From c0b2487c511216204951d7d08485b20f5a7fc6a9 Mon Sep 17 00:00:00 2001
From: aaron <aaron@duckpond.ch>
Date: Tue, 24 Aug 2021 13:22:50 +0200
Subject: [PATCH] add grub ansible role

---
 README.md                     | 79 +++++++++++++++++++++++++++++++++++
 defaults/main.yaml            | 40 ++++++++++++++++++
 handlers/main.yaml            |  5 +++
 meta/main.yaml                | 52 +++++++++++++++++++++++
 meta/main.yml                 | 53 +++++++++++++++++++++++
 tasks/configuration.yaml      | 15 +++++++
 tasks/installation.yaml       |  6 +++
 tasks/main.yaml               | 20 +++++++++
 templates/etc/default/grub.j2 | 35 ++++++++++++++++
 tests/inventory               |  2 +
 tests/test.yml                |  5 +++
 vars/RedHat.yaml              | 15 +++++++
 12 files changed, 327 insertions(+)
 create mode 100644 README.md
 create mode 100644 defaults/main.yaml
 create mode 100644 handlers/main.yaml
 create mode 100644 meta/main.yaml
 create mode 100644 meta/main.yml
 create mode 100644 tasks/configuration.yaml
 create mode 100644 tasks/installation.yaml
 create mode 100644 tasks/main.yaml
 create mode 100644 templates/etc/default/grub.j2
 create mode 100644 tests/inventory
 create mode 100644 tests/test.yml
 create mode 100644 vars/RedHat.yaml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..000545f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,79 @@
+ansible-role-grub
+=================
+
+Manages grub config on RHEL/Centos.
+
+Requirements
+------------
+
+This is a standalone role.
+
+Role Variables
+--------------
+
+Additional kernel parameters can be passed using the following two lists.
+```yaml
+# additional cmdline arguments
+grub_cmdline_linux_list: []
+
+# additional cmdline default arguments
+grub_cmdline_linux_default_list: []
+```
+
+Additional tty instances can be added to the follwing list. 
+For example a serial connection which has its own set of variables.
+```yaml
+# start grub and linux on these consoles
+grub_consoles:
+  - tty0
+  - 'ttyS0,{{ grub_serial.speed }}'
+
+# grub serial command settings
+grub_serial:
+  speed: 115200
+  unit: 0
+  word: 8
+  parity: 0
+  stop: 1
+```
+
+Dependencies
+------------
+
+No hard dependencies.
+
+Example Playbook
+----------------
+
+An example playbook which installs and configures grub with kernel parameters.
+```yaml
+---
+
+- name: grub test play
+  hosts: all
+  become: true
+  vars:
+    grub_cmdline_linux_list:
+      - crashkernel=auto
+      - rd.lvm.lv=vg01/root
+      - rhgb
+      - quiet
+      - boot=a27cca18-a888-4b0e-9066-986d22036054
+      - vsyscall=none
+      - slub_debug=P
+      - page_poison=1
+      - audit_backlog_limit=8192
+      - audit=1
+  roles:
+    - grub
+```
+
+License
+-------
+
+GPLv3
+
+Author Information
+------------------
+
+Aaron (aaron@0x29a.ch)
diff --git a/defaults/main.yaml b/defaults/main.yaml
new file mode 100644
index 0000000..8300fb0
--- /dev/null
+++ b/defaults/main.yaml
@@ -0,0 +1,40 @@
+---
+# defaults file for ansible-role-grub
+
+# grub related packages
+grub_packages:
+  - grub2
+
+# grub-mkconfig binary
+grub_mkconfig_bin: /usr/sbin/grub2-mkconfig
+
+# grub configuration file
+grub_cfg: /etc/default/grub
+
+# grub main running configuration
+grub_boot_cfg: /boot/grub2/grub.cfg
+
+# start grub and linux on these consoles
+grub_consoles:
+  - tty0
+#  - 'ttyS0,{{ grub_serial.speed }}'
+
+# grub serial command settings
+#grub_serial:
+#  speed: 115200
+#  unit: 0
+#  word: 8
+#  parity: 0
+#  stop: 1
+
+# grub timeout (in seconds)
+grub_timeout: 5
+
+# disable predictable network interface names
+grub_disable_network_predictable_interface_names: false
+
+# additional cmdline arguments
+grub_cmdline_linux_list: []
+
+# additional cmdline default arguments
+grub_cmdline_linux_default_list: []
diff --git a/handlers/main.yaml b/handlers/main.yaml
new file mode 100644
index 0000000..70067df
--- /dev/null
+++ b/handlers/main.yaml
@@ -0,0 +1,5 @@
+---
+# handlers file for ansible-role-grub
+
+- name: grub update config
+  command: '{{ grub_mkconfig_bin }} -o {{ grub_boot_cfg }}'
diff --git a/meta/main.yaml b/meta/main.yaml
new file mode 100644
index 0000000..45b0a2a
--- /dev/null
+++ b/meta/main.yaml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.9
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..227ad9c
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.9
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
+  
\ No newline at end of file
diff --git a/tasks/configuration.yaml b/tasks/configuration.yaml
new file mode 100644
index 0000000..ade4d4d
--- /dev/null
+++ b/tasks/configuration.yaml
@@ -0,0 +1,15 @@
+---
+
+- name: create the grub configuration
+  template:
+    src: etc/default/grub.j2
+    dest: '{{ grub_cfg }}'
+    owner: root
+    group: root
+    mode: 0644
+    seuser: system_u
+    serole: object_r
+    setype: bootloader_etc_t
+    selevel: s0
+  notify:
+    - 'grub update config'
diff --git a/tasks/installation.yaml b/tasks/installation.yaml
new file mode 100644
index 0000000..888779d
--- /dev/null
+++ b/tasks/installation.yaml
@@ -0,0 +1,6 @@
+---
+
+- name: install grub related packages
+  package:
+    name: '{{ grub_packages }}'
+    state: present
diff --git a/tasks/main.yaml b/tasks/main.yaml
new file mode 100644
index 0000000..60325c7
--- /dev/null
+++ b/tasks/main.yaml
@@ -0,0 +1,20 @@
+---
+# tasks file for ansible-role-grub
+
+- name: load variables based on distribution type
+  include_vars: '{{ item }}'
+  with_first_found:
+    - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yaml'
+    - '{{ ansible_os_family }}.yaml'
+  tags:
+    - 'grub_vars'
+
+- name: import installation tasks
+  import_tasks: installation.yaml
+  tags:
+    - 'grub_install'
+
+- name: import configuration tasks
+  import_tasks: configuration.yaml
+  tags:
+    - 'grub_configuration'
diff --git a/templates/etc/default/grub.j2 b/templates/etc/default/grub.j2
new file mode 100644
index 0000000..7549b05
--- /dev/null
+++ b/templates/etc/default/grub.j2
@@ -0,0 +1,35 @@
+{% if grub_consoles | d(False) %}
+{%   set grub_console = "console=" + grub_consoles | join(' console=') %}
+{% endif %}
+{% if grub_cmdline_linux_default_list | d(False) %}
+{%   set grub_cmdline_linux_default = grub_cmdline_linux_default_list | join(' ') %}
+{% endif %}
+{% set grub_cmdline_linux = [] + grub_cmdline_linux_list %}
+{% if ansible_cmdline['rd.auto'] | d(False) %}
+{%   set grub_cmdline_linux = grub_cmdline_linux + ['rd.auto'] %}
+{% endif %}
+{% if grub_disable_network_predictable_interface_names %}
+{%   set grub_cmdline_linux = grub_cmdline_linux + ['net.ifnames=0'] %}
+{% endif %}
+
+# default entry
+GRUB_DEFAULT=saved
+# grub timeout
+GRUB_TIMEOUT={{ grub_timeout }}
+# distribition information
+GRUB_DISTRIBUTOR=$(sed 's, release .*$,,g' /etc/system-release)
+
+{% if grub_console and grub_cmdline_linux_default | d(False) %}
+GRUB_CMDLINE_LINUX_DEFAULT="{{ grub_console }} {{ grub_cmdline_linux_default }}"
+{% elif grub_cmdline_linux_default | d(False) %}
+GRUB_CMDLINE_LINUX_DEFAULT="{{ grub_cmdline_linux_default }}"
+{% else %}
+GRUB_CMDLINE_LINUX_DEFAULT="{{ grub_console }}"
+{% endif %}
+GRUB_CMDLINE_LINUX="{{ grub_cmdline_linux | join(' ') }}"
+{% if grub_serial | d(False) %}
+GRUB_SERIAL_COMMAND="serial --speed={{ grub_serial.speed }} --unit={{ grub_serial.unit }} --word={{ grub_serial.word }} --parity={{ grub_serial.parity }} --stop={{ grub_serial.stop }}"
+{% endif %}
+
+# disable graphical terminal
+GRUB_TERMINAL=console
diff --git a/tests/inventory b/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/tests/test.yml b/tests/test.yml
new file mode 100644
index 0000000..be289ff
--- /dev/null
+++ b/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - ansible-role-grub
\ No newline at end of file
diff --git a/vars/RedHat.yaml b/vars/RedHat.yaml
new file mode 100644
index 0000000..c7439ad
--- /dev/null
+++ b/vars/RedHat.yaml
@@ -0,0 +1,15 @@
+---
+# vars file for ansible-role-grub
+
+# grub related packages
+grub_packages:
+  - grub2
+
+# grub-mkconfig binary
+grub_mkconfig_bin: /usr/sbin/grub2-mkconfig
+
+# grub configuration file
+grub_cfg: /etc/default/grub
+
+# grub main running configuration
+grub_boot_cfg: /boot/grub2/grub.cfg