projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Always enable page table isolation on stretch/amd64
[mirror/dsa-puppet.git]
/
modules
/
grub
/
manifests
/
init.pp
diff --git
a/modules/grub/manifests/init.pp
b/modules/grub/manifests/init.pp
index
a325797
..
51f3f87
100644
(file)
--- a/
modules/grub/manifests/init.pp
+++ b/
modules/grub/manifests/init.pp
@@
-29,7
+29,9
@@
class grub {
# hp-health requires nopat on linux 4.9
$grub_do_nopat = ($::systemproductname and $::systemproductname =~ /^ProLiant/ and versioncmp($::kernelversion, '4.9') >= 0)
# hp-health requires nopat on linux 4.9
$grub_do_nopat = ($::systemproductname and $::systemproductname =~ /^ProLiant/ and versioncmp($::kernelversion, '4.9') >= 0)
- $grub_do_extra = $::hostname in [fasolo]
+ $grub_do_pti_on = ($::debarchitecture == 'amd64' and versioncmp($::lsbmajdistrelease, '9') >= 0)
+
+ $grub_do_extra = $::hostname in [fasolo,grnet-node01,grnet-node02]
file { '/etc/default/grub':
# restore to default
file { '/etc/default/grub':
# restore to default
@@
-75,6
+77,12
@@
class grub {
content => template('grub/puppet-kernel-extra.cfg.erb'),
notify => Exec['update-grub']
}
content => template('grub/puppet-kernel-extra.cfg.erb'),
notify => Exec['update-grub']
}
+
+ file { '/etc/default/grub.d/puppet-kernel-pti-on.cfg':
+ ensure => $grub_do_pti_on ? { true => 'present', default => 'absent' },
+ content => template('grub/puppet-kernel-pti-on.cfg.erb'),
+ notify => Exec['update-grub']
+ }
}
exec { 'update-grub':
}
exec { 'update-grub':