From 0acdecffaee655808c950777b86a02d9fd0b16df Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zolt=C3=A1n=20Felleg?= Date: Thu, 13 Mar 2025 20:07:55 +0100 Subject: [PATCH] Added l1chost.in. --- sources/l1chost.in/01_setupnetworking.sh | 200 +++++++++++++++++++ sources/l1chost.in/02_addremovepackages.sh | 72 +++++++ sources/l1chost.in/99_configuresystem.sh | 78 ++++++++ sources/l1chost.in/etc/chrony.conf.add | 1 + sources/l1chost.in/etc/crontab.append | 2 + sources/l1chost.in/etc/dnf/dnf.conf.append | 3 + sources/l1chost.in/etc/lxc/lxc.conf | 1 + sources/l1chost.in/etc/multipath.conf.append | 11 + sources/l1chost.in/etc/subgid.append | 1 + sources/l1chost.in/etc/subuid.append | 1 + sources/l1chost.in/etc/sysconfig/lxc-net.set | 1 + sources/l1chost.in/etc/sysctl.d/01-lxc.conf | 1 + sources/l1chost.in/install-and-configure.txt | 28 +++ sources/l1chost.in/kickstart.prm | 7 + sources/l1chost.in/ks.cfg | 67 +++++++ 15 files changed, 474 insertions(+) create mode 100755 sources/l1chost.in/01_setupnetworking.sh create mode 100755 sources/l1chost.in/02_addremovepackages.sh create mode 100755 sources/l1chost.in/99_configuresystem.sh create mode 100644 sources/l1chost.in/etc/chrony.conf.add create mode 100644 sources/l1chost.in/etc/crontab.append create mode 100644 sources/l1chost.in/etc/dnf/dnf.conf.append create mode 100644 sources/l1chost.in/etc/lxc/lxc.conf create mode 100644 sources/l1chost.in/etc/multipath.conf.append create mode 100644 sources/l1chost.in/etc/subgid.append create mode 100644 sources/l1chost.in/etc/subuid.append create mode 100644 sources/l1chost.in/etc/sysconfig/lxc-net.set create mode 100644 sources/l1chost.in/etc/sysctl.d/01-lxc.conf create mode 100644 sources/l1chost.in/install-and-configure.txt create mode 100644 sources/l1chost.in/kickstart.prm create mode 100644 sources/l1chost.in/ks.cfg diff --git a/sources/l1chost.in/01_setupnetworking.sh b/sources/l1chost.in/01_setupnetworking.sh new file mode 100755 index 0000000..114bb8b --- /dev/null +++ b/sources/l1chost.in/01_setupnetworking.sh @@ -0,0 +1,200 @@ +#!/bin/sh + + +# network interfaces are: +# enc1: used for internal host bond +# enc6: used for internal host bond +# enc9: used for internal container bond +# encc: used for internal container bond +# encf: used for external container bond +# enc12: used for external container bond + + +INTERNAL_HOST_BOND_NAME=bondhi +INTERNAL_HOST_BOND_DEVICE=${INTERNAL_HOST_BOND_NAME}-dev +INTERNAL_HOST_BOND_SLAVE_1_NAME=${INTERNAL_HOST_BOND_NAME}-slave-1 +INTERNAL_HOST_BOND_SLAVE_1_DEVICE=enc1 +INTERNAL_HOST_BOND_SLAVE_2_NAME=${INTERNAL_HOST_BOND_NAME}-slave-2 +INTERNAL_HOST_BOND_SLAVE_2_DEVICE=enc6 + +INTERNAL_CONTAINER_BRIDGE_NAME=brci +INTERNAL_CONTAINER_BRIDGE_DEVICE=${INTERNAL_CONTAINER_BRIDGE_NAME}-dev + +INTERNAL_CONTAINER_BOND_NAME=bondci +INTERNAL_CONTAINER_BOND_DEVICE=${INTERNAL_CONTAINER_BOND_NAME}-dev +INTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-1 +INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=enc9 +INTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-2 +INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=encc + +HOST_ONLY_CONTAINER_BRIDGE_NAME=brch +HOST_ONLY_CONTAINER_BRIDGE_DEVICE=${HOST_ONLY_CONTAINER_BRIDGE_NAME}-dev + +EXTERNAL_CONTAINER_BRIDGE_NAME=brce +EXTERNAL_CONTAINER_BRIDGE_DEVICE=${EXTERNAL_CONTAINER_BRIDGE_NAME}-dev + +EXTERNAL_CONTAINER_BOND_NAME=bondce +EXTERNAL_CONTAINER_BOND_DEVICE=${EXTERNAL_CONTAINER_BOND_NAME}-dev +EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-1 +EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=encf +EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-2 +EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=enc12 + + +ip link set $INTERNAL_HOST_BOND_SLAVE_1_DEVICE mtu 1500 +ip link set $INTERNAL_HOST_BOND_SLAVE_2_DEVICE mtu 1500 +ip link set $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500 +ip link set $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500 +ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500 +ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500 + +chzdev 0.0.0009 bridge_role=primary +chzdev 0.0.000c bridge_role=primary +chzdev 0.0.000f bridge_role=primary +chzdev 0.0.0012 bridge_role=primary + +nmcli --terse connection show \ + | grep --invert-match ':lo$' \ + | while read CONNECTION_LINE +do + CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') + nmcli connection delete uuid "$CONNECTION_UUID" +done + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_HOST_BOND_NAME \ + connection.interface-name $INTERNAL_HOST_BOND_DEVICE \ + connection.type bond \ + 802-3-ethernet.mtu 1500 \ + bond.options "mode=active-backup,miimon=100" \ + ipv4.addresses "10.228.121.190/16" \ + ipv4.dns "10.228.109.159, 10.228.92.159" \ + ipv4.dns-search "in.useribm.hu" \ + ipv4.gateway "10.228.109.254" \ + ipv4.method "manual" \ + ipv4.route-metric "100" \ + ipv6.addresses "2001:1aa1:000a:7dae:82c4:6bff:fe00:c3d8/64" \ + ipv6.dns "2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f, 2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f" \ + ipv6.dns-search "in.useribm.hu" \ + ipv6.gateway "2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe" \ + ipv6.method "manual" \ + ipv6.route-metric "100" \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_HOST_BOND_SLAVE_1_NAME \ + connection.interface-name $INTERNAL_HOST_BOND_SLAVE_1_DEVICE \ + connection.master $INTERNAL_HOST_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_HOST_BOND_SLAVE_2_NAME \ + connection.interface-name $INTERNAL_HOST_BOND_SLAVE_2_DEVICE \ + connection.master $INTERNAL_HOST_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BRIDGE_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.type bridge \ + 802-3-ethernet.mtu 1500 \ + ipv4.method "disabled" \ + ipv6.method "disabled" \ + bridge.stp no \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BOND_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BOND_DEVICE \ + connection.type bond \ + connection.master $INTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.slave-type bridge \ + 802-3-ethernet.mtu 1500 \ + bond.options "mode=active-backup,miimon=100" \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BOND_SLAVE_1_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \ + connection.master $INTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BOND_SLAVE_2_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \ + connection.master $INTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $HOST_ONLY_CONTAINER_BRIDGE_NAME \ + connection.interface-name $HOST_ONLY_CONTAINER_BRIDGE_DEVICE \ + connection.type bridge \ + 802-3-ethernet.mtu 9000 \ + ipv4.method "disabled" \ + ipv6.method "disabled" \ + bridge.stp no \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BRIDGE_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.type