From: Alexandru Avadanii Date: Mon, 9 Dec 2019 14:24:47 +0000 (+0100) Subject: Add EFI support for grub.cfg generation X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=commitdiff_plain;h=3a7fca60d2a33657024ad83011ee233c879b416a Add EFI support for grub.cfg generation On UEFI-enabled systems, the location of grub.cfg is different. While at it, add ttyAMA0 (aarch64 PL011 serial device) console to default kernel cmdline. Signed-off-by: Alexandru Avadanii Change-Id: I98b709587bfaef21134da45dfa227673c2b10678 --- diff --git a/infra-ansible.spec b/infra-ansible.spec index b6f3951..218c941 100644 --- a/infra-ansible.spec +++ b/infra-ansible.spec @@ -15,7 +15,7 @@ Name: infra-ansible Version: %{_version} -Release: 3%{?dist} +Release: 4%{?dist} Summary: Contains ansible playbook and roles for Akraino rec blueprint License: %{_platform_licence} Source0: %{name}-%{version}.tar.gz diff --git a/roles/change_kernel_cmdline/defaults/main.yml b/roles/change_kernel_cmdline/defaults/main.yml index 0c786c5..e807cc7 100644 --- a/roles/change_kernel_cmdline/defaults/main.yml +++ b/roles/change_kernel_cmdline/defaults/main.yml @@ -13,7 +13,7 @@ # limitations under the License. # Common kernel arguments. -kcmdline_list: ['console=tty0', 'console=ttyS1,115200', 'no_timer_check', 'audit=1'] +kcmdline_list: ['console=tty0', 'console=ttyS1,115200', 'console=ttyAMA0,115200', 'no_timer_check', 'audit=1'] # Default kernel arguments. kcmdline_default_list: ['nofb', 'nomodeset', 'vga=normal', 'iommu=pt', 'intel_iommu=on', 'crashkernel=256M'] diff --git a/roles/change_kernel_cmdline/tasks/main.yml b/roles/change_kernel_cmdline/tasks/main.yml index 6e161bb..71dfdec 100644 --- a/roles/change_kernel_cmdline/tasks/main.yml +++ b/roles/change_kernel_cmdline/tasks/main.yml @@ -96,10 +96,21 @@ line: "GRUB_CMDLINE_LINUX_DEFAULT='{{ kcmdline_default_list | list_to_cmdline }}'" register: grub_cmdline_default +- name: Check whether grub-efi exists + stat: + path: /boot/efi/EFI/centos/grub.cfg + register: grub_efi_file_stat + - name: Generate grub configurations command: grub2-mkconfig -o /boot/grub2/grub.cfg when: grub_cmdline.changed or grub_cmdline_default.changed +- name: Generate grub-efi configurations + command: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg + when: + - grub_cmdline.changed or grub_cmdline_default.changed + - grub_efi_file_stat.stat.exists == true + - name: Ensure network.service is enabled systemd: name: network diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml index 193bfe2..5558cd0 100644 --- a/roles/ops-hardening/tasks/main.yaml +++ b/roles/ops-hardening/tasks/main.yaml @@ -186,15 +186,23 @@ # Set file permissions # -- name: "Set set the 600 file permissions" - file: - path: "{{item}}" - state: touch - mode: 600 +- name: "Check files exist to determine the proper location of grub.cfg on UEFI systems" + stat: path={{item}} with_items: + - /boot/efi/EFI/centos/grub.cfg - /boot/grub2/grub.cfg - /var/log/boot.log - /var/log/cron + register: file_stat + +- name: "Set the 600 file permissions" + file: + path: "{{item.item}}" + state: touch + mode: "600" + with_items: "{{ file_stat.results }}" + when: + - item.stat.exists == true # # Disable direct root login @@ -360,10 +368,21 @@ #define users password_pbkdf2 root "{{ grub2_pass }}" +- name: check whether grub-efi exists + stat: + path: /boot/efi/EFI/centos/grub.cfg + register: grub_efi_file_stat + - name: generate grub config when: grub2_pass is defined and grub2_pass != 'Empty' command: /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg +- name: generate grub-efi config + command: /usr/sbin/grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg + when: + - grub2_pass is defined and grub2_pass != 'Empty' + - grub_efi_file_stat.stat.exists == true + # #Setting the noexec option to the /dev/shm mount dir #