15 March 2013 Karim Elatov

The easiest way to do a network install with any Linux Distribution is to use Kickstart. From the “Red Hat Enterprise Linux 6 Installation Guide”:

RHEL Kickstart

Chapter 32. Kickstart Installations 32.1. What are Kickstart Installations?

Many system administrators would prefer to use an automated installation method to install Red Hat Enterprise Linux on their machines. To answer this need, Red Hat created the kickstart installation method. Using kickstart, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical installation. Kickstart files can be kept on a single server system and read by individual computers during the installation. This installation method can support the use of a single kickstart file to install Red Hat Enterprise Linux on multiple machines, making it ideal for network and system administrators. Kickstart provides a way for users to automate a Red Hat Enterprise Linux installation. All kickstart scriptlets and the log files of their execution are stored in the /tmp directory to assist with debugging installation failures.

32.2. How Do You Perform a Kickstart Installation?

Kickstart installations can be performed using a local DVD, a local hard drive, or via NFS, FTP, HTTP, or HTTPS. To use kickstart, you must:

  1. Create a kickstart file.
  2. Create a boot media with the kickstart file or make the kickstart file available on the network.
  3. Make the installation tree available.
  4. Start the kickstart installation.

KickStart File

32.3. Creating the Kickstart File

The kickstart file is a simple text file, containing a list of items, each identified by a keyword. You can create it by using the Kickstart Configurator application, or writing it from scratch. The Red Hat Enterprise Linux installation program also creates a sample kickstart file based on the options that you selected during installation. It is written to the file /root/anaconda-ks.cfg. You should be able to edit it with any text editor or word processor that can save files as ASCII text.

Here is how mine looked like:

[[email protected] ~]# cat anaconda-ks.cfg
# Kickstart file automatically generated by anaconda.

#version=DEVEL
install
cdrom
lang en_US.UTF-8
keyboard us
network --onboot no --device eth0 --noipv4 --noipv6
rootpw  --iscrypted $6$zV1LP62.FgeNH0/I$1ofQRdVBXeQxllfRjHfKWS9cUNo0
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc America/Denver
bootloader --location=mbr --driveorder=sda --append="nomodeset crashkernel=auto rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --all --drives=sda
#volgroup VolGroup --pesize=4096 pv.008002
#logvol / --fstype=ext4 --name=lv_root --vgname=VolGroup --grow --size=1024 --maxsize=51200
#logvol swap --name=lv_swap --vgname=VolGroup --grow --size=512 --maxsize=1024

#part /boot --fstype=ext4 --size=500
#part pv.008002 --grow --size=1

repo --name="Red Hat Enterprise Linux"  --baseurl=cdrom:sr0 --cost=100

%packages --nobase
@core
%end

KickStart Options

Now let’s see what all the options means, from the above guide:

32.4. Kickstart Options

The following options can be placed in a kickstart

auth or authconfig (required)

Sets up the authentication options for the system. It is similar to the authconfig command, which can be run after the install. By default, passwords are normally encrypted and are not shadowed.

  • -enablenis — Turns on NIS support. By default, --enablenis uses whatever domain it finds on the network. A domain should almost always be set by hand with the -nisdomain= option.
  • -nisdomain= — NIS domain name to use for NIS services.
  • --nisserver= — Server to use for NIS services (broadcasts by default).
  • -useshadow or -enableshadow — Use shadow passwords.
  • -enableldap — Turns on LDAP support in /etc/nsswitch.conf, allowing your system to retrieve information about users (for example, their UIDs, home directories, and shells) from an LDAP directory. To use this option, you must install the nss-pam-ldapd package. You must also specify a server and a base DN (distinguished name) with --ldapserver= and -ldapbasedn=.
  • -enableldapauth — Use LDAP as an authentication method. This enables the pam_ldap module for authentication and changing passwords, using an LDAP directory. To use this option, you must have the nss-pam-ldapd package installed. You must also specify a server and a base DN with -ldapserver= and --ldapbasedn=. If your environment does not use TLS (Transport Layer Security), use the -disableldaptls switch to ensure that the resulting configuration file works.
  • -ldapserver= — If you specified either -enableldap or -enableldapauth, use this option to specify the name of the LDAP server to use. This option is set in the /etc/ldap.conf file.
  • -ldapbasedn= — If you specified either -enableldap or -enableldapauth, use this option to specify the DN in your LDAP directory tree under which user information is stored. This option is set in the /etc/ldap.conf file.
  • -enableldaptls — Use TLS (Transport Layer Security) lookups. This option allows LDAP to send encrypted usernames and passwords to an LDAP server before authentication.
  • -disableldaptls — Do not use TLS (Transport Layer Security) lookups in an environment that uses LDAP for authentication.
  • -enablekrb5 — Use Kerberos 5 for authenticating users. Kerberos itself does not know about home directories, UIDs, or shells. If you enable Kerberos, you must make users’ accounts known to this workstation by enabling LDAP, NIS, or Hesiod or by using the /usr/sbin/useradd command. If you use this option, you must have the pam_krb5 package installed.
  • -krb5realm= — The Kerberos 5 realm to which your workstation belongs.
  • -krb5kdc= — The KDC (or KDCs) that serve requests for the realm. If you have multiple KDCs in your realm, separate their names with commas (,).
  • -krb5adminserver= — The KDC in your realm that is also running kadmind. This server handles password changing and other administrative requests. This server must be run on the master KDC if you have more than one KDC.
  • -enablehesiod — Enable Hesiod support for looking up user home directories, UIDs, and shells. More information on setting up and using Hesiod on your network is in /usr/share/doc/glibc-2.x.x/README.hesiod, which is included in the glibc package. Hesiod is an extension of DNS that uses DNS records to store information about users, groups, and various other items.
  • -hesiodlhs and -hesiodrhs — The Hesiod LHS (left-hand side) and RHS (right-hand side) values, set in /etc/hesiod.conf. The Hesiod library uses these values to search DNS for a name, similar to the way that LDAP uses a base DN. To look up user information for the username jim, the Hesiod library looks up jim.passwd, which should resolve to a TXT record that contains a string identical to an entry for that user in the passwd file: jim::501:501:Jungle Jim:/home/jim:/bin/bash**. To look up groups, the Hesiod library looks up **jim.group** instead. To look up users and groups by number, make **501.uid** a **CNAME** for **jim.passwd**, and **501.gid** a **CNAME** for **jim.group**. Note that the library does not place a period (.) in front of the LHS and RHS values when performing a search. Therefore, if the *LHS and RHS values need to have a period placed in front of them, you must include the period in the values you set for **-hesiodlhs and -hesiodrhs.
  • -enablesmbauth — Enables authentication of users against an SMB server (typically a Samba or Windows server). SMB authentication support does not know about home directories, UIDs, or shells. If you enable SMB, you must make users’ accounts known to the workstation by enabling LDAP, NIS, or Hesiod or by using the /usr/sbin/useradd command.
  • -smbservers= — The name of the servers to use for SMB authentication. To specify more than one server, separate the names with commas (,).
  • -smbworkgroup= — The name of the workgroup for the SMB servers.
  • -enablecache — Enables the nscd service. The nscd service caches information about users, groups, and various other types of information. Caching is especially helpful if you choose to distribute information about users and groups over your network using NIS, LDAP, or Hesiod.
  • -passalgo — To set up the SHA-256 hashing algorithm, run the command authconfig -passalgo=sha256 -kickstart.To set up the SHA-512 hashing algorithm, run authconfig -passalgo=sha512 -kickstart.Remove the -enablemd5 option if it is present.

autopart (optional)

Automatically create partitions — 1 GB or more root (/) partition, a swap partition, and an appropriate boot partition for the architecture. One or more of the default partition sizes can be redefined with the part directive.

