DESCRIPTION¶
The root device used by the kernel is specified in the boot
configuration file on the kernel command line, as always.
The traditional root=/dev/sda1 style device specification
is allowed, but not encouraged. The root device should better be identified
by LABEL or UUID. If a label is used, as in
root=LABEL=<label_of_root> the initramfs will search all
available devices for a filesystem with the appropriate label, and mount
that device as the root filesystem. root=UUID=<uuidnumber> will
mount the partition with that UUID as the root filesystem.
In the following all kernel command line parameters, which are
processed by dracut, are described.
"rd.*" parameters mentioned without "=" are
boolean parameters. They can be turned on/off by setting them to {0|1}. If
the assignment with "=" is missing "=1" is implied. For
example rd.info can be turned off with rd.info=0 or turned on
with rd.info=1 or rd.info. The last value in the kernel
command line is the value, which is honored.
Standard¶
init=<path to real init>
specify the path to the init programm to be started after
the initramfs has finished
root=<path to blockdevice>
specify the block device to use as the root filesystem.
Example.
root=/dev/sda1
root=/dev/disk/by-path/pci-0000:00:1f.1-scsi-0:0:1:0-part1
root=/dev/disk/by-label/Root
root=LABEL=Root
root=/dev/disk/by-uuid/3f5ad593-4546-4a94-a374-bcfb68aa11f7
root=UUID=3f5ad593-4546-4a94-a374-bcfb68aa11f7
root=PARTUUID=3f5ad593-4546-4a94-a374-bcfb68aa11f7
rootfstype=<filesystem type>
"auto" if not specified.
Example.
rootflags=<mount options>
specify additional mount options for the root filesystem.
If not set, /etc/fstab of the real root will be parsed for special
mount options and mounted accordingly.
ro
force mounting / and /usr (if it is a
separate device) read-only. If none of ro and rw is present, both are mounted
according to /etc/fstab.
rw
force mounting / and /usr (if it is a
separate device) read-write. See also ro option.
rootfallback=<path to blockdevice>
specify the block device to use as the root filesystem,
if the normal root cannot be found. This can only be a simple block device
with a simple file system, for which the filesystem driver is either compiled
in, or added manually to the initramfs. This parameter can be specified
multiple times.
rd.auto rd.auto=1
enable autoassembly of special devices like cryptoLUKS,
dmraid, mdraid or lvm. Default is off as of dracut version >= 024.
rd.cmdline=ask
prompts the user for additional kernel command line
parameters
rd.fstab=0
do not honor special mount options for the root
filesystem found in /etc/fstab of the real root.
resume=<path to resume partition>
resume from a swap partition
Example.
resume=/dev/disk/by-path/pci-0000:00:1f.1-scsi-0:0:1:0-part1
resume=/dev/disk/by-uuid/3f5ad593-4546-4a94-a374-bcfb68aa11f7
resume=UUID=3f5ad593-4546-4a94-a374-bcfb68aa11f7
rd.skipfsck
skip fsck for rootfs and /usr. If you’re
mounting /usr read-only and the init system performs fsck before
remount, you might want to use this option to avoid duplication.
Misc¶
rd.emergency=[reboot|poweroff|halt]
specify, what action to execute in case of a critical
failure. rd.shell=0 also be specified.
rd.driver.blacklist=<drivername>[,<drivername>,...]
do not load kernel module <drivername>. This
parameter can be specified multiple times.
rd.driver.pre=<drivername>[,<drivername>,...]
force loading kernel module <drivername>. This
parameter can be specified multiple times.
rd.driver.post=<drivername>[,<drivername>,...]
force loading kernel module <drivername> after all
automatic loading modules have been loaded. This parameter can be specified
multiple times.
rd.retry=<seconds>
specify how long dracut should wait for devices to
appear. The default is 30 seconds. After 2/3 of the time, degraded raids are
force started. If you have hardware, which takes a very long time to announce
its drives, you might want to extend this value.
rd.noverifyssl
accept self-signed certificates for ssl downloads.
rd.ctty=<terminal device>
specify the controlling terminal for the console. This is
useful, if you have multiple "console=" arguments.
