Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 22. Kickstart commands and options reference

This reference is a complete list of all Kickstart commands supported by the Red Hat Enterprise Linux installation program. The commands are sorted alphabetically in a few broad categories. If a command can fall under multiple categories, it is listed in all of them.

22.1. Kickstart changes
Copy link

The following sections describe the changes in Kickstart commands and options in Red Hat Enterprise Linux 10.

22.1.1. Deprecated Kickstart commands and options
Copy link

The following Kickstart commands and options have been deprecated in Red Hat Enterprise Linux 10.

Where only specific options are listed, the base command and its other options are still available and not deprecated.

module
Anaconda has deprecated its support for DNF modularity, and as a consequence the module kickstart command has been deprecated. This might impact you if you are using modules in the %packages section of your kickstart files or the module kickstart command.

22.1.2. Removed Kickstart commands and options
Copy link

The following Kickstart commands and options have been removed in Red Hat Enterprise Linux 10.

auth or authconfig
As a replacement, use the authselect kickstart command.
inst.xdriver and inst.usefbx
The graphical system for the installation image switched from the Xorg server to a Wayland compositor. As Wayland operates without relying on X drivers, making it incompatible with loading any such drivers, the inst.xdriver option is no longer applicable. Additionally, the inst.usefbx boot option, previously used to load a generic framebuffer X driver, has also been removed.
Few options of the timezone command

The following options of the timezone Kickstart command have been removed:

  • --isUtc: Use the option --utc instead.
  • --ntpservers: Use the option --ntp-server of the timesource kickstart command instead.
  • --nontp: Use the option --ntp-disable of the timesource kickstart command instead.
--level parameter of the logging command
The --level parameter of the logging kickstart command has been removed. It is no longer possible to set the level of logging of the installation process.
pwpolicy
The support for the deprecated pwpolicy Kickstart command has been removed.
%anaconda
Alternatively, use the kernel arguments and command line line options to update the configuration in the Anaconda configuration files.
network
The --teamslaves and --teamconfig options used for configuring team devices in the network kickstart command have been removed. To configure similar network settings, use the --bondslaves and --bondopts options to set up a Bond device.
%packages
the --excludeWeakdeps and --instLangs options used in the %packages section have been removed. To maintain similar functionality, use the updated options --exclude-weakdeps and --inst-langs instead.
btrfs
The support for the deprecated btrfs Kickstart command has been removed.
nvdimm
The support for reconfiguring NVDIMM devices during the Kickstart installation has been removed. However, the NVDIMM devices in the sector mode can still be usable in the installation program.
method
The support for the deprecated method Kickstart command has been removed.
vnc
VNC kickstart command is removed in RHEL 10. Use RDP instead.

The Kickstart commands in this list control the mode and course of installation, and what happens at its end.

22.2.1. cdrom
Copy link

The cdrom Kickstart command is optional. It performs the installation from the first optical drive on the system. Use this command only once.

Syntax
cdrom
Copy to Clipboard Toggle word wrap
Notes
  • This command has no options.
  • To actually run the installation, you must specify one of cdrom, harddrive, hmc, nfs, liveimg, ostreesetup, rhsm, or url unless the inst.repo option is specified on the kernel command line.

22.2.2. cmdline
Copy link

The cmdline Kickstart command is optional. It performs the installation in a completely non-interactive command line mode. Any prompt for interaction halts the installation. Use this command only once.

Syntax
cmdline
Copy to Clipboard Toggle word wrap
Notes
  • For a fully automatic installation, you must either specify one of the available modes (graphical, text, or cmdline) in the Kickstart file, or you must use the console= boot option. If no mode is specified, the system will use graphical mode if possible, or prompt you to choose from RDP and text mode.
  • This command has no options.
  • This mode is useful on 64-bit IBM Z systems with the x3270 terminal.

22.2.3. driverdisk
Copy link

The driverdisk Kickstart command is optional. Use it to provide additional drivers to the installation program.

Driver disks can be used during Kickstart installations to provide additional drivers not included by default. You must copy the driver disks contents to the root directory of a partition on the system’s disk. Then, you must use the driverdisk command to specify that the installation program should look for a driver disk and its location. Use this command only once.

Syntax
driverdisk [partition|--source=url|--biospart=biospart]
Copy to Clipboard Toggle word wrap
Options

You must specify the location of driver disk in one way out of these:

  • partition - Partition containing the driver disk. The partition must be specified as a full path (for example, /dev/sdb1), not just the partition name (for example, sdb1).

  • --source= - URL for the driver disk. Examples include: 

    driverdisk --source=ftp://path/to/dd.img
driverdisk --source=http://path/to/dd.img
driverdisk --source=nfs:host:/path/to/dd.img
    Copy to Clipboard Toggle word wrap
  • --biospart= - BIOS partition containing the driver disk (for example, 82p2).
Notes

You can load the driver disks from a local disk or a similar device instead of being loaded over the network or from initrd. To do this:

  1. Load the driver disk on a disk drive, a USB or any similar device.
  2. Set the label, for example, DD, to this device.

  3. Add the following line to your Kickstart file: 

    driverdisk LABEL=DD:/e1000.rpm
    Copy to Clipboard Toggle word wrap

    Replace DD with a specific label and replace e1000.rpm with a specific name. Use anything supported by the inst.repo command instead of LABEL to specify your disk drive.

22.2.4. eula
Copy link

The eula Kickstart command is optional. Use this option to accept the End User License Agreement (EULA) without user interaction. Specifying this option prevents Initial Setup from prompting you to accept the license agreement after you finish the installation and reboot the system for the first time. Use this command only once.

Syntax
eula [--agreed]
Copy to Clipboard Toggle word wrap
Options
  • --agreed (required) - Accepts the EULA. This option must always be used, otherwise the eula command is meaningless.

22.2.5. firstboot
Copy link

The firstboot Kickstart command is optional. It determines whether the Initial Setup application starts the first time the system is booted. If enabled, the initial-setup package must be installed. If not specified, this option is disabled by default. Use this command only once.

Syntax
firstboot OPTIONS
Copy to Clipboard Toggle word wrap
Options
  • --enable or --enabled - Initial Setup is started the first time the system boots.
  • --disable or --disabled - Initial Setup is not started the first time the system boots.
  • --reconfig - Enable the Initial Setup to start at boot time in reconfiguration mode. This mode enables the root password, time & date, and networking & host name configuration options in addition to the default ones.

22.2.6. graphical
Copy link

The graphical Kickstart command is optional. It performs the installation in graphical mode. Use this command only once.

Syntax
graphical [--non-interactive]
Copy to Clipboard Toggle word wrap
Options
  • --non-interactive - Performs the installation in a completely non-interactive mode. This mode will terminate the installation when user interaction is required.
Notes
  • For a fully automatic installation, you must either specify one of the available modes (graphical, text, or cmdline) in the Kickstart file, or you must use the console= boot option. If no mode is specified, the system will use graphical mode if possible, or prompt you to choose from RDP and text mode.

22.2.7. halt
Copy link

The halt Kickstart command is optional. Use this command to halt the system after the installation has successfully completed. This is similar to a manual installation, where Anaconda displays a message and waits for the user to press a key before rebooting. During a Kickstart installation, if no completion method is specified, this option is used as the default. Use this command only once. This command has no options.

Syntax
halt
Copy to Clipboard Toggle word wrap
Notes
  • The halt command is equivalent to the shutdown -H command. For more details, see the shutdown(8) man page on your system.
  • For other completion methods, see the poweroff, reboot, and shutdown commands.

22.2.8. harddrive
Copy link

The harddrive Kickstart command is optional. It performs the installation from a Red Hat installation tree or full installation ISO image on a local drive. The drive must be formatted with a file system the installation program can mount: ext2, ext3, ext4, vfat, or xfs. Use this command only once.

Syntax
harddrive OPTIONS
Copy to Clipboard Toggle word wrap
Mandatory options
  • --partition= - Partition to install from (such as sdb2).
  • --dir= - Directory containing the installation tree, or the ISO image of the full installation DVD.
Example
harddrive --partition=hdb2 --dir=/tmp/install-tree
Copy to Clipboard Toggle word wrap
Note
  • To actually run the installation, you must specify one of cdrom, harddrive, hmc, nfs, liveimg, ostreesetup, rhsm, or url unless the inst.repo option is specified on the kernel command line.

22.2.9. liveimg
Copy link

The liveimg Kickstart command is optional. It performs the installation from a disk image instead of packages. Use this command only once.

Syntax
liveimg --url=SOURCE [OPTIONS]
Copy to Clipboard Toggle word wrap
Mandatory options
  • --url= - The location to install from. Supported protocols are HTTP, HTTPS, FTP, and file.
Optional options
  • --proxy= - Specify an HTTP, HTTPS or FTP proxy to use while performing the installation.
  • --checksum= - An argument with the SHA256 checksum of the image file, used for verification.
  • --noverifyssl - Disable SSL verification when connecting to an HTTPS server.
Example
liveimg --url=file:///images/install/squashfs.img --checksum=03825f567f17705100de3308a20354b4d81ac9d8bed4bb4692b2381045e56197 --noverifyssl
Copy to Clipboard Toggle word wrap
Notes
  • The image can be the squashfs.img file from a live ISO image, a compressed tar file (.tar, .tbz, .tgz, .txz, .tar.bz2, .tar.gz, or .tar.xz.), or any file system that the installation media can mount. Supported file systems are ext2, ext3, ext4, vfat, and xfs.
  • When using the liveimg installation mode with a driver disk, drivers on the disk will not automatically be included in the installed system. If necessary, these drivers should be installed manually, or in the %post section of a kickstart script.
  • To actually run the installation, you must specify one of cdrom, harddrive, hmc, nfs, liveimg, ostreesetup, rhsm, or url unless the inst.repo option is specified on the kernel command line.

22.2.10. logging
Copy link

The logging Kickstart command is optional. It controls the error logging of Anaconda during installation. It has no effect on the installed system. Use this command only once.

Logging is supported over TCP only. For remote logging, ensure that the port number that you specify in --port= option is open on the remote server. The default port is 514.

Syntax
logging OPTIONS
Copy to Clipboard Toggle word wrap
Optional options
  • --host= - Send logging information to the given remote host, which must be running a syslogd process configured to accept remote logging.
  • --port= - If the remote syslog process uses a port other than the default port, set it by using this option.

22.2.11. mediacheck
Copy link

The mediacheck Kickstart command is optional. This command forces the installation program to perform a media check before starting the installation. This command requires that installations be attended, so it is disabled by default. Use this command only once. This command has no options.

Syntax
mediacheck
Copy to Clipboard Toggle word wrap
Note
  • This Kickstart command is equivalent to the rd.live.check boot option.

22.2.12. nfs
Copy link

The nfs Kickstart command is optional. It performs the installation from a specified NFS server. Use this command only once.

Syntax
nfs OPTIONS
Copy to Clipboard Toggle word wrap
Options
  • --server= - Server from which to install (host name or IP).
  • --dir= - Directory containing the Packages/ directory of the installation tree.
  • --opts= - Mount options to use for mounting the NFS export. (optional)
Example
nfs --server=nfsserver.example.com --dir=/tmp/install-tree
Copy to Clipboard Toggle word wrap
Note
  • To actually run the installation, you must specify one of cdrom, harddrive, hmc, nfs, liveimg, ostreesetup, rhsm, or url unless the inst.repo option is specified on the kernel command line.

22.2.13. ostreesetup
Copy link

The ostreesetup Kickstart command is optional. It is used to set up OStree-based installations. Use this command only once.

Syntax
ostreesetup --osname=OSNAME [--remote=REMOTE] --url=URL --ref=REF [--nogpg]
Copy to Clipboard Toggle word wrap
Mandatory options
  • --osname=OSNAME - Management root for OS installation.
  • --url=URL - URL of the repository to install from.
  • --ref=REF - Name of the branch from the repository to be used for installation.
Optional options
  • --remote=REMOTE - A remote repository location.

  • --nogpg - Disable GPG key verification.

    For more information about the OStree tools, see the upstream documentation: https://ostreedev.github.io/ostree/

22.2.14. ostreecontainer
Copy link

The ostreecontainer Kickstart command is optional. Use this command for OSTree installations from your custom containers.

Important

The ostreecontainer is provided as a Technology Preview only. Technology Preview features are not supported with Red Hat production Service Level Agreements (SLAs), might not be functionally complete, and Red Hat does not recommend using them for production. These previews provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. See Technology Preview Features Support Scope on the Red Hat Customer Portal for information about the support scope for Technology Preview features.

Syntax
ostreecontainer [--stateroot STATEROOT] --url URL [--transport TRANSPORT] [--remote REMOTE] [--no-signature-verification]
Copy to Clipboard Toggle word wrap
Options
  • --no-signature-verification: Use this option to disable verification for an ostree remote.
  • --stateroot: Name of the state directory, also known as "osname". Default value is default.
  • --url: Name of the container image for the registry transport. For example, quay.io/exampleos/foo:latest.

  • --transport: The transport, for example, registry or oci. The default value is registry.

    When performing Kickstart installations, the following commands are available together with ostreecontainer:

  • graphical, text, or cmdline
  • clearpart and zerombr
  • autopart
  • part
  • logvol and volgroup
  • reboot and shutdown
  • lang
  • rootpw
  • sshkey
  • bootloader (available only with the --append optional parameter)

  • user - When you specify a group within the user command, the user account can be assigned only to a group that already exists in the container image.

