On EFI systems, it might be needed to invoke grub-install with the --efi-directory $efi_directory argument, as grub-install might otherwise not be able to find its ESP and won't install.

Salut!

Since I started using your module at my workplace, I'd like to work on making the module use a bit more of the puppet 4 syntax to make the code lighter to read and also more malleable for future changes, might there be some required. However, before actually working I'd just like to know how interested in this you are.

I'm thinking at least of

• using types in parameter definitions instead of using validate_*() from stdlib
• to replace the anchor pattern by the use of the "contain" keyword
  ** this would also let us drop use of inheritance for install, config, update

were you thinking of keeping support for an older version of puppet, 3.x or 2.7 ? or would you be willing to start moving towards code that's more in the puppet 4 realm?

Cheers!

This module uses an exec to grub-mkconfig -o /boot/efi/EFI/ubuntu/grub.cfg which overrides the default contents, but this file should not contain a "normal" grub configuration, instead the EFI grub.cfg should look like this to reference /boot/grub/grub.cfg on the right partition:

search.fs_uuid {uuid} root hd0,{partition}
set prefix=($root)'/boot/grub'
configfile $prefix/grub.cfg

Because this module overwrites the EFI grub.cfg, and the kernel postinstall scripts only call grub-update, which only updates /boot/grub/grub.cfg, this module effectively breaks kernel updates as they will never show up in grub.

Is there a possibility to install grub to the configured install devices only in case there are changes?

Currently, I have to toggle the install_grub parameter every time I want to write, as the bootloader will otherwise get written again and again on each puppet run, which might be bad for some disks (read: flash storage).

I'm not sure whether grub-install produces state files somewhere, but maybe this module could otherwise store information about which grub version is installed on which disk, and only perform the installation in case there is a new grub version or a new disk selected.

We liked to set the GRUB_CMDLINE_LINUX_DEFAULT parameter to "" which isn't currently possible.

The easiest way should be to move the cmdline_linux_default default into params.pp

In certain conditions, it's possible to end up with duplicate configuration options in /etc/default/grub2. Remove that chance by changing the logic in here: https://github.com/goldyfruit/puppet-grub2/blob/master/templates/default_grub.erb#L66

#36 introduced a change which ensures that update-grub gets triggered if the password file changes. This ignore the fact that the file isn't in the catalog if no password was specified.

mbaur@puppet-development:~ $ puppet apply --modulepath=Sources/ -e 'include grub2'
Warning: This method is deprecated, please use the stdlib validate_legacy function,
                    with Stdlib::Compat::String. There is further documentation for validate_legacy function in the README. at ["/home/mbaur/Sources/grub2/manifests/init.pp", 221]:["unknown", 1]
   (location: /home/mbaur/Sources/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Warning: This method is deprecated, please use the stdlib validate_legacy function,
                    with Stdlib::Compat::Absolute_Path. There is further documentation for validate_legacy function in the README. at ["/home/mbaur/Sources/grub2/manifests/init.pp", 227]:["unknown", 1]
   (location: /home/mbaur/Sources/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Warning: This method is deprecated, please use match expressions with Stdlib::Compat::String instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions. at ["/home/mbaur/Sources/grub2/manifests/init.pp", 230]:["unknown", 1]
   (location: /home/mbaur/Sources/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Warning: This method is deprecated, please use the stdlib validate_legacy function,
                    with Stdlib::Compat::Array. There is further documentation for validate_legacy function in the README. at ["/home/mbaur/Sources/grub2/manifests/init.pp", 234]:["unknown", 1]
   (location: /home/mbaur/Sources/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Warning: This method is deprecated, please use the stdlib validate_legacy function,
                    with Stdlib::Compat::Bool. There is further documentation for validate_legacy function in the README. at ["/home/mbaur/Sources/grub2/manifests/init.pp", 236]:["unknown", 1]
   (location: /home/mbaur/Sources/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Warning: This method is deprecated, please use the stdlib validate_legacy function,
                    with Stdlib::Compat::Integer. There is further documentation for validate_legacy function in the README. at ["/home/mbaur/Sources/grub2/manifests/init.pp", 255]:["unknown", 1]
   (location: /home/mbaur/Sources/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Error: Could not find resource 'File[/etc/grub.d/50_password]' in parameter 'subscribe' (file: /home/mbaur/Sources/grub2/manifests/update.pp, line: 7) on node puppet-development

The parameter package_name_legacy in init.pp is not String instead of Optional[String]. On all supported OS but Debian it gets set Undef from params.pp and the Puppetrun therefore failes with:

Info: Using configured environment 'test'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Grub2]: parameter 
'package_name_legacy' expects a String value, got Undef (file: /etc/puppetlabs/code/environments/test/modules/internal/profile/manifests/grub.pp, line: 24, column
: 11) on node testserver
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

A workaround is to set the parameter to a String when calling the class:

class { 'grub2':
      package_name_legacy  => 'workaround',

Hello,

version 1.0.8 is available on Puppet Forge, however there is no corresponding git tag here on GitHub.
It would be great, if the git tag could be included in the repository.

Regards,
Stefan

Since #7 was merged, the dependency on puppetlabs/stdlib has changed - this module now needs at least 4.6.0 since that is when the validate_integer function was introduced. I'll look at fixing this in metadata.json shortly.

