ver 3.0.1
grub_user{'adminuser':
password => "${passwd}",
superuser => true,
}

Admin deleted "set superusers" line from /boot/grub2/grub.cfg and /etc/grub.d/02_puppet_managed_users but not the password_pdkdf2 lines

Puppet never updates either file after this.

Deleting the password_pdkdf2 fixes the issue

First, thanks for providing this module, it has been quite useful.

We're pushing forward with using trusted boot in grub and now find ourselves in need of the 'module' portion of the grub configuration.

An example of this usage can be found at https://fedoraproject.org/wiki/Features/Trusted_Boot.

As far as I can tell, the kernel line detection needs to go from just a kernel line to a kernel line followed by a module (somewhere) that contains the kernel specification line.

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet-Server: 6.26.0
• Puppet-Agent: 6.28.0
• Distribution: Ubuntu 20.04.4
• Module version: 3.2.0

How to reproduce (e.g Puppet code you use)

Using a puppet lookup with either 'deep', or 'hash' merge type (as below)

class profile::hiera::kernel_parameters {
  # Lookup for kernel_parameter resources
  lookup( 'kernel_parameters', Hash[String, Any], 'deep', {} ).each |String $name, Any $options| {
    # Set kernel_parameter resources
    ensure_resource( 'kernel_parameter', $name, $options )
  }
}

Specifying a kernel parameter in hiera without a specific 'bootmode' given, and also specifying some other kernel parameters elsewhere in the hiera hierarchy.

global.yaml - lowest priority

# Configure kernel parameters at boottime
kernel_parameters:
# disable ipv6 by default on every machine
  ipv6.disable:
    ensure: present
    value: '1'

node.yaml - highest priority

kernel_parameters:
  # quiet splash
  quiet:
    ensure: present
    bootmode: default
  splash:
    ensure: present
    bootmode: default

What are you seeing

The above can result in the kernel parameter (ipv6.disable) being duplicated between the GRUB_CMDLINE_LINUX_DEFAULT and GRUB_CMDLINE_LINUX sections of /etc/default/grub file, similar to #38

# grep CMDLINE /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
GRUB_CMDLINE_LINUX="ipv6.disable=1"

What behaviour did you expect instead

Kernel parameters should only appear in one of either GRUB_CMDLINE_LINUX_DEFAULT or GRUB_CMDLINE_LINUX, but not both.

Explicitly specifying a bootmode will cause the kernel parameter to only appear in one of the two GRUB_CMDLINE* sections as expected.

Output log

Any additional information you'd like to impart

2015-10-27T11:20:17.497732+08:00 mocha puppet-agent[9827]: Could not autoload puppet/provider/kernel_parameter/grub: undefined method provider' for nil:NilClass 2015-10-27T11:20:17.497904+08:00 mocha puppet-agent[9827]: Could not autoload puppet/type/kernel_parameter: Could not autoload puppet/provider/kernel_parameter/grub: undefined methodprovider' for nil:NilClass
2015-10-27T11:20:17.497999+08:00 mocha puppet-agent[9827]: Could not retrieve catalog from remote server: Could not intern from text/pson: Could not autoload puppet/type/kernel_parameter: Could not autoload puppet/provider/kernel_parameter/grub: undefined method `provider' for nil:NilClass

puppet config:
kernel_parameter { "quiet":
ensure => present,
bootmode => "normal",
}

kernel_parameter { "processor.max_cstate":
ensure => present,
value => "0",
}

How would I set a password in grub.conf using this module? Tried this without luck (note that /root/grubtest.conf is a copy of /etc/grub.conf):

[root@host ~]# cat test.pp 
kernel_parameter { 'password':
  ensure => 'present',
  value => '--md5 $1$CBTfH$OPmcgvwKjjnK1k8t92dCQ/',
  target => '/root/grubtest.conf',
  name => 'password',
  bootmode => 'all',
}
[root@host ~]# puppet apply test.pp 
Notice: Compiled catalog for host.local in environment production in 0.06 seconds
Notice: /Stage[main]/Main/Kernel_parameter[password]/ensure: created
Error: /Stage[main]/Main/Kernel_parameter[password]: Could not evaluate: Failed to save Augeas tree to file. See debug logs for details.
Notice: Finished catalog run in 0.09 seconds
[root@host ~]# 

Hi

it seems that by default grub2-tools is not installed on CentOS7 (it comes with grubby), but the kernel_parameter provider (and probably all the other ones too) needs grub2-mkconfig to properly update Grub2 config, nad it comes with the grub2-tools package. So, what's your opinion on this issue? If you are ok with creating manifests to ensure that the package is there in all the supported platforms, I could help you out and prepare a PR.
If you think that this should be managed outside this module, then you can simply close this issue :-)

Thanks in advance!

fx
grub_user { 'test_user': ensure => absent,}
does not remove test_user if it was previous created.

grub.cfg isn't being properly updated on EFI systems running CentOS 7

It works as expected on servers with a traditional BIOS, but when run on an EFI system, grub active configuration doesn't get updated.

Looking into the issue a bit, line 111 of lib/puppet/provider/kernel_parameter/grub2.rb says:

["/boot/grub/grub.cfg", "/boot/grub2/grub.cfg"].each {|c|

The problem is the system does have a /boot/grub2/grub.cfg file, but the file actively being used is /boot/efi/EFI/centos/grub.cfg

I was going to submit a patch, but since centos is in the name, it would have been very distribution specific so taking a step back to create a more generic version probably makes sense.

Why would /boot/grub2/grub.cfg exist if /boot/efi/EFI/centos/grub.cfg is the active configuration?

Honestly, I don't know; making an educated guess is if I were to change to running in legacy bios mode then the /boot/grub2/grub.cfg file probably gets used.

EFI requires that there is a partition of a limited number of files systems (e.g. fat16/fat32/etc) that has an EFI folder in the root. To support this, /boot/efi is a different partition then /boot So when booting in legacy bios mode, my guess is it acts as if there was no efi and reads the configuration file off of the /boot partition. Since they are separate partitions, you can't hard link etc, so two copies are maintained.

Thus the "best" solution may be to add a line after 117 (mkconfig "-o", cfg), that looks for files /boot/efi/EFI//grub.cfg and if so copies cfg (in this case /boot/grub2/grub.cfg) over /boot/efi/EFI//grub.cfg

Is is necessary to run grub2-mkconfig or does the provider perform this action or its equivalent ?

Also, it would be nice to have all the parameters listed and explained.

Hi i have a little bug here or i dont unterstand this module ;)

Puppet manifest

kernel_parameter { "ipv6.disable": ensure => present, bootmode => 'all' }

i expect this in /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable quiet"
GRUB_CMDLINE_LINUX="ipv6.disable"

but i get this

GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="ipv6.disable"

The parameter is not set in all bootmodes.

when i set bootmode to "default". I get my parameter only in GRUB_CMDLINE_LINUX_DEFAULT.

When using grub2 the initial state in /etc/default/grub includes:

GRUB_CMDLINE_LINUX populated
GRUB_CMDLINE_LINUX_DEFAULT absent

Used:

kernel_parameter { "pci=nomsi,noaer":
    ensure   => present,
    bootmode => "normal",
}

results in GRUB_CMDLINE_LINUX_DEFAULT being copied from GRUB_CMDLINE_LINUX and then massaged by the lens.

The resultant kernel boot line includes duplicate entries. According to the grub2 manual (https://www.gnu.org/software/grub/manual/grub/grub.html):

‘GRUB_CMDLINE_LINUX_DEFAULT’

    Unless ‘GRUB_DISABLE_RECOVERY’ is set to ‘true’, two menu entries will be
    generated for each Linux kernel: one default entry and one entry for recovery
    mode. This option lists command-line arguments to add only to the default
    menu entry, after those listed in ‘GRUB_CMDLINE_LINUX’.

Desired behaviour is for GRUB_CMDLINE_LINUX_DEFAULT to not being populated from GRUB_CMDLINE_LINUX as they maybe concatenated when generating the grub.conf

Hi,

I've got the following manifest:

  Kernel_parameter {
    ensure => present,
  }
  kernel_parameter { 'quiet':
  }
  kernel_parameter { 'elevator':
    value => 'deadline',
  }
  kernel_parameter {'LANG':
    value => 'en_US.UTF-8',
  }
  kernel_parameter {'KEYBOARDTYPE':
    value => 'pc',
  }

This is working fine on many nodes, but on two I get the following issue on an agent run:

Error: /Stage[main]/Profiles::Base/Kernel_parameter[quiet]: Could not evaluate: Augeas didn't load /boot/grub/menu.lst with Grub.lns from /var/lib/puppet/lib/augeas/lenses: Iterated lens matched less than it should (line:19, character:0)
Error: /Stage[main]/Profiles::Base/Kernel_parameter[elevator]: Could not evaluate: Augeas didn't load /boot/grub/menu.lst with Grub.lns from /var/lib/puppet/lib/augeas/lenses: Iterated lens matched less than it should (line:19, character:0)
Error: /Stage[main]/Profiles::Base/Kernel_parameter[LANG]: Could not evaluate: Augeas didn't load /boot/grub/menu.lst with Grub.lns from /var/lib/puppet/lib/augeas/lenses: Iterated lens matched less than it should (line:19, character:0)
Error: /Stage[main]/Profiles::Base/Kernel_parameter[KEYBOARDTYPE]: Could not evaluate: Augeas didn't load /boot/grub/menu.lst with Grub.lns from /var/lib/puppet/lib/augeas/lenses: Iterated lens matched less than it should (line:19, character:0)

Package Versions:

# rpm -qa | grep -E "puppet|augeas"
puppet-3.8.1-1.el6.noarch
puppetlabs-release-6-11.noarch
augeas-1.0.0-7.el6_6.1.x86_64
ruby-augeas-0.4.1-3.el6.x86_64
augeas-libs-1.0.0-7.el6_6.1.x86_64

Do you have any thoughts?

I'm working on moving this to the Util module and will provide a patch shortly.

Centos7 should always pick grub2 (AFAICT). However some of our centos7 machines output this message and select grub instead. As a result, the change doesn't get made.

Warning: Found multiple default providers for kernel_parameter: grub, grub2; using grub

As a temporary measure, I'd like to know if there is a way to force is to select grub2.

As a long-term solution, I have no idea how to start debugging this. What information can I provide to help narrow this down?

I noticed that the puppetrun fails when /etc/grub.d/01_users (part of grub2-tools-2.02-0.64.0.1.el7.x86_64 on redhat 7) is present:

Notice: /Stage[main]/Linuxbase::Grub/Grub_user[root]/password: password changed '${GRUB2_PASSWORD}' to 'grub.pbkdf2.sha512.10000.<long_string>'
Error: Grub_user[root](provider=grub2): Please ensure that your *active* GRUB2 configuration is correct. Puppet::Type::Grub_user::ProviderGrub2 thinks that you need an update, but your file content did not change

01_users includes /boot/grub2/user.cfg for the password hash if found, but we do not make use of a user.cfg file, so this code does nothing.
It seems a bit strange that I have to remove the 01_users file in order to make the puppetrun succeed?

The below puppet code worked fine on puppet 3.8, but it fails on puppet 2016.x. The error message produced is also shown below. I tried setting the timeout value with and without quotes, but I get the same error either way.

Error: no implicit conversion of Fixnum into String
Error: /Stage[main]/Profiles::Grub/Grub_config[timeout]/value: change from 5 to 10 failed: no implicit conversion of Fixnum into String

class profiles::grub (
  $menu_timeout = '10',
) {

  case $::osfamily {
    'RedHat': {
      case $::operatingsystemmajrelease {
        '6': {
          grub_config { 'timeout':
            value => $menu_timeout,
          }
        }
        '7': {
          grub_config { 'GRUB_TIMEOUT':
            value => $menu_timeout,
          }
        }
        default: {
          fail('Need to define the Grub configuration for this version of the OS')
        }
      }
    }
    default: {
      notify { 'Grub configuration not defined for this operating system': }
    }
  }

