Fix grub configuration file path in RHEL/CentOS 7

CentOS and RHEL 7 both use /boot/grub2/grub.cfg, but the tasks in the
security role expect it to be in /boot/grub/grub.cfg. This patch
adds a variable for the grub configuration file path.

Closes-bug: 1590102

Change-Id: I724d6eb3b716bd9b0006d0d2e5ad201481d52e59

tasks/boot.yml

@@ -15,13 +15,13 @@
 
 - name: Check to see if grub.cfg exists
   stat:
-    path: /boot/grub/grub.cfg
+    path: "{{ grub_conf_file }}"
   register: grub_cfg
   always_run: True
 
 - name: V-38579 - Bootloader configuration files must be owned by root
   file:
-    path: /boot/grub/grub.cfg
+    path: "{{ grub_conf_file }}"
     owner: root
   tags:
     - boot
@@ -31,7 +31,7 @@
 
 - name: V-38581 - Bootloader configuration files must be group-owned by root
   file:
-    path: /boot/grub/grub.cfg
+    path: "{{ grub_conf_file }}"
     group: root
   tags:
     - boot
@@ -41,7 +41,7 @@
 
 - name: V-38582 - Bootloader configuration files must have mode 0644 or less
   file:
-    path: /boot/grub/grub.cfg
+    path: "{{ grub_conf_file }}"
     mode: 0644
   tags:
     - boot

vars/redhat.yml

@@ -17,6 +17,7 @@
 pam_auth_file: /etc/pam.d/system-auth
 pam_password_file: /etc/pam.d/password-auth
 vsftpd_conf_file: /etc/vsftpd/vsftpd.conf
+grub_conf_file: /boot/grub2/grub.cfg
 
 # Package names
 auditd_pkg: audit

vars/ubuntu.yml

@@ -20,6 +20,7 @@ cache_timeout: 600
 pam_auth_file: /etc/pam.d/common-auth
 pam_password_file: /etc/pam.d/common-password
 vsftpd_conf_file: /etc/vsftpd.conf
+grub_conf_file: /boot/grub/grub.cfg
 
 # Package names
 auditd_pkg: auditd