diff --git a/README.md b/README.md new file mode 100644 index 0000000000000000000000000000000000000000..4d3e55665be8e8c89777e7a306e9c8bb0a8d9688 --- /dev/null +++ b/README.md @@ -0,0 +1,81 @@ +# openEuler 文档 + +[English](./README-en.md) | 简体中文 + +## 介绍 + +openEuler Docs 仓旨在为帮助社区用户快速了解 openEuler 各类项目,本仓包含了 openEuler 社区的所有文档,包括发行说明、操作系统安装、管理员指南、虚拟化和容器的使用指导等内容。 + +## 如何查看版本分支对应关系 + +openEuler 目前提供以下两类版本: + +- 长期支持 (LTS)版本:openEuler 发布间隔周期定为2年,提供4年社区支持,在较长的时间内获得安全、维护和功能的更新。 +- 社区创新版本:每隔6个月会发布一个社区创新版本,具有最新的硬软件支持。 + +Docs 当前使用以下三类分支,长期支持版本和社区创新版本分别以 20.03 LTS SP4 和 20.09 为例: +| 分支 | 说明 | 内容呈现 | +|-----|----|----| +| master | 开发分支,为默认分支|-| +| stable2-20.03_LTS_SP4 | 20.03 LTS 版本 SP4 版本分支 | 分支内容呈现在[openEuler社区](https://openeuler.org/)网站“文档->20.03 LTS SP4” | +| stable2-20.09 | 20.09 版本分支 | 分支内容呈现在[openEuler社区](https://openeuler.org/)网站“文档->20.09” | + +## 资料清单 + +| 文档名称 | 开发类型 | 文件夹 | +|-----|----|----| +| 法律声明 | 更新 | Releasenotes | +| 发行说明 | 更新 | Releasenotes | +| 快速入门 | 更新 | Quickstart | +| 安装指南 | 更新 | Installation | +| 管理员指南 | 更新 | Administration | +| 安全加固指南 | 更新 | SecHarden | +| 虚拟化用户指南 | 更新 | Virtualization | +| StratoVirt用户指南 | 更新 | StratoVirt | +| 容器用户指南 | 更新 | Container | +| A-Tune 用户指南 | 更新 | A-Tune | +| 应用开发指南 | 更新 | ApplicationDev | +| secGear 开发指南 | 更新 | secGear | +| HA 用户指南 | 更新 | HA | +| Kubernetes 集群部署指南 | 更新 | Kubernetes | +| 第三方软件安装指南 | 更新 | thirdparty_migration | +| 桌面环境用户指南 | 更新 | desktop | +| A-Ops用户指南 | 更新 | A-Ops | +| 裁剪定制工具使用指南 | 更新 | TailorCustom | +| GCC用户指南 | 新增 | TailorCustom | +| ENFS特性 | 新增 | TailorCustom | + +## 如何在Docs中查找文档 + +进入[Docs 仓](https://gitee.com/openeuler/docs), 选择 stable2-20.03_LTS_SP4 分支,进入 “docs” 文件夹,该文件夹包含了中文(“zh”文件夹)和英文(“en”文件夹)两种语言文档,以中文文档举例进行说明。在“zh”文件夹中,“docs”文件夹包含了文档的内容,“menu”展示了具体文档与 Docs 官网目录的映射关系。 “docs” 文件夹与各手册的对应关系可参考资料清单。 + +## 如何修改文档 + +当openEuler版本信息有刷新时,这里文档也需要刷新。很感谢您愿意提供刷新内容。 +请阅读[openEuler 开源社区贡献指南](https://gitee.com/openeuler/docs/blob/master/contribute/openEuler%E5%BC%80%E6%BA%90%E7%A4%BE%E5%8C%BA%E8%B4%A1%E7%8C%AE%E6%8C%87%E5%8D%97.md)进行操作参考。 + +## 如何参与SIG + +建立或回复 issue:欢迎通过建立或回复 issue 来讨论。可选择[文档捉虫](https://docs.openeuler.org/zh/)方式快速建立 issue,可查看[活动详情](https://docs-bug.openeuler.sh/)。 + +提交PR:欢迎通过提交PR的方式参与SIG。具体操作方法可参考[PR提交指南](https://gitee.com/openeuler/community/blob/master/zh/contributors/pull-request.md)。 + +提交评论:欢迎在issue或PR中提交评论。 您也可以通过网站文档页的“意见反馈”对文档进行评论。 + +重要的事说三遍:**欢迎提交 PR!欢迎提交 PR!欢迎提交 PR!** + +## 成员 + +### Maintainer 列表 + +- amyMaYun[@amy_mayun](https://gitee.com/amy_mayun) +- hujunjune[@hujunjune](https://gitee.com/hujunjune) +- judithsq[@judithsq](https://gitee.com/judithsq) +- lizhongqian[@lizhongqian](https://gitee.com/lizhongqian) +- echo10111111[@echo10111111](https://gitee.com/echo10111111) + +### 如何联系我们 + +邮件列表: + +IRC:#openeuler-doc diff --git a/docs/.vscode/settings.json b/docs/.vscode/settings.json new file mode 100644 index 0000000000000000000000000000000000000000..95becc00cae37a4c6f9727b247ebd6c3e8961e82 --- /dev/null +++ b/docs/.vscode/settings.json @@ -0,0 +1,18 @@ +{ + "editor.tokenColorCustomizations": { + "textMateRules": [ + { + "scope": "kunpeng.func", + "settings": { + "foreground": "#28a745" + } + }, + { + "scope": "kunpeng.intrinsics", + "settings": { + "foreground": "#28a745" + } + } + ] + } +} \ No newline at end of file diff --git a/docs/en/docs/A-Tune/appendixes.md b/docs/en/docs/A-Tune/appendixes.md index 46f489cac3e98bcc418e368e7f442270d31a13fa..2d776555c04a00f5a7c56e5d8b503925019af32a 100644 --- a/docs/en/docs/A-Tune/appendixes.md +++ b/docs/en/docs/A-Tune/appendixes.md @@ -8,19 +8,13 @@ **Table 1** Terminology - - - - - @@ -28,3 +22,4 @@

Term

Description

workload_type

-

Workload type, which is used to identify a type of service with the same characteristics.

-

profile

+

profile

Set of optimization items and optimal parameter configuration.
+ diff --git a/docs/en/docs/A-Tune/application-scenarios.md b/docs/en/docs/A-Tune/application-scenarios.md index cbac0bf1c1114edc27d3e7c5c936e3711b5f4bd4..ee67a1e86a2c51d11eec00dd4828b2290fa78474 100644 --- a/docs/en/docs/A-Tune/application-scenarios.md +++ b/docs/en/docs/A-Tune/application-scenarios.md @@ -3,10 +3,10 @@ You can use functions provided by A-Tune through the CLI client atune-adm. This chapter describes the functions and usage of the A-Tune client. - [Application Scenarios](#application-scenarios) - - [Overview](#overview-0) + - [Overview](#overview) - [Querying Workload Types](#querying-workload-types) - [list](#list) - - [Workload Type Analysis and Auto Optimization](#workload-type-analysis-and-auto-optimization) + - [Workload Type Analysis and Auto Tuning](#workload-type-analysis-and-auto-tuning) - [analysis](#analysis) - [User-defined Model](#user-defined-model) - [define](#define) @@ -15,9 +15,9 @@ You can use functions provided by A-Tune through the CLI client atune-adm. This - [undefine](#undefine) - [Querying Profiles](#querying-profiles) - [info](#info) - - [Updating a Profile](#updating-a-profile) + - [Updating Profiles](#updating-profiles) - [update](#update) - - [Activating a Profile](#activating-a-profile) + - [Activating Profiles](#activating-profiles) - [profile](#profile) - [Rolling Back Profiles](#rolling-back-profiles) - [rollback](#rollback) @@ -25,37 +25,29 @@ You can use functions provided by A-Tune through the CLI client atune-adm. This - [upgrade](#upgrade) - [Querying System Information](#querying-system-information) - [check](#check) - - [Automatic Parameter Optimization](#automatic-parameter-optimization) + - [Performing Automatic Parameter Tuning](#performing-automatic-parameter-tuning) - [Tuning](#tuning) - - ## Overview -- You can run the **atune-adm help/--help/-h** command to query commands supported by atune-adm. -- All example commands are used in single-node mode. For distributed mode, specify an IP address and port number. For example: +- Run A-Tune as the **root** user. +- You can run the **atune-adm help/--help/-h** command to query commands supported by atune-adm. +- All example commands are used in single-node mode. For distributed mode, specify an IP address and port number. For example: - ``` - # atune-adm -a 192.168.3.196 -p 60001 list + ```shell + atune-adm -a 192.168.3.196 -p 60001 list ``` -- The **define**, **update**, **undefine**, **collection**, **train**, and **upgrade **commands do not support remote execution. -- In the command format, brackets \(\[\]\) indicate that the parameter is optional, and angle brackets \(<\>\) indicate that the parameter is mandatory. The actual parameters prevail. -- In the command format, meanings of each command are as follows: - - **WORKLOAD\_TYPE**: name of a user-defined workload type. For details about the supported workload types, see the query result of the **list** command. - - **PROFILE\_NAME**: user-defined profile name. - - **PROFILE\_PATH**: path of the user-defined profile. - +- The **define**, **update**, **undefine**, **collection**, **train**, and **upgrade** commands do not support remote execution. +- In the command format, brackets \(\[\]\) indicate that the parameter is optional, and angle brackets \(<\>\) indicate that the parameter is mandatory. The actual parameters prevail. ## Querying Workload Types - - ### list #### Function -Query the supported workload types, profiles, and the values of Active. +Query the supported profiles and the values of **Active**. #### Format @@ -63,47 +55,117 @@ Query the supported workload types, profiles, and the values of Active. #### Example +```shell +$ atune-adm list + +Support profiles: ++------------------------------------------------+-----------+ +| ProfileName | Active | ++================================================+===========+ +| arm-native-android-container-robox | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-fio | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-lmbench | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-netperf | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-stream | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-unixbench | false | ++------------------------------------------------+-----------+ +| basic-test-suite-speccpu-speccpu2006 | false | ++------------------------------------------------+-----------+ +| basic-test-suite-specjbb-specjbb2015 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-hdfs-dfsio-hdd | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-hdfs-dfsio-ssd | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-bayesian | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-kmeans | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql1 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql10 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql2 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql3 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql4 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql5 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql6 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql7 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql8 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql9 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-tersort | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-wordcount | false | ++------------------------------------------------+-----------+ +| cloud-compute-kvm-host | false | ++------------------------------------------------+-----------+ +| database-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| database-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| database-mongodb-2p-sysbench | false | ++------------------------------------------------+-----------+ +| database-mysql-2p-sysbench-hdd | false | ++------------------------------------------------+-----------+ +| database-mysql-2p-sysbench-ssd | false | ++------------------------------------------------+-----------+ +| database-postgresql-2p-sysbench-hdd | false | ++------------------------------------------------+-----------+ +| database-postgresql-2p-sysbench-ssd | false | ++------------------------------------------------+-----------+ +| default-default | false | ++------------------------------------------------+-----------+ +| docker-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| docker-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| hpc-gatk4-human-genome | false | ++------------------------------------------------+-----------+ +| in-memory-database-redis-redis-benchmark | false | ++------------------------------------------------+-----------+ +| middleware-dubbo-dubbo-benchmark | false | ++------------------------------------------------+-----------+ +| storage-ceph-vdbench-hdd | false | ++------------------------------------------------+-----------+ +| storage-ceph-vdbench-ssd | false | ++------------------------------------------------+-----------+ +| virtualization-consumer-cloud-olc | false | ++------------------------------------------------+-----------+ +| virtualization-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| virtualization-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| web-apache-traffic-server-spirent-pingpo | false | ++------------------------------------------------+-----------+ +| web-nginx-http-long-connection | true | ++------------------------------------------------+-----------+ +| web-nginx-https-short-connection | false | ++------------------------------------------------+-----------+ ``` -# atune-adm list - -Support WorkloadTypes: -+-----------------------------------+------------------------+-----------+ -| WorkloadType | ProfileName | Active | -+===================================+========================+===========+ -| default | default | true | -+-----------------------------------+------------------------+-----------+ -| webserver | ssl_webserver | false | -+-----------------------------------+------------------------+-----------+ -| big_database | database | false | -+-----------------------------------+------------------------+-----------+ -| big_data | big_data | false | -+-----------------------------------+------------------------+-----------+ -| in-memory_computing | in-memory_computing | false | -+-----------------------------------+------------------------+-----------+ -| in-memory_database | in-memory_database | false | -+-----------------------------------+------------------------+-----------+ -| single_computer_intensive_jobs | compute-intensive | false | -+-----------------------------------+------------------------+-----------+ -| communication | rpc_communication | false | -+-----------------------------------+------------------------+-----------+ -| idle | default | false | -+-----------------------------------+------------------------+-----------+ - -``` - ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->If the value of Active is **true**, the profile is activated. In the example, the profile of the default type is activated. - -## Workload Type Analysis and Auto Optimization - +>![](public_sys-resources/icon-note.gif) **NOTE:** +>If the value of Active is **true**, the profile is activated. In the example, the **web-nginx-http-long-connection** profile is activated. +## Workload Type Analysis and Auto Tuning ### analysis #### Function -Collect real-time statistics from the system to identify and automatically optimize workload types. +Collect real-time statistics from the system to identify and automatically tune workload types. #### Format @@ -121,97 +183,102 @@ Collect real-time statistics from the system to identify and automatically optim

--model, -m

-

Model generated by user-defined training

+

Indicate a new model generated by user self-training

+ + +

--characterization, -c

+ +

Use the default model for application identification without performing automatic tuning

- #### Example -- Use the default model for classification and identification. +- Use the default model to identify applications. - ``` - # atune-adm analysis + ```shell + atune-adm analysis --characterization ``` -- Use the user-defined training model for recognition. +- Use the default model to identify applications and perform automatic tuning. + ```shell + atune-adm analysis ``` - # atune-adm analysis --model /usr/libexec/atuned/analysis/models/new-model.m - ``` + +- Use the user-defined training model to identify applications. + ```shell + atune-adm analysis --model /usr/libexec/atuned/analysis/models/new-model.m + ``` ## User-defined Model A-Tune allows users to define and learn new models. To define a new model, perform the following steps: -1. Run the **define** command to define workload\_type and profile. -2. Run the **collection** command to collect the profile data corresponding to workload\_type. -3. Run the **train** command to train the model. - - - +1. Run the **define** command to define a new profile. +2. Run the **collection** command to collect the system data corresponding to the application. +3. Run the **train** command to train the model. ### define #### Function -Add a user-defined workload type and the corresponding profile optimization item. +Add a user-defined application scenario and the corresponding profile tuning items. #### Format -**atune-adm define** +**atune-adm define** #### Example -Add a workload type. Set workload type to **test\_type**, profile name to **test\_name**, and configuration file of an optimization item to **example.conf**. +Add a profile whose **service_type** is **test_service**, **application_name** is **test_app**, **scenario_name** is **test_scenario**, and the tuning item configuration file is **example.conf**. +```shell +atune-adm define test_service test_app test_scenario ./example.conf ``` -# atune-adm define test_type test_name ./example.conf -``` - -The **example.conf** file can be written as follows \(the following optimization items are optional and are for reference only\). You can also run the **atune-adm info** command to view how the existing profile is written. -``` -[main] -# list its parent profile -[tip] -# the recommended optimization, which should be performed manunaly -[check] -# check the environment -[affinity.irq] -# to change the affinity of irqs -[affinity.task] -# to change the affinity of tasks -[bios] -# to change the bios config -[bootloader.grub2] -# to change the grub2 config -[kernel_config] -# to change the kernel config -[script] -# the script extention of cpi -[sysctl] -# to change the /proc/sys/* config -[sysfs] -# to change the /sys/* config -[systemctl] -# to change the system service config -[ulimit] -# to change the resources limit of user +The **example.conf** file can be written as follows (the following tuning items are optional and are for reference only). You can also run the **atune-adm info** command to view how the existing profile is written. + +```conf + [main] + # list its parent profile + [kernel_config] + # to change the kernel config + [bios] + # to change the bios config + [bootloader.grub2] + # to change the grub2 config + [sysfs] + # to change the /sys/* config + [systemctl] + # to change the system service status + [sysctl] + # to change the /proc/sys/* config + [script] + # the script extension of cpi + [ulimit] + # to change the resources limit of user + [schedule_policy] + # to change the schedule policy + [check] + # check the environment + [tip] + # the recommended optimization, which should be performed manually ``` ### collection #### Function -Collect the global resource usage and OS status information during service running, and save the collected information to a CSV output file as the input dataset for model training. +Collect the global resource usage and OS status during service running and save the collected information to a CSV output file as the input dataset for model training. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- This command depends on the sampling tools such as perf, mpstat, vmstat, iostat, and sar. ->- Currently, only the Kunpeng 920 CPU is supported. You can run the **dmidecode -t processor** command to check the CPU model. +>![](public_sys-resources/icon-note.gif) **NOTE:** +> +>- This command depends on the sampling tools such as perf, mpstat, vmstat, iostat, and sar. +>- Currently, only the Kunpeng 920 processor is supported. You can run the **dmidecode -t processor** command to check the CPU model. #### Format @@ -247,9 +314,9 @@ Collect the global resource usage and OS status information during service runni

Network port used during service running, for example, eth0.

-

--workload_type, -t

+

--app_type, -t

-

Workload type, which is used as a label for training.

+

Mark the application type of the service as a label for training.

--duration, -d

@@ -265,18 +332,17 @@ Collect the global resource usage and OS status information during service runni - #### Example -``` -# atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --workload_type test_type +```shell +atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --app_type test_type ``` ### train #### Function -Use the collected data to train the model. Collect data of at least two workload types during training. Otherwise, an error is reported. +Use the collected data to train the model. Collect data of at least two application types during training. Otherwise, an error is reported. #### Format @@ -289,62 +355,60 @@ Use the collected data to train the model. Collect data of at least two workload | Parameter | Description | | ----------------- | ------------------------------------------------------ | | --data_path, -d | Path for storing CSV files required for model training | - | --output_file, -o | Model generated through training | - + | --output_file, -o | A new model generated during training | #### Example Use the CSV file in the **data** directory as the training input. The generated model **new-model.m** is stored in the **model** directory. -``` -# atune-adm train --data_path /home/data --output_file /usr/libexec/atuned/analysis/models/new-model.m +```shell +atune-adm train --data_path /home/data --output_file /usr/libexec/atuned/analysis/models/new-model.m ``` ### undefine #### Function -Delete a user-defined workload type. +Delete a user-defined profile. #### Format -**atune-adm undefine** +**atune-adm undefine** #### Example -Delete the **test\_type** workload type. +Delete the user-defined profile. -``` -# atune-adm undefine test_type +```shell +atune-adm undefine test_service-test_app-test_scenario ``` ## Querying Profiles - ### info #### Function -View the profile content of a workload type. +View the profile content. #### Format -**atune-adm info** _ +**atune-adm info** #### Example -View the profile content of webserver. +View the profile content of **web-nginx-http-long-connection**. -``` -# atune-adm info webserver +```shell +$ atune-adm info web-nginx-http-long-connection -*** ssl_webserver: +*** web-nginx-http-long-connection: # -# webserver tuned configuration +# nginx http long connection A-Tune configuration # [main] -#TODO CONFIG +include = default-default [kernel_config] #TODO CONFIG @@ -352,11 +416,18 @@ View the profile content of webserver. [bios] #TODO CONFIG +[bootloader.grub2] +iommu.passthrough = 1 + [sysfs] #TODO CONFIG +[systemctl] +sysmonitor = stop +irqbalance = stop + [sysctl] -fs.file-max=6553600 +fs.file-max = 6553600 fs.suid_dumpable = 1 fs.aio-max-nr = 1048576 kernel.shmmax = 68719476736 @@ -384,95 +455,73 @@ net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 -[systemctl] -sysmonitor=stop -irqbalance=stop - -[bootloader.grub2] -selinux=0 -iommu.passthrough=1 - -[tip] -bind your master process to the CPU near the network = affinity -bind your network interrupt to the CPU that has this network = affinity -relogin into the system to enable limits setting = OS - [script] -openssl_hpre = 0 prefetch = off +ethtool = -X {network} hfunc toeplitz [ulimit] {user}.hard.nofile = 102400 {user}.soft.nofile = 102400 -[affinity.task] -#TODO CONFIG - -[affinity.irq] +[schedule_policy] #TODO CONFIG [check] #TODO CONFIG +[tip] +SELinux provides extra control and security features to linux kernel. Disabling SELinux will improve the performance but may cause security risks. = kernel +disable the nginx log = application ``` -   - -## Updating a Profile - -You can update the existing profile as required. - - +## Updating Profiles +You can update the existing profiles as required. ### update #### Function -Update an optimization item of a workload type to the content in the **new.conf** file. +Update the original tuning items in the existing profiles to the content in the **new.conf** file. #### Format -**atune-adm update** +**atune-adm update** #### Example -Update the workload type to **test\_type** and the optimization item of test\_name to **new.conf**. +Change the tuning item of the profile named **test_service-test_app-test_scenario** to **new.conf**. -``` -# atune-adm update test_type test_name ./new.conf +```shell +atune-adm update test_service-test_app-test_scenario ./new.conf ``` -## Activating a Profile +## Activating Profiles ### profile #### Function -Manually activate a profile of a workload type. +Manually activate a profile to make it in the active state. #### Format -**atune-adm profile **_<_WORKLOAD\_TYPE_\>_ +**atune-adm profile** #### Parameter Description -You can run the **list** command to query the supported workload types. +For details about the profile name, see the query result of the **list** command. #### Example -Activate the profile configuration of webserver. +Activate the profile corresponding to **web-nginx-http-long-connection**. -``` -# atune-adm profile webserver +```shell +atune-adm profile web-nginx-http-long-connection ``` ## Rolling Back Profiles -   - - - ### rollback #### Functions @@ -485,16 +534,12 @@ Roll back the current configuration to the initial configuration of the system. #### Example -``` -# atune-adm rollback +```shell +atune-adm rollback ``` ## Updating Database -   - - - ### upgrade #### Function @@ -507,26 +552,20 @@ Update the system database. #### Parameter Description -- DB\_FILE +- DB\_FILE New database file path. - #### Example -The database is updated to **new\_sqlite.db**. +Update the dataset to **new\_sqlite.db**. -``` -# atune-adm upgrade ./new_sqlite.db +```shell +atune-adm upgrade ./new_sqlite.db ``` ## Querying System Information -   - - - - ### check #### Function @@ -539,8 +578,8 @@ Check the CPU, BIOS, OS, and NIC information. #### Example -``` -# atune-adm check +```shell +$ atune-adm check cpu information: cpu:0 version: Kunpeng 920-6426 speed: 2600000000 HZ cores: 64 cpu:1 version: Kunpeng 920-6426 speed: 2600000000 HZ cores: 64 @@ -559,14 +598,11 @@ Check the CPU, BIOS, OS, and NIC information. name: docker0 product: ``` -## Automatic Parameter Optimization - -A-Tune provides the automatic search capability for optimal configurations, eliminating the need for repeated manual parameter adjustment and performance evaluation. This greatly improves the search efficiency of optimal configurations. - +## Performing Automatic Parameter Tuning +A-Tune provides the automatic search capability with the optimal configuration, saving the trouble of manually configuring parameters and performance evaluation. This greatly improves the search efficiency of optimal configurations. - -### Tuning +### tuning #### Function @@ -574,13 +610,14 @@ Use the specified project file to search the dynamic space for parameters and fi #### Format ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->Before running the command, ensure that the following conditions are met: ->1. The YAML configuration file of the server has been edited and placed in the **/etc/atuned/tuning/** directory on the server by the server administrator. ->2. The YAML configuration file of the client has been edited and placed in an arbitrary directory on the client. - **atune-adm tuning** \[OPTIONS\] +>![](public_sys-resources/icon-note.gif) **NOTE:** +>Before running the command, ensure that the following conditions are met: +> +>1. The YAML configuration file on the server has been edited and stored in the **/etc/atuned/tuning/** directory of the atuned service. +>2. The YAML configuration file on the client has been edited and stored on the atuned client. + #### Parameter Description - OPTIONS @@ -601,14 +638,24 @@ Use the specified project file to search the dynamic space for parameters and fi

Specifies the project name in the YAML file to be restored.

+

--restart, -c

+ + +

Performs tuning based on historical tuning results.

+ + +

--detail, -d

+ +

Prints detailed information about the tuning process.

+ + + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >If this parameter is used, the **-p** parameter must be followed by a specific project name and the YAML file of the project must be specified. - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >The preceding two parameters must be used at the same time, and the -p parameter must be followed by the specific project name. - - -- **PROJECT\_YAML**: YAML configuration file of the client. +- **PROJECT\_YAML**: YAML configuration file of the client. #### Configuration Description @@ -672,6 +719,7 @@ Use the specified project file to search the dynamic space for parameters and fi + **Table 2** Description of object configuration items - - - - - - - - @@ -783,21 +831,13 @@ Use the specified project file to search the dynamic space for parameters and fi - - - - -

Name

@@ -740,36 +788,36 @@ Use the specified project file to search the dynamic space for parameters and fi

dtype

This parameter is available only when type is set to discrete. Currently, only int and string are supported.

+

This parameter is available only when type is set to discrete. Currently, int, float and string are supported.

Enumeration

int, string

+

int, float, string

scope

Parameter setting range. This parameter is valid only when type is set to discrete and dtype is set to int, or type is set to continuous.

+

Parameter setting range. This parameter is valid only when type is set to discrete and dtype is set to int or float, or type is set to continuous.

Integer

+

Integer/Float

The value is user-defined and must be within the valid range of this parameter.

step

Parameter value step, which is used when dtype is set to int.

+

Parameter value step, which is used when dtype is set to int or float.

Integer

+

Integer/Float

This value is user-defined.

items

Enumerated value of which the parameter value is not within the scope. This is used when dtype is set to int.

+

Enumerated value of which the parameter value is not within the scope. This is used when dtype is set to int or float.

Integer

+

Integer/Float

The value is user-defined and must be within the valid range of this parameter.

The value is user-defined and must be within the valid range of this parameter.

ref

-

Recommended initial value of the parameter

-

Integer or character string

-

The value is user-defined and must be within the valid range of this parameter.

-
**Table 3** Description of configuration items of a YAML file on the client + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

@@ -817,15 +857,69 @@ Use the specified project file to search the dynamic space for parameters and fi

-

engine

+

Tuning algorithm.

+

Character string

+

"random", "forest", "gbrt", "bayes", "extraTrees"

+

iterations

Number of optimization iterations.

+

Number of tuning iterations.

Integer

≥ 10

random_starts

+

Number of random iterations.

+

Integer

+

< iterations

+

feature_filter_engine

+

Parameter search algorithm, which is used to select important parameters. This parameter is optional.

+

Character string

+

"lhs"

+

feature_filter_cycle

+

Parameter search cycles, which is used to select important parameters. This parameter is used together with feature_filter_engine.

+

Integer

+

-

+

feature_filter_iters

+

Number of iterations for each cycle of parameter search, which is used to select important parameters. This parameter is used together with feature_filter_engine.

+

Integer

+

-

+

split_count

+

Number of evenly selected parameters in the value range of tuning parameters, which is used to select important parameters. This parameter is used together with feature_filter_engine.

+

Integer

+

-

+

benchmark

Performance test script.

@@ -847,6 +941,7 @@ Use the specified project file to search the dynamic space for parameters and fi
+ **Table 4** Description of evaluations configuration item - @@ -911,121 +1006,73 @@ Use the specified project file to search the dynamic space for parameters and fi The following is an example of the YAML file configuration on a server: -``` -project: "example" -maxiterations: 10 +```yaml +project: "compress" +maxiterations: 500 startworkload: "" stopworkload: "" object : - - name : "vm.swappiness" + name : "compressLevel" info : - desc : "the vm.swappiness" - get : "sysctl -a | grep vm.swappiness" - set : "sysctl -w vm.swappiness=$value" - needrestart: "false" + desc : "The compresslevel parameter is an integer from 1 to 9 controlling the level of compression" + get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressLevel=' | awk -F '=' '{print $2}'" + set : "sed -i 's/compressLevel=\\s*[0-9]*/compressLevel=$value/g' /root/A-Tune/examples/tuning/compress/compress.py" + needrestart : "false" type : "continuous" scope : - - 0 - - 10 - ref : 1 - - - name : "irqbalance" - info : - desc : "system irqbalance" - get : "systemctl status irqbalance" - set : "systemctl $value sysmonitor;systemctl $value irqbalance" - needrestart: "false" - type : "discrete" - options: - - "start" - - "stop" - dtype : "string" - ref : "start" - - - name : "net.tcp_min_tso_segs" - info : - desc : "the minimum tso number" - get : "cat /proc/sys/net/ipv4/tcp_min_tso_segs" - set : "echo $value > /proc/sys/net/ipv4/tcp_min_tso_segs" - needrestart: "false" - type : "continuous" - scope: - 1 - - 16 - ref : 2 + - 9 + dtype : "int" - - name : "prefetcher" + name : "compressMethod" info : - desc : "" - get : "cat /sys/class/misc/prefetch/policy" - set : "echo $value > /sys/class/misc/prefetch/policy" - needrestart: "false" + desc : "The compressMethod parameter is a string controlling the compression method" + get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressMethod=' | awk -F '=' '{print $2}' | sed 's/\"//g'" + set : "sed -i 's/compressMethod=\\s*[0-9,a-z,\"]*/compressMethod=\"$value\"/g' /root/A-Tune/examples/tuning/compress/compress.py" + needrestart : "false" type : "discrete" - options: - - "0" - - "15" + options : + - "bz2" + - "zlib" + - "gzip" dtype : "string" - ref : "15" - - - name : "kernel.sched_min_granularity_ns" - info : - desc : "Minimal preemption granularity for CPU-bound tasks" - get : "sysctl kernel.sched_min_granularity_ns" - set : "sysctl -w kernel.sched_min_granularity_ns=$value" - needrestart: "false" - type : "continuous" - scope: - - 5000000 - - 50000000 - ref : 10000000 - - - name : "kernel.sched_latency_ns" - info : - desc : "" - get : "sysctl kernel.sched_latency_ns" - set : "sysctl -w kernel.sched_latency_ns=$value" - needrestart: "false" - type : "continuous" - scope: - - 10000000 - - 100000000 - ref : 16000000 - ``` -   - The following is an example of the YAML file configuration on a client: -``` -project: "example" -iterations : 10 -benchmark : "sh /home/Benchmarks/mysql/tunning_mysql.sh" +```yaml +project: "compress" +engine : "gbrt" +iterations : 20 +random_starts : 10 + +benchmark : "python3 /root/A-Tune/examples/tuning/compress/compress.py" evaluations : - - name: "tps" + name: "time" + info: + get: "echo '$out' | grep 'time' | awk '{print $3}'" + type: "positive" + weight: 20 + - + name: "compress_ratio" info: - get: "echo -e '$out' |grep 'transactions:' |awk '{print $3}' | cut -c 2-" + get: "echo '$out' | grep 'compress_ratio' | awk '{print $3}'" type: "negative" - weight: 100 - threshold: 100 + weight: 80 ``` -   - #### Example -- Perform tuning. +- Perform tuning. - ``` - # atune-adm tuning example-client.yaml + ```shell + atune-adm tuning --project compress --detail compress_client.yaml ``` -- Restore the initial configuration before tuning. The example value is the project name in the YAML file. +- Restore the initial configuration before tuning. The **compress** is the project name in the YAML file. + ```shell + atune-adm tuning --restore --project compress ``` - # atune-adm tuning --restore --project example - ``` - - diff --git a/docs/en/docs/A-Tune/faqs.md b/docs/en/docs/A-Tune/faqs.md index 0a350b3ebf59fe290d0be52a0c9bd838bc54df4a..5b84c03a143f369870c6fdac740b1cc334ba537a 100644 --- a/docs/en/docs/A-Tune/faqs.md +++ b/docs/en/docs/A-Tune/faqs.md @@ -12,35 +12,35 @@ Solution: Collect data of at least two data types for training. Possible cause: -1. Check whether the atuned service is started and check the atuned listening address. +1. Check whether the atuned service is started and check the atuned listening address. - ``` + ```shell # systemctl status atuned - # netstat -nap | atuned + # netstat -nap |grep atuned ``` -2. The firewall blocks the atuned listening port. -3. The HTTP proxy is configured in the system. As a result, the connection fails. +2. The firewall blocks the atuned listening port. +3. The HTTP proxy is configured in the system. As a result, the connection fails. -Solution: +Solution: -1. If the atuned service is not started, run the following command to start the service: +1. If the atuned service is not started, run the following command to start the service: - ``` + ```shell # systemctl start atuned ``` -2. Run the following command on the atuned and atune-adm servers to allow the listening port to receive network packets. In the command, **60001** is the listening port number of the atuned server. +2. Run the following command on the atuned and atune-adm servers to allow the listening port to receive network packets. In the command, **60001** is the listening port number of the atuned server. - ``` + ```shell # iptables -I INPUT -p tcp --dport 60001 -j ACCEPT # iptables -I INPUT -p tcp --sport 60001 -j ACCEPT ``` -1. Run the following command to delete the HTTP proxy or disable the HTTP proxy for the listening IP address without affecting services: +3. Run the following command to delete the HTTP proxy or disable the HTTP proxy for the listening IP address without affecting services: - ``` + ```shell # no_proxy=$no_proxy, Listening IP address ``` @@ -51,7 +51,7 @@ Cause: The hosts file does not contain the localhost information. Solution: Add localhost to the line starting with **127.0.0.1** in the **/etc/hosts** file. -``` +```conf 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ``` diff --git a/docs/en/docs/A-Tune/figures/en-us_image_0227497000.png b/docs/en/docs/A-Tune/figures/en-us_image_0227497000.png index 3df66e5f25177cba7fe65cfb859fab860bfb7b46..7a9bb50f2a3c353a0655dcf9be33b48b773de2cc 100644 Binary files a/docs/en/docs/A-Tune/figures/en-us_image_0227497000.png and b/docs/en/docs/A-Tune/figures/en-us_image_0227497000.png differ diff --git a/docs/en/docs/A-Tune/figures/en-us_image_0227497343.png b/docs/en/docs/A-Tune/figures/en-us_image_0227497343.png index b614ad05d1f687b344f6bc1ff2f7e72938968aee..77133ef93f30fb777696b3915f11ecb0e282d022 100644 Binary files a/docs/en/docs/A-Tune/figures/en-us_image_0227497343.png and b/docs/en/docs/A-Tune/figures/en-us_image_0227497343.png differ diff --git a/docs/en/docs/A-Tune/figures/en-us_image_0245342444.png b/docs/en/docs/A-Tune/figures/en-us_image_0245342444.png new file mode 100644 index 0000000000000000000000000000000000000000..10f0fceb42c00c80ef49decdc0c480eb04c2ca6d Binary files /dev/null and b/docs/en/docs/A-Tune/figures/en-us_image_0245342444.png differ diff --git a/docs/en/docs/A-Tune/getting-to-know-a-tune.md b/docs/en/docs/A-Tune/getting-to-know-a-tune.md index 732048c9023e25a04c245f777a175c33c3fbc731..b06be4eccb698d35e5370e913d2152f6e6668e02 100644 --- a/docs/en/docs/A-Tune/getting-to-know-a-tune.md +++ b/docs/en/docs/A-Tune/getting-to-know-a-tune.md @@ -1,11 +1,9 @@ # Getting to Know A-Tune -- [Getting to Know A-Tune](#getting-to-know-a-tune) - - [Introduction](#introduction) - - [Architecture](#architecture) - - [Supported Features and Service Models](#supported-features-and-service-models) - - +- [Getting to Know A-Tune](#getting-to-know-a-tune) + - [Introduction](#introduction) + - [Architecture](#architecture) + - [Supported Features and Service Models](#supported-features-and-service-models) ## Introduction @@ -19,17 +17,17 @@ To address the preceding challenges, openEuler launches A-Tune. A-Tune is an AI-based engine that optimizes system performance. It uses AI technologies to precisely profile business scenarios, discover and infer business characteristics, so as to make intelligent decisions, match with the optimal system parameter configuration combination, and give recommendations, ensuring the optimal business running status. -![](./figures/en-us_image_0227497000.png) +![](figures/en-us_image_0227497000.png) ## Architecture The following figure shows the A-Tune core technical architecture, which consists of intelligent decision-making, system profile, and interaction system. -- Intelligent decision-making layer: consists of the awareness and decision-making subsystems, which implements intelligent awareness of applications and system optimization decision-making, respectively. -- System profile layer: consists of the labeling and learning subsystems. The labeling subsystem is used to cluster service models, and the learning subsystem is used to learn and classify service models. -- Interaction system layer: monitors and configures various system resources and executes optimization policies. +- Intelligent decision-making layer: consists of the awareness and decision-making subsystems, which implements intelligent awareness of applications and system optimization decision-making, respectively. +- System profile layer: consists of the feature engineering and two-layer classification model. The feature engineering is used to automatically select service features, and the two-layer classification model is used to learn and classify service models. +- Interaction system layer: monitors and configures various system resources and executes optimization policies. -![](./figures/en-us_image_0227497343.png) +![](figures/en-us_image_0227497343.png) ## Supported Features and Service Models @@ -39,141 +37,31 @@ The following figure shows the A-Tune core technical architecture, which consist **Table 1** Feature maturity - -

Name

@@ -879,7 +974,7 @@ Use the specified project file to search the dynamic space for parameters and fi

type

Specifies a positive or negative type of the evaluation result. The value positive indicates that the performance value is minimized, and the value negative indicates that the performance value is maximized.

+

A positive or negative type of the evaluation result. The value positive indicates that the performance value is minimized, and the value negative indicates that the performance value is maximized.

Enumeration

- - - - - - - - - - - - - - - - - -

Feature

-

Maturity

-

Usage Suggestion

-

Auto optimization of 11 applications in seven workload types

-

Tested

-

Pilot

-

User-defined workload types and service models

-

Tested

-

Pilot

-

Automatic parameter optimization

-

Tested

-

Pilot

-
+| Feature | Maturity | Usage Suggestion | +| --------------------------------------------------------- | -------- | ---------------- | +| Auto optimization of 50 applications in 14 workload types | Tested | Pilot | +| User-defined profile and service models | Tested | Pilot | +| Automatic parameter optimization | Tested | Pilot | ### Supported Service Models -Based on the workload characteristics of applications, A-Tune classifies services into seven types. For details about the workload characteristics of each type and the applications supported by A-Tune, see [Table 2](#table2819164611311). +Based on the workload characteristics of applications, A-Tune classifies services into 14 types. For details about the bottleneck of each type and the applications supported by A-Tune, see [Table 2](#table2819164611311). **Table 2** Supported workload types and applications - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Workload

-

Type

-

Workload Characteristic

-

Supported Application

-

default

-

Default type

-

The usage of CPU, memory bandwidth, network, and I/O resources is low.

-

N/A

-

webserver

-

HTTPS application

-

The CPU usage is high.

-

Nginx

-

big_database

-

Database

-
  • Relational database

    Read: The usage of CPU, memory bandwidth, and network is high.

    -

    Write: The usage of I/O is high.

    -
-
  • Non-relational database

    The usage of CPU and I/O is high.

    -
-

MongoDB, MySQL, PostgreSQL, and MariaDB

-

big_data

-

Big data

-

The usage of CPU and I/O is high.

-

Hadoop and Spark

-

in-memory_computing

-

Memory-intensive application

-

The usage of CPU and memory bandwidth is high.

-

SPECjbb2015

-

in-memory_database

-

Computing- and network-intensive application

-

The usage of a single-core CPU is high, and the network usage is high in multi-instance scenarios.

-

Redis

-

single_computer_intensive_jobs

-

Computing-intensive application

-

The usage of a single-core CPU is high, and the usage of memory bandwidth of some subitems is high.

-

SPECCPU2006

-

communication

-

Network-intensive application

-

The usage of CPU and network is high.

-

Dubbo

-

idle

-

System in idle state

-

The system is in idle state and no applications are running.

-

N/A

-
- +| Service Category | Type | Bottleneck | Supported Application | Planned Application | +| ---------------- | ---- | ---------- | --------------------- | ------------------- | +| default | Default type | Low resource usage in terms of cpu, memory, network, and I/O | N/A | N/A | +| webserver | Web application | CPU and network | Nginxd, Apache Traffic Serverd, Tomcatd, Apache Http Serverd, Squidd, Postfixd, lighttpd | N/A | +| ftp server | FTP application | CPU and network | vsftpd, proftpd | N/A | +| database | Database | CPU, memory, and I/O | Mongodb, Mysql, Postgresql, Mariadb, openGauss, tidb, sqlite, QuestDB, influxdb, splunk, Cassandra, Neo4j | N/A | +| distributed data store | Distributed storage | CPU, memory, and I/O | N/A | Storm, GlusterFS, Ceph, Infinispan, Elasticsearch | +| big-data | Big data | CPU and memory | N/A | Hadoop-hdfs, Hadoop-spark, hive | +| middleware | Middleware framework | CPU and network | DDubbo, Zookeeper, kafka, rabbitMQ, activeMQ, rocketMQ, etcd, karafubbo | N/A | +| in-memory-database | In-memory database | Memory and I/O | Redis, Memcached, cachefilesd | N/A | +| operation | O&M tool | CPU and network | Prometheus, Ansible, Puppet, Zabbix | N/A | +| basic-test-suite | Basic test suite | CPU and memory | SPECCPU2006, SPECjbb2015 | N/A | +| hpc | Human genome | CPU, meomry, and I/O | Gatk4 | N/A | +| virtualization | Virtualization | CPU, meomry, and I/O | Consumer-cloud, MariaDB | N/A | +| docker | Container | CPU, meomry, and I/O | MariaDB | N/A | +|others| Others| - | Encryption | N/A| diff --git a/docs/en/docs/A-Tune/installation-and-deployment.md b/docs/en/docs/A-Tune/installation-and-deployment.md index 6b9b5bd530908a0eff76d74de2aa87396bd1df54..9519d77f4570fb92a783ebb3541f7bd219c146ec 100644 --- a/docs/en/docs/A-Tune/installation-and-deployment.md +++ b/docs/en/docs/A-Tune/installation-and-deployment.md @@ -9,67 +9,68 @@ This chapter describes how to install and deploy A-Tune. - [Installation Modes](#installation-modes) - [Installation Procedure](#installation-procedure) - [A-Tune Deployment](#a-tune-deployment) + - [Overview](#overview) - [Starting A-Tune](#starting-a-tune) - - - + - [Starting A-Tune Engine](#starting-a-tune-engine) ## Software and Hardware Requirements ### Hardware Requirement -- Huawei Kunpeng 920 processor +- Huawei Kunpeng 920 processor ### Software Requirement -- OS: openEuler 20.03 LTS +- OS: openEuler 20.03 LTS SP4 ## Environment Preparation -For details about installing an openEuler OS, see _openEuler 20.03 LTS Installation Guide_. +For details about installing an openEuler OS, see the [_openEuler 20.03 LTS SP4 Installation Guide_](../Installation/Installation.md). ## A-Tune Installation -This chapter describes the installation modes and methods of the A-Tune. +This section describes the installation modes and methods of the A-Tune. ### Installation Modes -A-Tune can be installed in single-node or distributed mode. +A-Tune can be installed in single-node, distributed, and cluster modes. -- Single-node mode +- Single-node mode The client and server are installed on the same system. -- Distributed mode +- Distributed mode The client and server are installed on different systems. +- Cluster mode + A cluster consists of a client and more than one servers. The installation modes are as follows: ![](./figures/en-us_image_0231122163.png) -   - ### Installation Procedure To install the A-Tune, perform the following steps: -1. Mount an openEuler ISO file. +1. Mount an openEuler ISO image. - ``` - # mount openEuler-20.03-LTS-aarch64-dvd.iso /mnt + ```shell + mount openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt ``` -2. Configure the local yum source. + > Use the **everything** ISO image. - ``` - # vim /etc/yum.repos.d/local.repo +2. Configure the local Yum source. + + ```shell + vim /etc/yum.repos.d/local.repo ``` The configured contents are as follows: - ``` + ```text [local] name=local baseurl=file:///mnt @@ -77,166 +78,293 @@ To install the A-Tune, perform the following steps: enabled=1 ``` -3. Import the GPG public key of the RPM digital signature to the system. +3. Import the GPG public key of the RPM digital signature to the system. + ```shell + rpm --import /mnt/RPM-GPG-KEY-openEuler ``` - # rpm --import /mnt/RPM-GPG-KEY-openEuler - ``` - -4. Install an A-Tune server. +4. Install an A-Tune server. - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >In this step, both the server and client software packages are installed. For the single-node deployment, skip **Step 5**. - ``` - # yum install atune -y + ```shell + yum install atune -y + yum install atune-engine -y ``` -5. For a distributed mode, install an A-Tune client. +5. For a distributed mode, install an A-Tune client on associated server. - ``` - # yum install atune-client -y + ```shell + yum install atune-client -y ``` -6. Check whether the installation is successful. +6. Check whether the installation is successful. - ``` - # rpm -qa | grep atune + ```shell + $ rpm -qa | grep atune atune-client-xxx atune-db-xxx atune-xxx + atune-engine-xxx ``` If the preceding information is displayed, the installation is successful. - ## A-Tune Deployment -This chapter describes how to deploy A-Tune. - - +This section describes how to deploy A-Tune. ### Overview The configuration items in the A-Tune configuration file **/etc/atuned/atuned.cnf** are described as follows: -- A-Tune service startup configuration +- A-Tune service startup configuration (modify the parameter values as required). + + - **protocol**: Protocol used by the gRPC service. The value can be **unix** or **tcp**. **unix** indicates the local socket communication mode, and **tcp** indicates the socket listening port mode. The default value is **unix**. + - **address**: Listening IP address of the gRPC service. The default value is **unix socket**. If the gRPC service is deployed in distributed mode, change the value to the listening IP address. + - **port**: Listening port of the gRPC server. The value ranges from 0 to 65535. If **protocol** is set to **unix**, you do not need to set this parameter. + - **connect**: IP address list of the nodes where the A-Tune is located when the A-Tune is deployed in a cluster. IP addresses are separated by commas (,). + - **rest_host**: Listening address of the REST service. The default value is localhost. + - **rest_port**: Listening port of the REST service. The value ranges from 0 to 65535. The default value is 8383. + - **engine_host**: IP address for connecting to the A-Tune engine service of the system. + - **engine_port**: Port for connecting to the A-Tune engine service of the system. + - **sample_num**: Number of samples collected when the system executes the analysis process. The default value is 20. + - **interval**: Interval for collecting samples when the system executes the analysis process. The default value is 5s. + - **grpc_tls**: Indicates whether to enable SSL/TLS certificate verification for the gRPC service. By default, this function is disabled. After grpc_tls is enabled, you need to set the following environment variables before running the **atune-adm** command to communicate with the server: + - export ATUNE_TLS=yes + - export ATUNED_CACERT= + - export ATUNED_CLIENTCERT= + - export ATUNED_CLIENTKEY= + - export ATUNED_SERVERCN=server + - **tlsservercafile**: Path of the gPRC server's CA certificate. + - **tlsservercertfile**: Path of the gPRC server certificate. + - **tlsserverkeyfile**: Path of the gPRC server key. + - **rest_tls**: Indicates whether to enable SSL/TLS certificate verification for the REST service. This function is enabled by default. + - **tlsrestcacertfile**: Path of the server's CA certificate of the REST service. + - **tlsrestservercertfile**: Path of the server certificate of the REST service. + - **tlsrestserverkeyfile**: Indicates the key path of the REST service. + - **engine_tls**: Indicates whether to enable SSL/TLS certificate verification for the A-Tune engine service. This function is enabled by default.. + - **tlsenginecacertfile**: Path of the client CA certificate of the A-Tune engine service. + - **tlsengineclientcertfile**: Client certificate path of the A-Tune engine service. + - **tlsengineclientkeyfile**: Client key path of the A-Tune engine service. + +- System information - You can modify the parameter value as required. + System is the parameter information required for system optimization. You must modify the parameter information according to the actual situation. - - **protocol**: Protocol used by the gRPC service. The value can be **unix** or **tcp**. **unix** indicates the local socket communication mode, and **tcp** indicates the socket listening port mode. The default value is **unix**. + - **disk**: Disk information to be collected during the analysis process or specified disk during disk optimization. + - **network**: NIC information to be collected during the analysis process or specified NIC during NIC optimization. + - **user**: User name used for ulimit optimization. Currently, only the user **root** is supported. - - **address**: Listening IP address of the gRPC service. The default value is **unix socket**. If the gRPC service is deployed in distributed mode, change the value to the listening IP address. - - **port**: Listening port of the gRPC server. The value ranges from 0 to 65535. If **protocol** is set to **unix**, you do not need to set this parameter. - - **rest\_port**: Listening port of the system REST service. The value ranges from 0 to 65535. - - **sample\_num**: Number of samples collected when the system executes the analysis process. +- Log information -- System information + Change the log level as required. The default log level is info. Log information is recorded in the **/var/log/messages** file. - System is the parameter information required for system optimization. You must modify the parameter information according to the actual situation. +- Monitor information + + Hardware information that is collected by default when the system is started. - - **disk**: Disk information to be collected during the analysis process or specified disk during disk optimization. - - **network**: NIC information to be collected during the analysis process or specified NIC during NIC optimization. - - **user**: User name used for ulimit optimization. Currently, only the user **root** is supported. - - **tls**: SSL/TLS certificate verification for the gRPC and HTTP services of A-Tune. This is disabled by default. After TLS is enabled, you need to set the following environment variables before running the **atune-adm** command to communicate with the server: - - export ATUNE\_TLS=yes - - export ATUNE\_CLICERT= +- Tuning information - - **tlsservercertfile**: path of the gPRC server certificate. - - **tlsserverkeyfile**: gPRC server key path. - - **tlshttpcertfile**: HTTP server certificate path. - - **tlshttpkeyfile**: HTTP server key path. - - **tlshttpcacertfile**: CA certificate path of the HTTP server. + Tuning is the parameter information required for offline tuning. -- Log information + - **noise**: Evaluation value of Gaussian noise. + - **sel_feature**: Indicates whether to enable the function of generating the importance ranking of offline tuning parameters. By default, this function is disabled. - Change the log path and level based on the site requirements. By default, the log information is stored in **/var/log/messages**. +#### Example -- Monitor information +```text +#################################### server ############################### + # atuned config + [server] + # the protocol grpc server running on + # ranges: unix or tcp + protocol = unix + + # the address that the grpc server to bind to + # default is unix socket /var/run/atuned/atuned.sock + # ranges: /var/run/atuned/atuned.sock or ip address + address = /var/run/atuned/atuned.sock + + # the atune nodes in cluster mode, separated by commas + # it is valid when protocol is tcp + # connect = ip01,ip02,ip03 + + # the atuned grpc listening port + # the port can be set between 0 to 65535 which not be used + # port = 60001 + + # the rest service listening port, default is 8383 + # the port can be set between 0 to 65535 which not be used + rest_host = localhost + rest_port = 8383 + + # the tuning optimizer host and port, start by engine.service + # if engine_host is same as rest_host, two ports cannot be same + # the port can be set between 0 to 65535 which not be used + engine_host = localhost + engine_port = 3838 + + # when run analysis command, the numbers of collected data. + # default is 20 + sample_num = 20 + + # interval for collecting data, default is 5s + interval = 5 + + # enable gRPC authentication SSL/TLS + # default is false + # grpc_tls = false + # tlsservercafile = /etc/atuned/grpc_certs/ca.crt + # tlsservercertfile = /etc/atuned/grpc_certs/server.crt + # tlsserverkeyfile = /etc/atuned/grpc_certs/server.key + + # enable rest server authentication SSL/TLS + # default is true + rest_tls = true + tlsrestcacertfile = /etc/atuned/rest_certs/ca.crt + tlsrestservercertfile = /etc/atuned/rest_certs/server.crt + tlsrestserverkeyfile = /etc/atuned/rest_certs/server.key + + # enable engine server authentication SSL/TLS + # default is true + engine_tls = true + tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt + tlsengineclientcertfile = /etc/atuned/engine_certs/client.crt + tlsengineclientkeyfile = /etc/atuned/engine_certs/client.key + + + #################################### log ############################### + [log] + # either "debug", "info", "warn", "error", "critical", default is "info" + level = info + + #################################### monitor ############################### + [monitor] + # with the module and format of the MPI, the format is {module}_{purpose} + # the module is Either "mem", "net", "cpu", "storage" + # the purpose is "topo" + module = mem_topo, cpu_topo + + #################################### system ############################### + # you can add arbitrary key-value here, just like key = value + # you can use the key in the profile + [system] + # the disk to be analysis + disk = sda + + # the network to be analysis + network = enp189s0f0 + + user = root + + #################################### tuning ############################### + # tuning configs + [tuning] + noise = 0.000000001 + sel_feature = false +``` - Hardware information that is collected by default when the system is started. +The configuration items in the configuration file **/etc/atuned/engine.cnf** of the A-Tune engine are described as follows: + +- Startup configuration of the A-Tune engine service (modify the parameter values as required). + + - **engine_host**: Listening address of the A-Tune engine service. The default value is localhost. + - **engine_port**: Listening port of the A-Tune engine service. The value ranges from 0 to 65535. The default value is 3838. + - **engine_tls**: Indicates whether to enable SSL/TLS certificate verification for the A-Tune engine service. This function is enabled by default. + - **tlsenginecacertfile**: Path of the server CA certificate of the A-Tune engine service. + - **tlsengineservercertfile**: Path of the server certificate of the A-Tune engine service. + - **tlsengineserverkeyfile**: Server key path of the A-Tune engine service. +- Log information + + Change the log level as required. The default log level is info. Log information is recorded in the **/var/log/messages** file. #### Example -``` -#################################### server ############################### -# atuned config -[server] -# the protocol grpc server running on -# ranges: unix or tcp -protocol = unix - -# the address that the grpc server to bind to -# default is unix socket /var/run/atuned/atuned.sock -# ranges: /var/run/atuned/atuned.sock or ip -address = /var/run/atuned/atuned.sock - -# the atuned grpc listening port, default is 60001 -# the port can be set between 0 to 65535 which not be used -port = 60001 - -# the rest service listening port, default is 8383 -# the port can be set between 0 to 65535 which not be used -rest_port = 8383 - -# when run analysis command, the numbers of collected data. -# default is 20 -sample_num = 20 - -# Enable gRPC and http server authentication SSL/TLS -# default is false -# tls = true -# tlsservercertfile = /etc/atuned/server.pem -# tlsserverkeyfile = /etc/atuned/server.key -# tlshttpcertfile = /etc/atuned/http/server.pem -# tlshttpkeyfile = /etc/atuned/http/server.key -# tlshttpcacertfile = /etc/atuned/http/cacert.pem - -#################################### log ############################### -# Either "debug", "info", "warn", "error", "critical", default is "info" -level = info - -#################################### monitor ############################### -[monitor] -# With the module and format of the MPI, the format is {module}_{purpose} -# The module is Either "mem", "net", "cpu", "storage" -# The purpose is "topo" -module = mem_topo, cpu_topo - -#################################### system ############################### -# you can add arbitrary key-value here, just like key = value -# you can use the key in the profile -[system] -# the disk to be analysis -disk = sda - -# the network to be analysis -network = enp189s0f0 - -user = root +```text +#################################### engine ############################### + [server] + # the tuning optimizer host and port, start by engine.service + # if engine_host is same as rest_host, two ports cannot be same + # the port can be set between 0 to 65535 which not be used + engine_host = localhost + engine_port = 3838 + + # enable engine server authentication SSL/TLS + # default is true + engine_tls = true + tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt + tlsengineservercertfile = /etc/atuned/engine_certs/server.crt + tlsengineserverkeyfile = /etc/atuned/engine_certs/server.key + + #################################### log ############################### + [log] + # either "debug", "info", "warn", "error", "critical", default is "info" + level = info ``` ## Starting A-Tune -After the A-Tune is installed, you need to start the A-Tune service. +After A-Tune is installed, you need to configure the A-Tune service before starting it. + +- Configure the A-Tune service. + Modify the network adapter and drive information in the **atuned.cnf** configuration file. + > Note: + > + > If atuned is installed through `make install`, the network adapter and drive information in the configuration file is automatically updated to the default devices on the machine. To collect data from other devices, perform the following steps to configure atuned. -- Start the atuned service. + Run the following command to search for the network adapter that needs to be specified for optimization or data collection, and change the value of **network** in the **/etc/atuned/atuned.cnf** file to the specified network adapter: + ```shell + ip addr ``` - # systemctl start atuned + + Run the following command to search for the drive that need to be specified for optimization or data collection, and change the value of **disk** in the **/etc/atuned/atuned.cnf** file to the specified drive: + + ```shell + fdisk -l | grep dev ``` +- About the certificate: + The A-Tune engine and client use the gRPC communication protocol. Therefore, you need to configure a certificate to ensure system security. For information security purposes, A-Tune does not provide a certificate generation method. You need to configure a system certificate by yourself. + If security is not considered, set **rest_tls** and **engine_tls** in the **/etc/atuned/atuned.cnf** file to **false**, set **engine_tls** in the **/etc/atuned/engine.cnf** file to **false**. + A-Tune is not liable for any consequences incurred if no security certificate is configured. -- To query the status of the atuned service, run the following command: +- Start the atuned service. - ``` - # systemctl status atuned + ```shell + systemctl start atuned + ``` + +- Query the atuned service status. + + ```shell + systemctl status atuned + ``` + + If the following command output is displayed, the service is started successfully: + + ![](./figures/en-us_image_0214540398.png) + +## Starting A-Tune Engine + +To use AI functions, you need to start the A-Tune engine service. + +- Start the atune-engine service. + + ```shell + systemctl start atune-engine ``` - If the following information is displayed, the service is started successfully: +- Query the atune-engine service status. - ![](./figures/en-us_image_0214540398.png) + ```shell + systemctl status atune-engine + ``` + If the following command output is displayed, the service is started successfully: + ![](./figures/en-us_image_0245342444.png) diff --git a/docs/en/docs/Administration/basic-configuration.md b/docs/en/docs/Administration/basic-configuration.md index 617937b9bf1e85b2a9d6ae00f227c3ef2f39678c..5f8bd1e9f8f67be64d430ee0f35bda3989288862 100644 --- a/docs/en/docs/Administration/basic-configuration.md +++ b/docs/en/docs/Administration/basic-configuration.md @@ -1,26 +1,5 @@ # Basic Configuration - - -- [Basic Configuration](#basic-configuration) - - [Setting the System Locale](#setting-the-system-locale) - - [Displaying the Current Locale Status](#displaying-the-current-locale-status) - - [Listing Available Locales](#listing-available-locales) - - [Setting the Locale](#setting-the-locale) - - [Setting the Keyboard Layout](#setting-the-keyboard-layout) - - [Displaying the Current Settings](#displaying-the-current-settings) - - [Listing Available Keyboard Layouts](#listing-available-keyboard-layouts) - - [Setting the Keyboard Layout](#setting-the-keyboard-layout-1) - - [Setting the Date and Time](#setting-the-date-and-time) - - [Using the timedatectl Command](#using-the-timedatectl-command) - - [Using the date Command](#using-the-date-command) - - [Using the hwclock Command](#using-the-hwclock-command) - - [Setting kdump](#setting-kdump) - - [Setting the Memory Reserved for kdump](#setting-the-memory-reserved-for-kdump) - - [Recommended Reserved Memory](#recommended-reserved-memory) - - [Disabling Network Drivers](#disabling-network-drivers) - - ## Setting the System Locale System locale settings are stored in the /etc/locale.conf file and can be modified by the localectl command. These settings are read at system boot by the systemd daemon. @@ -29,13 +8,13 @@ System locale settings are stored in the /etc/locale.conf file and can be modifi To display the current locale status, run the following command: -``` -$ localectl status +```shell +localectl status ``` Example command output: -``` +```shell $ localectl status System Locale: LANG=zh_CN.UTF-8 VC Keymap: cn @@ -46,33 +25,37 @@ $ localectl status To display available locales, run the following command: -``` -$ localectl list-locales +```shell +localectl list-locales ``` You can check that by listing all Chinese locales with the following command: -``` +```shell $ localectl list-locales | grep zh +lzh_TW.UTF-8 zh_CN.UTF-8 +zh_HK.UTF-8 +zh_SG.UTF-8 +zh_TW.UTF-8 ``` ### Setting the Locale -To set the language environment, run the following command as the user **root**. In the command, _locale_ indicates the language type to be set. Run the **localectl list-locales** command to obtain the value range. Change the value based on the site requirements. +To set the language environment, run the following command as the user **root**. In the command, _locale_ indicates the language type to be set. Run the **localectl list-locales** command to obtain the value range. Change the value as required. -``` -# localectl set-locale LANG=locale +```shell +localectl set-locale LANG=locale ``` For example, if you want to use Simplified Chinese as the locale, run the following command as the user **root**: -``` -# localectl set-locale LANG=zh_CN.UTF-8 +```shell +localectl set-locale LANG=zh_CN.UTF-8 ``` > ![](./public_sys-resources/icon-note.gif) **NOTE:** - +> > After the modification, log in again or run the command `source /etc/locale.conf` as the user **root** to update the configuration file for the modification to take effect: ## Setting the Keyboard Layout @@ -83,13 +66,13 @@ Keyboard layout settings are stored in the /etc/locale.conf file and can be modi To display the current keyboard layout settings, run the following command: -``` -$ localectl status +```shell +localectl status ``` Example command output: -``` +```shell $ localectl status System Locale: LANG=zh_CN.UTF-8 VC Keymap: cn @@ -100,30 +83,30 @@ $ localectl status To list all available keyboard layouts that can be configured on openEuler, run the following command: -``` -$ localectl list-keymaps +```shell +localectl list-keymaps ``` For example, the command output of the Chinese keyboard layout is as follows: -``` +```shell $ localectl list-keymaps | grep cn cn ``` ### Setting the Keyboard Layout -To set the keyboard layout, run the following command as the user **root**. In the command, _map_ indicates the keyboard layout to be set. Run the **localectl list-keymaps** command to obtain the value range. Change it based on the site requirements. +To set the keyboard layout, run the following command as the user **root**. In the command, _map_ indicates the keyboard layout to be set. Run the **localectl list-keymaps** command to obtain the value range. Change it as required. -``` -$ localectl set-keymap map +```shell +localectl set-keymap map ``` The keyboard layout will be equally applied to graphical user interfaces. Then you can verify if your setting was successful by checking the status: -``` +```shell $ localectl status System Locale: LANG=zh_CN.UTF-8 VC Keymap: cn @@ -140,18 +123,18 @@ This topic describes how to set the system date, time, and time zone by using ti To display the current date and time, run the following command: -``` -$ timedatectl +```shell +timedatectl ``` Example command output: -``` +```shell $ timedatectl Local time: Mon 2019-09-30 04:05:00 EDT Universal time: Mon 2019-09-30 08:05:00 UTC RTC time: Mon 2019-09-30 08:05:00 - Time zone: America/New_York (EDT, -0400) + Time zone: China Standard Time (CST), UTC +8 System clock synchronized: no NTP service: inactive RTC in local TZ: no @@ -159,73 +142,73 @@ System clock synchronized: no #### Synchronizing the System Clock with a Remote Server -Your system clock can be automatically synchronized with a remote server using the Network Time Protocol (NTP). Run the following command as the user **root** to enable or disable NTP. The value of _boolean_ is **yes** or **no**, indicating that the NTP is enabled or disabled for automatic system clock synchronization. Change the value based on the site requirements. +Your system clock can be automatically synchronized with a remote server using the Network Time Protocol (NTP). Run the following command as the user **root** to enable or disable NTP. The value of _boolean_ is **yes** or **no**, indicating that the NTP is enabled or disabled for automatic system clock synchronization. Change the value as required. > ![](./public_sys-resources/icon-note.gif) **NOTE:** -If the remote NTP server is enabled to automatically synchronize the system clock, you cannot manually change the date and time. If you need to manually change the date or time, ensure that automatic NTP system clock synchronization is disabled. You can run the **timedatectl set-ntp no** command to disable the NTP service. +> If the remote NTP server is enabled to automatically synchronize the system clock, you cannot manually change the date and time. If you need to manually change the date or time, ensure that automatic NTP system clock synchronization is disabled. You can run the **timedatectl set-ntp no** command to disable the NTP service. -``` -# timedatectl set-ntp boolean +```shell +timedatectl set-ntp boolean ``` For example, to enable automatic remote time synchronization, run the following command: -``` -# timedatectl set-ntp yes +```shell +timedatectl set-ntp yes ``` #### Changing the Current Date > ![](./public_sys-resources/icon-note.gif) **NOTE:** -Before changing the date, ensure that automatic NTP system clock synchronization has been disabled. +> Before changing the date, ensure that automatic NTP system clock synchronization has been disabled. -Run the following command as the user **root** to change the current date. In the command, _YYYY_ indicates the year, _MM_ indicates the month, and _DD_ indicates the day. Change them based on the site requirements. +Run the following command as the user **root** to change the current date. In the command, _YYYY_ indicates the year, _MM_ indicates the month, and _DD_ indicates the day. Change them as required. -``` -# timedatectl set-time YYYY-MM-DD +```shell +timedatectl set-time YYYY-MM-DD ``` For example, to change the current date to August 14, 2019, run the following command as the user **root**: -``` -# timedatectl set-time '2019-08-14' +```shell +timedatectl set-time '2019-08-14' ``` #### Changing the Current Time > ![](./public_sys-resources/icon-note.gif) **NOTE:** -Before changing the time, ensure that automatic NTP system clock synchronization has been disabled. +> Before changing the time, ensure that automatic NTP system clock synchronization has been disabled. -To change the current time, run the following command as the user **root**. In the command, _HH_ indicates the hour, _MM_ indicates the minute, and _SS_ indicates the second. Change them based on the site requirements. +To change the current time, run the following command as the user **root**. In the command, _HH_ indicates the hour, _MM_ indicates the minute, and _SS_ indicates the second. Change them as required. -``` -# timedatectl set-time HH:MM:SS +```shell +timedatectl set-time HH:MM:SS ``` For example, to change the current time to 15:57:24, run the following command: -``` -# timedatectl set-time 15:57:24 +```shell +timedatectl set-time 15:57:24 ``` #### Changing the Time Zone To list all available time zones, run the following command: -``` -$ timedatectl list-timezones +```shell +timedatectl list-timezones ``` -To change the current time zone, run the following command as the user **root**. In the command, _time\_zone_ indicates the time zone to be set. Change it based on the site requirements. +To change the current time zone, run the following command as the user **root**. In the command, _time\_zone_ indicates the time zone to be set. Change it as required. -``` -# timedatectl set-timezone time_zone +```shell +timedatectl set-timezone time_zone ``` Imagine you want to identify which time zone is closest to your present location while you are in Asia. You can check that by listing all available time zones in Asia with the following command: -``` -# timedatectl list-timezones | grep Asia +```shell +$ timedatectl list-timezones | grep Asia Asia/Aden Asia/Almaty Asia/Amman @@ -251,8 +234,8 @@ Asia/Tokyo To change the time zone to Asia/Shanghai, run the following command: -``` -# timedatectl set-timezone Asia/Shanghai +```shell +timedatectl set-timezone Asia/Shanghai ``` ### Using the date Command @@ -261,134 +244,91 @@ To change the time zone to Asia/Shanghai, run the following command: To display the current date and time, run the following command: -``` -$ date +```shell +date ``` By default, the **date** command displays the local time. To display the time in Coordinated Universal Time (UTC), run the command with the --utc or -u command line option: -``` -$ date --utc +```shell +date --utc ``` You can also customize the format of the displayed information by providing the + "format" option on the command line: +```shell +date +"format" ``` -$ date +"format" -``` - -**Table 1** Formatting options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Format Option

-

Description

-

%H

-

The hour in the HH format (for example, 17)

-

%M

-

The minute in the MM format (for example, 37)

-

%S

-

The second in the SS format (for example, 25)

-

%d

-

The day of the month in the DD format (for example, 15)

-

%m

-

The month in the MM format (for example, 07)

-

%Y

-

The year in the YYYY format (for example, 2019)

-

%Z

-

The time zone abbreviation (for example, CEST)

-

%F

-

The full date in the YYYY-MM-DD format (for example, 2019-7-15). This option is equal to %Y-%m-%d.

-

%T

-

The full time in the HH:MM:SS format (for example, 18:30:25). This option is equal to %H:%M:%S.

-
+ +**Table 1** Formatting options + +| Format Option | Description | +| :---- | :---- | +| %H | The hour in the HH format (for example, 17) | +| %M | The minute in the MM format (for example, 37) | +| %S | The second in the SS format (for example, 25) | +| %d | The day of the month in the DD format (for example, 15) | +| %m | The month in the MM format (for example, 07) | +| %Y | The year in the YYYY format (for example, 2019) | +| %Z | The time zone abbreviation (for example, CEST) | +| %F | The full date in the YYYY-MM-DD format (for example, 2019-7-15). This option is equal to %Y-%m-%d | +| %T | The full time in the HH:MM:SS format (for example, 18:30:25). This option is equal to %H:%M:%S | + Example commands and outputs: - To display the current date and time: - ``` + ```shell $ date Sat Aug 17 17:26:34 CST 2019 ``` - To display the current date and time in UTC: - ``` + ```shell $ date --utc Sat Aug 17 09:26:18 UTC 2019 ``` - To customize the output of the date command: - ``` + ```shell $ date +"%Y-%m-%d %H:%M" 2019-08-17 17:24 ``` #### Changing the Current Time -To change the current time, run the date command with the --set or -s option as the root user: Run the following command as the user **root**. In the command, _HH_ indicates the hour, _MM_ indicates the minute, and _SS_ indicates the second. Change them based on the site requirements. +To change the current time, run the date command with the --set or -s option as the root user: Run the following command as the user **root**. In the command, _HH_ indicates the hour, _MM_ indicates the minute, and _SS_ indicates the second. Change them as required. -``` -# date --set HH:MM:SS +```shell +date --set HH:MM:SS ``` By default, the date command sets the local time. To set the system clock in UTC instead, run the command with the --utc or -u command line option: -``` -# date --set HH:MM:SS --utc +```shell +date --set HH:MM:SS --utc ``` For example, to change the current time to 23:26:00, run the following command as the user **root**: -``` -# date --set 23:26:00 +```shell +date --set 23:26:00 ``` #### Changing the Current Date -To change the current date, run the command with the --set or -s command line option. Run the following command as the user **root**. In the command, _YYYY_ indicates the year, _MM_ indicates the month, and _DD_ indicates the day. Change them based on the site requirements. +To change the current date, run the command with the --set or -s command line option. Run the following command as the user **root**. In the command, _YYYY_ indicates the year, _MM_ indicates the month, and _DD_ indicates the day. Change them as required. -``` -# date --set YYYY-MM-DD +```shell +date --set YYYY-MM-DD ``` For example, to change the current date to November 2, 2019, run the following command as the user **root**: -``` -# date --set 2019-11-02 +```shell +date --set 2019-11-02 ``` ### Using the hwclock Command @@ -408,29 +348,29 @@ When Linux starts, it reads the RTC and sets the system clock time based on the To display the current RTC date and time, run the following command as the user **root**: -``` -# hwclock +```shell +hwclock ``` Example command output: -``` -# hwclock +```shell +$ hwclock 2019-08-26 10:18:42.528948+08:00 ``` #### Setting the Date and Time -Run the following command as the user **root** to change the date and time of the current hardware. In the command, _dd_ indicates the day, _mm_ indicates the month, _yyyy_ indicates the year, _HH_ indicates the hour, and _MM_ indicates the minute. Change them based on the site requirements. +Run the following command as the user **root** to change the date and time of the current hardware. In the command, _dd_ indicates the day, _mm_ indicates the month, _yyyy_ indicates the year, _HH_ indicates the hour, and _MM_ indicates the minute. Change them as required. -``` -# hwclock --set --date "dd mm yyyy HH:MM" +```shell +hwclock --set --date "dd mm yyyy HH:MM" ``` For example, to change the current time to 21:17 on October 21, 2019, run the following command: -``` -# hwclock --set --date "21 Oct 2019 21:17" --utc +```shell +hwclock --set --date "21 Oct 2019 21:17" --utc ``` ## Setting kdump @@ -457,7 +397,7 @@ The memory reserved for kdump must be added to the bootargs in the **/boot/efi/E | General solution| crashkernel=2048M,high| If the memory size is less than 4 GB, 256 MB is reserved for kdump. If the memory size is greater than 4 GB, 2048 MB is reserved for kdump. 256 + 2048 MB in total.| | Economical solution| crashkernel=1024M,high| If the memory size is less than 4 GB, 256 MB is reserved for kdump. If the memory size is greater than 4 GB, 1024 MB is reserved for kdump. 256 + 1024 MB in total. It is recommended that kdump files not be dumped using the network in scenarios where the system memory size is less than 512 GB. In VM scenarios, you can reduce the reserved memory. You are advised to set crashkernel to 512M or crashkernel to 256M,high.| -> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> ![](./public_sys-resources/icon-note.gif) **NOTE:** > > If kdump files are not dumped using the network, you need to set the kdump file system not to pack network drivers. Loading the network driver requires a large amount of memory. As a result, the memory reserved for kdump may be insufficient and kdump may fail. Therefore, you are advised to disable network drivers. @@ -465,4 +405,58 @@ The memory reserved for kdump must be added to the bootargs in the **/boot/efi/E In the kdump configuration file **/etc/kdump.conf**, the dracut parameters can be used to set the tailored driver module. You can configure the network driver to the tailored driver list to prevent the kdump file system from loading the driver. After the configuration file is modified, restart the kdump service for the modification to take effect. Set the dracut parameters as follows: -`dracut_args --omit-drivers "mdio-gpi usb_8dev et1011c rt2x00usb bcm-phy-lib mac80211_hwsim rtl8723be rndis_host hns3_cae amd vrf rtl8192cu mt76x02-lib int51x1 ppp_deflate team_mode_loadbalance smsc911x aweth bonding mwifiex_usb hnae dnet rt2x00pci vaser_pci hdlc_ppp marvell rtl8xxxu mlxsw_i2c ath9k_htc rtl8150 smc91x cortina at803x rockchip cxgb4 spi_ks8995 mt76x2u smsc9420 mdio-cavium bnxt_en ch9200 dummy macsec ice mt7601u rtl8188ee ixgbevf net1080 liquidio_vf be2net mlxsw_switchx2 gl620a xilinx_gmii2rgmii ppp_generic rtl8192de sja1000_platform ath10k_core cc770_platform realte igb c_can_platform c_can ethoc dm9601 smsc95xx lg-vl600 ifb enic ath9 mdio-octeon ppp_mppe ath10k_pci cc770 team_mode_activebackup marvell10g hinic rt2x00lib mlx4_en iavf broadcom igc c_can_pci alx rtl8192se rtl8723ae microchip lan78xx atl1c rtl8192c-common almia ax88179_178a qed netxen_nic brcmsmac rt2800usb e1000 qla3xxx mdio-bitbang qsemi mdio-mscc-miim plx_pci ipvlan r8152 cx82310_eth slhc mt76x02-usb ems_pci xen-netfront usbnet pppoe mlxsw_minimal mlxsw_spectrum cdc_ncm rt2800lib rtl_usb hnae3 ath9k_common ath9k_hw catc mt76 hns_enet_drv ppp_async huawei_cdc_ncm i40e rtl8192ce dl2 qmi_wwan mii peak_usb plusb can-dev slcan amd-xgbe team_mode_roundrobin ste10Xp thunder_xcv pptp thunder_bgx ixgbe davicom icplus tap tun smsc75xx smsc dlci hns_dsaf mlxsw_core rt2800mmi softing uPD60620 vaser_usb dp83867 brcmfmac mwifiex_pcie mlx4_core micrel team macvlan bnx2 virtio_net rtl_pci zaurus hns_mdi libcxgb hv_netvsc nicvf mt76x0u teranetics mlxfw cdc_eem qcom-emac pppox mt76-usb sierra_net i40evf bcm87xx mwifiex pegasus rt2x00mmi sja1000 ena hclgevf cnic cxgb4vf ppp_synctty iwlmvm team_mode_broadcast vxlan vsockmon hdlc_cisc rtl8723-common bsd_comp fakelb dp83822 dp83tc811 cicada fm10 8139t sfc hs geneve hclge xgene-enet-v2 cdc_mbim hdlc asix netdevsim rt2800pci team_mode_random lxt ems_usb mlxsw_pci sr9700 mdio-thunder mlxsw_switchib macvtap atlantic cdc_ether mcs7830 nicpf mdi peak_pci atl1e cdc_subset ipvtap btcoexist mt76x0-common veth slip iwldvm bcm7xxx vitesse netconsole epic100 myri10ge r8169 qede microchip_t1 liquidi bnx2x brcmutil mwifiex_sdi mlx5_core rtlwifi vmxnet3 nlmon hns3 hdlc_raw esd_usb2 atl2 mt76x2-common iwlwifi mdio-bcm-unimac national ath rtwpci rtw88 nfp rtl8821ae fjes thunderbolt-net 8139cp atl1 mscc vcan dp83848 dp83640 hdlc_fr e1000e ipheth net_failover aquantia rtl8192ee igbvf rocker intel-xway tg3" --omit "ramdisk network ifcfg qemu-net" --install "chmod" --nofscks` \ No newline at end of file +`dracut_args --omit-drivers "mdio-gpi usb_8dev et1011c rt2x00usb bcm-phy-lib mac80211_hwsim rtl8723be rndis_host hns3_cae amd vrf rtl8192cu mt76x02-lib int51x1 ppp_deflate team_mode_loadbalance smsc911x aweth bonding mwifiex_usb hnae dnet rt2x00pci vaser_pci hdlc_ppp marvell rtl8xxxu mlxsw_i2c ath9k_htc rtl8150 smc91x cortina at803x rockchip cxgb4 spi_ks8995 mt76x2u smsc9420 mdio-cavium bnxt_en ch9200 dummy macsec ice mt7601u rtl8188ee ixgbevf net1080 liquidio_vf be2net mlxsw_switchx2 gl620a xilinx_gmii2rgmii ppp_generic rtl8192de sja1000_platform ath10k_core cc770_platform realte igb c_can_platform c_can ethoc dm9601 smsc95xx lg-vl600 ifb enic ath9 mdio-octeon ppp_mppe ath10k_pci cc770 team_mode_activebackup marvell10g hinic rt2x00lib mlx4_en iavf broadcom igc c_can_pci alx rtl8192se rtl8723ae microchip lan78xx atl1c rtl8192c-common almia ax88179_178a qed netxen_nic brcmsmac rt2800usb e1000 qla3xxx mdio-bitbang qsemi mdio-mscc-miim plx_pci ipvlan r8152 cx82310_eth slhc mt76x02-usb ems_pci xen-netfront usbnet pppoe mlxsw_minimal mlxsw_spectrum cdc_ncm rt2800lib rtl_usb hnae3 ath9k_common ath9k_hw catc mt76 hns_enet_drv ppp_async huawei_cdc_ncm i40e rtl8192ce dl2 qmi_wwan mii peak_usb plusb can-dev slcan amd-xgbe team_mode_roundrobin ste10Xp thunder_xcv pptp thunder_bgx ixgbe davicom icplus tap tun smsc75xx smsc dlci hns_dsaf mlxsw_core rt2800mmi softing uPD60620 vaser_usb dp83867 brcmfmac mwifiex_pcie mlx4_core micrel team macvlan bnx2 virtio_net rtl_pci zaurus hns_mdi libcxgb hv_netvsc nicvf mt76x0u teranetics mlxfw cdc_eem qcom-emac pppox mt76-usb sierra_net i40evf bcm87xx mwifiex pegasus rt2x00mmi sja1000 ena hclgevf cnic cxgb4vf ppp_synctty iwlmvm team_mode_broadcast vxlan vsockmon hdlc_cisc rtl8723-common bsd_comp fakelb dp83822 dp83tc811 cicada fm10 8139t sfc hs geneve hclge xgene-enet-v2 cdc_mbim hdlc asix netdevsim rt2800pci team_mode_random lxt ems_usb mlxsw_pci sr9700 mdio-thunder mlxsw_switchib macvtap atlantic cdc_ether mcs7830 nicpf mdi peak_pci atl1e cdc_subset ipvtap btcoexist mt76x0-common veth slip iwldvm bcm7xxx vitesse netconsole epic100 myri10ge r8169 qede microchip_t1 liquidi bnx2x brcmutil mwifiex_sdi mlx5_core rtlwifi vmxnet3 nlmon hns3 hdlc_raw esd_usb2 atl2 mt76x2-common iwlwifi mdio-bcm-unimac national ath rtwpci rtw88 nfp rtl8821ae fjes thunderbolt-net 8139cp atl1 mscc vcan dp83848 dp83640 hdlc_fr e1000e ipheth net_failover aquantia rtl8192ee igbvf rocker intel-xway tg3" --omit "ramdisk network ifcfg qemu-net" --install "chmod" --nofscks` + +## Setting the Disk Scheduling Algorithm + +This section describes how to set the disk scheduling algorithm. + +### Temporarily Modifying the Scheduling Policy + +For example, if all I/O scheduling algorithms are changed to **mq-deadline**, the modification becomes invalid after the system is restarted. + +```shell +echo mq-deadline > /sys/block/sd*/queue/scheduler +``` + +### Permanently Setting the Scheduling Policy + +You can add **elevator=mq-deadline** to the kernel line in the kernel boot configuration file **grub.cfg**. The setting takes effect after the system is restarted. + +```shell +linux /vmlinuz-4.19.90-2003.4.0.0036.oe1.x86_64 root=/dev/mapper/openeuler-root ro resume=/dev/mapper/openeuler-swap rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap quiet crashkernel=512M elevator=mq-deadline +``` + +## Setting the NMI Watchdog + +The non-maskable interrupt (NMI) is the highest priority interrupt in the system. The NMI watchdog can be used to detect server suspension events and trigger the server reboot after fault information is collected. According to the lab test results of the openEuler QA team, when the NMI watchdog is enabled, NMI occasionally generates a large number of interrupts and deteriorates the server performance. Therefore, properly enable the NMI watchdog function. + +Note: The following NMI watchdog settings apply only to hardware servers whose compatibility has been verified by the openEuler community. For other types of servers and VMs, the NMI watchdog settings are for reference only. + +1. Run the following command to display the current NMI watchdog configuration status: + + ```shell + $ sudo sysctl kernel.nmi_watchdog + kernel.nmi_watchdog = 0 + ``` + +2. Run the following command to set the NMI watchdog parameters: + + ```shell + sudo sysctl -w kernel.nmi_watchdog=1 + ``` + + Value **1**: enabled; Value **0**: disabled + +3. Run the following command to display the kernel log print level: + + ```shell + $ sysctl kernel.printk + kernel.printk = 4 4 1 7 + ``` + + To change the kernel log print level, modify **/etc/sysctl.d/21-openEuler.conf** and run the following command: + + ```shell + sysctl -p /etc/sysctl.d/21-openEuler.conf + ``` diff --git a/docs/en/docs/Administration/configuring-the-ftp-server.md b/docs/en/docs/Administration/configuring-the-ftp-server.md index e841f0f63bc612e9e07973d8ae8e67c8f11cd14d..59b58f4b8c89890e168d475c7097e58a504f869f 100644 --- a/docs/en/docs/Administration/configuring-the-ftp-server.md +++ b/docs/en/docs/Administration/configuring-the-ftp-server.md @@ -34,7 +34,7 @@ File Transfer Protocol \(FTP\) is one of the earliest transmission protocols on - Subscriber classification - By default, the FTP server classifies users into real users, guest users, and anonymous users based on the login status. The three types of users have different access permissions. Real users have complete access permissions, while anonymous users have only the permission to downloading resources. + By default, the FTP server classifies users into real users, guest users, and anonymous users based on the login status. The three types of users have different access permissions. Real users have complete access permissions; guest users have the permission to access specified directories; and anonymous users have only the permission to downloading resources. - Command records and log file records diff --git a/docs/en/docs/Administration/configuring-the-network.md b/docs/en/docs/Administration/configuring-the-network.md index f3d54c7151a748c0fbfbbc8787d387797339f0e4..a7e5dd36fe9cb411a47bdc6e06891409c1a91ca7 100644 --- a/docs/en/docs/Administration/configuring-the-network.md +++ b/docs/en/docs/Administration/configuring-the-network.md @@ -1,81 +1,57 @@ # Configuring the Network - - -- [Configuring the Network](#configuring-the-network) - - [Configuring an IP Address](#configuring-an-ip-address) - - [Using the nmcli Command](#using-the-nmcli-command) - - [Using the ip Command](#using-the-ip-command) - - [Configuring the Network Through the ifcfg File](#configuring-the-network-through-the-ifcfg-file) - - [Configuring a Host Name](#configuring-a-host-name) - - [Introduction](#introduction) - - [Configuring a Host Name by Running the **hostnamectl** Command](#configuring-a-host-name-by-running-the-hostnamectl-command) - - [Configuring a Host Name by Running the nmcli Command](#configuring-a-host-name-by-running-the-nmcli-command) - - [Configuring Network Bonding](#configuring-network-bonding) - - [Running the nmcli Command](#running-the-nmcli-command) - - [Configuring Network Bonding by Using a Command Line](#configuring-network-bonding-by-using-a-command-line) - - [IPv6 Differences \(vs IPv4\)](#ipv6-differences-vs-ipv4) - - [Restrictions](#restrictions) - - [Configuration Description](#configuration-description) - - [FAQ](#faq) - - - ## Configuring an IP Address - - ### Using the nmcli Command ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The network configuration configured by running the **nmcli** command takes effect immediately and will not be lost after the system restarts. - #### Introduction to nmcli **nmcli** \(NetworkManager Command Line Interface\) is the command-line utility to configure networking through NetworkManager. The basic format of using **nmcli** is as follows: -``` - nmcli [OPTIONS] OBJECT { COMMAND | help } +```shell +nmcli [OPTIONS] OBJECT { COMMAND | help } ``` In the preceding command, **OBJECT** can be one of the following options: **general**, **networking**, **radio**, **connection**, and **device**. **OPTIONS** can be optional options, such as **-t**, **\-\-terse** \(for script processing\),**-p**, **\-\-pretty** \(for human-readable output\), **-h**, and **\-\-help**. For more information, run the **nmcli help** command. -``` -$ nmcli help +```shell +nmcli help ``` Common commands are listed as follows: -- To display the general status of NetworkManager, run the following command: +- To display the general status of NetworkManager, run the following command: - ``` - $ nmcli general status + ```shell + nmcli general status ``` -- To display all connections, run the following command: +- To display all connections, run the following command: - ``` - $ nmcli connection show + ```shell + nmcli connection show ``` -- To display the current active connections only, add the **-a** or **\-\-active** option as follows: +- To display the current active connections only, add the **-a** or **\-\-active** option as follows: - ``` - $ nmcli connection show --active + ```shell + nmcli connection show --active ``` -- To display the device identified by NetworkManager and its connection status, run the following command: +- To display the device identified by NetworkManager and its connection status, run the following command: - ``` - $ nmcli device status + ```shell + nmcli device status ``` -- To start or stop network interfaces, for example, run the nmcli commands as the **root** user: +- To start or stop network interfaces, for example, run the nmcli commands as the **root** user: - ``` - # nmcli connection up id enp3s0 - # nmcli device disconnect enp3s0 + ```shell + nmcli connection up id enp3s0 + nmcli device disconnect enp3s0 ``` #### Device Management @@ -84,25 +60,25 @@ Common commands are listed as follows: Run the following command to connect NetworkManager to the corresponding network device. Try to find the proper connection configuration and activate it. + ```shell + nmcli device connect "$IFNAME" ``` - $nmcli device connect "$IFNAME" - ``` - -> If the corresponding connection configuration does not exist, NetworkManager creates and activates a configuration file with default settings. + +> If the corresponding connection configuration does not exist, NetworkManager creates and activates a configuration file with default settings. ##### Disconnecting to a Device -Run the following command to disconnect NetworkManager with the network device and prevent the device from being automatically activated. +Run the following command to disconnect NetworkManager with the network device and prevent the device from being automatically activated. - ``` - $nmcli device disconnect "$IFNAME" + ```shell + nmcli device disconnect "$IFNAME" ``` #### Setting Network Connections Run the following command to display all the available network connections: -``` +```shell $ nmcli con show @@ -112,12 +88,12 @@ enp3s0 c88d7b69-f529-35ca-81ab-aa729ac542fd ethernet enp3s0 virbr0 ba552da6-f014-49e3-91fa-ec9c388864fa bridge virbr0 ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >In the command output, **NAME** indicates the connection ID \(name\). After a network connection is added, the corresponding configuration file is generated and associated with the corresponding device. To check for available devices, run the following command: -``` +```shell $ nmcli dev status DEVICE TYPE STATE CONNECTION @@ -128,37 +104,37 @@ lo loopback unmanaged -- virbr0-nic tun unmanaged -- ``` - - ##### Configuring Dynamic IP Connections ###### Configuring IP Addresses + When DHCP is used to allocate a network, run the following command to add a network configuration file: -``` +```shell nmcli connection add type ethernet con-name connection-name ifname interface-name ``` For example, to create a dynamic connection configuration file named **net-test**, run the following command as the **root** user: -``` -# nmcli connection add type ethernet con-name net-test ifname enp3s0 +```shell +$ nmcli connection add type ethernet con-name net-test ifname enp3s0 Connection 'net-test' (a771baa0-5064-4296-ac40-5dc8973967ab) successfully added. ``` The NetworkManager sets **connection.autoconnect** to **yes** and saves the setting to the **/etc/sysconfig/network-scripts/ifcfg-net-test** file. In the **/etc/sysconfig/network-scripts/ifcfg-net-test** file, **ONBOOT** is set to **yes**. ###### Activating a Connection and Checking Device Connection Status + Run the following command as the **root** user to activate a network connection: -``` -# nmcli con up net-test +```shell +$ nmcli con up net-test Connection successfully activated (D-Bus active path:/org/freedesktop/NetworkManager/ActiveConnection/5) ``` Run the following command to check the connection status of devices: -``` +```shell $ nmcli device status DEVICE TYPE STATE CONNECTION @@ -172,25 +148,26 @@ virbr0-nic tun unmanaged -- ##### Configuring Static IP Connections ###### Configuring IP Addresses + To add a static IPv4 network connection, run the following command: -``` +```shell nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >To add an IPv6 address and related gateway information, use the **ip6** and **gw6** options. For example, to create a static connection configuration file named **net-static**, run the following command as the **root** user: -``` -# nmcli con add type ethernet con-name net-static ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 +```shell +nmcli con add type ethernet con-name net-static ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 ``` You can also specify the IPv6 address and gateway for the device. The following is an example: -``` -# nmcli con add type ethernet con-name test-lab ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 ip6 abbe::**** gw6 2001:***::* +```shell +$ nmcli con add type ethernet con-name test-lab ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 ip6 abbe::**** gw6 2001:***::* Connection 'net-static' (63aa2036-8665-f54d-9a92-c3035bad03f7) successfully added. ``` @@ -198,27 +175,28 @@ The NetworkManager sets the internal parameter **ipv4.method** to **manual**, Run the following command as the **root** user to set IPv4 addresses of two DNS servers: -``` -# nmcli con mod net-static ipv4.dns "*.*.*.* *.*.*.*" +```shell +nmcli con mod net-static ipv4.dns "*.*.*.* *.*.*.*" ``` Run the following command as the **root** user to set IPv6 addresses of two DNS servers: -``` -# nmcli con mod net-static ipv6.dns "2001:4860:4860::**** 2001:4860:4860::****" +```shell +nmcli con mod net-static ipv6.dns "2001:4860:4860::**** 2001:4860:4860::****" ``` ###### Activating a Connection and Checking Device Connection Status + Run the following command as the **root** user to activate a network connection: -``` -# nmcli con up net-static ifname enp3s0 +```shell +$ nmcli con up net-static ifname enp3s0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6) ``` Run the following command to check the connection status of devices: -``` +```shell $ nmcli device status DEVICE TYPE STATE CONNECTION @@ -231,7 +209,7 @@ virbr0-nic tun unmanaged -- Run the following command to view the connection details \(with the **-p** and **\-\-pretty** options to add the title and segment to the output\): -``` +```shell $ nmcli -p con show net-static =============================================================================== Connection profile details (net-static ) @@ -262,79 +240,78 @@ connection.llmnr: -1 (default) ``` ##### Adding a Wi-Fi Connection + You can add the Wi-Fi connection using either of the following methods: -**Method 1: Connect to the Wi-Fi network using a network port.** +**Method 1: Connect to the Wi-Fi network using a network port.** Connect to the Wi-Fi network specified by the SSID or BSSID. Run the following command to find a matching connection or create a connection, and then activate the connection on the device. -``` -$ nmcli device wifi connect "$SSID" password -$ PASSWORD" ifname "$IFNAME" -$ nmcli --ask device wifi connect "$SSID" +```shell +nmcli device wifi connect "$SSID" password "$PASSWORD" ifname "$IFNAME" +nmcli --ask device wifi connect "$SSID" ``` **Method 2: Connect to the Wi-Fi network using the configuration file.** 1,Run the following command to check for available Wi-Fi access points: -``` -$ nmcli dev wifi list +```shell +nmcli dev wifi list ``` 2,Run the following command to generate a static IP address configuration that allows Wi-Fi connections automatically allocated by the DNS: -``` -$ nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1 +```shell +nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1 ``` 3,Run the following command to set a WPA2 password, for example, **answer**: -``` -$ nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk -$ nmcli con modify Wifi wifi-sec.psk answer +```shell +nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk +nmcli con modify Wifi wifi-sec.psk answer ``` 4,Run the following command to change the Wi-Fi status: -``` -$ nmcli radio wifi [ on | off ] +```shell +nmcli radio wifi [ on | off ] ``` ##### Modifying Attributes Run the following command to check a specific attribute, for example, mtu: -``` +```shell $ nmcli connection show id 'Wifi ' | grep mtu 802-11-wireless.mtu: auto ``` Run the following command to modify the attribute: -``` -$ nmcli connection modify id 'Wifi ' 802-11-wireless.mtu 1350 +```shell +nmcli connection modify id 'Wifi ' 802-11-wireless.mtu 1350 ``` Run the following command to confirm the modification: -``` +```shell $ nmcli connection show id 'Wifi ' | grep mtu 802-11-wireless.mtu: 1350 ``` #### Configuring a Static Route -- Run the nmcli command to configure a static route for a network connection: +- Run the nmcli command to configure a static route for a network connection: - ``` - $ nmcli connection modify enp3s0 +ipv4.routes "192.168.122.0/24 10.10.10.1" + ```shell + nmcli connection modify enp3s0 +ipv4.routes "192.168.122.0/24 10.10.10.1" ``` +- Run the following command to configure the static route using the editor: -- Run the following command to configure the static route using the editor: - - ``` + ```shell $ nmcli con edit type ethernet con-name enp3s0 ===| nmcli interactive connection editor |=== Adding a new '802-3-ethernet' connection @@ -350,33 +327,37 @@ $ nmcli connection show id 'Wifi ' | grep mtu nmcli> quit ``` +- Run the following command to activate the connection for the configuration to take effect: + + ```shell + nmcli con up enp3s0 + ``` ### Using the ip Command ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The network configuration configured using the **ip** command takes effect immediately, but the configuration will be lost after the system restarts. - - #### Configuring IP Addresses Run the **ip** command to configure an IP address for the interface. The command format is as follows, where _interface-name_ indicates the NIC name. -``` +```shell ip addr [ add | del ] address dev interface-name ``` ##### Configuring a Static IP Address + Run the following command as the **root** user to configure an IP address: -``` -# ip address add 192.168.0.10/24 dev enp3s0 +```shell +ip address add 192.168.0.10/24 dev enp3s0 ``` Run the following command as the **root** user to view the configuration result: -``` -# ip addr show dev enp3s0 +```shell +$ ip addr show dev enp3s0 2: enp3s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff inet 192.168.202.248/16 brd 192.168.255.255 scope global dynamic noprefixroute enp3s0 @@ -388,12 +369,13 @@ Run the following command as the **root** user to view the configuration result: ``` ##### Configuring Multiple IP Addresses + The **ip** command can be used to assign multiple IP addresses to an interface. You can run the **ip** command multiple times as the **root** user to assign IP addresses to an interface. The following is an example: -``` -# ip address add 192.168.2.223/24 dev enp4s0 -# ip address add 192.168.4.223/24 dev enp4s0 -# ip addr +```shell +$ ip address add 192.168.2.223/24 dev enp4s0 +$ ip address add 192.168.4.223/24 dev enp4s0 +$ ip addr 3: enp4s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff @@ -409,16 +391,16 @@ The **ip** command can be used to assign multiple IP addresses to an interface #### Configuring a Static Route -To add a static route to the routing table, run the **ip route add** command. To delete a route, run the **ip route del** command. The following shows the common format of the **ip route** command: +To add a static route to the routing table, run the **ip route add** command. To delete a route, run the **ip route del** command. The following shows the common format of the **ip route** command: -``` +```shell ip route [ add | del | change | append | replace ] destination-address ``` To display the current IP routing table, run the **ip route** command as the **root** user. The following is an example: -``` -# ip route +```shell +$ ip route default via 192.168.0.1 dev enp3s0 proto dhcp metric 100 default via 192.168.0.1 dev enp4s0 proto dhcp metric 101 @@ -429,7 +411,7 @@ default via 192.168.0.1 dev enp4s0 proto dhcp metric 101 To add a static route to the host address, run the following command as the **root** user: -``` +```shell ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name] ``` @@ -437,7 +419,7 @@ In the preceding command, **192.168.2.1** is the IP address in the dot-decimal To add a static route to the network, that is, an IP address that represents an IP address range, run the following command as the **root** user: -``` +```shell ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name] ``` @@ -445,13 +427,14 @@ In the preceding command, **192.168.2.1** is the IP address of the target netw ### Configuring the Network Through the ifcfg File ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->The network configured in the **ifcfg** file does not take effect immediately. You need to run the **systemctl reload NetworkManager** command as the **root** user to restart the network service for the configuration to take effect. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>The network configured in the **ifcfg** file does not take effect immediately. You need to run the **systemctl restart NetworkManager** command as the **root** user to restart the network service for the configuration to take effect. #### Configuring a Static Network + The following uses the **enp4s0** network interface as an example to describe how to configure a static network by modifying the **ifcfg** file as the **root** user. The **ifcfg-enp4s0** file is generated in the **/etc/sysconfig/network-scripts/** directory. Modify the following parameters in the file: -``` +```text TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no @@ -472,9 +455,10 @@ ONBOOT=yes ``` #### Configuring a Dynamic Network + The following uses the **em1** network interface as an example to describe how to configure a dynamic network by modifying the **ifcfg** file. The **ifcfg-em1** file is generated in the **/etc/sysconfig/network-scripts/** directory. Modify the following parameters in the file: -``` +```text DEVICE=em1 BOOTPROTO=dhcp ONBOOT=yes @@ -482,19 +466,19 @@ ONBOOT=yes To configure an interface to send different host names to the DHCP server, add the following content to the **ifcfg** file: -``` +```text DHCP_HOSTNAME=hostname ``` To configure an interface to ignore the routes sent by the DHCP server to prevent network services from updating the /etc/resolv.conf file using the DNS server received from the DHCP server, add the following content to the **ifcfg** file: -``` +```text PEERDNS=no ``` To configure an interface to use a specific DNS server, set the **PEERDNS** parameter to **no** and add the following content to the **ifcfg** file: -``` +```text DNS1=ip-address DNS2=ip-address ``` @@ -502,158 +486,159 @@ DNS2=ip-address **ip-address** is the IP address of the DNS server. This allows the network service to update the **/etc/resolv.conf** file using the specified DNS server. #### Default Gateway Configuration + When determining the default gateway, parse the **/etc/sysconfig/network** file and then the **ifcfg** file, and uses the value of **GATEWAY** that is read last as the default route in the routing table. In a dynamic network environment, when the NetworkManager is used to manage hosts, you are advised to set the default gateway to DHCP assignment. ## Configuring a Host Name - - ### Introduction There are three types of host names: **static**, **transient**, and **pretty**. -- **static**: Static host name, which can be set by users and saved in the **/etc/hostname** file. -- **transient**: Dynamic host name, which is maintained by the kernel. The initial value is a static host name. The default value is **localhost**. The value can be changed when the DHCP or mDNS server is running. -- **pretty**: Flexible host name, which can be set in any form \(including special characters/blanks\). Static and transient host names are subject to the general domain name restrictions. +- **static**: Static host name, which can be set by users and saved in the **/etc/hostname** file. +- **transient**: Dynamic host name, which is maintained by the kernel. The initial value is a static host name. The default value is **localhost**. The value can be changed when the DHCP or mDNS server is running. +- **pretty**: Flexible host name, which can be set in any form \(including special characters/blanks\). Static and transient host names are subject to the general domain name restrictions. ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Static and transient host names can contain only letters \(a–z and A–Z\), digits \(0–9\), hyphens \(-\), underlines \(\_\), and periods \(.\). The host names cannot start or end with a period \(.\) or contain two consecutive periods \(.\). The host name can contain a maximum of 64 characters. -### Configuring a Host Name by Running the **hostnamectl** Command +### Configuring a Host Name by Running the hostnamectl Command #### Viewing All Host Names + Run the following command to view the current host name: -``` -$ hostnamectl status +```shell +hostnamectl status ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If no option is specified in the command, the **status** option is used by default. #### Setting All Host Names + Run the following command as the **root** user to set all host names: -``` -# hostnamectl set-hostname name +```shell +hostnamectl set-hostname name ``` #### Setting a Specific Host Name + Run the following command as the **root** user to set a specific host name: -``` -# hostnamectl set-hostname name [option...] +```shell +hostnamectl set-hostname name [option...] ``` The option may be one or more of **\-\-pretty**, **\-\-static**, and **\-\-transient**. If **\-\-static** or **\-\-transient** is used together with **\-\-pretty**, the host names of the **static** or **transient** type will be simplified to the host names of the **pretty** type with spaces replaced with hyphens \(-\) and special characters deleted. -When setting a host name of the **pretty** type, use quotation marks if the host name contains spaces or single quotation marks. An example is as follows: +When setting a host name of the **pretty** type, use double quotation marks if the host name contains spaces or single quotation marks. An example is as follows: -``` -# hostnamectl set-hostname "Stephen's notebook" --pretty +```shell +hostnamectl set-hostname "Stephen's notebook" --pretty ``` #### Clearing a Specific Host Name + To clear a specific host name and restore it to the default format, run the following command as the **root** user: -``` -# hostnamectl set-hostname "" [option...] +```shell +hostnamectl set-hostname "" [option...] ``` In the preceding command, **""** is a blank character string, and the _option_ may be one or more of **\-\-pretty**, **\-\-static**, and **\-\-transient**. #### Remotely Changing a Host Name + To change the host name in a remote system, run the **hostnamectl** command as the **root** user with the **-H** or **\-\-host** option. -``` -# hostnamectl set-hostname -H [username]@hostname new_hostname +```shell +hostnamectl set-hostname -H [username]@hostname new_hostname ``` -In the preceding command, _hostname_ indicates the name of the remote host to be configured, _username_ indicates the user-defined name, and *new\_hostname* indicates the new host name. **hostnamectl** is used to connect to the remote system through SSH. +In the preceding command, _hostname_ indicates the name of the remote host to be configured, _username_ indicates the user-defined name, and _new\_hostname_ indicates the new host name. **hostnamectl** is used to connect to the remote system through SSH. ### Configuring a Host Name by Running the nmcli Command To query a static host name, run the following command: -``` -$ nmcli general hostname +```shell +nmcli general hostname ``` To name a static host as **host-server**, run the following command as **root** user: -``` -# nmcli general hostname host-server +```shell +nmcli general hostname host-server ``` To enable the system to detect the change of the static host name, run the following command as the **root** user to restart the hostnamed service: -``` -# systemctl restart systemd-hostnamed +```shell +systemctl restart systemd-hostnamed ``` ## Configuring Network Bonding - - ### Running the nmcli Command -- To create a bond named **mybond0**, run the following command: +- To create a bond named **mybond0**, run the following command: - ``` - $ nmcli con add type bond con-name mybond0 ifname mybond0 mode active-backup + ```shell + nmcli con add type bond con-name mybond0 ifname mybond0 mode active-backup ``` -- To add a slave interface, run the following command: +- To add a slave interface, run the following command: - ``` - $ nmcli con add type bond-slave ifname enp3s0 master mybond0 + ```shell + nmcli con add type bond-slave ifname enp3s0 master mybond0 ``` To add another slave interface, repeat the preceding command with the new interface name: - ``` + ```shell $ nmcli con add type bond-slave ifname enp4s0 master mybond0 Connection 'bond-slave-enp4s0' (05e56afc-b953-41a9-b3f9-0791eb49f7d3) successfully added. ``` -- To enable a bond, run the following command to enable the slave interface first: +- To enable a bond, run the following command to enable the slave interface first: - ``` + ```shell $ nmcli con up bond-slave-enp3s0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14) ``` - ``` + ```shell $ nmcli con up bond-slave-enp4s0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15) ``` Then, run the following command to enable the bond: - ``` + ```shell $ nmcli con up mybond0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16) ``` - ### Configuring Network Bonding by Using a Command Line #### Checking Whether the Bonding Kernel Module Is Installed By default, the bonding kernel module is loaded. To load this module, run the following command as the **root** user: -``` -# modprobe --first-time bonding +```shell +modprobe --first-time bonding ``` Run the following command as the **root** user to display the information about the module: -``` -# modinfo bonding +```shell +modinfo bonding ``` For more commands, run the modprobe \-\-help command as the **root** user. @@ -664,7 +649,7 @@ To create a channel bonding interface, you can create a file named **ifcfg-bond Write the corresponding content to the configuration file according to the type of the interface to be bonded, for example, network interface. An example of the interface configuration file is as follows: -``` +```text DEVICE=bond0 NAME=bond0 TYPE=Bond @@ -682,7 +667,7 @@ After creating a channel bonding interface, you must add the **MASTER** and * For example, to bind the two network interfaces enp3s0 and enp4s0 in channel mode, the configuration files are as follows: -``` +```text TYPE=Ethernet NAME=bond-slave-enp3s0 UUID=3b7601d1-b373-4fdf-a996-9d267d1cac40 @@ -692,7 +677,7 @@ MASTER=bond0 SLAVE=yes ``` -``` +```text TYPE=Ethernet NAME=bond-slave-enp4s0 UUID=00f0482c-824f-478f-9479-abf947f01c4a @@ -706,31 +691,31 @@ SLAVE=yes To activate channel bonding, you need to enable all the slave interfaces. Run the following command as the **root** user: -``` -# ifup enp3s0 +```shell +$ ifup enp3s0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7) ``` -``` -# ifup enp4s0 +```shell +$ ifup enp4s0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If an interface is in **up** state, run the **ifdown** _enp3s0_ command to change the state to **down**. In the command, _enp3s0_ indicates the actual NIC name. After that, enable all the slave interfaces to enable the bonding \(do not set them to **Down**\). To enable the NetworkManager to detect the modifications made by the system, run the following command as the **root** user after each modification: -``` -# nmcli con load /etc/sysconfig/network-scripts/ifcfg-device +```shell +nmcli con load /etc/sysconfig/network-scripts/ifcfg-device ``` Run the following command as the **root** user to check the status of the bonded interface: -``` -# ip link show +```shell +$ ip link show 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 @@ -748,13 +733,13 @@ Run the following command as the **root** user to check the status of the bonded The system creates a channel bonding interface for each bonding, including the **BONDING\_OPTS** instruction. This configuration method allows multiple bonded devices to use different configurations. Perform the following operations to create multiple channel bonding interfaces: -- Create multiple **ifcfg-bondN** files that contain the **BONDING\_OPTS** instruction so that network scripts can create bonding interfaces as required. -- Create or edit the existing interface configuration file to be bonded, and add the **SLAVE** instruction. -- Use the MASTER instruction to assign the interface to be bonded, that is, the slave interface, to the channel bonding interface. +- Create multiple **ifcfg-bondN** files that contain the **BONDING\_OPTS** instruction so that network scripts can create bonding interfaces as required. +- Create or edit the existing interface configuration file to be bonded, and add the **SLAVE** instruction. +- Use the MASTER instruction to assign the interface to be bonded, that is, the slave interface, to the channel bonding interface. The following is an example of the configuration file of a channel bonding interface: -``` +```text DEVICE=bondN NAME=bondN TYPE=Bond @@ -772,23 +757,23 @@ In this example, replace N with the number of the bonded interface. For example, ### Restrictions -- chrony supports global addresses but not link-local addresses. -- Firefox supports the access to the global address through HTTP or HTTPS, but does not support the access to the link-local address. +- chrony supports global addresses but not link-local addresses. +- Firefox supports the access to the global address through HTTP or HTTPS, but does not support the access to the link-local address. ### Configuration Description - - #### Setting the MTU of an Interface Device ##### Overview + In an IPv6 scenario, the minimum MTU value of the entire routing path is used as the PMTU value of the current link. The source end determines whether to fragment packets based on the PMTU value. Other devices on the entire path do not need to fragment packets. This reduces the load of intermediate routing devices. The minimum value of IPv6 PMTU is 1280. ##### Setting the MTU of the Interface Device -If the MTU of an interface configured with an IPv6 address is set to a value smaller than **1280** \(the minimum value of the IPv6 PMTU\), the IPv6 address of the interface will be deleted and cannot be added again. Therefore, in IPv6 scenarios, the MTU of the interface device must be greater than or equal to 1280. Run the following commands as the **root** user to view the details: -``` -# ip addr show enp3s0 +If the MTU of an interface configured with an IPv6 address is set to a value smaller than **1280** \(the minimum value of the IPv6 PMTU\), the IPv6 address of the interface will be deleted and cannot be added again. Therefore, in IPv6 scenarios, the MTU of the interface device must be greater than or equal to 1280. Run the following commands as the **root** user to view the details: + +```shell +$ ip addr show enp3s0 3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 @@ -797,32 +782,32 @@ If the MTU of an interface configured with an IPv6 address is set to a value sma valid_lft forever preferred_lft forever ``` -``` -# ip link set dev enp3s0 mtu 1200 -# ip addr show enp3s0 +```shell +$ ip link set dev enp3s0 mtu 1200 +$ ip addr show enp3s0 3: enp3s0: mtu 1200 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 valid_lft 38642sec preferred_lft 38642sec ``` -``` -# ip addr add 2001:222::2/64 dev enp3s0 +```shell +$ ip addr add 2001:222::2/64 dev enp3s0 RTNETLINK answers: No buffer space available ``` -``` -# ip link set dev enp3s0 mtu 1500 -# ip addr show enp3s0 +```shell +$ ip link set dev enp3s0 mtu 1500 +$ ip addr show enp3s0 3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 valid_lft 38538sec preferred_lft 38538sec ``` -``` -# ip addr add 2001:222::2/64 dev enp3s0 -# ip addr show enp3s0 +```shell +$ ip addr add 2001:222::2/64 dev enp3s0 +$ ip addr show enp3s0 3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 @@ -834,53 +819,54 @@ RTNETLINK answers: No buffer space available #### Stateful IPv6 Address Autoconfiguration ##### Overview + Both IPv6 and IPv4 addresses can be obtained through DHCP as the **root** user. There are configuration methods for IPv6 address: stateless autoconfiguration and stateful autoconfiguration. -- Stateless autoconfiguration +- Stateless autoconfiguration The DHCP server is not required for management. The device obtains the network prefix according to the router advertisement \(RA\), or the prefix of a link-local address is fixed to fe80::. The interface ID is automatically obtained based on the value of IPV6\_ADDR\_GEN\_MODE in the ifcfg file. - 1. If the value of IPv6\_ADDR\_GEN\_MODE is stable-privacy, the device determines a random interface ID based on the device and network environment. - 2. If the value of IPv6\_ADDR\_GEN\_MODE is EUI64, the device determines the interface ID based on the device MAC address. + 1. If the value of IPv6\_ADDR\_GEN\_MODE is stable-privacy, the device determines a random interface ID based on the device and network environment. + 2. If the value of IPv6\_ADDR\_GEN\_MODE is EUI64, the device determines the interface ID based on the device MAC address. -- Stateful autoconfiguration: The DHCP server manages and leases IPv6 addresses from the DHCPv6 server base on the DHCPv6 protocol. +- Stateful autoconfiguration: The DHCP server manages and leases IPv6 addresses from the DHCPv6 server base on the DHCPv6 protocol. In stateful autoconfiguration, the DHCPv6 server can classify clients based on the vendor class configured on the clients and assign IPv6 addresses in different address segments to different types of clients. In IPv4 scenarios, the client can use the -V option of the dhclient command to set the vendor-class-identifier field. The DHCP server classifies clients based on the vendor-class-identifier field in the configuration file. In IPv6 scenarios, if the same method is used to classify clients, the classification does not take effect. - ``` + ```shell dhclient -6 -V ``` This is because DHCPv6 differs greatly from DHCP. The vendor-class-option in DHCPv6 replaces the vendor-class-identifier in DHCP. However, the -V option of dhclient cannot be set to vendor-class-option. - ##### Setting the vendor class for dhclient in Stateful IPv6 Address Autoconfiguration -- On the client, add the setting of vendor class by using the configuration file. + +- On the client, add the setting of vendor class by using the configuration file. Client configuration file \(/etc/dhcp/dhclient6.conf\): The file location can be customized. You need to specify the configuration file using the dhclient -cf option. - ``` + ```shell option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; interface "enp3s0" { send dhcp6.vendor-class ; } ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >- \: a 32-digit integer, indicating the enterprise ID. The enterprise is registered through the IANA. - >- \: a 16-digit integer, indicating the length of the vendor class string. - >- \: character string of the vendor class to be set, for example, HWHW. + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > + >- \: a 32-digit integer, indicating the enterprise ID. The enterprise is registered through the IANA. + >- \: a 16-digit integer, indicating the length of the vendor class string. + >- \: character string of the vendor class to be set, for example, HWHW. On the client: - ``` + ```shell dhclient -6 -cf /etc/dhcp/dhclient6.conf ``` +- The DHCPv6 server configuration file \(/etc/dhcp/dhcpd6.conf\) needs to be specified by the dhcpd -cf option. -- The DHCPv6 server configuration file \(/etc/dhcp/dhcpd6.conf\) needs to be specified by the dhcpd -cf option. - - ``` + ```shell option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; subnet6 fc00:4:12:ffff::/64 { class "hw" { @@ -897,25 +883,26 @@ Both IPv6 and IPv4 addresses can be obtained through DHCP as the **root** user. } ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >In substring \(option dhcp6.vendor-class, 6, 10\), the start position of the substring is 6, because the substring contains four bytes of and two bytes of . The end position of the substring is 6+. In this example, the vendor class string is HWHW, and the length of the string is 4. Therefore, the end position of the substring is 6 + 4 = 10. You can specify and as required. On the server: - ``` + ```shell dhcpd -6 -cf /etc/dhcp/dhcpd6.conf ``` - #### Kernel Supporting Socket-Related System Calls ##### Overview + The length of an IPv6 address is extended to 128 bits, indicating that there are sufficient IPv6 addresses for allocation. Compared with the IPv4 header, the IPv6 header is simplified, and the IPv6 automatic configuration function is enhanced. IPv6 addresses are classified into unicast addresses, multicast addresses, and anycast addresses. Common unicast addresses include link-local addresses, unique local addresses, and global addresses. As there are sufficient global IPv6 addresses, unique local addresses are not used. \(formerly known as site-local addresses, which were discarded in 2004.\) Currently, the mainstream unicast addresses are link-local address and global address. The current kernel supports socket system invoking. The link-local address and global address using unicast addresses are different. ##### Differences Between the link-local Address and global Address During Socket Invoking + RFC 2553: Basic Socket Interface Extensions for IPv6 defines the sockaddr\_in6 data structure as follows: -``` +```c struct sockaddr_in6 { uint8_t sin6_len; /* length of this struct */ sa_family_t sin6_family; /* AF_INET6 */ @@ -926,12 +913,12 @@ struct sockaddr_in6 { }; ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >sin6\_scope\_id: a 32-bit integer. For the link-local address, it identifies the index of the specified interface. For the link-range sin6\_addr, it identifies the index of the specified interface. For the site-range sin6\_addr, it is used as the site identifier \(the site-local address has been discarded\). When the link-local address is used for socket communication, the interface index corresponding to the address needs to be specified when the destination address is constructed. Generally, you can use the if\_nametoindex function to convert an interface name into an interface index number. Details are as follows: -``` +```c int port = 1234; int sk_fd; int iff_index = 0; @@ -954,41 +941,45 @@ connect(sk_fd, (struct sockaddr *)&server_addr, sizeof(struct sockaddr_in6)); #### Persistency Configuration of the IPv4 dhclient Daemon Process ##### Overview + When the NetworkManager service is used to manage network services, if the ifcfg- configuration file of an interface is configured to obtain an IP address in DHCP mode, the NetworkManager service starts the dhclient daemon process to obtain an IP address from the DHCP server. The dhclient provides the -1 option to determine whether the dhclient process persistently attempts to request an IP address or exits after the request times out before receiving a response from the DHCP server. For the IPv4 dhclient daemon process, you can set PERSISTENT\_DHCLIENT in the ifcfg- configuration file to determine whether to set the persistence of the IPv4 dhclient process. ##### Restrictions -1. If the ongoing dhclient process is killed, the network service cannot automatically start it. Therefore, you need to ensure the reliability. -2. If PERSISTENT\_DHCLIENT is configured, ensure that the corresponding DHCP server exists. If no DHCP server is available when the network service is started and the dhclient process continuously attempts to send request packets but does not receive any response, the network service is suspended until the network service times out. The network service starts the IPv4 dhclient processes of multiple NICs in serial mode. If persistency is configured for a NIC but the DHCP server is not ready, the network service will be suspended when obtaining an IPv4 address for the NIC. As a result, the NIC cannot obtain an IPv4 or IPv6 address. + +1. If the ongoing dhclient process is killed, the network service cannot automatically start it. Therefore, you need to ensure the reliability. +2. If PERSISTENT\_DHCLIENT is configured, ensure that the corresponding DHCP server exists. If no DHCP server is available when the network service is started and the dhclient process continuously attempts to send request packets but does not receive any response, the network service is suspended until the network service times out. The network service starts the IPv4 dhclient processes of multiple NICs in serial mode. If persistency is configured for a NIC but the DHCP server is not ready, the network service will be suspended when obtaining an IPv4 address for the NIC. As a result, the NIC cannot obtain an IPv4 or IPv6 address. The preceding restrictions apply to special scenarios. You need to ensure reliability. ##### Configuration Differences Between IPv4 DHCP and IPv6 DHCPv6 + You can configure the ifcfg- parameter on an interface to enable IPv4 and IPv6 to dynamically obtain IP addresses using DHCP or DHCPv6. The configuration is as follows: -``` +```text BOOTPROTO=none|bootp|dhcp DHCPV6C=yes|no PERSISTENT_DHCLIENT=yes|no|1|0 ``` -- BOOTPROTO: **none** indicates that an IPv4 address is statically configured. bootp|dhcp enables DHCP dhclient to dynamically obtain an IPv4 address. -- DHCPV6C: **no** indicates that an IPv6 address is statically configured, and **yes** indicates that the DHCPv6 dhclient is enabled to dynamically obtain the IPv6 address. -- PERSISTENT\_DHCLIENT: **no|0** indicates that the IPv4 dhclient process is configured as nonpersistent. If the dhclient sends a request packet to the DHCP server but does not receive any response, the dhclient exits after a period of time and the exit value is 2. **yes|1** indicates that the IPv4 dhclient process is configured to be persistent. The dhclient process repeatedly sends request packets to the DHCP server. **If PERSISTENT\_DHCLIENT is not configured, dhclient of IPv4 is set to yes|1 by default.** +- BOOTPROTO: **none** indicates that an IPv4 address is statically configured. bootp|dhcp enables DHCP dhclient to dynamically obtain an IPv4 address. +- DHCPV6C: **no** indicates that an IPv6 address is statically configured, and **yes** indicates that the DHCPv6 dhclient is enabled to dynamically obtain the IPv6 address. +- PERSISTENT\_DHCLIENT: **no|0** indicates that the IPv4 dhclient process is configured as nonpersistent. If the dhclient sends a request packet to the DHCP server but does not receive any response, the dhclient exits after a period of time and the exit value is 2. **yes|1** indicates that the IPv4 dhclient process is configured to be persistent. The dhclient process repeatedly sends request packets to the DHCP server. **If PERSISTENT\_DHCLIENT is not configured, dhclient of IPv4 is set to yes|1 by default.** - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The PERSISTENT\_DHCLIENT configuration takes effect only for IPv4 and does not take effect for IPv6-related dhclient -6 processes. By default, the persistence configuration is not performed for IPv6. - #### Differences Between IPv4 and IPv6 Configuration Using the iproute Command ##### Overview + IPv4 and IPv6 are two different protocol standards. Therefore, the iproute commands are different in usage. This section describes the differences between IPv4 and IPv6 commands in the iproute package. To run the iproute commands, you must have the root permission. ##### Lifecycle of an IPv6 Address + @@ -1022,22 +1013,24 @@ To run the iproute commands, you must have the root permission. Remarks: -- preferred\_lft: preferred lifetime. The preferred\_lft address has not expired and can be used for normal communication. If there are multiple preferred addresses, the address is selected based on the kernel mechanism. -- valid\_lft: valid lifetime. The address cannot be used for creating new connections within the period of \[preferred\_lft, valid\_lft\]. The existing connections are still valid. +- preferred\_lft: preferred lifetime. The preferred\_lft address has not expired and can be used for normal communication. If there are multiple preferred addresses, the address is selected based on the kernel mechanism. +- valid\_lft: valid lifetime. The address cannot be used for creating new connections within the period of \[preferred\_lft, valid\_lft\]. The existing connections are still valid. + +##### Command ip link -##### ip link Command The commands are as follows: -``` +```shell ip link set IFNAME mtu MTU ``` The minimum PMTU of IPv6 is 1280. If the MTU is set to a value smaller than 1280, IPv6 addresses will be lost. Other devices cannot ping the IPv6 address. -##### ip addr Command -1. The commands are as follows: +##### Command ip addr - ``` +1. The commands are as follows: + + ```shell ip [-6] addr add IFADDR dev IFNAME ``` @@ -1045,87 +1038,87 @@ The minimum PMTU of IPv6 is 1280. If the MTU is set to a value smaller than 1280 If the -6 option is specified but IFADDR is an IPv4 address, an error message is returned. -2. The commands are as follows: +2. The commands are as follows: - ``` + ```shell ip [-6] addr add IFADDR dev IFNAME [home|nodad] ``` \[home|nodad\] is valid only for IPv6 addresses. - - home: specifies the home address defined in RFC 6275. \(This address is obtained by the mobile node from the home link, and is a permanent address of the mobile node. If the mobile node remains in the same home link, communication between various entities is performed normally.\) - - nodad: indicates that DAD is not performed when this IPv6 address is added. \(RFC 4862\) If multiple interfaces on a device are configured with the same IPv6 address through nodad, the IPv6 address is used in the interface sequence. An IPv6 address with both nodad and non-nodad cannot be added the same interface because the two IP addresses are the same. Otherwise, the message "RTNETLINK answers: File exists" is displayed. + - home: specifies the home address defined in RFC 6275. \(This address is obtained by the mobile node from the home link, and is a permanent address of the mobile node. If the mobile node remains in the same home link, communication between various entities is performed normally.\) + - nodad: indicates that DAD is not performed when this IPv6 address is added. \(RFC 4862\) If multiple interfaces on a device are configured with the same IPv6 address through nodad, the IPv6 address is used in the interface sequence. An IPv6 address with both nodad and non-nodad cannot be added the same interface because the two IP addresses are the same. Otherwise, the message "RTNETLINK answers: File exists" is displayed. -3. The commands are as follows: +3. The commands are as follows: - ``` + ```shell ip [-6] addr del IFADDR dev IFNAME ``` You can choose to add the -6 option or not to delete an IPv6 address. The ip addr del command determines whether an IPv4 address or an IPv6 address is used based on the address type. -4. The commands are as follows: +4. The commands are as follows: - ``` + ```shell ip [-6] addr show dev IFNAME [tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary] ``` - - If the -6 option is not specified, both IPv4 and IPv6 addresses are displayed. If the -6 option is specified, only IPv6 addresses are displayed. - - \[tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary\]. These options are only for IPv6. You can filter and view addresses based on the IPv6 address status. - 1. tentative: \(only for IPv6\) lists only the addresses that have not passed duplicate address detection \(DAD\). - 2. -tentative: \(only for IPv6\) lists only the addresses that are not in the DAD process. - 3. deprecated: \(only for IPv6\) lists only the deprecated addresses. - 4. -deprecated: \(only for IPv6\) lists only the addresses that are not deprecated. - 5. dadfailed: \(only for IPv6\) lists only the addresses that fail the DAD. - 6. -dadfailed: \(only for IPv6\) lists only the addresses that do not encounter DAD failures. - 7. temporary: \(only for IPv6\) lists only the temporary addresses. + - If the -6 option is not specified, both IPv4 and IPv6 addresses are displayed. If the -6 option is specified, only IPv6 addresses are displayed. + - \[tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary\]. These options are only for IPv6. You can filter and view addresses based on the IPv6 address status. + 1. tentative: \(only for IPv6\) lists only the addresses that have not passed duplicate address detection \(DAD\). + 2. -tentative: \(only for IPv6\) lists only the addresses that are not in the DAD process. + 3. deprecated: \(only for IPv6\) lists only the deprecated addresses. + 4. -deprecated: \(only for IPv6\) lists only the addresses that are not deprecated. + 5. dadfailed: \(only for IPv6\) lists only the addresses that fail the DAD. + 6. -dadfailed: \(only for IPv6\) lists only the addresses that do not encounter DAD failures. + 7. temporary: \(only for IPv6\) lists only the temporary addresses. +##### Command ip route +1. The commands are as follows: -##### ip route Command -1. The commands are as follows: - - ``` + ```shell ip [-6] route add ROUTE [mtu lock MTU] ``` - - -6 option: You can add the -6 option or not when adding an IPv6 route. The ip route command determines whether an IPv4 or IPv6 address is used based on the address type. + - -6 option: You can add the -6 option or not when adding an IPv6 route. The ip route command determines whether an IPv4 or IPv6 address is used based on the address type. - - mtu lock MTU: specifies the MTU of the locked route. If the MTU is not locked, the MTU value may be changed by the kernel during the PMTUD process. If the MTU is locked, PMTUD is not attempted. All IPv4 packets are not set with the DF bit and IPv6 packets are segmented based on the MTU. + - mtu lock MTU: specifies the MTU of the locked route. If the MTU is not locked, the MTU value may be changed by the kernel during the PMTUD process. If the MTU is locked, PMTUD is not attempted. All IPv4 packets are not set with the DF bit and IPv6 packets are segmented based on the MTU. -2. The commands are as follows: +2. The commands are as follows: - ``` + ```shell ip [-6] route del ROUTE ``` You can choose whether to add the -6 option when deleting an IPv6 route. The ip route command determines whether an IPv4 address or an IPv6 address is used based on the address type. +##### Command ip rule -##### ip rule command -1. The commands are as follows: +1. The commands are as follows: - ``` + ```shell ip [-6] rule list ``` -6 option: If the -6 option is set, IPv6 policy-based routes are printed. If the -6 option is not set, IPv4 policy-based routes are printed. Therefore, you need to configure the -6 option according to the specific protocol type. -2. The commands are as follows: +2. The commands are as follows: - ``` + ```shell ip [-6] rule [add|del] [from|to] ADDR table TABLE pref PREF ``` -6 option: IPv6-related policy routing entries need to be configured with the -6 option. Otherwise, the error message "Error: Invalid source address." is displayed. Accordingly, the -6 option cannot be set for IPv4-related policy routing entries. Otherwise, the error message "Error: Invalid source address." is displayed. - #### Configuration Differences of the NetworkManager Service ##### Overview + The NetworkManager service uses the ifup/ifdown logical interface definition to perform advanced network settings. Most of the parameters are set in the /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg- configuration files. The former is a global setting, and the latter is a setting of a specified NIC. When the two settings conflict, the latter takes effect. ##### Configuration Differences + The configuration differences in /etc/sysconfig/network are as follows: @@ -1137,28 +1130,28 @@ The configuration differences in /etc/sysconfig/network are as follows: - - - - @@ -1172,21 +1165,21 @@ The configuration differences in /etc/sysconfig/network are as follows: - - - @@ -1207,23 +1200,23 @@ The differences in /etc/sysconfig/network-scripts/ifcfg- are as - - - - - @@ -1249,21 +1242,21 @@ The differences in /etc/sysconfig/network-scripts/ifcfg- are as - - - @@ -1273,43 +1266,48 @@ The differences in /etc/sysconfig/network-scripts/ifcfg- are as

IPv6 status

NA

+

N/A

IPV6FORWARDING=yes|no

IPv6 forwarding. By default, IPv6 packets are not forwarded.

NA

+

N/A

IPV6_AUTOCONF=yes|no

If IPv6 forwarding is enabled, the value is no. Otherwise, the value is yes.

NA

+

N/A

IPV6_ROUTER=yes|no

If IPv6 forwarding is enabled, the value is yes. Otherwise, the value is no.

NA

+

N/A

IPV6_AUTOTUNNEL=yes|no

Indicates the default gateway in IPv6.

NA

+

N/A

IPV6_DEFAULTDEV=<interface> (optional)

Specifies the default forwarding NIC.

NA

+

N/A

IPV6_RADVD_PIDFILE=<pid-file> (optional)

The default path of ipv6_radvd_pid is /var/run/radvd/radvd.pid.

NA

+

N/A

IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP (optional)

IPADDRn

+

IPADDR

IPV6ADDR=<IPv6 address>[/<prefix length>]

indicates the IP address.

PREFIXn

+

PREFIX

NA

+

N/A

The network prefix, network alias, and PPP are invalid. The priority is higher than that of NETMASK.

NETMASKn

+

NETMASK

NA

+

N/A

Indicates the subnet mask. It is used only for the alias and PPP.

The default value is no. If this parameter is set to yes, ifup-eth exits when dhclient fails.

NA

+

N/A

IPV6_PRIVACY=rfc3041

Disabled by default.

NA

+

N/A

IPV6INIT=yes|no

IPv6 is enabled by default.

NA

+

N/A

IPV6FORWARDING=yes|no
-### FAQ - - +### FAQs -#### The iscsi-initiator-utils Does Not Support the fe80 IPv6 Address. +#### The iscsi-initiator-utils Does Not Support the fe80 IPv6 Address ##### Symptom + When a client uses an IPv6 address to log in to the iSCSI server, run the iscsiadm -m node -p ipv6address -l command. If the global address is used, replace ipv6address in the command example with the global address. However, the link-local address \(IPv6 address starting with fe80\) cannot be used because the current mechanism of iscsi-initiator-utils does not support the link-local address to log in to the iSCSI server. ##### Possible Cause + If you log in to the system using the iscsiadm -m node -p fe80::xxxx -l format, a login timeout error is returned. This is because you must specify an interface when using the link-local address. Otherwise, the iscsi\_io\_tcp\_connect function fails to invoke the connect function, and the standard error code 22 is generated. If you use the iscsiadm -m node -p fe80::xxxx%enp3s0 -l format for login, the iscsi\_addr\_match function will compare the address fe80::xxxx%enp3s0 with the address fe80::xxxx in the node information returned by the server. The comparison result does not match, causing the login failure. Therefore, **the current mechanism of iscsi-initiator-utils does not support login to the iSCSI server using a link-local address.** -#### The IPv6 Address Is Lost After the NIC Is Down. +#### The IPv6 Address Is Lost After the NIC Is Down ##### Symptom + Run the ip link down+up NIC or ifconfig down+up NIC command to disable the NIC and then enable it to go online. Check the IP address configured on the NIC. It is found that the IPv4 address is not lost but the configured IPv6 address is lost. ##### Possible Cause + According to the processing logic in the kernel, if the NIC is set to the down state, all IPv4 and IPv6 addresses will be cleared. After the NIC is set to the up state, the IPv4 address is automatically restored, and the automatically configured IPv6 link-local address on the NIC is also restored. However, other IPv6 addresses are lost by default. To retain these IPv6 addresses, run the **sysctl -w net.ipv6.conf.\< _NIC name_ \>.keep\_addr\_on\_down=1** command. #### Taking a Long Time to Add or Delete an IPv6 Address for a Bond Interface with Multiple IPv6 Addresses ##### Symptom + When users run the following command to add or delete \(including flush\) an IPv6 address, the waiting time increases linearly along with the number of IPv6 addresses configured on a bond interface. **X** is the least significant 16 bits that dynamically change. For example, it takes about five minutes to add 3000 IPv6 address to or delete them from a bond interface that already has four physical NICs using a single thread, while for a common physical NIC, it takes less than 10 seconds. -``` +```shell ip a add/del 192:168::18:X/64 dev DEVICE ``` ##### Possible Cause + When an IPv6 address is added to a bond interface, the IPv6 multicast address is generated and synchronized to all physical NICs. The time required increases with the number of IPv6 addresses. As a result, it takes a too long time. ##### Solution + The IPv6 multicast address is generated by combining the least significant 24 bits of the IPv6 address and 33-33-ff. If there are too many multicast addresses, it takes a long time to add or delete the address. If there are a few multicast addresses, the time required is not affected. It is recommended that you set the least significant 24 bits of the IPv6 address to be the same as the most significant 24 bits of the IPv6 address. In this way, a single NIC can communicate with external devices using only one IP address in a network segment. @@ -1317,19 +1315,23 @@ It is recommended that you set the least significant 24 bits of the IPv6 address #### Rsyslog Log Transmission Is Delayed in the Scenario Where Both IPv4 and IPv6 Are Used ##### Symptom + When both IPv4 and IPv6 addresses are configured in the configuration file of the rsyslog client and the port configurations are the same, there is a possibility that log output is delayed when the server collects logs. ##### Possible Cause + The delay is caused by the buffer queue mechanism of rsyslog. By default, rsyslog writes data to a file only when the number of buffer queues reaches a specified value. ##### Solution -You can disable the buffer queue mechanism by configuring the Direct mode as the **root** user. Add the following information at the beginning of the new remote transmission configuration file in the /etc/rsyslog.d directory on the rsyslog remote transmission server: -``` +You can disable the buffer queue mechanism by configuring the Direct mode as the **root** user. Add the following information at the beginning of the new remote transmission configuration file in the **/etc/rsyslog.d** directory on the rsyslog remote transmission server: + +```text $ActionQueueType Direct $MainMsgQueueType Direct ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- In direct mode, the queue size is reduced by 1. Therefore, one log is reserved in the queue for the next log output. ->- The direct mode degrades the rsyslog performance of the server. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- In direct mode, the queue size is reduced by 1. Therefore, one log is reserved in the queue for the next log output. +>- The direct mode degrades the rsyslog performance of the server. diff --git a/docs/en/docs/Administration/configuring-the-repo-server.md b/docs/en/docs/Administration/configuring-the-repo-server.md index b0ba0980b51b4f46b01ed1f974f99db6a9493afd..c426c1b8770292ac6caa9739499e21e41a14629b 100644 --- a/docs/en/docs/Administration/configuring-the-repo-server.md +++ b/docs/en/docs/Administration/configuring-the-repo-server.md @@ -1,8 +1,9 @@ # Configuring the Repo Server ->![](./public_sys-resources/icon-note.gif) **NOTE:** -> openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](./../Releasenotes/installing-the-os.html). If you cannot obtain the openEuler repo source online, you can use the ISO release package provided by openEuler to create a local openEuler repo source. This section uses the **openEuler-20.03-LTS-aarch64-dvd.iso** file as an example. Modify the ISO file as required. - +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> openEuler provides multiple repo sources for users online. For details about the repo sources, see [Installing the OS](./../Releasenotes/installing-the-os.md). If you cannot obtain the openEuler repo source online, you can use the ISO release package provided by openEuler to create a local openEuler repo source. This section uses the **openEuler-20.03-LTS-SP4-aarch64-dvd.iso** file as an example. Modify the ISO file as required. + - [Configuring the Repo Server](#configuring-the-repo-server) @@ -24,31 +25,31 @@ ## Overview -Create the **openEuler-20.03-LTS-aarch64-dvd.iso** file provided by openEuler as the repo source. The following uses Nginx as an example to describe how to deploy the repo source and provide the HTTP service. +Create the **openEuler-20.03-LTS-SP4-aarch64-dvd.iso** file provided by openEuler as the repo source. The following uses Nginx as an example to describe how to deploy the repo source and provide the HTTP service. ## Creating or Updating a Local Repo Source -Mount the openEuler ISO file **openEuler-20.03-LTS-aarch64-dvd.iso** to create and update a repo source. +Mount the openEuler ISO file **openEuler-20.03-LTS-SP4-aarch64-dvd.iso** to create and update a repo source. ### Obtaining the ISO File Obtain the openEuler ISO file from the following website: -[https://repo.openeuler.org/openEuler-20.03-LTS/ISO/](https://repo.openeuler.org/openEuler-20.03-LTS/ISO/) +[https://repo.openeuler.org/openEuler-20.03-LTS-SP4/ISO/](https://repo.openeuler.org/openEuler-20.03-LTS-SP4/ISO/) ### Mounting an ISO File to Create a Repo Source -Run the mount command as the **root** user to mount the ISO file. +Run the `mount` command as the **root** user to mount the ISO file. The following is an example: -``` -# mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ +```sh +mount /home/openEuler/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt/ ``` The mounted mnt directory is as follows: -``` +```sh . │── boot.catalog │── docs @@ -66,17 +67,17 @@ In the preceding command, **Packages** indicates the directory where the RPM p You can copy related files in the ISO file to a local directory to create a local repo source. The following is an example: -``` -# mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ -$ mkdir -p ~/srv/repo/ -$ cp -r /mnt/Packages ~/srv/repo/ -$ cp -r /mnt/repodata ~/srv/repo/ -$ cp -r /mnt/RPM-GPG-KEY-openEuler ~/srv/repo/ +```sh +mount /home/openEuler/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt/ +mkdir -p ~/srv/repo/ +cp -r /mnt/Packages ~/srv/repo/ +cp -r /mnt/repodata ~/srv/repo/ +cp -r /mnt/RPM-GPG-KEY-openEuler ~/srv/repo/ ``` The local repo directory is as follows: -``` +```sh . │── Packages │── repodata @@ -91,16 +92,17 @@ You can update the repo source in either of the following ways: - Use the ISO file of the new version to update the existing repo source. The method is the same as that for creating a repo source. That is, mount the ISO file or copy the ISO file to the local directory. -- Add rpm packages to the Packages directory of the repo source and run the createrepo command to update the repo source. +- Add rpm packages to the Packages directory of the repo source and run the `createrepo` command to update the repo source. - ``` - $ createrepo --update --workers=10 ~/srv/repo + ```sh + createrepo --update --workers=10 ~/srv/repo ``` In this command, --update indicates the update, and --workers indicates the number of threads, which can be customized. -> ![](./public_sys-resources/icon-note.gif) **NOTE:** -If the command output contains "createrepo: command not found", run the **dnf install createrepo** command as the **root** user to install the **createrepo** softeware. +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> If the command output contains "createrepo: command not found", run the `dnf install createrepo` command as the **root** user to install the **createrepo** software. ## Deploying the Remote Repo Source @@ -111,11 +113,12 @@ Install openEuler OS and deploy the repo source using Nginx on openEuler OS. 1. Download the Nginx tool and install it as the **root** user. 2. After installing Nginx, configure /etc/nginx/nginx.conf as the **root** user. - - > ![](./public_sys-resources/icon-note.gif) **NOTE:** -The configuration content in this document is for reference only. You can configure the content based on the site requirements (for example, security hardening requirements). - - ``` + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > The configuration content in this document is for reference only. You can configure the content based on the site requirements (for example, security hardening requirements). + + ```sh user nginx; worker_processes auto; # You are advised to set this parameter to core-1. error_log /var/log/nginx/error.log warn; # log storage location @@ -139,12 +142,12 @@ The configuration content in this document is for reference only. You can config server { listen 80; - server_name localhost; #Server name (URL) + server_name localhost; #Server name (URL) client_max_body_size 4G; - root /usr/share/nginx/repo; #Default service directory + root /usr/share/nginx/repo; #Default service directory location / { - autoindex on; # Enable the access to lower-layer files in the directory. + autoindex on; # Enable the access to lower-layer files in the directory. autoindex_exact_size on; autoindex_localtime on; } @@ -156,101 +159,101 @@ The configuration content in this document is for reference only. You can config ### Starting Nginx -1. Run the systemd command as the **root** user to start the Nginx service. - - ``` - # systemctl enable nginx - # systemctl start nginx +1. Run the following commands to start the Nginx service as the **root** user using systemd. + + ```sh + systemctl enable nginx + systemctl start nginx ``` 2. You can run the following command to check whether the Nginx is started successfully: - - ``` - $ systemctl status nginx + + ```sh + systemctl status nginx ``` - + - [Figure 1](#en-us_topic_0151920971_fd25e3f1d664b4087ae26631719990a71) indicates that the Nginx service is started successfully. - + **Figure 1** The Nginx service is successfully started. ![](./figures/the-nginx-service-is-successfully-started.png "the-nginx-service-is-successfully-started") - + - If the Nginx service fails to be started, view the error information. - - ``` - $ systemctl status nginx.service --full + + ```sh + systemctl status nginx.service --full ``` - + **Figure 2** Nginx startup failure ![](./figures/nginx-startup-failure.png "nginx-startup-failure") - + As shown in [Figure 2](#en-us_topic_0151920971_f1f9f3d086e454b9cba29a7cae96a4c54), the Nginx service fails to be created because the /var/spool/nginx/tmp/client\_body directory fails to be created. You need to manually create the directory as the **root** user. Similar problems are solved as follows: - - ``` - # mkdir -p /var/spool/nginx/tmp/client_body - # mkdir -p /var/spool/nginx/tmp/proxy - # mkdir -p /var/spool/nginx/tmp/fastcgi - # mkdir -p /usr/share/nginx/uwsgi_temp - # mkdir -p /usr/share/nginx/scgi_temp + + ```sh + mkdir -p /var/spool/nginx/tmp/client_body + mkdir -p /var/spool/nginx/tmp/proxy + mkdir -p /var/spool/nginx/tmp/fastcgi + mkdir -p /usr/share/nginx/uwsgi_temp + mkdir -p /usr/share/nginx/scgi_temp ``` ### Deploying the Repo Source 1. Run the following command as the **root** user to create the /usr/share/nginx/repo directory specified in the Nginx configuration file /etc/nginx/nginx.conf: - - ``` - # mkdir -p /usr/share/nginx/repo - ``` -2. Run the followding command as the **root** user to modify the /usr/share/nginx/repo directory permission: - + ```sh + mkdir -p /usr/share/nginx/repo ``` - # chmod -R 755 /usr/share/nginx/repo + +2. Run the following command as the **root** user to modify the /usr/share/nginx/repo directory permission: + + ```sh + chmod -R 755 /usr/share/nginx/repo ``` 3. Configure firewall rules as the **root** user to enable the port (port 80) configured for Nginx. - - ``` - # firewall-cmd --add-port=80/tcp --permanent - # firewall-cmd --reload + + ```sh + firewall-cmd --add-port=80/tcp --permanent + firewall-cmd --reload ``` - + Check whether port 80 is enabled as the **root** user. If the output is **yes**, port 80 is enabled. - - ``` - # firewall-cmd --query-port=80/tcp + + ```sh + firewall-cmd --query-port=80/tcp ``` - + You can also enable port 80 using iptables as the **root** user. - - ``` - # iptables -I INPUT -p tcp --dport 80 -j ACCEPT + + ```sh + iptables -I INPUT -p tcp --dport 80 -j ACCEPT ``` 4. After the Nginx service is configured, you can use the IP address to access the web page, as shown in [Figure 3](#en-us_topic_0151921017_fig1880404110396). - + **Figure 3** Nginx deployment succeeded ![](./figures/nginx-deployment-succeeded.png "nginx-deployment-succeeded") 5. Use either of the following methods to add the repo source to the /usr/share/nginx/repo directory: - + - Copy related files in the image to the /usr/share/nginx/repo directory as the **root** user. - - ``` - # mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ - # cp -r /mnt/Packages /usr/share/nginx/repo/ - # cp -r /mnt/repodata /usr/share/nginx/repo/ - # cp -r /mnt/RPM-GPG-KEY-openEuler /usr/share/nginx/repo/ - # chmod -R 755 /usr/share/nginx/repo + + ```sh + mount /home/openEuler/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt/ + cp -r /mnt/Packages /usr/share/nginx/repo/ + cp -r /mnt/repodata /usr/share/nginx/repo/ + cp -r /mnt/RPM-GPG-KEY-openEuler /usr/share/nginx/repo/ + chmod -R 755 /usr/share/nginx/repo ``` - - The **openEuler-20.03-LTS-aarch64-dvd.iso** file is stored in the **/home/openEuler** directory. - + + The **openEuler-20.03-LTS-SP4-aarch64-dvd.iso** file is stored in the **/home/openEuler** directory. + - Create a soft link for the repo source in the /usr/share/nginx/repo directory as the **root** user. - - ``` - # ln -s /mnt /usr/share/nginx/repo/os + + ```sh + ln -s /mnt /usr/share/nginx/repo/os ``` - + /mnt is the created repo source, and /usr/share/nginx/repo/os points to /mnt. ## Using the repo Source @@ -265,7 +268,7 @@ You can configure the built repo as the yum source and create the \*\*\*.repo co Create the **openEuler.repo** file in the **/etc/yum.repos.d** directory and use the local repository as the yum source. The content of the **openEuler.repo** file is as follows: - ``` + ```text [base] name=base baseurl=file:///home/openEuler/srv/repo @@ -275,8 +278,8 @@ You can configure the built repo as the yum source and create the \*\*\*.repo co ``` > ![](./public_sys-resources/icon-note.gif) **NOTE:** - > - > - The repoid in \[repoid\] indicates the ID of the software repository. Repoids in all .repo configuration files must be unique. In the example, repoid is set to **base**. + > + > - \[*repoid*\] indicates the ID of the software repository. IDs of the repositories in all .repo configuration files must be unique. In the example, *repoid* is set to **base**. > - **name** indicates the string that the software repository describes. > - **baseurl** indicates the address of the software repository. > - **enabled** indicates whether to enable the software source repository. The value can be **1** or **0**. The default value is **1**, indicating that the software source repository is enabled. @@ -287,9 +290,9 @@ You can configure the built repo as the yum source and create the \*\*\*.repo co Create the **openEuler.repo** file in the **/etc/yum.repos.d** directory. - - If the repo source of the HTTP server deployed by the user is used as the yum source, the content of **openEuler.repo** is as follows: - - ``` + - If the repo source of the HTTP server deployed by the user is used as the yum source, the content of **openEuler.repo** is as follows: + + ```text [base] name=base baseurl=http://192.168.139.209/ @@ -297,26 +300,27 @@ You can configure the built repo as the yum source and create the \*\*\*.repo co gpgcheck=1 gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler ``` - - > ![](./public_sys-resources/icon-note.gif) **NOTE:** + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > > 192.168.139.209 is an example. Replace it with the actual IP address. - - If the openEuler repo source provided by openEuler is used as the yum source, the content of **openEuler.repo** is as follows (the aarch64-based OS repo source is used as an example): - - ``` + - If the openEuler repo source provided by openEuler is used as the yum source, the content of **openEuler.repo** is as follows (the aarch64-based OS repo source is used as an example): + + ```text [base] name=base - baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/ + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/ enabled=1 gpgcheck=1 - gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/RPM-GPG-KEY-openEuler ``` -### repo Priority +### Repo Priority If there are multiple repo sources, you can set the repo priority in the .repo file. If the priority is not set, the default priority is 99. If the same RPM package exists in the sources with the same priority, the latest version is installed. **1** indicates the highest priority and **99** indicates the lowest priority. For example, set the priority of **openEuler.repo** to **2**. -``` +```text [base] name=base baseurl=http://192.168.139.209/ @@ -328,9 +332,9 @@ gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler ### Related Commands of dnf -The dnf command can automatically parse the dependency between packages during installation and upgrade. The common usage method is as follows: +The `dnf` command can automatically parse the dependency between packages during installation and upgrade. The common usage method is as follows: -``` +```sh dnf ``` @@ -340,68 +344,68 @@ Common commands are as follows: Run the following command as the **root** user. - ``` - # dnf install + ```sh + dnf install ``` - Upgrade Run the following command as the **root** user. - ``` - # dnf update + ```sh + dnf update ``` - Rollback Run the following command as the **root** user. - ``` - # dnf downgrade + ```sh + dnf downgrade ``` - Checking for update - ``` - $ dnf check-update + ```sh + dnf check-update ``` - Uninstallation Run the following command as the **root** user. - ``` + ```sh # dnf remove ``` - Query - ``` - $ dnf search + ```sh + dnf search ``` - Local installation Run the following command as the **root** user. - ``` - # dnf localinstall + ```sh + dnf localinstall ``` - Viewing historical records - ``` - $ dnf history + ```sh + dnf history ``` - Clearing cache records - ``` - $ dnf clean all + ```sh + dnf clean all ``` - Updating cache + ```sh + dnf makecache ``` - $ dnf makecache - ``` \ No newline at end of file diff --git a/docs/en/docs/Administration/faqs.md b/docs/en/docs/Administration/faqs.md index b681539769b2558932d71c2caa9951524aa22ae6..6793fa7754cc2c5fc7d3f135486899de02808810 100644 --- a/docs/en/docs/Administration/faqs.md +++ b/docs/en/docs/Administration/faqs.md @@ -1,18 +1,8 @@ # FAQs - -- [FAQs](#faqs) - - [Why Is the Memory Usage of the libvirtd Service Queried by Running the systemctl and top Commands Different?](#why-is-the-memory-usage-of-the-libvirtd-service-queried-by-running-the-systemctl-and-top-commands-different) - - [An Error Occurs When stripsize Is Set to 4 During RAID 0 Volume Configuration](#an-error-occurs-when-stripsize-is-set-to-4-during-raid-0-volume-configuration) - - [Failed to Compile MariaDB Using rpmbuild](#failed-to-compile-mariadb-using-rpmbuild) - - [Failed to Start the SNTP Service Using the Default Configuration](#failed-to-start-the-sntp-service-using-the-default-configuration) - - [Installation Failure Caused by Software Package Conflict, File Conflict, or Missing Software Package](#installation-failure-caused-by-software-package-conflict-file-conflict-or-missing-software-package) - - [Why Do OpenSSH-related Packages Fail to Be Installed when the OpenSSH Software Package Is Upgraded in Default DNF Update Mode?](#Why-Do-OpenSSH-related-Packages-Fail-to-Be-Installed-when-the-OpenSSH-Software-Package-Is-Upgraded-in-Default-DNF-Update-Mode) - - ## Why Is the Memory Usage of the libvirtd Service Queried by Running the systemctl and top Commands Different? -### Symptom +### Symptomf The output of the **systemctl** and **systemd-cgtop** commands shows that the libvirtd service occupies more than 1.5 GB memory, but the output of the **top** command shows that the libvirtd service occupies about 70 MB memory. ### Possible Cause @@ -20,10 +10,10 @@ The memory displayed in the services \(including systemctl and systemd-cgtop\) m Generally, the memory used by service processes has the following types: -- anon\_rss: anonymous pages in user mode address spaces, for example, memory allocated by calling the malloc function or the mmap function with configured **MAP\_ANONYMOUS**. When the system memory is insufficient, this type of memory can be swapped by the kernel. -- file\_rss: mapped pages in user mode address spaces, including map file \(such as mmap of a specified file\) and map tmpfs \(such as IPC shared memory\). When the system memory is insufficient, the kernel can reclaim these pages. Data may need to be synchronized between the kernel and map file before reclamation. -- file\_cache: file cache \(page in page cache of disk file\), which is generated when a file is read or written. When the system memory is insufficient, the kernel can reclaim these pages. Data may need to be synchronized between the kernel and map file before reclamation. -- buffer pages: belongs to page cache, for example, cache generated when block device files are read. +- anon\_rss: anonymous pages in user mode address spaces, for example, memory allocated by calling the malloc function or the mmap function with configured **MAP\_ANONYMOUS**. When the system memory is insufficient, this type of memory can be swapped by the kernel. +- file\_rss: mapped pages in user mode address spaces, including map file \(such as mmap of a specified file\) and map tmpfs \(such as IPC shared memory\). When the system memory is insufficient, the kernel can reclaim these pages. Data may need to be synchronized between the kernel and map file before reclamation. +- file\_cache: file cache \(page in page cache of disk file\), which is generated when a file is read or written. When the system memory is insufficient, the kernel can reclaim these pages. Data may need to be synchronized between the kernel and map file before reclamation. +- buffer pages: belongs to page cache, for example, cache generated when block device files are read. anon\_rss and file\_rss belong to the resident set size \(RSS\) of processes, and file\_cache and buffer pages belong to page cache. In brief: @@ -49,7 +39,7 @@ You do not need to modify the configuration file. When running the **lvcreate** ### Symptom When you log in to the system as user **root** and run the **rpmbuild** command to compile the MariaDB source code, the compilation fails and the following information is displayed: -``` +```sh + echo 'mysql can'\''t run test as root' mysql can't run test as root + exit 1 @@ -63,13 +53,13 @@ Use a text editor, such as vi, to modify the value of the **runtest** variable Before the modification: -``` +```conf %global runtest 1 ``` After the modification: -``` +```conf %global runtest 0 ``` @@ -93,7 +83,7 @@ Software package conflict, file conflict, or missing software packages may occur The following is an example of software package conflict error information \(the conflict between **libev-libevent-devel-4.24-11.oe1.aarch64** and **libevent-devel-2.1.11-2.oe1.aarch64** is used as an example\): -``` +```text package libev-libevent-devel-4.24-11.oe1.aarch64 conflicts with libevent-devel provided by libevent-devel-2.1.11-2.oe1.aarch64 - cannot install the best candidate for the job - conflicting requests @@ -101,7 +91,7 @@ package libev-libevent-devel-4.24-11.oe1.aarch64 conflicts with libevent-devel p The following is an example of file conflict error information \(the **/usr/bin/containerd** file conflict is used as an example\): -``` +```text Error: Transaction test error: file /usr/bin/containerd from install of containerd-1.2.0-101.oe1.aarch64 conflicts with file from package docker-engine-18.09.0-100.aarch64 file /usr/bin/containerd-shim from install of containerd-1.2.0-101.oe1.aarch64 conflicts with file from package docker-engine-18.09.0-100.aarch64 @@ -109,7 +99,7 @@ Error: Transaction test error: The following is an example of the error message indicating that the **blivet-data** software package is missing: -``` +```text Error: Problem: cannot install both blivet-data-1:3.1.1-6.oe1.noarch and blivet-data-1:3.1.1-5.noarch - package python2-blivet-1:3.1.1-5.noarch requires blivet-data = 1:3.1.1-5, but none of the providers can be installed @@ -128,7 +118,7 @@ If a software package conflict occurs, perform the following steps \(the softwar 1. According to the error message displayed during the installation, the software package that conflicts with the to-be-installed software package **libev-libevent-devel-4.24-11.oe1.aarch64** is **libevent-devel-2.1.11-2.oe1.aarch64**. 2. Run the **dnf remove** command to uninstall the software package that conflicts with the software package to be installed. - ``` + ```sh # dnf remove libevent-devel-2.1.11-2.oe1.aarch64 ``` @@ -140,7 +130,7 @@ If a file conflict occurs, perform the following steps \(the file conflict in "S 2. Record the names of the software packages that do not need to be installed. The following uses **docker-engine-18.09.0-100.aarch64** as an example. 3. Run the **dnf remove** command to uninstall the software package that does not need to be installed. - ``` + ```sh # dnf remove docker-engine-18.09.0-100.aarch64 ``` @@ -152,13 +142,13 @@ If a software package is missing, perform the following steps \(the missed softw 2. Run the **dnf remove** command to uninstall the software package that depends on the upgrade package or add the **\-\-allowerasing** parameter when upgrading the software package. - Run the **dnf remove** command to uninstall the software package that depends on the **blivet-data-1:3.1.1-5.noarch** software package. - ``` + ```sh # dnf remove python2-blivet-1:3.1.1-5.noarch ``` - Add the **\-\-allowerasing** parameter when upgrading the software package. - ``` + ```sh # yum update blivet-data-1:3.1.1-5.noarch -y --allowerasing ``` @@ -169,7 +159,7 @@ If a software package is missing, perform the following steps \(the missed softw ### Symptom When the OpenSSH software package is upgraded in default DNF update mode, a message indicating that the OpenSSH-related packages cannot be installed is displayed as follows: - ``` + ```text cannot install both openssh-7.8p1-8.oe1.aarch64 and openssh-8.2p1-5.oe1.aarch64 cannot install both openssh-7.8p1-8.oe1.aarch64 and openssh-8.2p1-4.oe1.aarch64 @@ -187,8 +177,378 @@ By default, the best mode of the DNF package manager (the corresponding paramete A **--nobest** option for DNF will be available to override or disable the default behavior, allowing the user to properly upgrade the security fix package when the package to be upgraded has dependency issues. -Open source software developers of openEuler 20.03-LTS have identified this scenario during the upgrade of the security fix version of the OpenSSH software package. It is recommended that users select a proper upgrade mode based on the preceding analysis. openEuler also provides users with specific instructions on the upgrade operation: +Open source software developers of openEuler 20.03 LTS SP4 have identified this scenario during the upgrade of the security fix version of the OpenSSH software package. It is recommended that users select a proper upgrade mode based on the preceding analysis. openEuler also provides users with specific instructions on the upgrade operation: + ```sh + dnf update -y -nobest openssh ``` - dnf update –y –nobest openssh - ``` \ No newline at end of file + +### Installing Conflicting Instances +* A file conflict occurs. + +The python3-edk2-devel.noarch file conflicts with the build.noarch file due to duplicate file names. + +```shell +# yum install python3-edk2-devel.noarch build.noarch +... +Error: Transaction test error: +file /usr/bin/build conflicts between attempted installs of python3-edk2-devel-202002-3.oe1.noarch and build-20191114-324.4.oe1.noarch +``` + +## Failed to Downgrade the libiscsi + +### Symptom + +The libiscsi-1.19.2 or a later version fails to downgrade to libiscsi-1.19.1 or an earlier version. + +```text +Error: Transaction test error: +file /usr/bin/iscsi-inq from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-ls from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-perf from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-readcapacity16 from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-swp from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-test-cu from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +``` + +### Possible Cause + +In versions earlier than the libiscsi-1.19.1, binary files such as **iscsi-xxx** are packed into the main package **libiscsi**. However, these binary files introduce the improper dependency CUnit. To solve this problem, the libiscsi-1.19.2 incorporates these binary files into a subpackage **libiscsi-utils**, and the **libiscsi** is weakly dependent on the **libiscsi-utils**. As a result, the integration of the **libiscsi-utils** is optional during mirroring. The **libiscsi** is not affected even if the **libiscsi-utils** is uninstalled or not integrated. + +When the **libiscsi-utils** is installed in the system, it will not downgrade because the libiscsi-1.19.1 or an earlier version that downgrades from the libiscsi-1.19.2 or a later version cannot provide the corresponding libiscsi-utils. However, **libiscsi-utils** depends on the main package **libiscsi** that has been generated before the downgrade. As a result, the dependency problem cannot be resolved and the downgrade fails. + +### Solution + +Run the following command to uninstall the **libiscsi-utils** and then perform the downgrade: + +```sh +yum remove libiscsi-utils +``` + +## Failed to Downgrade the xfsprogs + +### Symptom + +xfsprogs-5.6.0-2 or a later version fails to downgrade to xfsprogs-5.6.0-1 or an earlier version. + +```text +Error: +Problem: problem with installed package xfsprogs-xfs_scrub-5.6.0-2.oe1.x86_64 +- package xfsprogs-xfs_scrub-5.6.0-2.oe1.x86_64 requires xfsprogs = 5.6.0-2.oe1, but none of the providers can be installed +- cannot install both xfsprogs-5.6.0-1.oe1.x86_64 and xfsprogs-5.6.0-2.oe1.x86_64 +- cannot install both xfsprogs-5.6.0-2.oe1.x86_64 and xfsprogs-5.6.0-1.oe1.x86_64 +- conflicting requests +``` + +### Possible Cause + +To reduce the dependency of the **xfsprogs** main package, the xfsprogs-5.6.0-2 version separates the **xfs\_scrub\*** command from the main package and incorporates the command into a subpackage **xfsprogs-xfs\_scrub**. The **xfsprogs** main package is weakly dependent on the **xfsprogs-xfs\_scrub**. As a result, the integration or uninstallation of the **xfsprogs-xfs\_scrub** is optional during mirroring. The xfsprogs main package is not affected even if the **xfsprogs-xfs\_scrub** is uninstalled or not integrated. + +When the **xfsprogs-xfs\_scrub** is installed in the system, it will not downgrade because the xfsprogs-5.6.0-1 or an earlier version that downgrades from the xfsprogs-5.6.0-2 or a later version cannot provide the corresponding xfsprogs-xfs\_scrub. However, **xfsprogs-xfs\_scrub** depends on the xfsprogs main package that has been generated before the downgrade. As a result, the dependency problem cannot be resolved and the downgrade fails. + +### Solution + +Run the following command to uninstall the **xfsprogs-xfs\_scrub** subpackage and then perform the downgrade: + +```sh +yum remove xfsprogs-xfs_scrub +``` + +## ReDoS Caused by Improper Use of glibc Regular Expressions + +### Symptom + +When the regcomp and regexec interfaces of glibc are used for programming, or shell commands that use glibc regular expressions, such as **grep** and **sed**, are executed, improper regular expressions or input may cause the regular expression denial of service (ReDoS) (CVE-2019-9192/CVE-2018-28796). The typical regular expression pattern is the combination of reverse reference (indicated by **\\1**), **\*** (zero match or multiple matches), **+** (one match or multiple matches), and **{m,n}** (m: minimum number of matches; n: maximum number of matches). You can also enter an ultra-long character string together with the regular expression. Examples are shown as follows: + +```sh +# echo D | grep -E "$(printf '(\0|)(\\1\\1)*')"Segmentation fault (core dumped) +# grep -E "$(printf '(|)(\\1\\1)*')" +Segmentation fault (core dumped) +# echo A | sed '/\(\)\(\1\1\)*/p' +Segmentation fault (core dumped) +# time python -c 'print "a"*40000' | grep -E "a{1,32767}" +Segmentation fault (core dumped) +# time python -c 'print "a"*40900' | grep -E "(a)\\1" +Segmentation fault (core dumped) +``` + +### Possible Cause + +A core dump occurs on the process that uses the regular expression. This occurs because the glibc regular expression is implemented using the hybrid DFA-NFA algorithm. The internal principle is to use the greedy algorithm for recursive search to match as many character strings as possible. The greedy algorithm causes the ReDoS when processing recursive regular expressions. + +### Solution + +1. Strictly control the user permission to reduce the scope of attack. +2. Ensure that the regular expression is correct. Do not enter an invalid regular expression or a combination that may trigger infinite recursion, such as an ultra-long character string accompanied with **\\1** or **\***. + ```sh + # ()(\1\1)* + # "a"*400000 + ``` +3. After detecting a process exception in the program, restart the process to restore services, which helps improve program reliability. + +## A Cache File Exists when Files Are Edited Using Emacs. + +### Symptom + +If Emacs is not configured, a cache file ending with **~** exists after the edited file is saved. + +### Possible Cause + +If Emacs is not configured or no valid configuration file is generated, a cache file will exist. The cache file is used to prevent data loss caused by unexpected system shutdown. You can determine whether to enable this function. + +### Solution + +1. After Emacs is installed, the Emacs page is displayed. + +2. Press **Alt+X** on the Emacs page. + +3. After entering **customize**, you can set any function. After the function is set, an **.emacs** configuration file is generated, and the path of the configuration file is displayed, for example, **/root/.emacs**. (The **.emacs** file that you create does not support this function.) + +4. If you need to modify the cache file configuration, use either of the following methods: + + * Copy the following code to **/root/.emacs** to disable the cache file function: + + ```sh + (setq make-backup-files nil) + ``` + * Copy the following code to **/root/.emacs** and specify the directory for storing backup files: + + ```sh + (setq backup-directory-alist (quote (("." . "/.emacs-backups")))) + ``` + + +## The Error Message "Failed to make ourselves RT: Operation not permitted" Is Displayed when the rtkit-daemon Service Is Started + +### Symptom + +By default, the rtkit-daemon service is started properly. However, if you start the rtkit-daemon service with the Docker Engine installed, the following error message is displayed: + +```text +12月 18 09:34:15 openEuler systemd[1]: Started RealtimeKit Scheduling Policy Service. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Successfully called chroot. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Successfully dropped privileges. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Successfully limited resources. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Running. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Canary thread running. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Failed to make ourselves RT: Operation not permitted +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Watchdog thread running. +``` + +### Possible Cause + +The error occurs because services, such as docker service, are set to **Delegate=yes**. + +If this parameter is not set, the rtkit-daemon service runs normally with the following cgroup information: + +```sh +[root@openEuler ~]# cat /proc/pidof rtkit-daemon/cgroup | grep system +12:pids:/system.slice/rtkit-daemon.service +7:devices:/system.slice/rtkit-daemon.service +5:memory:/system.slice/rtkit-daemon.service +2:blkio:/system.slice +1:name=systemd:/system.slice/rtkit-daemon.service +``` + +If **Delegate=yes** is set, the systemd creates a slice and moves the CPU cgroup to the slice. In this case, the cgroup information of the rtkit-daemon service is as follows. The rtkit-daemon is moved to **3:cpu,cpuacct:/system.slice/rtkit-daemon.service**, but the value of **cpu.rt\_runtime\_us** is not properly set. As a result, an error is reported. + +```sh +[root@openEuler ~]# cat /proc/pidof rtkit-daemon/cgroup | grep system +12:pids:/system.slice/rtkit-daemon.service +7:devices:/system.slice/rtkit-daemon.service +5:memory:/system.slice/rtkit-daemon.service +3:cpu,cpuacct:/system.slice/rtkit-daemon.service +2:blkio:/system.slice/rtkit-daemon.service +1:name=systemd:/system.slice/rtkit-daemon.service +``` + +### Solution + +Method 1: Use the default CPU cgroup configuration by modifying the rtkit-daemon service and adding the following configuration: + +```conf +Slice=-.slice +DisableControllers=cpu cpuacct +``` + +Method 2: Configure scheduling parameters as required by modifying the rtkit-daemon service and adding the following configuration: + +```conf +ExecStartPre=/usr/bin/bash -c "mkdir -p /sys/fs/cgroup/cpu,cpuacct/system.slice/rtkit-daemon.service" +ExecStartPre=/usr/bin/bash -c "echo 950000 > /sys/fs/cgroup/cpu,cpuacct/system.slice/cpu.rt_runtime_us" +ExecStartPre=/usr/bin/bash -c "echo 950000 > /sys/fs/cgroup/cpu,cpuacct/system.slice/rtkit-daemon.service/cpu.rt_runtime_us" +``` + +## Failed to Reboot the System After It Is Fully Upgraded from 20.03 LTS to 20.03 LTS SP4 Using the `dnf update` Command + +### Symptom + +The **/boot** directory does not have a dedicated partition in the Legacy boot mode of the x86_64 architecture. When being fully upgraded from 20.03-LTS to 20.03 LTS SP4 using `dnf` and the software package, the system is successfully upgraded but the reboot fails. The following information is displayed: + +```text +error: ../../grub-core/fs/fshelp.c:258:file +'/vmlinuz-4.19.90-2012.5.0.0054.oe1.x86_64' +not found. +error: ../../grub-core/loader/i386/pc/linux.c:417:you need to load the kernel first. + +Press any key to continue... +``` + +### Possible Cause + +In 20.03 LTS or earlier, the .cfg files are used by default. In 20.03 LTS SP4, after GRUB2 is upgraded to 2.04, the .cfg files are converted to blscfg files by default. However, openEuler does not support blscfg files. In this case, the kernel cannot be found based on the **grub.cfg** file during the restart, and the boot fails. Developers of the openEuler community are seeking to change the default settings to prevent boot failure caused by the .cfg format problem after the upgrade using the software package. + +### Solution + +1. On the boot screen, press **E** and change the paths of **linux** and **initrd** in the GRUB2 configurations. + + ```text + linux ($root)/vmlinuz-4.19-xxx root=xxx --->>> linux ($root)/boot/vmlinuz-4.19-xxx root=xxx + initrd ($root)/initramfs-4.19-xxx --->>> initrd ($root)/boot/initramfs-4.19-xxx + ``` + + Press **Ctrl+X** to boot the system. + +2. Reinstall grub2-2.04-8 or later. + +3. Execute `grub2-mkconfig -o /boot/grub2/grub.cfg` to regenerate the .cfg file. + +4. Restart the system again. The system is successfully booted. + +## The httpd Service Fails to Be Started After the Version Is Upgraded + +### Symptom + +When an earlier version is upgraded to the latest version, http.service fails to be started. + +### Possible Cause + +When SELinux is enabled and the **mod_md** subpackage of httpd is installed in the environment to be upgraded, http.service fails to be started after the system is upgraded to the latest version. View **/var/log/messags**. The log is as follows: + +```text +openEuler setroubleshoot[****]: SELinux is preventing /usr/sbin/httpd from add_name access on the directory md. +... +openEuler setroubleshoot[****]: SELinux is preventing httpd from setattr access on the directory challenges. +``` + +The preceding log indicates that the SELinux prevents the httpd process from performing operations on the **md/challenges** directory. In this case, when SELinux is enabled and the **mod_md** subpackage is installed, you need to modify the SELinux configuration. Otherwise, http.service fails to be started due to the SELinux permission control. + +### Solution + +1. Run the following command to allow httpd to access the network: + + ```sh + # setsebool -P httpd_can_network_connect on + ``` + +2. Create the **httpd-md.te** file to describe the permission to access resources. The file content is as follows: + + ```sh + # create new + module httpd-md 1.0; + + require { + type httpd_config_t; + type httpd_t; + class dir { add_name create remove_name rename reparent rmdir setattr }; + class file { create rename setattr unlink write }; + } + + #============= httpd_t ============== + allow httpd_t httpd_config_t:dir { add_name create remove_name rename reparent rmdir setattr }; + allow httpd_t httpd_config_t:file { create rename setattr unlink write }; + ``` + +3. Check and compile the security policy file. + + ```sh + # checkmodule -m -M -o httpd-md.mod httpd-md.te + ``` + +4. Create a security policy module. + + ```sh + # semodule_package --outfile httpd-md.pp --module httpd-md.mod + ``` + +5. Install the security policy module. + + ```sh + # semodule -i httpd-md.pp + ``` + +6. Restart httpd.service. + + ```sh + # systemctl status httpd.service + ``` + +## Upgrade and Downgrade Issues of fuse 2.9.9-4 and fuse3 3.9.2-4 + +### Symptom + +1. When `dnf upgrade fuse fuse-common fuse3` is executed, the upgrade fails. +2. When `dnf downgrade fuse` is executed, the fuse3 is downgraded or installed. +3. When `dnf downgrade fuse3` is executed, the fuse is downgraded. + +### Possible Cause + +1. In versions earlier than fuse 2.9.9-3, both the fuse and fuse3 obsolete the fuse-common. When the package dependencies are parsed in sequence, the fuse-common fails to be upgraded because the fuse-common is obsoleted by the fuse3. +2. When the fuse is downgraded, the fuse-common is also downgraded. In versions earlier than fuse 2.9.9-3 and fuse3 3.9.2-3, the fuse-common package is contained. When the fuse-common is downgraded, the fuse3 is degraded or installed because the old version of the fuse-common is contained in the fuse3. +3. When the fuse3 is downgraded, the fuse-common is also downgraded. In versions earlier than fuse 2.9.9-3 and fuse3 3.9.2-3, the fuse-common package is contained. When the fuse-common is downgraded, the fuse is also downgraded because the old version of the fuse-common is contained in the fuse. + +### Solution + +1. Execute `dnf upgrade fuse` to upgrade the fuse, and `dnf fuse fuse3 fuse-common` to upgrade the fuse3. +2. No measure needs to be taken. +3. No measure needs to be taken. + +## An Error Is Reported When gdbm-devel Is Installed or Uninstalled During the Installation and Uninstallation of httpd-devel and apr-util-devel + +### Symptom + +1. An error is reported when gdbm-devel-1.18.1-1 is installed or uninstalled. +2. After the error is rectified, gdbm and gdbm-devel are upgraded to the 1.18.1-2 version. However, the default version of gdbm-devel is still 1.18.1-1 when httpd-devel and apr-util-devel (dependent on gdbm-devel) are installed. As a result, the error persists. + +### Possible Cause + +1. The gdbm-devel-1.18.1-1 package does not contain the help package that provides `info`. As a result, the help package cannot be introduced when gdbm-devel is installed independently, and the following alarm information is displayed: + + ```text + install-info: No such file or directory for /usr/share/info/gdbm.info.gz + ``` + +2. By default, the gdbm-1.18.1-1 main package is installed in the system, but the gdbm-devel package is not installed. The software packages depending on gdbm-devel still match the version of the gdbm main package and install gdbm-devel-1.18.1-1. As a result, the error persists. + +### Solution + +1. Install gdbm-1.18.1-2 to upgrade gdbm. The error is rectified. +2. Upgrade gdbm, and then install gdbm-devel to make it depend on the gdbm of the later version. The error is rectified. + +## An Exception Log Is Generated During bind Upgrade + +### Symptom +An exception log is generated during **bind** upgrade: **ImportError: cannot import name 'IbpkeyconRange' from 'setools.policyrep'**. As a result, the `semanage` command fails to be executed during the upgrade. +```text + File "/usr/lib64/python3.7/site-packages/setools/__init__.py", line 31, in + from .policyrep import SELinuxPolicy, BoundsRuletype, ConstraintRuletype, DefaultRuletype, \ +ImportError: cannot import name 'IbpkeyconRange' from 'setools.policyrep' (/usr/lib64/python3.7/site-packages/setools/policyrep/__init__.py) +``` + +### Possible Cause +In the full upgrade process, all software packages are upgraded to the new version, and then the files of the old version are deleted. The **policyrep** module belongs to the **python3-setools** software package. The structure of the **setools** package has been changed as follows: +- In versions earlier than **setools-4.2.0**, the **policyrep** module is in the **/usr/lib64/python3.7/site-packages/setools/policyrep** directory. +- In the stable community version **setools-4.2.0** and later versions, the **policyrep** module is integrated into the dynamic library **/usr/lib64/python3.7/site-packages/setools/policyrep.cpython-37m-aarch64-linux-gnu.so**. + +During the full upgrade, both the preceding modules exist during the **bind** upgrade. When searching for the **policyrep** module, the mechanism of Python preferentially searches the **policyrep** directory. As a result, the file of the old version is found and the `semanage` command fails to be executed.**bind** executes the `semanage` command in the following **post** and **postun** processing statements. If you need to configure the SELinux policy, the execution failure will affect the SELinux policy configuration. +- **post** processing: +```conf +%selinux_set_booleans named_write_master_zones=1 +``` +- **postun** processing: +```conf +%selinux_unset_booleans named_write_master_zones=1 +``` + +### Solution +**bind** can be upgraded to the new version, but the execution of the `semanage` command during the upgrade is affected. Run the `dnf -y reinstall bind` command to reinstall the **bind** software package so that the SELinux policy configurations related to **bind** is not affected. diff --git a/docs/en/docs/Administration/figures/etmem-system-architecture-en.png b/docs/en/docs/Administration/figures/etmem-system-architecture-en.png new file mode 100644 index 0000000000000000000000000000000000000000..146a3618135712cb66feb3fc399a7549c636bd92 Binary files /dev/null and b/docs/en/docs/Administration/figures/etmem-system-architecture-en.png differ diff --git a/docs/en/docs/Administration/managing-hard-disks-through-lvm.md b/docs/en/docs/Administration/managing-hard-disks-through-lvm.md index 10e5910556072e84aefd1d61cecf406d0f0d2fb0..2d227a880cd976d1c4e638319be6432790d6878c 100644 --- a/docs/en/docs/Administration/managing-hard-disks-through-lvm.md +++ b/docs/en/docs/Administration/managing-hard-disks-through-lvm.md @@ -1,7 +1,7 @@ -# Managing Hard Disks Through LVM +# Managing Drives Through LVM -- [Managing Hard Disks Through LVM](#managing-hard-disks-through-lvm) +- [Managing Drives Through LVM](#managing-drives-through-lvm) - [LVM Overview](#lvm-overview) - [Basic Terms](#basic-terms) - [Installing the LVM](#installing-the-lvm) @@ -31,433 +31,446 @@ - ## LVM Overview -Logical Volume Manager \(LVM\) is a mechanism used for managing disk partitions in Linux. By adding a logical layer between disks and file systems, LVM shields the disk partition layout for file systems, thereby improving flexibility in managing disk partitions. +Logical Volume Manager \(LVM\) is a mechanism used for managing drive partitions in Linux. By adding a logical layer between drives and file systems, LVM shields the drive partition layout for file systems, thereby improving flexibility in managing drive partitions. -The procedure of managing a disk through LVM is as follows: +The procedure of managing a drive through LVM is as follows: -1. Create physical volumes for a disk. -2. Combine several physical volumes into a volume group. -3. Create logical volumes in the volume group. -4. Create file systems on logical volumes. +1. Create physical volumes for a drive. +2. Combine several physical volumes into a volume group. +3. Create logical volumes in the volume group. +4. Create file systems on logical volumes. -When disks are managed using LVM, file systems are distributed on multiple disks and can be easily resized as needed. Therefore, file system space will no longer be limited by disk capacities. +When drives are managed using LVM, file systems are distributed on multiple drives and can be easily resized as needed. Therefore, file system space will no longer be limited by drive capacities. ### Basic Terms -- Physical media: refers to physical storage devices in the system, such as hard disks \(**/dev/hda** and **/dev/sda**\). It is the storage unit at the lowest layer of the storage system. -- Physical volume \(PV\): refers to a disk partition or device \(such as a RAID\) that has the same logical functions as a disk partition. PVs are basic logical storage blocks of LVM. A PV contains a special label that is stored in the second 512-byte sector by default. It can also be stored in one of the first four sectors. A label contains the universal unique identifier \(UUID\) of the PV, size of the block device, and the storage location of LVM metadata in the device. +- Physical media: refers to physical storage devices in the system, such as drives \(**/dev/hda** and **/dev/sda**\). It is the storage unit at the lowest layer of the storage system. + +- Physical volume \(PV\): refers to a drive partition or device \(such as a RAID\) that has the same logical functions as a drive partition. PVs are basic logical storage blocks of LVM. A PV contains a special label that is stored in the second 512-byte sector by default. It can also be stored in one of the first four sectors. A label contains the universal unique identifier \(UUID\) of the PV, size of the block device, and the storage location of LVM metadata in the device. -- Volume group \(VG\): consists of PVs and shields the details of underlying PVs. You can create one or more logical volumes within a VG without considering detailed PV information. +- Volume group \(VG\): consists of PVs and shields the details of underlying PVs. You can create one or more logical volumes within a VG without considering detailed PV information. -- Logical volume \(LV\): A VG cannot be used directly. It can be used only after being partitioned into LVs. LVs can be formatted into different file systems and can be directly used after being mounted. +- Logical volume \(LV\): A VG cannot be used directly. It can be used only after being partitioned into LVs. LVs can be formatted into different file systems and can be directly used after being mounted. -- Physical extent \(PE\): A PE is a small storage unit in a PV. The PE size is the same as the size of the logical extent in the VG. +- Physical extent \(PE\): A PE is a small storage unit in a PV. The PE size is the same as the size of the logical extent in the VG. -- Logical extent \(LE\): An LE is a small storage unit in an LV. In one VG, the LEs of all the LVs have the same size. +- Logical extent \(LE\): An LE is a small storage unit in an LV. In one VG, the LEs of all the LVs have the same size. ## Installing the LVM ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The LVM has been installed on the openEuler OS by default. You can run the **rpm -qa | grep lvm2** command to check whether it is installed. If the command output contains "lvm2", the LVM has been installed. In this case, skip this section. If no information is output, the LVM is not installed. Install it by referring to this section. -1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). -2. Clear the cache. +1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.md). +2. Clear the cache. - ``` - $ dnf clean all + ```bash + dnf clean all ``` -3. Create a cache. +3. Create a cache. - ``` - $ dnf makecache + ```bash + dnf makecache ``` -4. Install the LVM as the **root** user. +4. Install the LVM as the **root** user. - ``` - # dnf install lvm2 + ```bash + dnf install lvm2 ``` -5. Check the installed RPM package. +5. Check the installed RPM package. + ```bash + rpm -qa | grep lvm2 ``` - $ rpm -qa | grep lvm2 - ``` - ## Managing PVs ### Creating a PV + Run the **pvcreate** command as the **root** user to create a PV. -``` +```bash pvcreate [option] devname ... ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-f**: forcibly creates a PV without user confirmation. - - **-u**: specifies the UUID of the device. - - **-y**: answers yes to all questions. +- _option_: command parameter options. Common parameter options are as follows: + - **-f**: forcibly creates a PV without user confirmation. + - **-u**: specifies the UUID of the device. + - **-y**: answers yes to all questions. -- _devname_: specifies the name of the device corresponding to the PV to be created. If multiple PVs need to be created in batches, set this option to multiple device names and separate the names with spaces. +- _devname_: specifies the name of the device corresponding to the PV to be created. If multiple PVs need to be created in batches, set this option to multiple device names and separate the names with spaces. Example 1: Create PVs based on **/dev/sdb** and **/dev/sdc**. -``` -# pvcreate /dev/sdb /dev/sdc +```bash +pvcreate /dev/sdb /dev/sdc ``` Example 2: Create PVs based on **/dev/sdb1** and **/dev/sdb2**. -``` -# pvcreate /dev/sdb1 /dev/sdb2 +```bash +pvcreate /dev/sdb1 /dev/sdb2 ``` ### Viewing a PV + Run the **pvdisplay** command as the **root** user to view PV information, including PV name, VG to which the PV belongs, PV size, PE size, total number of PEs, number of available PEs, number of allocated PEs, and UUID. -``` +```bash pvdisplay [option] devname ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-s**: outputs information in short format. - - **-m**: displays the mapping from PEs to LEs. +- _option_: command parameter options. Common parameter options are as follows: + - **-s**: outputs information in short format. + - **-m**: displays the mapping from PEs to LEs. -- _devname_: indicates the device corresponding to the PV to be viewed. If no PVs are specified, information about all PVs is displayed. +- _devname_: indicates the device corresponding to the PV to be viewed. If no PVs are specified, information about all PVs is displayed. Example: Run the following command to display the basic information about the PV **/dev/sdb**: -``` -# pvdisplay /dev/sdb +```bash +pvdisplay /dev/sdb ``` ### Modifying PV Attributes + Run the **pvchange** command as the **root** user to modify the attributes of a PV. -``` +```bash pvchange [option] pvname ... ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-u**: generates a new UUID. - - **-x**: indicates whether PE allocation is allowed. +- _option_: command parameter options. Common parameter options are as follows: + - **-u**: generates a new UUID. + - **-x**: indicates whether PE allocation is allowed. -- _pvname_: specifies the name of the device corresponding to the PV to be modified. If multiple PVs need to be modified in batches, set this option to multiple device names and separate the names with spaces. +- _pvname_: specifies the name of the device corresponding to the PV to be modified. If multiple PVs need to be modified in batches, set this option to multiple device names and separate the names with spaces. -Example: Run the following command to prohibit PEs on the PV **/dev/sdb** from being allocated. +Example: Run the following command to prohibit PEs on the PV **/dev/sdb** from being allocated. Running `pvdisplay` for a PV that is not added to a VG will return the **Allocatable** attribute with the value **NO**. You need to add the PV to a VG before you can change the attribute. -``` -# pvchange -x n /dev/sdb +```bash +pvchange -x n /dev/sdb ``` ### Deleting a PV + Run the **pvremove** command as the **root** user to delete a PV. -``` +```bash pvremove [option] pvname ... ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-f**: forcibly deletes a PV without user confirmation. - - **-y**: answers yes to all questions. +- _option_: command parameter options. Common parameter options are as follows: + - **-f**: forcibly deletes a PV without user confirmation. + - **-y**: answers yes to all questions. -- _pvname_: specifies the name of the device corresponding to the PV to be deleted. If multiple PVs need to be deleted in batches, set this option to multiple device names and separate the names with spaces. +- _pvname_: specifies the name of the device corresponding to the PV to be deleted. If multiple PVs need to be deleted in batches, set this option to multiple device names and separate the names with spaces. -Example: Run the following command to delete the PV **/dev/sdb**: +Example: Run the following command to delete the PV **/dev/sdb**. If the PV has been added to a VG, you need to delete the VG or remove the PV from the VG in advance. -``` -# pvremove /dev/sdb +```bash +pvremove /dev/sdb ``` ## Managing VGs ### Creating a VG + Run the **vgcreate** command as the **root** user to create a VG. -``` +```bash vgcreate [option] vgname pvname ... ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-l**: specifies the maximum number of LVs that can be created on the VG. - - **-p**: specifies the maximum number of PVs that can be added to the VG. - - **-s**: specifies the PE size of a PV in the VG. +- _option_: command parameter options. Common parameter options are as follows: + - **-l**: specifies the maximum number of LVs that can be created on the VG. + - **-p**: specifies the maximum number of PVs that can be added to the VG. + - **-s**: specifies the PE size of a PV in the VG. -- _vgname_: name of the VG to be created. -- _pvname_: name of the PV to be added to the VG. +- _vgname_: name of the VG to be created. +- _pvname_: name of the PV to be added to the VG. Example: Run the following command to create VG **vg1** and add the PVs **/dev/sdb** and **/dev/sdc** to the VG. -``` -# vgcreate vg1 /dev/sdb /dev/sdc +```bash +vgcreate vg1 /dev/sdb /dev/sdc ``` ### Viewing a VG + Run the **vgdisplay** command as the **root** user to view VG information. -``` +```bash vgdisplay [option] [vgname] ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-s**: outputs information in short format. - - **-A**: displays only attributes of active VGs. +- _option_: command parameter options. Common parameter options are as follows: + - **-s**: outputs information in short format. + - **-A**: displays only attributes of active VGs. -- _vgname_: name of the VG to be viewed. If no VGs are specified, information about all VGs is displayed. +- _vgname_: name of the VG to be viewed. If no VGs are specified, information about all VGs is displayed. Example: Run the following command to display the basic information about VG **vg1**: -``` -# vgdisplay vg1 +```bash +vgdisplay vg1 ``` ### Modifying VG Attributes + Run the **vgchange** command as the **root** user to modify the attributes of a VG. -``` +```bash vgchange [option] vgname ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-a**: sets the active status of the VG. +- _option_: command parameter options. Common parameter options are as follows: + - **-a**: sets the active status of the VG. -- _vgname_: name of the VG whose attributes are to be modified. +- _vgname_: name of the VG whose attributes are to be modified. Example: Run the following command to change the status of **vg1** to active. -``` -# vgchange -ay vg1 +```bash +vgchange -ay vg1 ``` ### Extending a VG + Run the **vgextend** command as the **root** user to dynamically extend a VG. In this way, the VG size is extended by adding PVs to the VG. -``` +```bash vgextend [option] vgname pvname ... ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **dev**: debugging mode. - - **-t**: test only. +- _option_: command parameter options. Common parameter options are as follows: + - **dev**: debugging mode. + - **-t**: test only. -- _vgname_: name of the VG whose size is to be extended. -- _pvname_: name of the PV to be added to the VG. +- _vgname_: name of the VG whose size is to be extended. +- _pvname_: name of the PV to be added to the VG. Example: Run the following command to add PV **/dev/sdb** to VG **vg1**: -``` -# vgextend vg1 /dev/sdb +```bash +vgextend vg1 /dev/sdb ``` ### Shrinking a VG + Run the **vgreduce** command as the **root** user to delete PVs from a VG to reduce the VG size. A VG must contain at least one PV. -``` +```bash vgreduce [option] vgname pvname ... ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-a**: If no PVs are specified in the command, all empty PVs are deleted. - - **\-\-removemissing**: deletes lost PVs in the VG to restore the VG to the normal state. +- _option_: command parameter options. Common parameter options are as follows: + - **-a**: If no PVs are specified in the command, all empty PVs are deleted. + - **\-\-removemissing**: deletes lost PVs in the VG to restore the VG to the normal state. -- _vgname_: name of the VG to be shrunk. -- _pvname_: name of the PV to be deleted from the VG. +- _vgname_: name of the VG to be shrunk. +- _pvname_: name of the PV to be deleted from the VG. Example: Run the following command to remove PV **/dev/sdb2** from VG **vg1**: -``` -# vgreduce vg1 /dev/sdb2 +```bash +vgreduce vg1 /dev/sdb2 ``` ### Deleting a VG + Run the **vgremove** command as the **root** user to delete a VG. -``` +```bash vgremove [option] vgname ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-f**: forcibly deletes a VG without user confirmation. +- _option_: command parameter options. Common parameter options are as follows: + - **-f**: forcibly deletes a VG without user confirmation. -- _vgname_: name of the VG to be deleted. +- _vgname_: name of the VG to be deleted. Example: Run the following command to delete VG **vg1**. -``` -# vgremove vg1 +```bash +vgremove vg1 ``` ## Managing LVs ### Creating an LV + Run the **lvcreate** command as the **root** user to create an LV. -``` +```bash lvcreate [option] vgname ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-L**: specifies the size of the LV in kKmMgGtT. - - **-l**: specifies the size of the LV \(number of LEs\). - - **-n**: specifies the name of the LV to be created. - - **-s**: creates a snapshot. +- _option_: command parameter options. Common parameter options are as follows: + - **-L**: specifies the size of the LV in kKmMgGtT. + - **-l**: specifies the size of the LV \(number of LEs\). + - **-n**: specifies the name of the LV to be created. + - **-s**: creates a snapshot. -- _vgname_: name of the VG to be created. +- _vgname_: name of the VG to be created. Example 1: Run the following command to create a 10 GB LV in VG **vg1**. -``` -# lvcreate -L 10G vg1 +```bash +lvcreate -L 10G vg1 ``` Example 2: Run the following command to create a 200 MB LV in VG **vg1** and name the LV **lv1**. -``` -# lvcreate -L 200M -n lv1 vg1 +```bash +lvcreate -L 200M -n lv1 vg1 ``` ### Viewing an LV + Run the **lvdisplay** command as the **root** user to view the LV information, including the size of the LV, its read and write status, and snapshot information. -``` +```bash lvdisplay [option] [lvname] ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - -- **-v**: displays the mapping from LEs to PEs. - -- _lvname_: device file corresponding to the LV whose attributes are to be displayed. If this option is not set, attributes of all LVs are displayed. +- _option_: command parameter options. Common parameter options are as follows: + - **-v**: displays the mapping from LEs to PEs. - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >Device files corresponding to LVs are stored in the VG directory. For example, if LV **lv1** is created in VG **vg1**, the device file corresponding to **lv1** is **/dev/vg1/lv1**. +- _lvname_: device file corresponding to the LV whose attributes are to be displayed. If this option is not set, attributes of all LVs are displayed. + >![](./public_sys-resources/icon-note.gif) **NOTE:** + >Device files corresponding to LVs are stored in the VG directory. For example, if LV **lv1** is created in VG **vg1**, the device file corresponding to **lv1** is **/dev/vg1/lv1**. Example: Run the following command to display the basic information about LV **lv1**: -``` -# lvdisplay /dev/vg1/lv1 +```bash +lvdisplay /dev/vg1/lv1 ``` ### Adjusting the LV Size + Run the **lvresize** command as the **root** user to increase or reduce the size of an LVM LV. This may cause data loss. Therefore, exercise caution when running this command. -``` +```bash lvresize [option] vgname ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-L**: specifies the size of the LV in kKmMgGtT. - - **-l**: specifies the size of the LV \(number of LEs\). - - **-f**: forcibly adjusts the size of the LV without user confirmation. +- _option_: command parameter options. Common parameter options are as follows: + - **-L**: specifies the size of the LV in kKmMgGtT. + - **-l**: specifies the size of the LV \(number of LEs\). + - **-f**: forcibly adjusts the size of the LV without user confirmation. -- _lvname_: name of the LV to be adjusted. +- _lvname_: name of the LV to be adjusted. Example 1: Run the following command to increase the size of LV **/dev/vg1/lv1** by 200 MB. -``` -# lvresize -L +200 /dev/vg1/lv1 +```bash +lvresize -L +200 /dev/vg1/lv1 ``` Example 2: Run the following command to reduce the size of LV **/dev/vg1/lv1** by 200 MB. -``` -# lvresize -L -200 /dev/vg1/lv1 +```bash +lvresize -L -200 /dev/vg1/lv1 ``` ### Extending an LV + Run the **lvextend** command as the **root** user to dynamically extend the size of an LV online without interrupting the access of applications to the LV. -``` +```bash lvextend [option] lvname ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-L**: specifies the size of the LV in kKmMgGtT. - - **-l**: specifies the size of the LV \(number of LEs\). - - **-f**: forcibly adjusts the size of the LV without user confirmation. +- _option_: command parameter options. Common parameter options are as follows: + - **-L**: specifies the size of the LV in kKmMgGtT. + - **-l**: specifies the size of the LV \(number of LEs\). + - **-f**: forcibly adjusts the size of the LV without user confirmation. -- _lvname_: device file of the LV whose size is to be extended. +- _lvname_: device file of the LV whose size is to be extended. Example: Run the following command to increase the size of LV **/dev/vg1/lv1** by 100 MB. -``` -# lvextend -L +100M /dev/vg1/lv1 +```bash +lvextend -L +100M /dev/vg1/lv1 ``` ### Shrinking an LV + Run the **lvreduce** command as the **root** user to reduce the size of an LV. This may delete existing data on the LV. Therefore, confirm whether the data can be deleted before running the command. -``` +```bash lvreduce [option] lvname ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-L**: specifies the size of the LV in kKmMgGtT. - - **-l**: specifies the size of the LV \(number of LEs\). - - **-f**: forcibly adjusts the size of the LV without user confirmation. +- _option_: command parameter options. Common parameter options are as follows: + - **-L**: specifies the size of the LV in kKmMgGtT. + - **-l**: specifies the size of the LV \(number of LEs\). + - **-f**: forcibly adjusts the size of the LV without user confirmation. -- _lvname_: device file of the LV whose size is to be extended. +- _lvname_: device file of the LV whose size is to be extended. Example: Run the following command to reduce the space of LV **/dev/vg1/lvl** by 100 MB: -``` -# lvreduce -L -100M /dev/vg1/lv1 +```bash +lvreduce -L -100M /dev/vg1/lv1 ``` ### Deleting an LV + Run the **lvremove** command as the **root** user to delete an LV. If the LV has been mounted by running the **mount** command, you need to run the **umount** command to unmount the LV before running the **lvremove** command. -``` -lvremove [option] vgname +```bash +lvremove [option] lvname ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-f**: forcibly deletes an LV without user confirmation. +- _option_: command parameter options. Common parameter options are as follows: + - **-f**: forcibly deletes an LV without user confirmation. -- _vgname_: name of the LV to be deleted. +- _lvname_: device name of the LV to be deleted. Example: Run the following command to delete LV **/dev/vg1/lv1**. -``` -# lvremove /dev/vg1/lv1 +```bash +lvremove /dev/vg1/lv1 ``` ## Creating and Mounting a File System @@ -465,92 +478,97 @@ Example: Run the following command to delete LV **/dev/vg1/lv1**. After creating an LV, you need to create a file system on the LV and mount the file system to the corresponding directory. ### Creating a File System + Run the **mkfs** command as the **root** user to create a file system. -``` +```bash mkfs [option] lvname ``` In the preceding information: -- _option_: command parameter options. Common parameter options are as follows: - - **-t**: specifies the type of the Linux system to be created, such as **ext2**, **ext3**, and **ext4**. The default type is **ext2**. +- _option_: command parameter options. Common parameter options are as follows: + - **-t**: specifies the type of the Linux file system to be created, such as **ext2**, **ext3**, and **ext4**. The default type is **ext2**. -- _lvname_: name of the LV device file corresponding to the file system to be created. +- _lvname_: name of the LV device file corresponding to the file system to be created. Example: Run the following command to create the **ext4** file system on LV **/dev/vg1/lv1**: -``` -# mkfs -t ext4 /dev/vg1/lv1 +```bash +mkfs -t ext4 /dev/vg1/lv1 ``` ### Manually Mounting a File System + The file system that is manually mounted is not valid permanently. It does not exist after the OS is restarted. Run the **mount** command as the **root** user to mount a file system. -``` +```bash mount lvname mntpath ``` In the preceding information: -- _lvname_: name of the LV device file corresponding to the file system to be mounted. -- _mntpath_: mount path. +- _lvname_: name of the LV device file corresponding to the file system to be mounted. +- _mntpath_: mount path. Example: Run the following command to mount LV **/dev/vg1/lv1** to the directory **/mnt/data**. -``` -# mount /dev/vg1/lv1 /mnt/data +```bash +mount /dev/vg1/lv1 /mnt/data ``` ### Automatically Mounting a File System + A file system that is automatically mounted does not exist after the OS is restarted. You need to manually mount the file system again. If you perform the following steps as the **root** user after manually mounting the file system, the file system can be automatically mounted after the OS is restarted. -1. Run the **blkid** command to query the UUID of an LV. The following uses LV **/dev/vg1/lv1** as an example: +1. Run the **blkid** command to query the UUID of an LV. The following uses LV **/dev/vg1/lv1** as an example: - ``` - # blkid /dev/vg1/lv1 + ```bash + blkid /dev/vg1/lv1 ``` Check the command output. It contains the following information in which _uuidnumber_ is a string of digits, indicating the UUID, and _fstype_ indicates the file system type. /dev/vg1/lv1: UUID=" _uuidnumber_ " TYPE=" _fstype_ " -2. Run the **vi /etc/fstab** command to edit the **fstab** file and add the following content to the end of the file: +2. Run the **vi /etc/fstab** command to edit the **fstab** file and add the following content to the end of the file: - ``` + ```vim UUID=uuidnumber mntpath fstype defaults 0 0 ``` In the preceding information: - - Column 1: indicates the UUID. Enter _uuidnumber_ obtained in [1](#li65701520154311). - - Column 2: indicates the mount directory of the file system. Replace _mntpath_ with the actual value. - - Column 3: indicates the file system format. Enter _fstype_ obtained in [1](#li65701520154311). - - Column 4: indicates the mount option. In this example, **defaults** is used. - - Column 5: indicates the backup option. Enter either **1** \(the system automatically backs up the file system\) or **0** \(the system does not back up the file system\). In this example, **0** is used. - - Column 6: indicates the scanning option. Enter either **1** \(the system automatically scans the file system during startup\) or **0** \(the system does not scan the file system\). In this example, **0** is used. + - Column 1: indicates the UUID. Enter _uuidnumber_ obtained in [1](#li65701520154311). + - Column 2: indicates the mount directory of the file system. Replace _mntpath_ with the actual value. + - Column 3: indicates the file system format. Enter _fstype_ obtained in [1](#li65701520154311). + - Column 4: indicates the mount option. In this example, **defaults** is used. + - Column 5: indicates the backup option. Enter either **1** \(the system automatically backs up the file system\) or **0** \(the system does not back up the file system\). In this example, **0** is used. + - Column 6: indicates the scanning option. Enter either **1** \(the system automatically scans the file system during startup\) or **0** \(the system does not scan the file system\). In this example, **0** is used. -3. Verify the automatic mounting function. - 1. Run the **umount** command to unmount the file system. The following uses LV **/dev/vg1/lv1** as an example: +3. Verify the automatic mounting function. + 1. Run the **umount** command to unmount the file system. The following uses LV **/dev/vg1/lv1** as an example: - ``` - # umount /dev/vg1/lv1 + ```bash + umount /dev/vg1/lv1 ``` - 2. Run the following command to reload all content in the **/etc/fstab** file: + 2. Run the following command to reload all content in the **/etc/fstab** file: - ``` - # mount -a + ```bash + mount -a ``` - 3. Run the following command to query the file system mounting information \(**/mnt/data** is used as an example\): + 3. Run the following command to query the file system mounting information \(**/mnt/data** is used as an example\): - ``` - # mount | grep /mnt/data + ```bash + mount | grep /mnt/data ``` Check the command output. If the command output contains the following information, the automatic mounting function takes effect: + ```text /dev/vg1/lv1 on /mnt/data + ``` diff --git a/docs/en/docs/Administration/memory-management.md b/docs/en/docs/Administration/memory-management.md new file mode 100644 index 0000000000000000000000000000000000000000..9f53a7c2c604cb992efa326b45800b7d144caeca --- /dev/null +++ b/docs/en/docs/Administration/memory-management.md @@ -0,0 +1,949 @@ +# Memory Management + +## Basic Concepts + +The memory is an important component of a computer, and is used to temporarily store operation data in the CPU and data exchanged with an external memory such as hardware. In particular, a non-uniform memory access architecture (NUMA) is a memory architecture designed for a multiprocessor computer. The memory access time depends on the location of the memory relative to the processor. In NUMA mode, a processor accesses the local memory faster than the non-local memory (the memory is located in another processor or shared between processors). + +## Viewing Memory + +1. **free**: displays the system memory status. + Example: + + ```shell + # Display the system memory status in MB. + free -m + ``` + + The output is as follows: + + ```shell + [root@openEuler ~]# free -m + total used free shared buff/cache available + Mem: 2633 436 324 23 2072 2196 + Swap: 4043 0 4043 + ``` + + The fields in the command output are described as follows: + + |Field|Description| + |--|--| + |total|Total memory size.| + |used|Used memory.| + |free|Free memory.| + |shared|Total memory shared by multiple processes.| + |buff/cache|Total number of buffers and caches.| + |available|Estimated available memory to start a new application without swapping.| + +2. **vmstat**: dynamically monitors the system memory and views the system memory usage. + + Example: + + ```shell + # Monitor the system memory and display active and inactive memory. + vmstat -a + ``` + + The output is as follows: + + ```shell + [root@openEuler ~]# vmstat -a + procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- + r b swpd free inact active si so bi bo in cs us sy id wa st + 2 0 520 331980 1584728 470332 0 0 0 2 15 19 0 0 100 0 0 + ``` + + In the command output, the field related to the memory is described as follows: + + |Field|Description| + |--|--| + |memory|Memory information.
**-swpd**: usage of the virtual memory, in KB.
**-free**: free memory capacity, in KB.
**-inact**: inactive memory capacity, in KB.
**-active**: active memory capacity, in KB.| + +3. **sar**: monitors the memory usage of the system. + + Example: + + ```shell + # Monitor the memory usage in the sampling period in the system. Collect the statistics every two seconds for three times. + sar -r 2 3 + ``` + + The output is as follows: + + ```shell + [root@openEuler ~]# sar -r 2 3 + + 04:02:09 PM kbmemfree kbavail kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kb + dirty + 04:02:11 PM 332180 2249308 189420 7.02 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:13 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:15 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + Average: 332159 2249287 189441 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + ``` + + The fields in the command output are described as follows: + + |Field|Description| + |--|--| + |kbmemfree|Unused memory space.| + |kbmemused|Used memory space.| + |%memused|Percentage of the used space.| + |kbbuffers|Amount of data stored in the buffer.| + |kbcached|Data access volume in all domains of the system.| + +4. **numactl**: displays the NUMA node configuration and status. + + Example: + + ```shell + # Check the current NUMA configuration. + numactl -H + ``` + + The output is as follows: + + ```shell + [root@openEuler ~]# numactl -H + available: 1 nodes (0) + node 0 cpus: 0 1 2 3 + node 0 size: 2633 MB + node 0 free: 322 MB + node distances: + node 0 + 0: 10 + ``` + + The server contains one NUMA node. The NUMA node that contains four cores and 6 GB memory. + The command also displays the distance between NUMA nodes. The further the distance, the higher the latency of cross-node memory accesses, which should be avoided as much as possible. + + **numstat**: displays NUMA node status. + + ```shell + # Check the NUMA node status. + numastat + ``` + + ```shell + [root@openEuler ~]# numastat + node0 + numa_hit 5386186 + numa_miss 0 + numa_foreign 0 + interleave_hit 17483 + local_node 5386186 + other_node 0 + ``` + + The the fields in the command output and their meanings are as follows: + + |Field|Description| + |--|--| + |numa_hit|Number of times that the CPU core accesses the local memory on a node.| + |numa_miss|Number of times that the core of a node accesses the memory of other nodes.| + |numa_foreign|Number of pages that were allocated to the local node but moved to other nodes. Each numa_foreign corresponds to a numa_miss event.| + |interleave_hit|Number of pages of the interleave policy that are allocated to this node.| + |local_node|Size of memory that was allocated to this node by processes on this node.| + |other_node|Size of memory that was allocated to other nodes by processes on this node.| + +## etMem + +### Introduction + +The development of CPU computing power - particularly lower costs of ARM cores - makes memory cost and capacity become the core frustration that restricts business costs and performance. Therefore, the most pressing issue is how to save memory cost and how to expand memory capacity. + +etMem is a tiered memory expansion technology that uses DRAM+memory compression/high-performance storage media to form tiered memory storage. Memory data is tiered, and cold data is migrated from memory media to high-performance storage media to release memory space and reduce memory costs. + +The etMem software package runs on the etMem client and etMemd server. The etMemd server is resident after being started. It implements functions such as hot and cold memory identification and elimination for the target process. The etMem client runs once when being invoked and controls the etmemd server to respond to different operations based on command options. + +### Compilation Tutorial + +1. Download the etMem source code. + + ```shell + git clone https://gitee.com/openeuler/etmem.git + ``` + +2. Install the compilation and running dependency. + + The compilation and running of etMem depend on the libboundscheck component. + +3. Build source code. + + ```shell + cd etmem + + mkdir build + + cd build + + cmake .. + + make + ``` + +### Precautions + +#### Running Dependencies + +As a memory expansion tool, etMem depends on kernel-mode features. To identify memory access and proactively write memory to the swap partition for vertical memory expansion, `etmem_scan` and `etmem_swap` modules need to be inserted when etMem is running. + +```shell +modprobe etmem_scan +modprobe etmem_swap +``` + +#### Permission Control + +The root permission is required for running the etMem process. The **root** user has the highest permission in the system. When performing operations as the **root** user, strictly follow the operation guide to prevent system management and security risks caused by other operations. + +#### Constraints + +- The etMem client and server must be deployed on the same server. Cross-server communication is not supported. +- etMem can scan only the target processes whose names contain fewer than or equal to 15 characters. The process name can contain letters, digits, special characters ./%-_, and any combination of the preceding three types of characters. Other combinations are invalid. +- When the AEP media is used for memory expansion, the system must be able to correctly identify AEP devices and initialize the AEP devices as NUMA nodes. In addition, the `vm_flags` field in the configuration file can only be set to `ht`. +- Private engine commands are valid only for the corresponding engine and tasks under the engine, for example, `showhostpages` and `showtaskpages` supported by cslide. +- In the third-party policy implementation code, the `fd` field in the `eng_mgt_func` interface cannot be set to `0xff` or `0xfe`. +- Multiple third-party policy dynamic libraries can be added to a project. They are differentiated by `eng_name` in the configuration file. +- Do not scan the same process concurrently. +- Do not use the `/proc/xxx/idle_pages` and `/proc/xxx/swap_pages` files when `etmem_scan.ko` and`etmem_swap.ko` are not loaded. +- The owner of the etMem configuration file must be the **root** user, the permission must be **600** or **400**, and the size of the configuration file cannot exceed 10 MB. +- When etMem injects third-party policies, the owner of the `so` files of the third-party policies must be the **root** user and the permission must be **500** or **700**. + +### Instructions + +#### etmem Configuration File + +Before running the etMem process, the administrator needs to plan the processes that require memory expansion, configure the process information in the etMem configuration file, and configure the memory scan loops and times, and cold and hot memory thresholds. + +The sample configuration files are stored in the `/etc/etmem` directory in the source package. There are three sample files by function. + +```shell +/etc/etmem/cslide_conf.yaml +/etc/etmem/slide_conf.yaml +/etc/etmem/thirdparty_conf.yaml +``` + +The samples are as follows: + +```shell +# Example of the slide engine +# slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +sysmem_threshold=50 +swapcache_high_vmark=10 +swapcache_low_vmark=6 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +swap_threshold=10g +swap_flag=yes + +# Example of the cslide engine +# cslide_conf.yaml +[engine] +name=cslide +project=test +node_pair=2,0;3,1 +hot_threshold=1 +node_mig_quota=1024 +node_hot_reserve=1024 + +[task] +project=test +engine=cslide +name=background_cslide +type=pid +name=23456 +vm_flags=ht +anon_only=no +ign_host=no + +# Example of the thirdparty engine +# thirdparty_conf.yaml +[engine] +name=thirdparty +project=test +eng_name=my_engine +libname=/usr/lib/etmem_fetch/my_engine.so +ops_name=my_engine_ops +engine_private_key=engine_private_value + +[task] +project=test +engine=my_engine +name=background_third +type=pid +value=12345 +task_private_key=task_private_value +``` + +Fields in the configuration file are described as follows. + +| Item | Description | Mandatory (Yes/No)| With Parameters (Yes/No)| Value Range | Example Description | +|-----------|---------------------|------|-------|------------|-----------------------------------------------------------------| +| \[project\] | Start flag of the project common configuration section | No | No | N/A | Start flag of the `project` configuration item, indicating that the following configuration items, before another *\[xxx\]* or to the end of the file, belong to the project section.| +| name | Name of a project | Yes | Yes | A string of fewer than 64 characters| Identifies a project. When configuring an engine or task, you need to specify the project to which the engine or task is mounted. | +| loop | Number of memory scan loops | Yes | Yes | 1 to 120 | `loop=3` // Scan for three times. | +| interval | Interval for memory scans | Yes | Yes | 1 to 1200 | `interval=5` // The scan interval is 5s. | +| sleep | Interval between large loops of memory scans and operations| Yes | Yes | 1 to 1200 | `sleep=10` // The interval between large loops is 10s. | +| sysmem_threshold| Configuration item of the `slide` engine, which specifies the threshold of the system memory swap-out | No | Yes | 0 to 100 | `sysmem_threshold=50` // etMem triggers memory swap-out only when the remaining system memory is less than 50%.| +| swapcache_high_wmark| Configuration item of the `slide` engine, which specifies the high watermark of the system memory occupied by the swap cache| No | Yes | 1 to 100 | `swapcache_high_wmark=5` // The swap cache memory usage can be 5% of the system memory. If the usage exceeds 5%, etMem triggers swap cache reclamation.
Note: The value of `swapcache_high_wmark` must be greater than that of `swapcache_low_wmark`.| +| swapcache_low_wmark| Configuration item of the `slide` engine, which specifies the low watermark of the system memory occupied by the swap cache| No | Yes | \[1, **swapcache_high_wmark**) | `swapcache_low_wmark=3` // After swap cache reclamation is triggered, the system reclaims the swap cache memory until the usage is reduced to less than 3%.| +| \[engine\] | Start flag of the engine common configuration section | No | No | N/A | Start flag of the `engine` configuration item, indicating that the following configuration items, before another *\[xxx\]* or to the end of the file, belong to the engine section.| +| project | Project | Yes | Yes | A string of fewer than 64 characters | If a project named **test** already exists, enter **project=test**. | +| engine | Engine | Yes | Yes | `slide`, `cslide`, or `thirdparty` | Identifies the slide, cslide, or thirdparty policy. | +| node_pair | Configuration item of the `cslide` engine, which specifies the node pair of the AEP and DRAM in the system| Mandatory when `engine` is set to `cslide`| Yes | Node IDs of the AEP and DRAM are configured in pairs and separated by commas (,). Node pairs are separated by semicolons (;).| `node_pair=2,0;3,1` | +| hot_threshold | Configuration item of the `cslide` engine, which specifies the threshold of the hot and cold memory | Mandatory when `engine` is set to `cslide`| Yes | An integer greater than or equal to `0` and less than or equal to `INT_MAX` | `hot_threshold=3` // Memory accessed fewer than 3 times is identified as cold memory. | +|node_mig_quota|Configuration item of the `cslide` engine, which specifies the maximum unidirectional traffic during each migration between the DRAM and AEP|Mandatory when `engine` is set to `cslide`|Yes|An integer greater than or equal to `0` and less than or equal to `INT_MAX`|`node_mig_quota=1024` // The unit is MB. A maximum of 1,024 MB data can be migrated from the AEP to the DRAM or from the DRAM to the AEP at a time.| +|node_hot_reserve|Configuration item of the `cslide` engine, which specifies the size of the reserved space for the hot memory in the DRAM|Mandatory when `engine` is set to `cslide`|Yes|An integer greater than or equal to `0` and less than or equal to `INT_MAX`|`node_hot_reserve=1024` // The unit is MB. When the hot memory of all VMs is greater than the value of this configuration item, the hot memory is migrated to the AEP.| +|eng_name|Configuration item of the `thirdparty` engine, which specifies the engine name and is used for task mounting|Mandatory when `engine` is set to `thirdparty`|Yes|A string of fewer than 64 characters|`eng_name=my_engine` // To mount a task to the thirdparty engine, you can enter `engine=my_engine` in the task.| +|libname|Configuration item of the `thirdparty` engine, which specifies the address of the dynamic library of the third-party policy. The address is an absolute address.|Mandatory when `engine` is set to `thirdparty`|Yes|A string of fewer than 256 characters|libname=/user/lib/etmem_fetch/code_test/my_engine.so| +|ops_name|Configuration item of the `thirdparty` engine, which specifies the name of the operator in the dynamic library of the third-party policy|Mandatory when `engine` is set to `thirdparty`|Yes|A string of fewer than 256 characters|`ops_name=my_engine_ops` // Name of the structure of the third-party policy implementation interface| +|engine_private_key|(Optional) Configuration item of the `thirdparty` engine. This configuration item is reserved for the third-party policy to parse private parameters.|No|No|Configured based on the private parameters of the third-party policy|Set this configuration item based on the private engine configuration items of the third-party policy.| +| [task] | Start flag of the task common configuration section| No| No| N/A | Start flag of the `task configuration item`, indicating that the following configuration items, before another *[xxx]* or to the end of the file, belong to the task section.| +| project | Project to which a task is mounted | Yes| Yes| A string of fewer than 64 characters | If a project named **test** already exists, enter **project=test**. | +| engine | Engine to which a task is mounted | Yes| Yes| A string of fewer than 64 characters | Specifies the engine to which a task is mounted. | +| name | Name of a task | Yes| Yes| A string of fewer than 64 characters | `name=background1` // The task name is `backgound1`. | +| type | Method of identifying the target process | Yes| Yes| `pid` or `name` | `pid` indicates that the process is identified by the process ID, and `name` indicates that the process is identified by the process name. | +| value | Specific fields identified by the target process | Yes| Yes| Actual process ID/name| This configuration item is used together with the `type` configuration item to specify the ID or name of the target process. Ensure that the configuration is correct and unique. | +| T | Task configuration item of the `slide` engine, which specifies the threshold of the hot and cold memory | Mandatory when `engine` is set to `slide`| Yes| 0 to **loop** x 3 | `T=3` // Memory accessed fewer than 3 times is identified as cold memory. | +| max_threads | Task configuration item of the `slide` engine, which specifies the maximum number of threads in the internal thread pool of etmemd. Each thread processes a memory scan+operation task of a process or child process.| No | Yes| 1 to 2 x Number of cores + 1. The default value is `1`.| This configuration item controls the number of internal processing threads of etmemd. When the target process has multiple child processes, a larger value of this configuration item indicates a larger number of concurrent executions but more occupied resources.| +| vm_flags | Task configuration item of the `cslide` engine, which specifies the flag of the VMA to be scanned. If this configuration item is not configured, the VMA is not distinguished. | No | Yes| The value is a string of fewer than 256 characters. Different flags are separated by spaces. | `vm_flags=ht` // Scan the VMA memory whose flag is `ht` (huge page). | +| anon_only | Task configuration item of the `cslide` engine, which specifies whether to scan only anonymous pages | No | Yes| `yes` or `no` | `anon_only=no` // `yes` indicates that only anonymous pages are scanned. `no` indicates that non-anonymous pages are also scanned. | +| ign_host | Task configuration item of the `cslide` engine, which specifies whether to ignore the page table scan information on the host | No | Yes| `yes` or `no` | `ign_host=no` // `yes`: Ignore; `no`: Do not ignore. | +| task_private_key | (Optional) Task configuration item of the `thirdparty` engine. This configuration item is reserved for the task of the third-party policy to parse private parameters. | No | No| Configured based on the private parameters of the third-party policy | Configured based on the private task parameters of the third-party policy | +| swap_threshold |Configuration item of the `slide` engine, which specifies the threshold of the process memory swap-out | No | Yes| Absolute value of the available memory of a process | `swap_threshold=10g` // If the memory usage of a process is less than 10 GB, swap-out is not triggered.
In the current version, only g/G can be used as the absolute memory unit. This configuration item is used together with `sysmem_threshold`. When the system memory is lower than the threshold, the system checks the threshold of the processes in the allowlist.| +| swap_flag|Configuration item of the `slide` engine, which specifies process memory to be swapped out | No | Yes| `yes` or `no` | `swap_flag=yes` // Specify process memory to be swapped out.| + +#### Starting the etmemd Server + +When using the servers provided by etMem, you need to modify the corresponding configuration file as required, and then run the etmemd server to operate the memory of the target process. In addition to starting the etmemd process in binary mode on the CLI, you can configure the `server` file to enable the etmemd server to start the etmemd process in `systemctl` mode. In this scenario, you need to use the `mode-systemctl` parameter to specify whether to enable the function. + +##### How to Use + +You can run the following command to start the etmemd server: + +```shell +etmemd -l 0 -s etmemd_socket +``` + +Or + +```shell +etmemd --log-level 0 --socket etmemd_socket +``` + +`0` in `-l` and `etmemd_socket` in `-s` are user-defined parameters. For details about the parameters, see the following table. + +##### Command-Line Options + +| Option | Description | Mandatory (Yes/No)| With Parameters (Yes/No)| Value Range | Example Description | +| --------------- | ---------------------------------- | -------- | ---------- | --------------------- | ------------------------------------------------------------ | +| `-l` or `\-\-log-level` | etmemd log level. | No | Yes | 0 to 3 | `0`: debug level.
`1`: info level.
`2`: warning level.
`3`: error level.
Only logs of the level that is higher than or equal to the configured level are recorded in the `/var/log/message` file.| +| `-s` or `\-\-socket` | Name of the etmemd listener, which is used to interact with the client.| Yes | Yes | A string of fewer than 107 characters| Specifies the name of the server listener. | +| `-m` or `\-\-mode-systemctl`| Starts the etmemd server in systemctl mode.| No| No| N/A| The `-m` option must be specified in the `service` file.| +| `-h` or `\-\-help` | Prints help information. | No | No | N/A | If this option is specified, the command execution exits after the command output is printed. | + +#### Adding or Deleting a Project, Engine, or Task on the etMem Client + +##### Scenarios + +1. The administrator adds an etMem project, engine, or task. (A project can contain multiple etMem engines, and an engine can contain multiple tasks.) + +2. The administrator deletes an existing etMem project, engine, or task. (Before a project is deleted, all tasks in the project automatically stop.) + +##### How to Use + +After the etmemd server runs properly, you can use the `obj` parameter on the etMem client to add or delete a project, engine, or task. The project, engine, or task is identified based on the content configured in the configuration file. + +- Add an object. + + ```shell + etmem obj add -f /etc/etmem/slide_conf.yaml -s etmemd_socket + ``` + + Or + + ```shell + etmem obj add --file /etc/etmem/slide_conf.yaml --socket etmemd_socket + ``` + +- Delete an object. + + ```shell + etmem obj del -f /etc/etmem/slide_conf.yaml -s etmemd_socket + ``` + + Or + + ```shell + etmem obj del --file /etc/etmem/slide_conf.yaml --socket etmemd_socket + ``` + +##### Command-Line Options + +| Option | Description | Mandatory (Yes/No)| With Parameters (Yes/No)| Example Description | +| ------------ | ------------------------------------------------------------ | -------- | ---------- | -------------------------------------------------------- | +| `-f` or `\-\-file` | Configuration file of the specified object | Yes | Yes | Specifies the file path. | +| `-s` or `\-\-socket` | Name of the socket for communicating with the etmemd server. The value must be the same as that specified when the etmemd server is started.| Yes | Yes | This option is mandatory. When there are multiple etmemd servers, the administrator selects an etmemd server to communicate with.| + +#### Querying, Starting, or Stopping a Project on the etMem Client + +##### Scenarios + +After adding a project by running the `etmem obj add` command, the administrator can start or stop the etMem project before running the `etmem obj del` command to delete the project. + +1. The administrator starts an added project. + +2. The administrator stops a project that has been started. + +When the administrator runs the `obj del` command to delete a project, the project automatically stops if it has been started. + +##### How to Use + +For a project that has been successfully added, you can run the `etmem project` command to start or stop the project. Example commands are as follows: + +- Query a project. + + ```shell + etmem project show -n test -s etmemd_socket + ``` + + Or + + ```shell + etmem project show --name test --socket etmemd_socket + ``` + +- Start a project. + + ```shell + etmem project start -n test -s etmemd_socket + ``` + + Or + + ```shell + etmem project start --name test --socket etmemd_socket + ``` + +- Stop a project. + + ```shell + etmem project stop -n test -s etmemd_socket + ``` + + Or + + ```shell + etmem project stop --name test --socket etmemd_socket + ``` + +- Print help information. + + ```shell + etmem project help + ``` + +##### Command-Line Options + +| Option | Description | Mandatory (Yes/No)| With Parameters (Yes/No)| Example Description | +| ------------ | ------------------------------------------------------------ | -------- | ---------- | -------------------------------------------------------- | +| `-n` or `\-\-name` | Project name | Yes | Yes | Project name, which corresponds to the configuration file. | +| `-s` or `\-\-socket` | Name of the socket for communicating with the etmemd server. The value must be the same as that specified when the etmemd server is started.| Yes | Yes | This option is mandatory. When there are multiple etmemd servers, the administrator selects an etmemd server to communicate with.| + +#### Performing Memory Swap-out on the etMem Client based on the Memory Swap-out Threshold and Flag + +Among the currently supported policies, only the `slide` policy supports private functions and features. + +- Swapping out process or system memory based on threshold + +To achieve optimal service performance, you need to consider the time when the etMem memory is swapped out. When the available system memory is sufficient and the system memory pressure is low, memory swapping is not performed. When the memory usage of processes is low, memory swapping is not performed. The thresholds for controlling the system memory swap-out and process memory swap-out are available. + +- Swapping out the specified process memory + +In the storage environment, I/O latency-sensitive server processes do not want to swap out the memory. Therefore, a mechanism is provided for services to specify the memory that can be swapped out. + +You can add the `sysmem_threshold`, `swap_threshold`, and `swap_flag` parameters to the configuration file. For details, see the description of the etMem configuration file. + +```shell +# slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +sysmem_threshold=50 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +swap_threshold=10g +swap_flag=yes +``` + +##### Swapping Out System Memory Based on Threshold + +In the configuration file, `sysmem_threshold` indicates the threshold for system memory swap-out. The value of `sysmem_threshold` ranges from 0 to 100. If `sysmem_threshold` is configured in the configuration file, etMem triggers memory swap-out only when the available system memory is less than the value of `sysmem_threshold`. + +Procedure: + +1. Compile the configuration file. Configure the `sysmem_threshold` parameter in the configuration file, for example, `sysmem_threshold=20`. +2. Start the server, and add and start a project. + + ```shell + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +3. Check the memory swap-out result. etMem triggers memory swap-out only when the available system memory is less than 20%. + +##### Swapping Out Process Memory Based on Threshold + +In the configuration file, `swap_threshold` indicates the threshold for process memory swap-out. `swap_threshold` specifies the absolute value of the process memory usage (*number*+**g**/**G**). If `swap_threshold` is configured in the configuration file, etMem will not trigger memory swap-out for a process when the memory usage of the process is less than the value of `swap_threshold`. + +Procedure: + +1. Compile the configuration file. Configure the `swap_threshold` parameter in the configuration file, for example, `swap_threshold=5g`. +2. Start the server, and add and start a project. + + ```shell + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +3. Check the memory swap-out result. etMem triggers memory swap-out only when the absolute value of the memory occupied by the process is greater than 5 GB. + +##### Swapping Out the Specified Process Memory + +In the configuration file, `swap_flag` specifies the process memory that can be swapped out. `swap_flag` can be set to `yes` or `no`. If `swap_flag` is set to `no` or not set in the configuration file, the memory swap-out function of etMem remains unchanged. If `swap_flag` is set to `yes`, only the specified process memory can be swapped out. + +Procedure: + +1. Compile the configuration file. Configure the `swap_flag` parameter in the configuration file, for example, `swap_flag=yes`. +2. Mark the process memory to be swapped out. + + ```shell + madvise(addr_start, addr_len, MADV_SWAPFLAG) + ``` + +3. Start the server, and add and start a project. + + ```shell + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +4. Check the memory swap-out result. Only the marked process memory is swapped out. Other memory is retained in the DRAM and will not be swapped out. + +In the scenario where a specified page of a process is swapped out, the `ioctl` call is added to the original scan interface `idle_pages` to ensure that the VMA without a specific flag is not scanned or swapped out. + +Scan Management Interface + +- Prototype + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- Input parameters + + ```shell + 1. fd: file descriptor, which is obtained by the open call in /proc/pid/idle_pages. + + 2. cmd: controls the scanning behavior. Currently, the following commands are supported: + VMA_SCAN_ADD_FLAGS: adds a VMA swap-out flag. Only VMAs with the specified flag are scanned. + VMA_SCAN_REMOVE_FLAGS: removes the new VMA swap-out flag. + + 3. args: int pointer argument, which is used to transfer the specific flag mask. Currently, only the following argument is supported: + VMA_SCAN_FLAG: Before the etmem_scan.ko module starts scanning, the `walk_page_test` interface is called to check whether the VMA address meets the scanning requirements. If this flag is set, only the VMA address segment with a specific swap-out flag is scanned, and other VMA addresses are ignored. + ``` + +- Return value + + ```shell + 1. If the operation is successful, 0 is returned. + 2. If the operation fails, a non-zero value is returned. + ``` + +- Note + + ```shell + All unsupported flags are ignored, but no error is returned. + ``` + +#### Reclaiming Swap Cache Memory on the etMem Client + +The user-mode etMem initiates a memory eviction and reclamation operation and interacts with the kernel-mode memory reclamation module through the `write procfs` interface. The kernel-mode memory reclamation module parses the virtual address delivered by the user-mode etMem, obtains the page corresponding to the address, and calls the native kernel interface to swap out the memory corresponding to the page for reclamation. During memory swap-out, the swap cache occupies certain system memory. To further save memory, the swap cache memory reclamation function is added. + +You can add the `swapcache_high_wmark` and `swapcache_low_wmark` parameters to the configuration file to use this function. + +- `swapcache_high_wmark`: high watermark of the system memory that can be occupied by the swap cache. +- `swapcache_low_wmark`: low watermark of the system memory that can be occupied by the swap cache. + +After performing a memory swap-out, etMem checks the memory usage of the swap cache. If the memory usage exceeds the high watermark, etMem delivers the `ioctl` command in `swap_pages` to trigger swap cache memory reclamation. The reclamation stops when the memory usage comes down to the low watermark. + +The following is an example of parameter configuration. For details, see the sections related to the etMem configuration file. + +```shell +# slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +swapcache_high_vmark=5 +swapcache_low_vmark=3 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +``` + +In the swap-out scenario, the swap cache memory needs to be reclaimed to further save the memory. The `ioctl` call is added to the `swap_pages` interface to set the swap cache watermark and enable or disable the swap cache memory reclamation. + +- Prototype + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- Input parameters + + ```shell + 1. fd: file descriptor, which is obtained by the open call in /proc/pid/idle_pages. + + 2. cmd: controls the scanning behavior. Currently, the following commands are supported: + RECLAIM_SWAPCACHE_ON: enables swap cache memory swap-out. + RECLAIM_SWAPCACHE_OFF: disables swap cache memory swap-out. + SET_SWAPCACHE_WMARK: specifies the swap cache memory watermark. + + 3. args: int pointer argument, which is used to transfer the specific flag mask. Currently, only the following argument is supported: + Argument used to transfer the swap cache watermark. + ``` + +- Return value + + ```shell + 1. If the operation is successful, 0 is returned. + 2. If the operation fails, a non-zero value is returned. + ``` + +- Note + + ```shell + All unsupported flags are ignored, but no error is returned. + ``` + +#### Executing Private Engine Commands or Functions on the etMem Client + +Among the supported policies, only the `cslide` policy supports private commands. + +- `showtaskpages` +- `showhostpages` + +You can run the commands to view the page access information related to the task and the system huge page usage on the host of the VM. + +The following are example commands: + +```shell +etmem engine showtaskpages <-t task_name> -n proj_name -e cslide -s etmemd_socket + +etmem engine showhostpages -n proj_name -e cslide -s etmemd_socket +``` + +**Note**: ``showtaskpages` and `showhostpages` support only the cslide engine. + +##### Command-Line Options + +| Option| Description | Mandatory (Yes/No)| With Parameters (Yes/No)| Example Description| +|----|------|------|-------|------| +|`-n` or `\-\-proj_name`| Project name| Yes| Yes| Specifies the name of an existing project to be executed.| +|`-s` or `\-\-socket`| Name of the socket for communicating with the etmemd server. The value must be the same as that specified when the etmemd process is started.| Yes| Yes| This option is mandatory. When there are multiple etmemd servers, the administrator selects an etmemd server to communicate with.| +|`-e` or `\-\-engine`| Name of the engine to be executed| Yes| Yes| Specifies the name of an existing engine to be executed.| +|`-t` or `\-\-task_name`| Name of the task to be executed| No| Yes| Specifies the name of an existing task to be executed.| + +#### Enabling and Disabling the Kernel Swap Function + +When etMem is used for memory expansion, you can determine whether to enable the kernel swap function. You can disable the native swap mechanism of the kernel to prevent the native swap mechanism from swapping out the memory that should not be swapped out to cause user-mode process exceptions. + +The sys interface is provided to implement the preceding control. The `kobj` object named `kernel_swap_enable` is created in the `/sys/kernel/mm/swap` directory. It is used to enable or disable kernel swap. The default value is `true`. + +Examples: + +```shell +# Enable kernel swap. +echo true > /sys/kernel/mm/swap/kernel_swap_enable +Or +echo 1 > /sys/kernel/mm/swap/kernel_swap_enable + +# Disable kernel swap. +echo false > /sys/kernel/mm/swap/kernel_swap_enable +Or +echo 0 > /sys/kernel/mm/swap/kernel_swap_enable +``` + +#### Automatically Starting etMem with System + +##### Scenarios + +etmemd allows you to configure the `systemd` configuration file and start the `systemd` service in `fork` mode. + +##### How to Use + +Compile the `service` configuration file to start etmemd. Use the `-m` option to specify the mode. For example: + +```shell +etmemd -l 0 -s etmemd_socket -m +``` + +##### Command-Line Options + +| Option | Description | Mandatory (Yes/No)| With Parameters (Yes/No)| Value Range| Example Description | +|----------------|------------|------|-------|------|-----------| +| `-l` or `\-\-log-level` | etmemd log level.| No | Yes | 0 to 3 | `0`: debug level. `1`: info level. `2`: warning level. `3`: error level. Only logs of the level that is higher than or equal to the configured level are recorded in the `/var/log/message` file.| +| `-s` or `\-\-socket` |Name of the etmemd listener, which is used to interact with the client.| Yes| Yes| A string of fewer than 107 characters| Name of the server listener| +|`-m` or `\-\-mode-systemctl`| When etmemd is started as a service, this option must be specified in the command.| No| No| N/A| N/A| +| `-h` or `\-\-help` | Prints help information.| No |No|N/A|If this option is specified, the command execution exits after the command output is printed.| + +#### Supporting Third-Party Memory Extension Policies + +##### Scenarios + +etMem allows you to register third-party memory extension policies and provides the dynamic library of the scan module. When etMem is running, the third-party policy eviction algorithm is used to evict the memory. + +You can use the dynamic library of the scan module provided by etMem and implement the interfaces in the structure required for connecting to etMem. + +##### How to Use + +To use a third-party extended eviction policy, perform the following steps: + +1. Invoke the scan interface provided by the scan module as required. + +2. Implement each interface based on the function template provided in the etMem header file and encapsulate the interfaces into structures. + +3. Compile the dynamic library of the third-party extended eviction policy. + +4. Specify the `thirdparty` engine in the configuration file as required. + +5. Enter the dynamic library name and interface structure name in the `task` field in the configuration file as required. + +Other operations are similar to those of other etMem engines. + +Interface structure templates: + +```c +struct engine_ops { + +/* Parse the private parameters of the engine. If there are private parameters, implement this interface; otherwise, set it to NULL. */ + +int (*fill_eng_params)(GKeyFile *config, struct engine *eng); + +/* Clear the private parameters of the engine. If there are private parameters, implement this interface; otherwise, set it to NULL. */ + +void (*clear_eng_params)(struct engine *eng); + +/* Parse the private parameters of the task. If there are private parameters, implement this interface; otherwise, set it to NULL. */ + +int (*fill_task_params)(GKeyFile *config, struct task *task); + +/* Parse the private parameters of the task. If there are private parameters, implement this interface; otherwise, set it to NULL. */ + +void (*clear_task_params)(struct task *tk); + +/* Interface for starting a task */ + +int (*start_task)(struct engine *eng, struct task *tk); + +/* Interface for stopping a task */ + +void (*stop_task)(struct engine *eng, struct task *tk); + +/* Fill in the private parameters related to the PID. */ + +int (*alloc_pid_params)(struct engine *eng, struct task_pid **tk_pid); + +/* Destroy the private parameters related to the PID. */ + +void (*free_pid_params)(struct engine *eng, struct task_pid **tk_pid); + +/* Private commands required by third-party policies. If no private command is required, set it to NULL. */ + +int (*eng_mgt_func)(struct engine *eng, struct task *tk, char *cmd, int fd); + +}; +``` + +External interfaces of the scan module + +| Interface Name |Interface Description| +| ------------ | --------------------- | +| etmemd_scan_init | Initializes the scan module.| +| etmemd_scan_exit | Destructs the scan module.| +| etmemd_get_vmas | Obtains the VMAs to be scanned.| +| etmemd_free_vmas | Releases the VMAs scanned by `etmemd_get_vmas`.| +| etmemd_get_page_refs | Scans pages in VMAs.| +| etmemd_free_page_refs | Releases the linked list of page access information obtained by `etmemd_get_page_refs`.| + +In the VM scanning scenario, the `ioctl` call is added to the original scan interface `idle_pages` to provide a mechanism for distinguishing the `ept` scanning granularity and determining whether to ignore the page access flag on the host. + +In the scenario where a specified page of a process is swapped out, the `ioctl` call is added to the original scan interface `idle_pages` to ensure that the VMA without a specific flag is not scanned or swapped out. + +Scan management interface: + +- Prototype + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- Input parameters + + ```shell + 1. fd: file descriptor, which is obtained by the open call in /proc/pid/idle_pages. + + 2. cmd: controls the scanning behavior. Currently, the following commands are supported: + IDLE_SCAN_ADD_FLAG: adds a scan flag. + IDLE_SCAM_REMOVE_FLAGS: removes a scan flag. + VMA_SCAN_ADD_FLAGS: adds a VMA swap-out flag. Only VMAs with the specified flag are scanned. + VMA_SCAN_REMOVE_FLAGS: removes the new VMA swap-out flag. + + 3. args: int pointer argument, which is used to transfer the specific flag mask. Currently, only the following argument is supported: + SCAN_AS_HUGE: scans whether a page has been accessed based on the 2 MB huge page granularity when scanning the ept page table. If this flag is not set, scanning is performed based on the granularity of the ept page table. + SCAN_IGN_HUGE: ignores the access flag in the page table on the host side during VM scanning. If this flag is not set, the access flag in the page table on the host side is not ignored. + VMA_SCAN_FLAG: Before the etmem_scan.ko module starts scanning, the `walk_page_test` interface is called to check whether the VMA address meets the scanning requirements. If this flag is set, only the VMA address segment with a specific swap-out flag is scanned, and other VMA addresses are ignored. + ``` + +- Return value + + ```shell + 1. If the operation is successful, 0 is returned. + 2. If the operation fails, a non-zero value is returned. + ``` + +- Note + + ```shell + All unsupported flags are ignored, but no error is returned. + ``` + +The following is an example of the configuration file. For details, see the configuration file description. + +```shell +# thirdparty +[engine] + +name=thirdparty + +project=test + +eng_name=my_engine + +libname=/user/lib/etmem_fetch/code_test/my_engine.so + +ops_name=my_engine_ops + +engine_private_key=engine_private_value + +[task] + +project=test + +engine=my_engine + +name=background1 + +type=pid + +value=1798245 + +task_private_key=task_private_value +``` + + **Notes**: + +You must use the dynamic library of the scan module provided by etMem and implement the interfaces in the structure required for connecting to etMem. + +The `fd` field in the `eng_mgt_func` interface cannot be set to `0xff` or `0xfe`. + +Multiple third-party policy dynamic libraries can be added to a project. They are differentiated by `eng_name` in the configuration file. + +#### etMem Client and Server Help + +Run the following command to print the help information about the etMem server: + +```shell +etmemd -h +``` + +Or + +```shell +etmemd --help +``` + +Run the following command to print the help information about the etMem client: + +```shell +etmem help +``` + +Run the following command to print help information about projects, engines, and tasks on the etMem client: + +```shell +etmem obj help +``` + +Run the following command to print the help information about the project on the etMem client: + +```shell +etmem project help +``` + +### How to Contribute + +1. Fork this repository. +2. Create a branch. +3. Commit your code. +4. Create a pull request (PR). diff --git a/docs/en/docs/Administration/process-management.md b/docs/en/docs/Administration/process-management.md index 4032595e9628a73264e53976e363328e2a4cb716..c5905d3035ffa7bc5fd5ff6151ce6ed03c533e51 100644 --- a/docs/en/docs/Administration/process-management.md +++ b/docs/en/docs/Administration/process-management.md @@ -1,6 +1,6 @@ # Process Management -The operating system manages multiple user requests and tasks. In most cases, the operating system comes with only one CPU and one main memory, but it may have multiple tier-2 disks and input/output \(I/O\) devices. Therefore, users have to share resources, but it appears to users that they are exclusively occupying resources. The operating system places user tasks, OS tasks, emailing, print tasks, and other pending tasks in the queue and schedules the tasks according to predefined rules. In this topic, you will know how the operating system manages processes. +The operating system (OS) manages multiple user requests and tasks. In most cases, the OS comes with only one CPU and one main memory, but multiple tier-2 disks and input/output \(I/O\) devices. Therefore, users have to share resources, but it appears to users that they are exclusively occupying resources. The OS places user tasks, OS tasks, mailing, print tasks, and other pending tasks in a queue and schedules the tasks according to predefined rules. This topic describes how the OS manages processes. - [Process Management](#process-management) @@ -18,14 +18,15 @@ The operating system manages multiple user requests and tasks. In most cases, th ## Viewing Processes -Linux is a multi-task system and needs to get process information during process management. To manage processes, you first need to know the number of processes and their statuses. Multiple commands are available to view processes. +Linux is a multi-task system and needs to get process information during process management. To manage processes, you need to know the number of processes and their statuses. Multiple commands are available to view processes. ### who Command -The who command is used to display system user information. For example, before running the talk command to establish instant communication with another user, you need to run the who command to determine whether the target user is online. As another example, the system administrator can run the who command to learn what each login user is doing at the current time. The who command is widely seen in system administration since it is easy to use and can return a comprehensive set of accurate user information. -The following is an example output of the who command, where system users and their status are displayed: The use of the **who** command is as follows: +The `who` command is used to display system user information. For example, before running the `talk` command to establish instant communication with another user, you need to run the `who` command to determine whether the target user is online. In another example, the system administrator can run the `who` command to learn what each login user is doing at the current time. The `who` command is widely seen in system administration since it is easy to use and can return a comprehensive set of accurate user information. -``` +The following is an example output of the `who` command, where system users and their status are displayed: The use of the `who` command is as follows: + +```shell $ who admin tty1 Jul 28 15:55 admin pts/0 Aug 5 15:46 (192.168.0.110) @@ -38,9 +39,10 @@ root pts/8 Aug 6 11:34 (192.168.0.234) ``` ### ps Command -The **ps** command is the most basic and powerful command to view process information. The ps command is used to display process information, including which processes are running, terminated, resource-hungry, or stay as zombies. -A common scenario is using the ps command to monitor background processes, which do not interact with your screen, keyboard, and other I/O devices. [Table 1](#en-us_topic_0151921029_t34619d964a3d41ad8694189ec383359c) lists the common ps command options. +The `ps` command is the most basic and powerful command to view process information, including which processes are running, terminated, resource-hungry, or stay as zombies. + +A common scenario is to monitor background processes, which do not interact with your screen, keyboard, and other I/O devices. [Table 1](#en-us_topic_0151921029_t34619d964a3d41ad8694189ec383359c) lists the common `ps` command options. **Table 1** Common ps command options @@ -63,7 +65,7 @@ A common scenario is using the ps command to monitor background processes, which

-h

-

Hides column headings in the listing of process information.

+

Hides column headings in the process information.

-l

@@ -88,7 +90,7 @@ A common scenario is using the ps command to monitor background processes, which

-x

-

Lists all processes without controlling terminals.

+

Lists all processes without control terminals.

@@ -96,7 +98,7 @@ A common scenario is using the ps command to monitor background processes, which For example, to list all processes on a terminal, run the following command: -``` +```shell $ ps -a PID TTY TIME CMD 12175 pts/6 00:00:00 bash @@ -106,36 +108,38 @@ $ ps -a ``` ### top Command -Both the top and the ps commands can display a list of currently running processes, but the top command allows you to update the displayed list of processes repeatedly with the press of a button. If the top command is executed in foreground, it exclusively occupies foreground until it is terminated. The top command provides real-time visibility into system processor status. You can sort the list of CPU tasks by CPU usage, memory usage, or task execution time. Extensive customization of the display, such as choice of columns or sorting method, can be achieved using interactive commands or the customization file. -[Figure 1](#en-us_topic_0151921029_f289234fcdbac453796200d80e9889cd1) provides an example output of the top command. +Both the `top` and `ps` commands can display a list of currently running processes, but the `top` command allows you to update the displayed list of processes by pressing a button repeatedly. If the `top` command is executed in foreground, it exclusively occupies foreground until it is terminated. The `top` command provides real-time visibility into system processor status. You can sort the list of CPU tasks by CPU usage, memory usage, or task execution time. Extensive display customization, such as choosing the columns or sorting method, can be achieved using interactive commands or the customization file. + +[Figure 1](#en-us_topic_0151921029_f289234fcdbac453796200d80e9889cd1) provides an example output of the `top` command. **Figure 1** Example command output ![](./figures/example-command-output.png "example-command-output") ### kill Command -The **kill** command is used to terminate a process regardless of whether the process is running in foreground or background. It differs from the combo key **Ctrl+c**, which can terminate only foreground processes. The kill command is used to terminate a process regardless of whether the process is running in foreground or background. The reason for terminating a background process can be heavy use of CPU resources or deadlock. -The kill command sends a signal to terminate running processes. By default, the TERM signal is used. The TERM signal terminates all processes incapable of capturing the TERM signal. To terminate a process capable of capturing the TERM signal, use the KILL signal \(signal ID: 9\) instead. +The `kill` command is used to terminate a process regardless of whether the process is running in foreground or background. It differs from the combo key **Ctrl+C**, which can terminate only foreground processes. The reason for terminating a background process can be heavy use of CPU resources or deadlock. -Two types of syntax of the kill command: +The `kill` command sends a signal to terminate running processes. By default, the `TERM` signal is used, terminating all processes incapable of capturing it. To terminate a process capable of capturing the `TERM` signal, use the `KILL` signal \(signal ID: 9\) instead. -``` +Two types of syntax of the `kill` command: + +```shell kill [-s signal | -p] [-a] PID… kill -l [signal] ``` -The process ID is retrieved from the ps command. The **-s** option indicates the signal sent to specified program. The signal details can be viewed by running the **kill -l** command. The **-p** option indicates the specified process IDs. +The process ID can be retrieved by running the `ps` command. The `-s` option indicates the signal sent to the specified program. The signal details can be viewed by running the `kill -l` command. The `-p` option indicates the specified process ID. -For example, to terminate the process with ID 1409, run the following command as the **root** user: +For example, to terminate the process whose ID is 1409, run the following command as the **root** user: -``` -# kill -9 1409 +```shell +kill -9 1409 ``` -Example output of the kill command with the -l option +Example output of the `kill` command with the `-l` option -``` +```shell $ kill -l 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 @@ -154,34 +158,35 @@ $ kill -l ## Scheduling a Process -The time-consuming and resource-demanding part of maintenance work is often performed at late night. You can arrange relevant processes to get started at the scheduled time instead of staying up all night. Here, we will explain the process scheduling commands. - +The time-consuming and resource-demanding part of maintenance work is often performed at late night. You can schedule relevant processes to get started at the scheduled time instead of staying up all night. The following describes the process scheduling commands. ### Using the at Command to Run Processes at the Scheduled Time #### Function -The at command is used to run a batch of processes \(a series of commands\) at the scheduled time or time+date. -Syntax of the at command: +The `at` command is used to run a batch of processes \(a series of commands\) at the scheduled time or time and date. -``` +Syntax of the `at` command: + +```shell at [-V] [-q queue] [-f filename] [-mldbv] time at -c job [job...] ``` #### Time Format + The scheduled time can be in any of the following formats: -- hh:mm today: If hh:mm is earlier than the current time, the selected commands will be run at hh:mm the next day. -- midnight, noon, teatime \(typically at 16:00\), or the like -- 12-hour format followed by am or pm -- Time + date \(month day, mm/dd/yy, or dd.mm.yy\) The scheduled date must follow the scheduled time. +- _hh:mm_ today: If _hh:mm_ is earlier than the current time, the selected commands will be run at _hh:mm_ the next day. +- midnight, noon, teatime \(typically at 16:00\), or the like +- 12-hour format followed by am or pm +- Time + date \(_month day_, _mm/dd/yy_, or _dd.mm.yy_\). The scheduled date must follow the scheduled time. -The scheduled time can also be relative time, which is suitable for scheduling commands that are going to be executed soon. For example, now+_N_ minutes, hours, days, or weeks. _N_ is time, which may be a few days or hours. Further, the scheduled time can be words like today, tomorrow, or the like. Here are some examples of the scheduled time. +The scheduled time can also be relative time, which is suitable for scheduling commands that are going to be executed soon. For example, now+_N_ minutes, hours, days, or weeks. _N_ indicates the specified time, which may be a few days or hours. Further, the scheduled time can be words like today, tomorrow, or the like. Here are some examples of the scheduled time. -Imagine the current time is 12:30 June 7 2019 and you want to run a command at 4:30 pm. The scheduled time in the at command can be any of the following: +Assume that the current time is 12:30 June 7 2019 and you want to run a command at 4:30 pm. The time scheduled by the `at` command can be any of the following: -``` +```shell at 4:30pm at 16:30 at 16:30 today @@ -192,59 +197,63 @@ Imagine the current time is 12:30 June 7 2019 and you want to run a command at 4 at 16:30 Jun 7 ``` -Although you can select any of the preceding examples according to your preference, absolute time in 24-hour format, such as at 16:30 6/7/19, is recommended. +Although you can select any of the preceding examples according to your preference, absolute time in 24-hour format, such as `at 16:30 6/7/19`, is recommended. #### Privileges -Only commands from standard input or from the file specified by the -f option can be scheduled by the at command to be executed. If the su command is executed to switch the operating system from user A to user B and then the at command is executed at the shell prompt of user B, the at command execution result is sent to user B. whereas emails \(if any\) are sent to user A. -For example, to run the slocate -u command at 10 am on June 8, 2019, perform the following steps as the **root** user: +Only commands from standard input or from the file specified by the **-f** option can be scheduled by the `at` command. If the `su` command is executed to switch the OS from user A to user B and then the `at` command is executed at the shell prompt of user B, the `at` command execution result is sent to user B, whereas emails \(if any\) are sent to user A. -``` -# at 10:00 6/8/19 +For example, to run the `slocate -u` command at 10 am on June 8, 2019, run the following commands as the **root** user: + +```shell +$ at 10:00 6/8/19 at> slocate -u at> [1]+ Stopped at 10:00 6/8/19 ``` -When the at\> prompt appears, type **slocate -u** and press Enter. Repeat substep 2 to add other commands that need to be run at 10 am on 8 June 2015. Then, press Ctrl+d to exit the at command. +When the **at\>** prompt appears, type `slocate -u` and press **Enter**. Repeat the step to add other commands that need to be run at 10 am on 8 June 2019. Then, press **Ctrl+D** to exit the `at` command. -The administrator is authorized to run the at command unconditionally. For other users, their privilege to run the at command is defined in /etc/at.allow and /etc/at.deny files. +The administrator is authorized to run the `at` command unconditionally. For other users, their privileges to run the `at` command is defined in the **/etc/at.allow** and **/etc/at.deny** files. ### Using the cron Service to Run Commands Periodically -The at command can run commands at the scheduled time but only once. It means that after the running command is specified, the system completes the task at the specified time. If you need to run commands repeatedly, the cron service is a good helper. +The `at` command can run commands at the scheduled time, but only once. It means that after the commands to be run is specified, the system completes the task at the specified time. If you need to run the commands repeatedly, the **cron** service is a good choice. #### Cron Service -The **cron** service searches the **/var/spool/cron** directory for **crontab** files named by the user name in the /etc/passwd file and loads the search results into memory to execute the commands in the **crontab** files. Each user has a crontab file, with the file name being the same as the user name. For example, the **crontab** file of the **userexample** user is **/var/spool/cron/userexample**. -The **cron** service also reads the cron configuration file **/etc/crontab** every minute, which can be edited in various formats. If no crontab files are found, the **cron** service enters sleep mode and releases system resources. One minute later, the **cron** service is awoken to repeat the search work and command execution. Therefore, the background process occupies few resources and is wakened up every minute to check whether there are commands to be executed. +The **cron** service searches the **/var/spool/cron** directory for the **crontab** files named by the user name in the **/etc/passwd** file and loads the search results into memory to execute the commands in the **crontab** files. Each user has a **crontab** file with the same name as the user name. For example, the **crontab** file of the **userexample** user is **/var/spool/cron/userexample**. + +The **cron** service also reads the cron configuration file **/etc/crontab** every minute, which can be edited in various formats. If no **crontab** files are found, the **cron** service enters sleep mode and releases system resources. One minute later, the **cron** service is waken up to repeat the search work and command execution. Therefore, the background process occupies few resources and is wakened up every minute to check whether there are commands to be executed. -Command execution results are then mailed to users specified by the environment variable MAILTO in the /etc/crontab file. The **cron** service, once started, does not require manual intervention except when you need to replace periodic commands with new ones. +Command execution results are then mailed to users specified by the environment variable `MAILTO` in the **/etc/crontab** file. The **cron** service, once started, does not require manual intervention except when you need to replace the scheduled commands with new ones. #### crontab Command -The crontab command is used to install, edit, remove, list, and perform other operations on crontab files. Each user has its own crontab files and can add commands to be executed to the files. -Here are common crontab command options: +The `crontab` command is used to install, edit, remove, list, and perform other operations on **crontab** files. Each user has its own **crontab** files and can add commands to be executed to the files. -- crontab -u //Set the **cron** service of a user. This option is required only when the **crontab** command is run by the **root** user. -- crontab -l //List details of the **cron** service of a user. -- crontab -r //Remove the **cron** service of a user. -- crontab -e //Edit the **cron** service of a user. +Here are common `crontab` command options: -For example, to list cron service settings of the user **root**, run the following command: +- crontab -u //Set the **cron** service of a user. This option is required only when the `crontab` command is run by the **root** user. +- crontab -l //List details about the **cron** service of a user. +- crontab -r //Remove the **cron** service of a user. +- crontab -e //Edit the **cron** service of a user. -``` -# crontab -u root -l +For example, to list the **cron** service settings of the **root** user, run the following command: + +```shell +crontab -u root -l ``` #### crontab Files -Enter the commands to be executed and time in crontab files. Each line in the files contains six fields. The first five fields are the time when the specified command is executed, and the last field is the command to be executed. Fields are separated by spaces or tabs. The format is as follows: -``` +Enter the commands to be executed and their scheduled time in **crontab** files. Each line in the files contains six fields. The first five fields are the time when the specified command is executed, and the last field is the command to be executed. Fields are separated by spaces or tabs. The format is as follows: + +```text minute hour day-of-month month-of-year day-of-week commands ``` -Each field is described as follows: +The following table describes the fields in each line. **Table 2** Parameter description @@ -262,61 +271,61 @@ Each field is described as follows:

hour

-

The hour of the day at which periodic commands will be executed. Value range: 0–23.

+

The hour of the day at which scheduled commands will be executed. Value range: 0–23.

day-of-month

-

The day of month at which periodic commands will be executed. Value range: 1–31.

+

The day of the month on which scheduled commands will be executed. Value range: 1–31.

month-of-year

-

The month of year at which periodic commands will be executed. Value range: 1–12.

+

The month of the year in which scheduled commands will be executed. Value range: 1–12.

day-of-week

-

The day of week at which periodic commands will be executed. Value range: 0–6.

+

The day of the week on which scheduled commands will be executed. Value range: 0–6.

commands

-

Periodic commands.

+

Scheduled commands.

-The fields cannot be left unspecified. In addition to numerical values, the following special symbols are allowed: Asterisk \(\*\): a wildcard value. Forward slash \(/\): followed by a numeral N to indicate that commands will be executed at a regular interval of N. Hyphen \(-\): used with a range.Comma \(,\): used to separate discrete numbers. A complete path to the commands shall be provided. +The fields cannot be left unspecified. In addition to numerical values, the following special characters are allowed: asterisk \(\*\), indicating a wildcard value; forward slash \(/\), followed by a numeral value _N_ to indicate that commands will be executed at a regular interval of _N_; hyphen \(-\), used with a range; and comma \(,\), used to separate discrete values. A complete path to the commands must be provided. -For example, to allow the operating system to add sleepy to the /tmp/test.txt file every two hours from 18 pm to 22 pm, add the following line in a crontab file: +For example, to allow the OS to add **sleepy** to the **/tmp/test.txt** file every two hours from 18 pm to 22 pm, add the following line to a **crontab** file: -``` +```text * 18-22/2 * * * echo "sleepy" >> /tmp/test.txt ``` -Each time the cron service settings of a user are edited, the cron service generates in the /var/spool/cron directory a crontab file named after the user. The crontab file can be edited only using the crontab -e command. Alternatively, the user can create a file and run the crontab _filename_ command to import its cron settings into the new file. +Each time the **cron** service settings of a user are edited, the **cron** service generates a **crontab** file with the same name as the user in the **/var/spool/cron directory**. The **crontab** file can be edited only using the `crontab -e` command. Alternatively, the user can create a file and run the `crontab _filename_` command to import its **cron** settings to the new file. -For example, to create a crontab file for the userexample user, perform the following steps: The procedure is as follows: +For example, to create a **crontab** file for the **userexample** user, perform the following steps: -1. Create a file using any text editor. Add the commands that need to be executed periodically and the command execution interval to the new file. In this example, the new file is **\~/userexample.cron**. -2. Run the following command as the **root** user to install the new file as the crontab file of the userexample user: +1. Create a file using any text editor. Add the commands that need to be executed periodically and the command execution interval to the new file. In this example, the new file is **\~/userexample.cron**. +2. Run the following command as the **root** user to install the new file as the **crontab** file of the **userexample** user: - ``` - # crontab -u userexample ~/userexample.cron + ```shell + crontab -u userexample ~/userexample.cron ``` +After the new file is installed, you will find a file named **userexample** in the **/var/spool/cron** directory. This file is the required **crontab** file. -After the new file is installed, you will find a file named userexample in the **/var/spool/cron** directory. This file is the required crontab file. - ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->Do not restart the cron service after a crontab file is modified, because the cron service, once started, reads the crontab file every minute to check whether there are commands that need to be executed periodically. You do not need to restart the **cron** service after modifying the **crontab** file. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>Do not restart the **cron** service after a **crontab** file is modified, because the **cron** service, once started, reads the **crontab** file every minute to check whether there are commands that need to be executed periodically. #### /etc/crontab File -The **cron** service reads all files in the **/var/spool/cron** directory and the **crontab** file in the **/etc/crontab** directory every minute. Therefore, you can use the **cron** service by configuring the **crontab** file. A crontab file contains user-specific commands, whereas the **/etc/crontab** file contains system-wide commands. Example /etc/crontab file -``` +The **cron** service reads all files in the **/var/spool/cron** directory and the **/etc/crontab** file every minute. Therefore, you can use the **cron** service by configuring the **/etc/crontab** file. A **crontab** file contains user-specific commands, whereas the **/etc/crontab** file contains system-wide commands. The following is an example of the **/etc/crontab** file. + +```text SHELL=/bin/sh PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin MAILTO=root //If an error occurs or data is output, the data is sent to the account by email. @@ -328,11 +337,11 @@ HOME=/ 42 4 1 * * root run-parts /etc/cron.monthly //Run scripts in the /etc/cron.monthly directory once a month. ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->If the **run-parts** parameter is deleted, a script name instead of a directory name is executed. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>If the **run-parts** parameter is deleted, a script name instead of a directory name is used. ## Suspending/Resuming a Process -A process can be suspended or resumed by job control, and the process will continue to work from the suspended point after being resumed. To suspend a foreground process, press Ctrl+Z. After you press Ctrl+Z, the cat command is suspended together with the foreground process you wish to suspend. You can use the jobs command instead to display a list of shell jobs, including their job names, IDs, and status. +A process can be suspended or resumed by job control, and the process will continue to work from the suspended point after being resumed. To suspend a foreground process, press **Ctrl+Z**. After you press **Ctrl+Z**, the `cat` command is suspended together with the foreground process you want to suspend. You can use the `jobs` command instead to display a list of shell jobs, including their names, IDs, and status. -To resume a process in foreground or background, run the fg or bg command, respectively. The process then starts from where it paused previously. +To resume a process in foreground or background, run the `fg` or `bg` command, respectively. The process then starts from where it was suspended previously. diff --git a/docs/en/docs/Administration/service-management.md b/docs/en/docs/Administration/service-management.md index f7950c0494a2d0714b2cef3d08edd88b4e90a9a0..305f9a7d458f1e6b019bb7256674b29d8bdbcc9c 100644 --- a/docs/en/docs/Administration/service-management.md +++ b/docs/en/docs/Administration/service-management.md @@ -1,51 +1,13 @@ # Service Management This topic describes how to manage your operating system and services using the systemd. - - -- [Service Management](#service-management) - - [Introduction to systemd](#introduction-to-systemd) - - [Systemd Units](#systemd-units) - - [Features](#features) - - [Fast Activation](#fast-activation) - - [On-Demand Activation](#on-demand-activation) - - [Service Lifecycle Management by Cgroups](#service-lifecycle-management-by-cgroups) - - [Mount and Automount Point Management](#mount-and-automount-point-management) - - [Transactional Dependency Management](#transactional-dependency-management) - - [Compatibility with SysVinit Scripts](#compatibility-with-sysvinit-scripts) - - [System State Snapshots and System Restoration](#system-state-snapshots-and-system-restoration) - - [Managing System Services](#managing-system-services) - - [Comparison Between SysVinit and systemd Commands](#comparison-between-sysvinit-and-systemd-commands) - - [Listing Services](#listing-services) - - [Displaying Service Status](#displaying-service-status) - - [Starting a Service](#starting-a-service) - - [Stopping a Service](#stopping-a-service) - - [Restarting a Service](#restarting-a-service) - - [Enabling a Service](#enabling-a-service) - - [Disabling a Service](#disabling-a-service) - - [Changing a Runlevel](#changing-a-runlevel) - - [Targets and Runlevels](#targets-and-runlevels) - - [Viewing the Default Startup Target](#viewing-the-default-startup-target) - - [Viewing All Startup Targets](#viewing-all-startup-targets) - - [Changing the Default Target](#changing-the-default-target) - - [Changing the Current Target](#changing-the-current-target) - - [Changing to Rescue Mode](#changing-to-rescue-mode) - - [Changing to Emergency Mode](#changing-to-emergency-mode) - - [Shutting Down, Suspending, and Hibernating the Operating System](#shutting-down-suspending-and-hibernating-the-operating-system) - - [systemctl Command](#systemctl-command) - - [Shutting Down the Operating System](#shutting-down-the-operating-system) - - [Restarting the Operating System](#restarting-the-operating-system) - - [Suspending the Operating System](#suspending-the-operating-system) - - [Hibernating the Operating System](#hibernating-the-operating-system) - - - ## Introduction to systemd The systemd is a system and service manager for Linux operating systems. It is designed to be backward compatible with SysV and LSB init scripts, and provides a number of features such as Socket & D-Bus based activation of services, on-demand activation of daemons, system state snapshots, and mount & automount point management. With systemd, the service control logic and parallelization are refined. ### Systemd Units + In systemd, the targets of most actions are units, which are resources systemd know how to manage. Units are categorized by the type of resources they represent and defined in unit configuration files. For example, the avahi.service unit represents the Avahi daemon and is defined in the **avahi.service** file. [Table 1](#en-us_topic_0151921012_t2dcb6d973cc249ed9ccd56729751ca6b) lists available types of systemd units. **Table 1** Available types of systemd units @@ -171,14 +133,16 @@ All available types of systemd units are located in one of the following directo ## Features ### Fast Activation + The systemd provides more aggressive parallelization than UpStart. The use of Socket- and D-Bus based activation reduces the time required to boot the operating system. To accelerate system boot, systemd seeks to: -- Activate only the necessary processes -- Activate as many processes as possible in parallel +- Activate only the necessary processes +- Activate as many processes as possible in parallel ### On-Demand Activation + During SysVinit initialization, it activates all the possible background service processes that might be used. Users can log in only after all these service processes are activated. The drawbacks in SysVinit are obvious: slow system boot and a waste of system resources. Some services may rarely or even never be used during system runtime. For example, CUPS, printing services are rarely used on most servers. SSHD is rarely accessed on many servers. It is unnecessary to spend time on starting these services and system resources. @@ -186,13 +150,15 @@ Some services may rarely or even never be used during system runtime. For exampl systemd can only be activated when a service is requested. If the service request is over, systemd stops. ### Service Lifecycle Management by Cgroups + An important role of an init system is to track and manage the lifecycle of services. It can start and stop a service. However, it is more difficult than you could ever imagine to encode an init system into stopping services. -Service processes often run in background as daemons and sometimes fork twice. In UpStart, the expect stanza in the configuration file must be correctly configured. Otherwise, UpStart is unable to learn a daemon's PID by counting the number of forks. +Service processes often run in background as daemons and sometimes fork twice. In UpStart, the expect stanza in the configuration file must be correctly configured. Otherwise, UpStart is unable to learn a daemon's PID by counting the number of forks. Things are made simpler with Cgroups, which have long been used to manage system resource quotas. The ease of use comes largely from its file-system-like user interface. When a parent service creates a child service, the latter inherits all attributes of the Cgroup to which the parent service belongs. This means that all relevant services are put into the same Cgroup. The systemd can find the PIDs of all relevant services simply by traversing their control group and then stop them one by one. ### Mount and Automount Point Management + In traditional Linux systems, users can use the **/etc/fstab** file to maintain fixed file system mount points. These mount points are automatically mounted during system startup. Once the startup is complete, these mount points are available. These mount points are file systems critical to system running, such as the **HOME** directory. Like SysVinit, systemd manages these mount points so that they can be automatically mounted at system startup. systemd is also compatible with the **/etc/fstab** file. You can continue to use this file to manage mount points. There are times when you need to mount or unmount on demand. For example, a temporary mounting point is required for you to access the DVD content, and the mounting point is canceled \(using the **umount** command\) if you no longer need to access the content, thereby saving resources. This is traditionally achieved using the autofs service. @@ -200,14 +166,17 @@ There are times when you need to mount or unmount on demand. For example, a temp The systemd allows automatic mount without a need to install autofs. ### Transactional Dependency Management + System boot involves a host of separate jobs, some of which may be dependent on each other. For example, a network file system \(NFS\) can be mounted only after network connectivity is activated. The systemd can run a large number of dependent jobs in parallel, but not all of them. Looking back to the NFS example, it is impossible to mount NFS and activate network at the same time. Before running a job, systemd calculates its dependencies, creates a temporary transaction, and verifies that this transaction is consistent \(all relevant services can be activated without any dependency on each other\). ### Compatibility with SysVinit Scripts + Like UpStart, systemd introduces new configuration methods and has new requirements for application development. If you want to replace the currently running initialization system with systemd, systemd must be compatible with the existing program. It is difficult to modify all the service code in any Linux distribution in a short time for the purpose of using systemd. The systemd provides features compatible with SysVinit and LSB initscripts. You do not need to modify the existing services and processes in the system. This reduces the cost of migrating the system to systemd, making it possible for users to replace the existing initialization system with systemd. ### System State Snapshots and System Restoration + The systemd can be started on demand. Therefore, the running status of the system changes dynamically, and you cannot know the specific services that are running in the system. systemd snapshots enable the current system running status to be saved and restored. For example, if services A and B are running in the system, you can run the **systemd** command to create a snapshot for the current system running status. Then stop process A or make any other change to the system, for example, starting process C. After these changes, run the snapshot restoration command of systemd to restore the system to the point at which the snapshot was taken. That is, only services A and B are running. A possible application scenario is debugging. For example, when an exception occurs on the server, a user saves the current status as a snapshot for debugging, and then perform any operation, for example, stopping the service. After the debugging is complete, restore the snapshot. @@ -217,6 +186,7 @@ For example, if services A and B are running in the system, you can run the **s The systemd provides the systemctl command to start, stop, restart, view, enable, and disable system services. ### Comparison Between SysVinit and systemd Commands + The **systemctl** command from the **systemd** command has the functions similar to the **SysVinit** command. Note that the **service** and **chkconfig** commands are supported in this version. For details, see [Table 3](#en-us_topic_0151920917_ta7039963b0c74b909b72c22cbc9f2e28). You are advised to manage system services by running the **systemctl** command. **Table 3** Comparison between SysVinit and systemd commands @@ -318,23 +288,24 @@ The **systemctl** command from the **systemd** command has the functions sim ### Listing Services + To list all currently loaded services, run the following command: -``` +```shell systemctl list-units --type service ``` To list all services regardless of whether they are loaded, run the following command \(with the all option\): -``` +```shell systemctl list-units --type service --all ``` Example list of all currently loaded services: -``` +```shell $ systemctl list-units --type service -UNIT LOAD ACTIVE SUB JOB DESCRIPTION +UNIT LOAD ACTIVE SUB DESCRIPTION atd.service loaded active running Deferred execution scheduler auditd.service loaded active running Security Auditing Service avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack @@ -345,14 +316,14 @@ dracut-shutdown.service loaded active exited Restore /run/initram firewalld.service loaded active running firewalld - dynamic firewall daemon getty@tty1.service loaded active running Getty on tty1 gssproxy.service loaded active running GSSAPI Proxy Daemon -irqbalance.service loaded active running irqbalance daemon -iscsid.service loaded activating start start Open-iSCSI +...... ``` ### Displaying Service Status + To display the status of a service, run the following command: -``` +```shell systemctl status name.service ``` @@ -392,7 +363,7 @@ systemctl status name.service To verify whether a particular service is running, run the following command: -``` +```shell systemctl is-active name.service ``` @@ -400,39 +371,14 @@ The output of the **is-active** command is as follows: **Table 5** Output of the is-active command - - - - - - - - - - - - - - - - - - -

Status

-

Description

-

active(running)

-

One or more services are running in the system.

-

active(exited)

-

A service that ends properly after being executed only once. Currently, no program is running in the system. For example, the quotaon function is performed only when the program is started or mounted.

-

active(waiting)

-

The program needs to wait for other events to continue running. For example, the print queue service is being started, but it needs to be queued (print jobs) so that it can continue to wake up the printer service to perform the next print function.

-

inactive

-

The service is not running.

-
+| Status | Description | +|:---|:---| +| active | The service is running. | +| inactive | The service is not running. | Similarly, to determine whether a particular service is enabled, run the following command: -``` +```shell systemctl is-enabled name.service ``` @@ -512,8 +458,8 @@ The output of the **is-enabled** command is as follows: For example, to display the status of gdm.service, run the **systemctl status gdm.service** command. -``` -# systemctl status gdm.service +```shell +$ systemctl status gdm.service gdm.service - GNOME Display Manager Loaded: loaded (/usr/lib/systemd/system/gdm.service; enabled) Active: active (running) since Thu 2013-10-17 17:31:23 CEST; 5min ago Main PID: 1029 (gdm) CGroup: /system.slice/gdm.service @@ -523,35 +469,38 @@ gdm.service - GNOME Display Manager Loaded: loaded (/usr/lib/systemd/system/gd ``` ### Starting a Service + To start a service, run the following command as the user **root**: -``` +```shell systemctl start name.service ``` For example, to start the httpd service, run the following command: -``` -# systemctl start httpd.service +```shell +systemctl start httpd.service ``` ### Stopping a Service + To stop a service, run the following command as the user **root**: -``` +```shell systemctl stop name.service ``` For example, to stop the Bluetooth service, run the following command: -``` -# systemctl stop bluetooth.service +```shell +systemctl stop bluetooth.service ``` ### Restarting a Service + To restart a service, run the following command as the user **root**: -``` +```shell systemctl restart name.service ``` @@ -559,35 +508,37 @@ This command stops the selected service in the current session and immediately s For example, to restart the Bluetooth service, run the following command: -``` -# systemctl restart bluetooth.service +```shell +systemctl restart bluetooth.service ``` ### Enabling a Service + To configure a service to start automatically at system boot time, run the following command as the user **root**: -``` +```shell systemctl enable name.service ``` For example, to configure the httpd service to start automatically at system boot time, run the following command: -``` -# systemctl enable httpd.service +```shell +$ systemctl enable httpd.service ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' ``` ### Disabling a Service + To prevent a service from starting automatically at system boot time, run the following command as the user **root**: -``` +```shell systemctl disable name.service ``` For example, to prevent the Bluetooth service from starting automatically at system boot time, run the following command: -``` -# systemctl disable bluetooth.service +```shell +$ systemctl disable bluetooth.service Removed /etc/systemd/system/bluetooth.target.wants/bluetooth.service. Removed /etc/systemd/system/dbus-org.bluez.service. ``` @@ -595,6 +546,7 @@ Removed /etc/systemd/system/dbus-org.bluez.service. ## Changing a Runlevel ### Targets and Runlevels + In systemd, the concept of runlevels has been replaced with systemd targets to improve flexibility. For example, you can inherit an existing target and turn it into your own target by adding other services. [Table 7](#en-us_topic_0151920939_t9af92c282ad240ea9a79fb08d26e8181) provides a complete list of runlevels and their corresponding systemd targets. **Table 7** Mapping between runlevels and targets @@ -661,72 +613,71 @@ In systemd, the concept of runlevels has been replaced with systemd targets to i ### Viewing the Default Startup Target + Run the following command to view the default startup target of the system: -``` +```shell systemctl get-default ``` ### Viewing All Startup Targets + Run the following command to view all startup targets of the system: -``` +```shell systemctl list-units --type=target ``` ### Changing the Default Target + To change the default target, run the following command as the user **root**: -``` +```shell systemctl set-default name.target ``` ### Changing the Current Target + To change the current target, run the following command as the user **root**: -``` +```shell systemctl isolate name.target ``` ### Changing to Rescue Mode + To change the operating system to rescue mode, run the following command as the user **root**: -``` +```shell systemctl rescue ``` -This command is similar to the **systemctl isolate rescue.target** command. After the command is executed, the following information is displayed on the serial port: - -``` -You are in rescue mode. After logging in, type "journalctl -xb" to viewsystem logs, "systemctl reboot" to reboot, "systemctl default" or "exit"to boot into default mode. -Give root password for maintenance -(or press Control-D to continue): -``` - ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >You need to restart the system to enter the normal working mode from the rescue mode. ### Changing to Emergency Mode + To change the operating system to emergency mode, run the following command as the user **root**: -``` +```shell systemctl emergency ``` This command is similar to the **systemctl isolate emergency.target** command. After the command is executed, the following information is displayed on the serial port: -``` +```console You are in emergency mode. After logging in, type "journalctl -xb" to viewsystem logs, "systemctl reboot" to reboot, "systemctl default" or "exit"to boot into default mode. Give root password for maintenance (or press Control-D to continue): ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >You need to restart the system to enter the normal working mode from the emergency mode. ## Shutting Down, Suspending, and Hibernating the Operating System ### systemctl Command + The systemd uses the systemctl command instead of old Linux system management commands to shut down, restart, suspend, and hibernate the operating system. Although previous Linux system management commands are still available in systemd for compatibility reasons, you are advised to use **systemctl** when possible. The mapping relationship is shown in [Table 8](#en-us_topic_0151920964_t3daaaba6a03b4c36be9668efcdb61f3b). **Table 8** Mapping between old Linux system management commands and systemctl @@ -765,53 +716,57 @@ The systemd uses the systemctl command instead of old Linux system management co ### Shutting Down the Operating System + To shut down the system and power off the operating system, run the following command as the user **root**: -``` +```shell systemctl poweroff ``` To shut down the operating system without powering it off, run the following command as the user **root**: -``` +```shell systemctl halt ``` By default, running either of these commands causes systemd to send an informative message to all login users. To prevent systemd from sending this message, run this command with the **\-\-no\-wall** option. The command is as follows: -``` +```shell systemctl --no-wall poweroff ``` ### Restarting the Operating System + To restart the operating system, run the following command as the user **root**: -``` +```shell systemctl reboot ``` By default, running either of these commands causes systemd to send an informative message to all login users. To prevent systemd from sending this message, run this command with the **\-\-no\-wall** option. The command is as follows: -``` +```shell systemctl --no-wall reboot ``` ### Suspending the Operating System + To suspend the operating system, run the following command as the user **root**: -``` +```shell systemctl suspend ``` ### Hibernating the Operating System + To hibernate the operating system, run the following command as the user **root**: -``` +```shell systemctl hibernate ``` To suspend and hibernate the operating system, run the following command as the user **root**: -``` +```shell systemctl hybrid-sleep ``` diff --git a/docs/en/docs/Administration/setting-up-the-database-server.md b/docs/en/docs/Administration/setting-up-the-database-server.md index e52e5897b8c17dfd56c342a28c051c4453c91dcd..5d72f0f414a5aa27d10d308b9d2945882abf3603 100644 --- a/docs/en/docs/Administration/setting-up-the-database-server.md +++ b/docs/en/docs/Administration/setting-up-the-database-server.md @@ -1,32 +1,7 @@ # Setting Up the Database Server - - -- [Setting Up the Database Server](#setting-up-the-database-server) - - [PostgreSQL Server](#postgresql-server) - - [Software Description](#software-description) - - [Configuring the Environment](#configuring-the-environment) - - [Installing, Running, and Uninstalling PostgreSQL](#installing-running-and-uninstalling-postgresql) - - [Managing Database Roles](#managing-database-roles) - - [Managing Databases](#managing-databases) - - [MariaDB Server](#mariadb-server) - - [Software Description](#software-description-1) - - [Configuring the Environment](#configuring-the-environment-1) - - [Installing, Running, and Uninstalling MariaDB Server](#installing-running-and-uninstalling-mariadb-server) - - [Managing Database Users](#managing-database-users) - - [Managing Databases](#managing-databases-1) - - [MySQL Server](#mysql-server) - - [Software Description](#software-description-2) - - [Configuring the Environment](#configuring-the-environment-2) - - [Installing, Running, and Uninstalling MySQL](#installing-running-and-uninstalling-mysql) - - [Managing Database Users](#managing-database-users-1) - - [Managing Databases](#managing-databases-2) - - ## PostgreSQL Server - - ### Software Description [Figure 1](#fig26022387391) shows the PostgreSQL architecture and [Table 1](#table62020913417) describes the main processes. @@ -64,7 +39,7 @@

Postgres (subprocess)

The subprocess determines whether to allow the connection according to the security policy defined by the pg_hba.conf file. According to the security policy, the subprocess rejects certain IP addresses and networks, allows only certain users to connect to the databases, or allows only certain databases to be connected.

-

Postgres receives the query from the front end, searches the database, and returns the results. Sometimes, it also updates the database. The updated data is recorded in transaction logs (WAL logs for PostgreSQL). This method is used when the system is powered off, the server breaks down, or the server is restarted. In addition, the logs can also be used for data recovery in other scenarios. In PostgreSQL 9.0 or later, WAL logs can be transferred to other PostgreSQL systems to replicate database in real-time.

+

Postgres receives the query request from the front end, searches the database, and returns the results. Sometimes, it also updates the database. The updated data is recorded in transaction logs (WAL logs for PostgreSQL). This method is used when the system is powered off, the server breaks down, or the server is restarted. In addition, the logs can also be used for data recovery in other scenarios. In PostgreSQL 9.0 or later, WAL logs can be transferred to other PostgreSQL systems to replicate database in real-time.

Auxiliary processes

@@ -109,371 +84,364 @@ ### Configuring the Environment ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> >The following environment configuration is for reference only. Configure the environment based on the site requirements. - - #### Disabling the Firewall and Automatic Startup ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> >It is recommended that firewall be disabled in the test environment to prevent network impact. Configure the firewall based on actual requirements. -1. Stop the firewall service as the **root** user. +1. Stop the firewall service as the **root** user. - ``` - # systemctl stop firewalld + ```shell + systemctl stop firewalld ``` -2. Disable the firewall service as the **root** user. +2. Disable the firewall service as the **root** user. - ``` - # systemctl disable firewalld + ```shell + systemctl disable firewalld ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > >The automatic startup is automatically disabled as the firewall is disabled. - #### Disabling SELinux -1. Modify the configuration file as the **root** user. +1. Modify the configuration file as the **root** user. + ```shell + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux ``` - # sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux - ``` - #### Creating a User Group and a User ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> >In the server environment, independent users are assigned to each process to implement permission isolation for security purposes. The user group and user are created for the OS, not for the database. -1. Create a PostgreSQL user or user group as the **root** user. +1. Create a PostgreSQL user or user group as the **root** user. - ``` - # groupadd postgres + ```shell + groupadd postgres ``` - ``` - # useradd -g postgres postgres + ```shell + useradd -g postgres postgres ``` -2. Set the postgres user password as the **root** user. \(Enter the password twice for confirmation.\) +2. Set the postgres user password as the **root** user. \(Enter the password twice for confirmation.\) + ```shell + passwd postgres ``` - #passwd postgres - ``` - #### Creating Data Drives ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- When testing the ultimate performance, you are advised to attach NVMe SSDs with better I/O performance to create PostgreSQL test instances to avoid the impact of disk I/O on the performance test result. This section uses NVMe SSDs as an example. For details, see Step 1 to Step 4. ->- In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. -> \# mkdir /data +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- When testing the ultimate performance, you are advised to attach NVMe SSDs with better I/O performance to create PostgreSQL test instances to avoid the impact of disk I/O on the performance test result. This section uses NVMe SSDs as an example. For details, see Step 1 to Step 4. +>- In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. +> `mkdir /data` -1. Create a file system \(xfs is used as an example as the **root** user. Create the file system based on the site requirements.\). If a file system has been created for a disk, an error will be reported when you run this command. You can use the **-f** parameter to forcibly create a file system. +1. Create a file system \(xfs is used as an example as the **root** user. Create the file system based on the site requirements.\). If a file system has been created for a disk, an error will be reported when you run this command. You can use the **-f** parameter to forcibly create a file system. - ``` - # mkfs.xfs /dev/nvme0n1 + ```shell + mkfs.xfs /dev/nvme0n1 ``` -2. Create a data directory. +2. Create a data directory. - ``` - # mkdir /data + ```shell + mkdir /data ``` -3. Mount disks. +3. Mount disks. + ```shell + mount -o noatime,nobarrier /dev/nvme0n1 /data ``` - # mount -o noatime,nobarrier /dev/nvme0n1 /data - ``` - #### Data Directory Authorization -1. Modify the directory permission as the **root** user. +1. Modify the directory permission as the **root** user. - ``` - # chown -R postgres:postgres /data/ + ```shell + chown -R postgres:postgres /data/ ``` - ### Installing, Running, and Uninstalling PostgreSQL - #### Installing PostgreSQL -1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). -2. Clear the cache. +1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). +2. Clear the cache. - ``` - $ dnf clean all + ```shell + dnf clean all ``` -3. Create a cache. +3. Create a cache. - ``` - $ dnf makecache + ```shell + dnf makecache ``` -4. Install the PostgreSQL server as the **root** user. +4. Install the PostgreSQL server as the **root** user. - ``` - #dnf install postgresql-server + ```shell + dnf install postgresql-server ``` -5. Check the installed RPM package. +5. Check the installed RPM package. + ```shell + rpm -qa | grep postgresql ``` - $ rpm -qa | grep postgresql - ``` - #### Running PostgreSQL - - ##### Initializing the Database ->![](./public_sys-resources/icon-notice.gif) **NOTICE:** +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** +> >Perform this step as the postgres user. -1. Switch to the created PostgreSQL user. +1. Switch to the created PostgreSQL user. - ``` - # su - postgres + ```shell + su - postgres ``` -2. Initialize the database. In the command, **/usr/bin** is the directory where the **initdb** command is located. +2. Initialize the database. In the command, **/usr/bin** is the directory where the **initdb** command is located. - ``` - $ /usr/bin/initdb -D /data/ + ```shell + /usr/bin/initdb -D /data/ ``` - ##### Starting the Database -1. Enable the PostgreSQL database. +1. Enable the PostgreSQL database. - ``` - $ /usr/bin/pg_ctl -D /data/ -l /data/logfile start + ```shell + /usr/bin/pg_ctl -D /data/ -l /data/logfile start ``` -2. Check whether the PostgreSQL database process is started properly. +2. Check whether the PostgreSQL database process is started properly. - ``` - $ ps -ef | grep postgres + ```shell + ps -ef | grep postgres ``` If the following information is displayed, the PostgreSQL processes have been started. ![](./figures/postgres.png) - ##### Logging In to the Database -1. Log in to the database. +1. Log in to the database. - ``` - $ /usr/bin/psql -U postgres + ```shell + /usr/bin/psql -U postgres ``` ![](./figures/login.png) - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > >You do not need to enter a password when logging in to the database for the first time. - ##### Configuring the Database Accounts and Passwords -1. After login, set the postgres user password. +1. After login, set the postgres user password. - ``` + ```shell postgres=#alter user postgres with password '123456'; ``` ![](./figures/en-us_image_0230050789.png) - ##### Exiting the Database -1. Run **\\q** to exit from the database. +1. Run `\q` to exit from the database. - ``` + ```shell postgres=# \q ``` - ##### Stopping the Database -1. Stop the PostgreSQL database. +1. Stop the PostgreSQL database. + ```shell + /usr/bin/pg_ctl -D /data/ -l /data/logfile stop ``` - $/usr/bin/pg_ctl -D /data/ -l /data/logfile stop - ``` - #### Uninstalling PostgreSQL -1. Stop the database as the postgres user. +1. Stop the database as the postgres user. - ``` - $ /usr/bin/pg_ctl -D /data/ -l /data/logfile stop + ```shell + /usr/bin/pg_ctl -D /data/ -l /data/logfile stop ``` -2. Run the **dnf remove postgresql-server** command as the user **root** to uninstall the PostgreSQL database. +2. Run the `dnf remove postgresql-server` command as the user **root** to uninstall the PostgreSQL database. + ```shell + dnf remove postgresql-server ``` - # dnf remove postgresql-server - ``` - ### Managing Database Roles - - #### Creating a Role -You can use the **CREATE ROLE** statement or **createuser** command to create a role. The **createuser** command encapsulates the **CREATE ROLE** statement and needs to be executed on the shell GUI instead of the database GUI. +You can use the **CREATE ROLE** statement or `createuser` command to create a role. The `createuser` command encapsulates the **CREATE ROLE** statement and needs to be executed on the shell UI instead of the database UI. -``` +```shell CREATE ROLE rolename [ [ WITH ] option [ ... ] ]; ``` -``` +```shell createuser rolename ``` In the preceding information: -- **rolename**: indicates a role name. -- Parameters of the _option_ are as follows: - - **SUPERUSER | NOSUPERUSER**: determines whether a new role is a superuser. If this parameter is not specified, the default value **NOSUPERUSER** is used, indicating that the role is not a superuser. - - **CREATEDB | NOCREATEDB**: specifies whether a role can create a database. If this parameter is not specified, the default value **NOCREATEDB** is used, indicating that the role cannot create a database. - - **CREATEROLE | NOCREATEROLE**: determines whether a role can create roles. If this parameter is not specified, the default value **NOCREATEROLE** is used, indicating that the role cannot create roles. - - **INHERIT | NOINHERIT**: determines whether a role inherits the other roles' permissions in the group to which the role belongs. A role with the INHERIT attribute can automatically use any permissions that have been assigned to its direct or indirect group. If this parameter is not specified, the default value **INHERIT** is used. - - **LOGIN | NOLOGIN**: determines whether a role can log in. A role with the LOGIN attribute can be considered as a user. A role without this attribute can be used to manage database permissions but is not a user. If this attribute is not specified, the default value **NOLOGIN** is used. However, if **CREATE USER** instead of **CREATE ROLE** is used to create a role, the LOGIN attribute is used by default. - - **\[ENCRYPTED | UNENCRYPTED\] PASSWORD'password'**: password of a role. The password is valid only for roles with the LOGIN attribute. **ENCRYPTED | UNENCRYPTED**: determines whether to encrypt the password. If this parameter is not specified, the value **ENCRYPTED** is used, that is, the password is encrypted. - - **VALID UNTIL'timestamp'**: specifies the timestamp when the password of a role expires. If this parameter is not specified, the password is permanently valid. - - **IN ROLE rolename1**: lists one or more existing roles. The new role _rolename_ will be added to and become a member of **rolename1**. - - **ROLE rolename2**: lists one or more existing roles. These roles will be automatically added as members of the new role _rolename_. That is, the new role is a user group. - +- **rolename**: indicates a role name. +- Parameters of **option** are as follows: + - **SUPERUSER | NOSUPERUSER**: determines whether a new role is a superuser. If this parameter is not specified, the default value **NOSUPERUSER** is used, indicating that the role is not a superuser. + - **CREATEDB | NOCREATEDB**: specifies whether a role can create a database. If this parameter is not specified, the default value **NOCREATEDB** is used, indicating that the role cannot create a database. + - **CREATEROLE | NOCREATEROLE**: determines whether a role can create roles. If this parameter is not specified, the default value **NOCREATEROLE** is used, indicating that the role cannot create roles. + - **INHERIT | NOINHERIT**: determines whether a role inherits the other roles' permissions in the group to which the role belongs. A role with the INHERIT attribute can automatically use any permissions that have been assigned to its direct or indirect group. If this parameter is not specified, the default value **INHERIT** is used. + - **LOGIN | NOLOGIN**: determines whether a role can log in. A role with the LOGIN attribute can be considered as a user. A role without this attribute can be used to manage database permissions but is not a user. If this attribute is not specified, the default value **NOLOGIN** is used. However, if **CREATE USER** instead of **CREATE ROLE** is used to create a role, the LOGIN attribute is used by default. + - **\[ENCRYPTED | UNENCRYPTED\] PASSWORD'password'**: password of a role. The password is valid only for roles with the LOGIN attribute. **ENCRYPTED | UNENCRYPTED**: determines whether to encrypt the password. If this parameter is not specified, the value **ENCRYPTED** is used, that is, the password is encrypted. + - **VALID UNTIL'timestamp'**: specifies the timestamp when the password of a role expires. If this parameter is not specified, the password is permanently valid. + - **IN ROLE rolename1**: lists one or more existing roles. The new role _rolename_ will be added to and become a member of **rolename1**. + - **ROLE rolename2**: lists one or more existing roles. These roles will be automatically added as members of the new role _rolename_. That is, the new role is a user group. To run this command, you must have the CREATEROLE permission or is the database superuser. ##### Example -\#Create a role **roleexample1** who can log in. -``` +Create a role **roleexample1** who can log in. + +```shell postgres=# CREATE ROLE roleexample1 LOGIN; ``` -\#Create a role **roleexample2** with the password **123456**. +Create a role **roleexample2** whose password is **123456**. -``` +```shell postgres=# CREATE ROLE roleexample2 WITH LOGIN PASSWORD '123456'; ``` -\#Create a role named **roleexample3**. +Create a role named **roleexample3**. -``` +```shell [postgres@localhost ~]$ createuser roleexample3 ``` #### Viewing Roles -You can run the **SELECT** statement or the PostgreSQL meta-command **\\du** to view the role. +You can run the **SELECT** statement or the PostgreSQL meta-command `\du` to view the role. -``` +```pgsql SELECT rolename FROM pg_roles; ``` -``` +```pgsql \du ``` In the preceding command, _rolename_ indicates the role name. ##### Example -\#View the **roleexample1** role. -``` +View the **roleexample1** role. + +```shell postgres=# SELECT roleexample1 from pg_roles; ``` -\#View the existing roles. +View the existing roles. -``` +```shell postgres=# \du ``` #### Modifying a Role ##### Modifying a Username + Use the **ALTER ROLE** statement to modify an existing role name. -``` +```pgsql ALTER ROLE oldrolername RENAME TO newrolename; ``` In the preceding information: -- _oldrolername_: original role name. -- _newrolename_: new role name. +- _oldrolername_: original role name. +- _newrolename_: new role name. ##### Example of Modifying a User -\#Change the role name **roleexample1** to **roleexapme2**. -``` +Change the role name **roleexample1** to **roleexapme2**. + +```shell postgres=# ALTER ROLE roleexample1 RENAME TO roleexample2; ``` ##### Modifying a User Password + Use the **ALTER ROLE** statement to modify the login password of a role. -``` +```pgsql ALTER ROLE rolename PASSWORD 'password' ``` In the preceding information: -- _rolename_: indicates a role name. -- _password_: password. +- _rolename_: indicates a role name. +- _password_: password. ##### Example of Modifying the Password of a Role -\#Modify the password of **roleexample1** to **456789**. -``` +Modify the password of **roleexample1** to **456789**. + +```shell postgres=# ALTER ROLE roleexample1 WITH PASSWORD '456789'; ``` #### Deleting a Role -You can use the **DROP ROLE** statement or **dropuser** command to delete a role. The **dropuser** command encapsulates the **DROP ROLE** statement and needs to be executed on the shell GUI instead of the database GUI. +You can use the **DROP ROLE** statement or `dropuser` command to delete a role. The `dropuser` command encapsulates the **DROP ROLE** statement and needs to be executed on the shell GUI instead of the database GUI. -``` +```pgsql DROP ROLE rolename; ``` -``` +```shell dropuser rolename ``` In the preceding command, _rolename_ indicates the role name. ##### Example -\#Delete the **userexample1** role. -``` +Delete the **userexample1** role. + +```shell postgres=# DROP ROLE userexample1; ``` -\#Delete the **userexample2** role. +Delete the **userexample2** role. -``` +```shell [postgres@localhost ~]$ dropuser userexample2 ``` @@ -483,80 +451,81 @@ You can use the **GRANT** statement to grant permissions to a role. Grant the table operation permission to a role. -``` +```pgsql GRANT { { SELECT | INSERT | UPDATE | DELETE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] tablename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` Grant the sequence operation permission to a role. -``` +```pgsql GRANT { { USAGE | SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ON SEQUENCE sequencename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` Grant the database operation permission to a role. -``` +```pgsql GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] } ON DATABASE databasename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` Grant the function operation permission to a role. -``` +```pgsql GRANT { EXECUTE | ALL [ PRIVILEGES ] } ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` Grant the operation permission of the procedural language to a role. -``` +```pgsql GRANT { USAGE | ALL [ PRIVILEGES ] } ON LANGUAGE langname [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` Grant the schema operation permission to a role. -``` +```pgsql GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ON SCHEMA schemaname [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` Grant the tablespace operation permission to a role. -``` +```pgsql GRANT { CREATE | ALL [ PRIVILEGES ] } ON TABLESPACE tablespacename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` Assign the member relationship of rolename1 to rolename2. -``` +```pgsql GRANT rolename1 [, ...] TO rolename2 [, ...] [ WITH ADMIN OPTION ] ``` In the preceding information: -- **SELECT**, **INSERT**, **UPDATE**, **DELETE**, **REFERENCES**, **TRIGGER**, **USAGE**, **CREATE**, **CONNECT**, **TEMPORARY**, **TEMP**, **EXECUTE**, and **ALL \[**_PRIVILEGES_**\]** indicate user operation permissions. **ALL \[**_PRIVILEGES_**\]** indicates all permissions, the _PRIVILEGES_ keyword is optional in PostgreSQL, but it is required in strict SQL statements. -- **ON** clause: specifies the object on which the permission is granted. -- **tablename**: table name. -- **TO** clause: specifies the role to which the permission is granted. -- **rolename**, **rolename1**, and **rolename2**: role names. -- **groupname**: name of a role group. -- **PUBLIC**: indicates that the permission is granted to all roles, including users who may be created later. -- **WITH GRANT OPTION**: indicates that the recipient of a permission can grant the permission to others. This option cannot be assigned to PUBLIC. -- **sequencename**: sequence name. -- **databasename**: database name. -- **funcname \(\[\[argmode\] \[argname\] argtype \[, ...\]\]\)**: function name and its parameters. -- **langname**: procedural language name. -- **schemaname**: schema name. -- **tablespacename**: tablespace name. -- **WITH ADMIN OPTION**: A member can assign the member relationship of a role to other roles and cancel the member relationship of other roles. +- **SELECT**, **INSERT**, **UPDATE**, **DELETE**, **REFERENCES**, **TRIGGER**, **USAGE**, **CREATE**, **CONNECT**, **TEMPORARY**, **TEMP**, **EXECUTE**, and **ALL \[**_PRIVILEGES_**\]** indicate user operation permissions. **ALL \[**_PRIVILEGES_**\]** indicates all permissions, the _PRIVILEGES_ keyword is optional in PostgreSQL, but it is required in strict SQL statements. +- **ON** clause: specifies the object on which the permission is granted. +- **tablename**: table name. +- **TO** clause: specifies the role to which the permission is granted. +- **rolename**, **rolename1**, and **rolename2**: role names. +- **groupname**: name of a role group. +- **PUBLIC**: indicates that the permission is granted to all roles, including users who may be created later. +- **WITH GRANT OPTION**: indicates that the recipient of a permission can grant the permission to others. This option cannot be assigned to PUBLIC. +- **sequencename**: sequence name. +- **databasename**: database name. +- **funcname \(\[\[argmode\] \[argname\] argtype \[, ...\]\]\)**: function name and its parameters. +- **langname**: procedural language name. +- **schemaname**: schema name. +- **tablespacename**: tablespace name. +- **WITH ADMIN OPTION**: A member can assign the member relationship of a role to other roles and cancel the member relationship of other roles. ##### Example -\#Grant the CREATE permission on database1 to userexample. -``` +Grant the CREATE permission on database1 to **userexample**. + +```shell postgres=# GRANT CREATE ON DATABASE database1 TO userexample; ``` -\#Grant all permissions on table1 to all users. +Grant all permissions on table1 to all users. -``` +```shell postgres=# GRANT ALL PRIVILEGES ON TABLE table1 TO PUBLIC; ``` @@ -566,98 +535,97 @@ You can use the **REVOKE** statement to revoke the permissions previously gran Revoke the table operation permission from a role. -``` +```pgsql REVOKE [ GRANT OPTION FOR ] { { SELECT | INSERT | UPDATE | DELETE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] tablename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] ``` Revoke the sequence operation permission from a role. -``` +```pgsql REVOKE [ GRANT OPTION FOR ] { { USAGE | SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ON SEQUENCE sequencename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` Revoke the database operation permission from a role. -``` +```pgsql REVOKE [ GRANT OPTION FOR ] { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] } ON DATABASE databasename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` Revoke the function operation permission from a role. -``` +```pgsql REVOKE [ GRANT OPTION FOR ] { EXECUTE | ALL [ PRIVILEGES ] } ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` Revoke the procedural language operation permission from a role. -``` +```pgsql REVOKE [ GRANT OPTION FOR ] { USAGE | ALL [ PRIVILEGES ] } ON LANGUAGE langname [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` Revoke the schema operation permission from a role. -``` +```pgsql REVOKE [ GRANT OPTION FOR ] { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ON SCHEMA schemaname [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` Revoke the tablespace operation permission from a role. -``` +```pgsql REVOKE [ GRANT OPTION FOR ] { CREATE | ALL [ PRIVILEGES ] } ON TABLESPACE tablespacename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` Revoke the member relationship of rolename1 from rolename2. -``` +```pgsql REVOKE [ ADMIN OPTION FOR ] rolename1 [, ...] FROM rolename2 [, ...] [ CASCADE | RESTRICT ] ``` In the preceding information: -- **GRANT OPTION FOR**: The permission cannot be granted to others, but permission itself is not revoked. -- **SELECT**, **INSERT**, **UPDATE**, **DELETE**, **REFERENCES**, **TRIGGER**, **USAGE**, **CREATE**, **CONNECT**, **TEMPORARY**, **TEMP**, **EXECUTE**, and **ALL \[**_PRIVILEGES_**\]** indicate user operation permissions. **ALL \[**_PRIVILEGES_**\]** indicates all permissions, the _PRIVILEGES_ keyword is optional in PostgreSQL, but it is required in strict SQL statements. -- **ON** clause: specifies the object on which the permission is revoked. -- _tablename_: table name. -- **FROM** clause: specifies the role whose permission is revoked. -- _rolename_, _rolename1_, and _rolename2_: role names. -- _groupname_: name of a role group. -- **PUBLIC**: revokes the implicitly defined groups that have all roles. However, this does not mean that all roles lose the permissions. The permissions directly obtained and the permissions obtained through a group are still valid. -- _sequencename_: sequence name. -- **CASCADE**: revokes all dependent permissions. -- **RESTRICT**: does not revoke all dependent permissions. -- _databasename_: database name. -- **funcname \(**_\[\[argmode\] \[argname\] argtype \[, ...\]\]_**\)**: function name and its parameters. -- _langname_: procedural language name. -- _schemaname_: schema name. -- _tablespacename_: tablespace name. -- **ADMIN OPTION FOR**: The transferred authorization is not automatically revoked. +- **GRANT OPTION FOR**: The permission cannot be granted to others, but permission itself is not revoked. +- **SELECT**, **INSERT**, **UPDATE**, **DELETE**, **REFERENCES**, **TRIGGER**, **USAGE**, **CREATE**, **CONNECT**, **TEMPORARY**, **TEMP**, **EXECUTE**, and **ALL \[**_PRIVILEGES_**\]** indicate user operation permissions. **ALL \[**_PRIVILEGES_**\]** indicates all permissions, the _PRIVILEGES_ keyword is optional in PostgreSQL, but it is required in strict SQL statements. +- **ON** clause: specifies the object on which the permission is revoked. +- _tablename_: table name. +- **FROM** clause: specifies the role whose permission is revoked. +- _rolename_, _rolename1_, and _rolename2_: role names. +- _groupname_: name of a role group. +- **PUBLIC**: revokes the implicitly defined groups that have all roles. However, this does not mean that all roles lose the permissions. The permissions directly obtained and the permissions obtained through a group are still valid. +- _sequencename_: sequence name. +- **CASCADE**: revokes all dependent permissions. +- **RESTRICT**: does not revoke all dependent permissions. +- _databasename_: database name. +- **funcname \(**_\[\[argmode\] \[argname\] argtype \[, ...\]\]_**\)**: function name and its parameters. +- _langname_: procedural language name. +- _schemaname_: schema name. +- _tablespacename_: tablespace name. +- **ADMIN OPTION FOR**: The transferred authorization is not automatically revoked. ##### Example -\#Grant the CREATE permission on database1 to userexample. -``` +Grant the CREATE permission on database1 to userexample. + +```shell postgres=# GRANT CREATE ON DATABASE database1 TO userexample; ``` -\#Grant all permissions on table1 to all users. +Grant all permissions on table1 to all users. -``` +```shell postgres=# GRANT ALL PRIVILEGES ON TABLE table1 TO PUBLIC; ``` ### Managing Databases - - #### Creating a Database -You can use the **CREATE DATABASE** statement or the **createdb** command to create a role. The **createdb** command encapsulates the **CREATE DATABASE** statement and needs to be executed on the shell GUI instead of the database GUI. +You can use the **CREATE DATABASE** statement or the **createdb** command to create a database. The `createdb` command encapsulates the **CREATE DATABASE** statement and needs to be executed on the shell GUI instead of the database GUI. -``` +```pgsql CREATE DATABASE databasename; ``` -``` +```shell createdb databasename ``` @@ -666,9 +634,10 @@ In the preceding command, **databasename** indicates the database name. To use this command, you must have the CREATEDB permission. ##### Example -\# Create a database named **database1**. -``` + Create a database named **database1**. + +```shell postgres=# CREATE DATABASE database1; ``` @@ -676,16 +645,17 @@ postgres=# CREATE DATABASE database1; Use the **\\c** statement to select a database. -``` +```pgsql \c databasename; ``` In the preceding command, **databasename** indicates the database name. ##### Example -\#Select the **databaseexample** database. -``` +Select the **databaseexample** database. + +```shell postgres=# \c databaseexample; ``` @@ -693,29 +663,31 @@ postgres=# \c databaseexample; Use the **\\l** statement to view the database. -``` +```pgsql \l; ``` ##### Example -\#View all databases. -``` +View all databases. + +```shell postgres=# \l; ``` #### Deleting a Database -You can run the **DROP DATABASE** statement or **dropdb** command to delete a database. The **dropdb** command encapsulates the **DROP DATABASE** statement and needs to be executed on the shell GUI instead of the database GUI. +You can run the **DROP DATABASE** statement or `dropdb` command to delete a database. The `dropdb` command encapsulates the **DROP DATABASE** statement and needs to be executed on the shell GUI instead of the database GUI. ->![](./public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** +> >Exercise caution when deleting a database. Once a database is deleted, all tables and data in the database will be deleted. -``` +```pgsql DROP DATABASE databasename; ``` -``` +```shell dropdb databasename ``` @@ -726,75 +698,74 @@ The **DROP DATABASE** statement deletes the system directory items of the data **DROP DATABASE** can be executed only by the super administrator or database owner. ##### Example -\#Delete the **databaseexample** database. -``` +Delete the **databaseexample** database. + +```shell postgres=# DROP DATABASE databaseexample; ``` #### Backing Up a Database -Run the **pg\_dump** command to back up the database and dump the database to a script file or another archive file. +Run the `pg\_dump` command to back up the database and dump the database to a script file or another archive file. -``` +```shell pg_dump [option]... [databasename] > outfile ``` In the preceding information: -- _databasename_: database name. If this parameter is not specified, the environment variable **PGDATABASE** is used. If that environment variable is not specified, use the username that initiates the connection. -- _outfile_: database backup file. -- _option_: parameter option of the **pg\_dump** command. Multiple parameters can be separated by spaces. The common parameters of the **pg\_dump** command are as follows: - - **-f, \-\-file**= _filename_: specified output file. If this parameter is ignored, the standard output is used. - - **-d, \-\-dbname**= _databasename_: database to be dumped. - - **-h, \-\-host**= _hostname_: specifies the hostname. - - **-p, \-\-port**= _portnumber_: port number. - - **-U, \-\-username**= _username_: username of the connection. - - **-W, \-\-password**: forces PostgreSQL to prompt for a password before connecting to a database. - +- _databasename_: database name. If this parameter is not specified, the environment variable **PGDATABASE** is used. If that environment variable is not specified, use the username that initiates the connection. +- _outfile_: database backup file. +- _option_: parameter option of the `pg\_dump` command. Multiple parameters can be separated by spaces. The common parameters of the `pg\_dump` command are as follows: + - **-f, \-\-file**= _filename_: specified output file. If this parameter is ignored, the standard output is used. + - **-d, \-\-dbname**= _databasename_: database to be dumped. + - **-h, \-\-host**= _hostname_: specifies the hostname. + - **-p, \-\-port**= _portnumber_: port number. + - **-U, \-\-username**= _username_: username of the connection. + - **-W, \-\-password**: forces PostgreSQL to prompt for a password before connecting to a database. ##### Example -\#Back up the database1 database of user **postgres** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. -``` +Back up the database1 database of user **postgres** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. + +```shell [postgres@localhost ~]$ pg_dump -h 192.168.202.144 -p 3306 -U postgres -W database1 > db1.sql ``` #### Restoring a Database -Run the **psql** command to restore the database. +Run the `psql` command to restore the database. -``` +```shell psql [option]... [databasename [username]] < infile ``` In the preceding information: -- _databasename_: database name. If this parameter is not specified, the environment variable **PGDATABASE** is used. If that environment variable is not specified, use the username that initiates the connection. -- _username_: name of a user. -- _infile_: **outfile** parameter in the **pg\_dump** command. -- _option_: parameter option of the **psql** command. Multiple parameters can be separated by spaces. The common parameters of the **psql** command are as follows: - - **-f, \-\-file**= _filename_: specified output file. If this parameter is ignored, the standard output is used. - - **-d, \-\-dbname**= _databasename_: database to be dumped. - - **-h, \-\-host**= _hostname_: specifies the hostname. - - **-p, \-\-port**= _portnumber_: port number. - - **-U, \-\-username**= _username_: username of the connection. - - **-W, \-\-password**: forces PostgreSQL to prompt for a password before connecting to a database. - +- _databasename_: database name. If this parameter is not specified, the environment variable **PGDATABASE** is used. If that environment variable is not specified, use the username that initiates the connection. +- _username_: name of a user.`pg\_dump` command. +- _option_: parameter option of the `psql` command. Multiple parameters can be separated by spaces. The common parameters of the `sql` command are as follows: + - **-f, \-\-file**= _filename_: specified output file. If this parameter is ignored, the standard output is used. + - **-d, \-\-dbname**= _databasename_: database to be dumped. + - **-h, \-\-host**= _hostname_: specifies the hostname. + - **-p, \-\-port**= _portnumber_: port number. + - **-U, \-\-username**= _username_: username of the connection. + - **-W, \-\-password**: forces PostgreSQL to prompt for a password before connecting to a database. -The **psql** command cannot be used to automatically create the **databasename** database. Therefore, you need to create the **databasename** database before running the **psql** command to restore the database. +The `psql` command cannot be used to automatically create the **databasename** database. Therefore, you need to create the **databasename** database before running the `psql` command to restore the database. ##### Example -\#Import the **db1.sql** script file to the newdb database of the postgres user on the host **192.168.202.144** through port **3306**. -``` +Import the **db1.sql** script file to the newdb database of the postgres user on the host **192.168.202.144** through port **3306**. + +```shell [postgres@localhost ~]$ createdb newdb [postgres@localhost ~]$ psql -h 192.168.202.144 -p 3306 -U postgres -W -d newdb < db1.sql ``` ## MariaDB Server - ### Software Description The MariaDB database management system is a branch of MySQL and is maintained by the open-source community. The MariaDB database management system uses the General Public License \(GPL\). MariaDB is designed to be fully compatible with MySQL, including APIs and command lines, so that it can easily replace MySQL. MariaDB also provides many new features. @@ -806,278 +777,273 @@ The MariaDB database management system is a branch of MySQL and is maintained by When MariaDB receives a SQL statement, the execution process is as follows: -1. When a client connects to MariaDB, the hostname, username, and password of the client are authenticated. The authentication function can be implemented as a plug-in. -2. If the login is successful, the client sends SQL commands to the server. The parser parses the SQL statements. -3. The server checks whether the client has the permission to obtain the required resources. -4. If the query has been stored in the query cache, the result is returned immediately. -5. The optimizer will find the fastest execution policy or plan. That is, the optimizer can determine which tables will be read, which indexes will be accessed, and which temporary tables will be used. A good policy can reduce a large number of disk access and sorting operations. -6. Storage engines read and write data and index files. Caches are used to accelerate these operations. Other features such as transactions and foreign keys are processed at the storage engine layer. +1. When a client connects to MariaDB, the hostname, username, and password of the client are authenticated. The authentication function can be implemented as a plug-in. +2. If the login is successful, the client sends SQL commands to the server. The parser parses the SQL statements. +3. The server checks whether the client has the permission to obtain the required resources. +4. If the query has been stored in the query cache, the result is returned immediately. +5. The optimizer will find the fastest execution policy or plan. That is, the optimizer can determine which tables will be read, which indexes will be accessed, and which temporary tables will be used. A good policy can reduce a large number of disk access and sorting operations. +6. Storage engines read and write data and index files. Caches are used to accelerate these operations. Other features such as transactions and foreign keys are processed at the storage engine layer. Storage engines manage and control data at the physical layer. They manage data files, data, indexes, and caches, making data management and reading more efficient. Each table has a .frm file that contains table definitions. Each storage engine manages and stores data in different ways, and supports different features and performance. For example: -- MyISAM: suitable for environments with more reads and fewer writes. It does not support transactions and supports full-text indexes. -- noDB: supports transactions, row locks, and foreign keys. -- MEMORY: stores data in the memory. -- CSV: stores data in CSV format. +- MyISAM: suitable for environments with more reads and fewer writes. It does not support transactions and supports full-text indexes. +- noDB: supports transactions, row locks, and foreign keys. +- MEMORY: stores data in the memory. +- CSV: stores data in CSV format. ### Configuring the Environment ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> >The following environment configuration is for reference only. Configure the environment based on the site requirements. - - #### Disabling the Firewall and Automatic Startup ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> >It is recommended that firewall be disabled in the test environment to prevent network impact. Configure the firewall based on actual requirements. -1. Stop the firewall service as the **root** user. +1. Stop the firewall service as the **root** user. - ``` - # systemctl stop firewalld + ```shell + systemctl stop firewalld ``` -2. Disable the firewall service as the **root** user. +2. Disable the firewall service as the **root** user. - ``` - # systemctl disable firewalld + ```shell + systemctl disable firewalld ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > >The automatic startup is automatically disabled as the firewall is disabled. - #### Disabling SELinux -1. Modify the configuration file as the **root** user. +1. Modify the configuration file as the **root** user. + ```shell + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux ``` - # sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux - ``` - #### Creating a User Group and a User ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> >In the server environment, independent users are assigned to each process to implement permission isolation for security purposes. The user group and user are created for the OS, not for the database. -1. Create a MySQL user or user group as the **root** user. +1. Create a MySQL user or user group as the **root** user. - ``` - # groupadd mysql + ```shell + groupadd mysql ``` - ``` - # useradd -g mysql mysql + ```shell + useradd -g mysql mysql ``` -2. Set the user password as the **root** user. +2. Set the user password as the **root** user. - ``` - # passwd mysql + ```shell + passwd mysql ``` Enter the password twice for confirmation. - #### Creating Data Drives ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- If a performance test needs to be performed, an independent drive is required for the data directory. You need to format and mount the drive. For details, see Method 1 or Method 2. ->- In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- If a performance test needs to be performed, an independent drive is required for the data directory. You need to format and mount the drive. For details, see Method 1 or Method 2. +>- In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. > \# mkdir /data ##### Method 1: Using fdisk for Drive Management as the **root** user -1. Create a partition, for example, **/dev/sdb**. - ``` - # fdisk /dev/sdb +1. Create a partition, for example, **/dev/sdb**. + + ```shell + fdisk /dev/sdb ``` -2. Enter **n** and press **Enter**. -3. Enter **p** and press **Enter**. -4. Enter **1** and press **Enter**. -5. Retain the default settings and press **Enter**. -6. Retain the default settings and press **Enter**. -7. Enter **w** and press **Enter**. -8. Create a file system, for example, **xfs**. +2. Enter **n** and press **Enter**. +3. Enter **p** and press **Enter**. +4. Enter **1** and press **Enter**. +5. Retain the default settings and press **Enter**. +6. Retain the default settings and press **Enter**. +7. Enter **w** and press **Enter**. +8. Create a file system, for example, **xfs**. - ``` - # mkfs.xfs /dev/sdb1 + ```shell + mkfs.xfs /dev/sdb1 ``` -9. Mount the partition to **/data** for the OS. +9. Mount the partition to **/data** for the OS. - ``` - # mkdir /data + ```shell + mkdir /data ``` - ``` - # mount /dev/sdb1 /data + ```shell + mount /dev/sdb1 /data ``` -10. Run the **vi /etc/fstab** command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. +10. Run the `vi /etc/fstab` command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. In the last line, **/dev/nvme0n1p1** is only an example. ![](./figures/Creating_DataDisk.png) - ##### Method 2: Using LVM for Drive Management as the **root** user ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->Install the LVM2 package in the image as follows: ->1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). If the repository has been configured, skip this step. ->2. Install LVM2. -> **\# yum install lvm2** +> +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>Install the LVM2 package in the image as follows: +> +>1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). If the repository has been configured, skip this step. +>2. Install LVM2. +> `\# yum install lvm2` -1. Create a physical volume, for example, **sdb**. +1. Create a physical volume, for example, **sdb**. - ``` - # pvcreate /dev/sdb + ```shell + pvcreate /dev/sdb ``` -2. Create a physical volume group, for example, **datavg**. +2. Create a physical volume group, for example, **datavg**. - ``` - # vgcreate datavg /dev/sdb + ```shell + vgcreate datavg /dev/sdb ``` -3. Create a logical volume, for example, **datalv** of 600 GB. +3. Create a logical volume, for example, **datalv** of 600 GB. - ``` - # lvcreate -L 600G -n datalv datavg + ```shell + lvcreate -L 600G -n datalv datavg ``` -4. Create a file system. +4. Create a file system. - ``` - # mkfs.xfs /dev/datavg/datalv + ```shell + mkfs.xfs /dev/datavg/datalv ``` -5. Create a data directory and mount it. +5. Create a data directory and mount it. - ``` - # mkdir /data + ```shell + mkdir /data ``` - ``` - # mount /dev/datavg/datalv /data + ```shell + mount /dev/datavg/datalv /data ``` -6. Run the **vi /etc/fstab** command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. +6. Run the `vi /etc/fstab` command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. In the last line, **/dev/datavg/datalv** is only an example. ![](./figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png) - #### Creating a Database Directory and Granting Permissions -1. In the created data directory **/data**, create directories for processes and grant permissions to the MySQL group or user created as the **root** user. +1. In the created data directory **/data**, create directories for processes and grant permissions to the MySQL group or user created as the **root** user. + ```shell + mkdir -p /data/mariadb + cd /data/mariadb + mkdir data tmp run log + chown -R mysql:mysql /data ``` - # mkdir -p /data/mariadb - # cd /data/mariadb - # mkdir data tmp run log - # chown -R mysql:mysql /data - ``` - ### Installing, Running, and Uninstalling MariaDB Server - #### Installing MariaDB -1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). -2. Clear the cache. +1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). +2. Clear the cache. - ``` - $ dnf clean all + ```shell + dnf clean all ``` -3. Create a cache. +3. Create a cache. - ``` - $ dnf makecache + ```shell + dnf makecache ``` -4. Install the MariaDB server. +4. Install the MariaDB server. - ``` - # dnf install mariadb-server + ```shell + dnf install mariadb-server ``` -5. Check the installed RPM package. +5. Check the installed RPM package. + ```shell + rpm -qa | grep mariadb ``` - $ rpm -qa | grep mariadb - ``` - #### Running MariaDB Server -1. Start the MariaDB server as the **root** user. +1. Start the MariaDB server as the **root** user. - ``` - # systemctl start mariadb + ```shell + systemctl start mariadb ``` -2. Initialize the database as the **root** user. +2. Initialize the database as the **root** user. - ``` - # /usr/bin/mysql_secure_installation + ```shell + /usr/bin/mysql_secure_installation ``` During the command execution, you need to enter the password of the database user **root**. If no password is set, press **Enter**. Then, set the password as prompted. -3. Log in to the database. +3. Log in to the database. - ``` - $ mysql -u root -p + ```shell + mysql -u root -p ``` After the command is executed, the system prompts you to enter the password. The password is the one set in [2](#li197143190587). - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >Run the **\\q** or **exit** command to exit the database. - + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > + >Run the `\\q` or `exit` command to exit the database. #### Uninstalling MariaDB -1. Stop the database process as the **root** user. +1. Stop the database process as the **root** user. - ``` - $ ps -ef | grep mysql - # kill -9 PID + ```shell + systemctl stop mariadb ``` -2. Run the **dnf remove mariadb-server** command as the **root** user to uninstall MariaDB. +2. Run the `dnf remove mariadb-server` command as the **root** user to uninstall MariaDB. + ```shell + dnf remove mariadb-server ``` - # dnf remove mariadb-server - ``` - ### Managing Database Users - - #### Creating Users Run the **CREATE USER** statement to create one or more users and set corresponding passwords. -``` +```pgsql CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; ``` In the preceding information: -- _username_: name of a user. -- _host_: hostname, that is, the name of the host where the user connects to the database. As a local user, you can set the parameter to **localhost**. If the host name is not specified during user creation, the host name is **%** by default, indicating a group of hosts. -- _password_: password for logging in to the server. The password can be null. If the password is null, the user can log in to the server without entering the password. This method, however, is not recommended because it provides low security. +- _username_: name of a user. +- _host_: hostname, that is, the name of the host where the user connects to the database. As a local user, you can set the parameter to **localhost**. If the host name is not specified during user creation, the host name is **%** by default, indicating a group of hosts. +- _password_: password for logging in to the server. The password can be null. If the password is null, the user can log in to the server without entering the password. This method, however, is not recommended because it provides low security. To use the **CREATE USER** statement, you must have the INSERT permission on the database or the global CREATE USER permission. @@ -1086,15 +1052,16 @@ After a user account is created using the **CREATE USER** statement, a record A new user has few permissions and can perform only operations that do not require permissions. For example, a user can run the **SHOW** statement to query the list of all storage engines and character sets. ##### Example -\#Create a local user whose password is 123456 and username is userexample1. -``` +Create a local user **userexample1** whose password is **123456**. + +```pgsql > CREATE USER 'userexample1'@'localhost' IDENTIFIED BY '123456'; ``` -\#Create a user whose password is 123456, username is userexample2, and hostname is 192.168.1.100. +Create a user **userexample2** whose password is **123456** and hostname is **192.168.1.100**. -``` +```pgsql > CREATE USER 'userexample2'@'192.168.1.100' IDENTIFIED BY '123456'; ``` @@ -1104,89 +1071,95 @@ Run the **SHOW GRANTS** or **SELECT** statement to view one or more users. View a specific user: -``` +```pgsql SHOW GRANTS [FOR 'username'@'hostname']; ``` -``` +```pgsql SELECT USER,HOST,PASSWORD FROM mysql.user WHERE USER='username'; ``` View all users: -``` +```pgsql SELECT USER,HOST,PASSWORD FROM mysql.user; ``` In the preceding information: -- _username_: name of a user. -- _hostname_: host name. +- _username_: name of a user. +- _hostname_: host name. ##### Example -\#View the user userexample1. -``` +View user **userexample1**. + +```pgsql > SHOW GRANTS FOR 'userexample1'@'localhost'; ``` -\#View all users in the MySQL database. +View all users in the MySQL database. -``` +```pgsql > SELECT USER,HOST,PASSWORD FROM mysql.user; ``` #### Modifying Users ##### Modifying a Username + Run the **RENAME USER** statement to change one or more existing usernames. -``` +```pgsql RENAME USER 'oldusername'@'hostname' TO 'newusername'@'hostname'; ``` In the preceding information: -- _oldusername_: original username. -- _newusername_: new username. -- _hostname_: host name. +- _oldusername_: original username. +- _newusername_: new username. +- _hostname_: host name. The **RENAME USER** statement is used to rename an existing account. If the original account does not exist in the system or the new account exists, an error will occur when the statement is executed. To use the **RENAME USER** statement, you must have the UPDATE permission on the database or the global CREATE USER permission. ##### Example of Modifying a User -\# Change the username **userexample1** to **userexample2** and change the hostname to **locahost**. -``` + Change the username **userexample1** to **userexample2** and change the hostname to **locahost**. + +```pgsql > RENAME USER 'userexample1'@'localhost' TO 'userexample2'@'localhost'; ``` ##### Modifying a User Password + Use the **SET PASSWORD** statement to modify the login password of a user. -``` +```pgsql SET PASSWORD FOR 'username'@'hostname' = PASSWORD('newpassword'); ``` In the preceding information: -- **FOR 'username'@'hostname'**: specifies the username and hostname whose password is to be changed. This parameter is optional. -- **PASSWORD\('newpassword'\)**: indicates that the **PASSWORD\(\)** function is used to set a new password. That is, the new password must be transferred to the **PASSWORD\(\)** function for encryption. +- **FOR 'username'@'hostname'**: specifies the username and hostname whose password is to be changed. This parameter is optional. +- **PASSWORD\('newpassword'\)**: indicates that the **PASSWORD\(\)** function is used to set a new password. That is, the new password must be transferred to the **PASSWORD\(\)** function for encryption. ->![](./public_sys-resources/icon-caution.gif) **CAUTION:** ->The **PASSWORD\(\)** function is a unidirectional encryption function. Once encrypted, the original plaintext cannot be decrypted. +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** +> +>The **PASSWORD\(\)** function is a unidirectional encryption function. Once encrypted, the ciphertext cannot be decrypted. If the **FOR** clause is not added to the **SET PASSWORD** statement, the password of the current user is changed. -The **FOR** clause must be given in the format of **'**_username_**'@'**_hostname_**'**, where _username_ indicates the username of the account and _hostname_ indicates the hostname of the account. +The **FOR** clause must be given in the format of **'_username_'@'_hostname_'**, where **_username_** indicates the username of the account and **_hostname_** indicates the hostname of the account. The account whose password is to be changed must exist in the system. Otherwise, an error occurs when the statement is executed. ##### Example of Changing a User Password -\#Change the password of user **userexample** whose hostname is **locahost** to **0123456**. -``` +Change the password of user **userexample** whose hostname is **locahost** to **0123456**. + +```pgsql > SET PASSWORD FOR 'userexample'@'localhost' = PASSWORD('0123456') ; ``` @@ -1194,11 +1167,12 @@ The account whose password is to be changed must exist in the system. Otherwise, Use the **DROP USER** statement to delete one or more user accounts and related permissions. -``` +```pgsql DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']...; ``` ->![](./public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** +> >The deletion of users does not affect the tables, indexes, or other database objects that they have created, because the database does not record the accounts that have created these objects. The **DROP USER** statement can be used to delete one or more database accounts and their original permissions. @@ -1208,9 +1182,10 @@ To use the **DROP USER** statement, you must have the DELETE permission on the In the **DROP USER** statement, if the hostname of an account is not specified, the hostname is **%** by default. ##### Example -\#Delete the local user **userexample**. -``` +Delete the local user **userexample**. + +```pgsql > DROP USER 'userexample'@'localhost'; ``` @@ -1218,19 +1193,19 @@ In the **DROP USER** statement, if the hostname of an account is not specified Run the **GRANT** statement to grant permissions to a new user. -``` +```pgsql GRANT privileges ON databasename.tablename TO 'username'@'hostname'; ``` In the preceding information: -- **ON** clause: specifies the object and its level on which the permission is granted. -- **privileges**: indicates the operation permissions of a user, such as **SELECT**, INSERT, and **UPDATE**. To grant all permissions to a user, use **ALL**. -- _databasename_: database name. -- _tablename_: table name. -- **TO** clause: sets the user password and specifies the user to whom the permission is granted. -- _username_: name of a user. -- _hostname_: host name. +- **ON** clause: specifies the object and its level on which the permission is granted. +- **privileges**: indicates the operation permissions of a user, such as **SELECT**, INSERT, and **UPDATE**. To grant all permissions to a user, use **ALL**. +- _databasename_: database name. +- _tablename_: table name. +- **TO** clause: sets the user password and specifies the user to whom the permission is granted. +- _username_: name of a user. +- _hostname_: host name. To grant the user the permission to operate all databases and tables, use asterisks \(\*\), for example, **\*.\***. @@ -1239,9 +1214,10 @@ If you specify a password for an existing user in the **TO** clause, the new p If the permission is granted to a non-existent user, a **CREATE USER** statement is automatically executed to create the user, but the password must be specified for the user. ##### Example -\#Grant the SELECT and INSERT permissions to local user userexample. -``` +Grant the SELECT and INSERT permissions to the local user **userexample**. + +```pgsql > GRANT SELECT,INSERT ON *.* TO 'userexample'@'localhost'; ``` @@ -1249,7 +1225,7 @@ If the permission is granted to a non-existent user, a **CREATE USER** stateme Run the **REVOKE** statement to delete the permissions of a user, but the user will not be deleted. -``` +```pgsql REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; ``` @@ -1258,30 +1234,30 @@ The parameters in the **REVOKE** statement are the same as those in the **GRA To use the **REVOKE** statement, you must have the global CREATE USER or UPDATE permission for the database. ##### Example -\#Delete the INSERT permission of local user userexample. -``` +Delete the INSERT permission of the local user **userexample**. + +```pgsql > REVOKE INSERT ON *.* FROM 'userexample'@'localhost'; ``` ### Managing Databases - - #### Creating a Database Run the **CREATE DATABASE** statement to create a database. -``` +```pgsql CREATE DATABASE databasename; ``` In the preceding command, _databasename_ can be replaced with the database name, which is case insensitive. ##### Example -\#Create a database named **databaseexample**. -``` +Create a database named **databaseexample**. + +```pgsql > CREATE DATABASE databaseexample; ``` @@ -1289,14 +1265,15 @@ In the preceding command, _databasename_ can be replaced with the database nam Run the **SHOW DATABASES** statement to view a database. -``` +```pgsql SHOW DATABASES; ``` ##### Example -\#View all databases. -``` +View all databases. + +```pgsql > SHOW DATABASES; ``` @@ -1304,16 +1281,17 @@ SHOW DATABASES; Generally, you need to select a target database before creating or querying a table. Use the **USE** statement to select a database. -``` +```pgsql USE databasename; ``` In the preceding command, **databasename** indicates the database name. ##### Example -\#Select the **databaseexample** database. -``` +Select the **databaseexample** database. + +```pgsql > USE databaseexample; ``` @@ -1321,10 +1299,11 @@ In the preceding command, **databasename** indicates the database name. You can run the **DROP DATABASE** statement to delete a database. ->![](./public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** +> >Exercise caution when deleting a database. Once a database is deleted, all tables and data in the database will be deleted. -``` +```pgsql DROP DATABASE databasename; ``` @@ -1337,110 +1316,110 @@ To use **DROP DATABASE**, you need the **DROP** permission on the database. **DROP SCHEMA** is a synonym of **DROP DATABASE**. ##### Example -\#Delete the **databaseexample** database. -``` +Delete the **databaseexample** database. + +```pgsql > DROP DATABASE databaseexample; ``` #### Backing Up a Database -Run the **mysqldump** command as the **root** user to back up the database. +Run the `mysqldump` command as the **root** user to back up the database. Back up one or more tables. -``` +```shell mysqldump [options] databasename [tablename ...] > outfile ``` Back up one or more databases: -``` +```shell mysqldump [options] -databases databasename ... > outfile ``` Back up all databases: -``` +```shell mysqldump [options] -all-databases > outputfile ``` In the preceding information: -- _databasename_: database name. -- _tablename_: name of a data table. -- _outfile_: database backup file. -- _options_: parameter option of the **mysqldump** command. Multiple parameters can be separated by spaces. The common parameters of the **mysqldump** command are as follows: - - **-u, \-\-user**= _username_: specifies the username. - - **-p, \-\-password**\[= _password_\]: specifies the password. - - **-P, \-\-port**= _portnumber_: specifies the port number. - - **-h, \-\-host**= _hostname_: specifies the hostname. - - **-r, \-\-result-file**= _filename_: saves the export result to a specified file, which is equivalent to **\>**. - - **-t**: backs up data only. - - **-d**: backs up the table structure only. - +- _databasename_: database name. +- _tablename_: name of a data table. +- _outfile_: database backup file. +- _options_: parameter option of the `mysqldump` command. Multiple parameters can be separated by spaces. The common parameters of the `mysqldump` command are as follows: + - **-u, \-\-user**= _username_: specifies the username. + - **-p, \-\-password**\[= _password_\]: specifies the password. + - **-P, \-\-port**= _portnumber_: specifies the port number. + - **-h, \-\-host**= _hostname_: specifies the hostname. + - **-r, \-\-result-file**= _filename_: saves the export result to a specified file, which is equivalent to **\>**. + - **-t**: backs up data only. + - **-d**: backs up the table structure only. ##### Example -\#Back up all the databases of the user **root** on the host **192.168.202.144** through port **3306** to the **alldb.sql** file. -``` -# mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --all-databases > alldb.sql +Back up all the databases of the user **root** on the host **192.168.202.144** through port **3306** to the **alldb.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --all-databases > alldb.sql ``` -\#Back up the db1 database of the user **root** on the host **192.168.202.144** through port **3306** to the **db1.sql** file. +Back up the db1 database of the user **root** on the host **192.168.202.144** through port **3306** to the **db1.sql** file. -``` -# mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --databases db1 > db1.sql +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --databases db1 > db1.sql ``` -\#Back up the tb1 table of the db1 database of the user **root** on the host **192.168.202.144** through port **3306** to the **db1tb1.sql** file. +Back up the tb1 table of the db1 database of the user **root** on the host **192.168.202.144** through port **3306** to the **db1tb1.sql** file. -``` -# mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 db1 tb1 > db1tb1.sql +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 db1 tb1 > db1tb1.sql ``` -\#Back up only the table structure of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. +Back up only the table structure of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. -``` -# mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -d db1 > db1.sql +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -d db1 > db1.sql ``` -\#Back up only the data of the db1 database of the user **root** on the host **192.168.202.144** through port **3306** to the **db1.sql** file. +Back up only the data of the db1 database of the user **root** on the host **192.168.202.144** through port **3306** to the **db1.sql** file. -``` -# mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 > db1.sql +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 > db1.sql ``` #### Restoring a Database -Run the **mysql** command as the **root** user to restore the database. +Run the `mysql` command as the **root** user to restore the database. Restore one or more tables: -``` +```shell mysql -h hostname -P portnumber -u username -ppassword databasename < infile ``` In the preceding information: -- _hostname_: host name. -- _portnumber_: port number. -- _username_: name of a user. -- _password_: password. -- _databasename_: database name. -- _infile_: **outfile** parameter in the **mysqldump** command. +- _hostname_: host name. +- _portnumber_: port number. +- _username_: name of a user. +- _password_: password. +- _databasename_: database name. +- _infile_: **outfile** parameter in the `mysqldump` command. ##### Example -\#Restore a database. -``` -# mysql -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 < db1.sql +Restore a database. + +```shell +mysql -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 < db1.sql ``` ## MySQL Server - - ### Software Description MySQL is a relational database management system \(RDBMS\) developed by the Swedish company MySQL AB, which was bought by Sun Microsystems \(now Oracle\). It is one of the most popular Relational Database Management Systems \(RDBMSs\) in the industry, especially for web applications. @@ -1451,225 +1430,227 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard ### Configuring the Environment ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> >The following environment configuration is for reference only. Configure the environment based on the site requirements. - - #### Disabling the Firewall and Automatic Startup ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> >It is recommended that firewall be disabled in the test environment to prevent network impact. Configure the firewall based on actual requirements. -1. Stop the firewall service as the **root** user. +1. Stop the firewall service as the **root** user. - ``` - # systemctl stop firewalld + ```shell + systemctl stop firewalld ``` -2. Disable the firewall service as the **root** user. +2. Disable the firewall service as the **root** user. - ``` - # systemctl disable firewalld + ```shell + systemctl disable firewalld ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > >The automatic startup is automatically disabled as the firewall is disabled. - #### Disabling SELinux -1. Modify the configuration file as the **root** user. +1. Modify the configuration file as the **root** user. + ```shell + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux ``` - # sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux - ``` - #### Creating a User Group and a User ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> >In the server environment, independent users are assigned to each process to implement permission isolation for security purposes. The user group and user are created for the OS, not for the database. -1. Create a MySQL user or user group as the **root** user. +1. Create a MySQL user or user group as the **root** user. - ``` - # groupadd mysql + ```shell + groupadd mysql ``` - ``` - # useradd -g mysql mysql + ```shell + useradd -g mysql mysql ``` -2. Set the user password as the **root** user. +2. Set the user password as the **root** user. - ``` - # passwd mysql + ```shell + passwd mysql ``` Enter the password twice for confirmation. - #### Creating Data Drives ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- If a performance test needs to be performed, an independent drive is required for the data directory. You need to format and mount the drive. For details, see Method 1 or Method 2. ->- In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- If a performance test needs to be performed, an independent drive is required for the data directory. You need to format and mount the drive. For details, see Method 1 or Method 2. +>- In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. > \# mkdir /data ##### Method 1: Using fdisk for Drive Management as the **root** user -1. Create a partition, for example, **/dev/sdb**. - ``` - # fdisk /dev/sdb +1. Create a partition, for example, **/dev/sdb**. + + ```shell + fdisk /dev/sdb ``` -2. Enter **n** and press **Enter**. -3. Enter **p** and press **Enter**. -4. Enter **1** and press **Enter**. -5. Retain the default settings and press **Enter**. -6. Retain the default settings and press **Enter**. -7. Enter **w** and press **Enter**. -8. Create a file system, for example, **xfs**. +2. Enter **n** and press **Enter**. +3. Enter **p** and press **Enter**. +4. Enter **1** and press **Enter**. +5. Retain the default settings and press **Enter**. +6. Retain the default settings and press **Enter**. +7. Enter **w** and press **Enter**. +8. Create a file system, for example, **xfs**. - ``` - # mkfs.xfs /dev/sdb1 + ```shell + mkfs.xfs /dev/sdb1 ``` -9. Mount the partition to **/data** for the OS. +9. Mount the partition to **/data** for the OS. - ``` - # mkdir /data + ```shell + mkdir /data ``` - ``` - # mount /dev/sdb1 /data + ```shell + mount /dev/sdb1 /data ``` -10. Run the **vi /etc/fstab** command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. +10. Run the `vi /etc/fstab` command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. In the last line, **/dev/nvme0n1p1** is only an example. ![](./figures/Creating_DataDisk-0.png) - ##### Method 2: Using LVM for Drive Management as the **root** user ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->Install the LVM2 package in the image as follows: ->1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). If the repository has been configured, skip this step. ->2. Install LVM2. -> **\# yum install lvm2** +> +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>Install the LVM2 package in the image as follows: +> +>1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). If the repository has been configured, skip this step. +>2. Install LVM2. +> `\# yum install lvm2` -1. Create a PV, for example, **sdb**. +1. Create a PV, for example, **sdb**. - ``` - # pvcreate /dev/sdb + ```shell + pvcreate /dev/sdb ``` -2. Create a physical VG, for example, **datavg**. +2. Create a physical VG, for example, **datavg**. - ``` - # vgcreate datavg /dev/sdb + ```shell + vgcreate datavg /dev/sdb ``` -3. Create an LV, for example, **datalv** of 600 GB. +3. Create an LV, for example, **datalv** of 600 GB. - ``` - # lvcreate -L 600G -n datalv datavg + ```shell + lvcreate -L 600G -n datalv datavg ``` -4. Create a file system. +4. Create a file system. - ``` - # mkfs.xfs /dev/datavg/datalv + ```shell + mkfs.xfs /dev/datavg/datalv ``` -5. Create a data directory and mount it. +5. Create a data directory and mount it. - ``` - # mkdir /data + ```shell + mkdir /data ``` - ``` - #mount /dev/datavg/datalv /data + ```shell + mount /dev/datavg/datalv /data ``` -6. Run the **vi /etc/fstab** command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. +6. Run the `vi /etc/fstab` command and edit the **/etc/fstab** file to enable the data drive to be automatically mounted after the system is restarted. For example, add the content in the last line, as shown in the following figure. In the last line, **/dev/datavg/datalv** is only an example. ![](./figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png) - #### Creating a Database Directory and Granting Permissions -1. In the created data directory **/data**, create directories for processes and grant permissions to the MySQL group or user created as the **root** user. +1. In the created data directory **/data**, create directories for processes and grant permissions to the MySQL group or user created as the **root** user. - ``` - # mkdir -p /data/mysql + ```shell + mkdir -p /data/mysql # cd /data/mysql # mkdir data tmp run log # chown -R mysql:mysql /data ``` - ### Installing, Running, and Uninstalling MySQL - - #### Installing MySQL ->![](./public_sys-resources/icon-note.gif) **NOTE:** -> For 20.03 LTS, if you run the **rpm -Uvh XXX** command (XXX indicates the version, for example, mysql-8.0.21-1.oe1.aarch64.rpm) to upgrade mysql-8.0.17-3.oe1 to the latest version, the functions are unavailable after the upgrade. You can use either of the following methods to upgrade the version. The following uses the upgrade from mysql-8.0.17-3.oe1 to mysql-8.0.21-1.oe1 as an example: +> +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> For 20.03 LTS SP4, if you run the `rpm -Uvh XXX` command (_XXX_ indicates the version, for example, **mysql-8.0.21-1.oe1.aarch64.rpm**) to upgrade mysql-8.0.17-3.oe1 to the latest version, the functions are unavailable after the upgrade. You can use either of the following methods to upgrade the version. The following uses the upgrade from mysql-8.0.17-3.oe1 to mysql-8.0.21-1.oe1 as an example: > ->Method 1: Run the following upgrade command: - ``` - # rpm -Uvh mysql-8.0.21-1.oe1.aarch64.rpm --noscripts +>Method 1: Run the following upgrade command: + + ```shell + rpm -Uvh mysql-8.0.21-1.oe1.aarch64.rpm --noscripts ``` -> +> >Method 2: Run the following commands to uninstall the MySQL of the earlier version and then install the MySQL of the new version: - ``` - # rpm -e mysql-8.0.17-3.oe1 + + ```shell + rpm -e mysql-8.0.17-3.oe1 # rpm -ivh mysql-8.0.21-1.oe1.aarch64.rpm - ``` + ``` -1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). -2. Clear the cache. +1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). +2. Clear the cache. - ``` - $ dnf clean all + ```shell + dnf clean all ``` -3. Create a cache. +3. Create a cache. - ``` - $ dnf makecache + ```shell + dnf makecache ``` -4. Install the MySQL server as the **root** user. +4. Install the MySQL server as the **root** user. - ``` - # dnf install mysql-server + ```shell + dnf install mysql-server ``` -5. Check the installed RPM package. +5. Check the installed RPM package. + ```shell + rpm -qa | grep mysql-server ``` - $ rpm -qa | grep mysql-server - ``` - #### Running MySQL -1. Modify the configuration file. - 1. Create the **my.cnf** file as the **root** user and change the file paths \(including the software installation path **basedir** and data path **datadir**\) based on the actual situation. +1. Modify the configuration file. + 1. Create the **my.cnf** file as the **root** user and change the file paths \(including the software installation path **basedir** and data path **datadir**\) based on the actual situation. - ``` - # vi /etc/my.cnf + ```shell + vi /etc/my.cnf ``` Edit the **my.cnf** file as follows: - ``` + ```text [mysqld_safe] log-error=/data/mysql/log/mysql.log pid-file=/data/mysql/run/mysqld.pid @@ -1689,46 +1670,49 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard user=mysql ``` - 2. Ensure that the **my.cnf** file is correctly modified. + 2. Ensure that the **my.cnf** file is correctly modified. - ``` - $ cat /etc/my.cnf + ```shell + cat /etc/my.cnf ``` ![](./figures/en-us_image_0231563132.png) - >![](./public_sys-resources/icon-caution.gif) **CAUTION:** + >![](./public_sys-resources/icon-caution.gif) **CAUTION:** + > >In the configuration file, **basedir** specifies the software installation path. Change it based on actual situation. - 3. Change the group and user of the **/etc/my.cnf** file to **mysql:mysql** as the **root** user. + 3. Change the group and user of the **/etc/my.cnf** file to **mysql:mysql** as the **root** user. - ``` - # chown mysql:mysql /etc/my.cnf + ```shell + chown mysql:mysql /etc/my.cnf ``` -2. Configure environment variables. - 1. Add the path of the MySQL binary files to the **PATH** parameter as the **root** user. +2. Configure environment variables. + 1. Add the path of the MySQL binary files to the **PATH** parameter as the **root** user. - ``` - # echo export PATH=$PATH:/usr/local/mysql/bin >> /etc/profile + ```shell + echo export PATH=$PATH:/usr/local/mysql/bin >> /etc/profile ``` - >![](./public_sys-resources/icon-caution.gif) **CAUTION:** + >![](./public_sys-resources/icon-caution.gif) **CAUTION:** + > >In the command, **/usr/local/mysql/bin** is the absolute path of the **bin** files in the MySQL software installation directory. Change it based on actual situation. - 2. Run the following command as the **root** user to make the environment variables take effect: + 2. Run the following command as the **root** user to make the environment variables take effect: - ``` - # source /etc/profile + ```shell + source /etc/profile ``` -3. Initialize the database as the **root** user. +3. Initialize the database as the **root** user. - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > >The second line from the bottom contains the initial password, which will be used when you log in to the database. - ``` - # mysqld --defaults-file=/etc/my.cnf --initialize + ```shell + $ mysqld --defaults-file=/etc/my.cnf --initialize 2020-03-18T03:27:13.702385Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.17) initializing of server in progress as process 34014 2020-03-18T03:27:24.112453Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: iNat=)#V2tZu 2020-03-18T03:27:28.576003Z 0 [System] [MY-013170] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.17) initializing of server has completed @@ -1736,109 +1720,106 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard If the command output contains "initializing of server has completed", the database has been initialized. In the command output, "iNat=\)\#V2tZu" in "A temporary password is generated for root@localhost: iNat=\)\#V2tZu" is the initial password. -4. Start the database. +4. Start the database. - >![](./public_sys-resources/icon-caution.gif) **CAUTION:** + >![](./public_sys-resources/icon-caution.gif) **CAUTION:** + > >Start MySQL as user **mysql** if it is the first time to start the database service. If you start MySQL as user **root**, a message will be displayed indicating that the **mysql.log** file is missing. If you start MySQL as user **mysql**, the **mysql.log** file will be generated in the **/data/mysql/log** directory. No error will be displayed if you start the database as user **root** again. - 1. Modify the file permission as the **root** user. + 1. Modify the file permission as the **root** user. - ``` - # chmod 777 /usr/local/mysql/support-files/mysql.server + ```shell + chmod 777 /usr/local/mysql/support-files/mysql.server ``` - 2. Start MySQL as the **root** user. + 2. Start MySQL as the **root** user. - ``` - # cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql - # chkconfig mysql on + ```shell + cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql + chkconfig mysql on ``` Start MySQL as user **mysql**. - ``` - # su - mysql - $ service mysql start + ```shell + su - mysql + service mysql start ``` -5. Log in to the database. +5. Log in to the database. - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >- Enter the initial password generated during database initialization \([3](#li15634560582)\). - >- If MySQL is installed by using an RPM package obtained from the official website, the **mysqld** file is located in the **/usr/sbin** directory. Ensure that the directory specified in the command is correct. + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > + >- Enter the initial password generated during database initialization \([3](#li15634560582)\). + >- If MySQL is installed by using an RPM package obtained from the official website, the **mysqld** file is located in the **/usr/sbin** directory. Ensure that the directory specified in the command is correct. - ``` - $ /usr/local/mysql/bin/mysql -uroot -p -S /data/mysql/run/mysql.sock + ```shell + /usr/local/mysql/bin/mysql -uroot -p -S /data/mysql/run/mysql.sock ``` ![](./figures/en-us_image_0231563134.png) -6. Configure the database accounts and passwords. - 1. After logging in to the database, change the password of user **root** for logging in to the database. +6. Configure the database accounts and passwords. + 1. After logging in to the database, change the password of user **root** for logging in to the database. - ``` + ```shell mysql>alter user 'root'@'localhost' identified by "123456"; ``` - 2. Create a user **root** for all the other hosts in the domain. + 2. Create a user **root** for all the other hosts in the domain. - ``` + ```shell mysql>create user 'root'@'%' identified by '123456'; ``` - 3. Grant permissions to the user **root**. + 3. Grant permissions to the user **root**. - ``` + ```shell mysql>grant all privileges on *.* to 'root'@'%'; mysql>flush privileges; ``` ![](./figures/en-us_image_0231563135.png) -7. Exit the database. +7. Exit the database. - Run the **\\q** or **exit** command to exit the database. + Run the `\\q` or `exit` command to exit the database. - ``` + ```shell mysql>exit ``` ![](./figures/en-us_image_0231563136.png) - #### Uninstalling MySQL -1. Stop the database process as the **root** user. +1. Stop the database process as the **root** user. - ``` - $ ps -ef | grep mysql - # kill -9 PID + ```shell + systemctl stop mysql ``` -2. Run the **dnf remove mysql** command as the **root** user to uninstall MySQL. +2. Run the `dnf remove mysql` command as the **root** user to uninstall MySQL. - ``` - # dnf remove mysql + ```shell + dnf remove mysql ``` - ### Managing Database Users - - #### Creating Users Run the **CREATE USER** statement to create one or more users and set corresponding passwords. -``` +```pgsql CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; ``` In the preceding information: -- _username_: name of a user. -- _host_: hostname, that is, the name of the host where the user connects to the database. As a local user, you can set the parameter to **localhost**. If the host name is not specified during user creation, the host name is **%** by default, indicating a group of hosts. -- _password_: password for logging in to the server. The password can be null. If the password is null, the user can log in to the server without entering the password. This method, however, is not recommended because it provides low security. +- _username_: name of a user. +- _host_: hostname, that is, the name of the host where the user connects to the database. As a local user, you can set the parameter to **localhost**. If the host name is not specified during user creation, the host name is **%** by default, indicating a group of hosts. +- _password_: password for logging in to the server. The password can be null. If the password is null, the user can log in to the server without entering the password. This method, however, is not recommended because it provides low security. To use the **CREATE USER** statement, you must have the **INSERT** permission on the database or the global **CREATE USER** permission. @@ -1847,15 +1828,16 @@ After a user account is created using the **CREATE USER** statement, a record A new user has few permissions and can perform only operations that do not require permissions. For example, a user can run the **SHOW** statement to query the list of all storage engines and character sets. ##### Example -\#Create a local user whose password is **123456** and username is **userexample1**. -``` +Create a local user **userexample1** whose password is **123456**. + +```pgsql > CREATE USER 'userexample1'@'localhost' IDENTIFIED BY '123456'; ``` -\#Create a user whose password is **123456**, username is **userexample2**, and hostname is **192.168.1.100**. +Create a user **userexample2** whose password is **123456** and hostname is **192.168.1.100**. -``` +```pgsql > CREATE USER 'userexample2'@'192.168.1.100' IDENTIFIED BY '123456'; ``` @@ -1865,75 +1847,79 @@ Run the **SHOW GRANTS** or **SELECT** statement to view one or more users. View a specific user: -``` +```pgsql SHOW GRANTS [FOR 'username'@'hostname']; ``` -``` +```pgsql SELECT USER,HOST,PASSWORD FROM mysql.user WHERE USER='username'; ``` View all users: -``` +```pgsql SELECT USER,HOST FROM mysql.user; ``` In the preceding information: -- _username_: name of a user. -- _hostname_: host name. +- _username_: name of a user. +- _hostname_: host name. ##### Example -\#View the user **userexample1**. -``` +View the user **userexample1**. + +```pgsql > SHOW GRANTS FOR 'userexample1'@'localhost'; ``` -\#View all users in the MySQL database. +View all users in the MySQL database. -``` +```pgsql > SELECT USER,HOST FROM mysql.user; ``` #### Modifying Users ##### Modifying a Username + Run the **RENAME USER** statement to change one or more existing usernames. -``` +```pgsql RENAME USER 'oldusername'@'hostname' TO 'newusername'@'hostname'; ``` In the preceding information: -- _oldusername_: original username. -- _newusername_: new username. -- _hostname_: host name. +- _oldusername_: original username. +- _newusername_: new username. +- _hostname_: host name. The **RENAME USER** statement is used to rename an existing account. If the original account does not exist in the system or the new account exists, an error will occur when the statement is executed. To use the **RENAME USER** statement, you must have the **UPDATE** permission on the database or the global **CREATE USER** permission. ##### Example of Modifying a User -\# Change the username **userexample1** to **userexample2** and change the hostname to **locahost**. -``` + Change the username **userexample1** to **userexample2** and change the hostname to **locahost**. + +```pgsql > RENAME USER 'userexample1'@'localhost' TO 'userexample2'@'localhost'; ``` ##### Modifying a User Password + Use the **SET PASSWORD** statement to modify the login password of a user. -``` +```pgsql SET PASSWORD FOR 'username'@'hostname' = 'newpassword'; ``` In the preceding information: -- **FOR'**_username_**'@'**_hostname_**'**: specifies the username and hostname whose password is to be changed. This parameter is optional. -- _newpassword_: new password. +- **FOR'**_username_**'@'**_hostname_**'**: specifies the username and hostname whose password is to be changed. This parameter is optional. +- _newpassword_: new password. If the **FOR** clause is not added to the **SET PASSWORD** statement, the password of the current user is changed. @@ -1942,9 +1928,10 @@ The **FOR** clause must be given in the format of **'**_username_**'@'**_host The account whose password is to be changed must exist in the system. Otherwise, an error occurs when the statement is executed. ##### Example of Changing a User Password -\#Change the password of user **userexample** whose hostname is **locahost** to **0123456**. -``` +Change the password of user **userexample** whose hostname is **locahost** to **0123456**. + +```pgsql > SET PASSWORD FOR 'userexample'@'localhost' = '0123456'; ``` @@ -1952,11 +1939,12 @@ The account whose password is to be changed must exist in the system. Otherwise, Use the **DROP USER** statement to delete one or more user accounts and related permissions. -``` +```pgsql DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']...; ``` ->![](./public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** +> >The deletion of users does not affect the tables, indexes, or other database objects that they have created, because the database does not record the accounts that have created these objects. The **DROP USER** statement can be used to delete one or more database accounts and their original permissions. @@ -1966,9 +1954,10 @@ To use the **DROP USER** statement, you must have the **DELETE** permission In the **DROP USER** statement, if the hostname of an account is not specified, the hostname is **%** by default. ##### Example -\#Delete the local user **userexample**. -``` +Delete the local user **userexample**. + +```pgsql > DROP USER 'userexample'@'localhost'; ``` @@ -1976,19 +1965,19 @@ In the **DROP USER** statement, if the hostname of an account is not specified Run the **GRANT** statement to grant permissions to a new user. -``` +```pgsql GRANT privileges ON databasename.tablename TO 'username'@'hostname'; ``` In the preceding information: -- **ON** clause: specifies the object and level on which the permission is granted. -- _privileges_: indicates the operation permissions of a user, such as **SELECT**, INSERT, and **UPDATE**. To grant all permissions to a user, use **ALL**. -- _databasename_: database name. -- _tablename_: table name. -- **TO** clause: sets the user password and specifies the user to whom the permission is granted. -- _username_: name of a user. -- _hostname_: host name. +- **ON** clause: specifies the object and level on which the permission is granted. +- _privileges_: indicates the operation permissions of a user, such as **SELECT**, INSERT, and **UPDATE**. To grant all permissions to a user, use **ALL**. +- _databasename_: database name. +- _tablename_: table name. +- **TO** clause: sets the user password and specifies the user to whom the permission is granted. +- _username_: name of a user. +- _hostname_: host name. To grant the user the permission to operate all databases and tables, use asterisks \(\*\), for example, **\*.\***. @@ -1997,9 +1986,10 @@ If you specify a password for an existing user in the **TO** clause, the new p If the permission is granted to a non-existent user, a **CREATE USER** statement is automatically executed to create the user, but the password must be specified for the user. ##### Example -\#Grant the **SELECT** and **INSERT** permissions to local user **userexample**. -``` +Grant the **SELECT** and **INSERT** permissions to local user **userexample**. + +```pgsql > GRANT SELECT,INSERT ON *.* TO 'userexample'@'localhost'; ``` @@ -2007,7 +1997,7 @@ If the permission is granted to a non-existent user, a **CREATE USER** stateme Run the **REVOKE** statement to delete the permissions of a user, but the user will not be deleted. -``` +```pgsql REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; ``` @@ -2016,29 +2006,30 @@ The parameters in the **REVOKE** statement are the same as those in the **GRA To use the **REVOKE** statement, you must have the global **CREATE USER** or **UPDATE** permission for the database. ##### Example -\#Delete the **INSERT** permission of local user **userexample**. -``` +Delete the **INSERT** permission of local user **userexample**. + +```pgsql > REVOKE INSERT ON *.* FROM 'userexample'@'localhost'; ``` ### Managing Databases - #### Creating a Database Run the **CREATE DATABASE** statement to create a database. -``` +```pgsql CREATE DATABASE databasename; ``` In the preceding command, _databasename_ can be replaced with the database name, which is case insensitive. ##### Example -\#Create a database named **databaseexample**. -``` +Create a database named **databaseexample**. + +```pgsql > CREATE DATABASE databaseexample; ``` @@ -2046,14 +2037,15 @@ In the preceding command, _databasename_ can be replaced with the database nam Run the **SHOW DATABASES** statement to view a database. -``` +```pgsql SHOW DATABASES; ``` ##### Example -\#View all databases. -``` +View all databases. + +```pgsql > SHOW DATABASES; ``` @@ -2061,16 +2053,17 @@ SHOW DATABASES; Generally, you need to select a target database before creating or querying a table. Use the **USE** statement to select a database. -``` +```pgsql USE databasename; ``` In the preceding command, _databasename_ indicates the database name. ##### Example -\#Select the **databaseexample** database. -``` +Select the **databaseexample** database. + +```pgsql > USE databaseexample; ``` @@ -2078,10 +2071,11 @@ In the preceding command, _databasename_ indicates the database name. Run the **DROP DATABASE** statement to delete a database. ->![](./public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** +> >Exercise caution when deleting a database. Once a database is deleted, all tables and data in the database will be deleted. -``` +```pgsql DROP DATABASE databasename; ``` @@ -2094,102 +2088,104 @@ To use **DROP DATABASE**, you need the **DROP** permission on the database. **DROP SCHEMA** is a synonym of **DROP DATABASE**. ##### Example -\#Delete the **databaseexample** database. -``` +Delete the **databaseexample** database. + +```pgsql > DROP DATABASE databaseexample; ``` #### Backing Up a Database -Run the **mysqldump** command as the **root** user to back up the database. +Run the `mysqldump` command as the **root** user to back up the database. Back up one or more tables: -``` +```shell mysqldump [options] databasename [tablename ...] > outfile ``` Back up one or more databases: -``` +```shell mysqldump [options] -databases databasename ... > outfile ``` Back up all databases: -``` +```shell mysqldump [options] -all-databases > outputfile ``` In the preceding information: -- _databasename_: database name. -- _tablename_: name of a data table. -- _outfile_: database backup file. -- _options_: parameter option of the **mysqldump** command. Multiple parameters can be separated by spaces. The common parameters of the **mysqldump** command are as follows: - - **-u, \-\-user**= _username_: specifies the username. - - **-p, \-\-password**\[= _password_\]: specifies the password. - - **-P, \-\-port**= _portnumber_: specifies the port number. - - **-h, \-\-host**= _hostname_: specifies the hostname. - - **-r, \-\-result-file**= _filename_: saves the export result to a specified file, which is equivalent to **\>**. - - **-t**: backs up data only. - - **-d**: backs up the table structure only. - +- _databasename_: database name. +- _tablename_: name of a data table. +- _outfile_: database backup file. +- _options_: parameter option of the `mysqldump` command. Multiple parameters can be separated by spaces. The common parameters of the `mysqldump` command are as follows: + - **-u, \-\-user**= _username_: specifies the username. + - **-p, \-\-password**\[= _password_\]: specifies the password. + - **-P, \-\-port**= _portnumber_: specifies the port number. + - **-h, \-\-host**= _hostname_: specifies the hostname. + - **-r, \-\-result-file**= _filename_: saves the export result to a specified file, which is equivalent to **\>**. + - **-t**: backs up data only. + - **-d**: backs up the table structure only. ##### Example -\#Back up all the databases of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **alldb.sql** file. -``` -# mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --all-databases > alldb.sql +Back up all the databases of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **alldb.sql** file. + +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --all-databases > alldb.sql ``` -\#Back up the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. +Back up the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. -``` -# mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --databases db1 > db1.sql +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --databases db1 > db1.sql ``` -\#Back up the tb1 table of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1tb1.sql** file. +Back up the tb1 table of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1tb1.sql** file. -``` -# mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 db1 tb1 > db1tb1.sql +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 db1 tb1 > db1tb1.sql ``` -\#Back up only the table structure of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. +Back up only the table structure of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. -``` -# mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -d db1 > db1.sql +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -d db1 > db1.sql ``` -\#Back up only the table structure of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. +Back up only the table structure of the db1 database of user **root** on port **3306** of the host whose IP address is **192.168.202.144** to the **db1.sql** file. -``` -# mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 > db1.sql +```shell +mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 > db1.sql ``` #### Restoring a Database -Run the **mysql** command as the **root** user to restore the database. +Run the `mysql` command as the **root** user to restore the database. Restore one or more tables: -``` +```shell mysql -h hostname -P portnumber -u username -ppassword databasename < infile ``` In the preceding information: -- _hostname_: host name. -- _portnumber_: port number. -- _username_: name of a user. -- _password_: password. -- _databasename_: database name. -- _infile_: **outfile** parameter in the **mysqldump** command. +- _hostname_: host name. +- _portnumber_: port number. +- _username_: name of a user. +- _password_: password. +- _databasename_: database name. +- _infile_: **outfile** parameter in the `mysqldump` command. ##### Example -\#Restore a database. -``` -# mysql -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 < db1.sql +Restore a database. + +```shell +mysql -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 < db1.sql ``` diff --git a/docs/en/docs/Administration/using-the-dnf-to-manage-software-packages.md b/docs/en/docs/Administration/using-the-dnf-to-manage-software-packages.md index 6a686762701d4f405776c0797fe34431e8078f29..1322fa72229b5e3f4d13e09973db9e6eabb4fe9f 100644 --- a/docs/en/docs/Administration/using-the-dnf-to-manage-software-packages.md +++ b/docs/en/docs/Administration/using-the-dnf-to-manage-software-packages.md @@ -2,9 +2,9 @@ DNF is a Linux software package management tool used to manage RPM software packages. The DNF can query software package information, obtain software packages from a specified software library, automatically process dependencies to install or uninstall software packages, and update the system to the latest available version. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- DNF is fully compatible with YUM and provides YUM-compatible command lines and APIs for extensions and plug-ins. ->- You must have the administrator rights to use the DNF. All commands in this chapter must be executed by the administrator. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>- DNF is fully compatible with YUM and provides YUM-compatible command lines and APIs for extensions and plug-ins. +>- You must have the administrator rights to use the DNF. All commands in this chapter must be executed by the administrator. - [Using the DNF to Manage Software Packages](#using-the-dnf-to-manage-software-packages) @@ -21,8 +21,7 @@ DNF is a Linux software package management tool used to manage RPM software pack - [Deleting a Software Package](#deleting-a-software-package) - [Managing Software Package Groups](#managing-software-package-groups) - [Listing Software Package Groups](#listing-software-package-groups) - - [Displaying the Software Package Group Information](#displaying-the-software-package-group-information) - - [Installation Software Package Group](#installation-software-package-group) + - [Installing a Software Package Group](#installing-a-software-package-group) - [Deleting a Software Package Group](#deleting-a-software-package-group) - [Check and Update](#check-and-update) - [Checking for Update](#checking-for-update) @@ -33,29 +32,29 @@ DNF is a Linux software package management tool used to manage RPM software pack ## Configuring the DNF - - ### The DNF Configuration File -The main configuration file of the DNF is /etc/dnf/dnf.conf which consists of two parts: +The main configuration file of the DNF is **/etc/dnf/dnf.conf** which consists of two parts: + +- The **main** part in the file stores the global settings of the DNF. -- The **main** part in the file stores the global settings of the DNF. +- The **repository** part in the file stores the settings of the software source. You can add one or more **repository** sections to the file. -- The **repository** part in the file stores the settings of the software source. You can add one or more **repository** sections to the file. +In addition, the **/etc/yum.repos.d** directory stores one or more repo source files, which define different repositories. -In addition, the /etc/yum.repos.d directory stores one or more repo source files, which define different repositories. - -You can configure a software source by either directly configuring the /etc/dnf/dnf.conf file or configuring the .repo file in the /etc/yum.repos.d directory. +You can configure a software source by either directly configuring the **/etc/dnf/dnf.conf** file or configuring the **.repo** file in the **/etc/yum.repos.d** directory. #### Configuring the main Part -The /etc/dnf/dnf.conf file contains the **main** part. The following is an example of the configuration file: -``` +The **/etc/dnf/dnf.conf** file contains the **main** part. The following is an example of the configuration file: + +```sh [main] gpgcheck=1 installonly_limit=3 clean_requirements_on_remove=True best=True +skip_if_unavailable=False ``` Common options are as follows: @@ -110,7 +109,12 @@ Common options are as follows:

installonly_limit

-

Sets the number of packages that can be installed at the same time by running the installonlypkgs command. The default value is 3. You are advised not to decrease the value.