    The following Kickstart commands are unsupported together with ostreecontainer:

  • authconfig and authselect (provide relevant configuration in the container image instead)
  • ostreesetup
  • liveimg
  • module
  • %packages (any necessary packages must be already available in the container image)
  • repo
  • url (if there is a need to fetch a stage2 image for installation, for example, PXE installations, use inst.stage2= on the kernel command line instead of providing a url for stage2 inside the Kickstart file)
  • zfcp

  • zipl

    Kickstart commands not listed here are allowed to be used with the ostreecontainer command, however, they are not guaranteed to work as expected in the same way as with package-based installations.

Note
  • The ostreecontainer option cannot be used with the ostreesetup command.

22.2.15. poweroff
Copy link

The poweroff Kickstart command is optional. It shuts down and powers off the system after the installation has successfully completed. Normally during a manual installation, Anaconda displays a message and waits for the user to press a key before rebooting. Use this command only once. This command has no options.

Syntax
poweroff
Copy to Clipboard Toggle word wrap
Notes
  • The poweroff option is equivalent to the shutdown -P command. For more details, see the shutdown(8) man page on your system.
  • For other completion methods, see the halt, reboot, and shutdown Kickstart commands. The halt option is the default completion method if no other methods are explicitly specified in the Kickstart file.
  • The poweroff command is highly dependent on the system hardware in use. Specifically, certain hardware components such as the BIOS, APM (advanced power management), and ACPI (advanced configuration and power interface) must be able to interact with the system kernel. Consult your hardware documentation for more information about your system’s APM/ACPI abilities.

22.2.16. reboot
Copy link

The reboot Kickstart command is optional. It instructs the installation program to reboot after the installation is successfully completed. Normally, Kickstart displays a message and waits for the user to press a key before rebooting. Use this command only once.

Syntax
reboot OPTIONS
Copy to Clipboard Toggle word wrap
Options
  • --eject - Attempt to eject the bootable media (DVD, USB, or other media) before rebooting.

  • --kexec - Uses the kexec system call instead of performing a full reboot, which immediately loads the installed system into memory, bypassing the hardware initialization normally performed by the BIOS or firmware.

    Important

    This option is deprecated and available as a Technology Preview only. For information about Red Hat scope of support for Technology Preview features, see the Technology Preview Features Support Scope document.

    When kexec is used, device registers (which would normally be cleared during a full system reboot) might stay filled with data, which could potentially create issues for some device drivers.

Notes
  • Use of the reboot option might result in an endless installation loop, depending on the installation media and method.
  • The reboot option is equivalent to the shutdown -r command. For more details, see the shutdown(8) man page on your system.
  • Specify reboot to automate installation fully when installing in command line mode on 64-bit IBM Z.
  • For other completion methods, see the halt, poweroff, and shutdown Kickstart options. The halt option is the default completion method if no other methods are explicitly specified in the Kickstart file.

22.2.17. rhsm
Copy link

The rhsm Kickstart command is optional. It instructs the installation program to register and install RHEL from the CDN. It can also connect the installed system to Red Hat Insights. Use this command only once.

The rhsm Kickstart command eliminates the requirement of custom %post scripts when registering the system.

Options
  • --organization= - Uses the organization ID to register and install RHEL from the CDN.
  • --activation-key= - Uses the activation key to register and install RHEL from the CDN. Option can be used multiple times, once per activation key, as long as the activation keys used are registered to your subscription.
  • --connect-to-insights - Connects the target system to Red Hat Insights.
  • --proxy= - Sets the HTTP proxy.
  • --server-hostname= - Sets the Satellite instance hostname for registration.
Important

  • To switch the installation source repository to the CDN by using the rhsm Kickstart command, you must meet the following conditions:

    • On the kernel command line, you have used inst.stage2=<URL> to fetch the installation image but have not specified an installation source using inst.repo=.
    • In the Kickstart file, you have not specified an installation source by using the url, cdrom, harddrive, liveimg, nfs and ostree setup commands.
  • An installation source URL specified using a boot option or included in a Kickstart file takes precedence over the CDN, even if the Kickstart file contains the rhsm command with valid credentials. The system is registered, but it is installed from the URL installation source. This ensures that earlier installation processes operate as normal.

22.2.18. shutdown
Copy link

The shutdown Kickstart command is optional. It shuts down the system after the installation has successfully completed. Use this command only once. This command has no options.

Syntax
shutdown
Copy to Clipboard Toggle word wrap
Notes
  • The shutdown Kickstart option is equivalent to the shutdown command. For more details, see the shutdown(8) man page on your system.
  • For other completion methods, see the halt, poweroff, and reboot Kickstart options. The halt option is the default completion method if no other methods are explicitly specified in the Kickstart file.

22.2.19. sshpw
Copy link

The sshpw Kickstart command is optional. During the installation, you can interact with the installation program and monitor its progress over an SSH connection. Use the sshpw command to create temporary accounts through which to log on. Each instance of the command creates a separate account that exists only in the installation environment. These accounts are not transferred to the installed system.

Syntax
sshpw --username=name [OPTIONS] password
Copy to Clipboard Toggle word wrap
Mandatory options
  • --username=name - Provides the name of the user. This option is required.
  • password - The password to use for the user. This argument is required.
Optional options
  • --iscrypted - If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with --plaintext. To create an encrypted password, you can use Python: 
$ python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
Copy to Clipboard Toggle word wrap

This generates a sha512 crypt-compatible hash of your password by using a random salt.

  • --plaintext - If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with --iscrypted
  • --lock - If this option is present, this account is locked by default. This means that the user will not be able to log in from the console.
  • --sshkey - If this option is present, then the <password> string is interpreted as an ssh key value.
Notes
  • By default, the ssh server is not started during the installation. To make ssh available during the installation, boot the system with the kernel boot option inst.sshd.

  • If you want to disable root ssh access, while allowing another user ssh access, use the following: 

    sshpw --username=example_username example_password --plaintext
sshpw --username=root example_password --lock
    Copy to Clipboard Toggle word wrap

  • To simply disable root ssh access, use the following: 

    sshpw --username=root example_password --lock
    Copy to Clipboard Toggle word wrap

22.2.20. text
Copy link

The text Kickstart command is optional. It performs the Kickstart installation in text mode. Kickstart installations are performed in graphical mode by default. Use this command only once.

Syntax
text [--non-interactive]
Copy to Clipboard Toggle word wrap
Options
  • --non-interactive - Performs the installation in a completely non-interactive mode. This mode will terminate the installation when user interaction is required.
Note
  • For a fully automatic installation, you must either specify one of the available modes (graphical, text, or cmdline) in the Kickstart file, or you must use the console= boot option. If no mode is specified, the system will use graphical mode if possible, or prompt you to choose from RDP and text mode.

22.2.21. url
Copy link

The url Kickstart command is optional. It is used to install from an installation tree image on a remote server by using the FTP, HTTP, or HTTPS protocol. You can only specify one URL. Use this command only once.

You must specify one of the --url, --metalink or --mirrorlist options.

Syntax
url --url=FROM [OPTIONS]
Copy to Clipboard Toggle word wrap
Options
  • --url=FROM - Specifies the HTTP, HTTPS, FTP, or file location to install from.
  • --mirrorlist= - Specifies the mirror URL to install from.
  • --proxy= - Specifies an HTTP, HTTPS, or FTP proxy to use during the installation.
  • --noverifyssl - Disables SSL verification when connecting to an HTTPS server.
  • --metalink=URL - Specifies the metalink URL to install from. Variable substitution is done for $releasever and $basearch in the URL.
Examples

  • To install from a FTP server: 

    url --url=ftp://username:password@server/path
    Copy to Clipboard Toggle word wrap

  • To install from a HTTP server: 

    url --url=http://server/path
    Copy to Clipboard Toggle word wrap
Note
  • To actually run the installation, you must specify one of cdrom, harddrive, hmc, nfs, liveimg, ostreesetup, rhsm, or url unless the inst.repo option is specified on the kernel command line.

22.2.22. hmc
Copy link

The hmc kickstart command is optional. Use it to install from an installation medium by using SE/HMC on IBM Z. This command does not have any options.

Syntax
hmc
Copy to Clipboard Toggle word wrap

22.2.23. %include
Copy link

The %include Kickstart command is optional. Use the %include command to include the contents of another file in the Kickstart file as if the contents were at the location of the %include command in the Kickstart file.

This inclusion is evaluated only after the %pre script sections and can thus be used to include files generated by scripts in the %pre sections. To include files before evaluation of %pre sections, use the %ksappend command.

Syntax
%include path/to/file
Copy to Clipboard Toggle word wrap

22.2.24. %ksappend
Copy link

The %ksappend Kickstart command is optional.

Use the %ksappend command to include the contents of another file in the Kickstart file as if the contents were at the location of the %ksappend command in the Kickstart file.

This inclusion is evaluated before the %pre script sections, unlike inclusion with the %include command.

Syntax
%ksappend path/to/file
Copy to Clipboard Toggle word wrap

22.3. Kickstart commands for system configuration
Copy link

The Kickstart commands in this list configure further details on the resulting system such as users, repositories, or services.

22.3.1. authselect
Copy link

The authselect Kickstart command is optional. It sets up the authentication options for the system using the authselect command, which can also be run on the command line after the installation finishes. Use this command only once.

Syntax
authselect [OPTIONS]
Copy to Clipboard Toggle word wrap
Notes
  • This command passes all options to the authselect command. Refer to the authselect(8) manual page and the authselect --help command for more details.
  • Passwords are shadowed by default.
  • When using OpenLDAP with the SSL protocol for security, ensure that the SSLv2 and SSLv3 protocols are disabled in the server configuration. This is due to the POODLE SSL vulnerability (CVE-2014-3566). For more information, see the Red Hat Knowledgebase solution Resolution for POODLE SSLv3.0 vulnerability.

22.3.2. firewall
Copy link

The firewall Kickstart command is optional. It specifies the firewall configuration for the installed system.

Syntax
firewall --enabled|--disabled [incoming] [OPTIONS]
Copy to Clipboard Toggle word wrap
Mandatory options
  • --enabled or --enable - Reject incoming connections that are not in response to outbound requests, such as DNS replies or DHCP requests. If access to services running on this machine is needed, you can choose to allow specific services through the firewall.
  • --disabled or --disable - Do not configure any iptables rules.
Optional options
  • --trust - Listing a device here, such as em1, allows all traffic coming to and from that device to go through the firewall. To list more than one device, use the option more times, such as --trust em1 --trust em2. Do not use a comma-separated format such as --trust em1, em2.
  • --remove-service - Close ports for comma-separated list of services.

  • incoming - Replace with one or more of the following to allow the specified services through the firewall.

    • --ssh
    • --smtp
    • --http
    • --ftp
  • --port= - You can specify that ports be allowed through the firewall using the port:protocol format. For example, to allow IMAP access through your firewall, specify imap:tcp. Numeric ports can also be specified explicitly; for example, to allow UDP packets on port 1234 through, specify 1234:udp. To specify multiple ports, separate them by commas.

  • --service= - This option provides a higher-level way to allow services through the firewall. Some services (such as cups, avahi, and so on) require multiple ports to be open or other special configuration in order for the service to work. You can specify each individual port with the --port option, or specify --service= and open them all at once.

    Valid options are anything recognized by the firewall-offline-cmd program in the firewalld package. If the firewalld service is running, firewall-cmd --get-services provides a list of known service names.

  • --use-system-defaults - Do not configure the firewall at all. This option instructs anaconda to do nothing and allows the system to rely on the defaults that were provided with the package or ostree. If this option is used with other options then all other options will be ignored.

22.3.3. group
Copy link

The group Kickstart command is optional. It creates a new user group on the system.

Syntax
group --name=name [--gid=gid]
Copy to Clipboard Toggle word wrap
Mandatory options
  • --name= - Provides the name of the group.
Optional options
  • --gid= - The group’s GID. If not provided, defaults to the next available non-system GID.
Notes
  • If a group with the given name or GID already exists, this command fails.
  • The user command can be used to create a new group for the newly created user.

22.3.4. keyboard
Copy link

The keyboard Kickstart command is required. It sets one or more available keyboard layouts for the system. Use this command only once.

Syntax
keyboard --vckeymap|--xlayouts OPTIONS
Copy to Clipboard Toggle word wrap
Options
  • --vckeymap= - Specify a VConsole keymap which should be used. Valid names correspond to the list of files in the /usr/lib/kbd/keymaps/xkb/ directory, without the .map.gz extension.

  • --xlayouts= - Specify a list of X layouts that should be used as a comma-separated list without spaces. Accepts values in the same format as setxkbmap(1), either in the layout format (such as cz), or in the layout (variant) format (such as cz (qwerty)).

    All available layouts can be viewed on the xkeyboard-config(7) man page under Layouts.

  • --switch= - Specify a list of layout-switching options (shortcuts for switching between multiple keyboard layouts). Multiple options must be separated by commas without spaces. Accepts values in the same format as setxkbmap(1).

    Available switching options can be viewed on the xkeyboard-config(7) man page under Options.

Example

The following example sets up two keyboard layouts (English (US) and Czech (qwerty)) using the --xlayouts= option, and allows to switch between them using Alt+Shift: 

keyboard --xlayouts=us,'cz (qwerty)' --switch=grp:alt_shift_toggle
Copy to Clipboard Toggle word wrap
Note
  • Either the --vckeymap= or the --xlayouts= option must be used.

22.3.5. lang
Copy link

The lang Kickstart command is required. It sets the language to use during installation and the default language to use on the installed system. Use this command only once.