Debug¶
If you are dropped to an emergency shell, the file
/run/initramfs/rdsosreport.txt is created, which can be safed to a
(to be mounted by hand) partition (usually /boot) or a USB stick. Additional
debugging info can be produced by adding rd.debug to the kernel
command line. /run/initramfs/rdsosreport.txt contains all logs and
the output of some tools. It should be attached to any report about dracut
problems.
rd.info
print informational output though "quiet" is
set
rd.shell
allow dropping to a shell, if root mounting fails
rd.debug
set -x for the dracut shell. If systemd is active in the
initramfs, all output is logged to the systemd journal, which you can inspect
with "journalctl -ab". If systemd is not active, the logs are
written to dmesg and /run/initramfs/init.log. If "quiet" is
set, it also logs to the console.
rd.memdebug=[0-4]
Print memory usage info at various points, set the
verbose level from 0 to 4.
Higher level means more debugging output:
0 - no output
1 - partial /proc/meminfo
2 - /proc/meminfo
3 - /proc/meminfo + /proc/slabinfo
4 - /proc/meminfo + /proc/slabinfo + tracekomem
NOTE: tracekomem is a shell script utilizing kernel trace to track
the rough total memory consumption of kernel modules during
loading. It may override other trace configurations.
rd.break
drop to a shell at the end
rd.break={cmdline|pre-udev|pre-trigger|initqueue|pre-mount|mount|pre-pivot|cleanup}
drop to a shell on defined breakpoint
rd.udev.info
set udev to loglevel info
rd.udev.debug
set udev to loglevel debug
I18N¶
rd.vconsole.keymap=<keymap base file name>
keyboard translation table loaded by loadkeys; taken from
keymaps directory; will be written as KEYMAP to
/etc/vconsole.conf in
the initramfs.
Example.
rd.vconsole.keymap=de-latin1-nodeadkeys
rd.vconsole.keymap.ext=<list of keymap base file
names>
list of extra keymaps to bo loaded (sep. by space); will
be written as EXT_KEYMAP to /etc/vconsole.conf in the initramfs
rd.vconsole.unicode
boolean, indicating UTF-8 mode; will be written as
UNICODE to /etc/vconsole.conf in the initramfs
rd.vconsole.font=<font base file name>
console font; taken from consolefonts directory; will be
written as FONT to
/etc/vconsole.conf in the initramfs.
Example.
rd.vconsole.font=LatArCyrHeb-16
rd.vconsole.font.map=<console map base file
name>
see description of -m parameter in setfont manual;
taken from consoletrans directory; will be written as FONT_MAP to
/etc/vconsole.conf in the initramfs
rd.vconsole.font.unimap=<unicode table base file
name>
see description of -u parameter in setfont manual;
taken from unimaps directory; will be written as FONT_UNIMAP to
/etc/vconsole.conf in the initramfs
rd.locale.LANG=<locale>
taken from the environment; if no UNICODE is defined we
set its value in basis of LANG value (whether it ends with ".utf8"
(or similar) or not); will be written as LANG to
/etc/locale.conf in
the initramfs.
Example.
rd.locale.LANG=pl_PL.utf8
rd.locale.LC_ALL=<locale>
taken from the environment; will be written as LC_ALL to
/etc/locale.conf in the initramfs
LVM¶
rd.lvm=0
disable LVM detection
rd.lvm.vg=<volume group name>
only activate the volume groups with the given name.
rd.lvm.vg can be specified multiple times on the kernel command line.
rd.lvm.lv=<logical volume name>
only activate the logical volumes with the given name.
rd.lvm.lv can be specified multiple times on the kernel command line.
rd.lvm.conf=0
remove any /etc/lvm/lvm.conf, which may exist in
the initramfs
crypto LUKS¶
rd.luks=0
disable crypto LUKS detection
rd.luks.uuid=<luks uuid>
only activate the LUKS partitions with the given UUID.
