompiled an application already but am not able to create docker images for mipsbe)

thanks for any hints!

EDIT: i crosscompiled mipsbe binary which works fine on other mipsbe devices running debian. then i created a container (with docker on openwrt/mipsel), saved it to a tar file and uploaded it to a rb960pgs running ros v7.1rc4:
[admin@MikroTik] > /container/add file=mipsolsrd.tar interface=veth1 hostname=olsrd logging=yes
[admin@MikroTik] > /container/print
0 file=mipsolsrd.tar name="51b47d9f-9f81-4a26-9f57-1d59d715cbd3" tag="vchrizz/mipsolsrd:latest" os="linux" arch="mipsle" interface=veth1
mounts="" dns="" hostname="olsrd" logging=yes status=stopped
[admin@MikroTik] > /container/start number=0

[admin@MikroTik] > /container/print
0 file=mipsolsrd.tar name="51b47d9f-9f81-4a26-9f57-1d59d715cbd3" tag="vchrizz/mipsolsrd:latest" os="linux" arch="mipsle" interface=veth1
mounts="" dns="" hostname="olsrd" logging=yes status=stopped
seems to look ok but it does not start, nothing is shown in logs on why it did not start (i already added topic "container" to system/logging)

how to debug the container what is wrong to fix that?
Last edited by vchrizz on Thu Sep 30, 2021 2:21 am, edited 1 time in total.
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Sep 28, 2021 3:04 am


But once installed, it doesn't start. Architecture is correct. I also tried to stop the other image, but no effect, Debian remains stopped forever:
I’ve tried numerous containers and I can’t get 1 to start also on ARM.
Have you managed to get any errors / logs? No reply yet from support dev team, But the main problem is lack of logs / errors. How are you supposed to debug this if no log appears. NB: container topic is added in logging and logging=yes is set. But no log appears.
 
User avatar
jr0dd
just joined
Posts: 14
Joined: Fri Feb 10, 2017 4:46 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 29, 2021 7:51 am


Have you managed to get any errors / logs? No reply yet from support dev team, But the main problem is lack of logs / errors. How are you supposed to debug this if no log appears. NB: container topic is added in logging and logging=yes is set. But no log appears.
No logs of any kind. It just stays stopped.
 
almeiras
newbie
Posts: 39
Joined: Fri Nov 15, 2019 9:16 pm
Location: Spain

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 29, 2021 11:07 am

I find interesting the possibility of running a RouterOS container (stable ROS version) inside your own router (development ROS version). This way you could use "The Dude server" (stable versions only) as well as the newer funcionalities (WG, Docker, Zerotier...).
I can't test it since my RB4011 is armv7 (32 bit only), but it would be nice to hear from any of you. Maybe MT support team finds it interesting to maintain their own ROS image (@normis?). Thank you.

PS: This implementation would require a second ROS software key.
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 29, 2021 11:32 am

I find interesting the possibility of running a RouterOS container (stable ROS version) inside your own router (development ROS version).
Well, this is essentially how it all started on old MikroTik models that offered "MetaROUTER" where you could run either RouterOS or another image.
This fell out of attention as later architectures do not offer it, and the current Docker support is more or less a successor of that.
 
antonatos
just joined
Posts: 6
Joined: Wed Mar 05, 2014 11:58 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Sep 29, 2021 7:38 pm

Hey folks,

I recently upgraded 1100 AHx4 to 7.1.rc4 in order to test containers.
Although I manage to make it work. I faced the below issues:
  • Transferring big files is causing kernel panic
  • Extracting tar image takes more than 15mins which consumes 1 CPU and cause packet drop and Capsman link drop
  • There is no exec to get a console in order to configure more.
Have you found any solution for the above?

Thanks,
Nikos
 
almeiras
newbie
Posts: 39
Joined: Fri Nov 15, 2019 9:16 pm
Location: Spain

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Oct 01, 2021 4:33 pm

  • Transferring big files is causing kernel panic
  • There is no exec to get a console in order to configure more.
No problem with file transfers in ny case. I use ‘scp’ and webfig for uploading (RB4011, ARMv7 32 bit).

Regarding the lack of interactive console shell, you have to settle for images with ssh, web config or environment variables. This is really annoying. I hope we get interactive shell soon. My kingdom for ‘docker exec -it bash‘
 
devin122
just joined
Posts: 8
Joined: Sat Sep 11, 2021 8:36 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Oct 01, 2021 6:45 pm

I've managed to get containers on MIPSBE working with 7.1rc4, however when the container is running, cpu usage is pinned at 100% despite all the processes inside the container sitting pretty much idle
what container(s) did you try? im looking for some working mipsbe images as examples.
First I was using openwrt images (mips_24kc-21.02.0 tag on https://hub.docker.com/r/openwrtorg/rootfs) . However, I suspect something about their init system is causing the 100% cpu usage. Now I'm rolling my own images based on openwrt but without their init system.

or how would one manage to create docker images for mipsbe?
I have just been making tarballs of the root fs and then using
docker import 
and
docker export
to add the necessary metadata

there is no docker.io package for mips/mipsbe in debian.
There won't be. Since mipsbe isn't officially supported by docker, it wont let you tag an image as being for it (see https://github.com/docker/cli/blob/a32c ... til.go#L22) . However other than displaying it in the UI, ROS seems to ignore the platform tag (my images all say AMD64, but they are running fine)

Have you managed to get any errors / logs? No reply yet from support dev team, But the main problem is lack of logs / errors. How are you supposed to debug this if no log appears. NB: container topic is added in logging and logging=yes is set. But no log appears.
adding logging=yes seems to just log stdout/stderr from inside the container, no info about debugging the container runtime itself. There is some limited debugging info available in supout.rif in the
@container@
sections
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Oct 01, 2021 11:10 pm

Have you managed to get any errors / logs? No reply yet from support dev team, But the main problem is lack of logs / errors. How are you supposed to debug this if no log appears. NB: container topic is added in logging and logging=yes is set. But no log appears.
adding logging=yes seems to just log stdout/stderr from inside the container, no info about debugging the container runtime itself. There is some limited debugging info available in supout.rif in the
@container@
sections
How are you reading supout.rif? I viewed my supout.rif in mikrotik.com -> account but It doesn't contain a "container" section :(

EDIT: Thank you so much, finally a bit of hint of logging. I used a third party tool (github.com/farseeker/go-mikrotik-rif) to open the supout and found this.
@container@
2021.09.20-21:07:21.81@1: Starting container app.
2021.09.20-21:07:21.81@1: Running app...
2021.09.20-21:14:08.29@3: unable to copy resolv.conf
2021.09.20-21:14:08.30@3: clone: Invalid argument
2021.09.20-21:14:08.30@3: child spawn failed
2021.09.20-21:14:19.53@2: unable to copy resolv.conf
2021.09.20-21:14:19.53@2: clone: Invalid argument
2021.09.20-21:14:19.53@2: child spawn failed
2021.09.20-21:14:20.92@2: image not running
2021.09.20-21:25:41.33@1: no id
2021.09.20-21:40:04.07@3: clone: Invalid argument
2021.09.20-21:40:04.07@3: child spawn failed
2021.09.20-21:40:45.10@0: clone: Invalid argument
2021.09.20-21:40:45.10@0: child spawn failed
2021.09.20-21:41:12.92@2: clone: Invalid argument
2021.09.20-21:41:12.92@2: child spawn failed
2021.09.21-18:55:23.41@0: clone: Invalid argument
2021.09.21-18:55:23.41@0: child spawn failed
2021.09.21-18:55:45.42@1: clone: Invalid argument
2021.09.21-18:55:45.42@1: child spawn failed
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: --- signal=17 --------------------------------------------
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: pc=0x77fe4214 at=0x00000001 v0=0x00000004 v1=0x00000000
2021.09.21-18:57:16.72@1: a0=0x77ff9560 a1=0x00000002 a2=0xffffffff a3=0x00000001
2021.09.21-18:57:16.72@1: t0=0x00000001 t1=0x77f7aa90 t2=0x66206e77 t3=0x656c6961
2021.09.21-18:57:16.72@1: t4=0x7fffb780 t5=0x00000000 t6=0x00000000 t7=0x00420000
2021.09.21-18:57:16.72@1: s0=0x0000105c s1=0xffffffff s2=0x780014f4 s3=0x7fffbbc0
2021.09.21-18:57:16.72@1: s4=0x0000004f s5=0xffffffff s6=0x00000004 s7=0x00421558
2021.09.21-18:57:16.72@1: t8=0x004209a0 t9=0x77fe41d0 k0=0x00000000 k9=0x00000000
2021.09.21-18:57:16.72@1: gp=0x780018d0 sp=0x7fffbac8 s8=0x004217f8 ra=0x77fdc120
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: maps:
2021.09.21-18:57:16.72@1: 00400000-00411000 r-xp 00000000 07:01 8          /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: 00420000-00421000 rwxp 00010000 07:01 8          /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: 00421000-0042c000 rwxp 00000000 00:00 0          [heap]
2021.09.21-18:57:16.72@1: 77de5000-77ee5000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 77ee5000-77f07000 r-xp 00000000 07:00 241        /lib/libuc++.so
2021.09.21-18:57:16.72@1: 77f07000-77f08000 rwxp 00012000 07:00 241        /lib/libuc++.so
2021.09.21-18:57:16.72@1: 77f08000-77f77000 r-xp 00000000 07:00 243        /lib/libumsg.so
2021.09.21-18:57:16.72@1: 77f77000-77f79000 rwxp 0005f000 07:00 243        /lib/libumsg.so
2021.09.21-18:57:16.72@1: 77f79000-77f7b000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 77f7b000-77fa4000 r-xp 00000000 07:00 247        /lib/libubox.so
2021.09.21-18:57:16.72@1: 77fa4000-77fa5000 rwxp 00019000 07:00 247        /lib/libubox.so
2021.09.21-18:57:16.72@1: 77fa5000-77fea000 r-xp 00000000 07:00 240        /lib/libc.so
2021.09.21-18:57:16.72@1: 77ff6000-77ff7000 rwxs 00000000 00:0a 2052       /ram/rtrace/control
2021.09.21-18:57:16.72@1: 77ff7000-77ff9000 r-xp 0ea7c000 00:06 1326       /dev/jiffies
2021.09.21-18:57:16.72@1: 77ff9000-77ffb000 rwxp 00044000 07:00 240        /lib/libc.so
2021.09.21-18:57:16.72@1: 77ffb000-77ffc000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 7ffdb000-7fffc000 rwxp 00000000 00:00 0          [stack]
2021.09.21-18:57:16.72@1: 7fffc000-7fffd000 r-xp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: stack: 0x7fffc000 - 0x7fffbac8 
2021.09.21-18:57:16.72@1: 00 00 00 00 40 11 42 00 d0 f8 f7 77 58 15 42 00 00 00 00 00 00 00 00 00 d0 18 00 78 5c 10 00 00 
2021.09.21-18:57:16.72@1: 00 00 00 00 00 00 00 00 10 10 42 00 30 bb ff 7f ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: code: 0x77fe4214
2021.09.21-18:57:16.72@1: 10e00002 27bd0020 00021023 03e00008 00000000 8f998574 03200008 00000000 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: backtrace: 0x77fe4214 0x77fdc120 
2021.09.21-18:57:16.72@1: 
Any idea anyone?
 
devin122
just joined
Posts: 8
Joined: Sat Sep 11, 2021 8:36 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Oct 03, 2021 3:13 am


Any idea anyone?
What version are you running. I was seeing the same error on rc3 as the kernel was not built with full support for namespaces. Issue was resolved with rc4
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Oct 03, 2021 3:18 am


Any idea anyone?
What version are you running. I was seeing the same error on rc3 as the kernel was not built with full support for namespaces. Issue was resolved with rc4
7.1rc4. Then guess it wasn't solved for mmpis/RB750Gr3
 
fakejuke
just joined
Posts: 2
Joined: Tue Oct 05, 2021 9:10 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Oct 05, 2021 3:37 pm

