Public | Automated Build

Last pushed: a month ago
Short Description
Docker Image for Semaphore using the gcavalcante8808/ansible.
Full Description

Semaphore Container

This is a gcavalcante8808/semaphore docker image with Ansible Installed. All configuration options
can be defined through environment variables.


You need to provide the following information (through environment variables):

  • SEMAPHORE_DB_HOST: The MYSQL DB HOST. If not provided, the value 'db' is assumed;
  • SEMAPHORE_DB_PORT: Listen port of the host. If not provided, the value '3306' is assumed;
  • SEMAPHORE_DB_USER: The User that can access the mysql. If Not provided, the value 'semaphore' is assumed;
  • SEMAPHORE_DB_PASS: The Password of the User. If not provided, the value 'semaphore' is assumed;
  • SEMAPHORE_DB: The Name of Schema created. If Not provided, the value 'semaphore' is assumed.

  • SEMAPHORE_MAIL_ALERT: Activate the mail support if Defined. When activated, the following vars needs be especified:


    For now, semaphore doesn't seems to support TLS or authenticated SMTP Configurations.

  • SEMAPHORE_TELEGRAM_ALERT: Activate telegram integration if Defined. When activated, the following vars needs be especified:

  • SEMAPHORE_LDAP_SUPPORT: Activate telegram integration if Defined. When activated, the following vars needs be especified:

    • SEMAPHORE_LDAP_BINDDN: The user that can read the directory. Eg. cn=semaphore,dc=example,dc=com;
    • SEMAPHORE_LDAP_SERVER: server IP or FQDN with port. Eg. ldap:389;
    • SEMAPHORE_LDAP_SEARCHDN: Entry from where the search will start. Eg dc=example,dc=com or dc=users,dc=example,dc=com;
    • SEMAPHORE_LDAP_SEARCHFILTER: Ldap Search filter such as (uid=%s) or (cn=%s)
    • SEMAPHORE_LDAP_NEEDTLS: Define this property to force the use of the TLS.

The following LDAP Mapping attributes can be configured as well:

  • SEMAPHORE_LDAP_MAP_DN: If not provided the value used is 'dn'.
  • SEMAPHORE_LDAP_MAP_MAIL: If not provided the value used is 'mail'.
  • SEMAPHORE_LDAP_MAP_UID: If not provided the value used is 'uid'.
  • SEMAPHORE_LDAP_MAP_CN: If not provided the value used is 'cn'.

Other optionals vars are:

  • SEMAPHORE_PORT: Application port to listen. 3000 by default.
  • SEMAPHORE_TMP_PATH: Temp path for playbooks clone ops. /tmp/semaphore by default;
  • SEMAPHORE_VIRTUAL_HOST: To use with reverse proxyes.
  • SEMAPHORE_MAX_PARALLEL: Max parallel jobs. 0(unlimited) by default.

Questions about the image tag

Previously, the image was based in the gcavalcante8808/ansible (latest) image, but this behavious has changed; as such, all needed Dockerfile statements to install ansible are included in this image and the following statements are true for the tags of the images:

  • The semaphore_versions supported are listed in the file semaphore_versions;
  • The ansible_versions support are listed in the file ansible_versions;
  • The tags were defined using the just the semaphore_version before; now, it uses a the following format '{{ semaphore-version }}-ansible-{{ ansible-version}}" allowing to permute the versions declared in the 'semaphore_versions' and 'ansible_versions'. Eg:
    • 2.4.1-ansible- an semaphore 2.4.1 with an ansible installed.

All previous tags are available in the as well.

How to Use: Using Docker Compose

Clone the repo into your machine and access the folder created. Then, use the following command:

    docker-compose up -d

Check your semaphore on localhost:8080 after a few seconds (The MySQL takes some time to setUp for the first time). The default user and password is "semaphore" if you haven't provided one in the env vars.

Note About "Login Incorrect"

For a fresh install, sometimes the application starts before the database; in these cases, the import_user script cannot setup the 'SEMAPHORE_ADMIN' account properly; an restart is sufficient to solve the race condition. You can still run the import_user script trough the following command:

docker-compose exec web /import_user

Note About "Host key Verification Failed"

Due to the use of ssh client by ansible, you'll need to fingerprint the target SSH public before the use of the semaphore or you will incur in some 'Host key verification failed.' Errors. To do that, use the following command (for each host in the inventory):

    docker exec -it <CONTAINER> sh -c 'ssh-keyscan -H <SERVER> >> ~/.ssh/known_hosts'

Where container is the id or the name of the semaphore container created and server is the target of your ansible playbooks.

If you want to disable the SSh Strict Host Checking feature (Be Carefull with Man-In-The-Middle attacks), use the statement 'host_key_checking=False' as extra_var in your Template Task or set ANSIBLE_HOST_KEY_CHECKING=False in the container definition.


Author: Gabriel Abdalla Cavalcante Silva (

Docker Pull Command