Any "luks-" of the LUKS UUID is removed before comparing to
<luks uuid>. The comparisons also matches, if <luks
uuid> is only the beginning of the LUKS UUID, so you don’t have
to specify the full UUID. This parameter can be specified multiple
times.
rd.luks.allow-discards=<luks uuid>
Allow using of discards (TRIM) requests for LUKS
partitions with the given UUID. Any "luks-" of the LUKS UUID is
removed before comparing to <luks uuid>. The comparisons also
matches, if <luks uuid> is only the beginning of the LUKS UUID,
so you don’t have to specify the full UUID. This parameter can be
specified multiple times.
rd.luks.allow-discards
Allow using of discards (TRIM) requests on all LUKS
partitions.
rd.luks.crypttab=0
do not check, if LUKS partition is in
/etc/crypttab
crypto LUKS - key on removable device support¶
rd.luks.key=<keypath>:<keydev>:<luksdev>
keypath is a path to key file to look for.
It’s REQUIRED. When
keypath ends with
.gpg it’s
considered to be key encrypted symmetrically with GPG. You will be prompted
for password on boot. GPG support comes with
crypt-gpg module which
needs to be added explicitly.
keydev is a device on which key file resides. It might be
kernel name of devices (should start with "/dev/"), UUID (prefixed
with "UUID=") or label (prefix with "LABEL="). You
don’t have to specify full UUID. Just its beginning will suffice,
even if its ambiguous. All matching devices will be probed. This parameter
is recommended, but not required. If not present, all block devices will be
probed, which may significantly increase boot time.
If luksdev is given, the specified key will only be applied
for that LUKS device. Possible values are the same as for keydev.
Unless you have several LUKS devices, you don’t have to specify this
parameter. The simplest usage is:
Example.
As you see, you can skip colons in such a case.
Note
dracut pipes key to cryptsetup with
-d - argument, therefore you need to
pipe to crypsetup luksFormat with
-d -, too!
Here follows example for key encrypted with GPG:
gpg --quiet --decrypt rootkey.gpg | \
cryptsetup -d - -v --cipher serpent-cbc-essiv:sha256 \
--key-size 256 luksFormat /dev/sda3
If you use plain keys, just add path to -d option:
cryptsetup -d rootkey.key -v --cipher serpent-cbc-essiv:sha256 \
--key-size 256 luksFormat /dev/sda3
MD RAID¶
rd.md=0
disable MD RAID detection
rd.md.imsm=0
disable MD RAID for imsm/isw raids, use DM RAID
instead
rd.md.ddf=0
disable MD RAID for SNIA ddf raids, use DM RAID
instead
rd.md.conf=0
ignore mdadm.conf included in initramfs
rd.md.waitclean=1
wait for any resync, recovery, or reshape activity to
finish before continuing
rd.md.uuid=<md raid uuid>
only activate the raid sets with the given UUID. This
parameter can be specified multiple times.
DM RAID¶
rd.dm=0
disable DM RAID detection
rd.dm.uuid=<dm raid uuid>
only activate the raid sets with the given UUID. This
parameter can be specified multiple times.
FIPS¶
rd.fips
enable FIPS
boot=<boot device>
specify the device, where /boot is located.
Example.
boot=/dev/sda1
boot=/dev/disk/by-path/pci-0000:00:1f.1-scsi-0:0:1:0-part1
boot=UUID=<uuid>
boot=LABEL=<label>
rd.fips.skipkernel
skip checksum check of the kernel image. Useful, if the
kernel image is not in a separate boot partition.
Network¶
Important
It is recommended to either bind an interface to a MAC with the
ifname argument, or to use the systemd-udevd predictable network
interface names.
Predictable network interface device names based on:
•firmware/bios-provided index numbers for on-board
devices
•firmware-provided pci-express hotplug slot index
number
•physical/geographical location of the
hardware
•the interface’s MAC address
See:
http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames
Two character prefixes based on the type of interface:
en
ethernet
wl
wlan
ww
wwan
Type of names:
o<index>
on-board device index number
s<slot>[f<function>][d<dev_id>]
hotplug slot index number
x<MAC>
MAC address
[P<domain>]p<bus>s<slot>[f<function>][d<dev_id>]
PCI geographical location
[P<domain>]p<bus>s<slot>[f<function>][u<port>][..][c<config>][i<interface>]
USB port number chain
All multi-function PCI devices will carry the [f<function>]
number in the device name, including the function 0 device.
