Manage Ansible Playboks With a GUI; Semaphore
In the video below, we show how to install and configure Semaphore which allows you to manage your Ansible playbooks using a GUI
Ansible is an extremely useful automation tool for managing computers and network devices
And although my years as a Cisco engineer have got me used to using a command line, sometimes you find a graphical interface can help you do things better
And for Ansible, that’s where something like Semaphore comes in
You can use it to schedule playbooks, to receive status notifications, it can handle your secrets and so on, which for me makes playbook management so much easier
Useful links:
https://docs.semui.co/administration-guide/installation#package-manager
https://docs.semui.co/administration-guide/configuration
https://github.com/ansible-semaphore/semaphore/releases
https://hub.docker.com/_/mysql/
https://code.visualstudio.com/docs/?dv=linux64_deb
Overview:
Now there are several ways that you can install Semaphore, and in this video we’ll be installing it as a Debian package, although the process should work on Ubuntu as well for instance
I would have preferred to have run this as a container on my Docker server, but for some strange reason the web server you get doesn’t support TLS
The suggestion of using a reverse proxy doesn’t help unless it’s on the same computer as the one running Semaphore
Because if it’s not, you’ll still be left with unencrypted traffic in transit, and that would be flagged in a security audit
Now I don’t want the extra admin work of managing NGINX for instance just to address a security weakness in Semaphore
So for that reason we’ll install everything on a single computer, so people will need to login to the computer to use Semaphore
Install Dependencies:
Semaphore requires Python and Git to be installed on your computer, so we’ll install those first
sudo apt update
sudo apt install python3 git -yPython3 should already be installed on Debian 12 for instance, but this may not be the same for other distros
Even if you don’t plan on using Git yourself, it still needs installing for Semaphore to be used
And it’s worth pointing out that if you don’t have Git installed, the installation of Semaphore will fail
Install Ansible:
Now I want to make sure that the latest version of Ansible is installed
Although you can install Ansible from the Debian repository there are two problems I’ve noticed with the version you get at the time of recording
One is that it’s no longer receiving security updates
Another is that the apt-key module is deprecated and its replacement is not available in this version
So as I already have Ansible installed, the first thing I’m going to do is to uninstall it, plus any other software that was added
sudo apt remove ansible -y
sudo apt autoremove -yNow I’ll double check that Ansible has been fully removed
ansible --versionWe’ll install pipx as Debian suggests using this for 3rd party Python packages
sudo apt install pipx -y
pipx ensurepathAs suggested, we’ll exit out and start a new terminal session
Then we’ll install the latest version of Ansible using pipx
pipx install --include-deps ansibleThis can take quite a while mind
Now we’ll check what version of Ansible has been installed
ansible --versionAt the time of recording, the latest version is 2.16.2
Install MySQL:
Semaphore requires access to a database and if you look at the configuration documentation, the default choice is MySQL so we’ll install that
We can’t install it from a Debian repository, so we’ll download a configuration file from Oracle
To do that you’ll need to point your web browser to the following URL https://dev.mysql.com/downloads/repo/apt/
This will show you the latest version available
Click on the Download button and opt to start the download if you don’t have an account or don’t want one
If prompted, we want this saved in the Downloads folder
Once the file is available, return to the CLI and switch to the folder the file was downloaded to, for example
cd DownloadsNow we’ll install this
sudo dpkg -i mysql-apt-config_0.8.29-1_all.debYou’ll probably want the default options, so use the cursor keys to highlight the OK option, tab to the OK button and then hit return
TIP: Selecting any other line and hitting OK takes you to that configuration page and ultimately brings you back to this one
Now we need to update the package repository cache and then we can install the MySQL server and client
sudo apt update
sudo apt install mysql-server mysql-client -yEnter a password you want to assign for the root account for MySQL, then tab to the OK button and hit return
Re-enter the password for confirmation, then tab to the OK button and hit return
Unless you have a need for legacy authentication, then tab to the OK button and hit return to set Strong Password Encryption
Bear in mind, the installation can take a while, especially towards the end
Once the installation is complete we’ll run another command to improve security for MySQL
sudo mysql_secure_installationEnter the root password that was created for MySQL and then follow the prompts
It makes sense to validate passwords so press y then hit return
We should opt for strong passwords, so press 2 then hit return
You’ll be told the estimated strength of the root password you created, so if you want to change this to something else press y, otherwise press n then hit return
If you do change the root password you’ll be told its strength and given the option to keep this or change it again if you want