Syntax
lang language [--addsupport=language,...]
Copy to Clipboard Toggle word wrap
Mandatory options
  • language - Install support for this language and set it as system default.
Optional options
  • --addsupport= - Add support for additional languages. Takes the form of comma-separated list without spaces. For example: 
lang en_US --addsupport=cs_CZ,de_DE,en_UK
Copy to Clipboard Toggle word wrap
Notes
  • The locale -a | grep _ or localectl list-locales | grep _ commands return a list of supported locales.
  • Certain languages (for example, Chinese, Japanese, Korean, and Indic languages) are not supported during text-mode installation. If you specify one of these languages with the lang command, the installation process continues in English, but the installed system uses your selection as its default language.
Example

To set the language to English, the Kickstart file should contain the following line: 

lang en_US
Copy to Clipboard Toggle word wrap

22.3.6. module
Copy link

The module Kickstart command is optional. Use this command to enable a package module stream within the kickstart script.

Syntax
module --name=NAME [--stream=STREAM]
Copy to Clipboard Toggle word wrap
Mandatory options
  • --name= : Specifies the name of the module to enable. Replace NAME with the actual name.
Optional options
  • --stream= : Specifies the name of the module stream to enable. Replace STREAM with the actual name.

You do not need to specify this option for modules with a default stream defined. For modules without a default stream, this option is mandatory and leaving it out results in an error. Enabling a module multiple times with different streams is not possible.

Notes
  • Using a combination of this command and the %packages section allows you to install packages provided by the enabled module and stream combination, without specifying the module and stream explicitly. Modules must be enabled before package installation. After enabling a module with the module command, you can install the packages enabled by this module by listing them in the %packages section.
  • A single module command can enable only a single module and stream combination. To enable multiple modules, use multiple module commands. Enabling a module multiple times with different streams is not possible.
  • In Red Hat Enterprise Linux 10, modules are present only in the AppStream repository. To list available modules, use the dnf module list command on an installed Red Hat Enterprise Linux Red Hat Enterprise Linux system with a valid subscription.

22.3.7. repo
Copy link

The repo Kickstart command is optional. It configures additional dnf repositories that can be used as sources for package installation. You can add multiple repo lines.

Syntax
repo --name=repoid [--baseurl=url|--mirrorlist=url|--metalink=url] [OPTIONS]
Copy to Clipboard Toggle word wrap
Mandatory options
  • --name= - The repository id. This option is required. If a repository has a name which conflicts with another previously added repository, it is ignored. Because the installation program uses a list of preset repositories, this means that you cannot add repositories with the same names as the preset ones.
URL options

These options are mutually exclusive and optional. The variables that can be used in dnf repository configuration files are not supported here. You can use the strings $releasever and $basearch which are replaced by the respective values in the URL.

  • --baseurl= - The URL to the repository.
  • --mirrorlist= - The URL pointing at a list of mirrors for the repository.
  • --metalink= - The URL with metalink for the repository.
Optional options
  • --install - Save the provided repository configuration on the installed system in the /etc/yum.repos.d/ directory. Without using this option, a repository configured in a Kickstart file will only be available during the installation process, not on the installed system.
  • --cost= - An integer value to assign a cost to this repository. If multiple repositories provide the same packages, this number is used to prioritize which repository will be used before another. Repositories with a lower cost take priority over repositories with higher cost.
  • --excludepkgs= - A comma-separated list of package names that must not be pulled from this repository. This is useful if multiple repositories provide the same package and you want to make sure it comes from a particular repository. Both full package names (such as publican) and globs (such as gnome-*) are accepted.
  • --includepkgs= - A comma-separated list of package names and globs that are allowed to be pulled from this repository. Any other packages provided by the repository will be ignored. This is useful if you want to install just a single package or set of packages from a repository while excluding all other packages the repository provides.
  • --proxy=[protocol://][username[:password]@]host[:port] - Specify an HTTP/HTTPS/FTP proxy to use just for this repository. This setting does not affect any other repositories, nor how the install.img is fetched on HTTP installations.
  • --noverifyssl - Disable SSL verification when connecting to an HTTPS server.
Note
  • Repositories used for installation must be stable. The installation can fail if a repository is modified before the installation concludes.

22.3.8. rootpw
Copy link

The rootpw Kickstart command is required. It sets the system’s root password to the password argument. Use this command only once.

Syntax
rootpw [--iscrypted|--plaintext] [--lock] password
Copy to Clipboard Toggle word wrap
Mandatory options
  • password - Password specification. Either plain text or encrypted string. See --iscrypted and --plaintext below.
Optional options
  • --iscrypted - If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with --plaintext. To create an encrypted password, you can use python: 
$ python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
Copy to Clipboard Toggle word wrap

This generates a sha512 crypt-compatible hash of your password by using a random salt.

  • --plaintext - If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with --iscrypted.
  • --lock - If this option is present, the root account is locked by default. This means that the root user will not be able to log in from the console. This option will also disable the Root Password screens in both the graphical and text-based manual installation.
  • --allow-ssh - If this option is present, the root user can login to the system by using SSH with a password.

22.3.9. selinux
Copy link

The selinux Kickstart command is optional. It sets the state of SELinux on the installed system. The default SELinux policy is enforcing. Use this command only once.

Syntax
selinux [--disabled|--enforcing|--permissive]
Copy to Clipboard Toggle word wrap
Options
  • --enforcing - Enables SELinux with the default targeted policy being enforcing.
  • --permissive - Outputs warnings based on the SELinux policy, but does not actually enforce the policy.
  • --disabled - Disables SELinux completely on the system.

22.3.10. services
Copy link

The services Kickstart command is optional. It modifies the default set of services that will run under the default systemd target. The list of disabled services is processed before the list of enabled services. Therefore, if a service appears on both lists, it will be enabled.

Syntax
services [--disabled=list] [--enabled=list]
Copy to Clipboard Toggle word wrap
Options
  • --disabled= - Disable the services given in the comma separated list.
  • --enabled= - Enable the services given in the comma separated list.
Notes
  • When using the services element to enable systemd services, ensure you include packages containing the specified service file in the %packages section.

  • Multiple services should be included separated by comma, without any spaces. For example, to disable four services, enter: 

    services --disabled=auditd,cups,smartd,nfslock
    Copy to Clipboard Toggle word wrap

    If you include any spaces, Kickstart enables or disables only the services up to the first space. For example: 

    services --disabled=auditd, cups, smartd, nfslock
    Copy to Clipboard Toggle word wrap

    That disables only the auditd service. To disable all four services, this entry must include no spaces.

22.3.11. skipx
Copy link

The skipx Kickstart command is optional. If present, the system is configured to boot in text mode. Use this command only once. This command has no options.

Syntax
skipx
Copy to Clipboard Toggle word wrap

22.3.12. sshkey
Copy link

The sshkey Kickstart command is optional. It adds a SSH public key to the authorized_keys file of the specified user on the installed system.

Syntax
sshkey --username=user "ssh_key"
Copy to Clipboard Toggle word wrap
Mandatory options
  • --username= - The user for which the key will be installed.
  • ssh_key - The complete SSH public key. It must be wrapped with quotes.

22.3.13. syspurpose
Copy link

The syspurpose Kickstart command is optional. Use it to set the system purpose which describes how the system will be used after installation. This information helps apply the correct subscription entitlement to the system. Use this command only once.

Note

Red Hat Enterprise Linux 9.0 and later enables you to manage and display system purpose attributes with a single module by making the role, service-level, usage, and addons subcommands available under one subscription-manager syspurpose module. Previously, system administrators used one of four standalone syspurpose commands to manage each attribute. This standalone syspurpose command is deprecated starting with RHEL 9.0 and is planned to be removed in post RHEL 9. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements. Starting with RHEL 9, the single subscription-manager syspurpose command and its associated subcommands is the only way to use system purpose. Note that these changes only apply to the command line tools for system purpose configuration used on installed systems and do not influence the functionality of the syspurpose kickstart command.

Syntax
syspurpose [OPTIONS]
Copy to Clipboard Toggle word wrap
Options

  • --role= - Set the intended system role. Available values are:

    • Red Hat Enterprise Linux Server
    • Red Hat Enterprise Linux Workstation
    • Red Hat Enterprise Linux Compute Node

  • --sla= - Set the Service Level Agreement. Available values are:

    • Premium
    • Standard
    • Self-Support

  • --usage= - The intended usage of the system. Available values are:

    • Production
    • Disaster Recovery
    • Development/Test
Notes
  • Enter the values with spaces and enclose them in double quotes: 
syspurpose --role="Red Hat Enterprise Linux Server"
Copy to Clipboard Toggle word wrap
  • While it is strongly recommended that you configure System Purpose, it is an optional feature of the Red Hat Enterprise Linux installation program.
  • Additional values might be used based on how subscriptions are configured for the given account

22.3.14. timezone
Copy link

The timezone Kickstart command is required. It sets the system time zone. Use this command only once.

Syntax
timezone timezone [OPTIONS]
Copy to Clipboard Toggle word wrap
Mandatory options
  • timezone - the time zone to set for the system.
Optional options
  • --utc - If present, the system assumes the hardware clock is set to UTC (Greenwich Mean) time.
Note
In Red Hat Enterprise Linux 10, time zone names are validated using the pytz.all_timezones list, provided by the pytz package. In previous releases, the names were validated against pytz.common_timezones, which is a subset of the currently used list. Note that the graphical and text mode interfaces still use the more restricted pytz.common_timezones list; you must use a Kickstart file to use additional time zone definitions.

22.3.15. timesource
Copy link

The timesource kickstart command is optional. Use it to set NTP, NTS servers, and pools that provide time data, as well as control whether NTP services are enabled or disabled on the system.

Syntax
timesource [--ntp-server NTP_SERVER | --ntp-pool NTP_POOL | --ntp-disable] [--nts]
Copy to Clipboard Toggle word wrap
Mandatory options

It is mandatory to specify one of the following options when you use the timesource command:

  • --ntp-server - adds one NTP server as a time source. This option can be added only once to a single command in order to add a one NTP time source server. To add multiple sources, add multiple timesource commands each with a single --ntp-server or --ntp-pool option each time. For example, to add multiple sources for Europe timezone 
timezone Europe
timesource --ntp-server 0.rhel.pool.ntp.org
timesource --ntp-server 1.rhel.pool.ntp.org
timesource --ntp-server 2.rhel.pool.ntp.org
Copy to Clipboard Toggle word wrap
  • --ntp-pool - adds a NTP server pool as a time source. This option can be added only once to add a single NTP time source pool. Repeat the timesource command to add multiple sources.
  • --ntp-disable - disables NTP time sources for the installed system.
Optional options
  • --nts - the server or pool added with this command uses the NTS protocol. Note that this option can be added even with --ntp-disable, but it has no effect.

22.3.16. user
Copy link

The user Kickstart command is optional. It creates a new user on the system.

Syntax
user --name=username [OPTIONS]
Copy to Clipboard Toggle word wrap
Mandatory options
  • --name= - Provides the name of the user. This option is required.
Optional options
  • --gecos= - Provides the GECOS information for the user. This is a string of various system-specific fields separated by a comma. It is frequently used to specify the user’s full name, office number, and so on. See the passwd(5) man page for more details.
  • --groups= - In addition to the default group, a comma separated list of group names the user should belong to. The groups must exist before the user account is created. See the group command.
  • --homedir= - The home directory for the user. If not provided, this defaults to /home/username.
  • --lock - If this option is present, this account is locked by default. This means that the user will not be able to log in from the console. This option will also disable the Create User screens in both the graphical and text-based manual installation.
  • --password= - The new user’s password. If not provided, the account will be locked by default.

  • --iscrypted - If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with --plaintext. To create an encrypted password, you can use python: 

    $ python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
    Copy to Clipboard Toggle word wrap

    This generates a sha512 crypt-compatible hash of your password by using a random salt.

  • --plaintext - If this option is present, the password argument is assumed to be in plain text. This option is mutually exclusive with --iscrypted
  • --shell= - The user’s login shell. If not provided, the system default is used.
  • --uid= - The user’s UID (User ID). If not provided, this defaults to the next available non-system UID.
  • --gid= - The GID (Group ID) to be used for the user’s group. If not provided, this defaults to the next available non-system group ID.
Notes
  • Consider using the --uid and --gid options to set IDs of regular users and their default groups at range starting at 5000 instead of 1000. That is because the range reserved for system users and groups, 0-999, might increase in the future and thus overlap with IDs of regular users.

  • Files and directories are created with various permissions, dictated by the application used to create the file or directory. For example, the mkdir command creates directories with all permissions enabled. However, applications are prevented from granting certain permissions to newly created files, as specified by the user file-creation mask setting.

    The user file-creation mask can be controlled with the umask command. The default setting of the user file-creation mask for new users is defined by the UMASK variable in the /etc/login.defs configuration file on the installed system. If unset, it defaults to 022. This means that by default when an application creates a file, it is prevented from granting write permission to users other than the owner of the file. However, this can be overridden by other settings or scripts.

22.3.17. xconfig
Copy link

The xconfig Kickstart command is optional. If used with the --startxonboot option it configures the installed system to start in graphical mode. Use this command only once.

Syntax
xconfig [--startxonboot]
Copy to Clipboard Toggle word wrap
Options
  • --startxonboot - Use a graphical login on the installed system.
Note
  • Because Red Hat Enterprise Linux 10 does not include the KDE Desktop Environment, do not use the --defaultdesktop= documented upstream.

22.4. Kickstart commands for network configuration
Copy link

The Kickstart commands in this list let you configure networking on the system.

