From Fedora Project Wiki

Chapter 1. 引言

什么是Kickstart安装?

许多系统管理员都希望能够使用自动化安装的方式来在他们的机器上安装Fedora或红帽企业版Linux。为了满足这样的需求,红帽公司创建了kickstart安装方式。通过使用kickstart,系统管理员能够创建一个单独的、包含安装过程中遇到的所有问题答案的文件。

kickstart文件能被存储在服务器系统之上,机器在安装系统的时候可以读取该文件。这种安装方式支持只用一个kickstart文件就可以在多台机器上安装Fedora和红帽企业版Linux的特性,这对于网络和系统管理员来说非常理想。

Fedora安装指南(http://docs.fedoraproject.org/en-US/index.html) 中有关于kickstart的详细说明。

如何使用kickstart进行系统安装?

使用kickstart来安装系统可以通过本地CD-ROM、本地磁盘、或者通过NFS、FTP、HTTP来进行。

为了使用kickstart,你必须:

  1. 创建一个kickstart文件
  2. 创建一个带有kickstart文件的启动磁盘,或者让kickstart可以通过网络访问
  3. 使能安装树
  4. 开始kickstart安装

本章节详细地解释了这些步骤。

创建Kickstart文件

kickstart文件是一个简单的文本文件,它包含了一个项目列表,列表中的每一个项目都有一个关键字用来识别。你可以通过Kickstart Configurator程序来生成kickstart文件,也可以手动编辑。Fedora或者红帽企业版Linux安装程序已经根据你在安装过程中的选择创建了一个简单的kickstart文件。它就是/root/anaconda-ks.cfg。你应该可以使用能够识别ASCII编码的文本编辑器或文字处理软件来编辑它。

首先,在创建kickstart文件的时候应该注意以下问题:

  • 有一条并不严格的要求,kickstart文件中各部分(section)要遵循一定的顺序。每个部分中的项(Item)并不需要按照一定的顺序排列,除非有其他要求。各部分的顺序如下:
    1. 命令部分 -- (参考第二章节)列出的kickstart选项(option),必须包含要求的选项。
    2. %packages部分 -- 详细内容参见第三章节。
    3. %pre, %post, 以及%traceback部分 -- 这些部分的顺序可以任意排列,更详细的内容请参考第四和第五章节。
  • %packages, %pre, %post以及%traceback部分需要以%end结束。
  • 不要求的项(Item)可以被省略。
  • 省略任何一个被要求的项将会导致安装程序向用户询问相关的问题,就像典型安装过程向用户询问那样。一旦用户给出了答案,安装过程将会继续自动进行,除非又遇到缺失的项。
  • 以(#)开头的行作为注释行被忽略。
  • 如果在kickstart安装中使用了不推荐的命令、选项或者语法,警告日志将会被记录到anaconda日志中。因为在一个或者两个发行版之间这些不推荐的项经常会被删掉,所以检查安装日志以确保没有使用这些项非常必要。当使用ksvalidator的时候,这些不推荐的项会导致错误。

引用磁盘的特殊说明

传统上,Kickstart一直通过设备节点名(例如 sda)来引用磁盘。Linux内核采用了更加动态的方法,设备名并不会在重启时保持不变。因此,这会使得在Kickstart脚本中引用磁盘变得复杂。为了满足稳定的设备命名,你可以在项(Item)中使用/dev/disk代替设备名。例如,你可以使用:

part / --fstype=ext4 --onpart=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0-part1
part / --fstype=ext4 --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1

来代替:

part / --fstype=ext4 --onpart=sda1

这种方式提供了对磁盘的持久引用,因而比仅仅使用sda更加有意义。 这在大的存储环境中特别有意义。

你也可以使用类似于shell的入口来应用磁盘。这种方式主要用来简化大的存储环境中clearpart以及ignoredisk命令的使用。例如,为了替代:

ignoredisk --drives=sdaa,sdab,sdac

你可以使用如下的入口:

ignoredisk --drives=/dev/disk/by-path/pci-0000:00:05.0-scsi-*

最后,如果想要在任何地方引用已经存在的分区或者文件系统(例如,在part --ondisk=中),你可以通过文件系统标签(label)或者UUID来进行。例如:

part /data --ondisk=LABEL=data
part /misc --ondisk=UUID=819ff6de-0bd6-4bf4-8b72-dbe41033a85b

Chapter 2. Kickstart选项

如下的选项可以放到kickstart文件中。如果你喜欢图形化的接口,可以使用Kickstart Configurator程序。

如果选项后接等号(=),等号后面必须指定选项的值。 在示例命令中, [方括号]中的选项是可选的。
pykickstart处理命令参数的方式和shell相似。 如果一个参数列表(多个参数)传进来,这些参数必须以逗号隔开,并且不能有多余的空格。 如果参数列表需要多余的空格,那么整个参数列表就要用双引号括起来。如果引号、空格或者其他特殊字符需要被加入到参数列表,必须将它们进行转义。

auth 或者 authconfig(必需)

auth命令设置系统的授权选项。它只是authconfig程序的封装,因而所有被authconfig程序识别的选项都可以应用于auth命令。想要获取完整的列表,请参考authconfig手册页。

默认情况下,密码一般会被加密但并不会放在shadow文件中。

autopart

自动创建分区--一个根分区(/)、一个swap分区,以及一个适合体系架构(architecture)的boot分区。如果磁盘驱动器足够大,也会创建/home分区。

autopart命令不能和part/partition, raid, volgroup 或者 logvol 命令存在与同一kickstart文件里。

--type=<type>

选择自动分区机制。必须是lvm, btrfs, plain, thinp中的一个。Plain意味着常规分区,没有btrfs和lvm.

