Upgrade repo for Ubuntu 22.04. (#190)

* Upgrade repo for Ubuntu 22.04.

* Remove unnecessary Dockerfile from Molecule configuration.

* Add python3-distutils package required by Ubuntu 22.04.

* Use postgresql_privs module to set database user permissions.

* Update linting.

* Remove ntp from base packages installed as it is no longer necessary.

.ansible-lint

@@ -1,3 +1,12 @@
+---
+
 skip_list:
  - ANSIBLE0006
  - ANSIBLE0012
+ # TODO: Remove free-form from the repo.
+ - no-free-form
+ - name[missing]
+ # TODO: Fix this.
+ - name[casing]
+ # TODO: Test removing this from each task and see if there is a workaround.
+ - no-changed-when

.github/workflows/molecule.yml

@@ -7,12 +7,12 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version: [3.6, 3.7]
+        python-version: [3.9, "3.10", 3.11]
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies

.yamllint

@@ -1,3 +1,5 @@
+---
+
 extends: default
 
 rules:

README.md

@@ -23,7 +23,7 @@ Environment-specific settings are in the `group_vars` directory.
 A `certbot` role is also included for automatically generating and renewing
 trusted SSL certificates with [Let's Encrypt][lets-encrypt].
 
-**Tested with OS:** Ubuntu 18.04 LTS (64-bit), Ubuntu 16.04 LTS (64-bit).
+**Tested with OS:** Ubuntu 22.04 LTS (64-bit), Ubuntu 20.04 LTS (64-bit).
 
 **Tested with Cloud Providers:** [Digital Ocean][digital-ocean], [AWS][aws], [Rackspace][rackspace]
 
@@ -313,9 +313,9 @@ to run during deployment in most Django environments.
 
 ### Changing the Ubuntu release
 
-The [Vagrantfile](Vagrantfile) uses the Ubuntu 20.04 LTS Vagrant box for a
+The [Vagrantfile](Vagrantfile) uses the Ubuntu 22.04 LTS Vagrant box for a
 64-bit PC that is published by Canonical in HashiCorp Atlas. To use Ubuntu
-18.04 LTS instead, change the `config.vm.box` setting to `ubuntu/bionic64`.
+20.04 LTS instead, change the `config.vm.box` setting to `ubuntu/focal64`.
 
 ### Changing the Python version used by your application
 

Vagrantfile

@@ -5,7 +5,7 @@
 VAGRANTFILE_API_VERSION = "2"
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = "ubuntu/focal64"
+  config.vm.box = "ubuntu/jammy64"
   config.ssh.forward_agent = false
   config.vm.define "my-cool-app.local", primary: true do |app|
     app.vm.hostname = "my-cool-app"

dbservers.yml

@@ -9,7 +9,7 @@
     update_apt_cache: true
 
   module_defaults:
-    apt:
+    ansible.builtin.apt:
       force_apt_get: true
 
   roles:

docker/Dockerfile

@@ -1,5 +1,5 @@
 # Use the official Ubuntu 20.04 base image from the Docker repository
-FROM ubuntu:focal
+FROM ubuntu:jammy
 
 # Allow processes to detect that they are being run in a container
 ENV container oci

group_vars/development/vars.yml

@@ -11,7 +11,7 @@ application_name: django_default_project
 #
 # More info here: https://launchpad.net/~fkrull/+archive/ubuntu/deadsnakes
 enable_deadsnakes_ppa: true
-virtualenv_python_version: python3.9
+virtualenv_python_version: python3.11
 
 
 # Git settings.

molecule/default/converge.yml

@@ -1,11 +1,12 @@
 ---
 # See https://github.com/metacloud/molecule/issues/843#issuecomment-304710797
 # and https://github.com/metacloud/molecule/blob/v2/test/scenarios/driver/ec2/molecule/default/playbook.yml#L1-L13
-- hosts: all
+- name: Converge
+  hosts: all
   gather_facts: false
   tasks:
     - name: Install Python3 for Ansible
-      raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
+      ansible.builtin.raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-minimal)
       become: true
       changed_when: false
 
