If you need to install CentOS over and over, one useful thing is to create a kickstart file. This is a text config file that directs the install program and can make an install entirely unattended.
You can find a full reference of all options on Red Hat’s documentation site.23.3. Kickstart Syntax Reference.
Sources
So what do we need? And what are some nice addons?
First, we can say we want to install
. This is optional, but encouraged. Followed by a source for the packages. This can be a local media like cdrom
or harddisk
, or a network share like nfs
, or my favorite url
.
The URL you specify here should be to the os
folder on a mirror and have as a subfolder repodata
. This URL will have all the packages needed to install CentOS. You can find a list of mirrors on the CentOS site, or just provide a mirrorlist URL instead. A mirrorlist URL will give YUM a place to fetch a list of mirrors to try and it will attempt to get the fastest one.
You can also specify additional repos for the installer to pull packages from as it sees fit or that you specify. I like to at least include the updates repo, so that we install the latest packages on the first try, and don’t have to do a yum update
after the install. Here is our kickstart file so far.
# Do an install
install
# From this hard coded URL
# url --url=http://mirror.its.sfu.ca/mirror/CentOS/7/os/x86_64/
# Or better yet, from a mirrorlist with variables
url --mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
# Extra repos let us install the latest versions
repo --name="Updates" --mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
# Optional if you want packages from EPEL
repo --name="epel" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-$releasever&arch=$basearch
Install Settings
We can select the kind of display we want from the installer. graphical
, text
, or cmdline
. I choose cmdline
as it provides the most helpful debug output. text
mode gives you the classic ncurses display.
We can also set what the installer should do after finishing. I find reboot
to be the most helpful, but you can also choose halt
and poweroff
.
Lastly, we’ll disable firstboot
. That’s the “helper” you get on the first boot up asking you to make a user and such. Since we are trying to automate things, we don’t want to be bothered.
# Install mode
cmdline
# reboot when finished the install
reboot
# Disable firstboot
firstboot --disabled
System Config
Here we specify some settings for the system we are building. We’ll set the language, keyboard layout, timezone, and SELinux. We’ll also set the default password storage policy to the strongest available.
# System settings
lang en_US.UTF-8
keyboard us
authconfig --enableshadow --passalgo=sha512
selinux --disabled
timezone UTC
Network
Most places I use Linux there is Software Defined Networking (SDN) and it handles all the firewalling, so I just disable it in the system. We also want to turn off IPv6 as its just extra junk we don’t need. And we’ll stick to DHCP here.
network --bootproto dhcp --noipv6
firewall --disabled
Root Password
This just sets the root password. You can grab the hash for an existing user from /etc/shadow or just use a plaintext password.
#rootpw --plaintext mycoolpassword
rootpw --iscrypted $6$BHils6Q1$hTRN8PUTpmQG6y7bkeSPqWrWxCV9uja9EMhsmf5qk4rDhdnKHznYiz5CxBmFqiaO14I7utwu7ToH6y7gMwFeq/
Disk Space
Now we want to specify the disk layout. Do we want basic partitions or LVM? How big should stuff be? I usually go with a 1GB swap
, 1GB /tmp
and the rest as root disk. I add some safety options to /tmp
to make sure evil things don’t try and exec from there.
# Set up the drive
bootloader --location=mbr
zerombr
clearpart --all --initlabel
part swap --asprimary --size=1024
part /tmp --fstype=ext4 --asprimary --size=1024 --fsoptions="defaults,nosuid,noexec"
part / --fstype=ext4 --grow --asprimary --size=100
Package Selection
I like to install the minimal possible and handle the rest with config management. The minimal install uses the @core
group and not the @base
group. @core
includes a lot of packages by default that we probably don’t need. WiFi drivers, RAID card drivers, and junk like that. I’m usually building a image for VM use, so can exclude most of that by putting a minus (-) in front of the name. You can also use an asterisk (*) as a wildcard to match a bunch of packages. There are a few packages from @base
I do like to include though, like acpid.
%packages --nobase
acpid
-aic94xx-firmware
-alsa-firmware
-bfa-firmware
-ivtv-firmware
-iwl*-firmware
-rdma
%end
Post Script
After the install is complete, you can run some shell scripts before the reboot to help get your system just right. I make some tweaks to grub and re-install it. Then I import all the RPM keys, so that when I run yum it doesn’t ask about importing them the first time.
%post
# Reduce timeout for faster boot
sed -i 's/GRUB_TIMEOUT=5/GRUB_TIMEOUT=1/' /etc/default/grub
# Set consoles for proper logging and vnc
# Be noisey to help debugging
sed -i 's/GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet"/GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,115200n8 console=tty0"/' /etc/default/grub
# Rebuild grub config
grub2-mkconfig -o /boot/grub2/grub.cfg
# Import all the keys
/bin/rpm --import /etc/pki/rpm-gpg/*
%end
And with all that, we are done a basic kickstart. Be sure to read the docs and customize as you see fit!