how enable container on CHR\x86?

whyborn · Fri Sep 02, 2022 11:37 am

hi!
pls tell me how to enable CHR\x86 in system/device-mode/container?
/system/device-mode/updatecontainer=yes asks for a manual poweroff or reset - turn off vps via isp manager there is not working

[admin@CHR] > system/device-mode/print
mode: enterprise
[admin@CHR] > /system/device-mode/update container=yes
update: please activate by turning power off or pressing reset or mode button in 4m33s
-- [Q quit|D dump|C-z pause]

thx

rextended · Fri Sep 02, 2022 11:48 am

You have installed container package, first?

whyborn · Fri Sep 02, 2022 4:26 pm

You have installed container package, first?

对啊
I see container menu, but it gives an error.

[admin@CHR] > /container/add remote-image=pihole/pihole:latest interface=veth1 root-dir=pihole mounts=dnsmasq_pihole,etc_pi hole envlist=pihole_envs failure: not allowed by device-mode [admin@CHR] > system/device-mode/print mode: enterprise

nick209 · Fri Sep 02, 2022 7:52 pm

pls tell me how to enable CHR\x86 in system/device-mode/container?
/system/device-mode/updatecontainer=yes asks for a manual poweroff or reset - turn off vps via isp manager there is not working

+1
I am also unable to change device-mode on my CHR. Turn off or reboot vds over VMmanager is not working for me. Container package is installed.

ID · Fri Sep 02, 2022 9:49 pm

after issue command;
/system/device-mode/update container=yes

do not shutdown or reboot at routeros. power off vm directly.

whyborn · Fri Sep 02, 2022 10:48 pm

m8, Im shutting down my virtual machine in isp manager via "restart" and "stop" buttons
without any effect.
its very strange,thats why I created this topic here

111.png

anyway thanks for the answer! i hope dev will pay attention to this problem, or they will tell me in detail where im wrong

ID · Fri Sep 02, 2022 10:56 pm

When you do any option, are you see "router was rebooted without proper shutdown" error at first line at log when routeros come back?

fragtion · Fri Sep 02, 2022 10:57 pm

Only thing that worked for me to get it working on AWS, was to launch the cloud vm as an ubuntu/debian VM, then set up the chr with container enabled on another local vm with virtualbox or whatever, ssh the image over to a ramdrive on the ubuntu CHR, and then dd the image and reboot. But beware all of this wipes the license. Oh and I'm sure there's an easier way, but I don't know it

whyborn · Fri Sep 02, 2022 11:27 pm

loss license is catastrophic, thank you, but its not my way

hegars · Sat Sep 03, 2022 5:31 am

I know it probably dosent help your exact problem but I had the exact same issue on Linode.com instances, so I hope this helps someone in the same situation.

The fix was after entering the /system/device-mode/update container=yes then going into the LISH console then issuing a CTL+A then D to exit from the running vm console to the lish submenu, issuing the "destroy" command then finnally the "boot" command.

However you might be able to issue a SysRq B comand, so look that up maybe?

In AWS you'll need to get on the CLI and issue a force stop "aws ec2 stop-instances --force --instance-ids i-xxxxxxxxx". I'll see if I can do it now on my AWS instances and update this post.

whyborn · Sat Sep 03, 2022 6:53 am

When you do any option, are you see "router was rebooted without proper shutdown" error at first line at log when routeros come back?

nope
logs empty

ID · Sat Sep 03, 2022 1:19 pm

You aren't doing anything wrong. Probably when you hit stop or restart isp manager notify routeros and do it graceful reboot/shutdown.
No matter what i did, container permission given only when i force vm to stop like power off and on like hardware. That's why i ask if you see that error/information at first place.

Maybe mikrotik dev's give an exception for CHR instances at later versions since we don't have button and not everybody can hard stop vm because of permissions or incompatibility of software. =/

Anyway if i find easy way to do it, let this thread aware.

avraamd · Sun Sep 04, 2022 11:48 am

Same thing to me when i tried it on VirtualBox, can not update the device-mode.

hegars · Sun Sep 04, 2022 2:26 pm

Same thing to me when i tried it on VirtualBox, can not update the device-mode.

I just tested with latest VirtualBox and it works fine using the "reset" in vitualbox with the CHR 7.5 images

avraamd · Sun Sep 04, 2022 6:45 pm

Correction. After reinstalling VirtualBox worked ok! Thanks

Hello i have the latest Virtualbox, and tried from the VM Menu-->Machine -->Reset.

But the mode did not update to container.

whyborn · Mon Sep 05, 2022 9:47 am

You aren't doing anything wrong. Probably when you hit stop or restart isp manager notify routeros and do it graceful reboot/shutdown.
No matter what i did, container permission given only when i force vm to stop like power off and on like hardware. That's why i ask if you see that error/information at first place.

Maybe mikrotik dev's give an exception for CHR instances at later versions since we don't have button and not everybody can hard stop vm because of permissions or incompatibility of software. =/

Anyway if i find easy way to do it, let this thread aware.

I also thought that from the management console, only a warm restart. I created a ticket with the provider and they answered me in technical support, "stop button in the console executes the virsh shutdown command"

hegars · Mon Sep 05, 2022 2:45 pm

如果其virsh那么“virsh摧毁”需要国际空间站ued. this is the command that initiates an immediate ungraceful shutdown and stops the specified guest virtual machinehttps://access.redhat.com/documentation ... rsh-delete

whyborn · Mon Sep 05, 2022 7:54 pm

thnx !
your answer helped

I asked the technical support of my vps provider to do

virsh destroy

on the hypervisor to my VM

/system/device-mode/update container=yes

and rearm from console my VM
after hard reset it and everything worked out!

please mark this answer as solved
thank you all for your help and advice

nick209 · Tue Sep 06, 2022 10:15 pm

I asked the technical support of my vps provider to do
Code:Select all
virsh destroy

Unfortunately it doesn't work for my vps provider...

Dear mikrotik developers, please add the ability to change device-mode easier especially for chr

hegars · Wed Sep 07, 2022 3:34 pm

the methods to enable containers are a little harsh but the security implications are pretty wild so you're not going to get very far with support on this one.

aleab · Sat Sep 10, 2022 10:53 pm

i post my experience...

i have a chr on ionos cloud.
i'm able to enable container successful with
/system/device-mode/update container=yes

then on console ionos (i think use vmware)
i shutdown VM ,
when ask me software or hardware i click on hardware shutdown

then start VM
now container is enabled

/system/device-mode/print mode: enterprise container: yes

edv4ld0 · Tue Sep 20, 2022 6:11 am

On AWS, after install container:

1) Stop EC2 (wait until it's stopped).

2) Using AWS CLI (one after the other):
aws ec2 start-instances --instance-ids i-???
aws ec2 stop-instances --force --instance-ids i-???

* On console in Instance state, it will be showing Stopping.

3) Connect to CHR using your favorite client, to enable the container:
/system/device-mode/update container=yes

The instance will shutdown between 3 and 4 minutes. Wait.

4) Start EC2, the log will appear:
router was rebooted without proper shutdown

* The container will be enabled.

vermut · Wed Nov 02, 2022 6:08 pm

On AWS, after install container:
aws ec2 start-instances --instance-ids i-???
aws ec2 stop-instances --force --instance-ids i-???

I just love the idea. AWS first sends the ACPI shutdown, and in few minutes, if the instance is still up will cold-stop it. And idea presumably is to make the machine "swallow" ACPI command sending that immediately after start.

Unfortunately, I couldn't replicate this on my setup. And I'm doing that just a month later so I doubt AWS changed something.

I was testing on t2.micro. Used the AWS CloudShell to minimize the lag. I also tried to add arbitrary sleeps between start and stop, tried with and without "--force" -- it just shows "Stopping" for 5-10 seconds and stops, without giving me a chance to input anything to terminal.

edv4ld0,你能分享更多细节你如何做的that?

citizen25 · Sun Nov 13, 2022 12:03 am

I have just spent a few hours trying on a CHR hosted with XCP-ng and I see no way to get this to activate. I can even see if they for chr did this in the licence management and done as a Lic update.

Regardless this needs to be added to winbox or a way for this to be authorized as there is no console for me when off because the system is off and their for is no console.

kandar · Mon Nov 21, 2022 6:14 pm

Hi,

funny I facing same problem on my RB4011iGS+5HacQ2HnD device. After executing "system device-mode update container=yes" command I did power on-off cycle with 5min, counting down on Terminal.

After trying to create new docker, Error pops out saying "Couldnt add Container - not allowed by device-mode(6)"
I tried to install docker on internal flash (>900MiB free).

Model:RB4011iGS+5HacQ2HnD
Firmware type: al2
Factory Firmware: 6.45.9
Current Firmware: 7.6
Upgrade Firmware: 7.6

Any thoughts what could be wrong?

Thanks, Rok

pe1chl · Mon Nov 21, 2022 7:07 pm

On such a device you should just press the RESET button.

kandar · Tue Nov 22, 2022 7:48 pm

Well that the other thing

push button is broken, accident happened

User manual says either power cycle or reset button.
Do you think reset button is more likely to work than power cycle. If so i could replace it, if that is the only way ....

pe1chl · Tue Nov 22, 2022 8:14 pm

Maybe... at least when I wanted to set the device mode, I used the RESET button and it worked.
(actually I was surprised that it immediately rebooted the router - I was under the impression that the RESET button was merely an input line to the processor that can be polled, e.g. to detect if it has to reset the config or start the network bootloader, and that it would just see that I pressed RESET and set my devicemode without a reboot)

kandar · Tue Nov 22, 2022 10:28 pm

I believe that is right, its not hardware reset button, but "soft" reset.... Anyhow, I can not find any information about that only push button works, but not power cycle.
Both options are always mentioned. Do either power cycle or reset via push botton.

mkx · Wed Nov 23, 2022 8:33 pm

I can not find any information about that only push button works, but not power cycle.