@@ -17,11 +18,11 @@
 
   tasks:
     - name: Install Python3
-      raw: apt-get install python3-minimal
+      ansible.builtin.raw: apt-get install python3-minimal
       changed_when: false
 
   module_defaults:
-    apt:
+    ansible.builtin.apt:
       force_apt_get: true
 
   roles:

molecule/default/molecule.yml

@@ -4,13 +4,16 @@ dependency:
 driver:
   name: docker
 lint: |
+  set -e
   yamllint .
+  ansible-lint
+  flake8
 platforms:
-  - name: instance-xenial
+  - name: instance-jammy
     groups:
       - vagrant
     image: ubuntu
-    image_version: xenial
+    image_version: jammy
     privileged: true
   - name: instance-focal
     groups:
@@ -20,14 +23,10 @@ platforms:
     privileged: true
 provisioner:
   name: ansible
-  lint:
-    name: ansible-lint
   env:
     ANSIBLE_ROLES_PATH: ../../roles/
   inventory:
     links:
       group_vars: ../../group_vars/
 verifier:
-  name: testinfra
-  lint:
-    name: flake8
+  name: ansible

requirements-dev.txt

@@ -1,6 +1,7 @@
 -r requirements.txt
 
-molecule==3.3.4
-molecule-docker==0.2.4
-testinfra==3.2.1
-yamllint==1.19.0
+ansible-lint==6.14.6
+flake8==3.9.1
+molecule==4.0.4
+molecule-docker==2.1.0
+yamllint==1.30.0

requirements.txt

@@ -1 +1 @@
-ansible==4.2.0
+ansible==7.4.0

roles/avahi/tasks/main.yml

@@ -1,8 +1,14 @@
 ---
 
 - name: Install the Avahi mDNS/DNS-SD daemon
-  apt: name=avahi-daemon update_cache={{ update_apt_cache }} state=present
+  ansible.builtin.apt:
+    name: avahi-daemon
+    update_cache: "{{ update_apt_cache }}"
+    state: present
   tags: packages
 
 - name: Ensure the Avahi mDNS/DNS-SD daemon is running
-  service: name=avahi-daemon state=started enabled=yes
+  ansible.builtin.service:
+    name: avahi-daemon
+    state: started
+    enabled: true

roles/base/tasks/create_swap_file.yml

@@ -1,38 +1,40 @@
 ---
 - name: Create swap file
-  command: dd if=/dev/zero of={{ swap_file_path }} bs=1024 count={{ swap_file_size_kb }}k
+  ansible.builtin.command: dd if=/dev/zero of={{ swap_file_path }} bs=1024 count={{ swap_file_size_kb }}k
            creates="{{ swap_file_path }}"
   tags: swap.file.create
 
 - name: Change swap file permissions
-  file: path="{{ swap_file_path }}"
-        owner=root
-        group=root
-        mode=0600
+  ansible.builtin.file:
+    path: "{{ swap_file_path }}"
+    owner: root
+    group: root
+    mode: "0600"
   tags: swap.file.permissions
 
 - name: Check swap file type
-  command: file {{ swap_file_path }}
+  ansible.builtin.command: file {{ swap_file_path }}
   register: swapfile
   tags: swap.file.mkswap
   changed_when: false
 
 - name: Make swap file
-  command: "mkswap {{ swap_file_path }}"
+  ansible.builtin.command: "mkswap {{ swap_file_path }}"
   when: swapfile.stdout.find('swap file') == -1
   tags: swap.file.mkswap
 
 - name: Write swap entry in fstab
-  mount: name=none
-         src={{ swap_file_path }}
-         fstype=swap
-         opts=sw
-         passno=0
-         dump=0
-         state=present
+  ansible.posix.mount:
+    name: none
+    src: "{{ swap_file_path }}"
+    fstype: swap
+    opts: sw
+    passno: 0
+    dump: 0
+    state: present
   tags: swap.fstab
 
 - name: Mount swap
-  command: "swapon {{ swap_file_path }}"
+  ansible.builtin.command: "swapon {{ swap_file_path }}"
   when: ansible_swaptotal_mb < 1
   tags: swap.file.swapon

roles/base/tasks/main.yml

@@ -1,26 +1,25 @@
 ---
 
-- include: create_swap_file.yml
+- ansible.builtin.import_tasks: create_swap_file.yml
   when: create_swap_file
   tags: swap
 
