MikroTik Solutions: Hex Artifact Content

Artifact 2264c18b31af985a26385bd78cd8b5ad75f5efe260ef8f46d772dd8ccf46aca3:

Wiki page [Container Limitations] by tangent 2024-08-10 14:28:39.
0000: 44 20 32 30 32 34 2d 30 38 2d 31 30 54 31 34 3a  D 2024-08-10T14:
0010: 32 38 3a 33 39 2e 38 31 39 0a 4c 20 43 6f 6e 74  28:39.819.L Cont
0020: 61 69 6e 65 72 5c 73 4c 69 6d 69 74 61 74 69 6f  ainer\sLimitatio
0030: 6e 73 0a 4e 20 74 65 78 74 2f 78 2d 6d 61 72 6b  ns.N text/x-mark
0040: 64 6f 77 6e 0a 50 20 32 66 66 66 39 61 66 31 33  down.P 2fff9af13
0050: 31 32 63 30 62 39 36 36 39 61 31 61 66 35 61 39  12c0b9669a1af5a9
0060: 34 64 33 66 35 37 61 63 61 61 33 38 37 32 33 65  4d3f57acaa38723e
0070: 38 34 37 32 31 32 31 66 39 30 64 36 39 35 36 39  8472121f90d69569
0080: 31 65 65 39 33 32 64 0a 55 20 74 61 6e 67 65 6e  1ee932d.U tangen
0090: 74 0a 57 20 33 36 39 37 31 0a 23 20 4d 6f 74 69  t.W 36971.# Moti
00a0: 76 61 74 69 6f 6e 0d 0a 0d 0a 54 68 65 20 5b 52  vation....The [R
00b0: 6f 75 74 65 72 4f 53 20 60 63 6f 6e 74 61 69 6e  outerOS `contain
00c0: 65 72 2e 6e 70 6b 60 20 66 65 61 74 75 72 65 5d  er.npk` feature]
00d0: 28 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 6d 69  (https://help.mi
00e0: 6b 72 6f 74 69 6b 2e 63 6f 6d 2f 64 6f 63 73 2f  krotik.com/docs/
00f0: 64 69 73 70 6c 61 79 2f 52 4f 53 2f 43 6f 6e 74  display/ROS/Cont
0100: 61 69 6e 65 72 29 20 69 73 20 68 69 67 68 6c 79  ainer) is highly
0110: 20 75 73 65 66 75 6c 2c 20 62 75 74 20 69 74 20   useful, but it 
0120: 69 73 20 61 20 63 75 73 74 6f 6d 20 64 65 76 65  is a custom deve
0130: 6c 6f 70 6d 65 6e 74 20 77 72 69 74 74 65 6e 20  lopment written 
0140: 69 6e 2d 68 6f 75 73 65 20 62 79 20 4d 69 6b 72  in-house by Mikr
0150: 6f 54 69 6b 2c 20 6e 6f 74 20 61 20 63 6f 70 79  oTik, not a copy
0160: 20 6f 66 20 44 6f 63 6b 65 72 20 45 6e 67 69 6e   of Docker Engin
0170: 65 20 6f 72 20 61 6e 79 20 6f 66 20 74 68 65 20  e or any of the 
0180: 6f 74 68 65 72 20 73 65 72 76 65 72 2d 67 72 61  other server-gra
0190: 64 65 20 63 6f 6e 74 61 69 6e 65 72 20 65 6e 67  de container eng
01a0: 69 6e 65 73 2e 28 5e 50 6f 64 6d 61 6e 2c 20 4c  ines.(^Podman, L
01b0: 58 43 2f 4c 58 44 2c 20 65 74 63 2e 29 20 42 65  XC/LXD, etc.) Be
01c0: 63 61 75 73 65 20 6f 66 20 74 68 65 20 73 74 72  cause of the str
01d0: 69 6e 67 65 6e 74 20 72 65 73 6f 75 72 63 65 20  ingent resource 
01e0: 63 6f 6e 73 74 72 61 69 6e 74 73 20 6f 6e 20 74  constraints on t
01f0: 68 65 20 62 75 6c 6b 20 6f 66 20 4d 69 6b 72 6f  he bulk of Mikro
0200: 54 69 6b e2 80 99 73 20 64 65 76 69 63 65 73 2c  Tik’s devices,
0210: 20 69 74 20 69 73 20 65 78 63 65 70 74 69 6f 6e   it is exception
0220: 61 6c 6c 79 20 73 6d 61 6c 6c 2c 20 74 68 75 73  ally small, thus
0230: 20 75 6e 61 76 6f 69 64 61 62 6c 79 20 76 65 72   unavoidably ver
0240: 79 20 74 68 69 6e 6c 79 20 66 65 61 74 75 72 65  y thinly feature
0250: 64 20 63 6f 6d 70 61 72 65 64 20 74 6f 20 69 74  d compared to it
0260: 73 20 62 69 67 2d 62 6f 79 20 63 6f 6d 70 65 74  s big-boy compet
0270: 69 74 69 6f 6e 2e 20 49 66 20 77 65 20 63 61 6e  ition. If we can
0280: 20 75 73 65 20 69 6e 73 74 61 6c 6c 65 64 20 73   use installed s
0290: 69 7a 65 20 61 73 20 61 20 70 72 6f 78 79 20 66  ize as a proxy f
02a0: 6f 72 20 65 78 70 65 63 74 65 64 20 66 65 61 74  or expected feat
02b0: 75 72 65 20 73 65 74 20 73 69 7a 65 2c 20 77 65  ure set size, we
02c0: 20 66 69 6e 64 3a 0d 0a 0d 0a 2a 20 2a 2a 44 6f   find:....* **Do
02d0: 63 6b 65 72 20 45 6e 67 69 6e 65 2a 2a 3a 20 34  cker Engine**: 4
02e0: 32 32 20 4d 69 42 28 5e 56 65 72 73 69 6f 6e 20  22 MiB(^Version 
02f0: 32 37 2e 31 2e 31 2c 20 61 63 63 6f 72 64 69 6e  27.1.1, accordin
0300: 67 20 74 6f 20 60 64 6e 66 20 72 65 6d 6f 76 65  g to `dnf remove
0310: 20 64 6f 63 6b 65 72 2d 63 65 e2 80 a6 60 20 61   docker-ce…` a
0320: 66 74 65 72 20 69 6e 73 74 61 6c 6c 69 6e 67 20  fter installing 
0330: 74 68 65 73 65 20 70 61 63 6b 61 67 65 73 20 5b  these packages [
0340: 70 65 72 20 74 68 65 20 69 6e 73 74 72 75 63 74  per the instruct
0350: 69 6f 6e 73 5d 28 68 74 74 70 73 3a 2f 2f 64 6f  ions](https://do
0360: 63 73 2e 64 6f 63 6b 65 72 2e 63 6f 6d 2f 65 6e  cs.docker.com/en
0370: 67 69 6e 65 2f 69 6e 73 74 61 6c 6c 2f 72 68 65  gine/install/rhe
0380: 6c 2f 23 69 6e 73 74 61 6c 6c 2d 64 6f 63 6b 65  l/#install-docke
0390: 72 2d 65 6e 67 69 6e 65 29 2e 20 4e 6f 74 65 20  r-engine). Note 
03a0: 61 6c 73 6f 20 74 68 61 74 20 74 68 69 73 20 69  also that this i
03b0: 73 20 74 68 65 20 e2 80 9c 65 6e 67 69 6e 65 e2  s the “engine�
03c0: 80 9d 20 61 6c 6f 6e 65 2c 20 6c 65 61 76 69 6e  �� alone, leavin
03d0: 67 20 6f 75 74 20 74 68 65 20 65 78 74 72 61 20  g out the extra 
03e0: 67 69 67 61 62 79 74 65 20 6f 66 20 73 74 75 66  gigabyte of stuf
03f0: 66 20 74 68 61 74 20 6d 61 6b 65 73 20 75 70 20  f that makes up 
0400: 44 6f 63 6b 65 72 20 44 65 73 6b 74 6f 70 2e 20  Docker Desktop. 
0410: 54 68 69 73 20 69 73 20 77 68 61 74 20 79 6f 75  This is what you
0420: e2 80 99 64 20 72 75 6e 20 6f 6e 20 61 20 72 65  ’d run on a re
0430: 6d 6f 74 65 20 73 65 72 76 65 72 2c 20 74 68 65  mote server, the
0440: 20 63 6c 6f 73 65 73 74 20 73 69 74 75 61 74 69   closest situati
0450: 6f 6e 20 74 6f 20 77 68 61 74 20 61 20 68 65 61  on to what a hea
0460: 64 6c 65 73 73 20 52 6f 75 74 65 72 4f 53 20 62  dless RouterOS b
0470: 6f 78 20 70 72 6f 76 69 64 65 73 2e 29 0d 0a 2a  ox provides.)..*
0480: 20 2a 2a 60 63 6f 6e 74 61 69 6e 65 72 64 60 2b   **`containerd`+
0490: 60 6e 65 72 64 63 74 6c 60 2a 2a 3a 20 31 37 34  `nerdctl`**: 174
04a0: 20 4d 69 42 28 5e 54 68 69 73 20 69 73 20 65 73   MiB(^This is es
04b0: 73 65 6e 74 69 61 6c 6c 79 20 44 6f 63 6b 65 72  sentially Docker
04c0: 20 45 6e 67 69 6e 65 20 6d 69 6e 75 73 20 74 68   Engine minus th
04d0: 65 20 62 75 69 6c 64 20 74 6f 6f 6c 69 6e 67 2e  e build tooling.
04e0: 20 54 68 65 20 73 69 7a 65 20 69 73 20 66 6f 72   The size is for
04f0: 20 76 65 72 73 69 6f 6e 20 32 2e 30 2e 30 2d 72   version 2.0.0-r
0500: 63 31 20 6f 66 20 60 6e 65 72 64 63 74 6c 60 20  c1 of `nerdctl` 
0510: 70 6c 75 73 20 74 68 65 20 60 63 6f 6e 74 61 69  plus the `contai
0520: 6e 65 72 64 60 20 66 72 6f 6d 20 74 68 65 20 44  nerd` from the D
0530: 6f 63 6b 65 72 20 45 6e 67 69 6e 65 20 43 45 20  ocker Engine CE 
0540: 69 6e 73 74 61 6c 6c 20 61 62 6f 76 65 2c 20 61  install above, a
0550: 63 63 6f 72 64 69 6e 67 20 74 6f 20 60 73 75 64  ccording to `sud
0560: 6f 20 64 6e 66 20 72 65 6d 6f 76 65 20 63 6f 6e  o dnf remove con
0570: 74 61 69 6e 65 72 64 60 20 61 6e 64 20 60 64 75  tainerd` and `du
0580: 20 2d 73 68 20 6e 65 72 64 63 74 6c 60 2e 29 0d   -sh nerdctl`.).
0590: 0a 2a 20 2a 2a 50 6f 64 6d 61 6e 2a 2a 3a 20 31  .* **Podman**: 1
05a0: 30 37 20 4d 69 42 28 5e 56 65 72 73 69 6f 6e 20  07 MiB(^Version 
05b0: 34 2e 39 2e 34 20 6f 6e 20 45 4c 39 2c 20 61 63  4.9.4 on EL9, ac
05c0: 63 6f 72 64 69 6e 67 20 74 6f 20 60 73 75 64 6f  cording to `sudo
05d0: 20 64 6e 66 20 72 65 6d 6f 76 65 20 70 6f 64 6d   dnf remove podm
05e0: 61 6e 20 63 6f 6e 6d 6f 6e 20 63 72 75 6e 60 2e  an conmon crun`.
05f0: 29 0d 0a 2a 20 2a 2a 60 63 6f 6e 74 61 69 6e 65  )..* **`containe
0600: 72 2e 6e 70 6b 60 2a 2a 3a 20 5f 30 2e 30 36 32  r.npk`**: _0.062
0610: 36 20 4d 69 42 5f 28 5e 56 65 72 73 69 6f 6e 20  6 MiB_(^Version 
0620: 37 2e 31 35 2e 32 2c 20 61 63 63 6f 72 64 69 6e  7.15.2, accordin
0630: 67 20 74 6f 20 60 2f 73 79 73 74 65 6d 2f 70 61  g to `/system/pa
0640: 63 6b 61 67 65 2f 70 72 69 6e 74 60 2e 29 0d 0a  ckage/print`.)..
0650: 0d 0a 41 6e 64 20 74 68 69 73 20 69 73 20 66 69  ..And this is fi
0660: 6e 65 21 20 52 6f 75 74 65 72 4f 53 20 73 65 72  ne! RouterOS ser
0670: 76 65 73 20 61 20 70 61 72 74 69 63 75 6c 61 72  ves a particular
0680: 20 6d 61 72 6b 65 74 2c 20 61 6e 64 20 69 74 73   market, and its
0690: 20 64 65 76 65 6c 6f 70 65 72 73 20 61 72 65 20   developers are 
06a0: 77 6f 72 6b 69 6e 67 20 77 69 74 68 69 6e 20 74  working within t
06b0: 68 6f 73 65 20 63 6f 6e 73 74 72 61 69 6e 74 73  hose constraints
06c0: 2e 20 54 68 65 20 69 6e 74 65 6e 74 20 68 65 72  . The intent her
06d0: 65 20 69 73 20 74 6f 20 70 72 6f 76 69 64 65 20  e is to provide 
06e0: 61 20 6d 61 70 70 69 6e 67 20 62 65 74 77 65 65  a mapping betwee
06f0: 6e 20 77 68 61 74 20 70 65 6f 70 6c 65 20 65 78  n what people ex
0700: 70 65 63 74 20 6f 66 20 61 20 66 75 6c 6c 79 2d  pect of a fully-
0710: 66 65 61 74 75 72 65 64 20 63 6f 6e 74 61 69 6e  featured contain
0720: 65 72 20 65 6e 67 69 6e 65 20 61 6e 64 20 77 68  er engine and wh
0730: 61 74 20 79 6f 75 20 61 63 74 75 61 6c 6c 79 20  at you actually 
0740: 67 65 74 20 69 6e 20 52 6f 75 74 65 72 4f 53 2e  get in RouterOS.
0750: 20 57 68 65 72 65 20 69 74 20 6d 61 6b 65 73 20   Where it makes 
0760: 73 65 6e 73 65 2c 20 49 20 74 72 79 20 74 6f 20  sense, I try to 
0770: 70 72 6f 76 69 64 65 20 77 6f 72 6b 61 72 6f 75  provide workarou
0780: 6e 64 73 20 66 6f 72 20 6d 69 73 73 69 6e 67 20  nds for missing 
0790: 66 65 61 74 75 72 65 73 20 61 6e 64 20 67 75 69  features and gui
07a0: 64 61 6e 63 65 20 74 6f 20 61 6c 74 65 72 6e 61  dance to alterna
07b0: 74 69 76 65 20 6d 65 74 68 6f 64 73 20 77 68 65  tive methods whe
07c0: 72 65 20 52 6f 75 74 65 72 4f 53 e2 80 99 73 20  re RouterOS’s 
07d0: 77 61 79 20 6d 65 72 65 6c 79 20 2a 77 6f 72 6b  way merely *work
07e0: 73 2a 20 64 69 66 66 65 72 65 6e 74 6c 79 2e 0d  s* differently..
07f0: 0a 0d 0a 0d 0a 23 20 3c 61 20 69 64 3d 22 67 6c  .....# <a id="gl
0800: 6f 62 61 6c 22 3e 3c 2f 61 3e 47 6c 6f 62 61 6c  obal"></a>Global
0810: 20 4c 69 6d 69 74 61 74 69 6f 6e 73 0d 0a 0d 0a   Limitations....
0820: 41 6c 6c 6f 77 20 6d 65 20 74 6f 20 62 65 67 69  Allow me to begi
0830: 6e 20 77 69 74 68 20 74 68 65 20 6d 61 6a 6f 72  n with the major
0840: 20 6c 69 6d 69 74 61 74 69 6f 6e 73 20 76 69 73   limitations vis
0850: 69 62 6c 65 20 61 74 20 61 20 67 6c 6f 62 61 6c  ible at a global
0860: 20 6c 65 76 65 6c 20 69 6e 20 74 68 65 20 52 6f   level in the Ro
0870: 75 74 65 72 4f 53 20 60 63 6f 6e 74 61 69 6e 65  uterOS `containe
0880: 72 2e 6e 70 6b 60 20 66 65 61 74 75 72 65 2c 20  r.npk` feature, 
0890: 62 6f 74 68 20 74 6f 20 73 61 74 69 73 66 79 20  both to satisfy 
08a0: 74 68 65 20 2a 2a 74 6c 3b 64 72 2a 2a 20 63 72  the **tl;dr** cr
08b0: 6f 77 64 20 61 6e 64 20 74 6f 20 73 65 74 20 62  owd and to set b
08c0: 72 6f 61 64 20 65 78 70 65 63 74 61 74 69 6f 6e  road expectation
08d0: 73 20 66 6f 72 20 74 68 65 20 72 65 73 74 20 6f  s for the rest o
08e0: 66 20 6d 79 20 72 65 61 64 65 72 73 2e 20 54 68  f my readers. Th
08f0: 69 73 20 73 75 70 65 72 2d 6d 69 6e 69 6d 61 6c  is super-minimal
0900: 20 63 6f 6e 74 61 69 6e 65 72 20 69 6d 70 6c 65   container imple
0910: 6d 65 6e 74 61 74 69 6f 6e 20 6c 61 63 6b 73 3a  mentation lacks:
0920: 0d 0a 0d 0a 2a 20 20 20 6f 72 63 68 65 73 74 72  ....*   orchestr
0930: 61 74 69 6f 6e 0d 0a 2a 20 20 20 72 6f 6f 74 6c  ation..*   rootl
0940: 65 73 73 20 6d 6f 64 65 0d 0a 2a 20 20 20 69 6d  ess mode..*   im
0950: 61 67 65 20 62 75 69 6c 64 69 6e 67 0d 0a 2a 20  age building..* 
0960: 20 20 61 20 6c 6f 63 61 6c 20 69 6d 61 67 65 20    a local image 
0970: 63 61 63 68 65 0d 0a 2a 20 20 20 4a 53 4f 4e 20  cache..*   JSON 
0980: 61 6e 64 20 52 45 53 54 20 41 50 49 73 0d 0a 2a  and REST APIs..*
0990: 20 20 20 61 20 5b 43 6f 57 5d 2f 6f 76 65 72 6c     a [CoW]/overl
09a0: 61 79 20 66 69 6c 65 20 73 79 73 74 65 6d 28 5e  ay file system(^
09b0: 54 68 69 73 20 69 73 20 6e 6f 74 20 61 20 76 65  This is not a ve
09c0: 72 69 66 69 65 64 20 66 61 63 74 2c 20 62 75 74  rified fact, but
09d0: 20 61 6e 20 69 6e 66 65 72 65 6e 63 65 20 62 61   an inference ba
09e0: 73 65 64 20 6f 6e 20 74 68 65 20 6f 62 73 65 72  sed on the obser
09f0: 76 61 74 69 6f 6e 20 74 68 61 74 20 69 66 20 52  vation that if R
0a00: 6f 75 74 65 72 4f 53 20 5f 64 69 64 5f 20 68 61  outerOS _did_ ha
0a10: 76 65 20 74 68 69 73 20 66 61 63 69 6c 69 74 79  ve this facility
0a20: 20 75 6e 64 65 72 6c 79 69 6e 67 20 69 74 73 20   underlying its 
0a30: 63 6f 6e 74 61 69 6e 65 72 73 2c 20 73 65 76 65  containers, seve
0a40: 72 61 6c 20 6f 74 68 65 72 20 6c 69 6d 69 74 61  ral other limita
0a50: 74 69 6f 6e 73 20 63 6f 76 65 72 65 64 20 68 65  tions covered he
0a60: 72 65 20 77 6f 75 6c 64 20 6e 6f 74 20 65 78 69  re would not exi
0a70: 73 74 2e 29 0d 0a 2a 20 20 20 70 65 72 2d 63 6f  st.)..*   per-co
0a80: 6e 74 61 69 6e 65 72 20 6c 69 6d 69 74 20 63 6f  ntainer limit co
0a90: 6e 74 72 6f 6c 73 3a 28 5e 54 68 65 20 6f 6e 6c  ntrols:(^The onl
0aa0: 79 20 63 6f 6e 66 69 67 75 72 61 62 6c 65 20 72  y configurable r
0ab0: 65 73 6f 75 72 63 65 20 6c 69 6d 69 74 20 69 73  esource limit is
0ac0: 20 6f 6e 20 6d 61 78 69 6d 75 6d 20 52 41 4d 20   on maximum RAM 
0ad0: 75 73 61 67 65 2c 20 61 6e 64 20 69 74 e2 80 99  usage, and it’
0ae0: 73 20 67 6c 6f 62 61 6c 2c 20 6e 6f 74 20 73 65  s global, not se
0af0: 74 74 61 62 6c 65 20 6f 6e 20 61 20 70 65 72 2d  ttable on a per-
0b00: 63 6f 6e 74 61 69 6e 65 72 20 62 61 73 69 73 2e  container basis.
0b10: 29 0d 0a 20 20 20 20 2a 20 20 20 46 44 20 63 6f  )..    *   FD co
0b20: 75 6e 74 0d 0a 20 20 20 20 2a 20 20 20 50 49 44  unt..    *   PID
0b30: 20 6c 69 6d 69 74 0d 0a 20 20 20 20 2a 20 20 20   limit..    *   
0b40: 43 50 55 20 75 73 61 67 65 0d 0a 20 20 20 20 2a  CPU usage..    *
0b50: 20 20 20 73 74 6f 72 61 67 65 20 49 4f 50 53 0d     storage IOPS.
0b60: 0a 20 20 20 20 2a 20 20 20 60 2f 64 65 76 2f 73  .    *   `/dev/s
0b70: 68 6d 60 20 73 69 7a 65 20 6c 69 6d 69 74 0d 0a  hm` size limit..
0b80: 20 20 20 20 2a 20 20 20 74 65 72 6d 69 6e 61 6c      *   terminal
0b90: 2f 6c 6f 67 67 69 6e 67 20 62 70 73 0d 0a 20 20  /logging bps..  
0ba0: 20 20 2a 20 20 20 5b 63 61 70 61 62 69 6c 69 74    *   [capabilit
0bb0: 79 5d 5b 63 61 70 73 5d 20 72 65 73 74 72 69 63  y][caps] restric
0bc0: 74 69 6f 6e 73 0d 0a 20 20 20 20 2a 20 20 20 5b  tions..    *   [
0bd0: 73 65 63 63 6f 6d 70 20 70 72 6f 66 69 6c 65 73  seccomp profiles
0be0: 5d 28 68 74 74 70 73 3a 2f 2f 64 6f 63 73 2e 64  ](https://docs.d
0bf0: 6f 63 6b 65 72 2e 63 6f 6d 2f 65 6e 67 69 6e 65  ocker.com/engine
0c00: 2f 73 65 63 75 72 69 74 79 2f 73 65 63 63 6f 6d  /security/seccom
0c10: 70 2f 29 0d 0a 20 20 20 20 2a 20 20 20 5b 72 6c  p/)..    *   [rl
0c20: 69 6d 69 74 5d 0d 0a 2a 20 20 20 68 61 72 64 77  imit]..*   hardw
0c30: 61 72 65 20 70 61 73 73 2d 74 68 72 75 3a 0d 0a  are pass-thru:..
0c40: 20 20 20 20 2a 20 20 20 55 53 42 20 64 65 76 69      *   USB devi
0c50: 63 65 20 65 6e 74 72 69 65 73 20 75 6e 64 65 72  ce entries under
0c60: 20 60 2f 64 65 76 60 20 61 72 65 20 6f 6e 20 74   `/dev` are on t
0c70: 68 65 20 77 69 73 68 20 6c 69 73 74 2c 20 62 75  he wish list, bu
0c80: 74 20 6e 6f 74 20 63 75 72 72 65 6e 74 6c 79 20  t not currently 
0c90: 61 76 61 69 6c 61 62 6c 65 2e 28 5e 4e 6f 74 20  available.(^Not 
0ca0: 75 6e 6c 65 73 73 20 52 6f 75 74 65 72 4f 53 20  unless RouterOS 
0cb0: 69 74 73 65 6c 66 20 73 65 65 73 20 74 68 65 20  itself sees the 
0cc0: 55 53 42 20 64 65 76 69 63 65 2c 20 61 73 20 77  USB device, as w
0cd0: 69 74 68 20 73 74 6f 72 61 67 65 20 6d 65 64 69  ith storage medi
0ce0: 61 2c 20 77 68 69 63 68 20 79 6f 75 20 63 61 6e  a, which you can
0cf0: 20 62 69 6e 64 2d 6d 6f 75 6e 74 20 69 6e 74 6f   bind-mount into
0d00: 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 77   the container w
0d10: 69 74 68 20 e2 80 9c 60 2f 63 6f 6e 74 61 69 6e  ith “`/contain
0d20: 65 72 2f 61 64 64 20 6d 6f 75 6e 74 73 3d e2 80  er/add mounts=�
0d30: a6 60 e2 80 9d 2e 29 0d 0a 20 20 20 20 2a 20 20  �`”.)..    *  
0d40: 20 54 68 65 72 65 20 69 73 20 6e 6f 20 47 50 55   There is no GPU
0d50: 20 73 75 70 70 6f 72 74 2c 20 6e 6f 74 20 65 76   support, not ev
0d60: 65 6e 20 66 6f 72 20 62 61 72 65 2d 6d 65 74 61  en for bare-meta
0d70: 6c 20 78 38 36 20 69 6e 73 74 61 6c 6c 73 2e 0d  l x86 installs..
0d80: 0a 0d 0a 4c 61 63 6b 20 6f 66 20 61 20 6d 61 6e  ...Lack of a man
0d90: 61 67 65 6d 65 6e 74 20 64 61 65 6d 6f 6e 28 5e  agement daemon(^
0da0: 60 63 6f 6e 74 61 69 6e 65 72 64 60 20 69 6e 20  `containerd` in 
0db0: 6d 6f 64 65 72 6e 20 73 65 74 75 70 73 2c 20 60  modern setups, `
0dc0: 64 6f 63 6b 65 72 64 60 20 69 6e 20 6f 6c 64 20  dockerd` in old 
0dd0: 6f 6e 65 73 29 20 69 73 20 6e 6f 74 20 69 6e 20  ones) is not in 
0de0: 74 68 61 74 20 6c 69 73 74 20 62 65 63 61 75 73  that list becaus
0df0: 65 20 61 20 67 6f 6f 64 20 62 69 74 20 6f 66 20  e a good bit of 
0e00: 44 6f 63 6b 65 72 e2 80 99 73 20 63 6f 6d 70 65  Docker’s compe
0e10: 74 69 74 69 6f 6e 20 61 6c 73 6f 20 6c 61 63 6b  tition also lack
0e20: 73 20 74 68 69 73 2c 20 6f 6e 20 70 75 72 70 6f  s this, on purpo
0e30: 73 65 2e 20 42 65 74 77 65 65 6e 20 74 68 61 74  se. Between that
0e40: 20 61 6e 64 20 74 68 65 20 6f 74 68 65 72 20 69   and the other i
0e50: 74 65 6d 73 20 6f 6e 20 74 68 65 20 6c 69 73 74  tems on the list
0e60: 2c 20 74 68 65 20 66 61 69 72 65 73 74 20 63 6f  , the fairest co
0e70: 6d 70 61 72 69 73 6f 6e 20 69 73 20 6e 6f 74 20  mparison is not 
0e80: 74 6f 20 66 75 6c 6c 79 2d 66 65 61 74 75 72 65  to fully-feature
0e90: 64 20 63 6f 6e 74 61 69 6e 65 72 20 2a 65 6e 67  d container *eng
0ea0: 69 6e 65 73 2a 20 6c 69 6b 65 20 44 6f 63 6b 65  ines* like Docke
0eb0: 72 20 61 6e 64 20 50 6f 64 6d 61 6e 20 62 75 74  r and Podman but
0ec0: 20 74 6f 20 74 68 65 20 63 6f 6e 74 61 69 6e 65   to the containe
0ed0: 72 20 2a 72 75 6e 6e 65 72 2a 20 61 74 20 74 68  r *runner* at th
0ee0: 65 69 72 20 68 65 61 72 74 3a 0d 0a 0d 0a 2a 20  eir heart:....* 
0ef0: 2a 2a 72 75 6e 63 2a 2a 3a 20 31 34 c2 a0 4d 69  **runc**: 14 Mi
0f00: 42 28 5e 54 68 69 73 20 69 73 20 74 68 65 20 72  B(^This is the r
0f10: 75 6e 6e 65 72 20 75 6e 64 65 72 70 69 6e 6e 69  unner underpinni
0f20: 6e 67 20 60 63 6f 6e 74 61 69 6e 65 72 64 60 2c  ng `containerd`,
0f30: 20 74 68 75 73 20 61 6c 73 6f 20 44 6f 63 6b 65   thus also Docke
0f40: 72 2c 20 61 6c 74 68 6f 75 67 68 20 69 74 20 70  r, although it p
0f50: 72 65 63 65 64 65 73 20 69 74 2e 20 4c 6f 6e 67  recedes it. Long
0f60: 20 62 65 66 6f 72 65 20 74 68 65 79 20 63 72 65   before they cre
0f70: 61 74 65 64 20 60 63 6f 6e 74 61 69 6e 65 72 64  ated `containerd
0f80: 60 2c 20 69 74 20 75 6e 64 65 72 70 69 6e 6e 65  `, it underpinne
0f90: 64 20 60 64 6f 63 6b 65 72 64 60 20 69 6e 73 74  d `dockerd` inst
0fa0: 65 61 64 2e 20 42 65 63 61 75 73 65 20 69 74 20  ead. Because it 
0fb0: 69 73 20 73 6f 20 70 72 69 6d 6f 72 64 69 61 6c  is so primordial
0fc0: 2c 20 61 20 67 6f 6f 64 20 6d 61 6e 79 20 6f 74  , a good many ot
0fd0: 68 65 72 20 63 6f 6e 74 61 69 6e 65 72 20 65 6e  her container en
0fe0: 67 69 6e 65 73 20 61 72 65 20 61 6c 73 6f 20 62  gines are also b
0ff0: 61 73 65 64 20 6f 6e 20 69 74 2e 29 0d 0a 2a 20  ased on it.)..* 
1000: 2a 2a 73 79 73 74 65 6d 64 2d 6e 73 70 61 77 6e  **systemd-nspawn
1010: 2a 2a 3a 20 31 2e 33 c2 a0 4d 69 42 28 5e 5b 54  **: 1.3 MiB(^[T
1020: 68 69 73 5d 5b 73 64 6e 73 70 5d 20 69 73 20 74  his][sdnsp] is t
1030: 68 65 20 62 61 72 65 2d 62 6f 6e 65 73 20 5b 4f  he bare-bones [O
1040: 43 49 5d 20 69 6d 61 67 65 20 72 75 6e 6e 65 72  CI] image runner
1050: 20 62 75 69 6c 74 20 69 6e 74 6f 20 73 79 73 74   built into syst
1060: 65 6d 64 2c 20 77 69 74 68 20 61 20 66 65 61 74  emd, with a feat
1070: 75 72 65 20 73 65 74 20 66 61 69 72 6c 79 20 63  ure set fairly c
1080: 6c 6f 73 65 20 74 6f 20 74 68 61 74 20 6f 66 20  lose to that of 
1090: 60 63 6f 6e 74 61 69 6e 65 72 2e 6e 70 6b 60 2e  `container.npk`.
10a0: 20 54 68 65 20 73 69 7a 65 20 61 62 6f 76 65 20   The size above 
10b0: 69 73 20 66 6f 72 20 76 65 72 73 69 6f 6e 20 32  is for version 2
10c0: 35 32 20 6f 66 20 74 68 69 73 20 70 72 6f 67 72  52 of this progr
10d0: 61 6d e2 80 99 73 20 70 61 72 65 6e 74 20 5b 60  am’s parent [`
10e0: 73 79 73 74 65 6d 64 2d 63 6f 6e 74 61 69 6e 65  systemd-containe
10f0: 72 60 5d 5b 73 64 63 6e 74 5d 20 70 61 63 6b 61  r`][sdcnt] packa
1100: 67 65 20 61 73 20 73 68 69 70 70 65 64 20 6f 6e  ge as shipped on
1110: 20 45 4c 39 2e 29 0d 0a 2a 20 2a 2a 63 72 75 6e   EL9.)..* **crun
1120: 2a 2a 3a 20 30 2e 35 c2 a0 4d 69 42 28 5e 54 68  **: 0.5 MiB(^Th
1130: 69 73 20 69 73 20 50 6f 64 6d 61 6e e2 80 99 73  is is Podman’s
1140: 20 61 6c 74 65 72 6e 61 74 69 76 65 20 74 6f 20   alternative to 
1150: 60 72 75 6e 63 60 2c 20 77 72 69 74 74 65 6e 20  `runc`, written 
1160: 69 6e 20 43 20 74 6f 20 6d 61 6b 65 20 69 74 20  in C to make it 
1170: 73 6d 61 6c 6c 65 72 2e 20 45 61 72 6c 79 20 76  smaller. Early v
1180: 65 72 73 69 6f 6e 73 20 6f 66 20 50 6f 64 6d 61  ersions of Podma
1190: 6e 20 6f 6e 63 65 20 72 65 6c 69 65 64 20 6f 6e  n once relied on
11a0: 20 60 72 75 6e 63 60 2c 20 61 6e 64 20 69 74 20   `runc`, and it 
11b0: 63 61 6e 20 73 74 69 6c 6c 20 62 65 20 63 6f 6e  can still be con
11c0: 66 69 67 75 72 65 64 20 74 6f 20 75 73 65 20 69  figured to use i
11d0: 74 2c 20 62 75 74 20 74 68 65 20 6e 65 77 20 64  t, but the new d
11e0: 65 66 61 75 6c 74 20 69 73 20 74 6f 20 75 73 65  efault is to use
11f0: 20 74 68 65 20 73 6c 69 6d 6d 65 72 20 62 75 74   the slimmer but
1200: 20 66 65 61 74 75 72 65 2d 65 71 75 69 76 61 6c   feature-equival
1210: 65 6e 74 20 60 63 72 75 6e 60 2e 29 0d 0a 0d 0a  ent `crun`.)....
