Section 10.4. Installing with Kickstart

10.4. Installing with Kickstart

In a normal Fedora Core installation, Anaconda asks a number of questions before beginning the actual installation procedure, which then runs without any user intervention (except for changing CDs, if that is the chosen installation method).

Kickstart is a Fedora installation option that uses a text file to supply basic configuration information so that Anaconda can skip all of the questions normally asked during installation.

10.4.1. How Do I Do That?

To use Kickstart, you must create a Kickstart file using any regular text editor. A Kickstart file contains a number of options, one per line, with arguments.

These options are required:

auth or authconfig: Configures the authentication system. For normal password authentication, use the arguments --enableshadow --enablemd5.
bootloader: The GRUB installation location and password. For an upgrade, use --upgrade; for a new installation, use --location=mbr --md5pass= encryptedpassword (I cover how to generate encrypted passwords shortly).
lang: Selects the language to be used during installation. Possible values are listed in /usr/share/system-config-language/locale-list; for U.S. English, use the argument en_US.
keyboard: The keyboard type to be used. Specify us for a standard North American English keyboard, or use one of the codes found in /usr/lib/python2.4/site-packages/rhpl/keyboard_models.py (such as cf for Canadian French).
rootpw: The root password. Use the arguments --iscrypted encryptedpassword.
timezone: The time zone for the system. The third column of /usr/share/zoneinfo/zone.tab lists possible values, such as America/Toronto or Asia/Shanghai. Add the argument --utc if the system clock is in UTC (recommended except when the system is dual-boot and you are in a time zone that has daylight savings time).

To encrypt a password for the bootloader and root access, use the openssl command:

$ openssl passwd -1 -salt "RaNDoMjuNk" "MySecretPassword"
$1$RaNDoMju$OS0p7cTCbvCJ2ITUfcovM1

Replace RaNDoMjuNK with any garbage characters you want to use, and MySecretPassword with the desired password. Cut and paste the result into the Kickstart file as the encrypted password.

Here is a basic configuration using these options:

auth --enableshadow --enablemd5
bootloader --location=mbr --md5pass=$1$RaNDoMju$OS0p7cTCbvCJ2ITUfcovM1
lang en_US
keyboard us
rootpw --iscrypted $1$RaNDoMju$OS0p7cTCbvCJ2ITUfcovM1
timezone America/Toronto

Next, specify the installation source and networking:

cdrom

Installation from the first optical disk drive on the system (CD or DVD).

url

HTTP or FTP installation. Use the argument --url http://host/directory or --url ftp:// host/directory to specify the location of the installation files.

nfs

NFS installation. Use --server= ip_address and --dir= directory to specify the server host and directory that contain the installation files.

harddrive

Installation from a VFAT or ext2/ext3 partition on a local hard drive. Use the arguments --partition= partitionId and --dir= /directory to specify the location of the installation files. The partitionId must be one of the hard drive device names from Table 1-4, with the partition number appended without the /dev/ directory (for example, hda2 for partition 2 on the IDE/ATA primary slave drive).

network

Configures IP networking for the installed system. If the system already has networking enabled (for example, because it booted from a PXE server), then that configuration is used for the rest of the installation, but if no network configuration has been set up for the installation and one is required, this configuration is used.

The argument --bootproto= method sets the network configuration method: dhcp, bootp, or static. If you specify static, use the options --ip= ip_address --netmask= subnetmask --gateway= router_ip --nameserver= nameserver_ip to configure the network interface. If you have more than one network interface, use the --device= devicename option; to configure the interface to be inactive at boot, use --onboot=off.

Note that the directory specified for the url or nfs options must contain the fedora directory of the installation tree; in other words, it must be equivalent to the root directory of the Fedora Core CD or DVD.

To specify HTTP as the installation method on a system with two network interfacesone configured with DHCP and one with a static IPuse a configuration like this:

url --url=http://192.168.1.2/fc6/
network --bootproto=dhcp   --device eth0
network --bootproto=static --device eth1 \
    --ip 10.2.97.33 --netmask=255.255.255.0

If a Kickstart option line ends with \, it is continued on the next line.

If you are using Kickstart to perform an upgrade instead of an installation, use the upgrade option. Otherwise, use these options to lay out the storage:

zerombr: Clears any invalid partition tables. Use this option with just one argument: yes.
autopart: Sets up the default partition structure, which includes a /boot filesystem and a volume group with logical volumes for swap and the root filesystem. If part options are also present, they will selectively override the default setup for the same mount point.
clearpart: Clears existing partition table entries. Use the argument --all to clear all partitions, --linux to clear all Linux partitions, --drives= drive1,drive2 to specify the drive or drives to be cleared, and --initlabel to enable the creation of disk labels (partition tables) on empty drives.
part or partition: Creates a disk partition. Provide an option identifying the mount point (such as /boot) or one of the keywords swap, raid. NN, or pv. NN, where NN is a RAID or physical volume number (0199). Then use the arguments --size= size and --maxsize= maxsize to set the minimum and maximum partition sizes in megabytes, and --grow to indicate that the filesystem can be expanded to fill the maximum size if it is specified (or all of the remaining free space if a maximum is not specified). --ondrive= drive can be used to force the use of a particular drive; use drive names from Table 1-4. Use --fstype= filesystem to configure the filesystem type (ext2, ext3, or vfat).
raid: Creates a RAID device from partitions defined with the part option. Use the argument --level= raidlevel to set the RAID level to 0, 1, 5, or 6, and the argument --device= devicename to set the RAID device name (such as md0 or md12). If the array will have hot spares, specify the number of hot spares with the argument --spares= S. Set the filesystem type with --fstype= filesystem, and then list the mount point (or swap for a swap device, or pv. NN for physical volume number NN). Finally, list the partition names (raid. NN) that will make up the elements of this array.
volgroup: Creates a volume group. Supply the volume group name (such as main) and a list of physical volumes (pv. NN) as arguments.
logvol: Creates a logical volume. Use the --vgname= volumegroup argument to select the volume group, --size= size to set the LV size in megabytes, and --name= lvname to set the name. Specify the mount point (or swap for a swap partition) as a separate argument.

For example, if you had a system with two 200 GB disks (as the master IDE/ATA drives on the primary and secondary disk controllers) with RAID 1 and LVM (see Lab 6.2, "Managing RAID"), the storage layout options would look like this:

# General partitioning options
clearpart --all --initlabel --drives=hda,hdc
zerombr yes

# Partitions
# Two IDE disk drives, hda and hdc
part raid.01 --size 100   --ondrive=hda
part raid.02 --size 40000 --ondrive=hda
part raid.03 --size 40000 --ondrive=hda
part raid.04 --size 40000 --ondrive=hda
part raid.05 --size 40000 --ondrive=hda
part raid.06 --size 1     --ondrive=hda --grow

part raid.07 --size 100   --ondrive=hdc
part raid.08 --size 40000 --ondrive=hdc
part raid.09 --size 40000 --ondrive=hdc
part raid.10 --size 40000 --ondrive=hdc
part raid.11 --size 40000 --ondrive=hdc
part raid.12 --size 1     --ondrive=hdc --grow
           
# RAID arrays
# Six RAID arrays, all RAID 1:
# - one is 100 MB /boot array
# - five are 40GB PV arrays 
#   (4 * 40000 MB, remaining space in last array)
raid /boot --device md0 --level=RAID1 raid.01 raid.07 --fstype ext3
raid pv.01 --device md1 --level=RAID1 raid.02 raid.08
raid pv.02 --device md2 --level=RAID1 raid.03 raid.09
raid pv.03 --device md3 --level=RAID1 raid.04 raid.10
raid pv.04 --device md4 --level=RAID1 raid.05 raid.11
raid pv.05 --device md5 --level=RAID1 raid.06 raid.12

# Volume Group 'main'
volgroup main pv.01 pv.02 pv.03 pv.04 pv.05

# LVs for root (10GB), /home (35GB), /var (35GB), and swap (1GB),
# leaving about 20 GB available for snapshots and future expansion 
# of the LVs
logvol swap  --vgname=main --size=1024  --name=swap
logvol /     --vgname=main --size=10000 --name=root --fstype=ext3
logvol /home --vgname=main --size=35000 --name=home --fstype=ext3
logvol /var  --vgname=main --size=35000 --name=var  --fstype=ext3

You can now specify the user interface mode during installation:

text: Install in full-screen text mode.
cmdline: Install in text mode without the full-screen display.
interactive: Present the normal interactive prompts at the start of the installation process, but use the values from the Kickstart file as the defaults. The user can then override the values.
autostep: Run through the interactive prompts automatically, like a slideshow; this may be helpful for debugging.

