From 9525d37a393f03fe191397ac68ad1c82fb99880d Mon Sep 17 00:00:00 2001 From: Petr Bokoc Date: Oct 23 2018 13:24:06 +0000 Subject: Issue 6 - add new KS and boot options from F27 and F28 --- diff --git a/modules/install-guide/pages/advanced/Boot_Options.adoc b/modules/install-guide/pages/advanced/Boot_Options.adoc index 58bdcbc..4c113bd 100644 --- a/modules/install-guide/pages/advanced/Boot_Options.adoc +++ b/modules/install-guide/pages/advanced/Boot_Options.adoc @@ -89,6 +89,8 @@ By default, this boot option is used on the installation media and set to a spec ==== +[option]#inst.stage2.all=#:: With this boot option, the stage 2 image will be fetched from HTTP, HTTPS and FTP locations which are specified using the [option]#inst.stage2=# option sequentially in the order they are specified, until the image is successfully fetched. All other locations will be ignored. + [option]#inst.dd=#:: If you need to perform a driver update during the installation, use the [option]#inst.dd=# option. It can be used multiple times. The location of a driver RPM package can be specified using any of the formats described in xref:Boot_Options.adoc#tabl-boot-options-sources[Installation Sources]. With the exception of the [option]#inst.dd=cdrom# option, the device name must always be specified. For example: + [subs="quotes, macros"] @@ -134,6 +136,8 @@ In the above example, _next-server_ is the DHCP `next-server` option or the IP a |`192.168.122.1`|`192.168.122.100`|`192.168.122.1`:pass:attributes[{blank}]`/kickstart/192.168.122.100-kickstart` |=== +[option]#inst.ks.all=#:: With this boot option, the Kickstart file will be fetched from HTTP, HTTPS and FTP locations which are specified using the [option]#inst.ks=# option sequentially in the order they are specified, until the file is successfully fetched. All other locations will be ignored. + [option]#inst.ks.sendmac#:: Adds headers to outgoing `HTTP` requests with the MAC addresses of all network interfaces. For example: + [subs="quotes, macros"] @@ -194,6 +198,8 @@ If this option is not specified, [application]*Anaconda* will use `provider_fedo [option]#inst.usefbx#:: Tells the installation program to use the frame buffer `X` driver instead of a hardware-specific driver. This option is equivalent to [option]#inst.xdriver=fbdev#. +[option]#inst.xtimeout=#:: Specifies a timeout period (in seconds) the installer will wait before starting the [application]*X* server. + [option]#modprobe.blacklist=#:: Blacklists (completely disables) one or more drivers. Drivers (mods) disabled using this option will be prevented from loading when the installation starts, and after the installation finishes, the installed system will keep these settings. The blacklisted drivers can then be found in the `/etc/modprobe.d/` directory. + Use a comma-separated list to disable multiple drivers. For example: @@ -211,6 +217,8 @@ During the installation, the `root` account has no password by default. You can ==== +[option]#inst.decorated=#:: Starting with Fedora 27, the graphical installer window has no decorations. Use this option to enable window decorations again. + [[sect-boot-options-network]] === Network Boot Options diff --git a/modules/install-guide/pages/appendixes/Kickstart_Syntax_Reference.adoc b/modules/install-guide/pages/appendixes/Kickstart_Syntax_Reference.adoc index 60809be..2d38d59 100644 --- a/modules/install-guide/pages/appendixes/Kickstart_Syntax_Reference.adoc +++ b/modules/install-guide/pages/appendixes/Kickstart_Syntax_Reference.adoc @@ -25,7 +25,7 @@ You could use an entry similar to one of the following: part / --fstype=xfs --onpart=/dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:0-part1 part / --fstype=xfs --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1 - + ---- This provides a consistent way to refer to disks that is more meaningful than just `sda`. This is especially useful in large storage environments. @@ -119,7 +119,7 @@ The default installation mode. You must specify the type of installation from `c [command]#install# [command]#liveimg --url=file:///images/install/squashfs.img --noverifyssl# - + ---- The installation method commands are: @@ -133,7 +133,7 @@ The installation method commands are: [command]#install# [command]#harddrive --partition= | --biospart= [--dir=]# - + ---- + [option]#--partition=#::: Partition to install from (such as `sdb2`). @@ -151,7 +151,7 @@ This command also supports installation from tar archives of the root file syste [command]#install# [command]#liveimg --url= [--proxy= | --checksum= | --noverifyssl=]# - + ---- + [option]#--url=#::: The location to install from. Supported protocols are `HTTP`, `HTTPS`, `FTP`, and `file`. @@ -169,7 +169,7 @@ This command also supports installation from tar archives of the root file syste [command]#install# [command]#nfs --server= [--dir=] [--opts= ]# - + ---- + [option]#--server=#::: Host name of the server. @@ -185,7 +185,7 @@ This command also supports installation from tar archives of the root file syste [command]#install# [command]#url --url= | --mirrorlist= [--proxy= | --noverifyssl]# - + ---- + [option]#--url=#::: The location to install from. Supported protocols are `http`, `https`, `ftp`, and `file`. @@ -250,6 +250,26 @@ Repositories used for installation must be stable. The installation may fail if [option]#--noverifyssl#:: Disable SSL verification when connecting to an `HTTPS` server. +[[sect-kickstart-commands-url]] +=== url (optional) - Install from an installation tree on a remote server via FTP or HTTP. + +Install from an installation tree on a remote server via FTP or HTTP. + +[option]#--proxy=#:: Specify an HTTP/HTTPS/FTP proxy to use while performing the install. The various parts of the argument act like you would expect. The syntax is: ++ +[subs="quotes, macros"] +---- +[protocol://][username[:password]@]host[:port] +---- + +[option]#--noverifyssl#:: For a tree on a HTTPS server do not check the server’s certificate with what well-known CA validate and do not check the server’s host name matches the certificate’s domain name. + +[option]#--url=#:: The URL to install from. Variable substitution is done for `$releasever` and `$basearch` in the URL. + +[option]#--mirrorlist=#:: The mirror URL to install from. Variable substitution is done for `$releasever` and `$basearch` in the URL. + +[option]#--metalink=#:: The metalink URL to install from. Variable substitution is done for `$releasever` and `$basearch` in the URL. + [[sect-kickstart-commands-storage]] == Storage and Partitioning @@ -373,7 +393,7 @@ To generate an encrypted password, use the [command]#grub2-mkpasswd-pbkdf2# comm ---- [command]#bootloader --iscrypted --password=grub.pbkdf2.sha512.10000.5520C6C9832F3AC3D149AC0B24BE69E2D4FB0DBEEDBD29CA1D30A044DE2645C4C7A291E585D4DC43F8A4D82479F8B95CA4BA4381F8550510B75E8E0BB2938990.C688B6F0EF935701FF9BD1A8EC7FE5BD2333799C98F28420C5CC8F1A2A233DE22C83705BB614EA17F3FDFDF4AC2161CEA3384E56EB38A2E39102F5334C47405E# - + ---- [option]#--timeout=#:: Specifies the amount of time the boot loader will wait before booting the default option (in seconds). @@ -395,7 +415,7 @@ Create a Btrfs volume or subvolume. For a volume, the syntax is: ---- [command]#btrfs _mntpoint_ --data=pass:attributes[{blank}]_level_ --metadata=pass:attributes[{blank}]_level_ [--label=] _partitions_pass:attributes[{blank}]# - + ---- One or more partitions can be specified in _partitions_. When specifying more than one partitions, the entries must be separated by a single space. See xref:Kickstart_Syntax_Reference.adoc#exam-kickstart-create-btrfs[Creating Btrfs Volumes and Subvolumes] for a demonstration. @@ -406,7 +426,7 @@ For a subvolume, the syntax is: ---- [command]#btrfs _mntpoint_ --subvol --name=pass:attributes[{blank}]_name_ _parent_pass:attributes[{blank}]# - + ---- _parent_ should be the identifier of the subvolume's parent volume, _name_ with a name for the subvolume, and _mntpoint_ is the location where the file system is mounted. @@ -441,7 +461,7 @@ The following example shows how to create a Btrfs volume from member partitions [command]#btrfs none --data=0 --metadata=1 --label=f{PRODVER} btrfs.01 btrfs.02 btrfs.03# [command]#btrfs / --subvol --name=root LABEL=f{PRODVER}# [command]#btrfs /home --subvol --name=home f{PRODVER}# - + ---- ==== @@ -783,7 +803,7 @@ Create one or more partitions first using xref:Kickstart_Syntax_Reference.adoc#s [command]#part pv.01 --size 3000# [command]#volgroup myvg pv.01# [command]#logvol / --vgname=myvg --size=2000 --name=rootvol# - + ---- [[sect-kickstart-commands-part]] @@ -797,7 +817,7 @@ For a detailed example of [command]#part# in action, see xref:Kickstart_Syntax_R ---- [command]#part|partition _mntpoint_ --name=pass:attributes[{blank}]_name_ --device=pass:attributes[{blank}]_device_ --rule=pass:attributes[{blank}]_rule_ [pass:attributes[{blank}]_options_pass:attributes[{blank}]]# - + ---- [WARNING] @@ -967,7 +987,7 @@ Assembles a software RAID device. This command is of the form: ---- raid mntpoint --level=level --device=mddevice partitions* - + ---- For a detailed example of [command]#raid# in action, see xref:Kickstart_Syntax_Reference.adoc#sect-kickstart-example-advanced-partitioning[Advanced Partitioning Example]. @@ -1031,7 +1051,7 @@ The following example shows how to create a RAID level 1 partition for `/`, and [command]#raid / --level=1 --device=f{PRODVER}-root --label=f{PRODVER}-root raid.01 raid.02 raid.03# [command]#raid /home --level=5 --device=f{PRODVER}-home --label=f{PRODVER}-home raid.11 raid.12 raid.13# - + ---- ==== @@ -1094,7 +1114,7 @@ Create one or more partitions first using xref:Kickstart_Syntax_Reference.adoc#s [command]#part pv.01 --size 3000# [command]#volgroup myvg pv.01# [command]#logvol / --vgname=myvg --size=2000 --name=rootvol# - + ---- [[sect-kickstart-commands-zerombr]] @@ -1253,6 +1273,34 @@ For example: [command]#network --bootproto=dhcp --device=em1# ---- +[option]#--bindto=#:: Optional. Allows to specify how the connection configuration created for the device should be bound. If the option is not used, the connection binds to interface name (`DEVICE` value in ifcfg file). For virtual devices (bond, team, bridge) it configures binding of slaves. Not applicable to vlan devices. ++ +Note that this option is independent of how the `--device` is specified. ++ +Currently only the value `mac` is suported. `--bindto=mac` will bind the connection to MAC address of the device (`HWADDR` value in the `ifcfg` file). ++ +For example: ++ +[subs="quotes, macros"] +---- +[command]#network --device=01:23:45:67:89:ab --bootproto=dhcp --bindto=mac# +---- ++ +The above will bind the configuration of the device specified by MAC address `01:23:45:67:89:ab` to its MAC address. ++ +[subs="quotes, macros"] +---- +network --device=01:23:45:67:89:ab --bootproto=dhcp +---- +The above will bind the configuration of the device specified by MAC address `01:23:45:67:89:ab` to its interface name (e.g. `ens3`). ++ +[subs="quotes, macros"] +---- +[command]#network --device=ens3 --bootproto=dhcp --bindto=mac# +---- ++ +The above will bind the configuration of the device specified by interface name `ens3` to its MAC address. + [option]#--ip=#:: IP address of the device. [option]#--ipv6=#:: IPv6 address of the device, in the form of _address_pass:attributes[{blank}][/pass:attributes[{blank}]_prefix_ _length_pass:attributes[{blank}]] - for example, `3ffe:ffff:0:1::1/128` . If _prefix_ is omitted, `64` will be used. You can also use `auto` for automatic configuration, or `dhcp` for DHCPv6-only configuration (no router advertisements). @@ -1351,7 +1399,7 @@ See also the [option]#--teamconfig=# option. ---- [command]#network --device team0 --activate --bootproto static --ip=10.34.102.222 --netmask=255.255.255.0 --gateway=10.34.102.254 --nameserver=10.34.39.2 --teamslaves="p3p1'{\"prio\": -10, \"sticky\": true}',p3p2'{\"prio\": 100}'" --teamconfig="{\"runner\": {\"name\": \"activebackup\"}}"# - + ---- [option]#--bridgeslaves=#:: When this option is used, the network bridge with device name specified using the [option]#--device=# option will be created and devices defined in the [option]#--bridgeslaves=# option will be added