Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Appendix J. Kickstart commands and options reference
This reference is a complete list of all Kickstart commands supported by the Red Hat Enterprise Linux installation program. The commands are sorted alphabetically in a few broad categories. If a command can fall under multiple categories, it is listed in all of them.
J.1. Kickstart changes
The following sections describe the changes in Kickstart commands and options in Red Hat Enterprise Linux 8.
auth or authconfig is deprecated in RHEL 8
The auth
or authconfig
Kickstart command is deprecated in Red Hat Enterprise Linux 8 because the authconfig
tool and package have been removed.
Similarly to authconfig
commands issued on command line, authconfig
commands in Kickstart scripts now use the authselect-compat
tool to run the new authselect
tool. For a description of this compatibility layer and its known issues, see the manual page authselect-migration(7)
. The installation program will automatically detect use of the deprecated commands and install on the system the authselect-compat
package to provide the compatibility layer.
Kickstart no longer supports Btrfs
The Btrfs file system is not supported from Red Hat Enterprise Linux 8. As a result, the Graphical User Interface (GUI) and the Kickstart commands no longer support Btrfs.
Using Kickstart files from previous RHEL releases
If you are using Kickstart files from previous RHEL releases, see the Repositories section of the Considerations in adopting RHEL 8 document for more information about the Red Hat Enterprise Linux 8 BaseOS and AppStream repositories.
J.1.1. Deprecated Kickstart commands and options
The following Kickstart commands and options have been deprecated in Red Hat Enterprise Linux 8.
Where only specific options are listed, the base command and its other options are still available and not deprecated.
-
auth
orauthconfig
- useauthselect
instead -
device
-
deviceprobe
-
dmraid
-
install
- use the subcommands or methods directly as commands -
multipath
-
bootloader --upgrade
-
ignoredisk --interactive
-
partition --active
-
reboot --kexec
-
syspurpose
- usesubscription-manager syspurpose
instead
Except the auth
or authconfig
command, using the commands in Kickstart files prints a warning in the logs.
You can turn the deprecated command warnings into errors with the inst.ksstrict
boot option, except for the auth
or authconfig
command.
J.1.2. Removed Kickstart commands and options
The following Kickstart commands and options have been completely removed in Red Hat Enterprise Linux 8. Using them in Kickstart files will cause an error.
-
device
-
deviceprobe
-
dmraid
-
install
- use the subcommands or methods directly as commands -
multipath
-
bootloader --upgrade
-
ignoredisk --interactive
-
partition --active
-
harddrive --biospart
-
upgrade
(This command had already previously been deprecated.) -
btrfs
-
part/partition btrfs
-
part --fstype btrfs
orpartition --fstype btrfs
-
logvol --fstype btrfs
-
raid --fstype btrfs
-
unsupported_hardware
Where only specific options and values are listed, the base command and its other options are still available and not removed.
J.2. Kickstart commands for installation program configuration and flow control
The Kickstart commands in this list control the mode and course of installation, and what happens at its end.
J.2.1. cdrom
The cdrom
Kickstart command is optional. It performs the installation from the first optical drive on the system.
Syntax
cdrom
Notes
-
Previously, the
cdrom
command had to be used together with theinstall
command. Theinstall
command has been deprecated andcdrom
can be used on its own, because it impliesinstall
. - This command has no options.
-
To actually run the installation, one of
cdrom
,harddrive
,hmc
,nfs
,liveimg
, orurl
must be specified.
J.2.2. cmdline
The cmdline
Kickstart command is optional. It performs the installation in a completely non-interactive command line mode. Any prompt for interaction halts the installation.
Syntax
cmdline
Notes
-
For a fully automatic installation, you must either specify one of the available modes (
graphical
,text
, orcmdline
) in the Kickstart file, or you must use theconsole=
boot option. If no mode is specified, the system will use graphical mode if possible, or prompt you to choose from VNC and text mode. - This command has no options.
- This mode is useful on 64-bit IBM Z systems with the x3270 terminal.
J.2.3. driverdisk
The driverdisk
Kickstart command is optional. Use it to provide additional drivers to the installation program.
Driver disks can be used during Kickstart installations to provide additional drivers not included by default. You must copy the driver disks contents to the root directory of a partition on the system’s hard drive. Then, you must use the driverdisk
command to specify that the installation program should look for a driver disk and its location.
Syntax
driverdisk [partition|--source=url|--biospart=biospart]
Options
You must specify the location of driver disk in one way out of these:
-
partition - Partition containing the driver disk. Note that the partition must be specified as a full path (for example,
/dev/sdb1
), not just the partition name (for example,sdb1
). --source=
- URL for the driver disk. Examples include:driverdisk --source=ftp://path/to/dd.img
driverdisk --source=http://path/to/dd.img
driverdisk --source=nfs:host:/path/to/dd.img
-
--biospart=
- BIOS partition containing the driver disk (for example,82p2
).
Notes
Driver disks can also be loaded from a hard disk drive or a similar device instead of being loaded over the network or from initrd
. Follow this procedure:
- Load the driver disk on a hard disk drive, a USB or any similar device.
- Set the label, for example, DD, to this device.
Add the following line to your Kickstart file:
driverdisk LABEL=DD:/e1000.rpm
Replace DD with a specific label and replace e1000.rpm with a specific name. Use anything supported by the inst.repo
command instead of LABEL to specify your hard disk drive.
J.2.4. eula
The eula
Kickstart command is optional. Use this option to accept the End User License Agreement (EULA) without user interaction. Specifying this option prevents Initial Setup from prompting you to accept the license agreement after you finish the installation and reboot the system for the first time.
Syntax
eula [--agreed]
Options
-
--agreed
(required) - Accept the EULA. This option must always be used, otherwise theeula
command is meaningless.
J.2.5. firstboot
The firstboot
Kickstart command is optional. It determines whether the Initial Setup
application starts the first time the system is booted. If enabled, the initial-setup package must be installed. If not specified, this option is disabled by default.
Syntax
firstboot OPTIONS
Options
-
--enable
or--enabled
- Initial Setup is started the first time the system boots. -
--disable
or--disabled
- Initial Setup is not started the first time the system boots. -
--reconfig
- Enable the Initial Setup to start at boot time in reconfiguration mode. This mode enables the root password, time & date, and networking & host name configuration options in addition to the default ones.
J.2.6. graphical
The graphical
Kickstart command is optional. It performs the installation in graphical mode. This is the default.
Syntax
graphical [--non-interactive]
Options
-
--non-interactive
- Performs the installation in a completely non-interactive mode. This mode will terminate the installation when user interaction is required.