}

==> sdecentos65: Error: Could not autoload puppet/provider/kernel_parameter/grub2: undefined method provider' for nil:NilClass ==> sdecentos65: Error: Could not autoload puppet/type/kernel_parameter: Could not autoload puppet/provider/kernel_parameter/grub2: undefined methodprovider' for nil:NilClass
==> sdecentos65: Error: Could not autoload puppet/type/kernel_parameter: Could not autoload puppet/provider/kernel_parameter/grub2: undefined method provider' for nil:NilClass on node sdecentos65.securitycompass.com ==> sdecentos65: Error: Could not autoload puppet/type/kernel_parameter: Could not autoload puppet/provider/kernel_parameter/grub2: undefined methodprovider' for nil:NilClass on node sdecentos65.securitycompass.com

[vagrant@sdecentos65 ~]$ uname -a
Linux sdecentos65 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[vagrant@sdecentos65 ~]$ cat /etc/redhat-release
CentOS release 6.5 (Final)
[vagrant@sdecentos65 ~]$ rpm -q ruby-augeas
ruby-augeas-0.4.1-3.el6.x86_64
[vagrant@sdecentos65 ~]$ rpm -q puppet
puppet-3.7.2-1.el6.noarch

I am currently using augeasproviders_grub version 3.0.1 with Puppet master version 2018.1.2 and agent version 5.5.3.

I have a notify resource that subscribes to a kernel_parameter resource as below:

kernel_parameter { 'audit':
  value  => '1',
}

notify { 'The audit kernel parameter has changed, please reboot':
  subscribe => Kernel_parameter['audit']
}

The notify occurs every time that puppet runs instead of whenever there is a change to the kernel_parameter. Is that intentional?

EL8 and Fedora 30+ now use the blscfg module to load OS configurations from /boot/loader/entries. This means that we're going to have to fall back to grubby for systems that include this module in their /etc/grub2.cfg configuration until some method can be found to process this information without requiring grubby.

I use augeasproviders_grub to configure flash card images that contain a configured operating system including /etc/default/grub but that do not have grub or /boot/grub2/grub.cfg yet. That gets installed at burn time when the OS image is actually written to disk.

Would it be possible to add an option to disable the execution of the grub2-mkconfig step so that I can have it skipped when running in my build containers?

Thank you

This was an oversight in my original implementation but systems that can booth either EFI or legacy will potentially switch between the two at will.

This means that both configuration paths need to be updated.

At this point, I'm thinking that it may be best to update all non-symlink copies of target grub configuration files on the system so that random changes don't surprise us in the future but would like some feedback on this idea.

I see that in master the metadata.json says it supports Puppet 4 but the latest release does not... how is the Puppet 4 support coming along?

@kenyon

Hi, #84 was merged a few months ago, can we include it in a new package so that I can use it? Let me know if there's anything I can do to help. Thanks!

Hi,

I'm currently running Puppet3.8.6 on Arch Linux, my current code:

  # grub related settings
  $elevator = $::virtual ? {
    'kvm'       => 'noop',
    'physical'  => 'deadline',
    'openvzhn'  => 'deadline',
  }
  Kernel_parameter {
    ensure    => present,
    provider  => 'grub2',
  }
  kernel_parameter { 'quiet':
  }
  kernel_parameter { 'elevator':
    value => $elevator,
  }
  kernel_parameter {'LANG':
    value => 'en_US.UTF-8',
  }
  kernel_parameter {'KEYBOARDTYPE':
    value => 'pc',
  }
  kernel_parameter {'KEYTABLE':
    value => 'de-latin1-nodeadkeys',
  }
  kernel_parameter{'nomodeset':
  }

This results in the following warning:

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for test.de
Warning: Found multiple default providers for kernel_parameter: grub, grub2; using grub
Info: Applying configuration version '1460625288'
Notice: Finished catalog run in 13.21 seconds

• Can't I set the provider I want to have? It seems to ignore my provider setting
• What needs to be done that the module uses grub2 as the default provider?

I can contribute patches to support Arch Linux, but I'm very new to types + providers.

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 7.25.0
• Ruby: 2.7
• Distribution: RHEL 9.3
• Module version: 3.0.1

How to reproduce (e.g Puppet code you use)

• Make any changes via kernel_parameter type
• run puppet
• cat /boot/loader/entries/*

What are you seeing

kernel_parameter type (via grub2-mkconfig) does not update kernel options of BLS entries to the ones defined in GRUB_CMDLINE_LINUX.

