The VyOS container implementation is based on Podman as a deamonless container engine.

set-container-name-name-image

Sets the image name in the hub registry

set container name mysql-server image mysql:8.0

If a registry is not specified, Docker.io will be used as the container registry unless an alternative registry is specified using set container registry <name> or the registry is included in the image name

set container name mysql-server image quay.io/mysql:8.0

set-container-name-name-entrypoint-entrypoint

Override the default entrypoint from the image for a container.

set-container-name-name-command-command

Override the default command from the image for a container.

set-container-name-name-arguments-arguments

Set the command arguments for a container.

set-container-name-name-host-name-hostname

Set the host name for a container.

set-container-name-name-allow-host-pid

The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host.

The command translates to “–pid host” when the container is created.

set-container-name-name-allow-host-networks

Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP.

The command translates to “–net host” when the container is created.

Note

allow-host-networks cannot be used with network

set-container-name-name-network-networkname

Attaches user-defined network to a container. Only one network must be specified and must already exist.

set-container-name-name-network-networkname-address-address

Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix.

Note

The first IP in the container network is reserved by the engine and cannot be used

set-container-name-name-name-server-address

Optionally set a custom name server. If a container network is used with DNS enabled, this setting will not have any effect.

set-container-name-name-description-text

Set a container description

set-container-name-name-environment-key-value-value

Add custom environment variables. Multiple environment variables are allowed. The following commands translate to “-e key=value” when the container is created.

set container name mysql-server environment MYSQL_DATABASE value 'zabbix'
set container name mysql-server environment MYSQL_USER value 'zabbix'
set container name mysql-server environment MYSQL_PASSWORD value 'zabbix_pwd'
set container name mysql-server environment MYSQL_ROOT_PASSWORD value 'root_pwd'

set-container-name-name-port-portname-source-portnumber
set-container-name-name-port-portname-destination-portnumber
set-container-name-name-port-portname-protocol-tcp-udp

Publish a port for the container.

set container name zabbix-web-nginx-mysql port http source 80
set container name zabbix-web-nginx-mysql port http destination 8080
set container name zabbix-web-nginx-mysql port http protocol tcp

set-container-name-name-volume-volumename-source-path
set-container-name-name-volume-volumename-destination-path

Mount a volume into the container

set container name coredns volume 'corefile' source /config/coredns/Corefile
set container name coredns volume 'corefile' destination /etc/Corefile

set-container-name-name-volume-volumename-mode-ro-rw

Volume is either mounted as rw (read-write - default) or ro (read-only)

set-container-name-name-tmpfs-tmpfsname-destination-path

Mount a tmpfs (ramdisk) filesystem to the given path within the container.

set-container-name-name-tmpfs-tmpfsname-size-mb

Size in MB for tmpfs filesystem, maximum size is 64GB or 50% of the systems total available memory.

set-container-name-name-uid-number
set-container-name-name-gid-number

Set the User ID or Group ID of the container

set-container-name-name-restart-no-on-failure-always

Set the restart behavior of the container.

• no: Do not restart containers on exit

• on-failure: Restart containers when they exit with a non-zero

exit code, retrying indefinitely (default)

• always: Restart containers when they exit, regardless of status,

retrying indefinitely

set-container-name-name-cpu-quota-num

This specifies the number of CPU resources the container can use.

Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places.

The command translates to “–cpus=<num>” when the container is created.

set-container-name-name-memory-mb

Constrain the memory available to the container.

Default is 512 MB. Use 0 MB for unlimited memory.

set-container-name-name-device-devicename-source-path
set-container-name-name-device-devicename-destination-path

Add a host device to the container.

set-container-name-name-capability-text

Set container capabilities or permissions.

• net-admin: Network operations (interface, firewall, routing tables)

• net-bind-service: Bind a socket to privileged ports

(port numbers less than 1024)

• net-raw: Permission to create raw network sockets

• setpcap: Capability sets (from bounded or inherited set)

• sys-admin: Administration operations (quotactl, mount, sethostname,

setdomainame)

• sys-time: Permission to set system clock

set-container-name-name-sysctl-parameter-parameter-value-value

Set container sysctl values.

