Getting started

Example inventory
Example playbook
Password protection

Example inventory 

To manage GRUB on a given host or a set of hosts, they need to be added to the [debops_service_grub] Ansible group in the inventory:

[debops_service_grub]
hostname

Example playbook 

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.grub role:

---

- name: Configure GRUB
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_service_grub' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: grub
      tags: [ 'role::grub', 'skip::grub' ]

Password protection 

To enable password protection, simply define a superuser like this:

grub__users:
  - name: 'su'
    password: 'NBLWAThUq5'
    superuser: True

The password will be hashed and salted on the Ansible controller and only the salted hash will be configured in the GRUB configuration.

With this change, GRUB will require authentication when attempting to change boot options or invoking a recovery shell. Booting menu entries will not require authentication so this configuration should be safe for normal operation.

Read the Docs v: stable-3.0

Versions: master; latest; stable-3.1; stable-3.0; stable-2.3; stable-2.2; stable-2.1

Downloads

On Read the Docs: Project Home; Builds