Portainer Setup

Last Edit: 2024.11.27

Debian / Ubuntu

OpenSUSE MicroOS

Overview

Install Portainer to manage containers.

Assumptions

Install Portainer

Setup the Portainer container with Podman.

Connect

Assuming Podman is running rootless, start a MachineCTL shell as the Podman user.

sudo machinectl shell --uid=podmanu

Create Volume

Create a storage volume for the Portainer container. This volumes will be stored on disk at $HOME/.local/share/containers/storage/volumes, in rootless configurations.

podman volume create portainer_data

Start Portainer

Download the latest version of Portainer.

podman pull docker.io/portainer/portainer-ce:latest

Start the Portainer container. For rootful configurations, replace the socket definition with /run/podman/podman.sock:/run/podman/podman.sock.

podman run -d -p 9443:9443 --name portainer --security-opt label=disable -v /run/user/$(id -u)/podman/podman.sock:/var/run/docker.sock -v portainer_data:/data docker.io/portainer/portainer-ce:latest

Generate Systemd Unit

Generate a Systemd unit file with Podman to control Portainer as a service. Verify the Portainer container is running without issue before generation. Store the unit file in the rootless user’s Systemd directory, $HOME/.config/systemd/user/portainer.service.

podman generate systemd --name portainer --new > /opt/podmanu/.config/systemd/user/portainer.service

Reload the systemctl configuration. For rootful configurations, use sudo and ditch --user.

systemctl --user daemon-reload

Control the Portainer service with systemctl. For rootful configurations, use sudo and ditch --user.

systemctl enable --user portainer

Apply

Exit the MachineCTL shell of the rootless user.

exit

Reboot to verify all changes are applied. The enabled Portainer systemctl service should start on boot.

sudo reboot

Firewall

Open port 9443 for the Portainer admin interface.

# Firewalld
sudo firewall-cmd --add-port=9443/tcp --permanent
# Ufw
sudo ufw allow proto tcp from any to any port 9443

Review the Portainer documentation on ports. Open the necessary ports for features the system is inteded to use.

  • TCP port 9443 (or 30779 for Kubernetes with NodePort) for the UI and API.
  • TCP port 8000 (or 30776 for Kubernetes with NodePort) for the TCP tunnel server for Edge Agents. This port is optional and only required if using Edge Compute features with Edge Agents.
  • TCP port 9001 (or 30778 for Kubernetes with NodePort) must be accessible on the Agent from the Portainer Server instance.

Portainer Dashboard

With the Portainer container running on Podman, and the dashboard port open, connect to Portainer in a browser. Replace 0.0.0.0 with the IP address of the Portainer system. If a custom port was configured, also replace 9443.

When prompted, enter a generated password for the admin Portainer user. Select Create user and the dashboard will redirect to the Quick Setup page.

https://0.0.0.0:9443/

Portainer login page.

On the Quick Setup page will, the local socket should automatically appear after a few seconds. Should it not appear, verify the socket definition in the Portainer command is correct.

The local Podman system will now be available to Live Connect via Portainer; ready to connect and deploy containers.

Portainer environment home page.

References

1 2 3

  1. Podman. “Podman Documentation.” 2024. ↩︎

  2. Podman. “Basic Setup and Use of Podman in a Rootless environment.” 2024. ↩︎

  3. Portainer. “Portainer Documentation.” 2024. ↩︎