Manage Ansible Playboks With a GUI; Semaphore

Jan 19, 2024 · 36 mins read
Manage Ansible Playboks With a GUI; Semaphore

In the video below, we show how to install and configure Semaphore which allows you to manage your Ansible playbooks using a GUI

Ansible is an extremely useful automation tool for managing computers and network devices

And although my years as a Cisco engineer have got me used to using a command line, sometimes you find a graphical interface can help you do things better

And for Ansible, that’s where something like Semaphore comes in

You can use it to schedule playbooks, to receive status notifications, it can handle your secrets and so on, which for me makes playbook management so much easier

Useful links:

Now there are several ways that you can install Semaphore, and in this video we’ll be installing it as a Debian package, although the process should work on Ubuntu as well for instance

I would have preferred to have run this as a container on my Docker server, but for some strange reason the web server you get doesn’t support TLS

The suggestion of using a reverse proxy doesn’t help unless it’s on the same computer as the one running Semaphore

Because if it’s not, you’ll still be left with unencrypted traffic in transit, and that would be flagged in a security audit

Now I don’t want the extra admin work of managing NGINX for instance just to address a security weakness in Semaphore

So for that reason we’ll install everything on a single computer, so people will need to login to the computer to use Semaphore

Install Dependencies:
Semaphore requires Python and Git to be installed on your computer, so we’ll install those first

sudo apt update
sudo apt install python3 git -y

Python3 should already be installed on Debian 12 for instance, but this may not be the same for other distros

Even if you don’t plan on using Git yourself, it still needs installing for Semaphore to be used

And it’s worth pointing out that if you don’t have Git installed, the installation of Semaphore will fail

Install Ansible:
Now I want to make sure that the latest version of Ansible is installed

Although you can install Ansible from the Debian repository there are two problems I’ve noticed with the version you get at the time of recording

One is that it’s no longer receiving security updates

Another is that the apt-key module is deprecated and its replacement is not available in this version

So as I already have Ansible installed, the first thing I’m going to do is to uninstall it, plus any other software that was added

sudo apt remove ansible -y
sudo apt autoremove -y

Now I’ll double check that Ansible has been fully removed

ansible --version

We’ll install pipx as Debian suggests using this for 3rd party Python packages

sudo apt install pipx -y
pipx ensurepath

As suggested, we’ll exit out and start a new terminal session

Then we’ll install the latest version of Ansible using pipx

pipx install --include-deps ansible

This can take quite a while mind

Now we’ll check what version of Ansible has been installed

ansible --version

At the time of recording, the latest version is 2.16.2

Install MySQL:
Semaphore requires access to a database and if you look at the configuration documentation, the default choice is MySQL so we’ll install that

We can’t install it from a Debian repository, so we’ll download a configuration file from Oracle

To do that you’ll need to point your web browser to the following URL

This will show you the latest version available

Click on the Download button and opt to start the download if you don’t have an account or don’t want one

If prompted, we want this saved in the Downloads folder

Once the file is available, return to the CLI and switch to the folder the file was downloaded to, for example

cd Downloads

Now we’ll install this

sudo dpkg -i mysql-apt-config_0.8.29-1_all.deb

You’ll probably want the default options, so use the cursor keys to highlight the OK option, tab to the OK button and then hit return

TIP: Selecting any other line and hitting OK takes you to that configuration page and ultimately brings you back to this one

Now we need to update the package repository cache and then we can install the MySQL server and client

sudo apt update
sudo apt install mysql-server mysql-client -y

Enter a password you want to assign for the root account for MySQL, then tab to the OK button and hit return

Re-enter the password for confirmation, then tab to the OK button and hit return

Unless you have a need for legacy authentication, then tab to the OK button and hit return to set Strong Password Encryption

Bear in mind, the installation can take a while, especially towards the end

Once the installation is complete we’ll run another command to improve security for MySQL

sudo mysql_secure_installation

Enter the root password that was created for MySQL and then follow the prompts

It makes sense to validate passwords so press y then hit return

We should opt for strong passwords, so press 2 then hit return

You’ll be told the estimated strength of the root password you created, so if you want to change this to something else press y, otherwise press n then hit return

