This repository provides automated installation configurations for:
- RHEL 8+, Fedora 38+ and compatible (
lf-rhel.cfg, Kickstart format) - Debian 11+ (
lf-debian.cfg, Preseed format) - Ubuntu 20.04+ (
lf-ubuntu.cfg, Autoinstall format)
Kickstart files contain answers to all questions normally asked by the installation program, such as what time zone you want the system to use, how the drives should be partitioned, or which packages should be installed. Providing a prepared kickstart file when the installation begins therefore allows you to perform the installation automatically, without need for any intervention from the user. This is especially useful when deploying Red Hat Enterprise Linux (RHEL) on a large number of systems at once.
Kickstart files can be kept on a single server system and read by individual computers during the installation. This installation method can support the use of a single kickstart file to install RHEL and compatible on multiple machines, making it ideal for network and system administrators. (Source)
This kickstart file can be used by booting from an ISO file, then either
- BIOS: pressing
ESCon the first screen and providing these cmdline arguments (line breaks are only for better readability):
boot: linux inst.ks=https://linuxfabrik.ch/ks
[lftype=cis|cloud|cloud-cis|minimal]
[lfdisk=$DISK]
[ip=[IPADDRESS]::GATEWAY:NETMASK::INTERFACE:none]
[nameserver=NAMESERVER]
[...]
- UEFI: pressing
eon the "Install ..." entry and appending the following to thelinuxeficmdline (line breaks are only for better readability), then booting by pressingCtrl-X.
linuxefi ... inst.ks=https://linuxfabrik.ch/ks
[lftype=cis|cloud|cloud-cis|minimal]
[lfdisk=$DISK]
[ip=[IPADDRESS]::GATEWAY:NETMASK::INTERFACE:none]
[nameserver=NAMESERVER]
[...]
Note that ip= is an array (for providing multiple IP addresses), so the inner brackets are mandatory.
For convenience, we provide https://linuxfabrik.ch/ks as a shortened URL to https://raw.githubusercontent.com/Linuxfabrik/kickstart/main/lf-rhel.cfg.
- Supports RHEL 8+, Fedora 38+ and compatible.
- Works on legacy BIOS as well as UEFI.
- The kickstart file is intended to provide a minimal installation, with
firewallddisabled and SELinux in "Enforcing" mode. - Can be installed on a user-defined disk by specifying the kernel cmdline argument
lfdisk=$DISK. If unset, it tries to find the first block device, in the ordervda>sda>nvme0n1, and fails otherwise. - There are two users:
linuxfabrikandroot. The root account is always locked and has no password or SSH keys. Login with thelinuxfabrikuser, which is also part of thewheelgroup.sudois configured to gain root.
The kickstart file can be used to install different types of minimal installs by setting the kernel cmdline argument lftype=:
lftype= |
Install Type | Partitioning Scheme | Password of User linuxfabrik |
SSH Keys of User linuxfabrik |
|---|---|---|---|---|
cis |
Minimal | CIS, LVM | password |
Those of Linuxfabrik |
cloud |
Minimal | Minimal, LVM | unset (inject via cloud-init) |
none (inject via cloud-init) |
cloud-cis |
Minimal | CIS, LVM | unset (inject via cloud-init) |
none (inject via cloud-init) |
minimal (default) |
Minimal | Minimal, LVM | password |
Those of Linuxfabrik |
RHEL:
inst.loglevel=[debug|info]: Note: Option is removed in RHEL9 and is always set to debuginst.ks=[hd:<device>:<path>|[http,https,ftp]://<host>/<path>|nfs:[<options>:]<server>:/<path>(MANDATORY)inst.noverifyssl: Prevents Anaconda from verifying the ssl certificate for all HTTPS connections ("insecure")inst.nosave=[<option1>,]<option2>(options:input_ks,output_ks,all_ks,logs,all)inst.rescue- more Kernel Cmdline Arguments
Specific to this kickstart file:
lfdisk=$DISK: User-defined disk for installing the OS. Default: unset (so tries to find the first block device, in the ordervda>sda>nvme0n1, and fails otherwise).lftype: See table above. Defaults tominimal.
This kickstart includes an additional kickstart /tmp/dynamic.ks. This /tmp/dynamic.ks file is generated in a kickstart pre-script.
At the beginning of the pre-script the available Python version is determined, the Python script is written to /tmp/pre-script.py and executed.
The Python script then generates the /tmp/dynamic.ks.
This Python script can be modified as follows:
lfkeysAn array of SSH keys that will be installed for either therootorlinuxfabrikuser depending onlftypeas documented above.packages_<lftype>An array with package names for a<lftype>install.part_<lftype>An array of kickstartlogvollines that define logical volumes for<lftype>as documented in Fedora Kickstart Syntax Reference: logvolpost_<lftype>A multiline string containing the postscript for<lftype>. Will be executed by/bin/sh.