Hello! Tried pihole and iperf on my ac3 with external usb flash. Both stuck on "extracting". Any ideas?
 
vchrizz
just joined
Posts: 20
Joined: Sun Jul 10, 2016 11:07 am
Location: Austria, Vienna
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Oct 06, 2021 4:34 pm

EDIT: Thank you so much, finally a bit of hint of logging. I used a third party tool go-mikrotik-rif to open the supout and found this.
@container@
2021.09.20-21:07:21.81@1: Starting container app.
2021.09.20-21:07:21.81@1: Running app...
2021.09.20-21:14:08.29@3: unable to copy resolv.conf
2021.09.20-21:14:08.30@3: clone: Invalid argument
2021.09.20-21:14:08.30@3: child spawn failed
2021.09.20-21:14:19.53@2: unable to copy resolv.conf
2021.09.20-21:14:19.53@2: clone: Invalid argument
2021.09.20-21:14:19.53@2: child spawn failed
2021.09.20-21:14:20.92@2: image not running
2021.09.20-21:25:41.33@1: no id
2021.09.20-21:40:04.07@3: clone: Invalid argument
2021.09.20-21:40:04.07@3: child spawn failed
2021.09.20-21:40:45.10@0: clone: Invalid argument
2021.09.20-21:40:45.10@0: child spawn failed
2021.09.20-21:41:12.92@2: clone: Invalid argument
2021.09.20-21:41:12.92@2: child spawn failed
2021.09.21-18:55:23.41@0: clone: Invalid argument
2021.09.21-18:55:23.41@0: child spawn failed
2021.09.21-18:55:45.42@1: clone: Invalid argument
2021.09.21-18:55:45.42@1: child spawn failed
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: --- signal=17 --------------------------------------------
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: pc=0x77fe4214 at=0x00000001 v0=0x00000004 v1=0x00000000
2021.09.21-18:57:16.72@1: a0=0x77ff9560 a1=0x00000002 a2=0xffffffff a3=0x00000001
2021.09.21-18:57:16.72@1: t0=0x00000001 t1=0x77f7aa90 t2=0x66206e77 t3=0x656c6961
2021.09.21-18:57:16.72@1: t4=0x7fffb780 t5=0x00000000 t6=0x00000000 t7=0x00420000
2021.09.21-18:57:16.72@1: s0=0x0000105c s1=0xffffffff s2=0x780014f4 s3=0x7fffbbc0
2021.09.21-18:57:16.72@1: s4=0x0000004f s5=0xffffffff s6=0x00000004 s7=0x00421558
2021.09.21-18:57:16.72@1: t8=0x004209a0 t9=0x77fe41d0 k0=0x00000000 k9=0x00000000
2021.09.21-18:57:16.72@1: gp=0x780018d0 sp=0x7fffbac8 s8=0x004217f8 ra=0x77fdc120
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: maps:
2021.09.21-18:57:16.72@1: 00400000-00411000 r-xp 00000000 07:01 8          /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: 00420000-00421000 rwxp 00010000 07:01 8          /ram/pckg/container/nova/bin/container
2021.09.21-18:57:16.72@1: 00421000-0042c000 rwxp 00000000 00:00 0          [heap]
2021.09.21-18:57:16.72@1: 77de5000-77ee5000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 77ee5000-77f07000 r-xp 00000000 07:00 241        /lib/libuc++.so
2021.09.21-18:57:16.72@1: 77f07000-77f08000 rwxp 00012000 07:00 241        /lib/libuc++.so
2021.09.21-18:57:16.72@1: 77f08000-77f77000 r-xp 00000000 07:00 243        /lib/libumsg.so
2021.09.21-18:57:16.72@1: 77f77000-77f79000 rwxp 0005f000 07:00 243        /lib/libumsg.so
2021.09.21-18:57:16.72@1: 77f79000-77f7b000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 77f7b000-77fa4000 r-xp 00000000 07:00 247        /lib/libubox.so
2021.09.21-18:57:16.72@1: 77fa4000-77fa5000 rwxp 00019000 07:00 247        /lib/libubox.so
2021.09.21-18:57:16.72@1: 77fa5000-77fea000 r-xp 00000000 07:00 240        /lib/libc.so
2021.09.21-18:57:16.72@1: 77ff6000-77ff7000 rwxs 00000000 00:0a 2052       /ram/rtrace/control
2021.09.21-18:57:16.72@1: 77ff7000-77ff9000 r-xp 0ea7c000 00:06 1326       /dev/jiffies
2021.09.21-18:57:16.72@1: 77ff9000-77ffb000 rwxp 00044000 07:00 240        /lib/libc.so
2021.09.21-18:57:16.72@1: 77ffb000-77ffc000 rwxp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 7ffdb000-7fffc000 rwxp 00000000 00:00 0          [stack]
2021.09.21-18:57:16.72@1: 7fffc000-7fffd000 r-xp 00000000 00:00 0 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: stack: 0x7fffc000 - 0x7fffbac8 
2021.09.21-18:57:16.72@1: 00 00 00 00 40 11 42 00 d0 f8 f7 77 58 15 42 00 00 00 00 00 00 00 00 00 d0 18 00 78 5c 10 00 00 
2021.09.21-18:57:16.72@1: 00 00 00 00 00 00 00 00 10 10 42 00 30 bb ff 7f ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: code: 0x77fe4214
2021.09.21-18:57:16.72@1: 10e00002 27bd0020 00021023 03e00008 00000000 8f998574 03200008 00000000 
2021.09.21-18:57:16.72@1: 
2021.09.21-18:57:16.72@1: backtrace: 0x77fe4214 0x77fdc120 
2021.09.21-18:57:16.72@1: 
thanks for the hint! looking at supout.rif with the tool go-mikrotik-rif i get similar stack trace:
@container@
2021.10.05-00:18:06.50@0: 
2021.10.05-00:18:06.50@0: 
2021.10.05-00:18:06.50@0: /ram/pckg/container/nova/bin/container
2021.10.05-00:18:06.50@0: --- signal=17 --------------------------------------------
2021.10.05-00:18:06.50@0: 
2021.10.05-00:18:06.50@0: pc=0x77fd4654 at=0x00000001 v0=0x00000004 v1=0x00000000
2021.10.05-00:18:06.51@0: a0=0x77f0ef00 a1=0x00000002 a2=0xffffffff a3=0x00000001
2021.10.05-00:18:06.51@0: t0=0x00000000 t1=0xfeffffff t2=0x00421064 t3=0x77f82fb0
2021.10.05-00:18:06.51@0: t4=0x00000001 t5=0x10000000 t6=0x77f82980 t7=0x77f20000
2021.10.05-00:18:06.51@0: s0=0x00421064 s1=0xffffffff s2=0x77f80000 s3=0x7fffabe0
2021.10.05-00:18:06.51@0: s4=0x0000004f s5=0xffffffff s6=0x00000004 s7=0x00421558
2021.10.05-00:18:06.51@0: t8=0x004208dc t9=0x77fd4640 k0=0x77f7f960 k9=0x00000000
2021.10.05-00:18:06.51@0: gp=0x78001370 sp=0x7fffab70 s8=0x004217f8 ra=0x77f33848
2021.10.05-00:18:06.51@0: 
2021.10.05-00:18:06.51@0: maps:
2021.10.05-00:18:06.51@0: 00400000-00411000 r-xp 00000000 07:01 8          /ram/pckg/container/nova/bin/container
2021.10.05-00:18:06.51@0: 00420000-00421000 rwxp 00010000 07:01 8          /ram/pckg/container/nova/bin/container
2021.10.05-00:18:06.51@0: 00421000-0042d000 rwxp 00000000 00:00 0          [heap]
2021.10.05-00:18:06.51@0: 77dec000-77eec000 rwxp 00000000 00:00 0 
2021.10.05-00:18:06.51@0: 77eec000-77f0e000 r-xp 00000000 07:00 240        /lib/libuc++.so
2021.10.05-00:18:06.51@0: 77f0e000-77f0f000 rwxp 00012000 07:00 240        /lib/libuc++.so
2021.10.05-00:18:06.51@0: 77f10000-77f7f000 r-xp 00000000 07:00 242        /lib/libumsg.so
2021.10.05-00:18:06.52@0: 77f7f000-77f81000 rwxp 0005f000 07:00 242        /lib/libumsg.so
2021.10.05-00:18:06.52@0: 77f81000-77f83000 rwxp 00000000 00:00 0 
2021.10.05-00:18:06.52@0: 77f84000-77fad000 r-xp 00000000 07:00 246        /lib/libubox.so
2021.10.05-00:18:06.52@0: 77fad000-77fae000 rwxp 00019000 07:00 246        /lib/libubox.so
2021.10.05-00:18:06.52@0: 77fae000-77fea000 r-xp 00000000 07:00 239        /lib/libc.so
2021.10.05-00:18:06.52@0: 77ff4000-77ff5000 rwxs 00000000 00:0a 370        /ram/rtrace/control
2021.10.05-00:18:06.52@0: 77ff6000-77ff8000 r-xp 0717c000 00:06 393        /dev/jiffies
2021.10.05-00:18:06.52@0: 77ff9000-77ffa000 rwxp 0003b000 07:00 239        /lib/libc.so
2021.10.05-00:18:06.52@0: 77ffa000-77ffb000 rwxp 00000000 00:00 0 
2021.10.05-00:18:06.52@0: 7ffda000-7fffb000 rwxp 00000000 00:00 0          [stack]
2021.10.05-00:18:06.52@0: 7fffb000-7fffc000 r-xp 00000000 00:00 0 
2021.10.05-00:18:06.52@0: 
2021.10.05-00:18:06.52@0: stack: 0x7fffb000 - 0x7fffab70 
2021.10.05-00:18:06.52@0: 77 f7 f9 60 00 00 00 00 7f ff ab a0 00 ff 00 00 77 f8 79 f0 77 f3 f6 0c 00 42 10 64 00 42 11 14 
2021.10.05-00:18:06.53@0: 7f ff ac 80 7f ff ab e0 00 00 00 4f ff ff ff ff 00 00 00 04 77 f3 3a a0 77 f8 2b 00 77 fc 0e a8 
2021.10.05-00:18:06.53@0: 
2021.10.05-00:18:06.53@0: code: 0x77fd4654
2021.10.05-00:18:06.53@0: 10e00002 00402025 00022023 8f998078 100099ea 00000000 00000000 3c1c0003 
2021.10.05-00:18:06.53@0: 
2021.10.05-00:18:06.53@0: backtrace: 0x77fd4654 
from what i experimented so far with building a container from scratch, and trying to run it on an rb960pg (mipsbe) i can tell:
- if it stucks at status extracting, there is something wrong with the container image (tar file)
- if it does not start but extracts fine, container image seems ok but there is something wrong with the binaries within the container or the container was built/saved on wrong architecture.
- comparing architectures, with a container built on mips64 or mipsel i get stacktrace with signal 11 (SIGSEGV - Segmentation violation)
- saving the built container from a mips32 system i get signal 17 (SIGUSR2 - User-defined signal 2) stacktrace.

so not only the architecture has to match (what is clear to me), but also the build-tools have to match i guess?
i am trying to build the container on a qemu-mips (malta) VM running openwrt 21.02, which uses musl toolchain afaik.
the binaries which run fine in openwrt on mips32 seem not to work in the container on the rb960.
does anybody know what toolchain must be used for binaries in a container to run on a rb960pg (mipsbe) ?
Last edited by vchrizz on Sat Nov 06, 2021 4:54 pm, edited 1 time in total.
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 642
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Oct 07, 2021 6:23 pm

I find interesting the possibility of running a RouterOS container (stable ROS version) inside your own router (development ROS version).
Well, this is essentially how it all started on old MikroTik models that offered "MetaROUTER" where you could run either RouterOS or another image.
This fell out of attention as later architectures do not offer it, and the current Docker support is more or less a successor of that.
What's old is new again. Mikrotik was ahead of it's time with MetaROUTER. And, yet still people wanting to run a full Linux distro with stuff PBX etc. But with MetaROUTER, the Wiki had a clear description of how to use with ROS – that's missing in v7 Containers IMO.

