Kickstart Syntax Reference
This appendix describes commands and options available in Kickstart installations. For general information about Kickstart, see Automating the Installation with Kickstart.
- Installation Methods and Sources
- device (optional) - Install Extra Device Drivers
- driverdisk (optional) - Use a Driver Disk
- mediacheck (optional) - Verify Installation Media Integrity
- ostreesetup (optional) - Install from an OSTree
- repo (optional) - Configure Additional Repositories
- url (optional) - Install from an installation tree on a remote server via FTP or HTTP.
- Storage and Partitioning
- autopart (optional) - Automatic Partitioning
- bootloader (required) - Configure Boot Loader
- btrfs (optional) - Create Btrfs Volume or Subvolume
- clearpart (optional) - Remove All Existing Partitions
- fcoe (optional) - Configure Fibre Channel Over Ethernet Devices
- ignoredisk (optional) - Ignore Specified Disks
- iscsi (optional) - Configure iSCSI Devices
- iscsiname (optional) - Assign Name to iSCSI Device
- logvol (optional) - Create LVM Logical Volume
- part (required) - Create Physical Partition
- raid (optional) - Create Software RAID
- reqpart (optional) - Create Required Partitions
- volgroup (optional) - Create LVM Volume Group
- zerombr (optional) - Reinitialize Partition Tables
- zfcp (optional) - Configure Fibre Channel Device
- Network Configuration
- Console and Environment
- Users, Groups and Authentication
- auth or authconfig (optional) - Configure Authentication (deprecated)
- authselect (optional) - Configure Authentication
- group (optional) - Create User Group
- pwpolicy (optional) - Change the Default Password Policy
- realm (optional) - Join an Active Directory or IPA Domain
- rootpw (required) - Set Root Password
- selinux (optional) - Configure SELinux
- sshkey (optional) - Add an Authorized SSH Key
- user (optional) - Create User Account
- Installation Environment
- autostep (optional) - Go Through Every Screen
- cmdline (optional) - Perform Installation in Command Line Mode
- graphical (optional) - Perform Installation in Graphical Mode
- logging (optional) - Configure Error Logging During Installation
- rescue (optional) - Rescue Mode
- sshpw (optional) - Restrict ssh Access During Installation
- text (optional) - Perform Installation in Text Mode
- unsupported_hardware (optional) - Suppress Unsupported Hardware Alerts
- vnc (optional) - Configure VNC Access
- After the Installation
- %addon com_redhat_kdump (optional) - Configure kdump
- firstboot (optional) - Enable or Disable Initial Setup
- halt (optional) - Halt System After Installation
- poweroff (optional) - Power Off After Installation
- reboot (optional) - Reboot After Installation
- shutdown (optional) - Shut Down After Installation
- Example Kickstart Configurations
Device names are not guaranteed to be consistent across reboots, which can complicate usage in Kickstart scripts. When a Kickstart option calls for a device node name (such as part / --fstype=xfs --onpart=sda1
You could use an entry similar to one of the following: part / --fstype=xfs --onpart=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0-part1 part / --fstype=xfs --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1 This provides a consistent way to refer to disks that is more meaningful than just |
While the general principles of Kickstart installations tend to stay the same, the commands and options can change between major releases. You can use the ksverdiff command to display the differences between two versions of the Kickstart syntax. This is useful when updating an existing Kickstart file to be used with a new release. To display a list of changes in syntax between Fedora 34 and 35, use the following command:
$ ksverdiff -f F34 -t F35
The -f option specifies the release to start the comparison with, and the -t option to specify the release to end with. For additional information, see the ksverdiff(1)
man page. Also note that you cannot use this to display changes in a release that is newer than your system - the version of pykickstart on Fedora 34 cannot display changes in Fedora 35.
Additionally, you can review the Fedora 35 Release Notes, available at https://docs.fedoraproject.org/, for a list of changes.
In the following sections, if an option is followed by an equals mark ( |
Installation Methods and Sources
The following commands control the way Fedora will be installed.
device (optional) - Install Extra Device Drivers
On most PCI systems, the installation program will automatically detect Ethernet and SCSI cards. However, on older systems and some PCI systems, Kickstart requires a hint to find the proper devices. The device command, which tells the installation program to install extra modules, uses the following format:
device moduleName [--opts=]
Replace moduleName with the name of the kernel module which should be installed.
- --opts=
-
Options to pass to the installed kernel module. For example:
device i2c_piix4 --opts="aic152x=0x340 io=11"
driverdisk (optional) - Use a Driver Disk
Driver disks can be used during Kickstart installations to provide additional drivers not included by default. You must copy the driver disks’s contents to the root directory of a partition on the system’s hard drive. Then, you must use the driverdisk command to specify that the installation program should look for a driver disk and its location.
driverdisk partition | --source= | --biospart=
- partition
-
Search for the driver disk image on a local partition. Replace partition with the name of the partition containing the driver disk. Note that the partition must be specified as a full path. For example:
driverdisk /dev/sdb1
- --source=
-
Search for the driver disk in a network location instead of a local partition. For example:
driverdisk --source=ftp://path/to/dd.img
driverdisk --source=http://path/to/dd.img
driverdisk --source=nfs:hostname:/path/to/dd.img
- --biospart=
-
BIOS partition containing the driver disk (for example,
82p2
).
mediacheck (optional) - Verify Installation Media Integrity
This command will force the installation program to perform a media check before starting the installation, similarly to the rd.live.check boot option (see Verifying Boot Media. This command requires that installations be attended, so it is disabled by default.
ostreesetup (optional) - Install from an OSTree
Used for OSTree installations. See https://wiki.gnome.org/action/show/Projects/OSTree for more information about OSTree. Available options are:
- --osname=
-
Management root for OS installation (required).
- --remote=
-
Management root for OS installation (optional).
- --url=
-
Repository URL (required).
- --ref=
-
Name of branch inside the repository (required).
- --nogpg
-
Disable GPG key verification (optional).
repo (optional) - Configure Additional Repositories
Configures additional DNF repositories that may be used as sources for package installation. This command can be used multiple times in a single Kickstart file.
See the Fedora System Administrator’s Guide for information about the DNF package manager.
Repositories used for installation must be stable. The installation may fail if a repository is modified before the installation concludes. |
- --name=
-
The repository ID. This option is required. If a repository has a name which conflicts with another previously added repository, it will be ignored. Because the installation program uses a list of pre-configured repositories, this means that you cannot add repositories with the same names as the preconfigured ones.
- --baseurl=
-
The repository URL. The variables that may be used in DNF repo configuration files are not supported. You may use one of either this option or --mirrorlist, not both.
- --mirrorlist=
-
The URL pointing at a list of mirrors for the repository. The variables that may normally be used in dnf repository configuration files are not supported here. You may use one of either this option or --baseurl, not both.
- --install
-
Make the repository configured in the Kickstart file available on the system after the installation as well. Creates a configuration file for the repository in
/etc/yum.repos.d/
on the installed system. - --cost=
-
An integer value to assign a cost to this repository. If multiple repositories provide the same packages, this number will be used to prioritize which repository will be used before another. Repositories with a lower cost take priority over repositories with higher cost.
- --excludepkgs=
-
A comma-separated list of package names that must not be pulled from this repository. This is useful if multiple repositories provide the same package and you want to make sure it comes from a particular repository. Both full package names (such as
publican
) and globs (such asgnome-*
) are accepted. - --includepkgs=
-
A comma-separated list of package names and globs that must be pulled from this repository. This is useful if multiple repositories provide the same package and you want to make sure it comes from this repository.
- --proxy=
-
Specify an
HTTP
,HTTPS
orFTP
proxy server to use when accessing this repository. This setting does not affect any other repositories or installation sources. - --ignoregroups=true
-
This option is used when composing installation trees and has no effect on the installation process itself. It tells the compose tools to not look at the package group information when mirroring trees so as to avoid mirroring large amounts of unnecessary data.
- --noverifyssl
-
Disable SSL verification when connecting to an
HTTPS
server.
url (optional) - Install from an installation tree on a remote server via FTP or HTTP.
Install from an installation tree on a remote server via FTP or HTTP.
- --proxy=
-
Specify an HTTP/HTTPS/FTP proxy to use while performing the install. The various parts of the argument act like you would expect. The syntax is:
[protocol://][username[:password]@]host[:port]
- --noverifyssl
-
For a tree on a HTTPS server do not check the server’s certificate with what well-known CA validate and do not check the server’s host name matches the certificate’s domain name.
- --url=
-
The URL to install from. Variable substitution is done for
$releasever
and$basearch
in the URL. - --mirrorlist=
-
The mirror URL to install from. Variable substitution is done for
$releasever
and$basearch
in the URL. - --metalink=
-
The metalink URL to install from. Variable substitution is done for
$releasever
and$basearch
in the URL.
Storage and Partitioning
Commands in this section are used to determine your system’s storage options and partitioning.
autopart (optional) - Automatic Partitioning
Automatically creates partitions: a root (/
) partition (1 GB or larger), a swap
partition, and an appropriate /boot
partition for the architecture. On large enough drives (50 GB and larger), this also creates a /home
partition.
The autopart option cannot be used together with the part/partition, raid, logvol, or volgroup options in the same Kickstart file. |
- --type=
-
Selects one of the predefined automatic partitioning schemes you want to use. Accepts the following values:
-
lvm
: The LVM partitioning scheme. -
btrfs
: The Btrfs partitioning scheme. -
plain
: Regular partitions with no LVM or Btrfs. -
thinp
: The LVM Thin Provisioning partitioning scheme.The created partitioning scheme will follow the recommended scheme described at Recommended Partitioning Scheme.
-
- --fstype=
-
Specify a supported file system (such as
ext4
orxfs
) to replace the default when doing automatic partitioning. - --nolvm
-
Do not use LVM or Btrfs for automatic partitioning. This option is equal to --type=plain.
- --encrypted
-
Encrypts all partitions. This is equivalent to checking the
Encrypt partitions
check box on the initial partitioning screen during a manual graphical installation. - --passphrase=
-
Provides a default system-wide passphrase for all encrypted devices.
- --escrowcert=URL_of_X.509_certificate
-
Stores data encryption keys of all encrypted volumes as files in
/root
, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if --encrypted is specified. - --backuppassphrase
-
Adds a randomly-generated passphrase to each encrypted volume. Store these passphrases in separate files in
/root
, encrypted using the X.509 certificate specified with --escrowcert. This option is only meaningful if --escrowcert is specified. - --cipher=
-
Specifies which type of encryption will be used if the Anaconda default
aes-xts-plain64
is not satisfactory. You must use this option together with the --encrypted option; by itself it has no effect. Available types of encryption are listed in the Fedora Security Guide, available at https://docs.fedoraproject.org/. Using eitheraes-xts-plain64
oraes-cbc-essiv:sha256
is strongly recommended. - --luks-version=
-
Specifies which version of LUKS should be used to encrypt the system. Only relevant if --encrypted is also specified.
