oviliz
commented
1 year ago @YooBZH what other alternatives have you looked into or considered?
Open YooBZH opened 1 year ago
oviliz
commented
1 year ago @YooBZH what other alternatives have you looked into or considered?
YooBZH
commented
1 year ago Hi @oviliz ;
I tried AWX, Rundeck and a bunch of self made API and website (Django, Flask, FastAPI, Celery). In the end I am using AWX running in a K3S cluster, it is working nicely, but I hate the fact that this solution is a bulldozer when all I needed was a fly swatter.
Hi,
TL;DR : I liked Semaphore a lot but I will not deploy it for my team (and it makes me sad!)
For a little bit of background on why I am here : My team and I have an Ansible AWX / Tower installed to manage some of our playbooks and automation stuff and I recently ran into quite a lot of trouble with it. After hours of troubleshoot everything was working fine again, but I find every aspect of AWX/Tower to be too complex for our relatively basic needs.
So I decided to have a look around for an alternative and, among others, I discovered Ansible Semaphore.
Very few things are preventing me to push Semaphore at my job right now :
credential & inventory management (or more like credential+inventory+template+task are all too tightly linked)
I do not get why inventories MUST be linked to a credential. That is assuming every users share one credential, obviously that is not the case for my team, for security and traceability reasons every one have their own login/password for the devices we manage. That means if, in Ansible CLI, there are 10 users sharing 10 playbooks on one inventory file, there will be, in Semaphore, 10 templates and 10 inventories, just so each one of them can be linked to a specific credential. In addition to that, nothing would prevent userX from using the template of userY, beside creating 10 different projects, one for each user. Not very convenient, scalable or secure.
A workaround would be to have the possibility, when creating a template, to specify that the credentials need to be asked each time a task is launched (this would override the inventory's credential if there is any). This, coupled with some kind of "personal credential", something only usable by one user, would fix the above situation. Also, allowing an inventory to NOT be linked to any credential could be a nice option.
I think this would add a lot of flexibility to Semaphore and will allow it to be used by teams like mine where every team member has his own credential.
limited survey capability
As of testing, only "strings" and "integer" types are available, I am fine with the types, but I do not trust my users enough to let them input everything they want 😨 If we could limit the possible values of a variable to a pre-defined list that would be nice. Pretty much like asked in #904.
I do not know if those features could be easily implemented, or even if they match the tool philosophy. I really liked Semaphore feeling, ease of install and usage, that is why I took the time to post some kind of constructive (I hope!) feedback.
I will certainly keep an eye on the project to see what happen in the future, but sadly for now this is not a viable solution for my needs.
Anyway, thanks to all the dev and community for everything !
Bisous