Anonymous logins aren’t recommended for an installation like this, so press y then hit return
Remote logins using the root account aren’t recommended either, so press y then hit return
We have no need for a test database, so press y then hit return
Finally press y and hit return to apply the changes
Before we proceed, check that MySQL is working
sudo systemctl status mysqlCreate Semaphore Database:
We need to create a database for Semaphore to use but it’s also best if it has its own user account as using the root account isn’t recommended
First connect to MySQL as root, entering the password when prompted
mysql -u root -pAt the mysql prompt, create a database for Semaphore, for example
CREATE DATABASE semaphore;Create a user account for Semaphore to use
CREATE USER 'semaphore'@'localhost' IDENTIFIED BY 'MyPassword!1234';I would suggest picking a less obvious user account though and a password which is much more secure than this
NOTE: We’re using localhost as the domain which makes sense as we’re running this all on the same computer, but if we were doing this on a dedicated database server for instance, it would make more sense to use the proper domain name
Now we’ll allow the the new user account access to the database
GRANT ALL PRIVILEGES ON semaphore.* TO 'semaphore'@'localhost';And then we’ll exit from MySQL
EXIT;Check the user can login, entering the password when prompted
mysql -u semaphore -pAnd check to make sure the database has been created
SHOW DATABASES;Assuming the database is seen, exit from MySQL
EXIT;Now we should be able to install Semaphore and give it access to the database
TIP: You don’t have to use capitals but it’s common to separate commands from variables like this to make it easier to understand
TIP: This MySQL installation uses the /var/lib/mysql folder so you’ll want to keep this backed up
Install Semaphore:
To install Semaphore we need to download a Debian package as detailed in the instructions
https://docs.semui.co/administration-guide/installation#package-manager
But as I’ll point out towards the end of the video, it’s best to check for the latest version on on the Releases page
https://github.com/ansible-semaphore/semaphore/releases
Since the latest version at the tiime of recording is v2.9.37, we’ll download that
cd ~/Downloads/
wget https://github.com/ansible-semaphore/semaphore/releases/download/v2.9.37/semaphore_2.9.37_linux_amd64.debThen we’ll install Semaphore
sudo dpkg -i semaphore_2.9.37_linux_amd64.debCreate Service Account:
One of the main appeals of Semaphore is being able to schedule tasks
We want to run Semaphore as a service and it isn’t good to use the root account for this
So we’ll create a user account for Semaphore and set its home folder to be /opt/semaphore
sudo useradd -m -d /opt/semaphore -s /bin/bash semaphore
sudo passwd semaphoreAs before, it would be better to give this a less obvious name than this and you can also chose to use a different folder
NOTE: I’ve specified the shell to use because I’ve noticed Debian 12 isn’t doing that and it leads to confusion if you login as that user
By default, the other group has access to this folder, which isn’t good when there will be a config file in there for instance which contains sensitive information
So we’ll restrict access to this folder
sudo chmod 770 /opt/semaphoreWhile we’re here we’ll also set up a user group as later we’ll need to allow Semaphore access to Ansible files
sudo groupadd ansiblegroupAs ever it’s probably better to use names that are less obvious, but when it comes to videos I want to try and keep things as simple as possible
Now we’ll add some users to the group, which in this case includes myself and the semaphore user
sudo gpasswd -M david,semaphore ansiblegroup NOTE: The -M option allows you to add multiple users at the same time but it resets the user list. So if you want to add more users using this method at a later date you have to declare ALL of the users and not just the extra ones you want to add
Configure Semaphore:
Semaphore has a configuration file and you can download an example from the website and edit it afterwards but you can also generate one as part of a setup process
So we’ll switch to the Sempahore user account and its home folder
sudo su semaphore
cdBecause the home directory was set to be /opt/semaphore this should be the folder you’re now in, but you can check to be sure using this command
pwdWe’ll then run a setup wizard using the following command
semaphore setupAs we’ve installed MySQL we’ll accept the default database choice and hit return
And as MySQL was installed on the local computer we’ll accept the path choice and hit return
As we created a user account for semaphore in MySQL we’ll enter that followed by the password when prompted, so in this example semaphore and MyPassword!1234
Bear in mind, the password will be visible when you type it in
The default database name matches the one we created so we’ll hit return, but if you’ve used a different name you’ll need to enter that and hit return
As we’ve setup a folder for Semaphore to use, we’ll change the Playbook path to /opt/semaphore then hit return
It’s actually where cloned repositories and generated files are stored
We aren’t running multiple websites on a server so just hit return when prompted for the Web root URL
If you want to receive email alerts, you’ll need to enable that option then enter the SMTP server details along with the username
You’ll then get similar options for Telegram and Slack
By default, Semaphore will use local authentication but if you have an LDAP server you can enable that authentication and enter the relevant details for that
Assuming you switched to the /opt/semaphore folder in the CLI, this should be the Config output directory, if not you’ll want to change it
Assuming the details are fine, the configuration file will be created and the database will be setup
Bear in mind, this can take a while
Once this has completed you’ll be prompted to create an Admin account for Semaphore
You’ll be asked for a username, an email address and then a password
Although I’m creating one called admin in this video, I would suggest using something less obvious
Once the setup wizard completes it will show details on how you can run Semaphore
NOTE: The output needs correcting as the semaphore command is not in the present working directory. However, we’ll be running this as a service anyway
Now although this config file has everything we need to get Semaphore up and running, it will need to be edited manually for other settings
To do that I suggest checking out the documentation which explains what the parameters are for
https://docs.semui.co/administration-guide/configuration
Install Ansible for Semaphore:
To run playbooks, Semaphore needs access to Ansible
Earlier on we installed Ansible but because we used pipx, the Semaphore user account doesn’t have access to it, so we need to install it again for the Semaphore user
pipx ensurepathAs suggested, we’ll exit out as this user then switch to the account again
exit
sudo su semaphore
cdThen we’ll install Ansible
pipx install --include-deps ansibleThe reason we’ve installed this twice is because users will be creating Ansible playbooks while logged in with their account, whilst Semaphore will be used to run them
What pipx does is to isolate packages into their own virtual environments
This is in contrast to installing the official Debian package which would have made the application available to all users, but it’s out of date
Default Ansible Settings:
Ansible can be given default settings to save having to re-enter them each time a command is run for instance
Semaphore works with projects though which results in storing different Ansible files in different folders
Now while we could create an ansible.cfg file in each folder for Ansible to find, you can also create one in the home folder
However, this one needs to be a hidden file
nano .ansible.cfg[defaults]
interpreter_python=auto_silent
host_key_checking=FalseNow save and exit
There are other settings that can go here, but I find these are enough to avoid errors that I’d otherwise run into when running tasks
The other settings I would normally put in here, for example the inventory file path, the vault password, the private key and username will be defined within Semaphore anyway
However, if there are other default settings you want to use, you can add those to this file
Bear in mind, if you create an ansible.cfg file in a project folder, that will take precedence over this one and Ansible will only use one file
Configure Semaphore Service:
We don’t want to have to manually start Semaphore whenever we want to use it or leave a session running in a terminal all the time, so it makes sense to run this as a service
To make things easier, there is an example for a service file on the website but I’ve made alterations
First we need to exit out as the Semaphore user and then create the service file
exit
sudo nano /etc/systemd/system/semaphore.service[Unit]
Description=Ansible Semaphore
Documentation=https://docs.semui.co/
Wants=network-online.target
After=network-online.target
ConditionPathExists=/usr/bin/semaphore
ConditionPathExists=/opt/semaphore/config.json
Requires=mysql.service
[Service]
User=semaphore
Group=semaphore
Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/semaphore/.local/bin"
Restart=always
RestartSec=10s
ExecStart=/usr/bin/semaphore service --config=/opt/semaphore/config.json
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=journal
StandardError=journal
SyslogIdentifier=semaphore
[Install]
WantedBy=multi-user.targetNow save and exit
Depending on your setup you may need to make some changes to this file
For example, I’ve suggested using an account name different to semaphore but this is referenced in the following lines
ConditionPathExists=/opt/semaphore/config.json
User=semaphore
Group=semaphore
Environment=“PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/semaphore/.local/bin”
ExecStart=/usr/bin/semaphore service –config=/opt/semaphore/config.json
In which case you’ll need to change these if you use a different account name and/or opted for a different working folder
NOTE: The binary file mentioned in these lines should remain /usr/bin/semaphore regardless as this relates to the command
ConditionPathExists=/usr/bin/semaphore
ExecStart=/usr/bin/semaphore service –config=/opt/semaphore/config.json
Now we need to update the deamon, enable the service to always start, then start it
sudo systemctl daemon-reload
sudo systemctl enable semaphore
sudo systemctl start semaphoreWe can then check the service status with the following command
sudo systemctl status semaphoreAccessing Semaphore:
To access Semaphore you need to point your web browser to the following URL
http://localhost:3000