22.4.1. network
Copy link

Use the optional network Kickstart command to configure network information for the target system and activate the network devices in the installation environment. The device specified in the first network command is activated automatically. You can also explicitly require a device to be activated by using the --activate option.

Warning

Re-configuration of already active network devices that are in use by the running installer may lead to an installation failure or freeze. In such a case, avoid re-configuration of network devices used to access the installer runtime image (stage2) over NFS.

Syntax
network OPTIONS
Copy to Clipboard Toggle word wrap
Options
  • --activate - activate this device in the installation environment.

If you use the --activate option on a device that has already been activated (for example, an interface you configured with boot options so that the system could retrieve the Kickstart file) the device is reactivated to use the details specified in the Kickstart file.

Use the --nodefroute option to prevent the device from using the default route.

  • --no-activate - do not activate this device in the installation environment.

    By default, Anaconda activates the first network device in the Kickstart file regardless of the --activate option. You can disable the default setting by using the --no-activate option.

  • --bootproto= - One of dhcp, bootp, ibft, or static. The default option is dhcp; the dhcp and bootp options are treated the same. To disable ipv4 configuration of the device, use --noipv4 option.

    Note

    This option configures the ipv4 configuration of the device. For ipv6 configuration use --ipv6 and --ipv6gateway options.

    The DHCP method uses a DHCP server system to obtain its networking configuration. The BOOTP method is similar, requiring a BOOTP server to supply the networking configuration. To direct a system to use DHCP: 

    network --bootproto=dhcp
    Copy to Clipboard Toggle word wrap

    To direct a machine to use BOOTP to obtain its networking configuration, use the following line in the Kickstart file: 

    network --bootproto=bootp
    Copy to Clipboard Toggle word wrap

    To direct a machine to use the configuration specified in iBFT, use: 

    network --bootproto=ibft
    Copy to Clipboard Toggle word wrap

    The static method requires that you specify at least the IP address and netmask in the Kickstart file. This information is static and is used during and after the installation.

    All static networking configuration information must be specified on one line; you cannot wrap lines by using a backslash (\) as you can on a command line. 

    network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver=10.0.2.1
    Copy to Clipboard Toggle word wrap

    You can also configure multiple nameservers at the same time. To do so, use the --nameserver= option once, and specify each of their IP addresses, separated by commas: 

    network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver=192.168.2.1,192.168.3.1
    Copy to Clipboard Toggle word wrap

  • --device= - specifies the device to be configured (and eventually activated in Anaconda) with the network command.

    If the --device= option is missing on the first use of the network command, the value of the inst.ks.device= Anaconda boot option is used, if available. This is considered deprecated behavior; in most cases, you should always specify a --device= for every network command.

    The behavior of any subsequent network command in the same Kickstart file is unspecified if its --device= option is missing. Verify you specify this option for any network command beyond the first.

    You can specify a device to be activated in any of the following ways:

    • the device name of the interface, for example, em1
    • the MAC address of the interface, for example, 01:23:45:67:89:ab
    • the keyword link, which specifies the first interface with its link in the up state
    • the keyword bootif, which uses the MAC address that pxelinux set in the BOOTIF variable. Set IPAPPEND 2 in your pxelinux.cfg file to have pxelinux set the BOOTIF variable.

    For example: 

    network --bootproto=dhcp --device=em1
    Copy to Clipboard Toggle word wrap

  • --ipv4-dns-search/--ipv6-dns-search - Set the DNS search domains manually. You must use these options together with --device options and mirror their respective NetworkManager properties, for example: 

    network --device ens3 --ipv4-dns-search domain1.example.com,domain2.example.com
    Copy to Clipboard Toggle word wrap
  • --ipv4-ignore-auto-dns/--ipv6-ignore-auto-dns - Set to ignore the DNS settings from DHCP. You must use these options together with --device options and these options do not require any arguments.
  • --ip= - IP address of the device.
  • --ipv6= - IPv6 address of the device, in the form of address[/prefix length] - for example, 3ffe:ffff:0:1::1/128. If the prefix is omitted, 64 is used. You can also use auto for automatic configuration, or dhcp for DHCPv6-only configuration (no router advertisements).
  • --gateway= - Default gateway as a single IPv4 address.
  • --ipv6gateway= - Default gateway as a single IPv6 address.
  • --nodefroute - Prevents the interface being set as the default route. Use this option when you activate additional devices with the --activate= option, for example, a NIC on a separate subnet for an iSCSI target.
  • --nameserver= - DNS name server, as an IP address. To specify more than one name server, use this option once, and separate each IP address with a comma.
  • --netmask= - Network mask for the installed system.

  • --hostname= - Used to configure the target system’s host name. The host name can either be a fully qualified domain name (FQDN) in the format hostname.domainname, or a short host name without the domain. Many networks have a Dynamic Host Configuration Protocol (DHCP) service that automatically supplies connected systems with a domain name. To allow the DHCP service to assign the domain name to this machine, specify only the short host name.

    When using static IP and host name configuration, it depends on the planned system use case whether to use a short name or FQDN. Red Hat Identity Management configures FQDN during provisioning but some 3rd party software products may require a short name. In either case, to ensure availability of both forms in all situations, add an entry for the host in /etc/hosts in the format IP FQDN short-alias.

    Host names can only contain alphanumeric characters and - or .. Host name should be equal to or less than 64 characters. Host names cannot start or end with - and .. To be compliant with DNS, each part of a FQDN should be equal to or less than 63 characters and the FQDN total length, including dots, should not exceed 255 characters.

    If you only want to configure the target system’s host name, use the --hostname option in the network command and do not include any other option.

    If you provide additional options when configuring the host name, the network command configures a device by using the options specified. If you do not specify which device to configure by using the --device option, the default --device link value is used. Additionally, if you do not specify the protocol by using the --bootproto option, the device is configured to use DHCP by default.

  • --ethtool= - Specifies additional low-level settings for the network device which will be passed to the ethtool program.
  • --onboot= - Whether or not to enable the device at boot time.
  • --dhcpclass= - The DHCP class.
  • --mtu= - The MTU of the device.
  • --noipv4 - Disable IPv4 on this device.
  • --noipv6 - Disable IPv6 on this device.

  • --bondslaves= - When this option is used, the bond device specified by the --device= option is created using secondary devices defined in the --bondslaves= option. For example: 

    network --device=bond0 --bondslaves=em1,em2
    Copy to Clipboard Toggle word wrap

    The above command creates a bond device named bond0 by using the em1 and em2 interfaces as its secondary devices.

  • --bondopts= - a list of optional parameters for a bonded interface, which is specified by using the --bondslaves= and --device= options. Options in this list must be separated by commas (,) or semicolons (;). If an option itself contains a comma, use a semicolon to separate the options. For example: 

    network --bondopts=mode=active-backup,balance-rr;primary=eth1
    Copy to Clipboard Toggle word wrap
    Important

    The --bondopts=mode= parameter only supports full mode names such as balance-rr or broadcast, not their numerical representations such as 0 or 3. For the list of available and supported modes, see the Configuring and Managing Networking Guide.

  • --vlanid= - Specifies virtual LAN (VLAN) ID number (802.1q tag) for the device created by using the device specified in --device= as a parent. For example, network --device=em1 --vlanid=171 creates a virtual LAN device em1.171.

  • --interfacename= - Specify a custom interface name for a virtual LAN device. This option should be used when the default name generated by the --vlanid= option is not desirable. This option must be used along with --vlanid=. For example: 

    network --device=em1 --vlanid=171 --interfacename=vlan171
    Copy to Clipboard Toggle word wrap

    The above command creates a virtual LAN interface named vlan171 on the em1 device with an ID of 171.

    The interface name can be arbitrary (for example, my-vlan), but in specific cases, the following conventions must be followed:

    • If the name contains a dot (.), it must take the form of NAME.ID. The NAME is arbitrary, but the ID must be the VLAN ID. For example: em1.171 or my-vlan.171.
    • Names starting with vlan must take the form of vlanID - for example, vlan171.

  • --bridgeslaves= - When this option is used, the network bridge with device name specified by using the --device= option will be created and devices defined in the --bridgeslaves= option will be added to the bridge. For example: 

    network --device=bridge0 --bridgeslaves=em1
    Copy to Clipboard Toggle word wrap

  • --bridgeopts= - An optional comma-separated list of parameters for the bridged interface. Available values are stp, priority, forward-delay, hello-time, max-age, and ageing-time. For information about these parameters, see the bridge setting table in the nm-settings(5) man page or at Network Configuration Setting Specification.

    Also see the Configuring and managing networking document for general information about network bridging.

  • --bindto=mac - Bind the device configuration file on the installed system to the device MAC address (HWADDR) instead of the default binding to the interface name (DEVICE). This option is independent of the --device= option - --bindto=mac will be applied even if the same network command also specifies a device name, link, or bootif.
Notes
  • The ethN device names such as eth0 are no longer available in Red Hat Enterprise Linux due to changes in the naming scheme. For more information about the device naming scheme, see the upstream document Predictable Network Interface Names.
  • If you used a Kickstart option or a boot option to specify an installation repository on a network, but no network is available at the start of the installation, the installation program displays the Network Configuration window to set up a network connection prior to displaying the Installation Summary window. For more details, see Configuring network and host name options.

22.4.2. realm
Copy link

The realm Kickstart command is optional. Use it to join an Active Directory or IPA domain. For more information about this command, see the join section of the realm(8) man page on your system.

Syntax
realm join [OPTIONS] domain
Copy to Clipboard Toggle word wrap
Mandatory options
  • domain - The domain to join.
Options
  • --computer-ou=OU= - Provide the distinguished name of an organizational unit in order to create the computer account. The exact format of the distinguished name depends on the client software and membership software. The root DSE portion of the distinguished name can usually be left out.
  • --no-password - Join automatically without a password.
  • --one-time-password= - Join using a one-time password. This is not possible with all types of realm.
  • --client-software= - Only join realms which can run this client software. Valid values include sssd and winbind. Not all realms support all values. By default, the client software is chosen automatically.
  • --server-software= - Only join realms which can run this server software. Possible values include active-directory or freeipa.
  • --membership-software= - Use this software when joining the realm. Valid values include samba and adcli. Not all realms support all values. By default, the membership software is chosen automatically.

22.5. Kickstart commands for handling storage
Copy link

The Kickstart commands in this section configure aspects of storage such as devices, disks, partitions, LVM, and filesystems.

Important

The sdX (or /dev/sdX) format does not guarantee consistent device names across reboots, which can complicate the usage of some Kickstart commands. When a command requires a device node name, you can use any item from /dev/disk as an alternative. For example, instead of using the following device name:

part / --fstype=xfs --onpart=sda1

You can use an entry similar to one of the following:

part / --fstype=xfs --onpart=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0-part1

part / --fstype=xfs --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1

By using this approach, the command always targets the same storage device. This is especially useful in large storage environments. To explore the available device names on the system, you can use the ls -lR /dev/disk command during the interactive installation. For more information about different ways to consistently refer to storage devices, see Persistent naming attributes.

22.5.1. ignoredisk
Copy link

The ignoredisk Kickstart command is optional. It causes the installation program to ignore the specified disks.

This is useful if you use automatic partitioning and want to be sure that some disks are ignored. For example, without ignoredisk, attempting to deploy on a SAN-cluster the Kickstart would fail, as the installation program detects passive paths to the SAN that return no partition table. Use this command only once.

Syntax
ignoredisk --drives=drive1,drive2,... | --only-use=drive
Copy to Clipboard Toggle word wrap
Options
  • --drives=driveN,…​ - Replace driveN with one of sda, sdb,…​, hda,…​ and so on.

  • --only-use=driveN,…​ - Specifies a list of disks for the installation program to use. All other disks are ignored. For example, to use disk sda during installation and ignore all other disks: 

    ignoredisk --only-use=sda
    Copy to Clipboard Toggle word wrap

    To include a multipath device that does not use LVM: 

    ignoredisk --only-use=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
    Copy to Clipboard Toggle word wrap

    To include a multipath device that uses LVM: 

    ignoredisk --only-use=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
    Copy to Clipboard Toggle word wrap

    You must specify only one of the --drives or --only-use.

Notes
  • To specify a multipath device, use the format disk/by-id/scsi-WWID, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID 58095BEC5510947BE8C0360F604351918, use: 
ignoredisk --only-use=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
Copy to Clipboard Toggle word wrap

This format is preferable for all multipath devices, but if errors arise, multipath devices that do not use logical volume manager (LVM) can also be specified by using the format disk/by-id/dm-uuid-mpath-WWID, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID 2416CD96995134CA5D787F00A5AA11017, use: 

ignoredisk --only-use=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
Copy to Clipboard Toggle word wrap

Never specify multipath devices by device names like mpatha. Device names such as this are not specific to a particular disk. The disk named /dev/mpatha during installation might not be the one that you expect it to be. Therefore, the clearpart command could target the wrong disk.

  • The sdX (or /dev/sdX) format does not guarantee consistent device names across reboots, which can complicate the usage of some Kickstart commands. When a command requires a device node name, you can use any item from /dev/disk as an alternative. For example, instead of using the following device name: 

    ignoredisk --only-use=sda
    Copy to Clipboard Toggle word wrap

    You can use an entry similar to one of the following: 

    ignoredisk --only-use=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0
ignoredisk --only-use=/dev/disk/by-id/ata-ST3160815AS_6RA0C882
    Copy to Clipboard Toggle word wrap

    By using this approach, the command always targets the same storage device. This is especially useful in large storage environments. To explore the available device names on the system, you can use the ls -lR /dev/disk command during the interactive installation. For more information about different ways to consistently refer to storage devices, see Persistent naming attributes.