If you do change the root password you’ll be told its strength and given the option to keep this or change it again if you want

Anonymous logins aren’t recommended for an installation like this, so press y then hit return

Remote logins using the root account aren’t recommended either, so press y then hit return

We have no need for a test database, so press y then hit return

Finally press y and hit return to apply the changes

Before we proceed, check that MySQL is working

sudo systemctl status mysql

Create Semaphore Database:
We need to create a database for Semaphore to use but it’s also best if it has its own user account as using the root account isn’t recommended

First connect to MySQL as root, entering the password when prompted

mysql -u root -p

At the mysql prompt, create a database for Semaphore, for example


Create a user account for Semaphore to use

CREATE USER 'semaphore'@'localhost' IDENTIFIED BY 'MyPassword!1234';

I would suggest picking a less obvious user account though and a password which is much more secure than this

NOTE: We’re using localhost as the domain which makes sense as we’re running this all on the same computer, but if we were doing this on a dedicated database server for instance, it would make more sense to use the proper domain name

Now we’ll allow the the new user account access to the database

GRANT ALL PRIVILEGES ON semaphore.* TO 'semaphore'@'localhost';

And then we’ll exit from MySQL


Check the user can login, entering the password when prompted

mysql -u semaphore -p

And check to make sure the database has been created


Assuming the database is seen, exit from MySQL


Now we should be able to install Semaphore and give it access to the database

TIP: You don’t have to use capitals but it’s common to separate commands from variables like this to make it easier to understand

TIP: This MySQL installation uses the /var/lib/mysql folder so you’ll want to keep this backed up

Install Semaphore:
To install Semaphore we need to download a Debian package as detailed in the instructions

But as I’ll point out towards the end of the video, it’s best to check for the latest version on on the Releases page

Since the latest version at the tiime of recording is v2.9.37, we’ll download that

cd ~/Downloads/

Then we’ll install Semaphore

sudo dpkg -i semaphore_2.9.37_linux_amd64.deb

Create Service Account:
One of the main appeals of Semaphore is being able to schedule tasks

We want to run Semaphore as a service and it isn’t good to use the root account for this

So we’ll create a user account for Semaphore and set its home folder to be /opt/semaphore

sudo useradd -m -d /opt/semaphore -s /bin/bash semaphore
sudo passwd semaphore

As before, it would be better to give this a less obvious name than this and you can also chose to use a different folder

NOTE: I’ve specified the shell to use because I’ve noticed Debian 12 isn’t doing that and it leads to confusion if you login as that user

By default, the other group has access to this folder, which isn’t good when there will be a config file in there for instance which contains sensitive information

So we’ll restrict access to this folder

sudo chmod 770 /opt/semaphore

While we’re here we’ll also set up a user group as later we’ll need to allow Semaphore access to Ansible files

sudo groupadd ansiblegroup

As ever it’s probably better to use names that are less obvious, but when it comes to videos I want to try and keep things as simple as possible

Now we’ll add some users to the group, which in this case includes myself and the semaphore user

sudo gpasswd -M david,semaphore ansiblegroup 

NOTE: The -M option allows you to add multiple users at the same time but it resets the user list. So if you want to add more users using this method at a later date you have to declare ALL of the users and not just the extra ones you want to add

Configure Semaphore:
Semaphore has a configuration file and you can download an example from the website and edit it afterwards but you can also generate one as part of a setup process

So we’ll switch to the Sempahore user account and its home folder

sudo su semaphore

Because the home directory was set to be /opt/semaphore this should be the folder you’re now in, but you can check to be sure using this command


We’ll then run a setup wizard using the following command

semaphore setup

As we’ve installed MySQL we’ll accept the default database choice and hit return

And as MySQL was installed on the local computer we’ll accept the path choice and hit return

As we created a user account for semaphore in MySQL we’ll enter that followed by the password when prompted, so in this example semaphore and MyPassword!1234

Bear in mind, the password will be visible when you type it in

The default database name matches the one we created so we’ll hit return, but if you’ve used a different name you’ll need to enter that and hit return

