Anaconda & Kickstart

Enterprise Linux Installation

Linux

Published

November 5, 2015

Modified

February 14, 2024

Prerequisites

Install/configure DHCP and HTTP services:

# Install a web-server
>>> yum -y install httpd && systemctl enable httpd && systemctl start httpd
>>> firewall-cmd --permanent --add-service=http && firewall-cmd --reload

# Disable SELinux
>>> grep ^SELINUX= /etc/selinux/config
SELINUX=disabled
>>> setenforce 0 && sestatus

Add an iPXE configuration to the DHCP server…

>>> yum -y install tftp-server 
>>> cat /etc/dnsmasq.d/ipxe.conf
enable-tftp
tftp-root=/var/lib/tftpboot
dhcp-userclass=set:ipxe,iPXE
dhcp-boot=tag:#ipxe,undionly.kpxe
dhcp-boot=tag:ipxe,http://10.1.1.27:80/menu.ipxe
# restart dnsmasq

# build iPXE and copy the boot image
>>> yum -y install gcc binutils make perl syslinux xz-devel genisoimage git
>>> git clone git://git.ipxe.org/ipxe.git ipxe && cd ipxe/src
>>> make bin/undionly.kpxe && cp bin/undionly.kpxe /var/lib/tftpboot

Extract boot images from the official source, CentOS mirros

www=/var/www/html
curl -o /tmp/centos.iso http://centos.mirror.net-d-sign.de/7/isos/x86_64/CentOS-7-x86_64-Minimal-1611.iso
mount -o loop /tmp/centos.iso /mnt
mkdir -p ${www}/boot/centos/7/1611 && cp -r /mnt/* ${www}/boot/centos/7/1611
umount /mnt
ln -s ${www}/boot/centos/7/1611 ${www}/boot/centos/current

More then 1GB memory required for the CentOS LiveOS!

Anaconda

Anaconda ¹ installation program used by Enterprise Linux…

…install the operating system software on the target computer

Lorax ² tool is used to create the Anaconda installer boot.iso

Network Configuration

Network connection missing?

Check if the require network device is available with ip a
If the device is visible check the NetworkManager configuration

NetworkManager configuration (logs to /tmp/syslog):

Anaconda Boot Options can be used to enable network (e.g. to download a kickstart file)
Anaconda is communicating with NetworkManager mostly with ifcfg files located in /etc/sysconfig/netwrok-scripts/ifcfg-<device name>
Note that the Kickstart network option can be used both to enable and configure devices also!

Boot Configuration

Boot into the interactive installation:

>>> cat /var/www/html/centos/boot/menu.ipxe 
#!ipxe
set base http://lxdev01.devops.test/centos/boot
kernel ${base}/images/pxeboot/vmlinuz initrd=initrd.img inst.repo=${base} inst.text inst.ks=http://lxdev01.devops.test/kickstart/base.cfg
initrd ${base}/images/pxeboot/initrd.img
boot || goto shell

List of kernel arguments:

inst.repo=http://                    # location of the install source
inst.proxy=http://                   # HTTP proxy for the installation
inst.ks=http://...                   # location of the kickstart file
inst.text                            # use text-base UI
inst.headless                        # no display during installation
inst.sshd                            # SSH login during installation
inst.loglevel=<debug|info|warning|error|critical>

Target System

Mount points used by the installer…

/mnt/sysimage …physical root of the target system
/mnt/sysroot …mount point of the system root of the target system
- …recommended to be used for chroot

Kickstart

Kickstart ³ provides a method to automate the installation of Enterprise Linux…

The kickstart file contains answers for the Anaconda installer program:

…simple text file …list of items, each identified by a keyword
…omitting required items prompts the user for an interactive answer

Simple kickstart file:

## Common Section ##

install                       # install a fresh system
url --url="http://...."       #  from a remote server over HTTP
reboot                        # reboot automatically

keyboard --vckeymap=us        # keyboard layout
lang en_US.UTF-8              # system language
timezone Europe/Berlin        # system timezone

# dummy accounts for a test environment
auth --enableshadow --passalgo=sha512
rootpw --plaintext root
user --name=devops --password=devops --plaintext

