debops.grub default variables
GRUB configuration options
These variables define the contents of the
/etc/default/grub.d/ansible.cfg
configuration file which is used to
generate GRUB configuration in /boot/grub/grub.cfg
. Option names
don't contain the GRUB_
prefix and will be converted to uppercase in the
final configuration file.
See grub__configuration for more details about the syntax.
- grub__original_configuration
This variable contains original configuration present in the GRUB configuration file on Debian/Ubuntu hosts.
grub__original_configuration:
- name: 'default'
value: 0
quote: False
- name: 'hidden_timeout'
value: 0
state: '{{ "present" if (ansible_distribution == "Ubuntu") else "ignore" }}'
- name: 'hidden_timeout_quiet'
value: True
state: '{{ "present" if (ansible_distribution == "Ubuntu") else "ignore" }}'
- name: 'timeout'
value: 5
quote: False
- name: 'distributor'
value: '`lsb_release -i -s 2> /dev/null || echo Debian`'
quote: False
- name: 'cmdline_linux_default'
value: []
original: True
- name: 'cmdline_linux'
value: []
original: True
- name: 'badram'
comment: |
Uncomment to enable BadRAM filtering, modify to suit your needs
This works with Linux (no patch required) and with any kernel that obtains
the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
value: '0x01234567,0xfefefefe,0x89abcdef,0xefefefef'
state: 'comment'
- name: 'terminal'
comment: 'Uncomment to disable graphical terminal (grub-pc only)'
value: 'console'
state: 'comment'
quote: False
- name: 'gfxmode'
comment: |
The resolution used on graphical terminal
note that you can use only modes which your graphic card supports via VBE
you can see them in real GRUB with the command `vbeinfo'
value: '640x480'
state: 'comment'
quote: False
- name: 'disable_linux_uuid'
comment: "Uncomment if you don't want GRUB to pass \"root=UUID=xxx\" parameter to Linux"
value: True
state: 'comment'
quote: False
- name: 'disable_recovery'
comment: 'Uncomment to disable generation of recovery mode menu entries'
value: True
state: 'comment'
- name: 'init_tune'
comment: 'Uncomment to get a beep at grub start'
value: '480 440 1'
state: 'comment'
- grub__fact_configuration
This variable contains configuration based on the Ansible local facts of a given host. This is used to keep the list of kernel parameters idempotent and preserve the original parameters on first run of the role.
grub__fact_configuration:
- name: 'default'
value: '{{ ansible_local.grub.default | d("0") }}'
- name: 'cmdline_linux_default'
value: '{{ ansible_local.grub.cmdline_default | d([]) }}'
- name: 'cmdline_linux'
value: '{{ ansible_local.grub.cmdline | d([]) }}'
- grub__default_configuration
This variable contains custom GRUB configuration defined by the role.
grub__default_configuration:
# Set the default GRUB timeout depending on the host type (hardware or
# virtual machine) to allow for faster booting of VMs
- name: 'timeout'
value: '{{ grub__timeout_hardware
if (ansible_virtualization_role is undefined or
ansible_virtualization_role not in ["guest"])
else grub__timeout_virtual }}'
# Enable support for cgroup memory management, useful for LXC/Docker
# containers
- name: 'cmdline_linux_default'
value:
- 'cgroup_enable=memory'
- 'swapaccount=1'
# Disable I/O scheduler in virtual machines for better performance
- name: 'cmdline_linux_default'
value: [ 'elevator=noop' ]
state: '{{ "present" if (ansible_virtualization_role | d() == "guest") else "ignore" }}'
# Activate GRUB serial console support when requested
- name: 'terminal'
comment: 'Uncomment to disable graphical terminal (grub-pc only)'
value: 'console serial'
quote: True
state: '{{ "present" if grub__serial_console | bool else "ignore" }}'
# Specify additional parameters for the 'serial' GRUB command
- name: 'serial_command'
value: 'serial --unit={{ grub__serial_console_unit }} --speed={{ grub__serial_console_speed }} --word=8 --parity=no --stop=1'
state: '{{ "present" if grub__serial_console | bool else "ignore" }}'
# Configure serial console in Linux kernel when requested. The last device
# will be used for /dev/console, which has been set to tty0 (the foreground
# virtual console) to enable output to the VGA console as well.
- name: 'cmdline_linux_default'
value:
- '{{ "console=ttyS{},{}n8".format(grub__serial_console_unit, grub__serial_console_speed) }}'
- 'console=tty0'
state: '{{ "present" if grub__serial_console | bool else "ignore" }}'
# Activate custom hack for menu entry access restrictions when requested
- name: 'linux_menuentry_class_additional'
comment: |
Needs to be exported until it is patched upstream.
FIXME: Remove `export` when patched upstream has reached Debian stable.
Currently unlikely because the patch was not accepted upstream.
value: '{{ grub__menuentry_access }}'
state: '{{ "present"
if (grub__combined_users | length > 0 and
grub__menuentry_access is string)
else "absent" }}'
export: True
- grub__configuration
This variable contains GRUB configuration which should be applied on all hosts in the Ansible inventory.
grub__configuration: []
- grub__group_configuration
This variable contains GRUB configuration which should be applied on hosts in a specific Ansible inventory group.
grub__group_configuration: []
- grub__host_configuration
This variable contains GRUB configuration which should be applied on specific hosts in the Ansible inventory.
grub__host_configuration: []
- grub__dependent_configuration
This variable contains GRUB configuration specified by other Ansible roles using role dependent variables.
grub__dependent_configuration: []
- grub__combined_configuration
This variable combines all of the configuration variables in a specific order which defines the hierarchy. It's used in the final configuration template.
grub__combined_configuration: '{{ grub__original_configuration
+ grub__fact_configuration
+ grub__default_configuration
+ lookup("flattened",
grub__dependent_configuration,
wantlist=True)
+ grub__configuration
+ grub__group_configuration
+ grub__host_configuration }}'
Serial console configuration
- grub__serial_console
Enable serial console (in both grub and kernel)
grub__serial_console: True
- grub__serial_console_unit
Serial port to enable console on (eg. ttyS0 => 0, ttyS1 => 1)
grub__serial_console_unit: 0
- grub__serial_console_speed
Speed of the serial port. Other parameters (8 bits, no parity, 1 stop bit are hardcoded)
grub__serial_console_speed: 115200
Timeouts
- grub__timeout_hardware
GRUB timeout for hardware-based devices.
grub__timeout_hardware: 5
- grub__timeout_virtual
GRUB timeout for virtual devices.
grub__timeout_virtual: 1
Security and users
- grub__users
Global list of GRUB users.
grub__users: []
- grub__group_users
Host group list of GRUB users.
grub__group_users: []
- grub__host_users
Host list of GRUB users.
grub__host_users: []
- grub__combined_users
Combined list as it is used internally by the role list of GRUB users. If this list is empty no users will created and thus leaving GRUB without password protection.
grub__combined_users: '{{ grub__users + grub__group_users + grub__host_users }}'
This option only takes effect when there is at least one user defined.
Default access level for all menu entries generated by
/etc/grub.d/10_linux
(which are the Linux images in your /boot
directory).
It defaults to '--unrestricted' which allows to boot those menu entries without the need for authentication by entering a password. Editing or a recovery shell still require authentication.
Another option is '--users '$username1 $username2' to only allow those users to boot the entry.
Using an empty string will result in the need to authenticate also for booting those entries.
grub__menuentry_access: '--unrestricted'
- grub__iter_time
Number of PBKDF2 iterations.
Corresponds with the --iteration-count
parameter.
The current default of grub-mkpasswd-pbkdf2 is 10000
iterations.
Set to default
to use the compiled-in default of grub-mkpasswd-pbkdf2.
grub__iter_time: 'default'
- grub__salt_length
Length of the Salt in characters. One unique salt will be generated for each host.
Corresponds with the --salt
parameter.
The current default of grub-mkpasswd-pbkdf2 is 64
characters.
Set to default
to use the compiled-in default of grub-mkpasswd-pbkdf2.
grub__salt_length: 'default'
- grub__hash_length
Length of generated hash in characters.
Corresponds with the --buflen
parameter.
The current default of grub-mkpasswd-pbkdf2 is 64
characters.
Set to default
to use the compiled-in default of grub-mkpasswd-pbkdf2.
grub__hash_length: 'default'