  • -encrypted — Should all devices with support be encrypted by default? This is equivalent to checking the Encrypt checkbox on the initial partitioning screen.
  • -passphrase= — Provide a default system-wide passphrase for all encrypted devices.
  • -escrowcert=URL_of_X.509_certificate — Store data encryption keys of all encrypted volumes as files in /root, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if -encrypted is specified.
  • -backuppassphrase= — Add a randomly-generated passphrase to each encrypted volume. Store these passphrases in separate files in /root, encrypted using the X.509 certificate specified with -escrowcert. This option is only meaningful if-escrowcertis specified.

autostep (optional)

Similar to interactive except it goes to the next screen for you. It is used mostly for debugging.

  • -autoscreenshot — Take a screenshot at every step during installation and copy the images over to /root/anaconda-screenshots after installation is complete. This is most useful for documentation.

bootloader (required)

Specifies how the boot loader should be installed. This option is required for both installations and upgrades.

  • -append= — Specifies kernel parameters. To specify multiple parameters, separate them with spaces. For example:

     bootloader --location=mbr --append="hdd=ide-scsi ide=nodma"
    
  • -driveorder — Specify which drive is first in the BIOS boot order. For example:

     bootloader --driveorder=sda,hda
    
  • -location= — Specifies where the boot record is written. Valid values are the following:

    • mbr (the default), partition (installs the boot loader on the first sector of the partition containing the kernel), or none (do not install the boot loader).
    • -password= — If using GRUB, sets the GRUB boot loader password to the one specified with this option. This should be used to restrict access to the GRUB shell, where arbitrary kernel options can be passed.
    • -md5pass= — If using GRUB, similar to -password= except the password should already be encrypted.
    • -upgrade — Upgrade the existing boot loader configuration, preserving the old entries. This option is only available for upgrades.

clearpart (optional)

Removes partitions from the system, prior to creation of new partitions. By default, no partitions are removed.

  • -all — Erases all partitions from the system.
  • -drives= — Specifies which drives to clear partitions from. For example, the following clears all the partitions on the first two drives on the primary IDE controller:

     clearpart --drives=hda,hdb --all
    

    To clear a multipath device that does not use logical volume management (LVM), use the format disk/by-id/dm-uuid-mpath-WWID, where WWID is the world-wide identifier for the device. For example, to clear a disk with WWID 2416CD96995134CA5D787F00A5AA11017, use:

     clearpart --drives=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
    
  • -initlabel — Initializes the disk label to the default for your architecture (for example msdos for x86). It is useful so that the installation program does not ask if it should initialize the disk label if installing to a brand new hard drive.

  • -linux — Erases all Linux partitions.

  • -none (default) — Do not remove any partitions.

cmdline (optional)

Perform the installation in a completely non-interactive command line mode. Any prompts for interaction halts the install. This mode is useful on IBM System z systems with the 3270 terminal under z/VM and operating system messages applet on LPAR. The recommended use is in conjunction with RUNKS=1 and ks=.

device (optional)

On most PCI systems, the installation program autoprobes for Ethernet and SCSI cards properly. On older systems and some PCI systems, however, kickstart needs a hint to find the proper devices. The device command, which tells the installation program to install extra modules, is in this format:

device moduleName --opts=options
  • moduleName — Replace with the name of the kernel module which should be installed.
  • -opts= — Options to pass to the kernel module. For example: --opts="aic152x=0x340 io=11"

driverdisk (optional)

Driver diskettes can be used during kickstart installations. You must copy the driver diskettes’s contents to the root directory of a partition on the system’s hard drive. Then you must use the driverdisk command to tell the installation program where to look for the driver disk.

driverdisk partition --source=url --biospart=biospart [--type=fstype]

Alternatively, a network location can be specified for the driver diskette:

driverdisk --source=ftp://path/to/dd.img
driverdisk --source=http://path/to/dd.img
driverdisk --source=nfs:host:/path/to/img
  • partition — Partition containing the driver disk.
  • url — URL for the driver disk. NFS locations can be given in the form nfs:host:/path/to/img.
  • biospart — BIOS partition containing the driver disk (for example, 82p2).
  • -type= — File system type (for example, vfat or ext2).

firewall (optional)

This option corresponds to the Firewall Configuration screen in the installation program:

firewall --enabled|--disabled [--trust=] device incoming [--port=]
  • -enabled or -enable — Reject incoming connections that are not in response to outbound requests, such as DNS replies or DHCP requests. If access to services running on this machine is needed, you can choose to allow specific services through the firewall.
  • -disabled or -disable — Do not configure any iptables rules.
  • -trust= — Listing a device here, such as eth0, allows all traffic coming from that device to go through the firewall. To list more than one device, use -trust eth0 -trust eth1. Do NOT use a comma-separated format such as -trust eth0, eth1.
  • incoming — Replace with one or more of the following to allow the specified services through the firewall.

    • -ssh
    • -telnet
    • -smtp
    • -http
    • -https
    • -ftp
  • -port= — You can specify that ports be allowed through the firewall using the port:protocol format. For example, to allow IMAP access through your firewall, specify imap:tcp. Numeric ports can also be specified explicitly; for example, to allow UDP packets on port 1234 through, specify 1234:udp. To specify multiple ports, separate them by commas.

firstboot (optional)

Determine whether the firstboot starts the first time the system is booted. If enabled, the firstboot package must be installed. If not specified, this option is disabled by default.

  • -enable or -enabled — The Setup Agent is started the first time the system boots.
  • -disable or -disabled — The Setup Agent is not started the first time the system boots.
  • -reconfig — Enable the Setup Agent to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, and time zone configuration options in addition to the default ones.

graphical (optional)

Perform the kickstart installation in graphical mode. This is the default.

halt (optional)

Halt the system after the installation has successfully completed. This is similar to a manual installation, where anaconda displays a message and waits for the user to press a key before rebooting. During a kickstart installation, if no completion method is specified, this option is used as the default.

The halt option is equivalent to the shutdown -h command.