Just saying ROS-on-ROS is could be simplier for stuff like VRF, and likely good example of "SDN" potential of Containers. Since there are no examples of any containers for TILE, if Mikrotik had some examples of getting ROS in a working container, that be a good place to know if anyother container could on some hardware platform.
 
fakejuke
just joined
Posts: 2
Joined: Tue Oct 05, 2021 9:10 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Oct 08, 2021 10:55 pm

Hello! Tried pihole and iperf on my ac3 with external usb flash. Both stuck on "extracting". Any ideas?
Tried to create .tar in Linux invironment (instead of windows 10) and everything works!
 
vchrizz
just joined
Posts: 20
Joined: Sun Jul 10, 2016 11:07 am
Location: Austria, Vienna
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Oct 11, 2021 9:20 pm

First I was using openwrt images (mips_24kc-21.02.0 tag on https://hub.docker.com/r/openwrtorg/rootfs) . However, I suspect something about their init system is causing the 100% cpu usage. Now I'm rolling my own images based on openwrt but without their init system.
sorry, i overlooked that comment.
many many thanks for that information! based on that i also could finally get a container to work. based on that container i built my own container.
I have just been making tarballs of the root fs and then using
docker import 
and
docker export
to add the necessary metadata
i tried that but maybe i did something wrong because this didnt work for me, but based on the mips_24kc-21.02.0 openwrt container i could create a container myself and build it with "docker build -t mytag ." then "docker save mytag > mytag.tar" to use the tar file on the router.

so i got a working container on a rb960pgs which is really nice!

just giving feedback:
following things i noticed are not (yet) working correctly, but i guess they will be fixed in future ROS versions:
  • "sometimes" after stopping a container the file autosupout.rif is written and then starting a container is not possible any more until the router is rebootet. (in autosupout.rif i see signal 11 in the log)
  • when the container is running, after a usual reboot of the router, the container store and the tar-file/image is lost, but the configuration is still there, so i have to remove the container, upload the image and add it again.
  • are containers started automatically after router reboot? (assuming the previous mentioned problem is fixed)
  • "sometimes" i have to "/container/start number=0" more than once until the container starts correctly although nothing changed and i just uploaded the image again and re-added the container. looking in supout.rif i see signal 17 as described before.

thanks for this great feature, keep it up!
 
Janosch
just joined
Posts: 2
Joined: Thu Sep 10, 2015 4:58 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Oct 13, 2021 12:43 pm

Is it possible to get access to devices connected to the USB Bus from within Docker?
(=run Docker in piviledged mode?)
If yes, could you please post an example?

So I could interact with USB devices (IE Serial devices) from within Docker?

Thanks
Janosch
 
r00t
Long time Member
Long time Member
Posts: 574
Joined: Tue Nov 28, 2017 2:14 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Oct 13, 2021 3:18 pm

No, because entire point of having docker is to isolate it from rest of the ROS environment.
Maybe sharing USB block devices with docker container can be added as a feature later...

But for now you can use following workaround:
Set up serial port server(s) in ROS and then you can access your USB serial ports over TCP/IP, ie. even from the container.
As long as it's just serial port (and not some other device that would require libusb access) it should work without problems.
 
User avatar
deadkat
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Sun Nov 15, 2020 11:14 pm
Location: Alabama, USA

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Oct 14, 2021 4:57 pm

I would like it if containers didn't have to be placed behind NAT....

Please Mikrotik, at least add the ability to use host networking. others would be potentially useful but limiting us to only bridge networking limits what can be done inside a container running on a mikrotik device. https://docs.docker.com/network/#network-drivers
MTCNA, MTCRE
 
rplant
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Fri Sep 29, 2017 11:42 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Oct 15, 2021 4:43 am

Avahi (mdns Reflector)

Hap AC^2 (256M)

It took a while to get working, but I was able to build an Avahi container. Using the cross build instructions at

https://hub.docker.com/r/taoyou/iperf3-alpine

And the avahi container at

https://github.com/flungo-docker/avahi

It came out a bit over 8M in size, so quite big.

It uses a couple of vlans (Vlan setup currently hard coded in the tar file) on it's veth to connect to the local networks.

It is configured as a mdns reflector.

While working out how to make it work, I used netcat from openwrt to provide a couple of cli sessions. The cli is very basic but works, (You need 2 for when you break one) Probably should learn how to setup a dropbear.

I used 7zip on my desktop to open the tar file, and edit config files, and insert the executables (netcat binary and runcat2.sh script)

It seems to work ok.
Not sure I really want it now though :(
 
mankomal
Member Candidate
Member Candidate
Posts: 106
Joined: Fri Nov 24, 2006 8:56 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Oct 18, 2021 6:40 am

Hey,
tried to run pi-hole on CHR getting this
 (445): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

[api@RouterOS] > container envs/pri
 0 list="pihole" name="TZ" value="Asia/Kolkata" 

 1 list="pihole" name="Server IP" value="172.16.10.2" 

 2 list="pihole" name="WEBPASSWORD" value="password" 
[api@RouterOS] > container/print 
 0 file=pihole.tar name="471a7373-e48f-480b-aca2-7c7ee7195241" 
   tag="pihole/pihole:latest" os="linux" arch="amd64" interface=veth1 
   envlist="pihole" mounts="" dns="" hostname="PiHole" logging=yes 
   status=stopped 
[api@RouterOS] > 
[api@RouterOS] > system resource prin
                   uptime: 2m41s
                  version: 7.1rc4 (testing)
               build-time: Sep/20/2021 10:18:44
              free-memory: 14.1MiB
             total-memory: 96.0MiB
                      cpu: Intel(R)
                cpu-count: 1
            cpu-frequency: 2599MHz
                 cpu-load: 1%
           free-hdd-space: 1416.3MiB
          total-hdd-space: 2038.1MiB
  write-sect-since-reboot: 1320
         write-sect-total: 1321
        architecture-name: x86_64
               board-name: CHR
                 platform: MikroTik
Any idea what could be the problem?
 
mankomal
Member Candidate
Member Candidate
Posts: 106
Joined: Fri Nov 24, 2006 8:56 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Oct 18, 2021 6:46 am

Hey,
tried to run pi-hole on CHR getting this
 (445): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)

[api@RouterOS] > container envs/pri
 0 list="pihole" name="TZ" value="Asia/Kolkata" 

 1 list="pihole" name="Server IP" value="172.16.10.2" 

 2 list="pihole" name="WEBPASSWORD" value="password" 
[api@RouterOS] > container/print 
 0 file=pihole.tar name="471a7373-e48f-480b-aca2-7c7ee7195241" 
   tag="pihole/pihole:latest" os="linux" arch="amd64" interface=veth1 
   envlist="pihole" mounts="" dns="" hostname="PiHole" logging=yes 
   status=stopped 
[api@RouterOS] > 
[api@RouterOS] > system resource prin
                   uptime: 2m41s
                  version: 7.1rc4 (testing)
               build-time: Sep/20/2021 10:18:44
              free-memory: 14.1MiB
             total-memory: 96.0MiB
                      cpu: Intel(R)
                cpu-count: 1
            cpu-frequency: 2599MHz
                 cpu-load: 1%
           free-hdd-space: 1416.3MiB
          total-hdd-space: 2038.1MiB
  write-sect-since-reboot: 1320
         write-sect-total: 1321
        architecture-name: x86_64
               board-name: CHR
                 platform: MikroTik
Any idea what could be the problem?
This is the complete log that comes:
Oct/18/2021 09:14:06 container,info,debug [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
Oct/18/2021 09:14:07 container,info,debug [s6-init] ensuring user provided files have correct perms...exited 0.
Oct/18/2021 09:14:07 container,info,debug [fix-attrs.d] applying ownership & permissions fixes...
Oct/18/2021 09:14:07 container,info,debug [fix-attrs.d] 01-resolver-resolv: applying... 
Oct/18/2021 09:14:07 container,info,debug [fix-attrs.d] 01-resolver-resolv: exited 0.
Oct/18/2021 09:14:07 container,info,debug [fix-attrs.d] done.
Oct/18/2021 09:14:07 container,info,debug [cont-init.d] executing container initialization scripts...
Oct/18/2021 09:14:07 container,info,debug [cont-init.d] 20-start.sh: executing... 
Oct/18/2021 09:14:08 container,info,debug  ::: Starting docker specific checks & setup for docker pihole/pihole
Oct/18/2021 09:14:09 container,info,debug 
Oct/18/2021 09:14:09 container,info,debug   [i] Installing configs from /etc/.pihole...
Oct/18/2021 09:14:09 container,info,debug   [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
Oct/18/2021 09:14:09 container,info,debug   [i] Installing /etc/dnsmasq.d/01-pihole.conf...
[K  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
Oct/18/2021 09:14:09 container,info,debug   [i] Installing /etc/.pihole/advanced/06-rfc6761.conf...
[K  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
Oct/18/2021 09:14:14 container,info,debug Existing DNS servers detected in setupVars.conf. Leaving them alone
Oct/18/2021 09:14:14 container,info,debug ::: Pre existing WEBPASSWORD found
Oct/18/2021 09:14:14 container,info,debug DNSMasq binding to default interface: eth0
Oct/18/2021 09:14:14 container,info,debug Added ENV to php:
Oct/18/2021 09:14:14 container,info,debug 			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
Oct/18/2021 09:14:14 container,info,debug 			"ServerIP" => "0.0.0.0",
Oct/18/2021 09:14:14 container,info,debug 			"CORS_HOSTS" => "",
Oct/18/2021 09:14:14 container,info,debug 			"VIRTUAL_HOST" => "0.0.0.0",
Oct/18/2021 09:14:14 container,info,debug Using IPv4 and IPv6
Oct/18/2021 09:14:14 container,info,debug ::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
Oct/18/2021 09:14:14 container,info,debug https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
Oct/18/2021 09:14:15 container,info,debug ::: Testing pihole-FTL DNS: FTL started!
Oct/18/2021 09:14:18 container,info,debug ::: Testing lighttpd config: Syntax OK
Oct/18/2021 09:14:18 container,info,debug ::: All config checks passed, cleared for startup ...
Oct/18/2021 09:14:18 container,info,debug ::: Enabling Query Logging
Oct/18/2021 09:14:19 container,info,debug   [i] Enabling logging...
Oct/18/2021 09:14:19 container,info,debug 
[K  [✓] Logging has been enabled!
Oct/18/2021 09:14:19 container,info,debug  ::: Docker start setup complete
Oct/18/2021 09:14:19 container,info,debug   Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
Oct/18/2021 09:14:19 container,info,debug   Pi-hole version is v5.5 (Latest: v5.5)
Oct/18/2021 09:14:19 container,info,debug   AdminLTE version is v5.7 (Latest: v5.7)
Oct/18/2021 09:14:20 container,info,debug   Current FTL version is v5.10.2
Oct/18/2021 09:14:20 container,info,debug   Container tag is: 2021.10
Oct/18/2021 09:14:20 container,info,debug [cont-init.d] 20-start.sh: exited 0.
Oct/18/2021 09:14:20 container,info,debug [cont-init.d] done.
Oct/18/2021 09:14:20 container,info,debug [services.d] starting services
Oct/18/2021 09:14:20 container,info,debug [services.d] done.
Oct/18/2021 09:14:20 container,info,debug Starting pihole-FTL (no-daemon) as root
Oct/18/2021 09:14:20 container,info,debug Starting lighttpd
Oct/18/2021 09:14:20 container,info,debug Starting crond
Oct/18/2021 09:14:29 container,info,debug Mon Oct 18 03:44:29 2021 (423): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)
Oct/18/2021 09:14:34 container,info,debug Mon Oct 18 03:44:34 2021 (424): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)
Oct/18/2021 09:14:38 container,info,debug Mon Oct 18 03:44:38 2021 (425): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)
after this CHR becomes unresponsive and reboots with a 'kernel panic'
 
User avatar
frank333
Member Candidate
Member Candidate
Posts: 248
Joined: Mon Dec 18, 2017 12:17 pm
Location: S.Marino Router model: RB3011UiAS-RM

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Oct 18, 2021 9:29 am

having memory, there is portainer.io, should be installed as a normal docker image, and provides a simple graphical interface to install all the images you want. you can customize the run commands, extensions, ports, volumes, etc..
 
vchrizz
just joined
Posts: 20
Joined: Sun Jul 10, 2016 11:07 am
Location: Austria, Vienna
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Oct 18, 2021 3:59 pm

is it on purpose, that there is no container package for SMIPS architecture or was it just forgotten?
on all architectures i can find the container package in the all_packages-*-7.1rc4.zip file but not for SMIPS ?
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Oct 18, 2021 4:18 pm

is it on purpose, that there is no container package for SMIPS architecture or was it just forgotten?
on all architectures i can find the container package in the all_packages-*-7.1rc4.zip file but not for SMIPS ?
There is no SMIPS device with enough RAM to allow the use of Docker containers...
 
zandhaas
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Tue Dec 11, 2018 11:02 pm
Location: The Netherlands

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Oct 19, 2021 4:41 pm

Hey,
tried to run pi-hole on CHR getting this
 (445): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)
I saw the same error the first time I tried to start the container.
I checked the amount of memory I gave the CHR (128MB). I changed the amount of memeory to 1GB and after that the container seems to start.