 - name: Install security updates
-  apt: default_release={{ ansible_distribution_release }}-security
+  ansible.builtin.apt: default_release={{ ansible_distribution_release }}-security
        update_cache={{ update_apt_cache }}
        upgrade=dist
   tags:
     - packages
     - skip_ansible_lint
 
 - name: Install base packages
-  apt:
+  ansible.builtin.apt:
     update_cache: "{{ update_apt_cache }}"
     state: present
     name:
       - locales
       - build-essential
       - acl
-      - ntp
       - htop
       - git
       - "{{ base_python_package }}-pip"
@@ -31,7 +30,7 @@
     - packages.security
 
 - name: Upgrade pip
-  pip: name=pip state=latest
+  ansible.builtin.pip: name=pip state=latest
   tags:
     - packages
     - skip_ansible_lint

roles/celery/handlers/main.yml

@@ -1,4 +1,4 @@
 ---
 
 - name: restart {{ celery_application_name }}
-  supervisorctl: name={{ celery_application_name }} state=restarted
+  community.general.supervisorctl: name={{ celery_application_name }} state=restarted

roles/celery/tasks/copy_scripts.yml

@@ -1,14 +1,14 @@
 ---
 
 - name: Create the folder for the celery scripts
-  file: path={{ celery_scripts_dir }}
+  ansible.builtin.file: path={{ celery_scripts_dir }}
         owner={{ celery_user }}
         group={{ celery_group }}
         mode=0774
         state=directory
 
-- name: Create the {{ celery_application_name }} script file
-  template: src={{ celery_template_file }}
+- name: Create the script file for {{ celery_application_name }}
+  ansible.builtin.template: src={{ celery_template_file }}
             dest={{ celery_scripts_dir }}/{{ celery_application_name }}_start
             owner={{ celery_user }}
             group={{ celery_group }}

roles/celery/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 
-- include: copy_scripts.yml
+- ansible.builtin.import_tasks: copy_scripts.yml
   tags: celery
 
-- include: setup_supervisor.yml
+- ansible.builtin.import_tasks: setup_supervisor.yml
   tags: celery

roles/celery/tasks/setup_supervisor.yml

@@ -1,42 +1,47 @@
 ---
 
 - name: Ensure the Supervisor service is running
-  service:
+  ansible.builtin.service:
     name: supervisor
     state: started
-    enabled: yes
+    enabled: true
     # TODO: This is likely due to a bug in Ansible.
     # Remove this line in the future.
     # See https://github.com/ansible/ansible/issues/75005
     use: sysvinit
 
 - name: Create the Supervisor config file for {{ celery_application_name }}
-  template: src=supervisor_{{ celery_application_name }}.conf.j2
+  ansible.builtin.template: src=supervisor_{{ celery_application_name }}.conf.j2
             dest=/etc/supervisor/conf.d/{{ celery_application_name }}.conf
+            mode=0644
 
-- name: Create the {{ celery_application_name }} log directory
-  file: path={{ celery_log_dir }}
-        owner={{ celery_user }}
-        group={{ celery_group }}
-        state=directory
+- name: Create the log directory for {{ celery_application_name }}
+  ansible.builtin.file:
+    path: "{{ celery_log_dir }}"
+    owner: "{{ celery_user }}"
+    group: "{{ celery_group }}"
+    state: directory
+    mode: "0644"
+  changed_when: false
 
 - name: Check for an existing celery logfile
-  stat:
+  ansible.builtin.stat:
     path: "{{ celery_log_file }}"
   register: p
 
-- name: Create (or retain) the {{ celery_application_name }} log file
+- name: Create (or retain) the log file for {{ celery_application_name }}
   # Removing until https://github.com/ansible/ansible/issues/45530 gets resolved.
-  # copy: content=""
+  # ansible.builtin.copy: content=""
   #       dest={{ celery_log_file }}
   #       owner={{ celery_user }}
   #       group={{ celery_group }}
   #       force=no
-  file:
+  ansible.builtin.file:
     path: "{{ celery_log_file }}"
     owner: "{{ celery_user }}"
     group: "{{ celery_group }}"
-    state: '{{ "file" if  p.stat.exists else "touch" }}'
+    state: '{{ "file" if p.stat.exists else "touch" }}'
+    mode: "0644"
 
 - name: Re-read the Supervisor config files
-  supervisorctl: name={{ celery_application_name }} state=present
+  community.general.supervisorctl: name={{ celery_application_name }} state=present