Notes
-
For a fully automatic installation, you must either specify one of the available modes (
graphical
,text
, orcmdline
) in the Kickstart file, or you must use theconsole=
boot option. If no mode is specified, the system will use graphical mode if possible, or prompt you to choose from VNC and text mode.
J.2.7. halt
The halt
Kickstart command is optional.
Halt the system after the installation has successfully completed. This is similar to a manual installation, where Anaconda displays a message and waits for the user to press a key before rebooting. During a Kickstart installation, if no completion method is specified, this option is used as the default.
Syntax
halt
Notes
-
The
halt
command is equivalent to theshutdown -H
command. For more details, see the shutdown(8) man page. -
For other completion methods, see the
poweroff
,reboot
, andshutdown
commands. - This command has no options.
J.2.8. harddrive
The harddrive
Kickstart command is optional. It performs the installation from a Red Hat installation tree or full installation ISO image on a local drive. The drive must be formatted with a file system the installation program can mount: ext2
, ext3
, ext4
, vfat
, or xfs
.
Syntax
harddrive OPTIONS
Options
-
--partition=
- Partition to install from (such assdb2
). -
--dir=
- Directory containing thevariant
directory of the installation tree, or the ISO image of the full installation DVD.
Example
harddrive --partition=hdb2 --dir=/tmp/install-tree
Notes
-
Previously, the
harddrive
command had to be used together with theinstall
command. Theinstall
command has been deprecated andharddrive
can be used on its own, because it impliesinstall
. -
To actually run the installation, one of
cdrom
,harddrive
,hmc
,nfs
,liveimg
, orurl
must be specified.
J.2.9. install (deprecated)
The install
Kickstart command is deprecated in Red Hat Enterprise Linux 8. Use its methods as separate commands.
The install
Kickstart command is optional. It specifies the default installation mode.
Syntax
install
installation_method
Notes
-
The
install
command must be followed by an installation method command. The installation method command must be on a separate line. The methods include:
-
cdrom
-
harddrive
-
hmc
-
nfs
-
liveimg
-
url
For details about the methods, see their separate reference pages.
-
J.2.10. liveimg
The liveimg
Kickstart command is optional. It performs the installation from a disk image instead of packages.
Syntax
liveimg
--url=SOURCE
[OPTIONS]
Mandatory options
-
--url=
- The location to install from. Supported protocols areHTTP
,HTTPS
,FTP
, andfile
.
Optional options
-
--url=
- The location to install from. Supported protocols areHTTP
,HTTPS
,FTP
, andfile
. -
--proxy=
- Specify anHTTP
,HTTPS
orFTP
proxy to use while performing the installation. -
--checksum=
- An optional argument with theSHA256
checksum of the image file, used for verification. -
--noverifyssl
- Disable SSL verification when connecting to anHTTPS
server.
Example
liveimg --url=file:///images/install/squashfs.img --checksum=03825f567f17705100de3308a20354b4d81ac9d8bed4bb4692b2381045e56197 --noverifyssl
Notes
-
The image can be the
squashfs.img
file from a live ISO image, a compressed tar file (.tar
,.tbz
,.tgz
,.txz
,.tar.bz2
,.tar.gz
, or.tar.xz
.), or any file system that the installation media can mount. Supported file systems areext2
,ext3
,ext4
,vfat
, andxfs
. -
When using the
liveimg
installation mode with a driver disk, drivers on the disk will not automatically be included in the installed system. If necessary, these drivers should be installed manually, or in the%post
section of a kickstart script. -
To actually run the installation, one of
cdrom
,harddrive
,hmc
,nfs
,liveimg
, orurl
must be specified. -
Previously, the
liveimg
command had to be used together with theinstall
command. Theinstall
command has been deprecated andliveimg
can be used on its own, because it impliesinstall
.
J.2.11. logging
The logging
Kickstart command is optional. It controls the error logging of Anaconda during installation. It has no effect on the installed system.
Logging is supported over TCP only. For remote logging, ensure that the port number that you specify in --port=
option is open on the remote server. The default port is 514.
Syntax
logging OPTIONS
Optional options
-
--host=
- Send logging information to the given remote host, which must be running a syslogd process configured to accept remote logging. -
--port=
- If the remote syslogd process uses a port other than the default, set it using this option. -
--level=
- Specify the minimum level of messages that appear on tty3. All messages are still sent to the log file regardless of this level, however. Possible values aredebug
,info
,warning
,error
, orcritical
.
J.2.12. mediacheck
The mediacheck
Kickstart command is optional. This command forces the installation program to perform a media check before starting the installation. This command requires that installations be attended, so it is disabled by default.
Syntax
mediacheck
Notes
-
This Kickstart command is equivalent to the
rd.live.check
boot option. - This command has no options.
J.2.13. nfs
The nfs
Kickstart command is optional. It performs the installation from a specified NFS server.
Syntax
nfs OPTIONS
Options
-
--server=
- Server from which to install (host name or IP). -
--dir=
- Directory containing thevariant
directory of the installation tree. -
--opts=
- Mount options to use for mounting the NFS export. (optional)
Example
nfs --server=nfsserver.example.com --dir=/tmp/install-tree
Notes
-
Previously, the
nfs
command had to be used together with theinstall
command. Theinstall
command has been deprecated andnfs
can be used on its own, because it impliesinstall
. -
To actually run the installation, one of
cdrom
,harddrive
,hmc
,nfs
,liveimg
, orurl
must be specified.
J.2.14. ostreesetup
The ostreesetup
Kickstart command is optional. It is used to set up OStree-based installations.
Syntax
ostreesetup --osname=OSNAME [--remote=REMOTE] --url=URL --ref=REF [--nogpg]
Mandatory options:
-
--osname=OSNAME
- Management root for OS installation. -
--url=URL
- URL of the repository to install from. -
--ref=REF
- Name of the branch from the repository to be used for installation.
Optional options:
-
--remote=REMOTE
- Management root for OS installation. -
--nogpg
- Disable GPG key verification.
Notes
- For more information about the OStree tools, see the upstream documentation: https://ostree.readthedocs.io/en/latest/
J.2.15. poweroff
The poweroff
Kickstart command is optional. It shuts down and powers off the system after the installation has successfully completed. Normally during a manual installation, Anaconda displays a message and waits for the user to press a key before rebooting.