Now I need to find out why I'm not able to connect to the GUI (172.18.0.2/admin).
 
devboi
just joined
Posts: 1
Joined: Tue Oct 19, 2021 8:59 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Oct 19, 2021 9:09 pm

Has anybody been able to get a container virtual interface to sniff network traffic? I have a container running and the application says it's capturing but would love to figure out how to best route traffic to the interface on the CHR.
 
mankomal
Member Candidate
Member Candidate
Posts: 106
Joined: Fri Nov 24, 2006 8:56 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Oct 20, 2021 6:05 am

Hey,
tried to run pi-hole on CHR getting this
 (445): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: shmget: Function not implemented (38)
I saw the same error the first time I tried to start the container.
I checked the amount of memory I gave the CHR (128MB). I changed the amount of memeory to 1GB and after that the container seems to start.

Now I need to find out why I'm not able to connect to the GUI (172.18.0.2/admin).
Thanks mate,
Increasing the RAM to 2GB worked for me, was quite an oversight from my side.
If your IP is routed then it should open on 172.18.0.2 I did not face any such problem,
Check if the lighthttpd service is starting in the logs
 
zandhaas
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Tue Dec 11, 2018 11:02 pm
Location: The Netherlands

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Oct 20, 2021 9:42 am

When I was at home last evening it worked for me also.
 
tobber
just joined
Posts: 3
Joined: Fri Nov 06, 2020 12:29 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Oct 21, 2021 1:20 pm

Enable SysV IPC support. Shared Memory (SHM) is not enabled and (/dev/shm) is missing

Looks like it is not enabled in the kernel:
- kernel not configured for message queues
- kernel not configured for semaphores
- kernel not configured for shared memory

11:54:06 container,info,debug Filesystem Size Used Available Use% Mounted on
11:54:06 container,info,debug ubi1:RouterOS 437.1M 164.9M 267.5M 38% /
11:54:06 container,info,debug tmpfs 64.0M 0 64.0M 0% /dev

Containers using shared memory e.g. Zabbix Proxy can't run as of now. Please enable.

https://docs.docker.com/engine/referenc ... ings---ipc

The Linux kernel default configuration normally enables SysV IPC support. If the SysV IPC is not supported in your Linux kernel, you need to configure your kernel source with the CONFIG_SYSVIPC set to enable SysV IPC facilities. You need to rebuild your kernel after changing the configuration.

The SysV IPC facilities are widely used throughout various Linux applications. For example, some database applications create shared memory segments for data sharing. The Linux kernel dynamically allocates memory for IPC objects whenever a new IPC resource is requested.
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Oct 21, 2021 3:41 pm

But wouldn't most applications have several options for this and possibly autodetect the availability during ./configure?
When you cross-compile an application for another platform you should be careful to check that this process works right, and maybe do something like:
./configure --without-sysv-ipc
 
jult
newbie
Posts: 35
Joined: Sat Dec 26, 2020 1:16 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Oct 22, 2021 6:11 pm

Just an FYI for people running PPC devices, like the RB850Gx2 and similar, the docker sadly is not available for you.. Found that out, crushing my hopes of running pihole on a MT router.
RB4011iGS+5HacQ2HnD / RBMetalG-52SHPacn / RB850Gx2 / CSS106-1G-4P-1S
 
mystichussar
just joined
Posts: 15
Joined: Mon Oct 04, 2021 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Oct 23, 2021 4:26 pm

Hi! Followed guide from 1st post of this thread. After reboot found this in logs:

Image

And this:

Image

Can you please tell me what I am doing wrong?
 
infabo
Member
Member
Posts: 310
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Oct 25, 2021 3:11 pm

you need to create a veth interface. name=veth1 in your case apparently.
 
mystichussar
just joined
Posts: 15
Joined: Mon Oct 04, 2021 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Oct 25, 2021 7:32 pm

@infabo I said I followed guide from the first post, which has the following:
[admin@MikroTik] > /interface/veth/add name=veth1 address=172.17.0.2/16 gateway=172.17.0.1
[admin@MikroTik] > /interface/bridge/add name=docker
[admin@MikroTik] > /ip/address/add address=172.17.0.1/16 interface=docker
[admin@MikroTik] > /interface/bridge/port add bridge=docker interface=veth1
Do I miss smth?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8679
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Oct 26, 2021 7:04 pm

DHCP Client when you didn't create it? Maybe it's something about Internet Detect feature?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
mystichussar
just joined
Posts: 15
Joined: Mon Oct 04, 2021 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Oct 27, 2021 11:17 pm

Did not create dhcp-client by my own. I thing I use the default one. Perhaps you meant dhcp-server - I also use default one. Just changed lease time to one day.
[admin@MikroTik] > /ip/dhcp-server/print 
Columns: NAME, INTERFACE, ADDRESS-POOL, LEASE-TIME
# NAME     INTERFACE  ADDRESS-POOL  LEASE-TIME
0 defconf  bridge     default-dhcp  1d
 
rplant
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Fri Sep 29, 2017 11:42 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Oct 28, 2021 1:06 am

Hi! Followed guide from 1st post of this thread. After reboot found this in logs:
Hi,
If it's a Hap AC^2 (or similar units probably), it breaks the container setup on reboot.

I have a script that completely removes the container, and recreates it.
(Its not perfect, I sometimes have to run it twice)
{
/delay 1
/log info "starting iperf3 server"

/container 
remove [find file=disk1/docker/iperf.tar]

/delay 3
add envlist=iperf file=disk1/docker/iperf.tar root-dir=disk1/docker/iperf hostname=iperf interface=veth1 logging=yes cmd="iperf3 -s"

/delay 3
start  [find file=disk1/docker/iperf.tar]
/delay 3
:local iperfsts [get [find file=disk1/docker/iperf.tar] status]
/log info "iperf3 status: $iperfsts"

}
 
mystichussar
just joined
Posts: 15
Joined: Mon Oct 04, 2021 10:23 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Oct 29, 2021 5:47 pm

Hi!

So it's not just me. It's Hap AC^3.

Thanks for sharing your script.
 
vchrizz
just joined
Posts: 20
Joined: Sun Jul 10, 2016 11:07 am
Location: Austria, Vienna
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Nov 06, 2021 4:37 pm

Hi,

if someone is interested, I built containers for OLSRd V1 and OLSRd V2.
I posted it on the FunkFeuer forum (german).
All containers as also experienced information about it with used commands and scripts to properly start the containers after reboot is also mentioned.

Thanks for this awesome feature in RouterOS!
 
vchrizz
just joined
Posts: 20
Joined: Sun Jul 10, 2016 11:07 am
Location: Austria, Vienna
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Nov 06, 2021 4:48 pm

@jult:
Just an FYI for people running PPC devices, like the RB850Gx2 and similar, the docker sadly is not available for you.. Found that out, crushing my hopes of running pihole on a MT router.
I do not have a PPC device to test but I can not confirm.
The container package is available in 7.1rc4 for PPC too: all_packages-ppc-7.1rc4.zip
It got removed from 7.1rc5 as the changelog states.
 
niammuddin
just joined
Posts: 7
Joined: Sun Aug 26, 2018 2:03 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Nov 21, 2021 2:19 am

how to edit container files? I'm trying to install a web server and want to create a php file and others, but when I edit via FTP and then I save it then I get an error "access denied"
 
biomesh
Member
Member
Posts: 486
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Nov 21, 2021 3:00 am

Either rebuild the image/container or map it to persistent storage on the router.
 
mankomal
Member Candidate
Member Candidate
Posts: 106
Joined: Fri Nov 24, 2006 8:56 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Nov 24, 2021 5:20 pm

Is it me or extra-package has no container.npk in 7.1rc6
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Nov 24, 2021 5:25 pm

Is it me or extra-package has no container.npk in 7.1rc6
Read other messages above. It has been dropped in rc5 and rc6. Hopefully to return later.
 
User avatar
luma
just joined
Posts: 5
Joined: Sun Jul 07, 2019 4:00 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Dec 04, 2021 3:50 pm

and now rc7, still with no sign of the containers.

The good Mikrotik giveth, and the good Mikrotik taketh away...
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 931
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Dec 04, 2021 9:18 pm

To be fair, they probably are focusing on 7.1 stable. This means finishing features already on 6.49.1. And I think it's better this way.

I like the idea of RoS dockers - but it's far better to get a stable release first.
 
User avatar
omidkosari
Trainer
Trainer
Posts: 640
Joined: Fri Sep 01, 2006 4:18 pm
Location: Canada, Toronto

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Dec 06, 2021 1:10 am

Thanks for the amazing new feature. I hope it is not too late to celebrate it.

This feature also emphasizes the lack of x64 OS support with a memory of more than 2GB.
Mikrotik Certified Trainer
 
sirmax
just joined
Posts: 13
Joined: Wed Mar 13, 2013 12:39 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Dec 06, 2021 6:10 pm

Hi!

I just upgraded os up to 7.1 stable and there is no /containers at all
/system/package> /system/routerboard/print
       routerboard: yes
             model: 2011UiAS
     serial-number: 
     firmware-type: ar9344
  factory-firmware: 3.14
  current-firmware: 6.46.4
  upgrade-firmware: 7.1
Any ideas how can I use it?

Also what about CCRs - are container support exists?
for ARM-based boards it should be much simple to build docker images, using RaspberyPi for example
 
kowal
just joined
Posts: 23
Joined: Sun Jul 06, 2014 2:23 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Dec 06, 2021 6:54 pm

What's new in 7.1rc5 (2021-Oct-25 20:15):

!) container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;

If you downgrade to 7.1rc4 you still musi install container package from "extra packages"
 
alibloke
just joined
Posts: 11
Joined: Fri Jun 03, 2016 12:13 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Dec 24, 2021 1:32 am

It's been quite some time since 7.1rc4, has Docker support been dumped?
 
schoudhry
just joined
Posts: 4
Joined: Wed Oct 14, 2020 2:42 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Dec 25, 2021 6:29 pm

Hello! Tried pihole and iperf on my ac3 with external usb flash. Both stuck on "extracting". Any ideas?
Tried to create .tar in Linux invironment (instead of windows 10) and everything works!
That solved my problem being stuck on "extracting". Mikrotik instructions are not really good
 
dandrzejewski
newbie
Posts: 35
Joined: Fri Oct 09, 2015 5:39 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Dec 26, 2021 3:52 am

Will docker be in a future release?
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25275
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Dec 26, 2021 9:43 am

We will re-release container package soon. We wanted to improve security of the package, and make sure it does not have access to things it should not access. We will sandbox it more, re-evaluate all security aspects and will release it soon, when it is ready and completely secure.
No answer to your question? How to write posts
 
sirmax
just joined
Posts: 13
Joined: Wed Mar 13, 2013 12:39 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Dec 27, 2021 1:06 pm

Hi!

