From 4e0b4fa049b946483feee1aeb371783d667f8138 Mon Sep 17 00:00:00 2001 From: Hermes Agent service account Date: Wed, 27 May 2026 22:20:43 -0500 Subject: [PATCH] refactor(semaphore): remove unreliable admin user creation from role Initial admin user must now be created manually after first deployment --- ansible/roles/semaphore/tasks/main.yml | 91 +------------------------- 1 file changed, 1 insertion(+), 90 deletions(-) diff --git a/ansible/roles/semaphore/tasks/main.yml b/ansible/roles/semaphore/tasks/main.yml index 99621c8..2e280bf 100644 --- a/ansible/roles/semaphore/tasks/main.yml +++ b/ansible/roles/semaphore/tasks/main.yml @@ -76,93 +76,4 @@ daemon_reload: true name: "container-{{ semaphore_container_name }}.service" state: started - enabled: true -- name: Check if admin user already exists - ansible.builtin.command: - cmd: "podman exec {{ semaphore_container_name }} semaphore user list" - register: semaphore_user_list - changed_when: false - failed_when: false - no_log: true - -- name: Create initial admin user - ansible.builtin.command: - cmd: > - podman exec {{ semaphore_container_name }} semaphore user add --admin - --login {{ semaphore_admin_user }} - --name "{{ semaphore_admin_name }}" - --email {{ semaphore_admin_email }} - --password {{ semaphore_admin_password | default(vault_semaphore_admin_password) }} - register: create_admin_result - changed_when: create_admin_result.rc == 0 - failed_when: create_admin_result.rc != 0 and 'already exists' not in create_admin_result.stderr | default('') - when: - - semaphore_admin_password is defined or vault_semaphore_admin_password is defined - - semaphore_admin_user not in semaphore_user_list.stdout - no_log: true - -- name: Force delete admin user if requested - ansible.builtin.command: - cmd: "podman exec {{ semaphore_container_name }} semaphore user delete --login {{ semaphore_admin_user }}" - register: delete_admin_result - failed_when: false - changed_when: delete_admin_result.rc == 0 - when: semaphore_force_admin_user | bool - no_log: true - -- name: Create initial admin user (forced) - ansible.builtin.command: - cmd: > - podman exec {{ semaphore_container_name }} semaphore user add --admin - --login {{ semaphore_admin_user }} - --name "{{ semaphore_admin_name }}" - --email {{ semaphore_admin_email }} - --password {{ semaphore_admin_password | default(vault_semaphore_admin_password) }} - register: create_admin_result - changed_when: create_admin_result.rc == 0 - failed_when: create_admin_result.rc != 0 and 'already exists' not in create_admin_result.stderr | default('') - when: semaphore_force_admin_user | bool - no_log: true - -- name: Create initial admin user - ansible.builtin.command: - cmd: > - podman exec {{ semaphore_container_name }} semaphore user add --admin - --login {{ semaphore_admin_user }} - --name "{{ semaphore_admin_name }}" - --email {{ semaphore_admin_email }} - --password {{ semaphore_admin_password | default(vault_semaphore_admin_password) }} - register: create_admin_result - changed_when: create_admin_result.rc == 0 - failed_when: create_admin_result.rc != 0 and 'already exists' not in create_admin_result.stderr - when: - - semaphore_admin_password is defined or vault_semaphore_admin_password is defined or vault_semaphore_admin_password is defined - - semaphore_admin_user not in semaphore_user_list.stdout - no_log: true - -- name: Force delete admin user if requested - ansible.builtin.command: - cmd: "podman exec {{ semaphore_container_name }} semaphore user delete --login {{ semaphore_admin_user }}" - register: delete_admin_result - failed_when: false - changed_when: delete_admin_result.rc == 0 - when: - - semaphore_force_admin_user | bool - - semaphore_admin_user in semaphore_user_list.stdout - no_log: true - -- name: Create initial admin user (forced) - ansible.builtin.command: - cmd: > - podman exec {{ semaphore_container_name }} semaphore user add --admin - --login {{ semaphore_admin_user }} - --name "{{ semaphore_admin_name }}" - --email {{ semaphore_admin_email }} - --password {{ semaphore_admin_password | default(vault_semaphore_admin_password) }} - register: create_admin_result - changed_when: create_admin_result.rc == 0 - failed_when: create_admin_result.rc != 0 - when: - - semaphore_force_admin_user | bool - - semaphore_admin_password is defined or vault_semaphore_admin_password is defined or vault_semaphore_admin_password is defined - no_log: true + enabled: true \ No newline at end of file