--encrypted

所有支持的设备都应该默认加密吗?这等价于在初始化分区的屏幕上选择"加密"复选框。

--passphrase=

只在--encrypted指定时有效。为所有加密设备提供一个系统范围内的默认密码。

--escrowcert=<url>

只在--encrypted指定时有效。从<url>加载X.509认证。在/root目录下以文件的形式存储所有安装过程中创建的加密卷的密钥。

--backuppassphrase

只在 --escrowcert指定时有效。除了存储数据密钥之外,在所有安装过程中产生的加密卷中加入随机生成的密码。然后在/root目录下以文件的形式存储这些使用--escrowcert指定的认证加密过的密码。(每个加密卷对应一个文件)

--cipher

只在--encrypted指定时有效。指定加密文件系统时所用到的加密算法。

autostep

通常情况下,kickstart安装时跳过了不必要的屏幕显示。该选项可以让安装过程简单地显示每一步的屏幕。autostep多用于调试。

--autoscreenshot

在安装过程中,将每一步的屏幕截图并在安装完成后将这些截图拷贝到/root/anaconda-screenshots目录下。这对写文档非常有帮助。

bootloader(必需)

该命令指明了引导程序(bootloader)如何被安装.

BIOS引导分区
从Fedora16开始,包含GPT/GUID的磁盘必须有一个bios引导分区,用来安装引导程序。该分区必须用kickstart选项part biosboot --fstype=biosboot --size=1创建。然而,如果一个磁盘已经有了bisoboot分区,就没有必要使用"part biosboot"了。

--append=

指定内核参数。引导程序默认的参数是"rhgb quiet"。无论--append的参数是什么,或者你把--append完全遗漏了,你都会得到这个参数。例如:
bootloader --location=mbr --append="hdd=ide-scsi ide=nodma"

--boot-drive=

指定引导程序被写入的驱动器,也即是操作系统开始启动的驱动器。

--leavebootorder

在EFI或者ISeries/PSeries的机器上,该选项可以防止安装器(installer)改变现存的可启动镜像列表。

--driveorder

指定BIOS启动顺序中的第一个驱动器。例如:
bootloader --driveorder=sda,hda

--location=

指定引导记录写入的位置。有效的值包括:mbr(默认),partition(在包含内核的分区的第一个扇区上安装引导程序),或者none(不安装引导程序)。

--password=

如果使用了GRUB,设置GRUB引导程序的密码。该密码用于访问GRUB shell。(在GRUB shell中可以传递任意内核参数)

--iscrypted=

如果被使用,--password=指定的密码已经被加密,而且应该不做额外修改地传递给引导程序的配置文件。

--md5pass=

如果使用了GRUB,类似于--password=,但密码已经被加密。

--timeout=<secs>

指定引导程序超时之前等待的秒数,超时之后将会启动默认选项。

--default=

在引导程序的配置文件中设置默认的启动镜像。

--extlinux

使用extlinux引导程序代替GRUB。该选项只能在extlinux支持的机器上工作。

btrfs

(anaconda-17.3引入)

定义一个BTRFS卷或者子卷(subvolume)。该命令的形式如下:

定义卷:

btrfs <mntpoint> --data=<level> --metadata=<level> --label=<label> <partitions*>

定义子卷:

btrfs <mntpoint> --subvol --name=<path> <parent>

<partitions*>(表示可以列出多个分区)列出了添加到BTRFS卷上的BTRFS标示符。对于子卷来说,<parent>应该是这些子卷对应的父卷的标示符。

<mntpoint>

文件系统的挂载点。

--data=

文件系统数据使用的RAID级别(0, 1, 10)。该选项对于子卷没有意义。

--metadata=

文件系统/卷的元数据使用的RAID级别(0, 1, 10)。可选。该选项对于子卷没有意义。

--label=

指定将要生成的文件系统标签(label)。如果指定的标签已经被另外一个文件系统使用,则会创建一个新的标签。该选项对于子卷没有意义。

--noformat

使用存在的BTRFS卷(或者子卷),不会重新进行格式化操作。

--useexisting

类似于--noformat,同上。

下面的例子展示了如何从分别位于三个磁盘上的三个分区创建一个BTRFS卷和子卷,子卷用于root和home。在示例中,主卷并没有挂载和直接使用--仅使用了root和home子卷。

part btrfs.01 --size=6000 --ondisk=sda
part btrfs.02 --size=6000 --ondisk=sdb
part btrfs.03 --size=6000 --ondisk=sdc

btrfs none --data=0 --metadata=1 --label=f17 btrfs.01 btrfs.02 btrfs.03
btrfs / --subvol --name=root LABEL=f17
btrfs /home --subvol --name=home f17

clearpart

从系统中删除分区,先于新分区的创建。默认不删除任何分区。

如果使用了clearpart,--onpart命令不能用于该逻辑分区

--all

删除系统上的所有分区。

--drives=

指定从哪个驱动器上删除分区。例如,下面的代码删除了IDE控制器上的前两个驱动器上的所有分区。
clearpart --all --drives=sda,sdb

--list=

指定了要删除的分区。如果使用,它会取代所有的--all--linux选项。它可以在驱动器之间交叉使用:
clearpart --list=sda2,sda3,sdb1

--initlabel

将磁盘标签初始化为体系架构的默认值(例如x86是msdos,Itanium是gpt)。该选项只有和'--all'选项联合使用才有意义。

--linux

删除linux分区。

--none (default)

不删除任何分区。

cmdline

以完全非交互的命令行模式安装。任何导致交互的动作都会使安装过程停止。这种模式对于带有x3270控制台的S/390系统非常有用。

device

在大多数PCI系统上,安装程序会正确地自动探测以太网和SCSI卡。然而,在旧系统和一些PCI系统上,kickstart需要一个提示来寻找正确的设备。device命令告诉安装程序以如下的形式安装额外的模块:

device <moduleName> --opts=<options>

<moduleName>

用应该安装的内核模块名替代。

--opts=

传递给内核模块的选项。例如:
--opts="aic152x=0x340 io=11"

dmraid

dmraid --name= --dev=

driverdisk

kickstart安装过程可以使用磁盘(Driver diskettes)。你需要把磁盘的内容拷贝到系统硬盘上一个分区的根目录。然后使用driverdisk命令告诉安装程序哪里可以找到磁盘内容。

driverdisk <partition>|--source=<url>|--biospart=<part>

<partition>

包含磁盘内容的分区.

--source=<url>

为磁盘内容指定一个URL。NFS位置可以使用nfs:host:/path/to/img给出。

--biospart=<part>

包含磁盘内容的bios分区(例如82p2)。

fcoe

firewall

该选项对应安装程序中的防火墙配置界面:

firewall --enabled|--disabled <device> [options]

--enabled or --enable

拒绝不是如DNS或者DHCP应答之类响应外部请求的连接。如果需要访问在这台机器上运行的服务,你可以通过防火墙选择允许特定的服务。

--disabled or --disable

不配置iptable规则。

--trust=

在这里列出一个设备,比如说eth0,允许来自该设备的数据包通过防火墙。可使用--trust eth0 --trust eth1列出多个设备,而不要使用such as --trust eth0, eth1这样逗号分隔的格式。

<incoming>

使用下面的字符代替<incoming>以允许特定的服务通过防火墙:
--ssh - ssh是被默认开启的,这个选项会被忽略.
--smtp
--http
--ftp

--port=

你可以使用"端口(服务名):协议"这样的格式来指定可以通过防火墙的端口,也可以通过端口号来指定。
firewall --port=imap:tcp,1234:ucp,47

--service=

该选项提供一种更高级别的方式来允许服务通过防火墙。一些服务(例如 cpus, avahi,等)需要多个端口打开或者其他特殊的配置。你可以用 --port或者--service=将它们一次打开。
所有可以被firewalld包中的firewall-offline-cmd程序识别的选项都是可用的。如果firewalld正在运行, firewall-cmd --get-services将会提供一个可以识别的服务的列表。

firstboot

决定是否在第一次启动系统后运行设置代理程序(Setup Agent)。如果使能,firstboot包必须被安装。如果没有使能,firstboot缺省是禁用的。

--enable or --enabled

第一次启动系统后运行设置代理程序。

--disable or --disabled

第一次启动系统后不运行设置代理程序。

--reconfig

使设置代理程序在启动后运行于重新配置模式。该模式启用了默认配置选项之外的语言、鼠标、键盘、根密码、安全级别、时区以及网络配置选项。

group

在系统上创建一个新的用户组。如果指定的组名或者GID已经存在,则该命令失效。除此之外,user命令会为新创建的用户创建新的用户组。

group --name=<name> [--gid=<gid>]

--name=

提供新组的名字。

--gid=

The group's GID. If not provided, this defaults to the next available non-system GID.
用户组标识GID。如果没有提供,默认是下一个可用的非系统GID。

graphical

以图形模式完成kickstart安装。这是默认的。

halt

在安装的最后,显示提示消息并等待用户按键来重启系统。这是默认的操作。

ignoredisk

控制anaconda对系统磁盘的访问。下面的两个选项中可能只有一个被用到。

ignoredisk --drives=[disk1,disk2,...]

指定在分区、格式化、擦出时anaconda不应该访问的磁盘。

ignoredisk --only-use=[disk1,disk2,...]

与上面的选项相反。仅有列出的磁盘可以在安装过程中被使用。

ignoredisk --interactive

允许用户手动进行设置。

install

告诉系统是安装一个全新的系统而不是升级存在的系统(默认)。安装时,你可以从cdrom、硬盘驱动器、nfs、或者url(ftp,http安装)中指定安装类型。install命令和安装方法必须在不同的行设置。

注意:从F18起,anaconda不再支持升级。升级必须由FedUp(Fedora升级工具)来完成。

cdrom

cdrom

从系统上的第一个CD-ROM/DVD驱动安装。

harddrive

harddrive [--biospart=<bios partition> | --partition=<partition>] [--dir=<directory>]

从本地驱动器上包含ISO镜像的目录安装,该驱动器必须是vfat或者ext2文件系统。除了改目录之外,还需要以后面的方式提供install.img。一种方式是由boot.iso启动,另一种是在ISO镜像相同的目录中创建一个images/目录,然后将install.img放在那里。
--biospart=
安装用到的BIOS分区(例如82p2)。
--partition=
安装用到的硬盘分区(例如sdb2)。
--dir=
包含ISO镜像和images/install.img的目录。例如:
harddrive --partition=hdb2 --dir=/tmp/install-tree

liveimg

liveimg --url=<url> [--proxy=<proxyurl>] [--checksum=<sha256>] [--noverifyssl]

安装一个磁盘镜像而不是软件包。镜像可以是Live iso上的squashfs.img,也可以是任何可以被安装介质挂载的文件系统(例如ext4)。Anaconda预期该镜像包含完成系统安装所需的实用程序。因此,创建磁盘镜像最好的方法是使用livemedia-creator。如果该镜像包含/LiveOS/*.img(这是squashfs.img的构成),LiveOS中的第一个*.img将会被挂载,并用来安装目标系统。
--url=
安装用到的URL。支持http,https,ftp以及文件。
--proxy=[protocol://][username[:password]@]host[:port]
指定在安装时用到的HTTP/HTTPS/FTP代理。参数的各个部分用实际值来代替。
--checksum=
可选,镜像文件的sha256校验和。
--noverifyssl
对于HTTPS服务器上的目录树,不用检查服务器的证书以及服务器的主机名匹配证书的域名。

nfs

nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]

从指定的NFS服务器安装。可以是分解的安装树或者ISO镜像的目录。如果是后者,和上面所描述的硬盘驱动器安装方式所遵循的规则一样,必须提供install.img。
--server=
指定服务器(主机名或者IP)。
--dir=
包含安装树的软件包/目录的目录。如果是ISO安装,该目录必须包含images/install.img。
--opts=
挂载NFS的选项。所有可以在/etc/fstab中指定的NFS选项都可以使用。这些选项列表在nfs(5)的man手册中可以查到。多个选相使用逗号分隔。
例如:
nfs --server=nfsserver.example.com --dir=/tmp/install-tree

url

url --url=<url>|--mirrorlist=<url> [--proxy=<proxy url>] [--noverifyssl]

通过FTP和HTTP从远程服务器安装。
--url=
安装用到的URL。在该URL中完成$releasever和$basearch的变量替换(F19中增加)。
--mirrorlist=
安装用到的镜像URL。在该URL中完成$releasever和$basearch的变量替换(F19中增加)。
--proxy=[protocol://][username[:password]@]host[:port]
指定安装时用到的HTTP/HTTPS/FTP代理。参数的各个部分用实际值来代替。
--noverifyssl
对于HTTPS服务器上的目录树,不用检查服务器的证书以及服务器的主机名匹配证书的域名。

iscsi

指定在安装时附加的iSCSI存储。如果要使用iscsi参数,你必须通过iscsiname参数指定iSCSI节点的名字。iscsiname参数在kickstart文件中的位置必须在iscsi参数前面。

iscsi --ipaddr= [options]

无论在哪里使用,我们都推荐在系统BIOS或者固件(Intel系统的iBFT)中配置iSCSI存储,而不是使用iscsi参数。*Anaconda*会自动探测和使用BIOS或者固件中的磁盘配置,不需要在kickstart文件中另外配置。

如果你必须使用iscsi参数,请确保在安装开始时网络是激活的,以及iscsi参数在kickstart文件中的位置应该在引用iscsi磁盘的参数(如clearpart或ignoredisk)之前。

--ipaddr= (mandatory)

要连接的目标端(Target)的IP地址。

--port=

要连接的端口号(默认是--port=3260)。

--target=

目标端iqn.

--iface=

绑定连接到指定的网络接口,而不是使用网络层决定的默认网卡。一旦使用,所有的iscsi命令必须指定。

--user=

目标端鉴定用到的用户名。

--password=

目标端指定用户名对应的密码。

--reverse-user=

使用反向CHAP身份认证的目标端对应的发起端(initiator)鉴定所使用的用户名。

--reverse-password=

发起端指定的用户名对应的密码。

iscsiname

给电脑分配一个发起端名字。如果你在kickstart文件中使用了iscsi参数,该参数是强制的,而且要在iscsi参数之前出现。

iscsiname <iqn>

keyboard

This required command sets system keyboard type. See the documentation of --vckeymap option and the tip at the end of this section for a guide how to get values accepted by this command.

Starting with Fedora 18 the keyboard command has three new options:

keyboard [--vckeymap=<keymap>] [--xlayouts=<layout1>,<layout2>,...,<layoutN>] [--switch=<option1>...<optionN>] [arg]

Either --vckeymap or --xlayouts must be used.
Alternatively, use the older format, arg, which is still supported. arg can be an X layout or VConsole keymap name.
Missing values will be automatically converted from the given one(s).

--vckeymap=<keymap>

Specify VConsole keymap that should be used. <keymap> is a keymap name which is the same as the filename under /usr/lib/kbd/keymaps/ without the ".map.gz" extension.

--xlayouts=<layout1>,<layout2>,...,<layoutN>

Specify a list of X layouts that should be used (comma-separated list without spaces).
Accepts the same values as setxkbmap(1), but uses either the layout format (such as cz) or the 'layout (variant)' format (such as 'cz (qwerty)').
For example:
keyboard --xlayouts=cz,'cz (qwerty)'

--switch=<option1>,...,<optionN>

Specify a list of layout switching options that should be used (comma-separated list without spaces).
Accepts the same values as setxkbmap(1) for layout switching.
For example
keyboard --xlayouts=cz,'cz (qwerty)' --switch=grp:alt_shift_toggle
If you know only the description of the layout (e.g. Czech (qwerty)), you can use http://vpodzime.fedorapeople.org/layouts_list.py to list all available layouts and find the one you want to use. The string in square brackets is the valid layout specification as Anaconda accepts it. The same goes for switching options and http://vpodzime.fedorapeople.org/switching_list.py (both scripts need package libxklavier installed in version >= 5.1-1)

lang

lang <id>

This required command sets the language to use during installation and the default language to use on the installed system to <id>. This can be the same as any recognized setting for the $LANG environment variable, though not all languages are supported during installation.

Certain languages (mainly Chinese, Japanese, Korean, and Indic languages) are not supported during text mode installation. If one of these languages is specified using the lang command, installation will continue in English though the running system will have the specified langauge by default.

The file /usr/share/system-config-language/locale-list provides a list the valid language codes in the first column of each line and is part of the system-config-languages package.

logvol

Create a logical volume for Logical Volume Management (LVM).

logvol <mntpoint> --vgname=<name> --size=<size> --name=<name> <options>

--noformat

Use an existing logical volume and do not format it.

--useexisting

Use an existing logical volume and reformat it.

--fstype=

Sets the file system type for the logical volume. Valid values include ext4, ext3, ext2, btrfs, swap, and vfat. Other filesystems may be valid depending on command line arguments passed to anaconda to enable other filesystems. Btrfs is a experimental filesystem. Do take regular backups if you are using it.

--fsoptions=

Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the /etc/fstab file of the installed system and should be enclosed in quotes.

--grow

Tells the logical volume to grow to fill available space (if any), or up to the maximum size setting. Note that --grow is not supported for logical volumes containing a RAID volume on top of them.

--maxsize=

The maximum size in megabytes when the logical volume is set to grow. Specify an integer value here, and do not append the number with MB.

--recommended

Determine the size of the logical volume automatically.

--percent

Specify the size of the logical volume as a percentage of available space in the volume group. Without the above --grow option, this may not work.

--encrypted

Specify that this logical volume should be encrypted.

--passphrase=

Specify the passphrase to use when encrypting this logical volume. Without the above --encrypted option, this option does nothing. If no passphrase is specified, the default system-wide one is used, or the installer will stop and prompt if there is no default.

--escrowcert=<url>

Load an X.509 certificate from <url>. Store the data encryption key of this logical volume, encrypted using the certificate, as a file in /root. Only relevant if --encrypted is specified as well.

--backuppassphrase

Only relevant if --escrowcert is specified as well. In addition to storing the data encryption key, generate a random passphrase and add it to this logical volume. Then store the passphrase, encrypted using the certificate specified by --escrowcert, as a file in /root. If more than one LUKS volume uses --backuppassphrase, the same passphrase will be used for all such volumes.

--thinpool

Create a thin pool logical volume. (Use a mountpoint of "none")

--metadatasize=<size>

Specify the metadata area size (in MiB) for a new thin pool device.

--chunksize=<size>

Specify the chunk size (in KiB) for a new thin pool device.

--thin

Create a thin logical volume. (Requires use of --poolname)

--poolname=<name>

Specify the name of the thin pool in which to create a thin logical volume. (Requires --thin)


Create the partition first, create the logical volume group, and then create the logical volume. For example:

part pv.01 --size 3000
volgroup myvg pv.01
logvol / --vgname=myvg --size=2000 --name=rootvol

logging

This command controls the error logging of anaconda during installation. It has no effect on the installed system.

--host=

Send logging information to the given remote host, which must be running a syslogd process configured to accept remote logging.

--port=

If the remote syslogd process uses a port other than the default, it may be specified with this option.

--level=

One of debug, info, warning, error, or critical.
Specify the minimum level of messages that appear on tty3. All messages will still be sent to the log file regardless of this level, however.

mediacheck

If given, this will force anaconda to run mediacheck on the installation media. This command requires that installs be attended, so it is disabled by default.

monitor

If the monitor command is not given, anaconda will use X to automatically detect your monitor settings. Please try this before manually configuring your monitor.

--hsync=

Specifies the horizontal sync frequency of the monitor.

--monitor=

Use specified monitor; monitor name should be from the list of monitors in /usr/share/hwdata/MonitorsDB from the hwdata package. The list of monitors can also be found on the X Configuration screen of the Kickstart Configurator. This is ignored if --hsync or --vsync is provided. If no monitor information is provided, the installation program tries to probe for it automatically.

--noprobe

Do not probe the monitor.

--vsync=

Specifies the vertical sync frequency of the monitor.

multipath

multipath --name= --device= --rule=

network

Configures network information for target system and activates network devices in installer environment. Device of the first network command is activated if network is required, e.g. in case of network installation or using vnc. Activation of the device can be also explicitly required by --activate option. If the device has already been activated to get kickstart file (e.g. using configuration provided with boot options or entered in loader UI) it is re-activated with configuration from kickstart file.

In F15, the device of first network command is activated also in case of non-network installs, and device is not re-activated using kickstart configuration.

Additional devices configured in kickstart with network command can be activated in installer using --activate option (since F16).

--bootproto=[dhcp|bootp|static|ibft]

The default setting is dhcp. bootp and dhcp are treated the same.
The DHCP method uses a DHCP server system to obtain its networking configuration. As you might guess, the BOOTP method is similar, requiring a BOOTP server to supply the networking configuration.
The static method requires that you enter all the required networking information in the kickstart file. As the name implies, this information is static and will be used during and after the installation. The line for static networking is more complex, as you must include all network configuration information on one line. You must specify the IP address, netmask, gateway, and nameserver. For example: (the \ indicates that it is all one line):
network --bootproto=static --ip=10.0.2.15 \
--netmask=255.255.255.0 --gateway=10.0.2.254 \
--nameserver=10.0.2.1
If you use the static method, be aware of the following restriction:
  • All static networking configuration information must be specified on one line; you cannot wrap lines using a backslash, for example.
ibft setting is for reading the configuration from iBFT table. It was added in F16.

--device=

Specifies device to be configured and/or activated with the network command. The device can be specified in the same ways as ksdevice boot option. For example:
network --bootproto=dhcp --device=eth0
For the first network command, if the option is not specified it defaults to 1) ksdevice boot option, 2) device activated to fetch kickstart, or 3) selection dialog in UI. For following network commands, the --device option is required.

--ip=

IP address for the interface.

--ipv6=

IPv6 address for the interface. This can be the static address in form <IPv6 address>[/<prefix length>], e.g. 3ffe:ffff:0:1::1/128 (if prefix is omitted 64 is assumed), "auto" for address assignment based on automatic neighbor discovery, or "dhcp" to use the DHCPv6 protocol.

--gateway=

Default gateway, as an IPv4 or IPv6 address.

--nodefroute

Prevents grabbing of the default route by the device. It can be useful when activating additional devices in installer using --activate option. Since F16.

--nameserver=

Primary nameserver, as an IP address. Multiple nameservers must be comma separated.

--nodns

Do not configure any DNS server.

--netmask=

Netmask for the installed system.

--hostname=

Hostname for the installed system.

--ethtool=

Specifies additional low-level settings for the network device which will be passed to the ethtool program.

--essid=

The network ID for wireless networks.

--wepkey=

The WEP encryption key for wireless networks.

--wpakey=

The WPA encryption key for wireless networks (since F16).

--onboot=

Whether or not to enable the device a boot time.

--dhcpclass=

The DHCP class.

--mtu=

The MTU of the device.

--noipv4

Disable IPv4 on this device.

--noipv6

Disable IPv6 on this device.

--bondslaves

Bonded device with name specified by --device option will be created using slaves specified in this option. Example: --bondslaves=eth0,eth1. Since Fedora 19.

--bondopts

A comma-separated list of optional parameters for bonded interface specified by --bondslaves and --device options. Example: --bondopts=mode=active-backup,primary=eth1. If an option itself contains comma as separator use semicolon to separate the options. Since Fedora 19.

--vlanid

Id (802.1q tag) of vlan device to be crated using parent device specified by --device option. For example network --device=eth0 --vlanid=171 will create vlan device eth0.171. Since Fedora 19.

--teamslaves

Team device with name specified by --device option will be created using slaves specified in this option. Slaves are separated by comma. A slave can be followed by its configuration which is a single-quoted json format string with double qoutes escaped by '\' character. Example: --teamslaves="p3p1'{\"prio\": -10, \"sticky\": true}',p3p2'{\"prio\": 100}'". See also --teamconfig option. Since Fedora 20.

--teamconfig

Double-quoted team device configuration which is a json format string with double quotes escaped with '\' character. The device name is specified by --device option and its slaves and their configuration by --teamslaves option. Since Fedora 20. Example:
network --device team0 --activate --bootproto static --ip=10.34.102.222 --netmask=255.255.255.0 --gateway=10.34.102.254 --nameserver=10.34.39.2  \
--teamslaves="p3p1'{\"prio\": -10, \"sticky\": true}',p3p2'{\"prio\": 100}'" \
--teamconfig="{\"runner\": {\"name\": \"activebackup\"}}"

part or partition

Creates a partition on the system. This command is required.

