Forge Home


Augeas-based grub types and providers for Puppet


152 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 5.1.1 (latest)
  • 5.1.0
  • 5.0.1
  • 5.0.0
  • 4.0.0
released Jul 10th 2024
This version is compatible with:
  • Puppet Enterprise 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'puppet-augeasproviders_grub', '5.1.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add puppet-augeasproviders_grub
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install puppet-augeasproviders_grub --version 5.1.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



puppet/augeasproviders_grub — version 5.1.1 Jul 10th 2024

grub: type/provider for grub files for Puppet

Build Status Release Puppet Forge Puppet Forge - downloads Puppet Forge - endorsement Puppet Forge - scores docs Apache-2 License Donated by Herculesteam

This module provides a new type/provider for Puppet to read and modify grub config files using the Augeas configuration library.

The advantage of using Augeas over the default Puppet parsedfile implementations is that Augeas will go to great lengths to preserve file formatting and comments, while also failing safely when needed.

This provider will hide all of the Augeas commands etc., you don't need to know anything about Augeas to make use of it.


Ensure both Augeas and ruby-augeas 0.3.0+ bindings are installed and working as normal.

See Puppet/Augeas pre-requisites.

WARNING Your system must be able to run the grub mkconfig scripts with BLS support if you are on a systen that uses BLS!


On Puppet 2.7.14+, the module can be installed easily (documentation):

puppet module install puppet/augeasproviders_grub

You may see an error similar to this on Puppet 2.x (#13858):

Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type `kernel_parameter` at ...

Ensure the module is present in your puppetmaster's own environment (it doesn't have to use it) and that the master has pluginsync enabled. Run the agent on the puppetmaster to cause the custom types to be synced to its local libdir (puppet master --configprint libdir) and then restart the puppetmaster so it loads them.


Puppet versions

Minimum of Puppet 2.7.

Augeas versions

Augeas Versions 0.10.0 1.0.0 1.1.0 1.2.0
kernel_parameter (grub) yes yes yes yes
kernel_parameter (grub2) yes yes yes yes
grub_config (grub) yes yes yes yes
grub_config (grub2) yes yes yes yes
grub_menuentry (grub) yes yes yes yes
grub_menuentry (grub2) N/A N/A N/A N/A
grub_user (grub2) N/A N/A N/A N/A

Note: grub_menuentry and grub_user for GRUB2 do not use Augeas at this time due to lack of available lenses.

Documentation and examples

Type documentation can be generated with puppet doc -r type or viewed on the Puppet Forge page.

kernel_parameter provider

This is a custom type and provider supplied by augeasproviders. It supports both GRUB Legacy (0.9x) and GRUB 2 configurations.

manage parameter without value

kernel_parameter { "quiet":
  ensure => present,

manage parameter with value

kernel_parameter { "elevator":
  ensure  => present,
  value   => "deadline",

manage parameter with multiple values

kernel_parameter { "rd_LVM_LV":
  ensure  => present,
  value   => ["vg/lvroot", "vg/lvvar"],

manage parameter on certain boot types

Bootmode defaults to "all", so settings are applied for all boot types usually.

Apply only to the default boot:

kernel_parameter { "quiet":
  ensure   => present,
  bootmode => "default",

Apply only to normal boots. In GRUB legacy, normal boots consist of the default boot plus non-recovery ones. In GRUB2, normal bootmode is just an alias for default.

kernel_parameter { "quiet":
  ensure   => present,
  bootmode => "normal",

Only recovery mode boots (unsupported with GRUB 2):

kernel_parameter { "quiet":
  ensure   => present,
  bootmode => "recovery",

delete entry

kernel_parameter { "rhgb":
  ensure => absent,

manage parameter in another config location

kernel_parameter { "elevator":
  ensure => present,
  value  => "deadline",
  target => "/mnt/boot/grub/menu.lst",

grub_config provider

This custom type manages GRUB Legacy and GRUB2 global configuration parameters.

In GRUB Legacy, the global items at the top of the grub.conf file are managed.

In GRUB2, the parameters in /etc/defaults/grub are managed.

When using GRUB2, take care that you aren't conflicting with an option later specified by grub_menuentry. Also, be aware that, in GRUB2, any global items here will not be referenced unless you reference them by variable name per Bash semantics.

change the default legacy GRUB timeout

This will set the timeout global value in the Legacy GRUB configuration.

grub_config { 'timeout':
  value => '1'

change the default GRUB2 timeout

This will set the GRUB_TIMEOUT global value in the GRUB2 configuration.

grub_config { 'GRUB_TIMEOUT':
  value => '1'

grub_menuentry provider

This is a custom type to manage GRUB Legacy and GRUB2 menu entries.

The GRUB Legacy provider utlizes Augeas under the hood but GRUB2 did not have an available Lens and was written in Ruby.

This will not allow for modifying dynamically generated system entries. You will need to remove some of the native GRUB2 configuration scripts to be fully independent of the default system values.

The GRUB2 output of this provider will be saved, by default, in /etc/grub.d/05_puppet_managed_<random_string> where the random_string is a hash of the resource name.

new entry preserving all existing values

This will create a new menu entry and copy over any default values if present. If the entry currently exists, it will preserve all values and not overwrite them with the default system values.

grub_menuentry { 'new_entry':
  root           => '(hd0,0)',
  kernel         => ':preserve:',
  initrd         => ':preserve:',
  kernel_options => [':preserve:']

kernel option lines

There are many methods for identifying and manipulating kernel option lines and so a method was developed for handling the most common scenarios. You can, of course, simply denote every option, but this is cumbersome and prone to error over time.

The following format is supported for the new options:

':defaults:'  => Copy defaults from the default GRUB entry
':preserve:'  => Preserve all existing options (if present)

Note: ':defaults:' and ':preserve:' are mutually exclusive.

All of the options below supersede any items affected by the above

'entry(=.*)?'   => Ensure that `entry` exists *as entered*; replaces all
                   other options with the same name
'!:entry(=.*)?' => Add this option to the end of the arguments
                   preserving any other options of the same name
'-:entry'       => Ensure that all instances of `entry` do not exist
'-:entry=foo'   => Ensure that only instances of `entry` with value `foo` do not exist

Note: Option removals and additions have higher precedence than preservation

grub_user provider

This type manages GRUB2 users and superusers.

The output of this provider is stored, by default, in /etc/grub.d/01_puppet_managed_users.

Any plain text passwords are automatically converted into the appropriate GRUB PBKDF2 format.

Note: If no users are defined as superusers, then GRUB2 will not enforce user restrictions on your entries.

user with a plain text password

grub_user { 'test_user':
  password => 'plain text password'

user with a pre-hashed password

grub_user { 'test_user':
  password => 'grub.pbkdf2.sha512.10000.REALLY_LONG_STRING'

user that is a superuser with a plain text password and 20000 rounds

grub_user { 'test_user':
  password  => 'plain text password',
  superuser => true,
  rounds    => '20000'


Please file any issues or suggestions on GitHub.

Transfer Notice

This module was originally authored by hercules-team. The maintainer preferred that Vox Pupuli take ownership of the module for future improvement and maintenance. Existing pull requests and issues were transferred over, please fork and continue to contribute here.