+

Sets the number of packages that can be installed at the same time by running the installonlypkgs command. The default value is 3. You are advised not to decrease the value.

+ + +

skip_if_unavailable

+ +

The default value is False.

@@ -118,24 +122,26 @@ Common options are as follows: #### Configuring the repository Part -The repository part allows you to customize openEuler software source repositories. The name of each repository must be unique. Otherwise, conflicts may occur. You can configure a software source by either directly configuring the /etc/dnf/dnf.conf file or configuring the .repo file in the /etc/yum.repos.d directory. +The repository part allows you to customize openEuler software source repositories. The name of each repository must be unique. Otherwise, conflicts may occur. You can configure a software source by either directly configuring the **/etc/dnf/dnf.conf** file or configuring the **.repo** file in the **/etc/yum.repos.d** directory. -- Configuring the /etc/dnf/dnf.conf file +- Configuring the **/etc/dnf/dnf.conf** file The following is a minimum configuration example of the \[repository\] section: - ``` + ```sh [repository] name=repository_name baseurl=repository_url ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >openEuler provides an online image source at [https://repo.openeuler.org/](https://repo.openeuler.org/). For example, if the openEuler 20.03 version is aarch64, the **baseurl** can be set to [https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/](https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/). + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > + >openEuler provides an online image source at [https://repo.openeuler.org/](https://repo.openeuler.org/). For example, if the openEuler 20.03 SP4 version is in the aarch64 architecture, the **baseurl** can be set to [https://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/](https://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/). Common options are as follows: - **Table 2** repository parameter description + **Table 2** repository parameter description +

Parameter

Description

@@ -156,113 +162,112 @@ The repository part allows you to customize openEuler software source repositori
+- Configuring the **.repo** file in the **/etc/yum.repos.d** directory + openEuler provides multiple repo sources for users online. For details about the repo sources, see [Installing the OS](./../Releasenotes/installing-the-os.md). -- Configuring the .repo file in the /etc/yum.repos.d directory - - - openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](./../Releasenotes/installing-the-os.md.html). This section uses the OS repo source of the AArch64 architecture as an example. + For example, run the following command as the administrator authority to add the openEuler repo source to the openEuler**.repo** file. - For example, run the following command as the **root** user to add the openeuler repo source to the openEuler_aarch64.repo file. - - ``` - # vi /etc/yum.repos.d/openEuler_aarch64.repo + ```sh + vi /etc/yum.repos.d/openEuler.repo ``` - ``` - [osrepo] - name=osrepo - baseurl=https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/ + ```sh + [OS] + name=openEuler-$releasever - OS + baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/ enabled=1 gpgcheck=1 - gpgkey=https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler - + gpgkey=https://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** - > - **enabled** indicates whether to enable the software source repository. The value can be **1** or **0**. The default value is **1**, indicating that the software source repository is enabled. + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > - **basearch** indicates the system hardware architecture (CPU instruction set), which can be obtained by running the `arch` command. The system hardware architectures include Arch64 and x86_64. The openEuler repo source provides AArch64 and x86_64 packages. + > - **enabled** indicates whether to enable the software source repository. The value can be **1** or **0**. The default value is **1**, indicating that the software source repository is enabled. > - **gpgkey** is the public key used to verify the signature. - #### Displays the Current Configuration -- To display the current configuration information, run the following command: - ``` +- To display the current configuration information, run the following command: + + ```sh dnf config-manager --dump ``` -- To display the configuration of a software source, query the repo id: +- To display the configuration of a software source, query the repo id: - ``` + ```sh dnf repolist ``` Run the following command to display the software source configuration of the corresponding ID. In the command, _repository_ indicates the repository ID. - ``` + ```sh dnf config-manager --dump repository ``` -- You can also use a global regular expression to display all matching configurations. +- You can also use a global regular expression to display all matching configurations. - ``` + ```sh dnf config-manager --dump glob_expression ``` - ### Creating a Local Software Repository To create a local repository of software sources, perform the following steps. -1. Install the createrepo software package. Run the following command as the root user: +1. Install the createrepo software package. Run the following command as the root user: - ``` + ```sh dnf install createrepo ``` -2. Copy the required software packages to a directory, for example, /mnt/local\_repo/. -3. Run the following command to create a software source: +2. Copy the required software packages to a directory, for example, **/mnt/local\_repo/**. +3. Run the following command to create a software source: - ``` + ```sh createrepo --database /mnt/local_repo ``` - ### Adding, Enabling, and Disabling Software Sources -This section describes how to add, enable, and disable the software source repository by running the **dnf config-manager** command. +This section describes how to add, enable, and disable the software source repository by running the `dnf config-manager` command. #### Adding Software Source -To define a new software repository, you can add the repository part to the /etc/dnf/dnf.conf file or add the .repo file to the /etc/yum.repos.d/ directory. You are advised to add the .repo file. Each software source has its own .repo file. The following describes how to add the .repo file. -To add such a source to your system, run the following command as the user **root**. After the command is executed, the corresponding .repo file is generated in the **/etc/yum.repos.d/** directory. In the command, _repository\_url_ indicates the repo source address. For details, see [Table 2](#en-us_topic_0151921080_t2df9dceb0ff64b2f8db8ec5cd779792a). +To define a new software repository, you can add the repository part to the **/etc/dnf/dnf.conf** file or add the **.repo** file to the **/etc/yum.repos.d/** directory. You are advised to add the **.repo** file. Each software source has its own **.repo** file. The following describes how to add the **.repo** file. -``` +To add such a source to your system, run the following command as the user **root**. After the command is executed, the corresponding **.repo** file is generated in the **/etc/yum.repos.d/** directory. In the command, _repository\_url_ indicates the repo source address. For details, see [Table 2](#en-us_topic_0151921080_t7c83ace02ab94e9986c0684f417e3436). + +```sh dnf config-manager --add-repo repository_url ``` #### Enabling a Software Repository -To enable the software source, run the following command as the user **root**. In the command, _repository_ indicates the repository ID in the new .repo file. You can run the **dnf repolist** command to query the repository ID. -``` +To enable the software source, run the following command as the user **root**. In the command, _repository_ indicates the repository ID in the new **.repo** file. You can run the **dnf repolist** command to query the repository ID. + +```sh dnf config-manager --set-enable repository ``` You can also use a global regular expression to enable all matching software sources. In the command, _glob\_expression_ indicates the regular expression used to match multiple repository IDs. -``` +```sh dnf config-manager --set-enable glob_expression ``` #### Disabling a Software Repository + To disable a software source, run the following command as the user **root**: -``` +```sh dnf config-manager --set-disable repository ``` You can also use a global regular expression to disable all matching software sources. -``` +```sh dnf config-manager --set-disable glob_expression ``` @@ -271,15 +276,16 @@ dnf config-manager --set-disable glob_expression The DNF enables you to query, install, and delete software packages. ### Searching for Software Packages + You can search for the required RPM package by its name, abbreviation, or description. The command is as follows: -``` +```sh dnf search term ``` The following is an example: -``` +```sh $ dnf search httpd ========================================== N/S matched: httpd ========================================== httpd.aarch64 : Apache HTTP Server @@ -292,36 +298,38 @@ mod_dav_svn.aarch64 : Apache httpd module for Subversion server ``` ### Listing Software Packages + To list all installed and available RPM packages in the system, run the following command: -``` +```sh dnf list all ``` To list a specific RPM package in the system, run the following command: -``` +```sh dnf list glob_expression... ``` The following is an example: -``` +```sh $ dnf list httpd Available Packages httpd.aarch64 2.4.34-8.h5.oe1 Local ``` ### Displaying RPM Package Information + To view information about one or more RPM packages, run the following command: -``` +```sh dnf info package_name... ``` The following is a command example: -``` +```sh $ dnf info httpd Available Packages Name : httpd @@ -338,57 +346,61 @@ Description : The Apache HTTP Server is a powerful, efficient, and extensible ``` ### Installing an RPM Package + To install a software package and all its dependencies that have not been installed, run the following command as the user **root**: -``` +```sh dnf install package_name ``` -You can also add software package names to install multiple software packages at the same time. Add the **strict=False** parameter to the /etc/dnf/dnf.conf configuration file and run the **dnf** command to add --setopt=strict=0. Run the following command as the user **root**: +You can also add software package names to install multiple software packages at the same time. Add the **strict=False** parameter to the **/etc/dnf/dnf.conf** configuration file and run the `dnf` command to add **--setopt=strict=0**. Run the following command as the user **root**: -``` +```sh dnf install package_name package_name... --setopt=strict=0 ``` The following is an example: -``` -# dnf install httpd +```sh +dnf install httpd ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->If the RPM package fails to be installed, see [Installation Failure Caused by Software Package Conflict, File Conflict, or Missing Software Package](./faqs.html#installation-failure-caused-by-software-package-conflict-file-conflict-or-missing-software-package). +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>If the RPM package fails to be installed, see [Installation Failure Caused by Software Package Conflict, File Conflict, or Missing Software Package](./faqs.md#installation-failure-caused-by-software-package-conflict-file-conflict-or-missing-software-package). ### Downloading Software Packages + To download the software package using the DNF, run the following command as the user **root**: -``` +```sh dnf download package_name ``` If you need to download the dependency packages that are not installed, add **\-\-resolve**. The command is as follows: -``` +```sh dnf download --resolve package_name ``` The following is an example: -``` -# dnf download --resolve httpd +```sh +dnf download --resolve httpd ``` ### Deleting a Software Package + To uninstall the software package and related dependent software packages, run the following command as the user **root**: -``` +```sh dnf remove package_name... ``` The following is an example: -``` -# dnf remove totem +```sh +dnf remove totem ``` ## Managing Software Package Groups @@ -396,30 +408,31 @@ The following is an example: A software package set is a group of software packages that serve a common purpose, for example, a system tool set. You can use the DNF to install or delete software package groups, improving operation efficiency. ### Listing Software Package Groups + The summary parameter can be used to list the number of all installed software package groups, available groups, and available environment groups in the system. The command is as follows: -``` +```sh dnf groups summary ``` The following is an example: -``` -# dnf groups summary +```sh +$ dnf groups summary Last metadata expiration check: 0:11:56 ago on Sat 17 Aug 2019 07:45:14 PM CST. Available Groups: 8 ``` To list all software package groups and their group IDs, run the following command: -``` +```sh dnf group list ``` The following is an example: -``` -# dnf group list +```sh +$ dnf group list Last metadata expiration check: 0:10:32 ago on Sat 17 Aug 2019 07:45:14 PM CST. Available Environment Groups: Minimal Install @@ -438,16 +451,17 @@ Available Groups: ``` ### Displaying the Software Package Group Information + To list the mandatory and optional packages contained in a software package group, run the following command: -``` +```sh dnf group info glob_expression... ``` The following is an example of displaying the Development Tools information: -``` -# dnf group info "Development Tools" +```sh +$ dnf group info "Development Tools" Last metadata expiration check: 0:14:54 ago on Wed 05 Jun 2019 08:38:02 PM CST. Group: Development Tools @@ -464,48 +478,50 @@ Group: Development Tools expect ``` -### Installation Software Package Group +### Installing a Software Package Group + Each software package group has its own name and corresponding group ID. You can use the software package group name or its ID to install the software package. To install a software package group, run the following command as the user **root**: -``` +```sh dnf group install group_name ``` -``` +```sh dnf group install groupid ``` For example, to install the software package group of Development Tools, run the following command: -``` -# dnf group install "Development Tools" +```sh +dnf group install "Development Tools" ``` -``` -# dnf group install development +```sh +dnf group install development ``` ### Deleting a Software Package Group + To uninstall a software package group, you can use the group name or ID to run the following command as the user **root**: -``` +```sh dnf group remove group_name ``` -``` +```sh dnf group remove groupid ``` For example, to delete the software package group of Development Tools, run the following command: -``` -# dnf group remove "Development Tools" +```sh +dnf group remove "Development Tools" ``` -``` -# dnf group remove development +```sh +dnf group remove development ``` ## Check and Update @@ -513,16 +529,17 @@ For example, to delete the software package group of Development Tools, run the You can use the DNF to check whether any software package in your system needs to be updated. You can use the DNF to list the software packages to be updated. You can choose to update all packages at a time or update only specified packages. ### Checking for Update + To list all currently available updates, run the following command: -``` +```sh dnf check-update ``` The following is an example: -``` -# dnf check-update +```sh +$ dnf check-update Last metadata expiration check: 0:02:10 ago on Sun 01 Sep 2019 11:28:07 PM CST. anaconda-core.aarch64 19.31.123-1.14 updates @@ -538,16 +555,17 @@ bind-utils.aarch64 32:9.9.4-29.3 updates ``` ### Upgrade + To upgrade a single software package, run the following command as the user **root**: -``` +```sh dnf update package_name ``` For example, to upgrade the RPM package, run the following command: -``` -# dnf update anaconda-gui.aarch64 +```sh +$ dnf update anaconda-gui.aarch64 Last metadata expiration check: 0:02:10 ago on Sun 01 Sep 2019 11:30:27 PM CST. Dependencies Resolved ================================================================================ @@ -570,13 +588,14 @@ Is this ok [y/N]: Similarly, to upgrade a software package group, run the following command as the user **root**: -``` +```sh dnf group update group_name ``` ### Updating All Packages and Their Dependencies + To update all packages and their dependencies, run the following command as the user **root**: -``` +```sh dnf update ``` diff --git a/docs/en/docs/Administration/using-the-kae.md b/docs/en/docs/Administration/using-the-kae.md index e5bff76a309d992a96a3b455b3f20b1500a9843d..c903fef08fcf0fed83ef0a8cb4fd54db1e09b1f0 100644 --- a/docs/en/docs/Administration/using-the-kae.md +++ b/docs/en/docs/Administration/using-the-kae.md @@ -24,12 +24,12 @@ Kunpeng Accelerator Engine \(KAE\) is a software acceleration library of openEul The KAE supports the following algorithms: -- Digest algorithm SM3, which supports the asynchronous mode. -- Symmetric encryption algorithm SM4, which supports asynchronous, CTR, XTS, and CBC modes. +- Digest algorithm SM3, which supports the asynchronous mode. +- Symmetric encryption algorithm SM4, which supports asynchronous, CTR, XTS, and CBC modes. -- Symmetric encryption algorithm AES, which supports asynchronous, ECB, CTR, XTS, and CBC modes. -- Asymmetric algorithm RSA, which supports asynchronous mode, and key sizes 1024, 2048, 3072, and 4096. -- Key negotiation algorithm DH, which supports asynchronous mode, and key sizes 768, 1024, 1536, 2048, 3072, and 4096. +- Symmetric encryption algorithm AES, which supports asynchronous, ECB, CTR, XTS, and CBC modes. +- Asymmetric algorithm RSA, which supports asynchronous mode, and key sizes 1024, 2048, 3072, and 4096. +- Key negotiation algorithm DH, which supports asynchronous mode, and key sizes 768, 1024, 1536, 2048, 3072, and 4096. ## Application Scenarios @@ -69,25 +69,24 @@ The KAE applies to the following scenarios, as shown in [Table 1](#table1191582 ## Installing, Running, and Uninstalling the KAE - - ### Installing the Accelerator Software Packages - - #### Preparing for Installation ##### Environment Requirements -- The accelerator engine is enabled on TaiShan 200 servers. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- You need to import the accelerator license. For details, see section "License Management" in the [TaiShan Rack Server iBMC \(V500 or Later\) User Guide](https://support.huawei.com/enterprise/en/doc/EDOC1100121685/426cffd9?idPath=7919749|9856522|21782478|8060757). ->- If the accelerator is used in the physical machine scenario, the SMMU must be disabled. For details, see the [TaiShan 200 Server BIOS Parameter Reference](https://support.huawei.com/enterprise/en/doc/EDOC1100088647). +- The accelerator engine is enabled on TaiShan 200 servers. + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- You need to import the accelerator license. For details, see section "License Management" in the [TaiShan Rack Server iBMC \(V500 or Later\) User Guide](https://support.huawei.com/enterprise/en/doc/EDOC1100121685/426cffd9?idPath=7919749|9856522|21782478|8060757). +>- If the accelerator is used in the physical machine scenario, the SMMU must be disabled. For details, see the [TaiShan 200 Server BIOS Parameter Reference](https://support.huawei.com/enterprise/en/doc/EDOC1100088647). -- CPU: Kunpeng 920 -- OS: openEuler-20.03-LTS-aarch64-dvd.iso +- CPU: Kunpeng 920 +- OS: openEuler-20.03-LTS-SP4-aarch64-dvd.iso ##### KAE Software Description + **Table 2** RPM software packages of the KAE @@ -122,30 +121,32 @@ The KAE applies to the following scenarios, as shown in [Table 1](#table1191582 #### Installing the Accelerator Software Package ##### Prerequisites -- The remote SSH login tool has been installed on the local PC. -- The openEuler OS has been installed. -- The RPM tool is running properly. -- OpenSSL 1.1.1a or a later version has been installed. - You can run the following commands to query the version number of OpenSSL: +- The remote SSH login tool has been installed on the local PC. +- The openEuler OS has been installed. +- The RPM tool is running properly. +- OpenSSL 1.1.1a or a later version has been installed. - - openssl version + You can run the following commands to query the version number of OpenSSL: + - openssl version ##### Procedure -1. Log in to the openEuler OS CLI as user **root**. -2. Create a directory for storing accelerator engine software packages. -3. Use SSH to copy all accelerator engine software package to the created directory. -4. In the directory, run the **rpm -ivh** command to install the accelerator engine software packages. - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >Install the **libwd** package first because the **libkae** package installation depends on the **libwd** package. +1. Log in to the openEuler OS CLI as user **root**. +2. Create a directory for storing accelerator engine software packages. +3. Use SSH to copy all accelerator engine software package to the created directory. +4. In the directory, run the **rpm -ivh** command to install the accelerator engine software packages. - ``` + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > + >Install the **libwd** package first because the **libkae** package installation depends on the **libwd** package. + + ```sh rpm -ivh uacce*.rpm hisi*.rpm libwd-*.rpm libkae*.rpm ``` - ``` + ```sh Verifying... ################################# [100%] Preparing... ################################# [100%] checking installed modules @@ -173,13 +174,13 @@ The KAE applies to the following scenarios, as shown in [Table 1](#table1191582 hisi_zip modules installed ``` -5. Run the **rpm -qa** command to check whether the accelerator software packages have been installed properly. Run the **rpm -ql** command to check whether files in the software packages are correct. The following is an example: +5. Run the **rpm -qa** command to check whether the accelerator software packages have been installed properly. Run the **rpm -ql** command to check whether files in the software packages are correct. The following is an example: - ``` + ```sh rpm -qa|grep -E "hisi|uacce|libwd|libkae" ``` - ``` + ```sh hisi_rde-1.2.10-4.oe1.aarch64 hisi_sec2-1.2.10-4.oe1.aarch64 libkae-1.2.10-3.oe1.aarch64 @@ -189,11 +190,11 @@ The KAE applies to the following scenarios, as shown in [Table 1](#table1191582 hisi_zip-1.2.10-4.oe1.aarch64 ``` - ``` + ```sh rpm -ql uacce hisi* libwd* libkae ``` - ``` + ```sh /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_qm.ko /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/uacce.ko /etc/modprobe.d/hisi_hpre.conf @@ -218,36 +219,37 @@ The KAE applies to the following scenarios, as shown in [Table 1](#table1191582 /usr/local/lib/engines-1.1/libkae.so.1.2.10 ``` -6. Restart the system or run commands to manually load the accelerator engine drivers to the kernel in sequence, and check whether the drivers are successfully loaded. +6. Restart the system or run commands to manually load the accelerator engine drivers to the kernel in sequence, and check whether the drivers are successfully loaded. + ```sh + modprobe uacce + lsmod | grep uacce + modprobe hisi_qm + lsmod | grep hisi_qm + modprobe hisi_qm + modprobe hisi_sec2 # Loads the hisi_sec2 driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_sec2.conf. + modprobe hisi_hpre # Loads the hisi_hpre driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_hpre.conf. ``` - # modprobe uacce - # lsmod | grep uacce - # modprobe hisi_qm - # lsmod | grep hisi_qm - # modprobe hisi_qm - # modprobe hisi_sec2 # Loads the hisi_sec2 driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_sec2.conf. - # modprobe hisi_hpre # Loads the hisi_hpre driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_hpre.conf. - ``` - ##### Setting Environment Variables + Run the following command to export the environment variable \(If you have specified the installation directory, use the actual installation directory instead of **/usr/local**\): -``` +```sh export OPENSSL_ENGINES=/usr/local/lib/engines-1.1 ``` ##### Performing the Post-Installation Check + Run the **rpm -qa** command to check whether the accelerator engine software packages are successfully installed. If the command output contains _software package name_**-**_version number_**-**, the software package is successfully installed. The following is an example: -``` +```sh rpm -qa|grep -E "hisi|uacce|libwd|libkae" ``` -``` +```sh hisi_rde-1.2.10-4.oe1.aarch64 hisi_sec2-1.2.10-4.oe1.aarch64 libkae-1.2.10-3.oe1.aarch64 @@ -263,53 +265,53 @@ hisi_zip-1.2.10-4.oe1.aarch64 You can run the following commands to test some accelerator functions. -- Use the OpenSSL software algorithm to test the RSA performance. +- Use the OpenSSL software algorithm to test the RSA performance. - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed rsa2048 ... sign verify sign/s verify/s rsa 2048 bits 0.001384s 0.000035s 724.1 28365.8. ``` -- Use the KAE to test the RSA performance. +- Use the KAE to test the RSA performance. - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -engine kae rsa2048 .... sign verify sign/s verify/s rsa 2048 bits 0.000355s 0.000022s 2819.0 45478.4 ``` +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> After KAE acceleration, the signature performance is improved from 724.1 sign/s to 2819 sign/s. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->\#After KAE acceleration, the signature performance is improved from 724.1 sign/s to 2819 sign/s. +- Use the OpenSSL software algorithm to test the asynchronous RSA performance. -- Use the OpenSSL software algorithm to test the asynchronous RSA performance. - - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -async_jobs 36 rsa2048 .... sign verify sign/s verify/s rsa 2048 bits 0.001318s 0.000032s 735.7 28555 ``` -- Use the KAE to test the asynchronous RSA performance. +- Use the KAE to test the asynchronous RSA performance. - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -engine kae -elapsed -async_jobs 36 rsa2048 .... sign verify sign/s verify/s rsa 2048 bits 0.000018s 0.000009s 54384.1 105317.0 ``` +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> After KAE acceleration, the asynchronous RSA signature performance is improved from 735.7 sign/s to 54384.1 sign/s. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->\#After KAE acceleration, the asynchronous RSA signature performance is improved from 735.7 sign/s to 54384.1 sign/s. - -- Use the OpenSSL software algorithm to test the performance of the SM4 CBC mode. +- Use the OpenSSL software algorithm to test the performance of the SM4 CBC mode. - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp sm4-cbc You have chosen to measure elapsed time instead of user CPU time. .... @@ -318,9 +320,9 @@ You can run the following commands to test some accelerator functions. sm4-cbc 82312.53k 85196.80k 85284.18k 85000.85k 85284.18k 85261.26k ``` -- Use the KAE to test the SM4 CBC mode performance. +- Use the KAE to test the SM4 CBC mode performance. - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -engine kae -evp sm4-cbc engine "kae" set. You have chosen to measure elapsed time instead of user CPU time. @@ -331,13 +333,13 @@ You can run the following commands to test some accelerator functions. sm4-cbc 383317.33k 389427.20k 395313.15k 392954.73k 394264.58k 394264.58k ``` +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>After KAE acceleration, the SM4 CBC mode performance is improved from 82312.53 kbit/s to 383317.33 kbit/s when the input data block size is 8 MB. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->After KAE acceleration, the SM4 CBC mode performance is improved from 82312.53 kbit/s to 383317.33 kbit/s when the input data block size is 8 MB. +- Use the OpenSSL software algorithm to test the SM3 mode performance. -- Use the OpenSSL software algorithm to test the SM3 mode performance. - - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp sm3 You have chosen to measure elapsed time instead of user CPU time. Doing sm3 for 3s on 102400 size blocks: 1536 sm3's in 3.00s @@ -346,9 +348,9 @@ You can run the following commands to test some accelerator functions. sm3 50568.53k 52428.80k 52428.80k 52428.80k 52428.80k 52428.80k ``` -- Use the KAE to test the SM3 mode performance. +- Use the KAE to test the SM3 mode performance. - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -engine kae -evp sm3 engine "kae" set. You have chosen to measure elapsed time instead of user CPU time. @@ -358,13 +360,13 @@ You can run the following commands to test some accelerator functions. sm3 648243.20k 666965.33k 677030.57k 678778.20k 676681.05k 668292.44k ``` +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>After KAE acceleration, the SM3 algorithm performance is improved from 52428.80 kbit/s to 668292.44 kbit/s when the input data block size is 8 MB. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->After KAE acceleration, the SM3 algorithm performance is improved from 52428.80 kbit/s to 668292.44 kbit/s when the input data block size is 8 MB. - -- Use the OpenSSL software algorithm to test the asynchronous performance of the AES algorithm in CBC mode. +- Use the OpenSSL software algorithm to test the asynchronous performance of the AES algorithm in CBC mode. - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp aes-128-cbc -async_jobs 4 You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-cbc for 3s on 51200 size blocks: 65773 aes-128-cbc's in 3.00s @@ -374,9 +376,9 @@ You can run the following commands to test some accelerator functions. aes-128-cbc 1122525.87k 1123328.00k 1120578.22k 1121277.27k 1119879.17k 1115684.86k ``` -- Use the KEA engine to test the asynchronous performance of the AES algorithm in CBC mode. +- Use the KEA engine to test the asynchronous performance of the AES algorithm in CBC mode. - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp aes-128-cbc -async_jobs 4 -engine kae engine "kae" set. You have chosen to measure elapsed time instead of user CPU time. @@ -387,21 +389,23 @@ You can run the following commands to test some accelerator functions. aes-128-cbc 3747037.87k 3996774.40k 1189085.18k 1196774.74k 1196979.11k 1199570.94k ``` - ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- The AES algorithm supports only asynchronous usage when the data length is 256 KB or less. ->- After KAE acceleration, the AES algorithm performance is improved from 1123328.00 kbit/s to 3996774.40 kbit/s when the input data block size is 100 KB. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- The AES algorithm supports only asynchronous usage when the data length is 256 KB or less. +>- After KAE acceleration, the AES algorithm performance is improved from 1123328.00 kbit/s to 3996774.40 kbit/s when the input data block size is 100 KB. ### Upgrading the Accelerator Software Packages #### Scenario + You can run the **rpm -Uvh** command to upgrade the accelerator software. #### Procedure -1. Download the latest accelerator engine software packages from the openEuler community. -2. Use SSH to log in to the Linux CLI as user **root**. -3. Save the downloaded software packages to a directory. -4. In the directory, run the **rpm -Uvh** command to upgrade the accelerator driver package and engine library package. The following is an example: + +1. Download the latest accelerator engine software packages from the openEuler community. +2. Use SSH to log in to the Linux CLI as user **root**. +3. Save the downloaded software packages to a directory. +4. In the directory, run the **rpm -Uvh** command to upgrade the accelerator driver package and engine library package. The following is an example: The command and output are as follows: @@ -409,67 +413,68 @@ You can run the **rpm -Uvh** command to upgrade the accelerator software. ![](./figures/en-us_image_0231143191.png) -5. Run the **rpm -qa** command to check whether the upgrade is successful. Ensure that the queried version is the latest version. +5. Run the **rpm -qa** command to check whether the upgrade is successful. Ensure that the queried version is the latest version. ![](./figures/en-us_image_0231143193.png) ![](./figures/en-us_image_0231143195.png) -6. Restart the system or run the following commands to manually uninstall the drivers of the earlier version, load the drivers of the latest version, and check whether the new drivers are successfully loaded. +6. Restart the system or run the following commands to manually uninstall the drivers of the earlier version, load the drivers of the latest version, and check whether the new drivers are successfully loaded. - ``` - Uninstall the existing drivers. - # lsmod | grep uacce + ```bash + # Uninstall the existing drivers. + $ lsmod | grep uacce uacce 262144 3 hisi_hpre,hisi_sec2,hisi_qm - # - # rmmod hisi_hpre - # rmmod hisi_sec2 - # rmmod hisi_qm - # rmmod uacce - # lsmod | grep uacce - # - Load the new drivers.# modprobe uacce - # modprobe hisi_qm# modprobe hisi_sec2 #Loads the hisi_sec2 driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_sec2.conf. - # modprobe hisi_hpre #Loads the hisi_hpre driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_hpre.conf. - # lsmod | grep uacce + $ rmmod hisi_hpre + $ rmmod hisi_sec2 + $ rmmod hisi_qm + $ rmmod uacce + $ lsmod | grep uacce + + $ modprobe uacce # Load the new drivers. + $ modprobe hisi_qm + $ modprobe hisi_sec2 # Loads the hisi_sec2 driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_sec2.conf. + $ modprobe hisi_hpre # Loads the hisi_hpre driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_hpre.conf. + $ lsmod | grep uacce uacce 36864 3 hisi_sec2,hisi_qm,hisi_hpre ``` - ### Uninstalling the Accelerator Software Packages #### Scenario + You do not need the accelerator engine software or you want to install new accelerator engine software. #### Procedure -1. Use SSH to log in to the Linux CLI as user **root**. -2. Restart the system or run commands to manually uninstall the accelerator drivers loaded to the kernel, and check whether the drivers are successfully uninstalled. - ``` - # lsmod | grep uacce +1. Use SSH to log in to the Linux CLI as user **root**. +2. Restart the system or run commands to manually uninstall the accelerator drivers loaded to the kernel, and check whether the drivers are successfully uninstalled. + + ```sh + $ lsmod | grep uacce uacce 36864 3 hisi_sec2,hisi_qm,hisi_hpre - # rmmod hisi_hpre - # rmmod hisi_sec2 - # rmmod hisi_qm - # rmmod uacce - # lsmod | grep uacce - # + $ rmmod hisi_hpre + $ rmmod hisi_sec2 + $ rmmod hisi_qm + $ rmmod uacce + $ lsmod | grep uacce + ``` -3. Run the **rpm -e** command to uninstall the accelerator engine software packages. The following is an example: +3. Run the **rpm -e** command to uninstall the accelerator engine software packages. The following is an example: - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >Due to the dependency relationships, the **libkae** package must be uninstalled before the **libwd** package. + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > + >Due to the dependency relationships, the **libkae** package must be uninstalled before the **libwd** package. ![](./figures/en-us_image_0231143196.png) ![](./figures/en-us_image_0231143197.png) -4. Run the **rpm -qa |grep** command to check whether the uninstallation is successful. +4. Run the **rpm -qa |grep** command to check whether the uninstallation is successful. ![](./figures/en-us_image_0231143198.png) - ## Querying Logs [Table 3](#table52821836) lists log information related to the accelerator engine. @@ -499,9 +504,9 @@ You do not need the accelerator engine software or you want to install new accel

/var/log/

-

message/syslog

+

messages/syslog

-
  • Kernel logs are stored in the /var/log/message directory.
+
  • Kernel logs are stored in the /var/log/messages directory.
NOTE:

Alternatively, you can run the dmesg > /var/log/dmesg.log command to collect driver and kernel logs.

@@ -511,14 +516,13 @@ You do not need the accelerator engine software or you want to install new accel ## Acceleration Engine Application ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->If you have not purchased the engine license, you are advised not to use the KAE engine to invoke the corresponding algorithms. Otherwise, the performance of the OpenSSL encryption algorithm may be affected. - - +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>If you have not purchased the engine license, you are advised not to use the KAE engine to invoke the corresponding algorithms. Otherwise, the performance of the OpenSSL encryption algorithm may be affected. ### Example Code for the KAE -``` +```c #include #include @@ -574,7 +578,7 @@ int main(int argc, char **argv) Create the **openssl.cnf** file and add the following configuration information to the file: -``` +```text openssl_conf=openssl_def [openssl_def] engines=engine_section @@ -590,13 +594,13 @@ init=1 Export the environment variable **OPENSSL\_CONF**. -``` +```sh export OPENSSL_CONF=/home/app/openssl.cnf #Path for storing the openssl.cnf file ``` The following is an example of the OpenSSL configuration file: -``` +```c #include #include @@ -643,59 +647,59 @@ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); OpenSSL_add_all_algorith ## Troubleshooting - - ### Initialization Failure #### Symptom + The accelerator engine is not completely loaded due to an initialization failure. #### Solution -1. Check whether the accelerator drivers are loaded successfully. Specifically, run the **lsmod** command to check whether uacce.ko, qm.ko, sgl.ko, hisi\_sec2.ko, hisi\_hpre.ko, hisi\_zip.ko, and hisi\_rde.ko exist. - ``` - # lsmod | grep uacce +1. Check whether the accelerator drivers are loaded successfully. Specifically, run the **lsmod** command to check whether uacce.ko, qm.ko, sgl.ko, hisi\_sec2.ko, hisi\_hpre.ko, hisi\_zip.ko, and hisi\_rde.ko exist. + + ```sh + $ lsmod | grep uacce uacce 262144 2 hisi_hpre,hisi_qm,hisi_sec2,hisi_zip,hisi_rde ``` -2. Check whether the accelerator engine library exists in **/usr/lib64** \(directory for RPM installation\) or **/usr/local/lib** \(directory for source code installation\) and the OpenSSL installation directory, and check whether the correct soft link is established. +2. Check whether the accelerator engine library exists in **/usr/lib64** \(directory for RPM installation\) or **/usr/local/lib** \(directory for source code installation\) and the OpenSSL installation directory, and check whether the correct soft link is established. - ``` + ```sh [root@localhost home]# ll /usr/local/lib/engines-1.1/ |grep kae - #Check whether the KAE has been correctly installed and whether a soft link has been established. If yes, the displayed information is as follows: - # ll /usr/local/lib/engines-1.1/ |grep kae + # Check whether the KAE has been correctly installed and whether a soft link has been established. If yes, the displayed information is as follows: lrwxrwxrwx. 1 root root 22 Nov 12 02:33 kae.so -> kae.so.1.0.1 lrwxrwxrwx. 1 root root 22 Nov 12 02:33 kae.so.0 -> kae.so.1.0.1 -rwxr-xr-x. 1 root root 112632 May 25 2019 kae.so.1.0.1 - [[root@localhost home]# + [root@localhost home]# [root@localhost home]# ll /usr/lib64/ | grep libwd - #Check whether libwd has been correctly installed and whether a soft link has been established. If yes, the displayed information is as follows: + # Check whether libwd has been correctly installed and whether a soft link has been established. If yes, the displayed information is as follows: lrwxrwxrwx. 1 root root 14 Nov 12 02:33 libwd.so -> libwd.so.1.0.1 lrwxrwxrwx. 1 root root 14 Nov 12 02:33 libwd.so.0 -> libwd.so.1.0.1 -rwxr-xr-x. 1 root root 137120 May 25 2019 libwd.so.1.0.1 [root@localhost home]# ``` -3. Check whether the path of the OpenSSL engine library can be exported by running the **export** command. +3. Check whether the path of the OpenSSL engine library can be exported by running the **export** command. - ``` - # echo $OPENSSL_ENGINES - # export OPENSSL_ENGINES=/usr/local/lib/engines-1.1 - # echo $OPENSSL_ENGINES + ```sh + $ echo $OPENSSL_ENGINES + $ export OPENSSL_ENGINES=/usr/local/lib/engines-1.1 + $ echo $OPENSSL_ENGINES /usr/local/lib/engines-1.1 ``` - ### Failed to Identify Accelerator Devices After the Acceleration Engine Is Installed #### Symptom + After the acceleration engine is installed, the accelerator devices cannot be identified. #### Solution -1. Check whether the device exists in the virtual file system. Normally, the following accelerator devices are displayed: - ``` - # ls -al /sys/class/uacce/ +1. Check whether the device exists in the virtual file system. Normally, the following accelerator devices are displayed: + + ```sh + $ ls -al /sys/class/uacce/ total 0 lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-2 -> ../../devices/pci0000:78/0000:78:00.0/0000:79:00.0/uacce/hisi_hpre-2 lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-3 -> ../../devices/pci0000:b8/0000:b8:00.0/0000:b9:00.0/uacce/hisi_hpre-3 @@ -707,37 +711,38 @@ After the acceleration engine is installed, the accelerator devices cannot be id lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_zip-7 -> ../../devices/pci0000:b4/0000:b4:00.0/0000:b5:00.0/uacce/hisi_zip-7 ``` -2. If you want to use the HPRE device but the device is not found in [1](#li1760055514614), check whether the accelerator software is correctly installed by referring to [Failed to Upgrade the Accelerator Drivers](#failed-to-upgrade-the-accelerator-drivers). -3. If the accelerator software is correctly installed, run the **lspci** command to check whether the physical device exists. +2. If you want to use the HPRE device but the device is not found in [1](#li1760055514614), check whether the accelerator software is correctly installed by referring to [Failed to Upgrade the Accelerator Drivers](#failed-to-upgrade-the-accelerator-drivers). +3. If the accelerator software is correctly installed, run the **lspci** command to check whether the physical device exists. - ``` - # lspci | grep HPRE + ```sh + $ lspci | grep HPRE 79:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon HPRE Engine (rev 21) b9:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon HPRE Engine (rev 21) - ## lspci | grep SEC + $ lspci | grep SEC 76:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon SEC Engine (rev 21) b6:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon SEC Engine (rev 21) - ## lspci | grep RDE + $ lspci | grep RDE 78:01.0 RAID bus controller: Huawei Technologies Co., Ltd. HiSilicon RDE Engine (rev 21) b8:01.0 RAID bus controller: Huawei Technologies Co., Ltd. HiSilicon RDE Engine (rev 21) - ## lspci | grep ZIP + $ lspci | grep ZIP 75:00.0 Processing accelerators: Huawei Technologies Co., Ltd. HiSilicon ZIP Engine (rev 21) b5:00.0 Processing accelerators: Huawei Technologies Co., Ltd. HiSilicon ZIP Engine (rev 21) - # ``` -4. If no physical device is found in [3](#li1560012551369), perform the following operations: - - Check whether the accelerator license has been imported. If no, import the accelerator license. For details, see "License Management" in the [TaiShan Rack Server iBMC \(V500 or Later\) User Guide](https://support.huawei.com/enterprise/en/doc/EDOC1100121685/426cffd9?idPath=7919749|9856522|21782478|8060757). After the accelerator license is imported, power off and restart the BMC to enable the license. - - Check whether the BMC and BIOS versions support the accelerator feature. - +4. If no physical device is found in [3](#li1560012551369), perform the following operations: + - Check whether the accelerator license has been imported. If no, import the accelerator license. For details, see "License Management" in the [TaiShan Rack Server iBMC \(V500 or Later\) User Guide](https://support.huawei.com/enterprise/en/doc/EDOC1100121685/426cffd9?idPath=7919749|9856522|21782478|8060757). After the accelerator license is imported, power off and restart the iBMC to enable the license. + - Check whether the iBMC and BIOS versions support the accelerator feature. ### Failed to Upgrade the Accelerator Drivers #### Symptom + After the accelerator drivers are upgraded, the driver version is not changed after the system is restarted. #### Possible Cause + Before the accelerator drivers are upgraded, the system upgrades other driver packages. These driver packages may update the boot file system initramfs, and update the accelerator drivers to initramfs before upgrade. For example, if the NIC driver is updated or initramfs is manually updated, the system loads the accelerator drivers from initramfs first during restart. #### Solution + After the accelerator drivers are upgraded, run the **dracut \-\-force** command to update initramfs again. diff --git a/docs/en/docs/Administration/viewing-system-information.md b/docs/en/docs/Administration/viewing-system-information.md index 322c28ac81b19afab4a59e2d0aff4a61a360311b..011526a2a4cba07282c5230d9920d7d16c0a8320 100644 --- a/docs/en/docs/Administration/viewing-system-information.md +++ b/docs/en/docs/Administration/viewing-system-information.md @@ -2,19 +2,19 @@ - Run the following command to view the system information: - ``` - $ cat /etc/os-release + ```sh + cat /etc/os-release ``` For example, the command and output are as follows: - ``` - $ cat /etc/os-release + ```sh + cat /etc/os-release NAME="openEuler" - VERSION="20.03 (LTS)" + VERSION="20.03 (LTS-SP4)" ID="openEuler" VERSION_ID="20.03" - PRETTY_NAME="openEuler 20.03 (LTS)" + PRETTY_NAME="openEuler 20.03 (LTS-SP4)" ANSI_COLOR="0;31" ``` @@ -23,20 +23,24 @@ Run the following command to view the CPU information: - ``` - $ lscpu + ```sh + lscpu ``` Run the following command to view the memory information: - ``` - $ free + ```sh + free ``` Run the following command to view the disk information: - ``` - $ fdisk -l + ```sh + fdisk -l ``` + Run the following command to view the real-time information about system resources: + ```sh + top + ``` diff --git a/docs/en/docs/ApplicationDev/application-development.md b/docs/en/docs/ApplicationDev/application-development.md index 37e6fe6f72174bce3105f26947d0475221719f63..43c272078ae6cc82edc5d54c378c6042456147b4 100644 --- a/docs/en/docs/ApplicationDev/application-development.md +++ b/docs/en/docs/ApplicationDev/application-development.md @@ -4,45 +4,28 @@ This document describes the common tools used for application development and gu ## Overview -This document describes the following four parts to guide users to use openEuler and develop code based on openEuler. +This document describes the following four parts. -- Install and use the GCC compiler in the openEuler operating system \(OS\), and complete the development, compilation, and execution of simple code. -- In the openEuler OS, use the JDK built-in tool to compile and execute code. -- Install IntelliJ IDEA in the openEuler OS for Java development. -- Create an RPM package locally or using the Open Build Service \(OBS\). +- Install and use the GCC compiler in the openEuler operating system \(OS\), and complete the development, compilation, and execution of simple code. +- In the openEuler OS, use the JDK built-in tool to compile and execute code. +- Install IntelliJ IDEA in the openEuler OS for Java development. +- Create an RPM package locally or using the Open Build Service \(OBS\). ## Intended Audience This document is intended for all users who use the openEuler OS for code development. You are expected to have the following experience or capabilities: -- Have basic knowledge of the Linux OS. -- Know how to use Linux command lines. +- Have basic knowledge of the Linux OS. +- Know how to use Linux command lines. ## Symbol Conventions The symbols that may be found in this document are defined as follows. - - - - - - - - - - - - -

Symbol

-

Description

-

![](./figures/en-us_image_0229243712.png)

-

Indicates a potentially hazardous situation which, if not avoided, could result in equipment damage, data loss, performance deterioration, or unanticipated results.

-

NOTICE is used to address practices not related to personal injury.

-

![](./figures/en-us_image_0229243671.png)

-

Supplements the important information in the main text.

-

NOTE is used to address information not related to personal injury, equipment damage, and environment deterioration.

-
+| Symbol |Description | +|:--- |:---- | +| ![](figures/en-us_image_0229243671.png)|Indicates a potentially hazardous situation which, if not avoided, could result in equipment damage, data loss, performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal injury.| +| ![](figures/en-us_image_0229243712.png)|Supplements the important information in the main text.
NOTE is used to address information not related to personal injury, equipment damage, and environment deterioration.| ## Command Conventions diff --git a/docs/en/docs/ApplicationDev/building-an-rpm-package.md b/docs/en/docs/ApplicationDev/building-an-rpm-package.md index 42d917c3824dcdefd49b0106af71fd6704d01d7c..0529fe54ce148ed143cbc43871cad10a59a19609 100644 --- a/docs/en/docs/ApplicationDev/building-an-rpm-package.md +++ b/docs/en/docs/ApplicationDev/building-an-rpm-package.md @@ -1,6 +1,6 @@ # Building an RPM Package -This section describes how to build an RPM software package on a local PC or using OBS. For details, see [https://gitee.com/openeuler/community/blob/master/zh/contributors/packaging.md](https://gitee.com/openeuler/community/blob/master/zh/contributors/packaging.md). +This section describes how to build an RPM software package on a local PC or using OBS. For details, see the [openEuler Packaging Guide](https://gitee.com/openeuler/community/blob/master/en/contributors/packaging.md). - [Building an RPM Package](#building-an-rpm-package) @@ -18,19 +18,19 @@ This section describes how to build an RPM software package on a local PC or usi - ## Packaging Description ### Principles -During RPM packaging, the source code needs to be compiled. The compiled configuration files and binary command files need to be placed in proper positions. The RPM packages need to be tested as required. A workspace is required for these operations. The **rpmbuild** command uses a set of standard workspaces. -``` -$ rpmdev-setuptree +During RPM packaging, the source code needs to be compiled. The compiled configuration files and binary command files need to be placed in proper positions. The RPM packages need to be tested as required. A workspace is required for these operations. The `rpmbuild` command uses a set of standard workspaces. + +```shell +rpmdev-setuptree ``` -The **rpmdev-setuptree** command is used to install rpmdevtools. After the command is executed, the **rpmbuild** folder is generated in the **/root** directory \(or the **/home/**_username_ directory for non-root users\). The directory structure is as follows: +The `rpmdev-setuptree` command is provided by rpmdevtools. After the command is executed, the **rpmbuild** folder is generated in the **/root** directory (or the **/home/**_username_ directory for non-root users). The directory structure is as follows: -``` +```shell $ tree rpmbuild rpmbuild ├── BUILD @@ -101,17 +101,18 @@ The content is described as follows: -The **\~/rpmbuild/SPECS** directory contains the configuration file of the RPM package, which is the drawing of the RPM package. This file tells the **rpmbuild** command how to build the RPM package. The **Macro Code** column contains the corresponding directories in the .spec file, which is similar to the macro or global variable in the programming language. +The **\~/rpmbuild/SPECS** directory contains the configuration file of the RPM package, which tells the `rpmbuild` command how to build the RPM package. The **Macro Code** column contains the corresponding directories in the .spec file, which is similar to the macros in the programming languages or global variables. ### Packaging Process + The packaging process is as follows: -1. Place the source code in **%\_sourcedir**. -2. Compile the source code in **%\_builddir**. Generally, the source code is compressed and needs to be decompressed first. -3. Install the RPM package. The installation is similar to pre-assembling the software package. Copy the contents \(such as binary files, configuration files, and man files\) that should be contained in the software package to **%\_buildrootdir** and assemble the contents based on the actual directory structure after installation. For example, if binary commands are stored in **/usr/bin**, copy the directory structure to **%\_buildrootdir**. -4. Perform necessary configurations, such as preparations before installation and cleanup after installation. These are configured in the SPEC file to tell the **rpmbuild** command how to build. -5. Check whether the software is running properly. -6. The generated RPM package is stored in **%\_rpmdir**, and the source code package is stored in **%\_srpmdir**. +1. Place the source code in **%\_sourcedir**. +2. Compile the source code in **%\_builddir**. Generally, the source code is compressed and needs to be decompressed first. +3. Install the RPM package. The installation is similar to pre-assembling the software package. Copy the contents (such as binary files, configuration files, and man files) that should be contained in the software package to **%\_buildrootdir** and assemble the contents based on the actual directory structure after installation. For example, if binary commands are stored in **/usr/bin**, copy the directory structure to **%\_buildrootdir**. +4. Perform necessary configurations, such as preparations before installation and cleanup after installation. These are configured in the SPEC file. +5. Check whether the software runs properly. +6. The generated RPM package is stored in **%\_rpmdir**, and the source code package is stored in **%\_srcrpmdir**. In the SPEC file, each phase is described as follows: @@ -132,7 +133,7 @@ In the SPEC file, each phase is described as follows:

%_builddir

-

Read the source code and patch in the %_sourcedir directory. Then, decompress the source code to the %_builddir subdirectory and apply all patches.

+

Read the source code and patches in the %_sourcedir directory. Then, decompress the source code to the %_builddir subdirectory and apply all patches.

%build

@@ -159,7 +160,7 @@ In the SPEC file, each phase is described as follows:

%_builddir

-

Check whether the software is running properly. Run a command similar to make test.

+

Check whether the software runs properly. Run a command similar to make test.

bin

@@ -185,16 +186,16 @@ In the SPEC file, each phase is described as follows: ### Packaging Options -Run the **rpmbuild** command to build the software package. The **rpmbuild** command can be used to build software packages by building .spec, .tar, and source files. +Run the `rpmbuild` command to build the software package. The `rpmbuild` command can be used to build software packages by building .spec, .tar, and source files. -The format of the **rpmbuild** command is rpmbuild \[_option_...\] +The format of the `rpmbuild` command is `rpmbuild [option...]` [Table 1](#table1342946175212) describes the common rpmbuild packaging options. **Table 1** rpmbuild Packaging Options - - @@ -109,10 +106,10 @@ For any given input file, the file type determines which compilation to perform. Using GCC to generate executable files from source code files requires preprocessing, compilation, assembly, and linking. -1. Preprocessing: Preprocess the source program \(such as a **.c** file\) to generate an **.i** file. -2. Compilation: Compile the preprocessed **.i** file into an assembly language to generate an **.s** file. -3. Assemble: Assemble the assembly language file to generate the target file **.o**. -4. Linking: Link the **.o** files of each module to generate an executable program file. +1. Preprocessing: Preprocess the source program \(such as a **.c** file\) to generate an **.i** file. +2. Compilation: Compile the preprocessed **.i** file into an assembly language to generate an **.s** file. +3. Assemble: Assemble the assembly language file to generate the target file **.o**. +4. Linking: Link the **.o** files of each module to generate an executable program file. The **.i**, **.s**, and **.o** files are intermediate or temporary files. If the GCC is used to compile programs in C language at a time, these files will be deleted. @@ -179,14 +176,14 @@ GCC is a powerful compiler. It has many _options_, but most of them are not com - - - @@ -104,11 +103,11 @@ The GNU make utility \(usually abbreviated as make\) is a tool for controlling t The process of deploying make to generate an executable file from the source code file is described as follows: -1. The make command reads the Makefiles, including the files named GNUmakefile, makefile, and Makefile in the current directory, the included makefile, and the rule files specified by the **-f**, **\-\-file**, and **\-\-makefile** options. -2. Initialize variables. -3. Derive implicit rules, analyze dependencies, and create a dependency chain. -4. Determine which targets need to be regenerated based on the dependency chain. -5. Run a command to generate the final file. +1. The make command reads the Makefiles, including the files named GNUmakefile, makefile, and Makefile in the current directory, the included makefile, and the rule files specified by the **-f**, **\-\-file**, and **\-\-makefile** options. +2. Initialize variables. +3. Derive implicit rules, analyze dependencies, and create a dependency chain. +4. Determine which targets need to be regenerated based on the dependency chain. +5. Run a command to generate the final file. ### make Options @@ -178,7 +177,7 @@ _target_ : target specified in Makefile. - @@ -188,7 +187,7 @@ _target_ : target specified in Makefile. - @@ -226,7 +225,7 @@ This chapter describes the structure and main contents of makefiles. For more in The makefile file structure is as follows: -_targets_:_prereguisites_ +_targets_:_prerequisites_ _command_ @@ -238,10 +237,10 @@ _command_ In the preceding information: -- _targets_ : targets, which can be target files, executable files, or tags. -- _prerequisites_ : dependency files, which are the files or targets required for generating the _targets_. There can be multiple or none of them. -- _command_ : command \(any shell command\) to be executed by make. Multiple commands are allowed, and each command occupies a line. -- Use colons \(:\) to separate the target files from the dependency files. Press **Tab** at the beginning of each command line. +- _targets_ : targets, which can be target files, executable files, or tags. +- _prerequisites_ : dependency files, which are the files or targets required for generating the _targets_. There can be multiple or none of them. +- _command_ : command \(any shell command\) to be executed by make. Multiple commands are allowed, and each command occupies a line. +- Use colons \(:\) to separate the target files from the dependency files. Press **Tab** at the beginning of each command line. The makefile file structure indicates the output target, the object on which the output target depends, and the command to be executed for generating the target. @@ -249,51 +248,48 @@ The makefile file structure indicates the output target, the object on which the A makefile file consists of the following contents: -- Explicit rule +- Explicit rule Specify the dependency, such as the file to be generated, dependency file, and generated command. -- Implicit rule +- Implicit rule Specify the rule that is automatically derived by make. The make command supports the automatic derivation function. -- Variable definition -- File indicator +- Variable definition +- File indicator The file indicator consists of three parts: - - Inclusion of other makefiles, for example, include xx.md - - Selective execution, for example, \#ifdef - - Definition of multiple command lines, for example, define...endef. \(define ... endef\) + - Inclusion of other makefiles, for example, include xx.md + - Selective execution, for example, \#ifdef + - Definition of multiple command lines, for example, define...endef. \(define ... endef\) -- Comment +- Comment The comment starts with a number sign \(\#\). - ## Examples - - ### Example of Using Makefile to Implement Compilation -1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. - ``` - $ cd ~/code + ```shell + cd ~/code ``` 2. Create a header file **hello.h** and two functions **hello.c** and **main.c**. - ``` - $ vi hello.h - $ vi hello.c - $ vi main.c + ```shell + vi hello.h + vi hello.c + vi main.c ``` The following is an example of the **hello.h** code: - ``` + ```c #pragma once #include void hello(); @@ -301,7 +297,7 @@ A makefile file consists of the following contents: The following is an example of the **hello.c** code: - ``` + ```c #include "hello.h" void hello() { @@ -312,12 +308,11 @@ A makefile file consists of the following contents: i++; } } - ``` The following is an example of the **main.c** code: - ``` + ```c #include "hello.h" #include int main() @@ -327,15 +322,15 @@ A makefile file consists of the following contents: } ``` -3. Create the makefile. +3. Create the makefile. - ``` - $ vi Makefile + ```shell + vi Makefile ``` The following provides an example of the makefile content: - ``` + ```text main:main.o hello.o gcc -o main main.o hello.o main.o:main.c @@ -346,24 +341,24 @@ A makefile file consists of the following contents: rm -f hello.o main.o main ``` -4. Run the **make** command. +4. Run the **make** command. - ``` - $ make + ```shell + make ``` After the command is executed, the commands executed in makefile are printed. If you do not need to print the information, add the **-s** option to the **make** command. + ```shell gcc -c main.c - gcc -c hello.c - gcc -o main main.o hello.o + ``` -5. Execute the ./main target. +5. Execute the ./main target. - ``` - $ ./main + ```shell + ./main ``` After the command is executed, the following information is displayed: diff --git a/docs/en/docs/Container/appendix.md b/docs/en/docs/Container/appendix.md index eae445ef363dee1bdff53655cf276259a7500811..a63af2230b862027f8e13fec6d708e86f2dab2ff 100644 --- a/docs/en/docs/Container/appendix.md +++ b/docs/en/docs/Container/appendix.md @@ -1,7 +1,4 @@ # Appendix -- [Appendix](#appendix) - - [Command Line Parameters](#command-line-parameters) - - [CNI Parameters](#cni-parameters) ## Command Line Parameters @@ -15,7 +12,7 @@ - @@ -24,6 +21,11 @@ + + + - + + +

option Value

+ @@ -202,7 +203,7 @@ The format of the **rpmbuild** command is rpmbuild \[_option_...\] - - - - - - - - - - - - - - - - - - - @@ -363,50 +364,48 @@ The format of the **rpmbuild** command is rpmbuild \[_option_...\] This section uses an example to describe how to build an RPM software package locally. - - ### Setting Up the Development Environment #### Prerequisites + You have obtained the **root** permission, and have configured a repo source for openEuler. #### Procedure -You can use the DNF tool to install rpmdevtools, including the **rpm-build** command and related dependencies \(such as make and gdb\). Run the following command: -``` -# dnf install rpmdevtools* +You can use the DNF tool to install rpmdevtools, including the `rpm-build` command and related dependencies (such as make and gdb). Run the following command: + +```shell +dnf install rpmdevtools* ``` ### Creating a Hello World RPM Package -The following uses the packaging process of the GNU Hello World project as an example. The package contains the most common peripheral components related to the typical Free and Open Source Software \(FOSS\) project, including the configuration, compilation, and installation environments, documents, and internationalization \(i18n\) information. - - +The following uses the packaging process of the GNU Hello World project as an example. The package contains the most common peripheral components related to the typical Free and Open Source Software (FOSS) project, including the configuration, compilation, and installation environments, documents, and internationalization (i18n) information. #### Obtaining the Source Code Run the following command to download the source code of the official example: -``` -$ cd ~/rpmbuild/SOURCES -$ wget http://ftp.gnu.org/gnu/hello/hello-2.10.tar.gz +```shell +cd ~/rpmbuild/SOURCES +wget http://ftp.gnu.org/gnu/hello/hello-2.10.tar.gz ``` #### Editing the SPEC File Run the following command to create the .spec file in the **~/rpmbuild/SPECS** directory: -``` -$ cd ~/rpmbuild/SPECS -$ vi hello.spec +```shell +cd ~/rpmbuild/SPECS +vi hello.spec ``` Write the corresponding content to the file and save the file. The following is an example of the file content. Modify the corresponding fields based on the actual requirements. -``` +```text Name: hello Version: 2.10 -Release: 1%{?dist} +Release: Summary: The "Hello World" program from GNU Summary(zh_CN): GNU Hello World program License: GPLv3+ @@ -458,25 +457,25 @@ fi - Update to 2.9 ``` -- The **Name** tag indicates the software name, the **Version** tag indicates the version number, and the **Release** tag indicates the release number. -- The **Summary** tag is a brief description. The first letter of the tag must be capitalized to prevent the rpmlint tool \(packaging check tool\) from generating alarms. -- The **License** tag describes the protocol version of the software package. The packager is responsible for checking the license status of the software, which can be implemented by checking the source code or license file or communicating with the author. -- The **Group** tag is used to classify software packages by **/usr/share/doc/rpm-/GROUPS**. Currently, this tag has been discarded. However, the VIM template still has this tag. You can delete it. However, adding this tag does not affect the system. The **%changelog** tag should contain the log of changes made for each release, especially the description of the upstream security/vulnerability patches. The **%changelog** tag should contain the version string to avoid the rpmlint tool from generating alarms. -- If multiple lines are involved, such as %changelog or %description, start from the next line of the instruction and end with a blank line. -- Some unnecessary lines \(such as BuildRequires and Requires\) can be commented out with a number sign \(\#\) at the beginning of the lines. -- The default values of **%prep**, **%build**, **%install**, and **%file** are retained. +- The **Name** tag indicates the software name, the **Version** tag indicates the version number, and the **Release** tag indicates the release number. +- The **Summary** tag is a brief description. The first letter of the tag must be capitalized to prevent the rpmlint tool (packaging check tool) from generating alarms. +- The **License** tag describes the protocol version of the software package. The packager is responsible for checking the license status of the software, which can be implemented by checking the source code or license file or communicating with the author. +- The **Group** tag is used to classify software packages by **/usr/share/doc/rpm/GROUPS**. Currently, this tag has been discarded. However, the VIM template still has this tag. You can delete it. However, adding this tag does not affect the system. The **%changelog** tag should contain the log of changes made for each release, especially the description of the upstream security/vulnerability patches. The **%changelog** tag should contain the version string to avoid the rpmlint tool from generating alarms. +- If multiple lines are involved, such as %changelog or %description, start from the next line of the instruction and end with a blank line. +- Some unnecessary lines (such as **BuildRequires** and **Requires**) can be commented out with a number sign (\#) at the beginning of the lines. +- The default values of **%prep**, **%build**, **%install**, and **%files** are retained. #### Building an RPM Package Run the following command in the directory where the .spec file is located to build the source code, binary files, and software packages that contain debugging information: -``` -$ rpmbuild -ba hello.spec +```shell +rpmbuild -ba hello.spec ``` Run the following command to view the execution result: -``` +```shell $ tree ~/rpmbuild/*RPMS /home/testUser/rpmbuild/RPMS @@ -492,160 +491,154 @@ $ tree ~/rpmbuild/*RPMS This section describes how to build RPM software packages using the OBS on the web page or with OSC. There are two methods: -- Modifying an existing software package: Modify the source code of an existing software package and build the modified source code into an RPM software package. -- Adding a software package: A new software source file is developed from scratch, and the newly developed source file is used to build an RPM software package. - - +- Modifying an existing software package: Modify the source code of an existing software package and build the modified source code into an RPM software package. +- Creating a software package: Developing a new software source file from scratch, and then build the newly developed source file into an RPM software package. ### OBS Overview -OBS is a general compilation framework based on the openSUSE distribution. It is used to build source code packages into RPM software packages or Linux images. OBS uses the automatic distributed compilation mode and supports the compilation of images and installation packages of multiple Linux OS distributions \(such as openEuler, SUSE, and Debian\) on multiple architecture platforms \(such as x86 and ARM64\). +OBS is a generic compilation framework based on the openSUSE distribution. It is used to build source code packages into RPM software packages or Linux images. OBS uses the automatic distributed compilation mode and supports the compilation of images and installation packages of multiple Linux OS distributions (such as openEuler, SUSE, and Debian) on multiple architecture platforms (such as x86 and ARM64). -OBS consists of the backend and frontend. The backend implements all core functions. The frontend provides web applications and APIs for interaction with the backend. In addition, OBS provides an API command line client OSC, which is developed in an independent repository. +OBS consists of the backend and frontend. The backend implements core functions. The frontend provides web applications and APIs for interaction with the backend. In addition, OBS provides an API command line client OSC, which is developed in an independent repository. -OBS uses the project organization software package. Basic permission control, related repository, and build targets \(OS and architecture\) can be defined in the project. A project can contain multiple subprojects. Each subproject can be configured independently to complete a task. +OBS organizes the software packages as projects. Basic permission control, related repositories, and build targets (OS and architecture) can be defined in the project. A project can contain multiple subprojects. Each subproject can be configured independently to complete a task. ### Building an RPM Software Package Online -This section describes how to build an RPM software package online on OBS. - - +This section describes how to build an RPM software package online using the OBS web client. #### Building an Existing Software Package ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- If you use OBS for the first time, register an individual account on the OBS web page. ->- With this method, you must copy the modified code and commit it to the code directory before performing the following operations. The code directory is specified in the **\_service** file. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- If you use OBS for the first time, register an individual account on the OBS web page. +>- This method requires the modified code. You must submit the code to a correct code path before performing the following operations. The code path is specified in the **\_service** file. To modify the source code of the existing software and build the modified source file into an RPM software package on the OBS web client, perform the following steps: -1. Log in to OBS at [https://build.openeuler.org/](https://build.openeuler.org/). -2. Click **All Projects**. The **All Projects** page is displayed. -3. Click the project to be modified. The project details page is displayed. For example, click **openEuler:Mainline**. -4. On the project details page, search for the software package to be modified and click the software package name. The software package details page is displayed. -5. Click **Branch package**. In the displayed dialog box, click **Accept**, as shown in [Figure 1](#fig77646143214). +1. Log in to OBS at [https://build.openeuler.org/](https://build.openeuler.org/). +2. Click **All Projects**. The **All Projects** page is displayed. +3. Click the project to be modified. The project details page is displayed. For example, click **openEuler:Mainline**. +4. On the project details page, search for the software package to be modified and click the software package name. The software package details page is displayed. +5. Click **Branch package**. In the displayed dialog box, click **Accept**, as shown in [Figure 1](#fig77646143214). - **Figure 1** **Branch Confirmation** page + **Figure 1** Branch Confirmation page ![](./figures/branch-confirmation-page.png "branch-confirmation-page") -6. Click the **\_service** file to go to the editing page, modify the file content, and click **Save**. An example of the **\_service** file content is as follows. _userCodeURL_ and _userCommitID_ indicate the user code path and commission version number or branch, respectively. +6. Click the **\_service** file to go to the editing page, modify the file content, and then click **Save**. An example of the **\_service** file content is as follows. _userCodeURL_ and _userCommitID_ indicate the user code path and commit version or branch, respectively. - ``` + ```xml git userCodeURL - userCommitID + userCommitID - bz2 - *.tar + bz2 + *.tar ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Click **Save** to save the **\_service** file. OBS downloads the source code from the specified URL to the software directory of the corresponding OBS project based on the **\_service** file description and replaces the original file. For example, the **kernel** directory of the **openEuler:Mainline** project in the preceding example. -7. After the files are copied and replaced, OBS automatically starts to build the RPM software package. Wait until the build is complete and view the build status in the status bar on the right. - - **succeeded**: The build is successful. You can click **succeeded** to view the build logs, as shown in [Figure 2](#fig10319114217337). +7. After the files are copied and replaced, OBS automatically starts to build the RPM software package. Wait until the build is complete and view the build status in the status bar on the right. + - **succeeded**: The build is successful. You can click **succeeded** to view the build logs, as shown in [Figure 2](#fig10319114217337). **Figure 2** **Succeeded** page ![](./figures/succeeded-page.png "succeeded-page") - - **failed**: The build failed. Click **failed** to view error logs, locate the fault, and rebuild again. - - **unresolvable**: The build is not performed. The possible cause is that the dependency is missing. - - **disabled**: The build is manually closed or is queuing for build. - - **excluded**: The build is prohibited. The possible cause is that the .spec file is missing or the compilation of the target architecture is prohibited in the .spec file. + - **failed**: The build failed. Click **failed** to view error logs, locate the fault, and rebuild again. + - **unresolvable**: The build is not performed. A possible cause is missing dependencies. + - **disabled**: The build is manually closed or is queuing for build. + - **excluded**: The build is prohibited. The possible cause is that the .spec file is missing or the compilation of the target architecture is prohibited in the .spec file. +#### Creating a Software Package -#### Adding a Software Package +To create a new software package on the OBS web page, perform the following steps: -To add a new software package on the OBS web page, perform the following steps: - -1. Log in to the OBS console. -2. Select a project based on the dependency of the new software package. That is, click **All Projects** and select the corresponding project, for example, **openEuler:Mainline**. -3. Click a software package in the project. The software package details page is displayed. -4. Click **Branch package**. On the confirmation page that is displayed, click **Accept**. -5. Click **Delete package** to delete the software package in the new subproject, as shown in [Figure 3](#fig18306181103615). +1. Log in to the OBS console. +2. Select a project based on the dependency of the new software package. That is, click **All Projects** and select the corresponding project, for example, **openEuler:Mainline**. +3. Click a software package in the project. The software package details page is displayed. +4. Click **Branch package**. On the confirmation page that is displayed, click **Accept**. +5. Click **Delete package** to delete the software package in the new subproject, as shown in [Figure 3](#fig18306181103615). **Figure 3** Deleting a software package from a subproject ![](./figures/deleting-a-software-package-from-a-subproject.png "deleting-a-software-package-from-a-subproject") - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >The purpose of creating a project by using existing software is to inherit the dependency such as the environment. Therefore, you need to delete these files. + >![](./public_sys-resources/icon-note.gif) **NOTE:** + >The purpose of creating a project by using existing software is to inherit the dependencies, such as the environment. Therefore, you need to delete these files. -6. Click **Create Package**. On the page that is displayed, enter the software package name, title, and description, and click **Create** to create a software package, as shown in [Figure 4](#fig6762111693811) and [Figure 5](#fig18351153518389). +6. Click **Create Package**. On the page that is displayed, enter the software package name, title, and description, and click **Create** to create a software package, as shown in [Figure 4](#fig6762111693811) and [Figure 5](#fig18351153518389). - **Figure 4** **Create Package** page + **Figure 4** Create Package page ![](./figures/create-package-page.png "create-package-page") **Figure 5** Creating a software package ![](./figures/creating-a-software-package.png "creating-a-software-package") -7. Click **Add file** to upload the .spec file and the file to be compiled \(specified in the .spec file\), as shown in [Figure 6](#fig1475845284011). +7. Click **Add file** to upload the .spec file and the file to be compiled (specified in the .spec file), as shown in [Figure 6](#fig1475845284011). **Figure 6** **Add file** page ![](./figures/add-file-page.png "add-file-page") -8. After the file is uploaded, OBS automatically starts to build the RPM software package. Wait until the build is complete and view the build status in the status bar on the right. - - **succeeded**: The build is successful. You can click **succeeded** to view the build logs. - - **failed**: The build failed. Click **failed** to view error logs, locate the fault, and rebuild again. - - **unresolvable**: The build is not performed. The possible cause is that the dependency is missing. - - **disabled**: The build is manually closed or is queuing for build. - - **excluded**: The build is prohibited. The possible cause is that the .spec file is missing or the compilation of the target architecture is prohibited in the .spec file. - +8. After the file is uploaded, OBS automatically starts to build the RPM software package. Wait until the build is complete and view the build status in the status bar on the right. + - **succeeded**: The build is successful. You can click **succeeded** to view the build logs. + - **failed**: The build failed. Click **failed** to view error logs, locate the fault, and rebuild again. + - **unresolvable**: The build is not performed. A possible cause is missing dependencies. + - **disabled**: The build is manually closed or is queuing for build. + - **excluded**: The build is prohibited. The possible cause is that the .spec file is missing or the compilation of the target architecture is prohibited in the .spec file. #### Obtaining the Software Package After the RPM software package is built, perform the following operations to obtain the RPM software package on the web page: -1. Log in to the OBS console. -2. Click **All Projects** and find the project corresponding to the required software package, for example, **openEuler:Mainline**. -3. Click the name of the required software package in the project. The software package details page is displayed, for example, the **kernel** page in the preceding example. +1. Log in to the OBS console. +2. Click **All Projects** and find the project corresponding to the required software package, for example, **openEuler:Mainline**. +3. Click the name of the required software package in the project. The software package details page is displayed, for example, the **kernel** page in the preceding example. -1. Click the **Repositories** tab. On the software repository management page that is displayed, click **Enable** in **Publish Flag** to enable the RPM software package download function \(the status changes from ![](./figures/en-us_image_0229243704.png) to ![](./figures/en-us_image_0229243702.png)\), as shown in [Figure 7](#fig17480830144217). +4. Click the **Repositories** tab. On the software repository management page that is displayed, click **Enable** in **Publish Flag** to enable the RPM software package download function (the status changes from ![](./figures/en-us_image_0229243704.png) to ![](./figures/en-us_image_0229243702.png)), as shown in [Figure 7](#fig17480830144217). - **Figure 7** **Repositories** page + **Figure 7** Repositories page ![](./figures/repositories-page.png "repositories-page") -2. Click the project name in the **Repository** column. On the RPM software package download page that is displayed, click **Download** on the right of the RPM software package to download the RPM software package, as shown in [Figure 8](#fig12152145615438). +5. Click the project name in the **Repository** column. On the RPM software package download page that is displayed, click **Download** on the right of the RPM software package to download the RPM software package, as shown in [Figure 8](#fig12152145615438). **Figure 8** RPM software package download page ![](./figures/rpm-software-package-download-page.png "rpm-software-package-download-page") - ### Building a Software Package Using OSC This section describes how to use the OBS command line tool OSC to create a project and build an RPM software package. - - #### Installing and Configuring the OSC ##### Prerequisites -You have obtained the **root** permission, and have configured a repo source for openEuler. + +You have obtained the **root** permissions, and have configured an openEuler repo source. ##### Procedure -1. Install the OSC command line tool and its dependency as the **root** user. - ``` - # dnf install osc build +1. Install the OSC command line tool and its dependency as the **root** user. + + ```shell + dnf install osc build ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The compilation of RPM software packages depends on build. -2. Configure the OSC. - 1. Run the following command to open the **\~/.oscrc** file: +2. Configure the OSC. + 1. Run the following command to open the **\~/.oscrc** file: - ``` - $ vi ~/.oscrc + ```shell + vi ~/.oscrc ``` - 2. Add the **user** and **pass** fields to **\~/.oscrc**. The values of _userName_ and _passWord_ are the account and password registered on the OBS website \([https://build.openeuler.org/](https://build.openeuler.org/)\). + 2. Add the **user** and **pass** fields to **\~/.oscrc**. The values of _userName_ and _passWord_ are the account and password registered on the OBS website ([https://build.openeuler.org/](https://build.openeuler.org/)). - ``` + ```text [general] apiurl = https://build.openeuler.org/ [https://build.openeuler.org/] @@ -653,48 +646,47 @@ You have obtained the **root** permission, and have configured a repo source f pass=passWord ``` - #### Building an Existing Software Package -**Creating a Project** +##### Creating a Project -1. You can copy an existing project to create a subproject of your own. For example, to copy the **zlib** software package in the **openEuler:Mainline** project to the new branch, run the following command: +1. You can copy an existing project to create a subproject of your own. For example, to copy the **zlib** software package in the **openEuler:Mainline** project to the new branch, run the following command: - ``` - $ osc branch openEuler:Mainline zlib + ```shell + osc branch openEuler:Mainline zlib ``` If the following information is displayed, a new branch project **home:testUser:branches:openEuler:Mainline** is created for user **testUser**. - ``` + ```console A working copy of the branched package can be checked out with: osc co home:testUser:branches:openEuler:Mainline/zlib ``` -2. Download the configuration file \(for example, **\_service**\) of the software package to be modified to the local directory. In the preceding command, _testUser_ indicates the account name configured in the **\~/.oscrc** configuration file. Change it based on the actual requirements. +2. Download the configuration file (for example, **\_service**) of the software package to be modified to the local directory. In the preceding command, _testUser_ indicates the account name configured in the **\~/.oscrc** configuration file. Change it based on the actual requirements. - ``` - $ osc co home:testUser:branches:openEuler:Mainline/zlib + ```shell + osc co home:testUser:branches:openEuler:Mainline/zlib ``` Information similar to the following is displayed: - ``` + ```console A home:testUser:branches:openEuler:Mainline A home:testUser:branches:openEuler:Mainline/zlib A home:testUser:branches:openEuler:Mainline/zlib/_service ``` -3. Go to the local subproject directory and synchronize the remote code of the software package to the local host. +3. Go to the local subproject directory and synchronize the remote code of the software package to the local host. - ``` - $ cd home:testUser:branches:openEuler:Mainline/zlib - $ osc up -S + ```shell + cd home:testUser:branches:openEuler:Mainline/zlib + osc up -S ``` Information similar to the following is displayed: - ``` + ```console A _service:tar_scm_kernel_repo:0001-Neon-Optimized-hash-chain-rebase.patch A _service:tar_scm_kernel_repo:0002-Porting-optimized-longest_match.patch A _service:tar_scm_kernel_repo:0003-arm64-specific-build-patch.patch @@ -704,115 +696,110 @@ You have obtained the **root** permission, and have configured a repo source f A _service:tar_scm_kernel_repo:zlib.spec ``` +##### Building an RPM Package -**Building an RPM Package** +1. Rename the source file and add the renamed source file to the temporary storage of OBS. -1. Rename the source file and add the renamed source file to the temporary storage of OBS. - - ``` - $ rm -f _service;for file in `ls | grep -v .osc`;do new_file=${file##*:};mv $file $new_file;done - $ osc addremove * + ```shell + rm -f _service;for file in `ls | grep -v .osc`;do new_file=${file##*:};mv $file $new_file;done + osc addremove * ``` -2. Modify the source code and .spec file, and run the following command to update the file. +2. Modify the source code and .spec file, and run the following command to update the file. - ``` - $ osc up + ```shell + osc up ``` -3. Synchronize all modifications of the corresponding software package to the OBS server. The following is an example of command. The information after the **-m** parameter indicates the submmission record. +3. Synchronize all modifications of the corresponding software package to the OBS server. The following is an example command. The information after the `-m` parameter is the commit log. - ``` - $ osc ci -m "commit log" + ```shell + osc ci -m "commit log" ``` -4. Run the following command to obtain the repository name and architecture of the current project: +4. Run the following command to obtain the repository name and architecture of the current project: - ``` - $ osc repos home:testUser:branches:openEuler:Mainline + ```shell + osc repos home:testUser:branches:openEuler:Mainline ``` -5. After the modification is committed, OBS automatically compiles the software package. You can run the following command to view the compilation logs of the corresponding repository. In the command, *standard\_aarch64* and _aarch64_ indicate the repository name and architecture obtained in the command output. +5. After the modification is committed, OBS automatically compiles the software package. You can run the following command to view the compilation logs of the corresponding repository. In the command, `standard\_aarch64` and `aarch64` are the repository name and architecture obtained in the command output. - ``` - $ osc buildlog standard_aarch64 aarch64 + ```shell + osc buildlog standard_aarch64 aarch64 ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >You can also open the created project on the web client to view the build logs. +#### Creating a Software Package -#### Adding a Software Package - -To use the OSC tool of OBS to add a new software package, perform the following steps: +To use the OSC tool of OBS to create a new software package, perform the following steps: -**Creating a Project** +##### Creating a Project -1. Create a project based on the dependency of the new software package and a proper project. For example, to create a project based on **zlib** of the **openEuler:Mainline** project, run the following command \(**zlib** is any software package in the project\): +1. Create a project based on the dependency of the new software package and a proper project. For example, to create a project based on **zlib** of the **openEuler:Mainline** project, run the following command (**zlib** is any software package in the project): - ``` - $ osc branch openEuler:Mainline zlib + ```shell + osc branch openEuler:Mainline zlib ``` -2. Delete unnecessary software packages added during project creation. For example, to delete the **zlib** software package, run the following command: +2. Delete unwanted software packages added during project creation. For example, to delete the **zlib** software package, run the following command: - ``` - $ cd home:testUser:branches:openEuler:Mainline - $ osc rm zlib - $ osc commit -m "commit log" + ```shell + cd home:testUser:branches:openEuler:Mainline + osc rm zlib + osc commit -m "commit log" ``` -3. Create a software package in your own project. For example, to add the **my-first-obs-package** software package, run the following command: +3. Create a software package in your own project. For example, to create a **my-first-obs-package** software package, run the following command: - ``` - $ mkdir my-first-obs-package - $ cd my-first-obs-package + ```shell + mkdir my-first-obs-package + cd my-first-obs-package ``` +##### Building an RPM Package -**Building an RPM Package** +1. Add the prepared source file and .spec file to the software package directory. +2. Modify the source code and .spec file, and upload all files of the corresponding software package to the OBS server. The following is a command example. The information after the **-m** parameter is the commit log. -1. Add the prepared source file and .spec file to the software package directory. -2. Modify the source code and .spec file, and upload all files of the corresponding software package to the OBS server. The following is a command example. The information after the **-m** parameter is the commission record. - - ``` - $ cd home:testUser:branches:openEuler:Mainline - $ osc add my-first-obs-package - $ osc ci -m "commit log" + ```shell + cd home:testUser:branches:openEuler:Mainline + osc add my-first-obs-package + osc ci -m "commit log" ``` -3. Run the following command to obtain the repository name and architecture of the current project: +3. Run the following command to obtain the repository name and architecture of the current project: - ``` - $ osc repos home:testUser:branches:openEuler:Mainline + ```shell + osc repos home:testUser:branches:openEuler:Mainline ``` -4. After the modification is committed, OBS automatically compiles the software package. You can run the following command to view the compilation logs of the corresponding repository. In the command, _standard\_aarch64_ and _aarch64_ indicate the repository name and architecture obtained in the command output. +4. After the modification is committed, OBS automatically compiles the software package. You can run the following command to view the compilation logs of the corresponding repository. In the command, `standard\_aarch64` and `aarch64` are the repository name and architecture obtained in the command output. - ``` - $ cd home:testUser:branches:openEuler:Mainline/my-first-obs-package - $ osc buildlog standard_aarch64 aarch64 + ```shell + cd home:testUser:branches:openEuler:Mainline/my-first-obs-package + osc buildlog standard_aarch64 aarch64 ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >You can also open the created project on the web client to view the build logs. - #### Obtaining the Software Package -After the RPM software package is built, run the following command to obtain the RPM software package using the OSC: +After the RPM software package is built, run the following command to obtain the RPM software package using OSC: -``` -$ osc getbinaries home:testUser:branches:openEuler:Mainline my-first-obs-package standard_aarch64 aarch64 +```shell +osc getbinaries home:testUser:branches:openEuler:Mainline my-first-obs-package standard_aarch64 aarch64 ``` The parameters in the command are described as follows. You can modify the parameters according to the actual situation. -- _home:testUser:branches:openEuler:Mainline_: name of the project to which the software package belongs. -- _my-first-obs-package_: name of the software package. -- _standard\_aarch64_: repository name. -- _aarch64_: repository architecture name. +- `home:testUser:branches:openEuler:Mainline`: name of the project to which the software package belongs. +- `my-first-obs-package`: name of the software package. +- `standard\_aarch64`: repository name. +- `aarch64`: repository architecture name. ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >You can also obtain the software package built using OSC from the web page. For details, see [Obtaining the Software Package](#obtaining-the-software-package). - diff --git a/docs/en/docs/ApplicationDev/preparation.md b/docs/en/docs/ApplicationDev/preparation.md deleted file mode 100644 index 5b03fc1adf9e672b7b21863a5e2003f30b65d953..0000000000000000000000000000000000000000 --- a/docs/en/docs/ApplicationDev/preparation.md +++ /dev/null @@ -1,501 +0,0 @@ -# Preparation - - - -- [Preparation](#preparation) - - [Configuring the Development Environment](#configuring-the-development-environment) - - [OS Requirements](#os-requirements) - - [Configuring a Repo Source](#configuring-a-repo-source) - - [Configuring a Repo Source by Directly Obtaining the Repo Source File](#configuring-a-repo-source-by-directly-obtaining-the-repo-source-file) - - [Configuring a Repo Source by Mounting an ISO File](#configuring-a-repo-source-by-mounting-an-iso-file) - - [Installing the Software Package](#installing-the-software-package) - - [Installing the JDK Software Package](#installing-the-jdk-software-package) - - [Installing the rpm-build Software Package](#installing-the-rpm-build-software-package) - - [Using the IDE for Java Development](#using-the-ide-for-java-development) - - [Overview](#overview) - - [Logging In to the Server Using MobaXterm](#logging-in-to-the-server-using-mobaxterm) - - [Setting the JDK Environment](#setting-the-jdk-environment) - - [Downloading and Installing the GTK Library](#downloading-and-installing-the-gtk-library) - - [Setting X11 Forwarding](#setting-x11-forwarding) - - [Downloading and Running IntelliJ IDEA](#downloading-and-running-intellij-idea) - - -## Configuring the Development Environment - -- If physical machines (PMs) are used, the minimum hardware requirements of the development environment are described in [Table 1](#table154419352610). - - **Table 1** Minimum hardware specifications - - - -

Option Value

Description

-bp specfile

Starts build from the %prep phase of the specfile (decompress the source code package and install the patch).

+

Starts build from the %prep phase of the specfile (decompresses the source code package and installs the patches).

-bc specfile

@@ -217,7 +218,7 @@ The format of the **rpmbuild** command is rpmbuild \[_option_...\]

-bl specfile

Starts check from the %file phase of the specfile.

+

Starts check from the %files phase of the specfile.

-ba specfile

@@ -237,7 +238,7 @@ The format of the **rpmbuild** command is rpmbuild \[_option_...\]

-rp sourcefile

Starts build from the %prep phase of the sourcefile (decompress the source code package and install the patch).

+

Starts build from the %prep phase of the sourcefile (decompresses the source code package and installs the patches).

-rc sourcefile

@@ -252,7 +253,7 @@ The format of the **rpmbuild** command is rpmbuild \[_option_...\]

-rl sourcefile

Starts build from the %file phase of the sourcefile.

+

Starts build from the %files phase of the sourcefile.

-ra sourcefile

@@ -272,7 +273,7 @@ The format of the **rpmbuild** command is rpmbuild \[_option_...\]

-tp tarfile

Starts build from the %prep phase of the tarfile (decompress the source code package and install the patch).

+

Starts build from the %prep phase of the tarfile (decompresses the source code package and installs the patches).

-tc tarfile

@@ -300,58 +301,58 @@ The format of the **rpmbuild** command is rpmbuild \[_option_...\]

Uses the tarfile to build the source code package.

\-\-buildroot=DIRECTORY

+

--buildroot=DIRECTORY

During the build, uses DIRECTORY to overwrite the default /root directory.

+

During the build, uses DIRECTORY instead of the default /root directory.

\-\-clean

+

--clean

Deletes the files in the BUILD directory.

\-\-nobuild

+

--nobuild

No actual build steps are performed. It can be used to test the .spec file.

\-\-noclean

+

--noclean

Skips the %clean phase of the .spec file (even if it does exist).

\-\-nocheck

+

--nocheck

Skips the %check phase of the .spec file (even if it does exist).

\-\-dbpath DIRECTORY

+

--dbpath DIRECTORY

Uses the database in DIRECTORY instead of the default directory /var/lib/rpm.

+

Uses the database in DIRECTORY instead of the default directory /var/lib/rpm.

\-\-root DIRECTORY

+

--root DIRECTORY

Sets DIRECTORY to the highest level. The default value is /, indicating the highest level.

\-\-rebuild sourcefile

+

--rebuild sourcefile

Installs the specified source code package sourcefile, that is, start preparation, compilation, and installation of the source code package.

\-\-recompile sourcefile

+

--recompile sourcefile

Builds a new binary package based on \-\-recompile. When the build is complete, the build directory, source code, and .spec file are deleted.

-

The deletion effect is the same as that of \-\-clean.

+

Builds a new binary package based on --recompile. When the build is complete, the build directory, source code, and .spec file are deleted.

+

The deletion effect is the same as that of --clean.

-?, \-\-help

+

-?, --help

Displays detailed help information.

\-\-version

+

--version

Displays detailed version information.

- - - - - - - - - - - - - - - - - - - - - -

Component

-

Minimum Hardware Specification

-

Description

-

Architecture

-
  • AArch64
  • x86_64
-
  • 64-bit Arm architecture
  • 64-bit Intel x86 architecture
-

CPU

-
  • Huawei Kunpeng 920 series
  • Intel ® Xeon® processor
-

-

-

Memory

-

≥ 4 GB (8 GB or higher recommended for better user experience)

-

-

-

Hard disk

-

≥ 120 GB (for better user experience)

-

IDE, SATA, SAS interfaces are supported.

-
- -- If virtual machines (VMs) are used, the minimum virtualization space required for the development environment is described in [Table 2](#table780410493819). - - **Table 2** Minimum virtualization space - - - - - - - - - - - - - - - - - - - - - - - - - -

Component

-

Minimum Virtualization Space

-

Description

-

Architecture

-
  • AArch64
  • x86_64
-

-

-

CPU

-

Two CPUs

-

-

-

Memory

-

≥ 4 GB (8 GB or higher recommended for better user experience)

-

-

-

Hard disk

-

≥ 32 GB (120 GB or higher recommended for better user experience)

-

-

-
- - -### OS Requirements - -The openEuler OS is required. - -For details about how to install the openEuler OS, see the \[*openEuler 20.03 LTS Installation Guide*\](./../Installation/Installation.html ). On the **SOFTWARE SELECTION** page, select **Development Tools** in the **Add-Ons for Selected Environment** area. - -## Configuring a Repo Source - -Configure an online yum source by directly obtaining the online openEuler repo source. Alternatively, configure a local yum source by mounting an ISO file and creating a local openEuler repo source. - -### Configuring a Repo Source by Directly Obtaining the Repo Source File - -> ![](./public_sys-resources/icon-note.gif) **NOTE:** -> openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](./../Releasenotes/installing-the-os.html). This section uses the **openEuler\_aarch64.repo** file as an example to describe how to configure the OS repo source as the yum source. - -1. Go to the yum source directory and check the .repo configuration file in the directory. - - ``` - $ cd /etc/yum.repos.d - $ ls - openEuler_aarch64.repo - ``` - -2. Edit the **openEuler\_aarch64.repo** file as the **root** user. Configure the online openEuler repo source as the yum source. - - ``` - # vi openEuler_aarch64.repo - ``` - - Edit the **openEuler\_aarch64.repo** file as follows: - - ``` - [osrepo] - - name=osrepo - - baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/ - - enabled=1 - - gpgcheck=1 - gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler - ``` - - **** - - - > ![](./public_sys-resources/icon-note.gif) **NOTE:** - > - > - The repoid in \[*repoid* \] indicates the ID of the software repository. Repoids in all .repo configuration files must be unique. In the example, repoid is set to **base**. - > - **name** indicates the string that the software repository describes. - > - **baseurl** indicates the address of the software repository. - > - **enabled** indicates whether to enable the software source repository. The value can be **1** or **0**. The default value is **1**, indicating that the software source repository is enabled. - > - **gpgcheck** indicates whether to enable the GNU privacy guard (GPG) to check the validity and security of sources of RPM packages. **1** indicates GPG check is enabled. **0** indicates the GPG check is disabled. If this option is not specified, the GPG check is enabled by default. - > - **gpgkey** is the public key used to verify the signature. - - -### Configuring a Repo Source by Mounting an ISO File - -> ![](./public_sys-resources/icon-note.gif) ********NOTE:******** -> openEuler provides multiple ISO release packages. For details about each ISO release package, see [System Installation](./../Releasenotes/installing-the-os.html). This section uses the **openEuler-20.03-LTS-aarch64-dvd.iso** file and **openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum** verification file as examples. Modify them based on the actual requirements. - -1. Download the ISO release package. - - - Download an ISO image using a cross-platform file transfer tool. - - 1. Log in to the openEuler community at [https://openeuler.org](https://openeuler.org). - - 2. Click **Download**. - - 3. Click the link provided after **Download ISO**. The download list is displayed. - - 4. Select the version to be downloaded, for example, openEuler 20.03 LTS. Then, click **openEuler-20.03-LTS**. The download list is displayed. - - 5. Click **ISO**. The ISO download list is displayed. - - - **aarch64**: ISO image file of the AArch64 architecture - - **x86\_64**: ISO image file of the x86\_64 architecture - - **source**: ISO image file of the openEuler source code - - 6. Click **aarch64**. - - 7. Click **openEuler-20.03-LTS-aarch64-dvd.iso** to download the openEuler release package to the local host. - - 8. Click **openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. - - 9. Log in to the openEuler OS and create a directory for storing the release package and verification file, for example, ~/iso\*\*. - - ``` - $ mkdir ~/iso - ``` - - 10. Use a cross-platform file transfer tool (such as WinSCP) to upload the local openEuler release package and verification file to the target openEuler OS. - - - Run the **wget** command to download the ISO image. - - 1. Log in to the openEuler community at [https://openeuler.org](https://openeuler.org). - - 2. Click **Download**. - - 3. Click the link provided after **Download ISO**. The download list is displayed. - - 4. Select the version to be downloaded, for example, openEuler 20.03 LTS. Then, click **openEuler-20.03-LTS**. The download list is displayed. - - 5. Click **ISO**. The ISO download list is displayed. - - - **aarch64**: ISO image file of the AArch64 architecture - - **x86\_64**: ISO image file of the x86\_64 architecture - - **source**: ISO image file of the openEuler source code - - 6. Click **aarch64**. - - 7. Right-click **openEuler-20.03-LTS-aarch64-dvd.iso** and choose **Copy URL** from the shortcut menu to copy the address of the openEuler release package. - - 8. Right-click **openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum** and choose **Copy URL** from the shortcut menu to copy the address of the openEuler verification file. - - 9. Log in to the openEuler OS, create a directory (for example, **~/iso**) for storing the release package and verification file, and switch to the directory. - - ``` - $ mkdir ~/iso - $ cd ~/iso - ``` - - 10. Run the **wget** command to remotely download the release package and verification file. In the command, **ipaddriso** and **ipaddrisosum** are the addresses copied in [1.g](#li62369349505) and [1.h](#li9236203405015). - - ``` - $ wget ipaddriso - $ wget ipaddrisosum - ``` - -2. Release Package Integrity Check - - 1. Obtain the verification value in the verification file. - - ``` - $ cat openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum - ``` - - 2. Calculate the SHA256 verification value of the openEuler release package. - - ``` - $ sha256sum openEuler-20.03-LTS-aarch64-dvd.iso - ``` - - After the command is run, the verification value is displayed. - - 3. Check whether the values calculated in step 1 and step 2 are consistent. - - If the verification values are consistent, the .iso file is not damaged. If they are inconsistent, the file is damaged and you need to obtain the file again. - -3. Mount the ISO file and configure it as a repo source. - - Run the **mount** command as the **root** user to mount the image file. - - The following is an example: - - ``` - # mount /home/iso/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ - ``` - - The mounted **mnt** directory is as follows: - - ``` - . - │── boot.catalog - │── docs - │── EFI - │── images - │── Packages - │── repodata - │── TRANS.TBL - └── RPM-GPG-KEY-openEuler - ``` - - In the preceding command, **Packages** indicates the directory where the RPM package is stored, **repodata** indicates the directory where the repo source metadata is stored, and **RPM-GPG-KEY-openEuler** indicates the public key for signing openEuler. - -4. Go to the yum source directory and check the .repo configuration file in the directory. - - ``` - $ cd /etc/yum.repos.d - $ ls - openEuler_aarch64.repo - ``` - -6. Edit the **openEuler\_aarch64.repo** file as the **root** user. Configure the local openEuler repo source created in step [3](#li6236932222) as the yum source. - - ``` - # vi openEuler_aarch64.repo - ``` - - Edit the **openEuler\_aarch64.repo** file as follows: - - ``` - [localosrepo] - - name=localosrepo - - baseurl=file:///mnt - - enabled=1 - - gpgcheck=1 - gpgkey=file:///mnt/RPM-GPG-KEY-openEuler - ``` - -## Installing the Software Package - -Install the software required for development. The software required varies in different development environments. However, the installation methods are the same. This section describes how to install common software packages (such as JDK and rpm-build). Some development software, such as GCC and GNU make, is provided by the openEuler OS by default. - -### Installing the JDK Software Package - -1. Run the **dnf list installed \| grep jdk** command to check whether the JDK software is installed. - - ``` - $ dnf list installed | grep jdk - ``` - - Check the command output. If the command output contains "jdk", the JDK has been installed. If no such information is displayed, the software is not installed. - -2. Clear the cache. - - ``` - $ dnf clean all - ``` - -3. Create a cache. - - ``` - $ dnf makecache - ``` - -4. Query the JDK software package that can be installed. - - ``` - $ dnf search jdk | grep jdk - ``` - - View the command output and install the **java-x.x.x-openjdk-devel.aarch64** software package. **x.x.x** indicates the version number. - -5. Install the JDK software package as the **root** user. The following uses the **java-1.8.0-openjdk-devel** software package as an example. - - ``` - # dnf install java-1.8.0-openjdk-devel.aarch64 - ``` - -6. Query information about the JDK software. - - ``` - $ java -version - ``` - - Check the command output. If the command output contains "openjdk version "1.8.0\_232"", the JDK has been correctly installed. In the command output, **1.8.0\_232** indicates the JDK version. - -### Installing the rpm-build Software Package - -1. Run the **dnf list installed \| grep rpm-build** command to check whether the rpm-build software is installed. - - ``` - $ dnf list installed | grep rpm-build - ``` - - Check the command output. If the command output contains "rpm-build", the software has been installed. If no such information is displayed, the software is not installed. - -2. Clear the cache. - - ``` - $ dnf clean all - ``` - -3. Create a cache. - - ``` - $ dnf makecache - ``` - -4. Install the rpm-build package as the **root** user. - - ``` - # dnf install rpm-build - ``` - -5. Query the rpm-build software version. - - ``` - $ rpmbuild --version - ``` - -## Using the IDE for Java Development - -For small-sized Java applications, you can directly use JDK to compile them to run Java applications. However, for medium- and large-sized Java applications, this method cannot meet the development requirements. You can perform the following steps to install and use the IDE to facilitate Java development on the openEuler OS. - -### Overview - -IntelliJ IDEA is a popular Java IDE. You can download the community edition of IntelliJ IDEA for free. Currently, openEuler supports Java development in the IntelliJ IDEA integrated development environment (IDE), improving the work efficiency of developers. - -### Logging In to the Server Using MobaXterm - -MobaXterm is an excellent SSH client. It has an X Server and can easily solve remote GUI display problems. - -You need to download, install, and start MobaXterm in advance, and then log in to your server in SSH mode to perform the following operations: - -### Setting the JDK Environment - -Before setting JAVA\_HOME, you need to find the installation path of the JDK. You are supported to have installed the JDK. If you have not installed the JDK, install it by referring to Preparation > Installing the Software Package > Installing the JDK Software Package. - -Run the following command to view the Java path: - -``` -$ which java -/usr/bin/java -``` - -Run the following command to check the directory to which the soft link points: - -``` -$ ls -la /usr/bin/java -lrwxrwxrwx. 1 root root 22 Mar 6 20:28 /usr/bin/java -> /etc/alternatives/java -$ ls -la /etc/alternatives/java -lrwxrwxrwx. 1 root root 83 Mar 6 20:28 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64/jre/bin/java -``` - -The actual path is **/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64**. Run the following command to set **JAVA\_HOME** and **PATH**: - -``` -$ export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64 -$ export PATH=$JAVA_HOME/bin:$PATH -``` - -### Downloading and Installing the GTK Library - -Run the following command: - -``` -$ dnf list installed | grep gtk -``` - -If **gtk2** or **gtk3** is displayed, the GTK library has been installed. In this case, skip this step. Otherwise, run the following command as the **root** user to automatically download and install the GTK library: - -``` -# dnf -y install gtk2 libXtst libXrender xauth -``` - -### Setting X11 Forwarding - -Switch to the SSHD configuration directory. - -``` -$ cd ~/.ssh -``` - -If the directory does not exist, run the following command to create the directory and then switch to the directory: - -``` -$ mkdir ~/.ssh -``` - -Edit the configuration file in the **.ssh** directory and save the file. - -1. Run the **vim** command to open the configuration file. - - ``` - $ vim config - ``` - -2. Add the following content to the end of the file and save the file: - - ``` - Host * - ForwardAgent yes - ForwardX11 yes - ``` - -### Downloading and Running IntelliJ IDEA - -After the preceding environment configuration is complete, you can download and run the IntelliJ IDEA. The latest version of IntelliJ IDEA is incompatible with openEuler in some functions. You are advised to click [here](https://www.jetbrains.com/idea/download/other.html) and download the Linux package of the 2018 version. Move the downloaded package to the directory where you want to install the software and decompress the package. - -``` -$ tar xf ideaIC-2018.3.tar.gz -``` - -Decompress the package, switch to the IntelliJ IDEA directory, and run the IntelliJ IDEA. - -``` -$ cd ./idea-IC-183.4284.148 -$ bin/idea.sh & -``` \ No newline at end of file diff --git a/docs/en/docs/ApplicationDev/preparations-for-development-environment.md b/docs/en/docs/ApplicationDev/preparations-for-development-environment.md new file mode 100644 index 0000000000000000000000000000000000000000..c8a013518d563cf5c635fb4f508275b83eb44a3a --- /dev/null +++ b/docs/en/docs/ApplicationDev/preparations-for-development-environment.md @@ -0,0 +1,440 @@ +# Preparation + +## Configuring the Development Environment + +- The minimum hardware requirements for physical machines (PMs) are described in [Table 1](#table154419352610). + + **Table 1** Minimum hardware requirements + + + + + + + + + + + + + + + + + + + + + + + + + +

Component

+

Requirement

+

Description

+

Architecture

+
  • AArch64
  • x86_64
+
  • 64-bit Arm architecture
  • 64-bit Intel x86 architecture
+

CPU

+
  • Huawei Kunpeng 920 series
  • Intel ® Xeon® processor
+

-

+

Memory

+

≥ 4 GB (8 GB or higher recommended for better user experience)

+

-

+

Hard disk

+

≥ 120 GB (for better user experience)

+

IDE, SATA, SAS interfaces are supported.

+
+ +- The minimum virtualization space requirements for virtual machines (VMs) are described in [Table 2](#table780410493819). + + **Table 2** Minimum virtualization space requirements + + + + + + + + + + + + + + + + + + + + + + + + + +

Component

+

Requirement

+

Description

+

Architecture

+
  • AArch64
  • x86_64
+

-

+

CPU

+

Two CPUs

+

-

+

Memory

+

≥ 4 GB (8 GB or higher recommended for better user experience)

+

-

+

Hard disk

+

≥ 32 GB (120 GB or higher recommended for better user experience)

+

-

+
+ +### OS Requirements + +The openEuler OS is required. + +For details about how to install the openEuler OS, see the *[openEuler 20.03 LTS SP4 Installation Guide](./../Installation/Installation.md)*. On the **SOFTWARE SELECTION** page, select **Development Tools** in the **Add-Ons for Selected Environment** area. + +## Configuring a Repo Source + +Configure an online Yum source using the online openEuler repo source. Alternatively, configure a local Yum source by mounting an ISO file and creating a local openEuler repo source. + +### Configuring an Online Repo Source Using the openEuler Repo Source + +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> openEuler provides multiple online repo sources. For details about the repo sources, see [Installing the OS](./../Releasenotes/installing-the-os.md). This section uses the **openEuler\_aarch64.repo** file as an example to describe how to configure the openEuler repo source as the Yum source. + +1. Go to the Yum source directory and check the **.repo** configuration file in the directory. + + ```sh + $ cd /etc/yum.repos.d + $ ls + openEuler_aarch64.repo + ``` + +2. Edit the **openEuler\_aarch64.repo** file as the **root** user. Set the online openEuler repo source as the Yum source. + + ```sh + vi openEuler_aarch64.repo + ``` + + Edit the **openEuler\_aarch64.repo** file as follows: + + ```sh + [osrepo] + name=osrepo + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/RPM-GPG-KEY-openEuler + ``` + + **** + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > - \[*repoid*] indicates the ID of the software repository. The ID of each repository in all **.repo** configuration files must be unique. In this example, *repoid* is set to **osrepo**. + > - **name** indicates the description about the software repository. + > - **baseurl** indicates the address of the software repository. + > - **enabled** indicates whether to enable the software source repository. The value can be **1** or **0**. The default value is **1**, indicating that the software source repository is enabled. + > - **gpgcheck** indicates whether verify the validity and security of RPM packages using GNU privacy guard (GPG) signatures. **1** indicates that the GPG check is enabled. **0** indicates that the GPG check is disabled. If this option is not specified, the GPG check is enabled by default. + > - **gpgkey** is the public key used to verify the signature. + +### Configuring a Local Repo Source by Mounting an openEuler ISO File + +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> openEuler provides multiple ISO release packages. For details about each ISO release package, see [Installing the OS](./../Releasenotes/installing-the-os.md). This section uses the **openEuler-20.03-LTS-SP4-aarch64-dvd.iso** file and the sha256 verification file as examples. Modify them based on the actual requirements. + +1. Download the ISO release package. + - Download an ISO image using a cross-platform file transfer tool. + 1. Visit the [openEuler community](https://www.openeuler.org/en/). + 2. Choose **Downloads** > **Community Editions**. + 3. Locate the target version, for example, **openEuler 22.03 LTS SP4**. Then, click **Download**. The download list is displayed. + 4. The download list includes the following architectures and scenarios: + Architectures: + - **AArch64**: ISO of the AArch64 architecture. + - **x86\_64**: ISO of the x86\_64 architecture. + 5. Click **AArch64**. + 6. Choose **Offline Standard ISO** and click **Download** to download the openEuler release package to the local host. + 7. Click **SHA256** to copy the checksum. Save the checksum as a local verification file. + 8. Log in to the openEuler OS and create a directory for storing the release package and verification file, for example, **~/iso**. + + ```sh + mkdir ~/iso + ``` + + 9. Use a cross-platform file transfer tool (such as WinSCP) to upload the local openEuler release package and verification file to the openEuler OS. + + - Run the **wget** command to download the ISO image. + 1. Visit the [openEuler community](https://www.openeuler.org/en/). + 2. Choose **Downloads** > **Community Editions**. + 3. Locate the target version, for example, **openEuler 22.03 LTS SP4**. Then, click **Download**. The download list is displayed. + 4. The download list includes the following architectures and scenarios: + Architectures: + - **AArch64**: ISO of the AArch64 architecture. + - **x86\_64**: ISO of the x86\_64 architecture. + 5. Click **AArch64**. + 6. Choose **Offline Standard ISO**, right-click **Download**, and copy the link address. + 7. Right-click **SHA256** and copy the link address. + 8. Log in to the openEuler OS, create a directory for storing the release package and verification file, for example, **~/iso**. Then switch to the directory. + + ```sh + mkdir ~/iso + cd ~/iso + ``` + + 9. Run the **wget** command to remotely download the release package and verification file. In the command, replace **ipaddriso** with the address copied in steps 7. + + ```sh + wget ipaddriso + ``` + +2. Check the integrity of the release package + + 1. Calculate the SHA256 verification value of the openEuler release package. + + ```sh + sha256sum openEuler-20.03-LTS-SP4-aarch64-dvd.iso + ``` + + After the command is run, the verification value is displayed. + + 2. Check whether the calculated value is the same as that of the saved SHA256 value. + + If the verification values are the same, the ISO image file is not damaged. If they are not the same, the file is damaged and you need to obtain the file again. + +3. Mount the ISO file and configure it as a repo source. + + Run the `mount` command as the **root** user to mount the image file. + + The following is an example: + + ```sh + mount /home/iso/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt/ + ``` + + The mounted **mnt** directory is as follows: + + ```sh + . + │── boot.catalog + │── docs + │── EFI + │── images + │── Packages + │── repodata + │── TRANS.TBL + └── RPM-GPG-KEY-openEuler + ``` + + In the **mnt** directory, **Packages** is the directory where the RPM package is stored, **repodata** is the directory where the repo source metadata is stored, and **RPM-GPG-KEY-openEuler** is the public key of the openEuler signature. + +4. Go to the Yum source directory and check the **.repo** configuration file in the directory. + + ```sh + $ cd /etc/yum.repos.d + $ ls + openEuler_aarch64.repo + ``` + +5. Edit the **openEuler\_aarch64.repo** file as the **root** user. Configure the local openEuler repo source created in step [3](#li6236932222) as the Yum source. + + ```sh + vi openEuler_aarch64.repo + ``` + + Edit the **openEuler\_aarch64.repo** file as follows: + + ```sh + [localosrepo] + name=localosrepo + baseurl=file:///mnt + enabled=1 + gpgcheck=1 + gpgkey=file:///mnt/RPM-GPG-KEY-openEuler + ``` + +## Installing Software Packages + +Install the software required for development. The required software varies in different development environments. However, the installation method is the same. This section describes how to install common software packages (such as JDK and rpm-build). Some development software, such as GCC and GNU make, is installed the openEuler OS by default. + +### Installing the JDK Software Package + +1. Run the `dnf list installed | grep jdk` command to check whether the JDK software is installed. + + ```sh + dnf list installed | grep jdk + ``` + + If the command output contains **jdk**, JDK has been installed. If no such information is displayed, the software is not installed. + +2. Clear the cache. + + ```sh + dnf clean all + ``` + +3. Create a cache. + + ```sh + dnf makecache + ``` + +4. Query the JDK software packages that can be installed: + + ```sh + dnf search jdk | grep jdk + ``` + + View the command output and install the **java-x.x.x-openjdk-devel.aarch64** software package. *x.x.x* indicates the version number. OpenJDK 1.8, OpenJDK 11, and the latest OpenJDK are supported. + +5. Install the JDK software package as the **root** user. The following uses the **java-1.8.0-openjdk-devel** software package as an example. + + ```sh + dnf install java-1.8.0-openjdk-devel.aarch64 + ``` + +6. Query the version of JDK. + + ```sh + java -version + ``` + + If the command output contains **openjdk version "1.8.0_232"**, the JDK has been correctly installed. **1.8.0_232** indicates the JDK version. + +### Installing the rpm-build Software Package + +1. Run the `dnf list installed | grep rpm-build` command to check whether the rpm-build software is installed. + + ```sh + dnf list installed | grep rpm-build + ``` + + If the command output contains **rpm-build**, the software has been installed. If no such information is displayed, the software is not installed. + +2. Clear the cache. + + ```sh + dnf clean all + ``` + +3. Create a cache. + + ```sh + dnf makecache + ``` + +4. Install the rpm-build package as the **root** user. + + ```sh + dnf install rpm-build + ``` + +5. Query the version of rpm-build. + + ```sh + rpmbuild --version + ``` + +## Using an IDE for Java Development + +You can directly use JDK to compile small-sized Java applications. However, this method cannot meet the requirements for developing medium- to large-sized Java applications. You can perform the following steps to install and use an integrated development environment (IDE) to facilitate Java development on the openEuler OS. + +### Overview + +IntelliJ IDEA is a popular Java IDE. You can download its community edition for free. openEuler supports Java development using IntelliJ IDEA, improving work efficiency. + +### Logging In to the Server Using MobaXterm + +MobaXterm is an excellent SSH client with a built-in X server for displaying the GUI. + +You need to download, install, and start MobaXterm in advance, and then log in to your server using SSH to perform the following operations. + +### Setting the JDK Environment + +Before setting the **JAVA_HOME** variable, you need to find the installation path of JDK. If you have not installed JDK, install it by referring to [Installing the JDK Software Package](#installing-the-jdk-software-package). + +Run the following command to view the Java path: + +```sh +$ which java +/usr/bin/java +``` + +Run the following command to check the directory to which the symbolic link points: + +```sh +$ ls -la /usr/bin/java +lrwxrwxrwx. 1 root root 22 Mar 6 20:28 /usr/bin/java -> /etc/alternatives/java +$ ls -la /etc/alternatives/java +lrwxrwxrwx. 1 root root 83 Mar 6 20:28 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64/jre/bin/java +``` + +The actual path is **/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64**. Run the following command to set **JAVA_HOME** and **PATH**: + +```sh +export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64 +export PATH=$JAVA_HOME/bin:$PATH +``` + +### Downloading and Installing the GTK Library + +Run the following command: + +```sh +dnf list installed | grep gtk +``` + +If **gtk2** or **gtk3** is displayed, the GTK library has been installed. In this case, skip this step. Otherwise, run the following command as the **root** user to download and install the GTK library: + +```sh +dnf -y install gtk2 libXtst libXrender xauth +``` + +### Setting X11 Forwarding + +Switch to the sshd configuration directory. + +```sh +cd ~/.ssh +``` + +If the directory does not exist, run the following command to create the directory and then switch to the directory: + +```sh +mkdir ~/.ssh +``` + +Edit the configuration file in the **.ssh** directory and save the file. + +1. Use Vim to open the configuration file. + + ```sh + vim config + ``` + +2. Add the following content to the end of the file and save the file: + + ```sh + Host * + ForwardAgent yes + ForwardX11 yes + ``` + +### Downloading and Running IntelliJ IDEA + +After the preceding environment configuration is complete, you can download and run IntelliJ IDEA. The latest version of IntelliJ IDEA is incompatible with openEuler in some functions. You are advised to download a package of version 2018.* for Linux [here](https://www.jetbrains.com/idea/download/other.html). Move the downloaded package to the directory where you want to install the software and decompress the package. + +```sh +tar xf ideaIC-2018.3.tar.gz +``` + +Switch to the IntelliJ IDEA directory, and run IntelliJ IDEA. + +```sh +cd ./idea-IC-183.4284.148 +bin/idea.sh & +``` diff --git a/docs/en/docs/ApplicationDev/using-gcc-for-compilation.md b/docs/en/docs/ApplicationDev/using-gcc-for-compilation.md index bd66aaf38282ff97ec281d35e0af4dfb933f0e17..3dd05e8fca59c5c3e6ce163aef77062cfb0c8ce0 100644 --- a/docs/en/docs/ApplicationDev/using-gcc-for-compilation.md +++ b/docs/en/docs/ApplicationDev/using-gcc-for-compilation.md @@ -20,15 +20,12 @@ This chapter describes the basic knowledge of GCC compilation and provides examp - ## Overview The GNU Compiler Collection \(GCC\) is a powerful and high-performance multi-platform compiler developed by GNU. The GCC compiler can compile and link source programs, assemblers, and target programs of C and C++ into executable files. By default, the GCC software package is installed in the openEuler OS. ## Basics - - ### File Type For any given input file, the file type determines which compilation to perform. [Table 1](#table634145764320) describes the common GCC file types. @@ -99,7 +96,7 @@ For any given input file, the file type determines which compilation to perform.

.out

Executable files, which do not have a fixed suffix. The system distinguishes executable files from unexecutable files based on file attributes. If the name of an executable file is not given, GCC generates a file named a.out.

+

Executable files, which do not have a fixed suffix. The system distinguishes executable files from inexecutable files based on file attributes. If the name of an executable file is not given, GCC generates a file named a.out.

-

-L libary_path

+

-L library_path

Adds the library_path to the library file search path list.

-

-Ilibrary

+

-I library

Searches for the specified function library during linking.

When GCC is used to compile and link programs, GCC links libc.a or libc.so by default. However, other libraries (such as non-standard libraries and third-party libraries) need to be manually added.

@@ -233,24 +230,23 @@ GCC is a powerful compiler. It has many _options_, but most of them are not com There are two methods provided for compiling multiple source files. -- Multiple source files are compiled at the same time. All files need to be recompiled during compilation. +- Multiple source files are compiled at the same time. All files need to be recompiled during compilation. Example: Compile **test1.c** and **test2.c** and link them to the executable file **test**. - ``` - $ gcc test1.c test2.c -o test + ```shell + gcc test1.c test2.c -o test ``` -- Compile each source file, and then link the target files generated after compilation. During compilation, only modified files need to be recompiled. +- Compile each source file, and then link the target files generated after compilation. During compilation, only modified files need to be recompiled. For example, compile **test1.c** and **test2.c**, and link the target files **test1.o** and **test2.o** to the executable file **test**. + ```shell + gcc -c test1.c + gcc -c test2.c + gcc test1.o test2.o -o test ``` - $ gcc -c test1.c - $ gcc -c test2.c - $ gcc -o test1.o test2.o -o test - ``` - ## Libraries @@ -260,66 +256,66 @@ The library file name is prefixed with lib and suffixed with .so \(dynamic libra Libraries are classified into static libraries and dynamic libraries based on the linking time. The static library links and packs the target file .o generated by assembly and the referenced library into an executable file in the linking phase. The dynamic library is not linked to the target code when the program is compiled, but is loaded when the program is run. The differences are as follows: -- The resource usage is different. +- The resource usage is different. The static library is a part of the generated executable file, while the dynamic library is a separate file. Therefore, the sizes and occupied disk space of the executable files of the static library and dynamic library are different, which leads to different resource usage. -- The scalability and compatibility are different. +- The scalability and compatibility are different. If the implementation of a function in the static library changes, the executable file must be recompiled. For the executable file generated by dynamic linking, only the dynamic library needs to be updated, and the executable file does not need to be recompiled. -- The dependency is different. +- The dependency is different. The executable file of the static library can run without depending on any other contents, while the executable file of the dynamic library must depend on the dynamic library. Therefore, the static library is convenient to migrate. -- The loading speeds are different. +- The loading speeds are different. Static libraries are linked together with executable files, while dynamic libraries are linked only when they are loaded or run. Therefore, for the same program, static linking is faster than dynamic linking. - - ### Dynamic Link Library You can use the **-shared** and **-fPIC** options to create a dynamic link library \(DLL\) with the source file, assembly file, or target file. The **-fPIC** option is used in the compilation phase. This option is used when the target file is generated, so as to generate location-independent code. Example 1: Generate a DLL from the source file. -``` -$ gcc -fPIC -shared test.c -o libtest.so +```shell +gcc -fPIC -shared test.c -o libtest.so ``` Example 2: Generate a DLL from the target file. -``` -$ gcc -fPIC -c test.c -o test.o -$ gcc -shared test.o -o libtest.so +```shell +gcc -fPIC -c test.c -o test.o +gcc -shared test.o -o libtest.so ``` To link a DLL to an executable file, you need to list the name of the DLL in the command line. Example: Compile **main.c** and **libtest.so** into **app.out**. When **app.out** is running, the link library **libtest.so** is dynamically loaded. -``` -$ gcc main.c libtest.so -o app.out +```shell +gcc main.c libtest.so -o app.out ``` In this mode, the **libtest.so** file in the current directory is used. If you choose to search for a DLL, to ensure that the DLL can be linked when the program is running, you must implement by using one of the following methods: -- Save the DLL to a standard directory, for example, **/usr/lib**. -- Add the DLL path **libaryDIR** to the environment variable **LD\_LIBRARY\_PATH**. +- Save the DLL to a standard directory, for example, **/usr/lib**. +- Add the DLL path **libraryDIR** to the environment variable **LD_LIBRARY_PATH**. - $ export LD\_LIBRARY\_PATH=libraryDIR:$LD\_LIBRARY\_PATH + ```shell + export LD_LIBRARY_PATH=libraryDIR:$LD_LIBRARY_PATH + ``` >![](./public_sys-resources/icon-note.gif) **NOTE:** >**LD\_LIBRARY\_PATH** is an environment variable of the DLL. If the DLL is not in the default directories \(**/lib** and **/usr/lib**\), you need to specify the environment variable **LD\_LIBRARY\_PATH**. -- Add the DLL path **libaryDIR** to **/etc/ld.so.conf** and run **ldconfig**, or use the DLL path **libaryDIR** as a parameter to run **ldconfig**. +- Add the DLL path **libraryDIR** to **/etc/ld.so.conf** and run **ldconfig**, or use the DLL path **libraryDIR** as a parameter to run **ldconfig**. -``` -$ gcc main.c -L libraryDIR -ltest -o app.out -$ export LD_LIBRARY_PATH=libraryDIR:$LD_LIBRARY_PATH +```shell +gcc main.c -L libraryDIR -ltest -o app.out +export LD_LIBRARY_PATH=libraryDIR:$LD_LIBRARY_PATH ``` ### Static Link Library @@ -328,9 +324,9 @@ To create a static link library \(SLL\), you need to compile the source file to Example: Compile and compress source files **test1.c**, **test2.c**, and **test3.c** into an SLL. -``` -$ gcc -c test1.c test2.c test3.c -$ ar rcs libtest.a test1.o test2.o test3.o +```shell +gcc -c test1.c test2.c test3.c +ar rcs libtest.a test1.o test2.o test3.o ``` The **ar** command is a backup compression command. You can compress multiple files into a backup file \(also called an archive file\) or extract member files from the backup file. The most common use of **ar** is to compress the target files into an SLL. @@ -339,41 +335,39 @@ The format of the **ar** command to compress the target files into an SLL is a ar rcs _Sllfilename_ _Targetfilelist_ -- _Sllfilename_ : Name of the static library file. -- _Targetfilelist_ : Target file list. -- **r**: replaces the existing target file in the library or adds a new target file. -- **c**: creates a library regardless of whether the library exists. -- **s**: creates the index of the target file. The speed can be improved when a large library is created. +- _Sllfilename_ : Name of the static library file. +- _Targetfilelist_ : Target file list. +- **r**: replaces the existing target file in the library or adds a new target file. +- **c**: creates a library regardless of whether the library exists. +- **s**: creates the index of the target file. The speed can be improved when a large library is created. Example: Create a main.c file to use the SLL. -``` -$ gcc main.c -L libraryDIR -ltest -o test.out +```shell +gcc main.c -L libraryDIR -ltest -o test.out ``` In the preceding command, **libraryDIR** indicates the path of the libtest.a library. ## Examples - - ### Example for Using GCC to Compile C Programs -1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. The command is as follows: +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. The command is as follows: - ``` - $ cd ~/code + ```shell + cd ~/code ``` -2. Compile the Hello World program and save it as **helloworld.c**. The following uses the Hello World program as an example. The command is as follows: +2. Compile the Hello World program and save it as **helloworld.c**. The following uses the Hello World program as an example. The command is as follows: - ``` - $ vi helloworld.c + ```shell + vi helloworld.c ``` Code example: - ``` + ```c #include int main() { @@ -382,42 +376,41 @@ In the preceding command, **libraryDIR** indicates the path of the libtest.a l } ``` -3. Run the following command to compile the code in the code directory: +3. Run the following command to compile the code in the code directory: - ``` - $ gcc helloworld.c -o helloworld + ```shell + gcc helloworld.c -o helloworld ``` If no error is reported, the execution is successful. -4. After the compilation is complete, the helloworld file is generated. Check the compilation result. The following is an example: +4. After the compilation is complete, the helloworld file is generated. Check the compilation result. The following is an example: - ``` + ```shell $ ./helloworld Hello World! ``` - ### Example for Creating and Using a DLL Using GCC -1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. Create the **src**, **lib**, and **include** subdirectories in the directory to store the source file, DLL file, and header file, respectively. +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. Create the **src**, **lib**, and **include** subdirectories in the directory to store the source file, DLL file, and header file, respectively. - ``` - $ cd ~/code - $ mkdir src lib include + ```shell + cd ~/code + mkdir src lib include ``` -2. Run the **cd** command to go to the **~/code/src** directory and create two functions **add.c** and **sub.c** to implement addition and subtraction, respectively. +2. Run the **cd** command to go to the **~/code/src** directory and create two functions **add.c** and **sub.c** to implement addition and subtraction, respectively. - ``` - $ cd ~/code/src - $ vi add.c - $ vi sub.c + ```shell + cd ~/code/src + vi add.c + vi sub.c ``` The following is an example of the **add.c** code: - ``` + ```c #include "math.h" int add(int a, int b) { @@ -427,7 +420,7 @@ In the preceding command, **libraryDIR** indicates the path of the libtest.a l The following is an example of the **sub.c** code: - ``` + ```c #include "math.h" int sub(int a, int b) { @@ -435,22 +428,22 @@ In the preceding command, **libraryDIR** indicates the path of the libtest.a l } ``` -3. Compile the source files add.c and sub.c into the DLL libmath.so, and store the DLL in the **~/code/lib** directory. +3. Compile the source files add.c and sub.c into the DLL libmath.so, and store the DLL in the **~/code/lib** directory. - ``` - $ gcc -fPIC -shared add.c sub.c -o ~/code/lib/libmath.so + ```shell + gcc -fPIC -shared add.c sub.c -o ~/code/lib/libmath.so ``` -4. Go to the **~/code/include** directory, create a header file **math.h**, and declare the header file of the function. +4. Go to the **~/code/include** directory, create a header file **math.h**, and declare the header file of the function. - ``` - $ cd ~/code/include - $ vi math.h + ```shell + cd ~/code/include + vi math.h ``` The following is an example of the **math.h** code: - ``` + ```c #ifndef __MATH_H_ #define __MATH_H_ int add(int a, int b); @@ -458,16 +451,16 @@ In the preceding command, **libraryDIR** indicates the path of the libtest.a l #endif ``` -5. Run the **cd** command to go to the **~/code/src** directory and create a **main.c** function that invokes add\(\) and sub\(\). +5. Run the **cd** command to go to the **~/code/src** directory and create a **main.c** function that invokes add\(\) and sub\(\). - ``` - $ cd ~/code/src - $ vi main.c + ```shell + cd ~/code/src + vi main.c ``` The following is an example of the **math.c** code: - ``` + ```c #include #include "math.h" int main() @@ -481,54 +474,53 @@ In the preceding command, **libraryDIR** indicates the path of the libtest.a l } ``` -6. Compile **main.c** and **libmath.so** into **math.out**. +6. Compile **main.c** and **libmath.so** into **math.out**. - ``` - $ gcc main.c -I ~/code/include -L ~/code/lib -lmath -o math.out + ```shell + gcc main.c -I ~/code/include -L ~/code/lib -lmath -o math.out ``` -7. Add the path of the DLL to the environment variable. +7. Add the path of the DLL to the environment variable. - ``` - $ export LD_LIBRARY_PATH=~/code/lib:$LD_LIBRARY_PATH + ```shell + export LD_LIBRARY_PATH=~/code/lib:$LD_LIBRARY_PATH ``` -8. Run the following command to execute **math.out**: +8. Run the following command to execute **math.out**: - ``` - $ ./math.out + ```shell + ./math.out ``` The command output is as follows: - ``` + ```text Please input a and b: 9 2 The add: 11 The sub: 7 ``` - ### Example for Creating and Using an SLL Using GCC -1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. Create the **src**, **lib**, and **include** subdirectories in the directory to store the source file, SLL file, and header file respectively. +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. Create the **src**, **lib**, and **include** subdirectories in the directory to store the source file, SLL file, and header file respectively. - ``` - $ cd ~/code - $ mkdir src lib include + ```shell + cd ~/code + mkdir src lib include ``` -2. Run the **cd** command to go to the **~/code/src** directory and create two functions **add.c** and **sub.c** to implement addition and subtraction, respectively. +2. Run the **cd** command to go to the **~/code/src** directory and create two functions **add.c** and **sub.c** to implement addition and subtraction, respectively. - ``` - $ cd ~/code/src - $ vi add.c - $ vi sub.c + ```shell + cd ~/code/src + vi add.c + vi sub.c ``` The following is an example of the **add.c** code: - ``` + ```c #include "math.h" int add(int a, int b) { @@ -538,7 +530,7 @@ In the preceding command, **libraryDIR** indicates the path of the libtest.a l The following is an example of the **sub.c** code: - ``` + ```c #include "math.h" int sub(int a, int b) { @@ -546,28 +538,28 @@ In the preceding command, **libraryDIR** indicates the path of the libtest.a l } ``` -3. Compile the source files **add.c** and **sub.c** into the target files **add.o** and **sub.o**. +3. Compile the source files **add.c** and **sub.c** into the target files **add.o** and **sub.o**. - ``` - $ gcc -c add.c sub.c + ```shell + gcc -c add.c sub.c ``` -4. Run the **ar** command to compress the **add.o** and **sub.o** target files into the SLL **libmath.a** and save the SLL to the **~/code/lib** directory. +4. Run the **ar** command to compress the **add.o** and **sub.o** target files into the SLL **libmath.a** and save the SLL to the **~/code/lib** directory. - ``` - $ ar rcs ~/code/lib/libmath.a add.o sub.o + ```shell + ar rcs ~/code/lib/libmath.a add.o sub.o ``` -5. Go to the **~/code/include** directory, create a header file **math.h**, and declare the header file of the function. +5. Go to the **~/code/include** directory, create a header file **math.h**, and declare the header file of the function. - ``` - $ cd ~/code/include - $ vi math.h + ```shell + cd ~/code/include + vi math.h ``` The following is an example of the **math.h** code: - ``` + ```c #ifndef __MATH_H_ #define __MATH_H_ int add(int a, int b); @@ -575,16 +567,16 @@ In the preceding command, **libraryDIR** indicates the path of the libtest.a l #endif ``` -6. Run the **cd** command to go to the **~/code/src** directory and create a **main.c** function that invokes add\(\) and sub\(\). +6. Run the **cd** command to go to the **~/code/src** directory and create a **main.c** function that invokes add\(\) and sub\(\). - ``` - $ cd ~/code/src - $ vi main.c + ```shell + cd ~/code/src + vi main.c ``` The following is an example of the **math.c** code: - ``` + ```c #include #include "math.h" int main() @@ -598,21 +590,21 @@ In the preceding command, **libraryDIR** indicates the path of the libtest.a l } ``` -7. Compile **main.c** and **libmath.a** into **math.out**. +7. Compile **main.c** and **libmath.a** into **math.out**. - ``` - $ gcc main.c -I ~/code/include -L ~/code/lib -lmath -o math.out + ```shell + gcc main.c -I ~/code/include -L ~/code/lib -lmath -o math.out ``` -8. Run the following command to execute **math.out**: +8. Run the following command to execute **math.out**: - ``` - $ ./math.out + ```shell + ./math.out ``` The command output is as follows: - ``` + ```text Please input a and b: 9 2 The add: 11 diff --git a/docs/en/docs/ApplicationDev/using-jdk-for-compilation.md b/docs/en/docs/ApplicationDev/using-jdk-for-compilation.md index 4946b917d12b6bf483f3507c1a327deaf3a04de0..294186da0cdac21a035c94d99ca16e64cd856ad7 100644 --- a/docs/en/docs/ApplicationDev/using-jdk-for-compilation.md +++ b/docs/en/docs/ApplicationDev/using-jdk-for-compilation.md @@ -22,8 +22,6 @@ A Java Development Kit \(JDK\) is a software package required for Java developme ## Basics - - ### File Type and Tool For any given input file, the file type determines which tool to use for processing. The common file types and tools are described in [Table 1](#table634145764320) and [Table 2](#table103504146433). @@ -84,10 +82,10 @@ For any given input file, the file type determines which tool to use for process ### Java Program Generation Process -To generate a program from Java source code files and run the program using Java, compilation and run are required. +To generate a program from Java source code files and run the program using Java, compilation and run are required. -1. Compilation: Use the Java compiler \(javac\) to compile Java source code files \(.java files\) into .class bytecode files. -2. Run: Execute the bytecode files on the Java virtual machine \(JVM\). +1. Compilation: Use the Java compiler \(javac\) to compile Java source code files \(.java files\) into .class bytecode files. +2. Run: Execute the bytecode files on the Java virtual machine \(JVM\). ### Common JDK Options @@ -105,7 +103,7 @@ _classes_: one or more classes to be processed as comments. @_argfiles_: one or more files that list options and source files. The **-J** option is not allowed in these files. -Javac is a Java compiler. It has many _options_, but most of them are not commonly used. [Table 3](#table1342946175212) describes the common options values. +Javac is a Java compiler. It has many _options_, but most of them are not commonly used. [Table 3](#table1342946175212) describes the common options values. **Table 3** Common javac options @@ -362,7 +360,7 @@ The package declaration statement must be added to the beginning of the source p In Java, there are two methods to use the common classes in the package provided by Java or the classes in the custom package. -- Add the package name before the name of the class to be referenced. +- Add the package name before the name of the class to be referenced. For example, name.A obj=new name.A \(\) @@ -370,11 +368,11 @@ In Java, there are two methods to use the common classes in the package provided Example: Create a test object of the Test class in the example package. - ``` + ```java example.Test test = new example.Test(); ``` -- Use **import** at the beginning of the file to import the classes in the package. +- Use **import** at the beginning of the file to import the classes in the package. The format of the **import** statement is import pkg1\[.pkg2\[.pkg3...\]\].\(classname | \*\). @@ -382,38 +380,35 @@ In Java, there are two methods to use the common classes in the package provided Example: Import the **Test** class in the **example** package. - ``` + ```java import example.Test; ``` Example: Import the entire **example** package. - ``` + ```java import example.*; ``` - ## Examples - - ### Compiling a Java Program Without a Package -1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. The command is as follows: +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. The command is as follows: - ``` - $ cd ~/code + ```shell + cd ~/code ``` -2. Compile the Hello World program and save it as **HelloWorld.java**. The following uses the Hello World program as an example. The command is as follows: +2. Compile the Hello World program and save it as **HelloWorld.java**. The following uses the Hello World program as an example. The command is as follows: - ``` - $ vi HelloWorld.java + ```shell + vi HelloWorld.java ``` Code example: - ``` + ```java public class HelloWorld { public static void main(String[] args) { System.out.println("Hello World"); @@ -421,43 +416,42 @@ In Java, there are two methods to use the common classes in the package provided } ``` -3. Run the following command to compile the code in the code directory: +3. Run the following command to compile the code in the code directory: - ``` - $ javac HelloWorld.java + ```shell + javac HelloWorld.java ``` If no error is reported, the execution is successful. -4. After the compilation is complete, the HelloWorld.class file is generated. You can run the **java** command to view the result. The following is an example: +4. After the compilation is complete, the HelloWorld.class file is generated. You can run the **java** command to view the result. The following is an example: - ``` + ```shell $ java HelloWorld Hello World ``` - ### Compiling a Java Program with a Package -1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. Create the **~/code/Test/my/example**, **~/code/Hello/world/developers**, and **~/code/Hi/openos/openeuler** subdirectories in the directory to store source files. +1. Run the **cd** command to go to the code directory. The **~/code** directory is used as an example. Create the **~/code/Test/my/example**, **~/code/Hello/world/developers**, and **~/code/Hi/openos/openeuler** subdirectories in the directory to store source files. + ```shell + cd ~/code + mkdir -p Test/my/example + mkdir -p Hello/world/developers + mkdir -p Hi/openos/openeuler ``` - $ cd ~/code - $ mkdir -p Test/my/example - $ mkdir -p Hello/world/developers - $ mkdir -p Hi/openos/openeuler - ``` - -2. Run the **cd** command to go to the **~/code/Test/my/example** directory and create **Test.java**. - ``` - $ cd ~/code/Test/my/example - $ vi Test.java +2. Run the **cd** command to go to the **~/code/Test/my/example** directory and create **Test.java**. + + ```shell + cd ~/code/Test/my/example + vi Test.java ``` The following is an example of the Test.java code: - ``` + ```java package my.example; import world.developers.Hello; import openos.openeuler.Hi; @@ -471,16 +465,16 @@ In Java, there are two methods to use the common classes in the package provided } ``` -3. Run the **cd** command to go to the **~/code/Hello/world/developers** directory and create **Hello.java**. +3. Run the **cd** command to go to the **~/code/Hello/world/developers** directory and create **Hello.java**. - ``` - $ cd ~/code/Hello/world/developers - $ vi Hello.java + ```shell + cd ~/code/Hello/world/developers + vi Hello.java ``` The following is an example of the Hello.java code: - ``` + ```java package world.developers; public class Hello { public void hello(){ @@ -489,16 +483,16 @@ In Java, there are two methods to use the common classes in the package provided } ``` -4. Run the **cd** command to go to the **~/code/Hi/openos/openeuler** directory and create **Hi.java**. +4. Run the **cd** command to go to the **~/code/Hi/openos/openeuler** directory and create **Hi.java**. - ``` - $ cd ~/code/Hi/openos/openeuler - $ vi Hi.java + ```shell + cd ~/code/Hi/openos/openeuler + vi Hi.java ``` The following is an example of the Hi.java code: - ``` + ```java package openos.openeuler; public class Hi { public void hi(){ @@ -507,25 +501,25 @@ In Java, there are two methods to use the common classes in the package provided } ``` -5. Run the **cd** command to go to the **~/code** directory and use javac to compile the source file. +5. Run the **cd** command to go to the **~/code** directory and use javac to compile the source file. - ``` - $ cd ~/code - $ javac -classpath Hello:Hi Test/my/example/Test.java + ```shell + cd ~/code + javac -classpath Hello:Hi Test/my/example/Test.java ``` After the command is executed, the **Test.class**, **Hello.class**, and **Hi.class** files are generated in the **~/code/Test/my/example**, **~/code/Hello/world/developers**, and **~/code/Hi/openos/openeuler** directories. -6. Run the **cd** command to go to the **~/code** directory and run the **Test** program using Java. +6. Run the **cd** command to go to the **~/code** directory and run the **Test** program using Java. - ``` - $ cd ~/code - $ java -classpath Test:Hello:Hi my/example/Test + ```shell + cd ~/code + java -classpath Test:Hello:Hi my/example/Test ``` The command output is as follows: - ``` + ```text Hello, openEuler. Hi, the global developers. ``` diff --git a/docs/en/docs/ApplicationDev/using-make-for-compilation.md b/docs/en/docs/ApplicationDev/using-make-for-compilation.md index 199f76d06425021e9716e490ebc1e16a572d2661..46c14bb9029f7a419be9ab91fe0262efdb2db2c0 100644 --- a/docs/en/docs/ApplicationDev/using-make-for-compilation.md +++ b/docs/en/docs/ApplicationDev/using-make-for-compilation.md @@ -19,11 +19,10 @@ This chapter describes the basic knowledge of make compilation and provides exam ## Overview -The GNU make utility \(usually abbreviated as make\) is a tool for controlling the generation of executable files from source files. make automatically identifies which parts of the complex program have changed and need to be recompiled. Make uses a configuration file called makefiles to control how the program is built. +The GNU make utility \(usually abbreviated as make\) is a tool for controlling the generation of executable files from source files. make automatically identifies which parts of the complex program have changed and need to be recompiled. Make uses configuration files called makefiles to control how programs are built. ## Basics - ### File Type [Table 1](#table634145764320) describes the file types that may be used in the makefiles file. @@ -94,7 +93,7 @@ The GNU make utility \(usually abbreviated as make\) is a tool for controlling t

.out

Executable files, which do not have a fixed suffix. The system distinguishes executable files from unexecutable files based on file attributes. If the name of an executable file is not given, GCC generates a file named a.out.

+

Executable files, which do not have a fixed suffix. The system distinguishes executable files from inexecutable files based on file attributes. If the name of an executable file is not given, GCC generates a file named a.out.

The specified file does not need to be rebuilt even if its dependency has expired, and no target of this dependency file is rebuilt.

-p, \-\-print-date-base

+

-p, \-\-print-data-base

Before the command is executed, all data of Makefile read by make and the version information of make are printed. If you only need to print the data, run the make -qp command to view the preset rules and variables before the make command is executed. You can run the make -p -f /dev/null command.

Ignores the use of embedded implicit rules and the implicit suffix list of all suffix rules.

-R, \-\-no-builtin-variabes

+

-R, \-\-no-builtin-variables

Ignores embedded hidden variables.

Description

login

+

login

  

  

Specifies the iSulad socket file path to be accessed.

--help

+

Prints help information.

+

-p, --password

Specifies the password for logging in to the registry.

@@ -52,13 +54,18 @@

Description

logout

+

logout

-H, --host

Specifies the iSulad socket file path to be accessed.

--help

+

Prints help information.

+
@@ -72,13 +79,18 @@

Description

-

pull

+

pull

-H, --host

Specifies the iSulad socket file path to be accessed.

+

--help

+ +

Prints help information

+ + @@ -92,7 +104,7 @@

Description

-

rmi

+

rmi

  

-H, --host

@@ -100,6 +112,16 @@

Specifies the iSulad socket file path to be accessed.

+

--help

+ +

Prints help information

+ + +

-D, --debug

+ +

Enables debugging mode.

+ +

-f, --force

Forcibly removes an image.

@@ -118,13 +140,23 @@

Description

-

load

+

load

-H, --host (supported only by iSula)

Specifies the iSulad socket file path to be accessed.

+

--help

+ +

Prints help information

+ + +

-D, --debug

+ +

Enables debugging mode.

+ +

-i, --input

Specifies where to import an image. If the image is of the docker type, the value is the image package path. If the image is of the embedded type, the value is the image manifest path.

@@ -135,11 +167,6 @@

Uses the image name specified by TAG instead of the default image name. This parameter is supported when the type is set to docker.

-

-t, --type

- -

Specifies the image type. The value can be embedded or docker (default value).

- - @@ -153,7 +180,7 @@

Description

-

images

+

images

  

-H, --host

@@ -161,6 +188,21 @@

Specifies the iSulad socket file path to be accessed.

+

--help

+ +

Prints help information

+ + +

-D, --debug

+ +

Enables debugging mode.

+ + +

-f, --filter

+ +

Filters information about specified images.

+ +

-q, --quit

Displays only the image name.

@@ -180,13 +222,23 @@ -

inspect

+

inspect

-H, --host

Specifies the iSulad socket file path to be accessed.

+

--help

+ +

Prints help information

+ + +

-D, --debug

+ +

Enables debugging mode.

+ +

-f, --format

Outputs using a template.

@@ -200,6 +252,105 @@ +**Table 8** tag command parameters + + + + + + + + + + + + + + + + + +

Command

+

Parameter

+

Description

+

tag

+

-H, --host

+

Specifies the iSulad socket file path to be accessed.

+

--help

+

Prints help information

+

-D, --debug

+

Enables debugging mode.

+
+ +
+ +**Table 9** import command parameters + + + + + + + + + + + + + + + + + +

Command

+

Parameter

+

Description

+

import

+

-H, --host

+

Specifies the iSulad socket file path to be accessed.

+

--help

+

Prints help information

+

-D, --debug

+

Enables debugging mode.

+
+ +
+ +**Table 10** export command parameters + + + + + + + + + + + + + + + + + + + + +

Command

+

Parameter

+

Description

+

export

+

-H, --host

+

Specifies the iSulad socket file path to be accessed.

+

--help

+

Prints help information

+

-D, --debug

+

Enables debugging mode.

+

-o, --output

+

Outputs to a specified file.

+
+ ## CNI Parameters **Table 1** CNI single network parameters @@ -248,7 +399,7 @@

phy-direct

-

ipmasp

+

ipMasq

bool

@@ -710,4 +861,3 @@ - diff --git a/docs/en/docs/Container/application-scenarios.md b/docs/en/docs/Container/application-scenarios.md deleted file mode 100644 index fe74c96c762fd08199445dbda6c552d38dcce197..0000000000000000000000000000000000000000 --- a/docs/en/docs/Container/application-scenarios.md +++ /dev/null @@ -1,5 +0,0 @@ -# Application Scenarios - -This section describes how to use the iSulad. - - diff --git a/docs/en/docs/Container/checking-the-container-health-status.md b/docs/en/docs/Container/checking-the-container-health-status.md index 12a1d0f114d15b87af2edfd5cd09bac43b43a170..1ab3e0fd7efa6dd0cd483220cf3144c0efe97d3a 100644 --- a/docs/en/docs/Container/checking-the-container-health-status.md +++ b/docs/en/docs/Container/checking-the-container-health-status.md @@ -6,8 +6,6 @@ - [Check Rules](#check-rules) - [Usage Restrictions](#usage-restrictions-8) - - ## Scenarios In the production environment, bugs are inevitable in applications provided by developers or services provided by platforms. Therefore, a management system is indispensable for periodically checking and repairing applications. The container health check mechanism adds a user-defined health check function for containers. When a container is created, the **--health-cmd** option is configured so that commands are periodically executed in the container to monitor the health status of the container based on return values. @@ -16,31 +14,31 @@ In the production environment, bugs are inevitable in applications provided by d Configurations during container startup: -``` +```shell isula run -itd --health-cmd "echo iSulad >> /tmp/health_check_file || exit 1" --health-interval 5m --health-timeout 3s --health-exit-on-unhealthy busybox bash ``` The configurable options are as follows: -- **--health-cmd**: This option is mandatory. If **0** is returned after a command is run in a container, the command execution succeeds. If a value other than **0** is returned, the command execution fails. -- **--health-interval**: interval between two consecutive command executions. The default value is **30s**. The value ranges from **1s** to the maximum value of Int64 \(unit: nanosecond\). If the input parameter is set to **0s**, the default value is used. -- **--health-timeout**: maximum duration for executing a single check command. If the execution times out, the command execution fails. The default value is **30s**. The value ranges from **1s** to the maximum value of Int64 \(unit: nanosecond\). If the input parameter is set to **0s**, the default value is used. Only containers whose runtime is of the LCR type are supported. -- **--health-start-period**: container initialization time. The default value is **0s**. The value ranges from **1s** to the maximum value of Int64 \(unit: nanosecond\). -- **--health-retries**: maximum number of retries for the health check. The default value is **3**. The maximum value is the maximum value of Int32. -- **--health-exit-on-unhealthy**: specifies whether to kill a container when it is unhealthy. The default value is **false**. +- **--health-cmd**: This option is mandatory. If **0** is returned after a command is run in a container, the command execution succeeds. If a value other than **0** is returned, the command execution fails. +- **--health-interval**: interval between two consecutive command executions. The default value is **30s**. The value ranges from **1s** to the maximum value of Int64 \(unit: nanosecond\). If the input parameter is set to **0s**, the default value is used. +- **--health-timeout**: maximum duration for executing a single check command. If the execution times out, the command execution fails. The default value is **30s**. The value ranges from **1s** to the maximum value of Int64 \(unit: nanosecond\). If the input parameter is set to **0s**, the default value is used. +- **--health-start-period**: container initialization time. The default value is **0s**. The value ranges from **1s** to the maximum value of Int64 \(unit: nanosecond\). +- **--health-retries**: maximum number of retries for the health check. The default value is **3**. The maximum value is the maximum value of Int32. +- **--health-exit-on-unhealthy**: specifies whether to kill a container when it is unhealthy. The default value is **false**. ## Check Rules -1. After a container is started, the container status is **health:starting**. -2. After the period specified by **start-period**, the **cmd** command is periodically executed in the container at the interval specified by **interval**. That is, after the command is executed, the command will be executed again after the specified period. -3. If the **cmd** command is successfully executed within the time specified by **timeout** and the return value is **0**, the check is successful. Otherwise, the check fails. If the check is successful, the container status changes to **health:healthy**. -4. If the **cmd** command fails to be executed for the number of times specified by **retries**, the container status changes to **health:unhealthy**, and the container continues the health check. -5. When the container status is **health:unhealthy**, the container status changes to **health:healthy** if a check succeeds. -6. If **--exit-on-unhealthy** is set, and the container exits due to reasons other than being killed \(the returned exit code is **137**\), the health check takes effect only after the container is restarted. -7. When the **cmd** command execution is complete or times out, Docker daemon will record the start time, return value, and standard output of the check to the configuration file of the container. A maximum of five records can be recorded. In addition, the configuration file of the container stores health check parameters. -8. When the container is running, the health check status is written into the container configurations. You can run the **isula inspect** command to view the status. +1. After a container is started, the container status is **health:starting**. +2. After the period specified by **start-period**, the **cmd** command is periodically executed in the container at the interval specified by **interval**. That is, after the command is executed, the command will be executed again after the specified period. +3. If the **cmd** command is successfully executed within the time specified by **timeout** and the return value is **0**, the check is successful. Otherwise, the check fails. If the check is successful, the container status changes to **health:healthy**. +4. If the **cmd** command fails to be executed for the number of times specified by **retries**, the container status changes to **health:unhealthy**, and the container continues the health check. +5. When the container status is **health:unhealthy**, the container status changes to **health:healthy** if a check succeeds. +6. If **--exit-on-unhealthy** is set, and the container exits due to reasons other than being killed \(the returned exit code is **137**\), the health check takes effect only after the container is restarted. +7. When the **cmd** command execution is complete or times out, iSula daemon will record the start time, return value, and standard output of the check to the configuration file of the container. A maximum of five records can be recorded. In addition, the configuration file of the container stores health check parameters. +8. When the container is running, the health check status is written into the container configurations. You can run the **isula inspect** command to view the status. -``` +```json "Health": { "Status": "healthy", "FailingStreak": 0, @@ -63,9 +61,7 @@ The configurable options are as follows: ## Usage Restrictions -- A maximum of five health check status records can be stored in a container. The last five records are saved. -- If health check parameters are set to **0** during container startup, the default values are used. -- After a container with configured health check parameters is started, if iSulad daemon exits, the health check is not executed. After iSulad daemon is restarted, the health status of the running container changes to **starting**. Afterwards, the check rules are the same as above. -- If the health check fails for the first time, the health check status will not change from **starting** to **unhealthy** until the specified number of retries \(**--health-retries**\) is reached, or to **healthy** until the health check succeeds. -- The health check function of containers whose runtime is of the Open Container Initiative \(OCI\) type needs to be improved. Only containers whose runtime is of the LCR type are supported. - +- A maximum of five health check status records can be stored in a container. The last five records are saved. +- If health check parameters are set to **0** during container startup, the default values are used. +- After a container with configured health check parameters is started, if iSulad daemon exits, the health check is not executed. After iSulad daemon is restarted, the health status of the running container changes to **starting**. Afterwards, the check rules are the same as above. +- If the health check fails for the first time, the health check status will not change from **starting** to **unhealthy** until the specified number of retries \(**--health-retries**\) is reached, or to **healthy** until the health check succeeds. diff --git a/docs/en/docs/Container/configuring-resources-for-a-secure-container.md b/docs/en/docs/Container/configuring-resources-for-a-secure-container.md index ded03af6d5b7f39ab1e55bb239fec3a7687b45f2..d9fb011eaaf11f47ed9e8aa4b3c2a41cc505638f 100644 --- a/docs/en/docs/Container/configuring-resources-for-a-secure-container.md +++ b/docs/en/docs/Container/configuring-resources-for-a-secure-container.md @@ -1,11 +1,11 @@ # Configuring Resources for a Secure Container - [Configuring Resources for a Secure Container](#configuring-resources-for-a-secure-container) - - [Sharing Resources](#sharing-resources) - - [Limiting CPU Resources](#limiting-cpu-resources) - - [Limiting Memory Resources](#limiting-memory-resources) - - [Limiting Block I/O Resources](#limiting-block-i-o-resources) - - [Limiting File Descriptor Resources](#limiting-file-descriptor-resources) + - [Sharing Resources](#sharing-resources) + - [Limiting CPU Resources](#limiting-cpu-resources) + - [Limiting Memory Resources](#limiting-memory-resources) + - [Limiting Block I/O Resources](#limiting-block-io-resources) + - [Limiting File Descriptor Resources](#limiting-file-descriptor-resources) The secure container runs on a virtualized and isolated lightweight VM. Therefore, resource configuration is divided into two parts: resource configuration for the lightweight VM, that is, host resource configuration; resource configuration for containers in the VM, that is, guest container resource configuration. The following describes resource configuration for the two parts in detail. diff --git a/docs/en/docs/Container/container-engine.md b/docs/en/docs/Container/container-engine.md index 5b8e754314ec95d9f920c49da86af5b650de6898..a97a0df9560701ce76dc1d73d2b727b6dc8f44ea 100644 --- a/docs/en/docs/Container/container-engine.md +++ b/docs/en/docs/Container/container-engine.md @@ -1,17 +1,12 @@ # Container Engine -- [Container Engine](#container-engine) - - Docker daemon is a system process that resides in the background. Before you run a docker subcommand, start Docker daemon. -   - If the Docker daemon is installed using the RPM package or system package management tool, you can run the **systemctl start docker** command to start the Docker daemon. The **docker** command supports the following parameters: -1. To combine parameters of a single character, run the following command: +1. To combine parameters of a single character, run the following command: ``` docker run -t -i busybox /bin/sh @@ -23,20 +18,20 @@ The **docker** command supports the following parameters: docker run -ti busybox /bin/sh ``` -2. **bool** command parameters such as **--icc=true**, are displayed in the command help. If this parameter is not used, the default value displayed in the command help is used. If this parameter is used, the opposite value of the value displayed in the command help is used. In addition, if **--icc** is not added when Docker daemon is started, **--icc=true** is used by default. Otherwise, **--icc=false** is used. -3. Parameters such as **--attach=\[\]** in the command help indicate that these parameters can be set for multiple times. For example: +2. **bool** command parameters such as **--icc=true**, are displayed in the command help. If this parameter is not used, the default value displayed in the command help is used. If this parameter is used, the opposite value of the value displayed in the command help is used. In addition, if **--icc** is not added when Docker daemon is started, **--icc=true** is used by default. Otherwise, **--icc=false** is used. +3. Parameters such as **--attach=\[\]** in the command help indicate that these parameters can be set for multiple times. For example: ``` docker run --attach=stdin --attach=stdout -i -t busybox /bin/sh ``` -4. Parameters such as **-a** and **--attach=\[\]** in the command help indicate that the parameter can be specified using either **-a** _value_ or **--attach=**_value_. For example: +4. Parameters such as **-a** and **--attach=\[\]** in the command help indicate that the parameter can be specified using either **-a** _value_ or **--attach=**_value_. For example: ``` docker run -a stdin --attach=stdout -i -t busybox /bin/sh ``` -5. Parameters such as **--name=""** can be configured with a character string and can be configured only once. Parameters such as **-c=** can be configured with an integer and can be configured only once. +5. Parameters such as **--name=""** can be configured with a character string and can be configured only once. Parameters such as **-c=** can be configured with an integer and can be configured only once. **Table 1** Parameters specified during the Docker daemon startup diff --git a/docs/en/docs/Container/container-management-1.md b/docs/en/docs/Container/container-management-1.md index 0619fdd77430868ca53239aee2d6f4aea8cb2ec4..c501788a219e39e0716e2f3619dd55f7a8ba06fd 100644 --- a/docs/en/docs/Container/container-management-1.md +++ b/docs/en/docs/Container/container-management-1.md @@ -1,6 +1,6 @@ -## Container Management +# Container Management -- [Container Management](#container-management-1) +- [Container Management](#container-management) - [Creating a Container](#creating-a-container) - [Creating Containers Using hook-spec](#creating-containers-using-hook-spec) - [Configuring Health Check During Container Creation](#configuring-health-check-during-container-creation) @@ -8,51 +8,49 @@ - [Querying Container Information](#querying-container-information) - [Modification Operations](#modification-operations) +# Creating a Container - -## Creating a Container - -### Downloading Images +## Downloading Images Only user **root** can run the **docker** command. If you log in as a common user, you need to use the **sudo** command before running the **docker** command. -``` -[root@localhost ~]# docker pull busybox +```shell +docker pull busybox ``` This command is used to download the **busybox:latest** image from the official Docker registry. \(If no tag is specified in the command, the default tag name **latest** is used.\) During the image download, the system checks whether the dependent layer exists locally. If yes, the image download is skipped. When downloading images from a private registry, specify the registry description. For example, if a private registry containing some common images is created and its IP address is **192.168.1.110:5000**, you can run the following command to download the image from the private registry: -``` -[root@localhost ~]# docker pull 192.168.1.110:5000/busybox +```shell +docker pull 192.168.1.110:5000/busybox ``` The name of the image downloaded from the private registry contains the registry address information, which may be too long. Run the **docker tag** command to generate an image with a shorter name. -``` -[root@localhost ~]# docker tag 192.168.1.110:5000/busybox busybox +```shell +docker tag 192.168.1.110:5000/busybox busybox ``` Run the **docker images** command to view the local image list. -### Running a Simple Application +## Running a Simple Application -``` -[root@localhost ~]# docker run busybox /bin/echo "Hello world" +```shell +$ docker run busybox /bin/echo "Hello world" Hello world ``` This command uses the **busybox:latest** image to create a container, and executes the **echo "Hello world"** command in the container. Run the following command to view the created container: -``` -[root@localhost ~]# docker ps -l +```shell +$ docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d8c0a3315bc0 busybox"/bin/echo 'Hello wo..." 5 seconds ago Exited (0) 3 seconds ago practical_franklin ``` -### Creating an Interactive Container +## Creating an Interactive Container -``` -[root@localhost ~]# docker run -it busybox /bin/bash +```shell +$ docker run -it busybox /bin/bash root@bf22919af2cf:/# ls bin boot dev etc home lib media mnt opt proc root run sbin srv sys tmp usr var root@bf22919af2cf:/# pwd @@ -61,71 +59,70 @@ root@bf22919af2cf:/# pwd The **-ti** option allocates a pseudo terminal to the container and uses standard input \(STDIN\) for interaction. You can run commands in the container. In this case, the container is an independent Linux VM. Run the **exit** command to exit the container. -### Running a Container in the Background +## Running a Container in the Background Run the following command. **-d** indicates that the container is running in the background. **--name=container1** indicates that the container name is **container1**. -``` -[root@localhost ~]# docker run -d --name=container1 busybox /bin/sh -c "while true;do echo hello world;sleep 1;done" +```shell +$ docker run -d --name=container1 busybox /bin/sh -c "while true;do echo hello world;sleep 1;done" 7804d3e16d69b41aac5f9bf20d5f263e2da081b1de50044105b1e3f536b6db1c ``` The command output contains the container ID but does not contain **hello world**. In this case, the container is running in the background. You can run the **docker ps** command to view the running container. -``` -[root@localhost ~]# docker ps +```shell +$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7804d3e16d69 busybox "/bin/sh -c 'while tr" 11 seconds ago Up 10 seconds container1 ``` Run the following **docker logs** command to view the output during container running: -``` -[root@localhost ~]# docker logs container1 +```shell +$ docker logs container1 hello world hello world hello world ... ``` -### Container Network Connection +## Container Network Connection By default, a container can access an external network, while port mapping is required when an external network accesses a container. The following uses how to run the private registry service in Docker as an example. In the following command, **-P** is used to expose open ports in the registry to the host. -``` -[root@localhost ~]# docker run --name=container_registry -d -P registry +```shell +$ docker run --name=container_registry -d -P registry cb883f6216c2b08a8c439b3957fb396c847a99079448ca741cc90724de4e4731 ``` The container\_registry container has been started, but the mapping between services in the container and ports on the host is not clear. You need to run the **docker port** command to view the port mapping. -``` -[root@localhost ~]# docker port container_registry +```shell +$ docker port container_registry 5000/tcp -> 0.0.0.0:49155 ``` -The command output shows that port 5000 in the container is mapped to port 49155 on the host. You can access the registry service by using the host IP address **49155**. Enter **http://localhost:49155** in the address box of the browser and press **Enter**. The registry version information is displayed. +The command output shows that port 5000 in the container is mapped to port 49155 on the host. You can access the registry service by using the host IP address **49155**. Enter **** in the address box of the browser and press **Enter**. The registry version information is displayed. When running registry images, you can directly specify the port mapping, as shown in the following: -``` +```shell docker run --name=container_registry -d -p 5000:5000 registry ``` **-p 5000:5000** is used to map port 5000 in the container to port 5000 on the host. -### Precautions +## Precautions -- **Do Not Add -a stdin Independently During Container Startup** +- **Do Not Add -a stdin Independently During Container Startup** When starting a container, you must add **-a stdout** or **-a stderr** together with **-a stdin** instead of **-a stdin** only. Otherwise, the device stops responding even after the container exits. - -- **Do Not Use the Long Or Short ID of an Existing Container As the Name of a New Container** +- **Do Not Use the Long Or Short ID of an Existing Container As the Name of a New Container** When creating a container, do not use the long or short ID of the existing container A as the name of the new container B. If the long ID of container A is used as the name of container B, Docker will match container A even though the name of container B is used as the specified target container for operations. If the short ID of container A is used as the name of container B, Docker will match container B even though the short ID of container A is used as the specified target container for operations. This is because Docker matches the long IDs of all containers first. If the matching fails, the system performs exact matching using the value of **container\_name**. If matching failure persists, the container ID is directly matched in fuzzy mode. -- **Containers That Depend on Standard Input and Output, Such As sh/bash, Must Use the -ti Parameter to Avoid Exceptions** +- **Containers That Depend on Standard Input and Output, Such As sh/bash, Must Use the -ti Parameter to Avoid Exceptions** Normal case: If you do not use the **-ti** parameter to start a process container such as sh/bash, the container exits immediately. @@ -135,68 +132,66 @@ docker run --name=container_registry -d -p 5000:5000 registry After being restarted, daemon takes over the original container stream. Containers without the **-ti** parameter may not be able to process the stream because these containers do not have streams to be taken over in normal cases. In actual services, sh/bash without the **-ti** parameter does not take effect and is seldom used. To avoid this problem, the **-ti** parameter is used to restrict interactive containers. -- **Container Storage Volumes** +- **Container Storage Volumes** If you use the **-v** parameter to mount files on the host to a container when the container is started, the inodes of the files may be changed when you run the **vi** or **sed** command to modify the files on the host or in the container. As a result, files on the host and in the container are not synchronized. Do not mount files in the container in this mode \(or do not use together with the **vi** and **sed** commands\). You can also mount the upper-layer directories of the files to avoid exceptions. The **nocopy** option can be used to prevent original files in the mount point directory of a container from being copied to the source directory of the host when Docker mounts volumes. However, this option can be used only when an anonymous volume is mounted and cannot be used in the bind mount scenario. -- **Do Not Use Options That May Affect the Host** +- **Do Not Use Options That May Affect the Host** The **--privileged** option enables all permissions for a container. On the container, mounting operations can be performed and directories such as **/proc** and **/sys** can be modified, which may affect the host. Therefore, do not use this option for common containers. A host-shared namespace, such as the **--pid host**, **--ipc host**, or **--net host** option, can enable a container to share the namespace with the host, which will also affect the host. Therefore, do not use this option. -- **Do Not Use the Unstable Kernel Memory Cgroup** +- **Do Not Use the Unstable Kernel Memory Cgroup** Kernel memory cgroup on the Linux kernel earlier than 4.0 is still in the experimental phase and runs unstably. Therefore, do not use kernel memory cgroup. When the **docker run --kernel-memory** command is executed, the following alarm is generated: - ``` + ```text WARNING: You specified a kernel memory limit on a kernel older than 4.0. Kernel memory limits are experimental on older kernels, it won't work as expected as expected and can cause your system to be unstable. ``` -- **blkio-weight Parameter Is Unavailable in the Kernel That Supports blkio Precise Control** +- **blkio-weight Parameter Is Unavailable in the Kernel That Supports blkio Precise Control** **--blkio-weight-device** can implement more accurate blkio control in a container. The control requires a specified disk device, which can be implemented through the **--blkio-weight-device** parameter of Docker. In this kernel, Docker does not provide the **--blkio-weight** mode to limit the container blkio. If you use this parameter to create a container, the following error is reported: - ``` + ```shell docker: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:398: container init caused \"process_linux.go:369: setting cgroup config for ready process caused \\\"blkio.weight not supported, use weight_device instead\\\"\"" ``` -- **Using --blkio-weight-device in CFQ Scheduling Policy** +- **Using --blkio-weight-device in CFQ Scheduling Policy** The **--blkio-weight-device** parameter works only when the disk works in the Completely Fair Queuing \(CFQ\) policy. You can view the scheduler file \(**/sys/block/**_disk_**/queue/scheduler**\) to obtain the policies supported by the disk and the current policy. For example, you can run the following command to view **sda**. - ``` - # cat /sys/block/sda/queue/scheduler noop [deadline] cfq + ```shell + cat /sys/block/sda/queue/scheduler noop [deadline] cfq ``` **sda** supports the following scheduling policies: **noop**, **deadline**, and **cfq**, and the **deadline** policy is being used. You can run the **echo** command to change the policy to **cfq**. + ```shell + echo cfq > /sys/block/sda/queue/scheduler ``` - # echo cfq > /sys/block/sda/queue/scheduler - ``` - -- **systemd Usage Restrictions in Basic Container Images** +- **systemd Usage Restrictions in Basic Container Images** When containers created from basic images are used, systemd in basic images is used only for system containers. +## Concurrent Performance -### Concurrent Performance - -- There is an upper limit for the message buffer in Docker. If the number of messages exceeds the upper limit, the messages are discarded. Therefore, it is recommended that the number of commands executed concurrently should not exceed 1000. Otherwise, the internal messages in Docker may be lost and the container may fail to be started. -- When containers are concurrently created and restarted, the error message"oci runtime error: container init still running" is occasionally reported. This is because containerd optimizes the performance of the event waiting queue. When a container is stopped, the **runc delete** command is executed to kill the init processes in the container within 1s. If the init processes are not killed within 1s, runC returns this error message. The garbage collection \(GC\) mechanism of containerd reclaims residual resources after **runc delete** is executed at an interval of 10s. Therefore, operations on the container are not affected. If the preceding error occurs, wait for 4 or 5s and restart the container. +- There is an upper limit for the message buffer in Docker. If the number of messages exceeds the upper limit, the messages are discarded. Therefore, it is recommended that the number of commands executed concurrently should not exceed 1000. Otherwise, the internal messages in Docker may be lost and the container may fail to be started. +- When containers are concurrently created and restarted, the error message"oci runtime error: container init still running" is occasionally reported. This is because containerd optimizes the performance of the event waiting queue. When a container is stopped, the **runc delete** command is executed to kill the init processes in the container within 1s. If the init processes are not killed within 1s, runC returns this error message. The garbage collection \(GC\) mechanism of containerd reclaims residual resources after **runc delete** is executed at an interval of 10s. Therefore, operations on the container are not affected. If the preceding error occurs, wait for 4 or 5s and restart the container. -### Security Feature Interpretation +## Security Feature Interpretation -1. The following describes default permission configuration analysis of Docker. +1. The following describes default permission configuration analysis of Docker. In the default configuration of a native Docker, capabilities carried by each default process are as follows: - ``` + ```text "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FSETID", @@ -215,41 +210,41 @@ docker run --name=container_registry -d -p 5000:5000 registry The default seccomp configuration is a whitelist. If any syscall is not in the whitelist, **SCMP\_ACT\_ERRNO** is returned by default. Different system invoking is enabled for different caps of Docker. If a capability is not in the whitelist, Docker will not assign it to the container by default. -2. CAP\_SYS\_MODULE +2. CAP\_SYS\_MODULE - CAP\_SYS\_MODULE allows a container to insert the ko module. Adding this capability allows the container to escape or even damage the kernel. Namespace provides the maximum isolation for a container. In the ko module, you only need to point its namespace to **init\_nsproxy**. + CAP\_SYS\_MODULE allows a container to insert or remove ko modules. Adding this capability allows the container to escape or even damage the kernel. Namespace provides the maximum isolation for a container. In the ko module, you only need to point its namespace to **init\_nsproxy**. -3. CAP\_SYS\_ADMIN +3. CAP\_SYS\_ADMIN The sys\_admin permission provides the following capabilities for a container: - - For file system: **mount**, **umount**, and **quotactl** - - For namespace setting: **setns**, **unshare**, and **clone new namespace** - - driver ioctl - - For PCI control: **pciconfig\_read**, **pciconfig\_write**, and **pciconfig\_iobase** - - **sethostname** + - For file system: **mount**, **umount**, and **quotactl** + - For namespace setting: **setns**, **unshare**, and **clone new namespace** + - driver ioctl + - For PCI control: **pciconfig\_read**, **pciconfig\_write**, and **pciconfig\_iobase** + - **sethostname** -4. CAP\_NET\_ADMIN +4. CAP\_NET\_ADMIN CAP\_NET\_ADMIN allows a container to access network interfaces and sniff network traffic. The container can obtain the network traffic of all containers including the host, which greatly damages network isolation. -5. CAP\_DAC\_READ\_SEARCH +5. CAP\_DAC\_READ\_SEARCH CAP\_DAC\_READ\_SEARCH calls the open\_by\_handle\_at and name\_to\_handle\_at system calls. If the host is not protected by SELinux, the container can perform brute-force search for the inode number of the file\_handle structure to open any file on the host, which affects the isolation of the file system. -6. CAP\_SYS\_RAWIO +6. CAP\_SYS\_RAWIO CAP\_SYS\_RAWIO allows a container to write I/O ports to the host, which may cause the host kernel to crash. -7. CAP\_SYS\_PTRACE +7. CAP\_SYS\_PTRACE The ptrace permission for a container provides ptrace process debugging in the container. RunC has fixed this vulnerability. However, some tools, such as nsenter and docker-enter, are not protected. In a container, processes executed by these tools can be debugged to obtain resource information \(such as namespace and fd\) brought by these tools. In addition, ptrace can bypass seccomp, greatly increasing attack risks of the kernel. -8. Docker capability interface: --cap-add all +8. Docker capability interface: --cap-add all --cap-add all grants all permissions to a container, including the dangerous permissions mentioned in this section, which allows the container to escape. -9. Do not disable the seccomp feature of Docker. +9. Do not disable the seccomp feature of Docker. Docker has a default seccomp configuration with a whitelist. **sys\_call** that is not in the whitelist is disabled by seccomp. You can disable the seccomp feature by running **--security-opt 'seccomp:unconfined'**. If seccomp is disabled or the user-defined seccomp configuration is used but the filtering list is incomplete, attack risks of the kernel in the container are increased. @@ -297,22 +292,21 @@ docker run --name=container_registry -d -p 5000:5000 registry The Docker management plane provides interfaces for mapping directories or devices on a host to the container, such as **--device** and **-v**. Do not map sensitive directories or devices on the host to the container. +# Creating Containers Using hook-spec -## Creating Containers Using hook-spec - -### Principles and Application Scenarios +## Principles and Application Scenarios -Docker supports the extended features of hooks. The execution of hook applications and underlying runC complies with the OCI standards. For details about the standards, visit [https://github.com/opencontainers/runtime-spec/blob/master/config.md\#hooks](#https://github.com/opencontainers/runtime-spec/blob/master/config.md#hooks). +Docker supports the extended features of hooks. The execution of hook applications and underlying runC complies with the OCI standards. For details about the standards, visit . There are three types of hooks: prestart, poststart, and poststop. They are respectively used before applications in the container are started, after the applications are started, and after the applications are stopped. -### API Reference +## API Reference The **--hook-spec** parameter is added to the **docker run** and **create** commands and is followed by the absolute path of the **spec** file. You can specify the hooks to be added during container startup. These hooks will be automatically appended after the hooks that are dynamically created by Docker \(currently only libnetwork prestart hook\) to execute programs specified by users during the container startup or destruction. The structure of **spec** is defined as follows: -``` +```go // Hook specifies a command that is run at a particular event in the lifecycle of a container type Hook struct{ Path string `json:"path"` @@ -332,16 +326,16 @@ type Hooks struct{ } ``` -- The **Path**, **Args**, and **Env** parameters are mandatory. -- **Timeout** is optional, while you are advised to set this parameter to a value ranging from 1 to 120. The parameter type is int. Floating point numbers are not allowed. -- The content of the **spec** file must be in JSON format as shown in the preceding example. If the format is incorrect, an error is reported. -- Both **docker run --hook-spec /tmp/hookspec.json **_xxx_, and **docker create --hook-spec /tmp/hookspec.json **_xxx_** && docker start **_xxx_ can be used. +- The **Path**, **Args**, and **Env** parameters are mandatory. +- **Timeout** is optional, while you are advised to set this parameter to a value ranging from 1 to 120. The parameter type is int. Floating point numbers are not allowed. +- The content of the **spec** file must be in JSON format as shown in the preceding example. If the format is incorrect, an error is reported. +- Both **docker run --hook-spec /tmp/hookspec.json**_xxx_, and **docker create --hook-spec /tmp/hookspec.json **_xxx_** && docker start**_xxx_ can be used. -### Customizing Hooks for a Container +## Customizing Hooks for a Container Take adding a NIC during the startup as an example. The content of the **hook spec** file is as follows: -``` +```json { "prestart": [ { @@ -358,13 +352,11 @@ Take adding a NIC during the startup as an example. The content of the **hook s Specify prestart hook to add the configuration of a network hook. The path is **/var/lib/docker/hooks/network-hook**. **args** indicates the program parameters. Generally, the first parameter is the program name, and the second parameter is the parameter accepted by the program. For the network-hook program, two parameters are required. One is the name of the NIC on the host, and the other is the name of the NIC in the container. -   - -- Precautions - 1. The **hook** path must be in the** hooks** folder in the **graph** directory \(**--graph**\) of Docker. Its default value is **/var/lib/docker/hooks**. You can run the **docker info** command to view the root path. +- Precautions + 1. The **hook** path must be in the**hooks** folder in the **graph** directory \(**--graph**\) of Docker. Its default value is **/var/lib/docker/hooks**. You can run the **docker info** command to view the root path. - ``` - [root@localhost ~]# docker info + ```shell + $ docker info ... Docker Root Dir: /var/lib/docker ... @@ -372,23 +364,20 @@ Specify prestart hook to add the configuration of a network hook. The path is * This path may change due to the user's manual configuration and the use of user namespaces \(**daemon --userns-remap**\). After the symbolic link of the path is parsed, the parsed path must start with _Docker Root Dir_**/hooks** \(for example, **/var/lib/docker/hooks**\). Otherwise, an error message is displayed. - 2. The **hook** path must be an absolute path because daemon cannot properly process a relative path. In addition, an absolute path meets security requirements. - 3. The information output by the hook program to stderr is output to the client and affects the container lifecycle \(for example, the container may fail to be started\). The information output to stdout is ignored. - 4. Do not reversely call Docker instructions in hooks. - 5. The execute permission must have been granted on the configured hook execution file. Otherwise, an error is reported during hook execution. - 6. The execution time of the hook operation must be as short as possible. If the prestart period is too long \(more than 2 minutes\), the container startup times out. If the poststop period is too long \(more than 2 minutes\), the container is abnormal. + 2. The **hook** path must be an absolute path because daemon cannot properly process a relative path. In addition, an absolute path meets security requirements. + 3. The information output by the hook program to stderr is output to the client and affects the container lifecycle \(for example, the container may fail to be started\). The information output to stdout is ignored. + 4. Do not reversely call Docker instructions in hooks. + 5. The execute permission must have been granted on the configured hook execution file. Otherwise, an error is reported during hook execution. + 6. The execution time of the hook operation must be as short as possible. If the prestart period is too long \(more than 2 minutes\), the container startup times out. If the poststop period is too long \(more than 2 minutes\), the container is abnormal. The known exceptions are as follows: When the **docker stop** command is executed to stop a container and the clearing operation is performed after 2 minutes, the hook operation is not complete. Therefore, the system waits until the hook operation is complete \(the process holds a lock\). As a result, all operations related to the container stop responding. The operations can be recovered only after the hook operation is complete. In addition, the two-minute timeout processing of the **docker stop** command is an asynchronous process. Therefore, even if the **docker stop** command is successfully executed, the container status is still **up**. The container status is changed to **exited** only after the hook operation is completed. +- Suggestions + 1. You are advised to set the hook timeout threshold to a value less than 5s. + 2. You are advised to configure only one prestart hook, one poststart hook, and one poststop hook for each container. If too many hooks are configured, the container startup may take a long time. + 3. You are advised to identify the dependencies between multiple hooks. If required, you need to adjust the sequence of the hook configuration files according to the dependencies. The execution sequence of hooks is based on the sequence in the configured **spec** file. - -- Suggestions - 1. You are advised to set the hook timeout threshold to a value less than 5s. - 2. You are advised to configure only one prestart hook, one poststart hook, and one poststop hook for each container. If too many hooks are configured, the container startup may take a long time. - 3. You are advised to identify the dependencies between multiple hooks. If required, you need to adjust the sequence of the hook configuration files according to the dependencies. The execution sequence of hooks is based on the sequence in the configured **spec** file. - - -### Multiple **hook-spec** +## Multiple **hook-spec** If multiple hook configuration files are available and you need to run multiple hooks, you must manually combine these files into a configuration file and specify the new configuration file by using the **--hook-spec** parameter. Then all hooks can take effect. If multiple **--hook-spec** parameters are configured, only the last one takes effect. @@ -396,8 +385,8 @@ Configuration examples: The content of the **hook1.json** file is as follows: -``` -# cat /var/lib/docker/hooks/hookspec.json +```shell +$ cat /var/lib/docker/hooks/hookspec.json { "prestart": [ { @@ -413,8 +402,8 @@ The content of the **hook1.json** file is as follows: The content of the **hook2.json** file is as follows: -``` -# cat /etc/isulad-tools/hookspec.json +```shell +$ cat /etc/isulad-tools/hookspec.json { "prestart": [ { @@ -436,7 +425,7 @@ The content of the **hook2.json** file is as follows: The content in JSON format after manual combination is as follows: -``` +```json { "prestart":[ { @@ -463,11 +452,11 @@ The content in JSON format after manual combination is as follows: Docker daemon reads the binary values of hook in actions such as prestart in the hook configuration files in sequence based on the array sequence and executes the actions. Therefore, you need to identify the dependencies between multiple hooks. If required, you need to adjust the sequence of the hook configuration files according to the dependencies. -### Customizing Default Hooks for All Containers +## Customizing Default Hooks for All Containers Docker daemon can receive the **--hook-spec** parameter. The semantics of **--hook-spec** is the same as that of **--hook-spec** in **docker create** or **docker run**. You can also add hook configurations to the **/etc/docker/daemon.json** file. -``` +```json { "hook-spec": "/tmp/hookspec.json" } @@ -475,31 +464,31 @@ Docker daemon can receive the **--hook-spec** parameter. The semantics of **- When a container is running, hooks specified in **--hook-spec** defined by daemon are executed first, and then hooks customized for each container are executed. -## Configuring Health Check During Container Creation +# Configuring Health Check During Container Creation Docker provides the user-defined health check function for containers. You can configure the **HEALTHCHECK CMD** option in the Dockerfile, or configure the **--health-cmd** option when a container is created so that commands are periodically executed in the container to monitor the health status of the container based on return values. -### Configuration Methods +## Configuration Methods -- Add the following configurations to the Dockerfile file: +- Add the following configurations to the Dockerfile file: - ``` + ```shell HEALTHCHECK --interval=5m --timeout=3s --health-exit-on-unhealthy=true \ CMD curl -f http://localhost/ || exit 1 ``` The configurable options are as follows: - 1. **--interval=DURATION**: interval between two consecutive command executions. The default value is **30s**. After a container is started, the first check is performed after the interval time. - 2. **--timeout=DURATION**: maximum duration for executing a single check command. If the execution times out, the command execution fails. The default value is **30s**. - 3. **--start-period=DURATION**: container initialization period. The default value is **0s**. During the initialization, the health check is also performed, while the health check failure is not counted into the maximum number of retries. However, if the health check is successful during initialization, the container is considered as started. All subsequent consecutive check failures are counted in the maximum number of retries. - 4. **--retries=N**. maximum number of retries for the health check. The default value is **3**. - 5. **--health-exit-on-unhealthy=BOOLEAN**: whether to kill a container when it is unhealthy. The default value is **false**. - 6. **CMD**: This option is mandatory. If **0** is returned after a command is run in a container, the command execution succeeds. If a value other than **0** is returned, the command execution fails. + 1. **--interval=DURATION**: interval between two consecutive command executions. The default value is **30s**. After a container is started, the first check is performed after the interval time. + 2. **--timeout=DURATION**: maximum duration for executing a single check command. If the execution times out, the command execution fails. The default value is **30s**. + 3. **--start-period=DURATION**: container initialization period. The default value is **0s**. During the initialization, the health check is also performed, while the health check failure is not counted into the maximum number of retries. However, if the health check is successful during initialization, the container is considered as started. All subsequent consecutive check failures are counted in the maximum number of retries. + 4. **--retries=N**. maximum number of retries for the health check. The default value is **3**. + 5. **--health-exit-on-unhealthy=BOOLEAN**: whether to kill a container when it is unhealthy. The default value is **false**. + 6. **CMD**: This option is mandatory. If **0** is returned after a command is run in a container, the command execution succeeds. If a value other than **0** is returned, the command execution fails. After **HEALTHCHECK** is configured, related configurations are written into the image configurations during image creation. You can run the **docker inspect** command to view the configurations. For example: - ``` + ```json "Healthcheck": { "Test": [ "CMD-SHELL", @@ -508,25 +497,24 @@ Docker provides the user-defined health check function for containers. You can c }, ``` +- Configurations during container creation: -- Configurations during container creation: - - ``` + ```shell docker run -itd --health-cmd "curl -f http://localhost/ || exit 1" --health-interval 5m --health-timeout 3s --health-exit-on-unhealthy centos bash ``` The configurable options are as follows: - 1. **--health-cmd**: This option is mandatory. If **0** is returned after a command is run in a container, the command execution succeeds. If a value other than **0** is returned, the command execution fails. - 2. **--health-interval**: interval between two consecutive command executions. The default value is **30s**. The upper limit of the value is the maximum value of Int64 \(unit: nanosecond\). - 3. **--health-timeout**: maximum duration for executing a single check command. If the execution times out, the command execution fails. The default value is **30s**. The upper limit of the value is the maximum value of Int64 \(unit: nanosecond\). - 4. **--health-start-period**: container initialization time. The default value is **0s**. The upper limit of the value is the maximum value of Int64 \(unit: nanosecond\). - 5. **--health-retries**: maximum number of retries for the health check. The default value is **3**. The maximum value is the maximum value of Int32. - 6. **--health-exit-on-unhealthy**: specifies whether to kill a container when it is unhealthy. The default value is **false**. + 1. **--health-cmd**: This option is mandatory. If **0** is returned after a command is run in a container, the command execution succeeds. If a value other than **0** is returned, the command execution fails. + 2. **--health-interval**: interval between two consecutive command executions. The default value is **30s**. The upper limit of the value is the maximum value of Int64 \(unit: nanosecond\). + 3. **--health-timeout**: maximum duration for executing a single check command. If the execution times out, the command execution fails. The default value is **30s**. The upper limit of the value is the maximum value of Int64 \(unit: nanosecond\). + 4. **--health-start-period**: container initialization time. The default value is **0s**. The upper limit of the value is the maximum value of Int64 \(unit: nanosecond\). + 5. **--health-retries**: maximum number of retries for the health check. The default value is **3**. The maximum value is the maximum value of Int32. + 6. **--health-exit-on-unhealthy**: specifies whether to kill a container when it is unhealthy. The default value is **false**. After the container is started, the **HEALTHCHECK** configurations are written into the container configurations. You can run the **docker inspect** command to view the configurations. For example: - ``` + ```json "Healthcheck": { "Test": [ "CMD-SHELL", @@ -535,29 +523,27 @@ Docker provides the user-defined health check function for containers. You can c }, ``` +## Check Rules - -### Check Rules - -1. After a container is started, the container status is **health:starting**. -2. After the period specified by **start-period**, the **cmd** command is periodically executed in the container at the interval specified by **interval**. That is, after the command is executed, the command will be executed again after the specified period. -3. If the **cmd** command is successfully executed within the time specified by **timeout** and the return value is **0**, the check is successful. Otherwise, the check fails. If the check is successful, the container status changes to **health:healthy**. -4. If the **cmd** command fails to be executed for the number of times specified by **retries**, the container status changes to **health:unhealthy**, and the container continues the health check. -5. When the container status is **health:unhealthy**, the container status changes to **health:healthy** if a check succeeds. -6. If **--health-exit-on-unhealthy** is set, and the container exits due to reasons other than being killed \(the returned exit code is **137**\), the health check takes effect only after the container is restarted. -7. When the **cmd** command execution is complete or times out, Docker daemon will record the start time, return value, and standard output of the check to the configuration file of the container. A maximum of five latest records can be recorded. In addition, the configuration file of the container stores health check parameters. +1. After a container is started, the container status is **health:starting**. +2. After the period specified by **start-period**, the **cmd** command is periodically executed in the container at the interval specified by **interval**. That is, after the command is executed, the command will be executed again after the specified period. +3. If the **cmd** command is successfully executed within the time specified by **timeout** and the return value is **0**, the check is successful. Otherwise, the check fails. If the check is successful, the container status changes to **health:healthy**. +4. If the **cmd** command fails to be executed for the number of times specified by **retries**, the container status changes to **health:unhealthy**, and the container continues the health check. +5. When the container status is **health:unhealthy**, the container status changes to **health:healthy** if a check succeeds. +6. If **--health-exit-on-unhealthy** is set, and the container exits due to reasons other than being killed \(the returned exit code is **137**\), the health check takes effect only after the container is restarted. +7. When the **cmd** command execution is complete or times out, Docker daemon will record the start time, return value, and standard output of the check to the configuration file of the container. A maximum of five latest records can be recorded. In addition, the configuration file of the container stores health check parameters. Run the **docker ps** command to view the container status. -``` -[root@bac shm]# docker ps +```shell +$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7de2228674a2 testimg "bash" About an hour ago Up About an hour (unhealthy) cocky_davinci ``` When the container is running, the health check status is written into the container configurations. You can run the **docker inspect** command to view the configurations. -``` +```json "Health": { "Status": "healthy", "FailingStreak": 0, @@ -579,67 +565,68 @@ When the container is running, the health check status is written into the conta ``` >![](./public_sys-resources/icon-note.gif) **NOTE:** ->- A maximum of five health check status records can be stored in a container. The last five records are saved. ->- Only one health check configuration item can take effect in a container at a time. The later items configured in the Dockerfile will overwrite the earlier ones. Configurations during container creation will overwrite those in images. ->- In the Dockerfile, you can set **HEALTHCHECK NONE** to cancel the health check configuration in a referenced image. When a container is running, you can set **--no-healthcheck** to cancel the health check configuration in an image. Do not configure the health check and **--no-healthcheck** parameters at the same time during the startup. ->- After a container with configured health check parameters is started, if Docker daemon exits, the health check is not executed. After Docker daemon is restarted, the container health status changes to **starting**. Afterwards, the check rules are the same as above. ->- If health check parameters are set to **0** during container image creation, the default values are used. ->- If health check parameters are set to **0** during container startup, the default values are used. +> +>- A maximum of five health check status records can be stored in a container. The last five records are saved. +>- Only one health check configuration item can take effect in a container at a time. The later items configured in the Dockerfile will overwrite the earlier ones. Configurations during container creation will overwrite those in images. +>- In the Dockerfile, you can set **HEALTHCHECK NONE** to cancel the health check configuration in a referenced image. When a container is running, you can set **--no-healthcheck** to cancel the health check configuration in an image. Do not configure the health check and **--no-healthcheck** parameters at the same time during the startup. +>- After a container with configured health check parameters is started, if Docker daemon exits, the health check is not executed. After Docker daemon is restarted, the container health status changes to **starting**. Afterwards, the check rules are the same as above. +>- If health check parameters are set to **0** during container image creation, the default values are used. +>- If health check parameters are set to **0** during container startup, the default values are used. -## Stopping and Deleting a Container +# Stopping and Deleting a Container Run the **docker stop** command to stop the container named **container1**. -``` -[root@localhost ~]# docker stop container1 +```shell +docker stop container1 ``` Or run the **docker kill** command to kill and stop the container. -``` -[root@localhost ~]# docker kill container1 +```shell +docker kill container1 ``` After the container is stopped, run the **docker rm** command to delete the container. -``` -[root@localhost ~]# docker rm container1 +```shell +docker rm container1 ``` Or run the **docker rm -f** command to forcibly delete the container. -``` -[root@localhost ~]# docker rm -f container1 +```shell +docker rm -f container1 ``` -### Precautions +## Precautions -- Do not run the **docker rm –f **_XXX_ command to delete a container. If you forcibly delete a container, the **docker rm** command ignores errors during the process, which may cause residual metadata of the container. If you delete an image in common mode and an error occurs during the deletion process, the deletion fails and no metadata remains. -- Do not run the **docker kill** command. The **docker kill** command sends related signals to service processes in a container. Depending on the signal processing policies of service processes in the container may cause the result that the signal execution cannot be performed as expected. -- A container in the restarting state may not stop immediately when you run the **docker stop** command. If a container uses the restart rules, when the container is in the restarting state, there is a low probability that the **docker stop** command on the container returns immediately. The container will still be restarted with the impact of the restart rule. -- Do not run the **docker restart** command to restart a container with the **--rm** parameter. When a container with the **--rm** parameter exits, the container is automatically deleted. If the container with the **--rm** parameter is restarted, exceptions may occur. For example, if both the **--rm** and **-ti** parameters are added when the container is started, the restart operation cannot be performed on the container, otherwise, the container may stop responding and cannot exit. +- Do not run the **docker rm –f**_XXX_ command to delete a container. If you forcibly delete a container, the **docker rm** command ignores errors during the process, which may cause residual metadata of the container. If you delete an image in common mode and an error occurs during the deletion process, the deletion fails and no metadata remains. +- Do not run the **docker kill** command. The **docker kill** command sends related signals to service processes in a container. Depending on the signal processing policies of service processes in the container may cause the result that the signal execution cannot be performed as expected. +- A container in the restarting state may not stop immediately when you run the **docker stop** command. If a container uses the restart rules, when the container is in the restarting state, there is a low probability that the **docker stop** command on the container returns immediately. The container will still be restarted with the impact of the restart rule. +- Do not run the **docker restart** command to restart a container with the **--rm** parameter. When a container with the **--rm** parameter exits, the container is automatically deleted. If the container with the **--rm** parameter is restarted, exceptions may occur. For example, if both the **--rm** and **-ti** parameters are added when the container is started, the restart operation cannot be performed on the container, otherwise, the container may stop responding and cannot exit. -### When Using docker stop/restart to Specify -t and t<0, Ensure That Applications in the Container Can Process Stop Signal +## When Using docker stop/restart to Specify -t and t<0, Ensure That Applications in the Container Can Process Stop Signal Stop Principle: \(The stop process is called by **Restart**.\) -1. The SIGTERM \(15\) signal can be sent to a container for the first time. -2. Wait for a period of time \(**t** entered by the user\). -3. If the container process still exists, send the SIGKILL \(9\) signal to forcibly kill the process. +1. The SIGTERM \(15\) signal can be sent to a container for the first time. +2. Wait for a period of time \(**t** entered by the user\). +3. If the container process still exists, send the SIGKILL \(9\) signal to forcibly kill the process. The meaning of the input parameter **t** \(unit: s\) is as follows: -- **t** < 0: Wait for graceful stop. This setting is preferred when users are assured that their applications have a proper stop signal processing mechanism. -- **t** = 0: Do not wait and send **kill -9** to the container immediately. -- **t** \> 0: Wait for a specified period and send **kill -9** to the container if the container does not stop within the specified period. +- **t** < 0: Wait for graceful stop. This setting is preferred when users are assured that their applications have a proper stop signal processing mechanism. +- **t** = 0: Do not wait and send **kill -9** to the container immediately. +- **t** \> 0: Wait for a specified period and send **kill -9** to the container if the container does not stop within the specified period. Therefore, if **t** is set to a value less than 0 \(for example, **t** = **-1**\), ensure that the container application correctly processes the SIGTERM signal. If the container ignores this signal, the container will be suspended when the **docker stop** command is run. -### Manually Deleting Containers in the Dead State As the Underlying File System May Be Busy +## Manually Deleting Containers in the Dead State As the Underlying File System May Be Busy When Docker deletes a container, it stops related processes of the container, changes the container status to Dead, and then deletes the container rootfs. When the file system or devicemapper is busy, the last step of deleting rootfs fails. Run the **docker ps -a** command. The command output shows that the container is in the Dead state. Containers in the Dead state cannot be started again. Wait until the file system is not busy and run the **docker rm** command again to delete the containers. -### In PID namespace Shared Containers, If Child Container Is in pause State, Parent Container Stops Responding and the docker run Command Cannot Be Executed +## In PID namespace Shared Containers, If Child Container Is in pause State, Parent Container Stops Responding and the docker run Command Cannot Be Executed When the **--pid** parameter is used to create the parent and child containers that share PID namespace, if any process in the child container cannot exit \(for example, it is in the D or pause state\) when the **docker stop** command is executed, the **docker stop** command of the parent container is waiting. You need to manually recover the process so that the command can be executed normally. @@ -647,51 +634,50 @@ In this case, run the **docker inspect** command on the container in the pause Generally, the possible cause is that the PID namespace corresponding to the container cannot be destroyed due to residual processes. If the problem persists, use Linux tools to obtain the residual processes and locate the cause of the process exit failure in PID namespace. After the problem is solved, the container can exit. -- Obtain PID namespace ID in a container. +- Obtain PID namespace ID in a container. - ``` + ```shell docker inspect --format={{.State.Pid}} CONTAINERID | awk '{print "/proc/"$1"/ns/pid"}' |xargs readlink ``` -- Obtain threads in the namespace. +- Obtain threads in the namespace. + ```shell + ls -l /proc/*/task/*/ns/pid |grep -F PIDNAMESPACE_ID |awk '{print $9}' |awk -F \/ '{print $5}' ``` - ls -l /proc/*/task/*/ns/pid |grep -F PIDNAMESPACE_ID |awk '{print $9}' |awk -F \/ '{print $5}' - ``` - -## Querying Container Information +# Querying Container Information In any case, the container status should not be determined based on whether the **docker** command is successfully returned. To view the container status, you are advised to use the following command: -``` +```shell docker inspect ``` -## Modification Operations +# Modification Operations -### Precautions for Starting Multiple Processes in Container Using docker exec +## Precautions for Starting Multiple Processes in Container Using docker exec When the first **docker exec** command executed in a container is the **bash** command, ensure that all processes started by **exec** are stopped before you run the **exit** command. Otherwise, the device may stop responding when you run the **exit** command. To ensure that the process started by **exec** is still running in the background when the **exit** command is run, add **nohup** when starting the process. -### Usage Conflict Between docker rename and docker stats _container\_name_ +## Usage Conflict Between docker rename and docker stats _container\_name_ -If you run the **docker stats **_container\_name_ command to monitor a container in real time, after the container is renamed by using **docker rename**, the name displayed after **docker stats** is executed is the original name instead of the renamed one. +If you run the **docker stats**_container\_name_ command to monitor a container in real time, after the container is renamed by using **docker rename**, the name displayed after **docker stats** is executed is the original name instead of the renamed one. -### Failed to Perform docker rename Operation on Container in restarting State +## Failed to Perform docker rename Operation on Container in restarting State When the rename operation is performed on a container in the restarting state, Docker modifies the container network configuration accordingly. The container in the restarting state may not be started and the network does not exist. As a result, the rename operation reports an error indicating that the sandbox does not exist. You are advised to rename only containers that are not in the restarting state. -### docker cp +## docker cp -1. When you run **docker cp** to copy files to a container, all operations on the container can be performed only after the **docker cp** command is executed. -2. When a container runs as a non-**root** user, and you run the **docker cp** command to copy a non-**root** file on the host to the container, the permission role of the file in the container changes to **root**. Different from the **cp** command, the **docker cp** command changes UIDs and GIDs of the files copied to the container to **root**. +1. When you run **docker cp** to copy files to a container, all operations on the container can be performed only after the **docker cp** command is executed. +2. When a container runs as a non-**root** user, and you run the **docker cp** command to copy a non-**root** file on the host to the container, the permission role of the file in the container changes to **root**. Different from the **cp** command, the **docker cp** command changes UIDs and GIDs of the files copied to the container to **root**. -### docker login +## docker login -After the **docker login** command is executed, **usrer/passwd** encrypted by AES \(256-bit\) is saved in **/root/.docker/config.json**. At the same time, _root_**.docker/aeskey** \(permission 0600\) is generated to decrypt **usrer/passwd** in **/root/.docker/config.json**. Currently, AES key cannot be updated periodically. You need to manually delete the AES key for updating. After AES key is updated, you need to log in to Docker daemon again to push the AES key no matter whether Docker daemon is restarted. For example: +After the **docker login** command is executed, **user/passwd** encrypted by AES \(256-bit\) is saved in **/root/.docker/config.json**. At the same time, _root_**.docker/aeskey** \(permission 0600\) is generated to decrypt **user/passwd** in **/root/.docker/config.json**. Currently, AES key cannot be updated periodically. You need to manually delete the AES key for updating. After AES key is updated, you need to log in to Docker daemon again to push the AES key no matter whether Docker daemon is restarted. For example: -``` +```sh root@hello:~/workspace/dockerfile# docker login Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one. Username: example Password: @@ -718,4 +704,3 @@ The push refers to a repository [docker.io/example/empty] 547b6288eb33: Layer already exists latest: digest: sha256:99d4fb4ce6c6f850f3b39f54f8eca0bbd9e92bd326761a61f106a10454b8900b size: 524 ``` - diff --git a/docs/en/docs/Container/container-management-2.md b/docs/en/docs/Container/container-management-2.md index 1ce5d85ff343c2f1e84c0cc1f0d917d373236146..1371c45ff8e4cea648f0a804bce79529301ee614 100644 --- a/docs/en/docs/Container/container-management-2.md +++ b/docs/en/docs/Container/container-management-2.md @@ -24,8 +24,9 @@ - [update](#update) - [wait](#wait) +## Overview -Subcommands supported by the current Docker are classified into the following groups by function: +Subcommands supported by Docker are classified into the following groups by function:

Function

diff --git a/docs/en/docs/Container/container-management.md b/docs/en/docs/Container/container-management.md index cc81d13b9c691fb1efc0253043f442eedf07bfe6..1cad3bc333ad189b0f6a97a5ce4cb143b65fa167 100644 --- a/docs/en/docs/Container/container-management.md +++ b/docs/en/docs/Container/container-management.md @@ -18,13 +18,10 @@ - [Displaying Resource Usage Statistics of a Container](#displaying-resource-usage-statistics-of-a-container) - [Obtaining Container Logs](#obtaining-container-logs) - [Copying Data Between a Container and a Host](#copying-data-between-a-container-and-a-host) - - [Pausing a Container](#pausing-a-container) - - [Resuming a Container](#resuming-a-container) + - [Pausing All Processes in a Container](#pausing-all-processes-in-a-container) + - [Resuming All Processes in a Container](#resuming-all-processes-in-a-container) - [Obtaining Event Messages from the Server in Real Time](#obtaining-event-messages-from-the-server-in-real-time) - - - ## Creating a Container ### Description @@ -33,7 +30,7 @@ To create a container, run the **isula create** command. The container engine ### Usage -``` +```shell isula create [OPTIONS] IMAGE [COMMAND] [ARG...] ``` @@ -41,7 +38,7 @@ isula create [OPTIONS] IMAGE [COMMAND] [ARG...] The following table lists the parameters supported by the **create** command. -**Table 1** Parameter description +**Table 1** Parameter description - - + + + + + + + + + + + + - + + + + + + + + + - - - + + + + + + - + + + + + + + + + + + + + + + + + + - - - - - + + + - - - - + + + + + + - + + + + + + - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Command

@@ -51,10 +48,15 @@ The following table lists the parameters supported by the **create** command.

Description

create

+

create

  

--annotation

+

--add-host

+

Adds the mapping between the custom host and the IP address (host:ip).

+

--annotation

Sets annotations for the container. For example, set the native.umask parameter.

--annotation native.umask=normal #The umask value of the started container is 0022.
@@ -62,6 +64,21 @@ The following table lists the parameters supported by the  **create**  command.
 
If this parameter is not set, the umask configuration in iSulad is used.

--blkio-weight

+

Specifies the block I/O (relative weight). The value ranges from 10 to 1000. The default value is 0, indicating that this function is disabled.

+

--blkio-weight-device

+

Specifies the block I/O weight (relative device weight). The format is DEVICE_NAME: weight. The weight value ranges from 10 to 1000. The default value is 0, indicating that this function is disabled.

+

--cap-add

+

Adds the Linux permission function.

+

--cap-drop

Deletes Linux permissions.

@@ -72,9 +89,24 @@ The following table lists the parameters supported by the **create** command.

Specifies the cgroup parent path of the container.

--cpuset-cpus

+

--cpu-period

+

Limits the period of CPU CFS.

+

--cpu-quota

+

Limits the CPU CFS quota.

+

--cpu-rt-period

+

Limits the real-time CPU period (in microseconds).

+

--cpu-rt-runtime

Allowed CPUs (for example, 0-3, 0, 1).

+

Limits the real-time running time of the CPU (in microseconds).

--cpu-shares

@@ -82,16 +114,51 @@ The following table lists the parameters supported by the **create** command.

CPU share (relative weight).

--cpu-quota

+

--cpus

Limits the CPU CFS quota.

+

Specifies the number of CPUs.

+

--cpuset-cpus

+

Specifies the CPU that can be executed. Example values: 0-3, 0, 1.

+

--cpuset-mems

+

Specifies memory that can be executed. Example values: 0-3, 0, 1.

--device=[]

+

--device

Adds a device to the container.

--device-cgroup-rule

+

Adds a rule to the list of devices allowed by the cgroup.

+

--device-read-bps

+

Limits the read rate (bytes per second) of the device.

+

--device-read-iops

+

Limits the read rate (I/Os per second) of the device.

+

--device-write-bps

+

Limits the write rate (bytes per second) of the device.

+

--device-write-iops

+

Limits the write rate (I/Os per second) of the device.

+

--dns

Adds a DNS server.

@@ -107,6 +174,11 @@ The following table lists the parameters supported by the **create** command.

Sets the search domain of a container.

--entrypoint

+

Specifies the entry point to be run when a container is started.

+

-e, --env

Sets environment variables.

@@ -117,9 +189,9 @@ The following table lists the parameters supported by the **create** command.

Configures environment variables using a file.

--entrypoint

+

--env-target-file

Entry point to run when the container is started.

+

Specifies the target file path in rootfs to which environment variables are exported.

--external-rootfs=PATH

@@ -139,7 +211,7 @@ The following table lists the parameters supported by the **create** command.

--help

Displays help information.

+

Prints help information.

--health-cmd

@@ -177,9 +249,9 @@ The following table lists the parameters supported by the **create** command.

Hook configuration file.

-H, --host

+

--host-channel

Specifies the iSulad socket file path to be accessed.

+

Creates the shared memory between the host and the container.

-h, --hostname

@@ -187,19 +259,24 @@ The following table lists the parameters supported by the **create** command.

Container host name.

--hugetlb-limit=[]

+

Limits the huge page file. For example, --hugetlb-limit 2MB:32MB.

+

-i, --interactive

Enables the standard input of the container even if it is not connected to the standard input of the container.

--hugetlb-limit=[]

+

--ipc

Limits the size of huge-page files, for example, --hugetlb-limit 2MB:32MB.

+

Specifies the IPC namespace.

--log-opt=[]

+

--kernel-memory

Log driver option. By default, the container serial port log function is disabled. You can run the --log-opt disable-log=false command to enable it.

+

Limits the kernel memory.

-l,--label

@@ -212,6 +289,16 @@ The following table lists the parameters supported by the **create** command.

Sets container labels using files.

--log-driver

+

Records the container driver.

+

--log-opt=[]

+

Log driver option. By default, the function of recording container serial port logs is disabled. You can enable it by setting --log-opt disable-log=false.

+

-m, --memory

Memory limit.

@@ -234,7 +321,17 @@ The following table lists the parameters supported by the **create** command.

--mount

Mounts a host directory to a container.

+

Mounts the host directory, volume, or file system to the container.

+

--name=NAME

+

Container name.

+

--net=none

+

Connects the container to the network.

--no-healthcheck

@@ -242,14 +339,24 @@ The following table lists the parameters supported by the **create** command.

Disables the health check configuration.

--name=NAME

+

--ns-change-opt

Container name.

+

Namespace kernel parameter option of the system container.

--net=none

+

--oom-kill-disable

Connects a container to a network.

+

Disables OOM.

+

--oom-score-adj

+

Adjusts the OOM preference of the host (from -1000 to 1000).

+

--pid

+

Specifies the PID namespace to be used.

--pids-limit

@@ -262,6 +369,11 @@ The following table lists the parameters supported by the **create** command.

Grants container extension privileges.

--pull

+

Pulls the image before running.

+

-R, --runtime

Container runtime. The parameter value can be lcr, which is case insensitive. Therefore, LCR and lcr are equivalent.

@@ -278,11 +390,41 @@ The following table lists the parameters supported by the **create** command.

For a system container, --restart on-reboot is supported.

--security-opt

+

Security option.

+

--shm-size

+

Size of /dev/shm. The default value is 64MB.

+

--stop-signal

+

Stop signal for a container. The default value is SIGTERM.

+

--storage-opt

Configures the storage driver option for a container.

--sysctl

+

Sets the sysctl option.

+

--system-container

+

Starts the system container.

+

--tmpfs

+

Mounts the tmpfs directory.

+

-t, --tty

Allocates a pseudo terminal.

@@ -298,19 +440,44 @@ The following table lists the parameters supported by the **create** command.

User name or UID, in the format of [<name|uid>][:<group|gid>].

--user-remap

+

Maps users to the system container.

+

--userns

+

Sets the user command space for a container when the user-remap option is enabled.

+

--uts

+

Sets the PID namespace.

+

-v, --volume=[]

Mounts a volume.

--volumes-from=[]

+

Uses the mounting configuration of the specified container.

+

--workdir

+

Sets the working directory in the container.

+
### Constraints -- When the **--user** or **--group-add** parameter is used to verify the user or group during container startup, if the container uses an OCI image, the verification is performed in the **etc/passwd** and **etc/group** files of the actual rootfs of the image. If a folder or block device is used as the rootfs of the container, the **etc/passwd** and **etc/group** files in the host are verified. The rootfs ignores mounting parameters such as **-v** and **--mount**. That is, when these parameters are used to attempt to overwrite the **etc/passwd** and **etc/group** files, the parameters do not take effect during the search and take effect only when the container is started. The generated configuration is saved in the **iSulad root directory/engine/container ID/start\_generate\_config.json** file. The file format is as follows: +- When the **--user** or **--group-add** parameter is used to verify the user or group during container startup, if the container uses an OCI image, the verification is performed in the **etc/passwd** and **etc/group** files of the actual rootfs of the image. If a folder or block device is used as the rootfs of the container, the **etc/passwd** and **etc/group** files in the host are verified. The rootfs ignores mounting parameters such as **-v** and **--mount**. That is, when these parameters are used to attempt to overwrite the **etc/passwd** and **etc/group** files, the parameters do not take effect during the search and take effect only when the container is started. The generated configuration is saved in the **iSulad root directory/engine/container ID/start\_generate\_config.json** file. The file format is as follows: - ``` + ```json { "uid": 0, "gid": 8, @@ -321,16 +488,15 @@ The following table lists the parameters supported by the **create** command. } ``` - ### Example Create a container. -``` +```shell $ isula create busybox fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 $ isula ps -a -STATUS PID IMAGE COMMAND EXIT_CODE RESTART_COUNT STARTAT FINISHAT RUNTIME ID NAMES inited - busybox "sh" 0 0 - - lcr fd7376591a9c fd7376591a9c4521... +STATUS PID IMAGE COMMAND EXIT_CODE RESTART_COUNT STARTAT FINISHAT RUNTIME ID NAMES ``` ## Starting a Container @@ -341,7 +507,7 @@ To start one or more containers, run the **isula start** command. ### Usage -``` +```shell isula start [OPTIONS] CONTAINER [CONTAINER...] ``` @@ -349,7 +515,7 @@ isula start [OPTIONS] CONTAINER [CONTAINER...] The following table lists the parameters supported by the **start** command. -**Table 1** Parameter description +**Table 2** Parameter description - - + + + + + + - @@ -378,8 +554,8 @@ The following table lists the parameters supported by the **start** command. Start a new container. -``` -$ isula start fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 +```shell +isula start fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 ``` ## Running a Container @@ -390,7 +566,7 @@ To create and start a container, run the **isula run** command. You can use a ### Usage -``` +```shell isula run [OPTIONS] ROOTFS|IMAGE [COMMAND] [ARG...] ``` @@ -398,7 +574,7 @@ isula run [OPTIONS] ROOTFS|IMAGE [COMMAND] [ARG...] The following table lists the parameters supported by the **run** command. -**Table 1** Parameter description +**Table 3** Parameter description

Command

@@ -359,16 +525,26 @@ The following table lists the parameters supported by the **start** command.

Description

start

+

start

-H, --host

Specifies the iSulad socket file path to be accessed.

-R, --runtime

+

-a, --attach

+

Connects to STDOUT and STDERR of the container.

+

-D, --debug

+

Enables the debug mode.

+

--help

Container runtime. The parameter value can be lcr, which is case insensitive. Therefore, LCR and lcr are equivalent.

+

Prints help information.
- @@ -418,6 +594,21 @@ The following table lists the parameters supported by the **run** command.

If this parameter is not set, the umask configuration in iSulad is used.

+ + + + + + + + + - - + + + + + + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + + + + - + + + - + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + +

Command

@@ -408,7 +584,7 @@ The following table lists the parameters supported by the **run** command.

Description

run

+

run

--annotation

--add-host

+

Adds the mapping between the custom host and the IP address (host:ip).

+

--blkio-weight

+

Specifies the block I/O (relative weight). The value ranges from 10 to 1000. The default value is 0, indicating that this function is disabled.

+

--blkio-weight-device

+

Specifies the block I/O weight (relative device weight). The format is DEVICE_NAME: weight. The weight value ranges from 10 to 1000. The default value is 0, indicating that this function is disabled.

+

--cap-add

Adds Linux functions.

@@ -433,9 +624,24 @@ The following table lists the parameters supported by the **run** command.

Specifies the cgroup parent path of the container.

--cpuset-cpus

+

--cpu-period

Allowed CPUs (for example, 0-3, 0, 1).

+

Limits the period of CPU CFS.

+

--cpu-quota

+

Limits the CPU CFS quota.

+

--cpu-rt-period

+

Limits the real-time CPU period (in microseconds).

+

--cpu-rt-runtime

+

Limits the real-time running time of the CPU (in microseconds).

--cpu-shares

@@ -443,9 +649,19 @@ The following table lists the parameters supported by the **run** command.

CPU share (relative weight).

--cpu-quota

+

--cpus

Limits the CPU CFS quota.

+

Specifies the number of CPUs.

+

--cpuset-cpus

+

Specifies the CPU that can be executed. Example values: 0-3, 0, 1.

+

--cpuset-mems

+

Specifies memory that can be executed. Example values: 0-3, 0, 1.

-d, --detach

@@ -458,6 +674,31 @@ The following table lists the parameters supported by the **run** command.

Adds a device to the container.

--device-cgroup-rule

+

Adds a rule to the list of devices allowed by the cgroup.

+

--device-read-bps

+

Limits the read rate (bytes per second) of the device.

+

--device-read-iops

+

Limits the read rate (I/Os per second) of the device.

+

--device-write-bps

+

Limits the write rate (bytes per second) of the device.

+

--device-write-iops

+

Limits the write rate (I/Os per second) of the device.

+

--dns

Adds a DNS server.

@@ -473,6 +714,11 @@ The following table lists the parameters supported by the **run** command.

Sets the search domain of a container.

--entrypoint

+

Specifies the entry point to be run when a container is started.

+

-e, --env

Sets environment variables.

@@ -483,9 +729,9 @@ The following table lists the parameters supported by the **run** command.

Configures environment variables using a file.

--entrypoint

+

--env-target-file

Entry point to run when the container is started.

+

Specifies the target file path in rootfs to which environment variables are exported.

--external-rootfs=PATH

@@ -505,7 +751,7 @@ The following table lists the parameters supported by the **run** command.

--help

Displays help information.

+

Prints help information.

--health-cmd

@@ -548,6 +794,11 @@ The following table lists the parameters supported by the **run** command.

Specifies the iSulad socket file path to be accessed.

--host-channel

+

Creates the shared memory between the host and the container.

+

-h, --hostname

Container host name.

@@ -563,6 +814,31 @@ The following table lists the parameters supported by the **run** command.

Enables the standard input of the container even if it is not connected to the standard input of the container.

--ipc

+

Specifies the IPC namespace.

+

--kernel-memory

+

Limits the kernel memory.

+

-l, --label

+

Sets a label for a container.

+

--lablel-file

+

Sets the container label through a file.

+

--log-driver

+

Sets the log driver. syslog and json-file are supported.

+

--log-opt=[]

Log driver option. By default, the container serial port log function is disabled. You can run the --log-opt disable-log=false command to enable it.

@@ -593,19 +869,39 @@ The following table lists the parameters supported by the **run** command.

Mounts a host directory to a container.

--name=NAME

+

Container name

+

--net=none

+

Connects a container to the network.

+

--no-healthcheck

Disables the health check configuration.

--name=NAME

+

--ns-change-opt

Container name.

+

Namespace kernel parameter option of the system container.

--net=none

+

--oom-kill-disable

+

Disables OOM.

+

--oom-score-adj

+

Adjusts the OOM preference of the host (from -1000 to 1000).

+

--pid

Connects a container to a network.

+

Specifies the PID namespace to be used.

--pids-limit

@@ -618,6 +914,11 @@ The following table lists the parameters supported by the **run** command.

Grants container extension privileges.

--pull

+

Pulls the image before running.

+

-R, --runtime

Container runtime. The parameter value can be lcr, which is case insensitive. Therefore, LCR and lcr are equivalent.

@@ -639,9 +940,39 @@ The following table lists the parameters supported by the **run** command.

Automatically clears a container upon exit.

--storage-opt

+

--security-opt

+

Security option.

+

--shm-size

+

Size of /dev/shm. The default value is 64MB.

+

--stop-signal

+

Stop signal for a container. The default value is SIGTERM.

+

--storage-opt

+

Configures the storage driver option of a container.

+

--sysctl

+

Sets the sysctl option.

+

--system-container

+

Starts the system container.

+

--tmpfs

Configures the storage driver option for a container.

+

Mounts the tmpfs directory.

-t, --tty

@@ -659,26 +990,51 @@ The following table lists the parameters supported by the **run** command.

User name or UID, in the format of [<name|uid>][:<group|gid>].

--user-remap

+

Maps users to the system container.

+

--userns

+

Sets the user command space for a container when the user-remap option is enabled.

+

--uts

+

Sets the PID namespace.

+

-v, --volume=[]

Mounts a volume.

--volumes-from=[]

+

Uses the mounting configuration of the specified container.

+

--workdir

+

Sets the working directory in the container.

+
### Constraints -- When the parent process of a container exits, the corresponding container automatically exits. -- When a common container is created, the parent process cannot be initiated because the permission of common containers is insufficient. As a result, the container does not respond when you run the **attach** command though it is created successfully. -- If **--net** is not specified when the container is running, the default host name is **localhost**. -- If the **--files-limit** parameter is to transfer a small value, for example, 1, when the container is started, iSulad creates a cgroup, sets the files.limit value, and writes the PID of the container process to the **cgroup.procs** file of the cgroup. At this time, the container process has opened more than one handle. As a result, a write error is reported, and the container fails to be started. -- If both** --mount** and **--volume** exist and their destination paths conflict, **--mount** will be run after **--volume** \(that is, the mount point in **--volume** will be overwritten\). +- When the parent process of a container exits, the corresponding container automatically exits. +- When a common container is created, the parent process cannot be initiated because the permission of common containers is insufficient. As a result, the container does not respond when you run the **attach** command though it is created successfully. +- If **--net** is not specified when the container is running, the default host name is **localhost**. +- If the **--files-limit** parameter is to transfer a small value, for example, 1, when the container is started, iSulad creates a cgroup, sets the files.limit value, and writes the PID of the container process to the **cgroup.procs** file of the cgroup. At this time, the container process has opened more than one handle. As a result, a write error is reported, and the container fails to be started. +- If both**--mount** and **--volume** exist and their destination paths conflict, **--mount** will be run after **--volume** \(that is, the mount point in **--volume** will be overwritten\). Note: The value of the **type** parameter of lightweight containers can be **bind** or **squashfs**. When **type** is set to **squashfs**, **src** is the image path. The value of the **type** parameter of the native Docker can be **bind**, **volume**, and **tmpfs**. -- The restart policy does not support **unless-stopped**. -- The values returned for Docker and lightweight containers are 127 and 125 respectively in the following three scenarios: +- The restart policy does not support **unless-stopped**. +- The values returned for Docker and lightweight containers are 127 and 125 respectively in the following three scenarios: The host device specified by **--device** does not exist. @@ -686,23 +1042,24 @@ The following table lists the parameters supported by the **run** command. The entry point specified by **--entrypoint** does not exist. -- When the **--volume** parameter is used, /dev/ptmx will be deleted and recreated during container startup. Therefore, do not mount the **/dev** directory to that of the container. Use **--device** to mount the devices in **/dev** of the container. -- Do not use the echo option to input data to the standard input of the **run** command. Otherwise, the client will be suspended. The echo value should be directly transferred to the container as a command line parameter. +- When the **--volume** parameter is used, /dev/ptmx will be deleted and recreated during container startup. Therefore, do not mount the **/dev** directory to that of the container. Use **--device** to mount the devices in **/dev** of the container. +- When the **-it** parameter is used, the **/dev/ptmx** device will be deleted and rebuilt when the container is started. Therefore, do not mount the **/dev** directory to the **/dev** directory of the container. Instead, use **--device** to mount the devices in the **/dev** directory to the container. +- Do not use the echo option to input data to the standard input of the **run** command. Otherwise, the client will be suspended. The echo value should be directly transferred to the container as a command line parameter. + + ```shell + # echo ls | isula run -i busybox /bin/sh + - ``` - [root@localhost ~]# echo ls | isula run -i busybox /bin/sh - - ^C - [root@localhost ~]# + # ``` The client is suspended when the preceding command is executed because the preceding command is equivalent to input **ls** to **stdin**. Then EOF is read and the client does not send data and waits for the server to exit. However, the server cannot determine whether the client needs to continue sending data. As a result, the server is suspended in reading data, and both parties are suspended. The correct execution method is as follows: - ``` - [root@localhost ~]# isula run -i busybox ls + ```shell + # isula run -i busybox ls bin dev etc @@ -713,12 +1070,12 @@ The following table lists the parameters supported by the **run** command. tmp usr var - [root@localhost ~]# + # ``` -- If the root directory \(/\) of the host is used as the file system of the container, the following situations may occur during the mounting: +- If the root directory \(/\) of the host is used as the file system of the container, the following situations may occur during the mounting: - **Table 2** Mounting scenarios + **Table 4** Mounting scenarios

Host Path (Source)

@@ -740,27 +1097,40 @@ The following table lists the parameters supported by the **run** command.
- >![](./public_sys-resources/icon-notice.gif) **NOTICE:** - >Scenario 1: Mount **/home/test1** and then **/home/test2**. In this case, the content in **/home/test1** overwrites the content in **/mnt**. As a result, the **abc** directory does not exist in **/mnt**, and mounting** /home/test2** to **/mnt/abc** fails. - >Scenario 2: Mount **/home/test2** and then **/home/test1**. In this case, the content of **/mnt** is replaced with the content of **/home/test1** during the second mounting. In this way, the content mounted during the first mounting from **/home/test2** to **/mnt/abc** is overwritten. - >The first scenario is not supported. For the second scenario, users need to understand the risk of data access failures. + >![](./public_sys-resources/icon-notice.gif) **NOTICE:** + >Scenario 1: Mount **/home/test1** and then **/home/test2**. In this case, the content in **/home/test1** overwrites the content in **/mnt**. As a result, the **abc** directory does not exist in **/mnt**, and mounting**/home/test2** to **/mnt/abc** fails. + >Scenario 2: Mount **/home/test2** and then **/home/test1**. In this case, the content of **/mnt** is replaced with the content of **/home/test1** during the second mounting. In this way, the content mounted during the first mounting from **/home/test2** to **/mnt/abc** is overwritten. + >The first scenario is not supported. For the second scenario, users need to understand the risk of data access failures. + +- Exercise caution when configuring the **/sys** and **/proc** directories to be writable. - >![](./public_sys-resources/icon-notice.gif) **NOTICE:** - >- In high concurrency scenarios \(200 containers are concurrently started\), the memory management mechanism of Glibc may cause memory holes and large virtual memory \(for example, 10 GB\). This problem is caused by the restriction of the Glibc memory management mechanism in the high concurrency scenario, but not by memory leakage. Therefore, the memory consumption does not increase infinitely. You can set the **MALLOC\_ARENA\_MAX** environment variable to reduce the virtual memory and increase the probability of reducing the physical memory. However, this environment variable will cause the iSulad concurrency performance to deteriorate. Set this environment variable based on the site requirements. - > ``` - > To balance performance and memory usage, set MALLOC_ARENA_MAX to 4. (The iSulad performance deterioration on the ARM64 server is controlled by less than 10%.) - > Configuration method: - > 1. To manually start iSulad, run the export MALLOC_ARENA_MAX=4 command and then start the iSulad. - > 2. If systemd manages iSulad, you can modify the /etc/sysconfig/iSulad file by adding MALLOC_ARENA_MAX=4. - > ``` + The **/sys** and **/proc** directories contain the APIs for maintaining Linux kernel parameters and managing devices. If the directories are writable in a container, container escape may occur. +- Exercise caution when configuring containers to share namespaces with hosts. + + For example, if you use **--pid**, **--ipc**, **--uts**, or **--net** to configure namespace sharing between the container and the host, the namespace isolation between the container and the host is lost, and the host can be attacked from the container. For example, if you use **--pid** to configure PID namespace sharing between the container and the host, the PID of the process on the host can be viewed in the container and the process can be killed in the container. + +- Exercise caution when configuring parameters that can be used to mount host resources, such as **--device** and **-v**. Do not map sensitive directories or devices of the host to containers to prevent leakage of sensitive information. + +- Exercise caution when using the **--privileged** option to start a container. If the **--privileged** option is used, the container will have excessive permissions, affecting the host configuration. + + >![](./public_sys-resources/icon-notice.gif) **NOTICE:** + > + > - In high concurrency scenarios (200 containers are concurrently started), the memory management mechanism of Glibc may cause memory holes and large virtual memory (for example, 10 GB). This problem is caused by the restriction of the Glibc memory management mechanism in the high concurrency scenario, but not by memory leakage. Therefore, the memory consumption does not increase infinitely. You can set the **MALLOC\_ARENA\_MAX** environment variable to reduce the virtual memory and increase the probability of reducing the physical memory. However, this environment variable will cause the iSulad concurrency performance to deteriorate. Set this environment variable based on the site requirements. + > + > ```text + > To balance performance and memory usage, set MALLOC_ARENA_MAX to 4. (The iSulad performance deterioration on the ARM64 server is controlled by less than 10%.) + > Configuration method: + > 1. To manually start iSulad, run the export MALLOC_ARENA_MAX=4 command and then start the iSulad. + > 2. If systemd manages iSulad, you can modify the /etc/sysconfig/iSulad file by adding MALLOC_ARENA_MAX=4. + > ``` ### Example Run a new container. -``` -$ isula run -itd busybox +```shell +# isula run -itd busybox 9c2c13b6c35f132f49fb7ffad24f9e673a07b7fe9918f97c0591f0d7014c713b ``` @@ -772,7 +1142,7 @@ To stop a container, run the **isula stop** command. The SIGTERM signal is sen ### Usage -``` +```shell isula stop [OPTIONS] CONTAINER [CONTAINER...] ``` @@ -780,7 +1150,7 @@ isula stop [OPTIONS] CONTAINER [CONTAINER...] The following table lists the parameters supported by the **stop** command. -**Table 1** Parameter description +**Table 5** Parameter description - @@ -802,6 +1172,16 @@ The following table lists the parameters supported by the **stop** command. + + + + + +

Command

@@ -790,7 +1160,7 @@ The following table lists the parameters supported by the **stop** command.

Description

stop

+

stop

-f, --force

Specifies the iSulad socket file path to be accessed.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+

-t, --time

Time for graceful stop. If the time exceeds the value of this parameter, the container is forcibly stopped.

@@ -812,12 +1192,11 @@ The following table lists the parameters supported by the **stop** command. ### Constraints -- If the **t** parameter is specified and the value of **t** is less than 0, ensure that the application in the container can process the stop signal. +- If the **t** parameter is specified and the value of **t** is less than 0, ensure that the application in the container can process the stop signal. Principle of the Stop command: Send the SIGTERM signal to the container, and then wait for a period of time \(**t** entered by the user\). If the container is still running after the period of time, the SIGKILL signal is sent to forcibly kill the container. - -- The meaning of the input parameter **t** is as follows: +- The meaning of the input parameter **t** is as follows: **t** < 0: Wait for graceful stop. This setting is preferred when users are assured that their applications have a proper stop signal processing mechanism. @@ -827,13 +1206,12 @@ The following table lists the parameters supported by the **stop** command. Therefore, if **t** is set to a value less than 0 \(for example, **t** = -1\), ensure that the container application correctly processes the SIGTERM signal. If the container ignores this signal, the container will be suspended when the **isula stop** command is run. - ### Example Stop a container. -``` -$ isula stop fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 +```shell +# isula stop fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 ``` @@ -845,7 +1223,7 @@ To forcibly stop one or more running containers, run the **isula kill** comman ### Usage -``` +```shell isula kill [OPTIONS] CONTAINER [CONTAINER...] ``` @@ -853,7 +1231,7 @@ isula kill [OPTIONS] CONTAINER [CONTAINER...] The following table lists the parameters supported by the **kill** command. -**Table 1** Parameter description +**Table 6** Parameter description - + + + + + +

Command

@@ -863,13 +1241,23 @@ The following table lists the parameters supported by the **kill** command.

Description

kill

+

kill

-H, --host

Specifies the iSulad socket file path to be accessed.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+

-s, --signal

Signal sent to the container.

@@ -882,8 +1270,8 @@ The following table lists the parameters supported by the **kill** command. Kill a container. -``` -$ isula kill fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 +```shell +# isula kill fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 ``` @@ -895,7 +1283,7 @@ To remove a container, run the **isula rm** command. ### Usage -``` +```shell isula rm [OPTIONS] CONTAINER [CONTAINER...] ``` @@ -903,7 +1291,7 @@ isula rm [OPTIONS] CONTAINER [CONTAINER...] The following table lists the parameters supported by the **rm** command. -**Table 1** Parameter description +**Table 7** Parameter description - + + + + + +

Command

@@ -913,13 +1301,23 @@ The following table lists the parameters supported by the **rm** command.

Description

rm

+

rm

-f, --force

Forcibly removes a running container.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+

-H, --host

Specifies the iSulad socket file path to be accessed.

@@ -935,14 +1333,14 @@ The following table lists the parameters supported by the **rm** command. ### Constraints -- In normal I/O scenarios, it takes T1 to delete a running container in an empty environment \(with only one container\). In an environment with 200 containers \(without a large number of I/O operations and with normal host I/O\), it takes T2 to delete a running container. The specification of T2 is as follows: T2 = max \{T1 x 3, 5\}s. +- In normal I/O scenarios, it takes T1 to delete a running container in an empty environment (with only one container). In an environment with 200 containers (without a large number of I/O operations and with normal host I/O), it takes T2 to delete a running container. The specification of T2 is as follows: T2 = max \{T1 x 3, 5\}s. ### Example Delete a stopped container. -``` -$ isula rm fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 +```shell +# isula rm fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 ``` @@ -950,11 +1348,11 @@ fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 ### Description -To attach standard input, standard output, and standard error of the current terminal to a running container, run the **isula attach** command. Only containers whose runtime is of the LCR type are supported. +To attach standard input, standard output, and standard error of the current terminal to a running container, run the **isula attach** command. ### Usage -``` +```shell isula attach [OPTIONS] CONTAINER ``` @@ -962,7 +1360,7 @@ isula attach [OPTIONS] CONTAINER The following table lists the parameters supported by the **attach** command. -**Table 1** Parameter description +**Table 8** Parameter description -

Command

@@ -977,7 +1375,7 @@ The following table lists the parameters supported by the **attach** command.

--help

Displays help information.

+

Prints help information.

-H, --host

@@ -995,14 +1393,14 @@ The following table lists the parameters supported by the **attach** command. ### Constraints -- For the native Docker, running the **attach** command will directly enter the container. For the iSulad container, you have to run the **attach** command and press **Enter** to enter the container. +- For the native Docker, running the **attach** command will directly enter the container. For the iSulad container, you have to run the **attach** command and press **Enter** to enter the container. ### Example Attach to a running container. -``` -$ isula attach fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 +```shell +# isula attach fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 / # / # ``` @@ -1015,7 +1413,7 @@ To rename a container, run the **isula rename** command. ### Usage -``` +```shell isula rename [OPTIONS] OLD_NAME NEW_NAME ``` @@ -1023,21 +1421,32 @@ isula rename [OPTIONS] OLD_NAME NEW_NAME The following table lists the parameters supported by the **rename** command. -**Table 1** Parameter description +**Table 9** Parameter description - - - - + + + + + + + + +

Command

+ + + + + + + - - - - + + - @@ -1047,8 +1456,8 @@ The following table lists the parameters supported by the **rename** command. Rename a container. -``` -$ isula rename my_container my_new_container +```shell +isula rename my_container my_new_container ``` ## Executing a Command in a Running Container @@ -1059,7 +1468,7 @@ To execute a command in a running container, run the **isula exec** command. T ### Usage -``` +```shell isula exec [OPTIONS] CONTAINER COMMAND [ARG...] ``` @@ -1067,7 +1476,7 @@ isula exec [OPTIONS] CONTAINER COMMAND [ARG...] The following table lists the parameters supported by the **exec** command. -**Table 1** Parameter description +**Table 10** Parameter description

Command

+

Parameter

+

Description

+

rename

Parameter

+

--help

Description

+

Prints help information.

rename

+

-H, --host

-H, --host

+

Specifies the path of the iSulad socket file to be connected.

+

-D, --debug

Renames a container.

+

Enables the debug mode.
- + + + + + + + + +

Command

@@ -1077,7 +1486,7 @@ The following table lists the parameters supported by the **exec** command.

Description

exec

+

exec

  

-d, --detach

@@ -1085,11 +1494,21 @@ The following table lists the parameters supported by the **exec** command.

Runs a command in the background.

-D, --debug

+

Enables the debug mode.

+

-e, --env

Sets environment variables. (Note: Currently, iSulad does not use this function.)

--help

+

Prints help information.

+

-H, --host

Specifies the iSulad socket file path to be accessed.

@@ -1110,85 +1529,87 @@ The following table lists the parameters supported by the **exec** command.

Logs in to the container as a specified user.

--workdir

+

Specifies the working directory for running the command. This function is supported only when runtime is set to lcr.

+
### Constraints -- If no parameter is specified in the **isula exec** command, the **-it** parameter is used by default, indicating that a pseudo terminal is allocated and the container is accessed in interactive mode. -- When you run the **isula exec** command to execute a script and run a background process in the script, you need to use the **nohup** flag to ignore the **SIGHUP** signal. +- If no parameter is specified in the **isula exec** command, the **-it** parameter is used by default, indicating that a pseudo terminal is allocated and the container is accessed in interactive mode. +- When you run the **isula exec** command to execute a script and run a background process in the script, you need to use the **nohup** flag to ignore the **SIGHUP** signal. When you run the **isula exec** command to execute a script and run a background process in the script, you need to use the **nohup** flag. Otherwise, the kernel sends the **SIGHUP** signal to the process executed in the background when the process \(first process of the session\) exits. As a result, the background process exits and zombie processes occur. -- After running the **isula exec** command to access the container process, do not run background programs. Otherwise, the system will be suspended. +- After running the **isula exec** command to access the container process, do not run background programs. Otherwise, the system will be suspended. To run the **isula exec** command to execute a background process, perform the following steps: - 1. Run the **isula exec container\_name bash** command to access the container. - 2. After entering the container, run the **script &** command. - 3. Run the **exit** command. The terminal stops responding. + 1. Run the **isula exec container\_name bash** command to access the container. + 2. After entering the container, run the **script &** command. + 3. Run the **exit** command. The terminal stops responding. - ``` - After the isula exec command is executed to enter the container, the background program stops responding because the isula exec command is executed to enter the container and run the background while1 program. When the bash command is run to exit the process, the while1 program does not exit and becomes an orphan process, which is taken over by process 1. - The while1 process is executed by the initial bash process fork &exec of the container. The while1 process copies the file handle of the bash process. As a result, the handle is not completely closed when the bash process exits. - The console process cannot receive the handle closing event, epoll_wait stops responding, and the process does not exit. - ``` + >After the isula exec command is executed to enter the container, the background program stops responding because the isula exec command is executed to enter the container and run the background while1 program. When the bash command is run to exit the process, the while1 program does not exit and becomes an orphan process, which is taken over by process 1. + >The while1 process is executed by the initial bash process fork &exec of the container. The while1 process copies the file handle of the bash process. As a result, the handle is not completely closed when the bash process exits. + >The console process cannot receive the handle closing event, epoll_wait stops responding, and the process does not exit. -- Do not run the **isula exec** command in the background. Otherwise, the system may be suspended. +- Do not run the **isula exec** command in the background. Otherwise, the system may be suspended. Run the **isula exec** command in the background as follows: Run the **isula exec script &** command in the background, for example, **isula exec container\_name script &,isula exec**. The command is executed in the background. The script continuously displays a file by running the **cat** command. Normally, there is output on the current terminal. If you press **Enter** on the current terminal, the client exits the stdout read operation due to the I/O read failure. As a result, the terminal does not output data. The server continues to write data to the buffer of the FIFO because the process is still displaying files by running the **cat** command. When the buffer is full, the process in the container is suspended in the write operation. -- When a lightweight container uses the **exec** command to execute commands with pipe operations, you are advised to run the **/bin/bash -c** command. +- When a lightweight container uses the **exec** command to execute commands with pipe operations, you are advised to run the **/bin/bash -c** command. Typical application scenarios: Run the **isula exec container\_name -it ls /test | grep "xx" | wc -l** command to count the number of xx files in the test directory. The output is processed by **grep** and **wc** through the pipe because **ls /test** is executed with **exec**. The output of **ls /test** executed by **exec** contains line breaks. When the output is processed, the result is incorrect. - Cause: Run the **ls /test** command using **exec**. The command output contains a line feed character. Run the** | grep "xx" | wc -l** command for the output. The processing result is 2 \(two lines\). + Cause: Run the **ls /test** command using **exec**. The command output contains a line feed character. Run the**| grep "xx" | wc -l** command for the output. The processing result is 2 \(two lines\). - ``` - [root@localhost ~]# isula exec -it container ls /test + ```shell + # isula exec -it container ls /test xx xx10 xx12 xx14 xx3 xx5 xx7 xx9 xx1 xx11 xx13 xx2 xx4 xx6 xx8 - [root@localhost ~]# + # ``` Suggestion: When running the **run/exec** command to perform pipe operations, run the **/bin/bash -c** command to perform pipe operations in the container. - ``` - [root@localhost ~]# isula exec -it container /bin/sh -c "ls /test | grep "xx" | wc -l" + ```shell + # isula exec -it container /bin/sh -c "ls /test | grep "xx" | wc -l" 15 - [root@localhost ~]# + # ``` -- Do not use the **echo** option to input data to the standard input of the **exec** command. Otherwise, the client will be suspended. The echo value should be directly transferred to the container as a command line parameter. +- Do not use the **echo** option to input data to the standard input of the **exec** command. Otherwise, the client will be suspended. The echo value should be directly transferred to the container as a command line parameter. + + ```shell + # echo ls | isula exec 38 /bin/sh + - ``` - [root@localhost ~]# echo ls | isula exec 38 /bin/sh - - ^C - [root@localhost ~]# + # ``` The client is suspended when the preceding command is executed because the preceding command is equivalent to input **ls** to **stdin**. Then EOF is read and the client does not send data and waits for the server to exit. However, the server cannot determine whether the client needs to continue sending data. As a result, the server is suspended in reading data, and both parties are suspended. The correct execution method is as follows: - ``` - [root@localhost ~]# isula exec 38 ls + ```shell + # isula exec 38 ls bin dev etc home proc root sys tmp usr var ``` - ### Example Run the echo command in a running container. -``` -$ isula exec c75284634bee echo "hello,world" +```shell +# isula exec c75284634bee echo "hello,world" hello,world ``` @@ -1200,7 +1621,7 @@ To query information about a single container, run the **isula inspect** comma ### Usage -``` +```shell isula inspect [OPTIONS] CONTAINER|IMAGE [CONTAINER|IMAGE...] ``` @@ -1208,7 +1629,7 @@ isula inspect [OPTIONS] CONTAINER|IMAGE [CONTAINER|IMAGE...] The following table lists the parameters supported by the **inspect** command. -**Table 1** Parameter description +**Table 11** Parameter description - + + + + + +

Command

@@ -1218,7 +1639,7 @@ The following table lists the parameters supported by the **inspect** command.

Description

inspect

+

inspect

  

-H, --host

@@ -1226,6 +1647,16 @@ The following table lists the parameters supported by the **inspect** command.

Specifies the iSulad socket file path to be accessed.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+

-f, --format

Output format.

@@ -1239,15 +1670,16 @@ The following table lists the parameters supported by the **inspect** command.
-### Constraints - -- Lightweight containers do not support the output in \{ \{.State\} \} format but support the output in the \{ \{json .State\} \} format. The **-f** parameter is not supported when the object is an image. - ### Example Query information about a container. -``` +```shell +$ isula inspect -f '{{.State.Status} {{.State.Running}}' c75284634bee +running +true + + $ isula inspect c75284634bee [ { @@ -1383,7 +1815,7 @@ To query information about all containers, run the **isula ps** command. ### Usage -``` +```shell isula ps [OPTIONS] ``` @@ -1391,7 +1823,7 @@ isula ps [OPTIONS] The following table lists the parameters supported by the **ps** command. -**Table 1** Parameter description +**Table 12** Parameter description - + + + + + + - + + + + + +

Command

@@ -1401,7 +1833,7 @@ The following table lists the parameters supported by the **ps** command.

Description

ps

+

ps

  

  

  

@@ -1412,6 +1844,16 @@ The following table lists the parameters supported by the **ps** command.

Displays all containers.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+

-H, --host

Specifies the iSulad socket file path to be accessed.

@@ -1444,7 +1886,7 @@ The following table lists the parameters supported by the **ps** command. Query information about all containers. -``` +```shell $ isula ps -a ID IMAGE STATUS PID COMMAND EXIT_CODE RESTART_COUNT STARTAT FINISHAT RUNTIME NAMES @@ -1452,7 +1894,6 @@ e84660aa059c rnd-dockerhub.huawei.com/official/busybox running 304765 "sh" 0 $ isula ps -a --format "table {{.ID}} {{.Image}}" --no-trunc ID IMAGE e84660aa059cafb0a77a4002e65cc9186949132b8e57b7f4d76aa22f28fde016 rnd-dockerhub.huawei.com/official/busybox - ``` ## Restarting a Container @@ -1463,7 +1904,7 @@ To restart one or more containers, run the **isula restart** command. ### Usage -``` +```shell isula restart [OPTIONS] CONTAINER [CONTAINER...] ``` @@ -1471,7 +1912,7 @@ isula restart [OPTIONS] CONTAINER [CONTAINER...] The following table lists the parameters supported by the **restart** command. -**Table 1** Parameter description +**Table 13** Parameter description - + + + + + + - + + + + + +

Command

@@ -1481,13 +1922,23 @@ The following table lists the parameters supported by the **restart** command.

Description

restart

+

restart

-H, --host

Specifies the iSulad socket file path to be accessed.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+

-t, --time

Time for graceful stop. If the time exceeds the value of this parameter, the container is forcibly stopped.

@@ -1498,11 +1949,11 @@ The following table lists the parameters supported by the **restart** command. ### Constraints -- If the **t** parameter is specified and the value of **t** is less than 0, ensure that the application in the container can process the stop signal. +- If the **t** parameter is specified and the value of **t** is less than 0, ensure that the application in the container can process the stop signal. The restart command first calls the stop command to stop the container. Send the SIGTERM signal to the container, and then wait for a period of time \(**t** entered by the user\). If the container is still running after the period of time, the SIGKILL signal is sent to forcibly kill the container. -- The meaning of the input parameter **t** is as follows: +- The meaning of the input parameter **t** is as follows: **t** < 0: Wait for graceful stop. This setting is preferred when users are assured that their applications have a proper stop signal processing mechanism. @@ -1512,14 +1963,13 @@ The following table lists the parameters supported by the **restart** command. Therefore, if **t** is set to a value less than 0 \(for example, **t** = -1\), ensure that the container application correctly processes the SIGTERM signal. If the container ignores this signal, the container will be suspended when the **isula stop** command is run. - ### Example Restart a container. -``` +```shell $ isula restart c75284634beeede3ab86c828790b439d16b6ed8a537550456b1f94eb852c1c0a - c75284634beeede3ab86c828790b439d16b6ed8a537550456b1f94eb852c1c0a + c75284634beeede3ab86c828790b439d16b6ed8a537550456b1f94eb852c1c0a ``` ## Waiting for a Container to Exit @@ -1530,7 +1980,7 @@ To wait for one or more containers to exit, run the **isula wait** command. On ### Usage -``` +```shell isula wait [OPTIONS] CONTAINER [CONTAINER...] ``` @@ -1538,7 +1988,7 @@ isula wait [OPTIONS] CONTAINER [CONTAINER...] The following table lists the parameters supported by the **wait** command. -**Table 1** Parameter description +**Table 14** Parameter description - - + + + - @@ -1567,9 +2022,9 @@ The following table lists the parameters supported by the **wait** command. Wait for a single container to exit. -``` +```shell $ isula wait c75284634beeede3ab86c828790b439d16b6ed8a537550456b1f94eb852c1c0a - 137 + 137 ``` ## Viewing Process Information in a Container @@ -1580,7 +2035,7 @@ To view process information in a container, run the **isula top** command. Onl ### Usage -``` +```shell isula top [OPTIONS] container [ps options] ``` @@ -1588,7 +2043,7 @@ isula top [OPTIONS] container [ps options] The following table lists the parameters supported by the **top** command. -**Table 1** Parameter description +**Table 15** Parameter description

Command

@@ -1548,16 +1998,21 @@ The following table lists the parameters supported by the **wait** command.

Description

wait

+

wait

-H, --host

Specifies the iSulad socket file path to be accessed.

/

+

-D, --debug

+

Enables the debug mode.

+

--help

Blocks until the container stops and displays the exit code.

+

Prints help information.
- - + + + - @@ -1618,7 +2078,7 @@ The following table lists the parameters supported by the **top** command. Query process information in a container. -``` +```shell $ isula top 21fac8bb9ea8e0be4313c8acea765c8b4798b7d06e043bbab99fc20efa72629c UID PID PPID C STIME TTY TIME CMD root 22166 22163 0 23:04 pts/1 00:00:00 sh @@ -1632,7 +2092,7 @@ To display resource usage statistics in real time, run the **isula stats** com ### Usage -``` +```shell isula stats [OPTIONS] [CONTAINER...] ``` @@ -1640,7 +2100,7 @@ isula stats [OPTIONS] [CONTAINER...] The following table lists the parameters supported by the **stats** command. -**Table 1** Parameter description +**Table 16** Parameter description

Command

@@ -1598,7 +2053,7 @@ The following table lists the parameters supported by the **top** command.

Description

top

+

top

  

-H, --host

@@ -1606,9 +2061,14 @@ The following table lists the parameters supported by the **top** command.

Specifies the iSulad socket file path to be accessed.

/

+

-D, --debug

+

Enables the debug mode.

+

--help

Queries the process information of a running container.

+

Prints help information.
- @@ -1659,6 +2119,16 @@ The following table lists the parameters supported by the **stats** command. + + + + + + + + +

Command

@@ -1650,7 +2110,7 @@ The following table lists the parameters supported by the **stats** command.

Description

stats

+

stats

  

  

Specifies the iSulad socket file path to be accessed.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+

-a, --all

Displays all containers. (By default, only running containers are displayed.)

@@ -1669,6 +2139,11 @@ The following table lists the parameters supported by the **stats** command.

Display the first result only. Only statistics in non-stream mode are displayed.

--original

+

Displays the original data of the container without statistics calculation.

+
@@ -1676,20 +2151,20 @@ The following table lists the parameters supported by the **stats** command. Display resource usage statistics. -``` -$ isula stats --no-stream 21fac8bb9ea8e0be4313c8acea765c8b4798b7d06e043bbab99fc20efa72629c CONTAINER CPU % MEM USAGE / LIMIT MEM % BLOCK I / O PIDS -21fac8bb9ea8 0.00 56.00 KiB / 7.45 GiB 0.00 0.00 B / 0.00 B 1 +```shell +$ isula stats --no-stream 21fac8bb9ea8e0be4313c8acea765c8b4798b7d06e043bbab99fc20efa72629c CONTAINER CPU % MEM USAGE / LIMIT MEM % BLOCK I / O PIDS +21fac8bb9ea8 0.00 56.00 KiB / 7.45 GiB 0.00 0.00 B / 0.00 B 1 ``` ## Obtaining Container Logs ### Description -To obtain container logs, run the **isula logs** command. Only containers whose runtime is of the LCR type are supported. +To obtain container logs, run the **isula logs** command. ### Usage -``` +```shell isula logs [OPTIONS] [CONTAINER...] ``` @@ -1697,7 +2172,7 @@ isula logs [OPTIONS] [CONTAINER...] The following table lists the parameters supported by the **logs** command. -**Table 1** Parameter description +**Table 17** Parameter description - + + + + + + + + +

Command

@@ -1707,7 +2182,7 @@ The following table lists the parameters supported by the **logs** command.

Description

logs

+

logs

  

-H, --host

@@ -1715,6 +2190,16 @@ The following table lists the parameters supported by the **logs** command.

Specifies the iSulad socket file path to be accessed.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+

-f, --follow

Traces log output.

@@ -1725,18 +2210,23 @@ The following table lists the parameters supported by the **logs** command.

Displays the number of log records.

-t, --timestamps

+

Displays the timestamp.

+
### Constraints -- By default, the container log function is enabled. To disable this function, run the **isula create --log-opt disable-log=true** or **isula run --log-opt disable-log=true** command. +- By default, the container log function is enabled. To disable this function, run the **isula create --log-opt disable-log=true** or **isula run --log-opt disable-log=true** command. ### Example Obtain container logs. -``` +```shell $ isula logs 6a144695f5dae81e22700a8a78fac28b19f8bf40e8827568b3329c7d4f742406 hello, world hello, world @@ -1751,7 +2241,7 @@ To copy data between a host and a container, run the **isula cp** command. Onl ### Usage -``` +```shell isula cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH isula cp [OPTIONS] SRC_PATH CONTAINER:DEST_PATH ``` @@ -1760,7 +2250,7 @@ isula cp [OPTIONS] SRC_PATH CONTAINER:DEST_PATH The following table lists the parameters supported by the **cp** command. -**Table 1** Parameter description +**Table 18** Parameter description - + + + + + +

Command

@@ -1770,63 +2260,71 @@ The following table lists the parameters supported by the **cp** command.

Description

cp

+

cp

-H, --host

Specifies the iSulad socket file path to be accessed.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+
### Constraints -- When iSulad copies files, note that the **/etc/hostname**, **/etc/resolv.conf**, and **/etc/hosts** files are not mounted to the host, neither the **--volume** and **--mount** parameters. Therefore, the original files in the image instead of the files in the real container are copied. +- When iSulad copies files, note that the **/etc/hostname**, **/etc/resolv.conf**, and **/etc/hosts** files are not mounted to the host, neither the **--volume** and **--mount** parameters. Therefore, the original files in the image instead of the files in the real container are copied. - ``` - [root@localhost tmp]# isula cp b330e9be717a:/etc/hostname /tmp/hostname - [root@localhost tmp]# cat /tmp/hostname - [root@localhost tmp]# + ```shell + isula cp b330e9be717a:/etc/hostname /tmp/hostname + cat /tmp/hostname ``` -- When decompressing a file, iSulad does not check the type of the file or folder to be overwritten in the file system. Instead, iSulad directly overwrites the file or folder. Therefore, if the source is a folder, the file with the same name is forcibly overwritten as a folder. If the source file is a file, the folder with the same name will be forcibly overwritten as a file. +- When decompressing a file, iSulad does not check the type of the file or folder to be overwritten in the file system. Instead, iSulad directly overwrites the file or folder. Therefore, if the source is a folder, the file with the same name is forcibly overwritten as a folder. If the source file is a file, the folder with the same name will be forcibly overwritten as a file. - ``` - [root@localhost tmp]# rm -rf /tmp/test_file_to_dir && mkdir /tmp/test_file_to_dir - [root@localhost tmp]# isula exec b330e9be717a /bin/sh -c "rm -rf /tmp/test_file_to_dir && touch /tmp/test_file_to_dir" - [root@localhost tmp]# isula cp b330e9be717a:/tmp/test_file_to_dir /tmp - [root@localhost tmp]# ls -al /tmp | grep test_file_to_dir + ```shell + $ rm -rf /tmp/test_file_to_dir && mkdir /tmp/test_file_to_dir + $ isula exec b330e9be717a /bin/sh -c "rm -rf /tmp/test_file_to_dir && touch /tmp/test_file_to_dir" + $ isula cp b330e9be717a:/tmp/test_file_to_dir /tmp + $ ls -al /tmp | grep test_file_to_dir -rw-r----- 1 root root 0 Apr 26 09:59 test_file_to_dir ``` - -- iSulad freezes the container during the copy process and restores the container after the copy is complete. +- The **cp** command is used only for maintenance and fault locating. Do not use the **cp** command in the production environment. ### Example Copy the **/test/host** directory on the host to the **/test** directory on container 21fac8bb9ea8. -``` +```shell isula cp /test/host 21fac8bb9ea8:/test ``` Copy the **/www** directory on container 21fac8bb9ea8 to the **/tmp** directory on the host. -``` +```shell isula cp 21fac8bb9ea8:/www /tmp/ ``` -## Pausing a Container +## Pausing All Processes in a Container ### Description -To pause all processes in a container, run the **isula pause** command. Only containers whose runtime is of the LCR type are supported. +The **isula pause** command is used to pause all processes in one or more containers. ### Usage -``` -isula pause CONTAINER [CONTAINER...] +```shell +isula pause [OPTIONS] CONTAINER [CONTAINER...] ``` ### Parameters @@ -1839,41 +2337,51 @@ isula pause CONTAINER [CONTAINER...]

Description

pause

+

pause

-H, --host

Specifies the iSulad socket file path to be accessed.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+
### Constraints -- Only containers in the running state can be paused. -- After a container is paused, other lifecycle management operations \(such as **restart**, **exec**, **attach**, **kill**, **stop**, and **rm**\) cannot be performed. -- After a container with health check configurations is paused, the container status changes to unhealthy. +- Only containers in the running state can be paused. +- After a container is paused, other lifecycle management operations \(such as **restart**, **exec**, **attach**, **kill**, **stop**, and **rm**\) cannot be performed. +- After a container with health check configurations is paused, the container status changes to unhealthy. ### Example Pause a running container. -``` +```shell $ isula pause 8fe25506fb5883b74c2457f453a960d1ae27a24ee45cdd78fb7426d2022a8bac - 8fe25506fb5883b74c2457f453a960d1ae27a24ee45cdd78fb7426d2022a8bac + 8fe25506fb5883b74c2457f453a960d1ae27a24ee45cdd78fb7426d2022a8bac ``` -## Resuming a Container +## Resuming All Processes in a Container ### Description -To resume all processes in a container, run the **isula unpause** command. It is the reverse process of **isula pause**. Only containers whose runtime is of the LCR type are supported. +The **isula unpause** command is used to resume all processes in one or more containers. It is a reversible process of **isula pause**. ### Usage -``` -isula unpause CONTAINER [CONTAINER...] +```shell +isula unpause [OPTIONS] CONTAINER [CONTAINER...] ``` ### Parameters @@ -1886,38 +2394,48 @@ isula unpause CONTAINER [CONTAINER...]

Description

pause

+

pause

-H, --host

Specifies the iSulad socket file path to be accessed.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+
### Constraints -- Only containers in the paused state can be unpaused. +- Only containers in the paused state can be unpaused. ### Example Resume a paused container. -``` +```shell $ isula unpause 8fe25506fb5883b74c2457f453a960d1ae27a24ee45cdd78fb7426d2022a8bac - 8fe25506fb5883b74c2457f453a960d1ae27a24ee45cdd78fb7426d2022a8bac + 8fe25506fb5883b74c2457f453a960d1ae27a24ee45cdd78fb7426d2022a8bac ``` ## Obtaining Event Messages from the Server in Real Time ### **Description** -The **isula events** command is used to obtain event messages such as container image lifecycle and running event from the server in real time. Only containers whose runtime type is **lcr** are supported. +The **isula events** command is used to obtain real-time events from the server. ### Usage -``` +```shell isula events [OPTIONS] ``` @@ -1931,14 +2449,23 @@ isula events [OPTIONS]

Description

events

+

events

-H, --host

Specifies the iSulad socket file path to be accessed.

-D, --debug

+

Enables the debug mode.

+

--help

+

Prints help information.

+

-n, --name

Obtains event messages of a specified container.

@@ -1949,14 +2476,23 @@ isula events [OPTIONS]

Obtains event messages generated since a specified time.

-U, --until

+

Obtains the event at the specified time point.

+
+### Constraints + +- Support container-related events: create, start, restart, stop, exec_create, exec_die, attach, kill, top, rename, archive-path, extract-to-dir, update, pause, unpause, export, and resize. +- Supported image-related events: load, remove, pull, login, and logout. + ### Example Run the following command to obtain event messages from the server in real time: +```shell +isula events ``` -$ isula events -``` - diff --git a/docs/en/docs/Container/container-resource-management.md b/docs/en/docs/Container/container-resource-management.md index 3b7166202e7354619bb61d14e55eaa1d0386e9c3..9485b279c5059235d9746db26b6da74d1a662d27 100644 --- a/docs/en/docs/Container/container-resource-management.md +++ b/docs/en/docs/Container/container-resource-management.md @@ -10,9 +10,9 @@ - [Restricting the Number of Processes or Threads that Can Be Created in a Container](#restricting-the-number-of-processes-or-threads-that-can-be-created-in-a-container) - [Configuring the ulimit Value in a Container](#configuring-the-ulimit-value-in-a-container) +## Description - - +Features such as namespace and cgroup can be used to manage container resources. iSula supports cgroup v1 and cgroup v2 for resource restriction. Cgroup v2 is an experimental feature and should not be used for commercial purposes. When the system is configured to support cgroup v2 only and cgroup v2 is mounted to **/sys/fs/cgroup**, iSula uses cgroup v2 for resource management. Whether cgroup v1 or cgroup v2 is used, iSula provides the same interfaces for users to restrict resources. ## Sharing Resources @@ -20,6 +20,9 @@ Containers or containers and hosts can share namespace information mutually, including PID, network, IPC, and UTS information. +>![](./public_sys-resources/icon-note.gif) **Note:** +> When the namespace information is shared with the host, that is, without the corresponding namespace isolation mechanism, it is possible to query and operate the information on the host in the container, which poses a security risk. For example, when using `--pid=host` to share the PID name space of the host, you can see information about other processes on the host, or even kill host processes. Use the shared host namespace feature with caution in a secure environment. + ### Usage When running the **isula create/run** command, you can set the namespace parameters to share resources. For details, see the following parameter description table. @@ -28,7 +31,6 @@ When running the **isula create/run** command, you can set the namespace param You can specify the following parameters when running the **lcrc create/run** command: - + + + + + + + + + + - @@ -398,11 +416,11 @@ overlay 10.0M 10.0M 0 100% / ### Constraints -1. The quota applies only to the rw layer. +1. The quota applies only to the rw layer. The quota of overlay2 is for the rw layer of the container. The image size is not included. -2. The kernel supports and enables this function. +2. The kernel supports and enables this function. The kernel must support the EXT4 project quota function. When running **mkfs**, add **-O quota,project**. When mounting the file system, add **-o prjquota**. If any of the preceding conditions is not met, an error is reported when **--storage-opt size=**_value_ is used. @@ -413,14 +431,14 @@ overlay 10.0M 10.0M 0 100% / xfs or ext4 with 'pquota' mount option" ``` -3. Description of the limit of quota: - 1. If the quota is greater than the size of the partition where user **root** of iSulad is located, the file system quota displayed by running the **df** command in the container is the size of the partition where user **root** of iSulad is located, not the specified quota. - 2. **--storage-opt size=0** indicates that the size is not limited and the value cannot be less than 4096. The precision of size is one byte. If the specified precision contains decimal bytes, the decimal part is ignored. For example, if size is set to **0.1**, the size is not limited. \(The value is restricted by the precision of the floating point number stored on the computer. That is, 0.999999999999999999999999999 is equal to 1. The number of digits 9 may vary according to computers. Therefore, 4095.999999999999999999999999999 is equal to 4096.\) Note that running **isula inspect** displays the original command line specified format. If the value contains decimal bytes, you need to ignore the decimal part. - 3. If the quota is too small, for example,** --storage-opt size=4k**, the container may fail to be started because some files need to be created for starting the container. - 4. The **-o prjquota** option is added to the root partition of iSulad when iSulad is started last time. If this option is not added during this startup, the setting of the container with quota created during the last startup does not take effect. - 5. The value range of the daemon quota **--storage-opt overlay2.basesize** is the same as that of **--storage-opt size**. +3. Description of the limit of quota: + 1. If the quota is greater than the size of the partition where user **root** of iSulad is located, the file system quota displayed by running the **df** command in the container is the size of the partition where user **root** of iSulad is located, not the specified quota. + 2. **--storage-opt size=0** indicates that the size is not limited and the value cannot be less than 4096. The precision of size is one byte. If the specified precision contains decimal bytes, the decimal part is ignored. For example, if size is set to **0.1**, the size is not limited. \(The value is restricted by the precision of the floating point number stored on the computer. That is, 0.999999999999999999999999999 is equal to 1. The number of digits 9 may vary according to computers. Therefore, 4095.999999999999999999999999999 is equal to 4096.\) Note that running **isula inspect** displays the original command line specified format. If the value contains decimal bytes, you need to ignore the decimal part. + 3. If the quota is too small, for example,**--storage-opt size=4k**, the container may fail to be started because some files need to be created for starting the container. + 4. The **-o prjquota** option is added to the root partition of iSulad when iSulad is started last time. If this option is not added during this startup, the setting of the container with quota created during the last startup does not take effect. + 5. The value range of the daemon quota **--storage-opt overlay2.basesize** is the same as that of **--storage-opt size**. -4. When **storage-opt** is set to 4 KB, the lightweight container startup is different from that of Docker. +4. When **storage-opt** is set to 4 KB, the lightweight container startup is different from that of Docker. Use the **storage-opt size=4k** and image **rnd-dockerhub.huawei.com/official/ubuntu-arm64:latest** to run the container. @@ -455,14 +473,13 @@ overlay 10.0M 10.0M 0 100% / please check the config file." ``` -5. Other description: +5. Other description: When using iSulad with the quota function to switch data disks, ensure that the data disks to be switched are mounted using the **prjquota** option and the mounting mode of the **/var/lib/isulad/storage/overlay2** directory is the same as that of the **/var/lib/isulad** directory. - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Before switching the data disk, ensure that the mount point of **/var/lib/isulad/storage/overlay2** is unmounted. - ## Restricting the Number of File Handles in a Container ### Description @@ -511,7 +528,7 @@ isula run -ti --files-limit 1024 busybox bash ### Constraints -1. If the **--files-limit** parameter is set to a small value, for example, 1, the container may fail to be started. +1. If the **--files-limit** parameter is set to a small value, for example, 1, the container may fail to be started. ``` [root@localhost ~]# isula run -itd --files-limit 1 rnd-dockerhub.huawei.com/official/busybox-aarch64 @@ -530,7 +547,6 @@ isula run -ti --files-limit 1024 busybox bash The root cause is that the startup principles of the lxc and runc processes are different. After the lxc process creates the cgroup, the files.limit value is set, and then the PID of the container process is written into the cgroup.procs file of the cgroup. At this time, the process has opened more than one handle. As a result, an error is reported, and the startup fails. After you create a cgroup by running the **runc** command, the PID of the container process is written to the cgroup.procs file of the cgroup, and then the files.limit value is set. Because more than one handle is opened by the process in the cgroup, the file.limit value does not take effect, the kernel does not report any error, and the container is started successfully. - ## Restricting the Number of Processes or Threads that Can Be Created in a Container ### Description @@ -594,7 +610,7 @@ Set the **--ulimit** parameter when creating or running a container, or config Use either of the following methods to configure ulimit: -1. When running the **isula create/run** command, use **--ulimit =\[:\]** to control the resources of the executed shell program. +1. When running the **isula create/run** command, use **--ulimit =\[:\]** to control the resources of the executed shell program.

Parameter

Description

@@ -139,6 +141,24 @@ You can specify the following parameters when running the **isula create/run**

No

--cpu-rt-period

+

Limits the real-time CPU cycle (in microseconds).

+

64-bit integer

+

No

+

--cpu-rt-runtime

+

Limits the real-time CPU time (in microseconds).

+

64-bit integer

+

No

+

--cpuset-cpus

Limits the CPU nodes.

@@ -168,7 +188,7 @@ To restrict a container to use a specific CPU, add **--cpuset-cpus number** wh isula run -tid --cpuset-cpus 0,2-3 busybox sh ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >You can check whether the configuration is successful. For details, see "Querying Information About a Single Container." ## Restricting the Memory Usage of a Running Container @@ -304,32 +324,30 @@ This feature is implemented by the project quota function of the EXT4 file syste ### Usage -1. Prepare the environment. +1. Prepare the environment. Ensure that the file system supports the **Project ID** and **Project Quota** attributes, the kernel version is 4.19 or later, and the version of the peripheral package e2fsprogs is 1.43.4-2 or later. -2. Before mounting overlayfs to a container, set different project IDs for the upper and work directories of different containers and set inheritance options. After overlayfs is mounted to a container, the project IDs and inherited attributes cannot be modified. -3. Set the quota as a privileged user outside the container. -4. Add the following configuration to daemon: +2. Before mounting overlayfs to a container, set different project IDs for the upper and work directories of different containers and set inheritance options. After overlayfs is mounted to a container, the project IDs and inherited attributes cannot be modified. +3. Set the quota as a privileged user outside the container. +4. Add the following configuration to daemon: ``` -s overlay2 --storage-opt overlay2.override_kernel_check=true ``` -5. Daemon supports the following options for setting default restrictions for containers: +5. Daemon supports the following options for setting default restrictions for containers: **--storage-opt overlay2.basesize=128M** specifies the default limit. If **--storeage-opt size** is also specified when you run the **isula run** command, the value of this parameter takes effect. If no size is specified during the daemon process or when you run the **isula run** command, the size is not limited. -6. Enable the **Project ID** and **Project Quota** attributes of the file system. - - Format and mount the file system. +6. Enable the **Project ID** and **Project Quota** attributes of the file system. + - Format and mount the file system. ``` # mkfs.ext4 -O quota,project /dev/sdb # mount -o prjquota /dev/sdb /var/lib/isulad ``` - - ### Parameters When running the **create/run** command, set **--storage-opt**. @@ -349,7 +367,7 @@ When running the **create/run** command, set **--storage-opt**.

Restricts the root file system (rootfs) storage space of the container.

The size parsed by rootfsSize is a positive 64-bit integer expressed in bytes. You can also set it to ([kKmMgGtTpP])?[iI]?[bB]?$.

+

The size parsed by rootfsSize is a positive 64-bit integer expressed in bytes. You can also set it to ([kKmMgGtTpP])?[iI]?[bB]?$(In the device mapper scenario, the minimum value is 10G.).

