refined deplyoment strategy

2026-01-09 15:28:44 +00:00
parent 8ebc542f8b
commit 35c8757e60
3 changed files with 13 additions and 1 deletions
--- a/infrastructure/ansible/pull_deploy.yml
+++ b/infrastructure/ansible/pull_deploy.yml
@@ -17,6 +17,9 @@
    
    # User für Docker Gruppe (wichtig für common Rolle)
    ansible_user: "ansible"
+    
+    # Git Repo URL (muss identisch mit deploy.yml sein, oder dynamisch ermittelt werden)
+    git_repo_url: "https://git.cloud-infra.prod.openmailserver.de/stabify/infrastructure.git"

  tasks:
    # 1. Identifikation
--- a/infrastructure/ansible/roles/common/handlers/main.yml
+++ b/infrastructure/ansible/roles/common/handlers/main.yml
@@ -1,5 +1,6 @@
---
 - name: Reload Systemd
  systemd:
    daemon_reload: true

+- name: Update CA Trust
+  shell: update-ca-certificates
--- a/infrastructure/ansible/roles/common/tasks/main.yml
+++ b/infrastructure/ansible/roles/common/tasks/main.yml
@@ -15,6 +15,14 @@
    state: present
    update_cache: true

+- name: "Verteile Stabify Root CA"
+  copy:
+    src: "{{ playbook_dir }}/../../vault-ca.crt" # Relativ zum Playbook-Root (wenn Push)
+    dest: /usr/local/share/ca-certificates/stabify-root-ca.crt
+    mode: '0644'
+  notify: Update CA Trust
+  ignore_errors: true # Fallback, falls File lokal nicht da (z.B. im Pull Mode)
+
 - name: "Installiere Ansible & Git für GitOps (Pull-Mode)"
  apt:
    name: