From a56b6f8306f4aa5b8e7f5310f144839452219f57 Mon Sep 17 00:00:00 2001
From: Frank Isemann <frank.isemann@haufe-lexware.com>
Date: Mon, 28 Dec 2015 16:24:26 +0100
Subject: [PATCH] Replace Hardcoded Grub Password

---
 defaults/main.yml           | 2 ++
 tasks/section_03_level1.yml | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index dd51fe2..79f22d9 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -21,6 +21,8 @@ run_shm_read_only: False
 # Default root password: root
 root_password: $6$5Mklo2YKvXOM50Zj$E8w4oiykpG9WiElxwHLx85rFFFG0z/lu0vp0wiU0SAnMnw0CmYhmArxvLxBjWQ6XVHv88XQyfpTjX4CPH89hf1
 
+# Grub Bootloader PBKDF2 Password (use grub-mkpasswd-pbkdf2 to generate)
+root_password_grub: grub.pbkdf2.sha512.10000.529DB4AF052F170948C1DB2A754CEA8A286804DA2D9A4EB5A7CCE4B8636775C83EAF8A1093CBDBC256954BCE789A58EFB3B75D23DFC76583C703922D5DADB69E.4D5BD1EC6736057095CA2EBF55C2DA02DFB0B0784F2105A396F1CEF11FEB1483D5C420F412E2E817E2570DDFC22ABCC329C5FF44091A0ACDE67171FF72E96CFD
 
 # Section 04
 
diff --git a/tasks/section_03_level1.yml b/tasks/section_03_level1.yml
index b59e731..89d3c93 100644
--- a/tasks/section_03_level1.yml
+++ b/tasks/section_03_level1.yml
@@ -51,7 +51,7 @@
     lineinfile: >
         dest='/etc/grub.d/40_custom'
         regexp='^password'
-        line='password_pbkdf2 root grub.pbkdf2.sha512.10000.529DB4AF052F170948C1DB2A754CEA8A286804DA2D9A4EB5A7CCE4B8636775C83EAF8A1093CBDBC256954BCE789A58EFB3B75D23DFC76583C703922D5DADB69E.4D5BD1EC6736057095CA2EBF55C2DA02DFB0B0784F2105A396F1CEF11FEB1483D5C420F412E2E817E2570DDFC22ABCC329C5FF44091A0ACDE67171FF72E96CFD'
+        line="password_pbkdf2 root {{root_password_grub}}"
         state=present
     when: grub_cfg_file.stat.exists == True and boot_password.rc == 1
     tags: