LUKS enrollment and RHEL cmdline/BLS

roles/configuration/tasks/grub.yml

@@ -0,0 +1,109 @@
+---
+- name: Configure grub
+  when: not is_rhel | default(false)
+  block:
+    - name: Add commandline information to grub config
+      ansible.builtin.lineinfile:
+        dest: /mnt/etc/default/grub
+        regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=
+        line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
+
+    - name: Change Grub time
+      ansible.builtin.lineinfile:
+        dest: /mnt/etc/default/grub
+        regexp: ^GRUB_TIMEOUT=
+        line: GRUB_TIMEOUT=1
+
+- name: Ensure grub defaults file exists for RHEL-based systems
+  when: is_rhel | default(false)
+  block:
+    - name: Build RHEL kernel command line defaults
+      vars:
+        configuration_grub_root_uuid_value: >-
+          {{
+            (
+              partitioning_main_uuid.stdout
+              if (filesystem | lower) == 'btrfs'
+              else (partitioning_uuid_root | default([]) | first | default(''))
+            )
+            | default('')
+            | trim
+          }}
+        configuration_grub_lvm_args_value: >-
+          {{
+            ['resume=/dev/mapper/sys-swap', 'rd.lvm.lv=sys/root', 'rd.lvm.lv=sys/swap']
+            if (filesystem | lower) != 'btrfs'
+            else []
+          }}
+        configuration_grub_root_flags_value: >-
+          {{ ['rootflags=subvol=@'] if (filesystem | lower) == 'btrfs' else [] }}
+        configuration_grub_cmdline_linux_base_value: >-
+          {{
+            (['crashkernel=auto'] + configuration_grub_lvm_args_value)
+            | join(' ')
+          }}
+        configuration_grub_kernel_cmdline_base_value: >-
+          {{
+            (
+              (['root=UUID=' + configuration_grub_root_uuid_value]
+               if configuration_grub_root_uuid_value | length > 0 else [])
+              + ['ro', 'crashkernel=auto']
+              + configuration_grub_lvm_args_value
+              + configuration_grub_root_flags_value
+            )
+            | join(' ')
+          }}
+      ansible.builtin.set_fact:
+        configuration_grub_cmdline_linux_base: "{{ configuration_grub_cmdline_linux_base_value }}"
+        configuration_kernel_cmdline_base: "{{ configuration_grub_kernel_cmdline_base_value }}"
+      changed_when: false
+
+    - name: Check if grub defaults file exists
+      ansible.builtin.stat:
+        path: /mnt/etc/default/grub
+      register: configuration_grub_defaults_stat
+      changed_when: false
+
+    - name: Create default grub configuration
+      when: not configuration_grub_defaults_stat.stat.exists
+      ansible.builtin.copy:
+        dest: /mnt/etc/default/grub
+        mode: "0644"
+        content: |
+          GRUB_TIMEOUT=5
+          GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
+          GRUB_DEFAULT=saved
+          GRUB_DISABLE_SUBMENU=true
+          GRUB_TERMINAL_OUTPUT="console"
+          GRUB_CMDLINE_LINUX="{{ configuration_grub_cmdline_linux_base }}"
+          GRUB_DISABLE_RECOVERY="true"
+          GRUB_ENABLE_BLSCFG=true
+
+    - name: Ensure kernel cmdline directory exists
+      ansible.builtin.file:
+        path: /mnt/etc/kernel
+        state: directory
+        mode: "0755"
+
+    - name: Write kernel cmdline defaults
+      ansible.builtin.copy:
+        dest: /mnt/etc/kernel/cmdline
+        mode: "0644"
+        content: "{{ configuration_kernel_cmdline_base }}\n"
+
+    - name: Find BLS entries
+      ansible.builtin.find:
+        paths: /mnt/boot/loader/entries
+        patterns: "*.conf"
+      register: configuration_grub_bls_entries
+      changed_when: false
+
+    - name: Update BLS options with kernel cmdline defaults
+      when: configuration_grub_bls_entries.files | length > 0
+      ansible.builtin.lineinfile:
+        path: "{{ item.path }}"
+        regexp: '^options '
+        line: "options {{ configuration_kernel_cmdline_base }}"
+      loop: "{{ configuration_grub_bls_entries.files }}"
+      loop_control:
+        label: "{{ item.path }}"