In this article, you will learn how to install Ansible Semaphore on CentOS 8. We will also create our first project by using the Semaphore web interface. #centlinux #ansible #linux
Table of Contents
What is Ansible?
Ansible is a free and open source software provisioning, configuration management and application deployment tool. Ansible is developed by Red Hat and available in free and commercial editions.
Ansible is agent-less and it uses the SSH and Python to apply operating system configurations on Ansible managed nodes.
Ansible is also daemon-less and we do not required to configure a server for it. Instead, we need to configure Ansible Control Node, to store the Ansible software and inventory.
Ansible has a powerful command set that let the administrators to perform all server orchestration tasks from command line. But for the administrators who prefer Graphical user interface (GUI), we have some free web interfaces available such as AWX and Semaphore.
AWX is the free and open source upstream version of Ansible Tower and we have already explored how to install Ansible AWX on CentOS.
Recommended Online Training: Devops Fundamentals – CI/CD with AWS +Docker+Ansible+Jenkins
What is Ansible Semaphore?
Ansible Semaphore is another open source alternative to Ansible Tower. Semaphore is available in both Community (free) and Enterprise (commercial) editions.
Semaphore is written in Golang (backend) and AngularJS (frontend) and distributed under MIT license. Semaphore supports LDAP authentication, REST API, Email and Telegram alerts.
Ansible Semaphore Prerequisites
Before you can install Ansible Semaphore, have a look at following three prerequisites.
- MySQL >= 5.6.4/MariaDB >= 5.3
- ansible in $PATH
- git >= 2.x in $PATH
Ansible Semaphore vs AWX
Ansible Semaphore
- Purpose: Ansible Semaphore is a lightweight, open-source web interface for managing Ansible projects and playbooks.
- Features:
- User Interface: Provides a simple and intuitive interface for managing inventories, projects, and playbooks.
- Access Control: Basic role-based access control (RBAC) to manage user permissions.
- Job Scheduling: Allows scheduling of Ansible playbook runs.
- Notifications: Basic notification features for job status updates.
- Integration: Integrates with Ansible for executing playbooks and managing automation tasks.
- Scalability: Designed for small to medium-sized environments with straightforward management needs.
- Ease of Use: Easy to set up and use, suitable for users looking for a straightforward interface to manage Ansible tasks without extensive overhead.
- Community Support: Supported by a smaller community compared to AWX, with fewer plugins and extensions available.
AWX
- Purpose: AWX is the upstream open-source project for Ansible Tower, offering more comprehensive features for enterprise-grade automation.
- Features:
- Advanced User Interface: Offers a rich, customizable dashboard with detailed views of inventories, job templates, and job runs.
- Access Control: Robust RBAC capabilities with fine-grained control over user permissions and roles.
- Job Scheduling: Advanced scheduling options for playbook runs, including recurring schedules.
- Notifications and Reporting: Extensive notification options and reporting capabilities for job status and audit trails.
- Workflow Automation: Supports workflow chaining and complex job orchestration.
- Integration: Integrates with external systems and tools, providing APIs and extensive plugin support.
- Scalability: Built for large-scale environments with multiple teams and complex automation workflows.
- Enterprise Features: Offers enterprise-grade features such as high availability, LDAP integration, and multi-organization support.
- Community Support: Backed by a larger community with active development, frequent updates, and a broader range of plugins and integrations.
Choosing Between Ansible Semaphore and AWX
- Scale and Complexity: Choose Ansible Semaphore for simpler, smaller-scale environments with basic management needs. Opt for AWX if you require advanced features, scalability, and enterprise-level support.
- Features: AWX provides a more extensive feature set suitable for complex automation workflows, while Ansible Semaphore offers a lightweight solution for straightforward Ansible playbook management.
- Community and Support: Consider the community size and support options available for ongoing maintenance and troubleshooting.
Both Ansible Semaphore and AWX serve different needs based on the scale, complexity, and feature requirements of your automation projects. Evaluate your specific requirements to determine which tool best fits your organization’s automation strategy.
