diff --git a/.ansible-lint b/.ansible-lint
index 1c996e2..24d1b40 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -3,11 +3,14 @@ exclude_paths:
   - .git
   - __pycache__
   - .venv
+  - collections/ansible_collections/kubernetes/core
 
 parseable: true
 
 skip_list:
   - package-latest
+  # we do want to do that, thanks
+  - role-name[path]
   # if /.changed/ is used, even if you loop on a registered variable
   # and happens to check item.changed, which cannot be converted in to
   # a handler, this rule is not clever enough to understand
@@ -19,7 +22,25 @@ skip_list:
   # let's wait for a better collections resolution configuration
   # (see https://github.com/ansible/ansible/issues/68457#issuecomment-613697236)
   - fqcn-builtins
+  # this seems to flag incorrect stuff:
+  # https://github.com/ansible/ansible-lint/issues/2208
+  # https://github.com/ansible/ansible-lint/issues/2209
+  - var-spacing
+  # temporary blocked so code can be merged
+  - jinja[invalid]
+  - experimental
+  # https://github.com/ansible/ansible-lint/issues/2501
+  - template-instead-of-copy
+  # pedandic/useless
+  - name[casing]
+  - name[template]
+  - key-order[task]
+  - no-changed-when
+  # TODO: would be safer to work on this
+  #   (experienced conflicts when running chained plays in complex setups)
+  - var-naming[no-role-prefix]
+  - var-naming[no-reserved]
 
 # offline mode disables installation of requirements.yml
-offline: true
+#offline: true
 
diff --git a/.github/workflows/ansiblelint.yml b/.github/workflows/ansiblelint.yml
index beb5565..36a5504 100644
--- a/.github/workflows/ansiblelint.yml
+++ b/.github/workflows/ansiblelint.yml
@@ -18,7 +18,7 @@ jobs:
       fail-fast: false
       max-parallel: 4
       matrix:
-        python-version: [3.6, 3.7]
+        python-version: [3.11]
     steps:
       - uses: actions/checkout@v1
       - name: Set up Python ${{ matrix.python-version }}
diff --git a/.yamllint b/.yamllint
index 4b2e467..ba7aa07 100644
--- a/.yamllint
+++ b/.yamllint
@@ -10,6 +10,7 @@ ignore: |
   # cannot handle jinja2 syntax
   roles/*/templates/*.yml
   data/tenants/osci/shared_services_params/ansible/osci_zone/services.yml
+  collections/ansible_collections/kubernetes/core
 
 rules:
   braces:
diff --git a/README.md b/README.md
index b90a4b3..3b33750 100644
--- a/README.md
+++ b/README.md
@@ -6,9 +6,7 @@ Beaker is open-source software for managing and automating labs of test computer
 
 This repository contains Ansible rules to manage the Beaker infrastructure.
 
-You need `Ansible >=2.3` to be able to handle the (new) YAML-based 'hosts' file format.
-
-However, we strongly recommend using `Ansible >= 2.7.5`. You can install all
+We strongly recommend using `Ansible >= 2.14`. You can install all
 necessary requirements via command `pip install -r requirements.txt`.
 
 ## Admin-specific Production Settings
@@ -29,7 +27,7 @@ attributes are defined to make diff-ing and merging easy.
 
 Your config needs to be enhanced to tell git how to handle these files.
 This is very easy, look at this URL for more info:
-  https://github.com/building5/ansible-vault-tools
+https://github.com/building5/ansible-vault-tools
 
 ## Improving Ansible Speed
 
@@ -43,4 +41,3 @@ First install the library (it is not yet packaged):
 Then you just need to run playbooks this way:
 
 `ANSIBLE_STRATEGY=mitogen_linear ansible-playbook …`
-
diff --git a/playbooks/common.yml b/playbooks/common.yml
index e238dd7..3bd468d 100644
--- a/playbooks/common.yml
+++ b/playbooks/common.yml
@@ -1,14 +1,15 @@
 ---
 
-- hosts: all
+- name: "Setup base system"
+  hosts: all
   roles:
-  - base
-  - entropy
-  - guest_virt_tools
-  - selinux
-  - openssh
-  - admin_ssh_keys
-  - unattended_updates
-  - chrony
+    - base
+    - entropy
+    - guest_virt_tools
+    - selinux
+    - openssh
+    - admin_ssh_keys
+    - unattended_updates
+    - chrony
   tags: base
 
diff --git a/playbooks/mail.yml b/playbooks/mail.yml
index c4143c7..1bea4b8 100644
--- a/playbooks/mail.yml
+++ b/playbooks/mail.yml
@@ -1,6 +1,7 @@
 ---
 
-- hosts: beaker-project.osci.io
+- name: "Deploy Mail Services"
+  hosts: beaker-project.osci.io
   tasks:
     - name: "Install Postgrey"
       include_role:
diff --git a/playbooks/web.yml b/playbooks/web.yml
index 6939e6d..e62832c 100644
--- a/playbooks/web.yml
+++ b/playbooks/web.yml
@@ -1,24 +1,26 @@
 ---
 
-- hosts: beaker-project.osci.io
+- name: "Prepare data storage"
+  hosts: beaker-project.osci.io
   vars:
     device: /dev/vdb
   tasks:
     - name: "Add lvm on data disk"
-      filesystem:
+      community.general.filesystem:
         dev: "{{ device }}"
         fstype: lvm
 
     # use LVM in case we need to add more storage and divide it
     - name: "Create a volume group on data disk"
-      lvg:
+      community.general.lvg:
         pvs: "{{ device }}"
         vg: "{{ data_vg_name }}"
 
   tags: partitioning
 
 
-- hosts: beaker-project.osci.io
+- name: "Prepare NFS storage"
+  hosts: beaker-project.osci.io
   tasks:
     - name: "Install NFS tools"
       package:
@@ -26,7 +28,7 @@
         state: present
 