1220: 4f 6e 65 20 72 65 61 73 6f 6e 20 60 63 6f 6e 74  One reason `cont
1230: 61 69 6e 65 72 2e 6e 70 6b 60 20 69 73 20 66 61  ainer.npk` is fa
1240: 72 20 73 6d 61 6c 6c 65 72 20 74 68 61 6e 20 65  r smaller than e
1250: 76 65 6e 20 74 68 65 20 73 6d 61 6c 6c 65 73 74  ven the smallest
1260: 20 6f 66 20 74 68 65 73 65 20 72 75 6e 6e 65 72   of these runner
1270: 73 20 69 73 20 74 68 61 74 20 74 68 65 20 65 6e  s is that the en
1280: 67 69 6e 65 73 20 64 65 6c 65 67 61 74 65 20 6d  gines delegate m
1290: 75 63 68 20 6f 66 20 77 68 61 74 20 52 6f 75 74  uch of what Rout
12a0: 65 72 4f 53 20 6c 61 63 6b 73 20 74 6f 20 74 68  erOS lacks to th
12b0: 65 20 72 75 6e 6e 65 72 2c 20 73 6f 20 74 68 61  e runner, so tha
12c0: 74 20 65 76 65 6e 20 74 68 65 6e 20 69 74 e2 80  t even then it�
12d0: 99 73 20 61 6e 20 75 6e 62 61 6c 61 6e 63 65 64  �s an unbalanced
12e0: 20 63 6f 6d 70 61 72 69 73 6f 6e 2e 20 54 68 65   comparison. The
12f0: 20 5b 60 6b 69 6c 6c 60 5d 28 23 6b 69 6c 6c 29   [`kill`](#kill)
1300: 2c 20 5b 60 70 73 60 5d 28 23 70 73 29 2c 20 61  , [`ps`](#ps), a
1310: 6e 64 20 5b 60 70 61 75 73 65 60 5d 28 23 70 61  nd [`pause`](#pa
1320: 75 73 65 29 20 63 6f 6d 6d 61 6e 64 73 20 6d 69  use) commands mi
1330: 73 73 69 6e 67 20 66 72 6f 6d 20 60 63 6f 6e 74  ssing from `cont
1340: 61 69 6e 65 72 2e 6e 70 6b 60 20 61 72 65 20 70  ainer.npk` are p
1350: 72 6f 76 69 64 65 64 20 69 6e 20 44 6f 63 6b 65  rovided in Docke
1360: 72 20 45 6e 67 69 6e 65 20 77 61 79 20 64 6f 77  r Engine way dow
1370: 6e 20 61 74 20 74 68 65 20 60 72 75 6e 63 60 20  n at the `runc` 
1380: 6c 65 76 65 6c 2c 20 6e 6f 74 20 75 70 20 61 74  level, not up at
1390: 20 74 68 65 20 74 6f 70 2d 6c 65 76 65 6c 20 43   the top-level C
13a0: 4c 49 2e 0d 0a 0d 0a 57 69 74 68 20 74 68 69 73  LI.....With this
13b0: 20 67 72 6f 75 6e 64 69 6e 67 2c 20 6c 65 74 20   grounding, let 
13c0: 75 73 20 64 69 76 65 20 69 6e 74 6f 20 74 68 65  us dive into the
13d0: 20 64 65 74 61 69 6c 73 2e 0d 0a 0d 0a 5b 63 61   details.....[ca
13e0: 70 73 5d 3a 20 20 20 68 74 74 70 73 3a 2f 2f 77  ps]:   https://w
13f0: 77 77 2e 6d 61 6e 37 2e 6f 72 67 2f 6c 69 6e 75  ww.man7.org/linu
1400: 78 2f 6d 61 6e 2d 70 61 67 65 73 2f 6d 61 6e 37  x/man-pages/man7
1410: 2f 63 61 70 61 62 69 6c 69 74 69 65 73 2e 37 2e  /capabilities.7.
1420: 68 74 6d 6c 0d 0a 5b 43 6f 57 5d 3a 20 20 20 20  html..[CoW]:    
1430: 68 74 74 70 73 3a 2f 2f 65 6e 2e 77 69 6b 69 70  https://en.wikip
1440: 65 64 69 61 2e 6f 72 67 2f 77 69 6b 69 2f 43 6f  edia.org/wiki/Co
1450: 70 79 2d 6f 6e 2d 77 72 69 74 65 0d 0a 5b 4f 43  py-on-write..[OC
1460: 49 5d 3a 20 20 20 20 68 74 74 70 73 3a 2f 2f 6f  I]:    https://o
1470: 70 65 6e 63 6f 6e 74 61 69 6e 65 72 73 2e 6f 72  pencontainers.or
1480: 67 2f 0d 0a 5b 72 6c 69 6d 69 74 5d 3a 20 68 74  g/..[rlimit]: ht
1490: 74 70 73 3a 2f 2f 77 77 77 2e 6d 61 6e 37 2e 6f  tps://www.man7.o
14a0: 72 67 2f 6c 69 6e 75 78 2f 6d 61 6e 2d 70 61 67  rg/linux/man-pag
14b0: 65 73 2f 6d 61 6e 32 2f 67 65 74 72 6c 69 6d 69  es/man2/getrlimi
14c0: 74 2e 32 2e 68 74 6d 6c 0d 0a 5b 73 64 63 6e 74  t.2.html..[sdcnt
14d0: 5d 3a 20 20 68 74 74 70 73 3a 2f 2f 70 61 63 6b  ]:  https://pack
14e0: 61 67 65 73 2e 66 65 64 6f 72 61 70 72 6f 6a 65  ages.fedoraproje
14f0: 63 74 2e 6f 72 67 2f 70 6b 67 73 2f 73 79 73 74  ct.org/pkgs/syst
1500: 65 6d 64 2f 73 79 73 74 65 6d 64 2d 63 6f 6e 74  emd/systemd-cont
1510: 61 69 6e 65 72 2f 0d 0a 5b 73 64 6e 73 70 5d 3a  ainer/..[sdnsp]:
1520: 20 20 68 74 74 70 73 3a 2f 2f 77 69 6b 69 2e 61    https://wiki.a
1530: 72 63 68 6c 69 6e 75 78 2e 6f 72 67 2f 74 69 74  rchlinux.org/tit
1540: 6c 65 2f 53 79 73 74 65 6d 64 2d 6e 73 70 61 77  le/Systemd-nspaw
1550: 6e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69 64 3d  n......## <a id=
1560: 22 63 72 65 61 74 65 22 20 6e 61 6d 65 3d 22 6c  "create" name="l
1570: 6f 61 64 22 3e 3c 2f 61 3e 43 6f 6e 74 61 69 6e  oad"></a>Contain
1580: 65 72 20 43 72 65 61 74 69 6f 6e 0d 0a 0d 0a 54  er Creation....T
1590: 68 65 20 73 69 6e 67 6c 65 20 62 69 67 67 65 73  he single bigges
15a0: 74 20 61 72 65 61 20 6f 66 20 64 69 66 66 65 72  t area of differ
15b0: 65 6e 63 65 20 62 65 74 77 65 65 6e 20 74 68 65  ence between the
15c0: 20 6c 69 6b 65 73 20 6f 66 20 44 6f 63 6b 65 72   likes of Docker
15d0: 20 61 6e 64 20 74 68 65 20 52 6f 75 74 65 72 4f   and the RouterO
15e0: 53 20 60 63 6f 6e 74 61 69 6e 65 72 2e 6e 70 6b  S `container.npk
15f0: 60 20 66 65 61 74 75 72 65 20 69 73 20 68 6f 77  ` feature is how
1600: 20 79 6f 75 20 63 72 65 61 74 65 20 63 6f 6e 74   you create cont
1610: 61 69 6e 65 72 73 20 66 72 6f 6d 20 5b 4f 43 49  ainers from [OCI
1620: 5d 20 69 6d 61 67 65 73 2e 20 49 74 20 63 6f 6d  ] images. It com
1630: 62 69 6e 65 73 20 44 6f 63 6b 65 72 e2 80 99 73  bines Docker’s
1640: 20 60 63 72 65 61 74 65 60 20 61 6e 64 20 60 6c   `create` and `l
1650: 6f 61 64 60 20 63 6f 6d 6d 61 6e 64 73 20 75 6e  oad` commands un
1660: 64 65 72 20 60 2f 63 6f 6e 74 61 69 6e 65 72 2f  der `/container/
1670: 61 64 64 60 2c 20 74 68 65 20 64 69 73 74 69 6e  add`, the distin
1680: 63 74 69 6f 6e 20 65 78 70 72 65 73 73 65 64 20  ction expressed 
1690: 62 79 20 77 68 65 74 68 65 72 20 79 6f 75 20 67  by whether you g
16a0: 69 76 65 20 69 74 20 74 68 65 20 60 72 65 6d 6f  ive it the `remo
16b0: 74 65 2d 69 6d 61 67 65 60 20 6f 72 20 60 66 69  te-image` or `fi
16c0: 6c 65 60 20 6f 70 74 69 6f 6e 2c 20 72 65 73 70  le` option, resp
16d0: 65 63 74 69 76 65 6c 79 2e 0d 0a 0d 0a 47 69 76  ectively.....Giv
16e0: 65 6e 20 74 68 65 20 73 69 7a 65 20 6f 66 20 74  en the size of t
16f0: 68 65 20 6f 75 74 70 75 74 20 66 72 6f 6d 20 60  he output from `
1700: 64 6f 63 6b 65 72 20 63 72 65 61 74 65 20 2d 2d  docker create --
1710: 68 65 6c 70 60 2c 20 69 74 20 73 68 6f 75 6c 64  help`, it should
1720: 20 6e 6f 74 20 62 65 20 73 75 72 70 72 69 73 69   not be surprisi
1730: 6e 67 20 74 68 61 74 20 74 68 65 20 62 75 6c 6b  ng that the bulk
1740: 20 6f 66 20 74 68 61 74 20 69 73 20 65 69 74 68   of that is eith
1750: 65 72 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65  er not available
1760: 20 69 6e 20 52 6f 75 74 65 72 4f 53 20 6f 72 20   in RouterOS or 
1770: 65 78 69 73 74 73 20 69 6e 20 61 20 76 65 72 79  exists in a very
1780: 20 64 69 66 66 65 72 65 6e 74 20 66 6f 72 6d 2e   different form.
1790: 20 4d 6f 73 74 20 6f 66 20 74 68 65 73 65 20 6c   Most of these l
17a0: 69 6d 69 74 61 74 69 6f 6e 73 20 73 74 65 6d 20  imitations stem 
17b0: 66 72 6f 6d 20 5b 74 68 65 20 6c 69 73 74 20 61  from [the list a
17c0: 62 6f 76 65 5d 28 23 67 6c 6f 62 61 6c 29 2e 20  bove](#global). 
17d0: 46 6f 72 20 69 6e 73 74 61 6e 63 65 2c 20 74 68  For instance, th
17e0: 65 20 6c 61 63 6b 20 6f 66 20 61 6e 79 20 43 50  e lack of any CP
17f0: 55 20 75 73 61 67 65 20 6c 69 6d 69 74 20 66 65  U usage limit fe
1800: 61 74 75 72 65 73 20 6d 65 61 6e 73 20 74 68 65  atures means the
1810: 72 65 20 69 73 20 6e 6f 20 65 71 75 69 76 61 6c  re is no equival
1820: 65 6e 74 20 75 6e 64 65 72 20 60 2f 63 6f 6e 74  ent under `/cont
1830: 61 69 6e 65 72 60 20 66 6f 72 20 74 68 65 20 73  ainer` for the s
1840: 65 76 65 72 61 6c 20 60 64 6f 63 6b 65 72 20 63  everal `docker c
1850: 72 65 61 74 65 20 2d 2d 63 70 75 2a 60 20 6f 70  reate --cpu*` op
1860: 74 69 6f 6e 73 2e 20 52 61 74 68 65 72 20 74 68  tions. Rather th
1870: 61 6e 20 67 6f 20 69 6e 74 6f 20 74 68 65 73 65  an go into these
1880: 20 6f 70 74 69 6f 6e 73 20 6f 6e 65 20 62 79 20   options one by 
1890: 6f 6e 65 2c 20 49 e2 80 99 6c 6c 20 63 6f 76 65  one, I’ll cove
18a0: 72 20 74 68 65 20 6f 6e 65 73 20 77 68 65 72 65  r the ones where
18b0: 20 74 68 65 20 61 6e 73 77 65 72 73 20 63 61 6e   the answers can
18c0: 6e 6f 74 20 62 65 20 67 6c 65 61 6e 65 64 20 74  not be gleaned t
18d0: 68 72 6f 75 67 68 20 61 20 63 61 72 65 66 75 6c  hrough a careful
18e0: 20 72 65 61 64 69 6e 67 20 6f 66 20 74 68 65 20   reading of the 
18f0: 72 65 73 74 20 6f 66 20 74 68 69 73 20 61 72 74  rest of this art
1900: 69 63 6c 65 3a 0d 0a 0d 0a 2a 20 20 20 2a 2a 60  icle:....*   **`
1910: 2d 2d 65 6e 76 60 2a 2a 3a 20 54 68 65 20 65 71  --env`**: The eq
1920: 75 69 76 61 6c 65 6e 74 20 69 73 20 74 68 69 73  uivalent is this
1930: 20 52 6f 75 74 65 72 4f 53 20 63 6f 6d 6d 61 6e   RouterOS comman
1940: 64 20 70 61 69 72 3a 0d 0a 0d 0a 20 20 20 20 20  d pair:....     
1950: 20 20 20 2f 63 6f 6e 74 61 69 6e 65 72 2f 65 6e     /container/en
1960: 76 73 2f 61 64 64 20 6e 61 6d 65 3d 4e 41 4d 45  vs/add name=NAME
1970: 20 e2 80 a6 0d 0a 20 20 20 20 20 20 20 20 2f 63   …..        /c
1980: 6f 6e 74 61 69 6e 65 72 2f 61 64 64 20 65 6e 76  ontainer/add env
1990: 6c 69 73 74 3d 4e 41 4d 45 20 e2 80 a6 0d 0a 0d  list=NAME …...
19a0: 0a 20 20 20 20 54 68 69 73 20 69 73 20 69 6e 20  .    This is in 
19b0: 66 61 63 74 20 63 6c 6f 73 65 72 20 74 6f 20 74  fact closer to t
19c0: 68 65 20 77 61 79 20 74 68 65 20 2a 2a 60 2d 2d  he way the **`--
19d0: 65 6e 76 2d 66 69 6c 65 60 2a 2a 20 6f 70 74 69  env-file`** opti
19e0: 6f 6e 20 77 6f 72 6b 73 2c 20 65 78 63 65 70 74  on works, except
19f0: 20 74 68 61 74 20 75 6e 64 65 72 20 52 6f 75 74   that under Rout
1a00: 65 72 4f 53 2c 20 74 68 69 73 20 70 61 72 74 69  erOS, this parti
1a10: 63 75 6c 61 72 20 e2 80 9c 66 69 6c 65 e2 80 9d  cular “file”
1a20: 20 69 73 6e e2 80 99 74 20 73 74 6f 72 65 64 20   isn’t stored 
1a30: 75 6e 64 65 72 20 60 2f 66 69 6c 65 60 21 0d 0a  under `/file`!..
1a40: 0d 0a 2a 20 20 20 2a 2a 60 2d 2d 65 78 70 6f 73  ..*   **`--expos
1a50: 65 60 2f 60 2d 2d 70 75 62 6c 69 73 68 60 2a 2a  e`/`--publish`**
1a60: 3a 20 3c 61 20 69 64 3d 22 70 75 62 6c 69 73 68  : <a id="publish
1a70: 22 3e 3c 2f 61 3e 54 68 65 20 56 45 54 48 20 79  "></a>The VETH y
1a80: 6f 75 20 61 74 74 61 63 68 20 74 68 65 20 63 6f  ou attach the co
1a90: 6e 74 61 69 6e 65 72 20 74 6f 20 6d 61 6b 65 73  ntainer to makes
1aa0: 20 65 76 65 72 79 20 6c 69 73 74 65 6e 69 6e 67   every listening
1ab0: 20 73 6f 63 6b 65 74 20 76 69 73 69 62 6c 65 20   socket visible 
1ac0: 62 79 20 64 65 66 61 75 6c 74 2e 20 49 74 20 69  by default. It i
1ad0: 73 20 6c 65 66 74 20 75 70 20 74 6f 20 79 6f 75  s left up to you
1ae0: 20 74 6f 20 6d 61 6e 75 61 6c 6c 79 20 62 6c 6f   to manually blo
1af0: 63 6b 20 6f 66 66 20 61 6e 79 74 68 69 6e 67 20  ck off anything 
1b00: 65 78 70 6f 73 65 64 20 61 67 61 69 6e 73 74 20  exposed against 
1b10: 79 6f 75 72 20 77 69 73 68 65 73 20 62 79 20 75  your wishes by u
1b20: 73 65 20 6f 66 20 60 2f 69 70 2f 66 69 72 65 77  se of `/ip/firew
1b30: 61 6c 6c 2f 66 69 6c 74 65 72 60 20 63 6f 6d 6d  all/filter` comm
1b40: 61 6e 64 73 2e 0d 0a 0d 0a 2a 20 20 20 2a 2a 60  ands.....*   **`
1b50: 2d 2d 68 65 61 6c 74 68 2d 63 6d 64 60 2a 2a 3a  --health-cmd`**:
1b60: 20 42 65 63 61 75 73 65 20 68 65 61 6c 74 68 2d   Because health-
1b70: 63 68 65 63 6b 73 20 61 72 65 20 6f 66 74 65 6e  checks are often
1b80: 20 69 6d 70 6c 65 6d 65 6e 74 65 64 20 62 79 20   implemented by 
1b90: 70 65 72 69 6f 64 69 63 20 41 50 49 20 63 61 6c  periodic API cal
1ba0: 6c 73 20 74 6f 20 76 65 72 69 66 79 20 74 68 61  ls to verify tha
1bb0: 74 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20  t the container 
1bc0: 63 6f 6e 74 69 6e 75 65 73 20 74 6f 20 72 75 6e  continues to run
1bd0: 20 70 72 6f 70 65 72 6c 79 2c 20 74 68 65 20 6c   properly, the l
1be0: 6f 67 69 63 61 6c 20 65 71 75 69 76 61 6c 65 6e  ogical equivalen
1bf0: 74 20 75 6e 64 65 72 20 52 6f 75 74 65 72 4f 53  t under RouterOS
1c00: 20 69 73 20 74 6f 20 5b 73 63 72 69 70 74 5d 20   is to [script] 
1c10: 63 61 6c 6c 73 20 74 6f 20 5b 60 2f 66 65 74 63  calls to [`/fetc
1c20: 68 60 5d 28 68 74 74 70 73 3a 2f 2f 68 65 6c 70  h`](https://help
1c30: 2e 6d 69 6b 72 6f 74 69 6b 2e 63 6f 6d 2f 64 6f  .mikrotik.com/do
1c40: 63 73 2f 64 69 73 70 6c 61 79 2f 52 4f 53 2f 46  cs/display/ROS/F
1c50: 65 74 63 68 29 2c 20 77 68 69 63 68 20 74 68 65  etch), which the
1c60: 6e 20 69 73 73 75 65 73 20 60 2f 63 6f 6e 74 61  n issues `/conta
1c70: 69 6e 65 72 2f 7b 73 74 6f 70 2c 73 74 61 72 74  iner/{stop,start
1c80: 7d 60 20 63 61 6c 6c 73 20 74 6f 20 72 65 6d 65  }` calls to reme
1c90: 64 69 61 74 65 20 61 6e 79 20 70 72 6f 62 6c 65  diate any proble
1ca0: 6d 73 20 69 74 20 66 69 6e 64 73 2e 0d 0a 0d 0a  ms it finds.....
1cb0: 2a 20 20 20 2a 2a 60 2d 2d 69 6e 69 74 60 2a 2a  *   **`--init`**
1cc0: 3a 20 41 6c 74 68 6f 75 67 68 20 74 68 65 72 65  : Although there
1cd0: 20 69 73 20 6e 6f 20 64 69 72 65 63 74 20 65 71   is no direct eq
1ce0: 75 69 76 61 6c 65 6e 74 20 74 6f 20 74 68 69 73  uivalent to this
1cf0: 20 69 6e 20 52 6f 75 74 65 72 4f 53 2c 20 6e 6f   in RouterOS, no
1d00: 74 68 69 6e 67 20 73 74 6f 70 73 20 79 6f 75 20  thing stops you 
1d10: 66 72 6f 6d 20 64 6f 69 6e 67 20 69 74 20 74 68  from doing it th
1d20: 65 20 6f 6c 64 2d 73 63 68 6f 6f 6c 20 77 61 79  e old-school way
1d30: 2c 20 63 72 65 61 74 69 6e 67 20 61 20 63 6f 6e  , creating a con
1d40: 74 61 69 6e 65 72 20 74 68 61 74 20 63 61 6c 6c  tainer that call
1d50: 73 20 e2 80 9c 60 45 4e 54 52 59 50 4f 49 4e 54  s “`ENTRYPOINT
1d60: 20 2f 73 62 69 6e 2f 69 6e 69 74 60 e2 80 9d 20   /sbin/init`” 
1d70: 6f 72 20 73 69 6d 69 6c 61 72 2c 20 77 68 69 63  or similar, whic
1d80: 68 20 74 68 65 6e 20 73 74 61 72 74 73 20 74 68  h then starts th
1d90: 65 20 73 75 62 6f 72 64 69 6e 61 74 65 20 73 65  e subordinate se
1da0: 72 76 69 63 65 73 20 69 6e 73 69 64 65 20 74 68  rvices inside th
1db0: 61 74 20 63 6f 6e 74 61 69 6e 65 72 2e 20 49 74  at container. It
1dc0: 20 77 6f 75 6c 64 20 62 65 20 73 6f 6d 65 77 68   would be somewh
1dd0: 61 74 20 73 69 6c 6c 79 20 74 6f 20 75 73 65 20  at silly to use 
1de0: 73 79 73 74 65 6d 64 20 66 6f 72 20 74 68 69 73  systemd for this
1df0: 20 69 6e 20 61 20 63 6f 6e 74 61 69 6e 65 72 20   in a container 
1e00: 6d 65 61 6e 74 20 74 6f 20 72 75 6e 20 6f 6e 20  meant to run on 
1e10: 52 6f 75 74 65 72 4f 53 20 69 6e 20 70 61 72 74  RouterOS in part
1e20: 69 63 75 6c 61 72 3b 20 61 20 6d 6f 72 65 20 73  icular; a more s
1e30: 75 69 74 61 62 6c 65 20 61 6c 74 65 72 6e 61 74  uitable alternat
1e40: 69 76 65 20 77 6f 75 6c 64 20 62 65 20 5b 41 6c  ive would be [Al
1e50: 70 69 6e 65 e2 80 99 73 20 4f 70 65 6e 52 43 5d  pine’s OpenRC]
1e60: 28 68 74 74 70 73 3a 2f 2f 77 69 6b 69 2e 61 6c  (https://wiki.al
1e70: 70 69 6e 65 6c 69 6e 75 78 2e 6f 72 67 2f 77 69  pinelinux.org/wi
1e80: 6b 69 2f 4f 70 65 6e 52 43 29 20 69 6e 69 74 20  ki/OpenRC) init 
1e90: 73 79 73 74 65 6d 2c 20 61 20 70 6f 70 75 6c 61  system, a popula
1ea0: 72 20 6f 70 74 69 6f 6e 20 66 6f 72 20 6d 61 6e  r option for man
1eb0: 61 67 69 6e 67 20 69 6e 2d 63 6f 6e 74 61 69 6e  aging in-contain
1ec0: 65 72 20 73 65 72 76 69 63 65 73 2e 0d 0a 0d 0a  er services.....
1ed0: 2a 20 20 20 2a 2a 60 2d 2d 6c 61 62 65 6c 60 2a  *   **`--label`*
1ee0: 2a 3a 20 54 68 65 20 63 6c 6f 73 65 73 74 20 65  *: The closest e
1ef0: 71 75 69 76 61 6c 65 6e 74 20 69 73 20 52 6f 75  quivalent is Rou
1f00: 74 65 72 4f 53 e2 80 99 73 20 60 63 6f 6d 6d 65  terOS’s `comme
1f10: 6e 74 60 20 66 61 63 69 6c 69 74 79 2c 20 77 68  nt` facility, wh
1f20: 69 63 68 20 79 6f 75 20 63 61 6e 20 61 70 70 6c  ich you can appl
1f30: 79 20 74 6f 20 61 20 72 75 6e 6e 69 6e 67 20 63  y to a running c
1f40: 6f 6e 74 61 69 6e 65 72 20 77 69 74 68 20 e2 80  ontainer with �
1f50: 9c 60 2f 63 6f 6e 74 61 69 6e 65 72 2f 73 65 74  �`/container/set
1f60: 20 30 20 63 6f 6d 6d 65 6e 74 3d 4d 59 4c 41 42   0 comment=MYLAB
1f70: 45 4c 60 e2 80 9d 2e 0d 0a 0d 0a 2a 20 20 20 2a  EL`”.....*   *
1f80: 2a 60 2d 2d 6d 61 63 2d 61 64 64 72 65 73 73 60  *`--mac-address`
1f90: 2a 2a 3a 20 49 66 20 52 6f 75 74 65 72 4f 53 20  **: If RouterOS 
1fa0: 68 61 64 20 74 68 69 73 2c 20 49 20 77 6f 75 6c  had this, I woul
1fb0: 64 20 65 78 70 65 63 74 20 69 74 20 74 6f 20 62  d expect it to b
1fc0: 65 20 6f 66 66 65 72 65 64 20 61 73 20 e2 80 9c  e offered as “
1fd0: 60 2f 69 6e 74 65 72 66 61 63 65 2f 76 65 74 68  `/interface/veth
1fe0: 2f 73 65 74 20 6d 61 63 2d 61 64 64 72 65 73 73  /set mac-address
1ff0: 3d e2 80 a6 60 e2 80 9d 2c 20 62 75 74 20 74 68  =…`”, but th
2000: 61 74 20 64 6f 65 73 20 6e 6f 74 20 63 75 72 72  at does not curr
2010: 65 6e 74 6c 79 20 65 78 69 73 74 2e 20 41 73 20  ently exist. As 
2020: 69 74 20 73 74 61 6e 64 73 2c 20 61 20 56 45 54  it stands, a VET
2030: 48 20 69 6e 74 65 72 66 61 63 65 e2 80 99 73 20  H interface’s 
2040: 4d 41 43 20 61 64 64 72 65 73 73 20 69 73 20 72  MAC address is r
2050: 61 6e 64 6f 6d 2c 20 73 61 6d 65 20 61 73 20 74  andom, same as t
2060: 68 65 20 64 65 66 61 75 6c 74 20 62 65 68 61 76  he default behav
2070: 69 6f 72 20 6f 66 20 44 6f 63 6b 65 72 2e 0d 0a  ior of Docker...
2080: 0d 0a 2a 20 20 20 2a 2a 60 2d 2d 6e 65 74 77 6f  ..*   **`--netwo
2090: 72 6b 60 2a 2a 3a 20 54 68 69 73 20 6f 6e 65 20  rk`**: This one 
20a0: 69 73 20 74 72 69 63 6b 79 2e 20 57 68 69 6c 65  is tricky. While
20b0: 20 74 68 65 72 65 20 69 73 20 63 65 72 74 61 69   there is certai
20c0: 6e 6c 79 20 6e 6f 74 68 69 6e 67 20 6c 69 6b 65  nly nothing like
20d0: 20 e2 80 9c 60 2f 63 6f 6e 74 61 69 6e 65 72 2f   “`/container/
20e0: 61 64 64 20 6e 65 74 77 6f 72 6b 3d e2 80 a6 60  add network=…`
20f0: e2 80 9d 2c 20 69 74 e2 80 99 73 20 66 61 69 72  ”, it’s fair
2100: 20 74 6f 20 73 61 79 20 74 68 65 20 65 71 75 69   to say the equi
2110: 76 61 6c 65 6e 74 20 69 73 2c 20 e2 80 9c 52 6f  valent is, “Ro
2120: 75 74 65 72 4f 53 2e e2 80 9d 20 59 6f 75 20 61  uterOS.” You a
2130: 72 65 2c 20 61 66 74 65 72 20 61 6c 6c 2c 20 72  re, after all, r
2140: 75 6e 6e 69 6e 67 20 74 68 69 73 20 63 6f 6e 74  unning this cont
2150: 61 69 6e 65 72 20 61 74 6f 70 20 61 20 68 69 67  ainer atop a hig
2160: 68 6c 79 20 66 65 61 74 75 72 65 66 75 6c 20 6e  hly featureful n
2170: 65 74 77 6f 72 6b 20 6f 70 65 72 61 74 69 6e 67  etwork operating
2180: 20 73 79 73 74 65 6d 2e 20 42 61 72 65 2d 62 6f   system. Bare-bo
2190: 6e 65 73 20 74 68 65 20 60 63 6f 6e 74 61 69 6e  nes the `contain
21a0: 65 72 2e 6e 70 6b 60 20 72 75 6e 74 69 6d 65 20  er.npk` runtime 
21b0: 6d 61 79 20 62 65 2c 20 62 75 74 20 61 6e 79 20  may be, but any 
21c0: 6c 69 6d 69 74 61 74 69 6f 6e 73 20 79 6f 75 20  limitations you 
21d0: 72 75 6e 20 69 6e 74 6f 20 77 69 74 68 20 74 68  run into with th
21e0: 65 20 6e 65 74 77 6f 72 6b 20 69 74 20 61 74 74  e network it att
21f0: 61 63 68 65 73 20 74 6f 20 61 72 65 20 6d 6f 72  aches to are mor
2200: 65 20 61 20 72 65 66 6c 65 63 74 69 6f 6e 20 6f  e a reflection o
2210: 66 20 79 6f 75 72 20 69 6d 61 67 69 6e 61 74 69  f your imaginati
2220: 6f 6e 20 61 6e 64 20 73 6b 69 6c 6c 20 74 68 61  on and skill tha
2230: 6e 20 74 6f 20 6c 61 63 6b 20 6f 66 20 63 6f 6d  n to lack of com
2240: 6d 61 6e 64 20 6f 70 74 69 6f 6e 73 20 75 6e 64  mand options und
2250: 65 72 20 60 2f 63 6f 6e 74 61 69 6e 65 72 60 2e  er `/container`.
2260: 0d 0a 0d 0a 2a 20 20 20 2a 2a 60 2d 2d 70 69 64  ....*   **`--pid
2270: 2f 75 74 73 60 2a 2a 3a 20 54 68 65 20 52 6f 75  /uts`**: The Rou
2280: 74 65 72 4f 53 20 63 6f 6e 74 61 69 6e 65 72 20  terOS container 
2290: 72 75 6e 6e 65 72 20 6d 75 73 74 20 75 73 65 20  runner must use 
22a0: 4c 69 6e 75 78 20 6e 61 6d 65 73 70 61 63 65 73  Linux namespaces
22b0: 20 75 6e 64 65 72 20 74 68 65 20 68 6f 6f 64 2c   under the hood,
22c0: 20 62 75 74 20 69 74 20 64 6f 65 73 20 6e 6f 74   but it does not
22d0: 20 6f 66 66 65 72 20 79 6f 75 20 63 6f 6e 74 72   offer you contr
22e0: 6f 6c 20 6f 76 65 72 20 77 68 69 63 68 20 50 49  ol over which PI
22f0: 44 2c 20 66 69 6c 65 2c 20 6e 65 74 77 6f 72 6b  D, file, network
2300: 2c 20 75 73 65 72 2c 20 65 74 63 2e 20 6e 61 6d  , user, etc. nam
2310: 65 73 70 61 63 65 73 20 65 61 63 68 20 63 6f 6e  espaces each con
2320: 74 61 69 6e 65 72 20 75 73 65 73 2e 20 53 65 65  tainer uses. See
2330: 20 61 6c 73 6f 20 5b 74 68 69 73 5d 28 23 72 6f   also [this](#ro
2340: 6f 74 29 2e 0d 0a 0d 0a 2a 20 20 20 2a 2a 60 2d  ot).....*   **`-
2350: 2d 72 65 61 64 2d 6f 6e 6c 79 60 2a 2a 3a 20 52  -read-only`**: R
2360: 6f 75 74 65 72 4f 53 20 6f 66 66 65 72 73 20 70  outerOS offers p
2370: 72 65 63 69 6f 75 73 20 6c 69 74 74 6c 65 20 69  recious little i
2380: 6e 20 74 65 72 6d 73 20 6f 66 20 66 69 6c 65 20  n terms of file 
2390: 73 79 73 74 65 6d 20 70 65 72 6d 69 73 73 69 6f  system permissio
23a0: 6e 20 61 64 6a 75 73 74 6d 65 6e 74 2e 20 41 73  n adjustment. As
23b0: 20 61 20 72 75 6c 65 2c 20 69 74 20 69 73 20 62   a rule, it is b
23c0: 65 73 74 20 74 6f 20 65 69 74 68 65 72 20 73 68  est to either sh
23d0: 65 6c 6c 20 69 6e 74 6f 20 74 68 65 20 63 6f 6e  ell into the con
23e0: 74 61 69 6e 65 72 20 61 6e 64 20 61 64 6a 75 73  tainer and adjus
23f0: 74 20 70 65 72 6d 69 73 73 69 6f 6e 73 20 74 68  t permissions th
2400: 65 72 65 20 6f 72 20 72 65 62 75 69 6c 64 20 74  ere or rebuild t
2410: 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 77 69 74  he container wit
2420: 68 20 74 68 65 20 70 65 72 6d 69 73 73 69 6f 6e  h the permission
2430: 73 20 79 6f 75 20 77 61 6e 74 20 66 72 6f 6d 20  s you want from 
2440: 67 6f 2e 20 41 6e 79 20 65 78 70 65 63 74 61 74  go. Any expectat
2450: 69 6f 6e 73 20 62 61 73 65 64 20 6f 6e 20 62 65  ions based on be
2460: 69 6e 67 20 61 62 6c 65 20 74 6f 20 61 64 6a 75  ing able to adju
2470: 73 74 20 61 6e 79 20 6f 66 20 74 68 69 73 20 62  st any of this b
2480: 65 74 77 65 65 6e 20 69 6d 61 67 65 20 64 6f 77  etween image dow
2490: 6e 6c 6f 61 64 20 74 69 6d 65 20 61 6e 64 20 63  nload time and c
24a0: 6f 6e 74 61 69 6e 65 72 20 63 72 65 61 74 69 6f  ontainer creatio
24b0: 6e 20 74 69 6d 65 20 61 72 65 20 6c 69 6b 65 6c  n time are likel
24c0: 79 20 74 6f 20 66 6f 75 6e 64 65 72 2e 0d 0a 0d  y to founder....
