From 8e235c584e501b05f478ef0162b1e7c53d834ab3 Mon Sep 17 00:00:00 2001
From: Thomas Reitz <T.Reitz@xinion.de>
Date: Sun, 15 Mar 2026 16:34:45 +0100
Subject: [PATCH] fix: PostgreSQL data migration, Redis auth, Vault-Loading in
 Playbooks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- PostgreSQL: initdb durch rsync-Ansatz ersetzt (Ubuntu/Debian kompatibel)
  Data-Dir wird via rsync vom Default-Cluster nach /data/postgresql migriert
- PostgreSQL: de_DE.UTF-8 Locale-Generierung als ersten Task hinzugefügt
- Redis: redis-cli ping mit Passwort-Auth (no_log: true)
- Playbooks: vars_files: ../vault.yml in dbs01/aps01/web01 ergänzt

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../INSIGHT-Infra/ansible/playbooks/aps01.yml |  2 +
 .../INSIGHT-Infra/ansible/playbooks/dbs01.yml |  2 +
 .../INSIGHT-Infra/ansible/playbooks/web01.yml |  2 +
 .../ansible/roles/postgresql/tasks/main.yml   | 79 +++++++++++++------
 .../ansible/roles/redis/tasks/main.yml        |  7 +-
 5 files changed, 64 insertions(+), 28 deletions(-)

diff --git a/repos/INSIGHT-Infra/ansible/playbooks/aps01.yml b/repos/INSIGHT-Infra/ansible/playbooks/aps01.yml
index 9b32bab..7a2a7fe 100644
--- a/repos/INSIGHT-Infra/ansible/playbooks/aps01.yml
+++ b/repos/INSIGHT-Infra/ansible/playbooks/aps01.yml
@@ -5,6 +5,8 @@
 - name: "INSIGHT-APS01 Setup"
   hosts: insight_aps
   become: true
+  vars_files:
+    - ../vault.yml
   roles:
     - role: common
     - role: disk_setup
diff --git a/repos/INSIGHT-Infra/ansible/playbooks/dbs01.yml b/repos/INSIGHT-Infra/ansible/playbooks/dbs01.yml
index c53390a..911135e 100644
--- a/repos/INSIGHT-Infra/ansible/playbooks/dbs01.yml
+++ b/repos/INSIGHT-Infra/ansible/playbooks/dbs01.yml
@@ -5,6 +5,8 @@
 - name: "INSIGHT-DBS01 Setup"
   hosts: insight_dbs
   become: true
+  vars_files:
+    - ../vault.yml
   roles:
     - role: common
     - role: disk_setup
diff --git a/repos/INSIGHT-Infra/ansible/playbooks/web01.yml b/repos/INSIGHT-Infra/ansible/playbooks/web01.yml
index 27de19e..f313bba 100644
--- a/repos/INSIGHT-Infra/ansible/playbooks/web01.yml
+++ b/repos/INSIGHT-Infra/ansible/playbooks/web01.yml
@@ -5,6 +5,8 @@
 - name: "INSIGHT-WEB01 Setup"
   hosts: insight_web
   become: true
+  vars_files:
+    - ../vault.yml
   roles:
     - role: common
     - role: disk_setup
diff --git a/repos/INSIGHT-Infra/ansible/roles/postgresql/tasks/main.yml b/repos/INSIGHT-Infra/ansible/roles/postgresql/tasks/main.yml
index 2778f35..698d58b 100644
--- a/repos/INSIGHT-Infra/ansible/roles/postgresql/tasks/main.yml
+++ b/repos/INSIGHT-Infra/ansible/roles/postgresql/tasks/main.yml
@@ -1,6 +1,17 @@
 ---
 # Role: postgresql
 # Installiert und konfiguriert PostgreSQL 16 auf DBS01
+# Daten werden vom Default-Cluster nach {{ postgresql_data_dir }} verschoben
+
+- name: "de_DE.UTF-8 Locale generieren"
+  locale_gen:
+    name: de_DE.UTF-8
+    state: present
+
+- name: "rsync installieren (für Datenmigration)"
+  apt:
+    name: rsync
+    state: present
 
 - name: "PostgreSQL GPG Key hinzufügen"
   apt_key:
@@ -23,6 +34,19 @@
     state: present
     update_cache: true
 