As we’ve setup a folder for Semaphore to use, we’ll change the Playbook path to /opt/semaphore then hit return

It’s actually where cloned repositories and generated files are stored

We aren’t running multiple websites on a server so just hit return when prompted for the Web root URL

If you want to receive email alerts, you’ll need to enable that option then enter the SMTP server details along with the username

You’ll then get similar options for Telegram and Slack

By default, Semaphore will use local authentication but if you have an LDAP server you can enable that authentication and enter the relevant details for that

Assuming you switched to the /opt/semaphore folder in the CLI, this should be the Config output directory, if not you’ll want to change it

Assuming the details are fine, the configuration file will be created and the database will be setup

Bear in mind, this can take a while

Once this has completed you’ll be prompted to create an Admin account for Semaphore

You’ll be asked for a username, an email address and then a password

Although I’m creating one called admin in this video, I would suggest using something less obvious

Once the setup wizard completes it will show details on how you can run Semaphore

NOTE: The output needs correcting as the semaphore command is not in the present working directory. However, we’ll be running this as a service anyway

Now although this config file has everything we need to get Semaphore up and running, it will need to be edited manually for other settings

To do that I suggest checking out the documentation which explains what the parameters are for

Install Ansible for Semaphore:
To run playbooks, Semaphore needs access to Ansible

Earlier on we installed Ansible but because we used pipx, the Semaphore user account doesn’t have access to it, so we need to install it again for the Semaphore user

pipx ensurepath

As suggested, we’ll exit out as this user then switch to the account again

sudo su semaphore

Then we’ll install Ansible

pipx install --include-deps ansible

The reason we’ve installed this twice is because users will be creating Ansible playbooks while logged in with their account, whilst Semaphore will be used to run them

What pipx does is to isolate packages into their own virtual environments

This is in contrast to installing the official Debian package which would have made the application available to all users, but it’s out of date

Default Ansible Settings:
Ansible can be given default settings to save having to re-enter them each time a command is run for instance

Semaphore works with projects though which results in storing different Ansible files in different folders

Now while we could create an ansible.cfg file in each folder for Ansible to find, you can also create one in the home folder

However, this one needs to be a hidden file

nano .ansible.cfg

Now save and exit

There are other settings that can go here, but I find these are enough to avoid errors that I’d otherwise run into when running tasks

The other settings I would normally put in here, for example the inventory file path, the vault password, the private key and username will be defined within Semaphore anyway

However, if there are other default settings you want to use, you can add those to this file

Bear in mind, if you create an ansible.cfg file in a project folder, that will take precedence over this one and Ansible will only use one file

Configure Semaphore Service:
We don’t want to have to manually start Semaphore whenever we want to use it or leave a session running in a terminal all the time, so it makes sense to run this as a service

To make things easier, there is an example for a service file on the website but I’ve made alterations

First we need to exit out as the Semaphore user and then create the service file

sudo nano /etc/systemd/system/semaphore.service
Description=Ansible Semaphore

ExecStart=/usr/bin/semaphore service --config=/opt/semaphore/config.json
ExecReload=/bin/kill -HUP $MAINPID


Now save and exit

Depending on your setup you may need to make some changes to this file

For example, I’ve suggested using an account name different to semaphore but this is referenced in the following lines

Group=semaphore Environment=“PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/semaphore/.local/bin” ExecStart=/usr/bin/semaphore service –config=/opt/semaphore/config.json

In which case you’ll need to change these if you use a different account name and/or opted for a different working folder

NOTE: The binary file mentioned in these lines should remain /usr/bin/semaphore regardless as this relates to the command

ExecStart=/usr/bin/semaphore service –config=/opt/semaphore/config.json

Now we need to update the deamon, enable the service to always start, then start it

sudo systemctl daemon-reload
sudo systemctl enable semaphore
sudo systemctl start semaphore

We can then check the service status with the following command

sudo systemctl status semaphore

Accessing Semaphore:
To access Semaphore you need to point your web browser to the following URL http://localhost:3000

