7.4. Kickstart Options

Use md5 encryption for user passwords.

Turns on NIS support. By default, --enablenis uses whatever domain it finds on the network. A domain should almost always be set by hand with the --nisdomain= option.

NIS domain name to use for NIS services.

Server to use for NIS services (broadcasts by default).

Use shadow passwords.

Turns on LDAP support in /etc/nsswitch.conf, allowing your system to retrieve information about users (UIDs, home directories, shells, etc.) from an LDAP directory. To use this option, you must install the nss_ldap package. You must also specify a server and a base DN with --ldapserver= and --ldapbasedn=.

Use LDAP as an authentication method. This enables the pam_ldap module for authentication and changing passwords, using an LDAP directory. To use this option, you must have the nss_ldap package installed. You must also specify a server and a base DN with --ldapserver= and --ldapbasedn=.

If you specified either --enableldap or --enableldapauth, use this option to specify the name of the LDAP server to use. This option is set in the /etc/ldap.conf file.

If you specified either --enableldap or --enableldapauth, the DN (distinguished name) in your LDAP directory tree under which user information is stored. This option is set in the /etc/ldap.conf file.

Use TLS (Transport Layer Security) lookups. This option allows LDAP to send encrypted usernames and passwords to an LDAP server before authentication.

Use Kerberos 5 for authenticating users. Kerberos itself does not know about home directories, UIDs, or shells. So if you enable Kerberos you will need to make users' accounts known to this workstation by enabling LDAP, NIS, or Hesiod or by using the /usr/sbin/useradd command to make their accounts known to this workstation. If you use this option, you must have the pam_krb5 package installed.

The Kerberos 5 realm to which your workstation belongs.

The KDC (or KDCs) that serve requests for the realm. If you have multiple KDCs in your realm, separate their names with commas (,).

The KDC in your realm that is also running kadmind. This server handles password changing and other administrative requests. This server must be run on the master KDC if you have more than one KDC.

Enable Hesiod support for looking up user home directories, UIDs, and shells. More information on setting up and using Hesiod on your network is in /usr/share/doc/glibc-2.x.x/README.hesiod, which is included in the glibc package. Hesiod is an extension of DNS that uses DNS records to store information about users, groups, and various other items.

The Hesiod LHS ("left-hand side") option, set in /etc/hesiod.conf. This option is used by the Hesiod library to determine the name to search DNS for when looking up information, similar to LDAP's use of a base DN.

The Hesiod RHS ("right-hand side") option, set in /etc/hesiod.conf. This option is used by the Hesiod library to determine the name to search DNS for when looking up information, similar to LDAP's use of a base DN.

Tip

To look up user information for "jim", the Hesiod library looks up jim.passwd<LHS><RHS>, which should resolve to a TXT record that looks like what his passwd entry would look like (jim:*:501:501:Jungle Jim:/home/jim:/bin/bash). For groups, the situation is identical, except jim.group<LHS><RHS> would be used. Looking up users and groups by number is handled by making "501.uid" a CNAME for "jim.passwd", and "501.gid" a CNAME for "jim.group". Note that the LHS and RHS do not have periods [.] put in front of them when the library determines the name for which to search, so the LHS and RHS usually begin with periods.

Enables authentication of users against an SMB server (typically a Samba or Windows server). SMB authentication support does not know about home directories, UIDs, or shells. So if you enable it you will need to make users' accounts known to the workstation by enabling LDAP, NIS, or Hesiod or by using the /usr/sbin/useradd command to make their accounts known to the workstation. To use this option, you must have the pam_smb package installed.

The name of the server(s) to use for SMB authentication. To specify more than one server, separate the names with commas (,).

The name of the workgroup for the SMB servers.

Enables the nscd service. The nscd service caches information about users, groups, and various other types of information. Caching is especially helpful if you choose to distribute information about users and groups over your network using NIS, LDAP, or hesiod.

Specifies kernel parameters. To specify multiple parameters, separate them with spaces. For example:

bootloader --location=mbr --append="hdd=ide-scsi ide=nodma"

Specifies where the boot record is written. Valid values are the following: mbr (the default), partition (installs the boot loader on the first sector of the partition containing the kernel), or none (do not install the boot loader).

If using GRUB, sets the GRUB boot loader password the one specified with this option. This should be used to restrict access to the GRUB shell, where arbitrary kernel options can be passed.