+- name: "Prüfen ob Data-Dir bereits PostgreSQL-Daten enthält"
+  stat:
+    path: "{{ postgresql_data_dir }}/PG_VERSION"
+  register: pg_data_exists
+
+- name: "PostgreSQL Service stoppen (für Datenmigration in /data)"
+  service:
+    name: "postgresql@{{ postgresql_version }}-main"
+    state: stopped
+  when:
+    - postgresql_data_dir != '/var/lib/postgresql/' ~ postgresql_version ~ '/main'
+    - not pg_data_exists.stat.exists
+
 - name: "PostgreSQL Data-Verzeichnis anlegen"
   file:
     path: "{{ postgresql_data_dir }}"
@@ -30,29 +54,28 @@
     owner: postgres
     group: postgres
     mode: '0700'
-  when: postgresql_data_dir != '/var/lib/postgresql'
-
-- name: "PostgreSQL Service stoppen (vor Konfiguration)"
-  service:
-    name: "postgresql@{{ postgresql_version }}-main"
-    state: stopped
-  when: postgresql_data_dir != '/var/lib/postgresql'
-
-- name: "Prüfen ob PostgreSQL Cluster bereits initialisiert"
-  stat:
-    path: "{{ postgresql_data_dir }}/PG_VERSION"
-  register: pg_cluster_initialized
-
-- name: "PostgreSQL Cluster in Data-Dir initialisieren"
-  become_user: postgres
-  command: >
-    /usr/lib/postgresql/{{ postgresql_version }}/bin/initdb
-    -D {{ postgresql_data_dir }}
   when:
-    - postgresql_data_dir != '/var/lib/postgresql'
-    - not pg_cluster_initialized.stat.exists
+    - postgresql_data_dir != '/var/lib/postgresql/' ~ postgresql_version ~ '/main'
+    - not pg_data_exists.stat.exists
 
-- name: "postgresql.conf konfigurieren"
+- name: "PostgreSQL Default-Cluster nach {{ postgresql_data_dir }} kopieren"
+  command: >
+    rsync -a --delete
+    /var/lib/postgresql/{{ postgresql_version }}/main/
+    {{ postgresql_data_dir }}/
+  when:
+    - postgresql_data_dir != '/var/lib/postgresql/' ~ postgresql_version ~ '/main'
+    - not pg_data_exists.stat.exists
+
+- name: "Berechtigungen auf Data-Dir sicherstellen"
+  file:
+    path: "{{ postgresql_data_dir }}"
+    owner: postgres
+    group: postgres
+    mode: '0700'
+  when: postgresql_data_dir != '/var/lib/postgresql/' ~ postgresql_version ~ '/main'
+
+- name: "postgresql.conf konfigurieren (inkl. data_directory)"
   template:
     src: postgresql.conf.j2
     dest: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf"
@@ -76,6 +99,12 @@
     state: started
     enabled: true
 
+- name: "Warten bis PostgreSQL bereit ist"
+  wait_for:
+    host: localhost
+    port: "{{ postgresql_port | default(5432) }}"
+    timeout: 30
+
 - name: "PostgreSQL INSIGHT Datenbanken anlegen"
   become_user: postgres
   postgresql_db:
@@ -99,7 +128,7 @@
   when: postgresql_users is defined
   no_log: true
 
-- name: "PostgreSQL Berechtigungen setzen"
+- name: "PostgreSQL Datenbankberechtigungen setzen"
   become_user: postgres
   postgresql_privs:
     db: "{{ item.db }}"
@@ -110,12 +139,12 @@
   loop: "{{ postgresql_grants }}"
   when: postgresql_grants is defined
 
-- name: "PostgreSQL Version prüfen"
+- name: "PostgreSQL Version ausgeben"
   become_user: postgres
   command: psql --version
   register: pg_version
   changed_when: false
 
-- name: "PostgreSQL Version ausgeben"
+- name: "PostgreSQL bereit"
   debug:
-    msg: "{{ pg_version.stdout }}"
+    msg: "{{ pg_version.stdout }} — Data-Dir: {{ postgresql_data_dir }}"
diff --git a/repos/INSIGHT-Infra/ansible/roles/redis/tasks/main.yml b/repos/INSIGHT-Infra/ansible/roles/redis/tasks/main.yml
index a0a4539..4501868 100644
--- a/repos/INSIGHT-Infra/ansible/roles/redis/tasks/main.yml
+++ b/repos/INSIGHT-Infra/ansible/roles/redis/tasks/main.yml
@@ -43,13 +43,14 @@
     enabled: true
 
 - name: "Redis Konnektivität prüfen"
-  command: redis-cli ping
+  command: redis-cli -a {{ redis_password }} ping
   register: redis_ping
   changed_when: false
+  no_log: true
   retries: 3
   delay: 2
   until: redis_ping.stdout == "PONG"
 
-- name: "Redis Status ausgeben"
+- name: "Redis bereit"
   debug:
-    msg: "Redis antwortet: {{ redis_ping.stdout }}"
+    msg: "Redis antwortet: PONG"