This module provides a new type/provider for Puppet to read and modify grub config files using the Augeas configuration library.
The advantage of using Augeas over the default Puppet parsedfile
implementations is that Augeas will go to great lengths to preserve file
formatting and comments, while also failing safely when needed.
This provider will hide all of the Augeas commands etc., you don't need to know anything about Augeas to make use of it.
Ensure both Augeas and ruby-augeas 0.3.0 bindings are installed and working as normal.
See Puppet/Augeas pre-requisites.
On Puppet 2.7.14 , the module can be installed easily (documentation):
puppet module install herculesteam/augeasproviders_grub
You may see an error similar to this on Puppet 2.x (#13858):
Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type `kernel_parameter` at ...
Ensure the module is present in your puppetmaster's own environment (it doesn't
have to use it) and that the master has pluginsync enabled. Run the agent on
the puppetmaster to cause the custom types to be synced to its local libdir
(puppet master --configprint libdir
) and then restart the puppetmaster so it
loads them.
Minimum of Puppet 2.7.
Augeas Versions | 0.10.0 | 1.0.0 | 1.1.0 | 1.2.0 |
---|---|---|---|---|
PROVIDERS | ||||
kernel_parameter (grub) | yes | yes | yes | yes |
kernel_parameter (grub2) | yes | yes | yes | yes |
grub_config (grub) | yes | yes | yes | yes |
grub_config (grub2) | yes | yes | yes | yes |
grub_menuentry (grub) | yes | yes | yes | yes |
grub_menuentry (grub2) | N/A | N/A | N/A | N/A |
grub_user (grub2) | N/A | N/A | N/A | N/A |
Note: grub_menuentry and grub_user for GRUB2 do not use Augeas at this time due to lack of available lenses.
Type documentation can be generated with puppet doc -r type
or viewed on the
Puppet Forge page.
This is a custom type and provider supplied by augeasproviders
. It supports
both GRUB Legacy (0.9x) and GRUB 2 configurations.
kernel_parameter { "quiet":
ensure => present,
}
kernel_parameter { "elevator":
ensure => present,
value => "deadline",
}
kernel_parameter { "rd_LVM_LV":
ensure => present,
value => ["vg/lvroot", "vg/lvvar"],
}
Bootmode defaults to "all", so settings are applied for all boot types usually.
Apply only to the default boot:
kernel_parameter { "quiet":
ensure => present,
bootmode => "default",
}
Apply only to normal boots. In GRUB legacy, normal boots consist of the default boot plus non-recovery ones. In GRUB2, normal bootmode is just an alias for default.
kernel_parameter { "quiet":
ensure => present,
bootmode => "normal",
}
Only recovery mode boots (unsupported with GRUB 2):
kernel_parameter { "quiet":
ensure => present,
bootmode => "recovery",
}
kernel_parameter { "rhgb":
ensure => absent,
}
kernel_parameter { "elevator":
ensure => present,
value => "deadline",
target => "/mnt/boot/grub/menu.lst",
}
This custom type manages GRUB Legacy and GRUB2 global configuration parameters.
In GRUB Legacy, the global items at the top of the grub.conf
file are managed.
In GRUB2, the parameters in /etc/defaults/grub
are managed.
When using GRUB2, take care that you aren't conflicting with an option later
specified by grub_menuentry
. Also, be aware that, in GRUB2, any global items
here will not be referenced unless you reference them by variable name per Bash
semantics.
This will set the timeout
global value in the Legacy GRUB configuration.
grub_config { 'timeout':
value => '1'
}
This will set the GRUB_TIMEOUT
global value in the GRUB2 configuration.
grub_config { 'GRUB_TIMEOUT':
value => '1'
}
This is a custom type to manage GRUB Legacy and GRUB2 menu entries.
The GRUB Legacy provider utlizes Augeas under the hood but GRUB2 did not have an available Lens and was written in Ruby.
This will not allow for modifying dynamically generated system entries. You will need to remove some of the native GRUB2 configuration scripts to be fully independent of the default system values.
The GRUB2 output of this provider will be saved, by default, in
/etc/grub.d/05_puppet_managed_<random_string>
where the random_string
is a
hash of the resource name
.
This will create a new menu entry and copy over any default values if present. If the entry currently exists, it will preserve all values and not overwrite them with the default system values.
grub_menuentry { 'new_entry':
root => '(hd0,0)',
kernel => ':preserve:',
initrd => ':preserve:',
kernel_options => [':preserve:']
}
There are many methods for identifying and manipulating kernel option lines and so a method was developed for handling the most common scenarios. You can, of course, simply denote every option, but this is cumbersome and prone to error over time.
The following format is supported for the new options:
':defaults:' => Copy defaults from the default GRUB entry
':preserve:' => Preserve all existing options (if present)
Note: ':defaults:' and ':preserve:' are mutually exclusive.
All of the options below supersede any items affected by the above
'entry(=.*)?' => Ensure that `entry` exists *as entered*; replaces all
other options with the same name
'!:entry(=.*)?' => Add this option to the end of the arguments
preserving any other options of the same name
'-:entry' => Ensure that all instances of `entry` do not exist
'-:entry=foo' => Ensure that only instances of `entry` with value `foo` do not exist
Note: Option removals and additions have higher precedence than preservation
This type manages GRUB2 users and superusers.
The output of this provider is stored, by default, in /etc/grub.d/01_puppet_managed_users
.
Any plain text passwords are automatically converted into the appropriate GRUB PBKDF2 format.
Note: If no users are defined as superusers, then GRUB2 will not enforce user restrictions on your entries.
grub_user { 'test_user':
password => 'plain text password'
}
grub_user { 'test_user':
password => 'grub.pbkdf2.sha512.10000.REALLY_LONG_STRING'
}
grub_user { 'test_user':
password => 'plain text password',
superuser => true,
rounds => '20000'
}
Please file any issues or suggestions on GitHub.