When using PCI geography, The PCI domain is only prepended when it
is not 0.
For USB devices the full chain of port numbers of hubs is
composed. If the name gets longer than the maximum number of 15 characters,
the name is not exported. The usual USB configuration == 1 and interface ==
0 values are suppressed.
PCI ethernet card with firmware index "1"
PCI ethernet card in hotplug slot with firmware index number
PCI ethernet multi-function card with 2 ports
PCI wlan card
USB built-in 3G modem
USB Android phone
ip={dhcp|on|any|dhcp6|auto6|either6}
dhcp|on|any
get ip from dhcp server from all interfaces. If
root=dhcp, loop sequentially through all interfaces (eth0, eth1, ...) and use
the first with a valid DHCP root-path.
auto6
IPv6 autoconfiguration
dhcp6
IPv6 DHCP
either6
if auto6 fails, then dhcp6
ip=<interface>:{dhcp|on|any|dhcp6|auto6}[:[<mtu>][:<macaddr>]]
This parameter can be specified multiple times.
dhcp|on|any|dhcp6
get ip from dhcp server on a specific interface
auto6
do IPv6 autoconfiguration
<macaddr>
optionally set <macaddr> on the
<interface>. This cannot be used in conjunction with the ifname
argument for the same <interface>.
ip=<client-IP>:[<peer>]:<gateway-IP>:<netmask>:<client_hostname>:<interface>:{none|off|dhcp|on|any|dhcp6|auto6|ibft}[:[<mtu>][:<macaddr>]]
explicit network configuration. If you want do define a
IPv6 address, put it in brackets (e.g. [2001:DB8::1]). This parameter can be
specified multiple times.
<peer> is optional and is the address
of the remote endpoint for pointopoint interfaces and it may be followed by a
slash and a decimal number, encoding the network prefix length.
<macaddr>
optionally set <macaddr> on the
<interface>. This cannot be used in conjunction with the ifname
argument for the same <interface>.
ip=<client-IP>:[<peer>]:<gateway-IP>:<netmask>:<client_hostname>:<interface>:{none|off|dhcp|on|any|dhcp6|auto6|ibft}[:[<dns1>][:<dns2>]]
explicit network configuration. If you want do define a
IPv6 address, put it in brackets (e.g. [2001:DB8::1]). This parameter can be
specified multiple times. <peer> is optional and is the address
of the remote endpoint for pointopoint interfaces and it may be followed by a
slash and a decimal number, encoding the network prefix length.
ifname=<interface>:<MAC>
Assign network device name <interface> (ie
"bootnet") to the NIC with MAC <MAC>.
Warning
Do
not use the default kernel naming scheme for the interface name, as it
can conflict with the kernel names. So, don’t use "eth[0-9]+"
for the interface name. Better name it "bootnet" or
"bluesocket".
rd.route=<net>/<netmask>:<gateway>[:<interface>]
Add a static route with route options, which are
separated by a colon. IPv6 addresses have to be put in brackets.
Example.
rd.route=192.168.200.0/24:192.168.100.222:ens10
rd.route=192.168.200.0/24:192.168.100.222
rd.route=192.168.200.0/24::ens10
rd.route=[2001:DB8:3::/8]:[2001:DB8:2::1]:ens10
bootdev=<interface>
specify network interface to use routing and netroot
information from. Required if multiple ip= lines are used.
BOOTIF=<MAC>
specify network interface to use routing and netroot
information from.
rd.bootif=0
Disable BOOTIF parsing, which is provided by PXE
nameserver=<IP>
[nameserver=<IP> ...]
specify nameserver(s) to use
biosdevname=0
boolean, turn off biosdevname network interface
renaming
rd.neednet=1
boolean, bring up network even without netroot set
vlan=<vlanname>:<phydevice>
Setup vlan device named <vlanname> on
<phydeivce>. We support the four styles of vlan names: VLAN_PLUS_VID
(vlan0005), VLAN_PLUS_VID_NO_PAD (vlan5), DEV_PLUS_VID (eth0.0005),
DEV_PLUS_VID_NO_PAD (eth0.5)
bond=<bondname>[:<bondslaves>:[:<options>]]
Setup bonding device <bondname> on top of
<bondslaves>. <bondslaves> is a comma-separated list of physical
(ethernet) interfaces. <options> is a comma-separated list on bonding
options (modinfo bonding for details) in format compatible with initscripts.