Just before starting, need to understand all steps.

Before asking questions, let me explain how the network in docker works (simplest case)

In Linux you always should configure 2 points - veth0 and veth1, for example. So it creates a "virtual patch-cord", and after it is created you can place one end of this "patch-cord" into the network namespace, and do what you need.

Here is simple Linux example
ip  link add  dev <FIRST_END_OF_THE_VIRTUAL_PATCH_CORD> \
 type veth \
 peer name <SECOND_END_OF_THE_VIRTUAL_PATCH_CORD> 

So after this command is executed you'll have 2 interfaces:
<FIRST_END_OF_THE_VIRTUAL_PATCH_CORD>
and
<SECOND_END_OF_THE_VIRTUAL_PATCH_CORD>

and you can place one into a network namespace:
ip link set dev <SECOND_END_OF_THE_VIRTUAL_PATCH_CORD>  netns <MY_NETWORK_NAMESAPCES>
Docker/k8s on Linux do exactly the same!

So you can see eth0 in docker which is another end of virtual patch-cord

Example
- Run any container
- enter container's network namespace with command "nsenter -t <PID> -t" and check interfaces

PID here is the process ID of the process running inside the container (in my example below it is sshd)
(I build a container that runs sshd in an endless loop in order to be able to change config and restart sshd without container restart, it is not the best practice but good for testing)
ps -auxfw | grep sshd
root      2177  0.0  0.0   1496   384 ?        Ss   11:44   0:00      \_ /bin/sh -c mkdir -p /run/sshd && while true; do /usr/sbin/sshd -D; sleep 10; done
root      2282  0.0  0.5   9216  4840 ?        S    11:44   0:00          \_ sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
PID here is 2177

go to container's network namespace:
nsenter  -t 2177 -n
Check interfaces:
ip -o link show
22: eth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
    link/ether 02:42:ac:11:00:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0
Find peer's ifindex:
ethtool -S eth0
NIC statistics:
     peer_ifindex: 23
So we can see - peer index is 23 (and ifindex for eth0 inside container is 22)

Outside the container, you can see:
ip -o link
23: vethd6fa430@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default \    link/ether 9a:5e:37:b4:48:83 brd ff:ff:ff:ff:ff:ff link-netnsid 1
And find peer's ifindex:
ethtool -S vethd6fa430
NIC statistics:
     peer_ifindex: 22
So now we exactly know - eth0 (ifindex is 22) in container is connected to vethd6fa430 (ifindex is 23)

Next, docker daemon adds veth interface (in the system, not in the container) into the bridge
brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.0242006ddc40	no		vethd6fa430
Check IP addresses:
 ip a s dev docker0
7: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:00:6d:dc:40 brd ff:ff:ff:ff:ff:ff
    inet 172.17.42.1/16 brd 172.17.255.255 scope global docker0
And inside container default route points on bridge's IP : 172.17.42.1
# ip a s
22: eth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    inet 172.17.0.1/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
Check routing settings:
ip route
default via 172.17.42.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.1
The last question is: how ip address comes to the container? There is DHCP requests on docker0 interface, but container image may be built w/o dhcp client, so I guess IP is configured by docker daemon

Now let's go back to Mikrotik

Docs reccomends to do
/interface/veth/add name=veth1 address=172.17.0.2/16 gateway=172.17.0.1
It creates a virtual eth interface but I do not understand how it works
- what is the gateway here?
- what is address here?
- why do we need ip address on SLAVE interface (member of the bridge docker)?


Create a bridge for containers and add veth to it
/interface/bridge/add name=docker
/ip/address/add address=172.17.0.1/16 interface=docker
/interface/bridge/port add bridge=docker interface=veth1
And, the last question is how to assign static addresses inside containers (one of the 172.17.0.0/16 network but predictable)?

I am not able to "map" Mikrotik commands to Linux commands.
 
sirmax
just joined
Posts: 13
Joined: Wed Mar 13, 2013 12:39 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Dec 27, 2021 3:19 pm

Also do not see how to remove container files

After container is created , storage 2df45158-b892-4e06-af32-9ed00c0a1b9a is created and when container removed, I was not delete it

The workaround is router reboot - container storage was deleted after reboot

Some details:
[sirmax@RB4011iGS+5HacQ2HnD] /file> print detail
 0 name="console-dump.txt" type=".txt file" size=471 creation-time=dec/25/2021 18:01:51 contents=
...
 1 name="ubuntu-ssh-2.tar" type=".tar file" size=159.5MiB creation-time=dec/27/2021 14:22:21
 2 name="2df45158-b892-4e06-af32-9ed00c0a1b9a" type="container store" creation-time=dec/27/2021 14:31:30

[sirmax@RB4011iGS+5HacQ2HnD] /file> remove 2
action failed (6)
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 642
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Dec 27, 2021 5:32 pm

I am not able to "map" Mikrotik commands to Linux commands.
The preview does work when I test this a while back, but I think they know there were missing holes and significant limitation in original support.

Totally get trying to plan/test stuff BEFORE containers in anticipation of an eventual release. But it's hard to predict what and when containers come out again, but I do suspect it will be significantly different. If I was a betting man, I'm not sure you'd initially see complex network topology allowed directly in containers – rather, the interface be routable/bridgeable by the rest of Mikrotik's functions. Idea of course is the Mikrotik is a router, so NFV is likely what they're targeting, not being full-service, general container host.

If I was PLANNING a deployment, Mikrotik may simply not be able to run just any Docker/etc installer, for a variety of reasons. But if you do have something running in v7.1rc4, even if there are bug in disks, limits on networks, etc, you'd likely be pretty well set for containers when they come out.

For example, this poster reports that interprocess communications using SysV IPC conventions isn't supported - didn't test it myself, but believe him that yeah a few containers might not like some of Mikrotik's kernel choices:
Enable SysV IPC support. Shared Memory (SHM) is not enabled and (/dev/shm) is missing
Looks like it is not enabled in the kernel: [...]


This would be enabled on a "regular Linux", but perhaps not on a Mikrotik since they likely don't need it for routing/etc (e.g. Mikrotik seems more BSD sockets and signals, than AT&T UNIX IPC people). While this poster suggests "turn this on" – it's just not that simple since it might compromise something else on a RouterOS. I suspect there are other things like that may come up on why a specific container cannot run on a Mikrotik.

Totally all for containers, just seem early to be planning for deployment (starting testing I can see, but likely better when they re-release it)
 
PackElend
Member Candidate
Member Candidate
Posts: 235
Joined: Tue Sep 29, 2020 6:05 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Dec 27, 2021 10:50 pm

We will re-release container package soon. We wanted to improve security of the package, and make sure it does not have access to things it should not access. We will sandbox it more, re-evaluate all security aspects and will release it soon, when it is ready and completely secure.
will this be part of v7.2?
 
sirmax
just joined
Posts: 13
Joined: Wed Mar 13, 2013 12:39 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Dec 28, 2021 9:25 pm

Finally I got container up and running on RB4011

Steps to reproduce:

Do docker pull ubuntu:focal on ARM (not ARM64!!!) host. My system is RaspberryPi

# uname -a
Linux raspberrypi-dcc 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux
# lsb_release -a
No LSB modules are available.
Distributor ID:	Raspbian
Description:	Raspbian GNU/Linux 9.8 (stretch)
Release:	9.8
Codename:	stretch


Because of a bug in docker, I was not able to use docker build command so I started the container --privileged , do docker exec, and install sshd in it.
Also changed root password and allowed root login via ssh and login using password. (apt update do not work because blocked by security if container is not privileged and docker build has no --privileged option. Hope it is fixed on new systems, my one is pretty old)

After that I saved image using docker commit command

Next, I created a simple Dockerfile in order to add CMD:
FROM ubuntu-ssh-base:1

CMD while true; do /usr/sbin/sshd -D -e -ddd ; sleep 10; done
ubuntu-ssh-base:1 here is the name of the image I saved with docker commit

and run

docker build . -t ubuntu-ssh:1
docker image ls
REPOSITORY                 TAG                                   IMAGE ID            CREATED             SIZE
ubuntu-ssh                 1                                     4eea6dba0384        28 hours ago        157MB
ubuntu-ssh-base            1                                     fe2990098441        30 hours ago        157MB
...
As result, you'll have image ubuntu-ssh :1

Save image to file:
docker save 4eea6dba0384> ubuntu-ssh-1.tar,
and upload it to router:

scp ubuntu-ssh-1.tar sirmax@192.168.1.22

(Please test in on linux before uploading to the router - just to know it works!)

On router:
(do not want /16 network for docker, another part is like example)


/interface/veth/add name=veth1 address=172.17.0.2/29 gateway=172.17.0.1
/interface/bridge/add name=docker
/ip/address/add address=172.17.0.1/29 interface=docker

/container/add file=ubuntu-ssh-1.tar interface=veth1  hostname=ubuntu1 workdir=/ubuntu logging=yes
Re-check:

/container/export
# dec/28/2021 21:03:49 by RouterOS 7.1rc4
/container
add file=ubuntu-ssh-1.tar hostname=ubuntu1 interface=veth1 logging=yes

And finally /container start 0



Now I'm able to log in via ssh to host 172.17.0.2 (it is a routed network)

What I found:

Kernel:

root@ubuntu1:/# uname -a
Linux ubuntu1 5.6.3 #15 SMP Mon Sep 20 07:31:39 UTC 2021 armv7l armv7l armv7l GNU/Linux
Cmd line

root@ubuntu1:/# cat /proc/cmdline
root=/dev/ram0 ubifs_support console=ttyS0,115200 benand_no_swecc=2 parts=1 boot_part_size=6291456 board=4011 Board=4011 board_rev=r2 ver=6.47.9 bver=6.47.9 hw_opt=00790002 boot=1 mlc=11

