use grubby instead

This commit is contained in:
nazunalika 2021-04-01 20:16:58 -07:00
parent a68f9b7102
commit 2845eade88
Signed by: label
GPG Key ID: CB6D9706D138D190

View File

@ -1,54 +1,3 @@
---
- name: Reset grub link if we are EFI
set_fact:
grub_config_path_link: "{{ grub_config_path_efi }}"
when:
- efi_installed.stat.isdir is defined
- efi_installed.stat.isdir
- grub_config_path_efi is defined
tags:
- efi
- name: Create grub.d directory
file:
name: /etc/default/grub.d
owner: root
group: root
mode: '0755'
state: directory
recurse: true
tags:
- grub
- kernel
- harden
- name: Append /etc/default/grub file
lineinfile:
path: /etc/default/grub
line: for x in $(ls /etc/default/grub.d) ; do source /etc/default/grub.d/$x ; done
state: present
tags:
- grub
- kernel
- harden
- name: Command line defaults
copy:
dest: "/etc/default/grub.d/99-rocky.cfg"
owner: root
group: root
mode: '0644'
content: 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT {{ grub_boot_options }}"'
tags:
- grub
- kernel
- harden
- name: Rebuild grub
command: "/usr/sbin/grub2-mkconfig -o {{ grub_config_path_link }}"
register: grub_command_result
changed_when: "grub_command_result.rc == 0"
tags:
- grub
- kernel
- harden
- name: Add kernel boot options to all kernels and default config
command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}"