22.5.2. clearpart
Copy link

The clearpart Kickstart command is optional. It removes partitions from the system, prior to creation of new partitions. By default, no partitions are removed. Use this command only once.

Syntax
clearpart OPTIONS
Copy to Clipboard Toggle word wrap
Options
  • --all - Erases all partitions from the system.

This option will erase all disks which can be reached by the installation program, including any attached network storage. Use this option with caution.

You can prevent clearpart from wiping storage you want to preserve by using the --drives= option and specifying only the drives you want to clear, by attaching network storage later (for example, in the %post section of the Kickstart file), or by blocklisting the kernel modules used to access network storage.

  • --drives= - Specifies which drives to clear partitions from. For example, the following clears all the partitions on the first two drives on the primary IDE controller: 

    clearpart --drives=hda,hdb --all
    Copy to Clipboard Toggle word wrap

    To clear a multipath device, use the format disk/by-id/scsi-WWID, where WWID is the world-wide identifier for the device. For example, to clear a disk with WWID 58095BEC5510947BE8C0360F604351918, use: 

    clearpart --drives=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
    Copy to Clipboard Toggle word wrap

    This format is preferable for all multipath devices, but if errors arise, multipath devices that do not use logical volume manager (LVM) can also be cleared using the format disk/by-id/dm-uuid-mpath-WWID, where WWID is the world-wide identifier for the device. For example, to clear a disk with WWID 2416CD96995134CA5D787F00A5AA11017, use: 

    clearpart --drives=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
    Copy to Clipboard Toggle word wrap

    Never specify multipath devices by device names like mpatha. Device names such as this are not specific to a particular disk. The disk named /dev/mpatha during installation might not be the one that you expect it to be. Therefore, the clearpart command could target the wrong disk.

  • --initlabel - Initializes a disk (or disks) by creating a default disk label for all disks in their respective architecture that have been designated for formatting (for example, gpt for x86). Because --initlabel can see all disks, it is important to ensure only those drives that are to be formatted are connected. Disks cleared by clearpart will have the label created even in case the --initlabel is not used. 

    clearpart --initlabel --drives=names_of_disks
    Copy to Clipboard Toggle word wrap

    For example: 

    clearpart --initlabel --drives=dasda,dasdb,dasdc
    Copy to Clipboard Toggle word wrap

  • --list= - Specifies which partitions to clear. This option overrides the --all and --linux options if used. Can be used across different drives. For example: 

    clearpart --list=sda2,sda3,sdb1
    Copy to Clipboard Toggle word wrap
  • --disklabel=LABEL - Set the default disklabel to use. Only disklabels supported for the platform will be accepted. For example, on the 64-bit Intel and AMD architectures, the msdos and gpt disklabels are accepted, but dasd is not accepted.
  • --linux - Erases all Linux partitions.
  • --none (default) - Do not remove any partitions.
  • --cdl - Reformat any LDL DASDs to CDL format.
Notes

  • On the x86_64 systems running in Legacy BIOS mode, the GPT disklabel is the default. To ensure these systems can boot properly with GPT, add a dedicated BIOS boot partition. For automated installations, consider using the reqpart kickstart command to create this BIOS boot partition when required automatically. Optionally, use the part kickstart command, for example: part biosboot --size=1. If you prefer to stick with the older MBR partitioning scheme instead of GPT, you have two options:

    • During a kickstart installation, use the --disklabel msdos option with the clearpart command.
    • Alternatively, add the inst.disklabel=mbr boot option at the installer’s boot prompt.

  • To specify a multipath device, use the format disk/by-id/scsi-WWID, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID 58095BEC5510947BE8C0360F604351918, use: 

    ignoredisk --only-use=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
    Copy to Clipboard Toggle word wrap

    This format is preferable for all multipath devices, but if errors arise, multipath devices that do not use logical volume manager (LVM) can also be specified by using the format disk/by-id/dm-uuid-mpath-WWID, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID 2416CD96995134CA5D787F00A5AA11017, use: 

    ignoredisk --only-use=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
    Copy to Clipboard Toggle word wrap

    Never specify multipath devices by device names like mpatha. Device names such as this are not specific to a particular disk. The disk named /dev/mpatha during installation might not be the one that you expect it to be. Therefore, the ignoredisk command could target the wrong disk.

  • The sdX (or /dev/sdX) format does not guarantee consistent device names across reboots, which can complicate the usage of some Kickstart commands. When a command requires a device node name, you can use any item from /dev/disk as an alternative. For example, instead of using the following device name: 

    clearpart --drives=sda
    Copy to Clipboard Toggle word wrap

    You can use an entry similar to one of the following: 

    clearpart --drives=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0
clearpart --drives=/dev/disk/by-id/ata-ST3160815AS_6RA0C882
    Copy to Clipboard Toggle word wrap

    By using this approach, the command always targets the same storage device. This is especially useful in large storage environments. To explore the available device names on the system, you can use the ls -lR /dev/disk command during the interactive installation. For more information about different ways to consistently refer to storage devices, see Persistent naming attributes.

  • If the clearpart command is used, then the part --onpart command cannot be used on a logical partition.

22.5.3. zerombr
Copy link

The zerombr Kickstart command is optional. The zerombr initializes any invalid partition tables that are found on disks and destroys all of the contents of disks with invalid partition tables.

This command is required when performing an installation on an 64-bit IBM Z system with unformatted Direct Access Storage Device (DASD) disks, otherwise the unformatted disks are not formatted and used during the installation. Use this command only once. This command has no options.

Syntax
zerombr
Copy to Clipboard Toggle word wrap
Notes
  • On 64-bit IBM Z, if zerombr is specified, any Direct Access Storage Device (DASD) visible to the installation program which is not already low-level formatted is automatically low-level formatted with dasdfmt. The command also prevents user choice during interactive installations.
  • If zerombr is not specified and there is at least one unformatted DASD visible to the installation program, a non-interactive Kickstart installation exits unsuccessfully.
  • If zerombr is not specified and there is at least one unformatted DASD visible to the installation program, an interactive installation exits if the user does not agree to format all visible and unformatted DASDs. To circumvent this, only activate those DASDs that you will use during installation. You can always add more DASDs after installation is complete.

22.5.4. bootloader
Copy link

The bootloader Kickstart command is required. It specifies how the boot loader should be installed. Use this command only once.

Syntax
bootloader [OPTIONS]
Copy to Clipboard Toggle word wrap
Options
  • --append= - Specifies additional kernel parameters. To specify multiple parameters, separate them with spaces. For example: 
bootloader --location=mbr --append="hdd=ide-scsi ide=nodma"
Copy to Clipboard Toggle word wrap

The rhgb and quiet parameters are automatically added when the plymouth package is installed, even if you do not specify them here or do not use the --append= command at all. To disable this behavior, explicitly disallow installation of plymouth: 

%packages
-plymouth
%end
Copy to Clipboard Toggle word wrap

This option is useful for disabling mechanisms which were implemented to mitigate the Meltdown and Spectre speculative execution vulnerabilities found in most modern processors (CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715). In some cases, these mechanisms may be unnecessary, and keeping them enabled causes decreased performance with no improvement in security. To disable these mechanisms, add the options to do so into your Kickstart file - for example, bootloader --append="nopti noibrs noibpb" on AMD64/Intel 64 systems.

Warning

Ensure your system is not at risk of attack before disabling any of the vulnerability mitigation mechanisms. See the Red Hat vulnerability response article for information about the Meltdown and Spectre vulnerabilities.

  • --boot-drive= - Specifies which drive the boot loader should be written to, and therefore which drive the computer will boot from. If you use a multipath device as the boot drive, specify the device by using its disk/by-id/dm-uuid-mpath-WWID name.

    Important

    The --boot-drive= option is currently being ignored in Red Hat Enterprise Linux installations on 64-bit IBM Z systems by using the zipl boot loader. When zipl is installed, it determines the boot drive on its own.

  • --leavebootorder - This option is applicable for Power and UEFI systems. The installation program adds Red Hat Enterprise Linux 10 to the list of the installed systems in UEFI. It does not add the installed system to the boot order. All existing boot entries as well as their order are preserved.

  • --driveorder= - Specifies which drive is first in the BIOS boot order. For example: 

    bootloader --driveorder=sda,hda
    Copy to Clipboard Toggle word wrap

  • --location= - Specifies where the boot record is written. Valid values are the following:

    • mbr - The default option. Depends on whether the drive uses the Master Boot Record (MBR) or GUID Partition Table (GPT) scheme:

      On a GPT-formatted disk, this option installs stage 1.5 of the boot loader into the BIOS boot partition.

      On an MBR-formatted disk, stage 1.5 is installed into the empty space between the MBR and the first partition.

    • partition - Install the boot loader on the first sector of the partition containing the kernel.
    • none - Do not install the boot loader.

    In most cases, this option does not need to be specified.

  • --nombr - Do not install the boot loader to the MBR.

  • --password= - If using GRUB2, set the boot loader password to the one specified with this option. This should be used to restrict access to the GRUB2 shell, where arbitrary kernel options can be passed.

    If a password is specified, GRUB2 also asks for a user name. The user name is always root.

  • --iscrypted - Normally, when you specify a boot loader password by using the --password= option, it is stored in the Kickstart file in plain text. If you want to encrypt the password, use this option and an encrypted password.

    To generate an encrypted password, use the grub2-mkpasswd-pbkdf2 command, enter the password you want to use, and copy the command’s output (the hash starting with grub.pbkdf2) into the Kickstart file. An example bootloader Kickstart entry with an encrypted password looks similar to the following: 

    bootloader --iscrypted --password=grub.pbkdf2.sha512.10000.5520C6C9832F3AC3D149AC0B24BE69E2D4FB0DBEEDBD29CA1D30A044DE2645C4C7A291E585D4DC43F8A4D82479F8B95CA4BA4381F8550510B75E8E0BB2938990.C688B6F0EF935701FF9BD1A8EC7FE5BD2333799C98F28420C5CC8F1A2A233DE22C83705BB614EA17F3FDFDF4AC2161CEA3384E56EB38A2E39102F5334C47405E
    Copy to Clipboard Toggle word wrap
  • --timeout= - Specifies the amount of time the boot loader waits before booting the default option (in seconds).
  • --default= - Sets the default boot image in the boot loader configuration.
  • --extlinux - Use the extlinux boot loader instead of GRUB2. This option only works on systems supported by extlinux.
  • --disabled - This option is a stronger version of --location=none. While --location=none simply disables boot loader installation, --disabled disables boot loader installation and also disables installation of the package containing the boot loader, thus saving space.
Notes
  • Red Hat recommends setting up a boot loader password on every system. An unprotected boot loader can allow a potential attacker to modify the system’s boot options and gain unauthorized access to the system.
  • In some cases, a special partition is required to install the boot loader on AMD64, Intel 64, and 64-bit ARM systems. The type and size of this partition depends on whether the disk you are installing the boot loader to use the Master Boot Record (MBR) or a GUID Partition Table (GPT) schema. For more information, see the Configuring boot loader section.

  • The sdX (or /dev/sdX) format does not guarantee consistent device names across reboots, which can complicate the usage of some Kickstart commands. When a command requires a device node name, you can use any item from /dev/disk as an alternative. For example, instead of using the following device name: 

    bootloader --boot-drive=sda
    Copy to Clipboard Toggle word wrap

    You can use an entry similar to one of the following: 

    bootloader --boot-drive=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0
bootloader --boot-drive=/dev/disk/by-id/ata-ST3160815AS_6RA0C882
    Copy to Clipboard Toggle word wrap

    By using this approach, the command always targets the same storage device. This is especially useful in large storage environments. To explore the available device names on the system, you can use the ls -lR /dev/disk command during the interactive installation. For more information about different ways to consistently refer to storage devices, see Persistent naming attributes.

22.5.5. autopart
Copy link

The autopart Kickstart command is optional. It automatically creates partitions.

The automatically created partitions are: a root (/) partition (1 GiB or larger), a swap partition, and an appropriate /boot partition for the architecture. On large enough drives (50 GiB and larger), this also creates a /home partition. Use this command only once.

Syntax
autopart OPTIONS
Copy to Clipboard Toggle word wrap
Options

  • --type= - Selects one of the predefined automatic partitioning schemes you want to use. Accepts the following values:

    • lvm: The LVM partitioning scheme.
    • plain: Regular partitions with no LVM.
    • thinp: The LVM Thin Provisioning partitioning scheme.
  • --fstype= - Selects one of the available file system types. The available values are ext2, ext3, ext4, xfs, and vfat. The default file system is xfs.
  • --nohome - Disables automatic creation of the /home partition.
  • --nolvm - Do not use LVM for automatic partitioning. This option is equal to --type=plain.
  • --noboot - Do not create a /boot partition.
  • --noswap - Do not create a swap partition.

  • --encrypted - Encrypts all partitions with Linux Unified Key Setup (LUKS). This is equivalent to checking the Encrypt partitions check box on the initial partitioning screen during a manual graphical installation.

    Note

    When encrypting one or more partitions, Anaconda attempts to gather 256 bits of entropy to ensure the partitions are encrypted securely. Gathering entropy can take some time - the process will stop after a maximum of 10 minutes, regardless of whether sufficient entropy has been gathered.

    The process can be speed up by interacting with the installation system (typing on the keyboard or moving the mouse). If you are installing in a virtual machine, you can also attach a virtio-rng device (a virtual random number generator) to the guest.

  • --luks-version=LUKS_VERSION - Specifies which version of LUKS format should be used to encrypt the filesystem. This option is only meaningful if --encrypted is specified.
  • --passphrase= - Provides a default system-wide passphrase for all encrypted devices.
  • --escrowcert=URL_of_X.509_certificate - Stores data encryption keys of all encrypted volumes as files in /root, encrypted by using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if --encrypted is specified.
  • --backuppassphrase - Adds a randomly-generated passphrase to each encrypted volume. Store these passphrases in separate files in /root, encrypted by using the X.509 certificate specified with --escrowcert. This option is only meaningful if --escrowcert is specified.
  • --cipher= - Specifies the type of encryption to use if the Anaconda default aes-xts-plain64 is not satisfactory. You must use this option together with the --encrypted option; by itself it has no effect. Available types of encryption are listed in the Security hardening document. For example, aes-xts-plain64.
  • --pbkdf=PBKDF - Sets Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot. See also the man page cryptsetup(8). This option is only meaningful if --encrypted is specified.
  • --pbkdf-memory=PBKDF_MEMORY - Sets the memory cost for PBKDF. See also the man page cryptsetup(8). This option is only meaningful if --encrypted is specified.
  • --pbkdf-time=PBKDF_TIME - Sets the number of milliseconds to spend with PBKDF passphrase processing. See also --iter-time in the man page cryptsetup(8). This option is only meaningful if --encrypted is specified, and is mutually exclusive with --pbkdf-iterations.
  • --pbkdf-iterations=PBKDF_ITERATIONS - Sets the number of iterations directly and avoids PBKDF benchmark. See also --pbkdf-force-iterations in the man page cryptsetup(8). This option is only meaningful if --encrypted is specified, and is mutually exclusive with --pbkdf-time.
Notes
  • The autopart option cannot be used together with the part/partition, raid, logvol, or volgroup options in the same Kickstart file.
  • The autopart command is not mandatory, but you must include it if there are no part or mount commands in your Kickstart script.
  • It is recommended to use the autopart --nohome Kickstart option when installing on a single FBA DASD of the CMS type. This ensures that the installation program does not create a separate /home partition. The installation then proceeds successfully.
  • If you lose the LUKS passphrase, any encrypted partitions and their data is completely inaccessible. There is no way to recover a lost passphrase. However, you can save encryption passphrases with the --escrowcert and create backup encryption passphrases with the --backuppassphrase options.
  • Ensure that the disk sector sizes are consistent when using autopart, autopart --type=lvm, or autopart=thinp.

22.5.6. reqpart
Copy link

The reqpart Kickstart command is optional. It automatically creates partitions required by your hardware platform. These include a /boot/efi partition for systems with UEFI firmware, a biosboot partition for systems with BIOS firmware and GPT, and a PRePBoot partition for IBM Power Systems. Use this command only once.

Syntax
reqpart [--add-boot]
Copy to Clipboard Toggle word wrap
Options
  • --add-boot - Creates a separate /boot partition in addition to the platform-specific partition created by the base command.
Note
  • This command cannot be used together with autopart, because autopart does everything the reqpart command does and, in addition, creates other partitions or logical volumes such as / and swap. In contrast with autopart, this command only creates platform-specific partitions and leaves the rest of the drive empty, allowing you to create a custom layout.

22.5.7. part or partition
Copy link

The part or partition Kickstart command is required. It creates a partition on the system.

Syntax
part|partition mntpoint [OPTIONS]
Copy to Clipboard Toggle word wrap
Options

  • mntpoint - Where the partition is mounted. The value must be of one of the following forms:

    • /path

      For example, /, /usr, /home

    • swap

      The partition is used as swap space.

      To determine the size of the swap partition automatically, use the --recommended option: 

      swap --recommended
      Copy to Clipboard Toggle word wrap

      The size assigned will be effective but not precisely calibrated for your system.

      To determine the size of the swap partition automatically but also allow extra space for your system to hibernate, use the --hibernation option: 

      swap --hibernation
      Copy to Clipboard Toggle word wrap

      The size assigned will be equivalent to the swap space assigned by --recommended plus the amount of RAM on your system. For the swap sizes assigned by these commands, see Recommended Partitioning Scheme for AMD64, Intel 64, and 64-bit ARM systems.

    • raid.id

      The partition is used for software RAID (see raid).

    • pv.id

      The partition is used for LVM (see logvol).

    • biosboot

      The partition will be used for a BIOS Boot partition. A 1 MiB BIOS boot partition is necessary on BIOS-based AMD64 and Intel 64 systems using a GUID Partition Table (GPT); the boot loader will be installed into it. It is not necessary on UEFI systems. See also the bootloader command.

    • /boot/efi

      An EFI System Partition. A 50 MiB EFI partition is necessary on UEFI-based AMD64, Intel 64, and 64-bit ARM; the recommended size is 200 MiB. It is not necessary on BIOS systems. See also the bootloader command.

  • --size= - The minimum partition size in MiB. Specify an integer value here such as 500 (do not include the unit). Installation fails if size specified is too small. Set the --size value as the minimum amount of space you require. For size recommendations, see Recommended Partitioning Scheme.
  • --grow - Specifies the partition to grow to fill available space (if any), or up to the maximum size setting, if one is specified. If you use --grow without setting --maxsize= on a swap partition, Anaconda limits the maximum size of the swap partition. For systems that have less than 2 GiB of physical memory, the imposed limit is twice the amount of physical memory. For systems with more than 2 GiB, the imposed limit is the size of physical memory plus 2GiB.
  • --maxsize= - The maximum partition size in MiB when the partition is set to grow. Specify an integer value here such as 500 (do not include the unit).
  • --noformat - Specifies that the partition should not be formatted, for use with the --onpart command.

  • --onpart= or --usepart= - Specifies the device on which to place the partition. Uses an existing blank device and formats it to the new specified type. For example: 

    partition /home --onpart=hda1
    Copy to Clipboard Toggle word wrap

    puts /home on /dev/hda1.

    These options can also add a partition to a logical volume. For example: 

    partition pv.1 --onpart=hda2
    Copy to Clipboard Toggle word wrap

    The device must already exist on the system; the --onpart option will not create it.

    It is also possible to specify an entire drive, rather than a partition, in which case Anaconda will format and use the drive without creating a partition table. However, installation of GRUB2 is not supported on a device formatted in this way, and must be placed on a drive with a partition table. 

    partition pv.1 --onpart=hdb
    Copy to Clipboard Toggle word wrap

  • --ondisk= or --ondrive= - Creates a partition (specified by the part command) on an existing disk.This command always creates a partition. Forces the partition to be created on a particular disk. For example, --ondisk=sdb puts the partition on the second SCSI disk on the system.

    Note

    To specify a multipath device, use the format disk/by-id/scsi-WWID, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID 58095BEC5510947BE8C0360F604351918, use: 

    part / --size=5000 --ondisk=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
    Copy to Clipboard Toggle word wrap

    This format is preferable for all multipath devices, but if errors arise, multipath devices that do not use logical volume manager (LVM) can also be specified by using the format disk/by-id/dm-uuid-mpath-WWID, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID 2416CD96995134CA5D787F00A5AA11017, use: 

    part / --size=5000 --ondisk=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
    Copy to Clipboard Toggle word wrap

    Never specify multipath devices by device names like mpatha. Device names such as this are not specific to a particular disk. The disk named /dev/mpatha during installation might not be the one that you expect it to be. Therefore, the part command could target the wrong disk.

  • --asprimary - Forces the partition to be allocated as a primary partition. If the partition cannot be allocated as primary (usually due to too many primary partitions being already allocated), the partitioning process fails. This option only makes sense when the disk uses a Master Boot Record (MBR); for GUID Partition Table (GPT)-labeled disks this option has no meaning.
  • --fsprofile= - Specifies a usage type to be passed to the program that makes a filesystem on this partition. A usage type defines a variety of tuning parameters to be used when making a filesystem. For this option to work, the filesystem must support the concept of usage types and there must be a configuration file that lists valid types. For ext2, ext3, ext4, this configuration file is /etc/mke2fs.conf.

  • --mkfsoptions= - Specifies additional parameters to be passed to the program that makes a filesystem on this partition. This is similar to --fsprofile but works for all filesystems, not just the ones that support the profile concept. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem. For example, 

    part /opt/foo1 --size=512 --fstype=ext4 --mkfsoptions="-O ^has_journal,^flex_bg,^metadata_csum"

part /opt/foo2 --size=512 --fstype=xfs --mkfsoptions="-m bigtime=0,finobt=0"
    Copy to Clipboard Toggle word wrap

    For details, see the man pages of the filesystems you are creating. For example, mkfs.ext4 or mkfs.xfs.

  • --fstype= - Sets the file system type for the partition. Valid values are xfs, ext2, ext3, ext4, swap, vfat, efi and biosboot.

  • --fsoptions - Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the /etc/fstab file of the installed system and should be enclosed in quotes.

    Note

    In the EFI system partition (/boot/efi), anaconda hard codes the value and ignores the users specified --fsoptions values.

  • --label= - assign a label to an individual partition.
  • --recommended - Determine the size of the partition automatically. For details about the recommended scheme, see Recommended Partitioning Scheme for AMD64, Intel 64, and 64-bit ARM. This option can only be used for partitions which result in a file system such as the /boot partition and swap space. It cannot be used to create LVM physical volumes or RAID members.
  • --onbiosdisk - Forces the partition to be created on a particular disk as discovered by the BIOS.

  • --encrypted - Specifies that this partition should be encrypted with Linux Unified Key Setup (LUKS) by using the passphrase provided in the --passphrase option. If you do not specify a passphrase, Anaconda uses the default, system-wide passphrase set with the autopart --passphrase command, or stops the installation and prompts you to provide a passphrase if no default is set.

    Note

    When encrypting one or more partitions, Anaconda attempts to gather 256 bits of entropy to ensure the partitions are encrypted securely. Gathering entropy can take some time - the process will stop after a maximum of 10 minutes, regardless of whether sufficient entropy has been gathered. The process can be sped up by interacting with the installation system (typing on the keyboard or moving the mouse). If you are installing in a virtual machine, you can also attach a virtio-rng device (a virtual random number generator) to the guest.

  • --luks-version=LUKS_VERSION - Specifies which version of LUKS format should be used to encrypt the filesystem. This option is only meaningful if --encrypted is specified.
  • --passphrase= - Specifies the passphrase to use when encrypting this partition. You must use this option together with the --encrypted option; by itself it has no effect.
  • --cipher= - Specifies the type of encryption to use if the Anaconda default aes-xts-plain64 is not satisfactory. You must use this option together with the --encrypted option; by itself it has no effect. Available types of encryption are listed in the Security hardening document. For example, aes-xts-plain64.
  • --escrowcert=URL_of_X.509_certificate - Store data encryption keys of all encrypted partitions as files in /root, encrypted by using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted partition. This option is only meaningful if --encrypted is specified.
  • --backuppassphrase - Add a randomly-generated passphrase to each encrypted partition. Store these passphrases in separate files in /root, encrypted by using the X.509 certificate specified with --escrowcert. This option is only meaningful if --escrowcert is specified.
  • --pbkdf=PBKDF - Sets Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot. See also the man page cryptsetup(8). This option is only meaningful if --encrypted is specified.
  • --pbkdf-memory=PBKDF_MEMORY - Sets the memory cost for PBKDF. See also the man page cryptsetup(8). This option is only meaningful if --encrypted is specified.
  • --pbkdf-time=PBKDF_TIME - Sets the number of milliseconds to spend with PBKDF passphrase processing. See also --iter-time in the man page cryptsetup(8). This option is only meaningful if --encrypted is specified, and is mutually exclusive with --pbkdf-iterations.
  • --pbkdf-iterations=PBKDF_ITERATIONS - Sets the number of iterations directly and avoids PBKDF benchmark. See also --pbkdf-force-iterations in the man page cryptsetup(8). This option is only meaningful if --encrypted is specified, and is mutually exclusive with --pbkdf-time.
  • --resize - Resize an existing partition. When using this option, specify the target size (in MiB) by using the --size= option and the target partition by using the --onpart= option.
Notes
  • The part command is not mandatory, but you must include either part, autopart or mount in your Kickstart script.
  • If partitioning fails for any reason, diagnostic messages appear on virtual console 3.
  • All partitions created are formatted as part of the installation process unless --noformat and --onpart are used.

  • The sdX (or /dev/sdX) format does not guarantee consistent device names across reboots, which can complicate the usage of some Kickstart commands. When a command requires a device node name, you can use any item from /dev/disk as an alternative. For example, instead of using the following device name: 

    part / --fstype=xfs --onpart=sda1
    Copy to Clipboard Toggle word wrap

    You can use an entry similar to one of the following: 

    part / --fstype=xfs --onpart=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0-part1
part / --fstype=xfs --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1
    Copy to Clipboard Toggle word wrap

    By using this approach, the command always targets the same storage device. This is especially useful in large storage environments. To explore the available device names on the system, you can use the ls -lR /dev/disk command during the interactive installation. For more information about different ways to consistently refer to storage devices, see Persistent naming attributes.

  • If you lose the LUKS passphrase, any encrypted partitions and their data is completely inaccessible. There is no way to recover a lost passphrase. However, you can save encryption passphrases with the --escrowcert and create backup encryption passphrases with the --backuppassphrase options.

22.5.8. raid
Copy link

The raid Kickstart command is optional. It assembles a software RAID device.