If <options> includes multi-valued arp_ip_target option, then its values
should be separated by semicolon. Bond without parameters assumes
bond=bond0:eth0,eth1:mode=balance-rr
team=<teammaster>:<teamslaves>
Setup team device <teammaster> on top of
<teamslaves>. <teamslaves> is a comma-separated list of physical
(ethernet) interfaces.
bridge=<bridgename>:<ethnames>
Setup bridge <bridgename> with <ethnames>.
<ethnames> is a comma-separated list of physical (ethernet) interfaces.
Bridge without parameters assumes bridge=br0:eth0
NFS¶
root=[<server-ip>:]<root-dir>[:<nfs-options>]
mount nfs share from <server-ip>:/<root-dir>,
if no server-ip is given, use dhcp next_server. If server-ip is an IPv6
address it has to be put in brackets, e.g. [2001:DB8::1]. NFS options can be
appended with the prefix ":" or "," and are seperated by
",".
root=nfs:[<server-ip>:]<root-dir>[:<nfs-options>],
root=nfs4:[<server-ip>:]<root-dir>[:<nfs-options>],
root={dhcp|dhcp6}
root=dhcp alone directs initrd to look at the DHCP
root-path where NFS options can be specified.
Example.
root-path=<server-ip>:<root-dir>[,<nfs-options>]
root-path=nfs:<server-ip>:<root-dir>[,<nfs-options>]
root-path=nfs4:<server-ip>:<root-dir>[,<nfs-options>]
root=/dev/nfs
nfsroot=[<server-ip>:]<root-dir>[:<nfs-options>]
Deprecated! kernel
Documentation_/filesystems/nfsroot.txt_ defines this method. This is supported
by dracut, but not recommended.
rd.nfs.domain=<NFSv4 domain name>
Set the NFSv4 domain name. Will overwrite the settings in
/etc/idmap.conf.
rd.net.dhcp.retry=<cnt>
If this option is set, dracut will try to connect via
dhcp <cnt> times before failing. Default is 1.
rd.net.timeout.dhcp=<arg>
If this option is set, dhclient is called with
"-timeout <arg>".
rd.net.timeout.iflink=<seconds>
Wait <seconds> until link shows up. Default is 60
seconds.
rd.net.timeout.ifup=<seconds>
Wait <seconds> until link has state "UP".
Default is 20 seconds.
rd.net.timeout.route=<seconds>
Wait <seconds> until route shows up. Default is 20
seconds.
rd.net.timeout.ipv6dad=<seconds>
Wait <seconds> until IPv6 DAD is finished. Default
is 50 seconds.
rd.net.timeout.ipv6auto=<seconds>
Wait <seconds> until IPv6 automatic addresses are
assigned. Default is 40 seconds.
rd.net.timeout.carrier=<seconds>
Wait <seconds> until carrier is recognized. Default
is 5 seconds.
CIFS¶
root=cifs://[<username>[:<password>]@]<server-ip>:<root-dir>
mount cifs share from
<server-ip>:/<root-dir>, if no server-ip is given, use dhcp
next_server. if server-ip is an IPv6 address it has to be put in brackets,
e.g. [2001:DB8::1]. If a username or password are not specified as part of the
root, then they must be passed on the command line through cifsuser/cifspass.
Warning
Passwords specified on the kernel command line are visible for all users via the
file
/proc/cmdline and via dmesg or can be sniffed on the network, when
using DHCP with DHCP root-path.
cifsuser=<username>
Set the cifs username, if not specified as part of the
root.
cifspass=<password>
Set the cifs password, if not specified as part of the
root.
Warning
Passwords specified on the kernel command line are visible for all users via the
file
/proc/cmdline and via dmesg or can be sniffed on the network, when
using DHCP with DHCP root-path.
iSCSI¶
root=iscsi:[<username>:<password>[:<reverse>:<password>]@][<servername>]:[<protocol>]:[<port>][:[<iscsi_iface_name>]:[<netdev_name>]]:[<LUN>]:<targetname>
protocol defaults to "6", LUN defaults to
"0". If the "servername" field is provided by BOOTP or
DHCP, then that field is used in conjunction with other associated fields to
contact the boot server in the Boot stage. However, if the
"servername" field is not provided, then the "targetname"
field is then used in the Discovery Service stage in conjunction with other
associated fields. See
rfc4173[1].
Warning
Passwords specified on the kernel command line are visible for all users via the
file
/proc/cmdline and via dmesg or can be sniffed on the network, when
using DHCP with DHCP root-path.
Example.
root=iscsi:192.168.50.1::::iqn.2009-06.dracut:target0
If servername is an IPv6 address, it has to be put in
brackets:
Example.
root=iscsi:[2001:DB8::1]::::iqn.2009-06.dracut:target0
root=???
netroot=iscsi:[<username>:<password>[:<reverse>:<password>]@][<servername>]:[<protocol>]:[<port>][:[<iscsi_iface_name>]:[<netdev_name>]]:[<LUN>]:<targetname>
...
multiple netroot options allow setting up multiple iscsi
disks:
Example.
root=UUID=12424547
netroot=iscsi:192.168.50.1::::iqn.2009-06.dracut:target0
netroot=iscsi:192.168.50.1::::iqn.2009-06.dracut:target1
If servername is an IPv6 address, it has to be put in
brackets:
Example.
netroot=iscsi:[2001:DB8::1]::::iqn.2009-06.dracut:target0
Warning
Passwords specified on the kernel command line are visible for all users via the
file
/proc/cmdline and via dmesg or can be sniffed on the network, when
using DHCP with DHCP root-path. You may want to use rd.iscsi.firmware.
root=???
rd.iscsi.initiator=<initiator>
rd.iscsi.target.name=<target name>
rd.iscsi.target.ip=<target ip>
rd.iscsi.target.port=<target port>
rd.iscsi.target.group=<target group>
rd.iscsi.username=<username>
rd.iscsi.password=<password>
rd.iscsi.in.username=<in username>
rd.iscsi.in.password=<in password>
manually specify all iscsistart parameter (see
iscsistart --help)
Warning
Passwords specified on the kernel command line are visible for all users via the
file
/proc/cmdline and via dmesg or can be sniffed on the network, when
using DHCP with DHCP root-path. You may want to use rd.iscsi.firmware.
root=??? netroot=iscsi
rd.iscsi.firmware=1
will read the iscsi parameter from the BIOS
firmware
rd.iscsi.param=<param>
<param> will be passed as "--param
<param>" to iscsistart. This parameter can be specified multiple
times.
Example.
"netroot=iscsi rd.iscsi.firmware=1 rd.iscsi.param=node.session.timeo.replacement_timeout=30"
will result in
iscsistart -b --param node.session.timeo.replacement_timeout=30
rd.iscsi.ibft rd.iscsi.ibft=1: Turn on iBFT
autoconfiguration for the interfaces
rd.iscsi.waitnet=0: Turn off waiting for all interfaces to
be up before trying to login to the iSCSI targets.
rd.iscsi.testroute=0: Turn off checking, if the route to
the iSCSI target IP is possible before trying to login.
FCoE¶
fcoe=<edd|interface|MAC>:{dcb|nodcb}
Try to connect to a FCoE SAN through the NIC specified by
<interface> or
<MAC> or EDD settings. For the second
argument, currently only nodcb is supported. This parameter can be specified
multiple times.
Note
letters in the MAC-address must be lowercase!
NBD¶
root=???
netroot=nbd:<server>:<port>[:<fstype>[:<mountopts>[:<nbdopts>]]]
mount nbd share from <server>
root=dhcp with dhcp
root-path=nbd:<server>:<port>[:<fstype>[:<mountopts>[:<nbdopts>]]]
root=dhcp alone directs initrd to look at the DHCP
root-path where NBD options can be specified. This syntax is only usable in
cases where you are directly mounting the volume as the rootfs.
