Kickstart Installations
What are Kickstart Installations?
Kickstart installations offer a means to automate the installation process, either partially or fully. Kickstart files contain answers to all questions normally asked by the installation program, such as what time zone you want the system to use, how the drives should be partitioned, or which packages should be installed. Providing a prepared Kickstart file when the installation begins therefore allows you to perform the installation automatically, without need for any intervention from the user. This is especially useful when deploying CentOS on a large number of systems at once.
Kickstart files can be kept on a single server system and read by individual computers during the installation. This installation method can support the use of a single Kickstart file to install CentOS on multiple machines, making it ideal for network and system administrators.
All Kickstart scripts and the log files of their execution are stored in the /tmp
directory to assist with debugging installation failures.
In previous versions of CentOS, Kickstart allowed for upgrading the system as well. In CentOS 7.x, this functionality has been removed. |
How Do You Perform a Kickstart Installation?
Kickstart installations can be performed using a local DVD, a local hard drive, NFS, FTP, HTTP, or HTTPS.
To use Kickstart, you must:
-
Create a Kickstart file.
-
Make the Kickstart file available on removable media, a hard drive or a network location.
-
Create boot media, which will be used to begin the installation.
-
Make the installation source available.
-
Start the Kickstart installation.
This chapter explains these steps in detail.
Creating a Kickstart File
The Kickstart file itself is a plain text file, containing keywords listed in Kickstart Syntax Reference, which serve as directions for the installation. Any text editor able to save files as ASCII text, such as Gedit or vim on Linux systems or Notepad on Windows systems, can be used to create and edit Kickstart files. The file name of your Kickstart configuration does not matter; however, it is recommended to use a simple name as you will need to specify this name later in other configuration files or dialogs.
The recommended approach to creating Kickstart files is to perform a manual installation on one system first. After the installation completes, all choices made during the installation are saved into a file named anaconda-ks.cfg
, located in the /root/
directory on the installed system. You can then copy this file, make any changes you need, and use the resulting configuration file in further installations.
If you have a Red Hat Customer Portal account, you can use the Kickstart Configuration Tool available at https://access.redhat.com/labs/kickstartconfig/ in the Customer Portal Labs. This tool will walk you through basic configuration and allows you to download the resulting Kickstart file. Kickstart Configurator, the graphical tool for creating Kickstart files, is still available. However, it is no longer being updated and it does not reflect changes in Kickstart syntax between CentOS 6 and 7. |
When creating a Kickstart file, keep in mind the following:
-
Sections must be specified in order. Items within the sections do not have to be in a specific order unless otherwise specified. The section order is:
-
Command section - See Kickstart Commands and Options for a list of Kickstart options. You must include the required options.
Add-ons for Anaconda which expand the functionality of the installer can also be used in the command section by using the
%addon addon_name
command. See Kickstart Add-ons for details. -
The
%packages
section - See Package Selection for details. -
The
%pre
and%post
sections, and the%onerror
section - these sections can be in any order and are not required. See Pre-installation Script, Post-installation Script and Kickstart Error Handling for details.Sections
%addon
,%packages
,%onerror
,%pre
and%post
must end with%end
, otherwise the installation program will refuse the Kickstart file.
-
-
Items that are not required can be omitted.
-
Omitting any required item results in the installation program prompting the user for an answer to the related item, just as the user would be prompted during a typical installation. Once the answer is given, the installation continues unattended (unless it finds another missing item).
-
Lines starting with a pound (also known as number) sign (
#
) are treated as comments and are ignored.
Verifying the Kickstart File
When creating or customizing your Kickstart file, it is useful to verify that it is valid before attempting to use it in an installation. CentOS 7 includes the ksvalidator command line utility which can be used to do this. This tool is a part of the pykickstart package. To install this package, execute the following command as root
:
#
yum install pykickstart
After installing the package, you can validate a Kickstart file using the following command:
$
ksvalidator /path/to/kickstart.ks
Replace /path/to/kickstart.ks with the path to the Kickstart file you want to verify.
For more information about this tool, see the ksvalidator(1)
man page.
Keep in mind that the validation tool has its limitations. The Kickstart file can be very complicated; ksvalidator can make sure the syntax is correct and that the file does not include deprecated options, but it cannot guarantee the installation will be successful. It also does not attempt to validate the |
Changes in Kickstart Syntax
While the general principles of Kickstart installations tend to stay the same, the commands and options can change between major releases of CentOS. You can use the ksverdiff
command to display the differences between two versions of the Kickstart syntax. This is useful when updating an existing Kickstart file to be used with a new release. To display a list of changes in syntax between CentOS 6 and 7, use the following command:
$
ksverdiff -f RHEL6 -t RHEL7
The -f
option specifies the release to start the comparison with, and the -t
option to specify the release to end with. For additional information, see the ksverdiff(1)
man page.
Making the Kickstart File Available
A Kickstart file must be placed in one of the following locations:
-
On removable media, such as a DVD or USB flash drive
-
On a hard drive connected to the installation system
-
On a network share reachable from the installation system
Normally, a Kickstart file is copied to removable media or a hard drive, or made available on the network. Placing the file in a network location complements the usual approach to Kickstart installations, which is also network-based: the system is booted using a PXE server, the Kickstart file is downloaded from a network share, and software packages specified in the file are downloaded from remote repositories.
Making the Kickstart file available and reachable from the installation system is exactly the same as making the installation source available, only with the Kickstart file instead of the installation ISO image or tree. For full procedures, see Preparing Installation Sources.
Making the Installation Source Available
The Kickstart installation must access an installation source in order to install the packages needed by your system. The source can be either the full CentOS installation DVD ISO image, or an installation tree. An installation tree is a copy of the binary CentOS DVD with the same directory structure.
If you are performing a DVD-based installation, insert the CentOS installation DVD into the computer before starting the Kickstart installation. See Installation Source on a DVD for information about using a CentOS DVD as the installation source.
If you are performing a hard drive installation (using either a hard drive or an USB flash drive), make sure the ISO images of the binary CentOS DVD are on a hard drive in the computer. See Installation Source on a Hard Drive for details about using a hard drive as the installation source.
If you are performing a network-based (NFS, FTP or HTTP) installation, you must make the installation tree or the binary DVD ISO image (depending on the protocol used) available over the network. See Installation Source on a Network for details.
Starting the Kickstart Installation
To load your Kickstart file automatically without having to specify the |
To start a Kickstart installation, use the boot option inst.ks=location
when booting the installation system, replacing location with the location of your Kickstart file. The exact way to specify the boot option depends on your system’s architecture - see Boot Options for details.
64-bit AMD, Intel and ARM systems and IBM Power Systems servers have the ability to boot using a PXE server. When you configure the PXE server, you can add the boot option into the boot loader configuration file, which in turn allows you to start the installation automatically. Using this approach, it is possible to automate the installation completely, including the boot process. For information about setting up a PXE server, see Preparing for a Network Installation.
Procedures in this section assume that you already have a Kickstart file ready in a location accessible from the installation system, as well as boot media or a PXE server which can be used to boot the system and begin the installation. The procedures are intended as a general reference; some steps differ based on your system’s architecture, and not all options are available on all architectures.
Starting the Kickstart Installation Manually
This section explains how to start a Kickstart installation manually, which means some user interaction (adding boot options at the boot:
prompt) will be required.
-
Boot the system using either local media (a CD, DVD, or a USB flash drive). For architecture-specific instructions, see:
-
Booting the Installation on 64-bit AMD, Intel, and ARM systems for 64-bit AMD, Intel, and ARM systems
-
Booting the Installation on IBM Power Systems for IBM Power Systems servers
-
-
At the boot prompt, specify the
inst.ks=
boot option and the location of the Kickstart file. If the Kickstart file is in a network location, you must also configure the network using theip=
option. In some cases, theinst.repo=
option is also necessary in order to access a software source from which necessary packages will be installed.For details about boot options and valid syntax, see Boot Options.
-
Start the installation by confirming your added boot options.
The installation begins now, using the options specified in the Kickstart file. If the Kickstart file is valid and contains all required commands, the installation is completely automated from this point forward.
Starting the Kickstart Installation Automatically
The following procedure explains how to completely automate the Kickstart installation, using a network boot (PXE) server and a properly configured boot loader. If you follow this procedure, you only need to turn on the system; no other interaction will be required from that moment until the installation finishes.
-
Open the boot loader configuration file on your PXE server, and add the
inst.ks=
boot option to the appropriate line. The name of the file and its syntax depends on your system’s architecture and hardware:-
On AMD64 and Intel 64 systems with BIOS, the file name can be either
default
or based on your system’s IP address. In this case, add theinst.ks=
option to theappend
line in the installation entry. A sampleappend
line in the configuration file looks similar to the following:append initrd=initrd.img inst.ks=http://10.32.5.1/mnt/archive/CentOS/7/Server/x86_64/kickstarts/ks.cfg
-
On systems using the GRUB2 boot loader (64-bit AMD, Intel, and ARM systems with UEFI firmware and IBM Power Systems servers), the file name will be
grub.cfg
. In this file, append theinst.ks=
option to thekernel
line in the installation entry. A samplekernel
line in the configuration file will look similar to the following:kernel vmlinuz inst.ks=http://10.32.5.1/mnt/archive/CentOS/7/Server/x86_64/kickstarts/ks.cfg
-
-
Boot the installation from the network server. For architecture-specific instructions, see:
-
Booting from the Network Using PXE (x86) for 64-bit AMD, Intel, and ARM systems
-
Booting from the Network Using PXE (ppc) for IBM Power Systems servers
-
The installation begins now, using the installation options specified in the Kickstart file. If the Kickstart file is valid and contains all required commands, the installation is completely automated.
Kickstart Syntax Reference
Kickstart Commands and Options
If an option is followed by an equals mark ( |
auth
orauthconfig
(optional)-
Sets up the authentication options for the system using the
authconfig
command, which can also be run on the command line after the installation finishes. See theauthconfig(8)
manual page and theauthconfig --help
command for more details. Passwords are shadowed by default.When using OpenLDAP with the
SSL
protocol for security, make sure that theSSLv2
andSSLv3
protocols are disabled in the server configuration. This is due to the POODLE SSL vulnerability (CVE-2014-3566). See https://access.redhat.com/solutions/1234843 for details.-
--enablenis
- Turns on NIS support. By default,--enablenis
uses whatever domain it finds on the network. A domain should almost always be set by hand with the--nisdomain=
option. -
--nisdomain=
- NIS domain name to use for NIS services. -
--nisserver=
- Server to use for NIS services (broadcasts by default). -
--useshadow
or--enableshadow
- Use shadow passwords. -
--enableldap
- Turns on LDAP support in/etc/nsswitch.conf
, allowing your system to retrieve information about users (for example, their UIDs, home directories, and shells) from an LDAP directory. To use this option, you must install the nss-pam-ldapd package. You must also specify a server and a base DN (distinguished name) with--ldapserver=
and--ldapbasedn=
. -
--enableldapauth
- Use LDAP as an authentication method. This enables thepam_ldap
module for authentication and changing passwords, using an LDAP directory. To use this option, you must have the nss-pam-ldapd package installed. You must also specify a server and a base DN with--ldapserver=
and--ldapbasedn=
. If your environment does not use TLS (Transport Layer Security), use the--disableldaptls
switch to ensure that the resulting configuration file works. -
--ldapserver=
- If you specified either--enableldap
or--enableldapauth
, use this option to specify the name of the LDAP server to use. This option is set in the/etc/ldap.conf
file. -
--ldapbasedn=
- If you specified either--enableldap
or--enableldapauth
, use this option to specify the DN in your LDAP directory tree under which user information is stored. This option is set in the/etc/ldap.conf
file. -
--enableldaptls
- Use TLS (Transport Layer Security) lookups. This option allows LDAP to send encrypted user names and passwords to an LDAP server before authentication. -
--disableldaptls
- Do not use TLS (Transport Layer Security) lookups in an environment that uses LDAP for authentication. -
--enablekrb5
- Use Kerberos 5 for authenticating users. Kerberos itself does not know about home directories, UIDs, or shells. If you enable Kerberos, you must make users' accounts known to this workstation by enabling LDAP, NIS, or Hesiod or by using theuseradd
command. If you use this option, you must have the pam_krb5 package installed. -
--krb5realm=
- The Kerberos 5 realm to which your workstation belongs. -
--krb5kdc=
- The KDC (or KDCs) that serve requests for the realm. If you have multiple KDCs in your realm, use a comma-separated list without spaces. -
--krb5adminserver=
- The KDC in your realm that is also running kadmind. This server handles password changing and other administrative requests. This server must be run on the master KDC if you have more than one KDC. -
--enablehesiod
- Enables Hesiod support for looking up user home directories, UIDs, and shells. More information on setting up and using Hesiod on your network is in/usr/share/doc/glibc-2.x.x/README.hesiod
, which is included in the glibc package. Hesiod is an extension of DNS that uses DNS records to store information about users, groups, and various other items. -
--hesiodlhs
and--hesiodrhs
- TheHesiod
LHS (left-hand side) and RHS (right-hand side) values, set in/etc/hesiod.conf
. TheHesiod
library uses these values to search DNS for a name, similar to the way thatLDAP
uses a base DN.To look up user information for the user name
jim
, the Hesiod library looks upjim.passwdLHSRHS
, which should resolve to a TXT record that contains a string identical to an entry for that user in thepasswd
file:jim:*:1001:1001:Jungle Jim:/home/jim:/bin/bash
. To look up groups, the Hesiod library looks upjim.groupLHSRHS
instead.To look up users and groups by number, make
1001.uid
a CNAME forjim.passwd
, and1001.gid
a CNAME forjim.group
. Note that the library does not place a period (.
) in front of the LHS and RHS values when performing a search. Therefore, if the LHS and RHS values need to have a period placed in front of them, you must include the period in the values you set for--hesiodlhs
and--hesiodrhs
. -
--enablesmbauth
- Enables authentication of users against an SMB server (typically a Samba or Windows server). SMB authentication support does not know about home directories, UIDs, or shells. If you enable SMB, you must make users' accounts known to theworkstation by enabling LDAP, NIS, or Hesiod or by using theuseradd
command. -
--smbservers=
- The name of the servers to use for SMB authentication. To specify more than one server, separate the names with commas (,
). -
--smbworkgroup=
- The name of the workgroup for the SMB servers. -
--enablecache
- Enables thenscd
service. Thenscd
service caches information about users, groups, and various other types of information. Caching is especially helpful if you choose to distribute information about users and groups over your network usingNIS
,LDAP
, orHesiod
. -
--passalgo=
- Specifysha256
to set up the SHA-256 hashing algorithm orsha512
to set up the SHA-512 hashing algorithm.
-
autopart
(optional)-
Automatically creates partitions: a root (
/
) partition (1 GB or larger), aswap
partition, and an appropriate/boot
partition for the architecture. On large enough drives (50 GB and larger), this also creates a/home
partition.The
autopart
option cannot be used together with thepart/partition
,raid
,logvol
, orvolgroup
options in the same Kickstart file.-
--type=
- Selects one of the predefined automatic partitioning schemes you want to use. Accepts the following values:-
lvm
: The LVM partitioning scheme. -
btrfs
: The Btrfs partitioning scheme. -
plain
: Regular partitions with no LVM or Btrfs. -
thinp
: The LVM Thin Provisioning partitioning scheme.For a description of the available partition schemes, see File System Types (x86).
-
-
--fstype=
- Selects one of the available file system types. The available values areext2
,ext3
,ext4
,xfs
, andvfat
. The default file system isxfs
. For information about these file systems, see File System Types (x86). -
--nohome
- Disables automatic creation of the/home
partition. -
--nolvm
- Do not use LVM or Btrfs for automatic partitioning. This option is equal to--type=plain
. -
--encrypted
- Encrypts all partitions. This is equivalent to checking theEncrypt partitions
check box on the initial partitioning screen during a manual graphical installation.When encrypting one or more partitions, Anaconda attempts to gather 256 bits of entropy to ensure the partitions are encrypted securely. Gathering entropy can take some time - the process will stop after a maximum of 10 minutes, regardless of whether sufficient entropy has been gathered.
The process can be sped up by interacting with the installation system (typing on the keyboard or moving the mouse). If you are installing in a virtual machine, you can also attach a virtio-rng device (a virtual random number generator) to the guest as described in the Red Hat Enterprise Linux 7 Virtualization Deployment and Administration Guide.
-
--passphrase=
- Provides a default system-wide passphrase for all encrypted devices. -
--escrowcert=URL_of_X.509_certificate
- Stores data encryption keys of all encrypted volumes as files in/root
, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if--encrypted
is specified. -
--backuppassphrase
- Adds a randomly-generated passphrase to each encrypted volume. Store these passphrases in separate files in/root
, encrypted using the X.509 certificate specified with--escrowcert
. This option is only meaningful if--escrowcert
is specified. -
--cipher=
- Specifies the type of encryption to use if the Anaconda defaultaes-xts-plain64
is not satisfactory. You must use this option together with the--encrypted
option; by itself it has no effect. Available types of encryption are listed in the Red Hat Enterprise Linux 7 Security Guide, but CentOS strongly recommends using eitheraes-xts-plain64
oraes-cbc-essiv:sha256
.It is recommended to use the
autopart --nohome
Kickstart option when installing on a single FBA DASD of the CMS type. This ensures that the installer does not create a separate/home
partition. The installation then proceeds successfully.
-
autostep
(optional)-
Normally, Kickstart installations skip unnecessary screens. This option makes the installation program step through every screen, displaying each briefly. This option should not be used when deploying a system because it can disrupt package installation.
-
--autoscreenshot
- Take a screenshot at every step during installation. These screenshots are stored in/tmp/anaconda-screenshots/
during the installation, and after the installation finishes you can find them in/root/anaconda-screenshots
.Each screen is only captured right before the installer switches to the next one. This is important, because if you do not use all required Kickstart options and the installation therefore does not begin automatically, you can go to the screens which were not automatically configured, perform any configuration you want. Then, when you click
Done
to continue, the screen is captured including the configuration you just provided.
-
bootloader
(required)-
Specifies how the boot loader should be installed.
CentOS recommends setting up a boot loader password on every system. An unprotected boot loader can allow a potential attacker to modify the system’s boot options and gain unauthorized access to the system.
Device names in the
sdX
(or/dev/sdX
) format are not guaranteed to be consistent across reboots, which can complicate usage of some Kickstart commands. When a command calls for a device node name, you can instead use any item from/dev/disk
. For example, instead of:part / --fstype=xfs --onpart=sda1
You could use an entry similar to one of the following:
part / --fstype=xfs --onpart=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0-part1
part / --fstype=xfs --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1
This way the command will always target the same storage device. This is especially useful in large storage environments. See the chapter about persistent storage device naming in the Red Hat Enterprise Linux 7 Storage Administration Guide for more in-depth information about different ways to consistently refer to storage devices.
In some cases, a special partition is required to install the boot loader on 64-bit AMD, Intel, and ARM systems. The type and size of this partition depends on whether the disk you are installing the boot loader to uses the Master Boot Record (MBR) or a GUID Partition Table (GPT) schema. For more information, see Boot Loader Installation (x86).
-
--append=
- Specifies additional kernel parameters. To specify multiple parameters, separate them with spaces. For example:bootloader --location=mbr --append="hdd=ide-scsi ide=nodma"
The
rhgb
andquiet
parameters are always used, even if you do not specify them here or do not use the--append=
command at all.This option is useful for disabling mechanisms which were implemented to mitigate the Meltdown and Spectre speculative execution vulnerabilities found in most modern processors (CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715). In some cases, these mechanisms may be unnecessary, and keeping them enabled causes decreased performance with no improvement in security. To disable these mechanisms, add the options to do so into your Kickstart file - for example,
bootloader --append="nopti noibrs noibpb"
on AMD64/Intel 64 systems.Ensure your system is not at risk of attack before disabling any of the vulnerability mitigation mechanisms. See the Red Hat vulnerability response article for information about the Meltdown and Spectre vulnerabilities.
-
--boot-drive=
- Specifies which drive the boot loader should be written to, and therefore which drive the computer will boot from. If you use a multipath device as the boot drive, specify the device using itsdisk/by-id/dm-uuid-mpath-WWID
name. -
--leavebootorder
- The installer will add CentOS 7 to the top of the list of installed systems in the boot loader, and preserve all existing entries as well as their order. -
--driveorder=
- Specifies which drive is first in the BIOS boot order. For example:bootloader --driveorder=sda,hda
-
--location=
- Specifies where the boot record is written. Valid values are the following:-
mbr
- The default option. Depends on whether the drive uses the Master Boot Record (MBR) or GUID Partition Table (GPT) scheme:-
On a GPT-formatted disk, this option installs stage 1.5 of the boot loader into the BIOS boot partition.
-
On an MBR-formatted disk, stage 1.5 is installed into the empty space between the MBR and the first partition.
-
-
partition
- Install the boot loader on the first sector of the partition containing the kernel. -
none
- Do not install the boot loader.In most cases, this option does not need to be specified.
-
-
--password=
- If using GRUB2, sets the boot loader password to the one specified with this option. This should be used to restrict access to the GRUB2 shell, where arbitrary kernel options can be passed.If a password is specified, GRUB2 also asks for a user name. The user name is always
root
. -
--iscrypted
- Normally, when you specify a boot loader password using the--password=
option, it is stored in the Kickstart file in plain text. If you want to encrypt the password, use this option and an encrypted password.To generate an encrypted password, use the
grub2-mkpasswd-pbkdf2
command, enter the password you want to use, and copy the command’s output (the hash starting withgrub.pbkdf2
) into the Kickstart file. An examplebootloader
Kickstart entry with an encrypted password looks similar to the following:bootloader --iscrypted --password=grub.pbkdf2.sha512.10000.5520C6C9832F3AC3D149AC0B24BE69E2D4FB0DBEEDBD29CA1D30A044DE2645C4C7A291E585D4DC43F8A4D82479F8B95CA4BA4381F8550510B75E8E0BB2938990.C688B6F0EF935701FF9BD1A8EC7FE5BD2333799C98F28420C5CC8F1A2A233DE22C83705BB614EA17F3FDFDF4AC2161CEA3384E56EB38A2E39102F5334C47405E
-
--timeout=
- Specifies the amount of time the boot loader waits before booting the default option (in seconds). -
--default=
- Sets the default boot image in the boot loader configuration. -
--extlinux
- Use the extlinux boot loader instead of GRUB2. This option only works on systems supported by extlinux. -
--disabled
— This option is a stronger version of--location=none
. While--location=none
simply disables boot loader installation,--disabled
disables boot loader installation and also disables installation of the package containing the boot loader, thus saving space.
-
btrfs
(optional)-
Create a Btrfs volume or subvolume. For a volume, the syntax is:
btrfs mntpoint --data=level --metadata=level --label=label partitions
One or more partitions can be specified in partitions. When specifying more than one partitions, the entries must be separated by a single space. See Creating Btrfs Volumes and Subvolumes for a demonstration.
For a subvolume, the syntax is:
btrfs mntpoint --subvol --name=path parent
parent should be the identifier of the subvolume’s parent volume and mntpoint is the location where the file system is mounted.
-
--data=
- RAID level to use for file system data (such as 0, 1, or 10). This parameter is optional, has no meaning for subvolumes, and requires more than one physical disk. -
--metadata=
- RAID level to use for file system/volume metadata (such as0
,1
, or10
). Optional. This option has no meaning for subvolumes and requires more than one physical disk. -
--label=
- Specify a label for the Btrfs file system. If the given label is already in use by another file system, a new label is created. This option has no meaning for subvolumes. -
--noformat
or--useexisting
- Use an existing Btrfs volume (or subvolume) and do not reformat the file system. -
--mkfsoptions=
- Specifies additional parameters to be passed to the program that makes a filesystem on this partition. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem.The following example shows how to create a Btrfs volume from member partitions on three disks with subvolumes for
/
and/home
. The main volume is not mounted or used directly in this example.Example 1. Creating Btrfs Volumes and Subvolumespart btrfs.01 --size=6000 --ondisk=sda
part btrfs.02 --size=6000 --ondisk=sdb
part btrfs.03 --size=6000 --ondisk=sdc
btrfs none --data=0 --metadata=1 --label=centos7 btrfs.01 btrfs.02 btrfs.03
btrfs / --subvol --name=root LABEL=centos7
btrfs /home --subvol --name=home centos7
-
clearpart
(optional)-
Removes partitions from the system, prior to creation of new partitions. By default, no partitions are removed.
Device names in the
sdX
(or/dev/sdX
) format are not guaranteed to be consistent across reboots, which can complicate usage of some Kickstart commands. When a command calls for a device node name, you can instead use any item from/dev/disk
. For example, instead of:part / --fstype=xfs --onpart=sda1
You could use an entry similar to one of the following:
part / --fstype=xfs --onpart=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0-part1
part / --fstype=xfs --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1
This way the command will always target the same storage device. This is especially useful in large storage environments. See the chapter about persistent storage device naming in the Red Hat Enterprise Linux 7 Storage Administration Guide for more in-depth information about different ways to consistently refer to storage devices.
If the
clearpart
command is used, then thepart --onpart
command cannot be used on a logical partition.For a detailed example of partitioning including the
clearpart
command, see Advanced Partitioning Example.-
--all
- Erases all partitions from the system.This option will erase all disks which can be reached by the installer, including any attached network storage. Use this option with caution.
You can prevent
clearpart
from wiping storage you want to preserve by using the--drives=
option and specifying only the drives you want to clear, by attaching network storage later (for example, in the%post
section of the Kickstart file), or by blacklisting the kernel modules used to access network storage. -
--drives=
- Specifies which drives to clear partitions from. For example, the following clears all the partitions on the first two drives on the primary IDE controller:clearpart --drives=hda,hdb --all
To clear a multipath device, use the format
disk/by-id/scsi-WWID
, where WWID is the world-wide identifier for the device. For example, to clear a disk with WWID58095BEC5510947BE8C0360F604351918
, use:clearpart --drives=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
This format is preferable for all multipath devices, but if errors arise, multipath devices that do not use logical volume management (LVM) can also be cleared using the format
disk/by-id/dm-uuid-mpath-WWID
, where WWID is the world-wide identifier for the device. For example, to clear a disk with WWID2416CD96995134CA5D787F00A5AA11017
, use:clearpart --drives=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
Never specify multipath devices by device names like
mpatha
. Device names such as this are not specific to a particular disk. The disk named/dev/mpatha
during installation might not be the one that you expect it to be. Therefore, theclearpart
command could target the wrong disk. -
--initlabel
- Initializes a disk (or disks) by creating a default disk label for all disks in their respective architecture that have been designated for formatting (for example, msdos for x86). Because--initlabel
can see all disks, it is important to ensure only those drives that are to be formatted are connected.clearpart --initlabel --drives=names_of_disks
For example:
clearpart --initlabel --drives=dasda,dasdb,dasdc
-
--list=
- Specifies which partitions to clear. This option overrides the--all
and--linux
options if used. Can be used across different drives. For example:clearpart --list=sda2,sda3,sdb1
-
--linux
- Erases all Linux partitions. -
--none
(default) - Do not remove any partitions.Using the
clearpart --all
command in a Kickstart file to remove all existing partitions during the installation can cause Anaconda to pause and prompt you for a confirmation in certain cases. If you need to perform the installation automatically with no interaction, add thezerombr
command to your Kickstart file.
-
cmdline
(optional)-
Perform the installation in a completely non-interactive command line mode. Any prompt for interaction halts the installation.
