Add EFI support for grub.cfg generation

On UEFI-enabled systems, the location of grub.cfg is different.
While at it, add ttyAMA0 (aarch64 PL011 serial device) console
to default kernel cmdline.

Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Change-Id: I98b709587bfaef21134da45dfa227673c2b10678

diff --git a/infra-ansible.spec b/infra-ansible.spec
index b6f3951..218c941 100644 (file)
--- a/infra-ansible.spec
+++ b/infra-ansible.spec
@@ -15,7 +15,7 @@
 
 Name:           infra-ansible
 Version:        %{_version}
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Contains ansible playbook and roles for Akraino rec blueprint
 License:        %{_platform_licence}
 Source0:        %{name}-%{version}.tar.gz

diff --git a/roles/change_kernel_cmdline/defaults/main.yml b/roles/change_kernel_cmdline/defaults/main.yml
index 0c786c5..e807cc7 100644 (file)
--- a/roles/change_kernel_cmdline/defaults/main.yml
+++ b/roles/change_kernel_cmdline/defaults/main.yml
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 # Common kernel arguments.
-kcmdline_list: ['console=tty0', 'console=ttyS1,115200', 'no_timer_check', 'audit=1']
+kcmdline_list: ['console=tty0', 'console=ttyS1,115200', 'console=ttyAMA0,115200', 'no_timer_check', 'audit=1']
 
 # Default kernel arguments.
 kcmdline_default_list: ['nofb', 'nomodeset', 'vga=normal', 'iommu=pt', 'intel_iommu=on', 'crashkernel=256M']

diff --git a/roles/change_kernel_cmdline/tasks/main.yml b/roles/change_kernel_cmdline/tasks/main.yml
index 6e161bb..71dfdec 100644 (file)
--- a/roles/change_kernel_cmdline/tasks/main.yml
+++ b/roles/change_kernel_cmdline/tasks/main.yml
@@ -96,10 +96,21 @@
     line: "GRUB_CMDLINE_LINUX_DEFAULT='{{ kcmdline_default_list | list_to_cmdline }}'"
   register: grub_cmdline_default
 
+- name: Check whether grub-efi exists
+  stat:
+    path: /boot/efi/EFI/centos/grub.cfg
+  register: grub_efi_file_stat
+
 - name: Generate grub configurations
   command: grub2-mkconfig -o /boot/grub2/grub.cfg
   when: grub_cmdline.changed or grub_cmdline_default.changed
 
+- name: Generate grub-efi configurations
+  command: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
+  when:
+    - grub_cmdline.changed or grub_cmdline_default.changed
+    - grub_efi_file_stat.stat.exists == true
+
 - name: Ensure network.service is enabled
   systemd:
     name: network

diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index 193bfe2..5558cd0 100644 (file)
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -186,15 +186,23 @@
 # Set file permissions
 #
 
-- name: "Set set the 600 file permissions"
-  file:
-    path: "{{item}}"
-    state: touch
-    mode: 600
+- name: "Check files exist to determine the proper location of grub.cfg on UEFI systems"
+  stat: path={{item}}
   with_items:
+    - /boot/efi/EFI/centos/grub.cfg
     - /boot/grub2/grub.cfg
     - /var/log/boot.log
     - /var/log/cron
+  register: file_stat
+
+- name: "Set the 600 file permissions"
+  file:
+    path: "{{item.item}}"
+    state: touch
+    mode: "600"
+  with_items: "{{ file_stat.results }}"
+  when:
+    - item.stat.exists == true
 
 #
 # Disable direct root login
@@ -360,10 +368,21 @@
       #define users
       password_pbkdf2 root "{{ grub2_pass }}"
 
+- name: check whether grub-efi exists
+  stat:
+    path: /boot/efi/EFI/centos/grub.cfg
+  register: grub_efi_file_stat
+
 - name: generate grub config
   when: grub2_pass is defined and grub2_pass != 'Empty'
   command: /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
 
+- name: generate grub-efi config
+  command: /usr/sbin/grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
+  when:
+    - grub2_pass is defined and grub2_pass != 'Empty'
+    - grub_efi_file_stat.stat.exists == true
+
 #
 #Setting the noexec option to the /dev/shm mount dir
 #