- --pbkdf=
-
Sets Password-Based Key Derivation Function (PBKDF) algorithm for the LUKS keyslot. Only relevant if --encrypted is also specified. See the
cryptsetup(8)
man page for more information. - pbkdf-memory=
-
Sets the memory cost for PBKDF. Only relevant if --encrypted is also specified. See the
cryptsetup(8)
man page for more information. - pbkdf-time=
-
Sets the number of milliseconds to spend with PBKDF passphrase processing. Only relevant if --encrypted is also specified. See information about the --iter-time option in the
cryptsetup(8)
man page for more information.Only one of --pbkdf-time= or --pbkdf-iterations= can be specified at the same time.
- pbkdf-iterations=
-
Sets the number of iterations for passphrase processing directly, and avoids PBKDF benchmark. Only relevant if --encrypted is also specified. See information about the --pbkdf-force-iterations option in the
cryptsetup(8)
man page for more information.Only one of --pbkdf-time= or --pbkdf-iterations= can be specified at the same time.
bootloader (required) - Configure Boot Loader
Specifies how the boot loader should be installed.
You should always use a password to protect your boot loader. An unprotected boot loader can allow a potential attacker to modify the system’s boot options and gain unauthorized access to the system. |
Some systems require a special partition for installing the boot loader. The type and size of this partition depends on whether the disk you are installing the boot loader to uses the Master Boot Record (MBR) or a GUID Partition Table (GPT) schema. For more information, see Boot Loader Installation. |
- --append=
-
Specifies additional kernel parameters. To specify multiple parameters, separate them with spaces. For example:
bootloader --location=mbr --append="hdd=ide-scsi ide=nodma"
The rhgb and quiet parameters are always used, even if you do not specify them here or do not use the --append= command at all.
- --boot-drive=
-
Specifies which drive the boot loader should be written to, and therefore which drive the computer will boot from. If you use a multipath device as the boot drive, specify only one member of the device.
The --boot-drive= option is currently being ignored in Fedora installations on IBM System z systems using the zipl boot loader. When zipl is installed, it determines the boot drive on its own.
Not specifying this option will result in the following behavior:
-
If the --driveorder= option was used, Anaconda will install the boot loader on the first valid device specified in the drive order.
-
The first present and valid disk containing a
/boot
partition will be used. -
If none of the above applies, then the first valid storage device from the list of all detected devices will be used to install the boot loader.
-
- --leavebootorder
-
Prevents the installation program from making changes to the existing list of bootable images on UEFI or ISeries/PSeries systems.
- --driveorder=
-
Specifies which drive is first in the BIOS boot order. For example:
bootloader --driveorder=sda,hda
- --location=
-
Specifies where the boot record is written. Valid values are the following:
-
mbr
- The default option. Depends on whether the drive uses the Master Boot Record (MBR) or GUID Partition Table (GPT) scheme:-
On a GPT-formatted disk, this option will install stage 1.5 of the boot loader into the BIOS boot partition.
-
On an MBR-formatted disk, stage 1.5 will be installed into the empty space between the MBR and the first partition.
-
-
partition
- Install the boot loader on the first sector of the partition containing the kernel. -
none
- Do not install the boot loader.In most cases, this option does not need to be specified.
-
- --password=
-
If using GRUB2 as the boot loader, sets the boot loader password to the one specified with this option. This should be used to restrict access to the GRUB2 shell, where arbitrary kernel options can be passed.
If a password is specified, GRUB2 will also ask for a user name. The user name is always
root
. - --iscrypted
-
Normally, when you specify a boot loader password using the --password= option, it will be stored in the Kickstart file in plain text. If you want to encrypt the password, use this option and an encrypted password.
To generate an encrypted password, use the grub2-mkpasswd-pbkdf2 command, enter the password you want to use, and copy the command’s output (the hash starting with
grub.pbkdf2
) into the Kickstart file. An example bootloader Kickstart entry with an encrypted password will look similar to the following:bootloader --iscrypted --password=grub.pbkdf2.sha512.10000.5520C6C9832F3AC3D149AC0B24BE69E2D4FB0DBEEDBD29CA1D30A044DE2645C4C7A291E585D4DC43F8A4D82479F8B95CA4BA4381F8550510B75E8E0BB2938990.C688B6F0EF935701FF9BD1A8EC7FE5BD2333799C98F28420C5CC8F1A2A233DE22C83705BB614EA17F3FDFDF4AC2161CEA3384E56EB38A2E39102F5334C47405E
- --timeout=
-
Specifies the amount of time the boot loader will wait before booting the default option (in seconds).
- --default=
-
Sets the default boot image in the boot loader configuration.
- --extlinux
-
Use the extlinux boot loader instead of GRUB2. This option only works on systems supported by extlinux.
- --disabled
-
Do not attempt to install a boot loader. This option overrides all other boot loader configuration; all other boot loader options will be ignored and no boot loader packages will be installed.
- --nombr
-
Install the boot loader configuration and support files, but do not modify the MBR.
btrfs (optional) - Create Btrfs Volume or Subvolume
Create a Btrfs volume or subvolume. For a volume, the syntax is:
btrfs mntpoint --data=level --metadata=level [--label=] partitions
One or more partitions can be specified in partitions. When specifying more than one partitions, the entries must be separated by a single space. See Creating Btrfs Volumes and Subvolumes for a demonstration.
For a subvolume, the syntax is:
btrfs mntpoint --subvol --name=name parent
parent should be the identifier of the subvolume’s parent volume, name with a name for the subvolume, and mntpoint is the location where the file system is mounted.
- --data=
-
RAID level to use for file system data (such as
0
,1
, or10
). This parameter is optional, has no meaning for subvolumes, and requires more than one physical disk. - --metadata=
-
RAID level to use for file system/volume metadata (such as
0
,1
, or10
). This parameter is optional, has no meaning for subvolumes, and requires more than one physical disk. - --label=
-
Specify a label for the Btrfs file system. If the given label is already in use by another file system, a new label will be created. This option has no meaning for subvolumes.
- --subvol
-
Create a Btrfs subvolume instead of a volume.
- --name=
-
Set a name for a Btrfs subvolume.
- --noformat or --useexisting
-
Use an existing Btrfs volume (or subvolume) and do not reformat the file system.
- --mkfsoptions=
-
Specifies additional parameters to be passed to the program that makes a filesystem on this volume or subvolume. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem.
The following example shows how to create a Btrfs volume from member partitions on three disks with subvolumes for /
and /home
. The main volume is not mounted or used directly in this example.
part btrfs.01 --size=6000 --ondisk=sda part btrfs.02 --size=6000 --ondisk=sdb part btrfs.03 --size=6000 --ondisk=sdc btrfs none --data=0 --metadata=1 --label=f35 btrfs.01 btrfs.02 btrfs.03 btrfs / --subvol --name=root LABEL=f35 btrfs /home --subvol --name=home f35
clearpart (optional) - Remove All Existing Partitions
Removes partitions from the system, prior to creation of new partitions. By default, no partitions are removed.
If the clearpart command is used, then the part --onpart command cannot be used on a logical partition. |
For a detailed example of partitioning including the clearpart command, see Advanced Partitioning Example.
- --all
-
Erases all partitions from the system.
This option will erase all disks which can be reached by the installer, including any attached network storage. Use this option with caution.
- --drives=
-
Specifies which drives to clear partitions from. For example, the following clears all the partitions on the first two drives on the primary IDE controller:
clearpart --drives=hda,hdb --all
To clear a multipath device, use the format
disk/by-id/scsi-WWID
, where WWID is the world-wide identifier for the device. For example, to clear a disk with WWID58095BEC5510947BE8C0360F604351918
, use:clearpart --drives=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
This format is preferable for all multipath devices, but if errors arise, multipath devices that do not use logical volume management (LVM) can also be cleared using the format
disk/by-id/dm-uuid-mpath-WWID
, where WWID is the world-wide identifier for the device. For example, to clear a disk with WWID2416CD96995134CA5D787F00A5AA11017
, use:clearpart --drives=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
Never specify multipath devices by device names like
mpatha
. Device names such as this are not specific to a particular disk. The disk named/dev/mpatha
during installation might not be the one that you expect it to be. Therefore, the clearpart command could target the wrong disk.Starting with Fedora 25, you can combine multiple ways of specifying storage targets in one command, using the pipe (“
|
”) as a delimiter. For example:clearpart --drives=sd*|hd*|vda,/dev/vdc
The above will match either of
sd*
,hd*
, orvda
and/dev/vdc
. Variants are processed from left to right, and at least one of them must match for the command to succeed. - --list=
-
Specifies which partitions to clear. This option overrides the --all and --linux options if used. Can be used across different drives. For example:
clearpart --list=sda2,sda3,sdb1
- --disklabel=
-
Create a set disk label when relabeling a disk.
- --linux
-
Erases all Linux partitions.
- --none
-
Do not remove any partitions. This is the default behavior - using this option is the same as not using the clearpart command at all.
Using the clearpart --all command in a Kickstart file to remove all existing partitions during the installation will cause Anaconda to pause and prompt you for a confirmation. If you need to perform the installation automatically with no interaction, add the zerombr command to your Kickstart file. |
fcoe (optional) - Configure Fibre Channel Over Ethernet Devices
Specify which FCoE devices should be activated automatically in addition to those discovered by Enhanced Disk Drive Services (EDD).
fcoe --nic=name [--dcp= | --autovlan]
- --nic= (required)
-
Name of the device to be activated.
- --dcb=
-
Establish Data Center Bridging (DCB) settings.
- --autovlan
-
Discover VLANs automatically.
ignoredisk (optional) - Ignore Specified Disks
Causes the installation program to ignore the specified disks. This is useful if you use autopartition and want to be sure that some disks are ignored. For example, without ignoredisk, attempting to deploy on a SAN cluster the Kickstart would fail, as the installation program detects passive paths to the SAN that return no partition table.
ignoredisk --drives= | --only-use= [--interactive]
- --drives=
-
Specify one or more drives to ignore. Multiple drives can be specified as a comma-separated list. For example:
ignoredisk --drives=sda,sdc
To ignore a multipath device that does not use logical volume management (LVM), use the format
disk/by-id/dm-uuid-mpath-WWID
, where WWID is the world-wide identifier for the device. For example, to ignore a disk with WWID2416CD96995134CA5D787F00A5AA11017
, use:ignoredisk --drives=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
Multipath devices that use LVM are not assembled until after Anaconda has parsed the Kickstart file. Therefore, you cannot specify these devices in the format
dm-uuid-mpath
. Instead, to ignore a multipath device that uses LVM, use the formatdisk/by-id/scsi-WWID
, where WWID is the world-wide identifier for the device. For example, to ignore a disk with WWID58095BEC5510947BE8C0360F604351918
, use:ignoredisk --drives=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
Never specify multipath devices by device names like
mpatha
. Device names such as this are not specific to a particular disk. The disk named/dev/mpatha
during installation might not be the one that you expect it to be. Therefore, the clearpart command could target the wrong disk.Starting with Fedora 25, you can combine multiple ways of specifying storage targets in one command, using the pipe (“
|
”) as a delimiter. For example:ignoredisk --drives=sd*|hd*|vda,/dev/vdc
The above will match either of
sd*
,hd*
, orvda
and/dev/vdc
. Variants are processed from left to right, and at least one of them must match for the command to succeed. - --only-use=
-
Specifies a list of disks for the installation program to use. All other disks are ignored. For example, to use disk
sda
during installation and ignore all other disks:ignoredisk --only-use=sda
To include a multipath device that does not use LVM:
ignoredisk --only-use=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
To include a multipath device that uses LVM:
ignoredisk --only-use=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
- --interactive
-
Allows you to manually navigate the advanced storage screen.
iscsi (optional) - Configure iSCSI Devices
Specifies additional iSCSI storage to be attached during installation. If you use the iscsi command, you must also assign a name to the iSCSI node, using the iscsiname command (see iscsiname (optional) - Assign Name to iSCSI Device. The iscsiname command must appear before the iscsi command in the Kickstart file.
