Red Hat Linux 7.3: The Official Red Hat Linux Customization Guide | ||
---|---|---|
Prev | Chapter 1. Kickstart Installations | Next |
The following options can be placed in a kickstart file. If you prefer to use a graphical interface for creating your kickstart file, you can use the Kickstart Configurator application. Refer to Chapter 2 for details.
Similar to interactive except it goes to the next screen for you. It is used mostly for debugging.
Sets up the authentication options for the system. It's similar to the authconfig command, which can be run after the install. By default, passwords are normally encrypted and are not shadowed.
Use md5 encryption for user passwords.
Turns on NIS support. By default, --enablenis uses whatever domain it finds on the network. A domain should almost always be set by hand (via --nisdomain).
NIS domain name to use for NIS services.
Server to use for NIS services (broadcasts by default).
Use shadow passwords.
Turns on LDAP support in /etc/nsswitch.conf, allowing your system to retrieve information about users (UIDs, home directories, shells, etc.) from an LDAP directory. To use this option, you must have the nss_ldap package installed. You must also specify a server and a base DN with --ldapserver= and --ldapbasedn=.
Use LDAP as an authentication method. This enables the pam_ldap module for authentication and changing passwords, using an LDAP directory. To use this option, you must have the nss_ldap package installed. You must also specify a server and a base DN with --ldapserver= and --ldapbasedn=.
If you specified either --enableldap or --enableldapauth, the name of the LDAP server to use. This option is set in the /etc/ldap.conf file.
If you specified either --enableldap or --enableldapauth, the DN (distinguished name) in your LDAP directory tree under which user information is stored. This option is set in the /etc/ldap.conf file.
Use TLS (Transport Layer Security) lookups. This option allows LDAP to send encrypted usernames and passwords to an LDAP server before authentication.
Use Kerberos 5 for authenticating users. Kerberos itself does not know about home directories, UIDs, or shells. So if you enable Kerberos you will need to make users' accounts known to this workstation by enabling LDAP, NIS, or Hesiod or by using the /usr/sbin/useradd command to make their accounts known to this workstation. If you use this option, you must have the pam_krb5 package installed.
The Kerberos 5 realm to which your workstation belongs.
The KDC (or KDCs) that serve requests for the realm. If you have multiple KDCs in your realm, separate their names with commas (,).
The KDC in your realm that is also running kadmind. This server handles password changing and other administrative requests. This server must be run on the master KDC if you have more than one KDC.
Enable Hesiod support for looking up user home directories, UIDs, and shells. More information on setting up and using Hesiod on your network is in /usr/share/doc/glibc-2.x.x/README.hesiod, which is included in the glibc package. Hesiod is an extension of DNS that uses DNS records to store information about users, groups, and various other items.
The Hesiod LHS ("left-hand side") option, set in /etc/hesiod.conf. This option is used by the Hesiod library to determine the name to search DNS for when looking up information, similar to LDAP's use of a base DN.
The Hesiod RHS ("right-hand side") option, set in /etc/hesiod.conf. This option is used by the Hesiod library to determine the name to search DNS for when looking up information, similar to LDAP's use of a base DN.
Tip | |
---|---|
To look up user information for "jim", the Hesiod library looks up jim.passwd<LHS><RHS>, which should resolve to a TXT record that looks like what his passwd entry would look like (jim:*:501:501:Jungle Jim:/home/jim:/bin/bash). For groups, the situation is identical, except jim.group<LHS><RHS> would be used. Looking up users and groups by number is handled by
making "501.uid" a CNAME for "jim.passwd", and
"501.gid" a CNAME for "jim.group". Note that the LHS
and RHS do not have periods |
Enables authentication of users against an SMB server (typically a Samba or Windows server). SMB authentication support does not know about home directories, UIDs, or shells. So if you enable it you will need to make users' accounts known to the workstation by enabling LDAP, NIS, or Hesiod or by using the /usr/sbin/useradd command to make their accounts known to the workstation. To use this option, you must have the pam_smb package installed.
The name of the server(s) to use for SMB authentication. To specify more than one server, separate the names with commas (,).
The name of the workgroup for the SMB servers.
Enables the nscd service. The nscd service caches information about users, groups, and various other types of information. Caching is especially helpful if you choose to distribute information about users and groups over your network using NIS, LDAP, or hesiod.
Specifies how the boot loader should be installed and whether the boot loader should be LILO or GRUB.
Specifies kernel parameters.
Specifies where the boot record is written. Valid values are the following: mbr (the default), partition (installs the boot loader on the first sector of the partition containing the kernel), or none (do not install the boot loader).
If using GRUB, sets the GRUB boot loader password to mypassword. This should be used to restrict access to the GRUB shell where arbitrary kernel options can be passed.
If using GRUB, similar to --password except mypassword should be the password already encrypted.
Use LILO instead of GRUB as the boot loader.
If using LILO, use the linear LILO option; this is only for backwards compatibility (and linear is now used by default).
If using LILO, use the nolinear LILO option; linear is the default.
If using LILO, force use of lba32 mode instead of autodetecting.
Upgrade the existing boot loader configuration. This option is only available for upgrades.
Removes partitions from the system, prior to creation of new partitions. By default, no partitions are removed.
Erases all Linux partitions.
Erases all partitions from the system.
Specifies which drives to clear partitions from.
Initializes the disk label to the default for your architecture (msdos for x86 and gpt for Itanium). It is useful so that the installation program does not ask if it should initialize the disk label if installing to a brand new hard drive.
Note | |
---|---|
If the clearpart command, then the --onpart command cannot be used on a logical partition. |
On most PCI systems, the installation program will autoprobe for Ethernet and SCSI cards properly. On older systems and some PCI systems, however, kickstart needs a hint to find the proper devices. The device command, which tells Anaconda to install extra modules, is in this format:
device <type> <moduleName> --opts <options> |
<type> should be scsi or eth, and <moduleName> is the name of the kernel module which should be installed.
Options to pass to the kernel module. Note that multiple options may be passed if they are put in quotes. For example:
--opts "aic152x=0x340 io=11" |
Forces a probe of the PCI bus and loads modules for all the devices found if a module is available.
Driver disks can be used during kickstart installations. You will need to copy the driver disk's contents to the root directory of a partition on the system's hard drive. Then you will need to use the driverdisk command to tell the installation program where to look for the driver disk.
driverdisk <partition> [--type <fstype>] |
<partition> is the partition containing the driver disk.
Filesystem type (for example, vfat, ext2, or ext3).
Firewall options can be configured in kickstart. This configuration corresponds to the Firewall Configuration screen in the installation program.
firewall [--high | --medium | --disabled] [--trust <device>] [--dhcp] [--ssh] [--telnet] [--smtp] [--http] [--ftp] [--port <portspec>] |
Choose one of the following levels of security:
--high
--medium
--disabled
Listing a device here, such as eth0, allows all traffic coming from that device to go through the firewall. To list more than one device, use --trust eth0 --trust eth1. Do NOT use a comma-separated format such as --trust eth0, eth1.
Enabling these options allow the specified services to pass through the firewall.
--dhcp
--ssh
--telnet
--smtp
--http
--ftp
You can specify that ports be allowed through the firewall using the port:protocol format. For example, if you wanted to allow IMAP access through your firewall, you can specify imap:tcp. You can also specify numeric ports explicitly; for example, to allow UDP packets on port 1234 through, specify 1234:udp. To specify multiple ports, separate them by commas.
Tells the system to install a fresh system rather than upgrade an existing system. This is the default mode.
You must use one of these four commands to specify what type of kickstart installation is being performed:
Install from the NFS server specified.
--server <server>
Server from which to install (hostname or IP).
--dir <dir>
Directory containing the Red Hat installation tree.
For example:
nfs --server <server> --dir <dir> |
Install from the first CD-ROM drive on the system.
For example:
cdrom |
Install from a Red Hat installation tree on a local drive, which must be either vfat or ext2.
--partition <partition>
Partition to install from (such as, sdb2).
--dir <dir>
Directory containing the Red Hat installation tree.
For example:
harddrive --partition <partition> --dir <dir> |
Install from a Red Hat installation tree on a remote server via FTP or HTTP.
For example:
url --url http://<server>/<dir> |
url --url ftp://<username>:<password>@<server>/<dir> |
Uses the information provided in the kickstart file during the installation, but allow for inspection and modification of the values given. You will be presented with each screen of the installation program with the values from the kickstart file. Either accept the values by clicking Next or change the values and click Next to continue. See also the Section called autostep.
Sets system keyboard type. Here is the list of available keyboards on i386, Itanium, and Alpha machines:
azerty, be-latin1, be2-latin1, fr-latin0, fr-latin1, fr-pc, fr, wangbe, ANSI-dvorak, dvorak-l, dvorak-r, dvorak, pc-dvorak-latin1, tr_f-latin5, trf, bg, br-abnt2, cf, cz-lat2-prog, cz-lat2, defkeymap, defkeymap_V1.0, dk-latin1, dk, emacs, emacs2, es, fi-latin1, fi, gr-pc, gr, hebrew, hu101, is-latin1, it-ibm, it, it2, jp106, la-latin1, lt, lt.l4, nl, no-latin1, no, pc110, pl, pt-latin1, pt-old, ro, ru-cp1251, ru-ms, ru-yawerty, ru, ru1, ru2, ru_win, se-latin1, sk-prog-qwerty, sk-prog, sk-qwerty, tr_q-latin5, tralt, trf, trq, ua, uk, us, croat, cz-us-qwertz, de-latin1-nodeadkeys, de-latin1, de, fr_CH-latin1, fr_CH, hu, sg-latin1-lk450, sg-latin1, sg, sk-prog-qwertz, sk-qwertz, slovene |
Here is the list for SPARC machines:
sun-pl-altgraph, sun-pl, sundvorak, sunkeymap, sunt4-es, sunt4-no-latin1, sunt5-cz-us, sunt5-de-latin1, sunt5-es, sunt5-fi-latin1, sunt5-fr-latin1, sunt5-ru, sunt5-uk, sunt5-us-cz |
Sets the language to use during installation. For example, to set the language to English, the kickstart file should contain the following line:
lang en_US |
Valid language codes are the following (please note that these are subject to change at any time):
cs_CZ, da_DK, en_US, fr_FR, de_DE, is_IS, it_IT, ja_JP.eucJP, ko_KR.eucKR, no_NO, pt_PT, ru_RU.koi8r, sl_SI, es_ES, sv_SE, uk_UA |
Sets the language(s) to install on the system. The same language codes used with lang can be used with langsupport.
If you just want to install one language, specify it. For example, to install and use the French language fr_FR:
langsupport fr_FR |
If you want to install language support for more than one language, you must specify a default.
For example, to install English and French and use English as the default language:
langsupport --default en_US fr_FR |
If you use --default with only one language, all languages will be installed with the specified language set to the default.
Warning | |
---|---|
This option has been replaced by bootloader and is only available for backwards compatibility. Refer to the Section called bootloader. |
Specifies how the boot loader should be installed on the system. By default, LILO installs on the MBR of the first disk, and installs a dual-boot system if a DOS partition is found (the DOS/Windows system will boot if the user types dos at the LILO: prompt).
Specifies kernel parameters.
Use the linear LILO option; this is only for backwards compatibility (and linear is now used by default).
Use the nolinear LILO option; linear is now used by default.
Specifies where the LILO boot record is written. Valid values are the following: mbr (the default) or partition (installs the boot loader on the first sector of the partition containing the kernel). If no location is specified, LILO is not installed.
Forces the use of lba32 mode instead of autodetecting.
If lilocheck is present, the installation program checks for LILO on the MBR of the first hard drive, and reboots the system if it is found — in this case, no installation is performed. This can prevent kickstart from reinstalling an already installed system.
Configures the mouse for the system, both in GUI and text modes. Options are:
Device the mouse is on (such as --device ttyS0).
If present, simultaneous clicks on the left and right mouse buttons will be recognized as the middle mouse button by the X Window System. This option should be used if you have a two button mouse.
After options, the mouse type may be specified as one of the following:
alpsps/2, ascii, asciips/2, atibm, generic, generic3, genericps/2, generic3ps/2, genericusb, generic3usb, geniusnm, geniusnmps/2,geniusprops/2, geniusscrollps/2, geniusscrollps/2+, thinking, thinkingps/2, logitech, logitechcc, logibm, logimman, logimmanps/2, logimman+, logimman+ps/2, logimmusb, microsoft, msnew, msintelli, msintellips/2, msintelliusb, msbm, mousesystems, mmseries, mmhittab, sun, none |
If the mouse command is given without any arguments, or it is omitted, the installation program will attempt to autodetect the mouse. This procedure works for most modern mice.
