fixed deploy yaml for user deployment

2026-01-19 16:57:47 +01:00
parent 7d8e6f2785
commit bfaf52d980
1 changed files with 22 additions and 1 deletions
--- a/infrastructure/ansible/deploy_logic_push.yml
+++ b/infrastructure/ansible/deploy_logic_push.yml
@@ -25,6 +25,22 @@
    path: "{{ target_dir }}"
    state: directory
    mode: '0755'
+    owner: root
+    group: root
+
+- name: "Erstelle Unterverzeichnisse (falls nötig)"
+  file:
+    path: "{{ target_dir }}/{{ item }}"
+    state: directory
+    mode: '0755'
+    owner: root
+    group: root
+  loop:
+    - config
+    - file
+    - logs
+    - certs
+  when: app_item.name == 'vault'  # Nur für Vault

 # 3. Secrets aus Vault (Lokal lookup)
 - name: "Lade Secrets aus Vault (Lokal lookup)"
@@ -99,8 +115,13 @@
    compress: yes
    rsync_opts:
      - "--chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r"  # directory_mode='0755', mode='0644'
+      # Für Vault: Exkludiere Container-verwaltete Verzeichnisse
+      - "--exclude=file/"  # Vault-Daten (werden vom Container verwaltet)
+      - "--exclude=logs/"  # Vault-Logs (werden vom Container verwaltet)
+      - "--exclude=certs/"  # Vault-Zertifikate (werden vom Container generiert)
  delegate_to: localhost  # rsync läuft von localhost (Source) zu remote (Destination)
-  become: false  # Kein sudo für rsync
+  become: true  # Benötigt sudo für Schreibrechte in /opt/vault/
+  become_user: root
  register: file_sync_result

 # 7. Docker Compose Deployment