Anaconda/Kickstart

From FedoraProject

< Anaconda
Revision as of 23:46, 8 May 2012 by Bcl (Talk | contribs)

Jump to: navigation, search

Contents

Chapter 1. Introduction

What are Kickstart Installations?

Many system administrators would prefer to use an automated installation method to install Fedora or Red Hat Enterprise Linux on their machines. To answer this need, Red Hat created the kickstart installation method. Using kickstart, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical installation.

Kickstart files can be kept on a server system and read by individual computers during the installation. This installation method can support the use of a single kickstart file to install Fedora or Red Hat Enterprise Linux on multiple machines, making it ideal for network and system administrators.

The Fedora installation guide at http://docs.fedoraproject.org/en-US/index.html has a detailed section on kickstart.

How Do You Perform a Kickstart Installation?

Kickstart installations can be performed using a local CD-ROM, a local hard drive, or via NFS, FTP, or HTTP.

To use kickstart, you must:

  1. Create a kickstart file.
  2. Create a boot diskette with the kickstart file or make the kickstart file available on the network.
  3. Make the installation tree available.
  4. Start the kickstart installation.

This chapter explains these steps in detail.

Creating the Kickstart File

The kickstart file is a simple text file, containing a list of items, each identified by a keyword. You can create it by using the Kickstart Configurator application or by writing it from scratch. The Fedora or Red Hat Enterprise Linux installation program also creates a sample kickstart file based on the options that you selected during installation. It is written to the file /root/anaconda-ks.cfg. You should be able to edit it with any text editor or word processor that can save files as ASCII text.

First, be aware of the following issues when you are creating your kickstart file:

  • While not strictly required, there is a natural order for sections that should be followed. Items within the sections do not have to be in a specific order unless otherwise noted. The section order is:
    1. Command section -- Refer to Chapter 2 for a list of kickstart options. You must include the required options.
    2. The %packages section -- Refer to Chapter 3 for details.
    3. The %pre, %post, and %traceback sections -- These sections can be in any order and are not required. Refer to Chapter 4 and Chapter 5 for details.
  • The %packages, %pre, %post and %traceback sections are all required to be closed with %end
  • Items that are not required can be omitted.
  • Omitting any required item will result in the installation program prompting the user for an answer to the related item, just as the user would be prompted during a typical installation. Once the answer is given, the installation will continue unattended unless it finds another missing item.
  • Lines starting with a pound sign (#) are treated as comments and are ignored.
  • If deprecated commands, options, or syntax are used during a kickstart installation, a warning message will be logged to the anaconda log. Since deprecated items are usually removed within a release or two, it makes sense to check the installation log to make sure you haven't used any of them. When using ksvalidator, deprecated items will cause an error.
  • For kickstart upgrades, the following items are required:
    1. Language
    2. Installation method
    3. Device specification (if device is needed to perform installation)
    4. Keyboard setup
    5. The upgrade keyword
    6. Boot loader configuration

If any other items are specified for an upgrade, those items will be ignored - this includes package selection.

Special Notes for Referring to Disks

Traditionally, disks have been referred to throughout Kickstart by a device node name (such as sda). The Linux kernel has moved to a more dynamic method where device names are not guaranteed to be consistent across reboots, so this can complicate usage in Kickstart scripts. To accommodate stable device naming, you can use any item from /dev/disk in place of a device node name. For example, instead of:

part / --fstype=ext4 --onpart=sda1

You could use an entry similar to one of the following:

part / --fstype=ext4 --onpart=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0-part1
part / --fstype=ext4 --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1

This provides a consistent way to refer to disks that is more meaningful than just sda. This is especially useful in large storage environments.

You can also use shell-like entries to refer to disks. This is primarily intended to make it easier to use the clearpart and ignoredisk commands in large storage environments. For example, instead of:

ignoredisk --drives=sdaa,sdab,sdac

You could use an entry similar to the following:

ignoredisk --drives=/dev/disk/by-path/pci-0000:00:05.0-scsi-*

Finally, anywhere you want to refer to an existing partition or filesystem (say, in the part --ondisk=) option, you may also refer to the device by its filesystem label or UUID. This is done as follows:

part /data --ondisk=LABEL=data
part /misc --ondisk=UUID=819ff6de-0bd6-4bf4-8b72-dbe41033a85b

Chapter 2. Kickstart Options

The following options can be placed in a kickstart file. If you prefer to use a graphical interface for creating your kickstart file, you can use the Kickstart Configurator application.

