grub-password

grub-password

Basic grub password for grub v1 a and group v2. Ths role sets global password to restrinct the menu editing. Thos role is not able to set passwords or users for v2 per item.

I tested this role on platforms listed int mate file, but it do not mean it will work on any other. Please and the corresponding vars/os-<PLATFORM>.yml or vars/os-<PLATFORM>-<VERSION>.yml file.

Requirements

None

Role Variables

Role variables are grub version dependent, see defaults/main.yml.

Default password is changeme, so please follow this recommendation.

grub v1

grub_password_v1_passwd is md5 password generated by /sbin/grub-md5-crypt

grub v2

Line generated by grub_password_v2_admin and grub_password_v2_passwd are

set superusers="{{ grub_password_v2_admin }}"
password_pbkdf2 {{ grub_password_v2_admin }} {{ grub_password_v2_passwd }}" 

grub_password_v2_unrestricted tells weather you want to add --unrestriced to the menu entries. If this directice is missing, the system will not boot without antering username and password.

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

- hosts: servers
  roles:
     - hudecof.grub-password

License

BSD

Author Information

Peter Hudec

CNC, a.s.

About

sets grub password to prevent menu editing

Install
ansible-galaxy install hudecof/ansible_grub_password
GitHub repository
License
Unknown
Downloads
2619