All partitions created will be formatted as part of the installation process unless --noformat and --onpart are used.

part <mntpoint>

The <mntpoint> is where the partition will be mounted and must be of one of the following forms:

/<path>
For example, /, /usr, /home
swap
The partition will be used as swap space.
To determine the size of the swap partition automatically, use the --recommended option. Starting with Fedora 18 the --hibernation option can be used to automatically determine the size of the swap partition big enough for hibernation.
raid.<id>
The partition will be used for software RAID (refer to raid).
pv.<id>
The partition will be used for LVM (refer to logvol).

--size=

The minimum partition size in megabytes. Specify an integer value here such as 500. Do not append the number with MB.

--grow

Tells the partition to grow to fill available space (if any), or up to the maximum size setting. Note that --grow is not supported for partitions containing a RAID volume on top of them.

--maxsize=

The maximum partition size in megabytes when the partition is set to grow. Specify an integer value here, and do not append the number with MB.

--noformat

Tells the installation program not to format the partition, for use with the --onpart command.

--onpart= or --usepart=

Put the partition on an already existing device. Use "--onpart=LABEL=name" or "--onpart=UUID=name" to specify a partition by label or uuid respectively.
Anaconda may create partitions in any particular order, so it is safer to use labels than absolute partition names.

--ondisk= or --ondrive=

Forces the partition to be created on a particular disk.

--asprimary

Forces automatic allocation of the partition as a primary partition or the partitioning will fail.

--fsprofile=

Specifies a usage type to be passed to the program that makes a filesystem on this partition. A usage type defines a variety of tuning parameters to be used when making a filesystem. For this option to work, the filesystem must support the concept of usage types and there must be a configuration file that lists valid types. For ext2/3/4, this configuration file is /etc/mke2fs.conf.

--fstype=

Sets the file system type for the partition. Valid values include ext4, ext3, ext2, btrfs, swap, and vfat. Other filesystems may be valid depending on command line arguments passed to anaconda to enable other filesystems.

--fsoptions=

Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the /etc/fstab file of the installed system and should be enclosed in quotes.

--label=

Specify the label to give to the filesystem to be made on the partition. If the given label is already in use by another filesystem, a new label will be created for this partition.

--recommended

Determine the size of the partition automatically.

--onbiosdisk=

Forces the partition to be created on a particular disk as discovered by the BIOS.

--encrypted

Specify that this partition should be encrypted.

--passphrase=

Specify the passphrase to use when encrypting this partition. Without the above --encrypted option, this option does nothing. If no passphrase is specified, the default system-wide one is used, or the installer will stop and prompt if there is no default.

--escrowcert=<url>

Load an X.509 certificate from <url>. Store the data encryption key of this partition, encrypted using the certificate, as a file in /root. Only relevant if --encrypted is specified as well.

--backuppassphrase

Only relevant if --escrowcert is specified as well. In addition to storing the data encryption key, generate a random passphrase and add it to this partition. Then store the passphrase, encrypted using the certificate specified by --escrowcert, as a file in /root. If more than one LUKS volume uses --backuppassphrase, the same passphrase will be used for all such volumes.
If partitioning fails for any reason, diagnostic messages will appear on virtual console 3.

poweroff

Turn off the machine after the installation is complete. Normally, kickstart displays a message and waits for the user to press a key before rebooting.

raid

Assembles a software RAID device. This command is of the form:

raid <mntpoint> --level=<level> --device=<mddevice> <partitions*>

<mntpoint>

Location where the RAID file system is mounted. If it is /, the RAID level must be 1 unless a boot partition (/boot) is present. If a boot partition is present, the /boot partition must be level 1 and the root (/) partition can be any of the available types. The <partitions*> (which denotes that multiple partitions can be listed) lists the RAID identifiers to add to the RAID array.

--level=

RAID level to use (0, 1, 4, 5, 6, or 10).

--device=

Name of the RAID device to use (such as 'fedora-root' or 'home'). As of Fedora 19, RAID devices are no longer referred to by names like 'md0'. If you have an old (v0.90 metadata) array that you cannot assign a name to, you can specify the array by a filesystem label or UUID (eg: --device=LABEL=fedora-root).

--spares=

Specifies the number of spare drives allocated for the RAID array. Spare drives are used to rebuild the array in case of drive failure.

--fstype=

Sets the file system type for the RAID array. Valid values include ext4, ext3, ext2, btrfs, swap, and vfat. Other filesystems may be valid depending on command line arguments passed to anaconda to enable other filesystems.

--fsoptions=

Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the /etc/fstab file of the installed system and should be enclosed in quotes.

--label=

Specify the label to give to the filesystem to be made. If the given label is already in use by another filesystem, a new label will be created.

--noformat

Use an existing RAID device and do not format the RAID array.

--useexisting

Use an existing RAID device and reformat it.

--encrypted

Specify that this RAID device should be encrypted.

--passphrase=

Specify the passphrase to use when encrypting this RAID device. Without the above --encrypted option, this option does nothing. If no passphrase is specified, the default system-wide one is used, or the installer will stop and prompt if there is no default.

--escrowcert=<url>

Load an X.509 certificate from <url>. Store the data encryption key of this RAID device, encrypted using the certificate, as a file in /root. Only relevant if --encrypted is specified as well.

--backuppassphrase

Only relevant if --escrowcert is specified as well. In addition to storing the data encryption key, generate a random passphrase and add it to this RAID device. Then store the passphrase, encrypted using the certificate specified by --escrowcert, as a file in /root. If more than one LUKS volume uses --backuppassphrase, the same passphrase will be used for all such volumes.

The following example shows how to create a RAID level 1 partition for /, and a RAID level 5 for /usr, assuming there are three disks on the system. It also creates three swap partitions, one on each drive.

part raid.01 --size=6000 --ondisk=sda
part raid.02 --size=6000 --ondisk=sdb
part raid.03 --size=6000 --ondisk=sdc

part swap1 --size=512 --ondisk=sda
part swap2 --size=512 --ondisk=sdb
part swap3 --size=512 --ondisk=sdc

part raid.11 --size=6000 --ondisk=sda
part raid.12 --size=6000 --ondisk=sdb
part raid.13 --size=6000 --ondisk=sdc

raid / --level=1 --device=md0 raid.01 raid.02 raid.03
raid /usr --level=5 --device=md1 raid.11 raid.12 raid.13

realm

Join an Active Directory of FreeIPA domain.

realm join <domain.example.com>

--computer-ou=

The distinguished name of an organizational unit to create the computer account. The exact format of the distinguished name depends on the client software and membership software. You can usually omit the root DSE portion of distinguished name.

--no-password

Perform the join automatically without a password.

--one-time-password=

Perform the join using a one time password specified on the command line. This is not possible with all types of realms.

--client-software=

Only join realms for which we can use the given client software. Possible values include sssd or winbind. Not all values are supported for all realms. By default the client software is automatically selected.

--server-software=

Only join realms which run the given server software. Possible values include active-directory or freeipa.

--membership-software=

The software to use when joining to the realm. Possible values include samba or adcli. Not all values are supported for all realms. By default the membership software is automatically selected.
realm join --one-time-password=12345 DC.EXAMPLE.COM

reboot

Reboot after the installation is complete. Normally, kickstart displays a message and waits for the user to press a key before rebooting.

--eject

Attempt to eject CD or DVD media before rebooting.

repo

Configures additional yum repositories that may be used as sources for package installation. Multiple repo lines may be specified. By default, anaconda has a configured set of repos taken from /etc/anaconda.repos.d plus a special Installation Repo in the case of a media install. The exact set of repos in this directory changes from release to release and cannot be listed here. There will likely always be a repo named "updates".

Note: If you want to enable one of the repos in /etc/anaconda.repos.d that is disabled by default (like "updates"), you should use --name=<repoid> but none of the other options. anaconda will look for a repo by this name automatically. Providing a baseurl or mirrorlist URL will result in anaconda attempting to add another repo by the same name, which will cause a conflicting repo error.

repo --name=<name> [--baseurl=<url>|--mirrorlist=<url>] [options]

--name=

The repo id. This option is required. If a repo has a name that conflicts with a previously added one, the new repo will be ignored. Because anaconda has a populated list of repos when it starts, this means that users cannot create new repos that override these names. Please check /etc/anaconda.repos.d from the operating system you wish to install to see what names are not available.

--baseurl=

The URL for the repository. The variables that may be used in yum repo config files are not supported here. You may use one of either this option or --mirrorlist, not both. If an NFS repository is specified, it should be of the form nfs://host:/path/to/repo. Note that there is a colon after the host--Anaconda passes everything after "nfs://" directly to the mount command instead of parsing URLs according to RFC 2224. Variable substitution is done for $releasever and $basearch in the url (added in F19).

--mirrorlist=

The URL pointing at a list of mirrors for the repository. The variables that may be used in yum repo config files are not supported here. You may use one of either this option or --baseurl, not both. Variable substitution is done for $releasever and $basearch in the url (added in F19).

--cost=

An integer value to assign a cost to this repository. If multiple repositories provide the same packages, this number will be used to prioritize which repository will be used before another. Repositories with a lower cost take priority over repositories with higher cost.

--excludepkgs=

A comma-separated list of package names and globs that must not be pulled from this repository. This is useful if multiple repositories provide the same package and you want to make sure it comes from a particular repository.

--includepkgs=

A comma-separated list of package names and globs that must be pulled from this repository. This is useful if multiple repositories provide the same package and you want to make sure it comes from this repository.

--proxy=[protocol://][username[:password]@]host[:port]

Specify an HTTP/HTTPS/FTP proxy to use just for this repository. This setting does not affect any other repositories, nor how the install.img is fetched on HTTP installs. The various parts of the argument act like you would expect.

--ignoregroups=true

This option is used when composing installation trees and has no effect on the installation process itself. It tells the compose tools to not look at the package group information when mirroring trees so as to avoid mirroring large amounts of unnecessary data.

--noverifyssl

For a https repo do not check the server's certificate with what well-known CA validate and do not check the server's hostname matches the certificate's domain name.

rescue

Automatically enter the installer's rescue mode. This gives you a chance to repair the system should something catastrophic happen.

rescue [--nomount|--romount]

--nomount|--romount]

Controls how the installed system is mounted in the rescue environment. By default, the installer will find your system and mount it in read-write mode, telling you where it has performed this mount. You may optionally choose to not mount anything or mount in read-only mode. Only one of these two options may be given at any one time.

rootpw

This required command sets the system's root password to the <password> argument.

rootpw [options] <password>

--iscrypted|--plaintext

If this is present, the password argument is assumed to already be encrypted. --plaintext has the opposite effect - the password argument is assumed to not be encrypted. To create an encrypted password you can use python: python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Sault"))' This will generate sha512 crypt of your password using your provided salt.

--lock

If this is present, the root account is locked by default. That is, the root user will not be able to login from the console.

selinux

Sets the state of SELinux on the installed system. SELinux defaults to enforcing in anaconda.

selinux [--disabled|--enforcing|--permissive]

--disabled

If this is present, SELinux is disabled.

--enforcing

If this is present, SELinux is set to enforcing mode.

--permissive

If this is present, SELinux is enabled, but only logs things that would be denied in enforcing mode.

services

Modifies the default set of services that will run under the default runlevel. The services listed in the disabled list will be disabled before the services listed in the enabled list are enabled.

services [--disabled=<list>] [--enabled=<list>]

--disabled=

Disable the services given in the comma separated list.

--enabled=

Enable the services given in the comma separated list.

shutdown

At the end of installation, shut down the machine. This is the same as the poweroff command. Normally, kickstart displays a message and waits for the user to press a key before rebooting.

sshpw

The installer can start up ssh to provide for interactivity and inspection, just like it can with telnet. The "inst.sshd" option must be specified on the kernel command-line for Anaconda to start an ssh daemon. The sshpw command is used to control the accounts created in the installation environment that may be remotely logged into. For each instance of this command given, a user will be created. These users will not be created on the final system - they only exist for use while the installer is running.

Note that by default, root has a blank password. If you don't want any user to be able to ssh in and have full access to your hardware, you must specify sshpw for username root. Also note that if Anaconda fails to parse the kickstart file, it will allow anyone to login as root and have full access to your hardware.

sshpw --username=<name> <password> [--iscrypted|--plaintext] [--lock]

--username=

Provides the name of the user. This option is required.

