Grub2-mkconfig options getting lost in Packer environment

Packer
1

Running packer 1.6.0 in AWS Codebuild environment generating RHEL 8 and CentOS 8 AMIs. Issues is reproducable in both environments.
This is my script:

CISOPS=“audit_backlog_limit=8192 audit=1 ipv6.disable=1”

KERNEL=grub2-editenv - list | grep kernelopts
echo “Kernel ops were: ${KERNEL}”

echo “adding $CISOPS”
KERNEL="$KERNEL $CISOPS"

grub2-editenv - set “”"(grub2-editenv - list | grep kernelopts) {CISOPS}"""

KERNEL=grub2-editenv - list | grep kernelopts
echo “Kernel ops now: ${KERNEL}”

grub2-mkconfig -o /boot/grub2/grub.cfg

KERNEL=grub2-editenv - list | grep kernelopts
echo “Kernel ops now: ${KERNEL}”

Here is the output of the script when run under RHEL /CentOS 8 under Packer 1.6.0:

amazon-ebs: Kernel ops were: kernelopts=root=UUID=d406c053-627a-4b16-8dd9-92f829fc47cf ro console=ttyS0,115200n8 no_timer_check net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10 crashkernel=auto

amazon-ebs: adding audit_backlog_limit=8192 audit=1 ipv6.disable=1

amazon-ebs: Kernel ops now: kernelopts=root=UUID=d406c053-627a-4b16-8dd9-92f829fc47cf ro console=ttyS0,115200n8 no_timer_check net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10 crashkernel=auto audit_backlog_limit=8192 audit=1 ipv6.disable=1
*** grub2-mkconfig output ***
amazon-ebs: Generating grub configuration file …
amazon-ebs: Adding boot menu entry for EFI firmware configuration
amazon-ebs: done
*** grub2-mkconfig output end ***
amazon-ebs: Kernel ops now: kernelopts=root=UUID=d406c053-627a-4b16-8dd9-92f829fc47cf ro console=ttyS0,115200n8 no_timer_check net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10 crashkernel=auto

As you can see, the audit_backlog_limit=8192 audit=1 ipv6.disable=1 options where mysteriously dropped. In addition, the output of grub2-mkconfig is signficantly different under Packer than it is when running under a booted OS.

Here is the script running under a booted RHEL 8 system. I’ve editted the output for brevity to just show the grub2-mkconfig output:

Generating grub configuration file …
Found linux image: /boot/vmlinuz-4.18.0-193.6.3.el8_2.x86_64
Found initrd image: /boot/initramfs-4.18.0-193.6.3.el8_2.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-7c60926571fb4f7391429ade1f91a56b
Found initrd image: /boot/initramfs-0-rescue-7c60926571fb4f7391429ade1f91a56b.img
done

Kernel ops now: kernelopts=root=UUID=b437cbaa-8fe5-49e4-8537-0895c219037a ro console=ttyS0,115200n8 no_timer_check net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10 crashkernel=auto fips=1 audit_backlog_limit=8192 audit=1 ipv6.disable=1

As you can see, the output is significantly different, and the options do not disappear. I’m not sure if this is a Packer issue, or a grub2-mkconfig issue.