to the bridge. For example: @@ -1488,63 +1536,21 @@ Do not use this command in a Kickstart file that does not install the [applicati The commands below are used to control user accounts, groups, and related areas. -[[sect-kickstart-commands-auth]] -=== auth or authconfig (optional) - Configure Authentication - -Sets up the authentication options for the system using the [command]#authconfig# command, which can also be run on a command line after the installation finishes. See the `authconfig(8)` manual page and the [command]#authconfig --help# command for more details. Passwords are shadowed by default. - -[subs="quotes, macros"] ----- - -[command]#auth [--enablenis | --nisdomain= | --nisserver= | --enableshadow | --enableldap | --enableldapauth | --ldapserver= | --ldapbasedn= | --enableldaptls | --disableldaptls | --enablekrb5 | --krb5realm= | --krb5kdc= | --krb5adminserver= | --enablehesiod | --hesiodlhs= | --hesiodrhs= | --enablesmbauth | --smbservers= | --smbworkgroup= | --enablecache | --passalgo=]# - ----- - -[option]#--enablenis#:: Turns on NIS support. By default, [option]#--enablenis# uses whatever domain it finds on the network. A domain should almost always be set by hand with the [option]#--nisdomain=# option. - -[option]#--nisdomain=#:: NIS domain name to use for NIS services. - -[option]#--nisserver=#:: Server to use for NIS services (broadcasts by default). - -[option]#--useshadow#pass:attributes[{blank}]or [option]#--enableshadow#:: Use shadow passwords. Active by default. - -[option]#--enableldap#:: Turns on LDAP support in `/etc/nsswitch.conf`, allowing your system to retrieve information about users (for example, their UIDs, home directories, and shells) from an LDAP directory. To use this option, you must install the [package]*nss-pam-ldapd* package. You must also specify a server and a base _DN_ (distinguished name) with [option]#--ldapserver=# and [option]#--ldapbasedn=#. - -[option]#--enableldapauth#:: Use LDAP as an authentication method. This enables the `pam_ldap` module for authentication and changing passwords, using an LDAP directory. To use this option, you must have the [package]*nss-pam-ldapd* package installed. You must also specify a server and a base DN with [option]#--ldapserver=# and [option]#--ldapbasedn=#. If your environment does not use _TLS_ (Transport Layer Security), use the [option]#--disableldaptls# switch to ensure that the resulting configuration file works. - -[option]#--ldapserver=#:: If you specified either [option]#--enableldap# or [option]#--enableldapauth#, use this option to specify the name of the LDAP server to use. This option is set in the `/etc/ldap.conf` file. - -[option]#--ldapbasedn=#:: If you specified either [option]#--enableldap# or [option]#--enableldapauth#, use this option to specify the DN in your LDAP directory tree under which user information is stored. This option is set in the `/etc/ldap.conf` file. - -[option]#--enableldaptls#:: Use TLS (Transport Layer Security) lookups. This option allows LDAP to send encrypted usernames and passwords to an LDAP server before authentication. - -[option]#--disableldaptls#:: Do not use TLS (Transport Layer Security) lookups in an environment that uses LDAP for authentication. - -[option]#--enablekrb5#:: Use Kerberos 5 for authenticating users. Kerberos itself does not know about home directories, UIDs, or shells. If you enable Kerberos, you must make users' accounts known to this workstation by enabling LDAP, NIS, or Hesiod or by using the [command]#useradd# command. If you use this option, you must have the [package]*pam_krb5* package installed. - -[option]#--krb5realm=#:: The Kerberos 5 realm to which your workstation belongs. - -[option]#--krb5kdc=#:: The KDC (or KDCs) that serve requests for the realm. If you have multiple KDCs in your realm, use a comma-separated list without spaces. +[[sect-kickstart-commands-authconfig]] +=== auth or authconfig (optional) - Configure Authentication (deprecated) -[option]#--krb5adminserver=#:: The KDC in your realm that is also running