No

Parameter

@@ -619,9 +635,9 @@ Use either of the following methods to configure ulimit:
-2. Use daemon parameters or configuration files. +2. Use daemon parameters or configuration files. - For details, see --default-ulimits in [Deployment Mode](#deployment-mode.md#EN-US_TOPIC_0184808043). + For details, see **--default-ulimits** in [Deployment Mode](#deployment-mode.md#EN-US_TOPIC_0184808043). **--ulimit** can limit the following types of resources: @@ -716,7 +732,6 @@ Use either of the following methods to configure ulimit:
- ### Example When creating or running a container, add **--ulimit =\[:\]**. For example: @@ -728,4 +743,3 @@ isula create/run -tid --ulimit nofile=1024:2048 busybox sh ### Constraints The ulimit cannot be configured in the **daemon.json** and **/etc/sysconfig/iSulad** files \(or the iSulad command line\). Otherwise, an error is reported when iSulad is started. - diff --git a/docs/en/docs/Container/container-tools.md b/docs/en/docs/Container/container-tools.md new file mode 100644 index 0000000000000000000000000000000000000000..f1d20e5f8e1cb0db2cb7bace8edd54be1780f5ab --- /dev/null +++ b/docs/en/docs/Container/container-tools.md @@ -0,0 +1,3 @@ +# Container Tools + +To better manage and use containers, iSula provides some container-related tools, including isula-build and isula-transform, which are used for container image building and container migration, respectively. This chapter describes how to install and use container tools. \ No newline at end of file diff --git a/docs/en/docs/Container/container.md b/docs/en/docs/Container/container.md index 60c6b10a0f4f4e7ee909db6cc161b8d030f3419c..d30a929ed1d4839b78b8922d4b4808e755128878 100644 --- a/docs/en/docs/Container/container.md +++ b/docs/en/docs/Container/container.md @@ -2,13 +2,9 @@ ## Overview -The openEuler software package provides iSula, the basic platform for running containers. +openEuler provides software packages of iSulad and Docker container engines. -iSula is a brand of Huawei's container technology solution. It originally means a kind of ant. This ant is also known as "bullet ant" due to the extremely painful sting, which has been compared to being shot by a bullet. In the eyes of Brazilian natives living in the Amazon jungle in Central and South America, iSula is one of the most powerful insects in the world. Huawei names the container technology solution brand based on its meaning. - -The basic container platform iSula provides both Docker engine and lightweight container engine iSulad. You can select either of them as required. - -In addition, the following container forms are provided on different application scenarios: +The following container forms are provided for different application scenarios: - Common containers applicable to most common scenarios - Secure containers applicable to strong isolation and multi-tenant scenarios diff --git a/docs/en/docs/Container/cri.md b/docs/en/docs/Container/cri.md index cd412f0664db94d13f0fcbe4e3c9cd08245022cf..06ec1866ecb104384c27d306de70e225b6890da3 100644 --- a/docs/en/docs/Container/cri.md +++ b/docs/en/docs/Container/cri.md @@ -3,6 +3,7 @@ - [CRI](#cri) - [Description](#description) - [APIs](#apis) + - [API Parameters](#api-parameters) - [Runtime Service](#runtime-service) - [RunPodSandbox](#runpodsandbox) - [StopPodSandbox](#stoppodsandbox) @@ -10,6 +11,7 @@ - [PodSandboxStatus](#podsandboxstatus) - [ListPodSandbox](#listpodsandbox) - [CreateContainer](#createcontainer) + - [Supplement](#supplement) - [StartContainer](#startcontainer) - [StopContainer](#stopcontainer) - [RemoveContainer](#removecontainer) @@ -29,8 +31,7 @@ - [PullImage](#pullimage) - [RemoveImage](#removeimage) - [ImageFsInfo](#imagefsinfo) - - [Constraints](#constraints-2) - + - [Constraints](#constraints) ## Description @@ -44,7 +45,7 @@ The current CRI version is v1alpha1. For official API description, access the fo iSulad uses the API description file of version 1.14 used by Pass, which is slightly different from the official API description file. API description in this document prevails. ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The listening IP address of the CRI WebSocket streaming service is **127.0.0.1** and the port number is **10350**. The port number can be configured in the **--websocket-server-listening-port** command or in the **daemon.json** configuration file. ## APIs @@ -53,7 +54,7 @@ The following tables list the parameters that may be used in each API. Some para ### API Parameters -- **DNSConfig** +- **DNSConfig** The API is used to configure DNS servers and search domains of a sandbox. @@ -80,8 +81,8 @@ The following tables list the parameters that may be used in each API. Some para
- -- **Protocol** + +- **Protocol** The API is used to specify enum values of protocols. @@ -103,8 +104,8 @@ The following tables list the parameters that may be used in each API. Some para
- -- **PortMapping** + +- **PortMapping** The API is used to configure the port mapping for a sandbox. @@ -136,8 +137,8 @@ The following tables list the parameters that may be used in each API. Some para
- -- **MountPropagation** + +- **MountPropagation** The API is used to specify enums of mount propagation attributes. @@ -164,8 +165,8 @@ The following tables list the parameters that may be used in each API. Some para
- -- **Mount** + +- **Mount** The API is used to mount a volume on the host to a container. \(Only files and folders are supported.\) @@ -206,8 +207,7 @@ The following tables list the parameters that may be used in each API. Some para - -- **NamespaceOption** +- **NamespaceOption** @@ -232,8 +232,8 @@ The following tables list the parameters that may be used in each API. Some para

Parameter

- -- **Capability** + +- **Capability** This API is used to specify the capabilities to be added and deleted. @@ -256,8 +256,7 @@ The following tables list the parameters that may be used in each API. Some para - -- **Int64Value** +- **Int64Value** The API is used to encapsulate data of the signed 64-bit integer type. @@ -274,8 +273,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **UInt64Value** + +- **UInt64Value** The API is used to encapsulate data of the unsigned 64-bit integer type. @@ -292,8 +291,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **LinuxSandboxSecurityContext** + +- **LinuxSandboxSecurityContext** The API is used to configure the Linux security options of a sandbox. @@ -346,8 +345,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **LinuxPodSandboxConfig** + +- **LinuxPodSandboxConfig** The API is used to configure information related to the Linux host and containers. @@ -374,8 +373,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **PodSandboxMetadata** + +- **PodSandboxMetadata** Sandbox metadata contains all information that constructs a sandbox name. It is recommended that the metadata be displayed on the user interface during container running to improve user experience. For example, a unique sandbox name can be generated based on the metadata during running. @@ -408,8 +407,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **PodSandboxConfig** + +- **PodSandboxConfig** This API is used to specify all mandatory and optional configurations for creating a sandbox. @@ -461,8 +460,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **PodSandboxNetworkStatus** + +- **PodSandboxNetworkStatus** The API is used to describe the network status of a sandbox. @@ -489,8 +488,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **Namespace** + +- **Namespace** The API is used to set namespace options. @@ -507,8 +506,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **LinuxPodSandboxStatus** + +- **LinuxPodSandboxStatus** The API is used to describe the status of a Linux sandbox. @@ -525,8 +524,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **PodSandboxState** + +- **PodSandboxState** The API is used to specify enum data of the sandbox status values. @@ -548,8 +547,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **PodSandboxStatus** + +- **PodSandboxStatus** The API is used to describe the PodSandbox status. @@ -601,8 +600,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **PodSandboxStateValue** + +- **PodSandboxStateValue** The API is used to encapsulate [PodSandboxState](#en-us_topic_0182207110_li1818214574195). @@ -619,8 +618,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **PodSandboxFilter** + +- **PodSandboxFilter** The API is used to add filter criteria for the sandbox list. The intersection of multiple filter criteria is displayed. @@ -647,10 +646,10 @@ The following tables list the parameters that may be used in each API. Some para - -- **PodSandbox** - This API is used to provide a minimum description of a sandbox. +- **PodSandbox** + + This API is used to provide a minimum description of a sandbox. @@ -690,8 +689,8 @@ The following tables list the parameters that may be used in each API. Some para

Parameter

- -- **KeyValue** + +- **KeyValue** The API is used to encapsulate key-value pairs. @@ -713,8 +712,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **SELinuxOption** + +- **SELinuxOption** The API is used to specify the SELinux label of a container. @@ -746,8 +745,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **ContainerMetadata** + +- **ContainerMetadata** Container metadata contains all information that constructs a container name. It is recommended that the metadata be displayed on the user interface during container running to improve user experience. For example, a unique container name can be generated based on the metadata during running. @@ -770,8 +769,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **ContainerState** + +- **ContainerState** The API is used to specify enums of container status values. @@ -803,8 +802,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **ContainerStateValue** + +- **ContainerStateValue** The API is used to encapsulate the data structure of [ContainerState](#en-us_topic_0182207110_li65182518309). @@ -821,8 +820,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **ContainerFilter** + +- **ContainerFilter** The API is used to add filter criteria for the container list. The intersection of multiple filter criteria is displayed. @@ -854,8 +853,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **LinuxContainerSecurityContext** + +- **LinuxContainerSecurityContext** The API is used to specify container security configurations. @@ -921,8 +920,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **LinuxContainerResources** + +- **LinuxContainerResources** The API is used to specify configurations of Linux container resources. @@ -968,8 +967,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **Image** + +- **Image** The API is used to describe the basic information about an image. @@ -1010,8 +1009,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **ImageSpec** + +- **ImageSpec** The API is used to represent the internal data structure of an image. Currently, ImageSpec encapsulates only the container image name. @@ -1028,8 +1027,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **StorageIdentifier** + +- **StorageIdentifier** The API is used to specify the unique identifier for defining the storage. @@ -1046,8 +1045,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **FilesystemUsage** + +- **FilesystemUsage** @@ -1076,8 +1075,8 @@ The following tables list the parameters that may be used in each API. Some para

Parameter
- -- **AuthConfig** + +- **AuthConfig** @@ -1116,8 +1115,8 @@ The following tables list the parameters that may be used in each API. Some para

Parameter
- -- **Container** + +- **Container** The API is used to describe container information, such as the ID and status. @@ -1174,8 +1173,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **ContainerStatus** + +- **ContainerStatus** The API is used to describe the container status information. @@ -1262,8 +1261,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **ContainerStatsFilter** + +- **ContainerStatsFilter** The API is used to add filter criteria for the container stats list. The intersection of multiple filter criteria is displayed. @@ -1290,8 +1289,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **ContainerStats** + +- **ContainerStats** The API is used to add filter criteria for the container stats list. The intersection of multiple filter criteria is displayed. @@ -1323,8 +1322,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **ContainerAttributes** + +- **ContainerAttributes** The API is used to list basic container information. @@ -1356,8 +1355,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **CpuUsage** + +- **CpuUsage** The API is used to list the CPU usage information of a container. @@ -1379,8 +1378,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **MemoryUsage** + +- **MemoryUsage** The API is used to list the memory usage information of a container. @@ -1402,8 +1401,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **FilesystemUsage** + +- **FilesystemUsage** The API is used to list the read/write layer information of a container. @@ -1435,8 +1434,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **Device** + +- **Device** The API is used to specify the host volume to be mounted to a container. @@ -1462,8 +1461,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **LinuxContainerConfig** + +- **LinuxContainerConfig** The API is used to specify Linux configurations. @@ -1484,8 +1483,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **ContainerConfig** + +- **ContainerConfig** The API is used to specify all mandatory and optional fields for creating a container. @@ -1571,8 +1570,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **NetworkConfig** + +- **NetworkConfig** This API is used to specify runtime network configurations. @@ -1588,8 +1587,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **RuntimeConfig** + +- **RuntimeConfig** This API is used to specify runtime network configurations. @@ -1605,8 +1604,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **RuntimeCondition** + +- **RuntimeCondition** The API is used to describe runtime status information. @@ -1637,8 +1636,8 @@ The following tables list the parameters that may be used in each API. Some para - -- **RuntimeStatus** + +- **RuntimeStatus** The API is used to describe runtime status. @@ -1655,33 +1654,28 @@ The following tables list the parameters that may be used in each API. Some para - - - ### Runtime Service The runtime service provides APIs for operating pods and containers, and APIs for querying the configuration and status information of the runtime service. - - #### RunPodSandbox -#### Prototype +##### Prototype -``` +```shell rpc RunPodSandbox(RunPodSandboxRequest) returns (RunPodSandboxResponse) {} ``` -#### Description +##### Description This API is used to create and start a PodSandbox. If the PodSandbox is successfully run, the sandbox is in the ready state. -#### Precautions +##### Precautions -1. The default image for starting a sandbox is **rnd-dockerhub.huawei.com/library/pause-$\{**_machine_**\}:3.0** where **$\{**_machine_**\}** indicates the architecture. On x86\_64, the value of _machine_ is **amd64**. On ARM64, the value of _machine_ is **aarch64**. Currently, only the **amd64** or **aarch64** image can be downloaded from the rnd-dockerhub registry. If the image does not exist on the host, ensure that the host can download the image from the rnd-dockerhub registry. If you want to use another image, refer to **pod-sandbox-image** in the _iSulad Deployment Configuration_. -2. The container name is obtained from fields in [PodSandboxMetadata](#apis.md#en-us_topic_0182207110_li2359918134912) and separated by underscores \(\_\). Therefore, the metadata cannot contain underscores \(\_\). Otherwise, the [ListPodSandbox](#listpodsandbox.md#EN-US_TOPIC_0184808098) API cannot be used for query even when the sandbox is running successfully. +1. The default image for starting a sandbox is **rnd-dockerhub.huawei.com/library/pause-$\{**_machine_**\}:3.0** where **$\{**_machine_**\}** indicates the architecture. On x86\_64, the value of _machine_ is **amd64**. On ARM64, the value of _machine_ is **aarch64**. Currently, only the **amd64** or **aarch64** image can be downloaded from the rnd-dockerhub registry. If the image does not exist on the host, ensure that the host can download the image from the rnd-dockerhub registry. If you want to use another image, refer to **pod-sandbox-image** in the _iSulad Deployment Configuration_. +2. The container name is obtained from fields in [PodSandboxMetadata](#apis.md#en-us_topic_0182207110_li2359918134912) and separated by underscores \(\_\). Therefore, the metadata cannot contain underscores \(\_\). Otherwise, the [ListPodSandbox](#listpodsandbox.md#EN-US_TOPIC_0184808098) API cannot be used for query even when the sandbox is running successfully. -#### Parameters +##### Parameters

Parameter

@@ -1702,7 +1696,7 @@ This API is used to create and start a PodSandbox. If the PodSandbox is successf
-#### Return Values +##### Return Values - + + + + + + - + + + + + + - - -

Return Value

@@ -1720,17 +1714,17 @@ This API is used to create and start a PodSandbox. If the PodSandbox is successf #### StopPodSandbox -#### Prototype +##### Prototype -``` +```shell rpc StopPodSandbox(StopPodSandboxRequest) returns (StopPodSandboxResponse) {} ``` -#### Description +##### Description This API is used to stop PodSandboxes and sandbox containers, and reclaim the network resources \(such as IP addresses\) allocated to a sandbox. If any running container belongs to the sandbox, the container must be forcibly stopped. -#### Parameters +##### Parameters

Parameter

@@ -1746,7 +1740,7 @@ This API is used to stop PodSandboxes and sandbox containers, and reclaim the ne
-#### Return Values +##### Return Values - + + +

Return Value

@@ -1764,21 +1758,22 @@ This API is used to stop PodSandboxes and sandbox containers, and reclaim the ne #### RemovePodSandbox -#### Prototype +##### Prototype -``` +```shell rpc RemovePodSandbox(RemovePodSandboxRequest) returns (RemovePodSandboxResponse) {} ``` -#### Description +##### Description This API is used to delete a sandbox. If any running container belongs to the sandbox, the container must be forcibly stopped and deleted. If the sandbox has been deleted, no errors will be returned. -#### Precautions +##### Precautions 1. When a sandbox is deleted, network resources of the sandbox are not deleted. Before deleting a pod, you must call StopPodSandbox to clear network resources. Ensure that StopPodSandbox is called at least once before deleting the sandbox. +2. Ifa sanbox is deleted and containers in the sandbox is not deleted successfully, you need to manually delete the containers. -#### Parameters +##### Parameters

Parameter

@@ -1794,7 +1789,7 @@ This API is used to delete a sandbox. If any running container belongs to the sa
-#### Return Values +##### Return Values + + + + + + + + + + - @@ -413,7 +444,7 @@ overlay 10.0M 10.0M 0 100% / 3. 限制额度的说明。 1. 限制的额度大于isulad的root所在分区的size时,在容器内用df看到的文件系统的额度是isulad的root所在分区的size,而不是设置的限额。 - 2. --storage-opt size=0代表不限制,且设置值不能小于4096。size的精度为1个字节,如果指定精度含小数个字节,小数部分被忽略,如指定size=0.1实际等同于size=0不限制。(受计算机存储浮点数精度的限制,即0.999999999999999999999999999与1是等价的,具体的9的个数不同计算机可能存在差异,故设置4095.999999999999999999999999999与4096等价,其它情况类似),注意isula inspect显示原始命令行指定形式,如果含小数字节,需自行忽略小数部分。 + 2. --storage-opt size=0代表不限制,且设置值不能小于4096。size的精度为1个字节,如果指定精度含小数个字节,小数部分被忽略,如指定size=0.1实际等同于size=0不限制。(受计算机存储浮点数精度的限制,即0.999999999999999999999999999与1是等价的,具体的9的个数不同计算机可能存在差异,故设置4095.999999999999999999999999999与4096等价,其他情况类似),注意isula inspect显示原始命令行指定形式,如果含小数字节,需自行忽略小数部分。 3. 限制的额度过小时,比如--storage-opt size=4k,可能会导致容器无法启动,因为启动容器本身需要创建一些文件。 4. 上一次启动isulad时,isulad的root所在分区挂载时加了-o prjquota选项,这次启动时不加,那么上一次启动中创建的带quota的容器的设置值不生效。 5. daemon端配额--storage-opt overlay2.basesize,其取值范围与--storage-opt size相同。 @@ -529,7 +560,7 @@ isula run -ti --files-limit 1024 busybox bash 根因是lxc和runc启动过程的原理不一样,lxc创建cgroup子组后先设置files.limit值,再将容器进程的PID写入该子组的cgroup.procs文件,此时该进程已经打开超过1个句柄,因而写入报错导致启动失败。runc创建cgroup子组后先将容器进程的PID写入该子组的cgroup.procs文件,再设置files.limit值,此时由于该子组内的进程已经打开超过1个句柄,因而写入files.limit不会生效,内核也不会报错,容器启动成功。 -## 限制容器内可以创建的进程-线程数.md">限制容器内可以创建的进程/线程数 +## 限制容器内可以创建的进程/线程数 ### 描述 @@ -619,7 +650,7 @@ isula run -ti --pids-limit 1024 busybox bash 2. 通过daemon端参数或配置文件 - 详见"(命令行参数说明"与"部署方式"的--default-ulimits相关选项。 + 详见"命令行参数说明"与"部署方式"的--default-ulimits相关选项。 --ulimit可以对以下类型的资源进行限制。 diff --git "a/docs/zh/docs/Container/\346\214\207\345\256\232rootfs\345\210\233\345\273\272\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/\346\214\207\345\256\232rootfs\345\210\233\345\273\272\345\256\271\345\231\250.md" index dd6a08280d086eaabbe4e98baf9428e663fcf03d..d5e3f4f9f1b424b6224b13735ea5d25326b502d2 100644 --- "a/docs/zh/docs/Container/\346\214\207\345\256\232rootfs\345\210\233\345\273\272\345\256\271\345\231\250.md" +++ "b/docs/zh/docs/Container/\346\214\207\345\256\232rootfs\345\210\233\345\273\272\345\256\271\345\231\250.md" @@ -28,7 +28,7 @@ ## 约束限制 - 参数--external-rootfs指定的rootfs目录必须为绝对路径,不能为相对路径。 -- 参数--external-rootfs指定的rootfs目录必须为一个完整运行的操作系统环境,否则容器会启动失败。 +- 参数--external-rootfs指定的rootfs目录必须为一个完整运行的操作系统环境(包含systemd软件包),否则容器会启动失败。 - 容器删除时,不会删除--external-rootfs指定的rootfs目录。 - 不支持在x86环境上运行基于arm rootfs的容器,也不支持在arm环境上运行基于x86 rootfs的容器。 - 同一份rootfs,不建议启动多个容器实例,即同一份rootfs只供一个生命周期内的容器实例使用。 diff --git "a/docs/zh/docs/Container/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" "b/docs/zh/docs/Container/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" index cb48737268e36d2c83e8af8cfa56e644d99d6acc..f8e3feb49a5b5d9e66acc3c97196f7d5f6f018cb 100644 --- "a/docs/zh/docs/Container/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" +++ "b/docs/zh/docs/Container/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" @@ -1,12 +1,12 @@ # 支持CNI网络 -- [支持CNI网络](#支持CNI网络) +- [支持CNI网络](#支持cni网络) - [描述](#描述) - [接口](#接口) - - [CNI网络配置说明](#CNI网络配置说明) - - [加入CNI网络列表](#加入CNI网络列表) - - [退出CNI网络列表](#退出CNI网络列表) + - [CNI网络配置说明](#cni网络配置说明) + - [加入CNI网络列表](#加入cni网络列表) + - [退出CNI网络列表](#退出cni网络列表) - [使用限制](#使用限制) @@ -90,8 +90,8 @@ CNI对用户可见的接口,主要涉及CNI网络配置和Pod配置中CNI网 CNI网络配置包含两种类型,文件格式都为json: -- 单网络平面配置,以.conf和.json为后缀的文件:具体的配置项请参见"附录 > CNI配置参数" 章节的 "表 CNI单网络配置参数"。 -- 多网络平面配置,以.conflist为后缀的文件:具体的配置项请参见"附录 > CNI配置参数" 章节的 "表3 CNI多网络配置参数"。 +- 单网络平面配置,以.conf和.json为后缀的文件:具体的配置项请参见"[附录 > CNI配置参数" 章节的 "表1 CNI单网络配置参数](附录.md/#zh-cn_topic_0184347952_table425023335913)"。 +- 多网络平面配置,以.conflist为后缀的文件:具体的配置项请参见"[附录 > CNI配置参数" 章节的 "表3 CNI多网络配置参数](附录.md/#zh-cn_topic_0184347952_table657910563105)"。 ### 加入CNI网络列表 @@ -109,7 +109,7 @@ Pod配置中和网络相关的还有port\_mappings项,用于设置Pod的端口 ] ``` -- protocal:表示映射使用的协议,支持tcp(用0标识)、udp(用1标识); +- protocol:表示映射使用的协议,支持tcp(用0标识)、udp(用1标识); - container\_port:表示容器映射出去的port; - host\_port:表示映射到主机的port。 @@ -118,8 +118,8 @@ Pod配置中和网络相关的还有port\_mappings项,用于设置Pod的端口 StopPodSandbox的时候,会调用退出CNI网络的接口,清理网络相关的资源。 >![](./public_sys-resources/icon-note.gif) **说明:** ->1. 在调用RemovePodSandbox接口之前,至少要调用一次StopPodSandbox接口 ->2. StopPodSandbox调用CNI接口失败,可能导致的网络资源残留。 +>1. 在调用RemovePodSandbox接口之前,至少要调用一次StopPodSandbox接口。 +>2. StopPodSandbox调用CNI接口失败,导致的网络资源残留,由CNI网络插件负责清理。 ## 使用限制 diff --git "a/docs/zh/docs/Container/\346\224\257\346\214\201OCI-hooks.md" "b/docs/zh/docs/Container/\346\224\257\346\214\201OCI-hooks.md" index 2cbaaf6a36ca2bdf5cb94bc8c17a08c3cd494c71..d879bf87382fade986d09e64c8512d4514365060 100644 --- "a/docs/zh/docs/Container/\346\224\257\346\214\201OCI-hooks.md" +++ "b/docs/zh/docs/Container/\346\224\257\346\214\201OCI-hooks.md" @@ -49,14 +49,14 @@ hook的配置为json格式,一般存放在json结尾的文件中,示例如 ## 接口 -isulad和isula都提供了hook的接口,isulad提供了默认的hook配置,会作用于所有容器;而isula提供的hook接口,只会作用于当前创建的容器。 +iSulad和iSula都提供了hook的接口,iSulad提供了默认的hook配置,会作用于所有容器;而iSula提供的hook接口,只会作用于当前创建的容器。 -isulad提供的默认OCI hooks配置: +iSulad提供的默认OCI hooks配置: - 通过/etc/isulad/daemon.json配置文件的hook-spec配置项设置hook配置的文件路径:"hook-spec": "/etc/default/isulad/hooks/default.json"。 - 通过isulad --hook-spec参数设置hook配置的文件路径。 -isula提供的OCI hooks配置: +iSula提供的OCI hooks配置: - isula create --hook-spec:指定hook配置的json文件的路径。 - isula run --hook-spec:指定hook配置的json文件的路径。 diff --git "a/docs/zh/docs/Container/\346\234\254\345\234\260\345\215\267\347\256\241\347\220\206.md" "b/docs/zh/docs/Container/\346\234\254\345\234\260\345\215\267\347\256\241\347\220\206.md" new file mode 100644 index 0000000000000000000000000000000000000000..1831b9c30acc48f91d3a5f35c74b74c3ba3ffcb0 --- /dev/null +++ "b/docs/zh/docs/Container/\346\234\254\345\234\260\345\215\267\347\256\241\347\220\206.md" @@ -0,0 +1,202 @@ +# 本地卷管理 + +- [本地卷管理](#本地卷管理) + - [概述](#概述) + - [注意事项](#注意事项) + - [使用方法](#使用方法) + - [使用-v参数挂载数据](#使用-v参数挂载数据) + - [**命令格式**](#命令格式) + - [**功能描述**](#功能描述) + - [**参数说明**](#参数说明) + - [**示例**](#示例) + - [使用--mount参数挂载数据](#使用--mount参数挂载数据) + - [**命令格式**](#命令格式-1) + - [**功能描述**](#功能描述-1) + - [**参数说明**](#参数说明-1) + - [**示例**](#示例-1) + - [复用其他容器中的挂载配置](#复用其他容器中的挂载配置) + - [**命令格式**](#命令格式-2) + - [**功能描述**](#功能描述-2) + - [**参数说明**](#参数说明-2) + - [**示例**](#示例-2) + - [使用镜像中的匿名卷](#使用镜像中的匿名卷) + - [卷的查询](#卷的查询) + - [**命令格式**](#命令格式-3) + - [**功能描述**](#功能描述-3) + - [**参数说明**](#参数说明-3) + - [**示例**](#示例-3) + - [卷的删除](#卷的删除) + - [**命令格式**](#命令格式-4) + - [**功能描述**](#功能描述-4) + - [**参数说明**](#参数说明-4) + - [**示例**](#示例-4) + - [注意事项](#注意事项-1) + - [冲突合并规则](#冲突合并规则) + - [iSula和Docker的差异](#isula和docker的差异) + +## 概述 + +iSula 管理的容器销毁后,容器内自身所有的数据都会被销毁。如果用户希望容器销毁后依然保留数据,则需要有一种持久化数据的机制。iSula 允许将主机上的文件、目录或卷在容器运行时挂载到容器内。用户可以将需要持久化的数据写入容器内的挂载点。则容器销毁后,主机上的文件、目录、卷依然保留。如果用户需要销毁主机上的文件、目录、卷,可以手动删除文件、目录或者执行 iSula 的相关命令删除卷。对于卷的管理目前 iSula 只支持本地卷,本地卷又分为有名卷和匿名卷。由用户指定名称生产的卷叫有名卷,用户没有指定卷名称,由 iSula 自动生成卷名(一个64位的随机数)的卷为匿名卷。 + +本章介绍通过 iSula 管理本地卷的使用方法。 + +## 注意事项 +- 卷名称长度2-64个字符,符合正则表达式:^[a-zA-Z0-9][a-zA-Z0-9_.-]{1,63}$,即卷名称首字符必须为字母或者数字,从第二个字符开始可以为字母、数字或者"_"、"."、"-"这几个字符。 +- 创建容器时,如果卷对应的容器内的挂载点存在数据,则默认会拷贝到卷里。如果拷贝过程中出现了 iSula 崩溃重启或者系统掉电之类的异常,则卷内的数据可能是不完整的,这时需要手动删除卷或者卷内数据,确保数据的正确完整。 + +## 使用方法 + +### 使用-v参数挂载数据 + +#### **命令格式** +```shell +isula run -v [SRC:]DST[:MODE,MODE...] IMAGE +``` + +#### **功能描述** +使用 create / run 创建并运行容器时,使用 -v/--volume 参数将主机上的文件、目录或者卷挂载到容器内用于数据持久化。 + +#### **参数说明** +- SRC: 用于挂载的文件、目录或者卷在主机上的路径,当值为绝对路径时,表示挂载主机上的文件或者文件夹。当值为卷名时,表示挂载卷。当省略该项时,表示挂载匿名卷。当文件夹或者卷不存在时,iSula会先创建一个新的文件夹/卷,再进行挂载操作。 +- DST: 容器内的挂载路径,必须为绝对路径。 +- MODE: 当挂载的源是目录或者文件时,合法的参数是ro/rw/z/Z/private/rprivate/slave/rslave/shared/rshared。同类型的参数只能配置一个。当挂载的源是卷时,合法的参数是ro/rw/z/Z/nocopy,同类型的参数只能配置一个。多个属性之间使用","连接。参数含义如下: + +| 参数 | 参数含义 | +| -------- | -----------------------------------------------| +| ro | 容器内挂载点挂载为只读属性 | +| rw | 容器内挂载点挂载为读写属性 | +| z | 如果开启了SELinux,则挂载时添加SELinux共享标签 | +| Z | 如果开启了SELinux,则挂载时添加SELinux私有标签 | +| private | 容器内挂载点挂载为私有传播属性 | +| rprivate | 容器内挂载点递归挂载为私有传播属性 | +| slave | 容器内挂载点挂载为从属传播属性 | +| rslave | 容器内挂载点递归挂载为从属传播属性 | +| shared | 容器内挂载点挂载为共享传播属性 | +| rshared | 容器内挂载点递归挂载为共享传播属性 | +| nocopy | 不拷贝挂载点内的数据,该参数不进行配置时默认会拷贝数据。另外,如果卷里已经有数据了,也不会进行拷贝 | + + +#### **示例** +基于 busybox 运行容器并创建/挂载名称为 vol 的卷到容器的 /vol 目录,同时配置挂载点为只读,并且如果容器中对应挂载点有数据也不进行拷贝。 +```shell +isula run -v vol:/vol:ro,nocopy busybox +``` + +### 使用--mount参数挂载数据 + +#### **命令格式** +```shell +isula run --mount [type=TYPE,][src=SRC,]dst=DST[,KEY=VALUE] busybox +``` + +#### **功能描述** +使用 create / run 创建并运行容器时,使用 --mount 参数将主机上的文件、目录、卷或者文件系统挂载到容器内用于数据持久化。 + +#### **参数说明** +- type: 挂载到容器中的数据的类型,类型可以是 bind、volume、squashfs、tmpfs, 省略该项时默认为volume类型。 +- src: 用于挂载的文件、目录或者卷在主机上的路径。当值为绝对路径时,表示挂载主机上的文件或者目录。当值为卷名时,表示挂载卷。当省略该项时,表示匿名卷。当文件夹或者卷不存在时,iSula会先创建一个新的文件/卷,再进行挂载操作。该项的关键字 src 也可以写成 source。 +- dst: 容器内的挂载路径,必须为绝对路径。该项的关键字 dst 也可以写成 destination 或者 target。 +- KEY=VALUE: 表示 --mount 的参数,可以取如下值: + +| KEY 值 | VALUE | +| ------------------------------ | --------------------------------------------------------------------------- | +| selinux-opts/bind-selinux-opts | z或者Z。z表示如果开启了SElinux,则挂载时添加SElinux共享标签;Z表示如果开启了SElinux,则挂载时添加SElinux私有标签 | +| ro/readonly | 0/false 表示挂载成读写属性,1/true 表示挂载成只读属性。该项的值可以省略表示挂载成只读。该项只在 type=bind 时支持配置该参数 | +| bind-propagation | 值为private/rprivate/slave/rslave/shared/rshared,含义同上面-v参数中对应的值。只在type=bind时支持该参数 | +| volume-nocopy | 不拷贝挂载点内的数据,该参数不进行配置时默认会拷贝数据。另外,如果卷里已经有数据了,也不会进行拷贝。只在 type=volume 时支持该参数 | +| tmpfs-size | 挂载tmpfs时指定挂载的tmpfs空间的最大值,默认无限制 | +| tmpfs-mode | 挂载tmpfs时指定挂载的权限,默认1777 | + +#### **示例** +基于 busybox 运行容器并创建/挂载名称为 vol 的卷到容器的 /vol 目录,同时配置挂载点为只读,并且如果容器中对应挂载点有数据也不进行拷贝。 +```shell +isula run --mount type=volume,src=vol,dst=/vol,ro=true,volume-nocopy=true busybox +``` + +### 复用其他容器中的挂载配置 + +#### **命令格式** +```shell +isula run --volumes-from CON1[:MODE] busybox +``` + +#### **功能描述** +使用 create / run 创建并运行容器时,使用 --volumes-from 参数表示挂载点配置包括CON1容器的挂载点配置。可以配置多个 --volumes-from 参数。 + +#### **参数说明** +- CON1: 被复用挂载点的容器的名称或者ID。 +- MODE: 值为ro表示复用的挂载点挂载为只读属性,值为rw表示复用的挂载点挂载为读写属性。 + +#### **示例** +假设已经有名称为 container1 的容器配置了卷 vol1 到容器目录 /vol1,名称为 container2 的容器配置了卷 vol2 到容器目录 /vol2。现在运行一个新的容器复用 container1 和 container2 的挂载配置,即卷 vol1 挂载到容器的 /vol1 目录,vol2 挂载到容器的 /vol2 目录。 +```shell +isula run --volumes-from container1 --volumes-from container2 busbyox +``` + +### 使用镜像中的匿名卷 + +使用镜像中的匿名卷不需要用户做任何配置。如果镜像中配置了匿名卷,则在运行容器时 iSula 会自动创建一个匿名卷并挂载到镜像中指定的路径供用户使用。用户可以往容器中的匿名卷挂载点写入数据进行数据持久化。 + +### 卷的查询 + +#### **命令格式** +```shell +isula volume ls [OPTIONS] +``` + +#### **功能描述** +查询 iSula 管理的所有卷。 + +#### **参数说明** +OPTIONS 可选参数: +- -q,--quiet: 如果不加这个参数,默认只会查询到卷的驱动信息和卷的名称,添加该参数表示只查询卷的名称。 + +#### **示例** +查询 iSula 管理的所有卷,只返回卷名称。 +```shell +isula volume ls -q +``` + +### 卷的删除 + +#### **命令格式** +``` +isula volume rm [OPTIONS] VOLUME [VOLUME...] +isula volume prune [OPTIONS] +``` + +#### **功能描述** +- rm 命令:删除指定的卷,如果卷被容器使用了,则会删除失败。 +- prune 命令:删除所有未被容器使用的卷。 + +#### **参数说明** +prune 命令的 OPTIONS 可选参数: +- -f,--force: 表示不弹出“确认是否要删除”的提示,默认会有风险提示,需要输入 y 才能继续执行。 + +#### **示例** +删除卷 vol1 和卷 vol2 +```shell +isula volume rm vol1 vol2 +``` +删除所有未被使用的卷,不弹出风险提示,格式如下: +```shell +isula volume prune -f +``` + +### 注意事项 + +#### 冲突合并规则 +如果卷的挂载点有冲突,则按照如下规则处理: +- -v 和 --mount 的配置冲突,则返回失败。 +- --volumes-from 里获取的配置,如果和 -v/--mount 配置有冲突,则丢弃。 +- 镜像中的匿名卷配置,如果和 -v/--mount/--volumes-from 配置有冲突,则丢弃。 + +#### iSula和Docker的差异 +| iSula行为 | Docker行为 | +| ------------------------------------------- | ------------------------------------------- | +| 卷名称最长64个字符 | 卷名称长度没有限制 | +| --mount 参数,如果挂载的源不存在,则会创建 | --mount 参数,如果挂载的源不存在,则会报错 | +| --mount 参数,支持 bind-selinux-opts 和 selinux-opts 参数配置 z/Z | --mount 参数,不支持 bind-selinux-opts 和 selinux-opts 参数 | +| 挂载点冲突合并规则,不做特殊处理 | 挂载点冲突合并规则,将 -v 指定的匿名卷当成镜像中的匿名卷一样处理 | +| volume prune 命令,提示回收了多少空间 | volume prune 命令,不会提示回收了多少空间 | +| -v/--mount/--volumes-from 配置在 hostconfig 中,匿名卷配置在 config 中 | -v 配置的匿名卷放在 config 配置中,其他配置在 hostconfig 中 | diff --git "a/docs/zh/docs/Container/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" "b/docs/zh/docs/Container/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" index dce9e2e799bc6bd71df97264fe3839feca7505dc..6867aeef7fee5cec794b8078ac8597e48df140e4 100644 --- "a/docs/zh/docs/Container/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" +++ "b/docs/zh/docs/Container/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" @@ -38,7 +38,7 @@ >安全容器网络使用仅支持CNI网络,不支持CNM网络,不支持使用-p和--expose暴露容器端口,使用安全容器时需指定参数--net=none。 4. 启动一个Pod - 1. 启动pause容器并根据回显获取pod的sandbox-id。使用docker-engine和iSula容器引擎启动的命令分别如下: + 1. 启动pause容器并根据回显获取Pod的sandbox-id。使用docker-engine和iSula容器引擎启动的命令分别如下: ``` docker run -tid --runtime kata-runtime --network none --annotation io.kubernetes.docker.type=podsandbox @@ -50,7 +50,7 @@    - 1. 创建业务容器并加入到这个pod中。使用docker-engine和iSula容器引擎创建的命令分别如下: + 1. 创建业务容器并加入到这个Pod中。使用docker-engine和iSula容器引擎创建的命令分别如下: ``` docker run -tid --runtime kata-runtime --network none --annotation io.kubernetes.docker.type=container --annotation io.kubernetes.sandbox.id= busybox @@ -93,7 +93,7 @@ docker rm -f ## 在容器中执行一条新的命令 -由于pause容器仅作为占位容器,如果启动一个Pod时,请在业务容器内执行新的命令,pause容器并没有相应的指令;如果只启动一个容器时,则可以直接执行新增命令: +由于pause容器仅作为占位容器,如果启动一个Pod时,请在业务容器内执行新的命令,pause容器并没有相应的指令。如果只启动一个容器时,则可以直接执行新增命令: ``` docker exec -ti diff --git "a/docs/zh/docs/Container/\347\263\273\347\273\237\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/\347\263\273\347\273\237\345\256\271\345\231\250.md" index 9990642dc705743d0b96b5dd53930e30b3984431..c1126a1c3c3cd3900ff1452ac9a973f013d25732 100644 --- "a/docs/zh/docs/Container/\347\263\273\347\273\237\345\256\271\345\231\250.md" +++ "b/docs/zh/docs/Container/\347\263\273\347\273\237\345\256\271\345\231\250.md" @@ -1,2 +1,3 @@ # 系统容器 -系统容器主要应对在重计算、高性能、大并发的场景下,重型应用和业务云化的问题。相比较虚拟机技术,系统容器可直接继承物理机特性,同时具备性能更优良,较少overhead的优点。从系统资源分配来看,系统容器在有限资源上相比虚拟机可分配更多计算单元,降低成本,通过系统容器可以构建产品的差异化竞争力,提供计算密度更高,价格更便宜,性能更优良的的计算单元实例。 \ No newline at end of file + +系统容器主要应对在重计算、高性能、大并发的场景下,重型应用和业务云化的问题。相比较虚拟机技术,系统容器可直接继承物理机特性,同时具备性能更优良,较少overhead的优点。从系统资源分配来看,系统容器在有限资源上相比虚拟机可分配更多计算单元,降低成本,通过系统容器可以构建产品的差异化竞争力,提供计算密度更高,价格更便宜,性能更优良的计算单元实例。 diff --git "a/docs/zh/docs/Container/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" "b/docs/zh/docs/Container/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" index b0657e392f6f20ee2db857f4d89893662ea0ff56..17aa9b0cd3639abfdb594007115c413a42048199 100644 --- "a/docs/zh/docs/Container/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" +++ "b/docs/zh/docs/Container/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" @@ -5,7 +5,6 @@ - [info](#info) - [version](#version) - ## events 用法:**docker events \[OPTIONS\]** @@ -16,14 +15,14 @@ \--since="" 显示指定时间戳之后的事件 -\--until="" 显示直到指定之间戳的事件 +\--until="" 显示直到指定时间戳的事件 示例: 该示例中,执行docker events后,用docker run创建并启动一个容器,docker events将输出create事件和start事件。 -``` -$ sudo docker events +```sh +# sudo docker events 2019-08-28T16:23:09.338838795+08:00 container create 53450588a20800d8231aa1dc4439a734e16955387efb5f259c47737dba9e2b5e (image=busybox:latest, name=eager_wu) 2019-08-28T16:23:09.339909205+08:00 container attach 53450588a20800d8231aa1dc4439a734e16955387efb5f259c47737dba9e2b5e (image=busybox:latest, name=eager_wu) 2019-08-28T16:23:09.397717518+08:00 network connect e2e20f52662f1ee2b01545da3b02e5ec7ff9c85adf688dce89a9eb73661dedaa (container=53450588a20800d8231aa1dc4439a734e16955387efb5f259c47737dba9e2b5e, name=bridge, type=bridge) @@ -31,8 +30,6 @@ $ sudo docker events 2019-08-28T16:23:09.924121158+08:00 container resize 53450588a20800d8231aa1dc4439a734e16955387efb5f259c47737dba9e2b5e (height=48, image=busybox:latest, name=eager_wu, width=210) ``` -   - ## info 用法:**docker info** @@ -43,8 +40,8 @@ $ sudo docker events 示例: -``` -$ sudo docker info +```sh +# sudo docker info Containers: 4 Running: 3 Paused: 0 @@ -70,8 +67,6 @@ Storage Driver: devicemapper ...... ``` -   - ## version 用法:**docker version** @@ -82,8 +77,8 @@ Storage Driver: devicemapper 示例: -``` -$ sudo docker version +```sh +# sudo docker version Client: Version: 18.09.0 EulerVersion: 18.09.0.48 @@ -105,6 +100,3 @@ Server: OS/Arch: linux/arm64 Experimental: false ``` - -   - diff --git "a/docs/zh/docs/Container/\351\200\232\350\277\207systemd\345\220\257\345\212\250\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/\351\200\232\350\277\207systemd\345\220\257\345\212\250\345\256\271\345\231\250.md" index a70e8dc59002233c3ddddb0a67c315f919c28b0d..c2b0d106f002118d5dc476dd9013a6a737dbf99b 100644 --- "a/docs/zh/docs/Container/\351\200\232\350\277\207systemd\345\220\257\345\212\250\345\256\271\345\231\250.md" +++ "b/docs/zh/docs/Container/\351\200\232\350\277\207systemd\345\220\257\345\212\250\345\256\271\345\231\250.md" @@ -2,7 +2,7 @@ ## 功能描述 -系统容器与普通容器最大的差异就在于容器启动的init进程,普通容器无法通过systemd启动系统服务,而系统容器具备这个能力,通过在启动容器时指定\--system-contianer参数可以使能systemd服务。 +系统容器与普通容器最大的差异就在于容器启动的init进程,普通容器无法通过systemd启动系统服务,而系统容器具备这个能力,通过在启动容器时指定\--system-container参数可以使能systemd服务。 ## 参数说明 @@ -31,7 +31,7 @@ - 系统容器都是init启动,init进程不响应表示正常退出的SIGTERM信号,stop默认在10s之后才会强制杀死容器。如果需要快速结束,可以手动指定stop的超时时间。 - \--system-container必须配合\--external-rootfs参数一起使用。 - 系统容器内支持运行各类服务,服务的启停通过systemctl来管理,服务之间可能会出现相互依赖关系导致异常情况下某些服务进程出现D/Z状态,使得容器无法正常退出。 -- 系统容器内的某些服务进程可能会影响其它操作结果,例如容器内若运行了NetworkManager服务,可能会影响向容器添加网卡的行为(网卡添加成功然后被NetworkManger停掉),导致不可预期的结果。 +- 系统容器内的某些服务进程可能会影响其他操作结果,例如容器内若运行了NetworkManager服务,可能会影响向容器添加网卡的行为(网卡添加成功然后被NetworkManger停掉),导致不可预期的结果。 - 系统容器和主机暂时无法实现udev事件隔离,所以fstab配置也暂不支持。 - systemd服务可能和libcgroup提供的cgconfig服务在功能上出现冲突,建议在容器内去掉libcgroup相关的包或者配置cgconfig服务的Delegate值为no。 @@ -43,7 +43,7 @@ [root@localhost ~]# isula run -tid -n systest01 --system-container --external-rootfs /root/myrootfs none init ``` -- 执行以上命令后容器成功运行,通过exec进容器查看进程信息,可看到systemd服务已启动。 +- 执行以上命令后容器成功运行,通过exec进入容器查看进程信息,可看到systemd服务已启动。 ``` [root@localhost ~]# isula exec -it systest01 bash diff --git "a/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" "b/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" index ac581acc75d8f385e66ff794a32662dca325b39b..b9229297d5b7d41dfa6a2c9f30cd2eb0c060f499 100644 --- "a/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" +++ "b/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" @@ -19,7 +19,7 @@ docker pull、docker build、docker commit、docker import、docker load都可 2. 如果Docker操作镜像时系统掉电,可能导致镜像损坏,需要手动恢复。 - 由于Docker在操作镜像(pull/load/rmi/build/combine/commit/import等)时,镜像数据的操作是异步的、镜像元数据是同步的。所以如果在镜像数据未全部刷到磁盘时掉电,可能导致镜像数据和元数据不一致。对用户的表现是镜像可以看到\(有可能是none 镜像\),但是无法启动容器,或者启动后的容器有异常。这种情况下应该先使用docker rmi删除该镜像,然后重新进行之前的操作,系统可以恢复。 + 由于Docker在操作镜像(pull/load/rmi/build/combine/commit/import等)时,镜像数据的操作是异步的、镜像元数据是同步的。所以如果在镜像数据未全部刷到磁盘时掉电,可能导致镜像数据和元数据不一致。对用户的表现是镜像可以看到\(有可能是none 镜像\),但是无法启动容器,或者启动后的容器有异常。这种情况下应该先使用docker rmi删除该镜像,然后重新进行之前的操作,系统可以恢复。 3. 生产环境节点应避免存留超大数量镜像,请及时清理不使用的镜像。 @@ -51,7 +51,13 @@ docker images ## 删除镜像 +删除镜像(image处为具体镜像名): + +``` +docker rmi image +``` + ### 注意事项 -禁止使用docker rmi –f XXX删除镜像。如果使用强制删除,docker rmi会忽略过程中的错误,可能导致容器或者镜像关元数据残留。如果使用普通删除,如果删除过程出错,则会删除失败,不会导致元数据残留。 +禁止使用docker rmi -f XXX删除镜像。如果使用强制删除,docker rmi会忽略过程中的错误,可能导致容器或者镜像元数据残留。如果使用普通删除,如果删除过程出错,则会删除失败,不会导致元数据残留。 diff --git "a/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" "b/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" index 0e218beb988c6dd63baa599cf66e38e849f69c1d..cfbc76eb319662179779b69875f84a49a394c99e 100644 --- "a/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" +++ "b/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" @@ -111,7 +111,7 @@ docker commit container\_id **注释** -使用\#注释 +使用"\#"注释    @@ -193,9 +193,9 @@ CMD command param1 param2 \(as a shell\) **ONBUILD命令** -格式:ONBUILD \[其它指令\] +格式:ONBUILD \[其他指令\] -功能:后面跟其它指令,比如 RUN、COPY 等,这些指令,在当前镜像构建时并不会被执行,只有当以当前镜像为基础镜像,去构建下一级镜像的时候才会被执行 +功能:后面跟其他指令,比如 RUN、COPY 等,这些指令,在当前镜像构建时并不会被执行,只有当以当前镜像为基础镜像,去构建下一级镜像的时候才会被执行 下面是Dockerfile的一个完整例子,该Dockerfile将构建一个安装了sshd服务的image @@ -258,7 +258,7 @@ be4672959e8b 15 minutes ago bash 23B 选项: --a, \--all=false 显示所有的镜像, +-a, \--all=false 显示所有的镜像 -f, \--filter=\[\] 指定一个过滤值\(i.e. 'dangling=true'\) @@ -411,7 +411,7 @@ $ sudo docker logout $ sudo docker push 192.168.1.110:5000/busybox:sshd ``` - 推送的时候会自动检测所依赖的层在镜像库中是否已存在,如果以存在,跳过该层。 + 推送的时候会自动检测所依赖的层在镜像库中是否已存在,如果已存在,跳过该层。 ## rmi diff --git "a/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206.md" "b/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206.md" index 386ef9bf53c523e77117c1c1054beb4236ff88d5..0449503bc282742d4eca8efe1ccaf99de4f523aa 100644 --- "a/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206.md" +++ "b/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206.md" @@ -37,7 +37,7 @@ isula login [OPTIONS] SERVER #### 参数 -login命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表1 表1-20 login命令参数列表" 。 +login命令支持参数请参见"[附录 > 命令行参数说明](https://docs.openeuler.org/zh/docs/20.03_LTS_SP4/docs/Container/%E9%99%84%E5%BD%95.html)" 章节的 "表1 表1-20 login命令参数列表" 。 #### 示例 @@ -79,7 +79,7 @@ Logout Succeeded #### 用法 ``` -isula pull [OPTIONS] NAME[:TAG|@DIGEST] +isula pull [OPTIONS] NAME[:TAG] ``` #### 参数 @@ -117,6 +117,28 @@ $ isula rmi rnd-dockerhub.huawei.com/official/busybox Image "rnd-dockerhub.huawei.com/official/busybox" removed ``` +### 添加镜像标签 + +#### 描述 + +tag命令用于添加镜像标签 + +#### 用法 + +``` +isula tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] +``` + +#### 参数 + +tag命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表8 tag命令参数列表"。 + +#### 示例 + +``` +$ isula tag busybox:latest test:latest +``` + ### 加载镜像 #### 描述 @@ -149,7 +171,7 @@ Load image from "/root/busybox.tar" success #### 用法 ``` -isula images +isula images [OPTIONS] ``` #### 参数 @@ -160,8 +182,8 @@ images命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表 ``` $ isula images -REF IMAGE ID CREATED SIZE -rnd-dockerhub.huawei.com/official/busybox:latest e4db68de4ff2 2019-06-15 08:19:54 1.376 MB +REPOSITORY TAG IMAGE ID CREATED SIZE +busybox latest beae173ccac6 2021-12-31 03:19:41 1.184MB ``` ### 检视镜像 @@ -246,7 +268,6 @@ $ cat /etc/isulad/daemon.json "rnd-dockerhub.huawei.com" ], "pod-sandbox-image": "", - "image-opt-timeout": "5m", "native.umask": "secure", "network-plugin": "", "cni-bin-dir": "", @@ -280,6 +301,61 @@ Image "my.csp-edge.com:5000/busybox" pulling Image "my.csp-edge.com:5000/busybox@sha256:f1bdc62115dbfe8f54e52e19795ee34b4473babdeb9bc4f83045d85c7b2ad5c0" pulled ``` +### 导入rootfs + +#### 描述 + +把包含了一个rootfs的tar包导入为镜像,该tar包一般是之前使用export命令导出的,也可以是格式兼容的包含rootfs的tar包。目前支持 +格式(.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz),请勿使用其他格式的tar包进行导入。 + +#### 用法 + +``` +isula import file REPOSITORY[:TAG] +``` +导入成功后打印的字符串是导入的rootfs生成的镜像id + +#### 参数 + +import命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表9 import命令参数列表"。 + +#### 示例 + +``` +$ isula import busybox.tar test +sha256:441851e38dad32478e6609a81fac93ca082b64b366643bafb7a8ba398301839d +$ isula images +REPOSITORY TAG IMAGE ID CREATED SIZE +test latest 441851e38dad 2020-09-01 11:14:35 1.168 MB +``` + +### 导出rootfs + +#### 描述 + +把一个容器的rootfs文件系统内容导出成tar包,导出的rootfs的tar包可以在后面使用import功能重新导入成镜像。 + +#### 用法 + +``` +isula export [OPTIONS] [ID|NAME] +``` + +#### 参数 + +export命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表10 export命令参数列表"。 + +#### 示例 + +``` +$ isula run -tid --name container_test test sh +d7e601c2ef3eb8d378276d2b42f9e58a2f36763539d3bfcaf3a0a77dc668064b +$ isula export -o rootfs.tar d7e601c +$ ls +rootfs.tar +``` + + ## embedded镜像管理 ### 加载镜像 @@ -325,8 +401,8 @@ images命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表 ``` $ isula images -REF IMAGE ID CREATED SIZE -test:v1 9319da1f5233 2018-03-01 10:55:44 1.273 MB +REPOSITORY TAG IMAGE ID CREATED SIZE +busybox latest beae173ccac6 2021-12-31 03:19:41 1.184MB ``` ### 检视镜像 diff --git "a/docs/zh/docs/Container/\351\231\204\345\275\225.md" "b/docs/zh/docs/Container/\351\231\204\345\275\225.md" index 858096ce5f302f179f7831fae4b0cfc04fe604a4..8e51eeb3340cfac56c49f4df8e2695bf14ca6b9a 100644 --- "a/docs/zh/docs/Container/\351\231\204\345\275\225.md" +++ "b/docs/zh/docs/Container/\351\231\204\345\275\225.md" @@ -1,10 +1,5 @@ # 附录 -- [附录](#附录.md) - - [命令行参数说明](#命令行参数说明) - - [CNI配置参数](#cni配置参数) - - ## 命令行参数说明 **表 1** login命令参数列表 @@ -17,7 +12,7 @@ - @@ -26,6 +21,11 @@ + + + - + + +

Return Value

@@ -1812,17 +1807,17 @@ This API is used to delete a sandbox. If any running container belongs to the sa #### PodSandboxStatus -#### Prototype +##### Prototype -``` +```shell rpc PodSandboxStatus(PodSandboxStatusRequest) returns (PodSandboxStatusResponse) {} ``` -#### Description +##### Description This API is used to query the sandbox status. If the sandbox does not exist, an error is returned. -#### Parameters +##### Parameters

Parameter

@@ -1843,7 +1838,7 @@ This API is used to query the sandbox status. If the sandbox does not exist, an
-#### Return Values +##### Return Values - + + + + + + + + +

Return Value

@@ -1866,17 +1861,17 @@ This API is used to query the sandbox status. If the sandbox does not exist, an #### ListPodSandbox -#### Prototype +##### Prototype -``` +```shell rpc ListPodSandbox(ListPodSandboxRequest) returns (ListPodSandboxResponse) {} ``` -#### Description +##### Description This API is used to return the sandbox information list. Filtering based on criteria is supported. -#### Parameters +##### Parameters

Parameter

@@ -1892,7 +1887,7 @@ This API is used to return the sandbox information list. Filtering based on crit
-#### Return Values +##### Return Values - + + + + + +

Return Value

@@ -1910,21 +1905,21 @@ This API is used to return the sandbox information list. Filtering based on crit #### CreateContainer -``` +```shell grpc::Status CreateContainer(grpc::ServerContext *context, const runtime::CreateContainerRequest *request, runtime::CreateContainerResponse *reply) {} ``` -#### Description +##### Description This API is used to create a container in the PodSandbox. -#### Precautions +##### Precautions -- **sandbox\_config** in** CreateContainerRequest** is the same as the configuration transferred to **RunPodSandboxRequest** to create a PodSandbox. It is transferred again for reference only. PodSandboxConfig must remain unchanged throughout the lifecycle of a pod. -- The container name is obtained from fields in [ContainerMetadata](#apis.md#en-us_topic_0182207110_li17135914132319) and separated by underscores \(\_\). Therefore, the metadata cannot contain underscores \(\_\). Otherwise, the [ListContainers](#listcontainers.md#EN-US_TOPIC_0184808103) API cannot be used for query even when the sandbox is running successfully. -- **CreateContainerRequest** does not contain the **runtime\_handler** field. The runtime type of the container is the same as that of the corresponding sandbox. +- **sandbox\_config** in**CreateContainerRequest** is the same as the configuration transferred to **RunPodSandboxRequest** to create a PodSandbox. It is transferred again for reference only. PodSandboxConfig must remain unchanged throughout the lifecycle of a pod. +- The container name is obtained from fields in [ContainerMetadata](#apis.md#en-us_topic_0182207110_li17135914132319) and separated by underscores \(\_\). Therefore, the metadata cannot contain underscores \(\_\). Otherwise, the [ListContainers](#listcontainers.md#EN-US_TOPIC_0184808103) API cannot be used for query even when the sandbox is running successfully. +- **CreateContainerRequest** does not contain the **runtime\_handler** field. The runtime type of the container is the same as that of the corresponding sandbox. -#### Parameters +##### Parameters - + + + + + +

Parameter

@@ -1954,7 +1949,7 @@ This API is used to create a container in the PodSandbox. Unstructured key-value mappings that can be used to store and retrieve any metadata. The field can be used to transfer parameters for the fields for which the CRI does not provide specific parameters. -- Customize the field: +- Customize the field:

Custom key:value

@@ -1970,8 +1965,7 @@ Unstructured key-value mappings that can be used to store and retrieve any metad
- -#### Return Values +##### Return Values - + + + + + +

Return Value

@@ -1989,17 +1983,17 @@ Unstructured key-value mappings that can be used to store and retrieve any metad #### StartContainer -#### Prototype +##### Prototype -``` +```shell rpc StartContainer(StartContainerRequest) returns (StartContainerResponse) {} ``` -#### Description +##### Description This API is used to start a container. -#### Parameters +##### Parameters

Parameter

@@ -2015,7 +2009,7 @@ This API is used to start a container.
-#### Return Values +##### Return Values - + + + + + + + + +

Return Value

@@ -2033,17 +2027,17 @@ This API is used to start a container. #### StopContainer -#### Prototype +##### Prototype -``` +```shell rpc StopContainer(StopContainerRequest) returns (StopContainerResponse) {} ``` -#### Description +##### Description This API is used to stop a running container. You can set a graceful timeout time. If the container has been stopped, no errors will be returned. -#### Parameters +##### Parameters

Parameter

@@ -2064,23 +2058,23 @@ This API is used to stop a running container. You can set a graceful timeout tim
-#### Return Values +##### Return Values None #### RemoveContainer -#### Prototype +##### Prototype -``` +```shell rpc RemoveContainer(RemoveContainerRequest) returns (RemoveContainerResponse) {} ``` -#### Description +##### Description This API is used to delete a container. If the container is running, it must be forcibly stopped. If the container has been deleted, no errors will be returned. -#### Parameters +##### Parameters

Parameter

@@ -2096,23 +2090,23 @@ This API is used to delete a container. If the container is running, it must be
-#### Return Values +##### Return Values None #### ListContainers -#### Prototype +##### Prototype -``` +```shell rpc ListContainers(ListContainersRequest) returns (ListContainersResponse) {} ``` -#### Description +##### Description This API is used to return the container information list. Filtering based on criteria is supported. -#### Parameters +##### Parameters

Parameter

@@ -2128,7 +2122,7 @@ This API is used to return the container information list. Filtering based on cr
-#### Return Values +##### Return Values - + + + + + + - + + + + + + - - + + + - @@ -1574,7 +2038,7 @@ wait命令支持参数参考下表。 ### 描述 -isula top用于查看容器中的进程信息。仅支持runtime类型为lcr的容器。 +isula top用于查看容器中的进程信息。 ### 用法 @@ -1596,7 +2060,7 @@ top命令支持参数参考下表。 - - - + + + @@ -1626,7 +2095,7 @@ root 22166 22163 0 23:04 pts/1 00:00:00 sh ### 描述 -isula stats用于实时显示资源使用的统计信息。仅支持runtime类型为lcr的容器。 +isula stats用于实时显示资源使用的统计信息。 ### 用法 @@ -1648,7 +2117,7 @@ stats命令支持参数参考下表。 - @@ -1657,6 +2126,16 @@ stats命令支持参数参考下表。 + + + + + + + + +

Return Value

@@ -2146,17 +2140,17 @@ This API is used to return the container information list. Filtering based on cr #### ContainerStatus -#### Prototype +##### Prototype -``` +```shell rpc ContainerStatus(ContainerStatusRequest) returns (ContainerStatusResponse) {} ``` -#### Description +##### Description This API is used to return the container status information. If the container does not exist, an error will be returned. -#### Parameters +##### Parameters

Parameter

@@ -2177,7 +2171,7 @@ This API is used to return the container status information. If the container do
-#### Return Values +##### Return Values - @@ -800,6 +1175,16 @@ stop命令支持参数参考下表。 + + + + + + - + + + + + + - - + + + -

Return Value

@@ -2200,22 +2194,22 @@ This API is used to return the container status information. If the container do #### UpdateContainerResources -#### Prototype +##### Prototype -``` +```shell rpc UpdateContainerResources(UpdateContainerResourcesRequest) returns (UpdateContainerResourcesResponse) {} ``` -#### Description +##### Description This API is used to update container resource configurations. -#### Precautions +##### Precautions -- This API cannot be used to update the pod resource configurations. -- The value of **oom\_score\_adj** of any container cannot be updated. +- This API cannot be used to update the pod resource configurations. +- The value of **oom\_score\_adj** of any container cannot be updated. -#### Parameters +##### Parameters

Parameter

@@ -2236,27 +2230,27 @@ This API is used to update container resource configurations.
-#### Return Values +##### Return Values None #### ExecSync -#### Prototype +##### Prototype -``` +```shell rpc ExecSync(ExecSyncRequest) returns (ExecSyncResponse) {} ``` -#### Description +##### Description The API is used to run a command in containers in synchronization mode through the gRPC communication method. -#### Precautions +##### Precautions The interaction between the terminal and the containers must be disabled when a single command is executed. -#### Parameters +##### Parameters

Parameter

@@ -2282,7 +2276,7 @@ The interaction between the terminal and the containers must be disabled when a
-#### Return Values +##### Return Values - @@ -416,6 +603,21 @@ run命令支持参数参考下表。

注意如果没有配置该参数,则使用isulad中的umask配置。

+ + + + + + + + + - + + + + + + + + + - - + + + + + + - + + + + + + + + + + + + + + + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + - - - - + + + + + + + + + - + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + +

Return Value

@@ -2310,21 +2304,21 @@ The interaction between the terminal and the containers must be disabled when a #### Exec -#### Prototype +##### Prototype -``` +```shell rpc Exec(ExecRequest) returns (ExecResponse) {} ``` -#### Description +##### Description This API is used to run commands in a container through the gRPC communication method, that is, obtain URLs from the CRI server, and then use the obtained URLs to establish a long connection to the WebSocket server, implementing the interaction with the container. -#### Precautions +##### Precautions -The interaction between the terminal and the container can be enabled when a single command is executed. One of **stdin**, **stdout**, and **stderr **must be true. If **tty** is true, **stderr** must be false. Multiplexing is not supported. In this case, the output of **stdout** and **stderr** will be combined to a stream. +The interaction between the terminal and the container can be enabled when a single command is executed. One of **stdin**, **stdout**, and **stderr** must be true. If **tty** is true, **stderr** must be false. Multiplexing is not supported. In this case, the output of **stdout** and **stderr** will be combined to a stream. -#### Parameters +##### Parameters

Parameter

@@ -2365,7 +2359,7 @@ The interaction between the terminal and the container can be enabled when a sin
-#### Return Values +##### Return Values - - + + + + + + -

Return Value

@@ -2383,17 +2377,17 @@ The interaction between the terminal and the container can be enabled when a sin #### Attach -#### Prototype +##### Prototype -``` +```shell rpc Attach(AttachRequest) returns (AttachResponse) {} ``` -#### Description +##### Description This API is used to take over the init process of a container through the gRPC communication method, that is, obtain URLs from the CRI server, and then use the obtained URLs to establish a long connection to the WebSocket server, implementing the interaction with the container. Only containers whose runtime is of the LCR type are supported. -#### Parameters +##### Parameters

Parameter

@@ -2429,7 +2423,7 @@ This API is used to take over the init process of a container through the gRPC c
-#### Return Values +##### Return Values - - - + + + + + + + + + + + + - - + + + + + + + + + - - + + + + + + - + + + + + + + + + + + + + + + + + + - - + + + + + + - - - - + + + + + + - + + + + + + - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Return Value

@@ -2447,17 +2441,17 @@ This API is used to take over the init process of a container through the gRPC c #### ContainerStats -#### Prototype +##### Prototype -``` +```shell rpc ContainerStats(ContainerStatsRequest) returns (ContainerStatsResponse) {} ``` -#### Description +##### Description This API is used to return information about resources occupied by a container. Only containers whose runtime is of the LCR type are supported. -#### Parameters +##### Parameters

Parameter

@@ -2473,7 +2467,7 @@ This API is used to return information about resources occupied by a container.
-#### Return Values +##### Return Values - - - - -

Return Value

@@ -2491,17 +2485,17 @@ This API is used to return information about resources occupied by a container. #### ListContainerStats -#### Prototype +##### Prototype -``` +```shell rpc ListContainerStats(ListContainerStatsRequest) returns (ListContainerStatsResponse) {} ``` -#### Description +##### Description This API is used to return the information about resources occupied by multiple containers. Filtering based on criteria is supported. -#### Parameters +##### Parameters

Parameter

@@ -2517,7 +2511,7 @@ This API is used to return the information about resources occupied by multiple
-#### Return Values +##### Return Values

Return Value

@@ -2535,21 +2529,21 @@ This API is used to return the information about resources occupied by multiple #### UpdateRuntimeConfig -#### Prototype +##### Prototype -``` +```shell rpc UpdateRuntimeConfig(UpdateRuntimeConfigRequest) returns (UpdateRuntimeConfigResponse); ``` -#### Description +##### Description This API is used as a standard CRI to update the pod CIDR of the network plug-in. Currently, the CNI network plug-in does not need to update the pod CIDR. Therefore, this API records only access logs. -#### Precautions +##### Precautions API operations will not modify the system management information, but only record a log. -#### Parameters +##### Parameters

Parameter

@@ -2565,27 +2559,27 @@ API operations will not modify the system management information, but only recor
-#### Return Values +##### Return Values None #### Status -#### Prototype +##### Prototype -``` +```shell rpc Status(StatusRequest) returns (StatusResponse) {}; ``` -#### Description +##### Description This API is used to obtain the network status of the runtime and pod. Obtaining the network status will trigger the update of network configuration. Only containers whose runtime is of the LCR type are supported. -#### Precautions +##### Precautions If the network configuration fails to be updated, the original configuration is not affected. The original configuration is overwritten only when the update is successful. -#### Parameters +##### Parameters

Parameter

@@ -2601,7 +2595,7 @@ If the network configuration fails to be updated, the original configuration is
-#### Return Values +##### Return Values @@ -235,7 +235,7 @@ GCC是一个功能强大的编译器,其 _options_ 参数取值很多,但有 - 多个源文件一起编译。编译时需要所有文件重新编译。 - 示例:将test1.c和tes2.c分别编译后链接成test可执行文件。 + 示例:将test1.c和test2.c分别编译后链接成test可执行文件。 ``` $ gcc test1.c test2.c -o test @@ -248,7 +248,7 @@ GCC是一个功能强大的编译器,其 _options_ 参数取值很多,但有 ``` $ gcc -c test1.c $ gcc -c test2.c - $ gcc -o test1.o test2.o -o test + $ gcc test1.o test2.o -o test ``` @@ -307,14 +307,14 @@ $ gcc main.c libtest.so -o app.out 若使用下面搜索动态库的方式,则为了确保程序在运行时能够链接到动态库,需要通过如下三种方法中的任一种实现。 - 将动态库保存在标准目录下,例如 /usr/lib。 -- 把动态库所在路径libaryDIR增加到环境变量LD\_LIBRARY\_PATH中 - - $ export LD\_LIBRARY\_PATH=libraryDIR:$LD\_LIBRARY\_PATH - +- 把动态库所在路径libraryDIR添加到环境变量LD_LIBRARY_PATH中。 + ``` + $ export LD_LIBRARY_PATH=libraryDIR:$LD_LIBRARY_PATH + ``` >![](./public_sys-resources/icon-note.gif) **说明:** - >LD\_LIBRARY\_PATH为动态库的环境变量。当运行动态库时,若动态库不在缺省文件夹(/lib 和/usr/lib)下,则需要指定环境变量LD\_LIBRARY\_PATH。 + >LD\_LIBRARY\_PATH为动态库的环境变量。当运行动态库时,若动态库不在缺省文件夹(/lib 和/usr/lib)下,则需要指定环境变量LD_LIBRARY_PATH。 -- 把动态库所在路径libaryDIR增加 /etc/ld.so.conf中然后执行ldconfig或者以动态库所在路径libaryDIR为参数执行ldconfig。 +- 把动态库所在路径libraryDIR添加到 /etc/ld.so.conf中然后执行ldconfig或者以动态库所在路径libraryDIR为参数执行ldconfig。 ``` $ gcc main.c -L libraryDIR -ltest -o app.out @@ -341,7 +341,7 @@ ar rcs _Sllfilename_ _Targetfilelist_ - _Sllfilename_ :静态库文件名。 - _Targetfilelist_ :目标文件列表。 - r: 替换库中已有的目标文件,或者加入新的目标文件。 -- c: 创建一个库,不管库否存在,都将创建。 +- c: 创建一个库,不管库是否存在,都将创建。 - s: 创建目标文件索引,在创建较大的库时能提高速度。 示例:创建一个main.c文件来使用静态库 @@ -357,7 +357,7 @@ $ gcc main.c -L libraryDIR -ltest -o test.out ### 使用GCC编译C程序示例 -1. cd到代码目录,此处以用户“~/code”进行举例。如下所示: +1. cd到代码目录,以目录“~/code”进行举例。如下所示: ``` $ cd ~/code @@ -398,7 +398,7 @@ $ gcc main.c -L libraryDIR -ltest -o test.out ### 使用GCC创建和使用动态链接库示例 -1. cd到代码目录,此处以用户“~/code”进行举例。并在该目录下创建src,lib,include子目录,分别用于存放源文件,动态库文件和头文件。 +1. cd到代码目录,以目录“~/code”进行举例。并在该目录下创建src,lib,include子目录,分别用于存放源文件,动态库文件和头文件。 ``` $ cd ~/code @@ -509,7 +509,7 @@ $ gcc main.c -L libraryDIR -ltest -o test.out ### 使用GCC创建和使用静态链接库示例 -1. cd到代码目录,此处以用户“~/code”进行举例。并在该目录下创建src,lib,include子目录,分别用于存放源文件,静态库文件和头文件。 +1. cd到代码目录,以目录“~/code”进行举例。并在该目录下创建src,lib,include子目录,分别用于存放源文件,静态库文件和头文件。 ``` $ cd ~/code @@ -550,7 +550,7 @@ $ gcc main.c -L libraryDIR -ltest -o test.out $ gcc -c add.c sub.c ``` -4. 将add.o、sub.o目标文件通过ar命令打包成静态库libmath.a,并将该动态库存放在~/code/lib目录。 +4. 将add.o、sub.o目标文件通过ar命令打包成静态库libmath.a,并将该静态库存放在~/code/lib目录。 ``` $ ar rcs ~/code/lib/libmath.a add.o sub.o diff --git "a/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250JDK\347\274\226\350\257\221.md" "b/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250JDK\347\274\226\350\257\221.md" index 04b393703e35a00edab3461e7a81d8c154137dd6..dea2500d4cc4873ba1b655361b63c7f67cd684b5 100644 --- "a/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250JDK\347\274\226\350\257\221.md" +++ "b/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250JDK\347\274\226\350\257\221.md" @@ -38,17 +38,17 @@ JDK(Java Development Kit)是 Java 开发者进行 Java 开发所必须的软 - - - @@ -75,7 +75,7 @@ JDK(Java Development Kit)是 Java 开发者进行 Java 开发所必须的软 - @@ -208,7 +208,7 @@ java是运行java应用程序的工具,其 _options_ 参数取值很多,但 @@ -303,7 +303,7 @@ jar命令参数说明如[表5](#table3691718114817)所示。 - - @@ -347,7 +347,7 @@ java类库是以包的形式实现的,包是类和接口的集合。java编译 除java提供的许多包外,开发者也可以自定义包,把自己编写的类和接口等组成程序包的形式,以便后续使用。 -自定义包需要先声明包,然后在使用包。 +自定义包需要先声明包,然后再使用包。 ### 包的声明 @@ -487,7 +487,7 @@ java类库是以包的形式实现的,包是类和接口的集合。java编译 } ``` -4. ~/code/Hi/openos/openeuler目录,创建Hi.java。 +4. cd到~/code/Hi/openos/openeuler目录,创建Hi.java。 ``` $ cd ~/code/Hi/openos/openeuler diff --git "a/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250make\347\274\226\350\257\221.md" "b/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250make\347\274\226\350\257\221.md" index 69fbf68deb5a3186bad0d84062e2255e7d1d8607..4d4ffe5c7c02710c4825a69ea8132c50eca8f73f 100644 --- "a/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250make\347\274\226\350\257\221.md" +++ "b/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250make\347\274\226\350\257\221.md" @@ -102,9 +102,9 @@ makefile文件中可能用到的文件类型如[表1](#table634145764320)所示 ### make工作流程 -使用make由源代码文件生成可执行文件,需要经过如下步骤。 +使用make由源代码文件生成可执行文件,需要经过如下步骤: -1. make命令会读入Makefile文件,包括当前目录下命名为"GNUmakefile" 、"makefile" 、"Makefile"的文件、被include的makefile文件、参数-f、\-\-file、\-\-makefile指定的规则文件。 +1. make命令会读入Makefile文件,包括当前目录下命名为"GNUmakefile" 、"makefile" 、"Makefile"的文件、被include的makefile文件、参数-f、--file、--makefile指定的规则文件。 2. 初始化变量。 3. 推导隐含规则,分析依赖关系,并创建依赖关系链。 4. 根据依赖关系链,决定哪些目标需要重新生成。 @@ -131,7 +131,7 @@ _target_ :Makefile中指定的目标。 - - - - - - - - - - - - - - - - - @@ -220,13 +220,13 @@ _target_ :Makefile中指定的目标。 make是通过Makefile文件获取如何编译、链接和安装、清理的方法,从而实现将源代码文件生成可执行文件和其他相关文件的工具。因此,Makefile中描述了整个工程的编译和链接等规则,其中包含了哪些文件需要编译,哪些文件不需要编译,哪些文件需要先编译,哪些文件需要后编译,哪些文件需要重建等等。Makefile文件让工程编译实现了自动化,不需要每次都手动输入一堆源文件和参数。 -本章简单介绍Makefile文件的结构和主要内容,更多Makefile的内容请通过**info make**命令查询 +本章简单介绍Makefile文件的结构和主要内容,更多Makefile的内容请通过**info make**命令查询。 ### Makefile结构 Makefile文件结构如下所示: -_targets_:_prereguisites_ +_targets_:_prerequisites_ _command_ @@ -239,7 +239,7 @@ _command_ 其中: - _targets_ :目标,可以是目标文件、可执行文件或标签。 -- _prerequisites_ :依赖文件,生成targets需要的文件或者是目标。可以是多个,也可以是没有。 +- _prerequisites_ :依赖文件,生成targets需要的文件或者是目标。可以是多个,也可以没有。 - _command_ :make需要执行的命令(任意的 shell 命令)。可以有多条命令,每一条命令占一行。 - 目标和依赖文件之间要使用“:”分隔,命令的开始一定要按“Tab”。 @@ -247,7 +247,7 @@ Makefile文件结构表明了输出的目标,输出目标的依赖对象和生 ### Makefile主要内容 -一个Makefile文件主要由以下内容组成。 +一个Makefile文件主要由以下内容组成: - 显式规则 @@ -277,7 +277,7 @@ Makefile文件结构表明了输出的目标,输出目标的依赖对象和生 ### 使用Makefile实现编译的示例 -1. cd到代码目录,此处以用户“~/code”进行举例。 +1. cd到代码目录,以目录“~/code”进行举例。 ``` $ cd ~/code @@ -352,7 +352,7 @@ Makefile文件结构表明了输出的目标,输出目标的依赖对象和生 $ make ``` - 命令执行后,会打印Makefile中执行的命令。如果不需要打印该信息,可以在执行make命令是加上参数-s。 + 命令执行后,会打印Makefile中执行的命令。如果不需要打印该信息,可以在执行make命令时加上参数-s。 gcc -c main.c diff --git "a/docs/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" "b/docs/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" index 4bd20dd7b6a3241d115380f19330e28167146631..e6dbe843965aad7e2723d32b8983c782f49afdd7 100644 --- "a/docs/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" +++ "b/docs/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" @@ -1,28 +1,8 @@ # 开发环境准备 - - -- [开发环境准备](#开发环境准备) - - [环境要求](#环境要求) - - [操作系统要求](#操作系统要求) - - [配置openEuler yum源(软件源)](#配置openeuler-yum源软件源) - - [通过直接获取在线的openEuler repo源配置在线yum源](#通过直接获取在线的openeuler-repo源配置在线yum源) - - [通过挂载ISO创建本地openEuler repo源配置本地yum源](#通过挂载iso创建本地openeuler-repo源配置本地yum源) - - [安装软件包](#安装软件包) - - [安装JDK软件包](#安装jdk软件包) - - [安装rpm-build软件包](#安装rpm-build软件包) - - [使用IDE进行Java开发](#使用ide进行java开发) - - [简介](#简介) - - [使用MobaXterm登录服务器](#使用mobaxterm登录服务器) - - [设置JDK环境](#设置jdk环境) - - [下载安装GTK库](#下载安装gtk库) - - [设置X11 Forwarding](#设置x11-forwarding) - - [下载并运行IntelliJ IDEA](#下载并运行intellij-idea) - - ## 环境要求 -- 若使用的是物理机,则开发环境所需的最小硬件要求如[表1](#table154419352610)所示。 +- 若使用的是物理机,则开发环境所需的最小硬件要求如[表1](#table154419352610)所示。 **表 1** 最小硬件要求 @@ -66,7 +46,7 @@

Return Value

@@ -2626,27 +2620,26 @@ If the network configuration fails to be updated, the original configuration is The service provides the gRPC API for pulling, viewing, and removing images from the registry. - #### ListImages -#### Prototype +##### Prototype -``` +```shell rpc ListImages(ListImagesRequest) returns (ListImagesResponse) {} ``` -#### Description +##### Description This API is used to list existing image information. -#### Precautions +##### Precautions This is a unified API. You can run the **cri images** command to query embedded images. However, embedded images are not standard OCI images. Therefore, query results have the following restrictions: -- An embedded image does not have an image ID. Therefore, the value of **image ID** is the config digest of the image. -- An embedded image has only config digest, and it does not comply with the OCI image specifications. Therefore, the value of **digest** cannot be displayed. +- An embedded image does not have an image ID. Therefore, the value of **image ID** is the config digest of the image. +- An embedded image has only config digest, and it does not comply with the OCI image specifications. Therefore, the value of **digest** cannot be displayed. -#### Parameters +##### Parameters

Parameter

@@ -2662,7 +2655,7 @@ This is a unified API. You can run the **cri images** command to query embedde
-#### Return Values +##### Return Values

Return Value

@@ -2680,22 +2673,22 @@ This is a unified API. You can run the **cri images** command to query embedde #### ImageStatus -#### Prototype +##### Prototype -``` +```shell rpc ImageStatus(ImageStatusRequest) returns (ImageStatusResponse) {} ``` -#### Description +##### Description The API is used to query the information about a specified image. -#### Precautions +##### Precautions -1. If the image to be queried does not exist, **ImageStatusResponse** is returned and **Image** is set to **nil** in the return value. -2. This is a unified API. Since embedded images do not comply with the OCI image specifications and do not contain required fields, the images cannot be queried by using this API. +1. If the image to be queried does not exist, **ImageStatusResponse** is returned and **Image** is set to **nil** in the return value. +2. This is a unified API. Since embedded images do not comply with the OCI image specifications and do not contain required fields, the images cannot be queried by using this API. -#### Parameters +##### Parameters

Parameter

@@ -2716,7 +2709,7 @@ The API is used to query the information about a specified image.
-#### Return Values +##### Return Values - diff --git a/docs/en/docs/StratoVirt/Best_practices.md b/docs/en/docs/StratoVirt/Best_practices.md new file mode 100644 index 0000000000000000000000000000000000000000..5f3958606223216435512425e2759247d6f7deda --- /dev/null +++ b/docs/en/docs/StratoVirt/Best_practices.md @@ -0,0 +1,95 @@ +# Best Practices + +### Huge Page Configuration + +#### Overview + +StratoVirt supports the configuration of huge pages for VMs. Compared with the traditional 4K memory page mode, huge page memory can effectively reduce the number of TLB misses and page fault interrupts, significantly improving the performance of memory-intensive services. + +#### Precautions + +- The directory to which the huge pages are mounted must be an absolute path. +- Memory huge pages can be configured only during startup. +- Only static huge pages are supported. +- Configure huge pages on the host before use. +- To use the huge page feature, ensure that the VM memory size is an integer multiple of *huge page size*. + +#### Mutually Exclusive Features + +- If huge pages are configured, the balloon feature becomes invalid. + +#### Configuration Methods + +##### Configuring Huge Pages on the Host + +###### Mounting + +Mount the huge page file system to a specified directory. `/path/to/hugepages` is the user-defined empty directory. + +```shell +$ mount -t hugetlbfs hugetlbfs /path/to/hugepages +``` + +###### Setting the Number of Huge Pages + +- Set the number of static huge pages. `num` indicates the specified number. + + ```shell + $ sysctl vm.nr_hugepages=num + ``` + +- Query huge page statistics. + + ```shell + $ cat /proc/meminfo | grep Hugepages + ``` + + To view statistics about huge pages of other sizes, view the related information in the `/sys/kernel/mm/hugepages/hugepages-*/` directory. + +
+ +>![](./public_sys-resources/icon-notice.gif) **Notice** +>Configure the StratoVirt memory specifications and huge pages based on the huge page usage. If the huge page resources are insufficient, the VM fails to be started. + +#### Huge Page Configuration During StratoVirt Startup + +- CLI + + ```shell + -mem-path /page/to/hugepages + ``` + + In the preceding command, `/page/to/hugepages` indicates the directory to which the huge page file system is mounted. Only absolute paths are supported. + +- JSON file + + ```json + { + "machine-config": { + "mem_path": "/page/to/hugepages", + ... + }, + ... + } + ``` + + In the preceding command, `/page/to/hugepages` indicates the directory to which the huge page file system is mounted. Only absolute paths are supported. + +
+ +>![](./public_sys-resources/icon-caution.gif) **Note** +>**Typical configuration**: Set **mem-path** in the StratoVirt command line to the *huge page file system mount directory*. The StratoVirt huge page feature is recommended for the typical configuration. + +### Performance Improvement + +#### Memory Noise Floor + +To achieve the optimal memory noise floor, developers can use the methods provided by WIKI on the StratoVirt homepage for compilation and testing. + +[https://gitee.com/openeuler/stratovirt/wikis/%E6%80%A7%E8%83%BD%E6%B5%8B%E8%AF%95-%E5%86%85%E5%AD%98%E5%BA%95%E5%99%AA?sort_id=3879743](https://gitee.com/openeuler/stratovirt/wikis/%E6%80%A7%E8%83%BD%E6%B5%8B%E8%AF%95-%E5%86%85%E5%AD%98%E5%BA%95%E5%99%AA?sort_id=3879743) + +#### Cold Startup Time + +To reduce the cold startup time, developers can also use the methods provided on by WIKI on the StratoVirt homepage to perform compilation tests. + +[https://gitee.com/openeuler/stratovirt/wikis/%E6%80%A7%E8%83%BD%E6%B5%8B%E8%AF%95-%E5%86%B7%E5%90%AF%E5%8A%A8%E6%97%B6%E9%97%B4?sort_id=3879744](https://gitee.com/openeuler/stratovirt/wikis/%E6%80%A7%E8%83%BD%E6%B5%8B%E8%AF%95-%E5%86%B7%E5%90%AF%E5%8A%A8%E6%97%B6%E9%97%B4?sort_id=3879744) diff --git a/docs/en/docs/StratoVirt/Install_StratoVirt.md b/docs/en/docs/StratoVirt/Install_StratoVirt.md new file mode 100644 index 0000000000000000000000000000000000000000..27cdc148aeaa64196de1694f1d354ec7c24b2ced --- /dev/null +++ b/docs/en/docs/StratoVirt/Install_StratoVirt.md @@ -0,0 +1,32 @@ +# Installing StratoVirt + +## Software and Hardware Requirements + +### Minimum Hardware Requirements + +- Processor architecture: Only the AArch64 and x86_64 processor architectures are supported. AArch64 requires ARMv8 or a later version and supports virtualization extension. x86_64 supports VT-x. + +- 2-core CPU +- 4 GiB memory +- 16 GiB available disk space + +### Software Requirements + +Operating system: openEuler 20.03_LTS_SP4 + +## Component Installation + +To use StratoVirt virtualization, it is necessary to install StratoVirt. Before the installation, ensure that the openEuler yum source has been configured. + +1. Run the following command as user root to install the StratoVirt components: + + ```shell + yum install stratovirt + ``` + +2. Check whether the installation is successful. + + ```shell + $ stratovirt -version + StratoVirt 0.3.0 + ``` diff --git a/docs/en/docs/StratoVirt/Interconnect_isula.md b/docs/en/docs/StratoVirt/Interconnect_isula.md new file mode 100644 index 0000000000000000000000000000000000000000..ed202e9e13a5a6283b962188d41ac67d30e653cc --- /dev/null +++ b/docs/en/docs/StratoVirt/Interconnect_isula.md @@ -0,0 +1,137 @@ +# Interconnecting with iSula Security Containers + +## Overview + +To provide a better isolation environment for containers and improve system security, you can interconnect StratoVirt with iSula security containers. + +## Interconnecting with an iSula Security Container + +### **Prerequisites** + +iSulad and kata-containers have been installed, and iSulad supports the kata-runtime container runtime and devicemapper storage driver. + +The following describes how to install and configure iSulad and kata-containers. + +1. Configure the yum source and install iSulad and kata-containers as the **root** user. + + ```shell + yum install iSulad + yum install kata-containers + ``` + +2. Create and configure a storage device. + + You need to plan the disks, for example, **/dev/sdxx**, which will be formatted. + + ```shell + pvcreate /dev/sdxx + vgcreate isulaVG0 /dev/sdxx + lvcreate --wipesignatures y -n thinpool isulaVG0 -l 95%VG + lvcreate --wipesignatures y -n thinpoolmeta isulaVG0 -l 1%VG + lvconvert -y --zero n -c 512K --thinpool isulaVG0/thinpool --poolmetadata isulaVG0/thinpoolmeta + ``` + + Add the following information to the **/etc/lvm/profile/isulaVG0-thinpool.profile** configuration file: + + ```text + activation { + thin_pool_autoextend_threshold=80 + thin_pool_autoextend_percent=20 + } + ``` + + Modify **storage-driver** and **storage-opts** in the **/etc/isulad/daemon.json** configuration file as follows. Set the default storage driver type **overlay** to **devicemapper**. + + ```json + "storage-driver": "devicemapper", + "storage-opts": [ + "dm.thinpooldev=/dev/mapper/isulaVG0-thinpool", + "dm.fs=ext4", + "dm.min_free_space=10%" + ], + ``` + +3. Restart isulad. + + ```shell + systemctl daemon-reload + systemctl restart isulad + ``` + +4. Check whether the iSula storage driver is successfully configured. + + ```shell + isula info + ``` + + If the following information is displayed, the configuration is successful: + + ```text + Storage Driver: devicemapper + ``` + +5. Open the **/etc/isulad/daemon.json** file. If kata-runtime is not configured, set **runtime** to kata-runtime. + + ```json + "runtimes": { + "kata-runtime": { + "path": "/usr/bin/kata-runtime", + "runtimeArgs": [ + "--kata-config", + "/usr/share/defaults/kata-containers/configuration.toml" + ] + } + }, + ``` + +### **Interconnection Guide** + +This section describes how to interconnect StratoVirt with kata-runtime in the iSula security container. + +1. Create the **stratovirt.sh** script in any directory (for example, **/home**) and add the execute permission to the file as the **root** user. + + ```shell + touch /home/stratovirt.sh + chmod +x /home/stratovirt.sh + ``` + + The content of **stratovirt.sh** is as follows, which is used to specify the path of StratoVirt: + + ```shell + #!/bin/bash + export STRATOVIRT_LOG_LEVEL=info # set log level which includes trace, debug, info, warn and error. + /usr/bin/stratovirt $@ + ``` + +2. Modify the kata configuration file (default path: **/usr/share/defaults/kata-containers/configuration.toml**). Set the Hypervisor type of the security container to **stratovirt**, kernel to the absolute path of the kernel image of StratoVirt, and initrd to the **initrd** image file of kata-containers. (If you use yum to install kata-containers, the two image files are downloaded and stored in the **/var/lib/kata/** directory by default. You can also use other images during the configuration.) + + The configuration reference is as follows: + + ```toml + [hypervisor.stratovirt] + path = "/home/stratovirt.sh" + kernel = "/var/lib/kata/vmlinux.bin" + initrd = "/var/lib/kata/kata-containers-initrd.img" + block_device_driver = "virtio-mmio" + use_vsock = true + enable_netmon = true + internetworking_model="tcfilter" + sandbox_cgroup_with_emulator = false + disable_new_netns = false + disable_block_device_use = false + disable_vhost_net = true + ``` + +3. Use the **root** permission and **isula** command to run the BusyBox security container and interconnect StratoVirt with it. + + ```shell + isula run -tid --runtime=kata-runtime --net=none --name test busybox:latest sh + ``` + +4. Run the **isula ps** command to check whether the security container **test** is running properly. Then run the following command to access the container: + + ```shell + isula exec –ti test sh + ``` + + You can now run container commands in the **test** container. diff --git a/docs/en/docs/StratoVirt/Prepare_env.md b/docs/en/docs/StratoVirt/Prepare_env.md new file mode 100644 index 0000000000000000000000000000000000000000..1cc7929fa8610882d1c96dacedfffcf0ae15ce6c --- /dev/null +++ b/docs/en/docs/StratoVirt/Prepare_env.md @@ -0,0 +1,135 @@ +# Preparing the Environment + +## Usage + +- StratoVirt can run on VMs with the x86_64 or AArch64 processor architecture. +- You are advised to compile, debug, and deploy StratoVirt on openEuler 20.03 LTS SP4. +- StratoVirt can run with non-root permissions. + +## Environment Requirements + +The following are required in the environment for running StratoVirt: + +- /dev/vhost-vsock device (for implementing MMIO) +- nmap tool +- Kernel and rootfs images + +## Preparing Devices and Tools + +- To run StratoVirt, the MMIO device must be implemented. Therefore, before running StratoVirt, ensure that the **/dev/vhost-vsock** device exists. + + Check whether the device exists. + + ```shell + $ ls /dev/vhost-vsock + /dev/vhost-vsock + ``` + + If the device does not exist, run the following command to generate it: + + ```shell + modprobe vhost_vsock + ``` + +- To use QMP commands, install the nmap tool first. After configuring the Yum source, run the following command to install the tool: + + ```shell + yum install nmap + ``` + +## Preparing Images + +### Creating the Kernel Image + +StratoVirt of the current version supports only the PE kernel image of the x86_64 and AArch64 platforms. The kernel image in PE format can be generated by using the following method: + +1. Run the following commands to obtain the kernel source code of openEuler: + + ```shell + git clone https://gitee.com/openeuler/kernel + cd kernel + ``` + +2. Run the following command to check and switch to the kernel version 4.19: + + ```shell + git checkout kernel-4.19 + ``` + +3. Configure and compile the Linux kernel. It is better to use the recommended configuration file ([Obtain configuration file](https://gitee.com/openeuler/stratovirt/tree/master/docs/kernel_config)). Copy it to the kernel directory, and rename it as **.config**. You can also run the following command to configure the kernel as prompted: + + ```shell + make menuconfig + ``` + +4. Run the following command to create and convert the kernel image to the PE format. The converted image is **vmlinux.bin**. + + ```shell + make -j vmlinux && objcopy -O binary vmlinux vmlinux.bin + ``` + +5. If you want to use the kernel in bzImzge format on the x86 platform, run the following command: + + ```shell + make -j bzImage + ``` + +## Creating the Rootfs Image + +The rootfs image is a file system image. When StratoVirt is started, the ext4 image with **init** can be loaded. To create an ext4 rootfs image, perform the following steps: + +1. Prepare a file with a proper size (for example, create a file with the size of 10 GB in **/home**). + + ```shell + cd /home + dd if=/dev/zero of=./rootfs.ext4 bs=1G count=10 + ``` + +2. Create an empty ext4 file system on this file. + + ```shell + mkfs.ext4 ./rootfs.ext4 + ``` + +3. Mount the file image. Create the **/mnt/rootfs** directory and mount **rootfs.ext4** to the directory as user **root**. + + ```shell + mkdir /mnt/rootfs + # Return to the directory where the file system is created, for example, /home. + cd /home + sudo mount ./rootfs.ext4 /mnt/rootfs && cd /mnt/rootfs + ``` + +4. Obtain the latest alpine-mini rootfs of the corresponding processor architecture. + + ```shell + arch=`uname -m` + wget http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/$arch/alpine- minirootfs-3.13.0-$arch.tar.gz -O alpine-minirootfs.tar.gz + tar -zxvf alpine-minirootfs.tar.gz + rm alpine-minirootfs.tar.gz + ``` + +5. Run the following command to create a simple **/sbin/init** for the ext4 file image: + + ```shell + $ rm sbin/init; touch sbin/init && cat > sbin/init < ![](./public_sys-resources/icon-note.gif) +> +> If both methods are used, the command line configuration mode is used. +> +> In this document, **/path/to/socket** indicates the socket file in the user-defined path. + +### Specifications + +- Number of VM CPUs: \[1, 254] +- VM memory size: \[256 MB, 512 GB] +- Number of VM drives (including hot plugged-in drives): \[0, 4] +- Number of VM NICs (including hot plugged-in NICs): \[0, 2] +- The VM console device supports only one connection. +- On the x86_64 platform, a maximum of 11 MMIO devices can be configured. You are advised to configure a maximum of four other devices except drives and NICs. On the AArch64 platform, a maximum of 160 MMIO devices can be configured. You are advised to configure a maximum of 12 other devices except drives and NICs. + +### Minimal Configuration + +The minimum configuration for running StratoVirt is as follows: + +- Use the Linux kernel image in PE or bzImage format (x86_64 only). +- Set the rootfs image as the virtio-blk device and add it to kernel parameters. +- Use api-channel to control StratoVirt. +- To use ttyS0 for login, add a serial port to the startup command line and add ttyS0 to kernel parameters. + +### Command Line Configuration + +**Overview** + +Command line configuration directly specifies the VM configuration content using command line parameters. + +**Command Format** + +The format of the command configured by running cmdline is as follows: + +```shell +/path/to/stratovirt -[Parameter 1] [Option] -[Parameter 2] [Option]... +``` + +**Usage Instructions** + +1. To ensure that the socket required by the api-channel can be created, run the following command to clear the environment: + + ```shell + rm [parameter] *[user-defined socket file path]* + ``` + +2. Run the cmdline command. + + ```shell + /path/to/stratovirt -[Parameter 1] [Parameter option] -[Parameter 2] [Parameter option]... + ``` + +**Parameters** + +The following table describes the parameters of the cmdline command. + +Table 1 Parameters in the command line + +| Parameter| Option| Description| +| ---------------- | :----------------------------------------------------------- | ------------------------------------------------------------ | +| -name | *VMname* | Configures the VM name (a string of 1 to 255 characters).| +| -machine | `[type=vm_type]` `[,dump-guest-core=on]`
`[,mem-share=off]` | Configures the VM type. For details, see [VM Types](#vm-types).| +| -kernel | /path/to/vmlinux.bin | Configures the kernel image.| +| -append | console=ttyS0 root=/dev/vda
reboot=k panic=1 rw | Configures kernel command line parameters.| +| -initrd | /path/to/initrd.img | Configures the initrd file.| +| -smp | \[cpus=] CPU count| Configures the number of CPUs. The value range is \[1, 254].| +| -m | Memory size (in bytes), memory size (in MB), and memory size (in GB)| Configures the memory size. The value ranges from 256 MB to 512 GB.| +| -drive | id=rootfs,file=/path/to/rootfs
\[,readonly=false,
direct=true,
serial=serial_num,
>iothread=iothread1,
/iops=200] | Configures the virtio-blk device. For details, see [Drive Configuration](#drive-configuration).| +| -netdev | id=iface_id,netdev=tap0\[,mac=mac_address,
iothread=iothread2] | Configures the virtio-net device. For details, see [NIC Configuration](#nic-configuration).| +| -chardev | id=console_id,path=/path/to/socket | Configures virtio-console. For details, see [Console Device Configuration](#console-device-configuration).| +| -device | vsock,id=vsock_id,guest-cid=3 | Configures vhost-vsock. For details, see [vsock Device Configuration](#vsock-device-configuration).| +| -api-channel | unix:/path/to/socket | Configures api-channel. Before running api-channel, ensure that the socket file does not exist.| +| -serial | stdio | Configures the serial port device.| +| -D | /path/to/logfile | Configures the log file.| +| -pidfile | /path/to/pidfile | Configures the pid file. This parameter must be used together with **-daemonize**. Ensure that the pid file does not exist before running the script.| +| -disable-seccomp | N/A| Disables Seccomp. Seccomp is enabled by default.| +| -daemonize | N/A| Enables daemon processes.| +| -iothread | id="iothread1" | Configures the iothread thread. For details, see [iothread Configuration](#iothread-configuration).| +| -balloon | deflate-on-oom=true | Configures the balloon device. For details, see [Balloon Device Configuration](#balloon-device-configuration).| +| -mem-path | /dev/hugepages | Configures the memory huge pages. For details, see chapter "Best Practices."| +| -rng | random_file=/path/to/random_file
\[,bytes_per_sec=1000000] | Configures the virtio-rng device. For details, see [rng Device Configuration](#rng-device-configuration).| + +**Configuration Example** + +1. Delete the socket file to ensure that the api-channel can be created. + + ```shell + $ rm -f /tmp/stratovirt.socket + ``` + +2. Run StratoVirt. + + ```shell + $ /path/to/stratovirt \ + -kernel /path/to/vmlinux.bin \ + -append console=ttyS0 root=/dev/vda rw reboot=k panic=1 \ + -drive file=/home/rootfs.ext4,id=rootfs,readonly=false \ + -api-channel unix:/tmp/stratovirt.socket \ + -serial stdio + ``` + + After the running is successful, the VM is created and started based on the specified configuration parameters. + +### JSON Configuration + +**Overview** + +Configuration using the JSON file indicates that when running StratoVirt to create a VM, the system reads the specified JSON file that contains the VM configuration. + +**Command Format** + +The format of the command for configuring a VM using the JSON file is as follows. In this command, **/path/to/json** indicates the path of the corresponding file. + +```shell +/path/to/stratovirt -config /path/to/json -[Parameter] [Option] +``` + +**Usage Instructions** + +1. Write the VM configuration to the JSON file. + +2. Run the StratoVirt command to create a VM. + + ```shell + /path/to/stratovirt -config /path/to/json -[Parameter] [Option] + ``` + +**Parameters** + +The following table describes the configurable parameters in the JSON file. + +**Table 2** Parameters in the configuration file + +| Parameter| Option| Description| +| -------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | +| boot-source | "kernel_image_path": "/path/to/vmlinux.bin","boot_args": "console=ttyS0 reboot=k panic=1 pci=off tsc=reliable ipv6.disable=1 root=/dev/vda quiet","initrd_fs_path": "/path/to/initrd.img" | Configures the kernel image and kernel parameters. The `initrd_fs_path` parameter is optional.| +| machine-config | "type": "MicroVm","vcpu_count": 4,"mem_size": 805306368,"dump_guest_core": false,"mem-share": false,"mem_path":"/path/to/backend" | Configures the virtual CPU and memory size. The `dump_guest_core`, `mem-path` and `mem-share` parameters are optional.| +| drive | "drive_id": "rootfs","path_on_host": "/path/to/rootfs.ext4","read_only": false,"direct": true,"serial_num": "xxxxx","iothread": "iothread1","iops": 200 | Configures the virtio-blk drive. The `serial_num`, `iothread`, and `iops` parameters are optional.| +| net | "iface_id": "net0","host_dev_name": "tap0","mac": "xx:xx:xx:xx:xx:xx","iothread": "iothread1" | Configures the virtio-net NIC. The `mac` and `iothread` parameters are optional.| +| console | "console_id": "charconsole0","socket_path": "/path/to/socket" | Configures the virtio-console serial port. Before running the serial port, ensure that the socket file does not exist.| +| vsock | "vsock_id": "vsock0","guest_cid": 3 | Configures the virtio-vsock device.| +| serial | "stdio": true | Configures the serial port device.| +| iothread | "id": "iothread1" | Configures the ID of the iothread for creating a thread named `iothread1`.| +| balloon | "deflate_on_oom": true | Configures the auto deflate feature of balloon.| +|rng | "random_file":"/dev/random",
"bytes_per_sec":1000000000 | Configures the virtio-rng device.| + +The following table lists the parameters running in JSON. + +**Table 3** Parameters running in JSON + +| Parameter| Option| Description| +| ---------------- | -------------------- | ------------------------------------------------------------ | +| -config | /path/to/json | Configures the file path.| +| -api-channel | unix:/path/to/socket | Configures api-channel. Before running api-channel, ensure that the socket file does not exist.| +| -D | /path/to/logfile | Configures the log file.| +| -pidfile | /path/to/pidfile | Configures the PID file, which must be used together with daemonize. Ensure that the pid file does not exist before running the script.| +| -disable-seccomp | N/A | Disables Seccomp. Seccomp is enabled by default.| +| -daemonize | N/A | Enables daemon processes.| + +**Configuration Example** + +1. Create a JSON file, for example, **/home/config.json**. The file content is as follows: + + ```json + { + "boot-source": { + "kernel_image_path": "/path/to/vmlinux.bin", + "boot_args": "console=ttyS0 reboot=k panic=1 pci=off tsc=reliable ipv6.disable=1 root=/dev/vda quiet rw" + }, + "machine-config": { + "type": "MicroVm", + "vcpu_count": 2, + "mem_size": 268435456 + }, + "drive": [ + { + "drive_id": "rootfs", + "path_on_host": "/path/to/rootfs", + "serial_num": "11111111", + "direct": true, + "read_only": false, + "iops": 200000, + "iothread": "iothread2" + } + ], + "net": [ + { + "iface_id": "net0", + "host_dev_name": "tap0", + "mac": "0e:90:df:9f:a8:88", + "iothread": "iothread1" + } + ], + "console": [ + { + "console_id": "charconsole0", + "socket_path": "/path/to/console.socket" + } + ], + "serial": { + "stdio": true + }, + "vsock": { + "vsock_id": "vsock-123321132", + "guest_cid": 4 + }, + "iothread": [ + {"id": "iothread1"}, + {"id": "iothread2"} + ] + } + ``` + +2. Run StratoVirt and read the JSON file to create and start the VM. + + ```shell + $ /path/to/stratovirt \ + -config /home/config.json \ + -api-channel unix:/tmp/stratovirt.socket + ``` + +After the command is executed successfully, the VM is created and started successfully. + +## Configuration Description + +### VM Types + +You can run the **-machine** parameter to specify the type of the VM to be started. + +Parameters + +- **type** (optional): type of the VM to be started. Currently, only **MicroVm** is supported. The default value is **MicroVM**. +- **dump-guest-core** (optional): whether to dump the VM memory when a process panics. +- **mem-share** (optional): whether to share memory with other processes. + +### Drive Configuration + +VM drive configuration includes the following configuration items: + +- **drive_id**: drive ID. +- **path_on_host**: drive path. +- **serial_num** (optional): serial number of the drive. +- **read_only** (optional): whether the drive is read-only. +- **direct** (optional): whether to open the drive in O_DIRECT mode. +- **iothread** (optional): iothread attribute. +- **iops** (optional): drive QoS for limiting drive I/O operations. + +The following describes the **iops** and **iothread** configuration items: + +#### iops: Drive QoS + +##### Introduction + +QoS is short for quality of service. In cloud scenarios, multiple VMs are started on a single host. Because the total drive access bandwidth of the host is limited, when a VM has heavy drive access pressure, it will occupy the access bandwidth of other VMs. As a result, the I/O performance of other VMs will be affected. To reduce the impact between VMs, you can configure QoS to limit the drive access rate of the VMs. + +##### Precautions + +- Currently, QoS supports the configuration of drive IOPS. +- The value range of IOPS is \[0, 1000000]. The value **0** indicates that the IOPS is not limited. The actual IOPS does not exceed the preset value or the upper limit of the actual backend drive performance. +- Only the average IOPS can be limited. Instantaneous burst traffic cannot be limited. + +##### Configuration Methods + +Usage: + +**CLI:** + +```shell +-drive xxx,iops=200 +``` + +Parameters: + +- **iops**: I/O delivery speed of the drive on a VM after IOPS is configured. It does not exceed the value of this parameter. +- *xxx*: other settings of the drive. + +JSON Configuration + +```json +{ + ... + "drive": [ + { + "drive_id": "rootfs", + "path_on_host": "/path/to/block", + ... + "iops": 200 + } + ], + ... +} +``` + +#### iothread + +For details about the iothread configuration, see [iothread Configuration](#iothread-configuration). + +### NIC Configuration + +VM NIC configuration includes the following configuration items: + +- **iface_id**: unique device ID. +- **host_dev_name**: name of the tap device on the host. +- **mac** (optional): MAC address of the VM. +- **iothread** (optional): iothread attribute of the drive. + +For details about the iothread configuration of the NIC, see [iothread Configuration](#iothread-configuration). + +### Console Device Configuration + +virtio-console is a universal serial port device used to transmit data between the guest and host. The configuration items of the console device are as follows: + +- **console_id**: unique device ID. +- **socket_path**: path of the virtio console file. + +Ensure that the console file does not exist before starting StratoVirt. + +### vsock Device Configuration + +The vsock is also a device for communication between the host and guest. It is similar to the console but has better performance. The configuration items are as follows: + +- **vsock_id**: unique device ID. +- **guest_cid**: unique context ID. + +### iothread Configuration + +#### Introduction + +After a VM with the iothread configuration is started on StratoVirt, threads independent of the main thread are started on the host. These independent threads can be used to process I/O requests of devices, improving the device I/O performance and reducing the impact on message processing on the management plane. + +#### Precautions + +- A maximum of eight iothreads can be configured. +- The iothread attribute can be configured for drives and NICs. +- iothreads occupy CPU resources of the host. When the I/O pressure is high in a VM, the CPU resources occupied by a single iothread depend on the drive access speed. For example, a common SATA drive occupies less than 20% CPU resources. + +#### Creating an iothread + +Usage: + +**CLI:** + +```shell +-iothread id=iothread1 -iothread id=iothread2 +``` + +**JSON:** + +```json +"iothread": [ + {"id": "iothread1"}, + {"id": "iothread2"} + ] +``` + +Parameters: + +- **id**: identifies an iothread. This ID can be set to the iothread attribute of the drive or NIC. If iothread is configured in the startup parameter, the thread with the specified ID is started on the host after the VM is started. + +#### Configuring the iothread Attribute for a Drive or NIC + +Usage: + +**CLI-based Configuration** + +```shell +# Drives +-drive xxx,iothread=iothread1 +# NICs +-netdev xxx,iothread=iothread2 +``` + +Parameters: + +1. **iothread**: Set this parameter to the ID of the iothread, indicating the thread that processes the I/O of the local device. +2. *xxx*: other configurations of the drive or NIC. + +**JSON Configuration** + +```json +# Drives +{ + ... + "drive": [ + { + "drive_id": "rootfs", + "path_on_host": "/path/to/block", + ... + "iothread": "iothread1", + } + ], + ... +} +# NICs +{ + ... + "net": [ + { + "iface_id": "tap0", + "host_dev_name": "tap0", + "mac": "12:34:56:78:9A:BC", + "iothread": "iothread2" + } + ] +} +``` + +### Balloon Device Configuration + +#### Introduction + +During running of a VM, the balloon driver in it occupies or releases memory to dynamically adjust the VM's available memory, achieving memory elasticity. + +#### Precautions + +- Before enabling balloon, ensure that the page size of the guest is the same as that of the host. +- The balloon feature must be enabled for the guest kernel. +- When memory elastic scaling is enabled, slight frame freezing may occur in the VM and the memory performance may deteriorate. + +#### Mutually exclusive features + +- This feature is mutually exclusive with huge page memory. +- In the x86 architecture, the number of interrupts is limited. Therefore, the total number of balloon devices and other virtio devices cannot exceed 11. By default, four block devices, two net devices, and one serial port device are used. + +#### Specifications + +- Each VM can be configured with only one balloon device. + +#### Configuration Methods + +- CLI + +```shell +-balloon deflate-on-oom=true +``` + +- JSON file + + ```json + { + "balloon": { + "deflate_on_oom": true + }, + ... + } + ``` + +>![img](./figures/note.png) +> +>1. The value of **deflate-on-oom** is of the Boolean type, indicating whether to enable the auto deflate feature. When this feature is enabled, if the balloon device has reclaimed some memory, it automatically releases the memory to the guest when the guest requires the memory. If this feature is disabled, the memory is not automatically returned. +>2. When running the QMP command to reclaim the VM memory, ensure that the VM has sufficient memory to keep basic running. Otherwise, some operations may time out and the VM cannot apply for idle memory. +>3. If the huge page feature is enabled in the VM, the balloon device cannot reclaim the memory occupied by the huge pages. +>![](./public_sys-resources/icon-notice.gif) **Notice** +>If **deflate-on-oom** is set to **false**, when the guest memory is insufficient, the balloon device does not automatically release the memory. As a result, the guest OOM may occur, the processes may be killed, and even the VM cannot run properly. + +### rng Device Configuration + +virtio-rng is a paravirtualized random number generator that generates hardware random numbers for the guest. The virtio-rng device contains the following configuration items: + +- **random_file**: path of the character device used to generate random numbers on the host, for example, **/dev/random**. +- **bytes_per_sec** (optional): maximum number of characters obtained from a character device per second. + +#### Precautions + +- If the **bytes_per_sec** configuration item is not set, the number of characters obtained from a character device per second is not limited. +- If it needs to be configured, the value range is \[64, 1000000000]. It is recommended that its value not be too small to prevent a slow rate of obtaining random number characters. +- **bytes_per_sec** can only limit the average number of random number characters, but cannot limit the burst traffic. +- When configuring the virtio rng device, check whether the random numbers are sufficient to avoid VM freezing. For example, if the character device path is **/dev/random**, you can run the **/proc/sys/kernel/random/entropy_avail** command to view the size of random numbers. diff --git a/docs/en/docs/StratoVirt/VM_management.md b/docs/en/docs/StratoVirt/VM_management.md new file mode 100644 index 0000000000000000000000000000000000000000..12e8af3460a586882fa8a4d689845b488100553d --- /dev/null +++ b/docs/en/docs/StratoVirt/VM_management.md @@ -0,0 +1,310 @@ +# Managing VMs + +## Overview + +StratoVirt allows you to query VM information and manage VM resources and lifecycle with QMP. To query the information about a VM, connect to the VM first. + +## Querying VM Information + +### Introduction + +StratoVirt can be used to query the VM status, vCPU topology, and vCPU online status. + +### Querying VM Status + +Run the **query-status** command to query the running status of a VM. + +- Usage: + + **{ "execute": "query-status" }** + +- Example: + +```text +<- { "execute": "query-status" } +-> { "return": { "running": true,"singlestep": false,"status": "running" } +``` + +### Querying Topology Information + +Run the **query-cpus** command to query the topologies of all CPUs. + +- Usage: + + **{ "execute": "query-cpus" }** + +- Example: + +```text +<- { "execute": "query-cpus" } +-> {"return":[{"CPU":0,"arch":"x86","current":true,"halted":false,"props":{"core-id":0,"socket-id":0,"thread-id":0},"qom_path":"/machine/unattached/device[0]","thread_id":8439},{"CPU":1,"arch":"x86","current":true,"halted":false,"props":{"core-id":0,"socket-id":1,"thread-id":0},"qom_path":"/machine/unattached/device[1]","thread_id":8440}]} +``` + +### Querying vCPU Online Status + +Run the **query-hotpluggable-cpus** command to query the online/offline statuses of all vCPUs. + +- Usage: + + **{ "execute": "query-hotpluggable-cpus" }** + +- Example: + +```text +<- { "execute": "query-hotpluggable-cpus" } +-> {"return":[{"props":{"core-id":0,"socket-id":0,"thread-id":0},"qom-path":"/machine/unattached/device[0]","type":"host-x86-cpu","vcpus-count":1},{"props":{"core-id":0,"socket-id":1,"thread-id":0},"qom-path":"/machine/unattached/device[1]","type":"host-x86-cpu","vcpus-count":1}]} +``` + +Online vCPUs have the `qom-path` item, while offline vCPUs do not. + +## Managing VM Lifecycle + +### Introduction + +StratoVirt can manage the lifecycle of a VM, including starting, suspending, resuming, and exiting the VM. + +### Creating and Starting a VM + +As described in the "Configuring VMs" chapter, you can specify the VM configuration by using command line parameters or a JSON file, and run the stratovirt command on the host to create and start a VM. + +- When using the command line parameters to specify the VM configuration, run the following command to create and start the VM: + +```shell +/path/to/stratovirt -[Parameter 1] [Parameter option] -[Parameter 2] [Parameter option]... +``` + +- When using the JSON file to specify the VM configuration, run the following command to create and start the VM: + +```shell +/path/to/stratovirt \ + -config /path/to/json \ + -api-channel unix:/path/to/socket +``` + +In the preceding commands, **/path/to/json** indicates the path of the JSON configuration file.**/path/to/socket** indicates the specified socket file, for example, **/tmp/stratovirt.socket**. After the preceding commands are executed, the socket file is automatically created. To properly start the VM, ensure that the socket file does not exist before creating it. + +> ![](./figures/note.png) +> +> After the VM is started, there are two NICs: eth0 and eth1. The two NICs are reserved for hot plugging: eth0 first and then eth1. Currently, only two virtio-net NICs can be hot plugged. + +### Connecting to a VM + +StratoVirt uses QMP to manage VMs. To suspend, resume, or exit a VM, connect it the StratoVirt through QMP first. + +Open a new CLI (CLI B) on the host and run the following command to connect to the api-channel as the **root** user: + +```shell +ncat -U /path/to/socket +``` + +After the connection is set up, you will receive a greeting message from StratoVirt, as shown in the following: + +```text +{"QMP":{"version":{"qemu":{"micro":1,"minor":0,"major":4},"package":""},"capabilities":[]}} +``` + +You can now manage the VM by entering the QMP commands in CLI B. + +> ![](./figures/note.png) +> +> QMP provides stop, cont, quit, and query-status commands to manage and query VM statuses. +> +> All QMP commands for managing VMs are entered in CLI B. `<-` indicates the command input, and `->` indicates the QMP returned result. + +### Suspending a VM + +QMP provides the stop command to suspend a VM, that is, to suspend all vCPUs of the VM. The command syntax is as follows: + +**{"execute":"stop"}** + +**Example:** + +The stop command and the command output are as follows: + +```text +<- {"execute":"stop"} +-> {"event":"STOP","data":{},"timestamp":{"seconds":1583908726,"microseconds":162739}} +-> {"return":{}} +``` + +### Restoring a VM + +QMP provides the cont command to resume a suspended VM, that is, to resume all vCPUs of the VM. The command syntax is as follows: + +**{"execute":"cont"}** + +**Example:** + +The cont command and the command output are as follows: + +```text +<- {"execute":"cont"} +-> {"event":"RESUME","data":{},"timestamp":{"seconds":1583908853,"microseconds":411394}} +-> {"return":{}} +``` + +### Exiting a VM + +QMP provides the quit command to exit a VM, that is, to exit the StratoVirt process. The command syntax is as follows: + +**{"execute":"quit"}** + +**Example:** + +```text +<- {"execute":"quit"} +-> {"return":{}} +-> {"event":"SHUTDOWN","data":{"guest":false,"reason":"host-qmp-quit"},"timestamp":{"ds":1590563776,"microseconds":519808}} +``` + +## Managing VM Resources + +### Hot-Pluggable Disks + +StratoVirt allows you to adjust the number of disks when a VM is running. That is, you can add or delete VM disks without interrupting services. + +#### Hot Plugged-in Disks + +**Usage:** + +```text +{"execute": "blockdev-add", "arguments": {"node-name": "drive-0", "file": {"driver": "file", "filename": "/path/to/block"}, "cache": {"direct": true}, "read-only": false}} +{"execute": "device_add", "arguments": {"id": "drive-0", "driver": "virtio-blk-mmio", "addr": "0x1"}} +``` + +**Parameters:** + +- The value of **node-name** in **blockdev-add** must be the same as the value of **id** in **device_add**. For example, both values are **drive-0** in the preceding example. + +- **/path/to/block** is the image path of the hot plugged-in disks. It cannot be the path of the disk image that boots the rootfs. +- For **addr**, **0x0** is mapped to **vda** of the VM, **0x1** is mapped to **vdb**, and so on. To be compatible with the QMP protocol, **addr** can be replaced by **lun**, but **lun=0** is mapped to the **vdb** of the client. +- StratoVirt supports a maximum of four virtio-blk disks. Note this when hot plugging in disks. + +**Example:** + +```text +<- {"execute": "blockdev-add", "arguments": {"node-name": "drive-0", "file": {"driver": "file", "filename": "/path/to/block"}, "cache": {"direct": true}, "read-only": false}} +-> {"return": {}} +<- {"execute": "device_add", "arguments": {"id": "drive-0", "driver": "virtio-blk-mmio", "addr": "0x1"}} +-> {"return": {}} +``` + +#### Hot Plugged-out Disks + +**Usage:** + +**{"execute": "device_del", "arguments": {"id":"drive-0"}}** + +**Parameters:** + +**id** indicates the ID of the hot plugged-out disk. + +**Example:** + +```text +<- {"execute": "device_del", "arguments": {"id": "drive-0"}} +-> {"event":"DEVICE_DELETED","data":{"device":"drive-0","path":"drive-0"},"timestamp":{"seconds":1598513162,"microseconds":367129}} +-> {"return": {}} +``` + +### Hot-Pluggable NICs + +StratoVirt allows you to adjust the number of NICs when a VM is running. That is, you can add or delete VM NICs without interrupting services. + +#### Hot Plugged-in NICs + +**Preparations (Requiring the root Permission)** + +1. Create and enable a Linux bridge. For example, if the bridge name is **qbr0**, run the following command: + + ```shell + brctl addbr qbr0 + ifconfig qbr0 up + ``` + +2. Create and enable a tap device. For example, if the tap device name is **tap0**, run the following command: + + ```shell + ip tuntap add tap0 mode tap + ifconfig tap0 up + ``` + +3. Add the tap device to the bridge. + +```shell +brctl addif qbr0 tap0 +``` + +**Usage:** + +```text +{"execute":"netdev_add", "arguments":{"id":"net-0", "ifname":"tap0"}} +{"execute":"device_add", "arguments":{"id":"net-0", "driver":"virtio-net-mmio", "addr":"0x0"}} +``` + +**Parameters:** + +- **id** in **netdev_add** must be the same as that in **device_add**. **ifname** is the name of the backend tap device. + +- For **addr**, **0x0** is mapped to **eth0** of the VM, **0x1** is mapped to **eth1**, and so on. + +- StratoVirt supports a maximum of two virtio-net NICs. Therefore, pay attention to the specification restrictions when hot plugging in NICs. + +**Example:** + +```text +<- {"execute":"netdev_add", "arguments":{"id":"net-0", "ifname":"tap0"}} +-> {"return": {}} +<- {"execute":"device_add", "arguments":{"id":"net-0", "driver":"virtio-net-mmio", "addr":"0x0"}} +-> {"return": {}} +``` + +**addr:0x0** corresponds to **eth0** in the VM. + +#### Hot Plugged-out NICs + +**Usage:** + +**{"execute": "device_del", "arguments": {"id": "net-0"}}** + +**Parameters:** + +**id**: NIC ID, for example, **net-0**. + +**Example:** + +```text +<- {"execute": "device_del", "arguments": {"id": "net-0"}} +-> {"event":"DEVICE_DELETED","data":{"device":"net-0","path":"net-0"},"timestamp":{"seconds":1598513339,"microseconds":97310}} +-> {"return": {}} +``` + +## Using Ballon Devices + +The balloon device is used to reclaim idle memory from a VM. It called by running the QMP command. + +**Usage:** + +```text +{"execute": "balloon", "arguments": {"value": 2147483648‬}} +``` + +**Parameters:** + +- **value**: guest memory size to be set. The unit is byte. Memory compression is performed by page. If the value is greater than the memory value configured during VM startup, the latter is used. + +**Example:** + +The memory size configured during VM startup is 4 GiB. If the idle memory of the VM queried by running the free command is greater than 2 GiB, you can run the QMP command to set the guest memory size to 2147483648 bytes. + +```text +<- {"execute": "balloon", "arguments": {"value": 2147483648}} +-> {"return": {}} +``` + +Query the actual memory of the VM: + +```text +<- {"execute": "query-balloon"} +-> {"return":{"actual":2147483648}} +``` diff --git a/docs/en/docs/StratoVirt/figures/StratoVirt_architecture.png b/docs/en/docs/StratoVirt/figures/StratoVirt_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..fd1a07a5458b2b2a61ca062d8ec68d533dd6df20 Binary files /dev/null and b/docs/en/docs/StratoVirt/figures/StratoVirt_architecture.png differ diff --git a/docs/en/docs/StratoVirt/figures/note.png b/docs/en/docs/StratoVirt/figures/note.png new file mode 100644 index 0000000000000000000000000000000000000000..ad5ed3f7beeb01e6a48707c4806606b41d687e22 Binary files /dev/null and b/docs/en/docs/StratoVirt/figures/note.png differ diff --git a/docs/en/docs/StratoVirt/public_sys-resources/icon-caution.gif b/docs/en/docs/StratoVirt/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/docs/StratoVirt/public_sys-resources/icon-caution.gif differ diff --git a/docs/en/docs/StratoVirt/public_sys-resources/icon-danger.gif b/docs/en/docs/StratoVirt/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/docs/StratoVirt/public_sys-resources/icon-danger.gif differ diff --git a/docs/en/docs/StratoVirt/public_sys-resources/icon-note.gif b/docs/en/docs/StratoVirt/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/docs/StratoVirt/public_sys-resources/icon-note.gif differ diff --git a/docs/en/docs/StratoVirt/public_sys-resources/icon-notice.gif b/docs/en/docs/StratoVirt/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/docs/StratoVirt/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/docs/StratoVirt/public_sys-resources/icon-tip.gif b/docs/en/docs/StratoVirt/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/en/docs/StratoVirt/public_sys-resources/icon-tip.gif differ diff --git a/docs/en/docs/StratoVirt/public_sys-resources/icon-warning.gif b/docs/en/docs/StratoVirt/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/en/docs/StratoVirt/public_sys-resources/icon-warning.gif differ diff --git a/docs/en/docs/TailorCustom/figures/lack_pack.png b/docs/en/docs/TailorCustom/figures/lack_pack.png new file mode 100644 index 0000000000000000000000000000000000000000..a4b7f1da15da70f63a86aae360e89017c2b98f2d Binary files /dev/null and b/docs/en/docs/TailorCustom/figures/lack_pack.png differ diff --git a/docs/en/docs/TailorCustom/isocut-usage-guide.md b/docs/en/docs/TailorCustom/isocut-usage-guide.md new file mode 100644 index 0000000000000000000000000000000000000000..bb3d20b41bccb4a216b4b4b7443da02791d156f3 --- /dev/null +++ b/docs/en/docs/TailorCustom/isocut-usage-guide.md @@ -0,0 +1,231 @@ +# isocut Usage Guide + +## Introduction + +The size of an openEuler image is large, and the process of downloading or transferring an image is time-consuming. In addition, when an openEuler image is used to install the OS, all RPM packages contained in the image are installed. You cannot choose to install only the required software packages. + +In some scenarios, you do not need to install the full software package provided by the image, or you need to install additional software packages. Therefore, openEuler provides an image tailoring and customization tool. You can use this tool to customize an ISO image that contains only the required RPM packages based on an openEuler image. The software packages can be the ones contained in an official ISO image or specified in addition to meet custom requirements. + +This document describes how to install and use the openEuler image tailoring and customization tool. + +## Software and Hardware Requirements + +The hardware and software requirements of the computer to make an ISO file using the openEuler tailoring and customization tool are as follows: + +- The CPU architecture is AArch64 or x86_64. +- The operating system is openEuler 20.03 LTS SP4. +- You are advised to reserve at least 30 GB drive space for running the tailoring and customization tool and storing the ISO image. + +## Installation + +The following uses openEuler 20.03 LTS SP4 on the AArch64 architecture as an example to describe how to install the ISO image tailoring and customization tool. + +1. Ensure that openEuler 20.03 LTS SP4 has been installed on the computer. + + ``` shell script + $ cat /etc/openEuler-release + openEuler release 20.03 (LTS-SP4) + ``` + +2. Download the ISO image (must be an **everything** image) of the corresponding architecture and save it to any directory (it is recommended that the available space of the directory be greater than 20 GB). In this example, the ISO image is saved to the **/home/isocut_iso** directory. + + The download address of the AArch64 image is as follows: + + + + > **Note:** + > The download address of the x86_64 image is as follows: + > + > + +3. Create a **/etc/yum.repos.d/local.repo** file to configure the Yum source. The following is an example of the configuration file. **baseurl** is the directory for mounting the ISO image. + + ``` shell script + [local] + name=local + baseurl=file:///home/isocut_mount + gpgcheck=0 + enabled=1 + ``` + +4. Run the following command as the **root** user to mount the image to the **/home/isocut_mount** directory (ensure that the mount directory is the same as **baseurl** configured in the **repo** file) as the Yum source: + + ```shell + sudo mount -o loop /home/isocut_iso/openEuler-20.03-LTS-SP4-everything-aarch64-dvd.iso /home/isocut_mount + ``` + +5. Make the Yum source take effect. + + ```shell + yum clean all + yum makecache + ``` + +6. Install the image tailoring and customization tool as the **root** user. + + ```shell + sudo yum install -y isocut + ``` + +7. Run the following command as the **root** user to verify that the tool has been installed successfully: + + ```shell + $ sudo isocut -h + Checking input ... + usage: isocut [-h] [-t temporary_path] [-r rpm_path] [-k file_path] source_iso dest_iso + + Cut openEuler iso to small one + + positional arguments: + source_iso source iso image + dest_iso destination iso image + + optional arguments: + -h, --help show this help message and exit + -t temporary_path temporary path + -r rpm_path extern rpm packages path + -k file_path kickstart file + ``` + +## Tailoring and Customizing an Image + +This section describes how to use the image tailoring and customization tool to create an image by tailoring or adding RPM packages to an openEuler image. + +### Command Description + +#### Format + +Run the `isocut` command to use the image tailoring and customization tool. The command format is as follows: + +**isocut** \[ --help | -h ] \[ -t <*temp_path*> ] \[ -r <*rpm_path*> ] < *source_iso* > < *dest_iso* > + +#### Parameter Description + +| Parameter| Mandatory| Description| +| ------------ | -------- | -------------------------------------------------------- | +| --help \| -h | No| Queries the help information about the command.| +| -t <*temp_path*> | No| Specifies the temporary directory *temp_path* for running the tool, which is an absolute path. The default value is **/tmp**.| +| -r <*rpm_path*> | No| Specifies the path of the RPM packages to be added to the ISO image.| +| *source_iso* | Yes| Path and name of the ISO source image to be tailored. If no path is specified, the current path is used by default.| +| *dest_iso* | Yes| Specifies the path and name of the new ISO image created by the tool. If no path is specified, the current path is used by default.| + +### Software Package Source + +The RPM packages of the new image can be: + +- Packages contained in an official ISO image. In this case, the RPM packages to be installed are specified in the configuration file **/etc/isocut/rpmlist**. The configuration format is *software_package_name.architecture*. For example, **kernel.aarch64**. + +- Specified in addition. In this case, use the `-r` parameter to specify the path in which the RPM packages are stored when running the `isocut` command and add the RPM package names to the **/etc/isocut/rpmlist** configuration file. (See the name format above.) + + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > + >- When customizing an image, if an RPM package specified in the configuration file cannot be found, the RPM package will not be added to the image. + >- If the dependency of the RPM package is incorrect, an error may be reported when running the tailoring and customization tool. + +### Operation Guide + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- Do not modify or delete the default configuration items in the **/etc/isocut/rpmlist** file. +>- All `isocut` operations require **root** permissions. +>- The source image to be tailored can be a basic image or **everything** image. In this example, the basic image **openEuler-20.03-LTS-SP4-aarch64-dvd.iso** is used. +>- In this example, assume that the new image is named **new.iso** and stored in the **/home/result** directory, the temporary directory for running the tool is **/home/temp**, and the additional RPM packages are stored in the **/home/rpms** directory. + +1. Open the configuration file **/etc/isocut/rpmlist** and specify the RPM packages to be installed (from the official ISO image). + + ``` shell script + sudo vi /etc/isocut/rpmlist + ``` + +2. Ensure that the space of the temporary directory for running the image tailoring and customization tool is greater than 8 GB. The default temporary directory is**/tmp**. You can also use the `-t` parameter to specify another directory as the temporary directory. The path of the directory must be an absolute path. In this example, the **/home/temp** directory is used. The following command output indicates that the available drive space of the **/home** directory is 38 GB, which meets the requirements. + + ```shell + $ df -h + Filesystem Size Used Avail Use% Mounted on + devtmpfs 1.2G 0 1.2G 0% /dev + tmpfs 1.5G 0 1.5G 0% /dev/shm + tmpfs 1.5G 23M 1.5G 2% /run + tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup + /dev/mapper/openeuler_openeuler-root 69G 2.8G 63G 5% / + /dev/sda2 976M 114M 796M 13% /boot + /dev/mapper/openeuler_openeuler-home 61G 21G 38G 35% /home + ``` + +3. Tailor and customize the image. + + **Scenario 1**: All RPM packages of the new image are from the official ISO image. + + ``` shell script + $ sudo isocut -t /home/temp /home/isocut_iso/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /home/result/new.iso + Checking input ... + Checking user ... + Checking necessary tools ... + Initing workspace ... + Copying basic part of iso image ... + Downloading rpms ... + Finish create yum conf + finished + Regenerating repodata ... + Checking rpm deps ... + Getting the description of iso image ... + Remaking iso ... + Adding checksum for iso ... + Adding sha256sum for iso ... + ISO cutout succeeded, enjoy your new image "/home/result/new.iso" + isocut.lock unlocked ... + ``` + + If the preceding information is displayed, the custom image **new.iso** is successfully created. + + **Scenario 2**: The RPM packages of the new image are from the official ISO image and additional packages in **/home/rpms**. + + ```shell + sudo isocut -t /home/temp -r /home/rpms /home/isocut_iso/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /home/result/new.iso + ``` + +## FAQs + +### The System Fails to Be Installed Using an Image Tailored Based on the Default RPM Package List + +#### Context + +When isocut is used to tailor an image, the **/etc/isocut/rpmlist** configuration file is used to specify the software packages to be installed. + +Images of different OS versions contain different software packages. As a result, some packages may be missing during image tailoring. +Therefore, the **/etc/isocut/rpmlist** file contains only the kernel software package by default, +ensuring that the image can be successfully tailored. + +#### Symptom + +The ISO image is successfully tailored using the default configuration, but fails to be installed. + +An error message is displayed during the installation, indicating that packages are missing: + +![](./figures/lack_pack.png) + +#### Possible Cause + +The ISO image tailored based on the default RPM package list lacks necessary RPM packages during installation. +The missing RPM packages are displayed in the error message, and may vary depending on the version. + +#### Solution + +1. Add the missing packages. + + 1. Find the missing RPM packages based on the error message. + 2. Add the missing RPM packages to the **/etc/isocut/rpmlist** configuration file. + 3. Tailor and install the ISO image again. + + For example, if the missing packages are those in the example error message, modify the **rpmlist** configuration file as follows: + + ```shell + $ cat /etc/isocut/rpmlist + kernel.aarch64 + lvm2.aarch64 + chrony.aarch64 + authselect.aarch64 + shim.aarch64 + efibootmgr.aarch64 + grub2-efi-aa64.aarch64 + dosfstools.aarch64 + ``` diff --git a/docs/en/docs/TailorCustom/overview.md b/docs/en/docs/TailorCustom/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..053bc0b8481c1b95bbdba0abbe17e94ff674f4fa --- /dev/null +++ b/docs/en/docs/TailorCustom/overview.md @@ -0,0 +1,3 @@ +# Tailoring and Customization Tool Usage Guide + +This document describes the tailoring and customization tool of openEuler, including the introduction, installation, and usage. \ No newline at end of file diff --git a/docs/en/docs/TailorCustom/public_sys-resources/icon-note.gif b/docs/en/docs/TailorCustom/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/docs/TailorCustom/public_sys-resources/icon-note.gif differ diff --git a/docs/en/docs/Virtualization/LibcarePlus.md b/docs/en/docs/Virtualization/LibcarePlus.md new file mode 100644 index 0000000000000000000000000000000000000000..aff1663878b4b10e208617417ed9fd98d5371500 --- /dev/null +++ b/docs/en/docs/Virtualization/LibcarePlus.md @@ -0,0 +1,381 @@ +# LibcarePlus + + + +- [LibcarePlus](#libcareplus) + - [Overview](#overview) + - [Hardware and Software Requirements](#hardware-and-software-requirements) + - [Precautions and Constraints](#precautions-and-constraints) + - [Installing LibcarePlus](#installing-libcareplus) + - [Software Installation Dependencies](#software-installation-dependencies) + - [Installing LibcarePlus](#installing-libcareplus-1) + - [Creating LibcarePlus Hot Patches](#creating-libcareplus-hot-patches) + - [Introduction](#introduction) + - [Manual Creation](#manual-creation) + - [Creation Through a Script](#creation-through-a-script) + - [Applying the LibcarePlus Hot Patch](#applying-the-libcareplus-hot-patch) + - [Preparation](#preparation) + - [Loading the Hot Patch](#loading-the-hot-patch) + - [Uninstalling the Hot Patch](#uninstalling-the-hot-patch) + + + +## Overview + +LibcarePlus is a hot patch framework for user-mode processes. It can perform hot patch operations on target processes running on the Linux system without restarting the processes. Hot patches can be used to fix CVEs and urgent bugs that do not interrupt application services. + +## Hardware and Software Requirements + +The following software and hardware requirements must be met to use LibcarePlus on openEuler: + +- Currently, only the x86 architecture is supported. + +- LibcarePlus can run on any Linux distribution that supports **libunwind**, **elfutils**, and **binutils**. However, this feature has been verified only on openEuler 20.03 LTS SP1. + +## Precautions and Constraints + +When using LibcarePlus, comply with the following hot patch specifications and constraints: + +- Only the code written in the C language is supported. The assembly language is not supported. +- Only user-mode programs are supported. Dynamic library patches are not supported. +- The code file name must comply with the C language identifier naming specifications. That is, the code file name consists of letters (A-Z and a-z), digits (0-9), and underscores (_) but the first character cannot be a digit. Special characters such as hyphens (-) and dollar signs ($) are not allowed. +- Incremental patches are not supported. That is, the new patch can be loaded only after the original patch is uninstalled. +- Automatic patch loading is not supported. +- Patch query is not supported. +- The output and input parameters of the target function for which the hot patch is installed cannot be added or deleted. +- The static function patch is restricted by the symbol table that can find the function in the system. +- The dynamic library hot patch can be installed only for the process that calls the dynamic library. +- Hot patches are not supported in the following scenarios: + - Infinite loop function, non-exit function, inline function, initialization function, and non-maskable interrupt (NMI) function + - Replacing global variables + - Modifying the header file + - Changing (adding, deleting, or modifying) data structure members + - Dynamic library, static function, and static variables + - Modifying global variables, TLS variables, and RCU variables + - Modifying the C files that contain GCC macros such as __LINE__ and __FILE__ + - Modifying the Intel vector assembly instruction + +## Installing LibcarePlus + +### Software Installation Dependencies + +The LibcarePlus running depends on **libunwind**, **elfutils**, and **binutils**. On the openEuler system configured with the yum repo, you can run the following commands to install the software on which LibcarePlus depends: + +``` shell +$ sudo yum install -y binutils elfutils elfutils-libelf-devel libunwind-devel +``` + +#### Installing LibcarePlus + +```shell +$ yum install LibcarePlus -y +``` + +Check whether LibcarePlus is installed. + +``` shell +$ libcare-ctl -help +usage: libcare-ctl [options] [args] + +Options: + -v - verbose mode + -h - this message + +Commands: + patch - apply patch to a user-space process + unpatch- unapply patch from a user-space process + info - show info on applied patches + server - listen on a unix socket for commands +``` + +## Creating LibcarePlus Hot Patches + +### Introduction + +LibcarePlus hot patch creation methods: + +- Manual creation +- Creation through a script + +The process of manually creating a hot patch is complex. For a project with a large amount of code, for example, QEMU, it is extremely difficult to manually create a hot patch. You are advised to use the script provided by LibcarePlus to generate a hot patch file with one click. + +#### Manual Creation + +The following takes the original file foo.c and the patch file bar.c as examples to describe how to manually create a hot patch. + +1. Prepare the original file and patch file written in the C language. For example, foo.c and bar.c. + +
+ Expand foo.c +

+ + ``` c + // foo.c + #include + #include + + void print_hello(void) + { + printf("Hello world!\n"); + } + + int main(void) + { + while (1) { + print_hello(); + sleep(1); + } + } + ``` + +

+
+ +
+ Expand bar.c +

+ + ``` c + // bar.c + #include + #include + + void print_hello(void) + { + printf("Hello world %s!\n", "being patched"); + } + + int main(void) + { + while (1) { + print_hello(); + sleep(1); + } + } + ``` + +

+
+ +2. Build the original file and patch file to obtain the assembly files **foo.s** and **bar.s**. + + ``` shell + $ gcc -S foo.c + $ gcc -S bar.c + $ ls + bar.c bar.s foo.c foo.s + ``` + +3. Use **kpatch_gensrc** to compare foo.s and bar.s and generate the foobar.s file that contains the assembly content of the original file and the differences. + + ``` shell + $ sed -i 's/bar.c/foo.c/' bar.s + $ kpatch_gensrc --os=rhel6 -i foo.s -i bar.s -o foobar.s --force-global + ``` + + By default, **kpatch_gensrc** compares the original files in the same C language. Therefore, before the comparison, you need to run the sed command to change the file name bar.c in the patch assembly file bar.s to the original file name foo.c. Call **kpatch_gensrc** to specify the input files as foo.s and bar.s and the output file as foobar.s. + +4. Build the assembly file foo.s in the original file and the generated assembly file foobar.s to obtain the executable files foo and foobar. + + ``` shell + $ gcc -o foo foo.s + $ gcc -o foobar foobar.s -Wl,-q + ``` + + + +5. Use **kpatch_strip** to remove the duplicate content from the executable foo and foobar and reserve the content required for creating hot patches. + + ``` shell + $ kpatch_strip --strip foobar foobar.stripped + $ kpatch_strip --rel-fixup foo foobar.stripped + $ strip --strip-unneeded foobar.stripped + $ kpatch_strip --undo-link foo foobar.stripped + ``` + + The options in the preceding command are described as follows: + + - **--strip** removes useless sections for patch creation from the foobar. + - **--rel-fixup** repairs the address of the variables and functions accessed in the patch. + - **strip --strip-unneeded** removes the useless symbol information for hot patch relocation. + - **--undo-link** changes the symbol address in a patch from absolute to relative. + +6. Create a hot patch file. + + After the preceding operations, the contents required for creating the hot patch are obtained. Run the **kpatch_make** command to input parameters **Build ID** of the original executable file and **foobar.stripped** (output file of **kpatch_strip**) to **kpatch_make** to generate a hot patch file. + + ``` shell + $ str=$(readelf -n foo | grep 'Build ID') + $ substr=${str##* } + $ kpatch_make -b $substr -i 0001 foobar.stripped -o foo.kpatch + $ ls + bar.c bar.s foo foobar foobar.s foobar.stripped foo.c foo.kpatch foo.s + ``` + + The final hot patch file foo.kpatch is obtained. + +#### Creation Through a Script + +This section describes how to use LibcarePlus built-in **libcare-patch-make** script to create a hot patch file. The original file foo.c and patch file bar.c are used as an example. + +1. Run the diff command to generate the comparison file of foo.c and bar.c. + + ``` shell + $ diff -up foo.c bar.c > foo.patch + ``` + + The content of the foo.patch file is as follows: + +
+ Expand foo.patch +

+ + + ``` diff + --- foo.c 2020-12-09 15:39:51.159632075 +0800 + +++ bar.c 2020-12-09 15:40:03.818632220 +0800 + @@ -1,10 +1,10 @@ + -// foo.c + +// bar.c + #include + #include + + void i_m_being_patched(void) + { + - printf("i'm unpatched!\n"); + + printf("you patched my %s\n", "tralala"); + } + + int main(void) + ``` + +

+
+ + +2. Write the makefile for building foo.c as follows: + +
+ Expand makefile +

+ + ``` makefile + all: foo + + foo: foo.c + $(CC) -o $@ $< + + clean: + rm -f foo + + install: foo + mkdir $$DESTDIR || : + cp foo $$DESTDIR + ``` + +

+
+ + +3. After the makefile is done, directly call **libcare-patch-make**. If **libcare-patch-make** asks you which file to install the patch, enter the original file name, as shown in the following: + + ``` shell + $ libcare-patch-make --clean -i 0001 foo.patch + rm -f foo + BUILDING ORIGINAL CODE + /usr/local/bin/libcare-cc -o foo foo.c + INSTALLING ORIGINAL OBJECTS INTO /libcareplus/test/lpmake + mkdir $DESTDIR || : + cp foo $DESTDIR + applying foo.patch... + can't find file to patch at input line 3 + Perhaps you used the wrong -p or --strip option? + The text leading up to this was: + -------------------------- + |--- foo.c 2020-12-10 09:43:04.445375845 +0800 + |+++ bar.c 2020-12-10 09:48:36.778379648 +0800 + -------------------------- + File to patch: foo.c + patching file foo.c + BUILDING PATCHED CODE + /usr/local/bin/libcare-cc -o foo foo.c + INSTALLING PATCHED OBJECTS INTO /libcareplus/test/.lpmaketmp/patched + mkdir $DESTDIR || : + cp foo $DESTDIR + MAKING PATCHES + Fixing up relocation printf@@GLIBC_2.2.5+fffffffffffffffc + Fixing up relocation print_hello+0 + patch for /libcareplus/test/lpmake/foo is in /libcareplus/test/patchroot/700297b7bc56a11e1d5a6fb564c2a5bc5b282082.kpatch + ``` + + After the command is executed, the output indicates that the hot patch file is in the **patchroot** directory of the current directory, and the executable file is in the **lpmake** directory. By default, the Build ID is used to name a hot patch file generated by a script. + + + +## Applying the LibcarePlus Hot Patch + +This following uses the original file **foo.c** and patch file **bar.c** as an example to describe how to use the LibcarePlus hot patch. + +### Preparation + +Before using the LibcarePlus hot patch, prepare the original executable program foo and hot patch file foo.kpatch. + +### Loading the Hot Patch + +The procedure for applying the LibcarePlus hot patch is as follows: + +1. In the first shell window, run the executable program to be patched: + + ``` shell + $ ./lpmake/foo + Hello world! + Hello world! + Hello world! + ``` + +2. In the second shell window, run the **libcare-ctl** command to apply the hot patch: + + ``` shell + $ libcare-ctl -v patch -p $(pidof foo) ./foo.kpatch + ``` + + If the hot patch is applied successfully, the following information is displayed in the second shell window: + + ``` shell + 1 patch hunk(s) have been successfully applied to PID '10999' + ``` + + The following information is displayed for the target process running in the first shell window: + + ``` shell + Hello world! + Hello world! + Hello world being patched! + Hello world being patched! + ``` + + +### Uninstalling the Hot Patch + +The procedure for uninstalling the LibcarePlus hot patch is as follows: + +1. Run the following command in the second shell window: + + ``` shell + $ libcare-ctl unpatch -p $(pidof foo) -i 0001 + ``` + + If the hot patch is uninstalled successfully, the following information is displayed in the second shell window: + + ``` shell + 1 patch hunk(s) were successfully cancelled from PID '10999' + ``` + +2. The following information is displayed for the target process running in the first shell window: + + ``` shell + Hello world being patched! + Hello world being patched! + Hello world! + Hello world! + ``` diff --git a/docs/en/docs/Virtualization/best-practices.md b/docs/en/docs/Virtualization/best-practices.md index 2f7a1173fd0bb734f917ab37626d2422e7dabe88..001841f2a1b342840b0b14fe79e9b88b9f380349 100644 --- a/docs/en/docs/Virtualization/best-practices.md +++ b/docs/en/docs/Virtualization/best-practices.md @@ -1,16 +1,5 @@ # Best Practices -- [Best Practices](#best-practices) - - [Performance Best Practices](#performance-best-practices) - - [Halt-Polling](#halt-polling) - - [I/O Thread Configuration](#i-o-thread-configuration) - - [Raw Device Mapping](#raw-device-mapping) - - [kworker Isolation and Binding](#kworker-isolation-and-binding) - - [HugePage Memory](#hugepage-memory) - - [Security Best Practices](#security-best-practices) - - [Libvirt Authentication](#libvirt-authentication) - - [qemu-ga](#qemu-ga) - - [sVirt Protection](#svirt-protection) ## Performance Best Practices @@ -44,7 +33,7 @@ By default, QEMU main threads handle backend VM read and write operations on the You can configure the I/O thread attribute for the virtio-blk disk or virtio-scsi controller. At the QEMU backend, an I/O thread is used to process read and write requests of a virtual disk. The mapping relationship between the I/O thread and the virtio-blk disk or virtio-scsi controller can be a one-to-one relationship to minimize the impact on the QEMU main thread, enhance the overall I/O performance of the VM, and improve user experience. -#### Configuration Description +#### Instructions To use I/O threads to process VM disk read and write requests, you need to modify VM configurations as follows: @@ -59,7 +48,7 @@ To use I/O threads to process VM disk read and write requests, you need to modif 4 ``` -- Configure the I/O thread attribute for the virtio-blk disk. **** indicates I/O thread IDs. The IDs start from 1 and each ID must be unique. The maximum ID is the value of ****. For example, to allocate I/O thread 2 to the virtio-blk disk, set parameters as follows: +- Configure the I/O thread attribute for the virtio-blk disk. <**iothread\**> indicates I/O thread IDs. The IDs start from 1 and each ID must be unique. The maximum ID is the value of . For example, to allocate I/O thread 2 to the virtio-blk disk, set parameters as follows: ``` @@ -100,7 +89,7 @@ When configuring VM storage devices, you can use configuration files to configur RDM can be classified into virtual RDM and physical RDM based on backend implementation features. Compared with virtual RDM, physical RDM provides better performance and more SCSI commands. However, for physical RDM, the entire SCSI disk needs to be mounted to a VM for use. If partitions or logical volumes are used for configuration, the VM cannot identify the disk. -#### Configuration Example +#### Instructions VM configuration files need to be modified for RDM. The following is a configuration example. @@ -204,7 +193,7 @@ If VMs use static HugePages, you can disable THP to reduce the overhead of the h The preceding XML segment indicates that a 2 MB static HugePage is configured for the VM. -- Configure transparent HugePage. +- Configure the THP. Dynamically enable the THP through sysfs. @@ -218,8 +207,57 @@ If VMs use static HugePages, you can disable THP to reduce the overhead of the h # echo never > /sys/kernel/mm/transparent_hugepage/enabled ``` +### Guest-Idle-Haltpoll + +#### Overview + +To ensure fairness and reduce power consumption, when the vCPU of a VM is idle, the VM executes the WFx/HLT instruction to exit to the host machine and triggers a context switching. The host machine determines whether to schedule other processes or vCPUs on the physical CPU or enter the energy saving mode. However, overheads of switching between a virtual machine and a host machine, additional context switching, and IPI wakeup are relatively high, and this problem is particularly prominent in services where sleep and wakeup are frequently performed. The Guest-Idle-Haltpoll technology indicates that when the vCPU of a VM is idle, the WFx/HLT is not executed immediately and VM-exit occurs. Instead, polling is performed on the VM for a period of time. During this period, the tasks of other vCPUs that share the LLC on the vCPU are woken up without sending IPI interrupts. This reduces the overhead of sending and receiving IPI interrupts and the overhead of VM-exit, thereby reducing the task wakeup latency. + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>The execution of the **idle-haltpoll** command by the vCPU on the VM increases the CPU overhead of the vCPU on the host machine. Therefore, it is recommended that the vCPU exclusively occupy physical cores on the host machine when this feature is enabled. + +#### Instructions + +The Guest-Idle-Haltpoll feature is disabled by default. The following describes how to enable this feature. +1. Enable the Guest-Idle-Haltpoll feature. + - If the processor architecture of the host machine is x86, you can configure **cpuidle\_haltpoll.force=Y** in the VM kernel startup parameters to forcibly enable the function. This method does not depend on the host machine configuration that vCPUs exclusively occupy physical cores. + ``` + cpuidle_haltpoll.force=Y + ``` + - If the processor architecture of the host machine is AArch64, this feature can be enabled only by configuring **cpuidle\_haltpoll.force=Y haltpoll.enable=Y** in the VM kernel startup parameters. + + ``` + cpuidle_haltpoll.force=Y haltpoll.enable=Y + ``` -## security Best Practices +2. Check whether the Guest-Idle-Haltpoll feature takes effect. Run the following command on the VM. If **haltpoll** is returned, the feature has taken effect. + + ``` + # cat /sys/devices/system/cpu/cpuidle/current_driver + ``` + +3. (Optional) Set the Guest-Idle-Haltpoll parameter. + The following configuration files are provided in the **/sys/module/haltpoll/parameters/** directory of the VM. You can adjust the configuration parameters based on service characteristics. + + - **guest\_halt\_poll\_ns**: a global parameter that specifies the maximum polling duration after the vCPU is idle. The default value is **200000** (unit: ns). + - **guest\_halt\_poll\_shrink**: a divisor that is used to shrink the current vCPU **guest\_halt\_poll\_ns** when the wakeup event occurs after the global **guest\_halt\_poll\_ns** time. The default value is **2**. + - **guest\_halt\_poll\_grow**: a multiplier that is used to extend the current vCPU **guest\_halt\_poll\_ns** when the wakeup event occurs after the current vCPU **guest\_halt\_poll\_ns** and before the global **guest\_halt\_poll\_ns**. The default value is **2**. + - **guest\_halt\_poll\_grow\_start**: When the system is idle, the **guest\_halt\_poll\_ns** of each vCPU reaches 0. This parameter is used to set the initial value of the current vCPU **guest\_halt\_poll\_ns** to facilitate scaling in and scaling out of the vCPU polling duration. The default value is **50000** (unit: ns). + - **guest\_halt\_poll\_allow\_shrink**: a switch that is used to enable vCPU **guest\_halt\_poll\_ns** scale-in. The default value is **Y**. (**Y** indicates enabling the scale-in; **N** indicates disabling the scale-in.) + + You can run the following command as the **root** user to change the parameter values. In the preceding command, _value_ indicates the parameter value to be set, and _configFile_ indicates the corresponding configuration file. + + ``` + # echo value > /sys/module/haltpoll/parameters/configFile + ``` + + For example, to set the global **guest\_halt\_poll\_ns** to **200000** ns, run the following command: + + ``` + # echo 200000 > /sys/module/haltpoll/parameters/guest_halt_poll_ns + ``` + +## Security Best Practices ### Libvirt Authentication @@ -341,7 +379,7 @@ To add a qemu-ga blacklist, perform the following steps: ``` -1. Set the blacklist. Add the commands to be shielded to **--blacklist** in the **/usr/lib/systemd/system/qemu-guest-agent.service** file. Use spaces to separate different commands. For example, to add the **guest-file-open** and **guest-file-close** commands to the blacklist, configure the file by referring to the following: +3. Set the blacklist. Add the commands to be shielded to **--blacklist** in the **/usr/lib/systemd/system/qemu-guest-agent.service** file. Use spaces to separate different commands. For example, to add the **guest-file-open** and **guest-file-close** commands to the blacklist, configure the file by referring to the following: ``` [Service] @@ -350,14 +388,14 @@ To add a qemu-ga blacklist, perform the following steps: ``` -1. Restart the qemu-guest-agent service. +4. Restart the qemu-guest-agent service. ``` # systemctl daemon-reload # systemctl restart qemu-guest-agent ``` -2. Check whether the qemu-ga blacklist function takes effect on the VM, that is, whether the **--blacklist** parameter configured for the qemu-ga process is correct. +5. Check whether the qemu-ga blacklist function takes effect on the VM, that is, whether the **--blacklist** parameter configured for the qemu-ga process is correct. ``` # ps -ef|grep qemu-ga|grep -E "blacklist=|b=" @@ -376,22 +414,23 @@ In a virtualization environment that uses the discretionary access control \(DAC #### Enabling sVirt Protection -1. Enable SELinux on the host. - 1. Log in to the host. - 2. Enable the SELinux function on the host. - 1. Modify the system startup parameter file **grub.cfg** to set **selinux** to **1**. +I. Enable SELinux on the host. + 1. Log in to the host. + 2. Enable the SELinux function on the host. + a. Modify the system startup parameter file **grub.cfg** to set **selinux** to **1**. ``` selinux=1 ``` - 2. Modify **/etc/selinux/config** to set the **SELINUX** to **enforcing**. + + b. Modify **/etc/selinux/config** to set the **SELINUX** to **enforcing**. ``` SELINUX=enforcing ``` - 3. Restart the host. + 3. Restart the host. ``` # reboot @@ -399,27 +438,26 @@ In a virtualization environment that uses the discretionary access control \(DAC -1. Create a VM where the sVirt function is enabled. - 1. Add the following information to the VM configuration file: +II. Create a VM where the sVirt function is enabled. + 1. Add the following information to the VM configuration file: ``` ``` - Or check whether the following configuration exists in the file: + Or check whether the following configuration exists in the file: ``` ``` - 2. Create a VM. + 2. Create a VM. ``` # virsh define openEulerVM.xml ``` -2. Check whether sVirt is enabled. - +III. Check whether sVirt is enabled. Run the following command to check whether sVirt protection has been enabled for the QEMU process of the running VM. If **svirt\_t:s0:c** exists, sVirt protection has been enabled. ``` @@ -428,4 +466,3 @@ In a virtualization environment that uses the discretionary access control \(DAC system_u:system_r:svirt_t:s0:c427,c670 13790 ? 19:02:07 qemu-kvm ``` - diff --git a/docs/en/docs/Virtualization/environment-preparation.md b/docs/en/docs/Virtualization/environment-preparation.md index dd5010c7694264e7d1cd892184caca13b9e9046d..688d366e70b75a6cea5784c2689acd61f523317e 100644 --- a/docs/en/docs/Virtualization/environment-preparation.md +++ b/docs/en/docs/Virtualization/environment-preparation.md @@ -4,6 +4,7 @@ - [Preparing a VM Image](#preparing-a-vm-image) - [Preparing the VM Network](#preparing-the-vm-network) - [Preparing Boot Firmware](#preparing-boot-firmware) + - [Configuring a Non-root User](#configuring-a-non-root-user) ## Preparing a VM Image @@ -15,47 +16,46 @@ A VM image is a file that contains a virtual disk that has been installed and ca To create a qcow2 image file, perform the following steps: -1. Install the **qemu-img** software package. +1. Install the **qemu-img** software package. - ``` - # yum install -y qemu-img + ```shell + yum install -y qemu-img ``` -2. Run the **create** command of the qemu-img tool to create an image file. The command format is as follows: +2. Run the `create` command of the qemu-img tool to create an image file. The command format is as follows: - ``` - $ qemu-img create -f -o + ```shell + qemu-img create -f -o ``` The parameters are described as follows: - - _imgFormat_: Image format. The value can be **raw** or **qcow2**. - - _fileOption_: File option, which is used to set features of an image file, such as specifying a backend image file, compression, and encryption. - - _fileName_: File name. - - _diskSize_: Disk size, which specifies the size of a block disk. The unit can be K, M, G, or T, indicating KiB, MiB, GiB, or TiB. + - _imgFormat_: Image format. The value can be **raw** or **qcow2**. + - _fileOption_: File option, which is used to set features of an image file, such as specifying a backend image file, compression, and encryption. + - _fileName_: File name. + - _diskSize_: Disk size, which specifies the size of a block disk. The unit can be K, M, G, or T, indicating KiB, MiB, GiB, or TiB. - For example, to create an image file openEuler-imge.qcow2 whose disk size is 4 GB and format is qcow2, the command and output are as follows: + For example, to create an image file openEuler-image.qcow2 whose disk size is 4 GB and format is qcow2, the command and output are as follows: - ``` + ```shell $ qemu-img create -f qcow2 openEuler-image.qcow2 4G Formatting 'openEuler-image.qcow2', fmt=qcow2 size=4294967296 cluster_size=65536 lazy_refcounts=off refcount_bits=16 ``` - ### Changing the Image Disk Space If a VM requires larger disk space, you can use the qemu-img tool to change the disk space of the VM image. The method is as follows: -1. Run the following command to query the disk space of the VM image: +1. Run the following command to query the disk space of the VM image: - ``` - # qemu-img info + ```shell + qemu-img info ``` For example, if the command and output for querying the disk space of the openEuler-image.qcow2 image are as follows, the disk space of the image is 4 GiB. - ``` - # qemu-img info openEuler-image.qcow2 + ```shell + $ qemu-img info openEuler-image.qcow2 image: openEuler-image.qcow2 file format: qcow2 virtual size: 4.0G (4294967296 bytes) @@ -68,29 +68,45 @@ If a VM requires larger disk space, you can use the qemu-img tool to change the corrupt: false ``` -2. Run the following command to change the image disk space. In the command, _imgFiLeName_ indicates the image name, and **+** and **-** indicate the image disk space to be increased and decreased, respectively. The unit is KB, MB, GB, and T, indicating KiB, MiB, GiB, and TiB, respectively. +2. Run the following command to change the image disk space. In the command, _imgFileName_ indicates the image name, and **+** and **-** indicate the image disk space to be increased and decreased, respectively. The unit is KB, MB, GB, and T, indicating KiB, MiB, GiB, and TiB, respectively. - ``` - # qemu-img resize [+|-] + ```shell + qemu-img resize [+|-] ``` For example, to expand the disk space of the openEuler-image.qcow2 image to 24 GiB, that is, to add 20 GiB to the original 4 GiB, the command and output are as follows: - ``` - # qemu-img resize openEuler-image.qcow2 +20G + ```shell + $ qemu-img resize openEuler-image.qcow2 +20G Image resized. ``` -3. Run the following command to check whether the image disk space is changed successfully: + If the following message is displayed after running `qemu-img resize openEuler-image.qcow2 +20G`, the QCOW2 file is being used by another process, that is, a VM has been created using the file. + ```text + qemu-img: Could not open 'openEuler-image.qcow2': Failed to get "write" lock + Is another process using the image [openEuler-image.qcow2]? ``` - # qemu-img info + + To properly run the command, close the VM and then change the image disk space as follows: + + ```shell + $ virsh destroy 。 + Domain destroyed + $ qemu-img resize openEuler-image.qcow2 +20G + Image resized. ``` - For example, if the openEuler-image.qcow2 image disk space has been expanded to 24 GiB, the command and output are as follows: +3. Run the following command to check whether the image disk space is changed successfully: + ```shell + qemu-img info ``` - # qemu-img info openEuler-image.qcow2 + + For example, if the openEuler-image.qcow2 image disk space has been expanded to 24 GiB, the command and output are as follows: + + ```shell + $ qemu-img info openEuler-image.qcow2 image: openEuler-image.qcow2 file format: qcow2 virtual size: 24G (25769803776 bytes) @@ -103,13 +119,11 @@ If a VM requires larger disk space, you can use the qemu-img tool to change the corrupt: false ``` - - ## Preparing the VM Network ### Overview -To enable the VM to communicate with external networks, you need to configure the network environment for the VM. KVM virtualization supports multiple types of bridges, such as Linux bridge and Open vSwitch bridge. As shown in [Figure 1](#fig1785384714917), the data transmission path is **VM \> virtual NIC device \> Linux bridge or Open vSwitch bridge \> physical NIC**. In addition to configuring virtual NICs \(vNICs\) for VMs, creating a bridge for a host is the key to connecting to a virtualized network. +To enable the VM to communicate with external networks, you need to configure the network environment for the VM. KVM virtualization supports multiple types of bridges, such as Linux bridge and Open vSwitch bridge. As shown in [Figure 1](#fig1785384714917), the data transmission path is **VM \> virtual NIC device \> Linux bridge** or **Open vSwitch bridge \> physical NIC**. In addition to configuring virtual NICs \(vNICs\) for VMs, creating a bridge for a host is the key to connecting to a virtualized network. This section describes how to set up a Linux bridge and an Open vSwitch bridge to connect a VM to the network. You can select a bridge type based on the site requirements. @@ -120,47 +134,49 @@ This section describes how to set up a Linux bridge and an Open vSwitch bridge t The following describes how to bind the physical NIC eth0 to the Linux bridge br0. -1. Install the **bridge-utils** software package. +1. Install the **bridge-utils** software package. - The Linux bridge is managed by the brctl tool. The corresponding installation package is bridge-utils. The installation command is as follows: + The Linux bridge is managed by the brctl tool, which corresponds to the bridge-utils package. The net-tools package contains Linux network configuration and management tools. The installation command is as follows: - ``` - # yum install -y bridge-utils + ```shell + yum install -y bridge-utils net-tools ``` -2. Create bridge br0. +2. Create bridge br0. - ``` - # brctl addbr br0 + ```shell + brctl addbr br0 ``` -3. Bind the physical NIC eth0 to the Linux bridge. +3. Bind the physical NIC eth0 to the Linux bridge. - ``` - # brctl addif br0 eth0 + ```shell + yum install -y net-tools + brctl addif br0 eth0 ``` -4. After eth0 is connected to the bridge, the IP address of eth0 is set to 0.0.0.0. + >![](./public_sys-resources/icon-note.gif) **Note:** + > If you run the `brctl addif br0 eth0` command through an SSH connection, the connection will be closed. You need to perform the following operations on iBMC to complete the VM network configuration. - ``` - # ifconfig eth0 0.0.0.0 +4. After eth0 is connected to the bridge, the IP address is not required. Set the IP address of eth0 to 0.0.0.0. + + ```shell + ifconfig eth0 0.0.0.0 ``` -5. Set the IP address of br0. - - If a DHCP server is available, set a dynamic IP address through the dhclient. +5. Set the IP address of br0. + - If a DHCP server is available, set a dynamic IP address through the dhclient. - ``` - # dhclient br0 + ```shell + dhclient br0 ``` - - If no DHCP server is available, configure a static IP address for br0. For example, set the static IP address to 192.168.1.2 and subnet mask to 255.255.255.0. + - If no DHCP server is available, configure a static IP address for br0. For example, set the static IP address to 192.168.1.2 and subnet mask to 255.255.255.0. - ``` - # ifconfig br0 192.168.1.2 netmask 255.255.255.0 + ```shell + ifconfig br0 192.168.1.2 netmask 255.255.255.0 ``` - - ### Setting Up an Open vSwitch Bridge The Open vSwitch bridge provides more convenient automatic orchestration capabilities. This section describes how to install network virtualization components to set up an Open vSwitch bridge. @@ -169,137 +185,118 @@ The Open vSwitch bridge provides more convenient automatic orchestration capabil If the Open vSwitch is used to provide virtual network, you need to install the Open vSwitch network virtualization component. -1. Install the Open vSwitch component. +1. Disable the SELinux.Otherwise ovsdb-server Manager can not work properly. - ``` - # yum install -y openvswitch-kmod - # yum install -y openvswitch + ```shell + setenforce 0 ``` -2. Start the Open vSwitch service. + To query whether SELinux is shut down successfully, you can refer to the following commands and information. - ``` - # systemctl start openvswitch + ```shell + $ cat /etc/selinux/config | grep -v ^# + SELINUX=disabled + SELINUXTYPE=targeted ``` +2. Install the Open vSwitch component. -**2. Check whether the installation is successful.** - -Check whether the Open vSwitch components, openvswitch-kmod and openvswitch, are successfully installed. + ```shell + yum install -y openvswitch + ``` -1. Check whether the openvswitch-kmod component is successfully installed. If the installation is successful, the software package information is displayed. The command and output are as follows: +3. Start the Open vSwitch service. + ```shell + service openvswitch start ``` - # rpm -qi openvswitch-kmod - Name : openvswitch-kmod - Version : 2.11.1 - Release : 1.oe3 - Architecture: aarch64 - Install Date: Thu 15 Aug 2019 05:07:49 PM CST - Group : System Environment/Daemons - Size : 15766774 - License : GPLv2 - Signature : (none) - Source RPM : openvswitch-kmod-2.11.1-1.oe3.src.rpm - Build Date : Thu 08 Aug 2019 04:33:08 PM CST - Build Host : armbuild10b175b113b44 - Relocations : (not relocatable) - Vendor : OpenSource Security Ralf Spenneberg - URL : http://www.openvswitch.org/ - Summary : Open vSwitch Kernel Modules - Description : - Open vSwitch provides standard network bridging functions augmented with - support for the OpenFlow protocol for remote per-flow control of - traffic. This package contains the kernel modules. - ``` -2. Check whether the openvswitch component is successfully installed. If the installation is successful, the software package information is displayed. The command and output are as follows: +Note: The ovn-controller-vtep.service service should be operated by Non-root user +**2. Check whether the installation is successful.** + +1. Check whether the openvswitch component is successfully installed. If the installation is successful, the software package information is displayed. The command and output are as follows: - ``` - # rpm -qi openvswitch - Name : openvswitch - Version : 2.11.1 - Release : 1 + ```shel + $ rpm -qi openvswitch + Name: openvswitch + Version : 2.12.0 + Release : 11.oe1 Architecture: aarch64 - Install Date: Thu 15 Aug 2019 05:08:35 PM CST - Group : System Environment/Daemons - Size : 6051185 - License : ASL 2.0 - Signature : (none) - Source RPM : openvswitch-2.11.1-1.src.rpm - Build Date : Thu 08 Aug 2019 05:24:46 PM CST - Build Host : armbuild10b247b121b105 - Relocations : (not relocatable) - Vendor : Nicira, Inc. - URL : http://www.openvswitch.org/ - Summary : Open vSwitch daemon/database/utilities + Install Date: Tue 08 Jun 2021 04:54:31 PM CST + Group: Unspecified + Size: 7456390 + License : ASL 2.0 and ISC + Signature : RSA/SHA1, Mon 07 Jun 2021 01:16:33 AM CST, Key ID d557065eb25e7f66 + Source RPM : openvswitch-2.12.0-11.oe1.src.rpm + Build Date : Mon 07 Jun 2021 01:15:34 AM CST + Build Host : obs-worker-0011 + Packager : http://openeuler.org + Vendor : http://openeuler.org + URL: http://www.openvswitch.org/ + Summary : Production Quality, Multilayer Open Virtual Switch Description : - Open vSwitch provides standard network bridging functions and - support for the OpenFlow protocol for remote per-flow control of - traffic. - ``` - -3. Check whether the Open vSwitch service is started successfully. If the service is in the **Active** state, the service is started successfully. You can use the command line tool provided by the Open vSwitch. The command and output are as follows: - - ``` - # systemctl status openvswitch - ● openvswitch.service - LSB: Open vSwitch switch - Loaded: loaded (/etc/rc.d/init.d/openvswitch; generated) - Active: active (running) since Sat 2019-08-17 09:47:14 CST; 4min 39s ago - Docs: man:systemd-sysv-generator(8) - Process: 54554 ExecStart=/etc/rc.d/init.d/openvswitch start (code=exited, status=0/SUCCESS) - Tasks: 4 (limit: 9830) - Memory: 22.0M + Open vSwitch is a production quality, multilayer virtual switch licensed under + the open source Apache 2.0 license. + ``` + +2. Check whether the Open vSwitch service is started successfully. If the service is in the **Active** state, the service is started successfully. You can use the command line tool provided by the Open vSwitch. The command and output are as follows: + + ```shell + $ service openvswitch status + Redirecting to /bin/systemctl status openvswitch.service + ● openvswitch.service - Open vSwitch + Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled; vendor preset: disabled) + Active: active (exited) since Wed 2021-06-16 16:45:41 CST; 17h ago + Process: 151652 ExecStart=/bin/true (code=exited, status=0/SUCCESS) + Main PID: 151652 (code=exited, status=0/SUCCESS) + Tasks: 0 + Memory: 0B CGroup: /system.slice/openvswitch.service - ├─54580 ovsdb-server: monitoring pid 54581 (healthy) - ├─54581 ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate> - ├─54602 ovs-vswitchd: monitoring pid 54603 (healthy) - └─54603 ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/open> - ``` + Jun 16 16:45:41 openEuler systemd[1]: Starting Open vSwitch... + Jun 16 16:45:41 openEuler systemd[1]: Started Open vSwitch. + ``` **3. Set up an Open vSwitch bridge** The following describes how to set up an Open vSwitch layer-1 bridge br0. -1. Create the Open vSwitch bridge br0. +1. Create the Open vSwitch bridge br0. - ``` - # ovs-vsctl add-br br0 + ```shell + ovs-vsctl add-br br0 ``` -2. Add the physical NIC eth0 to br0. +2. Add the physical NIC eth0 to br0. - ``` - # ovs-vsctl add-port br0 eth0 + ```shell + ovs-vsctl add-port br0 eth0 ``` -3. After eth0 is connected to the bridge, the IP address of eth0 is set to 0.0.0.0. +3. After eth0 is connected to the bridge, the IP address of eth0 is set to 0.0.0.0. - ``` - # ifconfig eth0 0.0.0.0 + ```shell + ifconfig eth0 0.0.0.0 ``` -4. Assign an IP address to OVS bridge br0. - - If a DHCP server is available, set a dynamic IP address through the dhclient. +4. Assign an IP address to OVS bridge br0. + - If a DHCP server is available, set a dynamic IP address through the dhclient. - ``` - # dhclient br0 + ```shell + dhclient br0 ``` - - If no DHCP server is available, configure a static IP address for br0, for example, 192.168.1.2. + - If no DHCP server is available, configure a static IP address for br0, for example, 192.168.1.2. + ```shell + ifconfig br0 192.168.1.2 ``` - # ifconfig br0 192.168.1.2 - ``` - - ## Preparing Boot Firmware ### Overview -The boot mode varies depending on the architecture. x86 servers support the Unified Extensible Firmware Interface \(UFEI\) and BIOS boot modes, and AArch64 servers support only the UFEI boot mode. By default, boot files corresponding to the BIOS mode have been installed on openEuler. No additional operations are required. This section describes how to install boot files corresponding to the UEFI mode. +The boot mode varies depending on the architecture. x86 servers support the Unified Extensible Firmware Interface \(UEFI\) and BIOS boot modes, and AArch64 servers support only the UEFI boot mode. By default, boot files corresponding to the BIOS mode have been installed on openEuler. No additional operations are required. This section describes how to install boot files corresponding to the UEFI mode. The Unified Extensible Firmware Interface \(UEFI\) is a new interface standard used for power-on auto check and OS boot. It is an alternative to the traditional BIOS. EDK II is a set of open source code that implements the UEFI standard. In virtualization scenarios, the EDK II tool set is used to start a VM in UEFI mode. Before using the EDK II tool, you need to install the corresponding software package before starting a VM. This section describes how to install the EDK II tool. @@ -307,31 +304,31 @@ The Unified Extensible Firmware Interface \(UEFI\) is a new interface standard u If the UEFI mode is used, the tool set EDK II needs to be installed. The installation package for the AArch64 architecture is **edk2-aarch64**, and that for the x86 architecture is **edk2-ovmf**. This section uses the AArch64 architecture as an example to describe the installation method. For the x86 architecture, you only need to replace **edk2-aarch64** with **edk2-ovmf**. -1. Run the following command to install the **edk** software package: +1. Run the following command to install the **edk** software package: In the AArch64 architecture, the **edk2** package name is **edk2-aarch64**. - ``` - # yum install -y edk2-aarch64 + ```shell + yum install -y edk2-aarch64 ``` In the x86\_64 architecture, the **edk2** package name is **edk2-ovmf**. - ``` - # yum install -y edk2-ovmf + ```shell + yum install -y edk2-ovmf ``` -2. Run the following command to check whether the **edk** software package is successfully installed: +2. Run the following command to check whether the **edk** software package is successfully installed: In the AArch64 architecture, the command is as follows: - ``` - # rpm -qi edk2-aarch64 + ```shell + rpm -qi edk2-aarch64 ``` If information similar to the following is displayed, the **edk** software package is successfully installed: - ``` + ```shell Name : edk2-aarch64 Version : 20180815gitcb5f4f45ce Release : 1.oe3 @@ -342,16 +339,64 @@ If the UEFI mode is used, the tool set EDK II needs to be installed. The install In the x86\_64 architecture, the command is as follows: - ``` - # rpm -qi edk2-ovmf + ```shell + rpm -qi edk2-ovmf ``` If information similar to the following is displayed, the **edk** software package is successfully installed: - ``` + ```text Name : edk2-ovmf Version : 201908 Release : 6.oe1 Architecture: noarch Install Date: Thu 19 Mar 2020 09:09:06 AM CST ``` + +## Configuring a Non-root User + +### Overview + +openEuler virtualization uses virsh to manage VMs. If you want to use the virsh commands to manage VMs as a non-root user, you need to perform related configurations before using the commands. This section provides the configuration guide. + +### Operation Guide + +To allow a non-root user to run the virsh commands to manage VMs, perform the following operations (replace **userName** in the following commands with the actual non-root user name): + +1. Log in to the host as the **root** user. + +2. Add the non-root user to the libvirt user group. + + ```shell + usermod -a -G libvirt userName + ``` + +3. Switch to the non-root user. + + ```shell + su userName + ``` + +4. Configure environment variables for the non-root user. Run the **vim** command to open the ~/.bashrc file: + + ```shell + vim ~/.bashrc + ``` + + Add the following content to the end of the file and save the file: + + ```shell + export LIBVIRT_DEFAULT_URI="qemu:///system" + ``` + + Run the following command for the configuration to take effect: + + ```shell + source ~/.bashrc + ``` + +5. Add the following content to the domain root element in the XML configuration file of the VM so that the qemu-kvm process can access the disk image files. + + ```xml + + ``` diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP1.png b/docs/en/docs/Virtualization/figures/CertEnrollP1.png new file mode 100644 index 0000000000000000000000000000000000000000..536e0618a3ab5b70937292205242a08237e34712 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP1.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP2.png b/docs/en/docs/Virtualization/figures/CertEnrollP2.png new file mode 100644 index 0000000000000000000000000000000000000000..0557c8782960188dbe9d84a1d0e66c9b45d2b303 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP2.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP3.png b/docs/en/docs/Virtualization/figures/CertEnrollP3.png new file mode 100644 index 0000000000000000000000000000000000000000..326fcf1e8d5e3c795ebcde286d8e0fef14bec7d1 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP3.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP4.png b/docs/en/docs/Virtualization/figures/CertEnrollP4.png new file mode 100644 index 0000000000000000000000000000000000000000..bc77c038e1e3a5ec30d7ba4f805ca937792e9327 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP4.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP5.png b/docs/en/docs/Virtualization/figures/CertEnrollP5.png new file mode 100644 index 0000000000000000000000000000000000000000..0f22b3cbd84f7c93f74898a926bc3e32f231667f Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP5.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP6.png b/docs/en/docs/Virtualization/figures/CertEnrollP6.png new file mode 100644 index 0000000000000000000000000000000000000000..08235013ca71f1ec51e9af2f143629d1a6132fe9 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP6.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP7.png b/docs/en/docs/Virtualization/figures/CertEnrollP7.png new file mode 100644 index 0000000000000000000000000000000000000000..f934521d59dd4a75449fcb2ca8abc54045b9102b Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP7.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP8.png b/docs/en/docs/Virtualization/figures/CertEnrollP8.png new file mode 100644 index 0000000000000000000000000000000000000000..9a8158e3378bf25dee05b892cc60f424542455d7 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP8.png differ diff --git a/docs/en/docs/Virtualization/figures/OSBootFlow.png b/docs/en/docs/Virtualization/figures/OSBootFlow.png new file mode 100644 index 0000000000000000000000000000000000000000..f496c5675c72359e5160384c766a11399b04bfa6 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/OSBootFlow.png differ diff --git a/docs/en/docs/Virtualization/figures/SecureBootFlow.png b/docs/en/docs/Virtualization/figures/SecureBootFlow.png new file mode 100644 index 0000000000000000000000000000000000000000..d639975800752c6eca6765a416c256a4752fb590 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/SecureBootFlow.png differ diff --git a/docs/en/docs/Virtualization/introduction-to-virtualization.md b/docs/en/docs/Virtualization/introduction-to-virtualization.md index 0abe43ba5f4a5d869f2c8a5c68cbac325d9a4f83..3f5d2703295e5a884a29591f8264709797d86d6d 100644 --- a/docs/en/docs/Virtualization/introduction-to-virtualization.md +++ b/docs/en/docs/Virtualization/introduction-to-virtualization.md @@ -4,24 +4,23 @@ In computer technologies, virtualization is a resource management technology. It abstracts various physical resources \(such as processors, memory, disks, and network adapters\) of a computer, converts the resources, and presents the resources for segmentation and combination into one or more computer configuration environments. This resource management technology breaks the inseparable barrier of the physical structure, and makes these resources not restricted by the architecture, geographical or physical configuration of the existing resources after virtualization. In this way, users can better leverage the computer hardware resources and maximize the resource utilization. -Virtualization enables multiple virtual machines \(VMs\) to run on a physical server. The VMs share the processor, memory, and I/O resources of the physical server, but are logically isolated from each other. In the virtualization technology, the physical server is called a host machine, the VM running on the host machine is called a guest, and the operating system \(OS\) running on the VM is called a guest OS. A layer of software, called the virtualization layer, exists between a host machine and a VM to simulate virtual hardware. This virtualization layer is called a VM monitor, as shown in the following figure. +Virtualization enables multiple virtual machines \(VMs\) to run on a physical server. The VMs share the processor, memory, and I/O device resources of the physical server, but are logically isolated from each other. In the virtualization technology, the physical server is called a host machine, the VM running on the host machine is called a guest, and the operating system \(OS\) running on the VM is called a guest OS. A layer of software, called the virtualization layer, exists between a host machine and a VM to simulate virtual hardware. This virtualization layer is called a VM monitor, as shown in the following figure. -**Figure 1** Virtualized architecture +**Figure 1** Virtualized architecture ![](./figures/virtualized-architecture.png "virtualized-architecture") ## Virtualized Architecture Currently, mainstream virtualization technologies are classified into two types based on the implementation structure of the Virtual Machine Monitor \(VMM\): -- Hypervisor model +- Hypervisor model In this model, VMM is considered as a complete operating system \(OS\) and has the virtualization function. VMM directly manages all physical resources, including processors, memory, and I/O devices. -- Host model +- Host model In this model, physical resources are managed by a host OS, which is a traditional OS, such as Linux and Windows. The host OS does not provide the virtualization capability. The VMM that provides the virtualization capability runs on the host OS as a driver or software of the system. The VMM invokes the host OS service to obtain resources and simulate the processor, memory, and I/O devices. The virtualization implementation of this model includes KVM and Virtual Box. - Kernel-based Virtual Machine \(KVM\) is a kernel module of Linux. It makes Linux a hypervisor. [Figure 2](#fig310953013541) shows the KVM architecture. KVM does not simulate any hardware device. It is used to enable virtualization capabilities provided by the hardware, such as Intel VT-x, AMD-V, Arm virtualization extensions. The user-mode QEMU simulates the mainboard, memory, and I/O devices. The user-mode QEMU works with the kernel KVM module to simulate VM hardware. The guest OS runs on the hardware simulated by the QEMU and KVM. **Figure 2** KVM architecture @@ -31,60 +30,51 @@ Kernel-based Virtual Machine \(KVM\) is a kernel module of Linux. It makes Linux Virtualization components provided in the openEuler software package: -- KVM: provides the core virtualization infrastructure to make the Linux system a hypervisor. Multiple VMs can run on the same host at the same time. -- QEMU: simulates a processor and provides a set of device models to work with KVM to implement hardware-based virtualization simulation acceleration. -- Libvirt: provides a tool set for managing VMs, including unified, stable, and open application programming interfaces \(APIs\), daemon process \(libvirtd\), and default command line management tool \(virsh\). -- Open vSwitch: provides a virtual network tool set for VMs, supports programming extension and standard management interfaces and protocols \(such as NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, and 802.1ag\). +- KVM: provides the core virtualization infrastructure to make the Linux system a hypervisor. Multiple VMs can run on the same host at the same time. +- QEMU: simulates a processor and provides a set of device models to work with KVM to implement hardware-based virtualization simulation acceleration. +- Libvirt: provides a tool set for managing VMs, including unified, stable, and open application programming interfaces \(APIs\), daemon process \(libvirtd\), and default command line management tool \(virsh\). +- Open vSwitch: provides a virtual network tool set for VMs, supports programming extension and standard management interfaces and protocols \(such as NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, and 802.1ag\). ## Virtualization Characteristics Virtualization has the following characteristics: -- Partition +- Partition Virtualization can logically divide software on a physical server to run multiple VMs \(virtual servers\) with different specifications. - -- Isolation +- Isolation Virtualization can simulate virtual hardware and provide hardware conditions for VMs to run complete OSs. The OSs of each VM are independent and isolated from each other. For example, if the OS of a VM breaks down due to a fault or malicious damage, the OSs and applications of other VMs are not affected. - -- Encapsulation +- Encapsulation Encapsulation is performed on a per VM basis. The excellent encapsulation capability makes VMs more flexible than physical machines. Functions such as live migration, snapshot, and cloning of VMs can be realized, implementing quick deployment and automatic O&M of data centers. - -- Hardware-irrelevant +- Hardware-irrelevant After being abstracted by the virtualization layer, VMs are not directly bound to underlying hardware and can run on other servers without being modified. - ## Virtualization Advantages Virtualization brings the following benefits to infrastructure of the data center: -- Flexibility and scalability +- Flexibility and scalability Users can dynamically allocate and reclaim resources based to meet dynamic service requirements. In addition, users can plan different VM specifications based on product requirements and adjust the scale without changing the physical resource configuration. - -- Higher availability and better O&M methods +- Higher availability and better O&M methods Virtualization provides O&M methods such as live migration, snapshot, live upgrade, and automatic DR. Physical resources can be deleted, upgraded, or changed without affecting users, improving service continuity and implementing automatic O&M. - -- Security hardening +- Security hardening Virtualization provides OS-level isolation and hardware-based processor operation privilege-level control. Compared with simple sharing mechanisms, virtualization provides higher security and implements controllable and secure access to data and services. - -- High resource utilization +- High resource utilization Virtualization supports dynamic sharing of physical resources and resource pools, improving resource utilization. - ## openEuler Virtualization openEuler provides KVM virtualization components that support the AArch64 and x86\_64 processor architectures. - diff --git a/docs/en/docs/Virtualization/managing-devices.md b/docs/en/docs/Virtualization/managing-devices.md index 5a99b0e168c3ce88a5b09cb4544d46c4333a7d4f..2876533b516bce5c8bbe33d951405bb7ef7ee558 100644 --- a/docs/en/docs/Virtualization/managing-devices.md +++ b/docs/en/docs/Virtualization/managing-devices.md @@ -1,34 +1,20 @@ # Managing Devices -- [Managing Devices](#managing-devices) - - [Configuring a PCIe Controller for a VM](#configuring-a-pcie-controller-for-a-vm) - - [Managing Virtual Disks](#managing-virtual-disks) - - [Managing vNICs](#managing-vnics) - - [Configuring a Virtual Serial Port](#configuring-a-virtual-serial-port) - - [Managing Device Passthrough](#managing-device-passthrough) - - [PCI Passthrough](#pci-passthrough) - - [SR-IOV Passthrough](#sr-iov-passthrough) - - [Managing VM USB](#managing-vm-usb) - - [Configuring USB Controllers](#configuring-usb-controllers) - - [Configuring a USB Passthrough Device](#configuring-a-usb-passthrough-device) - - [Storing Snapshots](#storing-snapshots) - - ## Configuring a PCIe Controller for a VM ### Overview -Thr NIC, disk controller, and PCIe pass-through devices in a VM must be mounted to a PCIe root port. Each root port corresponds to a PCIe slot. The devices mounted to the root port support hot swap, but the root port does not support hot swap. Therefore, users need to consider the hot swap requirements and plan the maximum number of PCIe root ports reserved for the VM. Before the VM is started, the root port is statically configured. +The NIC, disk controller, and PCIe pass-through devices in a VM must be mounted to a PCIe root port. Each root port corresponds to a PCIe slot. The devices mounted to the root port support hot swap, but the root port does not support hot swap. Therefore, users need to consider the hot swap requirements and plan the maximum number of PCIe root ports reserved for the VM. Before the VM is started, the root port is statically configured. ### Configuring the PCIe Root, PCIe Root Port, and PCIe-PCI-Bridge The VM PCIe controller is configured using the XML file. The **model** corresponding to PCIe root, PCIe root port, and PCIe-PCI-bridge in the XML file are **pcie-root**, **pcie-root-port**, and **pcie-to-pci-bridge**, respectively. -- Simplified configuration method +- Simplified configuration method Add the following contents to the XML file of the VM. Other attributes of the controller are automatically filled by libvirt. - ``` + ```xml @@ -39,11 +25,11 @@ The VM PCIe controller is configured using the XML file. The **model** corresp The **pcie-root** and **pcie-to-pci-bridge** occupy one **index** respectively. Therefore, the final **index** is the number of required **root ports + 1**. -- Complete configuration method +- Complete configuration method Add the following contents to the XML file of the VM: - ``` + ```xml @@ -64,38 +50,37 @@ The VM PCIe controller is configured using the XML file. The **model** corresp In the preceding contents: - - The **chassis** and **port** attributes of the root port must be in ascending order. Because a PCIe-PCI-bridge is inserted in the middle, the **chassis** number skips **2**, but the **port** numbers are still consecutive. - - The **address function** of the root port ranges from **0\*0** to **0\*7**. - - A maximum of eight functions can be mounted to each slot. When the slot is full, the slot number increases. + - The **chassis** and **port** attributes of the root port must be in ascending order. Because a PCIe-PCI-bridge is inserted in the middle, the **chassis** number skips **2**, but the **port** numbers are still consecutive. + - The **address function** of the root port ranges from **0\*0** to **0\*7**. + - A maximum of eight functions can be mounted to each slot. When the slot is full, the slot number increases. The complete configuration method is complex. Therefore, the simplified one is recommended. - ## Managing Virtual Disks ### Overview Virtual disk types include virtio-blk, virtio-scsi, and vhost-scsi. virtio-blk simulates a block device, and virtio-scsi and vhost-scsi simulate SCSI devices. -- virtio-blk: It can be used for common system disk and data disk. In this configuration, the virtual disk is presented as **vd\[a-z\]** or **vd\[a-z\]\[a-z\]** in the VM. -- virtio-scsi: It is recommended for common system disk and data disk. In this configuration, the virtual disk is presented as **sd\[a-z\]** or **sd\[a-z\]\[a-z\]** in the VM. -- vhost-scsi: It is recommended for the virtual disk that has high performance requirements. In this configuration, the virtual disk is presented as **sd\[a-z\]** or **sd\[a-z\]\[a-z\]** on the VM. +- virtio-blk: It can be used for common system disk and data disk. In this configuration, the virtual disk is presented as **vd\[a-z\]** or **vd\[a-z\]\[a-z\]** in the VM. +- virtio-scsi: It is recommended for common system disk and data disk. In this configuration, the virtual disk is presented as **sd\[a-z\]** or **sd\[a-z\]\[a-z\]** in the VM. +- vhost-scsi: It is recommended for the virtual disk that has high performance requirements. In this configuration, the virtual disk is presented as **sd\[a-z\]** or **sd\[a-z\]\[a-z\]** on the VM. ### Procedure -For details about how to configure a virtual disk, see [3.2.4.1 Storage Devices](#storage-devices). This section uses the virtio-scsi disk as an example to describe how to attach and detach a virtual disk. +For details about how to configure a virtual disk, see **VM Configuration** > **Network Devices**. This section uses the virtio-scsi disk as an example to describe how to attach and detach a virtual disk. -- Attach a virtio-scsi disk. +- Attach a virtio-scsi disk. Run the **virsh attach-device** command to attach the virtio-scsi virtual disk. - ``` - # virsh attach-device + ```shell + virsh attach-device ``` The preceding command can be used to attach a disk to a VM online. The disk information is specified in the **attach-device.xml** file. The following is an example of the **attach-device.xml** file: - ``` + ```xml ### attach-device.xml ### @@ -108,17 +93,16 @@ For details about how to configure a virtual disk, see [3.2.4.1 Storage Devices The disk attached by running the preceding commands becomes invalid after the VM is shut down and restarted. If you need to permanently attach a virtual disk to a VM, run the **virsh attach-device** command with the **--config** parameter. -- Detach a virtio-scsi disk. +- Detach a virtio-scsi disk. If a disk attached online is no longer used, run the **virsh detach** command to dynamically detach it. - ``` - # virsh detach-device + ```shell + virsh detach-device ``` **detach-device.xml** specifies the XML information of the disk to be detached, which must be the same as the XML information during dynamic attachment. - ## Managing vNICs ### Overview @@ -127,19 +111,19 @@ The vNIC types include virtio-net, vhost-net, and vhost-user. After creating a V ### Procedure -For details about how to configure a virtual NIC, see [3.2.4.2 Network Devices](#network-device). This section uses the vhost-net NIC as an example to describe how to attach and detach a vNIC. +For details about how to configure a virtual NIC, see [3.2.4.2 Network Devices](./vm-configuration.md#network-devices). This section uses the vhost-net NIC as an example to describe how to attach and detach a vNIC. -- Attach the vhost-net NIC. +- Attach the vhost-net NIC. Run the **virsh attach-device** command to attach the vhost-net vNIC. - ``` - # virsh attach-device + ```shell + virsh attach-device ``` The preceding command can be used to attach a vhost-net NIC to a running VM. The NIC information is specified in the **attach-device.xml** file. The following is an example of the **attach-device.xml** file: - ``` + ```xml ### attach-device.xml ### @@ -152,17 +136,16 @@ For details about how to configure a virtual NIC, see [3.2.4.2 Network Devices] The vhost-net NIC attached using the preceding commands becomes invalid after the VM is shut down and restarted. If you need to permanently attach a vNIC to a VM, run the **virsh attach-device** command with the **--config** parameter. -- Detach the vhost-net NIC. +- Detach the vhost-net NIC. If a NIC attached online is no longer used, run the **virsh detach** command to dynamically detach it. - ``` - # virsh detach-device + ```shell + virsh detach-device ``` **detach-device.xml** specifies the XML information of the vNIC to be detached, which must be the same as the XML information during dynamic attachment. - ## Configuring a Virtual Serial Port ### Overview @@ -173,9 +156,9 @@ In a virtualization environment, VMs and host machines need to communicate with The Linux VM serial port console is a pseudo terminal device connected to the host machine through the serial port of the VM. It implements interactive operations on the VM through the host machine. In this scenario, the serial port needs to be configured in the pty type. This section describes how to configure a pty serial port. -- Add the following virtual serial port configuration items under the **devices** node in the XML configuration file of the VM: +- Add the following virtual serial port configuration items under the **devices** node in the XML configuration file of the VM: - ``` + ```xml @@ -183,19 +166,18 @@ The Linux VM serial port console is a pseudo terminal device connected to the ho ``` -- Run the **virsh console** command to connect to the pty serial port of the running VM. +- Run the **virsh console** command to connect to the pty serial port of the running VM. - ``` - # virsh console + ```shell + virsh console ``` -- To ensure that no serial port message is missed, use the **--console** option to connect to the serial port when starting the VM. +- To ensure that no serial port message is missed, use the **--console** option to connect to the serial port when starting the VM. - ``` - # virsh start --console + ```shell + virsh start --console ``` - ## Managing Device Passthrough The device passthrough technology enables VMs to directly access physical devices. The I/O performance of VMs can be improved in this way. @@ -206,7 +188,7 @@ Currently, the VFIO passthrough is used. It can be classified into PCI passthrou PCI passthrough directly assigns a physical PCI device on the host to a VM. The VM can directly access the device. PCI passthrough uses the VFIO device passthrough mode. The PCI passthrough configuration file in XML format for a VM is as follows: -``` +```xml @@ -219,7 +201,6 @@ PCI passthrough directly assigns a physical PCI device on the host to a VM. The **Table 1** Device configuration items for PCI passthrough -

Return Value

@@ -2739,21 +2732,21 @@ The API is used to query the information about a specified image. #### PullImage -#### Prototype +##### Prototype -``` +```shell rpc PullImage(PullImageRequest) returns (PullImageResponse) {} ``` -#### Description +##### Description This API is used to download images. -#### Precautions +##### Precautions Currently, you can download public images, and use the username, password, and auth information to download private images. The **server\_address**, **identity\_token**, and **registry\_token** fields in **authconfig** cannot be configured. -#### Parameters +##### Parameters

Parameter

@@ -2779,7 +2772,7 @@ Currently, you can download public images, and use the username, password, and a
-#### Return Values +##### Return Values -

Return Value

@@ -2797,21 +2790,21 @@ Currently, you can download public images, and use the username, password, and a #### RemoveImage -#### Prototype +##### Prototype -``` +```shell rpc RemoveImage(RemoveImageRequest) returns (RemoveImageResponse) {} ``` -#### Description +##### Description This API is used to delete specified images. -#### Precautions +##### Precautions This is a unified API. Since embedded images do not comply with the OCI image specifications and do not contain required fields, you cannot delete embedded images by using this API and the image ID. -#### Parameters +##### Parameters

Parameter

@@ -2827,31 +2820,31 @@ This is a unified API. Since embedded images do not comply with the OCI image sp
-#### Return Values +##### Return Values None #### ImageFsInfo -#### Prototype +##### Prototype -``` +```shell rpc ImageFsInfo(ImageFsInfoRequest) returns (ImageFsInfoResponse) {} ``` -#### Description +##### Description This API is used to query the information about the file system that stores images. -#### Precautions +##### Precautions Queried results are the file system information in the image metadata. -#### Parameters +##### Parameters None -#### Return Values +##### Return Values - - - - -

Return Value

@@ -2869,32 +2862,32 @@ None ### Constraints -1. If **log\_directory** is configured in the **PodSandboxConfig** parameter when a sandbox is created, **log\_path** must be specified in **ContainerConfig** when all containers that belong to the sandbox are created. Otherwise, the containers may not be started or deleted by using the CRI. +1. If **log\_directory** is configured in the **PodSandboxConfig** parameter when a sandbox is created, **log\_path** must be specified in **ContainerConfig** when all containers that belong to the sandbox are created. Otherwise, the containers may not be started or deleted by using the CRI. The actual value of **LOGPATH** of containers is **log\_directory/log\_path**. If **log\_path** is not set, the final value of **LOGPATH** is changed to **log\_directory**. - - If the path does not exist, iSulad will create a soft link pointing to the actual path of container logs when starting a container. Then **log\_directory** becomes a soft link. There are two cases: - 1. In the first case, if **log\_path** is not configured for other containers in the sandbox, **log\_directory** will be deleted and point to **log\_path** of the newly started container. As a result, logs of the first started container point to logs of the later started container. - 2. In the second case, if **log\_path** is configured for other containers in the sandbox, the value of **LOGPATH** of the container is **log\_directory/log\_path**. Because **log\_directory** is a soft link, the creation fails when **log\_directory/log\_path** is used as the soft link to point to the actual path of container logs. + - If the path does not exist, iSulad will create a soft link pointing to the actual path of container logs when starting a container. Then **log\_directory** becomes a soft link. There are two cases: + 1. In the first case, if **log\_path** is not configured for other containers in the sandbox, **log\_directory** will be deleted and point to **log\_path** of the newly started container. As a result, logs of the first started container point to logs of the later started container. + 2. In the second case, if **log\_path** is configured for other containers in the sandbox, the value of **LOGPATH** of the container is **log\_directory/log\_path**. Because **log\_directory** is a soft link, the creation fails when **log\_directory/log\_path** is used as the soft link to point to the actual path of container logs. - - If the path exists, iSulad will attempt to delete the path \(non-recursive\) when starting a container. If the path is a folder path containing content, the deletion fails. As a result, the soft link fails to be created, the container fails to be started, and the same error occurs when the container is going to be deleted. + - If the path exists, iSulad will attempt to delete the path \(non-recursive\) when starting a container. If the path is a folder path containing content, the deletion fails. As a result, the soft link fails to be created, the container fails to be started, and the same error occurs when the container is going to be deleted. -2. If **log\_directory** is configured in the **PodSandboxConfig** parameter when a sandbox is created, and **log\_path** is specified in **ContainerConfig** when a container is created, the final value of **LOGPATH** is **log\_directory/log\_path**. iSulad does not recursively create **LOGPATH**, therefore, you must ensure that **dirname\(LOGPATH\)** exists, that is, the upper-level path of the final log file path exists. -3. If **log\_directory** is configured in the **PodSandboxConfig** parameter when a sandbox is created, and the same **log\_path** is specified in **ContainerConfig** when multiple containers are created, or if containers in different sandboxes point to the same **LOGPATH**, the latest container log path will overwrite the previous path after the containers are started successfully. -4. If the image content in the remote registry changes and the original image is stored in the local host, the name and tag of the original image are changed to **none** when you call the CRI Pull image API to download the image again. +2. If **log\_directory** is configured in the **PodSandboxConfig** parameter when a sandbox is created, and **log\_path** is specified in **ContainerConfig** when a container is created, the final value of **LOGPATH** is **log\_directory/log\_path**. iSulad does not recursively create **LOGPATH**, therefore, you must ensure that **dirname\(LOGPATH\)** exists, that is, the upper-level path of the final log file path exists. +3. If **log\_directory** is configured in the **PodSandboxConfig** parameter when a sandbox is created, and the same **log\_path** is specified in **ContainerConfig** when multiple containers are created, or if containers in different sandboxes point to the same **LOGPATH**, the latest container log path will overwrite the previous path after the containers are started successfully. +4. If the image content in the remote registry changes and the original image is stored in the local host, the name and tag of the original image are changed to **none** when you call the CRI Pull image API to download the image again. An example is as follows: Locally stored images: - ``` + ```console IMAGE TAG IMAGE ID SIZE rnd-dockerhub.huawei.com/pproxyisulad/test latest 99e59f495ffaa 753kB ``` After the **rnd-dockerhub.huawei.com/pproxyisulad/test:latest** image in the remote registry is updated and downloaded again: - ``` + ```console IMAGE TAG IMAGE ID SIZE 99e59f495ffaa 753kB rnd-dockerhub.huawei.com/pproxyisulad/test latest d8233ab899d41 1.42MB @@ -2902,10 +2895,8 @@ None Run the **isula images** command. The value of **REF** is displayed as **-**. - ``` + ```console REF IMAGE ID CREATED SIZE rnd-dockerhub.huawei.com/pproxyisulad/test:latest d8233ab899d41 2019-02-14 19:19:37 1.42MB - 99e59f495ffaa 2016-05-04 02:26:41 753kB ``` - - diff --git a/docs/en/docs/Container/dynamically-loading-the-kernel-module.md b/docs/en/docs/Container/dynamically-loading-the-kernel-module.md index 7c1458075e1501d1422440e86b86ad3f3512467d..8ac53cd57141665d244d5913dcb099f73ec82eea 100644 --- a/docs/en/docs/Container/dynamically-loading-the-kernel-module.md +++ b/docs/en/docs/Container/dynamically-loading-the-kernel-module.md @@ -1,7 +1,4 @@ -Dynamically Loading the Kernel Module - -- [Dynamically Loading the Kernel Module](#dynamically-loading-the-kernel-module) - +# Dynamically Loading the Kernel Module ## Function Description diff --git a/docs/en/docs/Container/figures/isula-build_arch.png b/docs/en/docs/Container/figures/isula-build_arch.png index 911a9ae6f46988586ab49f15de282948f5470c37..f92f15085820ce824bc2ca60ff7d6d25e95f1402 100644 Binary files a/docs/en/docs/Container/figures/isula-build_arch.png and b/docs/en/docs/Container/figures/isula-build_arch.png differ diff --git a/docs/en/docs/Container/image-management-1.md b/docs/en/docs/Container/image-management-1.md index 31f4cf824ada16d011168db5107e020df3e3bed9..c6f81700f23e6287416b906e5cc0cccd925d7b02 100644 --- a/docs/en/docs/Container/image-management-1.md +++ b/docs/en/docs/Container/image-management-1.md @@ -1,9 +1,9 @@ # Image Management -- [Image Management](#image-management-1) - - [Creating an Image](#creating-an-image) - - [Viewing Images](#viewing-images) - - [Deleting Images](#deleting-images) +- [Image Management](#image-management) + - [Creating an Image](#creating-an-image) + - [Viewing Images](#viewing-images) + - [Deleting Images](#deleting-images) ## Creating an Image @@ -55,5 +55,5 @@ docker images ### Precautions -Do not run the **docker rmi –f **_XXX_ command to delete images. If you forcibly delete an image, the **docker rmi** command ignores errors during the process, which may cause residual metadata of containers or images. If you delete an image in common mode and an error occurs during the deletion process, the deletion fails and no metadata remains. +Do not run the **docker rmi -f **_XXX_ command to delete images. If you forcibly delete an image, the **docker rmi** command ignores errors during the process, which may cause residual metadata of containers or images. If you delete an image in common mode and an error occurs during the deletion process, the deletion fails and no metadata remains. diff --git a/docs/en/docs/Container/image-management-2.md b/docs/en/docs/Container/image-management-2.md index 2d7fa0077fa033caef470e3291f83ad279d39091..0e5c6047d913d7f0a23ae591a17ff10ffe6a872b 100644 --- a/docs/en/docs/Container/image-management-2.md +++ b/docs/en/docs/Container/image-management-2.md @@ -16,10 +16,6 @@ - [tag](#tag) -   - - - ## build Syntax: **docker build \[**_options_**\]** _path_ **|** _URL_ **| -** diff --git a/docs/en/docs/Container/image-management.md b/docs/en/docs/Container/image-management.md index 415f012bbd0b035529ebe1d1302946cb29a96804..2047b9a5f211890c5757ee506395cc4228c630c3 100644 --- a/docs/en/docs/Container/image-management.md +++ b/docs/en/docs/Container/image-management.md @@ -11,17 +11,13 @@ - [Inspecting Images](#inspecting-images) - [Two-Way Authentication](#two-way-authentication) - [Embedded Image Management](#embedded-image-management) - - [Loading Images](#loading-images-3) - - [Listing Images](#listing-images-4) - - [Inspecting Images](#inspecting-images-5) - - [Deleting Images](#deleting-images-6) - + - [Loading Images](#loading-images-1) + - [Listing Images](#listing-images-1) + - [Inspecting Images](#inspecting-images-1) + - [Deleting Images](#deleting-images-1) ## Docker Image Management - - - ### Logging In to a Registry #### Description @@ -30,17 +26,17 @@ The **isula login** command is run to log in to a registry. After successful l #### Usage -``` +```shell isula login [OPTIONS] SERVER ``` #### Parameters -For details about parameters in the **login** command, see [Table 1](#command-line-parameters.md#en-us_topic_0189976507_table2711184314112). +For details about parameters in the **login** command, see [Table 1](./appendix.md#en-us_topic_0189976507_table2711184314112). #### Example -``` +```shell $ isula login -u abc my.csp-edge.com:5000 Login Succeeded @@ -54,17 +50,17 @@ The **isula logout** command is run to log out of a registry. If you run the #### Usage -``` +```shell isula logout SERVER ``` #### Parameters -For details about parameters in the **logout** command, see [Table 2](#command-line-parameters.md#en-us_topic_0189976507_table184058282137). +For details about parameters in the **logout** command, see [Table 2](./appendix.md#en-us_topic_0189976507_table184058282137). #### Example -``` +```shell $ isula logout my.csp-edge.com:5000 Logout Succeeded ``` @@ -77,17 +73,17 @@ Pull images from a registry to the local host. #### Usage -``` -isula pull [OPTIONS] NAME[:TAG|@DIGEST] +```shell +isula pull [OPTIONS] NAME[:TAG] ``` #### Parameters -For details about parameters in the **pull** command, see [Table 3](#command-line-parameters.md#en-us_topic_0189976507_table157501230181515). +For details about parameters in the **pull** command, see [Table 3](./appendix.md#en-us_topic_0189976507_table157501230181515). #### Example -``` +```shell $ isula pull localhost:5000/official/busybox Image "localhost:5000/official/busybox" pulling Image "localhost:5000/official/busybox@sha256:bf510723d2cd2d4e3f5ce7e93bf1e52c8fd76831995ac3bd3f90ecc866643aff" pulled @@ -101,17 +97,17 @@ Delete one or more images. #### Usage -``` +```shell isula rmi [OPTIONS] IMAGE [IMAGE...] ``` #### Parameters -For details about parameters in the **rmi** command, see [Table 4](#command-line-parameters.md#en-us_topic_0189976507_table856181871617). +For details about parameters in the **rmi** command, see [Table 4](./appendix.md#en-us_topic_0189976507_table856181871617). #### Example -``` +```shell $ isula rmi rnd-dockerhub.huawei.com/official/busybox Image "rnd-dockerhub.huawei.com/official/busybox" removed ``` @@ -124,17 +120,17 @@ Load images from a .tar package. The .tar package must be exported by using the #### Usage -``` +```shell isula load [OPTIONS] ``` #### Parameters -For details about parameters in the **load** command, see [Table 5](#command-line-parameters.md#en-us_topic_0189976507_table99761512187). +For details about parameters in the **load** command, see [Table 5](./appendix.md#en-us_topic_0189976507_table99761512187). #### Example -``` +```shell $ isula load -i busybox.tar Load image from "/root/busybox.tar" success ``` @@ -147,17 +143,17 @@ List all images in the current environment. #### Usage -``` +```shell isula images ``` #### Parameters -For details about parameters in the **images** command, see [Table 6](#command-line-parameters.md#en-us_topic_0189976507_table1698717275206). +For details about parameters in the **images** command, see [Table 6](./appendix.md#en-us_topic_0189976507_table1698717275206). #### Example -``` +```shell $ isula images REF IMAGE ID CREATED SIZE rnd-dockerhub.huawei.com/official/busybox:latest e4db68de4ff2 2019-06-15 08:19:54 1.376 MB @@ -171,17 +167,17 @@ After the configuration information of an image is returned, you can use the ** #### Usage -``` +```shell isula inspect [options] CONTAINER|IMAGE [CONTAINER|IMAGE...] ``` #### Parameters -For details about parameters in the **inspect** command, see [Table 7](#command-line-parameters.md#en-us_topic_0189976507_table73237211516). +For details about parameters in the **inspect** command, see [Table 7](./appendix.md#en-us_topic_0189976507_table73237211516). #### Example -``` +```shell $ isula inspect -f "{{json .image.id}}" rnd-dockerhub.huawei.com/official/busybox "e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b" ``` @@ -196,19 +192,18 @@ After this function is enabled, iSulad and image repositories communicate over H The corresponding registry needs to support this function and iSulad needs to be configured as follows: -1. Modify iSulad configuration \(default path: **/etc/isulad/daemon.json**\) and set **use-decrypted-key** to **false**. -2. Place related certificates in the folder named after the registry in the **/etc/isulad/certs.d** directory. For details about how to generate certificates, visit the official Docker website: - - [https://docs.docker.com/engine/security/certificates/](https://docs.docker.com/engine/security/certificates/) - - [https://docs.docker.com/engine/security/https/](https://docs.docker.com/engine/security/https/) - +1. Modify iSulad configuration \(default path: **/etc/isulad/daemon.json**\) and set **use-decrypted-key** to **false**. +2. Place related certificates in the folder named after the registry in the **/etc/isulad/certs.d** directory. For details about how to generate certificates, visit the official Docker website: + - [https://docs.docker.com/engine/security/certificates/](https://docs.docker.com/engine/security/certificates/) + - [https://docs.docker.com/engine/security/https/](https://docs.docker.com/engine/security/https/) -1. Run the **systemctl restart isulad** command to restart iSulad. +3. Run the **systemctl restart isulad** command to restart iSulad. #### Parameters Parameters can be configured in the **/etc/isulad/daemon.json** file or carried when iSulad is started. -``` +```shell isulad --use-decrypted-key=false ``` @@ -216,7 +211,7 @@ isulad --use-decrypted-key=false Set **use-decrypted-key** to **false**. -``` +```shell $ cat /etc/isulad/daemon.json { "group": "isulad", @@ -245,7 +240,6 @@ $ cat /etc/isulad/daemon.json "rnd-dockerhub.huawei.com" ], "pod-sandbox-image": "", - "image-opt-timeout": "5m", "native.umask": "secure", "network-plugin": "", "cni-bin-dir": "", @@ -258,7 +252,7 @@ $ cat /etc/isulad/daemon.json Place the certificate in the corresponding directory. -``` +```shell $ pwd /etc/isulad/certs.d/my.csp-edge.com:5000 $ ls @@ -267,13 +261,13 @@ ca.crt tls.cert tls.key Restart iSulad. -``` -$ systemctl restart isulad +```shell +systemctl restart isulad ``` Run the **pull** command to download images from the registry: -``` +```shell $ isula pull my.csp-edge.com:5000/busybox Image "my.csp-edge.com:5000/busybox" pulling Image "my.csp-edge.com:5000/busybox@sha256:f1bdc62115dbfe8f54e52e19795ee34b4473babdeb9bc4f83045d85c7b2ad5c0" pulled @@ -289,17 +283,17 @@ Load images based on the **manifest** files of embedded images. The value of #### Usage -``` +```shell isula load [OPTIONS] --input=FILE --type=TYPE ``` #### Parameters -For details about parameters in the **load** command, see [Table 5](#command-line-parameters.md#en-us_topic_0189976507_table99761512187). +For details about parameters in the **load** command, see [Table 5](./appendix.md#en-us_topic_0189976507_table99761512187). #### Example -``` +```shell $ isula load -i test.manifest --type embedded Load image from "/root/work/bugfix/tmp/ci_testcase_data/embedded/img/test.manifest" success ``` @@ -312,17 +306,17 @@ List all images in the current environment. #### Usage -``` +```shell isula images [OPTIONS] ``` #### Parameters -For details about parameters in the **images** command, see [Table 6](#command-line-parameters.md#en-us_topic_0189976507_table1698717275206). +For details about parameters in the **images** command, see [Table 6](./appendix.md#en-us_topic_0189976507_table1698717275206). #### Example -``` +```shell $ isula images REF IMAGE ID CREATED SIZE test:v1 9319da1f5233 2018-03-01 10:55:44 1.273 MB @@ -336,17 +330,17 @@ After the configuration information of an image is returned, you can use the ** #### Usage -``` +```shell isula inspect [options] CONTAINER|IMAGE [CONTAINER|IMAGE...] ``` #### Parameters -For details about parameters in the **inspect** command, see [Table 7](#command-line-parameters.md#en-us_topic_0189976507_table73237211516). +For details about parameters in the **inspect** command, see [Table 7](./appendix.md#en-us_topic_0189976507_table73237211516). #### Example -``` +```shell $ isula inspect -f "{{json .created}}" test:v1 "2018-03-01T15:55:44.322987811Z" ``` @@ -359,18 +353,17 @@ Delete one or more images. #### Usage -``` +```shell isula rmi [OPTIONS] IMAGE [IMAGE...] ``` #### Parameters -For details about parameters in the **rmi** command, see [Table 4](#command-line-parameters.md#en-us_topic_0189976507_table856181871617). +For details about parameters in the **rmi** command, see [Table 4](./appendix.md#en-us_topic_0189976507_table856181871617). #### Example -``` +```shell $ isula rmi test:v1 Image "test:v1" removed ``` - diff --git a/docs/en/docs/Container/installation-and-deployment-1.md b/docs/en/docs/Container/installation-and-deployment-1.md deleted file mode 100644 index fc7f9f9add7f8efce8ea207abc9b81a383bd427b..0000000000000000000000000000000000000000 --- a/docs/en/docs/Container/installation-and-deployment-1.md +++ /dev/null @@ -1,126 +0,0 @@ -# Installation and Deployment - -- [Installation and Deployment](#installation-and-deployment-1) - - [Installation Methods](#installation-methods-26) - - [Deployment Configuration](#deployment-configuration-27) - - [Configuring the Docker Engine](#configuring-the-docker-engine) - - [iSulad Configuration](#isulad-configuration) - - [Configuration.toml](#configuration-toml) - - -## Installation Methods - -### Prerequisites - -- For better performance experience, a secure container needs to run on the bare metal server and must not run on VMs. -- A secure container depends on the following components \(openEuler 1.0 version\). Ensure that the required components have been installed in the environment. To install iSulad, refer to [Installation Methods](#installation-methods.md). - - docker-engine - - qemu - - -### Installation Procedure - -Released secure container components are integrated in the **kata-containers-**_version_**.rpm** package. You can run the **rpm** command to install the corresponding software. - -``` -rpm -ivh kata-containers-.rpm -``` - -## Deployment Configuration - -### Configuring the Docker Engine - -To enable the Docker engine to support kata-runtime, perform the following steps to configure the Docker engine: - -1. Ensure that all software packages \(**docker-engine** and **kata-containers**\) have been installed in the environment. -2. Stop the Docker engine. - - ``` - systemctl stop docker - ``` - -3. Modify the configuration file **/etc/docker/daemon.json** of the Docker engine and add the following configuration: - - ``` - { - "runtimes": { - "kata-runtime": { - "path": "/usr/bin/kata-runtime", - "runtimeArgs": [ - "--kata-config", - "/usr/share/defaults/kata-containers/configuration.toml" - ] - } - } - } - ``` - -4. Restart the Docker engine. - - ``` - systemctl start docker - ``` - - -### iSulad Configuration - -To enable the iSulad to support the new container runtime kata-runtime, perform the following steps which are similar to those for the container engine docker-engine: - -1. Ensure that all software packages \(iSulad and kata-containers\) have been installed in the environment. -2. Stop iSulad. - - ``` - systemctl stop isulad - ``` - -3. Modify the **/etc/isulad/daemon.json** configuration file of the iSulad and add the following configurations: - - ``` - { - "runtimes": { - "kata-runtime": { - "path": "/usr/bin/kata-runtime", - "runtime-args": [ - "--kata-config", - "/usr/share/defaults/kata-containers/configuration.toml" - ] - } - } - } - ``` - -4. Restart iSulad. - - ``` - systemctl start isulad - ``` - - -### Configuration.toml - -The secure container provides a global configuration file configuration.toml. Users can also customize the path and configuration options of the secure container configuration file. - -In the **runtimeArges** field of Docker engine, you can use **--kata-config** to specify a private file. The default configuration file path is **/usr/share/defaults/kata-containers/configuration.toml**. - -The following lists the common fields in the configuration file. For details about the configuration file options, see [configuration.toml](#configuration-toml-31.md). - -1. hypervisor.qemu - - **path**: specifies the execution path of the virtualization QEMU. - - **kernel**: specifies the execution path of the guest kernel. - - **initrd**: specifies the guest initrd execution path. - - **machine\_type**: specifies the type of the analog chip. The value is **virt** for the ARM architecture and **pc** for the x86 architecture. - - **kernel\_params**: specifies the running parameters of the guest kernel. - -2. proxy.kata - - **path**: specifies the kata-proxy running path. - - **enable\_debug**: enables the debugging function for the kata-proxy process. - -3. agent.kata - - **enable\_blk\_mount**: enables guest mounting of the block device. - - **enable\_debug**: enables the debugging function for the kata-agent process. - -4. runtime - - **enable\_cpu\_memory\_hotplug**: enables CPU and memory hot swap. - - **enable\_debug**: enables debugging for the kata-runtime process. - - diff --git a/docs/en/docs/Container/installation-and-deployment-2.md b/docs/en/docs/Container/installation-and-deployment-2.md index e001954b7c15c4d9daa8d8ab930826bf67c20bcf..8d8c74270cb1864e69a9451e849b45478f4236f9 100644 --- a/docs/en/docs/Container/installation-and-deployment-2.md +++ b/docs/en/docs/Container/installation-and-deployment-2.md @@ -1,454 +1,127 @@ # Installation and Deployment -- [Installation and Deployment](#installation-and-deployment-2) - - [Precautions](#precautions) - - [Basic Installation Configuration](#basic-installation-configuration) - - [Daemon Parameter Configuration](#daemon-parameter-configuration) - - [Daemon Running Directory Configuration](#daemon-running-directory-configuration) - - [Daemon Network Configuration](#daemon-network-configuration) - - [Daemon umask Configuration](#daemon-umask-configuration) - - [Daemon Start Time](#daemon-start-time) - - [Journald Component](#journald-component) - - [Firewalld Component](#firewalld-component) - - [Iptables Component](#iptables-component) - - [Audit Component](#audit-component) - - [Security Configuration seccomp](#security-configuration-seccomp) - - [Do Not Modify Private Directory of Docker Daemon](#do-not-modify-private-directory-of-docker-daemon) - - [Precautions for Common Users in the Scenario Where a Large Number of Containers Are Deployed](#precautions-for-common-users-in-the-scenario-where-a-large-number-of-containers-are-deployed) - - [Storage Driver Configuration](#storage-driver-configuration) - - [overlay2 Storage Driver Configuration](#overlay2-storage-driver-configuration) - - [devicemapper Storage Driver Configuration](#devicemapper-storage-driver-configuration-35) - - [Impact of Forcibly Killing Docker Background Processes](#impact-of-forcibly-killing-docker-background-processes) - - [Semaphores May Be Residual](#semaphores-may-be-residual) - - [NICs May Be Residual](#nics-may-be-residual) - - [Failed to Restart a Container](#failed-to-restart-a-container) - - [Failed to Restart the Docker Service](#failed-to-restart-the-docker-service) - - [Impact of System Power-off](#impact-of-system-power-off) +- [Installation and Deployment](#installation-and-deployment-1) + - [Installation Methods](#installation-methods-26) + - [Deployment Configuration](#deployment-configuration-27) + - [Configuring the Docker Engine](#configuring-the-docker-engine) + - [iSulad Configuration](#isulad-configuration) + - [Configuration.toml](#configuration-toml) +## Installation Methods -## Precautions +### Prerequisites -- The **docker-engine** RPM package cannot be installed together with the **containerd**, **runc**, or **podman** RPM package. This is because the **docker-engine** RPM package contains all components required for Docker running, including **containerd**, **runc**, and **docker** binary files. Yet the **containerd**, **runc**, and **podman** RPM packages also contain the corresponding binary files. Software package conflicts may occur due to repeated installation. +- The root permission is required for installing a Kata container. +- For better performance experience, a Kata container needs to run on the bare metal server and cannot run on VMs. +- A Kata container depends on the following components \(openEuler 1.0 version\). Ensure that the required components have been installed in the environment. To install iSulad, refer to [Installation Configuration](https://docs.openeuler.org/en/docs/20.03_LTS_SP4/docs/Container/installation-configuration.html). + - docker-engine + - qemu -## Basic Installation Configuration +### Installation Procedure +Released Kata container components are integrated in the **kata-containers-**_version_**.rpm** package. You can run the **rpm** command to install the corresponding software. -### Daemon Parameter Configuration - -You can add configuration items to the **/etc/docker/daemon.json** file to customize parameters. You can run the **dockerd --help** command to view related configuration items and their usage methods. A configuration example is as follows: - -``` -cat /etc/docker/daemon.json -{ - "debug": true, - "storage-driver": "overlay2", - "storage-opts": ["overlay2.override_kernel_check=true"] -} -``` - -### Daemon Running Directory Configuration - -Re-configuring various running directories and files \(including **--graph** and **--exec-root**\) may cause directory conflicts or file attribute changes, affecting the normal use of applications. - ->![](./public_sys-resources/icon-notice.gif) **NOTICE:** ->Therefore, the specified directories or files should be used only by Docker to avoid file attribute changes and security issues caused by conflicts. - -- Take **--graph** as an example. When **/new/path/** is used as the new root directory of the daemon, if a file exists in **/new/path/** and the directory or file name conflicts with that required by Docker \(for example, **containers**, **hooks**, and **tmp**\), Docker may update the original directory or file attributes, including the owner and permission. - ->![](./public_sys-resources/icon-notice.gif) **NOTICE:** ->From Docker 17.05, the **--graph** parameter is marked as **Deprecated** and replaced with the **--data-root** parameter. - -### Daemon Network Configuration - -- After the network segment of the docker0 bridge is specified by using the **--bip** parameter on Docker daemon, if the **--bip** parameter is deleted during the next Docker daemon restart, the docker0 bridge uses the previous value of **--bip**, even if the docker0 bridge is deleted before the restart. The reason is that Docker saves the network configuration and restores the previous configuration by default during the next restart. -- When running the **docker network create** command to concurrently create networks, you can create two networks with the same name. The reason is that Docker networks are distinguished by IDs. The name is only an alias that is easy to identify and may not be unique. -- In the Docker bridge network mode, a Docker container establishes external communication through NAT on the host. When Docker daemon starts a Docker container, a docker-proxy process is started for each port mapped on the host to access the proxy. It is recommended that you map only the necessary ports when using userland-proxy to reduce the resources consumed by the port mapping of docker-proxy. - -### Daemon umask Configuration - -The default **umask** value of the main container process and exec process is **0022**. To meet security specifications and prevent containers from being attacked, the default value of **umask** is changed to **0027** after runC implementation is modified. After the modification, the other groups cannot access new files or directories. - -The default value of **umask** is **0027** when Docker starts a container. You can change the value to **0022** by running the **--exec-opt native.umask=normal** command during container startup. - ->![](./public_sys-resources/icon-notice.gif) **NOTICE:** ->If **native.umask** is configured in **docker create** or **docker run** command, its value is used. - -For details, see the parameter description in [4.6.2.4 create](#create.md#EN-US_TOPIC_0184808242) and [4.6.2.16 run](#container-management-40.md#EN-US_TOPIC_0184808238). - -### Daemon Start Time - -The Docker service is managed by systemd, which restricts the startup time of each service. If the Docker service fails to be started within the specified time, the possible causes are as follows: - -- If Docker daemon is started for the first time using devicemapper, the Docker daemon needs to perform the initialization operation on the device. This operation, however, will perform a large number of disk I/O operations. When the disk performance is poor or many I/O conflicts exist, the Docker daemon startup may time out. devicemapper needs to be initialized only once and does not need to be initialized again during later Docker daemon startup. -- If the usage of the current system resources is too high, the system responses slowly, all operations in the system slow down, and the startup of the Docker service may time out. -- During the restart, a daemon traverses and reads configuration files and the init layer and writable layer configurations of each container in the Docker working directory. If there are too many containers \(including the created and exited containers\) in the current system and the disk read and write performance is limited, the startup of the Docker service may time out due to the long-time daemon traversing. - -   - -If the service startup times out, you are advised to rectify the fault as follows: - -- Ensure that the container orchestration layer periodically deletes unnecessary containers, especially the exited containers. -- Based on performance requirements of the solution, adjust the cleanup period of the orchestration layer and the start time of the Docker service. - -### Journald Component - -After systemd-journald is restarted, Docker daemon needs to be restarted. Journald obtains the Docker daemon logs through a pipe. If the journald service is restarted, the pipe is disabled. The write operation of Docker logs triggers the SIGPIPE signal, which causes the Docker daemon crash. If this signal is ignored, the subsequent Docker daemon logs may fail to be recorded. Therefore, you are advised to restart Docker daemon after the journald service is restarted or becomes abnormal, ensuring that Docker logs can be properly recorded and preventing status exceptions caused by daemon crash. - -### Firewalld Component - -You need to restart the Docker service after restarting or starting firewalld. - -- When the firewalld service is started, the iptables rules of the current system are cleared. Therefore, if the firewalld service is restarted during Docker daemon startup, the Docker service may fail to insert iptables rules, causing the Docker service startup failure. -- If the firewalld service is restarted after the Docker service is started, or the status of the firewalld service \(service paused or resumed\) is changed, the iptables rules of the Docker service are deleted. As a result, the container with port mapping fails to be created. - -### Iptables Component - -If the **--icc=false** option is added in Docker, the communication between containers can be restricted. However, if the OS has some rules, the communication between containers may not be restricted. For example: - -``` -Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) -... -0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 -... -0 0 DROP all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 -... -``` - -In the **Chain FORWARD** command, the ACCEPT icmp rule is added to DROP. As a result, after the **--icc=false** option is added, containers can be pinged, but the peer end is unreachable if UDP or TCP is used. - -Therefore, if you want to add the **--icc=false** option when using Docker in a container OS, you are advised to clear iptables rules on the host first. - -### Audit Component - -You can configure audit for Docker. However, this configuration is not mandatory. For example: - -``` --w /var/lib/docker -k docker --w /etc/docker -k docker --w /usr/lib/systemd/system/docker.service -k docker --w /usr/lib/systemd/system/docker.socket -k docker --w /etc/sysconfig/docker -k docker --w /usr/bin/docker-containerd -k docker --w /usr/bin/docker-runc -k docker --w /etc/docker/daemon.json -k docker ``` - -Configuring audit for Docker brings certain benefits for auditing, while it does not have any substantial effects on attack defense. In addition, the audit configurations cause serious efficiency problems, for example, the system may not respond smoothly. Therefore, exercise caution in the production environment. - -The following uses **-w /var/lib/docker -k docker** as an example to describe how to configure Docker audit. - -``` -[root@localhost signal]# cat /etc/audit/rules.d/audit.rules | grep docker -w /var/lib/docker/ -k docker -[root@localhost signal]# auditctl -R /etc/audit/rules.d/audit.rules | grep docker -[root@localhost signal]# auditctl -l | grep docker -w /var/lib/docker/ -p rwxa -k docker -``` - ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->**-p \[r|w|x|a\]** and **-w** are used together to monitor the read, write, execution, and attribute changes \(such as timestamp changes\) of the directory. In this case, any file or directory operation in the **/var/lib/docker** directory will be recorded in the **audit.log** file. As a result, too many logs will be recorded in the **audit.log** file, which severely affects the memory or CPU usage of the auditd, and further affects the OS. For example, logs similar to the following will be recorded in the **/var/log/audit/audit.log** file each time the **ls /var/lib/docker/containers** command is executed: - -``` -type=SYSCALL msg=audit(1517656451.457:8097): arch=c000003e syscall=257 success=yes exit=3 a0=ffffffffffffff9c a1=1b955b0 a2=90800 a3=0 items=1 ppid=17821 pid=1925 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 ses=4 comm="ls" exe="/usr/bin/ls" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="docker"type=CWD msg=audit(1517656451.457:8097): cwd="/root"type=PATH msg=audit(1517656451.457:8097): item=0 name="/var/lib/docker/containers" inode=1049112 dev=fd:00 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:container_var_lib_t:s0 objtype=NORMAL -``` - -   - -### Security Configuration seccomp - -During the container network performance test, it is found that the performance of Docker is lower than that of the native kernel namespace. After seccomp is enabled, system calls \(such as sendto\) are not performed through system\_call\_fastpath. Instead, tracesys is called, which greatly deteriorates the performance. Therefore, you are advised to disable seccomp in container scenarios where services require high performance. For example: - -``` -docker run -itd --security-opt seccomp=unconfined busybox:latest -``` - -### Do Not Modify Private Directory of Docker Daemon - -Do not modify the root directory used by Docker \(**/var/lib/docker** by default\), the directory during operation \(**/run/docker** by default\), or the files or directories in the two directories. The forbidden operations include deleting files, adding files, creating soft or hard links for the directories or files, or modifying attributes, permissions, or contents of the files. If any modification is required, contact the Euler container team for review. - -### Precautions for Common Users in the Scenario Where a Large Number of Containers Are Deployed - -The maximum number of processes that a common user can create on an OS host can be restricted by creating the **/etc/security/limits.d/20-nproc.conf** file in the system. Similarly, the maximum number of processes that a common user can create in a container is determined by the value in the **/etc/security/limits.d/20-nproc.conf** file in the container image, as shown in the following example: - -``` -cat /etc/security/limits.conf -* soft nproc 4096 -``` - -If an error is reported due to insufficient resources when a large number of containers are deployed by a common user, increase the value **4096** in the **/etc/security/limits.d/20-nproc.conf** file. - -Configure the maximum value based on the maximum capability of the kernel, as shown in the following example: - -``` -[root@localhost ~]# sysctl -a | grep pid_max -kernel.pid_max = 32768 +rpm -ivh kata-containers-.rpm ``` -## Storage Driver Configuration - -This Docker version supports two storage drivers: overlay2 and devicemapper. Since overlay2 has better performance than devicemapper, it is recommended that overlay2 be preferentially used in the production environment. - - +## Deployment Configuration -### overlay2 Storage Driver Configuration +### Configuring the Docker Engine -#### Configuration Methods +To enable the Docker engine to support kata-runtime, perform the following steps to configure the Docker engine: -overlay2 is the default storage driver of Docker. You can also use either of the following methods to check or configure the driver: - -- Edit the **/etc/docker/daemon.json** file to check or configure the **storage-driver** field. +1. Ensure that all software packages \(**docker-engine** and **kata-containers**\) have been installed in the environment. +2. Stop the Docker engine. ``` - cat /etc/docker/daemon.json - { - "storage-driver": "overlay2" - } + systemctl stop docker ``` +3. Modify the configuration file **/etc/docker/daemon.json** of the Docker engine and add the following configuration: -- Edit the **/etc/sysconfig/docker-storage** file and check or configure the Docker daemon startup parameters. - - ``` - cat /etc/sysconfig/docker-storage - DOCKER_STORAGE_OPTIONS="--storage-driver=overlay2" ``` - - -#### Precautions - -- When you perform lifecycle management operations on some containers, an error may be reported, indicating that the corresponding rootfs or executable file cannot be found. -- If the health check of a container is configured to execute executable files in the container, an error may be reported, which causes the health check failure of the container. - -- When you use overlay2 as the graphdriver and modify an image file in a container for the first time, the modification fails if the file size is greater than the remaining space of the system. Even if a little modification on the file is involved, the whole file must be copied to the upper layer. If the remaining space is insufficient, the modification fails. -- Compared with common file systems, the overlay2 file system has the following behavior differences: - - Kernel version - - overlay2 is compatible only with the native kernel 4.0 or later. You are advised to use the Ext4 file system. - - - Copy-UP performance - - Modifying files at the lower layer triggers file replication to the upper layer. Data block replication and fsync are time-consuming. - - - Rename directories - - The rename system call is allowed only when both the source and the destination paths are at the merged layer. Otherwise, the EXDEV error is reported. - - Kernel 4.10 introduces the redirect directory feature to fix this issue. The corresponding kernel option is **CONFIG\_OVERLAY\_FS\_REDIRECT\_DIR**. - - When overlay2 is used, a file system directory fails to be renamed because the related feature configured in the **/sys/module/overlay/parameters/redirect\_dir** file has been disabled. To use this feature, you need to manually set **/sys/module/overlay/parameters/redirect\_dir** to **Y**. - - - Hard link disconnection - - If there are multiple hard links in the lower-layer directory, writing data to the merged layer will trigger Copy-UP, resulting in hard link disconnection. - - The index feature is introduced in kernel 4.13 to fix this issue. The corresponding kernel option is **CONFIG\_OVERLAY\_FS\_INDEX**. Note that this option is not forward compatible and does not support hot upgrade. - - - Changes of **st\_dev** and **st\_ino** - - After Copy-UP is triggered, you can view only new files at the merged layer, and inodes change. Although **attr** and **xattr** can be replicated, **st\_dev** and **st\_ino** are unique and cannot be replicated. As a result, you can run **stat** and **ls** commands to check inode changes accordingly. - - - fd change - - Before Copy-UP is triggered, you can obtain the descriptor fd1 when opening a file in read-only mode. After Copy-UP is trigger, you can obtain the descriptor fd2 when opening the file with the same name. The two descriptors point to different files. The data written to fd2 is not displayed in fd1. - - - -#### Abnormal Scenarios - -When a container uses the overlay2 storage driver, mount points may be overwritten. - -   - -#### Abnormal Scenario: Mount Point Being Overwritten - -In the faulty container, there is a mount point in **/var/lib/docker/overlay2**. - -``` -[root@localhost ~]# mount -l | grep overlay -overlay on /var/lib/docker/overlay2/844fd3bca8e616572935808061f009d106a8748dfd29a0a4025645457fa21785/merged type overlay (rw,relatime,seclabel,lowerdir=/var/lib/docker/overlay2/l/JL5PZQLNDCIBU3ZOG3LPPDBHIJ:/var/lib/docker/overlay2/l/ELRPYU4JJG4FDPRLZJCZZE4UO6,upperdir=/var/lib/docker/overlay2/844fd3bca8e616572935808061f009d106a8748dfd29a0a4025645457fa21785/diff,workdir=/var/lib/docker/overlay2/844fd3bca8e616572935808061f009d106a8748dfd29a0a4025645457fa21785/work) -/dev/mapper/dm-root on /var/lib/docker/overlay2 type ext4 (rw,relatime,seclabel,data=ordered) -``` - -An error as follows may occur when some Docker commands are executed: - -``` -[root@localhost ~]# docker rm 1348136d32 -docker rm: Error response from daemon: driver "overlay2" failed to remove root filesystem for 1348136d32: error while removing /var/lib/docker/overlay2/844fd3bca8e616572935808061f009d106a8748dfd29a0a4025645457fa21785: invalid argument -``` - -You will find that the rootfs of the corresponding container cannot be found on the host. However, this does not mean that the rootfs is lost. The rootfs is overwritten by the mount point in **/var/lib/docker/overlay2**, and services are still running properly. The solutions are as follows: - -- Solution 1 - 1. Run the following command to check the graphdriver used by Docker: - - ``` - docker info | grep "Storage Driver" - ``` - -    - - 2. Run the following commands to query the current mount point: - - ``` - Devicemapper: mount -l | grep devicemapper - Overlay2: mount -l | grep overlay2 - ``` - - The output format is _A_ on _B_ type _C_ \(_D_\). - - - _A_: block device name or **overlay** - - _B_: mount point - - _C_: file system type - - _D_: mounting attribute - - 3. Run the **umount** command on the mount points \(_B_\) one by one from bottom to top. - 4. Run the **docker restart** command on all the containers or delete all the containers. - 5. Run the following command to restart Docker: - - ``` - systemctl restart docker - ``` - - - -- Solution 2 - 1. Migrate services. - 2. Restart nodes. - - -### devicemapper Storage Driver Configuration - -If you need to set the storage driver of Docker to devicemapper, you can also use either of the following methods to check or configure the driver: - -- Edit the **/etc/docker/daemon.json** file to check or configure the **storage-driver** field. - - ``` - cat /etc/docker/daemon.json { - "storage-driver": "devicemapper" + "runtimes": { + "kata-runtime": { + "path": "/usr/bin/kata-runtime", + "runtimeArgs": [ + "--kata-config", + "/usr/share/defaults/kata-containers/configuration.toml" + ] + } + } } ``` - -- Edit the **/etc/sysconfig/docker-storage** file and check or configure the Docker daemon startup parameters. +4. Restart the Docker engine. ``` - cat /etc/sysconfig/docker-storage - DOCKER_STORAGE_OPTIONS="--storage-driver=devicemapper" + systemctl start docker ``` -#### Precautions - -- To use devicemapper, you must use the direct-lvm mode. For details about the configuration method, refer to [https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/\#configure-direct-lvm-mode-for-production](https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/#configure-direct-lvm-mode-for-production). -- When configuring devicemapper, if the system does not have sufficient space for automatic capacity expansion of thinpool, disable the automatic capacity expansion function. -- Do not set both the following two parameters in the **/etc/lvm/profile/docker-thinpool.profile** file to **100**: +### iSulad Configuration - ``` - activation { - thin_pool_autoextend_threshold=80 - thin_pool_autoextend_percent=20 - } - ``` +To enable the iSulad to support the new container runtime kata-runtime, perform the following steps which are similar to those for the container engine docker-engine: -- You are advised to add **--storage-opt dm.use\_deferred\_deletion=true** and **--storage-opt dm.use\_deferred\_removal=true** when using devicemapper. -- When devicemapper is used, you are advised to use Ext4 as the container file system. You need to add **--storage-opt dm.fs=ext4** to the configuration parameters of Docker daemon. -- If graphdriver is devicemapper and the metadata files are damaged and cannot be restored, you need to manually restore the metadata files. Do not directly operate or tamper with metadata of the devicemapper storage driver in Docker daemon. -- When the devicemapper LVM is used, if the devicemapper thinpool is damaged due to abnormal power-off, you cannot ensure the data integrity or whether the damaged thinpool can be restored. Therefore, you need to rebuild the thinpool. - -**Precautions for Switching the devicemapper Storage Pool When the User Namespace Feature Is Enabled on Docker Daemon** - -- Generally, the path of the deviceset-metadata file is **/var/lib/docker/devicemapper/metadata/deviceset-metadata** during container startup. -- If user namespaces are used, the path of the deviceset-metadata file is **/var/lib/docker/**_userNSUID.GID_**/devicemapper/metadata/deviceset-metadata**. -- When you use the devicemapper storage driver and the container is switched between the user namespace scenario and common scenario, the **BaseDeviceUUID** content in the corresponding deviceset-metadata file needs to be cleared. In the thinpool capacity expansion or rebuild scenario, you also need to clear the **BaseDeviceUUID** content in the deviceset-metadata file. Otherwise, the Docker service fails to be restarted. - -## Impact of Forcibly Killing Docker Background Processes - -The call chain of Docker is long. Forcibly killing docker background processes \(such as sending **kill -9**\) may cause data status inconsistency. This section describes some problems that may be caused by forcible killing. - -### Semaphores May Be Residual - -When the devicemapper is used as the graphdriver, forcible killing may cause residual semaphores. Docker creates semaphores when performing operations on devicemapper. If daemon is forcibly killed before the semaphores are released, the release may fail. A maximum of one semaphore can be leaked at a time, and the leakage probability is low. However, the Linux OS has an upper limit on semaphores. When the number of semaphore leakage times reaches the upper limit, new semaphores cannot be created. As a result, Docker daemon fails to be started. The troubleshooting method is as follows: - -1. Check the residual semaphores in the system. +1. Ensure that all software packages \(iSulad and kata-containers\) have been installed in the environment. +2. Stop iSulad. ``` - $ ipcs - ------ Message Queues -------- - key msqid owner perms used-bytes messages - ------ Shared Memory Segments -------- - key shmid owner perms bytes nattch status - ------ Semaphore Arrays -------- - key semid owner perms nsems - 0x0d4d3358 238977024 root 600 1 - 0x0d4d0ec9 270172161 root 600 1 - 0x0d4dc02e 281640962 root 600 1 + systemctl stop isulad ``` -2. Run the **dmsetup** command to check semaphores created by devicemapper. The semaphore set is the subset of the system semaphores queried in the previous step. +3. Modify the **/etc/isulad/daemon.json** configuration file of the iSulad and add the following configurations: ``` - $ dmsetup udevcookies - ``` - -3. Check the upper limit of kernel semaphores. The fourth value is the upper limit of the current system semaphores. - - ``` - $ cat /proc/sys/kernel/sem - 250 32000 32 128 - ``` - - If the number of residual semaphores in step 1 is the same as the upper limit of semaphores in step 3, the number of residual semaphores reaches the upper limit. In this case, Docker daemon cannot be normally started. You can run the following command to increase the upper limit to restart Docker: - - ``` - $ echo 250 32000 32 1024 > /proc/sys/kernel/sem + { + "runtimes": { + "kata-runtime": { + "path": "/usr/bin/kata-runtime", + "runtime-args": [ + "--kata-config", + "/usr/share/defaults/kata-containers/configuration.toml" + ] + } + } + } ``` - You can also run the following command to manually clear the residual devicemapper semaphores. The following describes how to clear the devicemapper semaphores applied one minute ago. +4. Restart iSulad. ``` - $ dmsetup udevcomplete_all 1 - This operation will destroy all semaphores older than 1 minutes with keys that have a prefix 3405 (0xd4d). - Do you really want to continue? [y/n]: y - 0 semaphores with keys prefixed by 3405 (0xd4d) destroyed. 0 skipped. + systemctl start isulad ``` -### NICs May Be Residual - -When a container is started in bridge mode, forcibly killing may cause residual NICs. In bridge network mode, when Docker creates a container, a pair of veths are created on the host, and then the NIC information is saved to the database. If daemon is forcibly killed before the NIC information is saved to the database of Docker, the NIC cannot be associated with Docker and cannot be deleted during the next startup because Docker deletes unused NICs from its database. - -### Failed to Restart a Container - -If container hook takes a long time, and containerd is forcibly killed during container startup, the container start operation may fail. When containerd is forcibly killed during container startup, an error is returned for the Docker start operation. After containerd is restarted, the last startup may still be in the **runc create** execution phase \(executing the user-defined hook may take a long time\). If you run the **docker start** command again to start the container, the following error message may be displayed: - -``` -Error response from daemon: oci runtime error: container with id exists: xxxxxx -``` - -This error is caused by running **runc create** on an existing container \(or being created\). After the **runc create** operation corresponding to the first start operation is complete, the **docker start** command can be successfully executed. - -The execution of hook is not controlled by Docker. In this case, if the container is recycled, the containerd process may be suspended when an unknown hook program is executed. In addition, the risk is controllable \(although the creation of the current container is affected in a short period\). - -- After the first operation is complete, the container can be successfully started again. -- Generally, a new container is created after the container fails to be started. The container that fails to be started cannot be reused. - -In conclusion, this problem has a constraint on scenarios. +### Configuration.toml -### Failed to Restart the Docker Service +The Kata container provides a global configuration file configuration.toml. Users can also customize the path and configuration options of the Kata container configuration file. -The Docker service cannot be restarted properly due to frequent startup in a short period The Docker system service is monitored by systemd. If the Docker service is restarted for more than five times within 10s, the systemd service detects the abnormal startup. Therefore, the Docker service is disabled. Docker can respond to the restart command and be normally restarted only when the next period of 10s starts. +In the **runtimeArges** field of Docker engine, you can use **--kata-config** to specify a private file. The default configuration file path is **/usr/share/defaults/kata-containers/configuration.toml**. -## Impact of System Power-off +The following lists the common fields in the configuration file. For details about the configuration file options, see [configuration.toml](https://docs.openeuler.org/en/docs/20.03_LTS_SP4/docs/Container/appendix-2.html). -When a system is unexpectedly powered off or system panic occurs, Docker daemon status may not be updated to the disk in time. As a result, Docker daemon is abnormal after the system is restarted. The possible problems include but are not limited to the following: +1. hypervisor.qemu + - **path**: specifies the execution path of the virtualization QEMU. + - **kernel**: specifies the execution path of the guest kernel. + - **initrd**: specifies the guest initrd execution path. + - **machine\_type**: specifies the type of the analog chip. The value is **virt** for the ARM architecture and **pc** for the x86 architecture. + - **kernel\_params**: specifies the running parameters of the guest kernel. -- A container is created before the power-off. After the restart, the container is not displayed when the **docker ps –a** command is run, as the file status of the container is not updated to the disk. As a result, daemon cannot obtain the container status after the restart. -- Before the system power-off, a file is being written. After daemon is restarted, the file format is incorrect or the file content is incomplete. As a result, loading fails. -- As Docker database \(DB\) will be damaged during power-off, all DB files in **data-root** will be deleted during node restart. Therefore, the following information created before the restart will be deleted after the restart: - - Network: Resources created through Docker network will be deleted after the node is restarted. - - Volume: Resources created through Docker volume will be deleted after the node is restarted. - - Cache construction: The cache construction information will be deleted after the node is restarted. - - Metadata stored in containerd: Metadata stored in containerd will be recreated when a container is started. Therefore, the metadata stored in containerd will be deleted when the node is restarted. +2. proxy.kata + - **path**: specifies the kata-proxy running path. + - **enable\_debug**: enables the debugging function for the kata-proxy process. - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >If you want to manually clear data and restore the environment, you can set the environment variable **DISABLE\_CRASH\_FILES\_DELETE** to **true** to disable the function of clearing DB files when the daemon process is restarted due to power-off. +3. agent.kata + - **enable\_blk\_mount**: enables guest mounting of the block device. + - **enable\_debug**: enables the debugging function for the kata-agent process. +4. runtime + - **enable\_cpu\_memory\_hotplug**: enables CPU and memory hot swap. + - **enable\_debug**: enables debugging for the kata-runtime process. diff --git a/docs/en/docs/Container/installation-and-deployment-3.md b/docs/en/docs/Container/installation-and-deployment-3.md new file mode 100644 index 0000000000000000000000000000000000000000..62792cca988f982022020b06a6d6cb0b7c85984e --- /dev/null +++ b/docs/en/docs/Container/installation-and-deployment-3.md @@ -0,0 +1,458 @@ +# Installation and Deployment + +- [Installation and Deployment](#installation-and-deployment) + - [Precautions](#precautions) + - [Basic Installation Configuration](#basic-installation-configuration) + - [Daemon Parameter Configuration](#daemon-parameter-configuration) + - [Daemon Running Directory Configuration](#daemon-running-directory-configuration) + - [Daemon Network Configuration](#daemon-network-configuration) + - [Daemon umask Configuration](#daemon-umask-configuration) + - [Daemon Start Time](#daemon-start-time) + - [Journald Component](#journald-component) + - [Firewalld Component](#firewalld-component) + - [Iptables Component](#iptables-component) + - [Audit Component](#audit-component) + - [Security Configuration seccomp](#security-configuration-seccomp) + - [Do Not Modify Private Directory of Docker Daemon](#do-not-modify-private-directory-of-docker-daemon) + - [Precautions for Common Users in the Scenario Where a Large Number of Containers Are Deployed](#precautions-for-common-users-in-the-scenario-where-a-large-number-of-containers-are-deployed) + - [Storage Driver Configuration](#storage-driver-configuration) + - [overlay2 Storage Driver Configuration](#overlay2-storage-driver-configuration) + - [Configuration Methods](#configuration-methods) + - [Precautions](#precautions-1) + - [Abnormal Scenarios](#abnormal-scenarios) + - [Abnormal Scenario: Mount Point Being Overwritten](#abnormal-scenario-mount-point-being-overwritten) + - [devicemapper Storage Driver Configuration](#devicemapper-storage-driver-configuration) + - [Precautions](#precautions-2) + - [Impact of Forcibly Killing Docker Background Processes](#impact-of-forcibly-killing-docker-background-processes) + - [Semaphores May Be Residual](#semaphores-may-be-residual) + - [NICs May Be Residual](#nics-may-be-residual) + - [Failed to Restart a Container](#failed-to-restart-a-container) + - [Failed to Restart the Docker Service](#failed-to-restart-the-docker-service) + - [Impact of System Power-off](#impact-of-system-power-off) + + + +## Precautions + +- The root permission is required for installing a Docker container. +- The **docker-engine** RPM package cannot be installed together with the **containerd**, **runc**, **docker-proxy**, or **podman** RPM package. This is because the **docker-engine** RPM package contains all components required for Docker running, including **containerd**, **runc**, **docker-proxy**, and **docker** binary files. Yet the **containerd**, **runc**, **docker-proxy**, and **podman** RPM packages also contain the corresponding binary files. Software package conflicts may occur due to repeated installation. + +## Basic Installation Configuration + + + +### Daemon Parameter Configuration + +You can add configuration items to the **/etc/docker/daemon.json** file to customize parameters. You can run the **dockerd --help** command to view related configuration items and their usage methods. A configuration example is as follows: + +``` +cat /etc/docker/daemon.json +{ + "debug": true, + "storage-driver": "overlay2", + "storage-opts": ["overlay2.override_kernel_check=true"] +} +``` + +### Daemon Running Directory Configuration + +Re-configuring various running directories and files \(including **--graph** and **--exec-root**\) may cause directory conflicts or file attribute changes, affecting the normal use of applications. + +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** +>Therefore, the specified directories or files should be used only by Docker to avoid file attribute changes and security issues caused by conflicts. + +- Take **--graph** as an example. When **/new/path/** is used as the new root directory of the daemon, if a file exists in **/new/path/** and the directory or file name conflicts with that required by Docker \(for example, **containers**, **hooks**, and **tmp**\), Docker may update the original directory or file attributes, including the owner and permission. + +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** +>From Docker 17.05, the **--graph** parameter is marked as **Deprecated** and replaced with the **--data-root** parameter. + +### Daemon Network Configuration + +- After the network segment of the docker0 bridge is specified by using the **--bip** parameter on Docker daemon, if the **--bip** parameter is deleted during the next Docker daemon restart, the docker0 bridge uses the previous value of **--bip**, even if the docker0 bridge is deleted before the restart. The reason is that Docker saves the network configuration and restores the previous configuration by default during the next restart. +- When running the **docker network create** command to concurrently create networks, you can create two networks with the same name. The reason is that Docker networks are distinguished by IDs. The name is only an alias that is easy to identify and may not be unique. +- In the Docker bridge network mode, a Docker container establishes external communication through NAT on the host. When Docker daemon starts a Docker container, a docker-proxy process is started for each port mapped on the host to access the proxy. It is recommended that you map only the necessary ports when using userland-proxy to reduce the resources consumed by the port mapping of docker-proxy. + +### Daemon umask Configuration + +The default **umask** value of the main container process and exec process is **0022**. To meet security specifications and prevent containers from being attacked, the default value of **umask** is changed to **0027** after runC implementation is modified. After the modification, the other groups cannot access new files or directories. + +The default value of **umask** is **0027** when Docker starts a container. You can change the value to **0022** by running the **--exec-opt native.umask=normal** command during container startup. + +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** +>If **native.umask** is configured in **docker create** or **docker run** command, its value is used. + +For details, see the parameter description in [docker create](https://docs.openeuler.org/en/docs/20.03_LTS_SP4/docs/Container/container-management-2.html#create) and [docker run](https://docs.openeuler.org/en/docs/20.03_LTS_SP4/docs/Container/container-management-2.html#run). + +### Daemon Start Time + +The Docker service is managed by systemd, which restricts the startup time of each service. If the Docker service fails to be started within the specified time, the possible causes are as follows: + +- If Docker daemon is started for the first time using devicemapper, the Docker daemon needs to perform the initialization operation on the device. This operation, however, will perform a large number of disk I/O operations. When the disk performance is poor or many I/O conflicts exist, the Docker daemon startup may time out. devicemapper needs to be initialized only once and does not need to be initialized again during later Docker daemon startup. +- If the usage of the current system resources is too high, the system responses slowly, all operations in the system slow down, and the startup of the Docker service may time out. +- During the restart, a daemon traverses and reads configuration files and the init layer and writable layer configurations of each container in the Docker working directory. If there are too many containers \(including the created and exited containers\) in the current system and the disk read and write performance is limited, the startup of the Docker service may time out due to the long-time daemon traversing. + +   + +If the service startup times out, you are advised to rectify the fault as follows: + +- Ensure that the container orchestration layer periodically deletes unnecessary containers, especially the exited containers. +- Based on performance requirements of the solution, adjust the cleanup period of the orchestration layer and the start time of the Docker service. + +### Journald Component + +After systemd-journald is restarted, Docker daemon needs to be restarted. Journald obtains the Docker daemon logs through a pipe. If the journald service is restarted, the pipe is disabled. The write operation of Docker logs triggers the SIGPIPE signal, which causes the Docker daemon crash. If this signal is ignored, the subsequent Docker daemon logs may fail to be recorded. Therefore, you are advised to restart Docker daemon after the journald service is restarted or becomes abnormal, ensuring that Docker logs can be properly recorded and preventing status exceptions caused by daemon crash. + +### Firewalld Component + +You need to restart the Docker service after restarting or starting firewalld. + +- When the firewalld service is started, the iptables rules of the current system are cleared. Therefore, if the firewalld service is restarted during Docker daemon startup, the Docker service may fail to insert iptables rules, causing the Docker service startup failure. +- If the firewalld service is restarted after the Docker service is started, or the status of the firewalld service \(service paused or resumed\) is changed, the iptables rules of the Docker service are deleted. As a result, the container with port mapping fails to be created. + +### Iptables Component + +If the **--icc=false** option is added in Docker, the communication between containers can be restricted. However, if the OS has some rules, the communication between containers may not be restricted. For example: + +``` +Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) +... +0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 +... +0 0 DROP all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 +... +``` + +In the **Chain FORWARD** command, the ACCEPT icmp rule is added to DROP. As a result, after the **--icc=false** option is added, containers can be pinged, but the peer end is unreachable if UDP or TCP is used. + +Therefore, if you want to add the **--icc=false** option when using Docker in a container OS, you are advised to clear iptables rules on the host first. + +### Audit Component + +You can configure audit for Docker. However, this configuration is not mandatory. For example: + +``` +-w /var/lib/docker -k docker +-w /etc/docker -k docker +-w /usr/lib/systemd/system/docker.service -k docker +-w /usr/lib/systemd/system/docker.socket -k docker +-w /etc/sysconfig/docker -k docker +-w /usr/bin/docker-containerd -k docker +-w /usr/bin/docker-runc -k docker +-w /etc/docker/daemon.json -k docker +``` + +Configuring audit for Docker brings certain benefits for auditing, while it does not have any substantial effects on attack defense. In addition, the audit configurations cause serious efficiency problems, for example, the system may not respond smoothly. Therefore, exercise caution in the production environment. + +The following uses **-w /var/lib/docker -k docker** as an example to describe how to configure Docker audit. + +``` +[root@localhost signal]# cat /etc/audit/rules.d/audit.rules | grep docker -w /var/lib/docker/ -k docker +[root@localhost signal]# auditctl -R /etc/audit/rules.d/audit.rules | grep docker +[root@localhost signal]# auditctl -l | grep docker -w /var/lib/docker/ -p rwxa -k docker +``` + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>**-p \[r|w|x|a\]** and **-w** are used together to monitor the read, write, execution, and attribute changes \(such as timestamp changes\) of the directory. In this case, any file or directory operation in the **/var/lib/docker** directory will be recorded in the **audit.log** file. As a result, too many logs will be recorded in the **audit.log** file, which severely affects the memory or CPU usage of the auditd, and further affects the OS. For example, logs similar to the following will be recorded in the **/var/log/audit/audit.log** file each time the **ls /var/lib/docker/containers** command is executed: + +``` +type=SYSCALL msg=audit(1517656451.457:8097): arch=c000003e syscall=257 success=yes exit=3 a0=ffffffffffffff9c a1=1b955b0 a2=90800 a3=0 items=1 ppid=17821 pid=1925 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 ses=4 comm="ls" exe="/usr/bin/ls" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="docker"type=CWD msg=audit(1517656451.457:8097): cwd="/root"type=PATH msg=audit(1517656451.457:8097): item=0 name="/var/lib/docker/containers" inode=1049112 dev=fd:00 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:container_var_lib_t:s0 objtype=NORMAL +``` + +   + +### Security Configuration seccomp + +During the container network performance test, it is found that the performance of Docker is lower than that of the native kernel namespace. After seccomp is enabled, system calls \(such as sendto\) are not performed through system\_call\_fastpath. Instead, tracesys is called, which greatly deteriorates the performance. Therefore, you are advised to disable seccomp in container scenarios where services require high performance. For example: + +``` +docker run -itd --security-opt seccomp=unconfined busybox:latest +``` + +### Do Not Modify Private Directory of Docker Daemon + +Do not modify the root directory used by Docker \(**/var/lib/docker** by default\), the directory during operation \(**/run/docker** by default\), or the files or directories in the two directories. The forbidden operations include deleting files, adding files, creating soft or hard links for the directories or files, or modifying attributes, permissions, or contents of the files. If any modification is required, contact the Euler container team for review. + +### Precautions for Common Users in the Scenario Where a Large Number of Containers Are Deployed + +The maximum number of processes that a common user can create on an OS host can be restricted by creating the **/etc/security/limits.d/20-nproc.conf** file in the system. Similarly, the maximum number of processes that a common user can create in a container is determined by the value in the **/etc/security/limits.d/20-nproc.conf** file in the container image, as shown in the following example: + +``` +cat /etc/security/limits.conf +* soft nproc 4096 +``` + +If an error is reported due to insufficient resources when a large number of containers are deployed by a common user, increase the value **4096** in the **/etc/security/limits.d/20-nproc.conf** file. + +Configure the maximum value based on the maximum capability of the kernel, as shown in the following example: + +``` +[root@localhost ~]# sysctl -a | grep pid_max +kernel.pid_max = 32768 +``` + +## Storage Driver Configuration + +This Docker version supports two storage drivers: overlay2 and devicemapper. Since overlay2 has better performance than devicemapper, it is recommended that overlay2 be preferentially used in the production environment. + + + +### overlay2 Storage Driver Configuration + +#### Configuration Methods + +overlay2 is the default storage driver of Docker. You can also use either of the following methods to check or configure the driver: + +- Edit the **/etc/docker/daemon.json** file to check or configure the **storage-driver** field. + + ``` + cat /etc/docker/daemon.json + { + "storage-driver": "overlay2" + } + ``` + + +- Edit the **/etc/sysconfig/docker-storage** file and check or configure the Docker daemon startup parameters. + + ``` + cat /etc/sysconfig/docker-storage + DOCKER_STORAGE_OPTIONS="--storage-driver=overlay2" + ``` + + +#### Precautions + +- When you perform lifecycle management operations on some containers, an error may be reported, indicating that the corresponding rootfs or executable file cannot be found. +- If the health check of a container is configured to execute executable files in the container, an error may be reported, which causes the health check failure of the container. + +- When you use overlay2 as the graphdriver and modify an image file in a container for the first time, the modification fails if the file size is greater than the remaining space of the system. Even if a little modification on the file is involved, the whole file must be copied to the upper layer. If the remaining space is insufficient, the modification fails. +- Compared with common file systems, the overlay2 file system has the following behavior differences: + - Kernel version + + overlay2 is compatible only with the native kernel 4.0 or later. You are advised to use the Ext4 file system. + + - Copy-UP performance + + Modifying files at the lower layer triggers file replication to the upper layer. Data block replication and fsync are time-consuming. + + - Rename directories + - The rename system call is allowed only when both the source and the destination paths are at the merged layer. Otherwise, the EXDEV error is reported. + - Kernel 4.10 introduces the redirect directory feature to fix this issue. The corresponding kernel option is **CONFIG\_OVERLAY\_FS\_REDIRECT\_DIR**. + + When overlay2 is used, a file system directory fails to be renamed because the related feature configured in the **/sys/module/overlay/parameters/redirect\_dir** file has been disabled. To use this feature, you need to manually set **/sys/module/overlay/parameters/redirect\_dir** to **Y**. + + - Hard link disconnection + - If there are multiple hard links in the lower-layer directory, writing data to the merged layer will trigger Copy-UP, resulting in hard link disconnection. + - The index feature is introduced in kernel 4.13 to fix this issue. The corresponding kernel option is **CONFIG\_OVERLAY\_FS\_INDEX**. Note that this option is not forward compatible and does not support hot upgrade. + + - Changes of **st\_dev** and **st\_ino** + + After Copy-UP is triggered, you can view only new files at the merged layer, and inodes change. Although **attr** and **xattr** can be replicated, **st\_dev** and **st\_ino** are unique and cannot be replicated. As a result, you can run **stat** and **ls** commands to check inode changes accordingly. + + - fd change + + Before Copy-UP is triggered, you can obtain the descriptor fd1 when opening a file in read-only mode. After Copy-UP is trigger, you can obtain the descriptor fd2 when opening the file with the same name. The two descriptors point to different files. The data written to fd2 is not displayed in fd1. + + + +#### Abnormal Scenarios + +When a container uses the overlay2 storage driver, mount points may be overwritten. + +   + +#### Abnormal Scenario: Mount Point Being Overwritten + +In the faulty container, there is a mount point in **/var/lib/docker/overlay2**. + +``` +[root@localhost ~]# mount -l | grep overlay +overlay on /var/lib/docker/overlay2/844fd3bca8e616572935808061f009d106a8748dfd29a0a4025645457fa21785/merged type overlay (rw,relatime,seclabel,lowerdir=/var/lib/docker/overlay2/l/JL5PZQLNDCIBU3ZOG3LPPDBHIJ:/var/lib/docker/overlay2/l/ELRPYU4JJG4FDPRLZJCZZE4UO6,upperdir=/var/lib/docker/overlay2/844fd3bca8e616572935808061f009d106a8748dfd29a0a4025645457fa21785/diff,workdir=/var/lib/docker/overlay2/844fd3bca8e616572935808061f009d106a8748dfd29a0a4025645457fa21785/work) +/dev/mapper/dm-root on /var/lib/docker/overlay2 type ext4 (rw,relatime,seclabel,data=ordered) +``` + +An error as follows may occur when some Docker commands are executed: + +``` +[root@localhost ~]# docker rm 1348136d32 +docker rm: Error response from daemon: driver "overlay2" failed to remove root filesystem for 1348136d32: error while removing /var/lib/docker/overlay2/844fd3bca8e616572935808061f009d106a8748dfd29a0a4025645457fa21785: invalid argument +``` + +You will find that the rootfs of the corresponding container cannot be found on the host. However, this does not mean that the rootfs is lost. The rootfs is overwritten by the mount point in **/var/lib/docker/overlay2**, and services are still running properly. The solutions are as follows: + +- Solution 1 + 1. Run the following command to check the graphdriver used by Docker: + + ``` + docker info | grep "Storage Driver" + ``` + +    + + 2. Run the following commands to query the current mount point: + + ``` + Devicemapper: mount -l | grep devicemapper + Overlay2: mount -l | grep overlay2 + ``` + + The output format is _A_ on _B_ type _C_ \(_D_\). + + - _A_: block device name or **overlay** + - _B_: mount point + - _C_: file system type + - _D_: mounting attribute + + 3. Run the **umount** command on the mount points \(_B_\) one by one from bottom to top. + 4. Run the **docker restart** command on all the containers or delete all the containers. + 5. Run the following command to restart Docker: + + ``` + systemctl restart docker + ``` + + + +- Solution 2 + 1. Migrate services. + 2. Restart nodes. + + +### devicemapper Storage Driver Configuration + +If you need to set the storage driver of Docker to devicemapper, you can also use either of the following methods to check or configure the driver: + +- Edit the **/etc/docker/daemon.json** file to check or configure the **storage-driver** field. + + ``` + cat /etc/docker/daemon.json + { + "storage-driver": "devicemapper" + } + ``` + + +- Edit the **/etc/sysconfig/docker-storage** file and check or configure the Docker daemon startup parameters. + + ``` + cat /etc/sysconfig/docker-storage + DOCKER_STORAGE_OPTIONS="--storage-driver=devicemapper" + ``` + + +#### Precautions + +- To use devicemapper, you must use the direct-lvm mode. For details about the configuration method, refer to [https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/\#configure-direct-lvm-mode-for-production](https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/#configure-direct-lvm-mode-for-production). +- When configuring devicemapper, if the system does not have sufficient space for automatic capacity expansion of thinpool, disable the automatic capacity expansion function. +- Do not set both the following two parameters in the **/etc/lvm/profile/docker-thinpool.profile** file to **100**: + + ``` + activation { + thin_pool_autoextend_threshold=80 + thin_pool_autoextend_percent=20 + } + ``` + +- You are advised to add **--storage-opt dm.use\_deferred\_deletion=true** and **--storage-opt dm.use\_deferred\_removal=true** when using devicemapper. +- When devicemapper is used, you are advised to use Ext4 as the container file system. You need to add **--storage-opt dm.fs=ext4** to the configuration parameters of Docker daemon. +- If graphdriver is devicemapper and the metadata files are damaged and cannot be restored, you need to manually restore the metadata files. Do not directly operate or tamper with metadata of the devicemapper storage driver in Docker daemon. +- When the devicemapper LVM is used, if the devicemapper thinpool is damaged due to abnormal power-off, you cannot ensure the data integrity or whether the damaged thinpool can be restored. Therefore, you need to rebuild the thinpool. + +**Precautions for Switching the devicemapper Storage Pool When the User Namespace Feature Is Enabled on Docker Daemon** + +- Generally, the path of the deviceset-metadata file is **/var/lib/docker/devicemapper/metadata/deviceset-metadata** during container startup. +- If user namespaces are used, the path of the deviceset-metadata file is **/var/lib/docker/**_userNSUID.GID_**/devicemapper/metadata/deviceset-metadata**. +- When you use the devicemapper storage driver and the container is switched between the user namespace scenario and common scenario, the **BaseDeviceUUID** content in the corresponding deviceset-metadata file needs to be cleared. In the thinpool capacity expansion or rebuild scenario, you also need to clear the **BaseDeviceUUID** content in the deviceset-metadata file. Otherwise, the Docker service fails to be restarted. + +## Impact of Forcibly Killing Docker Background Processes + +### Semaphores May Be Residual + +When the devicemapper is used as the graphdriver, forcible killing may cause residual semaphores. Docker creates semaphores when performing operations on devicemapper. If daemon is forcibly killed before the semaphores are released, the release may fail. A maximum of one semaphore can be leaked at a time, and the leakage probability is low. However, the Linux OS has an upper limit on semaphores. When the number of semaphore leakage times reaches the upper limit, new semaphores cannot be created. As a result, Docker daemon fails to be started. The troubleshooting method is as follows: + +1. Check the residual semaphores in the system. + + ``` + $ ipcs + ------ Message Queues -------- + key msqid owner perms used-bytes messages + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status + ------ Semaphore Arrays -------- + key semid owner perms nsems + 0x0d4d3358 238977024 root 600 1 + 0x0d4d0ec9 270172161 root 600 1 + 0x0d4dc02e 281640962 root 600 1 + ``` + +2. Run the **dmsetup** command to check semaphores created by devicemapper. The semaphore set is the subset of the system semaphores queried in the previous step. + + ``` + $ dmsetup udevcookies + ``` + +3. Check the upper limit of kernel semaphores. The fourth value is the upper limit of the current system semaphores. + + ``` + $ cat /proc/sys/kernel/sem + 250 32000 32 128 + ``` + + If the number of residual semaphores in step 1 is the same as the upper limit of semaphores in step 3, the number of residual semaphores reaches the upper limit. In this case, Docker daemon cannot be normally started. You can run the following command to increase the upper limit to restart Docker: + + ``` + $ echo 250 32000 32 1024 > /proc/sys/kernel/sem + ``` + + You can also run the following command to manually clear the residual devicemapper semaphores. The following describes how to clear the devicemapper semaphores applied one minute ago. + + ``` + $ dmsetup udevcomplete_all 1 + This operation will destroy all semaphores older than 1 minutes with keys that have a prefix 3405 (0xd4d). + Do you really want to continue? [y/n]: y + 0 semaphores with keys prefixed by 3405 (0xd4d) destroyed. 0 skipped. + ``` + + +### NICs May Be Residual + +When a container is started in bridge mode, forcibly killing may cause residual NICs. In bridge network mode, when Docker creates a container, a pair of veths are created on the host, and then the NIC information is saved to the database. If daemon is forcibly killed before the NIC information is saved to the database of Docker, the NIC cannot be associated with Docker and cannot be deleted during the next startup because Docker deletes unused NICs from its database. + +### Failed to Restart a Container + +If container hook takes a long time, and containerd is forcibly killed during container startup, the container start operation may fail. When containerd is forcibly killed during container startup, an error is returned for the Docker start operation. After containerd is restarted, the last startup may still be in the **runc create** execution phase \(executing the user-defined hook may take a long time\). If you run the **docker start** command again to start the container, the following error message may be displayed: + +``` +Error response from daemon: oci runtime error: container with id exists: xxxxxx +``` + +This error is caused by running **runc create** on an existing container \(or being created\). After the **runc create** operation corresponding to the first start operation is complete, the **docker start** command can be successfully executed. + +The execution of hook is not controlled by Docker. In this case, if the container is recycled, the containerd process may be suspended when an unknown hook program is executed. In addition, the risk is controllable \(although the creation of the current container is affected in a short period\). + +- After the first operation is complete, the container can be successfully started again. +- Generally, a new container is created after the container fails to be started. The container that fails to be started cannot be reused. + +In conclusion, this problem has a constraint on scenarios. + +### Failed to Restart the Docker Service + +The Docker service cannot be restarted properly due to frequent startup in a short period The Docker system service is monitored by systemd. If the Docker service is restarted for more than five times within 10s, the systemd service detects the abnormal startup. Therefore, the Docker service is disabled. Docker can respond to the restart command and be normally restarted only when the next period of 10s starts. + +## Impact of System Power-off + +When a system is unexpectedly powered off or system panic occurs, Docker daemon status may not be updated to the disk in time. As a result, Docker daemon is abnormal after the system is restarted. The possible problems include but are not limited to the following: + +- A container is created before the power-off. After the restart, the container is not displayed when the **docker ps –a** command is run, as the file status of the container is not updated to the disk. As a result, daemon cannot obtain the container status after the restart. +- Before the system power-off, a file is being written. After daemon is restarted, the file format is incorrect or the file content is incomplete. As a result, loading fails. +- As Docker database \(DB\) will be damaged during power-off, all DB files in **data-root** will be deleted during node restart. Therefore, the following information created before the restart will be deleted after the restart: + - Network: Resources created through Docker network will be deleted after the node is restarted. + - Volume: Resources created through Docker volume will be deleted after the node is restarted. + - Cache construction: The cache construction information will be deleted after the node is restarted. + - Metadata stored in containerd: Metadata stored in containerd will be recreated when a container is started. Therefore, the metadata stored in containerd will be deleted when the node is restarted. + + >![](./public_sys-resources/icon-note.gif) **NOTE:** + >If you want to manually clear data and restore the environment, you can set the environment variable **DISABLE\_CRASH\_FILES\_DELETE** to **true** to disable the function of clearing DB files when the daemon process is restarted due to power-off. + + + diff --git a/docs/en/docs/Container/installation-configuration.md b/docs/en/docs/Container/installation-configuration.md index 50f0d97008c28b7b1441fae52af44bc0ff695998..a8a5351ecc3eb15ecff53f070cb1c50f8730544d 100644 --- a/docs/en/docs/Container/installation-configuration.md +++ b/docs/en/docs/Container/installation-configuration.md @@ -1,17 +1,12 @@ -# Installation and Configuration +# Installation and Configuration +This section describes how to install, configure, upgrade, and uninstall iSulad. +>![](./public_sys-resources/icon-note.gif) **Note:** +> You need root permissions to install, upgrade, or uninstall iSulad. - [Installation and Configuration](./installation-configuration) - [Installation Methods](#installation-methods) - [Deployment Configuration](#deployment-configuration) - - [Configuration Mode](#configuration-mode) - - [Storage Description](#storage-description) - - [Constraints](#constraints) - - [Daemon Multi-Port Binding](#daemon-multi-port-binding) - - [Configuring TLS Authentication and Enabling Remote Access](#configuring-tls-authentication-and-enabling-remote-access) - - [devicemapper Storage Driver Configuration](#devicemapper-storage-driver-configuration) - - ## Installation Methods @@ -19,88 +14,92 @@ iSulad can be installed by running the **yum** or **rpm** command. The **yu This section describes two installation methods. -- \(Recommended\) Run the following command to install iSulad: +- \(Recommended\) Run the following command to install iSulad: + ```bash + sudo yum install -y iSulad ``` - $ sudo yum install -y iSulad - ``` - -- If the **rpm** command is used to install iSulad, you need to download and manually install the RMP packages of iSulad and all its dependencies. To install the RPM package of a single iSulad \(the same for installing dependency packages\), run the following command: +- If the **rpm** command is used to install iSulad, you need to download and manually install the RMP packages of iSulad and all its dependencies. To install the RPM package of a single iSulad \(the same for installing dependency packages\), run the following command: + ```bash + # sudo rpm -ihv iSulad-xx.xx.xx-xx.xxx.aarch64.rpm ``` - $ sudo rpm -ihv iSulad-xx.xx.xx-YYYYmmdd.HHMMSS.gitxxxxxxxx.aarch64.rpm - ``` - ## Deployment Configuration +After iSulad is installed, you can perform related configurations as required. + ### Configuration Mode The iSulad server daemon **isulad** can be configured with a configuration file or by running the **isulad --xxx** command. The priority in descending order is as follows: CLI \> configuration file \> default configuration in code. ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If systemd is used to manage the iSulad process, modify the **OPTIONS** field in the **/etc/sysconfig/iSulad** file, which functions the same as using the CLI. -- **CLI** +- **CLI** During service startup, configure iSulad using the CLI. To view the configuration options, run the following command: - ``` - $ isulad --help + ```bash + # isulad --help + isulad + lightweight container runtime daemon Usage: isulad [global options] GLOBAL OPTIONS: - --authorization-plugin Use authorization plugin - --cgroup-parent Set parent cgroup for all containers - --cni-bin-dir The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin - --cni-conf-dir The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d - --default-ulimit Default ulimits for containers (default []) - -e, --engine Select backend engine - -g, --graph Root directory of the iSulad runtime - -G, --group Group for the unix socket(default is isulad) - --help Show help - --hook-spec Default hook spec file applied to all containers - -H, --host The socket name used to create gRPC server - --image-layer-check Check layer intergrity when needed - --image-opt-timeout Max timeout(default 5m) for image operation - --insecure-registry Disable TLS verification for the given registry - --insecure-skip-verify-enforce Force to skip the insecure verify(default false) - --log-driver Set daemon log driver, such as: file - -l, --log-level Set log level, the levels can be: FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE - --log-opt Set daemon log driver options, such as: log-path=/tmp/logs/ to set directory where to store daemon logs - --native.umask Default file mode creation mask (umask) for containers - --network-plugin Set network plugin, default is null, suppport null and cni - -p, --pidfile Save pid into this file - --pod-sandbox-image The image whose network/ipc namespaces containers in each pod will use. (default "rnd-dockerhub.huawei.com/library/pause-${machine}:3.0") - --registry-mirrors Registry to be prepended when pulling unqualified images, can be specified multiple times - --start-timeout timeout duration for waiting on a container to start before it is killed - -S, --state Root directory for execution state files - --storage-driver Storage driver to use(default overlay2) - -s, --storage-opt Storage driver options - --tls Use TLS; implied by --tlsverify - --tlscacert Trust certs signed only by this CA (default "/root/.iSulad/ca.pem") - --tlscert Path to TLS certificate file (default "/root/.iSulad/cert.pem") - --tlskey Path to TLS key file (default "/root/.iSulad/key.pem") - --tlsverify Use TLS and verify the remote - --use-decrypted-key Use decrypted private key by default(default true) - -V, --version Print the version - --websocket-server-listening-port CRI websocket streaming service listening port (default 10350) - ``` - - Example: Start iSulad and change the log level to DEBUG. - - ``` - $ isulad -l DEBUG - ``` - - -- **Configuration file** - - The iSulad configuration file is **/etc/isulad/daemon.json**. The parameters in the file are described as follows: + --authorization-plugin Use authorization plugin + --cgroup-parent Set parent cgroup for all containers + --cni-bin-dir The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin + --cni-conf-dir The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d + --container-log-driver Set default container log driver, such as: json-file + --container-log-opts Set default container log driver options, such as: max-file=7 to set max number of container log files + --default-ulimit Default ulimits for containers (default []) + -e, --engine Select backend engine + -g, --graph Root directory of the iSulad runtime + -G, --group Group for the unix socket(default is isulad) + --help Show help + --hook-spec Default hook spec file applied to all containers + -H, --host The socket name used to create gRPC server + --image-layer-check Check layer intergrity when needed + --insecure-registry Disable TLS verification for the given registry + --insecure-skip-verify-enforce Force to skip the insecure verify(default false) + --log-driver Set daemon log driver, such as: file + -l, --log-level Set log level, the levels can be: FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE + --log-opt Set daemon log driver options, such as: log-path=/tmp/logs/ to set directory where to store daemon logs + --native.umask Default file mode creation mask (umask) for containers + --network-plugin Set network plugin, default is null, suppport null and cni + -p, --pidfile Save pid into this file + --pod-sandbox-image The image whose network/ipc namespaces containers in each pod will use. (default "pause-${machine}:3.0") + --registry-mirrors Registry to be prepended when pulling unqualified images, can be specified multiple times + --selinux-enabled Enable selinux support + --start-timeout timeout duration for waiting on a container to start before it is killed + -S, --state Root directory for execution state files + --storage-driver Storage driver to use(default overlay2) + -s, --storage-opt Storage driver options + --tls Use TLS; implied by --tlsverify + --tlscacert Trust certs signed only by this CA (default "/root/.iSulad/ca.pem") + --tlscert Path to TLS certificate file (default "/root/.iSulad/cert.pem") + --tlskey Path to TLS key file (default "/root/.iSulad/key.pem") + --tlsverify Use TLS and verify the remote + --use-decrypted-key Use decrypted private key by default(default true) + --userns-remap User/Group setting for user namespaces + -V, --version Print the version + --websocket-server-listening-port CRI websocket streaming service listening port (default 10350) + ``` + + Example: Start iSulad and change the log level to **DEBUG**. + + ```bash + # isulad -l DEBUG + ``` + +- **Configuration file** + + The iSulad configuration files are **/etc/isulad/daemon.json** and **/etc/isulad/daemon_constants.json**. The parameters in the files are described as follows. - @@ -181,6 +180,17 @@ The iSulad server daemon **isulad** can be configured with a configuration fil + + + + + - @@ -213,7 +223,7 @@ The iSulad server daemon **isulad** can be configured with a configuration fil - - - - - - + + + + +

Parameter

@@ -124,7 +123,7 @@ The iSulad server daemon **isulad** can be configured with a configuration fil

-G, --group

"group": "isulad"

+

"group": "isula"

Socket group.

You can specify max-file, max-size, and log-path. max-file indicates the number of log files. max-size indicates the threshold for triggering log anti-explosion. If max-file is 1, max-size is invalid. log-path specifies the path for storing log files. The log-file-mode command is used to set the permissions to read and write log files. The value must be in octal format, for example, 0666.

--container-log-driver

+

"container-log": {

+

"driver": "json-file"

+

}

+

Default driver for serial port logs of the container.

+

Specify the default driver for serial port logs of all containers.

+

--start-timeout

"start-timeout": "2m"

@@ -190,7 +200,7 @@ The iSulad server daemon **isulad** can be configured with a configuration fil

None

--runtime

+

None

"default-runtime": "lcr"

When starting a container, set this parameter to specify multiple runtimes. Runtimes in this set are valid for container startup.

Runtime whitelist of a container. The customized runtimes in this set are valid. kata-runtime is used as the example.

+

Runtime allowlist of a container. The customized runtimes in this set are valid. kata-runtime is used as the example.

-p, --pidfile

@@ -260,15 +270,6 @@ The iSulad server daemon **isulad** can be configured with a configuration fil overlay2.basesize=${size} #It is equivalent to overlay2.size.

--image-opt-timeout

-

"image-opt-timeout": "5m"

-

Image operation timeout interval, which is 5m by default.

-

The value -1 indicates that the timeout interval is not limited.

-

--registry-mirrors

"registry-mirrors": [ "docker.io" ]

@@ -439,15 +440,63 @@ The iSulad server daemon **isulad** can be configured with a configuration fil

If the client specifies --websocket-server-listening-port, the specified value is used. The port number ranges from 1024 to 49151.

None

+

"cri-runtimes": {

+

"kata": "io.containerd.kata.v2"

+

}

+

Specifies the mapping of custom CRI runtimes.

+

iSulad can convert RuntimeClass to the corresponding runtime through the custom CRI runtime mapping.

+
- Example: + Configuration file **/etc/isulad/daemon_constants.json** - ``` + + + + + + + + + + + + + + + + + + +

Parameter

+

Configuration Example

+

Description

+

Remarks

+

Not supported

+

"default-host": "docker.io"

+

If an image name is prefixed with the image repository name, the image repository name will be removed when the image name is saved and displayed.

+

Generally, this parameter does not need to be modified.

+

Not supported

+

"registry-transformation": {

+

"docker.io": "registry-1.docker.io",

+

"index.docker.io": "registry-1.docker.io"

+

}

+

"key":"value" pair. The image is pulled from the repository specified by "key":"value".

+

Generally, this parameter does not need to be modified.

+
+ + Example: + + ```bash $ cat /etc/isulad/daemon.json { - "group": "isulad", + "group": "isula", "default-runtime": "lcr", "graph": "/var/lib/isulad", "state": "/var/run/isulad", @@ -474,21 +523,32 @@ The iSulad server daemon **isulad** can be configured with a configuration fil "rnd-dockerhub.huawei.com" ], "pod-sandbox-image": "", - "image-opt-timeout": "5m", "native.umask": "secure", "network-plugin": "", "cni-bin-dir": "", "cni-conf-dir": "", "image-layer-check": false, "use-decrypted-key": true, - "insecure-skip-verify-enforce": false + "insecure-skip-verify-enforce": false, + "cri-runtime": { + "kata": "io.containerd.kata.v2" + } + } + + $ cat /etc/isulad/daemon_constants.json + { + "default-host": "docker.io", + "registry-transformation":{ + "docker.io": "registry-1.docker.io", + "index.docker.io": "registry-1.docker.io" + } } + ``` - >![](./public_sys-resources/icon-notice.gif) **NOTICE:** + >![](./public_sys-resources/icon-notice.gif) **NOTICE:** >The default configuration file **/etc/isulad/daemon.json** is for reference only. Configure it based on site requirements. - ### Storage Description @@ -549,13 +609,6 @@ The iSulad server daemon **isulad** can be configured with a configuration fil

Real-time communication cache file, which is created during iSulad running.

\*

-

/var/lib/lcr/

-

Temporary directory of the LCR component.

-

\*

/var/lib/isulad/

@@ -570,9 +623,9 @@ The iSulad server daemon **isulad** can be configured with a configuration fil ### Constraints -- In high concurrency scenarios \(200 containers are concurrently started\), the memory management mechanism of Glibc may cause memory holes and large virtual memory \(for example, 10 GB\). This problem is caused by the restriction of the Glibc memory management mechanism in the high concurrency scenario, but not by memory leakage. Therefore, the memory consumption does not increase infinitely. You can set **MALLOC\_ARENA\_MAX** to reducevirtual memory error and increase the rate of reducing physical memory. However, this environment variable will cause the iSulad concurrency performance to deteriorate. Set this environment variable based on the site requirements. +- In high concurrency scenarios \(200 containers are concurrently started\), the memory management mechanism of Glibc may cause memory holes and large virtual memory \(for example, 10 GB\). This problem is caused by the restriction of the Glibc memory management mechanism in the high concurrency scenario, but not by memory leakage. Therefore, the memory consumption does not increase infinitely. You can set **MALLOC\_ARENA\_MAX** to reducevirtual memory error and increase the rate of reducing physical memory. However, this environment variable will cause the iSulad concurrency performance to deteriorate. Set this environment variable based on the site requirements. - ``` + ```bash To balance performance and memory usage, set MALLOC_ARENA_MAX to 4. (The iSulad performance on the ARM64 server is affected by less than 10%.) Configuration method: @@ -580,40 +633,39 @@ The iSulad server daemon **isulad** can be configured with a configuration fil 2. If systemd manages iSulad, you can modify the /etc/sysconfig/iSulad file by adding MALLOC_ARENA_MAX=4. ``` -- Precautions for specifying the daemon running directories +- Precautions for specifying the daemon running directories Take **--root** as an example. When **/new/path/** is used as the daemon new root directory, if a file exists in **/new/path/** and the directory or file name conflicts with that required by iSulad \(for example, **engines** and **mnt**\), iSulad may update the original directory or file attributes including the owner and permission. Therefore, please note the impact of re-specifying various running directories and files on their attributes. You are advised to specify a new directory or file for iSulad to avoid file attribute changes and security issues caused by conflicts. -- Log file management: +- Log file management: - >![](./public_sys-resources/icon-notice.gif) **NOTICE:** + >![](./public_sys-resources/icon-notice.gif) **NOTICE:** >Log function interconnection: logs are managed by systemd as iSulad is and then transmitted to rsyslogd. By default, rsyslog restricts the log writing speed. You can add the configuration item **$imjournalRatelimitInterval 0** to the **/etc/rsyslog.conf** file and restart the rsyslogd service. -- Restrictions on command line parameter parsing +- Restrictions on command line parameter parsing When the iSulad command line interface is used, the parameter parsing mode is slightly different from that of Docker. For flags with parameters in the command line, regardless of whether a long or short flag is used, only the first space after the flag or the character string after the equal sign \(=\) directly connected to the flag is used as the flag parameter. The details are as follows: - 1. When a short flag is used, each character in the character string connected to the hyphen \(-\) is considered as a short flag. If there is an equal sign \(=\), the character string following the equal sign \(=\) is considered as the parameter of the short flag before the equal sign \(=\). + 1. When a short flag is used, each character in the character string connected to the hyphen \(-\) is considered as a short flag. If there is an equal sign \(=\), the character string following the equal sign \(=\) is considered as the parameter of the short flag before the equal sign \(=\). **isula run -du=root busybox** is equivalent to **isula run -du root busybox**, **isula run -d -u=root busybox**, or **isula run -d -u root busybox**. When **isula run -du:root** is used, as **-:** is not a valid short flag, an error is reported. The preceding command is equivalent to **isula run -ud root busybox**. However, this method is not recommended because it may cause semantic problems. - 1. When a long flag is used, the character string connected to **--** is regarded as a long flag. If the character string contains an equal sign \(=\), the character string before the equal sign \(=\) is a long flag, and the character string after the equal sign \(=\) is a parameter. + 2. When a long flag is used, the character string connected to **--** is regarded as a long flag. If the character string contains an equal sign \(=\), the character string before the equal sign \(=\) is a long flag, and the character string after the equal sign \(=\) is a parameter. - ``` + ```bash isula run --user=root busybox ``` or - ``` + ```bash isula run --user root busybox ``` - -- After an iSulad container is started, you cannot run the **isula run -i/-t/-ti** and **isula attach/exec** commands as a non-root user. -- When iSulad connects to an OCI container, only kata-runtime can be used to start the OCI container. +- After an iSulad container is started, you cannot run the **isula run -i/-t/-ti** and **isula attach/exec** commands as a non-root user. +- The default path for storing temporary files of iSulad is **/var/lib/isulad/isulad_tmpdir**. If the root directory of iSulad is changed, the path is **\$isulad_root/isulad_tmpdir**. To change the directory for storing temporary files of iSulad, you can configure the **ISULAD_TMPDIR** environment variable before starting iSulad. The **ISULAD_TMPDIR** environment variable is checked during the iSulad startup. If the **ISULAD_TMPDIR** environment variable is configured, the **\$ISULAD_TMPDIR/isulad_tmpdir** directory is used as the path for storing temporary files. Do not store files or folders named **isulad_tmpdir** in **\$ISULAD_TMPDIR** because iSulad recursively deletes the **\$ISULAD_TMPDIR/isulad_tmpdir** directory when it is started to prevent residual data. In addition, ensure that only the **root** user can access the **\$ISULAD_TMPDIR** directory to prevent security problems caused by operations of other users. ### Daemon Multi-Port Binding @@ -625,7 +677,7 @@ The daemon can bind multiple UNIX sockets or TCP ports and listen on these ports Users can configure one or more ports in the hosts field in the **/etc/isulad/daemon.json** file, or choose not to specify hosts. -``` +```json { "hosts": [ "unix:///var/run/isulad.sock", @@ -637,7 +689,7 @@ Users can configure one or more ports in the hosts field in the **/etc/isulad/d Users can also run the **-H** or **--host** command in the **/etc/sysconfig/iSulad** file to configure a port, or choose not to specify hosts. -``` +```text OPTIONS='-H unix:///var/run/isulad.sock --host tcp://127.0.0.1:6789' ``` @@ -645,15 +697,15 @@ If hosts are not specified in the **daemon.json** file and iSulad, the daemon #### Restrictions -- Users cannot specify hosts in the **/etc/isulad/daemon.json** and **/etc/sysconfig/iSuald** files at the same time. Otherwise, an error will occur and iSulad cannot be started. +- Users cannot specify hosts in the **/etc/isulad/daemon.json** and **/etc/sysconfig/iSuald** files at the same time. Otherwise, an error will occur and iSulad cannot be started. - ``` + ```bash unable to configure the isulad with file /etc/isulad/daemon.json: the following directives are specified both as a flag and in the configuration file: hosts: (from flag: [unix:///var/run/isulad.sock tcp://127.0.0.1:6789], from file: [unix:///var/run/isulad.sock tcp://localhost:5678 tcp://127.0.0.1:6789]) ``` -- If the specified host is a UNIX socket, the socket must start with **unix://** followed by a valid absolute path. -- If the specified host is a TCP port, the TCP port number must start with **tcp://** followed by a valid IP address and port number. The IP address can be that of the local host. -- A maximum of 10 valid ports can be specified. If more than 10 ports are specified, an error will occur and iSulad cannot be started. +- If the specified host is a UNIX socket, the socket must start with **unix://** followed by a valid absolute path. +- If the specified host is a TCP port, the TCP port number must start with **tcp://** followed by a valid IP address and port number. The IP address can be that of the local host. +- A maximum of 10 valid ports can be specified. If more than 10 ports are specified, an error will occur and iSulad cannot be started. ### Configuring TLS Authentication and Enabling Remote Access @@ -663,9 +715,9 @@ iSulad is designed in C/S mode. By default, the iSulad daemon process listens on #### Generating TLS Certificate -- Example of generating a plaintext private key and certificate +- Example of generating a plaintext private key and certificate - ``` + ```bash #!/bin/bash set -e echo -n "Enter pass phrase:" @@ -706,10 +758,9 @@ iSulad is designed in C/S mode. By default, the iSulad daemon process listens on chmod -v 0444 ca.pem server-cert.pem cert.pem ``` +- Example of generating an encrypted private key and certificate request file -- Example of generating an encrypted private key and certificate request file - - ``` + ```bash #!/bin/bash echo -n "Enter public network ip:" @@ -751,17 +802,16 @@ iSulad is designed in C/S mode. By default, the iSulad daemon process listens on rm -f ca-key.pem ca.srl client.csr extfile.cnf server.csr ``` - #### APIs -``` +```json { "tls": true, "tls-verify": true, "tls-config": { - "CAFile": "/root/.iSulad/ca.pem", - "CertFile": "/root/.iSulad/server-cert.pem", - "KeyFile":"/root/.iSulad/server-key.pem" + "CAFile": "/root/.iSulad/ca.pem", + "CertFile": "/root/.iSulad/server-cert.pem", + "KeyFile":"/root/.iSulad/server-key.pem" } } ``` @@ -770,35 +820,36 @@ iSulad is designed in C/S mode. By default, the iSulad daemon process listens on The server supports the following modes: -- Mode 1 \(client verified\): tlsverify, tlscacert, tlscert, tlskey -- Mode 2 \(client not verified\): tls, tlscert, tlskey +- Mode 1 \(client verified\): tlsverify, tlscacert, tlscert, tlskey +- Mode 2 \(client not verified\): tls, tlscert, tlskey The client supports the following modes: -- Mode 1 \(verify the identity based on the client certificate, and verify the server based on the specified CA\): tlsverify, tlscacert, tlscert, tlskey -- Mode 2 \(server verified\): tlsverify, tlscacert +- Mode 1 \(verify the identity based on the client certificate, and verify the server based on the specified CA\): tlsverify, tlscacert, tlscert, tlskey +- Mode 2 \(server verified\): tlsverify, tlscacert Mode 1 is used for the server, and mode 2 for the client if the two-way authentication mode is used for communication. Mode 2 is used for the server and the client if the unidirectional authentication mode is used for communication. ->![](./public_sys-resources/icon-notice.gif) **NOTICE:** ->- If RPM is used for installation, the server configuration can be modified in the **/etc/isulad/daemon.json** and **/etc/sysconfig/iSulad** files. ->- Two-way authentification is recommended as it is more secure than non-authentication or unidirectional authentication. ->- GRPC open-source component logs are not taken over by iSulad. To view gRPC logs, set the environment variables **gRPC\_VERBOSITY** and **gRPC\_TRACE** as required. ->   +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** +> +>- If RPM is used for installation, the server configuration can be modified in the **/etc/isulad/daemon.json** and **/etc/sysconfig/iSulad** files. +>- Two-way authentification is recommended as it is more secure than non-authentication or unidirectional authentication. +>- GRPC open-source component logs are not taken over by iSulad. To view gRPC logs, set the environment variables **gRPC\_VERBOSITY** and **gRPC\_TRACE** as required. +> #### Example On the server: -``` +```bash isulad -H=tcp://0.0.0.0:2376 --tlsverify --tlscacert ~/.iSulad/ca.pem --tlscert ~/.iSulad/server-cert.pem --tlskey ~/.iSulad/server-key.pem ``` On the client: -``` +```bash isula version -H=tcp://$HOSTIP:2376 --tlsverify --tlscacert ~/.iSulad/ca.pem --tlscert ~/.iSulad/cert.pem --tlskey ~/.iSulad/key.pem ``` @@ -808,90 +859,86 @@ To use the devicemapper storage driver, you need to configure a thinpool device 1. Configuring a thinpool -1. Stop the iSulad service. + 1. Stop the iSulad service. - ``` - # systemctl stop isulad - ``` + ```bash + # systemctl stop isulad + ``` -2. Create a logical volume manager \(LVM\) volume based on the block device. + 2. Create a logical volume manager \(LVM\) volume based on the block device. - ``` - # pvcreate /dev/xvdf - ``` + ```bash + # pvcreate /dev/xvdf + ``` -3. Create a volume group based on the created physical volume. + 3. Create a volume group based on the created physical volume. - ``` - # vgcreate isula /dev/xvdf - Volume group "isula" successfully created: - ``` + ```bash + # vgcreate isula /dev/xvdf + Volume group "isula" successfully created: + ``` -4. Create two logical volumes named **thinpool** and **thinpoolmeta**. + 4. Create two logical volumes named **thinpool** and **thinpoolmeta**. - ``` - # lvcreate --wipesignatures y -n thinpool isula -l 95%VG - Logical volume "thinpool" created. - ``` + ```bash + # lvcreate --wipesignatures y -n thinpool isula -l 95%VG + Logical volume "thinpool" created. + ``` - ``` - # lvcreate --wipesignatures y -n thinpoolmeta isula -l 1%VG - Logical volume "thinpoolmeta" created. - ``` + ```bash + # lvcreate --wipesignatures y -n thinpoolmeta isula -l 1%VG + Logical volume "thinpoolmeta" created. + ``` -5. Convert the two logical volumes into a thinpool and the metadata used by the thinpool. + 5. Convert the two logical volumes into a thinpool and the metadata used by the thinpool. - ``` - # lvconvert -y --zero n -c 512K --thinpool isula/thinpool --poolmetadata isula/thinpoolmeta - - WARNING: Converting logical volume isula/thinpool and isula/thinpoolmeta to - thin pool's data and metadata volumes with metadata wiping. - THIS WILL DESTROY CONTENT OF LOGICAL VOLUME (filesystem etc.) - Converted isula/thinpool to thin pool. - ``` - - -   + ```bash + # lvconvert -y --zero n -c 512K --thinpool isula/thinpool --poolmetadata isula/thinpoolmeta + + WARNING: Converting logical volume isula/thinpool and isula/thinpoolmeta to + thin pool's data and metadata volumes with metadata wiping. + THIS WILL DESTROY CONTENT OF LOGICAL VOLUME (filesystem etc.) + Converted isula/thinpool to thin pool. + ``` 2. Modifying the iSulad configuration files -1. If iSulad has been used in the environment, back up the running data first. + 1. If iSulad has been used in the environment, back up the running data first. - ``` - # mkdir /var/lib/isulad.bk - # mv /var/lib/isulad/* /var/lib/isulad.bk - ``` + ```bash + # mkdir /var/lib/isulad.bk + # mv /var/lib/isulad/* /var/lib/isulad.bk + ``` -2. Modify configuration files. + 2. Modify configuration files. - Two configuration methods are provided. Select one based on site requirements. + Two configuration methods are provided. Select one based on site requirements. - - Edit the **/etc/isulad/daemon.json** file, set **storage-driver** to **devicemapper**, and set parameters related to the **storage-opts** field. For details about related parameters, see [Parameter Description](#en-us_topic_0222861454_section1712923715282). The following lists the configuration reference: + - Edit the **/etc/isulad/daemon.json** file, set **storage-driver** to **devicemapper**, and set parameters related to the **storage-opts** field. For details about related parameters, see [Parameter Description](#parameter-description). The following lists the configuration reference: - ``` - { - "storage-driver": "devicemapper" - "storage-opts": [ - "dm.thinpooldev=/dev/mapper/isula-thinpool", - "dm.fs=ext4", - "dm.min_free_space=10%" - ] - } - ``` + ```json + { + "storage-driver": "devicemapper" + "storage-opts": [ + "dm.thinpooldev=/dev/mapper/isula-thinpool", + "dm.fs=ext4", + "dm.min_free_space=10%" + ] + } + ``` - - You can also edit **/etc/sysconfig/iSulad** to explicitly specify related iSulad startup parameters. For details about related parameters, see [Parameter Description](#en-us_topic_0222861454_section1712923715282). The following lists the configuration reference: + - You can also edit **/etc/sysconfig/iSulad** to explicitly specify related iSulad startup parameters. For details about related parameters, see [Parameter Description](#parameter-description). The following lists the configuration reference: - ``` - OPTIONS="--storage-driver=devicemapper --storage-opt dm.thinpooldev=/dev/mapper/isula-thinpool --storage-opt dm.fs=ext4 --storage-opt dm.min_free_space=10%" - ``` + ```text + OPTIONS="--storage-driver=devicemapper --storage-opt dm.thinpooldev=/dev/mapper/isula-thinpool --storage-opt dm.fs=ext4 --storage-opt dm.min_free_space=10%" + ``` -3. Start iSulad for the settings to take effect. +3. Start iSulad for the settings to take effect. - ``` + ```bash # systemctl start isulad ``` - #### Parameter Description For details about parameters supported by storage-opts, see [Table 1](#en-us_topic_0222861454_table3191161993812). @@ -925,7 +972,7 @@ For details about parameters supported by storage-opts, see [Table 1](#en-us_to

No

Specifies the additional mkfs parameters when a basic device is created. For example: dm.mkfsarg=-O ^has_journal

+

Specifies the additional mkfs parameters when a basic device is created. For example: dm.mkfsarg=-b 1024

