web-app-mediawiki: installer-driven bootstrap, DB readiness, idempotent admin; drop LocalSettings bind-mount

Tasks:
- Enable docker_compose_flush_handlers=true so services come up immediately.
- Add DB readiness guard via maintenance/sql.php (SELECT 1).
- Run maintenance/install.php on empty schema with robust changed_when/failed_when (merge stdout+stderr); keep secrets hidden.
- Run maintenance/update.php for migrations with neutral changed_when unless work is done.
- Make admin creation idempotent: tolerate 'already exists' and 'Account exists', keep async+no_log.

Config changes:
- Remove LocalSettings.php template and its host bind-mount from compose.
- Drop MediaWiki settings path variables and META namespace variable (unused after switch).

Result: First boot is fully automated (schema + admin), subsequent runs are cleanly idempotent.

Ref: ChatGPT conversation (Aug 28, 2025, Europe/Berlin) — https://chatgpt.com/share/68b0d2e1-9bc0-800f-81a5-db03ce0b81e3.

roles/web-app-mediawiki/tasks/main.yml

@@ -3,16 +3,52 @@
   include_role: 
     name: sys-stk-full-stateful
   vars:
-    docker_compose_flush_handlers: false
+    docker_compose_flush_handlers: true
 
-- name: "Deploy MediaWiki LocalSettings.php"
-  template:
-    src: "LocalSettings.php.j2"
-    dest: "{{ MEDIAWIKI_SETTINGS_HOST_PATH }}"
-    mode: '0644'
+- name: "Wait for DB to be reachable"
+  command: >
+    docker exec {{ MEDIAWIKI_CONTAINER }}
+    php /var/www/html/maintenance/sql.php --query "SELECT 1;"
+  register: mw_db_ready
+  retries: 15
+  delay: 2
+  until: mw_db_ready.rc == 0
+  changed_when: false
+  failed_when: false
 
-- name: "Flush docker compose handlers"
-  meta: flush_handlers
+- name: "Install MediaWiki if no schema exists"
+  command: >
+    docker exec -u {{ MEDIAWIKI_USER }} {{ MEDIAWIKI_CONTAINER }}
+    php /var/www/html/maintenance/install.php
+    --dbname="{{ database_name }}"
+    --dbuser="{{ database_username }}"
+    --dbpass="{{ database_password }}"
+    --dbserver="{{ database_host }}:{{ database_port }}"
+    --installdbuser="{{ database_username }}"
+    --installdbpass="{{ database_password }}"
+    --server="{{ MEDIAWIKI_URL }}"
+    --scriptpath=""
+    --lang={{ HOST_LL }}
+    --pass="{{ MEDIAWIKI_ADMINISTRATOR_PASSWORD }}"
+    "{{ MEDIAWIKI_SITENAME }}"
+    "{{ MEDIAWIKI_ADMINISTRATOR_NAME }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
+  register: mw_install
+  changed_when: mw_install.rc == 0
+  failed_when: >
+    mw_install.rc != 0 and
+    ('LocalSettings.php file has been detected' not in (((mw_install.stdout | default('')) ~ (mw_install.stderr | default(''))))) and
+    ('run update.php instead' not in (((mw_install.stdout | default('')) ~ (mw_install.stderr | default('')))))
+
+- name: "Initialize / migrate MediaWiki database schema"
+  command: >
+    docker exec
+    -u {{ MEDIAWIKI_USER }}
+    {{ MEDIAWIKI_CONTAINER }}
+    php /var/www/html/maintenance/update.php --quick
+  register: mw_update
+  changed_when: "'...done.' in (mw_update.stdout | default(''))"
+  failed_when: mw_update.rc != 0
 
 - name: "Create MediaWiki admin user"
   command: >
@@ -26,8 +62,12 @@
     {{ MEDIAWIKI_ADMINISTRATOR_EMAIL }}
   register: create_admin
   changed_when: >
-    'created' in (create_admin.stdout | default('')) or
-    'Created' in (create_admin.stdout | default(''))
+    ('created' in ((create_admin.stdout | default('')) ~ (create_admin.stderr | default('')))) or
+    ('Created' in ((create_admin.stdout | default('')) ~ (create_admin.stderr | default(''))))
   failed_when: >
     create_admin.rc != 0 and
-    ('already exists' not in (create_admin.stdout | default('') ~ create_admin.stderr | default('')))
+    ('already exists' not in ((create_admin.stdout | default('')) ~ (create_admin.stderr | default('')))) and
+    ('Account exists' not in ((create_admin.stdout | default('')) ~ (create_admin.stderr | default(''))))
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

roles/web-app-mediawiki/templates/LocalSettings.php.j2

@@ -1,29 +0,0 @@
-<?php
-# This file was automatically generated by the MediaWiki installer.
-# Managed by Ansible in your setup.
-
-# Basic settings
-$wgSitename = "{{ MEDIAWIKI_SITENAME }}";
-$wgMetaNamespace = "{{ MEDIAWIKI_META_NAMESPACE }}";
-$wgScriptPath = "";
-$wgServer = "{{ MEDIAWIKI_URL }}";
-
-# Database settings
-$wgDBtype = "mysql";
-$wgDBserver = "{{ database_host }}:{{ database_port }}";
-$wgDBname = "{{ database_name }}";
-$wgDBuser = "{{ database_username }}";
-$wgDBpassword = "{{ database_password }}";
-
-# Email settings
-$wgEnableEmail = true;
-$wgEnableUserEmail = true;
-$wgEmergencyContact = "{{ users.administrator.email }}";
-$wgPasswordSender = "{{ users['no-reply'].email }}";
-
-# Default skin
-$wgDefaultSkin = "vector";
-
-# Extensions (examples)
-wfLoadExtension( 'ParserFunctions' );
-wfLoadExtension( 'Cite' );

roles/web-app-mediawiki/templates/docker-compose.yml.j2

@@ -5,7 +5,6 @@
     image: "{{ MEDIAWIKI_IMAGE }}:{{ MEDIAWIKI_VERSION }}"
     volumes:
       - "data:/var/www/html/"
-      - "{{ MEDIAWIKI_SETTINGS_HOST_PATH }}:{{ MEDIAWIKI_SETTINGS_DOCK_PATH }}:ro"
     ports:
       - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}

roles/web-app-mediawiki/vars/main.yml

@@ -5,7 +5,6 @@ container_port:                   80
 
 # Mediawiki
 MEDIAWIKI_SITENAME:               "{{ applications | get_app_conf(application_id, 'sitename') }}"
-MEDIAWIKI_META_NAMESPACE:         "{{ applications | get_app_conf(application_id, 'meta_namespace') }}"
 MEDIAWIKI_URL:                    "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 
 ## Docker
@@ -13,8 +12,6 @@ MEDIAWIKI_VERSION:                "{{ applications | get_app_conf(application_id
 MEDIAWIKI_IMAGE:                  "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.image') }}"
 MEDIAWIKI_CONTAINER:              "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.name') }}"
 MEDIAWIKI_VOLUME:                 "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
-MEDIAWIKI_SETTINGS_HOST_PATH:     "{{ [docker_compose.directories.volumes, 'LocalSettings.php'] | path_join }}"
-MEDIAWIKI_SETTINGS_DOCK_PATH:     "/var/www/html/LocalSettings.php"
 MEDIAWIKI_USER:                   "www-data"
 
 # User