NOTE: For some strange reason, the documentation tells you to use https://localhost:3000 for this method of installation, even though the web server doesn’t support TLS. This URL won’t work, the only option is to use an unencrypted HTTP session
To login you’ll need to enter the Admin credentials that were created when the setup process was run
Because Semaphore arranges things into projects, the first time you login you’ll be prompted to create a new one
At a minimum you will need to provide a project name then you can click Create
Once that’s done you can now start to use Semaphore
TIP: In the bottom left hand pane you can switch betwen Light and Dark Mode as well as change the language to one of those supported
Projects:
Semaphore supports projects which is very useful for companies for instance, but individuals can use them as well
Companies typically create projects when new applications are added or removed for instance, for new site builds, IT upgrades and so on
You could also use projects to separate your teams; infrastructure, applications and so the list goes on
But at a minimum there has to be one project, hence why you need to create one when you first login
If you want to create a new project, click on the drop down menu in the top left corner, select New project… then provide at least the name then click Create
This will also immediately switch you to the new project
While companies typically retain information indefinitely, to delete a project make sure you’re on the Dashboard for that project, select Settings in the overhead menu bar, click Delete Project then click Yes to confirm
Key Store:
In order for Ansible to manage other computers, it needs to be able to login to them
This can usually require a username and password or a username and key when using SSH key authentication
Semaphore provides a key store which makes managing credentials easier
But, as you setup a project, you’ll find you can’t type in credentials, instead you have to reference an entry in the key store, so you’ll want to create your keys in advance
To create a new key, select Key Store from the left hand pane then click New Key
Aside from providing a name for the key, you’ll need to select a type
Options are
SSH Key, for logging in with an SSH key
Login with password, for logging in with a username and password
None, for anonymous logins
TIP: When using SSH keys, you should provide the username and the private key
In my case, Ansible will use SSH key authentication so I have to create an SSH key
The account has sudo rights without having to supply a password, so I don’t need to do anything else
But if your account needs to supply a password to become root, then create another entry but using the Login with password option
I’ll be storing Ansible files on the local computer and I’ll be giving the Semaphore user in Linux access to them
However, Semaphore will be asking for credentials to access them, so I’ll also create an Anonymous login key for that
While you create a key, bear in mind that information like a password or private key will be visible as they are being entered. However, if you edit the key afterwards the details will appear to be missing in order to obsure them
Whatever type of key you will use, click Create when you’re done
If you want to change the details of a key, you will need to click its edit button and select the Override option before making any changes then click Save
If you want to delete a key, you should click its delete button, then click Yes to confirm
TIP: These keys are stored in the MySQL database, specifically in the access_key table. The information will be encrypted using a random key that can be found in the config.json file which in turn was created when we ran the semaphore setup command and for this video that’s found in the /opt/semaphore folder
Repositories:
Sempahore needs access to wherever your Ansible playbooks are being stored
For this you have to create a repository in Semaphore and it could be a Git repository or a folder on the local drive for instance
Now since I’ll be running everything from a single computer I’ll setup an Ansible folder that myself and Semaphore can access
sudo mkdir /opt/ansibleNext we’ll change the ownership and rights for the folder
sudo chown -R david:ansiblegroup /opt/ansible
sudo chmod -R 770 /opt/ansibleTIP: I’ve used the -R option because if a folder already exists, then these changes must be applied recursively to the contents
Now my train of thought is that this will be the top folder and we’ll have a seprate sub-folder for each project, so we need to create one for this project
But although this will be just a folder on the local drive I want to take advantage of Git for this because we’ve installed it
cd /opt/ansible
git init videoThis will give us version control, being able to test changes, commit them if they work, and revert them if a problem crops up
As shown in the output, the initial branch is called master. This can be confusing if you’re used to seeing a main branch instead
In which case I’m going to change this to main
cd video
git branch -m mainTo tell Semaphore about a repository, back in Semaphore, select Repositories in the left hand pane then click New Repository
You’ll then need to provide a Name for this, along with the relevant details and then click Create
There are several options available to connect to a Git repository, but you aren’t restricted to the likes of GitHub or GitLab for instance. You could create your own Git server on your local network and connect to that