Stop (medium size).png
If the option is followed by an equals mark (=), a value must be specified after it. In the example commands, options in [square brackets] are optional arguments for the command.
Stop (medium size).png
pykickstart processes arguments to commands just like the shell does. If a list of arguments can be passed in, the arguments must be separated by commas and not include any extra spaces. If extra spaces are required in the list of arguments, the entire argument must be surrounded by double quotes. If quotes, spaces, or other special characters need to be added to the argument list, they must be escaped.

auth or authconfig

This required command sets up the authentication options for the system. This is just a wrapper around the authconfig program, so all options recognized by that program are valid for this command. See the manual page for authconfig for a complete list.

By default, passwords are normally encrypted and are not shadowed.

autopart

Automatically create partitions -- 1 GB or more root (/) partition, a swap partition, and an appropriate boot partition for the architecture. One or more of the default partition sizes can be redefined with the part directive.

--type=<type>

Select automatic partitioning scheme. Must be one of the following: lvm, btrfs, plain. Plain means regular partitions with no btrfs or lvm. (Added in anaconda-17.3)

--encrypted

Should all devices with support be encrypted by default? This is equivalent to checking the "Encrypt" checkbox on the initial partitioning screen.

--passphrase=

Provide a default system-wide passphrase for all encrypted devices.

--escrowcert=<url>

Load an X.509 certificate from <url>. Store the data encryption keys of all encrypted volumes created during installation, encrypted using the certificate, as files in /root. Only relevant if --encrypted is specified.

--backuppassphrase

Only relevant if --escrowcert is specified. In addition to storing the data encryption keys, generate a random passphrase and add it to all encrypted volumes created during installation. Then store the passphrase, encrypted using the certificate specified by --escrowcert, as files in /root (one file for each encrypted volume).

autostep

Kickstart installs normally skip unnecessary screens. This makes the installer step through every screen, displaying each briefly.

This is mostly used for debugging.

--autoscreenshot

Take a screenshot at every step during installation and copy the images over to /root/anaconda-screenshots after installation is complete. This is most useful for documentation.

bootloader

This required command specifies how the boot loader should be installed. This option is required for both installations and upgrades.

Important.png
BIOS Boot partition
As of Fedora 16 there must be a biosboot partition for the bootloader to be installed successfully onto a disk that contains a GPT/GUID partition table, which includes disks initialized by anaconda. This partition may be created with the kickstart option part biosboot --fstype=biosboot --size=1. However, in the case that a disk has an existing biosboot partition, adding a "part biosboot" option is unnecessary.

--append=

Specifies kernel parameters. The default set of bootloader arguments is "rhgb quiet". You will get this set of arguments regardless of what parameters you pass to --append, or if you leave out --append entirely. For example:
bootloader --location=mbr --append="hdd=ide-scsi ide=nodma"

--driveorder

Specify which drive is first in the BIOS boot order. For example:
bootloader --driveorder=sda,hda

--location=

Specifies where the boot record is written. Valid values are the following: mbr (the default), partition (installs the boot loader on the first sector of the partition containing the kernel), or none (do not install the boot loader).

--password=

If using GRUB, sets the GRUB boot loader password. This should be used to restrict access to the GRUB shell, where arbitrary kernel options can be passed.

--md5pass=

If using GRUB, similar to --password= except the password should already be encrypted.

--upgrade

Upgrade the existing boot loader configuration, preserving the old entries. This option is only available for upgrades.

--timeout=<secs>

Specify the number of seconds before the bootloader times out and boots the default option.

btrfs

(Added in anaconda-17.3)

Defines a BTRFS volume or subvolume. This command is of the form:

btrfs <mntpoint> --data=<level> --metadata=<level> --label=<label> <partitions*>

for volumes and of the form:

btrfs <mntpoint> --subvol --name=<path> <parent>

for subvolumes.

The <partitions*> (which denotes that multiple partitions can be listed) lists the BTRFS identifiers to add to the BTRFS volume. For subvolumes, <parent> should be the identifier of the subvolume's parent volume.

<mntpoint>

Location where the file system is mounted.

--data=

RAID level to use (0, 1, 10) for filesystem data. Optional. This option has no meaning for subvolumes.

--metadata=

RAID level to use (0, 1, 10) for filesystem/volume metadata. Optional. This option has no meaning for subvolumes.

--label=

Specify the label to give to the filesystem to be made. If the given label is already in use by another filesystem, a new label will be created. This option has no meaning for subvolumes.

--noformat

Use an existing BTRFS volume and do not reformat the filesystem. This option has no meaning for subvolumes.

--useexisting

Same as --noformat, above. This option has no meaning for subvolumes.

