Getting started

Example inventory

To manage GRUB on a given host or a set of hosts, they need to be added to the [debops_service_grub] Ansible group in the inventory:

[debops_service_grub]
hostname

Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.grub role:

---

- name: Configure GRUB
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_service_grub' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: grub
      tags: [ 'role::grub', 'skip::grub' ]

Password protection

To enable password protection, simply define a superuser like this:

grub__users:
  - name: 'su'
    password: 'NBLWAThUq5'
    superuser: True

The password will be hashed and salted on the Ansible controller and only the salted hash will be configured in the GRUB configuration.

With this change, GRUB will require authentication when attempting to change boot options or invoking a recovery shell. Booting menu entries will not require authentication so this configuration should be safe for normal operation.