24d0: 0a 2a 20 20 20 2a 2a 60 2d 2d 72 65 73 74 61 72  .*   **`--restar
24e0: 74 60 2a 2a 3a 20 3c 61 20 69 64 3d 22 72 65 73  t`**: <a id="res
24f0: 74 61 72 74 22 3e 3c 2f 61 3e 54 68 65 20 63 6c  tart"></a>The cl
2500: 6f 73 65 73 74 20 52 6f 75 74 65 72 4f 53 20 67  osest RouterOS g
2510: 65 74 73 20 74 6f 20 74 68 69 73 20 69 73 20 69  ets to this is i
2520: 74 73 20 60 73 74 61 72 74 2d 6f 6e 2d 62 6f 6f  ts `start-on-boo
2530: 74 60 20 73 65 74 74 69 6e 67 2c 20 6d 65 61 6e  t` setting, mean
2540: 69 6e 67 20 79 6f 75 e2 80 99 64 20 68 61 76 65  ing you’d have
2550: 20 74 6f 20 72 65 62 6f 6f 74 20 74 68 65 20 72   to reboot the r
2560: 6f 75 74 65 72 20 74 6f 20 67 65 74 20 74 68 65  outer to get the
2570: 20 63 6f 6e 74 61 69 6e 65 72 20 74 6f 20 72 65   container to re
2580: 73 74 61 72 74 2e 20 49 66 20 79 6f 75 20 77 61  start. If you wa
2590: 6e 74 20 61 75 74 6f 6d 61 74 69 63 20 72 65 73  nt automatic res
25a0: 74 61 72 74 73 2c 20 79 6f 75 20 77 69 6c 6c 20  tarts, you will 
25b0: 68 61 76 65 20 74 6f 20 5b 73 63 72 69 70 74 5d  have to [script]
25c0: 20 69 74 2e 0d 0a 0d 0a 2a 20 20 20 2a 2a 60 2d   it.....*   **`-
25d0: 2d 72 6d 60 2a 2a 3a 20 4e 6f 20 64 69 72 65 63  -rm`**: No direc
25e0: 74 20 65 71 75 69 76 61 6c 65 6e 74 2e 20 54 68  t equivalent. Th
25f0: 65 72 65 20 69 73 20 61 20 6d 61 6e 75 61 6c 20  ere is a manual 
2600: 60 2f 63 6f 6e 74 61 69 6e 65 72 2f 72 65 6d 6f  `/container/remo
2610: 76 65 60 20 63 6f 6d 6d 61 6e 64 2c 20 62 75 74  ve` command, but
2620: 20 6e 6f 74 68 69 6e 67 20 6c 69 6b 65 20 74 68   nothing like th
2630: 69 73 20 6f 70 74 69 6f 6e 2c 20 77 68 69 63 68  is option, which
2640: 20 63 61 75 73 65 73 20 74 68 65 20 63 6f 6e 74   causes the cont
2650: 61 69 6e 65 72 20 72 75 6e 74 69 6d 65 20 74 6f  ainer runtime to
2660: 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 72   automatically r
2670: 65 6d 6f 76 65 20 74 68 65 20 69 6e 73 74 61 6e  emove the instan
2680: 74 69 61 74 65 64 20 63 6f 6e 74 61 69 6e 65 72  tiated container
2690: 20 61 66 74 65 72 20 69 74 20 65 78 69 74 73 2e   after it exits.
26a0: 20 49 74 e2 80 99 73 20 6a 75 73 74 20 61 73 20   It’s just as 
26b0: 77 65 6c 6c 20 73 69 6e 63 65 20 74 68 69 73 20  well since this 
26c0: 6f 70 74 69 6f 6e 20 69 73 20 6d 6f 73 74 20 6f  option is most o
26d0: 66 74 65 6e 20 75 73 65 64 20 77 68 65 6e 20 72  ften used when r
26e0: 75 6e 6e 69 6e 67 20 5f 61 64 20 68 6f 63 5f 20  unning _ad hoc_ 
26f0: 63 6f 6e 74 61 69 6e 65 72 73 20 6d 61 64 65 20  containers made 
2700: 66 72 6f 6d 20 61 20 70 72 65 76 69 6f 75 73 6c  from a previousl
2710: 79 20 64 6f 77 6e 6c 6f 61 64 65 64 20 69 6d 61  y downloaded ima
2720: 67 65 3b 20 52 6f 75 74 65 72 4f 53 e2 80 99 73  ge; RouterOS’s
2730: 20 6c 61 63 6b 20 6f 66 20 61 6e 20 69 6d 61 67   lack of an imag
2740: 65 20 63 61 63 68 65 20 6d 65 61 6e 73 20 79 6f  e cache means yo
2750: 75 20 68 61 76 65 20 74 6f 20 67 6f 20 6f 75 74  u have to go out
2760: 20 6f 66 20 79 6f 75 72 20 77 61 79 20 74 6f 20   of your way to 
2770: 65 78 70 6f 72 74 20 61 20 74 61 72 62 61 6c 6c  export a tarball
2780: 20 6f 66 20 74 68 65 20 69 6d 61 67 65 20 61 6e   of the image an
2790: 64 20 75 70 6c 6f 61 64 20 69 74 20 74 6f 20 74  d upload it to t
27a0: 68 65 20 72 6f 75 74 65 72 2c 20 74 68 65 6e 20  he router, then 
27b0: 75 73 65 20 e2 80 9c 60 2f 63 6f 6e 74 61 69 6e  use “`/contain
27c0: 65 72 2f 61 64 64 20 66 69 6c 65 3d e2 80 a6 60  er/add file=…`
27d0: e2 80 9d 20 69 66 20 79 6f 75 20 77 61 6e 74 20  ” if you want 
27e0: 74 6f 20 61 76 6f 69 64 20 72 65 2d 64 6f 77 6e  to avoid re-down
27f0: 6c 6f 61 64 69 6e 67 20 74 68 65 20 69 6d 61 67  loading the imag
2800: 65 20 66 72 6f 6d 20 74 68 65 20 72 65 70 6f 73  e from the repos
2810: 69 74 6f 72 79 20 6f 6e 20 65 61 63 68 20 72 65  itory on each re
2820: 6c 61 75 6e 63 68 2e 0d 0a 0d 0a 54 68 61 74 20  launch.....That 
2830: 62 72 69 6e 67 73 20 75 73 20 74 6f 20 74 68 65  brings us to the
2840: 20 72 65 6c 61 74 65 64 20 6d 61 74 74 65 72 20   related matter 
2850: 6f 66 e2 80 a6 0d 0a 0d 0a 5b 73 63 72 69 70 74  of…....[script
2860: 5d 3a 20 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e  ]: https://help.
2870: 6d 69 6b 72 6f 74 69 6b 2e 63 6f 6d 2f 64 6f 63  mikrotik.com/doc
2880: 73 2f 64 69 73 70 6c 61 79 2f 52 4f 53 2f 53 63  s/display/ROS/Sc
2890: 72 69 70 74 69 6e 67 0d 0a 0d 0a 0d 0a 23 20 3c  ripting......# <
28a0: 61 20 69 64 3d 22 72 75 6e 22 3e 3c 2f 61 3e 54  a id="run"></a>T
28b0: 68 65 72 65 20 49 73 20 4e 6f 20 e2 80 9c 52 75  here Is No “Ru
28c0: 6e e2 80 9d 0d 0a 0d 0a 52 6f 75 74 65 72 4f 53  n”....RouterOS
28d0: 20 6f 66 66 65 72 73 20 6e 6f 20 73 68 6f 72 74   offers no short
28e0: 68 61 6e 64 20 63 6f 6d 6d 61 6e 64 20 61 6b 69  hand command aki
28f0: 6e 20 74 6f 20 60 64 6f 63 6b 65 72 20 72 75 6e  n to `docker run
2900: 60 20 66 6f 72 20 63 72 65 61 74 69 6e 67 20 61  ` for creating a
2910: 6e 64 20 73 74 61 72 74 69 6e 67 20 61 20 63 6f  nd starting a co
2920: 6e 74 61 69 6e 65 72 20 69 6e 20 61 20 73 69 6e  ntainer in a sin
2930: 67 6c 65 20 73 74 65 70 2e 20 4d 6f 72 65 6f 76  gle step. Moreov
2940: 65 72 2c 20 74 68 65 20 6c 61 63 6b 20 6f 66 20  er, the lack of 
2950: 4c 69 6e 75 78 2d 6c 69 6b 65 20 69 6e 74 65 72  Linux-like inter
2960: 61 63 74 69 76 65 20 74 65 72 6d 69 6e 61 6c 20  active terminal 
2970: 68 61 6e 64 6c 69 6e 67 20 e2 80 94 20 63 6f 76  handling — cov
2980: 65 72 65 64 20 5b 62 65 6c 6f 77 5d 28 23 74 65  ered [below](#te
2990: 72 6d 69 6e 61 6c 29 20 e2 80 94 20 6d 65 61 6e  rminal) — mean
29a0: 73 20 61 20 73 69 6d 70 6c 65 20 63 6f 6d 6d 61  s a simple comma
29b0: 6e 64 20 6c 69 6b 65 e2 80 a6 0d 0a 0d 0a 20 20  nd like…....  
29c0: 20 20 24 20 64 6f 63 6b 65 72 20 72 75 6e 20 2d    $ docker run -
29d0: 2d 72 6d 20 2d 69 74 20 61 6c 70 69 6e 65 3a 6c  -rm -it alpine:l
29e0: 61 74 65 73 74 0d 0a 0d 0a e2 80 a6 66 6f 6c 6c  atest....…foll
29f0: 6f 77 65 64 20 62 79 e2 80 a6 0d 0a 0d 0a 20 20  owed by…....  
2a00: 20 20 73 68 2d 35 2e 31 23 20 3c 64 6f 20 73 6f    sh-5.1# <do so
2a10: 6d 65 74 68 69 6e 67 20 69 6e 73 69 64 65 20 74  mething inside t
2a20: 68 65 20 63 6f 6e 74 61 69 6e 65 72 3e 0d 0a 20  he container>.. 
2a30: 20 20 20 73 68 2d 35 2e 31 23 20 65 78 69 74 0d     sh-5.1# exit.
2a40: 0a 0d 0a e2 80 a6 6d 61 79 20 65 6e 64 20 75 70  ...…may end up
2a50: 20 65 78 70 72 65 73 73 65 64 20 75 6e 64 65 72   expressed under
2a60: 20 52 6f 75 74 65 72 4f 53 20 61 73 e2 80 a6 0d   RouterOS as….
2a70: 0a 0d 0a 20 20 20 20 3e 20 2f 63 6f 6e 74 61 69  ...    > /contai
2a80: 6e 65 72 0d 0a 20 20 20 20 3e 20 61 64 64 20 72  ner..    > add r
2a90: 65 6d 6f 74 65 2d 69 6d 61 67 65 3d 61 6c 70 69  emote-image=alpi
2aa0: 6e 65 3a 6c 61 74 65 73 74 20 76 65 74 68 3d 76  ne:latest veth=v
2ab0: 65 74 68 31 20 65 6e 74 72 79 70 6f 69 6e 74 3d  eth1 entrypoint=
2ac0: 73 6c 65 65 70 20 63 6d 64 3d 33 36 30 30 0d 0a  sleep cmd=3600..
2ad0: 20 20 20 20 3e 20 70 72 69 6e 74 0d 0a 20 20 20      > print..   
2ae0: 20 e2 80 a6 20 6e 6f 70 65 2c 20 73 74 69 6c 6c   … nope, still
2af0: 20 64 6f 77 6e 6c 6f 61 64 69 6e 67 2c 20 77 61   downloading, wa
2b00: 69 74 20 e2 80 a6 0d 0a 20 20 20 20 3e 20 70 72  it …..    > pr
2b10: 69 6e 74 0d 0a 20 20 20 20 e2 80 a6 20 6e 6f 70  int..    … nop
2b20: 65 2c 20 73 74 69 6c 6c 20 65 78 74 72 61 63 74  e, still extract
2b30: 69 6e 67 2c 20 77 61 69 74 20 6c 6f 6e 67 65 72  ing, wait longer
2b40: 20 e2 80 a6 0d 0a 20 20 20 20 3e 20 70 72 69 6e   …..    > prin
2b50: 74 0d 0a 20 20 20 20 e2 80 a6 20 6f 68 2c 20 67  t..    … oh, g
2b60: 6f 6f 64 2c 20 67 6f 74 20 74 68 65 20 63 6f 6e  ood, got the con
2b70: 74 61 69 6e 65 72 20 49 44 20 e2 80 a6 0d 0a 20  tainer ID ….. 
2b80: 20 20 20 3e 20 73 74 61 72 74 20 30 0d 0a 20 20     > start 0..  
2b90: 20 20 e2 80 a6 20 77 61 69 74 20 66 6f 72 20 69    … wait for i
2ba0: 74 20 74 6f 20 6c 61 75 6e 63 68 20 e2 80 a6 0d  t to launch ….
2bb0: 0a 20 20 20 20 3e 20 73 68 65 6c 6c 20 30 0d 0a  .    > shell 0..
2bc0: 20 20 20 20 73 68 2d 35 2e 31 23 20 3c 64 6f 20      sh-5.1# <do 
2bd0: 73 6f 6d 65 74 68 69 6e 67 20 69 6e 73 69 64 65  something inside
2be0: 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 3e 0d   the container>.
2bf0: 0a 20 20 20 20 73 68 2d 35 2e 31 23 20 65 78 69  .    sh-5.1# exi
2c00: 74 0d 0a 20 20 20 20 3e 20 73 74 6f 70 20 30 0d  t..    > stop 0.
2c10: 0a 20 20 20 20 3e 20 72 65 6d 6f 76 65 20 30 0d  .    > remove 0.
2c20: 0a 0d 0a 57 68 65 77 21 20 f0 9f 98 85 0d 0a 0d  ...Whew! 😅...
2c30: 0a 49 20 72 65 73 6f 72 74 65 64 20 74 6f 20 74  .I resorted to t
2c40: 68 61 74 20 e2 80 9c 73 6c 65 65 70 20 33 36 30  hat “sleep 360
2c50: 30 e2 80 9d 20 68 61 63 6b 20 69 6e 20 6f 72 64  0” hack in ord
2c60: 65 72 20 74 6f 20 77 6f 72 6b 20 61 72 6f 75 6e  er to work aroun
2c70: 64 20 74 68 65 20 6c 61 63 6b 20 6f 66 20 69 6e  d the lack of in
2c80: 74 65 72 61 63 74 69 76 65 20 6d 6f 64 65 20 69  teractive mode i
2c90: 6e 20 60 63 6f 6e 74 61 69 6e 65 72 2e 6e 70 6b  n `container.npk
2ca0: 60 2c 20 77 69 74 68 6f 75 74 20 77 68 69 63 68  `, without which
2cb0: 20 63 6f 6e 74 61 69 6e 65 72 73 20 6f 66 20 74   containers of t
2cc0: 68 69 73 20 74 79 70 65 20 77 69 6c 6c 20 73 74  his type will st
2cd0: 61 72 74 2c 20 64 6f 20 61 20 77 68 6f 6c 65 20  art, do a whole 
2ce0: 6c 6f 74 20 6f 66 20 5f 6e 6f 74 68 69 6e 67 5f  lot of _nothing_
2cf0: 2c 20 61 6e 64 20 74 68 65 6e 20 73 74 6f 70 2e  , and then stop.
2d00: 20 49 20 68 61 64 20 74 6f 20 67 69 76 65 20 69   I had to give i
2d10: 74 20 73 6f 6d 65 20 74 79 70 65 20 6f 66 20 62  t some type of b
2d20: 75 73 79 2d 77 6f 72 6b 20 74 6f 20 6b 65 65 70  usy-work to keep
2d30: 20 69 74 20 61 6c 69 76 65 20 6c 6f 6e 67 20 65   it alive long e
2d40: 6e 6f 75 67 68 20 74 6f 20 6c 65 74 20 6d 65 20  nough to let me 
2d50: 73 68 65 6c 6c 20 69 6e 20 61 6e 64 20 64 6f 20  shell in and do 
2d60: 6d 79 20 61 63 74 75 61 6c 20 77 6f 72 6b 2e 20  my actual work. 
2d70: 54 68 69 73 20 73 6e 65 61 6b 79 20 73 63 61 6d  This sneaky scam
2d80: 20 69 73 20 61 20 63 6f 6d 6d 6f 6e 20 6f 6e 65   is a common one
2d90: 20 66 6f 72 20 61 63 63 6f 6d 70 6c 69 73 68 69   for accomplishi
2da0: 6e 67 20 74 68 61 74 20 65 6e 64 2c 20 62 75 74  ng that end, but
2db0: 20 69 74 20 68 61 73 20 74 68 65 20 64 6f 77 6e   it has the down
2dc0: 73 69 64 65 20 6f 66 20 72 65 71 75 69 72 69 6e  side of requirin
2dd0: 67 20 79 6f 75 20 74 6f 20 70 72 65 64 69 63 74  g you to predict
2de0: 20 68 6f 77 20 6c 6f 6e 67 20 79 6f 75 20 77 61   how long you wa
2df0: 6e 74 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72  nt the container
2e00: 20 74 6f 20 72 75 6e 20 62 65 66 6f 72 65 20 73   to run before s
2e10: 74 6f 70 70 69 6e 67 3b 20 74 68 69 73 20 76 65  topping; this ve
2e20: 72 73 69 6f 6e 20 6f 6e 6c 79 20 6c 61 73 74 73  rsion only lasts
2e30: 20 61 6e 20 68 6f 75 72 2e 0d 0a 0d 0a 49 66 20   an hour.....If 
2e40: 79 6f 75 20 61 72 65 20 69 6d 61 67 69 6e 67 20  you are imaging 
2e50: 6d 6f 72 65 20 63 6f 6d 70 6c 69 63 61 74 65 64  more complicated
2e60: 20 6d 65 74 68 6f 64 73 20 66 6f 72 20 6b 65 65   methods for kee
2e70: 70 69 6e 67 20 63 6f 6e 74 61 69 6e 65 72 73 20  ping containers 
2e80: 72 75 6e 6e 69 6e 67 20 69 6e 20 74 68 65 20 62  running in the b
2e90: 61 63 6b 67 72 6f 75 6e 64 20 77 68 65 6e 20 74  ackground when t
2ea0: 68 65 79 20 77 65 72 65 20 64 65 73 69 67 6e 65  hey were designe
2eb0: 64 20 74 6f 20 72 75 6e 20 69 6e 74 65 72 61 63  d to run interac
2ec0: 74 69 76 65 6c 79 2c 20 79 6f 75 20 61 72 65 20  tively, you are 
2ed0: 6e 65 78 74 20 6c 69 61 62 6c 65 20 74 6f 20 66  next liable to f
2ee0: 61 6c 6c 20 69 6e 74 6f 20 74 68 65 20 74 72 61  all into the tra
2ef0: 70 20 74 68 61 74 e2 80 a6 0d 0a 0d 0a 0d 0a 23  p that…......#
2f00: 20 3c 61 20 69 64 3d 22 63 6d 64 22 3e 3c 2f 61   <a id="cmd"></a
2f10: 3e 54 68 65 72 65 20 49 73 20 4e 6f 20 48 6f 73  >There Is No Hos
2f20: 74 2d 53 69 64 65 20 43 6f 6d 6d 61 6e 64 20 4c  t-Side Command L
2f30: 69 6e 65 20 50 61 72 73 65 72 0d 0a 0d 0a 54 68  ine Parser....Th
2f40: 65 20 52 6f 75 74 65 72 4f 53 20 43 4c 49 20 69  e RouterOS CLI i
2f50: 73 6e e2 80 99 74 20 61 20 42 6f 75 72 6e 65 20  sn’t a Bourne 
2f60: 73 68 65 6c 6c 2c 20 61 6e 64 20 74 68 65 20 63  shell, and the c
2f70: 6f 6e 74 61 69 6e 65 72 20 66 65 61 74 75 72 65  ontainer feature
2f80: e2 80 99 73 20 60 65 6e 74 72 79 70 6f 69 6e 74  ’s `entrypoint
2f90: 60 20 61 6e 64 20 60 63 6d 64 60 20 6f 70 74 69  ` and `cmd` opti
2fa0: 6f 6e 20 70 61 72 73 65 72 73 20 74 72 65 61 74  on parsers treat
2fb0: 73 20 74 68 65 6d 20 61 73 20 73 69 6d 70 6c 65  s them as simple
2fc0: 20 73 74 72 69 6e 67 73 2c 20 77 69 74 68 6f 75   strings, withou
2fd0: 74 20 61 6e 79 20 6f 66 20 74 68 65 20 70 61 72  t any of the par
2fe0: 73 69 6e 67 20 79 6f 75 20 67 65 74 20 66 6f 72  sing you get for
2ff0: 20 66 72 65 65 20 77 68 65 6e 20 74 79 70 69 6e   free when typin
3000: 67 20 60 64 6f 63 6b 65 72 60 20 63 6f 6d 6d 61  g `docker` comma
3010: 6e 64 73 20 69 6e 74 6f 20 61 20 4c 69 6e 75 78  nds into a Linux
3020: 20 63 6f 6d 6d 61 6e 64 20 73 68 65 6c 6c 2e 20   command shell. 
3030: 54 68 65 20 6e 65 74 20 65 66 66 65 63 74 20 6f  The net effect o
3040: 66 20 61 6c 6c 20 74 68 69 73 20 69 73 20 74 68  f all this is th
3050: 61 74 20 79 6f 75 e2 80 99 72 65 20 6c 69 6d 69  at you’re limi
3060: 74 65 64 20 74 6f 20 74 77 6f 2d 77 6f 72 64 20  ted to two-word 
3070: 63 6f 6d 6d 61 6e 64 73 2c 20 6f 6e 65 20 69 6e  commands, one in
3080: 20 60 65 6e 74 72 79 70 6f 69 6e 74 60 20 61 6e   `entrypoint` an
3090: 64 20 74 68 65 20 6f 74 68 65 72 20 69 6e 20 60  d the other in `
30a0: 63 6d 64 60 2c 20 61 73 20 69 6e 20 74 68 65 20  cmd`, as in the 
30b0: 61 62 6f 76 65 20 e2 80 9c 60 73 6c 65 65 70 20  above “`sleep 
30c0: 33 36 30 30 60 e2 80 9d 20 68 61 63 6b 2e 0d 0a  3600`” hack...
30d0: 0d 0a 42 75 74 20 68 6f 77 20 74 68 65 6e 20 64  ..But how then d
30e0: 6f 20 79 6f 75 20 73 61 79 20 73 6f 6d 65 74 68  o you say someth
30f0: 69 6e 67 20 61 6b 69 6e 20 74 6f 20 74 68 65 20  ing akin to the 
3100: 66 6f 6c 6c 6f 77 69 6e 67 20 75 6e 64 65 72 20  following under 
3110: 52 6f 75 74 65 72 4f 53 3f 0d 0a 0d 0a 20 20 20  RouterOS?....   
3120: 20 64 6f 63 6b 65 72 20 72 75 6e 20 2d 69 74 20   docker run -it 
3130: 61 6c 70 69 6e 65 3a 6c 61 74 65 73 74 20 6c 73  alpine:latest ls
3140: 20 2d 6c 52 20 2f 65 74 63 0d 0a 0d 0a 59 6f 75   -lR /etc....You
3150: 20 6d 69 67 68 74 20 77 61 6e 74 20 74 6f 20 64   might want to d
3160: 6f 20 74 68 61 74 20 69 6e 20 64 65 62 75 67 67  o that in debugg
3170: 69 6e 67 20 74 6f 20 66 69 6e 64 20 6f 75 74 20  ing to find out 
3180: 77 68 61 74 20 61 20 67 69 76 65 6e 20 63 6f 6e  what a given con
3190: 66 69 67 20 66 69 6c 65 20 69 73 20 63 61 6c 6c  fig file is call
31a0: 65 64 20 61 6e 64 20 65 78 61 63 74 6c 79 20 77  ed and exactly w
31b0: 68 65 72 65 20 69 74 20 69 73 20 69 6e 20 74 68  here it is in th
31c0: 65 20 68 69 65 72 61 72 63 68 79 20 73 6f 20 74  e hierarchy so t
31d0: 68 61 74 20 79 6f 75 20 63 61 6e 20 74 61 72 67  hat you can targ
31e0: 65 74 20 69 74 20 77 69 74 68 20 61 20 60 6d 6f  et it with a `mo
31f0: 75 6e 74 3d e2 80 a6 60 20 6f 76 65 72 72 69 64  unt=…` overrid
3200: 65 2e 20 49 66 20 79 6f 75 20 74 72 79 20 74 6f  e. If you try to
3210: 20 70 61 73 73 20 69 74 20 61 6c 6c 20 61 73 e2   pass it all as�
3220: 80 a6 0d 0a 0d 0a 20 20 20 20 2f 63 6f 6e 74 61  ��....    /conta
3230: 69 6e 65 72 2f 61 64 64 20 e2 80 a6 20 65 6e 74  iner/add … ent
3240: 72 79 70 6f 69 6e 74 3d 22 6c 73 20 2d 6c 52 20  rypoint="ls -lR 
3250: 2f 65 74 63 22 0d 0a 0d 0a e2 80 a6 74 68 65 20  /etc"....…the 
3260: 6b 65 72 6e 65 6c 20 77 69 6c 6c 20 63 6f 6d 70  kernel will comp
3270: 6c 61 69 6e 20 74 68 61 74 20 74 68 65 72 65 20  lain that there 
3280: 69 73 20 6e 6f 20 63 6f 6d 6d 61 6e 64 20 69 6e  is no command in
3290: 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 e2 80   the container�
32a0: 99 73 20 60 50 41 54 48 60 20 63 61 6c 6c 65 64  �s `PATH` called
32b0: 20 e2 80 9c 60 6c 73 20 2d 6c 52 20 2f 65 74 63   “`ls -lR /etc
32c0: 60 e2 80 9d 2e 0d 0a 0d 0a 59 6f 75 20 6d 61 79  `”.....You may
32d0: 20 74 68 65 6e 20 74 72 79 20 74 6f 20 73 70 6c   then try to spl
32e0: 69 74 20 69 74 20 61 73 e2 80 a6 0d 0a 0d 0a 20  it it as….... 
32f0: 20 20 20 2f 63 6f 6e 74 61 69 6e 65 72 2f 61 64     /container/ad
3300: 64 20 e2 80 a6 20 65 6e 74 72 79 70 6f 69 6e 74  d … entrypoint
3310: 3d 22 6c 73 22 20 63 6d 64 3d 22 2d 6c 52 20 2f  ="ls" cmd="-lR /
3320: 65 74 63 22 0d 0a 0d 0a e2 80 a6 62 75 74 20 74  etc"....…but t
3330: 68 61 74 20 77 69 6c 6c 20 65 61 72 6e 20 79 6f  hat will earn yo
3340: 75 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 20  u error message 
3350: 66 72 6f 6d 20 60 2f 62 69 6e 2f 6c 73 60 20 63  from `/bin/ls` c
3360: 6f 6d 70 6c 61 69 6e 69 6e 67 20 74 68 61 74 20  omplaining that 
3370: 69 74 20 72 65 66 75 73 65 73 20 74 6f 20 61 63  it refuses to ac
3380: 63 65 70 74 20 e2 80 9c 26 6e 62 73 70 3b e2 80  cept “&nbsp;�
3390: 9d 20 28 73 70 61 63 65 29 20 61 73 20 61 6e 20  � (space) as an 
33a0: 6f 70 74 69 6f 6e 20 66 6f 6c 6c 6f 77 69 6e 67  option following
33b0: 20 74 68 65 20 60 52 60 21 0d 0a 0d 0a 49 66 20   the `R`!....If 
33c0: 79 6f 75 20 67 65 74 20 63 75 74 65 20 61 6e 64  you get cute and
33d0: 20 74 72 79 20 74 6f 20 e2 80 9c 63 75 64 64 6c   try to “cuddl
33e0: 65 e2 80 9d 20 74 68 65 20 6f 70 74 69 6f 6e 73  e” the options
33f0: 20 77 69 74 68 20 74 68 65 20 61 72 67 75 6d 65   with the argume
3400: 6e 74 73 20 61 73 e2 80 a6 0d 0a 0d 0a 20 20 20  nts as…....   
3410: 20 2f 63 6f 6e 74 61 69 6e 65 72 2f 61 64 64 20   /container/add 
3420: e2 80 a6 20 65 6e 74 72 79 70 6f 69 6e 74 3d 22  … entrypoint="
3430: 6c 73 22 20 63 6d 64 3d 22 2d 6c 52 2f 65 74 63  ls" cmd="-lR/etc
3440: 22 0d 0a 0d 0a e2 80 a6 74 68 65 20 60 2f 62 69  "....…the `/bi
3450: 6e 2f 6c 73 60 20 69 6d 70 6c 65 6d 65 6e 74 61  n/ls` implementa
3460: 74 69 6f 6e 20 77 69 6c 6c 20 63 65 72 74 61 69  tion will certai
3470: 6e 6c 79 20 61 74 74 65 6d 70 74 20 74 6f 20 74  nly attempt to t
3480: 72 65 61 74 20 60 2f 60 20 61 73 20 61 6e 20 6f  reat `/` as an o
3490: 70 74 69 6f 6e 20 61 6e 64 20 64 69 65 20 77 69  ption and die wi
34a0: 74 68 20 61 6e 20 65 72 72 6f 72 20 6d 65 73 73  th an error mess
34b0: 61 67 65 2e 28 5e 59 65 73 2c 20 66 6f 72 20 63  age.(^Yes, for c
34c0: 65 72 74 61 69 6e 2e 20 49 20 74 65 73 74 65 64  ertain. I tested
34d0: 20 74 68 65 20 47 4e 55 2c 20 42 53 44 2c 20 5f   the GNU, BSD, _
34e0: 61 6e 64 5f 20 42 75 73 79 42 6f 78 20 69 6d 70  and_ BusyBox imp
34f0: 6c 65 6d 65 6e 74 61 74 69 6f 6e 73 20 6f 66 20  lementations of 
3500: 60 6c 73 60 2c 20 61 6e 64 20 74 68 65 79 20 61  `ls`, and they a
3510: 6c 6c 20 64 6f 20 74 68 69 73 2e 29 0d 0a 0d 0a  ll do this.)....
3520: 54 68 69 6e 67 73 20 61 72 65 6e e2 80 99 74 20  Things aren’t 
3530: 61 6c 77 61 79 73 20 74 68 69 73 20 67 72 69 6d  always this grim
3540: 2e 20 46 6f 72 20 69 6e 73 74 61 6e 63 65 2c 20  . For instance, 
3550: 79 6f 75 20 63 61 6e 20 72 75 6e 20 5b 6d 79 20  you can run [my 
3560: 60 69 70 65 72 66 33 60 20 63 6f 6e 74 61 69 6e  `iperf3` contain
3570: 65 72 5d 28 2f 64 69 72 2f 69 70 65 72 66 33 29  er](/dir/iperf3)
3580: 20 61 73 20 61 20 63 6c 69 65 6e 74 20 69 6e 73   as a client ins
3590: 74 65 61 64 20 6f 66 20 69 74 73 20 64 65 66 61  tead of its defa
35a0: 75 6c 74 20 73 65 72 76 65 72 20 6d 6f 64 65 20  ult server mode 
35b0: 62 79 20 73 61 79 69 6e 67 20 73 6f 6d 65 74 68  by saying someth
35c0: 69 6e 67 20 6c 69 6b 65 3a 0d 0a 0d 0a 20 20 20  ing like:....   
