Upgrade repo for Ubuntu 22.04.

.ansible-lint

@@ -1,3 +1,5 @@
+---
+
 skip_list:
  - ANSIBLE0006
  - ANSIBLE0012

.github/workflows/molecule.yml

@@ -7,12 +7,12 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version: [3.6, 3.7]
+        python-version: [3.9, "3.10", 3.11]
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies

.yamllint

@@ -1,3 +1,5 @@
+---
+
 extends: default
 
 rules:

README.md

@@ -23,7 +23,7 @@ Environment-specific settings are in the `group_vars` directory.
 A `certbot` role is also included for automatically generating and renewing
 trusted SSL certificates with [Let's Encrypt][lets-encrypt].
 
-**Tested with OS:** Ubuntu 18.04 LTS (64-bit), Ubuntu 16.04 LTS (64-bit).
+**Tested with OS:** Ubuntu 22.04 LTS (64-bit), Ubuntu 20.04 LTS (64-bit).
 
 **Tested with Cloud Providers:** [Digital Ocean][digital-ocean], [AWS][aws], [Rackspace][rackspace]
 
@@ -313,9 +313,9 @@ to run during deployment in most Django environments.
 
 ### Changing the Ubuntu release
 
-The [Vagrantfile](Vagrantfile) uses the Ubuntu 20.04 LTS Vagrant box for a
+The [Vagrantfile](Vagrantfile) uses the Ubuntu 22.04 LTS Vagrant box for a
 64-bit PC that is published by Canonical in HashiCorp Atlas. To use Ubuntu
-18.04 LTS instead, change the `config.vm.box` setting to `ubuntu/bionic64`.
+20.04 LTS instead, change the `config.vm.box` setting to `ubuntu/focal64`.
 
 ### Changing the Python version used by your application
 

Vagrantfile

@@ -5,7 +5,7 @@
 VAGRANTFILE_API_VERSION = "2"
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = "ubuntu/focal64"
+  config.vm.box = "ubuntu/jammy64"
   config.ssh.forward_agent = false
   config.vm.define "my-cool-app.local", primary: true do |app|
     app.vm.hostname = "my-cool-app"

dbservers.yml

@@ -9,7 +9,7 @@
     update_apt_cache: true
 
   module_defaults:
-    apt:
+    ansible.builtin.apt:
       force_apt_get: true
 
   roles:

docker/Dockerfile

@@ -1,5 +1,5 @@
 # Use the official Ubuntu 20.04 base image from the Docker repository
-FROM ubuntu:focal
+FROM ubuntu:jammy
 
 # Allow processes to detect that they are being run in a container
 ENV container oci

group_vars/development/vars.yml

@@ -11,7 +11,7 @@ application_name: django_default_project
 #
 # More info here: https://launchpad.net/~fkrull/+archive/ubuntu/deadsnakes
 enable_deadsnakes_ppa: true
-virtualenv_python_version: python3.9
+virtualenv_python_version: python3.11
 
 
 # Git settings.

molecule/default/Dockerfile.j2

@@ -6,7 +6,7 @@ FROM {{ item.registry.url }}/{{ item.image }}
 FROM {{ item.image }}
 {% endif %}
 
-RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python python-is-python3 sudo bash ca-certificates && apt-get clean; \
     elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \
     elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
     elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \

molecule/default/converge.yml

@@ -5,7 +5,7 @@
   gather_facts: false
   tasks:
     - name: Install Python3 for Ansible
-      raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
+      ansible.builtin.raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 
@@ -17,11 +17,11 @@
 
   tasks:
     - name: Install Python3
-      raw: apt-get install python3-minimal
+      ansible.builtin.raw: apt-get install python3-minimal
       changed_when: false
 
   module_defaults:
-    apt:
+    ansible.builtin.apt:
       force_apt_get: true
 
   roles:

molecule/default/molecule.yml

@@ -4,13 +4,16 @@ dependency:
 driver:
   name: docker
 lint: |
+  set -e
   yamllint .
+  ansible-lint
+  flake8
 platforms:
-  - name: instance-xenial
+  - name: instance-jammy
     groups:
       - vagrant
     image: ubuntu
-    image_version: xenial
+    image_version: jammy
     privileged: true
   - name: instance-focal
     groups:
@@ -20,14 +23,10 @@ platforms:
     privileged: true
 provisioner:
   name: ansible
-  lint:
-    name: ansible-lint
   env:
     ANSIBLE_ROLES_PATH: ../../roles/
   inventory:
     links:
       group_vars: ../../group_vars/
 verifier:
-  name: testinfra
-  lint:
-    name: flake8
+  name: ansible

requirements-dev.txt

@@ -1,6 +1,6 @@
 -r requirements.txt
 
-molecule==3.3.4
-molecule-docker==0.2.4
-testinfra==3.2.1
-yamllint==1.19.0
+ansible-lint==6.14.6
+molecule==4.0.4
+molecule-docker==2.1.0
+yamllint==1.30.0

requirements.txt

@@ -1 +1 @@
-ansible==4.2.0
+ansible==7.4.0

roles/avahi/tasks/main.yml

@@ -1,8 +1,8 @@
 ---
 
 - name: Install the Avahi mDNS/DNS-SD daemon
-  apt: name=avahi-daemon update_cache={{ update_apt_cache }} state=present
+  ansible.builtin.apt: name=avahi-daemon update_cache={{ update_apt_cache }} state=present
   tags: packages
 
 - name: Ensure the Avahi mDNS/DNS-SD daemon is running
-  service: name=avahi-daemon state=started enabled=yes
+  ansible.builtin.service: name=avahi-daemon state=started enabled=yes

roles/base/tasks/create_swap_file.yml

@@ -1,24 +1,24 @@
 ---
 - name: Create swap file
-  command: dd if=/dev/zero of={{ swap_file_path }} bs=1024 count={{ swap_file_size_kb }}k
+  ansible.builtin.command: dd if=/dev/zero of={{ swap_file_path }} bs=1024 count={{ swap_file_size_kb }}k
            creates="{{ swap_file_path }}"
   tags: swap.file.create
 
 - name: Change swap file permissions
-  file: path="{{ swap_file_path }}"
+  ansible.builtin.file: path="{{ swap_file_path }}"
         owner=root
         group=root
         mode=0600
   tags: swap.file.permissions
 
 - name: Check swap file type
-  command: file {{ swap_file_path }}
+  ansible.builtin.command: file {{ swap_file_path }}
   register: swapfile
   tags: swap.file.mkswap
   changed_when: false
 
 - name: Make swap file
-  command: "mkswap {{ swap_file_path }}"
+  ansible.builtin.command: "mkswap {{ swap_file_path }}"
   when: swapfile.stdout.find('swap file') == -1
   tags: swap.file.mkswap
 
@@ -33,6 +33,6 @@
   tags: swap.fstab
 
 - name: Mount swap
-  command: "swapon {{ swap_file_path }}"
+  ansible.builtin.command: "swapon {{ swap_file_path }}"
   when: ansible_swaptotal_mb < 1
   tags: swap.file.swapon

roles/base/tasks/main.yml

@@ -1,19 +1,19 @@
 ---
 
-- include: create_swap_file.yml
+- import_tasks: create_swap_file.yml
   when: create_swap_file
   tags: swap
 
 - name: Install security updates
-  apt: default_release={{ ansible_distribution_release }}-security
+  ansible.builtin.apt: default_release={{ ansible_distribution_release }}-security
        update_cache={{ update_apt_cache }}
        upgrade=dist
   tags:
     - packages
     - skip_ansible_lint
 
 - name: Install base packages
-  apt:
+  ansible.builtin.apt:
     update_cache: "{{ update_apt_cache }}"
     state: present
     name:
@@ -31,7 +31,7 @@
     - packages.security
 
 - name: Upgrade pip
-  pip: name=pip state=latest
+  ansible.builtin.pip: name=pip state=latest
   tags:
     - packages
     - skip_ansible_lint

roles/celery/handlers/main.yml

@@ -1,4 +1,4 @@
 ---
 
 - name: restart {{ celery_application_name }}
-  supervisorctl: name={{ celery_application_name }} state=restarted
+  community.general.supervisorctl: name={{ celery_application_name }} state=restarted

roles/celery/tasks/copy_scripts.yml

@@ -1,14 +1,14 @@
 ---
 
 - name: Create the folder for the celery scripts
-  file: path={{ celery_scripts_dir }}
+  ansible.builtin.file: path={{ celery_scripts_dir }}
         owner={{ celery_user }}
         group={{ celery_group }}
         mode=0774
         state=directory
 
 - name: Create the {{ celery_application_name }} script file
-  template: src={{ celery_template_file }}
+  ansible.builtin.template: src={{ celery_template_file }}
             dest={{ celery_scripts_dir }}/{{ celery_application_name }}_start
             owner={{ celery_user }}
             group={{ celery_group }}

roles/celery/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 
-- include: copy_scripts.yml
+- import_tasks: copy_scripts.yml
   tags: celery
 
-- include: setup_supervisor.yml
+- import_tasks: setup_supervisor.yml
   tags: celery

roles/celery/tasks/setup_supervisor.yml

@@ -1,42 +1,45 @@
 ---
 
 - name: Ensure the Supervisor service is running
-  service:
+  ansible.builtin.service:
     name: supervisor
     state: started
-    enabled: yes
+    enabled: true
     # TODO: This is likely due to a bug in Ansible.
     # Remove this line in the future.
     # See https://github.com/ansible/ansible/issues/75005
     use: sysvinit
 
 - name: Create the Supervisor config file for {{ celery_application_name }}
-  template: src=supervisor_{{ celery_application_name }}.conf.j2
+  ansible.builtin.template: src=supervisor_{{ celery_application_name }}.conf.j2
             dest=/etc/supervisor/conf.d/{{ celery_application_name }}.conf
+            mode=0644
 
 - name: Create the {{ celery_application_name }} log directory
-  file: path={{ celery_log_dir }}
+  ansible.builtin.file: path={{ celery_log_dir }}
         owner={{ celery_user }}
         group={{ celery_group }}
         state=directory
+        mode=0644
 
 - name: Check for an existing celery logfile
-  stat:
+  ansible.builtin.stat:
     path: "{{ celery_log_file }}"
   register: p
 
 - name: Create (or retain) the {{ celery_application_name }} log file
   # Removing until https://github.com/ansible/ansible/issues/45530 gets resolved.
-  # copy: content=""
+  # ansible.builtin.copy: content=""
   #       dest={{ celery_log_file }}
   #       owner={{ celery_user }}
   #       group={{ celery_group }}
   #       force=no
-  file:
+  ansible.builtin.file:
     path: "{{ celery_log_file }}"
     owner: "{{ celery_user }}"
     group: "{{ celery_group }}"
     state: '{{ "file" if  p.stat.exists else "touch" }}'
+    mode: "0644"
 
 - name: Re-read the Supervisor config files
-  supervisorctl: name={{ celery_application_name }} state=present
+  community.general.supervisorctl: name={{ celery_application_name }} state=present

roles/certbot/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Install Certbot
-  apt:
+  ansible.builtin.apt:
     update_cache: "{{ update_apt_cache }}"
     state: present
     name:
@@ -10,24 +10,24 @@
   tags: packages
 
 - name: Check if Nginx exists
-  stat: path=/etc/init.d/nginx
+  ansible.builtin.stat: path=/etc/init.d/nginx
   register: nginx_status
 
 - name: Ensure Nginx is stopped
-  service: name=nginx state=stopped
+  ansible.builtin.service: name=nginx state=stopped
   when: nginx_status.stat.exists
 
 - name: Install certbot and generate cert
-  command: "{{ certbot_script }} certonly --noninteractive --agree-tos --standalone --email {{ certbot_admin_email }} -d {{ inventory_hostname }}"
+  ansible.builtin.command: "{{ certbot_script }} certonly --noninteractive --agree-tos --standalone --email {{ certbot_admin_email }} -d {{ inventory_hostname }}"
   args:
     creates: "{{ certbot_output_dir }}"
 
 - name: Ensure Nginx is started
-  service: name=nginx state=started
+  ansible.builtin.service: name=nginx state=started
   when: nginx_status.stat.exists
 
 - name: Ensure a cron job to auto-renew the cert exists
-  cron: name="daily auto renew cert"
+  ansible.builtin.cron: name="daily auto renew cert"
         special_time=daily
         job="{{ certbot_script }} renew --standalone --no-self-upgrade --pre-hook \"service nginx stop\" --post-hook \"service nginx start\" --quiet"
         state=present

roles/db/handlers/main.yml

@@ -1,4 +1,4 @@
 ---
 
 - name: restart postgresql
-  service: name=postgresql state=restarted enabled=yes
+  ansible.builtin.service: name=postgresql state=restarted enabled=yes