You should configure iSCSI storage in the system BIOS or firmware (iBFT for Intel systems) rather than use the iscsi command if possible. If you do so, Anaconda automatically detects and uses disks configured in BIOS or firmware and no special configuration is necessary in the Kickstart file.
If you must use the iscsi command, make sure that networking is activated at the beginning of the installation, and that the iscsi command appears in the Kickstart file before you refer to iSCSI disks with commands such as clearpart or ignoredisk.
iscsi --ipaddr= --port= [--target= | --iface= | --user= | --password= | --reverse-user= | --reverse-password=]
- --ipaddr=
-
The IP address of the target to connect to.
- --port=
-
The port number (typically
3260
). - --target=
-
Target IQN (iSCSI Qualified Name).
- --iface=
-
Bind the connection to a specific network interface instead of using the default one determined by the network layer. Once used, it must be specified in all instances of the iscsi command in the entire Kickstart file.
- --user=
-
User name required to authenticate with the target.
- --password=
-
Password that corresponds with the user name specified for the target.
- --reverse-user=
-
User name required to authenticate with the initiator from a target using reverse CHAP authentication.
- --reverse-password=
-
Password that corresponds with the user name specified for the initiator.
iscsiname (optional) - Assign Name to iSCSI Device
Assigns a name to an iSCSI node specified by the iscsi command (iscsi (optional) - Configure iSCSI Devices). This command is mandatory if you use the iscsi command, and it must be specified before you use iscsi.
iscsiname iqn
logvol (optional) - Create LVM Logical Volume
Create a logical volume for Logical Volume Management (LVM) with the syntax:
logvol mntpoint --vgname= --name= [options]
Do not use the dash ( This limitation only applies to newly created logical volume and volume group names. If you are reusing existing ones using the --noformat or --useexisting option, their names will not be changed. |
For a detailed example of logvol in action, see Advanced Partitioning Example.
- mntpoint
-
Replace with the volume’s mount point. This name can take the following forms:
/path
-
A path to the mount point - for example,
/
or/home
swap
-
The partition is used as swap space.
To determine the size of the swap partition automatically, use the --recommended option:
swap --recommended
To determine the size of the swap partition automatically but also allow extra space for your system to hibernate, use the --hibernation option:
swap --hibernation
The size assigned will be equivalent to the swap space assigned by --recommended plus the amount of RAM on your system.
For the swap sizes assigned by these commands, see the section describing swap in Recommended Partitioning Scheme.
none
-
Used only when creating a thin pool volume.
- --noformat
-
Use an existing logical volume and do not format it.
- --useexisting
-
Use an existing logical volume and format it.
- --fstype=
-
Sets the file system type for the logical volume. Valid values are
xfs
,ext2
,ext3
,ext4
,swap
, andvfat
. See Device, File System and RAID Types for information about available file systems. - --fsoptions=
-
Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the
/etc/fstab
file of the installed system and should be enclosed in quotes. For example:--fsoptions="ro, x-systemd.device-timeout=0"
- --mkfsoptions=
-
Specifies additional parameters to be passed to the program that makes a filesystem on this logical volume. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem.
- --label=
-
Sets a label for the logical volume.
- --grow
-
Grow the volume to fill available space (if any), or up to the limit set by the --maxsize= option.
- --size=
-
The size of the logical volume in megabytes. This option cannot be used together with the --percent= option.
- --percent=
-
Specify the amount by which to grow the logical volume, as a percentage of the free space in the volume group after any statically-sized logical volumes are taken into account. This option cannot be used together with the --size= and --grow options.
When creating a new logical volume, you must either specify its size statically using the --size= option, or as a percentage of remaining free space using the --percent= option. You cannot use both of these options on the same logical volume.
- --maxsize=
-
The maximum size in megabytes when the logical volume is set to grow. Specify an integer value here such as
500
(do not include the unit). - --recommended
-
Use this option when creating a
swap
logical volume to determine the size of this volume automatically, based on your system’s hardware. For details about the recommended scheme, see Recommended Partitioning Scheme.This option can only be used for partitions which result in a file system such as the
/boot
partition andswap
space. It cannot be used to create partitionsm, LVM physical or logical volumes or RAID members. - --resize
-
Resize an existing logical volume. If you use this option, you must also specify --useexisting and --size.
- --encrypted
-
Specifies that this logical volume should be encrypted, using the passphrase provided in the --passphrase= option. If you do not specify a passphrase, the installation program will use the default, system-wide passphrase set with the autopart --passphrase command, or stop the installation and prompt you to provide a passphrase if no default is set.
- --passphrase=
-
Specifies the passphrase to use when encrypting this logical volume. You must use this option together with the --encrypted option. This option has no effect by itself.
- --cipher=
-
Specifies which type of encryption will be used if the Anaconda default
aes-xts-plain64
is not satisfactory. You must use this option together with the --encrypted option; by itself it has no effect. Available types of encryption are listed in the Fedora Security Guide, available at https://docs.fedoraproject.org/. Using eitheraes-xts-plain64
oraes-cbc-essiv:sha256
is strongly recommended. - --escrowcert=URL_of_X.509_certificate
-
Store data encryption keys of all encrypted volumes as files in
/root
, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if --encrypted is specified. - --backuppassphrase
-
Add a randomly-generated passphrase to each encrypted volume. Store these passphrases in separate files in
/root
, encrypted using the X.509 certificate specified with --escrowcert. This option is only meaningful if --escrowcert is specified. - --thinpool
-
Creates a thin pool logical volume. (Use a mount point of
none
) - --metadatasize=
-
Metadata area size (in MiB) for a new thin pool device.
- --chunksize=
-
Chunk size (in KiB) for a new thin pool device.
- --thin
-
Create a thin logical volume. (Requires use of --poolname)
- --poolname=
-
Specify the name of the thin pool in which to create a thin logical volume. Requires the --thin option.
- --profile=
-
Specify the configuration profile name to use with thin logical volumes. If used, the name will also be included in the metadata for the given logical volume. By default, the available profiles are
default
andthin-performance
and are defined in the/etc/lvm/profile
directory. See thelvm(8)
man page for additional information. - --cachepvs=
-
A comma-separated list of (fast) physical volumes which should be used for LVM cache.
- --cachesize=
-
Requested size of cache attached to the logical volume, in MiB. (Requires the --cachepvs= option.)
- --cachemode=
-
Mode to be used for LVM cache (either
writeback
orwritethrough
).
The --cachepvs=, --cachesize=, and --cachemode= options listed above are used to configure LVM caching. For more information, see the |
- --luks-version=
-
Specifies which version of LUKS should be used to encrypt the system. Only relevant if --encrypted is also specified.
- --pbkdf=
-
Sets Password-Based Key Derivation Function (PBKDF) algorithm for the LUKS keyslot. Only relevant if --encrypted is also specified. See the
cryptsetup(8)
man page for more information. - pbkdf-memory=
-
Sets the memory cost for PBKDF. Only relevant if --encrypted is also specified. See the
cryptsetup(8)
man page for more information. - pbkdf-time=
-
Sets the number of milliseconds to spend with PBKDF passphrase processing. Only relevant if --encrypted is also specified. See information about the --iter-time option in the
cryptsetup(8)
man page for more information.Only one of --pbkdf-time= or --pbkdf-iterations= can be specified at the same time.
- pbkdf-iterations=
-
Sets the number of iterations for passphrase processing directly, and avoids PBKDF benchmark. Only relevant if --encrypted is also specified. See information about the --pbkdf-force-iterations option in the
cryptsetup(8)
man page for more information.Only one of --pbkdf-time= or --pbkdf-iterations= can be specified at the same time.
Create one or more partitions first using part (required) - Create Physical Partition, create the logical volume group (volgroup (optional) - Create LVM Volume Group), and then create logical volumes. For example:
part pv.01 --size 3000 volgroup myvg pv.01 logvol / --vgname=myvg --size=2000 --name=rootvol
part (required) - Create Physical Partition
Creates a partition on the system.
For a detailed example of part in action, see Advanced Partitioning Example.
part|partition mntpoint --name=name --device=device --rule=rule [options]
All partitions created are formatted as part of the installation process unless --noformat and --onpart= are used. |
If partitioning fails for any reason, diagnostic messages appear on virtual console 3. |
- mntpoint
-
Where the partition is mounted. The value must be of one of the following:
/path
-
A path to the mount point - for example,
/
or/home
swap
-
The partition is used as swap space.
To determine the size of the swap partition automatically, use the --recommended option:
swap --recommended
The size assigned will be effective but not precisely calibrated for your system.
To determine the size of the swap partition automatically but also allow extra space for your system to hibernate, use the --hibernation option:
swap--hibernation
The size assigned will be equivalent to the swap space assigned by --recommended plus the amount of RAM on your system.
For the swap sizes assigned by these commands, see the section describing swap in Recommended Partitioning Scheme.
raid.id
-
The partition is used for software RAID (see raid).
pv.id
-
The partition is used for LVM (see part (required) - Create Physical Partition).
biosboot
-
The partition will be used for a BIOS Boot partition. A 1 MB BIOS boot partition is necessary on BIOS-based systems using a GUID Partition Table (GPT); the boot loader will be installed into it. It is not necessary on UEFI systems. Also see part (required) - Create Physical Partition.
/boot/efi
-
An EFI System Partition. An EFI partition at least 50 MB in size is necessary on UEFI-based systems; the recommended size is 200 MB. It is not necessary on BIOS systems. Also see part (required) - Create Physical Partition.
- --size=
-
The minimum partition size in megabytes. Specify an integer value here such as
500
(do not include the unit).If the --size value is too small, the installation will fail. Set the --size value as the minimum amount of space you require. For size recommendations, see Recommended Partitioning Scheme.
- --maxsize=
-
The maximum partition size in megabytes when the partition is set to grow. Specify an integer value here such as
500
(do not include the unit). - --resize
-
Resize an existing partition. When using this option, specify the new size (in megabytes) using the --size= option and the target partition using the --onpart= option.
- --grow
-
Tells the partition to grow to fill available space (if any), or up to the maximum size setting.
If you use --grow= without setting --maxsize= on a swap partition, Anaconda will limit the maximum size of the swap partition. For systems that have less than 2 GB of physical memory, the imposed limit is twice the amount of physical memory. For systems with more than 2 GB, the imposed limit is the size of physical memory plus 2 GB.
- --noformat
-
Specifies that the partition should not be formatted, for use with the --onpart command.
- --onpart= or --usepart=
-
Specifies the device on which to place the partition. For example:
partition /home --onpart=hda1
The above puts
/home
on/dev/hda1
.These options can also add a partition to a logical volume. For example:
partition pv.1 --onpart=hda2
The device must already exist on the system; the --onpart option will not create it.
- --ondisk= or --ondrive=
-
Forces the partition to be created on a particular disk. For example, --ondisk=sdb puts the partition on the second SCSI disk on the system.
To specify a multipath device that does not use logical volume management (LVM), use the format
disk/by-id/dm-uuid-mpath-WWID
, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID2416CD96995134CA5D787F00A5AA11017
, use:part / --fstype=xfs --grow --asprimary --size=8192 --ondisk=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
Multipath devices that use LVM are not assembled until after Anaconda has parsed the Kickstart file. Therefore, you cannot specify these devices in the format
dm-uuid-mpath
. Instead, to specify a multipath device that uses LVM, use the formatdisk/by-id/scsi-WWID
, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID58095BEC5510947BE8C0360F604351918
, use:part / --fstype=xfs --grow --asprimary --size=8192 --ondisk=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
Never specify multipath devices by device names like
mpatha
. Device names such as this are not specific to a particular disk. The disk named/dev/mpatha
during installation might not be the one that you expect it to be. Therefore, the clearpart command could target the wrong disk. - --asprimary
-
Forces the partition to be allocated as a primary partition. If the partition cannot be allocated as primary (usually due to too many primary partitions being already allocated), the partitioning process will fail. This option only makes sense when the disk uses a Master Boot Record (MBR); for GUID Partition Table (GPT)-labeled disks this option has no meaning. For information about primary (and extended) partitions, see Recommended Partitioning Scheme.
- --fsprofile=
-
Specifies a usage type to be passed to the program that makes a filesystem on this partition. A usage type defines a variety of tuning parameters to be used when making a filesystem. For this option to work, the filesystem must support the concept of usage types and there must be a configuration file that lists valid types. For
ext2
,ext3
,ext4
, this configuration file is/etc/mke2fs.conf
. - --fstype=
-
Sets the file system type for the partition. Valid values are
xfs
,ext2
,ext3
,ext4
,swap
,vfat
,efi
andbiosboot
. For information about supported file systems, see Device, File System and RAID Types. - --fsoptions=
-
Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the
/etc/fstab
file of the installed system and should be enclosed in quotes. For example:--fsoptions="ro, x-systemd.device-timeout=0"
- --mkfsoptions=
-
Specifies additional parameters to be passed to the program that makes a filesystem on this partition. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem.
- --label=
-
Assign a label to an individual partition.
- --recommended
-
Determine the size of the partition automatically. For details about the recommended scheme, see Recommended Partitioning Scheme.
This option can only be used for partitions which result in a file system such as the
/boot
partition andswap
space. It cannot be used to create partitionsm, LVM physical or logical volumes or RAID members. - --onbiosdisk
-
Forces the partition to be created on a particular disk as discovered by the BIOS.
- --encrypted
-
Specifies that this partition should be encrypted, using the passphrase provided in the --passphrase option. If you do not specify a passphrase, Anaconda uses the default, system-wide passphrase set with the autopart --passphrase command, or stops the installation and prompts you to provide a passphrase if no default is set.
- --passphrase=
-
Specifies the passphrase to use when encrypting this partition. You must use this option together with the --encrypted option; by itself it has no effect.
- --cipher=
-
Specifies which type of encryption will be used if the Anaconda default
aes-xts-plain64
is not satisfactory. You must use this option together with the --encrypted option; by itself it has no effect. Available types of encryption are listed in the Fedora Security Guide, available at https://docs.fedoraproject.org/. Using eitheraes-xts-plain64
oraes-cbc-essiv:sha256
is strongly recommended. - --escrowcert=URL_of_X.509_certificate
-
Stores data encryption keys of all encrypted volumes as files in
/root
, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if --encrypted is specified. - --backuppassphrase
-
Add a randomly-generated passphrase to each encrypted partition. Store these passphrases in separate files in
/root
, encrypted using the X.509 certificate specified with --escrowcert. This option is only meaningful if --escrowcert is specified. - --luks-version=
-
Specifies which version of LUKS should be used to encrypt the system. Only relevant if --encrypted is also specified.
- --pbkdf=
-
Sets Password-Based Key Derivation Function (PBKDF) algorithm for the LUKS keyslot. Only relevant if --encrypted is also specified. See the
cryptsetup(8)
man page for more information. - pbkdf-memory=
-
Sets the memory cost for PBKDF. Only relevant if --encrypted is also specified. See the
cryptsetup(8)
man page for more information. - pbkdf-time=
-
Sets the number of milliseconds to spend with PBKDF passphrase processing. Only relevant if --encrypted is also specified. See information about the --iter-time option in the
cryptsetup(8)
man page for more information.Only one of --pbkdf-time= or --pbkdf-iterations= can be specified at the same time.
- pbkdf-iterations=
-
Sets the number of iterations for passphrase processing directly, and avoids PBKDF benchmark. Only relevant if --encrypted is also specified. See information about the --pbkdf-force-iterations option in the
cryptsetup(8)
man page for more information.Only one of --pbkdf-time= or --pbkdf-iterations= can be specified at the same time.
raid (optional) - Create Software RAID
Assembles a software RAID device. This command is of the form:
raid mntpoint --level=level --device=mddevice partitions*
For a detailed example of raid in action, see Advanced Partitioning Example.
- mntpoint
-
Location where the RAID file system is mounted. If it is
/
, the RAID level must be 1 unless a boot partition (/boot
) is present. If a boot partition is present, the/boot
partition must be level 1 and the root (/
) partition can be any of the available types. The partitions* (which denotes that multiple partitions can be listed) lists the RAID identifiers to add to the RAID array. - --level=
-
RAID level to use (
0
,1
,4
,5
,6
, or10
). See Device, File System and RAID Types for information about various RAID types and their requirements. - --device=
-
Name of the RAID device to use. As of Fedora 35, RAID devices are no longer referred to by names like
md0
. If you have an old (v0.90 metadata) array that you cannot assign a name to, you can specify the array by a filesystem label or UUID (for example, --device=rhel7-root --label=rhel7-root). - --spares=
-
Specifies the number of spare drives allocated for the RAID array. Spare drives are used to rebuild the array in case of drive failure.
- --fsprofile=
-
Specifies a usage type to be passed to the program that makes a filesystem on this partition. A usage type defines a variety of tuning parameters to be used when making a filesystem. For this option to work, the filesystem must support the concept of usage types and there must be a configuration file that lists valid types. For
ext2
,ext3
,ext4
, this configuration file is/etc/mke2fs.conf
. - --fstype=
-
Sets the file system type for the partition. Valid values are
xfs
,ext2
,ext3
,ext4
,swap
,vfat
,efi
andbiosboot
. For information about supported file systems, see Device, File System and RAID Types. - --fsoptions=
-
Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the
/etc/fstab
file of the installed system and should be enclosed in quotes. For example:--fsoptions="ro, x-systemd.device-timeout=0"
- --mkfsoptions=
-
Specifies additional parameters to be passed to the program that makes a filesystem on this partition. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem.
- --label=
-
Specify the label to give to the filesystem to be made. If the given label is already in use by another filesystem, a new label will be created.
- --noformat
-
Use an existing RAID device and do not format it.
- --useexisting
-
Use an existing RAID device and reformat it.
- --encrypted
-
Specifies that this array should be encrypted, using the passphrase provided in the --passphrase option. If you do not specify a passphrase, Anaconda uses the default, system-wide passphrase set with the autopart --passphrase command, or stops the installation and prompts you to provide a passphrase if no default is set.
- --passphrase=
-
Specifies the passphrase to use when encrypting this partition. You must use this option together with the --encrypted option; by itself it has no effect.
- --cipher=
-
Specifies which type of encryption will be used if the Anaconda default
aes-xts-plain64
is not satisfactory. You must use this option together with the --encrypted option; by itself it has no effect. Available types of encryption are listed in the Fedora Security Guide, available at https://docs.fedoraproject.org/. Using eitheraes-xts-plain64
oraes-cbc-essiv:sha256
is strongly recommended. - --escrowcert=URL_of_X.509_certificate
-
Stores data encryption keys of all encrypted volumes as files in
/root
, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if --encrypted is specified. - --backuppassphrase
-
Add a randomly-generated passphrase to each encrypted partition. Store these passphrases in separate files in
/root
, encrypted using the X.509 certificate specified with --escrowcert. This option is only meaningful if --escrowcert is specified. - --luks-version=
-
Specifies which version of LUKS should be used to encrypt the system. Only relevant if --encrypted is also specified.
- --pbkdf=
-
Sets Password-Based Key Derivation Function (PBKDF) algorithm for the LUKS keyslot. Only relevant if --encrypted is also specified. See the
cryptsetup(8)
man page for more information. - pbkdf-memory=
-
Sets the memory cost for PBKDF. Only relevant if --encrypted is also specified. See the
cryptsetup(8)
man page for more information. - pbkdf-time=
-
Sets the number of milliseconds to spend with PBKDF passphrase processing. Only relevant if --encrypted is also specified. See information about the --iter-time option in the
cryptsetup(8)
man page for more information.Only one of --pbkdf-time= or --pbkdf-iterations= can be specified at the same time.
- pbkdf-iterations=
-
Sets the number of iterations for passphrase processing directly, and avoids PBKDF benchmark. Only relevant if --encrypted is also specified. See information about the --pbkdf-force-iterations option in the
cryptsetup(8)
man page for more information.Only one of --pbkdf-time= or --pbkdf-iterations= can be specified at the same time.
The following example shows how to create a RAID level 1 partition for /
, and a RAID level 5 for /home
, assuming there are three SCSI disks on the system. It also creates three swap partitions, one on each drive.
part raid.01 --size=6000 --ondisk=sda part raid.02 --size=6000 --ondisk=sdb part raid.03 --size=6000 --ondisk=sdc part swap --size=512 --ondisk=sda part swap --size=512 --ondisk=sdb part swap --size=512 --ondisk=sdc part raid.11 --size=1 --grow --ondisk=sda part raid.12 --size=1 --grow --ondisk=sdb part raid.13 --size=1 --grow --ondisk=sdc raid / --level=1 --device=f35-root --label=f35-root raid.01 raid.02 raid.03 raid /home --level=5 --device=f35-home --label=f35-home raid.11 raid.12 raid.13
reqpart (optional) - Create Required Partitions
Automatically create partitions required by your hardware platform. These include a /boot/efi
for x86_64 and Aarch64 systems with UEFI firmware, biosboot
for x86_64 systems with BIOS firmware and GPT (GUID Partition Table), and PRePBoot
for IBM Power Systems.
This command cannot be used together with autopart, because autopart does the same and creates other partitions or logical volumes such as |
reqpart [--add-boot]
- --add-boot
-
Create a separate
/boot
partition in addition to the platform-specific partition created by the base command.
volgroup (optional) - Create LVM Volume Group
Creates a Logical Volume Management (LVM) volume group.
volgroup name partition [options]
Do not use the dash ( This limitation only applies to newly created logical volume and volume group names. If you are reusing existing ones using the --noformat or --noformat option, their names will not be changed. |
For a detailed partitioning example including volgroup, see Advanced Partitioning Example.
- --noformat
-
Use an existing volume group and do not format it.
- --useexisting
-
Use an existing volume group and reformat it.
- --pesize=
-
Set the size of the physical extents. The default size for Kickstart installations is 4 MiB.
- --reserved-space=
-
Specify an amount of space to leave unused in a volume group in megabytes. Applicable only to newly created volume groups.
- --reserved-percent=
-
Specify a percentage of total volume group space to leave unused. Applicable only to newly created volume groups.
Create one or more partitions first using part (required) - Create Physical Partition, create the logical volume group (volgroup (optional) - Create LVM Volume Group), and then create logical volumes. For example:
part pv.01 --size 3000 volgroup myvg pv.01 logvol / --vgname=myvg --size=2000 --name=rootvol
zerombr (optional) - Reinitialize Partition Tables
If zerombr is specified, any invalid partition tables found on disks are initialized. This destroys all of the contents of disks with invalid partition tables. This command is required when performing an unattended installation on a system with previously initialized disks.
On IBM System z, if zerombr is specified, any Direct Access Storage Device (DASD) visible to the installation program which is not already low-level formatted is automatically low-level formatted with dasdfmt. The command also prevents user choice during interactive installations. If zerombr is not specified and there is at least one unformatted DASD visible to the installation program, a non-interactive Kickstart installation will exit unsuccessfully. If zerombr is not specified and there is at least one unformatted DASD visible to the installation program, an interactive installation exits if the user does not agree to format all visible and unformatted DASDs. To circumvent this, only activate those DASDs that you will use during installation. You can always add more DASDs after installation is complete. |
zfcp (optional) - Configure Fibre Channel Device
Define a Fibre channel device. This option only applies on IBM System z. All of the options described below must be specified.
zfcp --devnum=devnum --wwpn=wwpn --fcplun=lun
- --devnum
-
The device number (zFCP adaptor device bus ID).
- --wwpn
-
The device’s World Wide Port Name (WWPN). Takes the form of a 16-digit number, preceded by
0x
. - --fcplun
-
The device’s Logical Unit Number (LUN). Takes the form of a 16-digit number, preceded by
0x
.
For example:
zfcp --devnum=0.0.4000 --wwpn=0x5005076300C213e9 --fcplun=0x5022000000000000
Network Configuration
Commands in this chapter are used for network configuration.
firewall (optional) - Configure Firewall
Specify the firewall configuration for the installed system.
firewall --enabled | --disabled device [--trust= | --ssh | --smtp | --http | --ftp | --port= | --service=]
- --enabled or --enable
-
Reject incoming connections that are not in response to outbound requests, such as DNS replies or DHCP requests. If access to services running on this machine is needed, you can choose to allow specific services through the firewall.
- --disabled or --disable
-
Disable the firewall.
- --trust=
-
Listing a device here, such as
em1
, allows all traffic coming to and from that device to go through the firewall. To list more than one device, use this option again - for example:firewall --enable --trust=em1 --trust=em2
Do not use a comma-separated format such as --trust em1, em2.
- incoming
-
Replace with one or more of the following to allow the specified services through the firewall:
-
--ssh
-
--smtp
-
--http
-
--ftp
-
- --port=
-
You can specify that ports be allowed through the firewall using the port:protocol format. For example, to allow IMAP access through your firewall, specify
imap:tcp
. Numeric ports can also be specified explicitly; for example, to allow UDP packets on port 1234 through, specify1234:udp
. To specify multiple ports, separate them by commas. - --service=
-
This option provides a higher-level way to allow services through the firewall. Some services (like
cups
,avahi
, etc.) require multiple ports to be open or other special configuration in order for the service to work. You can specify each individual port with the --port option, or specify --service= and open them all at once.Valid options are anything recognized by the firewall-offline-cmd program in the firewalld package. If
firewalld
is running, firewall-cmd --get-services will provide a list of known service names.
network (optional) - Configure Network Interfaces
Configures network information for the target system and activates network devices in the installation environment. The device specified in the first network command is activated automatically. Activation of the device can be also explicitly required by the --activate option.
- --activate
-
If you use the --activate option on a device that has already been activated (for example, an interface you configured with boot options so that the system could retrieve the Kickstart file) the device is reactivated to use the details specified in the Kickstart file.
Use the --nodefroute option to prevent the device from using the default route.
- --no-activate
-
Prevents the configured device from automatically activating on boot.
- --bootproto=
-
One of
dhcp
,bootp
,ibft
, orstatic
. The default option isdhcp
; thedhcp
andbootp
options are treated the same.The DHCP method uses a DHCP server system to obtain its networking configuration. The BOOTP method is similar, requiring a BOOTP server to supply the networking configuration. To direct a system to use DHCP:
network --bootproto=dhcp
To direct a machine to use BOOTP to obtain its networking configuration, use the following line in the Kickstart file:
network --bootproto=bootp
To direct a machine to use the configuration specified in iBFT, use:
network --bootproto=ibft
The
static
method requires that you specify the IP address, netmask, gateway, and nameserver in the Kickstart file. This information is static and is used during and after the installation.All static networking configuration information must be specified on one line; you cannot wrap lines using a backslash (
\
) as you can on a command line.network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver=10.0.2.1
You can also configure multiple nameservers at the same time. To do so, use the --nameserver= options once for each name server you want to configure:
network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver=192.168.2.1 --nameserver=192.168.3.1
- --device=
-
Specifies the device to be configured (and eventually activated in Anaconda) with the network command.
If the --device= option is missing on the first use of the network command, the value of the ksdevice= Anaconda boot option is used, if available. Note that this is considered deprecated behavior; in most cases, you should always specify a --device= for every network command.
The behavior of any subsequent network command in the same Kickstart file is unspecified if its --device= option is missing. Make sure you specify this option for any network command beyond the first.
You can specify a device to be activated in any of the following ways:
-
the device name of the interface, for example,
em1
-
the MAC address of the interface, for example,
01:23:45:67:89:ab
-
the keyword
link
, which specifies the first interface with its link in theup
state -
the keyword
bootif
, which uses the MAC address that pxelinux set in theBOOTIF
variable. SetIPAPPEND 2
in yourpxelinux.cfg
file to have pxelinux set theBOOTIF
variable.For example:
network --bootproto=dhcp --device=em1
-
- --bindto=
-
Optional. Allows to specify how the connection configuration created for the device should be bound. If the option is not used, the connection binds to interface name (
DEVICE
value in ifcfg file). For virtual devices (bond, team, bridge) it configures binding of slaves. Not applicable to vlan devices.Note that this option is independent of how the
--device
is specified.Currently only the value
mac
is supported.--bindto=mac
will bind the connection to MAC address of the device (HWADDR
value in theifcfg
file).For example:
network --device=01:23:45:67:89:ab --bootproto=dhcp --bindto=mac
The above will bind the configuration of the device specified by MAC address
01:23:45:67:89:ab
to its MAC address.network --device=01:23:45:67:89:ab --bootproto=dhcp
The above will bind the configuration of the device specified by MAC address
01:23:45:67:89:ab
to its interface name (e.g.ens3
).network --device=ens3 --bootproto=dhcp --bindto=mac
The above will bind the configuration of the device specified by interface name
ens3
to its MAC address. - --ip=
-
IP address of the device.
- --ipv6=
-
IPv6 address of the device, in the form of address[/prefix length] - for example,
3ffe:ffff:0:1::1/128
. If prefix is omitted,64
will be used. You can also useauto
for automatic configuration, ordhcp
for DHCPv6-only configuration (no router advertisements). - --gateway=
-
Default gateway as a single IPv4 address.
- --ipv6gateway=
-
Default gateway as a single IPv6 address.
- --nodefroute
-
Prevents the interface being set as the default route. Use this option when you activate additional devices with the --activate= option, for example, a NIC on a separate subnet for an iSCSI target.
- --nameserver=
-
DNS name server, as an IP address. To specify more than one name server, use this parameter multiple times. For example:
network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver=192.168.2.1 --nameserver=192.168.3.1
- --nodns
-
Do not configure any DNS server.
- --netmask=
-
Network mask for the installed system.
- --hostname=
-
Host name for the installed system. The host name can be either a fully-qualified domain name (FQDN) in the format hostname.domainname, or a short host name with no domain name. Many networks have a Dynamic Host Configuration Protocol (
DHCP
) service that automatically supplies connected systems with a domain name; to allow theDHCP
service to assign the domain name to this machine, only specify the short host name. - --ethtool=
-
Specifies additional low-level settings for the network device which will be passed to the ethtool program.
- --essid=
-
The network ID for wireless networks.
- --wepkey=
-
The WEP encryption key for wireless networks.
- --wpakey=
-
The WPA encryption key for wireless networks.
- --onboot=
-
Whether or not to enable the device at boot time.
- --dhcpclass=
-
The DHCP class.
- --mtu=
-
The MTU of the device.
- --noipv4
-
Disable IPv4 on this device.
- --noipv6
-
Disable IPv6 on this device.
- --bondslaves=
-
When this option is used, the network device specified in the --device= option will be created using slaves defined in the --bondslaves= option. For example:
network --device=mynetwork --bondslaves=em1,em2
The above command will create a bond device named
mynetwork
using theem1
andem2
interfaces as its slaves. - --bondopts=
-
A list of optional parameters for a bonded interface, which is specified using the --bondslaves= and --device= options. Options in this list must be separated by commas (“
,
”) or semicolons (“;
”). If an option itself contains a comma, use a semicolon to separate the options. For example:network --bondopts=mode=active-backup,balance-rr;primary=eth1
Available optional parameters are listed in the Working with Kernel Modules chapter of the Fedora System Administrator’s Guide.
The --bondopts=mode= parameter only supports full mode names such as
balance-rr
orbroadcast
, not their numerical representations such as0
or3
. - --vlanid=
-
Specifies virtual LAN (VLAN) ID number (802.1q tag) for the device created using the device specified in --device= as a parent. For example, network --device=em1 --vlanid=171 will create a virtual LAN device
em1.171
. - --interfacename=
-
Specify a custom interface name for a virtual LAN device. This option should be used when the default name generated by the --vlanid= option is not desirable. This option must be used along with --vlanid=. For example:
network --device=em1 --vlanid=171 --interfacename=vlan171
The above command will create a virtual LAN interface named
vlan171
on theem1
device with an ID of171
.The interface name can be arbitrary (for example,
my-vlan
), but in specific cases, the following conventions must be followed:-
If the name contains a dot (
.
), it must take the form ofNAME.ID
. The NAME is arbitrary, but the ID must be the VLAN ID. For example:em1.171
ormy-vlan.171
. -
Names starting with
vlan
must take the form ofvlanID
- for example,vlan171
.
-
- --teamslaves=
-
Team device specified by the --device= option will be created using slaves specified in this option. Slaves are separated by commas. A slave can be followed by its configuration, which is a single-quoted JSON string with double quotes escaped by the
\
character. For example:network --teamslaves="p3p1'{\"prio\": -10, \"sticky\": true}',p3p2'{\"prio\": 100}'"
See also the --teamconfig= option.