Modules


root@ubuntu1:/# cat /proc/modules
traffic_gen 24576 0 - Live 0x7f497000
al_crypto 90112 0 - Live 0x7f47b000
des_generic 16384 0 - Live 0x7f476000
libdes 24576 2 al_crypto,des_generic, Live 0x7f46f000
a9300_pci 16384 0 - Live 0x7f425000
sch_sfq 16384 4 - Live 0x7f298000
a9300 315392 1 a9300_pci, Live 0x7fbe7000
pcie_qcom 28672 0 - Live 0x7f467000
veth 24576 0 - Live 0x7f45c000
8021q 24576 1 - Live 0x7f455000
ipt_SAME 16384 0 - Live 0x7f450000
xt_NETMAP 16384 0 - Live 0x7f44b000
xt_REDIRECT 16384 0 - Live 0x7f446000
xt_MASQUERADE 16384 1 - Live 0x7f441000
xt_nat 16384 0 - Live 0x7f43c000
iptable_nat 16384 1 - Live 0x7f437000
ipt_TARPIT 16384 0 - Live 0x7f3db000
ipt_REJECT 16384 0 - Live 0x7f42f000
nf_reject_ipv4 16384 1 ipt_REJECT, Live 0x7f42a000
oprofile 28672 0 - Live 0x7f41d000
iptable_filter 16384 1 - Live 0x7f415000
nf_defrag_ipv4 16384 0 - Live 0x7f40d000
ipt_psd 16384 0 - Live 0x7f405000
ip_tables 24576 2 iptable_nat,iptable_filter, Live 0x7f3fb000
ipt_snif 16384 0 - Live 0x7f3f3000
snif 16384 1 ipt_snif, Live 0x7f3eb000
ipt_ulog 16384 0 - Live 0x7f3e3000
xt_tls 16384 0 - Live 0x7f3d3000
xt_layer7 20480 0 - Live 0x7f3ca000
xt_HL 16384 0 - Live 0x7f3c2000
xt_DSCP 16384 0 - Live 0x7f3ba000
xt_TCPMSS 16384 0 - Live 0x7f3b2000
xt_CT 16384 0 - Live 0x7f3aa000
xt_policy 16384 3 - Live 0x7f3a2000
xt_addrtype 16384 0 - Live 0x7f39a000
xt_hl 16384 0 - Live 0x7f392000
xt_realm 16384 0 - Live 0x7f38a000
xt_physdev 16384 0 - Live 0x7f382000
xt_length 16384 0 - Live 0x7f37a000
xt_connbytes 16384 0 - Live 0x7f372000
xt_helper 16384 0 - Live 0x7f36a000
xt_tcpmss 16384 0 - Live 0x7f362000
xt_dscp 16384 0 - Live 0x7f35a000
xt_hashlimit 20480 0 - Live 0x7f351000
xt_statistic 16384 0 - Live 0x7f349000
xt_string 16384 0 - Live 0x7f341000
xt_connmark 16384 0 - Live 0x7f339000
xt_conntrack 16384 5 - Live 0x7f331000
xt_multiport 16384 1 - Live 0x7f329000
xt_mark 16384 0 - Live 0x7f324000
xt_mac 16384 0 - Live 0x7f31f000
xt_tcpudp 16384 0 - Live 0x7f31a000
ts_kmp 16384 0 - Live 0x7f262000
xt_misc 20480 4 - Live 0x7f304000
x_tables 24576 38 ipt_SAME,xt_NETMAP,xt_REDIRECT,xt_MASQUERADE,xt_nat,ipt_TARPIT,ipt_REJECT,iptable_filter,ipt_psd,ip_tables,ipt_snif,ipt_ulog,xt_tls,xt_layer7,xt_HL,xt_DSCP,xt_TCPMSS,xt_CT,xt_policy,xt_addrtype,xt_hl,xt_realm,xt_physdev,xt_length,xt_connbytes,xt_helper,xt_tcpmss,xt_dscp,xt_hashlimit,xt_statistic,xt_string,xt_connmark,xt_conntrack,xt_multiport,xt_mark,xt_mac,xt_tcpudp,xt_misc, Live 0x7f2f9000
nf_nat_pptp 16384 0 - Live 0x7f2f1000
nf_conntrack_pptp 16384 1 nf_nat_pptp, Live 0x7f2e9000
nf_nat_sip 20480 0 - Live 0x7f2e0000
nf_conntrack_sip 28672 1 nf_nat_sip, Live 0x7f2d5000
nf_nat_h323 16384 0 - Live 0x7f2cd000
nf_conntrack_h323 45056 1 nf_nat_h323, Live 0x7f2be000
nf_nat_irc 16384 0 - Live 0x7f2b6000
nf_conntrack_irc 16384 1 nf_nat_irc, Live 0x7f2ae000
nf_nat_tftp 16384 0 - Live 0x7f2a6000
nf_conntrack_tftp 16384 1 nf_nat_tftp, Live 0x7f270000
nf_nat_ftp 16384 0 - Live 0x7f26b000
nf_conntrack_ftp 16384 1 nf_nat_ftp, Live 0x7f183000
nf_conntrack_ipv4 16384 0 - Live 0x7f29e000
qca9984_pci 77824 0 - Live 0x7f284000
nf_nat 36864 12 ipt_SAME,xt_NETMAP,xt_REDIRECT,xt_MASQUERADE,xt_nat,iptable_nat,nf_nat_pptp,nf_nat_sip,nf_nat_h323,nf_nat_irc,nf_nat_tftp,nf_nat_ftp, Live 0x7f276000
ath 143360 2 a9300,qca9984_pci,[permanent], Live 0x7f23e000
nf_conntrack_netlink 36864 0 - Live 0x7f234000
nfnetlink 16384 1 nf_conntrack_netlink, Live 0x7f17e000
rb 16384 1 - Live 0x7f22f000
vrf 20480 0 [permanent], Live 0x7f229000
ts 20480 1 - Live 0x7f223000
ticker 16384 1 - Live 0x7f18a000
al 53248 0 - Live 0x7f215000
rtl8367 24576 0 - Live 0x7f313000
stm8_fan 24576 0 - Live 0x7f30c000
prestera_dx_mac 466944 0 - Live 0x7f1a2000
poe_simple 16384 2 - Live 0x7f0e1000
ledgroup 16384 0 - Live 0x7f19d000
af_key 32768 0 - Live 0x7f190000
wlan 360448 6 a9300,qca9984_pci,ath, Live 0x7f125000
xfrm_user 28672 0 - Live 0x7f11d000
capsmanglue 12288 1 wlan, Live 0x7f01f000
btest 24576 0 - Live 0x7f116000
xfrm_algo 16384 2 af_key,xfrm_user, Live 0x7f0cd000
ulog 16384 2 ipt_ulog, Live 0x7f09f000
bridge2 131072 1 prestera_dx_mac, Live 0x7f0f5000
switch 57344 4 al,rtl8367,prestera_dx_mac,bridge2, Live 0x7f0e6000
phy_helper 45056 4 al,rtl8367,prestera_dx_mac,switch, Live 0x7f0d5000
packet_hook 131072 18 traffic_gen,xt_layer7,xt_misc,ath,al,prestera_dx_mac,wlan,bridge2,switch, Live 0x7f0ac000
tunnel6 16384 1 packet_hook, Live 0x7f0a7000
nf_conntrack 94208 26 xt_NETMAP,xt_REDIRECT,xt_MASQUERADE,xt_nat,xt_CT,xt_connbytes,xt_helper,xt_connmark,xt_conntrack,xt_misc,nf_nat_pptp,nf_conntrack_pptp,nf_nat_sip,nf_conntrack_sip,nf_nat_h323,nf_conntrack_h323,nf_nat_irc,nf_conntrack_irc,nf_nat_tftp,nf_conntrack_tftp,nf_nat_ftp,nf_conntrack_ftp,nf_conntrack_ipv4,nf_nat,nf_conntrack_netlink,packet_hook, Live 0x7f087000
jiffies 16384 44 - Live 0x7f082000
ipv6 319488 56 vrf,bridge2,packet_hook,[permanent], Live 0x7f033000
nf_defrag_ipv6 16384 2 nf_conntrack,ipv6, Live 0x7f02e000
logring 32768 136 - Live 0x7f023000
unix 32768 227 - Live 0x7f016000
panics 16384 0 - Live 0x7f00e000
flash 40960 10 a9300,qca9984_pci,rb,ts,al,stm8_fan,prestera_dx_mac,poe_simple,phy_helper,panics, Live 0x7f000000




Known issues and workarounds:


1 - I recreated container few times and only first creation really untar file (checked disk usage with /system/resource/print)
Workaround: changed workdir and container name (from ubuntu --> ubuntu1)

2 - /file/print sees files during untar:

/file/print
 # NAME                                                                                                                            TYPE                                                                                                                                 SIZE CREATION-TIME
 0 console-dump.txt                                                                                                                .txt file                                                                                                                             471 dec/25/2021 18:01:51
 1 autosupout.old.rif                                                                                                              .rif file                                                                                                                        287.3KiB dec/28/2021 19:55:24
 2 ubuntu-ssh-1.tar                                                                                                                .tar file                                                                                                                        158.5MiB dec/28/2021 20:17:33
 3 2df45158-b892-4e06-af32-9ed00c0a1b9a                                                                                            container store                                                                                                                           dec/28/2021 20:19:58
 4 autosupout.rif                                                                                                                  .rif file                                                                                                                        360.4KiB dec/28/2021 20:20:17
 5 e4ed5448-a0aa-4cad-b1ee-95babd14d70f                                                                                            directory                                                                                                                                 dec/28/2021 20:20:30
 6 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/boot                                                                                       directory                                                                                                                                 apr/15/2020 13:09:51
 7 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/dev                                                                                        directory                                                                                                                                 sep/21/2021 19:13:02
 8 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc                                                                                        directory                                                                                                                                 dec/28/2021 20:20:30
 9 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/adduser.conf                                                                           .conf file                                                                                                                           3028 sep/21/2021 18:53:34
10 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/alternatives                                                                           directory                                                                                                                                 dec/28/2021 20:20:30
11 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/alternatives/README                                                                    file                                                                                                                                  100 mar/23/2020 08:12:54
12 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/apt                                                                                    directory                                                                                                                                 dec/28/2021 20:20:30
13 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/apt/apt.conf.d                                                                         directory                                                                                                                                 dec/28/2021 20:20:30
14 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/apt/apt.conf.d/01-vendor-ubuntu                                                        .d/01-vendor-ubuntu file                                                                                                               92 apr/09/2020 12:21:07
15 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/apt/apt.conf.d/01autoremove                                                            .d/01autoremove file                                                                                                                  630 apr/09/2020 12:21:07
16 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/apt/apt.conf.d/01autoremove-kernels                                                    .d/01autoremove-kernels file                                                                                                          623 sep/21/2021 18:53:36
17 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/apt/apt.conf.d/70debconf                                                               .d/70debconf file                                                                                                                     182 aug/03/2019 12:51:13
18 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/apt/apt.conf.d/docker-autoremove-suggests                                              .d/docker-autoremove-suggests file                                                                                                     44 sep/21/2021 19:12:58
19 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/apt/apt.conf.d/docker-clean                                                            .d/docker-clean file                                                                                                                  318 sep/21/2021 19:12:58
20 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/apt/apt.conf.d/docker-gzip-indexes                                                     .d/docker-gzip-indexes file                                                                                                            70 sep/21/2021 19:12:58
21 e4ed5448-a0aa-4cad-b1ee-95babd14d70f/etc/apt/apt.conf.d/docker-no-languages                                                     .d/docker-no-languages file                                                                                                            27 sep/21/2021 19:12:58
 
sirmax
just joined
Posts: 13
Joined: Wed Mar 13, 2013 12:39 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Dec 28, 2021 9:34 pm

It would be great to run PRIVILEGED container and do insmod :) with own module

Or join RB as k8s worker node :)
 
usovalx5
newbie
Posts: 27
Joined: Sun Mar 15, 2020 8:06 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Dec 30, 2021 8:48 pm

Am I missing something, because I can't see `container.npk` in extra packages for 7.1.1 nor for 7.2rc1?
Was it removed for now?
 
PackElend
Member Candidate
Member Candidate
Posts: 235
Joined: Tue Sep 29, 2020 6:05 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Dec 30, 2021 9:05 pm

Am I missing something, because I can't see `container.npk` in extra packages for 7.1.1 nor for 7.2rc1?
Was it removed for now?
see viewtopic.php?p=901582#p900434
 
bd0g
just joined
Posts: 12
Joined: Tue May 23, 2017 11:54 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Jan 11, 2022 12:00 pm

We will re-release container package soon. We wanted to improve security of the package, and make sure it does not have access to things it should not access. We will sandbox it more, re-evaluate all security aspects and will release it soon, when it is ready and completely secure.
Hello,

I just want'd to try out the container when i saw this.
I did it anyway on the 7.1rc3 and noticed something strange.

Does the veth network range must be only 172.17.0.0/16 to get container to work? i tried 172.172.0.0/16 and got nowhere. issue is that for people having docker on their computer that make the container ip range not accessible on mikrotik devices. And if you want container on two mikrotik devices you get the same issue.

