--- - name: Configure grub defaults when: not is_rhel | bool ansible.builtin.lineinfile: dest: /mnt/etc/default/grub regexp: "{{ item.regexp }}" line: "{{ item.line }}" loop: - regexp: ^GRUB_CMDLINE_LINUX_DEFAULT= line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3" - regexp: ^GRUB_TIMEOUT= line: GRUB_TIMEOUT=1 - name: Ensure grub defaults file exists for RHEL-based systems when: is_rhel | bool block: - name: Build RHEL kernel command line defaults vars: configuration_grub_root_uuid_value: >- {{ ( partitioning_main_uuid.stdout if (filesystem | lower) == 'btrfs' else (partitioning_uuid_root | default([]) | first | default('')) ) | default('') | trim }} configuration_grub_lvm_args_value: >- {{ ['resume=/dev/mapper/sys-swap', 'rd.lvm.lv=sys/root', 'rd.lvm.lv=sys/swap'] if (filesystem | lower) != 'btrfs' else [] }} configuration_grub_root_flags_value: >- {{ ['rootflags=subvol=@'] if (filesystem | lower) == 'btrfs' else [] }} configuration_grub_cmdline_linux_base_value: >- {{ (['crashkernel=auto'] + configuration_grub_lvm_args_value) | join(' ') }} configuration_grub_kernel_cmdline_base_value: >- {{ ( (['root=UUID=' + configuration_grub_root_uuid_value] if configuration_grub_root_uuid_value | length > 0 else []) + ['ro', 'crashkernel=auto'] + configuration_grub_lvm_args_value + configuration_grub_root_flags_value ) | join(' ') }} ansible.builtin.set_fact: configuration_grub_cmdline_linux_base: "{{ configuration_grub_cmdline_linux_base_value }}" configuration_kernel_cmdline_base: "{{ configuration_grub_kernel_cmdline_base_value }}" changed_when: false - name: Check if grub defaults file exists ansible.builtin.stat: path: /mnt/etc/default/grub register: configuration_grub_defaults_stat changed_when: false - name: Create default grub configuration when: not configuration_grub_defaults_stat.stat.exists ansible.builtin.copy: dest: /mnt/etc/default/grub mode: "0644" content: | GRUB_TIMEOUT=1 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="{{ configuration_grub_cmdline_linux_base }}" GRUB_DISABLE_RECOVERY="true" GRUB_ENABLE_BLSCFG=true - name: Ensure kernel cmdline directory exists ansible.builtin.file: path: /mnt/etc/kernel state: directory mode: "0755" - name: Write kernel cmdline defaults ansible.builtin.copy: dest: /mnt/etc/kernel/cmdline mode: "0644" content: "{{ configuration_kernel_cmdline_base }}\n" - name: Find BLS entries ansible.builtin.find: paths: /mnt/boot/loader/entries patterns: "*.conf" register: configuration_grub_bls_entries changed_when: false - name: Update BLS options with kernel cmdline defaults when: configuration_grub_bls_entries.files | length > 0 ansible.builtin.lineinfile: path: "{{ item.path }}" regexp: '^options ' line: "options {{ configuration_kernel_cmdline_base }}" loop: "{{ configuration_grub_bls_entries.files }}" loop_control: label: "{{ item.path }}" - name: Enable GRUB cryptodisk for encrypted /boot when: partitioning_grub_enable_cryptodisk | bool ansible.builtin.lineinfile: path: /mnt/etc/default/grub regexp: '^GRUB_ENABLE_CRYPTODISK=' line: GRUB_ENABLE_CRYPTODISK=y