What behaviour did you expect instead

kernel_parameter type (via grub2-mkconfig) updates the kernel options of BLS entries as before.

Output log

n.a.

Any additional information you'd like to impart

RHEL 9.3 did a change which require to call grub2-mkconfig -o /path/to/grub.cfg --update-bls-cmdline to restore the old why of functioning. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/9.3_release_notes/index#new-features-boot-loader

grub_config values with spaces cause augeus errors:

    grub_config {'GRUB_TERMINAL':
        value   => join($boot::grub_terminals, ' '),
        notify  => Exec['update-grub-config'],
    }

    grub_config {'GRUB_SERIAL_COMMAND':
        value   => "serial --unit=0 --speed=${boot::serialconsole}",
        notify  => Exec['update-grub-config'],
    }

Notice: /Stage[main]/Boot::Grub2/Grub_config[GRUB_TERMINAL]/value: value changed '"console serial"' to 'console serial'
Error: /Stage[main]/Boot::Grub2/Grub_config[GRUB_TERMINAL]: Could not evaluate: Failed to save Augeas tree to file. See debug logs for details.

Notice: /Stage[main]/Boot::Grub2/Grub_config[GRUB_SERIAL_COMMAND]/value: value changed '"serial --unit=0 --speed=115200"' to 'serial --unit=0 --speed=115200'
Error: /Stage[main]/Boot::Grub2/Grub_config[GRUB_SERIAL_COMMAND]: Could not evaluate: Failed to save Augeas tree to file. See debug logs for details.

I made a silly mistake of doing puppet module install on a test box and then when I were setting up my r10k not adding the auto installed dependencies. This then causes an error message on this line

The error message is not super obvious and to make it a little bit more clear, it would be good to specifically say that the augeasproviders_core module is missing.

Please add it, thanks

On vanilla Ubuntu installs, the EFI GRUB config in /boot/efi/EFI/ubuntu/grub.cfg contains a stub GRUB config which loads the real config from /boot/grub/grub.cfg

On Ubuntu, the recommended way of updating GRUB configs after making changes is to run update-grub rather than grub-mkconfig directly. update-grub only updates the config located at /boot/grub/grub.cfg as far as I can tell.

The effect of the ESP config being broken is that the system no longer boots. Not actually sure why that is. Either way, the ESP config shouldn't be updated.

Since autorequires is executed when compiling the catalog, the default autorequires will not perform properly on the executing client.

This appears to affect many of the augeasproviders components.

Not sure of the correct way to fix this since it may cause duplicated code and/or mixed compile/execution scopes.

Hello, there is a bug inside grub2 provider for custom type Grub_menuentry which cause next behaviour:

Notice: /Stage[main]/Kernel/Grub_menuentry[Puppet-Managed Kernel Entry]/default_entry: default_entry changed false to true (corrective)
Debug: Executing: '/usr/sbin/grub2-mkconfig'
Error: /Grub_menuentry[Puppet-Managed Kernel Entry]: Could not evaluate: No such file or directory @ rb_sysopen - /boot/grub/grub.cfg
Notice: /Stage[main]/Kernel/File_line[grubenv saved_entry]: Dependency Grub_menuentry[Puppet-Managed Kernel Entry] has failures: true
Warning: /Stage[main]/Kernel/File_line[grubenv saved_entry]: Skipping because of failed dependencies

Bug is inside this block of method grub2_mkconfig

    cfg_paths.uniq.each do |cfg_path|
      File.open(cfg_path, 'w') do |fh|
        fh.puts(mkconfig_output)
        fh.flush
      end
    end

if folder /boot/grub is not existing it will fail with

Errno::ENOENT: No such file or directory @ rb_sysopen - /boot/grub/grub.cfg

Please review and fix it

grub_config {'GRUB_DISABLE_OS_PROBER':
    value   => true,
}

Error: /Stage[main]/Boot::Grub2/Grub_config[GRUB_DISABLE_OS_PROBER]/ensure: change from 'absent' to 'present' failed: Could not set 'present' on ensure: no implicit conversion of true into String (file: /etc/puppetlabs/code/environments/production/modules/boot/manifests/grub2.pp, line: 32)

