fix(semaphore): provide SEMAPHORE_ADMIN_* env vars for non-interactive first boot
The v2.18 image's entrypoint runs the setup wizard on first boot. Without the SEMAPHORE_ADMIN_* variables it prompts on stdin, fails with 'Username cannot be empty', and the container exits — leading to a crash loop. Set: SEMAPHORE_ADMIN=admin SEMAPHORE_ADMIN_NAME=Administrator SEMAPHORE_ADMIN_EMAIL=admin@local.mk-labs.cloud SEMAPHORE_ADMIN_PASSWORD={{ vault_semaphore_admin_password }} SEMAPHORE_PLAYBOOK_PATH=/var/lib/semaphore/playbooks The env-var bootstrap path is stable in v2.x; only the legacy 'semaphore user add' CLI invocation was unreliable. Drop the manual user-add step from the README.
This commit is contained in:
@@ -62,21 +62,21 @@ Or via the dedicated playbook:
|
|||||||
ansible-playbook -i inventory.yml playbooks/day1_deploy_semaphore.yml
|
ansible-playbook -i inventory.yml playbooks/day1_deploy_semaphore.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
## First-run admin user creation (manual)
|
## First-run admin user
|
||||||
|
|
||||||
Semaphore's CLI `user add` is intentionally invoked once, by hand, after
|
The container provisions the initial admin user from the
|
||||||
the first deployment succeeds:
|
`SEMAPHORE_ADMIN_*` environment variables on first boot. Credentials:
|
||||||
|
|
||||||
```bash
|
| Field | Value |
|
||||||
sudo podman exec -it semaphore semaphore user add --admin \
|
|----------|------------------------------------------------|
|
||||||
--login admin \
|
| Login | `admin` |
|
||||||
--name "Administrator" \
|
| Name | `Administrator` |
|
||||||
--email admin@local.mk-labs.cloud \
|
| Email | `admin@local.mk-labs.cloud` |
|
||||||
--password '<vault_semaphore_admin_password>'
|
| Password | `vault_semaphore_admin_password` (in vault) |
|
||||||
```
|
|
||||||
|
|
||||||
Subsequent password rotations should also be done via the CLI, not by
|
The admin env vars are only consulted on first boot when no admin
|
||||||
re-running this role.
|
exists in the database. Subsequent password rotations should be done
|
||||||
|
through the web UI, not by re-running this role.
|
||||||
|
|
||||||
## Pinned versions
|
## Pinned versions
|
||||||
|
|
||||||
|
|||||||
@@ -22,9 +22,5 @@
|
|||||||
msg: >-
|
msg: >-
|
||||||
Semaphore is reachable on http://127.0.0.1:{{ semaphore_listen_port }}.
|
Semaphore is reachable on http://127.0.0.1:{{ semaphore_listen_port }}.
|
||||||
Public URL: {{ semaphore_web_url }}.
|
Public URL: {{ semaphore_web_url }}.
|
||||||
If this is the first deployment, create the admin user with:
|
Admin user 'admin' is provisioned automatically on first boot using
|
||||||
sudo podman exec -it {{ semaphore_container_name }} \
|
vault_semaphore_admin_password.
|
||||||
semaphore user add --admin \
|
|
||||||
--login admin --name Administrator \
|
|
||||||
--email admin@local.mk-labs.cloud \
|
|
||||||
--password '<see vault_semaphore_admin_password>'
|
|
||||||
|
|||||||
@@ -25,6 +25,16 @@ Environment=SEMAPHORE_DB={{ semaphore_db_name }}
|
|||||||
Environment=SEMAPHORE_DB_USER={{ semaphore_db_user }}
|
Environment=SEMAPHORE_DB_USER={{ semaphore_db_user }}
|
||||||
Environment=SEMAPHORE_DB_PASS={{ semaphore_db_password }}
|
Environment=SEMAPHORE_DB_PASS={{ semaphore_db_password }}
|
||||||
|
|
||||||
|
# First-boot admin user (used only during initial setup; subsequent
|
||||||
|
# password changes go through the web UI).
|
||||||
|
Environment=SEMAPHORE_ADMIN=admin
|
||||||
|
Environment=SEMAPHORE_ADMIN_PASSWORD={{ semaphore_admin_password }}
|
||||||
|
Environment=SEMAPHORE_ADMIN_NAME=Administrator
|
||||||
|
Environment=SEMAPHORE_ADMIN_EMAIL=admin@local.mk-labs.cloud
|
||||||
|
|
||||||
|
# Playbook scratch directory inside the container
|
||||||
|
Environment=SEMAPHORE_PLAYBOOK_PATH=/var/lib/semaphore/playbooks
|
||||||
|
|
||||||
# Encryption for stored access keys (must be a 32-byte base64 string).
|
# Encryption for stored access keys (must be a 32-byte base64 string).
|
||||||
Environment=SEMAPHORE_ACCESS_KEY_ENCRYPTION={{ semaphore_access_key_encryption }}
|
Environment=SEMAPHORE_ACCESS_KEY_ENCRYPTION={{ semaphore_access_key_encryption }}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user