NOTE: For some strange reason, the documentation tells you to use https://localhost:3000 for this method of installation, even though the web server doesn’t support TLS. This URL won’t work, the only option is to use an unencrypted HTTP session

To login you’ll need to enter the Admin credentials that were created when the setup process was run

Because Semaphore arranges things into projects, the first time you login you’ll be prompted to create a new one

At a minimum you will need to provide a project name then you can click Create

Once that’s done you can now start to use Semaphore

TIP: In the bottom left hand pane you can switch betwen Light and Dark Mode as well as change the language to one of those supported

Semaphore supports projects which is very useful for companies for instance, but individuals can use them as well

Companies typically create projects when new applications are added or removed for instance, for new site builds, IT upgrades and so on

You could also use projects to separate your teams; infrastructure, applications and so the list goes on

But at a minimum there has to be one project, hence why you need to create one when you first login

If you want to create a new project, click on the drop down menu in the top left corner, select New project… then provide at least the name then click Create

This will also immediately switch you to the new project

While companies typically retain information indefinitely, to delete a project make sure you’re on the Dashboard for that project, select Settings in the overhead menu bar, click Delete Project then click Yes to confirm

Key Store:
In order for Ansible to manage other computers, it needs to be able to login to them

This can usually require a username and password or a username and key when using SSH key authentication

Semaphore provides a key store which makes managing credentials easier

But, as you setup a project, you’ll find you can’t type in credentials, instead you have to reference an entry in the key store, so you’ll want to create your keys in advance

To create a new key, select Key Store from the left hand pane then click New Key

Aside from providing a name for the key, you’ll need to select a type

Options are
SSH Key, for logging in with an SSH key
Login with password, for logging in with a username and password
None, for anonymous logins

TIP: When using SSH keys, you should provide the username and the private key

In my case, Ansible will use SSH key authentication so I have to create an SSH key

The account has sudo rights without having to supply a password, so I don’t need to do anything else

But if your account needs to supply a password to become root, then create another entry but using the Login with password option

I’ll be storing Ansible files on the local computer and I’ll be giving the Semaphore user in Linux access to them

However, Semaphore will be asking for credentials to access them, so I’ll also create an Anonymous login key for that

While you create a key, bear in mind that information like a password or private key will be visible as they are being entered. However, if you edit the key afterwards the details will appear to be missing in order to obsure them

Whatever type of key you will use, click Create when you’re done

If you want to change the details of a key, you will need to click its edit button and select the Override option before making any changes then click Save

If you want to delete a key, you should click its delete button, then click Yes to confirm

TIP: These keys are stored in the MySQL database, specifically in the access_key table. The information will be encrypted using a random key that can be found in the config.json file which in turn was created when we ran the semaphore setup command and for this video that’s found in the /opt/semaphore folder

Sempahore needs access to wherever your Ansible playbooks are being stored

For this you have to create a repository in Semaphore and it could be a Git repository or a folder on the local drive for instance

Now since I’ll be running everything from a single computer I’ll setup an Ansible folder that myself and Semaphore can access

sudo mkdir /opt/ansible

Next we’ll change the ownership and rights for the folder

sudo chown -R david:ansiblegroup /opt/ansible
sudo chmod -R 770 /opt/ansible

TIP: I’ve used the -R option because if a folder already exists, then these changes must be applied recursively to the contents

Now my train of thought is that this will be the top folder and we’ll have a seprate sub-folder for each project, so we need to create one for this project

But although this will be just a folder on the local drive I want to take advantage of Git for this because we’ve installed it

cd /opt/ansible
git init video

This will give us version control, being able to test changes, commit them if they work, and revert them if a problem crops up

As shown in the output, the initial branch is called master. This can be confusing if you’re used to seeing a main branch instead

In which case I’m going to change this to main

cd video
git branch -m main

To tell Semaphore about a repository, back in Semaphore, select Repositories in the left hand pane then click New Repository

You’ll then need to provide a Name for this, along with the relevant details and then click Create

There are several options available to connect to a Git repository, but you aren’t restricted to the likes of GitHub or GitLab for instance. You could create your own Git server on your local network and connect to that