For a fully automatic installation, you must either specify one of the available modes (
graphical
,text
, orcmdline
) in the Kickstart file, or you must use theconsole=
boot option as described in Console, Environment and Display Options. If no mode is specified, the system will prompt you to choose one before continuing. device
(optional)-
On most PCI systems, the installation program automatically detects Ethernet and SCSI cards. However, on older systems and some PCI systems, Kickstart requires a hint to find the proper devices. The
device
command, which tells the installation program to install extra modules, uses the following format:device moduleName --opts=options
-
moduleName - Replace with the name of the kernel module which should be installed.
-
--opts=
- Options to pass to the kernel module. For example:device --opts="aic152x=0x340 io=11"
-
driverdisk
(optional)-
Driver disks can be used during Kickstart installations to provide additional drivers not included by default. You must copy the driver disks’s contents to the root directory of a partition on the system’s hard drive. Then, you must use the
driverdisk
command to specify that the installation program should look for a driver disk and its location.driverdisk [partition|--source=url|--biospart=biospart]
Alternatively, a network location can be specified for the driver disk:
driverdisk --source=ftp://path/to/dd.img
driverdisk --source=http://path/to/dd.img
driverdisk --source=nfs:host:/path/to/img
-
partition - Partition containing the driver disk. Note that the partition must be specified as a full path (for example,
/dev/sdb1
), not just the partition name (for example,sdb1
). -
--source=
- URL for the driver disk. NFS locations can be given in the form ofnfs:host:/path/to/img
. -
--biospart=
- BIOS partition containing the driver disk (for example,82p2
).Driver disks can also be loaded from a hard disk drive or a similar device instead of being loaded over the network or from
initrd
. Follow this procedure:-
Load the driver disk on a hard disk drive, a USB or any similar device.
-
Set the label, for example, DD, to this device.
-
Add the following line to your Kickstart file:
driverdisk LABEL=DD:/e1000.rpm
Replace DD with a specific label and replace dd.rpm with a specific name. Use anything supported by the
inst.repo
command instead of LABEL to specify your hard disk drive.
-
-
eula
(optional)-
Use this option to accept the End User License Agreement (EULA) without user interaction. Specifying this option prevents Initial Setup from prompting you to accept the license agreement after you finish the installation and reboot the system for the first time. See Initial Setup for more information.
-
--agreed
(required) - Accept the EULA. This option must always be used, otherwise theeula
command is meaningless.
-
fcoe
(optional)-
Specify which FCoE devices should be activated automatically in addition to those discovered by Enhanced Disk Drive Services (EDD).
fcoe --nic=name [options]
-
--nic=
(required) - The name of the device to be activated. -
--dcb=
- Establish Data Center Bridging (DCB) settings. -
--autovlan
- Discover VLANs automatically.
-
firewall
(optional)-
Specify the firewall configuration for the installed system.
firewall --enabled|--disabled device [options]
-
--enabled
or--enable
- Reject incoming connections that are not in response to outbound requests, such as DNS replies or DHCP requests. If access to services running on this machine is needed, you can choose to allow specific services through the firewall. -
--remove-service
- Do not allow services through the firewall. -
--disabled
or--disable
- Do not configure any iptables rules. -
--trust=
- Listing a device here, such as em1, allows all traffic coming to and from that device to go through the firewall. To list more than one device, use--trust em1 --trust em2
. Do NOT use a comma-separated format such as--trust em1, em2
. -
incoming - Replace with one or more of the following to allow the specified services through the firewall.
-
--ssh
-
--smtp
-
--http
-
--ftp
-
-
--port=
- You can specify that ports be allowed through the firewall using the port:protocol format. For example, to allow IMAP access through your firewall, specifyimap:tcp
. Numeric ports can also be specified explicitly; for example, to allow UDP packets on port 1234 through, specify1234:udp
. To specify multiple ports, separate them by commas. -
--service=
- This option provides a higher-level way to allow services through the firewall. Some services (likecups
,avahi
, and so on.) require multiple ports to be open or other special configuration in order for the service to work. You can specify each individual port with the--port
option, or specify--service=
and open them all at once.Valid options are anything recognized by the firewall-offline-cmd program in the firewalld package. If
firewalld
is running,firewall-cmd --get-services
provides a list of known service names.
-
firstboot
(optional)-
Determine whether the Initial Setup application starts the first time the system is booted. If enabled, the initial-setup package must be installed. If not specified, this option is disabled by default.
-
--enable
or--enabled
- Initial Setup is started the first time the system boots. -
--disable
or--disabled
- Initial Setup is not started the first time the system boots. -
--reconfig
- Enable the Initial Setup to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone and networking configuration options in addition to the default ones.
-
group
(optional)-
Creates a new user group on the system. If a group with the given name or GID already exists, this command fails. In addition, the
user
command can be used to create a new group for the newly created user.group --name=name [--gid=gid]
-
--name=
- Provides the name of the group. -
--gid=
- The group’s GID. If not provided, defaults to the next available non-system GID.
-
graphical
(optional)-
Perform the installation in graphical mode. This is the default.
For a fully automatic installation, you must either specify one of the available modes (
graphical
,text
, orcmdline
) in the Kickstart file, or you must use theconsole=
boot option as described in Console, Environment and Display Options. If no mode is specified, the system will prompt you to choose one before continuing. halt
(optional)-
Halt the system after the installation has successfully completed. This is similar to a manual installation, where Anaconda displays a message and waits for the user to press a key before rebooting. During a Kickstart installation, if no completion method is specified, this option is used as the default.
The
halt
command is equivalent to theshutdown -h
command.For other completion methods, see the
poweroff
,reboot
, andshutdown
commands. ignoredisk
(optional)-
Causes the installation program to ignore the specified disks. This is useful if you use automatic partitioning and want to be sure that some disks are ignored. For example, without
ignoredisk
, attempting to deploy on a SAN-cluster the Kickstart would fail, as the installation program detects passive paths to the SAN that return no partition table.ignoredisk --drives=drive1,drive2,...
where driveN is one of
sda
,sdb
,…,hda
,… and so on.Device names in the
sdX
(or/dev/sdX
) format are not guaranteed to be consistent across reboots, which can complicate usage of some Kickstart commands. When a command calls for a device node name, you can instead use any item from/dev/disk
. For example, instead of:part / --fstype=xfs --onpart=sda1
You could use an entry similar to one of the following:
part / --fstype=xfs --onpart=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0-part1
part / --fstype=xfs --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1
This way the command will always target the same storage device. This is especially useful in large storage environments. See the chapter about persistent storage device naming in the Red Hat Enterprise Linux 7 Storage Administration Guide for more in-depth information about different ways to consistently refer to storage devices.
To ignore a multipath device that does not use logical volume management (LVM), use the format
disk/by-id/dm-uuid-mpath-WWID
, where WWID is the world-wide identifier for the device. For example, to ignore a disk with WWID2416CD96995134CA5D787F00A5AA11017
, use:ignoredisk --drives=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
Never specify multipath devices by device names like
mpatha
. Device names such as this are not specific to a particular disk. The disk named/dev/mpatha
during installation might not be the one that you expect it to be. Therefore, theclearpart
command could target the wrong disk.-
--only-use
- Specifies a list of disks for the installation program to use. All other disks are ignored. For example, to use disksda
during installation and ignore all other disks:ignoredisk --only-use=sda
To include a multipath device that does not use LVM:
ignoredisk --only-use=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
To include a multipath device that uses LVM:
ignoredisk --only-use=/dev/disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
bootloader --location=mbr
-
--interactive
- Allows you to manually navigate the advanced storage screen.
-
install
(optional)-
The default installation mode. You must specify the type of installation from
cdrom
,harddrive
,nfs
,liveimg
, orurl
(for FTP, HTTP, or HTTPS installations). Theinstall
command and the installation method command must be on separate lines. For example:install
liveimg --url=file:///images/install/squashfs.img --noverifyssl
-
cdrom
- Install from the first optical drive on the system. -
harddrive
- Install from a CentOS installation tree or full installation ISO image on a local drive. The drive must contain a file system the installation program can mount:ext2
,ext3
,ext4
,vfat
, orxfs
.-
--biospart=
- BIOS partition to install from (such as82
). -
--partition=
- Partition to install from (such assdb2
). -
--dir=
- Directory containing thevariant
directory of the installation tree, or the ISO image of the full installation DVD.For example:
harddrive --partition=hdb2 --dir=/tmp/install-tree
-
-
liveimg
- Install from a disk image instead of packages. The image can be thesquashfs.img
file from a live ISO image, a compressed tar file (.tar
,.tbz
,.tgz
,.txz
,.tar.bz2
,.tar.gz
, or.tar.xz
.), or any file system that the installation media can mount. Supported file systems areext2
,ext3
,ext4
,vfat
, andxfs
.When using the
liveimg
installation mode with a driver disk, drivers on the disk will not automatically be included in the installed system. If necessary, these drivers should be installed manually, or in the%post
section of a kickstart script.-
--url=
- The location to install from. Supported protocols areHTTP
,HTTPS
,FTP
, andfile
. -
--proxy=
- Specify anHTTP
,HTTPS
orFTP
proxy to use while performing the installation. -
--checksum=
- An optional argument with theSHA256
checksum of the image file, used for verification. -
--noverifyssl
- Disable SSL verification when connecting to anHTTPS
server.For example:
liveimg --url=file:///images/install/squashfs.img --checksum=03825f567f17705100de3308a20354b4d81ac9d8bed4bb4692b2381045e56197 --noverifyssl
-
-
nfs
- Install from the NFS server specified.-
--server=
- Server from which to install (host name or IP). -
--dir=
- Directory containing thevariant
directory of the installation tree. -
--opts=
- Mount options to use for mounting the NFS export. (optional)For example:
nfs --server=nfsserver.example.com --dir=/tmp/install-tree
-
-
url
- Install from an installation tree on a remote server using FTP, HTTP, or HTTPS.-
--url=
- The location to install from. Supported protocols areHTTP
,HTTPS
,FTP
, andfile
. -
--mirrorlist=
- The mirror URL to install from. -
--proxy=
- Specify anHTTP
,HTTPS
orFTP
proxy to use while performing the installation. -
--noverifyssl
- Disable SSL verification when connecting to anHTTPS
server.For example:
url --url http://server/path
or:
url --url ftp://username:password@server/path
-
-
iscsi
(optional)-
iscsi --ipaddr=address [options]
Specifies additional iSCSI storage to be attached during installation. If you use the
iscsi
command, you must also assign a name to the iSCSI node, using theiscsiname
command. Theiscsiname
command must appear before theiscsi
command in the Kickstart file.We recommend that wherever possible you configure iSCSI storage in the system BIOS or firmware (iBFT for Intel systems) rather than use the
iscsi
command. Anaconda automatically detects and uses disks configured in BIOS or firmware and no special configuration is necessary in the Kickstart file.If you must use the
iscsi
command, ensure that networking is activated at the beginning of the installation, and that theiscsi
command appears in the Kickstart file before you refer to iSCSI disks with commands such asclearpart
orignoredisk
.-
--ipaddr=
(required) - the IP address of the target to connect to. -
--port=
(required) - the port number (typically,--port=3260
) -
--target=
- the target IQN (iSCSI Qualified Name). -
--iface=
- bind the connection to a specific network interface instead of using the default one determined by the network layer. Once used, it must be specified in all instances of theiscsi
command in the entire Kickstart file. -
--user=
- the user name required to authenticate with the target -
--password=
- the password that corresponds with the user name specified for the target -
--reverse-user=
- the user name required to authenticate with the initiator from a target that uses reverse CHAP authentication -
--reverse-password=
- the password that corresponds with the user name specified for the initiator
-
iscsiname
(optional)-
Assigns a name to an iSCSI node specified by the iscsi parameter. If you use the
iscsi
parameter in your Kickstart file, you must specifyiscsiname
earlier in the Kickstart file.iscsiname
iqn %addon com_redhat_kdump
(optional)-
This command configures the kdump kernel crash dumping mechanism.
The syntax for this command is unusual because it is an add-on rather than a built-in Kickstart command. For more information about add-ons, see Kickstart Add-ons.
Kdump is a kernel crash dumping mechanism that allows you to save the contents of the system’s memory for later analysis. It relies on kexec, which can be used to boot a Linux kernel from the context of another kernel without rebooting the system, and preserve the contents of the first kernel’s memory that would otherwise be lost.
In case of a system crash, kexec boots into a second kernel (a capture kernel). This capture kernel resides in a reserved part of the system memory that is inaccessible to the first kernel. Kdump then captures the contents of the crashed kernel’s memory (a crash dump) and saves it to a specified location. The location cannot be configured using this Kickstart command; it must be configured after the installation by editing the
/etc/kdump.conf
configuration file.For more information about Kdump, see the Red Hat Enterprise Linux 7 Kernel Crash Dump Guide.
Available options are:
-
--enable
- Enable kdump on the installed system. -
--disable
- Disable kdump on the installed system. -
--reserve-mb=
- The amount of memory you want to reserve for kdump, in MiB. For example:%addon com_redhat_kdump --enable --reserve-mb=128 %end
You can also specify
auto
instead of a numeric value. In that case, the installer will determine the amount of memory automatically based on the criteria described in the Red Hat Enterprise Linux 7 Kernel Crash Dump Guide.If you enable kdump and do not specify a
--reserve-mb=
option, the valueauto
will be used. -
--enablefadump
- Enable firmware-assisted dumping on systems which allow it (notably, IBM Power Systems servers).
-
keyboard
(required)-
Sets one or more available keyboard layouts for the system.