Syntax
raid mntpoint --level=level --device=device-name partitions*
Copy to Clipboard Toggle word wrap
Options
  • mntpoint - Location where the RAID file system is mounted. If it is /, the RAID level must be 1 unless a boot partition (/boot) is present. If a boot partition is present, the /boot partition must be level 1 and the root (/) partition can be any of the available types. The partitions* (which denotes that multiple partitions can be listed) lists the RAID identifiers to add to the RAID array.
Important
  • On IBM Power Systems, if a RAID device has been prepared and has not been reformatted during the installation, ensure that the RAID metadata version is 0.90 or 1.0 if you intend to put the /boot and PReP partitions on the RAID device. The mdadm metadata versions 1.1 and 1.2 are not supported for the /boot and PReP partitions.
  • The PReP Boot partitions are not required on PowerNV systems.
  • --level= - RAID level to use (0, 1, 4, 5, 6, or 10).

  • --device= - Name of the RAID device to use - for example, --device=root.

    Important

    Do not use mdraid names in the form of md0 - these names are not guaranteed to be persistent. Instead, use meaningful names such as root or swap. Using meaningful names creates a symbolic link from /dev/md/name to whichever /dev/mdX node is assigned to the array.

    If you have an old (v0.90 metadata) array that you cannot assign a name to, you can specify the array by a filesystem label or UUID. For example, --device=LABEL=root or --device=UUID=93348e56-4631-d0f0-6f5b-45c47f570b88.

    You can use the UUID of the file system on the RAID device or UUID of the RAID device itself. The UUID of the RAID device should be in the 8-4-4-4-12 format. UUID reported by mdadm is in the 8:8:8:8 format which needs to be changed. For example 93348e56:4631d0f0:6f5b45c4:7f570b88 should be changed to 93348e56-4631-d0f0-6f5b-45c47f570b88.

  • --chunksize= - Sets the chunk size of a RAID storage in KiB. In certain situations, using a different chunk size than the default (512 Kib) can improve the performance of the RAID.
  • --spares= - Specifies the number of spare drives allocated for the RAID array. Spare drives are used to rebuild the array in case of drive failure.
  • --fsprofile= - Specifies a usage type to be passed to the program that makes a filesystem on this partition. A usage type defines a variety of tuning parameters to be used when making a filesystem. For this option to work, the filesystem must support the concept of usage types and there must be a configuration file that lists valid types. For ext2, ext3, and ext4, this configuration file is /etc/mke2fs.conf.
  • --fstype= - Sets the file system type for the RAID array. Valid values are xfs, ext2, ext3, ext4, swap, and vfat.
  • --fsoptions= - Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the /etc/fstab file of the installed system and should be enclosed in quotes. In the EFI system partition (/boot/efi), anaconda hard codes the value and ignores the users specified --fsoptions values.

  • --mkfsoptions= - Specifies additional parameters to be passed to the program that makes a filesystem on this partition. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem. For example, 

    part /opt/foo1 --size=512 --fstype=ext4 --mkfsoptions="-O ^has_journal,^flex_bg,^metadata_csum"

part /opt/foo2 --size=512 --fstype=xfs --mkfsoptions="-m bigtime=0,finobt=0"
    Copy to Clipboard Toggle word wrap

    For details, see the man pages of the filesystems you are creating. For example, mkfs.ext4 or mkfs.xfs.

  • --label= - Specify the label to give to the filesystem to be made. If the given label is already in use by another filesystem, a new label will be created.
  • --noformat - Use an existing RAID device and do not format the RAID array.
  • --useexisting - Use an existing RAID device and reformat it.

  • --encrypted - Specifies that this RAID device should be encrypted with Linux Unified Key Setup (LUKS) by using the passphrase provided in the --passphrase option. If you do not specify a passphrase, Anaconda uses the default, system-wide passphrase set with the autopart --passphrase command, or stops the installation and prompts you to provide a passphrase if no default is set.

    Note

    When encrypting one or more partitions, Anaconda attempts to gather 256 bits of entropy to ensure the partitions are encrypted securely. Gathering entropy can take some time - the process will stop after a maximum of 10 minutes, regardless of whether sufficient entropy has been gathered.

    The process can be sped up by interacting with the installation system (typing on the keyboard or moving the mouse). If you are installing in a virtual machine, you can also attach a virtio-rng device (a virtual random number generator) to the guest.

  • --luks-version=LUKS_VERSION - Specifies which version of LUKS format should be used to encrypt the filesystem. This option is only meaningful if --encrypted is specified.
  • --cipher= - Specifies the type of encryption to use if the Anaconda default aes-xts-plain64 is not satisfactory. You must use this option together with the --encrypted option; by itself it has no effect. Available types of encryption are listed in the Security hardening document. For example, aes-xts-plain64.
  • --passphrase= - Specifies the passphrase to use when encrypting this RAID device. You must use this option together with the --encrypted option; by itself it has no effect.
  • --escrowcert=URL_of_X.509_certificate - Store the data encryption key for this device in a file in /root, encrypted by using the X.509 certificate from the URL specified with URL_of_X.509_certificate. This option is only meaningful if --encrypted is specified.
  • --backuppassphrase - Add a randomly-generated passphrase to this device. Store the passphrase in a file in /root, encrypted by using the X.509 certificate specified with --escrowcert. This option is only meaningful if --escrowcert is specified.
  • --pbkdf=PBKDF - Sets Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot. See also the man page cryptsetup(8). This option is only meaningful if --encrypted is specified.
  • --pbkdf-memory=PBKDF_MEMORY - Sets the memory cost for PBKDF. See also the man page cryptsetup(8). This option is only meaningful if --encrypted is specified.
  • --pbkdf-time=PBKDF_TIME - Sets the number of milliseconds to spend with PBKDF passphrase processing. See also --iter-time in the man page cryptsetup(8). This option is only meaningful if --encrypted is specified, and is mutually exclusive with --pbkdf-iterations.
  • --pbkdf-iterations=PBKDF_ITERATIONS - Sets the number of iterations directly and avoids PBKDF benchmark. See also --pbkdf-force-iterations in the man page cryptsetup(8). This option is only meaningful if --encrypted is specified, and is mutually exclusive with --pbkdf-time.
Example

The following example shows how to create a RAID level 1 partition for /, and a RAID level 5 for /home, assuming there are three SCSI disks on the system. It also creates three swap partitions, one on each drive. 

part raid.01 --size=6000 --ondisk=sda
part raid.02 --size=6000 --ondisk=sdb
part raid.03 --size=6000 --ondisk=sdc
part swap --size=512 --ondisk=sda
part swap --size=512 --ondisk=sdb
part swap --size=512 --ondisk=sdc
part raid.11 --size=1 --grow --ondisk=sda
part raid.12 --size=1 --grow --ondisk=sdb
part raid.13 --size=1 --grow --ondisk=sdc
raid / --level=1 --device=rhel8-root --label=rhel8-root raid.01 raid.02 raid.03
raid /home --level=5 --device=rhel8-home --label=rhel8-home raid.11 raid.12 raid.13
Copy to Clipboard Toggle word wrap
Note
  • If you lose the LUKS passphrase, any encrypted partitions and their data is completely inaccessible. There is no way to recover a lost passphrase. However, you can save encryption passphrases with the --escrowcert and create backup encryption passphrases with the --backuppassphrase options.

22.5.9. volgroup
Copy link

The volgroup Kickstart command is optional. It creates a Logical Volume Manager (LVM) group.

Syntax
volgroup name [OPTIONS] [partition*]
Copy to Clipboard Toggle word wrap
Mandatory options
  • name - Name of the new volume group.
Options
  • partition - Physical volume partitions to use as backing storage for the volume group. At least one partition has to be specified when creating a new volume group.
  • --noformat - Use an existing volume group and do not format it.

  • --useexisting - Use an existing volume group and reformat it. If you use this option, do not specify a partition. For example: 

    volgroup rhel00 --useexisting --noformat
    Copy to Clipboard Toggle word wrap
  • --pesize= - Set the size of the volume group’s physical extents in KiB. The default value is 4096 (4 MiB), and the minimum value is 1024 (1 MiB).
  • --reserved-space= - Specify an amount of space to leave unused in a volume group in MiB. Applicable only to newly created volume groups.
  • --reserved-percent= - Specify a percentage of total volume group space to leave unused. Applicable only to newly created volume groups.
Notes
  • Create the partition first, then create the logical volume group, and then create the logical volume. For example: 
part pv.01 --size 10000
volgroup my_volgrp pv.01
logvol / --vgname=my_volgrp --size=2000 --name=root
Copy to Clipboard Toggle word wrap

  • Do not use the dash (-) character in logical volume and volume group names when installing Red Hat Enterprise Linux by using Kickstart. If this character is used, the installation finishes normally, but the /dev/mapper/ directory will list these volumes and volume groups with every dash doubled. For example, a volume group named volgrp-01 containing a logical volume named logvol-01 will be listed as /dev/mapper/volgrp--01-logvol--01.

    This limitation only applies to newly created logical volume and volume group names. If you are reusing existing ones by using the --noformat option, their names will not be changed.

22.5.10. logvol
Copy link

The logvol Kickstart command is optional. It creates a logical volume for Logical Volume Manager (LVM).

Syntax
logvol mntpoint --vgname=name --name=name [OPTIONS]
Copy to Clipboard Toggle word wrap
Mandatory options

  • mntpoint: The mount point where the partition is mounted. Must be of one of the following forms:

    • /path

      For example, / or /home

    • swap

      The partition is used as swap space.

      To determine the size of the swap partition automatically, use the --recommended option: 

      swap --recommended
      Copy to Clipboard Toggle word wrap

      To determine the size of the swap partition automatically and also allow extra space for your system to hibernate, use the --hibernation option: 

      swap --hibernation
      Copy to Clipboard Toggle word wrap

      The size assigned will be equivalent to the swap space assigned by --recommended plus the amount of RAM on your system. For the swap sizes assigned by these commands, see Recommended Partitioning Scheme for AMD64, Intel 64, and 64-bit ARM systems.

  • --vgname=name: Name of the volume group.
  • --name=name: Name of the logical volume.
Optional options
  • --noformat: Use an existing logical volume and do not format it.
  • --useexisting: Use an existing logical volume and reformat it.
  • --fstype=: Sets the file system type for the logical volume. Valid values are xfs, ext2, ext3, ext4, swap, and vfat.

  • --fsoptions=: Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the /etc/fstab file of the installed system and should be enclosed in quotes.

    Note

    In the EFI system partition (/boot/efi), anaconda hard codes the value and ignores the users specified --fsoptions values.

  • --mkfsoptions=: Specifies additional parameters to be passed to the program that makes a filesystem on this partition. No processing is done on the list of arguments, so they must be supplied in a format that can be passed directly to the mkfs program. This means multiple options should be comma-separated or surrounded by double quotes, depending on the filesystem. For example, 

    part /opt/foo1 --size=512 --fstype=ext4 --mkfsoptions="-O ^has_journal,^flex_bg,^metadata_csum"

part /opt/foo2 --size=512 --fstype=xfs --mkfsoptions="-m bigtime=0,finobt=0"
    Copy to Clipboard Toggle word wrap

    For details, see the man pages of the filesystems you are creating. For example, mkfs.ext4 or mkfs.xfs.

  • --fsprofile=: Specifies a usage type to be passed to the program that makes a filesystem on this partition. A usage type defines a variety of tuning parameters to be used when making a filesystem. For this option to work, the filesystem must support the concept of usage types and there must be a configuration file that lists valid types. For ext2, ext3, and ext4, this configuration file is /etc/mke2fs.conf.
  • --label=: Sets a label for the logical volume.
  • --grow: Extends the logical volume to occupy the available space (if any), or up to the maximum size specified, if any. The option must be used only if you have pre-allocated a minimum storage space in the disk image, and would want the volume to grow and occupy the available space. In a physical environment, this is a one-time-action. However, in a virtual environment, the volume size increases as and when the virtual machine writes any data to the virtual disk.
  • --size=: The size of the logical volume in MiB. This option cannot be used together with the --percent= option.

  • --percent=: The size of the logical volume, as a percentage of the free space in the volume group after any statically-sized logical volumes are taken into account. This option cannot be used together with the --size= option.

    Important

    When creating a new logical volume, you must either specify its size statically by using the --size= option, or as a percentage of remaining free space by using the --percent= option. You cannot use both of these options on the same logical volume.

  • --maxsize=: The maximum size in MiB when the logical volume is set to grow. Specify an integer value here such as 500 (do not include the unit).
  • --recommended: Use this option when creating a logical volume to determine the size of this volume automatically, based on your system’s hardware. For details about the recommended scheme, see Recommended Partitioning Scheme for AMD64, Intel 64, and 64-bit ARM systems.
  • --resize: Resize a logical volume. If you use this option, you must also specify --useexisting and --size.

  • --encrypted: Specifies that this logical volume should be encrypted with Linux Unified Key Setup (LUKS) by using the passphrase provided in the --passphrase= option. If you do not specify a passphrase, the installation program stops the installation and prompts you to provide a passphrase if no default is set.

    Note

    When encrypting one or more partitions, Anaconda attempts to gather 256 bits of entropy to ensure the partitions are encrypted securely. Gathering entropy can take some time - the process will stop after a maximum of 10 minutes, regardless of whether sufficient entropy has been gathered. The process can be sped up by interacting with the installation system (typing on the keyboard or moving the mouse). If you are installing in a virtual machine, you can also attach a virtio-rng device (a virtual random number generator) to the guest.