dm.mountopt

@@ -954,24 +1001,23 @@ For details about parameters supported by storage-opts, see [Table 1](#en-us_to #### Precautions -- When configuring devicemapper, if the system does not have sufficient space for automatic capacity expansion of thinpool, disable the automatic capacity expansion function. +- When configuring devicemapper, if the system does not have sufficient space for automatic capacity expansion of thinpool, disable the automatic capacity expansion function. To disable automatic capacity expansion, set both **thin\_pool\_autoextend\_threshold** and **thin\_pool\_autoextend\_percent** in the **/etc/lvm/profile/isula-thinpool.profile** file to **100**. - ``` + ```text activation { thin_pool_autoextend_threshold=100 thin_pool_autoextend_percent=100 } ``` -- When devicemapper is used, use Ext4 as the container file system. You need to add **--storage-opt dm.fs=ext4** to the iSulad configuration parameters. -- If graphdriver is devicemapper and the metadata files are damaged and cannot be restored, you need to manually restore the metadata files. Do not directly operate or tamper with metadata of the devicemapper storage driver in Docker daemon. -- When the devicemapper LVM is used, if the devicemapper thinpool is damaged due to abnormal power-off, you cannot ensure the data integrity or whether the damaged thinpool can be restored. Therefore, you need to rebuild the thinpool. - -**Precautions for Switching the devicemapper Storage Pool When the User Namespace Feature Is Enabled on iSula** +- When devicemapper is used, use Ext4 as the container file system. You need to add **--storage-opt dm.fs=ext4** to the iSulad configuration parameters. +- If graphdriver is devicemapper and the metadata files are damaged and cannot be restored, you need to manually restore the metadata files. Do not directly operate or tamper with metadata of the devicemapper storage driver in Docker daemon. +- When the devicemapper LVM is used, if the devicemapper thinpool is damaged due to abnormal power-off, you cannot ensure the data integrity or whether the damaged thinpool can be restored. Therefore, you need to rebuild the thinpool. -- Generally, the path of the deviceset-metadata file is **/var/lib/isulad/devicemapper/metadata/deviceset-metadata** during container startup. -- If user namespaces are used, the path of the deviceset-metadata file is **/var/lib/isulad/**_userNSUID.GID_**/devicemapper/metadata/deviceset-metadata**. -- When you use the devicemapper storage driver and the container is switched between the user namespace scenario and common scenario, the **BaseDeviceUUID** content in the corresponding deviceset-metadata file needs to be cleared. In the thinpool capacity expansion or rebuild scenario, you also need to clear the **BaseDeviceUUID** content in the deviceset-metadata file. Otherwise, the iSulad service fails to be restarted. +##### Precautions for Switching the devicemapper Storage Pool When the User Namespace Feature Is Enabled on iSula +- Generally, the path of the deviceset-metadata file is **/var/lib/isulad/devicemapper/metadata/deviceset-metadata** during container startup. +- If user namespaces are used, the path of the deviceset-metadata file is **/var/lib/isulad/**_userNSUID.GID_**/devicemapper/metadata/deviceset-metadata**. +- When you use the devicemapper storage driver and the container is switched between the user namespace scenario and common scenario, the **BaseDeviceUUID** content in the corresponding deviceset-metadata file needs to be cleared. In the thinpool capacity expansion or rebuild scenario, you also need to clear the **BaseDeviceUUID** content in the deviceset-metadata file. Otherwise, the iSulad service fails to be restarted. diff --git a/docs/en/docs/Container/installation-guideline.md b/docs/en/docs/Container/installation-guideline.md index 738f8861408c2709f8d3250cd2228a9cc584e4f3..0a602c4c96f98e08d7a6da421fc53fc09dbb8b7e 100644 --- a/docs/en/docs/Container/installation-guideline.md +++ b/docs/en/docs/Container/installation-guideline.md @@ -1,28 +1,36 @@ # Installation Guideline -1. Install the container engine iSulad. +1. Install the container engine iSulad. - ``` - # yum install iSulad + ```shell + yum install iSulad ``` -2. Install dependent packages of system containers. +2. Install dependent packages of system containers. - ``` - # yum install isulad-tools authz isulad-lxcfs-toolkit lxcfs + ```shell + yum install isulad-tools authz isulad-lxcfs-toolkit lxcfs ``` -3. Run the following command to check whether iSulad is started: +3. Enable the lxcfs and authz services. - ``` - # systemctl status isulad + ```shell + systemctl start lxcfs + systemctl start authz ``` -4. Enable the lxcfs and authz services. +4. Check whether iSulad, lxcfs, and authz are started. - ``` - # systemctl start lxcfs - # systemctl start authz + ```shell + systemctl status isulad + systemctl status lxcfs + systemctl status authz ``` +5. If you need iSulad, lxcfs, and authz to start upon system startup, run the following commands: + ```shell + systemctl enable isulad + systemctl enable lxcfs + systemctl enable authz + ``` diff --git a/docs/en/docs/Container/interconnection-with-the-cni-network.md b/docs/en/docs/Container/interconnection-with-the-cni-network.md index ea181545190975bf2c889636a7975a51db940254..1f70c45caf62ad6c501be34dabc04dd47babd404 100644 --- a/docs/en/docs/Container/interconnection-with-the-cni-network.md +++ b/docs/en/docs/Container/interconnection-with-the-cni-network.md @@ -1,14 +1,13 @@ # Interconnection with the CNI Network - [Interconnection with the CNI Network](#interconnection-with-the-cni-network) - - [Overview](#overview-0) + - [Overview](#overview) - [Common CNIs](#common-cnis) - [CNI Network Configuration Description](#cni-network-configuration-description) - [Adding a Pod to the CNI Network List](#adding-a-pod-to-the-cni-network-list) - [Removing a Pod from the CNI Network List](#removing-a-pod-from-the-cni-network-list) - [Usage Restrictions](#usage-restrictions) - ## Overview The container runtime interface \(CRI\) is provided to connect to the CNI network, including parsing the CNI network configuration file and adding or removing a pod to or from the CNI network. When a pod needs to support a network through a container network plug-in such as Canal, the CRI needs to be interconnected to Canal so as to provide the network capability for the pod. @@ -17,8 +16,8 @@ The container runtime interface \(CRI\) is provided to connect to the CNI networ Common CNIs include CNI network configuration items in the CNI network configuration and pod configuration. These CNIs are visible to users. -- CNI network configuration items in the CNI network configuration refer to those used to specify the path of the CNI network configuration file, path of the binary file of the CNI network plug-in, and network mode. For details, see [Table 1](#en-us_topic_0183259146_table18221919589). -- CNI network configuration items in the pod configuration refer to those used to set the additional CNI network list to which the pod is added. By default, the pod is added only to the default CNI network plane. You can add the pod to multiple CNI network planes as required. +- CNI network configuration items in the CNI network configuration refer to those used to specify the path of the CNI network configuration file, path of the binary file of the CNI network plug-in, and network mode. For details, see [Table 1](#en-us_topic_0183259146_table18221919589). +- CNI network configuration items in the pod configuration refer to those used to set the additional CNI network list to which the pod is added. By default, the pod is added only to the default CNI network plane. You can add the pod to multiple CNI network planes as required. **Table 1** CNI network configuration items @@ -69,26 +68,23 @@ Add the network plane configuration item "network.alpha.kubernetes.io/network" t The network plane is configured in JSON format, including: -- **name**: specifies the name of the CNI network plane. -- **interface**: specifies the name of a network interface. +- **name**: specifies the name of the CNI network plane. +- **interface**: specifies the name of a network interface. The following is an example of the CNI network configuration method: -``` +```json "annotations" : { "network.alpha.kubernetes.io/network": "{\"name\": \"mynet\", \"interface\": \"eth1\"}" } ``` -   - - ### CNI Network Configuration Description The CNI network configuration includes two types, both of which are in the .json file format. -- Single-network plane configuration file with the file name extension .conf or .json. For details about the configuration items, see [Table 1](#cni-parameters.md#en-us_topic_0184347952_table425023335913) in the appendix. -- Multi-network plane configuration file with the file name extension .conflist. For details about the configuration items, see [Table 3](#cni-parameters.md#en-us_topic_0184347952_table657910563105) in the appendix. +- Single-network plane configuration file with the file name extension .conf or .json. For details about the configuration items, see [Table 1](#cni-parameters.md#en-us_topic_0184347952_table425023335913) in the appendix. +- Multi-network plane configuration file with the file name extension .conflist. For details about the configuration items, see [Table 3](#cni-parameters.md#en-us_topic_0184347952_table657910563105) in the appendix. ### Adding a Pod to the CNI Network List @@ -96,7 +92,7 @@ If **--network-plugin=cni** is configured for iSulad and the default network p **port\_mappings** in the pod configuration is also a network configuration item, which is used to set the port mapping of the pod. To set port mapping, perform the following steps: -``` +```json "port_mappings":[ { "protocol": 1, @@ -106,22 +102,22 @@ If **--network-plugin=cni** is configured for iSulad and the default network p ] ``` -- **protocol**: protocol used for mapping. The value can be **tcp** \(identified by 0\) or **udp** \(identified by 1\). -- **container\_port**: port through which the container is mapped. -- **host\_port**: port mapped to the host. +- **protocol**: protocol used for mapping. The value can be **tcp** \(identified by 0\) or **udp** \(identified by 1\). +- **container\_port**: port through which the container is mapped. +- **host\_port**: port mapped to the host. ### Removing a Pod from the CNI Network List When StopPodSandbox is called, the interface for removing a pod from the CNI network list will be called to clear network resources. ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> >1. Before calling the RemovePodSandbox interface, you must call the StopPodSandbox interface at least once. ->2. If StopPodSandbox fails to call the CNI, residual network resources may exist. +>2. If StopPodSandbox fails to call the CNI, residual network resources will be cleaned by the CNI network plugin. ## Usage Restrictions -- Currently, only CNI 0.3.0 and CNI 0.3.1 are supported. In later versions, CNI 0.1.0 and CNI 0.2.0 may need to be supported. Therefore, when error logs are displayed, the information about CNI 0.1.0 and CNI 0.2.0 is reserved. -- name: The value must contain lowercase letters, digits, hyphens \(-\), and periods \(.\) and cannot be started or ended with a hyphen or period. The value can contain a maximum of 200 characters. -- The number of configuration files cannot exceed 200, and the size of a single configuration file cannot exceed 1 MB. -- The extended parameters need to be configured based on the actual network requirements. Optional parameters do not need to be written into the netconf.json file. - +- Currently, only CNI 0.3.0 and CNI 0.3.1 are supported. In later versions, CNI 0.1.0 and CNI 0.2.0 may need to be supported. Therefore, when error logs are displayed, the information about CNI 0.1.0 and CNI 0.2.0 is reserved. +- name: The value must contain lowercase letters, digits, hyphens \(-\), and periods \(.\) and cannot be started or ended with a hyphen or period. The value can contain a maximum of 200 characters. +- The number of configuration files cannot exceed 200, and the size of a single configuration file cannot exceed 1 MB. +- The extended parameters need to be configured based on the actual network requirements. Optional parameters do not need to be written into the netconf.json file. diff --git a/docs/en/docs/Container/isula-build.md b/docs/en/docs/Container/isula-build.md index bbfe5843234fcafec4dde19a389947556094f951..1f5ceb2e3cbe1cced340eb8a140730109ce46317 100644 --- a/docs/en/docs/Container/isula-build.md +++ b/docs/en/docs/Container/isula-build.md @@ -1,54 +1,20 @@ +# Container Image Building - - -* [Installation](#installation) - * [Preparations](#preparations) - * [Installing isula-build](#installing-isula-build) -* [Configuring and Managing the isula-build Service](#configuring-and-managing-the-isula-build-service) - * [Configuring the isula-build Service](#configuring-the-isula-build-service) - * [Managing the isula-build Service](#managing-the-isula-build-service) - * [(Recommended) Using systemd for Management](#recommended-using-systemd-for-management) - * [Directly Running isula-builder](#directly-running-isula-builder) -* [Usage Guidelines](#usage-guidelines) - * [Prerequisites](#prerequisites) - * [Overview](#overview) - * [ctr-img: Container Image Management](#ctr-img-container-image-management) - * [build: Container Image Build](#build-container-image-build) - * [image: Viewing Local Persistent Build Images](#image-viewing-local-persistent-build-images) - * [import: Importing a Basic Container Image](#import-importing-a-basic-container-image) - * [load: Importing Cascade Images](#load-importing-cascade-images) - * [rm: Deleting a Local Persistent Image](#rm-deleting-a-local-persistent-image) - * [save: Exporting Cascade Images](#save-exporting-cascade-images) - * [tag: Tagging Local Persistent Images](#tag-tagging-local-persistent-images) - * [info: Viewing the Operating Environment and System Information](#info-viewing-the-operating-environment-and-system-information) - * [login: Logging In to the Remote Image Repository](#login-logging-in-to-the-remote-image-repository) - * [logout: Logging Out of the Remote Image Repository](#logout-logging-out-of-the-remote-image-repository) - * [version: Querying the isula-build Version](#version-querying-the-isula-build-version) -* [Directly Integrating a Container Engine](#directly-integrating-a-container-engine) - * [Integration with iSulad](#integration-with-isulad) - * [Integration with Docker](#integration-with-docker) -* [Appendix](#span-idappendixappendix) - * [Command Line Parameters](#command-line-parameters) - * [Communication Matrix](#communication-matrix) - * [File and Permission](#file-and-permission) - - - - +## Overview isula-build is a container image build tool developed by the iSula container team. It allows you to quickly build container images using Dockerfiles. -The isula-build uses the server/client mode. The isula-build functions as a client and provides a group of command line tools for image build and management. The isula-builder functions as the server, processes client management requests, and functions as the daemon process in the background. - -![isula-build architecure](./figures/isula-build_arch.png) +The isula-build uses the server/client mode. The isula-build functions as a client and provides a group of command line tools for image build and management. The isula-builder functions as the server to process client management requests, and runs as a daemon process in the background. -Note: +![isula-build architecture](./figures/isula-build_arch.png) -- Currently, isula-build supports only Docker images. +>![](./public_sys-resources/icon-note.gif) **Note:** +> +> - Currently, isula-build supports OCI image format ([OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/main/spec.md/)) and Docker image format ([Image Manifest Version 2, Schema 2](https://docs.docker.com/registry/spec/manifest-v2-2/)). Use the `export ISULABUILD_CLI_EXPERIMENTAL=enabled` command to enable the experimental feature for supporting OCI image format. When the experimental feature is disabled, isula-build will take Docker image format as the default image format. Otherwise, isula-build will take OCI image format as the default image format. -# Installation +## Installation -## Preparations +### Preparations To ensure that isula-build can be successfully installed, the following software and hardware requirements must be met: @@ -56,94 +22,91 @@ To ensure that isula-build can be successfully installed, the following software - Supported OS: openEuler - You have the permissions of the root user. -### Installing isula-build +#### Installing isula-build Before using isula-build to build a container image, you need to install the following software packages: +##### (Recommended) Method 1: Using Yum - -**(Recommended) Method 1: Using YUM** - -1. Configure the openEuler yum source. +1. Configure the openEuler Yum source. 2. Log in to the target server as the root user and install isula-build. - ``` + ```shell sudo yum install -y isula-build ``` +##### Method 2: Using the RPM Package +1. Obtain an **isula-build-*.rpm** installation package from the openEuler Yum source, for example, **isula-build-0.9.5-6.oe1.x86_64.rpm**. -**Method 2: Using the RPM Package** - -1. Obtain the isula-build-*.rpm installation package from the openEuler yum source, for example, isula-build-0.9.3-1.oe1.x86_64.rpm. - -2. Upload the obtained RPM software package to any directory on the target server, for example, /home/. +2. Upload the obtained RPM software package to any directory on the target server, for example, **/home/**. 3. Log in to the target server as the root user and run the following command to install isula-build: - ``` + ```shell sudo rpm -ivh /home/isula-build-*.rpm ``` -> **Note:** -After the installation is complete, you need to manually start the isula-build service. For details about how to start the service, see "Managing the isula-build Service." +>![](./public_sys-resources/icon-note.gif) **Note:** +> +> - After the installation is complete, you need to manually start the isula-build service. For details about how to start the service, see [Managing the isula-build Service](#managing-the-isula-build-service). -# Configuring and Managing the isula-build Service +## Configuring and Managing the isula-build Service -## Configuring the isula-build Service +### Configuring the isula-build Service -After the isula-build software package is installed, the systemd starts the isula-build service based on the default configuration contained in the isula-build software package on the isula-build server. If the default configuration file on the isula-build server cannot meet your requirements, perform the following operations to customize the configuration file: After the default configuration is modified, restart the isula-build server for the new configuration to take effect. For details, see "Managing the isula-build Service." +After the isula-build software package is installed, the systemd starts the isula-build service based on the default configuration contained in the isula-build software package on the isula-build server. If the default configuration file on the isula-build server cannot meet your requirements, perform the following operations to customize the configuration file: After the default configuration is modified, restart the isula-build server for the new configuration to take effect. For details, see [Managing the isula-build Service](#managing-the-isula-build-service). Currently, the isula-build server contains the following configuration file: -- /etc/isula-build/configuration.toml: general isula-builder configuration file, which is used to set the isula-builder log level, persistency directory, runtime directory, and OCI runtime. Parameters in the configuration file are described as follows: +- **/etc/isula-build/configuration.toml**: general isula-builder configuration file, which is used to set the isula-builder log level, persistency directory, runtime directory, and OCI runtime. Parameters in the configuration file are described as follows: | Configuration Item | Mandatory or Optional | Description | Value | | --------- | -------- | --------------------------------- | ----------------------------------------------- | -| debug | Optional | Indicates whether to enable the debug log function. | true: Enable the debug log function. false: Disable the debug log function. | +| debug | Optional | Indicates whether to enable the debug log function. | **true**: Enables the debug log function. **false**: Disables the debug log function. | | loglevel | Optional | Sets the log level. | debug
info
warn
error | -| run_root | Mandatory | Sets the root directory of runtime data. | For example, /var/run/isula-build/ | -| data_root | Mandatory | Sets the local persistency directory. | For example, /var/lib/isula-build/ | -| runtime | Optional | Sets the runtime type. Currently, only runc is supported. | runc | - +| run_root | Mandatory | Sets the root directory of runtime data. | For example, **/var/run/isula-build/** | +| data_root | Mandatory | Sets the local persistency directory. | For example, **/var/lib/isula-build/** | +| runtime | Optional | Sets the runtime type. Currently, only **runc** is supported. | runc | +| group | Optional | Sets the owner group for the local socket file **isula_build.sock** so that non-privileged users in the group can use isula-build. | isula | +| experimental | Optional | Indicates whether to enable experimental features. | **true**: Enables experimental features. **false**: Disables experimental features. | -- /etc/isula-build/storage.toml: configuration file for local persistent storage, including the configuration of the storage driver in use. +- **/etc/isula-build/storage.toml**: configuration file for local persistent storage, including the configuration of the storage driver in use. | Configuration Item | Mandatory or Optional | Description | | ------ | -------- | ------------------------------ | -| driver | Optional | Storage driver type. Currently, overlay2 is supported. | +| driver | Optional | Storage driver type. Currently, **overlay2** is supported. | - For more settings, see [containers-storage.conf.5.md](https://github.com/containers/storage/blob/master/docs/containers-storage.conf.5.md). + For more settings, see [containers-storage.conf.5.md](https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md). - -- /etc/isula-build/registries.toml: configuration file for each image repository. +- **/etc/isula-build/registries.toml**: configuration file for each image repository. | Configuration Item | Mandatory or Optional | Description | | ------------------- | -------- | ------------------------------------------------------------ | | registries.search | Optional | Search domain of the image repository. Only listed image repositories can be found. | | registries.insecure | Optional | Accessible insecure image repositories. Listed image repositories cannot pass the authentication and are not recommended. | - For more settings, see [containers-registries.conf.5.md](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md). + For more settings, see [containers-registries.conf.5.md](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md). -- /etc/isula-build/policy.json: image pull/push policy file. Note: Currently, this parameter cannot be configured. +- **/etc/isula-build/policy.json**: image pull/push policy file. Note: Currently, this parameter cannot be configured. ->![](public_sys-resources/icon-note.gif) **Note:** +>![](./public_sys-resources/icon-note.gif) **Note:** > -> - isula-build supports the preceding configuration file with the maximum size of 1 MiB. +> - isula-build supports the preceding configuration file with the maximum size of 1 MB. > - The persistent working directory dataroot cannot be configured on the memory disk, for example, tmpfs. -> - Currently, only overlay2 can be used as the underlying graphdriver. - - +> - Currently, only overlay2 can be used as the underlying storage driver. +> - Before setting the `--group` option, ensure that the corresponding user group has been created on a local OS and non-privileged users have been added to the group. After isula-builder is restarted, non-privileged users in the group can use the isula-build function. In addition, to ensure permission consistency, the owner group of the isula-build configuration file directory **/etc/isula-build** is set to the group specified by `--group`. -## Managing the isula-build Service +### Managing the isula-build Service -Currently, openEuler uses systemd to manage the isula-build service. The isula-build software package contains the systemd service file. After installing the isula-build software package, you can use the systemd tool to start or stop the isula-build service. You can also manually start the isula-builder software. Note that only one isula-builder process can be started on a node at a time. +Currently, openEuler uses systemd to manage the isula-build service. The isula-build software package contains the systemd service files. After installing the isula-build software package, you can use the systemd tool to start or stop the isula-build service. You can also manually start the isula-builder software. Note that only one isula-builder process can be started on a node at a time. ->![](public_sys-resources/icon-note.gif) **Note:** -> Only one isula-builder process can be started on a node at a time. +>![](./public_sys-resources/icon-note.gif) **Note:** +> +> - Only one isula-builder process can be started on a node at a time. -### (Recommended) Using systemd for Management +#### (Recommended) Using systemd for Management You can run the following systemd commands to start, stop, and restart the isula-build service: @@ -171,107 +134,110 @@ The systemd service file of the isula-build software installation package is sto sudo systemctl daemon-reload ``` -### Directly Running isula-builder +#### Directly Running isula-builder -You can also run the isula-builder command on the server to start the service. The isula-builder command can contain flags for service startup. The following flags are supported: +You can also run the `isula-builder` command on the server to start the service. The `isula-builder` command can contain flags for service startup. The following flags are supported: -- -D, --debug: whether to enable the debugging mode. -- --log-level: log level. The options are debug, info, warn, and error. The default value is info. -- --dataroot: local persistency directory. The default value is /var/lib/isula-build/. -- --runroot: runtime directory. The default value is /var/run/isula-build/. -- --storage-driver: underlying storage driver type. -- --storage-opt: underlying storage driver configuration. +- `-D, --debug`: whether to enable the debugging mode. +- `--log-level`: log level. The options are **debug**, **info**, **warn**, and **error**. The default value is **info**. +- `--dataroot`: local persistency directory. The default value is **/var/lib/isula-build/**. +- `--runroot`: runtime directory. The default value is **/var/run/isula-build/**. +- `--storage-driver`: underlying storage driver type. +- `--storage-opt`: underlying storage driver configuration. +- `--group`: sets the owner group for the local socket file **isula_build.sock** so that non-privileged users in the group can use isula-build. The default owner group is **isula**. +- `--experimental`: whether to enable experimental features. ->![](public_sys-resources/icon-note.gif) **Note:** -> If the command line startup parameters contain the same configuration options as those in the configuration file, the command line parameters are preferentially used for startup. +>![](./public_sys-resources/icon-note.gif) **Note:** +> +> - If the command line parameters contain the same configuration items as those in the configuration file, the command line parameters are preferentially used for startup. -Start the isula-build service. For example, to specify the local persistency directory /var/lib/isula-build and disable debugging, run the following command: +Start the isula-build service. For example, to specify the local persistency directory **/var/lib/isula-build** and disable debugging, run the following command: ```sh sudo isula-builder --dataroot "/var/lib/isula-build" --debug=false ``` -# Usage Guidelines +## Usage Guidelines -## Prerequisites +### Prerequisites -isula-build depends on the executable file runc to build the RUN command in the Dockerfile. Therefore, the runc must be pre-installed in the running environment of isula-build. The installation method depends on the application scenario. If you do not need to use the complete docker-engine tool chain, you can install only the docker-runc RPM package. +isula-build depends on the executable file **runc** to build the **RUN** instruction in the Dockerfile. Therefore, runc must be pre-installed in the running environment of isula-build. The installation method depends on the application scenario. If you do not need to use the complete docker-engine tool chain, you can install only the docker-runc RPM package. ```sh sudo yum install -y docker-runc ``` -If you need to use a complete docker-engine tool chain, install the docker-engine RPM package, which contains the executable file runc by default. +If you need to use a complete docker-engine tool chain, install the docker-engine RPM package, which contains the executable file **runc** by default. ```sh sudo yum install -y docker-engine ``` ->![](public_sys-resources/icon-note.gif) **Note:** ->Users must ensure the security of OCI runtime (runc) executable files to prevent malicious replacement. - - - -## Overview - -The isula-build client provides a series of commands for building and managing container images. Currently, the isula-build client provides the following command lines: - -- ctr-img: manages container images. The ctr-img command contains the following subcommands: - - build: builds a container image based on the specified Dockerfile. - - images: lists local container images. - - import: imports a basic container image. - - load: imports a cascade image. - - rm: deletes a local container image. - - save: exports a cascade image to a local disk. - - tag: adds a tag to a local container image. -- info: displays the running environment and system information of isula-build. -- login: logs in to the remote container image repository. -- logout: logs out of the remote container image repository. -- version: displays the versions of isula-build and isula-builder. - ->![](public_sys-resources/icon-note.gif) **Note:** -The isula-build completion and isula-builder completion commands are used to generate the bash command completion script. This command is implicitly provided by the command line framework and is not displayed in the help information. - - +>![](./public_sys-resources/icon-note.gif) **Note:** +> +> - Ensure the security of OCI runtime (runc) executable files to prevent malicious replacement. + +### Overview + +The isula-build client provides a series of commands for building and managing container images. Currently, the isula-build client provides the following commands: + +- `ctr-img`: manages container images. The `ctr-img` command contains the following subcommands: + - `build`: builds a container image based on the specified Dockerfile. + - `images`: lists local container images. + - `import`: imports a basic container image. + - `load`: imports a cascade image. + - `rm`: deletes a local container image. + - `save`: exports a cascade image to a local disk. + - `tag`: adds a tag to a local container image. + - `pull`: pulls an image to a local host. + - `push`: pushes a local image to a remote repository. +- `info`: displays the running environment and system information of isula-build. +- `login`: logs in to the remote container image repository. +- `logout`: logs out of the remote container image repository. +- `version`: displays the versions of isula-build and isula-builder. +- `manifest` (experimental): manages the manifest list. + +>![](./public_sys-resources/icon-note.gif) **Note:** +> +> - The `isula-build completion` and `isula-builder completion` commands are used to generate the bash command completion script. These commands are implicitly provided by the command line framework and is not displayed in the help information. +> - isula-build client does not have any configuration file. To use isula-build experimental features, enable the environment variable **ISULABUILD_CLI_EXPERIMENTAL** on the client using the `export ISULABUILD_CLI_EXPERIMENTAL=enabled` command. The following describes how to use these commands in detail. +### ctr-img: Container Image Management +The isula-build command groups all container image management commands into the `ctr-img` command. The command format is as follows: - -## ctr-img: Container Image Management - -The isula-build command groups all container image management commands into the `ctr-img` command. The command is as follows: - -``` +```shell isula-build ctr-img [command] ``` -### build: Container Image Build +#### build: Container Image Build -The subcommand build of the ctr-img command is used to build container images. The command is as follows: +The subcommand build of the `ctr-img` command is used to build container images. The command format is as follows: -``` +```shell isula-build ctr-img build [flags] ``` -The build command contains the following flags: +The `build` command contains the following flags: -- --build-arg: string list, which contains variables required during the build process. -- --build-static: key value, which is used to build binary equivalence. Currently, the following key values are included: - - build-time: string, which indicates that a fixed timestamp is used to build a container image. The timestamp format is YYYY-MM-DD HH-MM-SS. -- -f, --filename: string, which indicates the path of the Dockerfiles. If this parameter is not specified, the current path is used. -- --iidfile: string, which indicates the ID of the image output to a local file. -- -o, --output: string, which indicates the image export mode and path. -- --proxy: Boolean, which inherits the proxy environment variable on the host. The default value is true. -- --tag: string, which indicates the tag value of the image that is successfully built. -- --cap-add: string list, which contains permissions required by the RUN command during the build process. +- `--build-arg`: string list containing variables required during the build process. +- `--build-static`: key value, which is used to build binary equivalence. Currently, the following key values are included: + `- build-time`: string indicating that a container image is built at a specified timestamp. The timestamp format is *YYYY-MM-DD HH-MM-SS*. +- `-f, --filename`: string indicating the path of the Dockerfiles. If this parameter is not specified, the current path is used. +- `--format`: string indicating the image format **oci** or **docker** (**ISULABUILD_CLI_EXPERIMENTAL** needs to be enabled). +- `--iidfile`: string indicating a local file to which the ID of the image is output. +- `-o, --output`: string indicating the image export mode and path. +- `--proxy`: boolean, which inherits the proxy environment variable on the host. The default value is **true**. +- `--tag`: string indicating the tag value of the image that is successfully built. +- `--cap-add`: string list containing permissions required by the **RUN** instruction during the build process. -** The following describes the flags in detail. ** +**The following describes the flags in detail.** -**\--build-arg** +##### \--build-arg -Parameters in the Dockerfile are inherited from the command lines. The usage is as follows: +Parameters in the Dockerfile are inherited from the commands. The usage is as follows: ```sh $ echo "This is bar file" > bar.txt @@ -285,7 +251,8 @@ STEP 1: FROM busybox Getting image source signatures Copying blob sha256:8f52abd3da461b2c0c11fda7a1b53413f1a92320eb96525ddf92c0b5cde781ad Copying config sha256:e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b -Writing manifest to image destinationStoring signatures +Writing manifest to image destination +Storing signatures STEP 2: ARG foo STEP 3: ADD ${foo}.txt . STEP 4: RUN cat ${foo}.txt @@ -299,7 +266,7 @@ Storing signatures Build success with image id: 39b62a3342eed40b41a1bcd9cd455d77466550dfa0f0109af7a708c3e895f9a2 ``` -**\--build-static** +##### \--build-static Specifies a static build. That is, when isula-build is used to build a container image, differences between all timestamps and other build factors (such as the container ID and hostname) are eliminated. Finally, a container image that meets the static requirements is built. @@ -313,170 +280,192 @@ When isula-build is used to build a container image, assume that a fixed timesta For container image build, isula-build supports the same Dockerfile. If the build environments are the same, the image content and image ID generated in multiple builds are the same. -–build-static supports the key-value pair option in the k=v format. Currently, the following options are supported: +`--build-static` supports the key-value pair option in the *key=value* format. Currently, the following options are supported: -- build-time: string, which indicates the fixed timestamp for creating a static image. The value is in the format of YYYY-MM-DD HH-MM-SS. The timestamp affects the attribute of the file for creating and modifying the time at the diff layer. +- build-time: string, which indicates the fixed timestamp for creating a static image. The value is in the format of *YYYY-MM-DD HH-MM-SS*. The timestamp affects the attribute of the file for creating and modifying the time at the diff layer. Example: ```sh - $ sudo isula-build ctr-img build -f Dockerfile --build-static='build-time=2020-05-23 10:55:33' . + sudo isula-build ctr-img build -f Dockerfile --build-static='build-time=2020-05-23 10:55:33' . ``` In this way, the container images and image IDs built in the same environment for multiple times are the same. -**\--iidfile** +##### \--format + +This option can be used when the experiment feature is enabled. The default image format is **oci**. You can specify the image format to build. For example, the following commands are used to build an OCI image and a Docker image, respectively. + + ```sh + export ISULABUILD_CLI_EXPERIMENTAL=enabled; sudo isula-build ctr-img build -f Dockerfile --format oci . + ``` + + ```sh + export ISULABUILD_CLI_EXPERIMENTAL=enabled; sudo isula-build ctr-img build -f Dockerfile --format docker . + ``` + +##### \--iidfile Run the following command to output the ID of the built image to a file: -``` +```shell isula-build ctr-img build --iidfile filename ``` -For example, to export the container image ID to the testfile file, run the following command: +For example, to export the container image ID to the **testfile** file, run the following command: ```sh -$ sudo isula-build ctr-img build -f Dockerfile_arg --iidfile testfile +sudo isula-build ctr-img build -f Dockerfile_arg --iidfile testfile ``` - Check the container image ID in the testfile file. + Check the container image ID in the **testfile** file. ```sh $ cat testfile 76cbeed38a8e716e22b68988a76410eaf83327963c3b29ff648296d5cd15ce7b ``` +##### \-o, --output +Currently, `-o` and `--output` support the following formats: -**\-o, --output** - -Currently, -o and –output support the following formats: +- `isulad:image:tag`: directly pushes the image that is successfully built to iSulad, for example, `-o isulad:busybox:latest`. The following restrictions apply: -- `isulad:image:tag`: directly pushes the image that is successfully built to iSulad, for example, `-o isulad:busybox:latest`. Pay attention to the following restrictions: + - isula-build and iSulad must be on the same node. + - The tag must be configured. + - On the isula-build client, you need to temporarily save the successfully built image as **/var/tmp/isula-build-tmp-%v.tar** and then import it to iSulad. Ensure that the **/var/tmp/** directory has sufficient disk space. - - isula-build and iSulad must be on the same node. - - The tag must be configured. - - On the isula-build client, you need to temporarily save the successfully built image as `/var/tmp/isula-build-tmp-%v.tar` and then import it to iSulad. Ensure that the `/var/tmp/` directory has sufficient disk space. - -- `docker-daemon:image:tag`: directly pushes the successfully built image to Docker daemon, for example, `-o docker-daemon:busybox:latest`. Pay attention to the following restrictions: +- `docker-daemon:image:tag`: directly pushes the successfully built image to Docker daemon, for example, `-o docker-daemon:busybox:latest`. The following restrictions apply: - isula-build and Docker must be on the same node. - - The tag must be configured. - -- `docker://registry.example.com/repository:tag`: directly pushes the successfully built image to the remote image repository, for example, `-o docker://localhost:5000/library/busybox:latest`. + - The tag must be configured. + +- `docker://registry.example.com/repository:tag`: directly pushes the successfully built image to the remote image repository in Docker image format, for example, `-o docker://localhost:5000/library/busybox:latest`. - `docker-archive:/:image:tag`: saves the successfully built image to the local host in Docker image format, for example, `-o docker-archive:/root/image.tar:busybox:latest`. -In addition to flags, the build subcommand also supports an argument whose type is string and meaning is context, that is, the context of the Dockerfile build environment. The default value of this parameter is the current path where isula-build is executed. This path affects the path retrieved by the ADD and COPY commands of .dockerignore and Dockerfile. +When experiment feature is enabled, you can build image in OCI image format with: + +- `oci://registry.example.com/repository:tag`: directly pushes the successfully built image to the remote image repository in OCI image format(OCI image format should be supported by the remote repository), for example, `-o oci://localhost:5000/library/busybox:latest`. -**\--proxy** +- `oci-archive:/:image:tag`: saves the successfully built image to the local host in OCI image format, for example, `-o oci-archive:/root/image.tar:busybox:latest`. -Specifies whether the container started by the RUN command inherits the proxy-related environment variables http_proxy, https_proxy, ftp_proxy, no_proxy, HTTP_PROXY, HTTPS_PROXY, and FTP_PROXY. The default value of NO_PROXY is true. +In addition to the flags, the `build` subcommand also supports an argument whose type is string and meaning is context, that is, the context of the Dockerfile build environment. The default value of this parameter is the current path where isula-build is executed. This path affects the path retrieved by the **ADD** and **COPY** instructions of the .dockerignore file and Dockerfile. -When a user configures proxy-related ARG or ENV in the Dockerfile, the inherited environment variables will be overwritten. +##### \--proxy -Note: If the client and daemon are not running on the same terminal, the environment variables that can be inherited are the environment variables of the terminal where the daemon is located. +Specifies whether the container started by the **RUN** instruction inherits the proxy-related environment variables **http_proxy**, **https_proxy**, **ftp_proxy**, **no_proxy**, **HTTP_PROXY**, **HTTPS_PROXY**, and **FTP_PROXY**. The default value is **true**. + +When a user configures proxy-related **ARG** or **ENV** in the Dockerfile, the inherited environment variables will be overwritten. + +>![](./public_sys-resources/icon-note.gif) **Note:** +> +> - If the client and daemon are running on different terminals, the environment variables of the terminal where the daemon is running are inherited. -**\--tag** +##### \--tag Specifies the tag of the image stored on the local disk after the image is successfully built. -**\--cap-add** +##### \--cap-add -Run the following command to add the permission required by the RUN command during the build process: +Run the following command to add the permission required by the **RUN** instruction during the build process: -``` +```shell isula-build ctr-img build --cap-add ${CAP} ``` Example: ```sh -$ sudo isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRACE -f Dockerfile +sudo isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRACE -f Dockerfile ``` > **Note:** > > - A maximum of 100 container images can be concurrently built. -> - isula-build supports Dockerfiles with a maximum size of 1 MiB. -> - isula-build supports the .dockerignore file with a maximum size of 1 MiB. +> - isula-build supports Dockerfiles with a maximum size of 1 MB. +> - isula-build supports a .dockerignore file with a maximum size of 1 MB. > - Ensure that only the current user has the read and write permissions on the Dockerfiles to prevent other users from tampering with the files. -> - During the build, the RUN command starts the container to build in the container. Currently, isula-build supports the host network only. -> - isula-build only supports the tar.gz compression format. +> - During the build, the **RUN** instruction starts the container to build in the container. Currently, isula-build supports the host network only. +> - isula-build only supports the tar compression format. > - isula-build commits once after each image build stage is complete, instead of each time a Dockerfile line is executed. > - isula-build does not support cache build. -> - isula-build starts the build container only when the RUN command is built. +> - isula-build starts the build container only when the **RUN** instruction is built. > - Currently, the history function of Docker images is not supported. > - The stage name can start with a digit. > - The stage name can contain a maximum of 64 characters. -> - isula-build does not support resource restriction on a single Dockerfile build. If resource restriction is required, you can configure a resource limit on the isula-builder. -> - Currently, isula-build does not support a remote URL as the data source of the ADD command in the Dockerfile. - - +> - isula-build does not support resource restriction on a single Dockerfile build. If resource restriction is required, you can configure a resource limit on isula-builder. +> - Currently, isula-build does not support a remote URL as the data source of the **ADD** instruction in the Dockerfile. +> - The local tar package exported using the **docker-archive** and **oci-archive** types are not compressed, you can manually compress the file as required. -### image: Viewing Local Persistent Build Images +#### image: Viewing Local Persistent Build Images -You can run the images command to view the images in the local persistent storage. +You can run the `images` command to view the images in the local persistent storage. ```sh $ sudo isula-build ctr-img images ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -localhost:5000/library/alpine latest a24bb4013296 2020-20-19 19:59:197 5.85 MB - 39b62a3342ee 2020-20-38 38:66:387 1.45 MB ----------------------------------------------- ----------- ----------------- -------------------------- ------------ +--------------------------------------- ----------- ----------------- ------------------------ ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +--------------------------------------- ----------- ----------------- ------------------------ ------------ +localhost:5000/library/alpine latest a24bb4013296 2022-01-17 10:02:19 5.85 MB + 39b62a3342ee 2022-01-17 10:01:12 1.45 MB +--------------------------------------- ----------- ----------------- ------------------------ ------------ ``` -**Note**: The image size displayed by running the `isula-build ctr-img images` command may be different from that displayed by running the `docker images` command. When calculating the image size, isula-build directly calculates the total size of .tar packages at each layer, while Docker calculates the total size of files by decompressing the .tar package and traversing the diff directory. Therefore, the statistics are different. - - +>![](./public_sys-resources/icon-note.gif) **Note:** +> +> - The image size displayed by running the `isula-build ctr-img images` command may be different from that displayed by running the `docker images` command. When calculating the image size, `isula-build` directly calculates the total size of .tar packages at each layer, while `docker` calculates the total size of files by decompressing the .tar packages and traversing the diff directory. Therefore, the statistics are different. -### import: Importing a Basic Container Image +#### import: Importing a Basic Container Image -openEuler releases a basic container image, for example, openEuler-docker.x86_64.tar.xz, with the version. You can run the `ctr-img import` command to import the image to isula-build. +A tar file in rootfs form can be imported into isula-build via the `ctr-img import` command. -The command is as follows: +The command format is as follows: -``` +```shell isula-build ctr-img import [flags] ``` Example: ```sh -$ sudo isula-build ctr-img import ./openEuler-docker.x86_64.tar.xz openeuler:20.03 -Import success with image id: 7317851cd2ab33263eb293f68efee9d724780251e4e92c0fb76bf5d3c5585e37 +$ sudo isula-build ctr-img import busybox.tar mybusybox:latest +Getting image source signatures +Copying blob sha256:7b8667757578df68ec57bfc9fb7754801ec87df7de389a24a26a7bf2ebc04d8d +Copying config sha256:173b3cf612f8e1dc34e78772fcf190559533a3b04743287a32d549e3c7d1c1d1 +Writing manifest to image destination +Storing signatures +Import success with image id: "173b3cf612f8e1dc34e78772fcf190559533a3b04743287a32d549e3c7d1c1d1" $ sudo isula-build ctr-img images ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -openeuler 20.03 7317851cd2ab 2020-08-01 06:25:34 500 MB ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ +--------------------------------------- ----------- ----------------- ------------------------ ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +--------------------------------------- ----------- ----------------- ------------------------ ------------ +mybusybox latest 173b3cf612f8 2022-01-12 16:02:31 1.47 MB +--------------------------------------- ----------- ----------------- ------------------------ ------------ ``` ->![](public_sys-resources/icon-note.gif) **Note** ->isula-build supports the import of container basic images with a maximum size of 1 GiB. - - +>![](./public_sys-resources/icon-note.gif) **Note** +> +> - isula-build supports the import of container basic images with a maximum size of 1 GB. -### load: Importing Cascade Images +#### load: Importing Cascade Images -Cascade images are images that are saved to the local computer by running the docker save or isula-build ctr-img save command. The compressed image package contains a layer-by-layer image package named layer.tar. You can run the ctr-img load command to import the image to isula-build. +Cascade images are images that are saved to the local computer by running the `docker save` or `isula-build ctr-img save` command. The compressed image package contains a layer-by-layer image package named **layer.tar**. You can run the `ctr-img load` command to import the image to isula-build. -The command is as follows: +The command format is as follows: -``` +```shell isula-build ctr-img load [flags] ``` Currently, the following flags are supported: -- -i, --input: path of the local .tar package. +- `-i, --input`: path of the local .tar package. Example: ```sh -$ sudo isula-build ctr-img load -i ubuntu.tarGetting image source signatures +$ sudo isula-build ctr-img load -i ubuntu.tar +Getting image source signatures Copying blob sha256:cf612f747e0fbcc1674f88712b7bc1cd8b91cf0be8f9e9771235169f139d507c Copying blob sha256:f934e33a54a60630267df295a5c232ceb15b2938ebb0476364192b1537449093 Copying blob sha256:943edb549a8300092a714190dfe633341c0ffb483784c4fdfe884b9019f6a0b4 @@ -497,26 +486,23 @@ Storing signatures Loaded image as c07ddb44daa97e9e8d2d68316b296cc9343ab5f3d2babc5e6e03b80cd580478e ``` ->![](public_sys-resources/icon-note.gif) **Note:** -> ->The - isula-build load command can only be used to import a compressed image file that contains a single cascade image. +>![](./public_sys-resources/icon-note.gif) **Note:** > ->- isula-build allows you to import a container image with a maximum size of 50 GB. +> - isula-build allows you to import a container image with a maximum size of 50 GB. +> - isula-build automatically recognizes the image format and loads it from the cascade image file. +#### rm: Deleting a Local Persistent Image +You can run the `rm` command to delete an image from the local persistent storage. The command format is as follows: -### rm: Deleting a Local Persistent Image - -You can run the rm command to delete an image from the local persistent storage. The command is as follows: - -``` +```shell isula-build ctr-img rm IMAGE [IMAGE...] [FLAGS] ``` Currently, the following flags are supported: -- -a, –all: deletes all images stored locally. -- -p, –prune: deletes all images that are stored locally and do not have tags. +- `-a, --all`: deletes all images stored locally. +- `-p, --prune`: deletes all images that are stored locally and do not have tags. Example: @@ -526,17 +512,20 @@ Deleted: sha256:78731c1dde25361f539555edaf8f0b24132085b7cab6ecb90de63d72fa00c01d Deleted: sha256:eeba1bfe9fca569a894d525ed291bdaef389d28a88c288914c1a9db7261ad12c ``` +#### save: Exporting Cascade Images +You can run the `save` command to export the cascade images to the local disk. The command format is as follows: -### save: Exporting Cascade Images - -You can run the save command to export the cascade images to the local disk. The command is as follows: - -``` +```shell isula-build ctr-img save [REPOSITORY:TAG]|imageID -o xx.tar ``` -The following example shows how to export an image in `image/tag` format: +Currently, the following flags are supported: + +- `-f, --format`: which indicates the exported image format: **oci** or **docker** (**ISULABUILD_CLI_EXPERIMENTAL** needs to be enabled) +- `-o, --output`: which indicates the local path for storing the exported images. + +The following example shows how to export an image using *image/tag*: ```sh $ sudo isula-build ctr-img save busybox:latest -o busybox.tar @@ -550,7 +539,7 @@ Storing signatures Save success with image: busybox:latest ``` -The following example shows how to export an image in `ImageID` format: +The following example shows how to export an image using *ImageID*: ```sh $ sudo isula-build ctr-img save 21c3e96ac411 -o busybox.tar @@ -564,13 +553,35 @@ Storing signatures Save success with image: 21c3e96ac411 ``` +The following example shows how to export multiple images to the same tarball: + +```sh +$ sudo isula-build ctr-img save busybox:latest nginx:latest -o all.tar +Getting image source signatures +Copying blob sha256:eb78099fbf7fdc70c65f286f4edc6659fcda510b3d1cfe1caa6452cc671427bf +Copying blob sha256:29f11c413898c5aad8ed89ad5446e89e439e8cfa217cbb404ef2dbd6e1e8d6a5 +Copying blob sha256:af5bd3938f60ece203cd76358d8bde91968e56491daf3030f6415f103de26820 +Copying config sha256:b8efb18f159bd948486f18bd8940b56fd2298b438229f5bd2bcf4cedcf037448 +Writing manifest to image destination +Storing signatures +Getting image source signatures +Copying blob sha256:e2d6930974a28887b15367769d9666116027c411b7e6c4025f7c850df1e45038 +Copying config sha256:a33de3c85292c9e65681c2e19b8298d12087749b71a504a23c576090891eedd6 +Writing manifest to image destination +Storing signatures +Save success with image: [busybox:latest nginx:latest] +``` +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- Save exports an image in .tar format by default. If necessary, you can save the image and then manually compress it. +>- When exporting an image using image name, specify the entire image name in the *REPOSITORY:TAG* format. -### tag: Tagging Local Persistent Images +#### tag: Tagging Local Persistent Images -You can run the tag command to add a tag to a local persistent container image. The command is as follows: +You can run the `tag` command to add a tag to a local persistent container image. The command format is as follows: -``` +```shell isula-build ctr-img tag / busybox:latest ``` @@ -578,73 +589,127 @@ Example: ```sh $ sudo isula-build ctr-img images ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB ----------------------------------------------- ----------- ----------------- -------------------------- ------------ +--------------------------------------- ----------- ----------------- -------------------------- ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +--------------------------------------- ----------- ----------------- -------------------------- ------------ +alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB +--------------------------------------- ----------- ----------------- -------------------------- ------------ $ sudo isula-build ctr-img tag a24bb4013296 alpine:v1 $ sudo isula-build ctr-img images ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB -alpine v1 a24bb4013296 2020-05-29 21:19:46 5.85 MB ----------------------------------------------- ----------- ----------------- -------------------------- ------------ +--------------------------------------- ----------- ----------------- ------------------------ ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +--------------------------------------- ----------- ----------------- ------------------------ ------------ +alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB +alpine v1 a24bb4013296 2020-05-29 21:19:46 5.85 MB +--------------------------------------- ----------- ----------------- ------------------------ ------------ +``` + +#### pull: Pulling an Image To a Local Host + +Run the `pull` command to pull an image from a remote image repository to a local host. Command format: + +```shell +isula-build ctr-img pull REPOSITORY[:TAG] ``` +Example: +```sh +$ sudo isula-build ctr-img pull example-registry/library/alpine:latest +Getting image source signatures +Copying blob sha256:8f52abd3da461b2c0c11fda7a1b53413f1a92320eb96525ddf92c0b5cde781ad +Copying config sha256:e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b +Writing manifest to image destination +Storing signatures +Pull success with image: example-registry/library/alpine:latest +``` -## info: Viewing the Operating Environment and System Information +#### push: Pushing a Local Image to a Remote Repository -You can run the isula-build info command to view the running environment and system information of isula-build. The command is as follows: +Run the `push` command to push a local image to a remote repository. Command format: +```shell +isula-build ctr-img push REPOSITORY[:TAG] ``` + +Currently, the following flags are supported: + +- `-f, --format`: indicates the pushed image format **oci** or **docker** (**ISULABUILD_CLI_EXPERIMENTAL** needs to be enabled) + +Example: + +```sh +$ sudo isula-build ctr-img push example-registry/library/mybusybox:latest +Getting image source signatures +Copying blob sha256:d2421964bad195c959ba147ad21626ccddc73a4f2638664ad1c07bd9df48a675 +Copying config sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f +Writing manifest to image destination +Storing signatures +Push success with image: example-registry/library/mybusybox:latest +``` + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- Before pushing an image, log in to the corresponding image repository. + +### info: Viewing the Operating Environment and System Information + +You can run the `isula-build info` command to view the running environment and system information of isula-build. The command format is as follows: + +```shell isula-build info [flags] ``` The following flags are supported: -- -H, –human-readable: Boolean. The memory information is printed in the common memory format. The value is 1000 power. +- `-H, --human-readable`: Boolean. The memory information is printed in the common memory format. The value is 1000 power. +- `-V, --verbose`: Boolean. The memory usage is displayed during system running. Example: ```sh $ sudo isula-build info -H - General: - MemTotal: 7.63 GB - MemFree: 757 MB - SwapTotal: 8.3 GB - SwapFree: 8.25 GB - OCI Runtime: runc - DataRoot: /var/lib/isula-build/ - RunRoot: /var/run/isula-build/ - Builders: 0 + General: + MemTotal: 7.63 GB + MemFree: 757 MB + SwapTotal: 8.3 GB + SwapFree: 8.25 GB + OCI Runtime: runc + DataRoot: /var/lib/isula-build/ + RunRoot: /var/run/isula-build/ + Builders: 0 Goroutines: 12 - Store: - Storage Driver: overlay + Store: + Storage Driver: overlay Backing Filesystem: extfs - Registry: - Search Registries: + Registry: + Search Registries: oepkgs.net - Insecure Registries: - localhost:5000 + Insecure Registries: + localhost:5000 oepkgs.net + Runtime: + MemSys: 68.4 MB + HeapSys: 63.3 MB + HeapAlloc: 7.41 MB + MemHeapInUse: 8.98 MB + MemHeapIdle: 54.4 MB + MemHeapReleased: 52.1 MB ``` -## login: Logging In to the Remote Image Repository +### login: Logging In to the Remote Image Repository -You can run the login command to log in to the remote image repository. The command is as follows: +You can run the `login` command to log in to the remote image repository. The command format is as follows: -``` +```shell isula-build login SERVER [FLAGS] ``` Currently, the following flags are supported: -``` - Flags: - -p, --password-stdin Read password from stdin +```shell + Flags: + -p, --password-stdin Read password from stdin -u, --username string Username to access registry ``` @@ -663,62 +728,160 @@ Enter the password in interactive mode. Login Succeeded ``` -## logout: Logging Out of the Remote Image Repository +### logout: Logging Out of the Remote Image Repository -You can run the logout command to log out of the remote image repository. The command is as follows: +You can run the `logout` command to log out of the remote image repository. The command format is as follows: -``` +```shell isula-build logout [SERVER] [FLAGS] ``` Currently, the following flags are supported: -``` - Flags: +```shell + Flags: -a, --all Logout all registries ``` Example: ```sh - $ sudo isula-build logout -a + $ sudo isula-build logout -a Removed authentications ``` -## version: Querying the isula-build Version +### version: Querying the isula-build Version -You can run the version command to view the current version information. +You can run the `version` command to view the current version information. ```sh $ sudo isula-build version Client: - Version: 0.9.2 - Go Version: go1.13.3 - Git Commit: ccb2a13 - Built: Sat Aug 22 08:06:47 2020 + Version: 0.9.5 + Go Version: go1.15.7 + Git Commit: b82408f + Built: Tue Mar 30 11:08:00 2021 OS/Arch: linux/amd64 - + Server: - Version: 0.9.2 - Go Version: go1.13.3 - Git Commit: ccb2a13 - Built: Sat Aug 22 08:06:47 2020 + Version: 0.9.5 + Go Version: go1.15.5 + Git Commit: 64dbad50 + Built: Mon Apr 12 20:30:31 2021 OS/Arch: linux/amd64 ``` +### manifest: Manifest List Management + +The manifest list contains the image information corresponding to different system architectures. You can use the same manifest (for example, **openeuler:latest**) in different architectures to obtain the image of the corresponding architecture. The manifest contains the create, annotate, inspect, and push subcommands. + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> - manifest is an experiment feature. When using this feature, you need to enable the experiment options on the client and server. For details, see Client Overview and Configuring Services. + +#### create: Manifest List Creation + +The create subcommand of the `manifest` command is used to create a manifest list. The command format is as follows: + +```shell +isula-build manifest create MANIFEST_LIST MANIFEST [MANIFEST...] +``` + +You can specify the name of the manifest list and the remote images to be added to the list. If no remote image is specified, an empty manifest list is created. + +Example: + +```sh +sudo isula-build manifest create openeuler localhost:5000/openeuler_x86:latest localhost:5000/openeuler_aarch64:latest +``` + +#### annotate: Manifest List Update -# Directly Integrating a Container Engine +The `annotate` subcommand of the `manifest` command is used to update the manifest list. The command format is as follows: + +```shell +isula-build manifest annotate MANIFEST_LIST MANIFEST [flags] +``` + +You can specify the manifest list to be updated and the images in the manifest list, and use flags to specify the options to be updated. This command can also be used to add new images to the manifest list. + +Currently, the following flags are supported: + +- --arch: Applicable architecture of the rewritten image. The value is a string. +- --os: Indicates the applicable system of the image. The value is a string. +- --os-features: Specifies the OS features required by the image. This parameter is a string and rarely used. +- --variant: Variable of the image recorded in the list. The value is a string. + +Example: + +```sh +sudo isula-build manifest annotate --os linux --arch arm64 openeuler:latest localhost:5000/openeuler_aarch64:latest +``` + +#### inspect: Manifest List Inspect + +The `inspect` subcommand of the `manifest` command is used to query the manifest list. The command format is as follows: + +```shell +isula-build manifest inspect MANIFEST_LIST +``` + +Example: + +```sh +$ sudo isula-build manifest inspect openeuler:latest +{ + "schemaVersion": 2, + "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", + "manifests": [ + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "size": 527, + "digest": "sha256:bf510723d2cd2d4e3f5ce7e93bf1e52c8fd76831995ac3bd3f90ecc866643aff", + "platform": { + "architecture": "amd64", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "size": 527, + "digest": "sha256:f814888b4bb6149bd39ba8375a1932fb15071b4dbffc7f76c7b602b06abbb820", + "platform": { + "architecture": "arm64", + "os": "linux" + } + } + ] +} +``` + +#### push: Manifest List Push to the Remote Repository + +The manifest subcommand `push` is used to push the manifest list to the remote repository. The command format is as follows: + +```shell +isula-build manifest push MANIFEST_LIST DESTINATION +``` + +Example: + +```sh +sudo isula-build manifest push openeuler:latest localhost:5000/openeuler:latest +``` + +## Directly Integrating a Container Engine isula-build can be integrated with iSulad or Docker to import the built container image to the local storage of the container engine. -## Integration with iSulad +### Integration with iSulad Images that are successfully built can be directly exported to the iSulad. Example: ```sh -$ sudo isula-build ctr-img build -f Dockerfile -o isulad:busybox:2.0 +sudo isula-build ctr-img build -f Dockerfile -o isulad:busybox:2.0 ``` Specify iSulad in the -o parameter to export the built container image to iSulad. You can query the image using isula images. @@ -730,21 +893,22 @@ REPOSITORY TAG IMAGE ID CREATED busybox 2.0 2d414a5cad6d 2020-08-01 06:41:36 5.577 MB ``` ->![](public_sys-resources/icon-note.gif) **Note:** +>![](./public_sys-resources/icon-note.gif) **Note:** +> > - It is required that isula-build and iSulad be on the same node. -> - When an image is directly exported to the iSulad, the isula-build client needs to temporarily store the successfully built image as `/var/tmp/isula-build-tmp-%v.tar` and then import it to the iSulad. Ensure that the /var/tmp/ directory has sufficient disk space. If the isula-build client process is killed or Ctrl+C is pressed during the export, you need to manually clear the `/var/tmp/isula-build-tmp-%v.tar` file. +> - When an image is directly exported to the iSulad, the isula-build client needs to temporarily store the successfully built image as `/var/lib/isula-build/tmp/[build_id]/isula-build-tmp-%v.tar` and then import it to the iSulad. Ensure that the /var/tmp/ directory has sufficient disk space. If the isula-build client process is killed or Ctrl+C is pressed during the export, you need to manually clear the `/var/lib/isula-build/tmp/[build_id]/isula-build-tmp-%v.tar` file. -## Integration with Docker +### Integration with Docker Images that are successfully built can be directly exported to the Docker daemon. Example: ```sh -$ sudo isula-build ctr-img build -f Dockerfile -o docker-daemon:busybox:2.0 +sudo isula-build ctr-img build -f Dockerfile -o docker-daemon:busybox:2.0 ``` -Specify docker-daemon in the -o parameter to export the built container image to Docker. You can run the docker images command to query the image. +Specify docker-daemon in the -o parameter to export the built container image to Docker. You can run the `docker images` command to query the image. ```sh $ sudo docker images @@ -752,82 +916,129 @@ REPOSITORY TAG IMAGE ID busybox 2.0 2d414a5cad6d 2 months ago 5.22MB ``` ->![](public_sys-resources/icon-note.gif) **Note:** +>![](./public_sys-resources/icon-note.gif) **Note:** > > - The isula-build and Docker must be on the same node. -# Appendix +## Precautions + +This chapter is something about constraints, limitations and differences with `docker build` when use isula-builder build images. + +### Constraints or Limitations +1. When export an image to [iSulad](https://gitee.com/openeuler/iSulad/blob/master/README.md/), a tag is necessary. +2. Because the OCI runtime, for example, **runc**, will be called by isula-builder when executing the **RUN** instruction, the integrity of the runtime binary should be guaranteed by the user. +3. DataRoot should not be set to **tmpfs**. +4. **Overlay2** is the only storage driver supported by isula-builder currently. +5. Docker image is the only image format supported by isula-builder currently. +6. You are advised to set file permission of the Dockerfile to **0600** to avoid tampering by other users. +7. Only host network is supported by the **RUN** instruction currently. +8. When export image to a tar package, only tar compression format is supported by isula-builder currently. +9. The base image size is limited to 1 GB when importing a base image using `import`. -## Command Line Parameters +### Differences with "docker build" -**Table 1** Parameters in the ctr-img build command +`isula-build` complies with [Dockerfile specification](https://docs.docker.com/engine/reference/builder), but there are also some subtle differences between `isula-builder` and `docker build` as follows: + +1. isula-builder commits after each build stage, but not every line. +2. Build cache is not supported by isula-builder. +3. Only **RUN** instruction will be executed in the build container. +4. Build history is not supported currently. +5. Stage name can be start with a number. +6. The length of the stage name is limited to 64 in `isula-builder`. +7. **ADD** instruction source can not be a remote URL currently. +8. Resource restriction on a single build is not supported. If resource restriction is required, you can configure a resource limit on isula-builder. +9. `isula-builder` add each origin layer tar size to get the image size, but docker only uses the diff content of each layer. So the image size listed by `isula-builder images` is different. +10. Image name should be in the *NAME:TAG* format. For example **busybox:latest**, where **latest** must not be omitted. + +## Appendix + +### Command Line Parameters + +**Table 1** Parameters of the `ctr-img build` command | **Command** | **Parameter** | **Description** | | ------------- | -------------- | ------------------------------------------------------------ | | ctr-img build | --build-arg | String list, which contains variables required during the build. | | | --build-static | Key value, which is used to build binary equivalence. Currently, the following key values are included: - build-time: string, which indicates that a fixed timestamp is used to build a container image. The timestamp format is YYYY-MM-DD HH-MM-SS. | | | -f, --filename | String, which indicates the path of the Dockerfiles. If this parameter is not specified, the current path is used. | +| | --format | String, which indicates the image format **oci** or **docker** (**ISULABUILD_CLI_EXPERIMENTAL** needs to be enabled). | | | --iidfile | String, which indicates the ID of the image output to a local file. | | | -o, --output | String, which indicates the image export mode and path.| | | --proxy | Boolean, which inherits the proxy environment variable on the host. The default value is true. | | | --tag | String, which indicates the tag value of the image that is successfully built. | -| | --cap-add | String list, which contains permissions required by the RUN command during the build process.| +| | --cap-add | String list, which contains permissions required by the **RUN** instruction during the build process.| -**Table 2** Parameters in the ctr-img load command +**Table 2** Parameters of the `ctr-img load` command | **Command** | **Parameter** | **Description** | | ------------ | ----------- | --------------------------------- | -| ctr-img load | -i, --input | String, Path of the local .tar package to be imported| +| ctr-img load | -i, --input | String, path of the local .tar package to be imported.| -**Table 3** Parameters in the ctr-img rm command +**Table 3** Parameters of the `ctr-img push` command + +| **Command** | **Parameter** | **Description** | +| ------------ | ----------- | --------------------------------- | +| ctr-img push | -f, --format | String, which indicates the pushed image format **oci** or **docker** (**ISULABUILD_CLI_EXPERIMENTAL** needs to be enabled).| + +**Table 4** Parameters of the `ctr-img rm` command | **Command** | **Parameter** | **Description** | | ---------- | ----------- | --------------------------------------------- | | ctr-img rm | -a, --all | Boolean, which is used to delete all local persistent images. | | | -p, --prune | Boolean, which is used to delete all images that are stored persistently on the local host and do not have tags. | -**Table 4** Parameters in the ctr-img save command +**Table 5** Parameters of the `ctr-img save` command | **Command** | **Parameter** | **Description** | | ------------ | ------------ | ---------------------------------- | | ctr-img save | -o, --output | String, which indicates the local path for storing the exported images.| +| ctr-img save | -f, --format | String, which indicates the exported image format **oci** or **docker** (**ISULABUILD_CLI_EXPERIMENTAL** needs to be enabled).| -**Table 5** Parameters in the login command +**Table 6** Parameters of the `login` command | **Command** | **Parameter** | **Description** | | -------- | -------------------- | ------------------------------------------------------- | | login | -p, --password-stdin | Boolean, which indicates whether to read the password through stdin. or enter the password in interactive mode. | | | -u, --username | String, which indicates the username for logging in to the image repository.| -**Table 6** Parameters in the logout command +**Table 7** Parameters of the `logout` command | **Command** | **Parameter** | **Description** | | -------- | --------- | ------------------------------------ | | logout | -a, --all | Boolean, which indicates whether to log out of all logged-in image repositories. | -## Communication Matrix +**Table 8** Parameters of the `manifest annotate` command + +| **Command** | **Parameter** | **Description** | +| ----------------- | ------------- | ---------------------------- | +| manifest annotate | --arch | Set architecture | +| | --os | Set operating system | +| | --os-features | Set operating system feature | +| | --variant | Set architecture variant | + +### Communication Matrix The isula-build component processes communicate with each other through the Unix socket file. No port is used for communication. -## File and Permission +### File and Permission -- All isula-build operations must be performed by the root user. +- All isula-build operations must be performed by the **root** user. To perform operations as a non-privileged user, you need to configure the `--group` option. - The following table lists the file permissions involved in the running of isula-build. | **File Path** | **File/Folder Permission** | **Description** | | ------------------------------------------- | ------------------- | ------------------------------------------------------------ | | /usr/bin/isula-build | 550 | Binary file of the command line tool. | -| /usr/bin/isula-builder | 550 | Binary file of the isula-builder process on the server. | +| /usr/bin/isula-builder | 550 | Binary file of the isula-builder process. | | /usr/lib/systemd/system/isula-build.service | 640 | systemd configuration file, which is used to manage the isula-build service. | -| /etc/isula-build/configuration.toml | 600 | General isula-builder configuration file, which sets the isula-builder log level, persistency directory, runtime directory, and OCI runtime. | +| /usr/isula-build | 650 | Root directory of the isula-builder configuration file. | +| /etc/isula-build/configuration.toml | 600 | General isula-builder configuration file, including the settings of the isula-builder log level, persistency directory, runtime directory, and OCI runtime. | | /etc/isula-build/policy.json | 600 | Syntax file of the signature verification policy file. | | /etc/isula-build/registries.toml | 600 | Configuration file of each image repository, including the available image repository list and image repository blacklist. | -| /etc/isula-build/storage.toml | 600 | Configuration file for local persistent storage, including the configuration of the used storage driver. | -| /var/run/isula_build.sock | 600 | Local socket of isula-builder. | +| /etc/isula-build/storage.toml | 600 | Configuration file of the local persistent storage, including the configuration of the used storage driver. | +| /etc/isula-build/isula-build.pub | 400 | Asymmetric encryption public key file. | +| /var/run/isula_build.sock | 660 | Local socket of isula-builder. | | /var/lib/isula-build | 700 | Local persistency directory. | | /var/run/isula-build | 700 | Local runtime directory. | -| /var/tmp/isula-build-tmp-*.tar | 600 | Local directory for temporarily storing the images when they are exported to the iSulad. | - - +| /var/lib/isula-build/tmp/\[build_id\]/isula-build-tmp-*.tar | 644 | Local temporary directory for storing the images when they are exported to iSulad. | diff --git a/docs/en/docs/Container/isulad-container-engine.md b/docs/en/docs/Container/isula-container-engine.md similarity index 33% rename from docs/en/docs/Container/isulad-container-engine.md rename to docs/en/docs/Container/isula-container-engine.md index 54cd5ca2112776a9d584b4eb2e5132607a5dd743..fbafbb206274d28d48f805ffc34d4ec4775ffc3e 100644 --- a/docs/en/docs/Container/isulad-container-engine.md +++ b/docs/en/docs/Container/isula-container-engine.md @@ -1,12 +1,9 @@ -# iSulad Container Engine +# iSula Container Engine - -Compared with Docker, iSulad is a new container solution with a unified architecture design to meet different requirements in the CT and IT fields. Lightweight containers are implemented using C/C++. They are smart, fast, and not restricted by hardware and architecture. With less noise floor overhead, the containers can be widely used. +Compared with Docker, iSula is a new container solution with a unified architecture design to meet different requirements in the CT and IT fields. Lightweight containers are implemented using C/C++. They are smart, fast, and not restricted by hardware and architecture. With less noise floor overhead, the containers can be widely used. [Figure 1](#en-us_topic_0182207099_fig10763114141217) shows the unified container architecture. -**Figure 1** Unified container architecture - +**Figure 1** Unified container architecture ![](./figures/en-us_image_0183048952.png) - diff --git a/docs/en/docs/Container/isula-transform.md b/docs/en/docs/Container/isula-transform.md new file mode 100644 index 0000000000000000000000000000000000000000..fa3e328a9d5c135347b9375582e60e43c085fdb3 --- /dev/null +++ b/docs/en/docs/Container/isula-transform.md @@ -0,0 +1,164 @@ +# isula-transform Container Migration Tool + +The isula-transform container migration tool is launched together with iSulad 2.0. It is used to migrate containers started by the Docker container engine to the iSulad engine for management. After the migration is complete, you can use iSulad to manage container lifecycles. + + + +- [isula-transform Container Migration Tool](#isula-transform-container-migration-tool) + - [Quick Guide](#quick-guide) + - [Installation and Deployment](#installation-and-deployment) + - [Example](#example) + - [Usage Guidelines](#usage-guidelines) + - [Usage](#usage) + - [Parameter Description](#parameter-description) + - [Precautions](#precautions) + - [Appendix](#appendix) + - [Communication Matrix and Permission Description](#communication-matrix-and-permission-description) + - [Communication Matrix](#communication-matrix) + - [File and Permission](#file-and-permission) + + + +## Quick Guide + +### Installation and Deployment + +Perform the following steps to install isula-transform: + +- Installation through yum (Recommended) + + ``` shell + sudo yum install -y isula-transform + ``` + +* Installation through RPM + + ``` shell + sudo rpm -ivh isula-transform-0.9.1-1.oe1.x86_64.rpm + ``` + + Note: The isula-transform running depends on the iSulad and Docker Engine. If you use RPM installation mode, ensure that iSulad and Docker Engine have been installed in the environment. + + +### Example + +The following example describes how to migrate containers started by the Docker container engine to the iSulad engine for management. + +1. Start a Docker container in the host network, and mount the data volume. + + ``` shell + $ mkdir /tmp/test && echo "hello isula 2.0" > /tmp/test/hello.txt + $ sudo docker run -tid --network host -v /tmp/test:/test rnd-dockerhub.huawei.com/official/ubuntu bash + b7ebc79a83297d781069308311cd1456539ab663fc284c80386a941af1a78685 + $ sudo docker exec b7ebc7 cat /test/hello.txt + hello isula 2.0 + $ sudo docker exec b7ebc7 bash -c "echo 'hello isula-transform' > /root/world.txt" + $ sudo docker exec b7ebc7 cat /root/world.txt + hello isula-transform + ``` + +2. Use isula-transform to migrate the container (specify the first several digits or the full container ID). + + ``` shell + $ sudo isula-transform b7ebc7 + transform b7ebc7: success + ``` + +3. Restart iSulad to view the container. + + ``` shell + $ systemctl restart isulad && sudo isula ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + b7ebc79a8329 rnd-dockerhub.huawei.com/official/ubuntu "bash" 8 minutes ago Exited (0) 2 minutes ago inspiring_dirac + ``` + +4. Start the container and check data. If the container is started with complete data, it is migrated successfully. + + ``` shell + $ sudo isula start b7ebc7 + $ sudo isula exec b7ebc7 cat /test/hello.txt + hello isula 2.0 + $ sudo isula exec b7ebc7 cat /root/world.txt + hello isula-transform + ``` + +5. Delete the container. + + ``` shell + $ sudo isula rm -f b7ebc7 + b7ebc79a83297d781069308311cd1456539ab663fc284c80386a941af1a78685 + $ sudo isula ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + ``` + +## Usage Guidelines + +### Usage + +isula-transform supports the following functions: + +1. Migrate a specified container. + + Run the following command to migrate a specified Docker container by specifying its container ID: + + ``` shell + isula-transform [OPTIONS] container_id [container_id...] + ``` + + Multiple container IDs can be specified at a time. To use a short ID, ensure that the short ID is unique. + +2. Migrate all containers. + + Add the --all option to migrate all Docker containers in running or pause state: + + ``` shell + isula-transform [OPTIONS] --all + ``` + + If both the container ID and the --all option are specified, isula-transform ignores the input container ID. + +For details about other configurable parameters, see [Parameter Description](#parameter-description). + +### Parameter Description + +OPTIONS in the preceding commands indicates optional parameters. For details, see the following table: + +| Option | Description | +| -------------- | :----------------------------------------------------------- | +| --log | Log file path. Default value: /var/log/isula-kits/transform.log | +| --log-level | The lowest level of output logs. Values can be debug, info, warn, and error. Default value: info | +| --docker-graph | Docker graph path. Default value: /var/lib/docker | +| --docker-state | Docker state path. Default value: /var/run/docker | + + +### Precautions + +- isula-transform applies to non-cluster scenarios. In cluster scenarios such as Kubernetes, you are advised to configure the iSulad engine and start a new container. +- isula-transform supports the migration of containers created by Docker 18.09. Containers must be in running or pause state. +- After migration, the original Docker container is in pause state. You can determine its lifecycle. +- isula-transform requires that the migrated Docker container be started using --network=host or reuse the network stack of the container started in the host network. In the latter scenario, both containers need to be migrated, and the parent container needs to be started first after the migration. +- If the shared namespace (pid, ipc) is involved, both parent and child containers need to be migrated. After the migration, the parent container needs to be started first. +- If the cgroup-parent is specified, the cgroup created by the Docker engine for the migrated Docker container has not been destroyed, the iSulad engine cannot create cgroups for the new container. The new container can only be started after the migrated Docker container has been stopped or deleted +- Docker container's parameters that are not supported by the iSula container will be discarded after migration. + +## Appendix + +### Communication Matrix and Permission Description + +#### Communication Matrix + +When isula-transform is running, it functions as a client to access dockerd on the server. isula-transform and dockerd communicate with each other through the Unix socket file. The path is as follows: + +| Server | Socket path | +|---|:---| +|dockerd|/var/run/docker.sock| + +#### File and Permission + +- The root permission is required for running isula-transform. +- The following table lists file permissions involved in isula-transform running. + + | File Path | Permission | Description | + |:---|---|:---| + |/usr/bin/isula-transform|0550| Executable binary file| + |/Var/log/isula-kits/transform.log|0600| Default isula-transform log file| diff --git a/docs/en/docs/Container/local-volume-management.md b/docs/en/docs/Container/local-volume-management.md new file mode 100644 index 0000000000000000000000000000000000000000..df43aed406db776f03cf7e8d620267c2166cd85a --- /dev/null +++ b/docs/en/docs/Container/local-volume-management.md @@ -0,0 +1,206 @@ +#Local Volume Management + + + +- [Local Volume Management](#local-volume-management) + - [Overview](#overview) + - [Precautions](#precautions) + - [Usage](#usage) + - [Using the -v Option to Mount Data](#using-the--v-option-to-mount-data) + - [**Format**](#format) + - [**Functions**](#functions) + - [**Parameter Description**](#parameter-description) + - [**Examples**](#examples) + - [Using the --mount Option to Mount Data](#using-the---mount-option-to-mount-data) + - [**Format**](#format-1) + - [**Functions**](#functions-1) + - [**Parameter Description**](#parameter-description-1) + - [**Examples**](#examples-1) + - [Reusing the Mounting Configuration in Other Containers](#reusing-the-mounting-configuration-in-other-containers) + - [**Format**](#format-2) + - [**Functions**](#functions-2) + - [**Parameter Description**](#parameter-description-2) + - [**Examples**](#examples-2) + - [Using the Anonymous Volume in an Image](#using-the-anonymous-volume-in-an-image) + - [Querying a Volume](#querying-a-volume) + - [**Format**](#format-3) + - [**Functions**](#functions-3) + - [**Parameter Description**](#parameter-description-3) + - [**Examples**](#examples-3) + - [Deleting a Volume](#deleting-a-volume) + - [**Format**](#format-4) + - [**Functions**](#functions-4) + - [**Parameter Description**](#parameter-description-4) + - [**Examples**](#examples-4) + - [Precautions](#precautions-1) + - [Conflict Combination Rules](#conflict-combination-rules) + - [Differences Between iSula and Docker](#differences-between-isula-and-docker) + + + +## Overview + +After a container managed by iSula is destroyed, all data in the container is destroyed. If you want to retain data after the container is destroyed, a data persistence mechanism is required. iSula allows files, directories, or volumes on a host to be mounted to a container at runtime. You can write the data to be persisted to the mount point in the container. After the container is destroyed, the files, directories, and volumes on the host are retained. If you need to delete a file, directory, or volume on the host, you can manually delete the file or directory, or run the iSula command to delete the volume. Currently, the iSula supports only local volume management. Local volumes are classified into named volumes and anonymous volumes. A volume whose name is specified by a user is called a named volume. If a user does not specify a name for a volume, iSula automatically generates a name (a 64-bit random number) for the volume, that is, an anonymous volume. + +The following describes how to use iSula to manage local volumes. + +## Precautions + +- The volume name contains 2 to 64 characters and complies with the regular expression ^[a-zA-Z0-9][a-zA-Z0-9_.-]{1,63}$. That is, the first character of the volume name must be a letter or digit, and other characters can be letters, digits, underscores (_), periods (.), and hyphens (-). +- During container creation, if data exists at the mount point of the container corresponding to the volume, the data is copied to the volume by default. If the iSula breaks down or restarts or the system is powered off during the copy process, the data in the volume may be incomplete. In this case, you need to manually delete the volume or the data in the volume to ensure that the data is correct and complete. + +## Usage + +### Using the -v Option to Mount Data + +#### **Format** + +```shell +isula run -v [SRC:]DST[:MODE,MODE...] IMAGE +``` + +#### **Functions** + +When you create and run a container, use the -v/--volume option to mount the files, directories, or volumes on the host to the container for data persistence. + +#### **Parameter Description** +- SRC: Path of the file, directory, or volume to be mounted on the host. If the value is an absolute path, a file or folder on the host is mounted. If the value is a volume name, a volume is mounted. If this parameter is not specified, an anonymous volume is mounted. If a folder or volume does not exist, iSula creates a folder or volume and then mounts it. +- DST: Mount path in the container. The value must be an absolute path. +- MODE: When the source to be mounted is a directory or file, the valid parameters are ro, rw, z, Z, private, rprivate, slave, rslave, shared, and rshared. Only one parameter of the same type can be configured. If the source is a volume, the valid parameters are ro, rw, z, Z, and nocopy. Only one parameter of the same type can be configured. Use commas (,) to separate multiple attributes. The parameters are described as follows: + +| Parameter | Description | +| -------- | -----------------------------------------------| +| ro | The mount point in the container is mounted in read-only mode. | +| rw | The mount point in the container is mounted in read/write mode. | +| z | If SELinux is enabled, add the SELinux share label during mounting. | +| Z | If SELinux is enabled, add the SELinux private label during mounting. | +| private | The mount point in the container is mounted in private propagation mode. | +| rprivate | The mount point in the container is recursively mounted in private propagation mode. | +| slave | The mount point in the container is mounted in subordinate propagation mode. | +| rslave | The mount point in the container is recursively mounted in subordinate propagation mode. | +| shared | The mount point in the container is mounted in shared propagation mode. | +| rshared | The mount point in the container is recursively mounted in shared propagation mode. | +| nocopy | Data at the mount point is not copied. If this parameter is not set, data is copied by default. In addition, if data already exists in the volume, the data will not be copied. | + + +#### **Examples** +Run the container based on BusyBox, create or mount a volume named vol to the /vol directory of the container, and set the mount point to read-only. In addition, if data exists at the mount point in the container, the data is not copied. +```shell +isula run -v vol:/vol:ro,nocopy busybox +``` + +### Using the --mount Option to Mount Data + +#### **Format** +```shell +isula run --mount [type=TYPE,][src=SRC,]dst=DST[,KEY=VALUE] busybox +``` + +#### **Functions** +When you create and run a container, use the --mount option to mount the files, directories, or volumes on the host to the container for data persistence. + +#### **Parameter Description** +- type: Type of data mounted to the container. The value can be bind, volume, or squashfs. If this parameter is not specified, the default value is volume. +- src: Path of the file, directory, or volume to be mounted on the host. If the value is an absolute path, the file or directory on the host is mounted. If the value is a volume name, a volume is mounted. If this parameter is not specified, the volume is an anonymous volume. If a folder or volume does not exist, iSula creates a file or volume and then mounts it. The keyword src is also called source. +- dst: Mount path in the container. The value must be an absolute path. The keyword dst is also called destination or target. +- KEY=VALUE: Parameter of --mount. The values are as follows: + +| KEY | VALUE | +| ------------------------------ | --------------------------------------------------------------------------- | +| selinux-opts/bind-selinux-opts | z or Z. z indicates that if SELinux is enabled, the SELinux share label is added during mounting. Z indicates that if SELinux is enabled, the SELinux private label is added during mounting. +| ro/readonly | 0/false indicates that the mount is read/write. 1/true indicates that the mount is read-only. If this parameter is not specified, the mount is read-only. The parameter is supported only when type is set to bind. | +| volume-nocopy | Data at the mount point is not copied. If this parameter is not specified, data is copied by default. In addition, if data already exists in the volume, the data will not be copied. This parameter is supported only when type is set to volume. | + +#### **Examples** +Run the container based on BusyBox, create or mount a volume named vol to the /vol directory of the container, and set the mount point to read-only. In addition, if data exists at the mount point in the container, the data is not copied. +```shell +isula run --mount type=volume,src=vol,dst=/vol,ro=true,volume-nocopy=true busybox +``` + +### Reusing the Mounting Configuration in Other Containers + +#### **Format** +```shell +isula run --volumes-from CON1[:MODE] busybox +``` + +#### **Functions** +When you create and run a container, use the --volumes-from option to indicate that the mount point configuration includes that of the CON1 container. You can set multiple --volumes-from options. + +#### **Parameter Description** +- CON1: Name or ID of the container whose mount point is reused. +- MODE: If the value is ro, the mount point is read-only. If the value is rw, the mount point is read/write. + +#### **Examples** +Assume that a container named container1 has been configured with a volume vol1 to the container directory /vol1, and a container named container2 has been configured with a volume vol2 to the container directory /vol2. Run a new container to reuse the mounting configuration of container1 and container2. That is, volume vol1 is mounted to the /vol1 directory of the container, and volume vol2 is mounted to the /vol2 directory of the container. +```shell +isula run --volumes-from container1 --volumes-from container2 busbyox +``` + +### Using the Anonymous Volume in an Image + +You do not need to perform any configuration to use the anonymous volume in the image. If an anonymous volume is configured in the image, iSula automatically creates an anonymous volume and mounts it to the specified path in the image at container runtime. You can write data to the mount point of an anonymous volume in a container for data persistence. + +### Querying a Volume + +#### **Format** +```shell +isula volume ls [OPTIONS] +``` + +#### **Functions** +This command is used to query all volumes managed by iSula. + +#### **Parameter Description** +Option: +- -q,--quit: If this parameter is not specified, only the volume driver information and volume name are queried by default. If this parameter is specified, only the volume name is queried. + +#### **Examples** +This command is used to query all volumes managed by iSula and return only the volume name. +```shell +isula volume ls -q +``` + +### Deleting a Volume + +#### **Format** +``` +isula volume rm [OPTIONS] VOLUME [VOLUME...] +isula volume prune [OPTIONS] +``` + +#### **Functions** +- rm: deletes a specified volume. If the volume is used by a container, the volume fails to be deleted. +- prune: deletes all volumes that are not used by containers. + +#### **Parameter Description** +OPTIONS in the prune command: +- -f,--force: specifies that the system does not display a message asking you whether to delete the volume. By default, a risk message is displayed. You need to enter y to continue the operation. + +#### **Examples** +Delete volumes vol1 and vol2. +```shell +isula volume rm vol1 vol2 +``` +Delete all unused volumes in the following format. No risk message is displayed. +```shell +isula volume prune -f +``` + +### Precautions + +#### Conflict Combination Rules +If a volume mount point conflict occurs, perform the following operations: +- If configurations of -v and --mount conflict, a failure message is returned. +- If the configuration obtained from --volumes-from conflicts with the -v or --mount configuration, the configuration is discarded. +- If the anonymous volume configuration in the image conflicts with the -v, --mount, or --volumes-from configuration, the configuration is discarded. + +#### Differences Between iSula and Docker +| iSula Behavior | Docker Behavior | +| ------------------------------------------- | ------------------------------------------- | +| The volume name can contain a maximum of 64 characters. | The length of the volume name is not limited. | +| If the source to be mounted does not exist, the --mount parameter is created. | If the source to be mounted does not exist, an error is reported. | +| The --mount parameter supports the z or Z parameter configuration in bind-selinux-opts and selinux-opts. | The --mount parameter does not support the parameter configuration in the bind-selinux-opts and selinux-opts. | +| Rules for combining mount point conflicts are not processed. | The anonymous volume specified by -v is processed as the anonymous volume in the image. | +| The volume prune command displays the space that has been reclaimed. | The volume prune command does not display the space that has been reclaimed. | +| -v, --mount, and --volumes-from are configured in hostconfig, and the anonymous volume is configured in config. | The anonymous volume specified by -v is configured in config, and other configurations are configured in hostconfig. | diff --git a/docs/en/docs/Container/secure-container.md b/docs/en/docs/Container/secure-container.md index 0be359e1b7e5c03ad5503c059141f3131c203050..17d1a899f252929793d08b6de0e7998b8f0fe0a0 100644 --- a/docs/en/docs/Container/secure-container.md +++ b/docs/en/docs/Container/secure-container.md @@ -1,6 +1,5 @@ # Secure Container - ## Overview The secure container technology is an organic combination of virtualization and container technologies. Compared with a common Linux container, a secure container has better isolation performance. @@ -11,7 +10,6 @@ Secure containers are isolated by the virtualization layers. Containers on the s **Figure 1** Secure container architecture - ![](./figures/sec-container.png) Secure containers are closely related to the concept of pod in Kubernetes. Kubernetes is the open-source ecosystem standard for the container scheduling management platform. It defines a group of container runtime interfaces \(CRIs\). diff --git a/docs/en/docs/Container/security-and-isolation.md b/docs/en/docs/Container/security-and-isolation.md index ada1aada90a1c37d05acf92751d5ed5c0f461eb8..ee2388f14069c7f1c3b1801ccf1f36e2ea2402e8 100644 --- a/docs/en/docs/Container/security-and-isolation.md +++ b/docs/en/docs/Container/security-and-isolation.md @@ -1,9 +1,9 @@ # Security and Isolation - [Security and Isolation](#security-and-isolation) - - [Many-to-Many User Namespaces](#many-to-many-user-namespaces) - - [User Permission Control](#user-permission-control) - - [proc File System Isolation \(Lxcfs\)](#proc-file-system-isolation-(lxcfs)) + - [Many-to-Many User Namespaces](#many-to-many-user-namespaces) + - [User Permission Control](#user-permission-control) + - [proc File System Isolation](#proc-file-system-isolation) @@ -208,7 +208,7 @@ You can configure the startup parameters of the iSulad container engine to speci ``` -## proc File System Isolation \(Lxcfs\) +## proc File System Isolation ### Application Scenario diff --git a/docs/en/docs/Container/security-features.md b/docs/en/docs/Container/security-features.md index 667f89a14a263b34ef6ce9ca001524cd907fe09b..2ce048c8a3ade738b44ea9417c36557fb9dd21c4 100644 --- a/docs/en/docs/Container/security-features.md +++ b/docs/en/docs/Container/security-features.md @@ -2,67 +2,57 @@ - [Security Features](#security-features) - [Seccomp Security Configuration](#seccomp-security-configuration) - - [Scenarios](#scenarios-9) - - [Usage Restrictions](#usage-restrictions-10) - - [Usage Guide](#usage-guide-11) - [capabilities Security Configuration](#capabilities-security-configuration) - - [Scenarios](#scenarios-12) - - [Usage Restrictions](#usage-restrictions-13) - - [Usage Guide](#usage-guide-14) - [SELinux Security Configuration](#selinux-security-configuration) - - [Scenarios](#scenarios-15) - - [Usage Restrictions](#usage-restrictions-16) - - [Usage Guide](#usage-guide-17) - - - - ## Seccomp Security Configuration - - ### Scenarios Secure computing mode \(seccomp\) is a simple sandboxing mechanism introduced to the Linux kernel from version 2.6.23. In some specific scenarios, you may want to perform some privileged operations in a container without starting the privileged container. You can add **--cap-add** at runtime to obtain some small-scope permissions. For container instances with strict security requirements, th capability granularity may not meet the requirements. You can use some methods to control the permission scope in a refined manner. -- Example +- Example In a common container scenario, you can use the **-v** flag to map a directory \(including a binary file that cannot be executed by common users\) on the host to the container. In the container, you can add chmod 4777 \(the modification permission of the binary file\) to the S flag bit. In this way, on the host, common users who cannot run the binary file \(or whose running permission is restricted\) can obtain the permissions of the binary file \(such as the root permission\) when running the binary file after the action added to the S flag bit is performed, so as to escalate the permission or access other files. - In this scenario, if strict security requirements are required, the chmod, fchmod, and fchmodat system calls need to be tailored by using seccomp. - + In this scenario, if strict security requirements are required, the chmod, fchmod, and fchmodat system calls need to be tailored by using seccomp. ### Usage Restrictions -- Seccomp may affect performance. Before setting seccomp, evaluate the scenario and add the configuration only if necessary. +- Do not disable the seccomp feature of iSulad. + + By default, iSulad has a seccomp configuration. An allowlist is used in the configuration. syscalls that are not in the allowlist will be disabled by seccomp. You can use the **--security-opt 'seccomp:unconfined'** API to disable the seccomp feature. If seccomp is disabled or the user-defined seccomp configuration is used but the allowlist is incomplete, the attack surface of the container to the kernel increases. + +- The default seccomp configuration is an allowlist. For syscalls that are not in the allowlist, **SCMP_ACT_ERRNO** is returned by default. In addition, different syscalls are made available based on different capabilities. iSulad does not grant permissions that are not in the allowlist to containers by default. ### Usage Guide Use **--security-opt** to transfer the configuration file to the container where system calls need to be filtered. -``` +```shell isula run -itd --security-opt seccomp=/path/to/seccomp/profile.json rnd-dockerhub.huawei.com/official/busybox ``` ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->1. When the configuration file is transferred to the container by using **--security-opt** during container creation, the default configuration file \(**/etc/isulad/seccomp\_default.json**\) is used. ->2. When **--security-opt** is set to **unconfined** during container creation, system calls are not filtered for the container. ->3. **/path/to/seccomp/profile.json** must be an absolute path. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>1. When the configuration file is transferred to the container by using **--security-opt** during container creation, the default configuration file \(**/etc/isulad/seccomp\_default.json**\) is used. +>2. When **--security-opt** is set to **unconfined** during container creation, system calls are not filtered for the container. +>3. **/path/to/seccomp/profile.json** must be an absolute path. +>4. **--security-opt** can be separated by equal signs (=) instead of colons (:). #### Obtaining the Default Seccomp Configuration of a Common Container -- Start a common container \(or a container with **--cap-add**\) and check its default permission configuration. +- Start a common container \(or a container with **--cap-add**\) and check its default permission configuration. - ``` + ```shell cat /etc/isulad/seccomp_default.json | python -m json.tool > profile.json ``` The **seccomp** field contains many **syscalls** fields. Then extract only the **syscalls** fields and perform the customization by referring to the customization of the seccomp configuration file. - ``` + ```json "defaultAction": "SCMP_ACT_ERRNO", "syscalls": [ { @@ -88,14 +78,13 @@ isula run -itd --security-opt seccomp=/path/to/seccomp/profile.json rnd-dockerhu ]... ``` +- Check the seccomp configuration that can be identified by the LXC. -- Check the seccomp configuration that can be identified by the LXC. - - ``` + ```shell cat /var/lib/isulad/engines/lcr/74353e38021c29314188e29ba8c1830a4677ffe5c4decda77a1e0853ec8197cd/seccomp ``` - ``` + ```console ... waitpid allow write allow @@ -109,18 +98,17 @@ isula run -itd --security-opt seccomp=/path/to/seccomp/profile.json rnd-dockerhu ... ``` - #### Customizing the Seccomp Configuration File When starting a container, use **--security-opt** to introduce the seccomp configuration file. Container instances will restrict the running of system APIs based on the configuration file. Obtain the default seccomp configuration of common containers, obtain the complete template, and customize the configuration file by referring to this section to start the container. -``` +```shell isula run --rm -it --security-opt seccomp:/path/to/seccomp/profile.json rnd-dockerhub.huawei.com/official/busybox ``` The configuration file template is as follows: -``` +```json { "defaultAction": "SCMP_ACT_ALLOW", "syscalls": [ @@ -133,14 +121,16 @@ The configuration file template is as follows: } ``` ->![](./public_sys-resources/icon-notice.gif) **NOTICE:** ->- **defaultAction** and **syscalls**: The types of their corresponding actions are the same, but their values must be different. The purpose is to ensure that each syscall has a default action. Clear definitions in the syscall array shall prevail. As long as the values of **defaultAction** and **action** are different, no action conflicts will occur. The following actions are supported: +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** +> +>- **defaultAction** and **syscalls**: The types of their corresponding actions are the same, but their values must be different. The purpose is to ensure that each syscall has a default action. Clear definitions in the syscall array shall prevail. As long as the values of **defaultAction** and **action** are different, no action conflicts will occur. The following actions are supported: > **SCMP\_ACT\_ERRNO**: forbids calling syscalls and displays error information. > **SCMP\_ACT\_ALLOW**: allows calling syscalls. ->- **syscalls**: array, which can contain one or more syscalls. **args** is optional. ->- **name**: syscalls to be filtered. ->- **args**: array. The definition of each object in the array is as follows: -> ``` +>- **syscalls**: array, which can contain one or more syscalls. **args** is optional. +>- **name**: syscalls to be filtered. +>- **args**: array. The definition of each object in the array is as follows: +> +> ```c > type Arg struct { > Index uint `json:"index"` // Parameter ID. Take open(fd, buf, len) as an example. The fd corresponds to 0 and buf corresponds to 1. > Value uint64 `json:"value"` // Value to be compared with the parameter. @@ -148,33 +138,31 @@ The configuration file template is as follows: > Op Operator `json:"op"` > } > ``` -> The value of **Op** in **args** can be any of the following: -> "SCMP\_CMP\_NE": NotEqualTo -> "SCMP\_CMP\_LT": LessThan -> "SCMP\_CMP\_LE": LessThanOrEqualTo -> "SCMP\_CMP\_EQ": EqualTo -> "SCMP\_CMP\_GE": GreaterThanOrEqualTo -> "SCMP\_CMP\_GT": GreaterThan -> "SCMP\_CMP\_MASKED\_EQ": MaskEqualTo +> +> The value of **Op** in **args** can be any of the following: +> "SCMP\_CMP\_NE": NotEqualTo +> "SCMP\_CMP\_LT": LessThan +> "SCMP\_CMP\_LE": LessThanOrEqualTo +> "SCMP\_CMP\_EQ": EqualTo +> "SCMP\_CMP\_GE": GreaterThanOrEqualTo +> "SCMP\_CMP\_GT": GreaterThan +> "SCMP\_CMP\_MASKED\_EQ": MaskEqualTo ## capabilities Security Configuration - - - ### Scenarios The capability mechanism is a security feature introduced to Linux kernel after version 2.2. The super administrator permission is controlled at a smaller granularity to prevent the root permission from being used. The root permission is divided based on different domains so that the divided permissions can be enabled or disabled separately. For details about capabilities, see the _Linux Programmer's Manual_ \([capabilities\(7\) - Linux man page](http://man7.org/linux/man-pages/man7/capabilities.7.html)\). -``` +```shell man capabilities ``` ### Usage Restrictions -- The default capability list \(whitelist\) of the iSulad service, which is carried by common container processes by default, are as follows: +- The default capability list \(whitelist\) of the iSulad service, which is carried by common container processes by default, are as follows: - ``` + ```text "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FSETID", @@ -191,51 +179,48 @@ man capabilities "CAP_AUDIT_WRITE" ``` -- Default configurations of capabilities include **CAP\_SETUID** and **CAP\_FSETID**. If the host and a container share a directory, the container can set permissions for the binary file in the shared directory. Common users on the host can use this feature to elevate privileges. The container can write **CAP\_AUDIT\_WRITE** to the host, which may cause risks. If the application scenario does not require this capability, you are advised to use **--cap-drop** to delete the capability when starting the container. -- Adding capabilities means that the container process has greater capabilities than before. In addition, more system call APIs are opened. +- Default configurations of capabilities include **CAP\_SETUID** and **CAP\_FSETID**. If the host and a container share a directory, the container can set permissions for the binary file in the shared directory. Common users on the host can use this feature to elevate privileges. The container can write **CAP\_AUDIT\_WRITE** to the host, which may cause risks. If the application scenario does not require this capability, you are advised to use **--cap-drop** to delete the capability when starting the container. +- Adding capabilities means that the container process has greater capabilities than before. In addition, more system call APIs are opened. ### Usage Guide iSulad uses **--cap-add** or **--cap-drop** to add or delete specific permissions for a container. Do not add extra permissions to the container unless necessary. You are advised to remove the default but unnecessary permissions from the container. -``` +```shell isula run --rm -it --cap-add all --cap-drop SYS_ADMIN rnd-dockerhub.huawei.com/official/busybox ``` ## SELinux Security Configuration - - ### Scenarios Security-Enhanced Linux \(SELinux\) is a Linux kernel security module that provides a mechanism for supporting access control security policies. Through Multi-Category Security \(MCS\), iSulad labels processes in containers to control containers' access to resources, reducing privilege escalation risks and preventing further damage. ### Usage Restrictions -- Ensure that SELinux is enabled for the host and daemon \(the **selinux-enabled** field in the **/etc/isulad/daemon.json** file is set to **true** or **--selinux-enabled** is added to command line parameters\). -- Ensure that a proper SELinux policy has been configured on the host. container-selinux is recommended. -- The introduction of SELinux affects the performance. Therefore, evaluate the scenario before setting SELinux. Enable the SELinux function for the daemon and set the SELinux configuration in the container only when necessary. -- When you configure labels for a mounted volume, the source directory cannot be a subdirectory of **/**, **/usr**, **/etc**, **/tmp**, **/home**, **/run**, **/var**, **/root**, or **/usr**. - ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- iSulad does not support labeling the container file system. To ensure that the container file system and configuration directory are labeled with the container access permission, run the **chcon** command to label them. ->- If SELinux access control is enabled for iSulad, you are advised to add a label to the **/var/lib/isulad** directory before starting daemon. Files and folders generated in the directory during container creation inherit the label by default. For example: -> ``` +- Ensure that SELinux is enabled for the host and daemon \(the **selinux-enabled** field in the **/etc/isulad/daemon.json** file is set to **true** or **--selinux-enabled** is added to command line parameters\). +- Ensure that a proper SELinux policy has been configured on the host. container-selinux is recommended. +- The introduction of SELinux affects the performance. Therefore, evaluate the scenario before setting SELinux. Enable the SELinux function for the daemon and set the SELinux configuration in the container only when necessary. +- When you configure labels for a mounted volume, the source directory cannot be a subdirectory of **/**, **/usr**, **/etc**, **/tmp**, **/home**, **/run**, **/var**, **/root**, or **/usr**. + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- iSulad does not support labeling the container file system. To ensure that the container file system and configuration directory are labeled with the container access permission, run the **chcon** command to label them. +>- If SELinux access control is enabled for iSulad, you are advised to add a label to the **/var/lib/isulad** directory before starting daemon. Files and folders generated in the directory during container creation inherit the label by default. For example: +> +> ```shell > chcon -R system_u:object_r:container_file_t:s0 /var/lib/isulad > ``` ### Usage Guide -- Enable SELinux for daemon. +- Enable SELinux for daemon. - ``` + ```shell isulad --selinux-enabled ``` - -   - -- Configure SELinux security context labels during container startup. +- Configure SELinux security context labels during container startup. **--security-opt="label=user:USER"**: Set the label user for the container. @@ -247,24 +232,17 @@ Security-Enhanced Linux \(SELinux\) is a Linux kernel security module that provi **--security-opt="label=disable"**: Disable the SELinux configuration for the container. - ``` + ```shell $ isula run -itd --security-opt label=type:container_t --security-opt label=level:s0:c1,c2 rnd-dockerhub.huawei.com/official/centos 9be82878a67e36c826b67f5c7261c881ff926a352f92998b654bc8e1c6eec370 ``` +- Add the selinux label to a mounted volume \(**z** indicates the shared mode\). -   - -- Add the selinux label to a mounted volume \(**z** indicates the shared mode\). - - ``` + ```shell $ isula run -itd -v /test:/test:z rnd-dockerhub.huawei.com/official/centos 9be82878a67e36c826b67f5c7261c881ff926a352f92998b654bc8e1c6eec370 $ls -Z /test system_u:object_r:container_file_t:s0 file ``` - -    - - diff --git a/docs/en/docs/Container/shared-memory-channels.md b/docs/en/docs/Container/shared-memory-channels.md index f00335a8fe96cb4b9e08c181566800601a15d63a..1e5f9e2229789e2313799e9790b7e236aebceb63 100644 --- a/docs/en/docs/Container/shared-memory-channels.md +++ b/docs/en/docs/Container/shared-memory-channels.md @@ -1,8 +1,5 @@ # Shared Memory Channels -- [Shared Memory Channels](#shared-memory-channels) - - ## Function Description System containers enable the communication between container and host processes through shared memory. You can set the **--host-channel** parameter when creating a container to allow the host to share the same tmpfs with the container so that they can communicate with each other. diff --git a/docs/en/docs/Container/specifying-rootfs-to-create-a-container.md b/docs/en/docs/Container/specifying-rootfs-to-create-a-container.md index 8b0763f4d276fbf56c952c00acc251abbf1160ac..5ff1952020ec65cc7cbec947baeec1447caf6975 100644 --- a/docs/en/docs/Container/specifying-rootfs-to-create-a-container.md +++ b/docs/en/docs/Container/specifying-rootfs-to-create-a-container.md @@ -31,7 +31,7 @@ Different from a common container that needs to be started by specifying a conta ## Constraints - The rootfs directory specified by the **--external-rootfs** parameter must be an absolute path. -- The rootfs directory specified by the **--external-rootfs** parameter must be a complete OS environment. Otherwise, the container fails to be started. +- The rootfs directory specified by the **--external-rootfs** parameter must be a complete OS environment including **systemd** package. Otherwise, the container fails to be started. - When a container is deleted, the rootfs directory specified by **--external-rootfs** is not deleted. - Containers based on ARM rootfs cannot run on x86 servers. Containers based on x86 rootfs cannot run on ARM servers. - You are not advised to start multiple container instances by using the same rootfs. That is, one rootfs is used only by container instances in the same lifecycle. diff --git a/docs/en/docs/Container/system-container.md b/docs/en/docs/Container/system-container.md index 626a98a8a1aeb893d09d0965fa3a19de85d98be5..37861583d3becff0c5d5cb8134bcf5d44af561e7 100644 --- a/docs/en/docs/Container/system-container.md +++ b/docs/en/docs/Container/system-container.md @@ -1,5 +1,3 @@ # System Container - System containers are used for heavyweight applications and cloud-based services in scenarios with re-computing, high performance, and high concurrency. Compared with the VM technology, system containers can directly inherit physical machine features and has better performance and less overhead. In addition, system containers can be allocated more computing units of limited resources, reducing costs. Therefore, system containers can be used to build differentiated product competitiveness and provide computing unit instances with higher computing density, lower price, and better performance. - diff --git a/docs/en/docs/Container/usage-guide.md b/docs/en/docs/Container/usage-guide.md index df5b305b523c1d4c60c33fd4d270dc58d613be0a..1cf3c17bdb268999da32dd19e827a5b7596101dd 100644 --- a/docs/en/docs/Container/usage-guide.md +++ b/docs/en/docs/Container/usage-guide.md @@ -1,19 +1,17 @@ # Usage Guide - System container functions are enhanced based on the iSula container engine. The container management function and the command format of the function provided by system containers are the same as those provided by the iSula container engine. -The following sections describe how to use the enhanced functions provided by system containers. For details about other command operations, see [iSulad Container Engine](#isulad-container-engine.md#EN-US_TOPIC_0184808037). +The following sections describe how to use the enhanced functions provided by system containers. For details about other command operations, see [iSulad Container Engine](isula-container-engine.md#EN-US_TOPIC_0184808037). The system container functions involve only the **isula create/run** command. Unless otherwise specified, this command is used for all functions. The command format is as follows: -``` +```shell isula create/run [OPTIONS] [COMMAND] [ARG...] ``` In the preceding format: -- **OPTIONS**: one or more command parameters. For details about supported parameters, see [iSulad Container Engine](#isulad-container-engine.md#EN-US_TOPIC_0184808037) \> [Appendix](#appendix.md#EN-US_TOPIC_0184808158) \> [Command Line Parameters](#command-line-parameters.md#EN-US_TOPIC_0189976936). -- **COMMAND**: command executed after a system container is started. -- **ARG**: parameter corresponding to the command executed after a system container is started. - +- **OPTIONS**: one or more command parameters. For details about supported parameters, see [iSulad Container Engine](isula-container-engine.md#EN-US_TOPIC_0184808037) \> [Appendix](appendix.md#EN-US_TOPIC_0184808158) \> [Command Line Parameters](./appendix.md#command-line-parameters.md). +- **COMMAND**: command executed after a system container is started. +- **ARG**: parameter corresponding to the command executed after a system container is started. diff --git a/docs/en/docs/Container/usage.md b/docs/en/docs/Container/usage.md new file mode 100644 index 0000000000000000000000000000000000000000..79eb129531e90d07022be1b67cef89fcc5c57111 --- /dev/null +++ b/docs/en/docs/Container/usage.md @@ -0,0 +1,6 @@ +# Usage + +This section describes how to use iSula. + +> ![](./public_sys-resources/icon-note.gif) **Note** +> All iSulad operations require root permissions. diff --git a/docs/en/docs/Container/using-systemd-to-start-a-container.md b/docs/en/docs/Container/using-systemd-to-start-a-container.md index 4b251231748f30b94973cdd9a557994350a7db69..ec66805971a8cebb0f780120cb9d8d5527a27dbc 100644 --- a/docs/en/docs/Container/using-systemd-to-start-a-container.md +++ b/docs/en/docs/Container/using-systemd-to-start-a-container.md @@ -1,11 +1,8 @@ # Using systemd to Start a Container -- [Using systemd to Start a Container](#using-systemd-to-start-a-container) - - ## Function Description -The init process started in system containers differs from that in common containers. Common containers cannot start system services through systemd. However, system containers have this capability. You can enable the systemd service by specifying the **--system-contianer** parameter when starting a system container. +The init process started in system containers differs from that in common containers. Common containers cannot start system services through systemd. However, system containers have this capability. You can enable the systemd service by specifying the **--system-container** parameter when starting a system container. ## Parameter Description diff --git a/docs/en/docs/GCC/gcc-toolset-user-guide.md b/docs/en/docs/GCC/gcc-toolset-user-guide.md new file mode 100644 index 0000000000000000000000000000000000000000..56a6e6033d27bffebc8eb9eb5b03314b99c4c42e --- /dev/null +++ b/docs/en/docs/GCC/gcc-toolset-user-guide.md @@ -0,0 +1,48 @@ +# GCC Toolset User Guide + +## Introduction + +To ensure the stability of the OS, the latest version of base software is not selected generally. Instead, a relatively stable version is used. openEuler 20.03 LTS uses GCC 7.3.1 as the baseline for development. However, GCC 7.3.0 does not support new hardware features of Arm v8.6. To support new Arm features, the GCC toolset that supports multiple compiler versions is designed. GCC Toolset 10 can be used by applications requiring new features later than Arm v8.6, to support compile and build. + +## Installation and Deployment + +### Software Requirements + +OS: openEuler 20.03 LTS SP4 + +### Hardware Requirement + +aarch64 architecture + +### Software Installation + +To prevent conflicts between installation dependencies of GCC Toolset 10 and the default GCC, the software package of GCC Toolset 10 is prefixed with **gcc-toolset-10-**, followed by the name of the original GCC software package. + +Install the default compiler GCC 7.3.0 in `/usr/`. + +```shell +yum install -y gcc gcc-c++ +``` + +Install GCC Toolset 10 in `/opt/openEuler/gcc-toolset-10/root/usr/`. + +```shell +yum install -y gcc-toolset-10-gcc* +``` + +## Usage + +In the installation path `/opt/openEuler/gcc-toolset-10/root/usr/` of GCC Toolset 10, run the following commands to use the software: + +```shell +export PATH=/opt/openEuler/gcc-toolset-10/root/usr/bin/:$PATH +export LD_LIBRARY_PATH=/opt/openEuler/gcc-toolset-10/root/usr/lib64/:$LD_LIBRARY_PATH +``` + +**Note: GCC Toolset 10 supports only new hardware features later than Arm v8.6. For other features, you are advised to use the default GCC 7.3.0 to prevent unknown compilation errors.** + +## Compatibility + +This section describes the compatibility issues in some special scenarios. This project is in continuous iteration and issues will be fixed as soon as possible. Developers are welcome to join this project. + +The GCC toolset solution adapts only to the new features of Arm v8.6 and supports only the AArch64 architecture. diff --git a/docs/en/docs/GCC/overview.md b/docs/en/docs/GCC/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..ef20a9580fd3bd85c3c75ba9df7a35c7c5887809 --- /dev/null +++ b/docs/en/docs/GCC/overview.md @@ -0,0 +1,3 @@ +# GCC for openEuler User Guide + +The GCC for openEuler compiler is developed based on the open source GNU Compiler Collection (GCC). The open source GCC is the de facto standard of cross-platform compilers. It complies with the GPLv3 license and is the most widely used C/C++ compiler on Linux. GCC for openEuler inherits capabilities of the open source GCC. It also has optimizations on C, C++, and Fortran languages and delivers enhanced features such as automatic feedback-directed optimization, software and hardware collaboration, memory optimization, and automatic vectorization. GCC for openEuler is compatible with a wide range of hardware platforms such as Kunpeng, Phytium, and Loongson, fully unleashing the computing power of these hardware platforms. diff --git a/docs/en/docs/HA/HA_usage_example.md b/docs/en/docs/HA/HA_usage_example.md new file mode 100644 index 0000000000000000000000000000000000000000..ae7337922df77af374b42ac3081ab2e2c2d78ea4 --- /dev/null +++ b/docs/en/docs/HA/HA_usage_example.md @@ -0,0 +1,266 @@ +# HA Usage Example + +This section describes how to get started with the HA cluster and add an instance. If you are not familiar with HA installation, see [Installing and Deploying HA](./installing-and-deploying-HA.md). + + +- [HA Usage Example](#ha-usage-example) + - [Quick Start Guide](#quick-start-guide) + - [Login Page](#login-page) + - [Home Page](#home-page) + - [Navigation Bar](#navigation-bar) + - [Top Operation Area](#top-operation-area) + - [Resource Node List Area](#resource-node-list-area) + - [Node Operation Floating Area](#node-operation-floating-area) + - [Preference Settings](#preference-settings) + - [Adding Resources](#adding-resources) + - [Adding Common Resources](#adding-common-resources) + - [Adding Group Resources](#adding-group-resources) + - [Adding Clone Resources](#adding-clone-resources) + - [Editing Resources](#editing-resources) + - [Setting Resource Relationships](#setting-resource-relationships) + - [HA MySQL Configuration Example](#ha-mysql-configuration-example) + - [Configuring the Virtual IP Address](#configuring-the-virtual-ip-address) + - [Configuring NFS Storage](#configuring-nfs-storage) + - [Configuring MySQL](#configuring-mysql) + - [Adding the Preceding Resources as a Group Resource](#adding-the-preceding-resources-as-a-group-resource) + - [FAQ](#faq) + + +## Quick Start Guide + +- The following operations use the management platform newly developed by the community as an example. + +### Login Page + +The user name is **hacluster**, and the password is the one set on the host by the user. + +![](./figures/HA-api.png) + +### Home Page + +After logging in to the system, the main page is displayed. The main page consists of the side navigation bar, the top operation area, the resource node list area, and the node operation floating area. + +The following describes the features and usage of the four areas in detail. + +![](./figures/HA-home-page.png) + +#### Navigation Bar + +The side navigation bar consists of two parts: the name and logo of the HA cluster software, and the system navigation. The system navigation consists of three parts: System, Cluster Configurations, and Tools. System is the default option and the corresponding item to the home page. It displays the information and operation entries of all resources in the system. Preference Settings and Heartbeat Configurations are under Cluster Configurations. Log Download and Quick Cluster Operation are under Tools. These two items are displayed in a pop-up box after you click them. + +#### Top Operation Area + +The current login user is displayed statically. When you hover the mouse cursor on the user icon, the operation menu items are displayed, including Refresh Settings and Log Out. After you click Refresh Settings, the Refresh Settings dialog box is displayed with the option. You can set the automatic refresh modes for the system. The options are Do not refresh automatically, Refresh every 5 seconds, and Refresh every 10 seconds. By default, Do not refresh automatically is selected. Clicking Log Out to log out and jump to the login page. After that, a re-login is required if you want to continue to access the system. + +![](./figures/HA-refresh.png) + +#### Resource Node List Area + +The resource node list displays the resource information such as Resource Name, Status, Resource Type, Service, and Running Node of all resources in the system, and the node information such as all nodes in the system and the running status of the nodes. In addition, you can Add, Edit, Start, Stop, Clear, Migrate, Migrate Back, and Delete the resources, and set Relationships for the resources. + +#### Node Operation Floating Area + +By default, the node operation floating area is collapsed. When you click a node in the heading of the resource node list, the node operation area is displayed on the right, as shown in the preceding figure. This area consists of the collapse button, the node name, the stop button, and the standby button, and provides the stop and standby operations. Click the arrow in the upper left corner of the area to collapse the area. + +### Preference Settings + +The following operations can be performed using command lines. The following is an example. For more command details, run the `pcs --help` command. + +```shell +pcs property set stonith-enabled=false +pcs property set no-quorum-policy=ignore +``` + +Run `pcs property` to view all settings. + +![](./figures/HA-firstchoice-cmd.png) + +- Click Preference Settings in the navigation bar, the Preference Settings dialog box is displayed. Change the values of No Quorum Policy and Stonith Enabled from the default values to the values shown in the figure below. Then, click OK. + +![](./figures/HA-firstchoice.png) + +#### Adding Resources + +##### Adding Common Resources + +Click Add Common Resource. The Create Resource dialog box is displayed. All mandatory configuration items of the resource are on the Basic page. After you select a Resource Type on the Basic page, other mandatory and optional configuration items of the resource are displayed. When you type in the resource configuration information, a gray text area is displayed on the right of the dialog box to describe the current configuration item. After all mandatory parameters are set, click OK to create a common resource or click Cancel to cancel the add operation. The optional configuration items on the Instance Attribute, Meta Attribute, or Operation Attribute page are optional. The resource creation process is not affected if they are not configured. You can modify them as required. Otherwise, the default values are used. + +The following uses the Apache as an example to describe how to add an Apache resource. + +```shell +pcs resource create httpd ocf:heartbeat:apache +``` + +Check the resource running status: + +```shell +pcs status +``` + +![](./figures/HA-pcs-status.png) + +- Add the Apache resource: + +![](./figures/HA-add-resource.png) + +- If the following information is displayed, the resource is successfully added: + +![](./figures/HA-apache-suc.png) + +- The resource is successfully created and started, and runs on a node, for example, **ha1**. The Apache page is displayed. + +![](./figures/HA-apache-show.png) + +##### Adding Group Resources + +Adding group resources requires at least one common resource in the cluster. Click Add Group Resource. The Create Resource dialog box is displayed. All the parameters on the Basic tab page are mandatory. After setting the parameters, click OK to add the resource or click Cancel to cancel the add operation. + +- **Note: Group resources are started in the sequence of child resources. Therefore, you need to select child resources in sequence.** + +![](./figures/HA-group.png) + +If the following information is displayed, the resource is successfully added: + +![](./figures/HA-group-suc.png) + +##### Adding Clone Resources + +Click Add Clone Resource. The Create Resource dialog box is displayed. On the Basic page, enter the object to be cloned. The resource name is automatically generated. After entering the object name, click OK to add the resource, or click Cancel to cancel the add operation. + +![](./figures/HA-clone.png) + +If the following information is displayed, the resource is successfully added: + +![](./figures/HA-clone-suc.png) + +#### Editing Resources + +- Starting a resource: Select a target resource from the resource node list. The target resource must not be running. Start the resource. +- Stopping a resource: Select a target resource from the resource node list. The target resource must be running. Stop the resource. +- Clearing a resource: Select a target resource from the resource node list. Clear the resource. +- Migrating a resource: Select a target resource from the resource node list. The resource must be a common resource or a group resource in the running status. Migrate the resource to migrate it to a specified node. +- Migrating back a resource: Select a target resource from the resource node list. The resource must be a migrated resource. Migrate back the resource to clear the migration settings of the resource and migrate the resource back to the original node. +After you click Migrate Back, the status change of the resource item in the list is the same as that when the resource is started. +- Deleting a resource: Select a target resource from the resource node list. Delete the resource. + +#### Setting Resource Relationships + +Resource relationships are used to set restrictions for the target resources. There are three types of resource restrictions: resource location, resource collaboration, and resource order. + +- Resource location: sets the running level of the nodes in the cluster for the resource to determine the node where the resource runs during startup or switchover. The running levels are **Master Node** and **Slave 1** in descending order. +- Resource collaboration: indicates whether the target resource and other resources in the cluster run on the same node. Same Node indicates that this resource must run on the same node as the target resource. Mutually Exclusive indicates that this resource cannot run on the same node as the target resource. +- Resource order: Set the order in which the target resource and other resources in the cluster are started. Front Resource indicates that this resource must be started before the target resource. Follow-up Resource indicates that this resource can be started only after the target resource is started. + +## HA MySQL Configuration Example + +- Configure three common resources separately, then add them as a group resource. + +### Configuring the Virtual IP Address + +On the home page, choose **Add** > **Add Common Resource** and set the parameters as follows: + +![](./figures/HA-vip.png) + +- The resource is successfully created and started and runs on a node, for example, **ha1**. The resource can be pinged and connected, and allows various operations after login. The resource is switched to **ha2** and can be accessed normally. +- If the following information is displayed, the resource is successfully added: + +![](./figures/HA-vip-suc.png) + +Set the resource location for each resource. The following uses virtual IP resource as an example. + +![](./figures/HA-resource-location.png) + +### Configuring NFS Storage + +- Configure another host as the NFS server. + +Install the software packages: + +```shell +yum install -y nfs-utils rpcbind +``` + +Run the following command to disable the firewall: + +```shell +systemctl stop firewalld && systemctl disable firewalld +``` + +Modify the **/etc/selinux/config** file to change the status of SELINUX to disabled. Restart the system for the modification to take effect. + +```text +# SELINUX=disabled +``` + +Start the services: + +```shell +systemctl start rpcbind && systemctl enable rpcbind +systemctl start nfs-server && systemctl enable nfs-server +``` + +Create a shared directory on the server: + +```shell +mkdir -p /test +``` + +Modify the NFS configuration file: + +```shell +$ vim /etc/exports +# /test *(rw,no_root_squash) +``` + +Reload the service: + +```shell +systemctl reload nfs +``` + +Install the software packages on the client. Install MySQL first to mount the NFS to the path of the MySQL data. + +```shell +yum install -y nfs-utils mariadb-server +``` + +On the home page, choose **Add** > **Add Common Resource** and configure the NFS resource as follows: + +![](./figures/HA-nfs.png) + +- The resource is successfully created and started and runs on a node, for example, **ha1**. The NFS is mounted to the **/var/lib/mysql** directory. The resource is switched to **ha2**. The NFS is unmounted from **ha1** and automatically mounted to **ha2**. +- If the following information is displayed, the resource is successfully added: + +![](./figures/HA-nfs-suc.png) + +### Configuring MySQL + +On the home page, choose **Add** > **Add Common Resource** and configure the MySQL resource as follows: + +![](./figures/HA-mariadb.png) + +- If the following information is displayed, the resource is successfully added: + +![](./figures/HA-mariadb-suc.png) + +### Adding the Preceding Resources as a Group Resource + +- Add the three resources in the resource startup sequence. + +On the home page, choose **Add** > **Add Group Resource** and configure the group resource as follows: + +![](./figures/HA-group-new.png) + +- The group resource is successfully created and started. If the command output is the same as that of the preceding common resources, the group resource is successfully added. + +![](./figures/HA-group-new-suc.png) + +- Use **ha1** as the standby node and migrate the group resource to the **ha2** node. The system is running properly. + +![](./figures/HA-group-new-suc2.png) + +## FAQ + +1. The fence_virtd service fails to be stopped. + +- The fence_virtd service depends on the libvirtd service. Manually start the libvirtd before using the fence_virtd service. diff --git a/docs/en/docs/HA/HAuserguide.md b/docs/en/docs/HA/HAuserguide.md new file mode 100644 index 0000000000000000000000000000000000000000..a8d679c6bea8e3b84aa49746ea20aa047fcca751 --- /dev/null +++ b/docs/en/docs/HA/HAuserguide.md @@ -0,0 +1,358 @@ +# Installing, Deploying, and Using HA + + +- [Installing, Deploying, and Using HA](#installing-deploying-and-using-ha) + - [Installation and Configuration](#installation-and-configuration) + - [Modifying the Host Name and the **/etc/hosts** File](#modifying-the-host-name-and-the-etchosts-file) + - [Configuring the Yum Source](#configuring-the-yum-source) + - [Installing HA Software Package Components](#installing-ha-software-package-components) + - [Setting the hacluster User Password](#setting-the-hacluster-user-password) + - [Modifying the **/etc/corosync/corosync.conf** File](#modifying-the-etccorosynccorosyncconf-file) + - [Managing Services](#managing-services) + - [Disabling the Firewall](#disabling-the-firewall) + - [Managing the pcs Service](#managing-the-pcs-service) + - [Managing the pacemaker Service](#managing-the-pacemaker-service) + - [Managing the corosync Service](#managing-the-corosync-service) + - [Performing Node Authentication](#performing-node-authentication) + - [Accessing the Front-End Management Platform](#accessing-the-front-end-management-platform) + - [Quick User Guide](#quick-user-guide) + - [Login Page](#login-page) + - [Home Page](#home-page) + - [Managing Nodes](#managing-nodes) + - [Node](#node) + - [Preference Setting](#preference-setting) + - [Adding Resources](#adding-resources) + - [Adding Common Resources](#adding-common-resources) + - [Adding Group Resources](#adding-group-resources) + - [Adding Clone Resources](#adding-clone-resources) + - [Editing Resources](#editing-resources) + - [Setting Resource Relationships](#setting-resource-relationships) + - [ACLS](#acls) + + + + +## Installation and Configuration + +- Environment preparation: At least two physical machines or VMs with openEuler 20.03 LTS SP3 installed are required. (This section uses two physical machines or VMs as an example.) For details, see the *openEuler 20.03 LTS SP3 Installation Guide*. + +### Modifying the Host Name and the **/etc/hosts** File + +- **Note: You need to perform the following operations on both hosts. The following takes the operation on one host as an example.** + +Before using the HA software, ensure that the host name has been changed and all host names have been written into the **/etc/hosts** file. + +- Run the following command to change the host name: + +``` +# hostnamectl set-hostname ha1 +``` + +- Edit the **/etc/hosts** file and write the following fields: + +``` +172.30.30.65 ha1 +172.30.30.66 ha2 +``` + +### Configuring the Yum Source + +After the system is successfully installed, the Yum source is configured by default. The file location information is stored in the **/etc/yum.repos.d/openEuler.repo** file. The HA software package uses the following sources: + +``` +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler + +[everything] +name=everything +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/RPM-GPG-KEY-openEuler + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/EPOL/main/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### Installing HA Software Package Components + +``` +# yum install corosync pacemaker pcs fence-agents fence-virt corosync-qdevice sbd drbd -y +``` + +### Setting the hacluster User Password + +``` +# passwd hacluster +``` + +### Modifying the **/etc/corosync/corosync.conf** File + +``` +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: none + crypto_hash: none +} +logging { + fileline: off + to_stderr: yes + to_logfile: yes + logfile: /var/log/cluster/corosync.log + to_syslog: yes + debug: on + logger_subsys { + subsys: QUORUM + debug: on + } +} +quorum { + provider: corosync_votequorum + expected_votes: 2 + two_node: 1 + } +nodelist { + node { + name: ha1 + nodeid: 1 + ring0_addr: 172.30.30.65 + } + node { + name: ha2 + nodeid: 2 + ring0_addr: 172.30.30.66 + } + } +``` + +### Managing Services + +#### Disabling the Firewall + +``` +# systemctl stop firewalld +``` + +Change the status of SELINUX in the **/etc/selinux/config** file to **disabled**. + +``` +# SELINUX=disabled +``` + +#### Managing the pcs Service + +- Run the following command to start the **pcs** service: + +``` +# systemctl start pcsd +``` + +- Run the following command to query service status: + +``` +# systemctl status pcsd +``` + +The service is started successfully if the following information is displayed: + +![](./figures/HA-pcs.png) + +#### Managing the pacemaker Service + +- Run the following command to start the **pacemaker** service: + +``` +# systemctl start pacemaker +``` + +- Run the following command to query service status: + +``` +# systemctl status pacemaker +``` + +The service is started successfully if the following information is displayed: + +![](./figures/HA-pacemaker.png) + +#### Managing the corosync Service + +- Run the following command to start the **corosync** service: + +``` +# systemctl start corosync +``` + +- Run the following command to query service status: + +``` +# systemctl status corosync +``` + +The service is started successfully if the following information is displayed: + +![](./figures/HA-corosync.png) + +### Performing Node Authentication + +- **Note: Perform this operation on only one node.** + +``` +# pcs host auth ha1 ha2 +``` + +### Accessing the Front-End Management Platform + +After the preceding services are started, open the browser (Chrome or Firefox is recommended) and enter **https://IP:2224** in the address box. + +## Quick User Guide + +### Login Page + +The username is **hacluster** and the password is the one set on the host. + +![](./figures/HA-login.png) + +### Home Page + +The home page is the **MANAGE CLUSTERS** page, which includes four functions: remove, add existing, destroy, and create new clusters. + +![](./figures/HA-home-page.png) + +### Managing Nodes + +#### Node + +You can add and remove nodes. The following describes how to add an existing node. + +![](./figures/HA-existing-nodes.png) + +Node management includes the following functions: start, stop, restart, standby, maintenance, and configure Fencing. You can view the enabled services and running resources of the node and manage the node. + +![](./figures/HA-node-setting1.png) ![](./figures/HA-node-setting2.png) + +### Preference Setting + +You can perform the following operations using command lines. The following is a simple example. Run the `pcs --help` command to query more commands available. + +``` +# pcs property set stonith-enabled=false +# pcs property set no-quorum-policy=ignore +``` + +Run the `pcs property` command to view all settings. + +![](./figures/HA-firstchoice-cmd.png) + +- Change the default status of **No Quorum Policy** to **ignore**, and the default status of **Stonith Enabled** to **false**, as shown in the following figure: + +![](./figures/HA-firstchoice.png) + +#### Adding Resources + +##### Adding Common Resources + +The multi-option drop-down list box in the system supports keyword matching. You can enter the keyword of the item to be configured and quickly select it. + +Apache and IPaddr are used as examples. + +Run the following commands to add the Apache and IPaddr resources: + +``` +# pcs resource create httpd ocf:heartbeat:apache +# pcs resource create IPaddr ocf:heartbeat:IPaddr2 ip=172.30.30.67 +``` + +Run the following command to check the cluster resource status: + +``` +# pcs status +``` + +![](./figures/HA-pcs-status.png) + +![](./figures/HA-add-resource.png) + +- Add Apache resources. + +![](./figures/HA-apache.png) + +- The resources are successfully added if the following information is displayed: + +![](./figures/HA-apache-suc.png) + +- The resources are created and started successfully, and run on a node, for example, **ha1**. The Apache page is displayed. + +![](./figures/HA-apache-show.png) + +- Add IPaddr resources. + +![](./figures/HA-ipaddr.png) + +- The resources are successfully added if the following information is displayed: + +![](./figures/HA-ipaddr-suc.png) + +- The resources are created and started successfully, and run on a node, for example, **ha1**. The HA web login page is displayed, and you can log in to the page and perform operations. When the resources are switched to **ha2**, the web page can still be accessed. + +![](./figures/HA-ipaddr-show.png) + +##### Adding Group Resources + +When you add group resources, at least one common resource is needed in the cluster. Select one or more resources and click **Create Group**. + +- **Note: Group resources are started in the sequence of subresources. Therefore, you need to select subresources in sequence.** + +![](./figures/HA-group.png) + +The resources are successfully added if the following information is displayed: + +![](./figures/HA-group-suc.png) + +##### Adding Clone Resources + +![](./figures/HA-clone.png) + +The resources are successfully added if the following information is displayed: + +![](./figures/HA-clone-suc.png) + +#### Editing Resources + +- **Enable**: Select a target resource that is not running from the resource node list. Enable the resource. +- **Disable**: Select a target resource that is running from the resource node list. Disable the resource. +- **Clearup**: Select a target resource from the resource node list and clear the resource. +- **Porting**: Select a target resource from the resource node list. The resource must be a common resource or group resource that is running. You can port the resource to a specified node. +- **Rollback**: Select a target resource from the resource node list. Before rolling back a resource, ensure that the resource has been ported. You can clear the porting settings of the resource and roll the resource back to the original node. After you click the button, the status of the resource item in the list is the same as that when the resource is enabled. +- **Remove**: Select a target resource from the resource node list and remove the resource. + +You can perform the preceding resource operations on the page shown in the following figure: + +![](./figures/HA-resoure-set.png) + +#### Setting Resource Relationships + +The resource relationship is used to set restrictions for target resources. Resource restrictions are classified as follows: **resource location**, **resource colocation**, and **resource ordering**. + +- **Resource location**: Set the runlevel of nodes in the cluster to determine the node where the resource runs during startup or switchover. The runlevels are Master and Slave in descending order. +- **Resource colocation**: Indicate whether the target resource and other resources in the cluster are running on the same node. For resources on the same node, the resource must run on the same node as the target resource. For resources on mutually exclusive nodes, the resource and the target resource must run on different nodes. +- **Resource ordering**: Set the ordering in which the target resource and other resources in the cluster are started. The preamble resource must run before the target resource runs. The postamble resource can run only after the target resource runs. + +After adding common resources or group resources, you can perform the preceding resource operations on the page shown in the following figure: + +![](./figures/HA-resource-relationship.png) + +#### ACLS + +ACLS is an access control list. You can click **Add** to add a user and manage the user access. + +![](./figures/HA-ACLS.png) \ No newline at end of file diff --git a/docs/en/docs/HA/figures/HA-ACLS.png b/docs/en/docs/HA/figures/HA-ACLS.png new file mode 100644 index 0000000000000000000000000000000000000000..bfaf03508f6ae8539c2ec140de60f636dfb91a7a Binary files /dev/null and b/docs/en/docs/HA/figures/HA-ACLS.png differ diff --git a/docs/en/docs/HA/figures/HA-add-resource.png b/docs/en/docs/HA/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..5322f650807e08e702a555093d25d733626132fe Binary files /dev/null and b/docs/en/docs/HA/figures/HA-add-resource.png differ diff --git a/docs/en/docs/HA/figures/HA-apache-show.png b/docs/en/docs/HA/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..bdd393124f73e0fecab4ab385dc8561dee45afe1 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-apache-show.png differ diff --git a/docs/en/docs/HA/figures/HA-apache-suc.png b/docs/en/docs/HA/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2eb34be27558a7320fb46ae6c3cb9a8291f2344a Binary files /dev/null and b/docs/en/docs/HA/figures/HA-apache-suc.png differ diff --git a/docs/en/docs/HA/figures/HA-apache.png b/docs/en/docs/HA/figures/HA-apache.png new file mode 100644 index 0000000000000000000000000000000000000000..b2e332fec2af4ce82ff6baa3169341dc07439008 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-apache.png differ diff --git a/docs/en/docs/HA/figures/HA-api.png b/docs/en/docs/HA/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-api.png differ diff --git a/docs/en/docs/HA/figures/HA-clone-suc.png b/docs/en/docs/HA/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..ca644bbd98cdf4ba921b7ac9d90ee4724fe1e265 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-clone-suc.png differ diff --git a/docs/en/docs/HA/figures/HA-clone.png b/docs/en/docs/HA/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b6c1564001592ad775b4dafc52974faa3421383 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-clone.png differ diff --git a/docs/en/docs/HA/figures/HA-corosync.png b/docs/en/docs/HA/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-corosync.png differ diff --git a/docs/en/docs/HA/figures/HA-existing-nodes.png b/docs/en/docs/HA/figures/HA-existing-nodes.png new file mode 100644 index 0000000000000000000000000000000000000000..d309d0edc7b93f53d2548323a9e98473b950783f Binary files /dev/null and b/docs/en/docs/HA/figures/HA-existing-nodes.png differ diff --git a/docs/en/docs/HA/figures/HA-firstchoice-cmd.png b/docs/en/docs/HA/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..d0d6195b566853769304b6ee1290bfa8be021bd4 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-firstchoice-cmd.png differ diff --git a/docs/en/docs/HA/figures/HA-firstchoice.png b/docs/en/docs/HA/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..df73ad1030abba6cd3088eacfb627a770db4063d Binary files /dev/null and b/docs/en/docs/HA/figures/HA-firstchoice.png differ diff --git a/docs/en/docs/HA/figures/HA-group-new-suc.png b/docs/en/docs/HA/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-group-new-suc.png differ diff --git a/docs/en/docs/HA/figures/HA-group-new-suc2.png b/docs/en/docs/HA/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/en/docs/HA/figures/HA-group-new-suc2.png differ diff --git a/docs/en/docs/HA/figures/HA-group-new.png b/docs/en/docs/HA/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/en/docs/HA/figures/HA-group-new.png differ diff --git a/docs/en/docs/HA/figures/HA-group-suc.png b/docs/en/docs/HA/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..d1c2402d2f2d7ebb32fdd661aa5ed3b9ba48b807 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-group-suc.png differ diff --git a/docs/en/docs/HA/figures/HA-group.png b/docs/en/docs/HA/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..712407e923193b4e1ea56bb55a68828ebb700550 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-group.png differ diff --git a/docs/en/docs/HA/figures/HA-home-page.png b/docs/en/docs/HA/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..197c2626c98962e4f57ca7b6d818a734d65eb52a Binary files /dev/null and b/docs/en/docs/HA/figures/HA-home-page.png differ diff --git a/docs/en/docs/HA/figures/HA-ipaddr-show.png b/docs/en/docs/HA/figures/HA-ipaddr-show.png new file mode 100644 index 0000000000000000000000000000000000000000..100fb9f4cac7b6f42ac2a241fb5161534b6754a0 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-ipaddr-show.png differ diff --git a/docs/en/docs/HA/figures/HA-ipaddr-suc.png b/docs/en/docs/HA/figures/HA-ipaddr-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c41c8270b99760743250d0bd089488a2f3a9383a Binary files /dev/null and b/docs/en/docs/HA/figures/HA-ipaddr-suc.png differ diff --git a/docs/en/docs/HA/figures/HA-ipaddr.png b/docs/en/docs/HA/figures/HA-ipaddr.png new file mode 100644 index 0000000000000000000000000000000000000000..95fdad5e1ad23a29479f1402af32677fed8e0b36 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-ipaddr.png differ diff --git a/docs/en/docs/HA/figures/HA-login.png b/docs/en/docs/HA/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/en/docs/HA/figures/HA-login.png differ diff --git a/docs/en/docs/HA/figures/HA-mariadb-suc.png b/docs/en/docs/HA/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/en/docs/HA/figures/HA-mariadb-suc.png differ diff --git a/docs/en/docs/HA/figures/HA-mariadb.png b/docs/en/docs/HA/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/en/docs/HA/figures/HA-mariadb.png differ diff --git a/docs/en/docs/HA/figures/HA-nfs-suc.png b/docs/en/docs/HA/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-nfs-suc.png differ diff --git a/docs/en/docs/HA/figures/HA-nfs.png b/docs/en/docs/HA/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-nfs.png differ diff --git a/docs/en/docs/HA/figures/HA-node-setting1.png b/docs/en/docs/HA/figures/HA-node-setting1.png new file mode 100644 index 0000000000000000000000000000000000000000..22a4d907dc1d97f6b09d74983a8d280236a1b224 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-node-setting1.png differ diff --git a/docs/en/docs/HA/figures/HA-node-setting2.png b/docs/en/docs/HA/figures/HA-node-setting2.png new file mode 100644 index 0000000000000000000000000000000000000000..78214a2e0cd8c62b27a741674a0d170593f08fbb Binary files /dev/null and b/docs/en/docs/HA/figures/HA-node-setting2.png differ diff --git a/docs/en/docs/HA/figures/HA-operational-attributes.png b/docs/en/docs/HA/figures/HA-operational-attributes.png new file mode 100644 index 0000000000000000000000000000000000000000..0938f11d3f2e170966e11b3594b9d1b64cbcd1dd Binary files /dev/null and b/docs/en/docs/HA/figures/HA-operational-attributes.png differ diff --git a/docs/en/docs/HA/figures/HA-pacemaker.png b/docs/en/docs/HA/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-pacemaker.png differ diff --git a/docs/en/docs/HA/figures/HA-pcs-status.png b/docs/en/docs/HA/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..7cb5ebda8a4d5f082a05db10d4dbd06420ab54ba Binary files /dev/null and b/docs/en/docs/HA/figures/HA-pcs-status.png differ diff --git a/docs/en/docs/HA/figures/HA-pcs.png b/docs/en/docs/HA/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-pcs.png differ diff --git a/docs/en/docs/HA/figures/HA-refresh.png b/docs/en/docs/HA/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-refresh.png differ diff --git a/docs/en/docs/HA/figures/HA-resource-location.png b/docs/en/docs/HA/figures/HA-resource-location.png new file mode 100644 index 0000000000000000000000000000000000000000..7faed091efda7956dc23c958062f679ac7f9d422 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-resource-location.png differ diff --git a/docs/en/docs/HA/figures/HA-resource-relationship.png b/docs/en/docs/HA/figures/HA-resource-relationship.png new file mode 100644 index 0000000000000000000000000000000000000000..2cfd19be6b0762473953393897c93407e07826e6 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-resource-relationship.png differ diff --git a/docs/en/docs/HA/figures/HA-resoure-set.png b/docs/en/docs/HA/figures/HA-resoure-set.png new file mode 100644 index 0000000000000000000000000000000000000000..3b23e8afc67f0d2d401e98741b79b405c2c7d600 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-resoure-set.png differ diff --git a/docs/en/docs/HA/figures/HA-vip-suc.png b/docs/en/docs/HA/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/en/docs/HA/figures/HA-vip-suc.png differ diff --git a/docs/en/docs/HA/figures/HA-vip.png b/docs/en/docs/HA/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/en/docs/HA/figures/HA-vip.png differ diff --git a/docs/en/docs/HA/ha.md b/docs/en/docs/HA/ha.md new file mode 100644 index 0000000000000000000000000000000000000000..0269d2ca63cf06800529fe3168e305b120ee08a9 --- /dev/null +++ b/docs/en/docs/HA/ha.md @@ -0,0 +1,3 @@ +# HA User Guide + +This section describes how to install and use HA. \ No newline at end of file diff --git a/docs/en/docs/HA/installing-and-deploying-HA.md b/docs/en/docs/HA/installing-and-deploying-HA.md new file mode 100644 index 0000000000000000000000000000000000000000..9c58db84498482d9d6f5a4ef3ca3eb0a2cda7631 --- /dev/null +++ b/docs/en/docs/HA/installing-and-deploying-HA.md @@ -0,0 +1,215 @@ +# Installing and Deploying HA + +This chapter describes how to install and deploy an HA cluster. + +## Installation and Deployment + +- Prepare the environment: At least two physical machines or VMs with openEuler 20.03 LTS SP4 installed are required. (This section uses two physical machines or VMs as an example.) For details about how to install openEuler 20.03 LTS SP4, see the [*openEuler 20.03 LTS SP4 Installation Guide*](../Installation/Installation.md). + +### Modifying the Host Name and the **/etc/hosts** File + +- **Note: You need to perform the following operations on both hosts. The following takes one host as an example.** + +Before using the HA software, ensure that all host names have been changed and written into the **/etc/hosts** file. + +- Change the host name: + +```shell +hostnamectl set-hostname ha1 +``` + +- Edit the **/etc/hosts** file and write the following fields: + +```text +172.30.30.65 ha1 +172.30.30.66 ha2 +``` + +### Configuring the Yum Repository + +After the system is successfully installed, the Yum source is configured by default. The file location is stored in the **/etc/yum.repos.d/openEuler.repo** file. The HA software package uses the following sources: + +```text +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler + +[everything] +name=everything +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/RPM-GPG-KEY-openEuler + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### Installing the HA Software Package Components + +```shell +yum install -y corosync pacemaker pcs fence-agents fence-virt corosync-qdevice sbd drbd drbd-utils +``` + +### Setting the hacluster User Password + +```shell +passwd hacluster +``` + +### Modifying the **/etc/corosync/corosync.conf** File + +```text +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: none + crypto_hash: none +} +logging { + fileline: off + to_stderr: yes + to_logfile: yes + logfile: /var/log/cluster/corosync.log + to_syslog: yes + debug: on + logger_subsys { + subsys: QUORUM + debug: on + } +} +quorum { + provider: corosync_votequorum + expected_votes: 2 + two_node: 1 + } +nodelist { + node { + name: ha1 + nodeid: 1 + ring0_addr: 172.30.30.65 + } + node { + name: ha2 + nodeid: 2 + ring0_addr: 172.30.30.66 + } + } +``` + +### Managing the Services + +#### Disabling the firewall + +```shell +systemctl stop firewalld +systemctl disable firewalld +``` + +Change the status of SELINUX in the /etc/selinux/config file to disabled. + +```text +# SELINUX=disabled +``` + +Restart the system to ensure that the SELINUX settings take effect. + +```shell +reboot +``` + +#### Managing the pcs service + +- Start the pcs service: + +```shell +systemctl start pcsd +``` + +- Enable the pcs service to start upon system startup: + +```shell +systemctl enable pcsd +``` + +- Query the pcs service status: + +```shell +systemctl status pcsd +``` + +The service is started successfully if the following information is displayed: + +![](./figures/HA-pcs.png) + +#### Managing the Pacemaker service + +- Start the Pacemaker service: + +```shell +systemctl start pacemaker +``` + +- Query the Pacemaker service status: + +```shell +systemctl status pacemaker +``` + +The service is started successfully if the following information is displayed: + +![](./figures/HA-pacemaker.png) + +#### Managing the Corosync service + +- Start the Corosync service: + +```shell +systemctl start corosync +``` + +- Query the Corosync service status: + +```shell +systemctl status corosync +``` + +The service is started successfully if the following information is displayed: + +![](./figures/HA-corosync.png) + +### Performing Node Authentication + +- **Note: Run this command on only one node.** +Authorize the user name and password oof each node using pcs. + +```shell +$ pcs host auth ha1 ha2 +Username: hacluster +Password: +ha1: Authorized +ha2: Authorized +``` + +### Accessing the Front-End Management Platform + +After the preceding services are started, open the browser (Chrome or Firefox is recommended) and enter **** in the navigation bar. + +- This page is the native management platform. + +![](./figures/HA-login.png) + +For details about how to install the management platform newly developed by the community, see . + +- The following is the management platform newly developed by the community. + +![](./figures/HA-api.png) + +- The next chapter describes how to quickly use an HA cluster and add an instance. For details, see the [HA Usage Example](./HA_usage_example.md). diff --git a/docs/en/docs/Installation/FAQ1.md b/docs/en/docs/Installation/FAQ1.md new file mode 100644 index 0000000000000000000000000000000000000000..620029f7c8408b65ecf8fc2807de248a59c4a2c6 --- /dev/null +++ b/docs/en/docs/Installation/FAQ1.md @@ -0,0 +1,26 @@ +# FAQ + + +- [FAQ](#faq) + - [Failing to Start the Raspberry Pi](#failing-to-start-the-raspberry-pi) + - [Symptom](#symptom) + - [Cause Analysis](#cause-analysis) + - [Solution](#solution) + + +## Failing to Start the Raspberry Pi + +### Symptom + +After the Raspberry Pi image released by the openEuler is written to the SD card, the Raspberry Pi fails to be started. + +### Cause Analysis + +The possible causes are as follows: + +1. The downloaded image file is incomplete. To avoid this problem, ensure that the image passes the integrity verification. +2. An error occurs when the image is written to the SD card. In most cases, the error occurs when the image is written to the SD card in the Windows environment using the application software. + +### Solution + +Re-write the complete image to the SD card. \ No newline at end of file diff --git a/docs/en/docs/Installation/Installation-Guide1.md b/docs/en/docs/Installation/Installation-Guide1.md new file mode 100644 index 0000000000000000000000000000000000000000..7057e8a05ec80273e4e05bb4cd0b01ed7a84c16b --- /dev/null +++ b/docs/en/docs/Installation/Installation-Guide1.md @@ -0,0 +1,188 @@ +# Installation Guide + +This section describes how to enable the Raspberry Pi function after [Writing Raspberry Pi Images into the SD card](./Installation-Modes1.md). + + +- [Installation Guide](#installation-guide) + - [Starting the System](#starting-the-system) + - [Logging in to the System](#logging-in-to-the-system) + - [Configuring the System](#configuring-the-system) + - [Expanding the Root Directory Partition](#expanding-the-root-directory-partition) + - [Connecting to the Wi-Fi Network](#connecting-to-the-wi-fi-network) + + +## Starting the System + +After an image is written into the SD card, insert the SD card into the Raspberry Pi and power on the SD card. + +For details about the Raspberry Pi hardware, visit the [Raspberry Pi official website](https://www.raspberrypi.org/). + +## Logging in to the System + +You can log in to the Raspberry Pi in either of the following ways: + +1. Local login + + Connect the Raspberry Pi to the monitor (the Raspberry Pi video output interface is Micro HDMI), keyboard, and mouse, and start the Raspberry Pi. The Raspberry Pi startup log is displayed on the monitor. After Raspberry Pi is started, enter the user name **root** and password **openeuler** to log in. + +2. SSH remote login + + By default, the Raspberry Pi uses the DHCP mode to automatically obtain the IP address. If the Raspberry Pi is connected to a known router, you can log in to the router to check the IP address. The new IP address is the Raspberry Pi IP address. + + **Figure 1** Obtain the IP address + ![](./figures/Obtain the IP address) + + According to the preceding figure, the IP address of the Raspberry Pi is **192.168.31.109**. You can run the `ssh root@192.168.31.109` command and enter the password `openeuler` to remotely log in to the Raspberry Pi. + +## Configuring the System + +### Expanding the Root Directory Partition + +The space of the default root directory partition is small. Therefore, you need to expand the partition capacity before using it. + +To expand the root directory partition capacity, perform the following procedure: + +1. Run the `fdisk -l` command as the root user to check the drive partition information. The command output is as follows: + + ``` + # fdisk -l + Disk /dev/mmcblk0: 14.86 GiB, 15931539456 bytes, 31116288 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0xf2dc3842 + + Device Boot Start End Sectors Size Id Type + /dev/mmcblk0p1 * 8192 593919 585728 286M c W95 FAT32 (LBA) + /dev/mmcblk0p2 593920 1593343 999424 488M 82 Linux swap / Solaris + /dev/mmcblk0p3 1593344 5044223 3450880 1.7G 83 Linux + ``` + + The drive letter of the SD card is **/dev/mmcblk0**, which contains three partitions: + + - **/dev/mmcblk0p1**: boot partition + - **/dev/mmcblk0p2**: swap partition + - **/dev/mmcblk0p3**: root directory partition + + Here, we need to expand the capacity of `/dev/mmcblk0p3`. + +2. Run the `fdisk /dev/mmcblk0` command as the root user and the interactive command line interface (CLI) is displayed. To expand the partition capacity, perform the following procedure as shown in [Figure 2](#zh-cn_topic_0151920806_f6ff7658b349942ea87f4521c0256c315). + + 1. Enter `p` to check the partition information. + + Record the start sector number of `/dev/mmcblk0p3`. That is, the value in the `Start` column of the `/dev/mmcblk0p3` information. In the example, the start sector number is `1593344`. + + 2. Enter `d` to delete the partition. + + 3. Enter `3` or press `Enter` to delete the partition whose number is `3`. That is, the `/dev/mmcblk0p3`. + + 4. Enter `n` to create a partition. + + 5. Enter `p` or press `Enter` to create a partition of the `Primary` type. + + 6. Enter `3` or press `Enter` to create a partition whose number is `3`. That is, the `/dev/mmcblk0p3`. + + 7. Enter the start sector number of the new partition. That is, the start sector number recorded in Step `1`. In the example, the start sector number is `1593344`. + + > ![](./public_sys-resources/icon-notice.gif) **NOTE:** +Do not press **Enter** or use the default parameters. + + 8. Press `Enter` to use the last sector number by default as the end sector number of the new partition. + + 9. Enter `N` without changing the sector ID. + + 10. Enter `w` to save the partition settings and exit the interactive CLI. + + **Figure 2** Expand the partition capacity +![](./figures/Expand the partition capacity) + +3. Run the `fdisk -l` command as the root user to check the drive partition information and ensure that the drive partition is correct. The command output is as follows: + + ``` + # fdisk -l + Disk /dev/mmcblk0: 14.86 GiB, 15931539456 bytes, 31116288 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0xf2dc3842 + + Device Boot Start End Sectors Size Id Type + /dev/mmcblk0p1 * 8192 593919 585728 286M c W95 FAT32 (LBA) + /dev/mmcblk0p2 593920 1593343 999424 488M 82 Linux swap / Solaris + /dev/mmcblk0p3 1593344 31116287 29522944 14.1G 83 Linux + ``` + +4. Run the `resize2fs /dev/mmcblk0p3` command as the root user to increase the size of the unloaded file system. + +5. Run the `df -lh` command to check the drive space information and ensure that the root directory partition has been expanded. + + > ![](./public_sys-resources/icon-notice.gif) **NOTE:** +If the root directory partition is not expanded, run the `reboot` command to restart the Raspberry Pi and then run the `resize2fs /dev/mmcblk0p3` command as the root user. + +### Connecting to the Wi-Fi Network + +To connect to the Wi-Fi network, perform the following procedure: + +1. Check the IP address and network adapter information. + + `ip a` + + Obtain information about the wireless network adapter **wlan0**: + + ``` + 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 + link/ether dc:a6:32:50:de:57 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.109/24 brd 192.168.31.255 scope global dynamic noprefixroute eth0 + valid_lft 41570sec preferred_lft 41570sec + inet6 fe80::cd39:a969:e647:3043/64 scope link noprefixroute + valid_lft forever preferred_lft forever + 3: wlan0: mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 + link/ether e2:e6:99:89:47:0c brd ff:ff:ff:ff:ff:ff + ``` + +2. Scan information about available Wi-Fi networks. + + `nmcli dev wifi` + +3. Connect to the Wi-Fi network. + + Run the `nmcli dev wifi connect SSID password PWD` command as the root user to connect to the Wi-Fi network. + + In the command, `SSID` indicates the SSID of the available Wi-Fi network scanned in the preceding step, and `PWD` indicates the password of the Wi-Fi network. For example, if the `SSID` is `openEuler-wifi`and the password is `12345678`, the command for connecting to the Wi-Fi network is `nmcli dev wifi connect openEuler-wifi password 12345678`. The connection is successful. + + ``` + Device 'wlan0' successfully activated with '26becaab-4adc-4c8e-9bf0-1d63cf5fa3f1'. + ``` + +4. Check the IP address and wireless network adapter information. + + `ip a` + + ``` + 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 + link/ether dc:a6:32:50:de:57 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.109/24 brd 192.168.31.255 scope global dynamic noprefixroute eth0 + valid_lft 41386sec preferred_lft 41386sec + inet6 fe80::cd39:a969:e647:3043/64 scope link noprefixroute + valid_lft forever preferred_lft forever + 3: wlan0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether dc:a6:32:50:de:58 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.110/24 brd 192.168.31.255 scope global dynamic noprefixroute wlan0 + valid_lft 43094sec preferred_lft 43094sec + inet6 fe80::394:d086:27fa:deba/64 scope link noprefixroute + valid_lft forever preferred_lft forever + ``` \ No newline at end of file diff --git a/docs/en/docs/Installation/Installation-Modes1.md b/docs/en/docs/Installation/Installation-Modes1.md new file mode 100644 index 0000000000000000000000000000000000000000..251b29b061ccf2d0b5c4c61cea32dfe205b2c7df --- /dev/null +++ b/docs/en/docs/Installation/Installation-Modes1.md @@ -0,0 +1,106 @@ +# Installation Modes + +> ![](./public_sys-resources/icon-notice.gif) **NOTE:** +> +> - The hardware supports only Raspberry Pi 3B/3B+/4B. +> - The installation is performed by writing images to the SD card. This section describes how to write images using Windows, Linux, and Mac. +> - The image used in this section is the Raspberry Pi image of openEuler. For details about how to obtain the image, see [Installation Preparations](./Installation-Preparations1.md). + +## Writing Images Using Windows + +This section uses Windows 10 as an example to describe how to write images to the SD card using Windows. + +### Formatting the SD Card + +To format the SD card, perform the following procedure: + +1. Download and install the tool for SD card formatting. The following operations use the SD Card Formatter as an example. + +2. Start the SD Card Formatter. In **Select card**, select the drive letter of the SD card to be formatted. + + If no image has been installed in the SD card, only one drive letter exists. In **Select card**, select the drive letter of the SD card to be formatted. + + If an image has been installed in the SD card, one or more drive letters exist. In **Select card**, select the drive letter E of the boot partition corresponding to the SD card to be formatted. The SD card corresponds to three drive letters: E, G, and H. + + +3. In **Formatting options**, select a formatting mode. The default mode is **Quick format**. + +4. Click **Format** to start formatting. A progress bar is displayed to show the formatting progress. + +5. After the formatting is completed, a dialog box is displayed, indicating that formatting is successfully completed. Click **OK**. + +### Writing Images to the SD Card + +> ![](./public_sys-resources/icon-notice.gif) **NOTE:** +> +> If the compressed image file **openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz** is obtained, decompress the file to obtain the **openEuler-20.03-LTS-SP4-raspi-aarch64.img** image file. + +To write the **openEuler-20.03-LTS-SP4-raspi-aarch64.img** image file to the SD card, perform the following procedure: + +1. Download and install the tool for writing images. The following operations use the Win32 Disk Imager as an example. +2. Start the Win32 Disk Imager and right-click **Run as administrator**. +3. Select the path of the image file in IMG format from the **Image File** drop-down list box. +4. In **Device**, select the drive letter of the SD card to which data is written. +5. Click **Write**. A progress bar is displayed to show the progress of writing data to the SD card. +6. After the write operation is completed, a dialog box is displayed, indicating that the write operation is successfully completed. Click **OK**. + +## Writing Images Using Linux + +This section describes how to write images to the SD card in the Linux environment. + +### Checking Drive Partition Information + +Run the `fdisk -l` command as the root user to obtain the information of the SD card and drive partitions. For example, the drive partition corresponding to the SD card can be /dev/sdb. + +### Unmounting the SD Card + +1. Run the `df -lh` command to check the mounted volumes. + +2. If the partitions corresponding to the SD card are not mounted, skip this step. If the partitions corresponding to the SD card are mounted, for example, /dev/sdb1 and /dev/sdb3, run the following commands as the root user to unmount the partitions: + + `umount /dev/sdb1` + + `umount /dev/sdb3` + +### Writing Images to the SD Card + +1. If the image obtained is compressed, run the `xz -d openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz` command to decompress the compressed file to obtain the **openEuler-20.03-LTS-SP4-raspi-aarch64.img** image file. Otherwise, skip this step. + +2. Run the following command as the root user to write the `openEuler-20.03-LTS-SP4-raspi-aarch64.img` image to the SD card: + + `dd bs=4M if=openEuler-20.03-LTS-SP4-raspi-aarch64.img of=/dev/sdb` + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > Generally, the block size is set to 4 MB. If the write operation fails or the written image cannot be used, you can set the block size to 1 MB and try again. However, the write operation is time-consuming when the block size is set to 1 MB. + +## Writing Images Using Mac OS + +This section describes how to flash images to the SD card in the Mac environment. + +### Checking Drive Partition Information + +Run the `diskutil list` command as user root to obtain the information of SD cards and drive partitions. For example, the drive partition corresponding to the SD card can be /dev/disk3. + +### Unmounting the SD Card + +1. Run the `df -lh` command to check the mounted volumes. + +2. If the partitions corresponding to the SD card are not mounted, skip this step. If the partitions corresponding to the SD card are mounted, for example, dev/disk3s1 and /dev/disk3s3, run the following commands as the root user to unmount the partitions: + + `diskutil umount /dev/disk3s1` + + `diskutil umount /dev/disk3s3` + +### Writing Images to the SD Card + +1. If the image obtained is compressed, run the `xz -d openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz` command to decompress the compressed file to obtain the **openEuler-20.03-LTS-SP4-raspi-aarch64.img** image file. Otherwise, skip this step. + +2. Run the following command as the root user to write the image `openEuler-20.03-LTS-SP4-raspi-aarch64.img` to the SD card: + + `dd bs=4m if=openEuler-20.03-LTS-SP4-raspi-aarch64.img of=/dev/sdb` + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > Generally, the block size is set to 4 MB. If the write operation fails or the written image cannot be used, you can set the block size to 1 MB and try again. However, the write operation is time-consuming when the block size is set to 1 MB. + diff --git a/docs/en/docs/Installation/Installation-Preparations1.md b/docs/en/docs/Installation/Installation-Preparations1.md new file mode 100644 index 0000000000000000000000000000000000000000..7c81e41d5b2b5eec67eafdb441e3e19873cf83a7 --- /dev/null +++ b/docs/en/docs/Installation/Installation-Preparations1.md @@ -0,0 +1,117 @@ +# Installation Preparations + +This section describes the compatibility of the hardware and software and the related configurations and preparations required for the installation. + + +- [Installation Preparations](#installation-preparations) + - [Obtaining the Installation Source](#obtaining-the-installation-source) + - [Verifying the Image Integrity](#verifying-the-image-integrity) + - [Overview](#overview) + - [Prerequisites](#prerequisites) + - [Procedure](#procedure) + - [Installation Requirements](#installation-requirements) + - [Hardware Compatibility](#hardware-compatibility) + - [Minimum Hardware Specifications](#minimum-hardware-specifications) + + +## Obtaining the Installation Source + +Before installation, obtain the openEuler Raspberry Pi image and its verification file. + +1. Log in to the [openEuler Repo](https://repo.openeuler.org/) website. + +2. Choose **openEuler-20.03-LTS-SP4**. + +3. Choose **raspi_img**. The download list is displayed. + +4. Click **openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz** to download the openEuler Raspberry Pi image to the local PC. + +5. Click **openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz.sha256sum** to download the verification file of the openEuler Raspberry Pi image to the local PC. + +## Verifying the Image Integrity + +### Overview + +During package transmission, to prevent software packages from being incompletely downloaded due to network or storage device problems, you need to verify the integrity of the software packages after obtaining them. Only the software packages that pass the verification can be deployed. + +Compare the verification value recorded in the verification file with the verification value that is manually calculated to determine whether the software package is complete. If the two values are the same, the downloaded file is complete. Otherwise, the downloaded file is incomplete and you need to obtain the software package again. + +### Prerequisites + +Before verifying the integrity of the image file, ensure that the following files are available: + +Image file: **openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz** + +Verification file: **openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz.sha256sum** + +### Procedure + +To verify the file integrity, perform the following procedure: + +1. Obtain the verification value from the verification file. Run the following command: + + ``` + $ cat openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz.sha256sum + ``` + +2. Calculate the SHA256 verification value of the file. Run the following command: + + ``` + $ sha256sum openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz + ``` + + After the command is executed, the verification value is displayed. + +3. Check whether the verification value calculated in step 1 is consistent with that calculated in step 2. + + If the verification values are consistent, the downloaded file is not damaged. Otherwise, the downloaded file is incomplete and you need to obtain the file again. + +## Installation Requirements + +If the openEuler operating system is installed in the Raspberry Pi environment, the Raspberry Pi environment must meet the hardware compatibility and minimum hardware specifications as follows. + +### Hardware Compatibility + +Currently, the openEuler Raspberry Pi image supports the 3B, 3B+, and 4B versions. + +### Minimum Hardware Specifications + +[Table 1](#tff48b99c9bf24b84bb602c53229e2542) lists the minimum hardware specifications for the openEuler Raspberry Pi image. + +**Table 1** Minimum hardware specifications + + + + + + + + + + + + + + + + + + + + + + +

Component Name

+

Minimum Hardware Specifications

+

Description

+

Raspberry Pi version

+
  • Raspberry Pi 3B
  • Raspberry Pi 3B+
  • Raspberry Pi 4B
+

-

+

Memory

+

≥ 2 GB (4 GB or higher recommended for better user experience)

+

-

+

Drive

+

8 GB or higher recommended for better user experience

+

-

+
+ diff --git a/docs/en/docs/Installation/Installation.md b/docs/en/docs/Installation/Installation.md index 6ce6f6b20da525a6077f0bef45ef3dc0e9700266..c2fcac26083539ff0948ca8a43c0a8bdc6075026 100644 --- a/docs/en/docs/Installation/Installation.md +++ b/docs/en/docs/Installation/Installation.md @@ -1,6 +1,6 @@ # Installation Guide -This guide describes how to install Huawei openEuler. +This guide describes how to install openEuler. This guide is intended for openEuler users with a basic understanding of Linux system management, and is also recommended for administrators, system engineers, and maintenance personnel. diff --git a/docs/en/docs/Installation/More-Resources.md b/docs/en/docs/Installation/More-Resources.md new file mode 100644 index 0000000000000000000000000000000000000000..fab0df5d93e9e7c5283d8d46368d3c4d6402c887 --- /dev/null +++ b/docs/en/docs/Installation/More-Resources.md @@ -0,0 +1,4 @@ +# Reference + +- How to Create a Raspberry Pi Image File +- How to Use Raspberry Pi diff --git a/docs/en/docs/Installation/faqs.md b/docs/en/docs/Installation/faqs.md index 2b10b92c8283e1cc526c71ef7c93a60b02e6194d..641b3357827d4f58e7407a45ca70db579a751d90 100644 --- a/docs/en/docs/Installation/faqs.md +++ b/docs/en/docs/Installation/faqs.md @@ -1,41 +1,44 @@ # FAQs + + - [FAQs](#faqs) - - [Why Does openEuler Fail to Start After I Install It to the Second Disk?](#why-does-openeuler-fail-to-start-after-i-install-it-to-the-second-disk) - - [Why Does openEuler Enter Emergency Mode After It Is Powered On?](#why-does-openeuler-enter-emergency-mode-after-it-is-powered-on) - - [Failed to Reinstall openEuler When a Logical Volume Group That Cannot Be Activated Has Existed in openEuler](#failed-to-reinstall-openeuler-when-a-logical-volume-group-that-cannot-be-activated-has-existed-in-openeuler) + - [openEuler Fails to Start After It Is Installed to the Second Disk](#openEuler-fails-to-start-after-it-is-installed-to-the-second-disk) + - [openEuler Enters Emergency Mode After It Is Started](#openEuler-enters-emergency-mode-after-it-is-started) + - [openEuler Fails to Be Reinstalled When an Unactivated Logical Volume Group Exists](#openEuler-fails-to-be-reinstalled-when-an-unactivated-logical-volume-group-exists) - [An Exception Occurs During the Selection of the Installation Source](#an-exception-occurs-during-the-selection-of-the-installation-source) - - [How Do I Manually Enable the kdump Service?](#how-do-i-manually-enable-the-kdump-service) - - [Failed to Selected Only One Disk for Reinstallation When openEuler Was Installed on a Logical Volume Consisting of Multiple Disks](#failed-to-selected-only-one-disk-for-reinstallation-when-openeuler-was-installed-on-a-logical-volume-consisting-of-multiple-disks) - - [Failed to Install openEuler on an x86 PM in UEFI Mode due to Secure Boot Option Setting](#failed-to-install-openeuler-on-an-x86-pm-in-uefi-mode-due-to-secure-boot-option-setting) - + - [Kdump Service Fails to Be Enabled](#kdump-service-fails-to-be-enabled) + - [Fails to Selected Only One Disk for Reinstallation When openEuler Is Installed on a Logical Volume Consisting of Multiple Disks](#fails-to-selected-only-one-disk-for-reinstallation-when-openeuler-is-installed-on-a-logical-volume-consisting-of-multiple-disks) + - [openEuler Fails to Be Installed on an x86 PM in UEFI Mode Due to Secure Boot Option Settings](#openEuler-fails-to-be-installed-on-an-x86-pm-in-uefi-mode-due-to-secure-boot-option-settings) + - [pmie_check Is Reported in the messages Log During openEuler Installation](#pmie_check-is-reported-in-the-messages-log-during-openeuler-installation) + - [Installation Fails When a User Selects Two Disks with OS Installed and Customizes Partitioning](#installation-fails-when-a-user-selects-two-disks-with-os-installed-and-customizes-partitioning) -## Why Does openEuler Fail to Start After I Install It to the Second Disk? +## openEuler Fails to Start After It Is Installed to the Second Disk ### Symptom The OS is installed on the second disk **sdb** during the installation. The openEuler fails to be started. -### Possible Cause +### Possible Causes When openEuler is installed to the second disk, MBR and GRUB are installed to the second disk **sdb** by default. The following two situations may occur: 1. openEuler installed on the first disk is loaded and started if it is complete. 2. openEuler installed on the first disk fails to be started from hard disks if it is incomplete. -The preceding two situations occur because the first disk **sda** is booted by default to start openEuler on the BIOS window. If openEuler is not installed on the **sda** disk, system restart fails. +The preceding two situations occur because the first disk **sda** is booted by default to start openEuler in the BIOS window. If openEuler is not installed on the **sda** disk, system restart fails. -### Solution +### Solutions This problem can be solved using either of the following two methods: - During the installation of openEuler, select the first disk or both disks, and install the boot loader on the first disk **sda**. -- After installing openEuler, restart it by modifying the boot option on the BIOS window. +- After installing openEuler, restart it by modifying the boot option in the BIOS window. -## Why Does openEuler Enter Emergency Mode After It Is Powered On? +## openEuler Enters Emergency Mode After It Is Started ### Symptom @@ -47,11 +50,11 @@ openEuler enters emergency mode after it is powered on. Damaged OS files result in disk mounting failure, or overpressured I/O results in disk mounting timeout \(threshold: 90s\). -An unexpected system power-off, and low I/O performance of disks may also cause the problem. +An unexpected system power-off and low I/O performance of disks may also cause the problem. -### Solution +### Solutions -1. Enter the password of the **root** account to log in to openEuler. +1. Log in to openEuler as the **root** user. 2. Check and restore files by using the file system check \(fsck\) tool, and restart openEuler. >![](./public_sys-resources/icon-note.gif) **NOTE:** @@ -74,19 +77,19 @@ UUID=afcc811f-4b20-42fc-9d31-7307a8cfe0df /boot ext4 defaults,x-systemd.device-t /dev/mapper/openEuler-swap swap swap defaults 0 0 ``` -## Failed to Reinstall openEuler When a Logical Volume Group That Cannot Be Activated Has Existed in openEuler +## openEuler Fails to Be Reinstalled When an Unactivated Logical Volume Group Exists ### Symptom -After a disk fails, openEuler fails to be reinstalled because a logical volume group that cannot be activated has existed in openEuler. +After a disk fails, openEuler fails to be reinstalled because a logical volume group that cannot be activated existed in the system. -### Possible Cause +### Possible Causes During the installation of openEuler, a logical volume group cannot be activated. -### Solution +### Solutions -Before reinstalling openEuler, restore the abnormal logical volume group to the normal status or clear it. The following uses an example: +Before reinstalling openEuler, restore the abnormal logical volume group to the normal status or clear it. For example: - Restore the logical volume group. 1. Run the following command to clear the active status of the abnormal logical volume group to ensure that the error message "Can't open /dev/sdc exclusively mounted filesystem" is not displayed: @@ -128,29 +131,30 @@ Before reinstalling openEuler, restore the abnormal logical volume group to the After the selection of the installation source, the message "Error checking software selection" is displayed. -### Possible Cause +### Possible Causes This is because the software package dependency in the installation source is abnormal. -### Solution +### Solutions -Check whether the installation source is abnormal. Use the new installation source. +Check whether the installation source is abnormal. +Use the new installation source. -## How Do I Manually Enable the kdump Service? +## Kdump Service Fails to Be Enabled ### Symptom -Run the **systemctl status kdump** command. The following information is displayed, indicating that no memory is reserved. +The following information is displayed after running the **systemctl status kdump** command, indicating that no memory is reserved. ![](./figures/en-us_image_0229291280.png) -### Possible Cause +### Possible Causes The kdump service requires the system to reserve memory for running the kdump kernel. However, the system does not reserve memory for the kdump service. As a result, the kdump service cannot be started. -### Solution +### Solutions -For the scenario where the OS has been installed +For the scenario where the OS is installed 1. Add **crashkernel=1024M,high** to **/boot/efi/EFI/openEuler/grub.cfg**. 2. Restart the system for configuration to take effect. @@ -222,20 +226,20 @@ The following table describes the parameters of the memory reserved for the kdum
-## Failed to Selected Only One Disk for Reinstallation When openEuler Was Installed on a Logical Volume Consisting of Multiple Disks +## Fails to Selected Only One Disk for Reinstallation When openEuler Is Installed on a Logical Volume Consisting of Multiple Disks ### Symptom -If openEuler was installed on a logical volume consisting of multiple disks, an error message will be displayed as shown in [Figure 1](#fig115949762617) when you attempt to select one of the disks for reinstallation. +If openEuler is installed on a logical volume consisting of multiple disks, an error message will be displayed as shown in [Figure 1](#fig115949762617) when you attempt to select one of the disks for reinstallation. **Figure 1** Error message ![](./figures/error-message.png "error-message") -### Possible Cause +### Possible Causes The previous logical volume contains multiple disks. If you select one of the disks for reinstallation, the logical volume will be damaged. -### Solution +### Solutions The logical volume formed by multiple disks is equivalent to a volume group. Therefore, you only need to delete the corresponding volume group. @@ -260,10 +264,10 @@ The logical volume formed by multiple disks is equivalent to a volume group. The ``` >![](./public_sys-resources/icon-note.gif) **NOTE:** - >You can also press **Ctrl**+**Alt**+**F6** to return to the GUI and click **Refresh** in the lower right corner to refresh the storage configuration. + >You can also press **Ctrl**+**Alt**+**F6** to return to the GUI and click **Refresh** in the lower right corner to make the storage configuration take effect. -## Failed to Install openEuler on an x86 PM in UEFI Mode due to Secure Boot Option Setting +## openEuler Fails to Be Installed on an x86 PM in UEFI Mode Due to Secure Boot Option Settings ### Symptom @@ -272,13 +276,13 @@ During the installation of openEuler on an x86 PM in UEFI mode, the system stays **Figure 2** Dialog box showing "No bootable device" ![](./figures/dialog-box-showing-no-bootable-device.png "dialog-box-showing-no-bootable-device") -### Possible Cause +### Possible Causes -After **secure boot** is set to **enabled**, the mainboard verifies the boot program and OS. If the boot program and OS are not signed using the corresponding private key, the boot program and OS cannot pass the authentication of the built-in public key on the mainboard. +After **secure boot** is set to **enabled**, the mainboard verifies the boot program and OS. If the boot program and OS are not signed using the corresponding private key, they cannot pass the authentication of the built-in public key on the mainboard. -### Solution +### Solutions -Access the BIOS, set **secure boot** to **disabled**, and reinstall the openEuler. +Access the BIOS, set **secure boot** to **disabled**, and reinstall openEuler. 1. During the system startup, press **F11** and enter the password **Admin@9000** to access the BIOS. @@ -295,3 +299,52 @@ Access the BIOS, set **secure boot** to **disabled**, and reinstall the openE >![](./public_sys-resources/icon-note.gif) **NOTE:** >After **Enforce Secure Boot** is set to **Disabled**, save the settings, and exit. Then, reinstall the system. +## pmie_check Is Reported in the messages Log During openEuler Installation + +### Symptom + +PCP-related software package is installed if you select Server > Performance Tool during the OS installation. After the OS is installed and restarted, an error "pmie_check failed in /usr/share/pcp/lib/pmie" is reported in the /var/log/messages file. + +### Possible Causes + +anaconda does not support the installation of SELinux policy module in the chroot environment. During the pcp-selinux installation, the postin script fails to execute the PCP-related SELinux policy module. As a result, an error is reported after the OS is restarted. + +### Solutions + +After the OS is installed and restarted, perform either of the following two operations: + +1. Install SElinux policy module pcpupstream. + + ``` + /usr/libexec/pcp/bin/selinux-setup /var/lib/pcp/selinux install "pcpupstream" + + ``` + +2. Reinstall pcp-selinux + + ``` + sudo dnf reinstall pcp-selinux + + ``` + +## Installation Fails When a User Selects Two Disks with OS Installed and Customizes Partitioning + +### Symptom + +During the OS installation, the OS is installed on two disks. In this case, if you select one disk for custom partitioning, and click **Cancel** to perform custom partitioning on the other disk, the installation fails. + +![](./figures/cancle_disk.png) + +![](./figures/custom_paratition.png) + +### Possible Causes + +A user selects a disk for partitioning. After the user clicks **Cancel** and then selects the other disk, the disk information is incorrect. As a result, the installation fails. + +### Solutions + +Select the target disk for custom partitioning. Do not frequently cancel the operation. If you have to cancel and select another disk, you are advised to reinstall the OS. + +### Learn More About the Issue at: + +https://gitee.com/src-openeuler/anaconda/issues/I29P84?from=project-issue \ No newline at end of file diff --git a/docs/en/docs/Installation/figures/Installation_source.png b/docs/en/docs/Installation/figures/Installation_source.png new file mode 100644 index 0000000000000000000000000000000000000000..e803bb9a905a4b28d412c6f57e42fb6367dba172 Binary files /dev/null and b/docs/en/docs/Installation/figures/Installation_source.png differ diff --git a/docs/en/docs/Installation/figures/Installation_wizard.png b/docs/en/docs/Installation/figures/Installation_wizard.png new file mode 100644 index 0000000000000000000000000000000000000000..fc3a96c0cd4b5a2ece94a0b3fc484720440adace Binary files /dev/null and b/docs/en/docs/Installation/figures/Installation_wizard.png differ diff --git a/docs/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png b/docs/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png deleted file mode 100644 index dc92fedd71a5331af870e449f843ecd0eefc9278..0000000000000000000000000000000000000000 Binary files a/docs/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png and /dev/null differ diff --git a/docs/en/docs/Installation/figures/cancle_disk.png b/docs/en/docs/Installation/figures/cancle_disk.png new file mode 100644 index 0000000000000000000000000000000000000000..b222d8a45beb64058d3c7b6dd3acc7baf6779462 Binary files /dev/null and b/docs/en/docs/Installation/figures/cancle_disk.png differ diff --git a/docs/en/docs/Installation/figures/completing-the-configuration.png b/docs/en/docs/Installation/figures/completing-the-configuration.png deleted file mode 100644 index f37cb873d920e8969d507cc5bce85d265e9321e8..0000000000000000000000000000000000000000 Binary files a/docs/en/docs/Installation/figures/completing-the-configuration.png and /dev/null differ diff --git a/docs/en/docs/Installation/figures/completing-the-installation.png b/docs/en/docs/Installation/figures/completing-the-installation.png deleted file mode 100644 index 4f339374e1f2ce5d912625f2fc6c59c24a4a9dcc..0000000000000000000000000000000000000000 Binary files a/docs/en/docs/Installation/figures/completing-the-installation.png and /dev/null differ diff --git a/docs/en/docs/Installation/figures/confignetwork.png b/docs/en/docs/Installation/figures/confignetwork.png new file mode 100644 index 0000000000000000000000000000000000000000..5fad6bd70357640547cc6c5313c1066269c62269 Binary files /dev/null and b/docs/en/docs/Installation/figures/confignetwork.png differ diff --git a/docs/en/docs/Installation/figures/creating-a-user.png b/docs/en/docs/Installation/figures/creating-a-user.png index e62fa5b13359d2ffe926217dacd183a70a609cc5..1d5063cb2cf33cd5ebbfabf8877e0db38b821a84 100644 Binary files a/docs/en/docs/Installation/figures/creating-a-user.png and b/docs/en/docs/Installation/figures/creating-a-user.png differ diff --git a/docs/en/docs/Installation/figures/custom_paratition.png b/docs/en/docs/Installation/figures/custom_paratition.png new file mode 100644 index 0000000000000000000000000000000000000000..6317c18e74fce55459406ff203260499ea6d12d8 Binary files /dev/null and b/docs/en/docs/Installation/figures/custom_paratition.png differ diff --git a/docs/en/docs/Installation/figures/filesystem_setting.png b/docs/en/docs/Installation/figures/filesystem_setting.png new file mode 100644 index 0000000000000000000000000000000000000000..3f8f6e99550e131d15b7fa6f97360c84c8335287 Binary files /dev/null and b/docs/en/docs/Installation/figures/filesystem_setting.png differ diff --git a/docs/en/docs/Installation/figures/host_env8.png b/docs/en/docs/Installation/figures/host_env8.png new file mode 100644 index 0000000000000000000000000000000000000000..d08dcc89f40e1671a55a42fbcb02f26e987a461e Binary files /dev/null and b/docs/en/docs/Installation/figures/host_env8.png differ diff --git a/docs/en/docs/Installation/figures/installation-process.png b/docs/en/docs/Installation/figures/installation-process.png index 986c9b5c25887ed6cec0dc8d5ad1269dc3ff3ddb..21840defc077680284308c0ef3fe30f2b2f30068 100644 Binary files a/docs/en/docs/Installation/figures/installation-process.png and b/docs/en/docs/Installation/figures/installation-process.png differ diff --git a/docs/en/docs/Installation/figures/installation-summary.png b/docs/en/docs/Installation/figures/installation-summary.png index 403b9a53202f2f62e97676aefb92924c263e1b14..c63185afb7cb11744f6312e0465ea8fc871ad457 100644 Binary files a/docs/en/docs/Installation/figures/installation-summary.png and b/docs/en/docs/Installation/figures/installation-summary.png differ diff --git a/docs/en/docs/Installation/figures/installation-wizard.png b/docs/en/docs/Installation/figures/installation-wizard.png deleted file mode 100644 index 69c5254413574903fc55c5eafb935a83837549e0..0000000000000000000000000000000000000000 Binary files a/docs/en/docs/Installation/figures/installation-wizard.png and /dev/null differ diff --git a/docs/en/docs/Installation/figures/installsourceen.png b/docs/en/docs/Installation/figures/installsourceen.png new file mode 100644 index 0000000000000000000000000000000000000000..6d8d2096e8ef90207560e0e4dd6f5df119ac0a5f Binary files /dev/null and b/docs/en/docs/Installation/figures/installsourceen.png differ diff --git a/docs/en/docs/Installation/figures/manual-partitioning-page.png b/docs/en/docs/Installation/figures/manual-partitioning-page.png deleted file mode 100644 index 55d3806c7157d92438b22c6f9dc438d88374395e..0000000000000000000000000000000000000000 Binary files a/docs/en/docs/Installation/figures/manual-partitioning-page.png and /dev/null differ diff --git a/docs/en/docs/Installation/figures/password-of-the-root-account.png b/docs/en/docs/Installation/figures/password-of-the-root-account.png index 1b62043d52df903e9cd5221002d89b6d2e9cfefa..665c8aa4e579c08a452676cd2e2f069ea210baf2 100644 Binary files a/docs/en/docs/Installation/figures/password-of-the-root-account.png and b/docs/en/docs/Installation/figures/password-of-the-root-account.png differ diff --git a/docs/en/docs/Installation/figures/selecting-a-language.png b/docs/en/docs/Installation/figures/selecting-a-language.png index 7230029ddd5c0fc0cbe5b9f220c5e380aed9927e..5c985452db1876cf31c89afe61f42c5b096da8f2 100644 Binary files a/docs/en/docs/Installation/figures/selecting-a-language.png and b/docs/en/docs/Installation/figures/selecting-a-language.png differ diff --git a/docs/en/docs/Installation/figures/selecting-installation-software.png b/docs/en/docs/Installation/figures/selecting-installation-software.png index 72561ef0c81ff8041105bc27e45ddf1c57b7e0a1..305e892f559138820821677e1ae90eae4b8fd937 100644 Binary files a/docs/en/docs/Installation/figures/selecting-installation-software.png and b/docs/en/docs/Installation/figures/selecting-installation-software.png differ diff --git a/docs/en/docs/Installation/figures/semi-automatic-installation.png b/docs/en/docs/Installation/figures/semi-automatic-installation.png deleted file mode 100644 index 82218558de7ffacb4835087c90c0206b52f89198..0000000000000000000000000000000000000000 Binary files a/docs/en/docs/Installation/figures/semi-automatic-installation.png and /dev/null differ diff --git a/docs/en/docs/Installation/figures/setting-a-system-language.png b/docs/en/docs/Installation/figures/setting-a-system-language.png index 7ffc671d569299622ed0c7b750df239b9ea0237e..180b5cc020151b81e10c04e061d60c3ab8b639ac 100644 Binary files a/docs/en/docs/Installation/figures/setting-a-system-language.png and b/docs/en/docs/Installation/figures/setting-a-system-language.png differ diff --git a/docs/en/docs/Installation/figures/setting-date-and-time.png b/docs/en/docs/Installation/figures/setting-date-and-time.png index badc16d9057f523038b2cd7c8e3cba3d079388e0..f94e04d9917cf14230d8a22133ed982517f0abfa 100644 Binary files a/docs/en/docs/Installation/figures/setting-date-and-time.png and b/docs/en/docs/Installation/figures/setting-date-and-time.png differ diff --git a/docs/en/docs/Installation/figures/setting-the-installation-destination.png b/docs/en/docs/Installation/figures/setting-the-installation-destination.png index 49a06b3f62da737a366e5b0da3b25ca66726bae2..ef51cb4637e19bed3eaf78f5bf13aa384d1b453e 100644 Binary files a/docs/en/docs/Installation/figures/setting-the-installation-destination.png and b/docs/en/docs/Installation/figures/setting-the-installation-destination.png differ diff --git a/docs/en/docs/Installation/figures/setting-the-installation-source.png b/docs/en/docs/Installation/figures/setting-the-installation-source.png deleted file mode 100644 index f4fd3be75ad97683d399b28a793d70ffd824126a..0000000000000000000000000000000000000000 Binary files a/docs/en/docs/Installation/figures/setting-the-installation-source.png and /dev/null differ diff --git a/docs/en/docs/Installation/figures/setting-the-keyboard-layout.png b/docs/en/docs/Installation/figures/setting-the-keyboard-layout.png index 073140233a81bc565c5320c75544dbbfdd14af6c..a2593512021e3540874030887e23d23f01efecb6 100644 Binary files a/docs/en/docs/Installation/figures/setting-the-keyboard-layout.png and b/docs/en/docs/Installation/figures/setting-the-keyboard-layout.png differ diff --git a/docs/en/docs/Installation/figures/setting-the-network-and-host-name.png b/docs/en/docs/Installation/figures/setting-the-network-and-host-name.png index c817a3842537be83d546a70fa034022816653d6b..de49197a8fbf7d93c7e77b73f458972c51df1ffa 100644 Binary files a/docs/en/docs/Installation/figures/setting-the-network-and-host-name.png and b/docs/en/docs/Installation/figures/setting-the-network-and-host-name.png differ diff --git a/docs/en/docs/Installation/figures/sourceftp.png b/docs/en/docs/Installation/figures/sourceftp.png new file mode 100644 index 0000000000000000000000000000000000000000..fb014bb7850a97f590bca9f553f6a3d0152f3224 Binary files /dev/null and b/docs/en/docs/Installation/figures/sourceftp.png differ diff --git a/docs/en/docs/Installation/figures/sourcenfs.png b/docs/en/docs/Installation/figures/sourcenfs.png new file mode 100644 index 0000000000000000000000000000000000000000..0bc817c977a15dd8b8039c6f434e99dd802cc981 Binary files /dev/null and b/docs/en/docs/Installation/figures/sourcenfs.png differ diff --git a/docs/en/docs/Installation/figures/starting-installation.png b/docs/en/docs/Installation/figures/starting-installation.png index 4bd779430c0dd891099dffbd7b65298eae0dea58..84115e662ce10bdbba3b717d33367cd28788823e 100644 Binary files a/docs/en/docs/Installation/figures/starting-installation.png and b/docs/en/docs/Installation/figures/starting-installation.png differ diff --git a/docs/en/docs/Installation/figures/startparam.png b/docs/en/docs/Installation/figures/startparam.png new file mode 100644 index 0000000000000000000000000000000000000000..661febc759a150367509505577ea7ea216f911be Binary files /dev/null and b/docs/en/docs/Installation/figures/startparam.png differ diff --git a/docs/en/docs/Installation/install-pi.md b/docs/en/docs/Installation/install-pi.md new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/en/docs/Installation/install-server.md b/docs/en/docs/Installation/install-server.md new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/en/docs/Installation/installation-guideline.md b/docs/en/docs/Installation/installation-guideline.md index ed94820b26dfa2984daedee8212a82172e45d84b..7f7b5873553e4fde3dab40ce35de4badbaf6dc1b 100644 --- a/docs/en/docs/Installation/installation-guideline.md +++ b/docs/en/docs/Installation/installation-guideline.md @@ -1,6 +1,7 @@ # Installation Guideline -This section describes how to install openEuler using a CD-ROM. The installation process is the same for other installation modes except the boot option. +This section describes how to install openEuler using a CD/DVD-ROM. The installation process is the same for other installation modes except the boot option. + - [Installation Guideline](#installation-guideline) @@ -18,25 +19,24 @@ This section describes how to install openEuler using a CD-ROM. The installation - [Setting the Installation Destination](#setting-the-installation-destination) - [Storage Configuration](#storage-configuration) - [Setting the Network and Host Name](#setting-the-network-and-host-name) - - [Starting Installation](#starting-installation) - - [Configurations During Installation](#configurations-during-installation) + - [Setting the Root Password](#setting-the-root-password) - [Password Complexity](#password-complexity) - - [Setting the Root User Password](#setting-the-root-user-password) - - [Creating a User](#creating-a-user) + - [Creating a User](#creating-a-user) + - [Starting Installation](#starting-installation) + - [Installation Procedure](#installation-procedure) - [Completing the Installation](#completing-the-installation) - ## Starting the Installation ### Booting from the CD/DVD-ROM Drive Load the ISO image of openEuler from the CD/DVD-ROM drive of the server and restart the server. The procedure is as follows: ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->Before the installation, ensure that the server boots from the CD/DVD-ROM drive preferentially. The following steps describe how to install the openEuler using the virtual CD/DVD-ROM drive on the baseboard management controller \(BMC\). Installing the openEuler from a physical drive is simple. After the installation starts, the procedure for the physical drive is the same as that of the virtual drive. +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> Before the installation, ensure that the server boots from the CD/DVD-ROM drive preferentially. The following steps describe how to install openEuler using the virtual CD/DVD-ROM drive on the baseboard management controller (BMC). The procedure for installing openEuler from a physical drive is simple and is the same as that of the virtual drive. Therefore, no description is provided in this section. -1. On the toolbar, click the icon shown in the following figure. +1. On the toolbar, click the icon shown in the following figure. **Figure 1** Drive icon ![](./figures/drive-icon.png "drive-icon") @@ -46,49 +46,50 @@ Load the ISO image of openEuler from the CD/DVD-ROM drive of the server and rest **Figure 2** Image dialog box ![](./figures/image-dialog-box.png "image-dialog-box") -2. Select **Image File** and then click **Browse**. The **Open** dialog box is displayed. -3. Select the image file and click **Open**. In the image dialog box, click **Connect**. If **Connect** changes to **Disconnect**, the virtual CD/DVD-ROM drive is connected to the server. -4. On the toolbar, click the restart icon shown in the following figure to restart the device. +2. Select **Image File** and then click **Browse**. The **Open** dialog box is displayed. + +3. Select the image file and click **Open**. In the image dialog box, click **Connect**. If **Connect** changes to **Disconnect**, the virtual CD/DVD-ROM drive is connected to the server. + +4. On the toolbar, click the restart icon shown in the following figure to restart the device. **Figure 3** Restart icon ![](./figures/restart-icon.png "restart-icon") - ### Installation Wizard -A boot menu is displayed after the system is booted using the boot medium. In addition to options for starting the installation program, some other options are available on the boot menu. During system installation, the **Test this media & install openEuler 20.03 LTS** mode is used by default. Press the arrow keys on the keyboard to change the selection, and press **Enter** when the desired option is highlighted. +A boot menu is displayed after the system is booted using the boot medium. In addition to options for starting the installation program, some other options are available on the boot menu. During system installation, the **Test this media \& install openEuler 20.03-LTS-SP4** mode is used by default. Press the arrow keys on the keyboard to change the selection, and press **Enter** when the desired option is highlighted. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- If you do not perform any operations within 1 minute, the system automatically selects the default option **Test this media & install openEuler 20.03 LTS** and enters the installation page. ->- During PM installation, if you cannot use the arrow keys to select boot options and the system does not respond after you press **Enter**, click ![](./figures/en-us_image_0229420473.png) on the BMC page and configure **Key & Mouse Reset**. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- If you do not perform any operations within 1 minute, the system automatically selects the default option **Test this media \& install openEuler 20.03-LTS-SP4** and enters the installation page. +>- During PM installation, if you cannot use the arrow keys to select boot options and the system does not respond after you press **Enter**, click ![](./figures/en-us_image_0229420473.png) on the BMC page and configure **Key & Mouse Reset**. **Figure 4** Installation Wizard -![](./figures/installation-wizard.png "installation-wizard") +![](./figures/Installation_wizard.png "installation-wizard") Installation wizard options are described as follows: -- **Install openEuler 20.03 LTS**: Install openEuler on your server in GUI mode. +- **Install openEuler 20.03-LTS-SP4**: Install openEuler on your server in GUI mode. -- **Test this media & install openEuler 20.03 LTS**: Default option. Install openEuler on your server in GUI mode. The integrity of the installation medium is checked before the installation program is started. +- **Test this media & install openEuler 20.03-LTS-SP4**: Default option. Install openEuler on your server in GUI mode. The integrity of the installation medium is checked before the installation program is started. -- **Troubleshooting**: Troubleshooting mode, which is used when the system cannot be installed properly. In troubleshooting mode, the following options are available: - - **Install openEuler 20.03-LTS in basic graphics mode**: Basic graphics installation mode. In this mode, the video driver is not started before the system starts and runs. - - **Rescue the openEuler system**: Rescue mode, which is used to restore the system. In rescue mode, the installation process is printed in the VNC or BMC, and the serial port is unavailable. +- **Troubleshooting**: Troubleshooting mode, which is used when the system cannot be installed properly. In troubleshooting mode, the following options are available: -On the installation wizard screen, press **e** to go to the parameter editing screen of the selected option, and press **c** to go to the command-line interface \(CLI\). + - **Install openEuler 20.03-LTS-SP4 in basic graphics mode**: Basic graphics installation mode. In this mode, the video driver is not started before the system starts and runs. + - **Rescue the openEuler system**: Rescue mode, which is used to restore the system. In rescue mode, the installation process is printed to the Virtual Network Computing (VNC) or BMC interface, and the serial port is unavailable. +On the installation wizard screen, press **E** to go to the parameter editing screen of the selected option, and press **C** to go to the command-line interface (CLI). ### Installation in GUI Mode -On the installation wizard page, select **Test this media & install openEuler 20.03 LTS** to enter the GUI installation mode. +On the installation wizard page, select **Test this media \& install openEuler 20.03-LTS-SP4** to enter the GUI installation mode. Perform graphical installation operations using a keyboard. -- Press **Tab** or **Shift**+**Tab** to move between GUI controls \(such as buttons, area boxes, and check boxes\). -- Press the up or down arrow key to move a target in the list. -- Press the left or right arrow key to move between the horizontal toolbar and watch bar. -- Press the spacebar or **Enter** to select or delete highlighted options, expand or collapse a drop-down list. -- Press **Alt**+a shortcut key \(the shortcut key varies for different pages\) to select the control where the shortcut key is located. The shortcut key can be highlighted \(underlined\) by holding down Alt. - +- Press **Tab** or **Shift**+**Tab** to move between GUI controls (such as buttons, area boxes, and check boxes). +- Press the up or down arrow key to move a target in the list. +- Press the left or right arrow key to move between the horizontal toolbar and watch bar. +- Press the spacebar or **Enter** to select or delete highlighted options, expand or collapse a drop-down list. +- Press **Alt+a shortcut key** (the shortcut key varies for different pages) to select the control where the shortcut key is located. The shortcut key can be highlighted (underlined) by holding down **Alt** . ## Configuring an Installation Program Language @@ -116,8 +117,8 @@ If you want to exit the installation, click **Exit**. The message "Are you sure On the **INSTALLATION SUMMARY** page, click **KEYBOARD**. You can add or delete multiple keyboard layouts in the system. -- On the left white box, click to select the keyboard layout and click the keyboard under the box. -- To test the keyboard layout: On the left white box, click to select the keyboard layout, click the inside of the right text box, and enter the text to ensure that the keyboard layout can work properly. +- To view the keyboard layout: On the left white box, click to select the keyboard layout and click the keyboard under the box. +- To test the keyboard layout: On the left white box, click to select the keyboard layout, click the inside of the right text box, and enter the text to ensure that the keyboard layout can work properly. **Figure 7** Setting the keyboard layout ![](./figures/setting-the-keyboard-layout.png "setting-the-keyboard-layout") @@ -128,9 +129,9 @@ After the setting is complete, click **Done** in the upper left corner to go b On the **INSTALLATION SUMMARY** page, click **LANGUAGE SUPPORT** to set the system language, as shown in [Figure 8](#en-us_topic_0186390098_en-us_topic_0122145772_fig187301927172619). Set another language as required, such as Chinese. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- If you select Chinese, the system does not display Chinese characters after you log in to the system using VNC, because VNC does not support Chinese characters. If you log in to the system in SSH mode, Chinese characters will be displayed. ->- If you select English, there will be no impact. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> - If you select **Chinese**, the system does not support the display of Chinese characters when you log in to the system using VNC, but supports the display of Chinese characters when you log in to the system using a serial port. When you log in to the system using SSH, whether the system supports the display of Chinese characters depends on the SSH client. If you select **English**, the display is not affected. **Figure 8** Setting a system language ![](./figures/setting-a-system-language.png "setting-a-system-language") @@ -139,15 +140,16 @@ After the setting is complete, click **Done** in the upper left corner to go b ## Setting Date and Time -On the **INSTALLATION SUMMARY** page, click **TIME & DATE**. On the **TIME & DATE** page, set the system time zone, date, and time. +On the **INSTALLATION SUMMARY** page, click **TIME \& DATE**. On the **TIME \& DATE** page, set the system time zone, date, and time. When setting the time zone, you can click a specific city on the map with the mouse, or select a region from the drop-down list of **Region** or a city from the drop-down list of **City** at the top of the page, as shown in [Figure 9](#en-us_topic_0186390096_en-us_topic_0122145900_fig1260162652312). If your city is not displayed on the map or in the drop-down list, select the nearest city in the same time zone. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- Before manually setting the time zone, disable the network time synchronization function in the upper right corner. ->- If you want to use the network time, ensure that the network can connect to the remote NTP server. For details about how to set the network, see [Setting the Network and Host Name](#setting-the-network-and-host-name). +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- Before manually setting the time zone, disable the network time synchronization function in the upper right corner. +>- If you want to use the network time, ensure that the network can connect to the remote NTP server. For details about how to set the network, see [Setting the Network and Host Name](#setting-the-network-and-host-name). **Figure 9** Setting date and time ![](./figures/setting-date-and-time.png "setting-date-and-time") @@ -156,35 +158,58 @@ After the setting is complete, click **Done** in the upper left corner to go b ## Setting the Installation Source -On the **INSTALLATION SUMMARY** page, click **INSTALLATION SOURCE** to locate the installation source. +On the **INSTALLATION SUMMARY** page, click **INSTALLATION SOURCE** to locate the installation source. -If you use a CD/DVD-ROM for installation, the installation program automatically detects and displays the installation source information. You can use the default settings. [Figure 10](#en-us_topic_0186390100_en-us_topic_0144427079_fig93633295132) shows an example. +- When you use the complete CD/DVD-ROM for installation, the installation program automatically detects and displays the installation source information. You can use the default settings, as shown in [Figure 10](#zh-cn_topic_0186390100_zh-cn_topic_0144427079_fig93633295132): + + **Figure 10** Installation source +![](./figures/Installation_source.png) -**Figure 10** Setting the installation source -![](./figures/setting-the-installation-source.png "setting-the-installation-source") +- When the network source is used for installation, you need to set the URL of the network source. + + - HTTP or HTTPS mode -When you use the network for installation, if the HTTPS server uses a private certificate, press **e** on the installation wizard page to go to the parameter editing page and add the **inst.noverifyssl** parameter, as shown in [Figure 11](#fig113517811415). + The following figure shows the installation source in HTTP or HTTPS mode: -**Figure 11** Adding the **inst.noverifyssl** parameter -![](./figures/adding-the-inst-noverifyssl-parameter.png "adding-the-inst-noverifyssl-parameter") + ![](./figures/installsourceen.png) -After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + If the HTTPS server uses a private certificate, press **e** on the installation wizard page to go to the parameter editing page of the selected option, and add the **inst.noverifyssl** parameter. + + Enter the actual installation source address, for example, ****, where **openEuler-20.03-LTS-SP4** indicates the version number, and **x86_64** indicates the CPU architecture. Use the actual version number and CPU architecture. + + - FTP mode + + The following figure shows the installation source in FTP mode. Enter the FTP address in the text box. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->During the installation, if you have any questions about configuring the installation source, see [An Exception Occurs During the Selection of the Installation Source](./faqs.html#an-exception-occurs-during-the-selection-of-the-installation-source). + ![](./figures/sourceftp.png) + + You need to set up an FTP server, mount the **openEuler-20.03-LTS-SP4-x86_64-dvd.iso** image, and copy the mounted files to the shared directory on the FTP server. **x86_64** indicates the CPU architecture. Use the actual image. + + - NFS mode + + The following figure shows the installation source in NFS mode. Enter the NFS address in the text box. + + ![](./figures/sourcenfs.png) + + You need to set up an NFS server, mount the **openEuler-20.03-LTS-SP4-x86_64-dvd.iso** image, and copy the mounted file to the shared directory on the NFS server. **x86_64** indicates the CPU architecture. Use the actual image. + +During the installation, if you have any questions about configuring the installation source, see [An Exception Occurs During the Selection of the Installation Source](./faqs.md#an-exception-occurs-during-the-selection-of-the-installation-source). + +After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. ## Selecting Installation Software On the **INSTALLATION SUMMARY** page, click **SOFTWARE SELECTION** to specify the software package to be installed. -Based on the actual requirements, select **Minimal Install** on the left box and select an add-on in the **Add-Ons for Selected Environment** area on the right, as shown in [Figure 12](#en-us_topic_0186390261_en-us_topic_0122145865_fig03031519101414). +Based on the actual requirements, select **Minimal Install** on the left box and select an add-on in the **Add-Ons for Selected Environment** area on the right, as shown in [Figure 11](#en-us_topic_0186390261_en-us_topic_0122145865_fig03031519101414). -**Figure 12** Selecting installation software +**Figure 11** Selecting installation software ![](./figures/selecting-installation-software.png "selecting-installation-software") ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- In **Minimal Install** mode, not all packages in the installation source will be installed. If the required package is not installed, you can mount the installation source to the local PC and configure a repo source, and use DNF to install the package. ->- If you select **Virtual Host**, the virtualization components QEMU, libvirt, and edk2 are installed by default. You can select whether to install the OVS component in the add-on area. +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- In **Minimal Install** mode, not all packages in the installation source will be installed. If the required package is not installed, you can mount the installation source to the local PC and configure a repo source, and use DNF to install the package. +>- If you select **Virtual Host**, the virtualization components QEMU, libvirt, and edk2 are installed by default. You can select whether to install the OVS component in the add-on area. After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. @@ -192,140 +217,126 @@ After the setting is complete, click **Done** in the upper left corner to go b On the **INSTALLATION SUMMARY** page, click **INSTALLATION DESTINATION** to select the OS installation disk and partition. -You can view available local storage devices in [Figure 13](#fig1195417125015). You can also add an attached device or a network disk specified by clicking **Add a disk**. +You can view available local storage devices in [Figure 12](#fig1195417125015). ->![](./public_sys-resources/icon-notice.gif) **NOTICE:** ->When selecting the device to be installed, you are advised not to use the NVMe SSD storage medium as the OS installation disk. +> ![](./public_sys-resources/icon-notice.gif) **NOTICE:** +When selecting the device to be installed, you are advised not to use the NVMe SSD storage medium as the OS installation disk. -**Figure 13** Setting the installation destination +**Figure 12** Setting the installation destination ![](./figures/setting-the-installation-destination.png "setting-the-installation-destination") ### Storage Configuration On the **INSTALLATION DESTINATION** page, configure storage for system partition. You can either manually configure partitions or select **Automatic** to automatically configure partitioning. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->- During partitioning, to ensure system security and performance, you are advised to divide the device into the following partitions: **/boot**, **/var**, **/var/log**, **/var/log/audit**, **/home**, and **/tmp**. ->- If the system is configured with the swap partition, the swap partition is used when the physical memory of the system is insufficient. Although the swap partition can be used to expand the physical memory, if the swap partition is used due to insufficient memory, the system response slows and the system performance deteriorates. Therefore, you are not advised to configure the swap partition in the system with sufficient physical memory or the performance sensitive system. ->- If you need to split a logical volume group, select **Custom** to manually partition the logical volume group. On the **MANUAL PARTITIONING** page, click **Modify** in the **Volume Group** area to reconfigure the logical volume group. +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> - During partitioning, to ensure system security and performance, you are advised to divide the device into the following partitions: **/boot**, **/var**, **/var/log**, **/var/log/audit**, **/home**, and **/tmp**. +> - If the system is configured with the swap partition, the swap partition is used when the physical memory of the system is insufficient. Although the swap partition can be used to expand the physical memory, if it is used due to insufficient memory, the system response slows and the system performance deteriorates. Therefore, you are not advised to configure the swap partition in the system with sufficient physical memory or in the performance sensitive system. +> - If you need to split a logical volume group, select **Custom** to manually partition the logical volume group. On the **MANUAL PARTITIONING** page, click **Modify** in the **Volume Group** area to reconfigure the logical volume group. **Automatic** -Select **Automatic** if the software is installed in a new storage device or the data in the storage device is not required. +Select **Automatic** if the software is installed in a new storage device or the data in the storage device is not required. After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. -**Customize** +**Custom** -If you need to manually partition the disk, click **Customize** and click **Done** in the upper left corner. The following page is displayed. +If you need to manually partition the disk, click **Custom** and click **Done** in the upper left corner. The following page is displayed. -**Figure 14** MANUAL PARTITIONING page -![](./figures/manual-partitioning-page.png "manual-partitioning-page") +On the **MANUAL PARTITIONING** page, you can partition the disk in either of the following ways. After the partitioning is completed, the window shown in [Figure 13](#fig1277151815248) is displayed. -On the **MANUAL PARTITIONING** page, you can partition the disk in either of the following ways: +- Automatic creation: Click **Click here to create them automatically**. The system automatically creates partitions according to the available storage space. +- Manual creation: Click ![](./figures/en-us_image_0229291243.png) to add a mount point. It is recommended that the expected capacity of each mount point not exceed the available space. -- Automatic creation: Click **Click here to create them automatically**. The system automatically assigns four mount points according to the available storage space: **/boot**, **/**, **/boot/efi**, and **swap**. -- Manual creation: Click ![](./figures/en-us_image_0229291243.png) to add a mount point. It is recommended that the expected capacity of each mount point not exceed the available space. + >![](./public_sys-resources/icon-note.gif) **NOTE:** +If the expected capacity of the mount point exceeds the available space, the system allocates the remaining available space to the mount point. - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >If the expected capacity of the mount point exceeds the available space, the system allocates the remaining available space to the mount point. +**Figure 13** MANUAL PARTITIONING page +![](./figures/filesystem_setting.png "manual-partitioning-page") + >![](./public_sys-resources/icon-note.gif) **NOTE:** +If non-UEFI boot is selected, **/boot/efi** is not required. Otherwise, it is required. -After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. +After the setting is complete, click **Done** in the upper left corner to go back to the **SUMMARY OF CHANGES** page. +click **Accept Changes** to go back to the **INSTALLATION SUMMARY** page. ## Setting the Network and Host Name -On the **INSTALLATION SUMMARY** page, select **NETWORK & HOST NAME** to configure the system network functions. +On the **INSTALLATION SUMMARY** page, select **NETWORK \& HOST NAME** to configure the system network functions. -The installation program automatically detects a local access interface. The detected interface is listed in the left box, and the interface details are displayed in the right-hand area, as shown in [Figure 15](#en-us_topic_0186390264_en-us_topic_0122145831_fig123700157297). In the upper right corner, click the switchover button to enable or disable the network interface. You can also click **Configure** to configure the selected interface. +The installation program automatically detects a local access interface. The detected interface is listed in the left box, and the interface details are displayed in the right-hand area, as shown in [Figure 14](#en-us_topic_0186390264_en-us_topic_0122145831_fig123700157297). You can enable or disable a network interface by clicking the switch in the upper right corner of the page. The switch is turned off by default. If the installation source is set to be the network, turn on the switch. You can also click **Configure** to configure the selected interface. Select **Connect automatically with priority** to enable the NIC to start automatically upon system startup, as shown in Figure 15. -In the lower left box, enter the host name. The host name can be the fully quantified domain name \(FQDN\) in the format of hostname.domainname or the brief host name in the format of hostname. +In the lower left box, enter the host name. The host name can be a fully quantified domain name (FQDN) in the format of *host_name.domain_name* or a brief host name in the format of *host_name*. -**Figure 15** Setting the network and host name +**Figure 14** Setting the network and host name ![](./figures/setting-the-network-and-host-name.png "setting-the-network-and-host-name") -After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. +**Figure 15** Configuring the network +![](./figures/confignetwork.png "config-the-network") -## Starting Installation +After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. -On the installation page, after all the mandatory items are configured, the safety symbols will disappear. Then, you can click **Begin Installation** to install the system. - -**Figure 16** Starting installation -![](./figures/starting-installation.png "starting-installation") +## Setting the Root Password -## Configurations During Installation +Select **Root Password** on the **INSTALLATION SUMMARY** page. The **Root Password** page is displayed, as shown in [Figure 16](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018). Enter a password based on [Password Complexity](#password-complexity) requirements and confirm the password. -After the installation starts, the overall installation progress and the progress of writing the software package to the system are displayed. - -**Figure 17** Installation process -![](./figures/installation-process.png "installation-process") +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> - The root account is used to perform key system management tasks. You are not advised to use the root account for daily work or system access. +> +> - If you select **Lock root account** on the **Root Password** page, the root account will be disabled. -During the process of installing software packages, you need to configure the root password and create users. +**Figure 16** Root password +![](./figures/password-of-the-root-account.png "Root password") ### Password Complexity The password of the **root** user or the password of the new user must meet the password complexity requirements. Otherwise, the password configuration or user creation will fail. The password complexity requirements are as follows: -1. A password must contain at least eight characters. -2. A password must contain at least three of the following types: uppercase letters, lowercase letters, digits, and special characters. -3. A password must be different from the account name. -4. A password cannot contain words in the dictionary. - - Querying a dictionary +1. A password must contain at least eight characters. - In the installed openEuler environment, you can run the following command to export the dictionary library file **dictionary.txt**, and then check whether the password is in the dictionary. +2. A password must contain at least three of the following types: uppercase letters, lowercase letters, digits, and special characters. - ``` - cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt - ``` +3. A password must be different from the account name. - - Modifying a dictionary - 1. Modify the exported dictionary library file, and then run the following command to update the dictionary library: +4. A password cannot contain words in the dictionary. - ``` - # create-cracklib-dict dictionary.txt - ``` + >![](./public_sys-resources/icon-note.gif) **NOTE:** +In the installed openEuler environment, you can run the `cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt` command to export the dictionary library file **dictionary.txt**, and then check whether the password is in the dictionary. - 2. Run the following command to add another dictionary file **custom.txt** to the original dictionary library. +After the settings are completed, click **Done** in the upper left corner to return to the **INSTALLATION SUMMARY** page. - ``` - # create-cracklib-dict dictionary.txt custom.txt - ``` +## Creating a User +Click **User Creation**. [Figure 17](#en-us_topic_0186390266_en-us_topic_0122145909_fig1237715313319) shows the page for creating a user. Enter a username and set a password. By clicking **Advanced**, you can also configure a home directory and a user group, as shown in [Figure 17](#en-us_topic_0186390266_en-us_topic_0122145909_fig128716531312). +**Figure 17** Creating a user +![](./figures/creating-a-user.png "creating-a-user") - -### Setting the Root User Password - -Click **Root Password**. In the displayed dialog box, as shown in [Figure 18](#en-us_topic_0186390266_en-us_topic_0122145909_fig1323165793018), enter a password and re-enter to confirm. - ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->The root password is required to be configured at the same time of installing software packages. Otherwise, the installation will fail. A **root** account is used for performing critical system administration tasks. It is not recommended to use this account for daily work or system access. - -**Figure 18** Password of the **root** account -![](./figures/password-of-the-root-account.png "password-of-the-root-account") +**Figure 18** Advanced user configuration +![](./figures/advanced-user-configuration.png "advanced-user-configuration") After configuration, click **Done** in the left-upper corner to switch back to the installation process page. -### Creating a User - -Click **User Creation**. [Figure 19](#en-us_topic_0186390266_en-us_topic_0122145909_fig1237715313319) shows the page for creating a user. Enter a username and set a password. By clicking **Advanced**, you can also configure a home directory and a user group, as shown in [Figure 20](#en-us_topic_0186390266_en-us_topic_0122145909_fig128716531312). +## Starting Installation -**Figure 19** Creating a user -![](./figures/creating-a-user.png "creating-a-user") +On the installation page, after all the mandatory items are configured, the safety symbols will disappear. Then, you can click **Begin Installation** to install the system. -**Figure 20** Advanced user configuration -![](./figures/advanced-user-configuration.png "advanced-user-configuration") +## Installation Procedure -After configuration, click **Done** in the left-upper corner to switch back to the installation process page. +After the installation starts, the overall installation progress and the progress of writing the software package to the system are displayed. -Click **Finish**. The configuration of openEuler is complete. + >![](./public_sys-resources/icon-note.gif) **NOTE:** +If you click **Exit** or reset or power off the server during the installation, the installation is interrupted and the system is unavailable. In this case, you need to reinstall the system. -![](./figures/completing-the-configuration.png) +**Figure 19** Installation process +![](./figures/installation-process.png "installation-process") ## Completing the Installation -openEuler has been installed, as shown in [Figure 21](#en-us_topic_0186390267_en-us_topic_0122145917_fig1429512116338). Click **Reboot** to restart the system. - -**Figure 21** Completing the installation -![](./figures/completing-the-installation.png "completing-the-installation") +openEuler has been installed, Click **Reboot** to restart the system. -- If the physical DVD-ROM is used to install the OS and the DVD-ROM drive is not automatically ejected during the restart, manually remove the DVD-ROM. Then, the openEuler CLI login page is displayed. -- If the virtual DVD-ROM drive is used to install the OS, change the server boot option to **Hard Disk** and restart the server. Then, the openEuler CLI login page is displayed. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> - If the physical DVD-ROM is used to install the OS and the CD/DVD-ROM drive is not automatically ejected during the restart, manually remove the DVD-ROM. Then, the openEuler CLI login page is displayed. +> - If the virtual DVD-ROM drive is used to install the OS, change the server boot option to **Hard Disk** and restart the server. Then, the openEuler CLI login page is displayed. diff --git a/docs/en/docs/Installation/installation-mode.md b/docs/en/docs/Installation/installation-mode.md index 0d7ada2a90d93d366bffed25908304dcd53ea7cd..3a16319c9344a5c77fbbd7a29386329936dc2f35 100644 --- a/docs/en/docs/Installation/installation-mode.md +++ b/docs/en/docs/Installation/installation-mode.md @@ -1,8 +1,9 @@ # Installation Mode ->![](./public_sys-resources/icon-notice.gif) **NOTICE:** ->- Only TaiShan 200 and FusionServer Pro servers are supported. For details about the supported server models, see [Hardware Compatibility](./installation-preparations.html#hardware-compatibility). Only a virtualization platform created by the virtualization components \(openEuler as the host OS and QEMU and KVM provided in the release package\) of openEuler and the x86 virtualization platform of Huawei public cloud are supported. ->- Currently, only installation modes such as CD-ROM, USB flash drive, network, QCOW2 image, and private image are supported. In addition, only the x86 virtualization platform of Huawei public cloud supports the private image installation mode. +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** +> +>- Only TaiShan 200 and FusionServer Pro servers are supported. For details about the supported server models, see [Hardware Compatibility](./installation-preparations.md#hardware-compatibility). Only a virtualization platform created by the virtualization components \(openEuler as the host OS and QEMU and KVM provided in the release package\) of openEuler and the x86 virtualization platform of Huawei public cloud are supported. +>- Currently, only installation modes such as CD-ROM, USB flash drive, network, QCOW2 image, and private image are supported. In addition, only the x86 virtualization platform of Huawei public cloud supports the private image installation mode. @@ -35,13 +36,13 @@ If you have obtained a CD/DVD-ROM, install the OS using the CD/DVD-ROM. If you h Perform the following operations to start the installation: ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Set the system to preferentially boot from the CD/DVD-ROM drive. Take the BIOS as an example. You need to move the **CD/DVD-ROM Drive** option under **Boot Type Order** to the top. -1. Disconnect all drives that are not required, such as USB drives. -2. Start your computer system. -3. Insert the installation CD/DVD-ROM into the CD/DVD-ROM drive. -4. Restart the computer system. +1. Disconnect all drives that are not required, such as USB drives. +2. Start your computer system. +3. Insert the installation CD/DVD-ROM into the CD/DVD-ROM drive. +4. Restart the computer system. After a short delay, a graphical wizard page is displayed, which contains different boot options. If you do not perform any operation within one minute, the installation starts automatically with the default options. @@ -53,73 +54,79 @@ This section describes how to create or use a USB flash drive to install the ope Pay attention to the capacity of the USB flash drive. The USB flash drive must have sufficient space to store the entire image. It is recommended that the USB flash drive has more than 16 GB space. -1. Connect the USB flash drive to the system and run the **dmesg** command to view related log. At the end of the log, you can view the information generated by the USB flash drive that is just connected. The information is similar to the following: +1. Connect the USB flash drive to the system and run the **dmesg** command to view related log. At the end of the log, you can view the information generated by the USB flash drive that is just connected. The information is similar to the following: - ``` + ```shell [ 170.171135] sd 5:0:0:0: [sdb] Attached SCSI removable disk ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Take the **sdb** USB flash drive as an example. -2. Switch to user **root**. When running the **su** command, you need to enter the password. +2. Switch to user **root**. When running the **su** command, you need to enter the password. - ``` - $ su - root + ```shell + su - root ``` -3. Ensure that the USB flash drive is not mounted. Run the following command: +3. Ensure that the USB flash drive is not mounted. Run the following command: - ``` - # findmnt /dev/sdb + ```shell + findmnt /dev/sdb ``` - If no command output is displayed, the file system is not mounted. Go to the next step. - If the following information is displayed, the USB flash drive is automatically mounted. - ``` - # findmnt /dev/sdb + ```shell + $ findmnt /dev/sdb TARGET SOURCE FSTYPE OPTIONS /mnt/iso /dev/sdb iso9660 ro,relatime ``` In this case, you need to run the **umount** command to uninstall the device. - ``` - # umount /mnt/iso + ```shell + umount /mnt/iso ``` -4. Run the **dd** command to write the ISO image to the USB flash drive. +4. Run the **dd** command to write the ISO image to the USB flash drive. - ``` - # dd if=/path/to/image.iso of=/dev/device bs=blocksize + ```shell + dd if=/path/to/image.iso of=/dev/device bs=blocksize ``` Replace **/path/to/image.iso** with the complete path of the downloaded ISO image file, replace **device** with the device name provided by the **dmesg** command, and set a proper block size \(for example, 512 KB\) to replace **blocksize** to accelerate the write progress. - For example, if the ISO image file name is **/home/testuser/Downloads/openEuler-20.03-LTS-aarch64-dvd.iso** and the detected device name is **sdb**, run the following command: + For example, if the ISO image file name is **/home/testuser/Downloads/openEuler-20.03-LTS-SP4-aarch64-dvd.iso** and the detected device name is **sdb**, run the following command: - ``` - # dd if=/home/testuser/Downloads/openEuler-20.03-LTS-aarch64-dvd.iso of=/dev/sdb bs=512k + ```shell + dd if=/home/testuser/Downloads/openEuler-20.03-LTS-SP4-aarch64-dvd.iso of=/dev/sdb bs=512k ``` -5. After the image is written, remove the USB flash drive. + >![](./public_sys-resources/icon-note.gif) **NOTE** + >As described in ISOLINUX, the ISO 9660 file system created by the **mkisofs** command will boot through BIOS firmware, but only from the CD-ROM, DVD-ROM, or BD. In this case, you need to run the **isohybrid -u your.iso** command to process the ISO file and then run the **dd** command to write the ISO file to the USB flash drive. (This problem affects only the x86 architecture.) - No progress is displayed during the image write process. When the number sign \(\#\) appears again, the write is complete. Exit the **root** account and remove the USB flash drive. In this case, you can use the USB flash drive as the installation source of the system. +5. After the image is written, remove the USB flash drive. + No progress is displayed during the image write process. When the number sign (#) appears again, run the following command to write the data to the drive. Then exit the **root** account and remove the USB flash drive. In this case, you can use the USB drive as the installation source of the system. + + ```bash + sync + ``` ### Starting the Installation Perform the following operations to start the installation: ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Set the system to preferentially boot from the USB flash drive. Take the BIOS as an example. You need to move the **USB** option under **Boot Type Order** to the top. -1. Disconnect all drives that are not required. -2. Open your computer system. -3. Insert the USB flash drive into the computer. -4. Restart the computer system. +1. Disconnect all drives that are not required. +2. Open your computer system. +3. Insert the USB flash drive into the computer. +4. Restart the computer system. After a short delay, a graphical wizard page is displayed, which contains different boot options. If you do not perform any operation within one minute, the installation program automatically starts the installation. @@ -131,8 +138,8 @@ If the target hardware is installed with a PXE-enabled NIC, we can configure it For installation through the network using PXE, the client uses a PXE-enabled NIC to send a broadcast request for DHCP information and IP address to the network. The DHCP server provides the client with an IP address and other network information, such as the IP address or host name of the DNS and FTP server \(which provides the files required for starting the installation program\), and the location of the files on the server. ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->The TFTP, DHCP, and HTTP server configurations are not described here. For details, see [Full-automatic Installation Guide](./using-kickstart-for-automatic-installation.html#full-automatic-installation-guide). +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>The TFTP, DHCP, and HTTP server configurations are not described here. For details, see [Full-automatic Installation Guide](./using-kickstart-for-automatic-installation.md#full-automatic-installation-guide). ## Installation Through a QCOW2 Image @@ -140,45 +147,44 @@ This section describes how to create or use a QCOW2 image to install the openEul ### Creating a QCOW2 Image -1. Install the **qemu-img** software package. +1. Install the **qemu-img** software package. - ``` - # dnf install -y qemu-img + ```shell + dnf install -y qemu-img ``` -2. Run the **create** command of the qemu-img tool to create an image file. The command format is as follows: +2. Run the **create** command of the qemu-img tool to create an image file. The command format is as follows: - ``` - $ qemu-img create -f -o + ```shell + qemu-img create -f -o ``` The parameters are described as follows: - - _imgFormat_: Image format. The value can be **raw** or **qcow2**. - - _fileOption_: File option, which is used to set features of an image file, such as specifying a backend image file, compression, and encryption. - - _fileName_: File name. - - _diskSize_: Disk size, which specifies the size of a block disk. The unit can be K, M, G, or T, indicating KiB, MiB, GiB, or TiB. + - _imgFormat_: Image format. The value can be **raw** or **qcow2**. + - _fileOption_: File option, which is used to set features of an image file, such as specifying a backend image file, compression, and encryption. + - _fileName_: File name. + - _diskSize_: Disk size, which specifies the size of a block disk. The unit can be K, M, G, or T, indicating KiB, MiB, GiB, or TiB. - For example, to create an image file **openEuler-imge.qcow2** whose disk size is 32 GB and format is qcow2, the command and output are as follows: + For example, to create an image file **openEuler-image.qcow2** whose disk size is 32 GB and format is qcow2, the command and output are as follows: - ``` + ```shell $ qemu-img create -f qcow2 openEuler-image.qcow2 32G Formatting 'openEuler-image.qcow2', fmt=qcow2 size=34359738368 cluster_size=65536 lazy_refcounts=off refcount_bits=16 ``` - ### Starting the Installation Perform the following operations to start the installation: -1. Prepare a QCOW2 image file. -2. Prepare the VM network. -3. Prepare the UEFI boot tool set EDK II. -4. Prepare the VM XML configuration file. -5. Create a VM. -6. Start the VM. +1. Prepare a QCOW2 image file. +2. Prepare the VM network. +3. Prepare the UEFI boot tool set EDK II. +4. Prepare the VM XML configuration file. +5. Create a VM. +6. Start the VM. -For details, see the [*openEuler 20.03 LTS Virtualization User Guide*](./../Virtualization/virtualization.html). +For details, see the [_openEuler 20.03 LTS SP4 Virtualization User Guide_](./../Virtualization/virtualization.md). ## Installation Through a Private Image @@ -186,21 +192,8 @@ This section describes how to create or use a private image to install the openE ### Creating a Private Image -For instructions about how to create a private image, see [*Image Management Service User Guide*](https://support.huaweicloud.com/intl/en-us/usermanual-ims/en-us_topic_0013901628.html). +For instructions about how to create a private image, see [_Image Management Service User Guide_](https://support.huaweicloud.com/intl/en-us/usermanual-ims/en-us_topic_0013901628.html). ### Starting the Installation -For details about how to start the x86 virtualization platform of Huawei public cloud, see [Elastic Cloud Server User Guide](https://support.huaweicloud.com/intl/en-us/wtsnew-ims/index.html). - - - - - - - - - - - - - +For details about how to start the x86 virtualization platform of Huawei Cloud, see [Elastic Cloud Server User Guide](https://support.huaweicloud.com/intl/en-us/wtsnew-ims/index.html). diff --git a/docs/en/docs/Installation/installation-preparations.md b/docs/en/docs/Installation/installation-preparations.md index fcfccb21443114d1929794b56fd62cb9c61766c2..a1958a03f21061dd87565334cc8a989a7bd703f2 100644 --- a/docs/en/docs/Installation/installation-preparations.md +++ b/docs/en/docs/Installation/installation-preparations.md @@ -6,7 +6,7 @@ This section describes the compatibility of the hardware and software and the re - [Installation Preparations](#installation-preparations) - [Obtaining the Installation Source](#obtaining-the-installation-source) - - [Release Package Integrity Check](#release-package-integrity-check) + - [Performing Release Package Integrity Check](#performing-release-package-integrity-check) - [Introduction](#introduction) - [Prerequisites](#prerequisites) - [Procedure](#procedure) @@ -25,64 +25,56 @@ Obtain the openEuler release package and verification file before the installati Perform the following operations to obtain the openEuler release package: -1. Log in to the [openEuler Community](https://openeuler.org) website. -2. Click **Download**. -3. Click the link provided after **Download ISO**. The download list is displayed. -4. Click **openEuler-20.03-LTS**. The openEuler 20.03 LTS version download list is displayed. -5. Click **ISO**. The ISO download list is displayed. - - **aarch64**: ISO image file of the AArch64 architecture - - **x86\_64**: ISO image file of the x86\_64 architecture - - **source**: ISO image file of the openEuler source code - -6. Select the openEuler release package and verification file to be downloaded based on the architecture of the environment to be installed. - - If the AArch64 architecture is used: - 1. Click **aarch64**. - 2. Click **openEuler-20.03-LTS-aarch64-dvd.iso** to download the openEuler release package to the local host. - 3. Click **openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. - - - If the x86\_64 architecture is used: - 1. Click **x86\_64**. - 2. Click **openEuler-20.03-LTS-x86\_64-dvd.iso** to download the openEuler release package to the local host. - 3. Click **openEuler-20.03-LTS-x86\_64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. - -## Release Package Integrity Check - ->![](./public_sys-resources/icon-note.gif) **NOTE:** ->This section describes how to verify the integrity of the release package in the AArch64 architecture. The procedure for verifying the integrity of the release package in the x86\_64 architecture is the same. +1. Visit the [openEuler](https://www.openeuler.org/en/) website. +2. Click **Downloads**. +3. Click **Community Editions**. The version list is displayed. +4. Click **Download** on the right of **openEuler 20.03 LTS SP4**. +5. Download the required openEuler release package and the corresponding verification file based on the architecture and scenario. + 1. If the architecture is AArch64: + 1. Click **AArch64**. + 2. For local installation, download the **Offline Standard ISO** or **Offline Everything ISO** release package **openEuler-20.03-LTS-SP4-(everything-)aarch64-dvd.iso** to the local host. + 3. For network installation, download the **Network Install ISO** release package **openEuler-20.03-LTS-SP4-netinst-aarch64-dvd.iso** to the local host. + 2. If the architecture is x86_64: + 1. Click **x86_64**. + 2. For local installation, download the **Offline Standard ISO** or **Offline Everything ISO** release package **openEuler-20.03-LTS-SP4-(everything-)x86_64-dvd.iso** to the local host. + 3. For network installation, download the **Network Install ISO** release package **openEuler-20.03-LTS-SP4-netinst-x86_64-dvd.iso** to the local host. + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> When the network is available, install the environment on the network because the ISO release package is small. +> The release package with AArch64 architecture supports UEFI mode, and the one with x86_64 architecture supports UEFI and Legacy modes. + +## Performing Release Package Integrity Check + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>This section describes how to verify the integrity of the release package in the AArch64 architecture. The procedure for verifying the integrity of the release package in the x86_64 architecture is the same. ### Introduction -To prevent the software package from being incompletely downloaded due to network or storage device faults during transmission, you need to verify the integrity of the software package after obtaining it. Only the software packages that pass the verification can be installed. +To prevent the software package from being incompletely downloaded due to network or storage device faults during transmission, you need to verify its integrity after obtaining it. Only the software packages that pass the verification can be installed. -Compare the verification value recorded in the verification file with the .iso file verification value calculated manually to check whether the software package passes the verification. If the verification values are consistent, the .iso file is not damaged. If they are inconsistent, you can confirm that the file is damaged and you need to obtain the file again. +Compare the verification value recorded in the verification file with the .iso file verification value calculated manually to check whether the software package is complete. If the verification values are consistent, the .iso file is not damaged. If not, the file is damaged and you need to obtain the release package again. ### Prerequisites -Before verifying the integrity of the release package, you need to prepare the following files: +Before verifying the integrity of the release package, prepare the following files: -ISO file: **openEuler-20.03-LTS-aarch64-dvd.iso** +ISO file: **openEuler-20.03-LTS-SP4-aarch64-dvd.iso** -Verification file: **openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum** +Verification file: Copy and save the **Integrity Check** SHA256 value to a local file. ### Procedure To verify the file integrity, perform the following operations: -1. Obtain the verification value in the verification file. Run the following command: - - ``` - $ cat openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum - ``` - -2. Calculate the SHA256 verification value of the file. Run the following command: +1. Calculate the SHA256 verification value of the file. Run the following command: - ``` - $ sha256sum openEuler-20.03-LTS-aarch64-dvd.iso + ```shell + sha256sum openEuler-20.03-LTS-SP4-aarch64-dvd.iso ``` After the command is run, the verification value is displayed. -3. Check whether the values calculated in step 1 and step 2 are consistent. +2. Check whether the calculated value is the same as that of the saved SHA256 value. If the verification values are consistent, the .iso file is not damaged. If they are inconsistent, you can confirm that the file is damaged and you need to obtain the file again. @@ -94,88 +86,30 @@ To install the openEuler OS on a PM, the PM must meet the following hardware com You need to take hardware compatibility into account during openEuler installation. [Table 1](#table14948632047) describes the types of supported servers. ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** > ->- TaiShan 200 servers are backed by Huawei Kunpeng 920 processors. ->- Currently, only Huawei TaiShan and FusionServer Pro servers are supported. More servers from other vendors will be supported in the future. - -**Table 1** Supported servers - - - - - - - - - - - - - - - - - -

Server Type

-

Server Name

-

Server Model

-

Rack server

-

TaiShan 200

-

2280 balanced model

-

Rack server

-

FusionServer Pro

-

FusionServer Pro 2288H V5

-
NOTE:

The server must be configured with the Avago SAS3508 RAID controller card and the LOM-X722 NIC.

-
-
+>- TaiShan 200 servers are backed by Huawei Kunpeng 920 processors. +>- Currently, only Huawei TaiShan and FusionServer Pro servers are supported. More servers from other vendors will be supported in the future. + +**Table 1** Supported servers + +| Server Type | Server Name | Server Model | +| :---- | :---- | :---- | +| Rack server | TaiShan 200 | 2280 balanced model | +| Rack server | FusionServer Pro | FusionServer Pro 2288H V5
NOTE:
The server must be configured with the Avago 3508 RAID controller card and the LOM-X722 NIC.| ### Minimum Hardware Specifications [Table 2](#tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications supported by openEuler. -**Table 2** Minimum hardware specifications - - - - - - - - - - - - - - - - - - - - - - - - - -

Component

-

Minimum Hardware Specifications

-

Description

-

Architecture

-
  • AArch64
  • x86_64
-
  • 64-bit Arm architecture
  • 64-bit Intel x86 architecture
-

CPU

-
  • Huawei Kunpeng 920 series
  • Intel ® Xeon® processor
-

-

-

Memory

-

≥ 4 GB (8 GB or higher recommended for better user experience)

-

-

-

Hard disk

-

≥ 120 GB (for better user experience)

-

The hard disk supports IDE, SATA, SAS interfaces.

-
+**Table 2** Minimum hardware specifications + +| Component | Minimum Hardware Specifications | +| :---- | :---- | +| Architecture | AArch64 or x86_64 | +| CPU | Two CPUs | +| Memory | ≥ 4 GB (8 GB or higher recommended for better user experience) | +| Hard disk | ≥ 32 GB (120 GB or higher recommended for better user experience) | ## Installation Requirements for VMs @@ -185,71 +119,18 @@ To install the openEuler OS on a VM, the VM must meet the following hardware com When installing openEuler, pay attention to the compatibility of the virtualization platform. Currently, the following virtualization platforms are supported: -- A virtualization platform created by the virtualization components \(openEuler as the host OS and QEMU and KVM provided in the release package\) of openEuler -- x86 virtualization platform of Huawei public cloud +- A virtualization platform created by the openEuler virtualization components (openEuler is used as the host OS, and the virtualization components are QEMU and KVM provided in the release package) +- x86 virtualization platform of Huawei Cloud ### Minimum Virtualization Space [Table 3](#tff48b99c9bf24b84bb602c53229e2541) lists the minimum virtualization space required by openEuler. -**Table 3** Minimum virtualization space - - - - - - - - - - - - - - - - - - - - - - - - - -

Component

-

Minimum Virtualization Space

-

Description

-

Architecture

-
  • AArch64
  • x86_64
-

-

-

CPU

-

Two CPUs

-

-

-

Memory

-

≥ 4 GB (8 GB or higher recommended for better user experience)

-

-

-

Hard disk

-

≥ 32 GB (120 GB or higher recommended for better user experience)

-

-

-
- - - - - - - - - - - - - - - - - - +**Table 3** Minimum virtualization space +| Component | Minimum Virtualization Space | +| :---- | :---- | +| Architecture | AArch64 or x86_64 | +| CPU | Two CPUs| +| Memory | ≥ 4 GB (8 GB or higher recommended for better user experience) | +| Hard disk | ≥ 32 GB (120 GB or higher recommended for better user experience) | diff --git a/docs/en/docs/Installation/using-kickstart-for-automatic-installation.md b/docs/en/docs/Installation/using-kickstart-for-automatic-installation.md index 1a59b7870d11f50e2ea789188293dbe5421bad0b..2397016cfdd6439db08da69661efc51e6b611a5c 100644 --- a/docs/en/docs/Installation/using-kickstart-for-automatic-installation.md +++ b/docs/en/docs/Installation/using-kickstart-for-automatic-installation.md @@ -1,19 +1,4 @@ # Using Kickstart for Automatic Installation - - -- [Using Kickstart for Automatic Installation](#using-kickstart-for-automatic-installation) - - [Introduction](#introduction) - - [Overview](#overview) - - [Advantages and Disadvantages](#advantages-and-disadvantages) - - [Background](#background) - - [Semi-automatic Installation Guide](#semi-automatic-installation-guide) - - [Environment Requirements](#environment-requirements) - - [Procedure](#procedure) - - [Full-automatic Installation Guide](#full-automatic-installation-guide) - - [Environment Requirements](#environment-requirements-1) - - [Procedure](#procedure-1) - - ## Introduction @@ -21,8 +6,8 @@ You can use the kickstart tool to automatically install the openEuler OS in either of the following ways: -- Semi-automatic installation: You only need to specify the location of the kickstart file. Kickstart automatically configures OS attributes such as keyboard, language, and partitions. -- Automatic installation: The OS is automatically installed. +- Semi-automatic installation: You only need to specify the location of the kickstart file. Kickstart automatically configures OS attributes such as keyboard, language, and partitions. +- Automatic installation: The OS is automatically installed. ### Advantages and Disadvantages @@ -58,17 +43,19 @@ You can use the kickstart tool to automatically install the openEuler OS in eith ### Background -**Kickstart** +#### Kickstart Kickstart is an unattended installation mode. The principle of kickstart is to record typical parameters that need to be manually entered during the installation and generate the configuration file **ks.cfg**. During the installation, the installation program searches the **ks.cfg** configuration file first for required parameters. If no matching parameters are found, you need to manually configure these parameters. If all required parameters are covered by the kickstart file, automatic installation can be achieved by only specifying the path of the kickstart file. Both full-automatic or semi-automatic installation can be achieved by kickstart. -**PXE** +Kickstart uses the open source [pykickstart](https://github.com/pykickstart/pykickstart) to parse the **kg.cfg** file. -Pre-boot Execution Environment \(PXE\)\) works in client/server network mode. The PXE client can obtain an IP address from the DHCP server during the startup and implement client boot and installation through the network based on protocols such as trivial file transfer protocol \(TFTP\). +#### PXE -**TFTP** +Pre-boot Execution Environment \(PXE\) works in client/server network mode. The PXE client can obtain an IP address from the DHCP server during the startup and implement client boot and installation through the network based on protocols such as trivial file transfer protocol \(TFTP\). + +#### TFTP TFTP is used to transfer simple and trivial files between clients and the server. @@ -76,37 +63,42 @@ TFTP is used to transfer simple and trivial files between clients and the server ### Environment Requirements -The environment requirements for semi-automatic installation of openEuler using kickstart are as follows: +The environment requirements for semi-automatic installation of openEuler OS using kickstart are as follows: -- PM/VM \(for details about how to create VMs, see the documents from corresponding vendors\): includes the computer where kickstart is used for automatic installation and the computer where the kickstart tool is installed. -- Httpd: stores the kickstart file. -- ISO: openEuler-20.03-LTS-aarch64-dvd.iso +- PM/VM \(For details about how to create VMs, see the documents from corresponding vendors\): includes the computer where kickstart is used for automatic installation and the computer where the kickstart tool is installed. +- httpd: stores the kickstart file. +- ISO: openEuler-{version}-{arch}-dvd.iso. This document uses **openEuler-20.03-LTS-SP4-aarch64-dvd.iso** as an example. ### Procedure To use kickstart to perform semi-automatic installation of openEuler, perform the following steps: -**Environment Preparation** +#### Environment Preparation ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Before the installation, ensure that the firewall of the HTTP server is disabled. Run the following command to disable the firewall: ->``` +> +>```shell >iptables -F ->``` +>``` -1. Install httpd and start the service. +```shell +iptables -F +``` - ``` - # dnf install httpd -y - # systemctl start httpd - # systemctl enable httpd +1. Install httpd and start the service. + + ```shell + dnf install httpd -y + systemctl start httpd + systemctl enable httpd ``` -2. Run the following commands to prepare the kickstart file: +2. Run the following commands to prepare the kickstart file: - ``` - # mkdir /var/www/html/ks - #vim /var/www/html/ks/openEuler-ks.cfg ===>The file can be obtained by modifying the anaconda-ks.cfg file automatically generated from openEuler, or can be created using the system-config-kickstart tool. + ```shell + $ mkdir /var/www/html/ks + $ vim /var/www/html/ks/openEuler-ks.cfg # The file can be obtained by modifying the **anaconda-ks.cfg** file automatically generated from openEuler OS. ==================================== ***Modify the following information as required.*** #version=DEVEL @@ -156,76 +148,78 @@ To use kickstart to perform semi-automatic installation of openEuler, perform th ===================================== ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The method of generating the password ciphertext is as follows: - >\# python3 - >Python 3.7.0 \(default, Apr 1 2019, 00:00:00\) - >\[GCC 7.3.0\] on linux + > + >```py + >$ python3 + >Python 3.7.0 (default, Apr 1 2019, 00:00:00) + >[GCC 7.3.0] on linux >Type "help", "copyright", "credits" or "license" for more information. - >\>\>\> import crypt - >\>\>\> passwd = crypt.crypt\("myPasswd"\) - >\>\>\> print\(passwd\) + >>>> import crypt + >>>> passwd = crypt.crypt("myPasswd") + >>>> print (passwd) >$6$63c4tDmQGn5SDayV$mZoZC4pa9Jdt6/ALgaaDq6mIExiOO2EjzomB.Rf6V1BkEMJDcMddZeGdp17cMyc9l9ML9ldthytBEPVcnboR/0 + >``` -3. Mount the ISO image file to the CD-ROM drive of the computer where openEuler is to be installed. +3. Mount the ISO image file to the CD-ROM drive of the computer where openEuler is to be installed. If you want to install openEuler through the NFS, specify the path \(which is **cdrom** by default\) of installation source in the kickstart file. +#### Installing the System -**Installing the System** +1. The installation selection dialog box is displayed. + 1. On the installation wizard page in [Starting the Installation](./installation-guideline.md#starting-the-installation), select **Install openEuler 20.03 LTS SP4** and press **e**. + 2. Add **inst.ks=** to the startup parameters. -1. The installation selection dialog box is displayed. - 1. On the installation wizard page in [Starting the Installation](./installation-guideline.html#starting-the-installation), select **Install openEuler 20.03 LTS** and press **e**. - 2. Add **inst.ks=http://server ip/ks/openEuler-ks.cfg** to the startup parameters. + ![startparam.png](./figures/startparam.png "startparam.png") - ![](./figures/semi-automatic-installation.png) + 3. Press **Ctrl**+**x** to start the automatic installation. - 3. Press **Ctrl**+**x** to start the automatic installation. +2. Verify that the installation is complete. -2. Verify that the installation is complete. - - After the installation is complete, the system automatically boots. If the first boot option of the system is set to the CD_ROM, the installation page is displayed again. Shut down the computer and change startup option to start from the hard disk preferentially. + After the installation is complete, the system automatically reboots. If the first boot option of the system is set to the CD_ROM, the installation page is displayed again. Shut down the computer and change startup option to start from the hard disk preferentially. ![](./figures/completing-the-automatic-installation.png) - ## Full-automatic Installation Guide ### Environment Requirements The environment requirements for full-automatic installation of openEuler using kickstart are as follows: -- PM/VM \(for details about how to create VMs, see the documents from corresponding vendors\): includes the computer where kickstart is used for automatic installation and the computer where the kickstart tool is installed. -- Httpd: stores the kickstart file. -- TFTP: provides vmlinuz and initrd files. -- DHCPD/PXE: provides the DHCP service. -- ISO: openEuler-20.03-LTS-aarch64-dvd.iso +- PM/VM \(For details about how to create VMs, see the documents from corresponding vendors\): includes the computer where kickstart is used for automatic installation and the computer where the kickstart tool is installed. +- httpd: stores the kickstart file. +- TFTP: provides vmlinuz and initrd files. +- DHCPD/PXE: provides the DHCP service. +- ISO: openEuler-{version}-{arch}-dvd.iso. This document uses **openEuler-20.03-LTS-SP4-aarch64-dvd.iso** as an example. ### Procedure To use kickstart to perform full-automatic installation of openEuler, perform the following steps: -**Environment Preparation** +#### Environment Preparation ->![](./public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Before the installation, ensure that the firewall of the HTTP server is disabled. Run the following command to disable the firewall: ->``` +> +>```shell >iptables -F ->``` +>``` -1. Install httpd and start the service. +1. Install httpd and start the service. - ``` - # dnf install httpd -y - # systemctl start httpd - # systemctl enable httpd + ```shell + dnf install httpd -y + systemctl start httpd + systemctl enable httpd ``` -2. Install and configure TFTP. +2. Install and configure TFTP. - ``` - # dnf install tftp-server -y - # vim /etc/xinetd.d/tftp + ```shell + $ dnf install tftp-server xinetd -y + $ vim /etc/xinetd.d/tftp service tftp { socket_type = dgram @@ -239,24 +233,24 @@ To use kickstart to perform full-automatic installation of openEuler, perform th cps = 100 2 flags = IPv4 } - # systemctl start tftp - # systemctl enable tftp - # systemctl start xinetd - # systemctl status xinetd - # systemctl enable xinetd + $ systemctl start tftp + $ systemctl enable tftp + $ systemctl start xinetd + $ systemctl status xinetd + $ systemctl enable xinetd ``` -3. Run the following commands to prepare the installation source: +3. Prepare the installation source. - ``` - # mount openEuler-20.03-LTS-aarch64-dvd.iso /mnt - # cp -r /mnt/* /var/www/html/openEuler/ + ```shell + mount openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt + cp -r /mnt/* /var/www/html/openEuler/ ``` -4. Set and modify the kickstart configuration file **openEuler-ks.cfg**. Select the HTTP installation source by referring to [3](#en-us_topic_0229291289_l1692f6b9284e493683ffa2ef804bc7ca). +4. Set and modify the kickstart configuration file **openEuler-ks.cfg**. Select the HTTP installation source by referring to [3](#en-us_topic_0229291289_l1692f6b9284e493683ffa2ef804bc7ca). - ``` - #vim /var/www/html/ks/openEuler-ks.cfg + ```shell + $ vim /var/www/html/ks/openEuler-ks.cfg ==================================== ***Modify the following information as required.*** #version=DEVEL @@ -279,15 +273,15 @@ To use kickstart to perform full-automatic installation of openEuler, perform th ... ``` -5. Modify the PXE configuration file **grub.cfg** as follows: +5. Modify the PXE configuration file **grub.cfg** as follows. (Note: Currently, openEuler does not support the cfg file in bls format. For the x86_64 architecture, replace **grubaa64.efi** with **grubx64.efi**.) - ``` - # cp -r /mnt/images/pxeboot/* /var/lib/tftpboot/ - # cp /mnt/EFI/BOOT/grubaa64.efi /var/lib/tftpboot/ - # cp /mnt/EFI/BOOT/grub.cfg /var/lib/tftpboot/ - # ls /var/lib/tftpboot/ + ```shell + $ cp -r /mnt/images/pxeboot/* /var/lib/tftpboot/ + $ cp /mnt/EFI/BOOT/grubaa64.efi /var/lib/tftpboot/ + $ cp /mnt/EFI/BOOT/grub.cfg /var/lib/tftpboot/ + $ ls /var/lib/tftpboot/ grubaa64.efi grub.cfg initrd.img TRANS.TBL vmlinuz - # vim /var/lib/tftpboot/grub.cfg + $ vim /var/lib/tftpboot/grub.cfg set default="1" function load_video { @@ -314,27 +308,25 @@ To use kickstart to perform full-automatic installation of openEuler, perform th ### BEGIN /etc/grub.d/10_linux ### - menuentry 'Install openEuler 20.03 LTS' --class red --class gnu-linux --class gnu --class os { + menuentry 'Install openEuler 20.03 LTS SP4' --class red --class gnu-linux --class gnu --class os { set root=(tftp,192.168.1.1) linux /vmlinuz ro inst.geoloc=0 console=ttyAMA0 console=tty0 rd.iscsi.waitnet=0 inst.ks=http://192.168.122.1/ks/openEuler-ks.cfg initrd /initrd.img } ``` -6. Run the following commands to configure DHCP \(which can be replaced by DNSmasq\): +6. Configure DHCP \(which can be replaced by DNSmasq\). For the x86_64 architecture, replace **grubaa64.efi** with **grubx64.efi**. - ``` - # dnf install dhcp -y - # + ```shell + $ dnf install dhcp -y # DHCP Server Configuration file. # see /usr/share/doc/dhcp-server/dhcpd.conf.example # see dhcpd.conf(5) man page - # - # vim /etc/dhcp/dhcpd.conf + $ vim /etc/dhcp/dhcpd.conf ddns-update-style interim; ignore client-updates; - filename "grubaa64.efi"; # pxelinux location of the startup file; - next-server 192.168.122.1; # (IMPORTANT) TFTP server IP address; + filename "grubaa64.efi"; # location of the pxelinux startup file; + next-server 192.168.122.1; # (IMPORTANT) IP address of the TFTP server; subnet 192.168.122.0 netmask 255.255.255.0 { option routers 192.168.111.1; # Gateway address option subnet-mask 255.255.255.0; # Subnet mask @@ -342,14 +334,13 @@ To use kickstart to perform full-automatic installation of openEuler, perform th default-lease-time 21600; max-lease-time 43200; } - # systemctl start dhcpd - # systemctl enable dhcpd + $ systemctl start dhcpd + $ systemctl enable dhcpd ``` +#### Installing the System -**Installing the System** - -1. On the **Start boot option** screen, press **F2** to boot from the PXE and start automatic installation. +1. On the **Start boot option** screen, press **F2** to boot from the PXE and start automatic installation. ![](./figures/en-us_image_0229291270.png) @@ -357,8 +348,7 @@ To use kickstart to perform full-automatic installation of openEuler, perform th ![](./figures/en-us_image_0229291247.png) -2. The automatic installation window is displayed. -3. Verify that the installation is complete. +2. The automatic installation window is displayed. +3. Verify that the installation is complete. ![](./figures/completing-the-automatic-installation.png) - diff --git a/docs/en/docs/KubeOS/about-kubeos.md b/docs/en/docs/KubeOS/about-kubeos.md new file mode 100644 index 0000000000000000000000000000000000000000..0793503e800b357dd197021a5726f13fb9e992b8 --- /dev/null +++ b/docs/en/docs/KubeOS/about-kubeos.md @@ -0,0 +1,42 @@ +# About KubeOS + +## Introduction + +Containers and Kubernetes are widely used in cloud scenarios. However, a current manner of managing the containers and the OSs separately usually faces problems of function redundancy and difficult collaboration between scheduling systems. In addition, it is difficult to manage OS versions. Software packages are installed, updated, and deleted separately in OSs of the same version. After a period of time, the OS versions become inconsistent, causing version fragmentation. Besides, the OSs may be tightly coupled with services, making it difficult to upgrade major versions. To solve the preceding problems, openEuler provides KubeOS, a container OS upgrade tool based on openEuler. + +Container OSs are lightweight OSs designed for scenarios where services run in containers. KubeOS connects container OSs as components to Kubernetes, so that the container OSs are in the same position as services. The Kubernetes cluster manages containers and container OSs in a unified system. + +KubeOS is a Kubernetes operator for controlling the container OS upgrade process and upgrading the container OSs as a whole to implement collaboration between the OS manager and services. Before the container OSs are upgraded, services are migrated to other nodes to reduce the impact on services during OS upgrade and configuration. In this upgrade pattern, the container OSs are upgraded atomically so that the OSs remain synchronized with the expected status. This ensures that the OS versions in the cluster are consistent, preventing version fragmentation. + +## Architecture + +### KubeOS Architecture + +**Figure 1** KubeOS architecture + +![](./figures/kubeos-architecture.png) + +As shown in the preceding figure, KubeOS consists of three components: os-operator, os-proxy, and os-agent. The os-operator and os-proxy components run in containers and are deployed in the Kubernetes cluster. The os-agent component does not belong to the cluster and runs on worker nodes as processes. + +- os-operator: global container OS manager, which continuously checks the container OS versions of all nodes, controls the number of nodes to be upgraded concurrently based on the configured information, and marks the nodes to be upgraded. + +- os-proxy: OS manager of a single node, which continuously checks the container OS version of the node. If a node is marked as the node to be upgraded by os-operator, the node is locked, the pod is evicted, and the upgrade information is forwarded to os-agent. + +- os-agent: receives information from the proxy, downloads the container OS image used for upgrade from the OS image server, upgrades the container OS, and restarts the node. + + +### File System of a Container OS + +**Figure 2** File system layout of a container OS + +![](./figures/file-system-layout-of-a-container-os.png) + + + +As shown in the figure, a container OS comprises four partitions: + +- boot partition: GRUB2 file partition. +- Persist partition: stores persistent user data. When the container OS is upgraded, the data in this partition is retained. +- Two root partitions: A container OS uses the dual-partition mode with two root partitions, rootA and rootB. Assume that the system runs on the rootA partition after initialization. When the system is upgraded, the new system is downloaded to the rootB partition. GRUB has two boot options: A and B. The default boot option of GRUB is set to B and the node is restarted. After the node is started, the container OS runs on the updated rootB partition. + +The root file system of the container OS is read-only. Users' persistent data is stored in the Persist partition. diff --git a/docs/en/docs/KubeOS/figures/file-system-layout-of-a-container-os.png b/docs/en/docs/KubeOS/figures/file-system-layout-of-a-container-os.png new file mode 100644 index 0000000000000000000000000000000000000000..b4a3af27b6dd7f23dc6f45ec4601bfceabbf5e9a Binary files /dev/null and b/docs/en/docs/KubeOS/figures/file-system-layout-of-a-container-os.png differ diff --git a/docs/en/docs/KubeOS/figures/kubeos-architecture.png b/docs/en/docs/KubeOS/figures/kubeos-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..7d32855d3167706975c2323109005af3ffb1b4f5 Binary files /dev/null and b/docs/en/docs/KubeOS/figures/kubeos-architecture.png differ diff --git a/docs/en/docs/KubeOS/installation-and-deployment.md b/docs/en/docs/KubeOS/installation-and-deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..9a6d59afcc85a9baa371cbd2ab16eace8b277ba6 --- /dev/null +++ b/docs/en/docs/KubeOS/installation-and-deployment.md @@ -0,0 +1,213 @@ +# Installation and Deployment + +This chapter describes how to install and deploy the KubeOS tool. + + + +- [Installation and Deployment](#installation-and-deployment) + - [Software and Hardware Requirements](#software-and-hardware-requirements) + - [Hardware Requirements](#hardware-requirements) + - [Software Requirements](#software-requirements) + - [Environment Preparation](#environment-preparation) + - [KubeOS Installation](#kubeos-installation) + - [KubeOS Deployment](#kubeos-deployment) + - [Building the os-operator and os-proxy Images](#building-the-os-operator-and-os-proxy-images) + - [Building a Container OS Image](#building-a-container-os-image) + - [Deploying CRD, os-operator, and os-roxy](#deploying-crd-os-operator-and-os-proxy) + + + +## Software and Hardware Requirements + +### Hardware Requirements + +- Currently, only the x86 and ARM architectures are supported. + +### Software Requirements + +- OS: openEuler 20.03 LTS SP4 + +### Environment Preparation + +- Install the openEuler system. For details, see the _openEuler 20.03 LTS SP4 Installation Guide_. +- Install qemu-img, bc, Parted, tar, Yum, and Docker. + +## KubeOS Installation + +To install KubeOS, perform the following steps: + +1. Configure the Yum sources: openEuler 20.03 LTS SP4 and openEuler 20.03 LTS SP4:EPOL: + + ```text + [openEuler20.03] # openEuler 20.03 LTS SP4 official source + name=openEuler20.03 + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/RPM-GPG-KEY-openEuler + ``` + + ```text + [Epol] # openEuler 20.03-LTS-SP4:EPOL official source + name=Epol + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/main/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler + ``` + +2. Install KubeOS as the **root** user. + + ```shell + # yum install KubeOS KubeOS-scripts -y + ``` + +> ![](./public_sys-resources/icon-note.gif)**NOTE**: +> +> KubeOS is installed in the **/opt/kubeOS** directory, including the os-operator, os-proxy, os-agent binary files, container OS image build tools, and corresponding configuration files. + +## KubeOS Deployment + +After KubeOS is installed, you need to configure and deploy it. This section describes how to configure and deploy KubeOS. + +### Building the os-operator and os-proxy Images + +#### Environment Preparation + +Before using Docker to create a container image, ensure that Docker has been installed and configured. + +#### Procedure + +1. Go to the working directory. + + ```shell + cd /opt/kubeOS + ``` + +2. Specify the image repository, name, and version for os-proxy. + + ```shell + export IMG_PROXY=your_imageRepository/os-proxy_imageName:version + ``` + +3. Specify the image repository, name, and version for os-operator. + + ```shell + export IMG_OPERATOR=your_imageRepository/os-operator_imageName:version + ``` + +4. Compile a Dockerfile to build an image. Pay attention to the following points when compiling a Dockerfile: + + - The os-operator and os-proxy images must be built based on the base image. Ensure the security of the base image. + - Copy the os-operator and os-proxy binary files to the corresponding images. + - Ensure that the **root** owner and owner group are assigned for the os-proxy binary file in the os-proxy image, and the file permission is **500**. + - Ensure that the owner and owner group of the os-operator binary file in the os-operator image are the user who runs the os-operator process in the container, and the file permission is **500**. + - The locations of the os-operator and os-proxy binary files in the image and the commands run during container startup must correspond to the parameters specified in the YAML file used for deployment. + + An example Dockerfile is as follows: + + ```text + FROM your_baseimage + COPY ./bin/proxy /proxy + ENTRYPOINT ["/proxy"] + ``` + + ```text + FROM your_baseimage + COPY --chown=6552:6552 ./bin/operator /operator + ENTRYPOINT ["/operator"] + ``` + + You can build the Dockerfile in multiple phases. + +5. Build the images to be deployed in containers (os-operator and os-proxy images). + + ```shell + # Specify the Dockerfile path of os-proxy. + export DOCKERFILE_PROXY=your_dockerfile_proxy + # Specify the Dockerfile path of os-operator. + export DOCKERFILE_OPERATOR=your_dockerfile_operator + # Build images. + docker build -t ${IMG_OPERATOR} -f ${DOCKERFILE_OPERATOR} . + docker build -t ${IMG_PROXY} -f ${DOCKERFILE_PROXY} . + ``` + +6. Push the container images to the image repository. + + ```shell + docker push ${IMG_OPERATOR} + docker push ${IMG_PROXY} + ``` + +### Building a Container OS Image + +#### Precautions + +- The **root** permissions are required for creating a container OS image. +- The RPM package source of the container OS image build tool is the everything and EPOL repos of the current version of openEuler. In the **repo** file used to create a image, you are advised to set the everything and EPOL repos of the current version of openEuler as the Yum sources. +- By default, the container OS image built using the default RPM list is stored in the same path as the build tool. This partition must have at least 25 GiB free disk space. +- When creating a container OS image, you cannot customize the file system to be mounted. + +#### Procedure + +The command for creating a container OS is as follows: + +`generate.sh` _REPO_PATH VERSION AGENT_PATH ENCRYPTED_PASSWD_ + +The parameters are described as follows: + +- `REPO_PATH`: full repo file path +- `AGENT_PATH`: os-agent binary file path +- `VERSION`: version of the created container OS image +- `ENCRYPTED_PASSWD`: password of the **root** user of the container OS image. The password is encrypted with a salt value and can be generated using OpenSSL or KIWI commands. + +To create a container OS, perform the following steps: + +1. Go to the execution directory. + + ```shell + cd /opt/kubeOS/scripts + ``` + +2. Run `generate.sh` to create the container OS. The following is a command example: + + ```shell + bash generate.sh xx.repo v1 ../bin/os-agent '''$1$xyz$RdLyKTL32WEvK3lg8CXID0''' + ``` + + In the command, `xx.repo` indicates the Yum source used to create the image. You are advised to set the everything and EPOL repos of the current version of openEuler as the Yum sources. + After the container OS image is created, the following files are generated in the **/opt/kubeOS/scripts** directory: + + - **system.qcow2**: system image. The default size of **system.qcow2** is 20 GiB. The size of the root file system partition is less than 2020 MiB, and the size of the Persist partition is less than 16 GiB. + - **update.img**: partition image of the root file system that is used for upgrade. + + The created container OS image can be used only in the VM of the x86 or ARM architecture. + +### Deploying CRD, os-operator, and os-proxy + +#### Precautions + +- Deploy the Kubernetes cluster first. For details, see the _openEuler 20.03 LTS SP4 Kubernetes Cluster Deployment Guide_. + +- The OS of the worker nodes to be upgraded in the cluster must be the container OS built using the method described in the previous section. If it is not, use **system.qcow2** to deploy the VM again. For details about how to deploy a VM, see the _openEuler 20.03 LTS SP4 Virtualization User Guide_. Currently, the master nodes do not support container OS upgrade. Use openEuler 20.03 LTS SP4 to deploy the upgrade on the master nodes. +- Compile the YAML files for deploying CustomResourceDefinition (CRD), os-operator, os-proxy, and role-based access control (RBAC) of the OS. +- The os-operator and os-proxy components are deployed in the Kubernetes cluster. os-operator must be deployed as a Deployment, and os-proxy as a DaemonSet. +- Deploy Kubernetes security mechanisms, such as the RBAC, pod service account, and security policy. + +#### Procedure + +1. Prepare YAML files, including those used for deploying CRD, RBAC, os-operator, and os-proxy of the OS. For details, see [YAML examples](https://gitee.com/openeuler/KubeOS/tree/master/docs/example/config). The following uses **crd.yaml**, **rbac.yaml**, and **manager.yaml** as examples. + +2. Deploy CRD, RBAC, os-operator, and os-proxy. Assume that the **crd.yaml**, **rbac.yaml**, and **manager.yaml** files are stored in the **config/crd**, **config/rbac**, and **config/manager** directories, respectively. Run the following commands: + + ```shell + kubectl apply -f config/crd + kubectl apply -f config/rbac + kubectl apply -f config/manager + ``` + +3. After the deployment is complete, run the following command to check whether each component is started properly. If **STATUS** of all components is **Running**, the components are started properly. + + ```shell + kubectl get pods -A + ``` diff --git a/docs/en/docs/KubeOS/overview.md b/docs/en/docs/KubeOS/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..9378ffee824ed1022b26360b1cfb01a45d1a7370 --- /dev/null +++ b/docs/en/docs/KubeOS/overview.md @@ -0,0 +1,9 @@ +# KubeOS Overview + +This document describes how to install, deploy, and use KubeOS in the openEuler system. KubeOS connects the container OS to the scheduling system in standard extension pattern and manages the OS upgrade of nodes in the cluster through the scheduling system. + +This document is intended for community developers, open source enthusiasts, and partners who use the openEuler system and want to learn and use the container OSs. Users must: + +* Know basic Linux operations. +* Understand Kubernetes and Docker. + diff --git a/docs/en/docs/KubeOS/public_sys-resources/icon-note.gif b/docs/en/docs/KubeOS/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/docs/KubeOS/public_sys-resources/icon-note.gif differ diff --git a/docs/en/docs/KubeOS/usage-instructions.md b/docs/en/docs/KubeOS/usage-instructions.md new file mode 100644 index 0000000000000000000000000000000000000000..c0c79e97713f65d30768c89f09953f970ec58363 --- /dev/null +++ b/docs/en/docs/KubeOS/usage-instructions.md @@ -0,0 +1,110 @@ +# Usage Instructions + + + +- [Usage Instructions](#usage-instructions) + + - [Precautions](#precautions) + + - [Upgrade](#upgrade) + + - [Rollback](#rollback) + + - [Application Scenarios](#application-scenarios) + + - [Manual Rollback](#manual-rollback) + + - [KubeOS-based Rollback](#kubeos-based-rollback) + + + +## Precautions + +1. KubeOS provides atomic upgrade for all software packages. By default, single-package upgrade is not supported. +2. KubeOS supports container OSs with two partitions. Partitions more than two are not supported. +3. You can view the upgrade logs of a single node in the **/var/log/messages** file on the node. +4. Strictly follow the upgrade and rollback processes described in this document. If the processes are invoked in an abnormal sequence, the system may fail to be upgraded or rolled back. + +## Upgrade + +Compile the YAML file to deploy the instance of the OS custom resource (CR) in the cluster. The following is an example YAML file for deploying the CR instance: + +```text +apiVersion: upgrade.openeuler.org/v1alpha1 +kind: OS +metadata: + name: os-sample +spec: + osversion: KubeOS 1.0.0 + imageurl: edit.image.url + maxunavailable: 1 + checksum: image checksum + flagSafe: imageurl is safe or not +``` + +Parameter description: + +| Parameter | Description | Mandatory (Yes/No)| +| -------------- | ----------------------------------- | -------- | +| osversion | Version of the OS image used for the upgrade | Yes | +| imageurl | Address of the image used for the upgrade | Yes | +| maxunavailable | Number of nodes that are upgraded concurrently | Yes | +| checksum | Checksum (SHA-256) value of the image used for the upgrade| Yes | +| flagSafe | Whether `imageurl` specifies a secure address| Yes | + +The address specified by `imageurl` contains the protocol. Only the HTTP or HTTPS protocol is supported. If `imageurl` is set to an HTTPS address, secure transmission is used. If `imageurl` is set to an HTTP address, set `flagSafe` to `true`, because the image can be downloaded only when the address is secure. If `imageurl` is set to an HTTP address but `flagSafe` is not set to `true`, the address is insecure by default. The image will not be downloaded, and a message is written to the log of the node to be upgraded indicating that the address is insecure. + +You are advised to set `imageurl` to an HTTPS address. In this case, ensure that the required certificate has been installed on the node to be upgraded. If the image server is maintained by yourself, you need to sign the certificate and ensure that the certificate has been installed on the node to be upgraded. Place the certificate in the **/etc/pki/ca-trust/source/anchors** directory of the container OS and run the `update-ca-trust extract` command to install the certificate. The administrator specifies the address and must ensure the security of the address. The intranet address is recommended. + +Assume that the YAML file is **upgrade_v1alpha1_os.yaml**. + +Check the OS version of the node that is not upgraded. + +```shell +kubectl get nodes -o custom-columns='NAME:.metadata.name,OS:.status.nodeInfo.osImage' +``` + +Run the following command to deploy the CR instance in the cluster. The node is upgraded based on the configured parameters. + +```shell +kubectl apply -f upgrade_v1alpha1_os.yaml +``` + +Check the node OS version again to determine whether the node upgrade is complete. + +```shell +kubectl get nodes -o custom-columns='NAME:.metadata.name,OS:.status.nodeInfo.osImage' +``` + +> ![](./public_sys-resources/icon-note.gif)**NOTE**: +> +> If the upgrade needs to be performed again, modify the `imageurl`, `osversion`, `checksum`, `maxunavailable`, or `flagSafe` parameter in the **upgrade_v1alpha1_os.yaml** file. + +## Rollback + +### Application Scenarios + +- If a node cannot be started, you can only manually roll back the container OS to the previous version that can be properly started. +- If a node can be started and run the system, you can manually or use KubeOS (similar to the upgrade) to roll back the container OS. You are advised to use KubeOS. + +### Manual Rollback + +Manually restart the node and select the second boot option to roll back the container OS. Manual rollback can only roll back the container OS to the version before the upgrade. + +### KubeOS-based Rollback + +1. Modify the YAML configuration file (for example, **upgrade_v1alpha1_os.yaml**) of the OS CR instance. Set the `imageurl`, `osversion`, `checksum`, and `flagSafe` parameters to the information about the target version to be rolled back to. + +2. Update the CR instance in the cluster. + + ```shell + kubectl apply -f upgrade_v1alpha1_os.yaml + ``` + + After the update is complete, the node rolls back the container OS based on the configuration information. + +3. Check the OS version of the container on the node to determine whether the rollback is successful. + + ```shell + kubectl get nodes -o custom-columns='NAME:.metadata.name,OS:.status.nodeInfo.osImage' + ``` diff --git a/docs/en/docs/Kubernetes/Kubernetes.md b/docs/en/docs/Kubernetes/Kubernetes.md new file mode 100644 index 0000000000000000000000000000000000000000..e119ec13afac9a1c0261caec174c298aebc28397 --- /dev/null +++ b/docs/en/docs/Kubernetes/Kubernetes.md @@ -0,0 +1,14 @@ +# Kubernetes Cluster Deployment Guide + +**Statement: The Kubernetes software package is stored in the openEuler EPOL repo. This document is applicable only to experiment and learning environments and is not applicable to commercial environments.** + +This document describes how to deploy a Kubernetes cluster using a binary file on openEuler. + +Note: All operations in this document are performed using **root** permissions. + +## Cluster Status + +The cluster status used in this document is as follows: + +- Cluster structure: six VMs running the **openEuler 20.03 LTS SP4** OS, three of which are master nodes, and three of which are nodes. +- Physical machine: **x86/ARM** server of **openEuler 20.03 LTS SP4**. diff --git a/docs/en/docs/Kubernetes/deploying-a-Kubernetes-cluster.md b/docs/en/docs/Kubernetes/deploying-a-Kubernetes-cluster.md new file mode 100644 index 0000000000000000000000000000000000000000..3e499ed57bb0bb1f543787b9b73758a124b772ae --- /dev/null +++ b/docs/en/docs/Kubernetes/deploying-a-Kubernetes-cluster.md @@ -0,0 +1,16 @@ +# Deploying a Kubernetes Cluster + +This section describes how to deploy a Kubernetes cluster. + +## Environment + +Obtain the following VM list based on the preceding VM installation and deployment: + +| HostName | MAC | IPv4 | +| ---------- | ----------------- | ------------------ | +| k8smaster0 | 52:54:00:00:00:80 | 192.168.122.154/24 | +| k8smaster1 | 52:54:00:00:00:81 | 192.168.122.155/24 | +| k8smaster2 | 52:54:00:00:00:82 | 192.168.122.156/24 | +| k8snode1 | 52:54:00:00:00:83 | 192.168.122.157/24 | +| k8snode2 | 52:54:00:00:00:84 | 192.168.122.158/24 | +| k8snode3 | 52:54:00:00:00:85 | 192.168.122.159/24 | diff --git a/docs/en/docs/Kubernetes/deploying-a-node-component.md b/docs/en/docs/Kubernetes/deploying-a-node-component.md new file mode 100644 index 0000000000000000000000000000000000000000..1515b4675fcd90101234b92f88919d09f62e771f --- /dev/null +++ b/docs/en/docs/Kubernetes/deploying-a-node-component.md @@ -0,0 +1,382 @@ +# Deploying a Node Component + +This section uses the `k8snode1` node as an example. + +## Environment Preparation + +```bash +# A proxy needs to be configured for the intranet. +$ dnf install -y docker iSulad conntrack-tools socat containernetworking-plugins +$ swapoff -a +$ mkdir -p /etc/kubernetes/pki/ +$ mkdir -p /etc/cni/net.d +$ mkdir -p /opt/cni +# Delete the default kubeconfig file. +$ rm /etc/kubernetes/kubelet.kubeconfig + +## Use iSulad as the runtime ########. +# Configure the iSulad. +cat /etc/isulad/daemon.json +{ + "registry-mirrors": [ + "docker.io" + ], + "insecure-registries": [ + "k8s.gcr.io", + "quay.io" + ], + "pod-sandbox-image": "k8s.gcr.io/pause:3.2",# pause type + "network-plugin": "cni", # If this parameter is left blank, the CNI network plug-in is disabled. In this case, the following two paths become invalid. After the plug-in is installed, restart iSulad. + "cni-bin-dir": "/usr/libexec/cni/", + "cni-conf-dir": "/etc/cni/net.d", +} + +# Add the proxy to the iSulad environment variable and download the image. +cat /usr/lib/systemd/system/isulad.service +[Service] +Type=notify +Environment="HTTP_PROXY=http://name:password@proxy:8080" +Environment="HTTPS_PROXY=http://name:password@proxy:8080" + +# Restart the iSulad and set it to start automatically upon power-on. +systemctl daemon-reload +systemctl restart isulad + + + + +## If Docker is used as the runtime, run the following command: ######## +$ dnf install -y docker +# If a proxy environment is required, configure a proxy for Docker, add the configuration file http-proxy.conf, and edit the following content. Replace name, password, and proxy-addr with the actual values. +$ cat /etc/systemd/system/docker.service.d/http-proxy.conf +[Service] +Environment="HTTP_PROXY=http://name:password@proxy-addr:8080" +$ systemctl daemon-reload +$ systemctl restart docker +``` + +## Creating kubeconfig Configuration Files + +Perform the following operations on each node to create a configuration file: + +```bash +$ kubectl config set-cluster openeuler-k8s \ + --certificate-authority=/etc/kubernetes/pki/ca.pem \ + --embed-certs=true \ + --server=https://192.168.122.154:6443 \ + --kubeconfig=k8snode1.kubeconfig + +$ kubectl config set-credentials system:node:k8snode1 \ + --client-certificate=/etc/kubernetes/pki/k8snode1.pem \ + --client-key=/etc/kubernetes/pki/k8snode1-key.pem \ + --embed-certs=true \ + --kubeconfig=k8snode1.kubeconfig + +$ kubectl config set-context default \ + --cluster=openeuler-k8s \ + --user=system:node:k8snode1 \ + --kubeconfig=k8snode1.kubeconfig + +$ kubectl config use-context default --kubeconfig=k8snode1.kubeconfig +``` + +**Note: Change k8snode1 to the corresponding node name.** + +## Copying the Certificate + +Similar to the control plane, all certificates, keys, and related configurations are stored in the `/etc/kubernetes/pki/` directory. + +```bash +$ ls /etc/kubernetes/pki/ +ca.pem k8snode1.kubeconfig kubelet_config.yaml kube-proxy-key.pem kube-proxy.pem +k8snode1-key.pem k8snode1.pem kube_proxy_config.yaml kube-proxy.kubeconfig +``` + +## CNI Network Configuration + +containernetworking-plugins is used as the CNI plug-in used by kubelet. In the future, plug-ins such as calico and flannel can be introduced to enhance the network capability of the cluster. + +```bash +# Bridge Network Configuration +$ cat /etc/cni/net.d/10-bridge.conf +{ + "cniVersion": "0.3.1", + "name": "bridge", + "type": "bridge", + "bridge": "cnio0", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "subnet": "10.244.0.0/16", + "gateway": "10.244.0.1" + }, + "dns": { + "nameservers": [ + "10.244.0.1" + ] + } +} + +# Loopback Network Configuration +$ cat /etc/cni/net.d/99-loopback.conf +{ + "cniVersion": "0.3.1", + "name": "lo", + "type": "loopback" +} +``` + +## Deploying the kubelet Service + +### Configuration File on Which Kubelet Depends + +```bash +$ cat /etc/kubernetes/pki/kubelet_config.yaml +kind: KubeletConfiguration +apiVersion: kubelet.config.k8s.io/v1beta1 +authentication: + anonymous: + enabled: false + webhook: + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.pem +authorization: + mode: Webhook +clusterDNS: +- 10.32.0.10 +clusterDomain: cluster.local +runtimeRequestTimeout: "15m" +tlsCertFile: "/etc/kubernetes/pki/k8snode1.pem" +tlsPrivateKeyFile: "/etc/kubernetes/pki/k8snode1-key.pem" +``` + +**Note: The IP address of the cluster DNS is 10.32.0.10, which must be the same as the value of service-cluster-ip-range.** + +### Compiling the systemd Configuration File + +```bash +$ cat /usr/lib/systemd/system/kubelet.service +[Unit] +Description=kubelet: The Kubernetes Node Agent +Documentation=https://kubernetes.io/docs/ +Wants=network-online.target +After=network-online.target + +[Service] +ExecStartPre=swapoff -a +ExecStart=/usr/bin/kubelet \ + --config=/etc/kubernetes/pki/kubelet_config.yaml \ + --network-plugin=cni \ + --pod-infra-container-image=k8s.gcr.io/pause:3.2 \ + --kubeconfig=/etc/kubernetes/pki/k8snode1.kubeconfig \ + --register-node=true \ + --hostname-override=k8snode1 \ + --cni-bin-dir="/usr/libexec/cni,/opt/cni/bin" \ + --v=2 + +Restart=always +StartLimitInterval=0 +RestartSec=10 + +[Install] +WantedBy=multi-user.target +``` + +**Note: If iSulad is used as the runtime, add the following configuration:** + +```bash +--container-runtime=remote \ +--container-runtime-endpoint=unix:///var/run/isulad.sock \ +``` + +## Deploying kube-proxy + +### Configuration File on Which kube-proxy Depends + +```bash +cat /etc/kubernetes/pki/kube_proxy_config.yaml +kind: KubeProxyConfiguration +apiVersion: kubeproxy.config.k8s.io/v1alpha1 +clientConnection: + kubeconfig: /etc/kubernetes/pki/kube-proxy.kubeconfig +clusterCIDR: 10.244.0.0/16 +mode: "iptables" +``` + +### Compiling the systemd Configuration File + +```bash +$ cat /usr/lib/systemd/system/kube-proxy.service +[Unit] +Description=Kubernetes Kube-Proxy Server +Documentation=https://kubernetes.io/docs/reference/generated/kube-proxy/ +After=network.target + +[Service] +EnvironmentFile=-/etc/kubernetes/config +EnvironmentFile=-/etc/kubernetes/proxy +ExecStart=/usr/bin/kube-proxy \ + $KUBE_LOGTOSTDERR \ + $KUBE_LOG_LEVEL \ + --config=/etc/kubernetes/pki/kube_proxy_config.yaml \ + --hostname-override=k8snode1 \ + $KUBE_PROXY_ARGS +Restart=on-failure +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target +``` + +## Starting a Component Service + +```bash +systemctl enable kubelet kube-proxy +systemctl start kubelet kube-proxy +``` + +Deploy other nodes in sequence. + +## Verifying the Cluster Status + +Wait for several minutes and run the following command to check the node status: + +```bash +$ kubectl get nodes --kubeconfig /etc/kubernetes/pki/admin.kubeconfig +NAME STATUS ROLES AGE VERSION +k8snode1 Ready 17h v1.20.2 +k8snode2 Ready 19m v1.20.2 +k8snode3 Ready 12m v1.20.2 +``` + +## Deploying coredns + +coredns can be deployed on a node or master node. In this document, coredns is deployed on the `k8snode1` node. + +### Compiling the coredns Configuration File + +```bash +$ cat /etc/kubernetes/pki/dns/Corefile +.:53 { + errors + health { + lameduck 5s + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + endpoint https://192.168.122.154:6443 + tls /etc/kubernetes/pki/ca.pem /etc/kubernetes/pki/admin-key.pem /etc/kubernetes/pki/admin.pem + kubeconfig /etc/kubernetes/pki/admin.kubeconfig default + fallthrough in-addr.arpa ip6.arpa + } + prometheus :9153 + forward . /etc/resolv.conf { + max_concurrent 1000 + } + cache 30 + loop + reload + loadbalance +} +``` + +Note: + +- Listen to port 53. +- Configure the Kubernetes plug-in, including the certificate and the URL of kube api. + +### Preparing the service File of systemd + +```bash +cat /usr/lib/systemd/system/coredns.service +[Unit] +Description=Kubernetes Core DNS server +Documentation=https://github.com/coredns/coredns +After=network.target + +[Service] +ExecStart=bash -c "KUBE_DNS_SERVICE_HOST=10.32.0.10 coredns -conf /etc/kubernetes/pki/dns/Corefile" + +Restart=on-failure +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target +``` + +### Starting the Service + +```bash +systemctl enable coredns +systemctl start coredns +``` + +### Creating the Service Object of coredns + +```bash +$ cat coredns_server.yaml +apiVersion: v1 +kind: Service +metadata: + name: kube-dns + namespace: kube-system + annotations: + prometheus.io/port: "9153" + prometheus.io/scrape: "true" + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" +spec: + clusterIP: 10.32.0.10 + ports: + - name: dns + port: 53 + protocol: UDP + - name: dns-tcp + port: 53 + protocol: TCP + - name: metrics + port: 9153 + protocol: TCP +``` + +### Creating the Endpoint Object of coredns + +```bash +$ cat coredns_ep.yaml +apiVersion: v1 +kind: Endpoints +metadata: + name: kube-dns + namespace: kube-system +subsets: + - addresses: + - ip: 192.168.122.157 + ports: + - name: dns-tcp + port: 53 + protocol: TCP + - name: dns + port: 53 + protocol: UDP + - name: metrics + port: 9153 + protocol: TCP +``` + +### Confirming the coredns Service + +```bash +# View the service object. +$ kubectl get service -n kube-system kube-dns +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +kube-dns ClusterIP 10.32.0.10 53/UDP,53/TCP,9153/TCP 51m +# View the endpoint object. +$ kubectl get endpoints -n kube-system kube-dns +NAME ENDPOINTS AGE +kube-dns 192.168.122.157:53,192.168.122.157:53,192.168.122.157:9153 52m +``` diff --git a/docs/en/docs/Kubernetes/deploying-control-plane-components.md b/docs/en/docs/Kubernetes/deploying-control-plane-components.md new file mode 100644 index 0000000000000000000000000000000000000000..0b43839e6d92df140e4d800376e6db20b35418c7 --- /dev/null +++ b/docs/en/docs/Kubernetes/deploying-control-plane-components.md @@ -0,0 +1,368 @@ +# Deploying Components on the Control Plane + +## Open dependence ports + +``` +$ firewall-cmd --zone=public --add-port=6443/tcp +$ firewall-cmd --zone=public --add-port=10251-10252/tcp +``` + +## Preparing the kubeconfig File for All Components + +### kube-proxy + +```bash +kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://192.168.122.154:6443 --kubeconfig=kube-proxy.kubeconfig +kubectl config set-credentials system:kube-proxy --client-certificate=/etc/kubernetes/pki/kube-proxy.pem --client-key=/etc/kubernetes/pki/kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig +kubectl config set-context default --cluster=openeuler-k8s --user=system:kube-proxy --kubeconfig=kube-proxy.kubeconfig +kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig +``` + +### kube-controller-manager + +```bash +kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=kube-controller-manager.kubeconfig +kubectl config set-credentials system:kube-controller-manager --client-certificate=/etc/kubernetes/pki/kube-controller-manager.pem --client-key=/etc/kubernetes/pki/kube-controller-manager-key.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig +kubectl config set-context default --cluster=openeuler-k8s --user=system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig +kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig +``` + +### kube-scheduler + +```bash +kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=kube-scheduler.kubeconfig +kubectl config set-credentials system:kube-scheduler --client-certificate=/etc/kubernetes/pki/kube-scheduler.pem --client-key=/etc/kubernetes/pki/kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig +kubectl config set-context default --cluster=openeuler-k8s --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig +kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig +``` + +### admin + +```bash +kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=admin.kubeconfig +kubectl config set-credentials admin --client-certificate=/etc/kubernetes/pki/admin.pem --client-key=/etc/kubernetes/pki/admin-key.pem --embed-certs=true --kubeconfig=admin.kubeconfig +kubectl config set-context default --cluster=openeuler-k8s --user=admin --kubeconfig=admin.kubeconfig +kubectl config use-context default --kubeconfig=admin.kubeconfig +``` + +### Obtaining the kubeconfig Configuration File + +```bash +admin.kubeconfig kube-proxy.kubeconfig kube-controller-manager.kubeconfig kube-scheduler.kubeconfig +``` + +## Configuration for Generating the Key Provider + +When api-server is started, a key pair `--encryption-provider-config=/etc/kubernetes/pki/encryption-config.yaml` needs to be provided. In this document, a key pair `--encryption-provider-config=/etc/kubernetes/pki/encryption-config.yaml` is generated by using urandom: + +```bash +$ cat generate.bash +#!/bin/bash + +ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64) + +cat > encryption-config.yaml < + k8smaster0 + 8 + 8 + + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + /var/lib/libvirt/qemu/nvram/k8smaster0.fd + + + + + + + + + 1 + + destroy + restart + restart + + /usr/libexec/qemu-kvm + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +Some VM configurations must be unique. Therefore, you need to modify the following to ensure that the VM is unique: + +- **name**: host name of the VM. You are advised to use lowercase letters. In this example, the value is **k8smaster0**. +- **nvram**: handle file path of the NVRAM, which must be globally unique. In this example, the value is **/var/lib/libvirt/qemu/nvram/k8smaster0.fd**. +- **source file** of **disk**: VM disk file path. In this example, the value is **/mnt/vm/images/master0.img**. +- **mac address** of **interface**: MAC address of the interface. In this example, the value is **52:54:00:00:00:80**. + +## Installing a VM + +1. Create and start a VM. + + ```shell + virsh define master.xml + virsh start k8smaster0 + ``` + +2. Obtain the VNC port number of the VM. + + ```shell + virsh vncdisplay k8smaster0 + ``` + +3. Use a VM connection tool, such as VNC Viewer, to remotely connect to the VM and perform configurations as prompted. + +4. Set the host name of the VM, for example, **k8smaster0**. + + ```shell + hostnamectl set-hostname k8smaster0 + ``` diff --git a/docs/en/docs/Kubernetes/preparing-certificates.md b/docs/en/docs/Kubernetes/preparing-certificates.md new file mode 100644 index 0000000000000000000000000000000000000000..37082e2c1ed098ff54c09e13bdff1255b603ba6a --- /dev/null +++ b/docs/en/docs/Kubernetes/preparing-certificates.md @@ -0,0 +1,413 @@ + +# Preparing Certificates + +**Statement: The certificate used in this document is self-signed and cannot be used in a commercial environment.** + +Before deploying a cluster, you need to generate certificates required for communication between components in the cluster. This document uses the open-source CFSSL as the verification and deployment tool to help users understand the certificate configuration and the association between certificates of cluster components. You can select a tool based on the site requirements, for example, OpenSSL. + +## Building and Installing CFSSL + +The following commands for building and installing CFSSL are for your reference (the CFSSL website access permission is required, and the proxy must be configured first): + +```bash +wget --no-check-certificate https://github.com/cloudflare/cfssl/archive/v1.5.0.tar.gz +tar -zxf v1.5.0.tar.gz +cd cfssl-1.5.0/ +make -j6 +cp bin/* /usr/local/bin/ +``` + +## Generating a Root Certificate + +Compile the CA configuration file, for example, ca-config.json: + +```bash +$ cat ca-config.json | jq +{ + "signing": { + "default": { + "expiry": "8760h" + }, + "profiles": { + "kubernetes": { + "usages": [ + "signing", + "key encipherment", + "server auth", + "client auth" + ], + "expiry": "8760h" + } + } + } +} +``` + +Compile a CA CSR file, for example, ca-csr.json: + +```bash +$ cat ca-csr.json | jq +{ + "CN": "Kubernetes", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "openEuler", + "OU": "WWW", + "ST": "BinJiang" + } + ] +} +``` + +Generate the CA certificate and key: + +```bash +cfssl gencert -initca ca-csr.json | cfssljson -bare ca +``` + +The following certificates are obtained: + +```bash +ca.csr ca-key.pem ca.pem +``` + +## Generating the admin Account Certificate + +admin is an account used by K8S for system management. Compile the CSR configuration of the admin account, for example, admin-csr.json: + +```bash +cat admin-csr.json | jq +{ + "CN": "admin", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "system:masters", + "OU": "Containerum", + "ST": "BinJiang" + } + ] +} +``` + +Generate a certificate: + +```bash +cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin +``` + +The result is as follows: + +```bash +admin.csr admin-key.pem admin.pem +``` + +## Generating a service-account Certificate + +Compile the CSR configuration file of the service-account account, for example, service-account-csr.json: + +```bash +cat service-account-csr.json | jq +{ + "CN": "service-accounts", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "Kubernetes", + "OU": "openEuler k8s install", + "ST": "BinJiang" + } + ] +} +``` + +Generate a certificate: + +```bash +cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes service-account-csr.json | cfssljson -bare service-account +``` + +The result is as follows: + +```bash +service-account.csr service-account-key.pem service-account.pem +``` + +## Generating the kube-controller-manager Certificate + +Compile the CSR configuration of kube-controller-manager: + +```bash +{ + "CN": "system:kube-controller-manager", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "system:kube-controller-manager", + "OU": "openEuler k8s kcm", + "ST": "BinJiang" + } + ] +} +``` + +Generate a certificate: + +```bash +cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json-profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager +``` + +The result is as follows: + +```bash +kube-controller-manager.csr kube-controller-manager-key.pem kube-controller-manager.pem +``` + +## Generating the kube-proxy Certificate + +Compile the CSR configuration of kube-proxy: + +```bash +{ + "CN": "system:kube-proxy", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "system:node-proxier", + "OU": "openEuler k8s kube proxy", + "ST": "BinJiang" + } + ] +} +``` + +Generate a certificate: + +```bash +cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy +``` + +The result is as follows: + +```bash +kube-proxy.csr kube-proxy-key.pem kube-proxy.pem +``` + +## Generating the kube-scheduler Certificate + +Compile the CSR configuration of kube-scheduler: + +```bash +{ + "CN": "system:kube-scheduler", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "system:kube-scheduler", + "OU": "openEuler k8s kube scheduler", + "ST": "BinJiang" + } + ] +} +``` + +Generate a certificate: + +```bash +cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler +``` + +The result is as follows: + +```bash +kube-scheduler.csr kube-scheduler-key.pem kube-scheduler.pem +``` + +## Generating the kubelet Certificate + +The certificate involves the host name and IP address of the server where kubelet is located. Therefore, the configuration of each node is different. The script is compiled as follows: + +```bash +$ cat node_csr_gen.bash + +#!/bin/bash + +nodes=(k8snode1 k8snode2 k8snode3) +IPs=("192.168.122.157" "192.168.122.158" "192.168.122.159") + +for i in "${!nodes[@]}"; do + +cat > "${nodes[$i]}-csr.json" < - -- [Quick Start](#quick-start) - - [Installation Preparations](#installation-preparations) - - [Obtaining the Installation Source](#obtaining-the-installation-source) - - [Release Package Integrity Check](#release-package-integrity-check) - - [Starting the Installation](#starting-the-installation) - - [Installation](#installation) - - [Viewing System Information](#viewing-system-information) - - - -## Installation Preparations - -- Hardware Compatibility - - [Table 1](#table14948632047) describes the types of supported servers. - - **Table 1** Supported servers - - - - - - - - - - - - - - - - -

Server Type

-

Server Name

-

Server Model

-

Rack server

-

TaiShan 200

-

2280 balanced model

-

Rack server

-

FusionServer Pro

-

FusionServer Pro 2288H V5

-
NOTE:

The server must be configured with the Avago SAS3508 RAID controller card and the LOM-X722 NIC.

-
-
- -- Minimum Hardware Specifications - - [Table 2](#tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications supported by openEuler. - - **Table 2** Minimum hardware specifications - - - - - - - - - - - - - - - - - - - - - - - - -

Component

-

Minimum Hardware Specifications

-

Description

-

Architecture

-
  • AArch64
  • x86_64
-
  • 64-bit Arm architecture
  • 64-bit Intel x86 architecture
-

CPU

-
  • Huawei Kunpeng 920 series
  • Intel ® Xeon® processor
-

-

-

Memory

-

≥ 4 GB (8 GB or higher recommended for better user experience)

-

-

-

Hard disk

-

≥ 120 GB (for better user experience)

-

The hard disk supports IDE, SATA, SAS interfaces.

-
- +This document uses openEuler 20.03 LTS SP4 installed on the TaiShan 200 server as an example to describe how to quickly install and use openEuler OS. For details about the installation requirements and methods, see the [Installation Guide](./../Installation/Installation.md). + +## Making Preparations + +- Hardware Compatibility + + [Table 1](#table14948632047) describes the types of supported servers. + + **Table 1** Supported servers + + + + + + + + + + + + + + + + + +

Server Type

+

Server Name

+

Server Model

+

Rack server

+

TaiShan 200

+

2280 balanced model

+

Rack server

+

FusionServer Pro

+

FusionServer Pro 2288H V5

+
NOTE:

The server must be configured with the Avago SAS3508 RAID controller card and the LOM-X722 NIC.

+
+
+ +- Minimum Hardware Specifications + + [Table 2](#tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications supported by openEuler. + + **Table 2** Minimum hardware specifications + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Component

Minimum Hardware Specifications

Description

Architecture

  • AArch64
  • x86_64
  • 64-bit Arm architecture
  • 64-bit Intel x86 architecture

CPU

  • Huawei Kunpeng 920 series
  • Intel ® Xeon® processor

-

Memory

≥ 4 GB (8 GB or higher recommended for better user experience)

-

Drive

≥ 120 GB (for better user experience)

  • IDE, SATA, and SAS drives are supported.
  • A driver software is required to use the NVMe drive with the DIF feature. Contact the drive manufacturer if the feature is not available.

## Obtaining the Installation Source Perform the following operations to obtain the openEuler release package: -1. Log in to the [openEuler Community](https://openeuler.org) website. -2. Click **Download**. -3. Click the link provided after **Download ISO**. The download list is displayed. -4. Click **openEuler-20.03-LTS**. The openEuler 20.03 LTS version download list is displayed. -5. Click **ISO**. The ISO download list is displayed. - - **aarch64**: ISO image file of the AArch64 architecture - - **x86\_64**: ISO image file of the x86\_64 architecture - - **source**: ISO image file of the openEuler source code +1. Visit the [openEuler](https://www.openeuler.org/en/) website. +2. Click **Downloads**. +3. Click **Community Editions**. The version list is displayed. +4. Click **Download** on the right of **openEuler 20.03 LTS SP4**. +5. Select the openEuler release package and verification file to be downloaded based on the architecture of the environment to be installed. -6. Select the openEuler release package and verification file to be downloaded based on the architecture of the environment to be installed. - - If the AArch64 architecture is used: - 1. Click **aarch64**. - 2. Click **openEuler-20.03-LTS-aarch64-dvd.iso** to download the openEuler release package to the local host. - 3. Click **openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. + - If the AArch64 architecture is used: - - If the x86\_64 architecture is used: - 1. Click **x86\_64**. - 2. Click **openEuler-20.03-LTS-x86\_64-dvd.iso** to download the openEuler release package to the local host. - 3. Click **openEuler-20.03-LTS-x86\_64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. + 1. Click **aarch64**. + 2. Choose the required ISO type and click **Download** to download the openEuler release package to the local host. + 3. Click **SHA256** to copy the checksum. Save the checksum as a local verification file. + - If the x86\_64 architecture is used: + 1. Click **x86\_64**. + 2. Choose the required ISO type and click **Download** to download the openEuler release package to the local host. + 3. Click **SHA256** to copy the checksum. Save the checksum as a local verification file. -## Release Package Integrity Check +## Checking the Release Package Integrity To prevent incomplete download of the software package due to network or storage device problems during the transmission, you can perform the following steps to check the integrity of the obtained openEuler software package: -1. Obtain the verification value in the verification file. Run the following command: - - ``` - $ cat openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum - ``` +1. Calculate the SHA256 verification value of the file. Run the following command: -2. Calculate the SHA256 verification value of the file. Run the following command: + ```shell + sha256sum openEuler-20.03-LTS-SP4-aarch64-dvd.iso + ``` - ``` - $ sha256sum openEuler-20.03-LTS-aarch64-dvd.iso - ``` + After the command is run, the verification value is displayed. - After the command is run, the verification value is displayed. +2. Check whether the verification value is the same as that in the local verification file. -3. Check whether the values calculated in step 1 and step 2 are consistent. + If the verification values are the same, the .iso file is not damaged. If they are not the same, the file is damaged and you need to obtain the file again. - If the verification values are consistent, the .iso file is not damaged. If they are inconsistent, you can confirm that the file is damaged and you need to obtain the file again. +## Starting Installation +1. Log in to the iBMC WebUI. -## Starting the Installation + For details, see [TaiShan 200 Server User Guide (Model 2280)](https://support.huawei.com/enterprise/en/doc/EDOC1100093459). -1. Log in to the iBMC WebUI. +2. Choose **Configuration** from the main menu, and select **Boot Device** from the navigation tree. The **Boot Device** page is displayed. - For details, see [TaiShan 200 Server User Guide \(Model 2280\)](https://support.huawei.com/enterprise/en/doc/EDOC1100093459). + Set **Effective** and **Boot Medium** to **One-time** and **DVD-ROM**, respectively, and click **Save**, as shown in [Figure 1](#fig1011938131018). -2. Choose **Configuration** from the main menu, and select **Boot Device** from the navigation tree. The **Boot Device** page is displayed. + **Figure 1** Setting the boot device +![](./figures/setting-the-boot-device.png "setting-the-boot-device") - Set **Effective** and **Boot Medium** to **One-time** and **DVD-ROM**, respectively, and click **Save**, as shown in [Figure 1](#fig1011938131018). +3. Choose **Remote Console** from the main menu. The **Remote Console** page is displayed. - **Figure 1** Setting the boot device - ![](./figures/setting-the-boot-device.png "setting-the-boot-device") + Select an integrated remote console as required to access the remote virtual console, for example, **Java Integrated Remote Console (Shared)**. -3. Choose **Remote Console** from the main menu. The **Remote Console** page is displayed. +4. On the toolbar, click the icon shown in the following figure. - Select an integrated remote console as required to access the remote virtual console, for example, **Java Integrated Remote Console \(Shared\)**. + **Figure 2** Drive icon +![](./figures/drive-icon.png "drive-icon") -4. On the toolbar, click the icon shown in the following figure. + An image dialog box is displayed, as shown in the following figure. - **Figure 2** Drive icon - ![](./figures/drive-icon.png "drive-icon") + **Figure 3** Image dialog box +![](./figures/image-dialog-box.png "image-dialog-box") - An image dialog box is displayed, as shown in the following figure. +5. Select **Image File** and then click **Browse**. The **Open** dialog box is displayed. - **Figure 3** Image dialog box - ![](./figures/image-dialog-box.png "image-dialog-box") +6. Select the image file and click **Open**. In the image dialog box, click **Connect**. If **Connect** changes to **Disconnect**, the virtual CD/DVD-ROM drive is connected to the server. -5. Select **Image File** and then click **Browse**. The **Open** dialog box is displayed. -6. Select the image file and click **Open**. In the image dialog box, click **Connect**. If **Connect** changes to **Disconnect**, the virtual CD/DVD-ROM drive is connected to the server. -7. On the toolbar, click the restart icon shown in the following figure to restart the device. +7. On the toolbar, click the restart icon shown in the following figure to restart the device. - **Figure 4** Restart icon - ![](./figures/restart-icon.png "restart-icon") + **Figure 4** Restart icon +![](./figures/restart-icon.png "restart-icon") -8. A boot menu is displayed after the system restarts, as shown in [Figure 5](#fig1648754873314). +8. A boot menu is displayed after the system restarts, as shown in [Figure 5](#fig1648754873314). - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >- If you do not perform any operations within 1 minute, the system automatically selects the default option **Test this media & install openEuler 20.03 LTS** and enters the installation page. - >- During PM installation, if you cannot use the arrow keys to select boot options and the system does not respond after you press **Enter**, click ![](./figures/en-us_image_0229420473.png) on the BMC page and configure **Key & Mouse Reset**. + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > - If you do not perform any operations within 1 minute, the system automatically selects the default option **Test this media \& install openEuler 20.03-LTS-SP4** and enters the installation page. + > - During physical machine installation, if you cannot use the arrow keys to select boot options and the system does not respond after you press **Enter**, click ![](./figures/en-us_image_0229420473.png) on the BMC page and configure **Key \& Mouse Reset**. - **Figure 5** Installation Wizard - ![](./figures/installation-wizard.png) + **Figure 5** Installation wizard + ![](./figures/Installation_wizard.png "Installation_wizard") -9. On the installation wizard page, press **Enter** to select the default option **Test this media & install openEuler 20.03 LTS** to enter the GUI installation page. +9. On the installation wizard page, press **Enter** to select the default option **Test this media \& install openEuler 20.03-LTS-SP4** to enter the GUI installation page. -## Installation +## Performing Installation After entering the GUI installation page, perform the following operations to install the system: -1. Set an installation language. The default language is English. You can change the language based on the site requirements, as shown in [Figure 6](#fig874344811484). +1. Set an installation language. The default language is English. You can change the language based on the site requirements, as shown in [Figure 6](#fig874344811484). **Figure 6** Selecting a language - ![](./figures/selecting-a-language.png) + ![](./figures/selecting-a-language.png "selecting-a-language") -2. On the **INSTALLATION SUMMARY** page, set configuration items based on the site requirements. +2. On the **INSTALLATION SUMMARY** page, set configuration items based on the site requirements. - - A configuration item with an alarm symbol must be configured. When the alarm symbol disappears, you can perform the next operation. - - A configuration item without an alarm symbol is configured by default. - - You can click **Begin Installation** to install the system only when all alarms are cleared. + - A configuration item with an alarm symbol must be configured. When the alarm symbol disappears, you can perform the next operation. + - A configuration item without an alarm symbol is configured by default. + - You can click **Begin Installation** to install the system only when all alarms are cleared. **Figure 7** Installation summary - ![](./figures/installation-summary.png) + ![](./figures/installation-summary.png "installation-summary") - 1. Select **Software Selection** to set configuration items. + 1. Select **Software Selection** to set configuration items. Based on the site requirements, select **Minimal Install** on the left box and select an add-on in the **Add-Ons for Selected Environment** area on the right, as shown in [Figure 8](#fig1133717611109). **Figure 8** Selecting installation software - ![](./figures/selecting-installation-software.png) + ![](./figures/selecting-installation-software.png "selecting-installation-software") - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >- In **Minimal Install** mode, not all packages in the installation source will be installed. If the required package is not installed, you can mount the installation source to the local PC and configure a repo source, and use DNF to install the package. - >- If you select **Virtual Host**, the virtualization components QEMU, libvirt, and edk2 are installed by default. You can select whether to install the OVS component in the add-on area. + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > - In **Minimal Install** mode, not all packages in the installation source are installed. If a required package is not installed, you can mount the installation source to the local host as a repo source, and use DNF to install the package. + > - If you select **Virtual Host**, the virtualization components QEMU, libvirt, and edk2 are installed by default. You can select whether to install the OVS component in the add-on area. After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. - 2. Select **Installation Destination** to set configuration items. + 2. Select **Installation Destination** to set configuration items. + + On the **INSTALLATION DESTINATION** page, select a local storage device. - On the **INSTALLATION DESTINATION** page, select a local storage device or click **Add a disk** to add a specified additional device or network device. You also need to configure the storage to partition the system. You can either manually configure partitions or select **Automatic** to automatically configure partitioning. Select **Automatic** if the software is installed in a new storage device or the data in the storage device is not required, as shown in [Figure 9](#fig153381468101). + > ![](./public_sys-resources/icon-notice.gif) **NOTICE:** + > The NVMe data protection feature is not supported because the NVMe drivers built in the BIOSs of many servers are of earlier versions. (Data protection: Format disk sectors to 512+N or 4096+N bytes.) Therefore, when selecting a proper storage medium, do not select an NVMe SSD with data protection enabled as the system disk. Otherwise, the OS may fail to boot. + > Users can consult the server vendor about whether the BIOS supports NVMe disks with data protection enabled as system disks. If you cannot confirm whether the BIOS supports NVMe disks with data protection enabled as system disks, you are not advised to use an NVMe disk to install the OS, or you can disable the data protection function of an NVMe disk to install the OS. - >![](./public_sys-resources/icon-notice.gif) **NOTICE:** - >When selecting the device to be installed, you are advised not to use the NVMe SSD storage medium as the OS installation disk. + You also need to configure the storage to partition the system. You can either manually configure partitions or select **Automatic** for automatic partitioning. Select **Automatic** if the software is installed in a new storage device or the data in the storage device is not required, as shown in [Figure 9](#fig153381468101). **Figure 9** Setting the installation destination - ![](./figures/setting-the-installation-destination.png) + ![](./figures/setting-the-installation-destination.png "setting-the-installation-destination") - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >- During partitioning, to ensure system security and performance, you are advised to divide the device into the following partitions: **/boot**, **/var**, **/var/log**, **/var/log/audit**, **/home**, and **/tmp**. - >- If the system is configured with the swap partition, the swap partition is used when the physical memory of the system is insufficient. Although the swap partition can be used to expand the physical memory, if the swap partition is used due to insufficient memory, the system response slows and the system performance deteriorates. Therefore, you are not advised to configure the swap partition in the system with sufficient physical memory or the performance sensitive system. - >- If you need to split a logical volume group, select **Custom** to manually partition the logical volume group. On the **MANUAL PARTITIONING** page, click **Modify** in the **Volume Group** area to reconfigure the logical volume group. + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > - During partitioning, to ensure system security and performance, you are advised to divide the device into the following partitions: **/boot**, **/var**, **/var/log**, **/var/log/audit**, **/home**, and **/tmp**. + > - If the system is configured with the **swap** partition, the **swap** partition is used when the physical memory of the system is insufficient. Although the **swap** partition can be used to expand the physical memory, if the **swap** partition is used due to insufficient memory, the system response slows and the system performance deteriorates. Therefore, you are not advised to configure the **swap** partition in a system with sufficient physical memory or a performance-sensitive system. + > - If you need to split a logical volume group, select **Custom** to manually partition the logical volume group. On the **MANUAL PARTITIONING** page, click **Modify** in the **Volume Group** area to reconfigure the logical volume group. After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. - 3. Set other configuration items. You can use the default values for other configuration items. - -3. Click **Begin Installation** to install the system, as shown in [Figure 10](#fig1717019357392). - - **Figure 10** Starting installation - ![](./figures/starting-installation.png) + 3. Select **Root Password** and set the root password. -4. Set the root user password. + On the **ROOT PASSWORD** page, enter a password that meets the [Password Complexity](#password-complexity) requirements and confirm the password, as shown in [Figure 10](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018). - Click **Root Password**. In the displayed dialog box, as shown in [Figure 11](#en-us_topic_0186390266_en-us_topic_0122145909_fig1323165793018), enter a password and re-enter to confirm. + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > - The **root** account is used to perform key system management tasks. You are not advised to use the **root** account for daily work or system access. + > + > - If you select **Lock root account** on the **Root Password** page, the **root** account will be disabled. - >![](./public_sys-resources/icon-note.gif) **NOTE:** - >The **root** password must be configured when you install software packages. Otherwise, the installation will fail. A **root** account is used for performing critical system administration tasks. It is not recommended to use this account for daily work or system access. + **Password Complexity** - The password of the **root** user must meet the password complexity requirements. Otherwise, the password configuration or user creation will fail. The password complexity requirements are as follows: + The password of the **root** user or a new user must meet the password complexity requirements. Otherwise, the password setting or user creation will fail. The password must meet the following requirements: - - A password must contain at least eight characters. - - A password must contain at least three of the following types: uppercase letters, lowercase letters, digits, and special characters. - - A password must be different from the account name. - - A password cannot contain words in the dictionary. - - Querying a dictionary + 1. Contains at least eight characters. - In the installed openEuler environment, you can run the following command to export the dictionary library file **dictionary.txt**, and then check whether the password is in the dictionary. + 2. Contains at least three of the following: uppercase letters, lowercase letters, digits, and special characters. - ``` - cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt - ``` + 3. Different from the user name. - - Modifying a dictionary - - Modify the exported dictionary library file, and then run the following command to update the dictionary library: + 4. Not allowed to contain words in the dictionary. - ``` - create-cracklib-dict dictionary.txt - ``` + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > In the openEuler environment, you can run the `cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt` command to export the dictionary library file **dictionary.txt**. You can check whether the password is in this dictionary. + + **Figure 10** root password + ![](./figures/password-of-the-root-account.png "Root password") - - Run the following command to add another dictionary file **custom.txt** to the original dictionary library. + After the settings are completed, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. - ``` - create-cracklib-dict dictionary.txt custom.txt - ``` - - **Figure 11** Password of the **root** account - ![](./figures/password-of-the-root-account.png) - -5. Create a user. + 4. Select **Create a User** and set the parameters. - Click **User Creation**. [Figure 12](#en-us_topic_0186390266_en-us_topic_0122145909_fig1237715313319) shows the page for creating a user. Enter a username and set a password. The password complexity requirements are the same as those of the user **root**. By clicking **Advanced**, you can also configure a home directory and a user group, as shown in [Figure 13](#en-us_topic_0186390266_en-us_topic_0122145909_fig128716531312). + [Figure 11](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319) shows the page for creating a user. Enter the user name and set the password. The password complexity requirements are the same as those of the root password. In addition, you can set the home directory and user group by clicking **Advanced**, as shown in [Figure 12](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319). - **Figure 12** Creating a user - ![](./figures/creating-a-user.png) + **Figure 11** Creating a user + ![](./figures/creating-a-user.png "creating-a-user") - **Figure 13** Advanced user configuration - ![](./figures/advanced-user-configuration.png) + **Figure 12** Advanced user configuration + ![](./figures/advanced-user-configuration.png "Advanced user configuration") - After configuration, click **Done** in the left-upper corner to switch back to the installation process page. + After the settings are completed, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. -6. After the installation is complete, restart the system. + 5. Set other configuration items. You can use the default values for other configuration items. - openEuler has been installed, as shown in [Figure 14](#en-us_topic_0186390267_en-us_topic_0122145917_fig1429512116338). Click **Reboot** to restart the system. +3. Click **Start the Installation** to install the system, as shown in [Figure 13](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319). - **Figure 14** Completing the installation - ![](./figures/completing-the-installation.png) + **Figure 13** Starting the installation + ![](./figures/installation-process.png "installation-process") +4. After the installation is completed, restart the system. + openEuler has been installed. Click **Reboot** to restart the system. ## Viewing System Information -After the system is installed and restarted, the system CLI login page is displayed. Enter the username and password set during the installation to log in to openEuler OS and view the following system information. For details about system management and configuration, see the [openEuler 20.03 LTS Administrator Guide](https://openeuler.org/en/docs/20.03_LTS/docs/Administration/administration.html). - -- Run the following command to view the system information: - - ``` - cat /etc/os-release - ``` - - For example, the command and output are as follows: - - ``` - # cat /etc/os-release - NAME="openEuler" - VERSION="20.03 (LTS)" - ID="openEuler" - VERSION_ID="20.03" - PRETTY_NAME="openEuler 20.03 (LTS)" - ANSI_COLOR="0;31" - ``` - -- View system resource information. - - Run the following command to view the CPU information: - - ``` - lscpu - ``` - - Run the following command to view the memory information: - - ``` - free - ``` - - Run the following command to view the disk information: - - ``` - fdisk -l - ``` - -- Run the following command to view the IP address: - - ``` - ip addr - ``` - - +After the system is installed and restarted, the system CLI login page is displayed. Enter the username and password set during the installation to log in to openEuler and view the following system information. For details about system management and configuration, see the [openEuler 20.03 LTS SP4 Administrator Guide](https://docs.openeuler.org/en/docs/20.03_LTS_SP4/docs/Administration/administration.html). + +- Run the following command to view the system information: + + ```shell + # cat /etc/os-release + ``` + + For example, the command and output are as follows: + + ```shell + $ cat /etc/os-release + NAME="openEuler" + VERSION="20.03 (LTS-SP4)" + ID="openEuler" + VERSION_ID="20.03" + PRETTY_NAME="openEuler 20.03 (LTS-SP4)" + ANSI_COLOR="0;31" + ``` + +- View system resource information. + + Run the following command to view the CPU information: + + ```shell + lscpu + ``` + + Run the following command to view the memory information: + + ```shell + free + ``` + + Run the following command to view the disk partition information: + + ```shell + fdisk -l + ``` + +- Run the following command to view the IP address: + + ```shell + ip addr + ``` diff --git a/docs/en/docs/Releasenotes/account-list.md b/docs/en/docs/Releasenotes/account-list.md new file mode 100644 index 0000000000000000000000000000000000000000..f31dceb5e3927466715cc79a2f425125d6858e0e --- /dev/null +++ b/docs/en/docs/Releasenotes/account-list.md @@ -0,0 +1,6 @@ +# Account List + +| User Name| Default Password | Function | User Status| Login Mode | Remarks | +| ------ | ------------- | ------------------ | -------- | ------------------ | ------------------------------------------------------------ | +| root | openEuler12#$ | Default user of the VM image| Enabled | Remote login | This account is used to log in to the VM installed using the openEuler VM image. | +| root | openEuler#12 | GRUB2 login | Enabled | Local login and remote login| GRand UnifiedBootloader (GRUB) is used to boot different systems, such as Windows and Linux.
GRUB2 is an upgraded version of GRUB. When the system is started, you can modify startup parameters on the GRUB2 GUI. To ensure that the system startup parameters are modified with authorization, you need to encrypt the GRUB2 GUI. The GRUB2 GUI can be modified only when you enter the correct GRUB2 password.| diff --git a/docs/en/docs/Releasenotes/acknowledgement.md b/docs/en/docs/Releasenotes/acknowledgment.md similarity index 80% rename from docs/en/docs/Releasenotes/acknowledgement.md rename to docs/en/docs/Releasenotes/acknowledgment.md index 47c049cdd996b1d7f590a023e095661e90599b30..ac610fdf054e041e13d6b45bf2f9670d2c394f62 100644 --- a/docs/en/docs/Releasenotes/acknowledgement.md +++ b/docs/en/docs/Releasenotes/acknowledgment.md @@ -1,4 +1,4 @@ -# Acknowledgement +# Acknowledgment We sincerely thank all the members who participated in and assisted in the openEuler project. It is your hard work to make the version released successfully and provide the possibility for the better development of openEuler. diff --git a/docs/en/docs/Releasenotes/appendix.md b/docs/en/docs/Releasenotes/appendix.md new file mode 100644 index 0000000000000000000000000000000000000000..edeebe32818552eed3d1b5ced5e693ffded59d8d --- /dev/null +++ b/docs/en/docs/Releasenotes/appendix.md @@ -0,0 +1,7 @@ +The following legal information concerns some software in openEuler. + +This product includes the Zend Engine, freely available at http://www.zend.com + +Portions Copyright (c) 2002-2007 Charlie Poole or Copyright (c) 2002-2004 James W. Newkirk, Michael C. Two, Alexei A. Vorontsov or Copyright (c) 2000-2002 Philip A. Craig +Portions of this software are copyright © <2020> The FreeType Project (www.freetype.org). All rights reserved. + diff --git a/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md b/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md index eadc4c0a4ef5e520bd7666df52848975ff96247d..9ffabbb1f6077a88aa84ab2be45dd468c42c7842 100644 --- a/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md +++ b/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md @@ -1,4 +1,3 @@ -# Common Vulnerabilities and Exposures \(CVE\) - -For CVE involved in the version, see the [CVE list](https://cve.openeuler.org/#/CVE). +# Common Vulnerabilities and Exposures (CVEs) +For details about the CVEs involved in the version, see the [CVE list](https://www.openeuler.org/en/security/cve/). diff --git a/docs/en/docs/Releasenotes/contribution.md b/docs/en/docs/Releasenotes/contribution.md index cdac896b9a5b0634beec67586d09cdd93403958f..6a6007eb62e7202e7a77015de3c624b23010e0a6 100644 --- a/docs/en/docs/Releasenotes/contribution.md +++ b/docs/en/docs/Releasenotes/contribution.md @@ -1,22 +1,21 @@ # Contribution -As an openEuler user, you can contribute to the openEuler community in multiple ways. For details about how to contribute to the community, see [Contributions to the Community](https://openeuler.org/en/developer.html). Here, some methods are listed for reference. +As an openEuler user, you can contribute to the openEuler community in multiple ways. For details about how to contribute to the community, see [How to Contribute](https://www.openeuler.org/en/community/contribution/). Here, some methods are listed for reference. ## Special Interest Groups \(SIGs\) -openEuler brings together people of common interest to form different special interest groups \(SIGs\). For details about existing SIGs, see the [SIG list](https://openeuler.org/en/sig.html). +openEuler brings together people of common interest to form different special interest groups \(SIGs\). For details about existing SIGs, see the [SIG list](https://www.openeuler.org/en/sig/sig-list/). -You are welcome to join an existing SIG or create a SIG. For details about how to create a SIG, see the [SIG Management Procedure](https://gitee.com/openeuler/community/blob/master/zh/technical-committee/governance/README.md). +You are welcome to join an existing SIG or create a SIG. For details about how to create a SIG, see the [SIG Management Procedure](https://gitee.com/openeuler/community/blob/master/en/technical-committee/governance/README.md\). ## Mail List and Tasks -You are welcome to actively help users solve problems raised in the [mail list](https://openeuler.org/en/community/mails.html) and issues \(including [code repository issues](https://gitee.com/organizations/openeuler/issues) and [software package repository issues](https://gitee.com/organizations/src-openeuler/issues)\). In addition, you can submit an issue. All these will help the openEuler community to develop better. +You are welcome to actively help users solve problems raised in the [mail list](https://www.openeuler.org/en/community/mailing-list/) and issues \(including [code repository issues](https://gitee.com/organizations/openeuler/issues) and [software package repository issues](https://gitee.com/organizations/src-openeuler/issues)\). In addition, you can submit an issue. All these will help the openEuler community to develop better. ## Documents -You can contribute to the community by submitting code. We also welcome your feedback on problems and difficulties, or suggestions on improving the usability and integrity of documents. For example, problems in obtaining software or documents and difficulties in using the system. Welcome to pay attention to and improve the documentation module of the [openEuler community](https://openeuler.org/zh/). +You can contribute to the community by submitting code. We also welcome your feedback on problems and difficulties, or suggestions on improving the usability and integrity of documents. For example, problems in obtaining software or documents and difficulties in using the system. Welcome to pay attention to and improve the documentation module of the [openEuler community](https://www.openeuler.org/en/). ## IRC -openEuler has also opened a channel in IRC as an additional channel to provide community support and interaction. For details, see [openEuler IRC](https://openeuler.org/zh/community/irc.html). - +openEuler has also opened a channel in IRC as an additional channel to provide community support and interaction. For details, see [openEuler IRC](https://gitee.com/openeuler/community/blob/master/en/communication/). diff --git a/docs/en/docs/Releasenotes/installing-the-os.md b/docs/en/docs/Releasenotes/installing-the-os.md index 290189a13e6f84d111e1832be2e5c83c38b4270b..6ff4c368e4852699c83de8d5594444b77bd3a432 100644 --- a/docs/en/docs/Releasenotes/installing-the-os.md +++ b/docs/en/docs/Releasenotes/installing-the-os.md @@ -1,193 +1,125 @@ # Installing the OS -## Release Package +## Release Files -The following table lists the [openEuler release files](http://repo.openeuler.org/openEuler-20.03-LTS/), including the ISO release package, container image, VM image, and repo source that is used online. +The [openEuler release files](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/) include the [ISO release packages](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/ISO/), [VM images](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/virtual_machine_img/), [container images](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/docker_img/), and [repo sources](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/) that are used online. [Table 1](#table8396719144315), [Table 2](#table1995101714610) [Table 3](#table1276911538154), and [Table 4](#table953512211576) list the ISO release packages, VM images,container images, and repo sources, respectively. -**Table 1** openEuler release files +**Table 1** ISO release packages - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DirectoryTypeDescription
ISOISO release packageThe directory differentiates the ISO release packages for the AArch64, x86, and source, respectively. The details are as follows: -
    -
  • openEuler-20.03-LTS-aarch64-dvd.iso and openEuler-20.03-LTS-x86_64-dvd.iso are the openEuler basic installation software package ISO files for the AArch64 and x86 architectures, respectively. The ISO files contain basic components running on the openEuler OS and meet the basic requirements of developers.
    • -
  • openEuler-20.03-LTS-everything-aarch64-dvd.iso and openEuler-20.03-LTS-everything-x86_64-dvd.iso are the openEuler full software package ISO files for the AArch64 and x86 architectures, respectively. In addition to all software in the openEuler basic installation software package, the ISO files also contain the software packages that have been verified in the openEuler community, which meet the advanced requirements of developers.
    • -
  • openEuler-20.03-LTS-debuginfo-aarch64-dvd.iso and openEuler-20.03-LTS-debuginfo-x86_64-dvd.iso are the openEuler debugging software package ISO files for the AArch64 and x86 architectures, respectively. The ISO files contain the symbol table information required for debugging and are used for debugging software functions and performance.
    • -
  • openEuler-20.03-LTS-source-dvd.iso is the ISO file that contains all source code software packages of the openEuler community, which is used offline by developers.
    • -
-
Note: -

Each ISO release package has its own verification file, which is used to verify the integrity of the ISO release package.

-
-
docker_imgContainer imageThe openEuler container image, which provides only the basic bash environment, is used as the basic container image. The directory differentiates the container images for the AArch64 and x86 architectures, respectively. -
Note: -

Each container image has its own verification file, which is used to verify the integrity of the container image.

-
-
virtual_machine_imgVM image

The openEuler VM image provides only the basic running environment to shorten the VM deployment time. The directory differentiates the VM images for the AArch64 and x86 architectures, respectively.

-
说明: -
-
    -
  • The default password of the root user of the VM image is openEuler12#$. Change the password upon the first login.
    • -
  • Each VM image has its own verification file, which is used to verify the integrity of the VM image.
    • -
-
-
-
EPOLRepo sourceThe repo sources of the openEuler third-party software package are mainly contributed by third parties and communities, and are maintained by the providers. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively.
OSThe repo source of the openEuler basic installation software package provides the offline version upgrade function. The content of the software package is the same as that of the basic installation software package ISO in the ISO release package. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively.
debuginfoThe repo source of the openEuler debugging software package provides the online download function. The content of the software package is the same as that of the debugging software package ISO in the ISO release package. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively.
everythingThe repo source of the openEuler full software package provides the online download and version upgrade functions. The content of the software package is the same as that of the full software package ISO in the ISO release package. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively.
extrasThe repo source of the openEuler extended software package is used to release new software packages with added features. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively.
sourceThe repo source of all source code software packages in the openEuler community, which is used online by developers.
updateThe repo source of the openEuler upgrade software package, which is used to fix bugs and common vulnerabilities and exposures (CVE) in released versions and to update and release software with enhancements. It provides online download and software upgrade functions. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively.
+| Name | Description | +| :---- | :---- | +| openEuler-20.03-LTS-SP4-aarch64-dvd.iso | The openEuler basic installation software package ISO files for the AArch64 architecture. The ISO files contain basic components running on the openEuler OS | +| openEuler-20.03-LTS-SP4-everything-aarch64-dvd.iso | the openEuler full software package ISO files for the AArch64 architecture| +| openEuler-20.03-LTS-SP4-debug-aarch64-dvd.iso | The openEuler debugging software package ISO files for the AArch64 architecture, contains the symbol table information required for debugging | +| openEuler-20.03-LTS-SP4-netinst-aarch64-dvd.iso | The openEuler miniaturization ISO files for the AArch64 architecture. | +| openEuler-20.03-LTS-SP4-x86_64-dvd.iso | The openEuler basic installation software package ISO files for the x86 architecture. The ISO files contain basic components running on the openEuler OS | +| openEuler-20.03-LTS-SP4-everything-x86_64-dvd.iso | the openEuler full software package ISO files for the x86 architecture | +| openEuler-20.03-LTS-SP4-debug-x86_64-dvd.iso | The openEuler debugging software package ISO files for the x86 architecture, contains the symbol table information required for debugging | +| openEuler-20.03-LTS-SP4-netinst-x86_64-dvd.iso |The openEuler miniaturization ISO files for the x86 architecture. | +| openEuler-20.03-LTS-SP4-source-dvd.iso | The ISO file that contains all source code software packages of the openEuler community | + +**Table 2** VM images + +| Name | Description | +| :---- | :---- | +| openEuler-20.03-LTS-SP4.aarch64.qcow2.xz | The openEuler VM image for the AArch64 architecture | +| openEuler-20.03-LTS-SP4.x86_64.qcow2.xz | The openEuler VM image for the x86 architecture | + +> ![](./public_sys-resources/icon-note.gif) **NOTICE:** +> The default password of the root user of the VM image is openEuler12#$. Change the password upon the first login. + +**Table 3** Container images + +| Name | Description | +| :---- | :---- | +| openEuler-docker.aarch64.tar.xz | The openEuler container image for the AArch64 architecture | +| openEuler-docker.x86_64.tar.xz | The openEuler container image for the x86 architecture | +**Table 4** Repo sources +| Directory | Description | +| :---- | :---- | +| [ISO](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/ISO/) | The directory differentiates the ISO release packages for the AArch64, x86, and source, respectively | +| [OS](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/) | The repo source of the openEuler basic installation software package provides the offline version upgrade function | +| [debuginfo](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/debuginfo/) | The repo source of the openEuler debugging software package provides the online download function | +| [docker_img](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/docker_img/) | The openEuler container image, which provides only the basic bash environment, is used as the basic container image | +| [virtual_machine_img](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/virtual_machine_img/) | The openEuler VM image provides only the basic running environment to shorten the VM deployment time | +| [everything](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/) | The repo source of the openEuler full software package provides the online download and version upgrade functions | +| [source](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/source/) | The repo source of all source code software packages in the openEuler community, which is used online by developers | +| [update](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/update/) | The repo source of the openEuler upgrade software package, which is used to fix bugs and common vulnerabilities and exposures (CVE) in released versions and to update and release software with enhancements | +| [EPOL](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/) | The repo sources of the openEuler third-party software package are mainly contributed by third parties and communities | +| [raspi_img](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/raspi_img/) | The repo source of the openEuler Raspberry Pi image | +| [stratovirt_img](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/stratovirt_img/) | The repo source of the StratorVirt image | ## Minimal Hardware Specifications -[Table 5](#en-us_topic_0182825778_tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications for installing openEuler 20.03 LTS. - -**Table 5** Minimal hardware specifications - - - - - - - - - - - - - - - - -

Component

-

Minimal Hardware Specification

-

CPU

-

Kunpeng 920 (architecture: AArch64)

-

x86-64 (Skylake or later)

-

Memory

-

≥ 8 GB

-

Hard disk

-

≥ 120 GB

-
+[Table 5](#en-us_topic_0182825778_tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications for installing openEuler 20.03 LTS SP4. + +**Table 5** Minimal hardware specifications + +| Component | Minimal Hardware Specification | +| :---- | :---- | +| CPU | Kunpeng 920 (architecture: AArch64)
Skylake or later (x86-64) | +| Memory | ≥ 8 GB | +| Hard disk | ≥ 120 GB | ## Hardware Compatibility [Table 6](#en-us_topic_0227922427_table39822012) lists the typical configurations of servers and components supported by openEuler. openEuler will gradually support other servers in the future. Partners and developers are welcome to participate in the contribution and validation. -**Table 6** Supported servers and typical configurations - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Vendor

-

Server

-

Server Model

-

Component

-

Typical Configuration

-

Huawei

-

TaiShan 200

-

2280 balanced model

-

CPU

-

HiSilicon Kunpeng 920

-

Memory

-

32G\*4 2933MHz

-

RAID controller card

-

LSI SAS3508

-

Network

-

TM210

-

Huawei

-

FusionServer Pro

-

2288H V5 rack server

-

CPU

-

Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz

-

Memory

-

32*4 2400MHz

-

RAID controller card

-

LSI SAS3508

-

Network

-

X722

-
+**Table 6** Supported servers and typical configurations + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
VendorServerServer ModelComponentTypical Configuration
HuaweiTaiShan 2002280 balanced modelCPUKunpeng 920
Memory32G*4 2933MHz
NetworkTM210
HuaweiFusionServer Pro2288H V5 rack serverCPUIntel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz
Memory32*4 2400MHz
NetworkX722
PHYTIUMPhytiumFT-2000+/64CPUFT-2000+/64
MemoryMicron 16G*32
NetworkI350
diff --git a/docs/en/docs/Releasenotes/interface-change.md b/docs/en/docs/Releasenotes/interface-change.md new file mode 100644 index 0000000000000000000000000000000000000000..e9322ab9fa212a5f7803aa0081f60a23f700cd92 --- /dev/null +++ b/docs/en/docs/Releasenotes/interface-change.md @@ -0,0 +1,2265 @@ +# Interface Change + +The C/C++ interface changes are described as follows. + +## alsa-lib + +For details, see [alsa-lib](./LTS_to_SP2_changed_abi_detail/alsa-lib_all_result.md\) + +| function | type | +|:---- |:-- | +| snd_tplg_add_object | remove | +| snd_tplg_build | remove | +| snd_tplg_build_file | remove | +| snd_tplg_free | remove | +| snd_tplg_new | remove | +| snd_tplg_set_manifest_data | remove | +| snd_tplg_set_version | remove | +| snd_tplg_verbose | remove | +| snd_config_add_after | add | +| snd_config_add_before | add | +| snd_config_is_array | add | +| snd_dlpath | add | +| snd_mixer_selem_id_parse | add | +| snd_pcm_extplug_set_param_link | add | +| snd_pcm_ioplug_avail | add | +| snd_strlcpy | add | +| snd_use_case_parse_ctl_elem_id | add | +| snd_use_case_parse_selem_id | add | +| __old_snd_pcm_hw_params_set_access_first | change | +| __snd_ctl_elem_info_get_dimension | change | +| _snd_ctl_hw_open | change | +| _snd_rawmidi_hw_open | change | +| snd_midi_event_decode | change | +| snd_pcm_direct_client_chk_xrun | change | +| snd_pcm_dmix_open | change | +| snd_use_case_get | change | + +## atk + +For details, see [atk](./LTS_to_SP2_changed_abi_detail/atk_all_result.md\) + +| function | type | +|:---- |:-- | +| atk_object_get_accessible_id | add | +| atk_object_set_accessible_id | add | +| atk_plug_set_child | add | +| atk_text_scroll_substring_to | add | +| atk_text_scroll_substring_to_point | add | +| atk_add_focus_tracker | change | +| atk_text_attribute_for_name | change | + +## brltty + +For details, see [brltty](./LTS_to_SP2_changed_abi_detail/brltty_all_result.md\) + +| function | type | +|:---- |:-- | +| lxBrailleOfflineListener | remove | +| lxBrailleDeviceOfflineListener | add | + +## c-ares + +For details, see [c-ares](./LTS_to_SP2_changed_abi_detail/c-ares_all_result.md\) + +| function | type | +|:---- |:-- | +| ares_freeaddrinfo | add | +| ares_getaddrinfo | add | + +## e2fsprogs + +For details, see [e2fsprogs](./LTS_to_SP2_changed_abi_detail/e2fsprogs_all_result.md\) + +| function | type | +|:---- |:-- | +| e2p_feature_to_string | add | +| list_super | change | +| ext2fs_dirent_swab_in | add | +| ext2fs_dirent_swab_in2 | add | +| ext2fs_dirent_swab_out | add | +| ext2fs_dirent_swab_out2 | add | +| ext2fs_get_stat_i_blocks | add | +| ext2fs_resize_array | add | +| ext2fs_swap_ext_attr | add | +| ext2fs_swap_ext_attr_entry | add | +| ext2fs_swap_ext_attr_header | add | +| ext2fs_swap_group_desc | add | +| ext2fs_swap_group_desc2 | add | +| ext2fs_swap_inode | add | +| ext2fs_swap_inode_full | add | +| ext2fs_swap_mmp | add | +| ext2fs_swap_super | add | +| ext2fs_add_journal_device | change | +| ext2fs_file_get_size | change | +| ext2fs_file_lseek | change | +| ext2fs_file_set_size | change | +| ext2fs_file_set_size2 | change | +| ext2fs_inode_size_set | change | +| ext2fs_mmp_csum_set | change | + +## exiv2 + +For details, see [exiv2](./LTS_to_SP2_changed_abi_detail/exiv2_all_result.md\) + +| function | type | +|:---- |:-- | +| None | None | + +## fontconfig + +For details, see [fontconfig](./LTS_to_SP2_changed_abi_detail/fontconfig_all_result.md\) + +| function | type | +|:---- |:-- | +| IA__FcConfigGetFilename | add | +| IA__FcStrBuildFilename | add | +| FcConfigAddRule | change | +| IA__FcCacheCreateTagFile | change | +| IA__FcConfigGetCacheDirs | change | + +## glib2 + +For details, see [glib2](./LTS_to_SP2_changed_abi_detail/glib2_all_result.md\) + +| function | type | +|:---- |:-- | +| g_file_monitor_source_handle_event | change | + +### gnutls + +For details, see [gnutls](./LTS_to_SP2_changed_abi_detail/gnutls_all_result.md\) + +| function | type | +|:---- |:-- | +| gnutls::certificate_credentials::set_retrieve_function | change | +| _gnutls_buffer_clear | add | +| _gnutls_buffer_pop_datum | add | +| _gnutls_buffer_unescape | add | +| _gnutls_iov_iter_init | add | +| _gnutls_iov_iter_next | add | +| _gnutls_iov_iter_sync | add | +| gnutls_aead_cipher_decryptv2 | add | +| gnutls_aead_cipher_encryptv2 | add | +| gnutls_certificate_verification_profile_get_id | add | +| gnutls_certificate_verification_profile_get_name | add | +| gnutls_ext_get_name2 | add | +| gnutls_hkdf_expand | add | +| gnutls_hkdf_extract | add | +| gnutls_hmac_get_key_size | add | +| gnutls_pbkdf2 | add | +| gnutls_pkcs7_print_signature_info | add | +| gnutls_prf_hash_get | add | +| gnutls_psk_server_get_username2 | add | +| gnutls_psk_set_client_credentials2 | add | +| gnutls_psk_set_client_credentials_function2 | add | +| gnutls_psk_set_server_credentials_function2 | add | +| gnutls_session_get_keylog_function | add | +| gnutls_session_set_keylog_function | add | +| _gnutls13_psk_ext_iter_next_binder | change | +| _gnutls_cipher_get_iv | change | +| _gnutls_ecc_curve_is_supported | change | +| _gnutls_hello_set_default_version | change | +| gnutls_ocsp_req_export | change | +| gnutls_ocsp_req_get_extension | change | +| gnutls_ocsp_req_get_nonce | change | +| gnutls_ocsp_req_get_version | change | +| gnutls_ocsp_req_print | change | +| gnutls_ocsp_resp_check_crt | change | +| gnutls_ocsp_resp_export | change | +| gnutls_ocsp_resp_export2 | change | +| gnutls_ocsp_resp_get_certs | change | +| gnutls_ocsp_resp_get_extension | change | +| gnutls_ocsp_resp_get_nonce | change | +| gnutls_ocsp_resp_get_produced | change | +| gnutls_ocsp_resp_get_responder2 | change | +| gnutls_ocsp_resp_get_responder_raw_id | change | +| gnutls_ocsp_resp_get_response | change | +| gnutls_ocsp_resp_get_signature_algorithm | change | +| gnutls_ocsp_resp_print | change | +| gnutls_ocsp_resp_verify | change | +| gnutls_ocsp_resp_verify_direct | change | +| gnutls_ocsp_status_request_is_checked | change | +| gnutls_privkey_set_spki | change | +| gnutls_psk_allocate_client_credentials | change | +| gnutls_psk_allocate_server_credentials | change | +| gnutls_pubkey_get_spki | change | +| gnutls_x509_crq_get_spki | change | +| gnutls_x509_crq_get_tlsfeatures | change | +| gnutls_x509_crt_get_spki | change | +| gnutls_x509_privkey_get_spki | change | +| gnutls_x509_spki_deinit | change | +| gnutls_x509_spki_init | change | +| dane_query_data | change | +| dane_verify_session_crt | change | + +## grpc + +For details, see [grpc](./LTS_to_SP2_changed_abi_detail/grpc_all_result.md\) + +| function | type | +|:---- |:-- | +| None | None | + +## haveged + +For details, see [haveged](./LTS_to_SP2_changed_abi_detail/haveged_all_result.md\) + +| function | type | +|:---- |:-- | +| havege_reparent | add | + +## libcap-ng + +For details, see [libcap-ng](./LTS_to_SP2_changed_abi_detail/libcap-ng_all_result.md\) + +| function | type | +|:---- |:-- | +| capng_have_permitted_capabilities | add | + +## libcomps + +For details, see [libcomps](./LTS_to_SP2_changed_abi_detail/libcomps_all_result.md\) + +| function | type | +|:---- |:-- | +| None | None | + +## libdnf + +For details, see [libdnf](./LTS_to_SP2_changed_abi_detail/libdnf_all_result.md\) + +| function | type | +|:---- |:-- | +| libdnf::DependencyContainer::DependencyContainer | remove | +| libdnf::File::OpenException::OpenException | remove | +| libdnf::ModuleDefaultsContainer::ModuleDefaultsContainer | remove | +| libdnf::ModuleDefaultsContainer::fromString | remove | +| libdnf::ModuleDefaultsContainer::getDefaultProfiles | remove | +| libdnf::ModuleDefaultsContainer::getDefaultStreamFor | remove | +| libdnf::ModuleDefaultsContainer::getDefaultStreams | remove | +| libdnf::ModuleDefaultsContainer::reportFailures | remove | +| libdnf::ModuleDefaultsContainer::resolve | remove | +| libdnf::ModuleDefaultsContainer::saveDefaults | remove | +| libdnf::ModuleDefaultsContainer::~ModuleDefaultsContainer | remove | +| libdnf::ModuleDependencies::getRequirements | remove | +| libdnf::ModuleDependencies::wrapModuleDependencies | remove | +| libdnf::ModuleMetadata::ModuleMetadata | remove | +| libdnf::ModuleMetadata::getArchitecture | remove | +| libdnf::ModuleMetadata::getArtifacts | remove | +| libdnf::ModuleMetadata::getContext | remove | +| libdnf::ModuleMetadata::getDependencies | remove | +| libdnf::ModuleMetadata::getDescription | remove | +| libdnf::ModuleMetadata::getName | remove | +| libdnf::ModuleMetadata::getProfiles | remove | +| libdnf::ModuleMetadata::getStream | remove | +| libdnf::ModuleMetadata::getSummary | remove | +| libdnf::ModuleMetadata::getVersion | remove | +| libdnf::ModuleMetadata::getYaml | remove | +| libdnf::ModuleMetadata::metadataFromString | remove | +| libdnf::ModuleMetadata::wrapModulemdModule | remove | +| libdnf::ModuleMetadata::~ModuleMetadata | remove | +| libdnf::ModulePackage::ModulePackage | remove | +| libdnf::Repo::Impl::lrHandleInitRemote | remove | +| libdnf::Swdb::beginTransaction | remove | + +## libdrm + +For details, see [libdrm](./LTS_to_SP2_changed_abi_detail/libdrm_all_result.md\) + +| function | type | +|:---- |:-- | +| drmIsMaster | add | +| drmModeFreeFB2 | add | +| drmModeGetFB2 | add | +| drmSyncobjQuery | add | +| drmSyncobjQuery2 | add | +| drmSyncobjTimelineSignal | add | +| drmSyncobjTimelineWait | add | +| drmSyncobjTransfer | add | +| amdgpu_bo_list_create_raw | add | +| amdgpu_bo_list_destroy_raw | add | +| amdgpu_cs_ctx_override_priority | add | +| amdgpu_cs_query_reset_state2 | add | +| amdgpu_cs_submit_raw2 | add | +| amdgpu_cs_syncobj_export_sync_file2 | add | +| amdgpu_cs_syncobj_import_sync_file2 | add | +| amdgpu_cs_syncobj_query | add | +| amdgpu_cs_syncobj_query2 | add | +| amdgpu_cs_syncobj_timeline_signal | add | +| amdgpu_cs_syncobj_timeline_wait | add | +| amdgpu_cs_syncobj_transfer | add | +| amdgpu_bo_alloc | change | +| amdgpu_bo_import | change | +| amdgpu_bo_list_create | change | +| amdgpu_bo_va_op_raw | change | +| amdgpu_create_bo_from_user_mem | change | +| amdgpu_cs_chunk_fence_to_dep | change | +| amdgpu_cs_create_syncobj | change | +| amdgpu_cs_create_syncobj2 | change | +| amdgpu_cs_ctx_create | change | +| amdgpu_cs_ctx_create2 | change | +| amdgpu_cs_destroy_syncobj | change | +| amdgpu_cs_export_syncobj | change | +| amdgpu_cs_fence_to_handle | change | +| amdgpu_cs_import_syncobj | change | +| amdgpu_cs_submit_raw | change | +| amdgpu_cs_syncobj_import_sync_file | change | +| amdgpu_cs_syncobj_reset | change | +| amdgpu_cs_syncobj_wait | change | +| amdgpu_device_deinitialize | change | +| amdgpu_device_initialize | change | +| amdgpu_find_bo_by_cpu_mapping | change | +| amdgpu_get_marketing_name | change | +| amdgpu_query_buffer_size_alignment | change | +| amdgpu_query_crtc_from_id | change | +| amdgpu_query_firmware_version | change | +| amdgpu_query_gds_info | change | +| amdgpu_query_gpu_info | change | +| amdgpu_query_heap_info | change | +| amdgpu_query_hw_ip_count | change | +| amdgpu_query_hw_ip_info | change | +| amdgpu_query_info | change | +| amdgpu_query_sw_info | change | +| amdgpu_read_mm_registers | change | +| amdgpu_va_range_alloc | change | +| amdgpu_va_range_query | change | +| fd_ringbuffer_emit_reloc_ring | remove | +| fd_ringmarker_del | remove | +| fd_ringmarker_dwords | remove | +| fd_ringmarker_flush | remove | +| fd_ringmarker_mark | remove | +| fd_ringmarker_new | remove | +| fd_ringbuffer_new_flags | add | +| fd_ringbuffer_ref | add | +| fd_bo_cpu_fini | change | + +## libell + +For details, see [libell](./LTS_to_SP2_changed_abi_detail/libell_all_result.md\) + +| function | type | +|:---- |:-- | +| l_fswatch_destroy | remove | +| l_fswatch_new | remove | +| l_genl_family_can_dump | remove | +| l_genl_family_can_send | remove | +| l_genl_family_get_version | remove | +| l_genl_family_has_group | remove | +| l_genl_family_ref | remove | +| l_genl_family_set_watches | remove | +| l_genl_family_unref | remove | +| l_genl_new_default | remove | +| l_genl_set_close_on_unref | remove | +| l_genl_set_unicast_handler | remove | +| l_pem_load_certificate | remove | +| l_aead_cipher_is_supported | add | +| l_cert_free | add | +| l_cert_get_der_data | add | +| l_cert_get_dn | add | +| l_cert_get_pubkey | add | +| l_cert_get_pubkey_type | add | +| l_cert_new_from_der | add | +| l_certchain_free | add | +| l_certchain_get_leaf | add | +| l_certchain_verify | add | +| l_certchain_walk_from_ca | add | +| l_certchain_walk_from_leaf | add | +| l_checksum_digest_length | add | +| l_cipher_is_supported | add | +| l_dbus_object_get_data | add | +| l_dhcp_client_set_debug | add | +| l_dhcp_lease_get_dns | add | +| l_dhcp_lease_get_domain_name | add | +| l_dir_watch_destroy | add | +| l_dir_watch_new | add | +| l_ecc_curve_get | add | +| l_ecc_curve_get_ike_group | add | +| l_ecc_curve_get_name | add | +| l_ecc_curve_get_order | add | +| l_ecc_curve_get_prime | add | +| l_ecc_curve_get_scalar_bytes | add | +| l_ecc_curve_get_supported_ike_groups | add | +| l_ecc_curve_get_supported_tls_groups | add | +| l_ecc_curve_get_tls_group | add | +| l_ecc_point_add | add | +| l_ecc_point_free | add | +| l_ecc_point_from_data | add | +| l_ecc_point_get_data | add | +| l_ecc_point_get_x | add | +| l_ecc_point_inverse | add | +| l_ecc_point_multiply | add | +| l_ecc_point_new | add | +| l_ecc_points_are_equal | add | +| l_ecc_scalar_add | add | +| l_ecc_scalar_free | add | +| l_ecc_scalar_get_data | add | +| l_ecc_scalar_legendre | add | +| l_ecc_scalar_multiply | add | +| l_ecc_scalar_new | add | +| l_ecc_scalar_new_random | add | +| l_ecc_scalar_sum_x | add | +| l_ecc_scalars_are_equal | add | +| l_ecdh_generate_key_pair | add | +| l_ecdh_generate_shared_secret | add | +| l_genl_add_family_watch | add | +| l_genl_add_unicast_watch | add | +| l_genl_discover_families | add | +| l_genl_family_free | add | +| l_genl_family_get_info | add | +| l_genl_family_info_can_dump | add | +| l_genl_family_info_can_send | add | +| l_genl_family_info_get_groups | add | +| l_genl_family_info_get_id | add | +| l_genl_family_info_get_name | add | +| l_genl_family_info_get_version | add | +| l_genl_family_info_has_group | add | +| l_genl_msg_get_extended_error | add | +| l_genl_msg_new_from_data | add | +| l_genl_msg_to_data | add | +| l_genl_remove_family_watch | add | +| l_genl_remove_unicast_watch | add | +| l_genl_request_family | add | +| l_getrandom_uint32 | add | +| l_gpio_chip_find_line_offset | add | +| l_gpio_chip_free | add | +| l_gpio_chip_get_label | add | +| l_gpio_chip_get_line_consumer | add | +| l_gpio_chip_get_line_label | add | +| l_gpio_chip_get_name | add | +| l_gpio_chip_get_num_lines | add | +| l_gpio_chip_new | add | +| l_gpio_chips_with_line_label | add | +| l_gpio_reader_free | add | +| l_gpio_reader_get | add | +| l_gpio_reader_new | add | +| l_gpio_writer_free | add | +| l_gpio_writer_new | add | +| l_gpio_writer_set | add | +| l_key_generate_dh_private | add | +| l_key_get_info | add | +| l_key_is_supported | add | +| l_key_validate_dh_payload | add | +| l_keyring_link | add | +| l_keyring_link_nested | add | +| l_keyring_unlink | add | +| l_keyring_unlink_nested | add | +| l_net_hostname_is_localhost | add | +| l_net_hostname_is_root | add | +| l_path_find | add | +| l_path_get_mtime | add | +| l_path_next | add | +| l_path_touch | add | +| l_pem_load_certificate_chain | add | +| l_pem_load_certificate_chain_from_data | add | +| l_pem_load_certificate_list | add | +| l_pem_load_certificate_list_from_data | add | +| l_pem_load_private_key_from_data | add | +| l_ringbuf_append | add | +| l_rtnl_ifaddr4_add | add | +| l_rtnl_ifaddr4_delete | add | +| l_rtnl_ifaddr4_dump | add | +| l_rtnl_ifaddr4_extract | add | +| l_rtnl_ifaddr6_add | add | +| l_rtnl_ifaddr6_delete | add | +| l_rtnl_ifaddr6_dump | add | +| l_rtnl_ifaddr6_extract | add | +| l_rtnl_route4_add_connected | add | +| l_rtnl_route4_add_gateway | add | +| l_rtnl_route4_dump | add | +| l_rtnl_route4_extract | add | +| l_rtnl_route6_add_gateway | add | +| l_rtnl_route6_delete_gateway | add | +| l_rtnl_route6_dump | add | +| l_rtnl_route6_extract | add | +| l_rtnl_set_linkmode_and_operstate | add | +| l_rtnl_set_mac | add | +| l_rtnl_set_powered | add | +| l_settings_get_embedded_groups | add | +| l_settings_get_embedded_value | add | +| l_settings_has_embedded_group | add | +| l_strv_append | add | +| l_strv_append_printf | add | +| l_strv_append_vprintf | add | +| l_strv_copy | add | +| l_strv_free | add | +| l_strv_new | add | +| l_time_now | add | +| l_timeout_set_callback | add | +| l_tls_prf_get_bytes | add | +| l_tls_set_debug | add | +| l_tls_set_domain_mask | add | +| l_tls_set_version_range | add | +| l_tls_start | add | +| l_uintset_find_unused | add | +| l_uintset_foreach | add | +| l_uintset_intersect | add | +| l_uintset_isempty | add | +| l_utf8_from_ucs2be | add | +| l_utf8_from_wchar | add | +| l_utf8_to_ucs2be | add | +| l_util_hexstring_upper | add | +| l_uuid_from_string | add | +| l_uuid_v4 | add | + +## libgusb + +For details, see [libgusb](./LTS_to_SP2_changed_abi_detail/libgusb_all_result.md\) + +| function | type | +|:---- |:-- | +| g_usb_interface_get_type | remove | +| g_usb_source_set_callback | remove | +| g_usb_device_get_spec | add | +| g_usb_endpoint_get_address | add | +| g_usb_endpoint_get_direction | add | +| g_usb_endpoint_get_extra | add | +| g_usb_endpoint_get_kind | add | +| g_usb_endpoint_get_maximum_packet_size | add | +| g_usb_endpoint_get_number | add | +| g_usb_endpoint_get_polling_interval | add | +| g_usb_endpoint_get_refresh | add | +| g_usb_endpoint_get_synch_address | add | +| g_usb_endpoint_get_type | add | +| g_usb_interface_get_endpoints | add | +| g_usb_version_string | add | +| g_usb_device_get_interface | change | + +## libical + +For details, see [libical](./LTS_to_SP2_changed_abi_detail/libical_all_result.md\) + +| function | type | +|:---- |:-- | +| icalproperty_get_datetime_with_component | add | +| icaltimezone_truncate_vtimezone | add | +| icalattach_new_from_data | change | +| i_cal_array_append | remove | +| i_cal_array_element_at | remove | +| i_cal_array_new | remove | +| i_cal_component_as_ical_string_r | remove | +| i_cal_component_new_clone | remove | +| i_cal_component_string_to_kind | remove | +| i_cal_datetimeperiod_type_get_period | remove | +| i_cal_datetimeperiod_type_get_time | remove | +| i_cal_datetimeperiod_type_get_type | remove | +| i_cal_datetimeperiod_type_set_period | remove | +| i_cal_datetimeperiod_type_set_time | remove | +| i_cal_duration_type_as_ical_string_r | remove | +| i_cal_duration_type_as_int | remove | +| i_cal_duration_type_bad_duration | remove | +| i_cal_duration_type_from_int | remove | +| i_cal_duration_type_from_string | remove | +| i_cal_duration_type_get_days | remove | +| i_cal_duration_type_get_hours | remove | +| i_cal_duration_type_get_minutes | remove | +| i_cal_duration_type_get_seconds | remove | +| i_cal_duration_type_get_type | remove | +| i_cal_duration_type_get_weeks | remove | +| i_cal_duration_type_is_bad_duration | remove | +| i_cal_duration_type_is_neg | remove | +| i_cal_duration_type_is_null_duration | remove | +| i_cal_duration_type_null_duration | remove | +| i_cal_duration_type_set_days | remove | +| i_cal_duration_type_set_hours | remove | +| i_cal_duration_type_set_is_neg | remove | +| i_cal_duration_type_set_minutes | remove | +| i_cal_duration_type_set_seconds | remove | +| i_cal_duration_type_set_weeks | remove | +| i_cal_enum_num_to_reqstat | remove | +| i_cal_enum_reqstat_code_r | remove | +| i_cal_enum_reqstat_desc | remove | +| i_cal_enum_reqstat_major | remove | +| i_cal_enum_reqstat_minor | remove | +| i_cal_geo_type_get_lat | remove | +| i_cal_geo_type_get_lon | remove | +| i_cal_geo_type_get_type | remove | +| i_cal_geo_type_new_default | remove | +| i_cal_geo_type_set_lat | remove | +| i_cal_geo_type_set_lon | remove | +| i_cal_langbind_access_array | remove | +| i_cal_langbind_free_array | remove | +| i_cal_langbind_get_first_component | remove | +| i_cal_langbind_get_first_parameter | remove | +| i_cal_langbind_get_first_property | remove | +| i_cal_langbind_get_next_component | remove | +| i_cal_langbind_get_next_parameter | remove | +| i_cal_langbind_get_next_property | remove | +| i_cal_langbind_new_array | remove | +| i_cal_langbind_property_eval_string_r | remove | +| i_cal_langbind_quote_as_ical_r | remove | +| i_cal_langbind_string_to_open_flag | remove | +| i_cal_parameter_as_ical_string_r | remove | +| i_cal_parameter_new_clone | remove | +| i_cal_parameter_string_to_kind | remove | +| i_cal_parser_set_gen_data | remove | +| i_cal_parser_string_line_generator | remove | +| i_cal_period_type_as_ical_string_r | remove | +| i_cal_period_type_from_string | remove | +| i_cal_period_type_get_duration | remove | +| i_cal_period_type_get_end | remove | +| i_cal_period_type_get_start | remove | +| i_cal_period_type_get_type | remove | +| i_cal_period_type_is_null_period | remove | +| i_cal_period_type_is_valid_period | remove | +| i_cal_period_type_null_period | remove | +| i_cal_period_type_set_duration | remove | +| i_cal_period_type_set_end | remove | +| i_cal_period_type_set_start | remove | +| i_cal_property_as_ical_string_r | remove | +| i_cal_property_enum_belongs_to_property | remove | +| i_cal_property_enum_to_string_r | remove | +| i_cal_property_get_parameter_as_string_r | remove | +| i_cal_property_get_property_name_r | remove | +| i_cal_property_get_value_as_string_r | remove | +| i_cal_property_new_clone | remove | +| i_cal_property_string_to_kind | remove | +| i_cal_property_string_to_method | remove | +| i_cal_property_string_to_status | remove | +| i_cal_property_value_kind_to_kind | remove | +| i_cal_recur_freq_to_string | remove | +| i_cal_recur_skip_to_string | remove | +| i_cal_recur_string_to_freq | remove | +| i_cal_recur_string_to_skip | remove | +| i_cal_recur_string_to_weekday | remove | +| i_cal_recur_weekday_to_string | remove | +| i_cal_recurrence_type_as_string_r | remove | +| i_cal_recurrence_type_clear | remove | +| i_cal_recurrence_type_day_day_of_week | remove | +| i_cal_recurrence_type_day_position | remove | +| i_cal_recurrence_type_from_string | remove | +| i_cal_recurrence_type_get_by_day | remove | +| i_cal_recurrence_type_get_by_hour | remove | +| i_cal_recurrence_type_get_by_minute | remove | +| i_cal_recurrence_type_get_by_month | remove | +| i_cal_recurrence_type_get_by_month_day | remove | +| i_cal_recurrence_type_get_by_second | remove | +| i_cal_recurrence_type_get_by_set_pos | remove | +| i_cal_recurrence_type_get_by_week_no | remove | +| i_cal_recurrence_type_get_by_year_day | remove | +| i_cal_recurrence_type_get_count | remove | +| i_cal_recurrence_type_get_freq | remove | +| i_cal_recurrence_type_get_interval | remove | +| i_cal_recurrence_type_get_type | remove | +| i_cal_recurrence_type_get_until | remove | +| i_cal_recurrence_type_get_week_start | remove | +| i_cal_recurrence_type_month_is_leap | remove | +| i_cal_recurrence_type_month_month | remove | +| i_cal_recurrence_type_rscale_is_supported | remove | +| i_cal_recurrence_type_rscale_supported_calendars | remove | +| i_cal_recurrence_type_set_by_day | remove | +| i_cal_recurrence_type_set_by_hour | remove | +| i_cal_recurrence_type_set_by_minute | remove | +| i_cal_recurrence_type_set_by_month | remove | +| i_cal_recurrence_type_set_by_month_day | remove | +| i_cal_recurrence_type_set_by_second | remove | +| i_cal_recurrence_type_set_by_set_pos | remove | +| i_cal_recurrence_type_set_by_week_no | remove | +| i_cal_recurrence_type_set_by_year_day | remove | +| i_cal_recurrence_type_set_count | remove | +| i_cal_recurrence_type_set_freq | remove | +| i_cal_recurrence_type_set_interval | remove | +| i_cal_recurrence_type_set_until | remove | +| i_cal_recurrence_type_set_week_start | remove | +| i_cal_reqstat_type_as_string_r | remove | +| i_cal_reqstat_type_from_string | remove | +| i_cal_reqstat_type_get_code | remove | +| i_cal_reqstat_type_get_debug | remove | +| i_cal_reqstat_type_get_desc | remove | +| i_cal_reqstat_type_get_type | remove | +| i_cal_reqstat_type_set_code | remove | +| i_cal_time_as_ical_string_r | remove | +| i_cal_time_current_time_with_zone | remove | +| i_cal_time_from_day_of_year | remove | +| i_cal_time_from_string | remove | +| i_cal_time_from_timet_with_zone | remove | +| i_cal_time_null_date | remove | +| i_cal_time_null_time | remove | +| i_cal_time_span_is_busy | remove | +| i_cal_time_tiemzone_expand_vtimezone | remove | +| i_cal_time_today | remove | +| i_cal_timetype_get_day | remove | +| i_cal_timetype_get_hour | remove | +| i_cal_timetype_get_minute | remove | +| i_cal_timetype_get_month | remove | +| i_cal_timetype_get_second | remove | +| i_cal_timetype_get_type | remove | +| i_cal_timetype_get_year | remove | +| i_cal_timetype_get_zone | remove | +| i_cal_timetype_is_date | remove | +| i_cal_timetype_is_daylight | remove | +| i_cal_timetype_is_utc | remove | +| i_cal_timetype_new | remove | +| i_cal_timetype_set_day | remove | +| i_cal_timetype_set_hour | remove | +| i_cal_timetype_set_is_date | remove | +| i_cal_timetype_set_is_daylight | remove | +| i_cal_timetype_set_minute | remove | +| i_cal_timetype_set_month | remove | +| i_cal_timetype_set_second | remove | +| i_cal_timetype_set_year | remove | +| i_cal_timezone_convert_time | remove | +| i_cal_timezone_phase_get_comment | remove | +| i_cal_timezone_phase_get_dtstart | remove | +| i_cal_timezone_phase_get_offsetto | remove | +| i_cal_timezone_phase_get_rdate | remove | +| i_cal_timezone_phase_get_rrule | remove | +| i_cal_timezone_phase_get_type | remove | +| i_cal_timezone_phase_get_tzname | remove | +| i_cal_timezone_phase_get_tzoffsetfrom | remove | +| i_cal_timezone_phase_is_stdandard | remove | +| i_cal_timezone_phase_set_dtstart | remove | +| i_cal_timezone_phase_set_is_stdandard | remove | +| i_cal_timezone_phase_set_offsetto | remove | +| i_cal_timezone_phase_set_rdate | remove | +| i_cal_timezone_phase_set_tzoffsetfrom | remove | +| i_cal_timezonetype_get_last_mod | remove | +| i_cal_timezonetype_get_type | remove | +| i_cal_timezonetype_get_tzid | remove | +| i_cal_timezonetype_get_tzurl | remove | +| i_cal_timezonetype_set_last_mod | remove | +| i_cal_trigger_type_from_int | remove | +| i_cal_trigger_type_from_string | remove | +| i_cal_trigger_type_get_duration | remove | +| i_cal_trigger_type_get_time | remove | +| i_cal_trigger_type_get_type | remove | +| i_cal_trigger_type_is_bad_trigger | remove | +| i_cal_trigger_type_is_null_trigger | remove | +| i_cal_trigger_type_set_duration | remove | +| i_cal_trigger_type_set_time | remove | +| i_cal_value_as_ical_string_r | remove | +| i_cal_value_new_clone | remove | +| i_cal_value_string_to_kind | remove | +| i_cal_attach_new_from_bytes | add | +| i_cal_component_as_ical_string | add | +| i_cal_component_clone | add | +| i_cal_component_foreach_recurrence | add | +| i_cal_component_get_parent | add | +| i_cal_component_kind_from_string | add | +| i_cal_component_set_parent | add | +| i_cal_component_take_component | add | +| i_cal_component_take_property | add | +| i_cal_datetimeperiod_get_period | add | +| i_cal_datetimeperiod_get_time | add | +| i_cal_datetimeperiod_get_type | add | +| i_cal_datetimeperiod_new | add | +| i_cal_datetimeperiod_set_period | add | +| i_cal_datetimeperiod_set_time | add | +| i_cal_duration_as_ical_string | add | +| i_cal_duration_as_int | add | +| i_cal_duration_get_days | add | +| i_cal_duration_get_hours | add | +| i_cal_duration_get_minutes | add | +| i_cal_duration_get_seconds | add | +| i_cal_duration_get_type | add | +| i_cal_duration_get_weeks | add | +| i_cal_duration_is_bad_duration | add | +| i_cal_duration_is_neg | add | +| i_cal_duration_is_null_duration | add | +| i_cal_duration_new_bad_duration | add | +| i_cal_duration_new_from_int | add | +| i_cal_duration_new_from_string | add | +| i_cal_duration_new_null_duration | add | +| i_cal_duration_set_days | add | +| i_cal_duration_set_hours | add | +| i_cal_duration_set_is_neg | add | +| i_cal_duration_set_minutes | add | +| i_cal_duration_set_seconds | add | +| i_cal_duration_set_weeks | add | +| i_cal_geo_clone | add | +| i_cal_geo_get_lat | add | +| i_cal_geo_get_lon | add | +| i_cal_geo_get_type | add | +| i_cal_geo_new | add | +| i_cal_geo_set_lat | add | +| i_cal_geo_set_lon | add | +| i_cal_object_free_global_objects | add | +| i_cal_parameter_as_ical_string | add | +| i_cal_parameter_clone | add | +| i_cal_parameter_kind_from_string | add | +| i_cal_period_as_ical_string | add | +| i_cal_period_get_duration | add | +| i_cal_period_get_end | add | +| i_cal_period_get_start | add | +| i_cal_period_get_type | add | +| i_cal_period_is_null_period | add | +| i_cal_period_is_valid_period | add | +| i_cal_period_new_from_string | add | +| i_cal_period_new_null_period | add | +| i_cal_period_set_duration | add | +| i_cal_period_set_end | add | +| i_cal_period_set_start | add | +| i_cal_property_as_ical_string | add | +| i_cal_property_clone | add | +| i_cal_property_enum_to_string | add | +| i_cal_property_get_color | add | +| i_cal_property_get_datetime_with_component | add | +| i_cal_property_get_parameter_as_string | add | +| i_cal_property_get_property_name | add | +| i_cal_property_get_value_as_string | add | +| i_cal_property_kind_from_string | add | +| i_cal_property_kind_has_property | add | +| i_cal_property_method_from_string | add | +| i_cal_property_new_color | add | +| i_cal_property_set_color | add | +| i_cal_property_status_from_string | add | +| i_cal_property_take_parameter | add | +| i_cal_property_take_value | add | +| i_cal_recurrence_clear | add | +| i_cal_recurrence_day_day_of_week | add | +| i_cal_recurrence_day_position | add | +| i_cal_recurrence_frequency_from_string | add | +| i_cal_recurrence_frequency_to_string | add | +| i_cal_recurrence_get_by_day | add | +| i_cal_recurrence_get_by_day_array | add | +| i_cal_recurrence_get_by_hour | add | +| i_cal_recurrence_get_by_hour_array | add | +| i_cal_recurrence_get_by_minute | add | +| i_cal_recurrence_get_by_minute_array | add | +| i_cal_recurrence_get_by_month | add | +| i_cal_recurrence_get_by_month_array | add | +| i_cal_recurrence_get_by_month_day | add | +| i_cal_recurrence_get_by_month_day_array | add | +| i_cal_recurrence_get_by_second | add | +| i_cal_recurrence_get_by_second_array | add | +| i_cal_recurrence_get_by_set_pos | add | +| i_cal_recurrence_get_by_set_pos_array | add | +| i_cal_recurrence_get_by_week_no | add | +| i_cal_recurrence_get_by_week_no_array | add | +| i_cal_recurrence_get_by_year_day | add | +| i_cal_recurrence_get_by_year_day_array | add | +| i_cal_recurrence_get_count | add | +| i_cal_recurrence_get_freq | add | +| i_cal_recurrence_get_interval | add | +| i_cal_recurrence_get_type | add | +| i_cal_recurrence_get_until | add | +| i_cal_recurrence_get_week_start | add | +| i_cal_recurrence_month_is_leap | add | +| i_cal_recurrence_month_month | add | +| i_cal_recurrence_new | add | +| i_cal_recurrence_new_from_string | add | +| i_cal_recurrence_rscale_is_supported | add | +| i_cal_recurrence_rscale_supported_calendars | add | +| i_cal_recurrence_set_by_day | add | +| i_cal_recurrence_set_by_day_array | add | +| i_cal_recurrence_set_by_hour | add | +| i_cal_recurrence_set_by_hour_array | add | +| i_cal_recurrence_set_by_minute | add | +| i_cal_recurrence_set_by_minute_array | add | +| i_cal_recurrence_set_by_month | add | +| i_cal_recurrence_set_by_month_array | add | +| i_cal_recurrence_set_by_month_day | add | +| i_cal_recurrence_set_by_month_day_array | add | +| i_cal_recurrence_set_by_second | add | +| i_cal_recurrence_set_by_second_array | add | +| i_cal_recurrence_set_by_set_pos | add | +| i_cal_recurrence_set_by_set_pos_array | add | +| i_cal_recurrence_set_by_week_no | add | +| i_cal_recurrence_set_by_week_no_array | add | +| i_cal_recurrence_set_by_year_day | add | +| i_cal_recurrence_set_by_year_day_array | add | +| i_cal_recurrence_set_count | add | +| i_cal_recurrence_set_freq | add | +| i_cal_recurrence_set_interval | add | +| i_cal_recurrence_set_until | add | +| i_cal_recurrence_set_week_start | add | +| i_cal_recurrence_skip_from_string | add | +| i_cal_recurrence_skip_to_string | add | +| i_cal_recurrence_to_string | add | +| i_cal_recurrence_weekday_from_string | add | +| i_cal_recurrence_weekday_to_string | add | +| i_cal_reqstat_get_code | add | +| i_cal_reqstat_get_debug | add | +| i_cal_reqstat_get_desc | add | +| i_cal_reqstat_get_type | add | +| i_cal_reqstat_new_from_string | add | +| i_cal_reqstat_set_code | add | +| i_cal_reqstat_to_string | add | +| i_cal_request_status_code | add | +| i_cal_request_status_desc | add | +| i_cal_request_status_from_num | add | +| i_cal_request_status_major | add | +| i_cal_request_status_minor | add | +| i_cal_time_as_ical_string | add | +| i_cal_time_clone | add | +| i_cal_time_convert_timezone | add | +| i_cal_time_convert_to_zone_inplace | add | +| i_cal_time_get_date | add | +| i_cal_time_get_day | add | +| i_cal_time_get_hour | add | +| i_cal_time_get_minute | add | +| i_cal_time_get_month | add | +| i_cal_time_get_second | add | +| i_cal_time_get_time | add | +| i_cal_time_get_type | add | +| i_cal_time_get_year | add | +| i_cal_time_is_daylight | add | +| i_cal_time_new | add | +| i_cal_time_new_current_with_zone | add | +| i_cal_time_new_from_day_of_year | add | +| i_cal_time_new_from_string | add | +| i_cal_time_new_from_timet_with_zone | add | +| i_cal_time_new_null_date | add | +| i_cal_time_new_today | add | +| i_cal_time_normalize_inplace | add | +| i_cal_time_set_date | add | +| i_cal_time_set_day | add | +| i_cal_time_set_hour | add | +| i_cal_time_set_is_date | add | +| i_cal_time_set_is_daylight | add | +| i_cal_time_set_minute | add | +| i_cal_time_set_month | add | +| i_cal_time_set_second | add | +| i_cal_time_set_time | add | +| i_cal_time_set_year | add | +| i_cal_time_span_clone | add | +| i_cal_time_span_get_is_busy | add | +| i_cal_time_span_new_timet | add | +| i_cal_time_timezone_expand_vtimezone | add | +| i_cal_trigger_get_duration | add | +| i_cal_trigger_get_time | add | +| i_cal_trigger_get_type | add | +| i_cal_trigger_is_bad_trigger | add | +| i_cal_trigger_is_null_trigger | add | +| i_cal_trigger_new_from_int | add | +| i_cal_trigger_new_from_string | add | +| i_cal_trigger_set_duration | add | +| i_cal_trigger_set_time | add | +| i_cal_value_as_ical_string | add | +| i_cal_value_clone | add | +| i_cal_value_kind_from_string | add | +| i_cal_value_kind_to_property_kind | add | +| i_cal_attach_get_data | change | +| i_cal_component_get_dtend | change | +| i_cal_component_get_dtstamp | change | +| i_cal_component_get_dtstart | change | +| i_cal_component_get_due | change | +| i_cal_component_get_duration | change | +| i_cal_component_get_recurrenceid | change | +| i_cal_component_set_dtend | change | +| i_cal_component_set_dtstamp | change | +| i_cal_component_set_dtstart | change | +| i_cal_component_set_due | change | +| i_cal_component_set_duration | change | +| i_cal_component_set_recurrenceid | change | +| i_cal_object_construct | change | +| i_cal_parser_get_line | change | +| i_cal_parser_parse | change | +| i_cal_property_get_acknowledged | change | +| i_cal_property_get_completed | change | +| i_cal_property_get_created | change | +| i_cal_property_get_datemax | change | +| i_cal_property_get_datemin | change | +| i_cal_property_get_dtend | change | +| i_cal_property_get_dtstamp | change | +| i_cal_property_get_dtstart | change | +| i_cal_property_get_due | change | +| i_cal_property_get_duration | change | +| i_cal_property_get_estimatedduration | change | +| i_cal_property_get_exdate | change | +| i_cal_property_get_exrule | change | +| i_cal_property_get_freebusy | change | +| i_cal_property_get_geo | change | +| i_cal_property_get_lastmodified | change | +| i_cal_property_get_maxdate | change | +| i_cal_property_get_mindate | change | +| i_cal_property_get_rdate | change | +| i_cal_property_get_recurrenceid | change | +| i_cal_property_get_requeststatus | change | +| i_cal_property_get_rrule | change | +| i_cal_property_get_trigger | change | +| i_cal_property_get_tzuntil | change | +| i_cal_property_new_acknowledged | change | +| i_cal_property_new_completed | change | +| i_cal_property_new_created | change | +| i_cal_property_new_datemax | change | +| i_cal_property_new_datemin | change | +| i_cal_property_new_dtend | change | +| i_cal_property_new_dtstamp | change | +| i_cal_property_new_dtstart | change | +| i_cal_property_new_due | change | +| i_cal_property_new_duration | change | +| i_cal_property_new_estimatedduration | change | +| i_cal_property_new_exdate | change | +| i_cal_property_new_exrule | change | +| i_cal_property_new_freebusy | change | +| i_cal_property_new_geo | change | +| i_cal_property_new_lastmodified | change | +| i_cal_property_new_maxdate | change | +| i_cal_property_new_mindate | change | +| i_cal_property_new_rdate | change | +| i_cal_property_new_recurrenceid | change | +| i_cal_property_new_requeststatus | change | +| i_cal_property_new_rrule | change | +| i_cal_property_new_trigger | change | +| i_cal_property_new_tzuntil | change | +| i_cal_property_set_acknowledged | change | +| i_cal_property_set_completed | change | +| i_cal_property_set_created | change | +| i_cal_property_set_datemax | change | +| i_cal_property_set_datemin | change | +| i_cal_property_set_dtend | change | +| i_cal_property_set_dtstamp | change | +| i_cal_property_set_dtstart | change | +| i_cal_property_set_due | change | +| i_cal_property_set_duration | change | +| i_cal_property_set_estimatedduration | change | +| i_cal_property_set_exdate | change | +| i_cal_property_set_exrule | change | +| i_cal_property_set_freebusy | change | +| i_cal_property_set_geo | change | +| i_cal_property_set_lastmodified | change | +| i_cal_property_set_maxdate | change | +| i_cal_property_set_mindate | change | +| i_cal_property_set_rdate | change | +| i_cal_property_set_recurrenceid | change | +| i_cal_property_set_requeststatus | change | +| i_cal_property_set_rrule | change | +| i_cal_property_set_trigger | change | +| i_cal_property_set_tzuntil | change | +| i_cal_recur_iterator_new | change | +| i_cal_recur_iterator_next | change | +| i_cal_recur_iterator_set_start | change | +| i_cal_time_add | change | +| i_cal_time_adjust | change | +| i_cal_time_as_timet | change | +| i_cal_time_compare | change | +| i_cal_time_compare_date_only | change | +| i_cal_time_compare_date_only_tz | change | +| i_cal_time_convert_to_zone | change | +| i_cal_time_day_of_week | change | +| i_cal_time_day_of_year | change | +| i_cal_time_normalize | change | +| i_cal_time_span_new | change | +| i_cal_time_start_doy_week | change | +| i_cal_time_subtract | change | +| i_cal_time_week_number | change | +| i_cal_timezone_get_utc_offset | change | +| i_cal_timezone_get_utc_offset_of_utc_time | change | +| i_cal_value_get_date | change | +| i_cal_value_get_datetime | change | +| i_cal_value_get_datetimedate | change | +| i_cal_value_get_datetimeperiod | change | +| i_cal_value_get_duration | change | +| i_cal_value_get_geo | change | +| i_cal_value_get_period | change | +| i_cal_value_get_recur | change | +| i_cal_value_get_requeststatus | change | +| i_cal_value_get_trigger | change | +| i_cal_value_new_date | change | +| i_cal_value_new_datetime | change | +| i_cal_value_new_datetimedate | change | +| i_cal_value_new_datetimeperiod | change | +| i_cal_value_new_duration | change | +| i_cal_value_new_geo | change | +| i_cal_value_new_period | change | +| i_cal_value_new_recur | change | +| i_cal_value_new_requeststatus | change | +| i_cal_value_new_trigger | change | +| i_cal_value_set_date | change | +| i_cal_value_set_datetime | change | +| i_cal_value_set_datetimedate | change | +| i_cal_value_set_datetimeperiod | change | +| i_cal_value_set_duration | change | +| i_cal_value_set_geo | change | +| i_cal_value_set_period | change | +| i_cal_value_set_recur | change | +| i_cal_value_set_requeststatus | change | +| i_cal_value_set_trigger | change | + +## libid3tag + +For details, see [libid3tag](./LTS_to_SP2_changed_abi_detail/libid3tag_all_result.md\) + +| function | type | +|:---- |:-- | +| id3_compat_fixup | add | +| id3_compat_lookup | add | +| id3_frametype_lookup | change | + +## libiscsi + +For details, see [libiscsi](./LTS_to_SP2_changed_abi_detail/libiscsi_all_result.md\) + +| function | type | +|:---- |:-- | +| iscsi_extended_copy_sync | add | +| iscsi_extended_copy_task | add | +| iscsi_receive_copy_results_sync | add | +| iscsi_receive_copy_results_task | add | +| iscsi_compareandwrite_iov_sync | change | + +## libksba + +For details, see [libksba](./LTS_to_SP2_changed_abi_detail/libksba_all_result.md\) + +| function | type | +|:---- |:-- | +| ksba_der_add_bts | add | +| ksba_der_add_der | add | +| ksba_der_add_end | add | +| ksba_der_add_int | add | +| ksba_der_add_oid | add | +| ksba_der_add_ptr | add | +| ksba_der_add_tag | add | +| ksba_der_add_val | add | +| ksba_der_builder_get | add | +| ksba_der_builder_new | add | +| ksba_der_builder_reset | add | +| ksba_der_release | add | +| _ksba_keyinfo_from_sexp | change | + +## libmpc + +For details, see [libmpc](./LTS_to_SP2_changed_abi_detail/libmpc_all_result.md\) + +| function | type | +|:---- |:-- | +| mpc_dot | add | +| mpc_sum | add | + +## libnet + +For details, see [libnet](./LTS_to_SP2_changed_abi_detail/libnet_all_result.md\) + +| function | type | +|:---- |:-- | +| __libnet_print_vers | remove | +| libnet_build_ospfv2_hello_neighbor | add | +| libnet_adv_cull_header | change | + +## libpsl + +For details, see [libpsl](./LTS_to_SP2_changed_abi_detail/libpsl_all_result.md\) + +| function | type | +|:---- |:-- | +| psl_builtin | change | +| psl_free | change | +| psl_is_cookie_domain_acceptable | change | +| psl_is_public_suffix | change | +| psl_is_public_suffix2 | change | +| psl_latest | change | +| psl_load_file | change | +| psl_load_fp | change | +| psl_suffix_count | change | +| psl_suffix_exception_count | change | +| psl_suffix_wildcard_count | change | + +## librepo + +For details, see [librepo](./LTS_to_SP2_changed_abi_detail/librepo_all_result.md\) + +| function | type | +|:---- |:-- | +| ensure_socket_dir_exists | add | + +## libsecret + +For details, see [libsecret](./LTS_to_SP2_changed_abi_detail/libsecret_all_result.md\) + +| function | type | +|:---- |:-- | +| secret_backend_flags_get_type | add | +| secret_backend_get | add | +| secret_backend_get_finish | add | +| secret_backend_get_type | add | +| secret_file_backend_get_type | add | +| secret_file_collection_clear | add | +| secret_file_collection_get_type | add | +| secret_file_collection_replace | add | +| secret_file_collection_search | add | +| secret_file_collection_write | add | +| secret_file_collection_write_finish | add | +| secret_file_item_deserialize | add | +| secret_file_item_get_type | add | +| secret_file_item_serialize | add | +| secret_password_lookup_binary_finish | add | +| secret_password_lookup_binary_sync | add | +| secret_password_lookupv_binary_sync | add | +| secret_password_search | add | +| secret_password_search_finish | add | +| secret_password_search_sync | add | +| secret_password_searchv | add | +| secret_password_searchv_sync | add | +| secret_password_store_binary | add | +| secret_password_store_binary_sync | add | +| secret_password_storev_binary | add | +| secret_password_storev_binary_sync | add | +| secret_retrievable_get_attributes | add | +| secret_retrievable_get_created | add | +| secret_retrievable_get_label | add | +| secret_retrievable_get_modified | add | +| secret_retrievable_get_type | add | +| secret_retrievable_retrieve_secret | add | +| secret_retrievable_retrieve_secret_finish | add | +| secret_retrievable_retrieve_secret_sync | add | +| secret_value_unref_to_password | add | + +## libvma + +For details, see [libvma](./LTS_to_SP2_changed_abi_detail/libvma_all_result.md\) + +| function | type | +|:---- |:-- | +| Floyd_LogCircleInfo | change | +| buffer_pool::find_lkey_by_ib_ctx_thread_safe | change | +| cq_mgr::add_qp_rx | change | +| sockinfo_tcp::accept_clone | change | +| vma_ib_mlx5dv_init_obj | change | + +## libwebsockets + +For details, see [libwebsockets](./LTS_to_SP2_changed_abi_detail/libwebsockets_all_result.md\) + +| function | type | +|:---- |:-- | +| interface_to_sa | remove | +| lws_alloc_vfs_file | remove | +| lws_client_connect | remove | +| lws_client_connect_extended | remove | +| lws_context_destroy2 | remove | +| lws_context_init_extensions | remove | +| lws_context_init_server_ssl | remove | +| lws_ext_parse_options | remove | +| lws_extension_callback_pm_deflate | remove | +| lws_plat_change_pollfd | remove | +| lws_plat_check_connection_error | remove | +| lws_plat_context_early_destroy | remove | +| lws_plat_context_early_init | remove | +| lws_plat_context_late_destroy | remove | +| lws_plat_delete_socket_from_fds | remove | +| lws_plat_drop_app_privileges | remove | +| lws_plat_inet_ntop | remove | +| lws_plat_inet_pton | remove | +| lws_plat_init | remove | +| lws_plat_insert_socket_into_fds | remove | +| lws_plat_service | remove | +| lws_plat_service_periodic | remove | +| lws_plat_set_socket_options | remove | +| lws_poll_listen_fd | remove | +| lws_read | remove | +| lws_server_get_canonical_hostname | remove | +| lws_server_socket_service | remove | +| lws_server_socket_service_ssl | remove | +| lws_set_parent_carries_io | remove | +| lws_ssl_capable_read | remove | +| lws_ssl_capable_read_no_ssl | remove | +| lws_ssl_capable_write | remove | +| lws_ssl_capable_write_no_ssl | remove | +| lws_ssl_close | remove | +| lws_ssl_destroy | remove | +| lws_ssl_pending | remove | +| lws_ssl_pending_no_ssl | remove | +| lws_union_transition | remove | +| lws_vhost_get | remove | +| __lws_sul_insert | add | +| __lws_sul_service_ripe | add | +| __lws_system_attach | add | +| lejp_change_callback | add | +| lejp_check_path_match | add | +| lejp_construct | add | +| lejp_destruct | add | +| lejp_error_to_string | add | +| lejp_get_wildcard | add | +| lejp_parse | add | +| lejp_parser_pop | add | +| lejp_parser_push | add | +| lws_add_http_common_headers | add | +| lws_adopt_descriptor_vhost_via_info | add | +| lws_b64_decode_state_init | add | +| lws_b64_decode_stateful | add | +| lws_b64_decode_string_len | add | +| lws_b64_encode_string_url | add | +| lws_base64_size | add | +| lws_buflist_append_segment | add | +| lws_buflist_describe | add | +| lws_buflist_destroy_all_segments | add | +| lws_buflist_linear_copy | add | +| lws_buflist_next_segment_len | add | +| lws_buflist_total_len | add | +| lws_buflist_use_segment | add | +| lws_callback_vhost_protocols_vhost | add | +| lws_client_http_multipart | add | +| lws_cmdline_option | add | +| lws_cmdline_option_handle_builtin | add | +| lws_create_adopt_udp | add | +| lws_dir | add | +| lws_diskcache_create | add | +| lws_diskcache_destroy | add | +| lws_diskcache_finalize_name | add | +| lws_diskcache_prepare | add | +| lws_diskcache_query | add | +| lws_diskcache_secs_to_idle | add | +| lws_diskcache_trim | add | +| lws_dll2_add_before | add | +| lws_dll2_add_head | add | +| lws_dll2_add_sorted | add | +| lws_dll2_add_tail | add | +| lws_dll2_clear | add | +| lws_dll2_foreach_safe | add | +| lws_dll2_owner_clear | add | +| lws_dll2_remove | add | +| lws_explicit_bzero | add | +| lws_filename_purify_inplace | add | +| lws_finalize_write_http_header | add | +| lws_fts_close | add | +| lws_fts_create | add | +| lws_fts_destroy | add | +| lws_fts_file_index | add | +| lws_fts_fill | add | +| lws_fts_open | add | +| lws_fts_search | add | +| lws_fts_serialize | add | +| lws_genaes_create | add | +| lws_genaes_crypt | add | +| lws_genaes_destroy | add | +| lws_gencrypto_bits_to_bytes | add | +| lws_gencrypto_jwe_alg_to_definition | add | +| lws_gencrypto_jwe_enc_to_definition | add | +| lws_gencrypto_jws_alg_to_definition | add | +| lws_gencrypto_padded_length | add | +| lws_genec_destroy | add | +| lws_genec_destroy_elements | add | +| lws_genec_dump | add | +| lws_genecdh_compute_shared_secret | add | +| lws_genecdh_create | add | +| lws_genecdh_new_keypair | add | +| lws_genecdh_set_key | add | +| lws_genecdsa_create | add | +| lws_genecdsa_hash_sig_verify_jws | add | +| lws_genecdsa_hash_sign_jws | add | +| lws_genecdsa_new_keypair | add | +| lws_genecdsa_set_key | add | +| lws_genhmac_destroy | add | +| lws_genhmac_init | add | +| lws_genhmac_size | add | +| lws_genhmac_update | add | +| lws_genrsa_create | add | +| lws_genrsa_destroy | add | +| lws_genrsa_destroy_elements | add | +| lws_genrsa_hash_sig_verify | add | +| lws_genrsa_hash_sign | add | +| lws_genrsa_new_keypair | add | +| lws_genrsa_private_decrypt | add | +| lws_genrsa_private_encrypt | add | +| lws_genrsa_public_decrypt | add | +| lws_genrsa_public_encrypt | add | +| lws_get_effective_uid_gid | add | +| lws_get_opaque_user_data | add | +| lws_get_peer_simple_fd | add | +| lws_get_tsi | add | +| lws_get_udp | add | +| lws_get_vhost_by_name | add | +| lws_get_vhost_iface | add | +| lws_get_vhost_listen_port | add | +| lws_get_vhost_name | add | +| lws_get_vhost_port | add | +| lws_get_vhost_user | add | +| lws_h2_client_stream_long_poll_rxonly | add | +| lws_h2_get_peer_txcredit_estimate | add | +| lws_h2_update_peer_txcredit | add | +| lws_hdr_custom_copy | add | +| lws_hdr_custom_length | add | +| lws_hex_to_byte_array | add | +| lws_http_basic_auth_gen | add | +| lws_http_compression_apply | add | +| lws_http_get_uri_and_method | add | +| lws_http_headers_detach | add | +| lws_http_is_redirected_to_get | add | +| lws_http_mark_sse | add | +| lws_humanize | add | +| lws_jose_destroy | add | +| lws_jose_init | add | +| lws_json_purify_len | add | +| lws_jwa_concat_kdf | add | +| lws_jwe_auth_and_decrypt | add | +| lws_jwe_auth_and_decrypt_cbc_hs | add | +| lws_jwe_be64 | add | +| lws_jwe_create_packet | add | +| lws_jwe_destroy | add | +| lws_jwe_encrypt | add | +| lws_jwe_init | add | +| lws_jwe_json_parse | add | +| lws_jwe_parse_jose | add | +| lws_jwe_render_compact | add | +| lws_jwe_render_flattened | add | +| lws_jwk_destroy | add | +| lws_jwk_dump | add | +| lws_jwk_dup_oct | add | +| lws_jwk_export | add | +| lws_jwk_generate | add | +| lws_jwk_import | add | +| lws_jwk_load | add | +| lws_jwk_rfc7638_fingerprint | add | +| lws_jwk_save | add | +| lws_jwk_strdup_meta | add | +| lws_jws_alloc_element | add | +| lws_jws_b64_compact_map | add | +| lws_jws_base64_enc | add | +| lws_jws_compact_decode | add | +| lws_jws_compact_encode | add | +| lws_jws_destroy | add | +| lws_jws_dup_element | add | +| lws_jws_encode_b64_element | add | +| lws_jws_encode_section | add | +| lws_jws_init | add | +| lws_jws_parse_jose | add | +| lws_jws_randomize_element | add | +| lws_jws_sig_confirm | add | +| lws_jws_sig_confirm_compact | add | +| lws_jws_sig_confirm_compact_b64 | add | +| lws_jws_sig_confirm_compact_b64_map | add | +| lws_jws_sig_confirm_json | add | +| lws_jws_sign_from_b64 | add | +| lws_jws_write_compact | add | +| lws_jws_write_flattened_json | add | +| lws_list_ptr_insert | add | +| lws_now_usecs | add | +| lws_open | add | +| lws_parse_numeric_address | add | +| lws_plat_read_file | add | +| lws_plat_recommended_rsa_bits | add | +| lws_plat_write_cert | add | +| lws_plat_write_file | add | +| lws_pvo_get_str | add | +| lws_pvo_search | add | +| lws_raw_transaction_completed | add | +| lws_retry_get_delay_ms | add | +| lws_retry_sul_schedule | add | +| lws_retry_sul_schedule_retry_wsi | add | +| lws_ring_dump | add | +| lws_sa46_compare_ads | add | +| lws_sa46_parse_numeric_address | add | +| lws_sa46_write_numeric_address | add | +| lws_seq_check_wsi | add | +| lws_seq_create | add | +| lws_seq_destroy | add | +| lws_seq_from_user | add | +| lws_seq_get_context | add | +| lws_seq_name | add | +| lws_seq_queue_event | add | +| lws_seq_timeout_us | add | +| lws_seq_us_since_creation | add | +| lws_ser_ru16be | add | +| lws_ser_ru32be | add | +| lws_ser_ru64be | add | +| lws_ser_wu16be | add | +| lws_ser_wu32be | add | +| lws_ser_wu64be | add | +| lws_set_opaque_user_data | add | +| lws_set_socks | add | +| lws_set_timer_usecs | add | +| lws_spa_create_via_info | add | +| lws_state_reg_deregister | add | +| lws_state_reg_notifier | add | +| lws_state_reg_notifier_list | add | +| lws_state_transition | add | +| lws_state_transition_steps | add | +| lws_strexp_expand | add | +| lws_strexp_init | add | +| lws_strexp_reset_out | add | +| lws_strncpy | add | +| lws_sul_schedule | add | +| lws_system_blob_destroy | add | +| lws_system_blob_direct_set | add | +| lws_system_blob_get | add | +| lws_system_blob_get_single_ptr | add | +| lws_system_blob_get_size | add | +| lws_system_blob_heap_append | add | +| lws_system_blob_heap_empty | add | +| lws_system_context_from_system_mgr | add | +| lws_system_get_blob | add | +| lws_system_get_ops | add | +| lws_system_get_state_manager | add | +| lws_threadpool_create | add | +| lws_threadpool_dequeue | add | +| lws_threadpool_destroy | add | +| lws_threadpool_dump | add | +| lws_threadpool_enqueue | add | +| lws_threadpool_finish | add | +| lws_threadpool_task_status_wsi | add | +| lws_threadpool_task_sync | add | +| lws_timed_callback_vh_protocol | add | +| lws_timed_callback_vh_protocol_us | add | +| lws_timingsafe_bcmp | add | +| lws_tls_acme_sni_cert_create | add | +| lws_tls_acme_sni_csr_create | add | +| lws_tls_cert_updated | add | +| lws_tls_client_vhost_extra_cert_mem | add | +| lws_tls_peer_cert_info | add | +| lws_tls_vhost_cert_info | add | +| lws_tokenize | add | +| lws_tokenize_cstr | add | +| lws_tokenize_init | add | +| lws_validity_confirmed | add | +| lws_vbi_decode | add | +| lws_vbi_encode | add | +| lws_write_numeric_address | add | +| lws_wsi_tx_credit | add | +| lws_x509_create | add | +| lws_x509_destroy | add | +| lws_x509_info | add | +| lws_x509_jwk_privkey_pem | add | +| lws_x509_parse_from_pem | add | +| lws_x509_public_to_jwk | add | +| lws_x509_verify | add | +| lwsac_align | add | +| lwsac_cached_file | add | +| lwsac_detach | add | +| lwsac_extend | add | +| lwsac_free | add | +| lwsac_get_next | add | +| lwsac_get_tail_pos | add | +| lwsac_info | add | +| lwsac_reference | add | +| lwsac_scan_extant | add | +| lwsac_sizeof | add | +| lwsac_total_alloc | add | +| lwsac_total_overhead | add | +| lwsac_unreference | add | +| lwsac_use | add | +| lwsac_use_backfill | add | +| lwsac_use_cached_file_detach | add | +| lwsac_use_cached_file_end | add | +| lwsac_use_cached_file_start | add | +| lwsac_use_zero | add | +| lwsl_emit_stderr_notimestamp | add | +| lwsws_get_config_globals | add | +| lwsws_get_config_vhosts | add | +| _lws_plat_service_tsi | change | +| lws_add_http_header_by_token | change | +| lws_adopt_descriptor_vhost | change | +| lws_chunked_html_process | change | +| lws_client_connect_via_info | change | +| lws_client_reset | change | +| lws_create_context | change | +| lws_create_vhost | change | +| lws_genhash_init | change | +| lws_genhash_size | change | +| lws_get_peer_simple | change | +| lws_get_peer_write_allowance | change | +| lws_get_random | change | +| lws_hdr_copy | change | +| lws_init_vhost_client_ssl | change | +| lws_ring_bump_head | change | +| lws_set_timeout | change | +| lws_spa_create | change | +| lws_token_to_string | change | + +## libxslt + +For details, see [libxslt](./LTS_to_SP2_changed_abi_detail/libxslt_all_result.md\) + +| function | type | +|:---- |:-- | +| exsltDateXpathCtxtRegister | change | +| xsltCompMatchClearCache | add | +| xsltParseStylesheetUser | add | +| xslAddCall | change | +| xsltApplyImports | change | +| xsltApplyTemplates | change | +| xsltAttribute | change | +| xsltCallTemplate | change | +| xsltChoose | change | +| xsltComment | change | +| xsltCopy | change | +| xsltCopyOf | change | +| xsltDebug | change | +| xsltDocumentElem | change | +| xsltElement | change | +| xsltForEach | change | +| xsltIf | change | +| xsltNumber | change | +| xsltProcessingInstruction | change | +| xsltSort | change | +| xsltText | change | +| xsltValueOf | change | +| xsltXPathFunctionLookup | change | + +## lm_sensors + +For details, see [lm_sensors](./LTS_to_SP2_changed_abi_detail/lm_sensors_all_result.md\) + +| function | type | +|:---- |:-- | +| None | None | + +## nftables + +For details, see [nftables](./LTS_to_SP2_changed_abi_detail/nftables_all_result.md\) + +| function | type | +|:---- |:-- | +| __memory_allocation_error | remove | +| __netlink_abi_error | remove | +| __netlink_init_error | remove | +| __stmt_binary_error | remove | +| alloc_nft_expr | remove | +| alloc_nftnl_chain | remove | +| alloc_nftnl_rule | remove | +| alloc_nftnl_set | remove | +| alloc_nftnl_table | remove | +| binop_expr_alloc | remove | +| bitmask_expr_to_binops | remove | +| cache_flush | remove | +| cache_release | remove | +| cache_update | remove | +| chain_add_hash | remove | +| chain_alloc | remove | +| chain_free | remove | +| chain_get | remove | +| chain_hookname_lookup | remove | +| chain_lookup | remove | +| chain_policy2str | remove | +| chain_print_plain | remove | +| chain_type_name_lookup | remove | +| cmd_alloc | remove | +| cmd_alloc_obj_ct | remove | +| cmd_evaluate | remove | +| cmd_free | remove | +| compound_expr_add | remove | +| compound_expr_alloc | remove | +| compound_expr_remove | remove | +| concat_expr_alloc | remove | +| concat_type_alloc | remove | +| concat_type_destroy | remove | +| connlimit_stmt_alloc | remove | +| constant_expr_alloc | remove | +| constant_expr_join | remove | +| constant_expr_splice | remove | +| counter_stmt_alloc | remove | +| ct_dir2str | remove | +| ct_expr_alloc | remove | +| ct_expr_update_type | remove | +| ct_label2str | remove | +| ct_label_table_exit | remove | +| ct_label_table_init | remove | +| ct_stmt_alloc | remove | +| data_unit_parse | remove | +| datatype_lookup | remove | +| datatype_lookup_byname | remove | +| datatype_print | remove | +| devgroup_table_exit | remove | +| devgroup_table_init | remove | +| do_command | remove | +| dup_stmt_alloc | remove | +| erec_add_location | remove | +| erec_create | remove | +| erec_destroy | remove | +| erec_print | remove | +| erec_print_list | remove | +| erec_vcreate | remove | +| expr_alloc | remove | +| expr_basetype | remove | +| expr_binary_error | remove | +| expr_clone | remove | +| expr_cmp | remove | +| expr_describe | remove | +| expr_free | remove | +| expr_get | remove | +| expr_print | remove | +| expr_set_type | remove | +| expr_stmt_alloc | remove | +| exthdr_dependency_kill | remove | +| exthdr_expr_alloc | remove | +| exthdr_find_proto | remove | +| exthdr_find_template | remove | +| exthdr_gen_dependency | remove | +| exthdr_init_raw | remove | +| exthdr_stmt_alloc | remove | +| family2str | remove | +| fib_expr_alloc | remove | +| fib_result_str | remove | +| flag_expr_alloc | remove | +| flow_offload_stmt_alloc | remove | +| flowtable_add_hash | remove | +| flowtable_alloc | remove | +| flowtable_free | remove | +| flowtable_get | remove | +| flowtable_print | remove | +| fwd_stmt_alloc | remove | +| get_rate | remove | +| get_set_decompose | remove | +| get_set_intervals | remove | +| get_unit | remove | +| gmp_init | remove | +| handle_free | remove | +| handle_merge | remove | +| hash_expr_alloc | remove | +| hooknum2str | remove | +| iface_cache_release | remove | +| iface_cache_update | remove | +| interval_map_decompose | remove | +| limit_stmt_alloc | remove | +| list_expr_alloc | remove | +| list_expr_sort | remove | +| log_level | remove | +| log_level_parse | remove | +| log_stmt_alloc | remove | +| map_expr_alloc | remove | +| map_stmt_alloc | remove | +| mapping_expr_alloc | remove | +| mark_table_exit | remove | +| mark_table_init | remove | +| markup_alloc | remove | +| markup_free | remove | +| meta_expr_alloc | remove | +| meta_key_parse | remove | +| meta_stmt_alloc | remove | +| meta_stmt_meta_iiftype | remove | +| meter_stmt_alloc | remove | +| mnl_batch_begin | remove | +| mnl_batch_end | remove | +| mnl_batch_init | remove | +| mnl_batch_ready | remove | +| mnl_batch_reset | remove | +| mnl_batch_talk | remove | +| mnl_err_list_free | remove | +| mnl_genid_get | remove | +| mnl_nft_chain_batch_add | remove | +| mnl_nft_chain_batch_del | remove | +| mnl_nft_chain_dump | remove | +| mnl_nft_event_listener | remove | +| mnl_nft_flowtable_batch_add | remove | +| mnl_nft_flowtable_batch_del | remove | +| mnl_nft_flowtable_dump | remove | +| mnl_nft_obj_batch_add | remove | +| mnl_nft_obj_batch_del | remove | +| mnl_nft_obj_dump | remove | +| mnl_nft_rule_batch_add | remove | +| mnl_nft_rule_batch_del | remove | +| mnl_nft_rule_batch_replace | remove | +| mnl_nft_rule_dump | remove | +| mnl_nft_ruleset_dump | remove | +| mnl_nft_set_batch_add | remove | +| mnl_nft_set_batch_del | remove | +| mnl_nft_set_dump | remove | +| mnl_nft_setelem_batch_add | remove | +| mnl_nft_setelem_batch_del | remove | +| mnl_nft_setelem_batch_flush | remove | +| mnl_nft_setelem_get | remove | +| mnl_nft_setelem_get_one | remove | +| mnl_nft_table_batch_add | remove | +| mnl_nft_table_batch_del | remove | +| mnl_nft_table_dump | remove | +| mnl_seqnum_alloc | remove | +| monitor_alloc | remove | +| monitor_free | remove | +| mpz_bitmask | remove | +| mpz_export_data | remove | +| mpz_get_be16 | remove | +| mpz_get_be32 | remove | +| mpz_get_uint16 | remove | +| mpz_get_uint32 | remove | +| mpz_get_uint64 | remove | +| mpz_get_uint8 | remove | +| mpz_import_data | remove | +| mpz_init_bitmask | remove | +| mpz_lshift_ui | remove | +| mpz_prefixmask | remove | +| mpz_rshift_ui | remove | +| mpz_switch_byteorder | remove | +| must_print_eq_op | remove | +| nat_etype2str | remove | +| nat_stmt_alloc | remove | +| netlink_add_chain_batch | remove | +| netlink_add_flowtable | remove | +| netlink_add_obj | remove | +| netlink_add_rule_batch | remove | +| netlink_add_set_batch | remove | +| netlink_add_setelems_batch | remove | +| netlink_add_table_batch | remove | +| netlink_alloc_data | remove | +| netlink_alloc_value | remove | +| netlink_batch_send | remove | +| netlink_close_sock | remove | +| netlink_del_rule_batch | remove | +| netlink_delete_chain_batch | remove | +| netlink_delete_flowtable | remove | +| netlink_delete_obj | remove | +| netlink_delete_set_batch | remove | +| netlink_delete_setelems_batch | remove | +| netlink_delete_table_batch | remove | +| netlink_delinearize_chain | remove | +| netlink_delinearize_obj | remove | +| netlink_delinearize_rule | remove | +| netlink_delinearize_set | remove | +| netlink_delinearize_setelem | remove | +| netlink_delinearize_table | remove | +| netlink_dump_chain | remove | +| netlink_dump_expr | remove | +| netlink_dump_obj | remove | +| netlink_dump_rule | remove | +| netlink_dump_ruleset | remove | +| netlink_dump_set | remove | +| netlink_echo_callback | remove | +| netlink_events_trace_cb | remove | +| netlink_flush_chain | remove | +| netlink_flush_setelems | remove | +| netlink_gen_data | remove | +| netlink_gen_raw_data | remove | +| netlink_genid_get | remove | +| netlink_get_setelem | remove | +| netlink_io_error | remove | +| netlink_linearize_rule | remove | +| netlink_list_chains | remove | +| netlink_list_flowtables | remove | +| netlink_list_objs | remove | +| netlink_list_setelems | remove | +| netlink_list_sets | remove | +| netlink_list_table | remove | +| netlink_list_tables | remove | +| netlink_markup_parse_cb | remove | +| netlink_monitor | remove | +| netlink_open_sock | remove | +| netlink_parse_set_expr | remove | +| netlink_rename_chain_batch | remove | +| netlink_replace_rule_batch | remove | +| netlink_reset_objs | remove | +| netlink_restart | remove | +| nft__create_buffer | remove | +| nft__delete_buffer | remove | +| nft__flush_buffer | remove | +| nft__scan_buffer | remove | +| nft__scan_bytes | remove | +| nft__scan_string | remove | +| nft__switch_to_buffer | remove | +| nft_alloc | remove | +| nft_cmd_expand | remove | +| nft_ctx_output_get_echo | remove | +| nft_ctx_output_get_handle | remove | +| nft_ctx_output_get_ip2name | remove | +| nft_ctx_output_get_json | remove | +| nft_ctx_output_get_numeric | remove | +| nft_ctx_output_get_stateless | remove | +| nft_ctx_output_set_echo | remove | +| nft_ctx_output_set_handle | remove | +| nft_ctx_output_set_ip2name | remove | +| nft_ctx_output_set_json | remove | +| nft_ctx_output_set_numeric | remove | +| nft_ctx_output_set_stateless | remove | +| nft_free | remove | +| nft_get_column | remove | +| nft_get_debug | remove | +| nft_get_extra | remove | +| nft_get_in | remove | +| nft_get_leng | remove | +| nft_get_lineno | remove | +| nft_get_lloc | remove | +| nft_get_lval | remove | +| nft_get_out | remove | +| nft_get_text | remove | +| nft_gmp_print | remove | +| nft_if_indextoname | remove | +| nft_if_nametoindex | remove | +| nft_lex | remove | +| nft_lex_destroy | remove | +| nft_lex_init | remove | +| nft_lex_init_extra | remove | +| nft_parse | remove | +| nft_pop_buffer_state | remove | +| nft_print | remove | +| nft_push_buffer_state | remove | +| nft_realloc | remove | +| nft_restart | remove | +| nft_set_column | remove | +| nft_set_debug | remove | +| nft_set_extra | remove | +| nft_set_in | remove | +| nft_set_lineno | remove | +| nft_set_lloc | remove | +| nft_set_lval | remove | +| nft_set_out | remove | +| notrack_stmt_alloc | remove | +| numgen_expr_alloc | remove | +| obj_add_hash | remove | +| obj_alloc | remove | +| obj_free | remove | +| obj_get | remove | +| obj_lookup | remove | +| obj_print | remove | +| obj_print_plain | remove | +| obj_type_name | remove | +| obj_type_to_cmd | remove | +| objref_stmt_alloc | remove | +| objref_type_name | remove | +| parser_init | remove | +| payload_can_merge | remove | +| payload_dependency_exists | remove | +| payload_dependency_kill | remove | +| payload_dependency_release | remove | +| payload_dependency_reset | remove | +| payload_dependency_store | remove | +| payload_expr_alloc | remove | +| payload_expr_complete | remove | +| payload_expr_expand | remove | +| payload_expr_join | remove | +| payload_expr_trim | remove | +| payload_gen_dependency | remove | +| payload_hdr_field | remove | +| payload_init_raw | remove | +| payload_is_known | remove | +| payload_is_stacked | remove | +| payload_stmt_alloc | remove | +| prefix_expr_alloc | remove | +| proto_ctx_init | remove | +| proto_ctx_update | remove | +| proto_dev_desc | remove | +| proto_dev_type | remove | +| proto_find_num | remove | +| proto_find_upper | remove | +| queue_stmt_alloc | remove | +| quota_stmt_alloc | remove | +| range_expr_alloc | remove | +| range_expr_value_high | remove | +| range_expr_value_low | remove | +| rate_parse | remove | +| rb_erase | remove | +| rb_first | remove | +| rb_insert_color | remove | +| rb_last | remove | +| rb_next | remove | +| rb_prev | remove | +| rb_replace_node | remove | +| realm_table_meta_exit | remove | +| realm_table_meta_init | remove | +| realm_table_rt_exit | remove | +| realm_table_rt_init | remove | +| reject_stmt_alloc | remove | +| relational_expr_alloc | remove | +| relational_expr_pctx_update | remove | +| rt_expr_alloc | remove | +| rt_expr_update_type | remove | +| rt_symbol_table_free | remove | +| rt_symbol_table_init | remove | +| rule_alloc | remove | +| rule_free | remove | +| rule_get | remove | +| rule_lookup | remove | +| rule_postprocess | remove | +| rule_print | remove | +| scanner_destroy | remove | +| scanner_include_file | remove | +| scanner_init | remove | +| scanner_push_buffer | remove | +| scanner_read_file | remove | +| scope_init | remove | +| scope_release | remove | +| set_add_hash | remove | +| set_alloc | remove | +| set_clone | remove | +| set_datatype_alloc | remove | +| set_datatype_destroy | remove | +| set_elem_expr_alloc | remove | +| set_expr_alloc | remove | +| set_free | remove | +| set_get | remove | +| set_lookup | remove | +| set_lookup_global | remove | +| set_policy2str | remove | +| set_print | remove | +| set_print_plain | remove | +| set_ref_expr_alloc | remove | +| set_stmt_alloc | remove | +| set_to_intervals | remove | +| socket_expr_alloc | remove | +| stmt_alloc | remove | +| stmt_evaluate | remove | +| stmt_free | remove | +| stmt_list_free | remove | +| stmt_print | remove | +| symbol_bind | remove | +| symbol_expr_alloc | remove | +| symbol_get | remove | +| symbol_lookup | remove | +| symbol_parse | remove | +| symbol_table_print | remove | +| symbol_unbind | remove | +| symbolic_constant_parse | remove | +| symbolic_constant_print | remove | +| table_add_hash | remove | +| table_alloc | remove | +| table_free | remove | +| table_get | remove | +| table_lookup | remove | +| tcpopt_expr_alloc | remove | +| tcpopt_find_template | remove | +| tcpopt_init_raw | remove | +| time_parse | remove | +| time_print | remove | +| unary_expr_alloc | remove | +| variable_expr_alloc | remove | +| verdict_expr_alloc | remove | +| verdict_stmt_alloc | remove | +| xfree | remove | +| xmalloc | remove | +| xmalloc_array | remove | +| xrealloc | remove | +| xstrdup | remove | +| xstrunescape | remove | +| xt_stmt_alloc | remove | +| xzalloc | remove | +| nft_ctx_output_get_flags | add | +| nft_ctx_output_set_flags | add | +| nft_ctx_add_include_path | change | +| nft_run_cmd_from_buffer | change | + +## openhpi + +For details, see [openhpi](./LTS_to_SP2_changed_abi_detail/openhpi_all_result.md\) + +| function | type | +|:---- |:-- | +| curlerr_to_ov_rest_err | change | + +## OpenIPMI + +For details, see [OpenIPMI](./LTS_to_SP2_changed_abi_detail/OpenIPMI_all_result.md\) + +| function | type | +|:---- |:-- | +| sel_select_intr_sigmask | add | +| sel_setup_forked_process | add | +| sel_select_intr_sigmask | add | +| sel_setup_forked_process | add | +| ipmbserv_handle_data | add | +| ipmbserv_init | add | +| ipmbserv_read_config | add | +| chan_init | change | +| debug_log_raw_msg | change | +| handle_asf | change | +| ra_setup | change | + +## openldap + +For details, see [openldap](./LTS_to_SP2_changed_abi_detail/openldap_all_result.md\) + +| function | type | +|:---- |:-- | +| ldap_abandon | change | +| ldap_int_initialize_global_options | change | +| ldap_int_sasl_config | change | +| ldap_int_tls_destroy | change | +| ldap_abandon | change | +| ldap_int_initialize_global_options | change | +| ldap_int_sasl_config | change | +| ldap_int_tls_destroy | change | + +## pam + +For details, see [pam](./LTS_to_SP2_changed_abi_detail/pam_all_result.md\) + +| function | type | +|:---- |:-- | +| pam_modutil_check_user_in_passwd | add | +| pam_modutil_search_key | add | +| pam_start_confdir | add | +| pam_acct_mgmt | change | +| pam_sm_authenticate | add | +| pam_sm_setcred | add | + +## pkgconf + +For details, see [pkgconf](./LTS_to_SP2_changed_abi_detail/pkgconf_all_result.md\) + +| function | type | +|:---- |:-- | +| pkgconf_client_dir_list_build | change | + +## plymouth + +For details, see [plymouth](./LTS_to_SP2_changed_abi_detail/plymouth_all_result.md\) + +| function | type | +|:---- |:-- | +| ply_text_progress_bar_get_percent_done | remove | +| ply_text_progress_bar_set_percent_done | remove | +| ply_text_step_bar_get_percent_done | remove | +| ply_text_step_bar_set_percent_done | remove | +| ply_text_progress_bar_get_fraction_done | add | +| ply_text_progress_bar_set_fraction_done | add | +| ply_text_step_bar_get_fraction_done | add | +| ply_text_step_bar_set_fraction_done | add | +| ply_renderer_backend_get_interface | change | +| ply_progress_animation_get_percent_done | remove | +| ply_progress_animation_set_percent_done | remove | +| ply_progress_bar_get_percent_done | remove | +| ply_progress_bar_set_percent_done | remove | +| ply_progress_animation_get_fraction_done | add | +| ply_progress_animation_set_fraction_done | add | +| ply_progress_bar_get_fraction_done | add | +| ply_progress_bar_set_fraction_done | add | +| ply_boot_splash_plugin_get_interface | change | + +## readline + +For details, see [readline](./LTS_to_SP2_changed_abi_detail/readline_all_result.md\) + +| function | type | +|:---- |:-- | +| _hs_history_patsearch | add | +| remove_history_range | add | + +## rhash + +For details, see [rhash](./LTS_to_SP2_changed_abi_detail/rhash_all_result.md\) + +| function | type | +|:---- |:-- | +| rhash_torrent_add_file | change | +| rhash_torrent_get_default_piece_length | change | +| rhash_transmit | change | + +## subversion + +For details, see [subversion](./LTS_to_SP2_changed_abi_detail/subversion_all_result.md\) + +| function | type | +|:---- |:-- | +| svn_repos__dump_magic_header_record | add | +| svn_repos__dump_uuid_header_record | add | +| svn_repos__get_dump_editor | add | +| svn_repos_authz_parse2 | add | +| svn_repos_authz_read4 | add | +| svn_authz__parse | change | +| svn_client__copy_foreign | remove | +| svn_client_shelf_get_paths | remove | +| svn_client_shelf_has_changes | remove | +| svn_client_shelve | remove | +| svn_client_shelves_any | remove | +| svn_client_shelves_delete | remove | +| svn_client_shelves_list | remove | +| svn_client_unshelve | remove | +| svn_client__condense_commit_items2 | add | +| svn_client__get_diff_writer_svn | add | +| svn_client__layout_list | add | +| svn_client__repos_to_wc_copy_by_editor | add | +| svn_client__repos_to_wc_copy_internal | add | +| svn_client__shelf_apply | add | +| svn_client__shelf_close | add | +| svn_client__shelf_delete | add | +| svn_client__shelf_delete_newer_versions | add | +| svn_client__shelf_diff | add | +| svn_client__shelf_get_all_versions | add | +| svn_client__shelf_get_log_message | add | +| svn_client__shelf_get_newest_version | add | +| svn_client__shelf_list | add | +| svn_client__shelf_mods_editor | add | +| svn_client__shelf_open_existing | add | +| svn_client__shelf_open_or_create | add | +| svn_client__shelf_paths_changed | add | +| svn_client__shelf_replay | add | +| svn_client__shelf_revprop_get | add | +| svn_client__shelf_revprop_list | add | +| svn_client__shelf_revprop_set | add | +| svn_client__shelf_revprop_set_all | add | +| svn_client__shelf_save_new_version3 | add | +| svn_client__shelf_set_log_message | add | +| svn_client__shelf_test_apply_file | add | +| svn_client__shelf_unapply | add | +| svn_client__shelf_version_open | add | +| svn_client__shelf_version_status_walk | add | +| svn_client__wc_copy_mods | add | +| svn_client__wc_editor | add | +| svn_client__wc_editor_internal | add | +| svn_client__wc_replay | add | +| svn_client_blame6 | add | +| svn_client_conflict_option_get_moved_to_abspath_candidates2 | add | +| svn_client_conflict_option_get_moved_to_repos_relpath_candidates2 | add | +| svn_client_conflict_option_set_moved_to_abspath2 | add | +| svn_client_conflict_option_set_moved_to_repos_relpath2 | add | +| svn_client_diff7 | add | +| svn_client_diff_peg7 | add | +| svn_client_revert4 | add | +| svn_client__arbitrary_nodes_diff | change | +| svn_diff_hunk__create_adds_single_line | change | +| svn_relpath__internal_style | remove | +| svn_dirent_canonicalize_safe | add | +| svn_dirent_internal_style_safe | add | +| svn_opt_get_canonical_subcommand3 | add | +| svn_opt_get_option_from_code3 | add | +| svn_opt_print_generic_help3 | add | +| svn_opt_print_help5 | add | +| svn_opt_subcommand_help4 | add | +| svn_opt_subcommand_takes_option4 | add | +| svn_relpath__make_internal | add | +| svn_relpath_canonicalize_safe | add | +| svn_uri_canonicalize_safe | add | +| svn_delta_path_driver3 | add | +| svn_delta_path_driver_finish | add | +| svn_delta_path_driver_start | add | +| svn_delta_path_driver_step | add | +| svn_element__tree_set | change | +| svn_wc__find_repos_node_in_wc | remove | +| svn_wc__get_shelves_dir | remove | +| svn_wc__db_find_copies_of_repos_path | add | +| svn_wc__db_find_repos_node_in_wc | add | +| svn_wc__db_find_working_nodes_with_basename | add | +| svn_wc__find_copies_of_repos_path | add | +| svn_wc__find_working_nodes_with_basename | add | +| svn_wc__get_experimental_dir | add | +| svn_wc_revert6 | add | +| svn_wc__conflict_read_tree_conflict | change | +| svn_wc__conflict_skel_add_tree_conflict | change | +| svn_wc__diff7 | change | + +## tcl + +For details, see [tcl](./LTS_to_SP2_changed_abi_detail/tcl_all_result.md\) + +| function | type | +|:---- |:-- | +| TclOODefineMixinObjCmd | remove | +| TclSkipUnlink | remove | +| Tcl_EncodingObjCmd | remove | +| TclpUnloadFile | remove | +| TclBN_mp_balance_mul | add | +| TclBN_mp_expt_d_ex | add | +| TclBN_mp_set_ull | add | +| TclBN_mp_signed_rsh | add | +| TclBN_mp_to_radix | add | +| TclBN_mp_to_ubin | add | +| TclAddLiteralObj | change | +| TclBN_mp_unsigned_bin_size | change | + +## xorg-x11-server + +For details, see [xorg-x11-server](./LTS_to_SP2_changed_abi_detail/xorg-x11-server_all_result.md\) + +| function | type | +|:---- |:-- | +| glamor_clear_pixmap | add | +| glamor_egl_get_driver_name | add | + +## zstd + +For details, see [zstd](./LTS_to_SP2_changed_abi_detail/zstd_all_result.md\) + +| function | type | +|:---- |:-- | +| ZSTDMT_compressCCtx | remove | +| ZSTDMT_compressStream | remove | +| ZSTDMT_compressStream_generic | remove | +| ZSTDMT_compress_advanced | remove | +| ZSTDMT_createCCtx | remove | +| ZSTDMT_createCCtx_advanced | remove | +| ZSTDMT_endStream | remove | +| ZSTDMT_flushStream | remove | +| ZSTDMT_freeCCtx | remove | +| ZSTDMT_getMTCtxParameter | remove | +| ZSTDMT_initCStream | remove | +| ZSTDMT_initCStream_advanced | remove | +| ZSTDMT_initCStream_usingCDict | remove | +| ZSTDMT_resetCStream | remove | +| ZSTDMT_setMTCtxParameter | remove | +| ZSTDMT_sizeof_CCtx | remove | +| ZSTD_CCtxParam_getParameter | remove | +| ZSTD_CCtxParam_setParameter | remove | +| ZSTD_CCtx_resetParameters | remove | +| ZSTD_compress_generic | remove | +| ZSTD_compress_generic_simpleArgs | remove | +| ZSTD_decompress_generic | remove | +| ZSTD_decompress_generic_simpleArgs | remove | +| ZSTD_setDStreamParameter | remove | + diff --git a/docs/en/docs/Releasenotes/introduction.md b/docs/en/docs/Releasenotes/introduction.md index 7dca4bb25e938f9a2034a7469be9f1125c5a1bf2..ebb4fbe2ee796f546aa66a4575afdc4a4fb6b54e 100644 --- a/docs/en/docs/Releasenotes/introduction.md +++ b/docs/en/docs/Releasenotes/introduction.md @@ -1,4 +1,4 @@ # Introduction -openEuler is an open-source operating system. The current openEuler kernel is based on Linux and supports Kunpeng and other processors. It fully unleashes the potential of computing chips. As an efficient, stable, and secure open-source OS built by global open-source contributors, openEuler applies to database, big data, cloud computing, and artificial intelligence \(AI\) scenarios. In addition, openEuler community is an open-source community for global OSs. Through community cooperation, openEuler builds an innovative platform, builds a unified and open OS that supports multiple processor architectures, and promotes the prosperity of the software and hardware application ecosystem. +openEuler is an open-source operating system. The current openEuler kernel is based on Linux and supports server, cloud computing, edge computing, embedded, and other application scenarios. openEuler is committed to providing a secure, stable, and easy-to-use operating system. As an efficient, stable, and secure open-source OS built by global open-source contributors, openEuler applies to database, big data, cloud computing, and artificial intelligence \(AI\) scenarios. In addition, openEuler community is an open-source community for global OSs. Through community cooperation, openEuler builds an innovative platform, builds a unified and open OS that supports multiple processor architectures, and promotes the prosperity of the software and hardware application ecosystem. diff --git a/docs/en/docs/Releasenotes/key-features.md b/docs/en/docs/Releasenotes/key-features.md index f85e47a3cc1ee274bb4c15256edc5e0e5e54db79..63102bfb0e82dc5c13267036e247e43f2e1e85bc 100644 --- a/docs/en/docs/Releasenotes/key-features.md +++ b/docs/en/docs/Releasenotes/key-features.md @@ -1,31 +1,86 @@ -# Key Features +# Key Features -- iSula lightweight container solution, unified IoT, and edge and cloud computing container solutions - - Shortens a trace chain by three levels, and the memory usage of hundreds of containers is significantly lower than that of the Docker engine. - - Supports standard open-source container runtime interface \(CRI\) and open container initiative \(OCI\) and flexibly interconnects with multiple OCI runtimes such as runC and Kata. - - Secure container: combines the virtualization technology and container technology to ensure better isolation of secure containers. - - System container: supports local file system startup to implement quick deployment, and supports systemd deployment to improve user namespace isolation. +## Tiered Memory Expansion -- Kunpeng acceleration engine \(KAE\), supporting encryption and decryption acceleration - - Digest algorithm SM3, which supports asynchronous models. - - Symmetric encryption algorithm SM4, which supports asynchronous models and CTR, XTS, and CBC modes. - - Symmetric encryption algorithm AES, which supports asynchronous models and ECB, CTR, XTS, and CBC modes. - - Asymmetric algorithm RSA, which supports asynchronous models and key sizes 1024, 2048, 3072, and 4096. - - Key negotiation algorithm DH, which supports asynchronous models and key sizes 768, 1024, 1536, 2048, 3072, and 4096. +Today's memory manufacturing processes have nearly reached the peak of how advanced they are. The mature ARM ecosystem is making the cost per CPU core lower and lower. Databases, virtual machines (VMs), big data, artificial intelligence (AI), and deep learning call for increasingly higher computing power and memory capacities. Limited memory capacities have become a challenge for service growth. +Tiered memory expansion has proven itself as a solution for that challenge. DRAM and low-speed memory media, such as storage class memory (SCM), Apache Pass (AEP), and remote direct memory access (RDMA), form a multi-tier memory structure. Automatic memory scheduling redirects hot data to the DRAM high-speed memory area and cold data to the low-speed memory area. The tiered memory structure increases the memory capacity and ensures efficient and stable running of core services. This feature is ideal for applications that use a large number of memory cache and access models randomly. Tests show that it delivers 40% higher performance for MySQL than counterparts. The user-mode memory swapping mechanism is added for the user-mode storage framework and user requirements. +- **Process-level control**: Supports processes that use configuration files to expand the memory. Compared with the native LRU-based pageout kswap mechanism of Linux, it is more flexible and accurate. +- **Cold and hot tiering**: In user mode, a memory access scan can be performed for a designated process. You can select a cold and hot tiering policy configuration file to classify obtained memory access results into hot memory and cold memory. +- **Discarding policy**: The cold memory is discarded when it meets the conditions specified in the etMem configuration file and the system environment configuration. The discarding process uses the native kernel capability, which is secure and reliable and does not affect user experience. +- **Multi-media expansion support**: Multiple media, such as SCM, XL flash, and NVMe SSDs, can be used as the expanded memory. The cold or hot memory tiering solution is specified based on the access speed of the medium to expand the memory while reducing the performance loss. -- A-Tune intelligent system performance optimization engine, inferring service features and configuring optimal system parameters to ensure optimal service running -- Enhancing the performance of glibc, zlib, and gzip and fully using the NEON instruction set of AArch64 to improve the basic library performance -- Kernel feature enhancement - - Supports ARM64 kernel hot patches. - - Numa Aware Qspinlock: reduces cache/bus conflicts across NUMA nodes. - - Optimizes the IOVA page table lookup and release algorithms to improve the performance of the IOMMU subsystem. - - Optimizes the implementation of CRC32 and checksum based on ARM64 instructions and pipeline features, greatly improving data verification performance. - - Supports ARM v8.4 Memory System Resource Partitioning and Monitoring \(MPAM\). -- virtualization feature enhancement - - Interruption virtualization optimization: The process for an IRQfd to inject an interrupt is optimized, greatly improving the performance of high-performance passthrough devices (sush as NICs and SSDs). - - Memory virtualization optimization: The Kunpeng hardware feature is used to improve the memory loading speed during VM startup. - - Storage virtualization optimization: NUMA affinity self-binding is optimized for the iSCSI module **kworker** to improve the I/O performance of IP SAN disks. +**Application scenario**: tiered memory expansion for service processes on a node. +Ideal for applications that use a large amount of memory but do not access the memory frequently, such as MySQL, Redis, and Nginx. All memory expansion operations are performed within a node and no cross-node operations are involved. +In a user-mode storage framework, the userswap function can enable user-mode storage as a swap device. +## KubeOS Container Operating System +Cloud native is the next step in the evolution of cloud computing. Kubernetes has become the foundation of cloud native software infrastructure. Major OS vendors have launched their OSs for cloud native scenarios, such as Red Hat Enterprise Linux CoreOS (RHCOS) and AWS Bottlerocket. These new OSs are deployed and managed in containers, delivering an O&M experience similar to service containers. +To adapt to the cloud native trend, openEuler launches KubeOS, a container OS that centrally manages cloud native cluster OSs in containers. KubeOS has the following features: +- OS containerization and Kubernetes interconnection for atomized lifecycle management +- Lightweight OS tailoring to reduce unnecessary packages for quicker upgrades and replacements + +**Application Scenario**: OS Management of containerized cloud service hosts based on Kubernetes, delivering a lifecycle management and O&M experience similar to container services. + +## eggo Kubernetes Deployment Tool + +eggo is a Kubernetes cluster deployment and management project of the openEuler cloud native special interest group (SIG). It provides efficient and stable cluster deployment capabilities. eggo supports multiple architectures for a single cluster as well as online and offline deployments. It incorporates GitOps to detect cluster configuration changes and enable unified and efficient deployment of cluster OSs. + +- **Version-based cluster configuration management**: Git repositories are used to store and track cluster configuration changes. +- **Configuration awareness**: GitOps detects cluster configuration changes in Git repositories, and then sends a cluster operation request to the deployment engine. +- **Deployment engine**: eggo delivers tasks to the service cluster. For example, it triggers tasks such as deploying the service cluster, destroying the service cluster, adding nodes, and deleting nodes. + +**Application Scenario**: x86 and ARM dual-plane cloud infrastructure. Based on the native Kubernetes cloud native framework, eggo implements unified cluster deployment, monitoring, and audit of OSs. + +## A-Ops + +A-Ops is an OS-oriented O&M platform that provides intelligent O&M solutions covering data collection, health check, fault diagnosis, and fault rectification. The A-Ops project includes the following sub-projects: fault detection (Gala), fault locating (X-diagnosis), and defect rectification (Apollo). + +- **Community hot patch pipeline** + + **Hot patch preparation**: The target version and patch file of the software package can be specified in the cold patch pull request (PR) to make a hot patch. + + **Hot patch release**: Hot patches to be released can be automatically collected based on hot patch issues, and then released by reusing the cold patch update release logic. + +- **Enhanced vulnerability management** + + **Intelligent patch inspection**: CVE inspection and notification for a single-node system or cluster, and one-click fix and rollback are supported. + + **Hot fixing**: Some CVEs can be fixed using hot patches, ensuring zero service interruption. + + **Patch service**: Cold and hot patch subscription allows patches to be acquired online. + +- **da-tool** + + da-tool is a latency analysis tool based on kprobe. It streamlines the configuration process of kprobe and displays the latency characteristics of traced functions. da-tool suppotrs: + + - Analysis of latency characteristics of UDP receiving and sending functions + + - Analysis of UDP-related process scheduling + +## OpenStack Train Support + +OpenStack Train is a simple, scalable, rich, and standard cloud management operating system. For details about more features, see OpenStack Train release notes. + +- **OpenStack Queens/Rocky Integration**, which enables IaaS solutions. +- **Enhanced block storage**. Advanced functions such as capacity expansion, snapshots, and VM image cloning are supported. +- **Container-based deployment and network capabilities**. Better integration with containers is achieved. +- **Extended services**. Extended services such as control panel management, bare metal server deployment, and cloud resource tracing are supported. +- **OpenStack Train**. Neutron port forwarding and Ironic DPU offload are added. For details about the patch, see . + +## Desktop Environment Support + +- Kiran desktop environment, developed by Kylinsec, is a stable, efficient, and easy-to-use desktop environment oriented towards user and market requirements. It consists of the desktop, taskbar, tray, control center, and window management components. + +## Compatibility List + +- [Northbound Compatibility List](https://www.openeuler.org/en/compatibility/) +- Intel Ice Lake supported. + +## Automatic Optimization for Software Package Downloads + +30 openEuler mirror sites are distributed across Asia, Europe, and North America. Software packages can be downloaded from the nearest mirror sites to improve the download speed. + +A metalink, whose value is the URL of the API provided by the metalink service, is configured in the DNF or Yum configuration file shipped with openEuler releases. When a user tries to download a software package, the DNF or Yum client sends a request to the metalink URL. The metalink service returns data in XML format that contains the addresses of nearest mirror sites. The DNF or Yum client then selects the optimal site from the addresses to download the software package, ensuring a fast download speed. diff --git a/docs/en/docs/Releasenotes/known-issues.md b/docs/en/docs/Releasenotes/known-issues.md index ac86061d133364bdc1b02d0c0eade760704a4927..4c795d9e4b78a584ee27040df26a6b4f970290bf 100644 --- a/docs/en/docs/Releasenotes/known-issues.md +++ b/docs/en/docs/Releasenotes/known-issues.md @@ -1,20 +1,6 @@ -# Known Issues +# Known Issues -- The FIPS boot mode of the kernel has not been fully authenticated. The FIPS boot may be abnormal. [I17Z18](https://gitee.com/src-openeuler/crypto-policies/issues/I17Z18?from=project-issue) -- When libvirt is used to start the GlusterFS VM, a 300-byte memory leak occurs each time. For details about the discussion, click [https://github.com/gluster/glusterfs/issues/818](https://github.com/gluster/glusterfs/issues/818). [I185CH](https://gitee.com/src-openeuler/glusterfs/issues/I185CH?from=project-issue) -- When the libvirt interface is used to continuously perform disk hot swap operations, there is a possibility that the hot remove interface returns a success message, but the disk is not removed and cannot be hot swapped again. You can stop the VM and then restart it. [I1C72L](https://gitee.com/src-openeuler/qemu/issues/I1C72L?from=project-issue) -- There is a low probability that an unknown installation exception occurs when the x86\_64 VM is used for installation. In this case, install the x86\_64 VM again. [I1C8HS](https://gitee.com/src-openeuler/anaconda/issues/I1C8HS?from=project-issue) -- CVE-2012-0039: When a local application calls the **g\_str\_hash** function, the application continuously consumes CPU resources, causing DoS attacks. This issue will not be resolved in the community. -- CVE-2015-9541: When Qt attempts to parse the abnormal SVG files which are constructed to launch exponential XML entity extension attacks, the memory may be insufficient. For details about the discussion, click [https://codereview.qt-project.org/c/qt/qtbase/+/293909](https://codereview.qt-project.org/c/qt/qtbase/+/293909). -- Before compiling some open-source packages, you need to install basic software such as GDB, GCC, and make. Otherwise, the compilation fails due to lack of dependency. -- AArch64 and x86\_64 have different definitions of the character type. As a result, an error is reported during the self-check using Coreutils, Augeas, and Diffutils. You can add the **--fsigned-char** compilation option to solve the problem. -- For 20.03 LTS, if you run the **rpm -Uvh XXX** command (XXX indicates the version, for example, mysql-8.0.21-1.oe1.aarch64.rpm) to upgrade mysql-8.0.17-3.oe1 to the latest version, the functions are unavailable after the upgrade. You can use either of the following methods to upgrade the version. The following uses the upgrade from mysql-8.0.17-3.oe1 to mysql-8.0.21-1.oe1 as an example: - - Method 1: Run the following upgrade command: - ``` - # rpm -Uvh mysql-8.0.21-1.oe1.aarch64.rpm --noscripts - ``` - - Method 2: Run the following commands to uninstall the MySQL of the earlier version and then install the MySQL of the new version: - ``` - # rpm -e mysql-8.0.17-3.oe1 - # rpm -ivh mysql-8.0.21-1.oe1.aarch64.rpm - ``` \ No newline at end of file +| ISSUE |Repository |Description | +|:--- |:---- |:--- | +| [I8D3YK](https://gitee.com/open_euler/dashboard?issue_id=I8D3YK) | src-openEuler/dtkcommon |[20.03-SP4-rc1] The version of the dtkcommon package is lower in 20.03-LTS-SP4-RC1 than 20.03-LTS-SP3 and 20.03-LTS-SP4-alpha. | +| [I8DBPV](https://gitee.com/open_euler/dashboard?issue_id=I8DBPV) | src-openEuler/hadoop |[20.03 LTS SP4 round1][arm\x86] nodejs-yarn conflicts with hadoop-yarn during installation. | diff --git a/docs/en/docs/Releasenotes/release_notes.md b/docs/en/docs/Releasenotes/release_notes.md index 2ddacc438016ed80eb04e163e1a17986ed0abb00..c064225b6a3f90bc128c821280f31a0a472fbe7c 100644 --- a/docs/en/docs/Releasenotes/release_notes.md +++ b/docs/en/docs/Releasenotes/release_notes.md @@ -1 +1 @@ -This document is the release notes for the openEuler 20.03 LTS release version. \ No newline at end of file +This document is the release notes for openEuler 20.03 LTS SP4. \ No newline at end of file diff --git a/docs/en/docs/Releasenotes/resolved-issues.md b/docs/en/docs/Releasenotes/resolved-issues.md index 5d2d7831aec011a3bc52381f88f5694db3097261..b32bb12f1abd0b020e810a92d40b25b9f9f3b735 100644 --- a/docs/en/docs/Releasenotes/resolved-issues.md +++ b/docs/en/docs/Releasenotes/resolved-issues.md @@ -1,75 +1,251 @@ -# Resolved Issues +# Resolved Issues -For details about the complete issue list, click [https://gitee.com/organizations/src-openeuler/issues](https://gitee.com/organizations/src-openeuler/issues). +For the complete issue list, see [Issues](https://gitee.com/organizations/src-openeuler/issues). -For details about the complete kernel submission records, click [https://gitee.com/openeuler/kernel/commits/openEuler-1.0-LTS](https://gitee.com/openeuler/kernel/commits/openEuler-1.0-LTS). +For the complete list kernel related commits, see [Commits](https://gitee.com/openeuler/kernel/commits/openEuler-22.03-LTS). -[Table 1](#table249714911433) lists the resolved issues. +For details about resolved issues, see [Table 1](#table2204014971491143). -**Table 1** Resolved issues - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Issue

-

Description

-

I1BJTF

-

[Kernel bug] The lscpu command on the ARM server cannot be used to display the CPU dominant frequency, and the CPU cache is incorrect.

