Calculate Directory Server

Download iso from https://calculate-linux.org Use unetbootin to copy the iso on the USB flash drive Boot the Live USB, you should get prompt which look like this:

# calculate

On the machine you like to install cl run:

Taken from the Calculate Linux Documentation of “Calculate Utilities”

Calculate Core Server utilities used to perform utility methods, such as installing, configuring the system, etc. and for network access clients ( cl-console and cl-console-gui ) protocol https Function Calculate utilities. Calculate the Core part of the Calculate Utilities 3. Install the server utility can be using the package sys-apps/calculate-core .

To run the utility, you must create a certificate in one of two ways:

• create a certificate signing request (the request) and sign a certificate from another server;
• create a self-signed root certificate and use it as a server certificate.

To run the utility server needs a server certificate. The root certificate is self-signed certificate is needed to sign another server utilities.

To generate the secret key and request, as well as to send a request to use the utility server

 cl-core --gen-cert-by HOST --port PORT

Where HOST - network address of the server utility, PORT - port that listens for a server utility (by default 8888) For example,

 cl-core --gen-cert-by 192.168.0.123 --port 4567

After the signing of the certificate on the server utilities need to take it with the command

 cl-core --get-cert-from ROOT_HOST --port PORT

Where ROOT_HOST - network address of the server utility, PORT - port that listens for a server utility (by default 8888) For example,

 cl-core --get-cert-from 192.168.0.123 --port 4567

To create a self-signed root certificate, use the command

 cl-core --gen-root-cert

To use the self-signed root certificate created by a utility server certificate, use the command

 cl-core --use-root-as-server

After generating a certificate server, you can run the utility with the command

 cl-core --start

This utility server will listen on port 8888 for a port, use –port key, eg

 cl-core --start --port 5648

To run in debug mode (debug), –debug use the key

Many utilities actions with the server can be performed directly on the server without the client. This requires superuser - root. To view client requests using –show-request key with indicating the request number or the word “all” to view the list of requests, such as

 cl-core --show-request all
 cl-core --show-request 2

To view client certificates signed using the key –cert with the number of the certificate or the word “all” to see the list of certificates, for example,

 cl-core --cert all

 cl-core --cert 2

With the help of key –dump you can view all the certificates

 cl-core --cert all --dump

or certificate contents of the file, for example

 cl-core --cert 4 --dump

To view the certificate requests and server utilities use –server-cert key with the number or “all”, for example,

 cl-core --server-cert all

 cl-core --server-cert 2

For the signing of the client Certificate Signing Request using –sign-client key indicating the request number, for example

 cl-core --sign-client 4

Then enter the group rights for the new certificate (change it in the future is not possible). The signing by the server certificate. If you want to reject the client request, use the key –del-client-req specifying the request number, for example

 cl-core --del-client-req 4

To clear a certificate signed by the client, together with an indication of the key –cert and certificate number, use –remove key, eg

 cl-core --cert 4 --remove

Also, create a certificate user with the “all” group, you can use the command

 cl-core --bootstrap username

for example, using the command

 cl-core --bootstrap iivanov

iivanov user certificate will be created with the rights group “all” and added to the trusted certificate server utilities. To remove all certificate requests, and configuration files on the server, together with key –bootstrap use –remove-certs key, for example:

 cl-core --bootstrap iivanov --remove-certs

For the signing of a certificate signing request from another server utilities use –sign-server key request specifying the number, for example

 cl-core --sign-server 4

Signing the root certificate is carried out.

If you want to reject the request for the server utility, use the key –del-server-req specifying the request number, for example

 cl-core --del-server-req 4

To revoke a certificate signed by the utility server (adding a revocation list) use –revoke-cert key indicating the certificate number, eg

 cl-core --revoke-cert 4

To remove a CRL, use the command

 cl-core --revoke-cert rm

Rights for the default certificate groups are stored in a file /var/calculate/server/conf/groupright.conf as follows: group right1 [, right2 [, right3 …]], for example, <code> manager install, get-sessions, request user get-sessions, request, viewcert </code> To change the rights of a particular certificate file used /var/calculate/server/conf/right.conf , where you want to enter a license and certificate numbers, for example,

 install February 1 -3

for certificates with the numbers 1 and 2 to add a right of action to remove it and install the certificate with the number 3. Rights for a particular certificate have priority over the rights to the group certificate. To change the rights of a particular client certificate used keys –right-add and –right-del in cooperation with key –cert, eg

 cl-core -c 6 --right-del install_pxe, install
 cl-core -c 7 --right-add install_pxe, install, configure_video

In the example for a certificate with the number 6, a ban on the methods that require the right installpxe and the install, and for a certificate with the number 7 to set permissions on installpxe methods, and the install configure_video.

All actions on the server utility can be run through a client ( cl-the console-the gui , cl-the console ), with the use of encryption certificates and let you perform operations on remote utility servers, and with the help of server utilities themselves performing actions directly and only on local utilities servers. To view all available actions on the server utility, use the command

 # cl-core --list-methods

 install - Installation of the system
 setup_boot - Download
 core_setup - Configuring package
 ...

To start the method, use the command

 
 cl-core --method METHOD

eg:

 cl-core --method install --iso /path_to_image/cld-x86_64.iso -d / dev / sda1: swap -d / dev / sda2: /: ext4: on

To view the certificate action, use the command

 
 cl-core --method METHOD --help

eg:

 cl-core --method install --help

Key -f, –force sets the mode in which the user did not ask questions and pre-settings (brief) are not displayed. Key –no-progress show or hide the progress bar (the progress of the current task).

When installing the system for all actions on the server utilities create a symbolic link of the form cl-method, which method - the method name, which can be accessed using cl-core –list-methods. For example, for the method setupnetwork link will command cl-setup-network ( “” are replaced by “-”). To create the missing links and remove references to the server utilities use the lack of action

 cl-core --create-symlink

Execute the command cl-core and all the symbolic links to it can only be the root user. All symbolic links work on the principle of the method call to the server utilities - only on the local machine without the use of certificates and encryption.

Check configuration (a certificate and a secret key, matching them to each other, as well as whether the certificate is valid) by using key –check Specify the path to for event logging (logs), you can use –log-path key, for example:

 cl-core --log-path / var / log / calculate / mylogs /

The default log file - /var/log/calculate/loggingclcore.out. Specifying the path to the PID file by using –pid-file PIDFILE key In addition, there are two options for the display of progress in the implementation of the GUI:

• –gui-progress - a progress indicator displays in the GUI
• –gui-warning - displays the warnings at the end of

Sending password from standard input by using the -P option, for example:

 cat pass |  cl-core -P --method install -u test -f

-P Option must be used together with the -f option, because when redirecting I / O streams to use the interactive mode is not possible.

All utilities server methods are divided into categories. In version 3.2.0 server utilities have the following standard categories: Client Setup, Update, Desk, Installation and Utilities.

Category client includes methods to change the behavior of the system (local / domain) and to change user passwords.

Category Setting includes methods to configure the system parameters and packages.

Category Update includes methods to update the system settings and change profile.

Category Desk includes methods to force the release of the user session, and configure user profiles.

Category Installation includes methods for installation.

Utilities Category Utilities includes methods for working with certificates, certificate requests and group rights.

© 2007-2016 Calculate Ltd. Easy Linux from the Source