ansible: migrate centos 7 -> rocky 9

.nvmrc

@@ -1 +1 @@
-18.12.0
+20.12.0

ansible/roles/app/handlers/main.yml

@@ -2,4 +2,6 @@
   command: systemctl daemon-reload
 
 - name: restart sataako
-  service: name=sataako state=restarted
+  service:
+    name: sataako
+    state: restarted

ansible/roles/app/tasks/main.yml

@@ -41,9 +41,6 @@
     - reload systemctl
     - restart sataako
 
-- name: enable service
-  service: name=sataako enabled=yes
-
 - name: create cache directory
   file:
     path: /var/run/sataako
@@ -56,4 +53,10 @@
   copy:
     src: sataako.conf
     dest: /etc/tmpfiles.d/
-    mode: '0644'
+    mode: '0644'
+
+- name: enable and starat sataako.fi app
+  service:
+    name: sataako
+    state: started
+    enabled: yes

ansible/roles/app/templates/sataako.service.j2

@@ -5,13 +5,12 @@ After=network.target
 
 [Service]
 Environment="NODE_ENV=production"
-Environment="LD_PRELOAD=/usr/lib64/libjemalloc.so.1"
-ExecStart=/bin/node --max-old-space-size=256 src/app.js
+ExecStart=/bin/node --max-old-space-size=512 src/app.js
 Restart=always
 RestartSec=10
 User=sataako
 Group=sataako
 WorkingDirectory=/home/sataako/app
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target

ansible/roles/nginx/handlers/main.yml

@@ -1,2 +1,4 @@
 - name: restart nginx
-  service: name=nginx state=restarted
+  service:
+    name: nginx
+    state: restarted

ansible/roles/nginx/tasks/main.yml

@@ -1,13 +1,16 @@
-- name: install packages
+- name: install nginx, and epel repository (for certbot)
   package:
-    name: "{{ item }}"
+    name:
+      - epel-release
+      - nginx
+    state: latest
+
+- name: install certbot
+  package:
+    name:
+      - certbot
+      - python3-certbot-nginx
     state: latest
-    lock_timeout: 180
-  with_items:
-    - nano
-    - nginx
-    - certbot
-    - python2-certbot-nginx
 
 - name: create nginx site configuration
   template:
@@ -19,12 +22,14 @@
   notify:
     - restart nginx
 
-- name: create cron job for renewing the SSL certificate
-  cron:
-    name: "certbot renew"
-    minute: "0"
-    hour: "0,12"
-    job: "python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew"
+- name: enable and start nginx
+  service:
+    name: nginx
+    state: started
+    enabled: yes
 
-- name: ensure nginx is running (and enable it at boot)
-  service: name=nginx state=started enabled=yes
+- name: enable and start certbot renewal timer
+  service:
+    name: certbot-renew.timer
+    state: started
+    enabled: yes

ansible/roles/nodejs/tasks/main.yml

@@ -1,10 +1,7 @@
-- name: install packages
+- name: enable Node.js v20 module
+  shell: dnf module enable nodejs:20
+
+- name: install Node.js
   package:
-    name: "{{ item }}"
+    name: nodejs
     state: latest
-    lock_timeout: 180
-  with_items:
-    - gcc-c++
-    - make
-    - nodejs
-    - jemalloc

ansible/roles/os/handlers/main.yml

@@ -1,2 +1,4 @@
 - name: restart firewalld
-  service: name=firewalld state=restarted
+  service:
+    name: firewalld
+    state: restarted

ansible/roles/os/tasks/main.yml

@@ -1,42 +1,25 @@
-- name: add epel-release rpm repository
-  yum:
-    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    state: present
-    lock_timeout: 180
-
-- name: add nodesource rpm repository
-  yum:
-    name: https://rpm.nodesource.com/pub_18.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm
-    state: present
-    lock_timeout: 180
-
-- name: add nginx rpm repository
-  yum_repository:
-    name: nginx-stable
-    description: nginx stable
-    baseurl: http://nginx.org/packages/mainline/centos/7/$basearch/
-    gpgkey: https://nginx.org/keys/nginx_signing.key
-    gpgcheck: yes
-
 - name: upgrade all packages
   yum:
     name: '*'
     state: latest
-    lock_timeout: 180
 
 - name: set timezone
   timezone:
     name: Europe/Helsinki
 
+- name: install nano
+  package:
+    name: nano
+    state: latest
+
 - name: install firewalld
   package:
     name: firewalld
     state: latest
-    lock_timeout: 180
   notify:
     - restart firewalld
 
-- name: configure firewalld
+- name: allow http, https and ssh through firewall
   firewalld:
     service: "{{ item }}"
     permanent: yes
@@ -48,5 +31,8 @@
   notify:
     - restart firewalld
 
-- name: ensure firewalld is running (and enable it at boot)
-  service: name=firewalld state=started enabled=yes
+- name: enable and start firewalld
+  service:
+    name: firewalld
+    state: started
+    enabled: yes