If using GRUB, similar to --password= except the password should already be encrypted.

Use LILO instead of GRUB as the boot loader.

If using LILO, use the linear LILO option; this is only for backward compatibility (and linear is now used by default).

If using LILO, use the nolinear LILO option; linear is the default.

If using LILO, force use of lba32 mode instead of auto-detecting.

Upgrade the existing boot loader configuration, preserving the old entries. This option is only available for upgrades.

Erases all Linux partitions.

Erases all partitions from the system.

Specifies which drives to clear partitions from. For example, the following clears the partitions on the first two drives on the primary IDE controller:

clearpart --drives hda,hdb

Initializes the disk label to the default for your architecture (for example msdos for x86 and gpt for Itanium). It is useful so that the installation program does not ask if it should initialize the disk label if installing to a brand new hard drive.

Replace with either scsi or eth

Replace with the name of the kernel module which should be installed.

Options to pass to the kernel module. Note that multiple options may be passed if they are put in quotes. For example:

--opts="aic152x=0x340 io=11"

Partition containing the driver disk.

File system type (for example, vfat or ext2).

Replace with one of the following levels of security:

• --high

• --medium

• --disabled

Listing a device here, such as eth0, allows all traffic coming from that device to go through the firewall. To list more than one device, use --trust eth0 --trust eth1. Do NOT use a comma-separated format such as --trust eth0, eth1.

Replace with none or more of the following to allow the specified services through the firewall.

• --dhcp

• --ssh

• --telnet

• --smtp

• --http

• --ftp

You can specify that ports be allowed through the firewall using the port:protocol format. For example, to allow IMAP access through your firewall, specify imap:tcp. specify numeric ports can also be specified explicitly; for example, to allow UDP packets on port 1234 through, specify 1234:udp. To specify multiple ports, separate them by commas.

Install from the first CD-ROM drive on the system.

Install from a Red Hat installation tree on a local drive, which must be either vfat or ext2.

• --partition=

  Partition to install from (such as, sdb2).

• --dir=

  Directory containing the RedHat directory of the installation tree.

For example:

harddrive --partition=hdb2 --dir=/tmp/install-tree

Install from the NFS server specified.

• --server=

  Server from which to install (hostname or IP).

• --dir=

  Directory containing the RedHat directory of the installation tree.

For example:

nfs --server=nfsserver.example.com --dir=/tmp/install-tree

Install from an installation tree on a remote server via FTP or HTTP.

For example:

url --url http://<server>/<dir>

or:

url --url ftp://<username>:<password>@<server>/<dir>

If language support for more than one language is specified, a default must be identified.

Specifies kernel parameters.

Use the linear LILO option; this is only for back-wards compatibility (and linear is now used by default).

Use the nolinear LILO option; linear is now used by default.

Specifies where the LILO boot record is written. Valid values are the following: mbr (the default) or partition (installs the boot loader on the first sector of the partition containing the kernel). If no location is specified, LILO is not installed.

Forces the use of lba32 mode instead of auto-detecting.

Device the mouse is on (such as --device=ttyS0).

If present, simultaneous clicks on the left and right mouse buttons will be recognized as the middle mouse button by the X Window System. This option should be used if you have a two button mouse.

One of dhcp, bootp, or static.

It default to dhcp. bootp and dhcp are treated the same.

The DHCP method uses a DHCP server system to obtain its networking configuration. As you might guess, the BOOTP method is similar, requiring a BOOTP server to supply the networking configuration. To direct a system to use DHCP:

network --bootproto=dhcp

To direct a machine to use BOOTP to obtain its networking configuration, use the following line in the kickstart file:

network --bootproto=bootp

The static method requires that you enter all the required networking information in the kickstart file. As the name implies, this information is static and will be used during and after the installation. The line for static networking is more complex, as you must include all network configuration information on one line. You must specify the IP address, netmask, gateway, and nameserver. For example: (the \ indicates that it is all one line):

network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 \
--gateway=10.0.2.254 --nameserver=10.0.2.1

If you use the static method, be aware of the following two restrictions:

• All static networking configuration information must be specified on one line; you cannot wrap lines using a backslash, for example.

• You can only specify one nameserver here. However, you can use the kickstart file's %post section (described in Section 7.7 Post-installation Script) to add more name servers, if needed.