Syntax
poweroff
Notes
-
The
poweroff
option is equivalent to theshutdown -P
command. For more details, see the shutdown(8) man page. -
For other completion methods, see the
halt
,reboot
, andshutdown
Kickstart commands. Thehalt
option is the default completion method if no other methods are explicitly specified in the Kickstart file. -
The
poweroff
command is highly dependent on the system hardware in use. Specifically, certain hardware components such as the BIOS, APM (advanced power management), and ACPI (advanced configuration and power interface) must be able to interact with the system kernel. Consult your hardware documentation for more information on you system’s APM/ACPI abilities. - This command has no options.
J.2.16. reboot
The reboot
Kickstart command is optional. It instructs the installation program to reboot after the installation is successfully completed (no arguments). Normally, Kickstart displays a message and waits for the user to press a key before rebooting.
Syntax
reboot OPTIONS
Options
-
--eject
- Attempt to eject the bootable media (DVD, USB, or other media) before rebooting. --kexec
- Uses thekexec
system call instead of performing a full reboot, which immediately loads the installed system into memory, bypassing the hardware initialization normally performed by the BIOS or firmware.ImportantThis option is deprecated and available as a Technology Preview only. For information on Red Hat scope of support for Technology Preview features, see the Technology Preview Features Support Scope document.
When
kexec
is used, device registers (which would normally be cleared during a full system reboot) might stay filled with data, which could potentially create issues for some device drivers.
Notes
-
Use of the
reboot
option might result in an endless installation loop, depending on the installation media and method. -
The
reboot
option is equivalent to theshutdown -r
command. For more details, see the shutdown(8) man page. -
Specify
reboot
to automate installation fully when installing in command line mode on 64-bit IBM Z. -
For other completion methods, see the
halt
,poweroff
, andshutdown
Kickstart options. Thehalt
option is the default completion method if no other methods are explicitly specified in the Kickstart file.
J.2.17. rhsm
The rhsm
Kickstart command is optional. It instructs the installation program to register and install RHEL from the CDN.
The rhsm
Kickstart command removes the requirement of using custom %post
scripts when registering the system.
Options
-
--organization=
- Uses the organization id to register and install RHEL from the CDN. -
--activation-key=
- Uses the activation key to register and install RHEL from the CDN. Option can be used multiple times, once per activation key, as long as the activation keys used are registered to your subscription. -
--connect-to-insights
- Connects the target system to Red Hat Insights. -
--proxy=
- Sets the HTTP proxy.
J.2.18. shutdown
The shutdown
Kickstart command is optional. It shuts down the system after the installation has successfully completed.
Syntax
shutdown
Notes
-
The
shutdown
Kickstart option is equivalent to theshutdown
command. For more details, see the shutdown(8) man page. -
For other completion methods, see the
halt
,poweroff
, andreboot
Kickstart options. Thehalt
option is the default completion method if no other methods are explicitly specified in the Kickstart file. - This command has no options.
J.2.19. sshpw
The sshpw
Kickstart command is optional.
During the installation, you can interact with the installation program and monitor its progress over an SSH
connection. Use the sshpw
command to create temporary accounts through which to log on. Each instance of the command creates a separate account that exists only in the installation environment. These accounts are not transferred to the installed system.
Syntax
sshpw --username=name [OPTIONS] password
Mandatory options
-
--username
=name - Provides the name of the user. This option is required. - password - The password to use for the user. This option is required.
Optional options
--iscrypted
- If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with--plaintext
. To create an encrypted password, you can use Python:$
python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
This generates a sha512 crypt-compatible hash of your password using a random salt.
-
--plaintext
- If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with--iscrypted
-
--lock
- If this option is present, this account is locked by default. This means that the user will not be able to log in from the console. -
--sshkey
- If this is option is present, then the <password> string is interpreted as an ssh key value.
Notes
-
By default, the
ssh
server is not started during the installation. To makessh
available during the installation, boot the system with the kernel boot optioninst.sshd
. If you want to disable root
ssh
access, while allowing another userssh
access, use the following:sshpw --username=example_username example_password --plaintext
sshpw --username=root example_password --lock
To simply disable root
ssh
access, use the following:sshpw --username=root example_password --lock
J.2.20. text
The text
Kickstart command is optional. It performs the Kickstart installation in text mode. Kickstart installations are performed in graphical mode by default.
Syntax
text [--non-interactive]
Options
-
--non-interactive
- Performs the installation in a completely non-interactive mode. This mode will terminate the installation when user interaction is required.
Notes
-
Note that for a fully automatic installation, you must either specify one of the available modes (
graphical
,text
, orcmdline
) in the Kickstart file, or you must use theconsole=
boot option. If no mode is specified, the system will use graphical mode if possible, or prompt you to choose from VNC and text mode.
J.2.21. url
The url
Kickstart command is optional. It is used to install from an installation tree image on a remote server using the FTP, HTTP, or HTTPS protocol. You can only specify one URL.
Syntax
url
--url=FROM
[OPTIONS]
Mandatory options
-
--url=FROM
- Specifies theHTTP
,HTTPS
,FTP
, orfile
location to install from.
Optional options
-
--mirrorlist=
- Specifies the mirror URL to install from. -
--proxy=
- Specifies anHTTP
,HTTPS
, orFTP
proxy to use during the installation. -
--noverifyssl
- Disables SSL verification when connecting to anHTTPS
server. -
--metalink=URL
- Specifies the metalink URL to install from. Variable substitution is done for$releasever
and$basearch
in the URL.
Examples
To install from a HTTP server:
url --url=http://server/path
To install from a FTP server:
url --url=ftp://username:password@server/path
To install from a local file:
liveimg --url=file:///images/install/squashfs.img --noverifyssl
Notes
-
Previously, the
url
command had to be used together with theinstall
command. Theinstall
command has been deprecated andurl
can be used on its own, because it impliesinstall
. -
To actually run the installation, one of
cdrom
,harddrive
,hmc
,nfs
,liveimg
, orurl
must be specified.
J.2.22. vnc
The vnc
Kickstart command is optional. It allows the graphical installation to be viewed remotely through VNC.
This method is usually preferred over text mode, as there are some size and language limitations in text installations. With no additional options, this command starts a VNC server on the installation system with no password and displays the details required to connect to it.
Syntax
vnc [--host=host_name] [--port=port] [--password=password]
Options
--host=
- Connect to the VNC viewer process listening on the given host name.
--port=
- Provide a port that the remote VNC viewer process is listening on. If not provided, Anaconda uses the VNC default port of 5900.
--password=
- Set a password which must be provided to connect to the VNC session. This is optional, but recommended.
Additional resources
J.2.23. %include
The %include
Kickstart command is optional.