For other completion methods, refer to the poweroff, reboot, and shutdown kickstart options.

ignoredisk (optional)

Causes the installer to ignore the specified disks. This is useful if you use autopartition and want to be sure that some disks are ignored. For example, without ignoredisk, attempting to deploy on a SAN-cluster the kickstart would fail, as the installer detects passive paths to the SAN that return no partition table. The syntax is:

ignoredisk --drives=drive1,drive2,...

where driveN is one of sda, sdb,…, hda,… etc. To ignore a multipath device that does not use logical volume management (LVM), use the format disk/by-id/dm-uuid-mpath-WWID, where WWID is the world-wide identifier for the device. For example, to ignore a disk with WWID 2416CD96995134CA5D787F00A5AA11017, use:

ignoredisk --drives=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017

Multipath devices that use LVM are not assembled until after anaconda has parsed the kickstart file. Therefore, you cannot specify these devices in the format dm-uuid-mpath. Instead, to ignore a multipath device that uses LVM, use the format disk/by-id/scsi-WWID, where WWID is the world-wide identifier for the device. For example, to ignore a disk with WWID 58095BEC5510947BE8C0360F604351918, use:

igoredisk --drives=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
  • -only-use — specifies a list of disks for the installer to use. All other disks are ignored. For example, to use disk sda during installation and ignore all other disks: ignoredisk --only-use=sda To include a multipath device that does not use LVM: ignoredisk --only-use=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017 To include a multipath device that uses LVM: ignoredisk --only-use=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918

install (optional)

Tells the system to install a fresh system rather than upgrade an existing system. This is the default mode. For installation, you must specify the type of installation from cdromharddrivenfs, or url (for FTP, HTTP, or HTTPS installations). The install command and the installation method command must be on separate lines.

  • cdrom — Install from the first optical drive on the system.
  • harddrive — Install from a Red Hat installation tree on a local drive, which must be either vfat or ext2.

    • -biospart= BIOS partition to install from (such as 82).
    • -partition= Partition to install from (such as sdb2).
    • -dir= Directory containing the variant directory of the installation tree.

    For example:

    harddrive --partition=hdb2 --dir=/tmp/install-tree
    
  • nfs — Install from the NFS server specified.

    • -server= Server from which to install (hostname or IP).
    • -dir= Directory containing the variant directory of the installation tree.
    • -opts= Mount options to use for mounting the NFS export. (optional)

    For example:

    nfs --server=nfsserver.example.com --dir=/tmp/install-tree
    
  • url — Install from an installation tree on a remote server via FTP, HTTP, or HTTPS. For example:

     url --url http://server/dir
    

    or:

     url --url ftp://username:password'@'server/dir
    

interactive (optional)

Perform an interactive installation, but use the information in the kickstart file to provide defaults. During the installation, anaconda still prompts you at every stage. Either accept the values from the kickstart file by clicking Next or change the values and click Next to continue. Refer also to the autostep command.

iscsi (optional)

iscsi --ipaddr= [options]

Specifies additional iSCSI storage to be attached during installation. If you use the iscsi parameter, you must also assign a name to the iSCSI node, using the iscsiname parameter earlier in the kickstart file. We recommend that wherever possible you configure iSCSI storage in the system BIOS or firmware (iBFT for Intel systems) rather than use the iscsi parameter. Anaconda automatically detects and uses disks configured in BIOS or firmware and no special configuration is necessary in the kickstart file. If you must use the iscsi parameter, ensure that networking is activated at the beginning of the installation, and that the iscsi parameter appears in the kickstart file before you refer to iSCSI disks with parameters such as clearpart or ignoredisk.

  • -port= (mandatory) — the port number (typically, -port=3260)
  • -user= — the username required to authenticate with the target
  • -password= — the password that corresponds with the username specified for the target
  • -reverse-user= — the username required to authenticate with the initiator from a target that uses reverse CHAP authentication
  • -reverse-password= — the password that corresponds with the username specified for the initiator**

iscsiname (optional)

Assigns a name to an iSCSI node specified by the iscsi parameter. If you use the iscsi parameter in your kickstart file, you must specify iscsiname earlier in the kickstart file.

keyboard (required)

Sets the default keyboard type for the system. The file /usr/lib/python2.6/site-packages/system_config_keyboard/keyboard_models.py on 32-bit systems or /usr/lib64/python2.6/site-packages/system_config_keyboard/keyboard_models.py on 64-bit systems contains list of keyboard type and is part of the system-config-keyboard package.

lang (required)

Sets the language to use during installation and the default language to use on the installed system. For example, to set the language to English, the kickstart file should contain the following line:

lang en_US

The file /usr/share/system-config-language/locale-list provides a list of the valid language codes in the first column of each line and is part of the system-config-language package.

Certain languages (for example, Chinese, Japanese, Korean, and Indic languages) are not supported during text-mode installation. If you specify one of these languages with the lang command, the installation process continues in English, but the installed system uses your selection as its default language.

logging (optional)

This command controls the error logging of anaconda during installation. It has no effect on the installed system.

  • -host= — Send logging information to the given remote host, which must be running a syslogd process configured to accept remote logging.
  • -port= — If the remote syslogd process uses a port other than the default, it may be specified with this option.
  • -level= — One of debug, info, warning, error, or critical. Specify the minimum level of messages that appear on tty3. All messages will still be sent to the log file regardless of this level, however.

logvol (optional)

Create a logical volume for Logical Volume Management (LVM) with the syntax:

logvol mntpoint --vgname=name --size=size --name=name options

The options are as follows:

  • -noformat — Use an existing logical volume and do not format it.
  • -useexisting — Use an existing logical volume and reformat it.
  • -fstype= — Sets the file system type for the logical volume. Valid values are xfs, ext2, ext3, ext4, swap, vfat, and hfs.
  • -fsoptions= — Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the /etc/fstab file of the installed system and should be enclosed in quotes.
  • -grow= — Tells the logical volume to grow to fill available space (if any), or up to the maximum size setting.
  • -maxsize= — The maximum size in megabytes when the logical volume is set to grow. Specify an integer value here such as 500 (do not include the unit).
  • -recommended= — Determine the size of the logical volume automatically.
  • -percent= — Specify the amount by which to grow the logical volume, as a percentage of the free space in the volume group after any statically-sized logical volumes are taken into account. This option must be used in conjunction with the -size and -grow options for logvol.
  • -encrypted — Specifies that this logical volume should be encrypted, using the passphrase provided in the -passphrase option. If you do not specify a passphrase, anaconda uses the default, system-wide passphrase set with the autopart -passphrase command, or stops the installation and prompts you to provide a passphrase if no default is set.
  • -passphrase= — Specifies the passphrase to use when encrypting this logical volume. You must use this option together with the -encrypted option; by itself it has no effect.
  • -escrowcert=URL_of_X.509_certificate — Store data encryption keys of all encrypted volumes as files in /root, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if -encrypted is specified.
  • -backuppassphrase= — Add a randomly-generated passphrase to each encrypted volume. Store these passphrases in separate files in /root, encrypted using the X.509 certificate specified with -escrowcert. This option is only meaningful if -escrowcert is specified.

Create the partition first, create the logical volume group, and then create the logical volume. For example:

part pv.01 --size 3000
volgroup myvg pv.01
logvol / --vgname=myvg --size=2000 --name=rootvol

Create the partition first, create the logical volume group, and then create the logical volume to occupy 90% of the remaining space in the volume group. For example:

part pv.01 --size 1 --grow
volgroup myvg pv.01
logvol / --vgname=myvg --size=1 --name=rootvol --grow --percent=90

mediacheck (optional)

If given, this will force anaconda to run mediacheck on the installation media. This command requires that installs be attended, so it is disabled by default.

monitor (optional)

If the monitor command is not given, anaconda will use X to automatically detect your monitor settings. Please try this before manually configuring your monitor.

monitor --monitor=monitorname|--hsync|vsync=frequency [--noprobe]
  • -hsync= — Specifies the horizontal sync frequency of the monitor.
  • -monitor= — Use specified monitor; monitor name should be from the list of monitors in /usr/share/hwdata/MonitorsDB from the hwdata package. The list of monitors can also be found on the X Configuration screen of the Kickstart Configurator. This is ignored if -hsync or -vsync is provided. If no monitor information is provided, the installation program tries to probe for it automatically.
  • -noprobe= — Do not try to probe the monitor.
  • -vsync= — Specifies the vertical sync frequency of the monitor.

network (optional)

Configures network information for the target system and activates network devices in the installer environment. The device specified in the first network command is activated automatically if network access is required during installation, for example, during a network installation or installation over VNC. From Red Hat Enterprise Linux 6.1 onwards, you can also explicitly require device to activate in the installer environment with the -activate option.

  • -activate — activate this device in the installer environment. If you use the -activate option on a device that has already been activated (for example, an interface you configured with boot options so that the system could retrieve the kickstart file) the device is reactivated to use the details specified in the kickstart file. Use the -nodefroute option to prevent the device from using the default route. The activate option is new in Red Hat Enterprise Linux 6.1.
  • -bootproto= — One of dhcp, bootp, ibft, or static. The ibft option is new in Red Hat Enterprise Linux 6.1. The bootproto option defaults to dhcp. bootp and dhcp are treated the same. The DHCP method uses a DHCP server system to obtain its networking configuration. As you might guess, the BOOTP method is similar, requiring a BOOTP server to supply the networking configuration. To direct a system to use DHCP:

    network --bootproto=dhcp
    

    To direct a machine to use BOOTP to obtain its networking configuration, use the following line in the kickstart file:

    network --bootproto=bootp
    

    To direct a machine to use the configuration specified in iBFT, use:

    network --bootproto=ibft
    

    The static method requires that you specify the IP address, netmask, gateway, and nameserver in the kickstart file. As the name implies, this information is static and is used during and after the installation.All static networking configuration information must be specified on one line; you cannot wrap lines using a backslash as you can on a command line. A line that specifies static networking in a kickstart file is therefore more complex than lines that specify DHCP, BOOTP, or iBFT. Note that the examples on this page have line breaks in them for presentation reasons; they would not work in an actual kickstart file.

    network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver=10.0.2.1
    

    You can also configure multiple nameservers here. To do so, specify them as a comma-delimited list in the command line.

    network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
    
  • -device= — specifies the device to be configured (and eventually activated) with the network command. For the first network command, -device= defaults (in order of preference) to one of:

    1. the device specified by the ksdevice boot option
    2. the device activated automatically to fetch the kickstart file
    3. the device selected in the Networking Devices dialog

    The behavior of any subsequent network command is unspecified if its -device option is missing. Take care to specify a -device option for any network command beyond the first. You can specify a device in one of five ways:

    • the device name of the interface, for example, eth0
    • the MAC address of the interface, for example, 00:12:34:56:78:9a
    • the keyword link, which specifies the first interface with its link in the up state
    • the keyword bootif, which uses the MAC address that pxelinux set in the BOOTIF variable. Set IPAPPEND 2 in your pxelinux.cfg file to have pxelinux set the BOOTIF variable.
    • the keyword ibft, which uses the MAC address of the interface specified by iBFT network --bootproto=dhcp --device=eth0
  • -ip= — IP address of the device.
  • -ipv6= — IPv6 address of the device, or auto to use automatic neighbor discovery, or dhcp to use DHCPv6.
  • -gateway= — Default gateway as a single IPv4 or IPv6 address.
  • -nameserver= — Primary nameserver, as an IP address. Multiple nameservers must each be separated by a comma.
  • -nodefroute — Prevents the interface being set as the default route. Use this option when you activate additional devices with the -activate= option, for example, a NIC on a separate subnet for an iSCSI target. The nodefroute option is new in Red Hat Enterprise Linux 6.1.
  • -nodns — Do not configure any DNS server.
  • -netmask= — Network mask of the device.
  • -hostname= — Hostname for the installed system.
  • -ethtool= — Specifies additional low-level settings for the network device which will be passed to the ethtool program.
  • -onboot= — Whether or not to enable the device at boot time.
  • -dhcpclass= — The DHCP class.
  • -mtu= — The MTU of the device.
  • -noipv4 — Disable IPv4 on this device.
  • -noipv6 — Disable IPv6 on this device.

part or partition (required for installs, ignored for upgrades)

Creates a partition on the system. If more than one Red Hat Enterprise Linux installation exists on the system on different partitions, the installation program prompts the user and asks which installation to upgrade.

part|partition mntpoint --name=name --device=device --rule=rule [options]
  • mntpoint — Where the partition is mounted. The value must be of one of the following forms:

    • /path For example, /, /usr, /home
    • swap - The partition is used as swap space. To determine the size of the swap partition automatically, use the -recommended option:

      swap --recommended

      The size assigned will be equivalent to the swap space assigned by -recommended plus the amount of RAM on your system

    • raid.id - The partition is used for software RAID

    • pv.id - The partition is used for LVM.
  • -size= - The minimum partition size in megabytes. Specify an integer value here such as 500 (do not include the unit).

  • -grow - Tells the partition to grow to fill available space (if any), or up to the maximum size setting.

  • -maxsize= - The maximum partition size in megabytes when the partition is set to grow. Specify an integer value here such as 500 (do not include the unit).

  • -noformat — Specifies that the partition should not be formatted, for use with the -onpart command.

  • -onpart= or -usepart= — Specifies the device on which to place the partition. For example:

    partition /home --onpart=hda1
    

    puts /home on /dev/hda1. The device must already exist on the system; the -onpart option will not create it.

  • -ondisk= or -ondrive= — Forces the partition to be created on a particular disk. For example, -ondisk=sdb puts the partition on the second SCSI disk on the system. To specify a multipath device that does not use logical volume management (LVM), use the format disk/by-id/dm-uuid-mpath-WWID, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID 2416CD96995134CA5D787F00A5AA11017, use:

     part / --fstype=ext3 --grow --asprimary --size=100 --ondisk=disk/by-id/dm-uuid-mpath-2416CD96995134CA5D787F00A5AA11017
    

    Multipath devices that use LVM are not assembled until after anaconda has parsed the kickstart file. Therefore, you cannot specify these devices in the format dm-uuid-mpath. Instead, to specify a multipath device that uses LVM, use the format disk/by-id/scsi-WWID, where WWID is the world-wide identifier for the device. For example, to specify a disk with WWID 58095BEC5510947BE8C0360F604351918, use:

    part / --fstype=ext3 --grow --asprimary --size=100 --ondisk=disk/by-id/scsi-58095BEC5510947BE8C0360F604351918
    
  • -asprimary — Forces automatic allocation of the partition as a primary partition, or the partitioning fails.

  • -type= (replaced by fstype) — This option is no longer available. Use fstype.

  • -fsoptions — Specifies a free form string of options to be used when mounting the filesystem. This string will be copied into the /etc/fstab file of the installed system and should be enclosed in quotes.

  • -fsprofile — Specifies a usage type to be passed to the program that makes a filesystem on this partition. A usage type defines a variety of tuning parameters to be used when making a filesystem. For this option to work, the filesystem must support the concept of usage types and there must be a configuration file that lists valid types. For ext2, ext3, and ext4, this configuration file is /etc/mke2fs.conf.

  • -fstype= — Sets the file system type for the partition. Valid values are xfs, ext2, ext3, ext4, swap, vfat, hfs, and efi.

  • -recommended — Determine the size of the partition automatically.

  • -onbiosdisk — Forces the partition to be created on a particular disk as discovered by the BIOS.

  • -encrypted — Specifies that this partition should be encrypted, using the passphrase provided in the -passphrase option. If you do not specify a passphrase, anaconda uses the default, system-wide passphrase set with the autopart -passphrase command, or stops the installation and prompts you to provide a passphrase if no default is set.

  • -cipher= — Specifies which type of encryption will be used if the anaconda default aes-xts-plain64 is not satisfactory. You must use this option together with the -encrypted option; by itself it has no effect. Available types of encryption are listed in the Red Hat Enterprise Linux Security Guide, but Red Hat strongly recommends using either aes-xts-plain64 or aes-cbc-essiv:sha256.

  • -passphrase= — Specifies the passphrase to use when encrypting this partition. You must use this option together with the -encrypted option; by itself it has no effect.

  • -escrowcert=URL_of_X.509_certificate — Store data encryption keys of all encrypted partitions as files in /root, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted partition. This option is only meaningful if -encrypted is specified.

  • -backuppassphrase= — Add a randomly-generated passphrase to each encrypted partition. Store these passphrases in separate files in /root, encrypted using the X.509 certificate specified with -escrowcert. This option is only meaningful if -escrowcert is specified.

  • -label — assign a label to an individual partition.

raid (optional)

Assembles a software RAID device. This command is of the form:

raid mntpoint --level=level --device=mddevice partitions*

The following example shows how to create a RAID level 1 partition for /, and a RAID level 5 for /usr, assuming there are three SCSI disks on the system. It also creates three swap partitions, one on each drive.

part raid.01 --size=60 --ondisk=sda
part raid.02 --size=60 --ondisk=sdb
part raid.03 --size=60 --ondisk=sdc
part swap --size=128 --ondisk=sda
part swap --size=128 --ondisk=sdb
part swap --size=128 --ondisk=sdc
part raid.11 --size=1 --grow --ondisk=sda
part raid.12 --size=1 --grow --ondisk=sdb
part raid.13 --size=1 --grow --ondisk=sdc
raid / --level=1 --device=md0 raid.01 raid.02 raid.03
raid /usr --level=5 --device=md1 raid.11 raid.12 raid.13

reboot (optional)

Reboot after the installation is successfully completed (no arguments). Normally, kickstart displays a message and waits for the user to press a key before rebooting. The reboot option is equivalent to the shutdown -r command.

repo (optional)

Configures additional yum repositories that may be used as sources for package installation. Multiple repo lines may be specified.

repo --name=repoid [--baseurl=url| --mirrorlist=url]

rootpw (required)

Sets the system’s root password to the password argument.

rootpw [--iscrypted] password

selinux (optional)

Sets the state of SELinux on the installed system. SELinux defaults to enforcing in anaconda.

selinux [--disabled|--enforcing|--permissive]

services (optional)

Modifies the default set of services that will run under the default runlevel. The list of disabled services is processed before the list of enabled services. Therefore, if a service appears on both lists, it is enabled.

  • -disabled — Disable the services given in the comma separated list.
  • -enabled — Enable the services given in the comma separated list.

skipx (optional)

If present, X is not configured on the installed system

sshpw (optional)

During installation, you can interact with anaconda and monitor its progress over an SSH connection. Use the sshpw command to create temporary accounts through which to log on. Each instance of the command creates a separate account that exists only in the installation environment. These accounts are not transferred to the installed system.

sshpw --username=name password [--iscrypted|--plaintext] [--lock]

text (optional)

Perform the kickstart installation in text mode. Kickstart installations are performed in graphical mode by default.

timezone (required)

Sets the system time zone to timezone which may be any of the time zones listed by timeconfig.

timezone [--utc] timezone

unsupported_hardware (optional) Tells the installer to suppress the Unsupported Hardware Detected alert. If this command is not included and unsupported hardware is detected, the installation will stall at this alert.

upgrade (optional)

Tells the system to upgrade an existing system rather than install a fresh system. You must specify one of cdrom, harddrive, nfs, or url (for FTP, HTTP, and HTTPS) as the location of the installation tree. Refer to install for details.

user (optional)

Creates a new user on the system.

user --name=<username> [--groups=list] [--homedir=homedir] [--password=password] [--iscrypted] [--shell=shell] [--uid=uid]

vnc (optional)

Allows the graphical installation to be viewed remotely via VNC. This method is usually preferred over text mode, as there are some size and language limitations in text installs. With no options, this command will start a VNC server on the machine with no password and will print out the command that needs to be run to connect a remote machine.

vnc [--host=hostname] [--port=port] [--password=password]

volgroup (optional)

Use to create a Logical Volume Management (LVM) group with the syntax:

volgroup name partition [options]

The options are as follows:

  • -noformat — Use an existing volume group and do not format it.
  • -useexisting — Use an existing volume group and reformat it.
  • -pesize= — Set the size of the physical extents.

winbind (optional)

Configures the system to connect to a Windows Active Directory or a Windows domain controller. User information from the specified directory or domain controller can then be accessed and server authentication options can be configured.

  • -enablewinbind — Enable winbind for user account configuration.
  • -disablewinbind — Disable winbind for user account configuration.
  • -enablewinbindauth — Enable windbindauth for authentication.
  • -disablewinbindauth — Disable windbindauth for authentication.
  • -enablewinbindoffline — Configures winbind to allow offline login.
  • -disablewinbindoffline — Configures winbind to prevent offline login.
  • -enablewinbindusedefaultdomain — Configures winbind to assume that users with no domain in their usernames are domain users.
  • -disablewinbindusedefaultdomain — Configures winbind to assume that users with no domain in their usernames are not domain users.

xconfig (optional)

Configures the X Window System. If you install the X Window System with a kickstart file that does not include the xconfig command, you must provide the X configuration manually during installation. Do not use this command in a kickstart file that does not install the X Window System.

  • -driver — Specify the X driver to use for the video hardware.
  • -videoram= — Specifies the amount of video RAM the video card has.
  • -defaultdesktop= — Specify either GNOME or KDE to set the default desktop (assumes that GNOME Desktop Environment and/or KDE Desktop Environment has been installed through %packages).
  • -startxonboot — Use a graphical login on the installed system.

zerombr (optional)

If zerombr is specified any invalid partition tables found on disks are initialized. This destroys all of the contents of disks with invalid partition tables.

Note that this command was previously specified as zerombr yes. This form is now deprecated; you should now simply specify zerombr in your kickstart file instead.

%include (optional)

Use the %include /path/to/file command to include the contents of another file in the kickstart file as though the contents were at the location of the %include command in the kickstart file.

Kickstart Packages Selection

From the same guide:

Use the %packages command to begin a kickstart file section that lists the packages you would like to install (this is for installations only, as package selection during upgrades is not supported).

You can specify packages by group or by their package names. The installation program defines several groups that contain related packages. Refer to the variant/repodata/comps-*.xml file on the Red Hat Enterprise Linux 6 Installation DVD for a list of groups. Each group has an id, user visibility value, name, description, and package list. If the group is selected for installation, the packages marked mandatory in the package list are always installed, the packages marked default are installed if they are not specifically excluded elsewhere, and the packages marked optional must be specifically included elsewhere even when the group is selected.

Specify groups, one entry to a line, starting with an @ symbol, a space, and then the full group name or group id as given in the comps.xml file. For example:

%packages
@ X Window System
@ Desktop
@ Sound and Video

Note that the Core and Base groups are always selected by default, so it is not necessary to specify them in the %packages section.

Specify individual packages by name, one entry to a line. You can use asterisks as wildcards to glob package names in entries. For example:

sqlite
curl
aspell
docbook*
The docbook*         entry includes the packages docbook-dtds, docbook-simple, docbook-slides and others that match the pattern represented with the wildcard.

Use a leading dash to specify packages or groups to exclude from the installation. For example:

[email protected] Graphical Internet
-autofs
-ipa*fonts

Kickstart Pre-Installation Script

32.6. Pre-installation Script

You can add commands to run on the system immediately after the ks.cfg has been parsed. This section must be placed towards the end of the kickstart file, after the kickstart commands described in “Kickstart Options” Section, and must start with the %pre command. If your kickstart file also includes a %post section, the order of the %pre and %post sections does not matter.

You can access the network in the %pre section; however, name service has not been configured at this point, so only IP addresses work.

32.6.1. Example

Here is an example %pre section:

%pre
#!/bin/sh
hds=""
mymedia=""
for file in /proc/ide/h* do
  mymedia=`cat $file/media`
  if [ $mymedia == "disk" ] ; then
      hds="$hds `basename $file`"
  fi
done
set $hds
numhd=`echo $#`
drive1=`echo $hds | cut -d' ' -f1`
drive2=`echo $hds | cut -d' ' -f2`
#Write out partition scheme based on whether there are 1 or 2 hard drives
if [ $numhd == "2" ] ; then
  #2 drives
  echo "#partitioning scheme generated in %pre for 2 drives" > /tmp/part-include
  echo "clearpart --all" >> /tmp/part-include
  echo "part /boot --fstype ext3 --size 75 --ondisk hda" >> /tmp/part-include
  echo "part / --fstype ext3 --size 1 --grow --ondisk hda" >> /tmp/part-include
  echo "part swap --recommended --ondisk $drive1" >> /tmp/part-include
  echo "part /home --fstype ext3 --size 1 --grow --ondisk hdb" >> /tmp/part-include
else
  #1 drive
  echo "#partitioning scheme generated in %pre for 1 drive" > /tmp/part-include
  echo "clearpart --all" >> /tmp/part-include
  echo "part /boot --fstype ext3 --size 75" >> /tmp/part-include
  echo "part swap --recommended" >> /tmp/part-include
  echo "part / --fstype ext3 --size 2048" >> /tmp/part-include
  echo "part /home --fstype ext3 --size 2048 --grow" >> /tmp/part-include
fi

This script determines the number of hard drives in the system and writes a text file with a different partitioning scheme depending on whether it has one or two drives. Instead of having a set of partitioning commands in the kickstart file, include the line:

%include /tmp/part-include

The partitioning commands selected in the script are used.

Kickstart Post-Installation Scripts

32.7. Post-installation Script

You have the option of adding commands to run on the system once the installation is complete. This section must be placed towards the end of the kickstart file, after the kickstart commands described in the “Kickstart Options” Section, and must start with the %post command. If your kickstart file also includes a %pre section, the order of the %pre and %post sections does not matter.

This section is useful for functions such as installing additional software and configuring an additional nameserver

Example 32.1. Registering and Then Mounting an NFS Share

Register the system to a Red Hat Subscription Management server (in this example, a local Subscription Asset Manager server):

%post --log=/root/ks-post.log
/usr/sbin/subscription-manager register [email protected] --password=secret --serverurl=sam-server.example.com --org="Admin Group" --environment="Dev"

Run a script named runme from an NFS share:

mkdir /mnt/temp
mount -o nolock 10.10.0.2:/usr/new-machines /mnt/temp
openvt -s -w -- /mnt/temp/runme
umount /mnt/temp

NFS file locking is not supported while in kickstart mode, therefore -o nolock is required when mounting an NFS mount.

Making the Kickstart File Available

32.8. Making the Kickstart File Available

A kickstart file must be placed in one of the following locations:

  • On removable media, such as a floppy disk, optical disk, or USB flash drive
  • On a hard drive
  • On a network

Normally a kickstart file is copied to the removable media or hard drive, or made available on the network. The network-based approach is most commonly used, as most kickstart installations tend to be performed on networked computers.

Let us take a more in-depth look at where the kickstart file may be placed.

32.8.2. Making the Kickstart File Available on the Network

Network installations using kickstart are quite common, because system administrators can quickly and easily automate the installation on many networked computers. In general, the approach most commonly used is for the administrator to have both a BOOTP/DHCP server and an NFS server on the local network. The BOOTP/DHCP server is used to give the client system its networking information, while the actual files used during the installation are served by the NFS server. Often, these two servers run on the same physical machine, but they are not required to.