Hi @goldyfruit,

Please can you consider releasing 0.5.0? When using this with librarian-puppet after my recent changes, the 0.4.0 release is downloaded and cached locally, which omits the feature I just added. The only way to get this working with the 0.4.0 release would be to pin this to a SHA-1 locally, which I'd rather not do if you'd be prepared to release 0.5.0.

Thanks!

Andrew

class grub2::update inherits grub2 {

if $grub2::update_grub {
exec { 'Update GRUB':
command => $grub2::update_binary,
}
}

}

We should refresh only if the config file was changed only. Above class with parameter "update_grub=true" , grub2::update run everytime puppet run whenever the config file is changed or not. If we set parameter "update_grub=false", grub2::update never be run.

In CentOS 8 BLS is used to configure GRUB menuentries: https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault

puppet-grub2 should support this option to be able to configure CentOS 8 GRUB in the standard way.

To implement this a seperate bool parameter in https://github.com/goldyfruit/puppet-grub2/blob/master/manifests/init.pp#L186 is needed which activates the GRUB_ENABLE_BLSCFG=$value in https://github.com/goldyfruit/puppet-grub2/blob/master/templates/default_grub.erb

When using "update_grub => true" a refresh is always triggered, not only when there's an update to the manifest. So it executes update-grub at every puppet agent run.

The /etc/grub.d/50_password file gets setup and included in the file /boot/grub2/grub.cfg just fine.

But the only place that calls logic to actually export the defined superusers is in /etc/grub.d/01_users as follows:

#!/bin/sh -e cat << EOF if [ -f \${prefix}/user.cfg ]; then source \${prefix}/user.cfg if [ -n "\${GRUB2_PASSWORD}" ]; then set superusers="root" export superusers password_pbkdf2 root \${GRUB2_PASSWORD} fi fi EOF

This module doesn't do its work in 01_users however so that code block never gets touched and you end up with a /boot/grub2/grub.cfg that contains a superuser definition and its hashed password but export superusers is never called so no password is ever required.

I tested and fixed by fudging in export superusers to the end of the /etc/grub.d/50_password file that the module generates. This module needs to include that export command to achieve its stated effect.

Hey,

awesome module, thanks!

Could you release a newer version of it to the Puppetforge?

I'd like to use the multi-device install features, but so far, this can only be found by pointing to git master…

I think title says it all.

I am sending a MR pretty soon, hoping it will be welcomed.

Hello,

I try to run this module with the next options in Centos 7.2 with

class { 'grub2':
      update_grub           => false,
      install_grub          => false,
      cmdline_linux_default => 'crashkernel=auto rd.lvm.lv=vg00/lv_root rhgb quiet audit=1',
      terminal              => 'console',
      default_entry         => 0,
      timeout               => 5,
      disable_submenu       => true,
      save_default          => true,
      disable_recovery      => true,
      device_install            => ['/dev/sda'],
    }

I only want to add audit=1 in cmdline_linux_default

More over my disk configuration is

Disk /dev/sda: 599.0 GB, 598999040000 bytes, 1169920000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000c2fac

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048  1169919999   584446976   8e  Linux LVM

Disk /dev/mapper/vg00-lv_root: 31.5 GB, 31457280000 bytes, 61440000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/vg00-lv_var: 567.0 GB, 566973431808 bytes, 1107369984 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

But I found the following error

Error 400 on SERVER: Could not match |$device| at /etc/puppet/environments/mauso/modules/grub2/manifests/install.pp:12

I think that maybe the problem is in install.pp, because module always use it

If recordfail_timeout option is not defined as an integer in params.pp, an error occur:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: validate_integer(): Expected first argument to be an Integer or Array, got String at /srv/data/puppet/envs/production/modules/grub2/manifests/init.pp:176 on node vm002

To fix that, we have to replace the default value:

$recordfail_timeout    = undef

By:

$recordfail_timeout    = 5

@Gurbmeister could you please update the README about the EFI support option you added?
Like, what type is efi option, how to use it, etc..

Thanks.

The latest tag has introduced errors due to mismatched brackets.

Syntax error at ')' (file: modules/grub2/manifests/init.pp, line: 237, column: 101)

Thanks!

tar ztvf goldyfruit-grub2-0.0.1.tar.gz
...
lrwxrwxrwx root/root 0 2014-03-03 15:47 goldyfruit-grub2-0.0.1/spec/fixtures/modules/grub2 -> /srv/data/puppet/envs/production/modules/grub2
...

And it gripes
Error: No such file or directory - /etc/puppet/modules/grub2/spec/fixtures/modules/grub2
Error: Try 'puppet help module install' for usage

Hi!
Seems 50_password.erb have error:
exec tail -n +3 $0 must be on second line, after #!/bin/sh

The module doesn't currently have a way to set GRUB_TIMEOUT_STYLE, which is now preferred over the deprecated GRUB_HIDDEN_TIMEOUT and GRUB_HIDDEN_TIMEOUT_QUIET settings.
(According to https://www.gnu.org/software/grub/manual/grub/html_node/Simple-configuration.html)

I'm working on an initial PR that adds this functionality, sets new default, and tries to do the right thing if the deprecated values are explicitly set when calling the class.