Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/linuxfabrik/kickstart

Generic kickstart file for a minimal install of RHEL 7+ and compatible, on both BIOS as well as UEFI machines.
https://github.com/linuxfabrik/kickstart

anaconda fedora installation installation-scripts kickstart linux linuxfabrik rhel

Last synced: 7 days ago
JSON representation

Generic kickstart file for a minimal install of RHEL 7+ and compatible, on both BIOS as well as UEFI machines.

Awesome Lists containing this project

README 

          
Generic Kickstart / Autoinstall Files

======================================



This repository provides automated installation configurations for:



* **RHEL 8+, Fedora 38+ and compatible** (``lf-rhel.cfg``, Kickstart format)

* **Debian 11+** (``lf-debian.cfg``, Preseed format)

* **Ubuntu 20.04+** (``lf-ubuntu.cfg``, Autoinstall format)



RHEL, Fedora and compatible

----------------------------



What are Kickstart Installations?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Kickstart files contain answers to all questions normally asked by the installation program, such as what time zone you want the system to use, how the drives should be partitioned, or which packages should be installed. Providing a prepared kickstart file when the installation begins therefore allows you to perform the installation automatically, without need for any intervention from the user. This is especially useful when deploying Red Hat Enterprise Linux (RHEL) on a large number of systems at once.



Kickstart files can be kept on a single server system and read by individual computers during the installation. This installation method can support the use of a single kickstart file to install RHEL and compatible on multiple machines, making it ideal for network and system administrators. (`Source `_)



How to use

~~~~~~~~~~



This kickstart file can be used by booting from an ISO file, then either



* BIOS: pressing ``ESC`` on the first screen and providing these cmdline arguments (line breaks are only for better readability):



.. code-block:: text



    boot: linux inst.ks=https://linuxfabrik.ch/ks

        [lftype=cis|cloud|cloud-cis|minimal]

        [lfdisk=$DISK]

        [ip=[IPADDRESS]::GATEWAY:NETMASK::INTERFACE:none]

        [nameserver=NAMESERVER]

        [...]



* UEFI: pressing ``e`` on the "Install ..." entry and appending the following to the ``linuxefi`` cmdline (line breaks are only for better readability), then booting by pressing ``Ctrl-X``.



.. code-block:: text



    linuxefi ... inst.ks=https://linuxfabrik.ch/ks

        [lftype=cis|cloud|cloud-cis|minimal]

        [lfdisk=$DISK]

        [ip=[IPADDRESS]::GATEWAY:NETMASK::INTERFACE:none]

        [nameserver=NAMESERVER]

        [...]



Note that ``ip=`` is an array (for providing multiple IP addresses), so the inner brackets are mandatory.



For convenience, we provide https://linuxfabrik.ch/ks as a shortened URL to https://raw.githubusercontent.com/Linuxfabrik/kickstart/main/lf-rhel.cfg.



What this Kickstart File does

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



* Supports RHEL 8+, Fedora 38+ and compatible.

* Works on legacy BIOS as well as UEFI.

* The kickstart file is intended to provide a minimal installation, with ``firewalld`` disabled and SELinux in "Enforcing" mode.

* Can be installed on a user-defined disk by specifying the kernel cmdline argument ``lfdisk=$DISK``. If unset, it tries to find the first block device, in the order ``vda`` > ``sda`` > ``nvme0n1``, and fails otherwise.

* There are two users: ``linuxfabrik`` and ``root``. The root account is always locked and has no password or SSH keys. Login with the ``linuxfabrik`` user, which is also part of the ``wheel`` group. ``sudo`` is configured to gain root.



The kickstart file can be used to install different types of minimal installs by setting the kernel cmdline argument ``lftype=``:



.. csv-table::

    :header-rows: 1



    ``lftype=``,             Install Type,   Partitioning Scheme,     Password of User ``linuxfabrik``,   SSH Keys of User ``linuxfabrik``

    ``cis``,                 Minimal,        "CIS, LVM",              ``password``,                       Those of Linuxfabrik

    ``cloud``,               Minimal,        "Minimal, LVM",          unset (inject via ``cloud-init``),  none (inject via ``cloud-init``)

    ``cloud-cis``,           Minimal,        "CIS, LVM",              unset (inject via ``cloud-init``),  none (inject via ``cloud-init``)

    ``minimal`` (default),   Minimal,        "Minimal, LVM",          ``password``,                       Those of Linuxfabrik



Useful Kernel Cmdline Arguments

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



RHEL:



* ``inst.loglevel=[debug|info]``: Note: Option is removed in RHEL9 and is always set to debug

* ``inst.ks=[hd::|[http,https,ftp]:///|nfs:[:]:/`` (MANDATORY)

* ``inst.noverifyssl``: Prevents Anaconda from verifying the ssl certificate for all HTTPS connections ("insecure")

* ``inst.nosave=[,]`` (options: ``input_ks,output_ks,all_ks,logs,all``)

* ``inst.rescue``

* `more Kernel Cmdline Arguments `_



Specific to this kickstart file:



* ``lfdisk=$DISK``: User-defined disk for installing the OS. Default: unset (so tries to find the first block device, in the order ``vda`` > ``sda`` > ``nvme0n1``, and fails otherwise).

* ``lftype``: See table above. Defaults to ``minimal``.



Modifying this Kickstart

~~~~~~~~~~~~~~~~~~~~~~~~



This kickstart includes an additional kickstart ``/tmp/dynamic.ks``. This ``/tmp/dynamic.ks`` file is generated in a kickstart pre-script.

At the beginning of the pre-script the available Python version is determined, the Python script is written to ``/tmp/pre-script.py`` and executed.

The Python script then generates the ``/tmp/dynamic.ks``.

This Python script can be modified as follows:



* | ``lfkeys``

  | An array of SSH keys that will be installed for either the ``root`` or ``linuxfabrik`` user depending on ``lftype`` as documented above.

* | ``packages_``

  | An array with package names for a ```` install.

* | ``part_``

  | An array of kickstart ``logvol`` lines that define logical volumes for ```` as documented in Fedora Kickstart Syntax Reference: `logvol `_

* | ``users_``

  | A string containing a ":" separated list in the form ``name="":cmd="":keys=""`` (Fedora Kickstart Syntax Reference: `user `_, `rootpw `_)

* | ``post_``

  | A multiline string containing the postscript for ````. Will be executed by ``/bin/sh``.



Known Limitations

~~~~~~~~~~~~~~~~~



This kickstart file does not work for RHEL 7- (and compatible).



Tests

~~~~~



Test combinations:



* OS: rocky8, rocky9, rocky10

* Firmware: BIOS, UEFI

* Disk: vda, sda

* ``lftype``: ``cis``, ``cloud``, ``cloud-cis``, ``minimal``



What to test within the VM:



* Console login using "root": Should not work (account is locked, no password).

* Console login using "linuxfabrik" + "password": Should work on non-cloud. On cloud, password depends on cloud-init.

* ``ip a``: Should get an IP.

* ``ssh root@vm``: Should not work.

* ``ssh linuxfabrik@vm``: Should work on non-cloud. On cloud, it depends on cloud-init.

* ``sudo su -``: Should work.

* ``cat /etc/shadow``: Should show that root's password is locked.

* ``df -hT``: Three partitions (``/``, ``/backup``, ``/boot``) on non-cis, eight partitions on cis.

* ``lvs``: Should work.

* ``sudo dnf -y install nano``: Should work.

* ``systemctl status cloud-init``: Not found on non-cloud, should work on cloud.

* ``systemctl status firewalld``: Should be inactive on non-cloud. On cloud, firewalld is removed.

* ``ll /root``: Should list at least two Anaconda files.



Troubleshooting

~~~~~~~~~~~~~~~



* ``page_poison=1`` kernel cmdline option installed by bootloader cmd can leave the system unbootable due to a buggy UEFI firmware. This was observed with TianoCore firmware on qemu. Remove this option to boot. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/known-issues.

* Fedora 38: We observed problems booting into the installer. Try ``inst.neednet=1 rd.debug`` to get to the installer.

* Last resort: If this Kickstart file doesn't work, copy it to a webserver and modify it to suit your needs.



References

~~~~~~~~~~



* `Fedora Kickstart Syntax `_

* `RHEL 8 Kickstart Syntax `_

* `RHEL 9 Kickstart Syntax `_

* `Rocky 8 Generic Cloud LVM Kickstart `_

* `OpenStack Image Requirements `_



Debian and compatible

----------------------



What is Preseed?

~~~~~~~~~~~~~~~~



Preseed provides a way to set answers to questions asked during the Debian installation process, without having to manually enter the answers while the installation is running. This makes it possible to fully automate Debian installations. (`Source `_)



Note: Preseed only works with the Debian Installer (d-i). It does **not** work with Ubuntu 20.04+ (which uses autoinstall/subiquity).



How to use

~~~~~~~~~~



Boot from a Debian netinst or DVD ISO, press ``ESC`` at the boot menu, then:



.. code-block:: text



    boot: auto url=http:////lf-debian.cfg



What this Preseed File does

~~~~~~~~~~~~~~~~~~~~~~~~~~~



* Supports Debian 11+ (Bullseye and newer).

* Works on legacy BIOS as well as UEFI (GPT partitioning).

* Provides a minimal server installation with LVM partitioning (``/``, ``/backup``, ``/boot``, swap).

* Installs on the first available disk (``/dev/vda``, ``/dev/sda`` or ``/dev/nvme0n1``).

* There are two users: ``linuxfabrik`` and ``root``. The root account is not created (disabled). Login with the ``linuxfabrik`` user, which has password-less sudo. The default password is ``password`` (change after first login).

* SSH server is installed and Linuxfabrik SSH keys are deployed.

* The system shuts down after installation.



Tests

~~~~~



Test combinations:



* OS: Debian 11, Debian 12

* Firmware: BIOS, UEFI

* Disk: vda, sda



What to test within the VM:



* Console login using "root": Should not work (no root account).

* Console login using "linuxfabrik" + "password": Should work.

* ``ip a``: Should get an IP.

* ``ssh root@vm``: Should not work.

* ``ssh linuxfabrik@vm``: Should work.

* ``sudo su -``: Should work.

* ``df -hT``: Three partitions (``/``, ``/backup``, ``/boot``).

* ``lvs``: Should work.

* ``sudo apt install -y nano``: Should work.



References

~~~~~~~~~~



* `Debian Preseed Documentation `_

* `Debian Preseed Example `_



Ubuntu and compatible

----------------------



What is Autoinstall?

~~~~~~~~~~~~~~~~~~~~



Ubuntu's autoinstall provides a way to perform unattended installations of Ubuntu Server. It uses a YAML configuration file to answer all installation questions automatically, similar to Kickstart on RHEL. Autoinstall is available on Ubuntu 20.04+ and uses the subiquity installer. (`Source `_)



Note: Autoinstall does **not** work with Debian, which uses a different system called preseed.



How to use

~~~~~~~~~~



Serve ``lf-ubuntu.cfg`` as ``user-data`` alongside an empty ``meta-data`` file via HTTP, then boot from an Ubuntu Server ISO and append to the kernel cmdline:



.. code-block:: text



    autoinstall ds=nocloud-net;s=http:////



What this Autoinstall File does

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



* Supports Ubuntu 20.04+ (subiquity installer).

* Targets UEFI systems (see comments in the file for BIOS adaptation).

* Provides a minimal server installation with LVM partitioning (``/``, ``/backup``, ``/boot``, swap).

* There are two users: ``linuxfabrik`` and ``root``. The root account is locked with no password. Login with the ``linuxfabrik`` user, which has password-less sudo. The default password is ``password`` (change after first login).

* SSH server is installed and Linuxfabrik SSH keys are deployed.

* ``ufw`` and ``kdump`` are disabled.

* The system shuts down after installation.



Tests

~~~~~



Test combinations:



* OS: Ubuntu 22.04, Ubuntu 24.04

* Firmware: UEFI



What to test within the VM:



* Console login using "root": Should not work (account is locked).

* Console login using "linuxfabrik" + "password": Should work.

* ``ip a``: Should get an IP.

* ``ssh root@vm``: Should not work.

* ``ssh linuxfabrik@vm``: Should work.

* ``sudo su -``: Should work.

* ``cat /etc/shadow``: Should show that root's password is locked.

* ``df -hT``: Three partitions (``/``, ``/backup``, ``/boot``).

* ``lvs``: Should work.

* ``sudo apt install -y nano``: Should work.



References

~~~~~~~~~~



* `Ubuntu Autoinstall Reference `_

* `Ubuntu Autoinstall Quick Start `_