Frank Beuth writes: > Yes, and being able to Ansible-manage even the re-installation would make the > whole process that much nicer :)
Ansible is not the correct tool for this job; it can only configure and maintain an _extant_ system. None of the recent plethora of configuration management tools have considered the scenario *before* an operating system has been installed. All of them expect the server to exist and for secured communication channels to have been established between it and the master control system before they are operable. The vast majory seem to solve this problem with the moral equivalent of blindly saying "yes" to ssh's unexpected-fingerprint prompt. If you wish to head down that rabbit-hole then best of luck to you. FWIW I'm working on-and-off on a tool which specifically automates *that* problem (build a new server/vm/chroot with zero human interaction so Ansible et al. can subsequently and safely take over) but what I've released so far is alpha quality at best. Conveniently if you're only targetting OpenBSD then it's entirely useless because, provided you can use PXE*, the OpenBSD developers have already solved it. Without Ansible. Matthew [*] The autoinstall/siteXX.tgz/etc. solution provided by the OpenBSD developers is very good but there are some questions I have around integrity on a potentially untrusted network. However as I'm trying to target more than just OpenBSD, and I don't trust any network, I've simply abandoned the idea of using PXE in my own environments so I haven't looked into the answers to them. YMMV.