no-docker

Vagrantfile

@@ -83,7 +83,7 @@ Vagrant.configure(2) do |config|
         "database" => ["controller"],
         "web" => ["controller"]
       }
-      ansible.verbose = "v"
+      ansible.verbose = "vv"
       ansible.limit = "all" # or only "nodes" group, etc.
     end
   end

inventory/dev/group_vars/semaphore.yml

@@ -1,11 +1,8 @@
 ---
-semaphore_download_url: 'https://github.com/semaphoreui/semaphore/releases/download/v2.10.35/semaphore_2.10.35_linux_amd64.tar.gz'
-semaphore_download_binary: false
+#semaphore_download_url: 'https://github.com/semaphoreui/semaphore/releases/download/v2.10.35/semaphore_2.10.35_linux_amd64.tar.gz'
+#semaphore_download_binary: false
 semaphore_web_root: 'https://controller'
 semaphore_db_host: '127.0.0.1'
-controller_repository_name: "example-repo"
-controller_repository_git_url: "https://github.comi/bbaassssiiee/controller.git"
-controller_repository_git_branch: "main"
 nginx_add_repo: false
 
 ssh_passphrase: "SomethingYouNeedToUse"

inventory/local/group_vars/database.yml

@@ -1,6 +1,7 @@
 ---
 postgres_enabled: true
 postgres_version: 15
+postgres_listen_addresses: '127.0.0.1'
 # Postgresql users and databases/schemas
 database:
   postgres:

provision.yml

@@ -6,12 +6,13 @@
   hosts: database
   become: true
   gather_facts: true
-  tags: [postgres]
+  tags: [postgres, database]
 
   pre_tasks:
     - name: Lookup DB_PASS in environment variables
       ansible.builtin.set_fact:
         check_db_pass: "{{ lookup('env', 'DB_PASS') }}"
+      no_log: true
 
     - name: Assert that DB_PASS is defined
       ansible.builtin.assert:
@@ -24,7 +25,7 @@
   roles:
     - role: postgres
 
-- name: Semaphore in Docker
+- name: Semaphore in Systemd
   hosts: semaphore
   become: true
   gather_facts: true
@@ -63,4 +64,3 @@
     - role: api
       tags:
         - api
-        - semaphore

roles/api/tasks/cookie.yml

@@ -1,23 +1,32 @@
+- name: Get admin user
+  ansible.builtin.shell: |
+    set -o pipefail;
+    grep SEMAPHORE_ADMIN= {{ semaphore_env }} | cut -d= -f2 | sed 's/"//g'
+  register: admin_user
+  changed_when: false
+  no_log: "{{ not debug }}"
+
 - name: Get admin password
   ansible.builtin.shell: |
     set -o pipefail;
-    grep SEMAPHORE_ADMIN_PASSWORD= /home/semaphore/.env | cut -d= -f2
+    grep SEMAPHORE_ADMIN_PASSWORD= {{ semaphore_env }} | cut -d= -f2
   register: admin_pass
   changed_when: false
   no_log: "{{ not debug }}"
 
 - name: Set facts
   ansible.builtin.set_fact:
-    semaphore_password: "{{ admin_pass.stdout[1:] }}="
+    semaphore_admin_user: "{{ admin_user.stdout }}"
+    semaphore_admin_password: "{{ admin_pass.stdout[1:] }}="
   no_log: "{{ not debug }}"
 
 - name: Set API token
   ansible.builtin.uri:
     url: "{{ semaphore_api_url }}/auth/login"
     method: POST
     body:
-      auth: semaphore
-      password: "{{ semaphore_password }}"
+      auth: "{{ semaphore_admin_user }}"
+      password: "{{ semaphore_admin_password }}"
     status_code: 204
     timeout: 5
   register: login_response

roles/api/tasks/credentials.yml

@@ -32,7 +32,7 @@
         body: >-
           {
             "project_id": {{ semaphore_project_id | int }},
-            "name": "ansible-ssh-key",
+            "name": "Controller-ssh-key",
             "type": "ssh",
             "ssh":
             {

roles/api/vars/main.yml

@@ -0,0 +1,3 @@
+---
+# shared with semaphore role
+semaphore_env: /home/semaphore/.env

