Getting started
Example inventory
To manage GRUB on a given host or a set of hosts, they need to be added to the
[debops_service_grub]
Ansible group in the inventory:
[debops_service_grub]
hostname
Example playbook
If you are using this role without DebOps, here's an example Ansible playbook
that uses the debops.grub
role:
---
- name: Configure GRUB
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_service_grub' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: grub
tags: [ 'role::grub', 'skip::grub' ]
Password protection
To enable password protection, simply define a superuser like this:
grub__users:
- name: 'su'
password: 'NBLWAThUq5'
superuser: True
The password will be hashed and salted on the Ansible controller and only the salted hash will be configured in the GRUB configuration.
With this change, GRUB will require authentication when attempting to change boot options or invoking a recovery shell. Booting menu entries will not require authentication so this configuration should be safe for normal operation.