Differences
This shows you the differences between two versions of the page.
| — |
linux:calculate [2017/02/21 18:58] (current) soda created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | # Calculate Directory Server | ||
| + | |||
| + | Download iso from https://calculate-linux.org | ||
| + | Use unetbootin to copy the iso on the USB flash drive | ||
| + | Boot the Live USB, you should get prompt which look like this: | ||
| + | |||
| + | '' # calculate '' | ||
| + | |||
| + | ## Command line Install | ||
| + | |||
| + | On the machine you like to install cl run: | ||
| + | |||
| + | <code> | ||
| + | |||
| + | </code> | ||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
| + | |||
| + | Taken from the Calculate Linux Documentation of "Calculate Utilities" | ||
| + | |||
| + | ## 3. Calculate Server utilities | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ### Introduction | ||
| + | |||
| + | Calculate Core Server utilities used to perform utility methods, such as installing, configuring the system, etc. and for network access clients ( cl-console and cl-console-gui ) protocol https Function Calculate utilities. Calculate the Core part of the Calculate Utilities 3. Install the server utility can be using the package sys-apps/calculate-core . | ||
| + | |||
| + | ### Getting started, creating a certificate | ||
| + | |||
| + | To run the utility, you must create a certificate in one of two ways: | ||
| + | * create a certificate signing request (the request) and sign a certificate from another server; | ||
| + | * create a self-signed root certificate and use it as a server certificate. | ||
| + | |||
| + | To run the utility server needs a server certificate. The root certificate is self-signed certificate is needed to sign another server utilities. | ||
| + | |||
| + | #### Signing certificate from another server utilities | ||
| + | |||
| + | To generate the secret key and request, as well as to send a request to use the utility server | ||
| + | <code> | ||
| + | cl-core --gen-cert-by HOST --port PORT | ||
| + | </code> | ||
| + | Where HOST - network address of the server utility, PORT - port that listens for a server utility (by default 8888) | ||
| + | For example, | ||
| + | <code> | ||
| + | cl-core --gen-cert-by 192.168.0.123 --port 4567 | ||
| + | </code> | ||
| + | After the signing of the certificate on the server utilities need to take it with the command | ||
| + | <code> | ||
| + | cl-core --get-cert-from ROOT_HOST --port PORT | ||
| + | </code> | ||
| + | Where ROOT_HOST - network address of the server utility, PORT - port that listens for a server utility (by default 8888) | ||
| + | For example, | ||
| + | <code> | ||
| + | cl-core --get-cert-from 192.168.0.123 --port 4567 | ||
| + | </code> | ||
| + | |||
| + | #### Creating a self-signed certificate | ||
| + | |||
| + | To create a self-signed root certificate, use the command | ||
| + | <code> | ||
| + | cl-core --gen-root-cert | ||
| + | </code> | ||
| + | To use the self-signed root certificate created by a utility server certificate, use the command | ||
| + | <code> | ||
| + | cl-core --use-root-as-server | ||
| + | </code> | ||
| + | |||
| + | #### Starting the server utilities | ||
| + | |||
| + | After generating a certificate server, you can run the utility with the command | ||
| + | <code> | ||
| + | cl-core --start | ||
| + | </code> | ||
| + | This utility server will listen on port 8888 for a port, use --port key, eg | ||
| + | <code> | ||
| + | cl-core --start --port 5648 | ||
| + | </code> | ||
| + | To run in debug mode (debug), --debug use the key | ||
| + | |||
| + | ### Actions with the utilities the server | ||
| + | |||
| + | #### Operation requests and certificates | ||
| + | |||
| + | ##### Viewing requests and certificates | ||
| + | |||
| + | Many utilities actions with the server can be performed directly on the server without the client. This requires superuser - root. | ||
| + | To view client requests using --show-request key with indicating the request number or the word "all" to view the list of requests, such as | ||
| + | <code> | ||
| + | cl-core --show-request all | ||
| + | cl-core --show-request 2 | ||
| + | </code> | ||
| + | To view client certificates signed using the key --cert with the number of the certificate or the word "all" to see the list of certificates, for example, | ||
| + | <code> | ||
| + | cl-core --cert all | ||
| + | |||
| + | cl-core --cert 2 | ||
| + | </code> | ||
| + | With the help of key --dump you can view all the certificates | ||
| + | <code> | ||
| + | cl-core --cert all --dump | ||
| + | </code> | ||
| + | or certificate contents of the file, for example | ||
| + | <code> | ||
| + | cl-core --cert 4 --dump | ||
| + | </code> | ||
| + | To view the certificate requests and server utilities use --server-cert key with the number or "all", for example, | ||
| + | <code> | ||
| + | cl-core --server-cert all | ||
| + | |||
| + | cl-core --server-cert 2 | ||
| + | </code> | ||
| + | |||
| + | ##### Signing requests and review the client certificate | ||
| + | |||
| + | For the signing of the client Certificate Signing Request using --sign-client key indicating the request number, for example | ||
| + | <code> | ||
| + | cl-core --sign-client 4 | ||
| + | </code> | ||
| + | Then enter the group rights for the new certificate (change it in the future is not possible). The signing by the server certificate. | ||
| + | If you want to reject the client request, use the key --del-client-req specifying the request number, for example | ||
| + | <code> | ||
| + | cl-core --del-client-req 4 | ||
| + | </code> | ||
| + | To clear a certificate signed by the client, together with an indication of the key --cert and certificate number, use --remove key, eg | ||
| + | <code> | ||
| + | cl-core --cert 4 --remove | ||
| + | </code> | ||
| + | Also, create a certificate user with the "all" group, you can use the command | ||
| + | <code> | ||
| + | cl-core --bootstrap username | ||
| + | </code> | ||
| + | for example, using the command | ||
| + | <code> | ||
| + | cl-core --bootstrap iivanov | ||
| + | </code> | ||
| + | |||
| + | iivanov user certificate will be created with the rights group "all" and added to the trusted certificate server utilities. | ||
| + | To remove all certificate requests, and configuration files on the server, together with key --bootstrap use --remove-certs key, for example: | ||
| + | <code> | ||
| + | cl-core --bootstrap iivanov --remove-certs | ||
| + | </code> | ||
| + | |||
| + | ##### Signing requests and review tools for server certificates | ||
| + | |||
| + | For the signing of a certificate signing request from another server utilities use --sign-server key request specifying the number, for example | ||
| + | <code> | ||
| + | cl-core --sign-server 4 | ||
| + | </code> | ||
| + | |||
| + | Signing the root certificate is carried out. | ||
| + | |||
| + | If you want to reject the request for the server utility, use the key --del-server-req specifying the request number, for example | ||
| + | <code> | ||
| + | cl-core --del-server-req 4 | ||
| + | </code> | ||
| + | To revoke a certificate signed by the utility server (adding a revocation list) use --revoke-cert key indicating the certificate number, eg | ||
| + | <code> | ||
| + | cl-core --revoke-cert 4 | ||
| + | </code> | ||
| + | |||
| + | To remove a CRL, use the command | ||
| + | <code> | ||
| + | cl-core --revoke-cert rm | ||
| + | </code> | ||
| + | |||
| + | ##### Changing certificates rights | ||
| + | |||
| + | Rights for the default certificate groups are stored in a file /var/calculate/server/conf/group_right.conf as follows: group right1 [, right2 [, right3 ...]], for example, | ||
| + | <code> | ||
| + | manager install, get-sessions, request | ||
| + | user get-sessions, request, view_cert | ||
| + | </code> | ||
| + | To change the rights of a particular certificate file used /var/calculate/server/conf/right.conf , where you want to enter a license and certificate numbers, for example, | ||
| + | <code> | ||
| + | install February 1 -3 | ||
| + | </code> | ||
| + | for certificates with the numbers 1 and 2 to add a right of action to remove it and install the certificate with the number 3. | ||
| + | Rights for a particular certificate have priority over the rights to the group certificate. | ||
| + | To change the rights of a particular client certificate used keys --right-add and --right-del in cooperation with key --cert, eg | ||
| + | <code> | ||
| + | cl-core -c 6 --right-del install_pxe, install | ||
| + | cl-core -c 7 --right-add install_pxe, install, configure_video | ||
| + | </code> | ||
| + | In the example for a certificate with the number 6, a ban on the methods that require the right install_pxe and the install, and for a certificate with the number 7 to set permissions on install_pxe methods, and the install configure_video. | ||
| + | |||
| + | #### Local Launch processes | ||
| + | |||
| + | ##### Starting methods using key --method | ||
| + | |||
| + | All actions on the server utility can be run through a client ( cl-the console-the gui , cl-the console ), with the use of encryption certificates and let you perform operations on remote utility servers, and with the help of server utilities themselves performing actions directly and only on local utilities servers. | ||
| + | To view all available actions on the server utility, use the command | ||
| + | <code> | ||
| + | # cl-core --list-methods | ||
| + | |||
| + | install - Installation of the system | ||
| + | setup_boot - Download | ||
| + | core_setup - Configuring package | ||
| + | ... | ||
| + | </code> | ||
| + | To start the method, use the command | ||
| + | <code> | ||
| + | cl-core --method METHOD | ||
| + | </code> | ||
| + | eg: | ||
| + | <code> | ||
| + | cl-core --method install --iso /path_to_image/cld-x86_64.iso -d / dev / sda1: swap -d / dev / sda2: /: ext4: on | ||
| + | </code> | ||
| + | To view the certificate action, use the command | ||
| + | <code> | ||
| + | cl-core --method METHOD --help | ||
| + | </code> | ||
| + | eg: | ||
| + | <code> | ||
| + | cl-core --method install --help | ||
| + | </code> | ||
| + | Key -f, --force sets the mode in which the user did not ask questions and pre-settings (brief) are not displayed. | ||
| + | Key --no-progress show or hide the progress bar (the progress of the current task). | ||
| + | |||
| + | #### References to methods | ||
| + | |||
| + | When installing the system for all actions on the server utilities create a symbolic link of the form cl-method, which method - the method name, which can be accessed using cl-core --list-methods. For example, for the method setup_network link will command cl-setup-network ( "_" are replaced by "-"). | ||
| + | To create the missing links and remove references to the server utilities use the lack of action | ||
| + | <code> | ||
| + | cl-core --create-symlink | ||
| + | </code> | ||
| + | Execute the command cl-core and all the symbolic links to it can only be the root user. | ||
| + | All symbolic links work on the principle of the method call to the server utilities - only on the local machine without the use of certificates and encryption. | ||
| + | |||
| + | ### Other action | ||
| + | |||
| + | Check configuration (a certificate and a secret key, matching them to each other, as well as whether the certificate is valid) by using key --check | ||
| + | Specify the path to for event logging (logs), you can use --log-path key, for example: | ||
| + | <code> | ||
| + | cl-core --log-path / var / log / calculate / mylogs / | ||
| + | </code> | ||
| + | The default log file - /var/log/calculate/logging_cl_core.out. | ||
| + | Specifying the path to the PID file by using --pid-file PIDFILE key | ||
| + | In addition, there are two options for the display of progress in the implementation of the GUI: | ||
| + | * --gui-progress - a progress indicator displays in the GUI | ||
| + | * --gui-warning - displays the warnings at the end of | ||
| + | Sending password from standard input by using the -P option, for example: | ||
| + | <code> | ||
| + | cat pass | cl-core -P --method install -u test -f | ||
| + | </code> | ||
| + | -P Option must be used together with the -f option, because when redirecting I / O streams to use the interactive mode is not possible. | ||
| + | |||
| + | ### Standard methods for server utilities | ||
| + | |||
| + | All utilities server methods are divided into categories. In version 3.2.0 server utilities have the following standard categories: Client Setup, Update, Desk, Installation and Utilities. | ||
| + | |||
| + | #### Client | ||
| + | |||
| + | Category client includes methods to change the behavior of the system (local / domain) and to change user passwords. | ||
| + | |||
| + | #### setting | ||
| + | |||
| + | Category Setting includes methods to configure the system parameters and packages. | ||
| + | |||
| + | #### update | ||
| + | |||
| + | Category Update includes methods to update the system settings and change profile. | ||
| + | |||
| + | #### Desktop | ||
| + | |||
| + | Category Desk includes methods to force the release of the user session, and configure user profiles. | ||
| + | |||
| + | #### setting | ||
| + | |||
| + | Category Installation includes methods for installation. | ||
| + | |||
| + | Utilities | ||
| + | Category Utilities includes methods for working with certificates, certificate requests and group rights. | ||
| + | | ||
| + | © 2007-2016 Calculate Ltd. | ||
| + | Easy Linux from the Source | ||
