Ansible Semaphore UI: My New Go-To Infrastructure Automation Tool

A couple of years ago now, I wrote about Ansible Semaphore which brings an awesome UI to Ansible and it is a MUCH simpler tool to get up and running and use than something like Ansible AWX. However, since I had last used the solution, Semaphore UI has now evolved to be something more than just a GUI frontend to Ansible. It allows you to run not only Ansible but also Terraform, OpenTofu, Terragrunt, PowerShell, and even custom scripts. While I love full CI/CD tools like GitLab, Ansible Semaphore UI can be a go-to tool for a simple but powerful automation platform. Let’s see how.

Why Semaphore UI?

The Semaphore UI is a clean and really powerful, and relatively simple tool to use. It has a modern look and feel. Getting Semaphore up and running takes literally under five minutes with Docker Compose. You will find my example code in the installing section below.

Also, I think this tool has a lot of value and potential for those that don’t want to go all-in on something like GitLab which can be a beast to run and it isn’t the easiest sometime to configure and have it do what you want. However, this may be the experience you have with most full-blown CI/CD tools.

I think though that Ansible Semaphore UI is a tool that provides a happy medium between the others and allows you to have a tool that can do most of what you can do with full CI/CD in an easier way.

Why it might be just what you are looking for

I think there are a lot of reasons as I have mentioned but below are a few more

• Easy setup: I can spin up a fresh VM or home-lab container, install Semaphore UI in under five minutes, and immediately import all my playbooks and Terraform repos from GitLab or any other Git source
• Same tool for different solutions: Semaphore makes it where you can work with all kinds of tools and automation from the same interface. You can patch Linux servers with Ansible, provision AWS with Terraform/OpenTofu, or you can run a PowerShell script on Windows. Very cool capabilities indeed.
• Built-in scheduling: If you need to do something like nightly security scans or weekly infrastructure audits, you can have these scheduled to happen automatically without any extra cron jobs or external schedulers.

It’s more than just Ansible now

I know when I took a look at Semaphore a couple of years ago, it was Ansible only. It didn’t have capabilities outside of running Ansible playbooks. However, all of that has changed now. You can now work with all of the following with Semaphore UI:

• Ansible Playbooks for configuration management
• Terraform and OpenTofu plans for provisioning infrastructure
• Terragrunt wrappers to keep your Terraform DRY
• PowerShell scripts to manage Windows environments
• Bash, Python, Pulumi, or any custom CLI tool

1. Configuration Management with Ansible

Probably what it is known for best, Semaphore gives you a powerful interface to running Ansible (much easier than Ansible AWX)

• GUI: See which hosts succeeded or failed at a glance.
• Collaboration: Share task templates across team members
• Drift Detection: Schedule regular playbook runs to catch configuration drift

2. Infrastructure Provisioning with Terraform and OpenTofu

You may not have realized (I didn’t) that Semaphore UI can now work with Terraform and OpenTofu among others:

• Preview: Semaphore displays your plan output in a clear, scrollable view.
• Easy Terraform and OpenTofu runs: Approve and apply infrastructure changes without switching back to your terminal
• Rollback: If something breaks, you can run a last known good plan in just a couple clicks

3. DRY Workflows with Terragrunt

Import Terragrunt modules in your templates to standardize environment configurations. With this, you can manage multiple environments (dev, staging, prod).

4. Windows automation with PowerShell

If you are like me, you have seen PowerShell scripts spread across a whole group of Windows servers in production without any real standardized place for these. Semaphore’s WinRM integration lets you:

• Run PowerShell scripts to configure IIS or Active Directory
• Automate patching and security updates on Windows hosts
• Collect logs and output directly in the web console

5. Custom Scripts

Also, very cool is the fact that you can run a Python maintenance script or shell script if needed. You can just create a generic script template for your Python script. It will handle scheduling and executing it.

Installing Ansible Semaphore UI

You can easily install Ansible Semaphore UI using Docker Compose. Take a look at the example Docker Compose code below that I used in my environment. You can replace the network and bind mounts to match where you want things in your environment:

version: '3.8'

services:
  semaphore-postgres:
    image: postgres:14
    restart: always
    ports:
      - '5432:5432'
    hostname: postgres
    volumes:
      - /mnt/cephfs/semaphore/postgres:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}

  semaphore-ui:
    image: semaphoreui/semaphore:latest
    restart: always
    ports:
      - '3000:3000'
    volumes:
      - /mnt/cephfs/semaphore/data:/tmp/semaphore
    environment:
      SEMAPHORE_DB_USER: ${POSTGRES_USER}
      SEMAPHORE_DB_PASS: ${POSTGRES_PASSWORD}
      SEMAPHORE_DB_HOST: postgres
      SEMAPHORE_DB_PORT: ${POSTGRES_DB_PORT:-5432}
      SEMAPHORE_DB_DIALECT: postgres
      SEMAPHORE_DB: ${POSTGRES_DB}
      SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/
      SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD}
      SEMAPHORE_ADMIN_NAME: ${SEMAPHORE_ADMIN_NAME}
      SEMAPHORE_ADMIN_EMAIL: ${SEMAPHORE_ADMIN_EMAIL}
      SEMAPHORE_ADMIN: ${SEMAPHORE_ADMIN_USER}
      SEMAPHORE_EMAIL_HOST: ${SEMAPHORE_EMAIL_HOST}
      SEMAPHORE_EMAIL_PORT: ${SEMAPHORE_EMAIL_PORT}
      SEMAPHORE_EMAIL_SENDER: ${SEMAPHORE_EMAIL_SENDER}
      SEMAPHORE_EMAIL_ALERT: ${SEMAPHORE_EMAIL_ALERT}
      SEMAPHORE_EMAIL_ALERT_RECIPIENTS: ${SEMAPHORE_EMAIL_ALERT_RECIPIENTS}
      SEMAPHORE_ACCESS_KEY_ENCRYPTION: ${SEMAPHORE_ACCESS_KEY_ENCRYPTION}
    depends_on:
      - semaphore-postgres

networks:
  default:
    name: npm-stack_nginxproxy
    external: true

You can use an .env file to house the values like the following:

# PostgreSQL settings
POSTGRES_USER=semaphore
POSTGRES_PASSWORD=ChangeMeToAStrongPassword!
POSTGRES_DB=semaphore
POSTGRES_DB_PORT=5432

# Semaphore admin credentials
SEMAPHORE_ADMIN_NAME=admin
SEMAPHORE_ADMIN_USER=admin
SEMAPHORE_ADMIN_PASSWORD=SuperSecretAdminPass123!

# Email notifications
SEMAPHORE_EMAIL_HOST=mail.yourdomain.com
SEMAPHORE_EMAIL_PORT=25
[email protected]
SEMAPHORE_EMAIL_ALERT=true
[email protected]

# Access key encryption (use a securely generated base64 string)
SEMAPHORE_ACCESS_KEY_ENCRYPTION=Zm9vYmFyMTIzIT8kKiYoKSctPUB+

# (Optional) Override default database port
# POSTGRES_DB_PORT=5432

Getting familiar with the Semaphore interface

Before diving into examples, let’s unpack the key concepts that keep Semaphore organized and scalable:

Projects

A Project is like a container for everything related to a specific automation. Your home-lab cleanup routines, your production infrastructure provisioning, or a one-off task. All of these can be included in their own projects for better management.

Inventories

Within each Project, the inventories define the targets of your tasks (so servers you want to run the tasks on).

Task templates

Templates contain the steps you want to run on your chosen automation tool. For example, an Ansible Task Template points to your Git repo where you have your playbooks stored and it specifies which playbook file to execute and the SSH credentials it needs.

Tasks

A Task is an execution instance of a Template. You can kick off a Task manually whenever you need it. Also you can schedule it to run automatically.

Schedules

Set up cron-style or simple daily/weekly schedules. This will allow you to have schedules for things like package updates or compliance checks or drift checks.

Your First Semaphore Project

Let’s walk through setting up a new Semaphore Project and running an Ansible playbook which may be where most will start from. I found the following order of operations to be needed to get up and running.

Create a New Project

• Click Create Project, give it a name (e.g., “Home Lab Automation”)

Add an Inventory

• Under Inventories, click Add Inventory.
• Name it (e.g., “Lab Servers”), then list each host by IP or hostname.

1. Define an Ansible Task Template
   • Go to Task Templates and click Add Template.
   • Select Ansible as the runner type.
   • Enter your Git repository URL containing your playbooks.
   • Specify which playbook to run (e.g., site.yml) and which inventory to use.
   • Save the template.

Run Your Playbook

• Under Task templates, select your newly created template and click the Run button.
• Watch live logs stream in the console panel.

Schedule Recurring Runs

• In the Task view, choose Add Schedule, select daily or cron settings, and you’re done—your playbook will now run automatically.

Other features of Semaphore to note

Semaphore is a great tool that also includes other enterprise-like features. These features include things like role-based access control for teams and audit trails. This allows you to have visibility on all activities, including projects, task runs, etc. Also, you get notifications that can be triggered (for failures only to email), but also ALL notices (successes and failures) to Telegram or Slack.

It also has a built-in secrets vault that securely stores your SSH keys, API tokens, and other creds so you don’t have to worry about these appearing in your logs or playbooks.

Semaphore API & Integrations

Semaphore UI also has a REST API that allows you to interact with it programmatically. You can use it to run projects, create projects, and tasks, etc. You trigger template runs on Git commits or pull-request merges.

Paid version

New also since the last time I checked out Ansible Semaphore UI is there is now a paid version (Pro and Enterprise) that provide many more features. I think the screenshot of the comparison table from the official Semaphore website will best show which features you get from the paid versions. You can view the pricing for Semaphore UI here: Pricing – Semaphore UI.

Wrapping up

All in all, I am really impressed with Ansible Semaphore UI. If you will notice they have really dropped the name of “Ansible” and it is just called Semaphore UI. Mostly, this is due to the fact that it has grown beyond just Ansible. It may have started there, but now the tool allows you to interact with Terraform, Terragrunt, Python, PowerShell, and custom scripting. So, I honestly think this tool is a VERY powerful tool and middle ground before having to run a full CI/CD pipeline like GitLab. Let me know in the comments if you have tried out Semaphore and how you are using it.