Thanks for any details on that part
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Jan 11, 2022 12:28 pm

Probably in most applications of a docker container running on the router, there will be dstnat/srcnat rules to translate between the address used on the local network and this docker subnet.
(of course it is not really required, but it seems that many home network admins feel uncomfortable with the concept of routing and solve everything using NAT)

Still, it would of course be best when the subnet can be configured arbitrarily. It would be a bad idea to set it to 172.172.0.0/16 but there are lots of other addresses that could be used (in one of the reserved ranges for local addresses).
 
dksoft
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Jan 11, 2022 1:33 pm

Does the veth network range must be only 172.17.0.0/16 to get container to work?
You can use any address but you must remove and re-create the container after you changed any configuration including network configuration.
Setup: Dt. Telekom FTTH + Dt. Glasfaser FTTH, CCR2116, CRS317, CRS328-24P-4S+RM, WAP AC XL. MCTNA
 
sirmax
just joined
Posts: 13
Joined: Wed Mar 13, 2013 12:39 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jan 13, 2022 11:33 pm

/16 in example is just example
It can be any routed subnet in your network or you can use nat (I do not recommend, if you do not exactly know why do you need it, it but up to you )
 
philipp
just joined
Posts: 4
Joined: Tue Feb 01, 2022 1:21 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Feb 01, 2022 1:29 am

Hi @normis,
Curious if 7.1.1 or the release candidates for 7.2 include / will include Docker support again? Or if you guys had a specific release where it may be included again?

I guess I'm also wondering what the restrictions may be, for example if a program inside Docker could send AT commands to a cellular modem in the router? I'm essentially trying to measure WAN / cellular link quality and publish the findings over a UDP socket. Curious if that will be possible for my program inside Docker?

Best,
Philipp
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Feb 01, 2022 2:53 pm

Of course a container can talk to the RouterOS on the host router, and that can talk to serial ports. So it should be possible to arrange that, even without any support in Docker containers to access serial ports.
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 642
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Feb 01, 2022 4:00 pm

I guess I'm also wondering what the restrictions may be, for example if a program inside Docker could send AT commands to a cellular modem in the router? I'm essentially trying to measure WAN / cellular link quality and publish the findings over a UDP socket. Curious if that will be possible for my program inside Docker?
Of course a container can talk to the RouterOS on the host router, and that can talk to serial ports. So it should be possible to arrange that, even without any support in Docker containers to access serial ports.
Not dismissing containers, but existing scripting language can do what you want without spinning up a container. And, while possible to arrange serial data in a container, not sure you'd be see the actual serial ports in docker. But you can redirect any RS232 serial from Mikrotik to container via /ports/remote-access so that be option, once containers are re-introduced.

If read LTE data using AT commands is your need, at-chat should get whatever you'd need.
:global lteatdata [/interface/lte/at-chat [find] input="ATI" once as-value]  
We use that data in /tool/fetch in a script scheduled by /system/scheduler to store the data in AWS. In V7, the IoT package supports MQTT, so the CQI, RSRQ, or whatever AT modem data can easily go to Timeseries, DynamoDB, or whatever in AWS. But you can also use MQTT to an OSS MQTT broker on the host you want processing your cell data to avoid needing Amazon or the like. We haven't used MQTT in production, but seems to work fine for transporting LTE/5G/cell metrics from a Mikrotik, without containers.
 
philipp
just joined
Posts: 4
Joined: Tue Feb 01, 2022 1:21 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Feb 01, 2022 4:13 pm

Thanks, pe1chl / Amm0. Mikrotik & RouterOS newbie here ;)
I have both modems publish debug logs ("QXDM") on /dev/ttyUSB0 to get more fine-grained LTE packet information. Those are commonly then parsed with a QXDM tool (like QCAT), or similar. I'd essentially want grab these messages (for both modems in my RBM33G), and filter & publish to a single client connected to an Ethernet port (further processing there).
Curious if that has been realized (or should be possible), with / without Docker support.

Thanks again!
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 642
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Feb 01, 2022 4:38 pm

Thanks, pe1chl / Amm0. Mikrotik & RouterOS newbie here ;)
I have both modems publish debug logs ("QXDM") on /dev/ttyUSB0 to get more fine-grained LTE packet information. Those are commonly then parsed with a QXDM tool (like QCAT), or similar. I'd essentially want grab these messages (for both modems in my RBM33G), and filter & publish to a single client connected to an Ethernet port (further processing there).
Someone ask about Quectel LTE debug in another thread, see viewtopic.php?t=181474&hilit=ports+qualcomm#p906146

Maybe you have some low level needs, but I'd have to imagine there is an AT command to get most data. If you looking at packet data, you can use /tool/sniffer on the LTE interface in "streaming" mode then decode TZSP with LTE packets on remote wireshark/etc. Now it be fascinating to know how well correlated Mikrotik's packet traces are with QXDM packets traces, specifically the timing and framing – but that doesn't sound easy.

You might want to start a new topic with more detail, this thread isn't the best place for a QXDM discussion. Pretty sure containers aren't going to help too much with getting/using QXDM.
 
philipp
just joined
Posts: 4
Joined: Tue Feb 01, 2022 1:21 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Feb 01, 2022 4:44 pm

Thanks, Amm0, much appreciate these pointers.
 
BitHaulers
newbie
Posts: 37
Joined: Thu Jun 21, 2018 11:23 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Feb 01, 2022 9:42 pm

Thanks, pe1chl / Amm0. Mikrotik & RouterOS newbie here ;)
I have both modems publish debug logs ("QXDM") on /dev/ttyUSB0 to get more fine-grained LTE packet information. Those are commonly then parsed with a QXDM tool (like QCAT), or similar. I'd essentially want grab these messages (for both modems in my RBM33G), and filter & publish to a single client connected to an Ethernet port (further processing there).
Curious if that has been realized (or should be possible), with / without Docker support.

Thanks again!
That was me in the other thread. There's an aggregation bug on the EM160 only on AT&T that I'm trying to hunt down for Quectel. I use their QLogger app to grab the data over ethernet with the DM port exposed in 7.2rc1 and after. This puts QXDM files to disk. So I don't think you need docker support for what you want to do. Now, I want docker support to come back for a completely different use case, but it does involve LTE stuff.
 
philipp
just joined
Posts: 4
Joined: Tue Feb 01, 2022 1:21 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Feb 01, 2022 9:55 pm

Thanks BitHaulers. Really great (and timely) to see this possible from 7.2rc* on.
Philipp
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 642
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Feb 01, 2022 10:19 pm

Curious if that has been realized (or should be possible), with / without Docker support.
Now, I want docker support to come back for a completely different use case, but it does involve LTE stuff.
Same here.

But it's fair enough that serial redirection directly to a future containers support probably have some IoT use cases. But in the last container release, the docker shell wasn't available... so that seemed like a long wait for what is possible today with serial-over-ethernet. Which likely the least difficult part of any problem where QXDM be useful ;)

But rather see my container request for a MetaROUTER replacement before serial ports in containers ;)
Well, this is essentially how it all started on old MikroTik models that offered "MetaROUTER" where you could run either RouterOS or another image.
This fell out of attention as later architectures do not offer it, and the current Docker support is more or less a successor of that.
 
phitastic
just joined
Posts: 1
Joined: Thu Oct 07, 2021 8:27 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Feb 02, 2022 10:36 pm

Super interesting ;) The redirection of the QXDM logs to a Docker container (in my mind) basically boils down to running a lightweight parser / filter on those messages, before publishing them from the router to attached (ethernet) clients onward. E.g., maybe there are only specific events that need forwarding (that is the case in my scenario..). I'll open up a separate thread once I get to the implementation bits... just wanted to make sure that this path (modem serial forward to Docker container, running parsing there, followed by publishing processed findings) is actually possible before I put deeper thought into it.
Best!
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Sun Mar 31, 2013 6:02 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Feb 07, 2022 3:12 pm

Any news about Container function? I would like to add Pihole directly to Mikrotik, because now i have to run 2 RPIs for that because one of them tends to fail from time to time and i don't wan't to use public DNS servers as backup in Mikrotik because then from time to time, some ads get through.
 
nin
newbie
Posts: 25
Joined: Sat Feb 20, 2010 9:02 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Feb 15, 2022 9:19 pm

container.npk *bump*
 
s3uz
just joined
Posts: 4
Joined: Thu Dec 30, 2021 1:40 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Mar 03, 2022 6:50 pm

looking forward for container.npk
 
SSadistic
just joined
Posts: 21
Joined: Mon Jun 17, 2019 1:28 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Mar 09, 2022 2:40 pm

looking forward for container.npk
One more.. looking for that option to run tvheadend.
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Wed Mar 09, 2022 2:44 pm

I know its becoming spam at this point, so I apologize. I know mikrotik said they're redesigning container, understandably that'll take time. Meanwhile maybe can they include the previous container implementation in 7.2rc testing branch, its testing branch after all.
 
belanger
just joined
Posts: 6
Joined: Sat Feb 19, 2022 5:03 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Mar 11, 2022 10:12 pm

I originally placed my order for a RB5009UG based on the fact containers were in beta and be in the final 7.1 release. I'm not happy to hear it will take a long time. I can't sell yet my old NAS to pay for the new hardware, I now regret my purchase. If I knew, I would have waited instead of being short.

@mikrotik - is there an ETA?
 
gittubaba
newbie
Posts: 30
Joined: Thu May 31, 2018 5:55 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Mar 11, 2022 10:42 pm

I originally placed my order for a RB5009UG based on the fact containers were in beta and be in the final 7.1 release. I'm not happy to hear it will take a long time. I can't sell yet my old NAS to pay for the new hardware, I now regret my purchase. If I knew, I would have waited instead of being short.

@mikrotik - is there an ETA?
I'm also kinda in the same boat. I purchased RB5009 hoping to play around with containers. (no over ambitious plans like NAS thou :P ). A probable good news is maybe it won't be long before container comes back. Just noticed that I got this reply in the other thread.

Image
 
hawkn
just joined
Posts: 4
Joined: Fri Dec 23, 2016 8:43 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Mar 13, 2022 1:18 am

I really hope containers is served soon.
I also have a rb5009 that longs for container support.

I donated my Rpi4 because i had big hopes of runing pihole as a docker on my new purchase......
Before I got it container support was gone.....BIG setback there.

When container support is back, I'm also gonna kick out my old cisco 3702 AP-s and roll in some cAP AC :)
 
User avatar
LogicalNZ
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Sat Oct 19, 2013 6:35 am
Location: New Zealand
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Apr 01, 2022 3:07 am

Why can I not see the Container or Docker npk in any of the downloads? (even in the extra packages). I have checked both 7.1.5 and 7.2 Extra packages but it does not seem to be there. What am I doing wrong?
 
