diff --git a/roles/wsgi_website/tasks/main.yml b/roles/wsgi_website/tasks/main.yml index d2d9a8f521a4767f6112386b2a7e8094a7c33ccd..bc3d8493041e42bbf38218b8ecc5ef5e791c310c 100644 --- a/roles/wsgi_website/tasks/main.yml +++ b/roles/wsgi_website/tasks/main.yml @@ -1,23 +1,23 @@ --- - name: Create WSGI website group - group: + ansible.builtin.group: name: "{{ user }}" gid: "{{ uid | default(omit) }}" state: present - name: Create WSGI website admin user - user: + ansible.builtin.user: name: "{{ admin }}" uid: "{{ admin_uid | default(omit) }}" group: "{{ user }}" - shell: /bin/bash + ansible.builtin.shell: /bin/bash createhome: true home: "{{ home }}" state: present - name: Set-up directory for storing user profile configuration files - file: + ansible.builtin.file: path: "{{ home }}/.profile.d" state: directory owner: "{{ admin }}" @@ -25,7 +25,7 @@ mode: "0750" - name: Deploy profile configuration file for auto-activating the virtual environment - copy: + ansible.builtin.copy: src: "profile_virtualenv.sh" dest: "{{ home }}/.profile.d/virtualenv.sh" owner: root @@ -33,7 +33,7 @@ mode: "0640" - name: Deploy profile configuration file for setting environment variables - template: + ansible.builtin.template: src: "environment.sh.j2" dest: "{{ home }}/.profile.d/environment.sh" owner: root @@ -41,7 +41,7 @@ mode: "0640" - name: Create WSGI website user - user: + ansible.builtin.user: name: "{{ user }}" uid: "{{ uid | default(omit) }}" group: "{{ user }}" @@ -53,10 +53,10 @@ # This is a workaround for a rather stupid bug that Debian seems # uninterested to backport - # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865762 - shell: /bin/sh + ansible.builtin.shell: /bin/sh - name: Add nginx user to website group - user: + ansible.builtin.user: name: www-data groups: "{{ user }}" append: true @@ -66,7 +66,7 @@ # Ownership set to root so Postfix would not check if correct user owns the # file. - name: Set-up forwarding for mails delivered to local application user/admin - template: + ansible.builtin.template: src: "forward.j2" dest: "{{ home }}/.forward" owner: root @@ -74,7 +74,7 @@ mode: "0640" - name: Install extra packages for website - apt: + ansible.builtin.apt: name: "{{ packages }}" state: present register: install_extra_packages @@ -82,7 +82,7 @@ - Restart WSGI services - name: Retrieve requested Python interpreter version - command: + ansible.builtin.command: argv: - "{{ python_interpreter }}" - "-c" @@ -91,7 +91,7 @@ register: python_interpreter_version - name: Retrieve virtual environment Python interpreter version (if initialised) - command: + ansible.builtin.command: argv: - "{{ home }}/virtualenv/bin/python" - "-c" @@ -102,7 +102,7 @@ register: virtualenv_python_version - name: Retrieve virtual environment prompt - command: + ansible.builtin.command: argv: - "bash" - "-c" @@ -112,7 +112,7 @@ register: current_virtualenv_prompt - name: Remove virtual environment in case of mismatches - file: + ansible.builtin.file: path: "{{ home }}/virtualenv" state: absent when: | @@ -123,7 +123,7 @@ - Restart WSGI services - name: Create directory for storing the Python virtual environment - file: + ansible.builtin.file: path: "{{ home }}/virtualenv" state: directory owner: "{{ admin }}" @@ -131,14 +131,14 @@ mode: "02750" - name: Create Python virtual environment - command: '/usr/bin/virtualenv --python "{{ python_interpreter }}" --prompt "{{ virtualenv_prompt }}" "{{ home }}/virtualenv"' + ansible.builtin.command: '/usr/bin/virtualenv --python "{{ python_interpreter }}" --prompt "{{ virtualenv_prompt }}" "{{ home }}/virtualenv"' args: creates: "{{ home }}/virtualenv/bin/{{ python_interpreter | basename }}" become: true become_user: "{{ admin }}" - name: Configure project directory for the Python virtual environment - template: + ansible.builtin.template: src: "venv_project.j2" dest: "{{ home }}/virtualenv/.project" owner: "{{ admin }}" @@ -146,7 +146,7 @@ mode: "0640" - name: Deploy virtualenv wrapper - template: + ansible.builtin.template: src: "venv_exec.j2" dest: "{{ home }}/virtualenv/bin/exec" owner: "{{ admin }}" @@ -154,7 +154,7 @@ mode: "0750" - name: Set-up directory for storing requirements file for upgrade checks - file: + ansible.builtin.file: path: "{{ pip_check_requirements_upgrades_directory }}/{{ fqdn }}" state: directory owner: root @@ -162,7 +162,7 @@ mode: "0750" - name: Deploy WSGI requirements files for upgrade checks - template: + ansible.builtin.template: src: "{{ item }}.j2" dest: "{{ pip_check_requirements_upgrades_directory }}/{{ fqdn }}/{{ item }}" owner: root @@ -173,7 +173,7 @@ - wsgi_requirements.txt - name: Deploy Gunicorn requirements file for installation purposes - template: + ansible.builtin.template: src: "wsgi_requirements.txt.j2" dest: "{{ home }}/.wsgi_requirements.txt" owner: "{{ admin }}" @@ -183,7 +183,7 @@ - name: Install Gunicorn via requirements file become: true become_user: "{{ admin }}" - pip: + ansible.builtin.pip: requirements: "{{ home }}/.wsgi_requirements.txt" state: present virtualenv: "{{ home }}/virtualenv" @@ -194,7 +194,7 @@ - name: Install additional packages in Python virtual environment become: true become_user: "{{ admin }}" - pip: + ansible.builtin.pip: name: "{{ virtualenv_packages }}" state: present virtualenv: "{{ home }}/virtualenv" @@ -204,7 +204,7 @@ - Restart WSGI services - name: Deploy systemd socket configuration for website - template: + ansible.builtin.template: src: "systemd_wsgi_website.socket.j2" dest: "/etc/systemd/system/{{ fqdn }}.socket" owner: root @@ -216,7 +216,7 @@ - Restart WSGI services - name: Deploy systemd service configuration for website - template: + ansible.builtin.template: src: "systemd_wsgi_website.service.j2" dest: "/etc/systemd/system/{{ fqdn }}.service" owner: root @@ -228,13 +228,13 @@ - Restart WSGI services - name: Enable the website service - service: + ansible.builtin.service: name: "{{ fqdn }}" enabled: true state: started - name: Create directory where static files can be served from - file: + ansible.builtin.file: path: "{{ home }}/htdocs/" state: directory owner: "{{ admin }}" @@ -242,7 +242,7 @@ mode: "02750" - name: Deploy nginx TLS private key for website - copy: + ansible.builtin.copy: dest: "/etc/ssl/private/{{ fqdn }}_https.key" content: "{{ https_tls_key }}" owner: root @@ -252,7 +252,7 @@ - Restart nginx - name: Deploy nginx TLS certificate for website - copy: + ansible.builtin.copy: dest: "/etc/ssl/certs/{{ fqdn }}_https.pem" content: "{{ https_tls_certificate }}" owner: root @@ -262,7 +262,7 @@ - Restart nginx - name: Deploy configuration file for checking certificate validity via cron - copy: + ansible.builtin.copy: content: "/etc/ssl/certs/{{ fqdn }}_https.pem" dest: "/etc/check_certificate/{{ fqdn }}_https.conf" owner: root @@ -270,7 +270,7 @@ mode: "0644" - name: Deploy nginx configuration file for website - template: + ansible.builtin.template: src: "nginx_site.j2" dest: "/etc/nginx/sites-available/{{ fqdn }}" owner: root @@ -281,7 +281,7 @@ - Restart nginx - name: Enable nginx website - file: + ansible.builtin.file: src: "/etc/nginx/sites-available/{{ fqdn }}" dest: "/etc/nginx/sites-enabled/{{ fqdn }}" state: link @@ -289,7 +289,7 @@ - Restart nginx - name: Set-up empty list of WSGI services to restart - set_fact: + ansible.builtin.set_fact: wsgi_services_to_restart: [] when: "wsgi_services_to_restart is not defined" tags: @@ -299,7 +299,7 @@ # [no-handler] Tasks that run when changed should likely be handlers # This specific task is used in order to work around inability of Ansible # to provide properly parametrised handlers for reusable roles. - set_fact: + ansible.builtin.set_fact: wsgi_services_to_restart: "{{ wsgi_services_to_restart + [fqdn] }}" when: | fqdn not in wsgi_services_to_restart and @@ -313,7 +313,7 @@ - handlers - name: Explicitly run all handlers - include_tasks: ../handlers/main.yml + ansible.builtin.include_tasks: ../handlers/main.yml when: "run_handlers | default(False) | bool()" tags: - handlers