web-app-mediawiki: installer-driven bootstrap, DB readiness, idempotent admin; drop LocalSettings bind-mount

Tasks:
- Enable docker_compose_flush_handlers=true so services come up immediately.
- Add DB readiness guard via maintenance/sql.php (SELECT 1).
- Run maintenance/install.php on empty schema with robust changed_when/failed_when (merge stdout+stderr); keep secrets hidden.
- Run maintenance/update.php for migrations with neutral changed_when unless work is done.
- Make admin creation idempotent: tolerate 'already exists' and 'Account exists', keep async+no_log.

Config changes:
- Remove LocalSettings.php template and its host bind-mount from compose.
- Drop MediaWiki settings path variables and META namespace variable (unused after switch).

Result: First boot is fully automated (schema + admin), subsequent runs are cleanly idempotent.

Ref: ChatGPT conversation (Aug 28, 2025, Europe/Berlin) — https://chatgpt.com/share/68b0d2e1-9bc0-800f-81a5-db03ce0b81e3.

roles/web-app-mediawiki/tasks/main.yml

@@ -3,16 +3,52 @@
   include_role: 
     name: sys-stk-full-stateful
   vars:
-    docker_compose_flush_handlers: false
+    docker_compose_flush_handlers: true
 
-- name: "Deploy MediaWiki LocalSettings.php"
-  template:
-    src: "LocalSettings.php.j2"
-    dest: "{{ MEDIAWIKI_SETTINGS_HOST_PATH }}"
-    mode: '0644'
+- name: "Wait for DB to be reachable"
+  command: >
+    docker exec {{ MEDIAWIKI_CONTAINER }}
+    php /var/www/html/maintenance/sql.php --query "SELECT 1;"
+  register: mw_db_ready
+  retries: 15
+  delay: 2
+  until: mw_db_ready.rc == 0
+  changed_when: false
+  failed_when: false
 
-- name: "Flush docker compose handlers"
-  meta: flush_handlers
+- name: "Install MediaWiki if no schema exists"
+  command: >
+    docker exec -u {{ MEDIAWIKI_USER }} {{ MEDIAWIKI_CONTAINER }}
+    php /var/www/html/maintenance/install.php
+    --dbname="{{ database_name }}"
+    --dbuser="{{ database_username }}"
+    --dbpass="{{ database_password }}"
+    --dbserver="{{ database_host }}:{{ database_port }}"
+    --installdbuser="{{ database_username }}"
+    --installdbpass="{{ database_password }}"
+    --server="{{ MEDIAWIKI_URL }}"
+    --scriptpath=""
+    --lang={{ HOST_LL }}
+    --pass="{{ MEDIAWIKI_ADMINISTRATOR_PASSWORD }}"
+    "{{ MEDIAWIKI_SITENAME }}"
+    "{{ MEDIAWIKI_ADMINISTRATOR_NAME }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
+  register: mw_install
+  changed_when: mw_install.rc == 0
+  failed_when: >
+    mw_install.rc != 0 and
+    ('LocalSettings.php file has been detected' not in (((mw_install.stdout | default('')) ~ (mw_install.stderr | default(''))))) and
+    ('run update.php instead' not in (((mw_install.stdout | default('')) ~ (mw_install.stderr | default('')))))
+
+- name: "Initialize / migrate MediaWiki database schema"
+  command: >
+    docker exec
+    -u {{ MEDIAWIKI_USER }}
+    {{ MEDIAWIKI_CONTAINER }}
+    php /var/www/html/maintenance/update.php --quick
+  register: mw_update
+  changed_when: "'...done.' in (mw_update.stdout | default(''))"
+  failed_when: mw_update.rc != 0
 
 - name: "Create MediaWiki admin user"
   command: >
@@ -26,8 +62,12 @@
     {{ MEDIAWIKI_ADMINISTRATOR_EMAIL }}
   register: create_admin
   changed_when: >
-    'created' in (create_admin.stdout | default('')) or
-    'Created' in (create_admin.stdout | default(''))
+    ('created' in ((create_admin.stdout | default('')) ~ (create_admin.stderr | default('')))) or
+    ('Created' in ((create_admin.stdout | default('')) ~ (create_admin.stderr | default(''))))
   failed_when: >
     create_admin.rc != 0 and
-    ('already exists' not in (create_admin.stdout | default('') ~ create_admin.stderr | default('')))
+    ('already exists' not in ((create_admin.stdout | default('')) ~ (create_admin.stderr | default('')))) and
+    ('Account exists' not in ((create_admin.stdout | default('')) ~ (create_admin.stderr | default(''))))
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"