Complete rewrite of the semaphore role. Supersedes three prior
iterations whose admin-user-creation logic was unreliable across
Semaphore CLI versions.
Architecture:
- Rootful Podman Quadlet under /etc/containers/systemd/
- Separate PostgreSQL 16-alpine container on a user-defined
podman network (semaphore-net)
- Named volumes for both data stores (semaphore_data,
semaphore_postgres_data) so container recreation is
non-destructive
- Pinned image tags: semaphoreui/semaphore:v2.18.5-ansible2.16.5
and postgres:16-alpine
- Post-deploy HTTP health check fails the playbook if Semaphore
doesn't respond on /api/ping within ~60s
Admin user creation remains intentionally manual after first deploy;
the role README documents the exact podman exec command.
Removes the duplicate deploy_semaphore.yml and the now-unneeded
cleanup_semaphore.yml; day1_deploy_semaphore.yml is the canonical
entry point.
31 lines
1.3 KiB
YAML
31 lines
1.3 KiB
YAML
---
|
|
# ============================================================================
|
|
# Post-deploy verification
|
|
# ----------------------------------------------------------------------------
|
|
# Polls the local Semaphore port until it responds. Fails loudly if the
|
|
# service doesn't come up — the operator should not get an "all green"
|
|
# playbook result while Semaphore is silently broken.
|
|
# ============================================================================
|
|
|
|
- name: Wait for Semaphore HTTP endpoint
|
|
ansible.builtin.uri:
|
|
url: "http://127.0.0.1:{{ semaphore_listen_port }}/api/ping"
|
|
status_code: [200, 201, 204]
|
|
return_content: false
|
|
register: semaphore_ping
|
|
until: semaphore_ping.status in [200, 201, 204]
|
|
retries: "{{ semaphore_health_check_retries }}"
|
|
delay: "{{ semaphore_health_check_delay }}"
|
|
|
|
- name: Report Semaphore status
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
Semaphore is reachable on http://127.0.0.1:{{ semaphore_listen_port }}.
|
|
Public URL: {{ semaphore_web_url }}.
|
|
If this is the first deployment, create the admin user with:
|
|
sudo podman exec -it {{ semaphore_container_name }} \
|
|
semaphore user add --admin \
|
|
--login admin --name Administrator \
|
|
--email admin@local.mk-labs.cloud \
|
|
--password '<see vault_semaphore_admin_password>'
|