diff --git a/ansible/roles/semaphore/defaults/main.yml b/ansible/roles/semaphore/defaults/main.yml index ac85ab6..a59bb7d 100644 --- a/ansible/roles/semaphore/defaults/main.yml +++ b/ansible/roles/semaphore/defaults/main.yml @@ -23,4 +23,9 @@ semaphore_db_path: "{{ semaphore_data_dir }}/database.boltdb" # Vault variables (defined in group_vars/all/vault) # vault_semaphore_admin_password -# vault_semaphore_access_key_encryption \ No newline at end of file +# vault_semaphore_access_key_encryption +# Initial admin user (password should come from vault) +semaphore_admin_user: admin +semaphore_admin_name: Administrator +semaphore_admin_email: admin@local.mk-labs.cloud +# semaphore_admin_password: defined in vault diff --git a/ansible/roles/semaphore/tasks/main.yml b/ansible/roles/semaphore/tasks/main.yml index 2e280bf..542bbec 100644 --- a/ansible/roles/semaphore/tasks/main.yml +++ b/ansible/roles/semaphore/tasks/main.yml @@ -76,4 +76,27 @@ daemon_reload: true name: "container-{{ semaphore_container_name }}.service" state: started - enabled: true \ No newline at end of file + enabled: true +- name: Check if admin user already exists + ansible.builtin.command: + cmd: "podman exec {{ semaphore_container_name }} semaphore user list" + register: semaphore_user_list + changed_when: false + failed_when: false + no_log: true + +- name: Create initial admin user + ansible.builtin.command: + cmd: > + podman exec {{ semaphore_container_name }} semaphore user add --admin + --login {{ semaphore_admin_user }} + --name "{{ semaphore_admin_name }}" + --email {{ semaphore_admin_email }} + --password {{ semaphore_admin_password }} + register: create_admin_result + changed_when: create_admin_result.rc == 0 + failed_when: create_admin_result.rc != 0 and 'already exists' not in create_admin_result.stderr + when: + - semaphore_admin_password is defined + - semaphore_admin_user not in semaphore_user_list.stdout + no_log: true