35d0: 20 2f 63 6f 6e 74 61 69 6e 65 72 2f 61 64 64 20   /container/add 
35e0: e2 80 a6 20 63 6d 64 3d 22 2d 63 31 39 32 2e 31  … cmd="-c192.1
35f0: 36 38 2e 38 38 2e 39 39 22 0d 0a 0d 0a 54 68 69  68.88.99"....Thi
3600: 73 20 72 65 6c 69 65 73 20 6f 6e 20 74 68 65 20  s relies on the 
3610: 66 61 63 74 20 74 68 61 74 20 74 68 65 20 60 69  fact that the `i
3620: 70 65 72 66 33 60 20 63 6f 6d 6d 61 6e 64 20 70  perf3` command p
3630: 61 72 73 65 72 20 6b 6e 6f 77 73 20 68 6f 77 20  arser knows how 
3640: 74 6f 20 62 72 65 61 6b 20 74 68 65 20 68 6f 73  to break the hos
3650: 74 20 6e 61 6d 65 20 70 61 72 74 20 6f 75 74 20  t name part out 
3660: 66 72 6f 6d 20 74 68 65 20 60 2d 63 60 20 6f 70  from the `-c` op
3670: 74 69 6f 6e 20 69 74 73 65 6c 66 2c 20 73 6f 6d  tion itself, som
3680: 65 74 68 69 6e 67 20 6e 6f 74 20 61 6c 6c 20 63  ething not all c
3690: 6f 6d 6d 61 6e 64 20 70 61 72 73 65 72 73 20 61  ommand parsers a
36a0: 72 65 20 73 6d 61 72 74 20 65 6e 6f 75 67 68 20  re smart enough 
36b0: 74 6f 20 64 6f 2e 20 54 68 65 72 65 e2 80 99 73  to do. There’s
36c0: 20 35 30 20 79 65 61 72 73 20 6f 66 20 55 6e 69   50 years of Uni
36d0: 78 20 61 6e 64 20 4c 69 6e 75 78 20 68 69 73 74  x and Linux hist
36e0: 6f 72 79 20 65 6e 63 6f 75 72 61 67 69 6e 67 20  ory encouraging 
36f0: 70 72 6f 67 72 61 6d 73 20 74 6f 20 72 65 6c 79  programs to rely
3700: 20 6f 6e 20 74 68 65 20 73 68 65 6c 6c 20 74 6f   on the shell to
3710: 20 64 6f 20 61 20 6c 6f 74 20 6f 66 20 77 6f 72   do a lot of wor
3720: 6b 20 62 65 66 6f 72 65 20 74 68 65 20 70 72 6f  k before the pro
3730: 67 72 61 6d e2 80 99 73 20 60 6d 61 69 6e 28 29  gram’s `main()
3740: 60 20 66 75 6e 63 74 69 6f 6e 20 69 73 20 65 76  ` function is ev
3750: 65 6e 20 63 61 6c 6c 65 64 2e 20 54 68 65 20 63  en called. The c
3760: 6f 6d 6d 61 6e 64 20 6c 69 6e 65 20 70 72 6f 63  ommand line proc
3770: 65 73 73 69 6e 67 20 74 68 61 74 20 60 63 6f 6e  essing that `con
3780: 74 61 69 6e 65 72 2e 6e 70 6b 60 20 61 70 70 6c  tainer.npk` appl
3790: 69 65 73 20 74 6f 20 69 74 73 20 60 63 6d 64 60  ies to its `cmd`
37a0: 20 61 72 67 75 6d 65 6e 74 20 6c 61 63 6b 73 20   argument lacks 
37b0: 61 6c 6c 20 74 68 61 74 20 70 6f 77 65 72 2e 20  all that power. 
37c0: 49 66 20 79 6f 75 20 77 61 6e 74 20 42 6f 75 72  If you want Bour
37d0: 6e 65 20 73 68 65 6c 6c 20 70 61 72 73 69 6e 67  ne shell parsing
37e0: 20 6f 66 20 79 6f 75 72 20 63 6f 6d 6d 61 6e 64   of your command
37f0: 20 6c 69 6e 65 2c 20 79 6f 75 20 68 61 76 65 20   line, you have 
3800: 74 6f 20 73 65 74 20 69 74 20 76 69 61 20 60 45  to set it via `E
3810: 4e 54 52 59 50 4f 49 4e 54 60 20 6f 72 20 60 43  NTRYPOINT` or `C
3820: 4d 44 60 20 69 6e 20 74 68 65 20 60 44 6f 63 6b  MD` in the `Dock
3830: 65 72 66 69 6c 65 60 2c 20 74 68 65 6e 20 72 65  erfile`, then re
3840: 62 75 69 6c 64 20 74 68 65 20 69 6d 61 67 65 2e  build the image.
3850: 0d 0a 0d 0a 0d 0a 23 20 3c 61 20 69 64 3d 22 74  ......# <a id="t
3860: 65 72 6d 69 6e 61 6c 22 3e 3c 2f 61 3e 54 65 72  erminal"></a>Ter
3870: 6d 69 6e 61 6c 20 48 61 6e 64 6c 69 6e 67 0d 0a  minal Handling..
3880: 0d 0a 41 6c 74 68 6f 75 67 68 20 52 6f 75 74 65  ..Although Route
3890: 72 4f 53 20 70 72 6f 70 65 72 20 69 73 20 62 75  rOS proper is bu
38a0: 69 6c 74 20 61 74 6f 70 20 4c 69 6e 75 78 2c 20  ilt atop Linux, 
38b0: 61 6e 64 20 69 74 20 70 72 6f 76 69 64 65 73 20  and it provides 
38c0: 61 20 66 65 61 74 75 72 65 2d 72 69 63 68 20 43  a feature-rich C
38d0: 4c 49 2c 20 69 74 20 69 73 20 6e 6f 74 68 69 6e  LI, it is nothin
38e0: 67 20 6c 69 6b 65 20 61 20 4c 69 6e 75 78 20 63  g like a Linux c
38f0: 6f 6d 6d 61 6e 64 20 73 68 65 6c 6c 2e 20 49 20  ommand shell. I 
3900: 61 6d 20 6e 6f 74 20 73 70 65 61 6b 69 6e 67 20  am not speaking 
3910: 6f 66 20 73 6b 69 6e 2d 6c 65 76 65 6c 20 63 6f  of skin-level co
3920: 6d 6d 61 6e 64 20 73 79 6e 74 61 78 20 64 69 66  mmand syntax dif
3930: 66 65 72 65 6e 63 65 73 20 68 65 72 65 3b 20 74  ferences here; t
3940: 68 65 20 64 69 66 66 65 72 65 6e 63 65 73 20 67  he differences g
3950: 6f 20 66 61 72 20 64 65 65 70 65 72 2e 0d 0a 0d  o far deeper....
3960: 0a 57 68 65 6e 20 79 6f 75 20 53 53 48 20 69 6e  .When you SSH in
3970: 74 6f 20 61 20 52 6f 75 74 65 72 4f 53 20 62 6f  to a RouterOS bo
3980: 78 2c 20 79 6f 75 e2 80 99 72 65 20 6d 69 73 73  x, you’re miss
3990: 69 6e 67 20 6f 75 74 20 6f 6e 20 61 20 6d 65 61  ing out on a mea
39a0: 6e 69 6e 67 66 75 6c 20 64 69 73 74 69 6e 63 74  ningful distinct
39b0: 69 6f 6e 20 62 65 74 77 65 65 6e 20 73 74 64 6f  ion between stdo
39c0: 75 74 20 61 6e 64 20 73 74 64 65 72 72 2c 20 61  ut and stderr, a
39d0: 6e 64 20 74 68 65 20 6b 65 72 6e 65 6c e2 80 99  nd the kernel’
39e0: 73 20 75 6e 64 65 72 6c 79 69 6e 67 20 74 65 72  s underlying ter
39f0: 6d 69 6f 73 2f 70 74 79 20 73 75 62 73 79 73 74  mios/pty subsyst
3a00: 65 6d 20 69 73 20 68 69 64 64 65 6e 20 66 72 6f  em is hidden fro
3a10: 6d 20 79 6f 75 2e 20 54 68 65 73 65 20 6c 61 63  m you. These lac
3a20: 6b 73 20 74 72 61 6e 73 6c 61 74 65 20 64 69 72  ks translate dir
3a30: 65 63 74 6c 79 20 69 6e 74 6f 20 6c 69 6d 69 74  ectly into limit
3a40: 61 74 69 6f 6e 73 20 69 6e 20 74 68 65 20 61 62  ations in the ab
3a50: 69 6c 69 74 79 20 6f 66 20 60 63 6f 6e 74 61 69  ility of `contai
3a60: 6e 65 72 2e 6e 70 6b 60 20 74 6f 20 6d 69 6d 69  ner.npk` to mimi
3a70: 63 20 74 68 65 20 65 78 70 65 72 69 65 6e 63 65  c the experience
3a80: 20 6f 66 20 75 73 69 6e 67 20 44 6f 63 6b 65 72   of using Docker
3a90: 20 61 74 20 74 68 65 20 63 6f 6d 6d 61 6e 64 20   at the command 
3aa0: 6c 69 6e 65 2e 0d 0a 0d 0a 4f 6e 65 20 6f 66 20  line.....One of 
3ab0: 74 68 65 20 63 6f 72 65 20 52 6f 75 74 65 72 4f  the core RouterO
3ac0: 53 20 64 65 73 69 67 6e 20 70 72 69 6e 63 69 70  S design princip
3ad0: 6c 65 73 20 69 73 20 62 65 69 6e 67 20 61 62 6c  les is being abl
3ae0: 65 20 74 6f 20 72 75 6e 20 68 65 61 64 6c 65 73  e to run headles
3af0: 73 6c 79 20 66 6f 72 20 6c 6f 6e 67 20 70 65 72  sly for long per
3b00: 69 6f 64 73 2c 20 77 69 74 68 20 74 68 65 20 61  iods, with the a
3b10: 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 63 6f 6e  dministrator con
3b20: 6e 65 63 74 69 6e 67 20 74 6f 20 74 68 65 69 72  necting to their
3b30: 20 76 69 72 74 75 61 6c 20 74 65 72 6d 69 6e 61   virtual termina
3b40: 6c 20 76 69 61 20 57 69 6e 42 6f 78 2c 20 57 65  l via WinBox, We
3b50: 62 46 69 67 2c 20 6f 72 20 53 53 48 20 62 72 69  bFig, or SSH bri
3b60: 65 66 6c 79 2c 20 6f 6e 6c 79 20 6c 6f 6e 67 20  efly, only long 
3b70: 65 6e 6f 75 67 68 20 74 6f 20 61 63 63 6f 6d 70  enough to accomp
3b80: 6c 69 73 68 20 73 6f 6d 65 20 6e 65 74 77 6f 72  lish some networ
3b90: 6b 20 61 64 6d 69 6e 20 74 61 73 6b 20 62 65 66  k admin task bef
3ba0: 6f 72 65 20 6c 6f 67 67 69 6e 67 20 62 61 63 6b  ore logging back
3bb0: 20 6f 75 74 2e 20 54 68 65 20 52 6f 75 74 65 72   out. The Router
3bc0: 4f 53 20 43 4c 49 20 6e 65 76 65 72 20 77 61 73  OS CLI never was
3bd0: 20 6d 65 61 6e 74 20 74 6f 20 70 72 6f 76 69 64   meant to provid
3be0: 65 20 74 68 65 20 73 6f 72 74 20 6f 66 20 72 69  e the sort of ri
3bf0: 63 68 20 74 65 72 6d 69 6e 61 6c 20 65 78 70 65  ch terminal expe
3c00: 72 69 65 6e 63 65 20 79 6f 75 20 6e 65 65 64 20  rience you need 
3c10: 77 68 65 6e 20 79 6f 75 20 77 6f 72 6b 20 69 6e  when you work in
3c20: 20 61 20 4c 69 6e 75 78 20 74 65 72 6d 69 6e 61   a Linux termina
3c30: 6c 20 61 6c 6c 20 64 61 79 2c 20 65 76 65 72 79  l all day, every
3c40: 20 64 61 79 2e 0d 0a 0d 0a 54 68 65 20 74 68 69   day.....The thi
3c50: 6e 67 20 69 73 2c 20 44 6f 63 6b 65 72 20 5f 77  ng is, Docker _w
3c60: 61 73 5f 20 64 65 73 69 67 6e 65 64 20 61 72 6f  as_ designed aro
3c70: 75 6e 64 20 74 68 69 73 20 73 65 6e 73 69 62 69  und this sensibi
3c80: 6c 69 74 79 2e 0d 0a 0d 0a 49 74 20 69 73 20 66  lity.....It is f
3c90: 6f 72 20 74 68 69 73 20 69 6e 68 65 72 65 6e 74  or this inherent
3ca0: 20 72 65 61 73 6f 6e 20 74 68 61 74 20 60 63 6f   reason that `co
3cb0: 6e 74 61 69 6e 65 72 2e 6e 70 6b 60 20 63 61 6e  ntainer.npk` can
3cc0: 6e 6f 74 20 70 72 6f 76 69 64 65 20 65 71 75 69  not provide equi
3cd0: 76 61 6c 65 6e 74 73 20 6f 66 20 44 6f 63 6b 65  valents of Docke
3ce0: 72 e2 80 99 73 20 60 61 74 74 61 63 68 60 20 63  r’s `attach` c
3cf0: 6f 6d 6d 61 6e 64 2c 20 6e 6f 72 20 69 74 73 20  ommand, nor its 
3d00: e2 80 9c 60 64 6f 63 6b 65 72 20 72 75 6e 20 2d  “`docker run -
3d10: 2d 61 74 74 61 63 68 60 e2 80 9d 20 66 6c 61 67  -attach`” flag
3d20: 2c 20 6e 6f 72 20 74 68 65 20 63 6f 6d 6d 6f 6e  , nor the common
3d30: 20 e2 80 9c 60 64 6f 63 6b 65 72 20 72 75 6e 20   “`docker run 
3d40: 2d 69 74 60 e2 80 9d 20 6f 70 74 69 6f 6e 20 70  -it`” option p
3d50: 61 69 72 2e 20 54 68 65 20 63 6c 6f 73 65 73 74  air. The closest
3d60: 20 69 74 20 63 6f 6d 65 73 20 74 6f 20 61 6c 6c   it comes to all
3d70: 20 74 68 69 73 20 69 73 20 69 74 73 20 5b 60 73   this is its [`s
3d80: 68 65 6c 6c 60 5d 28 23 73 68 65 6c 6c 29 20 63  hell`](#shell) c
3d90: 6f 6d 6d 61 6e 64 20 69 6d 70 6c 65 6d 65 6e 74  ommand implement
3da0: 61 74 69 6f 6e 2c 20 77 68 69 63 68 20 63 61 6e  ation, which can
3db0: 20 63 6f 6e 6e 65 63 74 20 79 6f 75 72 20 6c 6f   connect your lo
3dc0: 63 61 6c 20 74 65 72 6d 69 6e 61 6c 20 74 6f 20  cal terminal to 
3dd0: 61 20 74 72 75 65 20 72 65 6d 6f 74 65 20 4c 69  a true remote Li
3de0: 6e 75 78 20 74 65 72 6d 69 6e 61 6c 20 73 75 62  nux terminal sub
3df0: 73 79 73 74 65 6d 2e 20 41 6c 61 73 2c 20 74 68  system. Alas, th
3e00: 61 74 20 69 73 6e e2 80 99 74 20 61 20 63 6c 6f  at isn’t a clo
3e10: 73 65 20 e2 80 9c 60 72 75 6e 20 2d 69 74 60 e2  se “`run -it`�
3e20: 80 9d 20 61 6c 74 65 72 6e 61 74 69 76 65 20 62  �� alternative b
3e30: 65 63 61 75 73 65 20 79 6f 75 e2 80 99 72 65 20  ecause you’re 
3e40: 6c 65 66 74 20 74 79 70 69 6e 67 20 63 6f 6d 6d  left typing comm
3e50: 61 6e 64 73 20 61 74 20 74 68 69 73 20 72 65 6d  ands at this rem
3e60: 6f 74 65 20 73 68 65 6c 6c 2c 20 6e 6f 74 20 61  ote shell, not a
3e70: 74 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 e2  t the container�
3e80: 80 99 73 20 60 45 4e 54 52 59 50 4f 49 4e 54 60  ��s `ENTRYPOINT`
3e90: 20 70 72 6f 63 65 73 73 2e 20 45 76 65 6e 20 74   process. Even t
3ea0: 68 65 6e 2c 20 69 74 20 64 6f 65 73 6e e2 80 99  hen, it doesn’
3eb0: 74 20 61 6c 77 61 79 73 20 77 6f 72 6b 20 73 69  t always work si
3ec0: 6e 63 65 20 61 20 67 6f 6f 64 20 6d 61 6e 79 20  nce a good many 
3ed0: 63 6f 6e 74 61 69 6e 65 72 73 20 6c 61 63 6b 20  containers lack 
3ee0: 61 20 60 2f 62 69 6e 2f 73 68 60 20 70 72 6f 67  a `/bin/sh` prog
3ef0: 72 61 6d 20 69 6e 73 69 64 65 20 74 68 65 20 63  ram inside the c
3f00: 6f 6e 74 61 69 6e 65 72 20 69 6e 20 74 68 65 20  ontainer in the 
3f10: 66 69 72 73 74 20 70 6c 61 63 65 2c 20 6f 6e 20  first place, on 
3f20: 70 75 72 70 6f 73 65 2c 20 74 79 70 69 63 61 6c  purpose, typical
3f30: 6c 79 20 74 6f 20 72 65 64 75 63 65 20 74 68 65  ly to reduce the
3f40: 20 63 6f 6e 74 61 69 6e 65 72 e2 80 99 73 20 61   container’s a
3f50: 74 74 61 63 6b 20 73 75 72 66 61 63 65 2e 28 5e  ttack surface.(^
3f60: 49 6e 64 65 65 64 2c 20 61 6c 6c 20 6f 66 20 5b  Indeed, all of [
3f70: 6d 79 20 70 75 62 6c 69 63 20 63 6f 6e 74 61 69  my public contai
3f80: 6e 65 72 73 5d 28 68 74 74 70 73 3a 2f 2f 68 75  ners](https://hu
3f90: 62 2e 64 6f 63 6b 65 72 2e 63 6f 6d 2f 72 65 70  b.docker.com/rep
3fa0: 6f 73 69 74 6f 72 69 65 73 2f 74 61 6e 67 65 6e  ositories/tangen
3fb0: 74 73 6f 66 74 29 20 65 6c 69 64 65 20 74 68 65  tsoft) elide the
3fc0: 20 73 68 65 6c 6c 20 66 6f 72 20 74 68 69 73 20   shell for this 
3fd0: 72 65 61 73 6f 6e 2e 29 0d 0a 0d 0a 0d 0a 23 20  reason.)......# 
3fe0: 3c 61 20 69 64 3d 22 6c 6f 67 73 22 3e 3c 2f 61  <a id="logs"></a
3ff0: 3e 4c 6f 67 20 48 61 6e 64 6c 69 6e 67 0d 0a 0d  >Log Handling...
4000: 0a 41 6c 74 68 6f 75 67 68 20 44 6f 63 6b 65 72  .Although Docker
4010: 20 6c 6f 67 67 69 6e 67 20 69 73 20 74 69 65 64   logging is tied
4020: 20 69 6e 74 6f 20 74 68 69 73 20 73 61 6d 65 20   into this same 
4030: 4c 69 6e 75 78 20 74 65 72 6d 69 6e 61 6c 20 49  Linux terminal I
4040: 2f 4f 20 64 65 73 69 67 6e 2c 20 77 65 20 63 61  /O design, we ca
4050: 6e 6e 6f 74 20 62 6c 61 6d 65 20 74 68 65 20 6c  nnot blame the l
4060: 61 63 6b 20 6f 66 20 61 6e 20 65 71 75 69 76 61  ack of an equiva
4070: 6c 65 6e 74 20 74 6f 20 e2 80 9c 60 64 6f 63 6b  lent to “`dock
4080: 65 72 20 6c 6f 67 73 60 e2 80 9d 20 6f 6e 20 74  er logs`” on t
4090: 68 65 20 52 6f 75 74 65 72 4f 53 20 64 65 73 69  he RouterOS desi
40a0: 67 6e 20 70 72 69 6e 63 69 70 6c 65 73 20 69 6e  gn principles in
40b0: 20 74 68 65 20 73 61 6d 65 20 6d 61 6e 6e 65 72   the same manner
40c0: 20 61 73 20 5b 61 62 6f 76 65 5d 28 23 74 65 72   as [above](#ter
40d0: 6d 69 6e 61 6c 29 2e 20 54 68 65 20 63 61 75 73  minal). The caus
40e0: 65 20 68 65 72 65 20 69 73 20 64 69 66 66 65 72  e here is differ
40f0: 65 6e 74 2c 20 73 74 65 6d 6d 69 6e 67 20 66 69  ent, stemming fi
4100: 72 73 74 20 66 72 6f 6d 20 74 68 65 20 66 61 63  rst from the fac
4110: 74 20 74 68 61 74 20 52 6f 75 74 65 72 4f 53 20  t that RouterOS 
4120: 62 6f 78 65 73 20 74 72 79 20 74 6f 20 6b 65 65  boxes try to kee
4130: 70 20 6c 6f 67 67 69 6e 67 20 74 6f 20 61 20 6d  p logging to a m
4140: 69 6e 69 6d 75 6d 20 62 79 20 64 65 66 61 75 6c  inimum by defaul
4150: 74 2c 20 77 68 65 72 65 61 73 20 44 6f 63 6b 65  t, whereas Docke
4160: 72 20 6c 6f 67 73 20 65 76 65 72 79 74 68 69 6e  r logs everythin
4170: 67 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20  g the container 
4180: 73 61 79 73 2c 20 77 69 74 68 6f 75 74 20 72 65  says, without re
4190: 73 74 72 69 63 74 69 6f 6e 2e 20 52 6f 75 74 65  striction. Route
41a0: 72 4f 53 20 74 61 6b 65 73 20 74 68 65 20 73 75  rOS takes the su
41b0: 72 70 72 69 73 69 6e 67 20 64 65 66 61 75 6c 74  rprising default
41c0: 20 6f 66 20 6c 6f 67 67 69 6e 67 20 74 6f 20 76   of logging to v
41d0: 6f 6c 61 74 69 6c 65 20 52 41 4d 20 69 6e 20 6f  olatile RAM in o
41e0: 72 64 65 72 20 74 6f 20 61 76 6f 69 64 20 62 75  rder to avoid bu
41f0: 72 6e 69 6e 67 20 6f 75 74 20 74 68 65 20 66 6c  rning out the fl
4200: 61 73 68 2e 20 41 64 64 69 74 69 6f 6e 61 6c 6c  ash. Additionall
4210: 79 2c 20 69 74 20 69 67 6e 6f 72 65 73 20 61 6c  y, it ignores al
4220: 6c 20 6d 65 73 73 61 67 65 73 20 69 73 73 75 65  l messages issue
4230: 64 20 75 6e 64 65 72 20 e2 80 9c 74 6f 70 69 63  d under “topic
4240: 73 e2 80 9d 20 6f 74 68 65 72 20 74 68 61 6e 20  s” other than 
4250: 74 68 65 20 66 6f 75 72 20 70 72 65 63 6f 6e 66  the four preconf
4260: 69 67 75 72 65 64 20 62 79 20 64 65 66 61 75 6c  igured by defaul
4270: 74 2c 20 77 68 69 63 68 20 64 6f 65 73 20 6e 6f  t, which does no
4280: 74 20 69 6e 63 6c 75 64 65 20 74 68 65 20 e2 80  t include the �
4290: 9c 63 6f 6e 74 61 69 6e 65 72 e2 80 9d 20 74 6f  �container” to
42a0: 70 69 63 20 79 6f 75 20 67 65 74 20 61 63 63 65  pic you get acce
42b0: 73 73 20 74 6f 20 62 79 20 69 6e 73 74 61 6c 6c  ss to by install
42c0: 69 6e 67 20 60 63 6f 6e 74 61 69 6e 65 72 2e 6e  ing `container.n
42d0: 70 6b 60 2e 0d 0a 0d 0a 54 6f 20 70 72 65 76 65  pk`.....To preve
42e0: 6e 74 20 79 6f 75 72 20 63 6f 6e 74 61 69 6e 65  nt your containe
42f0: 72 73 e2 80 99 20 6c 6f 67 20 6d 65 73 73 61 67  rs’ log messag
4300: 65 73 20 66 72 6f 6d 20 62 65 69 6e 67 20 73 65  es from being se
4310: 6e 74 20 73 74 72 61 69 67 68 74 20 74 6f 20 74  nt straight to t
4320: 68 65 20 62 69 74 20 62 75 63 6b 65 74 2c 20 79  he bit bucket, y
4330: 6f 75 20 6d 75 73 74 20 73 61 79 3a 0d 0a 0d 0a  ou must say:....
4340: 20 20 20 20 2f 63 6f 6e 74 61 69 6e 65 72 2f 7b      /container/{
4350: 61 64 64 2c 73 65 74 7d 20 e2 80 a6 20 6c 6f 67  add,set} … log
4360: 67 69 6e 67 3d 79 65 73 0d 0a 20 20 20 20 2f 73  ging=yes..    /s
4370: 79 73 74 65 6d 2f 6c 6f 67 67 69 6e 67 20 61 64  ystem/logging ad
4380: 64 20 74 6f 70 69 63 73 3d 63 6f 6e 74 61 69 6e  d topics=contain
4390: 65 72 20 61 63 74 69 6f 6e 3d e2 80 a6 0d 0a 0d  er action=…...
43a0: 0a 48 61 76 69 6e 67 20 64 6f 6e 65 20 73 6f 2c  .Having done so,
43b0: 20 77 65 20 68 61 76 65 20 61 20 6e 65 77 20 6c   we have a new l
43c0: 69 6d 69 74 61 74 69 6f 6e 20 74 6f 20 63 6f 6e  imitation to con
43d0: 74 65 6e 64 20 77 69 74 68 3a 20 52 6f 75 74 65  tend with: Route
43e0: 72 4f 53 20 6c 6f 67 67 69 6e 67 20 69 73 6e e2  rOS logging isn�
43f0: 80 99 74 20 61 73 20 70 6f 77 65 72 66 75 6c 20  ��t as powerful 
4400: 61 73 20 74 68 65 20 44 6f 63 6b 65 72 20 e2 80  as the Docker �
4410: 9c 60 6c 6f 67 73 60 e2 80 9d 20 63 6f 6d 6d 61  �`logs`” comma
4420: 6e 64 2c 20 77 68 69 63 68 20 62 79 20 64 65 66  nd, which by def
4430: 61 75 6c 74 20 77 6f 72 6b 73 20 61 73 20 69 66  ault works as if
4440: 20 79 6f 75 20 61 73 6b 65 64 20 69 74 2c 20 e2   you asked it, �
4450: 80 9c 54 65 6c 6c 20 6d 65 20 77 68 61 74 20 74  ��Tell me what t
4460: 68 69 73 20 70 61 72 74 69 63 75 6c 61 72 20 63  his particular c
4470: 6f 6e 74 61 69 6e 65 72 20 6c 6f 67 67 65 64 20  ontainer logged 
4480: 73 69 6e 63 65 20 74 68 65 20 6c 61 73 74 20 74  since the last t
4490: 69 6d 65 20 49 20 61 73 6b 65 64 2e e2 80 9d 20  ime I asked.” 
44a0: 52 6f 75 74 65 72 4f 53 20 6c 6f 67 67 69 6e 67  RouterOS logging
44b0: 2c 20 6f 6e 20 74 68 65 20 6f 74 68 65 72 20 68  , on the other h
44c0: 61 6e 64 2c 20 6d 69 78 65 73 20 65 76 65 72 79  and, mixes every
44d0: 74 68 69 6e 67 20 74 6f 67 65 74 68 65 72 20 69  thing together i
44e0: 6e 20 72 65 61 6c 20 74 69 6d 65 2c 20 72 65 71  n real time, req
44f0: 75 69 72 69 6e 67 20 79 6f 75 20 74 6f 20 64 69  uiring you to di
4500: 67 20 74 68 72 6f 75 67 68 20 74 68 65 20 68 69  g through the hi
4510: 73 74 6f 72 79 20 6d 61 6e 75 61 6c 6c 79 2e 0d  story manually..
4520: 0a 0d 0a 28 54 68 65 20 73 61 6d 65 20 69 73 20  ...(The same is 
4530: 74 72 75 65 20 6f 66 20 60 70 6f 64 6d 61 6e 20  true of `podman 
4540: 6c 6f 67 73 60 2c 20 65 78 63 65 70 74 20 74 68  logs`, except th
4550: 61 74 20 69 74 20 74 69 65 73 20 69 6e 74 6f 20  at it ties into 
4560: 73 79 73 74 65 6d 64 e2 80 99 73 20 75 6e 69 66  systemd’s unif
4570: 69 65 64 20 e2 80 9c 6a 6f 75 72 6e 61 6c e2 80  ied “journal�
4580: 9d 20 73 75 62 73 79 73 74 65 6d 2c 20 61 20 63  � subsystem, a c
4590: 6f 6e 74 72 6f 76 65 72 73 69 61 6c 20 64 65 73  ontroversial des
45a0: 69 67 6e 20 63 68 6f 69 63 65 20 74 68 61 74 20  ign choice that 
45b0: 65 6e 64 65 64 20 75 70 20 70 61 79 69 6e 67 20  ended up paying 
45c0: 6f 66 66 20 68 61 6e 64 73 6f 6d 65 6c 79 20 77  off handsomely w
45d0: 68 65 6e 20 50 6f 64 6d 61 6e 20 63 61 6d 65 20  hen Podman came 
45e0: 61 6c 6f 6e 67 20 61 6e 64 20 77 61 6e 74 65 64  along and wanted
45f0: 20 74 6f 20 70 75 6c 6c 20 75 70 20 70 65 72 2d   to pull up per-
4600: 63 6f 6e 74 61 69 6e 65 72 20 6c 6f 67 73 20 74  container logs t
4610: 6f 20 6d 61 74 63 68 20 74 68 65 20 77 61 79 20  o match the way 
4620: 44 6f 63 6b 65 72 20 62 65 68 61 76 65 64 2e 29  Docker behaved.)
4630: 0d 0a 0d 0a 0d 0a 23 20 3c 61 20 69 64 3d 22 72  ......# <a id="r
4640: 6f 6f 74 22 3e 3c 2f 61 3e 45 76 65 72 79 74 68  oot"></a>Everyth
4650: 69 6e 67 20 49 73 20 52 6f 6f 74 66 75 6c 0d 0a  ing Is Rootful..
4660: 0d 0a 54 68 69 73 20 73 68 6f 77 73 20 75 70 20  ..This shows up 
4670: 69 6e 20 61 20 6e 75 6d 62 65 72 20 6f 66 20 67  in a number of g
4680: 75 69 73 65 73 2c 20 62 75 74 20 74 68 65 20 6f  uises, but the o
4690: 76 65 72 61 6c 6c 20 65 66 66 65 63 74 20 69 73  verall effect is
46a0: 20 74 68 61 74 20 61 6c 6c 20 63 6f 6e 74 61 69   that all contai
46b0: 6e 65 72 73 20 72 75 6e 20 61 73 20 61 20 6e 65  ners run as a ne
46c0: 72 66 65 64 20 60 72 6f 6f 74 60 20 75 73 65 72  rfed `root` user
46d0: 20 75 6e 64 65 72 20 60 63 6f 6e 74 61 69 6e 65   under `containe
46e0: 72 2e 6e 70 6b 60 2c 20 73 61 6d 65 20 61 73 20  r.npk`, same as 
46f0: 44 6f 63 6b 65 72 20 64 69 64 20 66 72 6f 6d 20  Docker did from 
4700: 74 68 65 20 73 74 61 72 74 2e 20 54 68 69 73 20  the start. This 
4710: 72 65 6d 61 69 6e 73 20 74 68 65 20 44 6f 63 6b  remains the Dock
4720: 65 72 20 64 65 66 61 75 6c 74 2c 20 62 75 74 20  er default, but 
4730: 73 74 61 72 74 69 6e 67 20 77 69 74 68 20 74 68  starting with th
4740: 65 20 32 30 2e 31 30 20 72 65 6c 65 61 73 65 2c  e 20.10 release,
4750: 20 69 74 20 66 69 6e 61 6c 6c 79 20 67 6f 74 20   it finally got 
4760: 61 20 5b 72 6f 6f 74 6c 65 73 73 20 6d 6f 64 65  a [rootless mode
4770: 5d 5b 64 72 6c 5d 20 74 6f 20 63 6f 6d 70 65 74  ][drl] to compet
4780: 65 20 77 69 74 68 20 5b 50 6f 64 6d 61 6e e2 80  e with [Podman�
4790: 99 73 20 72 6f 6f 74 6c 65 73 73 2d 62 79 2d 64  �s rootless-by-d
47a0: 65 66 61 75 6c 74 5d 5b 70 72 6c 5d 20 6e 61 74  efault][prl] nat
47b0: 75 72 65 2e 20 49 20 62 72 69 6e 67 20 75 70 20  ure. I bring up 
47c0: 74 68 69 73 20 68 69 73 74 6f 72 79 20 74 6f 20  this history to 
47d0: 73 68 6f 77 20 74 68 61 74 20 52 6f 75 74 65 72  show that Router
47e0: 4f 53 20 69 73 20 6e 6f 74 20 75 6e 63 6f 6e 64  OS is not uncond
47f0: 69 74 69 6f 6e 61 6c 6c 79 20 e2 80 9c 77 72 6f  itionally “wro
4800: 6e 67 e2 80 9d 20 74 6f 20 6f 70 65 72 61 74 65  ng” to operate
4810: 20 61 73 20 69 74 20 64 6f 65 73 2c 20 6d 65 72   as it does, mer
4820: 65 6c 79 20 6c 69 6d 69 74 65 64 2e 0d 0a 0d 0a  ely limited.....