kadmind. This server handles password changing and other administrative requests. This server must be run on the master KDC if you have more than one KDC. - -[option]#--enablehesiod#:: Enables Hesiod support for looking up user home directories, UIDs, and shells. More information on setting up and using Hesiod on your network is in `/usr/share/doc/glibc-2.x.x/README.hesiod`, which is included in the [package]*glibc* package. Hesiod is an extension of DNS that uses DNS records to store information about users, groups, and various other items. - -[option]#--hesiodlhs=# and [option]#--hesiodrhs=#:: The `Hesiod` LHS (left-hand side) and RHS (right-hand side) values, set in `/etc/hesiod.conf`. The `Hesiod` library uses these values to search DNS for a name, similar to the way that `LDAP` uses a base DN. -+ -To look up user information for the username `jim`, the Hesiod library looks up `jim.passwdpass:attributes[{blank}]_LHS_pass:attributes[{blank}]pass:attributes[{blank}]_RHS_pass:attributes[{blank}]`, which should resolve to a TXT record that contains a string identical to an entry for that user in the `passwd` file: `jim:*:501:501:Jungle Jim:/home/jim:/bin/bash`. To look up groups, the Hesiod library looks up `jim.grouppass:attributes[{blank}]_LHS_pass:attributes[{blank}]pass:attributes[{blank}]_RHS_pass:attributes[{blank}]` instead. -+ -To look up users and groups by number, make `501.uid` a CNAME for `jim.passwd`, and `501.gid` a CNAME for `jim.group`. Note that the library does not place a period (`.`) in front of the LHS and RHS values when performing a search. Therefore, if the LHS and RHS values need to have a period placed in front of them, you must include the period in the values you set for [option]#--hesiodlhs=# and [option]#--hesiodrhs=#. - -[option]#--enablesmbauth#:: Enables authentication of users against an SMB server (typically a Samba or Windows server). SMB authentication support does not know about home directories, UIDs, or shells. If you enable SMB, you must make users' accounts known to the workstation by enabling LDAP, NIS, or Hesiod or by using the [command]#useradd# command. +[IMPORTANT] +==== +This command has been deprecated by [command]#authselect#. Using it will invoke the authconfig compatibility tool; however, it is highly recommended to use [command]#authselect# instead. +==== -[option]#--smbservers=#:: The name of the servers to use for SMB authentication. To specify more than one server, separate the names with commas (`,`). +Sets up the authentication options for the system using the [command]#authconfig# command, which can also be run on a command line after the installation finishes. See the `authconfig(8)` manual page and the [command]#authconfig --help# command for more details. Passwords are shadowed by default. -[option]#--smbworkgroup=#:: The name of the workgroup for the SMB servers. +[[sect-kickstart-commands-authselect]] +=== authselect (optional) - Configure Authentication -[option]#--enablecache#:: Enables the `nscd` service. The `nscd` service caches information about users, groups, and various other types of information. Caching is especially helpful if you choose to distribute information about users and groups over your network using `NIS`, `LDAP`, or `Hesiod`. +This command sets up the authentication options for the system. This is just a wrapper around the [command]#authselect# program, so all options recognized by that program are valid for this command. See the `authselect(8)` for a complete list. Passwords are shadowed by default. -[option]#--passalgo=#:: Specify [option]#sha256# to set up the SHA-256 hashing algorithm or [option]#sha512# to set up the SHA-512 hashing algorithm. [[sect-kickstart-commands-group]] === group (optional) - Create User Group @@ -1569,7 +1575,7 @@ This command can be used to set custom requirements (policy) such as length and ---- [command]#pwpolicy _name_ [--minlen=pass:attributes[{blank}]_length_pass:attributes[{blank}]] [--minquality=pass:attributes[{blank}]_quality_pass:attributes[{blank}]] [--strict|nostrict] [--emptyok|noempty] [--changesok|nochanges]# - + ---- The `libpwquality` library is used to check minimum password requirements (length and quality). You can use the [command]#pwscore# and [command]#pwmake# commands provided by the [package]*libpwquality* package to check the quality score of your chosen password, or to create a random password with a given score. See the `pwscore(1)` and `pwmake(1)` man pages for details about these commands. @@ -1607,7 +1613,7 @@ An example use of the [command]#pwpolicy# command is below: [command]#%anaconda# [command]#pwpolicy root --minlen=10 --minquality=60 --strict --notempty --nochanges# [command]#%end# - + ---- [[sect-kickstart-commands-realm]] @@ -1984,7 +1990,7 @@ To use an add-on in your Kickstart file, add the [command]#%addon _addon_name_ _ ---- %addon com_redhat_kdump --enable --reserve-mb=128%end - + ---- The [command]#%addon# section does not have any options of its own; all options depend on the add-on being used. @@ -2048,7 +2054,7 @@ Specifying an Environment:: In addition to groups, you specify an entire enviro %packages @^Infrastructure Server %end - + ---- + This command will install all packages which are part of the `Infrastracture Server` environment. All available environments are described in the `comps.xml` file. @@ -2063,7 +2069,7 @@ Specifying Groups:: Specify groups, one entry to a line, starting with an `@` s @Desktop @Sound and Video [command]#%end# - + ---- + The `Core` and `Base` groups are always selected - it is not necessary to specify them in the [command]#%packages# section. @@ -2080,7 +2086,7 @@ curl aspell docbook* %end - + ---- + The `docbook*` entry includes the packages [package]*docbook-dtds*, [package]*docbook-simple*, [package]*docbook-slides* and others that match the pattern represented with the wildcard. @@ -2094,7 +2100,7 @@ Excluding Environments, Groups, or Packages:: Use a leading dash (`-`) to speci -autofs -ipa*fonts %end - + ---- [IMPORTANT] @@ -2137,7 +2143,7 @@ The options in this list only apply to a single package group. Instead of using [command]#%packages# @Graphical Internet --optional [command]#%end# - + ---- [option]#--nodefaults#:: Only install the group's mandatory packages, not the default selections. @@ -2170,7 +2176,7 @@ The following options can be used to change the behavior of pre-installation scr [command]#%pre --interpreter=/usr/bin/python# --- Python script omitted -- [command]#%end# - + ---- [option]#--interpreter=#:: Allows you to specify a different scripting language, such as Python. Any scripting language available on the system can be used; in most cases, these will be `/usr/bin/sh`, `/usr/bin/bash`, and `/usr/bin/python`. @@ -2208,7 +2214,7 @@ The following options can be used to change the behavior of post-installation sc [command]#%post --interpreter=/usr/bin/python# --- Python script omitted -- [command]#%end# - + ---- [option]#--interpreter=#:: Allows you to specify a different scripting language, such as Python. For example: @@ -2230,7 +2236,7 @@ The following example copies the file `/etc/resolv.conf` to the file system that [command]#%post --nochroot# cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf [command]#%end# - + ---- [option]#--erroronfail#:: Display an error and halt the installation if the script fails. The error message will direct you to where the cause of the failure is logged. @@ -2290,7 +2296,7 @@ volgroup sysvg pv.01 logvol /var --vgname=sysvg --size=8000 --name=var logvol /var/freespace --vgname=sysvg --size=8000 --name=freespacetouse logvol /usr/local --vgname=sysvg --size=1 --grow --name=usrlocal - + ---- ==== @@ -2357,7 +2363,7 @@ echo "part / --fstype xfs --size 2048" >> /tmp/part-include echo "part /home --fstype xfs --size 2048 --grow" >> /tmp/part-include fi %end - + ---- This script determines the number of hard drives in the system and writes a text file with a different partitioning scheme depending on whether it has one or two drives. Instead of having a set of partitioning commands in the Kickstart file, include the following line: