Deployment Overview of Portainer on Server¶

Prerequisites and Basic Requirements¶

The server must meet the following operating system and privilege requirements to successfully deploy the application:

Operating System: Debian, Ubuntu, RHEL, or CentOS distributions.
Privileges: Root access or sudo privileges are required to install system packages, configure Docker, and manage services.
Network Access: The server must have internet access to download Docker packages, the Portainer image, and required dependencies.
Ports: Port 9000 must be available and open on the server to access the Portainer web interface.

File and Directory Structure¶

The deployment utilizes the following file paths for configuration and runtime data:

Docker Daemon Configuration: /etc/docker/daemon.json
Docker Socket: /var/run/docker.sock
System Package Manager: APT (Debian/Ubuntu) or YUM/DNF (RHEL/CentOS) handles package installation.

Application Installation Process¶

The installation process involves setting up the Docker engine and deploying the Portainer container. The specific steps vary slightly by distribution but result in the same final state.

Debian and Ubuntu Systems¶

Update and upgrade APT packages.
Install required software packages: ca-certificates, curl, and gnupg.
Install the Docker engine using the managed installation role.
Install Python dependencies: python3-pip, python3-requests, and python3-docker.
Configure the Docker daemon by copying the daemon.json file to /etc/docker/.
Enable and start the Docker service.

RHEL and CentOS Systems¶

Add the GPG key for the Docker repository.
Add the Docker CE repository configuration.
Install Docker packages: docker-ce, docker-ce-cli, containerd.io, docker-buildx-plugin, and docker-compose-plugin.
Install additional utilities: net-tools and bind-utils.
Install Python dependencies: python3-pip and the docker SDK via pip.
Install the requests library (version 2.31.0 for RHEL 9 and 10, or the latest for RHEL 8).
Configure the Docker daemon by copying the daemon.json file to /etc/docker/.
Reload the systemd daemon and enable/start the Docker service.

Docker Containers and Their Deployment¶

The Portainer application is deployed as a Docker container with the following specifications:

Container Name: portainer
Image: portainer/portainer-ce
Restart Policy: always
Port Mapping: Host port 9000 maps to container port 9000.
Volume Mounts: The host Docker socket /var/run/docker.sock is mounted to /var/run/docker.sock inside the container to allow Portainer to manage the host's Docker daemon.
Image Pull: The system is configured to pull the latest image if not present locally.

The deployment ensures the container is in a started state immediately after configuration.

Starting, Stopping, and Updating¶

The Docker service and the Portainer container are managed via systemd and Docker commands.

Start Docker Service:
```
systemctl start docker
```
Enable Docker Service on Boot:
```
systemctl enable docker
```
Check Container Status:
```
docker ps
```
Stop Portainer Container:
```
docker stop portainer
```
Start Portainer Container:
```
docker start portainer
```

Update Portainer Image:

docker pull portainer/portainer-ce
docker stop portainer
docker rm portainer
docker run -d --name portainer --restart=always -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce

Access Rights and Security¶

The deployment configures the following security and access parameters:

Docker Socket Access: The Portainer container mounts the Docker socket, granting it full administrative control over the Docker daemon on the host.
File Permissions: The Docker daemon configuration file at /etc/docker/daemon.json is owned by root with permissions set to 0644.
Service Management: The Docker service is enabled to start automatically on system boot.