fixed deploy yaml for user deployment
This commit is contained in:
@@ -25,6 +25,22 @@
|
|||||||
path: "{{ target_dir }}"
|
path: "{{ target_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: "Erstelle Unterverzeichnisse (falls nötig)"
|
||||||
|
file:
|
||||||
|
path: "{{ target_dir }}/{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
loop:
|
||||||
|
- config
|
||||||
|
- file
|
||||||
|
- logs
|
||||||
|
- certs
|
||||||
|
when: app_item.name == 'vault' # Nur für Vault
|
||||||
|
|
||||||
# 3. Secrets aus Vault (Lokal lookup)
|
# 3. Secrets aus Vault (Lokal lookup)
|
||||||
- name: "Lade Secrets aus Vault (Lokal lookup)"
|
- name: "Lade Secrets aus Vault (Lokal lookup)"
|
||||||
@@ -99,8 +115,13 @@
|
|||||||
compress: yes
|
compress: yes
|
||||||
rsync_opts:
|
rsync_opts:
|
||||||
- "--chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r" # directory_mode='0755', mode='0644'
|
- "--chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r" # directory_mode='0755', mode='0644'
|
||||||
|
# Für Vault: Exkludiere Container-verwaltete Verzeichnisse
|
||||||
|
- "--exclude=file/" # Vault-Daten (werden vom Container verwaltet)
|
||||||
|
- "--exclude=logs/" # Vault-Logs (werden vom Container verwaltet)
|
||||||
|
- "--exclude=certs/" # Vault-Zertifikate (werden vom Container generiert)
|
||||||
delegate_to: localhost # rsync läuft von localhost (Source) zu remote (Destination)
|
delegate_to: localhost # rsync läuft von localhost (Source) zu remote (Destination)
|
||||||
become: false # Kein sudo für rsync
|
become: true # Benötigt sudo für Schreibrechte in /opt/vault/
|
||||||
|
become_user: root
|
||||||
register: file_sync_result
|
register: file_sync_result
|
||||||
|
|
||||||
# 7. Docker Compose Deployment
|
# 7. Docker Compose Deployment
|
||||||
|
|||||||
Reference in New Issue
Block a user