Use the %include
command to include the contents of another file in the Kickstart file as if the contents were at the location of the %include
command in the Kickstart file.
This inclusion is evaluated only after the %pre
script sections and can thus be used to include files generated by scripts in the %pre
sections. To include files before evaluation of %pre
sections, use the %ksappend
command.
Syntax
%include path/to/file
J.2.24. %ksappend
The %ksappend
Kickstart command is optional.
Use the %ksappend
command to include the contents of another file in the Kickstart file as if the contents were at the location of the %ksappend
command in the Kickstart file.
This inclusion is evaluated before the %pre
script sections, unlike inclusion with the %include
command.
Syntax
%ksappend path/to/file
J.3. Kickstart commands for system configuration
The Kickstart commands in this list configure further details on the resulting system such as users, repositories, or services.
J.3.1. auth or authconfig (deprecated)
Use the new authselect
command instead of the deprecated auth
or authconfig
Kickstart command. auth
and authconfig
are available only for limited backwards compatibility.
The auth
or authconfig
Kickstart command is optional. It sets up the authentication options for the system using the authconfig
tool, which can also be run on the command line after the installation finishes.
Syntax
authconfig [OPTIONS]
Notes
-
Previously, the
auth
orauthconfig
Kickstart commands called theauthconfig
tool. This tool has been deprecated in Red Hat Enterprise Linux 8. These Kickstart commands now use theauthselect-compat
tool to call the newauthselect
tool. For a description of the compatibility layer and its known issues, see the manual page authselect-migration(7). The installation program will automatically detect use of the deprecated commands and install on the system theauthselect-compat
package to provide the compatibility layer. - Passwords are shadowed by default.
-
When using OpenLDAP with the
SSL
protocol for security, make sure that theSSLv2
andSSLv3
protocols are disabled in the server configuration. This is due to the POODLE SSL vulnerability (CVE-2014-3566). See https://access.redhat.com/solutions/1234843 for details.
J.3.2. authselect
The authselect
Kickstart command is optional. It sets up the authentication options for the system using the authselect
command, which can also be run on the command line after the installation finishes.
Syntax
authselect [OPTIONS]
Notes
-
This command passes all options to the
authselect
command. Refer to the authselect(8) manual page and theauthselect --help
command for more details. -
This command replaces the deprecated
auth
orauthconfig
commands deprecated in Red Hat Enterprise Linux 8 together with theauthconfig
tool. - Passwords are shadowed by default.
-
When using OpenLDAP with the
SSL
protocol for security, make sure that theSSLv2
andSSLv3
protocols are disabled in the server configuration. This is due to the POODLE SSL vulnerability (CVE-2014-3566). See https://access.redhat.com/solutions/1234843 for details.
J.3.3. firewall
The firewall
Kickstart command is optional. It specifies the firewall configuration for the installed system.
Syntax
firewall --enabled|--disabled [incoming] [OPTIONS]
Mandatory options
-
--enabled
or--enable
- Reject incoming connections that are not in response to outbound requests, such as DNS replies or DHCP requests. If access to services running on this machine is needed, you can choose to allow specific services through the firewall. -
--disabled
or--disable
- Do not configure any iptables rules.
Optional options
-
--trust
- Listing a device here, such asem1
, allows all traffic coming to and from that device to go through the firewall. To list more than one device, use the option more times, such as--trust em1 --trust em2
. Do not use a comma-separated format such as--trust em1, em2
. -
--remove-service
- Do not allow services through the firewall. incoming - Replace with one or more of the following to allow the specified services through the firewall.
-
--ssh
-
--smtp
-
--http
-
--ftp
-
-
--port=
- You can specify that ports be allowed through the firewall using the port:protocol format. For example, to allow IMAP access through your firewall, specifyimap:tcp
. Numeric ports can also be specified explicitly; for example, to allow UDP packets on port 1234 through, specify1234:udp
. To specify multiple ports, separate them by commas. --service=
- This option provides a higher-level way to allow services through the firewall. Some services (likecups
,avahi
, and so on.) require multiple ports to be open or other special configuration in order for the service to work. You can specify each individual port with the--port
option, or specify--service=
and open them all at once.Valid options are anything recognized by the
firewall-offline-cmd
program in the firewalld package. If thefirewalld
service is running,firewall-cmd --get-services
provides a list of known service names.-
--use-system-defaults
- Do not configure the firewall at all. This option instructs anaconda to do nothing and allows the system to rely on the defaults that were provided with the package or ostree. If this option is used with other options then all other options will be ignored.
J.3.4. group
The group
Kickstart command is optional. It creates a new user group on the system.
group --name=name [--gid=gid]
Mandatory options
-
--name=
- Provides the name of the group.
Optional options
-
--gid=
- The group’s GID. If not provided, defaults to the next available non-system GID.
Notes
- If a group with the given name or GID already exists, this command fails.
-
The
user
command can be used to create a new group for the newly created user.
J.3.5. keyboard (required)
The keyboard
Kickstart command is required. It sets one or more available keyboard layouts for the system.
Syntax
keyboard --vckeymap|--xlayouts OPTIONS
Options
-
--vckeymap=
- Specify aVConsole
keymap which should be used. Valid names correspond to the list of files in the/usr/lib/kbd/keymaps/xkb/
directory, without the.map.gz
extension. --xlayouts=
- Specify a list of X layouts that should be used as a comma-separated list without spaces. Accepts values in the same format assetxkbmap(1)
, either in thelayout
format (such ascz
), or in thelayout (variant)
format (such ascz (qwerty)
).All available layouts can be viewed on the
xkeyboard-config(7)
man page underLayouts
.--switch=
- Specify a list of layout-switching options (shortcuts for switching between multiple keyboard layouts). Multiple options must be separated by commas without spaces. Accepts values in the same format assetxkbmap(1)
.Available switching options can be viewed on the
xkeyboard-config(7)
man page underOptions
.
Notes
-
Either the
--vckeymap=
or the--xlayouts=
option must be used.
Example
The following example sets up two keyboard layouts (English (US)
and Czech (qwerty)
) using the --xlayouts=
option, and allows to switch between them using Alt+Shift:
keyboard --xlayouts=us,'cz (qwerty)' --switch=grp:alt_shift_toggle
J.3.6. lang (required)
The lang
Kickstart command is required. It sets the language to use during installation and the default language to use on the installed system.
Syntax
lang language [--addsupport=language,...]
Mandatory options
-
language
- Install support for this language and set it as system default.
Optional options
--addsupport=
- Add support for additional languages. Takes the form of comma-separated list without spaces. For example:lang en_US --addsupport=cs_CZ,de_DE,en_UK
Notes
-
The
locale -a | grep _
orlocalectl list-locales | grep _
commands return a list of supported locales. -
Certain languages (for example, Chinese, Japanese, Korean, and Indic languages) are not supported during text-mode installation. If you specify one of these languages with the
lang
command, the installation process continues in English, but the installed system uses your selection as its default language.
Example
To set the language to English, the Kickstart file should contain the following line:
lang en_US
J.3.7. module
The module
Kickstart command is optional. Use this command to enable a package module stream within kickstart script.
Syntax
module --name=NAME [--stream=STREAM]
Mandatory options
--name=
- Specifies the name of the module to enable. Replace NAME with the actual name.
Optional options
--stream=
Specifies the name of the module stream to enable. Replace STREAM with the actual name.
You do not need to specify this option for modules with a default stream defined. For modules without a default stream, this option is mandatory and leaving it out results in an error. Enabling a module multiple times with different streams is not possible.
Notes
-
Using a combination of this command and the
%packages
section allows you to install packages provided by the enabled module and stream combination, without specifying the module and stream explicitly. Modules must be enabled before package installation. After enabling a module with themodule
command, you can install the packages enabled by this module by listing them in the%packages
section. -
A single
module
command can enable only a single module and stream combination. To enable multiple modules, use multiplemodule
commands. Enabling a module multiple times with different streams is not possible. -
In Red Hat Enterprise Linux 8, modules are present only in the AppStream repository. To list available modules, use the
yum module list
command on an installed Red Hat Enterprise Linux 8 system with a valid subscription.
Additional resources
J.3.8. repo
The repo
Kickstart command is optional. It configures additional yum repositories that can be used as sources for package installation. You can add multiple repo
lines.
Syntax
repo --name=repoid [--baseurl=url|--mirrorlist=url|--metalink=url] [OPTIONS]
Mandatory options
-
--name=
- The repository id. This option is required. If a repository has a name which conflicts with another previously added repository, it is ignored. Because the installation program uses a list of preset repositories, this means that you cannot add repositories with the same names as the preset ones.
URL options
These options are mutually exclusive and optional. The variables that can be used in yum repository configuration files are not supported here. You can use the strings $releasever
and $basearch
which are replaced by the respective values in the URL.
-
--baseurl=
- The URL to the repository. -
--mirrorlist=
- The URL pointing at a list of mirrors for the repository. -
--metalink=
- The URL with metalink for the repository.
Optional options
-
--install
- Save the provided repository configuration on the installed system in the/etc/yum.repos.d/
directory. Without using this option, a repository configured in a Kickstart file will only be available during the installation process, not on the installed system. -
--cost=
- An integer value to assign a cost to this repository. If multiple repositories provide the same packages, this number is used to prioritize which repository will be used before another. Repositories with a lower cost take priority over repositories with higher cost. -
--excludepkgs=
- A comma-separated list of package names that must not be pulled from this repository. This is useful if multiple repositories provide the same package and you want to make sure it comes from a particular repository. Both full package names (such aspublican
) and globs (such asgnome-*
) are accepted. -
--includepkgs=
- A comma-separated list of package names and globs that are allowed to be pulled from this repository. Any other packages provided by the repository will be ignored. This is useful if you want to install just a single package or set of packages from a repository while excluding all other packages the repository provides. -
--proxy=[protocol://][username[:password]@]host[:port]
- Specify an HTTP/HTTPS/FTP proxy to use just for this repository. This setting does not affect any other repositories, nor how theinstall.img
is fetched on HTTP installations. -
--noverifyssl
- Disable SSL verification when connecting to anHTTPS
server.
Notes
- Repositories used for installation must be stable. The installation can fail if a repository is modified before the installation concludes.
J.3.9. rootpw (required)
The rootpw
Kickstart command is required. It sets the system’s root password to the password argument.
Syntax
rootpw [--iscrypted|--plaintext] [--lock] password
Mandatory options
-
password - Password specification. Either plain text or encrypted string. See
--iscrypted
and--plaintext
below.
Options
--iscrypted
- If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with--plaintext
. To create an encrypted password, you can use python:$
python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
This generates a sha512 crypt-compatible hash of your password using a random salt.
-
--plaintext
- If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with--iscrypted
. -
--lock
- If this option is present, the root account is locked by default. This means that the root user will not be able to log in from the console. This option will also disable the Root Password screens in both the graphical and text-based manual installation.
J.3.10. selinux
The selinux
Kickstart command is optional. It sets the state of SELinux on the installed system. The default SELinux policy is enforcing
.
Syntax
selinux [--disabled|--enforcing|--permissive]
Options
--enforcing
-
Enables SELinux with the default targeted policy being
enforcing
. --permissive
- Outputs warnings based on the SELinux policy, but does not actually enforce the policy.
--disabled
- Disables SELinux completely on the system.
Additional resources
J.3.11. services
The services
Kickstart command is optional. It modifies the default set of services that will run under the default systemd target. The list of disabled services is processed before the list of enabled services. Therefore, if a service appears on both lists, it will be enabled.
Syntax
services [--disabled=list] [--enabled=list]
Options
-
--disabled=
- Disable the services given in the comma separated list. -
--enabled=
- Enable the services given in the comma separated list.
Notes
Do not include spaces in the list of services. If you do, Kickstart will enable or disable only the services up to the first space. For example:
services --disabled=auditd, cups,smartd, nfslock
That disables only the
auditd
service. To disable all four services, this entry must include no spaces:services --disabled=auditd,cups,smartd,nfslock
J.3.12. skipx
The skipx
Kickstart command is optional. If present, X is not configured on the installed system.
If you install a display manager among your package selection options, this package creates an X configuration, and the installed system defaults to graphical.target
. That overrides the effect of the skipx
option.
Syntax
skipx
Notes
- This command has no options.
J.3.13. sshkey
The sshkey
Kickstart command is optional. It adds a SSH key to the authorized_keys
file of the specified user on the installed system.
Syntax
sshkey --username=user "ssh_key"
Mandatory options
-
--username=
- The user for which the key will be installed. - ssh_key - The complete SSH key fingerprint. It must be wrapped with quotes.
J.3.14. syspurpose
The syspurpose
Kickstart command is optional. Use it to set the system purpose which describes how the system will be used after installation. This information helps apply the correct subscription entitlement to the system.