Linux Server Specification
We are using a minimal CentOS 8 KVM virtual machine with following specifications.
- CPU – 3.4 Ghz (2 cores)
- Memory – 4 GB
- Storage – 40 GB
- Operating System – CentOS 8.1
- Hostname – semaphore-01.centlinux.com
- IP Address – 192.168.116.206 /24
Update Linux Software Packages
Connect with semaphore-01.centlinux.com as root user by using a SSH tool.
Use dnf command to update CentOS 8 software packages.
# dnf update -y Last metadata expiration check: 0:00:16 ago on Wed 27 May 2020 12:20:39 AM PKT. Dependencies resolved. Nothing to do. Complete!
Our CentOS machine is already up-to-date. Therefore, dnf has nothing to update this time.
Install MariaDB on CentOS 8
To install Ansible Semaphore, we require a MySQL database to create its data repository. Therefore, we are installing MariaDB 10.3 server on CentOS 8 by using dnf command.
# dnf install -y mariadb-server
Enable and start mariadb.service.
# systemctl enable --now mariadb.service Created symlink /etc/systemd/system/mysql.service â /usr/lib/systemd/system/mariadb.service. Created symlink /etc/systemd/system/mysqld.service â /usr/lib/systemd/system/mariadb.service. Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service â /usr/lib/systemd/system/mariadb.service.
Configure MariaDB server and set root user password.
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!MariaDB 10.3 Server has been installed.
Install Ansible on CentOS 8
There are different ways to install Ansible on CentOS 8, but we are installing it from EPEL yum repository.
Because Ansible is not available in default yum repositories. Therefore, we need to install EPEL (Extra Packages for Enterprise Linux) yum repository.
# dnf install -y epel-release
Build cache for EPEL yum repository.
# dnf makecache CentOS-8 - AppStream 12 kB/s | 4.3 kB 00:00 CentOS-8 - Base 1.2 kB/s | 3.9 kB 00:03 CentOS-8 - Extras 4.2 kB/s | 1.5 kB 00:00 Extra Packages for Enterprise Linux Modular 8 - 25 kB/s | 118 kB 00:04 Extra Packages for Enterprise Linux 8 - x86_64 606 kB/s | 6.8 MB 00:11 Metadata cache created.
Now, we can install Ansible from EPEL yum repository.
# dnf install -y ansible
Verify that the ansible command is available in $PATH (as required by the Semaphore).
# ansible --version ansible 2.9.9 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Nov 21 2019, 19:31:34) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)]
Ansible has been installed on CentOS 8.
Install Git on CentOS 8
Ansible Semaphore also requires git.
git is available in default yum repository, therefore, we can easily install git on Linux it using a dnf command.
# dnf install -y git
Verify that git is available in $PATH (as required by the Semaphore).
# git --version git version 2.18.2
git has been installed on CentOS 8
Install Ansible Semaphore
Ansible Semaphore downloads are available at GitHub. Copy the URL of installation package according to your requirements and then use wget command to download it.
# wget https://github.com/ansible-semaphore/semaphore/releases/download/v2.5.1/semaphore_2.5.1_linux_amd64.rpm --2020-05-27 00:52:07-- https://github-production-release-asset-2e65be.s3.amazonaws.com/23267883/2ac8069c-5dfa-11e8-85cc-30b65d788746?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200526%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200526T195207Z&X-Amz-Expires=300&X-Amz-Signature=9c0cd6353eb693eb04a558da6ad463378d69d30ba5e022b5d3c3051907855122&X-Amz-SignedHeaders=host&actor_id=0&repo_id=23267883&response-content-disposition=attachment%3B%20filename%3Dsemaphore_2.5.1_linux_amd64.rpm&response-content-type=application%2Foctet-stream Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.145.123 Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.145.123|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 4749991 (4.5M) [application/octet-stream] Saving to: âsemaphore_2.5.1_linux_amd64.rpmâ semaphore_2.5.1_lin 100%[===================>] 4.53M 1016KB/s in 5.0s 2020-05-27 00:52:13 (921 KB/s) - âsemaphore_2.5.1_linux_amd64.rpmâ saved [4749991/4749991]
Now, install Ansible Semaphore package by using dnf command.
# dnf install -y semaphore_2.5.1_linux_amd64.rpm
Verify the installation of Ansible Semaphore by checking its version.
# semaphore -version v2.5.1
Ansible Semaphore has been installed on CentOS 8.
Configure Ansible GUI
To configure Sempahore web UI, execute the following command and provide the required parameters as follows.
# semaphore -setup
Hello! You will now be guided through a setup to:
1. Set up configuration for a MySQL/MariaDB database
2. Set up a path for your playbooks (auto-created)
3. Run database Migrations
4. Set up initial semaphore user & password
> DB Hostname (default 127.0.0.1:3306): 127.0.0.1:3306
> DB User (default root): root
> DB Password: 123
> DB Name (default semaphore): semaphore
> Playbook path (default /tmp/semaphore): /opt/semaphore
> Web root URL (optional, example http://localhost:8010/): http://localhost:8010/
> Enable email alerts (y/n, default n): n
> Enable telegram alerts (y/n, default n): n
> Enable LDAP authentication (y/n, default n): n
Generated configuration:
{
"mysql": {
"host": "127.0.0.1:3306",
"user": "root",
"pass": "123",
"name": "semaphore"
},
"port": "",
"tmp_path": "/opt/semaphore",
"cookie_hash": "amackrz6Wq4yQCTPPZFJOdPn5ZXrlwW9q5nFDrdz7bU=",
"cookie_encryption": "+kh28Q3TZw7TFMTUj7JSQPsJg6TiueaM3MlQ0Y/quZ4=",
"email_sender": "",
"email_host": "",
"email_port": "",
"web_host": "http://localhost:8010/",
"ldap_binddn": "",
"ldap_bindpassword": "",
"ldap_server": "",
"ldap_searchdn": "",
"ldap_searchfilter": "",
"ldap_mappings": {
"dn": "",
"mail": "",
"uid": "",
"cn": ""
},
"telegram_chat": "",
"telegram_token": "",
"concurrency_mode": "",
"max_parallel_tasks": 0,
"email_alert": false,
"telegram_alert": false,
"ldap_enable": false,
"ldap_needtls": false
}
> Is this correct? (yes/no): yes
> Config output directory (default /root): /etc/semaphore
Running: mkdir -p /etc/semaphore..
Configuration written to /etc/semaphore/config.json..
Pinging db..
Running DB Migrations..
Checking DB migrations
Creating migrations table
Executing migration v0.0.0 (at 2020-05-27 12:27:24.45158697 +0500 PKT m=+106.357625439)...
[11/11]
Executing migration v1.0.0 (at 2020-05-27 12:27:24.546940933 +0500 PKT m=+106.452979414)...
[7/7]
Executing migration v1.1.0 (at 2020-05-27 12:27:24.6319435 +0500 PKT m=+106.537981967)...
[1/1]
Executing migration v1.2.0 (at 2020-05-27 12:27:24.64419921 +0500 PKT m=+106.550237674)...
[1/1]
Executing migration v1.3.0 (at 2020-05-27 12:27:24.649860391 +0500 PKT m=+106.555898875)...
[3/3]
Executing migration v1.4.0 (at 2020-05-27 12:27:24.657201716 +0500 PKT m=+106.563240171)...
[2/2]
Executing migration v1.5.0 (at 2020-05-27 12:27:24.665959955 +0500 PKT m=+106.571998419)...
[1/1]
Executing migration v0.1.0 (at 2020-05-27 12:27:24.672315103 +0500 PKT m=+106.578353568)...
[6/6]
Executing migration v1.6.0 (at 2020-05-27 12:27:24.688564215 +0500 PKT m=+106.594602697)...