Include the ks kernel boot option in the append line of a target in your pxelinux.cfg/default file to specify the location of a kickstart file on your network. The syntax of the ks option in a pxelinux.cfg/default file is identical to its syntax when used at the boot prompt.

If the dhcpd.conf file on the DHCP server is configured to point to /var/lib/tftpboot/pxelinux.0 on the BOOTP server (whether on the same physical machine or not), systems configured to boot over the network can load the kickstart file and commence installation.

Example 32.2. Using the ks option in the pxelinux.cfg/default file

For example, if foo.ks is a kickstart file available on an NFS share at 192.168.0.200:/export/kickstart/, part of your pxelinux.cfg/default file might include:

label 1
  kernel RHEL6/vmlinuz
  append initrd=RHEL6/initrd.img ramdisk_size=10000 ks=nfs:192.168.0.200:/export/kickstart/foo.ks

Making the Installation Tree Available

More from the same guide:

32.9. Making the Installation Tree Available

The kickstart installation must access an installation tree. An installation tree is a copy of the binary Red Hat Enterprise Linux DVD with the same directory structure.

If you are performing a DVD-based installation, insert the Red Hat Enterprise Linux installation DVD into the computer before starting the kickstart installation.

If you are performing a hard drive installation, make sure the ISO images of the binary Red Hat Enterprise Linux DVD are on a hard drive in the computer.

If you are performing a network-based (NFS, FTP or HTTP) installation, you must make the installation tree or ISO image available over the network.

Starting a Kickstart Installation

Now for the final steps from the client side:

32.10. Starting a Kickstart Installation

To begin a kickstart installation, you must boot the system from boot media you have made or the Red Hat Enterprise Linux DVD, and enter a special boot command at the boot prompt. The installation program looks for a kickstart file if the ks command line argument is passed to the kernel. Here are the possible options for ks:

ks=nfs:server:/path

The installation program looks for the kickstart file on the NFS server server, as file path. The installation program uses DHCP to configure the Ethernet card. For example, if your NFS server is server.example.com and the kickstart file is in the NFS share /mydir/ks.cfg, the correct boot command would be ks=nfs:server.example.com:/mydir/ks.cfg.

**ks={http https}://server/path**

The installation program looks for the kickstart file on the HTTP or HTTPS server server, as file path. The installation program uses DHCP to configure the Ethernet card. For example, if your HTTP server is server.example.com and the kickstart file is in the HTTP directory /mydir/ks.cfg, the correct boot command would be ks=http://server.example.com/mydir/ks.cfg.

ks=hd:device:/file

The installation program mounts the file system on device (which must be vfat or ext2), and looks for the kickstart configuration file as file in that file system (for example, ks=hd:sda3:/mydir/ks.cfg).

So let’s try this out. Since we will setup other servers down the line, I decided to use an FTP server to serve/host the Installation Tree files. In this setup I will setup the RHEL6 Machine to remotely install RHEL5 on another VM.

1. Install and Setup FTP Server on RHEL 6

There are many different FTP servers but I decided to go with vsftpd.

yum install -y vsftpd

Then edit the /etc/vsftpd/vsftpd.conf file and make it have the following modifications:

[[email protected] ~]# grep -vE '^#|^$' /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
anon_root=/var/www
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
userlist_log=YES
tcp_wrappers=YES

Then setup the ‘anonymous’ user to login:

[[email protected] ~]# echo 'anonymous' >> /etc/vsftpd/user_list

2. Copy the Installation Tree to the Folder that FTP is Serving up

First mount the iso to the RHEL VM and then from the VM mount the cdrom:

[[email protected]]# mount /dev/cdrom /mnt
mount: block device /dev/cdrom is write-protected, mounting read-only

Then copy all the files to the appropriate location:

[[email protected] ~]# mkdir -p /var/www/pub
[[email protected] ~]# rsync -avzP /mnt/. /var/www/pub/.

3. Create a Kickstart Script and Store it in our FTP Directory

If you want you can install the system-config-kickstart package and use the GUI to create the kickstart file. To install that just run the following:

yum install system-config-kickstart

To start it just execute the following:

system-config-kickstart

Since every anaconda install creates a kickstart file, I just copied that one:

[[email protected] ~]# cp anaconda-ks.cfg ks.cfg

and edited to have the following contents:

# Do an install not the upgrade
install
# Set the language
lang en_US.UTF-8
# Set the keyboard
keyboard us
# Skip RH Keyp
key --skip
# Use the text install
text
# Skip the display
skipx
# Specify where the install files are located
url --url ftp://192.168.1.110/pub/
# Assign a static IP & set the hostname
network --device eth0 --hostname Rhel05_Machine --bootproto dhcp
# Specify the root password by the Hash
rootpw --iscrypted $1$HJOvNjRI$IB3pUvN
# Enable the firewall and open up the SSH port
firewall --enabled --port=22:tcp
# Setup supported authentication methods
authconfig --enableshadow --enablemd5
# set the SElinux setting
selinux --permissive
# Set the timezone
timezone --utc America/New_York
# Set the bootload to be place in the MBR of the IDE Drive
bootloader --location=mbr --driveorder=hda
# Wipe all partitions
clearpart --drives=hda --all --initlabel
# Create a 100MB /boot partition
part /boot --fstype ext3 --size=100
# Create a 5GB / partition
part / --fstype ext3 --size=5000
# Create a 2GB swap
part swap --size=2000
# Use the rest of the free space on disk to create the /home partition
part /home --fstype ext3 --size=100 --grow
# Install the Base and Core packages, plus OpenSSH server & client packages
%packages
@Core
@Base
openssh-clients
openssh-server

Now let’s go ahead and add the file to our FTP server:

[[email protected] ~]# mkdir /var/www/pub/ks
[[email protected] ~]# cp ks.cfg /var/www/pub/ks/.

4. Start the FTP Server and Ensure it works

Let’s enable service and start it:

[[email protected] ~]# chkconfig vsftpd on
[[email protected] ~]# service vsftpd start
Starting vsftpd for vsftpd:  vsftpd

Then open up the firewall:

[[email protected] ~]# iptables -I INPUT 5 -p tcp -m tcp --dport 20 -j ACCEPT
[[email protected] ~]# iptables -I INPUT 5 -p tcp -m tcp --dport 21 -j ACCEPT
[[email protected] ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:

Since we are going to be using Passive mode we need to keep track of the connections. To do so, edit the /etc/sysconfig/iptables-config and modify the following line:

[[email protected] ~]# grep trac /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_ftp"

Then let’s restart the iptables service:

[[email protected] ~]# service iptables restart
iptables: Flushing firewall rules:
iptables: Setting chains to policy ACCEPT: filter
iptables: Unloading modules:
iptables: Applying firewall rules:

Lastly if selinux is enabled allow ftp to connect to the directory structure by running the following:

[[email protected] ~]# setsebool allow_ftpd_full_access=1

Then from another machine connect to the FTP server:

[[email protected] ~]# lftp 192.168.1.110 -u anonymous
Password:
lftp [email protected]:~> cd pub/ks
cd ok, cwd=/pub/ks
lftp [email protected]:/pub/ks> ls
-rw-r--r--    1 0        0            1622 Mar 13 14:27 ks.cfg
lftp [email protected]:/pub/ks> get ks.cfg
1622 bytes transferred

*NOTE for the password, just leave it blank

That looks good.

