This project automates the deployment of an Ansible Controller featuring a web-based interface through SemaphoreUI.
This project provides a development environment for deploying an Ansible Controller with SemaphoreUI. In this production-like setup, Semaphore, PostgreSQL and Nginx, run directly on the host system. This setup can host Clusterlust - the project to create a Kubernetes cluster with Kubespray.
This will download a pre-built image for the virtual machine with all software installed.
-
You will need a Hypervisor to create a virtual machine. You can do that on your machine with Vagrant (discussed below), and one of:
- VirtualBox, available for Windows/macOS/Linux
- Hyper-V a Windows-only feature.
- Vagrant available for Windows/macOS/Linux, download and install.
-
Create a sub-directory named
controller
on your machine. -
Copy the
Vagrantfile.template
from this repository toVagrantfile
in this directory.
- If on Windows start an Administrator Powershell and change directory to the directory controller.
- In on Mac start a terminal and change directory to the directory controller.
- Run
vagrant up
and take not of the IP address that is logged. - Browse with https to the IP address. (NOTE: The certificate is self-signed at first.)
vagrant up
in the source directory builds the Virtual machine with ansible playbooks.
VMWare Workstation or VMWare Fusion
When you have a virtual machine with AlmaLinux 8, then you can just install the software.
Note: The inventory/local
configuration is suitable for direct deployment on systems like Red Hat, AlmaLinux, Rocky Linux (8), or Ubuntu Jammy. In this setup, Vagrant and VirtualBox are not required.
-
Clone the repository:
git clone https://github.com/playingfield/controller.git cd controller
-
Install Ansible in a Python virtualenv:
source ansible.sh ./prepare.sh
-
Define the variables in inventory/{{ name }}/group_vars: For instance, when you use the
local
inventory on an Ubuntu 22.04 machine, change this fileinventory/local/group_vars/database.yml
from 15 to 14:postgres_version: 14
-
Define these secrets as environment variables Store them in a safe place afterwards:
export DB_PASS=your_database_password export SSH_PASS=KeyWillBeGeneratedWithAPassphrase
-
Run the playbook: Execute the Ansible playbook to provision to the default 'local' inventory:
./provision.yml --list-tags
playbook: provision.yml
play #1 (database): Database Server TAGS: [database,postgres] TASK TAGS: [database, postgres]
play #2 (semaphore): Semaphore in Systemd TAGS: [semaphore] TASK TAGS: [semaphore]
play #3 (semaphore): Tools TAGS: [tools] TASK TAGS: [tools]
play #4 (semaphore): Configure Semaphore TAGS: [] TASK TAGS: [api]
play #5 (web): Reverse Proxy TAGS: [] TASK TAGS: [nginx]
## Configuration
- **SSL Certificates**: By default, self-signed certificates are used. For production environments, it is recommended to implement certificates from a trusted certificate authority.
- **Database**: Ensure that the `DB_PASS` environment variable is set with a strong password before running the playbook. To disable installation of Postgres and use your own intance set `postgres_enabled: false`
Semaphore needs to connect to the database, you can use a non-default IP address based on an interface like:
```yaml
semaphore_db_host: "{{ ansible_enp0s8.ipv4.address }}"
- Software Environments: This project contains three inventories, but can be run with inventories define in external repositories modeled after the examples.
This is the important part of the 'local' configuration:
controller:
ansible_connection: local
ansible_host: localhost
database:
postgres:
enabled: true
name: postgres
owner: postgres
password: '{{ lookup(''env'', ''DB_PASS'') }}'
username: postgres
semaphore:
enabled: true
name: semaphore
owner: semaphore
password: '{{ lookup(''env'', ''DB_PASS'') }}'
username: semaphore
docker_install_compose: true
docker_install_compose_plugin: true
nginx_add_repo: false
postgres_enabled: true
postgres_listen_addresses: 127.0.0.1
postgres_version: 15
semaphore_web_root: https://20.224.75.82
server_name: '{{ lookup(''env'', ''HOSTNAME'') }}'
ssh_passphrase: '{{ lookup(''env'', ''SSH_PASS'') }}'
terraform_ver: 1.8.2
use_docker: true
use_opentofu: false
use_powershell: true
use_terraform: true
After successful installation, SemaphoreUI is accessible via your web browser at the address configured. You can find the credentials to login with:
sudo grep ADMIN /home/semaphore/.env
To remove Semaphore run:
./provision.yml --tags semaphore -e desired_state=absent
To reinstall Semaphore run with the default desired_state
, i.e. present:
./provision.yml --tags semaphore
Contributions are welcome! Feel free to submit pull requests or open issues for suggestions and improvements.
This project is licensed under the MIT License. See the LICENSE file for more information.