-

I1BWPD

-

Failed to pull an image using the isula pull or curl pull command.

-

I1BV56

-

Delete redundant gpg sig file for shadow-4.6.

-

I1BV38

-

The unbuffer command is unavailable.

-

I1BA9B

-

The arping -w parameter is invalid.

-

I1AV3S

-

The oops error occurs when the latest LTP pty03 test case is executed.

-

I1AZ1I

-

500 scheduled tasks are started. After 4 to 5 minutes, the tasks cannot be processed and the system stops responding.

-

I1AH2C

-

The warning information captured when the Kata container fails to be started is insufficient for fault locating. More errors need to be printed.

-

I1AGXO

-

In kata-runtime remote mode, the kata-runtime kill is not called when the isula rm -f command is executed. As a result, residual data exists.

-

I1AF39

-

The soft lockup is found when the open function is triggered in the ext4 file system.

-

I1ADUD

-

Isulad breaks down when a pod is created using kubectl.

-
+**Table 1** Resolved issues +| Issue |Repository |Description | URL | +|-|-|-|-| +| I877SV | src-openEuler/libkae | [EulerMaker] libkae build problem in openEuler-20.03-LTS-SP4:everything | | +| I878C5 | src-openEuler/kae_driver | [EulerMaker] kae_driver build problem in openEuler-20.03-LTS-SP4:everything | | +| I878C8 | src-openEuler/eclipse | [EulerMaker] eclipse build problem in openEuler-20.03-LTS-SP4:everything | | +| I878C9 | src-openEuler/jss | [EulerMaker] jss build problem in openEuler-20.03-LTS-SP4:everything | | +| I878CD | src-openEuler/lldb | [EulerMaker] lldb build problem in openEuler-20.03-LTS-SP4:everything | | +| I878CG | src-openEuler/i40e | [EulerMaker] i40e build problem in openEuler-20.03-LTS-SP4:everything | | +| I878CH | src-openEuler/hadoop | [EulerMaker] hadoop build problem in openEuler-20.03-LTS-SP4:everything | | +| I878CK | src-openEuler/python-requests-ftp | [EulerMaker] python-requests-ftp build problem in openEuler-20.03-LTS-SP4:everything | | +| I878CM | src-openEuler/iavf | [EulerMaker] iavf build problem in openEuler-20.03-LTS-SP4:everything | | +| I87LPS | src-openEuler/perl-Mail-DKIM | [EulerMaker] perl-Mail-DKIM build problem in openEuler-20.03-LTS-SP4:everything | | +| I87LVG | src-openEuler/libguestfs | [EulerMaker] libguestfs build problem in openEuler-20.03-LTS-SP4:everything | | +| I87LVJ | src-openEuler/gnome-abrt | [EulerMaker] gnome-abrt build problem in openEuler-20.03-LTS-SP4:everything | | +| I87LVK | src-openEuler/ansible | [EulerMaker] ansible build problem in openEuler-20.03-LTS-SP4:everything | | +| I87LVL | src-openEuler/pylint | [EulerMaker] pylint build problem in openEuler-20.03-LTS-SP4:everything | | +| I87OFY | src-openEuler/openjdk-17 | [EulerMaker] openjdk-17 build problem in openEuler-20.03-LTS-SP4:everything | | +| I87OFZ | src-openEuler/openjdk-1.8.0 | [EulerMaker] openjdk-1.8.0 build problem in openEuler-20.03-LTS-SP4:everything | | +| I87OG0 | src-openEuler/openjdk-latest | [EulerMaker] openjdk-latest build problem in openEuler-20.03-LTS-SP4:everything | | +| I87W8R | src-openEuler/kata-containers | [EulerMaker] kata-containers build problem in openEuler-20.03-LTS-SP4:everything | | +| I87Y9P | src-openEuler/java-atk-wrapper | [EulerMaker] java-atk-wrapper build problem in openEuler-20.03-LTS-SP4:everything | | +| I87Y9Q | src-openEuler/prefetch_tuning | [EulerMaker] prefetch_tuning build problem in openEuler-20.03-LTS-SP4:everything | | +| I88ILD | src-openEuler/kata-containers | [EulerMaker] kata-containers build problem in openEuler-20.03-LTS-SP4:everything | | +| I88JJS | src-openEuler/libmypaint | [EulerMaker] libmypaint build problem in openEuler-20.03-LTS-SP4:everything | | +| I88JJT | src-openEuler/perl-XML-Simple | [EulerMaker] perl-XML-Simple build problem in openEuler-20.03-LTS-SP4:everything | | +| I88JJV | src-openEuler/perl-Config-General | [EulerMaker] perl-Config-General build problem in openEuler-20.03-LTS-SP4:everything | | +| I88JKT | src-openEuler/mate-session-manager | [EulerMaker] mate-session-manager build problem in openEuler-20.03-LTS-SP4:epol | | +| I88JKU | src-openEuler/ovirt-engine | [EulerMaker] ovirt-engine build problem in openEuler-20.03-LTS-SP4:epol | | +| I88JKW | src-openEuler/ukwm | [EulerMaker] ukwm build problem in openEuler-20.03-LTS-SP4:epol | | +| I88JKX | src-openEuler/pki-core | [EulerMaker] pki-core build problem in openEuler-20.03-LTS-SP4:epol | | +| I89MZB | src-openEuler/oemaker | The netinst image of the openEuler-20.03-LTS-SP4 branch fails to be created using oemaker. | | +| I8ACDW | src-openEuler/nodejs-istanbul | [EulerMaker] nodejs-istanbul build problem in openEuler-20.03-LTS-SP4:epol | | +| I8ACDZ | src-openEuler/nodejs-raw-body | [EulerMaker] nodejs-raw-body build problem in openEuler-20.03-LTS-SP4:epol | | +| I8ACE1 | src-openEuler/deepin-font-manager | [EulerMaker] deepin-font-manager build problem in openEuler-20.03-LTS-SP4:epol | | +| I8ACE3 | src-openEuler/ukwm | [EulerMaker] ukwm build problem in openEuler-20.03-LTS-SP4:epol | | +| I8ACE5 | src-openEuler/dtkwidget | [EulerMaker] dtkwidget build problem in openEuler-20.03-LTS-SP4:epol | | +| I8ATDE | src-openEuler/python-pluggy | [20.03-LTS-SP4]python-pluggy downgraded from 20.03-LTS-SP3 in 20.03-LTS-SP4 | | +| I8ATM8 | src-openEuler/docker | [20.03-LTS-SP4]Docker is downgraded from 20.03-LTS-SP3 in 20.03-LTS-SP4. | | +| I8ATSW | src-openEuler/lwip | [20.03-LTS-SP4]lwip is downgraded from 20.03-LTS-SP3 in 20.03-LTS-SP4. | | +| I8AU4T | src-openEuler/glib2 | [20.03-LTS-SP4]glib2 is downgraded from 20.03-LTS-SP3 in 20.03-LTS-SP4. | | +| I8AU8J | src-openEuler/shim | [20.03-LTS-SP4]shim downgraded from 20.03-LTS-SP3 in 20.03-LTS-SP4 | | +| I8AUE5 | src-openEuler/gazelle | [20.03-LTS-SP4]gazelle downgraded from 20.03-LTS-SP3 in 20.03-LTS-SP4 | | +| I8AUIA | src-openEuler/golang | [20.03-SP4-alpha]The golang package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8AUKW | src-openEuler/libxml2 | [20.03-SP4-alpha]The libxml2 package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8AUNS | src-openEuler/blivet-gui | [20.03-SP4-alpha]The blivet-gui package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8AUPZ | src-openEuler/python-paramiko | [20.03-LTS-SP4]python-paramiko downgraded from 20.03-LTS-SP3 in 20.03-LTS-SP4 | | +| I8AUQ8 | src-openEuler/python-urllib3 | [20.03-SP4-alpha]The python-urllib3 package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8AUV7 | src-openEuler/gcc | [20.03-SP4-alpha]The gcc package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8AV36 | src-openEuler/rest | [20.03-SP4-alpha]The REST package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8B0YO | src-openEuler/lwip | [EulerMaker] lwip build problem in openEuler-20.03-LTS-SP4:everything | | +| I8B0YP | src-openEuler/gazelle | [EulerMaker] gazelle build problem in openEuler-20.03-LTS-SP4:everything | | +| I8B3UL | src-openEuler/openEuler-menus | [20.03 LTS SP4 alpha][arm\x86]The installation of redhat-menus conflicts with that of openEuler-menus. | | +| I8B4J0 | src-openEuler/lightdm-gtk | [20.03 LTS SP4 alpha][arm\x86]The installation of lightdm-gtk-greeter conflicts with that of lightdm-gtk. | | +| I8B558 | src-openEuler/python-suds-jurko | [20.03 LTS SP4 alpha][arm\x86]The installation of python3-suds-jurko conflicts with that of python3-yarg. | | +| I8B7RN | src-openEuler/deepin-reader | [EulerMaker] deepin-reader build problem in openEuler-20.03-LTS-SP4:epol | | +| I8B7RO | src-openEuler/dde-file-manager | [EulerMaker] dde-file-manager build problem in openEuler-20.03-LTS-SP4:epol | | +| I8B7RP | src-openEuler/dde-control-center | [EulerMaker] dde-control-center build problem in openEuler-20.03-LTS-SP4:epol | | +| I8BAMG | src-openEuler/ipmitool | [20.03 LTS SP4 alpha][arm\x86]An error message is displayed when IPMItool is upgraded from 20.03-LTS-SP3 to 20.03-LTS-SP4. | | +| I8BCBF | src-openEuler/kmod-kvdo | [20.03 LTS SP4 alpha][arm\x86]An error message is displayed when kmod-kvdo is upgraded from 20.03-LTS-SP3 to 20.03-LTS-SP4. | | +| I8BHSP | src-openEuler/oec-hardware | [20.03-SP4-alpha]The oec-hardware package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8BHXN | src-openEuler/pyflakes | [20.03-SP4-alpha]The pyflakes package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8BI1X | src-openEuler/mariadb | [20.03-SP4-alpha]The MariaDB package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8BI80 | src-openEuler/libvpx | [20.03-SP4-alpha]The libvpx package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8C0QJ | src-openEuler/python-django | [20.03-SP4-alpha]The python-django package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8C0TH | src-openEuler/python-flake8 | [20.03-SP4-alpha]The python-flake8 package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8C0WK | src-openEuler/python-pycodestyle | [20.03-SP4-alpha]The python-pycodestyle package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8C9D2 | src-openEuler/python-APScheduler | [20.03-SP4-alpha]python-APScheduler needs to be introduced to version 20.03-sp4 | | +| I8C9DT | src-openEuler/python-tzlocal | [20.03-SP4-alpha]python-tzlocal needs to be introduced to version 20.03-sp4 | | +| I8C9FY | src-openEuler/python-Flask-APScheduler | [20.03-SP4-alpha]python-Flask-APScheduler needs to be introduced to version 20.03-sp4 | | +| I8C9GD | src-openEuler/kafka-python | [20.03-SP4-alpha]kafka-python needs to be introduced to 20.03-sp4. | | +| I8CHLK | src-openEuler/nvwa | [openEuler-20.03-LTS-SP4 alpha][x86]The nvwa-pre.service and nvwa.service services fail to be started. | | +| I8CRGY | src-openEuler/booth | [openEuler-20.03-LTS-SP4 alpha]Error Information Is Displayed After the booth-arbitrator.service Service Is Started | | +| I8CTXZ | src-openEuler/php | [openEuler-20.03-LTS-SP4 alpha]After the php-fpm and php-opcache Software Packages Are Installed at the Same Time in the x86 Environment, the php-fpm.service Service Fails to Be Started | | +| I8D5A5 | src-openEuler/aops-hermes | [EulerMaker] aops-hermes build problem in openEuler-20.03-LTS-SP4:epol | | +| I8D5A8 | openEuler/syscare | [EulerMaker] syscare build problem in openEuler-20.03-LTS-SP4:epol | | +| I8D5V3 | src-openEuler/fence-agents | [20.03-SP4-rc1]The binary software package of the fence-agents package in the x86 architecture is missing. | | +| I8D66K | src-openEuler/hadoop-3.1 | [EBS] hadoop-3.1 install problem in openEuler-20.03-LTS-SP4:everything | | +| I8D66L | src-openEuler/hive | [EBS] hive install problem in openEuler-20.03-LTS-SP4:everything | | +| I8D66M | src-openEuler/python-Flask-APScheduler | [EBS] python-Flask-APScheduler install problem in openEuler-20.03-LTS-SP4:everything | | +| I8D66O | src-openEuler/python-APScheduler | [EBS] python-APScheduler install problem in openEuler-20.03-LTS-SP4:everything | | +| I8D66Q | src-openEuler/python-tzlocal | [EBS] python-tzlocal install problem in openEuler-20.03-LTS-SP4:everything | | +| I8D68M | src-openEuler/python-elasticsearch7 | [EulerMaker] python-elasticsearch7 install problem in openEuler-20.03-LTS-SP4:everything | | +| I8D69H | src-openEuler/fence-agents | [EulerMaker] fence-agents install problem in openEuler-20.03-LTS-SP4:everything | | +| I8D7IZ | src-openEuler/secGear | [20.03-SP4-rc1]The secGear package does not contain the binary software package of the x86 architecture. | | +| I8DB3N | src-openEuler/jakarta-servlet | [20.03 LTS SP4 round1][arm\x86]The installation of jakarta-servlet conflicts with that of glassfish-servlet-api. | | +| I8DBFX | src-openEuler/openstack-tempest | [20.03 LTS SP4 round1][arm\x86]Installing openstack-tempest Conflicts with python3-tempest-lib | | +| I8DBHP | src-openEuler/python-rtslib | [20.03 LTS SP4 round1][arm\x86]Installing python3-rtslib-fb conflicts with python3-rtslib. | | +| I8DBKT | src-openEuler/python-openvswitch | [20.03 LTS SP4 round1][arm\x86]python3-ovs and openvswitch provide the same OVS file, causing an installation conflict. You are advised to add conflict to spec. | | +| I8DC9C | src-openEuler/drbd | [openEuler-20.03-LTS-SP4 rc1]Failed to start the Dataflow job | | +| I8DLQZ | src-openEuler/mariadb | [20.03 SP4-RC1] [x86/arm] MariaDB grants permissions to a specified user, but the user fails to connect to the database. | | +| I8DQKY | src-openEuler/three-eight-nine-ds-base | [openEuler-20.03-LTS-SP4 rc1]Failure to Start the dirsrv-snmp.service Service | | +| I8DSDG | src-openEuler/openvswitch | [openEuler-20.03-LTS-SP4 rc1]Failed to start ovs-vswitchd.service and openvswitch.service. | | +| I8DT1W | src-openEuler/rasdaemon | [openEuler-20.03-LTS-SP4 rc1][arm]Failed to Start ras-mc-ctl.service | | +| I8DTF9 | src-openEuler/openEuler-release | [20.03-LTS-SP4-RC1]A Message Is Displayed on the Login Page Indicating that the bc Command Is Missing | | +| I8E1K4 | src-openEuler/openapi-spec-validator | [EulerMaker] openapi-spec-validator build problem in openEuler-20.03-LTS-SP4:epol | | +| I8E1K5 | src-openEuler/deepin-devicemanager | [EulerMaker] deepin-devicemanager build problem in openEuler-20.03-LTS-SP4:epol | | +| I8E1K6 | src-openEuler/swagger-ui-bundle | [EulerMaker] swagger-ui-bundle build problem in openEuler-20.03-LTS-SP4:epol | | +| I8E1K8 | src-openEuler/python-clickclick | [EulerMaker] python-clickclick build problem in openEuler-20.03-LTS-SP4:epol | | +| I8E1NX | src-openEuler/python-connexion | [EulerMaker] python-connexion build problem in openEuler-20.03-LTS-SP4:epol | | +| I8E1O2 | openEuler/gala-ragdoll | [EulerMaker] gala-ragdoll build problem in openEuler-20.03-LTS-SP4:epol | | +| I8E5OO | src-openEuler/tycho | [EulerMaker] tycho build problem in openEuler-20.03-LTS-SP4:everything | | +| I8E686 | src-openEuler/obs-server | [openEuler-20.03-LTS-SP4 SP1]Some obs-server services can be started only after SELinux is disabled. | | +| I8E82W | src-openEuler/libcgroup | [20.03-SP4-rc1]The libcgroup package is downgraded in 20.03-LTS-SP4-RC1 compared with 20.03-LTS-SP3. | | +| I8E85Y | src-openEuler/liberation-fonts | [20.03-SP4-rc1]The liberation-fonts package is downgraded in 20.03-LTS-SP4-RC1 compared with 20.03-LTS-SP3. | | +| I8EDF3 | src-openEuler/sudo | [20.03-LTS-SP4 round1][x86/arm]sudo-1.9.2-13.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirement. | | +| I8EEX0 | src-openEuler/pulseaudio | [20.03-LTS-SP4 round1][x86/arm]The secure compilation option Runpath/Rpath of pulseaudio-13.0-5.oe2003sp4 does not meet the requirements. | | +| I8EFDC | src-openEuler/rdate | [20.03-LTS-SP4 round1][x86/arm]The rdate-1.5-1.oe2003sp4 security compilation option Strip does not meet the requirement. | | +| I8EH77 | src-openEuler/tcpdump | [20.03-LTS-SP4 round1][x86/arm]tcpdump-4.9.3-7.oe2003sp4 compiler security option Runpath/Rpath does not meet requirements. | | +| I8EH8Z | src-openEuler/tpm2-tools | [20.03-LTS-SP4 round1][x86/arm]The tpm2-tools-5.0-3.oe2003sp4 security compilation option Runpath/Rpath does not meet the requirements. | | +| I8EHCC | src-openEuler/valgrind | [20.03-LTS-SP4 round1][x86/arm]The compiler security option PIE of valgrind-3.13.0-29.oe2003sp4 does not meet the requirement. | | +| I8EHK4 | src-openEuler/custodia | [20.03 LTS SP4 round1][arm\x86]An error message is displayed during custodia installation and uninstallation. | | +| I8EHWQ | src-openEuler/ceph | [20.03 LTS SP4 round1][arm\x86]An Error Message Is Displayed During Ceph Package Installation | | +| I8EHXL | src-openEuler/tracker | [20.03-LTS-SP4 round1][x86/arm]The tracker-2.1.5-3.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirements. | | +| I8EI5C | src-openEuler/tokyocabinet | [20.03-LTS-SP4 round1][x86/arm]The security compilation option Runpath/Rpath of tokyo cabinet-1.4.48-15.oe2003sp4 does not meet the requirements. | | +| I8EI97 | src-openEuler/syscontainer-tools | [20.03-LTS-SP4 round1][x86/arm]The syscontainer-tools-0.9-48.oe2003sp4 security compilation option Strip does not meet requirements. | | +| I8EIDF | src-openEuler/rarian | [20.03-LTS-SP4 round1][x86/arm]The rarian-0.8.1-23.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirement. | | +| I8EIGV | src-openEuler/gcc | [20.03 SP4 RC1] [deja]The built-in GCC of the system contains the isl library. When a test case is executed, the error message "ICE:internal compiler error:Aborted" is displayed. | | +| I8EIKA | src-openEuler/gcc | [20.03 SP4 RC1][deja]The expected target field cannot be found in the generated process or target file. | | +| I8EJCD | src-openEuler/gcc | [20.03 SP4 RC1][bs_test] -ICE:at tree-scalar-evolution.c:1779 occurs during O3 compilation. | | +| I8EJEP | src-openEuler/kernel | [20.03-SP4-rc1][x86/arm]Local self-compilation of the kernel source code package fails because the linux-kernel-test.patch file is missing. | | +| I8EKZQ | src-openEuler/alsa-firmware | [20.03-LTS-SP4 round1][x86/arm]The alsa-firmware-1.2.1-1.oe2003sp4 compiler security options PIE and NO Rpath/RunPath do not meet the requirements. | | +| I8EM6E | src-openEuler/autogen | [20.03-LTS-SP4 round1][x86/arm]The autogen-5.18.16-1.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirement. | | +| I8EM6W | src-openEuler/babeltrace | [20.03-LTS-SP4 round1][x86/arm]The babeltrace-1.5.8-1.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirement. | | +| I8EM7K | src-openEuler/eog | [20.03-LTS-SP4 round1][x86/arm]eog-3.28.4-3.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirement. | | +| I8EM7Z | src-openEuler/audiofile | [20.03-LTS-SP4 round1][x86/arm]The audiofile-0.3.6-25.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirements. | | +| I8EM9Q | src-openEuler/exiv2 | [20.03-LTS-SP4 round1][x86/arm]The security compilation option Runpath/Rpath of exiv2-0.27.5-2.oe2003sp4 does not meet the requirement. | | +| I8EMAM | src-openEuler/cracklib | [20.03-LTS-SP4 round1][x86/arm]The security compilation option Runpath/Rpath of cracklib-2.9.7-6.oe2003sp4 does not meet the requirements. | | +| I8EMCP | src-openEuler/binutils | [20.03-LTS-SP4 round1][x86/arm]binutils-2.34-30.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirement. | | +| I8EMDD | src-openEuler/enchant | [20.03-LTS-SP4 round1][x86/arm]The compiler security option Runpath/Rpath does not meet the requirements of enchant-1.6.1-2.oe2003sp4. | | +| I8EMEH | src-openEuler/evolution-data-server | [20.03-LTS-SP4 round1][x86/arm]The evolution-data-server-3.30.1-5.oe2003sp4 security compilation option Runpath/Rpath does not meet the requirements. | | +| I8EMEI | src-openEuler/esc | [20.03-LTS-SP4 round1][x86/arm]esc-1.1.2-4.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirement. | | +| I8EMPL | src-openEuler/gvfs | [20.03-LTS-SP4 round1][x86/arm]The gvfs-1.40.2-8.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirements. | | +| I8EMPS | src-openEuler/gnome-settings-daemon | [20.03-LTS-SP4 round1][x86/arm]The gnome-settings-daemon-3.30.1.2-2.oe2003sp4 security compilation option Runpath/Rpath does not meet the requirements. | | +| I8EMQ6 | src-openEuler/harfbuzz | [20.03-LTS-SP4 round1][x86/arm]The security compilation option Runpath/Rpath of harfbuzz-2.8.1-4.oe2003sp4 does not meet the requirements. | | +| I8EMQN | src-openEuler/glibc | [20.03-LTS-SP4 round1][x86/arm]The glibc-2.28-97.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirements. | | +| I8EMR0 | src-openEuler/graphviz | [20.03-LTS-SP4 round1][x86/arm]graphviz-2.44.0-3.oe2003sp4 Compiler Security Option Runpath/Rpath Does Not Meet Requirements | | +| I8EMRB | src-openEuler/gnome-shell | [20.03-LTS-SP4 round1][x86/arm]The gnome-shell-3.30.1-10.oe2003sp4 security compilation option Runpath/Rpath does not meet the requirements. | | +| I8EMRO | src-openEuler/freeradius | [20.03-LTS-SP4 round1][x86/arm]The compiler security option Runpath/Rpath of freeradius-3.0.15-25.oe2003sp4 does not meet the requirement. | | +| I8EMS0 | src-openEuler/glibc | [20.03-LTS-SP4 round1][x86/arm]The pulseaudio-13.0-5.oe2003sp4 compiler security option PIE does not meet requirements. | | +| I8EMTB | src-openEuler/golang | [20.03-LTS-SP4 round1][x86/arm]The compiler security options PIE and STRIP of golang-1.15.7-36.oe2003sp4 do not meet the requirements. | | +| I8EMUW | src-openEuler/gcc | [20.03 SP4 RC1][llvm_lit] gcc -c -w Compilation Error error: wrong number of arguments specified for 'long_call' attribute | | +| I8EN1F | src-openEuler/mysql | [20.03-LTS-SP4 round1][x86/arm]The security compilation options Runpath/Rpath and Strip of mysql-8.0.28-2.oe2003sp4 do not meet the requirements. | | +| I8EP4X | src-openEuler/mstflint | [20.03-LTS-SP4 round1][x86/arm]mstflint-4.10.0-5.oe2003sp4 security compilation option Strip does not meet requirements. | | +| I8EP66 | src-openEuler/man-db | [20.03-LTS-SP4 round1][x86/arm]The man-db-2.8.7-8.oe2003sp4 security compilation option Runpath/Rpath does not meet the requirements. | | +| I8EPR2 | src-openEuler/openscap | [20.03-LTS-SP4 round1][x86/arm]The compiler security option Runpath/Rpath of openscap-1.3.2-8.oe2003sp4 does not meet the requirements. | | +| I8EPRT | src-openEuler/nftables | [20.03-LTS-SP4 round1][x86/arm]nftables-0.9.6-5.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirement. | | +| I8EPTB | src-openEuler/mcpp | [20.03-LTS-SP4 round1][x86/arm]The compiler security option Runpath/Rpath of mcpp-2.7.2-26.oe2003sp4 does not meet the requirement. | | +| I8EQGN | src-openEuler/mutter | [20.03-LTS-SP4 round1][x86/arm]The mutter-3.30.1-9.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirements. | | +| I8ETWT | src-openEuler/linux-firmware | [20.03-LTS-SP4 round1][x86/arm]The linux-firmware-20211027-1.oe2003sp4 compiler security options PIE and STRIP do not meet the requirements. | | +| I8ETXT | src-openEuler/lapack | [20.03-LTS-SP4 round1][x86/arm]The security compilation option STRIP of lapack-3.9.0-6.oe2003sp4 does not meet the requirements. | | +| I8ETYV | src-openEuler/libpsl | [20.03-LTS-SP4 round1][x86/arm]The compiler security option Runpath/Rpath of libpsl-0.21.1-1.oe2003sp4 does not meet the requirement. | | +| I8ETZQ | src-openEuler/libmetalink | [20.03-LTS-SP4 round1][x86/arm]libmetalink-0.1.3-8.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirement. | | +| I8EU2B | src-openEuler/llvm | [20.03-LTS-SP4 round1][x86/arm]The compiler security option Runpath/Rpath of llvm-10.0.1-2.oe2003sp4 does not meet the requirements. | | +| I8EU2V | src-openEuler/libvorbis | [20.03-LTS-SP4 round1][x86/arm]The security compilation option Runpath/Rpath of libvorbis-1.3.7-1.oe2003sp4 does not meet the requirements. | | +| I8EU7W | src-openEuler/libgphoto2 | [20.03-LTS-SP4 round1][x86/arm]The compiler security option Runpath/Rpath of libgphoto2-2.5.18-3.oe2003sp4 does not meet the requirements. | | +| I8EU8S | src-openEuler/libpeas | [20.03-LTS-SP4 round1][x86/arm]libpeas-1.22.0-11.oe2003sp4 compiler security option Runpath/Rpath does not meet the requirement. | | +| I8EUA2 | src-openEuler/kata-containers | [20.03-LTS-SP4 round1][x86/arm]The kata-containers-v1.11.1-14.oe2003sp4 compiler security option PIE does not meet requirements. | | +| I8EUBJ | src-openEuler/linuxdoc-tools | [20.03 LTS SP4 round1][arm\x86]The --language parameter of linuxdoc -B info and sgml2info does not take effect. | | +| I8EWX3 | src-openEuler/linuxdoc-tools | [20.03 LTS SP4 round1][arm\x86]The --charset parameter of linuxdoc -B info and sgml2info does not take effect. | | +| I8EY8K | src-openEuler/beakerlib | [20.03-LTS-SP4]An error is reported when the beakerlib-deja-summarize command is executed. | | +| I8F1BR | src-openEuler/dpdk | [20.03-SP4-rc2]The dpdk package is downgraded in 20.03-LTS-SP4 compared with 20.03-LTS-SP3. | | +| I8F1ZX | src-openEuler/ddcutil | [EulerMaker] ddcutil build problem in openEuler-20.03-LTS-SP4:epol | | +| I8F2GD | src-openEuler/selinux-policy | [20.03-LTS-SP4 round2][x86/arm]SELinux is disabled by default. | | +| I8FCE6 | src-openEuler/aops-vulcanus | [20.03-LTS-SP4-RC2][arm/x86][Aops] Failed to Install aops-vulcanus | | +| I8FOB4 | src-openEuler/openstack-neutron | [2003_SP4_RC2_epol][arm/x86]When the python3-neutron Package Is Installed, a Message Is Displayed Indicating that the Dependency python3-os-xenapi Is Missing and Cannot Be Installed | | +| I8FOEI | src-openEuler/aops-apollo | [2003_SP4_RC2_epol][arm/x86]When the aops-apollo Package Is Installed, a Message Is Displayed Indicating that the Dependency python3-elasticsearch Is Missing and Cannot Be Installed | | +| I8FOS2 | src-openEuler/anaconda | [20.03-LTS-SP4]English Characters Are Displayed on Multiple Pages When the System Is Installed in Chinese | | +| I8FWV1 | src-openEuler/tycho | [20.03-SP4-rc2][arm/x86]Local self-compilation of the tycho source code package fails. | | +| I8G049 | src-openEuler/gcc-10 | [20.03 SP4 RC2][deja]An error is reported when the ubsan.exp test case is executed in GCC and G++. | | +| I8G0RB | src-openEuler/deepin-log-viewer | [20.03-SP4-rc2][arm/x86]The local self-compilation of the deepin-log-viewer source code package fails because the compilation dependency minizip1.2-devel is missing. | | +| I8G2SG | src-openEuler/geronimo-jaxrpc | [20.03-SP4-rc2][arm/x86]The local self-compilation of the geronimo-jaxrpc source code package fails because geronimo-servlet_3.0_spec:jar:1.0 is missing. | | +| I8GMQ6 | src-openEuler/dde | [openEuler-20.03-LTS-SP4 rc2]After the DDE is upgraded, a black screen is displayed after the DDE is restarted. | | +| I8GO7N | src-openEuler/gcc | [20.03 SP4 RC2][csmith]-The compilation of the O3 -mcpu=tsv110 -fselective-scheduling -fvar-tracking-assignments-toggle option causes ICE:internal compiler error: Segmentation fault. | | +| I8GUMS | src-openEuler/kata-containers | [EulerMaker] kata-containers build problem in openEuler-20.03-LTS-SP4:everything | | +| I8H3PV | src-openEuler/cryfs | [EulerMaker] cryfs build problem in openEuler-20.03-LTS-SP4:epol | | +| I8H4AA | src-openEuler/openEuler-release | [20.03-LTS-SP4-RC3]The error message "expr: syntax error: unexpected argument" is displayed on the login page. | | +| I8H76R | src-openEuler/shim | Failed to Start the openEuler-20.03-LTS-SP4 Image on the Kunpeng Server | | +| I8HIRD | src-openEuler/lm_sensors | [2003_SP4_RC3_everything][arm/x86]Error information is displayed during the downgrade of lm_sensors. | | +| I8HRV4 | src-openEuler/obs-server | [2003_SP4_RC3_everything][arm/x86]Alarms Are Generated During obs-api Installation | | +| I8HW99 | src-openEuler/aops-ceres | [20.03-LTS-SP4-RC3][arm/x86][Aops] An error message is displayed during the aops-ceres installation, and the CVE fails to be restored. | | +| I8HXD8 | src-openEuler/network-manager-applet | [openEuler-20.03-SP4-RC3]Multiple English Characters Are Displayed on the Environment and Host Name Configuration Page During Chinese Installation | | +| I8I30B | src-openEuler/mongo-java-driver | [EulerMaker] mongo-java-driver build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30D | src-openEuler/firebird | [EulerMaker] firebird build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30I | src-openEuler/llvm | [EulerMaker] llvm build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30L | src-openEuler/gpars | [EulerMaker] gpars build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30N | src-openEuler/jq | [EulerMaker] jq build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30O | src-openEuler/texlive-base | [EulerMaker] texlive-base build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30Q | src-openEuler/mod_wsgi | [EulerMaker] mod_wsgi build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30R | src-openEuler/sshj | [EulerMaker] sshj build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30U | src-openEuler/graphviz | [EulerMaker] graphviz build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30V | src-openEuler/uwsgi | [EulerMaker] uwsgi build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30W | src-openEuler/cfitsio | [EulerMaker] cfitsio build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I30Z | src-openEuler/tss2 | [EulerMaker] tss2 build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I310 | src-openEuler/mongo-c-driver | [EulerMaker] mongo-c-driver build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I315 | src-openEuler/gradle | [EulerMaker] gradle build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I31E | src-openEuler/subversion | [EulerMaker] subversion build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I31N | src-openEuler/linux-sgx | [EulerMaker] linux-sgx build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I31W | src-openEuler/apache-poi | [EulerMaker] apache-poi build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I31Y | src-openEuler/openjade | [EulerMaker] openjade build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I3P1 | src-openEuler/i40e | [EulerMaker] i40e build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I3P2 | src-openEuler/spdk | [EulerMaker] spdk build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I3P5 | src-openEuler/scipy | [EulerMaker] scipy build problem in openEuler-20.03-LTS-SP4:everything | | +| I8I3QZ | src-openEuler/gnome-shell | [2003_SP4_RC3][arm/x86]Error Message "error while loading shared libraries" Is Displayed When the gnome-shell Command Is Executed | | +| I8I8DP | src-openEuler/NetworkManager-l2tp | [EulerMaker] NetworkManager-l2tp install problem in openEuler-20.03-LTS-SP4:epol | | +| I8I8DU | src-openEuler/kiran-menu | [EulerMaker] kiran-menu install problem in openEuler-20.03-LTS-SP4:epol | | +| I8I8DW | src-openEuler/ovirt-engine-ui-extensions | [EulerMaker] ovirt-engine-ui-extensions install problem in openEuler-20.03-LTS-SP4:epol | | +| I8I8DZ | src-openEuler/ovirt-engine-dwh | [EulerMaker] ovirt-engine-dwh install problem in openEuler-20.03-LTS-SP4:epol | | +| I8I8E1 | src-openEuler/python-cassandra-driver | [EulerMaker] python-cassandra-driver install problem in openEuler-20.03-LTS-SP4:epol | | +| I8I8E3 | src-openEuler/python-feedparser | [EulerMaker] python-feedparser install problem in openEuler-20.03-LTS-SP4:epol | | +| I8I8E5 | src-openEuler/python-os-api-ref | [EulerMaker] python-os-api-ref install problem in openEuler-20.03-LTS-SP4:epol | | +| I8I8E9 | src-openEuler/python-pep8-naming | [EulerMaker] python-pep8-naming install problem in openEuler-20.03-LTS-SP4:epol | | +| I8I8EB | src-openEuler/python-pyxcli | [EulerMaker] python-pyxcli install problem in openEuler-20.03-LTS-SP4:epol | | +| I8I8EE | src-openEuler/scl-utils | [EulerMaker] scl-utils install problem in openEuler-20.03-LTS-SP4:epol | | +| I8IH58 | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][arm/x86]Run da-tool.sh -? No help information is provided. | | +| I8IK40 | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][arm/x86]The k that does not exist in the /etc/da-tool.conf file is not verified. | | +| I8IOAY | src-openEuler/kernel | The stratovirt_img file of the AArch64 architecture fails to be created in the openEuler-20.03-LTS-SP4 version. | | +| I8IRI2 | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][arm/x86]Duplicate k (kernel symbol) is configured in the da-tool configuration file. The execution of da-tool.sh is interrupted. | | +| I8ITPO | src-openEuler/aops-hermes | [20.03-LTS-SP4-RC3][arm/x86][Aops]On the task repair page, after the level-2 list is expanded, the search result is displayed abnormally. | | +| I8IVJC | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][arm/x86]If duplicate u is configured in the /etc/da-tool.conf file, the size of the generated func_delay_stack file reaches 4.7 GB. | | +| I8IZ98 | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][arm/x86]The /etc/da-tool.conf file is correctly configured. Case 1 is used for the test. The da-tool.sh script is executed for more than 10s. The analysis result shows that the function invoking relationship is abnormal. | | +| I8J3YF | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][arm/x86]No help information is displayed after the da-tool.sh -x 1 command (incorrect parameter) is executed. | | +| I8J43M | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][arm/x86]No error is reported when da-tool.sh 5 is executed. | | +| I8J4CI | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][arm/x86]No error is reported when da-tool.sh -t -m 5 (error parameter combination) is executed. | | +| I8J4Q4 | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][arm/x86]Run the da-tool.sh -t 1000000000000000000000000000004 command. If no error is reported, the command execution continues. | | +| I8J6ND | src-openEuler/deepin-compressor | [20.03-SP4-rc4][arm/x86]The local self-compilation of the deepin-compressor source code package fails because the compilation dependency minizip1.2-devel is missing. | | +| I8J7H7 | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][arm/x86]When floating point numbers, letters, Chinese characters, and special characters are added after da-tool.sh -t, no verification is performed. | | +| I8JGDC | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC3][Documentation]da-tool user manual.md documentation problem | | +| I8JHZF | src-openEuler/kata-containers | [EulerMaker] kata-containers build problem in openEuler-20.03-LTS-SP4:everything | | +| I8JHZK | src-openEuler/deepin-screen-recorder | [EulerMaker] deepin-screen-recorder build problem in openEuler-20.03-LTS-SP4:epol | | +| I8JHZL | src-openEuler/deepin-terminal | [EulerMaker] deepin-terminal build problem in openEuler-20.03-LTS-SP4:epol | | +| I8JI13 | src-openEuler/php-pecl-zip | [EulerMaker] php-pecl-zip build problem in openEuler-20.03-LTS-SP4:epol | | +| I8JMHY | src-openEuler/proselint | [EulerMaker] proselint install problem in openEuler-20.03-LTS-SP4:epol | | +| I8JMJ7 | src-openEuler/oath-toolkit | [EulerMaker] oath-toolkit install problem in openEuler-20.03-LTS-SP4:epol | | +| I8JU4P | src-openEuler/aops-hermes | [20.03-LTS-SP4-RC4][arm/x86][Aops] Cache Is Not Cleared on the Level-2 List Page of the Batch Add Host Dialog Box | | +| I8JYBD | src-openEuler/multipath-tools | [EulerMaker] multipath-tools build problem in openEuler-20.03-LTS-SP4:everything | | +| I8JYBF | src-openEuler/erlang | [EulerMaker] erlang build problem in openEuler-20.03-LTS-SP4:everything | | +| I8JYBJ | src-openEuler/kae_driver | [EulerMaker] kae_driver build problem in openEuler-20.03-LTS-SP4:everything | | +| I8K72V | src-openEuler/e2fsprogs | [20.03-LTS-SP4]Formatting the mkfs.ext3 Disk on a Physical Machine Is Suspended | | +| I8KEU5 | src-openEuler/dde | [openEuler-20.03-LTS-SP4 rc4]The IP address is automatically configured during the installation. After the installation, no IP address is available and the created user cannot log in to the system after the installation. | | +| I8KJ90 | src-openEuler/gcc | It is suspected that GCC adds compilation options to PR (360). As a result, the efl compilation is suspended. | | +| I8KRT0 | src-openEuler/aops-ceres | [openEuler-20.03-LTS-SP4-RC5][Usability][arm/x86]After the da-tool.sh -t 0 command is executed, no error information is displayed. | | diff --git a/docs/en/docs/Releasenotes/source-code.md b/docs/en/docs/Releasenotes/source-code.md index e8e41391360885baba774fecef9a255a2c6ff987..74804db9fb8f81927019ef83b6e86de8c98ce126 100644 --- a/docs/en/docs/Releasenotes/source-code.md +++ b/docs/en/docs/Releasenotes/source-code.md @@ -5,5 +5,5 @@ openEuler contains two code repositories: - Code repository: [https://gitee.com/openeuler](https://gitee.com/openeuler) - Software package repository: [https://gitee.com/src-openeuler](https://gitee.com/src-openeuler) -The openEuler release packages also provide the source ISO files. For details, see [Installing the OS](./installing-the-os.md). +The openEuler release packages also provide the source ISO files. For details, see [Installing the OS](./installing-the-os.md\). diff --git a/docs/en/docs/Releasenotes/terms-of-use.md b/docs/en/docs/Releasenotes/terms-of-use.md index dbbef6358b01550f1c2b03252c9b254e4682b953..8fab84f65144bb0c9208baf04afcc3251bccf46d 100644 --- a/docs/en/docs/Releasenotes/terms-of-use.md +++ b/docs/en/docs/Releasenotes/terms-of-use.md @@ -1,14 +1,13 @@ -# Terms of Use +# Terms of Use -**Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.** +**Copyright © 2023 openEuler Community** Your replication, use, modification, and distribution of this document are governed by the Creative Commons License Attribution-ShareAlike 4.0 International Public License \(CC BY-SA 4.0\). You can visit [https://creativecommons.org/licenses/by-sa/4.0/](https://creativecommons.org/licenses/by-sa/4.0/) to view a human-readable summary of \(and not a substitute for\) CC BY-SA 4.0. For the complete CC BY-SA 4.0, visit [https://creativecommons.org/licenses/by-sa/4.0/legalcode](https://creativecommons.org/licenses/by-sa/4.0/legalcode). **Trademarks and Permissions** -openEuler is a trademark of Huawei Technologies Co., Ltd. All other trademarks and registered trademarks mentioned in this document are the property of their respective holders. +All trademarks and registered trademarks mentioned in the documents are the property of their respective holders. The use of the openEuler trademark must comply with the [Use Specifications of the openEuler Trademark](https://www.openeuler.org/en/other/brand/). **Disclaimer** This document is used only as a guide. Unless otherwise specified by applicable laws or agreed by both parties in written form, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, including but not limited to non-infringement, timeliness, and specific purposes. - diff --git a/docs/en/docs/Releasenotes/user-notice.md b/docs/en/docs/Releasenotes/user-notice.md index aba8b99475bb57ec2abe3ac65d7f22904cd0f9f6..f31451733ebdae5bd33c78fb4919302c73b1c476 100644 --- a/docs/en/docs/Releasenotes/user-notice.md +++ b/docs/en/docs/Releasenotes/user-notice.md @@ -1,5 +1,4 @@ # User Notice -- The version number counting rule of openEuler is changed from openEuler _x.x_ to openEuler _year_._month_. For example, openEuler 20.03 indicates that the version is released in March 2020. -- The [Python core team](https://www.python.org/dev/peps/pep-0373/#update) has stopped maintaining Python 2 in January 2020. In 2020, openEuler 20.03 LTS fixes only the critical CVE of Python 2 and will reach the end of maintenance \(EOM\) on December 31, 2020. Please switch to Python 3 as soon as possible. - +- The version number counting rule of openEuler is changed from openEuler _x.x_ to openEuler _year_._month_. For example, openEuler 20.03 indicates that the version is released in March 2020. +- The [Python core team](https://www.python.org/dev/peps/pep-0373/#update) has stopped maintaining Python 2 in January 2020. The openEuler community stopped maintaining Python 2 on December 31, 2020. openEuler 20.03 LTS SP4 fixes only the critical CVEs of Python 2. Please switch to Python 3. diff --git a/docs/en/docs/SecHarden/account-passwords.md b/docs/en/docs/SecHarden/account-passwords.md index 356a99935e0af3ca5eea30799d2109307ae2042d..a2fa9e6d616db0f28f38430ac8e8830ec519fbc8 100644 --- a/docs/en/docs/SecHarden/account-passwords.md +++ b/docs/en/docs/SecHarden/account-passwords.md @@ -1,25 +1,16 @@ # Account Passwords -- [Account Passwords](#account-passwords) - - [Shielding System Accounts](#shielding-system-accounts) - - [Restricting Permissions on the su Command](#restricting-permissions-on-the-su-command) - - [Setting Password Complexity](#setting-password-complexity) - - [Setting the Password Validity Period](#setting-the-password-validity-period) - - [Setting Password Encryption Algorithms](#setting-password-encryption-algorithms) - - [Locking an Account After Three Login Failures](#locking-an-account-after-three-login-failures) - - [Hardening the su Command](#hardening-the-su-command) - ## Shielding System Accounts ### Description -Accounts excluding user accounts are system accounts. System accounts cannot be used for logins or performing other operations. Therefore, system accounts must be shielded. +Accounts excluding user accounts are system accounts. System accounts are used by specific applications and must not be used for logins or performing other operations. Therefore, system accounts must be prohibited from logging in. ### Implementation Modify the shell of a system account to **/sbin/nologin**. -``` +```shell usermod -L -s /sbin/nologin $systemaccount ``` @@ -36,12 +27,10 @@ The **su** command is used to switch user accounts. To improve system security Modify the **/etc/pam.d/su** file as follows: -``` +```text auth required pam_wheel.so use_uid ``` -   - **Table 1** Configuration item in pam\_wheel.so @@ -75,8 +64,8 @@ This section provides an example for configuring password complexity. **Password Complexity Requirements** -1. Contains at least eight characters. -2. Contains at least three types of the following characters: +1. Contains at least eight characters. +2. Contains at least three types of the following characters: - At least one lowercase letter @@ -86,20 +75,18 @@ This section provides an example for configuring password complexity. - At least one space or one of the following special characters: \` \~ ! @ \# $ % ^ & \* \( \) - \_ = + \\ | \[ \{ \} \] ; : ' " , < . \> / ? -3. Cannot be the same as an account or the account in reverse order. -4. Cannot be the last five passwords used. +3. Cannot be the same as an account or the account in reverse order. +4. Cannot be the last five passwords used. **Implementation** Add the following content to the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files: -``` +```text password requisite pam_pwquality.so minlen=8 minclass=3 enforce_for_root try_first_pass local_users_only retry=3 dcredit=0 ucredit=0 lcredit=0 ocredit=0 password required pam_pwhistory.so use_authtok remember=5 enforce_for_root ``` -   - **Configuration Item Description** For details about the configuration items of **pam\_pwquality.so** and **pam\_pwhistory.so**, see [Table 1](#table201221044172117) and [Table 2](#table1212544452120), respectively. @@ -244,12 +231,10 @@ For system security, passwords cannot be stored in plaintext in the system and m To set the password encryption algorithm, add the following configuration to the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files: -``` +```text password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok ``` -   - **Table 1** Configuration items in pam\_unix.so @@ -282,7 +267,7 @@ If an account is locked, any input is invalid but does not cause the locking tim The password complexity is set by modifying the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files. The maximum number of incorrect password attempts is set to **3**, and the unlocking time after the system is locked is set to **300** seconds. The configuration is as follows: -``` +```text auth required pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=300 auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=300 auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=300 @@ -330,6 +315,6 @@ To enhance system security and prevent the environment variables of the current Modify the **/etc/login.defs** file. The configuration is as follows: -``` +```text ALWAYS_SET_PATH=yes ``` diff --git a/docs/en/docs/SecHarden/authentication-and-authorization.md b/docs/en/docs/SecHarden/authentication-and-authorization.md index 7f3a14f70f7c47a75bb5dccb43daa733ffc4705c..256b71330b51988a0b4022d951f9b9d6efe01e9c 100644 --- a/docs/en/docs/SecHarden/authentication-and-authorization.md +++ b/docs/en/docs/SecHarden/authentication-and-authorization.md @@ -2,15 +2,13 @@ - [Authentication and Authorization](#authentication-and-authorization) - [Setting a Warning for Remote Network Access](#setting-a-warning-for-remote-network-access) - - [Forestalling Unauthorized System Restart by Holding Down Ctrl, Alt, and Delete](#forestalling-unauthorized-system-restart-by-holding-down-ctrl-alt-and-delete) + - [Forestalling Unauthorized System Restart by Pressing Ctrl+Alt+Delete](#forestalling-unauthorized-system-restart-by-pressing-ctrlaltdelete) - [Setting an Automatic Exit Interval for Shell](#setting-an-automatic-exit-interval-for-shell) - [Setting the Default umask Value for Users to 0077](#setting-the-default-umask-value-for-users-to-0077) - [Setting the GRUB2 Encryption Password](#setting-the-grub2-encryption-password) - [Setting the Secure Single-user Mode](#setting-the-secure-single-user-mode) - [Disabling Interactive Startup](#disabling-interactive-startup) - - ## Setting a Warning for Remote Network Access ### Description @@ -21,31 +19,31 @@ A warning for remote network access is configured and displayed for users who at This setting can be implemented by modifying the **/etc/issue.net** file. Replace the original content in the **/etc/issue.net** file with the following information \(which has been set by default in openEuler\): -``` +```console Authorized users only. All activities may be monitored and reported. ``` -## Forestalling Unauthorized System Restart by Holding Down Ctrl, Alt, and Delete +## Forestalling Unauthorized System Restart by Pressing Ctrl+Alt+Delete ### Description -By default, you can restart the OS by holding down **Ctrl**, **Alt**, and **Delete**. Disabling this feature can prevent data loss caused by misoperations. +By default, you can restart the system by pressing **Ctrl**+**Alt**+**Delete**. You are advised to disable this function to prevent data loss due to misoperations. ### Implementation -To disable the feature of restarting the system by holding down **Ctrl**, **Alt**, and **Delete**, perform the following steps: +To disable the feature of restarting the system by pressing **Ctrl**+**Alt**+**Delete**, perform the following steps: -1. Run the following commands to delete the two **ctrl-alt-del.target** files: +1. Run the following commands to delete the two **ctrl-alt-del.target** files: - ``` + ```shell rm -f /etc/systemd/system/ctrl-alt-del.target rm -f /usr/lib/systemd/system/ctrl-alt-del.target ``` -2. Change **\#CtrlAltDelBurstAction=reboot-force** to **CtrlAltDelBurstAction=none** in the **/etc/systemd/system.conf** file. -3. Run the following command to restart systemd for the modification to take effect: +2. Change **\#CtrlAltDelBurstAction=reboot-force** to **CtrlAltDelBurstAction=none** in the **/etc/systemd/system.conf** file. +3. Run the following command to restart systemd for the modification to take effect. Note that running the command may cause system services to be unavailable or restarted temporarily. In addition, you must be the **root** user or a user with the sudo permission to perform this operation. - ``` + ```shell systemctl daemon-reexec ``` @@ -59,7 +57,7 @@ An unattended shell is prone to listening or attacks. Therefore, a mechanism mus At the end of file **/etc/profile**, set the **TMOUT** field \(unit: second\) that specifies the interval for automatic exit as follows: -``` +```shell export TMOUT=300 ``` @@ -67,32 +65,31 @@ export TMOUT=300 ### Description -The **umask** value is used to set default permission on files and directories. A smaller **umask** value indicates that group users or other users have incorrect permission, which brings system security risks. Therefore, the default **umask** value must be set to **0077** for all users, that is, the default permission on user directories is **700** and the permission on user files is **600**. The **umask** value indicates the complement of a permission. For details about how to convert the **umask** value to a permission, see [umask Values](#umask-values.md). +The **umask** value is used to set default permission on files and directories. A smaller **umask** value indicates that group users or other users have incorrect permission, which brings system security risks. Therefore, the default **umask** value must be set to **0077** for all users, that is, the default permission on user directories is **700** and the permission on user files is **600**. The **umask** value indicates the complement of a permission. For details about how to convert the **umask** value to a permission, see [umask Values](./appendix.md#umask-values). ->![](public_sys-resources/icon-note.gif) **NOTE:** ->By default, the **umask** value of the openEuler user is set to **0077**. +>![](public_sys-resources/icon-note.gif) **NOTE:** +>By default, the **umask** value of the openEuler user is set to **0022**. ### Implementation -1. Add **umask 0077** to the **/etc/bashrc** file and all files in the **/etc/profile.d/** directory. +1. Add **umask 0077** to the **/etc/bashrc** file and all files in the **/etc/profile.d/** directory. - ``` + ```shell echo "umask 0077" >> $FILE ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](public_sys-resources/icon-note.gif) **NOTE:** >_$FILE_ indicates the file name, for example, echo "umask 0077" \>\> /etc/bashrc. -2. Set the ownership and group of the **/etc/bashrc** file and all files in the **/etc/profile.d/** directory to **root**. +2. Set the ownership and group of the **/etc/bashrc** file and all files in the **/etc/profile.d/** directory to **root**. - ``` + ```shell chown root.root $FILE ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](public_sys-resources/icon-note.gif) **NOTE:** >_$FILE_ indicates the file name, for example, **chown root.root /etc/bashrc**. - ## Setting the GRUB2 Encryption Password ### Description @@ -101,39 +98,39 @@ GRand Unified Bootloader \(GRUB\) is an operating system boot manager used to bo When starting the system, you can modify the startup parameters of the system on the GRUB2 screen. To ensure that the system startup parameters are not modified randomly, you need to encrypt the GRUB2 screen. The startup parameters can be modified only when the correct GRUB2 password is entered. ->![](public_sys-resources/icon-note.gif) **NOTE:** ->The default password of GRUB2 is **openEuler\#12**. You are advised to change the default password upon the first login and periodically update the password. If the password is leaked, startup item configurations may be modified, causing the system startup failure. +>![](public_sys-resources/icon-note.gif) **NOTE:** +>The default password of GRUB2 is **openEuler\#12**. You are advised to change the default password upon the first login and periodically update the password. If the password is leaked, startup item configurations may be modified, causing the system startup failure. ### Implementation -1. Run the **grub2-mkpasswd-pbkdf2** command to generate an encrypted password. +1. Run the **grub2-mkpasswd-pbkdf2** command to generate an encrypted password. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](public_sys-resources/icon-note.gif) **NOTE:** >SHA-512 is used as the GRUB2 encryption algorithm. - ``` - # grub2-mkpasswd-pbkdf2 + ```shell + $ grub2-mkpasswd-pbkdf2 Enter password: Reenter password: PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](public_sys-resources/icon-note.gif) **NOTE:** >Enter the same password in the **Enter password** and **Reenter password** lines. >After **openEuler\#12** is encrypted by **grub2-mkpasswd-pbkdf2**, the output is **grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08**. The ciphertext is different each time. -2. Open **/boot/efi/EFI/openEuler/grub.cfg** in a vi editor. Append the following fields to the beginning of **/boot/efi/EFI/openEuler/grub.cfg**. +2. Open **/boot/efi/EFI/openEuler/grub.cfg** in a vi editor. Append the following fields to the beginning of **/boot/efi/EFI/openEuler/grub.cfg**. - ``` + ```text set superusers="root" password_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** - >- The **superusers** field is used to set the account name of the super GRUB2 administrator. - >- The first parameter following the **password\_pbkdf2** field is the GRUB2 account name, and the second parameter is the encrypted password of the account. - + >![](public_sys-resources/icon-note.gif) **NOTE:** + > + >- The **superusers** field is used to set the account name of the super GRUB2 administrator. + >- The first parameter following the **password\_pbkdf2** field is the GRUB2 account name, and the second parameter is the encrypted password of the account. ## Setting the Secure Single-user Mode diff --git a/docs/en/docs/SecHarden/file-permissions.md b/docs/en/docs/SecHarden/file-permissions.md index 03499949cdf440d1c7b4d3a153ebd37ff353f73e..5a56fae612b324ff1bf7dcd31227598e9f312b0b 100644 --- a/docs/en/docs/SecHarden/file-permissions.md +++ b/docs/en/docs/SecHarden/file-permissions.md @@ -4,7 +4,7 @@ - [File Permissions](#file-permissions) - [Setting the Permissions on and Ownership of Files](#setting-the-permissions-on-and-ownership-of-files) - [Deleting Unowned Files](#deleting-unowned-files) - - [Removing a Symbolic Link to /dev/null](#removing-a-symbolic-link-to-dev-null) + - [Removing a Symbolic Link to /dev/null](#removing-a-symbolic-link-to-devnull) - [Setting the umask Value for a Daemon](#setting-the-umask-value-for-a-daemon) - [Adding a Sticky Bit Attribute to Globally Writable Directories](#adding-a-sticky-bit-attribute-to-globally-writable-directories) - [Disabling the Globally Writable Permission on Unauthorized Files](#disabling-the-globally-writable-permission-on-unauthorized-files) @@ -113,7 +113,7 @@ For example, openEuler supports UEFI and legacy BIOS installation modes. The GRU ### Description -The **umask** value is used to set default permission on files and directories. If the **umask** value is not specified, the file has the globally writable permission. This brings risks. A daemon provides a service for the system to receive user requests or network customer requests. To improve the security of files and directories created by the daemon, you are advised to set **umask** to **0027**. The **umask** value indicates the complement of a permission. For details about how to convert the **umask** value to a permission, see [umask Values](#umask-values.md). +The **umask** value is used to set default permission on files and directories. If the **umask** value is not specified, the file has the globally writable permission. This brings risks. A daemon provides a service for the system to receive user requests or network customer requests. To improve the security of files and directories created by the daemon, you are advised to set **umask** to **0027**. The **umask** value indicates the complement of a permission. For details about how to convert the **umask** value to a permission, see [umask Values](./appendix.md#umask-values). >![](public_sys-resources/icon-note.gif) **NOTE:** >By default, the **umask** value of the daemon is set to **0022** in openEuler. @@ -153,9 +153,8 @@ Any user can modify globally writable files, which affects system integrity. 1. Search for all globally writable files. - ``` - find / -type d \( -perm -o+w \) | grep -v procfind / -type f \( -perm -o+w \) | grep -v proc - ``` + find / -type d ( -perm -o+w ) | grep -v proc + find / -type f ( -perm -o+w ) | grep -v proc 2. View the settings of files \(excluding files and directories with sticky bits\) listed in step 1, and delete the files or disable the globally writable permission on them. Run the following command to remove the permission. In the command, _filename_ indicates the file name. @@ -230,7 +229,7 @@ The **cron** command is used to create a routine task. Users who can run the ### Description -A common user can use the **sudo** command to run commands as the user **root**. To harden system security, it is necessary to restrict permissions on the **sudo** command. Only user **root** can use the **sudo** command. +A common user can use the **sudo** command to run commands as the user **root**. To harden system security, it is necessary to restrict permissions on the **sudo** command. Only user **root** can use the **sudo** command. By default, openEuler does not restrict the permission of non-root users to run the sudo command. ### Implementation diff --git a/docs/en/docs/SecHarden/os-hardening-overview.md b/docs/en/docs/SecHarden/os-hardening-overview.md index 44fd1bdd4083b58b5cf375cc9437cdf5874b5bf7..751745c6b7fc0c9052fba18e5b56195965ff361b 100644 --- a/docs/en/docs/SecHarden/os-hardening-overview.md +++ b/docs/en/docs/SecHarden/os-hardening-overview.md @@ -1,4 +1,5 @@ # OS Hardening Overview + - [OS Hardening Overview](#os-hardening-overview) - [Security Hardening Purpose](#security-hardening-purpose) - [Security Hardening Solution](#security-hardening-solution) @@ -6,15 +7,13 @@ This chapter describes the purpose and solution of openEuler system hardening. - - -## security-hardening-purpose +## Security Hardening Purpose The OS, as the core of the information system, manages hardware and software resources and is the basis of information system security. Applications must depend on the OS to ensure the integrity, confidentiality, availability, and controllability of information. Without the OS security protection, protective methods against hackers and virus attacks at other layers cannot meet the security requirements. Therefore, security hardening is essential for an OS. Security hardening helps build a dynamic and complete security system, enhance product security, and improve product competitiveness. -## security-hardening-solution +## Security Hardening Solution This section describes the openEuler security hardening solution, including the hardening method and items. @@ -22,8 +21,7 @@ This section describes the openEuler security hardening solution, including the You can manually modify security hardening configurations or run commands to harden the system, or use the security hardening tool to modify security hardening items in batches. The openEuler security hardening tool runs as openEuler-security.service. When the system is started for the first time, the system automatically runs the service to execute the default hardening policy, and automatically set the service not to start as the system starts. -You can modify the **security.conf** file and use the security hardening tool to implement user-defined security hardening. - +You can modify the **usr-security.conf** file and use the security hardening tool to implement user-defined security hardening. ## security hardening impacts @@ -77,7 +75,7 @@ Security hardening on file permissions and account passwords may change user hab

Users must modify the permission on specified files or directories as required.

Yes

+

No

Password validity period

@@ -118,4 +116,3 @@ Security hardening on file permissions and account passwords may change user hab
- diff --git a/docs/en/docs/SecHarden/selinux-configuration.md b/docs/en/docs/SecHarden/selinux-configuration.md index 10f42960f9d9758c47c4915c01aed2c517eae24d..558ad03b668eb45d6f64b56a53d84a9f42668eaa 100644 --- a/docs/en/docs/SecHarden/selinux-configuration.md +++ b/docs/en/docs/SecHarden/selinux-configuration.md @@ -6,52 +6,111 @@ Discretionary access control \(DAC\) determines whether a resource can be access By default, openEuler uses SELinux to improve system security. SELinux has three modes: -- **permissive**: The SELinux outputs alarms but does not forcibly execute the security policy. -- **enforcing**: The SELinux security policy is forcibly executed. -- **disabled**: The SELinux security policy is not loaded. +- **permissive**: The SELinux outputs alarms but does not forcibly execute the security policies. +- **enforcing**: The SELinux security policies are forcibly executed. +- **disabled**: The SELinux security policies are not loaded. ## Configuration Description -SELinux is enabled for openEuler by default and the default mode is enforcing. You can change the SELinux mode by changing the value of **SELINUX** in **/etc/selinux/config**. +- Obtain the SELinux running status: -- To disable the SELinux policy, run the following command: - - ``` - SELINUX=disabled + ```shell + $ getenforce + Enforcing ``` -- To use the permissive policy, run the following command: +- Set the enforcing mode when SELinux is enabled: + ```shell + $ setenforce 1 + $ getenforce + Enforcing ``` - SELINUX=permissive + +- Set the permissive mode when SELinux is enabled: + + ```shell + $ setenforce 0 + $ getenforce + Permissive ``` +- Disable SELinux when SELinux is enabled. (A reboot is required.) + 1. Modify the SELinux configuration file **/etc/selinux/config** and set **SELINUX=disabled**. ->![](public_sys-resources/icon-note.gif) **NOTE:** ->When you switch between the disabled mode and the other mode, you need to restart the system for the switch to take effect. ->``` -># reboot ->``` + ```shell + $ cat /etc/selinux/config | grep "SELINUX=" + SELINUX=disabled + ``` -## SELinux Commands + 2. Reboot the system. -- Query the SELinux mode. For example, the following shows that the SELinux mode is permissive. + ```shell + reboot + ``` - ``` - # getenforce - Permissive - ``` + 3. The status is changed successfully. -- Set the SELinux mode. **0** indicates the permissive mode, and **1** indicates the enforcing mode. For example, run the following command to set the SELinux mode to enforcing. This command cannot be used to set the disabled mode. After the system is restarted, the mode set in **/etc/selinux/config** is restored. + ```shell + $ getenforce + Disabled + ``` - ``` - # setenforce 1 - ``` +- Set the permissive mode when SELinux is disabled: + 1. Modify the SELinux configuration file **/etc/selinux/config** and set **SELINUX=permissive**. -- Query the SELinux status. **SELinux status** indicates the SELinux status. **enabled** indicates that SELinux is enabled, and **disabled** indicates that SELinux is disabled. **Current mode** indicates the current security policy of the SELinux. + ```shell + $ cat /etc/selinux/config | grep "SELINUX=" + SELINUX=permissive + ``` - ``` - # sestatus + 2. Create the **.autorelabel** file in the root directory. + + ```shell + touch /.autorelabel + ``` + + 3. Reboot the system. The system will restart twice. + + ```shell + reboot + ``` + + 4. The status is changed successfully. + + ```shell + $ getenforce + Permissive + ``` + +- Set the enforcing mode when SELinux is disabled: + 1. Set SELinux to the permissive mode. + 2. Modify the SELinux configuration file **/etc/selinux/config** and set **SELINUX=enforcing**. + + ```shell + $ cat /etc/selinux/config | grep "SELINUX=" + SELINUX=enforcing + ``` + + 3. Reboot the system. + + ```shell + reboot + ``` + + 4. The status is changed successfully. + + ```shell + $ getenforce + Enforcing + ``` + +## SELinux Commands + +- Query the SELinux status. **SELinux status** indicates the SELinux status. **enabled** indicates that SELinux is enabled, and **disabled** indicates that SELinux is disabled. **Current mode** indicates the current mode of the SELinux. + + ```shell + $ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux @@ -64,4 +123,151 @@ SELinux is enabled for openEuler by default and the default mode is enforcing. Y Max kernel policy version: 31 ``` +## Adding Policies + +- Obtain and add missing policies based on the audit logs. (The audit service must be enabled and SELinux access denial logs must exist in audit logs.) + 1. Check whether the audit logs contain SELinux access denial logs. Use the actual audit log path. + + ```shell + grep avc /var/log/audit/audit.log* + ``` + + 2. Query missing rules. + + ```shell + audit2allow -a /var/log/audit/audit.log* + ``` + + 3. Generate a policy module based on the missing rule and name it **demo**. + + ```shell + $ audit2allow -a /var/log/audit/audit.log* -M demo + ******************** IMPORTANT *********************** + To make this policy package active, execute: + semodule -i demo.pp + ``` + + 4. Load the **demo** policy module. + + ```shell + semodule -i demo.pp + ``` + +- Compose and add the SELinux policy module. + 1. Compose the FC file (if the security context of file creation is involved). + + ```shell + $ cat demo.fc + /usr/bin/example -- system_u:object_r:example_exec_t:s0 + /resource -- system_u:object_r:resource_file_t:s0 + ``` + + 2. Compose the TE file (example). + + ```shell + $ cat demo.te + module demo 1.0; + require + { + role unconfined_r; + role system_r; + type user_devpts_t; + type root_t; + attribute file_type; + attribute domain; + class dir { getattr search add_name create open remove_name rmdir setattr write }; + class file { entrypoint execute getattr open read map setattr write create }; + class process { sigchld rlimitinh siginh transition setcap getcap }; + class unix_stream_socket { accept bind connect listen recvfrom sendto listen create lock read write getattr setattr getopt setopt append shutdown ioctl connectto }; + class capability { chown dac_override dac_read_search }; + class chr_file { append getattr ioctl read write }; + }; + role unconfined_r types example_t; + role system_r types example_t; + type example_exec_t, file_type; + type resource_file_t, file_type; + type example_t, domain; + allow example_t user_devpts_t : chr_file { append getattr ioctl read write }; + allow example_t file_type : dir { getattr search }; + allow example_t example_exec_t : file { entrypoint execute getattr map open read }; + allow domain example_exec_t : file { execute getattr map open read }; + allow example_t example_exec_t : process { sigchld }; + allow domain example_t : process { rlimitinh siginh transition }; + allow example_t resource_file_t : file { create getattr open read setattr write }; + allow example_t root_t : dir { add_name create getattr open remove_name rmdir search setattr write }; + allow example_t example_t : unix_stream_socket { accept append bind connect create getattr getopt ioctl listen listen lock read recvfrom sendto setattr setopt shutdown write }; + allow example_t domain : unix_stream_socket { connectto }; + allow example_t example_t : capability { chown dac_override dac_read_search }; + allow example_t example_t : process { getcap setcap }; + type_transition domain example_exec_t : process example_t; + type_transition example_t root_t : file resource_file_t "resource"; + ``` + + 3. Compile **demo.te** as **demo.mod**. + + ```shell + checkmodule -Mmo demo.mod demo.te + ``` + + 4. Package **demo.mod** and **demo.fc** as a policy module file. + + ```shell + semodule_package -m demo.mod -f demo.fc -o demo.pp + ``` + + 5. Load the policy module. + + ```shell + semodule -i demo.pp + ``` + + 6. Delete the loaded policy module file. + + ```shell + $ semodule -r demo + libsemanage.semanage_direct_remove_key: Removing last demo module (no other demo module exists at another priority). + ``` + +## Function Verification + +- SELinux adopts an whitelist mechanism. Modules that are not configured with proper policies may fail to run properly due to lack of permissions. It is necessary to verify the functions of the modules and configure reasonable rules. + 1. Check whether the audit service is enabled: + + ```shell + systemctl status auditd + ``` + + 2. Set the SELinux mode to permissive. (Alarms are printed, but SELinux polices are not enforced. For details, see [Configuration Description](#configuration-description).) + + ```shell + $ getenforce + Permissive + ``` + + 3. Execute all function cases of the test module and check the SELinux access denial logs in the audit logs. + + ```shell + grep avc /var/log/audit/audit.log* + ``` + + 4. Analyze access denial logs and filter out missing rules. + + ```text + type=AVC msg=audit(1596161643.271:1304): avc: denied { read } for pid=1782603 comm="smbd" name=".viminfo" dev="dm-0" ino=2488208 scontext=system_u:system_r:smbd_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file permissive=1 + Indicates that the smbd process (security context: system_u:system_r:smbd_t:s0) is denied the permission to read the .viminfo file (security context: staff_u:object_r:user_home_t:s0). + permissive=1 indicates that the permissive mode is running. This log records only the operations that are not forbidden. + ``` + + 5. Supplement the missing rules by referring to [Adding Policies](#adding-policies). + +## Precautions + +- Before enabling SELinux, you are advised to upgrade selinux-policy to the latest version using DNF. Otherwise, applications may fail to run properly. For example: + + ```shell + dnf update selinux-policy -y + ``` + +- If the system cannot be started due to improper SELinux configuration (for example, a policy is deleted by mistake or no proper rule or security context is configured), you can add **selinux=0** to the startup parameters to disable SELinux. +- After SELinux is enabled, permission check is performed on access behaviors, which affects the operating system performance to some extent (related to the frequency of access operations in the running environment). diff --git a/docs/en/docs/SecHarden/system-services.md b/docs/en/docs/SecHarden/system-services.md index 02256411c4035a57b520f06c7a61ce33cb634153..59daeb23bf05cc3003ef3fdab4c1e0d20c36d9bb 100644 --- a/docs/en/docs/SecHarden/system-services.md +++ b/docs/en/docs/SecHarden/system-services.md @@ -1,10 +1,10 @@ -# system-services +# System Services - [System Services](#system-services) - [Hardening the SSH Service](#hardening-the-ssh-service) -## hardening-the-ssh-service +## Hardening the SSH Service ### Description @@ -279,7 +279,7 @@ To harden a client, perform the following steps:

SSH key exchange algorithms.

curve25519-sha256,curve25519-sha256@@libssh.org,diffie-hellman-group-exchange-sha256

+

curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

Yes

- - + + + + - - + + + + + + + + + + + +

Parameter

Description

@@ -265,67 +246,95 @@ PCI passthrough directly assigns a physical PCI device on the host to a VM. The

hostdev.rom

Specifies whether the VM can access the ROM of the passthrough device.

+

Whether the VM can access the ROM of the passthrough device.

This parameter can be set to on or off. The default value is on.

  • on: indicates that the VM can access the ROM of the passthrough device. For example, if a VM with a passthrough NIC needs to boot from the preboot execution environment (PXE), or a VM with a passthrough Host Bus Adapter (HBA) card needs to boot from the ROM, you can set this parameter to on.
  • off: indicates that the VM cannot access the ROM of the passthrough device.

hostdev.address type

+

hostdev.address.type

+

Device type displayed on the guest, which must be the same as the actual device type.

+

**pci** (default configuration)

+

hostdev.address.domain

Bus, Device, and Function (BDF) IDs on the guest OS displayed on the PCI device.

+

Domain number of the device displayed on the guest.

[0x03–0x1e] (range of slot ID)

-

Note:

-
  • domain indicates the domain information, bus indicates the bus ID, slot indicates the slot ID, and function indicates the function.
  • Except for slot, default values of these parameters are 0.
  • The first slot 0x00 is occupied by the system, the second slot 0x01 is occupied by the IDE controller and USB controller, and the third slot 0x02 is occupied by the video.
  • The last slot 0x1f is occupied by the PV channel.
+

0x0000

+

hostdev.address.bus

+

Bus number of the device displayed on the guest.

+

**0x00** (default configuration). This parameter can only be set to the bus number configured in section "Configuring a PCIe Controller for a VM."

+

hostdev.address.slot

+

Slot number of the device displayed on the guest.

+

The slot number range is [0x03,0x1e]

+

Note:

+
  • The first slot number 0x00 is occupied by the system, the second slot number 0x01 is occupied by the IDE controller and USB controller, and the third slot number 0x02 is occupied by the video.
  • The last slot number 0x1f is occupied by the pvchannel.
+

hostdev.address.function

+

Function number of the device displayed on the guest.

+

**0x0** (default configuration): The function number range is [0x0,0x7]
>![](./public_sys-resources/icon-note.gif) **NOTE:** ->VFIO passthrough is implemented by IOMMU group. Devices are divided to IOMMU groups based on access control services \(ACS\) on hardware. Devices in the same IOMMU group can be assigned to only one VM. If multiple functions on a PCI device belong to the same IOMMU group, they can be directly assigned to only one VM as well. +>VFIO passthrough is implemented by IOMMU group. Devices are divided to IOMMU groups based on access control services (ACS) on hardware. Devices in the same IOMMU group can be assigned to only one VM. If multiple functions on a PCI device belong to the same IOMMU group, they can be directly assigned to only one VM as well. ### SR-IOV Passthrough #### Overview -Single Root I/O Virtualization \(SR-IOV\) is a hardware-based virtualization solution. With the SR-IOV technology, a physical function \(PF\) can provide multiple virtual functions \(VFs\), and each VF can be directly assigned to a VM. This greatly improves hardware resource utilization and I/O performance of VMs. A typical application scenario is SR-IOV passthrough for NICs. With the SR-IOV technology, a physical NIC \(PF\) can function as multiple VF NICs, and then the VFs can be directly assigned to VMs. +Single Root I/O Virtualization (SR-IOV) is a hardware-based virtualization solution. With the SR-IOV technology, a physical function (PF) can provide multiple virtual functions (VFs), and each VF can be directly assigned to a VM. This greatly improves hardware resource utilization and I/O performance of VMs. A typical application scenario is SR-IOV passthrough for NICs. With the SR-IOV technology, a physical NIC (PF) can function as multiple VF NICs, and then the VFs can be directly assigned to VMs. >![](./public_sys-resources/icon-note.gif) **NOTE:** ->- SR-IOV requires the support of physical hardware. Before using SR-IOV, ensure that the hardware device to be directly assigned supports SR-IOV and the device driver on the host OS works in SR-IOV mode. ->- The following describes how to query the NIC model: +> +>- SR-IOV requires the support of physical hardware. Before using SR-IOV, ensure that the hardware device to be directly assigned supports SR-IOV and the device driver on the host OS works in SR-IOV mode. +>- The following describes how to query the NIC model: >In the following command output, values in the first column indicate the PCI numbers of NICs, and **19e5:1822** indicates the vendor ID and device ID of the NIC. - ->``` -># lspci | grep Ether +> +>```shell +>$ lspci | grep Ether >05:00.0 Ethernet controller: Device 19e5:1822 (rev 45) >07:00.0 Ethernet controller: Device 19e5:1822 (rev 45) >09:00.0 Ethernet controller: Device 19e5:1822 (rev 45) >0b:00.0 Ethernet controller: Device 19e5:1822 (rev 45) >81:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01) >81:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01) -``` - +>``` #### Procedure To configure SR-IOV passthrough for a NIC, perform the following steps: -1. Enable the SR-IOV mode for the NIC. - 1. Ensure that VF driver support provided by the NIC supplier exists on the guest OS. Otherwise, VFs in the guest OS cannot work properly. - 2. Enable the SMMU/IOMMU support in the BIOS of the host OS. The enabling method varies depending on the servers of different vendors. For details, see the help documents of the servers. - 3. Configure the host driver to enable the SR-IOV VF mode. The following uses the Hi1822 NIC as an example to describe how to enable 16 VFs. +1. Enable the SR-IOV mode for the NIC. + 1. Ensure that VF driver support provided by the NIC supplier exists on the guest OS. Otherwise, VFs in the guest OS cannot work properly. + 2. Enable the SMMU/IOMMU support in the BIOS of the host OS. The enabling method varies depending on the servers of different vendors. For details, see the help documents of the servers. + 3. Configure the host driver to enable the SR-IOV VF mode. The following uses the Hi1822 NIC as an example to describe how to enable 16 VFs. - ``` + ```shell echo 16 > /sys/class/net/ethX/device/sriov_numvfs ``` -2. Obtain the PCI BDF information of PFs and VFs. - 1. Run the following command to obtain the NIC resource list on the current board: +2. Obtain the PCI BDF information of PFs and VFs. + 1. Run the following command to obtain the NIC resource list on the current board: - ``` - # lspci | grep Eth + ```shell + $ lspci | grep Eth 03:00.0 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family (4*25GE) (rev 45) 04:00.0 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family (4*25GE) (rev 45) 05:00.0 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family (4*25GE) (rev 45) @@ -336,10 +345,10 @@ To configure SR-IOV passthrough for a NIC, perform the following steps: 7d:00.3 Ethernet controller: Huawei Technologies Co., Ltd. Device a221 (rev 20) ``` - 2. Run the following command to view the PCI BDF information of VFs: + 2. Run the following command to view the PCI BDF information of VFs: - ``` - # lspci | grep "Virtual Function" + ```shell + $ lspci | grep "Virtual Function" 03:00.1 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family Virtual Function (rev 45) 03:00.2 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family Virtual Function (rev 45) 03:00.3 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family Virtual Function (rev 45) @@ -352,50 +361,50 @@ To configure SR-IOV passthrough for a NIC, perform the following steps: 03:01.2 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family Virtual Function (rev 45) ``` - 3. Select an available VF and write its configuration to the VM configuration file based on its BDF information. For example, the bus ID of the device **03:00.1** is **03**, its slot ID is **00**, and its function ID is **1**. + 3. Select an available VF and write its configuration to the VM configuration file based on its BDF information. For example, the bus ID of the device **03:00.1** is **03**, its slot ID is **00**, and its function ID is **1**. -3. Identify and manage the mapping between PFs and VFs. - 1. Identify VFs corresponding to a PF. The following uses PF 03.00.0 as an example: +3. Identify and manage the mapping between PFs and VFs. + 1. Identify VFs corresponding to a PF. The following uses PF 03.00.0 as an example: - ``` - # ls -l /sys/bus/pci/devices/0000\:03\:00.0/ + ```shell + ls -l /sys/bus/pci/devices/0000\:03\:00.0/ ``` - The following symbolic link information is displayed. You can obtain the VF IDs \(virtfnX\) and PCI BDF IDs based on the information. + The following symbolic link information is displayed. You can obtain the VF IDs (virtfnX) and PCI BDF IDs based on the information. - 2. Identify the PF corresponding to a VF. The following uses VF 03:00.1 as an example: + 2. Identify the PF corresponding to a VF. The following uses VF 03:00.1 as an example: - ``` - # ls -l /sys/bus/pci/devices/0000\:03\:00.1/ + ```shell + ls -l /sys/bus/pci/devices/0000\:03\:00.1/ ``` The following symbolic link information is displayed. You can obtain PCI BDF IDs of the PF based on the information. - ``` + ```text lrwxrwxrwx 1 root root 0 Mar 28 22:44 physfn -> ../0000:03:00.0 ``` - 3. Obtain names of NICs corresponding to the PFs or VFs. For example: + 3. Obtain names of NICs corresponding to the PFs or VFs. For example: - ``` - # ls /sys/bus/pci/devices/0000:03:00.0/net + ```shell + $ ls /sys/bus/pci/devices/0000:03:00.0/net eth0 ``` - 4. Set the MAC address, VLAN, and QoS information of VFs to ensure that the VFs are in the **Up** state before passthrough. The following uses VF 03:00.1 as an example. The PF is eth0 and the VF ID is **0**. + 4. Set the MAC address, VLAN, and QoS information of VFs to ensure that the VFs are in the **Up** state before passthrough. The following uses VF 03:00.1 as an example. The PF is eth0 and the VF ID is **0**. - ``` - # ip link set eth0 vf 0 mac 90:E2:BA:21:XX:XX #Sets the MAC address. - # ifconfig eth0 up - # ip link set eth0 vf 0 rate 100 #Sets the VF outbound rate, in Mbit/s. - # ip link show eth0 #Views the MAC address, VLAN ID, and QoS information to check whether the configuration is successful. + ```shell + ip link set eth0 vf 0 mac 90:E2:BA:21:XX:XX #Sets the MAC address. + ifconfig eth0 up + ip link set eth0 vf 0 rate 100 #Sets the VF outbound rate, in Mbit/s. + ip link show eth0 #Views the MAC address, VLAN ID, and QoS information to check whether the configuration is successful. ``` -4. Mount the SR-IOV NIC to the VM. +4. Mount the SR-IOV NIC to the VM. When creating a VM, add the SR-IOV passthrough configuration item to the VM configuration file. - ``` + ```xml @@ -409,7 +418,6 @@ To configure SR-IOV passthrough for a NIC, perform the following steps: **Table 1** SR-IOV configuration options - -

Parameter

Description

@@ -453,11 +461,35 @@ To configure SR-IOV passthrough for a NIC, perform the following steps: >![](./public_sys-resources/icon-note.gif) **NOTE:** >Disabling the SR-IOV function: >To disable the SR-IOV function after the VM is stopped and no VF is in use, run the following command: - >The following uses the Hi1822 NIC \(corresponding network interface name: eth0\) as an example: - >``` + >The following uses the Hi1822 NIC corresponding network interface name: eth0) as an example: + > + >```shel >echo 0 > /sys/class/net/eth0/device/sriov_numvfs >``` +#### Configuring SR-IOV Passthrough for the HPRE Accelerator + +The accelerator engine is a hardware acceleration solution provided by TaiShan 200 servers based on the Kunpeng 920 processors. The HPRE accelerator is used to accelerate SSL/TLS applications. It significantly reduces processor consumption and improves processor efficiency. +On the Kunpeng server, you need to pass through the VFs of the HPRE accelerator on the host to the VM for internal services of the VM. + +**Table 1** HPRE accelerator description + +| | Description | +|-------------|-----------------------------------------------------------------------------------------------------| +| Device name | Hi1620 on-chip RSA/DH security algorithm accelerator (HPRE engine) | +| Description | Modular exponentiation, RSA key pair operation, DH calculation, and some large-number auxiliary operations (modular exponentiation, modular multiplication, modulo operation, multiplication, modular inversion, prime number test, and mutual prime test)| +| VendorID | 0x19E5 | +| PF DeviceID | 0xA258 | +| VF DeviceID | 0xA259 | +| Maximum number of VFs | An HPRE PF supports a maximum of 63 VFs. | + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>When a VM is using a VF device, the driver on the host cannot be uninstalled, and the accelerator does not support hot swap. +>VF operation (If **VFNUMS** is **0**, the VF is disabled, and **hpre_num** is used to identify a specific accelerator device): +> +>```shell +>echo $VFNUMS > /sys/class/uacce/hisi_hpre-$hpre_num/device/sriov_numvfs +>``` ## Managing VM USB @@ -469,41 +501,41 @@ To facilitate the use of USB devices such as USB key devices and USB mass storag A USB controller is a virtual controller that provides specific USB functions for USB devices on VMs. To use USB devices on a VM, you must configure USB controllers for the VM. Currently, openEuler supports the following types of USB controllers: -- Universal host controller interface \(UHCI\): also called the USB 1.1 host controller specification. -- Enhanced host controller interface \(EHCI\): also called the USB 2.0 host controller specification. -- Extensible host controller interface \(xHCI\): also called the USB 3.0 host controller specification. +- Universal host controller interface (UHCI): also called the USB 1.1 host controller specification. +- Enhanced host controller interface (EHCI): also called the USB 2.0 host controller specification. +- Extensible host controller interface (xHCI): also called the USB 3.0 host controller specification. #### Precautions -- The host server must have USB controller hardware and modules that support USB 1.1, USB 2.0, and USB 3.0 specifications. -- You need to configure USB controllers for the VM by following the order of USB 1.1, USB 2.0, and USB 3.0. -- An xHCI controller has eight ports and can be mounted with a maximum of four USB 3.0 devices and four USB 2.0 devices. An EHCI controller has six ports and can be mounted with a maximum of six USB 2.0 devices. A UHCI controller has two ports and can be mounted with a maximum of two USB 1.1 devices. -- On each VM, only one USB controller of the same type can be configured. -- USB controllers cannot be hot swapped. -- If the USB 3.0 driver is not installed on a VM, the xHCI controller may not be identified. For details about how to download and install the USB 3.0 driver, refer to the official description provided by the corresponding OS distributor. -- To ensure the compatibility of the OS, set the bus ID of the USB controller to **0** when configuring a USB tablet for the VM. The tablet is mounted to the USB 1.1 controller by default. +- The host server must have USB controller hardware and modules that support USB 1.1, USB 2.0, and USB 3.0 specifications. +- You need to configure USB controllers for the VM by following the order of USB 1.1, USB 2.0, and USB 3.0. +- An xHCI controller has eight ports and can be mounted with a maximum of four USB 3.0 devices and four USB 2.0 devices. An EHCI controller has six ports and can be mounted with a maximum of six USB 2.0 devices. A UHCI controller has two ports and can be mounted with a maximum of two USB 1.1 devices. +- On each VM, only one USB controller of the same type can be configured. +- USB controllers cannot be hot swapped. +- If the USB 3.0 driver is not installed on a VM, the xHCI controller may not be identified. For details about how to download and install the USB 3.0 driver, refer to the official description provided by the corresponding OS distributor. +- To ensure the compatibility of the OS, set the bus ID of the USB controller to **0** when configuring a USB tablet for the VM. The tablet is mounted to the USB 1.1 controller by default. #### Configuration Methods The following describes the configuration items of USB controllers for a VM. You are advised to configure USB 1.1, USB 2.0, and USB 3.0 to ensure the VM is compatible with three types of devices. -The configuration item of the USB 1.1 controller \(UHCI\) in the XML configuration file is as follows: +The configuration item of the USB 1.1 controller (UHCI) in the XML configuration file is as follows: -``` +```xml ``` -The configuration item of the USB 2.0 controller \(EHCI\) in the XML configuration file is as follows: +The configuration item of the USB 2.0 controller (EHCI) in the XML configuration file is as follows: -``` +```xml ``` -The configuration item of the USB 3.0 controller \(xHCI\) in the XML configuration file is as follows: +The configuration item of the USB 3.0 controller (xHCI) in the XML configuration file is as follows: -``` +```xml ``` @@ -516,10 +548,10 @@ After USB controllers are configured for a VM, a physical USB device on the host #### Precautions -- A USB device can be assigned to only one VM. -- A VM with a USB passthrough device does not support live migration. -- VM creation fails if no USB passthrough devices exist in the VM configuration file. -- Forcibly hot removing a USB storage device that is performing read or write operation may damage files in the USB storage device. +- A USB device can be assigned to only one VM. +- A VM with a USB passthrough device does not support live migration. +- VM creation fails if no USB passthrough devices exist in the VM configuration file. +- Forcibly hot removing a USB storage device that is performing read or write operation may damage files in the USB storage device. #### Configuration Description @@ -527,7 +559,7 @@ The following describes the configuration items of a USB device for a VM. Description of the USB device in the XML configuration file: -``` +```xml
@@ -536,23 +568,23 @@ Description of the USB device in the XML configuration file: ``` -- **
**: _m_ indicates the USB bus address on the host, and _n_ indicates the device ID. -- **
**: indicates that the USB device is to be mounted to the USB controller specified on the VM. _x_ indicates the controller ID, which corresponds to the index number of the USB controller configured on the VM. _y_ indicates the port address. When configuring a USB passthrough device, you need to set this parameter to ensure that the controller to which the device is mounted is as expected. +- **
**: *m_ indicates the USB bus address on the host, and _n* indicates the device ID. +- **
**: indicates that the USB device is to be mounted to the USB controller specified on the VM. *x_ indicates the controller ID, which corresponds to the index number of the USB controller configured on the VM. _y* indicates the port address. When configuring a USB passthrough device, you need to set this parameter to ensure that the controller to which the device is mounted is as expected. #### Configuration Methods To configure USB passthrough, perform the following steps: -1. Configure USB controllers for the VM. For details, see [Configuring USB Controllers](#configuring-usb-controllers). -2. Query information about the USB device on the host. +1. Configure USB controllers for the VM. For details, see [Configuring USB Controllers](#configuring-usb-controllers). +2. Query information about the USB device on the host. - Run the **lsusb** command \(the **usbutils** software package needs to be installed\) to query the USB device information on the host, including the bus address, device address, device vendor ID, device ID, and product description. For example: + Run the **lsusb** command (the **usbutils** software package needs to be installed) to query the USB device information on the host, including the bus address, device address, device vendor ID, device ID, and product description. For example: - ``` - # lsusb + ```shell + lsusb ``` - ``` + ```text Bus 008 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 007 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub @@ -568,42 +600,40 @@ To configure USB passthrough, perform the following steps: Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub ``` -3. Prepare the XML description file of the USB device. Before hot removing the device, ensure that the USB device is not in use. Otherwise, data may be lost. -4. Run the hot swapping commands. +3. Prepare the XML description file of the USB device. Before hot removing the device, ensure that the USB device is not in use. Otherwise, data may be lost. +4. Run the hot swapping commands. Take a VM whose name is **openEulerVM** as an example. The corresponding configuration file is **usb.xml**. - - Hot adding of the USB device takes effect only for the current running VM. After the VM is restarted, hot add the USB device again. + - Hot adding of the USB device takes effect only for the current running VM. After the VM is restarted, hot add the USB device again. - ``` - # virsh attach-device openEulerVM usb.xml --live + ```shell + virsh attach-device openEulerVM usb.xml --live ``` - - Complete persistency configurations for hot adding of the USB device. After the VM is restarted, the USB device is automatically assigned to the VM. + - Complete persistency configurations for hot adding of the USB device. After the VM is restarted, the USB device is automatically assigned to the VM. - ``` - # virsh attach-device openEulerVM usb.xml --config + ```shell + virsh attach-device openEulerVM usb.xml --config ``` - - Hot removing of the USB device takes effect only for the current running VM. After the VM is restarted, the USB device with persistency configurations is automatically assigned to the VM. + - Hot removing of the USB device takes effect only for the current running VM. After the VM is restarted, the USB device with persistency configurations is automatically assigned to the VM. - ``` - # virsh detach-device openEulerVM usb.xml --live + ```shell + virsh detach-device openEulerVM usb.xml --live ``` - - Complete persistency configurations for hot removing of the USB device. + - Complete persistency configurations for hot removing of the USB device. + ```shell + virsh detach-device openEulerVM usb.xml --config ``` - # virsh detach-device openEulerVM usb.xml --config - ``` - - ## Storing Snapshots ### Overview -The VM system may be damaged due to virus damage, system file deletion by mistake, or incorrect formatting. As a result, the system cannot be started. To quickly restore a damaged system, openEuler provides the storage snapshot function. openEuler can create a snapshot that records the VM status at specific time points without informing users \(usually within a few seconds\). The snapshot can be used to restore the VM to the status when the snapshots were taken. For example, a damaged system can be quickly restored with the help of snapshots, which improves system reliability. +The VM system may be damaged due to virus damage, system file deletion by mistake, or incorrect formatting. As a result, the system cannot be started. To quickly restore a damaged system, openEuler provides the storage snapshot function. openEuler can create a snapshot that records the VM status at specific time points without informing users (usually within a few seconds). The snapshot can be used to restore the VM to the status when the snapshots were taken. For example, a damaged system can be quickly restored with the help of snapshots, which improves system reliability. >![](./public_sys-resources/icon-note.gif) **NOTE:** >Currently, storage snapshots can be QCOW2 and RAW images only. Block devices are not supported. @@ -612,30 +642,120 @@ The VM system may be damaged due to virus damage, system file deletion by mistak To create VM storage snapshots, perform the following steps: -1. Log in to the host and run the **virsh domblklist** command to query the disk used by the VM. +1. Log in to the host and run the **virsh domblklist** command to query the disk used by the VM. - ``` - # virsh domblklist openEulerVM + ```shell + $ virsh domblklist openEulerVM Target Source - --------------------------------------------- + --------------------------------------------- vda /mnt/openEuler-image.qcow2 ``` +2. Run the following command to create the VM disk snapshot **openEuler-snapshot1.qcow2**: -1. Run the following command to create the VM disk snapshot **openEuler-snapshot1.qcow2**: - - ``` - # virsh snapshot-create-as --domain openEulerVM --disk-only --diskspec vda,snapshot=external,file=/mnt/openEuler-snapshot1.qcow2 --atomic + ```shell + $ virsh snapshot-create-as --domain openEulerVM --disk-only --diskspec vda,snapshot=external,file=/mnt/openEuler-snapshot1.qcow2 --atomic Domain snapshot 1582605802 created ``` +3. Run the following command to query disk snapshots: -1. Run the following command to query disk snapshots: - - ``` - # virsh snapshot-list openEulerVM + ```shell + $ virsh snapshot-list openEulerVM Name Creation Time State --------------------------------------------------------- 1582605802 2020-02-25 12:43:22 +0800 disk-snapshot ``` +## Configuring Disk I/O Suspension + +### Introduction + +#### Overview + +When a storage fault occurs (for example, the storage link is disconnected), the I/O error of the physical disk is sent to the VM front end through the virtualization layer. The VM receives the I/O error. As a result, the user file system in the VM may change to the read-only state. In this case, the VM needs to be restarted or the user needs to manually restore the file system, which brings extra workload to users. + +In this case, the virtualization platform provides the disk I/O suspension capability. That is, when the storage device is faulty, the VM I/Os are suspended when being delivered to the host. During the suspension period, no I/O error is returned to the VM. In this way, the file system in the VM does not change to the read-only state due to I/O errors. Instead, the file system is suspended. At the same time, the VM backend retries I/Os based on the specified suspension interval. If the storage fault is rectified within the suspension period, the suspended I/Os can be flushed to disks, and the internal file system of the VM automatically recovers without restarting the VM. If the storage fault is not rectified within the suspension period, an error is reported to the VM and the user is notified. + +#### Application Scenarios + +A cloud disk that may cause storage plane link disconnection is used as the backend of the virtual disk. + +#### Precautions and Restrictions + +- Only virtio-blk or virtio-scsi virtual disks support disk I/O suspension. + +- Generally, the backend of the virtual disk where the disk I/Os are suspended is the cloud disk whose storage plane link may be disconnected. + +- Disk I/O suspension can be enabled for read and write I/O errors separately. The retry interval and timeout interval for read and write I/O errors of the same disk are the same. + +- The disk I/O suspension retry interval does not include the actual read/write I/O overhead on the host. That is, the actual interval between two I/O retries is greater than the configured I/O error retry interval. + +- Disk I/O suspension cannot distinguish the specific type of I/O errors (such as storage link disconnection, bad sector, or reservation conflict). As long as the hardware returns an I/O error, suspension is performed. + +- When disk I/O suspension occurs, the internal I/Os of the VM are not returned, the system commands for accessing the disk, such as fdisk, are suspended, and the services that depend on the returned commands are suspended. + +- When disk I/O suspension occurs, the I/Os cannot be flushed to the disk. As a result, the VM may not be gracefully shut down. In this case, you need to forcibly shut down the VM. + +- When disk I/O suspension occurs, the disk data cannot be read. As a result, the VM cannot be restarted. In this case, you need to forcibly stop the VM, wait until the storage fault is rectified, and then restart the VM. + +- After a storage fault occurs, the following problems cannot be solved although disk I/O suspension occurs: + + 1. Failed to execute advanced storage features. + + Advanced features include: virtual disk hot swap, virtual disk creation, VM startup, VM shutdown, VM forcible shutdown, VM hibernation, VM wakeup, VM storage live migration, VM storage live migration cancellation, VM storage snapshot creation, VM storage snapshot combination, VM disk capacity query, online disk capacity expansion, virtual CD-ROM drive insertion, and CD-ROM drive ejection from the VM. + + 2. Failed to execute the VM lifecycle. + +- When a live migration is initiated for a VM configured with disk I/O suspension, the disk I/O suspension configuration must be the same as that of the source host in the XML configuration of the destination disk. + +### Disk I/O Suspension Configuration + +#### Using the QEMU CLI + +To enable disk I/O suspension, configure `werror=retry` `rerror=retry` on the virtual disk device. To configure the retry policy, configure `retry_interval` and `retry_timeout`. `retry_interval` indicates the I/O retry interval. The value ranges from 0 to `MAX_LONG`, in milliseconds. If this parameter is not set, the default value 1000 ms is used. `retry_timeout` indicates the I/O retry timeout interval. The value ranges from 0 to `MAX_LONG`, in milliseconds. The value **0** indicates that no timeout occurs. If this parameter is not set, the default value **0** is used. + +The disk I/O suspension configuration of the virtio-blk disk is as follows: + +```shell +-drive file=/path/to/your/storage,format=raw,if=none,id=drive-virtio-disk0,cache=none,aio=native \ +-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,\ +drive=drive-virtio-disk0,id=virtio-disk0,write-cache=on,\ +werror=retry,rerror=retry,retry_interval=2000,retry_timeout=10000 +``` + +The disk I/O suspension configuration of the virtio-scsi disk is as follows: + +```shell +-drive file=/path/to/your/storage,format=raw,if=none,id=drive-scsi0-0-0-0,cache=none,aio=native \ +-device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,\ +device_id=drive-scsi0-0-0-0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,write-cache=on,\ +werror=retry,rerror=retry,retry_interval=2000,retry_timeout=10000 +``` + +#### Using an XML Configuration File + +To enable disk I/O suspension, configure `error_policy='retry'` `rerror_policy='retry'` in the disk XML configuration. Configure `retry_interval` and `retry_timeout`. retry_interval indicates the I/O retry interval. The value ranges from 0 to `MAX_LONG`, in milliseconds. If this parameter is not set, the default value 1000 ms is used. retry_timeout indicates the I/O retry timeout interval. The value ranges from 0 to `MAX_LONG`, in milliseconds. The value **0** indicates that no timeout occurs. If this parameter is not set, the default value **0** is used. + +The disk I/O suspension XML configuration of the virtio-blk disk is as follows: + +```xml + + + + + + +``` + +The disk I/O suspension XML configuration of the virtio-scsi disk is as follows: + +```xml + + + + + +
+ +``` diff --git a/docs/en/docs/Virtualization/managing-vms.md b/docs/en/docs/Virtualization/managing-vms.md index 14d5ef0e3cf3f01687a4de1d49d34356702676e2..56cb99820e1c637c89724109e10175c537fa084b 100644 --- a/docs/en/docs/Virtualization/managing-vms.md +++ b/docs/en/docs/Virtualization/managing-vms.md @@ -1,50 +1,51 @@ -## Managing VMs +# Managing VMs - [Managing VMs](#managing-vms) - [VM Life Cycle](#vm-life-cycle) - - [Introduction](#introduction-0) + - [Introduction](#introduction) - [Management Commands](#management-commands) - [Example](#example) - - [Modify VM Configurations Online](#modify-vm-configurations-online) + - [Modifying VM Configurations Online](#modifying-vm-configurations-online) - [Querying VM Information](#querying-vm-information) - [Logging In to a VM](#logging-in-to-a-vm) - [Logging In Using VNC Passwords](#logging-in-using-vnc-passwords) - [Configuring VNC TLS Login](#configuring-vnc-tls-login) + - [VM Secure Boot](#vm-secure-boot) + - [General Introduction](#general-introduction) + - [Secure Boot Practice](#secure-boot-practice) +## VM Life Cycle -### VM Life Cycle +### Introduction -#### Introduction - -##### Overview +#### Overview To leverage hardware resources and reduce costs, users need to properly manage VMs. This section describes basic operations during the VM lifecycle, such as creating, using, and deleting VMs. -##### VM Status +#### VM Status A VM can be in one of the following status: -- **undefined**: The VM is not defined or created. That is, libvirt considers that the VM does not exist. -- **shut off**: The VM has been defined but is not running, or the VM is terminated. -- **running**: The VM is running. -- **paused**: The VM is suspended and its running status is temporarily stored in the memory. The VM can be restored to the running status. -- **saved**: Similar to the **paused** status, the running state is stored in a persistent storage medium and can be restored to the running status. -- **crashed**: The VM crashes due to an internal error and cannot be restored to the running status. +- **undefined**: The VM is not defined or created. That is, libvirt considers that the VM does not exist. +- **shut off**: The VM has been defined but is not running, or the VM is terminated. +- **running**: The VM is running. +- **paused**: The VM is suspended and its running status is temporarily stored in the memory. The VM can be restored to the running status. +- **saved**: Similar to the **paused** status, the running state is stored in a persistent storage medium and can be restored to the running status. +- **crashed**: The VM crashes due to an internal error and cannot be restored to the running status. -##### Status Transition +#### Status Transition VMs in different status can be converted, but certain rules must be met. [Figure 1](#fig671014583483) describes the common rules for transiting the VM status. **Figure 1** Status transition diagram ![](./figures/status-transition-diagram.png "status-transition-diagram") -##### VM ID +#### VM ID In libvirt, a created VM instance is called a **domain**, which describes the configuration information of resources such as the CPU, memory, network device, and storage device of the VM. On a host, each domain has a unique ID, which is represented by the VM **Name**, **UUID**, and **Id**. For details, see [Table 1](#table84397266483). During the VM lifecycle, an operation can be performed on a specific VM by using a VM ID. **Table 1** Domain ID description -

ID

Description

@@ -74,37 +75,36 @@ In libvirt, a created VM instance is called a **domain**, which describes the c >![](./public_sys-resources/icon-note.gif) **NOTE:** >Run the **virsh** command to query the VM ID and UUID. For details, see [Querying VM Information](#querying-vm-information). -#### Management Commands +### Management Commands -##### Overview +#### Overview You can use the **virsh** command tool to manage the VM lifecycle. This section describes the commands related to the lifecycle. -##### Prerequisites +#### Prerequisites -- Before performing operations on a VM, you need to query the VM status to ensure that the operations can be performed. For details about the conversion between status, see [Status Transition](#introduction-0). -- You have administrator rights. -- The VM XML configuration files are prepared. +- Before performing operations on a VM, you need to query the VM status to ensure that the operations can be performed. For details about the conversion between status, see [Status Transition](#status-transition). +- You have administrator rights. +- The VM XML configuration files are prepared. -##### Command Usage +#### Command Usage You can run the **virsh** command to manage the VM lifecycle. The command format is as follows: -``` +```shell virsh ``` The parameters are described as follows: -- _operate_: manages VM lifecycle operations, such as creating, deleting, and starting VMs. -- _obj_: specifies the operation object, for example, the VM to be operated. -- _options_: command option. This parameter is optional. +- _operate_: manages VM lifecycle operations, such as creating, deleting, and starting VMs. +- _obj_: specifies the operation object, for example, the VM to be operated. +- _options_: command option. This parameter is optional. -[Table 1](#table389518422611) describes the commands used for VM lifecycle management. _VMInstanse_ indicates the VM name, VM ID, or VM UUID, _XMLFile_ indicates the XML configuration file of the VM, and _DumpFile_ indicates the dump file. Change them based on the site requirements. +[Table 1](#table389518422611) describes the commands used for VM lifecycle management. _VMInstance_ indicates the VM name, VM ID, or VM UUID, _XMLFile_ indicates the XML configuration file of the VM, and _DumpFile_ indicates the dump file. Change them based on the site requirements. **Table 1** VM Lifecycle Management Commands - - - - - - @@ -151,17 +151,17 @@ The parameters are described as follows: - - - @@ -169,58 +169,57 @@ The parameters are described as follows:

Command

Description

@@ -121,27 +121,27 @@ The parameters are described as follows:

Create a temporary VM. After the VM is created, it is in the running status.

virsh start <VMInstanse>

+

virsh start <VMInstance>

Start the VM.

virsh shutdown <VMInstanse>

+

virsh shutdown <VMInstance>

Shut down the VM. Start the VM shutdown process. If the VM fails to be shut down, forcibly stop it.

virsh destroy <VMInstanse>

+

virsh destroy <VMInstance>

Forcibly stop the VM.

virsh reboot <VMInstanse>

+

virsh reboot <VMInstance>

Reboot the VM.

virsh save <VMInstanse> <DumpFile>

+

virsh save <VMInstance> <DumpFile>

Dump the VM running status to a file.

Restore the VM from the VM status dump file.

virsh suspend <VMInstanse>

+

virsh suspend <VMInstance>

Suspend the VM to make the VM in the paused status.

virsh resume <VMInstanse>

+

virsh resume <VMInstance>

Resume the VM and restore the VM in the paused status to the running status.

virsh undefine <VMInstanse>

+

virsh undefine <VMInstance>

After a persistent VM is destroyed, the VM lifecycle ends and no more operations can be performed on the VM.
-#### Example +### Example This section provides examples of commands related to VM life cycle management. -- Create a VM. +- Create a VM. The VM XML configuration file is **openEulerVM.xml**. The command and output are as follows: - ``` - # virsh define openEulerVM.xml + ```shell + $ virsh define openEulerVM.xml Domain openEulerVM defined from openEulerVM.xml ``` - -- Start a VM. +- Start a VM. Run the following command to start the _openEulerVM_: - ``` - # virsh start openEulerVM + ```shell + $ virsh start openEulerVM Domain openEulerVM started ``` -- Reboot a VM. +- Reboot a VM. Run the following command to reboot the _openEulerVM_: - ``` - # virsh reboot openEulerVM + ```shell + $ virsh reboot openEulerVM Domain openEulerVM is being rebooted ``` -- Shut down a VM. +- Shut down a VM. Run the following command to shut down the _openEulerVM_: - ``` - # virsh shutdown openEulerVM + ```shell + $ virsh shutdown openEulerVM Domain openEulerVM is being shutdown ``` -- Destroy a VM. - - If the **nvram** file is not used during the VM startup, run the following command to destroy the VM: +- Destroy a VM. + - If the **nvram** file is not used during the VM startup, run the following command to destroy the VM: - ``` - # virsh undefine + ```shell + virsh undefine ``` - - If the **nvram** file is used during the VM startup, run the following command to specify the **nvram** processing policy when destroying the VM: + - If the **nvram** file is used during the VM startup, run the following command to specify the **nvram** processing policy when destroying the VM: - ``` - # virsh undefine + ```shell + virsh undefine ``` _strategy_ indicates the policy for destroying a VM. The values can be: @@ -231,75 +230,72 @@ This section provides examples of commands related to VM life cycle management. For example, to delete the _openEulerVM_ and its **nvram** file, run the following command: - ``` - # virsh undefine openEulerVM --nvram + ```shell + $ virsh undefine openEulerVM --nvram Domain openEulerVM has been undefined ``` +## Modifying VM Configurations Online - -### Modify VM Configurations Online - -#### Overview +### Overview After a VM is created, users can modify VM configurations. This process is called online modification of VM configuration. After the configuration is modified online, the new VM configuration file is persistent and takes effect after the VM is shut down and restarted. The format of the command for modifying VM configuration is as follows: -``` +```shell virsh edit ``` The **virsh edit** command is used to edit the XML configuration file corresponding to **domain** to update VM configuration. **virsh edit** uses the **vi** program as the default editor. You can specify the editor type by modifying the environment variable _EDITOR_ or _VISUAL_. By default, **virsh edit** preferentially uses the text editor specified by the environment variable _VISUAL_. -#### Procedure +### Procedure -1. \(Optional\) Set the editor of the **virsh edit** command to **vim**. +1. \(Optional\) Set the editor of the **virsh edit** command to **vim**. - ``` - # export VISUAL=vim + ```shell + export VISUAL=vim ``` -2. Run the **virsh edit** command to open the XML configuration file of the _openEulerVM_. +2. Run the **virsh edit** command to open the XML configuration file of the _openEulerVM_. - ``` - # virsh edit openEulerVM + ```shell + virsh edit openEulerVM ``` -3. Modify the VM configuration file. -4. Save the VM configuration file and exit. -5. Reboot the VM for the configuration to take effect. +3. Modify the VM configuration file. +4. Save the VM configuration file and exit. +5. Reboot the VM for the configuration to take effect. - ``` - # virsh reboot openEulerVM + ```shell + virsh reboot openEulerVM ``` +## Querying VM Information -### Querying VM Information - -#### Overview +### Overview The libvirt provides a set of command line tools to query VM information. This section describes how to use commands to obtain VM information. -#### Prerequisites +### Prerequisites To query VM information, the following requirements must be met: -- The libvirtd service is running. +- The libvirtd service is running. -- Only the administrator has the permission to execute command line. +- Only the administrator has the permission to execute command line. -#### Querying VM Information on a Host. +### Querying VM Information on a Host -- Query the list of running and paused VMs on a host. +- Query the list of running and paused VMs on a host. - ``` - # virsh list + ```shell + virsh list ``` For example, the following command output indicates that three VMs exist on the host. **openEulerVM01** and **openEulerVM02** are running, and **openEulerVM03** is paused. - ``` + ```text Id Name State ---------------------------------------------------- 39 openEulerVM01 running @@ -307,16 +303,15 @@ To query VM information, the following requirements must be met: 69 openEulerVM03 paused ``` +- Query the list of VM information defined on a host. -- Query the list of VM information defined on a host. - - ``` - # virsh list --all + ```shell + virsh list --all ``` For example, the following command output indicates that four VMs are defined on the current host. **openEulerVM01** is running, **openEulerVM02** is paused, and **openEulerVM03** and **openEulerVM04** are shut down. - ``` + ```text Id Name State ---------------------------------------------------- 39 openEulerVM01 running @@ -325,14 +320,12 @@ To query VM information, the following requirements must be met: - openEulerVM04 shut off ``` - -#### Querying Basic VM Information +### Querying Basic VM Information Libvirt component provides a group of commands for querying the VM status, including the VM running status, device information, and scheduling attributes. For details, see [Table 1](#table10582103963816). **Table 1** Querying basic VM information -

Information to be queried

Command line

@@ -393,12 +386,12 @@ Libvirt component provides a group of commands for querying the VM status, inclu
-#### Example +### Example -- Run the **virsh dominfo** command to query the basic information about a created VM. The query result shows that the VM ID is **5**, UUID is **ab472210-db8c-4018-9b3e-fc5319a769f7**, memory size is 8 GiB, and the number of vCPUs is 4. +- Run the **virsh dominfo** command to query the basic information about a created VM. The query result shows that the VM ID is **5**, UUID is **ab472210-db8c-4018-9b3e-fc5319a769f7**, memory size is 8 GiB, and the number of vCPUs is 4. - ``` - # virsh dominfo openEulerVM + ```shell + $ virsh dominfo openEulerVM Id: 5 Name: openEulerVM UUID: ab472210-db8c-4018-9b3e-fc5319a769f7 @@ -415,18 +408,17 @@ Libvirt component provides a group of commands for querying the VM status, inclu Security DOI: 0 ``` +- Run the **virsh domstate** command to query the VM status. The query result shows that VM **openEulerVM** is running. -- Run the **virsh domstate** command to query the VM status. The query result shows that VM **openEulerVM** is running. - - ``` - # virsh domstate openEulerVM + ```shell + $ virsh domstate openEulerVM running ``` -- Run **virsh schedinfo** to query the VM scheduling information. The query result shows that the CPU reservation share of the VM is 1024. +- Run **virsh schedinfo** to query the VM scheduling information. The query result shows that the CPU reservation share of the VM is 1024. - ``` - # virsh schedinfo openEulerVM + ```shell + $ virsh schedinfo openEulerVM Scheduler : posix cpu_shares : 1024 vcpu_period : 100000 @@ -439,37 +431,37 @@ Libvirt component provides a group of commands for querying the VM status, inclu iothread_quota : -1 ``` -- Run the **virsh vcpucount** command to query the number of vCPUs. The query result shows that the VM has four CPUs. +- Run the **virsh vcpucount** command to query the number of vCPUs. The query result shows that the VM has four CPUs. - ``` - # virsh vcpucount openEulerVM + ```shell + $ virsh vcpucount openEulerVM maximum live 4 current live 4 ``` -- Run the **virsh domblklist** command to query the VM disk information. The query result shows that the VM has two disks. sda is a virtual disk in qcow2 format, and sdb is a cdrom device. +- Run the **virsh domblklist** command to query the VM disk information. The query result shows that the VM has two disks. sda is a virtual disk in qcow2 format, and sdb is a cdrom device. - ``` - # virsh domblklist openEulerVM + ```shell + $ virsh domblklist openEulerVM Target Source --------------------------------------------------------------------- sda /home/openeuler/vm/openEuler_aarch64.qcow2 - sdb /home/openeuler/vm/openEuler-20.03-LTS-aarch64-dvd.iso + sdb /home/openeuler/vm/openEuler-20.03-LTS-SP1-aarch64-dvd.iso ``` -- Run the **virsh domiflist** command to query the VM NIC information. The query result shows that the VM has one NIC, the backend is vnet0, which is on the br0 bridge of the host. The MAC address is 00:05:fe:d4:f1:cc. +- Run the **virsh domiflist** command to query the VM NIC information. The query result shows that the VM has one NIC, the backend is vnet0, which is on the br0 bridge of the host. The MAC address is 00:05:fe:d4:f1:cc. - ``` - # virsh domiflist openEulerVM + ```shell + $ virsh domiflist openEulerVM Interface Type Source Model MAC ------------------------------------------------------- vnet0 bridge br0 virtio 00:05:fe:d4:f1:cc ``` -- Run the **virsh iothreadinfo** command to query the VM I/O thread information. The query result shows that the VM has five I/O threads, which are scheduled on physical CPUs 7-10. +- Run the **virsh iothreadinfo** command to query the VM I/O thread information. The query result shows that the VM has five I/O threads, which are scheduled on physical CPUs 7-10. - ``` - # virsh iothreadinfo openEulerVM + ```shell + $ virsh iothreadinfo openEulerVM IOThread ID CPU Affinity --------------------------------------------------- 3 7-10 @@ -479,111 +471,111 @@ Libvirt component provides a group of commands for querying the VM status, inclu 2 7-10 ``` - -### Logging In to a VM +## Logging In to a VM This section describes how to log in to a VM using VNC. -#### Logging In Using VNC Passwords +### Logging In Using VNC Passwords -##### Overview +#### Overview After the OS is installed on a VM, you can remotely log in to the VM using VNC to manage the VM. -##### Prerequisites +#### Prerequisites Before logging in to a VM using a client, such as RealVNC or TightVNC, ensure that: -- You have obtained the IP address of the host where the VM resides. -- The environment where the client resides can access the network of the host. -- You have obtained the VNC listening port of the VM. This port is automatically allocated when the client is started. Generally, the port number is **5900 + x** \(_x_ is a positive integer and increases in ascending order based on the VM startup sequence. **5900** is invisible to users.\) -- If a password has been set for the VNC, you also need to obtain the VNC password of the VM. +- You have obtained the IP address of the host where the VM resides. +- The environment where the client resides can access the network of the host. +- You have obtained the VNC listening port of the VM. This port is automatically allocated when the client is started. Generally, the port number is **5900 + x** \(_x_ is a positive integer and increases in ascending order based on the VM startup sequence. **5900** is invisible to users.\) +- If a password has been set for the VNC, you also need to obtain the VNC password of the VM. >![](./public_sys-resources/icon-note.gif) **NOTE:** >To set a password for the VM VNC, edit the XML configuration file of the VM. That is, add the **passwd** attribute to the **graphics** element and set the attribute value to the password to be configured. For example, to set the VNC password of the VM to **n8VfjbFK**, configure the XML file as follows: - >``` + > + >```xml > > > >``` +#### Procedure -##### Procedure -##### Procedure - -1. Query the VNC port number used by the VM. For example, if the VM name is _openEulerVM_, run the following command: +1. Query the VNC port number used by the VM. For example, if the VM name is _openEulerVM_, run the following command: - ``` - # virsh vncdisplay openEulerVM + ```shell + $ virsh vncdisplay openEulerVM :3 ``` >![](./public_sys-resources/icon-note.gif) **NOTE:** >To log in to the VNC, you need to configure firewall rules to allow the connection of the VNC port. The reference command is as follows, where _X_ is **5900 + Port number**, for example, **5903**. - >``` + > + >```shell >firewall-cmd --zone=public --add-port=X/tcp >``` -2. Start the VncViewer software and enter the IP address and port number of the host. The format is **host IP address:port number**, for example, **10.133.205.53:3**. -3. Click **OK** and enter the VNC password \(optional\) to log in to the VM VNC. +2. Start the VncViewer software and enter the IP address and port number of the host. The format is **host IP address:port number**, for example, **10.133.205.53:3**. +3. Click **OK** and enter the VNC password \(optional\) to log in to the VM VNC. -#### Configuring VNC TLS Login +### Configuring VNC TLS Login -##### Overview +#### Overview By default, the VNC server and client transmit data in plaintext. Therefore, the communication content may be intercepted by a third party. To improve security, openEuler allows the VNC server to configure the Transport Layer Security \(TLS\) mode for encryption and authentication. TLS implements encrypted communication between the VNC server and client to prevent communication content from being intercepted by third parties. >![](./public_sys-resources/icon-note.gif) **NOTE:** ->- To use the TLS encryption authentication mode, the VNC client must support the TLS mode \(for example, TigerVNC\). Otherwise, the VNC client cannot be connected. ->- The TLS encryption authentication mode is configured at the host level. After this feature is enabled, the TLS encryption authentication mode is enabled for the VNC clients of all VMs running on the host. +> +>- To use the TLS encryption authentication mode, the VNC client must support the TLS mode \(for example, TigerVNC\). Otherwise, the VNC client cannot be connected. +>- The TLS encryption authentication mode is configured at the host level. After this feature is enabled, the TLS encryption authentication mode is enabled for the VNC clients of all VMs running on the host. -##### Procedure +#### Procedure To enable the TLS encryption authentication mode for the VNC, perform the following steps: -1. Log in to the host where the VNC server resides, and edit the corresponding configuration items in the **/etc/libvirt/qemu.conf** configuration file of the server. The configuration is as follows: +1. Log in to the host where the VNC server resides, and edit the corresponding configuration items in the **/etc/libvirt/qemu.conf** configuration file of the server. The configuration is as follows: - ``` + ```ini vnc_listen = "x.x.x.x" # "x.x.x.x" indicates the listening IP address of the VNC. Set this parameter based on the site requirements. The VNC server allows only the connection requests from clients whose IP addresses are in this range. vnc_tls = 1 # If this parameter is set to 1, VNC TLS is enabled. vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" # Specify /etc/pki/libvirt-vnc as the path for storing the certificate. vnc_tls_x509_verify = 1 #If this parameter is set to 1, the X509 certificate is used for TLS authentication. ``` -2. Create a certificate and a private key file for the VNC. The following uses GNU TLS as an example. +2. Create a certificate and a private key file for the VNC. The following uses GNU TLS as an example. >![](./public_sys-resources/icon-note.gif) **NOTE:** >To use GNU TLS, install the gnu-utils software package in advance. - 1. Create a certificate file issued by the Certificate Authority \(CA\). + 1. Create a certificate file issued by the Certificate Authority \(CA\). - ``` - # certtool --generate-privkey > ca-key.pem + ```shell + certtool --generate-privkey > ca-key.pem ``` - 1. Create a self-signed public and private key for the CA certificate. _Your organization name_ indicates the organization name, which is specified by the user. + 2. Create a self-signed public and private key for the CA certificate. _Your organization name_ indicates the organization name, which is specified by the user. - ``` - # cat > ca.info< ca.info< server.info< server.info< server-key.pem - # certtool --generate-certificate \ + ```shell + certtool --generate-privkey > server-key.pem + certtool --generate-certificate \ --load-ca-certificate ca-cert.pem \ --load-ca-privkey ca-key.pem \ --load-privkey server-key.pem \ @@ -603,10 +595,10 @@ To enable the TLS encryption authentication mode for the VNC, perform the follow In the preceding generated file, **server-key.pem** is the private key of the VNC server, and **server-cert.pem** is the public key of the VNC server. - 3. Issue a certificate to the VNC client. + 4. Issue a certificate to the VNC client. - ``` - # cat > client.info< client.info< client-key.pem - # certtool --generate-certificate \ + ```shell + certtool --generate-privkey > client-key.pem + certtool --generate-certificate \ --load-ca-certificate ca-cert.pem \ --load-ca-privkey ca-key.pem \ --load-privkey client-key.pem \ @@ -626,25 +618,176 @@ To enable the TLS encryption authentication mode for the VNC, perform the follow In the preceding generated file, **client-key.pem** is the private key of the VNC client, and **client-cert.pem** is the public key of the VNC client. The generated public and private key pairs need to be copied to the VNC client. -3. Shut down the VM to be logged in to and restart the libvirtd service on the host where the VNC server resides. +3. Shut down the VM to be logged in to and restart the libvirtd service on the host where the VNC server resides. - ``` - # systemctl restart libvirtd + ```shell + systemctl restart libvirtd ``` -4. Save the generated server certificate to the specified directory on the VNC server and grant the read and write permissions on the certificate only to the current user. +4. Save the generated server certificate to the specified directory on the VNC server and grant the read and write permissions on the certificate only to the current user. - ``` - # sudo mkdir -m 750 /etc/pki/libvirt-vnc - # cp ca-cert.pem /etc/pki/libvirt-vnc/ca-cert.pem - # cp server-cert.pem /etc/pki/libvirt-vnc/server-cert.pem - # cp server-key.pem /etc/pki/libvirt-vnc/server-key.pem - # chmod 0600 /etc/pki/libvirt-vnc/* + ```shell + sudo mkdir -m 750 /etc/pki/libvirt-vnc + cp ca-cert.pem /etc/pki/libvirt-vnc/ca-cert.pem + cp server-cert.pem /etc/pki/libvirt-vnc/server-cert.pem + cp server-key.pem /etc/pki/libvirt-vnc/server-key.pem + chmod 0600 /etc/pki/libvirt-vnc/* ``` -5. Copy the generated client certificates **ca-cert.pem**, **client-cert.pem**, and **client-key.pem** to the VNC client. After the TLS certificate of the VNC client is configured, you can use VNC TLS to log in to the VM. +5. Copy the generated client certificates **ca-cert.pem**, **client-cert.pem**, and **client-key.pem** to the VNC client. After the TLS certificate of the VNC client is configured, you can use VNC TLS to log in to the VM. >![](./public_sys-resources/icon-note.gif) **NOTE:** - >- For details about how to configure the VNC client certificate, see the usage description of each client. - >- For details about how to log in to the VM, see Logging In Using VNC Passwords. + >- For details about how to configure the VNC client certificate, see the usage description of each client. + >- For details about how to log in to the VM, see [Logging In Using VNC Passwords](#logging-in-using-vnc-passwords). + +## VM Secure Boot + +### General Introduction + +#### Overview + +Secure boot uses public and private key pairs to sign and validate boot components. During the startup, the previous component validates the digital signature of the next component. If the validation is successful, the next component starts. If the validation fails, the startup fails. Secure boot is used to detect whether the firmware and software during startup of the device are tampered with to prevent malware from intrusion and modification. Secure boot ensures the integrity of each component during system startup and prevents unauthorized components from being loaded and running, thereby preventing security threats to the system and user data. Secure boot is implemented based on the UEFI boot mode. It is not supported by the legacy boot mode. According to UEFI specifications, some reliable public keys can be built in the mainboard before delivery. Any operating system or hardware drivers that you want to load on this mainboard must be authenticated by these public keys. The secure boot of a physical machine is implemented by the physical BIOS, while the secure boot of a VM is simulated by software. The process of the VM secure boot is the same as that of the host secure boot, both complying with the open-source UEFI specifications. The UEFI on the virtualization platform is provided by the edk component. When a VM starts, QEMU maps the UEFI image to the memory to simulate the firmware startup process for the VM. Secure boot is a security protection capability provided by edk during the VM startup to protect the OS kernel of the VM from being tampered with. The sequence of signature validation for the secure boot is as follows: UEFI BIOS->shim->GRUB->vmlinuz (signature validation is passed and loaded in sequence). + +| English | Acronyms and Abbreviations | Description | +| :----- | :----- | :----- | +| Secure boot | - | Secure boot indicates that a component validates the digital signature of the next component during startup. If the validation is successful, the component runs. If the validation fails, the component stops running. It ensures the integrity of each component during system startup. | +| Platform key | PK | Platform key is owned by the OEM vendor and must be RSA2048 or stronger. The PK establishes a trusted relationship between the platform owner and the platform firmware. The platform owner registers the PKpub, public key of the PK, with the platform firmware. The platform owner can use the PKpriv, private part of the PK, to change the ownership of the platform or register the KEK key. | +| Key exchange key | KEK | Key exchange key creates a trusted relationship between the platform firmware and the OS. Each OS and third-party application that communicates with the platform firmware register the KEKpub, public part of the KEK key, in the platform firmware. | +| Database trustlist | DB | Database trustlist stores and validates the keys of components such as shim, GRUB, and vmlinuz. | +| Database blocklist | DBx | Database blocklist stores revoked keys. | + +#### Function Description + +The VM secure boot feature is implemented based on the edk open-source project. In non-secure boot mode, the basic Linux process is as follows: + +**Figure 1** System startup process + +![](./figures/OSBootFlow.png) + +In secure boot mode, the first component loaded after UEFI BIOS starts is shim in the system image. By interacting with UEFI BIOS, shim obtains the key stored in the variable DB of UEFI BIOS to validate GRUB. After GRUB is loaded, the key and the authentication API are also called to validate the kernel. The Linux boot process is as follows: + +**Figure 2** Secure boot process + +![](./figures/SecureBootFlow.png) + +The secure boot feature involves multiple key scenarios. Based on the scenario analysis and system breakdown, the secure boot feature involves the following subsystems: UEFI BIOS validating shim, shim validating GRUB, and GRUB validating kernel. When UEFI BIOS validates shim, if the validation is successful, shim is started. If the validation fails, an error message is displayed and shim fails to start. Shim needs to use the private key for signature during image compilation and creation, and the public key certificate needs to be imported to the variable area DB of UEFI BIOS. After shim is started, validate the startup of GRUB. If the validation is successful, GRUB is started. If the validation fails, an error message is displayed and GRUB fails to start. GRUB needs to be signed during image compilation and creation. The public and private key pairs are the same as those of shim. After GRUB is started, it calls the key and the authentication API key registered in UEFI BIOS to validate the kernel. If the validation is successful, GRUB starts the kernel. If the validation fails, an error message is displayed. GRUB needs to sign the image during compilation and creation and uses the public and private key pair that is the same as that of shim. + +#### Constraints + +- Running on the UEFI BIOS that does not support secure boot does not affect existing functions and services. +- The secure boot feature depends on the UEFI BIOS and takes effect only when the UEFI supports this feature. +- When secure boot is enabled in the UEFI BIOS, the system cannot be started if the related components have no signature or the signature is incorrect. +- If secure boot is disabled in the UEFI BIOS, the validation function during the boot process is disabled. +- The second half of the secure boot validation chain, that is, shim->GRUB->kernel, guides the kernel to start. This part of the validation chain is implemented by the OS image. If the OS does not support guiding the kernel for secure boot, the VM secure boot fails. +- Currently, the x86 architecture do not provide nvram file configuration to configure VM secure boot. + +### Secure Boot Practice + +VM secure boot depends on UEFI BIOS. The UEFI BIOS image is installed using the edk rpm package. This section uses AArch64 as an example to describe how to configure VM secure boot. + +#### Configuring VM + +The components in the edk rpm package are installed in the /usr/share/edk2/aarch64 directory, including `QEMU_EFI-pflash.raw` and `vars-template-pflash.raw`. The following describes the XML configuration of the UEFI BIOS during VM startup. + +```xml + + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + /path/to/QEMU-VARS.fd + +``` + +In the preceding configuration, /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw indicates the path of the UEFI BIOS image. /usr/share/edk2/aarch64/vars-template-pflash.raw is the path of the NVRAM image template, and /path/to/QEMU-VARS.fd is the path of the NVRAM image file of the current VM, which is used to store environment variables in the UEFI BIOS. + +#### Importing Certificate + +The certificate for VM secure boot is imported from the BIOS page. Before importing the certificate, you need to import the certificate file to the VM. You can mount the directory where the certificate file is located to the VM by mounting a disk. For example, you can create an image that contains the certificate and mount the image in the XML configuration file of the VM. + +Create a certificate file image. + +```shell +dd of='/path/to/data.img' if='/dev/zero' bs=1M count=64 +mkfs.vfat -I /path/to/data.img +mkdir /path/to/mnt +mount path/to/data.img /path/to/mnt/ +cp -a /path/to/certificates/* /path/to/mnt/ +umount /path/to/mnt/ +``` + +In the preceding command, /path/to/certificates/ indicates the path where the certificate file is located, /path/to/data.img indicates the path where the certificate file image is located, and /path/to/mnt/ indicates the image mounting path. + +Mount the image in the XML file of the VM. + +```xml + + + + + + + + + +``` + +Start the VM and import the PK certificate. The procedure is as follows (the procedure for importing the KEK certificate is the same as that for importing the DB certificate): + +After the VM is started, press F2 to go to the BIOS screen. + +**Figure 1** BIOS screen + +![](./figures/CertEnrollP1.png) + +**Figure 2** Device Manager + +![](./figures/CertEnrollP2.png) + +**Figure 3** Custom Secure Boot Options + +![](./figures/CertEnrollP3.png) + +**Figure 4** PK Options + +![](./figures/CertEnrollP4.png) + +**Figure 5** Enrolling PK + +![](./figures/CertEnrollP5.png) + +In the File Explorer window, many disk directories are displayed, including the certificate file directory mounted through the disk. + +**Figure 6** File Explorer + +![](./figures/CertEnrollP6.png) + +Select the PK certificate to be imported in the disk directory. + +**Figure 7** Disk where the certificate is stored + +![](./figures/CertEnrollP7.png) + +**Figure 8** Selecting Commit Changes and Exit to save the imported certificate + +![](./figures/CertEnrollP8.png) + +After the certificate is imported, the UEFI BIOS writes the certificate information and secure boot attributes to the NVRAM configuration file /path/to/QEMU-VARS.fd. Upon the next startup, the VM reads related configurations from the /path/to/QEMU-VARS.fd file, initializes certificate information and secure boot attributes, automatically imports the certificate, and enables secure boot. Similarly, you can use /path/to/QEMU-VARS.fd as the UEFI BIOS boot configuration template file of other VMs with the same configuration. Modify the nvram template field so that the certificate is automatically imported and the secure boot option is enabled when other VMs are started. The VM XML configuration is modified as follows: + +```xml + + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + + +``` + +#### Secure Boot Observation + +After the VM is correctly configured and the PK, KEK, and DB certificates are imported, the VM runs in secure boot mode. You can configure the serial port log file in the VM configuration file in XML format to check whether the VM is in the secure boot mode. The following figure shows how to configure the serial port log file. + +```xml + + + +``` +After the OS image is successfully loaded to the VM, if "UEFI Secure Boot is enabled" is displayed in the serial port log file, the VM is in the secure boot state. diff --git a/docs/en/docs/Virtualization/system-resource-management.md b/docs/en/docs/Virtualization/system-resource-management.md index 7491c3b76a18de4c2271d0e7bc6414ebc5a713ab..75bf8ebecdc1e2548f20a2f1a70369ced6c3146d 100644 --- a/docs/en/docs/Virtualization/system-resource-management.md +++ b/docs/en/docs/Virtualization/system-resource-management.md @@ -1,25 +1,20 @@ -# system Resource Management - -The **libvirt** command manages VM system resources, such as vCPU and virtual memory resources. - -Before you start: - -- Ensure that the libvirtd daemon is running on the host. -- Run the **virsh list --all** command to check that the VM has been defined. +# System Resource Management - [System Resource Management](#system-resource-management) - - [Managing vCPU](#managing-vcpu) - - [CPU Shares](#cpu-shares) - - [Binding the QEMU Process to a Physical CPU](#binding-the-qemu-process-to-a-physical-cpu) - - [Adjusting the vCPU Binding Relationship](#adjusting-the-vcpu-binding-relationship) + - [General Description](#general-description) + - [Managing vCPUs](#managing-vcpus) - [Managing Virtual Memory](#managing-virtual-memory) - - [Introduction to NUMA](#introduction-to-numa) - - [Configuring Host NUMA](#configuring-host-numa) - - [Configuring Guest NUMA](#configuring-guest-numa) +## General Description + +openEuler virtualization uses the **libvirt** command to manage VM system resources, such as vCPUs and virtual memory resources. +Before you start: + +- Ensure that the libvirtd daemon is running on the host. +- Run the **virsh list --all** command to check that the VM has been defined. -## Managing vCPU +## Managing vCPUs ### CPU Shares @@ -27,16 +22,16 @@ Before you start: In a virtualization environment, multiple VMs on the same host compete for physical CPUs. To prevent some VMs from occupying too many physical CPU resources and affecting the performance of other VMs on the same host, you need to balance the vCPU scheduling of VMs to prevent excessive competition for physical CPUs. -The CPU share indicates the total capability of a VM to compete for physical CPU computing resources. You can set **cpu\_shares** to specify the VM capacity to preempt physical CPU resources. The value of **cpu\_shares** is a relative value without a unit. The CPU computing resources obtained by a VM are the available computing resources of physical CPUs \(excluding reserved CPUs\) allocated to VMs based on the CPU shares. Adjust the CPU shares to ensure the service quality of VM CPU computing resources. +The CPU share indicates the total capability of a VM to compete for physical CPU computing resources. You can set **cpu\_shares** to specify the VM capacity to preempt physical CPU resources. The value of **cpu\_shares** is a relative value without a unit. The CPU computing resources obtained by a VM are the available computing resources of physical CPUs (excluding reserved CPUs) allocated to VMs based on the CPU shares. Adjust the CPU shares to ensure the service quality of VM CPU computing resources. #### Procedure Change the value of **cpu\_shares** allocated to the VM to balance the scheduling between vCPUs. -- Check the current CPU share of the VM. +- Check the current CPU share of the VM. - ``` - # virsh schedinfo + ```shell + $ virsh schedinfo Scheduler : posix cpu_shares : 1024 vcpu_period : 100000 @@ -49,17 +44,16 @@ Change the value of **cpu\_shares** allocated to the VM to balance the schedul iothread_quota : -1 ``` +- Online modification: Run the **virsh schedinfo** command with the **--live** parameter to modify the CPU share of a running VM. -- Online modification: Run the **virsh schedinfo** command with the **--live** parameter to modify the CPU share of a running VM. - - ``` - # virsh schedinfo --live cpu_shares= + ```shell + virsh schedinfo --live cpu_shares= ``` - For example, to change the CPU share of the running _openEulerVM_ from **1024** to **2048**, run the following commands: + For example, to change the CPU share of the running **openEulerVM** from **1024** to **2048**, run the following commands: - ``` - # virsh schedinfo openEulerVM --live cpu_shares=2048 + ```shell + $ virsh schedinfo openEulerVM --live cpu_shares=2048 Scheduler : posix cpu_shares : 2048 vcpu_period : 100000 @@ -72,18 +66,18 @@ Change the value of **cpu\_shares** allocated to the VM to balance the schedul iothread_quota : -1 ``` - The modification of the **cpu\_shares** value takes effect immediately. The running time of the _openEulerVM_ is twice the original running time. However, the modification will become invalid after the VM is shut down and restarted. + The modification of the **cpu\_shares** value takes effect immediately. The running time of the **openEulerVM** is twice the original running time. However, the modification will become invalid after the VM is shut down and restarted. -- Permanent modification: Run the **virsh schedinfo** command with the **--config** parameter to change the CPU share of the VM in the libvirt internal configuration. +- Permanent modification: Run the **virsh schedinfo** command with the **--config** parameter to change the CPU share of the VM in the libvirt internal configuration. - ``` - # virsh schedinfo --config cpu_shares= + ```shell + virsh schedinfo --config cpu_shares= ``` - For example, run the following command to change the CPU share of _openEulerVM_ from **1024** to **2048**: + For example, run the following command to change the CPU share of **openEulerVM** from **1024** to **2048**: - ``` - # virsh schedinfo openEulerVM --config cpu_shares=2048 + ```shell + $ virsh schedinfo openEulerVM --config cpu_shares=2048 Scheduler : posix cpu_shares : 2048 vcpu_period : 0 @@ -96,8 +90,7 @@ Change the value of **cpu\_shares** allocated to the VM to balance the schedul iothread_quota : 0 ``` - The modification on **cpu\_shares** does not take effect immediately. Instead, the modification takes effect after the _openEulerVM_ is started next time and takes effect permanently. The running time of the _openEulerVM_ is twice that of the original VM. - + The modification on **cpu\_shares** does not take effect immediately. Instead, the modification takes effect after the **openEulerVM** is started next time and takes effect permanently. The running time of the **openEulerVM** is twice that of the original VM. ### Binding the QEMU Process to a Physical CPU @@ -109,10 +102,10 @@ You can bind the QEMU main process to a specific physical CPU range, ensuring th Run the **virsh emulatorpin** command to bind the QEMU main process to a physical CPU. -- Check the range of the physical CPU bound to the QEMU process: +- Check the range of the physical CPU bound to the QEMU process: - ``` - # virsh emulatorpin openEulerVM + ```shell + $ virsh emulatorpin openEulerVM emulator: CPU Affinity ---------------------------------- *: 0-63 @@ -120,10 +113,10 @@ Run the **virsh emulatorpin** command to bind the QEMU main process to a physi This indicates that the QEMU main process corresponding to VM **openEulerVM** can be scheduled on all physical CPUs of the host. -- Online binding: Run the **vcpu emulatorpin** command with the **--live** parameter to modify the binding relationship between the QEMU process and the running VM. +- Online binding: Run the **vcpu emulatorpin** command with the **--live** parameter to modify the binding relationship between the QEMU process and the running VM. - ``` - # virsh emulatorpin openEulerVM --live 2-3 + ```shell + $ virsh emulatorpin openEulerVM --live 2-3 # virsh emulatorpin openEulerVM emulator: CPU Affinity @@ -133,12 +126,11 @@ Run the **virsh emulatorpin** command to bind the QEMU main process to a physi The preceding commands bind the QEMU process corresponding to VM **openEulerVM** to physical CPUs **2** and **3**. That is, the QEMU process is scheduled only on the two physical CPUs. The binding relationship takes effect immediately but becomes invalid after the VM is shut down and restarted. -- Permanent binding: Run the **virsh emulatorpin** command with the **--config** parameter to modify the binding relationship between the VM and the QEMU process in the libvirt internal configuration. +- Permanent binding: Run the **virsh emulatorpin** command with the **--config** parameter to modify the binding relationship between the VM and the QEMU process in the libvirt internal configuration. - ``` - # virsh emulatorpin openEulerVM --config 0-3,^1 - - # virsh emulatorpin euler + ```shell + $ virsh emulatorpin openEulerVM --config 0-3,^1 + $ virsh emulatorpin euler emulator: CPU Affinity ---------------------------------- *: 0,2-3 @@ -146,7 +138,6 @@ Run the **virsh emulatorpin** command to bind the QEMU main process to a physi The preceding commands bind the QEMU process corresponding to VM **openEulerVM** to physical CPUs **0**, **2** and **3**. That is, the QEMU process is scheduled only on the three physical CPUs. The modification of the binding relationship does not take effect immediately. Instead, the modification takes effect after the next startup of the VM and takes effect permanently. - ### Adjusting the vCPU Binding Relationship #### Overview @@ -157,10 +148,10 @@ The vCPU of a VM is bound to a physical CPU. That is, the vCPU is scheduled only Run the **virsh vcpupin** command to adjust the binding relationship between vCPUs and physical CPUs. -- View the vCPU binding information of the VM. +- View the vCPU binding information of the VM. - ``` - # virsh vcpupin openEulerVM + ```shell + $ virsh vcpupin openEulerVM VCPU CPU Affinity ---------------------- 0 0-63 @@ -171,10 +162,10 @@ Run the **virsh vcpupin** command to adjust the binding relationship between v This indicates that all vCPUs of VM **openEulerVM** can be scheduled on all physical CPUs of the host. -- Online adjustment: Run the **vcpu vcpupin** command with the **--live** parameter to modify the vCPU binding relationship of a running VM. +- Online adjustment: Run the **vcpu vcpupin** command with the **--live** parameter to modify the vCPU binding relationship of a running VM. - ``` - # virsh vcpupin openEulerVM --live 0 2-3 + ```shell + $ virsh vcpupin openEulerVM --live 0 2-3 # virsh vcpupin euler VCPU CPU Affinity @@ -187,10 +178,10 @@ Run the **virsh vcpupin** command to adjust the binding relationship between v The preceding commands bind vCPU **0** of VM **openEulerVM** to pCPU **2** and pCPU **3**. That is, vCPU **0** is scheduled only on the two physical CPUs. The binding relationship takes effect immediately but becomes invalid after the VM is shut down and restarted. -- Permanent adjustment: Run the **virsh vcpupin** command with the **--config** parameter to modify the vCPU binding relationship of the VM in the libvirt internal configuration. +- Permanent adjustment: Run the **virsh vcpupin** command with the **--config** parameter to modify the vCPU binding relationship of the VM in the libvirt internal configuration. - ``` - # virsh vcpupin openEulerVM --config 0 0-3,^1 + ```shell + $ virsh vcpupin openEulerVM --config 0 0-3,^1 # virsh vcpupin openEulerVM VCPU CPU Affinity @@ -203,14 +194,100 @@ Run the **virsh vcpupin** command to adjust the binding relationship between v The preceding commands bind vCPU **0** of VM **openEulerVM** to physical CPUs **0**, **2**, and **3**. That is, vCPU **0** is scheduled only on the three physical CPUs. The modification of the binding relationship does not take effect immediately. Instead, the modification takes effect after the next startup of the VM and takes effect permanently. +### CPU Hot Add + +#### Overview + +This feature allows users to hot add CPUs to a running VM without affecting its normal running. When the internal service pressure of a VM keeps increasing, all CPUs will be overloaded. To improve the computing capability of the VM, you can use the CPU hot add function to increase the number of CPUs on the VM without stopping it. + +#### Constraints + +- For processors using the AArch64 architecture, the specified VM chipset type (machine) needs to be virt-4.1 or a later version when a VM is created. For processors using the x86\_64 architecture, the specified VM chipset type (machine) needs to be pc-i440fx-1.5 or a later version when a VM is created. +- When configuring Guest NUMA, you need to configure the vCPUs that belong to the same socket in the same vNode. Otherwise, the VM may be soft locked up after the CPU is hot added, which may cause the VM panic. +- VMs do not support CPU hot add during migration, hibernation, wake-up, or snapshot. +- Whether the hot added CPU can automatically go online depends on the VM OS logic rather than the virtualization layer. +- CPU hot add is restricted by the maximum number of CPUs supported by the Hypervisor and GuestOS. +- When a VM is being started, stopped, or restarted, the hot added CPU may become invalid. However, the hot added CPU takes effect after the VM is restarted. +- During VM CPU hot add, if the number of added CPUs is not an integer multiple of the number of cores in the VM CPU topology configuration item, the CPU topology displayed in the VM may be disordered. You are advised to add CPUs whose number is an integer multiple of the number of cores each time. +- If the hot added CPU needs to take effect online and is still valid after the VM is restarted, the **--config** and **--live** options need to be transferred to the **virsh setvcpus** API to persist the hot added CPU. + +#### Procedure + +**VM XML Configuration** + +1. To use the CPU hot add function, configure the number of CPUs, the maximum number of CPUs supported by the VM, and the VM chipset type when creating the VM. (For the AArch64 architecture, the virt-4.1 or a later version is required. For the x86\_64 architecture, the pc-i440fx-1.5 or later version is required. The AArch64 VM is used as an example. The configuration template is as follows: + + ```shell + + ... + n + + hvm + + ... + + ``` + + >![](./public_sys-resources/icon-note.gif) **Note** + >- The value of placement must be static. + >- m indicates the current number of CPUs on the VM, that is, the default number of CPUs after the VM is started. n indicates the maximum number of CPUs that can be hot added to a VM. The value cannot exceed the maximum CPU specifications supported by the Hypervisor or GuestOS. n is greater than or equal to m. + + For example, if the current number of CPUs of a VM is 4 and the maximum number of hot added CPUs is 64, the XML configuration is as follows: + + ```shell + + …… + 64 + + hvm + + …… + ``` + +**Hot Adding and Bringing CPUs Online** + +1. If the hot added CPU needs to be automatically brought online, create the udev rules file /etc/udev/rules.d/99-hotplug-cpu.rules in the VM as user root and define the udev rules in the file. The following is an example: + + ```shell + $ automatically online hot-plugged cpu + ACTION=="add", SUBSYSTEM=="cpu", ATTR{online}="1" + ``` + + >![](./public_sys-resources/icon-note.gif) **Note** + >If you do not use the udev rules, you can use the root permission to manually bring the hot added CPU online by running the following commands: + > + >```shell + >for i in `grep -l 0 /sys/devices/system/cpu/cpu*/online` + >do + > echo 1 > $i + >done + >``` + +2. Use the virsh tool to hot add CPUs to the VM. For example, to set the number of CPUs after hot adding to 6 on the VM named **openEulerVM** and make the hot add take effect online, run the following command: + + ```shell + virsh setvcpus openEulerVM 6 --live + ``` + + >![](./public_sys-resources/icon-note.gif) **Note** + >The format for running the **virsh setvcpus** command to hot add a VM CPU is as follows: + > + >```shell + >virsh setvcpus [--config] [--live] + >``` +> + >- *domain*: Parameter, which is mandatory. Specifies the name of a VM. + >- *count*: Parameter, which is mandatory. Specifies the number of target CPUs, that is, the number of CPUs after hot adding. + >- **--config**: Option, which is optional. This parameter is still valid when the VM is restarted. + >- **--live**: Option, which is optional. The configuration takes effect online. ## Managing Virtual Memory ### Introduction to NUMA -Traditional multi-core computing uses the symmetric multi-processor \(SMP\) mode. Multiple processors are connected to a centralized memory and I/O bus. All processors can access only the same physical memory. Therefore, the SMP system is also referred to as a uniform memory access \(UMA\) system. Uniformity means that a processor can only maintain or share a unique value for each data record in memory at any time. Obviously, the disadvantage of SMP is its limited scalability, because when the memory and the I/O interface are saturated, adding a processor cannot obtain higher performance. +Traditional multi-core computing uses the symmetric multi-processor (SMP) mode. Multiple processors are connected to a centralized memory and I/O bus. All processors can access only the same physical memory. Therefore, the SMP system is also referred to as a uniform memory access (UMA) system. Uniformity means that a processor can only maintain or share a unique value for each data record in memory at any time. Obviously, the disadvantage of SMP is its limited scalability, because when the memory and the I/O interface are saturated, adding a processor cannot obtain higher performance. -The non-uniform memory access architecture \(NUMA\) is a distributed memory access mode. In this mode, a processor can access different memory addresses at the same time, which greatly improves concurrency. With this feature, a processor is divided into multiple nodes, each of which is allocated a piece of local memory space. The processors of all nodes can access all physical memories, but the time required for accessing the memory on the local node is much shorter than that on a remote node. +The non-uniform memory access architecture (NUMA) is a distributed memory access mode. In this mode, a processor can access different memory addresses at the same time, which greatly improves concurrency. With this feature, a processor is divided into multiple nodes, each of which is allocated a piece of local memory space. The processors of all nodes can access all physical memories, but the time required for accessing the memory on the local node is much shorter than that on a remote node. ### Configuring Host NUMA @@ -218,10 +295,10 @@ To improve VM performance, you can specify NUMA nodes for a VM using the VM XML #### Procedure -- Check the NUMA topology of the host. +- Check the NUMA topology of the host. - ``` - # numactl -H + ```shell + $ numactl -H available: 4 nodes (0-3) node 0 cpus: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 node 0 size: 31571 MB @@ -243,9 +320,9 @@ To improve VM performance, you can specify NUMA nodes for a VM using the VM XML 3: 20 20 15 10 ``` -- Add the **numatune** field to the VM XML configuration file to create and start the VM. For example, to allocate NUMA node 0 on the host to the VM, configure parameters as follows: +- Add the **numatune** field to the VM XML configuration file to create and start the VM. For example, to allocate NUMA node 0 on the host to the VM, configure parameters as follows: - ``` + ```xml @@ -254,9 +331,8 @@ To improve VM performance, you can specify NUMA nodes for a VM using the VM XML If the vCPU of the VM is bound to the physical CPU of **node 0**, the performance deterioration caused by the vCPU accessing the remote memory can be avoided. >![](./public_sys-resources/icon-note.gif) **NOTE:** - >- The sum of memory allocated to the VM cannot exceed the remaining available memory of the NUMA node. Otherwise, the VM may fail to start. - >- You are advised to bind the VM memory and vCPU to the same NUMA node to avoid the performance deterioration caused by vCPU access to the remote memory. For example, bind the vCPU to NUMA node 0 as well. - + >- The sum of memory allocated to the VM cannot exceed the remaining available memory of the NUMA node. Otherwise, the VM may fail to start. + >- You are advised to bind the VM memory and vCPU to the same NUMA node to avoid the performance deterioration caused by vCPU access to the remote memory. For example, bind the vCPU to NUMA node 0 as well. ### Configuring Guest NUMA @@ -268,7 +344,7 @@ When configuring guest NUMA, you can specify the location of vNode memory on the After Guest NUMA is configured in the VM XML configuration file, you can view the NUMA topology on the VM. **** is mandatory for Guest NUMA. -``` +```xml @@ -289,7 +365,96 @@ After Guest NUMA is configured in the VM XML configuration file, you can view th ``` >![](./public_sys-resources/icon-note.gif) **NOTE:** ->- **** provides the NUMA topology function for VMs. **cell id** indicates the vNode ID, **cpus** indicates the vCPU ID, and **memory** indicates the memory size on the vNode. ->- If you want to use Guest NUMA to provide better performance, configure <**numatune\>** and **** so that the vCPU and memory are distributed on the same physical NUMA node. -> - **cellid** in **** corresponds to **cell id** in ****. **mode** can be set to **strict** \(apply for memory from a specified node strictly. If the memory is insufficient, the application fails.\), **preferred** \(apply for memory from a node first. If the memory is insufficient, apply for memory from another node\), or **interleave** \(apply for memory from a specified node in cross mode\).; **nodeset** indicates the specified physical NUMA node. -> - In ****, you need to bind the vCPU in the same **cell id** to the physical NUMA node that is the same as the **memnode**. +> +> - **** provides the NUMA topology function for VMs. **cell id** indicates the vNode ID, **cpus** indicates the vCPU ID, and **memory** indicates the memory size on the vNode. +> - If you want to use Guest NUMA to provide better performance, configure <**numatune\>** and **** so that the vCPU and memory are distributed on the same physical NUMA node. +> - **cellid** in **** corresponds to **cell id** in ****. **mode** can be set to **strict** (apply for memory from a specified node strictly. If the memory is insufficient, the application fails.), **preferred** (apply for memory from a node first. If the memory is insufficient, apply for memory from another node), or **interleave** (apply for memory from a specified node in cross mode).; **nodeset** indicates the specified physical NUMA node. +> - In ****, you need to bind the vCPU in the same **cell id** to the physical NUMA node that is the same as the **memnode**. + +### Memory Hot Add + +#### Overview + +In virtualization scenarios, the memory, CPU, and external devices of VMs are simulated by software. Therefore, the memory can be adjusted online for VMs at the virtualization bottom layer. In the current openEuler version, memory can be added to a VM online. If the physical memory of a VM is insufficient and the VM cannot be shut down, you can use this feature to add physical memory resources to the VM. + +#### Constraints + +- For processors using the AArch64 architecture, the specified VM chipset type (machine) needs to be virt-4.1 or a later version when a VM is created.For processors using the x86 architecture, the specified VM chipset type (machine) needs to be a later version than pc-i440fx-1.5 when a VM is created. +- Guest NUMA on which the memory hot add feature depends needs to be configured on the VM. Otherwise, the memory hot add process cannot be completed. +- When hot adding memory, you need to specify the ID of Guest NUMA node to which the new memory belongs. Otherwise, the memory hot add fails. +- The VM kernel should support memory hot add. Otherwise, the VM cannot identify the newly added memory or the memory cannot be brought online. +- For a VM that uses hugepages, the capacity of the hot added memory should be an integral multiple of **hugepagesz**. Otherwise, the hot add fails. +- The hot added memory size should be an integral multiple of the Guest physical memory block size (**block\_size\_bytes**). Otherwise, the VM cannot go online. The value of **block\_size\_bytes** can be obtained using the **lsmem** command in Guest. +- After n pieces of virtio-net NICs are configured, the maximum number of hot add times is set to min\{max\_slot, 64 - n\} to reserve slots for NICs. +- The vhost-user device and the memory hot add feature are mutually exclusive. A VM configured with the vhost-user device does not support memory hot add. After the memory is hot added to a VM, the vhost-user device cannot be hot added. +- If the VM OS is Linux, ensure that the initial memory is greater than or equal to 4 GB. +- If the VM OS is Windows, the first hot added memory needs to be specified to Guest NUMA node0. Otherwise, the hot added memory cannot be identified by the VM. +- In passthrough scenarios, memory needs to be allocated in advance. Therefore, it is normal that the startup and hot add of memory are slower than those of common VMs (especially large-specification VMs). +- It is recommended that the ratio of the available memory to the hot added memory be at least 1:32. That is, at least 1 GB available memory is required for the VM with 32 GB hot added memory. If the ratio is less than 1:32, the VM may be suspended. +- Whether the hot added memory can automatically go online depends on the VM OS logic. You can manually bring the memory online or configure the udev rules to automatically bring the memory online. + +#### Procedure + +**VM XML Configuration** + +1. To use the memory hot add function, configure the maximum hot add memory size and reserved slot number, and configure the Guest NUMA topology when creating a VM. + + For example, run the following command to configure 32 GB initial memory for a VM, reserve 256 slots, set the memory upper limit to 1 TB, and configure two NUMA nodes: + + ```xml + + 32 + 1024 + + + + + + + + .... + ``` + +>![](./public_sys-resources/icon-note.gif) **Note** +>In the preceding information, +>the value of slots in the maxMemory field indicates the reserved memory slots. The maximum value is 256. +>maxMemory indicates the maximum physical memory supported by the VM. +>For details about how to configure Guest NUMA, see "Configuring Guest NUMA." + +**Hot Adding and Bringing Memory Online** + +1. If the hot added memory needs to be automatically brought online, create the udev rules file **/etc/udev/rules.d/99-hotplug-memory.rules** in the VM as user root and define the udev rules in the file. The following is an example: + + ```text + # automatically online hot-plugged memory + ACTION=="add", SUBSYSTEM=="memory", ATTR{state}="online" + ``` + +2. Create a memory description XML file based on the size of the memory to be hot added and the Guest NUMA node of the VM. + + For example, to hot add 1 GB memory to NUMA node0, run the following command: + + ```xml + + + 1024 + 0 + + + ``` + +3. Run the **virsh attach-device** command to hot add memory to the VM. In the command, **openEulerVM** indicates the VM name, **memory.xml** indicates the description file of the hot added memory, and **--live** indicates that the hot added memory takes effect online. You can also use the **--config** option to persist the hot added memory to the VM XML file. + + ```shell + virsh attach-device openEulerVM memory.xml --live + ``` + + >![](./public_sys-resources/icon-note.gif) **Note** + >If you do not use the udev rules, you can use the root permission to manually bring the hot added memory online by running the following command: + > + >```shell + >for i in `grep -l offline /sys/devices/system/memory/memory*/state` + >do + > echo online > $i + >done + >``` diff --git a/docs/en/docs/Virtualization/tool-guide.md b/docs/en/docs/Virtualization/tool-guide.md new file mode 100644 index 0000000000000000000000000000000000000000..88e07abd9a619126ee1eb32fdede16dde95402a7 --- /dev/null +++ b/docs/en/docs/Virtualization/tool-guide.md @@ -0,0 +1,3 @@ +# Tool Guide + +To help users better use virtualization, openEuler provides a series of tools, including vmtop and LibcarePlus. The following describes how to install and use these tools. diff --git a/docs/en/docs/Virtualization/installation-to-virtualization.md b/docs/en/docs/Virtualization/virtualization-installation.md similarity index 64% rename from docs/en/docs/Virtualization/installation-to-virtualization.md rename to docs/en/docs/Virtualization/virtualization-installation.md index 950342281c19dee5ec1222082ba48ba09dd35fb5..94d43ec4f8d43f99840153fd88907cd3c4262083 100644 --- a/docs/en/docs/Virtualization/installation-to-virtualization.md +++ b/docs/en/docs/Virtualization/virtualization-installation.md @@ -2,22 +2,15 @@ This chapter describes how to install virtualization components in openEuler. -- [Installation Guide](#installation-guide) - - [Minimum Hardware Requirements](#minimum-hardware-requirements) - - [Installing Core Virtualization Components](#installing-core-virtualization-components) - - [Installation Methods](#installation-methods) - - [Verifying the Installation](#verifying-the-installation) - - ## Minimum Hardware Requirements The minimum hardware requirements for installing virtualization components on openEuler are as follows: -- AArch64 processor architecture: ARMv8 or later, supporting virtualization expansion -- x86\_64 processor architecture, supporting VT-x -- 2-core CPU -- 4 GB memory -- 16 GB available disk space +- AArch64 processor architecture: ARMv8 or later, supporting virtualization expansion +- x86\_64 processor architecture, supporting VT-x +- 2-core CPU +- 4 GB memory +- 16 GB available disk space ## Installing Core Virtualization Components @@ -25,53 +18,52 @@ The minimum hardware requirements for installing virtualization components on op #### Prerequisites -- The yum source has been configured. For details, see _openEuler 20.03 LTS Administrator Guide_. -- Only the administrator has permission to perform the installation. +- The yum source has been configured. For details, see the [_openEuler 20.03 LTS SP1 Administrator Guide_](../Administration/administration.md). +- Only the administrator has permission to perform the installation. #### Procedure -1. Install the QEMU component. +1. Install the QEMU component. - ``` - # yum install -y qemu + ```sh + yum install -y qemu ``` -2. Install the libvirt component. +2. Install the libvirt component. - ``` - # yum install -y libvirt + ```sh + yum install -y libvirt ``` -3. Start the libvirtd service. +3. Start the libvirtd service. + ```sh + systemctl start libvirtd ``` - # systemctl start libvirtd - ``` - >![](./public_sys-resources/icon-note.gif) **NOTE:** >The KVM module is integrated in the openEuler kernel and does not need to be installed separately. ### Verifying the Installation -1. Check whether the kernel supports KVM virtualization, that is, check whether the **/dev/kvm** and **/sys/module/kvm** files exist. The command and output are as follows: +1. Check whether the kernel supports KVM virtualization, that is, check whether the **/dev/kvm** and **/sys/module/kvm** files exist. The command and output are as follows: - ``` - # ls /dev/kvm + ```sh + $ ls /dev/kvm /dev/kvm ``` - ``` - # ls /sys/module/kvm + ```sh + $ ls /sys/module/kvm parameters uevent ``` If the preceding files exist, the kernel supports KVM virtualization. If the preceding files do not exist, KVM virtualization is not enabled during kernel compilation. In this case, you need to use the Linux kernel that supports KVM virtualization. -2. Check whether QEMU is successfully installed. If the installation is successful, the QEMU software package information is displayed. The command and output are as follows: +2. Check whether QEMU is successfully installed. If the installation is successful, the QEMU software package information is displayed. The command and output are as follows: - ``` - # rpm -qi qemu + ```sh + $ rpm -qi qemu Name : qemu Epoch : 2 Version : 4.0.1 @@ -102,10 +94,10 @@ The minimum hardware requirements for installing virtualization components on op As QEMU requires no host kernel patches to run, it is safe and easy to use. ``` -3. Check whether libvirt is successfully installed. If the installation is successful, the libvirt software package information is displayed. The command and output are as follows: +3. Check whether libvirt is successfully installed. If the installation is successful, the libvirt software package information is displayed. The command and output are as follows: - ``` - # rpm -qi libvirt + ```sh + $ rpm -qi libvirt Name : libvirt Version : 5.5.0 Release : 1 @@ -127,10 +119,10 @@ The minimum hardware requirements for installing virtualization components on op the libvirtd server exporting the virtualization support. ``` -4. Check whether the libvirt service is started successfully. If the service is in the **Active** state, the service is started successfully. You can use the virsh command line tool provided by the libvirt. The command and output are as follows: +4. Check whether the libvirt service is started successfully. If the service is in the **Active** state, the service is started successfully. You can use the virsh command line tool provided by the libvirt. The command and output are as follows: - ``` - # systemctl status libvirtd + ```sh + $ systemctl status libvirtd ● libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-08-06 09:36:01 CST; 5h 12min ago @@ -142,6 +134,4 @@ The minimum hardware requirements for installing virtualization components on op CGroup: /system.slice/libvirtd.service ─40754 /usr/sbin/libvirtd - ``` - - + ```sh diff --git a/docs/en/docs/Virtualization/virtualization.md b/docs/en/docs/Virtualization/virtualization.md index a1f5afec48b25bdc09791f92062192aa24e277f1..cef84e90b14022289a36bf1d3687b04b1c0ae035 100644 --- a/docs/en/docs/Virtualization/virtualization.md +++ b/docs/en/docs/Virtualization/virtualization.md @@ -1,3 +1,3 @@ # Virtualization User Guide -This document describes virtualization, installation method and usage of openEuler-based virtualization, and guidance for users and administrators to install and use virtualization. +This document describes virtualization, installation method and usage of openEuler-based virtualization, and guidance for common users and administrators to install and use virtualization. diff --git a/docs/en/docs/Virtualization/vm-configuration.md b/docs/en/docs/Virtualization/vm-configuration.md index 0a627ecaa8ca65035fb624a73c40db25138206ac..73c00f75df4eaa6719906dc3dfe1f7d5cfd34ae1 100644 --- a/docs/en/docs/Virtualization/vm-configuration.md +++ b/docs/en/docs/Virtualization/vm-configuration.md @@ -1,18 +1,5 @@ # VM Configuration -- [VM Configuration](#vm-configuration) - - [Introduction](#introduction) - - [VM Description](#vm-description) - - [vCPU and Virtual Memory](#vcpu-and-virtual-memory) - - [Virtual Device Configuration](#virtual-device-configuration) - - [Storage Devices](#storage-devices) - - [Network Device](#network-device) - - [Bus Configuration](#bus-configuration) - - [Other Common Devices](#other-common-devices) - - [Configurations Related to the System Architecture](#configurations-related-to-the-system-architecture) - - [Other Common Configuration Items](#other-common-configuration-items) - - [XML Configuration File Example](#xml-configuration-file-example) - ## Introduction ### Overview @@ -23,9 +10,9 @@ Libvirt tool uses XML files to describe a VM feature, including the VM name, CPU The VM XML configuration file uses domain as the root element, which contains multiple other elements. Some elements in the XML configuration file can contain corresponding attributes and attribute values to describe VM information in detail. Different attributes of the same element are separated by spaces. -The basic format of the XML configuration file is as follows. In the format, **label** indicates the label name, **attribute** indicates the attribute, and **value** indicates the attribute value. Change them based on the site requirements. +The basic format of the XML configuration file is as follows. In the format, **label** indicates the label name, **attribute** indicates the attribute, and **value** indicates the attribute value. Change them as required. -``` +```xml VMName 8 @@ -43,16 +30,16 @@ The basic format of the XML configuration file is as follows. In the format, ** ### Process -1. Create an XML configuration file with domain root element. -2. Use the name tag to specify a unique VM name based on the naming rule. -3. Configure system resources such as the virtual CPU \(vCPU\) and virtual memory. -4. Configure virtual devices. - 1. Configure storage devices. - 2. Configure network devices. - 3. Configure the external bus structure. - 4. Configure external devices such as the mouse. +1. Create an XML configuration file with domain root element. +2. Use the name tag to specify a unique VM name based on the naming rule. +3. Configure system resources such as the virtual CPU \(vCPU\) and virtual memory. +4. Configure virtual devices. + 1. Configure storage devices. + 2. Configure network devices. + 3. Configure the external bus structure. + 4. Configure external devices such as the mouse. -5. Save the XML configuration file. +5. Save the XML configuration file. ## VM Description @@ -62,20 +49,19 @@ This section describes how to configure the VM **domain** root element and VM ### Elements -- **domain**: Root element of a VM XML configuration file, which is used to configure the type of the hypervisor that runs the VM. +- **domain**: Root element of a VM XML configuration file, which is used to configure the type of the hypervisor that runs the VM. **type**: Type of a domain in virtualization. In the openEuler virtualization, the attribute value is **kvm**. -- **name**: VM name. - - The VM name is a unique character string on the same host. The VM name can contain only digits, letters, underscores \(\_\), hyphens \(-\), and colons \(:\), but cannot contain only digits. The VM name can contain a maximum of 64 characters. +- **name**: VM name. + The VM name is a unique character string on the same host. The VM name can contain only digits, letters, and special characters **\_-:!@#$%^.**. The VM name can contain a maximum of 64 characters. ### Configuration Example For example, if the VM name is **openEuler**, the configuration is as follows: -``` +```xml openEuler ... @@ -90,25 +76,46 @@ This section describes how to configure the vCPU and virtual memory. ### Elements -- **vcpu**: The number of virtual processors. -- **memory**: The size of the virtual memory. +- **vcpu**: number of virtual processors. +- **memory**: size of the virtual memory. + + **unit**: memory unit. The value can be **KiB** \(210 bytes\), **MiB** \(220 bytes\), **GiB** \(230 bytes\), or **TiB** \(240 bytes\). + +- **cpu**: mode of the virtual processor. + + **mode**: mode of the vCPU. + + - **host-passthrough**: indicates that the architecture and features of the virtual CPU are the same as those of the host. + + - **custom**: indicates that the architecture and features of the virtual CPU are configured by the **cpu** element. + + Sub-element **topology**: A sub-element of the element **cpu**, used to describe the topology structure of a vCPU mode. + + - The attributes **socket**, **cores**, and **threads** of the sub-element **topology** describe the number of CPU sockets of a VM, the number of processor cores included in each CPU socket, and the number of hyperthreads included in each processor core, respectively. The attribute value is a positive integer, and a product of the three values is equal to the number of of vCPUs. + + Sub-element **model**: A sub-element of the element **cpu**, used to describe the CPU model when **mode** is custom. + + Sub-element **feature**: A sub-element of the element **cpu**, used to enable/disable a CPU feature when **mode** is custom. The attribute **name** describes the name of the CPU feature. And whether enable the CPU feature is controlled by the attribute **policy**: - **unit**: The memory unit. The value can be KiB \(210 bytes\), MiB \(220 bytes\), GiB \(230 bytes\), or TiB \(240 bytes\). + - **force**: forcibly enables the CPU feature regardless of whether it is supported by the host CPU. -- **cpu**: The mode of the virtual processor. + - **require**: enables the CPU feature. If both the host CPU and hypervisor do not support this feature, the VM will fail to be created. - **mode**: The mode of the vCPU. The **host-passthrough** indicates that the architecture and features of the virtual CPU are the same as those of the host. + - **optional**: The CPU feature will be enabled if it is supported by the host CPU. - Sub-element **topology**: A sub-element of the element cpu, used to describe the topology structure of a vCPU mode. + - **disable**: disables the CPU feature. - - The attributes **socket**, **cores**, and **threads** of the sub-element topology describe the number of CPU sockets of a VM, the number of processor cores included in each CPU socket, and the number of hyperthreads included in each processor core, respectively. The attribute value is a positive integer, and a product of the three values is equal to the number of of vCPUs. + - **forbid**: disables the CPU feature. Guest creation will fail if the feature is supported by the host CPU. + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > + >The display of user-mode CPU features in VM (For example, the **Flags** field of the `lscpu` command) needs the support of the VM kernel. If you use an old kernel in VM, some CPU features may not be displayed. ### Configuration Example For example, if the number of vCPUs is 4, the processing mode is host-passthrough, the virtual memory is 8 GiB, the four CPUs are distributed in two CPU sockets, and hyperthreading is not supported, the configuration is as follows: -``` +```xml ... 4 @@ -120,6 +127,21 @@ For example, if the number of vCPUs is 4, the processing mode is host-passthroug ``` +If the virtual memory is 8 GiB, the number of vCPUs is 4, the processing mode is custom, the CPU model is Kunpeng-920, and pmull is disabled, the configuration is as follows: + +```xml + + ... + 4 + 8 + + Kunpeng-920 + + + ... + +``` + ## Virtual Device Configuration The VM XML configuration file uses the **devices** elements to configure virtual devices, including storage devices, network devices, buses, and mouse devices. This section describes how to configure common virtual devices. @@ -132,7 +154,7 @@ This section describes how to configure virtual storage devices, including flopp #### Elements -The XML configuration file uses the **disk** element to configure storage devices. [Table 1](#table14200183410353) describes common **disk** attributes. [Table 2](#table4866134925114) describes common subelements and their attributes. +The XML configuration file uses the **disk** element to configure storage devices. [Table 1](#table14200183410353) describes common **disk** attributes. [Table 2](#table4866134925114) describes common sub-elements and their attributes. **Table 1** Common attributes of the **disk** element @@ -170,12 +192,12 @@ The XML configuration file uses the **disk** element to configure storage devi
-**Table 2** Common subelements and attributes of the **disk** element +**Table 2** Common sub-elements and attributes of the **disk** element - - - - - - - - - @@ -680,7 +616,7 @@ systemd用目标(target)替代了运行级别的概念,提供了更大的 查看当前系统默认的启动目标,命令如下: -``` +```sh systemctl get-default ``` @@ -688,7 +624,7 @@ systemctl get-default 查看当前系统所有的启动目标,命令如下: -``` +```sh systemctl list-units --type=target ``` @@ -696,7 +632,7 @@ systemctl list-units --type=target 改变系统默认的目标,在root权限下执行如下命令: -``` +```sh systemctl set-default name.target ``` @@ -704,7 +640,7 @@ systemctl set-default name.target 改变当前系统的目标,在root权限下执行如下命令: -``` +```sh systemctl isolate name.target ``` @@ -712,39 +648,31 @@ systemctl isolate name.target 改变当前系统为救援模式,在root权限下执行如下命令: -``` +```sh systemctl rescue ``` -这条命令和“systemctl isolate rescue.target”类似。命令执行后会在串口有如下打印信息: - -``` -You are in rescue mode. After logging in, type "journalctl -xb" to viewsystem logs, "systemctl reboot" to reboot, "systemctl default" or "exit"to boot into default mode. -Give root password for maintenance -(or press Control-D to continue): -``` - ->![](./public_sys-resources/icon-note.gif) **说明:** ->用户需要重启系统,从救援模式进入正常模式。 +> ![](./public_sys-resources/icon-note.gif) **说明:**
+> 用户需要重启系统,从救援模式进入正常模式。 ### 切换到紧急模式 改变当前系统为紧急模式,在root权限下执行如下命令: -``` +```sh systemctl emergency ``` 这条命令和“systemctl isolate emergency.target”类似。命令执行后会在串口有如下打印信息: -``` +```text You are in emergency mode. After logging in, type "journalctl -xb" to viewsystem logs, "systemctl reboot" to reboot, "systemctl default" or "exit"to boot into default mode. Give root password for maintenance (or press Control-D to continue): ``` ->![](./public_sys-resources/icon-note.gif) **说明:** ->用户需要重启系统,从紧急模式进入正常模式。 +> ![](./public_sys-resources/icon-note.gif) **说明:**
+> 用户需要重启系统,从紧急模式进入正常模式。 ## 关闭、暂停和休眠系统 @@ -791,19 +719,19 @@ systemd通过systemctl命令可以对系统进行关机、重启、休眠等一 关闭系统并下电,在root权限下执行如下命令: -``` +```sh systemctl poweroff ``` 关闭系统但不下电机器,在root权限下执行如下命令: -``` +```sh systemctl halt ``` 执行上述命令会给当前所有的登录用户发送一条提示消息。如果不想让systemd发送该消息,您可以添加“\-\-no\-wall”参数。具体命令如下: -``` +```sh systemctl --no-wall poweroff ``` @@ -811,13 +739,13 @@ systemctl --no-wall poweroff 重启系统,在root权限下执行如下命令: -``` +```sh systemctl reboot ``` 执行上述命令会给当前所有的登录用户发送一条提示消息。如果不想让systemd发送该消息,您可以添加“\-\-no\-wall”参数。具体命令如下: -``` +```sh systemctl --no-wall reboot ``` @@ -825,7 +753,7 @@ systemctl --no-wall reboot 使系统待机,在root权限下执行如下命令: -``` +```sh systemctl suspend ``` @@ -833,12 +761,12 @@ systemctl suspend 使系统休眠,在root权限下执行如下命令: -``` +```sh systemctl hibernate ``` 使系统待机且处于休眠状态,在root权限下执行如下命令: -``` +```sh systemctl hybrid-sleep ``` diff --git "a/docs/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" "b/docs/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" index 200ffcae1af23f3d10bbdceb857e541d88a3c630..3911d23bd3be73c7296cc2fbc07c57c99759f6d4 100644 --- "a/docs/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" +++ "b/docs/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" @@ -1,6 +1,6 @@ # 管理用户 -在Linux中,每个普通用户都有一个账户,包括用户名、密码和主目录等信息。除此之外,还有一些系统本身创建的特殊用户,它们具有特殊的意义,其中最重要的是管理员账户,默认用户名是root。同时Linux也提供了用户组,使每一个用户至少属于一个组,从而便于权限管理。 +在Linux中,每个普通用户都有一个帐户,包括用户名、密码和主目录等信息。除此之外,还有一些系统本身创建的特殊用户,它们具有特殊的意义,其中最重要的是管理员帐户,默认用户名是root。同时Linux也提供了用户组,使每一个用户至少属于一个组,从而便于权限管理。 用户和用户组管理是系统安全管理的重要组成部分,本章主要介绍openEuler提供的用户管理和组管理命令,以及为普通用户分配特权的方法。 @@ -9,9 +9,9 @@ - [管理用户](#管理用户) - [管理用户](#管理用户-1) - [增加用户](#增加用户) - - [修改用户账号](#修改用户账号) + - [修改用户帐号](#修改用户帐号) - [删除用户](#删除用户) - - [管理员账户授权](#管理员账户授权) + - [管理员帐户授权](#管理员帐户授权) - [管理用户组](#管理用户组) - [增加用户组](#增加用户组) - [修改用户组](#修改用户组) @@ -35,10 +35,10 @@ useradd [options] username #### 用户信息文件 -与用户账号信息有关的文件如下: +与用户帐号信息有关的文件如下: -- /etc/passwd:用户账号信息文件。 -- /etc/shadow:用户账号信息加密文件。 +- /etc/passwd:用户帐号信息文件。 +- /etc/shadow:用户帐号信息加密文件。 - /etc/group:组信息文件。 - /etc/default/useradd:定义默认设置文件。 - /etc/login.defs:系统广义设置文件。 @@ -53,7 +53,7 @@ useradd [options] username ``` >![](./public_sys-resources/icon-note.gif) **说明:** ->没有任何提示,表明用户建立成功。这时并没有设置用户的口令,请使用passwd命令修改用户的密码,没有设置密码的新账号不能登录系统。 +>没有任何提示,表明用户建立成功。这时并没有设置用户的口令,请使用passwd命令修改用户的密码,没有设置密码的新帐号不能登录系统。 使用id命令查看新建的用户信息,命令如下: @@ -73,9 +73,9 @@ uid=502(userexample) gid=502(userexample) groups=502(userexample) 1. 口令长度至少8个字符。 2. 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种。 -3. 口令不能和账号一样。 +3. 口令不能和帐号一样。 4. 口令不能使用字典词汇。 - - 查询字典 + - 查询字典 在已装好的openEuler环境中,可以通过如下命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 ``` cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt @@ -104,7 +104,7 @@ passwd: all authentication tokens updated successfully. >![](./public_sys-resources/icon-note.gif) **说明:** >若打印信息中出现“BAD PASSWORD: The password fails the dictionary check - it is too simplistic/sytematic”,表示设置的密码过于简单,建议设置复杂度较高的密码。 -### 修改用户账号 +### 修改用户帐号 #### 修改密码 @@ -151,9 +151,9 @@ usermod -u UID username 该用户主目录中所拥有的文件和目录都将自动修改UID设置。但是,对于主目录外所拥有的文件,只能使用chown命令手动修改所有权。 -#### 修改账号的有效期 +#### 修改帐号的有效期 -如果使用了影子口令,则可以在root权限下,执行如下命令来修改一个账号的有效期,其中 _MM_ 代表月份,_DD_ 代表某天,_YY_ 代表年份,_username_ 代表用户名,请根据实际情况修改: +如果使用了影子口令,则可以在root权限下,执行如下命令来修改一个帐号的有效期,其中 _MM_ 代表月份,_DD_ 代表某天,_YY_ 代表年份,_username_ 代表用户名,请根据实际情况修改: ``` usermod -e MM/DD/YY username @@ -174,11 +174,11 @@ usermod -e MM/DD/YY username >![](./public_sys-resources/icon-note.gif) **说明:** >不建议直接删除已经进入系统的用户,如果需要强制删除,请使用 userdel -f _Test_ 命令。 -### 管理员账户授权 +### 管理员帐户授权 -使用sudo命令可以允许普通用户执行管理员账户才能执行的命令。 +使用sudo命令可以允许普通用户执行管理员帐户才能执行的命令。 -sudo命令允许已经在/etc/sudoers文件中指定的用户运行管理员账户命令。例如,一个已经获得许可的普通用户可以运行如下命令: +sudo命令允许已经在/etc/sudoers文件中指定的用户运行管理员帐户命令。例如,一个已经获得许可的普通用户可以运行如下命令: ``` sudo /usr/sbin/useradd newuserl diff --git "a/docs/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" "b/docs/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" index d2ed83f8847d12f953ef9290261e2d9e62538d25..026f1e399495caa983539679769883cd9381ec43 100644 --- "a/docs/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" +++ "b/docs/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" @@ -27,14 +27,14 @@ who命令主要用于查看当前系统中的用户情况。如果用户想和 ``` $ who -admin tty1 Jul 28 15:55 -admin pts/0 Aug 5 15:46 (192.168.0.110) -admin pts/2 Jul 29 19:52 (192.168.0.110) -root pts/3 Jul 30 12:07 (192.168.0.110) -root pts/4 Jul 31 10:29 (192.168.0.144) -root pts/5 Jul 31 14:52 (192.168.0.11) -root pts/6 Aug 6 10:12 (192.168.0.234) -root pts/8 Aug 6 11:34 (192.168.0.234) +admin tty1 2023-07-28 15:55 +admin pts/0 2023-08-05 15:46 (192.168.0.110) +admin pts/2 2023-07-29 19:52 (192.168.0.110) +root pts/3 2023-07-30 12:07 (192.168.0.110) +root pts/4 2023-07-31 10:29 (192.168.0.144) +root pts/5 2023-07-31 14:52 (192.168.0.11) +root pts/6 2023-08-06 10:12 (192.168.0.234) +root pts/8 2023-08-06 11:34 (192.168.0.234) ``` ### ps命令 @@ -95,7 +95,7 @@ ps命令最常用的还是用来监控后台进程的工作情况,因为后台

Subelement

+ - @@ -204,15 +226,15 @@ The XML configuration file uses the **disk** element to configure storage devi - - - - - - - - - @@ -329,21 +291,21 @@ systemd提供systemctl命令与sysvinit命令的功能类似。当前版本中 如果您需要显示当前正在运行的服务,使用命令如下: -``` +```sh systemctl list-units --type service ``` 如果您需要显示所有的服务(包括未运行的服务),需要添加-all参数,使用命令如下: -``` +```sh systemctl list-units --type service --all ``` 例如显示当前正在运行的服务,命令如下: -``` -$ systemctl list-units --type service -UNIT LOAD ACTIVE SUB JOB DESCRIPTION +```sh +# systemctl list-units --type service +UNIT LOAD ACTIVE SUB DESCRIPTION atd.service loaded active running Deferred execution scheduler auditd.service loaded active running Security Auditing Service avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack @@ -354,15 +316,14 @@ dracut-shutdown.service loaded active exited Restore /run/initram firewalld.service loaded active running firewalld - dynamic firewall daemon getty@tty1.service loaded active running Getty on tty1 gssproxy.service loaded active running GSSAPI Proxy Daemon -irqbalance.service loaded active running irqbalance daemon -iscsid.service loaded activating start start Open-iSCSI +...... ``` ### 显示服务状态 如果您需要显示某个服务的状态,可执行如下命令: -``` +```sh systemctl status name.service ``` @@ -402,7 +363,7 @@ systemctl status name.service 如果您需要鉴别某个服务是否运行,可执行如下命令: -``` +```sh systemctl is-active name.service ``` @@ -410,39 +371,14 @@ is-active命令的返回结果如下: **表 5** is-active命令的返回结果 - -

Sub-element

Subelement Description

+

Sub-element Description

Attribute Description

The bus and device that a disk presents to a VM.

dev: specifies the logical device name of a disk, for example, sd[a-p] for SCSI, SATA, and USB buses and hd[a-d] for IDE disks.

-

bus: specifies the type of a disk. Common types include scsi, usb, sata, and virtio.

+

dev: logical device name of a disk, for example, sd[a-p] for SCSI, SATA, and USB buses and hd[a-d] for IDE disks.

+

bus: type of a disk. Common types include **scsi**, **usb**, **sata**, and **virtio**.

boot

The disk can be used as the boot disk.

order: specifies the disk startup sequence.

+

order: disk startup sequence.

readonly

@@ -227,34 +249,40 @@ The XML configuration file uses the **disk** element to configure storage devi #### Configuration Example -After the VM image is prepared according to [Preparing a VM Image](#preparing-a-vm-image), you can use the following XML configuration file to configure the virtual disk for the VM. +After the VM image is prepared according to [Preparing a VM Image](./environment-preparation.md#preparing-a-vm-image), you can use the following XML configuration file to configure the virtual disk for the VM. In this example, two I/O threads, one block disk device and one CD, are configured for the VM, and the first I/O thread is allocated to the block disk device for use. The backend medium of the disk device is in qcow2 format and is used as the preferred boot disk. +Before using the RBD drive, ensure that the qemu-block-rbd driver is installed. You can run the following command as the **root** user to install: + +```sh +yum install qemu-block-rbd ``` + +```xml ... 2 - - - - - - - - - - - - + + + + + + + + + + + + ... ``` -### Network Device +### Network Devices #### Overview @@ -262,14 +290,13 @@ The XML configuration file can be used to configure virtual network devices, inc #### Elements -In the XML configuration file, the element **interface** is used, and its attribute **type** indicates the mode of the vNIC. The options are **ethernet**, **bridge**, and **vhostuser**. The following uses the vNIC in bridge mode as an example to describe its subelements and attributes. - -**Table 1** Common subelements of a vNIC in bridge mode +In the XML configuration file, the element **interface** is used, and its attribute **type** indicates the mode of the vNIC. The options are **ethernet**, **bridge**, and **vhostuser**. The following uses the vNIC in bridge mode as an example to describe its sub-elements and attributes. +**Table 1** Common sub-elements of a vNIC in bridge mode - - - + + +

Subelement

+ - @@ -277,9 +304,9 @@ In the XML configuration file, the element **interface** is used, and its attr - - - @@ -330,44 +357,43 @@ In the XML configuration file, the element **interface** is used, and its attr #### Configuration Example -- After creating the Linux bridge br0 by referring to [Preparing the VM Network](#preparing-the-vm-network), configure a vNIC of the VirtIO type bridged on the br0 bridge. The corresponding XML configuration is as follows: +- After creating the Linux bridge br0 by referring to [Preparing the VM Network](./environment-preparation.md#preparing-the-vm-network), configure a vNIC of the VirtIO type bridged on the br0 bridge. The corresponding XML configuration is as follows: - ``` + ```xml ... - + - + ... ``` -- If an OVS network bridge is created according to [Preparing the VM Network](#preparing-the-vm-network), configure a VirtIO vNIC device that uses the vhost driver and has four queues. +- If an OVS network bridge is created according to [Preparing the VM Network](./environment-preparation.md#preparing-the-vm-network), configure a VirtIO vNIC device that uses the vhost driver and has four queues. - ``` + ```xml ... - + - + ... ``` - ### Bus Configuration #### Overview -The bus is a channel for information communication between components of a computer. An external device needs to be mounted to a corresponding bus, and each device is assigned a unique address \(specified by the subelement **address**\). Information exchange with another device or a central processing unit \(CPU\) is completed through the bus network. Common device buses include the ISA bus, PCI bus, USB bus, SCSI bus, and PCIe bus. +The bus is a channel for information communication between components of a computer. An external device needs to be mounted to a corresponding bus, and each device is assigned a unique address \(specified by the sub-element **address**\). Information exchange with another device or a central processing unit \(CPU\) is completed through the bus network. Common device buses include the ISA bus, PCI bus, USB bus, SCSI bus, and PCIe bus. The PCIe bus is a typical tree structure and has good scalability. The buses are associated with each other by using a controller. The following uses the PCIe bus as an example to describe how to configure a bus topology for a VM. @@ -376,23 +402,21 @@ The PCIe bus is a typical tree structure and has good scalability. The buses are #### Elements -In the XML configuration of libvirt, each controller element \(**controller**\) represents a bus, and one or more controllers or devices can be mounted to one controller depending on the VM architecture. This topic describes common attributes and subelements. +In the XML configuration of libvirt, each controller element \(**controller**\) represents a bus, and one or more controllers or devices can be mounted to one controller depending on the VM architecture. This topic describes common attributes and sub-elements. **controller**: controller element, which indicates a bus. -- Attribute **type**: bus type, which is mandatory for the controller. The common values are **pci**, **usb**, **scsi**, **virtio-serial**, **fdc**, and **ccid**. -- Attribute **index**: bus number of the controller \(the number starts from 0\), which is mandatory for the controller. This attribute can be used in the **address** element. -- Attribute **model**: specific model of the controller, which is mandatory for the controller. The available values are related to the value of **type**. For details about the mapping and description, see [Table 1](#table191911761111). -- Subelement **address**: mount location of a device or controller on the bus network. - - Attribute **type**: device address type. The common values are **pci**, **usb**, or **drive**. The attribute varies according to the **type** of the **address**. For details about the common **type** attribute value and the corresponding **address** attribute, see [Table 2](#table1200165711314). - -- Subelement **model**: name of a controller model. - - Attribute **name**: name of a controller model, which corresponds to the **model** attribute in the parent element controller. +- Attribute **type**: bus type, which is mandatory for the controller. The common values are **pci**, **usb**, **scsi**, **virtio-serial**, **fdc**, and **ccid**. +- Attribute **index**: bus number of the controller \(the number starts from 0\), which is mandatory for the controller. This attribute can be used in the **address** element. +- Attribute **model**: specific model of the controller, which is mandatory for the controller. The available values are related to the value of **type**. For details about the mapping and description, see [Table 1](#table191911761111). +- Sub-element **address**: mount location of a device or controller on the bus network. + - Attribute **type**: device address type. The common values are **pci**, **usb**, or **drive**. The attribute varies according to the **type** of the **address**. For details about the common **type** attribute value and the corresponding **address** attribute, see [Table 2](#table1200165711314). +- Sub-element **model**: name of a controller model. + - Attribute **name**: name of a controller model, which corresponds to the **model** attribute in the parent element controller. **Table 1** Mapping between the common values of **type** and **model** for the controller. -

Sub-element

Subelement Description

+

Sub-element Description

Attribute and Description

mac

The mac address of the vNIC.

+

MAC address of the vNIC.

address: specifies the mac address. If this parameter is not set, the system automatically generates a mac address.

+

address: MAC address. If this parameter is not set, the system automatically generates a MAC address.

target

@@ -300,7 +327,7 @@ In the XML configuration file, the element **interface** is used, and its attr

The NIC can be used for remote startup.

order: specifies the startup sequence of NICs.

+

order: startup sequence of NICs.

model

@@ -322,7 +349,7 @@ In the XML configuration file, the element **interface** is used, and its attr

Backend driver type

name: driver name. The value is vhost.

-

queues: the number of NIC queues.