Whichever Git option you choose though, you’ll need to enter the Branch, for example main, and reference an Access Key in the key store for Semaphore to access the files

In this case though, we’re using a folder on the local drive

Unfortunately you can’t browse to a folder, instead you have to enter the path, for example /opt/ansible/video in this case

Even for a local folder we need to provide a key to gain access

Since we’re running Semaphore with an account that already has access, we’ll select the Anonymous key

Whichever way you’ll access the repository you need to click Create when done

Ansible requires an inventory file which contains details of the hosts that it will run a playbook against

To create an inventory, select Inventory in the left hand pane then click New Inventory

Aside from a Name you’ll need to provide User Credentials to access those hosts, which involves selecting a key you’ve created in the key store

If a task requires Sudo rights then you might want to select another key from the key store for the password

TIP: This isn’t necessary if the Ansible user account has been given sudo rights without the need for a password

Like Ansible, Semaphore offers different options for entering and maintaining the inventory

The Static type is the more common method, for example


There is also a YAML type, for example


Alternatively, Semaphore provides an option to point to a file

Now, you can’t browse to a file and it has to be somewhere where the Semaphore service account has access to. For example for a file called inventory in the /opt/ansible folder, you would use a path of /opt/ansible/inventory

NOTE: This method doesn’t import the contents of the file, instead Semaphore will keep referencing the file when the inventory is used. I prefer this method as the majority of my Ansible setup will be done outside of Sempahore anyway, with Semaphore being used to just run playbooks at scheduled times

But whichever option is chosen, click Create to finish

One thing to consider is you can create multiple inventories within a project

Semaphore can run Tasks and each one can run a playbook that uses its own inventory for instance

So if you want to setup one task for webservers, another for file servers, etc. you can setup inventories that are a simple list of IPs rather than having one long inventory that is a grouping of different server types for instance

Whichever strategy you choose to use though is up to you

To change an inventory, you can click its edit button, make your changes then click Save

If you want to delete an inventory, you should click its delete button, then click Yes to confirm

The environment section is where you can store variables

But even if you don’t intend to supply any variables through Semapahore, you still need to create an environment for the project, but it will be an empty one

To create an enviroment, select Environment in the left hand pane then click New Environment

Provide a name for the environment

Now provide the necessary variables, in JSON format

And then click Save

For an empty enviroment for example, you could call it Empty for instance and provide empty brackets i.e. {} for both the Extra and Environment variables

Once done click Save

If you want to change the details of an enviromment, you can click its edit button, make your changes then click Save

If you want to delete an enviromment, you should click its delete button, then click Yes to confirm

Tasks, as we’ll cover shortly, is how you configure Semaphore to run playbooks

By default, the Task Templates area shows everything in the form of a list

But Semaphore provides an option to create views which basically lets you group or filter different tasks

By default there are no views so all you see is the All view

To create a view, click the pencil then click Add View

Type in the name for a view and then click the tick box to confirm

Repeat to add more views then close the window

You should then see tabs for these views as well as the original All option

You can then switch between views by clicking on the relevant tab

To delete a view, click the pencil and click the corresponding X for the view you want to remove

TIP: You can re-arrange the ordering of these tabs here by dragging the views in the tabs, otherwise they appear in the order of entry

NOTE: There is no confirmation when deleting a view, even if tasks have been assigned to it

Task Templates:
If you’re familiar with Ansible, you’ll be aware of running playbooks from the command line

In Semaphore you need to create a task to run a playbook

To create a Task, select Task Templates in the left hand pane, then click New Template

TIP: Select the cog menu in the top right corner to filter which columns to show

You need to provide a name for this task, although the description is optional, and in this example I’ll call it Ping

You’ll then need to enter the name of the playbook to run

Unfortunately you can’t browse for the file, even after you provide the repository details, so you’ll either have to type or paste in the name e.g. ping.yml

Select the Inventory that lists the hosts this playbook should be run against

Then select the Repository and Environment options

If you’re using Ansible Vault with this playbook you’ll need to have a key created for this in the key store and then you would select that as the Vault Password in order to unlock the Vault

