debops.grub default variables

General GRUB options

grub_save_options

Preserve all original kernel options.

grub_save_options: True
grub_kernel_options

Kernel options. If grub_save_options is true they will be appended after original options.

grub_kernel_options: []
grub_dependent_kernel_options

List of kernel options used when debops.grub role is used as a role dependency. Options listed here will be saved in Ansible local facts for idempotency.

grub_dependent_kernel_options: []
grub_default

By default the first GRUB menu option is active and it will be booted. If you specify your own parameter, it will be used instead.

grub_default: ''
grub_dependent_default

Other roles that use debops.grub as a role dependency, can use this variable to override the default menu option. It will be stored in Ansible local facts to preserve idempotency. grub_default will override this variable.

grub_dependent_default: ''
grub_timeout_hardware

GRUB timeout for hardware-based devices.

grub_timeout_hardware: 5
grub_timeout_virtual

GRUB timeout for virtual devices.

grub_timeout_virtual: 1
grub_hidden_timeout

GRUB timeout to wait for a key to be pressed to show the menu. Set to false to not set a hidden timeout and show the menu without pressing a key first.

grub_hidden_timeout: '{{ 0 if ansible_distribution in ["Ubuntu"] else False }}'
grub_hidden_timeout_quiet

Suppress the countdown while waiting for a key to show the menu.

grub_hidden_timeout_quiet: 'true'
grub_terminal

GRUB terminal(s) to use. Set to false to use the platform specific default.

grub_terminal: '{{ "serial console" if grub_serial_console else False }}'
grub_custom_options

Additional GRUB options specified as a YAML text block.

grub_custom_options: ''

Serial console configuration

grub_serial_console

Enable serial console (in both grub and kernel)

grub_serial_console: False
grub_serial_console_unit

Serial port to enable console on (eg. ttyS0 => 0, ttyS1 => 1)

grub_serial_console_unit: 0
grub_serial_console_speed

Speed of the serial port. Other parameters (8 bits, no parity, 1 stop bit are hardcoded)

grub_serial_console_speed: 115200

Security and users

grub_users

Global list of GRUB users.

grub_users: []
grub_group_users

Host group list of GRUB users.

grub_group_users: []
grub_host_users

Host list of GRUB users.

grub_host_users: []
grub_combined_users

Combined list as it is used internally by the role list of GRUB users. If this list is empty no users will created and thus leaving GRUB without password protection.

grub_combined_users: '{{ grub_users + grub_group_users + grub_host_users }}'
grub_menuentry_access

This option only takes effect when there is at least one user defined.

Default access level for all menu entries generated by /etc/grub.d/10_linux (which are the Linux images in your /boot directory).

It defaults to '--unrestricted' which allows to boot those menu entries without the need for authentication by entering a password. Editing or a recovery shell still require authentication.

Another option is '--users '$username1 $username2' to only allow those users to boot the entry.

Using an empty string will result in the need to authenticate also for booting those entries.

grub_menuentry_access: '--unrestricted'
grub_iter_time

Number of PBKDF2 iterations. Corresponds with the --iteration-count parameter.

The current default of grub-mkpasswd-pbkdf2 is 10000 iterations. Set to default to use the compiled-in default of grub-mkpasswd-pbkdf2.

grub_iter_time: 'default'
grub_salt_length

Length of the Salt in characters. One unique salt will be generated for each host. Corresponds with the --salt parameter.

The current default of grub-mkpasswd-pbkdf2 is 64 characters. Set to default to use the compiled-in default of grub-mkpasswd-pbkdf2.

grub_salt_length: 'default'
grub_hash_length

Length of generated hash in characters. Corresponds with the --buflen parameter.

The current default of grub-mkpasswd-pbkdf2 is 64 characters. Set to default to use the compiled-in default of grub-mkpasswd-pbkdf2.

grub_hash_length: 'default'