Chapter 12. Adding the Kickstart file to a UEFI HTTP or PXE installation source
After your Kickstart file is ready, you can make it available for the installation on the destination system.
12.1. Ports for network-based installation
The following table lists the ports that must be open on the server for providing the files for each type of network-based installation.
Protocol used | Ports to open |
---|---|
HTTP | 80 |
HTTPS | 443 |
FTP | 21 |
NFS | 2049, 111, 20048 |
TFTP | 69 |
Additional resources
12.2. Sharing the installation files on an NFS server
You can store the Kickstart script file on an NFS server. Storing it on an NFS server enables you to install multiple systems from a single source without having to use physical media for the Kickstart file.
Prerequisites
- You have an administrator-level access to a server with Red Hat Enterprise Linux 8 on the local network.
- The system to be installed can connect to the server.
- The firewall on the server allows connections from the system you are installing to. See Ports for Network based Installation for more information.
Ensure that you use different paths in inst.ks
and inst.repo
. When using NFS to host the Kickstart, you cannot use the same nfs share to host the installation source.
Procedure
Install the
nfs-utils
package by running the following command as root:# yum install nfs-utils
- Copy the Kickstart file to a directory on the NFS server.
Open the
/etc/exports
file using a text editor and add a line with the following syntax:/exported_directory/ clients
Replace /exported_directory/ with the full path to the directory holding the Kickstart file. Instead of clients, use the host name or IP address of the computer that is to be installed from this NFS server, the subnetwork from which all computers are to have access the ISO image, or the asterisk sign (
*
) if you want to allow any computer with network access to the NFS server to use the ISO image. See the exports(5) man page for detailed information about the format of this field. A basic configuration that makes the/rhel8-install/
directory available as read-only to all clients is:/rhel8-install *
-
Save the
/etc/exports
file and exit the text editor. Start the nfs service:
# systemctl start nfs-server.service
If the service was running before you changed the
/etc/exports
file, enter the following command, in order for the running NFS server to reload its configuration:# systemctl reload nfs-server.service
The Kickstart file is now accessible over NFS and ready to be used for installation.
When specifying the Kickstart source, use nfs:
as the protocol, the server’s host name or IP address, the colon sign (:
), and the path inside directory holding the file. For example, if the server’s host name is myserver.example.com
and you have saved the file in /rhel8-install/my-ks.cfg
, specify inst.ks=nfs:myserver.example.com:/rhel8-install/my-ks.cfg
as the installation source boot option.
Additional resources
12.3. Sharing the installation files on an HTTP or HTTPS server
You can store the Kickstart script file on an HTTP or HTTPS server. Storing the Kickstart file on an HTTP or HTTPS server enables you to install multiple systems from a single source without having to use physical media for the Kickstart file.
Prerequisites
- You have an administrator-level access to a server with Red Hat Enterprise Linux 8 on the local network.
- The system to be installed can connect to the server.
- The firewall on the server allows connections from the system you are installing to. See Ports for Network based Installation for more information.
Procedure
To store the Kickstart file on an HTTP, install the
httpd
package:# yum install httpd
To store the Kickstart file on an HTTPS, install
httpd
andmod_ssl
packages:# yum install httpd mod_ssl
WarningIf your Apache web server configuration enables SSL security, verify that you only enable the TLSv1 protocol, and disable SSLv2 and SSLv3. This is due to the POODLE SSL vulnerability (CVE-2014-3566). See https://access.redhat.com/solutions/1232413 for details.
ImportantIf you use an HTTPS server with a self-signed certificate, you must boot the installation program with the
inst.noverifyssl
option.-
Copy the Kickstart file to the HTTP(S) server into a subdirectory of the
/var/www/html/
directory. Start the httpd service:
# systemctl start httpd.service
The Kickstart file is now accessible and ready to be used for installation.
When specifying the location of the Kickstart file, use
http://
orhttps://
as the protocol, the server’s host name or IP address, and the path of the Kickstart file, relative to the HTTP server root. For example, if you are using HTTP, the server’s host name ismyserver.example.com
, and you have copied the Kickstart file as/var/www/html/rhel8-install/my-ks.cfg
, specifyhttp://myserver.example.com/rhel8-install/my-ks.cfg
as the file location.
Additional resources
12.4. Sharing the installation files on an FTP server
You can store the Kickstart script file on an FTP server. Storing the script on an FTP server enables you to install multiple systems from a single source without having to use physical media for the Kickstart file.
Prerequisites
- You have an administrator-level access to a server with Red Hat Enterprise Linux 8 on the local network.
- The system to be installed can connect to the server.
- The firewall on the server allows connections from the system you are installing to. For moer information, Ports for Network based Installation.
Procedure
Install the
vsftpd
package by running the following command as root:# yum install vsftpd
Open and edit the
/etc/vsftpd/vsftpd.conf
configuration file in a text editor.-
Change the line
anonymous_enable=NO
toanonymous_enable=YES
-
Change the line
write_enable=YES
towrite_enable=NO
. Add lines
pasv_min_port=min_port
andpasv_max_port=max_port
. Replacemin_port
andmax_port
with the port number range used by FTP server in passive mode, for example,10021
and10031
.This step can be necessary in network environments featuring various firewall/NAT setups.
Optional: add custom changes to your configuration. For available options, see the vsftpd.conf(5) man page. This procedure assumes that default options are used.
WarningIf you configured SSL/TLS security in your
vsftpd.conf
file, ensure that you enable only the TLSv1 protocol, and disable SSLv2 and SSLv3. This is due to the POODLE SSL vulnerability (CVE-2014-3566). See https://access.redhat.com/solutions/1234773 for details.
-
Change the line
Configure the server firewall.
Enable the firewall:
# systemctl enable firewalld # systemctl start firewalld
Enable in your firewall the FTP port and port range from previous step:
# firewall-cmd --add-port min_port-max_port/tcp --permanent # firewall-cmd --add-service ftp --permanent # firewall-cmd --reload
Replace min_port-max_port with the port numbers you entered into the
/etc/vsftpd/vsftpd.conf
configuration file.
-
Copy the Kickstart file to the FTP server into the
/var/ftp/
directory or its subdirectory. Make sure that the correct SELinux context and access mode is set on the file:
# restorecon -r /var/ftp/your-kickstart-file.ks # chmod 444 /var/ftp/your-kickstart-file.ks
Start the
vsftpd
service:# systemctl start vsftpd.service
If the service was running before you changed the
/etc/vsftpd/vsftpd.conf
file, restart the service to load the edited file:# systemctl restart vsftpd.service
Enable the
vsftpd
service to start during the boot process:# systemctl enable vsftpd
The Kickstart file is now accessible and ready to be used for installations by systems on the same network.
NoteWhen configuring the installation source, use
ftp://
as the protocol, the server’s host name or IP address, and the path of the Kickstart file, relative to the FTP server root. For example, if the server’s host name ismyserver.example.com
and you have copied the file to/var/ftp/my-ks.cfg
, specifyftp://myserver.example.com/my-ks.cfg
as the installation source.