You can add Survey Variables if you wish, in other words if you want to be prompted for values of variables when the task is run

If you’ve created any views you can select the appropriate one from the list for this task

If you want the task to run at regular times or even just once at a specific time, click in the Cron field and enter the Cron details

TIP: Click the docs URL for examples of setting up Cron but bear in mind the documentation talks about 6 characters but Semaphore only uses 5!! In which case, ignore the first character which represents seconds

If you don’t want an alert everytime a task runs and is successful, enable the option to Suppress success alerts

If you want to add additional CLI arguments for Ansible to use when running the playbook, you can add these in the CLI args field as the example shows. Just remember to enable the option, Allow CLI args in task

When you’re done setting up the task, click Create

If you want to edit a task you can click on its name which takes you to another page with details about that task

Here you would click on the pencil to edit the task

You can also delete the task and even clone it by clicking on the relevant icons

You can run the task manually from here, otherwise back on the main Task Templates page you can run any task by clicking on the RUN action associated with it

Either way you’ll be prompted for additional options and you can then click Run to run this task manually

What’s really useful about Semaphore I think is that every time a task is run, a history is being kept. This is especially useful if your tasks are scheduled as you’ll easily know if a task worked on not

Better still, you can click on each task instance do get the output if you want more details and troubleshoot one that didn’t work

In any case we actually need to create the playbook we’ve referenced so we’ll create a simple one to login to the hosts

nano ping.yml
- hosts: all
  become: true

  - name: Ping test

Now save and exit

Semaphore is aimed at teams of users

It’s not advisable to have everyone logging in as the Administrator, instead users should have their own account

To create a local user account, while logged in as Administrator, click on your user portrait in the lower left corner then click Users

Next click New User then fill in the details

You can provide users with Admin rights to manage Semaphore and you can arrange for them to be sent alerts

Once you’re done, click Save

NOTE: If you want alerts to be sent, someone on a project has to have the Send alerts option enabled

NOTE: If you remove admin rights from an account there is no warning and you can effectively break the system if nobody has admin rights. As a last resort, you could manually update a user account in the database

TIP: If you cannot create the user account and get a 400 error it could be because the email account is already in use

To edit a user account, again click on the user portrait in the lower left corner then click Users

Click the pencil option for that user and click Save

To delete a user, click the recycling bin for that user then click Yes to confirm

Aside from local users, as shown during the setup process you can also take advantage of LDAP

Team Members:
Access to projects is restricted to team members only

And even when you create local user accounts for instance, they aren’t automatically assigned to anything

To manage team members for a project, select Team in the left hand pane

To add a user, click New Team Member and select the user from the drop down menu

You will also need to choose a role for that user

And then click Link to add them

To remove a user from the team, click the recycling bin for that user then click Yes to confirm

You can also change a users’s role on the Team Members page

One area I think needs some attention is alerts because by default you don’t get any

And to me it seems overly complicated to get these to work

Even though we walked through a setup process, if you want email alerts, we have to make some manual changes to the config file

For some reason it doesn’t ask about login credentials and an email server without authentication doesn’t sit right with me, even if it’s for internal use

My email server requires credentials and emails also need to be encrypted, so I need to edit the config file that was created

For example, while logged in as the semaphore user

nano config.json
        "email_username": "email_user",
        "email_password": "email_password",

        "email_secure": true,

Now save and exit

NOTE: You’ll need to edit the existing lines and not paste them in

When you create a project, by default alerts are disabled. So if you didn’t notice that you’ll need to click on Dashboard in the left hand pane and then click Settings

There you can enable Allow alerts for this project and then click Save

Users also aren’t sent alerts by default

In this case I only have an Admin account, so to remedy this we’ll click on the portrait in the lower left corner, then click Edit Account

Next we’ll enable Send Alerts then click Save

When you set up a task it doesn’t suppress alerts by default, so assuming you haven’t you should then be able to receive email alerts

BUT, there’s a problem…Semaphore only sends email alerts if a task fails

Now, I’m sure like most folks, I’d rather not have to sift through email alerts every morning, but if you only send alerts when there’s a problem it can lead to bigger problems