+

queues: number of NIC queues.
- - - - - +

Value of Type

Value of Model

@@ -449,7 +473,6 @@ In the XML configuration of libvirt, each controller element \(**controller**\) **Table 2** Attributes of the **address** element in different devices. - - @@ -494,35 +517,35 @@ In the XML configuration of libvirt, each controller element \(**controller**\) This example shows the topology of a PCIe bus. Three PCIe-Root-Port controllers are mounted to the PCIe root node \(BUS 0\). The multifunction function is enabled for the first PCIe-Root-Port controller \(BUS 1\). A PCIe-to-PCI-bridge controller is mounted to the first PCIe-Root-Port controller to form a PCI bus \(BUS 3\). A virtio-serial device and a USB 2.0 controller are mounted to the PCI bus. A SCSI controller is mounted to the second PCIe-Root-Port controller \(BUS 2\). No device is mounted to the third PCIe-Root-Port controller \(BUS 0\). The configuration details are as follows: -``` +```xml ... - -
- - -
- - - -
- - -
- - -
- - -
- - -
- - ... - + +
+ + +
+ + + +
+ + +
+ + +
+ + +
+ + +
+ + ... + ``` @@ -534,40 +557,38 @@ In addition to storage devices and network devices, some external devices need t #### Elements -- **serial**: serial port device - - Attribute **type**: specifies the serial port type. The common attribute values are **pty**, **tcp**, **pipe**, and **file**. +- **serial**: serial port device. + Attribute **type**: serial port type. The common attribute values are **pty**, **tcp**, **pipe**, and **file**. -- **video**: media device +- **video**: media device - **type** attribute: media device type The common attribute value of the AArch architecture is **virtio**, and that of the x86\_64 architecture is **vga** or **cirrus**. + Attribute **type**: media device type The common attribute value of the AArch architecture is **virtio**, and that of the x86\_64 architecture is **vga** or **cirrus**. - Subelement **model**: subelement of **video**, which is used to specify the media device type. + Sub-element **model**: sub-element of **video**, which is used to specify the media device type. - In the subelement **model**, if **type** is set to **vga**, a Video Graphics Array \(VGA\) video card is configured. **vram** indicates the size of the video RAM, in KB by default. + In the sub-element **model**, if **type** is set to **vga**, a Video Graphics Array \(VGA\) video card is configured. **vram** indicates the size of the video RAM, in KB by default. For example, if a 16 MB VGA video card is configured for an x86\_64 VM, configuration in the XML file is as follows. In the example, the value of **vram** is the size of video RAM, in KB by default. - ``` + ```xml ``` -- **input**: output device - - **type** attribute: specifies the type of the output device. The common attribute values are **tabe** and **keyboard**, indicating that the output device is the tablet and keyboard respectively. +- **input**: output device. - **bus**: specifies the bus to be mounted. The common attribute value is **USB**. + Attribute **type**: type of the output device. The common attribute values are **tabe** and **keyboard**, indicating that the output device is the tablet and keyboard respectively. -- **emulator**: emulator application path -- **graphics**: graphics device + **bus**: bus to be mounted. The common attribute value is **USB**. - **type** attribute: specifies the type of a graphics device. The common attribute value is **vnc**. +- **emulator**: emulator application path. +- **graphics**: graphics device. - **listen** attribute: specifies the IP address to be listened to. + Attribute **type**: type of a graphics device. The common attribute value is **vnc**. + Attribute **listen**: IP address to be listened to. #### Configuration Example @@ -576,7 +597,7 @@ For example, in the following example, the VM emulator path, pty serial port, Vi >![](./public_sys-resources/icon-note.gif) **NOTE:** >When **type** of **graphics** is set to **VNC**, you are advised to set the **passwd** attribute, that is, the password for logging in to the VM using VNC. -``` +```xml ... @@ -588,8 +609,8 @@ For example, in the following example, the VM emulator path, pty serial port, Vi - ... - + ... + ``` @@ -601,22 +622,21 @@ The XML configuration file contain configurations related to the system architec ### Elements -- **os**: defines VM startup parameters. +- **os**: defines VM startup parameters. - Subelement **type**: specifies the VM type. The attribute **arch** indicates the architecture type, for example, AArch64. The attribute **machine** indicates the type of VM chipset. Supported chipset type can be queried by running the **qemu-kvm -machine ?** command. For example, the AArch64 architecture supports the **virt** type. + Sub-element **type**: VM type. The attribute **arch** indicates the architecture type, for example, AArch64. The attribute **machine** indicates the type of VM chipset. Supported chipset type can be queried by running the **qemu-kvm -machine ?** command. For example, the AArch64 architecture supports the **virt** type. - Subelement **loader**: specifies the firmware to be loaded, for example, the UEFI file provided by the EDK. The **readonly** attribute indicates whether the file is read-only. The value can be **yes** or **no**. The **type** attribute indicates the **loader** type. The common values are **rom** and **pflash**. + Sub-element **loader**: firmware to be loaded, for example, the UEFI file provided by the EDK. The **readonly** attribute indicates whether the file is read-only. The value can be **yes** or **no**. The **type** attribute indicates the **loader** type. The common values are **rom** and **pflash**. - Subelement **nvram**: specifies the path of the **nvram** file, which is used to store the UEFI startup configuration. + Sub-element **nvram**: path of the **nvram** file, which is used to store the UEFI startup configuration. - -- **features**: Hypervisor controls some VM CPU/machine features, such as the advanced configuration and power interface \(ACPI\) and the GICv3 interrupt controller specified by the ARM processor. +- **features**: Hypervisor controls some VM CPU/machine features, such as the advanced configuration and power interface \(ACPI\) and the GICv3 interrupt controller specified by the ARM processor. ### Example for AArch64 Architecture The VM is of the **aarch64** type and uses **virt** chipset. The VM configuration started using UEFI is as follows: -``` +```xml ... @@ -630,7 +650,7 @@ The VM is of the **aarch64** type and uses **virt** chipset. The VM configur Configure ACPI and GIC V3 interrupt controller features for the VM. -``` +```xml @@ -641,7 +661,7 @@ Configure ACPI and GIC V3 interrupt controller features for the VM. The x86\_64 architecture supports both BIOS and UEFI boot modes. If **loader** is not configured, the default BIOS boot mode is used. The following is a configuration example in which the UEFI boot mode and Q35 chipsets are used. -``` +```xml ... @@ -660,45 +680,44 @@ In addition to system resources and virtual devices, other elements need to be c ### Elements -- **iothreads**: specifies the number of **iothread**, which can be used to accelerate storage device performance. - -- **on\_poweroff**: action taken when a VM is powered off. -- **on\_reboot**: action taken when a VM is rebooted. -- **on\_crash**: action taken when a VM is on crash. -- **clock**: indicates the clock type. +- **iothreads**: number of **iothread**, which can be used to accelerate storage device performance. - **offset** attribute: specifies the VM clock synchronization type. The value can be **localtime**, **utc**, **timezone**, or **variable**. +- **on\_poweroff**: action taken when a VM is powered off. +- **on\_reboot**: action taken when a VM is rebooted. +- **on\_crash**: action taken when a VM is on crash. +- **clock**: clock type. + **offset** attribute: VM clock synchronization type. The value can be **localtime**, **utc**, **timezone**, or **variable**. ### Configuration Example Configure two **iothread** for the VM to accelerate storage device performance. -``` +```xml 2 ``` Destroy the VM when it is powered off. -``` +```xml destroy ``` Restart the VM. -``` +```xml restart ``` Restart the VM when it is crashed. -``` +```xml restart ``` The clock uses the **utc** synchronization mode. -``` +```xml ``` @@ -712,19 +731,19 @@ This section provides XML configuration files of a basic AArch64 VM and a x86\_6 An XML configuration file of AArch64 VM, which contains basic elements. The following is a configuration example: -``` +```xml openEulerVM 8 4 - hvm - /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw - /var/lib/libvirt/qemu/nvram/openEulerVM.fd + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + /var/lib/libvirt/qemu/nvram/openEulerVM.fd - - + + @@ -735,33 +754,33 @@ An XML configuration file of AArch64 VM, which contains basic elements. The foll restart restart - /usr/libexec/qemu-kvm - - - - - - - - - - - - - - - - - - + /usr/libexec/qemu-kvm + + + + + + + + + + + + + + + + + + - - - - + + + + @@ -771,7 +790,7 @@ An XML configuration file of AArch64 VM, which contains basic elements. The foll An XML configuration file of x86\_64 VM, which contains basic elements and bus elements. The following is a configuration example: -``` +```xml openEulerVM 8388608 diff --git a/docs/en/docs/Virtualization/vm-live-migration.md b/docs/en/docs/Virtualization/vm-live-migration.md index 49c19011e7430fc21b71fe711d9681c482f60413..07f3d96d52922355eb2df3ad7d9e4cdf11e8ec85 100644 --- a/docs/en/docs/Virtualization/vm-live-migration.md +++ b/docs/en/docs/Virtualization/vm-live-migration.md @@ -1,12 +1,11 @@ # VM Live Migration - [VM Live Migration](#vm-live-migration) - - [Introduction](#introduction-1) + - [Introduction](#introduction) - [Application Scenarios](#application-scenarios) - [Precautions and Restrictions](#precautions-and-restrictions) - [Live Migration Operations](#live-migration-operations) - ## Introduction ### Overview @@ -17,42 +16,60 @@ When a VM is running on a physical machine, the physical machine may be overload Shared and non-shared storage live migration applies to the following scenarios: -- When a physical machine is faulty or overloaded, you can migrate the running VM to another physical machine to prevent service interruption and ensure normal service running. -- When most physical machines are underloaded, migrate and integrate VMs to reduce the number of physical machines and improve resource utilization. -- When the hardware of a physical server becomes a bottleneck, such as the CPU, memory, and hard disk, replace the hardware with better performance or add devices. However, you cannot stop the VM or stop services. -- Server software upgrade, such as virtualization platform upgrade, allows the VM to be live migrated from the old virtualization platform to the new one. +- When a physical machine is faulty or overloaded, you can migrate the running VM to another physical machine to prevent service interruption and ensure normal service running. +- When most physical machines are underloaded, migrate and integrate VMs to reduce the number of physical machines and improve resource utilization. +- When the hardware of a physical server becomes a bottleneck, such as the CPU, memory, and hard disk, replace the hardware with better performance or add devices. However, you cannot stop the VM or stop services. +- Server software upgrade, such as virtualization platform upgrade, allows the VM to be live migrated from the old virtualization platform to the new one. Non-shared storage live migration can also be used in the following scenarios: -- If a physical machine is faulty and the storage space is insufficient, migrate the running VM to another physical machine to prevent service interruption and ensure normal service running. -- When the storage device of the physical machine is aged, the performance cannot support the current service data processing and becomes the bottleneck of the system performance. In this case, a storage device with higher performance needs to be used, but the VM cannot be shut down or stopped. The running VM needs to be migrated to a physical machine with better performance. +- If a physical machine is faulty and the storage space is insufficient, migrate the running VM to another physical machine to prevent service interruption and ensure normal service running. +- When the storage device of the physical machine is aged, the performance cannot support the current service data processing and becomes the bottleneck of the system performance. In this case, a storage device with higher performance needs to be used, but the VM cannot be shut down or stopped. The running VM needs to be migrated to a physical machine with better performance. ## Precautions and Restrictions -- During the live migration, ensure that the network is in good condition. If the network is interrupted, live migration is suspended until the network is recovered. If the network connection times out, live migration fails. -- During the migration, do not perform operations such as VM life cycle management and VM hardware device management. -- During VM migration, ensure that the source and destination servers are not powered off or restarted unexpectedly. Otherwise, the live migration fails or the VM may be powered off. -- Do not shut down, restart, or restore the VM during the migration. Otherwise, the live migration may fail. If you perform live migration when the VM is rebooted in ACPI mode, the VM will be shut down. +- During the live migration, ensure that the network is in good condition. If the network is interrupted, live migration is suspended until the network is recovered. If the network connection times out, live migration fails. +- During the migration, do not perform operations such as VM life cycle management and VM hardware device management. +- During VM migration, ensure that the source and destination servers are not powered off or restarted unexpectedly. Otherwise, the live migration fails or the VM may be powered off. +- Do not shut down, restart, or restore the VM during the migration. Otherwise, the live migration may fail. If you perform live migration when the VM is rebooted in ACPI mode, the VM will be shut down. -- Only homogeneous live migration is supported. That is, the CPU models of the source and destination must be the same. -- A VM can be successfully migrated across service network segments. However, network exceptions may occur after the VM is migrated to the destination. To prevent this problem, ensure that the service network segments to be migrated are the same. -- If the number of vCPUs on the source VM is greater than that on the destination physical machine, the VM performance will be affected after the migration. Ensure that the number of vCPUs on the destination physical machine is greater than or equal to that on the source VM. +- Only homogeneous live migration is supported. That is, the CPU models of the source and destination must be the same. +- A VM can be successfully migrated across service network segments. However, network exceptions may occur after the VM is migrated to the destination. To prevent this problem, ensure that the service network segments to be migrated are the same. +- If the number of vCPUs on the source VM is greater than that on the destination physical machine, the VM performance will be affected after the migration. Ensure that the number of vCPUs on the destination physical machine is greater than or equal to that on the source VM. Precautions for live migration of non-shared storage: -- The source and destination cannot be the same disk image file. You need to perform special processing on such migration to prevent image damage caused by data overwriting. -- Shared disks cannot be migrated. You need to perform foolproof operations on such migration. -- The destination image supports only files and does not support raw devices. You need to perform foolproof processing on the migration of raw devices. -- The size and number of disk images created on the destination must be the same as those on the source. Otherwise, the migration fails. -- In hybrid migration scenarios, the disks to be migrated must not include shared and read-only disks. +- The source and destination cannot be the same disk image file. You need to perform special processing on such migration to prevent image damage caused by data overwriting. +- Shared disks cannot be migrated. You need to perform foolproof operations on such migration. +- The destination image supports only files and does not support raw devices. You need to perform foolproof processing on the migration of raw devices. +- The size and number of disk images created on the destination must be the same as those on the source. Otherwise, the migration fails. +- In hybrid migration scenarios, the disks to be migrated must not include shared and read-only disks. ## Live Migration Operations ### Prerequisites -- Before live migration, ensure that the source and destination hosts can communicate with each other and have the same resource permissions. That is, the source and destination hosts can access the same storage and network resources. +- Before live migration, ensure that the source and destination hosts can communicate with each other and have the same resource permissions. That is, the source and destination hosts can access the same storage and network resources. + +- Before VM live migration, perform a health check on the VM and ensure that the destination host has sufficient CPU, memory, and storage resources. + +### Prediction of the Dirty Page Rate During Live Migration (Optional) + +Before migrating a VM, you can use the dirtyrate function to obtain the dirty page change rate of the live migration and evaluate whether the VM is suitable for migration or configure proper migration parameters based on the VM memory usage. + +Procedure: -- Before VM live migration, perform a health check on the VM and ensure that the destination host has sufficient CPU, memory, and storage resources. +For example, if the VM name is **openEulerVM** and the calculation time is 1s, run the following command: + +```shell +virsh qemu-monitor-command openEulerVM '{"execute":"calc-dirty-rate", "arguments": {"calc-time": 1}}' +``` + +After 1s, run the following command to query the dirty page change rate: + +```shell +virsh qemu-monitor-command openEulerVM '{"execute":"query-dirty-rate"}' +``` ### \(Optional\) Setting Live Migration Parameters @@ -60,31 +77,31 @@ Before live migration, run the **virsh migrate-setmaxdowntime** command to spe For example, to set the maximum downtime of the VM named **openEulerVM** to **500 ms**, run the following command: -``` -# virsh migrate-setmaxdowntime openEulerVM 500 +```shell +virsh migrate-setmaxdowntime openEulerVM 500 ``` In addition, you can run the **virsh migrate-setspeed** command to limit the bandwidth occupied by VM live migration. This prevents VM live migration from occupying too much bandwidth and affecting other VMs or services on the host. This operation is also optional for live migration. For example, to set the live migration bandwidth of the VM named **openEulerVM** to **500 Mbit/s**, run the following command: -``` -# virsh migrate-setspeed openEulerVM --bandwidth 500 +```shell +virsh migrate-setspeed openEulerVM --bandwidth 500 ``` You can run the **migrate-getspeed** command to query the maximum bandwidth during VM live migration. -``` -# virsh migrate-getspeed openEulerVM +```shell +$ virsh migrate-getspeed openEulerVM 500 ``` ### Live Migration Operations \(Shared Storage Scenario\) -1. Check whether the storage device is shared. +1. Check whether the storage device is shared. - ``` - # virsh domblklist + ```shell + $ virsh domblklist Target Source -------------------------------------------- sda /dev/mapper/open_euleros_disk @@ -93,12 +110,12 @@ You can run the **migrate-getspeed** command to query the maximum bandwidth du Run the **virsh domblklist** command to query the storage device information of the VM. For example, the preceding query result shows that the VM is configured with two storage devices: sda and sdb. Then, check whether the backend storage of the two devices is local storage or remote storage, if all storage devices are on the remote shared storage, the VM is a shared storage VM. Otherwise, the VM is a non-shared storage VM. -2. Run the following command for VM live migration: +2. Run the following command for VM live migration: For example, run the **virsh migrate** command to migrate VM **openEulerVM** to the destination host. - ``` - # virsh migrate --live --unsafe openEulerVM qemu+ssh:///system + ```shell + virsh migrate --live --unsafe openEulerVM qemu+ssh:///system ``` **** indicates the IP address of the destination host. Before live migration, SSH authentication must be performed to obtain the source host management permission. @@ -113,15 +130,15 @@ You can run the **migrate-getspeed** command to query the maximum bandwidth du The **--timeout** command specifies the live migration timeout period. If the live migration exceeds the specified period, the VM is forcibly suspended to reduce the live migration. -3. After the live migration is complete, the VM is running properly on the destination host. +3. After the live migration is complete, the VM is running properly on the destination host. ### Live Migration Operations \(Non-Shared Storage Scenario\) -1. Query the VM storage device list to ensure that the VM uses non-shared storage. +1. Query the VM storage device list to ensure that the VM uses non-shared storage. For example, the **virsh domblklist** command output shows that the VM to be migrated has a disk sda in qcow2 format. The XML configuration of sda is as follows: - ``` + ```xml @@ -132,16 +149,47 @@ You can run the **migrate-getspeed** command to query the maximum bandwidth du Before live migration, create a virtual disk file in the same disk directory on the destination host. Ensure that the disk format and size are the same. - ``` - # qemu-img create -f qcow2 /mnt/sdb/openeuler/openEulerVM.qcow2 20G + ```shell + qemu-img create -f qcow2 /mnt/sdb/openeuler/openEulerVM.qcow2 20G ``` -2. Run the **virsh migrate** command on the source to perform live migration. During the migration, the storage is also migrated to the destination. +2. Run the **virsh migrate** command on the source to perform live migration. During the migration, the storage is also migrated to the destination. - ``` - # virsh migrate --live --unsafe --copy-storage-all --migrate-disks sda \ + ```shell + $ virsh migrate --live --unsafe --copy-storage-all --migrate-disks sda \ openEulerVM qemu+ssh:///system ``` -3. After the live migration is complete, the command output indicates that the VM is running properly on the destination host and the storage device is migrated to the destination host. +3. After the live migration is complete, the command output indicates that the VM is running properly on the destination host and the storage device is migrated to the destination host. + +### Live Migration Operations (Encrypted Transmission) + +1. Overview + + To better encrypt data during VM live migration, openEuler provides the Transport Layer Security (TLS) encryption feature. Almost all network services in QEMU can use TLS to encrypt session data and use X509 certificates to perform simple identity authentication on clients. + +2. Application Scenarios + + A typical application scenario is to ensure data security when VM data is transmitted between the source end and the target end during live migration. + +3. Precautions + + Before using TLS to live migrate VMs, you need to apply for certificates and set certificates on the source and destination ends. Before using the TLS function, you need to enable the peer authentication configuration item and set **migrate_tls_x509_verify** to **1** in **/etc/libvirt/qemu.conf**. + + The service interruption duration and migration duration of single-channel TLS live migration increase significantly. The upper limit of the migration bandwidth is 100 MiB/s to 200 MiB/s. As a result, the migration may fail. + + The multiFd can be used to perform multi-channel TLS migration. However, the CPU overhead increases (two more migration threads are enabled), which may affect VM running. You are advised to set the CPU affinity of the live migration thread to isolate the CPU resources used by the live migration thread from the CPU resources bound to the VM process. You are advised to bind two CPUs to each VM to be migrated. + +4. How to Use + + Encrypted transmission command for single-channel live migration: + + ```shell + virsh migrate --live --unsafe --tls --domain openEulerVM --desturi qemu+tcp:///system --migrateuri tcp:// + ``` + + Encrypted transmission command for multi-channel live migration: + ```shell + virsh migrate --live --unsafe --parallel --tls --domain openEulerVM --desturi qemu+tcp:///system --migrateuri tcp:// + ``` diff --git a/docs/en/docs/Virtualization/vmtop.md b/docs/en/docs/Virtualization/vmtop.md new file mode 100644 index 0000000000000000000000000000000000000000..99f2158ca4f10ef6f7f32695330e0411e21a4002 --- /dev/null +++ b/docs/en/docs/Virtualization/vmtop.md @@ -0,0 +1,198 @@ +# Tool Guide + +- [vmtop](#vmtop) + +## vmtop + +### Overview + +vmtop is a user-mode tool running on the host machine. You can use the vmtop tool to dynamically view the usage of VM resources in real time, such as CPU usage, memory usage, and the number of vCPU traps. Therefore, the vmtop tool can be used to locate virtualization problems and optimize performance. + +#### Multi-Architecture Support + +Currently, the vmtop supports the AArch64 and x86_64 processor architectures. + +#### Display Item Description + +The vmtop display items vary according to the processor architecture. This document describes the meaning of each display item and whether it is displayed in the corresponding architecture. + +>![](./public_sys-resources/icon-note.gif) **Note:** +>The following sampling difference refers to the difference between two times of data obtained in a specified interval. + +##### Display Items of the AArch64 and x86_64 Architectures + +- **VM/task-name**: VM/Process name +- **DID**: VM ID +- **PID**: PID of the qemu process of the VM +- **%CPU**: CPU usage of a process +- **EXTsum**: Total number of KVM exits (sampling difference) +- **S**: Process status +- **P**: ID of the physical CPU occupied by a process +- **%ST**: Ratio of the preemption time to the CPU running time +- **%GUE**: Ratio of the VM internal occupation time to the CPU running time +- **%HYP**: Virtualization overhead ratio + +##### Display Items Only for the Aarch64 Architecture + +- **EXThvc**: Number of hvc-exits (sampling difference) +- **EXTwfe**: Number of wfe-exits (sampling difference) +- **EXTwfi**: Number of wfi-exits (sampling difference) +- **EXTmmioU**: Number of mmioU-exits (sampling difference) +- **EXTmmioK**: Number of mmioK-exits (sampling difference) +- **EXTfp**: Number of fp-exits (sampling difference) +- **EXTirq**: Number of irq-exits (sampling difference) +- **EXTsys64**: Number of sys64 exits (sampling difference) +- **EXTmabt**: Number of mem abort exits (sampling difference) + +##### Display Items Only for the x86_64 Architecture + +- **PFfix**: Number of page faults (sampling difference) +- **PFgu**: Number of times that page faults are injected to the guest OS (sampling difference) +- **INvlpg**: Number of times that a TLB item is flushed (one of the TLB items, which is not fixed) +- **EXTio**: Number of io VM-exit times (sampling difference) +- **EXTmmio**: Number of mmio VM-exit times (sampling difference) +- **EXThalt**: Number of halt VM-exit times (sampling difference) +- **EXTsig**: Number of VM-exits caused by signal processing (sampling difference) +- **EXTirq**: Number of VM-exits caused by interrupts (sampling difference) +- **EXTnmiW**: Number of VM-exit times caused by non-maskable interrupts (sampling difference) +- **EXTirqW**: Interruptwindow mechanism. When the interrupt function is enabled, exit is used to inject interrupts (sampling difference) +- **IrqIn**: Number of times that IRQ interrupts are injected (sampling difference) +- **NmiIn**: Number of times that NMI interrupts are injected (sampling difference) +- **TLBfl**: Number of times that the entire TLB is flushed (sampling difference) +- **HostReL**: Number of times that the host status is overloaded (sampling difference) +- **Hyperv**: Number of times that the guest OS is simulated to call hypercall in virtualization-assistant mode (sampling difference) +- **EXTcr**: Number of times that the access to the CR register exits (sampling difference) +- **EXTrmsr**: Number of times that the read MSR exits (sampling difference) +- **EXTwmsr**: Number of times that the write MSR exits (sampling difference) +- **EXTapic**: Number of APIC write times (sampling difference) +- **EXTeptv**: Ept page fault exit times (sampling difference) +- **EXTeptm**: Number of Ept error exits (sampling difference) +- **EXTpau**: Number of times that the VCPU pauses and exits (sampling difference) + +### Usage + +vmtop is a command line tool. You can directly run the vmtop in command line mode. +In addition, the vmtop tool provides different options for querying different information. + +#### Syntax + +```sh +vmtop [option] +``` + +#### Option Description + +- `-d`: sets the refresh interval, in seconds. +- `-H`: displays the VM thread information. +- `-n`: sets the number of refresh times and exits after the refresh is complete. +- `-b`: displays Batch mode, which can be used to redirect to a file. +- `-h`: displays help information. +- `-v`: displays versions. +- `-p`: monitors the VM with a specified ID. + +#### Keyboard Shortcut + +Shortcut key used when the vmtop is running. + +- **H**: displays or stops the VM thread information. The information is displayed by default. +- Up/Down: moves the VM list upwards or downwards. +- Left/Right: moves the cursor leftwards or rightwards to display the columns that are hidden due to the screen width. +- **f**: enters the editing mode of a monitoring item and selects the monitoring item to be enabled. +- **q**: exits the vmtop process. + +### Example + +Run the vmtop command on the host. + +```sh +vmtop +``` + +The command output is as follows: + +```sh +vmtop - 2020-09-14 09:54:48 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P %ST %GUE %HYP + 2 example 4054916 13.0 0 0 1206 10 0 144 62 174 0 1452 S 106 0.0 99.7 16.0 +``` + +As shown in the output, there is only one VM named **example** on the host. The ID is 2. The CPU usage is 13.0%. The total number of traps within one second is 1452. The physical CPU occupied by the VM process is CPU 106. The ratio of the VM internal occupation time to the CPU running time is 99.7%. + +1. Display VM thread information. +Press **H** to display the thread information. + + ```sh + vmtop - 2020-09-14 10:11:27 - 1.0 + Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P %ST %GUE %HYP + 2 example 4054916 13.0 0 0 1191 17 4 120 76 147 0 1435 S 119 0.0 123.7 4.0 + |_ qemu-kvm 4054916 0.0 0 0 0 0 0 0 0 0 0 0 S 119 0.0 0.0 0.0 + |_ qemu-kvm 4054928 0.0 0 0 0 0 0 0 0 0 0 0 S 119 0.0 0.0 0.0 + |_ signalfd_com 4054929 0.0 0 0 0 0 0 0 0 0 0 0 S 120 0.0 0.0 0.0 + |_ IO mon_iothr 4054932 0.0 0 0 0 0 0 0 0 0 0 0 S 117 0.0 0.0 0.0 + |_ CPU 0/KVM 4054933 3.0 0 0 280 6 4 28 19 41 0 350 S 105 0.0 27.9 0.0 + |_ CPU 1/KVM 4054934 3.0 0 0 260 0 0 16 12 36 0 308 S 31 0.0 20.0 0.0 + |_ CPU 2/KVM 4054935 3.0 0 0 341 0 0 44 20 26 0 387 R 108 0.0 27.9 4.0 + |_ CPU 3/KVM 4054936 5.0 0 0 310 11 0 32 25 44 0 390 S 103 0.0 47.9 0.0 + |_ memory_lock 4054940 0.0 0 0 0 0 0 0 0 0 0 0 S 126 0.0 0.0 0.0 + |_ vnc_worker 4054944 0.0 0 0 0 0 0 0 0 0 0 0 S 118 0.0 0.0 0.0 + |_ worker 4143738 0.0 0 0 0 0 0 0 0 0 0 0 S 120 0.0 0.0 0.0 + ``` + + The example VM has 11 threads, including the vCPU thread, vnc_worker, and IO mon_iotreads. Each thread also displays detailed CPU usage and trap information. + +2. Select the monitoring item. +Enter f to edit the monitoring item. + +```sh +field filter - select which field to be showed +Use up/down to navigate, use space to set whether chosen filed to be showed +'q' to quit to normal display + + * DID + * VM/task-name + * PID + * %CPU + * EXThvc + * EXTwfe + * EXTwfi + * EXTmmioU + * EXTmmioK + * EXTfp + * EXTirq + * EXTsys64 + * EXTmabt + * EXTsum + * S + * P + * %ST + * %GUE + * %HYP +``` + +All monitoring items are displayed by default. You can press the up or down key to select a monitoring item, press the space key to set whether to display or hide the monitoring item, and press the q key to exit. +After %**ST**, **%GUE**, and **%HYP** are hidden, the following information is displayed: + +```sh +vmtop - 2020-09-14 10:23:25 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P + 2 example 4054916 12.0 0 0 1213 14 1 144 68 168 0 1464 S 125 + |_ qemu-kvm 4054916 0.0 0 0 0 0 0 0 0 0 0 0 S 125 + |_ qemu-kvm 4054928 0.0 0 0 0 0 0 0 0 0 0 0 S 119 + |_ signalfd_com 4054929 0.0 0 0 0 0 0 0 0 0 0 0 S 120 + |_ IO mon_iothr 4054932 0.0 0 0 0 0 0 0 0 0 0 0 S 117 + |_ CPU 0/KVM 4054933 2.0 0 0 303 6 0 29 10 35 0 354 S 98 + |_ CPU 1/KVM 4054934 4.0 0 0 279 0 0 39 17 49 0 345 S 1 + |_ CPU 2/KVM 4054935 3.0 0 0 283 0 0 33 20 40 0 343 S 122 + |_ CPU 3/KVM 4054936 3.0 0 0 348 8 1 43 21 44 0 422 S 110 + |_ memory_lock 4054940 0.0 0 0 0 0 0 0 0 0 0 0 S 126 + |_ vnc_worker 4054944 0.0 0 0 0 0 0 0 0 0 0 0 S 118 + |_ worker 1794 0.0 0 0 0 0 0 0 0 0 0 0 S 126 +``` + +**%ST**, **%GUE**, and **%HYP** will not be displayed on the screen. diff --git a/docs/en/docs/desktop/DDE-User-Manual.md b/docs/en/docs/desktop/DDE-User-Manual.md new file mode 100755 index 0000000000000000000000000000000000000000..f1d10a547cd7c5b2005ef99e17631ca344bceb64 --- /dev/null +++ b/docs/en/docs/desktop/DDE-User-Manual.md @@ -0,0 +1,858 @@ + + +# DDE Desktop Environment + + + + + +- [DDE Desktop Environment](#dde-desktop-environment) + - [Overview](#overview) + - [Desktop](#desktop) + - [Dock](#dock) + - [Launcher](#launcher) + - [Control Center](#control-center) + - [Keyboard Interaction](#keyboard-interaction) + + + + +## Overview +DDE desktop environment is an elegant, secure, reliable and easy to use GUI comprised of the desktop, dock, launcher and control center. Acting as the key basis for our operating system, its main interface is shown as below. + +![1|desk](./figures/43.jpg) + +### Getting Started + +When you enter DDE for the very first time, a welcome program will automatically start. You can watch the introduction video, select your desktop style and icon theme, and learn more about the system functions. + +![0|welcome](./figures/46.png) + + + +## Desktop + +Desktop is the main screen you see after logging in. On the desktop, you can create a new file/folder, sort files, open in terminal, set wallpaper and screensaver and etc. You can also add shortcuts for applications on desktop by using [Send to desktop](#Set App Shortcut). + +![0|contextmenu](./figures/41.png) + +### Create New Folder/Document +Just as in File Manager, you can create a new folder/document on the desktop, or do some operations for the files on it. + +- Right-click the desktop, select **New folder** and enter the name for it. +- Right-click the desktop, select **New document**, select the type and enter its name. + +Right-click a file or folder on the desktop, and use the features of File Manager as below: + +| Function | Description | +| ---------------- | ------------------------------------------------------------ | +| Open with | Select an app to open it. | +| Cut | Move it to another location. | +| Copy | Copy it to another location. | +| Rename | Change its name. | +| Delete | Delete and move it to the trash. | +| Create link | Create a shortcut of the file or folder. | +| Tag information | Add a tag. | +| Compress/Extract | Compress the file or folder, or extract the compressed file. | +| Properties | View the basic info, share it or change the permission. | + +### Sort Files + +Sort the files on your desktop to make it organized and fit your needs. + +1. Right-click the desktop. +2. Click **Sort by**, you can: + + - Click **Name** to display files in the name sequence. + - Click **Size** to display files in the size sequence. + - Click **Type** to display files in type. + - Click **Time modified** to display files in the order of last modified date. + + +> ![tips](./figures/icon125-o.svg)Tips: *Check **Auto arrange**, icons on the desktop will be listed in order automatically, and if an icon is removed, another one will fill in the blank.* + + + + +### Adjust Icon Size + +1. Right-click the desktop. +2. Click **Icon size**, and choose a proper size. + +> ![tips](./figures/icon125-o.svg)Tips: *Press **Ctrl** + ![=](./figures/icon134-o.svg)/![-](./figures/icon132-o.svg) scrolling mouse wheel to adjust icon size on the desktop and in Launcher.* + +### Set Display +You can set display scaling, screen resolution, brightness and so on from the desktop. + +1. Right-click the desktop. +2. Click **Display Settings** to open the settings in Control Center. + +> ![notes](./figures/icon99-o.svg)Notes: *For specific operations, please refer to [Display](#Display).* + +### Change Wallpaper +Select some elegant and fashionable wallpapers to beautify your desktop and make it distinctive. + +1. Right-click the desktop. +2. Click **Wallpaper and Screensaver** to preview all the wallpapers. +3. Click your favorite one and it will apply in your desktop and screen lock. +4. You can also choose **Only desktop** or **Only lock screen**. + +![1|wallpaper](./figures/63.jpg) + + + +> ![tips](./figures/icon125-o.svg)Tips: *You can also set your favorite picture as wallpaper in an image viewer.* + +### Clipboard + +All the texts, pictures and documents cut and copied by the current user after login are displayed in the clipboard, which can be copied quickly by double-clicking the clipboard. The clipboard is cleared automatically after logout and shutdown. + +1. Use the shortcuts **Ctrl**+**Alt**+ **V** to wake up the clipboard. + +2. Double-click in the clipboard to copy the current content quickly and the corresponding block will be moved to the top of the clipboard. + +3. Select the target destination to paste it. + +4. Click![close](./figures/icon57-o.svg)to delete the current content and click **Clear All** to clear the clipboard. + + ![1|clipboard](./figures/40.png) + +## Dock + +Dock is at the bottom of the desktop by default to help you quickly open frequently-used applications, which includes Launcher, applications, system tray, and plugins. In the dock, you can open launcher, show the desktop, enter the workspaces, open and exit apps, set input methods, adjust the volume, connect to the network, view the calendar and enter the shutdown interface, and so on. + +### Icons on Dock +In the Dock, there are icons of Launcher, applications, system tray, and plugins. + + + +![1|fashion](./figures/45.png) + +| Icon | Description | +| ---- | ---- | +| ![launcher](./figures/icon66-o.svg) | Launcher - click to view all the installed applications. | +| ![deepin-toggle-desktop](./figures/icon69-o.svg) | Click to show the desktop. | +| ![dde-file-manager](./figures/icon63-o.svg) | File Manager - click to view files and folders on the disk. | +| ![dde-calendar](./figures/icon62-o.svg) | Calendar - view dates and create new schedules. | +| ![controlcenter](./figures/icon58-o.svg) | Control Center - click to check or change system settings. | +| ![notification](./figures/icon101-o.svg) | Notification Center - show all notifications from the system and applications. | +| ![onboard](./figures/icon103-o.svg) | Onboard virtual keyboard. | +| ![shutdown](./figures/icon122-o.svg) | Click to enter the shutdown interface. | +| ![trash](./figures/icon126-o.svg) | Trash. | + +> ![tips](./figures/icon125-o.svg)Tips: *In Efficient Mode, you can click the right side of Dock to show the desktop. Move the cursor to the running app in the Dock and you will see its preview window.* + +### Switch Display Mode +There are two display modes of Dock: fashion mode and efficient mode, icon sizes are different in them. + +![1|fashion](./figures/46.png) + +![1|efficient](./figures/63.png) + +You can switch the display modes by the following operations: + +1. Right-click the Dock and select **Mode**. +2. Select the display mode. + +### Change Dock Location +You can place Dock on any direction of your desktop. + +1. Right-click the Dock and select **Location**. +2. Select a location. + +### Change Dock Height +Drag the top edge to increase or decrease the height. + + +### Show/Hide Plugins + +1. Right-click the Dock and select **Plugins**. +2. On the submenu, you can check or uncheck **Trash, Power, Show Desktop, Onboard**, and **Datetime** to show or hide the corresponding icon in the Dock. + +### View Notifications +When there are system or application notifications, they will be shown in the middle of the screen. If there are buttons in the message, click buttons to do the actions; if there are not, click the message to close it. + + + +![notification](./figures/51.png) + +Click notification in Dock to view all the notifications. + +### View Date and Time + +- Hover the cursor over the Time icon in Dock to view the current time, date and day of the week. +- Click the Time icon to open Calendar. + +### Enter Shutdown Interface + +There are two ways to enter the shutdown interface: + +- Click ![shutdown](./figures/icon122-o.svg) in Dock. +- Click ![poweroff_normal](./figures/icon136-o.svg) at the bottom right corner of Launcher mini mode. + +| Function | Description | +| ------------------------------------------------------------ | ------------------------------------------------------------ | +| Shut down ![poweroff_normal](./figures/icon136-o.svg) | Shut down the computer. | +| Reboot ![reboot_normal](./figures/icon110-o.svg) | Restart the computer. | +| Lock ![lock_normal](./figures/icon90-o.svg) | Lock the computer with the password. Or press **Super** + **L** to lock it. | +| Switch user ![userswitch_normal](./figures/icon128-o.svg) | Log in with another user account. | +| Log out ![logout_normal](./figures/icon92-o.svg) | End all the processes and initialize the system. | +| Start system monitor![deepin-system-monitor](./figures/icon68-o.svg) | View the running processes and end the one you want. | + +> ![notes](./figures/icon99-o.svg)Notes: ![userswitch_normal](./figures/icon128-o.svg) *will be shown if there are multiple accounts in the system.* + +### Trash +You can find all deleted files in the trash, which can be restored or emptied. + +#### Restore Files + +You can restore deleted files in Trash or press **Ctrl** + **Z** to restore the lately deleted files. + +1. Select the file in the trash. +2. Right-click the file and select **Restore**. +3. The file will be in its original path. + +> ![attention](./figures/icon52-o.svg)Attention: *If the original folder of the file has been deleted, the deleted file will be restored to a new folder automatically created.* + +#### Empty Trash +In the trash, click **Empty** to permanently delete all the files in the trash. + +## Launcher +Launcher ![launcher](./figures/icon66-o.svg) helps you manage all the installed applications, where you can quickly find an application by category navigation or by a search. + +> ![tips](./figures/icon125-o.svg)Tips: *You can view newly installed applications in Launcher. The newly-installed ones are followed with a blue dot.* + + +### Switch Launcher Modes + +There are two display modes of Launcher: fullscreen mode and mini mode. Click the icon at the upper right corner to switch modes. + +Both modes support searching applications and sending them to the desktop or Dock. + +The mini mode also supports opening File Manager, Control Center and shutdown interface directly. + +![1|fullscreen](./figures/47.jpg) +![1|mini](./figures/52.png) + +### Sort Applications + +In fullscreen mode, all applications in Launcher are listed by the installation time by default. You can sort the application icons as the ways below: + +- Hover the cursor over an application icon, hold down the left key of mouse, drag and drop the application icon to arrange it freely. +- Click the category icon ![category](./figures/icon56-o.svg) on the upper left in Launcher to arrange the icons by category. + +![1|sortapp](./figures/60.jpg) + +In mini mode, applications are displayed according to using frequency by default. + +### Find Applications + +In Launcher, you can scroll up and down to find an application, or locate it with the category navigation. + +If you already know the application name, just search for it. + +### Set App Shortcut +The shortcut offers a method to run applications easily and quickly. + +#### Create App Shortcut +Send the application icon to the desktop or Dock to facilitate the follow-up operations. + +In Launcher, right-click an app icon and you can: + +* Select **Send to desktop** to create a shortcut on the desktop. +* Select **Send to dock** to fix the application icon in Dock. + +![0|sendto](./figures/58.png) + +> ![notes](./figures/icon99-o.svg)Notes: *You can drag the application icon from Launcher to Dock. But you cannot drag and drop the application while it is running. Then you can right-click the application icon in Dock and select **Dock** to fix it in order to open it quickly for the next time.* + +#### Delete Shortcut +Delete a shortcut from the desktop directly, or remove it from Dock or Launcher. + +**Remove the shortcut from Dock:** + +- Hold down the left key of mouse, drag and drop the icon away from Dock. +- You cannot drag and drop the application icon while it is running. Then you can right-click the application icon in Dock and select **Undock** to remove it from Dock. + +**Remove the shortcut from Launcher:** + +In Launcher, right-click the icon and you can: +- Select **Remove from desktop** to delete the shortcut from the desktop. +- Select **Remove from dock** to remove the application icon from Dock. + +> ![notes](./figures/icon99-o.svg)Notes: *The above operations only delete the shortcut rather than uninstall the applications.* + +### Run Applications +For the applications whose shortcuts have been created on the desktop or Dock, you can open them in the following ways: + +- Double-click the desktop icon or right-click it and select **Open**. +- Click the application icon in Dock or right-click it and select **Open**. + +To open the application only shown in Launcher, click the icon or right-click it and select **Open**. + +> ![tips](./figures/icon125-o.svg)Tips: *For the frequently-used applications, right-click the app icon and select **Add to startup** to run it when the computer boots.* + + +## Control Center +You can manage the system settings in Control Center, including account management, network settings, date and time, personalization, display settings, etc. After entering the desktop environment, click ![controlcenter](./figures/icon58-o.svg) to open Control Center. + +### Homepage Introduction +The homepage of Control Center provides several setting modules and click one to enter the detailed settings. + +![0|dcchomepage](./figures/42.png) + +Once you open a setting module in Control Center, the navigation appears on the left. Click the left navigation to quickly switch to other settings. + +![0|cc-navigation](./figures/39.png) + +#### Title Bar + +The title bar contains the back button, search box, main menu and the window buttons. + +- Back button: Click ![back](./figures/icon53-o.svg) to go back to the homepage. +- Search box: Input a keyword and search the related settings. +- Main menu: Click ![menu](./figures/icon83-o.svg) to enter the main menu where you can set the window theme, view the manual and exit. + +### Accounts +You have already created an account when installing the system. Here you can modify account settings or create a new one. + +![0|account](./figures/38.png) + +#### Create New Account + +1. On the homepage of Control Center, click ![account_normal](./figures/icon49-o.svg). +2. Click ![add](./figures/icon50-o.svg). +3. Input a username and a password twice. +4. Click **Create**. +5. Input the password of the current user account in the authentication dialog box, and the new account will be added to the account list. + + +#### Change Account Avatar + +1. On the homepage of Control Center, click ![account_normal](./figures/icon49-o.svg). +2. Click an existing account in the list. +3. Click the user avatar. +4. Select a avatar or upload a local avatar. + +#### Set Full Name +The account full name is shown in account list and system login interface and you can set it as needed. + +1. On the homepage of Control Center, click ![account_normal](./figures/icon49-o.svg). +2. Click an existing account in the list. +3. Click ![edit](./figures/icon75-o.svg) after **Full Name**, and input a name. + +#### Change Password + +1. On the homepage of Control Center, click ![account_normal](./figures/icon49-o.svg). + +2. Click the current account. + +3. Click **Change Password**. + +4. Input a new password twice and confirm. + +#### Delete Account + +1. On the homepage of Control Center, click ![account_normal](./figures/icon49-o.svg). +2. Click an account that's not logged in. +3. Click **Delete Account**. +4. Click **Delete** in the pop-up window. + +> ![attention](./figures/icon52-o.svg)Attention: *The logged in account cannot be deleted.* + +#### Privilege + +The first account has administrator privilege when you install the system. All other accounts you add after that are common users. One account can be grouped in many user groups. + +##### Group Setting + +When you add or modify accounts, you can: + +- Select a group existing in the system. +- Select the group with the same name as the current user. +- Select the group with the same name as another user when the account was previously added. + +### Display +Set screen resolution, brightness, direction and display scaling properly to have the best visual effect. + +![0|display](./figures/44.png) + + +#### Single Screen Settings + +##### Change Resolution + +1. On the homepage of Control Center, click ![display_normal](./figures/icon72-o.svg). +2. Click **Resolution**. +3. Select a proper resolution in the list. +4. Click **Save**. + +##### Adjust Brightness + +1. On the homepage of Control Center, click ![display_normal](./figures/icon72-o.svg). +2. Click **Brightness**. + - Drag the slider to set screen brightness. + - Switch on **Night Shift**, the screen hue will be auto-adjusted according to your location. + - Switch on **Auto Brightness**, the monitor will change the brightness automatically according to ambient light (shown only if PC has a light sensor). + +##### Change Refresh Rate +1. On the homepage of Control Center, click ![display_normal](./figures/icon72-o.svg). +2. Click **Refresh Rate**. +3. Select a proper one, and click **Save**. + +##### Change Display Direction + +1. On the homepage of Control Center, click ![display_normal](./figures/icon72-o.svg). +2. Click ![rotate](./figures/icon112-o.svg). +3. Every time you click, the screen will rotate 90 degrees counterclockwise. +4. To restore to the original direction, click the right button to exit; to use the current direction, press **Ctrl**+ **S** to save it. + +#### Multiple Screen Settings + +Expand your desktop by multiple screens! Use VGA/HDMI/DP cable to connect your computer to other display devices. + +1. On the homepage of Control Center, click ![display_normal](./figures/icon72-o.svg). +2. Click **Multiple Displays**. +3. Select a display mode: + - **Duplicate**: display the same image on other screens. + - **Extend**: expand the desktop across the screens. + - **Customize**: customize the display settings for multiple screens. + +In multiple displays, press **Super** + **P** to show its OSD. + +Operations are as follows: + +1. Hold **Super** and press **P** or click to select the options. +2. Release the keys, the selected mode will take into effect. + +>![notes](./figures/icon99-o.svg)Notes: *When the multiple displays are in the extend mode, only the main screen supports desktop icon display, right-click menu operation and other functions, while the sub-screens do not.* + +##### Custom Settings + +1. On the homepage of Control Center, click ![display_normal](./figures/icon72-o.svg). +2. Click **Multiple Displays** > **Customize**. +3. Click **Recognize**. +4. Choose **Merge** or **Split** the screens, specify the main screen, set the resolution and refresh rate, and rotate screen if you want. +5. Click **Save**. + +> ![notes](./figures/icon99-o.svg)Notes: *"Merge" means duplicate mode, "Split" means extend mode.* + +### Default Application Settings +If you have installed several applications with similar functions, such as text editor, choose one of them to be the default application to open that type of file. + +![0|default](./figures/39.png) + +#### Set Default Application + +1. Right-click the file, choose **Open with** > **Set default program**. +2. Select one application, **Set as default** is checked by default, and click **Confirm**. +3. The application will automatically be added to the default application list in Control Center. + +#### Change Default Application + +1. On the homepage of Control Center, click ![default_applications_normal](./figures/icon70-o.svg). +2. Select a file type. +3. Select another one in the list as the default application. + +#### Add Default Application + +1. On the homepage of Control Center, click ![default_applications_normal](./figures/icon70-o.svg). +2. Select a file type. +3. Click ![add](./figures/icon50-o.svg) below to add a desktop file (usually at /usr/share/applications) or a specified binary file as the default application. +4. The application will be added to the list and set as default application automatically. + +#### Delete Default Application + +In the default application list, you can only delete the applications you added. To remove other applications from the list, the only way is to uninstall them. Once uninstalled, they will automatically be deleted from the list. + +To delete the default applications you have added, do as below: + +1. On the homepage of Control Center, click ![default_applications_normal](./figures/icon70-o.svg). +2. Select a file type. +3. Click ![close](./figures/icon57-o.svg) after the application name to delete it. + + +### Personalization Settings +You can set theme, accent color, font, change the appearance of the desktop and windows to your favorite style. + +![0|personalise](./figures/56.png) + +#### Set Window Theme +1. On the homepage of Control Center, click ![personalization_normal](./figures/icon105-o.svg). +2. Click **General**. +3. Select one window theme, which will be used as system theme. + +> ![notes](./figures/icon99-o.svg)Notes: *"Auto" means changing window theme automatically according to the sunset and sunrise time. After sunrise, it is light theme; after sunset, it is dark theme.* + +#### Change Accent Color +Accent color refers to the color used when you select one option or file in the system. + +1. On the homepage of Control Center, click ![personalization_normal](./figures/icon105-o.svg). +2. Click **General**. +3. Pick a color under **Accent Color** and view its effects. + +#### Set Icon Theme + +1. On the homepage of Control Center, click ![personalization_normal](./figures/icon105-o.svg). +2. Click **Icon Theme** and select an icon style. + + +#### Set Cursor Theme + +1. On the homepage of Control Center, click ![personalization_normal](./figures/icon105-o.svg). +2. Click **Cursor Theme** and select a set of cursors. + +#### Change Font + +1. On the homepage of Control Center, click ![personalization_normal](./figures/icon105-o.svg). +2. Click **Font**. +3. Set the font and font size for the system. + + +### Network Settings +After login, you need to connect to a network first and then surf the Internet! + +> ![tips](./figures/icon125-o.svg)Tips: *Check your network status by hovering over or clicking the network icon in Dock.* + +![0|network](./figures/54.png) + +#### Wired Network + +Wired network is secure and stable, which makes it the most common way to connect to the Internet. After your router is set, connect both ends of the network cable to the computer and router to connect to a wired network. + +1. Plug the cable into the network slot of a computer. +2. Plug another end of the cable into the router or network port. +3. On the homepage of Control Center, click ![network_normal](./figures/icon97-o.svg). +4. Click **Wired Network** to enter the setting page of wired network. +5. Switch on **Wired Network Adapter** to enable wired network. +6. If it is successfully connected to the network, there will be a prompt "Wired Connection connected". + +You can also edit and add a new wired network in the setting page. + +#### Mobile Network +If you are at a place without network, mobile network adapter is a useful tool to help you connect to the Internet as long as the place is covered by telephone signals. + +1. Plug the mobile network adapter into your computer USB port. +2. Your computer will auto connect to the network. +3. On the homepage of Control Center, click ![network_normal](./figures/icon97-o.svg). +4. Click **Mobile Network** to view the detailed network info. + +#### DSL/PPPoE Connections + +DSL is a dial-up connection using a standard phone line and analog modem to access the Internet. Configure the modem, plug the telephone line into the network interface of the computer, create a broadband dial-up connection, and enter the user name and password provided by the operator to dial up the Internet. + +##### Create a PPPoE Connection + +1. On the homepage of Control Center, click ![network_normal](./figures/icon97-o.svg). +2. Click **DSL**. +3. Click ![add](./figures/icon50-o.svg). +4. Enter the name, your account and password the operator provides. +5. Click **Save**. The connection will automatically start. + + +#### VPN + +VPN is a virtual private network. Its main function is to establish a private network on the public network for encrypted communication. Whether you are on a business trip or working at home, you can use VPN to access intranet resources as long as you can access the Internet. You can also use VPN to speed up access to websites in other countries. + +1. On the homepage of Control Center, click ![network_normal](./figures/icon97-o.svg). +2. Click **VPN**, and click ![add](./figures/icon50-o.svg) or ![import](./figures/icon84-o.svg). +3. Select the VPN protocol type, and enter the name, gateway, account, password and other information. (Importing VPN will automatically fill in information) +4. Click **Save**, the system will try to connect VPN network automatically. +5. You can export the VPN settings to backup or share with other users. + +> ![notes](./figures/icon99-o.svg)Notes: *If you don't want to use the VPN as the default routing, but only want it to take effect on specific network resources, switch on **Only applied in corresponding resources**.* + +#### System Proxy + +1. On the homepage of Control Center, click ![network_normal](./figures/icon97-o.svg). +2. Click **System Proxy**. + - Click **None** and **Save** to disable the proxy. + - Click **Manual** and input the address and port of proxy servers. + - Click **Auto** and input a URL to configure the proxy info. + +#### Application Proxy + +1. On the homepage of Control Center, click ![network_normal](./figures/icon97-o.svg). +2. Click **Application Proxy**. +3. Select a proxy type, and fill in the IP address, port, etc. +4. Click **Save** to save the proxy settings. + +> ![notes](./figures/icon99-o.svg)Notes: *After being configured, run Launcher, right-click any application's icon and check **Use a proxy**, and then the application will be opened by proxy.* + +#### Network Info + +You can view MAC, IP address, gateway and other network info in network details. + +1. On the homepage of Control Center, click ![network_normal](./figures/icon97-o.svg). +2. Click **Network Details**. +3. View the network info of the current network. + +### Sound Settings + +Set your speaker and microphone properly to make you hear more comfortable and make clearer recordings. + +![0|sound](./figures/61.png) + +#### Output + +1. On the homepage of Control Center, click ![sound_normal](./figures/icon116-o.svg). + +2. Click **Output** to: + + - Select output device type from the dropdown list after **Output Device**. + + - Drag the slider to adjust output volume and left/right balance. + - Switch on **Volume Boost**, the volume could be adjustable from 0~150% (the former range is 0~100%). + + + +#### Input + +1. On the homepage of Control Center, click ![sound_normal](./figures/icon116-o.svg). +2. Click **Input** to: + - Select input device type from the dropdown list after **Input Device**. + - Adjust input volume by dragging the slider. + - You can enable **Automatic Noise Suppression** by clicking the button after "Automatic Noise Suppression". + +> ![tips](./figures/icon125-o.svg)Tips: *Usually, you need to turn up the input volume to make sure that you can hear the sound of the sound source, but the volume should not be too high, because it will cause distortion of the sound. Here is how to set input volume: Speak to your microphone at a normal volume and view "Input Level". If the indicator changes obviously according to the volume, then the input volume is at a proper level.* + + + +#### System Sound Effects + +1. On the homepage of Control Center, click ![sound_normal](./figures/icon116-o.svg). +2. Click **Sound Effects**, check the options you want to switch on the sound when the corresponding event occurs. + +> ![tips](./figures/icon125-o.svg)Tips: *Click to listen to the sound effect.* + +### Date and Time +Set your timezone properly to have correct date and time. You can also change them manually. + +![0|time](./figures/62.png) + +#### Change Timezone +You have selected the timezone during system installation and do as follows to change it. + +1. On the homepage of Control Center, click ![time](./figures/icon124-o.svg). +2. Click **Timezone List**. +3. Click **Change System Timezone** and select a timezone by searching or clicking on the map. +4. Click **Confirm**. + +#### Add Timezone +Add another timezone to see the date and time there. + +1. On the homepage of Control Center, click ![time](./figures/icon124-o.svg). +2. Click **Timezone List**. +3. Click ![add](./figures/icon50-o.svg), select a timezone by searching or clicking on the map. +4. Click **Add**. + +#### Delete Timezone + +1. On the homepage of Control Center, click ![time](./figures/icon124-o.svg). +2. Click **Timezone List**. +3. Click **Edit** after "Timezone List". +4. Click ![delete](./figures/icon71-o.svg) to remove the timezone. + +#### Change Date and Time +Note that the auto-sync function will be disabled after changing date and time manually. + +1. On the homepage of Control Center, click ![time](./figures/icon124-o.svg). +2. Click **Time Settings**. + - Switch on/off **Auto Sync**. + - Enter the correct date and time. +3. Click **Confirm**. + +#### Set Time Format + +Setting the format of time and date is supported. + +1. On the homepage of Control Center, click ![time](./figures/icon124-o.svg). +2. Click **Time Format** to set the first day of week, long date, short date, long time, and short time. + + + +### Power Management + +Power management helps you to improve system safety. + +![0|power](./figures/57.png) + + + +#### Time to Suspend + +1. On the homepage of Control Center, click ![power_normal](./figures/icon107-o.svg). +2. Click **Plugged In**. +3. Set the time to suspend. + +#### Time to Lock Screen +1. On the homepage of Control Center, click ![power_normal](./figures/icon107-o.svg). +2. Click **Plugged In**. +3. Set the time to lock screen. + +#### Power button settings + +1. On the homepage of Control Center, click ![power_normal](./figures/icon107-o.svg). +2. Click **Plugged In**. +3. You can select **Shut down, Suspend, Hibernate, Turn off the monitor, Do nothing** from the drop-down list after **When pressing the power button**. + +Any operation done here will take effect immediately. At the same time, the system will notify the user that the power button setting is changed. + + + +### Mouse + +Mouse is common computer input device. Using the mouse, you can make the operation easier and faster. + +![0|mouse](./figures/53.png) + +#### General Settings + +1. On the homepage of Control Center, click ![mouse_touchpad_normal](./figures/icon94-o.svg). +2. Click **General**. +3. Switch on **Left Hand**, and adjust **Scrolling Speed**, **Double-click Speed**. + +> ![notes](./figures/icon99-o.svg)Notes: *If "Left Hand" is enabled, left-click and right-click of the mouse exchange.* + +#### Mouse +After inserting or connecting the mouse, make relevant settings in the Control Center to make it more in line with your usage habits. + +1. On the homepage of Control Center, click ![mouse_touchpad_normal](./figures/icon94-o.svg). +2. Click **Mouse**. +3. Adjust **Pointer Speed**, which helps you to control the speed at which the pointer moves as the mouse moves. +4. Switch on **Natural Scrolling**/**Mouse Acceleration** if you want. + +> ![notes](./figures/icon99-o.svg)Notes: +> - *Turn on the mouse acceleration to improve the accuracy of the pointer. The moving distance of the mouse pointer on the screen will increase according to the acceleration of the moving speed. It can be turned on or off according to the usage.* +> - *If Natural Scrolling is enabled, when you scroll down, the page will scroll down, when you scroll up, the page will scroll up as well.* + +### Keyboard and Language +Set keyboard properties and select your keyboard layout to keep your typing habit. You can also adjust the keyboard layout according to the country and language, change system language, and customize shortcuts here. + +![0|keyboard](./figures/59.png) + +#### Keyboard Properties + +1. On the homepage of Control Center, click ![keyboard_normal](./figures/icon86-o.svg). +2. Click **General**. +3. Adjust **Repeat Delay**/**Repeat Rate**. +4. Click "Test here" and hold down a key to test the repeat rate. +5. Switch on **Numeric Keypad** and **Caps Lock Prompt** if you want. + +#### Keyboard Layout +Set the keyboard layout to customize the keyboard for the current language. When you press a key on the keyboard, the keyboard layout controls which characters are displayed on the screen. After changing the keyboard layout, the characters on the screen may not match the characters on the keyboard keys. + +You have set a keyboard layout during system installation, but you can add more for other purposes. + +![layout](./figures/50.png) + +##### Add Keyboard Layout + +1. On the homepage of Control Center, click ![keyboard_normal](./figures/icon86-o.svg). +2. Click **Keyboard Layout**. +3. Click ![add](./figures/icon50-o.svg). Click a keyboard layout to add it. + +##### Delete Keyboard Layout + +1. On the homepage of Control Center, click ![keyboard_normal](./figures/icon86-o.svg). +2. Click **Keyboard Layout**. +3. Click **Edit**. +4. Click ![delete](./figures/icon71-o.svg) to delete keyboard layout. + +##### Switch Keyboard Layout + +1. On the homepage of Control Center, click ![keyboard_normal](./figures/icon86-o.svg). +2. Click **Keyboard Layout**. +3. Click the layout you want to switch to. +4. After successful switching, the layout will be marked with a check. + +> ![tips](./figures/icon125-o.svg)Tips: *You can also select one or more shortcuts to switch the keyboard layouts in order. Select **Applies to** to make the keyboard layout after switching be applied to the whole system or current application.* + +#### System Language + +The system language is the language you selected when you installed the system by default, which can be changed at any time. + +##### Add System Language +Add multiple languages into the list to change language conveniently. + +1. On the homepage of Control Center, click ![keyboard_normal](./figures/icon86-o.svg). +2. Click **System Language**. +3. Click ![add](./figures/icon50-o.svg) to enter the language list. +4. Select the language you want, and it will be added into system language list automatically. + +##### Change System Language + +1. On the homepage of Control Center, click ![keyboard_normal](./figures/icon86-o.svg). +2. Click **System Language**. +3. Select the language you want to switch to, and the language package will be installed automatically. +4. After being successfully installed, log out and log in again to view the changes. + +> ![attention](./figures/icon52-o.svg)Attention: *The keyboard layout may also be changed in the process of switching the system language. Please make sure that you select a correct keyboard layout to enter the login password.* + +#### Shortcuts +The shortcut list includes all shortcuts in the system. View, modify and customize the shortcuts here as you want. + +![0|shortcut](./figures/59.png) + +##### View Shortcuts + +1. On the homepage of Control Center, click ![keyboard_normal](./figures/icon86-o.svg). +2. Click **Shortcuts**. +3. You can search or view the default shortcuts for system, window and workspace. + + +##### Modify Shortcuts + +1. On the homepage of Control Center, click ![keyboard_normal](./figures/icon86-o.svg). +2. Click **Shortcuts**. +3. Click the shortcut you want to modify. +4. Press new shortcut to change it. + +> ![tips](./figures/icon125-o.svg)Tips: *To disable a shortcut, please press ![Backspace](./figures/icon54-o.svg) on the keyboard. To cancel modifying, press **Esc** or click Restore Defaults at the bottom.* + +##### Customize Shortcuts + +1. On the homepage of Control Center, click ![keyboard_normal](./figures/icon86-o.svg). +2. Click **Shortcuts**. +3. Click ![add](./figures/icon50-o.svg). +4. Enter the name, command and shortcut. +5. Click **Add**. +6. After being successfully added, click **Edit**. +7. Click ![delete](./figures/icon71-o.svg) to delete the custom shortcut. + +> ![tips](./figures/icon125-o.svg)Tips: *To change the shortcut, click it and press a new shortcut to change it directly. To edit the name and command of the custom shortcut, click **Edit ** > ![edit](./figures/icon75-o.svg) near the shortcut name to enter the shortcut settings.* + +### System Info + +You can view system version, authorization info, hardware info, and the agreements here. + +![0|info](./figures/48.png) + +#### About This PC + +1. On the homepage of Control Center, click ![system_info_normal](./figures/icon120-o.svg). +2. Under **About This PC**, you can view system version, authorization and hardware information. +3. If the system has not been activated, click **Activate** to activate the system. + +#### Edition License + +1. On the homepage of Control Center, click ![system_info_normal](./figures/icon120-o.svg). +2. View the system edition license under **Edition License**. + +#### End User License Agreement + +1. On the homepage of Control Center, click ![system_info_normal](./figures/icon120-o.svg). +2. View the End User License Agreement under **End User License Agreement**. + +## Keyboard Interaction + +You can use the keyboard to switch between various interface areas, select objects and perform operations. + +| Key | Function | +| :----------------------------------------------------------- | :----------------------------------------------------------- | +| **Tab** | Switch between different areas or dialog buttons. | +| ![Up](./figures/icon127-o.svg) ![Down](./figures/icon73-o.svg) ![Left](./figures/icon88-o.svg) ![Right](./figures/icon111-o.svg) | Used to select different objects in the same area. Press ![Right](./figures/icon111-o.svg) to enter the lower menu and ![Left](./figures/icon88-o.svg) to return to the upper menu. Press![Up](./figures/icon127-o.svg)and ![Down](./figures/icon73-o.svg) to switch between up and down. | +| **Enter** | Execute the selected operation. | +| **Space** | Preview the selected object in File Manager; start and pause the playback in Music and Movie; expand the drop-down options in the drop-down list (The enter key is also available.). | +| **Ctrl** + **M** | Open the right-click menu. | + diff --git a/docs/en/docs/desktop/Install_XFCE.md b/docs/en/docs/desktop/Install_XFCE.md new file mode 100644 index 0000000000000000000000000000000000000000..86f38042128e735306f96ffe379b511372346f72 --- /dev/null +++ b/docs/en/docs/desktop/Install_XFCE.md @@ -0,0 +1,69 @@ +# Xfce Installation + +Xfce is a lightweight Linux desktop. In the current version, all components have been updated from GTK2 to GTK3 and from D-Dbus Glib to GDBus. Most components support GObject Introspection (GI), which is used to generate and parse the API meta information of the C program library, so that the dynamic language (or managed language) can be bound to the program library based on C + GObject. In the current version, user experience is optimized, new features are added, and a large number of bugs are fixed. Xfce occupies fewer memory and CPU resources than other UIs (GNOME and KDE), providing smoother and more efficient user experience. + +Xfce supports the x86\_64 and AArch64 architectures. + +You are advised to create an administrator during the installation. + +1. [Download](https://www.openeuler.org/en/download/archive/detail/?version=openEuler%2020.03%20LTS%20SP4) the openEuler ISO image and install the system. Run the following command to update the software source. You are advised to configure the Everything source and the EPOL source. This document describes how to install Xfce in the minimum installation scenario. + + ```shell + sudo dnf update + ``` + +2. Run the following command to install the font library: + + ```shell + sudo dnf install dejavu-fonts liberation-fonts gnu-*-fonts google-*-fonts + ``` + +3. Run the following command to install Xorg: + + ```shell + sudo dnf install xorg-* + ``` + +4. Run the following command to install Xfce: + + ```shell + sudo dnf install xfwm4 xfdesktop xfce4-* xfce4-*-plugin + ``` + +5. Run the following command to install the login manager: + + ```shell + sudo dnf install lightdm lightdm-gtk + ``` + +6. Run the following command to start Xfce using the login manager: + + ```shell + sudo systemctl start lightdm + ``` + + After the login manager is started, choose **Xfce Session** in the upper right corner and enter the user name and password to log in. + +7. Run the following command to set the GUI to start upon system boot: + + ```shell + sudo systemctl enable lightdm + sudo systemctl set-default graphical.target + ``` + + If GDM is installed by default, you are advised to disable GDM. + + ```shell + systemctl disable gdm + ``` + +8. Restart the server. + + ```shell + sudo reboot + ``` + +9. FAQs + **Why Is the Background Color of the LightDM Login Page Black?** + The login page is black because `background` is not set in the default configuration file **/etc/lightdm/lightdm-gtk-greeter.conf** of lightdm-gtk. + Set `background=/usr/share/backgrounds/xfce/xfce-blue.jpg` in the `greeter` section at the end of the configuration file, and then run the `systemctl restart lightdm` command. diff --git a/docs/en/docs/desktop/Kiran_userguide.md b/docs/en/docs/desktop/Kiran_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..80c2bc27d8e1cb2100cfc66a7cb50dcec4a0475b --- /dev/null +++ b/docs/en/docs/desktop/Kiran_userguide.md @@ -0,0 +1,298 @@ +# Kiran Desktop Environment + +## 1. Overview + +Kiran desktop environment is a stable, efficient, and easy-to-use desktop environment oriented towards user and market requirements. It consists of the desktop, taskbar, tray, control center, and window management components. This document describes how to use the Kiran desktop. + +## 2. Desktop + +### 2.1. Login Screen + +After the installation is complete, restart the system. After the system is started, enter the user name and password to log in to the system. The login screen displays the time, date, power button, and soft keyboard button. The adaptive UI supports screen zooming and multi-screen display. The login dialog box can be switched between screens following the mouse pointer. + +![Figure 1 Login screen](figures/kiran-1.png) + +### 2.2. Main Screen + +Enter the correct user name and password to log in to the system. The main screen is displayed, as shown in the following figure: + +![Figure 2-Main screen ](figures/kiran-2.png) + +Several icons are displayed on the desktop, such as **Computer**, **Home** folder, and **Trash**. The panel, located at the bottom of the screen, allows you to launch applications and switch between virtual desktops. +A desktop is a working area of a user. You will perform operations and run applications on the desktop. You can place the files and applications on the desktop for easy access. Double-click the icons to run the corresponding applications or open the files. You can drag, add, or delete desktop icons. Desktop icons allow you to complete your work more conveniently. + +![Figure 3-Computer](figures/kiran-3.png) **Computer**: Double-click to display all the local and remote disks and folders accessed from this computer. + +![Figure 4-Home folder](figures/kiran-4.png) **Home** folder: Double-click to display the contents in the home directory of the current user. + +![Figure 5- Trash](figures/kiran-5.png) **Trash**: Deleted files are temporarily stored in Trash. + +Shortcut menu: Right-click on the desktop to display the shortcut menu, which provides shortcuts for icon management, folder creation, document creation, desktop background settings, and theme settings. + +**Create Folder**: Creates a folder. + +**Create Launcher...**: Creates a launcher. + +**Create Document**: Creates an empty plain-text file. + +**Open Terminal...**: Opens the terminal application. + +**Organize Desktop by Name**: Sorts desktop files by name. + +**Keep Aligned**: If this option is selected, the desktop icons are aligned to the grid. + +**Change Desktop Background**: Opens Background to change the background picture of the desktop or lock screen. + +### 2.3 Panel + +The panel is usually located at the bottom of the screen and includes the start menu button, quick launch area, icons of frequently used applications and desktop applets, and taskbar that displays the currently running application. +When you hover the mouse pointer over an icon for several seconds, a white dialog box is displayed, describing the function of the icon. + +![Figure 6-System panel](figures/kiran-6.png) + +## 3. Taskbar + +Taskbar: displays running applications or opened documents. You can click an item on the taskbar to maximize or minimize the selected application window. You can right-click an item and choose Maximize, Minimize, or Close the application window from the shortcut menu. + +| Component | Description | +| :------------------------------------------------------ | :------------------------------------------------------------------------------------------------------------------ | +| ![Figure 7-Start Menu](figures/kiran-7.png) | Start Menu button: Similar to the Start button in Windows. When you click it, the cascaded start menu is displayed. | +| ![Figure 8 Workspace button](figures/kiran-8.png) | Click to display the workspaces. | +| ![Figure 9 File browser button](figures/kiran-9.png) | Click to start the file browser to view and manage files. | +| ![Figure 10 Terminal button](figures/kiran-10.png) | Click to start the terminal. | +| ![Figure 11 Web browser button](figures/kiran-11.png) | Click to start the Firefox browser. | +| ![Figure 12 Network control icon](figures/kiran-12.png) | Displays the current network status. Click to modify the network configuration. | +| ![Figure 13-Clock button](figures/kiran-13.png) | Displays the current date and time. You can customize the display style as required. | + +## 4. Control Center + +### 4.1. Start Menu Settings + +Choose **Start Menu** > **Control Center** > **Start Menu** Settings. +You can set the display mode and opacity of the start menu, as shown in the following figure: + +![Figure 14-Start Menu Settings](figures/kiran-14.png) + +The appearance start menu changes based on the opacity and display mode, as shown in the following figure: + +![Figure 15-Start menu](figures/kiran-15.png) + +### 4.2. Greeter Settings + +Choose **Start Menu** > **Control Center** > **Greeter Settings**. +In the Kiran desktop, you can set the login screen appearance by choosing **Greeter Settings** in **Control Center**, including the background image of the login screen, whether to enable automatic login, zoom ratio, whether to allow login by entering the user name, and whether to display the user list, as shown in the following figure: + +![Figure 16-Greeter Settings](figures/kiran-16.png) + +You can also set automatic login. Set the user name and delay for automatic login. After the system is restarted, the user automatically logs in without entering the password. + +![Figure 17 Autologin settings](figures/kiran-17.png) + +### 4.3 Display Settings + +Display attribute customization is required for every desktop environment. The Kiran desktop provides a powerful tool for customizing display attributes. You can choose **Start Menu** > **Control Center** > **Display Settings** to open the **Display Settings** window, as shown in the following figure: + +![Figure 18-Display Settings](figures/kiran-18.png) + +You can set the screen rotation, resolution, refresh rate, zoom rate, and flip. After the settings are complete, click **Apply**. + +### 4.4 Mouse Settings + +Configure the mouse by selecting **Kiran Cpanel Mouse** in **Control Center**. You can select left-hand or right-hand mode, adjust the mouse pointer speed, set whether to scroll naturally, and set whether to enable the middle button emulation by pressing the left and right button simultaneously. The following figure shows the normal mouse setting window: + +![Figure 19-Kiran Cpanel Mouse](figures/kiran-19.png) + +### 4.5. Account Manager + +Account Manager is an easy-to-use tool for managing users and user groups. You can use this tool to: + +1. Add users and set user attributes. +2. Modify user attributes. +3. View user attributes. +4. Delete users. + +User attributes include the user name, password, and login shell. User group attribute indicates the users in the user group. + +#### 4.5.1 Starting Account Manager + +In **Control Center**, choose **Account Manager** to start the account management tool, as shown in the following figure: + +![Figure 20 Account Manager](figures/kiran-20.png) + +In the window, you can see the user list on the left and the detailed information on the right. Currently, all users in the system except the root user are listed. Click a user on the left. The detailed information about the user is displayed, including the user ID and user type. +Click **Create new user**. On the page that is displayed on the right, enter the user name, user type, and password, and change the avatar as required. After setting the attributes, click **Confirm**. + +![Figure 21 Creating an account](figures/kiran-21.png) + +**Note**: If you have set the minimum length of a password (for example, four digits), you must enter a password of at least four digits. Otherwise, the system will not accept the password. + +Click the avatar area to change the avatar. The system has built-in avatars for you to select. You can also add your own avatar and click Confirm to save the settings. + +![Figure 22-Change avatar](figures/kiran-22.png) + +#### 4.5.2. Deleting a User + +Click the user to be deleted in the left area and click **Delete** on the toolbar on the right, as shown in the following figures: + +![Figure 23 Deleting a user](figures/kiran-23.png) +![Figure 24-Confirming the deletion](figures/kiran-24.png) + +In the displayed dialog box, click **No** to cancel the deletion, or click **Yes** to confirm the deletion. + +#### 4.5.3. Advanced Settings + +Choose **Create new user**, enter the user name and password, and then choose **Advanced Settings**. In the displayed dialog box, set the login shell, user ID, and user home directory. + +![Figure 25-Advanced Settings](figures/kiran-25.png) + +### 4.6. Appearance + +Display attribute customization is required for every desktop environment. The Kiran desktop provides a powerful tool for customizing display attributes. Appearance is a tool that provides unified configuration and management for the desktop background, theme, and font of the system. +Choose **Start Menu** > **Control Center** > **Appearance**. The **Appearance** window is displayed, as shown in the following figure: + +![Figure 26-Appearance Preferences](figures/kiran-26.png) + +#### 4.6.1. Theme + +Theme can be used to set the style of the dialog boxes, menus, system panels, and icons in a unified manner or separately according to your preference. + +1. Theme Settings + The system provides multiple themes by default. You can view the theme information in the **Theme** tab page. Click the theme in the **Theme** tab page to set the system theme, as shown in the following figure: + +![Figure 27 Theme settings](figures/kiran-27.png) + +2. Customizing a Theme + You can click Customize... to customize a theme based on your preferences, as shown in the following figure. Customization options include controls, color, window border, icons, and pointer. + +![Figure 28-Customize theme](figures/kiran-28.png) + +#### 4.6.2. Background + +You can set the desktop background, including the color and style. + +1. Background image settings + As shown in the following figure, click a wallpaper in the wallpaper area to set it as the desktop wallpaper. + +![Figure 29-Background Settings](figures/kiran-29.png) + +2. Style + You can choose how the wallpaper fits the screen by choosing a style from the drop-down list. The styles include tile, zoom, center, scale, stretch, and span. + +3. Adding and removing wallpapers + You can click **Add...** to add your own wallpaper, as shown in the following figure: + +![Figure 30-Add wallpaper](figures/kiran-30.png) + +Click **Open** to add the wallpaper. +You can also click **Remove** to remove wallpapers that you do not like. Simply select a wallpaper and click **Remove**. + +4. Desktop background color filling settings + You can set a color as the background. In the wallpaper tab page, choose **No Desktop Background** to use a color as the background. + The color filling styles include solid color, horizontal gradient, and vertical gradient. + +![Figure 31-Background color filling](figures/kiran-31.png) + +#### 4.6.3. Font + +1. Font Settings + +You can set the fonts of the GUI of the system. The font styles include application, document, desktop, window title, and fixed width fonts. + +![Figure 32-Font settings](figures/kiran-32.png) + +1. Font rendering and details settings + +Font rendering settings: You can choose one of the following font rendering styles: monochrome, best shapes, best contrast, and subpixel smoothing. +By default, **best shapes** is used, as shown in the following figure: + +![Figure 33 Font rendering settings](figures/kiran-33.png) + +1. Font Details Settings + You can click **Details...** to set the font details. Details settings include resolution, smoothing, hinting, and subpixel order. + +![Figure 34-Font details setting](figures/kiran-34.png) + +You can choose wether to display icons in menus and on buttons. + +![Figure 35-Icon display settings](figures/kiran-35.png) + +## 5. Desktop Applications + +### 5.1. Text Editor + +To launch the text editor, click **Start Menu**> **All applications** > **Utilities**> **Pluma**. You can also start the text editor by entering **pluma** in the shell prompt. +A text editor is one of the most commonly used tools in all computer systems. Whether to you are creating a plain text file, data file, or source program, you need to use an editor. The text editor is used to view and modify plain text files. Plain text files, such as system logs and configuration files, are common text files that do not contain fonts or style formats. + +![Figure 36-Text editor](figures/kiran-36.png) + +### 5.2. Terminal + +In the desktop environment, you can use the Terminal application to enter the command line interface. To start Terminal, choose **Start Menu** > **All applications** > **Utilities** > **Terminal**, or click the icon on the desktop panel. + +![Figure 37-Terminal](figures/kiran-37.png) + +### 5.3. Firefox + +To launch Firefox, click **Start Menu** > **All applications** > **Network** > **Firefox**. +Firefox is a free and open source web browser. It uses the Gecko rendering engine and supports multiple operating systems, such as Windows, Mac OS X, and GNU/Linux. Firefox is small in size, fast in speed, and has other advanced features, such as tabbed browsing, faster loading speed, pop-up blocker, customizable toolbar, extension management, better search features, and a convenient sidebar. + +![Figure 38 Firefox](figures/kiran-38.png) + +### 5.4 Screenshot Tool + +Choose **Start Menu** > **All applications** > **Graphics** > **Screenshot tool** to start the screenshot tool. +Screenshot tool is a small and flexible screenshot software of the Kiran desktop. The operation UI is simple and easy to use. When the software is started, the icon of the screenshot tool is added to the tray. + +![Figure 39-Screenshot icon in the tray](figures/kiran-39.png) + +Click the icon to display the screenshot interface. You can select the screenshot area. You can right-click the icon and choose Open Launcher to set the capture area and delay. + +![Figure 40-Screenshot UI](figures/kiran-40.png) +![Figure 41-Launcher UI](figures/kiran-41.png) + +In the displayed dialog box, click **√** to save the file to the desktop, or choose Options and select a custom save location, as shown in the following figure: + +![Figure 42-Screenshot process](figures/kiran-42.png) + +### 5.5 Network Settings + +The Kiran desktop uses NetworkManager as the network configuration tool. NetworkManager can set, configure, and manage various network types, and provides advanced support for mobile broadband devices, Bluetooth, and IPv6 protocol. Choose Start Menu > **Control Center** > **Advanced Network Configuration**, or right-click the network icon in the lower right corner of the desktop and choose **Edit Connections...**, as shown in the following figure: + +![Figure 43-NetworkManager](figures/kiran-43.png) + +Wired connection settings: +Select the current NIC. For example, **ens33** is the NIC of the current system. Select the NIC and click the edit button. The NIC editing dialog box is displayed: + +![Figure 44 Editing an NIC](figures/kiran-44.png) + +IPv4 Settings are frequently used. In this example, DHCP is selected to obtain the IP address and DNS server. The system automatically obtains an IP address for the user. +When you need to manually enter the IP address, select **Manual** from the **Method** drop-down list, as shown in the following figure: + +![Figure 45 IPv4 settings](figures/kiran-45.png) + +Click **Add**, enter the IP address, subnet mask, gateway, and DNS server, as shown in the following figure: + +![Figure 46 Setting the network IP address and DNS](figures/kiran-46.png) + +Enter the IP address, subnet mask, gateway, and DNS, and Click **Save**. Click the network icon in the lower right corner of the desktop, choose **Disconnect** to disconnect from the network, and then reconnect to the network. + +--- + +### 5.6. Time and Date Manager + +To set the date and time, select **Time And Date Manager** in **Control Center**, or click the date area in the lower right corner of the desktop. The following window is displayed: + +![Figure 47 Time And Date Manager](figures/kiran-47.png) + +Automatic synchronization: Enable **Automatic synchronization** and connect to the Internet to automatically synchronize the date and time. +Time zone settings: Click **Change Time Zone**, select a time zone from the list on the right, and then click **Save**. + +![Figure 48 Change Time Zone](figures/kiran-48.png) + +Manually set the time: Disable **Automatic synchronization** and click **Set Time Manually** to manually set the year, month, day, and time. After the modification is complete, click **Save**. + +![Figure 49 Set Time Manually](figures/kiran-49.png) + +Modifying the date format: Click **Time date format setting** to modify the date format. You can set the long and short date display formats, time format, and whether to display seconds. + +![Figure 50 Time date format setting](figures/kiran-50.png) diff --git a/docs/en/docs/desktop/UKUI-user-guide.md b/docs/en/docs/desktop/UKUI-user-guide.md new file mode 100644 index 0000000000000000000000000000000000000000..7178123ed67e6ff0007b8bf52ef493bae479b5c3 --- /dev/null +++ b/docs/en/docs/desktop/UKUI-user-guide.md @@ -0,0 +1,398 @@ +# UKUI Desktop Environment + +## Overview + +Desktop Environment is the basis for the user's operation on the graphical interface, and provides multiple functions including taskbar, start menu, etc. The main interface is shown in figure below. + +![Fig. 1 Desktop main interface-big](./figures/1.png) + +## Desktop + +### Desktop's Icons + +The system places three icons Computer, Recycle Bin and Personal by default, and double click the left mouse button to open the page. The functions are shown in table below. + +| Icon | Description | +| :------------ | :------------ | +| ![](./figures/icon1.png) | Computer: Show the drives and hardwares connected to the machine| +| ![](./figures/icon2.png) | Recycle Bin: Show documents that have been diverted| +| ![](./figures/icon3.png) | Personal: Show personal home directory| + +
+ +In addition, right-clicking "Computer" and selecting "Properties", it can show the current system version, kernel version, activation and other related information. + +![Fig. 2 "Computer" - "Properties"-big](./figures/2.png) + +### Right-click Menu + +Right-click on the desktop blank and a menu appears as shown in figure below, providing the users with some shortcut features. + +![Fig. 3 Right-click Menu](./figures/3.png) + +Some of the options are described in table below. + +| Option | Description | +| :------------ | :------------ | +| New | Create new folders, text documents, WPS files | +| View type | Four view types are available: small icon, medium icon, large icon, super large icon | +| Sort by | Four ways to arrange documents according to name, type of document, size and date of modification | + +
+ +## Taskbar + +### Basic Function + +Taskbar is located at the bottom and includes the Start Menu, Multi View Switch, File Browser, Firefox Web Browser, WPS, and Tray Menu. + +![Fig. 4 Taskbar](./figures/4.png) + +| Component | Description | +| :------------ | :------------ | +|![](./figures/icon4.png)| Start menu: Open the system menu to find applications and files | +|![](./figures/icon5.png)| Multi View Switch: Operate in multiple workspaces without interfering with each other | +|![](./figures/icon6.png)| File Browser: Browse and manage documents in the system | +|![](./figures/icon7.png)| Firefox Web Browser: Provide a convenient and safe way to access the Internet | +|![](./figures/icon8.png)| WPS: Realize the most common functions of office software such as text, forms, presentations, and more | +|Window Display Area| The blank part in the middle of the horizontal bar. Display running programs, opened documents, and allow users to close the windows, top the windows, etc | +|![](./figures/icon9.png)| Tray Menu: Include settings for voice, Kylin weather,input method, internet connection, notification center, date, and night mode | +|Show Desktop| The button is on the far right. Minimize all windows on the desktop and return to the desktop; Clicking again will restore the windows | + +#### Multi View Switch + +Click the icon "![](./figures/icon5.png)" on the taskbar to enter the interface shown in figure below, and select the operation area that users need to work on at the moment in multiple work areas. + +![Fig. 5 Multi View Switch-big](./figures/5.png) + +#### Preview Window + +Users move the mouse over the app icon in the taskbar, and then a small preview window will be shown if this app has already been opened. + +Hover over the specified window as shown below for hover state, the window will be slightly fuzzy glass effect (left), the rest of the window as default Status (right). + +![Fig. 6 Taskbar - Preview Window](./figures/6.png) + +Users can close the application by right-clicking on the app icon in the taskbar. + +![Fig. 7 Taskbar - Right-click Preview](./figures/7.png) + +#### Sidebar + +The sidebar is located at the right of the entire desktop. Click the icon "![](./figures/icon11-o.png)" in the taskbar tray menu to open the storage menu, and click the icon "![](./figures/icon12-o.png)" in Sidebar to pop up the sidebar as shown in figure below. + +The sidebar consists of two parts: Notification Center, Clipboard and Widget. + +![Fig. 8 Sidebar without message status-big](./figures/8.png) + +##### Notification Center + +Notification center will display a list of recent important and newest information. + +Select "Clear" in the upper right corner to clear the list of information; Select "Setting" in the upper right corner to go to the notification settings in the control center, and users can set which applications can show information and the quantity of information. + +![Fig. 9 Notification Center-big](./figures/9.png) + +Workspace at right side can be set to fold by applications. + +![Fig. 10 Fold messages by applications-big](./figures/10.png) + +Icon "![](./figures/icon13-o.png)" at the top right corner of the sidebar can store unimportant information. When the messages are more than 999+, it will be shown as the form of ![](./figures/icon14-o.png) which means limitless. + +![Fig. 11 Message Organizer](./figures/11.png) + +##### Clipboard + +Clipboard can save the contents those were recently selected to copy or cut, and users can operate them by using the icons in Table. + +![Fig. 12 Clipboard](./figures/12.png) + +Clicking "![](./figures/icon15-o.png)", users can edit the the contents of the clipboard. + +![Fig. 13 edit the content](./figures/13.png) + +| Icon | Description | Icon | Description | +| :------------ | :------------ | :------------ | :------------ | +| ![](./figures/icon16.png) | Copy the content | ![](./figures/icon18.png) | Edit the content | +| ![](./figures/icon17.png) | Delete the content | | | + +
+ +The second label of the clipboard is the small plug-in that contains alarm clock, notebook, user feedback. + +![Fig. 14 Plug-in](./figures/14.png) + +#### Tray Menu + +##### Storage Menu + +Click "![](./figures/icon19-o.png)" at the tray menu to open the storage menu. + +It contains Kylin Weather, Input Method, Bluetooth, USB, etc. + +![Fig. 15 Storage Menu](./figures/15.png) + +##### Input Method + +The taskbar input method defaults to Sogou input method. Use the shortcut key "Ctrl+Space" to switch it out, and the "Shift" key to switch between Chinese and English modes. + +![Fig. 16 Input Method](./figures/16.png) + +##### USB + +When the USB is inserted into the computer, it will be automatically read the data inside. + +Click "![](./figures/icon26-o.png)" to open the window as shown in figure below. + +When users need to umount the USB, please click the icon "![](./figures/icon27-o.png)". + +![Fig. 17 The status of USB](./figures/17.png) + +##### Power Supply + +Click the icon "![](./figures/icon28-o.png)": + +When no power supply is detected. + +![Fig. 18 No Power Supply](./figures/18.png) + +When power supply is detected. + +![Fig. 19 Have Power Supply](./figures/19.png) + +Users right-click the icon "![](./figures/icon30-o.png)" of power manager to open the power setting menu. + +It provides two setting options: adjust screen brightness, and set power and sleep. + +![Fig. 20 Power Manager](./figures/20.png) + +If the power manager pops up a"low battery" window, users can click to turn on the power save mode, and the power manager will set the machine to run in this mode immediately. + +![Fig. 21 Power Saving Mode](./figures/21.png) + +##### Network + +Users can choose wired or wireless network connections by clicking the icon "![](./figures/icon31-o.png)" of network manager. + +| Icon | Description | Icon | Description | +| :------------ | :------------ | :------------ | :------------ | +|![](./figures/icon32.png)| Connected |![](./figures/icon37.png)| Unconnected | +|![](./figures/icon33.png)| Connection limited |![](./figures/icon38.png)| Locked | +|![](./figures/icon34.png)| Connecting |![](./figures/icon39.png)| Wifi connected | +|![](./figures/icon35.png)| Wifi unconnected |![](./figures/icon40.png)| Wificonnection limited | +|![](./figures/icon36.png)| Wifi locked |![](./figures/icon41.png)| Wifi connecting | + +
+ +![Fig. 22 Network Connection](./figures/22.png) + +- Wired Network + In the wired network connection interface, click on the wired network plan to expand. Details of the network. + + ![Fig. 23 Wired Network](./figures/23.png) + +- Wireless Network + Click the switch button in the upper right corner to turn on the wireless network connection, and select the WiFi from the list of available wireless networks. Enter the password to access the Internet. + + ![Fig. 24 Wireless Network](./figures/24.png) + +- Network Setting + Right-click the icon "![](./figures/icon42-o.png)" of network manager to pop up the setting menu. + + ![Fig. 25 Wired Network Setting](./figures/25.png) + + Click network setting to go to the setting window immediately. + + ![Fig. 26 Network Setting](./figures/26.png) + +##### Volume + +Click the icon "![](./figures/icon43-o.png)" to open the volume window, and there provides three modes. + +- Mini Mode + It only displays the volume of the speaker. + + ![Fig. 27 Mini Mode](./figures/27.png) + +- According to Equipment + It contains input equipments and output equipments. + + ![Fig. 28 According to Equipment List](./figures/28.png) + +- According to Application + It contains system volume and other applications' volumes. + + ![Fig. 29 According to Application List](./figures/29.png) + +##### Calendar + +Click the date&time on the taskbar to open the calendar window. + +Users can view the day's information by filtering the year, month, day. The date will be displayed in large letters, with the time, the week, the festival,and the lunar calendar. Taboos can be seen by checking. + +![Fig. 30 Calendar-big](./figures/30.png) + +##### Night Mode + +Click the icon "![](./figures/icon44-o.png)" on the Taskbar and then the system changes to the night mode. + +#### Advanced Setting + +Right-click the Taskbar to open the menu. + +![Fig. 31 Right-Clicking Menu](./figures/31.png) + +Users can set the layout of the taskbar in "Taskbar Settings." + +
+ +## Window + +### Window Manager + +The functions provided as shown in Table. + +| Function | Description | +| :--------| :----------| +| Title Bar | Show the title name of current window | +| Minimize/Maximize/Close | The three icon buttons at the right of the title bar correspond to minimize, maximize and close respectively | +| Side Sliding | Users can scroll up and down to view the page by the slider at the right of the window | +| Stack | Allow overlap among windows | +| Drag and Drop | Long press the left mouse button at the title bar to move the window to any position | +| Resize | Move the mouse to the corner of the window and long press the left button to resize the window | + +
+ +### Window Switch + +There are three ways to switch windows: + +- Click the window title on the Taskbar. + +- Click the different window at the desktop. + +- Use shortcut keys < Alt > + < Tab >. + +
+ +## Start Menu + +### Basic Function + +Click the button to open the "Start Menu". + +It provides sliding bar. + +![Fig. 32 Start Menu](./figures/32.png) + +#### Category Menu at right side + +When the mouse is over the right side of the start menu, it will appear a pre-expanded cue bar. Clicking to expand, and then three categories are showing at the right side by default: "Common Software", "Alphabetical Category", and "Functional category". + +- All Software: List all software, recently used software will be displayed on the top of this page. + +- Alphabetical Category: List all softwares by first letter. + +- Functional category: List all softwares by their functions. + +Users can click the button at top right corner to view fullscreen menu mode. + +![Fig. 33 Fullscreen Menu-big](./figures/33.png) + +#### Function Button at right side + +It provides User Avatar, Computer, Control Center and Shutdown four options. + +##### User Avatar + +Click "![](./figures/icon45-o.png)" to view user's information. + +##### Computer + +Click "![](./figures/icon46-o.png)" to open personal home folder + +##### Control Center + +Click "![](./figures/icon47-o.png)" to go to the control center. + +##### Shutdown + +###### Lock Screen + +When users do not need to use the computer temporarily, the lock screen can be selected (without affecting the current running state of the system) to prevent misoperations. And input the password to re-enter the system. + + The system will automatically lock the screen after a period of idle time by default. + +![Fig. 34 Lock Screen-big](./figures/34.png) + +###### Switch Users & Log Out + +When users want to select another user to log in using the computer, users can select "Log out" or "Switch user". + +At this point, the system will close all running applications; Therefore, please save the current jobs before performing this action. + +###### Shutdown & Reboot + +There are two ways: + +1)"Start Menu" > "Power" > "Shutdown" + +It will pop up a dialog box, and users can choose shutdown or reboot as needed. + +![Fig. 35 Shutdown Dialog Box-big](./figures/35.png) + +2)"Start Menu" > right side menu of the "Shutdown" button > "Shutdown"/"Reboot" + +The system will shutdown or reboot immediately without popping up the dialog box. + +### Advanced Setting + +Right-clicking Start Menu, it provides lock screen, switch user, log out, reboot, and shutdown five shortcut options. + +### Applications + +Users can search apps in the search box by key words. As shown in figure below, the result will show up automatically with the input. + +![Fig. 36 Search Apps](./figures/36.png) + +Right-clicking one app in the Start Menu, the right-click menu popping up. + +![Fig. 37 Right-click Menu](./figures/37.png) + +The options are described in table below. + +| Option | Description | +| :------| :--------| +| Attach to "All Software" |Add the selected software to the top of the list of All Software| +| Attach to Taskbar |Generate icon for the application on the Taskbar| +| Add to Desktop Shortcut |Generate shortcut icon for the application on the desktop| +| Uninstall |Remove the application| + +
+ +## FAQ + +### Can't login to the system after locking the screen? + +- Switch to character terminal by < Ctrl + Alt + F1 >. + +- Input the user-name and passwd to login to the system. + +- Do "sudo rm -rf ~/.Xauthority". + +- Switch to graphical interface by < Ctrl + Alt + F7 >, and input the passwd. + +
+ +## Appendix + +### Shortcut Key + +|Shortcut Key|Function| +| :------ | :----- +| F5 | Refresh the desktop | +| F1 | Open the user-guide| +| Alt + Tab | Switch the window | +| win | Open the Start Menu | +| Ctrl + Alt + L | Lock Screen | +| Ctrl + Alt + Delete | Log out | diff --git a/docs/en/docs/desktop/Xfce_userguide.md b/docs/en/docs/desktop/Xfce_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..890662536708e7f7410b041e38927a9c7524725e --- /dev/null +++ b/docs/en/docs/desktop/Xfce_userguide.md @@ -0,0 +1,287 @@ +# Table of Contents + + + + + + +- [Table of Contents](#table-of-contents) +- [Xfce Desktop Environment](#xfce-desktop-environment) + - [1. Overview](#1-overview) + - [2. Desktop](#2-desktop) + - [2.1 Desktop Icons](#21-desktop-icons) + - [2.2 Shortcut Menu](#22-shortcut-menu) + - [3. Taskbar](#3-taskbar) + - [3.1 Basic Functions](#31-basic-functions) + - [3.1.1 Applications](#311-applications) + - [3.1.2 Window Display Area](#312-window-display-area) + - [3.1.3 Multi-View Switching](#313-multi-view-switching) + - [3.1.4 Tray](#314-tray) + - [3.1.4.1 Network](#3141-network) + - [3.1.4.2 Volume](#3142-volume) + - [3.1.4.3 Power supply](#3143-power-supply) + - [3.1.4.4 Notification Center](#3144-notification-center) + - [3.1.4.5 Calendar](#3145-calendar) + - [3.1.4.6 Advanced Settings](#3146-advanced-settings) + - [3.1.4.7 Login User Actions](#3147-login-user-actions) + - [3.1.4.7.1 Lock Screen](#31471-lock-screen) + - [3.1.4.7.2 Switch User](#31472-switch-user) + - [3.1.4.7.3 Suspend](#31473-suspend) + - [3.1.4.7.3 Shut Down](#31473-shut-down) + - [3.1.4.7.3 Log Out](#31473-log-out) + - [4. Shortcut Operation Bar](#4-shortcut-operation-bar) + - [4.1 Basic Functions](#41-basic-functions) + - [4.1.1 Show Desktop](#411-show-desktop) + - [4.1.2 Terminal](#412-terminal) + - [4.1.3 File Manager](#413-file-manager) + - [4.1.4 Web Browser](#414-web-browser) + - [4.1.5 Application Finder](#415-application-finder) + - [4.1.6 User Home Directory](#416-user-home-directory) + + + + +# Xfce Desktop Environment + +## 1. Overview + +Xfce is a lightweight desktop environment running on Unix-like operating systems. Xfce provides multiple functional components, including all applications. This document describes how to use Xfce. + +The following figure shows the WebUI. + +![Figure 1 Main screen of the desktop - big](./figures/xfce-1.png) + +
+ +## 2. Desktop + +### 2.1 Desktop Icons + +By default, icons such as the file system, main folder, and mount directory are placed. You can double-click the icons to open the page. + +![Figure 2 Default desktop icons - big](./figures/xfce-2.png) + +### 2.2 Shortcut Menu + +Right-click in the blank area on the desktop. The shortcut menus are displayed, as shown in the following figure. + +![Figure 3 Shortcut menu](./figures/xfce-3.png) + +The following table describes some options. + +| Parameter| Description| +|:----------|:----------| +| Open in New Window| Open the **Desktop** directory of the login user.| +| Create Launcher| Create a launcher.| +| Create URL Link| Create a URL link.| +| Create Folder| Create a folder.| +| Create Document| Create a text file.| +| Open Terminal Here| Create a terminal.| +| Arrange Desktop Icons| Automatically arrange desktop icons.| +| Desktop Settings| Set the background, menus, and icons.| +| Properties| Set desktop properties, such as the general, logo, and permission.| +| Applications| Applications| + +
+ +## 3. Taskbar + +### 3.1 Basic Functions + +The taskbar is located at the top, including application, window display area, multi-view switch, and tray menus. + +![Figure 4 Taskbar](./figures/xfce-4.png) + +| Component| Description| +|:----------|:----------| +| Applications| Display all applications and settings, and allow you to search for applications and settings.| +| Window display area| The blank area in the middle of the horizontal bar, which displays running programs or opened documents. You can minimize, maximize, close, or pin the window to the top.| +| Switching views| Perform operations in multiple workspaces without interfering with each other.| +| Tray| Set the network connection, sound, power, notification center, calendar, and login user actions.| + +#### 3.1.1 Applications + +![Figure 5 All applications – big](./figures/xfce-5.png) + +#### 3.1.2 Window Display Area + +![Figure 6 Window display area - big](./figures/xfce-6.png) + +#### 3.1.3 Multi-View Switching + +Click ![](./figures/xfce-7.png) in the taskbar to enter the corresponding work area. + +For example, you can use the mouse to switch among multiple workspaces to select the operation area that you want to work in. + +![Figure 7 Switching among multiple views - big](./figures/xfce-71.png) + +#### 3.1.4 Tray + +![Figure 8 Tray menu - big](./figures/xfce-8.png) + +##### 3.1.4.1 Network + +You can click ![](./figures/xfce-81.png) on the taskbar and select a network connection mode as required. + +![Figure 9 Network connection page](./figures/xfce-811.png) + +Network settings dialog box + +Right-click the network icon ![](./figures/xfce-81.png) on the taskbar. The network setting menu is displayed. + +![Figure 10 Network settings](./figures/xfce-812.png) + +Click **Edit Connections**. The network setting dialog box is displayed. + +![Figure 11 Network setting dialog box](./figures/xfce-813.png) + +Double-click the specified network connection, for example, **enp1s0**. The page for setting the connection is displayed. + +![Figure 12 Setting the wired network](./figures/xfce-814.png) + +##### 3.1.4.2 Volume + +Click the volume icon ![](./figures/xfce-82.png) on the taskbar to open the sound page. + +![Figure 13 Volume setting window](./figures/xfce-821.png) + +##### 3.1.4.3 Power supply + +Click ![](./figures/xfce-83.png) on the taskbar. + +![Figure 14 Power supply devices](./figures/xfce-831.png) + +You can click **Power Manager Settings** to configure the display and nodes. + +![Figure 15 Setting the power manager](./figures/xfce-832.png) + +##### 3.1.4.4 Notification Center + +Click ![](./figures/xfce-84.png) on the taskbar. + +![Figure 16 Notification center - big](./figures/xfce-841.png) + +You can disable the notification function by selecting **Do not disturb**. + +The notification center displays the latest important information list. You can click **Clear log** to clear the information list. + +You can click **Notification settings** to go to the notification setting page of the control panel and set the applications to be displayed and the number of messages to be displayed. + +![Figure 17 Notification center - big](./figures/xfce-842.png) + +##### 3.1.4.5 Calendar + +You can click the date and time on the taskbar to display the calendar window and view the calendar, month calendar, and annual calendar. + +You can choose a year, a month and a day to view the information of a specific day. + +![Figure 18 Calendar-big](./figures/xfce-85.png) + +Right-click the time and date on the taskbar and click **Properties** to set the time. + +![Figure 19 Date setting - big](./figures/xfce-851.png) + +#### 3.1.4.6 Advanced Settings + +Right-click the taskbar and choose **Panel** from the shortcut menu. + +![Figure 20 Shortcut menu on the taskbar](./figures/xfce-86.png) + +You can set the layout of the taskbar and add or delete items. + +![Figure 21 Shortcut menu on the taskbar](./figures/xfce-861.png) + +##### 3.1.4.7 Login User Actions + +Click the login user on the task bar to view related actions. + +![Figure 22 Actions of a login user](./figures/xfce-87.png) + +###### 3.1.4.7.1 Lock Screen + +If you use the computer currently, you can lock the screen (which does not affect the current running status of the system) to prevent misoperations. After locking the screen, you can enter the password to log in to the system again. + +By default, the system automatically locks the screen after a period of idle time. + +###### 3.1.4.7.2 Switch User + +If you want to log in to the computer as another user, choose **Switch User**. + +Then, the system closes all running applications. Therefore, before performing this operation, save the current work. + +###### 3.1.4.7.3 Suspend + +For the sake of environmental protection and energy saving, you can select **Suspend****.** + +After that, the related data is read into the memory. Do not switch the power supply. + +###### 3.1.4.7.3 Shut Down + +You can choose **Shut Down** to shut down a computer. + +Before performing this operation, save the current work. + +###### 3.1.4.7.3 Log Out + +To log out of the GUI, click **Log Out**. + +Then, the system closes all running applications. Therefore, before performing this operation, save the current work. + +
+ +## 4. Shortcut Operation Bar + +### 4.1 Basic Functions + +The shortcut operation bar is located at the bottom, including the icons for displaying all the desktops, terminals, file managers, web browsers, application search, and user home directories. + +![Figure 23 Shortcut operation bar](./figures/xfce-9.png) + +| Component| Description | +|:----------|:----------| +| Show Desktop| Hide all windows and show the desktop. Click again to restore the window.| +| Terminal| Open a terminal.| +| File Manager| Open a file manager.| +| Web Browser| Open a web browser.| +| Application Finder| Open the application search window.| +| User Home Directory| Open the home directory of the login user.| + +#### 4.1.1 Show Desktop + +Click ![](./figures/xfce-91.png) on the shortcut operation bar to display the desktop. + +![Figure 24 Showing the desktop - big](./figures/xfce-911.png) + +#### 4.1.2 Terminal + +Click ![](./figures/xfce-92.png) on the shortcut operation bar to open a terminal. + +![Figure 25 Terminal-big](./figures/xfce-921.png) + +#### 4.1.3 File Manager + +You can click the ![](./figures/xfce-93.png) icon on the shortcut operation bar to open a file manager. + +![Figure 26 File manager - big](./figures/xfce-931.png) + +#### 4.1.4 Web Browser + +You can click the ![](./figures/xfce-94.png) icon on the shortcut operation bar to open a web browser. + +![Figure 27 Web browser - big](./figures/xfce-941.png) + +#### 4.1.5 Application Finder + +You can click the ![](./figures/xfce-95.png) icon on the shortcut operation bar to open an application program search interface. + +![Figure 28 Searching for an application - big](./figures/xfce-951.png) + +#### 4.1.6 User Home Directory + +Click ![](./figures/xfce-96.png) on the shortcut operation bar and click **Open File**. The user home directory page is displayed. + +![Figure 29 User home directory - big](./figures/xfce-961.png) + +Click the ![](./figures/xfce-96.png) icon on the shortcut operation bar, and then click **Open in Terminal** to open a terminal. The current directory is the home directory of the user. + +![Figure 30 User home directory - big](./figures/xfce-962.png) \ No newline at end of file diff --git a/docs/en/docs/desktop/dde.md b/docs/en/docs/desktop/dde.md new file mode 100644 index 0000000000000000000000000000000000000000..96d37a7b4d8c7a4544454fce5ca5368845a560a7 --- /dev/null +++ b/docs/en/docs/desktop/dde.md @@ -0,0 +1,3 @@ +# DDE User Guide + +This section describes how to install and use the Deepin Desktop Environment (DDE). \ No newline at end of file diff --git a/docs/en/docs/desktop/desktop.md b/docs/en/docs/desktop/desktop.md new file mode 100644 index 0000000000000000000000000000000000000000..77075d3703803f5e70ba1c2991e709715a2b34f0 --- /dev/null +++ b/docs/en/docs/desktop/desktop.md @@ -0,0 +1,3 @@ +# Desktop Environment User Guide + +This document describes how to install and use several common desktop environments, which provide a user-friendly, secure, and reliable GUI for better user experience. diff --git a/docs/en/docs/desktop/figures/1.png b/docs/en/docs/desktop/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/en/docs/desktop/figures/1.png differ diff --git a/docs/en/docs/desktop/figures/10.png b/docs/en/docs/desktop/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/en/docs/desktop/figures/10.png differ diff --git a/docs/en/docs/desktop/figures/11.png b/docs/en/docs/desktop/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/en/docs/desktop/figures/11.png differ diff --git a/docs/en/docs/desktop/figures/12.png b/docs/en/docs/desktop/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/en/docs/desktop/figures/12.png differ diff --git a/docs/en/docs/desktop/figures/13.png b/docs/en/docs/desktop/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/en/docs/desktop/figures/13.png differ diff --git a/docs/en/docs/desktop/figures/14.png b/docs/en/docs/desktop/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/en/docs/desktop/figures/14.png differ diff --git a/docs/en/docs/desktop/figures/15.png b/docs/en/docs/desktop/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/en/docs/desktop/figures/15.png differ diff --git a/docs/en/docs/desktop/figures/16.png b/docs/en/docs/desktop/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/en/docs/desktop/figures/16.png differ diff --git a/docs/en/docs/desktop/figures/17.png b/docs/en/docs/desktop/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/en/docs/desktop/figures/17.png differ diff --git a/docs/en/docs/desktop/figures/18.png b/docs/en/docs/desktop/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/en/docs/desktop/figures/18.png differ diff --git a/docs/en/docs/desktop/figures/19.png b/docs/en/docs/desktop/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/en/docs/desktop/figures/19.png differ diff --git a/docs/en/docs/desktop/figures/2.png b/docs/en/docs/desktop/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/en/docs/desktop/figures/2.png differ diff --git a/docs/en/docs/desktop/figures/20.png b/docs/en/docs/desktop/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/en/docs/desktop/figures/20.png differ diff --git a/docs/en/docs/desktop/figures/21.png b/docs/en/docs/desktop/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/en/docs/desktop/figures/21.png differ diff --git a/docs/en/docs/desktop/figures/22.png b/docs/en/docs/desktop/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/en/docs/desktop/figures/22.png differ diff --git a/docs/en/docs/desktop/figures/23.png b/docs/en/docs/desktop/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/en/docs/desktop/figures/23.png differ diff --git a/docs/en/docs/desktop/figures/24.png b/docs/en/docs/desktop/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/en/docs/desktop/figures/24.png differ diff --git a/docs/en/docs/desktop/figures/25.png b/docs/en/docs/desktop/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/en/docs/desktop/figures/25.png differ diff --git a/docs/en/docs/desktop/figures/26.png b/docs/en/docs/desktop/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/en/docs/desktop/figures/26.png differ diff --git a/docs/en/docs/desktop/figures/27.png b/docs/en/docs/desktop/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/en/docs/desktop/figures/27.png differ diff --git a/docs/en/docs/desktop/figures/28.png b/docs/en/docs/desktop/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/en/docs/desktop/figures/28.png differ diff --git a/docs/en/docs/desktop/figures/29.png b/docs/en/docs/desktop/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/en/docs/desktop/figures/29.png differ diff --git a/docs/en/docs/desktop/figures/3.png b/docs/en/docs/desktop/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/en/docs/desktop/figures/3.png differ diff --git a/docs/en/docs/desktop/figures/30.png b/docs/en/docs/desktop/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/en/docs/desktop/figures/30.png differ diff --git a/docs/en/docs/desktop/figures/31.png b/docs/en/docs/desktop/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/en/docs/desktop/figures/31.png differ diff --git a/docs/en/docs/desktop/figures/32.png b/docs/en/docs/desktop/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/en/docs/desktop/figures/32.png differ diff --git a/docs/en/docs/desktop/figures/33.png b/docs/en/docs/desktop/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/en/docs/desktop/figures/33.png differ diff --git a/docs/en/docs/desktop/figures/34.png b/docs/en/docs/desktop/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/en/docs/desktop/figures/34.png differ diff --git a/docs/en/docs/desktop/figures/35.png b/docs/en/docs/desktop/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/en/docs/desktop/figures/35.png differ diff --git a/docs/en/docs/desktop/figures/36.png b/docs/en/docs/desktop/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/en/docs/desktop/figures/36.png differ diff --git a/docs/en/docs/desktop/figures/37.png b/docs/en/docs/desktop/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/en/docs/desktop/figures/37.png differ diff --git a/docs/en/docs/desktop/figures/38.png b/docs/en/docs/desktop/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/docs/en/docs/desktop/figures/38.png differ diff --git a/docs/en/docs/desktop/figures/39.png b/docs/en/docs/desktop/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/docs/en/docs/desktop/figures/39.png differ diff --git a/docs/en/docs/desktop/figures/4.png b/docs/en/docs/desktop/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/en/docs/desktop/figures/4.png differ diff --git a/docs/en/docs/desktop/figures/40.png b/docs/en/docs/desktop/figures/40.png new file mode 100755 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/docs/en/docs/desktop/figures/40.png differ diff --git a/docs/en/docs/desktop/figures/41.png b/docs/en/docs/desktop/figures/41.png new file mode 100755 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/docs/en/docs/desktop/figures/41.png differ diff --git a/docs/en/docs/desktop/figures/42.png b/docs/en/docs/desktop/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/docs/en/docs/desktop/figures/42.png differ diff --git a/docs/en/docs/desktop/figures/43.jpg b/docs/en/docs/desktop/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/docs/en/docs/desktop/figures/43.jpg differ diff --git a/docs/en/docs/desktop/figures/44.png b/docs/en/docs/desktop/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/docs/en/docs/desktop/figures/44.png differ diff --git a/docs/en/docs/desktop/figures/45.png b/docs/en/docs/desktop/figures/45.png new file mode 100755 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/en/docs/desktop/figures/45.png differ diff --git a/docs/en/docs/desktop/figures/46.png b/docs/en/docs/desktop/figures/46.png new file mode 100755 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/docs/en/docs/desktop/figures/46.png differ diff --git a/docs/en/docs/desktop/figures/47.jpg b/docs/en/docs/desktop/figures/47.jpg new file mode 100755 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/docs/en/docs/desktop/figures/47.jpg differ diff --git a/docs/en/docs/desktop/figures/48.png b/docs/en/docs/desktop/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/docs/en/docs/desktop/figures/48.png differ diff --git a/docs/en/docs/desktop/figures/49.png b/docs/en/docs/desktop/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/docs/en/docs/desktop/figures/49.png differ diff --git a/docs/en/docs/desktop/figures/5.png b/docs/en/docs/desktop/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/en/docs/desktop/figures/5.png differ diff --git a/docs/en/docs/desktop/figures/50.png b/docs/en/docs/desktop/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/docs/en/docs/desktop/figures/50.png differ diff --git a/docs/en/docs/desktop/figures/51.png b/docs/en/docs/desktop/figures/51.png new file mode 100755 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/docs/en/docs/desktop/figures/51.png differ diff --git a/docs/en/docs/desktop/figures/52.png b/docs/en/docs/desktop/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/docs/en/docs/desktop/figures/52.png differ diff --git a/docs/en/docs/desktop/figures/53.png b/docs/en/docs/desktop/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/docs/en/docs/desktop/figures/53.png differ diff --git a/docs/en/docs/desktop/figures/54.png b/docs/en/docs/desktop/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/docs/en/docs/desktop/figures/54.png differ diff --git a/docs/en/docs/desktop/figures/56.png b/docs/en/docs/desktop/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/docs/en/docs/desktop/figures/56.png differ diff --git a/docs/en/docs/desktop/figures/57.png b/docs/en/docs/desktop/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/docs/en/docs/desktop/figures/57.png differ diff --git a/docs/en/docs/desktop/figures/58.png b/docs/en/docs/desktop/figures/58.png new file mode 100755 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/docs/en/docs/desktop/figures/58.png differ diff --git a/docs/en/docs/desktop/figures/59.png b/docs/en/docs/desktop/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/docs/en/docs/desktop/figures/59.png differ diff --git a/docs/en/docs/desktop/figures/6.png b/docs/en/docs/desktop/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/en/docs/desktop/figures/6.png differ diff --git a/docs/en/docs/desktop/figures/60.jpg b/docs/en/docs/desktop/figures/60.jpg new file mode 100755 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/docs/en/docs/desktop/figures/60.jpg differ diff --git a/docs/en/docs/desktop/figures/61.png b/docs/en/docs/desktop/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/docs/en/docs/desktop/figures/61.png differ diff --git a/docs/en/docs/desktop/figures/62.png b/docs/en/docs/desktop/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/docs/en/docs/desktop/figures/62.png differ diff --git a/docs/en/docs/desktop/figures/63.jpg b/docs/en/docs/desktop/figures/63.jpg new file mode 100755 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/docs/en/docs/desktop/figures/63.jpg differ diff --git a/docs/en/docs/desktop/figures/63.png b/docs/en/docs/desktop/figures/63.png new file mode 100755 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/en/docs/desktop/figures/63.png differ diff --git a/docs/en/docs/desktop/figures/64.png b/docs/en/docs/desktop/figures/64.png new file mode 100755 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/docs/en/docs/desktop/figures/64.png differ diff --git a/docs/en/docs/desktop/figures/7.png b/docs/en/docs/desktop/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/en/docs/desktop/figures/7.png differ diff --git a/docs/en/docs/desktop/figures/8.png b/docs/en/docs/desktop/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/en/docs/desktop/figures/8.png differ diff --git a/docs/en/docs/desktop/figures/9.png b/docs/en/docs/desktop/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/en/docs/desktop/figures/9.png differ diff --git a/docs/en/docs/desktop/figures/icon1.png b/docs/en/docs/desktop/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/en/docs/desktop/figures/icon1.png differ diff --git a/docs/en/docs/desktop/figures/icon10-o.png b/docs/en/docs/desktop/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon10-o.png differ diff --git a/docs/en/docs/desktop/figures/icon101-o.svg b/docs/en/docs/desktop/figures/icon101-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/docs/en/docs/desktop/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/docs/desktop/figures/icon103-o.svg b/docs/en/docs/desktop/figures/icon103-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon105-o.svg b/docs/en/docs/desktop/figures/icon105-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon107-o.svg b/docs/en/docs/desktop/figures/icon107-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon11-o.png b/docs/en/docs/desktop/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/docs/desktop/figures/icon11-o.png differ diff --git a/docs/en/docs/desktop/figures/icon110-o.svg b/docs/en/docs/desktop/figures/icon110-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/docs/en/docs/desktop/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon111-o.svg b/docs/en/docs/desktop/figures/icon111-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon112-o.svg b/docs/en/docs/desktop/figures/icon112-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon116-o.svg b/docs/en/docs/desktop/figures/icon116-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon12-o.png b/docs/en/docs/desktop/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon12-o.png differ diff --git a/docs/en/docs/desktop/figures/icon120-o.svg b/docs/en/docs/desktop/figures/icon120-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon122-o.svg b/docs/en/docs/desktop/figures/icon122-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/docs/en/docs/desktop/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/docs/desktop/figures/icon124-o.svg b/docs/en/docs/desktop/figures/icon124-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon125-o.svg b/docs/en/docs/desktop/figures/icon125-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/docs/en/docs/desktop/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon126-o.svg b/docs/en/docs/desktop/figures/icon126-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/docs/en/docs/desktop/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon127-o.svg b/docs/en/docs/desktop/figures/icon127-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon128-o.svg b/docs/en/docs/desktop/figures/icon128-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon13-o.png b/docs/en/docs/desktop/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/en/docs/desktop/figures/icon13-o.png differ diff --git a/docs/en/docs/desktop/figures/icon132-o.svg b/docs/en/docs/desktop/figures/icon132-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon133-o.svg b/docs/en/docs/desktop/figures/icon133-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon134-o.svg b/docs/en/docs/desktop/figures/icon134-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon135-o.svg b/docs/en/docs/desktop/figures/icon135-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon136-o.svg b/docs/en/docs/desktop/figures/icon136-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/docs/en/docs/desktop/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon14-o.png b/docs/en/docs/desktop/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon14-o.png differ diff --git a/docs/en/docs/desktop/figures/icon15-o.png b/docs/en/docs/desktop/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon15-o.png differ diff --git a/docs/en/docs/desktop/figures/icon16.png b/docs/en/docs/desktop/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon16.png differ diff --git a/docs/en/docs/desktop/figures/icon17.png b/docs/en/docs/desktop/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon17.png differ diff --git a/docs/en/docs/desktop/figures/icon18.png b/docs/en/docs/desktop/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon18.png differ diff --git a/docs/en/docs/desktop/figures/icon19-o.png b/docs/en/docs/desktop/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/docs/desktop/figures/icon19-o.png differ diff --git a/docs/en/docs/desktop/figures/icon2.png b/docs/en/docs/desktop/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon2.png differ diff --git a/docs/en/docs/desktop/figures/icon20.png b/docs/en/docs/desktop/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/en/docs/desktop/figures/icon20.png differ diff --git a/docs/en/docs/desktop/figures/icon21.png b/docs/en/docs/desktop/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon21.png differ diff --git a/docs/en/docs/desktop/figures/icon22.png b/docs/en/docs/desktop/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon22.png differ diff --git a/docs/en/docs/desktop/figures/icon23.png b/docs/en/docs/desktop/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/en/docs/desktop/figures/icon23.png differ diff --git a/docs/en/docs/desktop/figures/icon24.png b/docs/en/docs/desktop/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/en/docs/desktop/figures/icon24.png differ diff --git a/docs/en/docs/desktop/figures/icon25.png b/docs/en/docs/desktop/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/en/docs/desktop/figures/icon25.png differ diff --git a/docs/en/docs/desktop/figures/icon26-o.png b/docs/en/docs/desktop/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon26-o.png differ diff --git a/docs/en/docs/desktop/figures/icon27-o.png b/docs/en/docs/desktop/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/en/docs/desktop/figures/icon27-o.png differ diff --git a/docs/en/docs/desktop/figures/icon28-o.png b/docs/en/docs/desktop/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/docs/desktop/figures/icon28-o.png differ diff --git a/docs/en/docs/desktop/figures/icon29-o.png b/docs/en/docs/desktop/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/docs/desktop/figures/icon29-o.png differ diff --git a/docs/en/docs/desktop/figures/icon3.png b/docs/en/docs/desktop/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon3.png differ diff --git a/docs/en/docs/desktop/figures/icon30-o.png b/docs/en/docs/desktop/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/docs/desktop/figures/icon30-o.png differ diff --git a/docs/en/docs/desktop/figures/icon31-o.png b/docs/en/docs/desktop/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/docs/desktop/figures/icon31-o.png differ diff --git a/docs/en/docs/desktop/figures/icon32.png b/docs/en/docs/desktop/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/docs/desktop/figures/icon32.png differ diff --git a/docs/en/docs/desktop/figures/icon33.png b/docs/en/docs/desktop/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/en/docs/desktop/figures/icon33.png differ diff --git a/docs/en/docs/desktop/figures/icon34.png b/docs/en/docs/desktop/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/en/docs/desktop/figures/icon34.png differ diff --git a/docs/en/docs/desktop/figures/icon35.png b/docs/en/docs/desktop/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/en/docs/desktop/figures/icon35.png differ diff --git a/docs/en/docs/desktop/figures/icon36.png b/docs/en/docs/desktop/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/en/docs/desktop/figures/icon36.png differ diff --git a/docs/en/docs/desktop/figures/icon37.png b/docs/en/docs/desktop/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon37.png differ diff --git a/docs/en/docs/desktop/figures/icon38.png b/docs/en/docs/desktop/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon38.png differ diff --git a/docs/en/docs/desktop/figures/icon39.png b/docs/en/docs/desktop/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/en/docs/desktop/figures/icon39.png differ diff --git a/docs/en/docs/desktop/figures/icon4.png b/docs/en/docs/desktop/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon4.png differ diff --git a/docs/en/docs/desktop/figures/icon40.png b/docs/en/docs/desktop/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/en/docs/desktop/figures/icon40.png differ diff --git a/docs/en/docs/desktop/figures/icon41.png b/docs/en/docs/desktop/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/en/docs/desktop/figures/icon41.png differ diff --git a/docs/en/docs/desktop/figures/icon42-o.png b/docs/en/docs/desktop/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/docs/desktop/figures/icon42-o.png differ diff --git a/docs/en/docs/desktop/figures/icon42.png b/docs/en/docs/desktop/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/docs/desktop/figures/icon42.png differ diff --git a/docs/en/docs/desktop/figures/icon43-o.png b/docs/en/docs/desktop/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/en/docs/desktop/figures/icon43-o.png differ diff --git a/docs/en/docs/desktop/figures/icon44-o.png b/docs/en/docs/desktop/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon44-o.png differ diff --git a/docs/en/docs/desktop/figures/icon45-o.png b/docs/en/docs/desktop/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/en/docs/desktop/figures/icon45-o.png differ diff --git a/docs/en/docs/desktop/figures/icon46-o.png b/docs/en/docs/desktop/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon46-o.png differ diff --git a/docs/en/docs/desktop/figures/icon47-o.png b/docs/en/docs/desktop/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon47-o.png differ diff --git a/docs/en/docs/desktop/figures/icon49-o.svg b/docs/en/docs/desktop/figures/icon49-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon5.png b/docs/en/docs/desktop/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon5.png differ diff --git a/docs/en/docs/desktop/figures/icon50-o.svg b/docs/en/docs/desktop/figures/icon50-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon52-o.svg b/docs/en/docs/desktop/figures/icon52-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon53-o.svg b/docs/en/docs/desktop/figures/icon53-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon54-o.svg b/docs/en/docs/desktop/figures/icon54-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/docs/en/docs/desktop/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon56-o.svg b/docs/en/docs/desktop/figures/icon56-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon57-o.svg b/docs/en/docs/desktop/figures/icon57-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon58-o.svg b/docs/en/docs/desktop/figures/icon58-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/docs/en/docs/desktop/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon6.png b/docs/en/docs/desktop/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/en/docs/desktop/figures/icon6.png differ diff --git a/docs/en/docs/desktop/figures/icon62-o.svg b/docs/en/docs/desktop/figures/icon62-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon63-o.svg b/docs/en/docs/desktop/figures/icon63-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon66-o.svg b/docs/en/docs/desktop/figures/icon66-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon68-o.svg b/docs/en/docs/desktop/figures/icon68-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/docs/en/docs/desktop/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon69-o.svg b/docs/en/docs/desktop/figures/icon69-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/docs/en/docs/desktop/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon7.png b/docs/en/docs/desktop/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/en/docs/desktop/figures/icon7.png differ diff --git a/docs/en/docs/desktop/figures/icon70-o.svg b/docs/en/docs/desktop/figures/icon70-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon71-o.svg b/docs/en/docs/desktop/figures/icon71-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon72-o.svg b/docs/en/docs/desktop/figures/icon72-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/docs/en/docs/desktop/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon73-o.svg b/docs/en/docs/desktop/figures/icon73-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon75-o.svg b/docs/en/docs/desktop/figures/icon75-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/en/docs/desktop/figures/icon8.png b/docs/en/docs/desktop/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/en/docs/desktop/figures/icon8.png differ diff --git a/docs/en/docs/desktop/figures/icon83-o.svg b/docs/en/docs/desktop/figures/icon83-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon84-o.svg b/docs/en/docs/desktop/figures/icon84-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon86-o.svg b/docs/en/docs/desktop/figures/icon86-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon88-o.svg b/docs/en/docs/desktop/figures/icon88-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon9.png b/docs/en/docs/desktop/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/en/docs/desktop/figures/icon9.png differ diff --git a/docs/en/docs/desktop/figures/icon90-o.svg b/docs/en/docs/desktop/figures/icon90-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon92-o.svg b/docs/en/docs/desktop/figures/icon92-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/docs/en/docs/desktop/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/icon94-o.svg b/docs/en/docs/desktop/figures/icon94-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon97-o.svg b/docs/en/docs/desktop/figures/icon97-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/docs/en/docs/desktop/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/en/docs/desktop/figures/icon99-o.svg b/docs/en/docs/desktop/figures/icon99-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/docs/en/docs/desktop/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/docs/en/docs/desktop/figures/kiran-1.png b/docs/en/docs/desktop/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..59b632062ba3ff6e26c550567e858eb4dfdfc780 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-1.png differ diff --git a/docs/en/docs/desktop/figures/kiran-10.png b/docs/en/docs/desktop/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-10.png differ diff --git a/docs/en/docs/desktop/figures/kiran-11.png b/docs/en/docs/desktop/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-11.png differ diff --git a/docs/en/docs/desktop/figures/kiran-12.png b/docs/en/docs/desktop/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-12.png differ diff --git a/docs/en/docs/desktop/figures/kiran-13.png b/docs/en/docs/desktop/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..f6632732bd2e8a10d0cda2bd0550f43741a7ba97 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-13.png differ diff --git a/docs/en/docs/desktop/figures/kiran-14.png b/docs/en/docs/desktop/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..52eae7cc40fe4f7c6b2a8fe9744209a1fcbc30d8 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-14.png differ diff --git a/docs/en/docs/desktop/figures/kiran-15.png b/docs/en/docs/desktop/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..5496c56ca72983780b9785d2d15c4008fb73aeef Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-15.png differ diff --git a/docs/en/docs/desktop/figures/kiran-16.png b/docs/en/docs/desktop/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..6125b257245aa89f9b6592ed5b14a95d5699076e Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-16.png differ diff --git a/docs/en/docs/desktop/figures/kiran-17.png b/docs/en/docs/desktop/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..d8a4cb88017efe9f41f78ffc2f9de06dedcc1b23 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-17.png differ diff --git a/docs/en/docs/desktop/figures/kiran-18.png b/docs/en/docs/desktop/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..0cb0c50d15597998fbd4cf3db2d1d0f9ec3c920e Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-18.png differ diff --git a/docs/en/docs/desktop/figures/kiran-19.png b/docs/en/docs/desktop/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..58ef2d33a52cf6404ea03b6a2d37f8d8b8391539 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-19.png differ diff --git a/docs/en/docs/desktop/figures/kiran-2.png b/docs/en/docs/desktop/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..088bf53c1e763924e7cee46d0cdac98ad0a9d5e2 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-2.png differ diff --git a/docs/en/docs/desktop/figures/kiran-20.png b/docs/en/docs/desktop/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..e8608485553033eb2ae141162e4300fa48c578cd Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-20.png differ diff --git a/docs/en/docs/desktop/figures/kiran-21.png b/docs/en/docs/desktop/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..4d4c0ff304bdfbc8e715d2e756315a005c008336 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-21.png differ diff --git a/docs/en/docs/desktop/figures/kiran-22.png b/docs/en/docs/desktop/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..6778d5a40a82e699da9531f4727a196d1442b9ae Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-22.png differ diff --git a/docs/en/docs/desktop/figures/kiran-23.png b/docs/en/docs/desktop/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..fc1d5e284eb299a771c5abbfdff611270ddf2449 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-23.png differ diff --git a/docs/en/docs/desktop/figures/kiran-24.png b/docs/en/docs/desktop/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..a3ed57f9e9c300a65f867d29a44f287405a0509c Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-24.png differ diff --git a/docs/en/docs/desktop/figures/kiran-25.png b/docs/en/docs/desktop/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..694e6173dfbf1fda8d07670a8e3daf4fbeb263ac Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-25.png differ diff --git a/docs/en/docs/desktop/figures/kiran-26.png b/docs/en/docs/desktop/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..3b6ae2eeff3aae39107f15b60c5bb14ffc787cd8 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-26.png differ diff --git a/docs/en/docs/desktop/figures/kiran-27.png b/docs/en/docs/desktop/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..3b6ae2eeff3aae39107f15b60c5bb14ffc787cd8 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-27.png differ diff --git a/docs/en/docs/desktop/figures/kiran-28.png b/docs/en/docs/desktop/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..01ff3a8f47248d96c714e78b80fd81cd1ed16e0f Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-28.png differ diff --git a/docs/en/docs/desktop/figures/kiran-29.png b/docs/en/docs/desktop/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..c5ad5b4438eae441f6086ce5e1aae2e6755aa12a Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-29.png differ diff --git a/docs/en/docs/desktop/figures/kiran-3.png b/docs/en/docs/desktop/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..e1399424c52eee8804f9433c9e9bf203950008c6 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-3.png differ diff --git a/docs/en/docs/desktop/figures/kiran-30.png b/docs/en/docs/desktop/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..c1efc1e3931a129affd5dfcea9e319556e492f04 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-30.png differ diff --git a/docs/en/docs/desktop/figures/kiran-31.png b/docs/en/docs/desktop/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..c5ad5b4438eae441f6086ce5e1aae2e6755aa12a Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-31.png differ diff --git a/docs/en/docs/desktop/figures/kiran-32.png b/docs/en/docs/desktop/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..fd900ec891b09313a7c558c61213b1816b803034 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-32.png differ diff --git a/docs/en/docs/desktop/figures/kiran-33.png b/docs/en/docs/desktop/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..64ba70b08ed63c6e0942478d61e36a8c443f0604 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-33.png differ diff --git a/docs/en/docs/desktop/figures/kiran-34.png b/docs/en/docs/desktop/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..4b869e7d172e2f2889d487157b92204a28a8dc4e Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-34.png differ diff --git a/docs/en/docs/desktop/figures/kiran-35.png b/docs/en/docs/desktop/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..9b383f3c84964b4fc34c4d8e75400325f93908bc Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-35.png differ diff --git a/docs/en/docs/desktop/figures/kiran-36.png b/docs/en/docs/desktop/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..0b16632852c5024e2c6ec4fbd49513e3b7a2b146 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-36.png differ diff --git a/docs/en/docs/desktop/figures/kiran-37.png b/docs/en/docs/desktop/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..2be3cc3b2528260c579b59f529e7a5663f1cc779 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-37.png differ diff --git a/docs/en/docs/desktop/figures/kiran-38.png b/docs/en/docs/desktop/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..fc1ffaf3aa920f922357f6d48700f42974600d77 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-38.png differ diff --git a/docs/en/docs/desktop/figures/kiran-39.png b/docs/en/docs/desktop/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..fd0e5add782b6c9cf4a8b9f6473c96641c39bd1d Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-39.png differ diff --git a/docs/en/docs/desktop/figures/kiran-4.png b/docs/en/docs/desktop/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..bd318280b403912ab4846b694592d580b9e5d242 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-4.png differ diff --git a/docs/en/docs/desktop/figures/kiran-40.png b/docs/en/docs/desktop/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..083031058ff47dc1550881d3a9f189861d3e8563 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-40.png differ diff --git a/docs/en/docs/desktop/figures/kiran-41.png b/docs/en/docs/desktop/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..582893929e2c10a96c49696411bbed3ea9fd7c55 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-41.png differ diff --git a/docs/en/docs/desktop/figures/kiran-42.png b/docs/en/docs/desktop/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..eede1243506ccd309ee707465f56c31581dd8554 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-42.png differ diff --git a/docs/en/docs/desktop/figures/kiran-43.0.png b/docs/en/docs/desktop/figures/kiran-43.0.png new file mode 100644 index 0000000000000000000000000000000000000000..caacc027322d4b7480e6508d4a1b4a13eefcf788 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-43.0.png differ diff --git a/docs/en/docs/desktop/figures/kiran-43.png b/docs/en/docs/desktop/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..4ea9f45ed8f327fce426352c4ae7fbf06cbefc84 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-43.png differ diff --git a/docs/en/docs/desktop/figures/kiran-44.png b/docs/en/docs/desktop/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..c86a100005f89dbb9b24055e42d716205d47399e Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-44.png differ diff --git a/docs/en/docs/desktop/figures/kiran-45.png b/docs/en/docs/desktop/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..c5b5d75f972e594587f3393c8d384dcd76e7477e Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-45.png differ diff --git a/docs/en/docs/desktop/figures/kiran-46.png b/docs/en/docs/desktop/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..e9a28632c62de95d8ea2d436ba9bc705ff980991 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-46.png differ diff --git a/docs/en/docs/desktop/figures/kiran-47.png b/docs/en/docs/desktop/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..a3606e3c899f944eb84d206d98cedc3377197c97 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-47.png differ diff --git a/docs/en/docs/desktop/figures/kiran-48.png b/docs/en/docs/desktop/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..b69202c9a83bfc2c835ab166ef0fc2455bb4bcd3 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-48.png differ diff --git a/docs/en/docs/desktop/figures/kiran-49.png b/docs/en/docs/desktop/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..d739e6107fd80ecd741dacaaf9dfb868afc61e37 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-49.png differ diff --git a/docs/en/docs/desktop/figures/kiran-5.png b/docs/en/docs/desktop/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..154dd54d43b5b98682eb798518046e72fc7e3f83 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-5.png differ diff --git a/docs/en/docs/desktop/figures/kiran-50.png b/docs/en/docs/desktop/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..96957676afc9f66bcc4b63c5e39eb8890f108015 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-50.png differ diff --git a/docs/en/docs/desktop/figures/kiran-6.png b/docs/en/docs/desktop/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..927b475d6687d60f04fed8a535b2225a8f4b23f7 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-6.png differ diff --git a/docs/en/docs/desktop/figures/kiran-7.png b/docs/en/docs/desktop/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-7.png differ diff --git a/docs/en/docs/desktop/figures/kiran-8.png b/docs/en/docs/desktop/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-8.png differ diff --git a/docs/en/docs/desktop/figures/kiran-9.png b/docs/en/docs/desktop/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/docs/en/docs/desktop/figures/kiran-9.png differ diff --git a/docs/en/docs/desktop/figures/xfce-1.png b/docs/en/docs/desktop/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..2ed383546fb5b5d4c3729fa72396c7280fec55f9 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-1.png differ diff --git a/docs/en/docs/desktop/figures/xfce-2.png b/docs/en/docs/desktop/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..5656ea4f6a5e632e657c79ea86e89eb5e78be0d3 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-2.png differ diff --git a/docs/en/docs/desktop/figures/xfce-3.png b/docs/en/docs/desktop/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..33377ebd8e620ce777fecd32c849901a61113969 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-3.png differ diff --git a/docs/en/docs/desktop/figures/xfce-4.png b/docs/en/docs/desktop/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..d2a7871d03a33c09576a225c99659d34a6430389 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-4.png differ diff --git a/docs/en/docs/desktop/figures/xfce-5.png b/docs/en/docs/desktop/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..ef043cc24d07307287a8961d3a87047aa92aca5c Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-5.png differ diff --git a/docs/en/docs/desktop/figures/xfce-6.png b/docs/en/docs/desktop/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..25f35d8156a47ec67cd55d3b4f46b8f2f3be5a60 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-6.png differ diff --git a/docs/en/docs/desktop/figures/xfce-7.png b/docs/en/docs/desktop/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..d43d55fc1887cdf3b5e9644a0cf6a33730de4506 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-7.png differ diff --git a/docs/en/docs/desktop/figures/xfce-71.png b/docs/en/docs/desktop/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..e2f11ff9e06ba9a9cc6134b0923f8dfe50a3fa38 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-71.png differ diff --git a/docs/en/docs/desktop/figures/xfce-8.png b/docs/en/docs/desktop/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..375014b1f191b1c5e361820aa1c46ac6dee3e969 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-8.png differ diff --git a/docs/en/docs/desktop/figures/xfce-81.png b/docs/en/docs/desktop/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..3534bc5c4d7a173d230219412353772b717ccceb Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-81.png differ diff --git a/docs/en/docs/desktop/figures/xfce-811.png b/docs/en/docs/desktop/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..6cbf6f8c930c4fa2dd070da99c7d625de8bb98c6 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-811.png differ diff --git a/docs/en/docs/desktop/figures/xfce-812.png b/docs/en/docs/desktop/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..9431c07a3af00da6089abada553c6b44043211e9 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-812.png differ diff --git a/docs/en/docs/desktop/figures/xfce-813.png b/docs/en/docs/desktop/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..e6663494af2b36f7c2bb51bbde7f9417dd5d1989 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-813.png differ diff --git a/docs/en/docs/desktop/figures/xfce-814.png b/docs/en/docs/desktop/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..f588b0ebe0e8e68e01e0d608d84e4920375eb9bb Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-814.png differ diff --git a/docs/en/docs/desktop/figures/xfce-82.png b/docs/en/docs/desktop/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..f2e5a4c1b0223f051d7de988e740493f9ace8872 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-82.png differ diff --git a/docs/en/docs/desktop/figures/xfce-821.png b/docs/en/docs/desktop/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..690f3f0b528dfdaf6586549cdeb105df2214fc44 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-821.png differ diff --git a/docs/en/docs/desktop/figures/xfce-83.png b/docs/en/docs/desktop/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..32ce47754669aa66080f523f052ee6f87cb651a5 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-83.png differ diff --git a/docs/en/docs/desktop/figures/xfce-831.png b/docs/en/docs/desktop/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..9dc09d9599b0be8867f0b73bd776b1a2e8288310 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-831.png differ diff --git a/docs/en/docs/desktop/figures/xfce-832.png b/docs/en/docs/desktop/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..e62fce2944c5e24a176f021d2ff02344a1a09964 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-832.png differ diff --git a/docs/en/docs/desktop/figures/xfce-84.png b/docs/en/docs/desktop/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-84.png differ diff --git a/docs/en/docs/desktop/figures/xfce-841.png b/docs/en/docs/desktop/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c39c6c81dd5c01ca74135555c1b532134ced6ae5 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-841.png differ diff --git a/docs/en/docs/desktop/figures/xfce-842.png b/docs/en/docs/desktop/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..9c8a48751cb6f11561133837f23a1cf8e944f488 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-842.png differ diff --git a/docs/en/docs/desktop/figures/xfce-85.png b/docs/en/docs/desktop/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..5777b003b3f0795b6169f687dc6954f8676dcf39 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-85.png differ diff --git a/docs/en/docs/desktop/figures/xfce-851.png b/docs/en/docs/desktop/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..7cb5c27952465f18d19de6a1653fe69b91209d39 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-851.png differ diff --git a/docs/en/docs/desktop/figures/xfce-86.png b/docs/en/docs/desktop/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..cf73e3e44f2faa5acfaf2829aa6eaaf42cc58a3f Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-86.png differ diff --git a/docs/en/docs/desktop/figures/xfce-861.png b/docs/en/docs/desktop/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..cccae7de5ab2dcbb4ee5b32ac5925711b3597e5d Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-861.png differ diff --git a/docs/en/docs/desktop/figures/xfce-87.png b/docs/en/docs/desktop/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..0325b922affdaf4d1f685f41972957cf777ff66b Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-87.png differ diff --git a/docs/en/docs/desktop/figures/xfce-9.png b/docs/en/docs/desktop/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..f6402b34a929e520c27318fe16eb509d31c17131 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-9.png differ diff --git a/docs/en/docs/desktop/figures/xfce-91.png b/docs/en/docs/desktop/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..0cdc4824cb3cc1035f5d04863bb5f3eb4d83292b Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-91.png differ diff --git a/docs/en/docs/desktop/figures/xfce-911.png b/docs/en/docs/desktop/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..4d6c564e9a74d187d50ebd3f3c05dcb5d1bd5fa0 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-911.png differ diff --git a/docs/en/docs/desktop/figures/xfce-92.png b/docs/en/docs/desktop/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..a79f2473d27759c79ecdddcdee380b357babcac1 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-92.png differ diff --git a/docs/en/docs/desktop/figures/xfce-921.png b/docs/en/docs/desktop/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..cd436652f3bc251f6f27d707d6eb48eec95e8900 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-921.png differ diff --git a/docs/en/docs/desktop/figures/xfce-93.png b/docs/en/docs/desktop/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..62d98b23d682341e2b0ee835561c6f52b7fd70b9 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-93.png differ diff --git a/docs/en/docs/desktop/figures/xfce-931.png b/docs/en/docs/desktop/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..a868877c0d0ee0ff5a23d6bf2dbf7ada861dd850 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-931.png differ diff --git a/docs/en/docs/desktop/figures/xfce-94.png b/docs/en/docs/desktop/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..09118f9047af97152aae746274d6df4f539b5564 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-94.png differ diff --git a/docs/en/docs/desktop/figures/xfce-941.png b/docs/en/docs/desktop/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..23b9fa1d6b8b033a9126606ca094113bc19b4434 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-941.png differ diff --git a/docs/en/docs/desktop/figures/xfce-95.png b/docs/en/docs/desktop/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bf970f67c835941961ffcc77632079564c2a9ef5 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-95.png differ diff --git a/docs/en/docs/desktop/figures/xfce-951.png b/docs/en/docs/desktop/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..048fa3f0b26d4a4b609bd9129d0e13b43467ce91 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-951.png differ diff --git a/docs/en/docs/desktop/figures/xfce-96.png b/docs/en/docs/desktop/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..0115dd146cb01ecc61a78c1db55be121ff1e0820 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-96.png differ diff --git a/docs/en/docs/desktop/figures/xfce-961.png b/docs/en/docs/desktop/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..cb76616e9dd459d4046bc634814e46cb970cccc3 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-961.png differ diff --git a/docs/en/docs/desktop/figures/xfce-962.png b/docs/en/docs/desktop/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..35424896fb7348531cdf81a20f434bcae2c71976 Binary files /dev/null and b/docs/en/docs/desktop/figures/xfce-962.png differ diff --git a/docs/en/docs/desktop/install-DDE.md b/docs/en/docs/desktop/install-DDE.md new file mode 100644 index 0000000000000000000000000000000000000000..b88ccd1bd58da5915f6f15fabddd51b3325e2959 --- /dev/null +++ b/docs/en/docs/desktop/install-DDE.md @@ -0,0 +1,44 @@ +# DDE Installation + +## Introduction + +DDE is a powerful desktop environment developed by UnionTech. It contains dozens of self-developed desktop applications. + +## Procedure + +1. [Download](https://www.openeuler.org/en/download/archive/detail/?version=openEuler%2020.03%20LTS%20SP4) the openEuler ISO file and install the OS. +2. Update the software source. + + ```bash + sudo dnf update + ``` + +3. Install DDE. + + ```bash + sudo dnf install dde + ``` + +4. Set the system to start with the graphical interface. + + ```bash + sudo systemctl set-default graphical.target + ``` + +5. Reboot the system. + + ```bash + sudo reboot + ``` + +6. After the reboot is complete, use the user created during the installation process or the **openeuler** user to log in to the desktop. + + > DDE does not allow login as the root user. + > DDE has a built-in openeuler user whose password is openeuler. + +> ![](./public_sys-resources/icon-note.gif)**NOTE:** +> + > You cannot log in to DDE as the **root** user. + > DDE has a built-in **openeuler** user. The password of this user is **openeuler**. + +Now you can use DDE. diff --git a/docs/en/docs/desktop/install-UKUI.md b/docs/en/docs/desktop/install-UKUI.md new file mode 100644 index 0000000000000000000000000000000000000000..563f492f39f9eb0cf6c0e82a96cc23f396d88f1f --- /dev/null +++ b/docs/en/docs/desktop/install-UKUI.md @@ -0,0 +1,21 @@ +# UKUI Installation +UKUI is a Linux desktop built by the KylinSoft software team over the years, primarily based on GTK and QT. Compared to other UI interfaces, UKUI is easy to use. The components of UKUI are small and low coupling, can run alone without relying on other suites. It can provide user a friendly and efficient experience. + +UKUI supports both x86_64 and aarch64 architectures. + +You are advised to create an administrator user before installing UKUI. + +1.Download openEuler 20.03 LTS SP4 and update the software source. +``` +sudo dnf update +``` +2.Install UKUI. +``` +sudo dnf install ukui +``` +3.If you want to set the system to start with the graphical interface after confirming the installation, run the following command and reboot the system (`reboot`). +``` +systemctl set-default graphical.target +``` +UKUI is constantly updated. Please check the latest installation method: +[https://gitee.com/openkylin/ukui-issues](https://gitee.com/openkylin/ukui-issues) diff --git a/docs/en/docs/desktop/install-kiran.md b/docs/en/docs/desktop/install-kiran.md new file mode 100644 index 0000000000000000000000000000000000000000..1ce7ec4f7ff25f04481b660ac8a4a938617d3b75 --- /dev/null +++ b/docs/en/docs/desktop/install-kiran.md @@ -0,0 +1,31 @@ +# Kiran Installation + +## Introduction + +Kiran desktop environment, developed by Kylinsec, is a stable, efficient, and easy-to-use desktop environment oriented towards user and market requirements. Kiran supports x86 and AArch64 architectures. + +## Procedure + +You are advised to install Kiran as the **root** user or a newly created administrator. + +1. Download the openEuler 20.03 LTS SP4 ISO file and install the OS. + +2. Update the software repository. + +```shell +sudo dnf update +``` + +1. Install kiran-desktop. + +```shell +sudo dnf install kiran-desktop +``` + +1. Set the system to start with the graphical interface, and then restart the system using the `reboot` command. + +```shell +systemctl set-default graphical.target +``` + +After the reboot is complete, log in to the Kiran desktop. diff --git a/docs/en/docs/desktop/kiran.md b/docs/en/docs/desktop/kiran.md new file mode 100644 index 0000000000000000000000000000000000000000..086c1dd074a1572b5aa9cd9b931a64a562fa01cb --- /dev/null +++ b/docs/en/docs/desktop/kiran.md @@ -0,0 +1,3 @@ +# Kiran User Guide + +This section describes how to install and use the Kiran desktop environment. \ No newline at end of file diff --git a/docs/en/docs/desktop/ukui.md b/docs/en/docs/desktop/ukui.md new file mode 100644 index 0000000000000000000000000000000000000000..6884f1c40c533d5fc5ee467f36db05b91c103331 --- /dev/null +++ b/docs/en/docs/desktop/ukui.md @@ -0,0 +1,3 @@ +# UKUI User Guide + +This section describes how to install and use the UbuntuKylin UI (UKUI). \ No newline at end of file diff --git a/docs/en/docs/desktop/xfce.md b/docs/en/docs/desktop/xfce.md new file mode 100644 index 0000000000000000000000000000000000000000..4463d1056292a129e109db9398e7c15c9f59e8e7 --- /dev/null +++ b/docs/en/docs/desktop/xfce.md @@ -0,0 +1,3 @@ +# Xfce User Guide + +This section describes how to install and use Xfce. diff --git a/docs/en/docs/eNFS/enfs-user-guide.md b/docs/en/docs/eNFS/enfs-user-guide.md new file mode 100644 index 0000000000000000000000000000000000000000..710ea62f12034471148c10da4bbccd52e5fdf7d0 --- /dev/null +++ b/docs/en/docs/eNFS/enfs-user-guide.md @@ -0,0 +1,156 @@ +# eNFS User Guide + +## Introduction + +With the rapid growth of unstructured data, NAS becomes the best choice for mass unstructured data storage in scenarios such as data sharing and access, frequent data rewriting, local/remote disaster recovery protection, and data permission/resource control. The NFS protocol is widely used in NAS production services. However, the native NFS client has the following disadvantages in terms of performance and reliability: + +1. One mount point is bound to only one IP address. If the software or hardware of the I/O path is faulty, service I/Os are suspended. +2. Active-active links cannot be automatically switched over in a three-layer network across clouds. +3. One mount point is bound to only one IP address. In heavy-load service scenarios, the NFS client performance has bottlenecks. + +The eNFS feature enhances the native NFS and uses technologies such as multiple links to solve the above problems, greatly improving service performance and stability. When the `mount` command is used to mount NFS for sharing, the `-o` option is used to specify the list of IP addresses of the local host and NFS servers. the eNFS feature creates multiple links based on the IP address list. During file operations, eNFS schedules I/Os to multiple links in round-robin mode for load balancing, improving performance. (The current version supports only NFS V3 load balancing.) If some links are faulty during I/O, eNFS quickly distributes timeout I/Os to available links to prevent service suspension. + +## Hardware and Software Requirements + +The host where the eNFS feature is to be used must meet the following requirements: + +- CPU architecture: AArch64 or x86_64 +- OS : openEuler 20.03 LTS SP4 + +## eNFS Configuration + +eNFS is an enhanced version of the native NFS. Configure eNFS on the NFS client instead of the NFS server. + +Set the parameters in the **/etc/enfs/config.ini** file. + +1. Path connectivity detection interval + + ```shell + path_detect_interval=10 + ``` + + The value ranges from 5 to 300, in seconds. The default value is 10. + +2. Path connectivity detection timeout period + If the detection message is not returned within the period, the link status is considered abnormal. + + ```shell + path_detect_timeout=10 + ``` + + The value ranges from 1 to 60, in seconds. The default value is 10. + +3. Timeout threshold for NFS file operations + If the NFS server does not respond within the period, I/Os are processed using other available links. + + ```shell + multipath_timeout=0 + ``` + + The value ranges from 0 to 30, in seconds. The default value is 0, indicating that the `timeo` option specified by the `mount` command is used instead of the configuration of the eNFS module. + +4. Whether to diable path connectivity detection + + ```shell + multipath_disable=0 + ``` + + The value can be 0 or 1. The default value is 0, indicating that the eNFS feature is enabled. + +## eNFS Usage + +eNFS is an enhanced version of the native NFS client. The `mount` command is still used to access the NFS server. To use the eNFS feature, use the `-o` option to specify the **localaddrs** and **remoteaddrs** IP address lists. + +If the two parameters are not specified, eNFS is not used. In this case, the functionality is the same as that of the native NFS client. + +### Command Syntax + + ```shell + mount -t nfs -o [localaddrs=127.17.0.1-127.17.0.4],[remoteaddrs=127.17.0.20-127.17.0.24] 127.17.0.20:/test /mnt/test + ``` + +### Description + +| Parameter| Mandatory| Description| +| -------- | ------- | --------| +| localaddrs | No| If the NFS client has multiple IP addresses that can be connected to the NFS server, enter this parameter to specify the list of local IP addresses used for NFS mounting. If this parameter is not specified, the OS automatically selects IP addresses.
Use hyphens (**-**) to denote IP address ranges. Use tildes (**~**) to separate multiple IP addresses. A maximum of eight IP addresses are supported.| +| remoteaddrs | No| If the NFS server has multiple IP addresses that can be connected to the NFS client, enter this parameter to specify the IP address list of the NFS server for NFS mounting.
If this parameter is not specified, the IP address of the NFS server mount point in the `mount` command parameter is used, for example, **127.17.0.20** in the preceding command.
Use hyphens (**-**) to denote IP address ranges. Use tildes (**~**) to separate multiple IP addresses. A maximum of eight IP addresses are supported.
Note: The IP addresses specified by **remoteaddrs** must belong to the same NFS server or NFS server cluster system.| + +You can run `mount -o remount,[localaddrs=127.17.0.1-127.17.0.4],[remoteaddrs=127.17.0.20-127.17.0.24]` to modify the IP address lists. + +## Viewing the eNFS Link Status + +After using `mount` to mount an NFS file system, you can view the status of multiple links. + +### Procedure + +1. Run the `mount` command to view the **enfs_info** information of each mount point. + + ```shell + $ mount + 8.47.219.120:/fszhn1 on /mnt/fszhn1 type nfs (rw,relatime,vers=3,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=8.47.219.120,mountvers=3,mountport=2050,mountproto=udp,local_lock=none,addr=8.47.219.120,remoteaddrs=8.47.219.121~8.47.219.122~8.47.219.123~8.47.219.124,enfs_info=8.47.219.120_1) + ``` + + **enfs_info** is **8.47.219.120_1**. + +2. View the path status and I/O statistics. + + (1) View the link status. + + ```shell + cat /proc/enfs/8.47.219.120_1/path + ``` + + In the preceding command, **8.47.219.120_1** is **enfs_info** obtained in step 1. + + ```shell + $ cat /proc/enfs/8.47.219.120_1/path + id local_addr remote_addr path_state xprt_state + 0 8.47.210.220 8.47.219.120 Normal CONNECTED|BOUND + 1 8.47.210.220 8.47.219.121 Normal CONNECTED|BOUND + 2 8.47.210.220 8.47.219.122 Normal CONNECTED|BOUND + 3 8.47.210.220 8.47.219.123 Normal CONNECTED|BOUND + 4 8.47.210.220 8.47.219.124 Normal CONNECTED|BOUND + ``` + + Output description + + | Field | Description| + | ----------- | ----------------------- | + | id | Link ID| + | local_addr | Local IP address in the link| + | remote_addr | NFS server IP address in the link| + | path_state | Health status of the link
**Init**: initializing
**Normal**: normal
**Fault**: abnormal| + | xprt_state | Current status of the link
**CONNECTED**: connected
**CONNECTING**: being established
**BOUND**: ready for I/O receiving and sending | + + (2) View link I/O statistics. + + ```shell + cat /proc/enfs/8.47.219.120_1/stat + ``` + + **8.47.219.120_1** is **enfs_info** information. + + ```shell + $ cat /proc/enfs/8.47.219.120_1/stat + id local_addr remote_addr r_count r_rtt r_exec w_count w_rtt w_exec + 0 8.47.210.220 8.47.219.120 0 0 0 0 0 0 + 1 8.47.210.220 8.47.219.121 0 0 0 6 5 23 + 2 8.47.210.220 8.47.219.122 0 0 0 7 6 17 + 3 8.47.210.220 8.47.219.123 0 0 0 0 0 0 + 4 8.47.210.220 8.47.219.124 0 0 0 0 0 0 + ``` + + Output description + + | Field | Description | + | ----------- | ---------------------------------------------------------- | + | id | Link ID | + | local_addr | Local IP address in the link | + | remote_addr | NFS server IP address in the link | + | r_count | Number of read I/Os sent over the link | + | r_rtt | Average RPC layer processing latency of read I/Os sent over the link, in milliseconds | + | r_exec | Average NFS server processing latency of read I/Os sent over the link, in milliseconds| + | w_count | Number of write I/Os sent over the link | + | w_rtt | Average RPC layer processing latency of write I/Os sent over the link, in milliseconds | + | w_exec | Average NFS server processing latency of write I/Os sent over the link, in milliseconds| diff --git a/docs/en/docs/secGear/api-description.md b/docs/en/docs/secGear/api-description.md new file mode 100644 index 0000000000000000000000000000000000000000..bb046b7bf617915726b4d2978a620c1f2716d809 --- /dev/null +++ b/docs/en/docs/secGear/api-description.md @@ -0,0 +1,283 @@ +# API Description + +The secGear unified programming framework for confidential computing consists of the TEE and REE. This section describes the APIs required for developing applications. In addition to these APIs, the TEE inherits the open-source POSIC APIs of ARM TrustZone and Intel SGX. + +## cc_enclave_create + +Creates an enclave API. + +**Functions**: + +Initialization API. The function calls different TEE creation functions based on the type to initialize the enclave context in different TEE solutions. This API is called by the REE. + +**Function Declarations:** + +cc_enclave_result_t cc_enclave_create(const char* path, enclave_type_t type, uint32_t version,uint32_t flags,const enclave_features_t* features,uint32_t features_count, + cc_enclave_t ** enclave); + +**Parameters:** + +- Path: input parameter, which specifies a path of the enclave to be loaded. +- Type: input parameter, which specifies the TEE solution, for example, SGX_ENCLAVE_TYPE, GP_ENCLAVE_TYPE and AUTO_ENCLAVE_TYPE. +- version: input parameter, which specifies the enclave engine version. Currently, there is only one version, and the value is 0. +- Flags: input parameter, which specifies the running status of the enclave. For example, SECGEAR_DEBUG_FLAG indicates the debugging status, and SECGEAR_SIMULATE_FLAG indicates the simulation status (not supported currently). +- features: input parameter, which specifies some features supported by the enclave, for example, PCL and switchless of the SGX. This parameter is not supported currently. Set it to NULL. +- features_count: input parameter, which specifies the number of features. This parameter is not supported currently. Set it to 0. +- enclave: output parameter, which specifies the created enclave context. + +**Return Values:** + +- CE_SUCCESS: The authentication information is verified successfully. +- CE_ERROR_INVALID_PARAMETER:The input parameter is incorrect. +- CE_ERROR_OUT_OF_MEMORY: No memory is available. +- CC_FAIL: Common failure. +- CC_ERROR_UNEXPECTED: Unexpected error. +- CC_ERROR_ENCLAVE_MAXIMUM: The number of enclaves created by a single app reaches the maximum. +- CC_ERROR_INVALID_PATH: The secure binary path is invalid. +- CC_ERROR_NO_FIND_REGFUNC: The enclave search fails. + +## cc_enclave_destroy + +Destroys the enclave API. + +**Function**: + +Call the exit functions of different TEEs to release the created enclave entities. This function is called by the REE. + +**Function Declaration:** + +cc_enclave_result_t cc_enclave_destroy (cc_enclave_t ** enclave); + +**Parameter:** + +- enclave: input parameter, which specifies the context of the created enclave. + +**Return Values:** + +- CE_SUCCESS: The authentication information is verified successfully. +- CE_ERROR_INVALID_PARAMETER:The input parameter is incorrect. +- CE_ERROR_OUT_OF_MEMORY: No memory is available. +- CC_ERROR_NO_FIND_UNREGFUNC: The enclave search fails. +- CC_FAIL: common failure. +- CC_ERROR_UNEXPECTED: unexpected error. + +## cc_enclave_generate_random + +Generates random numbers. + +**Function**: + +This parameter is used to generate a secure random number for the password on the security side. + +**Function Declaration:** + +cc_enclave_result_t cc_enclave_generate_random(void *buffer, size_t size) + +**Parameters:** + +- *buffer: input parameter, which specifies the buffer for generating random numbers. +- size: input parameter, which specifies the buffer length. + +**Return Values:** + +- CE_OK: Authentication information is verified successfully. +- CE_ERROR_INVALID_PARAMETER:incorrect input parameter. +- CE_ERROR_OUT_OF_MEMORY: no memory is available. + +## cc_enclave_seal_data + +Ensures data persistence. + +**Function**: + +This parameter is used to encrypt the internal data of the enclave so that the data can be persistently stored outside the enclave. It is called by the TEE. + +**Function Declaration:** + +cc_enclave_result_t cc_enclave_seal_data(uint8_t *seal_data, uint32_t seal_data_len, + +​ cc_enclave_sealed_data_t *sealed_data, uint32_t sealed_data_len, + +​ uint8_t *additional_text, uint32_t additional_text_len) + +**Parameters:** + +- seal_data: input parameter, which specifies the data to be encrypted. +- seal_data_len: input parameter, which specifies the length of the data to be encrypted. +- sealed_data: output parameter, which specifies the encrypted data processing handle. +- sealed_data_len: output parameter, which specifies the length of the encrypted ciphertext. +- additional_text: input parameter, which specifies the additional message required for encryption. +- additional_text_len: input parameter, which specifies the additional message length. + +**Return Values:** + +- CE_SUCCESS: Data encryption succeeds. +- CE_ERROR_INVALID_PARAMETER:incorrect input parameter. +- CE_ERROR_OUT_OF_MEMORY: no memory is available. +- CC_ERROR_SHORT_BUFFER: The input buffer is too small. +- CC_ERROR_GENERIC: Common bottom-layer hardware error. + +## cc_enclave_unseal_data + +Decrypts data. + +**Function**: + +This parameter is used to decrypt the data sealed by the enclave and import the external persistent data back to the enclave. It is called by the TEE. + +**Function Declaration:** + +cc_enclave_result_t cc_enclave_unseal_data(cc_enclave_sealed_data_t *sealed_data, + + uint8_t *decrypted_data, uint32_t *decrypted_data_len, + + uint8_t *additional_text, uint32_t *additional_text_len) + +**Parameters:** + +- sealed_data: input parameter, which specifies the handle of the encrypted data. +- decrypted_data: output parameter, which specifies the buffer of the decrypted ciphertext data. +- decrypted_data_len: output parameter, which specifies the length of the decrypted ciphertext. +- additional_text: output parameter, which specifies an additional message after decryption. +- additional_text_len: output parameter, which specifies the length of the additional message after decryption. + +**Return Values:** + +- CE_SUCCESS: Data decryption is successful. +- CE_ERROR_INVALID_PARAMETER:incorrect input parameter. +- CE_ERROR_OUT_OF_MEMORY: no memory is available. +- CC_ERROR_SHORT_BUFFER: The input buffer is too small. +- CC_ERROR_GENERIC: common bottom-layer hardware error. + +## cc_enclave_get_sealed_data_size + +Obtains the size of the encrypted data. + +**Function**: + +Size of the sealed_data data, which is used to allocate the decrypted data space and can be called by the TEE and REE. + +**Function Declaration:** + +uint32_t cc_enclave_get_sealed_data_size(const uint32_t add_len, const uint32_t seal_data_len); + +**Parameters:** + +- add_len: input parameter, which specifies the additional message length. +- seal_data_len: input parameter, which specifies the length of the encrypted information. + +**Return Values:** + +- UINT32_MAX: Parameter error or function execution error. +- others: The function is successfully executed, and the return value is the size of the sealed_data structure. + +## cc_enclave_get_encrypted_text_size + +Obtains the length of an encrypted message. + +**Function**: + +This parameter is used to obtain the length of the encrypted message in the encrypted data. It is called by the TEE. + +**Function Declaration:** + +uint32_t cc_enclave_get_encrypted_text_size(const cc_enclave_sealed_data_t *sealed_data); + +**Parameter:** + +- sealed_data: input parameter, which specifies the handle of the encrypted data + +**Return Values:** + +- UINT32_MAX: Parameter error or function execution error. +- others: The function is executed successfully, and the return value is the length of the encrypted message in sealed_data. + +## cc_enclave_get_add_text_size + +Obtains the length of an additional message. + +**Function**: + +This parameter is used to obtain the length of the additional message in the encrypted data. It is called by the TEE. + +**Function Declaration:** + +uint32_t cc_enclave_get_add_text_size(const cc_enclave_sealed_data_t *sealed_data); + +**Parameter:** + +- sealed_data: input parameter, handle of the encrypted data. + +**Return Values:** + +- UINT32_MAX: Parameter error or function execution error. +- others: The function is successfully executed, and the return value is the length of the additional message in sealed_data. + +## cc_enclave_memory_in_enclave + +Performs security memory check. (Currently, this function is only supported in Intel SGX, and it is not supported in +iTrustee, because iTrustee do not support an enclave(TA) to write the memory outside enclave(TEE). It means that there is no need +for users to do this check in iTrustee.) + +**Function**: + +This parameter is used to check whether the memory addresses of the specified length belong to the TEE and is called by the TEE. + +**Function Declaration:** + +bool cc_enclave_memory_in_enclave(const void *addr, size_t size) + +**Parameters:** + +- *addr: input parameter, which specifies the memory address to be verified. +- size: input parameter, which specifies the length to be verified starting from the memory address. + +**Return Values:** + +- true: The memory in the specified zone is in the secure zone. +- false: Some or all memory in the specified area is not within the secure range. + +## cc_enclave_memory_out_enclave + +Performs security memory check. (Currently, this function is only supported in Intel SGX, and it is not supported in +iTrustee, because iTrustee do not support an enclave(TA) to write the memory outside enclave(TEE). It means that there is no need +for users to do this check in iTrustee.) + +**Function**: + +This parameter is used to check whether the memory addresses of the specified length belong to the REE and is called by the TEE. + +**Function Declaration:** + +bool cc_enclave_memory_out_enclave(const void *addr, size_t size) + +**Parameters:** + +- *addr: input parameter, which specifies the memory address to be verified. +- size: input parameter, length to be verified starting from the memory address. + +**Return Values:** + +- true: The memory of the specified area is in the non-secure area. +- false: Some or all of the memory in the specified zone is in the secure area. + +## PrintInfo + +Prints messages. + +**Function**: + +This parameter is used to print TEE logs. This API outputs the information that the TEE user wants to print. The input logs are stored in the REE /var/log/secgear/secgear.log. + +**Function Declaration:** + +void PrintInfo(int level, const char *fmt, ...); + +**Parameters:** + +- level: log print level, which is an input parameter. The value can be PRINT_ERROR, PRINT_WARNING, PRINT_STRACE, and PRINT_DEBUG. +- fmt: Input parameter, and a character to be output. + +**Return Value:** + +- None diff --git a/docs/en/docs/secGear/figures/architecture.png b/docs/en/docs/secGear/figures/architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..9f2f15ebaa8404ae10cd770b514b7efa78c7538d Binary files /dev/null and b/docs/en/docs/secGear/figures/architecture.png differ diff --git a/docs/en/docs/secGear/installing-secGear.md b/docs/en/docs/secGear/installing-secGear.md new file mode 100644 index 0000000000000000000000000000000000000000..dd91167d80dcf72ee39c43d23dfa7466ab794efc --- /dev/null +++ b/docs/en/docs/secGear/installing-secGear.md @@ -0,0 +1,51 @@ +# Installing secGear + +## Operating System + +openEuler 21.03, openEuler 20.03 LTS SP2 or later. + +## CPU Architecture + +### x86_64 + +The Intel SGX (Intel Software Guard Extensions) function is required. + +### AArch64 + +- Hardware Requirements + + | Item | Version | + | ------ | --------------------------------------------- | + | Server | TaiShan 200 server (model 2280, dual sockets) | + | Motherboard | Kunpeng motherboard | + | BMC | 1711 board (model BC82SMMAB) | + | CPU | Kunpeng 920 processor (model 7260, 5250, or 5220) | + |Chassis| No special requirements; an 8- or 12-drive chassis recommended | + + The TrustZone feature, including the iTrustee secure OS, BMC firmware, and BIOS firmware, has been installed on the server. + +- Environment Requirements + + The patch in the rich execution environment (REE) is required by a client application (CA) to communicate with a trusted application (TA) in the trusted execution environment (TEE). Before installing secGear, set up the environment as follows: + + 1. [Setting Up the TA and CA Operating Environment](https://www.hikunpeng.com/document/detail/en/kunpengcctrustzone/fg-tz/kunpengtrustzone_20_0018.html) + + 2. [Applying for a TA Developer Certificate in a Debugging Environment](https://www.hikunpeng.com/document/detail/en/kunpengcctrustzone/fg-tz/kunpengtrustzone_20_0049.html) + +## Installation Guide + +To use the secGear confidential computing programming framework, you need to install the secGear and secGear-devel development packages. Before the installation, ensure that the openEuler yum repository has been configured. + +1. Run the following command as the **root** user to install the secGear component: + + ```shell + yum install secGear + yum install secGear-devel + ``` + +2. Check whether secGear is successfully installed by running the following commands. If the corresponding software packages are displayed, the installation is successful. + + ```shell + rpm -q secGear + rpm -q secGear-devel + ``` diff --git a/docs/en/docs/secGear/introduction-to-secGear.md b/docs/en/docs/secGear/introduction-to-secGear.md new file mode 100644 index 0000000000000000000000000000000000000000..a93a1ff1e2312cd50f2abbea5d31963704ec73e6 --- /dev/null +++ b/docs/en/docs/secGear/introduction-to-secGear.md @@ -0,0 +1,19 @@ +### Overview + +With the rapid development of cloud computing, more and more enterprises deploy computing services on the cloud, which makes data protection more complex. In addition, data leakage is a major security problem faced by cloud computing. Therefore, how to ensure the security of user data on the cloud becomes especially important. Currently, data protection focuses on offline storage security and network transmission security, and lacks security protection during data running. To ensure the security of data running on the cloud and facilitate developers to develop cloud applications, openEuler launches secGear. + +secGear is a unified confidential computing programming framework that provides easy-to-use development suites, including lifecycle management of secure zones (the system is divided into TEE and REE), secure development library, code generation assistance tool, code building and signing tool, security capability and security service component implementation solution. It can be used in various scenarios, such as trust rings, encrypted databases, multi-party computing, and AI security protection. + +This document describes how to use the secGear to guide developers to develop applications based on the secGear to better protect data. + +### Architecture + +![](./figures/architecture.png) + +As shown in the preceding figure, the secGear theme consists of three layers (currently, only the base layer is open-source, and the service layer and middleware layer are gradually open-source): + +- Service layer: provides complete security services running on the security side. + +- Middleware layer: provides a set of protocol APIs to meet basic security application requirements of users. + +- Base layer: provides abundant enclave development APIs or tools and supports C POSIX APIs and standard OpenSSL APIs in the security domain. Users can develop secure applications based on these APIs. diff --git a/docs/en/docs/secGear/secGear-development-guide.md b/docs/en/docs/secGear/secGear-development-guide.md new file mode 100644 index 0000000000000000000000000000000000000000..ae5d32a658106d92c94e8454b609e221ac77f553 --- /dev/null +++ b/docs/en/docs/secGear/secGear-development-guide.md @@ -0,0 +1,431 @@ +# secGear Development Guide + +The following example describes how to use secGear to develop the helloworld program using the C language, helping you understand how to use secGear to develop applications. + +## Directory Structure Description + +Applications developed using secGear comply with the following unified directory structure: + +```text +├── helloworld +│ ├── CMakeLists.txt +│ ├── enclave +│ │ ├── CMakeLists.txt +│ │ ├── Enclave.config.xml +│ │ ├── Enclave.lds +│ │ ├── hello.c +│ │ ├── manifest.txt.in +│ │ └── rsa_public_key_cloud.pem +│ ├── helloworld.edl +│ └── host +│ ├── CMakeLists.txt +│ └── main.c +``` + +## Getting Started + +1. Create the program working directory helloworld and create enclave and host in the helloworld directory. + +2. Compile an enclave definition language (EDL) file. + + To ensure code consistency, secGear provides secgear_urts.h and secgear_tstdc.edl to mask the differences between the underlying Intel SGX and ARM iTrustee. Therefore, when the C language function library is used, the secgear_urts.h and secgear_tstdc.edl files need to be imported by default. The helloworld.edl file is as follows: + + ```c + enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + trusted { + public int get_string([out, size=32]char *buf); + }; + }; + ``` + + Note: For details about the EDL syntax, see the Intel SGX Development Guide. + +3. Compile the top-level file CMakeLists.txt. + + Compile the top-level file CMakeLists.txt and place it in the helloworld working directory. This file is used to configure information such as the processor architecture and required EDL files during compilation. + + In the preceding command, EDL_FILE indicates the EDL file, which needs to be specified by users. In this example, the EDL file is helloworld.edl. DPATH is the dynamic library loaded in the TEE. The configuration is shown in the example: + + ```c + cmake_minimum_required(VERSION 3.12 FATAL_ERROR) + project(HelloWorld C) + set(CMAKE_C_STANDARD 99) + set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + set(EDL_FILE helloworld.edl) + set(LOCAL_ROOT_PATH "$ENV{CC_SDK}") + set(SECGEAR_INSTALL_PATH /lib64/) + if(CC_GP) + set(CODETYPE trustzone) + set(CODEGEN codegen_arm64) + execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID) + string(REPLACE "\n" "" UUID ${UUID}) + add_definitions(-DPATH="/data/${UUID}.sec") + endif() + if(CC_SGX) + set(CODETYPE sgx) + set(CODEGEN codegen_x86_64) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") + endif() + add_subdirectory(${CURRENT_ROOT_PATH}/enclave) + add_subdirectory(${CURRENT_ROOT_PATH}/host) + ``` + +4. Compile the REE code and CMakeLists.txt. + + 4.1 Compile the main.c file. + + Compile the main.c file in the REE and place it in the host directory. enclave.h is the secGear header file, and helloworld_u.h is the header file generated by the auxiliary code generation tool. Use cc_enclave_create to create the enclave context in the secure zone and cc_enclave_destroy to destroy the enclave context in the secure zone. + get_string is the trusted TEE function defined in the EDL file. Note that this function is different from the get_string function defined in the EDL file. The context parameter is the context of the secure area, and the retval parameter is the return value of get_string in the EDL file. + res indicates that the get_string function is successfully called. + + ```c + #include + #include "enclave.h" + #include "helloworld_u.h" + + #define BUF_LEN 32 + + int main() + { + int retval = 0; + char *path = PATH; + char buf[BUF_LEN]; + cc_enclave_t *context = NULL; + cc_enclave_result_t res; + res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); + ... + + res = get_string(context, &retval, buf); + if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { + printf("Ecall enclave error\n"); + } else { + printf("%s\n", buf); + } + + if (context != NULL) { + res = cc_enclave_destroy(context); + ... + } + return res; + } + ``` + + 4.2 Compile CMakeLists.txt in the REE. + + ```c + # Set compilation environment variables. + #set auto code prefix + set(PREFIX helloworld) + #set host exec name + set(OUTPUT secgear_helloworld) + #set host src code + set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c) + + # Use the code generation tool to generate auxiliary code. The CODEGEN and CODETYPE variables are also defined in the top-level CMakeLists.txt file. --search-path is used to specify the path of other dependent EDL files imported to helloword.edl. + #set auto code + if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) + endif() + + if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SGXSDK}/include) + endif() + + # Set compilation and link options. + set(CMAKE_C_FLAGS "-fstack-protector-all -W -Wall -Werror -Wextra -Werror=array-bounds -D_FORTIFY_SOURCE=2 -O2 -ftrapv -fPIE") + set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack") + + # Compilation link reference directory + if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + /usr/include/secGear/host_inc + /usr/include/secGear/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) + endif() + target_link_libraries(${OUTPUT} secgear) + endif() + if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH} ${SGXSDK}/lib64) + endif() + set(SGX_MODE HW) + if(${SGX_MODE} STREQUAL HW) + set(Urts_Library_Name sgx_urts) + else() + set(Urts_Library_Name sgx_urts_sim) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES} ${LOCAL_ROOT_PATH}/src/host_src/sgx/sgx_log.c) + target_include_directories(${OUTPUT} PRIVATE + /usr/include/secGear/host_inc + /usr/include/secGear/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH} ${SGXSDK}/lib64) + endif() + target_link_libraries(${OUTPUT} secgear ${Urts_Library_Name}) + endif() + + # Specify the binary installation directory. + set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + if(CC_GP) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) + endif() + if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) + endif() + ``` + +5. Compile the TEE code, CMakeLists.txt, and configuration file, and save them in the enclave directory. + + 5.1 Compile the TEE code file hello.c. + + Compile the TEE code file hello.c and place it in the enclave directory. helloworld_t.h is an auxiliary code generation tool. It uses the EDL file to generate a TEE header file. + + ```c + #include + #include + #include "helloworld_t.h" + + #define TA_HELLO_WORLD "secGear hello world!" + #define BUF_MAX 32 + int get_string(char *buf) + { + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; + } + ``` + + 5.2 Compile the TEE CMakeLists.txt file. + + ```text + #set auto code prefix + set(PREFIX helloworld) + + #set sign key + set(PEM Enclave_private.pem) + + #set sign tool + set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + + #set enclave src code + set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/hello.c) + + #set log level + set(PRINT_LEVEL 3) + add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + + # WHITE_LIS_X sets the iTrustee whitelist. Only the host binary files in these paths can call the security image, and a maximum of eight list paths can be configured. The user set by WHITE_LIST_OWNER will be applied to all whitelist paths. The DEVICEPEM public key is used by the iTrustee to encrypt the TEE secure dynamic library using the dynamically generated AES key. + if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set itrustee device key + set(DEVICEPEM ${CMAKE_CURRENT_SOURCE_DIR}/rsa_public_key_cloud.pem) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) + endif() + + # Signature of the dynamic library on the SGX TEE side. + if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SGXSDK}/include) + endif() + + # Set compilation options. + set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + + set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + + # The manifest.txt file needs to be generated for the iTrustee. Specify the iTrustee compilation options and the search path for header files and link files. + if(CC_GP) + configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt") + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${iTrusteeSDK}/) + set(ITRUSTEE_LIBC ${iTrusteeSDK}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -m ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt + -e ${DEVICEPEM} -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + DESTINATION /data + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + + endif() + + if(CC_SGX) + set(SGX_DIR ${SGXSDK}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${LINK_LIBRARY_PATH}) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH}) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) + endif() + + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) + ``` + +6. Compile the configuration file. + + For the x86_64 processor architecture that uses Intel SGX, compile the Enclave.config.xml and Enclave.lds files and place them in the enclave directory in the TEE. For details about the file configuration format, see the SGX official document. + + Enclave.config.xml reference: + + ```c + + 0 + 0 + 0x40000 + 0x100000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + + ``` + + Enclave.lds reference: + + ```c + enclave.so + { + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; + }; + ``` + + Copy the device public key file rsa_public_key_cloud.pem to the enclave directory. The device public key is used to encrypt the dynamic library in the security zone by using the temporarily generated AES key. + + Note: The rsa_public_key_cloud.pem file is downloaded from . + +7. Compile the program. + + Run the following command to compile the SGX version. After the compilation, the executable program secgear_helloworld is generated. + + ```shell + cmake -DCMAKE_BUILD_TYPE=debug -DCC_SGX=ON -DSGXSDK="PATH" ./ && make + ``` + +8. Execute the program. + + ```c + $ ./secgear_helloworld + Create secgear enclave + secgear hello world! + ``` diff --git a/docs/en/docs/secGear/secGear.md b/docs/en/docs/secGear/secGear.md new file mode 100644 index 0000000000000000000000000000000000000000..16e7e1b3e56be4aa9244fd83bb3de44f91f873d5 --- /dev/null +++ b/docs/en/docs/secGear/secGear.md @@ -0,0 +1 @@ +# secGear Development Guide This document describes how to use secGear, the unified confidential computing programming framework, to develop applications and how to use tools contained in the framework. \ No newline at end of file diff --git a/docs/en/docs/secGear/using-the-secGear-tool.md b/docs/en/docs/secGear/using-the-secGear-tool.md new file mode 100644 index 0000000000000000000000000000000000000000..3f0c38ec94d6ef3486c520950a98420a04216519 --- /dev/null +++ b/docs/en/docs/secGear/using-the-secGear-tool.md @@ -0,0 +1,141 @@ +# Using the secGear Tool + +secGear provides a tool set to facilitate application development. This document describes the tools and how to use them. + +## Codegener: Code Generation Tool + +### Overview + +secGear codegener is a tool developed based on Intel SGX SDK edger8r. It is used to parse the EDL file to generate intermediate C code, that is, to assist in generating code that is called between the TEE and REE. + +The EDL file format defined by secGear codegener is the same as that defined by Intel SGX SDK edger8r, but the complete syntax definition of Intel is not supported: + +- The public can be used only in methods. Functions without public are declared as private by default. +- Switchless calls from the REE to the TEE and from the TEE to the REE are not supported. +- The Outside Call (OCALL) does not support some calling modes (such as cdecl, stdcall, and fastcall). + +The EDL file syntax is similar to the C language syntax. The following describes parts different from the C language syntax: + +| Member | Description | +| ----------------------- | ------------------------------------------------------------ | +| include "my_type.h” | Uses the type defined in the external inclusion file. | +| trusted | Declares that secure functions are available on the trusted application (TA) side. | +| untrusted | Declares that insecure functions are available on the TA side. | +| return_type | Defines the return value type. | +| parameter_type | Defines the parameter type. | +| \[in, size = len] | For the ECALL, this parameter indicates that data needs to be transferred from the REE to the TEE. For the OCALL, this parameter is required for the pointer type, and size indicates the buffer that is actually used. | +| \[out, size = len] | For the ECALL, this parameter indicates that data needs to be transferred from the TEE to the REE. For the OCALL, this parameter needs to be used for the pointer type, and size indicates the buffer that is actually used.| + +### Usage Instructions + +#### **Command Format** + +The format of the codegen command is as follows: + +**codegen** < --trustzone | --sgx > \[--trusted-dir \ | **--untrusted-dir** \| --trusted | --untrusted ] edlfile + +#### **Parameter Description** + +The parameters are described as follows: + +| **Parameter** | Mandatory/Optional | Description | +| ---------------------- | -------- | ------------------------------------------------------------ | +| --trustzone \| --sgx | Mandatory | Generates the API function corresponding to the confidential computing architecture only in the current command directory. If no parameter is specified, the SGX API function is generated by default. | +| --search-path \ | Optional | Specifies the search path of the file that the EDL file to be converted depends on. | +| --use-prefix | Optional | Adds a prefix to the proxy function name. The prefix is the name of the EDL file. | +| --header-only | Optional | Specifies that the code generation tool generates only header files. | +| --trusted-dir \ | Optional | Specifies the directory where the generated TEE auxiliary code is stored. If this parameter is not specified, the current path is used by default. | +| --untrusted-dir \ | Optional | Specifies the directory where the auxiliary code for generating insecure functions is located. | +| --trusted | Optional | Generates TEE auxiliary code. | +| --untrusted | Optional | Generates REE auxiliary code. | +| edlfile | Mandatory | EDL file to be converted, for example, hello.edl. | + +#### Examples + +- Convert *helloworld.edl* to generate TEE auxiliary code in *enclave-directory* and generate REE auxiliary code in *host-directory*. An example command is as follows: + +```shell +codegen --sgx --trusted-dir enclave-directory --untrusted-dir host-directory helloworld.edl +``` + +- Convert *helloworld.edl* to generate TEE auxiliary code in the current directory. The following is a command example for not generating REE auxiliary code: + +```shell +codegen --sgx --trusted helloworld.edl +``` + +- Convert *helloworld.edl* to generate REE auxiliary code in the current directory. The following is a command example that does not generate TEE auxiliary code: + +```shell +codegen --sgx --untrusted helloworld.edl +``` + +- Convert *helloworld.edl*. An example of the command for generating TEE and REE auxiliary code in the current directory is as follows: + +```shell +codegen --sgx helloworld.edl +``` + +## Signature Tool: sign_tool + +### Overview + +secGear sign_tool is a command line tool, including the compilation tool chain and signature tool, which are used for enclave signing. The sign_tool has two signature modes: + +- Single-step signature: applies only to the debugging mode. +- Two-step signature: applies to the commercial scenario. Obtain the signature private key from a third-party platform or an independent security device to sign the enclave. + +### Operation Instructions + +#### **Format** + +The sign_tool contains the sign command (for signing the enclave) and the digest command (for generating the digest value). Command format: + +**sign_tool.sh -d** \[sign | digest | dump] **-x** \ **-i** \ **-s** \ \[OPTIONS] **–o** \ + +#### **Parameter Description** + +| sign Command Parameter | Description | Mandatory/Optional | +| -------------- | -------------------------------------------------------------| -------------------------------------------- | +| -c \ | Basic configuration file | The parameter is mandatory only for the trustzone type. | +| -d \ | Specifies the operation (sign or digest or dump) to be performed by the signature tool. | Only the sign operation is performed in single-step mode. In two-step mode, the digest operation must be performed before the sign operation. The dump operation is used to generate metadata for SGX signed enclave which is submitted to Intel for whitelisting. | +| -i \ | Library file to be signed for digest/sign operation, and signed enclavae for dump operation. | Mandatory | +| -k \ | Private key (PEM file) required for one-step signature. | This parameter is mandatory only for the SGX type. | +| -m \ | Additional config_cloud.ini file. | This parameter is mandatory only for the trustzone type. | +| -o \ | Output file. | Mandatory | +| -p \ | Public key certificate (PEM file) of the signature server required for two-step signing. | This parameter is mandatory only for the SGX type. | +| -s \ | Signed digest value required for two-step signing. | Mandatory | +| -x \ | encalve type (sgx or trustzone) | Mandatory | +| -h | Prints the help information. | Optional | + +#### **Single-Step Signature** + +Set the enclave type is SGX, sign the test.enclave, and generate the signature file signed.enclave. The following is an example: + +```shell +sign_tool.sh –d sign –x sgx –i test.enclave -k private_test.pem –o signed.enclave +``` + +#### **Two-Step Signature** + +The following uses SGX as an example to describe the two-step signature procedure: + +1. Generate digest value. + + Use the sign_tool to generate the digest value digest.data and the temporary intermediate file signdata. The file is used when the signature file is generated and is automatically deleted after being signed. Example: + + ```shell + sign_tool.sh –d digest –x sgx –i input –o digest.data + ``` + +2. Send digest.data to the signature authority or platform and obtain the corresponding signature. + +3. Use the obtained signature to generate the signed dynamic library signed.enclave. + + ```shell + sign_tool.sh –d sign –x sgx–i input –p pub.pem –s signature –o signed.enclave + ``` + +Note: +1.When signing the trustzone enclave, it is recommended that use the absolute path to specify the file parameters, if provide a relative path, it should be a path relative to 'signtool_v3.py'. +2. To release an official version of applications supported by Intel SGX, you need to apply for an Intel whitelist. For details about the process, see the Intel document at . diff --git a/docs/en/docs/thirdparty_migration/OpenStack-Queens.md b/docs/en/docs/thirdparty_migration/OpenStack-Queens.md new file mode 100644 index 0000000000000000000000000000000000000000..238f3d7d5e5bd18d1d9f026c28e6fb76e50432c0 --- /dev/null +++ b/docs/en/docs/thirdparty_migration/OpenStack-Queens.md @@ -0,0 +1,2112 @@ +# OpenStack Queens Deployment Guide + + +- [OpenStack Queens Deployment Guide](#openstack-queens-deployment-guide) + - [Introduction to OpenStack](#introduction-to-openstack) + - [Conventions](#conventions) + - [Preparing the Environment](#preparing-the-environment) + - [Configuring the Environment](#configuring-the-environment) + - [Installing the SQL Database](#installing-the-sql-database) + - [Installing RabbitMQ](#installing-rabbitmq) + - [Installing Memcached](#installing-memcached) + - [Installing OpenStack](#installing-openstack) + - [Installing Keystone](#installing-keystone) + - [Installing Glance](#installing-glance) + - [Installing Nova](#installing-nova) + - [Installing Neutron](#installing-neutron) + - [Installing Cinder](#installing-cinder) + - [Installing Horizon](#installing-horizon) + - [Installing Tempest](#installing-tempest) + - [Installing Ironic](#installing-ironic) + - [Installing Kolla](#installing-kolla) + - [Installing Trove](#installing-trove) + + +## Introduction to OpenStack + +OpenStack is an open source cloud computing infrastructure software project developed by the community. It provides an operating platform or tool set for deploying the cloud, offering scalable and flexible cloud computing capabilities for organizations. + +As an open source cloud computing management platform, OpenStack consists of several major components, such as Nova, Cinder, Neutron, Glance, Keystone, and Horizon. OpenStack supports almost all cloud environments. The project aims to provide a cloud computing management platform that is easy-to-use, scalable, unified, and standardized. OpenStack provides an infrastructure as a service (IaaS) solution that combines complementary services, each of which provides an API for integration. + +The third-party oepkg Yum source certified by openEuler 20.03 LTS SP2 supports Openstack-Queens. You can configure the oepkg Yum source and deploy OpenStack based on this document. + +## Conventions + +OpenStack supports multiple deployment modes. This document supports two deployment modes: `ALL in One` and `Distributed`. The conventions are as follows: + +`ALL in One` mode: + +```text +Ignore all possible suffixes. +``` + +`Distributed` mode: + +```text +The suffix "CTL" indicates that the configuration or command applies only to the control node. +The suffix "CPT" indicates that the configuration or command applies only to compute nodes. +Otherwise, the configuration or command applies to both the controller node and compute nodes. +``` + +***Note*** + +The services involved in the above conventions are as follows: + +- Cinder +- Nova +- Neutron + +## Software Package Version Conventions + +openEuler 20.03-LTS-SP3 supports OpenStack Queens, OpenStack Rocky, and OpenStack Train. Some software packages have multiple versions. When installing any of these packages for OpenStack Queens and OpenStack Rocky, you need to specify the version. +For example, when installing OpenStack Nova, you can use the `yum list --showduplicates |grep openstack-nova` command to query the versions of the nova service. In this document,**\$QueensVer** is used to indicate the version of OpenStack Queens. + +Related software packages: + +openstack-keystone and its subpackages + +openstack-glance and its subpackages + +openstack-nova and its subpackages + +openstack-neutron and its subpackages + +openstack-cinder and its subpackages + +openstack-dashboard and its subpackages + +openstack-ironic and its subpackages + +openstack-tempest + +openstack-kolla + +openstack-kolla-ansible + +openstack-trove and its subpackages + +novnc + +diskimage-builder + +## Preparing the Environment + +### Configuring the Environment + +1. Configure the third-party oepkg source that is certified by 20.03 LTS SP2. + + ```shell + cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo + [openstack_queens] + name=OpenStack_Queens + baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/$basearch/ + gpgcheck=0 + enabled=1 + EOF + + yum clean all && yum makecache + ``` + +2. Modify the host names and mappings. + + Set the host name of each node. + + ```shell + hostnamectl set-hostname controller (CTL) + hostnamectl set-hostname compute (CPT) + ``` + + Assume that the IP address of the controller node is `10.0.0.11` and the IP address of the compute node (if any) is `10.0.0.12`, add the following information in `/etc/hosts`: + + ```text + 10.0.0.11 controller + 10.0.0.12 compute + ``` + +### Installing the SQL Database + +1. Run the following command to install the software package: + + ```shell + yum install mariadb mariadb-server python2-PyMySQL + ``` + +2. Run the following command to create and edit the `/etc/my.cnf.d/openstack.cnf` file: + + ```shell + $ vim /etc/my.cnf.d/openstack.cnf + + [mysqld] + bind-address = 10.0.0.11 + default-storage-engine = innodb + innodb_file_per_table = on + max_connections = 4096 + collation-server = utf8_general_ci + character-set-server = utf8 + ``` + + ***Note*** + + **Set `bind-address` to the management IP address of the controller node.** + +3. Start the database service and enable it to automatically start upon system boot: + + ```shell + systemctl enable mariadb.service + systemctl start mariadb.service + ``` + +4. (Optional) Configure the default password for the database. + + ```shell + mysql_secure_installation + ``` + + ***Note*** + + **Follow the prompts.** + +### Installing RabbitMQ + +1. Run the following command to install the software package: + + ```shell + yum install rabbitmq-server + ``` + +2. Start the RabbitMQ service and enable it to automatically start upon system boot. + + ```shell + systemctl enable rabbitmq-server.service + systemctl start rabbitmq-server.service + ``` + +3. Add an OpenStack user. + + ```shell + rabbitmqctl add_user openstack RABBIT_PASS + ``` + + ***Note*** + + **Replace `RABBIT_PASS` with the password of the OpenStack user.** + +4. Run the following command to set the permission of the **openstack** user so that the user can perform configuration, write, and read operations: + + ```shell + rabbitmqctl set_permissions openstack ".*" ".*" ".*" + ``` + +### Installing Memcached + +1. Run the following command to install the target software package: + + ```shell + yum install memcached python2-memcached + ``` + +2. Edit the `/etc/sysconfig/memcached` file. + + ```shell + $ vim /etc/sysconfig/memcached + + OPTIONS="-l 127.0.0.1,::1,controller" + ``` + +3. Run the following command to start the Memcached service and enable it to automatically start upon system boot: + + ```shell + systemctl enable memcached.service + systemctl start memcached.service + ``` + + After the service is started, you can run the `memcached-tool controller stats` command to ensure that the service is available. Replace `controller` with the management IP address of the controller node. + +## Installing OpenStack + +### Installing Keystone + +1. Create the **keystone** database and grant access to the **keystone** database. + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE keystone; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ + IDENTIFIED BY 'KEYSTONE_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ + IDENTIFIED BY 'KEYSTONE_DBPASS'; + MariaDB [(none)]> exit + ``` + + ***Note*** + + **Replace `KEYSTONE_DBPASS` with the password of the keystone database.** + +2. Install the software package. + + ```shell + yum install openstack-keystone httpd python2-mod_wsgi + ``` + +3. Configure the Keystone. + + ```shell + $ vim /etc/keystone/keystone.conf + + [database] + connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone + + [token] + provider = fernet + ``` + + **Note** + + In the **\[database]** section, configure the database entry. + + In the **\[token]** section, configure the token provider. + + ***Notes:*** + + **Replace `KEYSTONE_DBPASS` with the password of the keystone database.** + +4. Synchronize the database. + + ```shell + su -s /bin/sh -c "keystone-manage db_sync" keystone + ``` + +5. Initialize the Fernet keystore. + + ```shell + keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone + keystone-manage credential_setup --keystone-user keystone --keystone-group keystone + ``` + +6. Start the service: + + ```shell + keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ + --bootstrap-admin-url http://controller:5000/v3/ \ + --bootstrap-internal-url http://controller:5000/v3/ \ + --bootstrap-public-url http://controller:5000/v3/ \ + --bootstrap-region-id RegionOne + ``` + + ***Note*** + + **Replace `ADMIN_PASS` with the password of the admin user.** + +7. Configure the Apache HTTP server. + + ```shell + $ vim /etc/httpd/conf/httpd.conf + + ServerName controller + ``` + + ```shell + ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ + ``` + + **Note** + + Configure the `ServerName` item to reference the controller node. + + Create the `ServerName` item if it does not exist. + +8. Start Apache HTTP services. + + ```shell + systemctl enable httpd.service + systemctl start httpd.service + ``` + +9. Create environment variable configurations. + + ```shell + cat << EOF >> ~/.admin-openrc + export OS_PROJECT_DOMAIN_NAME=Default + export OS_USER_DOMAIN_NAME=Default + export OS_PROJECT_NAME=admin + export OS_USERNAME=admin + export OS_PASSWORD=ADMIN_PASS + export OS_AUTH_URL=http://controller:5000/v3 + export OS_IDENTITY_API_VERSION=3 + export OS_IMAGE_API_VERSION=2 + EOF + ``` + + ***Note*** + + **Replace `ADMIN_PASS` with the password of the admin user.** + +10. Create python2-openstackclient before creating the domain, projects, users, and roles. + + ```shell + yum install python2-openstackclient + ``` + + Import environmental variables. + + ```shell + source ~/.admin-openrc + ``` + + Create the project `service`. The domain `default` has been created during keystone-manage bootstrap. + + ```shell + openstack domain create --description "An Example Domain" example + ``` + + ```shell + openstack project create --domain default --description "Service Project" service + ``` + + Create a non-admin project `myproject`, user `myuser`, and role `myrole`, and add role `myrole` to `myproject` and `myuser`. + + ```shell + openstack project create --domain default --description "Demo Project" myproject + openstack user create --domain default --password-prompt myuser + openstack role create myrole + openstack role add --project myproject --user myuser myrole + ``` + +11. Perform verification. + + Cancel the temporary environment variables **OS\_AUTH\_URL** and **OS\_PASSWORD**. + + ```shell + source ~/.admin-openrc + unset OS_AUTH_URL OS_PASSWORD + ``` + + Request a token for the **admin** user: + + ```shell + openstack --os-auth-url http://controller:5000/v3 \ + --os-project-domain-name Default --os-user-domain-name Default \ + --os-project-name admin --os-username admin token issue + ``` + + Request a token for the **myuser** user: + + ```shell + openstack --os-auth-url http://controller:5000/v3 \ + --os-project-domain-name Default --os-user-domain-name Default \ + --os-project-name myproject --os-username myuser token issue + ``` + +### Installing Glance + +1. Create a database, service credentials, and API endpoints. + + Create a database. + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE glance; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ + IDENTIFIED BY 'GLANCE_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ + IDENTIFIED BY 'GLANCE_DBPASS'; + MariaDB [(none)]> exit + ``` + + ***Note:*** + + **Replace `GLANCE_DBPASS` with the password of the**glance**database.** + + Create service credentials. + + ```shell + source ~/.admin-openrc + + openstack user create --domain default --password-prompt glance + openstack role add --project service --user glance admin + openstack service create --name glance --description "OpenStack Image" image + ``` + + Create API endpoints for the image service. + + ```shell + openstack endpoint create --region RegionOne image public http://controller:9292 + openstack endpoint create --region RegionOne image internal http://controller:9292 + openstack endpoint create --region RegionOne image admin http://controller:9292 + ``` + +2. Install the software package. + + ```shell + yum install openstack-glance + ``` + +3. Configure the **glance** database. + + ```shell + $ vim /etc/glance/glance-api.conf + + [database] + connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = glance + password = GLANCE_PASS + + [paste_deploy] + flavor = keystone + + [glance_store] + stores = file,http + default_store = file + filesystem_store_datadir = /var/lib/glance/images/ + ``` + + ```shell + $ vim /etc/glance/glance-registry.conf + + [database] + connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = glance + password = GLANCE_PASS + + [paste_deploy] + flavor = keystone + + [glance_store] + stores = file,http + default_store = file + filesystem_store_datadir = /var/lib/glance/images/ + ``` + + ***Note:*** + + In the **\[database]** section, configure the database entry. + + In the **\[keystone\_authtoken]** and **\[paste\_deploy]** sections, configure the entry for the identity service. + + In the **\[glance\_store]** section, configure the local file system storage and the location where image files are stored. + + **Replace `GLANCE_DBPASS` with the password of the glance database.** + + **Replace `GLANCE_PASS` with the password of the glance user.** + +4. Synchronize the database. + + ```shell + su -s /bin/sh -c "glance-manage db_sync" glance + ``` + +5. Start the service. + + ```shell + systemctl enable openstack-glance-api.service openstack-glance-registry.service + systemctl start openstack-glance-api.service openstack-glance-registry.service + ``` + +6. Perform verification. + + Download the image. + + ```shell + source ~/.admin-openrc + + wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img + ``` + + ***Note*** + + **If the Kunpeng architecture is used, download the image of the ARM64 version.** + + Upload the image to the image service. + + ```shell + openstack image create --disk-format qcow2 --container-format bare \ + --file cirros-0.4.0-x86_64-disk.img --public cirros + ``` + + Confirm the image upload and verify the attributes. + + ```shell + openstack image list + ``` + +### Installing Nova + +1. Create a database, service credentials, and API endpoints. + + Create a database. + + ```shell + $ mysql -u root -p (CPT) + + MariaDB [(none)]> CREATE DATABASE nova_api; + MariaDB [(none)]> CREATE DATABASE nova; + MariaDB [(none)]> CREATE DATABASE nova_cell0; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> exit + ``` + + ***Note*** + + **Replace NOVA_DBPASS with the password of the nova database.** + + ```shell + source ~/.admin-openrc (CPT) + ``` + + Create Nova service credentials. + + ```shell + openstack user create --domain default --password-prompt nova (CTP) + openstack role add --project service --user nova admin (CPT) + openstack service create --name nova --description "OpenStack Compute" compute (CPT) + ``` + + Create Placement service credentials. + + ```shell + openstack user create --domain default --password-prompt placement (CPT) + openstack role add --project service --user placement admin (CPT) + openstack service create --name placement --description "Placement API" placement (CPT) + ``` + + Create Nova API endpoints. + + ```shell + openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CPT) + openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CPT) + openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CPT) + ``` + + Create Placement API endpoints. + + ```shell + openstack endpoint create --region RegionOne placement public http://controller:8778 (CPT) + openstack endpoint create --region RegionOne placement internal http://controller:8778 (CPT) + openstack endpoint create --region RegionOne placement admin http://controller:8778 (CPT) + ``` + +2. Install software packages. + + ```shell + yum install openstack-nova-api openstack-nova-conductor openstack-nova-console \ + openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api (CTL) + + yum install openstack-nova-compute (CPT) + ``` + + ***Note*** + + **If the ARM64 structure is used, run the following command:** + + ```shell + yum install edk2-aarch64 (CPT) + ``` + +3. Configures the Nova. + + ```shell + $ vim /etc/nova/nova.conf + + [DEFAULT] + enabled_apis = osapi_compute,metadata + transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ + my_ip = 10.0.0.1 + use_neutron = true + firewall_driver = nova.virt.firewall.NoopFirewallDriver + compute_driver=libvirt.LibvirtDriver (CPT) + instances_path = /var/lib/nova/instances/ (CPT) + lock_path = /var/lib/nova/tmp (CPT) + + [api_database] + connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) + + [database] + connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) + + [api] + auth_strategy = keystone + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000/ + auth_url = http://controller:5000/ + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = nova + password = NOVA_PASS + + [vnc] + enabled = true + server_listen = $my_ip + server_proxyclient_address = $my_ip + novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) + + [libvirt] + virt_type = qemu (CPT) + cpu_mode = custom (CPT) + cpu_model = cortex-a7 (CPT) + + [glance] + api_servers = http://controller:9292 + + [oslo_concurrency] + lock_path = /var/lib/nova/tmp (CTL) + + [placement] + region_name = RegionOne + project_domain_name = Default + project_name = service + auth_type = password + user_domain_name = Default + auth_url = http://controller:5000/v3 + username = placement + password = PLACEMENT_PASS + + [neutron] + auth_url = http://controller:5000 + auth_type = password + project_domain_name = default + user_domain_name = default + region_name = RegionOne + project_name = service + username = neutron + password = NEUTRON_PASS + service_metadata_proxy = true (CTL) + metadata_proxy_shared_secret = METADATA_SECRET (CTL) + ``` + + **Description** + + In the **\[default]** section, enable the compute and metadata APIs, configure the RabbitMQ message queue entrance, **my\_ip**, and enable the network service Neutron. + + In the **\[api\_database]** and **\[database]** sections, configure the database entry. + + In the **\[api]** and **\[keystone\_authtoken]** sections, configure the identity service entry. + + In the **\[vnc]** section, enable and configure the entry for the remote console. + + In the **\[glance]** section, configure the API address for the image service. + + In the **\[oslo\_concurrency]** section, configure the lock path. + + In the **\[placement]** section, configure the entry of the Placement service. + + ***Note*** + + **Replace `RABBIT_PASS` with the password of the openstack user in RabbitMQ.** + + **Set `my_ip` to the management IP address of the controller node.** + + **Replace `NOVA_DBPASS` with the password of the nova database.** + + **Replace `NOVA_PASS` with the password of the nova user.** + + **Replace `PLACEMENT_PASS` with the password of the placement user.** + + **Replace `NEUTRON_PASS` with the password of the neutron user.** + + **Replace `METADATA_SECRET` with a proper metadata agent secret.** + + **Exception** + + Manually add the Placement API access configuration. + + ```shell + $ vim /etc/httpd/conf.d/00-nova-placement-api.conf (CTL) + + + = 2.4> + Require all granted + + + Order allow,deny + Allow from all + + + ``` + + Restart the httpd service. + + ```shell + systemctl restart httpd (CTL) + ``` + + Check whether VM hardware acceleration (x86 architecture) is supported: + + ```shell + egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) + ``` + + If the returned value is **0**, hardware acceleration is not supported. You need to configure libvirt to use QEMU instead of KVM. + + ```shell + $ vim /etc/nova/nova.conf (CPT) + + [libvirt] + virt_type = qemu + ``` + + If the returned value is **1** or a larger value, hardware acceleration is supported, and no extra configuration is required. + + ***Note*** + + **If the ARM64 structure is used, run the following command:** + + ```shell + $ mkdir -p /usr/share/AAVMF + $ chown nova:nova /usr/share/AAVMF + + $ ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \ + /usr/share/AAVMF/AAVMF_CODE.fd (CPT) + $ ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \ + /usr/share/AAVMF/AAVMF_VARS.fd (CPT) + + $ vim /etc/libvirt/qemu.conf + + nvram = ["/usr/share/AAVMF/AAVMF_CODE.fd: \ + /usr/share/AAVMF/AAVMF_VARS.fd", \ + "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \ + /usr/share/edk2/aarch64/vars-template-pflash.raw"] (CPT) + ``` + +4. Synchronize the database. + + Run the following command to synchronize the **nova-api** database: + + ```shell + su -s /bin/sh -c "nova-manage api_db sync" nova (CTL) + ``` + + Run the following command to register the **cell0** database: + + ```shell + su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova (CTL) + ``` + + Create the **cell1** cell: + + ```shell + su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova (CTL) + ``` + + Synchronize the **nova** database: + + ```shell + su -s /bin/sh -c "nova-manage db sync" nova (CTL) + ``` + + Verify whether **cell0** and **cell1** are correctly registered: + + ```shell + su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova (CTL) + ``` + + Add a compute node to the OpenStack cluster. + + ```shell + su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova (CPT) + ``` + +5. Start the service. + + ```shell + systemctl enable \ (CTL) + openstack-nova-api.service \ + openstack-nova-consoleauth.service \ + openstack-nova-scheduler.service \ + openstack-nova-conductor.service \ + openstack-nova-novncproxy.service + + systemctl start \ (CTL) + openstack-nova-api.service \ + openstack-nova-consoleauth.service \ + openstack-nova-scheduler.service \ + openstack-nova-conductor.service \ + openstack-nova-novncproxy.service + ``` + + ```shell + systemctl enable libvirtd.service openstack-nova-compute.service (CPT) + systemctl start libvirtd.service openstack-nova-compute.service (CPT) + ``` + +6. Perform verification. + + ```shell + source ~/.admin-openrc (CTL) + ``` + + List service components to verify that each process is successfully started and registered. + + ```shell + openstack compute service list (CTL) + ``` + + List the API endpoints in the identity service and verify the connection to the identity service. + + ```shell + openstack catalog list (CTL) + ``` + + List the images in the image service and verify the connections: + + ```shell + openstack image list (CTL) + ``` + + Check whether the cells and placement APIs are running properly and whether other prerequisites are met. + + ```shell + nova-status upgrade check (CTL) + ``` + +### Installing Neutron + +1. Create a database, service credentials, and API endpoints. + + Create a database. + + ```shell + $ mysql -u root -p (CTL) + + MariaDB [(none)]> CREATE DATABASE neutron; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ + IDENTIFIED BY 'NEUTRON_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ + IDENTIFIED BY 'NEUTRON_DBPASS'; + MariaDB [(none)]> exit + ``` + + ***Note*** + + **Replace `NEUTRON_DBPASS` with the password of the neutron database.** + + ```shell + source ~/.admin-openrc (CTL) + ``` + + Create the **neutron** service credential. + + ```shell + openstack user create --domain default --password-prompt neutron (CTL) + openstack role add --project service --user neutron admin (CTL) + openstack service create --name neutron --description "OpenStack Networking" network (CTL) + ``` + + Create API endpoints of the Neutron service. + + ```shell + openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) + openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) + openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) + ``` + +2. Install the software package: + + ```shell + yum install openstack-neutron openstack-neutron-linuxbridge-agent ebtables ipset \ (CTL) + openstack-neutron-l3-agent openstack-neutron-dhcp-agent \ + openstack-neutron-metadata-agent + ``` + + ```shell + yum install openstack-neutron-linuxbridge-agent ebtables ipset (CPT) + ``` + +3. Configures the Neutron. + + Configure the main body. + + ```shell + $ vim /etc/neutron/neutron.conf + + [database] + connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) + + [DEFAULT] + core_plugin = ml2 (CTL) + service_plugins = router (CTL) + allow_overlapping_ips = true (CTL) + transport_url = rabbit://openstack:RABBIT_PASS@controller + auth_strategy = keystone + notify_nova_on_port_status_changes = true (CTL) + notify_nova_on_port_data_changes = true (CTL) + api_workers = 3 (CTL) + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = neutron + password = NEUTRON_PASS + + [nova] + auth_url = http://controller:5000 (CTL) + auth_type = password (CTL) + project_domain_name = Default (CTL) + user_domain_name = Default (CTL) + region_name = RegionOne (CTL) + project_name = service (CTL) + username = nova (CTL) + password = NOVA_PASS (CTL) + + [oslo_concurrency] + lock_path = /var/lib/neutron/tmp + ``` + + ***Description** + + In the **\[database]** section, configure the database entry. + + In the **\[default]** section, enable the ML2 and router plug-ins. Allow IP address overlapping, and configure the RabbitMQ message queue entry. + + In the **\[default]** and **\[keystone]** sections, configure the identity service entry. + + In the **\[default]** and **\[nova]** sections, enable the network to notify the change of the computing network topology. + + In the **\[oslo\_concurrency]** section, configure the lock path. + + ***Note*** + + **Replace `NEUTRON_DBPASS` with the password of the neutron database.** + + **Replace `RABBIT_PASS` with the password of the openstack user in RabbitMQ.** + + **Replace `NEUTRON_PASS` with the password of the neutron user.** + + **Replace `NOVA_PASS` with the password of the nova user.** + + Configure the ML2 plug-in. + + ```shell + $ vim /etc/neutron/plugins/ml2/ml2_conf.ini + + [ml2] + type_drivers = flat,vlan,vxlan + tenant_network_types = vxlan + mechanism_drivers = linuxbridge,l2population + extension_drivers = port_security + + [ml2_type_flat] + flat_networks = provider + + [ml2_type_vxlan] + vni_ranges = 1:1000 + + [securitygroup] + enable_ipset = true + ``` + + Create a symbolic link to **/etc/neutron/plugin.ini.** + + ```shell + ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini + ``` + + **Note** + + **In the \[ml2] section, enable the flat, VLAN, and VXLAN networks, enable the Linux bridge and L2 population mechanisms, and enable the port security extension driver.** + + **In the \[ml2\_type\_flat] section, configure the flat network as the provider virtual network.** + + **In the \[ml2\_type\_vxlan] section, configure the VXLAN network identifier range.** + + **In the \[securitygroup] section, set ipset.** + + **Supplement** + + **The L2 configuration can be modified as required. In this document, the provider network and Linux bridge are used.** + + Configure the Linux bridge agent: + + ```shell + $ vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini + + [linux_bridge] + physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME + + [vxlan] + enable_vxlan = true + local_ip = OVERLAY_INTERFACE_IP_ADDRESS + l2_population = true + + [securitygroup] + enable_security_group = true + firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver + ``` + + **Description** + + In the **\[linux\_bridge]** section, map the Provider virtual network to the physical network API. + + In the **\[vxlan]** section, enable the VXLAN network. Configure the IP address of the physical network API that processes the coverage network, and enable layer-2 population. + + In the **\[securitygroup]** section, enable the security group and configure the **linux bridge iptables** firewall driver. + + ***Note*** + + **Replace `PROVIDER_INTERFACE_NAME` with the physical network API.** + + **Replace `OVERLAY_INTERFACE_IP_ADDRESS` with the management IP address of the controller node.** + + Configure the Layer 3 proxy. + + ```shell + $ vim /etc/neutron/l3_agent.ini (CTL) + + [DEFAULT] + interface_driver = linuxbridge + ``` + + **Description** + + In the **\[default]** section, set the API driver to **linuxbridge**. + + Configures the DHCP agent: + + ```shell + $ vim /etc/neutron/dhcp_agent.ini (CTL) + + [DEFAULT] + interface_driver = linuxbridge + dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq + enable_isolated_metadata = true + ``` + + **Description** + + In the **\[default]** section, configure the Linux bridge API driver and Dnsmasq DHCP driver. Enable the isolated metadata. + + Configure the metadata proxy. + + ```shell + $ vim /etc/neutron/metadata_agent.ini (CTL) + + [DEFAULT] + nova_metadata_host = controller + metadata_proxy_shared_secret = METADATA_SECRET + ``` + + **Description** + + In the **\[default]** section, configure the metadata host and shared secret. + + ***Note*** + + **Replace `METADATA_SECRET` with a proper metadata agent secret.** + +4. Configures Nova. + + ```shell + $ vim /etc/nova/nova.conf + + [neutron] + auth_url = http://controller:5000 + auth_type = password + project_domain_name = Default + user_domain_name = Default + region_name = RegionOne + project_name = service + username = neutron + password = NEUTRON_PASS + service_metadata_proxy = true (CTL) + metadata_proxy_shared_secret = METADATA_SECRET (CTL) + ``` + + **Description** + + In the **\[neutron]** section, configure access parameters, enable the metadata proxy, and configure secret. + + ***Note*** + + **Replace `NEUTRON_PASS` with the password of the neutron user.** + + **Replace `METADATA_SECRET` with a proper metadata agent secret.** + +5. Synchronize the database. + + ```shell + su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron + ``` + +6. Run the following command to restart the computing API service: + + ```shell + systemctl restart openstack-nova-api.service + ``` + +7. Start network services. + + ```shell + systemctl enable openstack-neutron-server.service \ (CTL) + openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \ + openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service + systemctl restart openstack-nova-api.service openstack-neutron-server.service (CTL) + openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \ + openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service + + systemctl enable openstack-neutron-linuxbridge-agent.service (CPT) + systemctl restart openstack-neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) + ``` + +8. Perform verification. + + Run the following command to list the neutron agents: + + ```shell + openstack network agent list + ``` + +### Installing Cinder + +1. Create a database, service credentials, and API endpoints. + + Create a database. + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE cinder; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \ + IDENTIFIED BY 'CINDER_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \ + IDENTIFIED BY 'CINDER_DBPASS'; + MariaDB [(none)]> exit + ``` + + ***Note*** + + **Replace `CINDER_DBPASS` with the password of the cinder database.** + + ```shell + source ~/.admin-openrc + ``` + + Create Cinder service credentials: + + ```shell + openstack user create --domain default --password-prompt cinder + openstack role add --project service --user cinder admin + openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 + openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3 + ``` + + Create API endpoints for the block storage service. + + ```shell + openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s + openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s + openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s + openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s + openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s + openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s + ``` + +2. Install the software package: + + ```shell + yum install openstack-cinder-api openstack-cinder-scheduler (CTL) + ``` + + ```shell + yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \ (CPT) + openstack-cinder-volume openstack-cinder-backup + ``` + +3. Prepare storage devices. The following is an example: + + ```shell + $ pvcreate /dev/vdb + $ vgcreate cinder-volumes /dev/vdb + + $ vim /etc/lvm/lvm.conf + + + devices { + ... + filter = [ "a/vdb/", "r/.*/"] + ``` + + **Description** + + In the **devices** section, add filtering to allow the /dev/vdb device to reject other devices. + +4. Prepare NFS. + + ```shell + mkdir -p /root/cinder/backup + + cat << EOF >> /etc/export + /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) + EOF + + ``` + +5. Configure the Cinder. + + ```shell + $ vim /etc/cinder/cinder.conf + + [DEFAULT] + transport_url = rabbit://openstack:RABBIT_PASS@controller + auth_strategy = keystone + my_ip = 10.0.0.11 + enabled_backends = lvm (CPT) + backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (CPT) + backup_share=HOST:PATH (CPT) + + [database] + connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = cinder + password = CINDER_PASS + + [oslo_concurrency] + lock_path = /var/lib/cinder/tmp + + [lvm] + volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (CPT) + volume_group = cinder-volumes (CPT) + iscsi_protocol = iscsi (CPT) + iscsi_helper = tgtadm (CPT) + ``` + + **Description** + + In the **\[database]** section, configure the database entry. + + In the **\[DEFAULT]** section, configure the RabbitMQ message queue entry and **my\_ip**. + + In the **\[DEFAULT]** and **\[keystone\_authtoken]** sections, configure the identity service entry. + + In the **\[oslo\_concurrency]** section, configure the lock path. + + ***Note*** + + **Replace `CINDER_DBPASS` with the password of the cinder database.** + + **Replace `RABBIT_PASS` with the password of the openstack user in RabbitMQ.** + + **Set `my_ip` to the management IP address of the controller node.** + + **Replace `CINDER_PASS` with the password of the cinder user.** + + **Replace `HOST:PATH` with the host IP address of the NFS and the password of the shared path user.** + +6. Synchronize the database. + + ```shell + su -s /bin/sh -c "cinder-manage db sync" cinder (CTL) + ``` + +7. Configure Nova. + + ```shell + $ vim /etc/nova/nova.conf (CTL) + + [cinder] + os_region_name = RegionOne + ``` + +8. Restart the computing API service. + + ```shell + systemctl restart openstack-nova-api.service + ``` + +9. Start the Cinder service. + + ```shell + systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) + systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) + ``` + + ```shell + systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \ (CPT) + openstack-cinder-volume.service \ + openstack-cinder-backup.service + systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \ (CPT) + openstack-cinder-volume.service \ + openstack-cinder-backup.service + ``` + + ***Note*** + + If Cinder uses tgtadm to attach volumes, modify **/etc/tgt/tgtd.conf** to ensure that tgtd can discover the iSCSI target of cinder-volume. + + ```text + include /var/lib/cinder/volumes/* + ``` + +10. Perform verification. + + ```shell + source ~/.admin-openrc + openstack volume service list + ``` + +### Installing Horizon + +1. Install the software package. + + ```shell + yum install openstack-dashboard + ``` + +2. Modify the file. + + Modify the variables. + + ```shell + $ vim /etc/openstack-dashboard/local_settings + + ALLOWED_HOSTS = ['*', ] + OPENSTACK_HOST = "controller" + OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST + ``` + +3. Restart the httpd service. + + ```shell + systemctl restart httpd + ``` + +4. Perform verification. +Open a browser and enter in the address bar to log in to Horizon. + + ***Note*** + + **Replace HOSTIP with the management plane IP address of the controller node.** + +### Installing Tempest + +Tempest is an integration test service of OpenStack. You are advised to use Tempest if you need to fully and automatically test the functions of the installed OpenStack environment. Otherwise, the installation is not required. + +1. Install Tempest. + + ```shell + yum install openstack-tempest + ``` + +2. Initialize the catalog. + + ```shell + tempest init mytest + ``` + +3. Modify the configuration file. + + ```shell + cd mytest + vi etc/tempest.conf + ``` + + Information about the current OpenStack environment needs to be configured in **tempest.conf**. For details, see the [Sample Configuration File](https://docs.openstack.org/tempest/latest/sampleconf.html). + +4. Perform the test. + + ```shell + tempest run + ``` + +### Installing Ironic + +Ironic is a bare metal service of OpenStack. You are advised to use Ironic if you need to deploy a bare metal server. Otherwise, the installation is not required. + +1. Set the database. + + The bare metal service stores information in the database. Create an Ironic database that can be accessed by the **ironic** user and replace **Ironic\_DBPASSWORD** with a proper password. + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \ + IDENTIFIED BY 'IRONIC_DBPASSWORD'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \ + IDENTIFIED BY 'IRONIC_DBPASSWORD'; + ``` + +2. Create the service user and perform verification. + + 1\. Create the bare metal service users. + + ```shell + openstack user create --password IRONIC_PASSWORD \ + --email ironic@example.com ironic + openstack role add --project service --user ironic admin + openstack service create --name ironic + --description "Ironic baremetal provisioning service" baremetal + + openstack service create --name ironic-inspector --description "Ironic inspector baremetal provisioning service" baremetal-introspection + openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector + openstack role add --project service --user ironic-inspector admin + ``` + + 2\. Create the bare metal service access portals. + + ```shell + openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 + openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 + openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 + openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 + openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 + openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 + ``` + +3. Configuring the ironic-api Service + + Configuration file path: **/etc/ironic/ironic.conf** + + 1\. Set **connection** to the database location, as shown in the following example. Replace **IRONIC\_DBPASSWORD** with the password of the **ironic** user and **DB\_IP** with the IP address of the database server. + + ```text + [database] + + # The SQLAlchemy connection string used to connect to the + # database (string value) + + connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic + ``` + + 2\. Configure the ironic-api service to use the RabbitMQ message broker and replace **RPC_\*** with the address and credential of RabbitMQ. + + ```text + [DEFAULT] + + # A URL representing the messaging driver to use and its full + # configuration. (string value) + + transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ + ``` + + You can also use JSON-RPC to replace RabbitMQ. + + 3\. Configure the credential for the ironic-api service to use the identity service. Replace **PUBLIC\_IDENTITY\_IP** with the public IP address of the server of the identity service, and replace **PRIVATE\_IDENTITY\_IP** with the private IP address of the identity service server. Replace **Ironic\_PASSWORD** with the password of user **ironic**. + + ```text + [DEFAULT] + + # Authentication strategy used by ironic-api: one of + # "keystone" or "noauth". "noauth" should not be used in a + # production environment because all authentication will be + # disabled. (string value) + + auth_strategy=keystone + + [keystone_authtoken] + # Authentication type to load (string value) + auth_type=password + # Complete public Identity API endpoint (string value) + www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 + # Complete admin Identity API endpoint. (string value) + auth_url=http://PRIVATE_IDENTITY_IP:5000 + # Service username. (string value) + username=ironic + # Service account password. (string value) + password=IRONIC_PASSWORD + # Service tenant name. (string value) + project_name=service + # Domain name containing project (string value) + project_domain_name=Default + # User's domain name (string value) + user_domain_name=Default + ``` + + 4\. Create a database table for the bare metal service. + + ```shell + ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema + ``` + + 5\. Restart the ironic-api service. + + ```shell + sudo systemctl restart openstack-ironic-api + ``` + +4. Configuring the ironic-conductor Service + + 1\. Replace **HOST\_IP** with the IP address of the conductor host. + + ```text + [DEFAULT] + + # IP address of this host. If unset, will determine the IP + # programmatically. If unable to do so, will use "127.0.0.1". + # (string value) + + my_ip=HOST_IP + ``` + + 2\. Configure the database location. The configuration of ironic-conductor must be the same as that of ironic-api. Replace **IRONIC\_DBPASSWORD** with the password of the **ironic** user and **DB\_IP** with the IP address of the database server. + + ```text + [database] + + # The SQLAlchemy connection string to use to connect to the + # database. (string value) + + connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic + ``` + + 3\. Configure the ironic-api service to use the RabbitMQ. The configuration of ironic-conductor service must be the same as that of ironic-api. Replace **RPC\_***\** with the address and credential of RabbitMQ. + + ```text + [DEFAULT] + + # A URL representing the messaging driver to use and its full + # configuration. (string value) + + transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ + ``` + + You can also use JSON-RPC to replace RabbitMQ. + + 4\. Configure credentials to access other OpenStack services. + + To communicate with other OpenStack services, the service user needs to use the OpenStack Identity service for authentication when the bare metal service requests other services. The credentials for these users must be configured in each configuration file associated with the respective service. + + ```text + [neutron] - Access OpenStack network service. + [glance] - Access the OpenStack image service. + [swift] - Access the OpenStack object storage service. + [cinder] Access the OpenStack block storage service. + [inspector] - Access the OpenStack inspection service of the bare metal service. + [service_catalog] - A special item used to store the credentials used by the bare metal service to discover its own API URL endpoints registered in the OpenStack identity service catalog. + ``` + + For simplicity, you can use the same service user for all services. For backward compatibility, this user must be the same as that configured in **\[keystone\_authtoken]** of the ironic-api service. This is not mandatory. You can create and configure different service users for each service. + + In the following example, the configuration for the authentication information for users to access the OpenStack network service is: + + ```text + Network services are deployed in the identity service domain named "RegionOne". Only public endpoint APIs are registered in the service catalog. + + A specific CA SSL certificate is used for HTTPS connection when requested. + + The same service user with ironic-api service is configured. + + The dynamic password authentication plug-in discovers the appropriate version of the identity service API based on other options. + ``` + + ```text + [neutron] + + # Authentication type to load (string value) + auth_type = password + # Authentication URL (string value) + auth_url=https://IDENTITY_IP:5000/ + # Username (string value) + username=ironic + # User's password (string value) + password=IRONIC_PASSWORD + # Project name to scope to (string value) + project_name=service + # Domain ID containing project (string value) + project_domain_id=default + # User's domain id (string value) + user_domain_id=default + # PEM encoded Certificate Authority to use when verifying + # HTTPs connections. (string value) + cafile=/opt/stack/data/ca-bundle.pem + # The default region_name for endpoint URL discovery. (string + # value) + region_name = RegionOne + # List of interfaces, in order of preference, for endpoint + # URL. (list value) + valid_interfaces=public + ``` + + By default, to communicate with other services, the bare metal service attempts to discover the appropriate endpoints of the service through the service catalog of the identity service. If you want to use a different endpoint for a specific service, specify the **endpoint\_override** option in the bare metal service configuration file. + + ```text + [neutron] + ... + endpoint_override = + ``` + + 5\. Configure allowed drivers and hardware types. + + Configure **enabled\_hardware\_types** to set the hardware types allowed by the ironic-conductor service. + + ```text + [DEFAULT] + enabled_hardware_types = ipmi + ``` + + Configure the hardware API. + + ```text + enabled_boot_interfaces = pxe + enabled_deploy_interfaces = direct,iscsi + enabled_inspect_interfaces = inspector + enabled_management_interfaces = ipmitool + enabled_power_interfaces = ipmitool + ``` + + Configure API default values. + + ```text + [DEFAULT] + default_deploy_interface = direct + default_network_interface = neutron + ``` + + If any driver that uses Direct Deploy is enabled, you must install and configure the Swift backend of the . The Ceph object gateway (RADOS gateway) can also be used as a backend for the image service. + + 6\. Restart the ironic-conductor service. + + ```shell + sudo systemctl restart openstack-ironic-conductor + ``` + +5. Configure the ironic-conductor service. + + Configuration file path: **/etc/ironic-inspector/inspector.conf** + + 1\. Create a database. + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; + + MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \ + IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; + ``` + + 2\. Set **connection** to the database location, as shown in the following example. Replace **IRONIC\_INSPECTOR\_DBPASSWORD** with the password of the **ironic\_inspector** user and **DB\_IP** with the IP address of the database server. + + ```text + [database] + backend = sqlalchemy + connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector + ``` + + 3\. Configure the communication address of the message queue. + + ```text + [DEFAULT] + transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ + ``` + + 4\. Configure Keystone authentication. + + ```text + [DEFAULT] + + auth_strategy = keystone + + [ironic] + + api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 + auth_type = password + auth_url = http://PUBLIC_IDENTITY_IP:5000 + auth_strategy = keystone + ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 + os_region = RegionOne + project_name = service + project_domain_name = Default + user_domain_name = Default + username = IRONIC_SERVICE_USER_NAME + password = IRONIC_SERVICE_USER_PASSWORD + ``` + + 5\. Configure the ironic inspector Dnsmasq service. + + ```text + # Configuration file path: /etc/ironic-inspector/dnsmasq.conf + port=0 + interface=enp3s0 #Replace it with the actual listening network API. + dhcp-range=172.20.19.100,172.20.19.110 #Replace it with the actual DHCP address range. + bind-interfaces + enable-tftp + + dhcp-match=set:efi,option:client-arch,7 + dhcp-match=set:efi,option:client-arch,9 + dhcp-match=aarch64, option:client-arch,11 + dhcp-boot=tag:aarch64,grubaa64.efi + dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi + dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 + + tftp-root=/tftpboot #Replace it with the actual tftpboot directory. + log-facility=/var/log/dnsmasq.log + ``` + + 6\. Enable the services. + + ```shell + systemctl enable --now openstack-ironic-inspector.service + systemctl enable --now openstack-ironic-inspector-dnsmasq.service + ``` + +6. Create a deploy ramdisk image. + + RAMDisk images of OpenStack Queens can be created using the ironic-python-agent service or disk-image-builder tool, or the latest ironic-python-agent-builder in the community. You can also use other tools. If the native tool of OpenStack Queens RAMDisk is used, you need to install the corresponding software package. + + ```shell + yum install openstack-ironic-python-agent + Or + yum install diskimage-builder + ``` + + For details, see the [official document](https://docs.openstack.org/ironic/queens/install/deploy-ramdisk.html). + + This section describes how to use ironic-python-agent-builder to build the deploy image used by Ironic. + + 1. Install ironic-python-agent-builder. + + 1. Install the tool. + + ```shell + pip install ironic-python-agent-builder + ``` + + 2. Modify the Python interpreter in the following file: + + ```shell + /usr/bin/yum /usr/libexec/urlgrabber-ext-down + ``` + + 3. Install other necessary tools. + + ```shell + yum install git + ``` + + `DIB` depends on `semanage`. Before creating an image, check whether the `semanage --help` command is available. If no such command is displayed, install it. + + ```shell + #Query the package to be installed. + $ yum provides /usr/sbin/semanage + Loaded plug-in: fastestmirror + Loading mirror speeds from cached hostfile + * base: mirror.vcu.edu + * extras: mirror.vcu.edu + * updates: mirror.math.princeton.edu + policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities + Source: base + Matching source: + File name: /usr/sbin/semanage + #Installation + $ yum install policycoreutils-python + ``` + + 2. Create the image. + + If the `arm` architecture is used, add the following information: + + ```shell + export ARCH=aarch64 + ``` + + Basic usage: + + ```shell + usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] + [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] + distribution + + positional arguments: + distribution Distribution to use + + optional arguments: + -h, --help show this help message and exit + -r RELEASE, --release RELEASE + Distribution release to use + -o OUTPUT, --output OUTPUT + Output base file name + -e ELEMENT, --element ELEMENT + Additional DIB element to use + -b BRANCH, --branch BRANCH + If set, override the branch that is used for ironic- + python-agent and requirements + -v, --verbose Enable verbose logging in diskimage-builder + --extra-args EXTRA_ARGS + Extra arguments to pass to diskimage-builder + ``` + + Example: + + ```shell + ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky + ``` + + 3. Allow SSH login. + + Initialize environment variables and create the image. + + ```shell + export DIB_DEV_USER_USERNAME=ipa \ + export DIB_DEV_USER_PWDLESS_SUDO=yes \ + export DIB_DEV_USER_PASSWORD='123' + ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser + ``` + + 4. Specify a code repository. + + Initialize the corresponding environment variables and create an image. + + ```text + # Specify the repository address and version. + DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git + DIB_REPOREF_ironic_python_agent=origin/develop + + # Clone code directly from Gerrit. + DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent + DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 + ``` + + For details, see [source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html). + + The verification of the specified repository address and version is successful. + +### Installing Kolla + +Kolla provides container-based deployment for OpenStack services in the production environment. The Kolla and Kolla-ansible services are introduced in openEuler 20.03 LTS SP2. + +The installation of Kolla is simple. You only need to install the corresponding RPM package. + +```shell +yum install openstack-kolla openstack-kolla-ansible +``` + +After the installation, you can use commands including `kolla-ansible`, `kolla-build`, `kolla-genpwd`, and `kolla-mergepwd`. + +### Installing Trove + +Trove is a database service provided by OpenStack. You are advised to use Trove if you use the database service provided by OpenStack. Otherwise, the installation is not required. + +1. Set the database. + + The database service stores information in the database. Create a **trove** user to access the **trove** database. Replace **TROVE\_DBPASSWORD** with a proper password. + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \ + IDENTIFIED BY 'TROVE_DBPASSWORD'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \ + IDENTIFIED BY 'TROVE_DBPASSWORD'; + ``` + +2. Create the service user and perform verification. + + 1\. Create a Trove service user. + + ```shell + openstack user create --password TROVE_PASSWORD \ + --email trove@example.com trove + openstack role add --project service --user trove admin + openstack service create --name trove + --description "Database service" database + ``` + + **Note:** Replace `TROVE_PASSWORD` with the password of the `trove` user. + + 2\. Create a database service access portal. + + ```shell + openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\(tenant_id\)s + openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\(tenant_id\)s + openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\(tenant_id\)s + ``` + + **Note:** Replace `$TROVE_NODE` with the API service deployment node of the Trove. + +3. Install and configure Trove components. + 1. Install the Trove package. + + ```shell + yum install openstack-trove python-troveclient + ``` + + 2. Configure `trove.conf`. + + ```shell + $ vim /etc/trove/trove.conf + + [DEFAULT] + bind_host=TROVE_NODE_IP + log_dir = /var/log/trove + + auth_strategy = keystone + # Config option for showing the IP address that nova doles out + add_addresses = True + network_label_regex = ^NETWORK_LABEL$ + api_paste_config = /etc/trove/api-paste.ini + + trove_auth_url = http://controller:35357/v3/ + nova_compute_url = http://controller:8774/v2 + cinder_url = http://controller:8776/v1 + + nova_proxy_admin_user = admin + nova_proxy_admin_pass = ADMIN_PASS + nova_proxy_admin_tenant_name = service + taskmanager_manager = trove.taskmanager.manager.Manager + use_nova_server_config_drive = True + + # Set these if using Neutron Networking + network_driver=trove.network.neutron.NeutronDriver + network_label_regex=.* + + + transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ + + [database] + connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000/v3/ + auth_url=http://controller:35357/v3/ + #auth_uri = http://controller/identity + #auth_url = http://controller/identity_admin + auth_type = password + project_domain_name = default + user_domain_name = default + project_name = service + username = trove + password = TROVE_PASS + + ``` + + **Note:** + + - Set `bind_host` in the `[Default]` section to the IP address of the Trove node in the group. + - `nova_compute_url` and `cinder_url` are endpoints created in Keystone for Nova and Cinder. + - `nova_proxy_XXX` shows the information about a user who can access the Nova service. In the preceding example, the `admin` user is used as an example. + - `transport_url` is the connection information of `RabbitMQ`. Replace `RABBIT_PASS` with the RabbitMQ password. + - `connection` in the `[database]` section is the information about the database created for Trove in the MySQL. + - Replace `TROVE_PASS` with the actual password of the **trove** user. + + 3. Configure `trove-taskmanager.conf`. + + ```shell + $ vim /etc/trove/trove-taskmanager.conf + + [DEFAULT] + log_dir = /var/log/trove + trove_auth_url = http://controller/identity/v2.0 + nova_compute_url = http://controller:8774/v2 + cinder_url = http://controller:8776/v1 + transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ + + [database] + connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove + ``` + + **Note:** Refer to the configuration of `trove.conf`. + + 4. Configure `trove-conductor.conf`. + + ```shell + $ vim /etc/trove/trove-conductor.conf + + [DEFAULT] + log_dir = /var/log/trove + trove_auth_url = http://controller/identity/v2.0 + nova_compute_url = http://controller:8774/v2 + cinder_url = http://controller:8776/v1 + transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ + + [database] + connection = mysql+pymysql://trove:trove@controller/trove + ``` + + **Note:** Refer to the configuration of `trove.conf`. + + 5. Configure `trove-guestagent.conf`. + + ```shell + $ vim /etc/trove/trove-guestagent.conf + [DEFAULT] + rabbit_host = controller + rabbit_password = RABBIT_PASS + nova_proxy_admin_user = admin + nova_proxy_admin_pass = ADMIN_PASS + nova_proxy_admin_tenant_name = service + trove_auth_url = http://controller/identity_admin/v2.0 + ``` + + **Note:** `guestagent` is an independent component of Trove and needs to be built into the VM image created by the Trove through Nova. After a database instance is created, the guest agent process is started to report heartbeat messages to the Trove through the message queue (RabbitMQ). Therefore, you need to configure the RabbitMQ user name and password. + + 6. Generate the `Trove` database table. + + ```shell + su -s /bin/sh -c "trove-manage db_sync" trove + ``` + +4. Complete the installation and configuration. + + 1. Configure the automatic startup of the Trove service. + + ```shell + systemctl enable openstack-trove-api.service \ + openstack-trove-taskmanager.service \ + openstack-trove-conductor.service + ``` + + 2. Start the service. + + ```shell + systemctl start openstack-trove-api.service \ + openstack-trove-taskmanager.service \ + openstack-trove-conductor.service + ``` + +### Installing Rally + +Rally is a performance test tool provided by OpenStack. The installation of Rally is simple. + +```shell +yum install openstack-rally openstack-rally-plugins +``` diff --git a/docs/en/docs/thirdparty_migration/OpenStack-Rocky.md b/docs/en/docs/thirdparty_migration/OpenStack-Rocky.md new file mode 100644 index 0000000000000000000000000000000000000000..e3204d7aabbdd75aa8c044e4eee044fa1fb2b889 --- /dev/null +++ b/docs/en/docs/thirdparty_migration/OpenStack-Rocky.md @@ -0,0 +1,2108 @@ +# OpenStack Rocky Deployment Guide + + +- [OpenStack Rocky Deployment Guide](#openstack-rocky-deployment-guide) + - [Introduction to OpenStack](#introduction-to-openstack) + - [Software Package Version Conventions](#software-package-version-conventions) + - [Preparing the Environment](#preparing-the-environment) + - [Configuring OpenStack Yum Source](#configuring-openstack-yum-source) + - [Configuring the Environment](#configuring-the-environment) + - [Installing the SQL Database](#installing-the-sql-database) + - [Installing RabbitMQ](#installing-rabbitmq) + - [Installing Memcached](#installing-memcached) + - [Installing OpenStack](#installing-openstack) + - [Installing Keystone](#installing-keystone) + - [Installing Glance](#installing-glance) + - [Installing Nova](#installing-nova) + - [Installing Neutron](#installing-neutron) + - [Installing Cinder](#installing-cinder) + - [Installing Horizon](#installing-horizon) + - [Installing Tempest](#installing-tempest) + - [Installing Ironic](#installing-ironic) + - [Create the service user and perform verification.](#create-the-service-user-and-perform-verification) + - [Configuring the ironic-api Service](#configuring-the-ironic-api-service) + - [Configuring the ironic-conductor Service](#configuring-the-ironic-conductor-service) + - [Installing ironic-python-agent-builder](#installing-ironic-python-agent-builder) + - [Creating the Image](#creating-the-image) + - [Common Image](#common-image) + - [Allowing SSH Login](#allowing-ssh-login) + - [Specifying the Code Repositories](#specifying-the-code-repositories) + - [Installing Kolla](#installing-kolla) + - [Installing Trove](#installing-trove) + - [Installing Rally](#installing-rally) + + + +## Introduction to OpenStack + +OpenStack is an open source cloud computing infrastructure software project developed by the community. It provides an operating platform or tool set for deploying the cloud, offering scalable and flexible cloud computing capabilities for organizations. + +As an open source cloud computing management platform, OpenStack consists of several major components, such as Nova, Cinder, Neutron, Glance, Keystone, and Horizon. OpenStack supports almost all cloud environments. The project aims to provide a cloud computing management platform that is easy-to-use, scalable, unified, and standardized. OpenStack provides an infrastructure as a service (IaaS) solution that combines complementary services, each of which provides an API for integration. + +The third-party oepkg Yum source certified by openEuler 20.03 LTS SP3 supports OpenStack Rocky. You can configure the oepkg Yum source and deploy OpenStack based on this document. + +## Software Package Version Conventions + +openEuler 20.03-LTS-SP3 supports OpenStack Queens, OpenStack Rocky, and OpenStack Train. Some software packages have multiple versions. When installing any of these packages for OpenStack Queens and OpenStack Rocky, you need to specify the version. +For example, when installing OpenStack Nova, you can use the `yum list --showduplicates |grep openstack-nova` command to query the versions of the nova service. In this document,**\$RockyVer** is used to indicate the version of OpenStack Rocky. + +Related software packages: + +openstack-keystone and its subpackages + +openstack-glance and its subpackages + +openstack-nova and its subpackages + +openstack-neutron and its subpackages + +openstack-cinder and its subpackages + +openstack-dashboard and its subpackages + +openstack-ironic and its subpackages + +openstack-tempest + +openstack-kolla + +openstack-kolla-ansible + +openstack-trove and its subpackages + +novnc + +diskimage-builder + +## Preparing the Environment + +### Configuring OpenStack Yum Source + +Configure third-party oepkg source that is certified by 20.03 LTS SP3. The following uses x86\_64 as an example. + +```shell +$ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo +[openstack_rocky] +name=OpenStack_Rocky +baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/x86_64/ +gpgcheck=0 +enabled=1 +EOF +``` + +```shell +$ yum clean all && yum makecache +``` + +### Configuring the Environment + +Add controller information in **/etc/hosts**. For example, if the node IP address is **10.0.0.11**, add the following information: + +``` +10.0.0.11 controller +``` + +### Installing the SQL Database + +1. Run the following command to install the software package: + + ```shell + $ yum install mariadb mariadb-server python2-PyMySQL + ``` + +2. Create a file named **/etc/my.cnf.d/openstack.cnf** and edit it. + + Copy the following content to the file (set **bind-address** to the management IP address of the controller node): + + ```ini + [mysqld] + bind-address = 10.0.0.11 + default-storage-engine = innodb + innodb_file_per_table = on + max_connections = 4096 + collation-server = utf8_general_ci + character-set-server = utf8 + ``` + +3. Start the database service and enable it to automatically start upon system boot: + + ```shell + $ systemctl enable mariadb.service + $ systemctl start mariadb.service + ``` + +### Installing RabbitMQ + +1. Run the following command to install the software package: + + ```shell + $ yum install rabbitmq-server + ``` + +2. Start the RabbitMQ service and enable it to automatically start upon system boot. + + ```shell + $ systemctl enable rabbitmq-server.service + $ systemctl start rabbitmq-server.service + ``` + +3. Add an OpenStack user. + + ```shell + $ rabbitmqctl add_user openstack RABBIT_PASS + ``` + +4. Replace *RABBIT\_PASS* with the password of the OpenStack user. + +5. Run the following command to set the permission of the **openstack** user so that the user can perform configuration, write, and read operations: + + ```shell + $ rabbitmqctl set_permissions openstack ".*" ".*" ".*" + ``` + +### Installing Memcached + +1. Run the following command to install the target software package: + + ```shell + $ yum install memcached python2-memcached + ``` + +2. Edit the **/etc/sysconfig/memcached** file and add the following content: + + ```shell + OPTIONS="-l 127.0.0.1,::1,controller" + ``` + + Change the value of **OPTIONS** to the actual management IP address of the controller node. + +3. Run the following command to start the Memcached service and enable it to automatically start upon system boot: + + ```shell + $ systemctl enable memcached.service + $ systemctl start memcached.service + ``` + +## Installing OpenStack + +### Installing Keystone + +1. Log in to the database as the **root** user. Create the Keystone database, and grant permissions to the user. + + ```shell + $ mysql -u root -p + ``` + + ```sql + MariaDB [(none)]> CREATE DATABASE keystone; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ + IDENTIFIED BY 'KEYSTONE_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ + IDENTIFIED BY 'KEYSTONE_DBPASS'; + MariaDB [(none)]> exit + ``` + + Replace *KEYSTONE\_DBPASS* with the password of the Keystone database. + +2. Run the following command to install the software package: + + ```shell + $ yum install openstack-keystone-$RockyVer httpd python2-mod_wsgi + ``` + +3. Edit the **/etc/keystone/keystone.conf** file to configure Keystone. In the **\[database]** section, configure the database entry. In the **\[token]** section, configure the token provider. + + ```ini + [database] + connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone + [token] + provider = fernet + ``` + + Replace *KEYSTONE\_DBPASS* with the password of the Keystone database. + +4. Run the following command to synchronize the database. + + ```shell + su -s /bin/sh -c "keystone-manage db_sync" keystone + ``` + +5. Run the following command to initialize the Fernet keystore: + + ```shell + $ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone + $ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone + ``` + +6. Run the following commands to enable the identity service: + + ```shell + $ keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ + --bootstrap-admin-url http://controller:5000/v3/ \ + --bootstrap-internal-url http://controller:5000/v3/ \ + --bootstrap-public-url http://controller:5000/v3/ \ + --bootstrap-region-id RegionOne + ``` + + Replace *ADMIN\_PASS* with the password of the **admin** user. + +7. Edit the **/etc/httpd/conf/httpd.conf** file and configure the Apache HTTP server. + + ```shell + $ vim /etc/httpd/conf/httpd.conf + ``` + + Enable **ServerName** to reference the controller node: + + ``` + ServerName controller + ``` + + If **ServerName** does not exist, create it. + +8. Run the following command to create a link for the **/usr/share/keystone/wsgi-keystone.conf** file: + + ```shell + $ ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ + ``` + +9. After the installation is complete, run the following command to start the Apache HTTP service: + + ```shell + $ systemctl enable httpd.service + $ systemctl start httpd.service + ``` + +10. Install the OpenStack client. + + ```shell + $ yum install python2-openstackclient + ``` + +11. Create the environment script for the OpenStack client. + + Run the following command to create environment variable script for the **admin** user: + + ```shell + # vim admin-openrc + + export OS_PROJECT_DOMAIN_NAME=Default + export OS_USER_DOMAIN_NAME=Default + export OS_PROJECT_NAME=admin + export OS_USERNAME=admin + export OS_PASSWORD=ADMIN_PASS + export OS_AUTH_URL=http://controller:5000/v3 + export OS_IDENTITY_API_VERSION=3 + export OS_IMAGE_API_VERSION=2 + ``` + + Replace **DMIN\_PASS* with the password of user **admin** that is set in the preceding `keystone-manage bootstrap` command. Run the following script to load environment variables: + + ```shell + $ source admin-openrc + ``` + +12. Run the following commands to create the domains, projects, users, and roles: + + Create a domain named **example**. + + ```shell + $ openstack domain create --description "An Example Domain" example + ``` + + Note: The domain **default** has been created in **keystone-manage bootstrap**. + + Create a project named **service**. + + ```shell + $ openstack project create --domain default --description "Service Project" service + ``` + + Create a non-admin project named **myproject**, a user named **myuser**, and a role named **myrole**. Add the **myrole** role to **myproject** and **myuser**. + + ```shell + $ openstack project create --domain default --description "Demo Project" myproject + $ openstack user create --domain default --password-prompt myuser + $ openstack role create myrole + $ openstack role add --project myproject --user myuser myrole + ``` + +13. Perform verification. + + Cancel the temporary environment variables **OS\_AUTH\_URL** and **OS\_PASSWORD**. + + ```shell + $ unset OS_AUTH_URL OS_PASSWORD + ``` + + Request a token for the **admin** user: + + ```shell + $ openstack --os-auth-url http://controller:5000/v3 \ + --os-project-domain-name Default --os-user-domain-name Default \ + --os-project-name admin --os-username admin token issue + ``` + + Request a token for the **myuser** user: + + ```shell + $ openstack --os-auth-url http://controller:5000/v3 \ + --os-project-domain-name Default --os-user-domain-name Default \ + --os-project-name myproject --os-username myuser token issue + ``` + +### Installing Glance + +1. Create a database, service credentials, and API endpoints. + + Create a database. + + Log in to the database as the **root** user. Create the **glance** database and grant proper access to the **glance** database. + + ```shell + $ mysql -u root -p + ``` + + ```sql + MariaDB [(none)]> CREATE DATABASE glance; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ + IDENTIFIED BY 'GLANCE_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ + IDENTIFIED BY 'GLANCE_DBPASS'; + MariaDB [(none)]> exit + ``` + + Replace *GLANCE\_DBPASS* with the password of the **glance** database. + + ```shell + $ source admin-openrc + ``` + + Run the following commands to create the **glance** service credential, create the **glance** user, and add the **admin** role to the **glance** user: + + ```shell + $ openstack user create --domain default --password-prompt glance + $ openstack role add --project service --user glance admin + $ openstack service create --name glance --description "OpenStack Image" image + ``` + + Create API endpoints for the image service. + + ```shell + $ openstack endpoint create --region RegionOne image public http://controller:9292 + $ openstack endpoint create --region RegionOne image internal http://controller:9292 + $ openstack endpoint create --region RegionOne image admin http://controller:9292 + ``` + +2. Perform the installation and configuration. + + Install the software package: + + ```shell + $ yum install openstack-glance-$RockyVer + ``` + + Configure Glance: + + Open the **/etc/glance/glance-api.conf** file. + + In the **\[database]** section, configure the database entry. + + In the **\[keystone\_authtoken]** and **\[paste\_deploy]** sections, configure the identity service entry. + + In the **\[glance\_store]** section, configure the local file system storage and the location where image files are stored. + + ```ini + [database] + # ... + connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance + [keystone_authtoken] + # ... + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = glance + password = GLANCE_PASS + [paste_deploy] + # ... + flavor = keystone + [glance_store] + # ... + stores = file,http + default_store = file + filesystem_store_datadir = /var/lib/glance/images/ + ``` + + Open the **/etc/glance/glance-registry.conf** file. + + In the **\[database]** section, configure the database entry. + + In the **\[keystone\_authtoken]** and **\[paste\_deploy]** sections, configure the identity service entry. + + ```ini + [database] + # ... + connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance + [keystone_authtoken] + # ... + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = glance + password = GLANCE_PASS + [paste_deploy] + # ... + flavor = keystone + ``` + + In the preceding command, replace *GLANCE\_DBPASS* with the password of the **glance** database, and replace *GLANCE\_PASS* with the password of the **glance** user. + + Synchronize the database: + + ```shell + $ su -s /bin/sh -c "glance-manage db_sync" glance + ``` + + Run the following command to start the image service: + + ```shell + $ systemctl enable openstack-glance-api.service openstack-glance-registry.service + $ systemctl start openstack-glance-api.service openstack-glance-registry.service + ``` + +3. Perform verification. + + Download the image. + + ```shell + $ source admin-openrc + #Note: If the Kunpeng architecture is used, download the image of the ARM64 version. + $ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img + ``` + + Upload the image to the image service. + + ```shell + $ glance image-create --name "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public + ``` + + Confirm the image upload and verify the attributes. + + ```shell + $ glance image-list + ``` + +### Installing Nova + +1. Create a database, service credentials, and API endpoints. + + Create a database. + + Access the database as the **root** user. Create the **nova**, **nova\_api**, and **nova\_cell0** databases and grant permissions. + + ```shell + $ mysql -u root -p + ``` + + ```SQL + MariaDB [(none)]> CREATE DATABASE nova_api; + MariaDB [(none)]> CREATE DATABASE nova; + MariaDB [(none)]> CREATE DATABASE nova_cell0; + MariaDB [(none)]> CREATE DATABASE placement; + + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \ + IDENTIFIED BY 'PLACEMENT_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \ + IDENTIFIED BY 'PLACEMENT_DBPASS'; + MariaDB [(none)]> exit + ``` + + Replace *NOVA\_DBPASS* and *PLACEMENT\_DBPASS* with the passwords for the Nova and Placement databases. + + Run the following commands to create Nova service credentials, create a **nova** user, and add the **admin** role to the **nova** user: + + ```shell + $ . admin-openrc + $ openstack user create --domain default --password-prompt nova + $ openstack role add --project service --user nova admin + $ openstack service create --name nova --description "OpenStack Compute" compute + ``` + + Create API endpoints for the computing service. + + ```shell + $ openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 + $ openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 + $ openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 + ``` + + Create the **placement** user and add the **admin** role to the **placement** user. + + ```shell + $ openstack user create --domain default --password-prompt placement + $ openstack role add --project service --user placement admin + ``` + + Create the **placement** service credential and API service endpoint. + + ```shell + $ openstack service create --name placement --description "Placement API" placement + $ openstack endpoint create --region RegionOne placement public http://controller:8778 + $ openstack endpoint create --region RegionOne placement internal http://controller:8778 + $ openstack endpoint create --region RegionOne placement admin http://controller:8778 + ``` + +2. Perform the installation and configuration. + + Install the software package: + + ```shell + $ yum install openstack-nova-api-$RockyVer openstack-nova-conductor-$RockyVer \ + openstack-nova-novncproxy-$RockyVer openstack-nova-scheduler-$RockyVer openstack-nova-compute-$RockyVer \ + openstack-nova-placement-api-$RockyVer openstack-nova-console-$RockyVer + ``` + + Configure Nova: + + Open the **/etc/nova/nova.conf** file. + + In the **\[DEFAULT]** section, enable the computing and metadata APIs, configure the RabbitMQ message queue entrance, configure **my\_ip**, and enable the network service Neutron. + + In the **\[api\_database]**, **\[database]**, and **\[placement\_database]** sections, configure the database entry. + + In the **\[api]** and **\[keystone\_authtoken]** sections, configure the identity service entry. + + In the **\[vnc]** section, enable and configure the entry for the remote console. + + In the **\[glance]** section, configure the API address for the image service. + + In the **\[oslo\_concurrency]** section, configure the lock path. + + In the **\[placement]** section, configure the entry of the Placement service. + + ```ini + [DEFAULT] + # ... + enabled_apis = osapi_compute,metadata + transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ + my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS + use_neutron = true + firewall_driver = nova.virt.firewall.NoopFirewallDriver + compute_driver = libvirt.LibvirtDriver + instances_path = /var/lib/nova/instances/ + [api_database] + # ... + connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api + [database] + # ... + connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova + [placement_database] + # ... + connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement + [api] + # ... + auth_strategy = keystone + [keystone_authtoken] + # ... + www_authenticate_uri = http://controller:5000/ + auth_url = http://controller:5000/ + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = nova + password = NOVA_PASS + [vnc] + enabled = true + # ... + server_listen = $my_ip + server_proxyclient_address = $my_ip + novncproxy_base_url = http://controller:6080/vnc_auto.html + [glance] + # ... + api_servers = http://controller:9292 + [oslo_concurrency] + # ... + lock_path = /var/lib/nova/tmp + [placement] + # ... + region_name = RegionOne + project_domain_name = Default + project_name = service + auth_type = password + user_domain_name = Default + auth_url = http://controller:5000/v3 + username = placement + password = PLACEMENT_PASS + [neutron] + # ... + auth_url = http://controller:5000 + auth_type = password + project_domain_name = Default + user_domain_name = Default + region_name = RegionOne + project_name = service + username = neutron + password = NEUTRON_PASS + ``` + + Replace *RABBIT\_PASS* with the password of the **openstack** user in RabbitMQ. + + Set **my_ip** to the management IP address of the corresponding node (*MANAGEMENT_INTERFACE_IP_ADDRESS*). + + Replace *NOVA\_DBPASS* with the password of the **nova** database. + + Replace *PLACEMENT\_DBPASS* with the password of the Placement database. + + Replace *NOVA\_PASS* with the password of the **nova** user. + + Replace *PLACEMENT\_PASS* with the password of the **placement** user. + + Replace *NEUTRON\_PASS* with the password of the **neutron** user. + + Open **/etc/httpd/conf.d/00-nova-placement-api.conf** and add the Placement API access configuration. + + ```xml + + = 2.4> + Require all granted + + + Order allow,deny + Allow from all + + + ``` + + Restart the httpd service. + + ```shell + $ systemctl restart httpd + ``` + + Run the following command to synchronize the **nova-api** database: + + ```shell + $ su -s /bin/sh -c "nova-manage api_db sync" nova + ``` + + Run the following command to register the **cell0** database: + + ```shell + $ su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova + ``` + + Create the **cell1** cell: + + ```shell + $ su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova + ``` + + Synchronize the **nova** database: + + ```shell + $ su -s /bin/sh -c "nova-manage db sync" nova + ``` + + Verify whether **cell0** and **cell1** are correctly registered: + + ```shell + su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova + ``` + + Check whether VM hardware acceleration (x86 architecture) is supported: + + ```shell + $ egrep -c '(vmx|svm)' /proc/cpuinfo + ``` + + If the returned value is **0**, hardware acceleration is not supported. You need to configure libvirt to use QEMU instead of KVM. **Note:** For an ARM64 server, set **cpu_mode** to **custom**, **cpu_model** to **cortex-a72**. + + ```ini + # vim /etc/nova/nova.conf + [libvirt] + # ... + virt_type = qemu + cpu_mode = custom + cpu_model = cortex-a72 + ``` + + If the returned value is **1** or a larger value, hardware acceleration is supported, and no extra configuration is required. + + ***Notice*** + + **If the ARM64 structure is used, run the following command on the `compute` node:** + + ```shell + mkdir -p /usr/share/AAVMF + ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \ + /usr/share/AAVMF/AAVMF_CODE.fd + ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \ + /usr/share/AAVMF/AAVMF_VARS.fd + chown nova:nova /usr/share/AAVMF -R + + vim /etc/libvirt/qemu.conf + + nvram = ["/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd", + "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw" + ] + ``` + + Start the computing service and its dependencies, and enable the service to start automatically upon system boot. + + ```shell + $ systemctl enable \ + openstack-nova-api.service \ + openstack-nova-scheduler.service \ + openstack-nova-conductor.service \ + openstack-nova-novncproxy.service + $ systemctl start \ + openstack-nova-api.service \ + openstack-nova-scheduler.service \ + openstack-nova-conductor.service \ + openstack-nova-novncproxy.service + ``` + + ```bash + $ systemctl enable libvirtd.service openstack-nova-compute.service + $ systemctl start libvirtd.service openstack-nova-compute.service + ``` + + Add the compute nodes to the **cell** database: + + Check whether the compute node exists: + + ```bash + $ . admin-openrc + $ openstack compute service list --service nova-compute + ``` + + Register a compute node: + + ```bash + $ su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova + ``` + +3. Perform verification. + + ```shell + $ . admin-openrc + ``` + + List service components to verify that each process is successfully started and registered. + + ```shell + $ openstack compute service list + ``` + + List the API endpoints in the identity service and verify the connection to the identity service. + + ```shell + $ openstack catalog list + ``` + + List the images in the image service and verify the connections: + + ```shell + $ openstack image list + ``` + + Check whether the cells and placement APIs are running properly and whether other prerequisites are met. + + ```shell + $ nova-status upgrade check + ``` + +### Installing Neutron + +1. Create a database, service credentials, and API endpoints. + + Create a database. + + Access the database as the **root** user, create the **neutron** database, and grant permissions. + + ```shell + $ mysql -u root -p + ``` + + ```sql + MariaDB [(none)]> CREATE DATABASE neutron; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ + IDENTIFIED BY 'NEUTRON_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ + IDENTIFIED BY 'NEUTRON_DBPASS'; + MariaDB [(none)]> exit + ``` + + Replace *NEUTRON\_DBPASS* with the password of the **neutron** database. + + ```shell + $ . admin-openrc + ``` + + Run the following commands to create the **neutron** service credential, create the **neutron** user, and add the **admin** role to the **neutron** user: + + Create the **neutron** service credential. + + ```shell + $ openstack user create --domain default --password-prompt neutron + $ openstack role add --project service --user neutron admin + $ openstack service create --name neutron --description "OpenStack Networking" network + ``` + + Create API endpoints of the network services. + + ```shell + $ openstack endpoint create --region RegionOne network public http://controller:9696 + $ openstack endpoint create --region RegionOne network internal http://controller:9696 + $ openstack endpoint create --region RegionOne network admin http://controller:9696 + ``` + +2. Install and configure the self-service network. + + Install the software package: + + ```shell + $ yum install openstack-neutron-$RockyVer openstack-neutron-ml2-$RockyVer \ + openstack-neutron-linuxbridge-$RockyVer ebtables ipset + ``` + + Configure Neutron: + + Edit the **/etc/neutron/neutron.conf** file: + + In the **\[database]** section, configure the database entry. + + In the **\[default]** section, enable the ML2 and router plug-ins. Allow IP address overlapping, and configure the RabbitMQ message queue entry. + + In the **\[default]** and **\[keystone]** sections, configure the identity service entry. + + In the **\[default]** and **\[nova]** sections, enable the network to notify the change of the computing network topology. + + In the **\[oslo\_concurrency]** section, configure the lock path. + + ```ini + [database] + # ... + connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron + [DEFAULT] + # ... + core_plugin = ml2 + service_plugins = router + allow_overlapping_ips = true + transport_url = rabbit://openstack:RABBIT_PASS@controller + auth_strategy = keystone + notify_nova_on_port_status_changes = true + notify_nova_on_port_data_changes = true + [keystone_authtoken] + # ... + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = neutron + password = NEUTRON_PASS + [nova] + # ... + auth_url = http://controller:5000 + auth_type = password + project_domain_name = Default + user_domain_name = Default + region_name = RegionOne + project_name = service + username = nova + password = NOVA_PASS + [oslo_concurrency] + # ... + lock_path = /var/lib/neutron/tmp + ``` + + Replace *NEUTRON\_DBPASS* with the password of the **neutron** database. + + Replace *RABBIT\_PASS* with the password of the **openstack** user in RabbitMQ. + + Replace *NEUTRON\_PASS* with the password of the **neutron** user. + + Replace *NOVA\_PASS* with the password of the **nova** user. + + Configure the ML2 plug-in. + + Edit the **/etc/neutron/plugins/ml2/ml2\_conf.ini** file. + + In the **\[ml2]** section, enable the flat, VLAN, and VXLAN networks, enable the bridge and layer-2 population mechanism, and enable the port security extension driver. + + In the **\[ml2\_type\_flat]** section, configure the flat network as the provider virtual network. + + In the **\[ml2\_type\_vxlan]** section, configure the VXLAN network identifier range. + + In the **\[securitygroup]** section, set **ipset**. + + ```ini + # vim /etc/neutron/plugins/ml2/ml2_conf.ini + [ml2] + # ... + type_drivers = flat,vlan,vxlan + tenant_network_types = vxlan + mechanism_drivers = linuxbridge,l2population + extension_drivers = port_security + [ml2_type_flat] + # ... + flat_networks = provider + [ml2_type_vxlan] + # ... + vni_ranges = 1:1000 + [securitygroup] + # ... + enable_ipset = true + ``` + + Configure the Linux bridge agent: + + Edit the **/etc/neutron/plugins/ml2/linuxbridge\_agent.ini** file: + + In the **\[linux\_bridge]** section, map the provider virtual network to the physical network API. + + In the **\[vxlan]** section, enable the VXLAN network. Configure the IP address of the physical network API that processes the coverage network, and enable layer-2 population. + + In the **\[securitygroup]** section, enable the security group and configure the **linux bridge iptables** firewall driver. + + ```ini + [linux_bridge] + physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME + [vxlan] + enable_vxlan = true + local_ip = OVERLAY_INTERFACE_IP_ADDRESS + l2_population = true + [securitygroup] + # ... + enable_security_group = true + firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver + ``` + + Replace *PROVIDER\_INTERFACE\_NAME* with the physical network API. + + Replace *OVERLAY\_INTERFACE\_IP\_ADDRESS* with the management IP address of the controller node. + + Configure the Layer 3 proxy. + + Edit the **/etc/neutron/l3\_agent.ini** file: + + In the **\[default]** section, set the API driver to **linuxbridge**. + + ```ini + [DEFAULT] + # ... + interface_driver = linuxbridge + ``` + + Configures the DHCP agent: + + Edit the **/etc/neutron/dhcp\_agent.ini** file. + + In the **\[default]** section, configure the Linux bridge API driver and Dnsmasq DHCP driver. Enable the isolated metadata. + + ```ini + [DEFAULT] + # ... + interface_driver = linuxbridge + dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq + enable_isolated_metadata = true + ``` + + Configure the metadata proxy. + + Edit the **/etc/neutron/metadata\_agent.ini** file. + + In the **\[default]**, configure the metadata host and shared secret. + + ```ini + [DEFAULT] + # ... + nova_metadata_host = controller + metadata_proxy_shared_secret = METADATA_SECRET + ``` + + Replace *METADATA\_SECRET* with a proper metadata agent secret. + +3. Configure the computing service. + + Edit the **/etc/nova/nova.conf** file. + + In the **\[neutron]** section, configure access parameters, enable the metadata proxy, and configure secret. + + ```ini + [neutron] + # ... + auth_url = http://controller:5000 + auth_type = password + project_domain_name = Default + user_domain_name = Default + region_name = RegionOne + project_name = service + username = neutron + password = NEUTRON_PASS + service_metadata_proxy = true + metadata_proxy_shared_secret = METADATA_SECRET + ``` + + Replace *NEUTRON\_PASS* with the password of the **neutron** user. + + Replace *METADATA\_SECRET* with a proper metadata agent secret. + +4. Complete the installation. + + Add the link for the configuration file: + + ```shell + $ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini + ``` + + Synchronize the database: + + ```shell + $ su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron + ``` + + Run the following command to restart the computing API service: + + ```shell + $ systemctl restart openstack-nova-api.service + ``` + + Start the network service and enable the service to start automatically upon system boot. + + ```shell + $ systemctl enable neutron-server.service \ + neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ + neutron-metadata-agent.service + $ systemctl start neutron-server.service \ + neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ + neutron-metadata-agent.service + $ systemctl enable neutron-l3-agent.service + $ systemctl start neutron-l3-agent.service + ``` + +5. Perform verification. + + Run the following command to list the neutron agents: + + ```shell + $ openstack network agent list + ``` + +### Installing Cinder + +1. Create a database, service credentials, and API endpoints. + + Create a database. + + Access the database as the **root** user. Create the **cinder** database, and grant permissions. + + ```shell + $ mysql -u root -p + MariaDB [(none)]> CREATE DATABASE cinder; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \ + IDENTIFIED BY 'CINDER_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \ + IDENTIFIED BY 'CINDER_DBPASS'; + MariaDB [(none)]> exit + ``` + + Replace *CINDER\_DBPASS* with the password for the **cinder** database. + + ```shell + $ source admin-openrc + ``` + + Create Cinder service credentials: + + Create the **cinder** user. + + Add the **admin** role to the **cinder** user. + + Create the **cinderv2** and **cinderv3** services. + + ```shell + $ openstack user create --domain default --password-prompt cinder + $ openstack role add --project service --user cinder admin + $ openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 + $ openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3 + ``` + + Create API endpoints for the block storage service. + + ```shell + $ openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s + $ openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s + $ openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s + $ openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s + $ openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s + $ openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s + ``` + +2. Install and configure the controller node. + + Install the software package: + + ```shell + $ yum install openstack-cinder-$RockyVer + ``` + + Configure Cinder: + + Open the **/etc/cinder/cinder.conf** file. + + In the **\[database]** section, configure the database entry. + + In the **\[DEFAULT]** section, configure the RabbitMQ message queue entry and **my\_ip**. + + In the **\[DEFAULT]** and **\[keystone\_authtoken]** sections, configure the identity service entry. + + In the **\[oslo\_concurrency]** section, configure the lock path. + + ```ini + [database] + # ... + connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder + [DEFAULT] + # ... + transport_url = rabbit://openstack:RABBIT_PASS@controller + auth_strategy = keystone + my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS + [keystone_authtoken] + # ... + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = cinder + password = CINDER_PASS + [oslo_concurrency] + # ... + lock_path = /var/lib/cinder/tmp + ``` + + Replace *CINDER\_DBPASS* with the password of the **cinder** database. + + Replace *RABBIT\_PASS* with the password of the **openstack** user in RabbitMQ. + + Set **my_ip** to the management IP address of the corresponding node (*MANAGEMENT_INTERFACE_IP_ADDRESS*). + + Replace *CINDER\_PASS* with the password of the **cinder** user. + + Synchronize the database: + + ```shell + $ su -s /bin/sh -c "cinder-manage db sync" cinder + ``` + + Configure the block storage for the compute nodes. + + Edit the **/etc/nova/nova.conf** file. + + ```ini + [cinder] + os_region_name = RegionOne + ``` + + Complete the installation. + + Restart the computing API service. + + ```shell + $ systemctl restart openstack-nova-api.service + ``` + + Start the block storage service. + + ```shell + $ systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service + $ systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service + ``` + +3. Install and configure the storage node (LVM). + + Install the software package: + + ```shell + $ yum install lvm2 device-mapper-persistent-data scsi-target-utils python2-keystone \ + openstack-cinder-volume-$RockyVer + ``` + + Create the LVM physical volume **/dev/sdb**. + + ```shell + $ pvcreate /dev/sdb + ``` + + Create the LVM volume group **cinder-volumes**. + + ```shell + $ vgcreate cinder-volumes /dev/sdb + ``` + + Edit the **/etc/lvm/lvm.conf** file. + + In the **devices** section, add filtering to allow the **/dev/sdb** device to reject other devices. + + ```ini + devices { + + # ... + + filter = [ "a/sdb/", "r/.*/"] + ``` + + Open the **/etc/cinder/cinder.conf** file. + + In the **\[lvm]** section, configure the LVM backend using the LVM driver, cinder-volumes volume group, iSCSI protocol, and appropriate iSCSI services. + + In the **\[DEFAULT]** section, enable the LVM backend and configure the location of the API of the image service. + + ```ini + [lvm] + volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver + volume_group = cinder-volumes + target_protocol = iscsi + target_helper = lioadm + [DEFAULT] + # ... + enabled_backends = lvm + glance_api_servers = http://controller:9292 + ``` + + ***Notice*** + + If Cinder uses tgtadm to attach volumes, modify **/etc/tgt/tgtd.conf** to ensure that tgtd can discover the iSCSI target of the cinder-volume. + + ``` + include /var/lib/cinder/volumes/* + ``` + + Complete the installation. + + ```shell + $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service + $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service + ``` + +4. Install and configure a storage node (ceph RBD). + + Install the software package: + + ```shell + $ yum install ceph-common python2-rados python2-rbd python2-keystone openstack-cinder-volume-$RockyVer + ``` + + In the **\[DEFAULT]** section, enable the LVM backend and configure the location of the API of the image service. + + ```ini + [DEFAULT] + enabled_backends = ceph-rbd + ``` + + Add the ceph rbd configuration. The configuration block name is the same as that in **enabled\_backends**. + + ```ini + [ceph-rbd] + glance_api_version = 2 + rados_connect_timeout = -1 + rbd_ceph_conf = /etc/ceph/ceph.conf + rbd_flatten_volume_from_snapshot = False + rbd_max_clone_depth = 5 + rbd_pool = # RBD storage pool name. + rbd_secret_uuid = # Randomly generate a secret UUID. + rbd_store_chunk_size = 4 + rbd_user = + volume_backend_name = ceph-rbd + volume_driver = cinder.volume.drivers.rbd.RBDDriver + ``` + + Configure the ceph client on the storage node. Ensure that the **/etc/ceph/** directory contains the ceph cluster access configuration, including **ceph.conf** and **keyring**. + + ```shell + [root@openeuler ~]# ll /etc/ceph + -rw-r--r-- 1 root root 82 Jun 16 17:11 ceph.client..keyring + -rw-r--r-- 1 root root 1.5K Jun 16 17:11 ceph.conf + -rw-r--r-- 1 root root 92 Jun 16 17:11 rbdmap + ``` + + Check whether the ceph cluster is accessible on the storage node. + + ```shell + [root@openeuler ~]# ceph --user cinder -s + cluster: + id: b7b2fac6-420f-4ec1-aea2-4862d29b4059 + health: HEALTH_OK + + services: + mon: 3 daemons, quorum VIRT01,VIRT02,VIRT03 + mgr: VIRT03(active), standbys: VIRT02, VIRT01 + mds: cephfs_virt-1/1/1 up {0=VIRT03=up:active}, 2 up:standby + osd: 15 osds: 15 up, 15 in + + data: + pools: 7 pools, 1416 pgs + objects: 5.41M objects, 19.8TiB + usage: 49.3TiB used, 59.9TiB / 109TiB avail + pgs: 1414 active + + io: + client: 2.73MiB/s rd, 22.4MiB/s wr, 3.21kop/s rd, 1.19kop/s wr + ``` + + Start the service. + + ```shell + $ systemctl enable openstack-cinder-volume.service + $ systemctl start openstack-cinder-volume.service + ``` + +5. Install and configure the backup service. + + Edit the **/etc/cinder/cinder.conf** file. + + In the **\[DEFAULT]** section, configure the backup options. + + ```ini + [DEFAULT] + # ... + # Note: openEuler 21.03 does not provide the OpenStack Swift software package. You need to install it by yourself, or use another backup backend, such as NFS. The NFS has been tested and can be used properly. + backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver + backup_swift_url = SWIFT_URL + ``` + + Replace *SWIFT\_URL* with the URL of the object storage service. The URL can be found through the object storage API endpoint. + + ```shell + $ openstack catalog show object-store + ``` + + Complete the installation. + + ```shell + $ systemctl enable openstack-cinder-backup.service + $ systemctl start openstack-cinder-backup.service + ``` + +6. Perform verification. + + List service components and verify that each step is successful. + + ```shell + $ source admin-openrc + $ openstack volume service list + ``` + + Note: Currently, the Swift component is not supported. If possible, you can configure the interconnection with Ceph. + +### Installing Horizon + +1. Installing Software Packages + + ```shell + $ yum install openstack-dashboard-$RockyVer + ``` + +2. Open the **/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py** file. + + Modify the variables. + + ```ini + ALLOWED_HOSTS = ['*', ] + OPENSTACK_HOST = "controller" + OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST + OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True + SESSION_ENGINE = 'django.contrib.sessions.backends.cache' + CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': 'controller:11211', + } + } + ``` + + Add the variables. + + ```ini + OPENSTACK_API_VERSIONS = { + "identity": 3, + "image": 2, + "volume": 3, + } + WEBROOT = "/dashboard/" + COMPRESS_OFFLINE = True + OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default" + OPENSTACK_KEYSTONE_DEFAULT_ROLE = "admin" + LOGIN_URL = '/dashboard/auth/login/' + LOGOUT_URL = '/dashboard/auth/logout/' + ``` + +3. Modify the **/etc/httpd/conf.d/openstack-dashboard.conf** file. + + ```xml + WSGIDaemonProcess dashboard + WSGIProcessGroup dashboard + WSGISocketPrefix run/wsgi + WSGIApplicationGroup %{GLOBAL} + + WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi + Alias /dashboard/static /usr/share/openstack-dashboard/static + + + Options All + AllowOverride All + Require all granted + + + + Options All + AllowOverride All + Require all granted + + ``` + +4. Run the following command in the **/usr/share/openstack-dashboard** directory: + + ```shell + $ ./manage.py compress + ``` + +5. Restart the httpd service. + + ```shell + $ systemctl restart httpd + ``` + +6. Open a browser and enter **http://***\* in the address box to log in to Horizon. + +### Installing Tempest + +Tempest is an integration test service of OpenStack. You are advised to use Tempest if you need to fully and automatically test the functions of the installed OpenStack environment. Otherwise, the installation is not required. + +1. Install Tempest. + + ```shell + $ yum install openstack-tempest-$RockyVer + ``` + +2. Initialize the directories. + + ```shell + $ tempest init mytest + ``` + +3. Modify the configuration file. + + ```shell + $ cd mytest + $ vi etc/tempest.conf + ``` + + Information about the current OpenStack environment needs to be configured in the **tempest.conf** file. For details, see the [Sample Configuration File](https://docs.openstack.org/tempest/latest/sampleconf.html). + +4. Perform the test. + + ```shell + $ tempest run + ``` + +### Installing Ironic + +Ironic is the bare metal service of OpenStack. You are advised to use Ironic if you need to deploy a bare metal server. Otherwise, the installation is not required. + +1. Set the database. + + The bare metal service stores information in the database. Create an Ironic database that can be accessed by the **ironic** user and replace *Ironic\_DBPASSWORD* with a proper password. + + ```shell + $ mysql -u root -p + ``` + + ```sql + MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; + + MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \ + IDENTIFIED BY 'IRONIC_DBPASSWORD'; + + MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \ + IDENTIFIED BY 'IRONIC_DBPASSWORD'; + ``` +2. Install the software packages. + + ```shell + yum install openstack-ironic-api-$RockyVer openstack-ironic-conductor-$RockyVer python2-ironicclient + ``` + + Start the services. + + ```shell + systemctl enable openstack-ironic-api openstack-ironic-conductor + systemctl start openstack-ironic-api openstack-ironic-conductor + ``` + +3. Install and configure components. + + ##### Create the service user and perform verification. + + 1\. Create the bare metal service users. + + ```shell + $ openstack user create --password IRONIC_PASSWORD \ + --email ironic@example.com ironic + $ openstack role add --project service --user ironic admin + $ openstack service create --name ironic --description \ + "Ironic baremetal provisioning service" baremetal + ``` + + 2\. Create the bare metal service access portals. + + ```shell + $ openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 + $ openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 + $ openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 + ``` + + ##### Configuring the ironic-api Service + + Configuration file path: **/etc/ironic/ironic.conf** + + 1\. Set **connection** to the database location, as shown in the following example. Replace *IRONIC\_DBPASSWORD* with the password of the **ironic** user and *DB\_IP* with the IP address of the database server. + + ```ini + [database] + + # The SQLAlchemy connection string used to connect to the + # database (string value) + + connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic + ``` + + 2\. Configure the ironic-api service to use the RabbitMQ message broker and replace **RPC\_***\** with the address and credential of RabbitMQ. + + ```ini + [DEFAULT] + + # A URL representing the messaging driver to use and its full + # configuration. (string value) + + transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ + ``` + + You can also use JSON-RPC to replace RabbitMQ. + + 3\. Configure the credential for the ironic-api service to use the identity service. Replace *PUBLIC\_IDENTITY\_IP* with the public IP address of the identity server, and replace *PRIVATE\_IDENTITY\_IP* with the private IP address of the identity server. Replace *Ironic\_PASSWORD* with the password of user **ironic** in the identity service. + + ```ini + [DEFAULT] + + # Authentication strategy used by ironic-api: one of + # "keystone" or "noauth". "noauth" should not be used in a + # production environment because all authentication will be + # disabled. (string value) + + auth_strategy=keystone + + [keystone_authtoken] + # Authentication type to load (string value) + auth_type=password + # Complete public Identity API endpoint (string value) + www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 + # Complete admin Identity API endpoint. (string value) + auth_url=http://PRIVATE_IDENTITY_IP:5000 + # Service username. (string value) + username=ironic + # Service account password. (string value) + password=IRONIC_PASSWORD + # Service tenant name. (string value) + project_name=service + # Domain name containing project (string value) + project_domain_name=Default + # User's domain name (string value) + user_domain_name=Default + ``` + + 4\. Create a database table for the bare metal service. + + ```shell + $ ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema + ``` + + 5\. Restart the ironic-api service. + + ```shell + $ systemctl restart openstack-ironic-api + ``` + + ##### Configuring the ironic-conductor Service + + 1\. Replace *HOST\_IP* with the IP address of the conductor host. + + ```ini + [DEFAULT] + + # IP address of this host. If unset, will determine the IP + # programmatically. If unable to do so, will use "127.0.0.1". + # (string value) + + my_ip=HOST_IP + ``` + + 2\. Configure the database location. The configuration of ironic-conductor must be the same as that of ironic-api. Replace *IRONIC\_DBPASSWORD* with the password of the **ironic** user and *DB\_IP* with the IP address of the database server. + + ```ini + [database] + + # The SQLAlchemy connection string to use to connect to the + # database. (string value) + + connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic + ``` + + 3\. Configure the ironic-api service to use the RabbitMQ. The configuration of ironic-conductor service must be the same as that of ironic-api. Replace **RPC\_***\** with the address and credential of RabbitMQ. + + ```ini + [DEFAULT] + + # A URL representing the messaging driver to use and its full + # configuration. (string value) + + transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ + ``` + + You can also use JSON-RPC to replace RabbitMQ. + + 4\. Configure credentials to access other OpenStack services. + + To communicate with other OpenStack services, the service user need to use the OpenStack Identity service for authentication when the bare metal service requests other services. The credentials for these users must be configured in each configuration file associated with the respective service. + + **\[neutron]** - Access the OpenStack network service. +**\[glance]** - Access the OpenStack image service. +**\[swift]** - Access the OpenStack object storage service. +**\[cinder]** - Access the OpenStack block storage service. +**\[inspector]** - Access the introspection service of OpenStack bare metal service. +**\[service\_catalog]** - A special item used to store the credentials used by the bare metal service to discover its own API URL endpoints registered in the OpenStack identity service catalog. + + For simplicity, you can use the same service user for all services. For backward compatibility, this user must be the same as that configured in **\[keystone\_authtoken]** of the ironic-api service. This is not mandatory. You can create and configure different service users for each service. + + In the following example, the configuration for the authentication information for users to access the OpenStack network service is: + + Network services are deployed in the identity service domain named "RegionOne". Only public endpoint APIs are registered in the service catalog. + + A specific CA SSL certificate is used for HTTPS connection when requested. + + The same service user with ironic-api service is configured. + + The dynamic password authentication plug-in discovers the appropriate version of the authentication service API based on other options. + + ```ini + [neutron] + + # Authentication type to load (string value) + auth_type = password + # Authentication URL (string value) + auth_url=https://IDENTITY_IP:5000/ + # Username (string value) + username=ironic + # User's password (string value) + password=IRONIC_PASSWORD + # Project name to scope to (string value) + project_name=service + # Domain ID containing project (string value) + project_domain_id=default + # User's domain id (string value) + user_domain_id=default + # PEM encoded Certificate Authority to use when verifying + # HTTPs connections. (string value) + cafile=/opt/stack/data/ca-bundle.pem + # The default region_name for endpoint URL discovery. (string + # value) + region_name = RegionOne + # List of interfaces, in order of preference, for endpoint + # URL. (list value) + valid_interfaces=public + ``` + + By default, to communicate with other services, the bare metal service attempts to discover the appropriate endpoint of the service through the service catalog of the authentication service. If you want to use a different endpoint for a specific service, specify the **endpoint\_override** option in the bare metal service configuration file. + + ```ini + [neutron] + # ... + endpoint_override = + ``` + + 5\. Configure allowed drivers and hardware types. + + Configure **enabled\_hardware\_types** to set the hardware types allowed by the ironic-conductor service. + + ```ini + [DEFAULT] + enabled_hardware_types = ipmi + ``` + + Configure the hardware API. + + ```ini + enabled_boot_interfaces = pxe + enabled_deploy_interfaces = direct,iscsi + enabled_inspect_interfaces = inspector + enabled_management_interfaces = ipmitool + enabled_power_interfaces = ipmitool + ``` + + Configure API default values. + + ```ini + [DEFAULT] + default_deploy_interface = direct + default_network_interface = neutron + ``` + + If any driver that uses Direct Deploy is enabled, you must install and configure the Swift backend of the image service. The Ceph object gateway (RADOS gateway) is also supported as a backend for the image service. + + 6\. Restart the ironic-conductor service. + + ```shell + $ systemctl restart openstack-ironic-conductor + ``` + +4. Create the deploy ramdisk image. + The ramdisk image can be created using ironic-python-agent-builder by referring to the steps below. You can also use another ironic-python-agent as required. + ##### Installing ironic-python-agent-builder + + 1. Install the tool. + + ```shell + $ pip install ironic-python-agent-builder-$RockyVer + ``` + + 2. Modify the Python interpreter in the following file: + + ```shell + $ /usr/bin/yum /usr/libexec/urlgrabber-ext-down + ``` + + 3. Install other necessary tools. + + ```shell + $ yum install git + ``` + + `DIB` depends on `semanage`. Before creating an image, check whether the `semanage --help` command is available. If no such command is displayed, it. + + ```shell + #Query the package to be installed. + [root@localhost ~]# yum provides /usr/sbin/semanage + Loaded plug-in: fastestmirror + Loading mirror speeds from cached hostfile + * base: mirror.vcu.edu + * extras: mirror.vcu.edu + * updates: mirror.math.princeton.edu + policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities + Source: base + Matching source: + File name: /usr/sbin/semanage + #Install. + [root@localhost ~]# yum install policycoreutils-python + ``` + + ##### Creating the Image + + If the AArch64 architecture is used, add the following information: + + ```shell + $ export ARCH=aarch64 + ``` + + ###### Common Image + + Basic usage: + + ```shell + usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] + [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] + distribution + + positional arguments: + distribution Distribution to use + + optional arguments: + -h, --help show this help message and exit + -r RELEASE, --release RELEASE + Distribution release to use + -o OUTPUT, --output OUTPUT + Output base file name + -e ELEMENT, --element ELEMENT + Additional DIB element to use + -b BRANCH, --branch BRANCH + If set, override the branch that is used for ironic- + python-agent and requirements + -v, --verbose Enable verbose logging in diskimage-builder + --extra-args EXTRA_ARGS + Extra arguments to pass to diskimage-builder + ``` + + Examples: + + ```shell + $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky + ``` + + ###### Allowing SSH Login + + Initialize environment variables and create an image. + + ```shell + $ export DIB_DEV_USER_USERNAME=ipa \ + $ export DIB_DEV_USER_PWDLESS_SUDO=yes \ + $ export DIB_DEV_USER_PASSWORD='123' + $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser + ``` + + ###### Specifying the Code Repositories + + Initialize the corresponding environment variables and create an image. + + ```ini + #Specify the repository address and version. + DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git + DIB_REPOREF_ironic_python_agent=origin/develop + + #Clone code directly from Gerrit. + DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent + DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 + ``` + + For details, see [source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html). + + The verification of the specified repository address and version is successful. + +### Installing Kolla + +Kolla provides container-based deployment for OpenStack services in the production environment. The Kolla and Kolla-ansible services are introduced in openEuler 20.03 LTS SP2, but are not natively supported. Therefore, the openstack-kolla-plugin and openstack-kolla-ansible-plugin patch packages by the OpenStack SIG are included in openEuler 20.03 LTS SP3. + +The installation of Kolla is simple. You only need to install the corresponding RPM package. + +If openEuler support is required: + +```shell +yum install openstack-kolla-plugin openstack-kolla-ansible-plugin +``` + +If openEuler support is not required: + +```shell +yum install openstack-kolla-$RockyVer openstack-kolla-ansible-$RockyVer +``` + +After the installation, you can use commands including `kolla-ansible`, `kolla-build`, `kolla-genpwd` and `kolla-mergepwd`. + +### Installing Trove + +Trove is a database service provided by OpenStack. You are advised to use Trove if you use the database service provided by OpenStack. Otherwise, the installation is not required. + +1. Set the database. + + The database service stores information in the database. Create a **trove** user to access the **trove** database. Replace *TROVE\_DBPASSWORD* with the corresponding password. + + ```shell + $ mysql -u root -p + ``` + + ```sql + MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \ + IDENTIFIED BY 'TROVE_DBPASSWORD'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \ + IDENTIFIED BY 'TROVE_DBPASSWORD'; + ``` + +2. Create the service user and perform verification. + + 1\. Create a Trove service user. + + ```shell + $ openstack user create --password TROVE_PASSWORD \ + --email trove@example.com trove + $ openstack role add --project service --user trove admin + $ openstack service create --name trove + --description "Database service" database + ``` + + **Note:** Replace *TROVE_PASSWORD* with the password of the **trove** user. + + 2\. Create the database service access . + + ```shell + $ openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\(tenant_id\)s + $ openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\(tenant_id\)s + $ openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\(tenant_id\)s + ``` + + **Note:** Replace *$TROVE_NODE* with the API service deployment node of the Trove. + +3. Install and configure Trove components. + + 1\. Install the Trove package. + + ```shell + $ yum install openstack-trove-$RockyVer python-troveclient + ``` + + 2\. Configure **/etc/trove/trove.conf**. + + ```ini + [DEFAULT] + bind_host=TROVE_NODE_IP + log_dir = /var/log/trove + + auth_strategy = keystone + # Config option for showing the IP address that nova doles out + add_addresses = True + network_label_regex = ^NETWORK_LABEL$ + api_paste_config = /etc/trove/api-paste.ini + + trove_auth_url = http://controller:35357/v3/ + nova_compute_url = http://controller:8774/v2 + cinder_url = http://controller:8776/v1 + + nova_proxy_admin_user = admin + nova_proxy_admin_pass = ADMIN_PASS + nova_proxy_admin_tenant_name = service + taskmanager_manager = trove.taskmanager.manager.Manager + use_nova_server_config_drive = True + + # Set these if using Neutron Networking + network_driver=trove.network.neutron.NeutronDriver + network_label_regex=.* + transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ + + [database] + connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000/v3/ + auth_url=http://controller:35357/v3/ + #auth_uri = http://controller/identity + #auth_url = http://controller/identity_admin + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = trove + password = TROVE_PASS + + ``` + + **Note:** + + - Set **bind_host** of the **[Default]** group to the IP address of the Trove node. + - **nova_compute_url** and **cinder_url** are the endpoints created in Keystone by Nova and Cinder. + - **nova_proxy_XXX** shows the information about a user who can access the Nova service. In the preceding example, the **admin** user is used as an example. + - **transport_url** is the connection information for RabbitMQ. Replace *RABBIT_PASS* with the RabbitMQ password. + - The **connection** in the **[database]** group is the information about the database created for Trove in MySQL. + - Replace *TROVE_PASS* of the Trove user information with the password of the actual Trove user. + + 3\. Configure **/etc/trove/trove-taskmanager.conf**. + + ```ini + [DEFAULT] + log_dir = /var/log/trove + trove_auth_url = http://controller/identity/v2.0 + nova_compute_url = http://controller:8774/v2 + cinder_url = http://controller:8776/v1 + transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ + + [database] + connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove + ``` + + **Note:** Refer to the configuration of **trove.conf**. +4. Configure **/etc/trove/trove-conductor.conf**. + + ```ini + [DEFAULT] + log_dir = /var/log/trove + trove_auth_url = http://controller/identity/v2.0 + nova_compute_url = http://controller:8774/v2 + cinder_url = http://controller:8776/v1 + transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ + + [database] + connection = mysql+pymysql://trove:trove@controller/trove + ``` + + **Note:** Refer to the configuration of **trove.conf**. + + 5\. Configure **/etc/trove/trove-guestagent.conf**. + + ```ini + [DEFAULT] + rabbit_host = controller + rabbit_password = RABBIT_PASS + nova_proxy_admin_user = admin + nova_proxy_admin_pass = ADMIN_PASS + nova_proxy_admin_tenant_name = service + trove_auth_url = http://controller/identity_admin/v2.0 + ``` + + **Note:** guestagent is an independent component of Trove and needs to be built into the VM image created by the Trove through Nova. After a database instance is created, the guest agent process is started to report heartbeat messages to the Trove through the message queue (RabbitMQ). Therefore, you need to configure the RabbitMQ user name and password. + + 6\. Generate **Trove** database table. + + ```shell + $ su -s /bin/sh -c "trove-manage db_sync" trove + ``` + +4. Complete the installation and configuration. +1\. Configure the automatic startup of the Trove service. + + ```shell + $ systemctl enable openstack-trove-api.service \ + openstack-trove-taskmanager.service \ + openstack-trove-conductor.service + ``` + + 2\. Start the service. + + ```shell + $ systemctl start openstack-trove-api.service \ + openstack-trove-taskmanager.service \ + openstack-trove-conductor.service + ``` + +### Installing Rally + +Rally is a performance test tool provided by OpenStack. The installation of Rally is simple. + +``` +yum install openstack-rally openstack-rally-plugins +``` \ No newline at end of file diff --git a/docs/en/docs/thirdparty_migration/bisheng.md b/docs/en/docs/thirdparty_migration/bisheng.md new file mode 100644 index 0000000000000000000000000000000000000000..cbbbbf289950e9f6fc20ea0742020306682de67f --- /dev/null +++ b/docs/en/docs/thirdparty_migration/bisheng.md @@ -0,0 +1,53 @@ +# BiSheng Compiler Installation Guide + +## BiSheng Compiler Overview + +BiSheng Compiler is a high-performance, high-reliability, and easy-to-expand compiler toolchain developed by the Huawei Compiler Laboratory for general-purpose processor architectures, such as Kunpeng. It introduces and enhances multiple compilation optimization technologies and supports different programming languages, such as C, C++, and Fortran. + +BiSheng Compiler has been integrated into openEuler. It can be installed using the Yum repository in the openEuler OS or using the software package in a non-openEuler OS. + +Go to the [official website of BiSheng Compiler](https://www.hikunpeng.com/en/developer/devkit/compiler/bisheng) to obtain required resources, including the [software](https://mirrors.huaweicloud.com/kunpeng/archive/compiler/bisheng_compiler/) and [documentation](https://support.huaweicloud.com/intl/en-us/ug-bisheng-kunpengdevps/kunpengbisheng_06_0001.html). + +## Installation Using the Yum Repository + +Perform the following operations as the **root** user. + +1. Run the following command to add the configuration file **bisheng-compiler.repo** to the **/etc/yum.repos.d/** directory: + + ```shell + cat > /etc/yum.repos.d/bisheng-compiler.repo << EOF + [bisheng-compiler] + name=bisheng-compiler + baseurl=https://repo.oepkgs.net/bisheng/aarch64/ + enabled=1 + gpgcheck=0 + priority=100 + EOF + ``` + +2. Download the RPM package of BiSheng Compiler from the Yum repository and install it. + + ```shell + yum update + yum install bisheng-compiler + ``` + +3. (Optional) Clear the hash table in the current window. + + If an LLVM compiler of another version is available in the system, run the following command immediately after installing BiSheng Compiler: + + ```shell + hash -r + ``` + + This prevents the Clang command from being captured by the hash table. If the Clang command is captured by the hash table, BiSheng Compiler or the open source LLVM compiler cannot be used. + +4. Check whether the installation is successful. + + After the installation is complete, run the following command to verify the BiSheng Compiler version: + + ```shell + clang -v + ``` + + If the command output contains the BiSheng compiler version information, the installation is successful. diff --git a/docs/en/docs/thirdparty_migration/figures/.keep b/docs/en/docs/thirdparty_migration/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/en/docs/thirdparty_migration/figures/calicotag.png b/docs/en/docs/thirdparty_migration/figures/calicotag.png new file mode 100644 index 0000000000000000000000000000000000000000..3563a3e692ca223d5f13f1d16338ca5cfaac79a5 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/calicotag.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/clusteradd.png b/docs/en/docs/thirdparty_migration/figures/clusteradd.png new file mode 100644 index 0000000000000000000000000000000000000000..b25de17014deb022c1bc9ab18246c0b51bdff942 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/clusteradd.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/configmaster.png b/docs/en/docs/thirdparty_migration/figures/configmaster.png new file mode 100644 index 0000000000000000000000000000000000000000..f545b04d33e4e4e823c213cf997c44ec0c548b8b Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/configmaster.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/createuser.png b/docs/en/docs/thirdparty_migration/figures/createuser.png new file mode 100644 index 0000000000000000000000000000000000000000..9964a86c0cf16073fc790dd5fae724883b612368 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/createuser.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/downloaddocker.png b/docs/en/docs/thirdparty_migration/figures/downloaddocker.png new file mode 100644 index 0000000000000000000000000000000000000000..2e86a5b102c3641f753bfd367e215b1146901e53 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/downloaddocker.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/extend1.png b/docs/en/docs/thirdparty_migration/figures/extend1.png new file mode 100644 index 0000000000000000000000000000000000000000..8bdd8e0b1ef60145ea16be676e2f70b9068804fb Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/extend1.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/faq1.png b/docs/en/docs/thirdparty_migration/figures/faq1.png new file mode 100644 index 0000000000000000000000000000000000000000..6856b9d37975bf518c2aeb144d6bc54ec1a29bec Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/faq1.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/host_env1.png b/docs/en/docs/thirdparty_migration/figures/host_env1.png new file mode 100644 index 0000000000000000000000000000000000000000..60754da6d76bc817f6dbb05b30ac1749798f584b Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/host_env1.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/host_env10.png b/docs/en/docs/thirdparty_migration/figures/host_env10.png new file mode 100644 index 0000000000000000000000000000000000000000..16705810949ee42054d345628599dd0fde26504e Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/host_env10.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/host_env11.png b/docs/en/docs/thirdparty_migration/figures/host_env11.png new file mode 100644 index 0000000000000000000000000000000000000000..16c9a0d4bed1cfff308c9f8f5e93e98f8ba2c72c Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/host_env11.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/host_env5.png b/docs/en/docs/thirdparty_migration/figures/host_env5.png new file mode 100644 index 0000000000000000000000000000000000000000..deddc3d6af1687939d274c80307d3e2c0ee7bd6c Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/host_env5.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/host_env6.png b/docs/en/docs/thirdparty_migration/figures/host_env6.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7ca24a78979fe3346eb37793152cceaaee7145 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/host_env6.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/host_env7.png b/docs/en/docs/thirdparty_migration/figures/host_env7.png new file mode 100644 index 0000000000000000000000000000000000000000..03370058ff0a6e237f291b543195392efcc05f5d Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/host_env7.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/host_env8.png b/docs/en/docs/thirdparty_migration/figures/host_env8.png new file mode 100644 index 0000000000000000000000000000000000000000..e797f91df999dc4fcf81f4f96814573abf708494 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/host_env8.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/host_env9.png b/docs/en/docs/thirdparty_migration/figures/host_env9.png new file mode 100644 index 0000000000000000000000000000000000000000..aa848dfd00347b2e6d3385d6bcb372c49dc0928e Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/host_env9.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/install1.png b/docs/en/docs/thirdparty_migration/figures/install1.png new file mode 100644 index 0000000000000000000000000000000000000000..a01325bb62e2e2f874d6110df8a19dea197b69e7 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/install1.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/installarm.png b/docs/en/docs/thirdparty_migration/figures/installarm.png new file mode 100644 index 0000000000000000000000000000000000000000..d400c62147abe8c5c2b7f35e317e757d8aa85f97 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/installarm.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/installx86.png b/docs/en/docs/thirdparty_migration/figures/installx86.png new file mode 100644 index 0000000000000000000000000000000000000000..3547bcf70e1b17574006e80be3578daf88344ff0 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/installx86.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/modify_timeout_value.png b/docs/en/docs/thirdparty_migration/figures/modify_timeout_value.png new file mode 100644 index 0000000000000000000000000000000000000000..690a5252fe1c675cb4766c93b5756f47c8e7e636 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/modify_timeout_value.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/run1.png b/docs/en/docs/thirdparty_migration/figures/run1.png new file mode 100644 index 0000000000000000000000000000000000000000..1c653188ef2d6874a07a5dc185139339dc502dbc Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/run1.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/run2.png b/docs/en/docs/thirdparty_migration/figures/run2.png new file mode 100644 index 0000000000000000000000000000000000000000..7d17f2d56c7adf3ccc9ef7a5e53da636561d8795 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/run2.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/run3.png b/docs/en/docs/thirdparty_migration/figures/run3.png new file mode 100644 index 0000000000000000000000000000000000000000..cc4d4fbd02e4d60017d5599b74b0fda90843353c Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/run3.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/run4.png b/docs/en/docs/thirdparty_migration/figures/run4.png new file mode 100644 index 0000000000000000000000000000000000000000..05ff12603bbabfb188f05c7f47551016b7aa110f Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/run4.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/run5.png b/docs/en/docs/thirdparty_migration/figures/run5.png new file mode 100644 index 0000000000000000000000000000000000000000..e149c3286189a4ef4cc93f7add118f43e20cc96c Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/run5.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/run6.png b/docs/en/docs/thirdparty_migration/figures/run6.png new file mode 100644 index 0000000000000000000000000000000000000000..27c9263dbf447a0199a2a8d12af1192661efa7bb Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/run6.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/stack.png b/docs/en/docs/thirdparty_migration/figures/stack.png new file mode 100644 index 0000000000000000000000000000000000000000..63edbbbaac901b154d906eaf803f31bf6fe61bbe Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/stack.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/startvm.png b/docs/en/docs/thirdparty_migration/figures/startvm.png new file mode 100644 index 0000000000000000000000000000000000000000..1254e08e85b6f515791b258e12b9ac4891cc1ffd Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/startvm.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/vmlist.png b/docs/en/docs/thirdparty_migration/figures/vmlist.png new file mode 100644 index 0000000000000000000000000000000000000000..830261f13c434327c8bb9a01cc4fb5e6988a01c2 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/vmlist.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/x86_build_fail.png b/docs/en/docs/thirdparty_migration/figures/x86_build_fail.png new file mode 100644 index 0000000000000000000000000000000000000000..2d91001fa9c76c3154fdaffa31c4b2befc4f34c0 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/x86_build_fail.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/yumarm.png b/docs/en/docs/thirdparty_migration/figures/yumarm.png new file mode 100644 index 0000000000000000000000000000000000000000..538df33bcb5134c2a3f50b12cc5097d25bab1c76 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/yumarm.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/yumx86.png b/docs/en/docs/thirdparty_migration/figures/yumx86.png new file mode 100644 index 0000000000000000000000000000000000000000..880f54f8836ad7992345e74075ff355209a08f70 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/yumx86.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296836364.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296836364.png new file mode 100644 index 0000000000000000000000000000000000000000..092be1b363b87b5890c1e825e38f8cc4a6b07980 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296836364.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296836374.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296836374.png new file mode 100644 index 0000000000000000000000000000000000000000..7b407c4ac75025d0beb65a231a30b1129776a45b Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296836374.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296837434.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296837434.png new file mode 100644 index 0000000000000000000000000000000000000000..e947112112a9dff8c3e1d7460dbf00bf2e167adb Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296837434.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296837436.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296837436.png new file mode 100644 index 0000000000000000000000000000000000000000..de9500feba2988934b130bf876a9134e65919f9c Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296837436.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838174.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838174.png new file mode 100644 index 0000000000000000000000000000000000000000..771a238544b18a196e8dc4fce484c037ece281c0 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838174.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838176.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838176.png new file mode 100644 index 0000000000000000000000000000000000000000..240395d4cf2625c2fd762b647d8d371eb3f010c7 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838176.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838182.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838182.png new file mode 100644 index 0000000000000000000000000000000000000000..983ec2e4e16e3570897ece58d3499f1e384d3c55 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838182.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838184.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838184.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea8a5003de5e5a1a6bcbf04ccfda6be3c7591e4 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838184.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838200.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838200.png new file mode 100644 index 0000000000000000000000000000000000000000..ff90e70830df6c5c5c06dadb2446e1aad6739ad6 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838200.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838202.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838202.png new file mode 100644 index 0000000000000000000000000000000000000000..1dcf05ec51cc58c710eede1197923494c4c57f98 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838202.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838204.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838204.png new file mode 100644 index 0000000000000000000000000000000000000000..f65f87817f5c921893dac464460fe1ea714e54b8 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838204.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838206.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838206.png new file mode 100644 index 0000000000000000000000000000000000000000..5096cabacc305fec55b581432a5cd127cae84362 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838206.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838208.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838208.png new file mode 100644 index 0000000000000000000000000000000000000000..a406893b51db2081c41c91929f17429ad3072d08 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838208.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838210.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838210.png new file mode 100644 index 0000000000000000000000000000000000000000..3d51ce1a6d6b4de233a4d3c81744f64ac18aea8a Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838210.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838212.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838212.png new file mode 100644 index 0000000000000000000000000000000000000000..49c8735599f0e0633eeb046d9f0795df2d0f5870 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838212.png differ diff --git a/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838214.png b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838214.png new file mode 100644 index 0000000000000000000000000000000000000000..8efa6420b0f2c4fbf6774fe991dcd0242a8a1ea9 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/figures/zh-cn_image_0296838214.png differ diff --git a/docs/en/docs/thirdparty_migration/k8sinstall.md b/docs/en/docs/thirdparty_migration/k8sinstall.md new file mode 100644 index 0000000000000000000000000000000000000000..eac93f42ac41abe832cc1d294e857ff58ac086ca --- /dev/null +++ b/docs/en/docs/thirdparty_migration/k8sinstall.md @@ -0,0 +1,520 @@ +# Guide to Porting Kubernetes to openEuler + +- [Software Overview](#software-overview) +- [Environment Configuration](#environment-configuration) +- [System Configuration](#system-configuration) +- [Software Installation](#software-installation) +- [Software Uninstallation](#software-uninstallation) + +## Software Overview + +The Kubernetes (K8s for short) is an open source container cluster management platform that implements the automatic deployment, automatic scaling, and maintenance of container clusters. The goal of Kubernetes is to promote a mature ecosystem of components and tools to run applications more easily on the cloud. + +The Kubernetes cluster has two types of nodes: master and worker. The master node manages and controls the entire cluster. Control commands executed for the cluster are sent to the master node. The worker node is a workload node in the Kubernetes cluster. The workload on a worker node is allocated by the master node. When a worker node breaks down, the master node transfers the workload on the faulty worker node to other nodes. + +This document describes how to use two nodes to set up a Kubernetes cluster. One is the master node, and the other is the worker node. + +## Environment Configuration + +**Software Platform** + +| Software |Version Number |Installation Method | +|:--- |:---- |:---- | +| openEuler | 20.03-LTS-SP4 |ISO | +| gnu | 7.3.0 | | +| python3 | 3.7.4 | | +| bash | 5.0.11 | | + +**Required Dependency Packages** + +| Software |Version Number |Installation Method | +|:--- |:---- |:---- | +| docker-engine | 18.09.0-101 |Refer to Installing Docker and Configuring the Yum Source | +| kubelet | 1.15.10/1.18/1.16 | Refer to Installing K8s Components | +| kubeadm | 1.15.10/1.18/1.16 | Refer to Installing K8s Components | +| kubectl | 1.15.10/1.18/1.16 | Refer to Installing K8s Components | +| kubernetes-cni | 1.15.10/1.18/1.16 | Refer to Installing K8s Components | + +> ![](./public_sys-resources/icon-note.gif) **Note** +> +> This document applies to K8s 1.15.10, 1.16, and 1.18, and uses K8s 1.15.10 as an example. + +## System Configuration + +### Modifying Host Configuration + +Edit the `/etc/hosts` files of the master and worker nodes, and add the IP addresses of the master and worker nodes to the end of the files. + +```text +192.168.122.72 master +192.168.122.130 worker +``` + +### Installing Docker and Configuring the Yum Source + +1. This operation is optional. The Yum source has been configured in the officially released image. If the openEuler Yum source is not configured in the system, perform the following operations to add a repo file. The `baseurl` value uses the source address in the released version. + + - AArch64 architecture + + ```shell + vim /etc/yum.repos.d/openEuler_aarch64.repo + ``` + + ![](./figures/yumarm.png) + + - x86 architecture + + ```shell + vim /etc/yum.repos.d/openEuler_x86_64.repo + ``` + + ![](./figures/yumx86.png) + +2. Perform the preceding operation on the master and worker nodes, respectively. Clear the software packages and old headers in the cache and create the cache again. + + ```shell + yum clean all + yum makecache + ``` + +3. Install Docker, start related services, and output the Docker status information. + + ```shell + yum -y install docker-engine + systemctl daemon-reload + systemctl status docker + systemctl restart docker + systemctl status docker + systemctl enable docker + ``` + +### Disabling the Firewall and SELinux + +Due to the back-end compatibility issue of nftables, duplicate firewall rules are generated. You need to disable the firewall. To enable the container to access the file system of the host, you need to disable SELinux. + +Run the following commands on the master and worker nodes to disable the firewall and SELinux: + +```shell +systemctl stop firewalld +systemctl disable firewalld +setenforce 0 +sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config +``` + +### Configuring the Kubernetes Yum Source + +1. Run the following command on the master and worker nodes to configure the Yum source of Kubernetes: + + - AArch64 architecture + + ```shell + $ cat < /etc/yum.repos.d/kubernetes.repo + + [kubernetes] + name=Kubernetes + baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-aarch64 + enabled=1 + gpgcheck=1 + repo_gpgcheck=1 + gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg + http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg + EOF + ``` + + - x86 architecture + + ```shell + $ cat < /etc/yum.repos.d/kubernetes.repo + + [kubernetes] + name=Kubernetes + baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 + enabled=1 + gpgcheck=1 + repo_gpgcheck=1 + gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg + http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg + EOF + ``` + +2. After the configuration is completed, run the following commands to clear the software packages and old headers in the cache and create the cache again: + + ```shell + yum clean all + yum makecache + ``` + +### Disabling the Swap Partition + +When installing the K8s cluster, you need to disable the swap memory exchange mechanism of the Linux OS. Otherwise, the system performance and stability will be affected due to memory exchange. + +1. Run the following commands on the master and worker nodes to disable the swap partition: + + ```shell + swapoff -a + cp -p /etc/fstab /etc/fstab.bak$(date '+%Y%m%d%H%M%S') + sed -i "s/\/dev\/mapper\/openeuler-swap/\#\/dev\/mapper\/openeuler-swap/g" /etc/fstab + ``` + +2. Run the following command to check whether the modification is successful: + + ```shell + cat /etc/fstab + ``` + + ![](./figures/zh-cn_image_0296836364.png) + +3. Run the following command to reboot the system: + + ```shell + reboot + ``` + +## Software Installation + +### Installing K8s Components + +Run the following command on the master and worker nodes to install the K8s components: + +```shell +yum install -y kubelet-1.15.10 kubeadm-1.15.10 kubectl-1.15.10 kubernetes-cni-0.7.5 +``` + +### Configuring Startup Items + +1. Run the following command on the master and worker nodes to set kubelet to start upon system boot: + + ```shell + systemctl enable kubelet + ``` + +2. Create the `/etc/sysctl.d/k8s.conf` files on the master and worker nodes and add the following content to the files: + + ```text + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + net.ipv4.ip_forward = 1 + vm.swappiness=0 + ``` + +3. Run the following commands on the master and worker nodes to make the modification take effect: + + ```shell + modprobe br_netfilter + sysctl -p /etc/sysctl.d/k8s.conf + ``` + +### Downloading Components Using Docker + +The master and worker nodes download other components using Docker. When downloading images, you need to select the version that corresponds to the architecture. Perform the following operations on the two nodes: + +1. Run the following command to view the images required for initialization: + + ```shell + kubeadm config images list + ``` + + ![](./figures/downloaddocker.png) + + > ![](./public_sys-resources/icon-note.gif) **Note** +The image versions required by K8s may change. Therefore, you need to check the list to select the proper Docker images to be downloaded. The following image versions are for reference only. + +2. Run the following commands to download the images from Docker Hub: + + - AArch64 architecture + + ```shell + docker pull gcmirrors/kube-apiserver-arm64:v1.15.10 + docker pull gcmirrors/kube-controller-manager-arm64:v1.15.10 + docker pull gcmirrors/kube-scheduler-arm64:v1.15.10 + docker pull gcmirrors/kube-proxy-arm64:v1.15.10 + docker pull gcmirrors/pause-arm64:3.1 + docker pull gcmirrors/etcd-arm64:3.3.10 + docker pull coredns/coredns:1.3.1 + ``` + + - x86 architecture + + ```shell + docker pull gcmirrors/kube-apiserver-amd64:v1.15.10 + docker pull gcmirrors/kube-controller-manager-amd64:v1.15.10 + docker pull gcmirrors/kube-scheduler-amd64:v1.15.10 + docker pull gcmirrors/kube-proxy-amd64:v1.15.10 + docker pull gcmirrors/pause-amd64:3.1 + docker pull gcmirrors/etcd-amd64:3.3.10 + docker pull coredns/coredns:1.3.1 + ``` + + > ![](./public_sys-resources/icon-note.gif) **Note** + > If the Docker image library proxy is configured, you can directly change the tag to **k8s.gcr.io** and skip the following steps. + +3. Run the following commands to tag the downloaded images: + + - AArch64 architecture + + ```shell + docker tag gcmirrors/kube-apiserver-arm64:v1.15.10 k8s.gcr.io/kube-apiserver:v1.15.10 + docker tag gcmirrors/kube-controller-manager-arm64:v1.15.10 k8s.gcr.io/kube-controller-manager:v1.15.10 + docker tag gcmirrors/kube-scheduler-arm64:v1.15.10 k8s.gcr.io/kube-scheduler:v1.15.10 + docker tag gcmirrors/kube-proxy-arm64:v1.15.10 k8s.gcr.io/kube-proxy:v1.15.10 + docker tag gcmirrors/pause-arm64:3.1 k8s.gcr.io/pause:3.1 + docker tag gcmirrors/etcd-arm64:3.3.10 k8s.gcr.io/etcd:3.3.10 + docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1 + ``` + + - x86 architecture + + ```shell + docker tag gcmirrors/kube-apiserver-amd64:v1.15.10 k8s.gcr.io/kube-apiserver:v1.15.10 + docker tag gcmirrors/kube-controller-manager-amd64:v1.15.10 k8s.gcr.io/kube-controller-manager:v1.15.10 + docker tag gcmirrors/kube-scheduler-amd64:v1.15.10 k8s.gcr.io/kube-scheduler:v1.15.10 + docker tag gcmirrors/kube-proxy-amd64:v1.15.10 k8s.gcr.io/kube-proxy:v1.15.10 + docker tag gcmirrors/pause-amd64:3.1 k8s.gcr.io/pause:3.1 + docker tag gcmirrors/etcd-amd64:3.3.10 k8s.gcr.io/etcd:3.3.10 + docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1 + ``` + +4. Run the following command to check whether the K8s tag is successfully added to the images: + + ```shell + docker images | grep k8s + ``` + + ![](./figures/zh-cn_image_0296836374.png) + +5. After the tag is added, run the following commands to delete the old images in the current environment: + + - AArch64 architecture + + ```shell + docker rmi gcmirrors/kube-apiserver-arm64:v1.15.10 + docker rmi gcmirrors/kube-controller-manager-arm64:v1.15.10 + docker rmi gcmirrors/kube-scheduler-arm64:v1.15.10 + docker rmi gcmirrors/kube-proxy-arm64:v1.15.10 + docker rmi gcmirrors/pause-arm64:3.1 + docker rmi gcmirrors/etcd-arm64:3.3.10 + docker rmi coredns/coredns:1.3.1 + ``` + + - x86 architecture + + ```shell + docker rmi gcmirrors/kube-apiserver-amd64:v1.15.10 + docker rmi gcmirrors/kube-controller-manager-amd64:v1.15.10 + docker rmi gcmirrors/kube-scheduler-amd64:v1.15.10 + docker rmi gcmirrors/kube-proxy-amd64:v1.15.10 + docker rmi gcmirrors/pause-amd64:3.1 + docker rmi gcmirrors/etcd-amd64:3.3.10 + docker rmi coredns/coredns:1.3.1 + ``` + +### Configuring the Master Node + +1. Run the following commands on the master node to initialize the cluster: + + ```shell + systemctl daemon-reload + systemctl restart kubelet + kubeadm init --kubernetes-version v1.15.10 --pod-network-cidr=10.244.0.0/16 + ``` + + After the cluster is initialized, the following information is displayed: + + ![](./figures/configmaster.png) + + Save the `kubeadm join` command in the preceding figure. Run this command when [adding the worker node to the cluster](#adding-nodes-to-the-cluster). + + > ![](./public_sys-resources/icon-note.gif) **Note** + > + > The Kubernetes installed using kubeadm automatically generates the certificates required by the cluster. All certificates are stored in the `/etc/kubernetes/pki` directory. + +2. Configure the cluster based on the information displayed on the console upon successful initialization, and run the following commands: + + ```shell + mkdir -p $HOME/.kube + cp -i /etc/kubernetes/admin.conf $HOME/.kube/config + chown $(id -u):$(id -g) $HOME/.kube/config + ``` + +3. Run the following command on the master node to view the cluster node information: + + ```shell + kubectl get node + ``` + + The node is not ready because the Calico network is not configured. + +### Installing the Calico Network Plug-in + +1. Run the following commands on the master and worker nodes to download the Calico container image: + + - AArch64 architecture + + ```shell + docker pull calico/cni:v3.14.2-arm64 + docker pull calico/node:v3.14.2-arm64 + docker pull calico/kube-controllers:v3.14.2-arm64 + docker pull calico/pod2daemon-flexvol:v3.14.2-arm64 + ``` + + - x86 architecture + + ```shell + docker pull calico/cni:v3.14.2-amd64 + docker pull calico/node:v3.14.2-amd64 + docker pull calico/kube-controllers:v3.14.2-amd64 + docker pull calico/pod2daemon-flexvol:v3.14.2-amd64 + ``` + +2. Run the following commands on the master and worker nodes to modify the downloaded image tags: + + - AArch64 architecture + + ```shell + docker tag calico/cni:v3.14.2-arm64 calico/cni:v3.14.2 + docker tag calico/node:v3.14.2-arm64 calico/node:v3.14.2 + docker tag calico/kube-controllers:v3.14.2-arm64 calico/kube-controllers:v3.14.2 + docker tag calico/pod2daemon-flexvol:v3.14.2-arm64 calico/pod2daemon-flexvol:v3.14.2 + ``` + + - x86 architecture + + ```shell + docker tag calico/cni:v3.14.2-amd64 calico/cni:v3.14.2 + docker tag calico/node:v3.14.2-amd64 calico/node:v3.14.2 + docker tag calico/kube-controllers:v3.14.2-amd64 calico/kube-controllers:v3.14.2 + docker tag calico/pod2daemon-flexvol:v3.14.2-amd64 calico/pod2daemon-flexvol:v3.14.2 + ``` + +3. Run the following command to check whether the Calico tag is successfully added: + + ```shell + docker images | grep calico + ``` + + ![](./figures/calicotag.png) + +4. Run the following commands on the master and worker nodes to delete the old image: + + - AArch64 architecture + + ```shell + docker rmi calico/cni:v3.14.2-arm64 + docker rmi calico/node:v3.14.2-arm64 + docker rmi calico/kube-controllers:v3.14.2-arm64 + docker rmi calico/pod2daemon-flexvol:v3.14.2-arm64 + ``` + + - x86 architecture + + ```shell + docker rmi calico/cni:v3.14.2-amd64 + docker rmi calico/node:v3.14.2-amd64 + docker rmi calico/kube-controllers:v3.14.2-amd64 + docker rmi calico/pod2daemon-flexvol:v3.14.2-amd64 + ``` + +5. Run the following command on the master node to download the YAML file: + + ```shell + wget https://docs.projectcalico.org/v3.14/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml --no-check-certificate + ``` + +6. Run the following command on the master node to deploy Calico: + + ```shell + kubectl apply -f calico.yaml + ``` + +7. Run the following command on the master node to check the node status. If the node status is **Ready**, the installation is successful. + + ```shell + kubectl get nodes + ``` + +### Adding Nodes to the Cluster + +1. Run the command saved in [Configuring the Master Node](#configuring-the-master-node) to add the worker node to the cluster. + + ```shell + kubeadm join 192.168.122.72:6443 --token 9hyjsw.102m4qpmr93msfdv --discovery-token-ca-cert-hash sha256:ccf9a7762c7ae08fab3ec0649897b1de8e3ef37cf789517f42ea95fad0bd29b1 + ``` + + > ![](./public_sys-resources/icon-note.gif) **Note** + > + > The default validity period of a token is 24 hours. If the token times out, run the `kubeadm token create --print-join-command` command on the master node to generate a new token. + +2. Run the following command on the master node to check the subnodes added to the cluster: + + ```shell + kubectl get nodes + ``` + +3. Run the following command on the master node to check the pod status in the cluster. If the status of all pods is **Running**, the configuration is successful. The page of successful configuration is shown in the following figure: + + ```shell + kubectl get pods -A + ``` + + ![](./figures/clusteradd.png) + +### Commands for Viewing Status Information + +- Information of all pods: + + ```shell + kubectl get pods -A + ``` + +- Information of all pods running in a namespace on the current node: + + ```shell + kubectl get pods -n $namespace + ``` + +- Information of all pods running in a namespace: + + ```shell + kubectl get pods -n $namespace -o wide + ``` + +- Information of a single pod, which can be used to locate pod status exceptions: + + ```shell + kubectl describe pod $podname -n $namespace + ``` + +- Pod deletion: After a running pod is deleted, the controller immediately creates a pod. + + ```shell + kubectl delete pods $podname + ``` + +## Software Uninstallation + +If you do not need the K8s cluster, perform the operations in this section to delete the K8s cluster. The following commands must be executed on the master and worker nodes. + +1. Run the following commands to clear the K8s cluster settings: + + ```shell + kubeadm reset + rm -rf $HOME/.kube/config + ``` + +2. Run the following commands to delete the basic component image: + + ```shell + docker rmi k8s.gcr.io/kube-apiserver:v1.15.10 + docker rmi k8s.gcr.io/kube-controller-manager:v1.15.10 + docker rmi k8s.gcr.io/kube-scheduler:v1.15.10 + docker rmi k8s.gcr.io/kube-proxy:v1.15.10 + docker rmi k8s.gcr.io/pause:3.1 + docker rmi k8s.gcr.io/etcd:3.3.10 + docker rmi k8s.gcr.io/coredns:1.3.1 + ``` + +3. Run the following command to uninstall the management software: + + ```shell + yum erase -y kubelet kubectl kubeadm kubernetes-cni + ``` diff --git a/docs/en/docs/thirdparty_migration/openstack-train.md b/docs/en/docs/thirdparty_migration/openstack-train.md new file mode 100644 index 0000000000000000000000000000000000000000..db98d1a1c40922af327eb0d28df385e2214f1612 --- /dev/null +++ b/docs/en/docs/thirdparty_migration/openstack-train.md @@ -0,0 +1,2877 @@ +# OpenStack-Wallaby Deployment Guide + + + +- [OpenStack-Wallaby Deployment Guide](#openstack-wallaby-deployment-guide) + - [OpenStack](#openstack) + - [Conventions](#conventions) + - [Preparing the Environment](#preparing-the-environment) + - [Environment Configuration](#environment-configuration) + - [Installing the SQL Database](#installing-the-sql-database) + - [Installing RabbitMQ](#installing-rabbitmq) + - [Installing Memcached](#installing-memcached) + - [Installing OpenStack](#installing-openstack) + - [Installing Keystone](#installing-keystone) + - [Installing Glance](#installing-glance) + - [Installing Placement](#installing-placement) + - [Installing Nova](#installing-nova) + - [Installing Neutron](#installing-neutron) + - [Installing Cinder](#installing-cinder) + - [Installing Horizon](#installing-horizon) + - [Installing Tempest](#installing-tempest) + - [Installing Ironic](#installing-ironic) + - [Installing Kolla](#installing-kolla) + - [Installing Trove](#installing-trove) + - [Installing Swift](#installing-swift) + - [Installing Cyborg](#installing-cyborg) + - [Installing Aodh](#installing-aodh) + - [Installing Gnocchi](#installing-gnocchi) + - [Installing Ceilometer](#installing-ceilometer) + - [Installing Heat](#installing-heat) + + +## OpenStack + +OpenStack is an open source cloud computing infrastructure software project developed by the community. It provides an operating platform or tool set for deploying the cloud, offering scalable and flexible cloud computing for organizations. + +As an open source cloud computing management platform, OpenStack consists of several major components, such as Nova, Cinder, Neutron, Glance, Keystone, and Horizon. OpenStack supports almost all cloud environments. The project aims to provide a cloud computing management platform that is easy-to-use, scalable, unified, and standardized. OpenStack provides an infrastructure as a service (IaaS) solution that combines complementary services, each of which provides an API for integration. + +The official source of openEuler 20.03-LTS-SP3 now supports OpenStack Train. You can configure the Yum source then deploy OpenStack by following the instructions of this document. + +## Conventions + +OpenStack supports multiple deployment modes. This document includes two deployment modes: **All in One** and **Distributed**. The conventions are as follows: + +**All in One** mode: + +```text +Ignores all possible suffixes. +``` + +**Distributed** mode: + +```text +A suffix of (CTL) indicates that the configuration or command applies only to the control node. +A suffix of (CPT) indicates that the configuration or command applies only to the compute node. +A suffix of (STG) indicates that the configuration or command applies only to the storage node. +In other cases, the configuration or command applies to both the control node and compute node. +``` + +***Note*** + +The services involved in the preceding conventions are as follows: + +- Cinder +- Nova +- Neutron + +## Preparing the Environment + +### Environment Configuration + +1. Configure the openEuler 20.03-LTS-SP3 official Yum source. Enable the EPOL software repository to support OpenStack. + + ```shell + $ cat << EOF >> /etc/yum.repos.d/20.03-LTS-SP3-OpenStack_Train.repo + [OS] + name=OS + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler + + [everything] + name=everything + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/RPM-GPG-KEY-openEuler + + [EPOL] + name=EPOL + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/EPOL/main/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler + EOF + + $ yum clean all && yum makecache + ``` + +2. Change the host name and mapping. + + Set the host name of each node: + + ```shell + hostnamectl set-hostname controller (CTL) + hostnamectl set-hostname compute (CPT) + ``` + + Assuming the IP address of the controller node is **10.0.0.11** and the IP address of the compute node (if any) is **10.0.0.12**, add the following information to the **/etc/hosts** file: + + ```shell + 10.0.0.11 controller + 10.0.0.12 compute + ``` + +### Installing the SQL Database + +1. Run the following command to install the software package: + + ```shell + yum install mariadb mariadb-server python3-PyMySQL + ``` + +2. Run the following command to create and edit the **/etc/my.cnf.d/openstack.cnf** file: + + ```shell + $ vim /etc/my.cnf.d/openstack.cnf + + [mysqld] + bind-address = 10.0.0.11 + default-storage-engine = innodb + innodb_file_per_table = on + max_connections = 4096 + collation-server = utf8_general_ci + character-set-server = utf8 + ``` + + ***Note*** + + **`bind-address` is set to the management IP address of the controller node.** + +3. Run the following commands to start the database service and configure it to automatically start upon system boot: + + ```shell + systemctl enable mariadb.service + systemctl start mariadb.service + ``` + +4. (Optional) Configure the default database password: + + ```shell + mysql_secure_installation + ``` + + ***Note*** + + **Perform operations as prompted.** + +### Installing RabbitMQ + +1. Run the following command to install the software package: + + ```shell + yum install rabbitmq-server + ``` + +2. Start the RabbitMQ service and configure it to automatically start upon system boot: + + ```shell + systemctl enable rabbitmq-server.service + systemctl start rabbitmq-server.service + ``` + +3. Add the OpenStack user: + + ```shell + rabbitmqctl add_user openstack RABBIT_PASS + ``` + + ***Note*** + + **Replace *RABBIT_PASS* to set the password for the openstack user.** + +4. Run the following command to set the permission of the **openstack** user to allow the user to perform configuration, write, and read operations: + + ```shell + rabbitmqctl set_permissions openstack ".*" ".*" ".*" + ``` + +### Installing Memcached + +1. Run the following command to install the dependency package: + + ```shell + yum install memcached python3-memcached + ``` + +2. Open the **/etc/sysconfig/memcached** file in insert mode. + + ```shell + $ vim /etc/sysconfig/memcached + + OPTIONS="-l 127.0.0.1,::1,controller" + ``` + +3. Run the following command to start the Memcached service and configure it to automatically start upon system boot: + + ```shell + systemctl enable memcached.service + systemctl start memcached.service + ``` + + ***Note*** + + **After the service is started, you can run `memcached-tool controller stats` to ensure that the service is started properly and available. You can replace `controller` with the management IP address of the controller node.** + +## Installing OpenStack + +### Installing Keystone + +1. Create the **keystone** database and grant permissions: + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE keystone; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ + IDENTIFIED BY 'KEYSTONE_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ + IDENTIFIED BY 'KEYSTONE_DBPASS'; + MariaDB [(none)]> exit + ``` + + ***Note*** + + **Replace *KEYSTONE_DBPASS* to set the password for the keystone database.** + +2. Install the software package: + + ```shell + yum install openstack-keystone httpd mod_wsgi + ``` + +3. Configure Keystone: + + ```shell + $ vim /etc/keystone/keystone.conf + + [database] + connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone + + [token] + provider = fernet + ``` + + ***Description*** + + In the **\[database]** section, configure the database entry . + + In the **\[token]** section, configure the token provider . + + ***Note:*** + + **Replace *KEYSTONE_DBPASS* with the password of the keystone database.** + +4. Synchronize the database: + + ```shell + su -s /bin/sh -c "keystone-manage db_sync" keystone + ``` + +5. Initialize the Fernet keystore: + + ```shell + keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone + keystone-manage credential_setup --keystone-user keystone --keystone-group keystone + ``` + +6. Start the service: + + ```shell + keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ + --bootstrap-admin-url http://controller:5000/v3/ \ + --bootstrap-internal-url http://controller:5000/v3/ \ + --bootstrap-public-url http://controller:5000/v3/ \ + --bootstrap-region-id RegionOne + ``` + + ***Note*** + + **Replace *ADMIN_PASS* to set the password for the admin user.** + +7. Configure the Apache HTTP server: + + ```shell + $ vim /etc/httpd/conf/httpd.conf + + ServerName controller + ``` + + ```shell + ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ + ``` + + ***Description*** + + Configure **ServerName** to use the control node. + + ***Note*** + **If the ServerName item does not exist, create it. + +8. Start the Apache HTTP service: + + ```shell + systemctl enable httpd.service + systemctl start httpd.service + ``` + +9. Create environment variables: + + ```shell + cat << EOF >> ~/.admin-openrc + export OS_PROJECT_DOMAIN_NAME=Default + export OS_USER_DOMAIN_NAME=Default + export OS_PROJECT_NAME=admin + export OS_USERNAME=admin + export OS_PASSWORD=ADMIN_PASS + export OS_AUTH_URL=http://controller:5000/v3 + export OS_IDENTITY_API_VERSION=3 + export OS_IMAGE_API_VERSION=2 + EOF + ``` + + ***Note*** + + **Replace *ADMIN_PASS* with the password of the admin user.** + +10. Create domains, projects, users, and roles in sequence. python3-openstackclient must be installed first: + + ```shell + yum install python3-openstackclient + ``` + + Import the environment variables: + + ```shell + source ~/.admin-openrc + ``` + + Create the project **service**. The domain **default** has been created during keystone-manage bootstrap. + + ```shell + openstack domain create --description "An Example Domain" example + ``` + + ```shell + openstack project create --domain default --description "Service Project" service + ``` + + Create the (non-admin) project **myproject**, user **myuser**, and role **myrole**, and add the role **myrole** to **myproject** and **myuser**. + + ```shell + openstack project create --domain default --description "Demo Project" myproject + openstack user create --domain default --password-prompt myuser + openstack role create myrole + openstack role add --project myproject --user myuser myrole + ``` + +11. Perform the verification. + + Cancel the temporary environment variables **OS_AUTH_URL** and **OS_PASSWORD**. + + ```shell + source ~/.admin-openrc + unset OS_AUTH_URL OS_PASSWORD + ``` + + Request a token for the **admin** user: + + ```shell + openstack --os-auth-url http://controller:5000/v3 \ + --os-project-domain-name Default --os-user-domain-name Default \ + --os-project-name admin --os-username admin token issue + ``` + + Request a token for user **myuser**: + + ```shell + openstack --os-auth-url http://controller:5000/v3 \ + --os-project-domain-name Default --os-user-domain-name Default \ + --os-project-name myproject --os-username myuser token issue + ``` + +### Installing Glance + +1. Create the database, service credentials, and the API endpoints. + + Create the database: + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE glance; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ + IDENTIFIED BY 'GLANCE_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ + IDENTIFIED BY 'GLANCE_DBPASS'; + MariaDB [(none)]> exit + ``` + + ***Note:*** + + **Replace *GLANCE_DBPASS* to set the password for the glance database.** + + Create the service credential: + + ```shell + source ~/.admin-openrc + + openstack user create --domain default --password-prompt glance + openstack role add --project service --user glance admin + openstack service create --name glance --description "OpenStack Image" image + ``` + + Create the API endpoints for the image service: + + ```shell + openstack endpoint create --region RegionOne image public http://controller:9292 + openstack endpoint create --region RegionOne image internal http://controller:9292 + openstack endpoint create --region RegionOne image admin http://controller:9292 + ``` + +2. Install the software package: + + ```shell + yum install openstack-glance + ``` + +3. Configure Glance: + + ```shell + $ vim /etc/glance/glance-api.conf + + [database] + connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = glance + password = GLANCE_PASS + + [paste_deploy] + flavor = keystone + + [glance_store] + stores = file,http + default_store = file + filesystem_store_datadir = /var/lib/glance/images/ + ``` + + ***Description:*** + + In the **\[database]** section, configure the database entry. + + In the **\[keystone_authtoken]** and **\[paste_deploy]** sections, configure the identity authentication service entry. + + In the **\[glance_store]** section, configure the local file system storage and the location of image files. + + ***Note*** + + **Replace *GLANCE_DBPASS* with the password of the glance database.** + + **Replace *GLANCE_PASS* with the password of user glance.** + +4. Synchronize the database: + + ```shell + su -s /bin/sh -c "glance-manage db_sync" glance + ``` + +5. Start the service: + + ```shell + systemctl enable openstack-glance-api.service + systemctl start openstack-glance-api.service + ``` + +6. Perform the verification. + + Download the image: + + ```shell + source ~/.admin-openrc + + wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img + ``` + + ***Note*** + + **If the Kunpeng architecture is used in your environment, download the image of the AArch64 version. the cirros-0.5.2-aarch64-disk.img image file has been tested.** + + Upload the image to the image service: + + ```shell + openstack image create --disk-format qcow2 --container-format bare \ + --file cirros-0.4.0-x86_64-disk.img --public cirros + ``` + + Confirm the image upload and verify the attributes: + + ```shell + openstack image list + ``` + +### Installing Placement + +1. Create a database, service credentials, and API endpoints. + + Create a database. + + Access the database as the **root** user. Create the **placement** database, and grant permissions. + + ```shell + $ mysql -u root -p + MariaDB [(none)]> CREATE DATABASE placement; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \ + IDENTIFIED BY 'PLACEMENT_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \ + IDENTIFIED BY 'PLACEMENT_DBPASS'; + MariaDB [(none)]> exit + ``` + + **Note**: + + **Replace *PLACEMENT_DBPASS* to set the password for the placement database.** + + ```shell + source admin-openrc + ``` + + Run the following commands to create the Placement service credentials, create the **placement** user, and add the **admin** role to the **placement** user: + + Create the Placement API Service. + + ```shell + openstack user create --domain default --password-prompt placement + openstack role add --project service --user placement admin + openstack service create --name placement --description "Placement API" placement + ``` + + Create API endpoints of the **placement** service. + + ```shell + openstack endpoint create --region RegionOne placement public http://controller:8778 + openstack endpoint create --region RegionOne placement internal http://controller:8778 + openstack endpoint create --region RegionOne placement admin http://controller:8778 + ``` + +2. Perform the installation and configuration. + + Install the software package: + + ```shell + yum install openstack-placement-api + ``` + + Configure Placement: + + Edit the **/etc/placement/placement.conf** file: + + In the **\[placement_database]** section, configure the database entry. + + In **\[api]** and **\[keystone_authtoken]** sections, configure the identity authentication service entry. + + ```shell + $ vim /etc/placement/placement.conf + [placement_database] + # ... + connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement + [api] + # ... + auth_strategy = keystone + [keystone_authtoken] + # ... + auth_url = http://controller:5000/v3 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = placement + password = PLACEMENT_PASS + ``` + + Replace *PLACEMENT_DBPASS* with the password of the **placement** database, and replace *PLACEMENT_PASS* with the password of the **placement** user. + + Synchronize the database: + + ```shell + su -s /bin/sh -c "placement-manage db sync" placement + ``` + + Start the httpd service. + + ```shell + systemctl restart httpd + ``` + +3. Perform the verification. + + Run the following command to check the status: + + ```shell + . admin-openrc + placement-status upgrade check + ``` + + Run the following command to install osc-placement and list the available resource types and features: + + ```shell + yum install python3-osc-placement + openstack --os-placement-api-version 1.2 resource class list --sort-column name + openstack --os-placement-api-version 1.6 trait list --sort-column name + ``` + +### Installing Nova + +1. Create a database, service credentials, and API endpoints. + + Create a database. + + ```shell + $ mysql -u root -p (CTL) + + MariaDB [(none)]> CREATE DATABASE nova_api; + MariaDB [(none)]> CREATE DATABASE nova; + MariaDB [(none)]> CREATE DATABASE nova_cell0; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ + IDENTIFIED BY 'NOVA_DBPASS'; + MariaDB [(none)]> exit + ``` + + **Note**: + + **Replace *NOVA_DBPASS* to set the password for the nova database.** + + ```shell + source ~/.admin-openrc (CTL) + ``` + + Run the following command to create the Nova service certificate: + + ```shell + openstack user create --domain default --password-prompt nova (CTL) + openstack role add --project service --user nova admin (CTL) + openstack service create --name nova --description "OpenStack Compute" compute (CTL) + ``` + + Create a Nova API endpoint. + + ```shell + openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) + openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) + openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) + ``` + +2. Install the software packages: + + ```shell + yum install openstack-nova-api openstack-nova-conductor \ (CTL) + openstack-nova-novncproxy openstack-nova-scheduler + + yum install openstack-nova-compute (CPT) + ``` + + **Note**: + + **If the ARM64 architecture is used, you also need to run the following command:** + + ```shell + yum install edk2-aarch64 (CPT) + ``` + +3. Configure Nova: + + ```shell + $ vim /etc/nova/nova.conf + + [DEFAULT] + enabled_apis = osapi_compute,metadata + transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ + my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS + use_neutron = true + firewall_driver = nova.virt.firewall.NoopFirewallDriver + compute_driver=libvirt.LibvirtDriver (CPT) + instances_path = /var/lib/nova/instances/ (CPT) + lock_path = /var/lib/nova/tmp (CPT) + + [api_database] + connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) + + [database] + connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) + + [api] + auth_strategy = keystone + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000/ + auth_url = http://controller:5000/ + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = nova + password = NOVA_PASS + + [vnc] + enabled = true + server_listen = $my_ip + server_proxyclient_address = $my_ip + novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) + + [glance] + api_servers = http://controller:9292 + + [oslo_concurrency] + lock_path = /var/lib/nova/tmp (CTL) + + [placement] + region_name = RegionOne + project_domain_name = Default + project_name = service + auth_type = password + user_domain_name = Default + auth_url = http://controller:5000/v3 + username = placement + password = PLACEMENT_PASS + + [neutron] + auth_url = http://controller:5000 + auth_type = password + project_domain_name = default + user_domain_name = default + region_name = RegionOne + project_name = service + username = neutron + password = NEUTRON_PASS + service_metadata_proxy = true (CTL) + metadata_proxy_shared_secret = METADATA_SECRET (CTL) + ``` + + Description + + In the **\[default]** section, enable the compute and metadata APIs, configure the RabbitMQ message queue entry, configure **my_ip**, and enable the network service **neutron**. + + In the **\[api_database]** and **\[database]** sections, configure the database entry. + + In the **\[api]** and **\[keystone_authtoken]** sections, configure the identity service entry. + + In the **\[vnc]** section, enable and configure the entry for the remote console. + + In the **\[glance]** section, configure the API address for the image service. + + In the **\[oslo_concurrency]** section, configure the lock path. + + In the **\[placement]** section, configure the entry of the Placement service. + + **Note**: + + **Replace *RABBIT_PASS* with the password of the openstack user in RabbitMQ.** + + **Set *my_ip* to the management IP address of the corresponding node (MANAGEMENT_INTERFACE_IP_ADDRESS).** + + **Replace *NOVA_DBPASS* with the password of the nova database.** + + **Replace *NOVA_PASS* with the password of the nova user.** + + **Replace *PLACEMENT_PASS* with the password of the placement user.** + + **Replace *NEUTRON_PASS* with the password of the neutron user.** + + **Replace *METADATA_SECRET* with a proper metadata agent secret.** + + Others + + Check whether VM hardware acceleration (x86 architecture) is supported: + + ```shell + egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) + ``` + + If the returned value is **0**, hardware acceleration is not supported. You need to configure libvirt to use QEMU instead of KVM. + + ```shell + $ vim /etc/nova/nova.conf (CPT) + + [libvirt] + virt_type = qemu + ``` + + If the returned value is **1** or a larger value, hardware acceleration is supported. You can set the value of **virt_type** to **kvm**. + + **Note**: + + **If the ARM64 architecture is used, you also need to run the following command on the compute node:** + + ```shell + + $ mkdir -p /usr/share/AAVMF + $ chown nova:nova /usr/share/AAVMF + + $ ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \ + /usr/share/AAVMF/AAVMF_CODE.fd + $ ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \ + /usr/share/AAVMF/AAVMF_VARS.fd + + $ vim /etc/libvirt/qemu.conf + + nvram = ["/usr/share/AAVMF/AAVMF_CODE.fd: \ + /usr/share/AAVMF/AAVMF_VARS.fd", \ + "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \ + /usr/share/edk2/aarch64/vars-template-pflash.raw"] + ``` + + In addition, when the deployment environment in the ARM architecture is nested virtualization, configure the **\[libvirt]** section as follows: + + ```text + [libvirt] + virt_type = qemu + cpu_mode = custom + cpu_model = cortex-a72 + ``` + +4. Synchronize the database. + + Run the following command to synchronize the **nova-api** database: + + ```shell + su -s /bin/sh -c "nova-manage api_db sync" nova (CTL) + ``` + + Run the following command to register the **cell0** database: + + ```shell + su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova (CTL) + ``` + + Create the **cell1** cell: + + ```shell + su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova (CTL) + ``` + + Synchronize the **nova** database: + + ```shell + su -s /bin/sh -c "nova-manage db sync" nova (CTL) + ``` + + Verify whether **cell0** and **cell1** are correctly registered: + + ```shell + su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova (CTL) + ``` + + Add compute node to the OpenStack cluster: + + ```shell + su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova (CPT) + ``` + +5. Start the services: + + ```shell + systemctl enable \ (CTL) + openstack-nova-api.service \ + openstack-nova-scheduler.service \ + openstack-nova-conductor.service \ + openstack-nova-novncproxy.service + + systemctl start \ (CTL) + openstack-nova-api.service \ + openstack-nova-scheduler.service \ + openstack-nova-conductor.service \ + openstack-nova-novncproxy.service + ``` + + ```shell + systemctl enable libvirtd.service openstack-nova-compute.service (CPT) + systemctl start libvirtd.service openstack-nova-compute.service (CPT) + ``` + +6. Perform the verification. + + ```shell + source ~/.admin-openrc (CTL) + ``` + + List the service components to verify that each process is successfully started and registered: + + ```shell + openstack compute service list (CTL) + ``` + + List the API endpoints in the identity service to verify the connection to the identity service: + + ```shell + openstack catalog list (CTL) + ``` + + List the images in the image service to verify the connections: + + ```shell + openstack image list (CTL) + ``` + + Check whether the cells are running properly and whether other prerequisites are met. + + ```shell + nova-status upgrade check (CTL) + ``` + +### Installing Neutron + +1. Create the database, service credentials, and API endpoints. + + Create the database: + + ```shell + $ mysql -u root -p (CTL) + + MariaDB [(none)]> CREATE DATABASE neutron; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ + IDENTIFIED BY 'NEUTRON_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ + IDENTIFIED BY 'NEUTRON_DBPASS'; + MariaDB [(none)]> exit + ``` + + ***Note*** + + **Replace *NEUTRON_DBPASS* to set the password for the neutron database.** + + ```shell + source ~/.admin-openrc (CTL) + ``` + + Create the **neutron** service credential: + + ```shell + openstack user create --domain default --password-prompt neutron (CTL) + openstack role add --project service --user neutron admin (CTL) + openstack service create --name neutron --description "OpenStack Networking" network (CTL) + ``` + + Create the API endpoints of the Neutron service: + + ```shell + openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) + openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) + openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) + ``` + +2. Install the software packages: + + ```shell + yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \ (CTL) + openstack-neutron-ml2 + ``` + + ```shell + yum install openstack-neutron-linuxbridge ebtables ipset (CPT) + ``` + +3. Configure Neutron. + + Set the main configuration items: + + ```shell + $ vim /etc/neutron/neutron.conf + + [database] + connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) + + [DEFAULT] + core_plugin = ml2 (CTL) + service_plugins = router (CTL) + allow_overlapping_ips = true (CTL) + transport_url = rabbit://openstack:RABBIT_PASS@controller + auth_strategy = keystone + notify_nova_on_port_status_changes = true (CTL) + notify_nova_on_port_data_changes = true (CTL) + api_workers = 3 (CTL) + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = neutron + password = NEUTRON_PASS + + [nova] + auth_url = http://controller:5000 (CTL) + auth_type = password (CTL) + project_domain_name = Default (CTL) + user_domain_name = Default (CTL) + region_name = RegionOne (CTL) + project_name = service (CTL) + username = nova (CTL) + password = NOVA_PASS (CTL) + + [oslo_concurrency] + lock_path = /var/lib/neutron/tmp + ``` + + ***Description*** + + Configure the database entry in the **\[database]** section. + + Enable the ML2 and router plugins, allow IP address overlapping, and configure the RabbitMQ message queue entry in the **\[default]** section. + + Configure the identity authentication service entry in the **\[default]** and **\[keystone]** sections. + + Enable the network to notify the change of the compute network topology in the **\[default]** and **\[nova]** sections. + + Configure the lock path in the **\[oslo_concurrency]** section. + + ***Note*** + + **Replace *NEUTRON_DBPASS* with the password of the neutron database.** + + **Replace *RABBIT_PASS* with the password of the openstack user in RabbitMQ.** + + **Replace *NEUTRON_PASS* with the password of the neutron user.** + + **Replace *NOVA_PASS* with the password of the nova user.** + + Configure the ML2 plugin: + + ```shell + $ vim /etc/neutron/plugins/ml2/ml2_conf.ini + + [ml2] + type_drivers = flat,vlan,vxlan + tenant_network_types = vxlan + mechanism_drivers = linuxbridge,l2population + extension_drivers = port_security + + [ml2_type_flat] + flat_networks = provider + + [ml2_type_vxlan] + vni_ranges = 1:1000 + + [securitygroup] + enable_ipset = true + ``` + + Create the symbolic link for /etc/neutron/plugin.ini. + + ```shell + ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini + ``` + + **Note** + + **Enable flat, vlan, and vxlan networks, enable the linuxbridge and l2population mechanisms, and enable the port security extension driver in the \[ml2] section.** + + **Configure the flat network as the provider virtual network in the \[ml2_type_flat] section.** + + **Configure the range of the VXLAN network identifier in the \[ml2_type_vxlan] section.** + + **Set ipset enabled in the \[securitygroup] section.** + + **Remarks** + + **The actual configurations of l2 can be modified based as required. In this example, the provider network + linuxbridge is used.** + + Configure the Linux bridge agent: + + ```shell + $ vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini + + [linux_bridge] + physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME + + [vxlan] + enable_vxlan = true + local_ip = OVERLAY_INTERFACE_IP_ADDRESS + l2_population = true + + [securitygroup] + enable_security_group = true + firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver + ``` + + ***Description*** + + Map the provider virtual network to the physical network interface in the **\[linux_bridge]** section. + + Enable the VXLAN overlay network, configure the IP address of the physical network interface that processes the overlay network, and enable layer-2 population in the **\[vxlan]** section. + + Enable the security group and configure the linux bridge iptables firewall driver in the **\[securitygroup]** section. + + ***Note*** + + **Replace *PROVIDER_INTERFACE_NAME* with the physical network interface.** + + **Replace *OVERLAY_INTERFACE_IP_ADDRESS* with the management IP address of the controller node.** + + Configure the Layer-3 agent: + + ```shell + $ vim /etc/neutron/l3_agent.ini (CTL) + + [DEFAULT] + interface_driver = linuxbridge + ``` + + ***Description*** + + Set the interface driver to linuxbridge in the **\[default]** section. + + Configure the DHCP agent: + + ```shell + $ vim /etc/neutron/dhcp_agent.ini (CTL) + + [DEFAULT] + interface_driver = linuxbridge + dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq + enable_isolated_metadata = true + ``` + + ***Description*** + + In the **\[default]** section, configure the linuxbridge interface driver and Dnsmasq DHCP driver, and enable the isolated metadata. + + Configure the metadata agent: + + ```shell + $ vim /etc/neutron/metadata_agent.ini (CTL) + + [DEFAULT] + nova_metadata_host = controller + metadata_proxy_shared_secret = METADATA_SECRET + ``` + + ***Description*** + + In the **\[default]**, configure the metadata host and the shared secret. + + ***Note*** + + **Replace *METADATA_SECRET* with a proper metadata agent secret.** + +4. Configure Nova: + + ```shell + $ vim /etc/nova/nova.conf + + [neutron] + auth_url = http://controller:5000 + auth_type = password + project_domain_name = Default + user_domain_name = Default + region_name = RegionOne + project_name = service + username = neutron + password = NEUTRON_PASS + service_metadata_proxy = true (CTL) + metadata_proxy_shared_secret = METADATA_SECRET (CTL) + ``` + + ***Description*** + + In the **\[neutron]** section, configure the access parameters, enable the metadata agent, and configure the secret. + + ***Note*** + + **Replace *NEUTRON_PASS* with the password of the neutron user.** + + **Replace *METADATA_SECRET* with a proper metadata agent secret.** + +5. Synchronize the database: + + ```shell + su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron + ``` + +6. Run the following command to restart the compute API service: + + ```shell + systemctl restart openstack-nova-api.service + ``` + +7. Start the network service: + + ```shell + systemctl enable neutron-server.service neutron-linuxbridge-agent.service \ (CTL) + neutron-dhcp-agent.service neutron-metadata-agent.service \ + neutron-l3-agent.service + + systemctl restart neutron-server.service neutron-linuxbridge-agent.service \ (CTL) + neutron-dhcp-agent.service neutron-metadata-agent.service \ + neutron-l3-agent.service + + systemctl enable neutron-linuxbridge-agent.service (CPT) + systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) + ``` + +8. Perform the verification. + + Run the following command to verify whether the Neutron agent is started successfully: + + ```shell + openstack network agent list + ``` + +### Installing Cinder + +1. Create the database, service credentials, and API endpoints. + + Create the database: + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \ + IDENTIFIED BY 'CINDER_DBPASS'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \ + IDENTIFIED BY 'CINDER_DBPASS'; + MariaDB [(none)]> exit + ``` + + ***Note*** + + **Replace *CINDER_DBPASS* to set the password for the cinder database.** + + ```shell + source ~/.admin-openrc + ``` + + Create the Cinder service credentials: + + ```shell + openstack user create --domain default --password-prompt cinder + openstack role add --project service --user cinder admin + openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 + openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3 + ``` + + Create the API endpoints for the block storage service: + + ```shell + openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s + openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s + openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s + openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s + openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s + openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s + ``` + +2. Install the software packages: + + ```shell + yum install openstack-cinder-api openstack-cinder-scheduler (CTL) + ``` + + ```shell + yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \ (STG) + openstack-cinder-volume openstack-cinder-backup + ``` + +3. Prepare the storage devices. The following is an example: + + ```shell + pvcreate /dev/vdb + vgcreate cinder-volumes /dev/vdb + + vim /etc/lvm/lvm.conf + + + devices { + ... + filter = [ "a/vdb/", "r/.*/"] + ``` + + ***Description*** + + In the **devices** section, add filters to allow the **/dev/vdb** devices and reject other devices. + +4. Prepare the NFS: + + ```shell + mkdir -p /root/cinder/backup + + cat << EOF >> /etc/export + /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) + EOF + ``` + +5. Configure Cinder: + + ```shell + $ vim /etc/cinder/cinder.conf + + [DEFAULT] + transport_url = rabbit://openstack:RABBIT_PASS@controller + auth_strategy = keystone + my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS + enabled_backends = lvm (STG) + backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) + backup_share=HOST:PATH (STG) + + [database] + connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = Default + user_domain_name = Default + project_name = service + username = cinder + password = CINDER_PASS + + [oslo_concurrency] + lock_path = /var/lib/cinder/tmp + + [lvm] + volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) + volume_group = cinder-volumes (STG) + iscsi_protocol = iscsi (STG) + iscsi_helper = tgtadm (STG) + ``` + + ***Description*** + + In the **\[database]** section, configure the database entry. + + In the **\[DEFAULT]** section, configure the RabbitMQ message queue entry and **my_ip**. + + In the **\[DEFAULT]** and **\[keystone_authtoken]** sections, configure the identity authentication service entry. + + In the **\[oslo_concurrency]** section, configure the lock path. + + ***Note*** + + **Replace *CINDER_DBPASS* with the password of the cinder database.** + + **Replace *RABBIT_PASS* with the password of the openstack user in RabbitMQ.** + + **Set *my_ip* to the management IP address of the corresponding node (MANAGEMENT_INTERFACE_IP_ADDRESS).** + + **Replace *CINDER_PASS* with the password of the cinder user.** + + **Replace *HOST:PATH* with the host IP address and the shared path of the NFS.** + +6. Synchronize the database: + + ```shell + su -s /bin/sh -c "cinder-manage db sync" cinder (CTL) + ``` + +7. Configure Nova: + + ```shell + $ vim /etc/nova/nova.conf (CTL) + + [cinder] + os_region_name = RegionOne + ``` + +8. Restart the compute API service: + + ```shell + systemctl restart openstack-nova-api.service + ``` + +9. Start the Cinder service: + + ```shell + systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) + systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) + ``` + + ```shell + systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \ (STG) + openstack-cinder-volume.service \ + openstack-cinder-backup.service + systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \ (STG) + openstack-cinder-volume.service \ + openstack-cinder-backup.service + ``` + + ***Note*** + + If the Cinder volumes are mounted using tgtadm, modify the **/etc/tgt/tgtd.conf** file as follows to ensure that tgtd can discover the iscsi target of cinder-volume. + + ```shell + include /var/lib/cinder/volumes/* + ``` + +10. Perform the verification: + + ```shell + source ~/.admin-openrc + openstack volume service list + ``` + +### Installing Horizon + +1. Install the software package: + + ```shell + yum install openstack-dashboard + ``` + +2. Modify the file. + + Modify the variables: + + ```shell + $ vim /etc/openstack-dashboard/local_settings + + OPENSTACK_HOST = "controller" + ALLOWED_HOSTS = ['*', ] + + SESSION_ENGINE = 'django.contrib.sessions.backends.cache' + + CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': 'controller:11211', + } + } + + OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST + OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True + OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default" + OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" + + OPENSTACK_API_VERSIONS = { + "identity": 3, + "image": 2, + "volume": 3, + } + ``` + + Change the Python runtime version by changing **/usr/bin/python** into **/usr/bin/python3**. + + ```shell + $ vim /usr/lib/systemd/system/httpd.service.d/openstack-dashboard.conf + + [Service] + ExecStartPre=/usr/bin/python3 /usr/share/openstack-dashboard/manage.py collectstatic --noinput --clear -v0 + ExecStartPre=/usr/bin/python3 /usr/share/openstack-dashboard/manage.py compress --force -v0 + TimeoutStartSec=5min + + [Unit] + After=memcached.service + ``` + +3. Restart the httpd service: + + ```shell + systemctl restart httpd.service memcached.service + ``` + +4. Perform the verification. + Open the browser, enter in the address bar, and log in to Horizon. + + ***Note*** + + **Replace *HOSTIP* with the management plane IP address of the controller node.** + +### Installing Tempest + +Tempest is the integrated test service of OpenStack. If you need to run a fully automatic test of the functions of the installed OpenStack environment, you are advised to use Tempest. Otherwise, you can choose not to install it. + +1. Install Tempest: + + ```shell + yum install openstack-tempest + ``` + +2. Initialize the directory: + + ```shell + tempest init mytest + ``` + +3. Modify the configuration file: + + ```shell + cd mytest + vi etc/tempest.conf + ``` + + Configure the current OpenStack environment information in **tempest.conf**. For details, see the [official example](https://docs.openstack.org/tempest/latest/sampleconf.html). + +4. Perform the test: + + ```shell + tempest run + ``` + +5. (Optional) Install the tempest extensions. + The OpenStack services have provided some tempest test packages. You can install these packages to enrich the tempest test content. In Train, extension tests for Cinder, Glance, Keystone, Ironic and Trove are provided. You can run the following command to install and use them: + + ```shell + yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin + ``` + +### Installing Ironic + +Ironic is the bare metal service of OpenStack. If you need to deploy bare metal machines, Ironic is recommended. Otherwise, you can choose not to install it. + +1. Set the database. + + The bare metal service stores information in the database. Create a **ironic** database that can be accessed by the **ironic** user and replace *IRONIC_DBPASSWORD* with a proper password. + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \ + IDENTIFIED BY 'IRONIC_DBPASSWORD'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \ + IDENTIFIED BY 'IRONIC_DBPASSWORD'; + ``` + +2. Install the software packages. + + ```shell + yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient + ``` + + Start the services. + + ```shell + systemctl enable openstack-ironic-api openstack-ironic-conductor + systemctl start openstack-ironic-api openstack-ironic-conductor + ``` + +3. Create service user authentication. + + 1. Create the bare metal service user: + + ```shell + openstack user create --password IRONIC_PASSWORD \ + --email ironic@example.com ironic + openstack role add --project service --user ironic admin + openstack service create --name ironic \ + --description "Ironic baremetal provisioning service" baremetal + ``` + + 1. Create the bare metal service access entries: + + ```shell + openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 + openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 + openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 + ``` + +4. Configure the ironic-api service. + + Configuration file path: **/etc/ironic/ironic.conf** + + 1. Use **connection** to configure the location of the database as follows. Replace *IRONIC_DBPASSWORD* with the password of user **ironic** and replace **DB_IP** with the IP address of the database server. + + ```text + [database] + + # The SQLAlchemy connection string used to connect to the + # database (string value) + + connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic + ``` + + 1. Configure the ironic-api service to use the RabbitMQ message broker. Replace **RPC_\*** with the detailed address and the credential of RabbitMQ. + + ```text + [DEFAULT] + + # A URL representing the messaging driver to use and its full + # configuration. (string value) + + transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ + ``` + + You can also use json-rpc instead of RabbitMQ. + + 1. Configure the ironic-api service to use the credential of the identity authentication service. Replace *PUBLIC_IDENTITY_IP* with the public IP address of the identity authentication server and *PRIVATE_IDENTITY_IP* with the private IP address of the identity authentication server, replace *IRONIC_PASSWORD* with the password of the **ironic** user in the identity authentication service. + + ```text + [DEFAULT] + + # Authentication strategy used by ironic-api: one of + # "keystone" or "noauth". "noauth" should not be used in a + # production environment because all authentication will be + # disabled. (string value) + + auth_strategy=keystone + + [keystone_authtoken] + # Authentication type to load (string value) + auth_type=password + # Complete public Identity API endpoint (string value) + www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 + # Complete admin Identity API endpoint. (string value) + auth_url=http://PRIVATE_IDENTITY_IP:5000 + # Service username. (string value) + username=ironic + # Service account password. (string value) + password=IRONIC_PASSWORD + # Service tenant name. (string value) + project_name=service + # Domain name containing project (string value) + project_domain_name=Default + # User's domain name (string value) + user_domain_name=Default + ``` + + 1. Create the bare metal service database table: + + ```shell + ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema + ``` + + 1. Restart the ironic-api service: + + ```shell + sudo systemctl restart openstack-ironic-api + ``` + +5. Configure the ironic-conductor service. + + 1. Replace *HOST_IP* with the IP address of the conductor host. + + ```text + [DEFAULT] + + # IP address of this host. If unset, will determine the IP + # programmatically. If unable to do so, will use "127.0.0.1". + # (string value) + + my_ip=HOST_IP + ``` + + 1. Specifies the location of the database. ironic-conductor must use the same configuration as ironic-api. Replace *IRONIC_DBPASSWORD* with the password of user **ironic** and replace *DB_IP* with the IP address of the database server. + + ```text + [database] + + # The SQLAlchemy connection string to use to connect to the + # database. (string value) + + connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic + ``` + + 1. Configure the ironic-api service to use the RabbitMQ message broker. ironic-conductor must use the same configuration as ironic-api. Replace **RPC_\*** with the detailed address and the credential of RabbitMQ. + + ```shell + [DEFAULT] + + # A URL representing the messaging driver to use and its full + # configuration. (string value) + + transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ + ``` + + You can also use json-rpc instead of RabbitMQ. + + 1. Configure the credentials to access other OpenStack services. + + To communicate with other OpenStack services, the bare metal service needs to use the service users to get authenticated by the OpenStack Identity service when requesting other services. The credentials of these users must be configured in each configuration file associated to the corresponding service. + + ```text + [neutron] - Accessing the OpenStack network services. + [glance] - Accessing the OpenStack image service. + [swift] - Accessing the OpenStack object storage service. + [cinder] - Accessing the OpenStack block storage service. + [inspector] Accessing the OpenStack bare metal introspection service. + [service_catalog] - A special item to store the credential used by the bare metal service. The credential is used to discover the API URL endpoint registered in the OpenStack identity authentication service catalog by the bare metal service. + ``` + + For simplicity, you can use one service user for all services. For backward compatibility, the user name must be the same as that configured in \[keystone_authtoken] of the ironic-api service. However, this is not mandatory. You can also create and configure a different service user for each service. + + In the following example, the authentication information for the user to access the OpenStack network service is configured as follows: + + ```text + The network service is deployed in the identity authentication service domain named RegionOne. Only the public endpoint interface is registered in the service catalog. + + A specific CA SSL certificate is used for HTTPS connection when sending a request. + + The same service user as that configured for ironic-api. + + The dynamic password authentication plugin discovers a proper identity authentication service API version based on other options. + ``` + + ```text + [neutron] + + # Authentication type to load (string value) + auth_type = password + # Authentication URL (string value) + auth_url=https://IDENTITY_IP:5000/ + # Username (string value) + username=ironic + # User's password (string value) + password=IRONIC_PASSWORD + # Project name to scope to (string value) + project_name=service + # Domain ID containing project (string value) + project_domain_id=default + # User's domain id (string value) + user_domain_id=default + # PEM encoded Certificate Authority to use when verifying + # HTTPs connections. (string value) + cafile=/opt/stack/data/ca-bundle.pem + # The default region_name for endpoint URL discovery. (string + # value) + region_name = RegionOne + # List of interfaces, in order of preference, for endpoint + # URL. (list value) + valid_interfaces=public + ``` + + By default, to communicate with other services, the bare metal service attempts to discover a proper endpoint of the service through the service catalog of the identity authentication service. If you want to use a different endpoint for a specific service, specify the endpoint_override option in the bare metal service configuration file. + + ```text + [neutron] + ... + endpoint_override = + ``` + + 1. Configure the allowed drivers and hardware types. + + Set enabled_hardware_types to specify the hardware types that can be used by ironic-conductor: + + ```text + [DEFAULT] + enabled_hardware_types = ipmi + ``` + + Configure hardware interfaces: + + ```text + enabled_boot_interfaces = pxe + enabled_deploy_interfaces = direct,iscsi + enabled_inspect_interfaces = inspector + enabled_management_interfaces = ipmitool + enabled_power_interfaces = ipmitool + ``` + + Configure the default value of the interface: + + ```text + [DEFAULT] + default_deploy_interface = direct + default_network_interface = neutron + ``` + + If any driver that uses Direct Deploy is enabled, you must install and configure the Swift backend of the image service. The Ceph object gateway (RADOS gateway) can also be used as the backend of the image service. + + 1. Restart the ironic-conductor service: + + ```shell + sudo systemctl restart openstack-ironic-conductor + ``` + +6. Configure the httpd service. + + 1. Create the root directory of the httpd used by Ironic, and set the owner and owner group. The directory path must be the same as the path specified by the **http_root** configuration item in the **\[deploy]** group in **/etc/ironic/ironic.conf**. + + ```shell + mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot + ``` + + 2. Install and configure the httpd Service. + + 1. Install the httpd service. If the httpd service is already installed, skip this step. + + ```shell + yum install httpd -y + ``` + + 2. Create the **/etc/httpd/conf.d/openstack-ironic-httpd.conf** file. The file content is as follows: + + ```text + Listen 8080 + + + ServerName ironic.openeuler.com + + ErrorLog "/var/log/httpd/openstack-ironic-httpd-error_log" + CustomLog "/var/log/httpd/openstack-ironic-httpd-access_log" "%h %l %u %t \"%r\" %>s %b" + + DocumentRoot "/var/lib/ironic/httproot" + + Options Indexes FollowSymLinks + Require all granted + + LogLevel warn + AddDefaultCharset UTF-8 + EnableSendfile on + + ``` + + The listening port must be the same as the port specified by **http_url** in the **\[deploy]** section of **/etc/ironic/ironic.conf**. + + 3. Restart the httpd service: + + ```shell + systemctl restart httpd + ``` + +7. Create the deploy ramdisk image. + + The ramdisk image of Train can be created using the ironic-python-agent service or disk-image-builder tool. You can also use the latest ironic-python-agent-builder provided by the community. You can also use other tools. + To use the Train native tool, you need to install the corresponding software package. + + ```shell + yum install openstack-ironic-python-agent + or + yum install diskimage-builder + ``` + + For details, see the [official document](https://docs.openstack.org/ironic/queens/install/deploy-ramdisk.html). + + The following describes how to use the ironic-python-agent-builder to build the deploy image used by ironic. + + 1. Install ironic-python-agent-builder. + + 1. Install the tool: + + ```shell + pip install ironic-python-agent-builder + ``` + + 2. Modify the python interpreter in the following files: + + ```shell + /usr/bin/yum /usr/libexec/urlgrabber-ext-down + ``` + + 3. Install the other necessary tools: + + ```shell + yum install git + ``` + + **DIB** depends on the `semanage` command. Therefore, check whether the `semanage --help` command is available before creating an image. If the system displays a message indicating that the command is unavailable, install the command: + + ```shell + # Check which package needs to be installed. + $ yum provides /usr/sbin/semanage + Loaded plug-in: fastestmirror + Loading mirror speeds from cached hostfile + * base: mirror.vcu.edu + * extras: mirror.vcu.edu + * updates: mirror.math.princeton.edu + policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities + Source: base + Matching source: + File name: /usr/sbin/semanage + # Install. + $ yum install policycoreutils-python + ``` + + 2. Create the image. + + For Arm architecture, add the following information: + + ```shell + export ARCH=aarch64 + ``` + + Basic usage: + + ```shell + usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] + [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] + distribution + + positional arguments: + distribution Distribution to use + + optional arguments: + -h, --help show this help message and exit + -r RELEASE, --release RELEASE + Distribution release to use + -o OUTPUT, --output OUTPUT + Output base file name + -e ELEMENT, --element ELEMENT + Additional DIB element to use + -b BRANCH, --branch BRANCH + If set, override the branch that is used for ironic- + python-agent and requirements + -v, --verbose Enable verbose logging in diskimage-builder + --extra-args EXTRA_ARGS + Extra arguments to pass to diskimage-builder + ``` + + Example: + + ```shell + ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky + ``` + + 3. Allow SSH login. + + Initialize the environment variables and create the image: + + ```shell + export DIB_DEV_USER_USERNAME=ipa \ + export DIB_DEV_USER_PWDLESS_SUDO=yes \ + export DIB_DEV_USER_PASSWORD='123' + ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser + ``` + + 4. Specify the code repository. + + Initialize the corresponding environment variables and create the image: + + ```text + # Specify the address and version of the repository. + DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git + DIB_REPOREF_ironic_python_agent=origin/develop + + # Clone code from Gerrit. + DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent + DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 + ``` + + Reference: [source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html). + + The specified repository address and version are verified successfully. + + 5. Note + + The template of the PXE configuration file of the native OpenStack does not support the ARM64 architecture. You need to modify the native OpenStack code. + + In Train, Ironic provided by the community does not support the boot from ARM 64-bit UEFI PXE. As a result, the format of the generated grub.cfg file (generally in /tftpboot/) is incorrect, causing the PXE boot failure. + + You need to modify the code logic for generating the grub.cfg file. + + The following TLS error is reported when Ironic sends a request to IPA to query the command execution status: + + By default, both IPA and Ironic of Train have TLS authentication enabled to send requests to each other. Disable TLS authentication according to the description on the official website. + + 1. Add **ipa-insecure=1** to the following configuration in the Ironic configuration file (**/etc/ironic/ironic.conf**): + + ```text + [agent] + verify_ca = False + + [pxe] + pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 + ``` + + 2. Add the IPA configuration file **/etc/ironic_python_agent/ironic_python_agent.conf** to the ramdisk image and configure the TLS as follows: + + **/etc/ironic_python_agent/ironic_python_agent.conf** (The **/etc/ironic_python_agent** directory must be created in advance.) + + ```text + [DEFAULT] + enable_auto_tls = False + ``` + + Set the permission: + + ```shell + chown -R ipa.ipa /etc/ironic_python_agent/ + ``` + + 3. Modify the startup file of the IPA service and add the configuration file option. + + ```shell + $ vim usr/lib/systemd/system/ironic-python-agent.service + + [Unit] + Description=Ironic Python Agent + After=network-online.target + + [Service] + ExecStartPre=/sbin/modprobe vfat + ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf + Restart=always + RestartSec=30s + + [Install] + WantedBy=multi-user.target + ``` + +Other services such as ironic-inspector are also provided for OpenStack Train. Install the services based on site requirements. + +### Installing Kolla + +Kolla provides the OpenStack service with the container-based deployment function that is ready for the production environment. + +The installation of Kolla is simple. You only need to install the corresponding RPM packages: + +```shell +yum install openstack-kolla openstack-kolla-ansible +``` + +After the installation is complete, you can run commands such as `kolla-ansible`, `kolla-build`, `kolla-genpwd`, `kolla-mergepwd` to create an image or deploy a container environment. + +### Installing Trove + +Trove is the database service of OpenStack. If you need to use the database service provided by OpenStack, Trove is recommended. Otherwise, you can choose not to install it. + +1. Set the database. + + The database service stores information in the database. Create a **trove** database that can be accessed by the **trove** user and replace *TROVE_DBPASSWORD* with a proper password. + + ```shell + $ mysql -u root -p + + MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \ + IDENTIFIED BY 'TROVE_DBPASSWORD'; + MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \ + IDENTIFIED BY 'TROVE_DBPASSWORD'; + ``` + +2. Create service user authentication. + + 1. Create the **Trove** service user. + + ```shell + openstack user create --domain default --password-prompt trove + openstack role add --project service --user trove admin + openstack service create --name trove --description "Database" database + ``` + + **Description:** Replace *TROVE_PASSWORD* with the password of the **trove** user. + + 1. Create the **Database** service access entry + + ```shell + openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\(tenant_id\)s + openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\(tenant_id\)s + openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\(tenant_id\)s + ``` + +3. Install and configure the **Trove** components. + + 1. Install the **Trove** package: + + ```shell + yum install openstack-trove python3-troveclient + ``` + + 2. Configure **trove.conf**: + + ```shell + $ vim /etc/trove/trove.conf + + [DEFAULT] + log_dir = /var/log/trove + trove_auth_url = http://controller:5000/ + nova_compute_url = http://controller:8774/v2 + cinder_url = http://controller:8776/v1 + swift_url = http://controller:8080/v1/AUTH_ + rpc_backend = rabbit + transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 + auth_strategy = keystone + add_addresses = True + api_paste_config = /etc/trove/api-paste.ini + nova_proxy_admin_user = admin + nova_proxy_admin_pass = ADMIN_PASSWORD + nova_proxy_admin_tenant_name = service + taskmanager_manager = trove.taskmanager.manager.Manager + use_nova_server_config_drive = True + # Set these if using Neutron Networking + network_driver = trove.network.neutron.NeutronDriver + network_label_regex = .* + + [database] + connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000/ + auth_url = http://controller:5000/ + auth_type = password + project_domain_name = default + user_domain_name = default + project_name = service + username = trove + password = TROVE_PASSWORD + ``` + + **Description:** + - In the **\[Default]** section, **nova_compute_url** and **cinder_url** are endpoints created by Nova and Cinder in Keystone. + - **nova_proxy_XXX** is a user who can access the Nova service. In the preceding example, the **admin** user is used. + - **transport_url** is the RabbitMQ connection information, and *RABBIT_PASS* is the RabbitMQ password. + - In the **\[database]** section, **connection** is the information of the database created for Trove in MySQL. + - Replace *TROVE_PASSWORD* in the Trove user information with the password of the **trove** user. + + 3. Configure **trove-guestagent.conf**: + + ```shell + $ vim /etc/trove/trove-guestagent.conf + + rabbit_host = controller + rabbit_password = RABBIT_PASS + trove_auth_url = http://controller:5000/ + ``` + + **Description:** guestagent is an independent component in Trove and needs to be pre-built into the virtual machine image created by Trove using Nova. + After the database instance is created, the guestagent process is started to report heartbeat messages to the Trove through the message queue (RabbitMQ). + Therefore, you need to configure the user name and password of the RabbitMQ. + **Since Victoria, Trove uses a unified image to run different types of databases. The database service runs in the Docker container of the Guest VM.** + - Replace *RABBIT_PASS* with the RabbitMQ password. + + 4. Generate the **Trove** database table. + + ```shell + su -s /bin/sh -c "trove-manage db_sync" trove + ``` + +4. Complete the installation and configuration. + 1. Configure the **Trove** service to automatically start: + + ```shell + systemctl enable openstack-trove-api.service \ + openstack-trove-taskmanager.service \ + openstack-trove-conductor.service + ``` + + 2. Start the services: + + ```shell + systemctl start openstack-trove-api.service \ + openstack-trove-taskmanager.service \ + openstack-trove-conductor.service + ``` + +### Installing Swift + +Swift provides a scalable and highly available distributed object storage service, which is suitable for storing unstructured data in large scale. + +1. Create the service credentials and API endpoints. + + Create the service credential: + + ```shell + # Create the swift user. + openstack user create --domain default --password-prompt swift + # Add the admin role for the swift user. + openstack role add --project service --user swift admin + # Create the swift service entity. + openstack service create --name swift --description "OpenStack Object Storage" object-store + ``` + + Create the Swift API endpoints. + + ```shell + openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\(project_id\)s + openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\(project_id\)s + openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 + ``` + +2. Install the software packages: + + ```shell + yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached (CTL) + ``` + +3. Configure the proxy-server. + + The Swift RPM package contains a **proxy-server.conf** file which is basically ready to use. You only need to change the values of **ip** and swift **password** in the file. + + ***Note*** + + **Replace password with the password you set for the swift user in the identity service.** + +4. Install and configure the storage node. (STG) + + Install the supported program packages: + + ```shell + yum install xfsprogs rsync + ``` + + Format the /dev/vdb and /dev/vdc devices into XFS: + + ```shell + mkfs.xfs /dev/vdb + mkfs.xfs /dev/vdc + ``` + + Create the mount point directory structure: + + ```shell + mkdir -p /srv/node/vdb + mkdir -p /srv/node/vdc + ``` + + Find the UUID of the new partition: + + ```shell + blkid + ``` + + Add the following to the **/etc/fstab** file: + + ```text + UUID="" /srv/node/vdb xfs noatime 0 2 + UUID="" /srv/node/vdc xfs noatime 0 2 + ``` + + Mount the devices: + + ```shell + mount /srv/node/vdb + mount /srv/node/vdc + ``` + + ***Note*** + + **If the disaster recovery function is not required, you only need to create one device and skip the following rsync configuration.** + + (Optional) Create or edit the **/etc/rsyncd.conf** file to include the following content: + + ```text + [DEFAULT] + uid = swift + gid = swift + log file = /var/log/rsyncd.log + pid file = /var/run/rsyncd.pid + address = MANAGEMENT_INTERFACE_IP_ADDRESS + + [account] + max connections = 2 + path = /srv/node/ + read only = False + lock file = /var/lock/account.lock + + [container] + max connections = 2 + path = /srv/node/ + read only = False + lock file = /var/lock/container.lock + + [object] + max connections = 2 + path = /srv/node/ + read only = False + lock file = /var/lock/object.lock + ``` + + **Replace *MANAGEMENT_INTERFACE_IP_ADDRESS* with the management network IP address of the storage node.** + + Start the rsyncd service and configure it to start upon system startup. + + ```shell + systemctl enable rsyncd.service + systemctl start rsyncd.service + ``` + +5. Install and configure the components on storage nodes. (STG) + + Install the software packages: + + ```shell + yum install openstack-swift-account openstack-swift-container openstack-swift-object + ``` + + Edit **account-server.conf**, **container-server.conf**, and **object-server.conf** in the **/etc/swift directory** and replace *bind_ip* with the management network IP address of the storage node. + + Ensure the proper ownership of the mount point directory structure. + + ```shell + chown -R swift:swift /srv/node + ``` + + Create the recon directory and ensure that it has the correct ownership. + + ```shell + mkdir -p /var/cache/swift + chown -R root:swift /var/cache/swift + chmod -R 775 /var/cache/swift + ``` + +6. Create the account ring. (CTL) + + Switch to the **/etc/swift** directory: + + ```shell + cd /etc/swift + ``` + + Create the basic **account.builder** file: + + ```shell + swift-ring-builder account.builder create 10 1 1 + ``` + + Add each storage node to the ring: + + ```shell + swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT + ``` + + **Replace *STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS* with the management network IP address of the storage node. Replace *DEVICE_NAME* with the name of the storage device on the same storage node.** + + ***Note*** + **Repeat this command to each storage device on each storage node.** + + Verify the account ring contents: + + ```shell + swift-ring-builder account.builder + ``` + + Rebalance the account ring: + + ```shell + swift-ring-builder account.builder rebalance + ``` + +7. Create the container ring. (CTL) + + Switch to the **/etc/swift** directory: + + Create the basic **container.builder** file: + + ```shell + swift-ring-builder container.builder create 10 1 1 + ``` + + Add each storage node to the ring: + + ```shell + swift-ring-builder container.builder \ + add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \ + --device DEVICE_NAME --weight 100 + ``` + + **Replace *STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS* with the management network IP address of the storage node. Replace *DEVICE_NAME* with the name of the storage device on the same storage node.** + + ***Note*** + **Repeat this command to every storage devices on every storage nodes.** + + Verify the container ring contents: + + ```shell + swift-ring-builder container.builder + ``` + + Rebalance the container ring: + + ```shell + swift-ring-builder container.builder rebalance + ``` + +8. Create the object ring. (CTL) + + Switch to the **/etc/swift** directory: + + Create the basic **object.builder** file: + + ```shell + swift-ring-builder object.builder create 10 1 1 + ``` + + Add each storage node to the ring: + + ```shell + swift-ring-builder object.builder \ + add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \ + --device DEVICE_NAME --weight 100 + ``` + + **Replace *STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS* with the management network IP address of the storage node. Replace *DEVICE_NAME* with the name of the storage device on the same storage node.** + + ***Note*** + **Repeat this command to every storage devices on every storage nodes.** + + Verify the object ring contents: + + ```shell + swift-ring-builder object.builder + ``` + + Rebalance the object ring: + + ```shell + swift-ring-builder object.builder rebalance + ``` + + Distribute ring configuration files: + + Copy **account.ring.gz**, **container.ring.gz**, and **object.ring.gz** to the **/etc/swift** directory on each storage node and any additional nodes running the proxy service. + +9. Complete the installation. + + Edit the **/etc/swift/swift.conf** file: + + ```text + [swift-hash] + swift_hash_path_suffix = test-hash + swift_hash_path_prefix = test-hash + + [storage-policy:0] + name = Policy-0 + default = yes + ``` + + **Replace test-hash with a unique value.** + + Copy the **swift.conf** file to the **/etc/swift** directory on each storage node and any additional nodes running the proxy service. + + Ensure correct ownership of the configuration directory on all nodes: + + ```shell + chown -R root:swift /etc/swift + ``` + + On the controller node and any additional nodes running the proxy service, start the object storage proxy service and its dependencies, and configure them to start upon system startup. + + ```shell + systemctl enable openstack-swift-proxy.service memcached.service + systemctl start openstack-swift-proxy.service memcached.service + ``` + + On the storage node, start the object storage services and configure them to start upon system startup. + + ```shell + systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service + + systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service + + systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service + + systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service + + systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service + + systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service + ``` + +### Installing Cyborg + +Cyborg provides acceleration device support for OpenStack, for example, GPUs, FPGAs, ASICs, NPs, SoCs, NVMe/NOF SSDs, ODPs, DPDKs, and SPDKs。 + +1. Initialize the databases. + + ```sql + CREATE DATABASE cyborg; + GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; + GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; + ``` + +2. Create Keystone resource objects. + + ```shell + $ openstack user create --domain default --password-prompt cyborg + $ openstack role add --project service --user cyborg admin + $ openstack service create --name cyborg --description "Acceleration Service" accelerator + + $ openstack endpoint create --region RegionOne \ + accelerator public http://:6666/v1 + $ openstack endpoint create --region RegionOne \ + accelerator internal http://:6666/v1 + $ openstack endpoint create --region RegionOne \ + accelerator admin http://:6666/v1 + ``` + +3. Install Cyborg + + ```shell + yum install openstack-cyborg + ``` + +4. Configure Cyborg + + Modify **/etc/cyborg/cyborg.conf**. + + ```text + [DEFAULT] + transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ + use_syslog = False + state_path = /var/lib/cyborg + debug = True + + [database] + connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg + + [service_catalog] + project_domain_id = default + user_domain_id = default + project_name = service + password = PASSWORD + username = cyborg + auth_url = http://%OPENSTACK_HOST_IP%/identity + auth_type = password + + [placement] + project_domain_name = Default + project_name = service + user_domain_name = Default + password = PASSWORD + username = placement + auth_url = http://%OPENSTACK_HOST_IP%/identity + auth_type = password + + [keystone_authtoken] + memcached_servers = localhost:11211 + project_domain_name = Default + project_name = service + user_domain_name = Default + password = PASSWORD + username = cyborg + auth_url = http://%OPENSTACK_HOST_IP%/identity + auth_type = password + ``` + + Set the user names, passwords, and IP addresses as required. + +5. Synchronize the database table. + + ```shell + cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade + ``` + +6. Start the Cyborg services. + + ```shell + systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent + systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent + ``` + +### Installing Aodh + +1. Create the database. + + ```sql + CREATE DATABASE aodh; + + GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; + + GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; + ``` + +2. Create Keystone resource objects. + + ```shell + openstack user create --domain default --password-prompt aodh + + openstack role add --project service --user aodh admin + + openstack service create --name aodh --description "Telemetry" alarming + + openstack endpoint create --region RegionOne alarming public http://controller:8042 + + openstack endpoint create --region RegionOne alarming internal http://controller:8042 + + openstack endpoint create --region RegionOne alarming admin http://controller:8042 + ``` + +3. Install Aodh. + + ```shell + yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient + ``` + +4. Modify the configuration file. + + ```text + [database] + connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh + + [DEFAULT] + transport_url = rabbit://openstack:RABBIT_PASS@controller + auth_strategy = keystone + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_id = default + user_domain_id = default + project_name = service + username = aodh + password = AODH_PASS + + [service_credentials] + auth_type = password + auth_url = http://controller:5000/v3 + project_domain_id = default + user_domain_id = default + project_name = service + username = aodh + password = AODH_PASS + interface = internalURL + region_name = RegionOne + ``` + +5. Initialize the database. + + ```shell + aodh-dbsync + ``` + +6. Start the Aodh services. + + ```shell + systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service + + systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service + ``` + +### Installing Gnocchi + +1. Create the database. + + ```sql + CREATE DATABASE gnocchi; + + GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; + + GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; + ``` + +2. Create Keystone resource objects. + + ```shell + openstack user create --domain default --password-prompt gnocchi + + openstack role add --project service --user gnocchi admin + + openstack service create --name gnocchi --description "Metric Service" metric + + openstack endpoint create --region RegionOne metric public http://controller:8041 + + openstack endpoint create --region RegionOne metric internal http://controller:8041 + + openstack endpoint create --region RegionOne metric admin http://controller:8041 + ``` + +3. Install Gnocchi. + + ```shell + yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient + ``` + +4. Modify the **/etc/gnocchi/gnocchi.conf** configuration file. + + ```text + [api] + auth_mode = keystone + port = 8041 + uwsgi_mode = http-socket + + [keystone_authtoken] + auth_type = password + auth_url = http://controller:5000/v3 + project_domain_name = Default + user_domain_name = Default + project_name = service + username = gnocchi + password = GNOCCHI_PASS + interface = internalURL + region_name = RegionOne + + [indexer] + url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi + + [storage] + # coordination_url is not required but specifying one will improve + # performance with better workload division across workers. + coordination_url = redis://controller:6379 + file_basepath = /var/lib/gnocchi + driver = file + ``` + +5. Initialize the database. + + ```shell + gnocchi-upgrade + ``` + +6. Start the Gnocchi services. + + ```shell + systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service + + systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service + ``` + +### Installing Ceilometer + +1. Create Keystone resource objects. + + ```shell + openstack user create --domain default --password-prompt ceilometer + + openstack role add --project service --user ceilometer admin + + openstack service create --name ceilometer --description "Telemetry" metering + ``` + +2. Install Ceilometer. + + ```shell + yum install openstack-ceilometer-notification openstack-ceilometer-central + ``` + +3. Modify the **/etc/ceilometer/pipeline.yaml** configuration file. + + ```yaml + publishers: + # set address of Gnocchi + # + filter out Gnocchi-related activity meters (Swift driver) + # + set default archive policy + - gnocchi://?filter_project=service&archive_policy=low + ``` + +4. Modify the **/etc/ceilometer/ceilometer.conf** configuration file. + + ```text + [DEFAULT] + transport_url = rabbit://openstack:RABBIT_PASS@controller + + [service_credentials] + auth_type = password + auth_url = http://controller:5000/v3 + project_domain_id = default + user_domain_id = default + project_name = service + username = ceilometer + password = CEILOMETER_PASS + interface = internalURL + region_name = RegionOne + ``` + +5. Initialize the database. + + ```shell + ceilometer-upgrade + ``` + +6. Start the Ceilometer services. + + ```shell + systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service + + systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service + ``` + +### Installing Heat + +1. Creat the **heat** database and grant proper privileges to it. Replace *HEAT_DBPASS* with a proper password. + + ```sql + CREATE DATABASE heat; + GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; + GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; + ``` + +2. Create a service credential. Create the **heat** user and add the **admin** role to it. + + ```shell + openstack user create --domain default --password-prompt heat + openstack role add --project service --user heat admin + ``` + +3. Create the **heat** and **heat-cfn** services and their API enpoints. + + ```shell + openstack service create --name heat --description "Orchestration" orchestration + openstack service create --name heat-cfn --description "Orchestration" cloudformation + openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\(tenant_id\)s + openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\(tenant_id\)s + openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\(tenant_id\)s + openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 + openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 + openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 + ``` + +4. Create additional OpenStack management information, including the **heat** domain and its administrator **heat_domain_admin**, the **heat_stack_owner** role, and the **heat_stack_user** role. + + ```shell + openstack user create --domain heat --password-prompt heat_domain_admin + openstack role add --domain heat --user-domain heat --user heat_domain_admin admin + openstack role create heat_stack_owner + openstack role create heat_stack_user + ``` + +5. Install the software packages. + + ```shell + yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine + ``` + +6. Modify the configuration file **/etc/heat/heat.conf**. + + ```text + [DEFAULT] + transport_url = rabbit://openstack:RABBIT_PASS@controller + heat_metadata_server_url = http://controller:8000 + heat_waitcondition_server_url = http://controller:8000/v1/waitcondition + stack_domain_admin = heat_domain_admin + stack_domain_admin_password = HEAT_DOMAIN_PASS + stack_user_domain_name = heat + + [database] + connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat + + [keystone_authtoken] + www_authenticate_uri = http://controller:5000 + auth_url = http://controller:5000 + memcached_servers = controller:11211 + auth_type = password + project_domain_name = default + user_domain_name = default + project_name = service + username = heat + password = HEAT_PASS + + [trustee] + auth_type = password + auth_url = http://controller:5000 + username = heat + password = HEAT_PASS + user_domain_name = default + + [clients_keystone] + auth_uri = http://controller:5000 + ``` + +7. Initialize the **heat** database table. + + ```shell + su -s /bin/sh -c "heat-manage db_sync" heat + ``` + +8. Start the services. + + ```shell + systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service + systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service + ``` diff --git a/docs/en/docs/thirdparty_migration/openstack.md b/docs/en/docs/thirdparty_migration/openstack.md new file mode 100644 index 0000000000000000000000000000000000000000..96b2b78f8b1355b9bc37f7ccf75994600bc95bad --- /dev/null +++ b/docs/en/docs/thirdparty_migration/openstack.md @@ -0,0 +1,3 @@ +# OpenStack User Guide + +openEuler OpenStack documents have been moved to [OpenStack SIG Doc](https://openeuler.gitee.io/openstack/). Follow the link for details. diff --git a/docs/en/docs/thirdparty_migration/prep_install.sh b/docs/en/docs/thirdparty_migration/prep_install.sh new file mode 100644 index 0000000000000000000000000000000000000000..3ff22d0fd2dbf658575bca6559a50fff9f01832a --- /dev/null +++ b/docs/en/docs/thirdparty_migration/prep_install.sh @@ -0,0 +1,145 @@ +#!/bin/bash +# This script contains the preparations before installing openstack + +HTTPD_CG="/etc/httpd/conf/httpd.conf" +QEMU_CG="/etc/libvirt/qemu.conf" + +EDK2_UEFI_PATH="/usr/share/edk2" +UEFI_DIR_ARM="/usr/share/AAVMF" +UEFI_DIR_X86="/usr/share/OVMF" +DEVSTACK_HOME="/home/stack/devstack" + +# Confirm installation mode for openstack +function install_mode() +{ + if [[ ! `rpm -qa` =~ "openeuler-lsb" ]]; then + echo "Maybe you should confirm whether openeuler-lsb is installed" + exit 1 + fi + + # init function is_openeuler + sed -i "/\# Git Functions/i\\function is_openeuler {\n\tif [[ -z \"\$os_VENDOR\" ]]; then\n\tGetOSVersion\n\tfi\n\n\t[[ \"\$os_VENDOR\" =~ (openEuler) ]]\n}\n" $DEVSTACK_HOME/functions-common + + # build function is_openeuler in functions-common + sed -i "s/elif is_fedora/elif is_fedora || is_openeuler/g" $DEVSTACK_HOME/functions-common + sed -i "/DISTRO=\"f\$os_RELEASE\"/a\ \ \ \ elif [[ \"\$os_VENDOR\" =~ (openEuler) ]]; then\n\tDISTRO=\"openEuler-\$os_RELEASE\"" $DEVSTACK_HOME/functions-common + # build function is_openeuler with remaining + grep -nir "is_fedora" | grep -v functions-common | cut -d ":" -f1 | sort | uniq | for line in `xargs` + do + sed -i "s/is_fedora/is_fedora || is_openeuler/g" $line + done + + # install glance + sed -i "/\${LIBS_FROM_GIT} = 'ALL'/i\\\ \ \ \ if [ \$name == \"glance_store\" ]; then enabled=0; fi" $DEVSTACK_HOME/inc/python + + # source openrc + sed -i "/openstack project list/i\\source openrc admin admin" $DEVSTACK_HOME/lib/neutron_plugins/services/l3 + + # Change VIRTUALENV_CMD + pip3 install virtualenv + sed -i "s/python3 -m venv/virtualenv/g" $DEVSTACK_HOME/stackrc + + # Fixed git branch + sed -i "s/master/stable\/train/g" $DEVSTACK_HOME/stackrc + + # Change pypi repo + sed -i "s/\$cmd_pip install/\$cmd_pip install -i https:\/\/mirrors.aliyun.com\/pypi\/simple/g" $DEVSTACK_HOME/inc/python +} + +# Config mod_wsgi +function mod_wsgi_cg() +{ + sudo ls -al $HTTPD_CG 2>&1 > /dev/null + if [[ $? -ne 0 ]]; then + echo "Maybe you should confirm whether httpd is installed" + exit 1 + fi + + sudo sed -i "/Include conf.modules.d\/\*.conf/i\\LoadModule wsgi_module modules/mod_wsgi_python3.so" $HTTPD_CG +} + +# QEMU support for uefi +function qemu_uefi_init() +{ + sudo ls -al $QEMU_CG 2>&1 > /dev/null + if [[ $? -ne 0 ]]; then + echo "Maybe you should confirm whether qemu is installed" + exit 1 + fi + + if [[ `arch` == aarch64 ]]; then + sudo sed -i '$anvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\",\"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\"]' $QEMU_CG + fi + if [[ `arch` == x86_64 ]]; then + sudo sed -i '$anvram = [\"/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd\",\"/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd"]' $QEMU_CG + fi +} + +# Bugfix when yum install edk2 +function edk2_uefi_init() +{ + if [[ ! -d $EDK2_UEFI_PATH ]]; then + echo "Maybe you should confirm whether edk2 is installed" + exit 1 + fi + + if [[ `arch` == "aarch64" ]]; then + sudo mkdir $UEFI_DIR_ARM && pushd $UEFI_DIR_ARM + sudo ln -s $EDK2_UEFI_PATH/aarch64/QEMU_EFI-pflash.raw AAVMF_CODE.fd + sudo ln -s $EDK2_UEFI_PATH/aarch64/vars-tmplate-pflash.raw AAVMF_VARS.fd + popd + fi + if [[ `arch` == "x86_64" ]]; then + sudo mkdir $UEFI_DIR_X86 && pushd $UEFI_DIR_X86 + sudo ln -s $EDK2_UEFI_PATH/ovmf/OVMF_CODE.fd OVMF_CODE.fd + sudo ln -s $EDK2_UEFI_PATH/ovmf/OVMF_VARS.fd OVMF_VARS.fd + popd + + fi + + qemu_uefi_init +} + +# Fixed libvirt version +function libvirt_version_fixed() +{ + if [[ ! `rpm -qa` =~ "python3-libvirt" ]]; then + echo "Maybe you should confirm whether python3-libvirt is installed" + exit 1 + fi + sudo sed -i "s/pip_uninstall libvirt-python//g" $DEVSTACK_HOME/lib/nova_plugins/functions-libvirt + sudo sed -i "s/pip_install_gr libvirt-python//g" $DEVSTACK_HOME/lib/nova_plugins/functions-libvirt +} + +# The installation system script execution process must depend on +function yum_pkgs() +{ + # install base service + sudo yum install -y gcc-c++ python3-devel tar patch git + # install necessary dependences + sudo yum install -y python3-systemd + sudo yum install -y libffi-devel + sudo yum install -y open-iscsi-devel + sudo yum install -y libxml2 libxml2-devel + sudo yum install -y python3-lxml python3-libxml2 libxslt libxslt-devel + sudo yum install -y pcp-system-tools + sudo yum install -y haproxy + if [[ `arch` == "aarch64" ]]; then + sudo yum install -y edk2-aarch64 edk2-devel python3-edk2-devel + fi + if [[ `arch` == "x86_64" ]]; then + sudo yum install -y edk2-ovmf edk2-devel python3-edk2-devel + fi + sudo yum install -y libvirt* python3-libvirt && libvirt_version_fixed + sudo yum install -y qemu qemu-guest-agent && edk2_uefi_init + sudo yum install -y httpd httpd-devel + sudo yum install -y memcached + sudo yum install -y mariadb-server + sudo yum install -y rabbitmq-server + sudo yum install -y python3-uWSGI python3-mod_wsgi && mod_wsgi_cg + sudo yum install -y python3-copr python3-scss + sudo yum install -y openeuler-lsb && install_mode + sudo yum install -y python3-sqlalchemy python3-SQLAlchemy-Utils +} + +yum_pkgs diff --git a/docs/en/docs/thirdparty_migration/public_sys-resources/.keep b/docs/en/docs/thirdparty_migration/public_sys-resources/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/en/docs/thirdparty_migration/public_sys-resources/icon-note.gif b/docs/en/docs/thirdparty_migration/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/en/docs/thirdparty_migration/public_sys-resources/icon-note.gif differ diff --git a/docs/en/docs/thirdparty_migration/public_sys-resources/icon-notice.gif b/docs/en/docs/thirdparty_migration/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/en/docs/thirdparty_migration/public_sys-resources/icon-notice.gif differ diff --git a/docs/en/docs/thirdparty_migration/springframework.md b/docs/en/docs/thirdparty_migration/springframework.md new file mode 100644 index 0000000000000000000000000000000000000000..9a91763a2e96e10a560aa36c29eb88d7787d7774 --- /dev/null +++ b/docs/en/docs/thirdparty_migration/springframework.md @@ -0,0 +1,416 @@ +# Guide to Porting Spring Framework to openEuler + +- [Software Overview](#software-overview) +- [Environment Configuration](#environment-configuration) +- [System Configuration](#system-configuration) +- [Software Compilation](#software-compilation) +- [Software Running](#software-running) +- [FAQs](#faqs) + +## Software Overview + +### Spring Framework + +Spring Framework is an open source framework that aims to solve problems that occur when a Java EE application is developed using the Enterprise JavaBean (EJB), such as redundant code and complex configurations. Spring is a container that supports multiple technologies, such as JMS, MQ, and UnitTest. It also uses aspect oriented programming (AOP) to facilitate transaction and log management, indicating its solid support for mainstream frameworks. + +[Figure 1](#fig1601161484619) shows the Spring Framework architecture. + +**Figure 1** Spring Framework structure +![](./figures/zh-cn_image_0296838174.png) + +The Spring Framework consists of three core modules: Spring-Core, Spring-Context, and Spring-Beans. It also incorporates basic modules such as Spring-AOP, Spring-Web, and Spring-Webmvc. The functions of each module are described as follows: + +**Spring-Core** + +The core container provides basic functions of the Spring Framework, including the main module BeanFactory that manages the Bean. + +**Spring-Context** + +A configuration file that provides context for the Spring Framework. The context includes enterprise services such as JNDI, EJB, e-mail, internationalization, validation, and scheduling. + +**Spring-Beans** + +The package that implements the inversion of control (IoC), which is a key feature of the Spring Framework. + +**Spring-AOP** + +This module integrates the aspect-oriented programming (AOP) into the Spring Framework, making it easy to manage any object with the Spring Framework. The Spring-AOP module provides a transaction management service for objects in Spring-based applications, allowing applications to perform declarative transaction management without EJB components. + +**Spring-Web** + +This module is built on top of the Spring-Context module and provides context for web-based applications. + +**Spring-Webmvc** + +This module implements all the basic features of a core spring framework. It helps build web applications and incorporates a large number of view technologies. The MVC framework becomes highly configurable using the policy interface. + +According to the preceding description, the Spring-Beans (implementation package of IOC) and the Spring-AOP (implementation package of AOP) are the basis of the entire framework, and Spring-Core is the core of the entire framework. Spring-Context provides the context environment and binds each module. The web functions are implemented by Spring-Web and Spring-Webmvc. + +### Spring Boot and Spring Cloud + +After introducing the Spring Framework to the local Maven repository, you can use this framework to build Maven for Java programs. However, Spring build requires configuring a large number of XML files, which is complex. Building Spring Boot based on the Spring Framework helps quickly build Spring applications. Spring Cloud is a distributed environment for building Spring Boot, that is, cloud applications. Spring Boot connects the upper layer to the lower layer. + +[Figure 2](#fig1601161484620) shows the relationship between Spring Framework, Spring Boot, and Spring Cloud. + +**Figure 2** Module relationship +![](./figures/zh-cn_image_0296838176.png) + +Spring Boot is a quick configuration solution of Spring and can be used to quickly develop a single microservice. It focuses on conveniently deploying services on a single server. Spring Cloud is a cloud application development tool based on Spring Boot, and is the global service governance framework. Spring Boot can be used for development projects without Spring Cloud, but Spring Cloud cannot be used without Spring Boot. + +## Environment Configuration + +It is recommended that the memory of the deployment environment be greater than 2 GB. + +### Software platform + +| Software |Version Number |Installation Method | +|:--- |:---- |:---- | +| openEuler | 20.03-LTS-SP4 |ISO | +| tar | 1.32 |Yum install | +| wget | 1.20.3 |Yum install | +| git | 2.27 |Yum install | + +### Required dependency packages + +| Software |Version Number |Installation Method | +|:--- |:---- |:---- | +| jdk | 1.8.0 |Refer to Basic Software Installation | +| maven | 3.5.4 |Refer to Basic Software Installation | + +## System Configuration + +### Configuring the Local Yum Source + +If the Internet is available in the environment, you can use the configured source or add other network sources without configuring the local source. + +1. Run the following command to configure the source file and view the repo file of the configured Yum source: + + ```shell + $ cat /etc/yum.repos.d/openEuler.repo + [base] + name=base + baseurl=file:///mnt + enabled=1 + gpgcheck=0 + ``` + +2. Run the following command to mount the source image: + + ```shell + mount /root/openEuler-20.03-LTS-SP4-everything-aarch64-dvd.iso /mnt + ``` + +## Software Compilation + +### Using the Local Yum Source to Install Basic Software + +1. Run the following command to install the Maven build tool: + + ```shell + yum -y install maven + ``` + +2. Run the following command to install JDK using the Yum source: + + ```shell + yum -y install java-1.8.0-openjdk-devel + ``` + +3. Verify the installation. After the installation is completed, run the following commands to check the Maven and Java versions and the javac usage: + + ```shell + mvn -version + java -version + javac -help + ``` + + ![](./figures/install1.png) + +### Installing Spring Framework to the Local Maven Repository + +1. Run the following commands to obtain the Spring Framework source code package: + + ```shell + cd /home + wget https://github.com/Spring-projects/Spring-framework/archive/v5.2.10.RELEASE.tar.gz + tar -xvf v5.2.10.RELEASE.tar.gz + ``` + +2. Run the following commands to compile the Spring Framework source code package. If the compilation is successful, the following information is displayed: + + ```shell + cd /home/spring-framework-5.2.10.RELEASE + ./gradlew build + ``` + + ![](./figures/zh-cn_image_0296838182.png) + +3. Run the following command to install Spring Framework to the local Maven repository: + + ```shell + ./gradlew publishToMavenLocal -x javadoc -x dokka -x asciidoctor + ``` + + After the installation is completed, the `springframework` folder is generated in `/root/.m2/repository/org/`. + + ![](./figures/zh-cn_image_0296838184.png) + +### Compiling Tomcat Cases of the Spring Boot Project + +1. Run the following commands to obtain the case source code: + + ```shell + cd /home + wget https://github.com/Spring-projects/Spring-boot/archive/v1.5.4.RELEASE.tar.gz + tar -xvf v1.5.4.RELEASE.tar.gz + cd /home/spring-boot-1.5.4.RELEASE/spring-boot-samples/spring-boot-sample-tomcat + ``` + +2. Run the following command to compile the project: + + ```shell + mvn package -DskipTests + ``` + +### Compiling Cases of the Spring Cloud Project + +1. Run the following commands to compile the Spring-cloud-gateway-sample project: + + ```shell + cd /home + git clone https://github.com/Spring-cloud-samples/Spring-cloud-gateway-sample.git + cd /home/Spring-cloud-gateway-sample + mvn package -DskipTests + ``` + +2. Run the following commands to compile the zuul-server-1.0.0.BUILD-SNAPSHOT project: + + ```shell + cd /home + git clone https://github.com/Spring-cloud-samples/zuul-server.git + cd /home/zuul-server + mvn package -DskipTests + ``` + +3. Run the following commands to compile the eureka-0.0.1-SNAPSHOT project: + + ```shell + cd /home + git clone https://github.com/Spring-cloud-samples/eureka.git + cd /home/eureka + mvn package -DskipTests + ``` + +4. Run the following commands to compile the feign-eureka project: + + ```shell + cd /home + git clone https://github.com/Spring-cloud-samples/feign-eureka.git + cd /home/feign-eureka + mvn package -DskipTests + ``` + +## Software Running + +### Examples of Running Spring Boot on a Single-Node System + +1. If the spring-boot-sample-tomcat is compiled successfully, the `spring-boot-sample-tomcat-1.5.4.RELEASE.jar` file is generated in the `/home/spring-boot-1.5.4.RELEASE/spring-boot-samples/spring-boot-samples-tomcat/target` folder in the project directory. Run the following command to execute the JAR file: + + ```shell + java -jar spring-boot-sample-tomcat-1.5.4.RELEASE.jar + ``` + +2. After **tomcat start** is displayed on the console, open a new window and run the following command to check the running status of the Tomcat service: + + ```shell + curl http://localhost:8080 + ``` + + If **helloworld** is displayed in the command output, the execution is successful. + +3. To disable the Spring-Boot service, press **Ctrl+C** in the window displayed in Step 1. + +### Examples of Running Spring Cloud on a Single-Node System + +#### Example of running the spring-cloud-gateway-sample project + +1. If the spring-cloud-gateway-sample project is compiled successfully, the `spring-cloud-gateway-sample-0.0.1-SNAPSHOT.jar` file is generated in the `/home/Spring-cloud-gateway-sample/target` folder in the project directory. Run the following commands: + + ```shell + java -jar spring-cloud-gateway-sample-0.0.1-SNAPSHOT.jar + ``` + +2. After the message **Started DemogatewayApplication** is displayed on the console, start a new window and run the following command to check the service running status.If the command output shown in the following figure is displayed, the execution is successful. + + ```shell + curl http://localhost:8080/get + ``` + + ![](./figures/run1.png) +3. To stop the service, press **Ctrl+C** in the windows in Step 1. + +#### Example of Running the zuul-server Project + +1. Run the zuul-server service after running the eureka project. In the `/home/eureka/target` directory, run the following command to start the eureka service: + + ```shell + java -jar eureka-0.0.1-SNAPSHOT.jar + ``` + +2. After the message **Started EurekaApplicattion** is displayed on the console, start a new window and run the following command in the project directory `/home/zuul-server/target` to start the zuul-server service: + + ```shell + java -jar zuul-server-1.0.0.BUILD-SNAPSHOT.jar + ``` + +3. After the message Started ZuulServerApplicatttion is displayed on the console, start a new window and run the following command to check the service running status: + + ```shell + curl http://localhost:8765 + ``` + + After the zuul-server service is started, the console displays the access port 8765. When you access the local port 8765 using curl, the 404 information with the timestamp is returned, and an access event is recorded on the server. + + The following figure shows how to access the port 8765 using curl: + + ![](./figures/run3.png) + + The following figure shows the log information printed by the server when the user accesses the port: + + ![](./figures/run4.png) + +4. To stop the service, press **Ctrl+C** in the windows in Step 2 and Step 3. + +#### Example of Running the feign-eureka Project + +1. Run the zuul-server service after running the eureka project. In the `/home/eureka/target` directory, run the following command to start the eureka service: + + ```shell + java -jar eureka-0.0.1-SNAPSHOT.jar + ``` + +2. After the message **Started EurekaApplicattion** is displayed on the console, start a new window and run the following command in the project directory `/home/feign-eureka/server/target` to start the zuul-server service: + + ```shell + java -jar feign-eureka-hello-server-0.0.1-SNAPSHOT.jar + ``` + +3. After the message **Started HelloServerApplication** is displayed on the console, start a new window and run the following command in the project directory `/home/feign-eureka/client/target` to start the zuul-server service: + + ```shell + java -jar feign-eureka-hello-client-0.0.1-SNAPSHOT.jar + ``` + +4. After the message **Started HelloClientApplication** is displayed on the console, start a new window and run the following command to check the service running status: + + ```shell + curl http://localhost:7211 + ``` + + After the service is started, you can see that port 7211 is enabled on the client console. Access this port using curl to obtain the Hello Server information. + + The following figure shows the opened port 7211 of the feign-eureka project: + + ![](./figures/run5.png) + + Access the feign-eureka service to view the returned result, as shown in the following figure: + + ![](./figures/run6.png) + +## FAQs + +### Spring-webmvc:test Fails During Spring Framework Compilation + +**Symptom** + +The assertion in MvcNamespaceTests.java fails to pass the test. The following figure shows the failure message: + +![](./figures/zh-cn_image_0296838200.png) + +**Cause Analysis** + +There is an 8-hour difference between the message return time displayed on two servers. + +**Solution** + +Modify the `spring-webmvc/src/test/java/org/springframework/web/servlet/config/MvcNamespaceTests.java` file in the project directory. + +Forcibly set the date member time of the handler to **0**, which is the same as the default time converted from the local date. + +![](./figures/zh-cn_image_0296838204.png) + +### Fails to Execute the asciidoctor Task + +**Symptom** + +The system prompts that the `/root/.gem/jruby/1.9` folder cannot be found. + +![](./figures/zh-cn_image_0296838206.png) + +**Cause Analysis** + +The Gradle release used by some Spring Framework versions may have problems when running on JDK 9 (due to the upgrade from AspectJ to 1.9). + +**Solution** + +Run the **./gradlew clean test** command to build the environment. + +### Fails to Execute the Spring-test:compileJava Task + +**Symptom** + +The Spring-test:compileJava task fails to be executed, and the error message in the following figure is displayed: + +![](./figures/zh-cn_image_0296838208.png) + +**Cause Analysis** + +The error message is displayed due to the warning. According to the cause analysis, some old packages do not exist in the repo (the repo source is specified by the **build.gradle** script). As a result, a warning is reported during compilation. + +**Solution** + +Edit the **build.gradle** script of the project and delete the **-Werror** option from the compilation parameters. + +![](./figures/zh-cn_image_0296838210.png) + +### The repo Source Is Invalid + +**Symptom** + +The repo source is invalid, and the error message in the following figure is displayed: + +![](./figures/zh-cn_image_0296838212.png) + +**Cause Analysis** + +This issue occasionally occurs because the network is unstable or the repo source specified in the compilation script fails to provide the required package. + +**Solution** + +Check whether the repo source settings of the **build.gradle** file are correct. Log in to the repo source and check whether any file is missing. + +![](./figures/zh-cn_image_0296838214.png) + +The following valid repo sources are for reference: + +[https://repo.Spring.io/plugins-release](https://repo.Spring.io/plugins-release) + +[https://repo.Springsource.org/plugins-release](https://repo.Springsource.org/plugins-release) + +### Build Failed Due to Timeout Error + +**Symptom** + +The network-related modules fail to pass the test, and the message Task: spring-webflux:test FAILED is displayed. In addition, the code line that fails is not reported in each time of compilation. + +**Cause Analysis** + +According to the code analysis, the build fails because the response from the remote service is not received within the specified period and a timeout error occurs. + +![](./figures/x86_build_fail.png) + +**Solution** + +Prolong the timeout period based on the code line prompted in the error message. You can modify .verify\(Duration.ofSeconds\(TIMEOUT\)\) or .block\(TIMEOUT\) in the code prompted to double the value of TIMEOUT. For example, the timeout period is changed from 5 seconds to 10 seconds in the following figure: + +![](./figures/modify_timeout_value.png) diff --git a/docs/en/docs/thirdparty_migration/thidrparty.md b/docs/en/docs/thirdparty_migration/thidrparty.md new file mode 100644 index 0000000000000000000000000000000000000000..892e057a4f05528172f3c770ee8bea4663e06374 --- /dev/null +++ b/docs/en/docs/thirdparty_migration/thidrparty.md @@ -0,0 +1,5 @@ +# Third-Party Software Porting Guide + +This document helps you quickly port and deploy third-party software on openEuler, including Spring (Spring Framework, Spring Boot, and Spring Cloud), OpenStack, and Kubernetes. + +This document is intended for community developers, open source enthusiasts, and partners who use the openEuler OS and intend to learn more about third-party software. Basic knowledge about the Linux OS is required for reading this document. \ No newline at end of file diff --git a/docs/en/menu/index.md b/docs/en/menu/index.md new file mode 100644 index 0000000000000000000000000000000000000000..d1d0358ca3f89ca93c03c5191ed21dc2d118274d --- /dev/null +++ b/docs/en/menu/index.md @@ -0,0 +1,187 @@ +--- +headless: true +--- +- [Terms of Use]({{< relref "./docs/Releasenotes/terms-of-use.md" >}}) +- [Release Notes]({{< relref "./docs/Releasenotes/release_notes.md" >}}) + - [User Notice]({{< relref "./docs/Releasenotes/user-notice.md" >}}) + - [Account List]({{< relref "./docs/Releasenotes/account-list.md" >}}) + - [Introduction]({{< relref "./docs/Releasenotes/introduction.md" >}}) + - [Installing the OS]({{< relref "./docs/Releasenotes/installing-the-os.md" >}}) + - [Key Features]({{< relref "./docs/Releasenotes/key-features.md" >}}) + - [Known Issues]({{< relref "./docs/Releasenotes/known-issues.md" >}}) + - [Resolved Issues]({{< relref "./docs/Releasenotes/resolved-issues.md" >}}) + - [Common Vulnerabilities and Exposures]({{< relref "./docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md" >}}) + - [Source Code]({{< relref "./docs/Releasenotes/source-code.md" >}}) + - [Contribution]({{< relref "./docs/Releasenotes/contribution.md" >}}) + - [Acknowledgment]({{< relref "./docs/Releasenotes/acknowledgment.md" >}}) +- [Quick Start]({{< relref "./docs/Quickstart/quick-start.md" >}}) +- [Installation Guide]({{< relref "./docs/Installation/Installation.md" >}}) + - [Installation on Servers]({{< relref "./docs/Installation/install-server.md" >}}) + - [Installation Preparations]({{< relref "./docs/Installation/installation-preparations.md" >}}) + - [Installation Mode]({{< relref "./docs/Installation/installation-mode.md" >}}) + - [Installation Guideline]({{< relref "./docs/Installation/installation-guideline.md" >}}) + - [Using Kickstart for Automatic Installation]({{< relref "./docs/Installation/using-kickstart-for-automatic-installation.md" >}}) + - [FAQs]({{< relref "./docs/Installation/faqs.md" >}}) + - [Installation on Raspberry Pi]({{< relref "./docs/Installation/install-pi.md" >}}) + - [Installation Preparations]({{< relref "./docs/Installation/Installation-Preparations1.md" >}}) + - [Installation Mode]({{< relref "./docs/Installation/Installation-Modes1.md" >}}) + - [Installation Guideline]({{< relref "./docs/Installation/Installation-Guide1.md" >}}) + - [FAQs]({{< relref "./docs/Installation/FAQ1.md" >}}) + - [More Resources]({{< relref "./docs/Installation/More-Resources.md" >}}) +- [Administrator Guide]({{< relref "./docs/Administration/administration.md" >}}) + - [Viewing System Information]({{< relref "./docs/Administration/viewing-system-information.md" >}}) + - [Basic Configuration]({{< relref "./docs/Administration/basic-configuration.md" >}}) + - [User and User Group Management]({{< relref "./docs/Administration/user-and-user-group-management.md" >}}) + - [Software Package Management with DNF]({{< relref "./docs/Administration/using-the-dnf-to-manage-software-packages.md" >}}) + - [Service Management]({{< relref "./docs/Administration/service-management.md" >}}) + - [Process Management]({{< relref "./docs/Administration/process-management.md" >}}) + - [Memory Management]({{< relref "./docs/Administration/memory-management.md" >}}) + - [Network Configuration]({{< relref "./docs/Administration/configuring-the-network.md" >}}) + - [Hard Disk Management with LVM]({{< relref "./docs/Administration/managing-hard-disks-through-lvm.md" >}}) + - [KAE Usage]({{< relref "./docs/Administration/using-the-kae.md" >}}) + - [Service Configuration]({{< relref "./docs/Administration/configuring-services.md" >}}) + - [Configuring the Repo Server]({{< relref "./docs/Administration/configuring-the-repo-server.md" >}}) + - [Configuring the FTP Server]({{< relref "./docs/Administration/configuring-the-ftp-server.md" >}}) + - [Configuring the Web Server]({{< relref "./docs/Administration/configuring-the-web-server.md" >}}) + - [Setting Up the Database Server]({{< relref "./docs/Administration/setting-up-the-database-server.md" >}}) + - [FAQs]({{< relref "./docs/Administration/faqs.md" >}}) +- [Security Hardening Guide]({{< relref "./docs/SecHarden/secHarden.md" >}}) + - [OS Hardening Overview]({{< relref "./docs/SecHarden/os-hardening-overview.md" >}}) + - [Security Hardening Guide]({{< relref "./docs/SecHarden/security-hardening-guide.md" >}}) + - [Account Passwords]({{< relref "./docs/SecHarden/account-passwords.md" >}}) + - [Authentication and Authorization]({{< relref "./docs/SecHarden/authentication-and-authorization.md" >}}) + - [System Services]({{< relref "./docs/SecHarden/system-services.md" >}}) + - [File Permissions]({{< relref "./docs/SecHarden/file-permissions.md" >}}) + - [Kernel Parameters]({{< relref "./docs/SecHarden/kernel-parameters.md" >}}) + - [SELinux Configuration]({{< relref "./docs/SecHarden/selinux-configuration.md" >}}) + - [Security Hardening Tools]({{< relref "./docs/SecHarden/security-hardening-tools.md" >}}) + - [Appendix]({{< relref "./docs/SecHarden/appendix.md" >}}) +- [Virtualization User Guide]({{< relref "./docs/Virtualization/virtualization.md" >}}) + - [Introduction to Virtualization]({{< relref "./docs/Virtualization/introduction-to-virtualization.md" >}}) + - [Installing Virtualization Components]({{< relref "./docs/Virtualization/virtualization-installation.md" >}}) + - [Environment Preparation]({{< relref "./docs/Virtualization/environment-preparation.md" >}}) + - [VM Configuration]({{< relref "./docs/Virtualization/vm-configuration.md" >}}) + - [Managing VMs]({{< relref "./docs/Virtualization/managing-vms.md" >}}) + - [VM Live Migration]({{< relref "./docs/Virtualization/vm-live-migration.md" >}}) + - [System Resource Management]({{< relref "./docs/Virtualization/system-resource-management.md" >}}) + - [Managing Devices]({{< relref "./docs/Virtualization/managing-devices.md" >}}) + - [Best Practices]({{< relref "./docs/Virtualization/best-practices.md" >}}) + - [Tool Guide]({{< relref "./docs/Virtualization/tool-guide.md" >}}) + - [vmtop]({{< relref "./docs/Virtualization/vmtop.md" >}}) + - [LibcarePlus]({{< relref "./docs/Virtualization/LibcarePlus.md" >}}) + - [Appendix]({{< relref "./docs/Virtualization/appendix.md" >}}) +- [StratoVirt User Guide]({{< relref "./docs/StratoVirt/StratoVirt_guidence.md" >}}) + - [Introduction to StratoVirt]({{< relref "./docs/StratoVirt/StratoVirt_intoduction.md" >}}) + - [Installing StratoVirt]({{< relref "./docs/StratoVirt/Install_StratoVirt.md" >}}) + - [Preparing the Environment]({{< relref "./docs/StratoVirt/Prepare_env.md" >}}) + - [Configuring VMs]({{< relref "./docs/StratoVirt/VM_configuration.md" >}}) + - [Managing VMs]({{< relref "./docs/StratoVirt/VM_management.md" >}}) + - [Interconnecting with iSula Security Containers]({{< relref "./docs/StratoVirt/Interconnect_isula.md" >}}) + - [Best Practices]({{< relref "./docs/StratoVirt/Best_practices.md" >}}) +- [Container User Guide]({{< relref "./docs/Container/container.md" >}}) + - [iSula Container Engine]({{< relref "./docs/Container/isula-container-engine.md" >}}) + - [Installation, Upgrade and Uninstallation]({{< relref "./docs/Container/installation-upgrade-Uninstallation.md" >}}) + - [Installation and Configuration]({{< relref "./docs/Container/installation-configuration.md" >}}) + - [Upgrade Methods]({{< relref "./docs/Container/upgrade-methods.md" >}}) + - [Uninstallation]({{< relref "./docs/Container/uninstallation.md" >}}) + - [Usage Guide]({{< relref "./docs/Container/usage.md" >}}) + - [Container Management]({{< relref "./docs/Container/container-management.md" >}}) + - [Interconnection with the CNI Network]({{< relref "./docs/Container/interconnection-with-the-cni-network.md" >}}) + - [Container Resource Management]({{< relref "./docs/Container/container-resource-management.md" >}}) + - [Privileged Container]({{< relref "./docs/Container/privileged-container.md" >}}) + - [CRI]({{< relref "./docs/Container/cri.md" >}}) + - [Image Management]({{< relref "./docs/Container/image-management.md" >}}) + - [Checking the Container Health Status]({{< relref "./docs/Container/checking-the-container-health-status.md" >}}) + - [Querying Information]({{< relref "./docs/Container/querying-information.md" >}}) + - [Security Features]({{< relref "./docs/Container/security-features.md" >}}) + - [Supporting OCI hooks]({{< relref "./docs/Container/supporting-oci-hooks.md" >}}) + - [Local Volume Management]({{< relref "./docs/Container/local-volume-management.md" >}}) + - [Appendix]({{< relref "./docs/Container/appendix.md" >}}) + - [System Container]({{< relref "./docs/Container/system-container.md" >}}) + - [Installation Guideline]({{< relref "./docs/Container/installation-guideline.md" >}}) + - [Usage Guide]({{< relref "./docs/Container/usage-guide.md" >}}) + - [Specifying Rootfs to Create a Container]({{< relref "./docs/Container/specifying-rootfs-to-create-a-container.md" >}}) + - [Using systemd to Start a Container]({{< relref "./docs/Container/using-systemd-to-start-a-container.md" >}}) + - [Reboot or Shutdown in a Container]({{< relref "./docs/Container/reboot-or-shutdown-in-a-container.md" >}}) + - [Configurable Cgroup Path]({{< relref "./docs/Container/configurable-cgroup-path.md" >}}) + - [Writable Namespace Kernel Parameters]({{< relref "./docs/Container/writable-namespace-kernel-parameters.md" >}}) + - [Shared Memory Channels]({{< relref "./docs/Container/shared-memory-channels.md" >}}) + - [Dynamically Loading the Kernel Module]({{< relref "./docs/Container/dynamically-loading-the-kernel-module.md" >}}) + - [Environment Variable Persisting]({{< relref "./docs/Container/environment-variable-persisting.md" >}}) + - [Maximum Number of Handles]({{< relref "./docs/Container/maximum-number-of-handles.md" >}}) + - [Security and Isolation]({{< relref "./docs/Container/security-and-isolation.md" >}}) + - [Dynamically Managing Container Resources \\(syscontainer-tools\\)]({{< relref "./docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md" >}}) + - [Appendix]({{< relref "./docs/Container/appendix-1.md" >}}) + - [Secure Container]({{< relref "./docs/Container/secure-container.md" >}}) + - [Installation and Deployment]({{< relref "./docs/Container/installation-and-deployment-2.md" >}}) + - [Application Scenarios]({{< relref "./docs/Container/application-scenarios-2.md" >}}) + - [Managing the Lifecycle of a Secure Container]({{< relref "./docs/Container/managing-the-lifecycle-of-a-secure-container.md" >}}) + - [Configuring Resources for a Secure Container]({{< relref "./docs/Container/configuring-resources-for-a-secure-container.md" >}}) + - [Configuring Networking for a Secure Container]({{< relref "./docs/Container/configuring-networking-for-a-secure-container.md" >}}) + - [Monitoring Secure Containers]({{< relref "./docs/Container/monitoring-secure-containers.md" >}}) + - [Appendix]({{< relref "./docs/Container/appendix-2.md" >}}) + - [Docker Container]({{< relref "./docs/Container/docker-container.md" >}}) + - [Installation and Deployment]({{< relref "./docs/Container/installation-and-deployment-3.md" >}}) + - [Container Management]({{< relref "./docs/Container/container-management-1.md" >}}) + - [Image Management]({{< relref "./docs/Container/image-management-1.md" >}}) + - [Command Reference]({{< relref "./docs/Container/command-reference.md" >}}) + - [Container Engine]({{< relref "./docs/Container/container-engine.md" >}}) + - [Container Management]({{< relref "./docs/Container/container-management-2.md" >}}) + - [Image Management]({{< relref "./docs/Container/image-management-2.md" >}}) + - [Statistics]({{< relref "./docs/Container/statistics.md" >}}) + - [Container Tools]({{< relref "./docs/Container/container-tools.md" >}}) + - [Image Building]({{< relref "./docs/Container/isula-build.md" >}}) + - [Container Migration]({{< relref "./docs/Container/isula-transform.md" >}}) +- [A-Tune User Guide]({{< relref "./docs/A-Tune/A-Tune.md" >}}) + - [Getting to Know A-Tune]({{< relref "./docs/A-Tune/getting-to-know-a-tune.md" >}}) + - [Installation and Deployment]({{< relref "./docs/A-Tune/installation-and-deployment.md" >}}) + - [Application Scenarios]({{< relref "./docs/A-Tune/application-scenarios.md" >}}) + - [FAQs]({{< relref "./docs/A-Tune/faqs.md" >}}) + - [Appendixes]({{< relref "./docs/A-Tune/appendixes.md" >}}) +- [Application Development Guide]({{< relref "./docs/ApplicationDev/application-development.md" >}}) + - [Preparation]({{< relref "./docs/ApplicationDev/preparations-for-development-environment.md" >}}) + - [Using GCC for Compilation]({{< relref "./docs/ApplicationDev/using-gcc-for-compilation.md" >}}) + - [Using Make for Compilation]({{< relref "./docs/ApplicationDev/using-make-for-compilation.md" >}}) + - [Using JDK for Compilation]({{< relref "./docs/ApplicationDev/using-jdk-for-compilation.md" >}}) + - [Building an RPM Package]({{< relref "./docs/ApplicationDev/building-an-rpm-package.md" >}}) +- [GCC for openEuler User Guide]({{< relref "./docs/GCC/overview.md" >}}) + - [GCC Toolset User Guide]({{< relref "./docs/GCC/gcc-toolset-user-guide.md" >}}) +- [secGear Development Guide]({{< relref "./docs/secGear/secGear.md" >}}) + - [Introduction to secGear]({{< relref "./docs/secGear/introduction-to-secGear.md" >}}) + - [Installing secGear]({{< relref "./docs/secGear/installing-secGear.md" >}}) + - [secGear Development Guide]({{< relref "./docs/secGear/secGear-development-guide.md" >}}) + - [Using the secGear Tool]({{< relref "./docs/secGear/using-the-secGear-tool.md" >}}) + - [API Description]({{< relref "./docs/secGear/api-description.md" >}}) +- [HA User Guide]({{< relref "./docs//HA/ha.md" >}}) + - [Installing and Deploying HA]({{< relref "./docs/HA/installing-and-deploying-HA.md" >}}) + - [HA Usage Example]({{< relref "./docs/HA/HA_usage_example.md" >}}) +- [Kubernetes Cluster Deployment Guide]({{< relref "./docs/Kubernetes/Kubernetes.md" >}}) + - [Preparing VMs]( {{< relref "./docs/Kubernetes/preparing-VMs.md">}}) + - [Deploying a Kubernetes Cluster]({{< relref "./docs/Kubernetes/deploying-a-Kubernetes-cluster.md" >}}) + - [Installing the Kubernetes Software Package]( {{< relref "./docs/Kubernetes/installing-the-Kubernetes-software-package.md" >}}) + - [Preparing Certificates]({{< relref "./docs/Kubernetes/preparing-certificates.md" >}}) + - [Installing etcd]({{< relref "./docs/Kubernetes/installing-etcd.md" >}}) + - [Deploying Components on the Control Plane]({{< relref "./docs/Kubernetes/deploying-control-plane-components.md" >}}) + - [Deploying a Node Component]({{< relref "./docs/Kubernetes/deploying-a-node-component.md" >}}) + - [Running the Test Pod]({{< relref "./docs/Kubernetes/running-the-test-pod.md" >}}) +- [Third-Party Software Porting Guide]({{< relref "./docs/thirdparty_migration/thidrparty.md" >}}) + - [OpenStack]({{< relref "./docs/thirdparty_migration/openstack.md" >}}) + - [Guide to Porting Kubernetes to openEuler]({{< relref "./docs/thirdparty_migration/k8sinstall.md" >}}) + - [Guide to Porting Spring Framework to openEuler]({{< relref "./docs/thirdparty_migration/springframework.md" >}}) + - [Guide to Installing BiSheng Compiler]({{< relref "./docs/thirdparty_migration/bisheng.md" >}}) +- [Desktop Environment User Guide]({{< relref "./docs/desktop/desktop.md" >}}) + - [UKUI]({{< relref "./docs/desktop/ukui.md" >}}) + - [UKUI Installation]({{< relref "./docs/desktop/install-UKUI.md" >}}) + - [UKUI User Guide]({{< relref "./docs/desktop/UKUI-user-guide.md" >}}) + - [DDE]({{< relref "./docs/desktop/dde.md" >}}) + - [DDE Installation]({{< relref "./docs/desktop/install-DDE.md" >}}) + - [DDE User Guide]({{< relref "./docs/desktop/DDE-User-Manual.md" >}}) + - [Xfce]({{< relref "./docs/desktop/xfce.md" >}}) + - [Xfce Installation]({{< relref "./docs/desktop/Install_XFCE.md" >}}) + - [Xfce User Guide]({{< relref "./docs/desktop/Xfce_userguide.md" >}}) + - [Kiran]({{< relref "./docs/desktop/kiran.md" >}}) + - [Kiran Installation]({{< relref "./docs/desktop/install-kiran.md" >}}) + - [Kiran User Guide]({{< relref "./docs/desktop/Kiran_userguide.md" >}}) +- [Tailoring and Customization Tool Usage Guide]({{< relref "./docs/TailorCustom/overview.md" >}}) + - [isocut Usage Guide]({{< relref "./docs/TailorCustom/isocut-usage-guide.md" >}}) +- [eNFS User Guide]({{< relref "./docs/eNFS/enfs-user-guide.md" >}}) \ No newline at end of file diff --git a/docs/en/menu/menu.json b/docs/en/menu/menu.json deleted file mode 100644 index a653dab76dd193269611dbf701c46a9d800cd402..0000000000000000000000000000000000000000 --- a/docs/en/menu/menu.json +++ /dev/null @@ -1,822 +0,0 @@ -[ - { - "label": "Terms of Use", - "path": "docs/Releasenotes/terms-of-use", - "children": [ - - ] - }, - { - "label": "Release Notes", - "path": "docs/Releasenotes/release_notes", - "children": [ - { - "label": "User Notice", - "path": "docs/Releasenotes/user-notice", - "children": [ - - ] - }, - { - "label": "Introduction", - "path": "docs/Releasenotes/introduction", - "children": [ - - ] - }, - { - "label": "Installing the OS", - "path": "docs/Releasenotes/installing-the-os", - "children": [ - - ] - }, - { - "label": "Key Features", - "path": "docs/Releasenotes/key-features", - "children": [ - - ] - }, - { - "label": "Known Issues", - "path": "docs/Releasenotes/known-issues", - "children": [ - - ] - }, - { - "label": "Resolved Issues", - "path": "docs/Releasenotes/resolved-issues", - "children": [ - - ] - }, - { - "label": "Common Vulnerabilities and Exposures \\(CVE\\)", - "path": "docs/Releasenotes/common-vulnerabilities-and-exposures-(cve)", - "children": [ - - ] - }, - { - "label": "Source Code", - "path": "docs/Releasenotes/source-code", - "children": [ - - ] - }, - { - "label": "Contribution", - "path": "docs/Releasenotes/contribution", - "children": [ - - ] - }, - { - "label": "Acknowledgement", - "path": "docs/Releasenotes/acknowledgement", - "children": [ - - ] - } - ] - }, - { - "label": "Quick Start", - "path": "docs/Quickstart/quick-start", - "children": [ - - ] - }, - { - "label": "Installation Guide", - "path": "docs/Installation/Installation", - "children": [ - { - "label": "Installation Preparations", - "path": "docs/Installation/installation-preparations", - "children": [ - - ] - }, - { - "label": "Installation Mode", - "path": "docs/Installation/installation-mode", - "children": [ - - ] - }, - { - "label": "Installation Guideline", - "path": "docs/Installation/installation-guideline", - "children": [ - - ] - }, - { - "label": "Using Kickstart for Automatic Installation", - "path": "docs/Installation/using-kickstart-for-automatic-installation", - "children": [ - - ] - }, - { - "label": "FAQs", - "path": "docs/Installation/faqs", - "children": [ - - ] - } - ] - }, - { - "label": "Administrator Guide", - "path": "docs/Administration/administration", - "children": [ - { - "label": "Viewing System Information", - "path": "docs/Administration/viewing-system-information", - "children": [ - - ] - }, - { - "label": "Basic Configuration", - "path": "docs/Administration/basic-configuration", - "children": [ - - ] - }, - { - "label": "User and User Group Management", - "path": "docs/Administration/user-and-user-group-management", - "children": [ - - ] - }, - { - "label": "Using the DNF to Manage Software Packages", - "path": "docs/Administration/using-the-dnf-to-manage-software-packages", - "children": [ - - ] - }, - { - "label": "Service Management", - "path": "docs/Administration/service-management", - "children": [ - - ] - }, - { - "label": "Process Management", - "path": "docs/Administration/process-management", - "children": [ - - ] - }, - { - "label": "Configuring the Network", - "path": "docs/Administration/configuring-the-network", - "children": [ - - ] - }, - { - "label": "Managing Hard Disks Through LVM", - "path": "docs/Administration/managing-hard-disks-through-lvm", - "children": [ - - ] - }, - { - "label": "Using the KAE", - "path": "docs/Administration/using-the-kae", - "children": [ - - ] - }, - { - "label": "Configuring Services", - "path": "docs/Administration/configuring-services", - "children": [ - { - "label": "Configuring the Repo Server", - "path": "docs/Administration/configuring-the-repo-server", - "children": [ - - ] - }, - { - "label": "Configuring the FTP Server", - "path": "docs/Administration/configuring-the-ftp-server", - "children": [ - - ] - }, - { - "label": "Configuring the Web Server", - "path": "docs/Administration/configuring-the-web-server", - "children": [ - - ] - }, - { - "label": "Setting Up the Database Server", - "path": "docs/Administration/setting-up-the-database-server", - "children": [ - - ] - } - ] - }, - { - "label": "FAQs", - "path": "docs/Administration/faqs", - "children": [ - - ] - } - ] - }, - { - "label": "Security Hardening Guide", - "path": "docs/SecHarden/secHarden", - "children": [ - { - "label": "OS Hardening Overview", - "path": "docs/SecHarden/os-hardening-overview", - "children": [ - ] - }, - { - "label": "Security Hardening Guide", - "path": "docs/SecHarden/security-hardening-guide", - "children": [ - { - "label": "Account Passwords", - "path": "docs/SecHarden/account-passwords", - "children": [ - - ] - }, - { - "label": "Authentication and Authorization", - "path": "docs/SecHarden/authentication-and-authorization", - "children": [ - - ] - }, - { - "label": "System Services", - "path": "docs/SecHarden/system-services", - "children": [ - - ] - }, - { - "label": "File Permissions", - "path": "docs/SecHarden/file-permissions", - "children": [ - - ] - }, - { - "label": "Kernel Parameters", - "path": "docs/SecHarden/kernel-parameters", - "children": [ - - ] - }, - { - "label": "SELinux Configuration", - "path": "docs/SecHarden/selinux-configuration", - "children": [ - - ] - } - ] - }, - { - "label": "Security Hardening Tools", - "path": "docs/SecHarden/security-hardening-tools", - "children": [ - - ] - }, - { - "label": "Appendixes", - "path": "docs/SecHarden/appendix", - "children": [ - - ] - } - ] - }, - { - "label": "Virtualization User Guide", - "path": "docs/Virtualization/virtualization", - "children": [ - { - "label": "Introduction to Virtualization", - "path": "docs/Virtualization/introduction-to-virtualization", - "children": [ - - ] - }, - { - "label": "Installation to Virtualization", - "path": "docs/Virtualization/installation-to-virtualization", - "children": [ - - ] - }, - { - "label": "Environment Preparation", - "path": "docs/Virtualization/environment-preparation", - "children": [ - - ] - }, - { - "label": "VM Configuration", - "path": "docs/Virtualization/vm-configuration", - "children": [ - - ] - }, - { - "label": "Managing VMs", - "path": "docs/Virtualization/managing-vms", - "children": [ - - ] - }, - { - "label": "VM Live Migration", - "path": "docs/Virtualization/vm-live-migration", - "children": [ - - ] - }, - { - "label": "System Resource Management", - "path": "docs/Virtualization/system-resource-management", - "children": [ - - ] - }, - { - "label": "Managing Devices", - "path": "docs/Virtualization/managing-devices", - "children": [ - - ] - }, - { - "label": "Best Practices", - "path": "docs/Virtualization/best-practices", - "children": [ - - ] - }, - { - "label": "Appendix", - "path": "docs/Virtualization/appendix", - "children": [ - - ] - } - ] - }, - { - "label": "Container User Guide", - "path": "docs/Container/container", - "children": [ - { - "label": "iSulad Container Engine", - "path": "docs/Container/isulad-container-engine", - "children": [ - { - "label": "Installation, Upgrade and Uninstallation", - "path": "docs/Container/installation-upgrade-Uninstallation", - "children": [ - { - "label": "Installation and Configuration", - "path": "docs/Container/installation-configuration", - "children": [ - - ] - }, - { - "label": "Upgrade Methods", - "path": "docs/Container/upgrade-methods", - "children": [ - - ] - }, - { - "label": "Uninstallation", - "path": "docs/Container/uninstallation", - "children": [ - - ] - } - ] - }, - { - "label": "Application Scenarios", - "path": "docs/Container/application-scenarios", - "children": [ - { - "label": "Container Management", - "path": "docs/Container/container-management", - "children": [ - - ] - }, - { - "label": "Interconnection with the CNI Network", - "path": "docs/Container/interconnection-with-the-cni-network", - "children": [ - - ] - }, - { - "label": "Container Resource Management", - "path": "docs/Container/container-resource-management", - "children": [ - - ] - }, - { - "label": "Privileged Container", - "path": "docs/Container/privileged-container", - "children": [ - - ] - }, - { - "label": "CRI", - "path": "docs/Container/cri", - "children": [ - - ] - }, - { - "label": "Image Management", - "path": "docs/Container/image-management", - "children": [ - - ] - }, - { - "label": "Checking the Container Health Status", - "path": "docs/Container/checking-the-container-health-status", - "children": [ - - ] - }, - { - "label": "Querying Information", - "path": "docs/Container/querying-information", - "children": [ - - ] - }, - { - "label": "Security Features", - "path": "docs/Container/security-features", - "children": [ - - ] - }, - { - "label": "Supporting OCI hooks", - "path": "docs/Container/supporting-oci-hooks", - "children": [ - - ] - } - ] - }, - { - "label": "Appendix", - "path": "docs/Container/appendix", - "children": [ - - ] - } - ] - }, - { - "label": "System Container", - "path": "docs/Container/system-container", - "children": [ - { - "label": "Installation Guideline", - "path": "docs/Container/installation-guideline", - "children": [ - - ] - }, - { - "label": "Usage Guide", - "path": "docs/Container/usage-guide", - "children": [ - { - "label": "Specifying Rootfs to Create a Container", - "path": "docs/Container/specifying-rootfs-to-create-a-container", - "children": [ - - ] - }, - { - "label": "Using systemd to Start a Container", - "path": "docs/Container/using-systemd-to-start-a-container", - "children": [ - - ] - }, - { - "label": "Reboot or Shutdown in a Container", - "path": "docs/Container/reboot-or-shutdown-in-a-container", - "children": [ - - ] - }, - { - "label": "Configurable Cgroup Path", - "path": "docs/Container/configurable-cgroup-path", - "children": [ - - ] - }, - { - "label": "Writable Namespace Kernel Parameters", - "path": "docs/Container/writable-namespace-kernel-parameters", - "children": [ - - ] - }, - { - "label": "Shared Memory Channels", - "path": "docs/Container/shared-memory-channels", - "children": [ - - ] - }, - { - "label": "Dynamically Loading the Kernel Module", - "path": "docs/Container/dynamically-loading-the-kernel-module", - "children": [ - - ] - }, - { - "label": "Environment Variable Persisting", - "path": "docs/Container/environment-variable-persisting", - "children": [ - - ] - }, - { - "label": "Maximum Number of Handles", - "path": "docs/Container/maximum-number-of-handles", - "children": [ - - ] - }, - { - "label": "Security and Isolation", - "path": "docs/Container/security-and-isolation", - "children": [ - - ] - }, - { - "label": "Dynamically Managing Container Resources \\(syscontainer-tools\\)", - "path": "docs/Container/dynamically-managing-container-resources-(syscontainer-tools)", - "children": [ - - ] - } - ] - }, - { - "label": "Appendix", - "path": "docs/Container/appendix-1", - "children": [ - - ] - } - ] - }, - { - "label": "Secure Container", - "path": "docs/Container/secure-container", - "children": [ - { - "label": "Installation and Deployment", - "path": "docs/Container/installation-and-deployment-1", - "children": [ - - ] - }, - { - "label": "Application Scenarios", - "path": "docs/Container/application-scenarios-2", - "children": [ - { - "label": "Managing the Lifecycle of a Secure Container", - "path": "docs/Container/managing-the-lifecycle-of-a-secure-container", - "children": [ - - ] - }, - { - "label": "Configuring Resources for a Secure Container", - "path": "docs/Container/configuring-resources-for-a-secure-container", - "children": [ - - ] - }, - { - "label": "Configuring Networking for a Secure Container", - "path": "docs/Container/configuring-networking-for-a-secure-container", - "children": [ - - ] - }, - { - "label": "Monitoring Secure Containers", - "path": "docs/Container/monitoring-secure-containers", - "children": [ - - ] - } - ] - }, - { - "label": "Appendix", - "path": "docs/Container/appendix-2", - "children": [ - - ] - } - ] - }, - { - "label": "Docker Container", - "path": "docs/Container/docker-container", - "children": [ - { - "label": "Installation and Deployment", - "path": "docs/Container/installation-and-deployment-2", - "children": [ - - ] - }, - { - "label": "Container Management", - "path": "docs/Container/container-management-1", - "children": [ - - ] - }, - { - "label": "Image Management", - "path": "docs/Container/image-management-1", - "children": [ - - ] - }, - { - "label": "Command Reference", - "path": "docs/Container/command-reference", - "children": [ - { - "label": "Container Engine", - "path": "docs/Container/container-engine", - "children": [ - - ] - }, - { - "label": "Container Management", - "path": "docs/Container/container-management-2", - "children": [ - - ] - }, - { - "label": "Image Management", - "path": "docs/Container/image-management-2", - "children": [ - - ] - }, - { - "label": "Statistics", - "path": "docs/Container/statistics", - "children": [ - - ] - } - ] - } - ] - }, - { - "label": "Image Building", - "path": "docs/Container/isula-build", - "children": [ - - ] - } - ] - }, - { - "label": "A-Tune User Guide", - "path": "docs/A-Tune/A-Tune", - "children": [ - { - "label": "Getting to Know A-Tune", - "path": "docs/A-Tune/getting-to-know-a-tune", - "children": [ - - ] - }, - { - "label": "Installation and Deployment", - "path": "docs/A-Tune/installation-and-deployment", - "children": [ - - ] - }, - { - "label": "Application Scenarios", - "path": "docs/A-Tune/application-scenarios", - "children": [ - - ] - }, - { - "label": "FAQs", - "path": "docs/A-Tune/faqs", - "children": [ - - ] - }, - { - "label": "Appendixes", - "path": "docs/A-Tune/appendixes", - "children": [ - - ] - } - ] - }, - { - "label": "Application Development Guide", - "path": "docs/ApplicationDev/application-development", - "children": [ - { - "label": "Preparation", - "path": "docs/ApplicationDev/preparation", - "children": [ - - ] - }, - { - "label": "Using GCC for Compilation", - "path": "docs/ApplicationDev/using-gcc-for-compilation", - "children": [ - - ] - }, - { - "label": "Using Make for Compilation", - "path": "docs/ApplicationDev/using-make-for-compilation", - "children": [ - - ] - }, - { - "label": "Using JDK for Compilation", - "path": "docs/ApplicationDev/using-jdk-for-compilation", - "children": [ - - ] - }, - { - "label": "Building an RPM Package", - "path": "docs/ApplicationDev/building-an-rpm-package", - "children": [ - - ] - } - ] - } -] diff --git "a/docs/zh/docs/A-Ops/AOps\346\274\217\346\264\236\347\256\241\347\220\206\346\250\241\345\235\227\344\275\277\347\224\250\346\211\213\345\206\214.md" "b/docs/zh/docs/A-Ops/AOps\346\274\217\346\264\236\347\256\241\347\220\206\346\250\241\345\235\227\344\275\277\347\224\250\346\211\213\345\206\214.md" new file mode 100644 index 0000000000000000000000000000000000000000..ef368d4bed2c452e57dbe1df44efd430c6a81369 --- /dev/null +++ "b/docs/zh/docs/A-Ops/AOps\346\274\217\346\264\236\347\256\241\347\220\206\346\250\241\345\235\227\344\275\277\347\224\250\346\211\213\345\206\214.md" @@ -0,0 +1,287 @@ +# AOps漏洞管理模块使用手册 + +参照[AOps部署指南](AOps部署指南.md)部署AOps前后端服务,并参照[AOps资产管理使用手册](AOps资产管理使用手册.md)纳管了主机后,即可使用AOps漏洞管理模块。 + +A-Ops智能运维工具的智能补丁管理模块(**apollo**)主要集成了**漏洞扫描、CVE修复、任务回退**、**热补丁移除**等核心功能: + +- 支持对openEuler已修复并发布的漏洞进行手动/定时扫描。漏洞的详细信息通过**在线/离线**同步社区发布的安全公告进行获取。当前聚焦于内核漏洞的处理,后续支持用户态软件包漏洞。 + +- 支持漏洞批量修复。修复过程中,客户端会命令行调用基于dnf原生框架的dnf hotpatch插件,实现**冷补丁(需重启)/热补丁(免重启)**的修复。此插件将底层冷、热补丁的管理封装成统一的入口,方便单机用户的使用和集群的调用。 + +- 支持通过任务粒度回退或移除热补丁的形式,将系统恢复至原状态。 + +下文将按照漏洞修复的工作流来进行A-Ops智能补丁管理功能的介绍。 + +## 1. 配置repo源 + +openEuler的漏洞信息通过安全公告对外发布,同时在update源中发布修复所用的软件包及相应元数据。配置了update源后即可在命令行通过dnf updateinfo list cves命令或dnf hot-updateinfo list cves(需安装A-Ops的dnf热补丁插件)进行漏洞的扫描。 + +默认的openEuler系统安装后自带对应OS版本的冷补丁update源。对于自定义或离线场景,用户可以通过设置repo来自行配置冷/热补丁的update源。 + +### 1.1 Repo源添加 + +漏洞管理界面用于对目标主机存在的CVE进行监控与修复。 + +当前漏洞管理模块分为以下三个界面: + ++ 主机列表界面。 ++ CVEs界面。 ++ 任务列表界面。 + +进入漏洞管理的主机管理子页面,可以从主机粒度看到当前纳管的所有主机的**已修复和未修复漏洞**情况: + +![主机列表界面](./figures/漏洞管理/主机列表界面.png) + +点击下方CVE REPO的加号框,即可进行repo源的添加: + +![添加REPO源](./figures/漏洞管理/添加repo源.png) + +若不清楚格式,可以点击下载模板按钮查看。注意baseurl和gpgkey要配置为客户端OS版本的对应地址。用户也可以直接上传编辑好的repo文件。 + +新建repo完毕后,即可在CVE REPO列表中进行查看或删除。 + +### 1.2 Repo设置 + +新建repo源后,点击右上角“设置repo”的按钮,可以创建一个任务,为勾选的主机进行批量的repo设置。 + +![设置repo](./figures/漏洞管理/设置repo源.png) + +点击“创建”或“立即执行”后会生成一个repo设置任务,执行完毕后即可在主机列表界面看到已设置好该repo源。 + +## 2. 漏洞扫描 + +确认好主机上已配置好repo源(或使用默认安装时自带的repo源)后,我们就可以为主机进行批量扫描了。直接点击右侧的漏洞扫描,默认扫描全部主机。用户也可以勾选部分主机进行扫描。 + +除了手动扫描,用户也可以配置后台定时任务,进行每日定时扫描。 + +![漏洞扫描](./figures/漏洞管理/漏洞扫描.png) + +扫描完毕后,若用户在创建用户时配置了邮箱信息,apollo会将漏洞情况邮件发送给用户。 + +![邮件通知](./figures/漏洞管理/邮件通知.png) + +## 3. 漏洞查看 + +### 3.1 主机详情信息界面 + +扫描完毕后,除了上文的主机列表可以看到每个主机的已修复和未修复的CVE数量,还可以点击某台主机查看详细的CVE信息: + +![主机详情](./figures/漏洞管理/主机详情.png) + +支持如下操作: + +- 查看主机基本信息与CVE个数。 +- 查看该主机未修复CVE和已修复CVE列表,支持导出。未修复CVE展开后可以看到受影响的RPM包及支持的修复方法,已修复CVE展开后可以看到修复使用的RPM。 +- 生成CVE修复任务(切换至“未修复”时,才可支持CVE修复任务创建),可支持CVE粒度的任务创建,同时也可具体到特定的rpm包修复。 +- 生成热补丁移除任务(切换至“已修复”时,才可支持生成热补丁移除任务)。 +- 单机漏洞扫描。 + +### 3.2 CVE列表界面 + +上文介绍了从主机维度查看漏洞情况,我们也可以从**漏洞维度**去查看我们重点关注的漏洞。 + +点击CVEs子页面,可以看到未修复和已修复两个页签,下方详细介绍了每个CVE的发布时间、影响软件包、严重性等信息,展开后则能看到描述信息及受影响的rpm包和支持的修复方式。 + +![CVEs列表](./figures/漏洞管理/cve列表.png) + +支持如下操作: + ++ 查看所有CVE信息(CVE严重性进行筛选、CVE ID、发布时间、CVSS分数、主机数量进行排序,可根据CVE ID或软件包名称进行检索)。 ++ 切换至“未修复”列表 + + 展开某CVE可以看到受影响的RPM包和支持的修复方法,以及该组合对应的主机。 + + 右侧按钮为“生成修复任务”,支持生成**CVE修复任务**。 + ++ 切换至“已修复”列表 + + 展开某CVE可以看到修复使用的RPM及对应的主机。 + + 右侧按钮为“热补丁移除”,针对热补丁修复的CVE,可生成**热补丁移除任务**。 + + +- 上传安全公告 + +这里对安全公告的上传简单说明: + +apollo支持定时从openEuler官网下载安全公告信息,针对无法连接外网的环境,提供了安全公告的手动上传功能。当前社区仅对社区软件包受影响的CVE发布了安全公告,用户可以从以下地址下载安全公告并上传压缩包:[https://repo.openeuler.org/security/data/cvrf/](https://gitee.com/link?target=https%3A%2F%2Frepo.openeuler.org%2Fsecurity%2Fdata%2Fcvrf%2F) + +![上传安全公告](./figures/漏洞管理/上传安全公告.png) + +社区也提供了安全公告订阅,订阅后会收到邮件通知:[https://mailweb.openeuler.org/postorius/lists/sa-announce.openeuler.org/](https://mailweb.openeuler.org/postorius/lists/sa-announce.openeuler.org/) + +### 3.3 CVE详情信息 + +和主机详情界面类似,在CVE列表界面点击某一个CVE即可进入CVE详情界面。可以看到此漏洞影响的所有主机和已修复这个漏洞的主机。 + +![CVE详情](./figures/漏洞管理/CVE详情界面.png) + +支持如下操作: + ++ 查看CVE基本信息。 ++ 查看关联CVE数量,即影响同样源码包(如kernel)的CVE。 ++ 查看受此CVE影响的主机列表以及单个主机上受此CVE影响的rpm包列表。 ++ 支持点击主机名称跳转至**主机详情页**。 ++ 选择“未修复”列表,右侧按钮为“生成修复任务,支持**生成CVE修复任务**。 ++ 选择“已修复”列表,右侧按钮为“热补丁移除任务”,支持**生成热补丁移除任务**。 + +## 4. 漏洞修复 + +### 4.1 生成修复任务 + +在CVE列表、CVE详情、主机详情界面均可进行漏洞的批量修复。这里以CVE列表界面为示例,选中CVE点击“生成修复任务”按钮,右侧会出现弹窗。不选中CVE则默认修复全部CVE。 + +其中针对热补丁,有2个按钮: + +- 是否accept:勾选后会在重启后自动激活此次修复使用的热补丁。 + +- 冷补丁收编:勾选后,会同步生成热补丁对应的冷补丁的修复任务。 + +![生成修复任务](./figures/漏洞管理/生成修复任务.png) + +需额外注意: + +- 为了方便执行以及后续的任务回滚,生成任务时会自动将冷、热补丁的修复动作拆分成两个任务,可以通过任务名进行分辨。 + +### 4.2 执行修复任务 + +生成任务后可以点击立即跳转到该任务详情,或点击左侧的任务子页面,进入任务列表界面: + +![任务列表](./figures/漏洞管理/任务列表.png) + +点击刚才生成的修复任务,可以看到此任务的基础信息,以及下方的主机以及该主机要修复的软件包信息。点击右侧的执行按钮即可执行。 + +![任务详情界面](./figures/漏洞管理/任务详情.png) + +**注意**:针对同一台主机,**热补丁任务应优先与冷补丁任务执行**。由于内核热补丁只能应用在指定版本内核,若先安装冷补丁再安装热补丁,aops客户端会报错,以防重启后内核切换、热补丁失效导致的漏洞重新暴露。而先安装热补丁再安装冷补丁时,客户端调用的dnf upgrade-en 命令会确保冷补丁包含了当前热补丁修复的漏洞。 + +### 4.3 任务报告查看 + +执行完毕后,可以看到任务的“上次执行时间”发生更新,并出现“查看报告”按钮。点击查看报告,即可查看各主机的执行情况,如执行结果、执行失败的原因等: + +![修复任务报告](./figures/漏洞管理/修复任务报告.png) + +## 5. 修复任务回滚 + +进入修复任务详情,点击生成回滚任务,即可对该修复任务进行回退: + +![生成回滚任务](./figures/漏洞管理/生成回滚任务.png) + +进入回滚任务详情,与修复任务相反,可以看见当前已安装的软件包(修复时安装的rpm),以及回退后的目标软件包(修复前的rpm)。执行时点击“执行”按钮即可。 + +![回滚任务详情](./figures/漏洞管理/回滚任务详情.png) + +## 6. 热补丁移除任务 + +若对已安装的热补丁不满意,可以在任意“已修复”的列表,勾选使用热补丁修复的CVE或主机,生成热补丁移除任务。 + +与回滚任务相比,热补丁移除任务只针对热补丁,且不支持对热补丁的升降级处理,只通过dnf操作将热补丁rpm进行移除。 + +![生成热补丁移除任务](./figures/漏洞管理/生成热补丁移除任务.png) + +## 7. 定时任务配置 + +主体的漏洞处理过程在前台完成之后,用户还可以在apollo服务端针对后台的定时任务进行编辑,修改后`systemctl restart aops-apollo`重启服务生效。 + +定时任务主要包含3种类型任务,定时任务配置文件位于 /etc/aops/apollo_crontab.ini,内容如下: + +```ini +[cve_scan] +# timed task name +id = cve scan +# value between 0-6, for example, 0 means Monday, 0-6means everyday. +day_of_week = 0-6 +# value between 0-23, for example, 2 means 2:00 in a day. +hour = 2 +# value is true or false, for example, true means with service start. +auto_start = true + +[download_sa] +id = download sa +day_of_week = 0-6 +hour = 3 +auto_start = true +cvrf_url = https://repo.openeuler.org/security/data/cvrf + +[correct_data] +id = correct data +day_of_week = 0-6 +hour = 4 +auto_start = true +service_timeout_threshold_min = 15 +``` + +### 7.1 定时巡检,执行漏洞扫描 + +**定时扫描cve任务的参数** + ++ id + + > 定时任务的名称,不能与其他定时任务名称重复,不建议修改。 + ++ day_of_week + + > 定时任务在一周中的第几天启动,取值范围0-6,0-6表示每天,0表示周一,以此类推。 + ++ hour + + > 任务启动的时间,取值范围0-23,与24小时制时间格式一致。 + ++ auto_start + + > 任务是否跟随服务启动,true表示同时启动,false表示不同时启动。 + ++ 其他 + + > 如果要精确到分钟,秒,需要添加minute(取值范围0-59)和second(取值范围0-59)。 + > + > **示例** + > + > ```ini + > minute = 0 + > second = 0 + > ``` + +**修改配置文件示例** + +> 打开配置文件 + +```shell +vim /etc/aops/apollo_crontab.ini +``` + +> 修改定时任务执行时机 + +```ini +[cve_scan] +id = cve scan +day_of_week = 5 +hour = 2 +auto_start = true +``` + +### 7.2 定时下载安全公告 + +相同字段含义和使用与[cve_scan]一样。 + ++ cvrf_url + + > 获取安全公告详细信息的基础url,**暂不支持修改。** + +### 7.3 定时校正异常数据 + +相同字段含义和使用与[cve_scan]一样。 + ++ service_timeout_threshold_min + + > 判断异常数据的阈值,取值为正整数,建议最小值为15。 + +**修改配置文件示例** + +> 打开配置文件 + +```shell +vim /etc/aops/apollo_crontab.ini +``` + +> 设置异常数据阈值 + +```ini +service_timeout_threshold_min = 15 +``` diff --git "a/docs/zh/docs/A-Ops/AOps\351\203\250\347\275\262\346\214\207\345\215\227.md" "b/docs/zh/docs/A-Ops/AOps\351\203\250\347\275\262\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..76ff05240fc1b85c4c98f795f8490540b77c42e4 --- /dev/null +++ "b/docs/zh/docs/A-Ops/AOps\351\203\250\347\275\262\346\214\207\345\215\227.md" @@ -0,0 +1,1306 @@ +# 一、A-Ops服务介绍 + +A-Ops是用于提升主机整体安全性的服务,通过用户管理、资产管理、漏洞管理、配置溯源等功能,识别并管理主机中的信息资产,监测主机中的软件漏洞、排查主机中遇到的系统故障,使得目标主机能够更加稳定和安全的运行。 + +下表是A-Ops服务涉及服务和RPM包的说明: + +| 模块 | 说明 | +| ---------- | ---------------------------------------------------- | +| aops-ceres | A-Ops服务的客户端。
提供采集主机数据与管理其他数据采集器(如gala-gopher)的功能。
响应管理中心下发的命令,处理管理中心的需求与操作。 | +| aops-zeus | A-Ops基础应用,主要提供aops-cli命令行工具。
实现微服务的启停、数据库初始化、配置更新热加载、微服务应用一键化部署等。 | +| aops-hermes | A-Ops可视化操作界面,展示数据信息,提升服务易用性。 | +| aops-apollo | A-Ops漏洞管理模块相关功能依赖此服务实现,默认端口:11116。
识别客户机周期性获取openEuler社区发布的安全公告,并更新到漏洞库中。
通过与漏洞库比对,检测出系统和软件存在的漏洞。 | +| aops-vulcanus | A-Ops工具库,**除aops-ceres与aops-hermes模块外,其余模块须与此模块共同安装使用**。 | +| zeus-user-access | A-Ops用户微服务,提供用户权限管控、集群分层纳管,默认对外端口:11119。 | +| zeus-host-information | A-Ops主机微服务,主机资产基于集群或主机组维度的管理,默认对外端口:11115。 | +| async-task | A-Ops异步任务,后台执行耗时较长的任务、定时任务的触发。 | +| zeus-distribute | A-Ops分发服务,总控端调用集群服务时,需分发服务做中转,实现服务互通,默认端口:11113。 | + +# 二、部署环境要求 + +服务器资源充足的前提下,可以按照多机器部署,各个服务间主备搭配,实现高可用。同时也支持在单台机器中完成一键化部署应用,具体请参考**[一键化部署安装](#3.6 一键化快速部署)**。 + +建议采用4台openEuler 20.03-LTS-SP4 机器部署,其中3台用于配置服务端,1台用于纳管(aops服务纳管的主机),**且repo中需要配置update源**([FAQ:配置update源](#Q6 配置update源)),具体用途以及部署方案如下: + ++ 机器A:部署mysql、redis、elasticsearch、zookeeper等,主要提供数据服务支持,建议内存8G+。 ++ 机器B:部署A-Ops的微服务模块(漏洞管理、主机服务、用户服务、分发服务),提供完整的业务功能支持,建议内存8G+。 ++ 机器C:部署A-Ops的前端服务+异步任务服务,提供可视化操作及后台执行耗时任务,建议内存4G+。 ++ 机器D:部署A-Ops的客户端,用作一个被AOps服务纳管监控的主机(需要监管的机器中都可以安装aops-ceres)。 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | ------------------------------------------------------------ | +| 机器A | 192.168.1.1 | mysql、elasticsearch、 redis、zookeeper | +| 机器B | 192.168.1.2 | aops-apollo、zeus-user-access、zeus-host-information、zeus-distribute、aops-zeus | +| 机器C | 192.168.1.3 | aops-hermes、async-task、canal(选装) | +| 机器D | 192.168.1.4 | aops-ceres、dnf-hotpatch-plugin | + +**注意:**每台机器在部署前,请先关闭**防火墙**[FAQ:关闭防火墙](#Q8 关闭防火墙))和SELinux([FAQ:禁用SELinux](#Q7 禁用SELinux))。 + +# 三、服务端部署 + +## 3.1 资产管理 + +使用资产管理功能需部署aops-host-information、aops-hermes、mysql、redis服务。 + +### 3.1.1 节点信息 + +| 机器编号 | 配置IP|部署模块| +| -------- | -------- | -------- | +| 机器A | 192.168.1.1 |mysql、redis、zookeeper| +| 机器B | 192.168.1.2 |zeus-host-information| +| 机器C | 192.168.1.3 |aops-hermes、async-task| + +### 3.1.2 部署步骤 + +#### 3.1.2.1 部署mysql + +- 安装mysql + +```shell +yum install mysql-server -y +``` + +- 修改mysql配置文件 + +```bash +vim /etc/my.cnf +``` + +- 在mysqld配置节下新增bind-address,值为本机ip + +```ini +[mysqld] +bind-address=192.168.1.1 +log-bin=mysql-bin +server-id=1 +default-storage-engine=INNODB +character-set-server=utf8mb4 +collation-server=utf8mb4_unicode_ci +``` + +- 重启mysql服务 + +```bash +systemctl restart mysqld +``` + +- 设置mysql数据库的root用户访问权限 + +```mysql +[root@localhost ~] mysql + +mysql> show databases; +mysql> use mysql; +mysql> select user,host from user; -- 此处出现host为localhost时,说明mysql只允许本机连接,外网和本地软件客户端则无法连接。 + ++---------------+-----------+ +| user | host | ++---------------+-----------+ +| root | localhost | +| mysql.session | localhost | +| mysql.sys | localhost | ++---------------+-----------+ +3 rows in set (0.00 sec) +mysql> update user set host = '%' where user='root'; -- 设置允许root用户任意IP访问。 +mysql> GRANT system_user on *.* to 'root'; +mysql> DELETE FROM mysql.user WHERE user='canal'; +mysql> CREATE USER canal IDENTIFIED BY 'canal'; +mysql> GRANT ALL PRIVILEGES ON *.* TO 'canal'@'%'; +mysql> flush privileges; -- 刷新权限 +mysql> exit +``` + +#### 3.1.2.2 部署redis + +- 安装redis + +```shell +yum install redis -y +``` + +- 修改配置文件 + +```shell +vim /etc/redis.conf +``` + +- 绑定IP + +```ini +# It is possible to listen to just one or multiple selected interfaces using +# the "bind" configuration directive, followed by one or more IP addresses. +# +# Examples: +# +# bind 192.168.1.100 10.0.0.1 +# bind 127.0.0.1 ::1 +# +# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the +# internet, binding to all the interfaces is dangerous and will expose the +# instance to everybody on the internet. So by default we uncomment the +# following bind directive, that will force Redis to listen only into +# the IPv4 lookback interface address (this means Redis will be able to +# accept connections only from clients running into the same computer it +# is running). +# +# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES +# JUST COMMENT THE FOLLOWING LINE. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +bind 127.0.0.1 192.168.1.1 # 此处添加机器A的真实IP +``` + +- 启动redis服务 + +```shell +systemctl start redis +``` + +#### 3.1.2.3 部署zookeeper + +- 安装zookeeper + +``` +yum install zookeeper -y +``` + +- 修改配置文件 + +``` +vim /opt/zookeeper/conf/zoo.cfg +``` + +- 允许任意ip连接 + +```ini +# The number of milliseconds of each tick +tickTime=2000 +# The number of ticks that the initial +# synchronization phase can take +initLimit=10 +# The number of ticks that can pass between +# sending a request and getting an acknowledgement +syncLimit=5 +# the directory where the snapshot is stored. +dataDir=/var/lib/zookeeper/data +# the port at which the clients will connect +clientPort=2181 +# Enable/disable the ability to accept session-less connections (true/false) +quorumListenOnAllIPs=true +``` + +- 启动zookeeper服务 + +```shell +systemctl start zookeeper +``` + +#### 3.1.2.4 部署zeus-host-information + +- 安装zeus-host-information + +``` +yum install zeus-host-information -y +``` + +- 修改配置文件 + +``` +vim /etc/aops/conf.d/zeus-host-information.yml +``` + +- 默认文件内容如下 + +```yaml +uwsgi: + port: 11115 + daemonize: /var/log/aops/uwsgi/host-information.log + http_timeout: 60 + processes: 1 + gevent: 100 +``` + +> 默认数据库等连接配置同**全局配置**保持一致,即**/etc/aops/aops-config.yml**中的配置项,如果需要为此服务单独配置连接,可在**/etc/aops/conf.d/zeus-host-information.yml**增加与全局格式一致的配置项,示例如下: +> +> ```yaml +> uwsgi: +> port: 11115 +> daemonize: /var/log/aops/uwsgi/host-information.log +> http_timeout: 60 +> processes: 1 +> gevent: 100 +> mysql: +> host: 192.168.1.1 +> port: 3306 +> username: root +> pool_size: 100 +> pool_recycle: 7200 +> database: aops +> username: root +> ``` + +**注意:/etc/aops/aops-config.yml配置项中的domain选项需要与hermes机器C的ip保持一致** + +```yaml +infrastructure: + mysql: + host: 192.168.1.1 + port: 3306 + username: root + pool_size: 100 + pool_recycle: 7200 + database: aops + username: root + redis: + host: 192.168.1.1 + port: 6379 + zookeeper: + host: 192.168.1.1 + port: 2181 +include: "/etc/aops/conf.d" +domain: "http://192.168.1.3" +services: + log: + log_level: "INFO" + log_dir: "/var/log/aops" + max_bytes: 31457280 + backup_count: 40 +``` + +- 启动aops-zeus服务 + +```shell +systemctl start zeus-host-information +``` + +**注意:服务启动前请确保已 [初始化zeus-host-information数据库](#3.1.2.5 初始化zeus-host-information数据库)** + +#### 3.1.2.5 初始化zeus-host-information数据库 + +- 执行数据库初始化 + +```shell +aops-cli database --init zeus-host-information +``` + +#### 3.1.2.6 部署aops-hermes + +- 安装aops-hermes + +```shell +yum install aops-hermes -y +``` + +#### 3.1.2.7 调整zeus-host-information服务upstream和代理 + +- 修改配置文件 + +```shell +vim /etc/nginx/nginx.conf +``` + +> **注意: 在安装aops-hermes应用的机器上操作(机器C)** + +- 服务配置展示,开放与主机服务相关的配置 + +```ini +user root; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} +http { + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + client_max_body_size 25M; + include /etc/nginx/conf.d/*.conf; + + upstream host { + server 192.168.1.2:11115; + } + + #upstream accounts { + # server @accounts; + #} + + #upstream distribute { + # server @distribute; + #} + + #upstream apollo { + # server @apollo; + #} + underscores_in_headers on; + server { + listen 80; + listen [::]:80 default_server; + server_name localhost; + + # gzip config + gzip on; + gzip_min_length 1k; + gzip_comp_level 6; + gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + location ~ .*\.(js|css|ico|png|jpg|eot|svg|ttf|woff|html|txt|pdf|) { + root /opt/aops/web/dist; + expires 30d; + } + location / { + try_files $uri $uri/ /index.html; + if (!-e $request_filename){ + rewrite ^(.*)$ /index.html last; + } + } + location /hosts { + proxy_pass http://host; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Request-Header $http_request_header; + } + #location /accounts { + # proxy_pass http://accounts; + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Request-Header $http_request_header; + #} + #location /distribute { + # rewrite ^/distribute(.*)$ /distribute break; + # proxy_pass http://distribute; + # proxy_set_header X-Real-URL $request_uri; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Request-Header $http_request_header; + #} + #location /vulnerabilities { + # proxy_pass http://apollo; + # proxy_set_header X-Real-URL $request_uri; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Request-Header $http_request_header; + #} + } +} +stream { + upstream mysql_prod { + server 192.168.1.1:3306; + } + server { + listen 3306; + proxy_responses 1; + proxy_timeout 20s; + proxy_pass mysql_prod; + } +} +``` + +注意:由于主机服务在机器B上部署,因此需要调整**upstream host中的server**指向机器B的地址,mysql服务部署在机器A中,因此调整**upstream mysql_prod中的server**指向机器A的地址 + +- 开启aops-hermes服务 + +```shell +systemctl start aops-hermes +systemctl restart nginx +``` + +## 3.2 用户服务 + +使用用户服务功能需部署zeus-user-access服务。 + +### 3.2.1 节点信息 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | ----------------------- | +| 机器A | 192.168.1.1 | mysql、redis、zookeeper | +| 机器B | 192.168.1.2 | zeus-user-access | +| 机器C | 192.168.1.3 | aops-hermes | + +### 3.2.2 部署步骤 + +#### 3.2.2.1 部署zeus-user-access + +- 安装zeus-user-access + +``` +yum install zeus-user-access -y +``` + +- 修改配置文件 + +``` +vim /etc/aops/conf.d/zeus-user-access.yml +``` + +- 默认文件内容如下 + +```yaml +uwsgi: + port: 11119 + daemonize: /var/log/aops/uwsgi/user-access.log + http_timeout: 60 + processes: 1 + threads: 2 +``` + +> 默认数据库连接配置同**全局配置**保持一致,即**/etc/aops/aops-config.yml**中的配置项,如果需要为该服务单独配置连接,可在**/etc/aops/conf.d/zeus-user-access.yml**增加与全局格式一致的配置项,示例如下: +> +> ```yaml +> uwsgi: +> port: 11119 +> daemonize: /var/log/aops/uwsgi/user-access.log +> http_timeout: 60 +> processes: 1 +> threads: 2 +> mysql: +> host: 192.168.1.1 +> port: 3306 +> username: root +> pool_size: 100 +> pool_recycle: 7200 +> database: aops +> username: root +> ``` + +**注意:/etc/aops/aops-config.yml配置项中的domain选项需要与hermes机器C的ip保持一致** + +```yaml +infrastructure: + mysql: + host: 192.168.1.1 + port: 3306 + username: root + pool_size: 100 + pool_recycle: 7200 + database: aops + username: root + redis: + host: 192.168.1.1 + port: 6379 + zookeeper: + host: 192.168.1.1 + port: 2181 + individuation: + gitee_client_id: 7420ebbb10f7f196de479bd3fe30f120691321143fdae882bc8b3320b3dbb71c + gitee_client_secret: c6466348389db3a2da3a86ec3b544c19c15f50de513da4dc3edbadaa2e5df792 + redirect_url: http://127.0.0.1:8000/user/account + exempt_authentication: ?Ohdc,&S*2O].f%-Y1Z~f%~9^U5uD]AQ + private_key: sfwsfs{)sdf_+$%{$^%$NI07&*()@$&^*(*(^&%( + +include: "/etc/aops/conf.d" +domain: 192.168.1.3 +services: + log: + log_level: "INFO" + log_dir: "/var/log/aops" + max_bytes: 31457280 + backup_count: 40 + email: + server: smtp.163.com + port: 25 + sender: xxx@163.com + authorization_code: xxx + smtp_ssl: false + enabled: false +``` + +- 启动aops-zeus服务 + +```shell +systemctl start zeus-user-access +``` + +**注意:服务启动前请确保已 [初始化zeus-user-access数据库](#3.2.2.2 初始化zeus-user-access数据库)** + +#### 3.2.2.2 初始化zeus-user-access数据库 + +- 执行数据库初始化 + +```shell +aops-cli database --init zeus-user-access +``` + +**注意:若要使用可视化服务,请参考[部署aops-hermes](#3.1.2.6 部署aops-hermes)应用部署** + +#### 3.2.2.3 调整zeus-user-access服务upstream和代理 + +- 修改aops-hermes关联的nginx配置文件 + +```shell +vim /etc/nginx/nginx.conf +``` + +> **注意: 在安装aops-hermes应用的机器上操作(机器C)** + +- 服务配置展示,放开与用户服务关联的配置块 + +```ini +user root; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} +http { + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + client_max_body_size 25M; + include /etc/nginx/conf.d/*.conf; + + #upstream host { + # server @hosts; + #} + + upstream accounts { + server 192.168.1.2:11119; + } + + #upstream distribute { + # server @distribute; + #} + + #upstream apollo { + # server @apollo; + #} + underscores_in_headers on; + server { + listen 80; + listen [::]:80 default_server; + server_name localhost; + + # gzip config + gzip on; + gzip_min_length 1k; + gzip_comp_level 6; + gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + location ~ .*\.(js|css|ico|png|jpg|eot|svg|ttf|woff|html|txt|pdf|) { + root /opt/aops/web/dist; + expires 30d; + } + location / { + try_files $uri $uri/ /index.html; + if (!-e $request_filename){ + rewrite ^(.*)$ /index.html last; + } + } + #location /hosts { + # proxy_pass http://host; + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Request-Header $http_request_header; + #} + location /accounts { + proxy_pass http://accounts; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Request-Header $http_request_header; + } + #location /distribute { + # rewrite ^/distribute(.*)$ /distribute break; + # proxy_pass http://distribute; + # proxy_set_header X-Real-URL $request_uri; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Request-Header $http_request_header; + #} + #location /vulnerabilities { + # proxy_pass http://apollo; + # proxy_set_header X-Real-URL $request_uri; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Request-Header $http_request_header; + #} + } +} +stream { + upstream mysql_prod { + server 192.168.1.1:3306; + } + server { + listen 3306; + proxy_responses 1; + proxy_timeout 20s; + proxy_pass mysql_prod; + } +} +``` + +注意:由于用户服务在机器B上部署,因此需要调整**upstream accounts中的server**指向机器B的地址,mysql服务部署在机器A中,因此调整**upstream mysql_prod中的server**指向机器A的地址。 + +- 重启nginx服务 + +```shell +systemctl restart nginx +``` + +#### 3.2.2.4 异步任务async-task + +- 安装异步任务服务 + +```shell +yum install async-task -y +``` + +**注意:**异步任务中同时包含了定时任务模块,其中有一项定时任务为动态更新nginx的upstream块,在启用了该定时任务前提下,建议异步任务和nginx在同一台机器上部署,保证定时动态更新nginx配置任务正常执行,在该部署方案中,异步任务需安装在**机器C**上。 + +- 启用定时任务 + +```shell +vim /etc/aops/crontab.yml +``` + +- 设置enable为true/false + +```yaml +# Timed task configuration file specification (YAML): + +# Name of a scheduled task, name should be unique, only 'upstream', 'download-sa' and 'cve-scan' and 'correct-data' e.g +# task: upstream + +# Whether scheduled tasks are allowed to run +# enable: true + +# meta info for the task, it's customised for user +# meta: +# cvrf_url: https://repo.openeuler.org/security/data/cvrf + +# Timed config, set the scheduled time and polling policy +# timed: +# value between 0-6, for example, 0 means Monday, 0-6 means everyday +# day_of_week: 0-6 +# value between 0-23, for example, 2 means 2:00 in a day +# hour: 3 +# Polling strategy, The value can only be 'cron' 'date' 'interval', default value is 'cron' +# trigger: cron + +- task: upstream + enable: true + timed: + day_of_week: 0-6 + hour: 3 + trigger: cron +- task: download-sa + enable: true + meta: + cvrf_url: https://repo.openeuler.org/security/data/cvrf + timed: + day_of_week: 0-6 + hour: 3 + trigger: cron +- task: cve-scan + enable: true + timed: + day_of_week: 0-6 + hour: 3 + trigger: cron +- task: correct-data + enable: true + timed: + minutes: 20 + trigger: interval +- task: send-notification + enable: true + timed: + day_of_week: 0-6 + hour: 4 + trigger: cron +``` + +- 启用异步任务 + +```shell +systemctl start async-task +``` + +## 3.3 分发服务 + +使用分发服务功能需部署zeus-distribute服务。 + +### 3.3.1 节点信息 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | ---------------- | +| 机器A | 192.168.1.1 | redis、zookeeper | +| 机器B | 192.168.1.2 | zeus-distribute | + +### 3.3.2 部署步骤 + +#### 3.3.2.1 部署zeus-distribute + +- 安装zeus-distribute + +``` +yum install zeus-distribute -y +``` + +- 修改配置文件 + +``` +vim /etc/aops/conf.d/zeus-distribute.yml +``` + +- 默认文件内容如下 + +```yaml +uwsgi: + port: 11113 + daemonize: /var/log/aops/uwsgi/distribute.log + http_timeout: 60 + processes: 1 + gevent: 100 +``` + +> 默认数据库连接配置同**全局配置**保持一致,即**/etc/aops/aops-config.yml**中的配置项,如果需要为该服务单独配置连接,可在**/etc/aops/conf.d/zeus-distribute.yml**增加与全局格式一致的配置项,示例如下: +> +> ```yaml +> uwsgi: +> port: 11113 +> daemonize: /var/log/aops/uwsgi/distribute.log +> http_timeout: 60 +> processes: 1 +> gevent: 100 +> redis: +> host: 192.168.1.1 +> port: 6379 +> ``` + +**注意:/etc/aops/aops-config.yml配置项中的domain选项需要与hermes机器C的ip保持一致** + +```yaml +infrastructure: + redis: + host: 192.168.1.1 + port: 6379 + zookeeper: + host: 192.168.1.1 + port: 2181 + +include: "/etc/aops/conf.d" +domain: "http://192.168.1.3" +services: + log: + log_level: "INFO" + log_dir: "/var/log/aops" + max_bytes: 31457280 + backup_count: 40 +``` + +- 启动aops-zeus服务 + +```shell +systemctl start zeus-distribute +``` + +**注意:若要使用可视化服务,请参考[部署aops-hermes](#3.1.2.6 部署aops-hermes)应用部署** + +#### 3.3.2.3 调整zeus-distribute服务upstream和代理 + +- 修改aops-hermes关联的nginx配置文件 + +```shell +vim /etc/nginx/nginx.conf +``` + +> **注意: 在安装aops-hermes应用的机器上操作(机器C)** + +- 服务配置展示,放开与分发服务关联的配置块 + +```ini +user root; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} +http { + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + client_max_body_size 25M; + include /etc/nginx/conf.d/*.conf; + + #upstream host { + # server @hosts; + #} + + #upstream accounts { + # server 192.168.1.2:11119; + #} + + upstream distribute { + server 192.168.1.2:11113; + } + + #upstream apollo { + # server @apollo; + #} + underscores_in_headers on; + server { + listen 80; + listen [::]:80 default_server; + server_name localhost; + + # gzip config + gzip on; + gzip_min_length 1k; + gzip_comp_level 6; + gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + location ~ .*\.(js|css|ico|png|jpg|eot|svg|ttf|woff|html|txt|pdf|) { + root /opt/aops/web/dist; + expires 30d; + } + location / { + try_files $uri $uri/ /index.html; + if (!-e $request_filename){ + rewrite ^(.*)$ /index.html last; + } + } + #location /hosts { + # proxy_pass http://host; + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Request-Header $http_request_header; + #} + #location /accounts { + # proxy_pass http://accounts; + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Request-Header $http_request_header; + #} + location /distribute { + rewrite ^/distribute(.*)$ /distribute break; + proxy_pass http://distribute; + proxy_set_header X-Real-URL $request_uri; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Request-Header $http_request_header; + } + #location /vulnerabilities { + # proxy_pass http://apollo; + # proxy_set_header X-Real-URL $request_uri; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Request-Header $http_request_header; + #} + } +} +stream { + upstream mysql_prod { + server 192.168.1.1:3306; + } + server { + listen 3306; + proxy_responses 1; + proxy_timeout 20s; + proxy_pass mysql_prod; + } +} +``` + +注意:由于用户服务在机器B上部署,因此需要调整**upstream distribute中的server**指向机器B的地址,mysql服务部署在机器A中,因此调整**upstream mysql_prod中的server**指向机器A的地址 + +- 重启nginx服务 + +```shell +systemctl restart nginx +``` + +## 3.4 漏洞管理 + +CVE管理模块在[资产管理](#3.1.2 部署步骤)、[用户服务](#3.2.2 部署步骤)模块的基础上实现,在部署CVE管理模块前须完成[资产管理](#3.1.2 部署步骤)、[用户服务](#3.2.2 部署步骤)、[分发服务](#3.3.2 部署步骤)模块的部署,然后再部署aops-apollo。 + +数据服务部分aops-apollo服务的运行需要**mysql、elasticsearch、redis**数据库的支持。 + +### 3.4.1 节点信息 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | -------------------------------------- | +| 机器A | 192.168.1.1 | elasticsearch、redis、mysql、zookeeper | +| 机器C | 192.168.1.2 | aops-apollo | + +### 3.4.2 部署步骤 + +[资产管理](#3.1.2 部署步骤) + +[用户服务](#3.2.2 部署步骤) + +[分发服务](#3.3.2 部署步骤) + +#### 3.4.2.1 部署elasticsearch + +- 生成elasticsearch的repo源: + +```shell +echo "[aops_elasticsearch] +name=Elasticsearch repository for 7.x packages +baseurl=https://artifacts.elastic.co/packages/7.x/yum +gpgcheck=1 +gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch +enabled=1 +autorefresh=1 +type=rpm-md" > "/etc/yum.repos.d/aops_elascticsearch.repo" +``` + +- 安装elasticsearch: + +```shell +yum install elasticsearch-7.14.0-1 -y +``` + +- 修改elasticsearch配置文件: + +```shell +vim /etc/elasticsearch/elasticsearch.yml +# ------------------------------------ Node ------------------------------------ +# +# Use a descriptive name for the node: +# +node.name: node-1 +# ---------------------------------- Network ----------------------------------- +# +# By default Elasticsearch is only accessible on localhost. Set a different +# address here to expose this node on the network: +# +# 此处修改为机器A真实ip +network.host: 192.168.1.1 +# +# By default Elasticsearch listens for HTTP traffic on the first free port it +# finds starting at 9200. Set a specific HTTP port here: +# +http.port: 9200 +# +# For more information, consult the network module documentation. +# +# --------------------------------- Discovery ---------------------------------- +# +# Pass an initial list of hosts to perform discovery when this node is started: +# The default list of hosts is ["127.0.0.1", "[::1]"] +# +#discovery.seed_hosts: ["host1", "host2"] +# +# Bootstrap the cluster using an initial set of master-eligible nodes: +# +cluster.initial_master_nodes: ["node-1"] +# 跨域配置 +http.cors.enabled: true +http.cors.allow-origin: "*" +``` + +**注意:**如果服务器内存较小时,需手动限制elasticsearch运行内存,具体请参考**([FAQ:elasticsearch内存调整](#Q6 elasticsearch内存占用高,系统级kill)) + +- 重启elasticsearch服务 + +```shell +systemctl restart elasticsearch +``` + +#### 3.4.2.2 部署aops-apollo + +- 安装aops-apollo + +```shell +yum install aops-apollo -y +``` + +- 修改配置文件 + +``` +vim /etc/aops/conf.d/aops-apollo.yml +``` + +- 默认文件内容如下 + +```ini +cve: + cve_fix_function: yum + # value between 0-23, for example, 2 means 2:00 in a day. + cve_scan_time: 2 + +uwsgi: + daemonize: /var/log/aops/uwsgi/apollo.log + http_timeout: 600 + harakiri: 600 + processes: 1 + gevent: 100 + port: 11116 + +file: + classname: "" + path: /opt/aops/scripts/file_manage_support/download.py + extra: "" + +``` +> 默认数据库连接配置同**全局配置**保持一致,即**/etc/aops/aops-config.yml**中的配置项,如果需要为该服务单独配置连接,可在**/etc/aops/conf.d/aops-apollo.yml**增加与全局格式一致的配置项,示例如下: +> +> ```yaml +> uwsgi: +> port: 11119 +> daemonize: /var/log/aops/uwsgi/user-access.log +> http_timeout: 60 +> processes: 1 +> threads: 2 +> mysql: +> host: 192.168.1.1 +> port: 3306 +> username: root +> pool_size: 100 +> pool_recycle: 7200 +> database: aops +> username: root +> elasticsearch: +> host: 192.168.1.1 +> port: 9200 +> max_es_query_num: 10000000 +> ``` + +**注意:/etc/aops/aops-config.yml配置项中的domain选项需要与hermes机器C的ip保持一致** + +```yaml +infrastructure: + mysql: + host: 192.168.1.1 + port: 3306 + username: root + pool_size: 100 + pool_recycle: 7200 + database: aops + username: root + redis: + host: 192.168.1.1 + port: 6379 + zookeeper: + host: 192.168.1.1 + port: 2181 + elasticsearch: + host: 192.168.1.1 + port: 9200 + max_es_query_num: 10000000 +include: "/etc/aops/conf.d" +domain: "http://192.168.1.3" +services: + log: + log_level: "INFO" + log_dir: "/var/log/aops" + max_bytes: 31457280 + backup_count: 40 + +``` + +- 启动aops-apollo服务 + +```shell +systemctl start aops-apollo +``` + +**注意:服务启动前请确保已 [初始化aops-apollo数据库](#3.4.2.3 初始化aops-apollo数据库)** + +#### 3.4.2.3 初始化aops-apollo数据库 + +- apollo数据库初始化 + +```shell +aops-cli database --init aops-apollo +``` + +**注意:如果提示未发现aops-cli命令时,需要安装aops-zeus包** + +## 3.5 客户端安装 + +aops-ceres作为A-Ops模块的客户端,通过ssh协议与AOps管理中心进行数据交互,提供采集主机信息、响应并处理中心命令等功能。 + +### 3.5.1 节点信息 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | ---------- | +| 机器D | 192.168.1.4 | aops-ceres | + +### 3.5.2 部署客户端 + +```shell +yum install aops-ceres dnf-hotpatch-plugin -y +``` + +## 3.6 一键化快速部署 + +A-Ops为了简化用户的安装部署流程,在aops-zeus包中提供了aops-cli命令行工具,可以通过cli工具一键化快速安装部署服务。 + +在使用一键化部署时,由于服务和基础环境都同时安装在一台机器上,建议服务器最小配置内存在16G+。 + +### 3.6.1 节点信息 + +| 机器编号 | 配置IP | 部署模块 | +| -------- | ----------- | ------------------------------------------------------------ | +| 机器A | 192.168.1.1 | aops-apollo、zeus-host-information、zeus-user-access、zeus-distribute、async-task、redis、mysql、elasticsearch、zookeeper、aops-zeus | +| 机器D | 192.168.1.4 | aops-ceres | + +### 3.6.2 部署步骤 + +在执行一键化部署前,请先手动关闭**防火墙**和禁用**SELinux**,具体请参考([FAQ:禁用SELinux](#Q7 禁用SELinux))。 + +#### 3.6.2.1 部署aops-zeus + +- 安装aops-zeus + +```shell +yum install aops-zeus -y +``` + +- 使用aops-cli一键化部署 + +```shell +aops-cli deploy --ip 192.168.1.1 +``` + +**温馨提示:等待执行成功后,可打开浏览器访问http://192.168.1.1使用A-Ops** + +## FAQ + +#### Q1 最大连接数(MaxStartups) + +批量添加主机接口服务执行过程中会受到aops-zeus安装所在主机sshd服务配置中最大连接数(MaxStartups)的限制,会出现部分主机不能连接的情况,如有大量添加主机的需求,可考虑临时调增该数值。关于该配置项的修改可参考[ssh文档](https://www.man7.org/linux/man-pages/man5/sshd_config.5.html)。 + +#### Q2 504网关超时 + +部分http访问接口执行时间较长,web端可能返回504错误,可向nginx配置中添加proxy_read_timeout配置项,并适当调大该数值,可降低504问题出现概率。 + +#### Q3 防火墙 + +若防火墙不方便关闭,请设置放行服务部署过程涉及的所有接口,否则会造成服务不可访问,影响A-Ops的正常使用。 + +#### Q4 elasticasearch访问拒绝 + +elasticsearch分布式部署多节点时,需调整配置跨域部分,允许各节点访问。 + +#### Q5 配置update源 + +```shell +echo "[update] +name=update +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/update/$basearch/ +enabled=1 +gpgcheck=0 +[update-epol] +name=update-epol +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/update/main/$basearch/ +enabled=1 +gpgcheck=0" > /etc/yum.repos.d/openEuler-update.repo +``` + +> 注意: 其中**openEuler-20.03-LTS-SP4** 根据部署的系统版本具体调整,或可直接参与openeuler官网中针对repo源配置介绍 + +#### Q6 elasticsearch内存占用高,系统级kill + +elasticsearch在运行过程中,默认会占用系统一半的内存,当系统内存较小时,该默认配置会导致系统频繁的杀掉该进程,为确保系统正常稳定运行,需调整elasticsearch默认内存占用策略。 + +- 修改elasticsearch jvm配置 + +```shell +vim /etc/elasticsearch/jvm.options +``` + +- 调整内存策略(可根据服务器内存大小自行调整,但不能少于2G) + +```ini +################################################################ +## IMPORTANT: JVM heap size +################################################################ +## +## The heap size is automatically configured by Elasticsearch +## based on the available memory in your system and the roles +## each node is configured to fulfill. If specifying heap is +## required, it should be done through a file in jvm.options.d, +## and the min and max should be set to the same value. For +## example, to set the heap to 4 GB, create a new file in the +## jvm.options.d directory containing these lines: +## +-Xms4g +``` + +- 重启elasitcsearch + +```shell +systemctl restart elasticsearch +``` + +#### Q7 禁用SELinux + +- 禁用SELinux + +```shell +# 修改/etc/selinux/config文件中SELINUX状态为disabled + +vi /etc/selinux/config +SELINUX=disabled + +``` + +**注:此SELINUX状态配置在系统重启后生效。** + +#### Q8 关闭防火墙 + +```shell +systemctl stop firewalld +systemctl disable firewalld +systemctl status firewalld +setenforce 0 +``` \ No newline at end of file diff --git "a/docs/zh/docs/A-Ops/dnf\346\217\222\344\273\266\345\221\275\344\273\244\344\275\277\347\224\250\346\211\213\345\206\214.md" "b/docs/zh/docs/A-Ops/dnf\346\217\222\344\273\266\345\221\275\344\273\244\344\275\277\347\224\250\346\211\213\345\206\214.md" new file mode 100644 index 0000000000000000000000000000000000000000..80d247e3763ea4fcbe21d7097439681c92f33207 --- /dev/null +++ "b/docs/zh/docs/A-Ops/dnf\346\217\222\344\273\266\345\221\275\344\273\244\344\275\277\347\224\250\346\211\213\345\206\214.md" @@ -0,0 +1,738 @@ +# dnf插件命令使用手册 +将dnf-hotpatch-plugin安装部署完成后,可使用dnf命令调用A-ops ceres中的冷/热补丁操作,命令包含热补丁扫描(dnf hot-updateinfo),热补丁状态设置及查询(dnf hotpatch ),热补丁应用(dnf hotupgrade),内核升级前kabi检查(dnf upgrade-en)。本文将介绍上述命令的具体使用方法。 + +>热补丁包括ACC/SGL(accumulate/single)类型 +> +>- ACC:增量补丁。目标高版本热补丁包含低版本热补丁所修复问题。 +>- SGL_xxx:单独补丁,xxx为issue id,如果有多个issue id,用多个'_'拼接。目标修复issue id相关问题。 + +## 热补丁扫描 +`dnf hot-updateinfo`命令支持扫描热补丁并指定cve查询相关热补丁,命令使用方式如下: +```shell +dnf hot-updateinfo list cves [--available(default) | --installed] [--cve [cve_id]] + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates +Hot-updateinfo command-specific options: + --available + cves about newer versions of installed packages + (default) + --installed + cves about equal and older versions of installed packages +``` + + +1、查询主机所有可修复的cve和对应的冷/热补丁。 + +```shell +[root@localhost ~]# dnf hot-updateinfo list cves +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +CVE-2022-30594 Important/Sec. kernel-4.19.90-2206.1.0.0153.oe1.x86_64 patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 +CVE-2023-1111 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2023-1112 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2023-1111 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-SGL_CVE_2023_1111_CVE_2023_1112-1-1.x86_64 +``` + +2、查询主机所有已修复的cve和对应的冷/热补丁 + +```shell +[root@localhost ~]# dnf hot-updateinfo list cves --installed +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +CVE-2022-36298 Important/Sec. - patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_36298-1-1.x86_64 +``` + +3、指定cve查询对应的可修复冷/热补丁。 + +```shell +[root@localhost ~]# dnf hot-updateinfo list cves --cve CVE-2022-30594 +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +CVE-2022-30594 Important/Sec. kernel-4.19.90-2206.1.0.0153.oe1.x86_64 patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 +``` + +4、cve不存在时列表为空。 +```shell +[root@localhost ~]# dnf hot-updateinfo list cves --cve CVE-2022-3089 +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +``` + +## 热补丁状态及转换图 + +- 热补丁状态图 + + NOT-APPLIED: 热补丁尚未应用。 + + DEACTIVED: 热补丁未被激活。 + + ACTIVED: 热补丁已被激活。 + + ACCEPTED: 热补丁已被激活,后续重启后会被自动应用激活。 + + ![热补丁状态转换图](./figures/syscare热补丁状态图.png) + + +## 热补丁状态查询和切换 +`dnf hotpatch`命令支持查询、切换热补丁的状态,命令使用方式如下: + +```shell +dnf hotpatch + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates + +Hotpatch command-specific options: + --list [{cve, cves}] show list of hotpatch + --apply APPLY_NAME apply hotpatch + --remove REMOVE_NAME remove hotpatch + --active ACTIVE_NAME active hotpatch + --deactive DEACTIVE_NAME + deactive hotpatch + --accept ACCEPT_NAME accept hotpatch +``` +- 使用`dnf hotpatch`命令查询热补丁状态 + + - 使用`dnf hotpatch --list`命令查询当前系统中可使用的热补丁状态并展示。 + + ```shell + [root@localhost ~]# dnf hotpatch --list + Last metadata expiration check: 0:09:25 ago on 2023年12月29日 星期五 10时26分45秒. + base-pkg/hotpatch status + kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - 使用`dnf hotpatch --list cves`查询漏洞(CVE-id)对应热补丁及其状态并展示。 + + ```shell + [root@openEuler ~]# dnf hotpatch --list cves + Last metadata expiration check: 0:11:05 ago on 2023年12月29日 星期五 10时26分45秒. + CVE-id base-pkg/hotpatch status + CVE-2022-30594 kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - `dnf hotpatch --list cves --cve `筛选指定CVE对应的热补丁及其状态并展示。 + + ```shell + [root@openEuler ~]# dnf hotpatch --list cves --cve CVE-2022-30594 + Last metadata expiration check: 0:12:25 ago on 2023年12月29日 星期五 10时26分45秒. + CVE-id base-pkg/hotpatch status + CVE-2022-30594 kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - 使用`dnf hotpatch --list cves --cve `查询无结果时展示为空。 + + ```shell + [root@openEuler ~]# dnf hotpatch --list cves --cve CVE-2023-1 + Last metadata expiration check: 0:13:11 ago on 2023年12月29日 星期五 10时26分45秒. + ``` + +- 使用`dnf hotpatch --apply `命令应用热补丁,可使用 `dnf hotpatch --list`查询应用后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:13:55 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED +[root@openEuler ~]# dnf hotpatch --apply kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:15:37 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna apply this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +apply hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:16:20 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACTIVED +``` +- 使用`dnf hotpatch --deactive `停用热补丁,可使用`dnf hotpatch --list`查询停用后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --deactive kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:19:00 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna deactive this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +deactive hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:19:12 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux DEACTIVED +``` +- 使用`dnf hotpatch --remove `删除热补丁,可使用`dnf hotpatch --list`查询删除后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --remove kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:20:12 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna remove this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +remove hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:20:23 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED +``` +- 使用`dnf hotpatch --active `激活热补丁,可使用`dnf hotpatch --list`查询激活后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --active kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:15:37 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna active this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +active hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:16:20 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACTIVED +``` +- 使用`dnf hotpatch --accept `接收热补丁,可使用`dnf hotpatch --list`查询接收后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --accept kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:14:19 ago on 2023年12月29日 星期五 10时47分38秒. +Gonna accept this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +accept hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:14:34 ago on 2023年12月29日 星期五 10时47分38秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACCEPTED +``` + + +## 热补丁应用 +`hotupgrade`命令根据cve id和热补丁名称进行热补丁修复,同时也支持全量修复。命令使用方式如下: +```shell +dnf hotupgrade [--cve [cve_id]] [PACKAGE ...] [--takeover] [-f] + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates + +command-specific options: + --takeover + kernel cold patch takeover operation + -f + force retain kernel rpm package if kernel kabi check fails + PACKAGE + Package to upgrade +``` + +- 使用`dnf hotupgrade PACKAGE`安装目标热补丁。 + + - 使用`dnf hotupgrade PACKAGE`安装目标热补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 + Last metadata expiration check: 0:26:25 ago on 2023年12月29日 星期五 10时47分38秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - 当目标热补丁已经应用激活,使用`dnf hotupgrade PACKAGE`安装目标热补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 + Last metadata expiration check: 0:28:35 ago on 2023年12月29日 星期五 10时47分38秒. + The hotpatch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'vmlinux' + Package patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 is already installed. + Dependencies resolved. + Nothing to do. + Complete! + ``` + + - 使用`dnf hotupgrade PACKAGE`安装目标热补丁,自动卸载激活失败的热补丁。 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-1.x86_64 + Last metadata expiration check: 0:30:30 ago on 2023年12月29日 星期五 10时47分38秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch failed: redis-6.2.5-1/ACC-1-1. + Error: Operation failed + + Caused by: + 0. Transaction "Apply patch 'redis-6.2.5-1/ACC-1-1'" failed + + Caused by: + Cannot match any patch named "redis-6.2.5-1/ACC-1-1" + + Gonna remove unsuccessfully activated hotpatch rpm. + Remove package succeed: patch-redis-6.2.5-1-ACC-1-1.x86_64. + ``` + +- 使用`--cve `指定cve_id安装CVE对应的热补丁 + + - 使用`dnf hotupgrade --cve CVE-2022-30594`安装CVE对应的热补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2022-30594 + Last metadata expiration check: 0:26:25 ago on 2023年12月29日 星期五 10时47分38秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - 使用`dnf hotupgrade --cve CVE-2022-2021`安装CVE对应的热补丁,对应的CVE不存在。 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2022-2021 + Last metadata expiration check: 1:37:44 ago on 2023年12月29日 星期五 13时49分39秒. + The cve doesn't exist or cannot be fixed by hotpatch: CVE-2022-2021 + No hot patches marked for install. + Dependencies resolved. + Nothing to do. + Complete! + ``` + + - 使用`dnf hotupgrade --cve `指定cve_id安装时,该CVE对应的ACC低版本热补丁已安装时,删除低版本热补丁,安装高版本ACC热补丁包。 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2023-1070 + Last metadata expiration check: 0:00:48 ago on 2024年01月02日 星期二 11时21分55秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx (Install messages and process upgrade) + Complete! + Apply hot patch succeed: kernel-5.10.0-153.12.0.92.oe2203sp2/ACC-1-3. + [root@openEuler tmp]# + ``` + + - 指定cve_id安装时,该CVE对应的最高版本热补丁包已存在 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2023-1070 + Last metadata expiration check: 1:37:44 ago on 2023年12月29日 星期五 13时49分39秒. + The cve doesn't exist or cannot be fixed by hotpatch: CVE-2023-1070 + No hot patches marked for install. + Dependencies resolved. + Nothing to do. + Complete! + ``` + +- 使用`dnf hotupgrade`进行热补丁全量修复 + - 热补丁未安装时,使用`dnf hotupgrade`命令安装所有可安装热补丁。 + + - 当部分热补丁已经安装时,使用`dnf hotupgrade`命令进行全量修复,将保留已安装的热补丁,然后安装其他热补丁 + +- 使用`--takeover`进行内核热补丁收编 + + - 使用`dnf hotupgrade PACKAGE --takeover`安装热补丁,收编相应内核冷补丁;由于目标内核冷补丁kabi检查失败,进行自动卸载;accept热补丁,使热补丁重启后仍旧生效;恢复内核默认引导启动项。 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 --takeover + Last metadata expiration check: 2:23:22 ago on 2023年12月29日 星期五 13时49分39秒. + Gonna takeover kernel cold patch: ['kernel-4.19.90-2206.1.0.0153.oe1.x86_64'] + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + Gonna remove kernel-4.19.90-2206.1.0.0153.oe1.x86_64 due to Kabi check failed. + Rebuild rpm database succeed. + Remove package succeed: kernel-4.19.90-2206.1.0.0153.oe1.x86_64. + Restore the default boot kernel succeed: kernel-4.19.90-2112.8.0.0131.oe1.x86_64. + No available kernel cold patch for takeover, gonna accept available kernel hot patch. + Accept hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - 使用`dnf hotupgrade PACKAGE --takeover -f`安装热补丁,如果内核冷补丁kabi检查未通过,使用`-f`强制保留内核冷补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 --takeover + Last metadata expiration check: 2:23:22 ago on 2023年12月29日 星期五 13时49分39秒. + Gonna takeover kernel cold patch: ['kernel-4.19.90-2206.1.0.0153.oe1.x86_64'] + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + ``` + + +## 内核升级前kabi检查 + +`dnf upgrade-en` 命令支持内核冷补丁升级前kabi检查,命令使用方式如下: + +```shell +dnf upgrade-en [PACKAGE] [--cve [cve_id]] + +upgrade with KABI(Kernel Application Binary Interface) check. If the loaded +kernel modules have KABI compatibility with the new version kernel rpm, the +kernel modules can be installed and used in the new version kernel without +recompling. + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates +Upgrade-en command-specific options: + PACKAGE + Package to upgrade +``` + +- 使用`dnf upgrade-en PACKAGE`安装目标冷补丁 + + - 使用`dnf upgrade-en`安装目标冷补丁,kabi检查未通过,输出kabi差异性报告,自动卸载目标升级kernel包。 + + ```shell + [root@openEuler ~]# dnf upgrade-en kernel-4.19.90-2206.1.0.0153.oe1.x86_64 + Last metadata expiration check: 1:51:54 ago on 2023年12月29日 星期五 13时49分39秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + kvm_apic_write_nodecode : 0x56c989a1 != 0x24c9db31 + kvm_complete_insn_gp : 0x99c2d256 != 0xcd8014bd + Gonna remove kernel-4.19.90-2206.1.0.0153.oe1.x86_64 due to kabi check failed. + Rebuild rpm database succeed. + Remove package succeed: kernel-4.19.90-2206.1.0.0153.oe1.x86_64. + Restore the default boot kernel succeed: kernel-4.19.90-2112.8.0.0131.oe1.x86_64. + ``` + + - 使用`dnf upgrade-en`安装目标冷补丁,kabi检查通过 + + ```shell + [root@openEuler ~]# dnf upgrade-en kernel-4.19.90-2201.1.0.0132.oe1.x86_64 + Last metadata expiration check: 2:02:10 ago on 2023年12月29日 星期五 13时49分39秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Kabi check for kernel-4.19.90-2201.1.0.0132.oe1.x86_64: + [Success] Here are 81 loaded kernel modules in this system, 81 pass, 0 fail. + ``` + +- 使用`dnf upgrade-en` 进行全量修复 + +​ 全量修复如果包含目标kernel的升级,输出根据不同的kabi检查情况与`dnf upgrade-en PACKAGE`命令相同。 + +## 使用场景说明 + +本段落介绍上述命令的使用场景及顺序介绍,需要提前确认本机的热补丁repo源和相应冷补丁repo源已开启。 + +- 热补丁修复。 + +使用热补丁扫描命令查看本机待修复cve。 + +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-1 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-11 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +找到提供热补丁的相应cve,发现CVE-2021-1、CVE-2021-11、CVE-2021-2和CVE-2021-22可用热补丁修复。 + +在安装补丁前测试功能,基于redis.conf配置文件启动redis服务。 +```shell +[root@openEuler ~]# sudo redis-server ./redis.conf & +[1] 285075 +[root@openEuler ~]# 285076:C 25 Mar 2023 12:09:51.503 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo +285076:C 25 Mar 2023 12:09:51.503 # Redis version=255.255.255, bits=64, commit=00000000, modified=0, pid=285076, just started +285076:C 25 Mar 2023 12:09:51.503 # Configuration loaded +285076:M 25 Mar 2023 12:09:51.504 * Increased maximum number of open files to 10032 (it was originally set to 1024). +285076:M 25 Mar 2023 12:09:51.504 * monotonic clock: POSIX clock_gettime + _._ + _.-``__ ''-._ + _.-`` `. `_. ''-._ Redis 255.255.255 (00000000/0) 64 bit + .-`` .-```. ```\/ _.,_ ''-._ + ( ' , .-` | `, ) Running in standalone mode + |`-._`-...-` __...-.``-._|'` _.-'| Port: 6380 + | `-._ `._ / _.-' | PID: 285076 + `-._ `-._ `-./ _.-' _.-' + |`-._`-._ `-.__.-' _.-'_.-'| + | `-._`-._ _.-'_.-' | https://redis.io + `-._ `-._`-.__.-'_.-' _.-' + |`-._`-._ `-.__.-' _.-'_.-'| + | `-._`-._ _.-'_.-' | + `-._ `-._`-.__.-'_.-' _.-' + `-._ `-.__.-' _.-' + `-._ _.-' + `-.__.-' + +285076:M 25 Mar 2023 12:09:51.505 # Server initialized +285076:M 25 Mar 2023 12:09:51.505 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. +285076:M 25 Mar 2023 12:09:51.506 * Ready to accept connections + +``` + +安装前测试功能。 + +```shell +[root@openEuler ~]# telnet 127.0.0.1 6380 +Trying 127.0.0.1... +Connected to 127.0.0.1. +Escape character is '^]'. + +*100 + +-ERR Protocol error: expected '$', got ' ' +Connection closed by foreign host. +``` + +指定修复CVE-2021-1,确认关联到对应的热补丁包,显示安装成功。 +```shell +[root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-1.x86_64 +Last metadata expiration check: 0:01:39 ago on 2024年01月02日 星期二 20时16分45秒. +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-benchmark' +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-cli' +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-server' +Package patch-redis-6.2.5-1-ACC-1-1.x86_64 is already installed. +Dependencies resolved. +Nothing to do. +Complete! +``` + +使用dnf hotpatch --list确认该热补丁是否安装成功,确认Status为ACTIVED。 +```shell +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:04:43 ago on 2024年01月02日 星期二 20时16分45秒. +base-pkg/hotpatch status +redis-6.2.5-1/ACC-1-1/redis-benchmark ACTIVED +redis-6.2.5-1/ACC-1-1/redis-cli ACTIVED +redis-6.2.5-1/ACC-1-1/redis-server ACTIVED +``` + +确认该cve是否已被修复,由于CVE-2021-1所使用的热补丁包patch-redis-6.2.5-1-ACC-1-1.x86_64同样修复CVE-2021-11,CVE-2021-1和CVE-2021-11都不予显示。 +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:08:48 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-1076 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26607 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +激活后测试功能,对比激活前回显内容。 + +```shell +[root@openEuler ~]# telnet 127.0.0.1 6380 +Trying 127.0.0.1... +Connected to 127.0.0.1. +Escape character is '^]'. + +*100 + +-ERR Protocol error: unauthenticated multibulk length +Connection closed by foreign host. +``` + +使用dnf hotpatch --remove指定热补丁手动卸载。 +```shell +[root@openEuler ~]# dnf hotpatch --remove redis-6.2.5-1 +Last metadata expiration check: 0:11:52 ago on 2024年01月02日 星期二 20时16分45秒. +Gonna remove this hot patch: redis-6.2.5-1 +remove hot patch 'redis-6.2.5-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:12:00 ago on 2024年01月02日 星期二 20时16分45秒. +base-pkg/hotpatch status +redis-6.2.5-1/ACC-1-1/redis-benchmark NOT-APPLIED +redis-6.2.5-1/ACC-1-1/redis-cli NOT-APPLIED +redis-6.2.5-1/ACC-1-1/redis-server NOT-APPLIED +``` + +使用热补丁扫描命令查看本机待修复cve,确认CVE-2021-1和CVE-2021-11正常显示。 +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-1 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-11 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- 安装高版本ACC热补丁 + +指定安装热补丁包patch-redis-6.2.5-1-ACC-1-2.x86_64。 +```shell +[root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-2.x86_64 +Last metadata expiration check: 0:36:12 ago on 2024年01月02日 星期二 20时16分45秒. +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-benchmark' +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-cli' +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-server' +Package patch-redis-6.2.5-1-ACC-1-2.x86_64 is already installed. +Dependencies resolved. +Nothing to do. +Complete! +``` + +使用热补丁扫描命令查看本机待修复cve,由于patch-redis-6.2.5-1-ACC-1-2.x86_64比patch-redis-6.2.5-1-ACC-1-1.x86_64的热补丁版本高,低版本热补丁对应的CVE-2021-1和CVE-2021-11,以及高版本热补丁对应的CVE-2021-2和CVE-2021-22都被修复。 +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- 热补丁目标软件包版本大于本机安装版本 + +查看热补丁repo源中repodata目录下的xxx-updateinfo.xml.gz,确认文件中的CVE-2021-33、CVE-2021-3相关信息。 + +```xml + + openEuler-HotPatchSA-2023-3 + An update for mariadb is now available for openEuler-22.03-LTS + Important + openEuler + + + + + + patch-redis-6.2.5-2-ACC.(CVE-2021-3, CVE-2021-33) + + + openEuler + + patch-redis-6.2.5-2-ACC-1-1.aarch64.rpm + + + patch-redis-6.2.5-2-ACC-1-1.x86_64.rpm + + + + +``` +package中的name字段"patch-redis-6.2.5-2-ACC"的组成部分为:patch-源码包名-源码包version-源码包release-热补丁patch名,该热补丁包需要本机安装redis-6.2.5-2源码版本,检查本机redis安装版本。 + +```shell +[root@openEuler ~]# rpm -qa | grep redis +redis-6.2.5-1.x86_64 +``` +由于本机安装版本不匹配,大于本机安装版本,该热补丁包名不显示,以'-'显示。 +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- 热补丁目标软件包版本小于本机安装版本。 + +查看热补丁repo源中repodata目录下的xxx-updateinfo.xml.gz,确认文件中的CVE-2021-44、CVE-2021-4相关信息。 + +```xml + + openEuler-HotPatchSA-2023-4 + An update for mariadb is now available for openEuler-22.03-LTS + Important + openEuler + + + + + + patch-redis-6.2.4-1-ACC.(CVE-2021-44, CVE-2021-4) + + + openEuler + + patch-redis-6.2.4-1-ACC-1-1.aarch64.rpm + + + patch-redis-6.2.4-1-ACC-1-1.x86_64.rpm + + + + +``` + +package中的name字段"patch-redis-6.2.4-1-ACC"的组成部分为:patch-源码包名-源码包version-源码包release-热补丁patch名,该热补丁包需要本机安装redis-6.2.4-1源码版本,检查本机redis安装版本。 + +```shell +[root@openEuler ~]# rpm -qa | grep redis +redis-6.2.5-1.x86_64 +``` + +由于本机安装版本不匹配,小于本机安装版本,该CVE不予显示。 + +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + diff --git "a/docs/zh/docs/A-Ops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" "b/docs/zh/docs/A-Ops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..047c6f1bfe3e38c66d34285563d910f6f3bd07e1 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" differ diff --git a/docs/zh/docs/A-Ops/figures/chakanyuqi.png b/docs/zh/docs/A-Ops/figures/chakanyuqi.png new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and b/docs/zh/docs/A-Ops/figures/chakanyuqi.png differ diff --git a/docs/zh/docs/A-Ops/figures/chaxunshijipeizhi.png b/docs/zh/docs/A-Ops/figures/chaxunshijipeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and b/docs/zh/docs/A-Ops/figures/chaxunshijipeizhi.png differ diff --git a/docs/zh/docs/A-Ops/figures/chuangjianyewuyu.png b/docs/zh/docs/A-Ops/figures/chuangjianyewuyu.png new file mode 100644 index 0000000000000000000000000000000000000000..4f5b8de2d2c4ddb9bfdfba1ac17258a834561e2d Binary files /dev/null and b/docs/zh/docs/A-Ops/figures/chuangjianyewuyu.png differ diff --git "a/docs/zh/docs/A-Ops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" "b/docs/zh/docs/A-Ops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" new file mode 100644 index 0000000000000000000000000000000000000000..ab16e9d3661db3fd4adc6c605b2d2d08e79fdc1c Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/zh/docs/A-Ops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..c5a0768be63a98ef7ccc4a56996a8c715f7090af Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/zh/docs/A-Ops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f151965a21d11dd7a3e215cc4ef23d70d059f4b1 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git a/docs/zh/docs/A-Ops/figures/group.PNG b/docs/zh/docs/A-Ops/figures/group.PNG new file mode 100644 index 0000000000000000000000000000000000000000..584fd1f7195694a3419482cace2a71fa1cd9a3ec Binary files /dev/null and b/docs/zh/docs/A-Ops/figures/group.PNG differ diff --git a/docs/zh/docs/A-Ops/figures/shanchupeizhi.png b/docs/zh/docs/A-Ops/figures/shanchupeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and b/docs/zh/docs/A-Ops/figures/shanchupeizhi.png differ diff --git "a/docs/zh/docs/A-Ops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" "b/docs/zh/docs/A-Ops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..5823a116f384801e1197350f151b4d04ef519ac4 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/zh/docs/A-Ops/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbd0600fc5c913198dfe1e1bf2aba9c652576a98 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git a/docs/zh/docs/A-Ops/figures/tianjianode.png b/docs/zh/docs/A-Ops/figures/tianjianode.png new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and b/docs/zh/docs/A-Ops/figures/tianjianode.png differ diff --git a/docs/zh/docs/A-Ops/figures/xinzengpeizhi.png b/docs/zh/docs/A-Ops/figures/xinzengpeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and b/docs/zh/docs/A-Ops/figures/xinzengpeizhi.png differ diff --git a/docs/zh/docs/A-Ops/figures/zhuangtaichaxun.png b/docs/zh/docs/A-Ops/figures/zhuangtaichaxun.png new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and b/docs/zh/docs/A-Ops/figures/zhuangtaichaxun.png differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..bd179be46c9e711d7148ee44dc56f4a7a02f56bf Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..23ff4e5fddb87ac157b1002a70c47d9b4c76b873 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1a2b45e860914a1ac0cfb6908b02fb5cad4cbd60 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..89ac88e154275d4be8179d773e7093f2357f425f Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..57844f772853c541f7a1328b007a9b6ae4d5caf0 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5b4830b47897a0d51be28238a879a70b1de9ca3b Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..17fb5b13034e1fc5276c68583fed1952415b0b5f Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..458e023847bb2ad1f198f5a2dd1691748038137e Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa34bb909ee7c86a95126c13fa532ce93410a931 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..05859540cb88e11bd8dedaeb8e03253254574c40 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..f556e0e7e3c4096a89597cb08ba29133375aab07 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..801c7f917d717499c86708b419101be3773348ac Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..0719bb8c0b71d0503d5d3a7d8e9e83da71169c64 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..21c9468ce4378bcadf537e543c756cf7a1347499 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..9cfd080d1a658544c559e83429a14b35dc931fc6 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..7ca43b0a82b7c4dd3e43a5e46cf3b4a79d55d033 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..b9acfbcd7d8e3b2b551c8bb9700142dfba681afe Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..6bc8cc31e05d06dbd5ee4c0f62f281683db048da Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..3bf992f586f7fb4d87bc01cc29f961755a315c9d Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" new file mode 100644 index 0000000000000000000000000000000000000000..f73ccaf984e8ab55f8b78f7da5a570ce43685221 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..b183298d96b8ced8954852540c891310aeda05be Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8aa813bc228326b3e8db19e303e03507873a893 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..8ccebe84f60b21737414b2cb3f972472114a40c5 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..619cc6d42b646df3d9c4e601f40a6ec452712668 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..34b1d4095b8c017f3c66ebfb3c44d114bc8d6ca7 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/zh/docs/A-Ops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f5f8a3a95705145787e7aaf9c8d1fff404892240 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..b8f0a87e00d73961907167fcbe43d82b60caf445 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" new file mode 100644 index 0000000000000000000000000000000000000000..ce25657a0627e9dfc3dc9ebf323e086103c2ecdf Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..2f2e2e67a98a16e1ad464c794a8ef45ebb229d7f Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..94c9b65719050b79d2cdb9d1e8f67c459925cda7 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..7e4f0da4e88da6f18495a4fb23bd400d0da0a8da Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..1ee8f7bb2456efe6318074f46f5008da355a2cb1 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" new file mode 100644 index 0000000000000000000000000000000000000000..a916eebf306cca9ffa54f733143a0ac2c44313a4 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..31684136510cfe6248adf9b8cd086140ab5b26ef Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..df3991eb16d32d9f2296fbb36873ff26bc82fa18 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..c83daeeb5f8a4d9ab4f40e3debbe7a96f427ce74 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..5ab697c8f9c292097356a26140750f7f615c5d81 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" new file mode 100644 index 0000000000000000000000000000000000000000..4bde1fd7330491fda6f4ed73a2be2e8c0bfabc8d Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..2890e4934ba903324ea134d3ebee85307665270e Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..24f94c0a9ff05897b01786aa4bc8adfe4bc8db09 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" new file mode 100644 index 0000000000000000000000000000000000000000..8849a2fc81dbd14328c6c66c53033164a0b67b52 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" new file mode 100644 index 0000000000000000000000000000000000000000..e1e518157f8def332adfa5516b37fdb89768499c Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8c229bf41b27f1fe6629106957fd5e47851096d Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" differ diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and "b/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" differ diff --git a/docs/zh/docs/A-Ops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png b/docs/zh/docs/A-Ops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png new file mode 100644 index 0000000000000000000000000000000000000000..c810b26ad0c052960dfdf4bfd78e9224ce465318 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png differ diff --git "a/docs/zh/docs/A-Ops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" "b/docs/zh/docs/A-Ops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..790df6fd5781ca008124cff14635165a71abf126 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" differ diff --git a/docs/zh/docs/A-Ops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png b/docs/zh/docs/A-Ops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png new file mode 100644 index 0000000000000000000000000000000000000000..6ef6ef9bd126e6c2007389065bbecc1cfdd97f5b Binary files /dev/null and b/docs/zh/docs/A-Ops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png differ diff --git a/docs/zh/docs/A-Ops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png b/docs/zh/docs/A-Ops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png new file mode 100644 index 0000000000000000000000000000000000000000..a2a29d2e1b62f7df409e87d03f2525ba8355f77e Binary files /dev/null and b/docs/zh/docs/A-Ops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png differ diff --git a/docs/zh/docs/A-Ops/image/hotpatch-fix-pr.png b/docs/zh/docs/A-Ops/image/hotpatch-fix-pr.png new file mode 100644 index 0000000000000000000000000000000000000000..d10fd1ec44416f6b59cfd21cca8721d001f7ed19 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/hotpatch-fix-pr.png differ diff --git a/docs/zh/docs/A-Ops/image/hotpatch-pr-1.png b/docs/zh/docs/A-Ops/image/hotpatch-pr-1.png new file mode 100644 index 0000000000000000000000000000000000000000..1dc5269655c51b355d3cd89b71c6688fbb0d8d5d Binary files /dev/null and b/docs/zh/docs/A-Ops/image/hotpatch-pr-1.png differ diff --git a/docs/zh/docs/A-Ops/image/hotpatch-pr-success.png b/docs/zh/docs/A-Ops/image/hotpatch-pr-success.png new file mode 100644 index 0000000000000000000000000000000000000000..48ea807e03c0f8e6efbceacbbc583c6ac3b3c865 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/hotpatch-pr-success.png differ diff --git a/docs/zh/docs/A-Ops/image/hotpatch-pr.png b/docs/zh/docs/A-Ops/image/hotpatch-pr.png new file mode 100644 index 0000000000000000000000000000000000000000..159fd2b7bc76e002554722d1f0f12070a2bd2e19 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/hotpatch-pr.png differ diff --git a/docs/zh/docs/A-Ops/image/hotpatch-xml.PNG b/docs/zh/docs/A-Ops/image/hotpatch-xml.PNG new file mode 100644 index 0000000000000000000000000000000000000000..f1916620d3cc7b1c29059bcc5513fdc7ee94127b Binary files /dev/null and b/docs/zh/docs/A-Ops/image/hotpatch-xml.PNG differ diff --git a/docs/zh/docs/A-Ops/image/image-20230525193235084.png b/docs/zh/docs/A-Ops/image/image-20230525193235084.png new file mode 100644 index 0000000000000000000000000000000000000000..9850a11a0dcfeed69099635f3147a2230fe6faa5 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230525193235084.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230525193254541.png b/docs/zh/docs/A-Ops/image/image-20230525193254541.png new file mode 100644 index 0000000000000000000000000000000000000000..73bfbaa15a2584611ac06839965eca2869b89991 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230525193254541.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230527165206707.png b/docs/zh/docs/A-Ops/image/image-20230527165206707.png new file mode 100644 index 0000000000000000000000000000000000000000..7d7f0992fc048777340678974d38b3c193269385 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230527165206707.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230527165700642.png b/docs/zh/docs/A-Ops/image/image-20230527165700642.png new file mode 100644 index 0000000000000000000000000000000000000000..2c4500cb54ba0225704020160d72b4aaf265d3f7 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230527165700642.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230527165823568.png b/docs/zh/docs/A-Ops/image/image-20230527165823568.png new file mode 100644 index 0000000000000000000000000000000000000000..7b26b545bc7d37f09eca7736f30d2eb3a6062890 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230527165823568.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230527165845170.png b/docs/zh/docs/A-Ops/image/image-20230527165845170.png new file mode 100644 index 0000000000000000000000000000000000000000..9719210a961a18b639d56cbf88b8586370930b4c Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230527165845170.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230527165922876.png b/docs/zh/docs/A-Ops/image/image-20230527165922876.png new file mode 100644 index 0000000000000000000000000000000000000000..56ff3380d12b9c1002881eca98e32a49cc292b9a Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230527165922876.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230527170343909.png b/docs/zh/docs/A-Ops/image/image-20230527170343909.png new file mode 100644 index 0000000000000000000000000000000000000000..57c343360f278b2f67b77d37114a1f567a3ce63a Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230527170343909.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230607161425282.png b/docs/zh/docs/A-Ops/image/image-20230607161425282.png new file mode 100644 index 0000000000000000000000000000000000000000..d2fbca2a23e80edff661d05065987ede1cc7e8af Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230607161425282.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230607163358749.png b/docs/zh/docs/A-Ops/image/image-20230607163358749.png new file mode 100644 index 0000000000000000000000000000000000000000..191c36b65058ce8dea6bb2f1fe10a85b0177f2cf Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230607163358749.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230607172021782.png b/docs/zh/docs/A-Ops/image/image-20230607172021782.png new file mode 100644 index 0000000000000000000000000000000000000000..d25c3ebfb1aefe5d8f36b0b153afa64efd88dd63 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230607172021782.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230612113428096.png b/docs/zh/docs/A-Ops/image/image-20230612113428096.png new file mode 100644 index 0000000000000000000000000000000000000000..48b59b5e6cb4043703de96066c8d67e85eed4f16 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230612113428096.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230612113626330.png b/docs/zh/docs/A-Ops/image/image-20230612113626330.png new file mode 100644 index 0000000000000000000000000000000000000000..9d3621022deb02b267c3eb29315a7fe33c1f095e Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230612113626330.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230908163402743.png b/docs/zh/docs/A-Ops/image/image-20230908163402743.png new file mode 100644 index 0000000000000000000000000000000000000000..c17667178689c6384a039bf0f8025ea7eb360236 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230908163402743.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230908163914778.png b/docs/zh/docs/A-Ops/image/image-20230908163914778.png new file mode 100644 index 0000000000000000000000000000000000000000..a06c7e49b32286ceec9ff0e9a08f73a76c179daf Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230908163914778.png differ diff --git a/docs/zh/docs/A-Ops/image/image-20230908164216528.png b/docs/zh/docs/A-Ops/image/image-20230908164216528.png new file mode 100644 index 0000000000000000000000000000000000000000..15fbc694603837095244451d4f5d7e7af70789be Binary files /dev/null and b/docs/zh/docs/A-Ops/image/image-20230908164216528.png differ diff --git "a/docs/zh/docs/A-Ops/image/openEuler\344\273\223\350\257\204\350\256\272.png" "b/docs/zh/docs/A-Ops/image/openEuler\344\273\223\350\257\204\350\256\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..29223cbddc39f8fcc0b725a3ed83495709e05f78 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/openEuler\344\273\223\350\257\204\350\256\272.png" differ diff --git a/docs/zh/docs/A-Ops/image/patch-file.PNG b/docs/zh/docs/A-Ops/image/patch-file.PNG new file mode 100644 index 0000000000000000000000000000000000000000..f587a48c2be945beaadecf44a6d711da14be50c6 Binary files /dev/null and b/docs/zh/docs/A-Ops/image/patch-file.PNG differ diff --git "a/docs/zh/docs/A-Ops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" "b/docs/zh/docs/A-Ops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..ba3a44433117f0a23fc6048cd3b093fe6af7250c Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" "b/docs/zh/docs/A-Ops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" new file mode 100644 index 0000000000000000000000000000000000000000..2c2e2dd78242f538c21809614e917bef769256ba Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" "b/docs/zh/docs/A-Ops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..2914c3eef44bb3d3528686b44157a5f9276da9c6 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" new file mode 100644 index 0000000000000000000000000000000000000000..044be7ccd001ddc2bb69ba53b34f3c2a72511f39 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" new file mode 100644 index 0000000000000000000000000000000000000000..779c2fddcb02968358492e70f6aa9261be26fe48 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..d97fbd1fbb5a20b97ec88989f3c7a0776bb9cdc0 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..3acf2e93550e4962d0a5f927fd6fd0460a64b889 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..5b167be8a40762823223ccdd700d5b62f7e1aa38 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" new file mode 100644 index 0000000000000000000000000000000000000000..a96a4d229b54b301bbf4e7f7a2c41ea1e9faf43d Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..d77335d0097f7504f0c37dd8aca1691d9f1f0a23 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa74c2859588ff2a49d6341dd2a2ac6fe2049eac Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..404ac733fae66bda9ceac2d6c2fa18897c58dc70 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" differ diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..6d32e8874e8e5e7f7fb5c350fca0063da9a77176 Binary files /dev/null and "b/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" differ diff --git a/docs/zh/docs/A-Ops/overview.md b/docs/zh/docs/A-Ops/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..cd3fe77186fcd48076a6a4aefd9d43442d95194a --- /dev/null +++ b/docs/zh/docs/A-Ops/overview.md @@ -0,0 +1,3 @@ +# A-Ops用户指南 + +本文介绍A-Ops智能运维框架以及智能定位、配置溯源等服务的安装与使用方法,使用户能够快速了解并使用A-Ops。用户能够借由A-Ops降低系统集群的运维成本,实现系统故障快速定位、配置项统筹管理等功能。 diff --git "a/docs/zh/docs/A-Ops/\347\244\276\345\214\272\347\203\255\350\241\245\344\270\201\345\210\266\344\275\234\345\217\221\345\270\203\346\265\201\347\250\213.md" "b/docs/zh/docs/A-Ops/\347\244\276\345\214\272\347\203\255\350\241\245\344\270\201\345\210\266\344\275\234\345\217\221\345\270\203\346\265\201\347\250\213.md" new file mode 100644 index 0000000000000000000000000000000000000000..59859282976d14924055670d9596a925e4db0647 --- /dev/null +++ "b/docs/zh/docs/A-Ops/\347\244\276\345\214\272\347\203\255\350\241\245\344\270\201\345\210\266\344\275\234\345\217\221\345\270\203\346\265\201\347\250\213.md" @@ -0,0 +1,299 @@ + + +# 社区热补丁制作发布流程 + +## 制作内核态/用户态热补丁 + +> 热补丁仓库: + +### 场景1. 在src-openEuler/openEuler仓下评论pr制作新版本热补丁 + +> 制作内核态热补丁需在**openEuler/kernel**仓评论pr。 +> +> 制作用户态热补丁需在src-openEuler仓评论pr,现在支持**src-openEuler/openssl,src-openEuler/glibc,src-openEuler/systemd**。 + +##### 1. 在已合入pr下评论制作热补丁 + +- 从src-openeuler仓【支持openssl, glibc, systemd】评论已合入pr制作新版本热补丁。 +``` +/makehotpatch [软件包版本号] [ACC/SGL] [patch list] [cve/bugfix/feature] [issue id] [os_branch] +``` + +命令说明:使用多个patch用','分隔,需注意patch的先后顺序。 + +![image-20230629114903593](./image/src-openEuler仓评论.png) + +- 从openeuler仓【支持kernel】评论已合入pr制作新版本热补丁。 + +``` +/makehotpatch [软件包版本号] [ACC/SGL] [cve/bugfix/feature] [issue id] [os_branch] +``` + +![image-20230816105443658](./image/src-openEuler仓评论.png) + +评论后,门禁触发hotpatch_meta仓创建热补丁issue以及同步该pr。 + + + +##### 2. hotpatch_metadata仓自动创建热补丁issue、同步该pr + +pr评论区提示启动热补丁制作流程。 + +![image-20230816105627657](./image/启动热补丁工程流程.png) + +随后,hotpatch_meta仓自动创建热补丁issue,并在hotpatch_meta仓同步该pr。 + +> 热补丁issue用于跟踪热补丁制作流程。 +> +> hotpatch_meta仓用于触发制作热补丁。 + +![image-20230816105850831](./image/热补丁issue链接和pr链接.png) + +点击查看热补丁issue链接内容。 + + +![image-20230816110430216](./image/热补丁issue初始内容.png) + + + +点击查看在hotpatch_meta仓自动创建的pr。 + +![image-20230816110637492](./image/hotpatch-fix-pr.png) + +##### 3. 触发制作热补丁 + +打开hotpatch_meta仓自动创建的pr,评论区可以查看热补丁制作信息。 + +![image-20230816110919823](./image/热补丁pr触发流程.png) + +查看热补丁制作结果。 + +如果热补丁制作失败,可以根据相关日志信息、下载chroot环境自行修改patch进行调试,重新修改pr提交后或者评论 /retest直到热补丁可以被成功制作。 + +![image-20230816111330743](./image/热补丁pr制作失败.png) + +![image-20230816111452301](./image/热补丁pr的chroot环境.png) + +如果热补丁制作成功,可以通过Download link下载热补丁进行自验。 + +![image-20230816111007667](./image/热补丁pr制作结果.png) + +打开Download link链接。 + +![image-20230816112118423](./image/热补丁自验下载链接.png) + +进入Packages目录,可以下载制作成功的热补丁。 + +![image-20230816112420115](./image/热补丁自验包下载链接.png) + +**若热补丁制作成功,可以对热补丁进行审阅**。 + + + +### 场景2. 从hotpatch_meta仓提pr制作新版本热补丁 + +> hotpatch_meta仓地址:https://gitee.com/openeuler/hotpatch_meta + +##### 1. 提pr + +在hotpatch_metadata仓提pr。 + +(1)阅读readme,根据热补丁issue模版和元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml模板创建热补丁。 + +![image-20230817095228204](./image/热补丁仓提pr说明.png) + +pr内容: + +- patch文件。 +- 如果没有相应热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件,则手动创建;否则修改热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件。 + + + +##### 2. 触发制作热补丁 + +**若热补丁制作成功,可以对热补丁进行审阅**。 + + + +### 场景3. 从hotpatch_metadata仓提pr修改热补丁 + +> hotpatch_meta仓地址:https://gitee.com/openeuler/hotpatch_meta +> +> 从hotpatch_meta仓提pr只能修改还未正式发布的热补丁。 + +##### 1. 提pr + +在hotpatch_meta仓提pr。 + +(1)如果修改过程涉及元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml文件内容变动,请阅读readme,按照元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml模板进行修改。 + +![image-20230817095228204](./image/热补丁仓提pr说明.png) + +> 如果需要修改元数据文件中的热补丁issue字段内容,请确保添加的热补丁Issue已经存在。 +> 用户不允许修改热补丁元数据文件中已被正式发布的热补丁的相关内容。 + + + +pr内容: + +- patch文件。 +- 修改热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件。 + + + +##### 2. 触发制作热补丁 + +**若热补丁制作成功,可以对热补丁进行审阅**。 + + + + +## 审阅热补丁 + +##### 1. 审阅热补丁pr + +确认可发布,合入pr。 + +![image-20230816112957179](./image/同意合入pr.png) + +##### 2. pr合入,回填热补丁issue + +自动在热补丁issue页面补充热补丁路径,包含src.rpm/arm架构/x86架构的rpm包,以及对应hotpatch.xml,用于展示热补丁信息。 + +> 如果一个架构失败,强行合入,也可只发布单架构的包。 + +![image-20230816115813395](./image/热补丁issue回填.png) + +- 查看热补丁元数据内容。 + +> 热补丁元数据用于管理查看热补丁相关历史制作信息。 + +hotmetadata_ACC.xml格式示例: + +```xml + + + Managing Hot Patch Metadata + + + + 源码包下载路径(需要reealse正式路径) + x86_64架构debuginfo包下载路径(需要reealse正式路径) + aarch64架构debuginfo包下载路径(需要reealse正式路径) + 本次需要制作热补丁的patch包名1 + 本次需要制作热补丁的patch包名2 + ... + + + + 热补丁issue链接 + + + + +``` + +hotmetadata_SGL.xml格式示例: + +```xml + + + Managing Hot Patch Metadata + + + + 源码包下载路径(需要realse正式路径) + x86_64架构debuginfo包下载路径(需要reealse正式路径) + aarch64架构debuginfo包下载路径(需要reealse正式路径) + 本次需要制作热补丁的patch包名1 + 本次需要制作热补丁的patch包名2 + ... + + + + 热补丁issue链接 + + + + +``` + +> 注意:src_rpm的download_link均来自openeuler的repo仓下正式发布的rpm包。 + +![image-20230817100308392](./image/ACC的hotpatchmetadata文件示例.png) + +##### 3. 修改热补丁Issue + +- 将热补丁issue状态修改为”已完成“。 +- 为热补丁issue添加hotpatch标签。 + + + +## 发布热补丁 + +##### 1. 收集热补丁发布需求 + +在release-management仓库每周update需求收集的issue下方,手动评论start-update命令,此时会收集待发布的热补丁和待发布的修复cve的冷补丁。后台会在hotpatch_meta仓库根据hotpatch标签查找已完成的热补丁issue。 + +##### 2. 生成热补丁安全公告 + +社区根据收集到的热补丁issue信息,生成热补丁安全公告xml文件。 + +> 热补丁安全公告地址: + +- 在热补丁安全公告文件新增HotPatchTree字段,记录和公告相关漏洞的热补丁,每个补丁按架构和CVE字段区分(Type=ProductName 记录分支,Type=ProductArch 记录补丁具体的rpm包)。 + +![image-20230908163914778](./image/image-20230908163914778.png) + +##### 3. Majun平台上传文件到openEuler官网,同步生成updateinfo.xml文件 + +社区将生成的安全公告上传到openEuler官网,同时基于所收集的热补丁信息生成updateinfo.xml文件。 + +![image-20230908164216528](./image/image-20230908164216528.png) + +updateinfo.xml文件样例: + +```xml + + + + openEuler-HotPatchSA-2023-1001 + An update for kernel is now available for openEuler-22.03-LTS-SP3 + Important + openEuler + + + + + A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).(CVE-2023-3389) + + + openEuler + + patch-kernel-5.10.0-153.12.0.92.oe2203sp3-ACC-1-1.aarch64.rpm + + + patch-kernel-5.10.0-153.12.0.92.oe2203sp3-ACC-1-1.x86_64.rpm + + + + + +``` + + + +##### 4. openEuler官网可以查看更新的热补丁信息 + +> openEuler官网安全公告: + +以”HotpatchSA“关键词搜索热补丁安全公告,打开安全公告查看发布热补丁详细信息。 + +![image-20230908163402743](./image/image-20230908163402743.png) + + + +##### 5. 获取热补丁相关文件 + +社区将热补丁相关文件同步至openEuler的repo源下,可以在各个分支的hotpatch_update目录下获取相应文件。 +> openEuler的repo地址: diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png index db9b5ce8b6d211d54ea36930504cca415ddfb8ca..164276104a55cb161f4fc47f8728d90dd16746e1 100644 Binary files a/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png and b/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png differ diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png index 6db5a0793fe3068c7519d9a157abc856560e71b2..2637a96f0a4fdbfd4550ac13728ffcb68c8d6d5c 100644 Binary files a/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png and b/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png differ diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0245342444.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0245342444.png new file mode 100644 index 0000000000000000000000000000000000000000..10f0fceb42c00c80ef49decdc0c480eb04c2ca6d Binary files /dev/null and b/docs/zh/docs/A-Tune/figures/zh-cn_image_0245342444.png differ diff --git "a/docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" "b/docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" index 16fb03c38fec493ad37d1b96c318c2042c6a4a05..32beaa75c305259a590649a352e60ac5c48bef77 100644 --- "a/docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" +++ "b/docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" @@ -2,6 +2,7 @@ 用户可以通过命令行客户端atune-adm使用A-Tune提供的功能。本章介绍A-Tune客户端包含的功能和使用方法。 + - [使用方法](#使用方法) - [总体说明](#总体说明) - [查询负载类型](#查询负载类型) @@ -42,10 +43,6 @@ - define、update、undefine、collection、train、upgrade不支持远程执行。 - 命令格式中,\[ \] 表示参数可选,<\> 表示参数必选,具体参数由实际情况确定。 -- 命令格式中,各命令含义如下: - - WORKLOAD\_TYPE:用户自定义负载类型的名称,负载支持的类型参考list命令查询结果。 - - PROFILE\_NAME:用户自定义profile的名称 - - PROFILE\_PATH:用户自定义profile的路径 ## 查询负载类型 @@ -53,7 +50,7 @@ ### 功能描述 -查询系统当前支持的workload\_type和对应的profile,以及当前处于active状态的profile。 +查询系统当前支持的profile,以及当前处于active状态的profile。 ### 命令格式 @@ -62,35 +59,109 @@ ### 使用示例 ``` -# atune-adm list - -Support WorkloadTypes: -+-----------------------------------+------------------------+-----------+ -| WorkloadType | ProfileName | Active | -+===================================+========================+===========+ -| default | default | true | -+-----------------------------------+------------------------+-----------+ -| webserver | ssl_webserver | false | -+-----------------------------------+------------------------+-----------+ -| big_database | database | false | -+-----------------------------------+------------------------+-----------+ -| big_data | big_data | false | -+-----------------------------------+------------------------+-----------+ -| in-memory_computing | in-memory_computing | false | -+-----------------------------------+------------------------+-----------+ -| in-memory_database | in-memory_database | false | -+-----------------------------------+------------------------+-----------+ -| single_computer_intensive_jobs | compute-intensive | false | -+-----------------------------------+------------------------+-----------+ -| communication | rpc_communication | false | -+-----------------------------------+------------------------+-----------+ -| idle | default | false | -+-----------------------------------+------------------------+-----------+ +# atune-adm list + +Support profiles: ++------------------------------------------------+-----------+ +| ProfileName | Active | ++================================================+===========+ +| arm-native-android-container-robox | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-fio | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-lmbench | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-netperf | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-stream | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-unixbench | false | ++------------------------------------------------+-----------+ +| basic-test-suite-speccpu-speccpu2006 | false | ++------------------------------------------------+-----------+ +| basic-test-suite-specjbb-specjbb2015 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-hdfs-dfsio-hdd | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-hdfs-dfsio-ssd | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-bayesian | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-kmeans | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql1 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql10 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql2 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql3 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql4 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql5 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql6 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql7 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql8 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql9 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-tersort | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-wordcount | false | ++------------------------------------------------+-----------+ +| cloud-compute-kvm-host | false | ++------------------------------------------------+-----------+ +| database-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| database-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| database-mongodb-2p-sysbench | false | ++------------------------------------------------+-----------+ +| database-mysql-2p-sysbench-hdd | false | ++------------------------------------------------+-----------+ +| database-mysql-2p-sysbench-ssd | false | ++------------------------------------------------+-----------+ +| database-postgresql-2p-sysbench-hdd | false | ++------------------------------------------------+-----------+ +| database-postgresql-2p-sysbench-ssd | false | ++------------------------------------------------+-----------+ +| default-default | false | ++------------------------------------------------+-----------+ +| docker-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| docker-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| hpc-gatk4-human-genome | false | ++------------------------------------------------+-----------+ +| in-memory-database-redis-redis-benchmark | false | ++------------------------------------------------+-----------+ +| middleware-dubbo-dubbo-benchmark | false | ++------------------------------------------------+-----------+ +| storage-ceph-vdbench-hdd | false | ++------------------------------------------------+-----------+ +| storage-ceph-vdbench-ssd | false | ++------------------------------------------------+-----------+ +| virtualization-consumer-cloud-olc | false | ++------------------------------------------------+-----------+ +| virtualization-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| virtualization-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| web-apache-traffic-server-spirent-pingpo | false | ++------------------------------------------------+-----------+ +| web-nginx-http-long-connection | true | ++------------------------------------------------+-----------+ +| web-nginx-https-short-connection | false | ++------------------------------------------------+-----------+ ``` >![](./public_sys-resources/icon-note.gif) **说明:** ->Active为true表示当前激活的profile,示例表示当前激活的是default类型对应的profile。 +>Active为true表示当前激活的profile,示例表示当前激活的profile是web-nginx-http-long-connection。 ## 分析负载类型并自优化 ### analysis @@ -108,6 +179,7 @@ Support WorkloadTypes: - OPTIONS +