bridge \ + 802-3-ethernet.mtu 1500 \ + ipv4.method "disabled" \ + ipv6.method "disabled" \ + bridge.stp no \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BOND_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BOND_DEVICE \ + connection.type bond \ + connection.master $EXTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.slave-type bridge \ + 802-3-ethernet.mtu 1500 \ + bond.options "mode=active-backup,miimon=100" \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \ + connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \ + connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection show diff --git a/sources/l1chost.in/02_addremovepackages.sh b/sources/l1chost.in/02_addremovepackages.sh new file mode 100755 index 0000000..36b1bc9 --- /dev/null +++ b/sources/l1chost.in/02_addremovepackages.sh @@ -0,0 +1,72 @@ +#!/bin/sh + + +dnf remove \ + bluez \ + c-ares \ + dhcp-client \ + duktape \ + f2fs-tools \ + firewalld \ + *firmware \ + *fonts \ + fuse3-libs \ + fwupd \ + gawk-all-langpacks \ + hunspell* \ + inih \ + jq \ + libsemanage \ + linux-firmware \ + memstrack \ + ModemManager-glib \ + mpdecimal \ + nano \ + nilfs-utils \ + ntfs-3g \ + ntfs-3g-libs \ + pcsc-lite* \ + perl* \ + pigz \ + python3* \ + qrencode-libs \ + sssd-* \ + tpm2-* \ + udftools \ + xkeyboard-config \ + zram-generator* + +dnf install \ + --setopt=install_weak_deps=False \ + atop \ + bonnie++ \ + btrfs-progs \ + cronie \ + crontabs \ + git \ + libvirt \ + logrotate \ + lsof \ + lxc \ + lxc-templates \ + lxcfs \ + mailx \ + man-pages \ + openssl \ + pciutils \ + postfix \ + python-unversioned-command \ + qemu-kvm \ + rsync-daemon \ + rsyslog \ + rsyslog-relp \ + s390utils \ + screen \ + speedtest-cli \ + sysstat \ + tar \ + unzip \ + vim-enhanced \ + virt-manager \ + wget2 \ + zip diff --git a/sources/l1chost.in/99_configuresystem.sh b/sources/l1chost.in/99_configuresystem.sh new file mode 100755 index 0000000..39c60c8 --- /dev/null +++ b/sources/l1chost.in/99_configuresystem.sh @@ -0,0 +1,78 @@ +#!/bin/sh + + +SCRIPT_PATH=$(dirname $(realpath $0)) +#BASE_PATH=$(dirname $SCRIPT_PATH) + +find $SCRIPT_PATH/etc -type f | sort | while read FILE +do + FILE_TYPE=$(echo $FILE | sed 's/^.*\.\([^\.]*\)$/\1/') + TARGET_FILE=$(echo $FILE | sed "s|^${SCRIPT_PATH}||") + #echo $FILE $FILE_TYPE $TARGET_FILE + case $FILE_TYPE in + "add") + TARGET_FILE=$(echo $TARGET_FILE | sed 's/\.add$//') + while read -r LINE + do + MATCHES=$(grep --count "^${LINE}$" $TARGET_FILE) + if [ $MATCHES -eq 0 ] + then + echo "Add \"$LINE\" to $TARGET_FILE" + fi + done <$FILE + ;; + "append") + TARGET_FILE=$(echo $TARGET_FILE | sed 's/\.append$//') + FILE_CS=$(cat $FILE | md5sum) + FILE_LINES=$(cat $FILE | wc -l) + TARGET_FILE_CS=$(tail -n $FILE_LINES $TARGET_FILE | md5sum) + if [ "$FILE_CS" != "$TARGET_FILE_CS" ] + then + echo "cat $FILE >>$TARGET_FILE" + fi + ;; + "set") + TARGET_FILE=$(echo $TARGET_FILE | sed 's/\.set$//') + while read -r LINE + do + MATCHES=$(grep --count "^${LINE}$" $TARGET_FILE) + if [ $MATCHES -eq 0 ] + then + echo "Set \"$LINE\" in $TARGET_FILE" + fi + done <$FILE + ;; + *) + if [ -f $TARGET_FILE ] + then + FILE_CS=$(cat $FILE | md5sum) + TARGET_FILE_CS=$(cat $TARGET_FILE | md5sum) + if [ "$FILE_CS" != "$TARGET_FILE_CS" ] + then + echo "cat $FILE >$TARGET_FILE" + fi + else + echo "cat $FILE >$TARGET_FILE" + fi + esac +done + +if [ ! -d /lxc ] +then + echo + echo "mkdir /lxc" +fi +echo +echo 'localectl set-locale LANG=en_US.UTF-8 LC_TIME=C.UTF-8 LC_PAPER=C.UTF-8' +echo +echo 'git config set --global user.name "Zoltán Felleg"' +echo 'git config set --global user.email "zoltan.felleg@userrendszerhaz.hu"' +echo 'git config set --global core.editor "vim"' +echo +echo "systemctl enable lxc" +echo "systemctl enable lxc-net" +echo "systemctl enable lxcfs" +#echo "systemctl enable postfix" +echo +echo "dnf --refresh update" +echo "reboot" diff --git a/sources/l1chost.in/etc/chrony.conf.add b/sources/l1chost.in/etc/chrony.conf.add new file mode 100644 index 0000000..545a163 --- /dev/null +++ b/sources/l1chost.in/etc/chrony.conf.add @@ -0,0 +1 @@ +allow all diff --git a/sources/l1chost.in/etc/crontab.append b/sources/l1chost.in/etc/crontab.append new file mode 100644 index 0000000..fc64615 --- /dev/null +++ b/sources/l1chost.in/etc/crontab.append @@ -0,0 +1,2 @@ +MAILTO= +0 */8 * * * root [ -x /lxc/scripts/rsyncbackup.sh ] && /lxc/scripts/cron.rsyncbackup.sh diff --git a/sources/l1chost.in/etc/dnf/dnf.conf.append b/sources/l1chost.in/etc/dnf/dnf.conf.append new file mode 100644 index 0000000..fd63a07 --- /dev/null +++ b/sources/l1chost.in/etc/dnf/dnf.conf.append @@ -0,0 +1,3 @@ +install_weak_deps=False +max_parallel_downloads=10 +skip_if_unavailable=True diff --git a/sources/l1chost.in/etc/lxc/lxc.conf b/sources/l1chost.in/etc/lxc/lxc.conf new file mode 100644 index 0000000..48f7ddf --- /dev/null +++ b/sources/l1chost.in/etc/lxc/lxc.conf @@ -0,0 +1 @@ +lxc.lxcpath = /lxc/containers diff --git a/sources/l1chost.in/etc/multipath.conf.append b/sources/l1chost.in/etc/multipath.conf.append new file mode 100644 index 0000000..7cbd90f --- /dev/null +++ b/sources/l1chost.in/etc/multipath.conf.append @@ -0,0 +1,11 @@ + +multipaths { + multipath { + wwid 360050763808103088c000000000002cf + alias pv-root + } + multipath { + wwid 360050763808103088c000000000002d0 + alias pv-lxc + } +} diff --git a/sources/l1chost.in/etc/subgid.append b/sources/l1chost.in/etc/subgid.append new file mode 100644 index 0000000..cc89f03 --- /dev/null +++ b/sources/l1chost.in/etc/subgid.append @@ -0,0 +1 @@ +root:100000:100000 diff --git a/sources/l1chost.in/etc/subuid.append b/sources/l1chost.in/etc/subuid.append new file mode 100644 index 0000000..cc89f03 --- /dev/null +++ b/sources/l1chost.in/etc/subuid.append @@ -0,0 +1 @@ +root:100000:100000 diff --git a/sources/l1chost.in/etc/sysconfig/lxc-net.set b/sources/l1chost.in/etc/sysconfig/lxc-net.set new file mode 100644 index 0000000..3e6807b --- /dev/null +++ b/sources/l1chost.in/etc/sysconfig/lxc-net.set @@ -0,0 +1 @@ +USE_LXC_BRIDGE="false" diff --git a/sources/l1chost.in/etc/sysctl.d/01-lxc.conf b/sources/l1chost.in/etc/sysctl.d/01-lxc.conf new file mode 100644 index 0000000..db6aa47 --- /dev/null +++ b/sources/l1chost.in/etc/sysctl.d/01-lxc.conf @@ -0,0 +1 @@ +fs.inotify.max_user_instances = 1024 diff --git a/sources/l1chost.in/install-and-configure.txt b/sources/l1chost.in/install-and-configure.txt new file mode 100644 index 0000000..f442c95 --- /dev/null +++ b/sources/l1chost.in/install-and-configure.txt @@ -0,0 +1,28 @@ +================ +=== INSTALL === +================ +1. download Fedora-Everything-netinst-s390x.iso +2. mount it (mount Fedora-Everything-netinst-s390x.iso -o loop,ro) +3. copy its contents to a directory (cp -a ) +4. copy generic.ins to kickstart.ins +5. replace generic.prm with kickstart.prm in kickstart.ins +6. copy kickstart.prm to images +7. create a kickstart iso image (genisoimage -J -r -o ) +8. set boot parameters for the partition +8.1 set "Partition Details -> Boot -> Boot from:" to ISO Image +8.2 set "Partition Details -> Boot -> ISO Image file:" to +8.3 set "Partition Details -> Boot -> .INS file:" to /kickstart.ins + +on the http server: +1. create the os and update repositories +2. create the ks.cfg file/script + +================= +=== CONFIGURE === +================= +1. find / -print0 | xargs -0 setfattr -h -x security.selinux +2. run 02_addremovepackages.sh +3. git clone https://git.useribm.hu/user-ssh.git +4. setup ssh (see user-ssh/doc.txt) +5. userdel -r zfelleg +6. set root password diff --git a/sources/l1chost.in/kickstart.prm b/sources/l1chost.in/kickstart.prm new file mode 100644 index 0000000..b5a23ff --- /dev/null +++ b/sources/l1chost.in/kickstart.prm @@ -0,0 +1,7 @@ +ro ramdisk_size=40000 cio_ignore=all,!condev +ip=enc1:dhcp +inst.repo=http://store.in.useribm.hu/linux/fedora/releases/41/Everything/s390x/os +inst.ks=http://store.in.useribm.hu/linux/fedora/ks.cfg +inst.ks.sendmac +kinst.ks.sendsn +inst.selinux=0 diff --git a/sources/l1chost.in/ks.cfg b/sources/l1chost.in/ks.cfg new file mode 100644 index 0000000..53f84c9 --- /dev/null +++ b/sources/l1chost.in/ks.cfg @@ -0,0 +1,67 @@ +# Reboot after installation +reboot + +# Keyboard layouts +keyboard --vckeymap=us --xlayouts='us' +# System language +lang en_US.UTF-8 + +# Network information +network --activate --bootproto=static --device=enc1 --ip=10.228.121.190 --netmask=255.255.0.0 --gateway=10.228.109.254 --hostname=l1chost.in.useribm.hu --nameserver=10.228.92.159 --nameserver=10.228.109.159 + +# Use network installation +url --url="http://store.in.useribm.hu/linux/fedora/releases/$releasever/Everything/$basearch/os" +repo --name="local-updates" --baseurl=http://store.in.useribm.hu/linux/fedora/updates/$releasever/Everything/$basearch + +%packages +@core --nodefaults +%end + +# Logging +logging --host=log.in.useribm.hu + +# Use text mode install +text + +# Firewall configuration +firewall --disabled + +# SELinux configuration +selinux --disabled + +firstboot --disable +# Do not configure the X Window System +skipx + +# Use boot disk only +#ignoredisk --only-use=disk/by-id/scsi-360050763808103088c000000000002cf +# Ignore data disk +ignoredisk --drives=disk/by-id/scsi-360050763808103088c000000000002d0 + +# Clear the Master Boot Record +zerombr +# Clear all Partitions +clearpart --all --initlabel +#clearpart --all + +#autopart --type=lvm +partition /boot --size=1024 --asprimary --fstype=ext4 --label=boot +partition pv.01 --size=16384 --grow --asprimary --label=rootvg + +volgroup rootvg pv.01 + +logvol / --vgname=rootvg --name=root --fstype=ext4 --label=root --size=1024 +logvol /usr --vgname=rootvg --name=usr --fstype=ext4 --label=usr --size=4096 +logvol /var --vgname=rootvg --name=var --fstype=ext4 --label=var --size=16384 +logvol swap --vgname=rootvg --name=swap --fstype=swap --label=swap --size=16384 + +# System bootloader configuration +bootloader --append="rhgb quiet crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M" + +# System timezone +timezone Europe/Budapest --utc + +# Root password +rootpw --iscrypted $2b$10$ksJ/oZo1tKXo8MZiNmrvsecrk4oObAM0NDpAoVgcHTpe57qJ5l2RK + +user --name=zfelleg --groups=wheel --password=pwd --plaintext -- 2.54.0