π οΈ Semaphore UI Setup β Role Overview ¶
The semaphoreui_setup role configures the Semaphore UI application on designated hosts.
It automates the creation and management of:
- Projects
- Repositories
- Key stores
- Views
- Inventories
- Task templates (static & dynamic)
- Environments
This role assumes Semaphore UI is already installed and reachable on the target host.
π» Supported Hosts ¶
Host group: semaphore
The role uses:
become: true- fact gathering enabled
π Inventory Structure ¶
All project-related configuration is defined per inventory, usually under:
inventory/semaphore/group_vars/semaphore/
Recommended layout (simplified, no redundant prefixes):
group_vars/semaphore/
βββ projects.yml
βββ repositories.yml
βββ keystores.yml
βββ views.yml
βββ templates.yml
βββ dynamic_templates.yml
Each file provides one piece of the full project structure.
dynamic_templates.yml contains dynamic template sets assigned per project.
π Variable: semaphoreui_setup_projects
¶
The role assembles this variable dynamically from component files and dynamic template sets.
It becomes the complete, consolidated list of projects including everything tied to them.
Example structure (static + dynamic templates):
semaphoreui_setup_projects:
- name: "Home Lab"
alert_enabled: false
max_parallel_tasks: 0
repositories:
- name: "Ansible"
git_url: "https://github.com/t3knoid/ansible.git"
git_branch: "main"
keystores:
- name: "Semaphore user credentials"
type: "login_password"
login_password:
login: "{{ semaphoreui_setup_semaphore_login }}"
password: "{{ semaphoreui_setup_semaphore_password }}"
views:
- title: "Linux Checks"
- title: "Security Updates"
templates:
# Static templates
- name: "Backup Semaphore Database"
playbook: "playbooks/semaphoreui/backup_db.yml"
inventory: "semaphore"
credentials:
- "Ansible vault password"
view: "Backups"
environment: "Empty"
# Dynamic templates
- name: "Check connection to Plex"
playbook: "playbooks/linux/check_connection.yml"
inventory: "plex"
credentials:
- "Ansible vault password"
view: "Linux Checks"
environment: "Empty"
π Variable: dynamic_template_sets
¶
Dynamic templates are now grouped by project:
dynamic_template_sets:
"Home Lab":
- name_prefix: "Check connection to"
playbook: "playbooks/linux/check_connection.yml"
inventories:
- redmine
- ombi
- plex
view: "Linux Checks"
credentials:
- "Ansible vault password"
repository: "Ansible"
environment: "Empty"
- name_prefix: "Deploy security updates to"
playbook: "playbooks/linux/deploy_updates.yml"
inventories:
- plex
- ombi
- services
view: "Security Updates"
credentials:
- "Ansible vault password"
repository: "Ansible"
environment: "Empty"
- Each template set applies only to its specified project.
- Templates are expanded across all inventories listed in
inventories. - Each template automatically combines
name_prefix + inventoryfor the task name.
βοΈ Role Task Structure ¶
The roleβs entry point:
roles/semaphoreui_setup/tasks/main.yml
Imports the setup entry point:
- import_tasks: setup/main.yml
All setup logic resides under:
roles/semaphoreui_setup/tasks/setup/
Task Files and Their Purpose¶
| Task File | Purpose |
|---|---|
create_api_token.yml |
Logs in as admin, generates API token, logs out. |
enum_users.yml |
Enumerates existing Semaphore users. |
setup_projects.yml |
Creates projects from semaphoreui_setup_projects. |
setup_project.yml |
Processes one project and triggers all subcomponents. |
setup_views.yml |
Ensures project views exist. |
setup_keystores.yml |
Creates key stores for the project. |
setup_repositories.yml |
Registers project repositories and attaches keys. |
setup_inventories.yml |
Registers inventories used in templates. |
setup_templates.yml |
Iterates over both static and dynamic templates. |
setup_template.yml |
Creates a single task template (playbook, inventory, repo, view, env, credentials). |
π Execution Workflow ¶
1. Inventory Discovery¶
- Finds available Ansible inventory files
- Builds
semaphoreui_setup_inventories - Makes this list available for template assignment
2. Authentication¶
- Reads admin password from disk
- Creates an API token via the Semaphore API
- Stores token for subsequent requests
3. User Enumeration¶
- Reads the existing list of users
- Avoids re-creating users unless explicitly configured
4. Project Creation¶
- Reads metadata from
projects_meta.yml - Compares with existing projects
- Creates missing projects
- Passes new project IDs to downstream tasks
5. Component Setup (Per Project)¶
Each project is processed using setup_project.yml, which calls:
setup_views.ymlsetup_keystores.ymlsetup_repositories.yml-
setup_inventories.ymlβsetup_inventory.yml -
setup_templates.ymlβsetup_template.yml(handles static + dynamic)
π Dynamic Template Handling ¶
- Static templates come directly from
semaphoreui_setup_projects_templates. - Dynamic templates come from
dynamic_template_setsvia the Ansible_Filter_extract_templates_for_project. - Both sets are appended and deduplicated automatically before creating tasks in Semaphore UI.
ποΈ Workflow-to-Task Mapping ¶
| Workflow Action | Role Task File |
|---|---|
| Create project views | setup_views.yml |
| Add project keystores | setup_keystores.yml |
| Add repositories | setup_repositories.yml |
| Register inventories |
setup_inventories.yml β setup_inventory.yml
|
| Add task templates |
setup_templates.yml β setup_template
|
πΊοΈ Flowchart Overview ¶
ββββββββββββββββββββββββββββββββββββββββββββββββ
β Project Definition Files β
β β’ projects.yml β
β β’ repositories.yml β
β β’ keystores.yml β
β β’ views.yml β
β β’ templates.yml β
β β’ dynamic_templates.yml β
βββββββββββββββββββββββββββββββββ¬βββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββ
β Playbook: setup_semaphoreui.yml β
β hosts: semaphore β
β roles: β
β - semaphoreui_setup β
βββββββββββββββββββββββββββββββββ¬βββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββ
β Role: semaphoreui_setup β
β Entry: tasks/setup/main.yml β
β β’ Build inventories β
β β’ Authenticate β
β β’ Enumerate users β
β β’ Run setup_projects.yml β
βββββββββββββββββββββββββββββββββ¬βββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββ
βConsolidation into semaphoreui_setup_projects β
β β’ Static templates β
β β’ Dynamic templates β
βββββββββββββββββββββββββββββββββ¬βββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββ
β setup_projects.yml β
β β’ Create projects β
β β’ Loop β setup_project.yml β
βββββββββββββββββββββββββββββββββ¬βββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββ
β setup_project.yml β
β β’ Create views β
β β’ Create keystores β
β β’ Create repositories β
β β’ Create inventories β
β β’ Create templates (static + dynamic) β
βββββββββββββββββββββββββββββββββ¬βββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββ
β setup_template.yml β
β β’ Resolve inventory/repo/view/env IDs β
β β’ Resolve vault credentials β
β β’ Create template β
ββββββββββββββββββββββββββββββββββββββββββββββββ