DASD¶
rd.dasd=....
same syntax as the kernel module parameter (s390
only)
ZFCP¶
rd.zfcp=<zfcp adaptor device bus
ID>,<WWPN>,<FCPLUN>
rd.zfcp can be specified multiple times on the kernel
command line.
Example.
rd.zfcp=0.0.4000,0x5005076300C213e9,0x5022000000000000
rd.zfcp.conf=0
ignore zfcp.conf included in the initramfs
ZNET¶
rd.znet=<nettype>,<subchannels>,<options>
rd.znet can be specified multiple times on the kernel
command line.
rd.znet_ifname=<ifname>:<subchannels>
Assign network device name <interface> (i.e.
"bootnet") to the NIC corresponds to the subchannels. This is useful
when dracut’s default "ifname=" doesn’t work due to
device having a changing MAC address.
Example.
rd.znet=qeth,0.0.0600,0.0.0601,0.0.0602,layer2=1,portname=foo
rd.znet=ctc,0.0.0600,0.0.0601,protocol=bar
Booting live images¶
Dracut offers multiple options for live booted images:
squashfs with read-only filesystem image
The system will boot with a read only filesystem from the
squashfs and apply a writable device mapper snapshot over the read only
filesystem. Using this method ensures a relatively fast boot and lower RAM
usage. Users
must be careful to avoid writing too many blocks to the
snapshot volume. Once the blocks of the snapshot are exhaused, the live
filesystem becomes unusable and requires a reboot.
The filesystem structure is expected to be:
squashfs.img | Squashfs downloaded via network
!(mount)
/LiveOS
|- ext3fs.img | Filesystem image to mount read-only
!(mount)
/bin | Live filesystem
/boot |
/dev |
... |
Dracut uses this method of live booting by default. No additional
command line options are required other than root=live:<URL> to
specify the location of your squashed filesystem.
writable filesystem image
The system will retrieve a compressed filesystem image,
connect it to a loopback device, and mount it as a writable volume. More RAM
is required during boot but the live filesystem is easier to manage if it
becomes full. Users can make a filesystem image of any size and that size will
be maintained when the system boots.
The filesystem structure is expected to be:
rootfs.tgz | Compressed tarball containing fileystem image
!(unpack)
/rootfs.img | Filesystem image
!(mount)
/bin | Live filesystem
/boot |
/dev |
... |
To use this boot option, ensure that rd.writable_fsimg=1 is
in your kernel command line and add the root=live:<URL> to
specify the location of your compressed filesystem image tarball.
root=live:<url>
Boots a live image retrieved from
<url>.
Valid handlers:
http, httpd, ftp, tftp.
Example.
rd.live.debug=1
Enables debug output from the live boot process.
rd.live.dir=<path>
Specifies the directory within the squashfs where the
ext3fs.img or rootfs.img can be found. By default, this is
LiveOS.
rd.live.ram=1
Copy the complete image to RAM and use this for booting.
This is useful when the image resides on i.e. a DVD which needs to be ejected
later on.
rd.live.overlay=<devspec>:_(<pathspec>|auto)
Allow the usage of a permanent overlay. <devspec>
specifies the path to a device with a mountable filesystem.
<pathspec> is the path to a file within that
filesystem, which shall be used to persist the changes made to the device
specified by root=live:<url>__ option.
+
Example.
rd.live.overlay=/dev/sdb1:persistent-overlay.img
rd.live.overlay.thin=1
Enables the usage of thin snapshots instead of classic dm
snapshots. The advantage of thin snapshots is, that they support discards, and
will free blocks which are not claimed by the filesystem. In this use case
this means, that memory is given back to the kernel, when the filesystem does
not claim it anymore.
rd.writable.fsimg=1
Enables writable filesystem support. The system will boot
with a fully writable filesystem without snapshots
(see notes above about
available live boot options). You can use the
rootflags option to
set mount options for the live filesystem as well
(see documentation about
rootflags in the Standard section above). This
implies that the whole image is copied to RAM before the boot continues.
Note
There must be enough free RAM available to hold the complete image.
This method is very suitable for diskless boots.