Value of Type

Description

@@ -481,10 +504,10 @@ In the XML configuration of libvirt, each controller element \(**controller**\)

The address type is storage device address, indicating the owning disk controller and its position on the bus.

controller: the number of the owning controller.

+

controller: number of the owning controller.

bus: channel number of the device output.

target: target number of the storage device.

-

unit: lun number of the storage device.

+

unit: LUN number of the storage device.
+ + +

参数

描述

@@ -119,19 +191,30 @@ Support WorkloadTypes:

用户自训练产生的新模型

--characterization, -c

+

使用默认的模型进行应用识别,不进行自动优化

+
### 使用示例 -- 使用默认的模型进行分类识别 +- 使用默认的模型进行应用识别 ``` - # atune-adm analysis + # atune-adm analysis --characterization ``` -- 使用自训练的模型进行识别 +- 使用默认的模型进行应用识别,并进行自动优化 + + ``` + # atune-adm analysis + ``` + +- 使用自训练的模型进行应用识别 ``` # atune-adm analysis --model /usr/libexec/atuned/analysis/models/new-model.m @@ -142,8 +225,8 @@ Support WorkloadTypes: A-Tune支持用户定义并学习新模型。定义新模型的操作流程如下: -1. 用define命令定义workload\_type和profile -2. 用collection命令收集workload\_type对应的画像数据 +1. 用define命令定义一个新应用的profile +2. 用collection命令收集应用对应的系统数据 3. 用train命令训练得到模型 @@ -152,49 +235,47 @@ A-Tune支持用户定义并学习新模型。定义新模型的操作流程如 ### 功能描述 -添加用户自定义的workload\_type,及对应的profile优化项。 +添加用户自定义的应用场景,及对应的profile优化项。 ### 命令格式 -**atune-adm define** +**atune-adm define** ### 使用示例 -新增一个workload type,workload type的名称为test\_type,profile name的名称为test\_name,优化项的配置文件为example.conf。 +新增一个profile,service_type的名称为test_service,application_name的名称为test_app,scenario_name的名称为test_scenario,优化项的配置文件为example.conf。 ``` -# atune-adm define test_type test_name ./example.conf +# atune-adm define test_service test_app test_scenario ./example.conf ``` example.conf 可以参考如下方式书写(以下各优化项非必填,仅供参考),也可通过**atune-adm info**查看已有的profile是如何书写的。 ``` -[main] -# list its parent profile -[tip] -# the recommended optimization, which should be performed manunaly -[check] -# check the environment -[affinity.irq] -# to change the affinity of irqs -[affinity.task] -# to change the affinity of tasks -[bios] -# to change the bios config -[bootloader.grub2] -# to change the grub2 config -[kernel_config] -# to change the kernel config -[script] -# the script extention of cpi -[sysctl] -# to change the /proc/sys/* config -[sysfs] -# to change the /sys/* config -[systemctl] -# to change the system service config -[ulimit] -# to change the resources limit of user + [main] + # list its parent profile + [kernel_config] + # to change the kernel config + [bios] + # to change the bios config + [bootloader.grub2] + # to change the grub2 config + [sysfs] + # to change the /sys/* config + [systemctl] + # to change the system service status + [sysctl] + # to change the /proc/sys/* config + [script] + # the script extention of cpi + [ulimit] + # to change the resources limit of user + [schedule_policy] + # to change the schedule policy + [check] + # check the environment + [tip] + # the recommended optimization, which should be performed manunaly ``` ### collection @@ -242,9 +323,9 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅

业务运行时使用的网络接口,如eth0

--workload_type, -t

+

--app_type, -t

标记业务的负载类型,作为训练时使用的标签

+

标记业务的应用类型,作为训练时使用的标签

--duration, -d

@@ -264,14 +345,14 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅 ### 使用示例 ``` -# atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --workload_type test_type +# atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --app_type test_type ``` ### train ### 功能描述 -使用采集的数据进行模型的训练。训练时至少采集两种workload\_type的数据,否则训练会出错。 +使用采集的数据进行模型的训练。训练时至少采集两种应用类型的数据,否则训练会出错。 ### 命令格式 @@ -314,18 +395,18 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅 ### 功能描述 -删除用户自定义的workload\_type。 +删除用户自定义的profile。 ### 命令格式 -**atune-adm undefine** +**atune-adm undefine** ### 使用示例 -删除自定义的负载类型test\_type。 +删除自定义的profile。 ``` -# atune-adm undefine test_type +# atune-adm undefine test_service-test_app-test_scenario ``` ## 查询profile @@ -334,26 +415,26 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅 ### 功能描述 -查看workload\_type对应的profile内容。 +查看对应的profile内容。 ### 命令格式 -**atune-adm info** _ +**atune-adm info** ### 使用示例 -查看webserver的profile内容: +查看web-nginx-http-long-connection的profile内容: ``` -# atune-adm info webserver +# atune-adm info web-nginx-http-long-connection -*** ssl_webserver: +*** web-nginx-http-long-connection: # -# webserver tuned configuration +# nginx http long connection A-Tune configuration # [main] -#TODO CONFIG +include = default-default [kernel_config] #TODO CONFIG @@ -361,11 +442,18 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅 [bios] #TODO CONFIG +[bootloader.grub2] +iommu.passthrough = 1 + [sysfs] #TODO CONFIG +[systemctl] +sysmonitor = stop +irqbalance = stop + [sysctl] -fs.file-max=6553600 +fs.file-max = 6553600 fs.suid_dumpable = 1 fs.aio-max-nr = 1048576 kernel.shmmax = 68719476736 @@ -393,36 +481,23 @@ net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 -[systemctl] -sysmonitor=stop -irqbalance=stop - -[bootloader.grub2] -selinux=0 -iommu.passthrough=1 - -[tip] -bind your master process to the CPU near the network = affinity -bind your network interrupt to the CPU that has this network = affinity -relogin into the system to enable limits setting = OS - [script] -openssl_hpre = 0 prefetch = off +ethtool = -X {network} hfunc toeplitz [ulimit] {user}.hard.nofile = 102400 {user}.soft.nofile = 102400 -[affinity.task] -#TODO CONFIG - -[affinity.irq] +[schedule_policy] #TODO CONFIG [check] #TODO CONFIG +[tip] +SELinux provides extra control and security features to linux kernel. Disabling SELinux will improve the performance but may cause security risks. = kernel +disable the nginx log = application ``` ## 更新profile @@ -432,18 +507,18 @@ prefetch = off ### 功能描述 -将workload\_type原来的优化项更新为new.conf中的内容。 +将已有profile中原来的优化项更新为new.conf中的内容。 ### 命令格式 -**atune-adm update** +**atune-adm update** ### 使用示例 -更新负载类型为test\_type,优化项名称为test\_name的优化项为new.conf。 +更新名为test_service-test_app-test_scenario的profile优化项为new.conf。 ``` -# atune-adm update test_type test_name ./new.conf +# atune-adm update test_service-test_app-test_scenario ./new.conf ``` ## 激活profile @@ -451,22 +526,22 @@ prefetch = off ### 功能描述 -手动激活workload\_type对应的profile,使得workload\_type处于active状态。 +手动激活profile,使其处于active状态。 ### 命令格式 -**atune-adm profile **_<_WORKLOAD\_TYPE_\>_ +**atune-adm profile** ### 参数说明 -WORKLOAD\_TYPE支持的类型参考list命令查询结果。 +profile名参考list命令查询结果。 ### 使用示例 -激活webserver对应的profile配置。 +激活web-nginx-http-long-connection对应的profile配置。 ``` -# atune-adm profile webserver +# atune-adm profile web-nginx-http-long-connection ``` ## 回滚profile @@ -558,8 +633,8 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数 >![](./public_sys-resources/icon-note.gif) **说明:** >在运行命令前,需要满足如下条件: ->1. 编辑好服务端yaml配置文件,且需要服务端管理员将该配置文件放到服务端的/etc/atuned/tuning/目录下。 ->2. 编辑好客户端yaml配置文件并放在客户端任一目录。 +>1. 服务端的yaml配置文件已经编辑完成并放置于 atuned服务下的/etc/atuned/tuning/目录中。 +>2. 客户端的yaml配置文件已经编辑完成并放置于atuned客户端任意目录下。 **atune-adm tuning** \[OPTIONS\] @@ -568,6 +643,7 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数 - OPTIONS + + + + + + +

参数

描述

@@ -584,11 +660,22 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数

指定需要恢复的yaml文件中的项目名称

--restart, -c

+

基于历史调优结果进行调优

+

--detail, -d

+

打印tuning过程的详细信息

+
- + + >![](./public_sys-resources/icon-note.gif) **说明:** - >当使用参数时,上述两个参数需要同时使用,且-p参数后需要跟具体的项目名称。 + >当使用参数时,-p参数后需要跟具体的项目名称且必须指定该项目yaml文件。 - PROJECT\_YAML:客户端yaml配置文件。 @@ -660,6 +747,7 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数 **表 2** object项配置说明 + - - - - - - - - @@ -769,21 +857,15 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数 - - - - -

配置名称

配置说明

@@ -726,36 +814,36 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数

dtype

该参数仅在type为discrete类型时配置,目前支持int和string两种类型

+

该参数仅在type为discrete类型时配置,目前支持int, float, string类型

枚举

int, string

+

int, float, string

scope

参数设置范围,仅在type为discrete且dtype为int时或者type为continuous时生效

+

参数设置范围,仅在type为discrete且dtype为int或float时或者type为continuous时生效

整型

+

整型/浮点型

用户自定义,取值在该参数的合法范围

step

参数值步长,dtype为int时使用

+

参数值步长,dtype为int或float时使用

整型

+

整型/浮点型

用户自定义

items

参数值在scope定义范围之外的枚举值,dtype为int时使用

+

参数值在scope定义范围之外的枚举值,dtype为int或float时使用

整型

+

整型/浮点型

用户自定义,取值在该参数的合法范围

用户自定义,取值在该参数的合法范围

ref

-

参数的推荐初始值

-

整型或字符串

-

用户自定义,取值在该参数的合法范围

-
+ + **表 3** 客户端yaml文件配置说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

配置名称

配置说明

@@ -803,6 +885,15 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数

-

engine

+

调优算法

+

字符串

+

"random", "forest", "gbrt", "bayes", "extraTrees"

+

iterations

调优迭代次数

@@ -812,6 +903,51 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数

>=10

random_starts

+

随机迭代次数

+

整型

+

<iterations

+

feature_filter_engine

+

参数搜索算法,用于重要参数选择,该参数可选

+

字符串

+

"lhs"

+

feature_filter_cycle

+

参数搜索轮数,用于重要参数选择,该参数配合feature_filter_engine使用

+

整型

+

-

+

feature_filter_iters

+

每轮参数搜索的迭代次数,用于重要参数选择,该参数配合feature_filter_engine使用

+

整型

+

-

+

split_count

+

调优参数取值范围中均匀选取的参数个数,用于重要参数选择,该参数配合feature_filter_engine使用

+

整型

+

-

+

benchmark

性能测试脚本

@@ -834,9 +970,12 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数
+ + **表 4** evaluations项配置说明 + - - @@ -72,108 +72,613 @@ A-Tune支持的主要特性、特性成熟度以及使用建议请参见[表1](#

配置名称

配置说明

@@ -900,102 +1039,60 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数 服务端yaml文件配置示例: ``` -project: "example" -maxiterations: 10 +project: "compress" +maxiterations: 500 startworkload: "" stopworkload: "" object : - - name : "vm.swappiness" + name : "compressLevel" info : - desc : "the vm.swappiness" - get : "sysctl -a | grep vm.swappiness" - set : "sysctl -w vm.swappiness=$value" - needrestart: "false" + desc : "The compresslevel parameter is an integer from 1 to 9 controlling the level of compression" + get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressLevel=' | awk -F '=' '{print $2}'" + set : "sed -i 's/compressLevel=\\s*[0-9]*/compressLevel=$value/g' /root/A-Tune/examples/tuning/compress/compress.py" + needrestart : "false" type : "continuous" scope : - - 0 - - 10 - ref : 1 - - - name : "irqbalance" - info : - desc : "system irqbalance" - get : "systemctl status irqbalance" - set : "systemctl $value sysmonitor;systemctl $value irqbalance" - needrestart: "false" - type : "discrete" - options: - - "start" - - "stop" - dtype : "string" - ref : "start" - - - name : "net.tcp_min_tso_segs" - info : - desc : "the minimum tso number" - get : "cat /proc/sys/net/ipv4/tcp_min_tso_segs" - set : "echo $value > /proc/sys/net/ipv4/tcp_min_tso_segs" - needrestart: "false" - type : "continuous" - scope: - 1 - - 16 - ref : 2 + - 9 + dtype : "int" - - name : "prefetcher" + name : "compressMethod" info : - desc : "" - get : "cat /sys/class/misc/prefetch/policy" - set : "echo $value > /sys/class/misc/prefetch/policy" - needrestart: "false" + desc : "The compressMethod parameter is a string controlling the compression method" + get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressMethod=' | awk -F '=' '{print $2}' | sed 's/\"//g'" + set : "sed -i 's/compressMethod=\\s*[0-9,a-z,\"]*/compressMethod=\"$value\"/g' /root/A-Tune/examples/tuning/compress/compress.py" + needrestart : "false" type : "discrete" - options: - - "0" - - "15" + options : + - "bz2" + - "zlib" + - "gzip" dtype : "string" - ref : "15" - - - name : "kernel.sched_min_granularity_ns" - info : - desc : "Minimal preemption granularity for CPU-bound tasks" - get : "sysctl kernel.sched_min_granularity_ns" - set : "sysctl -w kernel.sched_min_granularity_ns=$value" - needrestart: "false" - type : "continuous" - scope: - - 5000000 - - 50000000 - ref : 10000000 - - - name : "kernel.sched_latency_ns" - info : - desc : "" - get : "sysctl kernel.sched_latency_ns" - set : "sysctl -w kernel.sched_latency_ns=$value" - needrestart: "false" - type : "continuous" - scope: - - 10000000 - - 100000000 - ref : 16000000 - ``` 客户端yaml文件配置示例: ``` -project: "example" -iterations : 10 -benchmark : "sh /home/Benchmarks/mysql/tunning_mysql.sh" +project: "compress" +engine : "gbrt" +iterations : 20 +random_starts : 10 + +benchmark : "python3 /root/A-Tune/examples/tuning/compress/compress.py" evaluations : - - name: "tps" + name: "time" + info: + get: "echo '$out' | grep 'time' | awk '{print $3}'" + type: "positive" + weight: 20 + - + name: "compress_ratio" info: - get: "echo -e '$out' |grep 'transactions:' |awk '{print $3}' | cut -c 2-" + get: "echo '$out' | grep 'compress_ratio' | awk '{print $3}'" type: "negative" - weight: 100 - threshold: 100 + weight: 80 ``` ### 使用示例 @@ -1003,13 +1100,13 @@ evaluations : - 进行tuning调优 ``` - # atune-adm tuning example-client.yaml + # atune-adm tuning --project compress --detail compress_client.yaml ``` -- 恢复tuning调优前的初始配置,example为yaml文件中的项目名称 +- 恢复tuning调优前的初始配置,compress为yaml文件中的项目名称 ``` - # atune-adm tuning --restore --project example + # atune-adm tuning --restore --project compress ``` diff --git "a/docs/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" "b/docs/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" index c1591cf19afdf16062a421443104e1fbdc49ba7d..348844b3f0ecf1637af075573c854dc15b1eee95 100644 --- "a/docs/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" +++ "b/docs/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" @@ -2,16 +2,18 @@ 本章介绍如何安装和部署A-Tune。 + - [安装与部署](#安装与部署) - [软硬件要求](#软硬件要求) - [环境准备](#环境准备) - - [安装A-Tune](#安装A-Tune) + - [安装A-Tune](#安装a-tune) - [安装模式介绍](#安装模式介绍) - [安装操作](#安装操作) - - [部署A-Tune](#部署A-Tune) + - [部署A-Tune](#部署a-tune) - [配置介绍](#配置介绍) - - [启动A-Tune](#启动A-Tune) - + - [启动A-Tune](#启动a-tune) + - [启动A-Tune engine](#启动a-tune-engine) + ## 软硬件要求 @@ -21,17 +23,17 @@ ### 软件要求 -- 操作系统:openEuler 20.03 LTS +- 操作系统:openEuler 20.03 LTS SP4 ## 环境准备 -- 安装openEuler系统,安装方法参考《openEuler 20.03 LTS 安装指南》。 +- 安装openEuler系统,安装方法参考《[openEuler 20.03 LTS SP4 安装指南](./../Installation/installation.md)》。 - 安装A-Tune需要使用root权限。 ## 安装A-Tune -本章介绍A-Tune的安装模式和安装方法。 +本节介绍A-Tune的安装模式和安装方法。 ### 安装模式介绍 A-Tune支持单机模式和分布式模式安装: @@ -56,7 +58,7 @@ A-Tune支持单机模式和分布式模式安装: 1. 挂载openEuler的iso文件。 ``` - # mount openEuler-20.03-LTS-aarch64-dvd.iso /mnt + # mount openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt ``` 2. 配置本地yum源。 @@ -82,16 +84,18 @@ A-Tune支持单机模式和分布式模式安装: ``` -4. 安装A-Tune服务端。 +4. 安装A-Tune服务端。 >![](./public_sys-resources/icon-note.gif) **说明:** >本步骤会同时安装服务端和客户端软件包,对于单机部署模式,请跳过**步骤5**。 ``` # yum install atune -y + # yum install atune-engine -y ``` -5. 若为分布式部署,请安装A-Tune客户端。 +5. 若为分布式部署,请在客户端安装atune-client。 + ``` # yum install atune-client -y @@ -104,26 +108,48 @@ A-Tune支持单机模式和分布式模式安装: atune-client-xxx atune-db-xxx atune-xxx + atune-engine-xxx ``` ## 部署A-Tune -本章介绍A-Tune的配置部署。 +本节介绍A-Tune的配置部署。 ### 配置介绍 A-Tune配置文件/etc/atuned/atuned.cnf的配置项说明如下: -- A-Tune服务启动配置 +- A-Tune服务启动配置 可根据需要进行修改。 - - protocol:系统grpc服务使用的协议,unix或tcp,unix为本地socket通信方式,tcp为socket监听端口方式。默认为unix。 - - - address:系统grpc服务的侦听地址,默认为unix socket,若为分布式部署,需修改为侦听的ip地址。 - - port:系统grpc服务的侦听端口,范围为0\~65535未使用的端口。如果protocol配置是unix,则不需要配置。 - - rest\_port:系统restservice的侦听端口, 范围为0\~65535未使用的端口。 - - sample\_num:系统执行analysis流程时采集样本的数量。 + - protocol:系统gRPC服务使用的协议,unix或tcp,unix为本地socket通信方式,tcp为socket监听端口方式。默认为unix。 + - address:系统gRPC服务的侦听地址,默认为unix socket,若为分布式部署,需修改为侦听的ip地址。 + - port:系统gRPC服务的侦听端口,范围为0\~65535未使用的端口。如果protocol配置是unix,则不需要配置。 + - connect:若为集群部署时,A-Tune所在节点的ip列表,ip地址以逗号分隔。 + - rest_host:系统rest service的侦听地址,默认为localhost。 + - rest_port:系统rest service的侦听端口,范围为0~65535未使用的端口,默认为8383。 + - engine_host:与系统atune engine service连接的地址。 + - engine_port:与系统atune engine service连接的端口。 + - sample_num:系统执行analysis流程时采集样本的数量,默认为20。 + - interval:系统执行analysis流程时采集样本的间隔时间,默认为5s。 + - grpc_tls:系统gRPC的SSL/TLS证书校验开关,默认不开启。开启grpc_tls后,atune-adm命令在使用前需要设置以下环境变量方可与服务端进行通讯: + - export ATUNE_TLS=yes + - export ATUNED_CACERT=<客户端CA证书路径> + - export ATUNED_CLIENTCERT=<客户端证书路径> + - export ATUNED_CLIENTKEY=<客户端密钥路径> + - export ATUNED_SERVERCN=server + - tlsservercafile:gRPC服务端CA证书路径。 + - tlsservercertfile:gRPC服务端证书路径。 + - tlsserverkeyfile:gRPC服务端密钥路径。 + - rest_tls:系统rest service的SSL/TLS证书校验开关,默认开启。 + - tlsrestcacertfile:系统rest service的服务端CA证书路径。 + - tlsrestservercertfile:系统rest service的服务端证书路径。 + - tlsrestserverkeyfile:系统rest service的服务端密钥路径。 + - engine_tls:系统atune engine service的SSL/TLS证书校验开关,默认开启。 + - tlsenginecacertfile:系统atune engine service的客户端CA证书路径。 + - tlsengineclientcertfile:系统atune engine service的客户端证书路径。 + - tlsengineclientkeyfile:系统atune engine service的客户端密钥路径。 - system信息 @@ -131,84 +157,158 @@ A-Tune配置文件/etc/atuned/atuned.cnf的配置项说明如下: - disk:执行analysis流程时需要采集的对应磁盘的信息或执行磁盘相关优化时需要指定的磁盘。 - network:执行analysis时需要采集的对应的网卡的信息或执行网卡相关优化时需要指定的网卡。 + - user:执行ulimit相关优化时用到的用户名。目前只支持root用户。 - - tls:开启A-Tune的gRPC和http服务SSL/TLS证书校验,默认不开启。开启TLS后atune-adm命令在使用前需要设置以下环境变量方可与服务端进行通讯: - - export ATUNE\_TLS=yes - - export ATUNE\_CLICERT=<客户端证书路径\> - - - tlsservercertfile:gPRC服务端证书路径。 - - tlsserverkeyfile:gPRC服务端秘钥路径。 - - tlshttpcertfile:http服务端证书路径。 - - tlshttpkeyfile:http服务端秘钥路径。 - - tlshttpcacertfile:http服务端CA证书路径。 - + - 日志信息 - 根据情况修改日志的路径和级别,默认的日志信息在/var/log/messages中。 + 根据情况修改日志的级别,默认为info级别,日志信息打印在/var/log/messages中。 - monitor信息 为系统启动时默认采集的系统硬件信息。 + +- tuning信息 + + tuning为系统进行离线调优时需要用到的参数信息。 + + - noise:高斯噪声的评估值。 + - sel_feature:控制离线调优参数重要性排名输出的开关,默认关闭。 + + +### 配置示例 + +``` +#################################### server ############################### + # atuned config + [server] + # the protocol grpc server running on + # ranges: unix or tcp + protocol = unix + + # the address that the grpc server to bind to + # default is unix socket /var/run/atuned/atuned.sock + # ranges: /var/run/atuned/atuned.sock or ip address + address = /var/run/atuned/atuned.sock + + # the atune nodes in cluster mode, separated by commas + # it is valid when protocol is tcp + # connect = ip01,ip02,ip03 + + # the atuned grpc listening port + # the port can be set between 0 to 65535 which not be used + # port = 60001 + + # the rest service listening port, default is 8383 + # the port can be set between 0 to 65535 which not be used + rest_host = localhost + rest_port = 8383 + + # the tuning optimizer host and port, start by engine.service + # if engine_host is same as rest_host, two ports cannot be same + # the port can be set between 0 to 65535 which not be used + engine_host = localhost + engine_port = 3838 + + # when run analysis command, the numbers of collected data. + # default is 20 + sample_num = 20 + + # interval for collecting data, default is 5s + interval = 5 + + # enable gRPC authentication SSL/TLS + # default is false + # grpc_tls = false + # tlsservercafile = /etc/atuned/grpc_certs/ca.crt + # tlsservercertfile = /etc/atuned/grpc_certs/server.crt + # tlsserverkeyfile = /etc/atuned/grpc_certs/server.key + + # enable rest server authentication SSL/TLS + # default is true + rest_tls = true + tlsrestcacertfile = /etc/atuned/rest_certs/ca.crt + tlsrestservercertfile = /etc/atuned/rest_certs/server.crt + tlsrestserverkeyfile = /etc/atuned/rest_certs/server.key + + # enable engine server authentication SSL/TLS + # default is true + engine_tls = true + tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt + tlsengineclientcertfile = /etc/atuned/engine_certs/client.crt + tlsengineclientkeyfile = /etc/atuned/engine_certs/client.key + + + #################################### log ############################### + [log] + # either "debug", "info", "warn", "error", "critical", default is "info" + level = info + + #################################### monitor ############################### + [monitor] + # with the module and format of the MPI, the format is {module}_{purpose} + # the module is Either "mem", "net", "cpu", "storage" + # the purpose is "topo" + module = mem_topo, cpu_topo + + #################################### system ############################### + # you can add arbitrary key-value here, just like key = value + # you can use the key in the profile + [system] + # the disk to be analysis + disk = sda + + # the network to be analysis + network = enp189s0f0 + + user = root + + #################################### tuning ############################### + # tuning configs + [tuning] + noise = 0.000000001 + sel_feature = false +``` +A-Tune engine配置文件/etc/atuned/engine.cnf的配置项说明如下: + +- A-Tune engine服务启动配置 + + 可根据需要进行修改。 + + - engine_host:系统atune engine service的监听地址,默认为localhost。 + - engine_port:系统atune engine service的监听端口,范围为0~65535未使用的端口,默认为3838。 + - engine_tls:系统atune engine service的SSL/TLS证书校验开关,默认开启。 + - tlsenginecacertfile:系统atune engine service的服务端CA证书路径。 + - tlsengineservercertfile:系统atune engine service的服务端证书路径 + - tlsengineserverkeyfile:系统atune engine service的服务端密钥路径。 + +- 日志信息 + + 根据情况修改日志的级别,默认为info级别,日志信息打印在/var/log/messages中。 ### 配置示例 ``` -##################################### server ############################### -# atuned config -[server] -# the protocol grpc server running on -# ranges: unix or tcp -protocol = unix - -# the address that the grpc server to bind to -# default is unix socket /var/run/atuned/atuned.sock -# ranges: /var/run/atuned/atuned.sock or ip -address = /var/run/atuned/atuned.sock - -# the atuned grpc listening port, default is 60001 -# the port can be set between 0 to 65535 which not be used -port = 60001 - -# the rest service listening port, default is 8383 -# the port can be set between 0 to 65535 which not be used -rest_port = 8383 - -# when run analysis command, the numbers of collected data. -# default is 20 -sample_num = 20 - -# Enable gRPC and http server authentication SSL/TLS -# default is false -# tls = true -# tlsservercertfile = /etc/atuned/server.pem -# tlsserverkeyfile = /etc/atuned/server.key -# tlshttpcertfile = /etc/atuned/http/server.pem -# tlshttpkeyfile = /etc/atuned/http/server.key -# tlshttpcacertfile = /etc/atuned/http/cacert.pem - -##################################### log ############################### -# Either "debug", "info", "warn", "error", "critical", default is "info" -level = info - -##################################### monitor ############################### -[monitor] -# With the module and format of the MPI, the format is {module}_{purpose} -# The module is Either "mem", "net", "cpu", "storage" -# The purpose is "topo" -module = mem_topo, cpu_topo - -##################################### system ############################### -# you can add arbitrary key-value here, just like key = value -# you can use the key in the profile -[system] -# the disk to be analysis -disk = sda - -# the network to be analysis -network = enp189s0f0 - -user = root + #################################### engine ############################### + [server] + # the tuning optimizer host and port, start by engine.service + # if engine_host is same as rest_host, two ports cannot be same + # the port can be set between 0 to 65535 which not be used + engine_host = localhost + engine_port = 3838 + + # enable engine server authentication SSL/TLS + # default is true + engine_tls = true + tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt + tlsengineservercertfile = /etc/atuned/engine_certs/server.crt + tlsengineserverkeyfile = /etc/atuned/engine_certs/server.key + + #################################### log ############################### + [log] + # either "debug", "info", "warn", "error", "critical", default is "info" + level = info ``` ## 启动A-Tune @@ -232,4 +332,23 @@ A-Tune安装完成后,需要启动A-Tune服务才能使用。 ![](./figures/zh-cn_image_0214540398.png) +## 启动A-Tune engine + +若需要使用AI相关的功能,需要启动A-Tune engine服务才能使用。 + +- 启动atune-engine服务: + + ``` + # systemctl start atune-engine + ``` + + +- 查询atune-engine服务状态: + + ``` + # systemctl status atune-engine + ``` + + 若回显为如下,则服务启动成功。 + ![](./figures/zh-cn_image_0245342444.png) diff --git "a/docs/zh/docs/A-Tune/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" "b/docs/zh/docs/A-Tune/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" index 9fab425e826428dff3b14fb408dd31b7043244a3..5266a561215b940353a9284ae23086871f2ce862 100644 --- "a/docs/zh/docs/A-Tune/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" +++ "b/docs/zh/docs/A-Tune/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" @@ -10,46 +10,43 @@ 可能原因: -1. 检查atuned服务是否启动,并检查atuned侦听地址。 +1. 检查atuned服务是否启动,并检查atuned侦听地址。 - ``` + ```shell # systemctl status atuned - # netstat -nap | atuned + # netstat -nap |grep atuned ``` -2. 防火墙阻止了atuned的侦听端口。 -3. 系统配置了http代理导致无法连接。 +2. 防火墙阻止了atuned的侦听端口。 +3. 系统配置了http代理导致无法连接。 解决方法: -1. 如果atuned没有启动,启动该服务,参考命令如下: +1. 如果atuned没有启动,启动该服务,参考命令如下: - ``` + ```shell # systemctl start atuned ``` -2. 分别在atuned和atune-adm的服务器上执行如下命令,允许侦听端口接收网络包,其中60001为atuned的侦听端口号。 +2. 分别在atuned和atune-adm的服务器上执行如下命令,允许侦听端口接收网络包,其中60001为atuned的侦听端口号。 - ``` + ```shell # iptables -I INPUT -p tcp --dport 60001 -j ACCEPT # iptables -I INPUT -p tcp --sport 60001 -j ACCEPT ``` +3. 不影响业务的前提下删除http代理,或对侦听IP不进行http代理,命令如下: -1. 不影响业务的前提下删除http代理,或对侦听IP不进行http代理,命令如下: - - ``` + ```shell # no_proxy=$no_proxy,侦听地址 ``` - ## **问题3:atuned服务无法启动,提示“Job for atuned.service failed because a timeout was exceeded.”** 原因:hosts文件中缺少localhost配置 解决方法:在/etc/hosts文件中127.0.0.1这一行添加上localhost -``` +```conf 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ``` - diff --git "a/docs/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" "b/docs/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" index 49d6d8be42e98773d46b42091c62fc728273836c..e8f8a4c72f1eb6f13e09cc53180205be55349074 100644 --- "a/docs/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" +++ "b/docs/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" @@ -26,7 +26,7 @@ A-Tune是一款基于AI开发的系统性能优化引擎,它利用人工智能 A-Tune核心技术架构如下图,主要包括智能决策、系统画像和交互系统三层。 - 智能决策层:包含感知和决策两个子系统,分别完成对应用的智能感知和对系统的调优决策。 -- 系统画像层:主要包括标注和学习系统,标注系统用于业务模型的聚类,学习系统用于业务模型的学习和分类。 +- 系统画像层:主要包括自动特征工程和两层分类模型,自动特征工程用于业务特征的自动选择,两层分类模型用于业务模型的学习和分类。 - 交互系统层:用于各类系统资源的监控和配置,调优策略执行在本层进行。 ![](./figures/zh-cn_image_0227497343.png) @@ -48,14 +48,14 @@ A-Tune支持的主要特性、特性成熟度以及使用建议请参见[表1](#

七大类11款应用负载类型自动优化

+

14大类50款应用负载类型自动优化

已测试

试用

自定义负载类型和业务模型

+

自定义profile和业务模型

已测试
+ ### 支持业务模型 -根据应用的负载特征,A-Tune将业务分为七大类,各类型的负载特征和A-Tune支持的应用请参见[表2](#table2819164611311)。 +根据应用的负载特征,A-Tune将业务分为14大类,各类型的负载特征和A-Tune支持的应用请参见[表2](#table2819164611311)。 **表 2** 支持的业务类型和应用 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

负载模型

-

业务类型

-

负载特征

-

支持的应用

-

default

-

默认类型

-

CPU、内存带宽、网络、IO各维度资源使用率都不高

-

N/A

-

webserver

-

https应用

-

CPU使用率高

-

Nginx

-

big_database

-

数据库

-
  • 关系型数据库

    读: CPU、内存带宽、网络使用率高

    -

    写:IO使用率高

    -
-
  • 非关系型数据库

    CPU、IO使用率高

    -
-

MongoDB、MySQL、PostgreSQL、MariaDB

-

big_data

-

大数据

-

CPU、IO使用率较高

-

Hadoop、Spark

-

in-memory_computing

-

内存密集型应用

-

CPU、内存带宽使用率高

-

SPECjbb2015

-

in-memory_database

-

计算+网络密集型应用

-

CPU单核使用率高,多实例下网络使用率高

-

Redis

-

single_computer_intensive_jobs

-

计算密集型应用

-

CPU单核使用率高,部分子项内存带宽使用率高

-

SPECCPU2006

-

communication

-

网络密集型应用

-

CPU、网络使用率高

-

Dubbo

-

idle

-

系统idle

-

系统处于空闲状态,无任何应用运行

-

N/A

-
- + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

业务大类

+ 		+

业务类型

+ 		+

瓶颈点

+ 		+

支持的应用

+ 		+

待规划的应用

+
+

default

+ 		+

默认类型

+ 		+

算力、内存、网络、IO各维度资源使用率都不高

+ 		+

N/A

+ 		+

N/A

+
+

webserver

+ 		+

web应用

+ 		+

算力瓶颈、网络瓶颈

+ 		+

NginxApache Traffic ServerTomcatApache Http ServerSquidPostfixlighttpd

+ 		+

N/A

+
+

ftp + server

+ 		+

ftp应用

+ 		+

算力瓶颈、网络瓶颈

+ 		+

vsftpdproftpd

+ 		+

N/A

+
+

database

+ 		+

数据库

+ 		+

算力瓶颈、内存瓶颈、IO瓶颈

+ 		+

MongodbMysqlPostgresqlMariadbopenGausstidbsqliteQuestDBinfluxdbsplunkCassandraNeo4j

+ 		+

N/A

+
+

distributed + data store

+ 		+

分布式存储

+ 		+

算力瓶颈、内存瓶颈、IO瓶颈

+ 		+

N/A

+ 		+

stormglusterFSCephInfinispanElasticSearch

+
+

big-data

+ 		+

大数据

+ 		+

算力瓶颈、内存瓶颈

+ 		+

N/A

+ 		+

Hadoop-hdfsHadoop-sparkhive

+
+

middleware

+ 		+

中间件框架

+ 		+

算力瓶颈、网络瓶颈

+ 		+

DubboZookeeperkafkarabbitMQactiveMQrocketMQetcdkaraf

+ 		+

N/A

+
+

in-memory-database

+ 		+

内存数据库

+ 		+

内存瓶颈、IO瓶颈

+ 		+

RedisMemcachedcachefilesd

+ 		+

N/A

+
+

operation

+ 		+

运维工具

+ 		+

算力瓶颈、网络瓶颈

+ 		+

prometheusansiblepuppetzabbix

+ 		+

N/A

+
+

basic-test-suite

+ 		+

基础测试套

+ 		+

算力瓶颈、内存瓶颈

+ 		+

SPECCPU2006SPECjbb2015

+ 		+

N/A

+
+

hpc

+ 		+

人类基因组

+ 		+

算力瓶颈、内存瓶颈、IO瓶颈

+ 		+

Gatk4

+ 		+

N/A

+
+

virtualization

+ 		+

虚拟化

+ 		+

算力瓶颈、内存瓶颈、IO瓶颈

+ 		+

Consumer-cloudMariadb

+ 		+

N/A

+
+

docker

+ 		+

容器

+ 		+

算力瓶颈、内存瓶颈、IO瓶颈

+ 		+

Mariadb

+ 		+

N/A

+
+

others

+ 		+

其他

+ 		+

-

+ 		+

Encryption

+ 		+

N/A

+
\ No newline at end of file diff --git "a/docs/zh/docs/A-Tune/\351\231\204\345\275\225.md" "b/docs/zh/docs/A-Tune/\351\231\204\345\275\225.md" index f533f90985f5861224579785e2ea25a8bfcba1a9..80c87bad98827cce03e146ba202bad25b65b32fa 100644 --- "a/docs/zh/docs/A-Tune/\351\231\204\345\275\225.md" +++ "b/docs/zh/docs/A-Tune/\351\231\204\345\275\225.md" @@ -17,11 +17,7 @@

workload_type

-

负载类型,用于标记具有相同特征的一类业务

-

profile

优化项集合,最佳的参数配置

@@ -29,3 +25,4 @@
+ diff --git a/docs/zh/docs/Administration/FAQ-54.md b/docs/zh/docs/Administration/FAQ-54.md index b70c27841cefaf9f812a4239b4b1320142630dc6..5c359158289d505c444da1119c608e4da9eaebc5 100644 --- a/docs/zh/docs/Administration/FAQ-54.md +++ b/docs/zh/docs/Administration/FAQ-54.md @@ -1,15 +1,4 @@ # FAQ - - -- [FAQ](#faq) - - [使用systemctl和top命令查询libvirtd服务占用内存不同](#使用systemctl和top命令查询libvirtd服务占用内存不同) - - [设置RAID0卷,参数stripsize设置为4时出错](#设置raid0卷参数stripsize设置为4时出错) - - [使用rpmbuild编译mariadb失败](#使用rpmbuild编译mariadb失败) - - [使用默认配置启动SNTP服务失败](#使用默认配置启动sntp服务失败) - - [安装时出现软件包冲突、文件冲突或缺少软件包导致安装失败](#安装时出现软件包冲突文件冲突或缺少软件包导致安装失败) - - [通过dnf update 默认方式升级openssh软件包时无法安装openssh相关包](#通过dnf-update-默认方式升级openssh软件包时无法安装openssh相关包) - - ## 使用systemctl和top命令查询libvirtd服务占用内存不同 @@ -23,10 +12,10 @@ systemd管理的服务(包括systemctl和systemd-cgtop)中显示的内存通 一般来说,业务进程使用的内存主要有以下几种情况: -- anon\_rss:用户空间的匿名映射页(Anonymous pages in User Mode address spaces),比如调用malloc分配的内存,以及使用MAP\_ANONYMOUS的mmap。当系统内存不够时,内核可以将这部分内存交换出去。 -- file\_rss:用户空间的文件映射页(Mapped pages in User Mode address spaces),包含map file和map tmpfs,前者比如指定文件的mmap,后者比如IPC共享内存。当系统内存不够时,内核可以回收这些页,但回收之前可能需要与文件同步数据。 -- file\_cache:文件缓存(page in page cache of disk file),普通读写(read/write)文件时产生的文件缓存。当系统内存不够时,内核可以回收这些页,但回收之前可能需要与文件同步数据。 -- buffer pages:属于page cache,比如读取块设备文件时的相关缓存。 +- anon\_rss:用户空间的匿名映射页(Anonymous pages in User Mode address spaces),比如调用malloc分配的内存,以及使用MAP\_ANONYMOUS的mmap。当系统内存不够时,内核可以将这部分内存交换出去。 +- file\_rss:用户空间的文件映射页(Mapped pages in User Mode address spaces),包含map file和map tmpfs,前者比如指定文件的mmap,后者比如IPC共享内存。当系统内存不够时,内核可以回收这些页,但回收之前可能需要与文件同步数据。 +- file\_cache:文件缓存(page in page cache of disk file),普通读写(read/write)文件时产生的文件缓存。当系统内存不够时,内核可以回收这些页,但回收之前可能需要与文件同步数据。 +- buffer pages:属于page cache,比如读取块设备文件时的相关缓存。 其中anon\_rss和file\_rss属于进程的RSS,file\_cache和buffer pages属于page cache。简单来说: @@ -48,15 +37,15 @@ CGroup里的memory.usage\_in\_bytes = cache + RSS + swap。 ### 解决方法 -不需要修改配置文件,openeuler执行lvcreate命令时,条带化规格支持的stripesize最小值为64KB,将参数stripesize设置为64。 +不需要修改配置文件,openEuler执行lvcreate命令时,条带化规格支持的stripesize最小值为64KB,将参数stripesize设置为64。 ## 使用rpmbuild编译mariadb失败 ### 问题描述 -如果使用root账号登录系统,并在该账号下使用rpmbuild命令编译mariadb源代码,会出现编译失败现象,提示: +如果使用root帐号登录系统,并在该帐号下使用rpmbuild命令编译mariadb源代码,会出现编译失败现象,提示: -``` +```sh + echo 'mysql can'\''t run test as root' mysql can't run test as root + exit 1 @@ -64,7 +53,7 @@ mysql can't run test as root ### 原因分析 -mariadb数据库不允许使用root权限的账号进行测试用例执行,所以会阻止编译过程(编译过程中会自动执行测试用例)。 +mariadb数据库不允许使用root权限的帐号进行测试用例执行,所以会阻止编译过程(编译过程中会自动执行测试用例)。 ### 解决方案 @@ -72,13 +61,13 @@ mariadb数据库不允许使用root权限的账号进行测试用例执行,所 修改前: -``` +```conf %global runtest 1 ``` 修改后: -``` +```conf %global runtest 0 ``` @@ -102,11 +91,11 @@ mariadb数据库不允许使用root权限的账号进行测试用例执行,所 ### 问题现象 -安装软件包过程中,可能出现软件包冲突、文件冲突或缺少软件包,从而导致升安装被中断,最终安装失败。软件包冲突、文件冲突和缺少软件包的报错信息分别如下所示。 +安装软件包过程中,可能出现软件包冲突、文件冲突或缺少软件包,从而导致安装被中断,最终安装失败。软件包冲突、文件冲突和缺少软件包的报错信息分别如下所示。 软件包冲突报错信息示例(以 libev-libevent-devel-4.24-11.oe1.aarch64与libevent-devel-2.1.11-2.oe1.aarch64冲突为例): -``` +```text package libev-libevent-devel-4.24-11.oe1.aarch64 conflicts with libevent-devel provided by libevent-devel-2.1.11-2.oe1.aarch64 - cannot install the best candidate for the job - conflicting requests @@ -114,7 +103,7 @@ package libev-libevent-devel-4.24-11.oe1.aarch64 conflicts with libevent-devel p 文件冲突报错信息示例(以/usr/bin/containerd文件冲突为例): -``` +```text Error: Transaction test error: file /usr/bin/containerd from install of containerd-1.2.0-101.oe1.aarch64 conflicts with file from package docker-engine-18.09.0-100.aarch64 file /usr/bin/containerd-shim from install of containerd-1.2.0-101.oe1.aarch64 conflicts with file from package docker-engine-18.09.0-100.aarch64 @@ -122,7 +111,7 @@ Error: Transaction test error: 缺少软件包的报错信息示例(以缺失blivet-data软件包为例): -``` +```text Error: Problem: cannot install both blivet-data-1:3.1.1-6.oe1.noarch and blivet-data-1:3.1.1-5.noarch - package python2-blivet-1:3.1.1-5.noarch requires blivet-data = 1:3.1.1-5, but none of the providers can be installed @@ -132,53 +121,52 @@ Error: ### 原因分析 -- openEuler提供的软件包中,有些软件包虽然名称不同,但功能相同,导致两个软件包无法同时安装。 -- openEuler提供的软件包中,有些软件包虽然名称不同,但功能相同,导致安装时安装后的文件相同,从而产生了文件冲突。 -- 有些软件包,因在升级安装前被其他软件包所依赖,一旦该软件包升级后,可能导致依赖它的软件包因缺少软件包而不能安装。 +- openEuler提供的软件包中,有些软件包虽然名称不同,但功能相同,导致两个软件包无法同时安装。 +- openEuler提供的软件包中,有些软件包虽然名称不同,但功能相同,导致安装时安装后的文件相同,从而产生了文件冲突。 +- 有些软件包,因在升级安装前被其他软件包所依赖,一旦该软件包升级后,可能导致依赖它的软件包因缺少软件包而不能安装。 ### 解决方案 若为软件包冲突,则按如下步骤进行处理(以问题现象中示例的软件包冲突为例): -1. 根据安装过程中的软件包冲突报错信息,确定与待安装的 libev-libevent-devel-4.24-11.oe1.aarch64软件包冲突的软件包为libevent-devel-2.1.11-2.oe1.aarch64。 -2. 执行**dnf remove**命令将与待安装软件包冲突的软件包单独卸载。 +1. 根据安装过程中的软件包冲突报错信息,确定与待安装的 libev-libevent-devel-4.24-11.oe1.aarch64软件包冲突的软件包为libevent-devel-2.1.11-2.oe1.aarch64。 +2. 执行**dnf remove**命令将与待安装软件包冲突的软件包单独卸载。 - ``` + ```sh # dnf remove libevent-devel-2.1.11-2.oe1.aarch64 ``` -3. 重新进行安装操作。 +3. 重新进行安装操作。 若为文件冲突,则按如下步骤进行处理(以问题现象中示例的文件冲突为例): -1. 根据安装过程中的文件冲突报错信息,确定导致文件冲突的软件包名称为containerd-1.2.0-101.oe1.aarch64和docker-engine-18.09.0-100.aarch64。 -2. 将不需要安装的软件包名称记录下来,以不需要安装docker-engine-18.09.0-100.aarch64为例。 -3. 执行**dnf remove**命令将不需要安装的软件包单独卸载。 +1. 根据安装过程中的文件冲突报错信息,确定导致文件冲突的软件包名称为containerd-1.2.0-101.oe1.aarch64和docker-engine-18.09.0-100.aarch64。 +2. 将不需要安装的软件包名称记录下来,以不需要安装docker-engine-18.09.0-100.aarch64为例。 +3. 执行**dnf remove**命令将不需要安装的软件包单独卸载。 - ``` + ```sh # dnf remove docker-engine-18.09.0-100.aarch64 ``` -4. 重新进行安装操作。 +4. 重新进行安装操作。 若为缺少软件包,则按如下步骤进行处理(以问题现象中示例的缺少软件包为例): -1. 根据升级安装过程中的缺少软件包报错信息,确定待升级的软件包名称blivet-data-1:3.1.1-5.noarch及依赖它的软件包名称python2-blivet-1:3.1.1-5.noarch。 -2. 执行dnf remove命令将依赖待升级包才能安装的软件包单独卸载或在升级软件包时加上\-\-allowerasing参数。 - - 执行**dnf remove**命令将依赖blivet-data-1:3.1.1-5.noarch软件包才能安装的软件包单独卸载。 +1. 根据升级安装过程中的缺少软件包报错信息,确定待升级的软件包名称blivet-data-1:3.1.1-5.noarch及依赖它的软件包名称python2-blivet-1:3.1.1-5.noarch。 +2. 执行dnf remove命令将依赖待升级包才能安装的软件包单独卸载或在升级软件包时加上\-\-allowerasing参数。 + - 执行**dnf remove**命令将依赖blivet-data-1:3.1.1-5.noarch软件包才能安装的软件包单独卸载。 - ``` + ```sh # dnf remove python2-blivet-1:3.1.1-5.noarch ``` - - 升级软件包时加上\-\-allowerasing参数。 + - 升级软件包时加上\-\-allowerasing参数。 - ``` + ```sh # yum update blivet-data-1:3.1.1-5.noarch -y --allowerasing ``` -3. 重新进行升级操作。 - +3. 重新进行升级操作。 ## 通过dnf update 默认方式升级openssh软件包时无法安装openssh相关包 @@ -186,13 +174,10 @@ Error: 通过dnf update 默认方式升级openssh软件包时会出现无法安装openssh相关包,提示如下: - - ``` + ```text cannot install both openssh-7.8p1-8.oe1.aarch64 and openssh-8.2p1-5.oe1.aarch64 cannot install both openssh-7.8p1-8.oe1.aarch64 and openssh-8.2p1-4.oe1.aarch64 - cannot install the best update condidate for package openssh-clients-8.2p1-5.oe1.aarch64 - cannot install the best update condidate for package openssh-8.2p1-5.oe1.aarch64 - +... ``` ### 原因分析 @@ -202,10 +187,388 @@ DNF 默认情况下会启用DNF包管理器的“best”模式(对应的参数 ### 解决方案 DNF的--nobest选项可用于覆盖/关闭默认的“best”行为,以使用户需要升级的包存在依赖问题的场景下可以正常进行安全修改程序包的升级。 -本次openEuler 20.03-LTS版本中开发人员已识别到在openssh包安全修复版本升级过程中会存在该场景,建议用户了解上面的分析的情况下,选择合理的升级方式,openEuler同步给出具体升级示例操作: - +本次openEuler 20.03 LTS SP4 版本中开发人员已识别到在openssh包安全修复版本升级过程中会存在该场景,建议用户了解上面的分析的情况下,选择合理的升级方式,openEuler同步给出具体升级示例操作: - ``` + ```sh dnf update –y –nobest openssh - - ``` \ No newline at end of file + ``` + +### 安装冲突实例 + +- 文件冲突 + +python3-edk2-devel.noarch 与 build.noarch 因文件名重复存在冲突。 + +```shell +# yum install python3-edk2-devel.noarch build.noarch +... +Error: Transaction test error: +file /usr/bin/build conflicts between attempted installs of python3-edk2-devel-202002-3.oe1.noarch and build-20191114-324.4.oe1.noarch +``` + +## libiscsi降级失败 + +### 问题现象 + +libiscsi-1.19.2 版本及以上降级到 libiscsi-1.19.1 及以下版本时失败。 + +```text +Error: Transaction test error: +file /usr/bin/iscsi-inq from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-ls from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-perf from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-readcapacity16 from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-swp from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-test-cu from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +``` + +### 原因分析 + +libiscsi-1.19.1 之前的版本把 iscsi-xxx 等二进制文件打包进了主包 libiscsi,而这些二进制文件引入了不合理的依赖 CUnit,为了解决这种不合理的依赖,在 libiscsi-1.19.2 版本把这些二进制文件单独拆分出来一个子包 libiscsi-utils,主包弱依赖于子包,产品可以根据自己的需求在做镜像时是否集成该子包;不集成或卸载子包不会影响 libiscsi 主包的功能。 + +如果系统中安装了 libiscsi-utils 子包,libiscsi-1.19.2 及以上版本降级到 libiscsi-1.19.1 及以下版本时,由于 libiscsi-1.19.1 及以下版本无法提供对应的 libiscsi-utils,因此 libiscsi-utils 不会降级,但 libiscsi-utils 依赖于降级前的 libiscsi 主包,导致依赖问题无法解决,最终导致降级失败。 + +### 解决方案 + +执行以下命令,卸载 libiscsi-utils 子包,卸载成功后再进行降级操作。 + +```sh +yum remove libiscsi-utils +``` + +## xfsprogs降级失败 + +### 问题现象 + +xfsprogs-5.6.0-2 及以上版本降级到 xfsprogs-5.6.0-1 及以下版本时失败。 + +```text +Error: +Problem: problem with installed package xfsprogs-xfs_scrub-5.6.0-2.oe1.x86_64 +- package xfsprogs-xfs_scrub-5.6.0-2.oe1.x86_64 requires xfsprogs = 5.6.0-2.oe1, but none of the providers can be installed +- cannot install both xfsprogs-5.6.0-1.oe1.x86_64 and xfsprogs-5.6.0-2.oe1.x86_64 +- cannot install both xfsprogs-5.6.0-2.oe1.x86_64 and xfsprogs-5.6.0-1.oe1.x86_64 +- conflicting requests +``` + +### 原因分析 + +在 xfsprogs-5.6.0-2 版本中,为了减少 xfsprogs 主包的不合理依赖,同时将实验性质的命令从主包中分来,我们将 xfs_scrub* 命令拆分到单独的 xfsprogs-xfs_scrub 子包中。而 xfsprogs 主包弱依赖于 xfsprogs-xfs_scrub 子包,所以产品可以根据自己的需求在做镜像时是否集成该子包,或者是否卸载该子包。不集成或卸载该子包不会影响 xfsprogs 主包功能。 + +如果系统中安装了 xfsprogs-xfs_scrub 子包,从 xfsprogs-5.6.0-2 及以上版本降级到 xfsprogs-5.6.0-1 及以下版本时,由于 xfsprogs-5.6.0-1 及以下版本无法提供对应的 xfsprogs-xfs_scrub,因此 xfsprogs-xfs_scrub 不会降级,但 xfsprogs-xfs_scrub 依赖于降级前的 xfsprogs 主包,导致依赖问题无法解决,最终导致降级失败。 + +### 解决方案 + +执行以下命令,卸载 xfsprogs-xfs_scrub 子包,卸载成功后再进行降级操作。 + +```sh +yum remove xfsprogs-xfs_scrub +``` + +## 不合理使用glibc正则表达式引起ReDoS攻击 + +### 问题现象 + +使用glibc的regcomp/regexec接口编程,或者grep/sed等应用glibc正则表达式的shell命令,不合理的正则表达式或输入会造成ReDoS攻击(CVE-2019-9192/CVE-2018-28796)。 +典型正则表达式pattern为“反向引用”(\1表示)与“*”(匹配零次或多次)、“+”(匹配一次或多次)、“{m,n}”(最小匹配m次,最多匹配n次)的组合,或者配合超长字符串输入,示例如下: + +```sh +# echo D | grep -E "$(printf '(\0|)(\\1\\1)*')"Segmentation fault (core dumped) +# grep -E "$(printf '(|)(\\1\\1)*')" +Segmentation fault (core dumped) +# echo A | sed '/\(\)\(\1\1\)*/p' +Segmentation fault (core dumped) +# time python -c 'print "a"*40000' | grep -E "a{1,32767}" +Segmentation fault (core dumped) +# time python -c 'print "a"*40900' | grep -E "(a)\\1" +Segmentation fault (core dumped) +``` + +### 原因分析 + +使用正则表达式的进程coredump。具体原因为glibc正则表达式的实现为NFA/DFA混合算法,内部原理是使用贪婪算法进行递归查找,目的是尽可能匹配更多的字符串,贪婪算法在处理递归正则表达式时会导致ReDoS。 + +### 解决方案 + +1. 需要对用户做严格的权限控制,减少攻击面。 +2. 用户需保证正则表达式的正确性,不输入无效正则表达式,或者超长字符串配合正则的“引用” “*”等容易触发无限递归的组合。 + + ```sh + # ()(\1\1)* + # "a"*400000 + ``` + +3. 用户程序在检测到进程异常之后,通过重启进程等手段恢复业务,提升程序的可靠性。 + +## emacs编辑文件时会存在缓存文件 + +### 问题现象 + +emacs未进行配置时,编辑文件保存后会存在以“~”结尾的缓存文件。 + +### 原因分析 + +emacs未进行配置,或者未生成有效的配置文件,会导致存在缓存文件,缓存文件的功能是为了防止系统意外关闭导致的数据丢失,用户可自行决定是否启用该功能。 + +### 解决方案 + +1. 安装好emacs后进入emacs界面。 +2. 在emacs界面输入alt键加x键。 +3. 输入customize后可进行各种设置,对任一功能设置后会生成一个.emacs配置文件,会显示出相应的配置文件路径,如/root/.emacs(自行创建的.emacs无功能作用)。 +4. 若需更改缓存文件配置,有如下方案,可自选: + + - 复制如下代码到/root/.emacs,关闭缓存文件功能: + + ```sh + (setq make-backup-files nil) + ``` + + - 复制如下代码到/root/.emacs,指定集中保存备份文件的目录: + + ```sh + (setq backup-directory-alist (quote (("." . "/.emacs-backups")))) + ``` + +## rtkit-daemon 服务启动报错“Failed to make ourselves RT: Operation not permitted” + +### 问题现象 + +默认情况下rtkit-daemon服务启动正常,但是在安装docker-engine的情况下启动 +rtkit-daemon会有报错信息,如下所示: + +```text +12月 18 09:34:15 openEuler systemd[1]: Started RealtimeKit Scheduling Policy Service. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Successfully called chroot. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Successfully dropped privileges. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Successfully limited resources. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Running. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Canary thread running. +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Failed to make ourselves RT: Operation not permitted +12月 18 09:34:15 openEuler rtkit-daemon[22560]: Watchdog thread running. +``` + +### 原因分析 + +rtkit-daemon报错的原因是有服务(如docker.service)配置了Delegate=yes。 + +在没有配置该参数的情况下,rtkit-daemon的cgroup信息如下所示,此时服务表现正常。 + +```sh +[root@openEuler ~]# cat /proc/pidof rtkit-daemon/cgroup | grep system +12:pids:/system.slice/rtkit-daemon.service +7:devices:/system.slice/rtkit-daemon.service +5:memory:/system.slice/rtkit-daemon.service +2:blkio:/system.slice +1:name=systemd:/system.slice/rtkit-daemon.service +``` + +在配置了Delegate=yes的情况下,systemd会创建相关slice,并把cpu cgroup也移动到 +slice中。这样rtkit-daemon服务的cgroup信息如下所示。rtkit-daemon被移动到了 +3:cpu,cpuacct:/system.slice/rtkit-daemon.service 但是里面的cpu.rt_runtime_us又 +没有设置合理的数值,所以有报错。 + +```sh +[root@openEuler ~]# cat /proc/pidof rtkit-daemon/cgroup | grep system +12:pids:/system.slice/rtkit-daemon.service +7:devices:/system.slice/rtkit-daemon.service +5:memory:/system.slice/rtkit-daemon.service +3:cpu,cpuacct:/system.slice/rtkit-daemon.service +2:blkio:/system.slice/rtkit-daemon.service +1:name=systemd:/system.slice/rtkit-daemon.service +``` + +### 解决方案 + +方法一:修改rtkit-daemon.service,添加如下配置,这种方式即使用系统默认cpu cgroup配置。 + +```conf +Slice=-.slice +DisableControllers=cpu cpuacct +``` + +方法二:修改rtkit-daemon.service,添加如下配置,这种方法即根据需要配置调度参数。 + +```conf +ExecStartPre=/usr/bin/bash -c "mkdir -p /sys/fs/cgroup/cpu,cpuacct/system.slice/rtkit-daemon.service" +ExecStartPre=/usr/bin/bash -c "echo 950000 > /sys/fs/cgroup/cpu,cpuacct/system.slice/cpu.rt_runtime_us" +ExecStartPre=/usr/bin/bash -c "echo 950000 > /sys/fs/cgroup/cpu,cpuacct/system.slice/rtkit-daemon.service/cpu.rt_runtime_us" +``` + +## 通过dnf update进行软件包全量升级,由20.03-LTS 升级到 20.03-LTS-SP4时,系统重启失败 + +### 问题现象 + +x86_64架构 Legacy引导模式下,/boot目录未单独分区,通过dnf进行软件包全量升级,由20.03-LTS升级到20.03-LTS-SP4,出现系统升级成功但重启时引导失败,提示如下: + +```text +error: ../../grub-core/fs/fshelp.c:258:file +'/vmlinuz-4.19.90-2012.5.0.0054.oe1.x86_64' +not found. +error: ../../grub-core/loader/i386/pc/linux.c:417:you need to load the kernel first. + +Press any key to continue... +``` + +### 原因分析 + +20.03-LTS以前默认采用传统cfg,而20.03-LTS-SP4的grub2升级2.04版本后默认变为bls格式,openEuler目前对bls格式的cfg文件不做支持,导致重启后无法根据该格式的grub.cfg找到内核,启动失败。openEuler社区开发人员正在寻求进行此默认更改,以防由于cfg格式问题导致软件包升级后重启失败。 + +### 解决方案 + +1. 在引导界面按e进行grub2配置修改界面,修改内核与initrd部分的路径,如: + + ```text + linux ($root)/vmlinuz-4.19-xxx root=xxx --->>> linux ($root)/boot/vmlinuz-4.19-xxx root=xxx + initrd ($root)/initramfs-4.19-xxx --->>> initrd ($root)/boot/initramfs-4.19-xxx + ``` + + 随后,按ctrl+x引导系统启动。 + +2. 重新安装grub2-2.04-8及以后的版本。 +3. 重新生成cfg文件,grub2-mkconfig -o /boot/grub2/grub.cfg 。 +4. 再次重启,系统成功引导。 + +## 版本升级后,httpd服务启动失败 + +### 问题现象 + +从旧版本升级到最新版本时,http.service服务启动失败。 + +### 原因分析 + +当待升级环境开启了selinux,并且安装了httpd的子包mod_md时,升级到最新版本后,http.service服务启动失败。查看系统messages日志`/var/log/messags`,可以看到日志记录如下: + +```text +openEuler setroubleshoot[****]: SELinux is preventing /usr/sbin/httpd from add_name access on the directory md. +... +openEuler setroubleshoot[****]: SELinux is preventing httpd from setattr access on the directory challenges. +``` + +可以看到,selinux阻止httpd进程对md/challenges目录执行操作。因此,当selinux使能,且安装有mod_md子包时,需要修改selinux配置,否则selinux权限问题会导致http.service服务启动失败。 + +### 解决方案 + +1. 执行以下命令,允许httpd访问网络。 + + ```sh + # setsebool -P httpd_can_network_connect on + ``` + +2. 创建文件 `httpd-md.te`,用于描述对资源的访问许可。文件内容如下: + + ```sh + # create new + module httpd-md 1.0; + require { + type httpd_config_t; + type httpd_t; + class dir { add_name create remove_name rename reparent rmdir setattr }; + class file { create rename setattr unlink write }; + } + #============= httpd_t ============== + allow httpd_t httpd_config_t:dir { add_name create remove_name rename reparent rmdir setattr }; + allow httpd_t httpd_config_t:file { create rename setattr unlink write }; + ``` + +3. 检查并编译安全策略文件。 + + ```sh + # checkmodule -m -M -o httpd-md.mod httpd-md.te + ``` + +4. 创建策略模块。 + + ```sh + # semodule_package --outfile httpd-md.pp --module httpd-md.mod + ``` + +5. 安装策略模块。 + + ```sh + # semodule -i httpd-md.pp + ``` + +6. 重启httpd.service服务。 + + ```sh + # systemctl status httpd.service + ``` + +## fuse包2.9.9-4前后、fuse3包3.9.2-4前后升降级说明 + +### 问题现象 + +1. dnf upgrade fuse fuse-common fuse3 升级失败 +2. dnf downgrade fuse, fuse3会降级或安装 +3. dnf downgrade fuse3, fuse会降级 + +### 原因分析 + +1. dnf upgrade fuse fuse-common fuse3失败原因:在2.9.9-3及之前,fuse,fuse3均obsoletes fuse-common,按顺序解析包依赖关系,解析fuse-common依赖关系时,fuse-common仍被fuse3 obsoletes,导致fuse-common无法升级。 +2. dnf downgrade fuse, fuse3会降级或安装:降级fuse的时候,也会降级fuse-common,在fuse 2.9.9-3 以及fuse3 3.9.2-3版本之前,fuse-common包包含在fuse和fuse3中,在降级fuse-common时发现其旧版本包含在fuse3中,所以将fuse3降级或者安装。 +3. dnf downgrade fuse3, fuse会降级:降级fuse3的时候,也会降级fuse-common,在fuse 2.9.9-3 以及fuse3 3.9.2-3版本之前,fuse-common包包含在fuse和fuse3中,在降级fuse-common解析时其旧版本包含在fuse中,所以将fuse降级。 + +### 解决方案 + +1. 升级fuse使用dnf upgrade fuse,升级fuse3使用dnf fuse fuse3 fuse-common。 +2. 无需解决。 +3. 无需解决。 + +## 安装卸载httpd-devel和apr-util-devel软件包,其中的依赖包gdbm-devel安装、卸载有报错 + +### 问题现象 + +1. gdbm-devel-1.18.1-1包安装、卸载有报错; +2. 问题1修复后,gdbm和gdbm-devel包更新到1.18.1-2版本,但在安装httpd-devel、apr-util-devel等包(依赖关系中有gdbm-devel软件包)时,默认安装的gdbm-devel还是1.18.1-1旧版本,导致问题报错依然存在。 + +### 原因分析 + +1. gdbm-devel-1.18.1-1包中缺少提供info信息的help软件包,导致单独安装gdbm-devel并不能将help包引入进来,所以出现了如下告警信息。 + + ```text + install-info: 没有那个文件或目录 for /usr/share/info/gdbm.info.gz + ``` + +2. 由于系统默认安装的gdbm主包是1.18.1-1版本,而没有安装gdbm-devel包。依赖gdbm-devel包的相关软件包在安装gdbm-devel包的过程中,仍会匹配gdbm的主包版本,故而依然安装了gdbm-devel的旧版本1.18.1-1,导致警告信息依然存在。 + +### 解决方案 + +1. 单包升级gdbm,安装使用gdbm-1.18.1-2版本相关软件包后,告警信息消失; +2. 在单包升级gdbm后,再进行安装依赖的gdbm-devel软件包安装,让其依赖高版本gdbm软件包,告警信息消失。 + +## bind升级输出异常日志 + +### 问题现象 + +在升级bind的时候输出日志:ImportError: cannot import name 'IbpkeyconRange' from 'setools.policyrep',导致升级过程中semanage命令执行失败。 + +```text + File "/usr/lib64/python3.7/site-packages/setools/__init__.py", line 31, in + from .policyrep import SELinuxPolicy, BoundsRuletype, ConstraintRuletype, DefaultRuletype, \ +ImportError: cannot import name 'IbpkeyconRange' from 'setools.policyrep' (/usr/lib64/python3.7/site-packages/setools/policyrep/__init__.py) +``` + +### 原因分析 + +全量升级的流程是先升级所有软件包,都升级到新版本后,才去统一清理旧版本文件。policyrep模块属于python3-setools软件包,setools包结构发生过变更: + +- 在setools-4.2.0之前版本中,policyrep模块在/usr/lib64/python3.7/site-packages/setools/policyrep目录中。 +- 在社区稳定版本setools-4.2.0及之后版本中,policyrep模块集成到动态库/usr/lib64/python3.7/site-packages/setools/policyrep.cpython-37m-aarch64-linux-gnu.so。 + +全量升级过程中,bind升级时以上两者都存在,寻找policyrep模块时,python的机制会优先找policyrep目录,导致找到了旧版本的文件从而没有成功执行semanage命令。由于bind是在post和postun处理的以下语句中执行semanage命令,如果用户需要配置selinux策略,执行失败会影响selinux策略的配置。 + +- post处理: + +```conf +%selinux_set_booleans named_write_master_zones=1 +``` + +- postun处理: + +```conf +%selinux_unset_booleans named_write_master_zones=1 +``` + +### 解决方案 + +bind能升级到新版本,但影响升级时的semanage命令的正常执行。为不影响关于bind的selinux策略的配置,请使用“dnf -y reinstall bind”命令重新安装bind软件包。 diff --git a/docs/zh/docs/Administration/figures/etmem-system-architecture.png b/docs/zh/docs/Administration/figures/etmem-system-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..1e077e00f44c0404526a4742d49c6e866601eee1 Binary files /dev/null and b/docs/zh/docs/Administration/figures/etmem-system-architecture.png differ diff --git a/docs/zh/docs/Administration/memory-management.md b/docs/zh/docs/Administration/memory-management.md new file mode 100644 index 0000000000000000000000000000000000000000..594bf45c3117ffa13111781867a151c6cd68bd4d --- /dev/null +++ b/docs/zh/docs/Administration/memory-management.md @@ -0,0 +1,963 @@ +# 管理内存 + +## 基本概念 + +**内存**是计算机的重要组成部件,用于暂时存放CPU中的运算数据,以及与硬件等外部存储器交换的数据。特别地,**非统一内存访问架构**(non-uniform memory access,简称NUMA)是一种为多处理器的电脑设计的内存架构,**内存访问时间取决于内存相对于处理器的位置**。在NUMA下,处理器访问本地内存的速度比非本地内存速度(内存位于另一个处理器,或者是处理器之间共享的内存)快。 + +## 查看内存 + +1. free:可用于**显示系统内存状态**。 + + 例如: + + ```shell + # 显示系统内存状态,以MB单位显示 + free -m + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# free -m + total used free shared buff/cache available + Mem: 2633 436 324 23 2072 2196 + Swap: 4043 0 4043 + ``` + + 在命令的输出信息中,各字段所代表的含义如下: + + |标识|含义| + |--|--| + |total|总内存数。| + |used|已经使用的内存数。| + |free|空闲的内存数。| + |shared|多个进程共享的内存总数。| + |buff/cache|缓冲和缓存内存总数。| + |available|估计有多少内存可用于启动新应用程序,而不交换。| + +2. vmstat:可以**动态地监控系统内存**,查看系统内存的使用情况。 + + 例如: + + ```shell + # 监测系统内存,显示活跃和非活跃内存 + vmstat -a + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# vmstat -a + procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- + r b swpd free inact active si so bi bo in cs us sy id wa st + 2 0 520 331980 1584728 470332 0 0 0 2 15 19 0 0 100 0 0 + ``` + + 在命令的输出信息中,与内存相关的memory字段所代表的含义如下: + + |字段|含义| + |--|--| + |memory|内存信息字段。-swpd:虚拟内存的使用情况,单位为 KB。-free:空闲的内存容量,单位为 KB。-inact:非活跃的内存容量,单位为 KB。-active:活跃的内存容量,单位为 KB。| + +3. sar:可用于**监控系统的内存使用情况**。 + + 例如: + + ```shell + # 系统内存在采样时间内的使用情况,每2秒统计一次,统计 3 次 + sar -r 2 3 + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# sar -r 2 3 + + 04:02:09 PM kbmemfree kbavail kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kb + dirty + 04:02:11 PM 332180 2249308 189420 7.02 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:13 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:15 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + Average: 332159 2249287 189441 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + ``` + + 在命令的输出信息中,各字段所代表的含义如下: + + |字段|含义| + |--|--| + |kbmemfree|内存的未使用空间。| + |kbmemused|内存的已使用空间。| + |%memused|已使用空间的百分比。| + |kbbuffers|缓冲区的数据存取量。| + |kbcached|系统全域的数据存取量。| + +4. numactl:可用于**查看NUMA节点配置和状态**。 + + 例如: + + ```shell + # 查看当前的NUMA配置 + numactl -H + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# numactl -H + available: 1 nodes (0) + node 0 cpus: 0 1 2 3 + node 0 size: 2633 MB + node 0 free: 322 MB + node distances: + node 0 + 0: 10 + ``` + + 服务器共划分为1个NUMA节点。每个节点包含4个CPU core,每个节点的内存大小约为6GB。 + 同时,该命令还给出了不同节点间的距离,距离越远,跨NUMA内存访问的延时越大。应用程序运行时应减少跨NUMA访问内存。 + + numstat:可用于**观察各个NUMA节点的状态** + + ```shell + # 观察NUMA节点的状态 + numastat + ``` + + ```shell + [root@openEuler ~]# numastat + node0 + numa_hit 5386186 + numa_miss 0 + numa_foreign 0 + interleave_hit 17483 + local_node 5386186 + other_node 0 + ``` + + numastat命令输出字段及其含义如下: + + |标识|含义| + |--|--| + |numa_hit|节点内CPU核访问本地内存的次数。| + |numa_miss|节点内核访问其他节点内存的次数。| + |numa_foreign|初始分配在本地,最后分配在其他节点的叶数量。每个numa_foreign对应numa_miss事件。| + |interleave_hit|interleave策略页成功分配到这个节点。| + |local_node|该节点的进程成功在这个节点上分配内存访问的大小。| + |other_node|该节点的进程在其他节点上分配的内存访问大小。| + +## etmem内存分级扩展 + +### 介绍 + +随着CPU算力的发展,尤其是ARM核成本的降低,内存成本和内存容量成为约束业务成本和性能的核心痛点,因此如何节省内存成本,如何扩大内存容量成为存储迫切要解决的问题。 + +etmem内存分级扩展技术,通过DRAM+内存压缩/高性能存储新介质形成多级内存存储,对内存数据进行分级,将分级后的内存冷数据从内存介质迁移到高性能存储介质中,达到内存容量扩展的目的,从而实现内存成本下降。 + +etmem软件包运行的工具主要分为etmem客户端和etmemd服务端。etmemd服务端工具,运行后常驻,其中实现了目的进程的内存冷热识别及淘汰等功能。etmem客户端工具,调用时运行一次,根据命令参数的不同,控制etmemd服务端响应不同的操作。 + +### 编译教程 + +1. 下载etmem源码 + + ```bash + git clone https://gitee.com/openeuler/etmem.git + ``` + +2. 编译和运行依赖 + + etmem的编译和运行依赖于libboundscheck组件 + + 安装命令: + + ```bash + yum install libboundscheck + ``` + + 通过rpm包进行确认是否安装: + + ```bash + rpm -qa |grep libboundscheck + ``` + +3. 编译 + + ```bash + cd etmem + + mkdir build + + cd build + + cmake .. + + make + ``` + +### 注意事项 + +#### 运行依赖 + +etmem作为内存扩展工具,需要依赖于内核态的特性支持,为了可以识别内存访问情况和支持主动将内存写入swap分区来达到内存垂直扩展的需求,etmem在运行时需要插入`etmem_scan`和`etmem_swap`模块: + +```bash +modprobe etmem_scan +modprobe etmem_swap +``` + +#### 权限限制 + +运行etmem进程需要root权限,root用户具有系统最高权限,在使用root用户进行操作时,请严格按照操作指导进行操作,避免其他操作造成系统管理及安全风险。 + +#### 使用约束 + +- etmem的客户端和服务端需要在同一个服务器上部署,不支持跨服务器通信的场景。 +- etmem仅支持扫描进程名小于或等于15个字符长度的目标进程。在使用进程名时,支持的进程名有效字符为:“字母”, “数字”,特殊字符“./%-_”以及上述三种的组合,其余组合认为是非法字符。 +- 在使用AEP介质进行内存扩展的时候,依赖于系统可以正确识别AEP设备并将AEP设备初始化为`numa node`。并且配置文件中的`vm_flags`字段只能配置为`ht`。 +- 引擎私有命令仅针对对应引擎和引擎下的任务有效,比如cslide所支持的`showhostpages`和`showtaskpages`。 +- 第三方策略实现代码中,`eng_mgt_func`接口中的`fd`不能写入`0xff`和`0xfe`字。 +- 支持在一个工程内添加多个不同的第三方策略动态库,以配置文件中的`eng_name`来区分。 +- 禁止并发扫描同一个进程。 +- 未加载`etmem_scan`和`etmem_swap` ko时,禁止使用`/proc/xxx/idle_pages`和`/proc/xxx/swap_pages`文件。 +- etmem对应配置文件,其权限要求为属主为root用户,且权限为600或400,配置文件大小不超过10M。 +- etmem在进行第三方策略注入时,第三方策略的`so`权限要求为属主为root用户,且权限为500或700。 + +### 使用说明 + +#### etmem配置文件 + +在运行etmem进程之前,需要管理员预先规划哪些进程需要做内存扩展,将进程信息配置到etmem配置文件中,并配置内存扫描的周期、扫描次数、内存冷热阈值等信息。 + +配置文件的示例文件在源码包中,放置在`/etc/etmem`文件路径下,按照功能划分为3个示例文件。 + +```text +/etc/etmem/cslide_conf.yaml +/etc/etmem/slide_conf.yaml +/etc/etmem/thirdparty_conf.yaml +``` + +示例内容分别为: + +```sh +#slide引擎示例 +#slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +sysmem_threshold=50 +swapcache_high_vmark=10 +swapcache_low_vmark=6 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +swap_threshold=10g +swap_flag=yes + +#cslide引擎示例 +#cslide_conf.yaml +[engine] +name=cslide +project=test +node_pair=2,0;3,1 +hot_threshold=1 +node_mig_quota=1024 +node_hot_reserve=1024 + +[task] +project=test +engine=cslide +name=background_cslide +type=pid +name=23456 +vm_flags=ht +anon_only=no +ign_host=no + +#thirdparty引擎示例 +#thirdparty_conf.yaml +[engine] +name=thirdparty +project=test +eng_name=my_engine +libname=/usr/lib/etmem_fetch/my_engine.so +ops_name=my_engine_ops +engine_private_key=engine_private_value + +[task] +project=test +engine=my_engine +name=background_third +type=pid +value=12345 +task_private_key=task_private_value +``` + +配置文件各字段说明: + +| 配置项 | 配置项含义 | 是否必须 | 是否有参数 | 参数范围 | 示例说明 | +|-----------|---------------------|------|-------|------------|-----------------------------------------------------------------| +| [project] | project公用配置段起始标识 | 否 | 否 | NA | project参数的开头标识,表示下面的参数直到另外的[xxx]或文件结尾为止的范围内均为project section的参数 | +| name | project的名字 | 是 | 是 | 64个字以内的字符串 | 用来标识project,engine和task在配置时需要指定要挂载到的project | +| loop | 内存扫描的循环次数 | 是 | 是 | 1~120 | loop=3 //扫描3次 | +| interval | 每次内存扫描的时间间隔 | 是 | 是 | 1~1200 | interval=5 //每次扫描之间间隔5s | +| sleep | 每个内存扫描+操作的大周期之间时间间隔 | 是 | 是 | 1~1200 | sleep=10 //每次大周期之间间隔10s | +| sysmem_threshold| slide engine的配置项,系统内存换出阈值 | 否 | 是 | 0~100 | sysmem_threshold=50 //系统内存剩余量小于50%时,etmem才会触发内存换出| +| swapcache_high_wmark| slide engine的配置项,swacache可以占用系统内存的比例,高水线 | 否 | 是 | 1~100 | swapcache_high_wmark=5 //swapcache内存占用量可以为系统内存的5%,超过该比例,etmem会触发swapcache回收
注: swapcache_high_wmark需要大于swapcache_low_wmark| +| swapcache_low_wmark| slide engine的配置项,swacache可以占用系统内存的比例,低水线 | 否 | 是 | [1~swapcache_high_wmark) | swapcache_low_wmark=3 //触发swapcache回收后,系统会将swapcache内存占用量回收到低于3%| +| [engine] | engine公用配置段起始标识 | 否 | 否 | NA | engine参数的开头标识,表示下面的参数直到另外的[xxx]或文件结尾为止的范围内均为engine section的参数 | +| project | 声明所在的project | 是 | 是 | 64个字以内的字符串 | 已经存在名字为test的project,则可以写为project=test | +| engine | 声明所在的engine | 是 | 是 | slide/cslide/thridparty | 声明使用的是slide或cslide或thirdparty策略 | +| node_pair | cslide engine的配置项,声明系统中AEP和DRAM的node pair | engine为cslide时必须配置 | 是 | 成对配置AEP和DRAM的node号,AEP和DRAM之间用逗号隔开,没对pair之间用分号隔开 | node_pair=2,0;3,1 | +| hot_threshold | cslide engine的配置项,声明内存冷热水线的阈值 | engine为cslide时必须配置 | 是 | 大于等于0,小于等于INT_MAX的整数 | hot_threshold=3 //访问次数小于3的内存会被识别为冷内存 | +|node_mig_quota|cslide engine的配置项,流控,声明每次DRAM和AEP互相迁移时单向最大流量|engine为cslide时必须配置|是|大于等于0,小于等于INT_MAX的整数|node_mig_quota=1024 //单位为MB,AEP到DRAM或DRAM到AEP搬迁一次最大1024M| +|node_hot_reserve|cslide engine的配置项,声明DRAM中热内存的预留空间大小|engine为cslide时必须配置|是|大于等于0,小于等于INT_MAX的整数|node_hot_reserve=1024 //单位为MB,当所有虚拟机热内存大于此配置值时,热内存也会迁移到AEP中| +|eng_name|thirdparty engine的配置项,声明engine自己的名字,供task挂载|engine为thirdparty时必须配置|是|64个字以内的字符串|eng_name=my_engine //对此第三方策略engine挂载task时,task中写明engine=my_engine| +|libname|thirdparty engine的配置项,声明第三方策略的动态库的地址,绝对地址|engine为thirdparty时必须配置|是|256个字以内的字符串|libname=/user/lib/etmem_fetch/code_test/my_engine.so| +|ops_name|thirdparty engine的配置项,声明第三方策略的动态库中操作符号的名字|engine为thirdparty时必须配置|是|256个字以内的字符串|ops_name=my_engine_ops //第三方策略实现接口的结构体的名字| +|engine_private_key|thirdparty engine的配置项,预留给第三方策略自己解析私有参数的配置项,选配|否|否|根据第三方策略私有参数自行限制|根据第三方策略私有engine参数自行配置| +| [task] | task公用配置段起始标识 | 否 | 否 | NA | task参数的开头标识,表示下面的参数直到另外的[xxx]或文件结尾为止的范围内均为task section的参数 | +| project | 声明所挂的project | 是 | 是 | 64个字以内的字符串 | 已经存在名字为test的project,则可以写为project=test | +| engine | 声明所挂的engine | 是 | 是 | 64个字以内的字符串 | 所要挂载的engine的名字 | +| name | task的名字 | 是 | 是 | 64个字以内的字符串 | name=background1 //声明task的名字是backgound1 | +| type | 目标进程识别的方式 | 是 | 是 | pid/name | pid代表通过进程号识别,name代表通过进程名称识别 | +| value | 目标进程识别的具体字段 | 是 | 是 | 实际的进程号/进程名称 | 与type字段配合使用,指定目标进程的进程号或进程名称,由使用者保证配置的正确及唯一性 | +| T | engine为slide的task配置项,声明内存冷热水线的阈值 | engine为slide时必须配置 | 是 | 0~loop * 3 | T=3 //访问次数小于3的内存会被识别为冷内存 | +| max_threads | engine为slide的task配置项,etmemd内部线程池最大线程数,每个线程处理一个进程/子进程的内存扫描+操作任务 | 否 | 是 | 1~2 * core数 + 1,默认为1 | 对外部无表象,控制etmemd服务端内部处理线程个数,当目标进程有多个子进程时,配置越大,并发执行的个数也多,但占用资源也越多 | +| vm_flags | engine为cslide的task配置项,通过指定flag扫描的vma,不配置此项时扫描则不会区分 | 否 | 是 | 256长度以内的字符串,不同flag以空格隔开 | vm_flags=ht //扫描flags为ht(大页)的vma内存 | +| anon_only | engine为cslide的task配置项,标识是否只扫描匿名页 | 否 | 是 | yes/no | anon_only=no //配置为yes时只扫描匿名页,配置为no时非匿名页也会扫描 | +| ign_host | engine为cslide的task配置项,标识是否忽略host上的页表扫描信息 | 否 | 是 | yes/no | ign_host=no //yes为忽略,no为不忽略 | +| task_private_key | engine为thirdparty的task配置项,预留给第三方策略的task解析私有参数的配置项,选配 | 否 | 否 | 根据第三方策略私有参数自行限制 | 根据第三方策略私有task参数自行配置 | +| swap_threshold |slide engine的配置项,进程内存换出阈值 | 否 | 是 | 进程可用内存绝对值 | swap_threshold=10g //进程占用内存在低于10g时不会触发换出。
当前版本下,仅支持g/G作为内存绝对值单位。与sysmem_threshold配合使用,仅系统内存低于阈值时,进行白名单中进程阈值判断 | +| swap_flag|slide engine的配置项,进程指定内存换出 | 否 | 是 | yes/no | swap_flag=yes//使能进程指定内存换出 | + +#### etmemd服务端启动 + +在使用etmem提供的服务时,首先根据需要修改相应的配置文件,然后运行etmemd服务端,常驻在系统中来操作目标进程的内存。除了支持在命令行中通过二进制来启动etmemd的进程外,还可以通过配置`service`文件来使etmemd服务端通过`systemctl`方式拉起,此场景需要通过`mode-systemctl`参数来指定支持。 + +##### 使用方法 + +可以通过下列示例命令启动etmemd的服务端: + +```bash +etmemd -l 0 -s etmemd_socket +``` + +或者 + +```bash +etmemd --log-level 0 --socket etmemd_socket +``` + +其中`-l`的`0`和`-s`的`etmemd_socket`是用户自己输入的参数,参数具体含义参考以下列表: + +##### 命令行参数说明 + +| 参数 | 参数含义 | 是否必须 | 是否有参数 | 参数范围 | 示例说明 | +| --------------- | ---------------------------------- | -------- | ---------- | --------------------- | ------------------------------------------------------------ | +| -l或\-\-log-level | etmemd日志级别 | 否 | 是 | 0~3 | 0:debug级别
1:info级别
2:warning级别
3:error级别
只有大于等于配置的级别才会打印到/var/log/message文件中 | +| -s或\-\-socket | etmemd监听的名称,用于与客户端交互 | 是 | 是 | 107个字符之内的字符串 | 指定服务端监听的名称 | +| -m或\-\-mode-systemctl| 指定通过systemctl方式来拉起stmemd服务| 否| 否| NA| service文件中需要指定-m参数| +| -h或\-\-help | 帮助信息 | 否 | 否 | NA | 执行时带有此参数会打印后退出 | + +#### 通过etmem客户端添加或者删除工程/引擎/任务 + +##### 场景描述 + +1)管理员创建etmem的project/engine/task(一个工程可包含多个etmem engine,一个engine可以包含多个任务)。 + +2)管理员删除已有的etmem project/engine/task(删除工程前,会自动先停止该工程中的所有任务)。 + +##### 使用方法 + +在etmemd服务端正常运行后,通过etmem客户端,通过第二个参数指定为obj,来进行创建或删除动作,对project/engine/task则是通过配置文件中配置的内容来进行识别和区分。 + +- 添加对象: + + ```bash + etmem obj add -f /etc/etmem/slide_conf.yaml -s etmemd_socket + ``` + + 或 + + ```bash + etmem obj add --file /etc/etmem/slide_conf.yaml --socket etmemd_socket + ``` + +- 删除对象: + + ```bash + etmem obj del -f /etc/etmem/slide_conf.yaml -s etmemd_socket + ``` + + 或 + + ```bash + etmem obj del --file /etc/etmem/slide_conf.yaml --socket etmemd_socket + ``` + +##### 命令行参数说明 + +| 参数 | 参数含义 | 是否必须 | 是否有参数 | 示例说明 | +| ------------ | ------------------------------------------------------------ | -------- | ---------- | -------------------------------------------------------- | +| -f或\-\-file | 指定对象的配置文件 | 是 | 是 | 需要指定路径名称 | +| -s或\-\-socket | 与etmemd服务端通信的socket名称,需要与etmemd启动时指定的保持一致 | 是 | 是 | 必须配置,在有多个etmemd时,由管理员选择与哪个etmemd通信 | + +#### 通过etmem客户端查询/启动/停止工程 + +##### 场景描述 + +在已经通过`etmem obj add`添加工程之后,在还未调用`etmem obj del`删除工程之前,可以对etmem的工程进行启动和停止。 + +1)管理员启动已添加的工程。 + +2)管理员停止已启动的工程。 + +在管理员调用`obj del`删除工程时,如果工程已经启动,则会自动停止。 + +##### 使用方法 + +对于已经添加成功的工程,可以通过`etmem project`的命令来控制工程的启动和停止,命令示例如下: + +- 查询工程 + + ```bash + etmem project show -n test -s etmemd_socket + ``` + + 或 + + ```bash + etmem project show --name test --socket etmemd_socket + ``` + +- 启动工程 + + ```bash + etmem project start -n test -s etmemd_socket + ``` + + 或 + + ```bash + etmem project start --name test --socket etmemd_socket + ``` + +- 停止工程 + + ```bash + etmem project stop -n test -s etmemd_socket + ``` + + 或 + + ```bash + etmem project stop --name test --socket etmemd_socket + ``` + +- 打印帮助 + + ```bash + etmem project help + ``` + +##### 命令行参数说明 + +| 参数 | 参数含义 | 是否必须 | 是否有参数 | 示例说明 | +| ------------ | ------------------------------------------------------------ | -------- | ---------- | -------------------------------------------------------- | +| -n或\-\-name | 指定project名称 | 是 | 是 | project名称,与配置文件一一对应 | +| -s或\-\-socket | 与etmemd服务端通信的socket名称,需要与etmemd启动时指定的保持一致 | 是 | 是 | 必须配置,在有多个etmemd时,由管理员选择与哪个etmemd通信 | + +#### 通过etmem客户端,支持内存阈值换出以及指定内存换出 + +当前支持的策略中,只有slide策略支持私有的功能特性。 + +- 进程或系统内存阈值换出。 + +为了获得业务的极致性能,需要考虑etmem内存扩展进行内存换出的时机;当系统可用内存足够,系统内存压力不大时,不进行内存交换;当进程占用内存不高时,不进行内存交换;提供系统内存换出阈值控制以及进程内存换出阈值控制。 + +- 进程指定内存换出。 + +在存储环境下,具有IO时延敏感型业务进程,上述进程内存不希望进行换出,因此提供一种机制,由业务指定可换出内存。 + +针对进程或系统内存阈值换出,进程指定内存换出功能,可以在配置文件中添加`sysmem_threshold`,`swap_threshold`,`swap_flag`参数,示例如下,具体含义请参考etmem配置文件说明章节。 + +```sh +#slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +sysmem_threshold=50 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +swap_threshold=10g +swap_flag=yes +``` + +##### 系统内存阈值换出 + +配置文件中`sysmem_threshold`用于指示系统内存阈值换出功能,`sysmem_threshold`取值范围为0-100,如果配置文件中设定了`sysmem_threshold`,那么只有系统内存剩余量低于该比例时,etmem才会触发内存换出流程。 + +示例使用方法如下: + +1. 参考示例编写配置文件,配置文件中填写`sysmem_threshold`参数,例如`sysmem_threshold=20`。 +2. 启动服务端,并通过服务端添加,启动工程。 + + ```bash + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +3. 观察内存换出结果,只有系统可用内存低于20%时,etmem才会触发内存换出。 + +##### 进程内存阈值换出 + +配置文件中`swap_threshold`用于指示进程内存阈值换出功能,`swap_threshold`为进程内存占用量绝对值(格式为"数字+单位g/G"),如果配置文件中设定了`swap_threshold`,那么该进程内存占用量在小于该设定的可用内存量时,etmem不会针对该进程触发换出流程。 + +示例使用方法如下: + +1. 参考示例编写配置文件,配置文件中填写`swap_threshold`参数,例如`swap_threshold=5g`。 +2. 启动服务端,并通过服务端添加,启动工程。 + + ```bash + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +3. 观察内存换出结果,只有进程占用内存绝对值高于5G时,etmem才会触发内存换出。 + +##### 进程指定内存换出 + +配置文件中`swap_flag`用于指示进程指定内存换出功能,`swap_flag`取值仅有两个:`yes/no`,如果配置文件中设定了`swap_flag`为no或者未配置,那么etmem换出功能无变化,如果`swap_flag`设定为yes,那么etmem仅仅换出进程指定的内存。 + +示例使用方法如下: + +1. 参考示例编写配置文件,配置文件中填写`swap_flag`参数,例如`swap_flag=yes`。 +2. 业务进程对需要进行换出的内存打标记。 + + ```bash + madvise(addr_start, addr_len, MADV_SWAPFLAG) + ``` + +3. 启动服务端,并通过服务端添加,启动工程。 + + ```bash + etmemd -l 0 -s monitor_app & + etmem obj add -f etmem_config -s monitor_app + etmem project start -n test -s monitor_app + etmem project show -s monitor_app + ``` + +4. 观察内存换出结果,只有进程打标记的部分内存会被换出,其余内存保留在DRAM中,不会被换出。 + +针对进程指定页面换出的场景中,在原扫描接口`idle_pages`中添加`ioctl`命令字的形式,来确认不带有特定标记的vma不进行扫描与换出操作。 + +扫描管理接口。 + +- 函数原型 + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- 输入参数 + + ```text + 1. fd:文件描述符,通过open调用在/proc/pid/idle_pages下打开文件获得。 + + 2.cmd:控制扫描行为,当前支持如下cmd: + VMA_SCAN_ADD_FLAGS:新增vma指定内存换出标记,仅扫描带有特定标记的VMA。 + VMA_SCAN_REMOVE_FLAGS:删除新增的VMA指定内存换出标记。 + + 3.args:int指针参数,传递具体标记掩码,当前仅支持如下参数: + VMA_SCAN_FLAG:在etmem_scan.ko扫描模块开始扫描前,会调用接口walk_page_test接口判断vma地址是否符合扫描要求,此标记置位时,会仅扫描带有特定换出标记的vma地址段,而忽略其他vma地址。 + ``` + +- 返回值 + + ```text + 1.成功,返回0。 + 2.失败返回非0。 + ``` + +- 注意事项 + + ```text + 所有不支持的标记都会被忽略,但是不会返回错误。 + ``` + +#### 通过etmem客户端,支持swapcache内存回收指令 + +用户态etmem发起内存淘汰回收操作,通过`write procfs`接口与内核态的内存回收模块交互,内存回收模块解析用户态下发的虚拟地址,获取地址对应的page页面,并调用内核原生接口将该page对应内存进行换出回收,在内存换出的过程中,swapcache会占用部分系统内存,为进一步节约内存,添加swapcache内存回收功能。 + +针对swapcache内存回收功能,可以在配置文件中添加`swapcache_high_wmark`,`swapcache_low_wmark`参数。 + +- `swapcache_high_wmark`: swapcache可以占用系统内存的高水位线 +- `swapcache_low_wmark`:swapcache可以占用系统内存的低水位线 + +在etmem进行一轮内存换出后,会进行swapcache占用系统内存比例的检查,当占用比例超过高水位线后,会通过`swap_pages`下发`ioctl`命令,触发swapcache内存回收,并回收到低水位线停止。 + +配置参数示例如下,具体请参考etmem配置文件相关章节: + +```sh +#slide_conf.yaml +[project] +name=test +loop=1 +interval=1 +sleep=1 +swapcache_high_vmark=5 +swapcache_low_vmark=3 + +[engine] +name=slide +project=test + +[task] +project=test +engine=slide +name=background_slide +type=name +value=mysql +T=1 +max_threads=1 +``` + +针对swap换出场景中,需要通过swapcache内存回收进一步节约内存,在原内存换出接口`swap_pages`中通过添加`ioctl`接口的方式,来提供swapcache水线的设定以及swapcache内存占用量回收的启动与关闭。 + +- 函数原型 + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- 输入参数 + + ```text + 1. fd:文件描述符,通过open调用在/proc/pid/idle_pages下打开文件获得。 + + 2.cmd:控制扫描行为,当前支持如下cmd: + RECLAIM_SWAPCACHE_ON:启动swapcache内存换出。 + RECLAIM_SWAPCACHE_OFF:关闭swapcache内存换出。 + SET_SWAPCACHE_WMARK:设定swapcache内存水线。 + + 3.args:int指针参数,传递具体标记掩码,当前仅支持如下参数: + 参数用来传递swapcache水线具体值。 + ``` + +- 返回值 + + ```text + 1.成功,返回0。 + 2.失败返回非0。 + ``` + +- 注意事项 + + ```text + 所有不支持的标记都会被忽略,但是不会返回错误。 + ``` + +#### 通过etmem客户端,执行引擎私有命令或功能 + +当前支持的策略中,只有cslide策略支持私有的命令。 + +- `showtaskpages` +- `showhostpages` + +针对使用此策略引擎的engine和engine所有的task,可以通过这两个命令分别查看task相关的页面访问情况和虚拟机的host上系统大页的使用情况。 + +示例命令如下: + +```bash +etmem engine showtaskpages <-t task_name> -n proj_name -e cslide -s etmemd_socket + +etmem engine showhostpages -n proj_name -e cslide -s etmemd_socket +``` + +**注意** :`showtaskpages`和`showhostpages`仅支持引擎使用cslide的场景。 + +##### 命令行参数说明 + +| 参数 | 参数含义 | 是否必须 | 是否有参数 | 实例说明 | +|----|------|------|-------|------| +|-n或\-\-proj_name| 指定project的名字| 是| 是| 指定已经存在,所需要执行的project的名字| +|-s或\-\-socket| 与etmemd服务端通信的socket名称,需要与etmemd启动时指定的保持一致| 是| 是| 必须配置,在有多个etmemd时,由管理员选择与哪个etmemd通信| +|-e或\-\-engine| 指定执行的引擎的名字| 是| 是| 指定已经存在的,所需要执行的引擎的名字| +|-t或\-\-task_name| 指定执行的任务的名字| 否| 是| 指定已经存在的,所需要执行的任务的名字| + +#### 支持kernel swap功能开启与关闭 + +针对swap换出到磁盘场景,当etmem用于内存扩展时,用户可以选择是否同时开启内核swap功能。用户可以关闭内核原生swap机制,以免原生swap机制换出不应被换出的内存,导致用户态进程出现问题。 + +通过提供sys接口实现上述控制,在`/sys/kernel/mm/swap`目录下创建`kobj`对象,对象名为`kernel_swap_enable`,默认为`true`,用于控制kernel swap的启动与关闭。 + +具体示例如下: + +```sh +#开启kernel swap +echo true > /sys/kernel/mm/swap/kernel_swap_enbale +或者 +echo 1 > /sys/kernel/mm/swap/kernel_swap_enbale + +#关闭kernel swap +echo false > /sys/kernel/mm/swap/kernel_swap_enbale +或者 +echo 0 > /sys/kernel/mm/swap/kernel_swap_enbale + +``` + +#### etmem支持随系统自启动 + +##### 场景描述 + +etmemd支持由用户配置`systemd`配置文件后,以`fork`模式作为`systemd`服务被拉起运行。 + +##### 使用方法 + +编写`service`配置文件,来启动etmemd,必须使用-m参数来指定此模式,例如: + +```bash +etmemd -l 0 -s etmemd_socket -m +``` + +##### 命令行参数说明 + +| 参数 | 参数含义 | 是否必须 | 是否有参数 | 参数范围 | 实例说明 | +|----------------|------------|------|-------|------|-----------| +| -l或\-\-log-level | etmemd日志级别 | 否 | 是 | 0~3 | 0:debug级别;1:info级别;2:warning级别;3:error级别;只有大于等于配置的级别才会打印到/var/log/message文件中| +| -s或\-\-socket |etmemd监听的名称,用于与客户端交互 | 是 | 是| 107个字符之内的字符串| 指定服务端监听的名称| +|-m或\-\-mode-systemctl | etmemd作为service被拉起时,命令中需要指定此参数来支持 | 否 | 否 | NA | NA | +| -h或\-\-help | 帮助信息 | 否 |否 |NA |执行时带有此参数会打印后退出| + +#### etmem支持第三方内存扩展策略 + +##### 场景描述 + +etmem支持用户注册第三方内存扩展策略,同时提供扫描模块动态库,运行时通过第三方策略淘汰算法淘汰内存。 + +用户使用etmem所提供的扫描模块动态库并实现对接etmem所需要的结构体中的接口。 + +##### 使用方法 + +用户使用自己实现的第三方扩展淘汰策略,主要需要按下面步骤进行实现和操作: + +1. 按需调用扫描模块提供的扫描接口。 + +2. 按照etmem头文件中提供的函数模板来实现各个接口,最终封装成结构体。 + +3. 编译出第三方扩展淘汰策略的动态库。 + +4. 在配置文件中按要求声明类型为thirdparty的engine。 + +5. 将动态库的名称和接口结构体的名称按要求填入配置文件中task对应的字段。 + +其他操作步骤与使用etmem的其他engine类似。 + +接口结构体模板。 + +```c +struct engine_ops { + +/* 针对引擎私有参数的解析,如果有,需要实现,否则置NULL */ + +int (*fill_eng_params)(GKeyFile *config, struct engine *eng); + +/* 针对引擎私有参数的清理,如果有,需要实现,否则置NULL */ + +void (*clear_eng_params)(struct engine *eng); + +/* 针对任务私有参数的解析,如果有,需要实现,否则置NULL */ + +int (*fill_task_params)(GKeyFile *config, struct task *task); + +/* 针对任务私有参数的清理,如果有,需要实现,否则置NULL */ + +void (*clear_task_params)(struct task *tk); + +/* 启动任务的接口 */ + +int (*start_task)(struct engine *eng, struct task *tk); + +/* 停止任务的接口 */ + +void (*stop_task)(struct engine *eng, struct task *tk); + +/* 填充pid相关私有参数 */ + +int (*alloc_pid_params)(struct engine *eng, struct task_pid **tk_pid); + +/* 销毁pid相关私有参数 */ + +void (*free_pid_params)(struct engine *eng, struct task_pid **tk_pid); + +/* 第三方策略自身所需要的私有命令支持,如果没有,置为NULL */ + +int (*eng_mgt_func)(struct engine *eng, struct task *tk, char *cmd, int fd); + +}; +``` + +扫描模块对外接口说明: + +| 接口名称 |接口描述| +| ------------ | --------------------- | +| etmemd_scan_init | scan模块初始化| +| etmemd_scan_exit | scan模块析构| +| etmemd_get_vmas | 获取需要扫描的vma| +| etmemd_free_vmas | 释放etmemd_get_vmas扫描到的vma| +| etmemd_get_page_refs | 扫描vmas中的页面| +| etmemd_free_page_refs | 释放etmemd_get_page_refs获取到的页访问信息链表| + +针对扫描虚拟机的场景中,在原扫描接口`idle_pages`中添加`ioctl`接口的方式,来提供区分扫描`ept`的粒度和是否忽略host上页访问标记的机制。 + +针对进程指定页面换出的场景中,在原扫描接口`idle_pages`中添加`ioctl`命令字的形式,来确认不带有特定标记的vma不进行扫描和换出操作。 + +扫描管理接口: + +- 函数原型 + + ```c + ioctl(fd, cmd, void *arg); + ``` + +- 输入参数 + + ```text + 1. fd:文件描述符,通过open调用在/proc/pid/idle_pages下打开文件获得。 + + 2.cmd:控制扫描行为,当前支持如下cmd: + IDLE_SCAN_ADD_FLAG:新增一个扫描标记。 + IDLE_SCAM_REMOVE_FLAGS:删除一个扫描标记。 + VMA_SCAN_ADD_FLAGS:新增vma指定内存换出标记,仅扫描带有特定标记的VMA。 + VMA_SCAN_REMOVE_FLAGS:删除新增的VMA指定内存换出标记。 + + 3.args:int指针参数,传递具体标记掩码,当前仅支持如下参数: + SCAN_AS_HUGE:扫描ept页表时,按照2M大页粒度扫描页是否被访问过。此标记未置位时,按照ept页表自身粒度扫描。 + SCAN_IGN_HUGE:扫描虚拟机时,忽略host侧页表上的访问标记。此标记未置位时,不会忽略host侧页表上的访问标记。 + VMA_SCAN_FLAG:在etmem_scan.ko扫描模块开始扫描前,会调用接口walk_page_test接口判断vma地址是否符合扫描要求,此标记置位时,会仅扫描带有特定换出标记的vma地址段,而忽略其他vma地址。 + ``` + +- 返回值 + + ```text + 1.成功,返回0。 + 2.失败返回非0。 + ``` + +- 注意事项 + + ```text + 所有不支持的标记都会被忽略,但是不会返回错误。 + ``` + +配置文件示例如下所示,具体含义请参考配置文件说明章节: + +```sh +#thirdparty +[engine] + +name=thirdparty + +project=test + +eng_name=my_engine + +libname=/user/lib/etmem_fetch/code_test/my_engine.so + +ops_name=my_engine_ops + +engine_private_key=engine_private_value + +[task] + +project=test + +engine=my_engine + +name=background1 + +type=pid + +value=1798245 + +task_private_key=task_private_value +``` + + **注意** : + +用户需使用etmem所提供的扫描模块动态库并实现对接etmem所需要的结构体中的接口。 + +`eng_mgt_func`接口中的`fd`不能写入`0xff`和`0xfe`字。 + +支持在一个工程内添加多个不同的第三方策略动态库,以配置文件中的`eng_name`来区分。 + +#### etmem客户端和服务端帮助说明 + +通过下列命令可以打印etmem服务端帮助说明。 + +```bash +etmemd -h +``` + +或 + +```bash +etmemd --help +``` + +通过下列命令可以打印etmem客户端帮助说明。 + +```bash +etmem help +``` + +通过下列命令可以打印etmem客户端操作工程/引擎/任务相关帮助说明。 + +```bash +etmem obj help +``` + +通过下列命令可以打印etmem客户端对项目相关帮助说明。 + +```bash +etmem project help +``` + +### 参与贡献 + +1. Fork本仓库。 +2. 新建个人分支。 +3. 提交代码。 +4. 新建Pull Request。 diff --git "a/docs/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" "b/docs/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" index c188c85f00a982221fcea0078575219d7abac7ce..11107093f68fee061938f223ca3c907bff3a4945 100644 --- "a/docs/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" +++ "b/docs/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" @@ -2,9 +2,10 @@ DNF是一款Linux软件包管理工具,用于管理RPM软件包。DNF可以查询软件包信息,从指定软件库获取软件包,自动处理依赖关系以安装或卸载软件包,以及更新系统到最新可用版本。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->- DNF与YUM完全兼容,提供了YUM兼容的命令行以及为扩展和插件提供的API。 ->- 使用DNF需要管理员权限,本章所有命令需要在管理员权限下执行。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- DNF与YUM完全兼容,提供了YUM兼容的命令行以及为扩展和插件提供的API。 +>- 使用DNF需要管理员权限,本章所有命令需要在管理员权限下执行。 - [使用DNF管理软件包](#使用dnf管理软件包) @@ -33,17 +34,15 @@ DNF是一款Linux软件包管理工具,用于管理RPM软件包。DNF可以查 ## 配置DNF - - ### DNF配置文件 DNF 的主要配置文件是 /etc/dnf/dnf.conf,该文件包含两部分: -- “main”部分保存着DNF的全局设置。 +- “main”部分保存着DNF的全局设置。 -- “repository”部分保存着软件源的设置,可以有一个或多个“repository”。 +- “repository”部分保存着软件源的设置,可以有零个或多个“repository”。 -另外,在/etc/yum.repos.d 目录中保存着一个或多个repo源相关文件,它们也可以定义不同的“repository”。 +另外,在/etc/yum.repos.d 目录中保存着零个或多个repo源相关文件,它们也可以定义不同的“repository”。 所以openEuler软件源的配置一般有两种方式,一种是直接配置/etc/dnf/dnf.conf文件中的“repository”部分,另外一种是在/etc/yum.repos.d目录下增加.repo文件。 @@ -51,12 +50,13 @@ DNF 的主要配置文件是 /etc/dnf/dnf.conf,该文件包含两部分: /etc/dnf/dnf.conf 文件包含的“main”部分,配置示例如下: -``` +```sh [main] gpgcheck=1 installonly_limit=3 clean_requirements_on_remove=True best=True +skip_if_unavailable=False ``` 常用选项说明: @@ -82,7 +82,7 @@ best=True

debuglevel

设置dnf生成的debug信息。取值范围:[0-10],数值越大会输出越详细的debug信息。默认值为2,设置为0表示不输出debug信息。

+

设置DNF生成的debug信息。取值范围:[0-10],数值越大会输出越详细的debug信息。默认值为2,设置为0表示不输出debug信息。

clean_requirements_on_remove

@@ -107,7 +107,7 @@ best=True

plugins

可选值1和0,表示启用或禁用dnf插件。默认值为1,表示启用dnf插件。

+

可选值1和0,表示启用或禁用DNF插件。默认值为1,表示启用DNF插件。

installonly_limit

@@ -115,6 +115,11 @@ best=True

设置可以同时安装“installonlypkgs”指令列出包的数量。默认值为3,不建议降低此值。

skip_if_unavailable

+

可选值True和False,用来控制元数据仓库不可用时的行为。默认值为False,当元数据仓库不可用时会停止存储并报错。

+
@@ -122,22 +127,23 @@ best=True repository部分允许您定义定制化的openEuler软件源仓库,各个仓库的名称不能相同,否则会引起冲突。配置repository部分有两种方式,一种是直接配置/etc/dnf/dnf.conf文件中的“repository”部分,另外一种是配置/etc/yum.repos.d目录下的.repo文件。 -- 直接配置/etc/dnf/dnf.conf文件中的“repository”部分 +- 直接配置/etc/dnf/dnf.conf文件中的“repository”部分 下面是\[repository\]部分的一个最小配置示例: - ``` + ```sh [repository] name=repository_name baseurl=repository_url ``` - >![](./public_sys-resources/icon-note.gif) **说明:** - >openEuler提供在线的镜像源,地址:[https://repo.openeuler.org/](https://repo.openeuler.org/)。以 openEuler 20.03的aarch64版本为例,baseurl可配置为[https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/](https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/)。 + >![](./public_sys-resources/icon-note.gif) **说明:** + >openEuler提供在线的镜像源,地址:[https://repo.openeuler.org/](https://repo.openeuler.org/)。以 openEuler 20.03 的aarch64版本为例,baseurl可配置为[https://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/](https://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/)。 选项说明: **表 2** repository参数说明 +

参数

说明

@@ -158,75 +164,71 @@ repository部分允许您定义定制化的openEuler软件源仓库,各个仓
+- 配置/etc/yum.repos.d目录下的.repo文件 -- 配置/etc/yum.repos.d目录下的.repo文件 - - openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](./../Releasenotes/系统安装.md),以AArch64架构的OS repo源为例。使用root权限在openEuler_aarch64.repo文件中添加openEuler repo源,示例如下: + openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](./../Releasenotes/系统安装.md),使用管理员权限添加openEuler repo源,示例如下: - ``` - # vi /etc/yum.repos.d/openEuler_aarch64.repo + ```sh + # vi /etc/yum.repos.d/openEuler.repo ``` - ``` - [osrepo] - name=osrepo - baseurl=https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/ + ```sh + [OS] + name=openEuler-$releasever - OS + baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/ enabled=1 gpgcheck=1 - gpgkey=https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler - + gpgkey=https://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler ``` - >![](./public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** + > - basearch为系统硬件架构(CPU指令集),使用命令arch得到。系统硬件架构有aarch64,x86_64等。当前openEuler系统repo源中支持aarch64和x86_64。 > - enabled为是否启用该软件源仓库,可选值为1和0。默认值为1,表示启用该软件源仓库。 - > - gpgkey为验证签名用的公钥。 - + > - gpgkey为验证签名用的公钥。 #### 显示当前配置 -- 要显示当前的配置信息: +- 要显示当前的配置信息: - ``` + ```sh dnf config-manager --dump ``` -- 要显示相应软件源的配置,首先查询repo id: +- 要显示相应软件源的配置,首先查询repo id: - ``` + ```sh dnf repolist ``` 然后执行如下命令,显示对应id的软件源配置,其中 _repository_ 为查询得到的repo id: - ``` + ```sh dnf config-manager --dump repository ``` -- 您也可以使用一个全局正则表达式,来显示所有匹配部分的配置: +- 您也可以使用一个全局正则表达式,来显示所有匹配部分的配置: - ``` + ```sh dnf config-manager --dump glob_expression ``` - ### 创建本地软件源仓库 要建立一个本地软件源仓库,请按照下列步骤操作。 -1. 安装createrepo软件包。在root权限下执行如下命令: +1. 安装createrepo软件包。在root权限下执行如下命令: - ``` + ```sh dnf install createrepo ``` -2. 将需要的软件包复制到一个目录下,如/mnt/local\_repo/ 。 -3. 创建软件源,执行以下命令: +2. 将需要的软件包复制到一个目录下,如/mnt/local\_repo/ 。 +3. 创建软件源,执行以下命令: - ``` + ```sh createrepo --database /mnt/local_repo ``` - ### 添加、启用和禁用软件源 本节将介绍如何通过“dnf config-manager”命令添加、启用和禁用软件源仓库。 @@ -235,9 +237,9 @@ repository部分允许您定义定制化的openEuler软件源仓库,各个仓 要定义一个新的软件源仓库,您可以在 /etc/dnf/dnf.conf 文件中添加“repository”部分,或者在/etc/yum.repos.d/目录下添加“.repo”文件进行说明。建议您通过添加“.repo”的方式,每个软件源都有自己对应的“.repo”文件,以下介绍该方式的操作方法。 -要在您的系统中添加一个这样的源,请在root权限下执行如下命令,执行完成之后会在/etc/yum.repos.d/目录下生成对应的repo文件。其中 _repository\_url_ 为repo源地址,详情请参见[表2](#zh-cn_topic_0151921080_t2df9dceb0ff64b2f8db8ec5cd779792a)。 +要在您的系统中添加一个这样的源,请在root权限下执行如下命令,执行完成之后会在/etc/yum.repos.d/目录下生成对应的repo文件。其中 _repository\_url_ 为repo源地址,详情请参见[表2](#zh-cn_topic_0151921080_t7c83ace02ab94e9986c0684f417e3436)。 -``` +```sh dnf config-manager --add-repo repository_url ``` @@ -245,13 +247,13 @@ dnf config-manager --add-repo repository_url 要启用软件源,请在root权限下执行如下命令,其中 _repository_ 为新增.repo文件中的repo id(可通过dnf repolist查询): -``` +```sh dnf config-manager --set-enable repository ``` 您也可以使用一个全局正则表达式,来启用所有匹配的软件源。其中 _glob\_expression_ 为对应的正则表达式,用于同时匹配多个repo id: -``` +```sh dnf config-manager --set-enable glob_expression ``` @@ -259,13 +261,13 @@ dnf config-manager --set-enable glob_expression 要禁用软件源,请在root权限下执行如下命令: -``` +```sh dnf config-manager --set-disable repository ``` 同样的,您也可以使用一个全局正则表达式来禁用所有匹配的软件源: -``` +```sh dnf config-manager --set-disable glob_expression ``` @@ -277,13 +279,13 @@ dnf config-manager --set-disable glob_expression 您可以使用rpm包名称、缩写或者描述搜索需要的RPM包,使用命令如下: -``` +```sh dnf search term ``` 示例如下: -``` +```sh $ dnf search httpd ========================================== N/S matched: httpd ========================================== httpd.aarch64 : Apache HTTP Server @@ -299,19 +301,19 @@ mod_dav_svn.aarch64 : Apache httpd module for Subversion server 要列出系统中所有已安装的以及可用的RPM包信息,使用命令如下: -``` +```sh dnf list all ``` 要列出系统中特定的RPM包信息,使用命令如下: -``` +```sh dnf list glob_expression... ``` 示例如下: -``` +```sh $ dnf list httpd Available Packages httpd.aarch64 2.4.34-8.h5.oe1 Local @@ -321,13 +323,13 @@ httpd.aarch64 2.4.34-8.h5.oe1 Local 要显示一个或者多个RPM包信息,使用命令如下: -``` -dnf info package_name... +```sh +dnf info package_name ... ``` 例如搜索,命令如下: -``` +```sh $ dnf info httpd Available Packages Name : httpd @@ -347,42 +349,42 @@ Description : The Apache HTTP Server is a powerful, efficient, and extensible 要安装一个软件包及其所有未安装的依赖,请在root权限下执行如下命令: -``` +```sh dnf install package_name ``` 您也可以通过添加软件包名字同时安装多个软件包。配置文件/etc/dnf/dnf.conf添加参数strict=False,运行dnf命令参数添加\-\-setopt=strict=0。请在root权限下执行如下命令: -``` +```sh dnf install package_name package_name... --setopt=strict=0 ``` 示例如下: -``` +```sh # dnf install httpd ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >安装RPM包过程中,若出现安装失败,可参考[安装时出现软件包冲突、文件冲突或缺少软件包导致安装失败](./FAQ-54.html#安装时出现软件包冲突文件冲突或缺少软件包导致安装失败)。 ### 下载软件包 使用dnf下载软件包,请在root权限下输入如下命令: -``` +```sh dnf download package_name ``` 如果需要同时下载未安装的依赖,则加上\-\-resolve,使用命令如下: -``` +```sh dnf download --resolve package_name ``` 示例如下: -``` +```sh # dnf download --resolve httpd ``` @@ -390,31 +392,31 @@ dnf download --resolve package_name 要卸载软件包以及相关的依赖软件包,请在root权限下执行如下命令: -``` +```sh dnf remove package_name... ``` 示例如下: -``` +```sh # dnf remove totem ``` ## 管理软件包组 -软件包集合是服务于一个共同的目的一组软件包,例如系统工具集等。使用dnf可以对软件包组进行安装/删除等操作,使相关操作更高效。 +软件包组是服务于一个共同的目的一组软件包,例如系统工具集等。使用dnf可以对软件包组进行安装/删除等操作,使相关操作更高效。 ### 列出软件包组清单 使用summary参数,可以列出系统中所有已安装软件包组、可用的组,可用的环境组的数量,命令如下: -``` +```sh dnf groups summary ``` 使用示例如下: -``` +```sh # dnf groups summary Last metadata expiration check: 0:11:56 ago on Sat 17 Aug 2019 07:45:14 PM CST. Available Groups: 8 @@ -422,13 +424,13 @@ Available Groups: 8 要列出所有软件包组和它们的组ID ,命令如下: -``` +```sh dnf group list ``` 使用示例如下: -``` +```sh # dnf group list Last metadata expiration check: 0:10:32 ago on Sat 17 Aug 2019 07:45:14 PM CST. Available Environment Groups: @@ -451,13 +453,13 @@ Available Groups: 要列出包含在一个软件包组中必须安装的包和可选包,使用命令如下: -``` +```sh dnf group info glob_expression... ``` 例如显示Development Tools信息,示例如下: -``` +```sh # dnf group info "Development Tools" Last metadata expiration check: 0:14:54 ago on Wed 05 Jun 2019 08:38:02 PM CST. @@ -481,21 +483,21 @@ Group: Development Tools 要安装一个软件包组,请在root权限下执行如下命令: -``` +```sh dnf group install group_name ``` -``` +```sh dnf group install groupid ``` 例如安装Development Tools相应的软件包组,命令如下: -``` +```sh # dnf group install "Development Tools" ``` -``` +```sh # dnf group install development ``` @@ -503,21 +505,21 @@ dnf group install groupid 要卸载软件包组,您可以使用软件包组名称或它的ID,在root权限下执行如下命令: -``` +```sh dnf group remove group_name ``` -``` +```sh dnf group remove groupid ``` 例如删除Development Tools相应的软件包组,命令如下: -``` +```sh # dnf group remove "Development Tools" ``` -``` +```sh # dnf group remove development ``` @@ -529,13 +531,13 @@ dnf可以检查您的系统中是否有软件包需要更新。您可以通过dn 如果您需要显示当前系统可用的更新,使用命令如下: -``` +```sh dnf check-update ``` -使用实例如下: +使用示例如下: -``` +```sh # dnf check-update Last metadata expiration check: 0:02:10 ago on Sun 01 Sep 2019 11:28:07 PM CST. @@ -555,13 +557,13 @@ bind-utils.aarch64 32:9.9.4-29.3 updates 如果您需要升级单个软件包,在root权限下执行如下命令: -``` +```sh dnf update package_name ``` 例如升级rpm包,示例如下: -``` +```sh # dnf update anaconda-gui.aarch64 Last metadata expiration check: 0:02:10 ago on Sun 01 Sep 2019 11:30:27 PM CST. Dependencies Resolved @@ -585,7 +587,7 @@ Is this ok [y/N]: 类似的,如果您需要升级软件包组,在root权限下执行如下命令: -``` +```sh dnf group update group_name ``` @@ -593,6 +595,6 @@ dnf group update group_name 要更新所有的包和它们的依赖,在root权限下执行如下命令: -``` +```sh dnf update ``` diff --git "a/docs/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" "b/docs/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" index 5a7894aa18b1e16fea8509629a328ed1b197ae15..26e3d48cbb16de88031904c179dd9f25c1589eaf 100644 --- "a/docs/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" +++ "b/docs/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" @@ -24,12 +24,11 @@ KAE加速引擎为openEuler的一个软件加速库,搭载在Kunpeng 920处理 KAE加速引擎支持以下算法: -- 摘要算法SM3, 支持异步模式。 -- 对称加密算法SM4,支持异步模式,支持CTR/XTS/CBC模式。 - -- 对称加密算法AES, 支持异步模式,支持ECB/CTR/XTS/CBC模式。 -- 非对称算法RSA,支持异步模式,支持 Key Sizes 1024/2048/3072/4096。 -- 密钥协商算法DH, 支持异步模式,支持 Key Sizes 768/1024/1536/2048/3072/4096。 +- 摘要算法SM3,支持异步模式。 +- 对称加密算法SM4,支持异步模式,支持CTR/XTS/CBC模式。 +- 对称加密算法AES,支持异步模式,支持ECB/CTR/XTS/CBC模式。 +- 非对称算法RSA,支持异步模式,支持 Key Sizes 1024/2048/3072/4096。 +- 密钥协商算法DH,支持异步模式,支持 Key Sizes 768/1024/1536/2048/3072/4096。 ## 应用场景 @@ -69,23 +68,21 @@ KAE加速引擎主要有以下应用场景,如[表1](#table11915824163418)所 ## 安装、升级和卸载 - - ### 安装加速器软件包 - #### 安装前准备 ##### 环境要求 -- TaiShan 200服务器,开启加速引擎功能 +- TaiShan 200服务器,开启加速引擎功能。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->- 需要导入加速器许可证,具体操作请参考《[TaiShan 机架服务器 iBMC \(V500及以上\) 用户指南](https://support.huawei.com/enterprise/zh/doc/EDOC1100121687)》中“许可证管理”章节。 ->- 物理机场景使用加速器需要关闭SMMU,具体操作请参考《[TaiShan 200服务器BIOS参数参考](https://support.huawei.com/enterprise/zh/doc/EDOC1100088653)》。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 需要导入加速器许可证,具体操作请参考《[TaiShan 机架服务器 iBMC \(V500及以上\) 用户指南](https://support.huawei.com/enterprise/zh/doc/EDOC1100121687)》中“许可证管理”章节。 +>- 物理机场景使用加速器需要关闭SMMU,具体操作请参考《[TaiShan 200服务器BIOS参数参考](https://support.huawei.com/enterprise/zh/doc/EDOC1100088653)》。 -- CPU:Kunpeng 920 -- 操作系统:openEuler-20.03-LTS-aarch64-dvd.iso +- CPU:Kunpeng 920。 +- 操作系统:openEuler-20.03-LTS-SP4-aarch64-dvd.iso。 ##### KAE加速引擎软件说明 @@ -124,31 +121,30 @@ KAE加速引擎主要有以下应用场景,如[表1](#table11915824163418)所 ##### 前提条件 -- 已在本地安装远程SSH登录工具 -- 已安装openEuler操作系统 -- RPM工具能正常使用。 -- 已安装OpenSSL 1.1.1a或以上版本。 +- 已在本地安装远程SSH登录工具。 +- 已安装openEuler操作系统。 +- RPM工具能正常使用。 +- 已安装OpenSSL 1.1.1a或以上版本。 使用如下命令查询OpenSSL的版本号 - - openssl version - + - openssl version。 ##### 安装步骤 -1. 以root帐号登录openEuler OS命令行界面。 -2. 新建目录用于存放加速器引擎软件包。 -3. 使用SSH远程登录工具,将所有加速引擎软件包拷贝到已建好的目录下。 -4. 在存放加速引擎软件包目录下,使用rpm -ivh命令安装加速器引擎软件包。 +1. 以root帐号登录openEuler OS命令行界面。 +2. 新建目录用于存放加速器引擎软件包。 +3. 使用SSH远程登录工具,将所有加速引擎软件包拷贝到已建好的目录下。 +4. 在存放加速引擎软件包目录下,使用rpm -ivh命令安装加速器引擎软件包。 - >![](./public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >由于libkae包的安装依赖libwd包,所以libwd的安装必须先于libkae。 - ``` + ```sh rpm -ivh uacce*.rpm hisi*.rpm libwd-*.rpm libkae*.rpm ``` - ``` + ```sh Verifying... ################################# [100%] Preparing... ################################# [100%] checking installed modules @@ -176,13 +172,13 @@ KAE加速引擎主要有以下应用场景,如[表1](#table11915824163418)所 hisi_zip modules installed ``` -5. 使用rpm -qa命令,查看加速器软件包是否已正常安装到系统内。使用rpm -ql命令 ,查看软件包的文件是否正确。示例如下。 +5. 使用rpm -qa命令,查看加速器软件包是否已正常安装到系统内。使用rpm -ql命令 ,查看软件包的文件是否正确。示例如下。 - ``` + ```sh rpm -qa|grep -E "hisi|uacce|libwd|libkae" ``` - ``` + ```sh hisi_rde-1.2.10-4.oe1.aarch64 hisi_sec2-1.2.10-4.oe1.aarch64 libkae-1.2.10-3.oe1.aarch64 @@ -192,11 +188,11 @@ KAE加速引擎主要有以下应用场景,如[表1](#table11915824163418)所 hisi_zip-1.2.10-4.oe1.aarch64 ``` - ``` + ```sh rpm -ql uacce hisi* libwd* libkae ``` - ``` + ```sh /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/hisi_qm.ko /lib/modules/4.19.90-2003.4.0.0036.oe1.aarch64/extra/uacce.ko /etc/modprobe.d/hisi_hpre.conf @@ -221,9 +217,9 @@ KAE加速引擎主要有以下应用场景,如[表1](#table11915824163418)所 /usr/local/lib/engines-1.1/libkae.so.1.2.10 ``` -6. 重启系统或通过命令行手动依次加载加速器引擎驱动到内核,并查看是否加载成功。 +6. 重启系统或通过命令行手动依次加载加速器引擎驱动到内核,并查看是否加载成功。 - ``` + ```sh # modprobe uacce # lsmod | grep uacce # modprobe hisi_qm @@ -233,12 +229,11 @@ KAE加速引擎主要有以下应用场景,如[表1](#table11915824163418)所 # modprobe hisi_hpre #加载hisi_hpre驱动时将根据/etc/modprobe.d/hisi_hpre.conf 下的配置文件加载到内核 ``` - ##### 设置环境变量 通过以下命令导出环境变量:如果用户指定安装路径,则下面/usr/local应根据实际安装路径进行修改。 -``` +```sh export OPENSSL_ENGINES=/usr/local/lib/engines-1.1 ``` @@ -248,11 +243,11 @@ export OPENSSL_ENGINES=/usr/local/lib/engines-1.1 打印信息中包含“ _软件包名-版本号-_ ”表示该软件包安装成功。示例如下。 -``` +```sh rpm -qa|grep -E "hisi|uacce|libwd|libkae" ``` -``` +```sh hisi_rde-1.2.10-4.oe1.aarch64 hisi_sec2-1.2.10-4.oe1.aarch64 libkae-1.2.10-3.oe1.aarch64 @@ -263,57 +258,56 @@ hisi_zip-1.2.10-4.oe1.aarch64 ``` #### 安装后操作 + ##### OpenSSL加速器引擎测试 用户可以通过以下命令测试部分加速器功能。 -- 使用OpenSSL的软件算法测试RSA性能。 +- 使用OpenSSL的软件算法测试RSA性能。 - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed rsa2048 ... sign verify sign/s verify/s rsa 2048 bits 0.001384s 0.000035s 724.1 28365.8. ``` -- 使用KAE引擎的测试RSA性能。 +- 使用KAE引擎的测试RSA性能。 - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -engine kae rsa2048 .... sign verify sign/s verify/s rsa 2048 bits 0.000355s 0.000022s 2819.0 45478.4 ``` - ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >使用KAE引擎加速后签名性能从724.1 sign/s提升到2819sign/s。 -- 使用OpenSSL的软件算法测试异步RSA性能。 +- 使用OpenSSL的软件算法测试异步RSA性能。 - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -async_jobs 36 rsa2048 .... sign verify sign/s verify/s rsa 2048 bits 0.001318s 0.000032s 735.7 28555 ``` -- 使用KAE引擎的测试异步RSA性能。 +- 使用KAE引擎的测试异步RSA性能。 - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -engine kae -elapsed -async_jobs 36 rsa2048 .... sign verify sign/s verify/s rsa 2048 bits 0.000018s 0.000009s 54384.1 105317.0 ``` - ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >使用KAE引擎加速后异步RSA签名性能从735.7 sign/s提升到 54384.1sign/s。 -- 使用OpenSSL的软件算法测试SM4 CBC模式性能。 +- 使用OpenSSL的软件算法测试SM4 CBC模式性能。 - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp sm4-cbc You have chosen to measure elapsed time instead of user CPU time. .... @@ -322,9 +316,9 @@ hisi_zip-1.2.10-4.oe1.aarch64 sm4-cbc 82312.53k 85196.80k 85284.18k 85000.85k 85284.18k 85261.26k ``` -- 使用KAE引擎的测试SM4 CBC模式性能。 +- 使用KAE引擎的测试SM4 CBC模式性能。 - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -engine kae -evp sm4-cbc engine "kae" set. You have chosen to measure elapsed time instead of user CPU time. @@ -335,13 +329,12 @@ hisi_zip-1.2.10-4.oe1.aarch64 sm4-cbc 383317.33k 389427.20k 395313.15k 392954.73k 394264.58k 394264.58k ``` - ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >使用KAE加速后SM4 CBC模式在输入数据块大小为8M时,从82312.53k/s提升到383317.33k/s。 -- 使用OpenSSL的软件算法测试SM3模式性能。 +- 使用OpenSSL的软件算法测试SM3模式性能。 - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp sm3 You have chosen to measure elapsed time instead of user CPU time. Doing sm3 for 3s on 102400 size blocks: 1536 sm3's in 3.00s @@ -350,9 +343,9 @@ hisi_zip-1.2.10-4.oe1.aarch64 sm3 50568.53k 52428.80k 52428.80k 52428.80k 52428.80k 52428.80k ``` -- 使用KAE引擎测试SM3模式性能。 +- 使用KAE引擎测试SM3模式性能。 - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -engine kae -evp sm3 engine "kae" set. You have chosen to measure elapsed time instead of user CPU time. @@ -362,13 +355,12 @@ hisi_zip-1.2.10-4.oe1.aarch64 sm3 648243.20k 666965.33k 677030.57k 678778.20k 676681.05k 668292.44k ``` +>![](./public_sys-resources/icon-note.gif) **说明:** +>使用KAE加速后,在输入数据块大小为8M场景时,SM3算法从52428.80 k/s提升到668292.44k/s。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->使用KAE加速后SM3算法在输入数据块大小为8M时,从52428.80 k/s提升到668292.44k/s。 - -- 使用OpenSSL软件算法测试AES算法CBC模式异步性能。 +- 使用OpenSSL软件算法测试AES算法CBC模式异步性能。 - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp aes-128-cbc -async_jobs 4 You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-cbc for 3s on 51200 size blocks: 65773 aes-128-cbc's in 3.00s @@ -378,9 +370,9 @@ hisi_zip-1.2.10-4.oe1.aarch64 aes-128-cbc 1122525.87k 1123328.00k 1120578.22k 1121277.27k 1119879.17k 1115684.86k ``` -- 使用的KEA引擎测试AES算法CBC模式异步性能。 +- 使用的KEA引擎测试AES算法CBC模式异步性能。 - ``` + ```sh linux-rmw4:/usr/local/bin # ./openssl speed -elapsed -evp aes-128-cbc -async_jobs 4 -engine kae engine "kae" set. You have chosen to measure elapsed time instead of user CPU time. @@ -391,10 +383,10 @@ hisi_zip-1.2.10-4.oe1.aarch64 aes-128-cbc 3747037.87k 3996774.40k 1189085.18k 1196774.74k 1196979.11k 1199570.94k ``` - ->![](./public_sys-resources/icon-note.gif) **说明:** ->- AES仅支持数据长度为256KB及以下场景的异步使用。 ->- 使用KAE加速后AES算法在输入数据块为100K大小时,从1123328.00k/s提升到3996774.40 k/s 。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- AES仅支持数据长度为256KB及以下场景的异步使用。 +>- 使用KAE加速后AES算法在输入数据块为100K大小时,从1123328.00k/s提升到3996774.40 k/s 。 ### 升级加速器软件包 @@ -404,10 +396,10 @@ hisi_zip-1.2.10-4.oe1.aarch64 #### 操作步骤 -1. 从openEuler社区下载最新版本的加速引擎软件包。 -2. 使用SSH远程登录工具,以root帐号进入Linux操作系统命令行界面。 -3. 将下载下来的最新版本的软件包都放在某个路径下。 -4. 在存放软件包的路径下使用rpm -Uvh 命令升级加速器驱动包及引擎库包。示例如下。 +1. 从openEuler社区下载最新版本的加速引擎软件包。 +2. 使用SSH远程登录工具,以root帐号进入Linux操作系统命令行界面。 +3. 将下载下来的最新版本的软件包都放在某个路径下。 +4. 在存放软件包的路径下使用rpm -Uvh 命令升级加速器驱动包及引擎库包。示例如下。 命令和信息回显如下所示。 @@ -415,15 +407,15 @@ hisi_zip-1.2.10-4.oe1.aarch64 ![](./figures/zh-cn_image_0231143191.png) -5. 使用rpm -qa 命令查询是否升级成功。确认查询到的版本是最新的升级后版本。 +5. 使用rpm -qa 命令查询是否升级成功。确认查询到的版本是最新的升级后版本。 ![](./figures/zh-cn_image_0231143193.png) ![](./figures/zh-cn_image_0231143195.png) -6. 重启系统或通过命令行手动卸载旧版本驱动,然后加载新版本驱动,并查看是否加载成功 +6. 重启系统或通过命令行手动卸载旧版本驱动,然后加载新版本驱动,并查看是否加载成功。 - ``` + ```sh 卸载旧驱动 # lsmod | grep uacce uacce 262144 3 hisi_hpre,hisi_sec2,hisi_qm @@ -441,7 +433,6 @@ hisi_zip-1.2.10-4.oe1.aarch64 uacce 36864 3 hisi_sec2,hisi_qm,hisi_hpre ``` - ### 卸载加速器软件包 #### 使用场景 @@ -450,10 +441,10 @@ hisi_zip-1.2.10-4.oe1.aarch64 #### 操作步骤 -1. 使用SSH远程登录工具,以root帐号进入Linux操作系统命令行界面。 -2. 重启系统或通过命令行手动将已加载到内核的驱动卸载掉,并查看是否卸载成功。 +1. 使用SSH远程登录工具,以root帐号进入Linux操作系统命令行界面。 +2. 重启系统或通过命令行手动将已加载到内核的驱动卸载掉,并查看是否卸载成功。 - ``` + ```sh # lsmod | grep uacce uacce 36864 3 hisi_sec2,hisi_qm,hisi_hpre # rmmod hisi_hpre @@ -464,23 +455,22 @@ hisi_zip-1.2.10-4.oe1.aarch64 # ``` -3. 通过rpm -e 命令卸载加速引擎软件包。示例如下。 +3. 通过rpm -e 命令卸载加速引擎软件包,示例如下: - >![](./public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >由于存在依赖关系,卸载libwd前须先卸载libkae引擎软件包。 ![](./figures/zh-cn_image_0231143196.png) ![](./figures/zh-cn_image_0231143197.png) -4. 使用rpm -qa |grep 软件包名命令查询是否卸载成功。 +4. 使用rpm -qa |grep 软件包名命令查询是否卸载成功。 ![](./figures/zh-cn_image_0231143198.png) - ## 日志查询 -加速器引擎涉及日志信息如[表3](#table52821836)所示。 +加速器引擎涉及日志信息如[表3](#table52821836)所示: **表 3** 日志信息 @@ -519,11 +509,12 @@ hisi_zip-1.2.10-4.oe1.aarch64 ## 加速引擎的应用 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >如果用户未购买引擎许可证,建议用户不要通过kae引擎调用相应算法,否则可能会影响openssl加密算法的性能。 +> ### KAE引擎使用示例代码 -``` +```sh #include #include @@ -578,9 +569,9 @@ int main(int argc, char **argv) ### 通过OpenSSL配置文件openssl.cnf使用KAE引擎 -新建openssl.cnf 需要添加如下配置信息 +新建openssl.cnf 需要添加如下配置信息: -``` +```sh openssl_conf=openssl_def [openssl_def] engines=engine_section @@ -596,13 +587,13 @@ init=1 导出OPENSSL\_CONF环境变量: -``` +```sh export OPENSSL_CONF=/home/app/openssl.cnf #该路径为openssl.cnf存放路径 ``` 使用OpenSSL配置文件示例如下: -``` +```sh #include #include @@ -648,6 +639,7 @@ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); OpenSSL_add_all_algorith ``` ## 故障处理 + ### 初始化失败 #### 故障现象 @@ -656,41 +648,40 @@ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); OpenSSL_add_all_algorith #### 处理步骤 -1. 检查加速器驱动是否加载成功,运行lsmod 命令查看uacce.ko、qm.ko 、sgl.ko 、hisi\_sec2.ko 、hisi\_hpre.ko 、hisi\_zip.ko、 hisi\_rde.ko是否在位。 +1. 检查加速器驱动是否加载成功,运行lsmod 命令查看uacce.ko、qm.ko 、sgl.ko 、hisi\_sec2.ko 、hisi\_hpre.ko 、hisi\_zip.ko、 hisi\_rde.ko是否在位。 - ``` + ```sh # lsmod | grep uacce uacce 262144 2 hisi_hpre,hisi_qm,hisi_sec2,hisi_zip,hisi_rde ``` -2. 检查/usr/lib64(RPM方式安装时目录)或者/usr/local/lib(源码方式安装时目录)和OpenSSL安装目录是否有加速器引擎库,且建立正确的软连接。 +2. 检查/usr/lib64(RPM方式安装时目录)或者/usr/local/lib(源码方式安装时目录)和OpenSSL安装目录是否有加速器引擎库,且建立正确的软链接。 - ``` + ```sh [root@localhost home]# ll /usr/local/lib/engines-1.1/ |grep kae - #查询kae是否正确安装并建立软连接,如果有正确安装显示如下内容 + #查询kae是否正确安装并建立软链接,如果有正确安装显示如下内容 # ll /usr/local/lib/engines-1.1/ |grep kae lrwxrwxrwx. 1 root root 22 Nov 12 02:33 kae.so -> kae.so.1.0.1 lrwxrwxrwx. 1 root root 22 Nov 12 02:33 kae.so.0 -> kae.so.1.0.1 -rwxr-xr-x. 1 root root 112632 May 25 2019 kae.so.1.0.1 [[root@localhost home]# [root@localhost home]# ll /usr/lib64/ | grep libwd - #查询libwd是否正确安装并建立软连接,如果有正确安装显示如下内容 + #查询libwd是否正确安装并建立软链接,如果有正确安装显示如下内容 lrwxrwxrwx. 1 root root 14 Nov 12 02:33 libwd.so -> libwd.so.1.0.1 lrwxrwxrwx. 1 root root 14 Nov 12 02:33 libwd.so.0 -> libwd.so.1.0.1 -rwxr-xr-x. 1 root root 137120 May 25 2019 libwd.so.1.0.1 [root@localhost home]# ``` -3. 检查OpenSSL引擎库的路径是否能通过export命令进行导出。 +3. 检查OpenSSL引擎库的路径是否能通过export命令进行导出。 - ``` + ```sh # echo $OPENSSL_ENGINES # export OPENSSL_ENGINES=/usr/local/lib/engines-1.1 # echo $OPENSSL_ENGINES /usr/local/lib/engines-1.1 ``` - ### 安装完加速器引擎之后,查找不到加速器设备 #### 故障现象 @@ -699,9 +690,9 @@ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); OpenSSL_add_all_algorith #### 解决方法 -1. 检查虚拟文件系统下是否有相应设备。正常情况下有如下相应的加速器设备。 +1. 检查虚拟文件系统下是否有相应设备。正常情况下有如下相应的加速器设备。 - ``` + ```sh # ls -al /sys/class/uacce/ total 0 lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-2 -> ../../devices/pci0000:78/0000:78:00.0/0000:79:00.0/uacce/hisi_hpre-2 @@ -714,10 +705,10 @@ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); OpenSSL_add_all_algorith lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_zip-7 -> ../../devices/pci0000:b4/0000:b4:00.0/0000:b5:00.0/uacce/hisi_zip-7 ``` -2. 若要使用hpre设备但是在[1](#li1760055514614)中未查询到,请按[初始化失败](#初始化失败)排查加速器软件是否已正确安装。 -3. 若[2](#li1600175515610)已确认加速器软件正确安装,请排查通过lspci命令查看物理设备是否存在。 +2. 若要使用hpre设备但是在[1](#li1760055514614)中未查询到,请按[初始化失败](#初始化失败)排查加速器软件是否已正确安装。 +3. 若[2](#li1600175515610)已确认加速器软件正确安装,请排查通过lspci命令查看物理设备是否存在。 - ``` + ```sh # lspci | grep HPRE 79:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon HPRE Engine (rev 21) b9:00.0 Network and computing encryption device: Huawei Technologies Co., Ltd. HiSilicon HPRE Engine (rev 21) @@ -733,10 +724,9 @@ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); OpenSSL_add_all_algorith # ``` -4. 若[3](#li1560012551369)未查询到相应的物理设备,请确认以下,不分先后: - - 确认是否已导入加速器许可证,若未导入,请请参考《[TaiShan 机架服务器 iBMC \(V500及以上\) 用户指南](https://support.huawei.com/enterprise/zh/doc/EDOC1100121687)》中“许可证管理”章节,导入加速器许可证。导入加速器许可证之后,需要掉电重启BMC,使能License。 - - 确认BMC和BIOS版本是否支持加速器特性。 - +4. 若[3](#li1560012551369)未查询到相应的物理设备,请确认以下,不分先后: + - 确认是否已导入加速器许可证,若未导入,请参考《[TaiShan 机架服务器 iBMC \(V500及以上\) 用户指南](https://support.huawei.com/enterprise/zh/doc/EDOC1100121687)》中“许可证管理”章节,导入加速器许可证。导入加速器许可证之后,需要掉电重启iBMC,使能License。 + - 确认iBMC和BIOS版本是否支持加速器特性。 ### 升级加速器驱动失败 diff --git "a/docs/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" "b/docs/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" index 08be596ebd0403fabd21c2642755cad5e8c22ec0..7e68428b7361713a7cd2fa3e58a868974679e492 100644 --- "a/docs/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" +++ "b/docs/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" @@ -34,14 +34,14 @@ ## LVM简介 -LVM是逻辑卷管理(Logical Volume Manager)的简称,它是Linux环境下对磁盘分区进行管理的一种机制。LVM通过在硬盘和文件系统之间添加一个逻辑层,来为文件系统屏蔽下层硬盘分区布局,提高硬盘分区管理的灵活性, +LVM是逻辑卷管理(Logical Volume Manager)的简称,它是Linux环境下对磁盘分区进行管理的一种机制。LVM通过在硬盘和文件系统之间添加一个逻辑层,来为文件系统屏蔽下层硬盘分区布局,提高硬盘分区管理的灵活性。 使用LVM管理硬盘的基本过程如下: -1. 将硬盘创建为物理卷 -2. 将多个物理卷组合成卷组 -3. 在卷组中创建逻辑卷 -4. 在逻辑卷之上创建文件系统 +1. 将硬盘创建为物理卷。 +2. 将多个物理卷组合成卷组。 +3. 在卷组中创建逻辑卷。 +4. 在逻辑卷之上创建文件系统。 通过LVM管理硬盘之后,文件系统不再受限于硬盘的大小,可以分布在多个硬盘上,也可以动态扩容。 @@ -62,7 +62,7 @@ LVM是逻辑卷管理(Logical Volume Manager)的简称,它是Linux环境 ## 安装 >![](./public_sys-resources/icon-note.gif) **说明:** ->openEuler操作系统默认已安装LVM。可通过**rpm -qa | grep lvm2**命令查询,若打印信息中包含“lvm2”信息,则表示已安装LVM,可跳过本章节内;若无任何打印信息,则表示未安装,可参考本章节内容进行安装。 +>openEuler操作系统默认已安装LVM。可通过**rpm -qa | grep lvm2**命令查询,若打印信息中包含“lvm2”信息,则表示已安装LVM,可跳过本章节内容;若无任何打印信息,则表示未安装,可参考本章节内容进行安装。 1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。 2. 清除缓存。 @@ -108,7 +108,7 @@ pvcreate [option] devname ... - -u:指定设备的UUID。 - -y:所有的问题都回答“yes”。 -- devname:指定要创建的物理卷对应的设备名称,如果需要批量创建,可以填写多个设备名称,中间以空格间隔。 +- devname:指定要创建的物理卷对应的设备名称。如果需要批量创建,可以填写多个设备名称,中间以空格间隔。 示例1:将/dev/sdb、/dev/sdc创建为物理卷。 @@ -156,11 +156,11 @@ pvchange [option] pvname ... - option:命令参数选项。常用的参数选项有: - -u:生成新的UUID。 - - -x:是否允许分配PE”。 + - -x:是否允许分配PE。 -- pvname:指定要要修改属性的物理卷对应的设备名称,如果需要批量修改,可以填写多个设备名称,中间以空格间隔。 +- pvname:指定要修改属性的物理卷对应的设备名称。如果需要批量修改,可以填写多个设备名称,中间以空格间隔。 -示例:禁止分配/dev/sdb物理卷上的PE。 +示例:禁止分配/dev/sdb物理卷上的PE。没有加入卷组的物理卷执行pvdisplay命令显示Allocatable属性为NO,需要加入卷组才能成功修改该属性。 ``` # pvchange -x n /dev/sdb @@ -180,9 +180,9 @@ pvremove [option] pvname ... - -f:强制删除物理卷,不需要用户确认。 - -y:所有的问题都回答“yes”。 -- pvname:指定要删除的物理卷对应的设备名称,如果需要批量删除,可以填写多个设备名称,中间以空格间隔。 +- pvname:指定要删除的物理卷对应的设备名称。如果需要批量删除,可以填写多个设备名称,中间以空格间隔。 -示例:删除物理卷/dev/sdb。 +示例:删除物理卷/dev/sdb。如果物理卷已经加入卷组,需要先删除卷组或者从卷组中移除,再删除物理卷。 ``` # pvremove /dev/sdb @@ -344,7 +344,7 @@ lvcreate [option] vgname - vgname:要创建逻辑卷的卷组名称。 -示例1:在卷组vg1中创建10G大小的逻辑卷。 +示例1:在卷组vg1中创建10G大小的逻辑卷,默认的逻辑卷名称是lvol0。 ``` # lvcreate -L 10G vg1 @@ -368,7 +368,7 @@ lvdisplay [option] [lvname] - option:命令参数选项。常用的参数选项有: -- -v:显示LE到PE的映射 +- -v:显示LE到PE的映射。 - lvname:指定要显示属性的逻辑卷对应的设备文件。如果省略,则显示所有的逻辑卷属性。 @@ -534,7 +534,7 @@ mount lvname mntpath # blkid /dev/vg1/lv1 ``` - 查看打印信息,打印信息中包含如下内容,其中 _uuidnumber_ 是一串数字,为UUID, _fstype_ 为文件系统。 + 查看打印信息,打印信息中包含如下内容,其中 _uuidnumber_ 是一串以中划线分割符号,数字和字母组合成UUID, _fstype_ 为文件系统。 /dev/vg1/lv1: UUID=" _uuidnumber_ " TYPE=" _fstype_ " @@ -549,8 +549,8 @@ mount lvname mntpath - 第一列:UUID,此处填写[1](#li65701520154311)查询的 _uuidnumber_ 。 - 第二列:文件系统的挂载目录 _mntpath_ 。 - 第三列:文件系统的文件格式,此处填写[1](#li65701520154311)查询的 _fstype_ 。 - - 第四列:挂载选项,此处以“defaults”为例; - - 第五列:备份选项,设置为“1”时,系统自动对该文件系统进行备份;设置为“0”时,不进行备份。此处以“0”为例; + - 第四列:挂载选项,此处以“defaults”为例。 + - 第五列:备份选项,设置为“1”时,系统自动对该文件系统进行备份;设置为“0”时,不进行备份。此处以“0”为例。 - 第六列:扫描选项,设置为“1”时,系统在启动时自动对该文件系统进行扫描;设置为“0”时,不进行扫描。此处以“0”为例。 3. 验证自动挂载功能。 diff --git "a/docs/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" "b/docs/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" index b901d3b20b513087b23e67edfa8d9849cce8a1ac..4f43d79e4c1d524028707ba1999ad8f523032354 100644 --- "a/docs/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" +++ "b/docs/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" @@ -1,25 +1,4 @@ -# 基础配置 - - -- [基础配置](#基础配置) - - [设置语言环境](#设置语言环境) - - [显示当前语言环境状态](#显示当前语言环境状态) - - [列出可用的语言环境](#列出可用的语言环境) - - [设置语言环境](#设置语言环境-1) - - [设置键盘](#设置键盘) - - [显示当前设置](#显示当前设置) - - [列出可用的键盘布局](#列出可用的键盘布局) - - [设置键盘布局](#设置键盘布局) - - [设置日期和时间](#设置日期和时间) - - [使用timedatectl命令设置](#使用timedatectl命令设置) - - [使用date命令设置](#使用date命令设置) - - [使用hwclock命令设置](#使用hwclock命令设置) - - [设置kdump](#设置kdump) - - [设置kdump预留内存](#设置kdump预留内存) - - [预留内存推荐值](#预留内存推荐值) - - [禁用网络相关驱动](#禁用网络相关驱动) - - +# 基础配置 ## 设置语言环境 @@ -55,7 +34,11 @@ $ localectl list-locales ``` $ localectl list-locales | grep zh +lzh_TW.UTF-8 zh_CN.UTF-8 +zh_HK.UTF-8 +zh_SG.UTF-8 +zh_TW.UTF-8 ``` ### 设置语言环境 @@ -154,7 +137,7 @@ $ timedatectl Local time: Mon 2019-09-30 04:05:00 EDT Universal time: Mon 2019-09-30 08:05:00 UTC RTC time: Mon 2019-09-30 08:05:00 - Time zone: America/New_York (EDT, -0400) + Time zone: China Standard Time (CST), UTC +8 System clock synchronized: no NTP service: inactive RTC in local TZ: no @@ -280,62 +263,19 @@ $ date --utc $ date +"format" ``` -**表 1** 参数说明 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

格式参数

-

说明

-

%H

-

小时以HH格式(例如 17)。

-

%M

-

分钟以MM格式(例如 37)。

-

%S

-

秒以SS格式(例如 25)。

-

%d

-

日期以DD格式(例如 15)。

-

%m

-

月份以MM格式(例如 07)。

-

%Y

-

年份以YYYY格式(例如 2019)。

-

%Z

-

时区缩写(例如CEST)。

-

%F

-

日期整体格式为YYYY-MM-DD(例如 2019-7-15),等同%Y-%m-%d。

-

%T

-

时间整体格式为HH:MM:SS(例如 18:30:25),等同%H:%M:%S。

-
+**表 1** 参数说明 + +| 格式参数 | 说明 | +| :---- | :---- | +| %H | 小时以HH格式(例如 17) | +| %M | 分钟以MM格式(例如 37) | +| %S | 秒以SS格式(例如 25) | +| %d | 日期以DD格式(例如 15) | +| %m | 月份以MM格式(例如 07) | +| %Y | 年份以YYYY格式(例如 2019) | +| %Z | 时区缩写(例如CEST) | +| %F | 日期整体格式为YYYY-MM-DD(例如 2019-7-15),等同%Y-%m-%d | +| %T | 时间整体格式为HH:MM:SS(例如 18:30:25),等同%H:%M:%S | 实际使用示例如下: @@ -438,14 +378,14 @@ Linux 将时钟分为: ``` ## 设置kdump -本节介绍如何设置kdump预留内存及kdump配置文件参数修改。 +本节介绍如何设置kdump预留内存及修改kdump配置文件参数。 ### 设置kdump预留内存 #### 预留内存参数格式 -kdump预留内存参数必须添加到内核启动参数中,配置文件为/boot/efi/EFI/openEuler/grub.cfg,openEuler发布版本中默认已经添加,可以根据实际使用情况调整。添加和修改启动参数后,重启系统生效。kdump预留内存参数格式如下: +kdump预留内存参数必须添加到内核启动参数中,配置文件为/boot/efi/EFI/openEuler/grub.cfg(UEFI引导模式)或/boot/grub2/grub.cfg(legacy引导模式),openEuler发布版本中默认已经添加,可以根据实际使用情况调整。添加和修改启动参数后,重启系统生效。kdump预留内存参数格式如下: | 内核启动参数 | 描述 | 默认值 | 备注 | |--------------------|-------------------------------------------|---------------|------------------------------------------------------------| @@ -459,7 +399,7 @@ kdump预留内存参数必须添加到内核启动参数中,配置文件为/bo | 推荐方案 | 预留参数 | 参数说明 | |------|------------------------|----------------------------------------------| | 通用方案 | crashkernel=2048M,high | 4G以下预留256M,4G以上预留2048M内存给kdump使用。共256+2048M。 | -| 经济方案 | crashkernel=1024M,high | 4G以下预留256M,4G以上预留1024M内存给kdump使用。共256+1024M。 推荐系统512G内存以内的场景,并不使用网络转储kdump文件。对于虚拟机场景,可以适当减少内存预留值,推荐虚拟机设置为crashkernel=512M或者crashkernel=256M,high | +| 经济方案 | crashkernel=1024M,high | 4G以下预留256M,4G以上预留1024M内存给kdump使用。共256+1024M。 推荐系统512M内存以内的场景,并不使用网络转储kdump文件。对于虚拟机场景,可以适当减少内存预留值,推荐虚拟机设置为crashkernel=512M或者crashkernel=256M,high | >![](./public_sys-resources/icon-note.gif) **说明:** >不通过网络转储kdump文件时,需要设置kdump文件系统不打包网络相关驱动。网络驱动加载需要申请较大内存,可能导致预留内存不足,kdump失败。因此建议禁用网络相关驱动。 @@ -468,3 +408,53 @@ kdump预留内存参数必须添加到内核启动参数中,配置文件为/bo kdump配置文件(/etc/kdump.conf)中,dracut参数可以设置裁剪的驱动模块,可以将网络驱动配置到裁剪驱动列表中,让kdump文件系统中不加载该驱动,修改配置文件后,重启kdump服务生效。dracut参数配置如下所示: `dracut_args --omit-drivers "mdio-gpi usb_8dev et1011c rt2x00usb bcm-phy-lib mac80211_hwsim rtl8723be rndis_host hns3_cae amd vrf rtl8192cu mt76x02-lib int51x1 ppp_deflate team_mode_loadbalance smsc911x aweth bonding mwifiex_usb hnae dnet rt2x00pci vaser_pci hdlc_ppp marvell rtl8xxxu mlxsw_i2c ath9k_htc rtl8150 smc91x cortina at803x rockchip cxgb4 spi_ks8995 mt76x2u smsc9420 mdio-cavium bnxt_en ch9200 dummy macsec ice mt7601u rtl8188ee ixgbevf net1080 liquidio_vf be2net mlxsw_switchx2 gl620a xilinx_gmii2rgmii ppp_generic rtl8192de sja1000_platform ath10k_core cc770_platform realte igb c_can_platform c_can ethoc dm9601 smsc95xx lg-vl600 ifb enic ath9 mdio-octeon ppp_mppe ath10k_pci cc770 team_mode_activebackup marvell10g hinic rt2x00lib mlx4_en iavf broadcom igc c_can_pci alx rtl8192se rtl8723ae microchip lan78xx atl1c rtl8192c-common almia ax88179_178a qed netxen_nic brcmsmac rt2800usb e1000 qla3xxx mdio-bitbang qsemi mdio-mscc-miim plx_pci ipvlan r8152 cx82310_eth slhc mt76x02-usb ems_pci xen-netfront usbnet pppoe mlxsw_minimal mlxsw_spectrum cdc_ncm rt2800lib rtl_usb hnae3 ath9k_common ath9k_hw catc mt76 hns_enet_drv ppp_async huawei_cdc_ncm i40e rtl8192ce dl2 qmi_wwan mii peak_usb plusb can-dev slcan amd-xgbe team_mode_roundrobin ste10Xp thunder_xcv pptp thunder_bgx ixgbe davicom icplus tap tun smsc75xx smsc dlci hns_dsaf mlxsw_core rt2800mmi softing uPD60620 vaser_usb dp83867 brcmfmac mwifiex_pcie mlx4_core micrel team macvlan bnx2 virtio_net rtl_pci zaurus hns_mdi libcxgb hv_netvsc nicvf mt76x0u teranetics mlxfw cdc_eem qcom-emac pppox mt76-usb sierra_net i40evf bcm87xx mwifiex pegasus rt2x00mmi sja1000 ena hclgevf cnic cxgb4vf ppp_synctty iwlmvm team_mode_broadcast vxlan vsockmon hdlc_cisc rtl8723-common bsd_comp fakelb dp83822 dp83tc811 cicada fm10 8139t sfc hs geneve hclge xgene-enet-v2 cdc_mbim hdlc asix netdevsim rt2800pci team_mode_random lxt ems_usb mlxsw_pci sr9700 mdio-thunder mlxsw_switchib macvtap atlantic cdc_ether mcs7830 nicpf mdi peak_pci atl1e cdc_subset ipvtap btcoexist mt76x0-common veth slip iwldvm bcm7xxx vitesse netconsole epic100 myri10ge r8169 qede microchip_t1 liquidi bnx2x brcmutil mwifiex_sdi mlx5_core rtlwifi vmxnet3 nlmon hns3 hdlc_raw esd_usb2 atl2 mt76x2-common iwlwifi mdio-bcm-unimac national ath rtwpci rtw88 nfp rtl8821ae fjes thunderbolt-net 8139cp atl1 mscc vcan dp83848 dp83640 hdlc_fr e1000e ipheth net_failover aquantia rtl8192ee igbvf rocker intel-xway tg3" --omit "ramdisk network ifcfg qemu-net" --install "chmod" --nofscks` + +## 设置磁盘调度算法 +本节介绍如何设置磁盘调度算法。 + + + +### 临时修改调度策略 + +例如将所有IO调度算法修改为mq-deadline,此修改重启后会失效。 +``` +echo mq-deadline > /sys/block/sd*/queue/scheduler +``` + +### 永久设置调度策略 + +可以通过在内核启动配置文件grub.cfg中的kernel行追加:elevator=mq-deadline,重启后生效。 +``` +linux /vmlinuz-4.19.90-2003.4.0.0036.oe1.x86_64 root=/dev/mapper/openeuler-root ro resume=/dev/mapper/openeuler-swap rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap quiet crashkernel=512M elevator=mq-deadline +``` +## 设置NMI watchdog +NMI(Non-Maskable Interrupt)作为系统最高优先级的中断,属于不可屏蔽的中断类型。NMI watchdog 可用于检测服务器异常挂起事件,触发系统收集故障信息后重启。openEuler QA 团队实验室测试结果表明:开启 NMI watchdog 的情况下,NMI 偶尔会产生大量中断,并可能会降低服务器部分性能,请在了解该功能影响的情况下合理使用。 + +Note:以下NMI watchdog设置仅限openEuler社区已完成兼容性验证的硬件服务器类型,其余类型服务器和虚拟机下NMI watchdog仅限参考; + +### 显示当前NMI watchdog配置状态 + +``` +# sudo sysctl kernel.nmi_watchdog +kernel.nmi_watchdog = 0 +``` + +### 设置NMI watchdog配置参数 + +``` +# sudo sysctl -w kernel.nmi_watchdog=1 +``` +参数值为 1 表示开启, 0 表示关闭。 + +## 显示内核日志打印级别 + +``` +# sysctl kernel.printk +kernel.printk = 4 4 1 7 +``` + +如果要调整内核日志打印级别,可修改/etc/sysctl.d/21-openEuler.conf文件,执行以下命令,使其生效。 + +``` +# sysctl -p /etc/sysctl.d/21-openEuler.conf +``` \ No newline at end of file diff --git "a/docs/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" index d1cbc9f4337f20bf1a976623d797d9225cc3fa6b..54b53d66106a6f74b779f44120841307ec4747bc 100644 --- "a/docs/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" +++ "b/docs/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" @@ -35,7 +35,7 @@ FTP(File Transfer Protocol)即文件传输协议,是互联网最早的传 - 用户分类 - 默认情况下,FTP服务器依据登录情况,将用户分为实体用户(real user)、访客(guest)、匿名用户(anonymous)三类。三类用户对系统的访问权限差异较大,实体用户具有较完整的访问权限,匿名用户仅有下载资源的权限。 + 默认情况下,FTP服务器依据登录情况,将用户分为实体用户(real user)、访客(guest)、匿名用户(anonymous)三类。三类用户对系统的访问权限差异较大,实体用户具有较完整的访问权限,访客用户会设定好可用目录,匿名用户仅有下载资源的权限。 - 命令记录和日志文件记录 @@ -138,7 +138,7 @@ FTP的正常工作需要使用到多个网络端口,服务器端会使用到

/etc/vsftpd/ftpusers

禁用使用vsftpd的用户列表文件。默认情况下,系统帐号也在该文件中,因此系统帐号默认无法使用vsftpd。

+

禁止使用vsftpd的用户列表文件。默认情况下,系统帐号也在该文件中,因此系统帐号默认无法使用vsftpd。

/etc/vsftpd/user_list

@@ -257,7 +257,7 @@ userlist_enable=YES

userlist_enable

是否支持/etc/vsftpd/user_list文件内的账号登录控制,YES为支持,NO为不支持。

+

是否支持/etc/vsftpd/user_list文件内的帐号登录控制,YES为支持,NO为不支持。

tcp_wrappers

@@ -489,7 +489,7 @@ ftp> ``` >![](./public_sys-resources/icon-note.gif) **说明:** - >- 此时每下载一个文件,都会有提示信息。如果要屏蔽提示信息,则在 **mget \*.\*** 命令前先执行**prompt off** + >- 此时每下载一个文件,都会有提示信息。如果要屏蔽提示信息,则在 **mget \*.\*** 命令前先执行**prompt off**。 >- 文件都被下载到Linux主机的当前目录下。比如,在/home/myopenEuler/下运行的ftp命令,则文件都下载到/home/myopenEuler/下。 diff --git "a/docs/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" index 68bc81cb552f29dbea880446f48b66beef08b7c8..047bfce46e6ef83352eb62b0c2f1c05370706fea 100644 --- "a/docs/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" +++ "b/docs/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" @@ -1,7 +1,7 @@ # 搭建repo服务器 ->![](./public_sys-resources/icon-note.gif) **说明:** ->openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](./../Releasenotes/系统安装.md)。若用户无法在线获取openEuler repo源,则可使用openEuler提供的ISO发布包创建为本地openEuler repo源。本章节中以openEuler-20.03-LTS-aarch64-dvd.iso发布包为例,请根据实际需要的ISO发布包进行修改。 +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](./../Releasenotes/系统安装.md)。若用户无法在线获取openEuler repo源,则可使用openEuler提供的ISO发布包创建为本地openEuler repo源。本章节中以openEuler-20.03-LTS-SP4-aarch64-dvd.iso发布包为例,请根据实际需要的ISO发布包进行修改。 @@ -25,16 +25,17 @@ ## 概述 -将openEuler提供的ISO发布包openEuler-20.03-LTS-aarch64-dvd.iso创建为repo源,如下以使用nginx进行repo源部署,提供http服务为例进行说明。 +将openEuler提供的ISO发布包openEuler-20.03-LTS-SP4-aarch64-dvd.iso创建为repo源,如下以使用nginx进行repo源部署,提供http服务为例进行说明。 ## 创建/更新本地repo源 -使用mount挂载,将openEuler的ISO发布包openEuler-20.03-LTS-aarch64-dvd.iso创建为repo源,并能够对repo源进行更新。 +使用mount挂载,将openEuler的ISO发布包openEuler-20.03-LTS-SP4-aarch64-dvd.iso创建为repo源,并能够对repo源进行更新。 + ### 获取ISO发布包 请从如下网址获取openEuler的ISO发布包: -[https://repo.openeuler.org/openEuler-20.03-LTS/ISO/](https://repo.openeuler.org/openEuler-20.03-LTS/ISO/) +[https://repo.openeuler.org/openEuler-20.03-LTS-SP4/ISO/](https://repo.openeuler.org/openEuler-20.03-LTS-SP4/ISO/) ### 挂载ISO创建repo源 @@ -42,13 +43,13 @@ 示例如下: -``` -# mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ +```sh +# mount /home/openEuler/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt/ ``` 挂载好的mnt目录如下: -``` +```sh . │── boot.catalog │── docs @@ -66,8 +67,8 @@ 可以拷贝ISO发布包中相关文件至本地目录以创建本地repo源,示例如下: -``` -# mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ +```sh +# mount /home/openEuler/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt/ $ mkdir -p ~/srv/repo/ $ cp -r /mnt/Packages ~/srv/repo/ $ cp -r /mnt/repodata ~/srv/repo/ @@ -76,7 +77,7 @@ $ cp -r /mnt/RPM-GPG-KEY-openEuler ~/srv/repo/ 从而本地repo目录如下: -``` +```sh . │── Packages │── repodata @@ -89,32 +90,32 @@ Packages为rpm包所在的目录,repodata为repo源元数据所在的目录, 更新repo源有两种方式: -- 通过新版本的ISO更新已有的repo源,与创建repo源的方式相同,即挂载ISO发布包或重新拷贝ISO发布包至本地目录。 +- 通过新版本的ISO更新已有的repo源,与创建repo源的方式相同,即挂载ISO发布包或重新拷贝ISO发布包至本地目录。 -- 在repo源的Packages目录下添加rpm包,然后通过createrepo命令更新repo源 +- 在repo源的Packages目录下添加rpm包,然后通过createrepo命令更新repo源。 - ``` - $ createrepo --update --workers=10 ~/srv/repo + ```sh + createrepo --update --workers=10 ~/srv/repo ``` 其中,\-\-update表示更新,\-\-workers表示线程数,可自定义。 - - >![](./public_sys-resources/icon-note.gif) **说明:** - >若命令打印信息为“createrepo:未找到命令”,则表示未安装createrepo软件,可在root权限下执行**dnf install createrepo**进行安装。 + >![](./public_sys-resources/icon-note.gif) **说明:** + >若命令打印信息为“createrepo:未找到命令”,则表示未安装createrepo软件,可在root权限下执行**dnf install createrepo**进行安装。 ## 部署远端repo源 安装openEuler操作系统,在openEuler上通过nginx部署repo源。 + ### nginx安装与配置 -1. 请自行下载nginx工具并在root权限下安装nginx。 -2. 安装nginx之后,在root权限下配置/etc/nginx/nginx.conf。 +1. 请自行下载nginx工具并在root权限下安装nginx。 +2. 安装nginx之后,在root权限下配置/etc/nginx/nginx.conf。 - >![](./public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >文档中的配置内容仅供参考,请用户根据实际情况(例如安全加固需要)进行配置。 - ``` + ```sh user nginx; worker_processes auto; # 建议设置为core-1 error_log /var/log/nginx/error.log warn; # log存放位置 @@ -153,20 +154,19 @@ Packages为rpm包所在的目录,repodata为repo源元数据所在的目录, } ``` - ### 启动nginx服务 -1. 在root权限下通过systemd启动nginx服务: +1. 在root权限下通过systemd启动nginx服务: - ``` + ```sh # systemctl enable nginx # systemctl start nginx ``` -2. nginx是否启动成功可通过下面命令查看: +2. nginx是否启动成功可通过下面命令查看: - ``` - $ systemctl status nginx + ```sh + systemctl status nginx ``` - [图1](#zh-cn_topic_0151920971_fd25e3f1d664b4087ae26631719990a71)表示nginx服务启动成功 @@ -176,8 +176,8 @@ Packages为rpm包所在的目录,repodata为repo源元数据所在的目录, - 若nginx服务启动失败,查看错误信息: - ``` - $ systemctl status nginx.service --full + ```sh + systemctl status nginx.service --full ``` **图 2** nginx服务启动失败 @@ -185,7 +185,7 @@ Packages为rpm包所在的目录,repodata为repo源元数据所在的目录, 如[图2](#zh-cn_topic_0151920971_f1f9f3d086e454b9cba29a7cae96a4c54)所示nginx服务创建失败,是由于目录/var/spool/nginx/tmp/client\_body创建失败,在root权限下手动进行创建,类似的问题也这样处理: - ``` + ```sh # mkdir -p /var/spool/nginx/tmp/client_body # mkdir -p /var/spool/nginx/tmp/proxy # mkdir -p /var/spool/nginx/tmp/fastcgi @@ -193,80 +193,78 @@ Packages为rpm包所在的目录,repodata为repo源元数据所在的目录, # mkdir -p /usr/share/nginx/scgi_temp ``` - ### repo源部署 -1. 在root权限下创建nginx配置文件/etc/nginx/nginx.conf中指定的目录/usr/share/nginx/repo: +1. 在root权限下创建nginx配置文件/etc/nginx/nginx.conf中指定的目录/usr/share/nginx/repo: - ``` + ```sh # mkdir -p /usr/share/nginx/repo ``` -2. 在root权限下修改目录/usr/share/nginx/repo的权限: +2. 在root权限下修改目录/usr/share/nginx/repo的权限: - ``` + ```sh # chmod -R 755 /usr/share/nginx/repo ``` -3. 设置防火墙规则,开启nginx设置的端口(此处为80端口),在root权限下通过firewall设置端口开启: +3. 设置防火墙规则,开启nginx设置的端口(此处为80端口),在root权限下通过firewall设置端口开启: - ``` + ```sh # firewall-cmd --add-port=80/tcp --permanent # firewall-cmd --reload ``` 在root权限下查询80端口是否开启成功,输出为yes则表示80端口开启成功: - ``` + ```sh # firewall-cmd --query-port=80/tcp ``` 也可在root权限下通过iptables来设置80端口开启: - ``` + ```sh # iptables -I INPUT -p tcp --dport 80 -j ACCEPT ``` -4. nginx服务设置好之后,即可通过ip直接访问网页,如[图3](#zh-cn_topic_0151921017_fig1880404110396): +4. nginx服务设置好之后,即可通过ip直接访问网页,如[图3](#zh-cn_topic_0151921017_fig1880404110396): **图 3** nginx部署成功 ![](./figures/nginx-deploy-success.png "nginx部署成功") -5. 通过下面几种方式将repo源放入到/usr/share/nginx/repo下: +5. 通过下面几种方式将repo源放入到/usr/share/nginx/repo下: - 在root权限下拷贝镜像中相关文件至/usr/share/nginx/repo下,并修改目录权限。 - ``` - # mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ + ```sh + # mount /home/openEuler/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt/ # cp -r /mnt/Packages /usr/share/nginx/repo # cp -r /mnt/repodata /usr/share/nginx/repo # cp -r /mnt/RPM-GPG-KEY-openEuler /usr/share/nginx/repo # chmod -R 755 /usr/share/nginx/repo ``` - - openEuler-20.03-LTS-aarch64-dvd.iso存放在/home/openEuler目录下。 - + + openEuler-20.03-LTS-SP4-aarch64-dvd.iso存放在/home/openEuler目录下。 + - 使用root在/usr/share/nginx/repo下创建repo源的软链接。 - - ``` + + ```sh # ln -s /mnt /usr/share/nginx/repo/os ``` - - /mnt为已经创建好的repo源,/usr/share/nginx/repo/os将指向/mnt。 - + /mnt为已经创建好的repo源,/usr/share/nginx/repo/os将指向/mnt。 ## 使用repo源 -repo可配置为yum源,yum(全称为 Yellow dog Updater, Modified)是一个Shell前端软件包管理器。基于RPM包管理,能够从指定的服务器自动下载RPM包并且安装,可以自动处理依赖性关系,并且一次安装所有依赖的软体包,无须繁琐地一次次下载和安装。 +repo可配置为yum源,yum(全称为 Yellow dog Updater, Modified)是一个Shell前端软件包管理器。基于RPM包管理,能够从指定的服务器自动下载RPM包并且安装,可以自动处理依赖性关系,并且一次安装所有依赖的软件包,无须繁琐地一次次下载和安装。 + ### repo配置为yum源(软件源) 构建好的repo可以配置为yum源使用,在/etc/yum.repos.d/目录下使用root权限创建\*\*\*.repo的配置文件(必须以.repo为扩展名),分为本地和http服务器配置yum源两种方式: -- 配置本地yum源 +- 配置本地yum源 在/etc/yum.repos.d目录下创建openEuler.repo文件,使用构建的本地repo源作为yum源,openEuler.repo的内容如下: - ``` + ```sh [base] name=base baseurl=file:///home/openEuler/srv/repo @@ -275,7 +273,7 @@ repo可配置为yum源,yum(全称为 Yellow dog Updater, Modified)是一 gpgkey=file:///home/openEuler/srv/repo/RPM-GPG-KEY-openEuler ``` - >![](./public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** > - \[*repoid*\]中的repoid为软件仓库(repository)的ID号,所有.repo配置文件中的各repoid不能重复,必须唯一。示例中repoid设置为**base**。 > - name为软件仓库描述的字符串。 > - baseurl为软件仓库的地址。 @@ -283,13 +281,13 @@ repo可配置为yum源,yum(全称为 Yellow dog Updater, Modified)是一 > - gpgcheck可设置为1或0,1表示进行gpg(GNU Private Guard)校验,0表示不进行gpg校验,gpgcheck可以确定rpm包的来源是有效和安全的。 > - gpgkey为验证签名用的公钥。 -- 配置http服务器yum源 +- 配置http服务器yum源 在/etc/yum.repos.d目录下创建openEuler.repo文件。 - - - 若使用用户部署的http服务端的repo源作为yum源,openEuler.repo的内容如下: - ``` + - 若使用用户部署的http服务端的repo源作为yum源,openEuler.repo的内容如下: + + ```sh [base] name=base baseurl=http://192.168.139.209/ @@ -298,27 +296,25 @@ repo可配置为yum源,yum(全称为 Yellow dog Updater, Modified)是一 gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler ``` - >![](./public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >“192.168.139.209”为示例地址,请用户根据实际情况进行配置。 - - 若使用openEuler提供的openEuler repo源作为yum源,以AArch64架构的OS repo源为例,openEuler.repo的内容如下: - - ``` + - 若使用openEuler提供的openEuler repo源作为yum源,以AArch64架构的OS repo源为例,openEuler.repo的内容如下: + + ```sh [base] name=base - baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/ + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/ enabled=1 gpgcheck=1 - gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/RPM-GPG-KEY-openEuler ``` - - ### repo优先级 当有多个repo源时,可通过在.repo文件的priority参数设置repo的优先级(如果不设置,默认优先级是99,当相同优先级的源中存在相同rpm包时,会安装最新的版本)。其中,1为最高优先级,99为最低优先级,如给openEuler.repo配置优先级为2: -``` +```sh [base] name=base baseurl=http://192.168.139.209/ @@ -332,69 +328,68 @@ gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler dnf命令在安装升级时能够自动解析包的依赖关系,一般的使用方式如下: -``` +```sh dnf ``` 常用的命令如下: -- 安装,需要在root权限下执行。 +- 安装,需要在root权限下执行。 - ``` + ```sh # dnf install ``` -- 升级,需要在root权限下执行。 +- 升级,需要在root权限下执行。 - ``` + ```sh # dnf update ``` -- 回退,需要在root权限下执行。 +- 回退,需要在root权限下执行。 - ``` + ```sh # dnf downgrade ``` -- 检查更新 +- 检查更新。 - ``` - $ dnf check-update + ```sh + dnf check-update ``` -- 卸载,需要在root权限下执行。 +- 卸载,需要在root权限下执行。 - ``` + ```sh # dnf remove ``` -- 查询 +- 查询。 - ``` - $ dnf search + ```sh + dnf search ``` -- 本地安装,需要在root权限下执行。 +- 本地安装,需要在root权限下执行。 - ``` + ```sh # dnf localinstall ``` -- 查看历史记录 +- 查看历史记录。 - ``` - $ dnf history + ```sh + dnf history ``` -- 清除缓存目录 +- 清除缓存目录。 - ``` - $ dnf clean all + ```sh + dnf clean all ``` -- 更新缓存 +- 更新缓存。 + ```sh + dnf makecache ``` - $ dnf makecache - ``` - diff --git "a/docs/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" index 47a06bc374adce4ce9442eb593b1a7a6778dbe88..5a4092df9c2d45da5d5213cbeb9c862392991bff 100644 --- "a/docs/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" +++ "b/docs/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" @@ -21,7 +21,7 @@ ## Apache服务器 ### 概述 -Web(World Wide Web)是目前最常用的Internet协议之一。目前在Unix-Like系统中的web服务器主要通过Apache服务器软件实现。为了实现运营动态网站,产生了LAMP(Linux + Apache +MySQL + PHP)。web服务可以结合文字、图形、影像以及声音等多媒体,并支持超链接(Hyperlink)的方式传输信息。 +Web(World Wide Web)是目前最常用的Internet协议之一。目前在Unix-Like系统中的web服务器主要通过Apache服务器软件实现。为了实现运营动态网站,产生了LAMP(Linux + Apache +MySQL + PHP)。web服务可以结合文字、图形、影像以及声音等多媒体展示,并支持以超链接(Hyperlink)的方式传输信息。 openEuler系统中的web服务器版本是Apache HTTP服务器2.4版本,即httpd,一个由Apache软件基金会发展而来的开源web服务器。 @@ -120,7 +120,7 @@ $ systemctl is-active httpd ### 配置文件说明 -当httpd服启动后,默认情况下它会读取如[表1](#table24341012096)所示的配置文件。 +当httpd服务启动后,默认情况下它会读取如[表1](#table24341012096)所示的配置文件。 **表 1** 配置文件说明 @@ -433,7 +433,7 @@ $ systemctl is-active nginx ### 配置文件说明 -当nginx服启动后,默认情况下它会读取如[表2](#table24341012096)所示的配置文件。 +当nginx服务启动后,默认情况下它会读取如[表2](#table24341012096)所示的配置文件。 **表 2** 配置文件说明 diff --git "a/docs/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" index 4fc5a87be317b48f927a0a7d02d5d9ea05bea713..77b48e511acb399eb9df352a5042dce061d8c545 100644 --- "a/docs/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" +++ "b/docs/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" @@ -1,28 +1,7 @@ # 搭建数据库服务器 - - -- [搭建数据库服务器](#搭建数据库服务器) - - [PostgreSql服务器](#postgresql服务器) - - [软件介绍](#软件介绍) - - [配置环境](#配置环境) - - [安装、运行和卸载](#安装运行和卸载) - - [管理数据库角色](#管理数据库角色) - - [管理数据库](#管理数据库) - - [Mariadb服务器](#mariadb服务器) - - [软件介绍](#软件介绍-1) - - [配置环境](#配置环境-1) - - [安装、运行和卸载](#安装运行和卸载-1) - - [管理数据库用户](#管理数据库用户) - - [管理数据库](#管理数据库-1) - - [MySQL服务器](#mysql服务器) - - [软件介绍](#软件介绍-2) - - [配置环境](#配置环境-2) - - [安装、运行和卸载](#安装运行和卸载-2) - - [管理数据库用户](#管理数据库用户-1) - - [管理数据库](#管理数据库-2) - - + ## PostgreSql服务器 + ### 软件介绍 PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1](#table62020913417)所示。 @@ -52,7 +31,7 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1

Postgres(常驻进程)

管理后端的常驻进程,也称为“postmaster”。其默认侦听UNIXDomain Socket和TCP/IP(Windows等,一部分的平台只侦听TCP/IP)的5432端口,等待来自前端的的连接处理。侦听的端口号可以在PostgreSql的设置文件postgresql.conf中修改。

+

管理后端的常驻进程,也称为“postmaster”。其默认侦听UNIXDomain Socket和TCP/IP(Windows等,一部分的平台只侦听TCP/IP)的5432端口,等待来自前端的连接处理。侦听的端口号可以在PostgreSql的设置文件postgresql.conf中修改。

子进程

@@ -60,7 +39,7 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1

Postgres(子进程)

子进程根据pg_hba.conf定义的安全策略来判断是否允许进行连接,根据策略,会拒绝某些特定的IP及网络,或者也可以只允许某些特定的用户或者对某些数据库进行连接。

-

Postgres会接受前端过来的查询,然后对数据库进行检索,最后把结果返回,有时也会对数据库进行更新。更新的数据同时还会记录在事务日志里面(PostgreSQL称为WAL日志)。这个主要是当停电、服务器宕机、重新启动的时候进行恢复处理的时候使用。另外,把日志归档保存起来,可在需要进行恢复的时候使用。在PostgreSQL 9.0以后,通过把WAL日志传送其他的postgreSQL,可以实时的进行数据库复制,这就是所谓的“数据库复制”功能。

+

Postgres会接受来自前端的查询请求,然后对数据库进行检索,最后把结果返回,有时也会对数据库进行更新。更新的数据同时还会记录在事务日志里面(PostgreSQL称为WAL日志)。这个主要是当停电、服务器宕机、重新启动的时候进行恢复处理的时候使用。另外,把日志归档保存起来,可在需要进行恢复的时候使用。在PostgreSQL 9.0以后,通过把WAL日志传送其他的postgreSQL,可以实时的进行数据库复制,这就是所谓的“数据库复制”功能。

辅助进程

@@ -105,247 +84,244 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1 ### 配置环境 ->![](./public_sys-resources/icon-note.gif) **说明:** ->以下环境配置仅为参考示例,具体配置视实际需求做配置 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 以下环境配置仅为参考示例,具体配置视实际需求做配置。 +> #### 关闭防火墙并取消开机自启动 ->![](./public_sys-resources/icon-note.gif) **说明:** ->测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 -1. 在root权限下停止防火墙。 +1. 在root权限下停止防火墙。 - ``` + ```sh # systemctl stop firewalld ``` -2. 在root权限下关闭防火墙。 +2. 在root权限下关闭防火墙。 - ``` + ```sh # systemctl disable firewalld ``` - >![](./public_sys-resources/icon-note.gif) **说明:** - >执行disable命令关闭防火墙的同时,也取消了开机自启动。 - + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > 执行disable命令关闭防火墙的同时,也取消了开机自启动。 #### 修改SELINUX为disabled -1. 在root权限下修改配置文件。 +1. 在root权限下修改配置文件。 - ``` + ```sh # sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux ``` - #### 创建组和用户 ->![](./public_sys-resources/icon-note.gif) **说明:** ->服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 -1. 在root权限下创建PostgreSQL用户(组)。 +1. 在root权限下创建PostgreSQL用户(组)。 - ``` + ```sh # groupadd postgres ``` - ``` + ```sh # useradd -g postgres postgres ``` -2. 在root权限下设置postgres用户密码(重复输入密码)。 +2. 在root权限下设置postgres用户密码(重复输入密码)。 - ``` + ```sh # passwd postgres ``` - #### 搭建数据盘 ->![](./public_sys-resources/icon-note.gif) **说明:** ->- 测试极限性能时,建议单独挂载IO性能更优的NVME SSD存储介质创建PostgreSQL测试实例,避免磁盘IO对性能测试结果的影响,本文以单独挂载NVME SSD为例,参考步骤1\~步骤4。 ->- 非性能测试时,在root权限下执行以下命令,创建数据目录即可。然后跳过本小节: +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 测试极限性能时,建议单独挂载IO性能更优的NVME SSD存储介质创建PostgreSQL测试实例,避免磁盘IO对性能测试结果的影响,本文以单独挂载NVME SSD为例,参考步骤1\~步骤4。 +>- 非性能测试时,在root权限下执行以下命令,创建数据目录即可。然后跳过本小节: > \# mkdir /data -1. 在root权限下创建文件系统(以xfs为例,根据实际需求创建文件系统),若磁盘之前已做过文件系统,执行此命令会出现报错,可使用-f参数强制创建文件系统。 +1. 在root权限下创建文件系统(以xfs为例,根据实际需求创建文件系统),若磁盘之前已做过文件系统,执行此命令会出现报错,可使用-f参数强制创建文件系统。 - ``` + ```sh # mkfs.xfs /dev/nvme0n1 ``` -2. 在root权限下创建数据目录。 +2. 在root权限下创建数据目录。 - ``` + ```sh # mkdir /data ``` -3. 在root权限下挂载磁盘。 +3. 在root权限下挂载磁盘。 - ``` + ```sh # mount -o noatime,nobarrier /dev/nvme0n1 /data ``` - #### 数据目录授权 -1. 在root权限下修改目录权限。 +1. 在root权限下修改目录权限。 - ``` + ```sh # chown -R postgres:postgres /data/ ``` - ### 安装、运行和卸载 + #### 安装 -1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。 -2. 清除缓存。 +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。 +2. 清除缓存。 - ``` - $ dnf clean all + ```sh + dnf clean all ``` -3. 创建缓存。 +3. 创建缓存。 - ``` - $ dnf makecache + ```sh + dnf makecache ``` -4. 在root权限下安装PostgreSQL服务器。 +4. 在root权限下安装PostgreSQL服务器。 - ``` + ```sh # dnf install postgresql-server ``` -5. 查看安装后的rpm包。 +5. 查看安装后的rpm包。 - ``` - $ rpm -qa | grep postgresql + ```sh + rpm -qa | grep postgresql ``` - #### 运行 + ##### 初始化数据库 ->![](./public_sys-resources/icon-notice.gif) **须知:** ->此步骤在postgres用户下操作。 +> ![](./public_sys-resources/icon-notice.gif) **须知:** +> +> 此步骤在postgres用户下操作。 -1. 切换到已创建的PostgreSQL用户。 +1. 切换到已创建的PostgreSQL用户。 - ``` + ```sh # su - postgres ``` -2. 初始化数据库,其中命令中的/usr/bin是命令initdb所在的目录。 +2. 初始化数据库,其中命令中的/usr/bin是命令initdb所在的目录。 - ``` - $ /usr/bin/initdb -D /data/ + ```sh + /usr/bin/initdb -D /data/ ``` - ##### 启动数据库 -1. 启动PostgreSQL数据库。 +1. 启动PostgreSQL数据库。 - ``` - $ /usr/bin/pg_ctl -D /data/ -l /data/logfile start + ```sh + /usr/bin/pg_ctl -D /data/ -l /data/logfile start ``` -2. 确认PostgreSQL数据库进程是否正常启动。 +2. 确认PostgreSQL数据库进程是否正常启动。 - ``` - $ ps -ef | grep postgres + ```sh + ps -ef | grep postgres ``` 命令执行后,打印信息如下图所示,PostgreSQL相关进程已经正常启动了。 ![](./figures/postgres.png) - ##### 登录数据库 -1. 登录数据库。 +1. 登录数据库。 - ``` - $ /usr/bin/psql -U postgres + ```sh + /usr/bin/psql -U postgres ``` ![](./figures/login.png) - >![](./public_sys-resources/icon-note.gif) **说明:** - >初次登录数据库,无需密码。 - + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > 初次登录数据库,无需密码。 -##### 配置数据库账号密码 +##### 配置数据库帐号密码 -1. 登录后,设置postgres密码。 +1. 登录后,设置postgres密码。 - ``` + ```sh postgres=#alter user postgres with password '123456'; ``` ![](./figures/zh-cn_image_0230050789.png) - ##### 退出数据库 -1. 执行\\q退出数据库。 +1. 执行\\q退出数据库。 - ``` + ```sh postgres=#\q ``` - ##### 停止数据库 -1. 停止PostgreSQL数据库。 +1. 停止PostgreSQL数据库。 - ``` - $ /usr/bin/pg_ctl -D /data/ -l /data/logfile stop + ```sh + /usr/bin/pg_ctl -D /data/ -l /data/logfile stop ``` - #### 卸载 -1. 在postgres用户下停止数据库。 +1. 在postgres用户下停止数据库。 - ``` - $ /usr/bin/pg_ctl -D /data/ -l /data/logfile stop + ```sh + /usr/bin/pg_ctl -D /data/ -l /data/logfile stop ``` -2. 在root用户下执行**dnf remove postgresql-server**卸载PostgreSQL数据库。 +2. 在root用户下执行**dnf remove postgresql-server**卸载PostgreSQL数据库。 - ``` + ```sh # dnf remove postgresql-server ``` - ### 管理数据库角色 + #### 创建角色 可以使用CREATE ROLE语句或createuser来创建角色。createuser是对CREATE ROLE命令的封装,需要在shell界面执行,而不是在数据库界面。 -``` +```sh CREATE ROLE rolename [ [ WITH ] option [ ... ] ]; ``` -``` +```sh createuser rolename ``` 其中: -- rolename:角色名。 -- option为参数选项,常用的有: - - SUPERUSER | NOSUPERUSER:决定一个新角色是否为"超级用户",若未指定,则默认为NOSUPERUSER,即不是超级用户。 - - CREATEDB | NOCREATEDB:定义一个角色是否能创建数据库,若未指定,则默认为NOCREATEDB,即不能创建数据库。 - - CREATEROLE | NOCREATEROLE:决定一个角色是否可以创建新角色,若未指定,则默认为NOCREATEROLE,即不能创建新角色。 - - INHERIT | NOINHERIT:决定一个角色是否"继承"它所在组的角色的权限。一个带有 INHERIT 属性的角色可以自动使用已经赋与它直接或间接所在组的任何权限。若未指定,则默认为INHERIT。 - - LOGIN | NOLOGIN:决定一个角色是否可以登录,一个拥有LOGIN属性的角色可以认为是一个用户,若无此属性的角色可以用于管理数据库权限,但是并不是用户,若未指定,则默认为NOLOGIN。但若创建角色是使用的是CREATE USER而不是CREATE ROLE,则默认是LOGIN属性。 - - \[ ENCRYPTED | UNENCRYPTED \] PASSWORD 'password':设置角色的密码,密码只对那些拥有 LOGIN 属性的角色有意义。ENCRYPTED | UNENCRYPTED表示是否对密码进行加密,若未指定,则默认为ENCRYPTED,即加密。 - - VALID UNTIL 'timestamp':角色的密码失效的时间戳,若为指定,则表示密码永久有效。 - - IN ROLE rolename1:列出一个或多个现有的角色,新角色rolename将立即加入这些角色,成为rolename1的成员。 - - ROLE rolename2:列出一个或多个现有的角色,它们将自动添加为新角色rolename的成员,即新角色为"组"。 - +- rolename:角色名。 +- option为参数选项,常用的有: + - SUPERUSER | NOSUPERUSER:决定一个新角色是否为"超级用户",若未指定,则默认为NOSUPERUSER,即不是超级用户。 + - CREATEDB | NOCREATEDB:定义一个角色是否能创建数据库,若未指定,则默认为NOCREATEDB,即不能创建数据库。 + - CREATEROLE | NOCREATEROLE:决定一个角色是否可以创建新角色,若未指定,则默认为NOCREATEROLE,即不能创建新角色。 + - INHERIT | NOINHERIT:决定一个角色是否"继承"它所在组的角色的权限。一个带有 INHERIT 属性的角色可以自动使用已经赋予它直接或间接所在组的任何权限。若未指定,则默认为INHERIT。 + - LOGIN | NOLOGIN:决定一个角色是否可以登录,一个拥有LOGIN属性的角色可以认为是一个用户,若无此属性的角色可以用于管理数据库权限,但是并不是用户,若未指定,则默认为NOLOGIN。但若创建角色是使用的是CREATE USER而不是CREATE ROLE,则默认是LOGIN属性。 + - \[ ENCRYPTED | UNENCRYPTED \] PASSWORD 'password':设置角色的密码,密码只对那些拥有 LOGIN 属性的角色有意义。ENCRYPTED | UNENCRYPTED表示是否对密码进行加密,若未指定,则默认为ENCRYPTED,即加密。 + - VALID UNTIL 'timestamp':角色的密码失效的时间戳,若未指定,则表示密码永久有效。 + - IN ROLE rolename1:列出一个或多个现有的角色,新角色rolename将立即加入这些角色,成为rolename1的成员。 + - ROLE rolename2:列出一个或多个现有的角色,它们将自动添加为新角色rolename的成员,即新角色为"组"。 要使用这条命令,必须拥有 CREATEROLE 权限或者是数据库超级用户。 @@ -353,31 +329,31 @@ createuser rolename \#创建一个可以登录的角色roleexample1。 -``` +```sh postgres=# CREATE ROLE roleexample1 LOGIN; ``` \#创建一个密码为123456的角色roleexample2。 -``` +```sh postgres=# CREATE ROLE roleexample2 WITH LOGIN PASSWORD '123456'; ``` -\#创建角色名为roleexample3的角色。。 +\#创建角色名为roleexample3的角色。 -``` -[postgres@localhost ~]$ createuser roleexample3 +```sh +[postgres@localhost ~]# createuser roleexample3 ``` #### 查看角色 可以使用SELECT语句或psql的元命令\\du查看角色。 -``` +```sh SELECT rolename FROM pg_roles; ``` -``` +```sh \du ``` @@ -387,13 +363,13 @@ SELECT rolename FROM pg_roles; \#查看roleexample1角色。 -``` +```sh postgres=# SELECT roleexample1 from pg_roles; ``` \#查看现有角色。 -``` +```sh postgres=# \du ``` @@ -403,20 +379,20 @@ postgres=# \du 可以使用ALTER ROLE语句修改一个已经存在的角色名。 -``` +```sh ALTER ROLE oldrolername RENAME TO newrolename; ``` 其中: -- oldrolername:旧的角色名。 -- newrolename:新的角色名。 +- oldrolername:旧的角色名。 +- newrolename:新的角色名。 ##### 修改用户示例 \#将角色名roleexample1修改为roleexapme2。 -``` +```sh postgres=# ALTER ROLE roleexample1 RENAME TO roleexample2; ``` @@ -424,20 +400,20 @@ postgres=# ALTER ROLE roleexample1 RENAME TO roleexample2; 可以使用ALTER ROLE语句修改一个角色的登录密码。 -``` +```sh ALTER ROLE rolename PASSWORD 'password' ``` 其中: -- rolename:角色名。 -- password:密码。 +- rolename:角色名。 +- password:密码。 ##### 修改角色密码示例 \#将roleexample1的密码修改为456789。 -``` +```sh postgres=# ALTER ROLE roleexample1 WITH PASSWORD '456789'; ``` @@ -445,11 +421,11 @@ postgres=# ALTER ROLE roleexample1 WITH PASSWORD '456789'; 可以使用DROP ROLE语句或dropuser来删除角色。dropuser是对DROP ROLE命令的封装,需要在shell界面执行,而不是在数据库界面。 -``` +```sh DROP ROLE rolename; ``` -``` +```sh dropuser rolename ``` @@ -459,14 +435,14 @@ dropuser rolename \#删除userexample1角色。 -``` +```sh postgres=# DROP ROLE userexample1; ``` -\#删除userexample2角色。。 +\#删除userexample2角色。 -``` -[postgres@localhost ~]$ dropuser userexample2 +```sh +[postgres@localhost ~]# dropuser userexample2 ``` #### 角色授权 @@ -475,81 +451,81 @@ postgres=# DROP ROLE userexample1; 对角色授予表的操作权限: -``` +```sh GRANT { { SELECT | INSERT | UPDATE | DELETE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] tablename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` 对角色授予序列的操作权限: -``` +```sh GRANT { { USAGE | SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ON SEQUENCE sequencename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` 对角色授予数据库的操作权限: -``` +```sh GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] } ON DATABASE databasename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` 对角色授予函数的操作权限: -``` +```sh GRANT { EXECUTE | ALL [ PRIVILEGES ] } ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` 对角色授予过程语言的操作权限: -``` +```sh GRANT { USAGE | ALL [ PRIVILEGES ] } ON LANGUAGE langname [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` 对角色授予模式的操作权限: -``` +```sh GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ON SCHEMA schemaname [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` 对角色授予表空间的操作权限: -``` +```sh GRANT { CREATE | ALL [ PRIVILEGES ] } ON TABLESPACE tablespacename [, ...] TO { rolename | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ] ``` 将角色rolename1的成员关系赋予角色rolename2: -``` +```sh GRANT rolename1 [, ...] TO rolename2 [, ...] [ WITH ADMIN OPTION ] ``` 其中: -- SELECT、INSERT、UPDATE、DELETE、REFERENCES、TRIGGER、USAGE、CREATE、CONNECT、TEMPORARY、TEMP、EXECUTE、ALL \[ PRIVILEGES \]:用户的操作权限,ALL \[ PRIVILEGES \]表示所有的权限,PRIVILEGES关键字在 PostgreSQL里是可选的,但是严格的SQL 要求有这个关键字。 -- ON字句:用于指定权限授予的对象。 -- tablename:表名。 -- TO字句:用来指定被赋予权限的角色。 -- rolename、rolename1、rolename2:角色名。 -- groupname:角色组名。 -- PUBLIC:表示该权限要赋予所有角色,包括那些以后可能创建的用户。 -- WITH GRANT OPTION:表示权限的接收者也可以将此权限赋予他人,否则就不能授权他人。该选项不能赋予给PUBLIC。 -- sequencename:序列名。 -- databasename:数据库名。 -- funcname \( \[ \[ argmode \] \[ argname \] argtype \[, ...\] \] \):函数名及其参数。 -- langname:过程语言名。 -- schemaname:模式名。 -- tablespacename:表空间名。 -- WITH ADMIN OPTION:表示成员随后就可以将角色的成员关系赋予其它角色,以及撤销其它角色的成员关系。 +- SELECT、INSERT、UPDATE、DELETE、REFERENCES、TRIGGER、USAGE、CREATE、CONNECT、TEMPORARY、TEMP、EXECUTE、ALL \[ PRIVILEGES \]:用户的操作权限,ALL \[ PRIVILEGES \]表示所有的权限,PRIVILEGES关键字在 PostgreSQL里是可选的,但是严格的SQL 要求有这个关键字。 +- ON字句:用于指定权限授予的对象。 +- tablename:表名。 +- TO字句:用来指定被赋予权限的角色。 +- rolename、rolename1、rolename2:角色名。 +- groupname:角色组名。 +- PUBLIC:表示该权限要赋予所有角色,包括那些以后可能创建的用户。 +- WITH GRANT OPTION:表示权限的接收者也可以将此权限赋予他人,否则就不能授权他人。该选项不能赋予给PUBLIC。 +- sequencename:序列名。 +- databasename:数据库名。 +- funcname \( \[ \[ argmode \] \[ argname \] argtype \[, ...\] \] \):函数名及其参数。 +- langname:过程语言名。 +- schemaname:模式名。 +- tablespacename:表空间名。 +- WITH ADMIN OPTION:表示成员随后就可以将角色的成员关系赋予其他角色,以及撤销其他角色的成员关系。 ##### 示例 \#对userexample授予数据库database1的CREATE权限。 -``` +```sh postgres=# GRANT CREATE ON DATABASE database1 TO userexample; ``` \#对所有用户授予表table1的所有权限。 -``` +```sh postgres=# GRANT ALL PRIVILEGES ON TABLE table1 TO PUBLIC; ``` @@ -559,96 +535,97 @@ postgres=# GRANT ALL PRIVILEGES ON TABLE table1 TO PUBLIC; 撤销角色对表的操作权限: -``` +```sh REVOKE [ GRANT OPTION FOR ] { { SELECT | INSERT | UPDATE | DELETE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] tablename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] ``` 撤销角色对序列的操作权限: -``` +```sh REVOKE [ GRANT OPTION FOR ] { { USAGE | SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ON SEQUENCE sequencename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` 撤销角色对数据库的操作权限: -``` +```sh REVOKE [ GRANT OPTION FOR ] { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] } ON DATABASE databasename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` 撤销角色对函数的操作权限: -``` +```sh REVOKE [ GRANT OPTION FOR ] { EXECUTE | ALL [ PRIVILEGES ] } ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` 撤销角色对过程语言的操作权限: -``` +```sh REVOKE [ GRANT OPTION FOR ] { USAGE | ALL [ PRIVILEGES ] } ON LANGUAGE langname [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` 撤销角色对模式的操作权限: -``` +```sh REVOKE [ GRANT OPTION FOR ] { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ON SCHEMA schemaname [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` 撤销角色对表空间的操作权限: -``` +```sh REVOKE [ GRANT OPTION FOR ] { CREATE | ALL [ PRIVILEGES ] } ON TABLESPACE tablespacename [, ...] FROM { rolename | GROUP groupname | PUBLIC } [, ...] [ CASCADE | RESTRICT ] ``` 删除rolename2的rolename1的成员关系: -``` +```sh REVOKE [ ADMIN OPTION FOR ] rolename1 [, ...] FROM rolename2 [, ...] [ CASCADE | RESTRICT ] ``` 其中: -- GRANT OPTION FOR:表示只是撤销对该权限的授权的权力,而不是撤销该权限本身。 -- SELECT、INSERT、UPDATE、DELETE、REFERENCES、TRIGGER、USAGE、CREATE、CONNECT、TEMPORARY、TEMP、EXECUTE、ALL \[ PRIVILEGES \]:用户的操作权限,ALL \[ PRIVILEGES \]表示所有的权限,PRIVILEGES关键字在 PostgreSQL里是可选的,但是严格的SQL 要求有这个关键字。 -- ON字句:用于指定撤销权限的对象。 -- tablename:表名。 -- FROM字句:用来指定被撤销权限的角色。 -- rolename、rolename1、rolename2:角色名。 -- groupname:角色组名。 -- PUBLIC:表示撤销隐含定义的、拥有所有角色的组,但并不意味着所有角色都失去了权限,那些直接得到的权限以及通过一个组得到的权限仍然有效。 -- sequencename:序列名。 -- CASCADE:撤销所有依赖性权限。 -- RESTRICT:不撤销所有依赖性权限。 -- databasename:数据库名。 -- funcname \( \[ \[ argmode \] \[ argname \] argtype \[, ...\] \] \):函数名及其参数。 -- langname:过程语言名。 -- schemaname:模式名。 -- tablespacename:表空间名。 -- ADMIN OPTION FOR:表示传递的授权不会自动收回。 +- GRANT OPTION FOR:表示只是撤销对该权限的授权的权力,而不是撤销该权限本身。 +- SELECT、INSERT、UPDATE、DELETE、REFERENCES、TRIGGER、USAGE、CREATE、CONNECT、TEMPORARY、TEMP、EXECUTE、ALL \[ PRIVILEGES \]:用户的操作权限,ALL \[ PRIVILEGES \]表示所有的权限,PRIVILEGES关键字在 PostgreSQL里是可选的,但是严格的SQL 要求有这个关键字。 +- ON字句:用于指定撤销权限的对象。 +- tablename:表名。 +- FROM字句:用来指定被撤销权限的角色。 +- rolename、rolename1、rolename2:角色名。 +- groupname:角色组名。 +- PUBLIC:表示撤销隐含定义的、拥有所有角色的组,但并不意味着所有角色都失去了权限,那些直接得到的权限以及通过一个组得到的权限仍然有效。 +- sequencename:序列名。 +- CASCADE:撤销所有依赖性权限。 +- RESTRICT:不撤销所有依赖性权限。 +- databasename:数据库名。 +- funcname \( \[ \[ argmode \] \[ argname \] argtype \[, ...\] \] \):函数名及其参数。 +- langname:过程语言名。 +- schemaname:模式名。 +- tablespacename:表空间名。 +- ADMIN OPTION FOR:表示传递的授权不会自动收回。 ##### 示例 \#对userexample授予数据库database1的CREATE权限。 -``` +```sh postgres=# GRANT CREATE ON DATABASE database1 TO userexample; ``` \#对所有用户授予表table1的所有权限。 -``` +```sh postgres=# GRANT ALL PRIVILEGES ON TABLE table1 TO PUBLIC; ``` ### 管理数据库 + #### 创建数据库 可以使用CREATE DATABASE语句或createdb来创建角色。createrdb是对CREATE DATABASE命令的封装,需要在shell界面执行,而不是在数据库界面。 -``` +```sh CREATE DATABASE databasename; ``` -``` +```sh createdb databasename ``` @@ -660,7 +637,7 @@ createdb databasename \#创建一个数据库database1。 -``` +```sh postgres=# CREATE DATABASE database1; ``` @@ -668,7 +645,7 @@ postgres=# CREATE DATABASE database1; 可以使用\\c语句来选择数据库。 -``` +```sh \c databasename; ``` @@ -678,7 +655,7 @@ postgres=# CREATE DATABASE database1; \#选择databaseexample数据库。 -``` +```sh postgres=# \c databaseexample; ``` @@ -686,7 +663,7 @@ postgres=# \c databaseexample; 可以使用\\l语句来查看数据库。 -``` +```sh \l; ``` @@ -694,7 +671,7 @@ postgres=# \c databaseexample; \#查看所有数据库。 -``` +```sh postgres=# \l; ``` @@ -702,14 +679,15 @@ postgres=# \l; 可以使用DROP DATABASE语句或dropdb来删除数据库。dropdb是对DROP DATABASE命令的封装,需要在shell界面执行,而不是在数据库界面。 ->![](./public_sys-resources/icon-caution.gif) **注意:** ->删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 +> ![](./public_sys-resources/icon-caution.gif) **注意:** +> +> 删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 -``` +```sh DROP DATABASE databasename; ``` -``` +```sh dropdb databasename ``` @@ -723,7 +701,7 @@ DROP DATABASE只能由超级管理员或数据库拥有者执行。 \#删除databaseexample数据库。 -``` +```sh postgres=# DROP DATABASE databaseexample; ``` @@ -731,52 +709,50 @@ postgres=# DROP DATABASE databaseexample; 可以使用pg\_dump命令备份数据库,将数据库转储到一个脚本文件或其他归档文件中。 -``` +```sh pg_dump [option]... [databasename] > outfile ``` 其中: -- databasename:数据库名称。如果没有声明这个参数,那么使用环境变量 PGDATABASE 。如果那个环境变量也没声明,那么使用发起连接的用户名。 -- outfile:数据库备份的文件。 -- option:pg\_dump命令参数选项,多个参数之间可以使用空格分隔。常用的pg\_dump命令参数选项如下: - - -f,\-\-file= _filename_ :指输出到指定的文件。如果忽略,则使用标准输出。 - - -d,\-\-dbname= _databasename_ :指定转储的数据库。 - - -h,\-\-host= _hostname_ :指定主机名。 - - -p,\-\-port= _portnumber_ :指定端口。 - - -U,\-\-username= _username_ :指定连接的用户名。 - - -W,\-\-password:强制口令提示(自动)。 - +- databasename:数据库名称。如果没有声明这个参数,那么使用环境变量 PGDATABASE 。如果那个环境变量也没声明,那么使用发起连接的用户名。 +- outfile:数据库备份的文件。 +- option:pg\_dump命令参数选项,多个参数之间可以使用空格分隔。常用的pg\_dump命令参数选项如下: + - -f,\-\-file= _filename_ :指输出到指定的文件。如果忽略,则使用标准输出。 + - -d,\-\-dbname= _databasename_ :指定转储的数据库。 + - -h,\-\-host= _hostname_ :指定主机名。 + - -p,\-\-port= _portnumber_ :指定端口。 + - -U,\-\-username= _username_ :指定连接的用户名。 + - -W,\-\-password:强制口令提示(自动)。 ##### 示例 \#备份主机为192.168.202.144,端口为3306,postgres用户下的database1数据库到db1.sql中。 -``` -[postgres@localhost ~]$ pg_dump -h 192.168.202.144 -p 3306 -U postgres -W database1 > db1.sql +```sh +[postgres@localhost ~]# pg_dump -h 192.168.202.144 -p 3306 -U postgres -W database1 > db1.sql ``` #### 恢复数据库 可以使用psql命令恢复数据库。 -``` +```sh psql [option]... [databasename [username]] < infile ``` 其中: -- databasename:数据库名称。如果没有声明这个参数,那么使用环境变量 PGDATABASE 。如果那个环境变量也没声明,那么使用发起连接的用户名。 -- username:用户名。 -- infile:pg\_dump命令中的outfile参数。 -- option:psql命令参数选项,多个参数之间可以使用空格分隔。常用的psql命令参数选项如下: - - -f,\-\-file=filename:指输出到指定的文件。如果忽略,则使用标准输出。 - - -d,\-\-dbname=databasename:指定转储的数据库。 - - -h,\-\-host=hostname:指定主机名。 - - -p,\-\-port=portnumber:指定端口。 - - -U,\-\-username=username:指定连接的用户名。 - - -W,\-\-password:强制口令提示(自动)。 - +- databasename:数据库名称。如果没有声明这个参数,那么使用环境变量 PGDATABASE 。如果那个环境变量也没声明,那么使用发起连接的用户名。 +- username:用户名。 +- infile:pg\_dump命令中的outfile参数。 +- option:psql命令参数选项,多个参数之间可以使用空格分隔。常用的psql命令参数选项如下: + - -f,\-\-file=filename:指输出到指定的文件。如果忽略,则使用标准输出。 + - -d,\-\-dbname=databasename:指定转储的数据库。 + - -h,\-\-host=hostname:指定主机名。 + - -p,\-\-port=portnumber:指定端口。 + - -U,\-\-username=username:指定连接的用户名。 + - -W,\-\-password:强制口令提示(自动)。 psql命令不会自动创建databasename数据库,所以在执行psql恢复数据库之前需要先创建databasename数据库。 @@ -784,12 +760,13 @@ psql命令不会自动创建databasename数据库,所以在执行psql恢复数 \#将db1.sql脚本文件导入到主机为192.168.202.144,端口为3306,postgres用户下newdb数据库中。 -``` -[postgres@localhost ~]$ createdb newdb -[postgres@localhost ~]$ psql -h 192.168.202.144 -p 3306 -U postgres -W -d newdb < db1.sql +```sh +[postgres@localhost ~]# createdb newdb +[postgres@localhost ~]# psql -h 192.168.202.144 -p 3306 -U postgres -W -d newdb < db1.sql ``` ## Mariadb服务器 + ### 软件介绍 MariaDB数据库管理系统是MySQL的一个分支,主要由开源社区在维护,采用GPL授权许可。MariaDB的目的是完全兼容MySQL,包括API和命令行,使之能轻松成为MySQL的代替品,MariaDB还提供了许多更好的新特性。 @@ -801,114 +778,117 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 当Mariadb接受到Sql语句时,其详细的执行过程如下: -1. 当客户端连接到mariadb的时候,会认证客户端的主机名、用户、密码,认证功能可以做成插件。 -2. 如果登录成功,客户端发送sql命令到服务端。由解析器解析sql语句。 -3. 服务端检查客户端是否有权限去获取它想要的资源。 -4. 如果查询已经存储在query cache当中,那么结果立即返回。 -5. 优化器将会找出最快的执行策略,或者是执行计划,也就是说优化器可以决定什么表将会被读,以及哪些索引会被访问,哪些临时表会被使用,一个好的策略能够减少大量的磁盘访问和排序操作等。 -6. 存储引擎读写数据和索引文件,cache用来加速这些操作,其他的诸如事物和外键特性,都是在存储引擎层处理的。 +1. 当客户端连接到mariadb的时候,会认证客户端的主机名、用户、密码,认证功能可以做成插件。 +2. 如果登录成功,客户端发送sql命令到服务端。由解析器解析sql语句。 +3. 服务端检查客户端是否有权限去获取它想要的资源。 +4. 如果查询已经存储在query cache当中,那么结果立即返回。 +5. 优化器将会找出最快的执行策略,或者是执行计划,也就是说优化器可以决定什么表将会被读,以及哪些索引会被访问,哪些临时表会被使用,一个好的策略能够减少大量的磁盘访问和排序操作等。 +6. 存储引擎读写数据和索引文件,cache用来加速这些操作,其他的诸如事物和外键特性,都是在存储引擎层处理的。 存储引擎在物理层管控数据,它负责数据文件、数据、索引、cache等的管理,这使得管理和读取数据变得更高效,每一张表,都有一个.frm文件,这些文件包含着表的定义。 每一个存储引擎管理、存储数据的方式都是不同的,所支持的特性和性能也不尽相同。例如: -- MyISAM,适合读多写少的环境,且不支持事务,支持全文索引等。 -- noDB,支持事务,支持行锁和外键等。 -- MEMORY,将数据存储在内存当中。 -- CSV,将数据存储为CSV格式。 +- MyISAM,适合读多写少的环境,且不支持事务,支持全文索引等。 +- noDB,支持事务,支持行锁和外键等。 +- MEMORY,将数据存储在内存当中。 +- CSV,将数据存储为CSV格式。 ### 配置环境 ->![](./public_sys-resources/icon-note.gif) **说明:** ->以下环境配置仅为参考示例,具体配置视实际需求做配置 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 以下环境配置仅为参考示例,具体配置视实际需求做配置。 +> #### 关闭防火墙并取消开机自启动 ->![](./public_sys-resources/icon-note.gif) **说明:** ->测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 -1. 在root权限下停止防火墙。 +1. 在root权限下停止防火墙。 - ``` + ```sh # systemctl stop firewalld ``` -2. 在root权限下关闭防火墙。 +2. 在root权限下关闭防火墙。 - ``` + ```sh # systemctl disable firewalld ``` - >![](./public_sys-resources/icon-note.gif) **说明:** - >执行disable命令关闭防火墙的同时,也取消了开机自启动。 - + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > 执行disable命令关闭防火墙的同时,也取消了开机自启动。 #### 修改SELINUX为disabled -1. 在root权限下修改配置文件。 +1. 在root权限下修改配置文件。 - ``` + ```sh # sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux ``` - #### 创建组和用户 ->![](./public_sys-resources/icon-note.gif) **说明:** ->服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 -1. 在root权限下创建MySQL用户(组)。 +1. 在root权限下创建MySQL用户(组)。 - ``` + ```sh # groupadd mysql ``` - ``` + ```sh # useradd -g mysql mysql ``` -2. 在root权限下设置MySQL用户密码。 +2. 在root权限下设置MySQL用户密码。 - ``` + ```sh # passwd mysql ``` 重复输入密码(根据实际需求设置密码)。 - #### 搭建数据盘 ->![](./public_sys-resources/icon-note.gif) **说明:** ->- 进行性能测试时,数据目录使用单独硬盘,需要对硬盘进行格式化并挂载,参考方法一或者方法二 ->- 非性能测试时,在root权限下执行以下命令,创建数据目录即可。然后跳过本小节: +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 进行性能测试时,数据目录使用单独硬盘,需要对硬盘进行格式化并挂载,参考方法一或者方法二 +> - 非性能测试时,在root权限下执行以下命令,创建数据目录即可。然后跳过本小节: > \#mkdir /data ##### 方法一:在root权限下使用fdisk进行磁盘管理 -1. 创建分区(以/dev/sdb为例,根据实际情况创建) +1. 创建分区(以/dev/sdb为例,根据实际情况创建)。 - ``` + ```sh # fdisk /dev/sdb ``` -2. 输入n,按回车确认。 -3. 输入p,按回车确认。 -4. 输入1,按回车确认。 -5. 采用默认配置,按回车确认。 -6. 采用默认配置,按回车确认。 -7. 输入w,按回车保存。 -8. 创建文件系统(以xfs为例,根据实际需求创建文件系统) +2. 输入n,按回车确认。 +3. 输入p,按回车确认。 +4. 输入1,按回车确认。 +5. 采用默认配置,按回车确认。 +6. 采用默认配置,按回车确认。 +7. 输入w,按回车保存。 +8. 创建文件系统(以xfs为例,根据实际需求创建文件系统)。 - ``` + ```sh # mkfs.xfs /dev/sdb1 ``` -9. 挂载分区到“/data”以供操作系统使用。 +9. 挂载分区到“/data”以供操作系统使用。 - ``` + ```sh # mkdir /data ``` - ``` + ```sh # mount /dev/sdb1 /data ``` @@ -918,174 +898,167 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 ![](./figures/Creating_DataDisk.png) - ##### 方法二:在root权限下使用LVM进行磁盘管理 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >此步骤需要安装镜像中的lvm2相关包,步骤如下: > ->1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。如果已经执行,则可跳过此步。 ->2. 在root权限下执行命令安装lvm2。 -> **\# yum install lvm2** +>1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。如果已经执行,则可跳过此步。 +>2. 在root权限下执行命令安装lvm2。 +> **\# yum install lvm2** -1. 创建物理卷(sdb为硬盘名称,具体名字以实际为准)。 +1. 创建物理卷(sdb为硬盘名称,具体名字以实际为准)。 - ``` + ```sh # pvcreate /dev/sdb ``` -2. 创建物理卷组(其中datavg为创建的卷组名称,具体名字以实际规划为准)。 +2. 创建物理卷组(其中datavg为创建的卷组名称,具体名字以实际规划为准)。 - ``` + ```sh # vgcreate datavg /dev/sdb ``` -3. 创建逻辑卷(其中600G为规划的逻辑卷大小,具体大小以实际情况为准;datalv为创建的逻辑卷的名字,具体名称以实际规划为准。\)。 +3. 创建逻辑卷(其中600G为规划的逻辑卷大小,具体大小以实际情况为准;datalv为创建的逻辑卷的名字,具体名称以实际规划为准。\)。 - ``` + ```sh # lvcreate -L 600G -n datalv datavg ``` -4. 创建文件系统。 +4. 创建文件系统。 - ``` + ```sh # mkfs.xfs /dev/datavg/datalv ``` -5. 创建数据目录并挂载。 +5. 创建数据目录并挂载。 - ``` + ```sh # mkdir /data - ``` - - ``` # mount /dev/datavg/datalv /data ``` -6. 执行命令**vi /etc/fstab**,编辑“/etc/fstab”使重启后自动挂载数据盘。如下图中,添加最后一行内容。 +6. 执行命令**vi /etc/fstab**,编辑“/etc/fstab”使重启后自动挂载数据盘。如下图中,添加最后一行内容。 其中,/dev/datavg/datalv为示例,具体名称以实际情况为准。 ![](./figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png) - #### 创建数据库目录并且授权 -1. 在已创建的数据目录 **/data** 基础上,使用root权限继续创建进程所需的相关目录并授权MySQL用户(组)。 +1. 在已创建的数据目录 **/data** 基础上,使用root权限继续创建进程所需的相关目录并授权MySQL用户(组)。 - ``` + ```sh # mkdir -p /data/mariadb # cd /data/mariadb # mkdir data tmp run log # chown -R mysql:mysql /data ``` - ### 安装、运行和卸载 + #### 安装 -1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。 -2. 清除缓存。 +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。 +2. 清除缓存。 - ``` - $ dnf clean all + ```sh + dnf clean all ``` -3. 创建缓存。 +3. 创建缓存。 - ``` - $ dnf makecache + ```sh + dnf makecache ``` -4. 在root权限下安装mariadb服务器。 +4. 在root权限下安装mariadb服务器。 - ``` + ```sh # dnf install mariadb-server ``` -5. 查看安装后的rpm包。 +5. 查看安装后的rpm包。 - ``` - $ rpm -qa | grep mariadb + ```sh + rpm -qa | grep mariadb ``` - #### 运行 -1. 在root权限下开启mariadb服务器。 +1. 在root权限下开启mariadb服务器。 - ``` + ```sh # systemctl start mariadb ``` -2. 在root权限下初始化数据库。 +2. 在root权限下初始化数据库。 - ``` + ```sh # /usr/bin/mysql_secure_installation ``` 命令执行过程中需要输入数据库的root设置的密码,若没有密码则直接按“Enter”。然后根据提示及实际情况进行设置。 -3. 登录数据库。 +3. 登录数据库。 - ``` - $ mysql -u root -p + ```sh + mysql -u root -p ``` 命令执行后提示输入密码。密码为[2](#li197143190587)中设置的密码。 - >![](./public_sys-resources/icon-note.gif) **说明:** - >执行 **\\q** 或者 **exit** 可退出数据库。 - + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > 执行 **\\q** 或者 **exit** 可退出数据库。 #### 卸载 -1. 在root权限下关闭数据库进程。 +1. 在root权限下关闭数据库进程。 - ``` - $ ps -ef | grep mysql - # kill -9 进程ID + ```sh + # systemctl stop mariadb ``` -2. 在root权限下执行**dnf remove mariadb-server**命令卸载mariadb。 +2. 在root权限下执行**dnf remove mariadb-server**命令卸载mariadb。 - ``` + ```sh # dnf remove mariadb-server ``` - ### 管理数据库用户 + #### 创建用户 可以使用CREATE USER语句来创建一个或多个用户,并设置相应的口令。 -``` +```sh CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; ``` 其中: -- username:用户名。 -- host:主机名,即用户连接数据库时所在的主机的名字。若是本地用户可用localhost,若在创建的过程中,未指定主机名,则主机名默认为“%”,表示一组主机。 -- password:用户的登陆密码,密码可以为空,如果为空则该用户可以不需要密码登陆服务器,但从安全的角度而言,不推荐这种做法。 +- username:用户名。 +- host:主机名,即用户连接数据库时所在的主机的名字。若是本地用户可用localhost,若在创建的过程中,未指定主机名,则主机名默认为“%”,表示一组主机。 +- password:用户的登录密码,密码可以为空,如果为空则该用户可以不需要密码登录服务器,但从安全的角度而言,不推荐这种做法。 使用CREATE USER语句必须拥有数据库的INSERT权限或全局CREATE USER权限。 -使用CREATE USER语句创建一个用户账号后,会在系统自身的数据库的user表中添加一条新记录。若创建的账户已经存在,则语句执行时会出现错误。 +使用CREATE USER语句创建一个用户帐号后,会在系统自身的数据库的user表中添加一条新记录。若创建的帐户已经存在,则语句执行时会出现错误。 新创建的用户拥有的权限很少,只允许进行不需要权限的操作,如使用SHOW语句查询所有存储引擎和字符集的列表等。 ##### 示例 -\#创建密码为123456,用户名为userexample1的本地用户。 +\#创建用户名为userexample1,密码为123456的本地用户。 -``` +```sh > CREATE USER 'userexample1'@'localhost' IDENTIFIED BY '123456'; ``` -\#创建密码为123456,用户名为userexample2,主机名为192.168.1.100的用户。 +\#创建用户名为userexample2,主机名为192.168.1.100,密码为123456的用户。 -``` +```sh > CREATE USER 'userexample2'@'192.168.1.100' IDENTIFIED BY '123456'; ``` @@ -1095,36 +1068,36 @@ CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; 查看特定用户: -``` +```sh SHOW GRANTS [FOR 'username'@'hostname']; ``` -``` +```sh SELECT USER,HOST,PASSWORD FROM mysql.user WHERE USER='username'; ``` 查看所有用户: -``` +```sh SELECT USER,HOST,PASSWORD FROM mysql.user; ``` 其中: -- username:用户名。 -- hostname:主机名。 +- username:用户名。 +- hostname:主机名。 ##### 示例 \#查看userexample1用户。 -``` +```sh > SHOW GRANTS FOR 'userexample1'@'localhost'; ``` \#查看mysql数据库中所有用户。 -``` +```sh > SELECT USER,HOST,PASSWORD FROM mysql.user; ``` @@ -1134,17 +1107,17 @@ SELECT USER,HOST,PASSWORD FROM mysql.user; 可以使用RENAME USER语句修改一个或多个已经存在的用户名。 -``` +```sh RENAME USER 'oldusername'@'hostname' TO 'newusername'@'hostname'; ``` 其中: -- oldusername:旧的用户名。 -- newusername:新的用户名。 -- hostname:主机名。 +- oldusername:旧的用户名。 +- newusername:新的用户名。 +- hostname:主机名。 -RENAME USER语句用于对原有的账号进行重命名。若系统中旧账号不存在或者新账号已存在,则该语句执行时会出现错误。 +RENAME USER语句用于对原有的帐号进行重命名。若系统中旧帐号不存在或者新帐号已存在,则该语句执行时会出现错误。 使用RENAME USER语句,必须拥有数据库的UPDATE权限或全局CREATE USER权限。 @@ -1152,7 +1125,7 @@ RENAME USER语句用于对原有的账号进行重命名。若系统中旧账号 \#将用户名userexample1修改为userexapme2,主机名为locahost。 -``` +```sh > RENAME USER 'userexample1'@'localhost' TO 'userexample2'@'localhost'; ``` @@ -1160,54 +1133,56 @@ RENAME USER语句用于对原有的账号进行重命名。若系统中旧账号 可以使用SET PASSWORD语句修改一个用户的登录密码。 -``` +```sh SET PASSWORD FOR 'username'@'hostname' = PASSWORD('newpassword'); ``` 其中: -- FOR 'username'@'hostname':FOR字句,可选项,指定欲修改密码的用户名及主机名。 -- PASSWORD\('newpassword'\):表示使用函数PASSWORD\(\)设置新口令,即新口令必须传递到函数PASSWORD\(\)中进行加密。 +- FOR 'username'@'hostname':FOR字句,可选项,指定欲修改密码的用户名及主机名。 +- PASSWORD\('newpassword'\):表示使用函数PASSWORD\(\)设置新口令,即新口令必须传递到函数PASSWORD\(\)中进行加密。 ->![](./public_sys-resources/icon-caution.gif) **注意:** ->PASSWORD\(\)函数为单向加密函数,一旦加密后不能解密出原明文。 +> ![](./public_sys-resources/icon-caution.gif) **注意:** +> +> PASSWORD\(\)函数为单向加密函数,一旦加密后不能解密出原明文。 在SET PASSWORD语句中,若不加上FOR子句,表示修改当前用户的密码。 -FOR字句中必须以'username'@'hostname'的格式给定,username为账户的用户名,hostname为账户的主机名。 +FOR字句中必须以'username'@'hostname'的格式给定,username为帐户的用户名,hostname为帐户的主机名。 -欲修改密码的账号必须在系统中存在,否则语句执行时会出现错误。 +欲修改密码的帐号必须在系统中存在,否则语句执行时会出现错误。 ##### 修改用户密码示例 \#将用户名为userexample的密码修改为0123456,主机名为locahost。 -``` +```sh > SET PASSWORD FOR 'userexample'@'localhost' = PASSWORD('0123456') ; ``` #### 删除用户 -可以使用DROP USER语句来删除一个或多个用户账号以及相关的权限。 +可以使用DROP USER语句来删除一个或多个用户帐号以及相关的权限。 -``` +```sh DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']…; ``` ->![](./public_sys-resources/icon-caution.gif) **注意:** ->用户的删除不会影响他们之前所创建的表、索引或其他数据库对象,因为数据库并不会记录创建了这些对象的账号。 +> ![](./public_sys-resources/icon-caution.gif) **注意:** +> +> 用户的删除不会影响他们之前所创建的表、索引或其他数据库对象,因为数据库并不会记录创建了这些对象的帐号。 -DROP USER语句可用于删除一个或多个数据库账号,并删除其原有权限。 +DROP USER语句可用于删除一个或多个数据库帐号,并删除其原有权限。 使用DROP USER语句必须拥有数据库的DELETE权限或全局CREATE USER权限。 -在DROP USER语句的使用中,若没有明确地给出账号的主机名,则该主机名默认为“%”。 +在DROP USER语句的使用中,若没有明确地给出帐号的主机名,则该主机名默认为“%”。 ##### 示例 \#删除用户名为userexample的本地用户。 -``` +```sh > DROP USER 'userexample'@'localhost'; ``` @@ -1215,19 +1190,19 @@ DROP USER语句可用于删除一个或多个数据库账号,并删除其原 可以使用GRANT语句来对新建用户的授权。 -``` +```sh GRANT privileges ON databasename.tablename TO 'username'@'hostname'; ``` 其中: -- ON字句:用于指定权限授予的对象和级别。 -- privileges:用户的操作权限,如SELECT,INSERT,UPDATE等,如果要授予所有的权限则使用ALL。 -- databasename:数据库名。 -- tablename:表名。 -- TO字句:用来设定用户密码,以及指定被赋予权限的用户。 -- username:用户名。 -- hostname:主机名。 +- ON字句:用于指定权限授予的对象和级别。 +- privileges:用户的操作权限,如SELECT,INSERT,UPDATE等,如果要授予所有的权限则使用ALL。 +- databasename:数据库名。 +- tablename:表名。 +- TO字句:用来设定用户密码,以及指定被赋予权限的用户。 +- username:用户名。 +- hostname:主机名。 如果要授予该用户对所有数据库和表的相应操作权限则可用\*表示,如\*.\*。 @@ -1239,7 +1214,7 @@ GRANT privileges ON databasename.tablename TO 'username'@'hostname'; \#对本地用户userexample授予SELECT和INSERT权限。 -``` +```sh > GRANT SELECT,INSERT ON *.* TO 'userexample'@'localhost'; ``` @@ -1247,7 +1222,7 @@ GRANT privileges ON databasename.tablename TO 'username'@'hostname'; 可以使用REVOKE语句来删除一个用户的权限,但此用户不会被删除。 -``` +```sh REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; ``` @@ -1259,16 +1234,17 @@ REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; \#删除本地用户userexample的INSERT权限。 -``` +```sh > REVOKE INSERT ON *.* FROM 'userexample'@'localhost'; ``` ### 管理数据库 + #### 创建数据库 可以使用CREATE DATABASE语句来创建数据库。 -``` +```sh CREATE DATABASE databasename; ``` @@ -1278,7 +1254,7 @@ CREATE DATABASE databasename; \#创建数据库名为databaseexample的数据库。 -``` +```sh > CREATE DATABASE databaseexample; ``` @@ -1286,7 +1262,7 @@ CREATE DATABASE databasename; 可以使用SHOW DATABASES语句来查看数据库。 -``` +```sh SHOW DATABASES; ``` @@ -1294,7 +1270,7 @@ SHOW DATABASES; \#查看所有数据库。 -``` +```sh > SHOW DATABASES; ``` @@ -1302,7 +1278,7 @@ SHOW DATABASES; 一般创建表,查询表等操作首先需要选择一个目标数据库。可以使用USE语句来选择数据库。 -``` +```sh USE databasename; ``` @@ -1312,7 +1288,7 @@ USE databasename; \#选择databaseexample数据库。 -``` +```sh > USE databaseexample; ``` @@ -1320,10 +1296,11 @@ USE databasename; 可以使用DROP DATABASE语句来删除数据库。 ->![](./public_sys-resources/icon-caution.gif) **注意:** ->删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 +> ![](./public_sys-resources/icon-caution.gif) **注意:** +> +> 删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 -``` +```sh DROP DATABASE databasename; ``` @@ -1339,7 +1316,7 @@ DROP SCHEMA是DROP DATABASE的同义词。 \#删除databaseexample数据库。 -``` +```sh > DROP DATABASE databaseexample; ``` @@ -1349,66 +1326,65 @@ DROP SCHEMA是DROP DATABASE的同义词。 备份一个或多个表: -``` +```sh mysqldump [options] databasename [tablename ...] > outfile ``` 备份一个或多个库: -``` +```sh mysqldump [options] -databases databasename ... > outfile ``` 备份所有库: -``` +```sh mysqldump [options] -all-databases > outputfile ``` 其中: -- databasename:数据库名称。 -- tablename:数据表名称。 -- outfile:数据库备份的文件。 -- options:mysqldump命令参数选项,多个参数之间可以使用空格分隔。常用的mysqldump命令参数选项如下: - - -u, \-\-user= _username_ :指定用户名。 - - -p, \-\-password\[= _password_\]:指定密码。 - - -P, \-\-port= _portnumber_ :指定端口。 - - -h, \-\-host= _hostname_ :指定主机名。 - - -r, \-\-result-file= _filename_ :将导出结果保存到指定的文件中,等同于“\>”。 - - -t:只备份数据。 - - -d:只备份表结构。 - +- databasename:数据库名称。 +- tablename:数据表名称。 +- outfile:数据库备份的文件。 +- options:mysqldump命令参数选项,多个参数之间可以使用空格分隔。常用的mysqldump命令参数选项如下: + - -u, \-\-user= _username_ :指定用户名。 + - -p, \-\-password\[= _password_\]:指定密码。 + - -P, \-\-port= _portnumber_ :指定端口。 + - -h, \-\-host= _hostname_ :指定主机名。 + - -r, \-\-result-file= _filename_ :将导出结果保存到指定的文件中,等同于“\>”。 + - -t:只备份数据。 + - -d:只备份表结构。 ##### 示例 \#备份主机为192.168.202.144,端口为3306,root用户下的所有数据库到alldb.sql中。 -``` +```sh # mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --all-databases > alldb.sql ``` \#备份主机为192.168.202.144,端口为3306,root用户下的db1数据库到db1.sql中。 -``` +```sh # mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --databases db1 > db1.sql ``` \#备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的tb1表到db1tb1.sql中。 -``` +```sh # mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 db1 tb1 > db1tb1.sql ``` \#只备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的表结构到db1.sql中。 -``` +```sh # mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -d db1 > db1.sql ``` \#只备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的数据到db1.sql中。 -``` +```sh # mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 > db1.sql ``` @@ -1418,28 +1394,29 @@ mysqldump [options] -all-databases > outputfile 恢复一个或多个表: -``` +```sh mysql -h hostname -P portnumber -u username -ppassword databasename < infile ``` 其中: -- hostname:主机名。 -- portnumber:端口号。 -- username:用户名。 -- password:密码。 -- databasename:数据库名。 -- infile:mysqldump命令中的outfile参数。 +- hostname:主机名。 +- portnumber:端口号。 +- username:用户名。 +- password:密码。 +- databasename:数据库名。 +- infile:mysqldump命令中的outfile参数。 ##### 示例 \#恢复数据库。 -``` +```sh # mysql -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 < db1.sql ``` ## MySQL服务器 + ### 软件介绍 MySQL是一个关系型数据库管理系统,由瑞典MySQL AB公司开发,目前属于Oracle旗下产品。MySQL是业界最流行的RDBMS \(Relational Database Management System,关系数据库管理系统\)之一,尤其在WEB应用方面。 @@ -1450,96 +1427,99 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 ### 配置环境 ->![](./public_sys-resources/icon-note.gif) **说明:** ->以下环境配置仅为参考示例,具体配置视实际需求做配置 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 以下环境配置仅为参考示例,具体配置视实际需求做配置 +> #### 关闭防火墙并取消开机自启动 ->![](./public_sys-resources/icon-note.gif) **说明:** ->测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 -1. 在root权限下停止防火墙。 +1. 在root权限下停止防火墙。 - ``` + ```sh # systemctl stop firewalld ``` -2. 在root权限下关闭防火墙。 +2. 在root权限下关闭防火墙。 - ``` + ```sh # systemctl disable firewalld ``` - >![](./public_sys-resources/icon-note.gif) **说明:** - >执行disable命令关闭防火墙的同时,也取消了开机自启动。 - + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > 执行disable命令关闭防火墙的同时,也取消了开机自启动。 #### 修改SELINUX为disabled -1. 在root权限下修改配置文件。 +1. 在root权限下修改配置文件。 - ``` + ```sh # sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux ``` - #### 创建组和用户 ->![](./public_sys-resources/icon-note.gif) **说明:** ->服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 -1. 在root权限下创建MySQL用户(组)。 +1. 在root权限下创建MySQL用户(组)。 - ``` + ```sh # groupadd mysql ``` - ``` + ```sh # useradd -g mysql mysql ``` -2. 在root权限下设置MySQL用户密码。 +2. 在root权限下设置MySQL用户密码。 - ``` + ```sh # passwd mysql ``` 重复输入密码(根据实际需求设置密码)。 - #### 搭建数据盘 ->![](./public_sys-resources/icon-note.gif) **说明:** ->- 进行性能测试时,数据目录使用单独硬盘,需要对硬盘进行格式化并挂载,参考方法一或者方法二 ->- 非性能测试时,在root权限下执行以下命令,创建数据目录即可。然后跳过本小节: +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 进行性能测试时,数据目录使用单独硬盘,需要对硬盘进行格式化并挂载,参考方法一或者方法二 +> - 非性能测试时,在root权限下执行以下命令,创建数据目录即可。然后跳过本小节: > \# mkdir /data ##### 方法一:在root权限下使用fdisk进行磁盘管理 -1. 创建分区(以/dev/sdb为例,根据实际情况创建) +1. 创建分区(以/dev/sdb为例,根据实际情况创建) - ``` + ```sh # fdisk /dev/sdb ``` -2. 输入n,按回车确认。 -3. 输入p,按回车确认。 -4. 输入1,按回车确认。 -5. 采用默认配置,按回车确认。 -6. 采用默认配置,按回车确认。 -7. 输入w,按回车保存。 -8. 创建文件系统(以xfs为例,根据实际需求创建文件系统) +2. 输入n,按回车确认。 +3. 输入p,按回车确认。 +4. 输入1,按回车确认。 +5. 采用默认配置,按回车确认。 +6. 采用默认配置,按回车确认。 +7. 输入w,按回车保存。 +8. 创建文件系统(以xfs为例,根据实际需求创建文件系统) - ``` + ```sh # mkfs.xfs /dev/sdb1 ``` -9. 挂载分区到“/data”以供操作系统使用。 +9. 挂载分区到“/data”以供操作系统使用。 - ``` + ```sh # mkdir /data ``` - ``` + ```sh # mount /dev/sdb1 /data ``` @@ -1549,122 +1529,121 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 ![](./figures/Creating_DataDisk-0.png) - ##### 方法二:在root权限下使用LVM进行磁盘管理 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >此步骤需要安装镜像中的lvm2相关包,步骤如下: ->1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。如果已经执行,则可跳过此步。 ->2. 执行命令安装lvm2。 +> +>1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。如果已经执行,则可跳过此步。 +>2. 执行命令安装lvm2。 > **\#yum install lvm2** -1. 创建物理卷(sdb为硬盘名称,具体名字以实际为准)。 +1. 创建物理卷(sdb为硬盘名称,具体名字以实际为准)。 - ``` - #pvcreate /dev/sdb + ```sh + # pvcreate /dev/sdb ``` -2. 创建物理卷组(其中datavg为创建的卷组名称,具体名字以实际规划为准)。 +2. 创建物理卷组(其中datavg为创建的卷组名称,具体名字以实际规划为准)。 - ``` - #vgcreate datavg /dev/sdb + ```sh + # vgcreate datavg /dev/sdb ``` -3. 创建逻辑卷(其中600G为规划的逻辑卷大小,具体大小以实际情况为准;datalv为创建的逻辑卷的名字,具体名称以实际规划为准。\)。 +3. 创建逻辑卷(其中600G为规划的逻辑卷大小,具体大小以实际情况为准;datalv为创建的逻辑卷的名字,具体名称以实际规划为准。\)。 - ``` - #lvcreate -L 600G -n datalv datavg + ```sh + # lvcreate -L 600G -n datalv datavg ``` -4. 创建文件系统。 +4. 创建文件系统。 - ``` - #mkfs.xfs /dev/datavg/datalv + ```sh + # mkfs.xfs /dev/datavg/datalv ``` -5. 创建数据目录并挂载。 +5. 创建数据目录并挂载。 - ``` - #mkdir /data - ``` - - ``` - #mount /dev/datavg/datalv /data + ```sh + # mkdir /data + # mount /dev/datavg/datalv /data ``` -6. 执行命令**vi /etc/fstab**,编辑“/etc/fstab”使重启后自动挂载数据盘。如下图中,添加最后一行内容。 +6. 执行命令**vi /etc/fstab**,编辑“/etc/fstab”使重启后自动挂载数据盘。如下图中,添加最后一行内容。 其中,/dev/datavg/datalv为示例,具体名称以实际情况为准。 ![](./figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png) - #### 创建数据库目录并且授权 -1. 在已创建的数据目录 **/data** 基础上,使用root权限继续创建进程所需的相关目录并授权MySQL用户(组)。 +1. 在已创建的数据目录 **/data** 基础上,使用root权限继续创建进程所需的相关目录并授权MySQL用户(组)。 - ``` + ```sh # mkdir -p /data/mysql # cd /data/mysql # mkdir data tmp run log # chown -R mysql:mysql /data ``` - ### 安装、运行和卸载 + #### 安装 ->![](./public_sys-resources/icon-note.gif) **说明:** ->针对20.03LTS版本,如果用户从mysql-8.0.17-3.oe1版本升级到较新版本,使用rpm -Uvh xxx(其中XXX指具体的版本,例如mysql-8.0.21-1.oe1.aarch64.rpm)命令,升级后功能不可用,可以通过以下两种方式进行版本升级(以mysql-8.0.17-3.oe1升级到mysql-8.0.21-1.oe1举例): > ->方法1,执行如下升级命令实现: - ``` +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 针对20.03 LTS SP4 版本,如果用户从mysql-8.0.17-3.oe1版本升级到较新版本,使用rpm -Uvh xxx(其中XXX指具体的版本,例如mysql-8.0.21-1.oe1.aarch64.rpm)命令,升级后功能不可用,可以通过以下两种方式进行版本升级(以mysql-8.0.17-3.oe1升级到mysql-8.0.21-1.oe1举例): +> +>方法1,执行如下升级命令实现: + + ```sh # rpm -Uvh mysql-8.0.21-1.oe1.aarch64.rpm --noscripts ``` > >方法2,先卸载旧版本的mysql,再安装新版本的mysql,命令如下: - ``` + + ```sh # rpm -e mysql-8.0.17-3.oe1 # rpm -ivh mysql-8.0.21-1.oe1.aarch64.rpm - ``` + ``` -1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)章节。 -2. 清除缓存。 +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)章节。 +2. 清除缓存。 - ``` - $ dnf clean all + ```sh + # dnf clean all ``` -3. 创建缓存。 +3. 创建缓存。 - ``` - $ dnf makecache + ```sh + # dnf makecache ``` -4. 在root权限下安装MySQL服务器。 +4. 在root权限下安装MySQL服务器。 - ``` - # dnf install mysql-server + ```sh + # dnf install mysql ``` -5. 查看安装后的rpm包。 +5. 查看安装后的rpm包。 + ```sh + # rpm -qa | grep mysql ``` - $ rpm -qa | grep mysql-server - ``` - #### 运行 -1. 修改配置文件。 - 1. 在root权限下创建my.cnf文件,其中文件路径(包括软件安装路径basedir、数据路径datadir等)根据实际情况修改。 +1. 修改配置文件。 + 1. 在root权限下创建my.cnf文件,其中文件路径(包括软件安装路径basedir、数据路径datadir等)根据实际情况修改。 - ``` + ```sh # vi /etc/my.cnf ``` 编辑my.cnf内容如下: - ``` + ```conf [mysqld_safe] log-error=/data/mysql/log/mysql.log pid-file=/data/mysql/run/mysqld.pid @@ -1684,45 +1663,48 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 user=mysql ``` - 2. 确保my.cnf配置文件修改正确。 + 2. 确保my.cnf配置文件修改正确。 - ``` - $ cat /etc/my.cnf + ```sh + cat /etc/my.cnf ``` ![](./figures/zh-cn_image_0231563132.png) - >![](./public_sys-resources/icon-caution.gif) **注意:** - >其中basedir为软件安装路径,请根据实际情况修改。 + > ![](./public_sys-resources/icon-caution.gif) **注意:** + > + > 其中basedir为软件安装路径,请根据实际情况修改。 - 3. 在root权限下修改/etc/my.cnf文件的组和用户为mysql:mysql + 3. 在root权限下修改/etc/my.cnf文件的组和用户为mysql:mysql - ``` + ```sh # chown mysql:mysql /etc/my.cnf ``` -2. 配置环境变量。 - 1. 安装完成后,在root权限下将MySQL二进制文件路径到PATH。 +2. 配置环境变量。 + 1. 安装完成后,在root权限下将MySQL二进制文件路径到PATH。 - ``` + ```sh # echo export PATH=$PATH:/usr/local/mysql/bin >> /etc/profile ``` - >![](./public_sys-resources/icon-caution.gif) **注意:** - >其中PATH中的“/usr/local/mysql/bin“路径,为MySQL软件安装目录下的bin文件的绝对路径。请根据实际情况修改。 + > ![](./public_sys-resources/icon-caution.gif) **注意:** + > + > 其中PATH中的“/usr/local/mysql/bin“路径,为MySQL软件安装目录下的bin文件的绝对路径。请根据实际情况修改。 - 2. 在root权限下使环境变量配置生效。 + 2. 在root权限下使环境变量配置生效。 - ``` + ```sh # source /etc/profile ``` -3. 在root权限下初始化数据库。 +3. 在root权限下初始化数据库。 - >![](./public_sys-resources/icon-note.gif) **说明:** - >本步骤倒数第2行中有初始密码,请注意保存,登录数据库时需要使用。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > 本步骤倒数第2行中有初始密码,请注意保存,登录数据库时需要使用。 - ``` + ```sh # mysqld --defaults-file=/etc/my.cnf --initialize 2020-03-18T03:27:13.702385Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.17) initializing of server in progress as process 34014 2020-03-18T03:27:24.112453Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: iNat=)#V2tZu @@ -1731,110 +1713,110 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 查看打印信息,打印信息中包括“initializing of server has completed”表示初始化数据库完成,且打印信息中“A temporary password is generated for root@localhost: iNat=\)\#V2tZu”的“iNat=\)\#V2tZu”为初始密码。 -4. 启动数据库。 +4. 启动数据库。 - >![](./public_sys-resources/icon-caution.gif) **注意:** - >如果第一次启动数据库服务,以root用户启动数据库,则启动时会提示缺少mysql.log文件而导致失败。使用mysql用户启动之后,会在/data/mysql/log目录下生成mysql.log文件,再次使用root用户启动则不会报错。 + > ![](./public_sys-resources/icon-caution.gif) **注意:** + > + > 如果第一次启动数据库服务,以root用户启动数据库,则启动时会提示缺少mysql.log文件而导致失败。使用mysql用户启动之后,会在/data/mysql/log目录下生成mysql.log文件,再次使用root用户启动则不会报错。 - 1. 在root权限下修改文件权限。 + 1. 在root权限下修改文件权限。 - ``` + ```sh # chmod 777 /usr/local/mysql/support-files/mysql.server ``` - 2. 在root权限下启动MySQL。 + 2. 在root权限下启动MySQL。 - ``` + ```sh # cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql # chkconfig mysql on ``` 以mysql用户启动数据库。 - ``` + ```sh # su - mysql - $ service mysql start + # service mysql start ``` -5. 登录数据库。 +5. 登录数据库。 - >![](./public_sys-resources/icon-note.gif) **说明:** - >- 提示输入密码时,请输入[3](#li15634560582)产生的初始密码。 - >- 如果采用官网RPM安装方式,则mysql文件在/usr/bin目录下。登录数据库的命令根据实际情况修改。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - 提示输入密码时,请输入[3](#li15634560582)产生的初始密码。 + > - 如果采用官网RPM安装方式,则mysql文件在/usr/bin目录下。登录数据库的命令根据实际情况修改。 - ``` - $ /usr/local/mysql/bin/mysql -uroot -p -S /data/mysql/run/mysql.sock + ```sh + /usr/local/mysql/bin/mysql -uroot -p -S /data/mysql/run/mysql.sock ``` ![](./figures/zh-cn_image_0231563134.png) -6. 配置数据库帐号密码。 - 1. 登录数据库以后,修改通过root用户登录数据库的密码。 +6. 配置数据库帐号密码。 + 1. 登录数据库以后,修改通过root用户登录数据库的密码。 - ``` + ```sh mysql> alter user 'root'@'localhost' identified by "123456"; ``` - 2. 创建全域root用户(允许root从其他服务器访问)。 + 2. 创建全域root用户(允许root从其他服务器访问)。 - ``` + ```sh mysql> create user 'root'@'%' identified by '123456'; ``` - 3. 进行授权。 + 3. 进行授权。 - ``` + ```sh mysql> grant all privileges on *.* to 'root'@'%'; mysql> flush privileges; ``` ![](./figures/zh-cn_image_0231563135.png) -7. 退出数据库。 +7. 退出数据库。 执行 **\\q** 或者 **exit** 退出数据库。 - ``` + ```sh mysql> exit ``` ![](./figures/zh-cn_image_0231563136.png) - #### 卸载 -1. 在root权限下关闭数据库进程。 +1. 在root权限下关闭数据库进程。 - ``` - $ ps -ef | grep mysql - # kill -9 进程ID + ```sh + # systemctl stop mysql ``` -2. 在root权限下执行**dnf remove mysql**命令卸载MySQL。 +2. 在root权限下执行**dnf remove mysql**命令卸载MySQL。 - ``` + ```sh # dnf remove mysql ``` - ### 管理数据库用户 + #### 创建用户 可以使用CREATE USER语句来创建一个或多个用户,并设置相应的口令。 -``` +```sh CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; ``` 其中: -- username:用户名。 -- host:主机名,即用户连接数据库时所在的主机的名字。若是本地用户可用localhost,若在创建的过程中,未指定主机名,则主机名默认为“%”,表示一组主机。 -- password:用户的登陆密码,密码可以为空,如果为空则该用户可以不需要密码登陆服务器,但从安全的角度而言,不推荐这种做法。 +- username:用户名。 +- host:主机名,即用户连接数据库时所在的主机的名字。若是本地用户可用localhost,若在创建的过程中,未指定主机名,则主机名默认为“%”,表示一组主机。 +- password:用户的登录密码,密码可以为空,如果为空则该用户可以不需要密码登录服务器,但从安全的角度而言,不推荐这种做法。 使用CREATE USER语句必须拥有数据库的INSERT权限或全局CREATE USER权限。 -使用CREATE USER语句创建一个用户账号后,会在系统自身的数据库的user表中添加一条新记录。若创建的账户已经存在,则语句执行时会出现错误。 +使用CREATE USER语句创建一个用户帐号后,会在系统自身的数据库的user表中添加一条新记录。若创建的帐户已经存在,则语句执行时会出现错误。 新创建的用户拥有的权限很少,只允许进行不需要权限的操作,如使用SHOW语句查询所有存储引擎和字符集的列表等。 @@ -1842,13 +1824,13 @@ CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; \#创建密码为123456,用户名为userexample1的本地用户。 -``` +```sh > CREATE USER 'userexample1'@'localhost' IDENTIFIED BY '123456'; ``` \#创建密码为123456,用户名为userexample2,主机名为192.168.1.100的用户。 -``` +```sh > CREATE USER 'userexample2'@'192.168.1.100' IDENTIFIED BY '123456'; ``` @@ -1858,36 +1840,36 @@ CREATE USER 'username'@'hostname' IDENTIFIED BY 'password'; 查看特定用户: -``` +```sh SHOW GRANTS [FOR 'username'@'hostname']; ``` -``` +```sh SELECT USER,HOST,PASSWORD FROM mysql.user WHERE USER='username'; ``` 查看所有用户: -``` +```sh SELECT USER,HOST FROM mysql.user; ``` 其中: -- username:用户名。 -- hostname:主机名。 +- username:用户名。 +- hostname:主机名。 ##### 示例 \#查看userexample1用户。 -``` +```sh > SHOW GRANTS FOR 'userexample1'@'localhost'; ``` \#查看mysql数据库中所有用户。 -``` +```sh > SELECT USER,HOST FROM mysql.user; ``` @@ -1897,17 +1879,17 @@ SELECT USER,HOST FROM mysql.user; 可以使用RENAME USER语句修改一个或多个已经存在的用户名。 -``` +```sh RENAME USER 'oldusername'@'hostname' TO 'newusername'@'hostname'; ``` 其中: -- oldusername:旧的用户名。 -- newusername:新的用户名。 -- hostname:主机名。 +- oldusername:旧的用户名。 +- newusername:新的用户名。 +- hostname:主机名。 -RENAME USER语句用于对原有的账号进行重命名。若系统中旧账号不存在或者新账号已存在,则该语句执行时会出现错误。 +RENAME USER语句用于对原有的帐号进行重命名。若系统中旧帐号不存在或者新帐号已存在,则该语句执行时会出现错误。 使用RENAME USER语句,必须拥有数据库的UPDATE权限或全局CREATE USER权限。 @@ -1915,7 +1897,7 @@ RENAME USER语句用于对原有的账号进行重命名。若系统中旧账号 \#将用户名userexample1修改为userexapme2,主机名为locahost。 -``` +```sh > RENAME USER 'userexample1'@'localhost' TO 'userexample2'@'localhost'; ``` @@ -1923,51 +1905,52 @@ RENAME USER语句用于对原有的账号进行重命名。若系统中旧账号 可以使用SET PASSWORD语句修改一个用户的登录密码。 -``` +```sh SET PASSWORD FOR 'username'@'hostname' = 'newpassword'; ``` 其中: -- FOR 'username'@'hostname':FOR字句,可选项,指定欲修改密码的用户名及主机名。 -- 'newpassword':新密码。 +- FOR 'username'@'hostname':FOR字句,可选项,指定欲修改密码的用户名及主机名。 +- 'newpassword':新密码。 在SET PASSWORD语句中,若不加上FOR子句,表示修改当前用户的密码。 -FOR字句中必须以'username'@'hostname'的格式给定,username为账户的用户名,hostname为账户的主机名。 +FOR字句中必须以'username'@'hostname'的格式给定,username为帐户的用户名,hostname为帐户的主机名。 -欲修改密码的账号必须在系统中存在,否则语句执行时会出现错误。 +欲修改密码的帐号必须在系统中存在,否则语句执行时会出现错误。 ##### 修改用户密码示例 \#将用户名为userexample的密码修改为0123456,主机名为locahost。 -``` +```sh > SET PASSWORD FOR 'userexample'@'localhost' = '0123456'; ``` #### 删除用户 -可以使用DROP USER语句来删除一个或多个用户账号以及相关的权限。 +可以使用DROP USER语句来删除一个或多个用户帐号以及相关的权限。 -``` +```sh DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']…; ``` ->![](./public_sys-resources/icon-caution.gif) **注意:** ->用户的删除不会影响他们之前所创建的表、索引或其他数据库对象,因为数据库并不会记录创建了这些对象的账号。 +> ![](./public_sys-resources/icon-caution.gif) **注意:** +> +> 用户的删除不会影响他们之前所创建的表、索引或其他数据库对象,因为数据库并不会记录创建了这些对象的帐号。 -DROP USER语句可用于删除一个或多个数据库账号,并删除其原有权限。 +DROP USER语句可用于删除一个或多个数据库帐号,并删除其原有权限。 使用DROP USER语句必须拥有数据库的DELETE权限或全局CREATE USER权限。 -在DROP USER语句的使用中,若没有明确地给出账号的主机名,则该主机名默认为“%”。 +在DROP USER语句的使用中,若没有明确地给出帐号的主机名,则该主机名默认为“%”。 ##### 示例 \#删除用户名为userexample的本地用户。 -``` +```sh > DROP USER 'userexample'@'localhost'; ``` @@ -1975,19 +1958,19 @@ DROP USER语句可用于删除一个或多个数据库账号,并删除其原 可以使用GRANT语句来对新建用户的授权。 -``` +```sh GRANT privileges ON databasename.tablename TO 'username'@'hostname'; ``` 其中: -- ON字句:用于指定权限授予的对象和级别。 -- privileges:用户的操作权限,如SELECT,INSERT,UPDATE等,如果要授予所有的权限则使用ALL。 -- databasename:数据库名。 -- tablename:表名。 -- TO字句:用来设定用户密码,以及指定被赋予权限的用户。 -- username:用户名。 -- hostname:主机名。 +- ON字句:用于指定权限授予的对象和级别。 +- privileges:用户的操作权限,如SELECT,INSERT,UPDATE等,如果要授予所有的权限则使用ALL。 +- databasename:数据库名。 +- tablename:表名。 +- TO字句:用来设定用户密码,以及指定被赋予权限的用户。 +- username:用户名。 +- hostname:主机名。 如果要授予该用户对所有数据库和表的相应操作权限则可用\*表示,如\*.\*。 @@ -1999,7 +1982,7 @@ GRANT privileges ON databasename.tablename TO 'username'@'hostname'; \#对本地用户userexample授予SELECT和INSERT权限。 -``` +```sh > GRANT SELECT,INSERT ON *.* TO 'userexample'@'localhost'; ``` @@ -2007,7 +1990,7 @@ GRANT privileges ON databasename.tablename TO 'username'@'hostname'; 可以使用REVOKE语句来删除一个用户的权限,但此用户不会被删除。 -``` +```sh REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; ``` @@ -2019,16 +2002,17 @@ REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; \#删除本地用户userexample的INSERT权限。 -``` +```sh > REVOKE INSERT ON *.* FROM 'userexample'@'localhost'; ``` ### 管理数据库 + #### 创建数据库 可以使用CREATE DATABASE语句来创建数据库。 -``` +```sh CREATE DATABASE databasename; ``` @@ -2038,7 +2022,7 @@ CREATE DATABASE databasename; \#创建数据库名为databaseexample的数据库。 -``` +```sh > CREATE DATABASE databaseexample; ``` @@ -2046,7 +2030,7 @@ CREATE DATABASE databasename; 可以使用SHOW DATABASES语句来查看数据库。 -``` +```sh SHOW DATABASES; ``` @@ -2054,7 +2038,7 @@ SHOW DATABASES; \#查看所有数据库。 -``` +```sh > SHOW DATABASES; ``` @@ -2062,7 +2046,7 @@ SHOW DATABASES; 一般创建表,查询表等操作首先需要选择一个目标数据库。可以使用USE语句来选择数据库。 -``` +```sh USE databasename; ``` @@ -2072,7 +2056,7 @@ USE databasename; \#选择databaseexample数据库。 -``` +```sh > USE databaseexample; ``` @@ -2080,10 +2064,11 @@ USE databasename; 可以使用DROP DATABASE语句来删除数据库。 ->![](./public_sys-resources/icon-caution.gif) **注意:** ->删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 +> ![](./public_sys-resources/icon-caution.gif) **注意:** +> +> 删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 -``` +```sh DROP DATABASE databasename; ``` @@ -2099,7 +2084,7 @@ DROP SCHEMA是DROP DATABASE的同义词。 \#删除databaseexample数据库。 -``` +```sh > DROP DATABASE databaseexample; ``` @@ -2109,66 +2094,65 @@ DROP SCHEMA是DROP DATABASE的同义词。 备份一个或多个表: -``` +```sh mysqldump [options] databasename [tablename ...] > outfile ``` 备份一个或多个库: -``` +```sh mysqldump [options] -databases databasename ... > outfile ``` 备份所有库: -``` +```sh mysqldump [options] -all-databases > outputfile ``` 其中: -- databasename:数据库名称。 -- tablename:数据表名称。 -- outfile:数据库备份的文件。 -- options:mysqldump命令参数选项,多个参数之间可以使用空格分隔。常用的mysqldump命令参数选项如下: - - -u, \-\-user= _username_ :指定用户名。 - - -p, \-\-password\[= _password_\]:指定密码。 - - -P, \-\-port= _portnumber_ :指定端口。 - - -h, \-\-host= _hostname_ :指定主机名。 - - -r, \-\-result-file= _filename_ :将导出结果保存到指定的文件中,等同于“\>”。 - - -t:只备份数据。 - - -d:只备份表结构。 - +- databasename:数据库名称。 +- tablename:数据表名称。 +- outfile:数据库备份的文件。 +- options:mysqldump命令参数选项,多个参数之间可以使用空格分隔。常用的mysqldump命令参数选项如下: + - -u, \-\-user= _username_ :指定用户名。 + - -p, \-\-password\[= _password_\]:指定密码。 + - -P, \-\-port= _portnumber_ :指定端口。 + - -h, \-\-host= _hostname_ :指定主机名。 + - -r, \-\-result-file= _filename_ :将导出结果保存到指定的文件中,等同于“\>”。 + - -t:只备份数据。 + - -d:只备份表结构。 ##### 示例 \#备份主机为192.168.202.144,端口为3306,root用户下的所有数据库到alldb.sql中。 -``` +```sh # mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --all-databases > alldb.sql ``` \#备份主机为192.168.202.144,端口为3306,root用户下的db1数据库到db1.sql中。 -``` +```sh # mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 --databases db1 > db1.sql ``` \#备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的tb1表到db1tb1.sql中。 -``` +```sh # mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 db1 tb1 > db1tb1.sql ``` \#只备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的表结构到db1.sql中。 -``` +```sh # mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -d db1 > db1.sql ``` \#只备份主机为192.168.202.144,端口为3306,root用户下的db1数据库的数据到db1.sql中。 -``` +```sh # mysqldump -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 > db1.sql ``` @@ -2178,23 +2162,23 @@ mysqldump [options] -all-databases > outputfile 恢复一个或多个表: -``` +```sh mysql -h hostname -P portnumber -u username -ppassword databasename < infile ``` 其中: -- hostname:主机名。 -- portnumber:端口号。 -- username:用户名。 -- password:密码。 -- databasename:数据库名。 -- infile:mysqldump命令中的outfile参数。 +- hostname:主机名。 +- portnumber:端口号。 +- username:用户名。 +- password:密码。 +- databasename:数据库名。 +- infile:mysqldump命令中的outfile参数。 ##### 示例 \#恢复数据库。 -``` +```sh # mysql -h 192.168.202.144 -P 3306 -uroot -p123456 -t db1 < db1.sql ``` diff --git "a/docs/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" "b/docs/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" index b39442fe9ae3b06880a5a7ba45841bc7c8ce2ad4..b0e38ec7aaf9a89e8025b328cf8edca0bf77447c 100644 --- "a/docs/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" +++ "b/docs/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" @@ -1,46 +1,45 @@ # 查看系统信息 -- 查看系统信息,命令如下: +- 查看系统信息,命令如下: - ``` - $ cat /etc/os-release + ```sh + cat /etc/os-release ``` 例如,命令和输出如下: - ``` + ```sh $ cat /etc/os-release NAME="openEuler" - VERSION="20.03 (LTS)" + VERSION="20.03 (LTS-SP4)" ID="openEuler" VERSION_ID="20.03" - PRETTY_NAME="openEuler 20.03 (LTS)" + PRETTY_NAME="openEuler 20.03 (LTS-SP4)" ANSI_COLOR="0;31" ``` - -- 查看系统相关的资源信息。 +- 查看系统相关的资源信息。 查看CPU信息,命令如下: - ``` - $ lscpu + ```sh + lscpu ``` 查看内存信息,命令如下: - ``` - $ free + ```sh + free ``` 查看磁盘信息,命令如下: + ```sh + fdisk -l ``` - $ fdisk -l - ``` + 查看系统资源实时信息,命令如下: + ```sh + top ``` - $ top - ``` - diff --git "a/docs/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" "b/docs/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" index 9ad11554dbbc02828fb74e04f65b703e2af51382..18e42b5860f7b2dd28ee5e07f702364b0dcba5f2 100644 --- "a/docs/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" +++ "b/docs/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" @@ -1,44 +1,6 @@ # 管理服务 本章介绍如何使用systemd进行系统和服务管理。 - - -- [管理服务](#管理服务) - - [简介](#简介) - - [概念介绍](#概念介绍) - - [特性说明](#特性说明) - - [更快的启动速度](#更快的启动速度) - - [提供按需启动能力](#提供按需启动能力) - - [采用cgroup特性跟踪和管理进程的生命周期](#采用cgroup特性跟踪和管理进程的生命周期) - - [启动挂载点和自动挂载的管理](#启动挂载点和自动挂载的管理) - - [实现事务性依赖关系管理](#实现事务性依赖关系管理) - - [与SysV初始化脚本兼容](#与sysv初始化脚本兼容) - - [能够对系统进行快照和恢复](#能够对系统进行快照和恢复) - - [管理系统服务](#管理系统服务) - - [sysvinit命令和systemd命令](#sysvinit命令和systemd命令) - - [显示所有当前服务](#显示所有当前服务) - - [显示服务状态](#显示服务状态) - - [运行服务](#运行服务) - - [关闭服务](#关闭服务) - - [重启服务](#重启服务) - - [启用服务](#启用服务) - - [禁用服务](#禁用服务) - - [改变运行级别](#改变运行级别) - - [Target和运行级别](#target和运行级别) - - [查看系统默认启动目标](#查看系统默认启动目标) - - [查看当前系统所有的启动目标](#查看当前系统所有的启动目标) - - [改变默认目标](#改变默认目标) - - [改变当前目标](#改变当前目标) - - [切换到救援模式](#切换到救援模式) - - [切换到紧急模式](#切换到紧急模式) - - [关闭、暂停和休眠系统](#关闭暂停和休眠系统) - - [systemctl命令](#systemctl命令) - - [关闭系统](#关闭系统) - - [重启系统](#重启系统) - - [使系统待机](#使系统待机) - - [使系统休眠](#使系统休眠) - - ## 简介 @@ -46,7 +8,7 @@ systemd是在Linux下,与SysV和LSB初始化脚本兼容的系统和服务管 ### 概念介绍 -systemd开启和监督整个系统是基于unit的概念。unit是由一个与配置文件对应的名字和类型组成的(例如:avahi.service unit有一个具有相同名字的配置文件,是守护进程Avahi的一个封装单元)。unit有多重类型,如[表1](#zh-cn_topic_0151921012_t2dcb6d973cc249ed9ccd56729751ca6b)所示。 +systemd开启和监督整个系统是基于unit的概念。unit是由一个与配置文件对应的名字和类型组成的(例如:avahi.service unit有一个具有相同名字的配置文件,是守护进程Avahi的一个封装单元)。unit有多种类型,如[表1](#zh-cn_topic_0151921012_t2dcb6d973cc249ed9ccd56729751ca6b)所示。 **表 1** unit说明 @@ -172,18 +134,18 @@ systemd开启和监督整个系统是基于unit的概念。unit是由一个与 ### 更快的启动速度 -systemd提供了比UpStart更激进的并行启动能力,采用了socket/D-Bus activation等技术启动服务,带来了更快的启动速度。 +systemd提供了比UpStart更强大的并行启动能力,采用了socket/D-Bus activation等技术启动服务,带来了更快的启动速度。 为了减少系统启动时间,systemd的目标是: -- 尽可能启动更少的进程。 -- 尽可能将更多进程并行启动。 +- 尽可能启动更少的进程。 +- 尽可能将更多进程并行启动。 ### 提供按需启动能力 当sysvinit系统初始化的时候,它会将所有可能用到的后台服务进程全部启动运行。并且系统必须等待所有的服务都启动就绪之后,才允许用户登录。这种做法有两个缺点:首先是启动时间过长;其次是系统资源浪费。 -某些服务很可能在很长一段时间内,甚至整个服务器运行期间都没有被使用过。比如CUPS,打印服务在多数服务器上很少被真正使用到。您可能没有想到,在很多服务器上SSHD也是很少被真正访问到的。花费在启动这些服务上的时间是不必要的;同样,花费在这些服务上的系统资源也是一种浪费。 +某些服务很可能在很长一段时间内,甚至整个服务器运行期间都没有被使用过。比如CUPS,打印服务在多数服务器上很少被真正使用到。大量实际应用情况表明,在很多服务器上SSHD也是很少被真正访问到的。花费在启动这些服务上的时间是不必要的;同样,花费在这些服务上的系统资源也是一种浪费。 systemd可以提供按需启动的能力,只有在某个服务被真正请求的时候才启动它。当该服务结束,systemd可以关闭它,等待下次需要时再次启动它。 @@ -217,7 +179,7 @@ systemd提供了和sysvinit以及LSB initscripts兼容的特性。系统中已 systemd支持按需启动,因此系统的运行状态是动态变化的,人们无法准确地知道系统当前运行了哪些服务。systemd快照提供了一种将当前系统运行状态保存并恢复的能力。 -比如系统当前正运行服务A和B,可以用systemd命令行对当前系统运行状况创建快照。然后将进程A停止,或者做其他的任意的对系统的改变,比如启动新的进程C。在这些改变之后,运行systemd的快照恢复命令,就可立即将系统恢复到快照时刻的状态,即只有服务A,B在运行。一个可能的应用场景是调试:比如服务器出现一些异常,为了调试用户将当前状态保存为快照,然后可以进行任意的操作,比如停止服务等等。等调试结束,恢复快照即可。 +比如系统当前正运行服务A和B,可以用systemd命令行对当前系统运行状况创建快照。然后将进程A停止,或者做其他的任意的对系统的改变,比如启动新的进程C。在这些改变之后,运行systemd的快照恢复命令,就可立即将系统恢复到快照时刻的状态,即只有服务A和B在运行。一个可能的应用场景是调试:比如服务器出现一些异常,为了调试用户将当前状态保存为快照,然后可以进行任意的操作,比如停止服务等等。等调试结束,恢复快照即可。 ## 管理系统服务 @@ -301,21 +263,21 @@ systemd提供systemctl命令与sysvinit命令的功能类似。当前版本中