The following example shows how to create a BTRFS volume from member partitions on three disks with subvolumes for root and home. The main volume is not mounted or used directly in this example -- only the root and home subvolumes.

part btrfs.01 --size=6000 --ondisk=sda
part btrfs.02 --size=6000 --ondisk=sdb
part btrfs.03 --size=6000 --ondisk=sdc

btrfs none --data=0 --metadata=1 --label=f17 btrfs.01 btrfs.02 btrfs.03
btrfs / --subvol --name=root LABEL=f17
btrfs /home --subvol --name=home f17

clearpart

Removes partitions from the system, prior to creation of new partitions. By default, no partitions are removed.

Stop (medium size).png
If the clearpart command is used, then the --onpart command cannot be used on a logical partition.

--all

Erases all partitions from the system.

--drives=

Specifies which drives to clear partitions from. For example, the following clears the partitions on the first two drives on the primary IDE controller:
clearpart --all --drives=hda,hdb

--initlabel

Initializes the disk label to the default for your architecture (for example msdos for x86 and gpt for Itanium). This is only meaningful in combination with the '--all' option.

--linux

Erases all Linux partitions.

--none (default)

Do not remove any partitions.

cmdline

Perform the installation in a completely non-interactive command line mode. Any prompts for interaction will halt the install. This mode is useful on S/390 systems with the x3270 console.

device

On most PCI systems, the installation program will autoprobe for Ethernet and SCSI cards properly. On older systems and some PCI systems, however, kickstart needs a hint to find the proper devices. The device command, which tells the installation program to install extra modules, is in this format:

device <moduleName> --opts=<options>

<moduleName>

Replace with the name of the kernel module which should be installed.

--opts=

Options to pass to the kernel module. For example:
--opts="aic152x=0x340 io=11"

dmraid

dmraid --name= --dev=

driverdisk

Driver diskettes can be used during kickstart installations. You need to copy the driver disk's contents to the root directory of a partition on the system's hard drive. Then you need to use the driverdisk command to tell the installation program where to look for the driver disk.

driverdisk <partition>|--source=<url>|--biospart=<part>

<partition>

Partition containing the driver disk.

--source=<url>

Specify a URL for the driver disk. NFS locations can be given with nfs:host:/path/to/img.

--biospart=<part>

BIOS partition containing the driver disk (such as 82p2).

firewall

This option corresponds to the Firewall Configuration screen in the installation program:

firewall --enabled|--disabled <device> [options]

--enabled or --enable

Reject incoming connections that are not in response to outbound requests, such as DNS replies or DHCP requests. If access to services running on this machine is needed, you can choose to allow specific services through the firewall.

--disabled or --disable

Do not configure any iptables rules.

--trust=

Listing a device here, such as eth0, allows all traffic coming from that device to go through the firewall. To list more than one device, use --trust eth0 --trust eth1. Do NOT use a comma-separated format such as --trust eth0, eth1.

<incoming>

Replace with none or more of the following to allow the specified services through the firewall.
--ssh - The ssh option is enabled by default, regardless of the presence of this flag.
--smtp
--http
--ftp

--port=

You can specify that ports be allowed through the firewall using the port:protocol format. You can also specify ports numerically. Multiple ports can be combined into one option as long as they are separeted by commas. For example:
firewall --port=imap:tcp,1234:ucp,47

--service=

This option provides a higher-level way to allow services through the firewall. Some services (like cups, avahi, etc.) require multiple ports to be open in order for the service to work. You could specify each individual service with the --port option, or specify --service= and open them all at once. Valid options are anything recognized by the lokkit program in the system-config-firewall-base package.

firstboot

Determine whether the Setup Agent starts the first time the system is booted. If enabled, the firstboot package must be installed. If not specified, firstboot is disabled by default.

--enable or --enabled

The Setup Agent is started the first time the system boots.

--disable or --disabled

The Setup Agent is not started the first time the system boots.

--reconfig

Enable the Setup Agent to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone, and networking configuration options in addition to the default ones.

group

Creates a new user group on the system.

group --name=<name> [--gid=<gid>]

--name=

Provides the name of the new group.

--gid=

The group's GID. If not provided, this defaults to the next available non-system GID.

graphical

Perform the kickstart installation in graphical mode. This is the default.

halt

At the end of installation, display a message and wait for the user to press a key before rebooting. This is the default action.


ignoredisk

Controls anaconda's access to disks attached to the system. Only one of the following two options may be used.

ignoredisk --drives=[disk1,disk2,...]

Specifies those disks that anaconda should not touch when partitioning, formatting, and clearing.

ignoredisk --only-use=[disk1,disk2,...]

Specifies the opposite - only disks listed here will be used during installation.

ignoredisk --interactive

Allow the user manually navigate the advanced storage screen.

install

Tells the system to install a fresh system rather than upgrade an existing system. This is the default mode. For installation, you must specify the type of installation from one of cdrom, harddrive, nfs, or url (for ftp or http installations). The install command and the installation method command must be on separate lines.

cdrom

Install from the first CD-ROM/DVD drive on the system.

harddrive

Install from a directory of ISO images on a local drive, which must be either vfat or ext2. In addition to this directory, you must also provide the install.img in some way. You can either do this by booting off the boot.iso or by creating an images/ directory in the same directory as the ISO images and placing install.img in there.
--biospart=
BIOS partition to install from (such as 82p2).
--partition=
Partition to install from (such as, sdb2).
--dir=
Directory containing both the ISO images and the images/install.img. For example:
harddrive --partition=hdb2 --dir=/tmp/install-tree

nfs

Install from the NFS server specified. This can either be an exploded installation tree or a directory of ISO images. In the latter case, the install.img must also be provided subject to the same rules as with the harddrive installation method described above.
--server=
Server from which to install (hostname or IP).
--dir=
Directory containing the Packages/ directory of the installation tree. If doing an ISO install, this directory must also contain images/install.img.
--opts=
Mount options to use for mounting the NFS export. Any options that can be specified in /etc/fstab for an NFS mount are allowed. The options are listed in the nfs(5) man page. Multiple options are separated with a comma.
For example:
nfs --server=nfsserver.example.com --dir=/tmp/install-tree

url

Install from an installation tree on a remote server via FTP or HTTP.
--url=
The URL to install from.
--proxy=[protocol://][username[:password]@]host[:port]
Specify an HTTP/HTTPS/FTP proxy to use while performing the install. The various parts of the argument act like you would expect.
--noverifyssl
For a tree on a HTTPS server do not check the server's certificate with what well-known CA validate and do not check the server's hostname matches the certificate's domain name.


iscsi

Specifies additional iSCSI storage to be attached during installation. If you use the iscsi parameter, you must also assign a name to the iSCSI node, using the iscsiname parameter. The iscsiname parameter must appear before the iscsi parameter in the kickstart file.

iscsi --ipaddr= [options]

We recommend that wherever possible you configure iSCSI storage in the system BIOS or firmware (iBFT for Intel systems) rather than use the iscsi parameter. *Anaconda* automatically detects and uses disks configured in BIOS or firmware and no special configuration is necessary in the kickstart file.

If you must use the iscsi parameter, ensure that networking is activated at the beginning of the installation, and that the iscsi parameter appears in the kickstart file before you refer to iSCSI disks with parameters such as clearpart or ignoredisk.

--ipaddr= (mandatory)

The IP address of the target to connect to.

--port=

The port number to connect to (default, --port=3260).

--target=

The target iqn.

--iface=

Bind connection to specific network interface instead of using the default one determined by network layer. Once used, it must be specified for all iscsi commands.

--user=

The username required to authenticate with the target.

--password=

The password that corresponds with the username specified for the target.

--reverse-user=

The username required to authenticate with the initiator from a target that uses reverse CHAP authentication.

--reverse-password=

The password that corresponds with the username specified for the initiator.

iscsiname

Assigns an initiator name to the computer. If you use the iscsi parameter in your kickstart file, this parameter is mandatory, and you must specify iscsiname in the kickstart file before you specify iscsi.

iscsiname <iqn>

keyboard

This required command sets system keyboard type. Here is the list of available keyboards on i386, Itanium, and Alpha machines:

ar-azerty, ar-azerty-digits, ar-digits, ar-qwerty, ar-qwerty-digits, be-latin1, ben, ben-probhat, bg_bds-utf8, bg_pho-utf8, br-abnt2, cf, croat, cz-lat2, cz-us-qwertz, de, de-latin1, de-latin1-nodeadkeys, dev, dk, dk-latin1, dvorak, es, et, fi, fi-latin1, fr, fr-latin1, fr-latin9, fr-pc, fr_CH, fr_CH-latin1, gr, guj, gur, hu, hu101, ie, is-latin1, it, it-ibm, it2, jp106, ko, la-latin1, mk-utf, nl, no, pl2, pt-latin1, ro, ro-cedilla, ro-std, ro-std-cedilla, ru, sg, sg-latin1, sk-qwerty, slovene, sr-cy, sr-latin, sv-latin1, tj, tml-inscript, tml-uni, trq, ua-utf, uk, us, us-acentos