Calculate Directory Server
Download iso from https://calculate-linux.org Use unetbootin to copy the iso on the USB flash drive Boot the Live USB, you should get prompt which look like this:
# calculate
Command line Install
On the machine you like to install cl run:
Taken from the Calculate Linux Documentation of “Calculate Utilities”
3. Calculate Server utilities
Introduction
Calculate Core Server utilities used to perform utility methods, such as installing, configuring the system, etc. and for network access clients ( cl-console and cl-console-gui ) protocol https Function Calculate utilities. Calculate the Core part of the Calculate Utilities 3. Install the server utility can be using the package sys-apps/calculate-core .
Getting started, creating a certificate
To run the utility, you must create a certificate in one of two ways:
- create a certificate signing request (the request) and sign a certificate from another server;
- create a self-signed root certificate and use it as a server certificate.
To run the utility server needs a server certificate. The root certificate is self-signed certificate is needed to sign another server utilities.
Signing certificate from another server utilities
To generate the secret key and request, as well as to send a request to use the utility server
cl-core --gen-cert-by HOST --port PORT
Where HOST - network address of the server utility, PORT - port that listens for a server utility (by default 8888) For example,
cl-core --gen-cert-by 192.168.0.123 --port 4567
After the signing of the certificate on the server utilities need to take it with the command
cl-core --get-cert-from ROOT_HOST --port PORT
Where ROOT_HOST - network address of the server utility, PORT - port that listens for a server utility (by default 8888) For example,
cl-core --get-cert-from 192.168.0.123 --port 4567
Creating a self-signed certificate
To create a self-signed root certificate, use the command
cl-core --gen-root-cert
To use the self-signed root certificate created by a utility server certificate, use the command
cl-core --use-root-as-server
Starting the server utilities
After generating a certificate server, you can run the utility with the command
cl-core --start
This utility server will listen on port 8888 for a port, use –port key, eg
cl-core --start --port 5648
To run in debug mode (debug), –debug use the key
Actions with the utilities the server
Operation requests and certificates
Viewing requests and certificates
Many utilities actions with the server can be performed directly on the server without the client. This requires superuser - root. To view client requests using –show-request key with indicating the request number or the word “all” to view the list of requests, such as
cl-core --show-request all cl-core --show-request 2
To view client certificates signed using the key –cert with the number of the certificate or the word “all” to see the list of certificates, for example,
cl-core --cert all cl-core --cert 2
With the help of key –dump you can view all the certificates
cl-core --cert all --dump
or certificate contents of the file, for example
cl-core --cert 4 --dump
To view the certificate requests and server utilities use –server-cert key with the number or “all”, for example,
cl-core --server-cert all cl-core --server-cert 2
Signing requests and review the client certificate
For the signing of the client Certificate Signing Request using –sign-client key indicating the request number, for example
cl-core --sign-client 4
Then enter the group rights for the new certificate (change it in the future is not possible). The signing by the server certificate. If you want to reject the client request, use the key –del-client-req specifying the request number, for example
cl-core --del-client-req 4
To clear a certificate signed by the client, together with an indication of the key –cert and certificate number, use –remove key, eg
cl-core --cert 4 --remove
Also, create a certificate user with the “all” group, you can use the command
cl-core --bootstrap username
for example, using the command
cl-core --bootstrap iivanov
iivanov user certificate will be created with the rights group “all” and added to the trusted certificate server utilities. To remove all certificate requests, and configuration files on the server, together with key –bootstrap use –remove-certs key, for example:
cl-core --bootstrap iivanov --remove-certs
Signing requests and review tools for server certificates
For the signing of a certificate signing request from another server utilities use –sign-server key request specifying the number, for example
cl-core --sign-server 4
Signing the root certificate is carried out.
If you want to reject the request for the server utility, use the key –del-server-req specifying the request number, for example
cl-core --del-server-req 4
To revoke a certificate signed by the utility server (adding a revocation list) use –revoke-cert key indicating the certificate number, eg
cl-core --revoke-cert 4
To remove a CRL, use the command
cl-core --revoke-cert rm
Changing certificates rights
Rights for the default certificate groups are stored in a file /var/calculate/server/conf/groupright.conf as follows: group right1 [, right2 [, right3 …]], for example, <code> manager install, get-sessions, request user get-sessions, request, viewcert </code> To change the rights of a particular certificate file used /var/calculate/server/conf/right.conf , where you want to enter a license and certificate numbers, for example,
install February 1 -3
for certificates with the numbers 1 and 2 to add a right of action to remove it and install the certificate with the number 3. Rights for a particular certificate have priority over the rights to the group certificate. To change the rights of a particular client certificate used keys –right-add and –right-del in cooperation with key –cert, eg
cl-core -c 6 --right-del install_pxe, install cl-core -c 7 --right-add install_pxe, install, configure_video
In the example for a certificate with the number 6, a ban on the methods that require the right installpxe and the install, and for a certificate with the number 7 to set permissions on installpxe methods, and the install configure_video.
Local Launch processes
Starting methods using key --method
All actions on the server utility can be run through a client ( cl-the console-the gui , cl-the console ), with the use of encryption certificates and let you perform operations on remote utility servers, and with the help of server utilities themselves performing actions directly and only on local utilities servers. To view all available actions on the server utility, use the command
# cl-core --list-methods install - Installation of the system setup_boot - Download core_setup - Configuring package ...
To start the method, use the command
cl-core --method METHOD
eg:
cl-core --method install --iso /path_to_image/cld-x86_64.iso -d / dev / sda1: swap -d / dev / sda2: /: ext4: on
To view the certificate action, use the command
cl-core --method METHOD --help
eg:
cl-core --method install --help
Key -f, –force sets the mode in which the user did not ask questions and pre-settings (brief) are not displayed. Key –no-progress show or hide the progress bar (the progress of the current task).
References to methods
When installing the system for all actions on the server utilities create a symbolic link of the form cl-method, which method - the method name, which can be accessed using cl-core –list-methods. For example, for the method setupnetwork link will command cl-setup-network ( “” are replaced by “-”). To create the missing links and remove references to the server utilities use the lack of action
cl-core --create-symlink
Execute the command cl-core and all the symbolic links to it can only be the root user. All symbolic links work on the principle of the method call to the server utilities - only on the local machine without the use of certificates and encryption.
Other action
Check configuration (a certificate and a secret key, matching them to each other, as well as whether the certificate is valid) by using key –check Specify the path to for event logging (logs), you can use –log-path key, for example:
cl-core --log-path / var / log / calculate / mylogs /
The default log file - /var/log/calculate/loggingclcore.out. Specifying the path to the PID file by using –pid-file PIDFILE key In addition, there are two options for the display of progress in the implementation of the GUI:
- –gui-progress - a progress indicator displays in the GUI
- –gui-warning - displays the warnings at the end of
Sending password from standard input by using the -P option, for example:
cat pass | cl-core -P --method install -u test -f
-P Option must be used together with the -f option, because when redirecting I / O streams to use the interactive mode is not possible.
Standard methods for server utilities
All utilities server methods are divided into categories. In version 3.2.0 server utilities have the following standard categories: Client Setup, Update, Desk, Installation and Utilities.
Client
Category client includes methods to change the behavior of the system (local / domain) and to change user passwords.
setting
Category Setting includes methods to configure the system parameters and packages.
update
Category Update includes methods to update the system settings and change profile.
Desktop
Category Desk includes methods to force the release of the user session, and configure user profiles.
setting
Category Installation includes methods for installation.
Utilities Category Utilities includes methods for working with certificates, certificate requests and group rights.
© 2007-2016 Calculate Ltd. Easy Linux from the Source