--iscrypted|--plaintext

If this is present, the password argument is assumed to already be encrypted. --plaintext has the opposite effect - the password argument is assumed to not be encrypted. The default is plaintext.

--lock

If this is present, the new user account is locked by default. That is, the user will not be able to login from the console.

skipx

If present, X is not configured on the installed system.

text

Perform the kickstart installation in text mode. Kickstart installations are performed in graphical mode by default.

timezone

This required command sets the system time zone to <timezone> which may be any of the time zones listed by timeconfig.

timezone [--utc] <timezone>

--utc

If present, the system assumes the hardware clock is set to UTC (Greenwich Mean) time.
To get the list of supported timezones, you can either run this script: http://vpodzime.fedorapeople.org/timezones_list.py or look at this list: http://vpodzime.fedorapeople.org/timezones_list.txt


Starting with Fedora 18 the timezone command has two new options:

timezone [--utc] [--nontp] [--ntpservers=<server1>,<server2>,...,<serverN>] <timezone>

--nontp

Disable automatic starting of NTP service.

--ntpservers=<server1>,<server2>,...,<serverN>

Specify a list of NTP servers to be used (comma-separated list with no spaces).
For example:
timezone --ntpservers=ntp.cesnet.cz,tik.nic.cz Europe/Prague

updates

Specify the location of an updates.img for use in installation. See anaconda-release-notes.txt for a description of how to make an updates.img.

updates [URL]

If present, the URL for an updates image.
If not present, anaconda will attempt to load from a floppy disk.

upgrade

Note that from F18 onward, upgrades are no longer supported in anaconda and should be done with FedUp, the Fedora update tool.

Tells the system to upgrade an existing system rather than install a fresh system. You must specify one of cdrom, harddrive, nfs, or url (for ftp and http) as the location of the installation tree. Refer to install for details.

--root-device=<root> (optional)

On a system with multiple installs, this option specifies which filesystem holds the installation to be upgraded. This can be specified by device name, UUID=<uuid>, or LABEL=<fslabel> just like the harddrive command may be.

user

Creates a new user on the system.

user --name=<username> [--gecos=<string>] [--groups=<list>] [--homedir=<homedir>] [--password=<password>] [--iscrypted|--plaintext] [--lock] [--shell=<shell>] [--uid=<uid>]

--name=

Provides the name of the user. This option is required.

--gecos=

Provides the GECOS information for the user. This is a string of various system-specific fields separated by a comma. It is frequently used to specify the user's full name, office number, and the like. See man 5 passwd for more details.

--groups=

In addition to the default group, a comma separated list of group names the user should belong to.

--homedir=

The home directory for the user. If not provided, this defaults to /home/<username>.

--lock

If this is present, the new user account is locked by default. That is, the user will not be able to login from the console.

--password=

The new user's password. If not provided, the account will be locked by default.
If this is present, the password argument is assumed to already be encrypted. --plaintext has the opposite effect - the password argument is assumed to not be encrypted. To create an encrypted password you can use python: python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Sault"))' This will generate sha512 crypt of your password using your provided salt.


--iscrypted|--plaintext

Is the password provided by --password already encrypted or not? --plaintext has the opposite effect - the password argument is assumed to not be encrypted.

--shell=

The user's login shell. If not provided, this defaults to the system default.

--uid=

The user's UID. If not provided, this defaults to the next available non-system UID.

vnc

Allows the graphical installation to be viewed remotely via VNC. This method is usually preferred over text mode, as there are some size and language limitations in text installs. With no options, this command will start a VNC server on the machine with no password and will print out the command that needs to be run to connect a remote machine.

vnc [--host=<hostname>] [--port=<port>] [--password=<password>]

--host=

Instead of starting a VNC server on the install machine, connect to the VNC viewer process listening on the given hostname.

--port=

Provide a port that the remote VNC viewer process is listening on. If not provided, anaconda will use the VNC default.

--password=

Set a password which must be provided to connect to the VNC session. This is optional, but recommended.

volgroup

Use to create a Logical Volume Management (LVM) group.

volgroup <name> <partitions*> <options>

<name>

Name given to the volume group. The <partitions*> (which denotes that multiple partitions can be listed) lists the identifiers to add to the volume group.

--noformat

Use an existing volume group. Do not specify partitions when using this option.

--useexisting

Use an existing volume group. Do not specify partitions when using this option.

--pesize=

Set the size of the physical extents.

--reserved-space=

Specify an amount of space to leave unused in a volume group, in megabytes. (new volume groups only)

--reserved-percent=

Specify a percentage of total volume group space to leave unused. (new volume groups only)

Create the partition first, create the logical volume group, and then create the logical volume. For example:

part pv.01 --size 3000
volgroup myvg pv.01
logvol / --vgname=myvg --size=2000 --name=rootvol

xconfig

Configures the X Window System. If this option is not given, anaconda will use X to attempt to automatically configure. Please try this before manually configuring your system.

--defaultdesktop=

Specify either GNOME or KDE to set the default desktop (assumes that GNOME Desktop Environment and/or KDE Desktop Environment has been installed through %packages).

--startxonboot

Use a graphical login on the installed system.

zerombr

If zerombr is specified, any disks whose formatting is unrecognized are initialized. This will destroy all of the contents of disks with invalid partition tables or other formatting unrecognizable to the installer. It is useful so that the installation program does not ask if it should initialize the disk label if installing to a brand new hard drive.

zfcp

--devnum=

--fcplun=

--wwpn=

%include

Use the %include /path/to/file or %include <url> command to include the contents of another file in the kickstart file as though the contents were at the location of the %include command in the kickstart file.

%ksappend

The %ksappend url directive is very similar to %include in that it is used to include the contents of additional files as though they were at the location of the %ksappend directive. The difference is in when the two directives are processed. %ksappend is processed in an initial pass, before any other part of the kickstart file. Then, this expanded kickstart file is passed to the rest of anaconda where all %pre scripts are handled, and then finally the rest of the kickstart file is processed in order, which includes %include directives.

Thus, %ksappend provides a way to include a file containing %pre scripts, while %include does not.