     - name: "Mount NFS storage"
-      mount:
+      ansible.posix.mount:
         src: "lucille.srv.osci.io:/{{ inventory_hostname }}"
         path: /srv/data
         fstype: nfs4
@@ -36,7 +38,8 @@
   tags: nfs
 
 
-- hosts: beaker-project.osci.io
+- name: "Deploy web services and artifacts upload area"
+  hosts: beaker-project.osci.io
   vars:
     website_domain: www.beaker-project.org
     document_root: "/var/www/{{ website_domain }}"
@@ -90,7 +93,7 @@
         state: installed
 
     - name: "Install sync SSH key"
-      authorized_key:
+      ansible.posix.authorized_key:
         key: "{{ uploader_key }}"
         user: "{{ uploader_login }}"
 
@@ -126,7 +129,7 @@
         comment: "Website RPM Import script User"
 
     - name: "Install SSH key for RPM Import user"
-      authorized_key:
+      ansible.posix.authorized_key:
         key: "{{ rpmimport_key }}"
         key_options: "command=\"sudo -H -u {{ uploader_login }} /usr/local/bin/rpm_import.sh\",no-port-forwarding,no-agent-forwarding,no-X11-forwarding"
         user: "{{ rpmimport_login }}"
@@ -170,7 +173,7 @@
       notify: reload httpd
 
     - name: "Allow httpd to server files on NFS"
-      seboolean:
+      ansible.posix.seboolean:
         name: httpd_use_nfs
         state: yes
         persistent: yes
diff --git a/requirements.yml b/requirements.yml
index 78f3e1f..2418d4b 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,30 +1,28 @@
 ---
-- src: git+https://github.com/OSAS/ansible-role-selinux.git
+- src: git+https://gitlab.com/osci/ansible-role-selinux.git
   name: selinux
-- src: git+https://github.com/OSAS/ansible-role-openssh.git
+- src: git+https://gitlab.com/osci/ansible-role-openssh.git
   name: openssh
-- src: git+https://gitlab.com/osas/ansible-role-tor.git
-  name: tor
-- src: git+https://gitlab.com/osas/ansible-role-entropy.git
+- src: git+https://gitlab.com/osci/ansible-role-entropy.git
   name: entropy
-- src: git+https://gitlab.com/osas/ansible-role-guest_virt_tools.git
+- src: git+https://gitlab.com/osci/ansible-role-guest_virt_tools.git
   name: guest_virt_tools
-- src: git+https://gitlab.com/osas/ansible-role-postfix.git
+- src: git+https://gitlab.com/osci/ansible-role-postfix.git
   name: postfix
-- src: git+https://gitlab.com/osas/ansible-role-postgrey.git
+- src: git+https://gitlab.com/osci/ansible-role-postgrey.git
   name: postgrey
-- src: git+https://gitlab.com/osas/ansible-role-spamassassin.git
+- src: git+https://gitlab.com/osci/ansible-role-spamassassin.git
   name: spamassassin
-- src: git+https://gitlab.com/osas/ansible-role-unattended_updates.git
+- src: git+https://gitlab.com/osci/ansible-role-unattended_updates.git
   name: unattended_updates
-- src: git+https://gitlab.com/osas/ansible-role-ah-httpd.git
+- src: git+https://gitlab.com/osci/ansible-role-ah-httpd.git
   name: httpd
-- src: git+https://gitlab.com/osas/ansible-role-chrony.git
+- src: git+https://gitlab.com/osci/ansible-role-chrony.git
   name: chrony
-- src: git+https://gitlab.com/osas/ansible-role-data_movebind.git
+- src: git+https://gitlab.com/osci/ansible-role-data_movebind.git
   name: data_movebind
-- src: https://github.com/OSAS/ansible-role-swap_file
+- src: git+https://gitlab.com/osci/ansible-role-swap_file.git
   name: swap_file
-- src: git+https://gitlab.com/OSAS/ansible-role-lvm_partition.git
+- src: git+https://gitlab.com/osci/ansible-role-lvm_partition.git
   name: lvm_partition
 
diff --git a/roles/admin_ssh_keys/tasks/main.yml b/roles/admin_ssh_keys/tasks/main.yml
index 5e7bcd8..3185a14 100644
--- a/roles/admin_ssh_keys/tasks/main.yml
+++ b/roles/admin_ssh_keys/tasks/main.yml
@@ -1,13 +1,13 @@
 ---
 
 - name: "Install root ssh keys"
-  authorized_key:
+  ansible.posix.authorized_key:
     user: root
     key: "{{ item }}"
   loop: "{{ ssh.used_keys }}"
 
 - name: "Remove old root ssh keys"
-  authorized_key:
+  ansible.posix.authorized_key:
     user: root
     key: "{{ item }}"
     state: absent
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 5d82df2..527c927 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -8,8 +8,6 @@
 
 - name: Disable fingerprint auth
   command: "authconfig --disablefingerprint --update"
-  args:
-    warn: False
   changed_when: True
   when: ansible_os_family == 'RedHat'
 
@@ -17,7 +15,7 @@
   block:
     - name: Tell NM to not care about DNS Settings
       # noqa risky-file-permissions
-      ini_file:
+      community.general.ini_file:
         path: /etc/NetworkManager/NetworkManager.conf
         section: main
         option: dns
@@ -128,7 +126,8 @@
     mode: 0644
   when: cloud_init.stat.isdir is defined and cloud_init.stat.isdir
 
-- block:
+- name: "Prepare firewall"
+  block:
     - name: install firewalld if available
       package:
         pkg: firewalld