Container does not start

instant · Wed Feb 07, 2024 5:37 pm

Hello, I have followed the guide to install containers but although the Pihole container has been extracted correctly, it remains stopped and even if I press start it does not start, in the Log I do not see that it indicates anything. It makes an attempt to start but then stops again.

Configuration attached

# 1970-01-02 04:18:54 by RouterOS 7.13.3
# software id = TS8L-SN85
#
# model = RBD52G-5HacD2HnD
# serial number = HF5091BX5VV
/container mounts
add dst=/etc/pihole name=etc_pihole src=/usb1-part1/etc
add dst=/etc/dnsmasq.d name=dnsmasq_pihole src=/usb1-part1/etc-dnsmasq.d
/disk
set usb1 type=hardware
add parent=usb1 partition-number=1 partition-offset=512 partition-size=\
    "15 724 445 184" type=partition
/interface bridge
add admin-mac=78:9A:18:72:1B:96 auto-mac=no comment=defconf name=bridge \
    port-cost-mode=short
add name=dockers
/interface veth
add address=172.17.0.2/24 gateway=172.17.0.1 gateway6="" name=veth1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=10m name=defconf
/container
add envlist=usb1-part1 interface=veth1 mounts=etc_pihole,dnsmasq_pihole \
    root-dir=usb1-part1/pihole start-on-boot=yes
/container config
set registry-url=https://registry-1.docker.io tmpdir=usb1-part1/pull
/container envs
add key=TZ name=pihole_envs value=Europe/Madrid
add key=WEBPASSWORD name=pihole_envs value=password
add key=DNSMASQ_USER name=pihole_envs value=root
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=*6 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=*7 internal-path-cost=10 \
    path-cost=10
add bridge=dockers interface=veth1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=172.17.0.1/24 interface=dockers network=172.17.0.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes servers=172.17.0.2
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat src-address=172.17.0.0/24
add action=dst-nat chain=dstnat dst-address=192.168.88.1 dst-port=888 \
    protocol=tcp to-addresses=172.17.0.2 to-ports=80
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

optio · Wed Feb 07, 2024 7:21 pm

Try to enable logging for container (/container set 0 logging=yes), start and see if anything is logged from container in ROS logs.

instant · Thu Feb 08, 2024 10:41 am

Try to enable logging for container (/container set 0 logging=yes), start and see if anything is logged from container in ROS logs.

Done

execve: No such file or directory

optio · Thu Feb 08, 2024 3:53 pm

I guess something went wrongv with image extraction or there is some problem with accessing usb disk partition; remove container, check if root directory is deleted and delete mount directories if exists, remove leading / in src mount directories (eg. /usb1-part1/etc -> usb1-part1/etc) and create new container.
Check also if can actually write file on that usb disk partition (usb1-part1), if you did not already, upload some file on it and try to read it or download it back and check if same file content.

MrMarcus · Wed Feb 14, 2024 3:28 pm

Do the following to make sure everything works:

1. Check if 172.17.0.2 is pingable
2. Check in File / Disks if usb1-part1 does exists. You're pointing everything to this drive / partition but sometimes when you reformat a pen drive it sticks to USB1 (instead of usb1-part1).
3. Re-format the USB drive otherwise and see (2). Make sure the partition is correctly named usb1-part1 or usb1 and adjust your container script to refer to the correct path (pull / mounting etc.)
4. Check your container. You made an error in with the envlist. If should point to pihole_envs instead you pointed to usb1-part1
5. I'm not sure if the container code is simplified in this output but it should (ofcourse) have remote-image = pihole/pihole:latest. Otherwise nothing will be downloaded / extracted.

/container
add envlist=usb1-part1 interface=veth1 mounts=etc_pihole,dnsmasq_pihole \
root-dir=usb1-part1/pihole start-on-boot=yes

Container does not start

Container does not start

Re: Container does not start

Re: Container does not start

Re: Container does not start

Re: Container does not start

Who is online