Plymouth Boot Splash¶
plymouth.enable=0
disable the plymouth bootsplash completely.
rd.plymouth=0
disable the plymouth bootsplash only for the
initramfs.
Kernel keys¶
masterkey=<kernel master key path name>
Set the path name of the kernel master key.
Example.
masterkey=/etc/keys/kmk-trusted.blob
masterkeytype=<kernel master key type>
Set the type of the kernel master key.
Example.
evmkey=<EVM key path name>
Set the path name of the EVM key.
Example.
evmkey=/etc/keys/evm-trusted.blob
ecryptfskey=<eCryptfs key path name>
Set the path name of the eCryptfs key.
Example.
ecryptfskey=/etc/keys/ecryptfs-trusted.blob
Deprecated, renamed Options¶
Here is a list of options, which were used in dracut prior to
version 008, and their new replacement.
rdbreak
rd.break
rd_CCW
rd.ccw
rd_DASD_MOD
rd.dasd
rd_DASD
rd.dasd
rdinitdebug rdnetdebug
rd.debug
rd_NO_DM
rd.dm=0
rd_DM_UUID
rd.dm.uuid
rdblacklist
rd.driver.blacklist
rdinsmodpost
rd.driver.post
rdloaddriver
rd.driver.pre
rd_NO_FSTAB
rd.fstab=0
rdinfo
rd.info
check
rd.live.check
rdlivedebug
rd.live.debug
live_dir
rd.live.dir
liveimg
rd.live.image
overlay
rd.live.overlay
readonly_overlay
rd.live.overlay.readonly
reset_overlay
rd.live.overlay.reset
live_ram
rd.live.ram
rd_NO_CRYPTTAB
rd.luks.crypttab=0
rd_LUKS_KEYDEV_UUID
rd.luks.keydev.uuid
rd_LUKS_KEYPATH
rd.luks.keypath
rd_NO_LUKS
rd.luks=0
rd_LUKS_UUID
rd.luks.uuid
rd_NO_LVMCONF
rd.lvm.conf
rd_LVM_LV
rd.lvm.lv
rd_NO_LVM
rd.lvm=0
rd_LVM_SNAPSHOT
rd.lvm.snapshot
rd_LVM_SNAPSIZE
rd.lvm.snapsize
rd_LVM_VG
rd.lvm.vg
rd_NO_MDADMCONF
rd.md.conf=0
rd_NO_MDIMSM
rd.md.imsm=0
rd_NO_MD
rd.md=0
rd_MD_UUID
rd.md.uuid
rd_NFS_DOMAIN
rd.nfs.domain
iscsi_initiator
rd.iscsi.initiator
iscsi_target_name
rd.iscsi.target.name
iscsi_target_ip
rd.iscsi.target.ip
iscsi_target_port
rd.iscsi.target.port
iscsi_target_group
rd.iscsi.target.group
iscsi_username
rd.iscsi.username
iscsi_password
rd.iscsi.password
iscsi_in_username
rd.iscsi.in.username
iscsi_in_password
rd.iscsi.in.password
iscsi_firmware
rd.iscsi.firmware=0
rd_NO_PLYMOUTH
rd.plymouth=0
rd_retry
rd.retry
rdshell
rd.shell
rd_NO_SPLASH
rd.splash
rdudevdebug
rd.udev.debug
rdudevinfo
rd.udev.info
rd_NO_ZFCPCONF
rd.zfcp.conf=0
rd_ZFCP
rd.zfcp
rd_ZNET
rd.znet
KEYMAP
vconsole.keymap
KEYTABLE
vconsole.keymap
SYSFONT
vconsole.font
CONTRANS
vconsole.font.map
UNIMAP
vconsole.font.unimap
UNICODE
vconsole.unicode
EXT_KEYMAP
vconsole.keymap.ext
Configuration in the Initramfs¶
/etc/conf.d/
Any files found in /etc/conf.d/ will be sourced in
the initramfs to set initial values. Command line options will override these
values set in the configuration files.
/etc/cmdline
Can contain additional command line options. Deprecated,
better use /etc/cmdline.d/*.conf.
/etc/cmdline.d/*.conf
Can contain additional command line options.