If I want to clear a setting (e.g. selinux=0), then I can clear it from GRUB_CMDLINE_LINUX or GRUB_CMDLINE_LINUX_DEFAULT but not both:

Clears GRUB_CMDLINE_LINUX but not GRUB_CMDLINE_LINUX_DEFAULT

    kernel_parameter{'selinux':
      ensure   => absent,
      provider => 'grub2',
      bootmode => 'normal',
    } 

Also clears GRUB_CMDLINE_LINUX but not GRUB_CMDLINE_LINUX_DEFAULT

    kernel_parameter{'selinux':
      ensure   => absent,
      provider => 'grub2',
      bootmode => 'all',
    } 

While this will clear GRUB_CMDLINE_LINUX_DEFAULT

kernel_parameter{'selinux-default':
      name     => 'selinux',
      ensure   => absent,
      provider => 'grub2',
      bootmode => 'default'
    }

You can't combine it with either of the above:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Kernel_parameter[selinux-default] to ["selinux"] at test.pp:55; resource ["Kernel_parameter", "selinux"] already declared at test.pp:49 at test.pp:55 on node test.example.com

Thus there doesn't appear to be a way to clear both GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT

puppet-agent[19114]: Found multiple default providers for kernel_parameter: grub, grub2; using grub

grub-install --version
grub-install (GRUB) 2.02~beta2-9ubuntu1.3

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty

how come it's using grub1 instead of grub2 ?!

Hi,

I am trying to create a new menu entry in Ubuntu 16.04 using the sample provided

grub_menuentry { 'new_entry':
   root           => '(hd0,0)',
   kernel         => ':preserve:',
   initrd         => ':preserve:',
   kernel_options => [':preserve:']
 }

however when I apply it to my node I get the error

Debug: Puppet::Type::Grub_menuentry::ProviderGrub2: file grubby does not exist
Debug: Puppet::Type::Grub_menuentry::ProviderGrub: file grub does not exist
Error: Could not find a suitable provider for grub_menuentry

is there anything I missing?

many thanks in advance
Kind regards,
Mauro

kernel_parameter { 'quiet': ensure => absent, }

And I still see it in /etc/default/grub and /boot/grub/grub.cfg

A debug puppet agent run says
Nothing to manage. no ensure and the resource doesn't exist

Please correct typo within line

https://github.com/hercules-team/augeasproviders_grub/blob/master/lib/puppet/provider/grub_menuentry/grub.rb#L146

Should be Puppet::ExecutionFailure

Thank you

It is not 100% clear from the documentation whether the provider also actually runds grub2-mkconfig after setting/changing settings. It could be argued that it is obvious but for the sake of clarity it would be useful if the documentation could specifically say that grub2-mkconfig is run after setting a value. I looked through the code and that is indeed what happens. I am happy to do a tiny PR for the doc update if there is agreement.

Attempted to apply the following with Puppet:

kernel_parameter { 'fips':
  value    => '1',
  bootmode => 'normal'
}

Received the following error:

Info: Applying configuration version '1445871089'
Notice: /Stage[main]/Main/Kernel_parameter[fips]/ensure: created
Debug: Puppet::Type::Kernel_parameter::ProviderGrub2: Save failure details:
/augeas/files/etc/default/grub/error/path = /files/etc/default/grub/GRUB_CMDLINE_LINUX_DEFAULT
/augeas/files/etc/default/grub/error/lens = /usr/share/augeas/lenses/dist/shellvars_list.aug:38.13-.78:
/augeas/files/etc/default/grub/error/message = Failed to match 
    { /quote/ = /'/ }({ /value/ = /[^\001-\004\t\n ']+/ }{ /value/ = /[^\001-\004\t\n ']+/ }*)? | { /quote/ = /"/ }({ /value/ = /([^\001-\004\t\n "\\]|\\\\[^\001-\004\n])+/ }{ /value/ = /([^\001-\004\t\n "\\]|\\
\\[^\001-\004\n])+/ }*)? | { /quote/ = // }{ /value/ = /(([^\001-\004\t\n "'\\]|\\\\[^\001-\004\n])+)+/ }?
  with tree
    { "value" = "fips=1" }
Error: /Stage[main]/Main/Kernel_parameter[fips]: Could not evaluate: Failed to save Augeas tree to file. See debug logs for details.