You can also include instructions on how the final user interface is to be configured:

skipx: Don't configure the X Window System.
xconfig: Although you can specify many arguments for the X Window configuration, in most cases it's best to let Anaconda discover your hardware configuration by probing. Set the screen resolution with --resolution= WxH, and set the maximum color depth with --depth=24. To configure the system to start in runlevel 5 instead of runlevel 3 (see Lab 4.5, "Using Runlevels"), use the argument --startxonboot.

Putting these options together for a text based, hands-off installation configured so that the installed system will start up with a graphical login prompt (1024x768 resolution, 16-million-color display), use:

text
xconfig --startxonboot --depth=24 --resolution=1024x768

Next comes security:

firewall: Configures the network firewall. Use --enabled to turn the firewall on or --disabled to turn it off. If you have multiple network interfaces and don't want to firewall some of them, use a --trust= ethN argument for each unprotected interface. To permit connections on particular ports, use the argument --port= port:proto,port:proto, or select a combination of the abbreviations --http, --smtp, --ftp, --telnet, and --ssh.
selinux: Disables SELinux if used with the --disabled argument, or produces warning messages but does not enforce security policy if --permissive is specified.

This is a typical configuration:

firewall --enabled --port=5900:tcp --ssh --http --smtp

TCP port 5900 is the port used for VNC.

You can now specify what should happen after the installation is complete:

firstboot: Enables the interactive post-installation configuration during the first boot of the new system. Normally, this is not performed after a Kickstart installation. Use the --enable option to enable a normal first-boot session or --reconfig to enable additional settings to be changed (including the keyboard, language, and network settings).
poweroff: Turns the system off after installation (if the system can be turned off by the kernel).
halt: Halts the system after installation but doesn't turn the power off.
reboot: Restarts the computer after installation. If the installation media is still present or you used PXE booting to start the installation process, this may lead to an endless cycle of installations.

To shut the system down and allow for reconfiguration when the system is first turned on, use:

firstboot --reconfig
poweroff

At the very end of the Kickstart file, place the option %packages, followed by a list of packages to be installed, one per line. To see the available package names, look in the Fedora directory of the installation tree (e.g., the installation DVD or network installation server). Instead of selecting packages individually, you can choose groups of packages as shown in Table 10-3.

Table 10-3. Package groups available in Fedora Core 6
Category Available package groups
Desktop environments @gnome-desktop@kde-desktop
Applications @authoring-and-publishing@editors@engineering-and-scientific@games@graphical-internet@graphics@office@sound-and-video@text-internet
Development @development-libs@development-tools@eclipse@gnome-software-development@java-development@kde-software-development@legacy-software-development@ruby@x-software-development
Servers @dns-server@ftp-server@legacy-network-server@mail-server@mysql@network-server@news-server@printing@server-cfg@smb-server@sql-server@web-server
Base system @admin-tools@base@base-x@dialup@dns-server@java@legacy-software-support@system-tools
Languages @arabic-support@assamese-support@bengali-support@bulgarian-support@chinese-support@croatian-support@czech-support@estonian-support@gujarati-support@hebrew-support@hindi-support@hungarian-support@japanese-support@korean-support@polish-support@punjabi-support@romanian-support@russian-support@serbian-support@slovak-support@slovenian-support@tamil-support@thai-support@ukrainian-support

Use * to select all available packages (dependencies and conflicts permitting). On the other extreme, use the special package group @core to install a very minimal, text-based system (almost too small to be usable but a good starting point for very compact systems) or @base to install a small text-based system with enough basic software to be useful.

To exclude a package, prepend a minus sign:

-hdparm

For example, if you wanted GNOME, office applications, Samba, printing capability, support for Russian, the GIMP graphics editor, and the Tomboy note program, place these lines at the end of the Kickstart file:

%packages
@gnome-desktop
@office
@smb-server
@printing
@russian-support
gimp
tomboy

Putting this all together, we get this Kickstart file:

auth --enableshadow --enablemd5
bootloader --location=mbr --md5pass=$1$RaNDoMju$OS0p7cTCbvCJ2ITUfcovM1
lang en_US
keyboard us
rootpw --iscrypted $1$RaNDoMju$OS0p7cTCbvCJ2ITUfcovM1
timezone America/Torontourl --url=http://192.168.1.2/fc6/

url --url=http://192.168.1.2/fc6/
network --bootproto=dhcp   --device eth0
network --bootproto=static --device eth1 \
    --ip 10.2.97.33 --netmask=255.255.255.0
    
# General partitioning options
clearpart --all --initlabel
zerombr yes

# Partitions
# Two IDE disk drives, hda and hdc
part raid.01 --size 100   --ondrive=hda
part raid.02 --size 40000 --ondrive=hda
part raid.03 --size 40000 --ondrive=hda
part raid.04 --size 40000 --ondrive=hda
part raid.05 --size 40000 --ondrive=hda
part raid.06 --size 1     --ondrive=hda --grow

part raid.07 --size 100   --ondrive=hdc
part raid.08 --size 40000 --ondrive=hdc
part raid.09 --size 40000 --ondrive=hdc
part raid.10 --size 40000 --ondrive=hdc
part raid.11 --size 40000 --ondrive=hdc
part raid.12 --size 1     --ondrive=hdc --grow
           
# RAID arrays
# Six RAID arrays, all RAID 1:
# - one is 100 MB /boot array
# - five are 40GB PV arrays 
#   (4 * 4000 MB, remaining space in last array)
raid /boot --device md0 --level=RAID1 raid.01 raid.07 --fstype ext3
raid pv.01 --device md1 --level=RAID1 raid.02 raid.08
raid pv.02 --device md2 --level=RAID1 raid.03 raid.09
raid pv.03 --device md3 --level=RAID1 raid.04 raid.10
raid pv.04 --device md4 --level=RAID1 raid.05 raid.11
raid pv.05 --device md5 --level=RAID1 raid.06 raid.12

# Volume Group 'main'
volgroup main pv.01 pv.02 pv.03 pv.04 pv.05

# LVs for root (10GB), /home (35GB), /var (35GB), and swap (1GB),
# leaving about 20 GB available for snapshots and future expansion 
# of the LVs
logvol swap  --vgname=main --size=1024  --name=swap
logvol /     --vgname=main --size=10000 --name=root --fstype=ext3
logvol /home --vgname=main --size=35000 --name=home --fstype=ext3
logvol /var  --vgname=main --size=35000 --name=var  --fstype=ext3

text
xconfig --startxonboot --depth=24 --resolution=1024x768

firewall --enabled --port=5900:tcp --ssh --http --smtp

firstboot --reconfig
poweroff

%packages
@gnome-desktop
@office
@smb-server
@printing
@russian-support
gimp
tomboy

10.4.1.1. Using a Kickstart file

To use a Kickstart file, make it accessible to the installation target system by placing it on an HTTP, FTP, or NFS server, or put it on a floppy disk.

To use a Kickstart file on floppy disk, add ks=floppy to the boot string encountered when booting from a USB key or optical disc:

: linux ks=floppy

It is assumed that the Kickstart file is named ks.cfg, that it is in the root directory of the floppy disk, and that the floppy disk is formatted with an MS-DOS (VFAT) or ext2 filesystem.

To make the Kickstart file available through the web server on a Fedora Core system, use these commands (assuming that the file is named ks.cfg and is in the current directory):

# mkdir -p /var/www/kickstart
# cp ks.cfg /var/www/kickstart

You can then access the Kickstart file by URL at the installation boot prompt:

: linux ks=http://192.168.1.2/kickstart/ks.cfg

(Replace 192.168.1.2 with the actual address of your server.) However, when booting from a PXE boot server, no boot prompt is provided. Instead, you must configure the Kickstart file by entering the URL into the system-config-netboot window for a particular IP address or range (Figure 10-20) or using the -K argument to the pxeboot command:

# pxeboot -a -O fc6 192.168.1 -K http://192.168.1.2/kickstart/ks.cfg

10.4.2. How Does It Work?

Fedora's Anaconda installer is written in Python and uses a library called the Red Hat Python Library, or rhpl. Before commencing the installation process, Anaconda must load the data structures that control the installation. These data structures can be filled with data from user input or from the Kickstart file.

10.4.3. What About...

10.4.3.1. ...creating a Kickstart file using a graphical tool?

Fedora Core provides the system-config-kickstart utility for graphically editing a Kickstart file. Unfortunately, the version of system-config-kickstart shipped with Fedora Core 6 has some show-stopping bugs that cause it to create defective Kickstart files, and it is not able to configure LVM systems. However, you can use it to create a rough Kickstart file to use as a starting point for further customization.

10.4.3.2. ...creating a Kickstart file that dynamically adjusts according to properties of the installation target?

Kickstart files can include a script that is run before installation, and the output of that script can be included into the Kickstart configuration.

For example, to configure swapspace to be double the memory size, you can add this script to the Kickstart file:

%pre

# Calculate twice the size of the installed memory, in MB
MEM=$(cat /proc/meminfo|sed -n "s/MemTotal: *\([0-9]\+\) kB/\1/p")
SIZE=$(( $MEM * 2 / 1024 ))

# Create the file /tmp/swap.cfg
echo  "logvol swap --vgname=main --size=$SIZE --name=swap" >/tmp/swap.cfg

The %pre option identifies this part of the file as a preinstallation script. Place this script at the end of the Kickstart file; it will produce the file /tmp/swap.cfg containing the appropriate logvol line for the swap partition.

You can then replace the swap partition line in the Kickstart file with an option that refers to the /tmp/swap.cfg file using %include:

# LVs for root (10GB), /home (35GB), /var (35GB), and swap (RAM * 2),
# leaving about 20 GB available for snapshots and future expansion 
# of the LVs.
%include /tmp/swap.cfg
logvol /     --vgname=main --size=10000 --name=root --fstype=ext3
logvol /home --vgname=main --size=35000 --name=home --fstype=ext3
logvol /var  --vgname=main --size=35000 --name=var  --fstype=ext3

Preinstallation scripts cannot change the installation source.

10.4.3.3. ...performing customization after installation?

The Kickstart file can also include a script that is run after installation, using the %post option. Here is an example:

% post

# Add aliases to /etc/bashrc:
echo "alias l='ls -l'" >>/etc/bashrc
echo "alias cls='clear'" >>/etc/bashrc

# Change the login welcome message for text consoles
echo "Welcome to Fedora Core!" >/etc/issue

# Place a copy of acceptable-use-policy.txt
# in /etc/skel so that it will be copied to each
# new user's home diretory.
cd /etc/skel
wget http://192.168.1.2/text/acceptable-use-policy.txt

# Configure httpd to start automatically on boot
/sbin/chkconfig httpd on

Post-installation scripts cannot reliably use hostnames; any IP addresses must be specified numerically.

10.4.3.4. ...installing a system with the same configuration as another, previously installed system?

Whenever you install a system, the configuration used for that system is written into the file /root/anaconda-ks.cfg. This is a standard Kickstart file with the disk layout commented out (every line has a # prepended). If you uncomment the disk layout and then use this as the Kickstart file for another system, it will produce an identical configuration (note that the hardware must be sufficiently similar for this to work).

10.4.4. Where Can I Learn More?

The RHEL 4 System Administration Guide (see Chapter 1; RHEL uses a version of Anaconda similar to that used by Fedora): http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/
"Hands-Off Fedora Installs with Kickstart," by Ethan McCallum: http://www.linuxdevcenter.com/pub/a/linux/2004/08/19/kickstart.html
The Fedora Wiki page with information on Kickstart: http://fedoraproject.org/wiki/AnacondaKickstartIntegration