- --teamconfig=
-
Double-quoted team device configuration which is a single-quoted JSON string with double quotes escaped by the
\
character. The device name is specified by --device= option and its slaves and their configuration by --teamslaves= option. For example:network --device team0 --activate --bootproto static --ip=10.34.102.222 --netmask=255.255.255.0 --gateway=10.34.102.254 --nameserver=10.34.39.2 --teamslaves="p3p1'{\"prio\": -10, \"sticky\": true}',p3p2'{\"prio\": 100}'" --teamconfig="{\"runner\": {\"name\": \"activebackup\"}}"
- --bridgeslaves=
-
When this option is used, the network bridge with device name specified using the --device= option will be created and devices defined in the --bridgeslaves= option will be added to the bridge. For example:
network --device=bridge0 --bridgeslaves=em1
- --bridgeopts=
-
An optional comma-separated list of parameters for the bridged interface. Available values are
stp
,priority
,forward-delay
,hello-time
,max-age
, andageing-time
. For information about these parameters, see the bridge setting table in thenm-settings(5)
man page or at https://developer.gnome.org/NetworkManager/0.9/ref-settings.html. Also see the Fedora Networking Guide, available at https://docs.fedoraproject.org/, for general information about network bridging.
Console and Environment
The following commands control the environment of the system after the installation finishes - language, keyboard layouts, or the graphical interface.
keyboard (optional) - Configure Keyboard Layouts
Sets one or more available keyboard layouts for the system.
keyboard --vckeymap= | --xlayouts= [--switch=]
- --vckeymap=
-
Specify a
VConsole
keymap which should be used. Valid names correspond to the list of files in the/usr/lib/kbd/keymaps/*
directory, without the.map.gz
extension. - --xlayouts=
-
Specify a list of X layouts that should be used as a comma-separated list without spaces. Accepts values in the same format as
setxkbmap(1)
, either in thelayout
format (such ascz
), or in thelayout (variant)
format (such ascz (qwerty)
).All available layouts can be viewed on the
xkeyboard-config(7)
man page underLayouts
. - --switch=
-
Specify a list of layout-switching options (shortcuts for switching between multiple keyboard layouts). Multiple options must be separated by commas without spaces. Accepts values in the same format as
setxkbmap(1)
.Available switching options can be viewed on the
xkeyboard-config(7)
man page underOptions
.
The following example sets up two keyboard layouts (English (US)
and Czech (qwerty)
) using the --xlayouts= option, and allows to switch between them using Alt+Shift:
keyboard --xlayouts=us,'cz (qwerty)' --switch=grp:alt_shift_toggle
lang (optional) - Configure Language During Installation
Sets the language to use during installation and the default language to use on the installed system.
lang language [--addsupport=]
The file /usr/share/system-config-language/locale-list
provides a list of the valid language codes in the first column of each line and is part of the system-config-language package.
Certain languages (for example, Chinese, Japanese, Korean, and Indic languages) are not supported during text-mode installation. If you specify one of these languages with the lang command and use text mode, the installation process will continue in English, but the installed system will use your selection as its default language.
- --addsupport=
-
Add support for additional languages. Takes the form of comma-separated list without spaces. For example:
lang en_US --addsupport=cs_CZ,de_DE,en_UK
services (optional) - Configure Services
Modifies the default set of services that will run under the default systemd target. The list of disabled services is processed before the list of enabled services - therefore, if a service appears on both lists, it will be enabled.
services [--disabled=list] [--enabled=list]
Do not include spaces in the list of services. If you do, Kickstart will enable or disable only the services up to the first space. For example:
services --disabled=auditd, cups,smartd, nfslock
The above will disable only the auditd
service. To disable all four services, the entry should include no spaces:
services --disabled=auditd,cups,smartd,nfslock
- --disabled=
-
Disable the services given in the comma separated list.
- --enabled=
-
Enable the services given in the comma separated list.
skipx (optional) - Do Not Configure X Window System
If present, X will not be configured on the installed system.
If you install a display manager among your package selection options, this package will create an X configuration, and the installed system will default to |
timezone (optional) - Configure Time Zone
Sets the system time zone to timezone. To view a list of available time zones, use the timedatectl list-timezones command.
Every option, including actually specifying a time zone, is optional starting with Fedora 25. This allows you to, for example, disable NTP from starting using --nontp without having to choose any time zone. However, if this command is present in the Kickstart file, at least one option must be used.
timezone [timezone] [options]
- --utc
-
If present, the system assumes the hardware clock is set to UTC (Greenwich Mean) time.
- --nontp
-
Disable the NTP service automatic starting.
- --ntpservers=
-
Specify a list of NTP servers to be used as a comma-separated list without spaces.
xconfig (optional) - Configure X Window System
Configures the X Window System. If you install the X Window System with a Kickstart file that does not include the xconfig command, you must provide the X configuration manually during installation.
Do not use this command in a Kickstart file that does not install the X Window System.
- --defaultdesktop=
-
Specify either
GNOME
orKDE
to set the default desktop (assumes that GNOME Desktop Environment and/or KDE Desktop Environment has been installed in the %packages section). - --startxonboot
-
Use a graphical login on the installed system.
Users, Groups and Authentication
The commands below are used to control user accounts, groups, and related areas.
auth or authconfig (optional) - Configure Authentication (deprecated)
This command has been deprecated by authselect. Using it will invoke the authconfig compatibility tool; however, it is highly recommended to use authselect instead. |
Sets up the authentication options for the system using the authconfig command, which can also be run on a command line after the installation finishes. See the authconfig(8)
manual page and the authconfig --help command for more details. Passwords are shadowed by default.
authselect (optional) - Configure Authentication
This command sets up the authentication options for the system. This is just a wrapper around the authselect program, so all options recognized by that program are valid for this command. See the authselect(8)
for a complete list. Passwords are shadowed by default.
group (optional) - Create User Group
Creates a new user group on the system. If a group with the given name or GID already exists, this command will fail. In addition, the user command can be used to create a new group for the newly created user.
group --name=name [--gid=gid]
- --name=
-
Provides the name of the group.
- --gid=
-
The group ID (GID). If not provided, defaults to the next available non-system GID.
pwpolicy (optional) - Change the Default Password Policy
This command can be used to set custom requirements (policy) such as length and strength for passwords set during the installation - the root
password, user passwords and LUKS (disk encryption) password.
pwpolicy name [--minlen=length] [--minquality=quality] [--strict|nostrict] [--emptyok|noempty] [--changesok|nochanges]
The libpwquality
library is used to check minimum password requirements (length and quality). You can use the pwscore and pwmake commands provided by the libpwquality package to check the quality score of your chosen password, or to create a random password with a given score. See the pwscore(1)
and pwmake(1)
man pages for details about these commands.
This command must be used inside the %anaconda section. See %anaconda (optional) - Additional Anaconda Configuration for details. |
- name
-
Name of the password entry. Supported values are
root
,user
andluks
forroot
password, user passwords and LUKS password, respectively. - --minlen=
-
Sets the minimum allowed password length. The default minimum length is
8
. - --minquality=
-
Sets the minimum allowed password quality as defined by the
libpwquality
library. The default value is50
. - --strict
-
Strict password enforcement. Passwords not meeting the quality requirements specified in --minquality= will not be allowed. Enabled by default.
- --notstrict
-
Passwords not meeting the minimum quality requirements specified in --minquality= will be allowed after
Done
is clicked twice. - --emptyok
-
Allow empty passwords. Enabled by default.
- --notempty
-
Do not allow empty passwords.
- --changesok
-
Allow changing the password in the user interface, even if the Kickstart file already specifies a password.
- --nochanges
-
Do not allow changing passwords which are already set in the Kickstart file. Enabled by default.
An example use of the pwpolicy command is below:
%anaconda pwpolicy root --minlen=10 --minquality=60 --strict --notempty --nochanges %end
realm (optional) - Join an Active Directory or IPA Domain
Join an Active Directory or IPA domain. For more information about this command, see the join section of the realm(8)
man page.
realm join domain [options]
- --computer-ou=OU=
-
Provide the distinguished name of an organizational unit in order to create the computer account. The exact format of the distinguished name depends on the client software and membership software. The root DSE portion of the distinguished name can usually be left out.
- --no-password
-
Join automatically without a password.
- --one-time-password=
-
Join using a one-time password. This is not possible with all types of realm.
- --client-software=
-
Only join realms which can run this client software. Valid values include
sssd
andwinbind
. Not all realms support all values. By default, the client software is chosen automatically. - --server-software=
-
Only join realms which can run this server software. Possible values include
active-directory
orfreeipa
. - --membership-software=
-
Use this software when joining the realm. Valid values include
samba
andadcli
. Not all realms support all values. By default, the membership software is chosen automatically.
rootpw (required) - Set Root Password
Sets the system’s root password to the password argument.
rootpw [--iscrypted|--plaintext] [--lock] password
- --iscrypted
-
If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with --plaintext. To create an encrypted password, you can use Python:
$ python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Salt"))'
This will generate a SHA512 crypt of your password using your provided salt.
- --plaintext
-
If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with --iscrypted.
- --lock
-
If this option is present, the root account is locked by default. This means that the root user will not be able to log in from the console.
selinux (optional) - Configure SELinux
Sets the state of SELinux on the installed system. The default policy is enforcing
. For more information regarding SELinux in Fedora, see the Fedora SELinux User’s and Administrator’s Guide, available at https://docs.fedoraproject.org/.
selinux [--disabled|--enforcing|--permissive]
- --enforcing
-
Enables SELinux with the default targeted policy being
enforcing
. - --permissive
-
Enables SELinux with the default targeted policy being
permissive
. This policy outputs warnings based on the SELinux policy, but does not actually enforce the policy. - --disabled
-
Disables SELinux completely.
sshkey (optional) - Add an Authorized SSH Key
Use this command to add a specified SSH
key to an user’s authorized_keys
file. The specified user must either be root
, or it must be created in the Kickstart file - either automatically by an installed package, or using user (optional) - Create User Account.
sshkey --username=user "ssh_key"
The ssh_key must be a full SSH
key fingerprint, and it must be enclosed in quotes (""
) because the key may contain spaces.
- --username=
-
The name of the user account to which you want to install the
SSH
key.
user (optional) - Create User Account
Creates a new user on the system.
user --name=username [options]
- --name=
-
Provides the name of the user. This option is required.
- --gecos=
-
Provides the GECOS information for the user. This is a string of various system-specific fields separated by a comma. It is frequently used to specify the user’s full name, office number, etc. See the
passwd(5)
man page for more details. - --groups=
-
In addition to the default group, a comma separated list of group names the user should belong to. The groups must exist before the user account is created. See group (optional) - Create User Group.
- --homedir=
-
The home directory for the user. If not provided, this defaults to
/home/username
. - --lock
-
If this option is present, this account is locked by default. This means that the user will not be able to log in from the console.
- --password=
-
The new user’s password. If no password is provided, the account will be locked.
- --iscrypted
-
If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with --plaintext. To create an encrypted password, you can use Python:
$ python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Salt"))'
This will generate a SHA512 crypt of your password using your provided salt.
- --plaintext
-
If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with --iscrypted.
- --shell=
-
The user’s login shell. If not provided, the system default will be used.
- --uid=
-
The UID (User ID). If not provided, this defaults to the next available non-system UID.
- --gid=
-
The GID (Group ID) to be used for the user’s default group. If not provided, this defaults to the next available non-system group ID.
Installation Environment
The following commands control how the system will behave during the installation.
autostep (optional) - Go Through Every Screen
Normally, Kickstart installations skip unnecessary screens. This option makes the installation program step through every screen, displaying each briefly. This option should not be used when deploying a system because it may disrupt package installation.
autostep [--autoscreenshot]
- --autoscreenshot
-
Take a screenshot at every step during installation. These screenshots are stored in
/tmp/anaconda-screenshots
during the installation, and after the installation finishes you can find them in/root/anaconda-screenshots
.Each screen is only captured right before the installer switches to the next one. This is important, because if you do not use all required Kickstart options and the installation therefore does not begin automatically, you can go to the screens which were not automatically configured, perform any configuration you want. Then, when you press
Done
to continue, the screen will be captured including the configuration you just provided.
cmdline (optional) - Perform Installation in Command Line Mode
Perform the installation in a completely non-interactive command line mode. Any prompts for interaction halts the install. This mode is useful on IBM System z systems with the x3270 terminal.
For a fully automatic installation, you must either specify one of the available modes (graphical, text, or cmdline) in the Kickstart file, or you must use the console= boot option as described in Console, Environment and Display Options. Otherwise the system will halt and ask you to choose a mode. |
graphical (optional) - Perform Installation in Graphical Mode
Perform the installation in graphical mode. This is the default. This command takes no options.
For a fully automatic installation, you must either specify one of the available modes (graphical, text, or cmdline) in the Kickstart file, or you must use the console= boot option as described in Console, Environment and Display Options. Otherwise the system will halt and ask you to choose a mode. |
logging (optional) - Configure Error Logging During Installation
Controls the error logging of Anaconda during installation. It has no effect on the installed system.
logging [--host= | --port= | --level=]
- --host=
-
Send logging information to the given remote host, which must be running a
syslogd
process configured to accept remote logging. - --port=
-
If the remote syslogd process uses a port other than the default, it may be specified with this option.
- --level=
-
Specify the minimum level of messages that appear on virtual console 3 (
tty3
). This only affects messages printed to the console; log files will contain messages of all levels. Possible values aredebug
,info
,warning
,error
, orcritical
.
rescue (optional) - Rescue Mode
Automatically enters the installation program’s rescue mode. This gives you a chance to repair the system in case of any problems.
rescue [--nomount|--romount]
- --nomount or --romount
-
Controls how the installed system is mounted in the rescue environment. By default, the installation program will find your system and mount it in read-write mode, telling you where it has performed this mount. You may optionally choose to not mount anything (the --nomount option) or mount in read-only mode (the --romount option). Only one of these two options may be used.
sshpw (optional) - Restrict ssh Access During Installation
During the installation, you can interact with the installation program and monitor its progress over an SSH
connection. Use the sshpw command to create temporary accounts through which to log on. Each instance of the command creates a separate account that exists only in the installation environment. These accounts are not transferred to the installed system.
sshpw --username=name password [--iscrypted|--plaintext] [--lock]
By default, the |
If you want to disable root sshpw --username=root --lock
|
- --username
-
Provides the name of the user. This option is required.
- --iscrypted
-
If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with --plaintext. To create an encrypted password, you can use Python:
$ python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Salt"))'
This will generate a SHA512 crypt of your password using your provided salt.
- --plaintext
-
If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with --iscrypted
- --lock
-
If this option is present, this account is locked by default. This means that the user will not be able to log in from the console.
text (optional) - Perform Installation in Text Mode
Perform the Kickstart installation in text mode. Kickstart installations are performed in graphical mode by default.
For a fully automatic installation, you must either specify one of the available modes (graphical, text, or cmdline) in the Kickstart file, or you must use the console= boot option as described in Console, Environment and Display Options. Otherwise the system will halt and ask you to choose a mode. |
unsupported_hardware (optional) - Suppress Unsupported Hardware Alerts
Suppress the Unsupported Hardware Detected
alert. If this command is not included and unsupported hardware is detected, the installation will stall at this alert.
vnc (optional) - Configure VNC Access
Allows the graphical installation to be viewed remotely via VNC. This method is usually preferred over text mode, as there are some size and language limitations in text installations. With no additional options, this command will start a VNC server on the installation system with no password and will display the details required to connect to it.
vnc [--host=hostname] [--port=port] [--password=password]
For more information about VNC installations, including instructions on how to connect to the installation system, see Installing Using VNC.
- --host=
-
Connect to a VNC viewer listening on the given hostname.
- --port=
-
Provide a port that the remote VNC viewer process is listening on. If not provided, the VNC default (
5900
) will be used. - --password=
-
Set a password which must be provided to connect to the VNC session. This is optional, but recommended.
After the Installation
This section contains commands which control the system’s behavior immediately after the installation finishes.
%addon com_redhat_kdump (optional) - Configure kdump
This command configures the kdump kernel crash dumping mechanism.
The syntax for this command is unusual because it is an add-on rather than a built-in Kickstart command. For more information about add-ons, see %addon (optional) - Include an Anaconda Add-on. |
Kdump is a kernel crash dumping mechanism that allows you to save the contents of the system’s memory for later analysis. It relies on kexec, which can be used to start a Linux kernel from the context of another kernel without rebooting the system and preserve the contents of the first kernel memory that would otherwise be lost.
In case of a system crash, kexec starts a second kernel (a capture kernel). This capture kernel resides in a reserved part of the system memory that is inaccessible to the main kernel. Kdump then captures the contents of the crashed kernel’s memory (a crash dump) and saves it to a specified location. This location cannot be configured using Kickstart; it must be specified after the installation by editing the /etc/kdump.conf
configuration file.
Available options are:
- --enable
-
Enable Kdump on the installed system.
- --disable
-
Do not enable Kdump on the installed system.
- --reserve-mb=
-
The amount of memory you want to reserve for Kdump in megabytes. For example:
%addon com_redhat_kdump --enable --reserve-mb=128 %end
You can also specify
auto
instead of a numeric value. In that case the installer will determine the amount of RAM to reserve for kdump automatically, based on your system architecture and the total amount of memory on the system.If you enable Kdump and do not specify the --reserve-mb= option, the
auto
value will be used. - --enablefadump
-
Enable firmware-assisted dumping on systems which allow it (notably IBM Power Systems servers).
firstboot (optional) - Enable or Disable Initial Setup
Determine whether the Initial Setup application starts the first time the system is booted. If enabled, the initial-setup package must be installed. If not specified, this option is disabled by default. For more information about Initial Setup, see Initial Setup.
firstboot --enable|--disable [--reconfig]
- --enable or --enabled
-
Initial Setup will be started the first time the installed system boots.
- --disable or --disabled
-
Initial Setup will be disabled.
- --reconfig
-
Initial Setup will start after the reboot in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone and networking configuration options in addition to the default ones.
halt (optional) - Halt System After Installation
Halt the system after the installation has successfully completed. This is similar to a manual installation, where after the installation finishes, the installer displays a message and waits for the user to press a key before rebooting. During a Kickstart installation, if no completion method is specified, this option is used as the default.
For other completion methods, see the poweroff, reboot, and shutdown commands.
poweroff (optional) - Power Off After Installation
Shut down and power off the system after the installation has successfully completed.
The poweroff command is highly dependent on the system hardware in use. Specifically, certain hardware components such as the BIOS, APM (advanced power management), and ACPI (advanced configuration and power interface) must be able to interact with the system kernel. Consult your hardware documentation for more information on you system’s APM/ACPI abilities. |
For other completion methods, see the halt, reboot, and shutdown Kickstart commands.
reboot (optional) - Reboot After Installation
Reboot after the installation is successfully completed. If you are installing Fedora on IBM System z in command line mode (using cmdline (optional) - Perform Installation in Command Line Mode), this command is necessary for a fully automated installation.
For other completion methods, see the halt, poweroff, and shutdown Kickstart options.
Use of the reboot command may result in an endless installation loop, depending on the installation media and method. |
- --eject
-
Attempt to eject the installation media (if installing from a DVD) before rebooting.
- --kexec
-
Use this option to reboot into the new system using the
kexec
kernel switching mechanism instead of a full reboot, bypassing the BIOS/Firmware and boot loader.
shutdown (optional) - Shut Down After Installation
Shut down the system after the installation has successfully completed.
For other completion methods, see the halt, poweroff, and reboot Kickstart options.
%addon (optional) - Include an Anaconda Add-on
You can expand the basic Anaconda and Kickstart functionality by using custom add-ons specified using the %addon section.
To use an add-on in your Kickstart file, add the %addon addon_name options command. The section must be closed with an %end statement. For example, to use the Kdump add-on, which is included by default on some installations, use the following block:
%addon com_redhat_kdump --enable --reserve-mb=128%end
The %addon section does not have any options of its own; all options depend on the add-on being used.
For more information about Anaconda add-ons, see the Fedora Anaconda Addon Development Guide.
%anaconda (optional) - Additional Anaconda Configuration
This section, introduced in Fedora 22, is used to specify additional configuration options for the installer. Commands inside this section only control the behavior during installation, not on the installed system. The only command currently available inside this section is pwpolicy (optional) - Change the Default Password Policy. The %anaconda section must end with %end
.
In interactive installations (using the graphical or text interface), the /usr/share/anaconda/interactive-defaults.ks
file contains the default %anaconda section. To change the defaults, you must create a product.img
file with a Kickstart file replacing the default one, and pass this file to Anaconda using a boot option.
When using a Kickstart file, you can override the default %anaconda section by using the section again in your custom Kickstart.
%include (optional) - Include Contents of Another File
Use the %include /path/to/file command to include the contents of another file in the Kickstart file as though the contents were at the location of the %include command in the Kickstart file.
%ksappend (optional) - Append Contents of Another File
The %ksappend url directive is very similar to %include (optional) - Include Contents of Another File in that it is used to include the contents of additional files as though they were at the location of the %ksappend command. The difference is in when the two directives are processed.
%ksappend is processed in an initial pass, before any other part of the Kickstart file. Then, this expanded Kickstart file is passed to the rest of Anaconda where all %pre scripts are handled, and then finally the rest of the Kickstart file is processed in order, which includes %include directives.
Therefore, %ksappend provides a way to include a file containing %pre scripts, while %include does not.
%packages (required) - Package Selection
Use the %packages command to begin a Kickstart section which describes the software packages to be installed. This section must end with an %end statement.
You can specify packages by environment, group, or by their package names. Several environments and groups that contain related packages are defined. See the repodata/comps.xml
file in your installation source for environment and group definitions.
The comps.xml
file contains a structure describing available environments (marked by the <environment>
tag) and groups (the <group>
tag). Each entry has an ID, user visibility value, name, description, and package list. If the group is selected for installation, the packages marked mandatory
in the package list are always installed, the packages marked default
are installed if they are not specifically excluded, and the packages marked optional
must be specifically included even when the group is selected.
You can specify a package group or environment using either its ID (the <id>
tag) or name (the <name>
tag).