roles/semaphore/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 desired_state: present
-semaphore_download_binary: true
+semaphore_download_package: true
 verify_state: true
 # Easier debugging
 debug: false
@@ -9,10 +9,14 @@ semaphore_port: 3000
 semaphore_db_host: "{{ ansible_default_ipv4.address }}"
 bind_port: 3000
 semaphore_service_uri: "https://{{ ansible_fqdn | default(ansible_hostname) }}"
-# These default values are generated once, override with group_vars.
-# Use ansible-vault to encrypt values generated with
-# `head -c32 /dev/urandom | base64`
-vault_access_key_encryption: "{{ lookup('pipe', 'head -c32 /dev/urandom | base64') }}"
-vault_admin_password: "{{ lookup('pipe', 'head -c32 /dev/urandom | base64') }}"
-vault_cookie_encryption: "{{ lookup('pipe', 'head -c32 /dev/urandom | base64') }}"
-vault_cookie_hash: "{{ lookup('pipe', 'head -c32 /dev/urandom | base64') }}"
+# Whether to create an admin user
+semaphore_admin_user_manage: true
+# Use ansible-vault to encrypt values vars/main.yml refers to the vault_* variables
+vault_admin_user: admin
+vault_admin_email: [email protected]
+# These default values should be generated for your own environment.
+# Generated with `head -c32 /dev/urandom | base64`
+vault_access_key_encryption: 'POHO2/pWKVRIVmV8gJGlcF9I/RNBHplD5Ki4aMWnz6M='
+vault_admin_password: '/nOKL/PaudDI1J80KB0pQYPGlvAoaMg8ea71MdvS2tI='
+vault_cookie_encryption: 'q0luUwCsnzAUBjUYNHCNU5VpZEvjy0fPS698t9SvBYQ='
+vault_cookie_hash: 'w9vz6qSsDIQVLM7kC42QdXC/YoIgH9MFWIONIMSFfxc='

roles/semaphore/tasks/absent.yml

@@ -1,49 +1,48 @@
 ---
+- name: Gather service facts
+  ansible.builtin.service_facts:
+  no_log: "{{ not debug }}"
+
+- name: Stop semaphore service
+  when:
+    - ansible_facts.services['semaphore.service'] is defined
+    - ansible_facts.services['semaphore.service'].state == 'running'
+  ansible.builtin.systemd:
+    name: semaphore.service
+    state: stopped
+
 - name: Stop and disable semaphore service
+  when:
+    - ansible_facts.services['semaphore.service'] is defined
+    - ansible_facts.services['semaphore.service'].status == 'enabled'
   ansible.builtin.systemd:
     name: semaphore.service
     enabled: false
-    state: stopped
     daemon_reload: true
 
+- name: Remove systemd service file
+  ansible.builtin.file:
+    path: /usr/lib/systemd/system/semaphore.service
+    state: absent
+
 - name: Kill processes of semaphore user
   ansible.builtin.command:
     cmd: killall -u semaphore
   register: killed
   failed_when: killed.rc not in [0, 1]
   changed_when: killed.rc == 0
 
-- name: Check compose file
-  ansible.builtin.stat:
-    path: /home/semaphore/docker-compose.yml
-  register: compose_file
-
-- name: Remove docker-compose
-  when: compose_file.stat.exists | bool
-  community.docker.docker_compose_v2:
-    project_src: /home/semaphore
-    state: absent
-    remove_images: all
-    remove_volumes: true
-    remove_orphans: true
-
 - name: Remove config directory
   ansible.builtin.file:
-    path: "/home/semaphore/{{ item }}"
-    state: absent
-  loop:
-    - config
-    - .env
-    - docker-compose.yml
-
-- name: Remove docker modules
-  ansible.builtin.pip:
-    name:
-      - docker
-      - docker-compose
+    path: /etc/semaphore
     state: absent
 
 - name: Remove semaphore user
   ansible.builtin.user:
     name: semaphore
     state: absent
+
+- name: Remove semaphore package
+  ansible.builtin.package:
+    name: semaphore
+    state: absent

roles/semaphore/tasks/main.yml

@@ -1,8 +1,5 @@
 # Main tasks entry point for the role
 
-- name: "State variables - {{ desired_state }}"
-  ansible.builtin.include_vars: "{{ desired_state }}.yml"
-
 - name: "Converge state - {{ desired_state }}"
   ansible.builtin.include_tasks: "{{ desired_state }}.yml"