Red Hat Enterprise Linux 8.6 and later enables you to manage and display system purpose attributes with a single module by making the role
, service-level
, usage
, and addons
subcommands available under one subscription-manager syspurpose
module. Previously, system administrators used one of four standalone syspurpose
commands to manage each attribute. This standalone syspurpose
command is deprecated starting with RHEL 8.6 and is planned to be removed in RHEL 9. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements. Starting with RHEL 9, the single subscription-manager syspurpose
command and its associated subcommands is the only way to use system purpose.
Syntax
syspurpose [OPTIONS]
Options
--role=
- Set the intended system role. Available values are:- Red Hat Enterprise Linux Server
- Red Hat Enterprise Linux Workstation
- Red Hat Enterprise Linux Compute Node
--sla=
- Set the Service Level Agreement. Available values are:- Premium
- Standard
- Self-Support
--usage=
- The intended usage of the system. Available values are:- Production
- Disaster Recovery
- Development/Test
-
--addon=
- Specifies additional layered products or features. You can use this option multiple times.
Notes
Enter the values with spaces and enclose them in double quotes:
syspurpose --role="Red Hat Enterprise Linux Server"
-
While it is strongly recommended that you configure System Purpose, it is an optional feature of the Red Hat Enterprise Linux installation program. If you want to enable System Purpose after the installation completes, you can do so using the
syspurpose
command-line tool.
Red Hat Enterprise Linux 8.6 and later enables you to manage and display system purpose attributes with a single module by making the role
, service-level
, usage
, and addons
subcommands available under one subscription-manager syspurpose
module. Previously, system administrators used one of four standalone syspurpose
commands to manage each attribute. This standalone syspurpose
command is deprecated starting with RHEL 8.6 and is planned to be removed in RHEL 9. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements. Starting with RHEL 9, the single subscription-manager syspurpose
command and its associated subcommands is the only way to use system purpose.
J.3.15. timezone (required)
The timezone
Kickstart command is required. It sets the system time zone.
Syntax
timezone timezone [OPTIONS]
Mandatory options
- timezone - the time zone to set for the system.
Optional options
-
--utc
- If present, the system assumes the hardware clock is set to UTC (Greenwich Mean) time. -
--nontp
- Disable the NTP service automatic starting. -
--ntpservers=
- Specify a list of NTP servers to be used as a comma-separated list without spaces.
Notes
In Red Hat Enterprise Linux 8, time zone names are validated using the pytz.all_timezones
list, provided by the pytz package. In previous releases, the names were validated against pytz.common_timezones
, which is a subset of the currently used list. Note that the graphical and text mode interfaces still use the more restricted pytz.common_timezones
list; you must use a Kickstart file to use additional time zone definitions.
J.3.16. user
The user
Kickstart command is optional. It creates a new user on the system.
Syntax
user --name=username [OPTIONS]
Mandatory options
-
--name=
- Provides the name of the user. This option is required.
Optional options
-
--gecos=
- Provides the GECOS information for the user. This is a string of various system-specific fields separated by a comma. It is frequently used to specify the user’s full name, office number, and so on. See thepasswd(5)
man page for more details. -
--groups=
- In addition to the default group, a comma separated list of group names the user should belong to. The groups must exist before the user account is created. See thegroup
command. -
--homedir=
- The home directory for the user. If not provided, this defaults to/home/username
. -
--lock
- If this option is present, this account is locked by default. This means that the user will not be able to log in from the console. This option will also disable the Create User screens in both the graphical and text-based manual installation. -
--password=
- The new user’s password. If not provided, the account will be locked by default. --iscrypted
- If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with--plaintext
. To create an encrypted password, you can use python:$
python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
This generates a sha512 crypt-compatible hash of your password using a random salt.
-
--plaintext
- If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with--iscrypted
-
--shell=
- The user’s login shell. If not provided, the system default is used. -
--uid=
- The user’s UID (User ID). If not provided, this defaults to the next available non-system UID. -
--gid=
- The GID (Group ID) to be used for the user’s group. If not provided, this defaults to the next available non-system group ID.
Notes
Consider using the
--uid
and--gid
options to set IDs of regular users and their default groups at range starting at5000
instead of1000
. That is because the range reserved for system users and groups,0
-999
, might increase in the future and thus overlap with IDs of regular users.For changing the minimum UID and GID limits after the installation, which ensures that your chosen UID and GID ranges are applied automatically on user creation, see the Setting default permissions for new files using umask section of the Configuring basic system settings document.
Files and directories are created with various permissions, dictated by the application used to create the file or directory. For example, the
mkdir
command creates directories with all permissions enabled. However, applications are prevented from granting certain permissions to newly created files, as specified by theuser file-creation mask
setting.The
user file-creation mask
can be controlled with theumask
command. The default setting of theuser file-creation mask
for new users is defined by theUMASK
variable in the/etc/login.defs
configuration file on the installed system. If unset, it defaults to022
. This means that by default when an application creates a file, it is prevented from granting write permission to users other than the owner of the file. However, this can be overridden by other settings or scripts.More information can be found in the Setting default permissions for new files using umask section of the Configuring basic system settings document.
J.3.17. xconfig
The xconfig
Kickstart command is optional. It configures the X Window System.
Syntax
xconfig [--startxonboot]
Options
-
--startxonboot
- Use a graphical login on the installed system.
Notes
-
Because Red Hat Enterprise Linux 8 does not include the KDE Desktop Environment, do not use the
--defaultdesktop=
documented in upstream.
J.4. Kickstart commands for network configuration
The Kickstart commands in this list let you configure networking on the system.
J.4.1. network (optional)
Use the optional network
Kickstart command to configure network information for the target system and activate the network devices in the installation environment. The device specified in the first network
command is activated automatically. You can also explicitly require a device to be activated using the --activate
option.