  • --passphrase=: Specifies the passphrase to use when encrypting this logical volume. You must use this option together with the --encrypted option; it has no effect by itself.
  • --cipher=: Specifies the type of encryption to use if the Anaconda default aes-xts-plain64 is not satisfactory. You must use this option together with the --encrypted option; by itself it has no effect. Available types of encryption are listed in Security hardening. For example, aes-xts-plain64.
  • --escrowcert=URL_of_X.509_certificate: Store data encryption keys of all encrypted volumes as files in /root, encrypted by using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if --encrypted is specified.
  • --luks-version=LUKS_VERSION: Specifies which version of LUKS format should be used to encrypt the filesystem. This option is only meaningful if --encrypted is specified.
  • --backuppassphrase: Add a randomly-generated passphrase to each encrypted volume. Store these passphrases in separate files in /root, encrypted by using the X.509 certificate specified with --escrowcert. This option is only meaningful if --escrowcert is specified.
  • --pbkdf=PBKDF: Sets Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot. See also the man page cryptsetup(8). This option is only meaningful if --encrypted is specified.
  • --pbkdf-memory=PBKDF_MEMORY: Sets the memory cost for PBKDF. See also the man page cryptsetup(8). This option is only meaningful if --encrypted is specified.
  • --pbkdf-time=PBKDF_TIME: Sets the number of milliseconds to spend with PBKDF passphrase processing. See also --iter-time in the man page cryptsetup(8). This option is only meaningful if --encrypted is specified, and is mutually exclusive with --pbkdf-iterations.
  • --pbkdf-iterations=PBKDF_ITERATIONS: Sets the number of iterations directly and avoids PBKDF benchmark. See also --pbkdf-force-iterations in the man page cryptsetup(8). This option is only meaningful if --encrypted is specified, and is mutually exclusive with --pbkdf-time.
  • --thinpool: Creates a thin pool of logical volume. (Use a mount point of none)
  • --metadatasize=size: Specify the metadata area size (in MiB) for a new thin pool device.
  • --chunksize=size: Specify the chunk size (in KiB) for a new thin pool device.
  • --thin: Create a thin logical volume. (Requires use of --poolname)
  • --poolname=name: Specify the name of the thin pool in which to create a thin logical volume. Requires the --thin option.
  • --profile=name: Specify the configuration profile name to use with thin logical volumes. If used, the name will also be included in the metadata for the given logical volume. By default, the available profiles are default and thin-performance and are defined in the /etc/lvm/profile/ directory. See the lvm(8) man page for additional information.
  • --cachepvs=: A comma-separated list of physical volumes which should be used as a cache for this volume.

  • --cachemode=: Specify which mode should be used to cache this logical volume - either writeback or writethrough.

    Note

    For more information about cached logical volumes and their modes, see the lvmcache(7) man page on your system.

  • --cachesize=: Size of cache attached to the logical volume, specified in MiB. This option requires the --cachepvs= option.
Notes
  • Do not use the dash (-) character in logical volume and volume group names when installing Red Hat Enterprise Linux by using Kickstart. If this character is used, the installation finishes normally, but the /dev/mapper/ directory will list these volumes and volume groups with every dash doubled. For example, a volume group named volgrp-01 containing a logical volume named logvol-01 will be listed as /dev/mapper/volgrp—​01-logvol—​01. This limitation only applies to newly created logical volume and volume group names. If you are reusing existing ones by using the --noformat option, their names will not be changed.
  • If you lose the LUKS passphrase, any encrypted partitions and their data is completely inaccessible. There is no way to recover a lost passphrase. However, you can save encryption passphrases with the --escrowcert and create backup encryption passphrases with the --backuppassphrase options.
Examples
  • Create the partition first, create the volume group, and then create the logical volume: 
part pv.01 --size 3000
volgroup myvg pv.01
logvol / --vgname=myvg --size=2000 --name=rootvol
Copy to Clipboard Toggle word wrap

  • Create the partition first, create the volume group, and then create the logical volume to occupy 90% of the remaining space in the volume group: 

    part pv.01 --size 1 --grow
volgroup myvg pv.01
logvol / --vgname=myvg --name=rootvol --percent=90
    Copy to Clipboard Toggle word wrap

22.5.11. snapshot
Copy link

The snapshot Kickstart command is optional. Use it to create LVM thin volume snapshots during the installation process. This enables you to back up a logical volume before or after the installation.

To create multiple snapshots, add the snaphost Kickstart command multiple times.

Syntax
snapshot vg_name/lv_name --name=snapshot_name --when=pre-install|post-install
Copy to Clipboard Toggle word wrap
Options
  • vg_name/lv_name - Sets the name of the volume group and logical volume to create the snapshot from.
  • --name=snapshot_name - Sets the name of the snapshot. This name must be unique within the volume group.
  • --when=pre-install|post-install - Sets if the snapshot is created before the installation begins or after the installation is completed.

22.5.12. mount
Copy link

The mount Kickstart command is optional. It assigns a mount point to an existing block device, and optionally reformats it to a given format.

Syntax
mount [OPTIONS] device mountpoint
Copy to Clipboard Toggle word wrap
Mandatory options
  • device - The block device to mount.
  • mountpoint - Where to mount the device. It must be a valid mount point, such as / or /usr, or none if the device is unmountable (for example swap).
Optional options
  • --reformat= - Specifies a new format (such as ext4) to which the device should be reformatted.
  • --mkfsoptions= - Specifies additional options to be passed to the command which creates the new file system specified in --reformat=. The list of options provided here is not processed, so they must be specified in a format that can be passed directly to the mkfs program. The list of options should be either comma-separated or surrounded by double quotes, depending on the file system. See the mkfs man page for the file system you want to create (for example mkfs.ext4(8) or mkfs.xfs(8)) for specific details.
  • --mountoptions= - Specifies a free form string that contains options to be used when mounting the file system. The string will be copied to the /etc/fstab file on the installed system and should be enclosed in double quotes. See the mount(8) man page for a full list of mount options, and fstab(5) for basics.
Notes
  • Unlike most other storage configuration commands in Kickstart, mount does not require you to describe the entire storage configuration in the Kickstart file. You only need to ensure that the described block device exists on the system. However, if you want to create the storage stack with all the devices mounted, you must use other commands such as part to do so.
  • You cannot use mount together with other storage-related commands such as part, logvol, or autopart in the same Kickstart file.

22.5.13. zipl
Copy link

The zipl Kickstart command is optional. It specifies the ZIPL configuration for 64-bit IBM Z. Use this command only once.

Options
  • --secure-boot - Enables secure boot if it is supported by the installing system.
  • --no-secure-boot - Disables secure boot.
  • --force-secure-boot - Enables secure boot unconditionally.
Notes
  • When installed on a system that is later than IBM z14, the installed system cannot be booted from an IBM z14 or earlier model.
  • Installation is not supported on IBM z14 and earlier models.
  • Secure Boot is not supported on IBM z14 and earlier models. Use --no-secure-boot if you intend to boot the installed system on IBM z14 and earlier models.

22.5.14. fcoe
Copy link

The fcoe Kickstart command is optional. It specifies which FCoE devices should be activated automatically in addition to those discovered by Enhanced Disk Drive Services (EDD).

Syntax
fcoe --nic=name [OPTIONS]
Copy to Clipboard Toggle word wrap
Options
  • --nic= (required) - The name of the device to be activated.
  • --dcb= - Establish Data Center Bridging (DCB) settings.
  • --autovlan - Discover VLANs automatically. This option is enabled by default.

22.5.15. iscsi
Copy link

The iscsi Kickstart command is optional. It specifies additional iSCSI storage to be attached during installation.

Syntax
iscsi --ipaddr=address [OPTIONS]
Copy to Clipboard Toggle word wrap
Mandatory options
  • --ipaddr= (required) - the IP address of the target to connect to.
Optional options
  • --port= (required) - the port number. If not present, --port=3260 is used automatically by default.
  • --target= - the target IQN (iSCSI Qualified Name).
  • --iface= - bind the connection to a specific network interface instead of using the default one determined by the network layer. Once used, it must be specified in all instances of the iscsi command in the entire Kickstart file.
  • --user= - the user name required to authenticate with the target
  • --password= - the password that corresponds with the user name specified for the target
  • --reverse-user= - the user name required to authenticate with the initiator from a target that uses reverse CHAP authentication
  • --reverse-password= - the password that corresponds with the user name specified for the initiator
Notes
  • If you use the iscsi command, you must also assign a name to the iSCSI node by using the iscsiname command. The iscsiname command must appear before the iscsi command in the Kickstart file.
  • Wherever possible, configure iSCSI storage in the system BIOS or firmware (iBFT for Intel systems) rather than use the iscsi command. Anaconda automatically detects and uses disks configured in BIOS or firmware and no special configuration is necessary in the Kickstart file.
  • If you must use the iscsi command, ensure that networking is activated at the beginning of the installation, and that the iscsi command appears in the Kickstart file before you refer to iSCSI disks with commands such as clearpart or ignoredisk.

22.5.16. iscsiname
Copy link

The iscsiname Kickstart command is optional. It assigns a name to an iSCSI node specified by the iscsi command. Use this command only once.

Syntax
iscsiname iqname
Copy to Clipboard Toggle word wrap
Options
  • iqname - Name to assign to the iSCSI node.
Note
  • If you use the iscsi command in your Kickstart file, you must specify iscsiname earlier in the Kickstart file.

22.5.17. zfcp
Copy link

The zfcp Kickstart command is optional. It defines a Fibre channel device.

This option only applies on 64-bit IBM Z.

Syntax
zfcp --devnum=devnum [--wwpn=wwpn --fcplun=lun]
Copy to Clipboard Toggle word wrap
Options
  • --devnum= - The device number (zFCP adapter device bus ID).
  • --wwpn= - The device’s World Wide Port Name (WWPN). Takes the form of a 16-digit number, preceded by 0x.
  • --fcplun= - The device’s Logical Unit Number (LUN). Takes the form of a 16-digit number, preceded by 0x.
Example
zfcp --devnum=0.0.4000 --wwpn=0x5005076300C213e9 --fcplun=0x5022000000000000
zfcp --devnum=0.0.4000
Copy to Clipboard Toggle word wrap

The Kickstart commands in this section are related to add-ons supplied by default with the Red Hat Enterprise Linux installation program.

22.6.1. %addon com_redhat_kdump
Copy link

The %addon com_redhat_kdump Kickstart command is optional. This command configures the kdump kernel crash dumping mechanism.

Syntax
%addon com_redhat_kdump [OPTIONS]
%end
Copy to Clipboard Toggle word wrap
Note

The syntax for this command is different because it is an add-on rather than a built-in Kickstart command.

Kdump is a kernel crash dumping mechanism that allows you to save the contents of the system’s memory for later analysis. It relies on kexec, which can be used to boot a Linux kernel from the context of another kernel without rebooting the system, and preserve the contents of the first kernel’s memory that would otherwise be lost.

In case of a system crash, kexec boots into a second kernel (a capture kernel). This capture kernel resides in a reserved part of the system memory. Kdump then captures the contents of the crashed kernel’s memory (a crash dump) and saves it to a specified location. The location cannot be configured using this Kickstart command; it must be configured after the installation by editing the /etc/kdump.conf configuration file.

For more information about Kdump, see the Installing kdump.

Options
  • --enable - Enable kdump on the installed system.
  • --disable - Disable kdump on the installed system.

  • --reserve-mb= - The amount of memory you want to reserve for kdump, in MiB. For example: 

    %addon com_redhat_kdump --enable --reserve-mb=128
%end
    Copy to Clipboard Toggle word wrap

    You can also specify auto instead of a numeric value. In that case, the installation program will determine the amount of memory automatically based on the criteria described in the Memory requirements for kdump section of the Managing, monitoring and updating the kernel document.

    If you enable kdump and do not specify a --reserve-mb= option, the value auto will be used.

  • --enablefadump - Enable firmware-assisted dumping on systems which allow it (notably, IBM Power Systems servers).

22.7. Kickstart commands for system recovery
Copy link

The Kickstart command in this section repairs an installed system.

22.7.1. rescue
Copy link

The rescue Kickstart command is optional. It provides a shell environment with root privileges and a set of system management tools to repair the installation and to troubleshoot the issues like:

  • Mount file systems as read-only
  • Blocklist or add a driver provided on a driver disc
  • Install or upgrade system packages
  • Manage partitions
Note

The Kickstart rescue mode is different from the rescue mode and emergency mode, which are provided as part of the systemd and service manager.

The rescue command does not modify the system on its own. It only sets up the rescue environment by mounting the system under /mnt/sysroot in a read-write mode. You can choose not to mount the system, or to mount it in read-only mode. Use this command only once.

Syntax
rescue [--nomount|--romount]
Copy to Clipboard Toggle word wrap
Options
  • --nomount or --romount - Controls how the installed system is mounted in the rescue environment. By default, the installation program finds your system and mount it in read-write mode, telling you where it has performed this mount. You can optionally select to not mount anything (the --nomount option) or mount in read-only mode (the --romount option). Only one of these two options can be used.
Notes

To run a rescue mode, make a copy of the Kickstart file, and include the rescue command in it. Using the rescue command causes the installer to perform the following steps:

  1. Run the %pre script.

  2. Set up the environment for rescue mode.

    The following kickstart commands take effect:

    1. updates
    2. sshpw
    3. logging
    4. lang
    5. network

  3. Set up an advanced storage environment.

    The following kickstart commands take effect:

    1. fcoe
    2. iscsi
    3. iscsiname
    4. nvdimm
    5. zfcp

  4. Mount the system. 

    rescue [--nomount|--romount]
    Copy to Clipboard Toggle word wrap

  5. Run %post script

    This step is run only if the installed system is mounted in read-write mode.

  6. Start shell.
  7. Reboot system.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat