fix(semaphore): provide SEMAPHORE_ADMIN_* env vars for non-interactive first boot

The v2.18 image's entrypoint runs the setup wizard on first boot. Without
the SEMAPHORE_ADMIN_* variables it prompts on stdin, fails with 'Username
cannot be empty', and the container exits — leading to a crash loop.

Set:
  SEMAPHORE_ADMIN=admin
  SEMAPHORE_ADMIN_NAME=Administrator
  SEMAPHORE_ADMIN_EMAIL=admin@local.mk-labs.cloud
  SEMAPHORE_ADMIN_PASSWORD={{ vault_semaphore_admin_password }}
  SEMAPHORE_PLAYBOOK_PATH=/var/lib/semaphore/playbooks

The env-var bootstrap path is stable in v2.x; only the legacy
'semaphore user add' CLI invocation was unreliable. Drop the manual
user-add step from the README.
This commit is contained in:
Hermes Agent service account
2026-05-29 21:38:44 -05:00
parent 80f810fb0c
commit d05cfcf317
3 changed files with 24 additions and 18 deletions

View File

@@ -25,6 +25,16 @@ Environment=SEMAPHORE_DB={{ semaphore_db_name }}
Environment=SEMAPHORE_DB_USER={{ semaphore_db_user }}
Environment=SEMAPHORE_DB_PASS={{ semaphore_db_password }}
# First-boot admin user (used only during initial setup; subsequent
# password changes go through the web UI).
Environment=SEMAPHORE_ADMIN=admin
Environment=SEMAPHORE_ADMIN_PASSWORD={{ semaphore_admin_password }}
Environment=SEMAPHORE_ADMIN_NAME=Administrator
Environment=SEMAPHORE_ADMIN_EMAIL=admin@local.mk-labs.cloud
# Playbook scratch directory inside the container
Environment=SEMAPHORE_PLAYBOOK_PATH=/var/lib/semaphore/playbooks
# Encryption for stored access keys (must be a 32-byte base64 string).
Environment=SEMAPHORE_ACCESS_KEY_ENCRYPTION={{ semaphore_access_key_encryption }}