4830: 54 68 69 73 20 64 65 73 69 67 6e 20 63 68 6f 69  This design choi
4840: 63 65 20 6d 61 79 20 62 65 20 6d 61 64 65 20 72  ce may be made r
4850: 65 61 73 6f 6e 61 62 6c 79 20 73 61 66 65 20 74  easonably safe t
4860: 68 72 6f 75 67 68 20 74 68 65 20 67 72 61 63 65  hrough the grace
4870: 20 6f 66 20 75 73 65 72 20 6e 61 6d 65 73 70 61   of user namespa
4880: 63 65 73 20 e2 80 94 20 e2 80 9c 75 73 65 72 6e  ces — “usern
4890: 73 e2 80 9d 20 69 6e 20 6b 65 72 6e 65 6c 2d 73  s” in kernel-s
48a0: 70 65 61 6b 20 e2 80 94 20 77 68 69 63 68 20 63  peak — which c
48b0: 61 75 73 65 20 74 68 65 20 69 6e 2d 63 6f 6e 74  ause the in-cont
48c0: 61 69 6e 65 72 20 60 72 6f 6f 74 60 20 75 73 65  ainer `root` use
48d0: 72 20 74 6f 20 62 65 20 6d 65 61 6e 69 6e 67 66  r to be meaningf
48e0: 75 6c 6c 79 20 64 69 66 66 65 72 65 6e 74 20 66  ully different f
48f0: 72 6f 6d 20 74 68 65 20 4c 69 6e 75 78 20 60 72  rom the Linux `r
4900: 6f 6f 74 60 20 75 73 65 72 20 74 68 61 74 20 52  oot` user that R
4910: 6f 75 74 65 72 4f 53 20 69 74 73 65 6c 66 20 72  outerOS itself r
4920: 75 6e 73 20 61 73 2e 20 52 6f 75 74 65 72 4f 53  uns as. RouterOS
4930: 20 68 61 73 20 61 20 60 2f 75 73 65 72 60 20 6d   has a `/user` m
4940: 6f 64 65 6c 2c 20 62 75 74 20 74 68 65 79 20 61  odel, but they a
4950: 72 65 20 6e 6f 74 20 70 72 6f 70 65 72 20 4c 69  re not proper Li
4960: 6e 75 78 20 75 73 65 72 73 20 61 73 20 75 6e 64  nux users as und
4970: 65 72 73 74 6f 6f 64 20 62 79 20 74 68 65 20 6b  erstood by the k
4980: 65 72 6e 65 6c 2c 20 77 69 74 68 20 70 65 72 6d  ernel, with perm
4990: 69 73 73 69 6f 6e 73 20 65 6e 66 6f 72 63 65 64  issions enforced
49a0: 20 62 79 20 4c 69 6e 75 78 20 75 73 65 72 20 49   by Linux user I
49b0: 44 73 2e 20 54 68 69 73 20 6d 65 61 6e 73 20 74  Ds. This means t
49c0: 68 61 74 20 77 68 65 6e 20 79 6f 75 20 73 74 61  hat when you sta
49d0: 72 74 20 61 20 63 6f 6e 74 61 69 6e 65 72 20 61  rt a container a
49e0: 73 20 52 6f 75 74 65 72 4f 53 20 75 73 65 72 20  s RouterOS user 
49f0: 60 66 72 65 64 60 2c 20 79 6f 75 20 64 6f 20 6e  `fred`, you do n
4a00: 6f 74 20 73 65 65 20 61 20 60 66 72 65 64 60 20  ot see a `fred` 
4a10: 75 73 65 72 20 69 6e 73 69 64 65 20 74 68 65 20  user inside the 
4a20: 63 6f 6e 74 61 69 6e 65 72 2c 20 61 6e 64 20 74  container, and t
4a30: 68 61 74 20 66 69 6c 65 73 20 63 72 65 61 74 65  hat files create
4a40: 64 20 62 79 20 74 68 61 74 20 6e 65 72 66 65 64  d by that nerfed
4a50: 20 60 72 6f 6f 74 60 20 75 73 65 72 20 73 68 6f   `root` user sho
4a60: 77 20 75 70 20 61 73 20 6f 77 6e 65 64 20 62 79  w up as owned by
4a70: 20 60 72 6f 6f 74 60 20 77 68 65 6e 20 75 73 69   `root` when usi
4a80: 6e 67 20 62 69 6e 64 2d 6d 6f 75 6e 74 65 64 20  ng bind-mounted 
4a90: 64 69 72 65 63 74 6f 72 69 65 73 20 6f 6e 20 66  directories on f
4aa0: 69 6c 65 20 73 79 73 74 65 6d 73 20 6c 69 6b 65  ile systems like
4ab0: 20 60 65 78 74 34 60 20 77 68 69 63 68 20 70 72   `ext4` which pr
4ac0: 65 73 65 72 76 65 20 66 69 6c 65 20 6f 77 6e 65  eserve file owne
4ad0: 72 73 68 69 70 2e 0d 0a 0d 0a 54 68 61 74 20 79  rship.....That y
4ae0: 69 65 6c 64 73 20 6f 6e 65 20 70 6f 73 73 69 62  ields one possib
4af0: 6c 65 20 73 6f 6c 75 74 69 6f 6e 20 66 6f 72 20  le solution for 
4b00: 74 68 69 73 3a 0d 0a 0d 0a 20 20 20 20 20 2f 64  this:....     /d
4b10: 69 73 6b 2f 66 6f 72 6d 61 74 2d 64 72 69 76 65  isk/format-drive
4b20: 20 66 69 6c 65 2d 73 79 73 74 65 6d 3d 65 78 66   file-system=exf
4b30: 61 74 20 e2 80 a6 0d 0a 0d 0a 49 74 20 69 73 20  at …....It is 
4b40: 62 65 63 61 75 73 65 20 6f 66 20 74 68 69 73 20  because of this 
4b50: 73 61 6d 65 20 6c 69 6d 69 74 61 74 69 6f 6e 20  same limitation 
4b60: 74 68 61 74 20 74 68 65 72 65 20 69 73 20 6e 6f  that there is no
4b70: 20 52 6f 75 74 65 72 4f 53 20 65 71 75 69 76 61   RouterOS equiva
4b80: 6c 65 6e 74 20 74 6f 20 74 68 65 20 60 63 72 65  lent to the `cre
4b90: 61 74 65 20 2d 2d 75 73 65 72 2a 60 20 6f 72 20  ate --user*` or 
4ba0: 60 2d 2d 67 72 6f 75 70 2d 61 64 64 60 20 66 6c  `--group-add` fl
4bb0: 61 67 73 2e 0d 0a 0d 0a 49 66 20 79 6f 75 72 20  ags.....If your 
4bc0: 63 6f 6e 74 61 69 6e 65 72 20 77 61 73 20 64 65  container was de
4bd0: 73 69 67 6e 65 64 20 74 6f 20 68 61 76 65 20 6e  signed to have n
4be0: 6f 6e 2d 72 6f 6f 74 20 75 73 65 72 73 20 69 6e  on-root users in
4bf0: 73 69 64 65 20 77 69 74 68 20 6d 65 61 6e 69 6e  side with meanin
4c00: 67 66 75 6c 20 64 69 73 74 69 6e 63 74 69 6f 6e  gful distinction
4c10: 73 20 66 72 6f 6d 20 72 6f 6f 74 2c 20 69 74 20  s from root, it 
4c20: 6d 61 79 20 72 65 71 75 69 72 65 20 6d 61 73 73  may require mass
4c30: 61 67 69 6e 67 20 74 6f 20 77 6f 72 6b 20 6f 6e  aging to work on
4c40: 20 52 6f 75 74 65 72 4f 53 2e 20 54 68 65 72 65   RouterOS. There
4c50: 20 61 72 65 20 6e 6f 20 55 49 44 20 6d 61 70 73   are no UID maps
4c60: 20 74 6f 20 63 6f 6e 76 65 72 74 20 69 6e 2d 63   to convert in-c
4c70: 6f 6e 74 61 69 6e 65 72 20 75 73 65 72 20 49 44  ontainer user ID
4c80: 73 20 74 6f 20 52 6f 75 74 65 72 4f 53 20 75 73  s to RouterOS us
4c90: 65 72 20 49 44 73 2c 20 65 74 63 2e 20 54 68 69  er IDs, etc. Thi
4ca0: 73 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 20  s is one of the 
4cb0: 6b 65 79 20 72 65 61 73 6f 6e 73 20 77 68 79 20  key reasons why 
4cc0: 69 74 20 6d 61 74 74 65 72 73 20 74 68 61 74 20  it matters that 
4cd0: 5b 63 6f 6e 74 61 69 6e 65 72 73 20 61 72 65 20  [containers are 
4ce0: 6e 6f 74 20 56 4d 73 5d 5b 63 76 6d 5d 3b 20 70  not VMs][cvm]; p
4cf0: 65 72 73 69 73 74 69 6e 67 20 69 6e 20 74 68 69  ersisting in thi
4d00: 73 20 6d 69 73 75 6e 64 65 72 73 74 61 6e 64 69  s misunderstandi
4d10: 6e 67 20 69 73 20 6c 69 61 62 6c 65 20 74 6f 20  ng is liable to 
4d20: 6c 65 61 64 20 79 6f 75 20 74 6f 20 67 72 69 65  lead you to grie
4d30: 66 20 75 6e 64 65 72 20 60 63 6f 6e 74 61 69 6e  f under `contain
4d40: 65 72 2e 6e 70 6b 60 2e 20 4c 65 74 20 67 6f 20  er.npk`. Let go 
4d50: 6f 66 20 79 6f 75 72 20 70 72 65 63 6f 6e 63 65  of your preconce
4d60: 70 74 69 6f 6e 73 20 61 6e 64 20 75 73 65 20 74  ptions and use t
4d70: 68 65 20 52 6f 75 74 65 72 4f 53 20 63 6f 6e 74  he RouterOS cont
4d80: 61 69 6e 65 72 20 72 75 6e 6e 65 72 20 74 68 65  ainer runner the
4d90: 20 77 61 79 20 69 74 20 77 61 73 20 6d 65 61 6e   way it was mean
4da0: 74 20 74 6f 20 62 65 20 61 70 70 6c 69 65 64 3a  t to be applied:
4db0: 20 72 75 6e 6e 69 6e 67 20 77 65 6c 6c 2d 66 6f   running well-fo
4dc0: 63 75 73 65 64 20 73 69 6e 67 6c 65 20 73 65 72  cused single ser
4dd0: 76 69 63 65 73 2e 28 5e 54 68 69 73 20 70 68 69  vices.(^This phi
4de0: 6c 6f 73 6f 70 68 79 20 69 73 20 6e 6f 74 20 73  losophy is not s
4df0: 70 65 63 69 66 69 63 20 74 6f 20 52 6f 75 74 65  pecific to Route
4e00: 72 4f 53 2c 20 6e 6f 72 20 69 73 20 69 74 20 73  rOS, nor is it s
4e10: 70 65 63 69 61 6c 20 70 6c 65 61 64 69 6e 67 20  pecial pleading 
4e20: 6f 6e 20 69 74 73 20 62 65 68 61 6c 66 2c 20 6d  on its behalf, m
4e30: 65 61 6e 74 20 74 6f 20 6a 75 73 74 69 66 79 20  eant to justify 
4e40: 69 74 73 20 6c 69 6d 69 74 61 74 69 6f 6e 73 2e  its limitations.
4e50: 20 5b 4d 69 63 72 6f 73 65 72 76 69 63 65 73 5d   [Microservices]
4e60: 5b 6d 73 63 5d 20 61 72 65 20 67 6f 6f 64 20 69  [msc] are good i
4e70: 64 65 61 20 61 74 6f 70 20 5f 61 6c 6c 5f 20 63  dea atop _all_ c
4e80: 6f 6e 74 61 69 6e 65 72 20 72 75 6e 74 69 6d 65  ontainer runtime
4e90: 73 2e 29 0d 0a 0d 0a 5b 63 76 6d 5d 3a 20 2f 77  s.)....[cvm]: /w
4ea0: 69 6b 69 3f 6e 61 6d 65 3d 43 6f 6e 74 61 69 6e  iki?name=Contain
4eb0: 65 72 73 25 32 30 41 72 65 25 32 30 4e 6f 74 25  ers%20Are%20Not%
4ec0: 32 30 56 4d 73 0d 0a 5b 64 72 6c 5d 3a 20 68 74  20VMs..[drl]: ht
4ed0: 74 70 73 3a 2f 2f 64 6f 63 73 2e 64 6f 63 6b 65  tps://docs.docke
4ee0: 72 2e 63 6f 6d 2f 65 6e 67 69 6e 65 2f 73 65 63  r.com/engine/sec
4ef0: 75 72 69 74 79 2f 72 6f 6f 74 6c 65 73 73 2f 0d  urity/rootless/.
4f00: 0a 5b 6d 73 63 5d 3a 20 68 74 74 70 73 3a 2f 2f  .[msc]: https://
4f10: 77 77 77 2e 62 6d 63 2e 63 6f 6d 2f 62 6c 6f 67  www.bmc.com/blog
4f20: 73 2f 63 6f 6e 74 61 69 6e 65 72 73 2d 76 73 2d  s/containers-vs-
4f30: 6d 69 63 72 6f 73 65 72 76 69 63 65 73 2f 0d 0a  microservices/..
4f40: 5b 70 72 6c 5d 3a 20 68 74 74 70 73 3a 2f 2f 64  [prl]: https://d
4f50: 65 76 65 6c 6f 70 65 72 73 2e 72 65 64 68 61 74  evelopers.redhat
4f60: 2e 63 6f 6d 2f 62 6c 6f 67 2f 32 30 32 30 2f 30  .com/blog/2020/0
4f70: 39 2f 32 35 2f 72 6f 6f 74 6c 65 73 73 2d 63 6f  9/25/rootless-co
4f80: 6e 74 61 69 6e 65 72 73 2d 77 69 74 68 2d 70 6f  ntainers-with-po
4f90: 64 6d 61 6e 2d 74 68 65 2d 62 61 73 69 63 73 0d  dman-the-basics.
4fa0: 0a 0d 0a 0d 0a 0d 0a 23 20 3c 61 20 69 64 3d 22  .......# <a id="
4fb0: 63 70 75 22 3e 3c 2f 61 3e 43 50 55 20 4c 69 6d  cpu"></a>CPU Lim
4fc0: 69 74 61 74 69 6f 6e 73 0d 0a 0d 0a 54 68 69 73  itations....This
4fd0: 20 6c 69 6d 69 74 61 74 69 6f 6e 20 63 6f 6d 65   limitation come
4fe0: 73 20 69 6e 20 74 77 6f 20 73 75 62 63 6c 61 73  s in two subclas
4ff0: 73 65 73 3a 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20  ses:......## <a 
5000: 69 64 3d 22 65 6d 75 22 3e 3c 2f 61 3e 54 68 65  id="emu"></a>The
5010: 72 65 20 49 73 20 4e 6f 20 42 75 69 6c 74 2d 49  re Is No Built-I
5020: 6e 20 43 50 55 20 45 6d 75 6c 61 74 69 6f 6e 0d  n CPU Emulation.
5030: 0a 0d 0a 44 6f 63 6b 65 72 20 6c 65 74 73 20 79  ...Docker lets y
5040: 6f 75 20 72 75 6e 20 61 6e 20 69 6d 61 67 65 20  ou run an image 
5050: 62 75 69 6c 74 20 66 6f 72 20 61 6e 6f 74 68 65  built for anothe
5060: 72 20 61 72 63 68 69 74 65 63 74 75 72 65 20 6f  r architecture o
5070: 6e 20 79 6f 75 72 20 6c 6f 63 61 6c 20 73 79 73  n your local sys
5080: 74 65 6d 20 74 68 72 6f 75 67 68 20 74 72 61 6e  tem through tran
5090: 73 70 61 72 65 6e 74 20 43 50 55 20 65 6d 75 6c  sparent CPU emul
50a0: 61 74 69 6f 6e 2e 20 49 66 20 79 6f 75 20 61 72  ation. If you ar
50b0: 65 20 6f 6e 20 61 6e 20 78 38 36 5f 36 34 20 68  e on an x86_64 h
50c0: 6f 73 74 2c 20 74 68 69 73 20 63 6f 6d 6d 61 6e  ost, this comman
50d0: 64 20 73 68 6f 75 6c 64 20 64 72 6f 70 20 79 6f  d should drop yo
50e0: 75 20 69 6e 74 6f 20 61 6e 20 41 6c 70 69 6e 65  u into an Alpine
50f0: 20 73 68 65 6c 6c 3a 0d 0a 0d 0a 20 20 20 20 24   shell:....    $
5100: 20 64 6f 63 6b 65 72 20 72 75 6e 20 2d 2d 72 6d   docker run --rm
5110: 20 2d 69 74 20 2d 2d 70 6c 61 74 66 6f 72 6d 20   -it --platform 
5120: 6c 69 6e 75 78 2f 61 72 6d 36 34 20 61 6c 70 69  linux/arm64 alpi
5130: 6e 65 3a 6c 61 74 65 73 74 0d 0a 0d 0a 54 68 65  ne:latest....The
5140: 20 73 61 6d 65 20 77 69 6c 6c 20 77 6f 72 6b 20   same will work 
5150: 6f 6e 20 72 65 63 65 6e 74 20 76 65 72 73 69 6f  on recent versio
5160: 6e 73 20 6f 66 20 50 6f 64 6d 61 6e 2c 20 61 6e  ns of Podman, an
5170: 64 20 79 6f 75 20 63 61 6e 20 67 65 74 20 69 74  d you can get it
5180: 20 74 6f 20 77 6f 72 6b 20 6f 6e 20 6f 6c 64 20   to work on old 
5190: 76 65 72 73 69 6f 6e 73 20 6f 66 20 50 6f 64 6d  versions of Podm
51a0: 61 6e 20 77 69 74 68 20 61 20 62 69 74 20 6f 66  an with a bit of
51b0: 20 6d 61 6e 75 61 6c 20 73 65 74 75 70 2e 28 5e   manual setup.(^
51c0: 49 74 e2 80 99 73 20 6f 66 66 2d 74 6f 70 69 63  It’s off-topic
51d0: 20 74 6f 20 67 6f 20 69 6e 74 6f 20 74 68 65 20   to go into the 
51e0: 64 65 74 61 69 6c 73 20 68 65 72 65 2c 20 62 75  details here, bu
51f0: 74 20 69 74 20 61 6d 6f 75 6e 74 73 20 74 6f 20  t it amounts to 
5200: e2 80 9c 60 70 6f 64 6d 61 6e 20 6d 61 63 68 69  “`podman machi
5210: 6e 65 20 73 73 68 60 e2 80 9d 20 66 6f 6c 6c 6f  ne ssh`” follo
5220: 77 65 64 20 62 79 20 61 20 e2 80 9c 60 64 6e 66  wed by a “`dnf
5230: 20 69 6e 73 74 61 6c 6c 20 71 65 6d 75 2d 73 74   install qemu-st
5240: 61 74 69 63 2d 2a 60 e2 80 9d 20 63 6f 6d 6d 61  atic-*`” comma
5250: 6e 64 2e 29 0d 0a 0d 0a 46 6f 72 20 74 68 61 74  nd.)....For that
5260: 20 74 6f 20 77 6f 72 6b 20 75 6e 64 65 72 20 60   to work under `
5270: 63 6f 6e 74 61 69 6e 65 72 2e 6e 70 6b 60 2c 20  container.npk`, 
5280: 74 68 65 20 52 6f 75 74 65 72 4f 53 20 64 65 76  the RouterOS dev
5290: 65 6c 6f 70 65 72 73 20 77 6f 75 6c 64 20 68 61  elopers would ha
52a0: 76 65 20 74 6f 20 73 68 69 70 20 74 68 65 20 51  ve to ship the Q
52b0: 45 4d 55 20 61 6e 64 20 4c 69 6e 75 78 20 6b 65  EMU and Linux ke
52c0: 72 6e 65 6c 20 5b 60 62 69 6e 66 6d 74 5f 6d 69  rnel [`binfmt_mi
52d0: 73 63 60 5d 28 68 74 74 70 73 3a 2f 2f 65 6e 2e  sc`](https://en.
52e0: 77 69 6b 69 70 65 64 69 61 2e 6f 72 67 2f 77 69  wikipedia.org/wi
52f0: 6b 69 2f 42 69 6e 66 6d 74 5f 6d 69 73 63 29 20  ki/Binfmt_misc) 
5300: 62 72 69 64 67 65 73 20 6e 65 65 64 65 64 20 74  bridges needed t
5310: 6f 20 67 65 74 20 74 68 65 20 4f 53 20 74 6f 20  o get the OS to 
5320: 61 63 63 65 70 74 20 74 68 65 73 65 20 e2 80 9c  accept these “
5330: 66 6f 72 65 69 67 6e e2 80 9d 20 62 69 6e 61 72  foreign” binar
5340: 69 65 73 2e 20 53 69 6e 63 65 20 69 74 20 77 6f  ies. Since it wo
5350: 75 6c 64 20 61 70 70 72 6f 78 69 6d 61 74 65 6c  uld approximatel
5360: 79 20 64 6f 75 62 6c 65 20 74 68 65 20 73 69 7a  y double the siz
5370: 65 20 6f 66 20 52 6f 75 74 65 72 4f 53 20 74 6f  e of RouterOS to
5380: 20 64 6f 20 74 68 69 73 20 66 6f 72 20 61 6c 6c   do this for all
5390: 20 74 68 65 20 70 6f 70 75 6c 61 72 20 43 50 55   the popular CPU
53a0: 20 61 72 63 68 69 74 65 63 74 75 72 65 73 2c 20   architectures, 
53b0: 74 68 65 79 20 6e 61 74 75 72 61 6c 6c 79 20 63  they naturally c
53c0: 68 6f 73 65 20 5f 6e 6f 74 5f 20 74 6f 20 64 6f  hose _not_ to do
53d0: 20 74 68 69 73 2e 0d 0a 0d 0a 57 68 61 74 20 74   this.....What t
53e0: 68 69 73 20 6d 65 61 6e 73 20 69 6e 20 70 72 61  his means in pra
53f0: 63 74 69 63 65 20 69 73 20 74 68 61 74 20 79 6f  ctice is that yo
5400: 75 20 68 61 76 65 20 74 6f 20 62 65 20 73 75 72  u have to be sur
5410: 65 20 74 68 65 20 69 6d 61 67 65 73 20 79 6f 75  e the images you
5420: 20 77 61 6e 74 20 74 6f 20 75 73 65 20 77 65 72   want to use wer
5430: 65 20 62 75 69 6c 74 20 66 6f 72 20 74 68 65 20  e built for the 
5440: 43 50 55 20 74 79 70 65 20 69 6e 20 79 6f 75 72  CPU type in your
5450: 20 52 6f 75 74 65 72 4f 53 20 64 65 76 69 63 65   RouterOS device
5460: 2e 20 54 68 69 73 20 69 73 20 74 72 75 65 20 65  . This is true e
5470: 76 65 6e 20 62 65 74 77 65 65 6e 20 63 6c 6f 73  ven between clos
5480: 65 6c 79 2d 72 65 6c 61 74 65 64 20 70 6c 61 74  ely-related plat
5490: 66 6f 72 6d 73 2e 20 41 6e 20 41 52 4d 36 34 20  forms. An ARM64 
54a0: 72 6f 75 74 65 72 20 77 6f 6e e2 80 99 74 20 72  router won’t r
54b0: 75 6e 20 61 20 33 32 2d 62 69 74 20 41 52 4d 76  un a 32-bit ARMv
54c0: 37 20 69 6d 61 67 65 2c 20 69 66 20 6f 6e 6c 79  7 image, if only
54d0: 20 62 65 63 61 75 73 65 20 69 74 20 77 69 6c 6c   because it will
54e0: 20 61 73 73 75 6d 65 20 61 20 33 32 2d 62 69 74   assume a 32-bit
54f0: 20 4c 69 6e 75 78 20 6b 65 72 6e 65 6c 20 73 79   Linux kernel sy
5500: 73 63 61 6c 6c 20 69 6e 74 65 72 66 61 63 65 2e  scall interface.
5510: 0d 0a 0d 0a 3c 61 20 69 64 3d 22 71 65 6d 75 22  ....<a id="qemu"
5520: 3e 3c 2f 61 3e 54 68 65 72 65 20 69 73 20 61 6e  ></a>There is an
5530: 20 65 78 63 65 70 74 69 6f 6e 3a 20 79 6f 75 20   exception: you 
5540: 63 61 6e 20 73 68 69 70 20 79 6f 75 72 20 6f 77  can ship your ow
5550: 6e 20 43 50 55 20 65 6d 75 6c 61 74 69 6f 6e 2e  n CPU emulation.
5560: 20 54 61 6b 65 20 5b 74 68 69 73 20 74 68 72 65   Take [this thre
5570: 61 64 5d 28 68 74 74 70 73 3a 2f 2f 66 6f 72 75  ad](https://foru
5580: 6d 2e 6d 69 6b 72 6f 74 69 6b 2e 63 6f 6d 2f 76  m.mikrotik.com/v
5590: 69 65 77 74 6f 70 69 63 2e 70 68 70 3f 74 3d 31  iewtopic.php?t=1
55a0: 38 39 34 38 35 29 2c 20 66 6f 72 20 65 78 61 6d  89485), for exam
55b0: 70 6c 65 2c 20 77 68 69 63 68 20 64 65 73 63 72  ple, which descr
55c0: 69 62 65 73 20 61 20 63 6f 6e 74 61 69 6e 65 72  ibes a container
55d0: 20 74 68 61 74 20 62 75 6e 64 6c 65 73 20 74 68   that bundles th
55e0: 65 20 33 32 2d 62 69 74 20 49 6e 74 65 6c 2d 63  e 32-bit Intel-c
55f0: 6f 6d 70 69 6c 65 64 20 60 6e 65 74 69 6e 73 74  ompiled `netinst
5600: 61 6c 6c 2d 63 6c 69 60 20 4c 69 6e 75 78 20 62  all-cli` Linux b
5610: 69 6e 61 72 79 20 61 6c 6f 6e 67 20 77 69 74 68  inary along with
5620: 20 61 6e 20 41 52 4d 20 62 75 69 6c 64 20 6f 66   an ARM build of
5630: 20 6f 66 20 60 71 65 6d 75 2d 69 33 38 36 60 20   of `qemu-i386` 
5640: 73 6f 20 74 68 61 74 20 69 74 20 77 69 6c 6c 20  so that it will 
5650: 72 75 6e 20 6f 6e 20 41 52 4d 20 52 6f 75 74 65  run on ARM Route
5660: 72 4f 53 20 62 6f 78 65 73 2e 20 46 6f 72 20 61  rOS boxes. For a
5670: 20 70 72 6f 63 65 73 73 20 74 68 61 74 20 69 73   process that is
5680: 6e e2 80 99 74 20 43 50 55 2d 62 6f 75 6e 64 20  n’t CPU-bound 
5690: e2 80 94 20 61 6e 64 20 4e 65 74 49 6e 73 74 61  — and NetInsta
56a0: 6c 6c 20 69 73 20 76 65 72 79 20 6d 75 63 68 20  ll is very much 
56b0: 49 2f 4f 2d 62 6f 75 6e 64 20 e2 80 94 20 74 68  I/O-bound — th
56c0: 69 73 20 63 61 6e 20 62 65 20 61 20 72 65 61 73  is can be a reas
56d0: 6f 6e 61 62 6c 65 20 73 6f 6c 75 74 69 6f 6e 20  onable solution 
56e0: 61 73 20 6c 6f 6e 67 20 61 73 20 79 6f 75 e2 80  as long as you�
56f0: 99 72 65 20 77 69 6c 6c 69 6e 67 20 74 6f 20 70  �re willing to p
5700: 61 79 20 74 68 65 20 7e 34 20 6d 65 67 73 20 74  ay the ~4 megs t
5710: 68 65 20 65 6d 75 6c 61 74 6f 72 20 74 61 6b 65  he emulator take
5720: 73 20 75 70 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61  s up.......## <a
5730: 20 69 64 3d 22 63 6f 6d 70 61 74 22 3e 3c 2f 61   id="compat"></a
5740: 3e 49 74 20 4f 6e 6c 79 20 53 75 70 70 6f 72 74  >It Only Support
5750: 73 20 49 6e 74 65 6c 20 61 6e 64 20 41 52 4d 0d  s Intel and ARM.
5760: 0a 0d 0a 4d 69 6b 72 6f 54 69 6b 20 68 61 73 20  ...MikroTik has 
5770: 73 68 69 70 70 65 64 20 61 6e 20 61 77 66 75 6c  shipped an awful
5780: 20 6c 6f 74 20 6f 66 20 4d 49 50 53 2d 62 61 73   lot of MIPS-bas
5790: 65 64 20 70 72 6f 64 75 63 74 20 6f 76 65 72 20  ed product over 
57a0: 74 68 65 20 79 65 61 72 73 2c 20 61 6e 64 20 69  the years, and i
57b0: 74 20 63 6f 6e 74 69 6e 75 65 73 20 74 6f 20 64  t continues to d
57c0: 6f 20 73 6f 2c 20 6d 6f 73 74 20 72 65 63 65 6e  o so, most recen
57d0: 74 6c 79 20 61 73 20 6f 66 20 74 68 69 73 20 77  tly as of this w
57e0: 72 69 74 69 6e 67 20 69 6e 20 74 68 65 69 72 20  riting in their 
57f0: 5b 43 52 53 35 31 38 2d 31 36 58 53 2d 32 58 51  [CRS518-16XS-2XQ
5800: 2d 52 4d 5d 28 68 74 74 70 73 3a 2f 2f 6d 69 6b  -RM](https://mik
5810: 72 6f 74 69 6b 2e 63 6f 6d 2f 70 72 6f 64 75 63  rotik.com/produc
5820: 74 2f 63 72 73 35 31 38 5f 31 36 78 73 5f 32 78  t/crs518_16xs_2x
5830: 71 29 2e 20 41 74 6f 70 20 74 68 61 74 2c 20 74  q). Atop that, t
5840: 68 65 72 65 20 61 72 65 20 6f 74 68 65 72 20 43  here are other C
5850: 50 55 20 61 72 63 68 69 74 65 63 74 75 72 65 73  PU architectures
5860: 20 69 6e 20 74 68 65 20 68 69 73 74 6f 72 69 63   in the historic
5870: 61 6c 20 6d 69 78 20 6c 69 6b 65 20 50 6f 77 65  al mix like Powe
5880: 72 50 43 20 61 6e 64 20 54 49 4c 45 2e 20 4d 69  rPC and TILE. Mi
5890: 6b 72 6f 54 69 6b 20 64 6f 65 73 6e e2 80 99 74  kroTik doesn’t
58a0: 20 73 68 69 70 20 61 20 60 63 6f 6e 74 61 69 6e   ship a `contain
58b0: 65 72 2e 6e 70 6b 60 20 66 6f 72 20 61 6e 79 20  er.npk` for any 
58c0: 6f 66 20 74 68 65 73 65 20 70 6c 61 74 66 6f 72  of these platfor
58d0: 6d 73 2e 0d 0a 0d 0a 42 75 74 20 77 68 79 20 6e  ms.....But why n
58e0: 6f 74 3f 0d 0a 0d 0a 54 6f 20 62 72 69 6e 67 20  ot?....To bring 
58f0: 75 70 20 65 61 63 68 20 6e 65 77 20 62 75 69 6c  up each new buil
5900: 64 20 74 61 72 67 65 74 2c 20 74 68 65 20 63 72  d target, the cr
5910: 65 61 74 6f 72 73 20 6f 66 20 79 6f 75 72 20 63  eators of your c
5920: 6f 6e 74 61 69 6e 65 72 20 62 75 69 6c 64 20 74  ontainer build t
5930: 6f 6f 6c 63 68 61 69 6e 20 6f 66 20 63 68 6f 69  oolchain of choi
5940: 63 65 20 6d 75 73 74 20 62 72 69 6e 67 20 74 6f  ce must bring to
5950: 67 65 74 68 65 72 3a 0d 0a 0d 0a 2a 20 61 20 51  gether:....* a Q
5960: 45 4d 55 20 65 6d 75 6c 61 74 6f 72 20 66 6f 72  EMU emulator for
5970: 20 74 68 65 20 74 61 72 67 65 74 20 73 79 73 74   the target syst
5980: 65 6d 0d 0a 2a 20 61 20 73 75 66 66 69 63 69 65  em..* a sufficie
5990: 6e 74 6c 79 20 63 6f 6d 70 6c 65 74 65 20 4c 69  ntly complete Li
59a0: 6e 75 78 20 64 69 73 74 72 6f 20 70 6f 72 74 65  nux distro porte
59b0: 64 20 74 6f 20 74 68 61 74 20 74 61 72 67 65 74  d to that target
59c0: 0d 0a 2a 20 74 68 65 20 60 62 69 6e 66 6d 74 5f  ..* the `binfmt_
59d0: 6d 69 73 63 60 20 6b 65 72 6e 65 6c 20 6d 6f 64  misc` kernel mod
59e0: 75 6c 65 73 20 74 68 61 74 20 74 69 65 20 74 68  ules that tie th
59f0: 65 73 65 20 74 77 6f 20 74 6f 67 65 74 68 65 72  ese two together
5a00: 0d 0a 0d 0a 51 45 4d 55 20 69 73 20 e2 80 9c 65  ....QEMU is “e
5a10: 61 73 79 e2 80 9d 20 69 6e 20 74 68 65 20 73 65  asy” in the se
5a20: 6e 73 65 20 74 68 61 74 20 74 68 65 20 68 61 72  nse that the har
5a30: 64 20 77 6f 72 6b 20 68 61 73 20 61 6c 72 65 61  d work has alrea
5a40: 64 79 20 62 65 65 6e 20 64 6f 6e 65 3b 20 74 68  dy been done; th
5a50: 65 72 65 20 61 72 65 20 51 45 4d 55 20 65 6d 75  ere are QEMU emu
5a60: 6c 61 74 6f 72 73 20 66 6f 72 20 65 76 65 72 79  lators for every
5a70: 20 43 50 55 20 74 79 70 65 20 4d 69 6b 72 6f 54   CPU type MikroT
5a80: 69 6b 20 65 76 65 72 20 73 68 69 70 70 65 64 2e  ik ever shipped.
5a90: 20 28 5b 44 65 74 61 69 6c 73 5d 28 68 74 74 70   ([Details](http
5aa0: 73 3a 2f 2f 77 77 77 2e 71 65 6d 75 2e 6f 72 67  s://www.qemu.org
5ab0: 2f 64 6f 63 73 2f 6d 61 73 74 65 72 2f 73 79 73  /docs/master/sys
5ac0: 74 65 6d 2f 74 61 72 67 65 74 73 2e 68 74 6d 6c  tem/targets.html
5ad0: 29 29 20 54 68 65 72 65 e2 80 99 73 20 61 20 70  )) There’s a p
5ae0: 61 72 74 69 61 6c 20 65 78 63 65 70 74 69 6f 6e  artial exception
5af0: 20 77 69 74 68 20 54 49 4c 45 2c 20 77 68 69 63   with TILE, whic
5b00: 68 20 6f 6e 63 65 20 65 78 69 73 74 65 64 20 69  h once existed i
5b10: 6e 20 51 45 4d 55 20 63 6f 72 65 20 62 75 74 20  n QEMU core but 
5b20: 68 61 73 20 62 65 65 6e 20 72 65 6d 6f 76 65 64  has been removed
5b30: 20 66 6f 72 20 79 65 61 72 73 2c 20 66 6f 6c 6c   for years, foll
5b40: 6f 77 69 6e 67 20 74 68 65 20 72 65 6d 6f 76 61  owing the remova
5b50: 6c 20 6f 66 20 54 49 4c 45 20 73 75 70 70 6f 72  l of TILE suppor
5b60: 74 20 66 72 6f 6d 20 74 68 65 20 4c 69 6e 75 78  t from the Linux
5b70: 20 6b 65 72 6e 65 6c 2e 20 54 68 65 20 74 68 69   kernel. The thi
5b80: 6e 67 20 69 73 2c 20 54 49 4c 45 20 68 61 73 6e  ng is, TILE hasn
5b90: e2 80 99 74 20 70 72 6f 67 72 65 73 73 65 64 20  ’t progressed 
5ba0: 69 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c  in the meantime,
5bb0: 20 73 6f 20 62 72 69 6e 67 69 6e 67 20 75 70 20   so bringing up 
5bc0: 61 20 51 45 4d 55 20 54 49 4c 45 20 65 6d 75 6c  a QEMU TILE emul
5bd0: 61 74 6f 72 20 73 68 6f 75 6c 64 20 62 65 20 61  ator should be a
5be0: 20 6d 61 74 74 65 72 20 6f 66 20 64 69 67 67 69   matter of diggi
5bf0: 6e 67 20 74 68 61 74 20 6f 6c 64 20 63 6f 64 65  ng that old code
5c00: 20 62 61 63 6b 20 6f 75 74 20 6f 66 20 73 6f 75   back out of sou
5c10: 72 63 65 20 63 6f 6e 74 72 6f 6c 2c 20 74 68 65  rce control, the
5c20: 6e 20 70 75 74 74 69 6e 67 20 69 6e 20 74 68 65  n putting in the
5c30: 20 77 6f 72 6b 20 74 6f 20 70 6f 72 74 20 69 74   work to port it
5c40: 20 74 6f 20 61 20 64 65 63 61 64 65 2d 6e 65 77   to a decade-new
5c50: 65 72 20 76 65 72 73 69 6f 6e 20 6f 66 20 4c 69  er version of Li
5c60: 6e 75 78 2e 0d 0a 0d 0a 54 68 65 20 62 69 6e 66  nux.....The binf
5c70: 6d 74 20 70 69 65 63 65 20 69 73 20 61 6c 73 6f  mt piece is also
5c80: 20 65 61 73 79 20 65 6e 6f 75 67 68 2e 0d 0a 0d   easy enough....
5c90: 0a 54 68 61 74 20 6c 65 61 76 65 73 20 74 68 65  .That leaves the
5ca0: 20 4c 69 6e 75 78 20 64 69 73 74 72 6f 73 20 66   Linux distros f
5cb0: 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 70 6c  or the target pl
5cc0: 61 74 66 6f 72 6d 73 2c 20 75 73 65 64 20 61 73  atforms, used as
5cd0: 20 63 6f 6e 74 61 69 6e 65 72 20 62 61 73 65 20   container base 
5ce0: 69 6d 61 67 65 73 2e 20 54 68 61 74 e2 80 99 73  images. That’s
5cf0: 20 74 68 65 20 74 72 75 65 20 73 74 69 63 6b 69   the true sticki
5d00: 6e 67 20 70 6f 69 6e 74 2e 0d 0a 0d 0a 4f 6e 65  ng point.....One
5d10: 20 6f 66 20 74 68 65 20 6d 6f 73 74 20 70 6f 77   of the most pow
5d20: 65 72 66 75 6c 20 69 64 65 61 73 20 69 6e 20 74  erful ideas in t
5d30: 68 65 20 4f 43 49 20 63 6f 6e 74 61 69 6e 65 72  he OCI container
5d40: 20 65 63 6f 73 70 68 65 72 65 20 69 73 20 74 68   ecosphere is th
5d50: 61 74 20 79 6f 75 20 64 6f 6e e2 80 99 74 20 63  at you don’t c
5d60: 72 6f 73 73 2d 63 6f 6d 70 69 6c 65 20 70 72 6f  ross-compile pro
5d70: 67 72 61 6d 73 2c 20 79 6f 75 20 62 6f 6f 74 20  grams, you boot 
5d80: 61 6e 20 5f 65 78 69 73 74 69 6e 67 5f 20 4c 69  an _existing_ Li
5d90: 6e 75 78 20 64 69 73 74 72 6f 20 69 6d 61 67 65  nux distro image
5da0: 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20   for the target 
5db0: 70 6c 61 74 66 6f 72 6d 20 75 6e 64 65 72 20 51  platform under Q
5dc0: 45 4d 55 2c 20 74 68 65 6e 20 75 73 65 20 74 68  EMU, then use th
5dd0: 65 20 6e 61 74 69 76 65 20 74 6f 6f 6c 69 6e 67  e native tooling
5de0: 20 74 6f 20 70 72 6f 64 75 63 65 20 e2 80 9c 6e   to produce “n
5df0: 61 74 69 76 65 e2 80 9d 20 62 69 6e 61 72 69 65  ative” binarie
5e00: 73 2c 20 77 68 69 63 68 20 74 68 65 20 60 62 69  s, which the `bi
5e10: 6e 66 6d 74 5f 6d 69 73 63 60 20 70 69 65 63 65  nfmt_misc` piece
5e20: 20 74 68 65 6e 20 74 75 72 6e 73 20 62 61 63 6b   then turns back
5e30: 20 61 72 6f 75 6e 64 20 61 6e 64 20 72 75 6e 73   around and runs
5e40: 20 75 6e 64 65 72 20 51 45 4d 55 20 61 67 61 69   under QEMU agai
5e50: 6e 2e 0d 0a 0d 0a 49 74 e2 80 99 73 20 61 20 6c  n.....It’s a l
5e60: 6f 74 20 6f 66 20 77 6f 72 6b 20 74 6f 20 67 65  ot of work to ge
5e70: 74 20 61 20 73 69 6e 67 6c 65 20 6e 65 77 20 4c  t a single new L
5e80: 69 6e 75 78 20 64 69 73 74 72 6f 20 77 6f 72 6b  inux distro work
5e90: 69 6e 67 20 75 6e 64 65 72 20 60 62 75 69 6c 64  ing under `build
5ea0: 78 60 2c 20 65 76 65 6e 20 69 66 20 79 6f 75 20  x`, even if you 
5eb0: 73 74 61 72 74 20 77 69 74 68 20 61 6e 20 65 78  start with an ex
5ec0: 69 73 74 69 6e 67 20 74 68 69 72 64 2d 70 61 72  isting third-par
5ed0: 74 79 20 70 6f 72 74 20 73 75 63 68 20 61 73 20  ty port such as 
5ee0: 74 68 65 20 4d 61 63 20 50 50 43 20 62 75 69 6c  the Mac PPC buil
5ef0: 64 73 20 6f 66 20 55 62 75 6e 74 75 2e 20 47 6f  ds of Ubuntu. Go
5f00: 6f 64 20 6c 75 63 6b 20 69 66 20 79 6f 75 20 77  od luck if you w
5f10: 61 6e 74 20 74 6f 20 73 75 70 70 6f 72 74 20 61  ant to support a
5f20: 6e 20 6f 64 64 62 61 6c 6c 20 43 50 55 20 6c 69  n oddball CPU li
5f30: 6b 65 20 54 49 4c 45 2c 20 74 68 6f 75 67 68 2e  ke TILE, though.
5f40: 0d 0a 0d 0a 42 75 74 20 74 68 65 6e 2c 20 68 61  ....But then, ha
5f50: 76 69 6e 67 20 64 6f 6e 65 20 73 6f 2c 20 79 6f  ving done so, yo
5f60: 75 e2 80 99 72 65 20 69 6e 20 61 20 66 72 65 73  u’re in a fres
5f70: 68 20 6a 61 6d 20 77 68 65 6e 20 79 6f 75 20 74  h jam when you t
5f80: 72 79 20 74 6f 20 72 65 62 75 69 6c 64 20 61 6e  ry to rebuild an
5f90: 20 65 78 69 73 74 69 6e 67 20 63 6f 6e 74 61 69   existing contai
5fa0: 6e 65 72 20 74 68 61 74 20 73 61 79 73 20 e2 80  ner that says �
5fb0: 9c 60 46 52 4f 4d 60 e2 80 9d 20 73 6f 6d 65 74  �`FROM`” somet
5fc0: 68 69 6e 67 20 65 6c 73 65 3b 20 60 75 62 69 39  hing else; `ubi9
5fd0: 60 2c 20 66 6f 72 20 69 6e 73 74 61 6e 63 65 2e  `, for instance.
5fe0: 20 44 6f 20 79 6f 75 20 72 65 70 65 61 74 20 61   Do you repeat a
5ff0: 6c 6c 20 74 68 61 74 20 70 6f 72 74 69 6e 67 20  ll that porting 
6000: 77 6f 72 6b 20 66 6f 72 20 52 48 45 4c e2 80 99  work for RHEL’
6010: 73 20 5b 55 42 49 5d 28 68 74 74 70 73 3a 2f 2f  s [UBI](https://
6020: 77 77 77 2e 72 65 64 68 61 74 2e 63 6f 6d 2f 65  www.redhat.com/e
6030: 6e 2f 62 6c 6f 67 2f 69 6e 74 72 6f 64 75 63 69  n/blog/introduci
6040: 6e 67 2d 72 65 64 2d 68 61 74 2d 75 6e 69 76 65  ng-red-hat-unive
6050: 72 73 61 6c 2d 62 61 73 65 2d 69 6d 61 67 65 29  rsal-base-image)
6060: 2c 20 6f 72 20 64 6f 20 79 6f 75 20 65 78 70 65  , or do you expe
6070: 6e 64 20 74 68 65 20 6c 65 73 73 65 72 20 65 66  nd the lesser ef
6080: 66 6f 72 74 20 74 6f 20 70 6f 72 74 20 74 68 65  fort to port the
6090: 20 63 6f 6e 74 61 69 6e 65 72 20 66 72 6f 6d 20   container from 
60a0: 52 48 45 4c 20 74 6f 20 74 68 65 20 55 62 75 6e  RHEL to the Ubun
60b0: 74 75 20 69 6d 61 67 65 20 62 61 73 65 20 79 6f  tu image base yo
60c0: 75 20 61 6c 72 65 61 64 79 20 68 61 76 65 3f 0d  u already have?.
60d0: 0a 0d 0a 54 68 65 6e 20 79 6f 75 20 63 6f 6d 65  ...Then you come
60e0: 20 61 63 72 6f 73 73 20 6f 6e 65 20 6f 66 20 74   across one of t
60f0: 68 65 20 68 75 67 65 20 6e 75 6d 62 65 72 20 6f  he huge number o
6100: 66 20 63 6f 6e 74 61 69 6e 65 72 73 20 62 61 73  f containers bas
6110: 65 64 20 6f 6e 20 41 6c 70 69 6e 65 2c 20 61 6e  ed on Alpine, an
6120: 64 20 79 6f 75 e2 80 99 72 65 20 62 61 63 6b 20  d you’re back 
6130: 69 6e 20 74 68 65 20 73 6f 75 70 20 61 67 61 69  in the soup agai
6140: 6e 2e 20 57 68 69 6c 65 20 5b 69 74 73 20 43 50  n. While [its CP
6150: 55 20 73 75 70 70 6f 72 74 20 6c 69 73 74 5d 28  U support list](
6160: 68 74 74 70 73 3a 2f 2f 77 69 6b 69 2e 61 6c 70  https://wiki.alp
6170: 69 6e 65 6c 69 6e 75 78 2e 6f 72 67 2f 77 69 6b  inelinux.org/wik
6180: 69 2f 52 65 71 75 69 72 65 6d 65 6e 74 73 29 20  i/Requirements) 
6190: 69 73 20 62 72 6f 61 64 65 72 20 74 68 61 6e 20  is broader than 
61a0: 5b 74 68 65 20 6f 6e 65 20 66 6f 72 20 55 62 75  [the one for Ubu
61b0: 6e 74 75 5d 28 68 74 74 70 73 3a 2f 2f 75 62 75  ntu](https://ubu
61c0: 6e 74 75 2e 63 6f 6d 2f 63 70 75 2d 63 6f 6d 70  ntu.com/cpu-comp
61d0: 61 74 69 62 69 6c 69 74 79 29 2c 20 74 68 65 72  atibility), ther
61e0: 65 20 69 73 20 6e 6f 20 54 49 4c 45 20 6f 72 20  e is no TILE or 
61f0: 4d 49 50 53 20 61 74 20 61 6c 6c 2c 20 61 6e 64  MIPS at all, and
6200: 20 69 74 73 20 50 50 43 20 73 75 70 70 6f 72 74   its PPC support
6210: 20 69 73 20 36 34 2d 62 69 74 20 6f 6e 6c 79 2e   is 64-bit only.
6220: 20 41 72 65 20 79 6f 75 20 67 6f 69 6e 67 20 74   Are you going t
6230: 6f 20 70 6f 72 74 20 74 68 65 20 41 6c 70 69 6e  o port the Alpin
6240: 65 20 62 61 73 65 20 69 6d 61 67 65 20 61 6e 64  e base image and
6250: 20 65 6e 6f 75 67 68 20 6f 66 20 69 74 73 20 70   enough of its p
6260: 61 63 6b 61 67 65 20 72 65 70 6f 73 69 74 6f 72  ackage repositor
6270: 79 20 74 6f 20 67 65 74 20 79 6f 75 72 20 63 6f  y to get your co
6280: 6e 74 61 69 6e 65 72 20 62 75 69 6c 64 69 6e 67  ntainer building
6290: 3f 0d 0a 0d 0a 54 68 65 6e 20 74 68 65 72 65 e2  ?....Then there�
62a0: 80 99 73 20 44 65 62 69 61 6e 2c 20 61 6e 6f 74  ��s Debian, anot
62b0: 68 65 72 20 70 6f 70 75 6c 61 72 20 4f 43 49 20  her popular OCI 
62c0: 69 6d 61 67 65 20 62 61 73 65 2c 20 6f 6e 65 20  image base, one 
62d0: 74 68 61 74 e2 80 99 73 20 62 65 65 6e 20 70 6f  that’s been po
62e0: 72 74 65 64 20 74 6f 20 61 20 6c 6f 74 20 6f 66  rted to a lot of
62f0: 20 73 74 72 61 6e 67 65 20 70 6c 61 74 66 6f 72   strange platfor
6300: 6d 73 2c 20 62 75 74 20 63 68 61 6e 63 65 73 20  ms, but chances 
6310: 61 72 65 20 74 68 61 74 20 69 74 20 77 61 73 20  are that it was 
6320: 73 6f 6d 65 6f 6e 65 e2 80 99 73 20 77 69 6c 64  someone’s wild
6330: 20 70 72 6f 6a 65 63 74 2c 20 6e 6f 77 20 61 62   project, now ab
6340: 61 6e 64 6f 6e 65 64 2e 20 49 74 e2 80 99 73 20  andoned. It’s 
6350: 6c 69 6b 65 6c 79 20 74 68 65 20 41 50 54 20 70  likely the APT p
6360: 61 63 6b 61 67 65 20 72 65 70 6f 20 69 73 6e e2  ackage repo isn�
6370: 80 99 74 20 77 6f 72 6b 69 6e 67 20 61 6e 79 20  ��t working any 
6380: 6d 6f 72 65 2c 20 66 6f 72 20 6f 6e 65 2c 20 62  more, for one, b
6390: 65 63 61 75 73 65 20 77 68 6f 20 77 61 6e 74 73  ecause who wants
63a0: 20 74 6f 20 68 6f 73 74 20 61 20 68 75 67 65 20   to host a huge 
63b0: 73 65 74 20 6f 66 20 70 61 63 6b 61 67 65 73 20  set of packages 
63c0: 66 6f 72 20 61 20 64 65 61 64 20 70 72 6f 6a 65  for a dead proje
63d0: 63 74 3f 0d 0a 0d 0a 49 6e 20 62 72 69 65 66 2c  ct?....In brief,
63e0: 20 74 68 65 20 72 65 61 73 6f 6e 20 4d 69 6b 72   the reason Mikr
63f0: 6f 54 69 6b 20 64 6f 65 73 6e e2 80 99 74 20 73  oTik doesn’t s
6400: 68 69 70 20 60 63 6f 6e 74 61 69 6e 65 72 2e 6e  hip `container.n
6410: 70 6b 60 20 66 6f 72 20 33 32 2d 62 69 74 20 50  pk` for 32-bit P
6420: 50 43 2c 20 33 32 2d 62 69 74 20 4d 49 50 53 2c  PC, 32-bit MIPS,
6430: 20 61 6e 64 20 54 49 4c 45 20 69 73 20 74 68 61   and TILE is tha
6440: 74 20 74 68 65 72 65 20 61 72 65 20 66 65 77 20  t there are few 
6450: 4c 69 6e 75 78 20 64 69 73 74 72 6f 20 69 6d 61  Linux distro ima
6460: 67 65 73 20 69 6e 20 4f 43 49 20 66 6f 72 6d 61  ges in OCI forma
6470: 74 20 74 6f 20 75 73 65 20 61 73 20 62 61 73 65  t to use as base
6480: 20 69 6d 61 67 65 73 2c 20 61 6e 64 20 69 74 20   images, and it 
6490: 69 73 6e e2 80 99 74 20 67 72 65 61 74 6c 79 20  isn’t greatly 
64a0: 69 6e 20 74 68 65 69 72 20 69 6e 74 65 72 65 73  in their interes
64b0: 74 20 74 6f 20 70 75 6c 6c 20 74 68 61 74 20 74  t to pull that t
64c0: 6f 67 65 74 68 65 72 20 61 6c 6f 6e 67 20 77 69  ogether along wi
64d0: 74 68 20 74 68 65 20 51 45 4d 55 20 61 6e 64 20  th the QEMU and 
64e0: 60 62 69 6e 66 6d 74 5f 6d 69 73 63 60 20 70 69  `binfmt_misc` pi
64f0: 65 63 65 73 20 66 6f 72 20 79 6f 75 2c 20 6e 6f  eces for you, no
6500: 72 20 69 73 20 69 74 20 69 6e 20 74 68 65 20 66  r is it in the f
6510: 69 6e 61 6e 63 69 61 6c 20 69 6e 74 65 72 65 73  inancial interes
6520: 74 20 6f 66 20 44 6f 63 6b 65 72 2c 20 50 6f 64  t of Docker, Pod
6530: 6d 61 6e 2c 20 65 74 63 2e 0d 0a 0d 0a 54 68 65  man, etc.....The
6540: 72 65 e2 80 99 73 20 6e 6f 74 68 69 6e 67 20 73  re’s nothing s
6550: 74 6f 70 70 69 6e 67 20 61 6e 79 6f 6e 65 20 72  topping anyone r
6560: 65 61 64 69 6e 67 20 74 68 69 73 20 74 68 61 74  eading this that
6570: 20 68 61 73 20 74 68 65 20 73 6b 69 6c 6c 20 61   has the skill a
6580: 6e 64 20 6d 6f 74 69 76 61 74 69 6f 6e 20 74 6f  nd motivation to
6590: 20 64 6f 20 74 68 69 73 20 66 72 6f 6d 20 64 6f   do this from do
65a0: 69 6e 67 20 73 6f 2c 20 62 75 74 20 79 6f 75 e2  ing so, but you�
65b0: 80 99 6c 6c 20 68 61 76 65 20 74 6f 20 70 72 6f  ��ll have to pro
65c0: 76 65 20 6f 75 74 20 79 6f 75 72 20 63 6f 6e 74  ve out your cont
65d0: 61 69 6e 65 72 73 20 75 6e 64 65 72 20 65 6d 75  ainers under emu
65e0: 6c 61 74 69 6f 6e 2e 20 4e 6f 74 20 75 6e 74 69  lation. Not unti
65f0: 6c 20 74 68 65 6e 20 64 6f 20 49 20 73 65 65 20  l then do I see 
6600: 4d 69 6b 72 6f 54 69 6b 20 62 65 69 6e 67 20 66  MikroTik being f
6610: 6f 72 63 65 64 20 74 6f 20 74 61 6b 65 20 6e 6f  orced to take no
6620: 74 69 63 65 20 61 6e 64 20 70 72 6f 76 69 64 65  tice and provide
6630: 20 61 20 62 75 69 6c 64 20 6f 66 20 60 63 6f 6e   a build of `con
6640: 74 61 69 6e 65 72 2e 6e 70 6b 60 20 66 6f 72 20  tainer.npk` for 
6650: 74 68 61 74 20 70 6c 61 74 66 6f 72 6d 2e 20 49  that platform. I
6660: 74 e2 80 99 73 20 6e 6f 74 20 71 75 69 74 65 20  t’s not quite 
6670: 61 20 63 6c 61 73 73 69 63 20 63 68 69 63 6b 65  a classic chicke
6680: 6e 2d 61 6e 64 2d 65 67 67 20 73 69 74 75 61 74  n-and-egg situat
6690: 69 6f 6e 2c 20 62 75 74 20 49 20 63 61 6e e2 80  ion, but I can�
66a0: 99 74 20 69 67 6e 6f 72 65 20 74 68 65 20 68 69  �t ignore the hi
66b0: 73 73 20 6f 66 20 72 61 64 69 6f 20 73 69 6c 65  ss of radio sile
66c0: 6e 63 65 20 49 20 67 6f 74 20 69 6e 20 72 65 73  nce I got in res
66d0: 70 6f 6e 73 65 20 74 6f 20 5b 74 68 69 73 20 63  ponse to [this c
66e0: 68 61 6c 6c 65 6e 67 65 5d 28 68 74 74 70 73 3a  hallenge](https:
66f0: 2f 2f 66 6f 72 75 6d 2e 6d 69 6b 72 6f 74 69 6b  //forum.mikrotik
6700: 2e 63 6f 6d 2f 76 69 65 77 74 6f 70 69 63 2e 70  .com/viewtopic.p
6710: 68 70 3f 74 3d 32 30 34 38 36 38 23 70 31 30 35  hp?t=204868#p105
6720: 38 33 35 31 29 20 6f 6e 20 74 68 65 20 66 6f 72  8351) on the for
6730: 75 6d 2e 0d 0a 0d 0a 55 6e 74 69 6c 20 73 6f 6d  um.....Until som
6740: 65 6f 6e 65 20 62 72 65 61 6b 73 20 74 68 69 73  eone breaks this
6750: 20 6c 6f 67 6a 61 6d 2c 20 69 74 e2 80 99 73 20   logjam, it’s 
6760: 66 61 69 72 20 65 6e 6f 75 67 68 20 74 6f 20 73  fair enough to s
6770: 61 79 20 74 68 61 74 20 52 6f 75 74 65 72 4f 53  ay that RouterOS
6780: e2 80 99 73 20 63 6f 6e 74 61 69 6e 65 72 20 72  ’s container r
6790: 75 6e 6e 65 72 20 6f 6e 6c 79 20 73 75 70 70 6f  unner only suppo
67a0: 72 74 73 20 41 52 4d 20 61 6e 64 20 49 6e 74 65  rts ARM and Inte
67b0: 6c 20 43 50 55 73 2e 0d 0a 0d 0a 0d 0a 23 20 3c  l CPUs.......# <
67c0: 61 20 69 64 3d 22 74 6c 63 22 3e 3c 2f 61 3e 54  a id="tlc"></a>T
67d0: 6f 70 2d 4c 65 76 65 6c 20 43 6f 6d 6d 61 6e 64  op-Level Command
67e0: 73 0d 0a 0d 0a 53 6f 20 65 6e 64 73 20 6d 79 20  s....So ends my 
67f0: 63 6f 76 65 72 61 67 65 20 6f 66 20 74 68 65 20  coverage of the 
6800: 68 65 61 76 79 20 70 6f 69 6e 74 73 2e 20 45 76  heavy points. Ev
6810: 65 72 79 74 68 69 6e 67 20 65 6c 73 65 20 77 65  erything else we
6820: 20 63 61 6e 20 74 6f 75 63 68 20 6f 6e 20 62 72   can touch on br
6830: 69 65 66 6c 79 2c 20 6f 66 74 65 6e 20 62 79 20  iefly, often by 
6840: 72 65 66 65 72 65 6e 63 65 20 74 6f 20 6d 61 74  reference to mat
6850: 74 65 72 73 20 63 6f 76 65 72 65 64 20 70 72 65  ters covered pre
6860: 76 69 6f 75 73 6c 79 2e 0d 0a 0d 0a 46 6f 72 20  viously.....For 
6870: 6c 61 63 6b 20 6f 66 20 61 6e 79 20 62 65 74 74  lack of any bett
6880: 65 72 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20  er organization 
6890: 70 72 69 6e 63 69 70 6c 65 2c 20 49 e2 80 99 76  principle, I’v
68a0: 65 20 63 68 6f 73 65 6e 20 74 6f 20 63 6f 76 65  e chosen to cove
68b0: 72 20 74 68 65 20 60 64 6f 63 6b 65 72 60 20 43  r the `docker` C
68c0: 4c 49 20 63 6f 6d 6d 61 6e 64 73 20 69 6e 20 61  LI commands in a
68d0: 6c 70 68 61 62 65 74 69 63 61 6c 20 6f 72 64 65  lphabetical orde
68e0: 72 2e 20 42 65 63 61 75 73 65 20 50 6f 64 6d 61  r. Because Podma
68f0: 6e 20 63 6c 6f 6e 65 64 20 74 68 65 20 44 6f 63  n cloned the Doc
6900: 6b 65 72 20 43 4c 49 2c 20 74 68 69 73 20 6f 72  ker CLI, this or
6910: 64 65 72 69 6e 67 20 6d 61 74 63 68 65 73 20 75  dering matches u
6920: 70 20 66 61 69 72 6c 79 20 77 65 6c 6c 20 77 69  p fairly well wi
6930: 74 68 20 69 74 73 20 74 6f 70 2d 6c 65 76 65 6c  th its top-level
6940: 20 63 6f 6d 6d 61 6e 64 20 73 74 72 75 63 74 75   command structu
6950: 72 65 20 61 73 20 77 65 6c 6c 2c 20 74 68 65 20  re as well, the 
6960: 70 72 69 6d 61 72 79 20 65 78 63 65 70 74 69 6f  primary exceptio
6970: 6e 20 62 65 69 6e 67 20 74 68 61 74 20 49 20 64  n being that I d
6980: 6f 20 6e 6f 74 20 63 75 72 72 65 6e 74 6c 79 20  o not currently 
6990: 67 6f 20 69 6e 74 6f 20 61 6e 79 20 6f 66 20 50  go into any of P
69a0: 6f 64 6d 61 6e e2 80 99 73 20 70 75 72 65 20 65  odman’s pure e
69b0: 78 74 65 6e 73 69 6f 6e 73 2c 20 6f 6e 65 73 20  xtensions, ones 
69c0: 73 75 63 68 20 61 73 20 69 74 73 20 65 70 6f 6e  such as its epon
69d0: 79 6d 6f 75 73 20 60 70 6f 64 60 20 63 6f 6d 6d  ymous `pod` comm
69e0: 61 6e 64 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20  and.......## <a 
69f0: 69 64 3d 22 62 75 69 6c 64 22 3e 3c 2f 61 3e 60  id="build"></a>`
6a00: 62 75 69 6c 64 60 2f 60 62 75 69 6c 64 78 60 0d  build`/`buildx`.
6a10: 0a 0d 0a 52 6f 75 74 65 72 4f 53 20 70 72 6f 76  ...RouterOS prov
6a20: 69 64 65 73 20 61 20 62 61 72 65 2d 62 6f 6e 65  ides a bare-bone
6a30: 73 20 63 6f 6e 74 61 69 6e 65 72 20 72 75 6e 74  s container runt
6a40: 69 6d 65 20 6f 6e 6c 79 2c 20 6e 6f 74 20 61 6e  ime only, not an
6a50: 79 20 6f 66 20 74 68 65 20 69 6d 61 67 65 20 62  y of the image b
6a60: 75 69 6c 64 69 6e 67 20 74 6f 6f 6c 63 68 61 69  uilding toolchai
6a70: 6e 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69 64  n.......## <a id
6a80: 3d 22 63 6f 6d 6d 69 74 22 3e 3c 2f 61 3e 60 63  ="commit"></a>`c
6a90: 6f 6d 6d 69 74 60 0d 0a 0d 0a 47 69 76 65 6e 20  ommit`....Given 
6aa0: 74 68 65 20 5b 67 6c 6f 62 61 6c 20 6c 69 6d 69  the [global limi
6ab0: 74 61 74 69 6f 6e 73 5d 28 23 67 6c 6f 62 61 6c  tations](#global
6ac0: 29 2c 20 69 74 20 73 68 6f 75 6c 64 20 62 65 20  ), it should be 
6ad0: 6e 6f 20 73 75 72 70 72 69 73 65 20 74 68 61 74  no surprise that
6ae0: 20 52 6f 75 74 65 72 4f 53 20 68 61 73 20 6e 6f   RouterOS has no
6af0: 20 77 61 79 20 74 6f 20 63 6f 6d 6d 69 74 20 63   way to commit c
6b00: 68 61 6e 67 65 73 20 6d 61 64 65 20 74 6f 20 74  hanges made to t
6b10: 68 65 20 63 75 72 72 65 6e 74 20 69 6d 61 67 65  he current image
6b20: 20 6c 61 79 65 72 20 74 6f 20 61 20 6e 65 77 20   layer to a new 
6b30: 6c 61 79 65 72 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c  layer.......## <
6b40: 61 20 69 64 3d 22 63 6f 6d 70 6f 73 65 22 3e 3c  a id="compose"><
6b50: 2f 61 3e 60 63 6f 6d 70 6f 73 65 60 0d 0a 0d 0a  /a>`compose`....
6b60: 52 6f 75 74 65 72 4f 53 20 63 6f 6d 70 6c 65 74  RouterOS complet
6b70: 65 6c 79 20 6c 61 63 6b 73 20 6d 75 6c 74 69 2d  ely lacks multi-
6b80: 63 6f 6e 74 61 69 6e 65 72 20 6f 72 63 68 65 73  container orches
6b90: 74 72 61 74 69 6f 6e 20 66 65 61 74 75 72 65 73  tration features
6ba0: 2c 20 69 6e 63 6c 75 64 69 6e 67 20 6c 69 67 68  , including ligh
6bb0: 74 77 65 69 67 68 74 20 73 69 6e 67 6c 65 2d 62  tweight single-b
6bc0: 6f 78 20 6f 6e 65 73 20 6c 69 6b 65 20 5b 43 6f  ox ones like [Co
6bd0: 6d 70 6f 73 65 5d 28 68 74 74 70 73 3a 2f 2f 64  mpose](https://d
6be0: 6f 63 73 2e 64 6f 63 6b 65 72 2e 63 6f 6d 2f 63  ocs.docker.com/c
6bf0: 6f 6d 70 6f 73 65 2f 29 20 6f 72 20 5b 4b 69 6e  ompose/) or [Kin
6c00: 64 5d 28 68 74 74 70 73 3a 2f 2f 6b 69 6e 64 2e  d](https://kind.
6c10: 73 69 67 73 2e 6b 38 73 2e 69 6f 29 20 76 69 72  sigs.k8s.io) vir
6c20: 74 75 61 6c 20 63 6c 75 73 74 65 72 73 2e 0d 0a  tual clusters...
6c30: 0d 0a 0d 0a 23 23 20 60 63 72 65 61 74 65 60 2f  ....## `create`/
6c40: 60 6c 6f 61 64 60 0d 0a 0d 0a 5b 43 6f 76 65 72  `load`....[Cover
6c50: 65 64 20 61 62 6f 76 65 5d 28 23 63 72 65 61 74  ed above](#creat
6c60: 65 29 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69  e).......## <a i
6c70: 64 3d 22 63 70 22 3e 3c 2f 61 3e 60 63 70 60 0d  d="cp"></a>`cp`.
