15.2. Kickstart Changes

Added Kickstart support for CA certificates to enable encrypted DNS configuration during installation

Support for the %certificate in the Kickstart file is added to enable the installation of CA certificates into the installer environment and the installed system. This simplifies the setup process and ensures that the encrypted DNS is operational after installation, reducing manual configuration and security gaps. The certificates are inlined in the Base64 ASCII format and imported through the --dir and --filename options. This enhancement facilitates encrypted DNS configuration as part of Zero Trust Architecture requirements. The encrypted DNS set up during installation ensures secure DNS resolution from the start, improving security and compliance in automated deployments. For more information, see Kickstart certificates section.

pwpolicy and %anaconda Kickstart commands have been removed

The support for the pwpolicy and %anaconda Kickstart commands has been removed in Red Hat Enterprise Linux 10.

The --level parameter of the logging Kickstart command is removed

The --level parameter of the logging kickstart command has been removed. It is no longer possible to set the level of logging of the installation process.

Removed a few options of the timezone Kickstart command

The following options of the timezone Kickstart command has been removed in Red Hat Enterprise Linux 10:

The module kickstart command has been deprecated

Anaconda has deprecated its support for DNF modularity, and as a consequence the module kickstart command has been deprecated. This might impact you if you are using modules in the %packages section of your kickstart files or the module kickstart command. This change is implemented for simplifying the installation process and ensuring a more consistent experience moving forward.

auth or authconfig commands are removed

The auth or authconfig Kickstart commands are removed now. As a replacement, use the authselect kickstart command.

The --excludeWeakdeps and --instLangs options from %packages have been removed

The --excludeWeakdeps and --instLangs options used in the %packages section have been removed. To maintain similar functionality, use the updated --exclude-weakdeps and --inst-langs options instead. These replacements ensure compatibility and provide the same dependency and language control within package management.

Removed teaming options from the network kickstart command

The --teamslaves and --teamconfig options used for configuring team devices in the network kickstart command have been removed. To configure similar network settings, use the --bondslaves and --bondopts options to set up a Bond device.

The %addon com_redhat_oscap Kickstart command has been removed

The support for the %addon com_redhat_oscap Kickstart command has been removed in Red Hat Enterprise Linux 10. With RHEL 10, you can use more flexible and customizable approach to hardening systems by using Anaconda and Kickstart, in addition to the already existing Image Builder option. For more information, see Performing a hardened installation of RHEL with Kickstart.