Table of Contents

• Overview
• This is a SIMP module
• Module Description
• Setup
  • What simp_grub affects
• Usage
  • GRUB2
  • Legacy GRUB
• Limitations
• Development
  • Unit tests
  • Acceptance tests

Overview

This is a SIMP module

This module is a component of the System Integrity Management Platform

If you find any issues, please submit them via JIRA.

Please read our [Contribution Guide] (https://simp.readthedocs.io/en/stable/contributors_guide/index.html).

Module Description

Provides a Hiera-friendly interface to GRUB configuration activities.

Currently supports setting administrative GRUB passwords on both GRUB 2 and legacy GRUB systems.

See REFERENCE.md for more details.

See herculesteam/augeasproviders_grub for additional information on GRUB management.

Setup

What simp_grub affects

simp_grub helps manage the GRUB configuration on your systems.

Usage

Simply include simp_grub and set the simp_grub::password parameter to password protect GRUB.

GRUB2

You must set the administrative username on GRUB2 systems.

Example: Set the admin username:

---
simp_grub::admin: my_admin_username

Passwords that are not in PBKDF2 format will be encrypted for you.

Legacy GRUB

On legacy systems, password entries that do not start with $1$, $5$, or $6$ will be encrypted for you.

Limitations

SIMP Puppet modules are generally intended to be used on a Red Hat Enterprise Linux-compatible distributions.

See metadata.json for the full list of supported operating systems.

Development

Please read our [Contribution Guide] (https://simp.readthedocs.io/en/stable/contributors_guide/index.html).

Unit tests

Unit tests, written in rspec-puppet can be run by calling:

bundle exec rake spec

Acceptance tests

To run the system tests, you need Vagrant installed. Then, run:

bundle exec rake beaker:suites

Some environment variables may be useful:

BEAKER_debug=true
BEAKER_provision=no
BEAKER_destroy=no
BEAKER_use_fixtures_dir_for_modules=yes

• BEAKER_debug: show the commands being run on the STU and their output.
• BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.
• BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.
• BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from the spec/fixtures/modules directory, based on the contents of .fixtures.yml. The contents of this directory are usually populated by bundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.

Reference

Table of Contents

Classes

• simp_grub: Manage common GRUB attributes

Classes

simp_grub

Advanced configuration will need to use the augeasproviders_grub components directly.

Parameters

The following parameters are available in the simp_grub class:

• password
• admin
• purge_unmanaged_users
• report_unmanaged_users
• hash_rounds

password

Data type: String[1]

The GRUB administrative password, if not in the hashed form, will be converted for you.

• GRUB2
  • If a password is in PBKDF2 form, then it is assumed to be encrypted.
• Legacy GRUB
  • If a password starts with '$1$', '$5$', or '$6$' then it is assumed to be encrypted.

admin

Data type: Optional[String[1]]

The administrative username GRUB 2 systems.

Default value: undef

purge_unmanaged_users

Data type: Optional[Boolean]

Remove users from GRUB 2 systems that are not managed by Puppet.

Default value: undef

report_unmanaged_users

Data type: Optional[Boolean]

Report on any unmanaged users on GRUB 2 systems.

Default value: undef

hash_rounds

Data type: Optional[Integer[10]]

The rounds to use when hashing the password for GRUB 2 systems.

Default value: undef

• Mon Oct 23 2023 Steven Pritchard steve@sicura.us - 0.7.0

• [puppetsync] Add EL9 support

• Fri Oct 06 2023 Steven Pritchard steve@sicura.us - 0.6.0

• [puppetsync] Updates for Puppet 8
  • These updates may include the following:
    • Update Gemfile
    • Add support for Puppet 8
    • Drop support for Puppet 6
    • Update module dependencies

• Thu Sep 14 2023 Mike Riddle mike@sicura.us - 0.5.1

• Increased the upper bound on the version of the augeasproviders_grub dependency in metadata.json

• Wed Aug 23 2023 Steven Pritchard steve@sicura.us - 0.5.0

• Add AlmaLinux 8 support

• Mon Jun 12 2023 Chris Tessmer chris.tessmer@onyxpoint.com - 0.4.0

• Add RockyLinux 8 support

• Wed Jul 14 2021 Trevor Vaughan tvaughan@onyxpoint.com - 0.3.1

• Updated documentation to better reflect GRUB2

• Thu Jun 17 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 0.3.0

• Removed support for Puppet 5
• Ensured support for Puppet 7 in requirements and stdlib

• Sat Dec 19 2020 Chris Tessmer chris.tessmer@onyxpoint.com - 0.2.2

• Removed EL6 support

• Thu Jul 23 2020 Jeanne Greulich jeanne.greulich@onyxpoint.com - 0.2.1-0

• update the upper bound of simplib for SIMP 6.5 release

• Mon Mar 30 2020 Trevor Vaughan tvaughan@onyxpoint.com - 0.2.0-0

• Add EL8 support

• Wed Jul 03 2019 Trevor Vaughan tvaughan@onyxpoint.com - 0.1.1-0

• Update README.md

• Mon Apr 22 2019 Trevor Vaughan tvaughan@onyxpoint.com - 0.1.0-0

• Initial module creation