I seem to remember that one MT staffer once (with distinctly low voice) admitted in a post I can't find that power cycle indeed doesn't work.

kandar · 12月6日星期二2022 1:59 pm

[/quote]
I seem to remember that one MT staffer once (with distinctly low voice) admitted in a post I can't find that power cycle indeed doesn't work.
[/quote]

Well, I think I can confirm that power cycle does not work....

Rok

07adm · Thu Dec 15, 2022 2:48 pm

On AWS, after install container:
aws ec2 start-instances --instance-ids i-???
aws ec2 stop-instances --force --instance-ids i-???

I just love the idea. AWS first sends the ACPI shutdown, and in few minutes, if the instance is still up will cold-stop it. And idea presumably is to make the machine "swallow" ACPI command sending that immediately after start.

Unfortunately, I couldn't replicate this on my setup. And I'm doing that just a month later so I doubt AWS changed something.

I was testing on t2.micro. Used the AWS CloudShell to minimize the lag. I also tried to add arbitrary sleeps between start and stop, tried with and without "--force" -- it just shows "Stopping" for 5-10 seconds and stops, without giving me a chance to input anything to terminal.

edv4ld0,你能分享更多细节你如何做的that?

I am struggling with the same issue here. AWS support have advised that a "dirty shutdown" is not possible. Even using the force option listed in here.

If anyone has managed to recreate these steps, I would love a breakdown of how you managed it!

fakeusername2022 · Sun Feb 12, 2023 11:36 pm

I have the very same issue! Mikrotik must devise a different method for enabling container on x86 or CHR platforms.Some VPS providers perform a gracefull shutdown/restart of the system no matter what. Best to change the method for CHR version...

Sob · Mon Feb 13, 2023 10:45 am

One way to solve it would be it they added confirmation at boot. It would require access to physical or virtual console, i.e. something that any attacker wouldn't have, so it would be safe. User would enable containers and do regular reboot. While booting, system would ask if they really want it (with e.g. 10 second timeout, defaulting to "no"). Anyone without access to console would be still out of luck, but many/most(?) have it, so it would better than now.

tsungkang · Fri Feb 17, 2023 11:01 am

I have the very same issue! Mikrotik must devise a different method for enabling container on x86 or CHR platforms.Some VPS providers perform a gracefull shutdown/restart of the system no matter what. Best to change the method for CHR version...

I agree with it, I've seen many server provider not to expose all the control functions, their shutdown button will send shutdown signal instead of forcing power down, I had to give up using RouterOS on these vps servers.

djubb · Tue Feb 21, 2023 4:54 pm

Only thing that worked for me to get it working on AWS, was to launch the cloud vm as an ubuntu/debian VM, then set up the chr with container enabled on another local vm with virtualbox or whatever, ssh the image over to a ramdrive on the ubuntu CHR, and then dd the image and reboot. But beware all of this wipes the license. Oh and I'm sure there's an easier way, but I don't know it

Good afternoon. Can you suggest how you did it?
I have exactly the same problem. I installed in hyper-v chr. How do I make image for transfer?

nitrag · Thu Mar 23, 2023 8:42 pm

On AWS, after install container:

1) Stop EC2 (wait until it's stopped).

2) Using AWS CLI (one after the other):
aws ec2 start-instances --instance-ids i-???
aws ec2 stop-instances --force --instance-ids i-???

* On console in Instance state, it will be showing Stopping.

3) Connect to CHR using your favorite client, to enable the container:
/system/device-mode/update container=yes

The instance will shutdown between 3 and 4 minutes. Wait.

4) Start EC2, the log will appear:
router was rebooted without proper shutdown

* The container will be enabled.

I can confirm that this method works. However at about 2m30s in the countdown was still going and AWS had not terminated the instance. So I went to the console and issued a Force Terminate. It said it was successful. After no shutdown after 30 seconds I issued it again. Then I waited. It eventually stopped. I started and was happy to see that it was enabled. BTW, I used this guide to install v7.8 from RAW diskhttps://bookstack.bluecrow.net/books/mi ... in-aws-ec2.

gt4a · Sun Apr 02, 2023 12:07 pm

on aws lightsail, issued stop command with --force parameter did not work.

Larsa · Sun Apr 02, 2023 9:40 pm

Did you use the cli to run both "start" and then "stop -force" right after?

Who is online