-
--vckeymap=
- Specify aVConsole
keymap which should be used. Valid names correspond to the list of files in the/usr/lib/kbd/keymaps/
directory, without the.map.gz
extension. -
--xlayouts=
- Specify a list of X layouts that should be used as a comma-separated list without spaces. Accepts values in the same format assetxkbmap(1)
, either in thelayout
format (such ascz
), or in thelayout (variant)
format (such ascz (qwerty)
).All available layouts can be viewed on the
xkeyboard-config(7)
man page underLayouts
. -
--switch=
- Specify a list of layout-switching options (shortcuts for switching between multiple keyboard layouts). Multiple options must be separated by commas without spaces. Accepts values in the same format assetxkbmap(1)
.Available switching options can be viewed on the
xkeyboard-config(7)
man page underOptions
.The following example sets up two keyboard layouts (
English (US)
andCzech (qwerty)
) using the--xlayouts=
option, and allows to switch between them using Alt+Shift:keyboard --xlayouts=us,'cz (qwerty)' --switch=grp:alt_shift_toggle
Either the
--vckeymap=
or the--xlayouts=
option must be used.
-
lang
(required)-
Sets the language to use during installation and the default language to use on the installed system. For example, to set the language to English, the Kickstart file should contain the following line:
lang en_US
The file
/usr/share/system-config-language/locale-list
provides a list of the valid language codes in the first column of each line and is part of the system-config-language package.Certain languages (for example, Chinese, Japanese, Korean, and Indic languages) are not supported during text-mode installation. If you specify one of these languages with the
lang
command, the installation process continues in English, but the installed system uses your selection as its default language.-
--addsupport=
- Add support for additional languages. Takes the form of comma-separated list without spaces. For example:lang en_US --addsupport=cs_CZ,de_DE,en_UK
-
logging
(optional)-
Controls the error logging of Anaconda during installation. It has no effect on the installed system.
logging [--host=host] [--port=port] [--level=debug|info|error|critical]
-
--host=
- Send logging information to the given remote host, which must be running a syslogd process configured to accept remote logging. -
--port=
- If the remote syslogd process uses a port other than the default, set it using this option. -
--level=
- Specify the minimum level of messages that appear on tty3. All messages are still sent to the log file regardless of this level, however. Possible values aredebug
,info
,warning
,error
, orcritical
.
-
logvol
(optional)-
Create a logical volume for Logical Volume Management (LVM). For more information regarding LVM, see the Red Hat Enterprise Linux 7 Logical Volume Manager Administration guide. This command uses the following syntax:
logvol mntpoint --vgname=name --name=name [options]
Do not use the dash (
-
) character in logical volume and volume group names when installing CentOS using Kickstart. If this character is used, the installation finishes normally, but the/dev/mapper/
directory will list these volumes and volume groups with every dash doubled. For example, a volume group namedvolgrp-01
containing a logical volume namedlogvol-01
will be listed as/dev/mapper/volgrp--01-logvol--01
.This limitation only applies to newly created logical volume and volume group names. If you are reusing existing ones using the
--noformat
option, their names will not be changed.For a detailed example of
logvol
in action, see Advanced Partitioning Example.-
The mntpoint is where the partition is mounted and must be of one of the following forms:
-
/path
For example,
/
or/home
-
swap
The partition is used as swap space.
To determine the size of the swap partition automatically, use the
--recommended
option:swap --recommended
To determine the size of the swap partition automatically and also allow extra space for your system to hibernate, use the
--hibernation
option:swap --hibernation
The size assigned will be equivalent to the swap space assigned by
--recommended
plus the amount of RAM on your system.For the swap sizes assigned by these commands, see Recommended Partitioning Scheme (x86) for 64-bit AMD, Intel, and ARM systems, and Recommended Partitioning Scheme (ppc) for IBM Power Systems servers.
The options are as follows:
-
-
--noformat
- Use an existing logical volume and do not format it. -
--useexisting
- Use an existing logical volume and reformat it. -
--fstype=
- Sets the file system type for the logical volume. Valid values arexfs
,ext2
,ext3
,ext4
,swap
, andvfat
. -
--fsoptions=
- Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the/etc/fstab
file of the installed system and should be enclosed in quotes. -
--mkfsoptions=
- Specifies additional parameters to be passed to the program that makes a filesystem on this partition. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem. -
--label=
- Sets a label for the logical volume. -
--grow
- Tells the logical volume to grow to fill available space (if any), or up to the maximum size setting, if one is specified. A minimum size must be given, using either the--percent=
option or the--size=
option.For more information about allocating space when writing to an image file, see section Host Storage describing Image files in the Red Hat Enterprise Linux 7 Storage Administration Guide.
-
--size=
- The size of the logical volume in MiB. This option cannot be used together with the--percent=
option. -
--percent=
- The size of the logical volume, as a percentage of the free space in the volume group after any statically-sized logical volumes are taken into account. This option cannot be used together with the--size=
option.When creating a new logical volume, you must either specify its size statically using the
--size=
option, or as a percentage of remaining free space using the--percent=
option. You cannot use both of these options on the same logical volume. -
--maxsize=
- The maximum size in MiB when the logical volume is set to grow. Specify an integer value here such as500
(do not include the unit). -
--recommended
- Use this option when creating aswap
logical volume to determine the size of this volume automatically, based on your system’s hardware. For details about the recommended scheme, see Recommended Partitioning Scheme (x86) for 64-bit AMD, Intel, and ARM systems, and Recommended Partitioning Scheme (ppc) for IBM Power Systems. -
--resize
- Resize a logical volume. If you use this option, you must also specify--useexisting
and--size
. -
--encrypted
- Specifies that this logical volume should be encrypted, using the passphrase provided in the--passphrase=
option. If you do not specify a passphrase, the installation program uses the default, system-wide passphrase set with theautopart --passphrase
command, or stops the installation and prompts you to provide a passphrase if no default is set.When encrypting one or more partitions, Anaconda attempts to gather 256 bits of entropy to ensure the partitions are encrypted securely. Gathering entropy can take some time - the process will stop after a maximum of 10 minutes, regardless of whether sufficient entropy has been gathered.
The process can be sped up by interacting with the installation system (typing on the keyboard or moving the mouse). If you are installing in a virtual machine, you can also attach a virtio-rng device (a virtual random number generator) to the guest as described in the Red Hat Enterprise Linux 7 Virtualization Deployment and Administration Guide.
-
--passphrase=
- Specifies the passphrase to use when encrypting this logical volume. You must use this option together with the--encrypted
option; it has no effect by itself. -
--cipher=
- Specifies which type of encryption will be used if the Anaconda default aes-xts-plain64 is not satisfactory. You must use this option together with the--encrypted
option; by itself it has no effect. Available types of encryption are listed in the Red Hat Enterprise Linux 7 Security Guide, but CentOS strongly recommends using either aes-xts-plain64 or aes-cbc-essiv:sha256. -
--escrowcert=URL_of_X.509_certificate
- Store data encryption keys of all encrypted volumes as files in/root
, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if--encrypted
is specified. -
--backuppassphrase
- Add a randomly-generated passphrase to each encrypted volume. Store these passphrases in separate files in/root
, encrypted using the X.509 certificate specified with--escrowcert
. This option is only meaningful if--escrowcert
is specified. -
--thinpool
- Creates a thin pool logical volume. (Use a mount point ofnone
) -
--metadatasize=size
- Specify the metadata area size (in MiB) for a new thin pool device. -
--chunksize=size
- Specify the chunk size (in KiB) for a new thin pool device. -
--thin
- Create a thin logical volume. (Requires use of--poolname
) -
--poolname=name
- Specify the name of the thin pool in which to create a thin logical volume. Requires the--thin
option. -
--profile=name
- Specify the configuration profile name to use with thin logical volumes. If used, the name will also be included in the metadata for the given logical volume. By default, the available profiles aredefault
andthin-performance
and are defined in the/etc/lvm/profile/
directory. See thelvm(8)
man page for additional information. -
--cachepvs=
- A comma-separated list of physical volumes which should be used as a cache for this volume. -
--cachemode=
- Specify which mode should be used to cache this logical volume - eitherwriteback
orwritethrough
.For more information about cached logical volumes and their modes, see the
lvmcache(7)
man page. -
--cachesize=
- Size of cache attached to the logical volume, specified in MiB. This option requires the--cachepvs=
option.Create the partition first, create the logical volume group, and then create the logical volume. For example:
part pv.01 --size 3000
volgroup myvg pv.01
logvol / --vgname=myvg --size=2000 --name=rootvol
Create the partition first, create the logical volume group, and then create the logical volume to occupy 90% of the remaining space in the volume group. For example:
part pv.01 --size 1 --grow
volgroup myvg pv.01
logvol / --vgname=myvg --name=rootvol --percent=90
-
mediacheck
(optional)-
If given, this command forces the installation program to perform a media check (
rd.live.check
) before starting the installation. This command requires that installations be attended, so it is disabled by default. mount
(optional)-
Assigns a mount point to an existing block device, and optionally reformats it to a given format.
mount [--reformat [REFORMAT]] [--mkfsoptions MKFS_OPTS] [--mountoptions MOUNT_OPTS] device mntpoint
Unlike most other storage configuration commands in Kickstart,
mount
does not require you to describe the entire storage configuration in the Kickstart file. You only need to ensure that the described block device exists on the system. However, if you want to create the storage stack with all the devices mounted, you must use other commands such aspart
to do so.You can not use
mount
together with other storage-related commands such aspart
,logvol
, orautopart
in the same Kickstart file.Mandatory arguments:
-
device
- The block device to mount. -
mntpoint
- Where to mount thedevice
. It must be a valid mount point, such as/
or/usr
, ornone
if the device is unmountable (for exampleswap
).Optional arguments:
-
--reformat=
- Specifies a new format (such asext4
) to which the device should be reformatted. -
--mkfsoptions=
- Specifies additional argument to be passed to the command which creates the new file system specified in--reformat=
. The list of arguments provided here is not processed, so they must be specified in a format that can be passed directly to themkfs
program. The list of options should be either comma-separated or surrounded by double quotes, depending on the file system. Check themkfs
man page for the file system you want to create (for examplemkfs.ext4(8)
ormkfs.xfs(8)
) for specific details. -
--mountoptions=
- Specifies a free form string that contains options to be used when mounting the file system. The string will be copied to the/etc/fstab
file on the installed system and should be enclosed in double quotes. See themount(8)
man page for a full list of mount options, andfstab(5)
for basics.
-
network
(optional)-
Configures network information for the target system and activates network devices in the installation environment. The device specified in the first
network
command is activated automatically. Activation of the device can be also explicitly required by the--activate
option.There are several types of network device naming standards used to identify network devices with persistent names such as
em1
orwl3sp0
. For information about these standards, see the Red Hat Enterprise Linux 7 Networking Guide.-
--activate
- activate this device in the installation environment.If you use the
--activate
option on a device that has already been activated (for example, an interface you configured with boot options so that the system could retrieve the Kickstart file) the device is reactivated to use the details specified in the Kickstart file.Use the
--nodefroute
option to prevent the device from using the default route. -
--bootproto=
- One ofdhcp
,bootp
,ibft
, orstatic
. The default option isdhcp
; thedhcp
andbootp
options are treated the same. To disableipv4
configuration of the device, use--noipv4
option.This option configures ipv4 configuration of the device. For ipv6 configuration use --ipv6 and --ipv6gateway options.
The DHCP method uses a DHCP server system to obtain its networking configuration. The BOOTP method is similar, requiring a BOOTP server to supply the networking configuration. To direct a system to use DHCP:
network --bootproto=dhcp
To direct a machine to use BOOTP to obtain its networking configuration, use the following line in the Kickstart file:
network --bootproto=bootp
To direct a machine to use the configuration specified in iBFT, use:
network --bootproto=ibft
The
static
method requires that you specify at least the IP address and netmask in the Kickstart file. This information is static and is used during and after the installation.All static networking configuration information must be specified on one line; you cannot wrap lines using a backslash (
\
) as you can on a command line.network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver=10.0.2.1
You can also configure multiple nameservers at the same time. To do so, use the
--nameserver=
option once, and specify each of their IP addresses, separated by commas.network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver=192.168.2.1,192.168.3.1
-
--device=
- specifies the device to be configured (and eventually activated in Anaconda) with thenetwork
command.If the
--device=
option is missing on the first use of thenetwork
command, the value of theksdevice=
Anaconda boot option is used, if available. Note that this is considered deprecated behavior; in most cases, you should always specify a--device=
for everynetwork
command.The behavior of any subsequent
network
command in the same Kickstart file is unspecified if its--device=
option is missing. Make sure you specify this option for anynetwork
command beyond the first.You can specify a device to be activated in any of the following ways:
-
the device name of the interface, for example,
em1
-
the MAC address of the interface, for example,
01:23:45:67:89:ab
-
the keyword
link
, which specifies the first interface with its link in theup
state -
the keyword
bootif
, which uses the MAC address that pxelinux set in theBOOTIF
variable. SetIPAPPEND 2
in yourpxelinux.cfg
file to have pxelinux set theBOOTIF
variable.For example:
network --bootproto=dhcp --device=em1
-
-
--ip=
- IP address of the device. -
--ipv6=
- IPv6 address of the device, in the form of address[/prefix length] - for example,3ffe:ffff:0:1::1/128
. If prefix is omitted,64
is used. You can also useauto
for automatic configuration, ordhcp
for DHCPv6-only configuration (no router advertisements). -
--gateway=
- Default gateway as a single IPv4 address. -
--ipv6gateway=
- Default gateway as a single IPv6 address. -
--nodefroute
- Prevents the interface being set as the default route. Use this option when you activate additional devices with the--activate=
option, for example, a NIC on a separate subnet for an iSCSI target. -
--nameserver=
- DNS name server, as an IP address. To specify more than one name server, use this option once, and separate each IP address with a comma. -
--nodns
- Do not configure any DNS server. -
--netmask=
- Network mask for the installed system. -
--hostname=
- The host name for the installed system. The host name can either be a fully-qualified domain name (FQDN) in the formathost_name.domainname
, or a short host name with no domain. Many networks have a Dynamic Host Configuration Protocol (DHCP) service which automatically supplies connected systems with a domain name; to allow DHCP to assign the domain name, only specify a short host name.If your network does not provide a DHCP service, always use the FQDN as the system’s host name.
-
--ethtool=
- Specifies additional low-level settings for the network device which will be passed to the ethtool program. -
--essid=
- The network ID for wireless networks. -
--wepkey=
- The WEP encryption key for wireless networks. -
--wpakey=
- The WPA encryption key for wireless networks. -
--onboot=
- Whether or not to enable the device at boot time. -
--dhcpclass=
- The DHCP class. -
--mtu=
- The MTU of the device. -
--noipv4
- Disable IPv4 on this device. -
--noipv6
- Disable IPv6 on this device. -
--bondslaves=
- When this option is used, the network device specified in the--device=
option is created using slaves defined in the--bondslaves=
option. For example:network --device=mynetwork --bondslaves=em1,em2
The above command creates a bond device named
mynetwork
using theem1
andem2
interfaces as its slaves. -
--bondopts=
- a list of optional parameters for a bonded interface, which is specified using the--bondslaves=
and--device=
options. Options in this list must be separated by commas (",
") or semicolons (";
"). If an option itself contains a comma, use a semicolon to separate the options. For example:network --bondopts=mode=active-backup,balance-rr;primary=eth1
Available optional parameters are listed in the Working with Kernel Modules chapter of the Red Hat Enterprise Linux 7 System Administrator’s Guide.
The
--bondopts=mode=
parameter only supports full mode names such asbalance-rr
orbroadcast
, not their numerical representations such as0
or3
. -
--vlanid=
- Specifies virtual LAN (VLAN) ID number (802.1q tag) for the device created using the device specified in--device=
as a parent. For example,network --device=em1 --vlanid=171
creates a virtual LAN deviceem1.171
. -
--interfacename=
- Specify a custom interface name for a virtual LAN device. This option should be used when the default name generated by the--vlanid=
option is not desirable. This option must be used along with--vlanid=
. For example:network --device=em1 --vlanid=171 --interfacename=vlan171
The above command creates a virtual LAN interface named
vlan171
on theem1
device with an ID of171
.The interface name can be arbitrary (for example,
my-vlan
), but in specific cases, the following conventions must be followed:-
If the name contains a dot (
.
), it must take the form ofNAME.ID
. The NAME is arbitrary, but the ID must be the VLAN ID. For example:em1.171
ormy-vlan.171
. -
Names starting with
vlan
must take the form ofvlanID
- for example,vlan171
.
-
-
--teamslaves=
- Team device specified by the--device=
option will be created using slaves specified in this option. Slaves are separated by commas. A slave can be followed by its configuration, which is a single-quoted JSON string with double quotes escaped by the\
character. For example:network --teamslaves="p3p1'{\"prio\": -10, \"sticky\": true}',p3p2'{\"prio\": 100}'"
See also the
--teamconfig=
option. -
--teamconfig=
- Double-quoted team device configuration which is a single-quoted JSON string with double quotes escaped by the\
character. The device name is specified by--device=
option and its slaves and their configuration by--teamslaves=
option. For example:network --device team0 --activate --bootproto static --ip=10.34.102.222 --netmask=255.255.255.0 --gateway=10.34.102.254 --nameserver=10.34.39.2 --teamslaves="p3p1'{\"prio\": -10, \"sticky\": true}',p3p2'{\"prio\": 100}'" --teamconfig="{\"runner\": {\"name\": \"activebackup\"}}"
-
--bridgeslaves=
- When this option is used, the network bridge with device name specified using the--device=
option will be created and devices defined in the--bridgeslaves=
option will be added to the bridge. For example:network --device=bridge0 --bridgeslaves=em1
-
--bridgeopts=
- An optional comma-separated list of parameters for the bridged interface. Available values arestp
,priority
,forward-delay
,hello-time
,max-age
, andageing-time
. For information about these parameters, see the bridge setting table in thenm-settings(5)
man page or at https://developer.gnome.org/NetworkManager/0.9/ref-settings.html.Also see the Red Hat Enterprise Linux 7 Networking Guide for general information about network bridging.
-
--bindto=mac
- Bind the device configuration (ifcfg
) file on the installed system to the device MAC address (HWADDR
) instead of the default binding to the interface name (DEVICE
). Note that this option is independent of the--device=
option ---bindto=mac
will be applied even if the samenetwork
command also specifies a device name,link
, orbootif
.
-
nvdimm
(optional)-
Performs an action on Non-Volatile Dual In-line Memory Module (NVDIMM) devices. This command uses the following format:
nvdimm action [options]
By default, all NVDIMM devices are ignored by the installer. You must use the
nvdimm
command to enable installation on these devices.The following actions are available:
-
reconfigure
- Reconfigure a specific NVDIMM device into a given mode. Additionally, the specified device is implicitly marked as to be used, so a subsequentnvdimm use
command for the same device is redundant. This action uses the following format:nvdimm reconfigure [--namespace=NAMESPACE] [--mode=MODE] [--sectorsize=SECTORSIZE]
-
--namespace=
- The device specification by namespace. For example:nvdimm reconfigure --namespace=namespace0.0 --mode=sector --sectorsize=512
-
--mode=
- The mode specification. Currently, only the valuesector
is available. -
--sectorsize=
- Size of a sector for sector mode. For example:nvdimm reconfigure --namespace=namespace0.0 --mode=sector --sectorsize=512
The supported sector sizes are 512 and 4096 bytes.
-
-
use
- Specify a NVDIMM device as a target for installation. The device must be already configured to the sector mode by thenvdimm reconfigure
command. This action uses the following format:nvdimm use [--namespace=NAMESPACE|--blockdevs=DEVICES]
-
--namespace=
- Specifies the device by namespace. For example:nvdimm use --namespace=namespace0.0
-
--blockdevs=
- Specifies a comma-separated list of block devices corresponding to the NVDIMM devices to be used. The asterisk*
wildcard is supported. For example:nvdimm use --blockdevs=pmem0s,pmem1s nvdimm use --blockdevs=pmem*
-
-
%addon org_fedora_oscap
(optional)-
The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) content - security policies - on the installed system. When enabled, the packages necessary to provide this functionality will automatically be installed. However, by default, no policies are enforced, meaning that no checks are performed during or after installation unless specifically configured.
Applying a security policy is not necessary on all systems. This screen should only be used when a specific policy is mandated by your organization rules or government regulations.
Unlike most other commands, this add-on does not accept regular options, but uses key-value pairs in the body of the
%addon
definition instead. These pairs are whitespace-agnostic. Values can be optionally enclosed in single quotes ('
) or double quotes ("
).The following keys are recognized by the add-on:
-
content-type
- Type of the security content. Possible values aredatastream
,archive
,rpm
, andscap-security-guide
.If the
content-type
isscap-security-guide
, the add-on will use content provided by the scap-security-guide package, which is present on the boot media. This means that all other keys exceptprofile
will have no effect. -
content-url
- Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. -
datastream-id
- ID of the data stream referenced in thecontent-url
value. Used only ifcontent-type
isdatastream
. -
xccdf-id
- ID of the benchmark you want to use. -
xccdf-path
- Path to the XCCDF file which should be used; given as a relative path in the archive. -
profile
- ID of the profile to be applied. Usedefault
to apply the default profile. -
fingerprint
- A MD5, SHA1 or SHA2 checksum of the content referenced bycontent-url
. -
tailoring-path
- Path to a tailoring file which should be used, given as a relative path in the archive.The following is an example
%addon org_fedora_oscap
section which uses content from the scap-security-guide on the installation media:Example 2. Sample OpenSCAP Add-on Definition Using SCAP Security Guide%addon org_fedora_oscap content-type = scap-security-guide profile = pci-dss %end
The following is a more complex example which loads a custom profile from a web server:
Example 3. Sample OpenSCAP Add-on Definition Using a Datastream%addon org_fedora_oscap content-type = datastream content-url = http://www.example.com/scap/testing_ds.xml datastream-id = scap_example.com_datastream_testing xccdf-id = scap_example.com_cref_xccdf.xml profile = xccdf_example.com_profile_my_profile fingerprint = 240f2f18222faa98856c3b4fc50c4195 %end
Additional information about the OpenSCAP installer add-on is available at https://www.open-scap.org/tools/oscap-anaconda-addon/. For more information about the profiles available in the SCAP Security Guide and what they do, see the OpenSCAP Portal.
-
part
orpartition
(required)-
Creates a partition on the system.
All partitions created are formatted as part of the installation process unless
--noformat
and--onpart
are used.Device names in the
sdX
(or/dev/sdX
) format are not guaranteed to be consistent across reboots, which can complicate usage of some Kickstart commands. When a command calls for a device node name, you can instead use any item from/dev/disk
. For example, instead of:part / --fstype=xfs --onpart=sda1
You could use an entry similar to one of the following:
part / --fstype=xfs --onpart=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0-part1
part / --fstype=xfs --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1
This way the command will always target the same storage device. This is especially useful in large storage environments. See the chapter about persistent storage device naming in the Red Hat Enterprise Linux 7 Storage Administration Guide for more in-depth information about different ways to consistently refer to storage devices.
For a detailed example of
part
in action, see Advanced Partitioning Example.part|partition mntpoint --name=name --device=device --rule=rule [options]
-
mntpoint - Where the partition is mounted. The value must be of one of the following forms:
-
/path
For example,
/
,/usr
,/home
-
swap
The partition is used as swap space.
To determine the size of the swap partition automatically, use the
--recommended
option:swap --recommended
The size assigned will be effective but not precisely calibrated for your system.
To determine the size of the swap partition automatically but also allow extra space for your system to hibernate, use the
--hibernation
option:swap --hibernation
The size assigned will be equivalent to the swap space assigned by
--recommended
plus the amount of RAM on your system.For the swap sizes assigned by these commands, see Recommended Partitioning Scheme (x86) for 64-bit AMD, Intel, and ARM systems, and Recommended Partitioning Scheme (ppc) for IBM Power Systems servers.
-
raid.id
The partition is used for software RAID (see
raid
). -
pv.id
The partition is used for LVM (see
logvol
). -
biosboot
The partition will be used for a BIOS Boot partition. A 1 MiB BIOS boot partition is necessary on BIOS-based AMD64 and Intel 64 systems using a GUID Partition Table (GPT); the boot loader will be installed into it. It is not necessary on UEFI systems. See also the
bootloader
command. -
/boot/efi
An EFI System Partition. A 50 MiB EFI partition is necessary on UEFI-based AMD, Intel, and ARM; the recommended size is 200 MiB. It is not necessary on BIOS systems. See also the
bootloader
command.
-
-
--size=
- The minimum partition size in MiB. Specify an integer value here such as500
(do not include the unit).If the
--size
value is too small, the installation fails. Set the--size
value as the minimum amount of space you require. For size recommendations, see Recommended Partitioning Scheme (x86). -
--grow
- Tells the partition to grow to fill available space (if any), or up to the maximum size setting, if one is specified.If you use
--grow=
without setting--maxsize=
on a swap partition, Anaconda limits the maximum size of the swap partition. For systems that have less than 2 GB of physical memory, the imposed limit is twice the amount of physical memory. For systems with more than 2 GB, the imposed limit is the size of physical memory plus 2GB. -
--maxsize=
- The maximum partition size in MiB when the partition is set to grow. Specify an integer value here such as500
(do not include the unit). -
--noformat
- Specifies that the partition should not be formatted, for use with the--onpart
command. -
--onpart=
or--usepart=
- Uses existing blank device and format it to the new specified type. For example:partition /home --onpart=hda1
puts
/home
on/dev/hda1
.These options can also add a partition to a logical volume. For example:
partition pv.1 --onpart=hda2
The device must already exist on the system; the
--onpart
option will not create it.It is also possible to specify an entire drive, rather than a partition, in which case Anaconda will format and use the drive without creating a partition table. Note, however, that installation of GRUB2 is not supported on a device formatted in this way, and must be placed on a drive with a partition table.
-
--ondisk=
or--ondrive=
- Creates a partition (specified by the part command) on an existing disk. This command always creates a partition. For example,--ondisk=sdb
puts the partition on the second SCSI disk on the system.To specify a multipath device that does not use logical volume management (LVM), use the format
disk/by-id/dm-uuid-mpath-WWID
, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID2416CD96995134CA5D787F00A5AA11017
, use:part / --fstype=xfs --grow --asprimary --size=8192 --ondisk=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
Never specify multipath devices by device names like
mpatha
. Device names such as this are not specific to a particular disk. The disk named/dev/mpatha
during installation might not be the one that you expect it to be. Therefore, theclearpart
command could target the wrong disk. -
--asprimary
- Forces the partition to be allocated as a primary partition. If the partition cannot be allocated as primary (usually due to too many primary partitions being already allocated), the partitioning process fails. This option only makes sense when the disk uses a Master Boot Record (MBR); for GUID Partition Table (GPT)-labeled disks this option has no meaning. For information about primary (and extended) partitions, see Partitions: Turning One Drive Into Many. -
--fsprofile=
- Specifies a usage type to be passed to the program that makes a filesystem on this partition. A usage type defines a variety of tuning parameters to be used when making a filesystem. For this option to work, the filesystem must support the concept of usage types and there must be a configuration file that lists valid types. Forext2
,ext3
,ext4
, this configuration file is/etc/mke2fs.conf
. -
--mkfsoptions=
- Specifies additional parameters to be passed to the program that makes a filesystem on this partition. This is similar to--fsprofile
but works for all filesystems, not just the ones that support the profile concept. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem. -
--fstype=
- Sets the file system type for the partition. Valid values arexfs
,ext2
,ext3
,ext4
,swap
,vfat
,efi
andbiosboot
. -
--fsoptions
- Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the/etc/fstab
file of the installed system and should be enclosed in quotes. -
--label=
- assign a label to an individual partition. -
--recommended
- Determine the size of the partition automatically. For details about the recommended scheme, see Recommended Partitioning Scheme (x86) for 64-bit AMD, Intel, and ARM, and Recommended Partitioning Scheme (ppc) for IBM Power Systems.This option can only be used for partitions which result in a file system such as the
/boot
partition andswap
space. It cannot be used to create LVM physical volumes or RAID members. -
--onbiosdisk
- Forces the partition to be created on a particular disk as discovered by the BIOS. -
--encrypted
- Specifies that this partition should be encrypted, using the passphrase provided in the--passphrase
option. If you do not specify a passphrase, Anaconda uses the default, system-wide passphrase set with theautopart --passphrase
command, or stops the installation and prompts you to provide a passphrase if no default is set.When encrypting one or more partitions, Anaconda attempts to gather 256 bits of entropy to ensure the partitions are encrypted securely. Gathering entropy can take some time - the process will stop after a maximum of 10 minutes, regardless of whether sufficient entropy has been gathered.
The process can be sped up by interacting with the installation system (typing on the keyboard or moving the mouse). If you are installing in a virtual machine, you can also attach a virtio-rng device (a virtual random number generator) to the guest as described in the Red Hat Enterprise Linux 7 Virtualization Deployment and Administration Guide.
-
--passphrase=
- Specifies the passphrase to use when encrypting this partition. You must use this option together with the--encrypted
option; by itself it has no effect. -
--cipher=
- Specifies which type of encryption will be used if the Anaconda defaultaes-xts-plain64
is not satisfactory. You must use this option together with the--encrypted
option; by itself it has no effect. Available types of encryption are listed in the Red Hat Enterprise Linux 7 Security Guide, but CentOS strongly recommends using eitheraes-xts-plain64
oraes-cbc-essiv:sha256
. -
--escrowcert=URL_of_X.509_certificate
- Store data encryption keys of all encrypted partitions as files in/root
, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted partition. This option is only meaningful if--encrypted
is specified. -
--backuppassphrase
- Add a randomly-generated passphrase to each encrypted partition. Store these passphrases in separate files in/root
, encrypted using the X.509 certificate specified with--escrowcert
. This option is only meaningful if--escrowcert
is specified. -
--resize=
- Resize an existing partition. When using this option, specify the target size (in MiB) using the--size=
option and the target partition using the--onpart=
option.If partitioning fails for any reason, diagnostic messages appear on virtual console 3.
-
poweroff
(optional)-
Shut down and power off the system after the installation has successfully completed. Normally during a manual installation, Anaconda displays a message and waits for the user to press a key before rebooting. During a Kickstart installation, if no completion method is specified, the
halt
option is used as default.The
poweroff
option is equivalent to theshutdown -p
command.The
poweroff
command is highly dependent on the system hardware in use. Specifically, certain hardware components such as the BIOS, APM (advanced power management), and ACPI (advanced configuration and power interface) must be able to interact with the system kernel. Consult your hardware documentation for more information on you system’s APM/ACPI abilities.For other completion methods, see the
halt
,reboot
, andshutdown
Kickstart commands. raid
(optional)-
Assembles a software RAID device. This command is of the form:
raid mntpoint --level=level --device=device-name partitions*
-
mntpoint - Location where the RAID file system is mounted. If it is
/
, the RAID level must be 1 unless a boot partition (/boot
) is present. If a boot partition is present, the/boot
partition must be level 1 and the root (/
) partition can be any of the available types. The partitions* (which denotes that multiple partitions can be listed) lists the RAID identifiers to add to the RAID array.On IBM Power Systems, if a RAID device has been prepared and has not been reformatted during the installation, ensure that the RAID metadata version is
0.90
if you intend to put the/boot
andPReP
partitions on the RAID device.The default CentOS 7 mdadm metadata version is not supported for the boot device.
For a detailed example of
raid
in action, see Advanced Partitioning Example. -
--level=
- RAID level to use (0, 1, 4, 5, 6, or 10). -
--device=
- Name of the RAID device to use - for example,--device=root
.Do not use
mdraid
names in the form ofmd0
- these names are not guaranteed to be persistent. Instead, use meaningful names such asroot
orswap
. Using meaningful names creates a symbolic link from/dev/md/name
to whichever/dev/mdX
node is assigned to the array.If you have an old (v0.90 metadata) array that you cannot assign a name to, you can specify the array by a filesystem label or UUID (for example,
--device=centos7-root --label=centos7-root
). -
--chunksize=
- Sets the chunk size of a RAID storage in KiB. In certain situations, using a different chunk size than the default (512 Kib
) can improve the performance of the RAID. -
--spares=
- Specifies the number of spare drives allocated for the RAID array. Spare drives are used to rebuild the array in case of drive failure. -
--fsprofile=
- Specifies a usage type to be passed to the program that makes a filesystem on this partition. A usage type defines a variety of tuning parameters to be used when making a filesystem. For this option to work, the filesystem must support the concept of usage types and there must be a configuration file that lists valid types. For ext2, ext3, and ext4, this configuration file is/etc/mke2fs.conf
. -
--fstype=
- Sets the file system type for the RAID array. Valid values arexfs
,ext2
,ext3
,ext4
,swap
, andvfat
. -
--fsoptions=
- Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the/etc/fstab
file of the installed system and should be enclosed in quotes. -
--mkfsoptions=
- Specifies additional parameters to be passed to the program that makes a filesystem on this partition. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem. -
--label=
- Specify the label to give to the filesystem to be made. If the given label is already in use by another filesystem, a new label will be created. -
--noformat
- Use an existing RAID device and do not format the RAID array. -
--useexisting
- Use an existing RAID device and reformat it. -
--encrypted
- Specifies that this RAID device should be encrypted, using the passphrase provided in the--passphrase
option. If you do not specify a passphrase, Anaconda uses the default, system-wide passphrase set with theautopart --passphrase
command, or stops the installation and prompts you to provide a passphrase if no default is set.When encrypting one or more partitions, Anaconda attempts to gather 256 bits of entropy to ensure the partitions are encrypted securely. Gathering entropy can take some time - the process will stop after a maximum of 10 minutes, regardless of whether sufficient entropy has been gathered.
The process can be sped up by interacting with the installation system (typing on the keyboard or moving the mouse). If you are installing in a virtual machine, you can also attach a virtio-rng device (a virtual random number generator) to the guest as described in the Red Hat Enterprise Linux 7 Virtualization Deployment and Administration Guide.
-
--cipher=
- Specifies which type of encryption will be used if the Anaconda default aes-xts-plain64 is not satisfactory. You must use this option together with the--encrypted
option; by itself it has no effect. Available types of encryption are listed in the Red Hat Enterprise Linux 7 Security Guide, but CentOS strongly recommends using either aes-xts-plain64 or aes-cbc-essiv:sha256. -
--passphrase=
- Specifies the passphrase to use when encrypting this RAID device. You must use this option together with the--encrypted
option; by itself it has no effect. -
--escrowcert=URL_of_X.509_certificate
- Store the data encryption key for this device in a file in/root
, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. This option is only meaningful if--encrypted
is specified. -
--backuppassphrase
- Add a randomly-generated passphrase to this device. Store the passphrase in a file in/root
, encrypted using the X.509 certificate specified with--escrowcert
. This option is only meaningful if--escrowcert
is specified.The following example shows how to create a RAID level 1 partition for
/
, and a RAID level 5 for/home
, assuming there are three SCSI disks on the system. It also creates three swap partitions, one on each drive.Example 4. Using the raid Kickstart commandpart raid.01 --size=6000 --ondisk=sda
part raid.02 --size=6000 --ondisk=sdb
part raid.03 --size=6000 --ondisk=sdc
part swap --size=512 --ondisk=sda
part swap --size=512 --ondisk=sdb
part swap --size=512 --ondisk=sdc
part raid.11 --size=1 --grow --ondisk=sda
part raid.12 --size=1 --grow --ondisk=sdb
part raid.13 --size=1 --grow --ondisk=sdc
raid / --level=1 --device=centos7-root --label=centos7-root raid.01 raid.02 raid.03
raid /home --level=5 --device=centos7-home --label=centos7-home raid.11 raid.12 raid.13
-
realm
(optional)-
Join an Active Directory or IPA domain. For more information about this command, see the
join
section of therealm(8)
man page.realm join [options] domain
-
--computer-ou=OU=
- Provide the distinguished name of an organizational unit in order to create the computer account. The exact format of the distinguished name depends on the client software and membership software. The root DSE portion of the distinguished name can usually be left out. -
--no-password
- Join automatically without a password. -
--one-time-password=
- Join using a one-time password. This is not possible with all types of realm. -
--client-software=
- Only join realms which can run this client software. Valid values includesssd
andwinbind
. Not all realms support all values. By default, the client software is chosen automatically. -
--server-software=
- Only join realms which can run this server software. Possible values includeactive-directory
orfreeipa
. -
--membership-software=
- Use this software when joining the realm. Valid values includesamba
andadcli
. Not all realms support all values. By default, the membership software is chosen automatically.
-
reboot
(optional)-
Reboot after the installation is successfully completed (no arguments). Normally, Kickstart displays a message and waits for the user to press a key before rebooting.
The
reboot
option is equivalent to theshutdown -r
command.For other completion methods, see the
halt
,poweroff
, andshutdown
Kickstart options.The
halt
option is the default completion method if no other methods are explicitly specified in the Kickstart file.Use of the
reboot
option might result in an endless installation loop, depending on the installation media and method.-
--eject
- Attempt to eject the bootable media (DVD, USB, or other media) before rebooting. -
--kexec
- Uses the kexec system call instead of performing a full reboot, which immediately loads the installed system into memory, bypassing the hardware initialization normally performed by the BIOS or firmware.Due to the complexities involved with booting systems using kexec, it cannot be explicitly tested and guaranteed to function in every situation.
When kexec is used, device registers (which would normally be cleared during a full system reboot) might stay filled with data, which could potentially create issues for some device drivers.
-
repo
(optional)-
Configures additional yum repositories that can be used as sources for package installation. You can add multiple
repo
lines.repo --name=repoid [--baseurl=<url>|--mirrorlist=url] [options]
-
--name=
- The repository id. This option is required. If a repository has a name which conflicts with another previously added repository, it is ignored. Because the installation program uses a list of preset repositories, this means that you cannot add repositories with the same names as the preset ones. -
--baseurl=
- The URL to the repository. The variables that can be used in yum repo config files are not supported here. This option cannot be used together with the--mirrorlist
option in the same repository definition. -
--mirrorlist=
- The URL pointing at a list of mirrors for the repository. The variables that can be used in yum repository configuration files are not supported here. This option cannot be used together with the--baseurl
option in the same repository definition. -
--install
- Save the provided repository configuration on the installed system in the/etc/yum.repos.d/
directory. Without using this option, a repository configured in a Kickstart file will only be available during the installation process, not on the installed system. -
--cost=
- An integer value to assign a cost to this repository. If multiple repositories provide the same packages, this number is used to prioritize which repository will be used before another. Repositories with a lower cost take priority over repositories with higher cost. -
--excludepkgs=
- A comma-separated list of package names that must not be pulled from this repository. This is useful if multiple repositories provide the same package and you want to make sure it comes from a particular repository. Both full package names (such aspublican
) and globs (such asgnome-*
) are accepted. -
--includepkgs=
- A comma-separated list of package names and globs that must be pulled from this repository. This is useful if multiple repositories provide the same package and you want to make sure it comes from this repository. -
--proxy=[protocol://][username[:password]@]host[:port]
- Specify an HTTP/HTTPS/FTP proxy to use just for this repository. This setting does not affect any other repositories, nor how theinstall.img
is fetched on HTTP installations. -
--ignoregroups=true
- This option is used when composing installation trees and has no effect on the installation process itself. It tells the compose tools to not look at the package group information when mirroring trees so as to avoid mirroring large amounts of unnecessary data. -
--noverifyssl
- Disable SSL verification when connecting to anHTTPS
server.Repositories used for installation must be stable. The installation can fail if a repository is modified before the installation concludes.
-
rescue
(optional)-
Automatically enters the installation program’s rescue mode. This gives you a chance to repair the system in case of any problems.
rescue [--nomount|--romount]
-
--nomount
or--romount
- Controls how the installed system is mounted in the rescue environment. By default, the installation program finds your system and mount it in read-write mode, telling you where it has performed this mount. You can optionally select to not mount anything (the--nomount
option) or mount in read-only mode (the--romount
option). Only one of these two options can be used.
-
reqpart
(optional)-
Automatically creates partitions required by your hardware platform. These include a
/boot/efi
partition for systems with UEFI firmware, abiosboot
partition for systems with BIOS firmware and GPT, and aPRePBoot
partition for IBM Power Systems.reqpart [--add-boot]
-
--add-boot
- Creates a separate/boot
partition in addition to the platform-specific partition created by the base command.This command cannot be used toegether with
autopart
, becauseautopart
does everything thereqpart
command does and, in addition, creates other partitions or logical volumes such as/
andswap
. In contrast withautopart
, this command only creates platform-specific partitions and leaves the rest of the drive empty, allowing you to create a custom layout.
-
rootpw
(required)-
Sets the system’s root password to the password argument.
rootpw [--iscrypted|--plaintext] [--lock] password
-
--iscrypted
- If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with--plaintext
. To create an encrypted password, you can use python:$
python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
This generates a sha512 crypt-compatible hash of your password using a random salt.
-
--plaintext
- If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with--iscrypted
. -
--lock
- If this option is present, the root account is locked by default. This means that the root user will not be able to log in from the console. This option will also disable theRoot Password
screens in both the graphical and text-based manual installation.
-
selinux
(optional)-
Sets the state of SELinux on the installed system. The default SELinux policy is
enforcing
.selinux [--disabled|--enforcing|--permissive]
-
--enforcing
- Enables SELinux with the default targeted policy beingenforcing
. -
--permissive
- Outputs warnings based on the SELinux policy, but does not actually enforce the policy. -
--disabled
- Disables SELinux completely on the system.For more information regarding SELinux, see the Red Hat Enterprise Linux 7 SELinux User’s and Administrator’s Guide.
-
services
(optional)-
Modifies the default set of services that will run under the default systemd target. The list of disabled services is processed before the list of enabled services. Therefore, if a service appears on both lists, it will be enabled.
services [--disabled=list] [--enabled=list]
-
--disabled=
- Disable the services given in the comma separated list. -
--enabled=
- Enable the services given in the comma separated list.Do not include spaces in the list of services. If you do, Kickstart will enable or disable only the services up to the first space. For example:
services --disabled=auditd, cups,smartd, nfslock
disables only the
auditd
service. To disable all four services, this entry should include no spaces:services --disabled=auditd,cups,smartd,nfslock
-
shutdown
(optional)-
Shut down the system after the installation has successfully completed. During a Kickstart installation, if no completion method is specified, the
halt
command is used.The
shutdown
Kickstart option is equivalent to theshutdown
command.For other completion methods, see the
halt
,poweroff
, andreboot
Kickstart options. skipx
(optional)-
If present, X is not configured on the installed system.
If you install a display manager among your package selection options, this package creates an X configuration, and the installed system defaults to
graphical.target
. The effect of theskipx
option is overridden. snapshot
(optional)-
Using the
snapshot
command, you can create LVM thin volume snapshots during the installation process. This enables you to back up a logical volume before or after the installation.To create multiple snapshots, add the
snaphost
Kickstart command multiple times.snapshots vg_name/lv_name --name=snapshot_name --when=pre-install|post-install
-
vg_name/lv_name
- Sets the name of the volume group and logical volume to create the snapshot from. -
--name=snapshot_name
- Sets the name of the snapshot. This name must be unique within the volume group. -
--when=pre-install|post-install
- Sets if the snapshot is created before the installation begins or after the installation is completed.
-
sshpw
(optional)-
During the installation, you can interact with the installation program and monitor its progress over an
SSH
connection. Use thesshpw
command to create temporary accounts through which to log on. Each instance of the command creates a separate account that exists only in the installation environment. These accounts are not transferred to the installed system.sshpw --username=name password [--iscrypted|--plaintext] [--lock]
-
--username
- Provides the name of the user. This option is required. -
--iscrypted
- If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with--plaintext
. To create an encrypted password, you can use python:$
python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
This generates a sha512 crypt-compatible hash of your password using a random salt.
-
--plaintext
- If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with--iscrypted
-
--lock
- If this option is present, this account is locked by default. This means that the user will not be able to log in from the console. -
--ssh
- If this is option is present, then the password string is interpreted as an ssh key value.By default, the
ssh
server is not started during the installation. To makessh
available during the installation, boot the system with the kernel boot optioninst.sshd
. See Console, Environment and Display Options for details.If you want to disable root
ssh
access, while allowing another userssh
access, use the following:sshpw --username=example_username example_password --plaintext sshpw --username=root example_password --lock
To simply disable root
ssh
access, use the following:sshpw --username=root example_password --lock
-
text
(optional)-
Perform the Kickstart installation in text mode. Kickstart installations are performed in graphical mode by default.
For a fully automatic installation, you must either specify one of the available modes (
graphical
,text
, orcmdline
) in the Kickstart file, or you must use theconsole=
boot option as described in Console, Environment and Display Options. If no mode is specified, the system will prompt you to choose one before continuing.
timezone
(required)-
Sets the system time zone to timezone.
timezone timezone [options]
-
--utc
- If present, the system assumes the hardware clock is set to UTC (Greenwich Mean) time. -
--nontp
- Disable the NTP service automatic starting. -
--ntpservers=
- Specify a list of NTP servers to be used as a comma-separated list without spaces.Starting with CentOS 7.5.1804, time zone names are validated using the
pytz.all_timezones
list, provided by the pytz package. In previous releases, the names were validated againstpytz.common_timezones
, which is a subset of the currently used list. Note that the graphical and text mode interfaces still use the more restrictedpytz.common_timezones
list; you must use a Kickstart file to use additional time zone definitions.
-
unsupported_hardware
(optional)-
Tells the installation program to suppress the
Unsupported Hardware Detected
alert. If this command is not included and unsupported hardware is detected, the installation stalls at this alert.
user
(optional)-
Creates a new user on the system.
user --name=username [options]
-
--name=
- Provides the name of the user. This option is required. -
--gecos=
- Provides the GECOS information for the user. This is a string of various system-specific fields separated by a comma. It is frequently used to specify the user’s full name, office number, and so on. See thepasswd(5)
man page for more details. -
--groups=
- In addition to the default group, a comma separated list of group names the user should belong to. The groups must exist before the user account is created. See thegroup
command. -
--homedir=
- The home directory for the user. If not provided, this defaults to/home/username
. -
--lock
- If this option is present, this account is locked by default. This means that the user will not be able to log in from the console. This option will also disable theCreate User
screens in both the graphical and text-based manual installation. -
--password=
- The new user’s password. If not provided, the account will be locked by default. -
--iscrypted
- If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with--plaintext
. To create an encrypted password, you can use python:$
python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
This generates a sha512 crypt-compatible hash of your password using a random salt.
-
--plaintext
- If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with--iscrypted
-
--shell=
- The user’s login shell. If not provided, the system default is used. -
--uid=
- The user’s UID (User ID). If not provided, this defaults to the next available non-system UID. -
--gid=
- The GID (Group ID) to be used for the user’s group. If not provided, this defaults to the next available non-system group ID.Consider using the
--uid
and--gid
options to set IDs of regular users and their default groups at range starting at5000
instead of1000
. That is because the range reserved for system users and groups,0
-999
, might increase in the future and thus overlap with IDs of regular users.For changing the minimum UID and GID limits after the installation, which ensures that your chosen UID and GID ranges are applied automatically on user creation, see the Users and Groups chapter of the System Administrator’s Guide.
Files and directories are created with various permissions, dictated by the application used to create the file or directory. For example, the
mkdir
command creates directories with all permissions enabled. However, applications are prevented from granting certain permissions to newly created files, as specified by theuser file-creation mask
setting.The
user file-creation mask
can be controlled with theumask
command. The default setting of theuser file-creation mask
for new users is defined by theUMASK
variable in the/etc/login.defs
configuration file on the installed system. If unset, it defaults to022
. This means that by default when an application creates a file, it is prevented from granting write permission to users other than the owner of the file. However, this can be overridden by other settings or scripts. More information can be found in the Red Hat Enterprise Linux 7 System Administrator’s Guide.
-
vnc
(optional)-
Allows the graphical installation to be viewed remotely through VNC. This method is usually preferred over text mode, as there are some size and language limitations in text installations. With no additional options, this command starts a VNC server on the installation system with no password and displays the details required to connect to it.
vnc [--host=host_name] [--port=port] [--password=password]
-
--host=
- Connect to the VNC viewer process listening on the given host name. -
--port=
- Provide a port that the remote VNC viewer process is listening on. If not provided, Anaconda uses the VNC default port of 5900. -
--password=
- Set a password which must be provided to connect to the VNC session. This is optional, but recommended.For more information about VNC installations, including instructions on how to connect to the installation system, see Using VNC.
-
volgroup
(optional)-
Creates a Logical Volume Management (LVM) group.
volgroup name partition [options]
Do not use the dash (
-
) character in logical volume and volume group names when installing CentOS using Kickstart. If this character is used, the installation finishes normally, but the/dev/mapper/
directory will list these volumes and volume groups with every dash doubled. For example, a volume group namedvolgrp-01
containing a logical volume namedlogvol-01
will be listed as/dev/mapper/volgrp--01-logvol--01
.This limitation only applies to newly created logical volume and volume group names. If you are reusing existing ones using the
--noformat
option, their names will not be changed.For a detailed partitioning example including
volgroup
, see Advanced Partitioning Example.The options are as follows:
-
--noformat
- Use an existing volume group and do not format it. -
--useexisting
- Use an existing volume group and reformat it. If you use this option, do not specify a partition. For example:volgroup centos00 --useexisting --noformat
-
--pesize=
- Set the size of the volume group’s physical extents in KiB. The default value is 4096 (4 MiB), and the minimum value is 1024 (1 MiB). -
--reserved-space=
- Specify an amount of space to leave unused in a volume group in MiB. Applicable only to newly created volume groups. -
--reserved-percent=
- Specify a percentage of total volume group space to leave unused. Applicable only to newly created volume groups.Create the partition first, then create the logical volume group, and then create the logical volume. For example:
part pv.01 --size 10000
volgroup volgrp pv.01
logvol / --vgname=volgrp --size=2000 --name=root
-
xconfig
(optional)-
Configures the X Window System. If you install the X Window System with a Kickstart file that does not include the
xconfig
command, you must provide the X configuration manually during installation.Do not use this command in a Kickstart file that does not install the X Window System.
-
--defaultdesktop=
- Specify eitherGNOME
orKDE
to set the default desktop (assumes that the chosen environment, either the GNOME Desktop Environment or the KDE Desktop Environment, has been installed in the%packages
section).It is currently not possible to specify KDE as your default desktop environment using this option. This is a known issue.
-
--startxonboot
- Use a graphical login on the installed system.
-
zerombr
(optional)-
The
zerombr
initializes any invalid partition tables that are found on disks and destroys all of the contents of disks with invalid partition tables. This command is required when performing an installation on an IBM Z system with unformatted Direct Access Storage Device (DASD) disks, otherwise the unformatted disks are not formatted and used during the installation. zfcp
(optional)-
Define a Fibre channel device. This option only applies on IBM System z. All of the options described below must be specified.
zfcp --devnum=devnum --wwpn=wwpn --fcplun=lun
-
--devnum
- The device number (zFCP adapter device bus ID). -
--wwpn
- The device’s World Wide Port Name (WWPN). Takes the form of a 16-digit number, preceded by0x
. -
--fcplun
- The device’s Logical Unit Number (LUN). Takes the form of a 16-digit number, preceded by0x
.For example:
zfcp --devnum=0.0.4000 --wwpn=0x5005076300C213e9 --fcplun=0x5022000000000000
-
%include
(optional)-
Use the
%include /path/to/file
command to include the contents of another file in the Kickstart file as though the contents were at the location of the%include
command in the Kickstart file.
Package Selection
Use the %packages
command to begin a Kickstart section which describes the software packages to be installed.
You can specify packages by environment, group, or by their package names. Several environments and groups that contain related packages are defined. See the repodata/*-comps-variant.architecture.xml
file on the CentOS 7 Installation DVD for a list of environments and groups.
The *-comps-variant.architecture.xml
file contains a structure describing available environments (marked by the <environment>
tag) and groups (the <group>
tag). Each entry has an ID, user visibility value, name, description, and package list. If the group is selected for installation, the packages marked mandatory
in the package list are always installed, the packages marked default
are installed if they are not specifically excluded elsewhere, and the packages marked optional
must be specifically included elsewhere even when the group is selected.
You can specify a package group or environment using either its ID (the <id>
tag) or name (the <name>
tag).
If you are not sure what packages should be installed, select the |
To install a 32-bit package on a 64-bit system, append the package name with the 32-bit architecture for which the package was built; for example, glibc.i686. The |
Initial Setup does not run after a system is installed from a Kickstart file unless a desktop environment and the X Window System were included in the installation and graphical login was enabled. This means that by default, no users except for |
The %packages
section must end with the %end
command.
- Specifying an Environment
-
In addition to groups, you specify an entire environment to be installed:
%packages @^Infrastructure Server %end
This command installs all packages which are part of the
Infrastracture Server
environment. All available environments are described in therepodata/*-comps-variant.architecture.xml
file on the CentOS 7 Installation DVD. Only a single environment can be specified in the Kickstart file. - Specifying Groups
-
Specify groups, one entry to a line, starting with an
@
symbol, and then the full group name or group id as given in the*-comps-variant.architecture.xml
file. For example:%packages
@X Window System @Desktop @Sound and Video%end
The
Core
group is always selected - it is not necessary to specify it in the%packages
section.The
*-comps-variant.architecture.xml
file also defines groups calledConflicts (variant)
for each variant of CentOS. This group contains all packages which are known to cause file conflicts, and is intended to be excluded. - Specifying Individual Packages
-
Specify individual packages by name, one entry to a line. You can use the asterisk character (
*
) as a wildcard in package names. For example:%packages sqlite curl aspell docbook* %end
The
docbook*
entry includes the packages docbook-dtds, docbook-simple, docbook-slides and others that match the pattern represented with the wildcard. - Excluding Environments, Groups, or Packages
-
Use a leading dash (
-
) to specify packages or groups to exclude from the installation. For example:%packages -@Graphical Internet -autofs -ipa*fonts %end
Installing all available packages using only |
You can change the default behavior of the %packages
section by using several options. Some options work for the entire package selection, others are used with only specific groups.
The following options are available for the %packages
. To use an option, append it to the start of the package selection section. For example:
%packages --multilib --ignoremissing
--default
-
Install the default set of packages. This corresponds to the package set which would be installed if no other selections were made in the
Package Selection
screen during an interactive installation. --excludedocs
-
Do not install any documentation contained within packages. In most cases, this excludes any files normally installed in the
/usr/share/doc
directory, but the specific files to be excluded depend on individual packages. --ignoremissing
-
Ignore any packages, groups and environments missing in the installation source, instead of halting the installation to ask if the installation should be aborted or continued.
--instLangs=
-
Specify a list of languages to install. Note that this is different from package group level selections. This option does not describe which package groups should be installed; instead, it sets RPM macros controlling which translation files from individual packages should be installed.
--multilib
-
Configure the installed system for multilib packages, to allow installing 32-bit packages on a 64-bit system, and install packages specified in this section as such.
Normally, on an AMD64 and Intel 64 system, only packages for this aNormally, on an AMD64 and Intel 64 system, you can install only the
x86_64
and thenoarch
packages. However, with the--multilib
option, you can automatically install the 32-bit AMD and the i686 Intel system packages available, if any.This only applies to packages explicitly specified in the
%packages
section. Packages which are only being installed as dependencies without being specified in the Kickstart file are only installed in architecture versions in which they are needed, even if they are available for more architectures.This option only works during the installation. Already installed systems are not configured for
multilib
packages installation using thednf
command. --nocore
-
Disables installation of the
@Core
package group which is otherwise always installed by default. Disabling the@Core
package group with--nocore
should be only used for creating lightweight containers; installing a desktop or server system will result in an unusable system.-
Using
-@Core
to exclude packages in the@Core
package group does not work. The only way to exclude the@Core
package group is with the--nocore
option. -
The
@Core
package group is defined as a minimal set of packages needed for installing a working system. It is not related in any way to core packages as defined in the Package Manifest and Scope of Coverage Details.
-
--retries=
-
Sets the number of times Yum will attempt to download packages (retries). The default value is
10
. This option only applies during the installation, and will not affect Yum configuration on the installed system. --timeout=
-
Sets the Yum timeout in seconds. The default value is
30
. This option only applies during the installation, and will not affect Yum configuration on the installed system.
The options in this list only apply to a single package group. Instead of using them at the %packages
command in the Kickstart file, append them to the group name. For example:
%packages
@Graphical Internet --optional%end
--nodefaults
-
Only install the group’s mandatory packages, not the default selections.
--optional
-
Install packages marked as optional in the group definition in the
*-comps-variant.architecture.xml
file, in addition to installing the default selections.Note that some package groups, such as
Scientific Support
, do not have any mandatory or default packages specified - only optional packages. In this case the--optional
option must always be used, otherwise no packages from this group will be installed.
Pre-installation Script
The %pre
script is run on the system immediately after the Kickstart file has been parsed, but before installation begins. This section must be placed towards the end of the Kickstart file, after the Kickstart commands described in Kickstart Commands and Options, and must start with %pre
and end with %end
. If your Kickstart file also includes a %post
section, the order in which the %pre
and %post
sections are included does not matter.
The %pre
script can be used for activation and configuration of networking and storage devices. It is also possible to run scripts, using interpreters available in the installation environment. Adding a %pre
script can be useful if you have networking and storage that needs special configuration before proceeding with the installation, or have a script that, for example, sets up additional logging parameters or environment variables. Debugging problems with %pre
scripts can be difficult, so it is recommended only to use a %pre
script when necessary.
Commands related to networking, storage, and file systems are available to use in the %pre
script, in addition to most of the utilities in the installation environment’s /sbin
and /bin
directories.
You can access the network in the %pre
section. However, the name service has not been configured at this point, so only IP addresses work, not URLs.
The pre-installation script section of Kickstart cannot manage multiple install trees or source media. This information must be included for each created Kickstart file, as the pre-installation script occurs during the second stage of the installation process.
Unlike the post-installation script, the pre-installation script is not run in the |
The following options can be used to change the behavior of pre-installation scripts. To use an option, append it to the %pre
line at the beginning of the script. For example:
%pre --interpreter=/usr/bin/python
--- Python script omitted --%end
--interpreter=
-
Allows you to specify a different scripting language, such as Python. Any scripting language available on the system can be used; in most cases, these are
/usr/bin/sh
,/usr/bin/bash
, and/usr/bin/python
. --erroronfail
-
Display an error and halt the installation if the script fails. The error message will direct you to where the cause of the failure is logged.
--log=
-
Logs the script’s output into the specified log file. For example:
%pre --log=/mnt/sysimage/root/ks-pre.log
The following is an example %pre
section:
%pre #!/bin/sh hds="" mymedia="" for file in /proc/ide/h* do mymedia=`cat $file/media` if [ $mymedia == "disk" ] ; then hds="$hds `basename $file`" fi done set $hds numhd=`echo $#` drive1=`echo $hds | cut -d' ' -f1` drive2=`echo $hds | cut -d' ' -f2` #Write out partition scheme based on whether there are 1 or 2 hard drives if [ $numhd == "2" ] ; then #2 drives echo "#partitioning scheme generated in %pre for 2 drives" > /tmp/part-include echo "clearpart --all" >> /tmp/part-include echo "part /boot --fstype xfs --size 75 --ondisk hda" >> /tmp/part-include echo "part / --fstype xfs --size 1 --grow --ondisk hda" >> /tmp/part-include echo "part swap --recommended --ondisk $drive1" >> /tmp/part-include echo "part /home --fstype xfs --size 1 --grow --ondisk hdb" >> /tmp/part-include else #1 drive echo "#partitioning scheme generated in %pre for 1 drive" > /tmp/part-include echo "clearpart --all" >> /tmp/part-include echo "part /boot --fstype xfs --size 75" >> /tmp/part-include echo "part swap --recommended" >> /tmp/part-include echo "part / --fstype xfs --size 2048" >> /tmp/part-include echo "part /home --fstype xfs --size 2048 --grow" >> /tmp/part-include fi %end
This script determines the number of hard drives in the system and writes a text file with a different partitioning scheme depending on whether it has one or two drives. Instead of having a set of partitioning commands in the Kickstart file, include the following line:
%include /tmp/part-include
The partitioning commands selected in the script will be used.
Anaconda configuration
Additional installation options can be configured in the %anaconda
section of your Kickstart file. This section controls the behavior of the user interface of the installation system.
This section must be placed towards the end of the Kickstart file, after the Kickstart commands described in Kickstart Commands and Options, and must start with %anaconda
and end with %end
.
Currently, the only command that can be used in the %anaconda
section is pwpolicy
. See Kickstart Commands and Options for more details.
The following is an example %anaconda
section:
%anaconda
pwpolicy root --minlen=10 --strict%end
This example %anaconda
section sets a password policy which requires that the root password be at least 10 characters long, and strictly forbids passwords which do not match this requirement.
Post-installation Script
You have the option of adding commands to run on the system once the installation is complete, but before the system is rebooted for the first time. This section must be placed towards the end of the Kickstart file, after the Kickstart commands described in Kickstart Commands and Options, and must start with %post
and end with %end
. If your Kickstart file also includes a %pre
section, the order of the %pre
and %post
sections does not matter.
This section is useful for functions such as installing additional software or configuring an additional name server. The post-install script is run in a chroot environment, therefore, performing tasks such as copying scripts or RPM packages from the installation media do not work by default. You can change this behavior using the --nochroot
option as described below.
Because post-install script runs in a chroot environment, most systemctl
commands will refuse to perform any action. For more information, see the "Behavior of systemctl in a chroot Environment" section of System Administrator’s Guide for Red Hat Enterprise Linux 7.
If you configured the network with static IP information, including a name server, you can access the network and resolve IP addresses in the |
The following options can be used to change the behavior of post-installation scripts. To use an option, append it to the %post
line at the beginning of the script. For example:
%post --interpreter=/usr/bin/python
--- Python script omitted --%end
--interpreter=
-
Allows you to specify a different scripting language, such as Python. For example:
%post --interpreter=/usr/bin/python
Any scripting language available on the system can be used; in most cases, these are
/usr/bin/sh
,/usr/bin/bash
, and/usr/bin/python
. --nochroot
-
Allows you to specify commands that you would like to run outside of the chroot environment.
The following example copies the file
/etc/resolv.conf
to the file system that was just installed.%post --nochroot
cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf%end
--erroronfail
-
Display an error and halt the installation if the script fails. The error message will direct you to where the cause of the failure is logged.
--log=
-
Logs the script’s output into the specified log file. Note that the path of the log file must take into account whether or not you use the
--nochroot
option. For example, without--nochroot
:%post --log=/root/ks-post.log
with
--nochroot
:%post --nochroot --log=/mnt/sysimage/root/ks-post.log
The following is an example %post
section:
# Start of the %post section with logging into /root/ks-post.log %post --log=/root/ks-post.log # Mount an NFS share mkdir /mnt/temp mount -o nolock 10.10.0.2:/usr/new-machines /mnt/temp openvt -s -w -- /mnt/temp/runme umount /mnt/temp # End of the %post section %end
The above example mounts an NFS share and executes a script named runme
located at /usr/new-machines/
on the share. Note that NFS file locking is not supported while in Kickstart mode, therefore the -o nolock
option is required.
Kickstart Error Handling
Kickstart installations can contain custom scripts which are run when the installer encounters a fatal error - for example, an error in a package that has been requested for installation, failure to start VNC when specified, or an error when scanning storage devices. Installation cannot continue after such an error has occured. The installer will run all %onerror
scripts in the order they are provided in the Kickstart file. In addition, %onerror
scripts will be run in the event of a traceback.
Each %onerror
script is required to end with %end
.
--erroronfail
-
Display an error and halt the installation if the script fails. The error message will direct you to where the cause of the failure is logged.
--interpreter=
-
Allows you to specify a different scripting language, such as Python. For example:
%post --interpreter=/usr/bin/python
Any scripting language available on the system can be used; in most cases, these are
/usr/bin/sh
,/usr/bin/bash
, and/usr/bin/python
. --log=
-
Logs the script’s output into the specified log file.
Kickstart Add-ons
Kickstart installations support add-ons. These add-ons can expand the basic Kickstart (and Anaconda) functionality in many ways.
To use an add-on in your Kickstart file, use the %addon addon_name options
command, and finish the command with an %end
statement, similar to pre-installation and post-installation scripts described in previous sections. For example, if you want to use the Kdump add-on, which is distributed with Anaconda by default, use the following commands:
%addon com_redhat_kdump --enable --reserve-mb=auto %end
The %addon
command does not include any options of its own - all options are dependent on the actual add-on. For more information about add-ons, see the Red Hat Enterprise Linux 7 Anaconda Customization Guide.
Sample Kickstart Configurations
Advanced Partitioning Example
The following is an integrated example showing the clearpart
, zerombr
, part
, raid
, volgroup
, and logvol
Kickstart options in action:
clearpart --drives=hda,hdc zerombr # Raid 1 IDE config part raid.11 --size 1000 --asprimary --ondrive=hda part raid.12 --size 1000 --asprimary --ondrive=hda part raid.13 --size 2000 --asprimary --ondrive=hda part raid.14 --size 8000 --ondrive=hda part raid.15 --size 16384 --grow --ondrive=hda part raid.21 --size 1000 --asprimary --ondrive=hdc part raid.22 --size 1000 --asprimary --ondrive=hdc part raid.23 --size 2000 --asprimary --ondrive=hdc part raid.24 --size 8000 --ondrive=hdc part raid.25 --size 16384 --grow --ondrive=hdc # You can add --spares=x raid / --fstype xfs --device root --level=RAID1 raid.11 raid.21 raid /safe --fstype xfs --device safe --level=RAID1 raid.12 raid.22 raid swap --fstype swap --device swap --level=RAID1 raid.13 raid.23 raid /usr --fstype xfs --device usr --level=RAID1 raid.14 raid.24 raid pv.01 --fstype xfs --device pv.01 --level=RAID1 raid.15 raid.25 # LVM configuration so that we can resize /var and /usr/local later volgroup sysvg pv.01 logvol /var --vgname=sysvg --size=8000 --name=var logvol /var/freespace --vgname=sysvg --size=8000 --name=freespacetouse logvol /usr/local --vgname=sysvg --size=1 --grow --name=usrlocal
This advanced example implements LVM over RAID, as well as the ability to resize various directories for future growth.
First, the clearpart
command is used on drives hda
and hdc
to wipe them. The zerombr
command initializes unused partition tables.
Then, the two drives are partitioned to prepare them for RAID configuration. Each drive is divided into five partitions, and each drive is partitioned into an identical layout.
The next part uses these pairs of physical partitions to create a software RAID device with RAID1 level (mirroring). The first four RAID devices are used for /
(root), /safe
, swap
and /usr
. The fifth, largest pair of partitions is named pv.01
and will be used in the following part as a physical volume for LVM.
Finally, the last set of commands first creates a volume group named sysvg
on the pv.01
physical volume. Then, three logical volumes (/var
, /var/freespace
and /usr/local
) are created and added to the sysvg
volume group. The /var
and /var/freespace
volumes have a set size of 8 GB, and the /usr/local
volume uses the --grow
option to fill all remaining available space.
User Input Example
The following is an example showing how to prompt the user for input, and then read that input and save it as a variable, using bash:
%pre
exec < /dev/tty6 > /dev/tty6 2> /dev/tty6
chvt 6
IFS=$'\n'
echo -n "Enter input: "
read USERINPUT
echo
echo -n "You entered:" "$USERINPUT"
echo
chvt 1
exec < /dev/tty1 > /dev/tty1 2> /dev/tty1
%end
Due to the way Kickstart operates, the script must switch to a new virtual terminal before reading input from the user. This is accomplished by the exec < /dev/tty6 > /dev/tty6 2> /dev/tty6
and chvt 6
commands. The read USERINPUT
reads input from the user until enter is pressed, and stores it in the variable USERINPUT
. The echo -n "You entered:" "$USERINPUT"
command displays the text You entered:
followed by the user’s input. Finally, the chvt 1
and exec < /dev/tty1 > /dev/tty1 2> /dev/tty1
commands switch back to the original terminal and allow Kickstart to continue installation.
Example Kickstart file for installing and starting the RNG daemon
The following is an example Kickstart file which demonstrates how to install and enable a service, in this case the Random Number Generator (RNG) daemon, which supplies entropy to the system kernel:
services --enabled=rngd
%packages
rng-tools
%end
The services --enabled=rngd
command instructs the installed system to start the RNG daemon each time the system starts. The rng-tools package, which contains the RNG daemon, is then designated for installation.