5. Install and Configure a TFTP Server

FTP will allow us to download the packages during the install but during the boot up process we need something faster and we will use TFTP to boot from and to start the install. First let’s install the server:

[[email protected] ~]# yum install -y tftp-server

Now let’s setup the TFTP tree structure:

[[email protected] ~]# mkdir /tftpboot
[[email protected] ~]# mkdir /tftpboot/images
[[email protected] ~]# mkdir /tftpboot/pxelinux.cfg

Now let’s copy over the Kernel files from the Installation Tree:

[[email protected] ~]# cp /var/www/pub/images/pxeboot/vmlinuz /tftpboot/images/.
[[email protected] ~]# cp /var/www/pub/images/pxeboot/initrd.img /tftpboot/images/.

Now let’s install the syslinux package and copy the menu files over to the TFTP directory:

[[email protected] ~]# yum install syslinux
[[email protected] ~]# cp /usr/share/syslinux/menu.c32 /tftpboot/.
[[email protected] ~]# cp /usr/share/syslinux/pxelinux.0 /tftpboot/.

Also, let’s configure the Boot menu. Create the /tftpboot/pxelinux.cfg/default file and add the following to it:

default menu.c32
prompt 0
timeout 10
MENU TITLE PXE Menu
LABEL RedHat 5
  MENU LABEL RedHat 5
  KERNEL images/vmlinuz
  append initrd=images/initrd.img linux ks=ftp://192.168.1.110/pub/ks/ks.cfg

Let’s set up out TFTP server to serve up the /tfptboot directory. Edit the /etc/xinetd.d/tftp file and make the following modifications:

[[email protected] ~]# grep -vE '^#|^$' /etc/xinetd.d/tftp
service tftp
{
    socket_type     = dgram
    protocol        = udp
    wait            = yes
    user            = root
    server          = /usr/sbin/in.tftpd
    server_args     = -s /tftpboot
    disable         = no
    per_source      = 11
    cps             = 100 2
    flags           = IPv4
}

6. Start and Test out the TFTP Server

First let’s enabled the xinetd service and start it up:

[[email protected] ~]# chkconfig xinetd on
[[email protected] ~]# service xinetd start
Starting xinetd:  xinetd

Also let’s make sure it’s enabled:

[[email protected] ~]# chkconfig --list | grep 'xinetd based services' -A 13
xinetd based services:
    chargen-dgram:  off
    chargen-stream: off
    daytime-dgram:  off
    daytime-stream: off
    discard-dgram:  off
    discard-stream: off
    echo-dgram:     off
    echo-stream:    off
    rsync:          off
    tcpmux-server:  off
    tftp:           on
    time-dgram:     off
    time-stream:    off

Now let’s open up the firewall and restart the firewall as well:

[[email protected] ~]# iptables -I INPUT 5 -p udp -m udp --dport 69 -j ACCEPT
[[email protected] ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:
[[email protected] ~]# service iptables restart
iptables: Flushing firewall rules:
iptables: Setting chains to policy ACCEPT: filter
iptables: Unloading modules:
iptables: Applying firewall rules:
iptables: Loading additional modules: ip_conntrack_ftp

If selinux is enabled then reset the context on our folder:

[[email protected] ~]# restorecon -v -R /tftpboot/

Now from another machine try to download a file:

[[email protected] ~]# tftp 192.168.1.110
tftp> verbose
Verbose mode on.
tftp> get pxelinux.0
getting from 192.168.1.110:pxelinux.0 to pxelinux.0 [netascii]
Received 27213 bytes in 1.2 seconds [181204 bit/s]

That looks good. </username>

7. Install and Configure a DHCP Server

First let’s install the DHCP Server:

[[email protected] ~]# yum -y install dhcp

Then copy a sample config file:

[[email protected] ~]# cp /usr/share/doc/dhcp*/dhcpd.conf.sample /etc/dhcp/dhcpd.conf

and edit the /etc/dhcp/dhcpd.conf file to look like this:

ddns-update-style none;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
### Parameters for the local subnet ###
        option routers                  192.168.1.254;
        option subnet-mask              255.255.255.0;
        option domain-name              "example.com";
        option domain-name-servers      192.168.1.254;
        default-lease-time              21600;
        max-lease-time                  43200;
        range dynamic-bootp             192.168.1.100 192.168.1.200;
        #### PXE Server IP ###
        next-server                     192.168.1.110;
        filename                        "pxelinux.0";
}

8. Start the DHCP Service and Obtain an IP Lease from it

First let’s start it up:

[[email protected] ~]# chkconfig dhcpd on
[[email protected] ~]# service dhcpd start
Starting dhcpd:  dhcpd

Lastly make sure it’s running:

[[email protected] log]# service dhcpd status
dhcpd (pid  2964) is running...

Now let’s open up the firewall:

[[email protected] ~]# iptables -I INPUT 5 -p udp -m udp --dport 67 -j ACCEPT
[[email protected] ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:
[[email protected] log]# service iptables restart
iptables: Flushing firewall rules:
iptables: Setting chains to policy ACCEPT: filter
iptables: Unloading modules:
iptables: Applying firewall rules:
iptables: Loading additional modules: ip_conntrack_ftp

Now from a client let’s try to obtain an IP address from our DHCP address:

[[email protected] ~]# dhclient
Internet Systems Consortium DHCP Client V3.0.5-RedHat
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/downloads/dhcp/

Listening on LPF/eth0/52:54:00:12:34:57
Sending on   LPF/eth0/52:54:00:12:34:57
Sending on   Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
DHCPOFFER from 192.168.1.110
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.1.110
bound to 192.168.1.111 -- renewal in 43135 seconds.

on our DHCP server we can see that our IP was leased:

[[email protected] log]# tail -8 /var/lib/dhcpd/dhcpd.leases
lease 192.168.1.111 {
  starts 3 2013/03/13 19:17:24;
  ends 4 2013/03/14 01:17:24;
  cltt 3 2013/03/13 19:17:24;
  binding state active;
  next binding state free;
  hardware ethernet 52:54:00:12:34:57;
}

9. Reboot the Machine and Set it to Boot from the Network

You will see the machine contact the DHCP Server and then go to the TFTP Server:

tftp boot succesful RHCSA and RHCE Chapter 8 Network Installs

If that is successful then you will see the PXE-Menu that you created, like so:

pxeboot menu g RHCSA and RHCE Chapter 8 Network Installs

And then finally we will see the package starting to install:

package installation g RHCSA and RHCE Chapter 8 Network Installs


blog comments powered by Disqus