To install a 32-bit package on a 64-bit system, you will need to append the package name with the 32-bit architecture for which the package was built - for example, glibc.i686. The --multilib option also must be specified in the Kickstart file; see the available options below. |
Initial Setup does not run after a system is installed from a Kickstart file unless a desktop environment and the X Window System were included in the installation and graphical login was enabled. This means that by default, no users except for |
- Specifying an Environment
-
In addition to groups, you specify an entire environment to be installed:
%packages @^Infrastructure Server %end
This command will install all packages which are part of the
Infrastracture Server
environment. All available environments are described in thecomps.xml
file. - Specifying Groups
-
Specify groups, one entry to a line, starting with an
@
symbol, and then the full group name or group id as given in thecomps.xml
file. For example:%packages @X Window System @Desktop @Sound and Video %end
The
Core
andBase
groups are always selected - it is not necessary to specify them in the %packages section.The
comps.xml
file also defines groups calledConflicts (variant)
for each variant of Fedora. This group contains all packages which are known to cause file conflicts, and is intended to be excluded. - Specifying Individual Packages
-
Specify individual packages by name, one entry to a line. You can use the asterisk character (
*
) as a wildcard in package names. For example:%packages sqlite curl aspell docbook* %end
The
docbook*
entry includes the packages docbook-dtds, docbook-simple, docbook-slides and others that match the pattern represented with the wildcard. - Excluding Environments, Groups, or Packages
-
Use a leading dash (
-
) to specify packages or groups to exclude from the installation. For example:%packages -@Graphical Internet -autofs -ipa*fonts %end
Installing all available packages using only |
You can change the default behavior of the %packages section by using several options. Some options work for the entire package selection, others are used with only specific groups.
The following options are available for the %packages. To use an option, append it to the start of the package selection section. For example:
%packages --multilib --ignoremissing
- --nocore
-
Do not install the
@Core
group. - --ignoremissing
-
Ignore any packages, groups and environments missing in the installation source, instead of halting the installation to ask if the installation should be aborted or continued.
- --excludedocs
-
Do not install any documentation contained within packages. In most cases, this will exclude any files normally installed in the
/usr/share/doc*
directory, but the specific files to be excluded depend on individual packages. - --multilib
-
Configure the installed system for multilib packages (that is, to allow installing 32-bit packages on a 64-bit system) and install packages specified in this section as such.
Normally, on a 64-bit system, only packages for this architecture (marked as
x86_64
) and packages for all architectures (marked asnoarch
) would be installed. When you use this option, packages for 32-bit systems (marked asi686
) will be automatically installed as well, if available.This only applies to packages explicitly specified in the %packages section. Packages which are only being installed as dependencies without being specified in the Kickstart file will only be installed in architecture versions in which they are needed, even if they are available for more architectures.
The options in this list only apply to a single package group. Instead of using them at the %packages command in the Kickstart file, append them to the group name. For example:
%packages @Graphical Internet --optional %end
- --nodefaults
-
Only install the group’s mandatory packages, not the default selections.
- --optional
-
Install packages marked as optional in the group definition in the
comps.xml
file, in addition to installing the default selections.Note that some package groups, such as
Scientific Support
, do not have any mandatory or default packages specified - only optional packages. In this case the --optional option must always be used, otherwise no packages from this group will be installed.
%pre (optional) - Pre-installation Script
You can add commands to run on the system immediately after the Kickstart file has been parsed, but before the installation begins. This section must be placed towards the end of the Kickstart file, after the actual Kickstart commands, and must start with %pre and end with %end. If your Kickstart file also includes a %post section, the order in which the %pre and %post sections are included does not matter.
You can access the network in the %pre section. However, the name service has not been configured at this point, so only IP addresses work, not URLs.
The pre-installation script section of Kickstart cannot manage multiple install trees or source media. This information must be included for each created Kickstart file, as the pre-installation script occurs during the second stage of the installation process.
Unlike the post-installation script, the pre-installation script is not run in the |
The following options can be used to change the behavior of pre-installation scripts. To use an option, append it to the %pre line at the beginning of the script. For example:
%pre --interpreter=/usr/bin/python --- Python script omitted -- %end
- --interpreter=
-
Allows you to specify a different scripting language, such as Python. Any scripting language available on the system can be used; in most cases, these will be
/usr/bin/sh
,/usr/bin/bash
, and/usr/bin/python
. - --erroronfail
-
Display an error and halt the installation if the script fails. The error message will direct you to where the cause of the failure is logged.
- --log=
-
Logs the script’s output into the specified log file. For example:
%pre --log=/mnt/sysimage/root/ks-pre.log
For an example of a pre-installation script, see Example Pre-installation Script.
%post (optional) - Post-installation Script
You have the option of adding commands to run on the system once the installation is complete, but before the system is rebooted for the first time. This section must be placed towards the end of the Kickstart file, after the actual Kickstart commands, and must start with %post and end with %end. If your Kickstart file also includes a %pre section, the order of the %pre and %post sections does not matter.
This section is useful for functions such as installing additional software or configuring an additional name server. The post-install script is run in a chroot environment, therefore, performing tasks such as copying scripts or RPM packages from the installation media do not work by default. You can change this behavior using the --nochroot option as described below.
If you configured the network with static IP information, including a name server, you can access the network and resolve IP addresses in the %post section. If you configured the network for |
The following options can be used to change the behavior of post-installation scripts. To use an option, append it to the %post line at the beginning of the script. For example:
%post --interpreter=/usr/bin/python --- Python script omitted -- %end
- --interpreter=
-
Allows you to specify a different scripting language, such as Python. For example:
%post --interpreter=/usr/bin/python
Any scripting language available on the system can be used; in most cases, these will be
/usr/bin/sh
,/usr/bin/bash
, and/usr/bin/python
. - --nochroot
-
Allows you to specify commands that you would like to run outside of the chroot environment.
The following example copies the file
/etc/resolv.conf
to the file system that was just installed.%post --nochroot cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf %end
- --erroronfail
-
Display an error and halt the installation if the script fails. The error message will direct you to where the cause of the failure is logged.
- --log=
-
Logs the script’s output into the specified log file. Note that the path of the log file must take into account whether or not you use the --nochroot option. For example, without --nochroot:
%post --log=/root/ks-post.log
with --nochroot:
%post --nochroot --log=/mnt/sysimage/root/ks-post.log
For an example of a post-installation script, see Example Post-installation Script.
Example Kickstart Configurations
Advanced Partitioning Example
The following is an integrated example showing the clearpart, zerombr, part, raid, volgroup, and logvol Kickstart options in action:
clearpart --drives=hda,hdc zerombr # Raid 1 IDE config part raid.11 --size 1000 --asprimary --ondrive=hda part raid.12 --size 1000 --asprimary --ondrive=hda part raid.13 --size 2000 --asprimary --ondrive=hda part raid.14 --size 8000 --ondrive=hda part raid.15 --size 16384 --grow --ondrive=hda part raid.21 --size 1000 --asprimary --ondrive=hdc part raid.22 --size 1000 --asprimary --ondrive=hdc part raid.23 --size 2000 --asprimary --ondrive=hdc part raid.24 --size 8000 --ondrive=hdc part raid.25 --size 16384 --grow --ondrive=hdc # You can add --spares=x raid / --fstype xfs --device root --level=RAID1 raid.11 raid.21 raid /safe --fstype xfs --device safe --level=RAID1 raid.12 raid.22 raid swap --fstype swap --device swap --level=RAID1 raid.13 raid.23 raid /usr --fstype xfs --device usr --level=RAID1 raid.14 raid.24 raid pv.01 --fstype xfs --device pv.01 --level=RAID1 raid.15 raid.25 # LVM configuration so that we can resize /var and /usr/local later volgroup sysvg pv.01 logvol /var --vgname=sysvg --size=8000 --name=var logvol /var/freespace --vgname=sysvg --size=8000 --name=freespacetouse logvol /usr/local --vgname=sysvg --size=1 --grow --name=usrlocal
This advanced example implements LVM over RAID, as well as the ability to resize various directories for future growth.
First, the clearpart command is used on drives hda
and hdc
to wipe them. The zerombr command initializes unused partition tables.
Then, the two drives are partitioned to prepare them for RAID configuration. Each drive is divided into five partitions, and each drive is partitioned into an identical layout.
The next part uses these pairs of physical partitions to create a software RAID device with RAID1 level (mirroring). The first four RAID devices are used for /
(root), /safe
, swap
and /usr
. The fifth, largest pair of partitions is named pv.01
and will be used in the following part as a physical volume for LVM.
Finally, the last set of commands first creates a volume group named sysvg
on the pv.01
physical volume. Then, three logical volumes (/var
, /var/freespace
and /usr/local
) are created and added to the sysvg
volume group. The /var
and /var/freespace
volumes have a set size of 8 GB, and the /usr/local
volume uses the --grow option to fill all remaining available space.
The above example uses identifiers |
Example Pre-installation Script
The following is an example %pre section:
%pre #!/bin/sh hds="" mymedia="" for file in /proc/ide/h* do mymedia=`cat $file/media` if [ $mymedia == "disk" ] ; then hds="$hds `basename $file`" fi done set $hds numhd=`echo $#` drive1=`echo $hds | cut -d' ' -f1` drive2=`echo $hds | cut -d' ' -f2` #Write out partition scheme based on whether there are 1 or 2 hard drives if [ $numhd == "2" ] ; then #2 drives echo "#partitioning scheme generated in %pre for 2 drives" > /tmp/part-include echo "clearpart --all" >> /tmp/part-include echo "part /boot --fstype xfs --size 75 --ondisk hda" >> /tmp/part-include echo "part / --fstype xfs --size 1 --grow --ondisk hda" >> /tmp/part-include echo "part swap --recommended --ondisk $drive1" >> /tmp/part-include echo "part /home --fstype xfs --size 1 --grow --ondisk hdb" >> /tmp/part-include else #1 drive echo "#partitioning scheme generated in %pre for 1 drive" > /tmp/part-include echo "clearpart --all" >> /tmp/part-include echo "part /boot --fstype xfs --size 75" >> /tmp/part-include echo "part swap --recommended" >> /tmp/part-include echo "part / --fstype xfs --size 2048" >> /tmp/part-include echo "part /home --fstype xfs --size 2048 --grow" >> /tmp/part-include fi %end
This script determines the number of hard drives in the system and writes a text file with a different partitioning scheme depending on whether it has one or two drives. Instead of having a set of partitioning commands in the Kickstart file, include the following line:
%include /tmp/part-include
The partitioning commands selected in the script will be used.
Example Post-installation Script
The following is an example %post section:
# Start of the %post section with logging into /root/ks-post.log %post --log=/root/ks-post.log # Mount an NFS share mkdir /mnt/temp mount -o nolock 10.10.0.2:/usr/new-machines /mnt/temp openvt -s -w -- /mnt/temp/runme umount /mnt/temp # End of the %post section %end
The above example mounts an NFS share and executes a script named runme
located at /usr/new-machines/
on the share. Note that NFS file locking is not supported while in Kickstart mode, therefore the -o nolock option is required.
Want to help? Learn how to contribute to Fedora Docs ›