Default variables

General GRUB options

grub_save_options

Preserve all original kernel options

grub_save_options: True
grub_kernel_options

Kernel options. If grub_save_options is true they will be appended after original options.

grub_kernel_options: []
grub_dependent_kernel_options

List of kernel options used when debops.grub role is used as a role dependency. Options listed here will be saved in Ansible local facts for idempotency.

grub_dependent_kernel_options: []
grub_default

By default the first GRUB menu option is active and it will be booted. If you specify your own parameter, it will be used instead.

grub_default: ''
grub_dependent_default

Other roles that use debops.grub as a role dependency, can use this variable to override the default menu option. It will be stored in Ansible local facts to preserve idempotency. grub_default will override this variable.

grub_dependent_default: ''
grub_timeout_hardware

GRUB timeout for hardware-based devices.

grub_timeout_hardware: 5
grub_timeout_virtual

GRUB timeout for virtual devices.

grub_timeout_virtual: 1
grub_custom_options

Additional GRUB options specified as a YAML text block.

grub_custom_options: ''

Serial console configuration

grub_serial_console

Enable serial console (in both grub and kernel)

grub_serial_console: False
grub_serial_console_unit

Serial port to enable console on (eg. ttyS0 => 0, ttyS1 => 1)

grub_serial_console_unit: 0
grub_serial_console_speed

Speed of the serial port. Other parameters (8 bits, no parity, 1 stop bit are hardcoded)

grub_serial_console_speed: 115200

Security and users

grub_users

List of in GRUB. Defaults to a empty list which results in no users being created and thus leaving GRUB without password protection.

grub_users: []
grub_group_users: []
grub_host_users: []
grub_menuentry_access

This option only takes effect when there is at least one user defined.

Default access level for all menu entries generated by /etc/grub.d/10_linux (which are the Linux images in your /boot directory).

It defaults to ‘–unrestricted’ which allows to boot those menu entries without the need for authentication by entering a password. Editing or a recovery shell still require authentication.

Another option is ‘–users ‘$username1 $username2’ to only allow those users to boot the entry.

Using an empty string will result in the need to authenticate also for booting those entries.

grub_menuentry_access: '--unrestricted'
grub_iter_time

Number of PBKDF2 iterations. Corresponds with the --iteration-count parameter.

The current default of grub-mkpasswd-pbkdf2 is 10000 iterations. Set to default to use the compiled-in default of grub-mkpasswd-pbkdf2.

grub_iter_time: 'default'
grub_salt_length

Length of the Salt in characters. One unique salt will be generated for each host. Corresponds with the --salt parameter.

The current default of grub-mkpasswd-pbkdf2 is 64 characters. Set to default to use the compiled-in default of grub-mkpasswd-pbkdf2.

grub_salt_length: 'default'
grub_hash_length

Length of generated hash in characters. Corresponds with the --buflen parameter.

The current default of grub-mkpasswd-pbkdf2 is 64 characters. Set to default to use the compiled-in default of grub-mkpasswd-pbkdf2.

grub_hash_length: 'default'