Streamlining Enterprise Deployment: Installing Red Hat Linux with Kickstart Automation

Staging a new data center? Manually installing Red Hat Enterprise Linux (RHEL) 8.8 across 250 blades isn’t scalable. Consistency breaks down, boot times stretch, and configuration drift emerges. Kickstart resolves this by codifying the OS install—partitioning, packages, users, and all—into a repeatable, versioned workflow.

This guide walks through a full example of orchestrating RHEL installation via Kickstart, optimized for network provisioning and rapid recovery. Typical failure points are highlighted.

Kickstart: An Automation Backbone

Kickstart leverages a plain-text configuration that the Anaconda installer parses. Everything from disk layout to time zone, to custom RPMs, defined up-front. After initial tuning, you’ll redeploy hundreds of nodes without babysitting console prompts. Security mandates? Bake them directly into the config. Not a silver bullet: frequent kernel updates or unusual hardware drivers may still require hands-on intervention.

Minimum Requirements

1. Crafting an Effective Kickstart File

Rapid Start: Use an Existing Anaconda Output

After a manual install, /root/anaconda-ks.cfg reflects the system’s provisioning state, including every disk and package selection. Copy this as your baseline.

Fine-tune using system-config-kickstart (GUI) or a text editor. Here’s a representative RHEL 8 Kickstart excerpt, with hardened SSH and minimal footprint for stateless nodes:

#version=RHEL8
install
url --url="http://repo.internal.corp/rhel/8/os"
lang en_US.UTF-8
keyboard us

network --bootproto=dhcp --device=eth0 --onboot=on --hostname=infra-node01.corp
rootpw --iscrypted $6$kjUx...$oREDACTEDeNm8
timezone UTC --isUtc

firewall --enabled --service=ssh --service=https

bootloader --location=mbr --boot-drive=sda
clearpart --all --initlabel
autopart --type=lvm

%packages
@^minimal-environment
kexec-tools
%end

%post --log=/root/ks-post.log
setenforce 1
echo "Install complete $(date)" >> /etc/motd
%end

Critical:

• Replace rootpw with your hashed password, not the default Anaconda example.
• The repo URL points to an internal mirror. Public mirrors or subscription-locked RHN URLs are common sources—adjust per org.
• Kexec useful for kernel crash recovery; remove if not needed.
• Some network chipsets (e.g., Broadcom NetXtreme) require modprobe hacks in %pre. Check hardware compatibility.

2. Serving Kickstart and Installation Assets

Provisioning 50+ nodes? Centralize the process:

• HTTP server for Kickstart and repo files. Apache (httpd) is robust; Python's http.server is quick for testing (not for real production).

mkdir -p /srv/www/kickstart
cp ./kickstart.cfg /srv/www/kickstart/rhel8-base.cfg
cd /srv/www && python3 -m http.server 8080
# Or, for Apache:
# cp -r ./rhel-8.8-x86_64-dvd /var/www/html/rhel8-os

• PXE/TFTP server to deliver initial boot artifacts (vmlinuz, initrd.img). Set up dnsmasq, tftp-server, and syslinux for automated network boots.

Hint: SELinux and firewall defaults commonly block HTTP and TFTP. Explicitly allow tcp/80, tcp/8080, and udp/69 as needed.

3. PXE Configuration for Automated Install

The crux of stateless server builds is a well-curated PXE config. Example: /var/lib/tftpboot/pxelinux.cfg/default

default vesamenu.c32
prompt 0
timeout 30

label rhel8-auto
  menu label ^RHEL 8 Automated
  kernel rhel8/vmlinuz
  append initrd=rhel8/initrd.img inst.ks=http://192.168.1.99:8080/kickstart/rhel8-base.cfg ip=dhcp

• The inst.ks URI must be reachable from target systems at boot time. Watch for “Unable to download kickstart file” during install—often firewalls or typos.
• RHEL installer logs detailed errors in /tmp/ and on VT4 during early boot. Examine logs directly if installs fail silently.

4. Testing and Monitoring

Boot a QA system via PXE (“Network Boot” in firmware). Confirm the system:

• Retrieves the correct Kickstart config (check /var/log/anaconda/anaconda.log).
• Partitions disks per policy; look for LVM layouts in lsblk.
• Registers with your management stack, if %post provides hooks or web calls.

Known Issue: If provisioning hangs at “Starting dracut initqueue hook”, network drivers are likely missing from your boot image. Rebuild the initrd with the correct kernel modules.

Advanced: Conditional Logic and Secrets

• Use %pre to insert logic or prompts for sensitive variables (e.g., do not hard-code vault tokens or SNMP communities).
• Rotate Kickstart secrets regularly; stale static credentials = breach.

Example extract:

%pre
if grep -q "PRODUCT=web" /proc/cmdline; then
  echo "network --hostname=webnode.corp" >> /tmp/ks.cfg
else
  echo "network --hostname=generic.corp" >> /tmp/ks.cfg
fi
%end

Multiplexing Profiles

For hybrid fleets, develop variant Kickstart files (web, DB, cache) and expose multiple PXE menu entries. Alternatively, query hardware serial or MAC in %pre to select dynamic config fragments. Version all Kickstart files—treat as code, not artifacts.

Summary conclusion (mid-guide):
Kickstart, when paired with PXE and proper repo management, transforms provisioning from manual drudgery into a repeatable, version-controlled operation. Result: improved auditability, faster disaster recovery, and homogeneity by default.

Gotchas:

• PXE with UEFI firmware may require grubx64.efi, not pxelinux.0.
• BIOS/UEFI mismatches will break chainloading—test both pathways.
• Don’t expect automatic OS registration to RHSM from minimal Kickstart; supplement %post with appropriate subscription-manager commands.

For integration with config management (Ansible, Puppet), trigger the agent’s first run inside %post. Stick to text logging during early automation; graphical install status is rarely tractable in the field.

Practical tip:
If debugging multiple concurrent failures, set each Kickstart with a unique /etc/motd string reflecting hostname and boot parameters. This accelerates root-cause analysis when the inevitable “something” fails at scale.

Deploy, observe, refine. Kickstart isn’t perfect, but missing it slows enterprise Linux build cycles to a crawl.