# enable DHPC, no IPv6
network  --bootproto=dhcp --noipv6

zerombr                      # initialize invalid partition table
ignoredisk --only-use=vda    # ingnore disks except of vda
clearpart --initlabel --all  # overwrite all partitions
# partition layout and file-systems
part /     --ondisk=vda --asprimary --fstype=ext4 --size=8192
part /var  --ondisk=vda             --fstype=ext4 --size=8192
part /tmp  --ondisk=vda             --fstype=ext4 --size=8192 --maxsize=20480 --grow
part /srv  --ondisk=vda --asprimary --fstype=ext4 --size=10240                --grow

Package Section

Lists the packages you would like to install:

%packages begins the section listing packages, must end with the %end
Leading dash excludes packages//groups from the installation

Minimal base system:

## Package Section ##

%packages --nobase --excludedocs
@core --nodefaults
%end

Deploy a configuration management e.g. Chef:

## This repository should host the chef packages from chef.io
repo --name=site --baseurl="http://lxdev01.devops.test/repo"

## Add the client package to be installed
%packages
...
chef
%end

Storage

Related commands…

ignoredisk safeguard storage device from partitioning
zerombr initialize unrecognizable storage devices
clearpart remove partitions (non by default)
part/partition partition storage devices
raid Linux software RAID…mdadm
volgroup LVM volume groups…

Log is written to /tmp/storage.log

Boot device (non EFI) on first SATA device….

clearpart --all
zerombr
ignoredisk --only-use=sda
part /     --ondisk=sda --asprimary --fstype=xfs --size=20000
part /var  --ondisk=sda             --fstype=xfs --size=100000
part /tmp  --ondisk=sda             --fstype=xfs --size=35000  --grow
part swap  --ondisk=sda                          --size=10000

Boot device (EFI) on first NVMe device…

clearpart --all
zerombr
ignoredisk --only-use=nvme0n1
part /boot/efi --fstype=efi  --size=20     --grow --maxsize=200
part /boot     --fstype=ext4 --size=1024
part /         --fstype=xfs  --size=20000         --asprimary
part /var      --fstype=xfs  --size=100000
part /tmp      --fstype=xfs  --size=35000  --grow
part swap                    --size=128000

RAID mirror for /var/spool using two NVMe devices…

# ...make sure to clean any additonal devices...
clearpart --all --initlabel --drives=sda,nvme*
part raid.01 --ondisk=nvme0n1 --fstype="mdmember" --size=1 --grow       
part raid.02 --ondisk=nvme1n1 --fstype="mdmember" --size=1 --grow
raid --level=RAID1 --device=spool --fstype=ext4 /var/spool raid.01 raid.02

Post Installation

Commands to run on the system once the installation is complete…

…section starts with the %post command …closed with corresponding %end
- …--log=/var/log/name.log …write output to a log-file
- …--erroronfail …halt installation of failure
- …--nochroot …run outside the chroot environment
- …--interpreter /usr/bin/python …non-default interpreter

Add the FQDN to /etc/hostname:

%post --log=/var/log/post-install.log
echo "Write hostname to /etc/hostname"
/bin/hostname -f > /etc/hostname
%end

Install custom SSH keys for the root user:

%post --log=/var/log/post-install.log
echo "Install SSH keys for the root user"
mkdir -m 0700 /root/.ssh/
cat <<EOF >/root/.ssh/authorized_keys
  ..........KEYS...........
EOF
chmod 0600 /root/.ssh/authorized_keys
restorecon -R /root/.ssh/
%end

Footnotes

Anaconda Documentation
https://anaconda-installer.readthedocs.io
https://github.com/rhinstaller/anaconda
https://fedoraproject.org/wiki/Anaconda ↩︎
Lorax Project
https://github.com/weldr/lorax
https://weldr.io/lorax/lorax.html ↩︎
Kickstart Documentation
http://pykickstart.readthedocs.io/en/latest/kickstart-docs.html ↩︎

