An ansible role to install and configure Ansible Semaphore
This role contains a shell script to bootstrap ansible and semaphore. It handles the setup and installation of all required dependencies.
- wget: Required to download
bootstrap.sh
. - thedumbtechguy.configure-ansible: Required to setup ansible. Installed if not available.
- thedumbtechguy.logrotate: Required to setup logrotate. Installed if not available.
- thedumbtechguy.mariadb: Required to setup mariadb. Installed if not available.
This role has been tested on
Ubuntu 16.04
andUbuntu 16.10
only.
If this is a new server, you will want to set the hostname first (hostname server.domain.tld
).
Copy and run the following command
sudo apt-get install -y wget &&
mkdir /tmp/bootstrap &&
cd /tmp/bootstrap &&
wget https://raw.githubusercontent.com/thedumbtechguy/ansible-semaphore-bootstrap/master/bootstrap.sh &&
sudo sh bootstrap.sh init
You can then customize the configuration in vars.json
and run sudo sh bootstrap.sh execute
.
-
semaphore_version
: version to install.- Default:
2.3.0
- Options:
2.2.0
2.3.0
- Default:
-
semaphore_port
: port to listen on.- Default:
3000
- Default:
-
semaphore_db_name
: the name of the database to create for semaphore.- Default:
semaphore
- Default:
-
semaphore_db_auth_user
: the name of the application's database user.- Default:
semaphore
- Default:
-
semaphore_db_auth_password
: the password of the application's database user.- Required
-
semaphore_db_auth_privileges
: the privileges to grant the application's database user.- Default:
*.*:ALL
- Default:
-
semaphore_config_auth_name
: the name of the default semaphore application user.- Default:
Admin
- Default:
-
semaphore_config_auth_email
: the email of the default semaphore application user.- Default:
root
- Default:
-
semaphore_config_auth_username
: the user of the default semaphore application user.- Default:
admin
- Default:
-
semaphore_config_auth_password
: the password of the default semaphore application user.- Required
-
semaphore_config_data_dir
: where to store semaphore config and playbook files.- Default:
/var/lib/semaphore
- Default:
-
semaphore_config_log_path
: where to store log files.- Default:
/var/log/semaphore
- Default:
-
semaphore_config_email_alerts_enable
: enable email alertss.- Default:
no
- Default:
-
semaphore_config_email_alerts_server
: smtp server.- Default:
localhost
- Default:
-
semaphore_config_email_alerts_port
: smtp port.- Default:
25
- Default:
-
semaphore_config_email_alerts_sender
: email sender address.- Default:
semaphore@localhost
- Default:
-
semaphore_config_web_root
: the web root which you would use to access the application. used in generating urls in alerts.- Default:
http://{{ ansible_fqdn }}:{{ semaphore_port }}/
- Default:
-
semaphore_config_telegram_alerts_enable
: enable telegram alerts.- Default:
no
- Default:
-
semaphore_config_telegram_alerts_bot_token
: get from @BotFather.- Default:
''
- Default:
-
semaphore_config_telegram_alerts_chat_id
: your telegram chat id.- Default:
''
- Default:
-
semaphore_config_ldap_enable
: enable ldap authentication.- Default:
no
- Default:
-
semaphore_config_ldap_server
: ldap server.- Default:
localhost
- Default:
-
semaphore_config_ldap_port
: ldap port.- Default:
389
- Default:
-
semaphore_config_ldap_use_tls
: use tls when connecting to the ldap server.- Default:
no
- Default:
-
semaphore_config_ldap_bind_dn
: bind dn.- Default:
cn=user,ou=users,dc=example.tld
- Default:
-
semaphore_config_ldap_bind_password
: .- Default:
pa55w0rd
- Default:
-
semaphore_config_ldap_search_dn
: search dn.- Default:
ou=users,dc=example.tld
- Default:
-
semaphore_config_ldap_search_filter
: search filter.- Default:
(uid=%s)
- Default:
-
semaphore_config_ldap_mapping_dn_field
: mapping to dn field.- Default:
dn
- Default:
-
semaphore_config_ldap_mapping_username_field
: mapping to username field.- Default:
uid
- Default:
-
semaphore_config_ldap_mapping_fullname_field
: mapping to fullname field.- Default:
cn
- Default:
-
semaphore_config_ldap_mapping_email_field
: mapping to email field.- Default:
mail
- Default:
-
semaphore_service_user_name
: account that will run applicatio service. don't run under root.- Default:
semaphore
NOTE: if user does not exist, a service account will be created.
- Default:
-
semaphore_service_user_password
: password of account that will run the password service.- Required
NOTE: not providing this will allow grant passwordless sudo to the account.
password is needed to run local playbooks from semaphore via
become_password
.Password should be an encrypted value compatible with the ansible user module.
You can create one using:
python -c 'import crypt; print crypt.crypt("This is the password", "$1$ThisIsSomeSalt$")'
These variables are relevant only to the bootstrapping process and can be modified in the generated vars.json
file.
-
semaphore_db_admin_home
: directory to store .my.cnf for mariadb.- Default:
/root
- Default:
-
semaphore_db_admin_user
: database admin username.- Default:
admin
- Default:
-
semaphore_db_admin_password
: database admin password.- Required
-
semaphore_ansible_cfg_vault_password
: vault password.- Default:
''
- Default:
-
semaphore_ansible_cfg_vault_password_file
: location of vault password file.- Default:
/var/lib/semaphore/.vpf
- Default:
-
semaphore_ansible_cfg_host_key_checking
: enable host key checking.- Default:
False
- Options:
True
False
- Default:
-
semaphore_ansible_cfg_ansible_managed
: ansible managed string for managed files. used by some roles.- Default:
DO NOT MODIFY by hand. This file is under control of Ansible on {host}.
- Default:
- hosts: all
vars:
semaphore_config_auth_email: 'username@company.tld'
semaphore_config_auth_password: '4dm1nPa55w0rd'
semaphore_service_user_password: '$1$ThisIsSo$RwIOJHdSWIzAJjbvBdbOZ0'
semaphore_ansible_cfg_vault_password: 'pa55w0rd'
roles:
- thedumbtechguy.semaphore
MIT / BSD
This role was created by TheDumbTechGuy ( twitter | blog | galaxy )