Syntax
network OPTIONS
Options
--activate
- activate this device in the installation environment.If you use the
--activate
option on a device that has already been activated (for example, an interface you configured with boot options so that the system could retrieve the Kickstart file) the device is reactivated to use the details specified in the Kickstart file.Use the
--nodefroute
option to prevent the device from using the default route.--no-activate
- do not activate this device in the installation environment.By default, Anaconda activates the first network device in the Kickstart file regardless of the
--activate
option. You can disable the default setting by using the--no-activate
option.--bootproto=
- One ofdhcp
,bootp
,ibft
, orstatic
. The default option isdhcp
; thedhcp
andbootp
options are treated the same. To disableipv4
configuration of the device, use--noipv4
option.NoteThis option configures ipv4 configuration of the device. For ipv6 configuration use
--ipv6
and--ipv6gateway
options.The DHCP method uses a DHCP server system to obtain its networking configuration. The BOOTP method is similar, requiring a BOOTP server to supply the networking configuration. To direct a system to use DHCP:
network --bootproto=dhcp
To direct a machine to use BOOTP to obtain its networking configuration, use the following line in the Kickstart file:
network --bootproto=bootp
To direct a machine to use the configuration specified in iBFT, use:
network --bootproto=ibft
The
static
method requires that you specify at least the IP address and netmask in the Kickstart file. This information is static and is used during and after the installation.All static networking configuration information must be specified on one line; you cannot wrap lines using a backslash (
\
) as you can on a command line.network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver=10.0.2.1
You can also configure multiple nameservers at the same time. To do so, use the
--nameserver=
option once, and specify each of their IP addresses, separated by commas:network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver=192.168.2.1,192.168.3.1
--device=
- specifies the device to be configured (and eventually activated in Anaconda) with thenetwork
command.If the
--device=
option is missing on the first use of thenetwork
command, the value of theinst.ks.device=
Anaconda boot option is used, if available. Note that this is considered deprecated behavior; in most cases, you should always specify a--device=
for everynetwork
command.The behavior of any subsequent
network
command in the same Kickstart file is unspecified if its--device=
option is missing. Verify you specify this option for anynetwork
command beyond the first.You can specify a device to be activated in any of the following ways:
-
the device name of the interface, for example,
em1
-
the MAC address of the interface, for example,
01:23:45:67:89:ab
-
the keyword
link
, which specifies the first interface with its link in theup
state -
the keyword
bootif
, which uses the MAC address that pxelinux set in theBOOTIF
variable. SetIPAPPEND 2
in yourpxelinux.cfg
file to have pxelinux set theBOOTIF
variable.
For example:
network --bootproto=dhcp --device=em1
-
the device name of the interface, for example,
-
--ip=
- IP address of the device. -
--ipv6=
- IPv6 address of the device, in the form of address[/prefix length] - for example,3ffe:ffff:0:1::1/128
. If prefix is omitted,64
is used. You can also useauto
for automatic configuration, ordhcp
for DHCPv6-only configuration (no router advertisements). -
--gateway=
- Default gateway as a single IPv4 address. -
--ipv6gateway=
- Default gateway as a single IPv6 address. -
--nodefroute
- Prevents the interface being set as the default route. Use this option when you activate additional devices with the--activate=
option, for example, a NIC on a separate subnet for an iSCSI target. -
--nameserver=
- DNS name server, as an IP address. To specify more than one name server, use this option once, and separate each IP address with a comma. -
--netmask=
- Network mask for the installed system. --hostname=
- Used to configure the target system’s host name. The host name can either be a fully qualified domain name (FQDN) in the formathostname.domainname
, or a short host name without the domain. Many networks have a Dynamic Host Configuration Protocol (DHCP) service that automatically supplies connected systems with a domain name. To allow the DHCP service to assign the domain name to this machine, specify only the short host name.When using static IP and host name configuration, it depends on the planned system use case whether to use a short name or FQDN. Red Hat Identity Management configures FQDN during provisioning but some 3rd party software products may require short name. In either case, to ensure availability of both forms in all situations, add an entry for the host in
/etc/hosts
in the formatIP FQDN short-alias
.The value
localhost
means that no specific static host name for the target system is configured, and the actual host name of the installed system is configured during the processing of the network configuration, for example, by NetworkManager using DHCP or DNS.Host names can only contain alphanumeric characters and
-
or.
. Host name should be equal to or less than 64 characters. Host names cannot start or end with-
and.
. To be compliant with DNS, each part of a FQDN should be equal to or less than 63 characters and the FQDN total length, including dots, should not exceed 255 characters.If you only want to configure the target system’s host name, use the
--hostname
option in thenetwork
command and do not include any other option.If you provide additional options when configuring the host name, the
network
command configures a device using the options specified. If you do not specify which device to configure using the--device
option, the default--device link
value is used. Additionally, if you do not specify the protocol using the--bootproto
option, the device is configured to use DHCP by default.-
--ethtool=
- Specifies additional low-level settings for the network device which will be passed to the ethtool program. -
--onboot=
- Whether or not to enable the device at boot time. -
--dhcpclass=
- The DHCP class. -
--mtu=
- The MTU of the device. -
--noipv4
- Disable IPv4 on this device. -
--noipv6
- Disable IPv6 on this device. --bondslaves=
- When this option is used, the bond device specified by the--device=
option is created using secondary devices defined in the--bondslaves=
option. For example:network --device=bond0 --bondslaves=em1,em2
The above command creates a bond device named
bond0
using theem1
andem2
interfaces as its secondary devices.--bondopts=
- a list of optional parameters for a bonded interface, which is specified using the--bondslaves=
and--device=
options. Options in this list must be separated by commas (“,”) or semicolons (“;”). If an option itself contains a comma, use a semicolon to separate the options. For example:network --bondopts=mode=active-backup,balance-rr;primary=eth1
ImportantThe
--bondopts=mode=
parameter only supports full mode names such asbalance-rr
orbroadcast
, not their numerical representations such as0
or3
. For the list of available and supported modes, see Configuring and Managing Networking Guide.-
--vlanid=
- Specifies virtual LAN (VLAN) ID number (802.1q tag) for the device created using the device specified in--device=
as a parent. For example,network --device=em1 --vlanid=171
creates a virtual LAN deviceem1.171
. --interfacename=
- Specify a custom interface name for a virtual LAN device. This option should be used when the default name generated by the--vlanid=
option is not desirable. This option must be used along with--vlanid=
. For example:network --device=em1 --vlanid=171 --interfacename=vlan171
The above command creates a virtual LAN interface named
vlan171
on theem1
device with an ID of171
.The interface name can be arbitrary (for example,
my-vlan
), but in specific cases, the following conventions must be followed:-
If the name contains a dot (
.
), it must take the form ofNAME.ID
. The NAME is arbitrary, but the ID must be the VLAN ID. For example:em1.171
ormy-vlan.171
. -
Names starting with
vlan
must take the form ofvlanID
- for example,vlan171
.
-
If the name contains a dot (
--teamslaves=
- Team device specified by the--device=
option will be created using secondary devices specified in this option. Secondary devices are separated by commas. A secondary device can be followed by its configuration, which is a single-quoted JSON string with double quotes escaped by the\
character. For example:network --teamslaves="p3p1'{\"prio\": -10, \"sticky\": true}',p3p2'{\"prio\": 100}'"
See also the
--teamconfig=
option.--teamconfig=
- Double-quoted team device configuration which is a JSON string with double quotes escaped by the\
character. The device name is specified by--device=
option and its secondary devices and their configuration by--teamslaves=
option. For example:network --device team0 --activate --bootproto static --ip=10.34.102.222 --netmask=255.255.255.0 --gateway=10.34.102.254 --nameserver=10.34.39.2 --teamslaves="p3p1'{\"prio\": -10, \"sticky\": true}',p3p2'{\"prio\": 100}'" --teamconfig="{\"runner\": {\"name\": \"activebackup\"}}"
--bridgeslaves=
- When this option is used, the network bridge with device name specified using the--device=
option will be created and devices defined in the--bridgeslaves=
option will be added to the bridge. For example:network --device=bridge0 --bridgeslaves=em1
--bridgeopts=
- An optional comma-separated list of parameters for the bridged interface. Available values arestp
,priority
,forward-delay
,hello-time
,max-age
, andageing-time
. For information about these parameters, see the bridge setting table in thenm-settings(5)
man page or at Network Configuration Setting Specification.Also see the Configuring and managing networking document for general information about network bridging.
-
--bindto=mac
- Bind the device configuration file on the installed system to the device MAC address (HWADDR
) instead of the default binding to the interface name (DEVICE
). Note that this option is independent of the--device=
option ---bindto=mac
will be applied even if the samenetwork
command also specifies a device name,link
, orbootif
.
Notes
-
The
ethN
device names such aseth0
are no longer available in Red Hat Enterprise Linux due to changes in the naming scheme. For more information about the device naming scheme, see the upstream document Predictable Network Interface Names. - If you used a Kickstart option or a boot option to specify an installation repository on a network, but no network is available at the start of the installation, the installation program displays the Network Configuration window to set up a network connection prior to displaying the Installation Summary window. For more details, see the Configuring network and host name options section of the Performing a standard RHEL 8 installation document.
J.4.2. realm
The realm
Kickstart command is optional. Use it to join an Active Directory or IPA domain. For more information about this command, see the join
section of the realm(8)
man page.
Syntax
realm join [OPTIONS] domain
Mandatory options
-
domain
- The domain to join.
Options
-
--computer-ou=OU=
- Provide the distinguished name of an organizational unit in order to create the computer account. The exact format of the distinguished name depends on the client software and membership software. The root DSE portion of the distinguished name can usually be left out. -
--no-password
- Join automatically without a password. -
--one-time-password=
- Join using a one-time password. This is not possible with all types of realm. -
--client-software=
- Only join realms which can run this client software. Valid values includesssd
andwinbind
. Not all realms support all values. By default, the client software is chosen automatically. -
--server-software=
- Only join realms which can run this server software. Possible values includeactive-directory
orfreeipa
. -
--membership-software=
- Use this software when joining the realm. Valid values includesamba
andadcli
. Not all realms support all values. By default, the membership software is chosen automatically.
J.5. Kickstart commands for handling storage
The Kickstart commands in this section configure aspects of storage such as devices, disks, partitions, LVM, and filesystems.
J.5.1. device (deprecated)
The device
Kickstart command is optional. Use it to load additional kernel modules.
On most PCI systems, the installation program automatically detects Ethernet and SCSI cards. However, on older systems and some PCI systems, Kickstart requires a hint to find the proper devices. The device
command, which tells the installation program to install extra modules, uses the following format:
Syntax
device moduleName --opts=options
Options
- moduleName - Replace with the name of the kernel module which should be installed.
--opts=
- Options to pass to the kernel module. For example:device --opts="aic152x=0x340 io=11"
J.5.2. autopart
The autopart
Kickstart command is optional. It automatically creates partitions.
The automatically created partitions are: a root (/
) partition (1 GiB or larger), a swap
partition, and an appropriate /boot
partition for the architecture. On large enough drives (50 GiB and larger), this also creates a /home
partition.
Syntax
autopart OPTIONS
Options
--type=
- Selects one of the predefined automatic partitioning schemes you want to use. Accepts the following values:-
lvm
: The LVM partitioning scheme. -
plain
: Regular partitions with no LVM. -
thinp
: The LVM Thin Provisioning partitioning scheme.
-
-
--fstype=
- Selects one of the available file system types. The available values areext2
,ext3
,ext4
,xfs
, andvfat
. The default file system isxfs
. -
--nohome
- Disables automatic creation of the/home
partition. -
--nolvm
- Do not use LVM for automatic partitioning. This option is equal to--type=plain
. -
--noboot
- Do not create a/boot
partition. -
--noswap
- Do not create a swap partition. --encrypted
- Encrypts all partitions with Linux Unified Key Setup (LUKS). This is equivalent to checking the Encrypt partitions check box on the initial partitioning screen during a manual graphical installation.NoteWhen encrypting one or more partitions, Anaconda attempts to gather 256 bits of entropy to ensure the partitions are encrypted securely. Gathering entropy can take some time - the process will stop after a maximum of 10 minutes, regardless of whether sufficient entropy has been gathered.
The process can be sped up by interacting with the installation system (typing on the keyboard or moving the mouse). If you are installing in a virtual machine, you can also attach a
virtio-rng
device (a virtual random number generator) to the guest.-
--luks-version=LUKS_VERSION
- Specifies which version of LUKS format should be used to encrypt the filesystem. This option is only meaningful if--encrypted
is specified. -
--passphrase=
- Provides a default system-wide passphrase for all encrypted devices. -
--escrowcert=URL_of_X.509_certificate
- Stores data encryption keys of all encrypted volumes as files in/root
, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if--encrypted
is specified. -
--backuppassphrase
- Adds a randomly-generated passphrase to each encrypted volume. Store these passphrases in separate files in/root
, encrypted using the X.509 certificate specified with--escrowcert
. This option is only meaningful if--escrowcert
is specified. -
--cipher=
- Specifies the type of encryption to use if the Anaconda defaultaes-xts-plain64
is not satisfactory. You must use this option together with the--encrypted
option; by itself it has no effect. Available types of encryption are listed in the Security hardening document, but Red Hat strongly recommends using eitheraes-xts-plain64
oraes-cbc-essiv:sha256
. -
--pbkdf=PBKDF
- Sets Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot. See also the man page cryptsetup(8). This option is only meaningful if--encrypted
is specified. -
--pbkdf-memory=PBKDF_MEMORY
- Sets the memory cost for PBKDF. See also the man page cryptsetup(8). This option is only meaningful if