diff --git a/CHANGELOG b/CHANGELOG index 4954afdb..a2eb97b5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +* Tue Jul 09 2024 Mike Riddle - 4.22.0 +- Added ability for users to switch between '/bin/true' and '/bin/false' when disabling kernel modules via the kmod_blacklist class + * Tue Jul 02 2024 Steven Pritchard - 4.21.0 - Clean up use of legacy facts to better support Puppet 8 diff --git a/REFERENCE.md b/REFERENCE.md index 76da8406..a79bca57 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -714,6 +714,7 @@ The following parameters are available in the `simp::kmod_blacklist` class: * [`enable_defaults`](#-simp--kmod_blacklist--enable_defaults) * [`blacklist`](#-simp--kmod_blacklist--blacklist) +* [`produce_error`](#-simp--kmod_blacklist--produce_error) * [`custom_blacklist`](#-simp--kmod_blacklist--custom_blacklist) * [`allow_overrides`](#-simp--kmod_blacklist--allow_overrides) * [`lock_modules`](#-simp--kmod_blacklist--lock_modules) @@ -758,6 +759,16 @@ Default value: ] ``` +##### `produce_error` + +Data type: `Boolean` + +If set to true, any disabled modules will point to '/bin/false', which will +produce an error when anyone attempts to load the module. Default is false, +which will point to '/bin/true', which will not produce any error. + +Default value: `false` + ##### `custom_blacklist` Data type: `Array[String]` diff --git a/manifests/kmod_blacklist.pp b/manifests/kmod_blacklist.pp index 1371a635..2fc84876 100644 --- a/manifests/kmod_blacklist.pp +++ b/manifests/kmod_blacklist.pp @@ -8,6 +8,11 @@ # @param blacklist # List of kernel modules to be blacklisted by default # +# @param produce_error +# If set to true, any disabled modules will point to '/bin/false', which will +# produce an error when anyone attempts to load the module. Default is false, +# which will point to '/bin/true', which will not produce any error. +# # @param custom_blacklist # Additional kernel modules to be blacklisted # @@ -50,6 +55,7 @@ 'usb-storage' ], Array[String] $custom_blacklist = [], + Boolean $produce_error = false, Boolean $allow_overrides = true, Boolean $lock_modules = false, Boolean $notify_if_reboot_required = true @@ -80,7 +86,12 @@ $_obsolete_disable_file = '/etc/modprobe.d/zz_simp_disable.conf' } - $_disable_file_content = join($_blacklist.map |$mod| { "install ${mod} /bin/true" }, "\n") + $_produce_error = $produce_error ? { + true => '/bin/false', + false => '/bin/true', + } + + $_disable_file_content = join($_blacklist.map |$mod| { "install ${mod} ${_produce_error}" }, "\n") file { $_disable_file: ensure => file, diff --git a/metadata.json b/metadata.json index 08a959f2..c805a5c9 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "simp-simp", - "version": "4.21.0", + "version": "4.22.0", "author": "SIMP Team", "summary": "default profiles for core SIMP installations", "license": "Apache-2.0", diff --git a/spec/classes/00_classes/kmod_blacklist_spec.rb b/spec/classes/00_classes/kmod_blacklist_spec.rb index dca6cc8c..8fb662a8 100644 --- a/spec/classes/00_classes/kmod_blacklist_spec.rb +++ b/spec/classes/00_classes/kmod_blacklist_spec.rb @@ -183,6 +183,16 @@ end + context 'when producing an error on module load' do + let(:params){{ + :produce_error => true + }} + + it 'should blacklist all the default kmods and point to /bin/false' do + is_expected.to create_file("/etc/modprobe.d/zz_simp_disable.conf").with_content(stock_blacklist.map{|x| x = "install #{x} /bin/false" }.join("\n") + "\n") + end + end + end end end