Sob
Forum Guru
Forum Guru
Posts: 8968
Joined: Mon Apr 20, 2009 9:11 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Apr 01, 2022 3:48 am

Because it was removed (in order to improve it, fix it, whatever) and not added back yet. And answer to your next question is "when it's ready", only MikroTik knows more, but they are not telling.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
Jaggl
just joined
Posts: 24
Joined: Mon Aug 27, 2012 3:00 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Apr 04, 2022 3:31 pm

has someone tried to get Snort or Suricata working?
 
s3uz
just joined
Posts: 4
Joined: Thu Dec 30, 2021 1:40 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sun Apr 17, 2022 2:39 am

Kindly ask to add container support for 5009
 
shavenne
just joined
Posts: 15
Joined: Wed Dec 11, 2019 4:27 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Mon Apr 25, 2022 9:55 pm

Is there any hint when it does come back? I hope it is even planned to bring it back!?
Having it on my RB5009 would be just so frickin' amazing.
 
moutazsalem
just joined
Posts: 3
Joined: Sat Mar 26, 2022 4:33 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Apr 26, 2022 4:24 am

5009 support please :)
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25275
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Apr 26, 2022 8:46 am

We are still working on container support, it will return :)
No answer to your question? How to write posts
 
fritzme
newbie
Posts: 48
Joined: Thu Oct 31, 2019 6:10 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Apr 26, 2022 12:11 pm

We are still working on container support, it will return :)
this year ?! :D
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 8943
Joined: Tue Feb 25, 2014 12:49 pm
Location: 🇮🇹, my 💔 is in 🇺🇦

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue Apr 26, 2022 12:43 pm

Let them work in peace, I prefer an almost finished product, rather something that comes out too quickly because pressure is put on.
✂ Rextended Fragments of Snippets

Vld4UmVHUkdhelJUTTJzOQ==
 
User avatar
cfikes
newbie
Posts: 46
Joined: Mon Dec 08, 2014 9:14 pm
Location: Texas
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Tue May 03, 2022 1:09 am

We are still working on container support, it will return :)
Thanks! This is one of the most exciting features for me as a systems integrator. The possibilities are endless with the powerful CPU and ram it has. Think of a RB5009 with a VoIP system, Samba AD controller and the like. How awesome!
-- Christopher Fikes
 
aetherbit
just joined
Posts: 1
Joined: Thu Aug 26, 2021 11:02 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu May 12, 2022 12:38 am

We are still working on container support, it will return :)
Super excited to hear this, thanks Normis! Enjoying the RB5009 and YouTube vids :)
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25275
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu May 12, 2022 8:22 am

We added a much easier way to install containers, similar to docker pull. It will be worth the wait
No answer to your question? How to write posts
 
mafiosa
Member Candidate
Member Candidate
Posts: 258
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu May 12, 2022 9:24 am

We added a much easier way to install containers, similar to docker pull. It will be worth the wait
Any ETA?
Running Bugtik v7.7 beta6 on RB3011-UiAS-RM, HAP AC^2 & RB5009, VyOS 1.3.2 on Proxmox VE 7.2-14
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25275
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu May 12, 2022 9:25 am

Hopefully 7.3
No answer to your question? How to write posts
 
mafiosa
Member Candidate
Member Candidate
Posts: 258
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu May 12, 2022 10:34 am

Hopefully 7.3
maybe 7.3 rc wil get it to!
Running Bugtik v7.7 beta6 on RB3011-UiAS-RM, HAP AC^2 & RB5009, VyOS 1.3.2 on Proxmox VE 7.2-14
 
DeviceLocksmith
just joined
Posts: 21
Joined: Sat Jan 15, 2022 8:21 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 03, 2022 1:22 am

Any word on bringing back containers? 7.3 rc is out. Does this mean 7.3 is not getting containers? A lot of CPU power is sitting idle in Graviton CCRs.
 
s3uz
just joined
Posts: 4
Joined: Thu Dec 30, 2021 1:40 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 03, 2022 9:04 pm

5009 container support would be awesome
 
semaja2
newbie
Posts: 29
Joined: Wed Sep 08, 2021 3:50 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Sat Jun 04, 2022 4:02 pm

Containers the new "v7" meme? :P
 
User avatar
Rhoos
just joined
Posts: 21
Joined: Sun Dec 20, 2015 3:48 pm
Location: Costa Rica
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jun 09, 2022 2:37 am

Hopefully 7.3
Nope !
RB3011 UiAS (arm)
Best regards
Ricardo
 
User avatar
webasdf
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Mon Jan 26, 2009 6:37 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 10, 2022 6:57 pm

That is disappointing. :(

Confirmed 7.3.1 does NOT have container function. I enable container mode with /system/device-mode/update container=yes and reboot. /container menu is still not available.
Selection_493.png
You do not have the required permissions to view the files attached to this post.
 
mafiosa
Member Candidate
Member Candidate
Posts: 258
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jun 16, 2022 6:28 pm

Container is released in v7.4 beta 4
Running Bugtik v7.7 beta6 on RB3011-UiAS-RM, HAP AC^2 & RB5009, VyOS 1.3.2 on Proxmox VE 7.2-14
 
User avatar
Larsa
Long time Member
Long time Member
Posts: 554
Joined: Sat Aug 29, 2015 7:40 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jun 16, 2022 7:20 pm

Container help docs updated just a few hours ago: help.mikrotik.com/docs/display/ROS/Container

EDIT:
Has anyone managed to enable Containers and install/run the pihole example using CHR?
[admin@CHRv7.4beta4] > /system/device-mode print
       mode: enterprise
  container: yes
[admin@CHRv7.4beta4] > /container
bad command name container (line 1 column 2)
[admin@CHRv7.4beta4] > 
 
biomesh
Member
Member
Posts: 486
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jun 16, 2022 7:45 pm

Did you install the container package from the "all packages" zip file?
 
User avatar
Larsa
Long time Member
Long time Member
Posts: 554
Joined: Sat Aug 29, 2015 7:40 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jun 16, 2022 7:55 pm

Nope, forgot that "little" detalj thank you! Lucky me at least someone has a working brain!
 
bma
just joined
Posts: 20
Joined: Sat Feb 19, 2022 11:40 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jun 16, 2022 8:15 pm

Thanks for all the work to add container support in 7.4beta4 of ROS.

I was able to get the pihole example working on a RB5009 with 1 TB SSD connected to USB formatted as ext4. The container starts and it responds to DNS requests on veth1. However, when I try to modify anything on the pihole admin site it doesn't accept the changes. The log prints the following message.

sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

I see some container startup messages regarding root suggesting it has those privileges:
Starting pihole-FTL (no-daemon) as root

The env is set:
[admin@MikroTik] /container> envs/print
0 list="pihole_envs" name="TZ" value="<>"
1 list="pihole_envs" name="WEBPASSWORD" value="<>"
2 list="pihole_envs" name="DNSMASQ_USER" value="root"

Mounts are set:
0 name="etc_pihole" src="/disk1/etc" dst="/etc/pihole"
1 name="dnsmasq_pihole" src="/disk1/etc-dnsmasq.d" dst="/etc/dnsmasq.d"

I tried turning off SMB on the drive, but the error is still present. Is there a way to fix the permission problem? Do I need to reformat the drive using 7.4beta4?
 
User avatar
Larsa
Long time Member
Long time Member
Posts: 554
Joined: Sat Aug 29, 2015 7:40 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jun 16, 2022 9:02 pm

I had similar and other strange problems initially due to lack of storage space. I got the Pihole up and running on a CHR using only 193 MB RAM and 350 MB disk (in total), a pretty impressive small footprint.

EDIT
I managed to squeeze it down to just 122 MB RAM. Will continue to investigate what threshold there is.
Last edited by Larsa on Thu Jun 16, 2022 10:08 pm, edited 1 time in total.
 
User avatar
Larsa
Long time Member
Long time Member
Posts: 554
Joined: Sat Aug 29, 2015 7:40 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jun 16, 2022 9:59 pm

@biomesh wrote in the beta4 thread: Updated my containers from the 7.0x beta and was redeploy it on my CHR with no issues.

Any chance you might share some stats regarding mem and disk usage for some of the containers?
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jun 16, 2022 10:40 pm

I had similar and other strange problems initially due to lack of storage space. I got the Pihole up and running on a CHR using only 193 MB RAM and 350 MB disk (in total), a pretty impressive small footprint.
My RB4011 has 512MB flash and 1024MB RAM. I partitioned it, so only 256MB available per partition. No possibility to expand the storage.
So, again, I petition to add RAM DISK to all models, not only those with 16MB Flash. The code supports it (this same ARM code when running on other MikroTik models DOES offer the RAM DISK) so it cannot be difficult to enable it!
 
antonsb
MikroTik Support
MikroTik Support
Posts: 283
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.1rc3 adds Docker (TM) compatible container support

Thu Jun 16, 2022 11:39 pm


sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
Please check that the disk is mounted as disk1, also check if reformatting from RouterOS helps. I have similar setup, only difference my disk is formatted without without partition table and i can't recreate this error.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2449
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 1:36 am

rb1100ahx4 dude edition will be renamed docker edition ? :lol:
 
bma
just joined
Posts: 20
Joined: Sat Feb 19, 2022 11:40 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 1:44 am

Please check that the disk is mounted as disk1, also check if reformatting from RouterOS helps. I have similar setup, only difference my disk is formatted without without partition table and i can't recreate this error.
- Disk is mounted as /disk1
- Reformatting as ext4 in ROS without partition table did not help

Attached image shows error in log, disk space, container mounts, env, and command line used. I didn't start getting this error until I removed and reinstalled the container a few times. Now I'm unable to install it. Before this problem was when I got the sudo error.

Are images run with --rm or equivalent? Could this be a problem with stopped images or other temp storage in a limited docker-only space that the user doesn't have access to?
rb5009_containers_error.PNG
You do not have the required permissions to view the files attached to this post.
 
biomesh
Member
Member
Posts: 486
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 2:58 am

Any chance you might share some stats regarding mem and disk usage for some of the containers?
So far I am only using a container I built for nextdns that is based on a small debian image. The tar file is 110MB and I still have the tar file on my disk and using ~300MB disk (I have other files on the disk as well). Overall memory usage on the CHR is ~100MB Ram.
 
miniers
just joined
Posts: 1
Joined: Fri Mar 25, 2022 9:25 am

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 4:10 am

I have encountered a file permission problem. When I mount an existing folder into the container and access the folder in the container, it will prompt that there is no permission. I tried to run an openssh-server container , enter the container through ssh connection, in the mount directory, the user and user group of the existing file are nobody, and the user and user group of the file created in the container are the user logged in with ssh, I try to chown to change the file The user that belongs to, also prompts that there is no permission.
iShot_2022-06-17_09.06.47.png
You do not have the required permissions to view the files attached to this post.
 
antonsb
MikroTik Support
MikroTik Support
Posts: 283
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 11:23 am

Looks like all permission issues are caused by accessing previously created containers, containers are and should be isolated from each other - if same files are required for multiple containers use mounts. Do not put mount src in root-dir either. root-dir should be on external memory for now.
 
User avatar
Larsa
Long time Member
Long time Member
Posts: 554
Joined: Sat Aug 29, 2015 7:40 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 12:54 pm

Looks like all intermission issues is caused by accessing previously created containers, containers are and should be isolated from each other - if same files are required for multiple containers use mounts. Do not put mount dst in root-dir either.

This is indeed very useful info that should be put in a Best Practices or Tips-and-Tricks section in the Container help docs.
 
antonsb
MikroTik Support
MikroTik Support
Posts: 283
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 4:20 pm

We repeated
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
issue and found the main cause. We will check what can be done.
 
theosoft
just joined
Posts: 10
Joined: Fri Jan 27, 2017 5:48 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 5:45 pm

ROS 7.4beta4
Pi-hole sample installed on RB5009 with external USB stick. No gravity update possible.
No debug entries in LOG ?? FS issue??

BTW. USB stick gets a new name, when un/plugged. Name is incremented i.e. disk4 :-). So disk1 is not possible easy. It is possible to edit the name. It's not equal to label....

regards
 
pe1chl
Forum Guru
Forum Guru
Posts: 8858
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 6:50 pm

BTW. USB stick gets a new name, when un/plugged. Name is incremented i.e. disk4 :-).
Normally that only happens when you unplug it when something is open on the disk. DON'T DO THAT!
 
elbob2002
Member Candidate
Member Candidate
Posts: 182
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 7:25 pm

Got the following error on CHR:

mikrotik container failure: not allowed by device-mode

Tried to resolve it by changing the device mode:
system/device-mode/update mode=home 

And now my CHR is dead with this error:
CHR ERROR.png
You do not have the required permissions to view the files attached to this post.
RB5009, RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR, Chateau LTE12
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 8943
Joined: Tue Feb 25, 2014 12:49 pm
Location: 🇮🇹, my 💔 is in 🇺🇦

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 7:31 pm

reload last vm backup you made before do that test
✂ Rextended Fragments of Snippets

Vld4UmVHUkdhelJUTTJzOQ==
 
elbob2002
Member Candidate
Member Candidate
Posts: 182
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: v7.1rc3 adds Docker (TM) compatible container support

Fri Jun 17, 2022 9:15 pm

reload last vm backup you made before do that test
Yep. Had a snapshot so reverted back. Any idea what command I should actually use not to brick the vm again?
RB5009, RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR, Chateau LTE12

Who is online

Users browsing this forum: No registered users and 0 guests