Lets say for instance you have regular tasks that are being run at scheduled times

A change is made somwhere else, for instance a firewall rule is added, and unknowingly Semaphore can no longer connect to the email server

Unless folks are regularly logging into Semaphore, failed tasks will continue to fail and nobody will be any the wiser

As inconvenient as it may seem, it’s better to have those regular notifications coming through, even if it’s for only one task so we know everything is working

The approach by the developers it seems is to only send emails for critical alerts and to use services like Telegram and Slack for successful alerts

Personally I don’t want to have to keep on top of multiple messaging services as that’s just more work

In which case, maybe a playbook that can send an email as some form of test message each day will have to do

Manually Run Tasks:
To test Semaphore is working, we’ll manually run the task we created eariler

To do that, navigate to Task Templates

One option is to click on RUN in the Actions column for a task

You can fill in extra details, just like you would when running a playbook from the CLI

Then you click RUN to start the task

Once the task is complete you can close the dialogue box

Another way to run the desk is to Click on the name of the task

This gives you a history of the task in terms of when it was run and what the outcomes were, but you also get some useful informtation at the top about the task itself

To the right, you have an option to RERUN a task and in the top right you have another option to run the task by clicking RUN

I’m not seeing a difference between the two as either option spawns a new task ID anyway

If you want to make changes to a task you click on the pencil or edit button in the top right corner

You can copy the task and you can also delete it if you want

The main Task Templates area is a useful way to keep track of when a task last run and if it worked or failed

There’s a useful expansion button for each task as well if you just want to see some additional history without going into the task details themselves

You can also get a history of tasks that have been run in the Dashboard

And it’s this tracking of tasks is what to me makes Sempahore so really useful

Upgrade Semaphore:
Now as it turns out, I’ve been running a much older version of Semaphore than I realised, so this provided an opportunity to test upgrading Semaphore

I only noticed by accident whilst trying to resolve a 400 error that newer versions were available, and that the installation instructions aren’t being kept up to date and that’s what I’m used to seeing

Although to be fair they do mention a releases page which in hindsight I should have checked

There is a warning in a version I had to jump over in this video to take a backup of your database. That’s because it will be altered and you won’t be able to revert back to an older version of Semaphore afterwards

But since I use a virtual machine that runs everything, I took a snapshot of it so I can roll things back should things not go to plan

First you should shutdown Semaphore

sudo systemctl stop semaphore

Since I’d installed v2.8.75 and the latest version was v2.9.37, I download that newer version

cd ~/Downloads/

Then it’s a matter of installing over the existing version

sudo dpkg -i semaphore_2.9.37_linux_amd64.deb

Now we can start Sempahore back up

sudo systemctl start semaphore

Since this version mentioned a database change, I opted to leave it for a short while

Logging back into Semaphore, or in my case using Ctrl-F5, there are various changes to be noticed for 2.9.x:
You can choose between Lanaguages
If you have Admin rights, this will show against your portait
Under the project name, you’ll be shown your role in the project
Team members are assigned roles
There’s a hint of billing being added at some point to projects

So, lesson learned hopfeully, pay attention to the releases page

So far, Semaphore looks to be a very useful tool to help with Ansible automation

I really don’t understand though why the developer couldn’t have provided a web server that supports TLS

For that reason, I wouldn’t consider this to be a modern UI because even vendors selling devices to retail began providing secure web servers a long long time ago for management access

I can get around the security concerns though, by installing everything onto one computer and accessing Semaphore locally rather than remotely

Bear in mind, I’ve seen reports in the forum about sensitive information being leaked to logs for instance

So not only should access to the computer be heavily restricted, but any exporting of logs for analysis should be vetted

The documentation provided could also do with more attention

There are a lot of hoops to jump through to set up Semaphore this way and they’re either not mentioned or explained well enough

And if you’re just starting out with this, it can be a struggle to know what to do and that’s why documentation is important

In the grand scheme of things though, this is a very useful tool for running Ansible playbooks

Sharing is caring!