This appears to be because GRUB_CMDLINE_LINUX_DEFAULT is not present in /etc/default/grub by default and should be created by Augeas if it is not present in the file.

Ideally, it would default to whatever GRUB_CMDLINE_LINUX has in it at the time of creation.

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 6.27.0
• Ruby: 2.5.9p229
• Distribution: Ubuntu 20.04
• Module version: v4.0.0

How to reproduce (e.g Puppet code you use)

Use kernel_parameter and have it make a change to /etc/default/grub like

kernel_parameter { 'audit':
  ensure => present,
  value  => 1,
}

What are you seeing

/boot/grub/grub.cfg is created by grub-mkconfig, but the standard error (stderr) of this command is included along with the standard output, resulting in an invalid grub.cfg, possibly causing boot failure depending on where the bogus lines end up in grub.cfg. The standard error looks like this:

Generating grub configuration file ...
Found linux image: /boot/vmlinuz-6.0.0-0.deb11.6-amd64
Found initrd image: /boot/initrd.img-6.0.0-0.deb11.6-amd64
Found linux image: /boot/vmlinuz-6.0.0-0.deb11.2-amd64
Found initrd image: /boot/initrd.img-6.0.0-0.deb11.2-amd64
Warning: os-prober will be executed to detect other bootable partitions.
Its output will be used to detect bootable binaries on them and create new boot entries.
done

What behaviour did you expect instead

Only the standard output (stdout) of grub-mkconfig should be written to grub.cfg. This is how this module works in version 3.2.0.

Any additional information you'd like to impart

I think the bug was introduced by one of these commits:

• 082bf14
• 63c2c4b

Hi,

Small change request. Issue #16 fixed the EFI support issue for Fedora, but not for every other system. Is there any way to fix the grub2.rb file line 151:

["/boot/grub/grub.cfg", "/boot/grub2/grub.cfg", "/boot/efi/EFI/fedora/grub.cfg"].each {|c|

to either use the "operatingsystem" variable instead of "fedora" or add other OSes to the list like RedHat and CentOS?

Thanks,

I realise the module does not currently claim to support CentoOS 8.

With centos8

/etc/default/grub

is no longer the way to specify kernel parameters and indeed grub2-mkconfig is no
longer the correct command to call.

From https://access.redhat.com/solutions/3710121 (paywall) suggests that

# grub2-editenv - list
saved_entry=72ee326dc9ff4092ab35d066fbbf02c5-4.18.0-147.8.1.el8_1.x86_64
kernelopts=root=UUID=8dd1149a-2dab-4b33-b554-42890f94d1b1 ro console=ttyS0,115200 console=tty0 rd.auto net.ifnames=0 crashkernel=auto rhgb quiet

and

grub2-editenv - set "kernelopts=root=UUID=8dd1149a-2dab-4b33-b554-42890f94d1b1 ro console=ttyS0,115200 console=tty0 rd.auto net.ifnames=0 crashkernel=auto rhgb quiet consoleblank=0"

is the way to set consoleblank.

In reality this command maintains the files:

# ls -l /boot/efi/EFI/centos/grubenv /boot/grub2/grubenv
-rwx------. 1 root root 1029 May 22 17:01 /boot/efi/EFI/centos/grubenv
lrwxrwxrwx. 1 root root   25 Feb  5 02:46 /boot/grub2/grubenv -> ../efi/EFI/centos/grubenv

and these are loaded by the blscfg module.

https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault

Not sure how to proceed. Can we still use augeas to validate output of the commands
to add kernel_parameters.

Affected Puppet, Ruby, OS and module versions/distributions

All versions

How to reproduce (e.g Puppet code you use)

What are you seeing

When you're managing kernel parameters, you cannot specify the ordering of hugepagesz and hugepages. If the number of hugepages is defined before the size of the hugepages, it will use the system default size.

Example: (RHEL 7)

kernel_parameter{'ipv6.disable':
ensure => absent,
}

Can this module be updated for puppet7?