6c80: 0a 0d 0a 52 6f 75 74 65 72 4f 53 20 64 6f 65 73  ...RouterOS does
6c90: 20 6c 65 74 20 79 6f 75 20 6d 6f 75 6e 74 20 61   let you mount a
6ca0: 20 76 6f 6c 75 6d 65 20 69 6e 73 69 64 65 20 61   volume inside a
6cb0: 20 63 6f 6e 74 61 69 6e 65 72 2c 20 74 68 65 6e   container, then
6cc0: 20 75 73 65 20 74 68 65 20 72 65 67 75 6c 61 72   use the regular
6cd0: 20 60 2f 66 69 6c 65 60 20 66 61 63 69 6c 69 74   `/file` facilit
6ce0: 79 20 74 6f 20 63 6f 70 79 20 66 69 6c 65 73 20  y to copy files 
6cf0: 69 6e 20 75 6e 64 65 72 20 74 68 61 74 20 76 6f  in under that vo
6d00: 6c 75 6d 65 e2 80 99 73 20 6d 6f 75 6e 74 20 70  lume’s mount p
6d10: 6f 69 6e 74 2c 20 62 75 74 20 74 68 69 73 20 69  oint, but this i
6d20: 73 20 6e 6f 74 20 61 74 20 61 6c 6c 20 74 68 65  s not at all the
6d30: 20 73 61 6d 65 20 74 68 69 6e 67 20 61 73 20 74   same thing as t
6d40: 68 65 20 e2 80 9c 60 64 6f 63 6b 65 72 20 63 70  he “`docker cp
6d50: 60 e2 80 9d 20 63 6f 6d 6d 61 6e 64 2e 20 54 68  `” command. Th
6d60: 65 72 65 20 69 73 20 6e 6f 20 77 61 79 20 74 6f  ere is no way to
6d70: 20 6f 76 65 72 77 72 69 74 65 20 69 6e 2d 63 6f   overwrite in-co
6d80: 6e 74 61 69 6e 65 72 20 66 69 6c 65 73 20 77 69  ntainer files wi
6d90: 74 68 20 65 78 74 65 72 6e 61 6c 20 64 61 74 61  th external data
6da0: 20 73 68 6f 72 74 20 6f 66 20 72 65 62 75 69 6c   short of rebuil
6db0: 64 69 6e 67 20 74 68 65 20 63 6f 6e 74 61 69 6e  ding the contain
6dc0: 65 72 20 6f 72 20 75 73 69 6e 67 20 69 6e 2d 63  er or using in-c
6dd0: 6f 6e 74 61 69 6e 65 72 20 6d 65 63 68 61 6e 69  ontainer mechani
6de0: 73 6d 73 20 6c 69 6b 65 20 60 2f 62 69 6e 2f 73  sms like `/bin/s
6df0: 68 60 20 74 6f 20 64 6f 20 74 68 65 20 63 6f 70  h` to do the cop
6e00: 79 69 6e 67 20 66 6f 72 20 79 6f 75 2e 0d 0a 0d  ying for you....
6e10: 0a 49 66 20 79 6f 75 20 63 6f 6d 65 20 66 72 6f  .If you come fro
6e20: 6d 20 61 20 44 6f 63 6b 65 72 20 6f 72 20 50 6f  m a Docker or Po
6e30: 64 6d 61 6e 20 62 61 63 6b 67 72 6f 75 6e 64 2c  dman background,
6e40: 20 74 68 65 69 72 20 6c 6f 63 61 6c 20 6f 76 65   their local ove
6e50: 72 6c 61 79 20 69 6d 61 67 65 20 73 74 6f 72 65  rlay image store
6e60: 73 20 6d 69 67 68 74 20 6c 65 61 64 20 79 6f 75  s might lead you
6e70: 20 69 6e 74 6f 20 74 68 69 6e 6b 69 6e 67 20 79   into thinking y
6e80: 6f 75 20 63 6f 75 6c 64 20 64 72 69 6c 6c 20 64  ou could drill d
6e90: 6f 77 6e 20 69 6e 74 6f 20 74 68 65 20 47 55 49  own into the GUI
6ea0: 44 2d 6e 61 6d 65 64 20 e2 80 9c 63 6f 6e 74 61  D-named “conta
6eb0: 69 6e 65 72 20 73 74 6f 72 65 e2 80 9d 20 64 69  iner store” di
6ec0: 72 65 63 74 6f 72 69 65 73 20 76 69 73 69 62 6c  rectories visibl
6ed0: 65 20 75 6e 64 65 72 20 60 2f 66 69 6c 65 60 20  e under `/file` 
6ee0: 61 6e 64 20 70 65 72 66 6f 72 6d 20 5f 61 64 20  and perform _ad 
6ef0: 68 6f 63 5f 20 61 64 6d 69 6e 69 73 74 72 61 74  hoc_ administrat
6f00: 69 6f 6e 20 6f 70 65 72 61 74 69 6f 6e 73 20 6c  ion operations l
6f10: 69 6b 65 20 6f 76 65 72 77 72 69 74 69 6e 67 20  ike overwriting 
6f20: 65 78 69 73 74 69 6e 67 20 63 6f 6e 66 69 67 20  existing config 
6f30: 66 69 6c 65 73 20 69 6e 73 69 64 65 20 74 68 65  files inside the
6f40: 20 63 6f 6e 74 61 69 6e 65 72 2c 20 62 75 74 20   container, but 
6f50: 61 6c 61 73 2c 20 69 74 20 64 6f 65 73 20 6e 6f  alas, it does no
6f60: 74 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69 64  t.......## <a id
6f70: 3d 22 64 69 66 66 22 3e 3c 2f 61 3e 60 64 69 66  ="diff"></a>`dif
6f80: 66 60 0d 0a 0d 0a 57 69 74 68 20 6e 65 69 74 68  f`....With neith
6f90: 65 72 20 61 20 6c 6f 63 61 6c 20 69 6d 61 67 65  er a local image
6fa0: 20 63 61 63 68 65 20 6e 6f 72 20 61 20 43 6f 57   cache nor a CoW
6fb0: 20 66 69 6c 65 20 73 79 73 74 65 6d 20 74 6f 20   file system to 
6fc0: 70 72 6f 76 69 64 65 20 74 68 65 20 62 61 73 65  provide the base
6fd0: 6c 69 6e 65 2c 20 74 68 65 72 65 20 63 61 6e 20  line, there can 
6fe0: 62 65 20 6e 6f 20 65 71 75 69 76 61 6c 65 6e 74  be no equivalent
6ff0: 20 63 6f 6d 6d 61 6e 64 2e 0d 0a 0d 0a 0d 0a 23   command.......#
7000: 23 20 3c 61 20 69 64 3d 22 65 76 65 6e 74 73 22  # <a id="events"
7010: 3e 3c 2f 61 3e 60 65 76 65 6e 74 73 60 0d 0a 0d  ></a>`events`...
7020: 0a 52 6f 75 74 65 72 4f 53 20 64 6f 65 73 6e e2  .RouterOS doesn�
7030: 80 99 74 20 73 75 70 70 6f 72 74 20 63 6f 6e 74  ��t support cont
7040: 61 69 6e 65 72 20 65 76 65 6e 74 73 2e 0d 0a 0d  ainer events....
7050: 0a 0d 0a 23 23 20 3c 61 20 69 64 3d 22 65 78 65  ...## <a id="exe
7060: 63 22 3e 3c 2f 61 3e 60 65 78 65 63 60 0d 0a 0d  c"></a>`exec`...
7070: 0a 54 68 65 72 65 20 69 73 20 6e 6f 20 77 61 79  .There is no way
7080: 20 69 6e 20 52 6f 75 74 65 72 4f 53 20 74 6f 20   in RouterOS to 
7090: 65 78 65 63 75 74 65 20 61 20 63 6f 6d 6d 61 6e  execute a comman
70a0: 64 20 69 6e 73 69 64 65 20 61 20 72 75 6e 6e 69  d inside a runni
70b0: 6e 67 20 63 6f 6e 74 61 69 6e 65 72 20 73 68 6f  ng container sho
70c0: 72 74 20 6f 66 20 60 2f 63 6f 6e 74 61 69 6e 65  rt of `/containe
70d0: 72 2f 73 68 65 6c 6c 60 2c 20 77 68 69 63 68 20  r/shell`, which 
70e0: 6f 66 20 63 6f 75 72 73 65 20 6f 6e 6c 79 20 77  of course only w
70f0: 6f 72 6b 73 20 69 66 20 74 68 65 72 65 20 69 73  orks if there is
7100: 20 61 20 60 2f 62 69 6e 2f 73 68 60 20 69 6e 73   a `/bin/sh` ins
7110: 69 64 65 20 74 68 65 20 63 6f 6e 74 61 69 6e 65  ide the containe
7120: 72 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69 64  r.......## <a id
7130: 3d 22 65 78 70 6f 72 74 22 3e 3c 2f 61 3e 60 65  ="export"></a>`e
7140: 78 70 6f 72 74 60 2f 60 73 61 76 65 60 0d 0a 0d  xport`/`save`...
7150: 0a 54 68 65 72 65 20 69 73 20 6e 6f 20 77 61 79  .There is no way
7160: 20 74 6f 20 70 72 6f 64 75 63 65 20 61 20 74 61   to produce a ta
7170: 72 62 61 6c 6c 20 6f 66 20 61 20 72 75 6e 6e 69  rball of a runni
7180: 6e 67 20 63 6f 6e 74 61 69 6e 65 72 e2 80 99 73  ng container’s
7190: 20 66 69 6c 65 73 79 73 74 65 6d 20 6f 72 20 74   filesystem or t
71a0: 6f 20 73 61 76 65 20 69 74 73 20 73 74 61 74 65  o save its state
71b0: 20 62 61 63 6b 20 74 6f 20 61 6e 20 5b 4f 43 49   back to an [OCI
71c0: 5d 20 69 6d 61 67 65 20 74 61 72 62 61 6c 6c 2e  ] image tarball.
71d0: 0d 0a 0d 0a 54 68 65 20 5b 64 6f 63 75 6d 65 6e  ....The [documen
71e0: 74 65 64 20 61 64 76 69 63 65 5d 5b 69 6d 67 74  ted advice][imgt
71f0: 62 5d 20 66 6f 72 20 67 65 74 74 69 6e 67 20 73  b] for getting s
7200: 75 63 68 20 61 20 74 61 72 62 61 6c 6c 20 69 73  uch a tarball is
7210: 20 74 6f 20 64 6f 20 74 68 69 73 20 6f 6e 20 74   to do this on t
7220: 68 65 20 50 43 20 73 69 64 65 20 76 69 61 20 60  he PC side via `
7230: 64 6f 63 6b 65 72 60 20 63 6f 6d 6d 61 6e 64 73  docker` commands
7240: 2c 20 74 68 65 6e 20 75 70 6c 6f 61 64 20 74 68  , then upload th
7250: 65 20 74 61 72 62 61 6c 6c 20 66 72 6f 6d 20 74  e tarball from t
7260: 68 65 20 50 43 20 74 6f 20 74 68 65 20 52 6f 75  he PC to the Rou
7270: 74 65 72 4f 53 20 64 65 76 69 63 65 2e 0d 0a 0d  terOS device....
7280: 0a 5b 69 6d 67 74 62 5d 3a 20 68 74 74 70 73 3a  .[imgtb]: https:
7290: 2f 2f 68 65 6c 70 2e 6d 69 6b 72 6f 74 69 6b 2e  //help.mikrotik.
72a0: 63 6f 6d 2f 64 6f 63 73 2f 64 69 73 70 6c 61 79  com/docs/display
72b0: 2f 52 4f 53 2f 43 6f 6e 74 61 69 6e 65 72 23 43  /ROS/Container#C
72c0: 6f 6e 74 61 69 6e 65 72 2d 63 29 62 75 69 6c 64  ontainer-c)build
72d0: 61 6e 69 6d 61 67 65 6f 6e 50 43 0d 0a 0d 0a 0d  animageonPC.....
72e0: 0a 23 23 20 3c 61 20 69 64 3d 22 68 69 73 74 6f  .## <a id="histo
72f0: 72 79 22 3e 3c 2f 61 3e 60 68 69 73 74 6f 72 79  ry"></a>`history
7300: 60 0d 0a 0d 0a 52 6f 75 74 65 72 4f 53 20 64 6f  `....RouterOS do
7310: 65 73 6e e2 80 99 74 20 6b 65 65 70 20 74 68 69  esn’t keep thi
7320: 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0d 0a  s information...
7330: 0d 0a 0d 0a 23 23 20 3c 61 20 69 64 3d 22 69 6d  ....## <a id="im
7340: 61 67 65 22 3e 3c 2f 61 3e 60 69 6d 61 67 65 60  age"></a>`image`
7350: 2f 60 69 6d 61 67 65 73 60 0d 0a 0d 0a 54 68 65  /`images`....The
7360: 20 6c 61 63 6b 20 6f 66 20 61 20 62 75 69 6c 64   lack of a build
7370: 20 74 6f 6f 6c 63 68 61 69 6e 20 6d 65 61 6e 73   toolchain means
7380: 20 74 68 65 72 65 20 69 73 20 6e 6f 20 73 65 6e   there is no sen
7390: 73 69 62 6c 65 20 65 71 75 69 76 61 6c 65 6e 74  sible equivalent
73a0: 20 66 6f 72 20 74 68 65 20 e2 80 9c 60 64 6f 63   for the “`doc
73b0: 6b 65 72 20 69 6d 61 67 65 20 62 75 69 6c 64 60  ker image build`
73c0: e2 80 9d 20 73 75 62 63 6f 6d 6d 61 6e 64 2e 0d  ” subcommand..
73d0: 0a 0d 0a 54 68 65 20 72 65 73 74 20 6f 66 20 74  ...The rest of t
73e0: 68 65 20 6d 69 73 73 69 6e 67 20 73 75 62 63 6f  he missing subco
73f0: 6d 6d 61 6e 64 73 20 61 72 65 20 65 78 70 6c 61  mmands are expla
7400: 69 6e 65 64 20 62 79 20 74 68 65 20 6c 61 63 6b  ined by the lack
7410: 20 6f 66 20 61 20 6c 6f 63 61 6c 20 69 6d 61 67   of a local imag
7420: 65 20 63 61 63 68 65 3a 0d 0a 0d 0a 2a 20 20 20  e cache:....*   
7430: 60 68 69 73 74 6f 72 79 60 0d 0a 2a 20 20 20 60  `history`..*   `
7440: 69 6d 70 6f 72 74 60 2f 60 6c 6f 61 64 60 2f 60  import`/`load`/`
7450: 73 61 76 65 60 0d 0a 2a 20 20 20 60 6c 73 60 0d  save`..*   `ls`.
7460: 0a 2a 20 20 20 60 70 72 75 6e 65 60 0d 0a 2a 20  .*   `prune`..* 
7470: 20 20 60 72 6d 60 2f 60 72 6d 69 60 0d 0a 2a 20    `rm`/`rmi`..* 
7480: 20 20 60 74 61 67 60 0d 0a 2a 20 20 20 60 74 72    `tag`..*   `tr
7490: 65 65 60 0d 0a 0d 0a 54 68 65 20 66 65 77 20 72  ee`....The few r
74a0: 65 6d 61 69 6e 69 6e 67 20 73 75 62 63 6f 6d 6d  emaining subcomm
74b0: 61 6e 64 73 20 61 72 65 20 69 6d 70 6c 69 63 69  ands are implici
74c0: 74 6c 79 20 63 6f 76 65 72 65 64 20 65 6c 73 65  tly covered else
74d0: 77 68 65 72 65 3a 20 5b 60 69 6e 73 70 65 63 74  where: [`inspect
74e0: 60 5d 28 23 69 6e 73 70 65 63 74 29 20 61 6e 64  `](#inspect) and
74f0: 20 5b 60 70 75 73 68 2f 70 75 6c 6c 60 5d 28 23   [`push/pull`](#
7500: 70 75 73 68 29 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c  push).......## <
7510: 61 20 69 64 3d 22 69 6d 70 6f 72 74 22 3e 3c 2f  a id="import"></
7520: 61 3e 60 69 6d 70 6f 72 74 60 0d 0a 0d 0a 54 68  a>`import`....Th
7530: 69 73 20 69 73 20 60 2f 63 6f 6e 74 61 69 6e 65  is is `/containe
7540: 72 2f 61 64 64 20 66 69 6c 65 3d 6f 63 69 2d 69  r/add file=oci-i
7550: 6d 61 67 65 2e 74 61 72 60 20 69 6e 20 52 6f 75  mage.tar` in Rou
7560: 74 65 72 4f 53 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c  terOS.......## <
7570: 61 20 69 64 3d 22 69 6e 66 6f 22 3e 3c 2f 61 3e  a id="info"></a>
7580: 60 69 6e 66 6f 60 0d 0a 0d 0a 57 69 74 68 20 74  `info`....With t
7590: 68 65 20 75 6e 64 65 72 73 74 61 6e 64 69 6e 67  he understanding
75a0: 20 74 68 61 74 20 52 6f 75 74 65 72 4f 53 20 68   that RouterOS h
75b0: 61 73 20 66 61 72 20 66 65 77 65 72 20 63 6f 6e  as far fewer con
75c0: 66 69 67 75 72 61 62 6c 65 73 20 74 68 61 6e 20  figurables than 
75d0: 61 20 62 69 67 2d 62 6f 79 20 63 6f 6e 74 61 69  a big-boy contai
75e0: 6e 65 72 20 65 6e 67 69 6e 65 2c 20 74 68 65 20  ner engine, the 
75f0: 63 6c 6f 73 65 73 74 20 63 6f 6d 6d 61 6e 64 20  closest command 
7600: 74 6f 20 74 68 69 73 20 69 6e 20 52 6f 75 74 65  to this in Route
7610: 72 4f 53 20 69 73 20 60 2f 63 6f 6e 74 61 69 6e  rOS is `/contain
7620: 65 72 2f 63 6f 6e 66 69 67 2f 70 72 69 6e 74 60  er/config/print`
7630: 2e 20 54 68 65 20 6f 75 74 70 75 74 20 69 73 20  . The output is 
7640: 69 6e 20 74 79 70 69 63 61 6c 20 52 6f 75 74 65  in typical Route
7650: 72 4f 53 20 e2 80 9c 70 72 69 6e 74 e2 80 9d 20  rOS “print” 
7660: 66 6f 72 6d 61 74 2c 20 6e 6f 74 20 4a 53 4f 4e  format, not JSON
7670: 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69 64 3d  .......## <a id=
7680: 22 69 6e 73 70 65 63 74 22 3e 3c 2f 61 3e 60 69  "inspect"></a>`i
7690: 6e 73 70 65 63 74 60 0d 0a 0d 0a 54 68 65 20 63  nspect`....The c
76a0: 6c 6f 73 65 73 74 20 61 70 70 72 6f 78 69 6d 61  losest approxima
76b0: 74 69 6f 6e 20 74 6f 20 74 68 69 73 20 69 6e 20  tion to this in 
76c0: 52 6f 75 74 65 72 4f 53 20 69 73 20 0d 0a 0d 0a  RouterOS is ....
76d0: 20 20 20 20 2f 63 6f 6e 74 61 69 6e 65 72 2f 70      /container/p
76e0: 72 69 6e 74 20 64 65 74 61 69 6c 20 77 68 65 72  rint detail wher
76f0: 65 20 e2 80 a6 0d 0a 0d 0a 59 6f 75 20 67 65 74  e …....You get
7700: 20 6f 6e 6c 79 20 61 20 66 65 77 20 6c 69 6e 65   only a few line
7710: 73 20 6f 66 20 69 6e 66 6f 72 6d 61 74 69 6f 6e  s of information
7720: 20 62 61 63 6b 20 66 72 6f 6d 20 74 68 69 73 2c   back from this,
7730: 20 6d 61 69 6e 6c 79 20 77 68 61 74 20 79 6f 75   mainly what you
7740: 20 67 61 76 65 20 69 74 20 74 6f 20 63 72 65 61   gave it to crea
7750: 74 65 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72  te the container
7760: 20 66 72 6f 6d 20 74 68 65 20 69 6d 61 67 65 2e   from the image.
7770: 20 59 6f 75 20 77 69 6c 6c 20 6e 6f 74 20 67 65   You will not ge
7780: 74 20 74 68 65 20 70 61 67 65 73 20 6f 66 20 4a  t the pages of J
7790: 53 4f 4e 20 64 61 74 61 20 74 68 65 20 44 6f 63  SON data the Doc
77a0: 6b 65 72 20 43 4c 49 20 67 69 76 65 73 2e 0d 0a  ker CLI gives...
77b0: 0d 0a 41 20 72 65 6c 61 74 65 64 20 6c 69 6d 69  ..A related limi
77c0: 74 61 74 69 6f 6e 20 69 73 20 74 68 61 74 20 74  tation is that t
77d0: 68 65 20 63 6f 6e 66 69 67 75 72 61 62 6c 65 20  he configurable 
77e0: 69 74 65 6d 73 20 61 72 65 20 6f 66 74 65 6e 20  items are often 
77f0: 67 6c 6f 62 61 6c 20 69 6e 20 52 6f 75 74 65 72  global in Router
7800: 4f 53 2c 20 73 65 74 20 66 6f 72 20 61 6c 6c 20  OS, set for all 
7810: 63 6f 6e 74 61 69 6e 65 72 73 20 72 75 6e 6e 69  containers runni
7820: 6e 67 20 6f 6e 20 74 68 65 20 62 6f 78 2c 20 6e  ng on the box, n
7830: 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20  ot available to 
7840: 62 65 20 73 65 74 20 6f 6e 20 61 20 70 65 72 2d  be set on a per-
7850: 63 6f 6e 74 61 69 6e 65 72 20 62 61 73 69 73 2e  container basis.
7860: 20 41 20 67 6f 6f 64 20 65 78 61 6d 70 6c 65 20   A good example 
7870: 6f 66 20 74 68 69 73 20 69 73 20 74 68 65 20 6d  of this is the m
7880: 65 6d 6f 72 79 20 6c 69 6d 69 74 2c 20 73 65 74  emory limit, set
7890: 20 76 69 61 20 60 2f 63 6f 6e 74 61 69 6e 65 72   via `/container
78a0: 2f 63 6f 6e 66 69 67 2f 73 65 74 20 72 61 6d 2d  /config/set ram-
78b0: 68 69 67 68 3d e2 80 a6 60 2e 0d 0a 0d 0a 0d 0a  high=…`.......
78c0: 23 23 20 3c 61 20 69 64 3d 22 6b 69 6c 6c 22 20  ## <a id="kill" 
78d0: 6e 61 6d 65 3d 22 73 74 6f 70 22 3e 3c 2f 61 3e  name="stop"></a>
78e0: 60 6b 69 6c 6c 60 2f 60 73 74 6f 70 60 0d 0a 0d  `kill`/`stop`...
78f0: 0a 52 6f 75 74 65 72 4f 53 20 64 6f 65 73 6e e2  .RouterOS doesn�
7900: 80 99 74 20 6d 61 6b 65 20 61 20 64 69 73 74 69  ��t make a disti
7910: 6e 63 74 69 6f 6e 20 62 65 74 77 65 65 6e 20 e2  nction between �
7920: 80 9c 6b 69 6c 6c e2 80 9d 20 61 6e 64 20 e2 80  ��kill” and �
7930: 9c 73 74 6f 70 e2 80 9d 2e 20 54 68 65 20 60 2f  �stop”. The `/
7940: 63 6f 6e 74 61 69 6e 65 72 2f 73 74 6f 70 60 20  container/stop` 
7950: 63 6f 6d 6d 61 6e 64 20 62 65 68 61 76 65 73 20  command behaves 
7960: 6d 6f 72 65 20 6c 69 6b 65 20 60 64 6f 63 6b 65  more like `docke
7970: 72 20 6b 69 6c 6c 60 20 6f 72 20 60 64 6f 63 6b  r kill` or `dock
7980: 65 72 20 73 74 6f 70 20 2d 74 30 60 20 69 6e 20  er stop -t0` in 
7990: 74 68 61 74 20 69 74 20 64 6f 65 73 6e e2 80 99  that it doesn’
79a0: 74 20 74 72 79 20 74 6f 20 62 72 69 6e 67 20 74  t try to bring t
79b0: 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 64 6f 77  he container dow
79c0: 6e 20 67 72 61 63 65 66 75 6c 6c 79 20 62 65 66  n gracefully bef
79d0: 6f 72 65 20 67 69 76 69 6e 67 20 75 70 20 61 6e  ore giving up an
79e0: 64 20 6b 69 6c 6c 69 6e 67 20 69 74 2e 0d 0a 0d  d killing it....
79f0: 0a 0d 0a 23 23 20 3c 61 20 69 64 3d 22 6c 6f 67  ...## <a id="log
7a00: 69 6e 22 3e 3c 2f 61 3e 60 6c 6f 67 69 6e 60 2f  in"></a>`login`/
7a10: 60 6c 6f 67 6f 75 74 60 0d 0a 0d 0a 52 6f 75 74  `logout`....Rout
7a20: 65 72 4f 53 20 6f 6e 6c 79 20 61 6c 6c 6f 77 73  erOS only allows
7a30: 20 79 6f 75 20 74 6f 20 63 6f 6e 66 69 67 75 72   you to configur
7a40: 65 20 61 20 73 69 6e 67 6c 65 20 69 6d 61 67 65  e a single image
7a50: 20 72 65 67 69 73 74 72 79 2c 20 69 6e 63 6c 75   registry, inclu
7a60: 64 69 6e 67 20 74 68 65 20 6c 6f 67 69 6e 20 70  ding the login p
7a70: 61 72 61 6d 65 74 65 72 73 3a 0d 0a 0d 0a 20 20  arameters:....  
7a80: 20 20 2f 63 6f 6e 74 61 69 6e 65 72 2f 63 6f 6e    /container/con
7a90: 66 69 67 2f 73 65 74 20 72 65 67 69 73 74 72 79  fig/set registry
7aa0: 2d 75 72 6c 3d e2 80 a6 20 75 73 65 72 6e 61 6d  -url=… usernam
7ab0: 65 3d e2 80 a6 20 70 61 73 73 77 6f 72 64 3d e2  e=… password=�
7ac0: 80 a6 0d 0a 0d 0a 54 68 65 20 6f 6e 6c 79 20 77  ��....The only w
7ad0: 61 79 20 74 6f 20 e2 80 9c 6c 6f 67 20 6f 75 74  ay to “log out
7ae0: e2 80 9d 20 69 73 20 74 6f 20 6f 76 65 72 77 72  ” is to overwr
7af0: 69 74 65 20 74 68 65 20 75 73 65 72 6e 61 6d 65  ite the username
7b00: 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 76 69   and password vi
7b10: 61 3a 0d 0a 0d 0a 20 20 20 20 2f 63 6f 6e 74 61  a:....    /conta
7b20: 69 6e 65 72 2f 63 6f 6e 66 69 67 2f 73 65 74 20  iner/config/set 
7b30: 75 73 65 72 6e 61 6d 65 3d 22 22 20 70 61 73 73  username="" pass
7b40: 77 6f 72 64 3d 22 22 0d 0a 0d 0a 0d 0a 23 23 20  word=""......## 
7b50: 60 6c 6f 67 73 60 0d 0a 0d 0a 5b 43 6f 76 65 72  `logs`....[Cover
7b60: 65 64 20 61 62 6f 76 65 5d 28 23 6c 6f 67 73 29  ed above](#logs)
7b70: 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69 64 3d  .......## <a id=
7b80: 22 70 61 75 73 65 22 3e 3c 2f 61 3e 60 70 61 75  "pause"></a>`pau
7b90: 73 65 60 2f 60 75 6e 70 61 75 73 65 60 0d 0a 0d  se`/`unpause`...
7ba0: 0a 4e 6f 20 73 75 63 68 20 66 65 61 74 75 72 65  .No such feature
7bb0: 20 69 6e 20 52 6f 75 74 65 72 4f 53 3b 20 61 20   in RouterOS; a 
7bc0: 63 6f 6e 74 61 69 6e 65 72 20 69 73 20 72 75 6e  container is run
7bd0: 6e 69 6e 67 20 6f 72 20 6e 6f 74 2e 0d 0a 0d 0a  ning or not.....
7be0: 49 66 20 74 68 65 20 63 6f 6e 74 61 69 6e 65 72  If the container
7bf0: 20 68 61 73 20 61 20 73 68 65 6c 6c 2c 20 79 6f   has a shell, yo
7c00: 75 20 63 6f 75 6c 64 20 74 72 79 20 61 20 63 6f  u could try a co
7c10: 6d 6d 61 6e 64 20 73 65 71 75 65 6e 63 65 20 6c  mmand sequence l
7c20: 69 6b 65 20 74 68 69 73 20 74 6f 20 67 65 74 20  ike this to get 
7c30: 74 68 65 20 70 61 75 73 65 20 65 66 66 65 63 74  the pause effect
7c40: 3a 0d 0a 0d 0a 20 20 20 20 3e 20 2f 63 6f 6e 74  :....    > /cont
7c50: 61 69 6e 65 72 2f 73 68 65 6c 6c 20 30 0d 0a 20  ainer/shell 0.. 
7c60: 20 20 20 24 20 70 6b 69 6c 6c 20 2d 53 54 4f 50     $ pkill -STOP
7c70: 20 27 6e 61 6d 65 20 6f 66 20 65 6e 74 72 79 70   'name of entryp
7c80: 6f 69 6e 74 27 0d 0a 0d 0a 49 66 20 74 68 61 74  oint'....If that
7c90: 20 77 6f 72 6b 65 64 2c 20 73 65 6e 64 69 6e 67   worked, sending
7ca0: 20 61 20 60 43 4f 4e 54 60 20 73 69 67 6e 61 6c   a `CONT` signal
7cb0: 20 77 69 6c 6c 20 75 6e 70 61 75 73 65 20 74 68   will unpause th
7cc0: 65 20 70 72 6f 63 65 73 73 2e 0d 0a 0d 0a 0d 0a  e process.......
7cd0: 23 23 20 3c 61 20 69 64 3d 22 70 6f 72 74 22 3e  ## <a id="port">
7ce0: 3c 2f 61 3e 60 70 6f 72 74 60 0d 0a 0d 0a 52 6f  </a>`port`....Ro
7cf0: 75 74 65 72 4f 53 20 65 78 70 6f 73 65 73 20 61  uterOS exposes a
7d00: 6c 6c 20 70 6f 72 74 73 20 64 65 66 69 6e 65 64  ll ports defined
7d10: 20 66 6f 72 20 61 20 63 6f 6e 74 61 69 6e 65 72   for a container
7d20: 20 69 6e 20 74 68 65 20 60 45 58 50 4f 53 45 60   in the `EXPOSE`
7d30: 20 64 69 72 65 63 74 69 76 65 20 69 6e 20 74 68   directive in th
7d40: 65 20 60 44 6f 63 6b 65 72 66 69 6c 65 60 2e 20  e `Dockerfile`. 
7d50: 54 68 65 20 6f 6e 6c 79 20 77 61 79 73 20 74 6f  The only ways to
7d60: 20 69 6e 73 74 61 6e 74 69 61 74 65 20 61 20 63   instantiate a c
7d70: 6f 6e 74 61 69 6e 65 72 20 77 69 74 68 20 66 65  ontainer with fe
7d80: 77 65 72 20 65 78 70 6f 73 65 64 20 70 6f 72 74  wer exposed port
7d90: 73 20 61 72 65 20 74 6f 20 65 69 74 68 65 72 20  s are to either 
7da0: 72 65 62 75 69 6c 64 20 69 74 20 77 69 74 68 20  rebuild it with 
7db0: 61 20 64 69 66 66 65 72 65 6e 74 20 60 45 58 50  a different `EXP
7dc0: 4f 53 45 60 20 76 61 6c 75 65 20 6f 72 20 74 6f  OSE` value or to
7dd0: 20 63 72 65 61 74 65 20 61 20 64 65 72 69 76 65   create a derive
7de0: 64 20 63 6f 6e 74 61 69 6e 65 72 20 77 69 74 68  d container with
7df0: 20 74 68 65 20 60 46 52 4f 4d 60 20 64 69 72 65   the `FROM` dire
7e00: 63 74 69 76 65 20 61 6e 64 20 73 65 74 20 61 20  ctive and set a 
7e10: 6e 65 77 20 60 45 58 50 4f 53 45 60 20 76 61 6c  new `EXPOSE` val
7e20: 75 65 2e 0d 0a 0d 0a 28 53 65 65 20 61 6c 73 6f  ue.....(See also
7e30: 20 74 68 65 20 64 69 73 63 75 73 73 69 6f 6e 20   the discussion 
7e40: 6f 66 20 5b 60 2d 2d 70 75 62 6c 69 73 68 60 5d  of [`--publish`]
7e50: 28 23 70 75 62 6c 69 73 68 29 20 61 62 6f 76 65  (#publish) above
7e60: 2e 29 0d 0a 0d 0a 0d 0a 23 23 20 60 72 75 6e 60  .)......## `run`
7e70: 0d 0a 0d 0a 5b 43 6f 76 65 72 65 64 20 61 62 6f  ....[Covered abo
7e80: 76 65 5d 28 23 72 75 6e 29 2e 0d 0a 0d 0a 0d 0a  ve](#run).......
