MikroTik Solutions

Check-in [83694c3403]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Removed the setcap stuff from the iperf3 container. I pursued that based on the mDNS repeater container. I thought it was part of why this eventually started running, but no, it's a red herring. This cuts the running container size roughly in half.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 83694c340391f43d564852df8cff23713b930a91025d3e54da7ee8f8f422f0c8
User & Date: tangent 2023-04-03 19:57:10
Context
2023-04-03
20:21
Solved the ROS container start problem: it needs the /dev, /proc, /run *and* /sys mount points to be present, even when you're deploying a single static binary that doesn't access any of that. check-in: c4f08b8fc9 user: tangent tags: trunk
19:57
Removed the setcap stuff from the iperf3 container. I pursued that based on the mDNS repeater container. I thought it was part of why this eventually started running, but no, it's a red herring. This cuts the running container size roughly in half. check-in: 83694c3403 user: tangent tags: trunk
02:28
Typos check-in: 7c1577c36d user: tangent tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to iperf3/Dockerfile. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

# syntax=docker/dockerfile:1.0
FROM alpine:latest AS build
ARG VERSION=master
RUN apk add --no-cache build-base git libcap-static libcap-dev
RUN git clone --depth 1 --branch ${VERSION} https://github.com/esnet/iperf
RUN git clone --depth 1 https://git.kernel.org/pub/scm/libs/libcap/libcap
RUN gcc --static libcap/progs/setcap.c -o /bin/setcap -lcap
RUN iperf/configure CFLAGS="-Os -s" --enable-static-bin
RUN make -j12

FROM scratch
COPY --from=build /src/iperf3 /bin/
COPY --from=build /bin/setcap /bin/
COPY --from=build /tmp/ /tmp/
RUN [ "/bin/setcap", "cap_net_raw=+ep", "/bin/iperf3" ]

EXPOSE 5201/tcp 5201/udp
ENTRYPOINT [ "/bin/iperf3" ]
CMD [ "-s" ]




|

<
<





<

<





1
2
3
4
5


6
7
8
9
10

11

12
13
14
15

# syntax=docker/dockerfile:1.0
FROM alpine:latest AS build
ARG VERSION=master
RUN apk add --no-cache build-base git
RUN git clone --depth 1 --branch ${VERSION} https://github.com/esnet/iperf


RUN iperf/configure CFLAGS="-Os -s" --enable-static-bin
RUN make -j12

FROM scratch
COPY --from=build /src/iperf3 /bin/

COPY --from=build /tmp/ /tmp/


EXPOSE 5201/tcp 5201/udp
ENTRYPOINT [ "/bin/iperf3" ]
CMD [ "-s" ]

Changes to iperf3/README.md. 

1
2
3
4
5
6
7
8
9
10

The [`Dockerfile`](/file/iperf3/Dockerfile) builds a single static binary
of [ESNet’s `iperf3` tool][src] and sets it to run in server mode by
default. Its small (0.4 MB) size makes it ideal for testing network
performance on resource constrained MikroTik RouterOS boxes running the
[optional container feature][mtdoc] added in ROS 7.4. As such, it’s built
for both 32-bit and 64-bit ARM CPUs, but also for Intel platforms,
because why not?

See the [`Makefile`](/file/iperf3/Makefile) for details on building,
configuring, and running this container.



|








1
2
3
4
5
6
7
8
9
10

The [`Dockerfile`](/file/iperf3/Dockerfile) builds a single static binary
of [ESNet’s `iperf3` tool][src] and sets it to run in server mode by
default. Its small (0.2 MB) size makes it ideal for testing network
performance on resource constrained MikroTik RouterOS boxes running the
[optional container feature][mtdoc] added in ROS 7.4. As such, it’s built
for both 32-bit and 64-bit ARM CPUs, but also for Intel platforms,
because why not?

See the [`Makefile`](/file/iperf3/Makefile) for details on building,
configuring, and running this container.

86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

```

The tarball name will vary depending on the current version when you
read this and the CPU type you need. Check your build directory.
You can avoid giving the tarball name to “`make`”, but since that will
build all four platform tarballs, this method saves you some time.

The build currently depends on Docker; it is known to fail to build and
run on Podman due to the `setcap` step.

We’re using the `skopeo` tool from the Podman project to fix up some
formatting issues in the image tarball which RouterOS is currently
interolerant of, at least as of ROS 7.9rc1.

**BEWARE:** This currently won’t work as-is on RouterOS. You can fix it
by changing the `Dockerfile` to base the second stage on Alpine per the
instructions in the next section before you get to the “`make`” step.








<
<
<








86
87
88
89
90
91
92



93
94
95
96
97
98
99

```

The tarball name will vary depending on the current version when you
read this and the CPU type you need. Check your build directory.
You can avoid giving the tarball name to “`make`”, but since that will
build all four platform tarballs, this method saves you some time.




We’re using the `skopeo` tool from the Podman project to fix up some
formatting issues in the image tarball which RouterOS is currently
interolerant of, at least as of ROS 7.9rc1.

**BEWARE:** This currently won’t work as-is on RouterOS. You can fix it
by changing the `Dockerfile` to base the second stage on Alpine per the
instructions in the next section before you get to the “`make`” step.

113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

I have no idea why that’s necessary. There is no good reason for it
other than to support the RouterOS “`/container shell`” command, which
should be purely optional. The container proper doesn’t need anything
Alpine provides; once we get through the first stage, we’re done with
the need for anything OS-like. The second stage includes naught but two
static binaries, with zero external dependencies.

This hack isn’t necessary under Docker and Podman.  Indeed, they’ll let
you get away without the `setcap` step, bringing the container size down
into the 100 kB range, compressed.

<div id="this-space-left-blank-intentionally" style="height: 50em"></div>


[mtdoc]:  https://help.mikrotik.com/docs/display/ROS/Container
[src]:    https://github.com/esnet/iperf
[WinBox]: https://mikrotik.com/download








|
<
<








110
111
112
113
114
115
116
117


118
119
120
121
122
123
124

I have no idea why that’s necessary. There is no good reason for it
other than to support the RouterOS “`/container shell`” command, which
should be purely optional. The container proper doesn’t need anything
Alpine provides; once we get through the first stage, we’re done with
the need for anything OS-like. The second stage includes naught but two
static binaries, with zero external dependencies.

This hack isn’t necessary under Docker and Podman.



<div id="this-space-left-blank-intentionally" style="height: 50em"></div>


[mtdoc]:  https://help.mikrotik.com/docs/display/ROS/Container
[src]:    https://github.com/esnet/iperf
[WinBox]: https://mikrotik.com/download