Configures network information for the system. If the kickstart installation does not require networking (in other words, it is not installed over NFS, HTTP, or FTP), networking is not configured for the system. If the installation does require networking and network information is not provided in the kickstart file, the Red Hat Linux installation program assumes that the installation should be done over eth0 via a dynamic IP address (BOOTP/DHCP), and configures the final, installed system to determine its IP address dynamically. The network option configures networking information for kickstart installations via a network as well as for the installed system.
One of dhcp, bootp, or static (defaults to DHCP, and dhcp and bootp are treated the same). Must be static for static IP information to be used.
Used to select a specific Ethernet device for installation. Note that using --device <device> will not be effective unless the kickstart file is a local file (such as ks=floppy), since the installation program will configure the network to find the kickstart file. Example:
network --bootproto dhcp --device eth0 |
IP address for the machine to be installed.
Default gateway as an IP address.
Primary nameserver, as an IP address.
Do not configure any DNS server.
Netmask for the installed system.
Hostname for the installed system.
There are three different methods of network configuration:
DHCP
BOOTP
static
The DHCP method uses a DHCP server system to obtain its networking configuration. As you might guess, the BOOTP method is similar, requiring a BOOTP server to supply the networking configuration.
The static method requires that you enter all the required networking information in the kickstart file. As the name implies, this information is static, and will be used during the installation, and after the installation as well.
To direct a system to use DHCP to obtain its networking configuration, use the following line:
network --bootproto dhcp |
To direct a machine to use BOOTP to obtain its networking configuration, use the following line in the kickstart file:
network --bootproto bootp |
The line for static networking is more complex, as you must include all network configuration information on one line. You must specify:
IP address
Netmask
Gateway IP address
Nameserver IP address
Here is an example static line:
network --bootproto static --ip 10.0.2.15 --netmask 255.255.255.0 --gateway 10.0.2.254 --nameserver 10.0.2.1 |
If you use the static method, be aware of the following two restrictions:
All static networking configuration information must be specified on one line; you cannot wrap lines using a backslash, for example.
You can only specify one nameserver here. However, you can use the kickstart file's %post section (described in the Section called %post — Post-Installation Configuration Section) to add more name servers, if needed.
Creates a partition on the system.
The <mntpoint> is where the partition will be mounted and must be of one of the following forms:
For example, /, /usr, /home
The partition will be used as swap space.
To determine the size of the swap partition automatically, use the --recommended[1] option:
swap --recommended |
The minimum size of the automatically-generated swap partition will be no smaller than the amount of RAM in the system and no bigger than twice the amount of RAM in the system.
The partition will be used for software RAID (see the the Section called raid below).
The minimum partition size in megabytes. Specify an integer value here such as 500. Do not append the number with MB.
Tells the partition to grow to fill available space (if any), or up to the maximum size setting.
The maximum partition size in megabytes when the partition is set to grow. Specify an integer value here, and do not append the number with MB.
Tells the installation program not to format the partition, for use with the --onpart command.
Tells the installation program to put the partition on the already existing device <part>. For example, partition /home --onpart hda1 will put /home on /dev/hda1, which must already exist. If you use --onpart, you still must specify a size with --size for the file to be parsed correctly. The size will be ignored since the partition already exists.
Forces the partition to be created on a particular disk. For example, --ondisk sdb will put the partition on the second disk on the system.
Forces automatic allocation of the partition as a primary partition or the partitioning will fail.
<N> represents the number of bytes per inode on the filesystem when it is created. It must be given in decimal format. This option is useful for applications where you want to increase the number of inodes on the filesystem.
This option is no longer available. Use fstype.
Sets the filesystem type for the partition. Valid values are ext2, ext3, swap, and vfat.
Specifies the starting cylinder for the partition. It requires that a drive be specified with --ondisk or ondrive. It also requires that the ending cylinder be specified with --end or the partition size be specified with --size.
Specifies the ending cylinder for the partition. It requires that the starting cylinder be specified with --start.
Specifies that the partition should be checked for bad sectors.
All partitions created will be formatted as part of the installation process unless --noformat and --onpart are used.
Note | |
---|---|
If partitioning fails for any reason, diagnostic messages will appear on virtual console 3. |
Assembles a software RAID device. This command is of the form:
raid <mntpoint> --level <level> --device <mddevice><partitions*> |
The <mntpoint> is the location where the RAID filesystem is mounted. If it is /, the RAID level must be 1 unless a boot partition (/boot) is present. If a boot partition is present, the /boot partition must be level 1 and the root (/) partition can be any of the available types. The <partitions*> (which denotes that multiple partitions can be listed) lists the RAID identifiers to add to the RAID array.
RAID level to use (0, 1, or 5).
Name of the RAID device to use (such as md0 or md1). RAID devices range from md0 to md7, and each may only be used once.
Specifies that there should be N spare drives allocated for the RAID array. Spare drives are used to rebuild the array in case of drive failure.
Sets the filesystem type for the RAID array. Valid values are ext2, ext3, swap, and vfat.
Do not format the RAID array.
The following example shows how to create a RAID level 1 partition for /, and a RAID level 5 for /usr, assuming there are three SCSI disks on the system. It also creates three swap partitions, one on each drive.
part raid.01 --size 60 --ondisk sda part raid.02 --size 60 --ondisk sdb part raid.03 --size 60 --ondisk sdc |
part swap --size 128 --ondisk sda part swap --size 128 --ondisk sdb part swap --size 128 --ondisk sdc |
part raid.11 --size 1 --grow --ondisk sda part raid.12 --size 1 --grow --ondisk sdb part raid.13 --size 1 --grow --ondisk sdc |
raid / --level 1 --device md0 raid.01 raid.02 raid.03 raid /usr --level 5 --device md1 raid.11 raid.12 raid.13 |
Reboot after the installation is complete (no arguments). Normally, kickstart displays a message and waits for the user to press a key before rebooting.
rootpw [--iscrypted] <password>
Sets the system's root password to the <password> argument.
If this is present, the password argument is assumed to already be encrypted.
If present, X is not configured on the installed system.
Perform the kickstart installation in text mode. Kickstart installations are performed in graphical mode by default.
timezone [--utc] <timezone>
Sets the system time zone to <timezone> which may be any of the time zones listed by timeconfig.
If present, the system assumes the hardware clock is set to UTC (Greenwich Mean) time.
Tells the system to upgrade an existing system rather than install a fresh system.
Configures the X Window System. If this option is not given, the user will need to configure X manually during the installation, if X was installed; this option should not be used if X is not installed on the final system.
Do not probe the monitor.
Use card <card>; this card name should be from the list of cards in Xconfigurator. If this argument is not provided, Anaconda will probe the PCI bus for the card. Since AGP is part of the PCI bus, AGP cards will be detected if supported. The probe order is determined by the PCI scan order of the motherboard.
Specify the amount of video RAM the video card has.
Use monitor <mon>; this monitor name should be from the list of monitors in Xconfigurator. This is ignored if --hsync or --vsync is provided. If no monitor information is provided, the installation program tries to probe for it automatically.
Specifies the horizontal sync frequency of the monitor.
Specifies the vertical sync frequency of the monitor.
Sets the default desktop to either GNOME or KDE (and assumes that GNOME and/or KDE has been installed through %packages).
Use a graphical login on the installed system.
Specify the default resolution for the X Window System on the installed system. Valid values are 640x480, 800x600, 1024x768, 1152x864, 1280x1024, 1400x1050, 1600x1200. Be sure to specify a resolution that is compatible with the video card and monitor.
Specify the default color depth for the X Window System on the installed system. Valid values are 8, 16, 24, and 32. Be sure to specify a color depth that is compatible with the video card and monitor.
If zerombr is specified, and yes is its sole argument, any invalid partition tables found on disks are initialized. This will destroy all of the contents of disks with invalid partition tables. This command should be in the following format:
zerombr yes
No other format is effective.
Use the %packages command to begin a kickstart file section that lists the packages you would like to install (this is for installations only, as package selection during upgrades is not supported).
