routeros-qemu-chr
MikroTik RouterOS CHR (Cloud Hosted Router) with QEMU. Use when: running RouterOS in QEMU, booting CHR images, debugging CHR boot failures, setting up VirtIO devices for RouterOS, choosing between SeaBIOS and UEFI boot, configuring QEMU port forwarding for RouterOS REST API, or selecting QEMU acceleration (KVM/HVF/TCG).
Best use case
routeros-qemu-chr is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
MikroTik RouterOS CHR (Cloud Hosted Router) with QEMU. Use when: running RouterOS in QEMU, booting CHR images, debugging CHR boot failures, setting up VirtIO devices for RouterOS, choosing between SeaBIOS and UEFI boot, configuring QEMU port forwarding for RouterOS REST API, or selecting QEMU acceleration (KVM/HVF/TCG).
Teams using routeros-qemu-chr should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/routeros-qemu-chr/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How routeros-qemu-chr Compares
| Feature / Agent | routeros-qemu-chr | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
MikroTik RouterOS CHR (Cloud Hosted Router) with QEMU. Use when: running RouterOS in QEMU, booting CHR images, debugging CHR boot failures, setting up VirtIO devices for RouterOS, choosing between SeaBIOS and UEFI boot, configuring QEMU port forwarding for RouterOS REST API, or selecting QEMU acceleration (KVM/HVF/TCG).
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# RouterOS CHR with QEMU
## What Is CHR
Cloud Hosted Router (CHR) is MikroTik's x86_64 and aarch64 RouterOS image designed for virtual machines. Free license allows unlimited use with 1 Mbps speed limit — sufficient for development, testing, API work, and packet sniffer debugging. A free 60-day trial removes the speed limit entirely (requires a free mikrotik.com account). See [CHR licensing reference](./references/chr-licensing.md) for full details on license tiers, trial activation, and expiry behavior.
## Image Variants
| Image | Architecture | Boot method | Source |
|---|---|---|---|
| `chr-<ver>.img` | x86_64 | SeaBIOS (MBR chain-load) | download.mikrotik.com |
| `chr-<ver>-arm64.img` | aarch64 | UEFI (EDK2 pflash) | download.mikrotik.com |
| `chr-efi.img` (fat-chr) | x86_64 | UEFI (OVMF) | tikoci/fat-chr GitHub |
**Standard x86 image has a proprietary boot partition** — it looks like an EFI System Partition in GPT but is NOT FAT. UEFI firmware (OVMF) cannot read it. Only SeaBIOS can boot it via MBR chain-load.
The `fat-chr` repackaged image converts this to standard FAT16 with `EFI/BOOT/BOOTX64.EFI`, enabling UEFI boot. Required for Apple Virtualization.framework on X86 macOS, optional everywhere else.
**Disk layout** (128 MiB, both architectures): Hybrid GPT+MBR, partition 1 = boot (~33 MiB), partition 2 = ext4 root (~94 MiB).
## Downloading CHR Images
```typescript
// Resolve current version
const channel = "stable"; // or: long-term, testing, development
const version = await fetch(
`https://upgrade.mikrotik.com/routeros/NEWESTa7.${channel}`
).then(r => r.text()).then(s => s.trim());
// Download x86_64 image
const url = `https://download.mikrotik.com/routeros/${version}/chr-${version}.img.zip`;
// Download aarch64 image
const armUrl = `https://download.mikrotik.com/routeros/${version}/chr-${version}-arm64.img.zip`;
```
Images are distributed as `.img.zip` — unzip to get the raw `.img` disk file.
## Pattern Choices: QEMU Invocation
There are several valid approaches to launching CHR under QEMU. Each has tradeoffs:
### Pattern A: Inline arguments (simplest, good for scripts)
Everything on the command line. Easy for an LLM to construct and debug — all state is visible in one place.
```sh
qemu-system-x86_64 -M q35 -m 256 -smp 1 \
-drive file=chr.img,format=raw,if=virtio \
-netdev user,id=net0,hostfwd=tcp::9180-:80 \
-device virtio-net-pci,netdev=net0 \
-display none -serial stdio
```
**Pros:** Single command, easy to read, easy to modify.
**Cons:** Long command lines, hard to version-control, no persistence.
### Pattern B: Wrapper script (good for reuse)
A shell script that detects acceleration, handles firmware paths, manages PID files.
```sh
#!/bin/sh
# detect acceleration
if [ "$(uname -s)" = "Linux" ] && [ -w /dev/kvm ]; then
ACCEL="-accel kvm"
elif [ "$(uname -s)" = "Darwin" ] && [ "$(sysctl -n kern.hv_support 2>/dev/null)" = "1" ]; then
ACCEL="-accel hvf"
else
ACCEL="-accel tcg"
fi
qemu-system-x86_64 -M q35 -m 256 -smp 1 \
$ACCEL \
-drive file=chr.img,format=raw,if=virtio \
-netdev user,id=net0,hostfwd=tcp::${PORT:-9180}-:80 \
-device virtio-net-pci,netdev=net0 \
-display none -serial stdio
```
**Pros:** Portable, handles platform differences, parameterizable.
**Cons:** Shell scripting limitations, harder to compose from TypeScript.
### Pattern C: Programmatic launch from Bun/TypeScript (good for integration tests)
Launch QEMU as a child process with full control:
```typescript
import { $ } from "bun";
const port = 9180;
const accel = await detectAccel();
const proc = Bun.spawn([
"qemu-system-x86_64", "-M", "q35", "-m", "256",
"-accel", accel,
"-drive", `file=chr.img,format=raw,if=virtio`,
"-netdev", `user,id=net0,hostfwd=tcp::${port}-:80`,
"-device", "virtio-net-pci,netdev=net0",
"-display", "none",
"-chardev", `socket,id=serial0,path=/tmp/chr-serial.sock,server=on,wait=off`,
"-serial", "chardev:serial0",
"-monitor", `unix:/tmp/chr-monitor.sock,server,nowait`,
], { stdio: ["ignore", "pipe", "pipe"] });
// Wait for boot
await waitForBoot(`http://127.0.0.1:${port}/`);
```
**Pros:** Full lifecycle control, parallel instance management, TypeScript-native.
**Cons:** More code, QEMU args still need to be correct.
### Pattern D: Config file (`--readconfig`) (declarative, used by mikropkl)
QEMU's `--readconfig` loads an INI-format file for device/machine config. The mikropkl project uses this for its declarative VM packaging.
**Tradeoffs:** Separates concerns (config vs launch), but the INI format is obscure and not all QEMU options can be expressed in it (pflash, `-accel`, `-netdev user,hostfwd` all require command-line args). Best suited for projects that generate configs programmatically.
## Boot Tracks
### x86_64 with SeaBIOS (default, fastest)
No firmware setup needed — QEMU's built-in SeaBIOS handles MikroTik's proprietary boot sector:
```sh
qemu-system-x86_64 -M q35 -m 256 \
-drive file=chr-7.22.img,format=raw,if=virtio \
-netdev user,id=net0,hostfwd=tcp::9180-:80 \
-device virtio-net-pci,netdev=net0 \
-display none -serial stdio
```
Boot time: ~5s (KVM), ~30s (TCG).
### aarch64 with UEFI (EDK2)
Requires UEFI pflash firmware files. **Both pflash units must be identical size** (typically 64 MiB):
```sh
# Copy vars file (writable) — never modify the original
cp /path/to/edk2-arm-vars.fd /tmp/my-vars.fd
qemu-system-aarch64 -M virt -cpu cortex-a710 -m 256 \
-drive if=pflash,format=raw,readonly=on,unit=0,file=/path/to/edk2-aarch64-code.fd \
-drive if=pflash,format=raw,unit=1,file=/tmp/my-vars.fd \
-drive file=chr-arm64.img,format=raw,if=none,id=drive0 \
-device virtio-blk-pci,drive=drive0 \
-netdev user,id=net0,hostfwd=tcp::9180-:80 \
-device virtio-net-pci,netdev=net0 \
-display none -serial stdio
```
Boot time: ~10s (KVM), ~20s (TCG native), ~20s (TCG cross-arch on x86 host).
### UEFI Firmware Locations
| Platform | Code ROM | Vars File |
|---|---|---|
| macOS Homebrew (Apple Silicon) | `/opt/homebrew/share/qemu/edk2-aarch64-code.fd` | `edk2-arm-vars.fd` |
| macOS Homebrew (Intel) | `/usr/local/share/qemu/edk2-aarch64-code.fd` | `edk2-arm-vars.fd` |
| Ubuntu/Debian | `/usr/share/AAVMF/AAVMF_CODE.fd` | `AAVMF_VARS.fd` |
| x86 OVMF (Homebrew) | `edk2-x86_64-code.fd` | `edk2-i386-vars.fd` |
| x86 OVMF (Linux) | `/usr/share/OVMF/OVMF_CODE.fd` | `OVMF_VARS.fd` |
## VirtIO — Critical Details
See the [VirtIO driver matrix](./references/virtio-drivers.md) for the full table.
**The one rule:** RouterOS has `virtio_pci` but NOT `virtio_mmio`. This matters on aarch64.
### The `if=virtio` Trap (aarch64)
```
x86_64 (q35) aarch64 (virt)
if=virtio shorthand → virtio-blk-pci (PCI) ✅ virtio-blk-device (MMIO) ❌
-device virtio-blk-pci → virtio-blk-pci (PCI) ✅ virtio-blk-pci (PCI) ✅
```
On x86_64 `q35`, `if=virtio` resolves to PCI — works fine. On aarch64 `virt`, it resolves to MMIO — **RouterOS kernel stalls silently**. Always use explicit `-device virtio-blk-pci` on aarch64:
```sh
# WRONG on aarch64 — silent boot failure
-drive file=chr.img,format=raw,if=virtio
# CORRECT on aarch64 — explicit PCI device
-drive file=chr.img,format=raw,if=none,id=drive0
-device virtio-blk-pci,drive=drive0
```
On x86_64, both work. The explicit form is always safe on both architectures.
### Network — Universal
All architectures: `virtio-net-pci`. No exceptions:
```sh
-netdev user,id=net0,hostfwd=tcp::9180-:80
-device virtio-net-pci,netdev=net0
```
## Acceleration Detection
```typescript
import { $ } from "bun";
async function detectAccel(guestArch: string): Promise<string> {
const hostOs = process.platform; // "darwin" | "linux"
const hostArch = process.arch; // "x64" | "arm64"
if (hostOs === "linux") {
// KVM requires host/guest architecture match
const kvm = await Bun.file("/dev/kvm").exists();
const archMatch = (guestArch === "x86_64" && hostArch === "x64")
|| (guestArch === "aarch64" && hostArch === "arm64");
if (kvm && archMatch) return "kvm";
}
if (hostOs === "darwin") {
// HVF may not be available (e.g., GitHub Actions VMs)
const hvOk = await $`sysctl -n kern.hv_support`.text().then(s => s.trim() === "1").catch(() => false);
const archMatch = (guestArch === "aarch64" && hostArch === "arm64")
|| (guestArch === "x86_64" && hostArch === "x64");
if (hvOk && archMatch) return "hvf";
}
return "tcg"; // Software emulation — always available
}
```
**Key rule:** KVM and HVF both require host/guest architecture match. Cross-arch always falls back to TCG. Don't check just for `/dev/kvm` — verify the architecture matches too.
### HVF + CPU Model Gotcha (macOS)
With `-accel hvf`, QEMU exposes the host CPU directly. Specifying a CPU model like `cortex-a710` (ARMv9, requires SVE2) on Apple Silicon (ARMv8.5) crashes QEMU before the VM starts. Use `-cpu host` with HVF:
```sh
# TCG/KVM — specify exact model
CPU_FLAGS="-cpu cortex-a710"
# HVF — passthrough host CPU
if [ "$ACCEL" = "hvf" ]; then
CPU_FLAGS="-cpu host"
fi
```
## Health Check and Boot Wait
RouterOS WebFig responds with HTTP 200 on port 80 without authentication — ideal for health checks:
```typescript
async function waitForBoot(url: string, timeoutMs = 60_000): Promise<boolean> {
const deadline = Date.now() + timeoutMs;
while (Date.now() < deadline) {
try {
const r = await fetch(url, { signal: AbortSignal.timeout(2000) });
if (r.ok) return true;
} catch { /* not ready yet */ }
await Bun.sleep(2000);
}
return false;
}
// Usage
const booted = await waitForBoot("http://127.0.0.1:9180/");
if (booted) {
// RouterOS is ready — can now call REST API
const info = await fetch("http://127.0.0.1:9180/rest/system/resource", {
headers: { Authorization: `Basic ${btoa("admin:")}` },
}).then(r => r.json());
}
```
## Port Forwarding
QEMU user-mode networking (`-netdev user,hostfwd=...`) for typical RouterOS services:
| Service | Guest Port | Example Host Port | hostfwd |
|---|---|---|---|
| WebFig/REST API | 80 | 9180 | `tcp::9180-:80` |
| SSH (RouterOS CLI) | 22 | 9122 | `tcp::9122-:22` |
| API protocol | 8728 | 9728 | `tcp::9728-:8728` |
| API-SSL | 8729 | 9729 | `tcp::9729-:8729` |
| WinBox | 8291 | 9291 | `tcp::9291-:8291` |
Multiple forwards in one netdev:
```sh
-netdev user,id=net0,hostfwd=tcp::9180-:80,hostfwd=tcp::9122-:22,hostfwd=tcp::9728-:8728
```
Use unique host ports per instance when running multiple CHRs (9180, 9181, 9182...).
## Known Limitations
- **QGA (Guest Agent) requires KVM** — RouterOS CHR's QGA daemon only starts when it
detects a KVM hypervisor via CPUID. Under HVF (macOS) or TCG (software emulation),
CPUID 0x40000000 returns no KVM vendor string and 0x40000001 returns no KVM features,
so the daemon never starts. QEMU correctly provides the virtio-serial port and sends
PORT_OPEN (event 6) — the guest simply never opens it (`query-chardev` shows
`frontend-open=false`). This is NOT a QEMU bug. MikroTik documents QGA exclusively
under the "KVM" section. QGA testing requires Linux + KVM (e.g., mikropkl lab).
- **`check-installation` fails on aarch64** in all QEMU environments — this is an unresolvable firmware/DTB issue (see [known issues](./references/known-issues.md))
- **Direct `-kernel` boot does not work** for either architecture — RouterOS needs its full firmware boot path
- **Cross-arch TCG: x86_64 on aarch64 host is not viable** — x86 I/O port emulation is too slow (~300s+ timeouts). The reverse (aarch64 on x86_64) works fine (~20s)
- **No `virtio_mmio` driver** — always use explicit `-device virtio-blk-pci`, never rely on `if=virtio` on aarch64
## Additional Resources
- [VirtIO driver matrix](./references/virtio-drivers.md) — full driver support table
- [Known issues](./references/known-issues.md) — boot failures, cross-arch limitations
- [GitHub Actions CI patterns](./references/github-actions-ci.md) — running CHR on GitHub-hosted runners
- [CHR licensing](./references/chr-licensing.md) — free tier (1 Mbps), 60-day trial, paid tiers, expiry behavior
- For RouterOS CLI/REST once booted: see the `routeros-fundamentals` skill
- For packet capture and TZSP streaming from CHR: see the `routeros-sniffer` skill
- For /app YAML container format (requires CHR with container package): see the `routeros-app-yaml` skillRelated Skills
routeros-netinstall
MikroTik netinstall-cli for automated RouterOS device flashing. Use when: automating netinstall, writing scripts that invoke netinstall-cli, building netinstall tooling, understanding etherboot/BOOTP/TFTP protocols, working with RouterOS package files (.npk), using modescript or configure script, or when the user mentions netinstall, etherboot, or device flashing.
routeros-fundamentals
RouterOS v7 domain knowledge for AI agents. Use when: working with MikroTik RouterOS, writing RouterOS CLI/script commands, calling RouterOS REST API, debugging why a Linux command fails on RouterOS, or when the user mentions MikroTik, RouterOS, CHR, or /ip /system /interface paths. Scope: RouterOS 7.x (long-term and newer) only — v6 is NOT covered and accuracy for v6 problems will be low.
routeros-container
RouterOS /container subsystem for running OCI containers on MikroTik devices. Use when: enabling containers on RouterOS, setting up VETH/bridge networking for containers, managing container lifecycle via CLI or REST API, building OCI images for RouterOS, configuring container environment variables, troubleshooting container issues, or when the user mentions RouterOS container, /container, VETH, device-mode container, or MikroTik Docker.
routeros-command-tree
RouterOS command tree introspection via /console/inspect API. Use when: building tools that parse RouterOS commands, generating API schemas from RouterOS, working with /console/inspect, mapping CLI commands to REST verbs, traversing the RouterOS command hierarchy, or when the user mentions inspect, command tree, RAML, or OpenAPI generation for RouterOS.
routeros-app-yaml
RouterOS /app YAML format for container applications (7.21+ builtin app, 7.22+ custom YAML creation). Use when: writing or validating RouterOS /app YAML files, working with MikroTik container apps, building docker-compose-like definitions for RouterOS, creating /app store schemas, debugging /app validation errors, or when the user mentions /app, tikapp, or RouterOS container YAML.
azure-quotas
Check/manage Azure quotas and usage across providers. For deployment planning, capacity validation, region selection. WHEN: "check quotas", "service limits", "current usage", "request quota increase", "quota exceeded", "validate capacity", "regional availability", "provisioning limits", "vCPU limit", "how many vCPUs available in my subscription".
raindrop-io
Manage Raindrop.io bookmarks with AI assistance. Save and organize bookmarks, search your collection, manage reading lists, and organize research materials. Use when working with bookmarks, web research, reading lists, or when user mentions Raindrop.io.
zlibrary-to-notebooklm
自动从 Z-Library 下载书籍并上传到 Google NotebookLM。支持 PDF/EPUB 格式,自动转换,一键创建知识库。
discover-skills
当你发现当前可用的技能都不够合适(或用户明确要求你寻找技能)时使用。本技能会基于任务目标和约束,给出一份精简的候选技能清单,帮助你选出最适配当前任务的技能。
web-performance-seo
Fix PageSpeed Insights/Lighthouse accessibility "!" errors caused by contrast audit failures (CSS filters, OKLCH/OKLAB, low opacity, gradient text, image backgrounds). Use for accessibility-driven SEO/performance debugging and remediation.
project-to-obsidian
将代码项目转换为 Obsidian 知识库。当用户提到 obsidian、项目文档、知识库、分析项目、转换项目 时激活。 【激活后必须执行】: 1. 先完整阅读本 SKILL.md 文件 2. 理解 AI 写入规则(默认到 00_Inbox/AI/、追加式、统一 Schema) 3. 执行 STEP 0: 使用 AskUserQuestion 询问用户确认 4. 用户确认后才开始 STEP 1 项目扫描 5. 严格按 STEP 0 → 1 → 2 → 3 → 4 顺序执行 【禁止行为】: - 禁止不读 SKILL.md 就开始分析项目 - 禁止跳过 STEP 0 用户确认 - 禁止直接在 30_Resources 创建(先到 00_Inbox/AI/) - 禁止自作主张决定输出位置
obsidian-helper
Obsidian 智能笔记助手。当用户提到 obsidian、日记、笔记、知识库、capture、review 时激活。 【激活后必须执行】: 1. 先完整阅读本 SKILL.md 文件 2. 理解 AI 写入三条硬规矩(00_Inbox/AI/、追加式、白名单字段) 3. 按 STEP 0 → STEP 1 → ... 顺序执行 4. 不要跳过任何步骤,不要自作主张 【禁止行为】: - 禁止不读 SKILL.md 就开始工作 - 禁止跳过用户确认步骤 - 禁止在非 00_Inbox/AI/ 位置创建新笔记(除非用户明确指定)