AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on NetBSD 10 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate NetBSD 10 servers with Ansible: pkgin, rc.conf, npf firewall, ZFS, and NetBSD-specific automation patterns.

NetBSD 10 (March 2024) is the portable, minimal BSD that runs on more architectures than any other operating system in the world. It ships pkgsrc/pkgin for binary packages, npf firewall, optional ZFS, and remains lean on resources. Ansible's role on NetBSD is to make these otherwise hand-tuned systems reproducible.

NetBSD 10 release facts

| Item | Value | |---|---| | Release | 2024-03-28 | | Architectures | 50+ (i386, amd64, arm, sparc64, ppc, ...) | | Package tool | pkgin (pkgsrc binaries) | | Init | rc.d | | Firewall | npf |

See also: Ansible on FreeBSD 14 Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS. Bootstrap Python via pkgin:

pkgin -y install python311 py311-pip
[netbsd10]
nbsd10-01.example.com

[netbsd10:vars]
ansible_user=root
ansible_python_interpreter=/usr/pkg/bin/python3.11

Baseline playbook

- name: NetBSD 10 baseline
  hosts: netbsd10
  tasks:
    - name: Update pkgin DB
      community.general.pkgin:
        update_cache: true

- name: Upgrade all
      community.general.pkgin:
        upgrade: true


- name: Install baseline packages
      community.general.pkgin:
        name:
          - vim
          - curl
          - tmux
          - sudo
          - bash
          - rsync
          - htop
        state: present

See also: Ansible AWS: Complete Guide to Cloud Automation (2026)

rc.conf

- name: Configure /etc/rc.conf
  hosts: netbsd10
  tasks:
    - name: Enable sshd
      ansible.builtin.lineinfile:
        path: /etc/rc.conf
        regexp: '^sshd='
        line: 'sshd=YES'

- name: Set hostname
      ansible.builtin.lineinfile:
        path: /etc/rc.conf
        regexp: '^hostname='
        line: 'hostname={{ inventory_hostname }}'


- name: NTP
      ansible.builtin.lineinfile:
        path: /etc/rc.conf
        regexp: '^ntpd='
        line: 'ntpd=YES'

npf firewall

- name: Configure npf
  hosts: netbsd10
  handlers:
    - name: reload npf
      ansible.builtin.command: npfctl reload
  tasks:
    - name: Drop npf.conf
      ansible.builtin.copy:
        dest: /etc/npf.conf
        mode: "0600"
        content: |
          $ext_if = "wm0"
          group default {
              pass final on lo0 all
              pass stateful in final family inet proto tcp to $ext_if port { 22, 443 }
              pass stateful out final all
              block all
          }
      notify: reload npf

- name: Enable npf
      ansible.builtin.lineinfile:
        path: /etc/rc.conf
        regexp: '^npf='
        line: 'npf=YES'

See also: Ansible Become: Privilege Escalation with sudo, su & runas (Complete Guide)

Patching

- name: Apply NetBSD security branch updates
  hosts: netbsd10
  tasks:
    - name: pkgin upgrade
      community.general.pkgin: { upgrade: true }

- name: Sync sources & build (lab only)
      ansible.builtin.command: cvs -d :pserver:anoncvs@anoncvs.netbsd.org:/cvsroot up -d -P
      args: { chdir: /usr/src }
      when: 'rebuild_world | default(false)'

Best practices

• Use pkgin binary packages whenever possible — building pkgsrc from source is slow on small hardware. • Keep architecture-specific groups in inventory ([netbsd10_arm], [netbsd10_amd64]) and conditionalize tasks. • Test playbooks in anita or QEMU before applying on production hardware.

Conclusion

NetBSD 10 + Ansible covers the niche of portable BSD automation. With community.general.pkgin, lineinfile for rc.conf, and copy-driven npf rules, you can ship reproducible NetBSD systems across dozens of architectures.

Installing Ansible on NetBSD 10

# Install Python and pip via pkgsrc
pkgin install python311 py311-pip

# Install Ansible
pip3.11 install ansible


# Verify
ansible --version

NetBSD Package Management with Ansible

- name: Manage NetBSD packages
  hosts: netbsd
  become: true
  vars:
    ansible_python_interpreter: /usr/pkg/bin/python3.11
  tasks:
    - name: Install packages via pkgin
      ansible.builtin.command: pkgin -y install {{ item }}
      loop:
        - nginx
        - git
        - curl
        - tmux
      register: result
      changed_when: "'installed' in result.stdout"

- name: Update all packages
      ansible.builtin.command: pkgin -y upgrade
      register: upgrade_result
      changed_when: "'upgraded' in upgrade_result.stdout"

NetBSD Service Management

    - name: Enable services in rc.conf
      ansible.builtin.lineinfile:
        path: /etc/rc.conf
        regexp: "^{{ item }}="
        line: '{{ item }}=YES'
      loop:
        - sshd
        - nginx

- name: Start nginx
      ansible.builtin.service:
        name: nginx
        state: started

NetBSD Network Configuration

    - name: Configure network interface
      ansible.builtin.template:
        src: ifconfig.j2
        dest: /etc/ifconfig.vioif0
        owner: root
        group: wheel
        mode: '0644'

- name: Set hostname
      ansible.builtin.lineinfile:
        path: /etc/rc.conf
        regexp: "^hostname="
        line: 'hostname="{{ inventory_hostname }}"'

FAQ

Does Ansible fully support NetBSD?

Ansible works on NetBSD via SSH with Python installed. Some modules (like ansible.builtin.package) may not auto-detect pkgin, so use ansible.builtin.command with pkgin for package management.

What Python version should I use on NetBSD 10?

Python 3.11 is recommended. Install via pkgin install python311 and set ansible_python_interpreter: /usr/pkg/bin/python3.11.

How is NetBSD different from FreeBSD for Ansible?

NetBSD uses pkgsrc/pkgin instead of pkg. Service management uses /etc/rc.conf similarly, but the init system differs. Network interface names also vary (e.g., vioif0 on NetBSD vs vtnet0 on FreeBSD).

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home