Skip to content
MikroTik RB5009UG+S+IN

Agilicus Connector Install: MikroTik RouterOS


The MikroTik RB5009UG+S+IN is a small-form factor router. it is a good vantage point to run the Agilicus Connector. NOTE: this is an ARM-based device, not X86.

Other MikroTik devices may work as well, MikroTik has a broad family of devices. In order to be appropriate for the Agilicus Connector, they need to support:

  1. container package
  2. ARM or x86 processor
  3. 100MiB or more of storage space
  4. 256MiB or more of memory

The below instructions were tested on the CHR version of MikroTik (v7.8) and are believed to work on RB5009UG+S+IN with v7.8, specifically:

                   uptime: 16h23m57s
                  version: 7.8 (stable)
               build-time: Feb/24/2023 09:03:00
         factory-software: 7.1
              free-memory: 3830.4MiB
             total-memory: 3904.0MiB
                      cpu: AMD
                cpu-count: 2
            cpu-frequency: 2903MHz
                 cpu-load: 0%
           free-hdd-space: 915.7MiB
          total-hdd-space: 980.0MiB
  write-sect-since-reboot: 301984
         write-sect-total: 301984
        architecture-name: x86_64
               board-name: CHR
                 platform: MikroTik

The below instructions were performed using the MikroTik CLI. They may also be performed via the Web GUI or the WinBox.

Detailed Installation Steps

Note: the first steps assume you have not enabled container-package and networking on the RouterOS device. If you have, skip ahead to the Setup config-volume step.

Step 1: Enable Container

For more information, see MikroTik Container Instructions.

/system/device-mode/update container=yes

After this is complete, confirm it is enabled:

       mode: enterprise
  container: yes

If you are using the Web or WinBox configuration, you will see a package installed as below:

Confirm the container command exists:

/container/print count-only

Step 2: Setup container networking

Now we will enable a virtual Ethernet bridge (veth1) and assign it to the container use. If you wish, you may use direct interfaces without NAT by assigning a second IP, or, by assigning physical ports. Later when the Agilicus connector is installed, it will need to be able to resolve DNS and perform outbound connectivity to

/interface/veth/add name=veth1 address= gateway=
/interface/bridge/add name=dockers
/ip/address/add address= interface=dockers
/interface/bridge/port add bridge=dockers interface=veth1
/ip/firewall/nat/add chain=srcnat action=masquerade src-address=

Step 3: Confirm sufficient storage space

Note: Use the internal eMMC if it exists. You will need approximately 100MiB.

           free-hdd-space: 962.0MiB
          total-hdd-space: 980.0MiB

Step 4: Setup config-volume

We make a volume to hold the configuration we will create below.
The ‘smb shares add/remove’ is a method of directory-creation on RouterOS.

/container/mounts/add name=etc_agilicus src=/img/etc dst=/etc/agilicus/agent
/container/envs/add name=env_agilicus key=TZ value="UTC"
/ip smb shares add name=agilicus-etc directory=/img/etc disabled=yes
/ip smb shares remove [find name=agilicus-etc]
/ip smb shares add name=root directory=/img/client disabled=yes
/ip smb shares remove [find name=root]

Step 5: Setup image registry

Note: the image is multi-arch (AMD64, ARM64). If your MikroTik is not one of these, it will not function. If your MikroTik does not support multi-arch containers, you may substitute one of these two tag names:

/container/config/set registry-url= tmpdir=/img/pull
/container/add remote-image=pub/images/agilicus-agent/client:stable interface=veth1 root-dir=/img/client mounts=etc_agilicus envlist=env_agilicus start-on-boot=yes logging=yes comment=agilicus-connector

Now lets confirm:

/container/print detail
 0 ;;; agilicus-connector
   name="fe4a1d62-95b4-479f-95b0-a6aede732c43" tag="pub/images/agilicus-agent/client:stable" os="linux" arch="amd64" interface=veth1 envlist="env_agilicus"
   root-dir=/img/client mounts=etc_agilicus dns="" start-on-boot=yes status=stopped

Step 6: Create the config file (on your desktop PC)

Create a connect as usual in the Resources/Connectors/New screen:

We will select the ‘Manual’ install and copy the command line. We will make some modifications to it before running.

Now, create a new empty ‘etc’ directory and cd into it.

mkdir etc
cd etc

Paste the manual install command from above and edit it before hitting enter. The sample line will look like:

agilicus-agent[suffix] client --install/--kubernetes-install --oidc-issuer --org-id XXXXX --agent-id XXXXX

Modify it to be something like below and then run it. There is no need to be admin/root, this will not install any software, merely create the configuration files. We are just changing the beginning of the command line to be “agilicus-agent client –local-install”, leave the –oidc-issuer onwards unchanged.

Note: you will need a local copy of the software on your desktop to create the config file. It does not need to be installed. If you do not have this, you can download the Linux Binary, or the Windows Binary.

agilicus-agent client --local-install --oidc-issuer https://auth.YOURISSUER --org-id XXXX --agent-id XXX

A browser will open to create the Service Account and credentials. The output will look like:

INFO[2023-03-17T20:14:28-04:00] Starting client - version v0.172.3

 You have **2** methods to provide your authentication. Use the most convenient.
 1. You may see a browser open. If you sign in to it, this flow will complete
    automatically, and ignore the url below/paste.
 2. You will see a URL appear here. Cut and paste that into a browser you are
    signed-into. It will then give you a code to paste here.

 Typically #1 is used if you are signed into this machine directly, and #2 for
 ssh or remote desktop or embedded devices.

If a browser did not open automatically, please open this link in
your desktop browser to retrieve the authentication code, and paste below:


Enter verification code: INFO[2023-03-17T20:14:35-04:00] Will install into directory /pub/samples/routeros/etc
INFO[2023-03-17T20:14:35-04:00] Download public key file
INFO[2023-03-17T20:14:35-04:00] Fetch agent configuration
INFO[2023-03-17T20:14:35-04:00] Write agent configuration file in temp directory
INFO[2023-03-17T20:14:37-04:00] Create connector instance
INFO[2023-03-17T20:14:37-04:00] creating connector instance
INFO[2023-03-17T20:14:38-04:00] Join a connector cluster
INFO[2023-03-17T20:14:38-04:00] Local installation successful
INFO[2023-03-17T20:14:38-04:00] Run ./agilicus-agent client --cfg-file ./agent.conf.enc.yaml

At this stage, there should be 4 files in this directory:

agent.conf.enc.yaml  public_key.json  pubring.gpg  secring.gpg

Step 7: Copy the files to the router-os volume from step 4:

scp * admin@

Step 8: Start the Agilicus Connector container

/container/start 0

Step 9: Complete, Checks

At this stage we are complete. We can perform some diagnostic checks:

 0 ;;; agilicus-connector
   name="fe4a1d62-95b4-479f-95b0-a6aede732c43" tag="pub/images/agilicus-agent/client:stable" os="linux" arch="amd64" interface=veth1 envlist="env_agilicus"
   root-dir=/img/client mounts=etc_agilicus dns="" start-on-boot=yes status=running

You can see the logging and output with the ‘/log/print’ command.

NOTE: there is a maximum of 4 instances of a given Connector allowed.
In the admin web interface, if you see multiple and did not intend, you may need to remove some if you have been iterating on debugging.

Return to Product Configuration