Whichever Git option you choose though, you’ll need to enter the Branch, for example main, and reference an Access Key in the key store for Semaphore to access the files
In this case though, we’re using a folder on the local drive
Unfortunately you can’t browse to a folder, instead you have to enter the path, for example /opt/ansible/video in this case
Even for a local folder we need to provide a key to gain access
Since we’re running Semaphore with an account that already has access, we’ll select the Anonymous key
Whichever way you’ll access the repository you need to click Create when done
Inventory:
Ansible requires an inventory file which contains details of the hosts that it will run a playbook against
To create an inventory, select Inventory in the left hand pane then click New Inventory
Aside from a Name you’ll need to provide User Credentials to access those hosts, which involves selecting a key you’ve created in the key store
If a task requires Sudo rights then you might want to select another key from the key store for the password
TIP: This isn’t necessary if the Ansible user account has been given sudo rights without the need for a password
Like Ansible, Semaphore offers different options for entering and maintaining the inventory
The Static type is the more common method, for example
[pvenodes]
192.168.102.10
192.168.102.11
192.168.102.12There is also a YAML type, for example
all:
children:
pvenodes:
hosts:
192.168.102.10:
192.168.102.11:
192.168.102.12:Alternatively, Semaphore provides an option to point to a file
Now, you can’t browse to a file and it has to be somewhere where the Semaphore service account has access to. For example for a file called inventory in the /opt/ansible folder, you would use a path of /opt/ansible/inventory
NOTE: This method doesn’t import the contents of the file, instead Semaphore will keep referencing the file when the inventory is used. I prefer this method as the majority of my Ansible setup will be done outside of Sempahore anyway, with Semaphore being used to just run playbooks at scheduled times
But whichever option is chosen, click Create to finish
One thing to consider is you can create multiple inventories within a project
Semaphore can run Tasks and each one can run a playbook that uses its own inventory for instance
So if you want to setup one task for webservers, another for file servers, etc. you can setup inventories that are a simple list of IPs rather than having one long inventory that is a grouping of different server types for instance
Whichever strategy you choose to use though is up to you
To change an inventory, you can click its edit button, make your changes then click Save
If you want to delete an inventory, you should click its delete button, then click Yes to confirm
Environment:
The environment section is where you can store variables
But even if you don’t intend to supply any variables through Semapahore, you still need to create an environment for the project, but it will be an empty one
To create an enviroment, select Environment in the left hand pane then click New Environment
Provide a name for the environment
Now provide the necessary variables, in JSON format
And then click Save
For an empty enviroment for example, you could call it Empty for instance and provide empty brackets i.e. {} for both the Extra and Environment variables
Once done click Save
If you want to change the details of an enviromment, you can click its edit button, make your changes then click Save
If you want to delete an enviromment, you should click its delete button, then click Yes to confirm
Views:
Tasks, as we’ll cover shortly, is how you configure Semaphore to run playbooks
By default, the Task Templates area shows everything in the form of a list
But Semaphore provides an option to create views which basically lets you group or filter different tasks
By default there are no views so all you see is the All view
To create a view, click the pencil then click Add View
Type in the name for a view and then click the tick box to confirm
Repeat to add more views then close the window
You should then see tabs for these views as well as the original All option
You can then switch between views by clicking on the relevant tab
To delete a view, click the pencil and click the corresponding X for the view you want to remove
TIP: You can re-arrange the ordering of these tabs here by dragging the views in the tabs, otherwise they appear in the order of entry
NOTE: There is no confirmation when deleting a view, even if tasks have been assigned to it
Task Templates:
If you’re familiar with Ansible, you’ll be aware of running playbooks from the command line
In Semaphore you need to create a task to run a playbook
To create a Task, select Task Templates in the left hand pane, then click New Template
TIP: Select the cog menu in the top right corner to filter which columns to show
You need to provide a name for this task, although the description is optional, and in this example I’ll call it Ping
You’ll then need to enter the name of the playbook to run
Unfortunately you can’t browse for the file, even after you provide the repository details, so you’ll either have to type or paste in the name e.g. ping.yml
Select the Inventory that lists the hosts this playbook should be run against
Then select the Repository and Environment options
If you’re using Ansible Vault with this playbook you’ll need to have a key created for this in the key store and then you would select that as the Vault Password in order to unlock the Vault
You can add Survey Variables if you wish, in other words if you want to be prompted for values of variables when the task is run
If you’ve created any views you can select the appropriate one from the list for this task
If you want the task to run at regular times or even just once at a specific time, click in the Cron field and enter the Cron details
TIP: Click the docs URL for examples of setting up Cron but bear in mind the documentation talks about 6 characters but Semaphore only uses 5!! In which case, ignore the first character which represents seconds
If you don’t want an alert everytime a task runs and is successful, enable the option to Suppress success alerts
If you want to add additional CLI arguments for Ansible to use when running the playbook, you can add these in the CLI args field as the example shows. Just remember to enable the option, Allow CLI args in task
When you’re done setting up the task, click Create
If you want to edit a task you can click on its name which takes you to another page with details about that task
Here you would click on the pencil to edit the task
You can also delete the task and even clone it by clicking on the relevant icons
You can run the task manually from here, otherwise back on the main Task Templates page you can run any task by clicking on the RUN action associated with it
Either way you’ll be prompted for additional options and you can then click Run to run this task manually
What’s really useful about Semaphore I think is that every time a task is run, a history is being kept. This is especially useful if your tasks are scheduled as you’ll easily know if a task worked on not
Better still, you can click on each task instance do get the output if you want more details and troubleshoot one that didn’t work
In any case we actually need to create the playbook we’ve referenced so we’ll create a simple one to login to the hosts
nano ping.yml- hosts: all
become: true
tasks:
- name: Ping test
ping:Now save and exit
Users:
Semaphore is aimed at teams of users
It’s not advisable to have everyone logging in as the Administrator, instead users should have their own account
To create a local user account, while logged in as Administrator, click on your user portrait in the lower left corner then click Users
Next click New User then fill in the details
You can provide users with Admin rights to manage Semaphore and you can arrange for them to be sent alerts
Once you’re done, click Save
NOTE: If you want alerts to be sent, someone on a project has to have the Send alerts option enabled
NOTE: If you remove admin rights from an account there is no warning and you can effectively break the system if nobody has admin rights. As a last resort, you could manually update a user account in the database
TIP: If you cannot create the user account and get a 400 error it could be because the email account is already in use
To edit a user account, again click on the user portrait in the lower left corner then click Users
Click the pencil option for that user and click Save
To delete a user, click the recycling bin for that user then click Yes to confirm
Aside from local users, as shown during the setup process you can also take advantage of LDAP
Team Members:
Access to projects is restricted to team members only
And even when you create local user accounts for instance, they aren’t automatically assigned to anything
To manage team members for a project, select Team in the left hand pane
To add a user, click New Team Member and select the user from the drop down menu
You will also need to choose a role for that user
And then click Link to add them
To remove a user from the team, click the recycling bin for that user then click Yes to confirm
You can also change a users’s role on the Team Members page
Alerts:
One area I think needs some attention is alerts because by default you don’t get any
And to me it seems overly complicated to get these to work
Even though we walked through a setup process, if you want email alerts, we have to make some manual changes to the config file
For some reason it doesn’t ask about login credentials and an email server without authentication doesn’t sit right with me, even if it’s for internal use
My email server requires credentials and emails also need to be encrypted, so I need to edit the config file that was created
For example, while logged in as the semaphore user
nano config.json "email_username": "email_user",
"email_password": "email_password",
"email_secure": true,Now save and exit
NOTE: You’ll need to edit the existing lines and not paste them in
When you create a project, by default alerts are disabled. So if you didn’t notice that you’ll need to click on Dashboard in the left hand pane and then click Settings
There you can enable Allow alerts for this project and then click Save
Users also aren’t sent alerts by default
In this case I only have an Admin account, so to remedy this we’ll click on the portrait in the lower left corner, then click Edit Account
Next we’ll enable Send Alerts then click Save
When you set up a task it doesn’t suppress alerts by default, so assuming you haven’t you should then be able to receive email alerts
BUT, there’s a problem…Semaphore only sends email alerts if a task fails
Now, I’m sure like most folks, I’d rather not have to sift through email alerts every morning, but if you only send alerts when there’s a problem it can lead to bigger problems
Lets say for instance you have regular tasks that are being run at scheduled times
A change is made somwhere else, for instance a firewall rule is added, and unknowingly Semaphore can no longer connect to the email server
Unless folks are regularly logging into Semaphore, failed tasks will continue to fail and nobody will be any the wiser
As inconvenient as it may seem, it’s better to have those regular notifications coming through, even if it’s for only one task so we know everything is working
The approach by the developers it seems is to only send emails for critical alerts and to use services like Telegram and Slack for successful alerts
Personally I don’t want to have to keep on top of multiple messaging services as that’s just more work
In which case, maybe a playbook that can send an email as some form of test message each day will have to do
Manually Run Tasks:
To test Semaphore is working, we’ll manually run the task we created eariler
To do that, navigate to Task Templates
One option is to click on RUN in the Actions column for a task
You can fill in extra details, just like you would when running a playbook from the CLI
Then you click RUN to start the task
Once the task is complete you can close the dialogue box
Another way to run the desk is to Click on the name of the task
This gives you a history of the task in terms of when it was run and what the outcomes were, but you also get some useful informtation at the top about the task itself
To the right, you have an option to RERUN a task and in the top right you have another option to run the task by clicking RUN
I’m not seeing a difference between the two as either option spawns a new task ID anyway
If you want to make changes to a task you click on the pencil or edit button in the top right corner
You can copy the task and you can also delete it if you want
The main Task Templates area is a useful way to keep track of when a task last run and if it worked or failed
There’s a useful expansion button for each task as well if you just want to see some additional history without going into the task details themselves
You can also get a history of tasks that have been run in the Dashboard
And it’s this tracking of tasks is what to me makes Sempahore so really useful
Upgrade Semaphore:
Now as it turns out, I’ve been running a much older version of Semaphore than I realised, so this provided an opportunity to test upgrading Semaphore
I only noticed by accident whilst trying to resolve a 400 error that newer versions were available, and that the installation instructions aren’t being kept up to date and that’s what I’m used to seeing
https://docs.semui.co/administration-guide/installation#package-manager
Although to be fair they do mention a releases page which in hindsight I should have checked
https://github.com/ansible-semaphore/semaphore/releases
There is a warning in a version I had to jump over in this video to take a backup of your database. That’s because it will be altered and you won’t be able to revert back to an older version of Semaphore afterwards
But since I use a virtual machine that runs everything, I took a snapshot of it so I can roll things back should things not go to plan
First you should shutdown Semaphore
sudo systemctl stop semaphoreSince I’d installed v2.8.75 and the latest version was v2.9.37, I download that newer version
cd ~/Downloads/
wget https://github.com/ansible-semaphore/semaphore/releases/download/v2.9.37/semaphore_2.9.37_linux_amd64.debThen it’s a matter of installing over the existing version
sudo dpkg -i semaphore_2.9.37_linux_amd64.debNow we can start Sempahore back up
sudo systemctl start semaphoreSince this version mentioned a database change, I opted to leave it for a short while
Logging back into Semaphore, or in my case using Ctrl-F5, there are various changes to be noticed for 2.9.x:
You can choose between Lanaguages
If you have Admin rights, this will show against your portait
Under the project name, you’ll be shown your role in the project
Team members are assigned roles
There’s a hint of billing being added at some point to projects
So, lesson learned hopfeully, pay attention to the releases page
Summary:
So far, Semaphore looks to be a very useful tool to help with Ansible automation
I really don’t understand though why the developer couldn’t have provided a web server that supports TLS
For that reason, I wouldn’t consider this to be a modern UI because even vendors selling devices to retail began providing secure web servers a long long time ago for management access
I can get around the security concerns though, by installing everything onto one computer and accessing Semaphore locally rather than remotely
Bear in mind, I’ve seen reports in the forum about sensitive information being leaked to logs for instance
So not only should access to the computer be heavily restricted, but any exporting of logs for analysis should be vetted
The documentation provided could also do with more attention
There are a lot of hoops to jump through to set up Semaphore this way and they’re either not mentioned or explained well enough
And if you’re just starting out with this, it can be a struggle to know what to do and that’s why documentation is important
In the grand scheme of things though, this is a very useful tool for running Ansible playbooks
Sharing is caring!