Notes on how I use Ansible with OpenBSD (2024-03-04)

There are probably better ways to do some things but this works for me right now. I will update things as I learn more.

Ansible vault

Using a file called passwords.enc.

• Encrypt using ansible-vault encrypt passwords.enc
• To update ansible-vault edit passwords.enc

Hosts file

The name of the hosts are from .ssh/config. And passwords are stored in Ansible vault.

openbsd: # Group of hosts
  hosts:
    nod1: # Hostname
      # Host specific variable
      ansible_become_password: "{{ nod1_pwd }}"
    nod2:
      ansible_become_password: "{{ nod2_pwd }}"
  vars: # Shared vars for group
    ansible_python_interpeter: ['/usr/local/bin/python3']
    ansible_connection: ssh
    ansible_user: erik
    ansible_become_user: root
    ansible_become_method: doas
    ansible_perl_interpreter: /usr/local/bin/perl

Running a playbook

• ansible-playbook -i my_hosts.yml -e @passwords.enc --ask-vault-pass [PLAYBOOK]

Running any command

• ansible all -i my_hosts.yml -e @passwords.enc --ask-vault-pass -a "ls"

Writing a playbook

- hosts: # Hostnames or group
  - nod1
  gather_facts: false # Need to figure this out...
  become: true # doas for all tasks
  tasks:
    - command: whoami
      become: true # doas for this task
  # Other commands
  # community.general.openbsd_pkg install OpenBSD packages
  # ansible.buitin.user manage users
  # ansible.buitin.group manage groups
  # ansible.buitin.file manage file permissons
  # ansible.buitin.copy copy a file
  # ansible.buitin.template execute a file template