7e90: 23 23 20 3c 61 20 69 64 3d 22 70 73 22 3e 3c 2f  ## <a id="ps"></
7ea0: 61 3e 60 70 73 60 2f 60 73 74 61 74 73 60 2f 60  a>`ps`/`stats`/`
7eb0: 74 6f 70 60 0d 0a 0d 0a 54 68 65 20 63 6c 6f 73  top`....The clos
7ec0: 65 73 74 20 74 68 69 6e 67 20 69 6e 20 52 6f 75  est thing in Rou
7ed0: 74 65 72 4f 53 20 69 73 20 74 68 65 20 60 2f 63  terOS is the `/c
7ee0: 6f 6e 74 61 69 6e 65 72 2f 70 72 69 6e 74 20 66  ontainer/print f
7ef0: 6f 6c 6c 6f 77 2a 60 20 63 6f 6d 6d 61 6e 64 73  ollow*` commands
7f00: 2e 0d 0a 0d 0a 41 20 6d 6f 72 65 20 64 69 72 65  .....A more dire
7f10: 63 74 20 61 6c 74 65 72 6e 61 74 69 76 65 20 77  ct alternative w
7f20: 6f 75 6c 64 20 62 65 20 74 6f 20 73 68 65 6c 6c  ould be to shell
7f30: 20 69 6e 74 6f 20 74 68 65 20 63 6f 6e 74 61 69   into the contai
7f40: 6e 65 72 20 61 6e 64 20 72 75 6e 20 77 68 61 74  ner and run what
7f50: 65 76 65 72 20 69 74 20 68 61 73 20 66 6f 72 20  ever it has for 
7f60: 61 20 60 74 6f 70 60 20 63 6f 6d 6d 61 6e 64 2c  a `top` command,
7f70: 20 62 75 74 20 6f 66 20 63 6f 75 72 73 65 20 74   but of course t
7f80: 68 61 74 20 69 73 20 63 6f 6e 74 69 6e 67 65 6e  hat is contingen
7f90: 74 20 6f 6e 20 61 6e 79 20 6f 66 20 74 68 61 74  t on any of that
7fa0: 20 62 65 69 6e 67 20 61 76 61 69 6c 61 62 6c 65   being available
7fb0: 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69 64 3d  .......## <a id=
7fc0: 22 70 75 73 68 22 3e 3c 2f 61 3e 60 70 75 73 68  "push"></a>`push
7fd0: 60 2f 60 70 75 6c 6c 60 0d 0a 0d 0a 52 6f 75 74  `/`pull`....Rout
7fe0: 65 72 4f 53 20 6d 61 69 6e 74 61 69 6e 73 20 6e  erOS maintains n
7ff0: 6f 20 6c 6f 63 61 6c 20 69 6d 61 67 65 20 63 61  o local image ca
8000: 63 68 65 2c 20 74 68 75 73 20 63 61 6e 6e 6f 74  che, thus cannot
8010: 20 70 75 73 68 20 6f 72 20 70 75 6c 6c 20 69 6d   push or pull im
8020: 61 67 65 73 2e 0d 0a 0d 0a 57 68 69 6c 65 20 69  ages.....While i
8030: 74 20 5f 63 61 6e 5f 20 70 75 6c 6c 20 66 72 6f  t _can_ pull fro
8040: 6d 20 61 6e 20 5b 4f 43 49 5d 20 69 6d 61 67 65  m an [OCI] image
8050: 20 72 65 70 6f 2c 20 69 74 20 64 6f 65 73 20 73   repo, it does s
8060: 6f 20 61 73 20 70 61 72 74 20 6f 66 20 60 2f 63  o as part of `/c
8070: 6f 6e 74 61 69 6e 65 72 2f 61 64 64 60 2c 20 77  ontainer/add`, w
8080: 68 69 63 68 20 69 73 20 63 6c 6f 73 65 72 20 74  hich is closer t
8090: 6f 20 61 20 60 64 6f 63 6b 65 72 20 63 72 65 61  o a `docker crea
80a0: 74 65 60 20 63 6f 6d 6d 61 6e 64 20 74 68 61 6e  te` command than
80b0: 20 74 6f 20 60 64 6f 63 6b 65 72 20 70 75 6c 6c   to `docker pull
80c0: 60 2e 0d 0a 0d 0a 54 68 65 72 65 20 69 73 20 6e  `.....There is n
80d0: 6f 20 65 71 75 69 76 61 6c 65 6e 74 20 61 74 20  o equivalent at 
80e0: 61 6c 6c 20 74 6f 20 60 64 6f 63 6b 65 72 20 70  all to `docker p
80f0: 75 73 68 60 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61  ush`.......## <a
8100: 20 69 64 3d 22 72 65 6e 61 6d 65 22 3e 3c 2f 61   id="rename"></a
8110: 3e 60 72 65 6e 61 6d 65 60 0d 0a 0d 0a 52 6f 75  >`rename`....Rou
8120: 74 65 72 4f 53 20 64 6f 65 73 6e e2 80 99 74 20  terOS doesn’t 
8130: 6c 65 74 20 79 6f 75 20 73 65 74 20 74 68 65 20  let you set the 
8140: 6e 61 6d 65 20 6f 6e 20 63 72 65 61 74 69 6f 6e  name on creation
8150: 2c 20 6d 75 63 68 20 6c 65 73 73 20 72 65 6e 61  , much less rena
8160: 6d 65 20 69 74 20 6c 61 74 65 72 2e 20 54 68 65  me it later. The
8170: 20 63 6c 6f 73 65 73 74 20 79 6f 75 20 63 61 6e   closest you can
8180: 20 63 6f 6d 65 20 74 6f 20 74 68 69 73 20 69 73   come to this is
8190: 20 74 6f 20 61 64 64 20 61 20 63 75 73 74 6f 6d   to add a custom
81a0: 20 60 63 6f 6d 6d 65 6e 74 60 2c 20 77 68 69 63   `comment`, whic
81b0: 68 20 79 6f 75 20 63 61 6e 20 62 6f 74 68 20 73  h you can both s
81c0: 65 74 20 61 74 20 e2 80 9c 60 61 64 64 60 e2 80  et at “`add`�
81d0: 9d 20 74 69 6d 65 20 61 6e 64 20 61 66 74 65 72  � time and after
81e0: 20 63 72 65 61 74 69 6f 6e 2e 0d 0a 0d 0a 0d 0a   creation.......
81f0: 23 23 20 3c 61 20 69 64 3d 22 72 65 73 74 61 72  ## <a id="restar
8200: 74 22 3e 3c 2f 61 3e 60 72 65 73 74 61 72 74 60  t"></a>`restart`
8210: 0d 0a 0d 0a 54 68 69 73 20 73 68 6f 72 74 63 75  ....This shortcu
8220: 74 20 66 6f 72 20 5b 60 73 74 6f 70 60 5d 28 23  t for [`stop`](#
8230: 73 74 6f 70 29 20 66 6f 6c 6c 6f 77 65 64 20 62  stop) followed b
8240: 79 20 5b 60 73 74 61 72 74 60 5d 28 23 73 74 61  y [`start`](#sta
8250: 72 74 29 20 64 6f 65 73 6e e2 80 99 74 20 65 78  rt) doesn’t ex
8260: 69 73 74 2e 0d 0a 0d 0a 49 74 20 6f 66 74 65 6e  ist.....It often
8270: 20 65 6e 64 73 20 75 70 20 62 65 69 6e 67 20 6d   ends up being m
8280: 6f 72 65 20 63 6f 6d 70 6c 65 78 20 74 68 61 6e  ore complex than
8290: 20 74 68 61 74 20 62 65 63 61 75 73 65 20 74 68   that because th
82a0: 65 20 60 73 74 6f 70 60 20 6f 70 65 72 61 74 69  e `stop` operati
82b0: 6f 6e 20 69 73 20 61 73 79 6e 63 68 72 6f 6e 6f  on is asynchrono
82c0: 75 73 2e 20 54 68 65 72 65 20 61 72 65 20 6e 6f  us. There are no
82d0: 20 66 6c 61 67 73 20 74 6f 20 6d 61 6b 65 20 69   flags to make i
82e0: 74 20 62 6c 6f 63 6b 20 75 6e 74 69 6c 20 74 68  t block until th
82f0: 65 20 63 6f 6e 74 61 69 6e 65 72 20 64 6f 65 73  e container does
8300: 20 73 74 6f 70 2c 20 6e 6f 72 20 61 20 77 61 79   stop, nor a way
8310: 20 74 6f 20 73 65 74 20 61 20 74 69 6d 65 6f 75   to set a timeou
8320: 74 20 6f 6e 20 69 74 2c 20 61 66 74 65 72 20 77  t on it, after w
8330: 68 69 63 68 20 69 74 20 6b 69 6c 6c 73 20 74 68  hich it kills th
8340: 65 20 63 6f 6e 74 61 69 6e 65 72 20 6f 75 74 72  e container outr
8350: 69 67 68 74 2c 20 61 73 20 79 6f 75 20 67 65 74  ight, as you get
8360: 20 77 69 74 68 20 74 68 65 20 62 69 67 2d 62 6f   with the big-bo
8370: 79 20 65 6e 67 69 6e 65 73 2e 20 59 6f 75 20 61  y engines. You a
8380: 72 65 20 6c 69 6b 65 6c 79 20 74 6f 20 6e 65 65  re likely to nee
8390: 64 20 61 20 70 6f 6c 6c 69 6e 67 20 6c 6f 6f 70  d a polling loop
83a0: 20 74 6f 20 77 61 69 74 20 75 6e 74 69 6c 20 74   to wait until t
83b0: 68 65 20 72 75 6e 6e 69 6e 67 20 63 6f 6e 74 61  he running conta
83c0: 69 6e 65 72 e2 80 99 73 20 73 74 61 74 65 20 74  iner’s state t
83d0: 72 61 6e 73 69 74 69 6f 6e 73 20 74 6f 20 e2 80  ransitions to �
83e0: 9c 73 74 6f 70 70 65 64 e2 80 9d 20 62 65 66 6f  �stopped” befo
83f0: 72 65 20 63 61 6c 6c 69 6e 67 20 60 2f 63 6f 6e  re calling `/con
8400: 74 61 69 6e 65 72 2f 73 74 61 72 74 60 20 6f 6e  tainer/start` on
8410: 20 69 74 2e 0d 0a 0d 0a 53 65 65 20 61 6c 73 6f   it.....See also
8420: 20 5b 60 2d 2d 72 65 73 74 61 72 74 60 5d 28 23   [`--restart`](#
8430: 72 65 73 74 61 72 74 29 20 61 62 6f 76 65 2e 0d  restart) above..
8440: 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69 64 3d 22 72  .....## <a id="r
8450: 6d 22 3e 3c 2f 61 3e 60 72 6d 60 0d 0a 0d 0a 52  m"></a>`rm`....R
8460: 6f 75 74 65 72 4f 53 20 73 70 65 6c 6c 73 20 74  outerOS spells t
8470: 68 69 73 20 60 2f 63 6f 6e 74 61 69 6e 65 72 2f  his `/container/
8480: 72 65 6d 6f 76 65 60 2c 20 62 75 74 20 64 6f 20  remove`, but do 
8490: 62 65 20 61 77 61 72 65 2c 20 74 68 65 72 65 20  be aware, there 
84a0: 69 73 20 6e 6f 20 65 71 75 69 76 61 6c 65 6e 74  is no equivalent
84b0: 20 66 6f 72 20 60 64 6f 63 6b 65 72 20 72 6d 20   for `docker rm 
84c0: 2d 66 60 20 74 6f 20 66 6f 72 63 65 20 74 68 65  -f` to force the
84d0: 20 72 65 6d 6f 76 61 6c 20 6f 66 20 61 20 72 75   removal of a ru
84e0: 6e 6e 69 6e 67 20 63 6f 6e 74 61 69 6e 65 72 2e  nning container.
84f0: 20 52 6f 75 74 65 72 4f 53 20 6d 61 6b 65 73 20   RouterOS makes 
8500: 79 6f 75 20 73 74 6f 70 20 69 74 20 66 69 72 73  you stop it firs
8510: 74 2e 0d 0a 0d 0a 41 6e 6f 74 68 65 72 20 6b 6e  t.....Another kn
8520: 6f 63 6b 2d 6f 6e 20 65 66 66 65 63 74 20 74 6f  ock-on effect to
8530: 20 62 65 20 61 77 61 72 65 20 6f 66 20 73 74 65   be aware of ste
8540: 6d 73 20 66 72 6f 6d 20 74 68 65 20 6c 61 63 6b  ms from the lack
8550: 20 6f 66 20 61 20 6c 6f 63 61 6c 20 69 6d 61 67   of a local imag
8560: 65 20 63 61 63 68 65 3a 20 72 65 6d 6f 76 69 6e  e cache: removin
8570: 67 20 61 20 63 6f 6e 74 61 69 6e 65 72 20 61 6e  g a container an
8580: 64 20 72 65 69 6e 73 74 61 6c 6c 69 6e 67 20 69  d reinstalling i
8590: 74 20 66 72 6f 6d 20 74 68 65 20 2a 73 61 6d 65  t from the *same
85a0: 2a 20 72 65 6d 6f 74 65 20 69 6d 61 67 65 20 72  * remote image r
85b0: 65 71 75 69 72 65 73 20 52 6f 75 74 65 72 4f 53  equires RouterOS
85c0: 20 74 6f 20 72 65 2d 64 6f 77 6e 6c 6f 61 64 20   to re-download 
85d0: 74 68 65 20 69 6d 61 67 65 2c 20 65 76 65 6e 20  the image, even 
85e0: 77 68 65 6e 20 64 6f 6e 65 20 62 61 63 6b 2d 74  when done back-t
85f0: 6f 2d 62 61 63 6b 2c 20 65 76 65 6e 20 69 66 20  o-back, even if 
8600: 79 6f 75 20 6e 65 76 65 72 20 73 74 61 72 74 20  you never start 
8610: 74 68 65 20 63 6f 6e 74 61 69 6e 65 72 20 62 65  the container be
8620: 74 77 65 65 6e 20 61 6e 64 20 74 68 65 72 65 62  tween and thereb
8630: 79 20 63 61 75 73 65 20 69 74 20 74 6f 20 6d 61  y cause it to ma
8640: 6b 65 20 63 68 61 6e 67 65 73 20 74 6f 20 74 68  ke changes to th
8650: 65 20 65 78 70 61 6e 64 65 64 20 69 6d 61 67 65  e expanded image
8660: e2 80 99 73 20 66 69 6c 65 73 2e 20 59 6f 75 20  ’s files. You 
8670: 63 61 6e 20 65 6e 64 20 75 70 20 68 69 74 74 69  can end up hitti
8680: 6e 67 20 61 6e 6e 6f 79 69 6e 67 20 72 61 74 65  ng annoying rate
8690: 2d 6c 69 6d 69 74 69 6e 67 20 6f 6e 20 74 68 65  -limiting on the
86a0: 20 e2 80 9c 66 72 65 65 e2 80 9d 20 72 65 67 69   “free” regi
86b0: 73 74 72 69 65 73 20 69 6e 20 74 68 65 20 6d 69  stries in the mi
86c0: 64 64 6c 65 20 6f 66 20 61 20 68 6f 74 2d 61 6e  ddle of a hot-an
86d0: 64 2d 68 65 61 76 79 20 64 65 62 75 67 67 69 6e  d-heavy debuggin
86e0: 67 20 73 65 73 73 69 6f 6e 20 64 75 65 20 74 6f  g session due to
86f0: 20 74 68 69 73 2e 20 41 73 6b 20 6d 65 20 68 6f   this. Ask me ho
8700: 77 20 49 20 6b 6e 6f 77 2e 20 f0 9f 98 81 0d 0a  w I know. 😁..
8710: 0d 0a 54 68 65 20 73 6f 6c 75 74 69 6f 6e 20 69  ..The solution i
8720: 73 20 74 6f 20 70 72 6f 64 75 63 65 20 61 6e 20  s to produce an 
8730: 5b 4f 43 49 5d 20 69 6d 61 67 65 20 74 61 72 62  [OCI] image tarb
8740: 61 6c 6c 20 69 6e 20 74 68 65 20 66 6f 72 6d 61  all in the forma
8750: 74 20 73 75 62 73 65 74 20 74 68 61 74 20 60 2f  t subset that `/
8760: 63 6f 6e 74 61 69 6e 65 72 2f 61 64 64 20 66 69  container/add fi
8770: 6c 65 3d e2 80 a6 60 20 77 69 6c 6c 20 61 63 63  le=…` will acc
8780: 65 70 74 2e 0d 0a 0d 0a 42 75 74 20 74 68 61 74  ept.....But that
8790: 20 62 72 69 6e 67 73 20 75 70 20 61 20 6e 65 77   brings up a new
87a0: 20 6c 69 6d 69 74 61 74 69 6f 6e 20 77 6f 72 74   limitation wort
87b0: 68 20 6d 65 6e 74 69 6f 6e 69 6e 67 3a 20 60 63  h mentioning: `c
87c0: 6f 6e 74 61 69 6e 65 72 2e 6e 70 6b 60 20 69 73  ontainer.npk` is
87d0: 6e e2 80 99 74 20 31 30 30 25 20 4f 43 49 2d 63  n’t 100% OCI-c
87e0: 6f 6d 70 6c 69 61 6e 74 2e 20 49 74 20 63 61 6e  ompliant. It can
87f0: e2 80 99 74 20 68 61 6e 64 6c 65 20 6d 75 6c 74  ’t handle mult
8800: 69 2d 70 6c 61 74 66 6f 72 6d 20 69 6d 61 67 65  i-platform image
8810: 20 74 61 72 62 61 6c 6c 73 2c 20 66 6f 72 20 6f   tarballs, for o
8820: 6e 65 2e 20 59 6f 75 20 68 61 76 65 20 74 6f 20  ne. You have to 
8830: 67 69 76 65 20 74 68 65 20 6d 61 74 63 68 69 6e  give the matchin
8840: 67 20 60 2d 2d 70 6c 61 74 66 6f 72 6d 60 20 6f  g `--platform` o
8850: 70 74 69 6f 6e 20 77 68 65 6e 20 64 6f 77 6e 6c  ption when downl
8860: 6f 61 64 69 6e 67 20 74 68 65 20 74 61 72 62 61  oading the tarba
8870: 6c 6c 20 74 6f 20 67 65 74 20 73 6f 6d 65 74 68  ll to get someth
8880: 69 6e 67 20 60 63 6f 6e 74 61 69 6e 65 72 2e 6e  ing `container.n
8890: 70 6b 60 20 77 69 6c 6c 20 61 63 63 65 70 74 2e  pk` will accept.
88a0: 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69 64 3d 22  ......## <a id="
88b0: 73 65 61 72 63 68 22 3e 3c 2f 61 3e 60 73 65 61  search"></a>`sea
88c0: 72 63 68 60 0d 0a 0d 0a 54 68 65 72 65 20 69 73  rch`....There is
88d0: 20 6e 6f 20 65 71 75 69 76 61 6c 65 6e 74 20 74   no equivalent t
88e0: 6f 20 74 68 69 73 20 69 6e 20 52 6f 75 74 65 72  o this in Router
88f0: 4f 53 2e 20 59 6f 75 20 77 69 6c 6c 20 6e 65 65  OS. You will nee
8900: 64 20 74 6f 20 63 6f 6e 6e 65 63 74 20 74 6f 20  d to connect to 
8910: 79 6f 75 72 20 69 6d 61 67 65 20 72 65 67 69 73  your image regis
8920: 74 72 79 20 6f 66 20 63 68 6f 69 63 65 20 61 6e  try of choice an
8930: 64 20 75 73 65 20 69 74 73 20 73 65 61 72 63 68  d use its search
8940: 20 65 6e 67 69 6e 65 2e 0d 0a 0d 0a 0d 0a 23 23   engine.......##
8950: 20 3c 61 20 69 64 3d 22 73 65 63 72 65 74 22 3e   <a id="secret">
8960: 3c 2f 61 3e 60 73 65 63 72 65 74 60 0d 0a 0d 0a  </a>`secret`....
8970: 54 68 69 73 20 74 79 70 69 63 61 6c 6c 79 20 73  This typically s
8980: 68 6f 77 73 20 75 70 20 61 73 20 70 61 72 74 20  hows up as part 
8990: 6f 66 20 44 6f 63 6b 65 72 20 53 77 61 72 6d 2c  of Docker Swarm,
89a0: 20 4b 75 62 65 72 6e 65 74 65 73 2c 20 6f 72 20   Kubernetes, or 
89b0: 50 6f 64 6d 61 6e 20 70 6f 64 73 2c 20 6e 6f 6e  Podman pods, non
89c0: 65 20 6f 66 20 77 68 69 63 68 20 65 78 69 73 74  e of which exist
89d0: 73 20 75 6e 64 65 72 20 52 6f 75 74 65 72 4f 53  s under RouterOS
89e0: 2c 20 77 68 69 63 68 20 69 73 20 77 68 79 20 69  , which is why i
89f0: 74 20 73 68 6f 75 6c 64 6e e2 80 99 74 20 73 75  t shouldn’t su
8a00: 72 70 72 69 73 65 20 79 6f 75 20 74 68 61 74 20  rprise you that 
8a10: 52 6f 75 74 65 72 4f 53 20 68 61 73 20 6e 6f 20  RouterOS has no 
8a20: 73 65 63 72 65 74 2d 73 68 61 72 69 6e 67 20 66  secret-sharing f
8a30: 61 63 69 6c 69 74 79 2e 20 54 68 65 20 73 74 61  acility. The sta
8a40: 6e 64 61 72 64 20 66 61 6c 6c 62 61 63 6b 73 20  ndard fallbacks 
8a50: 66 6f 72 20 74 68 69 73 20 61 72 65 20 70 61 73  for this are pas
8a60: 73 65 64 2d 69 6e 20 65 6e 76 69 72 6f 6e 6d 65  sed-in environme
8a70: 6e 74 20 76 61 72 69 61 62 6c 65 73 20 6f 72 20  nt variables or 
8a80: 62 69 6e 64 2d 6d 6f 75 6e 74 65 64 20 76 6f 6c  bind-mounted vol
8a90: 75 6d 65 73 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61  umes.......## <a
8aa0: 20 69 64 3d 22 73 74 61 72 74 22 3e 3c 2f 61 3e   id="start"></a>
8ab0: 60 73 74 61 72 74 60 0d 0a 0d 0a 52 6f 75 74 65  `start`....Route
8ac0: 72 4f 53 20 68 61 73 20 60 2f 63 6f 6e 74 61 69  rOS has `/contai
8ad0: 6e 65 72 2f 73 74 61 72 74 60 2c 20 77 69 74 68  ner/start`, with
8ae0: 20 6c 69 6d 69 74 61 74 69 6f 6e 73 20 79 6f 75   limitations you
8af0: 20 63 61 6e 20 72 65 61 73 6f 6e 61 62 6c 79 20   can reasonably 
8b00: 69 6e 66 65 72 20 66 72 6f 6d 20 74 68 65 20 72  infer from the r
8b10: 65 73 74 20 6f 66 20 74 68 69 73 20 61 72 74 69  est of this arti
8b20: 63 6c 65 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20  cle.......## <a 
8b30: 69 64 3d 22 73 77 61 72 6d 22 3e 3c 2f 61 3e 60  id="swarm"></a>`
8b40: 73 77 61 72 6d 60 0d 0a 0d 0a 45 78 74 65 6e 64  swarm`....Extend
8b50: 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 5b 6c 61  ing from the [la
8b60: 63 6b 20 6f 66 20 73 69 6e 67 6c 65 2d 62 6f 78  ck of single-box
8b70: 20 63 6f 6e 74 61 69 6e 65 72 20 6f 72 63 68 65   container orche
8b80: 73 74 72 61 74 69 6f 6e 20 66 65 61 74 75 72 65  stration feature
8b90: 73 5d 28 23 63 6f 6d 70 6f 73 65 29 2c 20 52 6f  s](#compose), Ro
8ba0: 75 74 65 72 4f 53 20 61 6c 73 6f 20 63 6f 6d 70  uterOS also comp
8bb0: 6c 65 74 65 6c 79 20 6c 61 63 6b 73 20 61 20 5f  letely lacks a _
8bc0: 63 6c 75 73 74 65 72 5f 20 6f 72 63 68 65 73 74  cluster_ orchest
8bd0: 72 61 74 69 6f 6e 20 66 65 61 74 75 72 65 2c 20  ration feature, 
8be0: 6e 6f 74 20 65 76 65 6e 20 61 20 6c 69 67 68 74  not even a light
8bf0: 77 65 69 67 68 74 20 6f 6e 65 20 6c 69 6b 65 20  weight one like 
8c00: 5b 44 6f 63 6b 65 72 20 53 77 61 72 6d 5d 28 68  [Docker Swarm](h
8c10: 74 74 70 73 3a 2f 2f 64 6f 63 73 2e 64 6f 63 6b  ttps://docs.dock
8c20: 65 72 2e 63 6f 6d 2f 65 6e 67 69 6e 65 2f 73 77  er.com/engine/sw
8c30: 61 72 6d 2f 29 20 6f 72 20 5b 6b 33 73 5d 28 68  arm/) or [k3s](h
8c40: 74 74 70 73 3a 2f 2f 6b 33 73 2e 69 6f 29 2c 20  ttps://k3s.io), 
8c50: 61 6e 64 20 69 74 20 63 65 72 74 61 69 6e 6c 79  and it certainly
8c60: 20 64 6f 65 73 6e e2 80 99 74 20 73 75 70 70 6f   doesn’t suppo
8c70: 72 74 20 74 68 65 20 62 65 68 65 6d 6f 74 68 20  rt the behemoth 
8c80: 74 68 61 74 20 69 73 20 4b 75 62 65 72 6e 65 74  that is Kubernet
8c90: 65 73 2e 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69  es.......## <a i
8ca0: 64 3d 22 74 61 67 22 3e 3c 2f 61 3e 60 74 61 67  d="tag"></a>`tag
8cb0: 60 0d 0a 0d 0a 52 6f 75 74 65 72 4f 53 20 64 6f  `....RouterOS do
8cc0: 65 73 20 6e 6f 74 68 69 6e 67 20 6d 6f 72 65 20  es nothing more 
8cd0: 77 69 74 68 20 74 61 67 73 20 74 68 61 6e 20 74  with tags than t
8ce0: 6f 20 73 65 6c 65 63 74 20 77 68 69 63 68 20 69  o select which i
8cf0: 6d 61 67 65 20 74 6f 20 64 6f 77 6e 6c 6f 61 64  mage to download
8d00: 20 66 72 6f 6d 20 61 20 72 65 67 69 73 74 72 79   from a registry
8d10: 2e 20 57 69 74 68 6f 75 74 20 61 20 6c 6f 63 61  . Without a loca
8d20: 6c 20 69 6d 61 67 65 20 63 61 63 68 65 2c 20 79  l image cache, y
8d30: 6f 75 20 63 61 6e 6e 6f 74 20 72 65 2d 74 61 67  ou cannot re-tag
8d40: 20 61 6e 20 69 6d 61 67 65 2e 0d 0a 0d 0a 0d 0a   an image.......
8d50: 23 23 20 3c 61 20 69 64 3d 22 75 70 64 61 74 65  ## <a id="update
8d60: 22 3e 3c 2f 61 3e 60 75 70 64 61 74 65 60 0d 0a  "></a>`update`..
8d70: 0d 0a 54 68 65 72 65 20 69 73 20 6e 6f 20 65 71  ..There is no eq
8d80: 75 69 76 61 6c 65 6e 74 20 73 68 6f 72 74 20 6f  uivalent short o
8d90: 66 20 74 68 69 73 3a 0d 0a 0d 0a 20 20 20 20 2f  f this:....    /
8da0: 63 6f 6e 74 61 69 6e 65 72 2f 73 74 6f 70 20 30  container/stop 0
8db0: 0d 0a 20 20 20 20 e2 80 a6 77 61 69 74 20 66 6f  ..    …wait fo
8dc0: 72 20 69 74 20 74 6f 20 73 74 6f 70 e2 80 a6 0d  r it to stop….
8dd0: 0a 20 20 20 20 2f 63 6f 6e 74 61 69 6e 65 72 2f  .    /container/
8de0: 72 65 6d 6f 76 65 20 30 0d 0a 20 20 20 20 2f 63  remove 0..    /c
8df0: 6f 6e 74 61 69 6e 65 72 2f 61 64 64 20 e2 80 a6  ontainer/add …
8e00: 0d 0a 0d 0a 54 68 65 20 6c 61 73 74 20 73 74 65  ....The last ste
8e10: 70 20 69 73 20 74 68 65 20 74 72 69 63 6b 79 20  p is the tricky 
8e20: 6f 6e 65 20 73 69 6e 63 65 20 60 2f 63 6f 6e 74  one since `/cont
8e30: 61 69 6e 65 72 2f 70 72 69 6e 74 60 20 73 68 6f  ainer/print` sho
8e40: 77 73 20 6d 6f 73 74 20 62 75 74 20 6e 6f 74 20  ws most but not 
8e50: 61 6c 6c 20 6f 66 20 74 68 65 20 6f 70 74 69 6f  all of the optio
8e60: 6e 73 20 79 6f 75 20 67 61 76 65 20 74 6f 20 63  ns you gave to c
8e70: 72 65 61 74 65 20 69 74 2e 20 49 66 20 79 6f 75  reate it. If you
8e80: 20 64 69 64 6e e2 80 99 74 20 77 72 69 74 65 20   didn’t write 
8e90: 64 6f 77 6e 20 68 6f 77 20 79 6f 75 20 64 69 64  down how you did
8ea0: 20 74 68 61 74 2c 20 79 6f 75 e2 80 99 72 65 20   that, you’re 
8eb0: 67 6f 69 6e 67 20 74 6f 20 68 61 76 65 20 74 6f  going to have to
8ec0: 20 77 6f 72 6b 20 74 68 61 74 20 6f 75 74 20 74   work that out t
8ed0: 6f 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 63  o complete the c
8ee0: 6f 6d 6d 61 6e 64 20 73 65 71 75 65 6e 63 65 2e  ommand sequence.
8ef0: 0d 0a 0d 0a 0d 0a 23 23 20 3c 61 20 69 64 3d 22  ......## <a id="
8f00: 76 65 72 73 69 6f 6e 22 3e 3c 2f 61 3e 60 76 65  version"></a>`ve
8f10: 72 73 69 6f 6e 60 0d 0a 0d 0a 57 68 69 6c 65 20  rsion`....While 
8f20: 52 6f 75 74 65 72 4f 53 e2 80 99 73 20 60 63 6f  RouterOS’s `co
8f30: 6e 74 61 69 6e 65 72 2e 6e 70 6b 60 20 74 65 63  ntainer.npk` tec
8f40: 68 6e 69 63 61 6c 6c 79 20 64 6f 65 73 20 68 61  hnically does ha
8f50: 76 65 20 61 6e 20 69 6e 64 65 70 65 6e 64 65 6e  ve an independen
8f60: 74 20 76 65 72 73 69 6f 6e 20 6e 75 6d 62 65 72  t version number
8f70: 20 6f 66 20 69 74 73 20 6f 77 6e 2c 20 69 74 20   of its own, it 
8f80: 69 73 20 6d 65 61 6e 74 20 74 6f 20 61 6c 77 61  is meant to alwa
8f90: 79 73 20 6d 61 74 63 68 20 74 68 61 74 20 6f 66  ys match that of
8fa0: 20 74 68 65 20 60 72 6f 75 74 65 72 6f 73 2e 6e   the `routeros.n
8fb0: 70 6b 60 20 70 61 63 6b 61 67 65 20 79 6f 75 20  pk` package you 
8fc0: 68 61 76 65 20 69 6e 73 74 61 6c 6c 65 64 2e 20  have installed. 
8fd0: 52 6f 75 74 65 72 4f 53 20 61 75 74 6f 6d 61 74  RouterOS automat
8fe0: 69 63 61 6c 6c 79 20 75 70 67 72 61 64 65 73 20  ically upgrades 
8ff0: 62 6f 74 68 20 69 6e 20 6c 6f 63 6b 2d 73 74 65  both in lock-ste
9000: 70 2c 20 6d 61 6b 69 6e 67 20 74 68 69 73 20 74  p, making this t
9010: 68 65 20 63 6c 6f 73 65 73 74 20 65 71 75 69 76  he closest equiv
9020: 61 6c 65 6e 74 20 63 6f 6d 6d 61 6e 64 3a 0d 0a  alent command:..
9030: 0d 0a 20 20 20 20 2f 73 79 73 74 65 6d 2f 70 61  ..    /system/pa
9040: 63 6b 61 67 65 2f 70 72 69 6e 74 0d 0a 0d 0a 0d  ckage/print.....
9050: 0a 23 23 20 3c 61 20 69 64 3d 22 77 61 69 74 22  .## <a id="wait"
9060: 3e 3c 2f 61 3e 60 77 61 69 74 60 0d 0a 0d 0a 54  ></a>`wait`....T
9070: 68 65 20 63 6c 6f 73 65 73 74 20 65 71 75 69 76  he closest equiv
9080: 61 6c 65 6e 74 20 74 6f 20 74 68 69 73 20 77 6f  alent to this wo
9090: 75 6c 64 20 62 65 20 74 6f 20 63 61 6c 6c 20 60  uld be to call `
90a0: 2f 63 6f 6e 74 61 69 6e 65 72 2f 73 74 6f 70 60  /container/stop`
90b0: 20 69 6e 20 61 20 52 6f 75 74 65 72 4f 53 20 73   in a RouterOS s
90c0: 63 72 69 70 74 20 61 6e 64 20 74 68 65 6e 20 70  cript and then p
90d0: 6f 6c 6c 20 6f 6e 20 60 2f 63 6f 6e 74 61 69 6e  oll on `/contain
90e0: 65 72 2f 70 72 69 6e 74 20 77 68 65 72 65 20 e2  er/print where �
90f0: 80 a6 60 20 75 6e 74 69 6c 20 69 74 20 73 74 6f  ��` until it sto
9100: 70 70 65 64 2e 0a 5a 20 65 34 64 64 32 31 39 62  pped..Z e4dd219b
9110: 32 62 32 33 30 30 61 39 36 30 64 63 61 36 37 62  2b2300a960dca67b
9120: 30 62 61 34 38 66 62 62 0a                       0ba48fbb.