This kickstart file does not work for RHEL 7- (and compatible).
Test combinations:
- OS: rocky8, rocky9, rocky10
- Firmware: BIOS, UEFI
- Disk: vda, sda
lftype:cis,cloud,cloud-cis,minimal
What to test within the VM:
- Console login using "root": Should not work (account is locked, no password).
- Console login using "linuxfabrik" + "password": Should work on non-cloud. On cloud, password depends on cloud-init.
ip a: Should get an IP.ssh root@vm: Should not work.ssh linuxfabrik@vm: Should work on non-cloud. On cloud, it depends on cloud-init.sudo su -: Should work.cat /etc/shadow: Should show that root's password is locked.df -hT: Three partitions (/,/backup,/boot) on non-cis, eight partitions on cis.lvs: Should work.sudo dnf -y install nano: Should work.systemctl status cloud-init: Not found on non-cloud, should work on cloud.systemctl status firewalld: Should be inactive on non-cloud. On cloud, firewalld is removed.ll /root: Should list at least two Anaconda files.
page_poison=1kernel cmdline option installed by bootloader cmd can leave the system unbootable due to a buggy UEFI firmware. This was observed with TianoCore firmware on qemu. Remove this option to boot. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/known-issues.- Fedora 38: We observed problems booting into the installer. Try
inst.neednet=1 rd.debugto get to the installer. - Last resort: If this Kickstart file doesn't work, copy it to a webserver and modify it to suit your needs.
- Fedora Kickstart Syntax
- RHEL 8 Kickstart Syntax
- RHEL 9 Kickstart Syntax
- Rocky 8 Generic Cloud LVM Kickstart
- OpenStack Image Requirements
Preseed provides a way to set answers to questions asked during the Debian installation process, without having to manually enter the answers while the installation is running. This makes it possible to fully automate Debian installations. (Source)
Note: Preseed only works with the Debian Installer (d-i). It does not work with Ubuntu 20.04+ (which uses autoinstall/subiquity).
Boot from a Debian netinst or DVD ISO, press ESC at the boot menu, then:
boot: auto url=http://<server>/<path>/lf-debian.cfg
- Supports Debian 11+ (Bullseye and newer).
- Works on legacy BIOS as well as UEFI (GPT partitioning).
- Provides a minimal server installation with LVM partitioning (
/,/backup,/boot, swap). - Installs on the first available disk (
/dev/vda,/dev/sdaor/dev/nvme0n1). - There are two users:
linuxfabrikandroot. The root account is not created (disabled). Login with thelinuxfabrikuser, which has password-less sudo. The default password ispassword(change after first login). - SSH server is installed and Linuxfabrik SSH keys are deployed.
- The system shuts down after installation.
Test combinations:
- OS: Debian 11, Debian 12
- Firmware: BIOS, UEFI
- Disk: vda, sda
What to test within the VM:
- Console login using "root": Should not work (no root account).
- Console login using "linuxfabrik" + "password": Should work.
ip a: Should get an IP.ssh root@vm: Should not work.ssh linuxfabrik@vm: Should work.sudo su -: Should work.df -hT: Three partitions (/,/backup,/boot).lvs: Should work.sudo apt install -y nano: Should work.
Ubuntu's autoinstall provides a way to perform unattended installations of Ubuntu Server. It uses a YAML configuration file to answer all installation questions automatically, similar to Kickstart on RHEL. Autoinstall is available on Ubuntu 20.04+ and uses the subiquity installer. (Source)
Note: Autoinstall does not work with Debian, which uses a different system called preseed.
Serve lf-ubuntu.cfg as user-data alongside an empty meta-data file via HTTP, then boot from an Ubuntu Server ISO and append to the kernel cmdline:
autoinstall ds=nocloud-net;s=http://<server>/<path>/
- Supports Ubuntu 20.04+ (subiquity installer).
- Targets UEFI systems (see comments in the file for BIOS adaptation).
- Provides a minimal server installation with LVM partitioning (
/,/backup,/boot, swap). - There are two users:
linuxfabrikandroot. The root account is locked with no password. Login with thelinuxfabrikuser, which has password-less sudo. The default password ispassword(change after first login). - SSH server is installed and Linuxfabrik SSH keys are deployed.
ufwandkdumpare disabled.- The system shuts down after installation.
Test combinations:
- OS: Ubuntu 22.04, Ubuntu 24.04
- Firmware: UEFI
What to test within the VM:
- Console login using "root": Should not work (account is locked).
- Console login using "linuxfabrik" + "password": Should work.
ip a: Should get an IP.ssh root@vm: Should not work.ssh linuxfabrik@vm: Should work.sudo su -: Should work.cat /etc/shadow: Should show that root's password is locked.df -hT: Three partitions (/,/backup,/boot).lvs: Should work.sudo apt install -y nano: Should work.