--- title: Anaconda & Kickstart subtitle: Enterprise Linux Installation categories: - Linux date: 2015/11/05 date-modified: 2024/02/14 toc-expand: 3 --- ### Prerequisites Install/configure DHCP and HTTP services: ```sh # Install a web-server >>> yum -y install httpd && systemctl enable httpd && systemctl start httpd >>> firewall-cmd --permanent --add-service=http && firewall-cmd --reload # Disable SELinux >>> grep ^SELINUX= /etc/selinux/config SELINUX=disabled >>> setenforce 0 && sestatus ``` Add an iPXE configuration to the DHCP server… ```sh >>> yum -y install tftp-server >>> cat /etc/dnsmasq.d/ipxe.conf enable-tftp tftp-root=/var/lib/tftpboot dhcp-userclass=set:ipxe,iPXE dhcp-boot=tag:#ipxe,undionly.kpxe dhcp-boot=tag:ipxe,http://10.1.1.27:80/menu.ipxe # restart dnsmasq # build iPXE and copy the boot image >>> yum -y install gcc binutils make perl syslinux xz-devel genisoimage git >>> git clone git://git.ipxe.org/ipxe.git ipxe && cd ipxe/src >>> make bin/undionly.kpxe && cp bin/undionly.kpxe /var/lib/tftpboot ``` Extract boot images from the official source, [CentOS mirros](http://isoredirect.centos.org/centos/7/isos/x86_64/) ```bash www=/var/www/html curl -o /tmp/centos.iso http://centos.mirror.net-d-sign.de/7/isos/x86_64/CentOS-7-x86_64-Minimal-1611.iso mount -o loop /tmp/centos.iso /mnt mkdir -p ${www}/boot/centos/7/1611 && cp -r /mnt/* ${www}/boot/centos/7/1611 umount /mnt ln -s ${www}/boot/centos/7/1611 ${www}/boot/centos/current ``` More then 1GB memory required for the CentOS LiveOS! ## Anaconda Anaconda [^bXTVm] installation program used by Enterprise Linux… - …install the operating system software on the target computer [^bXTVm]: Anaconda Documentation <https://anaconda-installer.readthedocs.io> <https://github.com/rhinstaller/anaconda> <https://fedoraproject.org/wiki/Anaconda> Lorax [^SFAE8] tool is used to create the Anaconda installer `boot.iso` [^SFAE8]: Lorax Project <https://github.com/weldr/lorax> <https://weldr.io/lorax/lorax.html> ### Network Configuration Network connection missing? * Check if the require network device is available with `ip a` * If the device is visible check the NetworkManager configuration NetworkManager configuration (logs to `/tmp/syslog`): * [Anaconda Boot Options](https://github.com/rhinstaller/anaconda/blob/master/docs/boot-options.rst) can be used to enable network (e.g. to download a kickstart file) * Anaconda is communicating with NetworkManager mostly with `ifcfg` files located in `/etc/sysconfig/netwrok-scripts/ifcfg-<device name>` * Note that the Kickstart `network` option can be used both to enable and configure devices also! ### Boot Configuration Boot into the interactive installation: ```sh >>> cat /var/www/html/centos/boot/menu.ipxe #!ipxe set base http://lxdev01.devops.test/centos/boot kernel ${base}/images/pxeboot/vmlinuz initrd=initrd.img inst.repo=${base} inst.text inst.ks=http://lxdev01.devops.test/kickstart/base.cfg initrd ${base}/images/pxeboot/initrd.img boot || goto shell ``` List of kernel arguments: ```sh inst.repo=http:// # location of the install source inst.proxy=http:// # HTTP proxy for the installation inst.ks=http://... # location of the kickstart file inst.text # use text-base UI inst.headless # no display during installation inst.sshd # SSH login during installation inst.loglevel=<debug|info|warning|error|critical> ``` ### Target System Mount points used by the installer… - `/mnt/sysimage` …physical root of the target system - `/mnt/sysroot` …mount point of the system root of the target system - …recommended to be used for `chroot` ## Kickstart Kickstart [^1fyo4] provides a method to **automate** the installation of Enterprise Linux... [^1fyo4]: Kickstart Documentation <http://pykickstart.readthedocs.io/en/latest/kickstart-docs.html> The **kickstart file** contains answers for the Anaconda installer program: * …simple text file …list of items, each identified by a keyword * …omitting required items prompts the user for an interactive answer Simple kickstart file: ```sh ## Common Section ## install # install a fresh system url --url="http://...." # from a remote server over HTTP reboot # reboot automatically keyboard --vckeymap=us # keyboard layout lang en_US.UTF-8 # system language timezone Europe/Berlin # system timezone # dummy accounts for a test environment auth --enableshadow --passalgo=sha512 rootpw --plaintext root user --name=devops --password=devops --plaintext # enable DHPC, no IPv6 network --bootproto=dhcp --noipv6 zerombr # initialize invalid partition table ignoredisk --only-use=vda # ingnore disks except of vda clearpart --initlabel --all # overwrite all partitions # partition layout and file-systems part / --ondisk=vda --asprimary --fstype=ext4 --size=8192 part /var --ondisk=vda --fstype=ext4 --size=8192 part /tmp --ondisk=vda --fstype=ext4 --size=8192 --maxsize=20480 --grow part /srv --ondisk=vda --asprimary --fstype=ext4 --size=10240 --grow ``` ### Package Section Lists the packages you would like to install: * `%packages` begins the section listing packages, must end with the `%end` * Leading *dash* excludes packages//groups from the installation Minimal base system: ```sh ## Package Section ## %packages --nobase --excludedocs @core --nodefaults %end ``` Deploy a configuration management e.g. Chef: ```sh ## This repository should host the chef packages from chef.io repo --name=site --baseurl="http://lxdev01.devops.test/repo" ## Add the client package to be installed %packages ... chef %end ``` ### Storage Related commands... - `ignoredisk` safeguard storage device from partitioning - `zerombr` initialize unrecognizable storage devices - `clearpart` remove partitions (non by default) - `part`/`partition` partition storage devices - `raid` Linux software RAID...`mdadm` - `volgroup` LVM volume groups... Log is written to `/tmp/storage.log` Boot device (non EFI) on first SATA device.... ```sh clearpart --all zerombr ignoredisk --only-use=sda part / --ondisk=sda --asprimary --fstype=xfs --size=20000 part /var --ondisk=sda --fstype=xfs --size=100000 part /tmp --ondisk=sda --fstype=xfs --size=35000 --grow part swap --ondisk=sda --size=10000 ``` Boot device (EFI) on first NVMe device... ```sh clearpart --all zerombr ignoredisk --only-use=nvme0n1 part /boot/efi --fstype=efi --size=20 --grow --maxsize=200 part /boot --fstype=ext4 --size=1024 part / --fstype=xfs --size=20000 --asprimary part /var --fstype=xfs --size=100000 part /tmp --fstype=xfs --size=35000 --grow part swap --size=128000 ``` RAID mirror for `/var/spool` using two NVMe devices... ```sh # ...make sure to clean any additonal devices... clearpart --all --initlabel --drives=sda,nvme* part raid.01 --ondisk=nvme0n1 --fstype="mdmember" --size=1 --grow part raid.02 --ondisk=nvme1n1 --fstype="mdmember" --size=1 --grow raid --level=RAID1 --device=spool --fstype=ext4 /var/spool raid.01 raid.02 ``` ### Post Installation Commands to run on the system once the installation is complete… - …section starts with the `%post` command …closed with corresponding `%end` - …`--log=/var/log/name.log` …write output to a log-file - …`--erroronfail` …halt installation of failure - …`--nochroot` …run outside the chroot environment - …`--interpreter /usr/bin/python` …non-default interpreter Add the FQDN to `/etc/hostname`: ```sh %post --log=/var/log/post-install.log echo "Write hostname to /etc/hostname" /bin/hostname -f > /etc/hostname %end ``` Install custom SSH keys for the root user: ```sh %post --log=/var/log/post-install.log echo "Install SSH keys for the root user" mkdir -m 0700 /root/.ssh/ cat <<EOF >/root/.ssh/authorized_keys ..........KEYS........... EOF chmod 0600 /root/.ssh/authorized_keys restorecon -R /root/.ssh/ %end ```