hudecof.grub-password

grub-password

This is a basic password setup for GRUB version 1 and version 2. This role sets a global password to restrict editing of the menu. However, this role cannot set individual passwords or users for version 2.

I've tested this role on the platforms listed in the associated file, but that doesn't guarantee it will work on others. Please refer to the relevant vars/os-<PLATFORM>.yml or vars/os-<PLATFORM>-<VERSION>.yml files.

Requirements

None

Role Variables

The variables for this role depend on the GRUB version. Check defaults/main.yml for details.

The default password is changeme, so please use this as a guideline.

For GRUB v1

grub_password_v1_passwd is the MD5 password created using /sbin/grub-md5-crypt.

For GRUB v2

The lines generated by grub_password_v2_admin and grub_password_v2_passwd look like this:

set superusers="{{ grub_password_v2_admin }}"
password_pbkdf2 {{ grub_password_v2_admin }} {{ grub_password_v2_passwd }}" 

grub_password_v2_unrestricted indicates whether you want to add --unrestricted to the menu entries. If this directive is not included, the system won't boot without entering a username and password.

Example Playbook

Here’s an example of how to use this role with variables provided as parameters:

- hosts: servers
  roles:
     - hudecof.grub-password

License

BSD

Author Information

Peter Hudec

CNC, a.s.