#!/bin/bash # # Portainer Installation Script # Usage: bash install_portainer.sh # set -euo pipefail echo "=== Portainer Configuration ===" read -r -s -p "Enter desired Portainer admin password (min 12 chars): " PORTAINER_PASSWORD echo "" read -r -p "Enter your Portainer EE license key: " PORTAINER_LICENSE echo "" log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"; } log "Starting Portainer deployment..." # Verify Docker is installed if ! command -v docker &> /dev/null; then log "ERROR: Docker is not installed or not in the PATH." log "Please install Docker first." exit 1 fi # Verify Docker permissions (must be root or in the docker group) if [ "$(id -u)" -ne 0 ] && ! groups | grep -q "\bdocker\b"; then log "ERROR: Your user is not in the 'docker' group and you are not root." log "Please run 'sudo usermod -aG docker \$USER', log out and back in, or run this script with sudo." exit 1 fi log "Creating secure admin password file..." # Portainer requires a minimum 12-character password if [ ${#PORTAINER_PASSWORD} -lt 12 ]; then log "WARNING: Password is less than 12 characters. Portainer may reject it." fi mkdir -p /opt/portainer echo -n "$PORTAINER_PASSWORD" > /opt/portainer/admin_password chmod 600 /opt/portainer/admin_password # Ensure password file is removed when the script exits trap 'rm -f /opt/portainer/admin_password' EXIT log "Creating Portainer data volume (if it doesn't already exist)..." docker volume create portainer_data log "Deploying Portainer container..." docker run -d -p 8000:8000 -p 9443:9443 --name portainer \ --restart=always \ -v /var/run/docker.sock:/var/run/docker.sock \ -v portainer_data:/data \ -v /opt/portainer/admin_password:/tmp/admin_password \ portainer/portainer-ee:latest \ --admin-password-file '/tmp/admin_password' if [ -n "$PORTAINER_LICENSE" ] && [ -n "$PORTAINER_PASSWORD" ]; then log "Waiting for Portainer to start up to apply license key via API..." for i in {1..15}; do if curl -ks -o /dev/null https://localhost:9443/; then break fi sleep 2 done sleep 2 # Extra padding for API initialization log "Authenticating with Portainer API..." JWT=$(curl -ks -X POST https://localhost:9443/api/auth \ -H "Content-Type: application/json" \ -d "{\"Username\":\"admin\",\"Password\":\"$PORTAINER_PASSWORD\"}" | grep -o '"jwt":"[^"]*"' | cut -d'"' -f4) if [ -n "$JWT" ]; then log "Applying license key..." LICENSE_STATUS=$(curl -ks -w "%{http_code}" -o /dev/null -X POST https://localhost:9443/api/licenses \ -H "Authorization: Bearer $JWT" \ -H "Content-Type: application/json" \ -d "{\"licenseKey\":\"$PORTAINER_LICENSE\"}") if [ "$LICENSE_STATUS" = "200" ]; then log "License key applied successfully!" else log "WARNING: Failed to apply license key (HTTP $LICENSE_STATUS). You may need to enter it manually." fi else log "WARNING: Failed to authenticate with Portainer API. Please apply the license manually." fi fi log "=== Portainer Installation Complete ===" log "You can now access the Portainer web interface at:" log "https://:9443"