Kickstart Syntax Reference

Options to pass to the installed kernel module. For example:

device i2c_piix4 --opts="aic152x=0x340 io=11"

Search for the driver disk image on a local partition. Replace partition with the name of the partition containing the driver disk. Note that the partition must be specified as a full path. For example:

driverdisk /dev/sdb1

Search for the driver disk in a network location instead of a local partition. For example:

driverdisk --source=ftp://path/to/dd.img

driverdisk --source=http://path/to/dd.img

driverdisk --source=nfs:hostname:/path/to/dd.img

BIOS partition containing the driver disk (for example, 82p2).

Install from the first optical (DVD) drive on the system.

Install from a tree or full installation ISO image on a local hard drive. The tree or ISO image must be on a file system which is mountable in the installation environment. Supported file systems are ext2, ext3, ext4, vfat, or xfs.

install
harddrive --partition= | --biospart= [--dir=]

Install from a disk image instead of packages. The image can be the squashfs.img file from a live ISO image, or any file system that the installation media can mount. Supported file systems are ext2, ext3, ext4, vfat, and xfs.

install
liveimg --url=  [--proxy= | --checksum= | --noverifyssl=]

Install from an NFS server specified. The NFS server must be exporting the full installation ISO image (such as the Fedora Server DVD) or its extracted contents.

install
nfs --server=  [--dir=] [--opts= ]

Install from a tree on a remote server via HTTP, HTTPS, or FTP.

install
url --url= | --mirrorlist= [--proxy= | --noverifyssl]

Management root for OS installation (required).

Management root for OS installation (optional).

Repository URL (required).

Name of branch inside the repository (required).

Disable GPG key verification (optional).

The repository ID. This option is required. If a repository has a name which conflicts with another previously added repository, it will be ignored. Because the installation program uses a list of pre-configured repositories, this means that you cannot add repositories with the same names as the preconfigured ones.

The repository URL. The variables that may be used in DNF repo configuration files are not supported. You may use one of either this option or --mirrorlist, not both.

The URL pointing at a list of mirrors for the repository. The variables that may normally be used in dnf repository configuration files are not supported here. You may use one of either this option or --baseurl, not both.

Make the repository configured in the Kickstart file available on the system after the installation as well. Creates a configuration file for the repository in /etc/yum.repos.d/ on the installed system.

An integer value to assign a cost to this repository. If multiple repositories provide the same packages, this number will be used to prioritize which repository will be used before another. Repositories with a lower cost take priority over repositories with higher cost.

A comma-separated list of package names that must not be pulled from this repository. This is useful if multiple repositories provide the same package and you want to make sure it comes from a particular repository. Both full package names (such as publican) and globs (such as gnome-*) are accepted.

A comma-separated list of package names and globs that must be pulled from this repository. This is useful if multiple repositories provide the same package and you want to make sure it comes from this repository.

Specify an HTTP, HTTPS or FTP proxy server to use when accessing this repository. This setting does not affect any other repositories or installation sources.

This option is used when composing installation trees and has no effect on the installation process itself. It tells the compose tools to not look at the package group information when mirroring trees so as to avoid mirroring large amounts of unnecessary data.

Disable SSL verification when connecting to an HTTPS server.

Specify an HTTP/HTTPS/FTP proxy to use while performing the install. The various parts of the argument act like you would expect. The syntax is:

[protocol://][username[:password]@]host[:port]

For a tree on a HTTPS server do not check the server’s certificate with what well-known CA validate and do not check the server’s host name matches the certificate’s domain name.

The URL to install from. Variable substitution is done for $releasever and $basearch in the URL.

The mirror URL to install from. Variable substitution is done for $releasever and $basearch in the URL.

The metalink URL to install from. Variable substitution is done for $releasever and $basearch in the URL.

Selects one of the predefined automatic partitioning schemes you want to use. Accepts the following values:

Specify a supported file system (such as ext4 or xfs) to replace the default when doing automatic partitioning.

Do not use LVM or Btrfs for automatic partitioning. This option is equal to --type=plain.

Encrypts all partitions. This is equivalent to checking the Encrypt partitions check box on the initial partitioning screen during a manual graphical installation.

Provides a default system-wide passphrase for all encrypted devices.

Stores data encryption keys of all encrypted volumes as files in /root, encrypted using the X.509 certificate from the URL specified with URL_of_X.509_certificate. The keys are stored as a separate file for each encrypted volume. This option is only meaningful if --encrypted is specified.

Adds a randomly-generated passphrase to each encrypted volume. Store these passphrases in separate files in /root, encrypted using the X.509 certificate specified with --escrowcert. This option is only meaningful if --escrowcert is specified.

Specifies which type of encryption will be used if the Anaconda default aes-xts-plain64 is not satisfactory. You must use this option together with the --encrypted option; by itself it has no effect. Available types of encryption are listed in the Fedora Security Guide, available at https://docs.fedoraproject.org/. Using either aes-xts-plain64 or aes-cbc-essiv:sha256 is strongly recommended.

Specifies which version of LUKS should be used to encrypt the system. Only relevant if --encrypted is also specified.

Sets Password-Based Key Derivation Function (PBKDF) algorithm for the LUKS keyslot. Only relevant if --encrypted is also specified. See the cryptsetup(8) man page for more information.

Sets the memory cost for PBKDF. Only relevant if --encrypted is also specified. See the cryptsetup(8) man page for more information.

Sets the number of miliseconds to spend with PBKDF passphrase processing. Only relevant if --encrypted is also specified. See information about the --iter-time option in the cryptsetup(8) man page for more information.

Sets the number of iterations for passphrase processing directly, and avoids PBKDF benchmark. Only relevant if --encrypted is also specified. See information about the --pbkdf-force-iterations option in the cryptsetup(8) man page for more information.

Specifies additional kernel parameters. To specify multiple parameters, separate them with spaces. For example:

bootloader --location=mbr --append="hdd=ide-scsi ide=nodma"

Specifies which drive the boot loader should be written to, and therefore which drive the computer will boot from. If you use a multipath device as the boot drive, specify only one member of the device.

Prevents the installation program from making changes to the existing list of bootable images on UEFI or ISeries/PSeries systems.

Specifies which drive is first in the BIOS boot order. For example:

bootloader --driveorder=sda,hda

Specifies where the boot record is written. Valid values are the following:

If using GRUB2 as the boot loader, sets the boot loader password to the one specified with this option. This should be used to restrict access to the GRUB2 shell, where arbitrary kernel options can be passed.

Normally, when you specify a boot loader password using the --password= option, it will be stored in the Kickstart file in plain text. If you want to encrypt the password, use this option and an encrypted password.

bootloader --iscrypted --password=grub.pbkdf2.sha512.10000.5520C6C9832F3AC3D149AC0B24BE69E2D4FB0DBEEDBD29CA1D30A044DE2645C4C7A291E585D4DC43F8A4D82479F8B95CA4BA4381F8550510B75E8E0BB2938990.C688B6F0EF935701FF9BD1A8EC7FE5BD2333799C98F28420C5CC8F1A2A233DE22C83705BB614EA17F3FDFDF4AC2161CEA3384E56EB38A2E39102F5334C47405E

Specifies the amount of time the boot loader will wait before booting the default option (in seconds).

Sets the default boot image in the boot loader configuration.

Use the extlinux boot loader instead of GRUB2. This option only works on systems supported by extlinux.

Do not attempt to install a boot loader. This option overrides all other boot loader configuration; all other boot loader options will be ignored and no boot loader packages will be installed.

Install the boot loader configuration and support files, but do not modify the MBR.