semaphore icon indicating copy to clipboard operation
semaphore copied to clipboard
verified publisher icon semaphoreui

Problem: Can't configure SMTP with envvar in docker-compose.yml

Open 6C656C65 opened this issue 9 months ago • 6 comments

Issue

I want to configure an SMTP server on semaphore ui in docker compose to send alerts during fails. I have this docker compose. When I run it, it generates its config.json file but in it there is no configuration related to the SMTP server.

docker-compose.yml

services:
  semaphore:
    image: semaphoreui/semaphore:latest
    environment:
      - SEMAPHORE_DB_DIALECT=bolt
      - SEMAPHORE_ADMIN=admin
      - SEMAPHORE_ADMIN_PASSWORD=REDACTED
      - SEMAPHORE_ADMIN_NAME=Admin
      - SEMAPHORE_ADMIN_EMAIL=REDACTED
      - SEMAPHORE_EMAIL_SENDER=REDACTED
      - SEMAPHORE_EMAIL_HOST=REDACTED
      - SEMAPHORE_EMAIL_PORT=465
      - SEMAPHORE_EMAIL_USERNAME=REDACTED
      - SEMAPHORE_EMAIL_PASSWORD=REDACTED
      - SEMAPHORE_EMAIL_SECURE="True"
      - SEMAPHORE_WEB_ROOT=REDACTED
      - SEMAPHORE_FORWARDED_ENV_VARS=["http_proxy", "https_proxy", "no_proxy"]
      - http_proxy=REDACTED
      - https_proxy=REDACTED
      - no_proxy=localhost,127.0.0.1,10.0.0.0/16,192.168.0.0/16,172.16.0.0/12,.local
    volumes:
      - semaphore-data:/var/lib/semaphore
      - semaphore-config:/etc/semaphore

volumes:
  semaphore-data:
    name: semaphore-data
  semaphore-config:
    name: semaphore-config

Here is the config.json file it generates

{
        "bolt": {
                "host": "/var/lib/semaphore/database.boltdb"
        },
        "dialect": "bolt",
        "tmp_path": "/tmp/semaphore",
        "web_host": "REDACTED",
        "cookie_hash": "REDACTED",
        "cookie_encryption": "REDACTED",
        "access_key_encryption": "REDACTED"
}

Impact

Configuration

Installation method

Docker

Database

BoltDB

Browser

Firefox

Semaphore Version

v2.13.14-510ae35-1745088244

Ansible Version

ansible [core 2.18.4]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/semaphore/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/semaphore/apps/ansible/11.1.0/venv/lib/python3.12/site-packages/ansible
  ansible collection location = /home/semaphore/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/semaphore/apps/ansible/11.1.0/venv/bin/ansible
  python version = 3.12.10 (main, Apr 10 2025, 15:27:01) [GCC 14.2.0] (/opt/semaphore/apps/ansible/11.1.0/venv/bin/python3)
  jinja version = 3.1.6
  libyaml = True

Logs & errors

semaphore    | Generating setup file  ...
semaphore    | Executing semaphore setup
semaphore    | 
semaphore    | Hello! You will now be guided through a setup to:
semaphore    | 
semaphore    | 1. Set up configuration for a MySQL/MariaDB database
semaphore    | 2. Set up a path for your playbooks (auto-created)
semaphore    | 3. Run database Migrations
semaphore    | 4. Set up initial semaphore user & password
semaphore    | 
semaphore    | What database to use:
semaphore    |    1 - MySQL
semaphore    |    2 - BoltDB
semaphore    |    3 - PostgreSQL
semaphore    |  (default 1): 
semaphore    | db filename (default /home/semaphore/database.boltdb): 
semaphore    | Playbook path (default /tmp/semaphore): 
semaphore    | Public URL (optional, example: https://example.com/semaphore): 
semaphore    | Enable email alerts? (yes/no) (default no): 
semaphore    | Enable telegram alerts? (yes/no) (default no): 
semaphore    | Enable slack alerts? (yes/no) (default no): 
semaphore    | Enable Rocket.Chat alerts? (yes/no) (default no): 
semaphore    | Enable Microsoft Team Channel alerts? (yes/no) (default no): 
semaphore    | Enable LDAP authentication? (yes/no) (default no): 
semaphore    | Config output directory (default /home/semaphore): 
semaphore    | Running: mkdir -p /etc/semaphore..
semaphore    | Configuration written to /etc/semaphore/config.json..
semaphore    | Loading config
semaphore    | Validating config
semaphore    |  Pinging db..
semaphore    | Running db Migrations..
semaphore    | 
semaphore    | 
semaphore    |  > Username:  > Email: 
semaphore    |  Welcome back, Admin! (a user with this username/email is already set up..)
semaphore    | 
semaphore    |  Re-launch this program pointing to the configuration file
semaphore    | 
semaphore    | ./semaphore server --config /etc/semaphore/config.json
semaphore    | 
semaphore    |  To run as daemon:
semaphore    | 
semaphore    | nohup ./semaphore server --config /etc/semaphore/config.json &
semaphore    | 
semaphore    |  You can login with [email protected] or admin.
semaphore    | No additional python dependencies to install
semaphore    | Starting semaphore server
semaphore    | Loading config
semaphore    | Validating config
semaphore    | BoltDB /var/lib/semaphore/database.boltdb
semaphore    | Tmp Path (projects home) /tmp/semaphore
semaphore    | Semaphore v2.13.14-510ae35-1745088244
semaphore    | Interface 
semaphore    | Port :3000
semaphore    | Server is running

Manual installation - system information

No response

Configuration

No response

Additional information

No response

6C656C65 avatar May 06 '25 18:05 6C656C65

@6C656C65 config.json contains only auto-generated keys. Semaphore can read environment variables.

If you use TLS connection you need following flag: SEMAPHORE_EMAIL_TLS=true.

fiftin avatar May 07 '25 18:05 fiftin

I added the environment variable SEMAPHORE_EMAIL_TLS, I restarted my docker but when a task fails, no mail is sent (no outgoing SMTPS flow).

      ...
      - SEMAPHORE_EMAIL_TLS=true
      - SEMAPHORE_EMAIL_SENDER=REDACTED
      - SEMAPHORE_EMAIL_HOST=REDACTED
      - SEMAPHORE_EMAIL_PORT=465
      - SEMAPHORE_EMAIL_USERNAME=REDACTED
      - SEMAPHORE_EMAIL_PASSWORD=REDACTED
      - SEMAPHORE_EMAIL_SECURE="True"
      ...

I also don't see any logs in the task that sends email.

...
PLAY RECAP *********************************************************************

****             : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   

Running app failed: exit status 4

6C656C65 avatar May 07 '25 20:05 6C656C65

use also SEMAPHORE_EMAIL_ALERT: "true" as an env variable + you need to activate alerting inside you project via WebUI under Dashboard -> Settings -> "Allow alerts for this project"

Twim4 avatar May 08 '25 12:05 Twim4

time="2025-05-08T13:19:48Z" level=error msg="tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-05-08T13:19:48Z is after 2023-09-13T17:05:47Z" fields.level=Error

@Twim4 is there an option to ignore certificate ?

gudge25 avatar May 08 '25 13:05 gudge25

@Twim4 Thanks, I hadn't seen the box on the WebUI. Now, Semaphore connects via SMTPS, and I see the authorized traffic on my firewall. The problem is that I don't manage the SMTP server (so I don't have any logs) and I'm not receiving any emails. Is there a tool for sending test emails on Semaphore?

Here is my configuration that "works"

      - SEMAPHORE_EMAIL_ALERT=true
      - SEMAPHORE_EMAIL_TLS=true
      - SEMAPHORE_EMAIL_SENDER=REDACTED
      - SEMAPHORE_EMAIL_HOST=REDACTED
      - SEMAPHORE_EMAIL_PORT=465
      - SEMAPHORE_EMAIL_USERNAME=REDACTED
      - SEMAPHORE_EMAIL_PASSWORD=REDACTED
      - SEMAPHORE_EMAIL_SECURE=true

What is the difference between SEMAPHORE_EMAIL_TLS and SEMAPHORE_EMAIL_SECURE?

6C656C65 avatar May 08 '25 15:05 6C656C65

From what I can tell from my tests and looking at the code, SEMAPHORE_EMAIL_SECURE just enables STARTTLS, but if you set both SEMAPHORE_EMAIL_SECURE and SEMAPHORE_EMAIL_TLS instead it will use SSL/TLS without STARTTLS.

IguanaBob avatar May 08 '25 17:05 IguanaBob