The subset of possible parameters are:

• Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem,

kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced

• Parameters beginning with fs.mqueue.*

• Parameters beginning with net.* (only if user-defined network is used)

set-container-name-name-label-label-value-value

Add metadata label for this container.

set-container-name-name-disable

Disable a container.

set-container-network-name

Creates a named container network

set-container-network-name-description

A brief description what this network is all about.

set-container-network-name-prefix-ipv4-ipv6

Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel.

set-container-network-name-mtu-number

Configure MTU for a given network. It is the size (in bytes) of the largest ethernet frame sent on this link.

set-container-network-name-no-name-server

Disable Domain Name System (DNS) plugin for this network.

set-container-network-name-vrf-nme

Bind container network to a given VRF instance.

set-container-registry-name

Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry.

set-container-registry-name-disable

Disable a given container registry

set-container-registry-name-authentication-username
set-container-registry-name-authentication-password

Some container registries require credentials to be used.

Credentials can be defined here and will only be used when adding a container image to the system.

#opcmd-add-container-image-containername Pull a new image for container [[index|#opcmd-show-container Show the list of all active containers. [[index|#opcmd-show-container-image Show the local container images. [[index|#opcmd-show-container-log-containername Show logs from a given container [[index|#opcmd-show-container-network Show a list available container networks [[index|#opcmd-restart-container-containername Restart a given container [[index|#opcmd-update-container-image-containername Update container image [[index|#opcmd-delete-container-image-image-id-all Delete a particular container image based on it’s image ID. You can also delete all container images at once. ===== Example Configuration ===== For the sake of demonstration, [[documentation:current:manual:installation:containers|example #1 in the official documentation to the declarative VyOS CLI syntax.

set container network zabbix prefix 172.20.0.0/16
set container network zabbix description 'Network for Zabbix component containers'

set container name mysql-server image mysql:8.0
set container name mysql-server network zabbix

set container name mysql-server environment 'MYSQL_DATABASE' value 'zabbix'
set container name mysql-server environment 'MYSQL_USER' value 'zabbix'
set container name mysql-server environment 'MYSQL_PASSWORD' value 'zabbix_pwd'
set container name mysql-server environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd'

set container name zabbix-java-gateway image zabbix/zabbix-java-gateway:alpine-5.2-latest
set container name zabbix-java-gateway network zabbix

set container name zabbix-server-mysql image zabbix/zabbix-server-mysql:alpine-5.2-latest
set container name zabbix-server-mysql network zabbix

set container name zabbix-server-mysql environment 'DB_SERVER_HOST' value 'mysql-server'
set container name zabbix-server-mysql environment 'MYSQL_DATABASE' value 'zabbix'
set container name zabbix-server-mysql environment 'MYSQL_USER' value 'zabbix'
set container name zabbix-server-mysql environment 'MYSQL_PASSWORD' value 'zabbix_pwd'
set container name zabbix-server-mysql environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd'
set container name zabbix-server-mysql environment 'ZBX_JAVAGATEWAY' value 'zabbix-java-gateway'

set container name zabbix-server-mysql port zabbix source 10051
set container name zabbix-server-mysql port zabbix destination 10051

set container name zabbix-web-nginx-mysql image zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest
set container name zabbix-web-nginx-mysql network zabbix

set container name zabbix-web-nginx-mysql environment 'MYSQL_DATABASE' value 'zabbix'
set container name zabbix-web-nginx-mysql environment 'ZBX_SERVER_HOST' value 'zabbix-server-mysql'
set container name zabbix-web-nginx-mysql environment 'DB_SERVER_HOST' value 'mysql-server'
set container name zabbix-web-nginx-mysql environment 'MYSQL_USER' value 'zabbix'
set container name zabbix-web-nginx-mysql environment 'MYSQL_PASSWORD' value 'zabbix_pwd'
set container name zabbix-web-nginx-mysql environment 'MYSQL_ROOT_PASSWORD' value 'root_pwd'

set container name zabbix-web-nginx-mysql port http source 80
set container name zabbix-web-nginx-mysql port http destination 8080