Used to select a specific Ethernet device for installation. Note that using --device= will not be effective unless the kickstart file is a local file (such as ks=floppy), since the installation program will configure the network to find the kickstart file. For example:

network --bootproto=dhcp --device=eth0

IP address for the machine to be installed.

Default gateway as an IP address.

Primary nameserver, as an IP address.

Do not configure any DNS server.

Netmask for the installed system.

Hostname for the installed system.

The <mntpoint> is where the partition will be mounted and must be of one of the following forms:

• /<path>

  For example, /, /usr, /home

• swap

  The partition will be used as swap space.

  To determine the size of the swap partition automatically, use the --recommended option:

  swap --recommended

  The minimum size of the automatically-generated swap partition will be no smaller than the amount of RAM in the system and no bigger than twice the amount of RAM in the system.

• raid.<id>

  The partition will be used for software RAID (refer to raid).

• pv.<id>

  The partition will be used for LVM (refer to logvol).

The minimum partition size in megabytes. Specify an integer value here such as 500. Do not append the number with MB.

Tells the partition to grow to fill available space (if any), or up to the maximum size setting.

The maximum partition size in megabytes when the partition is set to grow. Specify an integer value here, and do not append the number with MB.

Tells the installation program not to format the partition, for use with the --onpart command.

Put the partition on the already existing device. For example:

partition /home --onpart=hda1

will put /home on /dev/hda1, which must already exist.

Forces the partition to be created on a particular disk. For example, --ondisk=sdb will put the partition on the second SCSI disk on the system.

Forces automatic allocation of the partition as a primary partition or the partitioning will fail.

Number specified represents the number of bytes per inode on the file system when it is created. It must be given in decimal format. This option is useful for applications where you want to increase the number of inodes on the file system.

This option is no longer available. Use fstype.

Sets the file system type for the partition. Valid values are ext2, ext3, swap, and vfat.

Specifies the starting cylinder for the partition. It requires that a drive be specified with --ondisk= or ondrive=. It also requires that the ending cylinder be specified with --end= or the partition size be specified with --size=.

Specifies the ending cylinder for the partition. It requires that the starting cylinder be specified with --start=.

Specifies that the partition should be checked for bad sectors.

Location where the RAID file system is mounted. If it is /, the RAID level must be 1 unless a boot partition (/boot) is present. If a boot partition is present, the /boot partition must be level 1 and the root (/) partition can be any of the available types. The <partitions*> (which denotes that multiple partitions can be listed) lists the RAID identifiers to add to the RAID array.

RAID level to use (0, 1, or 5).

Name of the RAID device to use (such as md0 or md1). RAID devices range from md0 to md7, and each may only be used once.

Specifies the number of spare drives allocated for the RAID array. Spare drives are used to rebuild the array in case of drive failure.

Sets the file system type for the RAID array. Valid values are ext2, ext3, swap, and vfat.

Do not format the RAID array.

If this is present, the password argument is assumed to already be encrypted.

If present, the system assumes the hardware clock is set to UTC (Greenwich Mean) time.

Do not probe the monitor.

Use specified card; this card name should be from the list of cards in /usr/share/hwdata/Cards from the hwdata package. The list of cards can also be found on the X Configuration screen of the Kickstart Configurator. If this argument is not provided, the installation program will probe the PCI bus for the card. Since AGP is part of the PCI bus, AGP cards will be detected if supported. The probe order is determined by the PCI scan order of the motherboard.

Specify the amount of video RAM the video card has.

Use specified monitor; monitor name should be from the list of monitors in /usr/share/hwdata/MonitorsDB from the hwdata package. The list of monitors can also be found on the X Configuration screen of the Kickstart Configurator. This is ignored if --hsync or --vsync is provided. If no monitor information is provided, the installation program tries to probe for it automatically.

Specifies the horizontal sync frequency of the monitor.

Specifies the vertical sync frequency of the monitor.

Specify either GNOME or KDE to set the default desktop (assumes that GNOME Desktop Environment and/or KDE Desktop Environment has been installed through %packages).

Use a graphical login on the installed system.

Specify the default resolution for the X Window System on the installed system. Valid values are 640x480, 800x600, 1024x768, 1152x864, 1280x1024, 1400x1050, 1600x1200. Be sure to specify a resolution that is compatible with the video card and monitor.

Specify the default color depth for the X Window System on the installed system. Valid values are 8, 16, 24, and 32. Be sure to specify a color depth that is compatible with the video card and monitor.