From 1cce81366c8f8df72ff71fed1a79f9ec4c4f2674 Mon Sep 17 00:00:00 2001 From: Sandwich Date: Sun, 22 Feb 2026 02:39:28 +0100 Subject: [PATCH] refactor(configuration): extract shared BLS update task to reduce duplication --- roles/configuration/tasks/_bls_update.yml | 19 +++++++++++++++++++ roles/configuration/tasks/encryption.yml | 22 ++++------------------ roles/configuration/tasks/grub.yml | 20 ++++---------------- 3 files changed, 27 insertions(+), 34 deletions(-) create mode 100644 roles/configuration/tasks/_bls_update.yml diff --git a/roles/configuration/tasks/_bls_update.yml b/roles/configuration/tasks/_bls_update.yml new file mode 100644 index 0000000..c362bc3 --- /dev/null +++ b/roles/configuration/tasks/_bls_update.yml @@ -0,0 +1,19 @@ +--- +# Shared task: update BLS (Boot Loader Specification) entries with kernel cmdline. +# Expects variable: _bls_cmdline (the kernel command line string) +- name: Find BLS entries + ansible.builtin.find: + paths: /mnt/boot/loader/entries + patterns: "*.conf" + register: _bls_entries + changed_when: false + +- name: Update BLS options + when: _bls_entries.files | length > 0 + ansible.builtin.lineinfile: + path: "{{ item.path }}" + regexp: "^options " + line: "options {{ _bls_cmdline }}" + loop: "{{ _bls_entries.files }}" + loop_control: + label: "{{ item.path }}" diff --git a/roles/configuration/tasks/encryption.yml b/roles/configuration/tasks/encryption.yml index 5f69f38..c5c3ddf 100644 --- a/roles/configuration/tasks/encryption.yml +++ b/roles/configuration/tasks/encryption.yml @@ -253,25 +253,11 @@ mode: "0644" content: "{{ configuration_kernel_cmdline_new }}\n" - - name: Find BLS entries for encryption kernel cmdline + - name: Update BLS entries with LUKS kernel cmdline when: os_family == 'RedHat' - ansible.builtin.find: - paths: /mnt/boot/loader/entries - patterns: "*.conf" - register: configuration_kernel_bls_entries - changed_when: false - - - name: Update BLS options with LUKS args - when: - - os_family == 'RedHat' - - configuration_kernel_bls_entries.files | length > 0 - ansible.builtin.lineinfile: - path: "{{ item.path }}" - regexp: "^options " - line: "options {{ configuration_kernel_cmdline_new }}" - loop: "{{ configuration_kernel_bls_entries.files }}" - loop_control: - label: "{{ item.path }}" + vars: + _bls_cmdline: "{{ configuration_kernel_cmdline_new }}" + ansible.builtin.include_tasks: _bls_update.yml - name: Read grub defaults when: not os_family == 'RedHat' diff --git a/roles/configuration/tasks/grub.yml b/roles/configuration/tasks/grub.yml index 9e94dcb..d596ea3 100644 --- a/roles/configuration/tasks/grub.yml +++ b/roles/configuration/tasks/grub.yml @@ -96,22 +96,10 @@ mode: "0644" content: "{{ configuration_kernel_cmdline_base }}\n" - - name: Find BLS entries for GRUB configuration - ansible.builtin.find: - paths: /mnt/boot/loader/entries - patterns: "*.conf" - register: configuration_grub_bls_entries - changed_when: false - - - name: Update BLS options with kernel cmdline defaults - when: configuration_grub_bls_entries.files | length > 0 - ansible.builtin.lineinfile: - path: "{{ item.path }}" - regexp: "^options " - line: "options {{ configuration_kernel_cmdline_base }}" - loop: "{{ configuration_grub_bls_entries.files }}" - loop_control: - label: "{{ item.path }}" + - name: Update BLS entries with kernel cmdline defaults + vars: + _bls_cmdline: "{{ configuration_kernel_cmdline_base }}" + ansible.builtin.include_tasks: _bls_update.yml - name: Enable GRUB cryptodisk for encrypted /boot when: partitioning_grub_enable_cryptodisk | bool