Use the %packages --resolvedeps[1] to install the listed packages and automatically resolve package dependencies.
Use the %packages --ignoredeps[1] to ignore the unresolved dependencies and install the listed packages without the dependencies.
Packages can be specified by component or by individual package name. The installation program defines several components that group together related packages. See the RedHat/base/comps file on any Red Hat Linux CD-ROM for a list of components. The components are defined by the lines that begin with a number followed by a space and then the component name. Each package in that component is then listed, line-by-line. Individual packages lack the leading number found in front of component lines.
Additionally, there are three other types of lines in the comps file:
If a package name begins with an architecture type, you only need to type in the package name, not the architecture name. For example:
For i386: apmd you only need to use the apmd part for that specific package to be installed.
Lines that begin with a ? are used by the installation program and should not be altered.
If a package name begins with --hide, you only need to type in the package name, without the --hide. For example:
For --hide Network Server you only need to use the Network Server part for that specific package to be installed.
In most cases, it is only necessary to list the desired components and not individual packages. Note that the Base component is always selected by default, so it is not necessary to specify it in the %packages section.
Here is an example %packages selection:
%packages @ Network Managed Workstation @ Development @ Web Server @ X Window System ImageMagick |
As you can see, components are specified, one to a line, starting with an @ symbol, a space, and then the full component name as given in the comps file. Specify individual packages with no additional characters (the ImageMagick line in the example above is an individual package).
You can also direct the kickstart installation to install the default packages for a workstation (KDE or GNOME) or server installation (or choose an everything installation to install all packages). To do this, simply add one of the following lines to the %packages section:
@ GNOME @ KDE @ Server @ Everything |
You can add commands to run on the system immediately after the ks.cfg has been parsed. This section must be at the end of the kickstart file (after the commands) and must start with the %pre command. Note that you can access the network in the %pre section; however, name service has not been configured at this point, so only IP addresses will work. Here is an example %pre section:
%pre # add comment to /etc/motd echo "Kickstart-installed Red Hat Linux `/bin/date`" > /etc/motd # add another nameserver echo "nameserver 10.10.0.2" >> /etc/resolv.conf |
This section creates a message-of-the-day file containing the date the kickstart installation took place. It also gets around the network command's limitation of only one name server by adding another nameserver to /etc/resolv.conf.
Note | |
---|---|
Note that the pre-install script is not run in the change root environment. |
You have the option of adding commands to run on the system once the installation is complete. This section must be at the end of the kickstart file and must start with the %post command.
Note | |
---|---|
If you configured the network with static IP information, including a nameserver, you can access the network and resolve IP addresses in the %post section. If you configured the network for DHCP, the /etc/resolv.conf file has not been completed when the installation executes the %post section. You can access the network, but you can not resolve IP addresses. Thus, if you are using DHCP, you must specify IP addresses in the %post section. |
Here is an example %post section that creates a message of the day file containing the date that the kickstart installation took place, and gets around the network command's limitation of one nameserver only by adding another nameserver to /etc/resolv.conf.
%post # add comment to /etc/motd echo "Kickstart-installed Red Hat Linux `/bin/date`" > /etc/motd # add another nameserver echo "nameserver 10.10.0.2" >> /etc/resolv.conf |
Note | |
---|---|
The post-install script is run in a chroot environment; therefore, performing tasks such as copying scripts or RPMs from the installation media will not work. |
Allows you to specify commands that you would like to run outside of the chroot environment.
The following example copies the file /etc/resolv.conf to the filesystem that was just installed.
%post --nochroot cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf |
Allows you to specify a different scripting language, such as Perl. Replace /usr/bin/perl with the scripting language of your choice.
The following example uses a Perl script to replace /etc/HOSTNAME.
%post --interpreter /usr/bin/perl # replace /etc/HOSTNAME open(HN, ">HOSTNAME"); print HN "1.2.3.4 an.ip.address\n"; |
More examples of post-installation scripts can be found in the Section called Post-Installation Script in Chapter 2.
Use the %include /path/to/file command to include the contents of another file in the kickstart file as though the contents were at the location of the %include command in the kickstart file.
[1] | This option is new to Red Hat Linux 7.3 |