[4/4]
Executing migration v1.7.0 (at 2020-05-27 12:27:24.698647135 +0500 PKT m=+106.604685611)...
[1/1]
Executing migration v1.8.0 (at 2020-05-27 12:27:24.708400388 +0500 PKT m=+106.614438870)...
[2/2]
Executing migration v1.9.0 (at 2020-05-27 12:27:24.717120752 +0500 PKT m=+106.623159225)...
[2/2]
Executing migration v2.2.1 (at 2020-05-27 12:27:24.72921036 +0500 PKT m=+106.635248822)...
[2/2]
Executing migration v2.3.0 (at 2020-05-27 12:27:24.746290078 +0500 PKT m=+106.652328536)...
[3/3]
Executing migration v2.3.1 (at 2020-05-27 12:27:24.760803184 +0500 PKT m=+106.666841662)...
[1/1]
Executing migration v2.3.2 (at 2020-05-27 12:27:24.763959613 +0500 PKT m=+106.669998075)...
[1/1]
Executing migration v2.4.0 (at 2020-05-27 12:27:24.76662111 +0500 PKT m=+106.672659571)...
[1/1]
Executing migration v2.5.0 (at 2020-05-27 12:27:24.769857459 +0500 PKT m=+106.675895917)...
[1/1]
Migrations Finished
> Username: centlinux
> Email: ahmer@centlinux.com
WARN[0126] sql: no rows in result set level=Warn
> Your name: CentLinux
> Password: 123
You are all setup CentLinux!
Re-launch this program pointing to the configuration file
./semaphore -config /etc/semaphore/config.json
To run as daemon:
nohup ./semaphore -config /etc/semaphore/config.json &
You can login with ahmer@centlinux.com or centlinux.Create Systemd Service
To configure autostart of Ansible Semaphore, we have to create a systemd unit for Semaphore service.
# vi /usr/lib/systemd/system/semaphore.service
Add following directives in this file.
[Unit] Description=Semaphore Ansible UI Wants=network-online.target After=network-online.target [Service] Type=simple ExecReload=/bin/kill -HUP $MAINPID ExecStart=/usr/bin/semaphore -config /etc/semaphore/config.json SyslogIdentifier=semaphore Restart=always [Install] WantedBy=multi-user.target
Enable and start semaphore.service.
# systemctl enable --now semaphore.service Created symlink /etc/systemd/system/multi-user.target.wants/semaphore.service â /usr/lib/systemd/system/semaphore.service.
Configure Linux Firewall
Allow Semaphore default service port in CentOS firewall.
# firewall-cmd --permanent --add-port=3000/tcp success # firewall-cmd --reload success
Semaphore uses plain text http protocol. Therefore, it is advisable to configure a https reverse proxy server by using Caddy or Nginx for enhanced security. We are not reproducing the steps here, but you can follow our previous articles to configure reverse proxy using Nginx or Caddy on CentOS.
Accessing Ansible GUI
To access Semaphore web interface, browse URL http://semaphore-01.centlinux.com:3000 in Google Chrome.
We are at the login page of the Ansible Semaphore. Login by using the user/password that we have created during configuration of Semaphore.
After successful login, we are now at the dashboard of Semaphore. Since, it is a new server and we didn’t yet configure anything, therefore it is empty.
Click on + button after Projects to add a new project.
Provide a Project name and click on Create button.
We are again at the dashboard of the Semaphore. Click on the newly added project to open it.
Before using Semaphore web interface, you should refer to Semaphore Documentation to build the necessary understanding about its usage.
Final Thoughts
Setting up Ansible Semaphore on CentOS 8 can significantly streamline your IT automation workflows, providing a user-friendly interface for managing Ansible projects. Whether you’re new to automation or looking to enhance your existing setup, Ansible Semaphore offers powerful capabilities.
For expert guidance tailored to your specific needs, I provide a comprehensive service to help you install Ansible Semaphore on Linux. Visit my Fiverr gig here to begin optimizing your automation processes with Ansible Semaphore.