routeros-container
Manage containers on MikroTik RouterOS
Running containers on MikroTik RouterOS requires understanding its custom OCI implementation, which differs significantly from standard Docker. This skill provides step-by-step guidance for container setup, networking, image management, and lifecycle operations on RouterOS devices.
Download the skill ZIP
Upload in Claude
Go to Settings → Capabilities → Skills → Upload skill
Toggle on and start using
Test it
Using "routeros-container". Create a VETH interface and bridge for a container with IP 172.17.0.2
Expected outcome:
1. Create VETH pair: /interface/veth/add name=veth-myapp address=172.17.0.2/24 gateway=172.17.0.1
2. Create bridge: /interface/bridge/add name=containers
3. Add VETH to bridge: /interface/bridge/port/add bridge=containers interface=veth-myapp
4. Assign gateway IP: /ip/address/add address=172.17.0.1/24 interface=containers
Using "routeros-container". Start a container named myapp and check its status
Expected outcome:
1. Start: /container/start [find tag~"myapp"]
2. Check status: /container/print
3. View logs: /log/print where topics~"container"
4. For REST API: GET /rest/container returns container list with .running field (string "true"/"false")
Security Audit
SafeThis skill is a Markdown documentation file providing instructions and examples for the MikroTik RouterOS /container subsystem. The static scanner flagged 171 patterns, but all are false positives. The 'external_commands' detections match RouterOS CLI syntax inside Markdown code fences, not actual shell execution. The 'network' detections reference example URLs and IPs in documentation snippets. The 'weak cryptographic algorithm' and 'path traversal' findings have no basis in the content. No executable code exists in this file - it is purely instructional documentation for network administrators.
Quality Score
What You Can Build
Deploy Pi-hole in a RouterOS container
Set up a Pi-hole ad-blocking container with VETH networking, persistent storage on external disk, and proper environment variables for the web interface password.
Run netinstall service via L2 bridge container
Configure a container with Layer 2 bridge access to provide BOOTP/TFTP netinstall services on the same network segment as physical devices.
Automate container management via REST API
Use the RouterOS REST API to programmatically list, start, stop, and delete containers with proper polling for asynchronous operations.
Try These Prompts
I have a MikroTik router running RouterOS 7.x. Help me enable the container subsystem and set up basic VETH networking so I can run my first container.
I want to pull an Alpine container from Docker Hub on my RouterOS device, assign it a VETH interface with IP 172.17.0.2, and set environment variables. Walk me through the steps.
I need to build a custom OCI image for RouterOS that meets its requirements: single layer, no gzip compression, Docker v1 manifest format. Then import it as a tar file and configure inline env vars and mounts.
Write a TypeScript script that uses the RouterOS REST API to list containers, start one by ID, check its running status (accounting for string boolean values), and delete it with proper retry logic for the stop-then-delete sequence.
Best Practices
- Always place container volumes on external disk storage, never on internal flash storage
- Use inline env= and mount= properties on RouterOS 7.21+ for simpler self-contained container definitions
- When using the REST API, remember that the .running field returns strings "true"/"false", not boolean values, and DELETE requires the container to be fully stopped first
Avoid
- Using /system/reboot instead of /system/package/apply-changes on RouterOS 7.18+ which will discard uploaded packages
- Attempting to run multi-layer or gzip-compressed tar images which RouterOS cannot load
- Trying to use the /app YAML system when Layer 2 bridge access is required, such as for netinstall