Christian WellsAnsible Semaphore is an open-source web UI for Ansible playbooks that facilitates the deployment of Ansible automation via a user-friendly web interface. It is written in Go and can be run on various operating systems, including Linux, Windows, and macOS. Ansible Semaphore provides a centralized platform for managing deployments, configurations, and access control. In this comprehensive guide, we will walk you through the step-by-step process of installing Ansible Semaphore on a Debian 11 server, using the PostgreSQL database server, and configuring Nginx as a reverse proxy.
Prerequisites
Before diving into the installation process, make sure you have the following prerequisites in place:
- A Linux server running Debian 11 (e.g., ‘semaphore’ as the hostname)
- A non-root user with sudo/root privileges (e.g., ‘bob’)
- A domain name pointed to the server’s IP address (e.g., ‘ansible.example.io’)
Installing Dependencies
To begin the installation process, we need to install some dependencies. Start by updating and refreshing the Debian package index with the following command:
sudo apt update
Once the package index is updated, install the necessary dependencies by running the following command:
sudo apt install git curl wget software-properties-common ansible postgresql nginx
This command will install the latest version of Ansible, the PostgreSQL database server, and the Nginx web server. During the installation process, you may be prompted to confirm the installation by entering ‘y’ and pressing ENTER.
After the installation is complete, verify the status of the PostgreSQL and Nginx services by running the following commands:
sudo systemctl is-enabled postgresql
sudo systemctl status postgresql
You should see that the PostgreSQL server is enabled and running by default. Repeat the same steps to check the status of the Nginx web server:
sudo systemctl is-enabled nginx
sudo systemctl status nginx
Confirm that Nginx is enabled and running as well.
Congratulations! You have now installed the necessary dependencies for Ansible Semaphore, including Ansible, PostgreSQL, and Nginx.
Setting up PostgreSQL Database
Next, we will set up the PostgreSQL database and user that will be used by Ansible Semaphore. Begin by logging in to the PostgreSQL shell with the following command:
sudo -u postgres psql
Once logged in, you will see the PostgreSQL prompt ‘postgres=#’. Enter the following queries to create a new database and user:
CREATE USER semaphore WITH PASSWORD 'yourpassword'; CREATE DATABASE semaphoredb OWNER semaphore;
Make sure to replace ‘p4ssw0rdSemaphore’ with a strong password of your choice. These queries will create a new user called ‘semaphore’ and a database called ‘semaphoredb’. To verify the creation of the user and database, run the following queries:
du l
These queries will display the list of users and databases on your PostgreSQL server. You should see the ‘semaphore’ user and ‘semaphoredb’ database in the respective lists.
With the PostgreSQL database and user set up, we can now move on to installing Ansible Semaphore.
Installing Ansible Semaphore
To install Ansible Semaphore, we need to download the Debian package file from the official Ansible Semaphore GitHub page. Execute the following command to download the latest version of Ansible Semaphore:
VER=$(curl -s https://api.github.com/repos/ansible-semaphore/semaphore/releases/latest|grep tag_name | cut -d '"' -f 4|sed 's/v//g')
wget -q https://github.com/ansible-semaphore/semaphore/releases/download/v${VER}/semaphore_${VER}_linux_amd64.deb
This command will download the Debian package file for the latest version of Ansible Semaphore. You should see the downloaded file, e.g., ‘semaphore2.8.77linux_amd64.deb’, in your current working directory.
After downloading the package, install it using the following command:
sudo dpkg -i semaphore_${VER}_linux_amd64.deb
Once the installation is complete, the Ansible Semaphore binary file, ‘semaphore’, will be available in the ‘/usr/bin’ directory. Confirm the installation and check the version of Ansible Semaphore by running the following commands:
which semaphore semaphore version
The first command will display the full path of the ‘semaphore’ binary file, and the second command will show the current version of Ansible Semaphore installed on your system.
To enhance the usability of the ‘semaphore’ command utility, we can set up bash completion. Begin by installing the ‘bash-completion’ package:
sudo apt install bash-completion
Once installed, open the bash configuration file ‘~/.bashrc’ using the following command:
sudo nano ~/.bashrc
Add the following configurations at the end of the file:
if [ -f /usr/share/bash-completion/bash_completion ]; then . /usr/share/bash-completion/bash_completion elif [ -f /etc/bash_completion ]; then . /etc/bash_completion fi source <(semaphore completion bash)
Save and close the file. To apply the changes, reload the ‘~/.bashrc’ configuration file:
source ~/.bashrc
You can now use auto-completion for the ‘semaphore’ command utility by typing ‘semaphore’ and pressing the TAB button. This feature will provide a list of available options and parameters for the Ansible Semaphore command.
Congratulations! You have successfully installed Ansible Semaphore and configured the ‘semaphore’ command utility.
Configuring Ansible Semaphore
After installing Ansible Semaphore, we need to set up and configure our installation. Begin by creating a new configuration directory, ‘/etc/semaphore’, and navigate to it:
sudo mkdir -p /etc/semaphore cd /etc/semaphore
This directory will be used to store the configuration files for Ansible Semaphore. Next, run the following command to set up and configure Ansible Semaphore:
semaphore setup
This command will guide you through the configuration process. Select option 3 to set up Ansible Semaphore with the PostgreSQL database server. Enter the details of the PostgreSQL database name, user, and password when prompted.
You will also be asked to provide a playbook path. Enter a new directory path, such as ‘/opt/playbook’. For the remaining configurations, you can leave them as default by pressing ENTER.
After completing the configuration, you will be prompted to create an admin user for Ansible Semaphore. Enter your desired username, email address, and password. Once the configurations are finished, you will receive an output indicating the successful setup, and the Ansible Semaphore config file ‘/etc/semaphore/config.json’ will be generated.
Congratulations! You have now configured Ansible Semaphore with the PostgreSQL database server, set up the admin user, and defined the playbook path.
With the configuration in place, we are ready to start Ansible Semaphore. Let’s proceed to run it as a systemd service.
Running Ansible Semaphore with Systemd
To manage the Ansible Semaphore process, we will create a new systemd unit file. This file will allow us to control Ansible Semaphore using the systemctl command. Create a new file ‘/etc/systemd/system/semaphore.service’ and open it for editing:
sudo nano /etc/systemd/system/semaphore.service
Add the following content to the file:
[Unit] Description=Semaphore Ansible Documentation=https://github.com/ansible-semaphore/semaphore Wants=network-online.target After=network-online.target [Service] Type=simple ExecReload=/bin/kill -HUP $MAINPID ExecStart=/usr/bin/semaphore service --config=/etc/semaphore/config.json SyslogIdentifier=semaphore Restart=always [Install] WantedBy=multi-user.target
Save and close the file. To apply the changes, reload the systemd manager and enable the ‘semaphore’ service:
sudo systemctl daemon-reload
sudo systemctl enable semaphore
Start the service by running the following command:
sudo systemctl start semaphore
Verify that the service is running and enabled by checking its status:
sudo systemctl status semaphore
If the output shows that the service is enabled and running, you have successfully started Ansible Semaphore as a systemd service.
Finally, open your web browser and visit your server’s IP address followed by the default port 3000 (e.g.,http://192.168.5.10:3000/). You should see the login page of the Ansible Semaphore web application.
Congratulations! Ansible Semaphore is now running in the background as a systemd service, accessible through the web interface.
Running Ansible Semaphore with Nginx Reverse Proxy
To further enhance the security and accessibility of Ansible Semaphore, we can set up Nginx as a reverse proxy. This will allow us to access Ansible Semaphore using a domain name and enable SSL/TLS encryption.
Before proceeding, ensure that you have a domain name associated with your server’s IP address. Once you have your domain, create a new Nginx server block configuration file:
sudo nano /etc/nginx/sites-available/semaphore.conf
Add the following content to the file, replacing ‘ansible.example.io’ with your domain name:
upstream semaphore {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name ansible.example.io;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_pass http://semaphore/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /api/ws {
proxy_pass http://semaphore/api/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Origin "";
}
}
Save and close the file. Activate the server block configuration by creating a symbolic link:
sudo ln -s /etc/nginx/sites-available/semaphore.conf /etc/nginx/sites-enabled
To ensure that the Nginx configuration is valid, run the following command:
sudo nginx -t
If the output shows that the syntax is correct and the test is successful, restart the Nginx service to apply the changes:
sudo systemctl restart nginx
You have now set up Nginx as a reverse proxy for Ansible Semaphore. It is accessible through your domain name, e.g., https://ansible.example.io/auth/login.
Setting up UFW
To strengthen the security of your Debian system, we can enable the Uncomplicated Firewall (UFW) and configure it to allow only necessary services. Begin by installing UFW:
sudo apt install ufw
After the installation, add the OpenSSH and ‘Nginx Full’ applications to the UFW:
sudo ufw allow OpenSSH
sudo ufw allow "Nginx Full"
These commands will allow SSH and HTTP/HTTPS traffic through the firewall. Start and enable UFW with the following command:
sudo ufw enable
To verify the status of UFW and check the added rules, run the following command:
sudo ufw status
The output should indicate that UFW is active and show the rules for OpenSSH and ‘Nginx Full’.
Congratulations! Your Debian system is now protected by UFW, allowing only necessary services.
Securing Ansible Semaphore with Let’s Encrypt
To secure your Ansible Semaphore installation with SSL/TLS certificates, we will use Certbot and Let’s Encrypt. Certbot is a tool that simplifies the process of obtaining and managing SSL certificates. Begin by installing Certbot and the Certbot-Nginx plugin:
sudo apt install certbot python3-certbot-nginx
Once installed, run the following command to generate SSL certificates for your domain name and secure the Ansible Semaphore installation:
sudo certbot --nginx --agree-tos --no-eff-email --redirect --email test@example.io -d ansible.example.io
Make sure to replace ‘[email protected]’ with your email address and ‘ansible.example.io’ with your domain name. This command will automatically configure Nginx to use the generated SSL certificates and redirect HTTP traffic to HTTPS.
After the process is complete, your SSL/TLS certificates will be generated and stored in the ‘/etc/letsencrypt/live/yourdomain.com/’ directory. Ansible Semaphore will be accessible via a secure HTTPS connection, and any HTTP requests will be automatically redirected to the secure connection.
Congratulations! Ansible Semaphore is now secured with SSL/TLS certificates, ensuring encrypted communication between the server and clients.
Conclusion
In this comprehensive guide, we have covered the step-by-step process of installing and configuring Ansible Semaphore on a Debian 11 server. We started by installing the necessary dependencies, including Ansible, PostgreSQL, and Nginx. Next, we set up the PostgreSQL database and user for Ansible Semaphore. We then installed Ansible Semaphore and configured it with the PostgreSQL database.
We proceeded to run Ansible Semaphore as a systemd service and accessed it through the web interface. To further enhance security, we set up Nginx as a reverse proxy and secured the installation with SSL/TLS certificates generated by Let’s Encrypt.
With Ansible Semaphore up and running, you can now leverage its intuitive web interface to manage deployments, configurations, and access control for your Ansible playbooks. Enjoy the efficiency and scalability that Ansible Semaphore brings to your automation workflow.
For reliable and efficient cloud hosting solutions, including Linux SSD VPS, consider Shape.host. Shape.host offers scalable and secure hosting services, empowering businesses with cutting-edge cloud infrastructure. Visit Shape.host to explore a wide range of hosting options tailored to your needs.