用来检查一个服务在当前环境下被配置为启用还是禁用。

chkconfig \-\-list

+

chkconfig --list

systemctl list-unit-files \-\-type=service

+

systemctl list-unit-files --type=service

输出在各个运行级别下服务的启用和禁用情况。

chkconfig network \-\-list

+

chkconfig network --list

ls /etc/systemd/system/*.wants/network.service

用来列出该服务在哪些运行级别下启用和禁用。

chkconfig network \-\-add

+

chkconfig network --add

systemctl daemon-reload

- - - - - - - - - - - - - - - - -

状态

-

含义

-

active(running)

-

有一只或多只程序正在系统中执行

-

active(exited)

-

仅执行一次就正常结束的服务,目前并没有任何程序在系统中执行。 举例来说,开机或者 是挂载时才会进行一次的 quotaon 功能

-

active(waiting)

-

正在执行当中,不过要等待其他的事件才能继续处理。例如:打印的队列相关服务 就是这种状态,虽然正在启动中,不过也需要真的有队列进来 (打印作业) 这样他才会继续唤醒打印机 服务来进行下一步打印的功能

-

inactive

-

这个服务没有运行

-
+| 状态 | 含义 | +|:---|:---| +| active | 这个服务正在运行。 | +| inactive | 这个服务没有运行。 | 同样,如果您需要判断某个服务是否被启用,可执行如下命令: -``` +```sh systemctl is-enabled name.service ``` @@ -459,32 +395,32 @@ is-enabled命令的返回结果如下:

"enabled"

已经通过 /etc/systemd/system/ 目录下的 Alias= 别名、 .wants/ 或 .requires/ 软连接被永久启用。

+

已经通过 /etc/systemd/system/ 目录下的 Alias= 别名、 .wants/ 或 .requires/ 软链接被永久启用。

"enabled-runtime"

已经通过 /run/systemd/system/ 目录下的 Alias= 别名、 .wants/ 或 .requires/ 软连接被临时启用。

+

已经通过 /run/systemd/system/ 目录下的 Alias= 别名、 .wants/ 或 .requires/ 软链接被临时启用。

"linked"

虽然单元文件本身不在标准单元目录中,但是指向此单元文件的一个或多个软连接已经存在于 /etc/systemd/system/ 永久目录中。

+

虽然单元文件本身不在标准单元目录中,但是指向此单元文件的一个或多个软链接已经存在于 /etc/systemd/system/ 永久目录中。

"linked-runtime"

虽然单元文件本身不在标准单元目录中,但是指向此单元文件的一个或多个软连接已经存在于 /run/systemd/system/ 临时目录中。

+

虽然单元文件本身不在标准单元目录中,但是指向此单元文件的一个或多个软链接已经存在于 /run/systemd/system/ 临时目录中。

"masked"

已经被 /etc/systemd/system/ 目录永久屏蔽(软连接指向 /dev/null 文件),因此 start 操作会失败。

+

已经被 /etc/systemd/system/ 目录永久屏蔽(软链接指向 /dev/null 文件),因此 start 操作会失败。

"masked-runtime"

已经被 /run/systemd/systemd/ 目录临时屏蔽(软连接指向 /dev/null 文件),因此 start 操作会失败。

+

已经被 /run/systemd/systemd/ 目录临时屏蔽(软链接指向 /dev/null 文件),因此 start 操作会失败。

"static"

@@ -494,7 +430,7 @@ is-enabled命令的返回结果如下:

"indirect"

尚未被启用,但是单元文件的 "[Install]" 小节中 Also= 选项的值列表非空(也就是列表中的某些单元可能已被启用)、或者它拥有一个不在 Also= 列表中的其他名称的别名软连接。对于模版单元来说,表示已经启用了一个不同于 DefaultInstance= 的实例。

+

尚未被启用,但是单元文件的 "[Install]" 小节中 Also= 选项的值列表非空(也就是列表中的某些单元可能已被启用)、或者它拥有一个不在 Also= 列表中的其他名称的别名软链接。对于模版单元来说,表示已经启用了一个不同于 DefaultInstance= 的实例。

"disabled"

@@ -522,7 +458,7 @@ is-enabled命令的返回结果如下: 例如查看gdm.service服务状态,命令如下: -``` +```sh # systemctl status gdm.service gdm.service - GNOME Display Manager Loaded: loaded (/usr/lib/systemd/system/gdm.service; enabled) Active: active (running) since Thu 2013-10-17 17:31:23 CEST; 5min ago Main PID: 1029 (gdm) @@ -536,13 +472,13 @@ gdm.service - GNOME Display Manager Loaded: loaded (/usr/lib/systemd/system/gd 如果您需要运行某个服务,请在root权限下执行如下命令: -``` -systemctl start name.service +```sh +# systemctl start name.service ``` 例如运行httpd服务,命令如下: -``` +```sh # systemctl start httpd.service ``` @@ -550,13 +486,13 @@ systemctl start name.service 如果您需要关闭某个服务,请在root权限下执行如下命令: -``` +```sh systemctl stop name.service ``` 例如关闭蓝牙服务,命令如下: -``` +```sh # systemctl stop bluetooth.service ``` @@ -564,7 +500,7 @@ systemctl stop name.service 如果您需要重启某个服务,请在root权限下执行如下命令: -``` +```sh systemctl restart name.service ``` @@ -572,7 +508,7 @@ systemctl restart name.service 例如重启蓝牙服务,命令如下: -``` +```sh # systemctl restart bluetooth.service ``` @@ -580,13 +516,13 @@ systemctl restart name.service 如果您需要在开机时启用某个服务,请在root权限下执行如下命令: -``` +```sh systemctl enable name.service ``` 例如设置httpd服务开机时启动,命令如下: -``` +```sh # systemctl enable httpd.service ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' ``` @@ -595,13 +531,13 @@ ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.ta 如果您需要在开机时禁用某个服务,请在root权限下执行如下命令: -``` +```sh systemctl disable name.service ``` 例如在开机时禁用蓝牙服务启动,命令如下: -``` +```sh # systemctl disable bluetooth.service Removed /etc/systemd/system/bluetooth.target.wants/bluetooth.service. Removed /etc/systemd/system/dbus-org.bluez.service. @@ -670,7 +606,7 @@ systemd用目标(target)替代了运行级别的概念,提供了更大的

emergency.target

紧急Shell

+

紧急Shell。
-例如显示系统中终端上的所有进行进程。命令如下: +例如显示系统中终端上的所有进程。命令如下: ``` $ ps -a @@ -117,7 +117,7 @@ top命令输出的实例如[图1](#zh-cn_topic_0151921029_f289234fcdbac453796200 ### kill命令 -当需要中断一个前台进程的时候,通常足使用“Ctrl+c”组合键,而对于后台进程不能用组合键来终止,这时就可以使用kill命令。该命令可以终止前台和后台进程。终止后台进程的原因包括:该进程占用CPU的时间过多、该进程已经死锁等。 +当需要中断一个前台进程的时候,通常使用“Ctrl+C”组合键,而对于后台进程不能用组合键来终止,这时就可以使用kill命令。该命令可以终止前台和后台进程。终止后台进程的原因包括:该进程占用CPU的时间过多、该进程已经死锁等。 kill命令是通过向进程发送指定的信号来结束进程的。如果没有指定发送的信号,那么默认值为TERM信号。TERM信号将终止所有不能捕获该信号的进程。至于那些可以捕获该信号的进程可能就需要使用KILL信号(它的编号为9),而该信号不能被捕捉。 @@ -178,7 +178,7 @@ at命令的语法格式如下: at允许使用一套相当复杂的时间指定方法,比如: -- 接受在当天的hh:mm(小时:分钟)式的时间指定。如果该时间已经过去,那么就放存第二天执行。 +- 接受在当天的hh:mm(小时:分钟)式的时间指定。如果该时间已经过去,那么就放在第二天执行。 - 使用midnight(深夜)、noon(中午)、teatime(饮茶时间,一般是下午4点)等比较模糊的词语来指定时间。 - 采用12小时计时制,即在时间后面加上AM(上午)或者PM(下午)来说明是上午还是下午。 - 指定命令执行的具体日期,指定格式为month day(月日)或者mm/dd/yy(月/日/年)或者dd.mm.yy(日.月.年)。指定的日期必须跟在指定时间的后面。 @@ -202,7 +202,7 @@ at允许使用一套相当复杂的时间指定方法,比如: #### 执行权限 -对于at命令来说,需要定时执行的命令是从标准输入或者使用-f选项指定的文件中读取并执行的。如果at命令是从一个使用su命令切换到用户shell中执行的,那么当前用户被认为是执行用户,所有的错误和输出结果都会送给这个用户。但是如果有邮件送出的话,收到邮件的将是原来的用户,也就是登录时shell的所有者。 +对于at命令来说,需要定时执行的命令是从标准输入或者使用-f选项指定的文件中读取并执行的。如果at命令是从一个使用su命令切换到用户shell中执行的,那么当前用户被认为是执行用户,所有的错误和输出结果都会发送给这个用户。但是如果有邮件送出的话,收到邮件的将是原来的用户,也就是登录时shell的所有者。 例如在6月8日上午10点执行slocate -u命令。在root权限下执行命令如下: @@ -215,7 +215,7 @@ at> 上面的结果中,输入at命令之后,会出现提示符at\>,提示用户输入命令,在此输入了slocate -u,然后按回车键。还可以输入多条命令,当所有要执行的命令输入结束后,按Ctrl+d键结束at命令。 -在任何情况下,管理员账户都可以使用这个命令。对于其他用户来说,是否可以使用就取决于/etc/at.allow和/etc/at.deny文件。 +在任何情况下,管理员帐户都可以使用这个命令。对于其他用户来说,是否可以使用就取决于/etc/at.allow和/etc/at.deny文件。 ### 周期性运行一批程序(cron) @@ -225,7 +225,7 @@ at> 首先cron命令会搜索/var/spool/cron目录,寻找以/etc/passwd文件中的用户名命名的crontab文件,被找到的这种文件将装入内存。比如一个用户名为userexample的用户,对应的crontab文件应该是/var/spool/cron/userexample,即以该用户命名的crontab文件存放在/var/spool/cron目录下面。 -cron命令还将搜索/etc/crontab文件,这个文件是用不同的格式写成的。cron启动以后,它将首先检查是否有用户设置了crontab文件,如果没有就转入睡眠状态,释放系统资源。所以该后台进程占用资源极少,它每分钟被换醒一次,查看当前是否有需要运行的命令。 +cron命令还将搜索/etc/crontab文件,这个文件是用不同的格式写成的。cron启动以后,它将首先检查是否有用户设置了crontab文件,如果没有就转入睡眠状态,释放系统资源。所以该后台进程占用资源极少,它每分钟被唤醒一次,查看当前是否有需要运行的命令。 命令执行结束后,任何输出都将作为邮件发送给crontab的所有者,或者是/etc/crontab文件中MAILTO环境变量中指定的用户。这是cron的工作原理,但是cron命令的执行不需要用户干涉,用户只需要修改crontab中要执行的命令。 @@ -235,10 +235,11 @@ crontab命令用于安装、删除或者显示用于驱动cron后台进程的表 crontab命令的常用方法如下: -- crontab -u //设置某个用户的cron服务,root用户在执行crontab时需要此参数。 -- crontab -l //列出某个用户cron服务的详细内容。 -- crontab -r //删除某个用户的cron服务。 -- crontab -e //编辑某个用户的cron服务。 +- crontab -u://设置某个用户的cron服务,root用户在执行crontab时需要此参数。 +- crontab -l:列出当前用户的 cron 作业(使用 sudo 列出其他用户的)。 +- crontab -r:删除当前用户的所有 cron 作业(使用 sudo 删除其他用户的)。 +- crontab -e:编辑当前用户的 cron 作业(使用 sudo 编辑其他用户的)。 + 例如root查看自己的cron设置。命令如下: @@ -254,7 +255,7 @@ crontab命令的常用方法如下: minute hour day-of-month month-of-year day-of-week commands ``` -对于每一项的说明如所示。 +对于每一项的说明如下表所示。 **表 2** 参数说明 @@ -330,7 +331,7 @@ cron服务每分钟不仅要读一次/var/spool/cron内的所有文件,还需 ``` SHELL=/bin/sh PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin -MAILTO=root //如果出现错误,或者有数据输出,数据作为邮件发给这个账号 +MAILTO=root //如果出现错误,或者有数据输出,数据作为邮件发给这个帐号 HOME=/ # run-parts 01 * * * * root run-parts /etc/cron.hourly //每个小时执行一次/etc/cron.hourly里的脚本 diff --git "a/docs/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" "b/docs/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" index 0e1bd9dcefbd2cadbc5bc09872fee01a9d8da183..ce9fd0502ce5352558dce37e724614fe83865aa9 100644 --- "a/docs/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" +++ "b/docs/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" @@ -1,110 +1,87 @@ # 配置网络 - - -- [配置网络](#配置网络) - - [配置 IP](#配置-ip) - - [使用nmcli命令](#使用nmcli命令) - - [使用ip命令](#使用ip命令) - - [通过ifcfg文件配置网络](#通过ifcfg文件配置网络) - - [配置主机名](#配置主机名) - - [简介](#简介) - - [使用hostnamectl配置主机名](#使用hostnamectl配置主机名) - - [使用nmcli配置主机名](#使用nmcli配置主机名) - - [配置网络绑定](#配置网络绑定) - - [使用nmcli](#使用nmcli) - - [使用命令行](#使用命令行) - - [IPv6使用差异说明(vs IPv4)](#ipv6使用差异说明vs-ipv4) - - [约束限制](#约束限制) - - [配置说明](#配置说明) - - [FAQ](#faq) - - - ## 配置 IP - ### 使用nmcli命令 ->![](./public_sys-resources/icon-note.gif) **说明:** ->使用nmcli命令配置的网络配置可以立即生效且系统重启后配置也不会丢失。 - - +> ![](./public_sys-resources/icon-note.gif) **说明:** +> 使用nmcli命令配置的网络配置可以立即生效且系统重启后配置也不会丢失。 #### nmcli介绍 nmcli是NetworkManager的一个命令行工具,它提供了使用命令行配置由NetworkManager管理网络连接的方法。nmcli命令的基本格式为: -``` - nmcli [OPTIONS] OBJECT { COMMAND | help } +```sh +nmcli [OPTIONS] OBJECT { COMMAND | help } ``` 其中,OBJECT选项可以是general、networking、radio、connection或device等。在日常使用中,最常使用的是-t, \-\-terse(用于脚本)、-p, \-\-pretty选项(用于用户)及-h, \-\-help选项,用户可以使用“ nmcli help”获取更多参数及使用信息。 -``` -$ nmcli help +```sh +nmcli help ``` 常用命令使用举例如下: -- 显示NetworkManager状态: +- 显示NetworkManager状态: - ``` - $ nmcli general status + ```sh + nmcli general status ``` -- 显示所有连接: +- 显示所有连接: - ``` - $ nmcli connection show + ```sh + nmcli connection show ``` -- 只显示当前活动连接,如下所示添加 -a, \-\-active: +- 只显示当前活动连接,如下所示添加 -a, \-\-active: - ``` - $ nmcli connection show --active + ```sh + nmcli connection show --active ``` -- 显示由NetworkManager识别到设备及其状态: +- 显示由NetworkManager识别到的设备及其状态: - ``` - $ nmcli device status + ```sh + nmcli device status ``` -- 使用nmcli工具启动和停止网络接口,在root权限下执行如下命令: +- 使用nmcli工具启动和停止网络接口,在root权限下执行如下命令: - ``` + ```sh # nmcli connection up id enp3s0 # nmcli device disconnect enp3s0 ``` - #### 设备管理 -##### 连接到设备 +##### 连接到设备 -使用如下命令,NetworkManager将连接到对应网络设备,尝试找到合适的连接配置,并激活配置。 +使用如下命令,NetworkManager将连接到对应网络设备,尝试找到合适的连接配置,并激活配置。 +```sh +nmcli device connect "$IFNAME" ``` -$nmcli device connect "$IFNAME" -``` ->如果不存在相应的配置连接,NetworkManager将创建并激活具有默认设置的新配置文件。 -##### 断开设备连接 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>如果不存在相应的配置连接,NetworkManager将创建并激活具有默认设置的新配置文件。 -使用如下命令,NetworkManager将断开设备连接,并防止设备自动激活。 +##### 断开设备连接 +使用如下命令,NetworkManager将断开设备连接,并防止设备自动激活。 -``` -$nmcli device disconnect "$IFNAME" -``` +```sh +$nmcli device disconnect "$IFNAME" +``` #### 设置网络连接 列出目前可用的网络连接: -``` -$ nmcli con show +```sh +# nmcli con show NAME UUID TYPE DEVICE @@ -113,13 +90,13 @@ enp3s0 c88d7b69-f529-35ca-81ab-aa729ac542fd ethernet enp3s0 virbr0 ba552da6-f014-49e3-91fa-ec9c388864fa bridge virbr0 ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >输出结果中的NAME字段代表连接ID(名称)。 添加一个网络连接会生成相应的配置文件,并与相应的设备关联。检查可用的设备,方法如下: -``` -$ nmcli dev status +```sh +# nmcli dev status DEVICE TYPE STATE CONNECTION enp3s0 ethernet connected enp3s0 @@ -129,20 +106,19 @@ lo loopback unmanaged -- virbr0-nic tun unmanaged -- ``` - ##### 配置动态IP连接 ###### 配置IP 要使用 DHCP 分配网络时,可以使用动态IP配置添加网络配置文件,命令格式如下: -``` +```sh nmcli connection add type ethernet con-name connection-name ifname interface-name ``` 例如创建名为net-test的动态连接配置文件,在root权限下使用以下命令: -``` +```sh # nmcli connection add type ethernet con-name net-test ifname enp3s0 Connection 'net-test' (a771baa0-5064-4296-ac40-5dc8973967ab) successfully added. ``` @@ -153,15 +129,15 @@ NetworkManager 会将参数 connection.autoconnect 设定为 yes,并将设置 在root权限下使用以下命令激活网络连接: -``` +```sh # nmcli con up net-test Connection successfully activated (D-Bus active path:/org/freedesktop/NetworkManager/ActiveConnection/5) ``` 检查这些设备及连接的状态,使用以下命令: -``` -$ nmcli device status +```sh +# nmcli device status DEVICE TYPE STATE CONNECTION enp4s0 ethernet connected enp4s0 @@ -177,22 +153,22 @@ virbr0-nic tun unmanaged -- 添加静态 IPv4 配置的网络连接,可使用以下命令: -``` +```sh nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >如果要添加 IPv6 地址和网关信息,使用 ip6 和 gw6 选项。 例如创建名为 net-static的静态连接配置文件,在root权限下使用以下命令: -``` +```sh # nmcli con add type ethernet con-name net-static ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 ``` 还可为该设备同时指定 IPv6 地址和网关,示例如下: -``` +```sh # nmcli con add type ethernet con-name test-lab ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 ip6 abbe::**** gw6 2001:***::* Connection 'net-static' (63aa2036-8665-f54d-9a92-c3035bad03f7) successfully added. ``` @@ -201,13 +177,13 @@ NetworkManager 会将其内部参数 ipv4.method 设定为 manual,将 connecti 设定两个 IPv4 DNS 服务器地址,在root权限下使用以下命令: -``` +```sh # nmcli con mod net-static ipv4.dns "*.*.*.* *.*.*.*" ``` 设置两个 IPv6 DNS 服务器地址,在root权限下使用以下命令: -``` +```sh # nmcli con mod net-static ipv6.dns "2001:4860:4860::**** 2001:4860:4860::****" ``` @@ -215,15 +191,15 @@ NetworkManager 会将其内部参数 ipv4.method 设定为 manual,将 connecti 激活新的网络连接,在root权限下使用以下命令: -``` +```sh # nmcli con up net-static ifname enp3s0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6) ``` 检查这些设备及连接的状态,使用以下命令: -``` -$ nmcli device status +```sh +# nmcli device status DEVICE TYPE STATE CONNECTION enp4s0 ethernet connected enp4s0 @@ -235,8 +211,8 @@ virbr0-nic tun unmanaged -- 查看配置的连接详情,使用以下命令(使用 -p, \-\-pretty 选项在输出结果中添加标题和分段): -``` -$ nmcli -p con show net-static +```sh +# nmcli -p con show net-static =============================================================================== Connection profile details (net-static ) =============================================================================== @@ -269,77 +245,76 @@ connection.llmnr: -1 (default) 有两种方式添加Wi-Fi 连接。 -**方法1,通过网络接口连接wifi** +**方法1**,通过网络接口连接Wi-Fi -连接到由SSID或BSSID指定的wifi网络。命令如下,该命令找到匹配的连接或创建一个连接,然后在设备上激活它。 +连接到由SSID或BSSID指定的Wi-Fi网络。命令如下,该命令找到匹配的连接或创建一个连接,然后在设备上激活它。 -``` -$ nmcli device wifi connect "$SSID" password "$PASSWORD" ifname "$IFNAME" -$ nmcli --ask device wifi connect "$SSID" +```sh +nmcli device wifi connect "$SSID" password "$PASSWORD" ifname "$IFNAME" +nmcli --ask device wifi connect "$SSID" ``` -**方法2,通过配置文件连接Wi-Fi** +**方法2**,通过配置文件连接Wi-Fi 1,使用以下命令查看可用 Wi-Fi 访问点: -``` -$ nmcli dev wifi list +```sh +nmcli dev wifi list ``` 2,使用以下命令生成使用的静态 IP 配置,但允许自动 DNS 地址分配的 Wi-Fi 连接: -``` -$ nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1 +```sh +nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1 ``` 3,请使用以下命令设定 WPA2 密码,例如 “answer”: -``` -$ nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk -$ nmcli con modify Wifi wifi-sec.psk answer +```sh +nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk +nmcli con modify Wifi wifi-sec.psk answer ``` 4,使用以下命令更改 Wi-Fi 状态: -``` -$ nmcli radio wifi [ on | off ] +```sh +nmcli radio wifi [ on | off ] ``` ##### 更改属性 请使用以下命令检查具体属性,比如 mtu: -``` -$ nmcli connection show id 'Wifi ' | grep mtu +```sh +# nmcli connection show id 'Wifi ' | grep mtu 802-11-wireless.mtu: auto ``` 使用如下命令更改设置的属性: -``` -$ nmcli connection modify id 'Wifi ' 802-11-wireless.mtu 1350 +```sh +nmcli connection modify id 'Wifi ' 802-11-wireless.mtu 1350 ``` 使用如下命令确认更改: -``` -$ nmcli connection show id 'Wifi ' | grep mtu +```sh +# nmcli connection show id 'Wifi ' | grep mtu 802-11-wireless.mtu: 1350 ``` #### 配置静态路由 -- 使用nmcli命令为网络连接配置静态路由,使用命令如下: +- 使用nmcli命令为网络连接配置静态路由,使用命令如下: - ``` - $ nmcli connection modify enp3s0 +ipv4.routes "192.168.122.0/24 10.10.10.1" + ```sh + nmcli connection modify enp3s0 +ipv4.routes "192.168.122.0/24 10.10.10.1" ``` +- 使用编辑器配置静态路由,使用如下命令: -- 使用编辑器配置静态路由,使用如下命令: - - ``` - $ nmcli con edit type ethernet con-name enp3s0 + ```sh + # nmcli con edit type ethernet con-name enp3s0 ===| nmcli interactive connection editor |=== Adding a new '802-3-ethernet' connection Type 'help' or '?' for available commands. @@ -354,32 +329,36 @@ $ nmcli connection show id 'Wifi ' | grep mtu nmcli> quit ``` +- 使用如下命令激活连接以生效配置: + + ```sh + nmcli con up enp3s0 + ``` ### 使用ip命令 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >使用ip命令配置的网络配置可以立即生效但系统重启后配置会丢失。 - - #### 配置IP地址 使用ip命令为接口配置地址,命令格式如下,其中 _interface-name_ 为网卡名称。 -``` +```sh ip addr [ add | del ] address dev interface-name ``` ##### 配置静态地址 -在root权限下,配置设置IP地址,使用示例如下: -``` +在root权限下,配置静态IP地址,使用示例如下: + +```sh # ip address add 192.168.0.10/24 dev enp3s0 ``` 查看配置结果,在root权限使用如下命令: -``` +```sh # ip addr show dev enp3s0 2: enp3s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff @@ -392,9 +371,10 @@ ip addr [ add | del ] address dev interface-name ``` ##### 配置多个地址 + ip 命令支持为同一接口分配多个地址,可在root权限下重复多次使用 ip 命令实现分配多个地址。使用示例如下: -``` +```sh # ip address add 192.168.2.223/24 dev enp4s0 # ip address add 192.168.4.223/24 dev enp4s0 # ip addr @@ -415,13 +395,13 @@ ip 命令支持为同一接口分配多个地址,可在root权限下重复多 如果需要静态路由,可使用 ip route add 命令在路由表中添加,使用 ip route del 命令删除。最常使用的 ip route 命令格式如下: -``` +```sh ip route [ add | del | change | append | replace ] destination-address ``` 在root权限下使用 ip route 命令显示当前的 IP 路由表。示例如下: -``` +```sh # ip route default via 192.168.0.1 dev enp3s0 proto dhcp metric 100 @@ -433,7 +413,7 @@ default via 192.168.0.1 dev enp4s0 proto dhcp metric 101 在主机地址中添加一个静态路由,在 root 权限下,使用以下命令格式: -``` +```sh ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name] ``` @@ -441,7 +421,7 @@ ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name] 要在网络中添加一个静态路由,即代表 IP 地址范围的 IP 地址,请在root权限下运行以下命令格式: -``` +```sh ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name] ``` @@ -449,14 +429,14 @@ ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name] ### 通过ifcfg文件配置网络 ->![](./public_sys-resources/icon-note.gif) **说明:** ->通过ifcfg文件配置的网络配置不会立即生效,需要在root权限下执行**systemctl reload NetworkManager**命令以重启网络服务后才生效。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> 通过ifcfg文件配置的网络配置不会立即生效,修改文件后(以ifcfg-enp3s0为例),需要在root权限下执行**nmcli con reload;nmcli con up enp3s0**命令以重新加载配置文件并激活连接才生效。 #### 配置静态网络 以enp4s0网络接口进行静态网络设置为例,通过在root权限下修改ifcfg文件实现,在/etc/sysconfig/network-scripts/目录中生成名为ifcfg-enp4s0的文件中,修改参数配置,示例如下: -``` +```conf TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no @@ -480,7 +460,7 @@ ONBOOT=yes 要通过ifcfg文件为em1接口配置动态网络,请按照如下操作在/etc/sysconfig/network-scripts/目录中生成名为 ifcfg-em1 的文件,示例如下: -``` +```conf DEVICE=em1 BOOTPROTO=dhcp ONBOOT=yes @@ -488,19 +468,19 @@ ONBOOT=yes 要配置一个向DHCP服务器发送不同的主机名的接口,请在ifcfg文件中新增一行内容,如下所示: -``` +```conf DHCP_HOSTNAME=hostname ``` 要配置忽略由DHCP服务器发送的路由,防止网络服务使用从DHCP服务器接收的DNS服务器更新/etc/resolv.conf。请在ifcfg文件中新增一行内容,如下所示: -``` +```conf PEERDNS=no ``` 要配置一个接口使用具体DNS服务器,请将参数PEERDNS=no,并在ifcfg文件中添加以下行: -``` +```conf DNS1=ip-address DNS2=ip-address ``` @@ -515,41 +495,43 @@ DNS2=ip-address ## 配置主机名 - ### 简介 hostname有三种类型:static、transient和pretty。 -- static:静态主机名,可由用户自行设置,并保存在/etc/hostname 文件中。 -- transient:动态主机名,由内核维护,初始是 static 主机名,默认值为“localhost”。可由DHCP或mDNS在运行时更改。 -- pretty:灵活主机名,允许使用自由形式(包括特殊/空白字符)进行设置。静态/动态主机名遵从域名的通用限制。 +- static:静态主机名,可由用户自行设置,并保存在/etc/hostname 文件中。 +- transient:动态主机名,由内核维护,初始是 static 主机名,默认值为“localhost”。可由DHCP或mDNS在运行时更改。 +- pretty:灵活主机名,允许使用自由形式(包括特殊/空白字符)进行设置。静态/动态主机名遵从域名的通用限制。 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >static和transient主机名只能包含a-z、A-Z、0-9、“-”、“\_”和“.”,不能在开头或结尾处使用句点,不允许使用两个相连的句点,大小限制为 64 个字符。 ### 使用hostnamectl配置主机名 #### 查看所有主机名 + 查看当前的主机名,使用如下命令: -``` -$ hostnamectl status +```sh +hostnamectl status ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >如果命令未指定任何选项,则默认使用status选项。 #### 设定所有主机名 + 在root权限下,设定系统中的所有主机名,使用如下命令: -``` +```sh # hostnamectl set-hostname name ``` #### 设定特定主机名 + 在root权限下,通过不同的参数来设定特定主机名,使用如下命令: -``` +```sh # hostnamectl set-hostname name [option...] ``` @@ -559,23 +541,25 @@ $ hostnamectl status 当设定pretty主机名时,如果主机名中包含空格或单引号,需要使用引号。命令示例如下: -``` +```sh # hostnamectl set-hostname "Stephen's notebook" --pretty ``` #### 清除特定主机名 + 要清除特定主机名,并将其还原为默认形式,在root权限下,使用如下命令: -``` +```sh # hostnamectl set-hostname "" [option...] ``` 其中 "" 是空白字符串,option是\-\-pretty、\-\-static和\-\-transient中的一个或多个选项。 #### 远程更改主机名 + 在远程系统中运行hostnamectl命令时,要使用-H,\-\-host 选项,在root权限下使用如下命令: -``` +```sh # hostnamectl set-hostname -H [username]@hostname new_hostname ``` @@ -585,81 +569,77 @@ $ hostnamectl status 查询static主机名,使用如下命令: -``` -$ nmcli general hostname +```sh +nmcli general hostname ``` 在root权限下,将static主机名设定为host-server,使用如下命令: -``` +```sh # nmcli general hostname host-server ``` 要让系统hostnamectl感知到static主机名的更改,在root权限下,重启hostnamed服务,使用如下命令: -``` +```sh # systemctl restart systemd-hostnamed ``` ## 配置网络绑定 - ### 使用nmcli -- 创建名为mybond0的绑定,使用示例如下: +- 创建名为mybond0的绑定,使用示例如下: - ``` - $ nmcli con add type bond con-name mybond0 ifname mybond0 mode active-backup + ```sh + nmcli con add type bond con-name mybond0 ifname mybond0 mode active-backup ``` -- 添加从属接口,使用示例如下: +- 添加从属接口,使用示例如下: - ``` - $ nmcli con add type bond-slave ifname enp3s0 master mybond0 + ```sh + nmcli con add type bond-slave ifname enp3s0 master mybond0 ``` 要添加其他从属接口,重复上一个命令,并在命令中使用新的接口,使用示例如下: - ``` - $ nmcli con add type bond-slave ifname enp4s0 master mybond0 + ```sh + # nmcli con add type bond-slave ifname enp4s0 master mybond0 Connection 'bond-slave-enp4s0' (05e56afc-b953-41a9-b3f9-0791eb49f7d3) successfully added. ``` -- 要启动绑定,则必须首先启动从属接口,使用示例如下: +- 要启动绑定,则必须首先启动从属接口,使用示例如下: - ``` - $ nmcli con up bond-slave-enp3s0 + ```sh + # nmcli con up bond-slave-enp3s0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14) ``` - ``` - $ nmcli con up bond-slave-enp4s0 + ```sh + # nmcli con up bond-slave-enp4s0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15) ``` 现在可以启动绑定,使用示例如下: - ``` - $ nmcli con up mybond0 + ```sh + # nmcli con up mybond0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16) ``` - ### 使用命令行 - - #### 检查是否已安装Bonding内核模块 在系统中默认已加载相应模块。要载入绑定模块,可在root权限下使用如下命令: -``` +```sh # modprobe --first-time bonding ``` 显示该模块的信息,可在root权限下使用如下命令: -``` +```sh # modinfo bonding ``` @@ -671,7 +651,7 @@ $ nmcli general hostname 根据要绑定接口类型的配置文件来编写相应的内容,比如网络接口。接口配置文件示例如下: -``` +```conf DEVICE=bond0 NAME=bond0 TYPE=Bond @@ -689,7 +669,7 @@ BONDING_OPTS="bonding parameters separated by spaces" 例如将两个网络接口enp3s0 和 enp4s0 以频道方式绑定,其配置文件示例分别如下: -``` +```conf TYPE=Ethernet NAME=bond-slave-enp3s0 UUID=3b7601d1-b373-4fdf-a996-9d267d1cac40 @@ -699,7 +679,7 @@ MASTER=bond0 SLAVE=yes ``` -``` +```conf TYPE=Ethernet NAME=bond-slave-enp4s0 UUID=00f0482c-824f-478f-9479-abf947f01c4a @@ -713,30 +693,30 @@ SLAVE=yes 要激活绑定,则需要启动所有从属接口。请在root权限下,运行以下命令: -``` +```sh # ifup enp3s0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7) ``` -``` +```sh # ifup enp4s0 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >对于已经处于“up”状态的接口,请首先使用“ifdown _enp3s0_ ”命令修改状态为down,其中 _enp3s0_ 为实际网卡名称。 完成后,启动所有从属接口以便启动绑定(不将其设定为 “down”)。 要让 NetworkManager 感知到系统所做的修改,在每次修改后,请在root权限下,运行以下命令: -``` +```sh # nmcli con load /etc/sysconfig/network-scripts/ifcfg-device ``` 查看绑定接口的状态,请在root权限下运行以下命令: -``` +```sh # ip link show 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 @@ -755,13 +735,13 @@ Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkMa 系统会为每个绑定创建一个频道绑定接口,包括 BONDING\_OPTS 指令。使用这个配置方法可让多个绑定设备使用不同的配置。请按照以下操作创建多个频道绑定接口: -- 创建多个 ifcfg-bondN 文件,文件中包含 BONDING\_OPTS 指令,让网络脚本根据需要创建绑定接口。 -- 创建或编辑要绑定的现有接口配置文件,添加 SLAVE 指令。 -- 使用 MASTER 指令工具在频道绑定接口中分配要绑定的接口,即从属接口。 +- 创建多个 ifcfg-bondN 文件,文件中包含 BONDING\_OPTS 指令,让网络脚本根据需要创建绑定接口。 +- 创建或编辑要绑定的现有接口配置文件,添加 SLAVE 指令。 +- 使用 MASTER 指令工具在频道绑定接口中分配要绑定的接口,即从属接口。 以下是频道绑定接口配置文件示例: -``` +```conf DEVICE=bondN NAME=bondN TYPE=Bond @@ -777,26 +757,25 @@ BONDING_OPTS="bonding parameters separated by spaces" ## IPv6使用差异说明(vs IPv4) - - ### 约束限制 -- chrony支持全局地址(global address),不支持链路本地地址(link-local address)。 -- Firefox支持通过http/https协议访问全局地址(global address),不支持链路本地地址(link-local address)。 +- chrony支持全局地址(global address),不支持链路本地地址(link-local address)。 +- Firefox支持通过http/https协议访问全局地址(global address),不支持链路本地地址(link-local address)。 ### 配置说明 + #### 设置接口设备MTU值 ##### 概述 -IPv6场景中会发现整个路由路径中的最小mtu的值作为当前链接的PMTU的值,源端根据PMTU的值确定是否进行分片发送,而在整个路径中的其它设备将不再需要进行分片处理,从而可以降低中间路由设备的负载大小。其中IPv6 PMTU设置的最小值为1280。 +IPv6场景中会发现整个路由路径中的最小mtu的值作为当前链接的PMTU的值,源端根据PMTU的值确定是否进行分片发送,而在整个路径中的其他设备将不再需要进行分片处理,从而可以降低中间路由设备的负载大小。其中IPv6 PMTU设置的最小值为1280。 ##### 设置接口设备的mtu 如果在配置了IPv6地址的接口上设置mtu的值小于1280(IPv6 PMTU设置的最小值),则会导致该接口的IPv6地址被删除。并且无法再次添加IPv6地址。所以在IPv6场景中,对接口设备的mtu的配置一定要大于等于1280。 请在root权限下运行如下命令查看具体现象: -``` +```sh # ip addr show enp3s0 3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx @@ -806,7 +785,7 @@ IPv6场景中会发现整个路由路径中的最小mtu的值作为当前链接 valid_lft forever preferred_lft forever ``` -``` +```sh # ip link set dev enp3s0 mtu 1200 # ip addr show enp3s0 3: enp3s0: mtu 1200 qdisc pfifo_fast state UP group default qlen 1000 @@ -815,12 +794,12 @@ IPv6场景中会发现整个路由路径中的最小mtu的值作为当前链接 valid_lft 38642sec preferred_lft 38642sec ``` -``` +```sh # ip addr add 2001:222::2/64 dev enp3s0 RTNETLINK answers: No buffer space available ``` -``` +```sh # ip link set dev enp3s0 mtu 1500 # ip addr show enp3s0 3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 @@ -829,7 +808,7 @@ RTNETLINK answers: No buffer space available valid_lft 38538sec preferred_lft 38538sec ``` -``` +```sh # ip addr add 2001:222::2/64 dev enp3s0 # ip addr show enp3s0 3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 @@ -846,52 +825,51 @@ RTNETLINK answers: No buffer space available IPv6与IPv4都可以在root权限下通过DHCP的方式获得IP地址。IPv6地址有两种配置方式:无状态自动配置和有状态自动配置。 -- 无状态自动配置 +- 无状态自动配置 不需要DHCP服务进行管理,设备根据网络RA(路由公告)获得网络前缀,或者link-local地址为固定fe80::。而接口ID则根据ifcfg配置IPV6\_ADDR\_GEN\_MODE的具体设置来进行自动获得: - 1. IPv6\_ADDR\_GEN\_MODE="stable-privacy" 则根据设备及网络环境来确定一个随机接口ID。 - 2. IPv6\_ADDR\_GEN\_MODE="EUI64" 则根据设备MAC地址来确定接口ID。 + 1. IPv6\_ADDR\_GEN\_MODE="stable-privacy" 则根据设备及网络环境来确定一个随机接口ID。 + 2. IPv6\_ADDR\_GEN\_MODE="EUI64" 则根据设备MAC地址来确定接口ID。 -- 有状态自动配置:需要DHCP服务器进行管理分配,服从DHCPv6协议来从DHCPv6服务器端租赁IPv6地址。 +- 有状态自动配置:需要DHCP服务器进行管理分配,服从DHCPv6协议来从DHCPv6服务器端租赁IPv6地址。 在有状态自动配置IPv6地址时,DHCPv6服务端可以通过客户端设置的vendor class将客户端进行分类,不同类别分配不同地址段的IPv6地址。在IPv4场景中,客户端可以直接用dhclient的-V选项来设置vendor-class-identifier,DHCP服务端在配置文件中根据vendor-class-identifier来对客户端进行分类处理。而IPv6场景中,如果使用同样的方法对客户端分类,则分类并不会生效。 - ``` + ```sh dhclient -6 -V ``` 这是由于DHCPv6和DHCP协议存在较大差异,DHCPv6的可选项中使用vendor-class-option替代了DHCP中的vendor-class-identifier。而dhclient的-V选项并不能设置vendor-class-option。 - ##### 有状态自动配置IPv6地址时dhclient设置vendor class方法 -- 在客户端使用配置文件方式添加对vendor class的设置,使用方法如下: +- 在客户端使用配置文件方式添加对vendor class的设置,使用方法如下: 客户端配置文件(/etc/dhcp/dhclient6.conf),文件位置可以自定义,在使用时需要通过dhclient -cf选项来指定配置文件: - ``` + ```sh option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; interface "enp3s0" { send dhcp6.vendor-class ; } ``` - >![](./public_sys-resources/icon-note.gif) **说明:** - >- \,32位整型数字,企业标识号,企业通过IANA注册。 - >- \,16位整型数字,vendor class字符串长度。 - >- \,要设置的vendor class字符串,例如:“HWHW”。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - \,32位整型数字,企业标识号,企业通过IANA注册。 + > - \,16位整型数字,vendor class字符串长度。 + > - \,要设置的vendor class字符串,例如:“HWHW”。 客户端使用方法: - ``` + ```sh dhclient -6 -cf /etc/dhcp/dhclient6.conf ``` +- DHCPv6服务端配置文件(/etc/dhcp/dhcpd6.conf),需要dhcpd -cf选项来指定该配置文件: -- DHCPv6服务端配置文件(/etc/dhcp/dhcpd6.conf),需要dhcpd -cf选项来指定该配置文件: - - ``` + ```conf option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; subnet6 fc00:4:12:ffff::/64 { class "hw" { @@ -908,16 +886,15 @@ IPv6与IPv4都可以在root权限下通过DHCP的方式获得IP地址。IPv6地 } ``` - >![](./public_sys-resources/icon-note.gif) **说明:** - >substring \( option dhcp6.vendor-class, 6, 10 \) 其中子字符串的开始位置为6,因为前面包含4个字节的和2个字节的。而子字符串的结束位置位:6+。这里vendor class string为“HWHW”,字符串的长度为4,所以子字符串的结束位置为6+4=10。用户可以根据实际需要来确定及相应的。 + >![](./public_sys-resources/icon-note.gif) **说明:** + >substring \( option dhcp6.vendor-class, 6, 10 \) 其中子字符串的开始位置为6,因为前面包含4个字节的和2个字节的。而子字符串的结束位置为:6+。这里vendor class string为“HWHW”,字符串的长度为4,所以子字符串的结束位置为6+4=10。用户可以根据实际需要来确定及相应的。 服务端使用方法: - ``` + ```sh dhcpd -6 -cf /etc/dhcp/dhcpd6.conf ``` - #### 内核支持socket相关系统调用 ##### 概述 @@ -926,9 +903,9 @@ IPv6地址长度扩展到128比特,所以有足够的IPv6地址可供分配使 ##### link-local地址和global地址在socket调用时的差异 -RFC 2553: Basic Socket Interface Extensions for IPv6 定义sockaddr\_in6的数据结构如下; +RFC 2553: Basic Socket Interface Extensions for IPv6 定义sockaddr\_in6的数据结构如下: -``` +```conf struct sockaddr_in6 { uint8_t sin6_len; /* length of this struct */ sa_family_t sin6_family; /* AF_INET6 */ @@ -939,12 +916,12 @@ struct sockaddr_in6 { }; ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >sin6\_scope\_id: 32位整型,对于链路本地地址(link-local address),对于链路范围的sin6\_addr,它可以用来标识指定的接口索引号。如果是站点范围的sin6\_addr,则用来作为站点的标识符(站点本地地址已被抛弃)。 -在使用link-local地址进行socket通信时,在构造目的地址时,需要制定该地址所对应的接口索引号。一般可以通过if\_nametoindex函数将接口名转化为接口索引号。具体方式如下, +在使用link-local地址进行socket通信时,在构造目的地址时,需要指定该地址所对应的接口索引号。一般可以通过if\_nametoindex函数将接口名转化为接口索引号。具体方式如下: -``` +```conf int port = 1234; int sk_fd; int iff_index = 0; @@ -974,29 +951,28 @@ dhclient提供了"-1"选项来决定dhclient进程在未获得DHCP服务响应 ##### 约束限制 -1. 当dhclient进程在运行中被杀死,network服务无法自动将其拉起,可靠性需要用户自己保障。 -2. 配置了持久化选项PERSISTENT\_DHCLIENT,需要确保有相应的DHCP服务器。如果在拉起network时无可用DHCP服务器,dhclient进程不断尝试发送请求包但无回应,则会导致network服务卡死直到network服务超时失败。由于network服务在拉起多个网卡的IPv4 dhclient进程时,是通过串行的方式来拉起的。如果有网卡配置了持久化而DHCP服务器没有准备好,则会导致network服务在给该网卡获取IPv4地址超时卡死,进而导致后续网卡无法获得IPv4/IPv6地址。 +1. 当dhclient进程在运行中被杀死,network服务无法自动将其拉起,可靠性需要用户自己保障。 +2. 配置了持久化选项PERSISTENT\_DHCLIENT,需要确保有相应的DHCP服务器。如果在拉起network时无可用DHCP服务器,dhclient进程不断尝试发送请求包但无回应,则会导致network服务卡死直到network服务超时失败。由于network服务在拉起多个网卡的IPv4 dhclient进程时,是通过串行的方式来拉起的。如果有网卡配置了持久化而DHCP服务器没有准备好,则会导致network服务在给该网卡获取IPv4地址超时卡死,进而导致后续网卡无法获得IPv4/IPv6地址。 以上两种约束限制是特殊的应用场景,需要用户自己进行可靠性保障。 ##### IPv4 DHCP和IPv6 DHCPv6方式获取地址的配置差异 -可以通过配置接口ifcfg-参数来分别实现IPv4和IPv6通过DHCP/DHCPv6协议来动态获取IP地址,具体配置说明如下; +可以通过配置接口ifcfg-参数来分别实现IPv4和IPv6通过DHCP/DHCPv6协议来动态获取IP地址,具体配置说明如下: -``` +```conf BOOTPROTO=none|bootp|dhcp DHCPV6C=yes|no PERSISTENT_DHCLIENT=yes|no|1|0 ``` -- BOOTPROTO: none表示静态配置IPv4地址,bootp|dhcp则会拉起DHCP dhclient来动态获取IPv4地址。 -- DHCPV6C: no表示静态配置IPv6地址,yes则会拉起DHCPv6 dhclient来动态获取IPv6地址。 -- PERSISTENT\_DHCLIENT:no|0表示IPv4的dhclient进程配置为“非持久化”,当dhclient向DHCP服务器发送一次请求报文而无响应,则会间隔一段时间后退出,退出值为2。yes|1则表示IPv4的dhclient进程配置为“持久化”,dhclient会向DHCP服务器反复发送请求报文。**如果没有配置PERSISTENT\_DHCLIENT项,则IPv4的dhclient会默认设置为“持久化”**。 +- BOOTPROTO: none表示静态配置IPv4地址,bootp|dhcp则会拉起DHCP dhclient来动态获取IPv4地址。 +- DHCPV6C: no表示静态配置IPv6地址,yes则会拉起DHCPv6 dhclient来动态获取IPv6地址。 +- PERSISTENT\_DHCLIENT:no|0表示IPv4的dhclient进程配置为“非持久化”,当dhclient向DHCP服务器发送一次请求报文而无响应,则会间隔一段时间后退出,退出值为2。yes|1则表示IPv4的dhclient进程配置为“持久化”,dhclient会向DHCP服务器反复发送请求报文。**如果没有配置PERSISTENT\_DHCLIENT项,则IPv4的dhclient会默认设置为“持久化”**。 - >![](./public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >PERSISTENT\_DHCLIENT配置只针对IPv4生效,对IPv6相关dhclient -6进程不生效,IPv6默认不进行持久化配置。 - #### iproute相关命令配置IPv4与IPv6时的差异说明 ##### 概述 @@ -1016,7 +992,7 @@ iproute相关命令均需要在root权限下运行。

tentative

临时状态:刚添加地址还处于地址重复检测DAD过程

+

临时状态:刚添加地址还处于地址重复检测DAD过程。

preferred

@@ -1038,26 +1014,26 @@ iproute相关命令均需要在root权限下运行。
-其它说明: +其他说明: -- preferred\_lft:preferred lifetime,地址为首选状态的寿命,preferred\_lft没有到期的地址可以用于正常通信使用,若有多个preferred地址则按照内核具体机制选择地址。 -- valid\_lft: valid lifetime,地址有效的寿命,在\[preferred\_lft, valid\_lft\]时间段内该地址不能被用于新建连接,已经创建的连接继续有效。 +- preferred\_lft:preferred lifetime,地址为首选状态的寿命,preferred\_lft没有到期的地址可以用于正常通信使用,若有多个preferred地址则按照内核具体机制选择地址。 +- valid\_lft: valid lifetime,地址有效的寿命,在\[preferred\_lft, valid\_lft\]时间段内该地址不能被用于新建连接,已经创建的连接继续有效。 ##### ip link 命令 命令: -``` +```sh ip link set IFNAME mtu MTU ``` -IPv6中PMTU的最小值为1280,如果mtu值设置小于1280则会导致IPv6地址丢失。其它设备无法ping通该IPv6地址。 +IPv6中PMTU的最小值为1280,如果mtu值设置小于1280则会导致IPv6地址丢失。其他设备无法ping通该IPv6地址。 ##### ip addr命令 -1. 命令: +1. 命令: - ``` + ```sh ip [-6] addr add IFADDR dev IFNAME ``` @@ -1065,83 +1041,79 @@ IPv6中PMTU的最小值为1280,如果mtu值设置小于1280则会导致IPv6地 如果指定“-6”选项,但是IFADDR 是ipv4地址则会有错误返回。 -2. 命令: +2. 命令: - ``` + ```sh ip [-6] addr add IFADDR dev IFNAME [home|nodad] ``` \[home|nodad\] 选项只针对IPv6地址有效。 - - home:将该地址指定为RFC 6275中定义的家庭地址。(这是移动节点从家庭链路获取的地址, 是移动节点的永久地址,如果移动节点保持在相同的归属链路中,则各种实体之间的通信照常进行。) - - nodad:配置该项(仅限IPv6)添加此地址时不执行重复地址检测DAD(RFC 4862)。如果一台设备上多个接口通过nodad配置了多个相同的IPv6地址,则会按照接口顺序使用该IPv6地址。同一个接口上不能添加一个nodad一个非nodad的相同IPv6地址。因为两个地址是一样的,所以会报“RTNETLINK answers: File exists”。 + - home:将该地址指定为RFC 6275中定义的家庭地址。(这是移动节点从家庭链路获取的地址, 是移动节点的永久地址,如果移动节点保持在相同的归属链路中,则各种实体之间的通信照常进行。) + - nodad:配置该项(仅限IPv6)添加此地址时不执行重复地址检测DAD(RFC 4862)。如果一台设备上多个接口通过nodad配置了多个相同的IPv6地址,则会按照接口顺序使用该IPv6地址。同一个接口上不能添加一个nodad一个非nodad的相同IPv6地址。因为两个地址是一样的,所以会报“RTNETLINK answers: File exists”。 -3. 命令: +3. 命令: - ``` + ```sh ip [-6] addr del IFADDR dev IFNAME ``` 删除IPv6地址可以选择添加-6选项也可以不添加,ip addr del命令会根据具体地址类型来判断是ipv4地址还是IPv6地址。 -4. 命令: +4. 命令: - ``` + ```sh ip [-6] addr show dev IFNAME [tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary] ``` - - 不指定-6选项,则会同时打印IPv4和IPv6地址。指定-6选项则只打印IPv6地址。 - - \[tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary\],这些选项只针对IPv6,可以根据IPv6地址状态对地址进行筛选查看。 - 1. tentative:(仅限IPv6)仅列出尚未通过重复地址检测的地址。 - 2. -tentative:(仅限IPv6)仅列出当前未处于重复地址检测过程中的地址。 - 3. deprecated:(仅限IPv6)仅列出已弃用的地址。 - 4. -deprecated:(仅限IPv6)仅列出未弃用的地址。 - 5. dadfailed:(仅限IPv6)仅列出重复地址检测失败的地址。 - 6. -dadfailed:(仅限IPv6)仅列出未重复地址检测失败的地址。 - 7. temporary:(仅限IPv6)仅列出临时地址 - - + - 不指定-6选项,则会同时打印IPv4和IPv6地址。指定-6选项则只打印IPv6地址。 + - \[tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary\],这些选项只针对IPv6,可以根据IPv6地址状态对地址进行筛选查看。 + 1. tentative:(仅限IPv6)仅列出尚未通过重复地址检测的地址。 + 2. -tentative:(仅限IPv6)仅列出当前未处于重复地址检测过程中的地址。 + 3. deprecated:(仅限IPv6)仅列出已弃用的地址。 + 4. -deprecated:(仅限IPv6)仅列出未弃用的地址。 + 5. dadfailed:(仅限IPv6)仅列出重复地址检测失败的地址。 + 6. -dadfailed:(仅限IPv6)仅列出未重复地址检测失败的地址。 + 7. temporary:(仅限IPv6)仅列出临时地址。 ##### ip route命令 -1. 命令: +1. 命令: - ``` + ```sh ip [-6] route add ROUTE [mtu lock MTU] ``` - - -6选项:添加IPv6路由可以选择添加-6选项也可以不添加,ip route命令会根据具体地址类型来判断是IPv4地址还是IPv6地址。 + - -6选项:添加IPv6路由可以选择添加-6选项也可以不添加,ip route命令会根据具体地址类型来判断是IPv4地址还是IPv6地址。 - - mtu lock MTU:锁定路由的MTU值。如果不锁定MTU,则MTU的值则可能在PMTUD过程中被内核改变。如果锁定MTU,则不会尝试PMTUD,所有IPv4包都将不设置DF位发出,IPv6包则会按照MTU进行分段处理。 + - mtu lock MTU:锁定路由的MTU值。如果不锁定MTU,则MTU的值则可能在PMTUD过程中被内核改变。如果锁定MTU,则不会尝试PMTUD,所有IPv4包都将不设置DF位发出,IPv6包则会按照MTU进行分段处理。 -2. 命令: +2. 命令: - ``` + ```sh ip [-6] route del ROUTE ``` 删除IPv6路由可以选择添加-6选项也可以不添加,ip route命令会根据具体地址类型来判断是IPv4地址还是IPv6地址。 - ##### ip rule命令 -1. 命令: +1. 命令: - ``` + ```sh ip [-6] rule list ``` -6选项:设置-6选项打印IPv6的策略路由,不设置-6选项打印IPv4的策略路由。所以需要根据具体协议类型来配置-6选项。 -2. 命令: +2. 命令: - ``` + ```sh ip [-6] rule [add|del] [from|to] ADDR table TABLE pref PREF ``` -6选项:IPv6相关的策略路由表项需要设置-6选项,否则会报错:“Error: Invalid source address.”。相应地,IPv4相关的策略路由表项不可以设置-6选项,否则会报错:“Error: Invalid source address.”。 - #### NetworkManager服务配置差异说明 ##### 概述 @@ -1298,6 +1270,7 @@ NetworkManager服务使用ifup/ifdown的逻辑接口定义进行高级网络设
### FAQ + #### iscsi-initiator-utils不支持登录fe80 IPv6地址 ##### 问题现象 @@ -1326,9 +1299,9 @@ NetworkManager服务使用ifup/ifdown的逻辑接口定义进行高级网络设 ##### 问题现象 -下列方式配置或删除(包括flush)IPv6地址方式,X为动态变化的低16位,并且配置在bond口时,耗时会随已配置的IPv6地址数量成数倍增加。例如由4个物理网卡组成的bond口添加IPv6地址时,单线程添加删除3000 IPv6地址均需大概5分钟,而普通物理网卡耗时在10秒内。 +下列方式配置或删除(包括flush)IPv6地址,X为动态变化的低16位,并且配置在bond口时,耗时会随已配置的IPv6地址数量成倍增加。例如由4个物理网卡组成的bond口添加IPv6地址时,单线程添加删除3000个IPv6地址均需大概5分钟,而普通物理网卡耗时在10秒内。 -``` +```sh ip a add/del 192:168::18:X/64 dev DEVICE ``` @@ -1356,11 +1329,12 @@ rsyslog客户端配置文件同时配置IPv4和IPv6地址,且端口配置相 可在root权限下通过配置Direct模式,关闭缓冲队列机制解决该问题。在rsyslog远程传输服务端的/etc/rsyslog.d目录下新增的远程传输配置文件中,最开头增加如下配置: -``` -$ActionQueueType Direct -$MainMsgQueueType Direct +```sh +ActionQueueType Direct +MainMsgQueueType Direct ``` ->![](./public_sys-resources/icon-note.gif) **说明:** ->- Direct模式减少队列大小为1,所以在队列中会保留1条日志到下次日志打印; ->- Direct模式会降低服务器端的rsyslog性能。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - Direct模式减少队列大小为1,所以在队列中会保留1条日志到下次日志打印。 +> - Direct模式会降低服务器端的rsyslog性能。 diff --git a/docs/zh/docs/ApplicationDev/application-development.md b/docs/zh/docs/ApplicationDev/application-development.md index 6abc3ddfa58ab2cfef92ef326f79582355be2469..22a0278cd59212ec9b426416330d564c21bdf72a 100644 --- a/docs/zh/docs/ApplicationDev/application-development.md +++ b/docs/zh/docs/ApplicationDev/application-development.md @@ -1,10 +1,10 @@ # 应用开发指南 -本文档简要介绍应用程序开发需要的常用工具,以指导用户使用openEuler并基于openEuler进行应用程序开发。 +本文档简要介绍应用程序开发需要的常用工具,以指导用户使用openEuler进行开发。 ## 概述 -本文档主要介绍如下四部分内容,以指导用户使用openEuler并基于openEuler进行代码开发。 +本文档主要介绍如下内容: - 在openEuler系统中安装和使用GCC编译器,并完成一个简单代码的开发、编译和执行。 - 在openEuler系统中使用JDK自带工具完成代码的编译和执行。 @@ -22,27 +22,10 @@ 在本文中可能出现下列标志,它们所代表的含义如下。 - - - - - - - - - - - - -

符号

-

说明

-

![](./figures/zh-cn_image_0229243712.png)

-

用于传递设备或环境安全警示信息,若不避免,可能会导致设备损坏、数据丢失、设备性能降低或其它不可预知的结果。

-

“注意”不涉及人身伤害。

-

![](./figures/zh-cn_image_0229243671.png)

-

用于突出重要/关键信息、最佳实践和小窍门等。

-

“说明”不是安全警示信息,不涉及人身、设备及环境伤害。

-
+| 符号 |说明 | +|:--- |:---- | +| ![](./figures/zh-cn_image_0229243712.png)|用于传递设备或环境安全警示信息,若不避免,可能会导致设备损坏、数据丢失、设备性能降低或其他不可预知的结果。
“注意”不涉及人身伤害。| +| ![](./figures/zh-cn_image_0229243671.png)|用于突出重要/关键信息、最佳实践和小窍门等。
“说明”不是安全警示信息,不涉及人身、设备及环境伤害。| ## 命令行格式约定 diff --git "a/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" "b/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" index 994fdee00a8f058f7b5a3efef701601573f456a7..c953222b448ef6accbc0dd97cd8622d9d3440001 100644 --- "a/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" +++ "b/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" @@ -214,7 +214,7 @@ GCC是一个功能强大的编译器,其 _options_ 参数取值很多,但有

-shared

默认选项,可省略。

-
  • 可以生成动态库文件。
  • 进行动态编译,优先链接动态库,只有没有动态库是才会链接同名的静态库。
+
  • 可以生成动态库文件。
  • 进行动态编译,优先链接动态库,只有没有动态库时才会链接同名的静态库。

-

.java

java语言源代码文件。

+

Java语言源代码文件。

.class

java的字节码文件,是一种和任何具体机器环境及操作系统环境无关的中间代码。它是一种二进制文件,是Java 源文件由 Java 编译器编译后生成的目标代码文件。

+

Java的字节码文件,是一种和任何具体机器环境及操作系统环境无关的中间代码。它是一种二进制文件,是Java 源文件由 Java 编译器编译后生成的目标代码文件。

.jar

java的jar压缩文件。

+

Java的jar压缩文件。

jar

创建和管理Jar文件

+

创建和管理jar文件

-cp path或-classpath path

指定要运行的文件所在的位置以及需要用到的类路径,包括jar、zip和class文件目录。

-

当路径有多个是,使用“:”分隔。

+

当路径有多个时,使用“:”分隔。

-

M

不产生所有项的manifest清单文件,此参数会忽略m参数

+

不产生所有项的manifest清单文件,此参数会忽略m参数。

#把当前目录的hello.class文件打包到Hello.jar,并显示打包的过程。如果Hello.jar文件还不存在,就创建它,否则首先清空它。但在创建Hello.jar时不产生manifest 文件。

jar cvfM Hello.jar hello.class

@@ -318,7 +318,7 @@ jar命令参数说明如[表5](#table3691718114817)所示。

manifest

.mf的manifest清单文件,它是m参数的附属参数

+

.mf的manifest清单文件,它是m参数的附属参数。

-

-C dir,\-\-directory=dir

+

-C dir,--directory=dir

指定make在开始运行后的工作目录为dir

当存在多个 -C 选项的时候,make 的最终工作目录是第一个目录的相对路径。

@@ -142,73 +142,73 @@ _target_ :Makefile中指定的目标。

make在执行的过程中打印出所有的调试信息。使用-d选项可以显示make构造依赖关系链、重建目标过程中的所有信息。

-e,\-\-enveronment-overrides

+

-e,--environment-overrides

使用环境变量定义覆盖Makefile中的同名变量定义。

-f file,\-\-file=file

-

\-\-makefile=file

+

-f file,--file=file

+

--makefile=file

指定file文件为make 执行的Makefile文件。

-p,\-\-help

+

-h,--help

打印帮助信息。

-i,\-\-ignore-errors

+

-i,--ignore-errors

执行过程中忽略规则命令执行的错误。

-k,\-\-keep-going

+

-k,--keep-going

执行命令错误时不终止make的执行,make 尽最大可能执行所有的命令,直至出现知名的错误才终止。

+

执行命令错误时不终止make的执行,make 尽最大可能执行所有的命令,直至出现致命的错误才终止。

-n,\-\-just-print,\-\-dry-run

+

-n,--just-print,--dry-run

按实际运行时的执行顺序模拟执行命令(包括用@开头的命令),没有实际执行效果,仅仅用于显示执行过程。

-o file,\-\-old-file=file,\-\-assume-old=file

+

-o file,--old-file=file,--assume-old=file

指定file文件不需要重建,即使它的依赖已经过期,同时不重建此依赖文件的任何目标。

-p,\-\-print-date-base

+

-p,--print-data-base

命令执行之前,打印出make读取的Makefile的所有数据,同时打印出 make的版本信息。如果只需要打印这些数据信息,可以使用 “make -qp”命令,查看 make 执行之前预设的规则和变量,可使用命令“make -p -f /dev/null”。

-r,\-\-no-builtin-rules

+

-r,--no-builtin-rules

忽略内嵌的隐含规则的使用,同时忽略所有后缀规则的隐含后缀列表。

-R,\-\-no-builtin-variabes

+

-R,--no-builtin-variables

忽略内嵌的隐含变量。

-s,\-\-silent,\-\-quiet

+

-s,--silent,--quiet

取消命令执行过程中的打印。

-S,\-\-no-keep-going,\-\-stop

+

-S,--no-keep-going,--stop

取消 "-k" 的选项在递归的 make 过程中子 make 通过 "MAKEFLAGS" 变量继承了上层的命令行选项那个。我们可以在子 make 中使用“-S”选项取消上层传递的 "-k" 选项,或者取消系统环境变量 "MAKEFLAGS" 中 "-k"选项。

+

取消 "-k" 的选项在递归的 make 过程中子 make 通过 "MAKEFLAGS" 变量继承了上层的命令行选项。我们可以在子 make 中使用“-S”选项取消上层传递的 "-k" 选项,或者取消系统环境变量 "MAKEFLAGS" 中 "-k"选项。

-t,\-\-touch

+

-t,--touch

更新所有的目标文件的时间戳到当前系统时间。防止 make 对所有过时目标文件的重建。

-v,version

+

-v,--version

查看make的版本信息。
-- 若使用的是虚拟机,则开发环境所需的小虚拟化空间要求如[表2](#table780410493819)所示。 +- 若使用的是虚拟机,则开发环境所需的最小虚拟化空间要求如[表2](#table780410493819)所示。 **表 2** 最小虚拟化空间要求 @@ -110,149 +90,141 @@
- ### 操作系统要求 操作系统要求为openEuler操作系统。 -openEuler操作系统具体安装方法请参考[openEuler 20.03 LTS 安装指南](./../Installation/Installation.md),其中“软件选择”页面的“已选环境的附加选项”中将“开发工具”勾选。 +openEuler操作系统具体安装方法请参考[openEuler 20.03 LTS SP4 安装指南](./../Installation/installation.md),其中“软件选择”页面的“已选环境的附加选项”中将“开发工具”勾选。 -## 配置openEuler yum源(软件源) +## 配置openEuler yum源 通过直接获取在线的openEuler repo源配置在线yum源或通过挂载ISO创建本地openEuler repo源配置本地yum源。 ### 通过直接获取在线的openEuler repo源配置在线yum源 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](./../Releasenotes/系统安装.md)。本操作以AArch64架构的OS repo源为例将其配置为yum源。 -1. 进入到yum源目录并查看目录下的.repo配置文件。 +1. 进入到yum源目录并查看目录下的.repo配置文件。 - ``` + ```sh $ cd /etc/yum.repos.d - $ ls - openEuler_aarch64.repo + + $ ls + openEuler_aarch64.repo ``` -2. 在root权限下编辑openEuler_aarch64.repo文件,将在线的openEuler repo源配置为yum源。 +2. 在root权限下编辑openEuler_aarch64.repo文件,将在线的openEuler repo源配置为yum源。 - ``` + ```sh # vi openEuler_aarch64.repo ``` 编辑openEuler_aarch64.repo文件的内容如下: - - - ``` - [osrepo] + ```sh + [osrepo] name=osrepo - - baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/ - + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/ enabled=1 - gpgcheck=1 - gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler - ``` + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/aarch64/RPM-GPG-KEY-openEuler + ``` **** - >![](./public_sys-resources/icon-note.gif) **说明:** - > - \[*repoid*\]中的repoid为软件仓库(repository)的ID号,所有.repo配置文件中的各repoid不能重复,必须唯一。示例中repoid设置为**osrepo**。 - > - name为软件仓库描述的字符串。 - > - baseurl为软件仓库的地址。 - > - enabled为是否启用该软件源仓库,可选值为1和0。默认值为1,表示启用该软件源仓库。 - > - gpgcheck可设置为1或0,1表示进行gpg(GNU Private Guard)校验,0表示不进行gpg校验,gpgcheck可以确定rpm包的来源是有效和安全的。 - > - gpgkey为验证签名用的公钥。 + >![](./public_sys-resources/icon-note.gif) **说明:** + > + > - \[*repoid*\]中的repoid为软件仓库(repository)的ID号,所有.repo配置文件中的各repoid不能重复,必须唯一。示例中repoid设置为**osrepo**。 + > - name为软件仓库描述的字符串。 + > - baseurl为软件仓库的地址。 + > - enabled为是否启用该软件源仓库,可选值为1和0。默认值为1,表示启用该软件源仓库。 + > - gpgcheck可设置为1或0,1表示进行gpg(GNU Private Guard)校验,0表示不进行gpg校验,gpgcheck可以确定rpm包的来源是有效和安全的。 + > - gpgkey为验证签名用的公钥。 ### 通过挂载ISO创建本地openEuler repo源配置本地yum源 ->![](./public_sys-resources/icon-note.gif) **说明:** ->openEuler提供了多种ISO发布包,各ISO发布包含义可参考[系统安装](./../Releasenotes/系统安装.md)。本操作以openEuler-20.03-LTS-aarch64-dvd.iso发布包和openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum校验文件为例,请根据实际需要的ISO发布包和校验文件进行修改。 - -1. 下载ISO发布包。 - - 通过跨平台文件传输工具下载ISO镜像 - 1. 登录openEuler社区,网址为:[https://openeuler.org](https://openeuler.org)。 - 2. 单击“下载”,进入下载页面。 - 3. 单击“获取ISO:”后面的“Link”,显示版本列表。 - 4. 选择需要下载的版本,如openEuler 20.03 LTS,则单击“openEuler-20.03-LTS”,进入下载列表。 - 5. 单击“ISO”,进入ISO下载列表。 - - aarch64:AArch64架构的ISO。 - - x86\_64:x86\_64架构的ISO。 - - source:openEuler源码ISO。 - - 6. 单击“aarch64”。 - 7. 单击“openEuler-20.03-LTS-aarch64-dvd.iso”,将openEuler发布包下载到本地。 - 8. 单击“openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 - 9. 登录openEuler操作系统,新建用于存放发布包和检验文件的目录,如“~/iso”。 - - ``` - $ mkdir ~/iso - ``` - - 10. 使用跨平台文件传输工具(如WinSCP)将本地的openEuler发布包和校验文件上传到openEuler操作系统。 - - - 通过wget命令下载ISO镜像。 - 1. 登录openEuler社区,网址为:[https://openeuler.org](https://openeuler.org)。 - 2. 单击“下载”,进入下载页面。 - 3. 单击“获取ISO:”后面的“Link”,显示版本列表。 - 4. 选择需要下载的版本,如openEuler 20.03 LTS,则单击“openEuler-20.03-LTS”,进入下载列表。 - 5. 单击“ISO”,进入ISO下载列表。 - - aarch64:AArch64架构的ISO。 - - x86\_64:x86\_64架构的ISO。 - - source:openEuler源码ISO。 - - 6. 单击“aarch64”。 - 7. 右键单击“openEuler-20.03-LTS-aarch64-dvd.iso”,单击“复制链接地址”,将openEuler发布包地址记录好。 - 8. 右键单击“openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum”,单击“复制链接地址”,将openEuler校验文件地址记录好。 - 9. 登录openEuler操作系统,新建用于存放发布包和检验文件的目录,如“~/iso”,并切换到该目录。 - - ``` - $ mkdir ~/iso - $ cd ~/iso - ``` - - 10. 使用**wget**命令远程下载发布包和检验文件,命令中的 _ipaddriso_ 和 _ipaddrisosum_ 分别为[1.g](#li62369349505)和[1.h](#li9236203405015)中记录的地址。 - - ``` - $ wget ipaddriso - $ wget ipaddrisosum - ``` - - -2. 发布包完整性校验。 - 1. 获取校验文件中的校验值。 +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler提供了多种ISO发布包,各ISO发布包含义可参考[系统安装](./../Releasenotes/系统安装.md\)。本操作以openEuler-20.03-LTS-SP4-aarch64-dvd.iso发布包和sha256校验文件为例,请根据实际需要的ISO发布包和校验文件进行修改。 - ``` - $ cat openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum - ``` +1. 下载ISO发布包。 + - 通过跨平台文件传输工具下载ISO镜像。 + 1. 登录[openEuler社区](https://openeuler.org/zh/)网站。 + 2. 单击“下载”。 + 3. 单击“社区发行版”,显示版本列表。 + 4. 在版本列表的“openEuler 20.03 LTS SP4”版本处单击“前往下载”按钮,进入openEuler-20.03-LTS-SP4版本下载列表。 + 5. 在对应的系统下载列表中,可以查看系统镜像架构和应用场景。 - 2. 计算openEuler发布包的sha256校验值。 + 架构分类如下: - ``` - $ sha256sum openEuler-20.03-LTS-aarch64-dvd.iso + - AArch64:AArch64架构的ISO。 + - x86\_64:x86\_64架构的ISO。 + + 6. 单击“AArch64”,选择AArch64架构。 + 7. 在“软件包类型”栏选择需要的ISO,单击“立即下载”。 + 8. 单击该ISO对应的完整性校验文件“SHA256”,复制校验值到本地。 + 9. 登录openEuler操作系统,新建用于存放发布包的目录,如“~/iso”。 + + ```sh + mkdir ~/iso + ``` + + 10. 使用跨平台文件传输工具(如WinSCP)将本地的openEuler发布包上传到openEuler操作系统。 + + - 通过wget命令下载ISO镜像。 + 1. 登录[openEuler社区](https://openeuler.org/zh/)网站。 + 2. 单击“下载”。 + 3. 单击“社区发行版”,显示版本列表。 + 4. 在版本列表的“openEuler 20.03 LTS SP4”版本处单击“前往下载”按钮,进入openEuler-20.03-LTS SP4版本下载列表。 + 5. 在对应的系统下载列表中,可以查看系统镜像架构和应用场景。 + + 架构分类如下: + + - AArch64:AArch64架构的ISO。 + - x86\_64:x86\_64架构的ISO。 + + 6. 单击“AArch64”,选择AArch64架构。 + 7. 在“软件包类型”栏选择需要的ISO,右键单击“立即下载”,单击“复制链接地址”,将openEuler发布包地址记录好。 + 8. 单击复制该ISO对应的完整性校验文件“SHA256”,将openEuler校验文件记录好。 + 9. 登录openEuler操作系统,新建用于存放发布包和检验文件的目录,如“~/iso”,并切换到该目录。 + + ```sh + mkdir ~/iso + cd ~/iso + ``` + + 10. 使用**wget**命令远程下载发布包,命令中的 *ipaddriso* 为openEuler发布包地址。 + + ```sh + wget ipaddriso + ``` + +2. 发布包完整性校验。 + 1. 计算openEuler发布包的sha256校验值。 + + ```sh + sha256sum openEuler-20.03-LTS-SP4-aarch64-dvd.iso ``` 命令执行完成后,输出校验值。 - 3. 对比步骤1和步骤2计算的校验值是否一致。 + 2. 对比步骤1和复制的校验值是否一致。 - 如果校验值一致说明iso文件完整性没有破坏,如果校验值不一致则可以确认文件完整性已被破坏,需要重新获取。 + 如果校验值一致说明iso文件完整性没有被破坏,如果校验值不一致则可以确认文件完整性已被破坏,需要重新获取。 -3. 挂载ISO并创建为repo源。 +3. 挂载ISO并创建为repo源。 在root权限下使用mount命令挂载镜像文件。 示例如下: - ``` - # mount /home/iso/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ + ```sh + # mount /home/iso/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt/ ``` 挂载好的mnt目录如下: - ``` + ```sh . │── boot.catalog │── docs @@ -265,129 +237,121 @@ openEuler操作系统具体安装方法请参考[openEuler 20.03 LTS 安装指 ``` 其中,Packages为rpm包所在的目录,repodata为repo源元数据所在的目录,RPM-GPG-KEY-openEuler为openEuler的签名公钥。 - -4. 进入到yum源目录并查看目录下的.repo配置文件。 - ``` +4. 进入到yum源目录并查看目录下的.repo配置文件。 + + ```sh $ cd /etc/yum.repos.d - $ ls - openEuler_aarch64.repo + + $ ls + openEuler_aarch64.repo ``` -2. 在root权限下编辑openEuler_aarch64.repo文件,将[3](#li6236932222)中创建的repo源配置为本地yum源。 +2. 在root权限下编辑openEuler_aarch64.repo文件,将[3](#li6236932222)中创建的repo源配置为本地yum源。 - ``` + ```sh # vi openEuler_aarch64.repo ``` 编辑openEuler_aarch64.repo文件的内容如下: - ``` - [localosrepo] + ```sh + [localosrepo] name=localosrepo - baseurl=file:///mnt - enabled=1 - gpgcheck=1 - gpgkey=file:///mnt/RPM-GPG-KEY-openEuler - ``` - + gpgkey=file:///mnt/RPM-GPG-KEY-openEuler + ``` ## 安装软件包 安装开发过程中需要用到的软件。不同的开发需要的软件不一样,但安装方法相同,本章以安装常用的几个软件包(JDK,rpm-build)为例。有些开发软件openEuler操作系统已默认自带,如GCC、GNU make。 - ### 安装JDK软件包 -1. 执行**dnf list installed | grep jdk** 查询JDK软件是否已安装。 +1. 执行**dnf list installed | grep jdk** 查询JDK软件是否已安装。 ``` - $ dnf list installed | grep jdk + dnf list installed | grep jdk ``` 查看命令打印信息,若打印信息中包含“jdk”,表示该软件已经安装了,则不需要再安装。若无任何打印信息,则表示该软件未安装。 -2. 清除缓存。 +2. 清除缓存。 ``` - $ dnf clean all + dnf clean all ``` -3. 创建缓存。 +3. 创建缓存。 ``` - $ dnf makecache + dnf makecache ``` -4. 查询可安装的JDK软件包。 +4. 查询可安装的JDK软件包。 ``` - $ dnf search jdk | grep jdk + dnf search jdk | grep jdk ``` - 查看命令打印信息,选择安装java-x.x.x-openjdk-devel.aarch64软件包。其中x.x.x为版本号。 + 查看命令打印信息,选择安装java-x.x.x-openjdk-devel.aarch64软件包。其中x.x.x为版本号,同时支持openjdk 1.8、openjdk 11和 openjdk latest 版本。 -5. 在root权限下安装JDK软件包,以安装java-1.8.0-openjdk-devel软件包为例。 +5. 在root权限下安装JDK软件包,以安装java-1.8.0-openjdk-devel软件包为例。 ``` # dnf install java-1.8.0-openjdk-devel.aarch64 ``` -6. 查询JDK软件版本。 +6. 查询JDK软件版本。 ``` - $ java -version + java -version ``` 查看打印信息,若打印信息中包括“openjdk version "1.8.0\_232"”信息,表示已正确安装,其中1.8.0\_232为版本号。 - ### 安装rpm-build软件包 -1. 执行**dnf list installed | grep rpm-build** 查询rpm-build软件是否已安装。 +1. 执行**dnf list installed | grep rpm-build** 查询rpm-build软件是否已安装。 ``` - $ dnf list installed | grep rpm-build + dnf list installed | grep rpm-build ``` 查看命令打印信息,若打印信息中包含“rpm-build”,表示该软件已经安装了,则不需要再安装。若无任何打印信息,则表示该软件未安装。 -2. 清除缓存。 +2. 清除缓存。 ``` - $ dnf clean all + dnf clean all ``` -3. 创建缓存。 +3. 创建缓存。 ``` - $ dnf makecache + dnf makecache ``` -4. 在root权限下安装rpm-build软件包。 +4. 在root权限下安装rpm-build软件包。 ``` # dnf install rpm-build ``` -5. 查询rpm-build软件版本。 +5. 查询rpm-build软件版本。 ``` - $ rpmbuild --version + rpmbuild --version ``` - ## 使用IDE进行Java开发 对于小型的Java程序,可以直接参考“使用JDK编译”章节得到可运行Java应用。但是对于大中型Java应用,这种方式已经无法满足开发者的需求。因此您可以参考如下步骤安装IDE并进行使用,以方便您在openEuler系统上的Java开发工作。 - - ### 简介 IntelliJ IDEA是一款非常流行的Java IDE,其社区版可以免费下载使用。目前openEuler支持使用IntelliJ IDEA集成开发环境(IDE)进行Java程序的开发,从而可以提升开发人员的工作效率。 @@ -400,87 +364,102 @@ MobaXterm是一款非常优秀的SSH客户端,其自带X Server,可以轻松 ### 设置JDK环境 -在设置JAVA\_HOME之前您需要先找到JDK的安装路径。在“开发环境准备 \> 安装软件包 \> 安装JDK软件包”章节中您已经学会了如何安装JDK,如果您还没安装好JDK,请提前安好。 +在设置JAVA\_HOME之前您需要先找到JDK的安装路径。在“开发环境准备 \> 安装软件包 \> 安装JDK软件包”章节中您已经学会了如何安装JDK,如果您还没安装好JDK,请提前安装好。 查看java路径,命令如下: -``` +```sh $ which java /usr/bin/java + ``` 查看软链接的实际指向目录,命令如下: -``` +```sh + $ ls -la /usr/bin/java lrwxrwxrwx. 1 root root 22 Mar 6 20:28 /usr/bin/java -> /etc/alternatives/java $ ls -la /etc/alternatives/java lrwxrwxrwx. 1 root root 83 Mar 6 20:28 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64/jre/bin/java + ``` 发现JDK的真实路径为/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64,设置JAVA\_HOME和PATH,命令如下: -``` -$ export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64 -$ export PATH=$JAVA_HOME/bin:$PATH +```sh + +export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.232.b09-1.h2.aarch64 +export PATH=$JAVA_HOME/bin:$PATH + ``` ### 下载安装GTK库 运行如下命令: -``` -$ dnf list installed | grep gtk -``` +```sh -如果显示gtk2或者gtk3,则表示您已安装该库,可以直接跳过进入下一步,否则在root权限西下运行如下命令自动下载安装gtk库。 +dnf list installed | grep gtk ``` -# dnf -y install gtk2 libXtst libXrender xauth + +如果显示gtk2或者gtk3,则表示您已安装该库,可以直接跳过进入下一步,否则需要在root权限下运行如下命令自动下载安装gtk库。 + +```sh + +#  dnf -y install gtk2 libXtst libXrender xauth + ``` ### 设置X11 Forwarding 切换到sshd配置目录 -``` -$ cd ~/.ssh +```sh + +cd ~/.ssh + ``` 如果该目录不存在,则创建目录后再进行切换,创建目录命令如下: -``` -$ mkdir ~/.ssh +```sh + +mkdir ~/.ssh + ``` 然后在.ssh目录下编辑config文件并保存: -1. 使用vim打卡config文件 +1. 使用vim打开config文件 - ``` - $ vim config + ```sh + vim config ``` -2. 将以下内容添加到文件末尾并保存: +2. 将以下内容添加到文件末尾并保存: - ``` + ```sh Host * - ForwardAgent yes - ForwardX11 yes + ForwardAgent yes + ForwardX11 yes ``` - ### 下载并运行IntelliJ IDEA 在执行如上环境配置后,您就可以下载使用IntelliJ IDEA了。鉴于最新版的IntelliJ IDEA和openEuler系统在部分功能上有兼容性问题,建议您从此[链接](https://www.jetbrains.com/idea/download/other.html)下载2018版本linux压缩包。下载好后把压缩包移到您想要安装该软件的目录,对压缩包进行解压: -``` -$ tar xf ideaIC-2018.3.tar.gz +```sh + +tar xf ideaIC-2018.3.tar.gz + ``` 解压后切换到IntelliJ IDEA的目录下并运行。 -``` -$ cd ./idea-IC-183.4284.148 -$ bin/idea.sh & +```sh + +cd ./idea-IC-183.4284.148 +bin/idea.sh & ``` diff --git "a/docs/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" "b/docs/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" index 4e4c889bf907dbdddea2f8290b8f868d062f7f53..38f9fdaab2cd503aba44a5a574cf04a0c16ca659 100644 --- "a/docs/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" +++ "b/docs/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" @@ -1,6 +1,6 @@ # 构建RPM包 -本章介绍通过本地或OBS构建RPM软件包的方法。详见[打包规则](https://gitee.com/openeuler/community/blob/master/zh/contributors/packaging.md)。 +本章介绍通过本地或OBS构建RPM软件包的方法。详见[打包规则](https://gitee.com/openeuler/community/blob/master/zh/contributors/packaging.md'>)。 - [构建RPM包](#构建rpm包) @@ -27,7 +27,7 @@ RPM打包的时候需要编译源码,需要把编译好的配置文件、二 $ rpmdev-setuptree ``` -rpmdev-setuptree这个命令就是安装 rpmdevtools 带来的。可以看到运行了这个命令之后,在“/root“目录(非root用户为“/home/用户名“目录)下多了一个 rpmbuild 的文件夹,目录结构如下: +rpmdev-setuptree这个命令就是安装 rpmdevtools 带来的。可以看到运行了这个命令之后,在"/root"目录(非root用户为"/home/用户名"目录)下多了一个 rpmbuild 的文件夹,目录结构如下: ``` $ tree rpmbuild @@ -110,9 +110,9 @@ SPECS 下是RPM包的配置文件,是RPM打包的“图纸”,这个文件 3. 进行“安装”,类似于预先组装软件包,把软件包应该包含的内容(比如二进制文件、配置文件、man文档等)复制到%\_buildrootdir中,并按照实际安装后的目录结构组装,比如二进制命令可能会放在/usr/bin下,那么就在%\_buildrootdir下也按照同样的目录结构放置。 4. 做一些必要的配置,比如在实际安装前的准备,安装后的清理等等。这些都是通过配置在SPEC文件中来告诉rpmbuild命令。 5. 检查软件是否正常运行。 -6. 生成的RPM包放置到%\_rpmdir,源码包放置到%\_srpmdir下。 +6. 生成的RPM包放置到%\_rpmdir,源码包放置到%\_srcrpmdir下。 -在SPEC文件中的,各个阶段说明如下: +在SPEC文件中,各个阶段说明如下: - - - - - - - - - - - - - @@ -392,7 +391,7 @@ $ wget http://ftp.gnu.org/gnu/hello/hello-2.10.tar.gz #### 编辑SPEC文件 -在**~/rpmbuild/SPECS**目录下新建spec文件,参考命令如下: +在`~/rpmbuild/SPECS`目录下新建spec文件,参考命令如下: ``` $ cd ~/rpmbuild/SPECS @@ -404,7 +403,7 @@ $ vi hello.spec ``` Name: hello Version: 2.10 -Release: 1%{?dist} +Release: Summary: The "Hello World" program from GNU Summary(zh_CN): GNU "Hello World" 程序 License: GPLv3+ @@ -511,7 +510,7 @@ OBS使用工程组织软件包。基础的权限控制、相关的存仓库和 #### 构建已有软件包 >![](./public_sys-resources/icon-note.gif) **说明:** ->- 若为首次使用,请首先在OBS网页注册个人账号。 +>- 若为首次使用,请首先在OBS网页注册个人帐号。 >- 该方法需要拷贝修改后的代码,因此,请在执行下述操作前完成代码修改并提交到正确的代码路径。代码路径会在\_service文件中指定。 使用OBS网页端,修改已有软件的源代码,并将修改后的源文件构建为RPM软件包的操作方法如下: @@ -519,7 +518,7 @@ OBS使用工程组织软件包。基础的权限控制、相关的存仓库和 1. 登录OBS界面,地址为:[https://build.openeuler.org/](https://build.openeuler.org/)。 2. 单击“All Projects”进入所有工程页面。 3. 单击需要修改的对应工程,进入该工程的详情页面,例如单击“openEuler:Mainline”。 -4. 在工程详情页面的搜索框查找需要修改的软件包,然后单击该软件包包名,进入该软件包详请页面。 +4. 在工程详情页面的搜索框查找需要修改的软件包,然后单击该软件包包名,进入该软件包详情页面。 5. 单击“Branch package”,在弹出的确认页面单击“Accept”确认创建子工程,如[图1](#fig77646143214)所示。 **图 1** Branch Confirmation页面 @@ -586,7 +585,7 @@ OBS使用工程组织软件包。基础的权限控制、相关的存仓库和 ![](./figures/add-file-page.png) 8. 文件上传成功后,OBS会自动开始构建RPM软件包。等待构建完成,并查看右侧状态栏的构建状态。 - - succeed:构建成功。用户可以单击“succeeded”查看构建日志。 + - succeeded:构建成功。用户可以单击“succeeded”查看构建日志。 - failed:构建失败。请单击“failed”查看错误日志进行问题定位后重新构建。 - unresolvable:未进行构建,可能由于缺失依赖。 - disabled:构建被手动关闭或正在排队构建。 @@ -599,7 +598,7 @@ RPM软件包构建完成后,通过网页端获取对应RPM软件包的方法 1. 登录OBS界面。 2. 单击“All Projects”找到所需软件包的对应工程,例如“openEuler:Mainline”。 -3. 在工程下单击所需软件包的包名,进入该软件包详请页面。例如上述例子中的kernel页面。 +3. 在工程下单击所需软件包的包名,进入该软件包详情页面。例如上述例子中的kernel页面。 1. 选择Repositories页签进入软件包的软件仓库管理页面,在Publish Flag中通过单击选择“Enable”开启(状态由![](./figures/zh-cn_image_0229243704.png)变为![](./figures/zh-cn_image_0229243702.png))对应的RPM软件包下载功能,如[图7](#fig17480830144217)所示。 @@ -640,7 +639,7 @@ RPM软件包构建完成后,通过网页端获取对应RPM软件包的方法 $ vi ~/.oscrc ``` - 2. 在\~/.oscrc中添加user和pass字段,如下所示,它们的取值 _userName_ 和 _passWord_ 分别是用户在OBS网页([https://build.openeuler.org/](https://build.openeuler.org/))上已经注册的账号和密码。 + 2. 在\~/.oscrc中添加user和pass字段,如下所示,它们的取值 _userName_ 和 _passWord_ 分别是用户在OBS网页([https://build.openeuler.org/](https://build.openeuler.org/))上已经注册的帐号和密码。 ``` [general] @@ -668,7 +667,7 @@ RPM软件包构建完成后,通过网页端获取对应RPM软件包的方法 osc co home:testUser:branches:openEuler:Mainline/zlib ``` -2. 将需要修改软件包的相关配置文件(例如\_service)下载到本地当前路径。其中 _testUser_ 为\~/.oscrc配置文件中配置的账户名称,请根据实际情况修改。 +2. 将需要修改软件包的相关配置文件(例如\_service)下载到本地当前路径。其中 _testUser_ 为\~/.oscrc配置文件中配置的帐户名称,请根据实际情况修改。 ``` $ osc co home:testUser:branches:openEuler:Mainline/zlib diff --git "a/docs/zh/docs/Container/CRI\346\216\245\345\217\243.md" "b/docs/zh/docs/Container/CRI\346\216\245\345\217\243.md" index 9283ab8500c01ef0312d500da2a11632f9575ec3..3c263f0a5d3134fd71a02f3ad9e1d0821cd1d3a0 100644 --- "a/docs/zh/docs/Container/CRI\346\216\245\345\217\243.md" +++ "b/docs/zh/docs/Container/CRI\346\216\245\345\217\243.md" @@ -11,10 +11,10 @@ - [PodSandboxStatus](#podsandboxstatus) - [ListPodSandbox](#listpodsandbox) - [CreateContainer](#createcontainer) - - [StartContainer](#StartContainer) - - [StopContainer](#StopContainer) - - [RemoveContainer](#RemoveContainer) - - [ListContainers](#ListContainers) + - [StartContainer](#startcontainer) + - [StopContainer](#stopcontainer) + - [RemoveContainer](#removecontainer) + - [ListContainers](#listcontainers) - [ContainerStatus](#containerstatus) - [UpdateContainerResources](#updatecontainerresources) - [ExecSync](#execsync) @@ -1707,7 +1707,7 @@ ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出 Runtime服务中包含操作pod和容器的接口,以及查询runtime自身配置和状态信息的接口。 -#### runpodsandbox +#### RunPodSandbox #### 接口原型 @@ -1721,8 +1721,8 @@ rpc RunPodSandbox(RunPodSandboxRequest) returns (RunPodSandboxResponse) {} #### 注意事项 -1. 启动sandbox的默认镜像为rnd-dockerhub.huawei.com/library/pause-$\{machine\}:3.0, 其中$\{machine\}为架构,在x86\_64上,machine的值为amd64,在arm64上,machine的值为aarch64,当前rnd-dockerhub仓库上只有amd64和aarch64镜像可供下载,若机器上无此镜像,请确保机器能从rnd-dockerhub下载,若要使用其它镜像,请参考“iSulad部署配置”中的pod-sandbox-image指定镜像。 -2. 由于容器命名以PodSandboxMetadata中的字段为来源,且以下划线"\_"为分割字符,因此限制metadata中的数据不能包含下划线,否则会出现sandbox运行成功,但无法使用ListPodSandbox接口查询的现象。 +1. 启动sandbox的默认镜像为rnd-dockerhub.huawei.com/library/pause-$\{machine\}:3.0, 其中$\{machine\}为架构,在x86\_64上,machine的值为amd64,在arm64上,machine的值为aarch64,当前rnd-dockerhub仓库上只有amd64和aarch64镜像可供下载,若机器上无此镜像,请确保机器能从rnd-dockerhub下载,若要使用其他镜像,请参考“iSulad部署配置”中的pod-sandbox-image指定镜像。 +2. 由于容器命名以PodSandboxMetadata中的字段为来源,且以下划线“\_”为分割字符,因此限制metadata中的数据不能包含下划线,否则会出现sandbox运行成功,但无法使用ListPodSandbox接口查询的现象。 #### 参数 @@ -1820,6 +1820,7 @@ rpc RemovePodSandbox(RemovePodSandboxRequest) returns (RemovePodSandboxResponse) #### 注意事项 1. 删除sandbox时,不会删除sandbox的网络资源,在删除pod前必须先调用StopPodSandbox才能清理网络资源,调用者应当保证在删除sandbox之前至少调用一次StopPodSandbox。 +2. 删除sandbox时,如果sandbox中的容器删除失败,则会出现sanbox被删除但容器还残留的情况,此时需要手动删除残留的容器进行清理。 #### 参数 @@ -1953,8 +1954,9 @@ rpc ListPodSandbox(ListPodSandboxRequest) returns (ListPodSandboxResponse) {} #### CreateContainer +#### 接口原型 ``` -grpc::Status CreateContainer(grpc::ServerContext *context, const runtime::CreateContainerRequest *request, runtime::CreateContainerResponse *reply) {} +rpc CreateContainer(CreateContainerRequest) returns (CreateContainerResponse) {} ``` #### 接口描述 @@ -1977,7 +1979,7 @@ grpc::Status CreateContainer(grpc::ServerContext *context, const runtime::Create - diff --git "a/docs/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" "b/docs/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" index f0856085a8c84257048b870cd811577390165ec4..7734fb20ec3212e396abd3302e19747c49b0a0c6 100644 --- "a/docs/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" +++ "b/docs/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" @@ -2,16 +2,16 @@ - [为安全容器配置资源](#为安全容器配置资源) - [资源共享](#资源共享) - - [限制CPU资源](#限制CPU资源) + - [限制CPU资源](#限制cpu资源) - [限制内存资源](#限制内存资源) - - [限制Blkio资源](#限制Blkio资源) + - [限制Blkio资源](#限制blkio资源) - [限制文件描述符资源](#限制文件描述符资源) 安全容器运行于虚拟化隔离的轻量级虚拟机内,因此资源的配置应分为两部分:对轻量级虚拟机的资源配置,即Host资源配置;对虚拟机内容器的配置,即Guest容器资源配置。以下资源配置均分为这两部分。 -## 资源共享-27 +## 资源共享 由于安全容器运行于虚拟化隔离的轻量虚拟机内,故无法访问Host上某些namespace下的资源,因此启动时不支持--net host,--ipc host,--pid host,--uts host。 @@ -103,7 +103,7 @@ kata-runtime配置文件config.toml中**enable\_cpu\_memory\_hotplug**选项负责开启和禁用CPU和内存热插拔。默认取值为false,表示禁用CPU和内存热插拔功能;取值为true,表示开启CPU和内存热插拔功能。 - kata-runtime中复用了**--cpus**选项实现了CPU热插拔的功能,通过统计Pod中所有容器的**--cpus**选项的和,然后确定需要热插多少个CPU到轻量级虚机中。 + kata-runtime中复用了--**cpus**选项实现了CPU热插拔的功能,通过统计Pod中所有容器的--**cpus**选项的和,然后确定需要热插多少个CPU到轻量级虚机中。 举例: @@ -158,7 +158,7 @@    >![](./public_sys-resources/icon-note.gif) **说明:** - >由于pause容器只是一个占位容器没有工作负载,所以轻量级虚机启动时默认分配的1个CPU可以被其它容器共享,因此上面例子中启动的新容器只需要再热插3个CPU到轻量级虚机中即可。 + >由于pause容器只是一个占位容器没有工作负载,所以轻量级虚机启动时默认分配的1个CPU可以被其他容器共享,因此上面例子中启动的新容器只需要再热插3个CPU到轻量级虚机中即可。 - 当停止热插了CPU的容器后,启动容器时热插进去的CPU也会被拔出。 @@ -219,7 +219,7 @@ >![](./public_sys-resources/icon-note.gif) **说明:** >内存资源当前只支持热插,不支持内存热拔。 - kata-runtime中复用了**-m**选项实现了MEM热插的功能,通过统计Pod中所有容器的**-m**选项的和,然后确定需要热插多少内存到轻量级虚机中,例如, + kata-runtime中复用了-**m**选项实现了MEM热插的功能,通过统计Pod中所有容器的-**m**选项的和,然后确定需要热插多少内存到轻量级虚机中。 举例: @@ -256,7 +256,7 @@ ``` >![](./public_sys-resources/icon-note.gif) **说明:** - >由于pause容器只是一个占位容器没有工作负载,所以轻量级虚机启动时分配的内存可以被其它容器共享使用,因此上面例子中启动的新容器只需要再热插3GB的内存到轻量级虚机中即可。 + >由于pause容器只是一个占位容器没有工作负载,所以轻量级虚机启动时分配的内存可以被其他容器共享使用,因此上面例子中启动的新容器只需要再热插3GB的内存到轻量级虚机中即可。 ## 限制Blkio资源 @@ -328,14 +328,14 @@ 为了避免在容器中打开大量9p共享目录中的文件导致主机上文件描述符资源耗尽,使得安全容器无法正常提供服务,安全容器支持自定义配置安全容器qemu进程最多可以打开的文件描述符数量限制。 -安全容器通过复用docker run命令中的**--files-limit**选项来设置安全容器qemu进程最多可以打开文件描述符,该参数仅可配置在pause容器上,使用方法如下所示: +安全容器通过复用docker run命令中的--**files-limit**选项来设置安全容器qemu进程最多可以打开文件描述符,该参数仅可配置在pause容器上,使用方法如下所示: ``` docker run -tid --runtime kata-runtime --network none --annotation io.kubernetes.docker.type=podsandbox --files-limit bash ``` >![](./public_sys-resources/icon-note.gif) **说明:** ->- 如果**--files-limit**选项的取值小于安全容器默认设置的最小值1024且不为0时,安全容器qemu进程最多可以打开的文件描述符数量会被设置为最小值1024。 ->- 如果**--files-limit**选项的取值为0时,安全容器qemu进程最多可以打开的文件描述符数量为系统可以打开文件描述符的最大值/proc/sys/fs/file-max除以400后得到的默认值。 ->- 如果启动安全容器时没有显示指定**--files-limit**可以打开的文件描述符的上限,安全容器qemu进程可以打开的文件描述符数量的上限和系统默认值保持一致。 +>- 如果--**files-limit**选项的取值小于安全容器默认设置的最小值1024且不为0时,安全容器qemu进程最多可以打开的文件描述符数量会被设置为最小值1024。 +>- 如果--**files-limit**选项的取值为0时,安全容器qemu进程最多可以打开的文件描述符数量为系统可以打开文件描述符的最大值/proc/sys/fs/file-max除以400后得到的默认值。 +>- 如果启动安全容器时没有显示指定--**files-limit**可以打开的文件描述符的上限,安全容器qemu进程可以打开的文件描述符数量的上限和系统默认值保持一致。 diff --git "a/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227-1.md" "b/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227-1.md" index 36943fc57b1829a1629916b8d7f691d4a76f6b66..e0d0adda54a97a1203ab304dadc574f42d856bd2 100644 --- "a/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227-1.md" +++ "b/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227-1.md" @@ -2,7 +2,7 @@ 系统容器基于iSula容器引擎进行功能增强,提供系统容器相关功能。系统容器提供的容器管理功能和iSula容器引擎保持一致,其命令格式和功能与iSula容器引擎相同。 -本文档仅描述系统容器提供的增强功能对应的使用方式,其它命令行操作请参考 "iSula容器引擎" 章节。 +本文档仅描述系统容器提供的增强功能对应的使用方式,其他命令行操作请参考 "[iSula容器引擎](https://docs.openeuler.org/zh/docs/20.03_LTS_SP4/docs/Container/iSula%E5%AE%B9%E5%99%A8%E5%BC%95%E6%93%8E.html)" 章节。 系统容器功能仅涉及isula create/run命令行,后续未特别说明,各功能均使用此命令行。其命令行格式如下所示: diff --git "a/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227.md" index a4caa9131f31b3532b9c9c2c34726a07405941ea..8a9147aa3754ec51b829cc39be0d568921c3c9bb 100644 --- "a/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227.md" +++ "b/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -3,16 +3,3 @@ 本章介绍iSula容器引擎的使用方法。 >![](./public_sys-resources/icon-note.gif) **说明:** >iSulad的所有使用操作均需要使用root权限。 - - -- [容器管理](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%B9%E5%99%A8%E7%AE%A1%E7%90%86.html) -- [支持CNI网络](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E6%94%AF%E6%8C%81CNI%E7%BD%91%E7%BB%9C.html) -- [容器资源管理](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%B9%E5%99%A8%E8%B5%84%E6%BA%90%E7%AE%A1%E7%90%86.html) -- [特权容器](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E7%89%B9%E6%9D%83%E5%AE%B9%E5%99%A8.html) -- [CRI接口](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/CRI%E6%8E%A5%E5%8F%A3.html) -- [镜像管理](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E9%95%9C%E5%83%8F%E7%AE%A1%E7%90%86.html) -- [容器健康状态检查](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%B9%E5%99%A8%E5%81%A5%E5%BA%B7%E7%8A%B6%E6%80%81%E6%A3%80%E6%9F%A5.html) -- [查询信息](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E6%9F%A5%E8%AF%A2%E4%BF%A1%E6%81%AF.html) -- [安全特性](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%89%E5%85%A8%E7%89%B9%E6%80%A7.html) -- [支持OCI hooks](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E6%94%AF%E6%8C%81OCI-hooks.html) - diff --git "a/docs/zh/docs/Container/\345\205\261\344\272\253\345\206\205\345\255\230\351\200\232\351\201\223.md" "b/docs/zh/docs/Container/\345\205\261\344\272\253\345\206\205\345\255\230\351\200\232\351\201\223.md" index ec3b77a3bb5c4264a83d3321ab7d58555bff8718..5cbb2b38962ae0c5426a5ad49aad72cf05c9729f 100644 --- "a/docs/zh/docs/Container/\345\205\261\344\272\253\345\206\205\345\255\230\351\200\232\351\201\223.md" +++ "b/docs/zh/docs/Container/\345\205\261\344\272\253\345\206\205\345\255\230\351\200\232\351\201\223.md" @@ -2,7 +2,7 @@ ## 功能描述 -系统容器提供容器与主机进程通过共享内存进行通信的功能,通过在容器创建时配置\--host-channel参数,可以在容器与主机之间共享同一tmpfs,从而达到主机与容器间通信的功能。 +系统容器提供容器与主机进程通过共享内存进行通信的功能,通过在容器创建时配置\--host-channel参数,可以在容器与主机之间共享同一tmpfs,从而实现主机与容器间通信的功能。 ## 参数说明 diff --git "a/docs/zh/docs/Container/\345\212\250\346\200\201\345\212\240\350\275\275\345\206\205\346\240\270\346\250\241\345\235\227.md" "b/docs/zh/docs/Container/\345\212\250\346\200\201\345\212\240\350\275\275\345\206\205\346\240\270\346\250\241\345\235\227.md" index 0c6b898f04273d31bb1cac263b68a138095cc69d..d968a8ff795af33677dff74a6860918a628b3a86 100644 --- "a/docs/zh/docs/Container/\345\212\250\346\200\201\345\212\240\350\275\275\345\206\205\346\240\270\346\250\241\345\235\227.md" +++ "b/docs/zh/docs/Container/\345\212\250\346\200\201\345\212\240\350\275\275\345\206\205\346\240\270\346\250\241\345\235\227.md" @@ -2,7 +2,7 @@ ## 功能描述 -容器内业务可能依赖某些内核模块,可通过设置环境变量的方式,在系统容器启动前动态加载容器中业务需要的内核模块到宿主机,此特性需要配合syscontainer-hooks一起使用,具体使用可参看"容器资源动态管理(syscontainer-tools)"章节。 +容器内业务可能依赖某些内核模块,可通过设置环境变量的方式,在系统容器启动前动态加载容器中业务需要的内核模块到宿主机,此特性需要配合syscontainer-hooks一起使用,具体使用可参看"[容器资源动态管理(syscontainer-tools)](https://docs.openeuler.org/zh/docs/20.03_LTS_SP4/docs/Container/%E5%AE%B9%E5%99%A8%E8%B5%84%E6%BA%90%E5%8A%A8%E6%80%81%E7%AE%A1%E7%90%86.html)"章节。 ## 参数说明 diff --git "a/docs/zh/docs/Container/\345\215\207\347\272\247.md" "b/docs/zh/docs/Container/\345\215\207\347\272\247.md" index c93a36cbeb91dde4ffd6d783f1608b2bec9a6a64..28d7a5dcce60956289e2625d3c7b4368b7c56319 100644 --- "a/docs/zh/docs/Container/\345\215\207\347\272\247.md" +++ "b/docs/zh/docs/Container/\345\215\207\347\272\247.md" @@ -9,7 +9,7 @@ - 若为不同大版本之间的升级,例如从1.x.x版本升级到2.x.x版本,请先保存当前的配置文件/etc/isulad/daemon.json,并卸载已安装的iSulad软件包,然后安装待升级的iSulad软件包,随后恢复配置文件。 >![](./public_sys-resources/icon-note.gif) **说明:** ->- 可通过** sudo rpm -qa |grep iSulad** 或 **isula version** 命令确认当前iSulad的版本号。 +>- 可通过**sudo rpm -qa |grep iSulad** 或 **isula version** 命令确认当前iSulad的版本号。 >- 相同大版本之间,如果希望手动升级,请下载iSulad及其所有依赖库的RPM包进行升级,参考命令如下: > ``` > # sudo rpm -Uhv iSulad-xx.xx.xx-YYYYmmdd.HHMMSS.gitxxxxxxxx.aarch64.rpm diff --git "a/docs/zh/docs/Container/\345\256\211\345\205\250\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/\345\256\211\345\205\250\345\256\271\345\231\250.md" index 9c07b50a15d1b43b47734be29ec99af8bd6b3f46..044fd7a281455d9cdebe017807df061d68054f38 100644 --- "a/docs/zh/docs/Container/\345\256\211\345\205\250\345\256\271\345\231\250.md" +++ "b/docs/zh/docs/Container/\345\256\211\345\205\250\345\256\271\345\231\250.md" @@ -1,8 +1,8 @@ # 概述 -安全容器是虚拟化技术和容器技术的有机结合,相比普通linux容器,安全容器具有更好的隔离性。 +安全容器是虚拟化技术和容器技术的有机结合,相比普通Linux容器,安全容器具有更好的隔离性。 -普通linux容器利用namespace进行进程间运行环境的隔离,并使用cgroup进行资源限制;因此普通linux容器本质上还是共用同一个内核,单个容器有意或无意影响到内核都会影响到整台宿主机上的容器。 +普通Linux容器利用namespace进行进程间运行环境的隔离,并使用cgroup进行资源限制;因此普通Linux容器本质上还是共用同一个内核,单个容器对内核有意或无意的影响都会影响到整台宿主机上的容器。 安全容器是使用虚拟化层进行容器间的隔离,同一个主机上不同的容器间运行互相不受影响。 @@ -11,7 +11,7 @@ 安全容器与Kubernetes中的Pod概念紧密联系,Kubernetes为容器调度管理平台的开源生态标准,它定义了一组容器操作相关接口(Container Runtime Interface 简称CRI)。 -在CRI标准中,Pod为完成一组服务需要的一组容器集合,是编排调度的最小单元,通常共享IPC和网络namespace;一个Pod必然包含一个占位容器(pause容器)以及一个或多个业务容器,其中pause容器与的生命周期相同。 +在CRI标准中,Pod为完成一组服务需要的一组容器集合,是编排调度的最小单元,通常共享IPC和网络namespace;一个Pod必然包含一个占位容器(pause容器)以及一个或多个业务容器,其中pause容器的生命周期与其所在Pod的生命周期相同。 其中安全容器中的一个轻量级虚拟机对应为一个Pod,在此虚拟机中启动的第一个容器为pause容器,以后依次启动的容器为业务容器。 diff --git "a/docs/zh/docs/Container/\345\256\211\345\205\250\346\200\247\345\222\214\351\232\224\347\246\273\346\200\247.md" "b/docs/zh/docs/Container/\345\256\211\345\205\250\346\200\247\345\222\214\351\232\224\347\246\273\346\200\247.md" index a7e3676cf7e1eade5c0366b1bc6a0f7778ef724e..bdfea7789dc8979d8157ef46480663f143432ec5 100644 --- "a/docs/zh/docs/Container/\345\256\211\345\205\250\346\200\247\345\222\214\351\232\224\347\246\273\346\200\247.md" +++ "b/docs/zh/docs/Container/\345\256\211\345\205\250\346\200\247\345\222\214\351\232\224\347\246\273\346\200\247.md" @@ -2,7 +2,7 @@ - [安全性和隔离性](#安全性和隔离性) - [user namespace多对多](#user-namespace多对多) - [用户权限控制](#用户权限控制) - - [proc文件系统隔离(lxcfs)](#proc文件系统隔离(lxcfs)) + - [proc文件系统隔离](#proc文件系统隔离) ## user-namespace多对多 @@ -159,7 +159,7 @@ exit 若要直接使用以上过程作为脚本,需替换各变量为配置数值。生成CA时使用的参数若为空则写为“''”。PASSWORD、COMMON\_NAME、CLIENT\_NAME、VALIDITY为必选项。 -3. 容器引擎启动时添加TLS相关参数和认证插件相关参数,并保证认证插件的运行。此外,为了使用TLS认证,容器引擎必须使用TCP侦听的方式启动,不能使用传统的unix socket的方式启动。容器demon端配置如下: +3. 容器引擎启动时添加TLS相关参数和认证插件相关参数,并保证认证插件的运行。此外,为了使用TLS认证,容器引擎必须使用TCP侦听的方式启动,不能使用传统的unix socket的方式启动。容器daemon端配置如下: ``` { @@ -205,7 +205,7 @@ exit ``` -## proc文件系统隔离(lxcfs) +## proc文件系统隔离 ### 场景描述 @@ -269,7 +269,7 @@ lxcfs-tools [OPTIONS] COMMAND [COMMAND_OPTIONS] - 安装rpm包后会在/var/lib/isulad/hooks/hookspec.json生成样例json文件,用户如果需要增加日志功能,需要在定制时加入--log配置。 - diskstats只能显示支持cfq调度的磁盘信息,无法显示分区信息。容器内设备会被显示为/dev目录下的名字。若不存在则为空。此外,容器根目录所在设备会被显示为sda。 - 挂载lxcfs时必须使用slave参数。若使用shared参数,可能会导致容器内挂载点泄露到主机,影响主机运行 。 -- lxcfs支持服务优雅降级使用,若lxcfs服务crash或者不可用,容器内查看到的cpuinfo, meminfo, stat, diskstats, partitions, swaps和uptime均为host信息,容器其它业务功能不受影响。 +- lxcfs支持服务优雅降级使用,若lxcfs服务crash或者不可用,容器内查看到的cpuinfo, meminfo, stat, diskstats, partitions, swaps和uptime均为host信息,容器其他业务功能不受影响。 - lxcfs底层依赖fuse内核模块以及libfuse库,因此需要内核支持fuse。 - lxcfs当前仅支持容器内运行64位的app,如果容器内运行32位的app可能会导致app读取到的cpuinfo信息不符合预期。 - lxcfs只是对容器cgroup进行资源视图模拟,对于容器内的系统调用(例如sysconf)获取到的仍然是主机的信息,lxcfs无法做到内核隔离。 diff --git "a/docs/zh/docs/Container/\345\256\211\345\205\250\347\211\271\346\200\247.md" "b/docs/zh/docs/Container/\345\256\211\345\205\250\347\211\271\346\200\247.md" index 9c7701ba978e0d052be1fa1f5482e50324560c31..a4fc34e06e4b1aeaf8dbd6ff138243b8e92b2f38 100644 --- "a/docs/zh/docs/Container/\345\256\211\345\205\250\347\211\271\346\200\247.md" +++ "b/docs/zh/docs/Container/\345\256\211\345\205\250\347\211\271\346\200\247.md" @@ -21,7 +21,11 @@ seccomp(**secure computing** **mode**)是linux kernel从2.6.23版本开始 ### 使用限制 -- seccomp可能会影响性能,设置seccomp之前需要对场景进行评估,确定必要时加入seccomp配置。 +- 不要禁用iSulad的seccomp特性 + + 默认的iSulad有一个seccomp的配置,配置中使用的是白名单,不在配置的sys_call会被seccomp禁掉,使用接口--security-opt 'seccomp:unconfined'可以禁止使用seccomp特性。如果禁用seccomp或使用自定义seccomp配置但过滤名单不全,都会增加容器对内核的攻击面。 + +- 默认的Seccomp配置是白名单,不在白名单的syscall默认会返回SCMP_ACT_ERRNO,同时会根据不同的Cap开放不同的系统调用,不在白名单上面的权限,iSulad默认不会将权限给到容器。 ### 使用指导 @@ -35,6 +39,7 @@ isula run -itd --security-opt seccomp=/path/to/seccomp/profile.json rnd-dockerhu >1. 创建容器时通过--security-opt将配置文件传给容器时,采用默认配置文件(/etc/isulad/seccomp\_default.json)。 >2. 创建容器时--security-opt设置为unconfined时,对容器不过滤系统调用。 >3. “/path/to/seccomp/profile.json”需要是绝对路径。 +>4. --security-opt采用“=”号进行分割,不支持使用“:”号分割。 #### 获取普通容器的默认seccomp配置 @@ -118,7 +123,7 @@ isula run --rm -it --security-opt seccomp:/path/to/seccomp/profile.json rnd-dock ``` >![](./public_sys-resources/icon-notice.gif) **须知:** ->- defaultAction、syscalls:对应的action的类型是一样的,但其值是不能一样的,目的就是让所有的syscal都有一个默认的action,并且如果syscalls数组中有明确的定义,就以syscalls中的为准,由于defaultAction、action的值不一样,就能保证action不会有冲突。当前支持的action有: +>- defaultAction、syscalls:对应的action的类型是一样的,但其值是不能一样的,目的就是让所有的syscall都有一个默认的action,并且如果syscalls数组中有明确的定义,就以syscalls中的为准,由于defaultAction、action的值不一样,就能保证action不会有冲突。当前支持的action有: > "SCMP\_ACT\_ERRNO":禁止,并打印错误信息。 > "SCMP\_ACT\_ALLOW":允许。 >- syscalls: 数组,可以只有一个syscall,也可以有多个,可以带args,也可以不带。 @@ -145,7 +150,7 @@ isula run --rm -it --security-opt seccomp:/path/to/seccomp/profile.json rnd-dock ### 场景说明 -capabilities机制是linux kernel 2.2之后引入的安全特性,用更小的粒度控制超级管理员权限,可以避免使用 root 权限,将root用户的权限细分为不同的领域,可以分别启用或禁用。capabilities详细信息可通过Linux Programmer's Manual进行查看([capabilities\(7\) - Linux man page](http://man7.org/linux/man-pages/man7/capabilities.7.html)): +capabilities机制是linux kernel 2.2之后引入的安全特性,用更小的粒度控制超级管理员权限,可以避免使用 root 权限,将root用户的权限细分为不同的领域,可以分别启用或禁用。capabilities详细信息可通过Linux Programmer's Manual进行查看([capabilities\(7\) - Linux man page](http://man7.org/linux/man-pages/man7/capabilities.7.html)): ``` man capabilities @@ -187,18 +192,18 @@ isula run --rm -it --cap-add all --cap-drop SYS_ADMIN rnd-dockerhub.huawei.com/o ### 场景说明 -SELinux\(Security-Enhanced Linux\)是一个Linux内核的安全模块,提供了访问控制安全策略机制,iSulad将采用MCS(多级分类安全)实现对容器内进程打上标签限制容器访问资源的方式,减少提权攻击的风险,防止造成更为重要的危害。 +SELinux\(Security-Enhanced Linux\)是一个Linux内核的安全模块,提供了访问控制安全策略机制,iSulad将采用MCS(多级分类安全)实现对容器内进程打上标签限制容器访问资源的方式,减少提权攻击的风险,防止造成更为严重的危害。 ### 使用限制 -- 确保宿主机已使能SELinux,且daemon端已打开SELinux使能开发(/etc/isulad/daemon.json中“selinux-enabled”字段为true, 或者命令行参数添加--selinux-enabled) +- 确保宿主机已使能SELinux,且daemon端已打开SELinux使能开发(/etc/isulad/daemon.json中“selinux-enabled”字段为true,或者命令行参数添加--selinux-enabled) - 确保宿主机上已配置合适的selinux策略,推荐使用container-selinux进行配置 - 引入SELinux会影响性能,设置SELinux之前需要对场景进行评估,确定必要时打开daemon端SELinux开关并设置容器SELinux配置 - 对挂载卷进行标签配置时,源目录不允许为/、/usr、/etc、/tmp、/home、/run、/var、/root以及/usr的子目录。 >![](./public_sys-resources/icon-note.gif) **说明:** >- 目前iSulad不支持对容器的文件系统打标签,确保容器文件系统及配置目录打上容器可访问标签,需使用chcon命令对其打上标签。 ->- 若iSulad启用SELinux访问控制,建议daemon启动前对/var/lib/isulad目录打上标签,容器容器创建时目录下生产的文件及文件夹将默认继承其标签,例如: +>- 若iSulad启用SELinux访问控制,建议daemon启动前对/var/lib/isulad目录打上标签,容器创建时目录下生产的文件及文件夹将默认继承其标签,例如: > ``` > chcon -R system_u:object_r:container_file_t:s0 /var/lib/isulad > ``` diff --git "a/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" "b/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" index b0ec578131a3ec43447fffbfcc252a2b7cf381c2..b42759d23f8b905b16c9e883ffa3398f0d1068b5 100644 --- "a/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" +++ "b/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" @@ -12,14 +12,14 @@ - 安全容器的安装需要使用root权限。 - 为了获取更好的性能体验,安全容器需要运行在裸金属服务器上,**暂不支持安全容器运行在虚拟机内**。 -- 安全容器运行依赖以下组件,请确保环境上已安装所需版本的依赖组件。以下组件来自配套的openEuler版本。如果使用iSula容器引擎,请参考iSula容器引擎的[安装方法](#安装方法.md)章节安装iSulad。 +- 安全容器运行依赖以下组件,请确保环境上已安装所需版本的依赖组件。以下组件来自配套的openEuler版本。如果使用iSula容器引擎,请参考iSula容器引擎的[安装与配置](https://docs.openeuler.org/zh/docs/20.03_LTS_SP4/docs/Container/%E5%AE%89%E8%A3%85%E4%B8%8E%E9%85%8D%E7%BD%AE.html)章节安装iSulad。 - docker-engine - qemu ### 安装操作 -安全容器发布组件集成在同一个kata-containers-<_version_\>.rpm包中,使用rpm命令可以直接安装对应的软件,其中version为。 +安全容器发布组件集成在同一个kata-containers-<_version_\>.rpm包中,使用rpm命令可以直接安装对应的软件,其中version为版本号。 ``` rpm -ivh kata-containers-.rpm @@ -101,7 +101,7 @@ rpm -ivh kata-containers-.rpm 在docker-engine的runtimeArges字段可以利用--kata-config指定私有文件,默认的配置文件路径为/usr/share/defaults/kata-containers/configuration.toml。 -常用配置文件字段如下,详细的配置文件选项参见“安全容器 > 附录 > configuration.toml配置说明”。 +常用配置文件字段如下,详细的配置文件选项参见“[安全容器 > 附录 > configuration.toml配置说明](https://docs.openeuler.org/zh/docs/20.03_LTS_SP4/docs/Container/%E9%99%84%E5%BD%95-3.html)”。 1. hypervisor.qemu - path :指定虚拟化qemu执行路径。 @@ -119,7 +119,7 @@ rpm -ivh kata-containers-.rpm - enable\_debug :kata-agent进程debug开关。 4. runtime - - enable\_cpu\_memory\_hotplug:CPU和内存热插拔开关。 - - enable\_debug:kata-runtime进程debug开关。 + - enable\_cpu\_memory\_hotplug :CPU和内存热插拔开关。 + - enable\_debug :kata-runtime进程debug开关。 diff --git "a/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" "b/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" index 9a50d5a39df14d4a8054a7adf0fdb39a1476cfe3..507cae56bf769b1fb64401e41a7a608a4ac02e03 100644 --- "a/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" +++ "b/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" @@ -27,12 +27,7 @@ iSulad可以通过yum或rpm命令两种方式安装,由于yum会自动安装 - 使用rpm安装iSulad,需要下载iSulad及其所有依赖库的RPM包,然后手动安装。安装单个iSulad的RPM包(依赖包安装方式相同),参考命令如下: ``` - # sudo rpm -ihv iSulad-xx.xx.xx-YYYYmmdd.HHMMSS.gitxxxxxxxx.aarch64.rpm - ``` - - - ``` - # isulad -l DEBUG + # sudo rpm -ihv iSulad-xx.xx.xx-xx.xxx.aarch64.rpm ``` ## 配置方法 @@ -52,47 +47,52 @@ iSulad 安装完成后,可以根据需要进行相关配置。 ``` # isulad --help + isulad + lightweight container runtime daemon Usage: isulad [global options] GLOBAL OPTIONS: - --authorization-plugin Use authorization plugin - --cgroup-parent Set parent cgroup for all containers - --cni-bin-dir The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin - --cni-conf-dir The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d - --default-ulimit Default ulimits for containers (default []) - -e, --engine Select backend engine - -g, --graph Root directory of the iSulad runtime - -G, --group Group for the unix socket(default is isulad) - --help Show help - --hook-spec Default hook spec file applied to all containers - -H, --host The socket name used to create gRPC server - --image-layer-check Check layer intergrity when needed - --image-opt-timeout Max timeout(default 5m) for image operation - --insecure-registry Disable TLS verification for the given registry - --insecure-skip-verify-enforce Force to skip the insecure verify(default false) - --log-driver Set daemon log driver, such as: file - -l, --log-level Set log level, the levels can be: FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE - --log-opt Set daemon log driver options, such as: log-path=/tmp/logs/ to set directory where to store daemon logs - --native.umask Default file mode creation mask (umask) for containers - --network-plugin Set network plugin, default is null, suppport null and cni - -p, --pidfile Save pid into this file - --pod-sandbox-image The image whose network/ipc namespaces containers in each pod will use. (default "rnd-dockerhub.huawei.com/library/pause-${machine}:3.0") - --registry-mirrors Registry to be prepended when pulling unqualified images, can be specified multiple times - --start-timeout timeout duration for waiting on a container to start before it is killed - -S, --state Root directory for execution state files - --storage-driver Storage driver to use(default overlay2) - -s, --storage-opt Storage driver options - --tls Use TLS; implied by --tlsverify - --tlscacert Trust certs signed only by this CA (default "/root/.iSulad/ca.pem") - --tlscert Path to TLS certificate file (default "/root/.iSulad/cert.pem") - --tlskey Path to TLS key file (default "/root/.iSulad/key.pem") - --tlsverify Use TLS and verify the remote - --use-decrypted-key Use decrypted private key by default(default true) - -V, --version Print the version - --websocket-server-listening-port CRI websocket streaming service listening port (default 10350) + --authorization-plugin Use authorization plugin + --cgroup-parent Set parent cgroup for all containers + --cni-bin-dir The full path of the directory in which to search for CNI plugin binaries. Default: /opt/cni/bin + --cni-conf-dir The full path of the directory in which to search for CNI config files. Default: /etc/cni/net.d + --container-log-driver Set default container log driver, such as: json-file + --container-log-opts Set default container log driver options, such as: max-file=7 to set max number of container log files + --default-ulimit Default ulimits for containers (default []) + -e, --engine Select backend engine + -g, --graph Root directory of the iSulad runtime + -G, --group Group for the unix socket(default is isulad) + --help Show help + --hook-spec Default hook spec file applied to all containers + -H, --host The socket name used to create gRPC server + --image-layer-check Check layer intergrity when needed + --insecure-registry Disable TLS verification for the given registry + --insecure-skip-verify-enforce Force to skip the insecure verify(default false) + --log-driver Set daemon log driver, such as: file + -l, --log-level Set log level, the levels can be: FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE + --log-opt Set daemon log driver options, such as: log-path=/tmp/logs/ to set directory where to store daemon logs + --native.umask Default file mode creation mask (umask) for containers + --network-plugin Set network plugin, default is null, suppport null and cni + -p, --pidfile Save pid into this file + --pod-sandbox-image The image whose network/ipc namespaces containers in each pod will use. (default "pause-${machine}:3.0") + --registry-mirrors Registry to be prepended when pulling unqualified images, can be specified multiple times + --selinux-enabled Enable selinux support + --start-timeout timeout duration for waiting on a container to start before it is killed + -S, --state Root directory for execution state files + --storage-driver Storage driver to use(default overlay2) + -s, --storage-opt Storage driver options + --tls Use TLS; implied by --tlsverify + --tlscacert Trust certs signed only by this CA (default "/root/.iSulad/ca.pem") + --tlscert Path to TLS certificate file (default "/root/.iSulad/cert.pem") + --tlskey Path to TLS key file (default "/root/.iSulad/key.pem") + --tlsverify Use TLS and verify the remote + --use-decrypted-key Use decrypted private key by default(default true) + --userns-remap User/Group setting for user namespaces + -V, --version Print the version + --websocket-server-listening-port CRI websocket streaming service listening port (default 10350) ``` 示例: 启动isulad,并将日志级别调整成DEBUG @@ -104,7 +104,9 @@ iSulad 安装完成后,可以根据需要进行相关配置。 - **配置文件方式** - isulad配置文件为/etc/isulad/daemon.json,各配置字段说明如下: + isulad配置文件为/etc/isulad/daemon.json和/etc/isulad/daemon_constants.json,各配置字段说明如下: + + 配置文件/etc/isulad/daemon.json

阶段

@@ -299,58 +299,57 @@ rpmbuild命令格式为:rpmbuild \[_option_...\]

通过tarfile文件构建源码包。

\-\-buildroot=DIRECTORY

+

--buildroot=DIRECTORY

在构建时,使用DIRECTORY目录覆盖默认的/root目录。

\-\-clean

+

--clean

完成打包后清除BUILD目录下的文件。

\-\-nobuild

+

--nobuild

不执行任何实际的构建步骤。可用于测试spec文件。

\-\-noclean

+

--noclean

不执行spec文件的"%clean"阶段(即使它确实存在)。

\-\-nocheck

+

--nocheck

不执行spec文件的"%check"阶段(即使它确实存在)。

\-\-dbpath DIRECTORY

+

--dbpath DIRECTORY

使用DIRECTORY中的数据库,而不是默认的 /var/lib/rpm。

\-\-root DIRECTORY

+

--root DIRECTORY

使DIRECTORY为最高级别的路径,默认为“/”为最高路径。

+

使DIRECTORY为最高级别的路径,默认“/”为最高路径。

\-\-rebuild sourcefile

+

--rebuild sourcefile

将安装指定的源代码包sourcefile,然后进行准备、编译、安装。

\-\-recompile sourcefile

+

--recompile sourcefile

在\-\-recompile 的基础上额外构建一个新的二进制包。在构建结束时,构建目录、源代码和 spec 文件都将被删除。

-

将被删除(就好像用了 \-\-clean),

+

在--recompile 的基础上额外构建一个新的二进制包。在构建结束时,构建目录、源代码和 spec 文件都将被删除(就好像用了 --clean)。

-?,\-\-help

+

-?,--help

打印详细的帮助信息。

\-\-version

+

--version

打印详细的版本信息。

string pod_sandbox_id

待在其中创建容器的PodSandbox的ID。

+

待在其中创建容器的PodSandbox的ID

ContainerConfig config

@@ -2297,7 +2299,7 @@ rpc ExecSync(ExecSyncRequest) returns (ExecSyncResponse) {} #### 注意事项 -执行执行一条单独的命令,不能打开终端与容器交互。 +执行一条单独的命令,不能打开终端与容器交互。 #### 参数 @@ -2365,7 +2367,7 @@ rpc Exec(ExecRequest) returns (ExecResponse) {} #### 注意事项 -执行执行一条单独的命令,也能打开终端与容器交互。stdin/stdout/stderr之一必须是真的。如果tty为真,stderr必须是假的。 不支持多路复用, 在这种情况下, stdout和stderr的输出将合并为单流。 +执行一条单独的命令,也能打开终端与容器交互。stdin/stdout/stderr之一必须是真的。如果tty为真,stderr必须是假的。 不支持多路复用,在这种情况下,stdout和stderr的输出将合并为单流。 #### 参数 @@ -2426,22 +2428,67 @@ rpc Exec(ExecRequest) returns (ExecResponse) {} #### Attach -用法:**docker attach \[OPTIONS\] CONTAINER** +#### 接口原型 + +``` +rpc Attach(AttachRequest) returns (AttachResponse) {} +``` -功能:附加到一个运行着的容器 +#### 接口描述 -选项: +接管容器的1号进程,采用gRPC通讯方式从CRI服务端获取url,再通过获取的url与websocket服务端建立长连接,实现与容器的交互。 ---no-stdin=false 不附加STDIN +#### 参数 ---sig-proxy=true 代理所有到容器内部的信号,不代理SIGCHLD, SIGKILL, SIGSTOP + + + + + + + + + + + + + + + + + + + + +

参数成员

+

描述

+

string container_id

+

容器id

+

bool tty

+

是否在TTY中执行命令

+

bool stdin

+

是否流式标准输入

+

bool stdout

+

是否流式标准输出

+

bool stderr

+

是否流式标准错误

+
-示例: +#### 返回值 -``` -$ sudo docker attach attach_test -root@2988b8658669:/# ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var -``` + + + + + + + + +

返回值

+

描述

+

string url

+

attach流服务器的完全限定URL

+
#### ContainerStats @@ -2577,7 +2624,7 @@ rpc Status(StatusRequest) returns (StatusResponse) {}; #### 接口描述 -获取runtime和pod的网络状态,在获取网络状态时,会触发网络配置的刷新。仅支持runtime类型为lcr的容器。 +获取runtime和pod的网络状态,在获取网络状态时,会触发网络配置的刷新。 #### 注意事项 @@ -2871,8 +2918,8 @@ rpc ImageFsInfo(ImageFsInfoRequest) returns (ImageFsInfoResponse) {} 容器的真实LOGPATH=log\_directory/log\_path,如果log\_path不配置,那么最终的LOGPATH会变为LOGPATH=log\_directory。 - 如果该路径不存在,isulad在启动容器时会创建一个软链接,指向最终的容器日志真实路径,此时log\_directory变成一个软链接,此时有两种情况: - 1. 第一种情况,如果该sandbox里其它容器也没配置log\_path,在启动其它容器时,log\_directory会被删除,然后重新指向新启动容器的log\_path,导致之前启动的容器日志指向后面启动容器的日志。 - 2. 第二种情况,如果该sandbox里其它容器配置了log\_path,则该容器的LOGPATH=log\_directory/log\_path,由于log\_directory实际是个软链接,使用log\_directory/log\_path为软链接指向容器真实日志路径时,创建会失败。 + 1. 第一种情况,如果该sandbox里其他容器也没配置log\_path,在启动其他容器时,log\_directory会被删除,然后重新指向新启动容器的log\_path,导致之前启动的容器日志指向后面启动容器的日志。 + 2. 第二种情况,如果该sandbox里其他容器配置了log\_path,则该容器的LOGPATH=log\_directory/log\_path,由于log\_directory实际是个软链接,使用log\_directory/log\_path为软链接指向容器真实日志路径时,创建会失败。 - 如果该路径存在,isulad在启动容器时首先会尝试删除该路径(非递归),如果该路径是个文件夹,且里面有内容,删除会失败,从而导致创建软链接失败,容器启动失败,删除该容器时,也会出现同样的现象,导致删除失败。 @@ -2905,4 +2952,5 @@ rpc ImageFsInfo(ImageFsInfoRequest) returns (ImageFsInfoResponse) {} - 99e59f495ffaa 2016-05-04 02:26:41 753kB ``` - +5. iSulad CRI exec/attach接口采用websocket协议实现,需要采用同样协议的客户端与iSulad进行交互;使用exec/attach接口时,请避免进行串口大量数据及文件的传输,仅用于基本命令交互,若用户侧处理不及时将存在数据丢失的风险;同时请勿使用cri exec/attach接口进行二进制数据及文件传输。 +6. iSulad CRI exec/attach流式接口依赖libwebsockets实现,流式接口建议仅用于长连接交互使用,不建议在大并发场景下使用,可能会因为宿主机资源不足导致连接失败,建议并发量不超过100。 diff --git "a/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" "b/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" index af20374fcd64ce84478f48b7d86cf768321dfb84..7f5e215cfc209041e8f241f2c116e22ad7f22ab2 100644 --- "a/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" +++ "b/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" @@ -1,37 +1,6 @@ - - -* [安装](#安装) - * [环境准备](#环境准备) - * [安装isula-build](#安装isula-build) -* [配置与管理服务](#配置与管理服务) - * [配置服务](#配置服务) - * [管理服务](#管理服务) - * [通过 systemd 管理(推荐方式)](#通过-systemd-管理推荐方式) - * [直接运行 isula-build 服务端](#直接运行-isula-build-服务端) -* [使用指南](#使用指南) - * [前提条件](#前提条件) - * [总体说明](#总体说明) - * [ctr-img: 容器镜像管理](#ctr-img-容器镜像管理) - * [build: 容器镜像构建](#build-容器镜像构建) - * [image: 查看本地持久化构建镜像](#image-查看本地持久化构建镜像) - * [import: 导入容器基础镜像](#import-导入容器基础镜像) - * [load: 导入层叠镜像](#load-导入层叠镜像) - * [rm: 删除本地持久化镜像](#rm-删除本地持久化镜像) - * [save: 导出层叠镜像](#save-导出层叠镜像) - * [tag: 给本地持久化镜像打标签](#tag-给本地持久化镜像打标签) - * [info: 查看运行环境与系统信息](#info-查看运行环境与系统信息) - * [login: 登录远端镜像仓库](#login-登录远端镜像仓库) - * [logout: 退出远端镜像仓库](#logout-退出远端镜像仓库) - * [version: 版本查询](#version-版本查询) -* [直接集成容器引擎](#直接集成容器引擎) - * [与iSulad集成](#与isulad集成) - * [与Docker集成](#与docker集成) -* [附录](#附录) - * [命令行参数说明](#命令行参数说明) - * [通信矩阵](#通信矩阵) - * [文件与权限](#文件与权限) - - +# 容器镜像构建 + +## 概述 isula-build是iSula容器团队推出的容器镜像构建工具,支持通过Dockerfile文件快速构建容器镜像。 @@ -39,13 +8,13 @@ isula-build采用服务端/客户端模式,其中,isula-build为客户端, ![isula-build architecure](./figures/isula-build_arch.png) -说明: - -- isula-build当前仅支持Docker镜像。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - isula-build当前支持OCI镜像格式([OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/main/spec.md/))以及Docker镜像格式([Image Manifest Version 2, Schema 2](https://docs.docker.com/registry/spec/manifest-v2-2/))。通过命令`export ISULABUILD_CLI_EXPERIMENTAL=enabled开启实验特性以支持OCI镜像格式。不开启实验特性时,isula-build默认采用Docker镜像格式;当开启实验特性后,将默认采用OCI镜像格式。 -# 安装 +## 安装 -## 环境准备 +### 环境准备 为了确保isula-build成功安装,需满足以下软件硬件要求。 @@ -53,42 +22,39 @@ isula-build采用服务端/客户端模式,其中,isula-build为客户端, - 支持的操作系统:openEuler - 用户具有root权限。 -### 安装isula-build +#### 安装isula-build 使用isula-build构建容器镜像,需要先安装以下软件包。 - - -**(推荐)方法一:使用yum安装** +**(推荐)方法一**:使用yum安装 1. 配置openEuler yum源。 2. 使用root权限,登录目标服务器,安装isula-build。 - ``` + ```sh sudo yum install -y isula-build ``` +**方法二**:使用rpm包安装 - -**方法二:使用rpm包安装** - -1. 从openEuler yum源中获取isula-build对应安装包isula-build-*.rpm。例如isula-build-0.9.3-1.oe1.x86_64.rpm。 +1. 从openEuler yum源中获取isula-build对应安装包isula-build-*.rpm。例如isula-build-0.9.5-6.oe1.x86_64.rpm。 2. 将获取的rpm软件包上传至目标服务器的任一目录,例如 /home/。 3. 使用root权限,登录目标服务器,参考如下命令安装isula-build。 - ``` + ```sh sudo rpm -ivh /home/isula-build-*.rpm ``` -> **说明:** -> 安装完成后,需要手工启动isula-build服务。启动请参见"管理服务"。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 安装完成后,需要手工启动isula-build服务。启动请参见"管理服务"。 -# 配置与管理服务 +## 配置与管理服务 -## 配置服务 +### 配置服务 在安装完 isula-build 软件包之后,systemd 管理服务会以 isula-build 软件包自带的 isula-build 服务端默认配置启动 isula-build 服务。如果 isula-build 服务端的默认配置文件不能满足用户的需求,可以参考如下介绍进行定制化配置。需要注意的是,修改完默认配置之后,需要重启 isula-build 服务端使新配置生效,具体操作可参考下一章节。 @@ -102,8 +68,9 @@ isula-build采用服务端/客户端模式,其中,isula-build为客户端, | loglevel | 可选 | 设置日志级别 | debug
info
warn
error | | run_root | 必选 | 设置运行时数据根目录 | 运行时数据根目录路径,例如/var/run/isula-build/ | | data_root | 必选 | 设置本地持久化目录 | 本地持久化目录路径,例如/var/lib/isula-build/ | -| runtime | 可选 | 设置runtime种类,目前仅支持runc。 | runc | - +| runtime | 可选 | 设置runtime种类,目前仅支持runc | runc | +| group | 可选 | 设置本地套接字isula_build.sock文件属组使得加入该组的非特权用户可以操作isula-build | isula | +| experimental | 可选 | 设置是否开启实验特性 | true:开启实验特性;false:关闭实验特性 | - /etc/isula-build/storage.toml: 本地持久化存储的配置文件,包含所使用的存储驱动的配置。 @@ -111,8 +78,7 @@ isula-build采用服务端/客户端模式,其中,isula-build为客户端, | ------ | -------- | ------------------------------ | | driver | 可选 | 存储驱动类型,目前支持overlay2 | - 更多设置可参考 [containers-storage.conf.5.md](https://github.com/containers/storage/blob/master/docs/containers-storage.conf.5.md)。 - + 更多设置可参考 [containers-storage.conf.5.md](https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md)。 - /etc/isula-build/registries.toml : 针对各个镜像仓库的配置文件。 @@ -121,26 +87,26 @@ isula-build采用服务端/客户端模式,其中,isula-build为客户端, | registries.search | 可选 | 镜像仓库搜索域,在此list的镜像仓库可以被感知,不在此列的不被感知。 | | registries.insecure | 可选 | 可访问的不安全镜像仓库地址,在此列表中的镜像仓库将不会通过鉴权,不推荐使用。 | - 更多设置可参考 [containers-registries.conf.5.md](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md)。 + 更多设置可参考 [containers-registries.conf.5.md](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md)。 - /etc/isula-build/policy.json:镜像pull/push策略文件。注:当前不支持对其进行配置 -> ![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > - isula-build 支持最大 1MiB 的上述配置文件。 > - isula-build 不支持将持久化工作目录 dataroot 配置在内存盘上,比如 tmpfs。 > - isula-build 目前仅支持使用overlay2为底层 graphdriver。 +> - 在设置--group参数前,需保证本地OS已经创建了对应的用户组,且非特权用户已经加入该组。重启isula-builder之后即可使该非特权用户使用isula-build功能。同时,为了保持权限一致性,isula-build的配置文件目录/etc/isula-build的属组也会被设置为--group指定的组。 - - -## 管理服务 +### 管理服务 目前 openEuler 采用 systemd 管理软件服务,isula-build 软件包已经自带了 systemd 的服务文件,用户安装完 isula-build 软件包之后可以直接通过 systemd 工具对它进行服务启停等操作。用户同样可以手动启动 isula-build 服务端软件。需要注意的是,同一个节点上不可以同时启动多个 isula-build 服务端软件。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->同一个节点上不可以同时启动多个 isula-build 服务端软件。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 同一个节点上不可以同时启动多个 isula-build 服务端软件。 -### 通过 systemd 管理(推荐方式) +#### 通过 systemd 管理(推荐方式) 用户可以通过如下 systemd 的标准指令控制 isula-build 服务的启动、停止、重启等动作: @@ -168,7 +134,7 @@ isula-build 软件包安装的 systemd 服务文件保存在 `/usr/lib/systemd/s sudo systemctl daemon-reload ``` -### 直接运行 isula-build 服务端 +#### 直接运行 isula-build 服务端 您也可以通过执行 isula-build 服务端命令( isula-builder)的方式启动服务。其中,服务端启动配置,可通过isula-builder命令支持的 flags 设置。isula-build 服务端目前支持的 flags 如下: @@ -178,9 +144,12 @@ sudo systemctl daemon-reload - --runroot: 运行时路径,默认为”/var/run/isula-build/“。 - --storage-driver:底层存储驱动类型。 - --storage-opt: 底层存储驱动配置。 +- --group: 设置本地套接字isula_build.sock文件属组使得加入该组的非特权用户可以操作isula-build,默认为“isula”。 +- --experimental: 是否开启实验特性,默认为false。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->当命令行启动参数中传递了与配置文件相同的配置选项时,优先使用命令行参数启动。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 当命令行启动参数中传递了与配置文件相同的配置选项时,优先使用命令行参数启动。 启动 isula-build 服务。例如指定本地持久化路径/var/lib/isula-build,且不开启调试的参考命令如下: @@ -188,9 +157,9 @@ sudo systemctl daemon-reload sudo isula-builder --dataroot "/var/lib/isula-build" --debug=false ``` -# 使用指南 +## 使用指南 -## 前提条件 +### 前提条件 isula-build 构建 Dockerfile 内的 RUN 指令时依赖可执行文件 runc ,需要 isula-build 的运行环境上预装好 runc。安装方式视用户使用场景而定,如果用户不需要使用完整的 docker-engine 工具链,则可以仅安装 docker-runc rpm包: @@ -204,51 +173,50 @@ sudo yum install -y docker-runc sudo yum install -y docker-engine ``` ->![](./public_sys-resources/icon-note.gif) **说明:** ->用户需保证OCI runtime(runc)可执行文件的安全性,避免被恶意替换。 - - +>![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 用户需保证OCI runtime(runc)可执行文件的安全性,避免被恶意替换。 -## 总体说明 +### 总体说明 isula-build 客户端提供了一系列命令用于构建和管理容器镜像,当前 isula-build 包含的命令行指令如下: - ctr-img,容器镜像管理。ctr-img又包含如下子命令: - - build,根据给定dockerfile构建出容器镜像。 - - images,列出本地容器镜像。 - - import,导入容器基础镜像。 - - load,导入层叠镜像。 - - rm,删除本地容器镜像。 - - save, 导出层叠镜像至本地磁盘。 - - tag,给本地容器镜像打tag。 + - build,根据给定dockerfile构建出容器镜像。 + - images,列出本地容器镜像。 + - import,导入容器基础镜像。 + - load,导入层叠镜像。 + - rm,删除本地容器镜像。 + - save,导出层叠镜像至本地磁盘。 + - tag,给本地容器镜像打tag。 + - pull,拉取镜像到本地。 + - push,推送本地镜像到远程仓库。 - info,查看isula-build的运行环境和系统信息。 - login,登录远端容器镜像仓库。 - logout,退出远端容器镜像仓库。 - version,查看isula-build和isula-builder的版本号。 +- manifest(实验特性),管理manifest列表。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->isula-build completion 和 isula-builder completion 命令用于生成bash命令补全脚本。该命令为命令行框架隐式提供,不会显示在help信息中。 - - +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - isula-build completion 和 isula-builder completion 命令用于生成bash命令补全脚本。该命令为命令行框架隐式提供,不会显示在help信息中。 +> - isula-build客户端不包含配置文件,当用户需要使用isula-build实验特性时,需要在客户端通过命令`export ISULABUILD_CLI_EXPERIMENTAL=enabled`配置环境变量ISULABUILD_CLI_EXPERIMENTAL来开启实验特性。 以下按照上述维度依次详细介绍这些命令行指令的使用。 - - - -## ctr-img: 容器镜像管理 +### ctr-img: 容器镜像管理 isula-build 将所有容器镜像管理相关命令划分在子命令 `ctr-img` 下,命令原型为: -``` +```sh isula-build ctr-img [command] ``` -### build: 容器镜像构建 +#### build: 容器镜像构建 ctr-img 的子命令 build 用于构建容器镜像,命令原型为: -``` +```sh isula-build ctr-img build [flags] ``` @@ -256,8 +224,9 @@ isula-build ctr-img build [flags] - --build-arg:string列表,构建过程中需要用到的变量。 - --build-static:KeyValue值,构建二进制一致性。目前包含如下Key值: - - build-time:string,使用固定时间戳来构建容器镜像;时间戳格式为“YYYY-MM-DD HH-MM-SS”。 + - build-time:string,使用固定时间戳来构建容器镜像;时间戳格式为“YYYY-MM-DD HH-MM-SS”。 - -f, --filename:string,Dockerfile的路径,不指定则是使用当前路径的Dockerfile文件。 +- --format: string, 设置构建镜像的镜像格式:oci | docker(需开启实验特性选项)。 - --iidfile:string,输出 image ID 到本地文件。 - -o, --output:string,镜像导出的方式和路径。 - --proxy:布尔值,继承主机侧环境的proxy环境变量(默认为true)。 @@ -271,18 +240,19 @@ isula-build ctr-img build [flags] 从命令行接受参数作为Dockerfile中的参数,用法: ```sh -$ echo "This is bar file" > bar.txt -$ cat Dockerfile_arg +# echo "This is bar file" > bar.txt +# cat Dockerfile_arg FROM busybox ARG foo ADD ${foo}.txt . RUN cat ${foo}.txt -$ sudo isula-build ctr-img build --build-arg foo=bar -f Dockerfile_arg +# sudo isula-build ctr-img build --build-arg foo=bar -f Dockerfile_arg STEP 1: FROM busybox Getting image source signatures Copying blob sha256:8f52abd3da461b2c0c11fda7a1b53413f1a92320eb96525ddf92c0b5cde781ad Copying config sha256:e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b -Writing manifest to image destinationStoring signatures +Writing manifest to image destination +Storing signatures STEP 2: ARG foo STEP 3: ADD ${foo}.txt . STEP 4: RUN cat ${foo}.txt @@ -310,58 +280,73 @@ Build success with image id: 39b62a3342eed40b41a1bcd9cd455d77466550dfa0f0109af7a 对于容器镜像构建,isula-build支持相同的Dockerfile。如果构建环境相同,则多次构建生成的镜像内容和镜像ID相同。 -–build-static接受k=v形式的键值对选项,当前支持的选项有: +--build-static接受k=v形式的键值对选项,当前支持的选项有: - build-time:字符串类型。构建静态镜像的固定时间戳,格式为“YYYY-MM-DD HH-MM-SS”。时间戳影响diff层创建修改时间的文件属性。 使用示例如下: ```sh - $ sudo isula-build ctr-img build -f Dockerfile --build-static='build-time=2020-05-23 10:55:33' . + sudo isula-build ctr-img build -f Dockerfile --build-static='build-time=2020-05-23 10:55:33' . ``` 以此方式,同一环境多次构建出来的容器镜像和镜像ID均会保持一致。 +**\--format** +开始实验特性后该选项可用,默认为OCI镜像格式。可以手动指定镜像格式进行构建,例如,下面分别为构建OCI镜像格式以及Docker镜像格式镜像的命令。 + + ```sh + export ISULABUILD_CLI_EXPERIMENTAL=enabled; sudo isula-build ctr-img build -f Dockerfile --format oci . + ``` + + ```sh + export ISULABUILD_CLI_EXPERIMENTAL=enabled; sudo isula-build ctr-img build -f Dockerfile --format docker . + ``` + **\--iidfile** 将构建的镜像ID输出到文件,用法: -``` +```sh isula-build ctr-img build --iidfile filename ``` 例如,将容器镜像ID输出到testfile的参考命令如下: ```sh -$ sudo isula-build ctr-img build -f Dockerfile_arg --iidfile testfile +sudo isula-build ctr-img build -f Dockerfile_arg --iidfile testfile ``` 查看testfile中的容器镜像ID: ```sh -$ cat testfile +# cat testfile 76cbeed38a8e716e22b68988a76410eaf83327963c3b29ff648296d5cd15ce7b ``` - - **\-o, --output** -目前 -o, –output 支持如下形式: +目前 -o, --output 支持如下形式: - `isulad:image:tag`:将构建成功的镜像直接推送到 iSulad。比如:`-o isulad:busybox:latest`。同时需要注意如下约束: - - isula-build 和 iSulad 必须在同一个节点上 - - tag必须配置 - - isula-build client端需要将构建成功的镜像暂存成 `/var/tmp/isula-build-tmp-%v.tar` 再导入至 iSulad,用户需要保证 `/var/tmp/` 目录有足够磁盘空间 + - isula-build 和 iSulad 必须在同一个节点上 + - tag必须配置 + - isula-build client端需要将构建成功的镜像暂存成 `/var/tmp/isula-build-tmp-%v.tar` 再导入至 iSulad,用户需要保证 `/var/tmp/` 目录有足够磁盘空间 - `docker-daemon:image:tag`:将构建成功的镜像直接推送到 Docker daemon。比如:`-o docker-daemon:busybox:latest`。同时需要注意如下约束: -- isula-build 和 docker 必须在同一个节点上 - - tag必须配置 - -- `docker://registry.example.com/repository:tag`:将构建成功的镜像直接推送到远端镜像仓库。比如:`-o docker://localhost:5000/library/busybox:latest`。 + - isula-build 和 docker 必须在同一个节点上 + - tag必须配置 + +- `docker://registry.example.com/repository:tag`:将构建成功的镜像以Docker镜像格式直接推送到远端镜像仓库。比如:`-o docker://localhost:5000/library/busybox:latest`。 + +- `docker-archive:/:image:tag`:将构建成功的镜像以Docker镜像格式保存至本地。比如:`-o docker-archive:/root/image.tar:busybox:latest`。 + +打开实验特性之后,可以启用相应OCI镜像的构建: + +- `oci://registry.example.com/repository:tag`:将构建成功的镜像以OCI镜像格式直接推送到远端镜像仓库(远程镜像仓库须支持OCI镜像格式)。比如:`-o oci://localhost:5000/library/busybox:latest`。 -- `docker-archive:/:image:tag`:将构建成功的镜像以Docker image的格式保存至本地。比如:`-o docker-archive:/root/image.tar:busybox:latest`。 +- `oci-archive:/:image:tag`:将构建成功的镜像以OCI镜像的格式保存至本地。比如:`-o oci-archive:/root/image.tar:busybox:latest`。 除去各个flags之外,build子命令的命令行最后还会接收一个argument,该argument类型是string,意义为context,即该Dockerfile构建环境的上下文。该参数默认值为isula-build被执行的当前路径。该路径会影响 .dockerignore 和 Dockerfile的ADD/COPY指令 所检索的路径。 @@ -381,24 +366,24 @@ $ cat testfile 添加构建过程中RUN指令所需权限,用法: -``` +```sh isula-build ctr-img build --cap-add ${CAP} ``` 使用举例: ```sh -$ sudo isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRACE -f Dockerfile +sudo isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRACE -f Dockerfile ``` -> **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** > > - isula-build最大支持并发构建100个容器镜像。 > - isula-build支持Dockerfile最大为1MiB。 > - isula-build支持 .dockerignore 最大为 1MiB。 > - 用户需保证Dockerfile文件的权限为仅当前用户可读写,避免别的用户进行篡改。 > - 构建时,RUN指令会启动容器在容器内进行构建,目前 isula-build 仅支持使用主机网络。 -> - isula-build 导出的镜像压缩格式,目前仅支持tar.gz格式。 +> - isula-build 导出的镜像压缩格式,目前仅支持tar格式。 > - isula-build 在每一个镜像构建stage完成后做一次提交,而不是每执行 Dockerfile的一行就提交一次。 > - isula-build 暂不支持构建缓存。 > - isula-build 仅在构建RUN指令时会启动构建容器。 @@ -407,62 +392,65 @@ $ sudo isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRAC > - isula-build 的stage name最长可为64个字符。 > - isula-build 暂不支持对单次Dockerfile的构建进行资源限制。如有资源限制需求,可通过对 isula-builder 服务端配置资源限额的方式进行限制。 > - isula-build 目前不支持Dockerfile里的ADD指令提供的数据来源是远端url。 +> - isula-build 使用docker-archive以及oci-archive类型导出的本地tar包未经压缩。如有需求,用户可以手动进行压缩。 - - -### image: 查看本地持久化构建镜像 +#### image: 查看本地持久化构建镜像 可通过images命令查看当前本地持久化存储的镜像: ```sh -$ sudo isula-build ctr-img images ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -localhost:5000/library/alpine latest a24bb4013296 2020-20-19 19:59:197 5.85 MB - 39b62a3342ee 2020-20-38 38:66:387 1.45 MB ----------------------------------------------- ----------- ----------------- -------------------------- ------------ +# sudo isula-build ctr-img images +--------------------------------------- ----------- ----------------- ------------------------ ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +--------------------------------------- ----------- ----------------- ------------------------ ------------ +localhost:5000/library/alpine latest a24bb4013296 2022-01-17 10:02:19 5.85 MB + 39b62a3342ee 2022-01-17 10:01:12 1.45 MB +--------------------------------------- ----------- ----------------- ------------------------ ------------ ``` -**说明**:通过`isula-build ctr-img images`查看的镜像大小与`docker images`的显示上有一定差异。这是因为统计镜像大小时,isula-build是直接计算每层tar包大小之和,而docker是通过解压tar遍历diff目录计算文件大小之和,因此存在统计上的差异。 - - +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 通过`isula-build ctr-img images`查看的镜像大小与`docker images`的显示上有一定差异。这是因为统计镜像大小时,isula-build是直接计算每层tar包大小之和,而docker是通过解压tar遍历diff目录计算文件大小之和,因此存在统计上的差异。 -### import: 导入容器基础镜像 +#### import: 导入容器基础镜像 -openEuler会随版本发布一个容器基础镜像,比如openEuler-docker.x86_64.tar.xz。可以通过`ctr-img import`指令将它导入到 isula-build。 +可以通过`ctr-img import`指令将rootfs形式的tar文件导入到isula-build中。 命令原型如下: -``` +```sh isula-build ctr-img import [flags] ``` 使用举例: ```sh -$ sudo isula-build ctr-img import ./openEuler-docker.x86_64.tar.xz openeuler:20.03 -Import success with image id: 7317851cd2ab33263eb293f68efee9d724780251e4e92c0fb76bf5d3c5585e37 -$ sudo isula-build ctr-img images ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -openeuler 20.03 7317851cd2ab 2020-08-01 06:25:34 500 MB ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ +# sudo isula-build ctr-img import busybox.tar mybusybox:latest +Getting image source signatures +Copying blob sha256:7b8667757578df68ec57bfc9fb7754801ec87df7de389a24a26a7bf2ebc04d8d +Copying config sha256:173b3cf612f8e1dc34e78772fcf190559533a3b04743287a32d549e3c7d1c1d1 +Writing manifest to image destination +Storing signatures +Import success with image id: "173b3cf612f8e1dc34e78772fcf190559533a3b04743287a32d549e3c7d1c1d1" +# sudo isula-build ctr-img images +--------------------------------------- ----------- ----------------- ------------------------ ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +--------------------------------------- ----------- ----------------- ------------------------ ------------ +mybusybox latest 173b3cf612f8 2022-01-12 16:02:31 1.47 MB +--------------------------------------- ----------- ----------------- ------------------------ ------------ ``` ->![](./public_sys-resources/icon-note.gif) **说明:** ->isula-build 支持导入最大1GiB的容器基础镜像。 - - +>![](./public_sys-resources/icon-note.gif) **说明:** +> +> - isula-build 支持导入最大1GiB的容器基础镜像。 -### load: 导入层叠镜像 +#### load: 导入层叠镜像 层叠镜像指的是通过 docker save 或 isula-build ctr-img save 等指令,将一个构建完成的镜像保存至本地之后,镜像压缩包内是一层一层 layer.tar 的镜像包。可以通过 ctr-img load 指令将它导入至 isula-build。 命令原型如下: -``` +```sh isula-build ctr-img load [flags] ``` @@ -473,7 +461,8 @@ isula-build ctr-img load [flags] 使用举例如下: ```sh -$ sudo isula-build ctr-img load -i ubuntu.tarGetting image source signatures +# sudo isula-build ctr-img load -i ubuntu.tar +Getting image source signatures Copying blob sha256:cf612f747e0fbcc1674f88712b7bc1cd8b91cf0be8f9e9771235169f139d507c Copying blob sha256:f934e33a54a60630267df295a5c232ceb15b2938ebb0476364192b1537449093 Copying blob sha256:943edb549a8300092a714190dfe633341c0ffb483784c4fdfe884b9019f6a0b4 @@ -494,48 +483,49 @@ Storing signatures Loaded image as c07ddb44daa97e9e8d2d68316b296cc9343ab5f3d2babc5e6e03b80cd580478e ``` ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** > ->- isula-build load命令仅支持导入包含单个层叠镜像的镜像压缩文件。 ->- isula-build 支持导入最大50G的容器层叠镜像。 - - +> - isula-build 支持导入最大50G的容器层叠镜像。 +> - isula-build 会自动识别容器层叠镜像的格式并进行导入。 -### rm: 删除本地持久化镜像 +#### rm: 删除本地持久化镜像 可通过rm命令删除当前本地持久化存储的镜像。命令原型为: -``` +```sh isula-build ctr-img rm IMAGE [IMAGE...] [FLAGS] ``` 目前支持的 flags 为: -- -a, –all:删除所有本地持久化存储的镜像。 -- -p, –prune:删除所有没有tag的本地持久化存储的镜像。 +- -a, --all:删除所有本地持久化存储的镜像。 +- -p, --prune:删除所有没有tag的本地持久化存储的镜像。 使用示例如下: ```sh -$ sudo isula-build ctr-img rm -p +# sudo isula-build ctr-img rm -p Deleted: sha256:78731c1dde25361f539555edaf8f0b24132085b7cab6ecb90de63d72fa00c01d Deleted: sha256:eeba1bfe9fca569a894d525ed291bdaef389d28a88c288914c1a9db7261ad12c ``` - - -### save: 导出层叠镜像 +#### save: 导出层叠镜像 可通过save命令导出层叠镜像到本地磁盘。命令原型如下: -``` +```sh isula-build ctr-img save [REPOSITORY:TAG]|imageID -o xx.tar ``` +目前支持的 flags 为: + +- -f, --format:导出层叠镜像的镜像格式:oci | docker(需开启实验特性选项) +- -o, --output:本地tar包路径 + 以下示例通过 `image/tag` 的形式将镜像进行导出: ```sh -$ sudo isula-build ctr-img save busybox:latest -o busybox.tar +# sudo isula-build ctr-img save busybox:latest -o busybox.tar Getting image source signatures Copying blob sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a Copying blob sha256:824082a6864774d5527bda0d3c7ebd5ddc349daadf2aa8f5f305b7a2e439806f @@ -549,7 +539,7 @@ Save success with image: busybox:latest 以下示例通过 `ImageID` 的形式将镜像进行导出: ```sh -$ sudo isula-build ctr-img save 21c3e96ac411 -o busybox.tar +# sudo isula-build ctr-img save 21c3e96ac411 -o busybox.tar Getting image source signatures Copying blob sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a Copying blob sha256:824082a6864774d5527bda0d3c7ebd5ddc349daadf2aa8f5f305b7a2e439806f @@ -560,190 +550,364 @@ Storing signatures Save success with image: 21c3e96ac411 ``` +以下示例导出多个镜像到同一个tar包: + +```sh +# sudo isula-build ctr-img save busybox:latest nginx:latest -o all.tar +Getting image source signatures +Copying blob sha256:eb78099fbf7fdc70c65f286f4edc6659fcda510b3d1cfe1caa6452cc671427bf +Copying blob sha256:29f11c413898c5aad8ed89ad5446e89e439e8cfa217cbb404ef2dbd6e1e8d6a5 +Copying blob sha256:af5bd3938f60ece203cd76358d8bde91968e56491daf3030f6415f103de26820 +Copying config sha256:b8efb18f159bd948486f18bd8940b56fd2298b438229f5bd2bcf4cedcf037448 +Writing manifest to image destination +Storing signatures +Getting image source signatures +Copying blob sha256:e2d6930974a28887b15367769d9666116027c411b7e6c4025f7c850df1e45038 +Copying config sha256:a33de3c85292c9e65681c2e19b8298d12087749b71a504a23c576090891eedd6 +Writing manifest to image destination +Storing signatures +Save success with image: [busybox:latest nginx:latest] +``` +>![](./public_sys-resources/icon-note.gif) **说明:** +> +> - save 导出的镜像默认格式为未压缩的tar格式,如有需求,用户可以再save之后手动压缩。 +> - 在使用镜像名导出镜像时,需要给出完整的镜像名格式:REPOSITORY:TAG。 -### tag: 给本地持久化镜像打标签 +#### tag: 给本地持久化镜像打标签 可使用tag命令给本地持久化的容器镜像打tag。命令原型如下: -``` +```sh isula-build ctr-img tag / busybox:latest ``` 使用举例: ```sh -$ sudo isula-build ctr-img images ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -$ sudo isula-build ctr-img tag a24bb4013296 alpine:v1 -$ sudo isula-build ctr-img images ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB -alpine v1 a24bb4013296 2020-05-29 21:19:46 5.85 MB ----------------------------------------------- ----------- ----------------- -------------------------- ------------ +# sudo isula-build ctr-img images +--------------------------------------- ----------- ----------------- -------------------------- ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +--------------------------------------- ----------- ----------------- -------------------------- ------------ +alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB +--------------------------------------- ----------- ----------------- -------------------------- ------------ +# sudo isula-build ctr-img tag a24bb4013296 alpine:v1 +# sudo isula-build ctr-img images +--------------------------------------- ----------- ----------------- ------------------------ ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +--------------------------------------- ----------- ----------------- ------------------------ ------------ +alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB +alpine v1 a24bb4013296 2020-05-29 21:19:46 5.85 MB +--------------------------------------- ----------- ----------------- ------------------------ ------------ ``` +#### pull: 拉取镜像到本地 +可通过pull命令拉取远程镜像仓库中的镜像到本地。命令原型如下: -## info: 查看运行环境与系统信息 +```sh +isula-build ctr-img pull REPOSITORY[:TAG] +``` -可以通过“isula-build info”指令查看 isula-build 目前的运行环境与系统信息。命令原型如下: +使用示例: +```sh +# sudo isula-build ctr-img pull example-registry/library/alpine:latest +Getting image source signatures +Copying blob sha256:8f52abd3da461b2c0c11fda7a1b53413f1a92320eb96525ddf92c0b5cde781ad +Copying config sha256:e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b +Writing manifest to image destination +Storing signatures +Pull success with image: example-registry/library/alpine:latest ``` - isula-build info [flags] + +#### push: 将本地镜像推送到远程仓库 + +可通过push命令将本地镜像推送到远程仓库。命令原型如下: + +```sh +isula-build ctr-img push REPOSITORY[:TAG] +``` + +目前支持的 flags 为: + +- -f, --format:推送的镜像格式:oci|docker(需开启实验特性选项) + +使用示例: + +```sh +# sudo isula-build ctr-img push example-registry/library/mybusybox:latest +Getting image source signatures +Copying blob sha256:d2421964bad195c959ba147ad21626ccddc73a4f2638664ad1c07bd9df48a675 +Copying config sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f +Writing manifest to image destination +Storing signatures +Push success with image: example-registry/library/mybusybox:latest +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 推送镜像时,需要先登录对应的镜像仓库。 + +### info: 查看运行环境与系统信息 + +可以通过“isula-build info”指令查看 isula-build 目前的运行环境与系统信息。命令原型如下: + +```sh +isula-build info [flags] ``` 支持如下Flags: -- -H, –human-readable 布尔值,以常用内存表示格式打印内存信息,使用1000次幂 +- -H, --human-readable 布尔值,以常用内存表示格式打印内存信息,使用1000次幂 +- -V, --verbose 布尔值,显示运行时内存占用信息 使用示例: ```sh -$ sudo isula-build info -H - General: - MemTotal: 7.63 GB - MemFree: 757 MB - SwapTotal: 8.3 GB - SwapFree: 8.25 GB - OCI Runtime: runc - DataRoot: /var/lib/isula-build/ - RunRoot: /var/run/isula-build/ - Builders: 0 +# sudo isula-build info -HV + General: + MemTotal: 7.63 GB + MemFree: 757 MB + SwapTotal: 8.3 GB + SwapFree: 8.25 GB + OCI Runtime: runc + DataRoot: /var/lib/isula-build/ + RunRoot: /var/run/isula-build/ + Builders: 0 Goroutines: 12 - Store: - Storage Driver: overlay + Store: + Storage Driver: overlay Backing Filesystem: extfs - Registry: - Search Registries: + Registry: + Search Registries: oepkgs.net - Insecure Registries: - localhost:5000 + Insecure Registries: + localhost:5000 oepkgs.net + Runtime: + MemSys: 68.4 MB + HeapSys: 63.3 MB + HeapAlloc: 7.41 MB + MemHeapInUse: 8.98 MB + MemHeapIdle: 54.4 MB + MemHeapReleased: 52.1 MB ``` -## login: 登录远端镜像仓库 +### login: 登录远端镜像仓库 用户可以运行 login 命令来登录远程镜像仓库。命令原型如下: -``` - isula-build login SERVER [FLAGS] +```sh +isula-build login SERVER [FLAGS] ``` 目前支持的flag有: -``` - Flags: - -p, --password-stdin Read password from stdin +```sh +Flags: + -p, --password-stdin Read password from stdin -u, --username string Username to access registry ``` 通过stdin输入密码。以下示例通过通过管道将creds.txt里的密码传给isula-build的stdin进行输入: ```sh - $ cat creds.txt | sudo isula-build login -u cooper -p mydockerhub.io + # cat creds.txt | sudo isula-build login -u cooper -p mydockerhub.io Login Succeeded ``` 通过交互式输入密码: ```sh - $ sudo isula-build login mydockerhub.io -u cooper + # sudo isula-build login mydockerhub.io -u cooper Password: Login Succeeded ``` -## logout: 退出远端镜像仓库 +### logout: 退出远端镜像仓库 用户可以运行 logout 命令来登出远程镜像仓库。命令原型如下: -``` - isula-build logout [SERVER] [FLAGS] +```sh +isula-build logout [SERVER] [FLAGS] ``` 目前支持的flag有: -``` - Flags: +```sh +Flags: -a, --all Logout all registries ``` 使用示例如下: ```sh - $ sudo isula-build logout -a + # sudo isula-build logout -a Removed authentications ``` -## version: 版本查询 +### version: 版本查询 可通过version命令查看当前版本信息: ```sh - $ sudo isula-build version + # sudo isula-build version Client: - Version: 0.9.2 - Go Version: go1.13.3 - Git Commit: ccb2a13 - Built: Sat Aug 22 08:06:47 2020 + Version: 0.9.5 + Go Version: go1.15.7 + Git Commit: b82408f + Built: Tue Mar 30 11:08:00 2021 OS/Arch: linux/amd64 - + Server: - Version: 0.9.2 - Go Version: go1.13.3 - Git Commit: ccb2a13 - Built: Sat Aug 22 08:06:47 2020 + Version: 0.9.5 + Go Version: go1.15.5 + Git Commit: 64dbad50 + Built: Mon Apr 12 20:30:31 2021 OS/Arch: linux/amd64 ``` +### manifest: manifest列表管理 + +manifest列表包含不同系统架构对应的镜像信息,通过使用manifest列表,用户可以在不同的架构中使用相同的manifest(例如openeuler:latest)获取对应架构的镜像,manifest包含create、annotate、inspect和push子命令。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - manifest为实验特性,使用时需开启客户端和服务端的实验选项,方式详见客户端总体说明和配置服务章节。 + +#### create: manifest列表创建 + +manifest的子命令create用于创建manifest列表,命令原型为: + +```sh +isula-build manifest create MANIFEST_LIST MANIFEST [MANIFEST...] +``` + +用户可以指定manifest列表的名称以及需要加入到列表中的远程镜像,若不指定任何远程镜像,则会创建一个空的manifest列表。 + +使用示例如下: + +```sh +sudo isula-build manifest create openeuler localhost:5000/openeuler_x86:latest localhost:5000/openeuler_aarch64:latest +``` + +#### annotate: manifest列表更新 + +manifest的子命令annotate用于更新manifest列表,命令原型为: + +```sh +isula-build manifest annotate MANIFEST_LIST MANIFEST [flags] +``` + +用户可以指定需要更新的manifest列表以及其中的镜像,通过flags指定需要更新的选项,此命令也可用于添加新的镜像到列表中。 + +其中annotate包含如下flags: + +- --arch: string,重写镜像适用架构 +- --os: string,重写镜像适用系统 +- --os-features: string列表,指定镜像需要的OS特性,很少使用 +- --variant: string,指定列表中记录镜像的变量 + +使用示例如下: + +```sh +sudo isula-build manifest annotate --os linux --arch arm64 openeuler:latest localhost:5000/openeuler_aarch64:latest +``` + +#### inspect: manifest列表查询 + +manifest子命令inspect用于查询manifest列表信息,命令原型为: + +```sh +isula-build manifest inspect MANIFEST_LIST +``` + +使用示例如下: + +```sh +# sudo isula-build manifest inspect openeuler:latest +{ + "schemaVersion": 2, + "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", + "manifests": [ + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "size": 527, + "digest": "sha256:bf510723d2cd2d4e3f5ce7e93bf1e52c8fd76831995ac3bd3f90ecc866643aff", + "platform": { + "architecture": "amd64", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "size": 527, + "digest": "sha256:f814888b4bb6149bd39ba8375a1932fb15071b4dbffc7f76c7b602b06abbb820", + "platform": { + "architecture": "arm64", + "os": "linux" + } + } + ] +} +``` + +#### push: 将manifest列表推送到远程仓库 -# 直接集成容器引擎 +manifest子命令push用于将manifest列表推送到远程仓库,命令原型为: + +```sh +isula-build manifest push MANIFEST_LIST DESTINATION +``` + +使用示例如下: + +```sh +sudo isula-build manifest push openeuler:latest localhost:5000/openeuler:latest +``` + +## 直接集成容器引擎 isula-build可以与iSulad和docker集成,将构建好的容器镜像导入到容器引擎的本地存储中。 -## 与iSulad集成 +### 与iSulad集成 支持将构建成功的镜像直接导出到iSulad。 命令行举例: ```sh -$ sudo isula-build ctr-img build -f Dockerfile -o isulad:busybox:2.0 +sudo isula-build ctr-img build -f Dockerfile -o isulad:busybox:2.0 ``` 通过在-o参数中指定iSulad,将构建好的容器镜像导出到iSulad,可以通过isula images查询: ```sh -$ sudo isula images +# sudo isula images isula images REPOSITORY TAG IMAGE ID CREATED SIZE busybox 2.0 2d414a5cad6d 2020-08-01 06:41:36 5.577 MB ``` -> ![](./public_sys-resources/icon-note.gif) **说明:** +> ![](./public_sys-resources/icon-note.gif) **说明:** +> > - 要求isula-build和iSulad在同一节点。 -> - 直接导出镜像到iSulad时,isula-build client端需要将构建成功的镜像暂存成 `/var/tmp/isula-build-tmp-%v.tar` 再导入至 iSulad,用户需要保证 /var/tmp/ 目录有足够磁盘空间;同时如果在导出过程中 isula-build client进程被KILL或Ctrl+C终止,需要依赖用户手动清理 `/var/tmp/isula-build-tmp-%v.tar` 文件。 +> - 直接导出镜像到iSulad时,isula-build client端需要将构建成功的镜像暂存成 `/var/lib/isula-build/tmp/[buildid]/isula-build-tmp-%v.tar` 再导入至 iSulad,用户需要保证 /var/lib/isula-build/tmp/ 目录有足够磁盘空间;同时如果在导出过程中 isula-build client进程被KILL或Ctrl+C终止,需要依赖用户手动清理 `/var/lib/isula-build/tmp/[buildid]/isula-build-tmp-%v.tar` 文件。 -## 与Docker集成 +### 与Docker集成 支持将构建成功的镜像直接导出到Docker daemon。 命令行举例: ```sh -$ sudo isula-build ctr-img build -f Dockerfile -o docker-daemon:busybox:2.0 +sudo isula-build ctr-img build -f Dockerfile -o docker-daemon:busybox:2.0 ``` 通过在-o参数中指定docker-daemon,将构建好的容器镜像导出到docker, 可以通过docker images查询。 ```sh -$ sudo docker images +# sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox 2.0 2d414a5cad6d 2 months ago 5.22MB ``` @@ -752,10 +916,40 @@ busybox 2.0 2d414a5c > > - 要求isula-build和Docker在同一节点。 -# 附录 +## 使用注意事项 + +本章节主要介绍在使用isula-build构建镜像时相关的约束和限制,以及与docker build的差异。 +### 约束和限制 -## 命令行参数说明 +1. 当导出镜像到[`iSulad`](https://gitee.com/openeuler/iSulad/blob/master/README.md/)时,镜像必须指明tag。 +2. 因为isula-builder运行`RUN`指令时,需要调用系统中的oci 运行时(如`runc`),用户需要保证该运行时的安全性,不受篡改。 +3. `DataRoot`不能设置在内存盘上(tmpfs)。 +4. `Overlay2`是目前isula-builder唯一支持的存储驱动。 +5. `Docker`镜像是目前唯一支持的镜像格式,未来即将支持`oci`格式镜像。 +6. `Dockerfile`文件权限强烈建议设置为**0600**以防止恶意篡改。 +7. `RUN`命令中目前只支持主机侧网络(host network)。 +8. 当导出镜像到本地tar包时,目前只支持保存为`tar`格式。 +9. 当使用`import`功能导入基础镜像时,最大支持**1G**。 + +### 与“docker build”差异 + +`isula-build`兼容[Docker镜像格式规范](https://docs.docker.com/engine/reference/builder/),但仍然和`docker build`存在一些差异: + +1. 支持镜像压缩,即对每个`stage`进行提交而非每一行。 +2. 目前不支持构建缓存。 +3. 只有`RUN`指令会运行容器进行构建。 +4. 目前不支持查询镜像构建历史。 +5. `Stage`名称可以用数字开头。 +6. `Stage`名称最大长度为64。 +7. `ADD`命令不支持远端URL格式。 +8. 暂不支持对单次构建进行资源限额,可采取对isula-builder配置资源限额的方式进行限制。 +9. 统计镜像大小时,isula-build是直接计算每层tar包大小之和,而docker是通过解压tar遍历diff目录计算文件大小之和,因此通过`isula-build ctr-img images`查看的镜像大小与`docker images`的显示上有一定差异。 +10. 操作时的镜像名称需要明确,格式为IMAGE_NAME:IMAGE_TAG。例如 busybox:latest,其中latest不可省略。 + +## 附录 + +### 命令行参数说明 **表1** ctr-img build 命令参数列表 @@ -764,6 +958,7 @@ busybox 2.0 2d414a5c | ctr-img build | --build-arg | string列表,构建过程中需要用到的变量 | | | --build-static | KV值,构建二进制一致性。目前包含如下K值:- build-time:string,使用固定时间戳来构建容器镜像;时间戳格式为“YYYY-MM-DD HH-MM-SS” | | | -f, --filename | string,Dockerfile的路径,不指定则是使用当前路径的Dockerfile文件 | +| | --format | string,设置构建镜像的镜像格式:oci|docker(需开启实验特性选项)| | | --iidfile | string,输出 image ID 到本地文件 | | | -o, --output | string,镜像导出的方式和路径 | | | --proxy | 布尔值,继承主机侧环境的proxy环境变量(默认为true) | @@ -776,39 +971,55 @@ busybox 2.0 2d414a5c | ------------ | ----------- | --------------------------------- | | ctr-img load | -i, --input | string,需要导入的本地tar包的路径 | -**表3** ctr-img rm 命令参数列表 +**表3** ctr-img push 命令参数列表 + +| **命令** | **参数** | **说明** | +| ------------ | ----------- | --------------------------------- | +| ctr-img push | -f, --format | string,推送的镜像格式:oci|docker(需开启实验特性选项)| + +**表4** ctr-img rm 命令参数列表 | **命令** | **参数** | **说明** | | ---------- | ----------- | --------------------------------------------- | | ctr-img rm | -a, --all | 布尔值,删除所有本地持久化存储的镜像 | | | -p, --prune | 布尔值,删除所有没有tag的本地持久化存储的镜像 | -**表4** ctr-img save 命令参数列表 +**表5** ctr-img save 命令参数列表 | **命令** | **参数** | **说明** | | ------------ | ------------ | ---------------------------------- | | ctr-img save | -o, --output | string,镜像导出后在本地的存储路径 | +| | -f, --format | string,导出层叠镜像的镜像格式:oci|docker(需开启实验特性选项)| -**表5** login 命令参数列表 +**表6** login 命令参数列表 | **命令** | **参数** | **说明** | | -------- | -------------------- | ------------------------------------------------------- | | login | -p, --password-stdin | 布尔值,是否通过stdin读入密码;或采用交互式界面输入密码 | -| | -u, --username | string,登陆镜像仓库所使用的用户名 | +| | -u, --username | string,登录镜像仓库所使用的用户名 | -**表6** logout 命令参数列表 +**表7** logout 命令参数列表 | **命令** | **参数** | **说明** | | -------- | --------- | ------------------------------------ | -| logout | -a, --all | 布尔值,是否登出所有已登陆的镜像仓库 | +| logout | -a, --all | 布尔值,是否登出所有已登录的镜像仓库 | -## 通信矩阵 +**表8** manifest annotate命令参数列表 + +| **命令** | **说明** | **参数** | +| ----------------- | ------------- | ------------------------------------------ | +| manifest annotate | --arch | string,重写镜像适用架构 | +| | --os | string,重写镜像适用系统 | +| | --os-features | string列表,指定镜像需要的OS特性,很少使用 | +| | --variant | string,指定列表中记录镜像的变量 | + +### 通信矩阵 isula-build两个组件进程之间通过unix socket套接字文件进行通信,无端口通信。 -## 文件与权限 +### 文件与权限 -- isula-build 所有的操作均需要使用 root 权限。 +- isula-build 所有的操作均需要使用 root 权限。如需使用非特权用户操作,则需要配置--group参数 - isula-build 运行涉及文件权限如下表所示: @@ -817,13 +1028,13 @@ isula-build两个组件进程之间通过unix socket套接字文件进行通信 | /usr/bin/isula-build | 550 | 命令行工具二进制文件。 | | /usr/bin/isula-builder | 550 | 服务端isula-builder进程二进制文件。 | | /usr/lib/systemd/system/isula-build.service | 640 | systemd配置文件,用于管理isula-build服务。 | +| /etc/isula-build | 650 | isula-builder 配置文件根目录 | | /etc/isula-build/configuration.toml | 600 | isula-builder 总配置文件,包含设置 isula-builder 日志级别、持久化目录和运行时目录、OCI runtime等。 | | /etc/isula-build/policy.json | 600 | 签名验证策略文件的语法文件。 | | /etc/isula-build/registries.toml | 600 | 针对各个镜像仓库的配置文件,含可用的镜像仓库列表、镜像仓库黑名单。 | | /etc/isula-build/storage.toml | 600 | 本地持久化存储的配置文件,包含所使用的存储驱动的配置。 | -| /var/run/isula_build.sock | 600 | 服务端isula-builder的本地套接字。 | +| /etc/isula-build/isula-build.pub | 400 | 非对称加密公钥文件 | +| /var/run/isula_build.sock | 660 | 服务端isula-builder的本地套接字。 | | /var/lib/isula-build | 700 | 本地持久化目录。 | | /var/run/isula-build | 700 | 本地运行时目录。 | -| /var/tmp/isula-build-tmp-*.tar | 600 | 镜像导出至iSulad时的本地暂存目录。 | - - +| /var/lib/isula-build/tmp/[buildid]/isula-build-tmp-*.tar | 644 | 镜像导出至iSulad时的本地暂存目录。 | diff --git "a/docs/zh/docs/Container/isula-transform\350\277\201\347\247\273\345\267\245\345\205\267.md" "b/docs/zh/docs/Container/isula-transform\350\277\201\347\247\273\345\267\245\345\205\267.md" new file mode 100644 index 0000000000000000000000000000000000000000..d2fb3bb9a6c7265eba9e8f306b9261404aee6063 --- /dev/null +++ "b/docs/zh/docs/Container/isula-transform\350\277\201\347\247\273\345\267\245\345\205\267.md" @@ -0,0 +1,163 @@ +# isula-transform 容器迁移工具 + +isula-transform 容器迁移工具配合 iSulad 2.0 推出。用于将 Docker 容器引擎拉起的容器转换迁移到 iSulad 引擎管理。迁移完成后,可以通过 iSulad 完成容器生命周期管理等功能。 + + + +* [快速引导](#快速引导) + * [安装部署](#安装部署) + * [使用示例](#使用示例) +* [使用指南](#使用指南) + * [用法介绍](#用法介绍) + * [参数说明](#参数说明) + * [注意事项](#注意事项) +* [附录](#附录) + * [通信矩阵及权限说明](#通信矩阵及权限说明) + * [通信矩阵](#通信矩阵) + * [文件与权限](#文件与权限) + + + +## 快速引导 + +### 安装部署 + +安装 isula-transform 可参考如下方法: + +- yum 安装(推荐) + + ``` shell + sudo yum install -y isula-transform + ``` + +* rpm 安装 + + ``` shell + sudo rpm -ivh isula-transform-0.9.1-1.oe1.x86_64.rpm + ``` + + 说明:isula-transform 运行依赖于 isulad 和 docker-engine,采用 rpm 安装时请确保环境中已安装 isulad 和 docker-engine。 + + +### 使用示例 + +这里给出将 Docker 容器引擎拉起的容器迁移到 iSulad 引擎管理的示例。 + +1. 以 host 网络启动一个 Docker 容器,并挂载数据卷。 + + ``` shell + $ mkdir /tmp/test && echo "hello isula 2.0" > /tmp/test/hello.txt + $ sudo docker run -tid --network host -v /tmp/test:/test rnd-dockerhub.huawei.com/official/ubuntu bash + b7ebc79a83297d781069308311cd1456539ab663fc284c80386a941af1a78685 + $ sudo docker exec b7ebc7 cat /test/hello.txt + hello isula 2.0 + $ sudo docker exec b7ebc7 bash -c "echo 'hello isula-transform' > /root/world.txt" + $ sudo docker exec b7ebc7 cat /root/world.txt + hello isula-transform + ``` + +2. 使用 isula-transform 工具迁移该容器(指定容器 id 前几位或全 id)。 + + ``` shell + $ sudo isula-transform b7ebc7 + transform b7ebc7: success + ``` + +3. 重启 isulad,可查看到该容器。 + + ``` shell + $ systemctl restart isulad && sudo isula ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + b7ebc79a8329 rnd-dockerhub.huawei.com/official/ubuntu "bash" 8 minutes ago Exited (0) 2 minutes ago inspiring_dirac + ``` + +4. 启动容器并检查数据。容器启动成功且数据完整,说明容器迁移成功。 + + ``` shell + $ sudo isula start b7ebc7 + $ sudo isula exec b7ebc7 cat /test/hello.txt + hello isula 2.0 + $ sudo isula exec b7ebc7 cat /root/world.txt + hello isula-transform + ``` + +5. 删除容器。 + + ``` shell + $ sudo isula rm -f b7ebc7 + b7ebc79a83297d781069308311cd1456539ab663fc284c80386a941af1a78685 + $ sudo isula ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + ``` + +## 使用指南 + +### 用法介绍 + +isula-transform 支持两种用法: + +1. 迁移指定容器 + + 通过指定容器 id 的形式,isula-transform 可以迁移指定的 Docker 容器,用法如下: + + ``` shell + isula-transform [OPTIONS] container_id [container_id...] + ``` + + 可同时指定多个容器 id,支持短 id 格式,但需要保证短 id 唯一性。 + +2. 迁移所有容器 + + 通过配置 --all 参数,isula-transform 将会迁移所有 running 和 pause 状态的 Docker 容器,用法如下: + + ``` shell + isula-transform [OPTIONS] --all + ``` + + 若指定 --all 参数后同时指定了容器 id,isula-transform 会忽略传入的容器 id。 + +其他可配置参数请参见 [参数说明](#参数说明)。 + +### 参数说明 + +用法介绍中的OPTIONS 为 isula-transform 的可选参数,具体含义请参见下表。 + +| 参数 | 说明 | +| -------------- | :----------------------------------------------------------- | +| --log | 指定日志文件的路径, 未配置取默认值 /var/log/isula-kits/transform.log | +| --log-level | 指定输出日志的最低级别,可配置项目包括:debug info warn error,默认为 info 级别 | +| --docker-graph | docker graph 路径,未配置取默认值 /var/lib/docker | +| --docker-state | docker state 路径,未配置取默认值 /var/run/docker | + + +### 注意事项 + +- isula-transform 适用非集群场景,Kubernetes 等集群场景下,建议配置 iSulad 引擎之后拉起新容器。 +- isula-transform 目前支持对 Docker 18.09 版本创建的容器进行迁移,容器需要处于 running 或者 pause 状态。 +- isula-transform 完成迁移后原 Docker 容器会处于 pause 状态,由用户决定原 Docker 容器的生命周期。 +- isula-transform 要求被迁移的 Docker 容器以 --network=host 启动, 或者复用以 host 网络启动的容器的网络栈。后者场景中,两个容器均需要被迁移,且迁移后需要首先启动父容器。 +- 涉及到共享 namespace (pid,ipc)时,父子容器均需要被迁移,且迁移后需要首先启动父容器。 +- 涉及到指定 --cgroup-parent 时,Docker 引擎为原容器创建的 cgroup 没有被销毁,iSulad 引擎无法为新容器创建 cgroup,需要原 Docker 容器被停止或删除后,新容器才能启动。 +- iSula 容器相对于 Docker 容器不支持的配置参数,isula-transform 迁移后会丢弃。 + +## 附录 + +### 通信矩阵及权限说明 + +#### 通信矩阵 + +isula-transform 运行时会作为客户端访问服务端 dockerd,isula-transform 和 dockerd 之间通过 unix socket 套接字文件进行通信,路径如下: + +|服务端|socket 路径| +|---|:---| +|dockerd|/var/run/docker.sock| + +#### 文件与权限 + +- isula-transform 运行需要 root 权限。 +- isula-transform 运行涉及文件权限如下表所示: + + |文件路径|权限|说明| + |:---|---|:---| + |/usr/bin/isula-transform|0550|可执行二进制文件| + |/var/log/isula-kits/transform.log|0600|isula-transform 默认日志文件| diff --git "a/docs/zh/docs/Container/namespace\345\214\226\345\206\205\346\240\270\345\217\202\346\225\260\345\217\257\345\206\231.md" "b/docs/zh/docs/Container/namespace\345\214\226\345\206\205\346\240\270\345\217\202\346\225\260\345\217\257\345\206\231.md" index 74e4f950a65614579fc534ab9ce57d77fcbce2d9..7cc7807d11b670020a62a84ee509bdc481e8c3a1 100644 --- "a/docs/zh/docs/Container/namespace\345\214\226\345\206\205\346\240\270\345\217\202\346\225\260\345\217\257\345\206\231.md" +++ "b/docs/zh/docs/Container/namespace\345\214\226\345\206\205\346\240\270\345\217\202\346\225\260\345\217\257\345\206\231.md" @@ -42,7 +42,7 @@

/proc/sys/fs/mqueue/msgsize_default

/proc/sys/fs/mqueue/msgsize_max

/proc/sys/fs/mqueue/queues_max

-
  • 支持通知指定多个namespce配置,多个配置间通过逗号隔开,例如:--ns-change-opt=net,ipc。
    • +
  • 支持通知指定多个namespace配置,多个配置间通过逗号隔开,例如:--ns-change-opt=net,ipc。
    		•
    - @@ -185,6 +187,17 @@ iSulad 安装完成后,可以根据需要进行相关配置。 + + + + + - @@ -264,15 +277,6 @@ iSulad 安装完成后,可以根据需要进行相关配置。 overlay2.basesize=${size} #等价于overlay2.size - - - - - - + + + + + + +

    配置参数

    @@ -128,7 +130,7 @@ iSulad 安装完成后,可以根据需要进行相关配置。

    -G, --group

    "group": "isulad"

    +

    "group": "isula"

    socket所属组

    可以指定max-file,max-size,log-path。max-file指日志文件个数;max-size指日志触发防爆的阈值,若max-file为1,max-size失效;log-path指定日志文件存储路径;log-file-mode用于设置日志文件的读写权限,格式要求必须为八进制格式,如0666。

    --container-log-driver

    +

    "container-log": {

    +

    "driver": "json-file"

    +

    }

    +

    容器串口日志驱动默认配置

    +

    指定所有容器的默认串口日志的驱动

    +

    --start-timeout

    "start-timeout": "2m"

    @@ -194,7 +207,7 @@ iSulad 安装完成后,可以根据需要进行相关配置。

    --runtime

    +

    "default-runtime": "lcr"

    --image-opt-timeout

    -

    "image-opt-timeout": "5m"

    -

    镜像操作超时时间,默认为5m

    -

    值为-1表示不限制超时。

    -

    --registry-mirrors

    "registry-mirrors": [ "docker.io" ]

    @@ -430,7 +434,7 @@ iSulad 安装完成后,可以根据需要进行相关配置。

    ulimit指定限制的类型,soft值及hard值

    指定限制的资源类型,如“nofile”。两个字段名字必须相同,即都为nofile,否则会报错。Hard指定的值需要大于等于Soft'。如果Hard字段或者Soft字段未设置,则默认该字段默认为0。

    +

    指定限制的资源类型,如“nofile”。两个字段名字必须相同,即都为nofile,否则会报错。Hard指定的值需要大于等于Soft。如果Hard字段或者Soft字段未设置,则默认该字段默认为0。

    --websocket-server-listening-port

    @@ -443,6 +447,55 @@ iSulad 安装完成后,可以根据需要进行相关配置。

    --websocket-server-listening-port,以客户端参数为准。端口范围1024-49151

    +

    "cri-runtimes": {

    +

    "kata": "io.containerd.kata.v2"

    +

    }

    +

    自定义cri runtimes的映射

    +

    isulad通过自定义的cri runtimes映射,可以将runtimeclass转换为对应的runtime。

    +
    + + + 配置文件/etc/isulad/daemon_constants.json + + + + + + + + + + + + + + + + + +

    配置参数

    +

    配置文件示例

    +

    参数解释

    +

    备注

    +

    不支持

    +

    "default-host": "docker.io"

    +

    如果镜像名以该镜像仓库名为前缀,则保存和显示时会去除该镜像仓库名前缀

    +

    一般情况下该参数不需要修改

    +

    不支持

    +

    "registry-transformation": {

    +

    "docker.io": "registry-1.docker.io",

    +

    "index.docker.io": "registry-1.docker.io"

    +

    }

    +

    "key":"value"格式,表示从key指定的仓库拉取镜像时实际从value指定的仓库拉取镜像

    +

    一般情况下该参数不需要修改

    +
    @@ -451,7 +504,7 @@ iSulad 安装完成后,可以根据需要进行相关配置。 ``` # cat /etc/isulad/daemon.json { - "group": "isulad", + "group": "isula", "default-runtime": "lcr", "graph": "/var/lib/isulad", "state": "/var/run/isulad", @@ -478,15 +531,27 @@ iSulad 安装完成后,可以根据需要进行相关配置。 "rnd-dockerhub.huawei.com" ], "pod-sandbox-image": "", - "image-opt-timeout": "5m", "native.umask": "secure", "network-plugin": "", "cni-bin-dir": "", "cni-conf-dir": "", "image-layer-check": false, "use-decrypted-key": true, - "insecure-skip-verify-enforce": false + "insecure-skip-verify-enforce": false, + "cri-runtime": { + "kata": "io.containerd.kata.v2" + } } + + # cat /etc/isulad/daemon_constants.json + { + "default-host": "docker.io", + "registry-transformation":{ + "docker.io": "registry-1.docker.io", + "index.docker.io": "registry-1.docker.io" + } + } + ``` >![](./public_sys-resources/icon-notice.gif) **须知:** @@ -552,13 +617,6 @@ iSulad 安装完成后,可以根据需要进行相关配置。

    实时通讯缓存文件,isula运行过程创建的文件

    \*

    -

    /var/lib/lcr/

    -

    LCR 组件临时目录

    -

    \*

    /var/lib/isulad/

    @@ -616,15 +674,15 @@ iSulad 安装完成后,可以根据需要进行相关配置。 - 启动一个isulad容器,不能够以非root用户进行isula run -i/-t/-ti以及isula attach/exec操作。 -- iSulad对接OCI容器时,仅支持kata-runtime启动OCI容器。 +- isulad的临时文件存放路径默认为/var/lib/isulad/isulad_tmpdir,如果更换了isulad的根目录,则路径为`$isulad_root/isulad_tmpdir`。如果需要修改isulad存放临时文件的目录,可以通过在启动isulad前配置ISULAD_TMPDIR环境变量来实现,isulad启动时会进行检查,如果发现配置了ISULAD_TMPDIR环境变量,则会将`$ISULAD_TMPDIR/isulad_tmpdir`目录作为临时文件存放的路径,注意`$ISULAD_TMPDIR`下面的不要存放名称为isulad_tmpdir的文件/文件夹等,因为isulad启动时会递归删除`$ISULAD_TMPDIR/isulad_tmpdir`目录来防止数据残留。同时请确保`$ISULAD_TMPDIR`路径只有root用户可以访问,防止其他用户操作导致的安全问题。 ### DAEMON多端口的绑定 -## 描述 +## 描述 daemon端可以绑定多个unix socket或者tcp端口,并在这些端口上侦听,客户端可以通过这些端口和daemon端进行交互。 -## 接口 +## 接口 用户可以在/etc/isulad/daemon.json文件的hosts字段配置一个或者多个端口。当然用户也可以不指定hosts。 @@ -646,7 +704,7 @@ OPTIONS='-H unix:///var/run/isulad.sock --host tcp://127.0.0.1:6789' 如果用户在daemon.json文件及iSulad中均未指定hosts,则daemon在启动之后将默认侦听unix:///var/run/isulad.sock。 -## 限制 +## 限制 - 用户不可以在/etc/isulad/daemon.json和/etc/sysconfig/iSuald两个文件中同时指定hosts,如果这样做将会出现错误,isulad无法正常启动; @@ -660,11 +718,11 @@ OPTIONS='-H unix:///var/run/isulad.sock --host tcp://127.0.0.1:6789' ### 配置TLS认证与开启远程访问 -#### 描述 +#### 描述 iSulad采用C/S模式进行设计,在默认情况,iSulad守护进程isulad只侦听本地/var/run/isulad.sock,因此只能在本地通过客户端isula执行相关命令操作容器。为了能使isula可以远程访问容器,isulad守护进程需要通过tcp:ip的方式侦听远程访问的端口。然而,仅通过简单配置tcp ip:port进行侦听,这样会导致所有的ip都可以通过调用isula -H tcp://:port与isulad通信,容易导致安全问题,因此推荐使用较安全版本的TLS\(**Transport Layer Security - 安全传输层协议**)方式进行远程访问。 -#### 生成TLS证书 +#### 生成TLS证书 - 明文私钥和证书生成方法示例 @@ -755,7 +813,7 @@ iSulad采用C/S模式进行设计,在默认情况,iSulad守护进程isulad ``` -#### 接口 +#### 接口 ``` { @@ -769,7 +827,7 @@ iSulad采用C/S模式进行设计,在默认情况,iSulad守护进程isulad } ``` -#### 限制 +#### 限制 服务端支持的模式如下: @@ -791,7 +849,7 @@ iSulad采用C/S模式进行设计,在默认情况,iSulad守护进程isulad >- GRPC开源组件日志不由iSulad进行接管,如果需要查看GRPC相关日志,请按需设置GRPC\_VERBOSITY和GRPC\_TRACE环境变量 >   -#### 示例 +#### 示例 服务端: @@ -869,7 +927,7 @@ iSulad采用C/S模式进行设计,在默认情况,iSulad守护进程isulad 这里提供了两种配置方式,用户可根据实际情况的选择合适的方式。 - - 编辑/etc/isulad/daemon.json,配置storage-driver字段值为devicemapper,并配置storage-opts字段的相关参数,支持参数请参见[参数说明](#zh-cn_topic_0222861454_section1712923715282)。配置参考如下所示: + - 编辑/etc/isulad/daemon.json,配置storage-driver字段值为devicemapper,并配置storage-opts字段的相关参数,支持参数请参见[参数说明](#参数说明)。配置参考如下所示: ``` { @@ -882,7 +940,7 @@ iSulad采用C/S模式进行设计,在默认情况,iSulad守护进程isulad } ``` - - 或者也可以通过编辑/etc/sysconfig/iSulad,在isulad启动参数里显式指定,支持参数请参见[参数说明](#zh-cn_topic_0222861454_section1712923715282)。配置参考如下所示: + - 或者也可以通过编辑/etc/sysconfig/iSulad,在isulad启动参数里显式指定,支持参数请参见[参数说明](#参数说明)。配置参考如下所示: ``` OPTIONS="--storage-driver=devicemapper --storage-opt dm.thinpooldev=/dev/mapper/isula-thinpool --storage-opt dm.fs=ext4 --storage-opt dm.min_free_space=10%" @@ -895,11 +953,11 @@ iSulad采用C/S模式进行设计,在默认情况,iSulad守护进程isulad ``` -#### 参数说明 +#### 参数说明 -storage-opts 支持的参数请参见[表1](#zh-cn_topic_0222861454_table3191161993812)。 +storage-opts 支持的参数请参见[表1](#table1)。 -**表 1** starage-opts字段参数说明 +**表 1** storage-opts字段参数说明 -

    参数

    @@ -928,7 +986,7 @@ storage-opts 支持的参数请参见[表1](#zh-cn_topic_0222861454_table3191161

    用于在创建基础设备时指定额外的mkfs参数。例如“dm.mkfsarg=-O ^has_journal”

    +

    用于在创建基础设备时指定额外的mkfs参数。例如“dm.mkfsarg=-b 1024”

    dm.mountopt

    @@ -955,7 +1013,7 @@ storage-opts 支持的参数请参见[表1](#zh-cn_topic_0222861454_table3191161
    -#### 注意事项 +#### 注意事项 - 配置devicemapper时,如果系统上没有足够的空间给thinpool做自动扩容,请禁止自动扩容功能。 diff --git "a/docs/zh/docs/Container/\345\256\211\350\243\205\346\214\207\345\257\274.md" "b/docs/zh/docs/Container/\345\256\211\350\243\205\346\214\207\345\257\274.md" index fcf2db30db8519b5fad347b79784a77788e783b0..3dff94cad4d757746a3242f62e2796c08ca131d7 100644 --- "a/docs/zh/docs/Container/\345\256\211\350\243\205\346\214\207\345\257\274.md" +++ "b/docs/zh/docs/Container/\345\256\211\350\243\205\346\214\207\345\257\274.md" @@ -15,17 +15,24 @@ # yum install syscontainer-tools authz lxcfs-tools lxcfs ``` -3. 查看iSulad是否已经启动。 - - ``` - # systemctl status isulad - ``` - -4. 开启lxcfs和authz服务。 +3. 开启lxcfs和authz服务。 ``` # systemctl start lxcfs # systemctl start authz ``` +4. 查看iSulad和lxcfs,authz是否已经启动。 + ``` + # systemctl status isulad + # systemctl status lxcfs + # systemctl status authz + ``` +5. 若需要设置开机自启服务,命令如下: + + ``` + # systemctl enable isulad + # systemctl enable lxcfs + # systemctl enable authz + ``` diff --git "a/docs/zh/docs/Container/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" "b/docs/zh/docs/Container/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" index 84202b96449118f548e6a0bdac2e2ab3a96be1f3..831e19d4ac8d4aa36eec047f3b94596778590d2e 100644 --- "a/docs/zh/docs/Container/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" +++ "b/docs/zh/docs/Container/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" @@ -31,7 +31,7 @@ ## 注意事项 - Docker容器的安装需要使用root权限。 -- docker-engine rpm包与containerd rpm包、runc rpm包、podman rpm包不能同时安装。因为docker-engine rpm包中已经包含Docker运行所需的所有组件,其中包括containerd、runc、docker二进制,且containerd、runc和podman rpm包也分别提供了对应的二进制,所以重复安装时会出现软件包冲突。 +- docker-engine rpm包与containerd rpm包、runc rpm包、docker-proxy rpm包、podman rpm包不能同时安装。因为docker-engine rpm包中已经包含Docker运行所需的所有组件,其中包括containerd、runc、docker-proxy、docker二进制,且containerd、runc、docker-proxy和podman rpm包也分别提供了对应的二进制,所以重复安装时会出现软件包冲突。 ## 基本安装配置 @@ -66,7 +66,7 @@ cat /etc/docker/daemon.json - Docker network create 并发创建网络的时候,可以创建具有相同名字的两个网络。原因是docker network是通过id来区分的,name只是个便于识别的别名而已,不保证唯一性。 - Docker在桥接bridge网络模式下,Docker容器是通过宿主机上的NAT模式,建立与宿主机之外世界的通信。Docker Daemon在启动一个容器时,每在宿主机上映射一个端口都会启动一个docker-proxy进程来实现访问代理。建议用户在使用这种userland-proxy时,只映射必须的端口,减少docker-proxy进行端口映射所消耗的资源。 -### daemon-umask配置.md">daemon umask配置 +### daemon-umask配置 容器主进程和exec进程的默认umask为0022,为了满足安全性需求,避免容器受到攻击,修改runc的实现,将默认umask修改为0027。修改后others群组将无法访问新建文件或目录。 @@ -75,7 +75,7 @@ docker启动容器时的默认umask值为0027,可以在dockerd启动时,使 >![](./public_sys-resources/icon-notice.gif) **须知:** >如果docker create/run也配置了native.umask参数,则以docker create/run中的配置为准。 -详细的配置见[docker create](#create.md#ZH-CN_TOPIC_0184808242)和[docker run](#run.md#ZH-CN_TOPIC_0184808254)章节的参数说明。 +详细的配置见[docker create](https://docs.openeuler.org/zh/docs/20.03_LTS_SP4/docs/Container/%E5%AE%B9%E5%99%A8%E7%AE%A1%E7%90%86-4.html#create)和[docker run](https://docs.openeuler.org/zh/docs/20.03_LTS_SP4/docs/Container/%E5%AE%B9%E5%99%A8%E7%AE%A1%E7%90%86-4.html#run)章节的参数说明。 ### daemon启动时间 @@ -162,7 +162,7 @@ type=SYSCALL msg=audit(1517656451.457:8097): arch=c000003e syscall=257 success=y docker run -itd --security-opt seccomp=unconfined busybox:latest ``` -### 禁止修改docker-daemon的私有目录.md">禁止修改docker daemon的私有目录 +### 禁止修改docker-daemon的私有目录 不允许对Docker用的根目录(默认/var/lib/docker)和运行时目录(默认/run/docker)以及其文件作任何修改,包括在该目录下删除文件,添加文件,对目录或者文件做软/硬链接,修改文件的属性/权限,修改文件的内容等,如果确实需要做修改,后果自负。 @@ -192,9 +192,9 @@ kernel.pid_max = 32768 #### 配置方法 -docker默认为使用overlay2存储驱动,也可以通过如下两种方式显示指定。 +docker默认为使用overlay2存储驱动,也可以通过如下两种方式显式指定。 -- 编辑/etc/docker/daemon.json,通过storage-driver字段显示指定。 +- 编辑/etc/docker/daemon.json,通过storage-driver字段显式指定。 ``` cat /etc/docker/daemon.json @@ -204,7 +204,7 @@ docker默认为使用overlay2存储驱动,也可以通过如下两种方式显 ``` -- 编辑/etc/sysconfig/docker-storage,通过docker deamon启动参数显示指定。 +- 编辑/etc/sysconfig/docker-storage,通过docker daemon启动参数显式指定。 ``` cat /etc/sysconfig/docker-storage @@ -249,7 +249,7 @@ docker默认为使用overlay2存储驱动,也可以通过如下两种方式显 #### 异常场景 -容器使用配置了overlay2存储驱动的过程中,可能出现挂载点被覆盖的异常情况。例如 +容器使用配置了overlay2存储驱动的过程中,可能出现挂载点被覆盖的异常情况。例如:    @@ -312,9 +312,9 @@ docker rm: Error response from daemon: driver "overlay2" failed to remove root f ### 配置devicemapper存储驱动 -用户如果需要使用devicemapper存储驱动,可以通过如下两种方式显示指定。 +用户如果需要使用devicemapper存储驱动,可以通过如下两种方式显式指定。 -- 编辑/etc/docker/daemon.json,通过storage-driver字段显示指定。 +- 编辑/etc/docker/daemon.json,通过storage-driver字段显式指定。 ``` cat /etc/docker/daemon.json @@ -324,7 +324,7 @@ docker rm: Error response from daemon: driver "overlay2" failed to remove root f ``` -- 编辑/etc/sysconfig/docker-storage,通过docker deamon启动参数显示指定。 +- 编辑/etc/sysconfig/docker-storage,通过docker daemon启动参数显式指定。 ``` cat /etc/sysconfig/docker-storage @@ -356,9 +356,11 @@ docker rm: Error response from daemon: driver "overlay2" failed to remove root f - 使用了user namespace场景下,deviceset-metadata文件使用的是:/var/lib/docker/\{userNSUID.GID\}/devicemapper/metadata/deviceset-metadata。 - 使用devicemapper存储驱动,容器在user namespace场景和普通场景之间切换时,需要将对应deviceset-metadata文件中的BaseDeviceUUID内容清空;针对thinpool扩容或者重建的场景下,也同样的需要将对应deviceset-metadata文件中的BaseDeviceUUID内容清空,否则docker服务会重启失败。 +## 强制退出docker相关后台进程的影响 + ### 信号量残留 -使用devicemapper作为graphdriver时,强制退出强制退出可能导致信号量残留。docker在操作dm的过程中会创建信号量,如果在释放信号量前,daemon被强制退出,可能导致该信号量无法释放,一次强制退出最多泄露一个信号量,泄露概率低。而linux系统有信号量上限限制,当信号量泄露次数达到上线值时将无法创建新的信号量,进而导致docker daemon启动失败。排查方法如下: +使用devicemapper作为graphdriver时,强制退出可能导致信号量残留。docker在操作dm的过程中会创建信号量,如果在释放信号量前,daemon被强制退出,可能导致该信号量无法释放,一次强制退出最多泄露一个信号量,泄露概率低。而linux系统有信号量上限限制,当信号量泄露次数达到上限值时将无法创建新的信号量,进而导致docker daemon启动失败。排查方法如下: 1. 首先查看系统上残留的信号量 diff --git "a/docs/zh/docs/Container/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" index 733495d04b2721ae3a93914b88bee80460deca41..d92691eaac0a90fb6fc1100fada4955c5c5456b5 100644 --- "a/docs/zh/docs/Container/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" @@ -22,7 +22,7 @@ isula run -itd --health-cmd "echo iSulad >> /tmp/health_check_file || exit 1" -- - \--health-cmd,必选,在容器内执行的命令。返回值为0表示成功,非0表示失败。 - \--health-interval,默认 30s,最大为int64上限(纳秒),自定义配置最小值1s,相邻两次命令执行的间隔时间(注:入参0s时视为default)。 -- \--health-timeout,默认 30s,最大为int64上限(纳秒),自定义配置最小值1s,单次检查命令执行的时间上限,超时则任务命令执行失败(注:入参0s时视为default),仅支持runtime类型为lcr的容器。 +- \--health-timeout,默认 30s,最大为int64上限(纳秒),自定义配置最小值1s,单次检查命令执行的时间上限,超时则任务命令执行失败(注:入参0s时视为default)。 - \--health-start-period,默认 0s,最大为int64上限(纳秒),自定义配置最小值1s,容器初始化时间。 - \--health-retries,默认 3,最大为int32上限,健康检查失败最大的重试次数。 - \--health-exit-on-unhealthy,默认false,检测到容器非健康时是否杀死容器。 @@ -35,7 +35,7 @@ isula run -itd --health-cmd "echo iSulad >> /tmp/health_check_file || exit 1" -- 4. 若CMD命令连续retries次检查失败,则容器状态变为health:unhealthy。失败后容器也会继续进行健康检查。 5. 容器状态为health:unhealthy时,任意一次检查成功会使得容器状态变为health:healthy。 6. 设置\--exit-on-unhealthy的情况下,如果容器因为非被杀死退出(退出返回值137)后,健康检查只有容器在重新启动后才会继续生效。 -7. CMD执行完毕或超时时,docker daemon会将这次检查的起始时间、返回值和标准输出记录到容器的配置文件中。最多记录5条。此外,容器的配置文件中还存储着健康检查的相关参数。 +7. CMD执行完毕或超时时,iSulad daemon会将这次检查的起始时间、返回值和标准输出记录到容器的配置文件中。最多记录5条。此外,容器的配置文件中还存储着健康检查的相关参数。 8. 运行中的容器的健康检查状态也会被写入容器配置中。通过isula inspect可以看到。 ``` @@ -64,5 +64,5 @@ isula run -itd --health-cmd "echo iSulad >> /tmp/health_check_file || exit 1" -- - 容器内健康检查的状态信息最多保存5条。会保存最后得到的5条记录。 - 容器启动时若健康检查相关参数配置为0,则按照默认值处理。 - 带有健康检查配置的容器启动后,若iSulad daemon退出,则健康检查不会执行。iSulad daemon再次启动后,正在运行且带有健康检查配置的容器其健康状态会变为starting。之后检查规则同上。 -- 如果健康检查从第一次开始便一直失败,其状态保持与之前一致(starting),直到达到指定失败次数(--health-retries)后变为unhealthy,或者检查成功后变为healthy。 -- 对于OCI类型的runtime的容器,健康检查功能待完善。目前仅完整支持lcr类型的容器。 +- 如果健康检查从第一次开始便一直失败,其状态保持与之前一致(starting),直到达到指定失败次数(--health-retries)后变为unhealthy,或者检查成功后变为healthy。 + diff --git "a/docs/zh/docs/Container/\345\256\271\345\231\250\345\267\245\345\205\267.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\267\245\345\205\267.md" new file mode 100644 index 0000000000000000000000000000000000000000..92ab3407cc04652c0896b9aba4ffc3c0b8d829ec --- /dev/null +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\267\245\345\205\267.md" @@ -0,0 +1,3 @@ +# 容器工具 + +为了更好地管理和使用容器,iSula 推出了一些容器相关工具,包括容器镜像构建工具 iSula-build、容器迁移工具 iSula-transform等。本章介绍容器相关工具的安装和使用方法,以指导用户更好地使用对应工具。 \ No newline at end of file diff --git "a/docs/zh/docs/Container/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" index 1741c561a9434ae2a973e997ddcd8d7d59eb26c9..fd3df9603868b914bfd47a2306b01b0f7cef2920 100644 --- "a/docs/zh/docs/Container/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" @@ -2,13 +2,11 @@ Docker daemon是一个常驻后台的系统进程,docker 子命令执行前先要启动docker daemon。 -   - 如果是通过rpm包或者系统包管理工具安装的,就可以使用systemctl start docker来启动docker daemon。 docker命令支持多个参数选项,对于参数选项有以下约定: -1. 单个字符的选项可以合并在一起,如: +1. 单个字符的选项可以合并在一起,如: ``` docker run -t -i busybox /bin/sh @@ -20,20 +18,20 @@ docker命令支持多个参数选项,对于参数选项有以下约定: docker run -ti busybox /bin/sh ``` -2. 在命令帮助中看到的如\--icc=true之类的bool命令选项,如果没有使用这个选项,则这个标志位的值就是在命令帮助中看到的默认值,如果使用了这个选项则这个标志位的值就是命令帮助中看的值的相反值,如果启动docker daemon没有加上使用\--icc选项,则默认设置了\--icc=true,如果使用了\--icc选项则表示是\--icc=false。 -3. 在命令帮助中看到的\--attach=\[\]之类的选项,表示这类的选项可以多次设置,如: +2. 在命令帮助中看到的如\--icc=true之类的bool命令选项,如果没有使用这个选项,则这个标志位的值就是在命令帮助中看到的默认值,如果使用了这个选项则这个标志位的值就是命令帮助中看的值的相反值,如果启动docker daemon没有加上使用\--icc选项,则默认设置了\--icc=true,如果使用了\--icc选项则表示是\--icc=false。 +3. 在命令帮助中看到的\--attach=\[\]之类的选项,表示这类的选项可以多次设置,如: ``` docker run --attach=stdin --attach=stdout -i -t busybox /bin/sh ``` -4. 在命令帮助中看到的-a, \--attach=\[\]之类的选项,表示这种选项既可以用-a value指定也可以用\--attach=value指定。如: +4. 在命令帮助中看到的-a, \--attach=\[\]之类的选项,表示这种选项既可以用-a value指定也可以用\--attach=value指定。如: ``` docker run -a stdin --attach=stdout -i -t busybox /bin/sh ``` -5. \--name=””之类的选项需要的是一个字符串,只能指定一次,-c=0之类的选项需要的是一个整数,只能指定一次。 +5. \--name=””之类的选项需要的是一个字符串,只能指定一次,-c=0之类的选项需要的是一个整数,只能指定一次。 **表 1** docker daemon启动时指定参数详解 @@ -260,7 +258,7 @@ docker命令支持多个参数选项,对于参数选项有以下约定:

    --tlscacert="/root/.docker/ca.pem"

    通过CA认证过的的certificate文件路径。

    +

    通过CA认证过的certificate文件路径。

    --tlscert="/root/.docker/cert.pem"

    diff --git "a/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" index 02e00cf5715d2c0768d035ccda20e25f368414f3..90a996b0d64804798537fedc11f2c592521cc885 100644 --- "a/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" @@ -103,7 +103,7 @@ container\_registry这个容器已经启动了,但是并不知道容器中的 从输出可以看出,容器内的5000端口映射到了主机的49155端口。通过主机IP:49155就可以访问registry服务了,在浏览器中输入http://localhost:49155就可以返回registry的版本信息。 -在运行registry镜像的时候还可以直接指定端口映射如: +在运行registry镜像的时候还可以直接指定端口映射如下: ``` docker run --name=container_registry -d -p 5000:5000 registry @@ -214,7 +214,7 @@ docker run --name=container_registry -d -p 5000:5000 registry 2. CAP\_SYS\_MODULE - CAP\_SYS\_MODULE这个Cap是让容器可以插入ko,增加该Cap可以让容器逃逸,甚至破坏内核。因为容器最大的隔离是Namespace,在ko中只要把他的Namespace指向init\_nsproxy即可。 + CAP\_SYS\_MODULE这个Cap是让容器可以插入或移除ko,增加该Cap可以让容器逃逸,甚至破坏内核。因为容器最大的隔离是Namespace,在ko中只要把他的Namespace指向init\_nsproxy即可。 3. CAP\_SYS\_ADMIN @@ -232,7 +232,7 @@ docker run --name=container_registry -d -p 5000:5000 registry 5. CAP\_DAC\_READ\_SEARCH - 该权限开放了,两个系统调用open\_by\_handle\_at,name\_to\_handle\_at,如果host上没有selinux保护,容器中可通过暴力搜索file\_handle结构的inode号,进而可以打开host上的任意文件,影响文件系统的隔离性。 + 该权限开放了open\_by\_handle\_at和name\_to\_handle\_at两个系统调用,如果host上没有selinux保护,容器中可通过暴力搜索file\_handle结构的inode号,进而可以打开host上的任意文件,影响文件系统的隔离性。 6. CAP\_SYS\_RAWIO @@ -299,7 +299,7 @@ docker run --name=container_registry -d -p 5000:5000 registry ### 原理及使用场景 -docker支持hook的扩展特性,hook应用与底层runc的执行过程中,遵循OCI标准:[https://github.com/opencontainers/runtime-spec/blob/master/config.md\#hooks](#https://github.com/opencontainers/runtime-spec/blob/master/config.md#hooks) 。 +docker支持hook的扩展特性,hook应用与底层runc的执行过程中,遵循OCI标准:[https://github.com/opencontainers/runtime-spec/blob/main/config.md\#hooks](#https://github.com/opencontainers/runtime-spec/blob/main/config.md#hooks) 。 hook主要有三种类型:prestart,poststart,poststop。分别作用于容器内用户应用程序启动之前,容器应用程序启动之后,容器应用程序停止之后。 @@ -370,7 +370,7 @@ type Hooks struct{ 这个路径可能会跟随用户手动配置,以及user namespace的使用(daemon --userns-remap)而变化。 path进行软链接解析后,必须以Docker Root Dir/hooks开头(如本例中使用 /var/lib/docker/hooks开头),否则会直接报错。 2. hooks path必须指定绝对路径,因为这个是由daemon处理,相对路径对daemon无意义。同时绝对路径也更满足安全要求。 - 3. hook程序打印到stderr的输出会打印给客户端并对容器的声明周期产生影响(比如启动失败),而输出到stdout的打印信息会被直接忽略。 + 3. hook程序打印到stderr的输出会打印给客户端并对容器的生命周期产生影响(比如启动失败),而输出到stdout的打印信息会被直接忽略。 4. 严禁在hook里反向调用docker的指令。 5. 配置的hook执行文件必须要有可执行权限,否则hook执行会报错。 6. 使用hook时,执行时间应尽量短。如果hook中的prestart时间过长(超过2分钟),则会导致容器启动超时失败,如果hook中的poststop时间过长(超过2分钟),也会导致容器异常。 @@ -613,7 +613,7 @@ CONTAINER ID IMAGE COMMAND CREATED - 禁止使用docker rm -f XXX 删除容器。如果使用强制删除,docker rm会忽略过程中的错误,可能导致容器相关元数据残留。如果使用普通删除,如果删除过程出错,则会删除失败,不会导致元数据残留。 - 避免使用docker kill命令。docker kill命令发送相关信号给容器内业务进程,依赖于容器内业务进程对信号的处理策略,可能导致业务进程的信号处理行为与指令的预期不符合的情况。 -- docker stop处于restarting状态的容器可能容器不会马上停止。如果一个容器使用了重启规则,当容器处于restarting状态时,docker stop这个容器时有很低的概率会立即返回,容器仍然会在重启规则的作用下再次启动。 +- docker stop处于restarting状态的容器可能不会马上停止。如果一个容器使用了重启规则,当容器处于restarting状态时,docker stop这个容器时有很低的概率会立即返回,容器仍然会在重启规则的作用下再次启动。 - 不能用docker restart重启加了--rm参数的容器。加了--rm参数的容器在退出时,容器会主动删除,如果重启一个加了--rm的参数的容器, 可能会导致一些异常情况,比如启动容器时,同时加了--rm与-ti参数,对容器执行restart操作,可能会概率性卡住无法退出。 ### docker stop/restart 指定t参数且t<0时,请确保自己容器的应用会处理stop信号 @@ -642,7 +642,7 @@ Docker在执行容器删除时,先停止容器的相关进程,之后将容 遇到该问题的时候,请对pause状态的容器使用docker inspect 命令查询 PidMode对应的父容器是否为需要docker stop的容器。如果是该容器,请使用docker unpause将子容器解除pause状态,指令即可继续执行。 -一般来说,导致该类问题的可能原因是容器对应的pid namespace由于进程残留导致无法被销毁。如果上述方法无法解决问题,可以通过借助linux工具,获取容器内残留进程,确定pid namespace中进程无法退出的原因,解决后容器就可以退出: +一般来说,导致该类问题的可能原因是容器对应的pid namespace由于进程残留导致无法被销毁。如果上述方法无法解决问题,可以借助linux工具,获取容器内残留进程,确定pid namespace中进程无法退出的原因,解决后容器就可以退出: - 获取容器pid namespace id @@ -686,7 +686,7 @@ docker exec进入容器执行的第一个命令为 bash 命令时,当退出 ex ### docker login -执行docker login后,会将usrer/passwd经 aes(256位)加密后保存在/root/.docker/config.json,同时生成 _root_.docker/aeskey\(权限0600\),用来解密/root/.docker/config.json中的 usrer/passwd。目前不能定时更新aeskey,只能由用户手动删除aeskey来更新。aeskey更新后,不管是否重启过docker daemon,都需要重新login,才可以push。例如: +执行docker login后,会将user/passwd经 aes(256位)加密后保存在/root/.docker/config.json,同时生成 _root_.docker/aeskey\(权限0600\),用来解密/root/.docker/config.json中的 user/passwd。目前不能定时更新aeskey,只能由用户手动删除aeskey来更新。aeskey更新后,不管是否重启过docker daemon,都需要重新login,才可以push。例如: ``` root@hello:~/workspace/dockerfile# docker login diff --git "a/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" index 23b7f49276f5739e2525259eb331e28fdd3856d4..3f93085c3f332b2532610c4a4c64380152e95ebf 100644 --- "a/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" @@ -253,7 +253,7 @@
    -其中有些子命令还有一些参数选项如docker run,通过docker COMMAND --help可以查看相应COMMAND命令的帮助,命令选项参考上文的命令选项约定。下面详细介绍每个命令的使用。 +其中有些子命令还有一些参数选项如docker run,通过docker COMMAND --help可以查看相应COMMAND命令的帮助,命令选项参考上文的命令选项约定。下面详细介绍每个命令的使用。 @@ -324,7 +324,7 @@ docker cp \[OPTIONS\] SRC\_PATH|- CONTAINER:DEST\_PATH 示例: -复制reigistry容器中/test目录到主机的/home/aaa目录中 +复制registry容器中/test目录到主机的/home/aaa目录中 ``` $ sudo docker cp registry:/test /home/aaa @@ -597,8 +597,8 @@ $ sudo docker cp registry:/test /home/aaa

    --net="bridge"

    设置容器的网络模式,当前1.3.0版本的docker有四个模式:bridge、host、none、container:<name|id>。默认使用的是bridge。

    -
    • bridge:使用桥接模式在docker daemon启动时使用的网桥上创建一个网络栈。
    • host:在容器内使用主机的网络栈
    • none:不使用网络
    • container:<name|id>:重复利用另外一个容器的网络栈
    +

    设置容器的网络模式,当前1.3.0版本的docker有四个模式:bridge、host、none、container:<name|id>。默认使用的是bridge。

    +
    • bridge:使用桥接模式在docker daemon启动时使用的网桥上创建一个网络栈。
    • host:在容器内使用主机的网络栈
    • none:不使用网络
    • container:<name|id>:重复利用另外一个容器的网络栈

    --no-healthcheck

    @@ -751,7 +751,7 @@ rpc Exec(ExecRequest) returns (ExecResponse) {} ### 注意事项 -执行执行一条单独的命令,也能打开终端与容器交互。stdin/stdout/stderr之一必须是真的。如果tty为真,stderr必须是假的。 不支持多路复用, 在这种情况下, stdout和stderr的输出将合并为单流。 +执行一条单独的命令,也能打开终端与容器交互。stdin/stdout/stderr之一必须是真的。如果tty为真,stderr必须是假的。 不支持多路复用,在这种情况下,stdout和stderr的输出将合并为单流。 ### 参数 @@ -888,7 +888,7 @@ busybox.tar 用法:**docker logs \[OPTIONS\] CONTAINER** -功能:抓取容器内的日志信息,容器可以使运行状态的也可以是停止状态的 +功能:抓取容器内的日志信息,容器可以是运行状态的也可以是停止状态的 选项: @@ -1092,9 +1092,9 @@ $ sudo docker restart busybox -f, \--force=false 强制删除运行中的容器 --l, \--link=false Remove the specified link and not the underlying container +-l, \--link=false 删除指定的链接,而不是底层容器 --v, \--volumes=false Remove the volumes associated with the container +-v, \--volumes=false 删除与容器关联的卷 示例: diff --git "a/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206.md" index a08a762216b753ad10e2902644b9976e6a0b3384..16066b8b36f9668ee314652207aa873ff87130c7 100644 --- "a/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206.md" @@ -27,7 +27,7 @@ ### 描述 -isula create 命令用于创建一个新的容器。容器引擎会使用指定的容器镜像创建容器读写层,或者使用指定的本地rootfs作为容器的运行环境。创建完成后,会将容器的ID输出到标准输出,后续可以使用isula start 命令启动该容器。新创建的容器状态为**inited**状态 +isula create 命令用于创建一个新的容器。容器引擎会使用指定的容器镜像创建容器读写层,或者使用指定的本地rootfs作为容器的运行环境。创建完成后,会将容器的ID输出到标准输出,后续可以使用isula start 命令启动该容器。新创建的容器状态为**inited**状态。 ### 用法 @@ -49,10 +49,15 @@ create命令支持参数参考下表。

    说明

    create

    +

    create

      

    --annotation

    +

    --add-host

    +

    添加自定义主机到IP的映射(host:ip)

    +

    --annotation

    设置容器的annotations。例如支持native.umask选项:

    --annotation native.umask=normal # 启动的容器umask值为0022
@@ -60,6 +65,21 @@ create命令支持参数参考下表。
 
    注意如果没有配置该参数,则使用isulad中的umask配置。

    --blkio-weight

    +

    Block IO(相对权重),在10和1000之间,或0禁用(默认为0)

    +

    --blkio-weight-device

    +

    Block IO权重(相对设备权重),格式为:DEVICE_NAME: weight,权重值在10到1000之间,或0表示禁用(默认0)

    +

    --cap-add

    +

    添加Linux权限功能

    +

    --cap-drop

    删除Linux 权限功能

    @@ -70,9 +90,24 @@ create命令支持参数参考下表。

    指定容器cgroup父路径

    --cpuset-cpus

    +

    --cpu-period

    允许执行的CPU(e.g. 0-3,0,1)

    +

    限制CPU CFS(完全公平调度器)的期限

    +

    --cpu-quota

    +

    限制CPU CFS(完全公平调度器)的配额

    +

    --cpu-rt-period

    +

    限制CPU实时周期(以微秒为单位)

    +

    --cpu-rt-runtime

    +

    限制CPU实时运行时间(以微秒为单位)

    --cpu-shares

    @@ -80,16 +115,51 @@ create命令支持参数参考下表。

    CPU份额(相对权重)

    --cpu-quota

    +

    --cpus

    限制CPU CFS(完全公平调度器)的配额

    +

    CPU数量

    +

    --cpuset-cpus

    +

    允许执行的CPU(e.g. 0-3,0,1)

    +

    --cpuset-mems

    +

    允许执行的内存(0-3,0,1)

    --device=[]

    +

    --device

    为容器添加一个主机设备

    --device-cgroup-rule

    +

    向cgroup允许的设备列表中添加一条规则

    +

    --device-read-bps

    +

    从设备限制读取速率(每秒字节数)

    +

    --device-read-iops

    +

    从设备限制读取速率(每秒IO)

    +

    --device-write-bps

    +

    限制设备的写入速率(每秒字节数)

    +

    --device-write-iops

    +

    限制写入到设备的速率(IO每秒)

    +

    --dns

    添加DNS服务器

    @@ -105,6 +175,11 @@ create命令支持参数参考下表。

    设定容器的搜索域

    --entrypoint

    +

    启动容器时要运行的入口点

    +

    -e, --env

    设置环境变量

    @@ -115,9 +190,9 @@ create命令支持参数参考下表。

    通过文件配置环境变量

    --entrypoint

    +

    --env-target-file

    启动容器时要运行的入口点

    +

    将环境变量导出到rootfs中的目标文件路径

    --external-rootfs=PATH

    @@ -180,24 +255,34 @@ create命令支持参数参考下表。

    指定要连接的iSulad socket文件路径

    --host-channel

    +

    在主机和容器之间创建共享内存

    +

    -h, --hostname

    容器主机名称

    --hugetlb-limit=[]

    +

    大页文件限制,例如:--hugetlb-limit 2MB:32MB

    +

    -i, --interactive

    即使没有连接到容器的标准输入,也要保持容器的标准输入打开

    --hugetlb-limit=[]

    +

    --ipc

    大页文件限制,例如:--hugetlb-limit 2MB:32MB

    +

    IPC命名空间使用

    --log-opt=[]

    +

    --kernel-memory

    日志驱动程序选项,默认禁用记录容器串口日志功能,可以通过"--log-opt disable-log=false"来开启。

    +

    内核内存限制

    -l,--label

    @@ -210,6 +295,16 @@ create命令支持参数参考下表。

    通过文件设置容器标签

    --log-driver

    +

    记录容器的驱动程序

    +

    --log-opt=[]

    +

    日志驱动程序选项,默认禁用记录容器串口日志功能,可以通过"--log-opt disable-log=false"来开启。

    +

    -m, --memory

    内存限制

    @@ -232,7 +327,17 @@ create命令支持参数参考下表。

    --mount

    挂载主机目录到容器中

    +

    挂载主机目录/卷/文件系统到容器中

    +

    --name=NAME

    +

    容器名

    +

    --net=none

    +

    容器连接到网络

    --no-healthcheck

    @@ -240,14 +345,24 @@ create命令支持参数参考下表。

    禁用健康检查配置

    --name=NAME

    +

    --ns-change-opt

    容器名

    +

    系统容器的命名空间内核参数选项

    --net=none

    +

    --oom-kill-disable

    容器连接到网络

    +

    禁用OOM

    +

    --oom-score-adj

    +

    调整主机的OOM偏好设置(-1000至1000)

    +

    --pid

    +

    要使用的PID命名空间

    --pids-limit

    @@ -260,6 +375,11 @@ create命令支持参数参考下表。

    给予容器扩展的特权

    --pull

    +

    运行前拉取镜像

    +

    -R, --runtime

    容器运行时,参数支持"lcr",忽略大小写,因此"LCR"和"lcr"是等价的

    @@ -276,11 +396,41 @@ create命令支持参数参考下表。

    系统容器支持--restart on-reboot

    --security-opt

    +

    安全选项

    +

    --shm-size

    +

    /dev/shm的大小,默认值为64MB

    +

    --stop-signal

    +

    信号停止容器,默认情况下为SIGTERM

    +

    --storage-opt

    配置容器的存储驱动选项

    --sysctl

    +

    设置sysctl选项

    +

    --system-container

    +

    启动系统容器

    +

    --tmpfs

    +

    挂载tmpfs目录

    +

    -t, --tty

    分配伪终端

    @@ -296,11 +446,36 @@ create命令支持参数参考下表。

    用户名或UID,格式[<name|uid>][:<group|gid>]

    --user-remap

    +

    映射用户到容器(用于系统容器)

    +

    --userns

    +

    启用'user-remap'选项时,为容器设置用户命令空间

    +

    --uts

    +

    设置PID namespace

    +

    -v, --volume=[]

    挂载一个卷

    --volumes-from=[]

    +

    使用指定的容器的挂载配置

    +

    --workdir

    +

    设置容器内的工作目录

    +
    @@ -328,7 +503,8 @@ create命令支持参数参考下表。 # isula create busybox fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 # isula ps -a -STATUS PID IMAGE COMMAND EXIT_CODE RESTART_COUNT STARTAT FINISHAT RUNTIME ID NAMES inited - busybox "sh" 0 0 - - lcr fd7376591a9c fd7376591a9c4521... +STATUS PID IMAGE COMMAND EXIT_CODE RESTART_COUNT STARTAT FINISHAT RUNTIME ID NAMES +inited - busybox "sh" 0 0 - - lcr fd7376591a9c fd7376591a9c4521... ``` ## 启动容器 @@ -357,21 +533,32 @@ start命令支持参数参考下表。

    说明

    start

    +

    start

    -H, --host

    指定要连接的iSulad socket文件路径

    -R, --runtime

    +

    -a, --attach

    +

    连接到容器的STDOUT和STDERR

    +

    -D, --debug

    +

    开启调试模式

    +

    --help

    容器运行时,参数支持"lcr",忽略大小写,因此"LCR"和"lcr"是等价的

    +

    打印帮助信息
    + ### 示例 启动一个新容器 @@ -406,7 +593,7 @@ run命令支持参数参考下表。

    说明

    run

    +

    run

    --annotation

    --add-host

    +

    添加自定义主机到IP的映射(host:ip)

    +

    --blkio-weight

    +

    Block IO(相对权重),在10和1000之间,或0禁用(默认为0)

    +

    --blkio-weight-device

    +

    Block IO权重(相对设备权重),格式为:DEVICE_NAME: weight,权重值在10到1000之间,或0表示禁用(默认0)

    +

    --cap-add

    添加Linux功能

    @@ -431,9 +633,24 @@ run命令支持参数参考下表。

    指定容器cgroup父路径

    --cpuset-cpus

    +

    --cpu-period

    +

    限制CPU CFS(完全公平调度器)的期限

    +

    --cpu-quota

    +

    限制CPU CFS(完全公平调度器)的配额

    +

    --cpu-rt-period

    +

    限制CPU实时周期(以微秒为单位)

    +

    --cpu-rt-runtime

    允许执行的CPU(e.g. 0-3,0,1)

    +

    限制CPU实时运行时间(以微秒为单位)

    --cpu-shares

    @@ -441,9 +658,19 @@ run命令支持参数参考下表。

    CPU份额(相对权重)

    --cpu-quota

    +

    --cpus

    +

    CPU数量

    +

    --cpuset-cpus

    +

    允许执行的CPU(e.g. 0-3,0,1)

    +

    --cpuset-mems

    限制CPU CFS(完全公平调度器)的配额

    +

    允许执行的内存(0-3,0,1)

    -d, --detach

    @@ -456,6 +683,31 @@ run命令支持参数参考下表。

    为容器添加一个主机设备

    --device-cgroup-rule

    +

    向cgroup允许的设备列表中添加一条规则

    +

    --device-read-bps

    +

    从设备限制读取速率(每秒字节数)

    +

    --device-read-iops

    +

    从设备限制读取速率(每秒IO)

    +

    --device-write-bps

    +

    限制设备的写入速率(每秒字节数)

    +

    --device-write-iops

    +

    限制写入到设备的速率(IO每秒)

    +

    --dns

    添加DNS服务器

    @@ -471,6 +723,11 @@ run命令支持参数参考下表。

    设定容器的搜索域

    --entrypoint

    +

    启动容器时要运行的入口点

    +

    -e, --env

    设置环境变量

    @@ -481,9 +738,9 @@ run命令支持参数参考下表。

    通过文件配置环境变量

    --entrypoint

    +

    --env-target-file

    启动容器时要运行的入口点

    +

    将环境变量导出到rootfs中的目标文件路径

    --external-rootfs=PATH

    @@ -546,6 +803,11 @@ run命令支持参数参考下表。

    指定要连接的iSulad socket文件路径

    --host-channel

    +

    在主机和容器之间创建共享内存

    +

    -h, --hostname

    容器主机名称

    @@ -561,6 +823,31 @@ run命令支持参数参考下表。

    即使没有连接到容器的标准输入,也要保持容器的标准输入打开

    --ipc

    +

    IPC命名空间使用

    +

    --kernel-memory

    +

    内核内存限制

    +

    -l,--label

    +

    为容器设置标签

    +

    --lablel-file

    +

    通过文件设置容器标签

    +

    --log-driver

    +

    设置日志驱动,支持syslog和json-file。

    +

    --log-opt=[]

    日志驱动程序选项,默认禁用记录容器串口日志功能,可以通过"--log-opt disable-log=false"来开启。

    @@ -591,19 +878,39 @@ run命令支持参数参考下表。

    挂载主机目录到容器中

    --name=NAME

    +

    容器名

    +

    --net=none

    +

    容器连接到网络

    +

    --no-healthcheck

    禁用健康检查配置

    --name=NAME

    +

    --ns-change-opt

    容器名

    +

    系统容器的命名空间内核参数选项

    --net=none

    +

    --oom-kill-disable

    容器连接到网络

    +

    禁用OOM

    +

    --oom-score-adj

    +

    调整主机的OOM偏好设置(-1000至1000)

    +

    --pid

    +

    要使用的PID命名空间

    --pids-limit

    @@ -616,6 +923,11 @@ run命令支持参数参考下表。

    给予容器扩展的特权

    --pull

    +

    运行前拉取镜像

    +

    -R, --runtime

    容器运行时,参数支持"lcr",忽略大小写,因此"LCR"和"lcr"是等价的

    @@ -637,9 +949,39 @@ run命令支持参数参考下表。

    当容器退出时自动清理容器

    --storage-opt

    +

    --security-opt

    +

    安全选项

    +

    --shm-size

    +

    /dev/shm的大小,默认值为64MB

    +

    --stop-signal

    配置容器的存储驱动选项

    +

    信号停止容器,默认情况下为SIGTERM

    +

    --storage-opt

    +

    配置容器的存储驱动选项

    +

    --sysctl

    +

    设置sysctl选项

    +

    --system-container

    +

    启动系统容器

    +

    --tmpfs

    +

    挂载tmpfs目录

    -t, --tty

    @@ -657,11 +999,36 @@ run命令支持参数参考下表。

    用户名或UID,格式[<name|uid>][:<group|gid>]

    --user-remap

    +

    映射用户到容器(用于系统容器)

    +

    --userns

    +

    启用'user-remap'选项时,为容器设置用户命令空间

    +

    --uts

    +

    设置PID namespace

    +

    -v, --volume=[]

    挂载一个卷

    --volumes-from=[]

    +

    使用指定的容器的挂载配置

    +

    --workdir

    +

    设置容器内的工作目录

    +
    @@ -670,13 +1037,13 @@ run命令支持参数参考下表。 - 容器父进程进程退出时,则对应的容器也自动退出。 - 创建普通容器时父进程不能为init,因为普通容器的权限不够,导致容器可以创建成功,但是attach进去的时候会卡住。 - 运行容器时,不指定--net,默认hostname为**localhost**。 -- 使用--files-limit参数传入一个很小的值,如1时,启动容器时,iSulad创建cgroup子组后先设置files.limit值,再将容器进程的PID写入该子组的cgroup.procs文件,此时容器进程已经打开超过1个句柄,因而写入报错导致启动失败启动容器会失败。 +- 使用--files-limit参数传入一个很小的值,如1时,启动容器时,iSulad创建cgroup子组后先设置files.limit值,再将容器进程的PID写入该子组的cgroup.procs文件,此时容器进程已经打开超过1个句柄,因而启动容器会失败。 - --mount参数和--volume参数同时存在时,如果目的路径有冲突,则--mount会在--volume之后挂载\(即将--volume中的挂载点覆盖掉\)。 备注:轻量级容器的参数中type支持bind或squashfs,当type=squashfs时,src是镜像的路径;原生docker的参数type支持bind、volume、tmpfs。 - restart重启策略不支持unless-stopped。 -- 以下三种情况与docker 返回值不一致,docker返回127,轻量级容器返回125 +- 以下三种情况与docker 返回值不一致,docker返回127,轻量级容器返回125 --device参数指定主机设备为不存在的设备 @@ -685,6 +1052,7 @@ run命令支持参数参考下表。 --entrypoint 参数指定不存在的入口参数 - 使用--volume参数时,由于容器启动时会对/dev/ptmx设备进行删除重建,因此请勿将/dev目录挂载至容器/dev目录,应使用--device对/dev下的设备在容器中进行挂载 +- 使用-it参数时,由于容器启动时会对/dev/ptmx设备进行删除重建,因此请勿将/dev目录挂载至容器/dev目录,应使用--device对/dev下的设备再容器中进行挂载。 - 禁止使用echo的方式向run命令的stdin输入数据,会导致客户端卡死。应该直接将echo的值作为命令行参数传给容器 ``` @@ -743,14 +1111,21 @@ run命令支持参数参考下表。 >第二种情况,先挂载/home/test2,然后挂载/home/test1。这种情况,第二次的挂载会把/mnt的内容替换为/home/test1的内容,这样第一次挂载的/home/test2到/mnt/abc的内容就看不到了。 >因此,不支持第一种使用方式;第二种使用用户需要了解这种数据无法访问的风险 +- 请谨慎配置/sys和/proc目录可写。 +/sys和/proc目录包含了linux维护内核参数、设备管理的接口,容器中配置该目录可写可能会导致容器逃逸。 +- 请谨慎配置容器与host共享namespace。 +比如--pid,--ipc, --uts,--net配置该参数为容器和host共享namespace空间,容器和host的namespace隔离没有了,在容器中可对host进行攻击。比如,使用—pid 和host共享pid namespace,容器中可以看到host上的进程pid号,可以随意杀死host的进程。 +- 请谨慎配置使用--device、-v 等可以挂载主机资源的参数,请勿将host的敏感目录或者设备,映射到容器中,以防止敏感信息泄漏。 +- 请谨慎使用--privileged选项启动容器,--privileged选项会导致容器权限过大,影响宿主机配置。 + >![](./public_sys-resources/icon-notice.gif) **须知:** - >- 高并发场景(并发启动200容器)下,glibc的内存管理机制会导致内存空洞以及虚拟内存较大(例如10GB)的问题。该问题是高并发场景下glibc内存管理机制的限制,而不是内存泄露,不会导致内存消耗无限增大。可以通过设置MALLOC\_ARENA\_MAX环境变量来减少虚拟内存的问题,而且可以增大减少物理内存的概率。但是这个环境变量会导致iSulad的并发性能下降,需要用户根据实际情况做配置。 + >- 高并发场景(并发启动200容器)下,glibc的内存管理机制会导致内存空洞以及虚拟内存较大(例如10GB)的问题。该问题是高并发场景下glibc内存管理机制的限制造成的,而不是内存泄露,不会导致内存消耗无限增大。可以通过设置MALLOC\_ARENA\_MAX环境变量来减少虚拟内存的问题,而且可以增大减少物理内存的概率。但是这个环境变量会导致iSulad的并发性能下降,需要用户根据实际情况做配置。 > ``` > 参考实践情况,平衡性能和内存,可以设置MALLOC_ARENA_MAX为4。(在arm64服务器上面对iSulad的性能影响在10%以内) > 配置方法: > 1. 手动启动iSulad的场景,可以直接export MALLOC_ARENA_MAX=4,然后再启动iSulad即可。 > 2. systemd管理iSulad的场景,可以修改/etc/sysconfig/iSulad,增加一条MALLOC_ARENA_MAX=4即可。 - > ``` + > ``` ### 示例 @@ -788,7 +1163,7 @@ stop命令支持参数参考下表。

    说明

    stop

    +

    stop

    -f, --force

    指定要连接的iSulad socket文件路径

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +

    -t, --time

    先优雅停止,超过这个时间,则强行终止

    @@ -819,11 +1204,11 @@ stop命令支持参数参考下表。 t<0 : 表示一直等待,不管多久都等待程序优雅退出,既然用户这么输入了,表示对自己的应用比较放心,认为自己的程序有 合理的stop信号的处理机制。 - t=0 : 表示不等,立即发送kill -9 到容器。 + t=0 : 表示不等待,立即发送kill -9 到容器。 t\>0 : 表示等一定的时间,如果容器还未退出,就发送kill -9 到容器。 - 所以如果用户使用t<0 (比如t=-1),请确保自己容器的应用会正确处理SIGTERM. 如果容器忽略了该信号,会导致isula stop一直卡住。 + 所以如果用户使用t<0 (比如t=-1),请确保自己容器的应用会正确处理SIGTERM。如果容器忽略了该信号,会导致isula stop一直卡住。 ### 示例 @@ -861,13 +1246,23 @@ kill命令支持参数参考下表。

    说明

    kill

    +

    kill

    -H, --host

    指定要连接的iSulad socket文件路径

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +

    -s, --signal

    发送给容器的信号

    @@ -911,16 +1306,21 @@ rm命令支持参数参考下表。

    说明

    rm

    +

    rm

    -f, --force

    强制移除正在运行的容器

    -H, --host

    +

    -D, --debug

    +

    开启调试模式

    +

    --help

    指定要连接的iSulad socket文件路径

    +

    打印帮助信息

    -v, --volume

    @@ -931,6 +1331,7 @@ rm命令支持参数参考下表。
    + ### 约束限制 - 在IO正常情况,空环境(只有1个容器)删除一个running容器的时间为T1,200个容器的环境(容器无大量IO操作,host IO正常)删除一个running容器所需时间为T2。T2的规格为:T2 = max \{ T1 \* 3, 5 \} 秒钟。 @@ -948,7 +1349,7 @@ fd7376591a9c3d8ee9a14f5d2c2e5255b02cc44cddaabca82170efd4497510e1 ### 描述 -isula attach命令用于将当前终端的标准输入、标准输出和标准错误连接到正在运行的容器。仅支持runtime类型为lcr的容器。 +isula attach命令用于将当前终端的标准输入、标准输出和标准错误连接到正在运行的容器。 ### 用法 @@ -1023,19 +1424,30 @@ rename命令支持参数参考下表。 **表 1** rename 命令参数列表 - - - + + + + + +

    命令

    + + + + + + + - - - + - + - @@ -1075,7 +1487,7 @@ exec命令支持参数参考下表。 - + + + + + + + + +

    命令

    +

    参数

    +

    说明

    +

    rename

    参数

    +

    --help

    说明

    +

    打印帮助信息

    rename

    +

    -H, --host

    +

    指定要连接的iSulad socket文件路径

    -H, --host

    +

    -D, --debug

    重命名容器

    +

    开启debug模式

    说明

    exec

    +

    exec

      

    -d, --detach

    @@ -1083,11 +1495,21 @@ exec命令支持参数参考下表。

    后台运行命令

    -D, --debug

    +

    开启调试模式

    +

    -e, --env

    设置环境变量(备注:目前iSulad尚不使用此功能)

    --help

    +

    打印帮助信息

    +

    -H, --host

    指定要连接的iSulad socket文件路径

    @@ -1108,6 +1530,11 @@ exec命令支持参数参考下表。

    指定用户登录容器执行命令

    --workdir

    +

    指定执行命令的工作目录,该功能只有runtime为lcr时才支持

    +
    @@ -1136,7 +1563,7 @@ exec命令支持参数参考下表。 isula exec后台执行的方式如下: - 使用**isula exec 脚本 & **的方式后台执行exec,如:isula exec container\_name script & ,isula exec 后台执行,执行的脚本中不断cat某一文件,正常时在当前终端有输出,如果在当前终端执行回车操作,客户端会因读IO失败而退出读stdout的动作,使终端不再输出,服务端由于进程仍然在cat文件,会继续往fifo的buffer里写入数据,当缓存写满时,容器内进程会卡死在write动作上。 + 使用**isula exec 脚本 &**的方式后台执行exec,如:isula exec container\_name script & ,isula exec 后台执行,执行的脚本中不断cat某一文件,正常时在当前终端有输出,如果在当前终端执行回车操作,客户端会因读IO失败而退出读stdout的动作,使终端不再输出,服务端由于进程仍然在cat文件,会继续往fifo的buffer里写入数据,当缓存写满时,容器内进程会卡死在write动作上。 - 轻量级容器使用exec执行带有管道操作的命令时,建议使用/bin/bash -c 方式执行该命令。 @@ -1216,7 +1643,7 @@ inspect命令支持参数参考下表。

    说明

    inspect

    +

    inspect

      

    -H, --host

    @@ -1224,6 +1651,16 @@ inspect命令支持参数参考下表。

    指定要连接的iSulad socket文件路径

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +

    -f, --format

    使用模板格式化输出

    @@ -1237,15 +1674,17 @@ inspect命令支持参数参考下表。
    -### 约束限制 - -- 轻量级容器不支持format为“\{ \{.State\} \}”的格式化输出,支持“\{ \{json .State\} \}”的json格式化输出。当inspect镜像时,不支持-f参数。 ### 示例 查询容器信息 ``` +# isula inspect -f '{{.State.Status} {{.State.Running}}}' c75284634bee +running +true + + # isula inspect c75284634bee [ { @@ -1399,7 +1838,7 @@ ps命令支持参数参考下表。

    说明

    ps

    +

    ps

      

      

      

    @@ -1410,6 +1849,16 @@ ps命令支持参数参考下表。

    显示所有的容器

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +

    -H, --host

    指定要连接的iSulad socket文件路径

    @@ -1479,13 +1928,23 @@ restart命令支持参数参考下表。

    说明

    restart

    +

    restart

    -H, --host

    指定要连接的iSulad socket文件路径

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +

    -t, --time

    先优雅停止,超过这个时间,则强行终止

    @@ -1546,16 +2005,21 @@ wait命令支持参数参考下表。

    说明

    wait

    +

    wait

    -H, --host

    指定要连接的iSulad socket文件路径

    /

    +

    -D, --debug

    +

    开启调试模式

    +

    --help

    阻塞,直到容器停止,然后打印退出代码

    +

    打印帮助信息

    说明

    top

    +

    top

      

    -H, --host

    @@ -1604,9 +2068,14 @@ top命令支持参数参考下表。

    指定要连接的iSulad socket文件路径

    /

    +

    -D, --debug

    查询运行容器的进程信息

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    说明

    stats

    +

    stats

      

      

    指定要连接的iSulad socket文件路径

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +

    -a, --all

    显示所有容器(默认只显示运行中的容器)

    @@ -1667,6 +2146,11 @@ stats命令支持参数参考下表。

    非流式方式的stats,只打印第一次结果

    --original

    +

    显示容器的原始数据信息,不进行统计计算

    +
    @@ -1683,7 +2167,7 @@ stats命令支持参数参考下表。 ### 描述 -isula logs用于获取容器的日志。仅支持runtime类型为lcr的容器。 +isula logs用于获取容器的日志。 ### 用法 @@ -1705,7 +2189,7 @@ logs命令支持参数参考下表。

    说明

    logs

    +

    logs

      

    -H, --host

    @@ -1713,6 +2197,16 @@ logs命令支持参数参考下表。

    指定要连接的iSulad socket文件路径

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +

    -f, --follow

    跟踪日志输出

    @@ -1723,6 +2217,11 @@ logs命令支持参数参考下表。

    显示日志行数

    -t, --timestamps

    +

    显示时间戳

    +
    @@ -1768,13 +2267,23 @@ cp命令支持参数参考下表。

    说明

    cp

    +

    cp

    -H, --host

    指定要连接的iSulad socket文件路径

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +
    @@ -1799,7 +2308,7 @@ cp命令支持参数参考下表。 ``` -- iSulad 在cp拷贝过程中,会将容器freeze住,在拷贝完成后,恢复容器运行。 +- cp命令仅供维护定位时使用,应避免在生产环境上线使用cp命令。 ### 示例 @@ -1815,16 +2324,16 @@ isula cp /test/host 21fac8bb9ea8:/test isula cp 21fac8bb9ea8:/www /tmp/ ``` -## 暂停容器 +## 暂停容器中所有的进程 ### 描述 -isula pause用于暂停容器中所有的进程,仅支持runtime类型为lcr的容器。 +isula pause用于暂停一个或者多个容器中的所有进程。 ### 用法 ``` -isula pause CONTAINER [CONTAINER...] +isula pause [OPTIONS] CONTAINER [CONTAINER...] ``` ### 参数 @@ -1837,13 +2346,23 @@ isula pause CONTAINER [CONTAINER...]

    说明

    pause

    +

    pause

    -H, --host

    指定要连接的iSulad socket文件路径

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +
    @@ -1862,16 +2381,16 @@ isula pause CONTAINER [CONTAINER...] 8fe25506fb5883b74c2457f453a960d1ae27a24ee45cdd78fb7426d2022a8bac ``` -## 恢复容器 +## 恢复容器容器中的所有进程 ### 描述 -isula unpause用于恢复容器中所有的进程, 为isula pause的逆过程,仅支持runtime类型为lcr的容器。 +isula unpause用于恢复一个或者多个容器中的所有进程, 为isula pause的逆过程。 ### 用法 ``` -isula unpause CONTAINER [CONTAINER...] +isula unpause [OPTIONS] CONTAINER [CONTAINER...] ``` ### 参数 @@ -1884,13 +2403,23 @@ isula unpause CONTAINER [CONTAINER...]

    说明

    pause

    +

    pause

    -H, --host

    指定要连接的iSulad socket文件路径

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +
    @@ -1911,7 +2440,7 @@ isula unpause CONTAINER [CONTAINER...] ### 描述 -isula events用于从服务端实时获取容器镜像生命周期、运行等事件消息, 仅支持runtime类型为lcr的容器。 +isula events用于从服务端获取实时事件。 ### 用法 @@ -1929,13 +2458,23 @@ isula events [OPTIONS]

    说明

    events

    +

    events

    -H, --host

    指定要连接的iSulad socket文件路径

    -D, --debug

    +

    开启调试模式

    +

    --help

    +

    打印帮助信息

    +

    -n, --name

    获取指定容器的事件消息

    @@ -1946,14 +2485,23 @@ isula events [OPTIONS]

    获取指定时间以来的事件消息

    -U, --until

    +

    获取到指定时间点位置的事件

    +
    +### 约束限制 +- 支持容器相关事件为:create、start、restart、stop、exec_create、exec_die、attach、kill、top、rename、archive-path、extract-to-dir、update、pause、unpause、export、resize。 +- 支持镜像相关事件为:load、remove、pull、login、logout。 + ### 示例 从服务端实时获取事件消息,命令示例如下: ``` -# isula events +# isula events ``` diff --git "a/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\345\212\250\346\200\201\347\256\241\347\220\206.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\345\212\250\346\200\201\347\256\241\347\220\206.md" index 5ab7230555dceebb3c97339c67f29bdee5687168..03a68e2e235591dbbb37731810075ed17d709ee1 100644 --- "a/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\345\212\250\346\200\201\347\256\241\347\220\206.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\345\212\250\346\200\201\347\256\241\347\220\206.md" @@ -1,5 +1,11 @@ # 容器资源动态管理 +- [容器资源动态管理](#容器资源动态管理.md) + - [设备管理](#设备管理) + - [网卡管理](#网卡管理) + - [路由管理](#路由管理) + - [挂卷管理](#挂卷管理) + 普通容器无法支持对容器内的资源进行管理,例如添加一个块设备到容器、插入一块物理/虚拟网卡到容器。系统容器场景下,通过syscontainer-tools工具可以实现动态为容器挂载/卸载块设备,网络设备,路由和卷等资源。 要使用此功能,需要安装syscontainer-tools工具: @@ -8,13 +14,6 @@ [root@localhost ~]# yum install syscontainer-tools ``` -- [容器资源动态管理](#容器资源动态管理.md) - - [设备管理](#设备管理) - - [网卡管理](#网卡管理) - - [路由管理](#路由管理) - - [挂卷管理](#挂卷管理) - - ## 设备管理 ### 功能描述 @@ -102,23 +101,22 @@ ARG:命令对应的参数。 ### 约束限制 -- 添加/删除设备的时机可以是容器实例非运行状态,完成操作后启动容器,容器内会有体现;也可以在容器运行时(running)动态添加。 -- 不能在容器内和host上并发进行fdisk对磁盘的格式化写入,会影响容器磁盘使用。 -- add-device将磁盘添加到容器的特定目录时,如果容器内的父目录为多级目录(比如/dev/a/b/c/d/e...)且目录层级不存在,则syscontainer-tools会自动在容器内创建对应目录;当删除时,不会将创建的父目录删除。如果用户下一次add-device到该父目录,则会提示已经存在无法添加成功。 -- add-device添加磁盘、更新磁盘参数时,配置磁盘Qos;当配置磁盘Qos的read/write bps、read/write IOPS值时,不建议配置值过小,当设置过小时,会造成磁盘表现为不可读(实际原因是速度过慢),最终影响业务功能。 -- 使用--blkio-weight-device来限制指定块设备的权重,如果当前块设备仅支持BFQ模式,可能会报错,提示用户检查当前OS环境是否支持BFQ块设备权重值设置。 +- 添加/删除设备的时机可以是容器实例非运行状态,完成操作后启动容器,容器内会有体现;也可以在容器运行时(running)动态添加。 +- 不能在容器内和host上并发进行fdisk对磁盘的格式化写入,会影响容器磁盘使用。 +- add-device将磁盘添加到容器的特定目录时,如果容器内的父目录为多级目录(比如/dev/a/b/c/d/e...)且目录层级不存在,则syscontainer-tools会自动在容器内创建对应目录;当删除时,不会将创建的父目录删除。如果用户下一次add-device到该父目录,则会提示已经存在无法添加成功。 +- add-device添加磁盘、更新磁盘参数时,配置磁盘Qos;当配置磁盘Qos的read/write bps、read/write IOPS值时,不建议配置值过小,当设置过小时,会造成磁盘表现为不可读(实际原因是速度过慢),最终影响业务功能。 +- 使用--blkio-weight-device来限制指定块设备的权重,如果当前块设备仅支持BFQ模式,可能会报错,提示用户检查当前OS环境是否支持BFQ块设备权重值设置。 ### 使用示例 -- 启动一个系统容器,指定hook spec为syscontainer hook执行配置脚本 +- 启动一个系统容器,指定hook spec为syscontainer hook执行配置脚本 ``` [root@localhost ~]# isula run -tid --hook-spec /etc/syscontainer-tools/hookspec.json --system-container --external-rootfs /root/root-fs none init eed1096c8c7a0eca6d92b1b3bc3dd59a2a2adf4ce44f18f5372408ced88f8350 ``` - -- 添加一个块设备到容器 +- 添加一个块设备到容器 ``` [root@localhost ~]# syscontainer-tools add-device ee /dev/sdb:/dev/sdb123 @@ -136,14 +134,14 @@ ARG:命令对应的参数。 /dev/sdb123p5 4096 104857599 104853504 50G 83 Linux ``` -- 更新设备信息 +- 更新设备信息 ``` [root@localhost ~]# syscontainer-tools update-device --device-read-bps /dev/sdb:10m ee Update read bps for device (/dev/sdb,10485760) done. ``` -- 删除设备 +- 删除设备 ``` [root@localhost ~]# syscontainer-tools remove-device ee /dev/sdb:/dev/sdb123 @@ -151,7 +149,6 @@ ARG:命令对应的参数。 Remove read bps for device (/dev/sdb) done. ``` - ## 网卡管理 ### 功能描述 @@ -220,43 +217,41 @@ container\_id:容器id。 ### 约束限制 -- 支持添加物理网卡(eth)和虚拟网卡(veth)两种类型。 -- 在添加网卡时可以同时对网卡进行配置,参数包括--ip/--mac/--bridge/--mtu/--qlen。 -- 支持最多添加8个物理网卡到容器。 -- 使用syscontainer-tools add-nic向容器添加eth网卡后,如果不加hook,在容器退出前必须手工将nic删除,否则在host上的eth网卡的名字会被更改成容器内的名字。 -- 对于物理网卡(1822 vf网卡除外),add-nic必须使用原mac地址,update-nic禁止修改mac地址,容器内也不允许修改mac地址。 -- 使用syscontainer-tools add-nic时,设置mtu值,设置范围跟具体的网卡型号有关。 -- 使用syscontainer-tools向容器添加网卡和路由时,建议先执行add-nic添加网卡,然后执行add-route添加路由;使用syscontainer-tools从容器删除网卡和路由时,建议先执行remove-route删除路由,然后执行remove-nic删除网卡。 -- 使用syscontainer-tools添加网卡时,一块网卡只能添加到一个容器中。 +- 支持添加物理网卡(eth)和虚拟网卡(veth)两种类型。 +- 在添加网卡时可以同时对网卡进行配置,参数包括--ip/--mac/--bridge/--mtu/--qlen。 +- 支持最多添加8个物理网卡到容器。 +- 使用syscontainer-tools add-nic向容器添加eth网卡后,如果不加hook,在容器退出前必须手工将nic删除,否则在host上的eth网卡的名字会被更改成容器内的名字。 +- 对于物理网卡(1822 vf网卡除外),add-nic必须使用原mac地址,update-nic禁止修改mac地址,容器内也不允许修改mac地址。 +- 使用syscontainer-tools add-nic时,设置mtu值,设置范围跟具体的网卡型号有关。 +- 使用syscontainer-tools向容器添加网卡和路由时,建议先执行add-nic添加网卡,然后执行add-route添加路由;使用syscontainer-tools从容器删除网卡和路由时,建议先执行remove-route删除路由,然后执行remove-nic删除网卡。 +- 使用syscontainer-tools添加网卡时,一块网卡只能添加到一个容器中。 ### 使用示例 -- 启动一个系统容器,指定hook spec为syscontainer hook执行配置脚本: +- 启动一个系统容器,指定hook spec为syscontainer hook执行配置脚本: ``` [root@localhost ~]# isula run -tid --hook-spec /etc/syscontainer-tools/hookspec.json --system-container --external-rootfs /root/root-fs none init 2aaca5c1af7c872798dac1a468528a2ccbaf20b39b73fc0201636936a3c32aa8 ``` - -- 添加一个虚拟网卡到容器 +- 添加一个虚拟网卡到容器 ``` [root@localhost ~]# syscontainer-tools add-nic --type "veth" --name abc2:bcd2 --ip 172.17.28.5/24 --mac 00:ff:48:13:xx:xx --bridge docker0 2aaca5c1af7c Add network interface to container 2aaca5c1af7c (bcd2,abc2) done ``` -- 添加一个物理网卡到容器 +- 添加一个物理网卡到容器 ``` [root@localhost ~]# syscontainer-tools add-nic --type "eth" --name eth3:eth1 --ip 172.17.28.6/24 --mtu 1300 --qlen 2100 2aaca5c1af7c Add network interface to container 2aaca5c1af7c (eth3,eth1) done ``` - >![](./public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >添加虚拟网卡或物理网卡时,请确保网卡处于空闲状态,添加正在使用的网卡会导致系统网络断开。 - ## 路由管理 ### 功能描述 @@ -333,35 +328,33 @@ ARG:命令对应的参数。 ### 约束限制 -- 使用syscontainer-tools向容器添加网卡和路由时,建议先执行add-nic添加网卡,然后执行add-route添加路由;使用syscontainer-tools从容器删除网卡和路由时,建议先执行remove-route删除路由,然后执行remove-nic删除网卡。 -- 向容器内添加路由规则时,需确保所添加的路由规则与容器内现有的路由规则不会产生冲突。 +- 使用syscontainer-tools向容器添加网卡和路由时,建议先执行add-nic添加网卡,然后执行add-route添加路由;使用syscontainer-tools从容器删除网卡和路由时,建议先执行remove-route删除路由,然后执行remove-nic删除网卡。 +- 向容器内添加路由规则时,需确保所添加的路由规则与容器内现有的路由规则不会产生冲突。 ### 使用示例 -- 启动一个系统容器,指定hook spec为syscontainer hook执行配置脚本: +- 启动一个系统容器,指定hook spec为syscontainer hook执行配置脚本: ``` [root@localhost ~]# isula run -tid --hook-spec /etc/syscontainer-tools/hookspec.json --system-container --external-rootfs /root/root-fs none init 0d2d68b45aa0c1b8eaf890c06ab2d008eb8c5d91e78b1f8fe4d37b86fd2c190b ``` - -- syscontainer-tools向系统容器添加一块物理网卡: +- syscontainer-tools向系统容器添加一块物理网卡: ``` [root@localhost ~]# syscontainer-tools add-nic --type "eth" --name enp4s0:eth123 --ip 172.17.28.6/24 --mtu 1300 --qlen 2100 0d2d68b45aa0 Add network interface (enp4s0) to container (0d2d68b45aa0,eth123) done ``` - -- syscontainer-tools添加一条路由规则到系统容器,注意格式需按照'\[\{"dest":"default", "gw":"192.168.10.1"\},\{"dest":"192.168.0.0/16","dev":"eth0","src":"192.168.1.2"\}\]'来配置。如果dest为空会自动填成default。 +- syscontainer-tools添加一条路由规则到系统容器,注意格式需按照'\[\{"dest":"default", "gw":"192.168.10.1"\},\{"dest":"192.168.0.0/16","dev":"eth0","src":"192.168.1.2"\}\]'来配置。如果dest为空会自动填成default。 ``` [root@localhost ~]# syscontainer-tools add-route 0d2d68b45aa0 '[{"dest":"172.17.28.0/32", "gw":"172.17.28.5","dev":"eth123"}]' Add route to container 0d2d68b45aa0, route: {dest:172.17.28.0/32,src:,gw:172.17.28.5,dev:eth123} done ``` -- 查看容器内是否新增一条路由规则: +- 查看容器内是否新增一条路由规则: ``` [root@localhost ~]# isula exec -it 0d2d68b45aa0 route @@ -371,7 +364,6 @@ ARG:命令对应的参数。 172.17.28.0 0.0.0.0 255.255.255.0 U 0 0 0 eth123 ``` - ## 挂卷管理 ### 功能描述 @@ -448,29 +440,28 @@ ARG:命令对应的参数。 ### 约束限制 -- 挂载目录(add-path)的时候必须要指定绝对路径。 -- 挂载目录(add-path)会在主机上生成/.sharedpath挂载点。 -- 最多可以向单个容器中添加128个volume,超过128后无法添加成功。 -- add-path不能将主机目录覆盖容器中的根目录目录(/),否则会造成功能影响。 +- 挂载目录(add-path)的时候必须要指定绝对路径。 +- 挂载目录(add-path)会在主机上生成/.sharedpath挂载点。 +- 最多可以向单个容器中添加128个volume,超过128后无法添加成功。 +- add-path不能将主机目录覆盖容器中的根目录(/),否则会造成功能影响。 ### 使用示例 -- 启动一个系统容器,指定hook spec为syscontainer hook执行配置脚本: +- 启动一个系统容器,指定hook spec为syscontainer hook执行配置脚本: ``` [root@localhost ~]# isula run -tid --hook-spec /etc/syscontainer-tools/hookspec.json --system-container --external-rootfs /root/root-fs none init e45970a522d1ea0e9cfe382c2b868d92e7b6a55be1dd239947dda1ee55f3c7f7 ``` - -- syscontainer-tools将宿主机某个目录挂载到容器,实现资源共享: +- syscontainer-tools将宿主机某个目录挂载到容器,实现资源共享: ``` [root@localhost ~]# syscontainer-tools add-path e45970a522d1 /home/test123:/home/test123 Add path (/home/test123) to container(e45970a522d1,/home/test123) done. ``` -- 宿主机目录/home/test123创建一个文件,然后在容器内查看文件是否可以访问: +- 宿主机目录/home/test123创建一个文件,然后在容器内查看文件是否可以访问: ``` [root@localhost ~]# echo "hello world" > /home/test123/helloworld @@ -479,7 +470,7 @@ ARG:命令对应的参数。 hello world ``` -- syscontainer-tools将挂载目录从容器内删除: +- syscontainer-tools将挂载目录从容器内删除: ``` [root@localhost ~]# syscontainer-tools remove-path e45970a522d1 /home/test123:/home/test123 @@ -488,5 +479,3 @@ ARG:命令对应的参数。 [root@localhost /]# ls /home/test123/helloworld ls: cannot access '/home/test123/helloworld': No such file or directory ``` - - diff --git "a/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" index ce610af5f7d2a3934630027b5f0497edd0291666..3def4cd71431f36e67a391d319f7a25fb93ad806 100644 --- "a/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" @@ -2,22 +2,35 @@ - [容器资源管理](#容器资源管理) + - [描述](#描述) - [资源共享](#资源共享) - - [限制运行时的CPU资源](#限制运行时的CPU资源) + - [限制运行时的CPU资源](#限制运行时的cpu资源) - [限制运行时的内存](#限制运行时的内存) - - [限制运行时的IO资源](#限制运行时的IO资源) + - [限制运行时的IO资源](#限制运行时的io资源) - [限制容器rootfs存储空间](#限制容器rootfs存储空间) - [限制容器内文件句柄数](#限制容器内文件句柄数) - [限制容器内可以创建的进程/线程数](#限制容器内可以创建的进程-线程数) - [配置容器内的ulimit值](#配置容器内的ulimit值) +## 描述 + +可以通过namespace和cgroup等功能实现对容器的资源管理。isula支持使用cgroup v1和cgroup v2实现对资源的限制,其中 +cgroup v2属于实验特性,不支持商用。当系统配置为只支持cgroup v2并将cgroup v2挂载到/sys/fs/cgroup目录时,isula使用 +cgroup v2来进行资源管理。无论是cgroup v1还是使用cgroup v2对容器资源进行管理,isula提供给用户实现资源限制的接口是 +一致的。 + ## 资源共享 ### 描述 容器间或者容器与host之间可以共享namespace信息,包括pid, net, ipc, uts。 +>![](./public_sys-resources/icon-note.gif) **说明:** +>当使用与主机共享namespace信息时,即缺少了对应的namespace隔离机制,在容器中可以查询、操作主机上的信息,存在安全 +隐患。比如使用--pid=host共享主机pid namespace时,即可以看到主机上其他进程信息,造成信息泄露,甚至直接kill杀死主机 +进程。请在确保安全的场景下,谨慎使用共享主机host namespace功能。 + ### 用法 isula create/run时使用namespace相关的参数共享资源,具体参数见下方参数列表。 @@ -137,6 +150,24 @@ create/run时可以指定下列参数。

    --cpu-rt-period

    +

    限制容器中cpu实时周期(以微秒为单位)

    +

    64位整数(int64)

    +

    +

    --cpu-rt-runtime

    +

    限制容器中cpu实时运行时间(以微秒为单位)

    +

    64位整数(int64)

    +

    +

    --cpuset-cpus

    限制容器中使用cpu节点

    @@ -347,7 +378,7 @@ create/run时指定--storage-opt参数。

    限制容器rootfs存储空间。

    rootfsSize解析出的大小为int64范围内以字节表示的正数,默认单位为B,也可指定为([kKmMgGtTpP])?[iI]?[bB]?$

    +

    rootfsSize解析出的大小为int64范围内以字节表示的正数,默认单位为B,也可指定为([kKmMgGtTpP])?[iI]?[bB]?$。(device mapper场景下最小取值为10G)

    说明

    login

    +

    login

      

      

    指定要连接的iSulad socket文件路径

    --help

    +

    打印帮助信息

    +

    -p, --password

    登录镜像仓库的密码

    @@ -56,13 +56,18 @@

    说明

    logout

    +

    logout

    -H, --host

    指定要连接的iSulad socket文件路径

    --help

    +

    打印帮助信息

    +
    @@ -78,13 +83,18 @@

    说明

    pull

    +

    pull

    -H, --host

    指定要连接的iSulad socket文件路径

    --help

    +

    打印帮助信息

    +
    @@ -100,7 +110,7 @@

    说明

    rmi

    +

    rmi

      

    -H, --host

    @@ -108,6 +118,16 @@

    指定要连接的iSulad socket文件路径

    --help

    +

    打印帮助信息

    +

    -D, --debug

    +

    开启调试模式

    +

    -f, --force

    强制移除镜像

    @@ -128,13 +148,23 @@

    说明

    load

    +

    load

    -H, --host (仅 isula支持)

    指定要连接的iSulad socket文件路径

    --help

    +

    打印帮助信息

    +

    -D, --debug

    +

    开启调试模式

    +

    -i, --input

    指定从哪里导入镜像。如果是docker类型,则为镜像压缩包路径,如果是embedded类型,则为镜像manifest路径。

    @@ -145,11 +175,6 @@

    不使用默认的镜像名称,而是使用TAG指定的名称,type为docker类型时支持该参数

    -t, --type

    -

    镜像类型,取值为embedded或docker(默认值)

    -
    @@ -165,7 +190,7 @@

    说明

    -

    images

    +

    images

      

    -H, --host

    @@ -173,6 +198,21 @@

    指定要连接的iSulad socket文件路径

    +

    --help

    + +

    打印帮助信息

    + + +

    -D, --debug

    + +

    开启调试模式

    + + +

    -f, --filter

    + +

    过滤出指定镜像信息

    + +

    -q, --quit

    只显示镜像名字

    @@ -194,13 +234,23 @@ -

    inspect

    +

    inspect

    -H, --host

    指定要连接的iSulad socket文件路径

    +

    --help

    + +

    打印帮助信息

    + + +

    -D, --debug

    + +

    开启调试模式

    + +

    -f, --format

    使用模板格式化输出

    @@ -214,6 +264,107 @@ +**表 8** tag命令参数列表 + + + + + + + + + + + + + + + + + +

    命令

    +

    参数

    +

    说明

    +

    tag

    +

    -H, --host

    +

    指定要连接的iSulad socket文件路径

    +

    --help

    +

    打印帮助信息

    +

    -D, --debug

    +

    开启调试模式

    +
    + +
    + +**表 9** import命令参数列表 + + + + + + + + + + + + + + + + + +

    命令

    +

    参数

    +

    说明

    +

    import

    +

    -H, --host

    +

    指定要连接的iSulad socket文件路径

    +

    --help

    +

    打印帮助信息

    +

    -D, --debug

    +

    开启调试模式

    +
    + +
    + +**表 10** export命令参数列表 + + + + + + + + + + + + + + + + + + + + +

    命令

    +

    参数

    +

    说明

    +

    export

    +

    -H, --host

    +

    指定要连接的iSulad socket文件路径

    +

    --help

    +

    打印帮助信息

    +

    -D, --debug

    +

    开启调试模式

    +

    -o, --output

    +

    导出到指定文件

    +
    + +
    + ## CNI配置参数 **表 1** CNI单网络配置参数 @@ -644,7 +795,7 @@

    可选

    -

    所需加入的的物理平面信息,为预先定义好的物理网络名称,与SNC体系中的呼应,输入两个平面名时,支持主备平面。例如:"phy_net1" 或 ["phy_net2","phy_net3"]

    +

    所需加入的物理平面信息,为预先定义好的物理网络名称,与SNC体系中的呼应,输入两个平面名时,支持主备平面。例如:"phy_net1" 或 ["phy_net2","phy_net3"]

    endpoint_policies

    @@ -728,4 +879,3 @@ - diff --git "a/docs/zh/docs/GCC/GCC\345\244\232\347\211\210\346\234\254\346\224\257\346\214\201\347\224\250\346\210\267\346\214\207\345\215\227.md" "b/docs/zh/docs/GCC/GCC\345\244\232\347\211\210\346\234\254\346\224\257\346\214\201\347\224\250\346\210\267\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..1d5107089657877f6d40ebbdfb8b518c1e2c37b0 --- /dev/null +++ "b/docs/zh/docs/GCC/GCC\345\244\232\347\211\210\346\234\254\346\224\257\346\214\201\347\224\250\346\210\267\346\214\207\345\215\227.md" @@ -0,0 +1,48 @@ +# GCC多版本支持用户指南 + +## 简介 + +为了保障操作系统的稳定性,一般在进行基础软件选型时不会选用最新的版本,而是倾向于使用相对稳定的版本,因此当前 openEuler 20.03 LTS 使用 GCC 7.3.0 作为基线进行开发。然而 GCC 7.3.0 无法支持 ARM v8.6 等新硬件特性。为了支持 ARM 新特性,设计双版本 GCC,对于需要使用 ARM v8.6 以上新特性的应用,可以使用多版本编译器 gcc-10 来支持编译构建。 + +## 安装与部署 + +### 软件要求 + +操作系统:openEuler 20.03 LTS SP4 + +### 硬件要求 + +aarch64架构 + +### 安装软件 + +为了和默认 GCC 安装做出区分,防止多版本GCC的安装和默认 GCC 的安装依赖库冲突,gcc-10 的多版本软件包名以“gcc-toolset-10-”为前缀,后面接上原有 GCC 软件包名。 + +默认编译器 gcc-7.3.1,安装路径为`/usr`: + +```shell +yum install -y gcc gcc-c++ +``` + +多版本编译器 gcc-10,安装路径为 `/opt/openEuler/gcc-toolset-10/root/usr/`: + +```shell +yum install -y gcc-toolset-10-gcc* +``` + +## 使用方法 + +gcc-10 多版本软件包安装在/opt/openEuler/gcc-toolset-10/root/usr/下,因此可使用如下命令使用软件包: + +```shell +export PATH=/opt/openEuler/gcc-toolset-10/root/usr/bin/:$PATH +export LD_LIBRARY_PATH=/opt/openEuler/gcc-toolset-10/root/usr/lib64/:$LD_LIBRARY_PATH +``` + +**注意:多版本编译器 gcc-10 仅支持 ARM v8.6 以上的新硬件特性,其他特性建议使用默认 gcc-7.3.1 防止发生未知编译错误。** + +## 兼容性说明 + +此节主要列出当前一些特殊场景下的兼容性问题。本项目持续迭代中,会尽快进行修复,也欢迎广大开发者加入。 + +当前 GCC 多版本方案仅适配 ARM v8.6 新特性,仅支持 aarch64 架构。 diff --git a/docs/zh/docs/GCC/overview.md b/docs/zh/docs/GCC/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..84a82e187149c7b4ea3b45529e1b4b25fdfbe9a8 --- /dev/null +++ b/docs/zh/docs/GCC/overview.md @@ -0,0 +1,3 @@ +# GCC for openEuler用户指南 + +GCC for openEuler编译器基于开源GCC(GNU Compiler Collection,GNU编译器套装)开发。开源GCC是一种支持多种编程语言的跨平台开源编译器,采用GPLv3(GNU General Public License, version 3)协议,是Linux系统上目前应用最广泛的C/C++编译器,基本被认为是跨平台编译器的事实标准。而GCC for openEuler在继承了开源GCC能力的基础上,聚焦于C、C++、Fortran语言的优化,增强自动反馈优化、软硬件协同、内存优化、自动向量化等特性,并适配国产硬件平台,如鲲鹏、飞腾、龙芯等,充分释放国产硬件算力。 diff --git "a/docs/zh/docs/HA/HA\347\232\204\344\275\277\347\224\250\345\256\236\344\276\213.md" "b/docs/zh/docs/HA/HA\347\232\204\344\275\277\347\224\250\345\256\236\344\276\213.md" new file mode 100644 index 0000000000000000000000000000000000000000..7c8ce9998eae74a53bc4b7c4eeafd36ff2a3370b --- /dev/null +++ "b/docs/zh/docs/HA/HA\347\232\204\344\275\277\347\224\250\345\256\236\344\276\213.md" @@ -0,0 +1,227 @@ +# HA使用实例 + +本章介绍如何快速使用HA高可用集群,以及添加一个实例。若不了解怎么安装,请参考[HA的安装与部署文档](./HA的安装与部署.md)。 + + + - [HA使用实例](#HA使用与实例) + - [快速使用指南](#快速使用指南) + - [登录页面](#登录页面) + - [主页面](#主页面) + - [导航栏](#导航栏) + - [顶部操作区](#顶部操作区) + - [资源节点列表区](#资源节点列表区) + - [节点操作浮动区](#节点操作浮动区) + - [首选项配置](#首选项配置) + - [添加资源](#添加资源) + - [添加普通资源](#添加普通资源) + - [添加组资源](#添加组资源) + - [添加克隆资源](#添加克隆资源) + - [编辑资源](#编辑资源) + - [设置资源关系](#设置资源关系) + - [高可用mysql实例配置](#高可用mysql实例配置) + - [配置虚拟IP](#配置虚拟ip) + - [配置NFS存储](#配置nfs存储) + - [配置mysql](#配置mysql) + - [添加上述资源为组资源](#添加上述资源为组资源) + - [FAQ](#faq) + + +## 快速使用指南 + +- 以下操作均以社区新开发的管理平台为例。 + +### 登录页面 +用户名为`hacluster`,密码为该用户在主机上设置的密码。 + +![](./figures/HA-api.png) + +### 主页面 +登录系统后显示主页面,主页面由四部分组成:侧边导航栏、顶部操作区、资源节点列表区以及节点操作浮动区。 + +以下将详细介绍这四部分的特点与使用方法。 + +![](./figures/HA-home-page.png) + +#### 导航栏 +侧边导航栏由两部分组成:高可用集群软件名称和 logo 以及系统导航。系统导航由三项组成:【系统】、【集群配置】和【工具】。【系统】是默认选项,也是主页面的对应项,主要展示系统中所有资源的相关信息以及操作入口;【集群配置】下设【首选项配置】和【心跳配置】两项;【工具】下设【日志下载】和【集群快捷操作】两项,点击后以弹出框的形式出现。 + +#### 顶部操作区 +登录用户是静态显示,鼠标滑过用户图标,出现操作菜单项,包括【刷新设置】和【退出登录】两项,点击【刷新设置】,弹出【刷新设置】对话框,包含【刷新设置】选项,可以设置系统的自动刷新模式,包括【不自动刷新】、【每 5 秒刷新】和【每 10 秒刷新】三种选择,默认选择【不自动刷新】、【退出登录】即可注销本次登录,系统将自动跳到登录页面,此时,如果希望继续访问系统,则需要重新进行登录。 + +![](./figures/HA-refresh.png) + +#### 资源节点列表区 +资源节点列表集中展现系统中所有资源的【资源名】、【状态】、【资源类型】、【服务】、【运行节点】等资源信息,以及系统中所有的节点和节点的运行情况等节点信息。同时提供资源的【添加】、【编辑】、【启动】、【停止】、【清理】、【迁移】、【回迁】、【删除】和【关系】操作。 + +#### 节点操作浮动区 +节点操作浮动区域默认是收起的状态,每当点击资源节点列表表头中的节点时,右侧会弹出节点操作扩展区域,如图所示,该区域由收起按钮、节点名称、停止和备用四个部分组成,提供节点的【停止】和【备用】操作。点击区域左上角的箭头,该区域收起。 + +### 首选项配置 +以下操作均可用命令行配置,现只做简单示例,若想使用更多命令可以使用``pcs --help``进行查询。 + +``` +# pcs property set stonith-enabled=false +# pcs property set no-quorum-policy=ignore +``` +``pcs property``查看全部设置。 + +![](./figures/HA-firstchoice-cmd.png) + +- 点击侧边导航栏中的【首选项配置】按钮,弹出【首选项配置】对话框。将No Quorum Policy和Stonith Enabled由默认状态改为如下对应状态;修改完成后,点击【确定】按钮完成配置。 + +![](./figures/HA-firstchoice.png) + +#### 添加资源 +##### 添加普通资源 +鼠标点击【添加普通资源】,弹出【创建资源】对话框,其中资源的所有必填配置项均在【基本】页面内,选择【基本】页面内的【资源类型】后会进一步给出该类资源的其他必填配置项以及选填配置项。填写资源配置信息时,对话框右侧会出现灰色文字区域,对当前的配置项进行解释说明。全部必填项配置完毕后,点击【确定】按钮即可创建普通资源,点击【取消】按钮,取消本次添加动作。【实例属性】、【元属性】或者【操作属性】页面中的选填配置项为选填项,不配置不会影响资源的创建过程,可以根据场景需要可选择修改,否则将按照系统默认值处理。 + +下面以apache为例,添加apache资源。 +``` +# pcs resource create httpd ocf:heartbeat:apache +``` +查看资源运行状态。 +``` +# pcs status +``` + +![](./figures/HA-pcs-status.png) + +- 添加apache资源。 + +![](./figures/HA-add-resource.png) +- 若回显为如下,则资源添加成功。 + +![](./figures/HA-apache-suc.png) +- 资源创建成功并启动,运行于其中一个节点上,例如ha1;成功访问apache界面。 + +![](./figures/HA-apache-show.png) + +##### 添加组资源 +添加组资源时,集群中需要至少存在一个普通资源。鼠标点击【添加组资源】,弹出【创建资源】对话框。【基本】页面内均为必填项,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + +- **注:组资源的启动是按照子资源的顺序启动的,所以选择子资源时需要注意按照顺序选择。** + +![](./figures/HA-group.png) + +若回显为如下,则资源添加成功。 + +![](./figures/HA-group-suc.png) + +##### 添加克隆资源 +鼠标点击【添加克隆资源】,弹出【创建资源】对话框。【基本】页面内填写克隆对象,资源名称会自动生成,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + +![](./figures/HA-clone.png) + +若回显为如下,则资源添加成功。 + +![](./figures/HA-clone-suc.png) +#### 编辑资源 +- 启动资源:资源节点列表中选中一个目标资源,要求:该资源处于非运行状态。对该资源执行启动动作。 +- 停止资源:资源节点列表中选中一个目标资源,要求:该资源处于运行状态。对该资源执行停止操作。 +- 清理资源:资源节点列表中选中一个目标资源,对该资源执行清理操作。 +- 迁移资源:资源节点列表中选中一个目标资源,要求:该资源为处于运行状态的普通资源或者组资源,执行迁移操作可以将资源迁移到指定节点上运行。 +- 回迁资源:资源节点列表中选中一个目标资源,要求:该资源已经完成迁移动作,执行回迁操作,可以清除该资源的迁移设置,资源重新迁回到原来的节点上运行。 +点击按钮后,列表中该资源项的变化状态与启动资源时一致。 +- 删除资源:资源节点列表中选中一个目标资源,对该资源执行删除操作。 + +#### 设置资源关系 +资源关系即为目标资源设定限制条件,资源的限制条件分为三种:资源位置、资源协同和资源顺序。 +- 资源位置:设置集群中的节点对于该资源的运行级别,由此确定启动或者切换时资源在哪个节点上运行,运行级别按照从高到低的顺序依次为:Master Node、Slave 1。 +- 资源协同:设置目标资源与集群中的其他资源是否运行在同一节点上,同节点资源表示该资源与目标资源必须运行在相同节点上,互斥节点资源表示该资源与目标资源不能运行在相同的节点上。 +- 资源顺序:设置目标资源与集群中的其他资源启动时的先后顺序,前置资源是指目标资源运行之前,该资源必须已经运行;后置资源是指目标资源运行之后,该资源才能运行。 + +## 高可用mysql实例配置 +- 先单独配置三个普通资源,待成功后添加为组资源。 +### 配置虚拟IP +在首页中点击添加-->添加普通资源,并按如下进行配置。 + +![](./figures/HA-vip.png) + +- 资源创建成功并启动,运行于其中一个节点上,例如ha1;可以ping通并连接,登录后可正常执行各种操作;资源切换到ha2运行;能够正常访问。 +- 若回显为如下,则资源添加成功。 + +![](./figures/HA-vip-suc.png) + +设置资源位置(每个资源都需要设置),以vip资源为例。 + +![](./figures/HA-resource-location.png) + +### 配置NFS存储 +- 另外找一台机器作为nfs服务端进行配置 + +安装软件包 + +``` +# yum install -y nfs-utils rpcbind +``` +关闭防火墙 +``` +# systemctl stop firewalld && systemctl disable firewalld +``` +修改/etc/selinux/config文件中SELINUX状态为disabled,修改后重启环境,使selinux生效 +``` +# SELINUX=disabled +``` +启动服务 +``` +# systemctl start rpcbind && systemctl enable rpcbind +# systemctl start nfs-server && systemctl enable nfs-server +``` +服务端创建一个共享目录 +``` +# mkdir -p /test +``` +修改NFS配置文件 +``` +# vim /etc/exports +# /test *(rw,no_root_squash) +``` +重新加载服务 +``` +# systemctl reload nfs +``` + +客户端安装软件包,先把mysql安装上,为了把下面nfs挂载到mysql数据路径 +``` +# yum install -y nfs-utils mariadb-server +``` +在首页中点击添加-->添加普通资源,并按如下进行配置NFS资源。 + +![](./figures/HA-nfs.png) + +- 资源创建成功并启动,运行于其中一个节点上,例如ha1;nfs成功挂载到/var/lib/mysql路径下。资源切换到ha2运行;nfs从ha1节点取消挂载,并自动在ha2节点上挂载成功。 +- 若回显为如下,则资源添加成功。 + +![](./figures/HA-nfs-suc.png) + +### 配置mysql +在首页中点击添加-->添加普通资源,并按如下进行配置mysql资源。 + +![](./figures/HA-mariadb.png) + +配置操作属性 + +![](./figures/HA-operational-attributes.png) + +- 若回显为如下,则资源添加成功。 + +![](./figures/HA-mariadb-suc.png) + +### 添加上述资源为组资源 +- 按资源启动顺序添加三个资源,需要先停止vip、nfs、mariadb资源。 + +在首页中点击添加-->添加组资源,并按如下进行配置组资源。 + +![](./figures/HA-group-new.png) + +- 组资源创建成功并启动,若回显与上述三个普通资源成功现象一致,则资源添加成功。 + +![](./figures/HA-group-new-suc.png) + +- 将ha1节点备用,成功迁移到ha2节点,运行正常。 + +![](./figures/HA-group-new-suc2.png) + +## FAQ +1. fence_virtd服务停止失败。 + - fence_virtd服务依赖于libvirtd服务启动,在使用fence_virtd服务前请手动确认并拉起libvirtd即可正常使用。 diff --git "a/docs/zh/docs/HA/HA\347\232\204\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" "b/docs/zh/docs/HA/HA\347\232\204\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" new file mode 100644 index 0000000000000000000000000000000000000000..f1b08acaa4f93d92c0a42489d46381973ad9e538 --- /dev/null +++ "b/docs/zh/docs/HA/HA\347\232\204\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" @@ -0,0 +1,216 @@ +# HA的安装与部署 + +本章介绍如何安装和部署HA高可用集群。 + +## 安装与部署 + +- 环境准备:需要至少两台安装了openEuler 20.03 LTS SP4的物理机/虚拟机(现以两台为例),安装方法参考《[openEuler 20.03 LTS SP4 安装指南](./../Installation/installation.md)》。 + +### 修改主机名称及/etc/hosts文件 + +- **注:两台主机均需要进行以下操作,现以其中一台为例。** + +在使用HA软件之前,需要确认修改主机名并将所有主机名写入/etc/hosts文件中。 + +- 修改主机名 + +```sh +# hostnamectl set-hostname ha1 +``` + +- 编辑`/etc/hosts`文件并写入以下字段 + +```conf +172.30.30.65 ha1 +172.30.30.66 ha2 +``` + +### 配置yum源 + +成功安装系统后,会默认配置好yum源,文件位置存放在`/etc/yum.repos.d/openEuler.repo`文件中,HA软件包会用到以下源: + +```conf +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler + +[everything] +name=everything +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/RPM-GPG-KEY-openEuler + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/main/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### 安装HA软件包组件 + +```sh +# yum install -y corosync pacemaker pcs fence-agents fence-virt corosync-qdevice sbd drbd +``` + +### 设置hacluster用户密码 + +```sh +# passwd hacluster +``` + +### 修改`/etc/corosync/corosync.conf`文件 + +```conf +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: none + crypto_hash: none +} +logging { + fileline: off + to_stderr: yes + to_logfile: yes + logfile: /var/log/cluster/corosync.log + to_syslog: yes + debug: on + logger_subsys { + subsys: QUORUM + debug: on + } +} +quorum { + provider: corosync_votequorum + expected_votes: 2 + two_node: 1 + } +nodelist { + node { + name: ha1 + nodeid: 1 + ring0_addr: 172.30.30.65 + } + node { + name: ha2 + nodeid: 2 + ring0_addr: 172.30.30.66 + } + } +``` + +### 管理服务 + +#### 关闭防火墙 + +```sh +# systemctl stop firewalld +# systemctl disable firewalld +``` + +修改/etc/selinux/config文件中SELINUX状态为disabled + +```conf +# SELINUX=disabled +``` + +重启系统,以保证SELINUX设置生效。 + +```sh +# reboot +``` + +#### 管理pcs服务 + +- 启动pcs服务: + +```sh +# systemctl start pcsd +``` + +- 使能pcs服务开机启动: + +```sh +# systemctl enable pcsd +``` + +- 查询pcs服务状态: + +```sh +# systemctl status pcsd +``` + +若回显为如下,则服务启动成功。 + +![](./figures/HA-pcs.png) + +#### 管理pacemaker服务 + +- 启动pacemaker服务: + +```sh +# systemctl start pacemaker +``` + +- 查询pacemaker服务状态: + +```sh +# systemctl status pacemaker +``` + +若回显为如下,则服务启动成功。 + +![](./figures/HA-pacemaker.png) + +#### 管理corosync服务 + +- 启动corosync服务: + +```sh +# systemctl start corosync +``` + +- 查询corosync服务状态: + +```sh +# systemctl status corosync +``` + +若回显为如下,则服务启动成功。 + +![](./figures/HA-corosync.png) + +### 节点鉴权 + +- **注:一个节点上执行即可** + +```sh +使用pcs认证各节点的用户名和密码。 + +# pcs host auth ha1 ha2 +Username: hacluster +Password: +ha1: Authorized +ha2: Authorized +``` + +### 访问前端管理平台 + +上述服务启动成功后,打开浏览器(建议使用:Chrome,Firefox),在浏览器导航栏中输入`https://localhost:2224`即可。 + +- 此界面为原生管理平台 + +![](./figures/HA-login.png) + +若安装社区新开发的管理平台请参考此文档。 + +- 下面为社区新开发的管理平台 + +![](./figures/HA-api.png) + +- 下一章将介绍如何快速使用HA高可用集群,以及添加一个实例。请参考[HA的使用实例文档](./HA的使用实例.md)。 diff --git a/docs/zh/docs/HA/figures/HA-add-resource.png b/docs/zh/docs/HA/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-add-resource.png differ diff --git a/docs/zh/docs/HA/figures/HA-apache-show.png b/docs/zh/docs/HA/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-apache-show.png differ diff --git a/docs/zh/docs/HA/figures/HA-apache-suc.png b/docs/zh/docs/HA/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-apache-suc.png differ diff --git a/docs/zh/docs/HA/figures/HA-api.png b/docs/zh/docs/HA/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-api.png differ diff --git a/docs/zh/docs/HA/figures/HA-clone-suc.png b/docs/zh/docs/HA/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-clone-suc.png differ diff --git a/docs/zh/docs/HA/figures/HA-clone.png b/docs/zh/docs/HA/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-clone.png differ diff --git a/docs/zh/docs/HA/figures/HA-corosync.png b/docs/zh/docs/HA/figures/HA-corosync.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-corosync.png differ diff --git a/docs/zh/docs/HA/figures/HA-firstchoice-cmd.png b/docs/zh/docs/HA/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-firstchoice-cmd.png differ diff --git a/docs/zh/docs/HA/figures/HA-firstchoice.png b/docs/zh/docs/HA/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-firstchoice.png differ diff --git a/docs/zh/docs/HA/figures/HA-group-new-suc.png b/docs/zh/docs/HA/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-group-new-suc.png differ diff --git a/docs/zh/docs/HA/figures/HA-group-new-suc2.png b/docs/zh/docs/HA/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-group-new-suc2.png differ diff --git a/docs/zh/docs/HA/figures/HA-group-new.png b/docs/zh/docs/HA/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-group-new.png differ diff --git a/docs/zh/docs/HA/figures/HA-group-suc.png b/docs/zh/docs/HA/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-group-suc.png differ diff --git a/docs/zh/docs/HA/figures/HA-group.png b/docs/zh/docs/HA/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-group.png differ diff --git a/docs/zh/docs/HA/figures/HA-home-page.png b/docs/zh/docs/HA/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-home-page.png differ diff --git a/docs/zh/docs/HA/figures/HA-login.png b/docs/zh/docs/HA/figures/HA-login.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-login.png differ diff --git a/docs/zh/docs/HA/figures/HA-mariadb-suc.png b/docs/zh/docs/HA/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-mariadb-suc.png differ diff --git a/docs/zh/docs/HA/figures/HA-mariadb.png b/docs/zh/docs/HA/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-mariadb.png differ diff --git a/docs/zh/docs/HA/figures/HA-nfs-suc.png b/docs/zh/docs/HA/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-nfs-suc.png differ diff --git a/docs/zh/docs/HA/figures/HA-nfs.png b/docs/zh/docs/HA/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-nfs.png differ diff --git a/docs/zh/docs/HA/figures/HA-operational-attributes.png b/docs/zh/docs/HA/figures/HA-operational-attributes.png new file mode 100644 index 0000000000000000000000000000000000000000..0938f11d3f2e170966e11b3594b9d1b64cbcd1dd Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-operational-attributes.png differ diff --git a/docs/zh/docs/HA/figures/HA-pacemaker.png b/docs/zh/docs/HA/figures/HA-pacemaker.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-pacemaker.png differ diff --git a/docs/zh/docs/HA/figures/HA-pcs-status.png b/docs/zh/docs/HA/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-pcs-status.png differ diff --git a/docs/zh/docs/HA/figures/HA-pcs.png b/docs/zh/docs/HA/figures/HA-pcs.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-pcs.png differ diff --git a/docs/zh/docs/HA/figures/HA-refresh.png b/docs/zh/docs/HA/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-refresh.png differ diff --git a/docs/zh/docs/HA/figures/HA-resource-location.png b/docs/zh/docs/HA/figures/HA-resource-location.png new file mode 100644 index 0000000000000000000000000000000000000000..7faed091efda7956dc23c958062f679ac7f9d422 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-resource-location.png differ diff --git a/docs/zh/docs/HA/figures/HA-vip-suc.png b/docs/zh/docs/HA/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-vip-suc.png differ diff --git a/docs/zh/docs/HA/figures/HA-vip.png b/docs/zh/docs/HA/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/zh/docs/HA/figures/HA-vip.png differ diff --git a/docs/zh/docs/HA/ha.md b/docs/zh/docs/HA/ha.md new file mode 100644 index 0000000000000000000000000000000000000000..f03d1cf42d7fdeeecd41c312ce27e452d596e424 --- /dev/null +++ b/docs/zh/docs/HA/ha.md @@ -0,0 +1,3 @@ +# HA 用户指南 + +本节主要描述HA的安装和使用。 \ No newline at end of file diff --git a/docs/zh/docs/Installation/FAQ-1.md b/docs/zh/docs/Installation/FAQ-1.md new file mode 100644 index 0000000000000000000000000000000000000000..359d8c23fe65b0a24fbad4b89396fee9e7b20511 --- /dev/null +++ b/docs/zh/docs/Installation/FAQ-1.md @@ -0,0 +1,54 @@ +# FAQ + + +- [FAQ](#faq) + - [树莓派启动失败](#树莓派启动失败) + - [nmcli 命令连接 WIFI 失败](#nmcli-命令连接-wifi-失败) + + + +## 树莓派启动失败 + +### 问题现象 + +将 openEuler 发布的树莓派镜像刷写入 SD 卡后,树莓派启动失败。 + +### 原因分析 + +刷写 openEuler 发布的树莓派镜像后,树莓派启动失败,大致有以下几种情况: + +1. 下载的镜像文件不完整,请确保该镜像通过完整性校验。 +2. 镜像写入 SD 卡过程中出现问题,多出现在 Windows 环境下使用应用软件刷写镜像到 SD 卡的情况。 + +### 解决方法 + +将完整的镜像重新刷写入 SD 卡。 + +## nmcli 命令连接 WIFI 失败 + +### 问题现象 + +执行 `nmcli dev wifi connect SSID password PWD` 命令连接 WIFI 失败。例如提示 `Error: Connection activation failed: (7) Secrets were required, but not provided.` 等错误。 + +### 原因分析 + +执行的命令缺少密码。注意,如果密码中包含特殊字符,需要使用单引号将密码括起来。如果使用 nmcli 命令行连接 WIFI 失败,建议使用 nmtui 字符界面进行连接。 + +### 解决方法 + +执行 `nmtui` 命令进入到 nmtui 字符界面,按照以下步骤连接 WIFI。 + +1. 选择 `Edit a connection`,按 `Enter` 进入编辑网络连接窗口。 +2. 按下键盘右方向键选择 `Add`,按 `Enter` 进入新建网络连接窗口。 +3. 连接类型选择 `Wi-Fi` ,然后按下键盘右方向键选择 `Create`,按 `Enter` 进入 WIFI 编辑连接信息的界面。 +4. WIFI 连接信息界面主要需要编辑以下内容,其他信息根据实际情况而定。编辑结束后选择 `OK`,按 `Enter` 完成编辑并回退到编辑网络连接窗口。 + 1. `Profile name` 栏输入该 WIFI 连接的名称,这里可以使用默认名称,如 `Wi-Fi connection 1`; + 2. `Device` 栏输入要使用的无线网卡接口,这里输入 `wlan0`; + 3. `SSID` 栏输入要连接的 WIFI 的 SSID; + 4. `Security` 栏选择 WIFI 密码加密方式,这里根据实际情况选择,例如选择 `WPA & WPA2 Personal`; + 5. `Password` 栏输入 WIFI 密码。 + +5. 选择 `Back` 回退到最初的 nmtui 字符界面。 +6. 选择 `Activate a connection`,按 `Enter` 进入激活网络连接窗口。 +7. 查看添加的 WIFI 连接是否已激活(已激活的连接名称前有 `*` 标记)。如果未激活,选择该 WIFI 连接,然后按下键盘右方向键选择 `Activate`,按 `Enter` 激活该连接。待激活完成后,选择 `Back`,按 `Enter` 退出该激活界面,回退到最初的 nmtui 字符界面。 +8. 选择 `Quit`,然后按下键盘右方向键选择 `OK`,按 `Enter` 退出 nmtui 字符界面。 \ No newline at end of file diff --git a/docs/zh/docs/Installation/FAQ.md b/docs/zh/docs/Installation/FAQ.md index cc9423cede029d01d5dee611c35e9775e14d7098..d97959d74179962e6c7630ec59457f1b8c4303c1 100644 --- a/docs/zh/docs/Installation/FAQ.md +++ b/docs/zh/docs/Installation/FAQ.md @@ -1,16 +1,4 @@ # FAQ - - -- [FAQ](#faq) - - [安装openEuler时选择第二盘位为安装目标,操作系统无法启动](#安装openeuler时选择第二盘位为安装目标操作系统无法启动) - - [openEuler开机后进入emergency模式](#openeuler开机后进入emergency模式) - - [系统中存在无法激活的逻辑卷组时,重装系统失败](#系统中存在无法激活的逻辑卷组时重装系统失败) - - [选择安装源出现异常](#选择安装源出现异常) - - [如何手动开启kdump服务](#如何手动开启kdump服务) - - [多块磁盘组成逻辑卷安装系统后,再次安装不能只选其中一块磁盘](#多块磁盘组成逻辑卷安装系统后再次安装不能只选其中一块磁盘) - - [x86物理机UEFI模式由于security boot安全选项问题无法安装](#x86物理机uefi模式由于security-boot安全选项问题无法安装) - - ## 安装openEuler时选择第二盘位为安装目标,操作系统无法启动 @@ -22,8 +10,8 @@ 当安装系统到第二块磁盘时,MBR和GRUB会默认安装到第二块磁盘sdb。这样会有下面两种情况: -1. 如果第一块磁盘中有完整系统,则加载第一块磁盘中的系统启动。 -2. 如果第一块磁盘中没有完好的操作系统,则会导致硬盘启动失败。 +1. 如果第一块磁盘中有完整系统,则加载第一块磁盘中的系统启动。 +2. 如果第一块磁盘中没有完好的操作系统,则会导致硬盘启动失败。 以上两种情况都是因为BIOS默认从第一块磁盘sda中加载引导程序启动系统,如果sda没有系统,则会导致启动失败。 @@ -31,9 +19,8 @@ 有以下两种解决方案: -- 当系统处于安装过程中,在选择磁盘(选择第一块或者两块都选择)后,指定引导程序安装到第一块盘sda中。 -- 当系统已经安装完成,若BIOS支持选择从哪个磁盘启动,则可以通过修改BIOS中磁盘启动顺序,尝试重新启动系统。 - +- 当系统处于安装过程中,在选择磁盘(选择第一块或者两块都选择)后,指定引导程序安装到第一块盘sda中。 +- 当系统已经安装完成,若BIOS支持选择从哪个磁盘启动,则可以通过修改BIOS中磁盘启动顺序,尝试重新启动系统。 ## openEuler开机后进入emergency模式 @@ -51,17 +38,16 @@ openEuler系统开机后进入emergency模式,如下图所示: ### 解决方法 -1. 用户直接输入root账号的密码,登录系统。 -2. 使用fsck工具,检测并修复文件系统,然后重启。 - - >![](./public_sys-resources/icon-note.gif) **说明:** - >fsck(file system check)用来检查和维护不一致的文件系统。若系统掉电或磁盘发生问题,可利用fsck命令对文件系统进行检查。 用户可以通过“fsck.ext3 -h”、“fsck.ext4 -h”命令查看fsck的使用方法。 +1. 用户直接输入root帐号的密码,登录系统。 +2. 使用fsck工具,检测并修复文件系统,然后重启。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > fsck(file system check)用来检查和维护不一致的文件系统。若系统掉电或磁盘发生问题,可利用fsck命令对文件系统进行检查。 用户可以通过“fsck.ext3 -h”、“fsck.ext4 -h”命令查看fsck的使用方法。 另外,如果用户需要取消磁盘挂载超时时间,可以直接在“/etc/fstab”文件中添加“x-systemd.device-timeout=0”。如下: -``` -# +```sh # /etc/fstab # Created by anaconda on Mon Sep 14 17:25:48 2015 # @@ -88,40 +74,38 @@ UUID=afcc811f-4b20-42fc-9d31-7307a8cfe0df /boot ext4 defaults,x-systemd.device-t 重装系统前如果系统中存在无法激活的逻辑卷组,为了避免重装系统过程出现异常,需在重装前将逻辑卷组恢复到正常状态或者清除这些逻辑卷组。举例如下: -- 恢复逻辑卷组状态 - 1. 使用以下命令清除vg激活状态, 防止出现“Can't open /dev/sdc exclusively mounted filesystem”。 +- 恢复逻辑卷组状态 + 1. 使用以下命令清除vg激活状态, 防止出现“Can't open /dev/sdc exclusively mounted filesystem”。 - ``` - vgchange -a n testvg32947 + ```sh + vgchange -a n testvg32947 ``` - 2. 根据备份文件重新创建pv。 + 2. 根据备份文件重新创建pv。 - ``` + ```sh pvcreate --uuid JT7zlL-K5G4-izjB-3i5L-e94f-7yuX-rhkLjL --restorefile /etc/lvm/backup/testvg32947 /dev/sdc ``` - 3. 恢复vg信息。 + 3. 恢复vg信息。 - ``` + ```sh vgcfgrestore testvg32947 ``` - 4. 重新激活vg。 + 4. 重新激活vg。 + ```sh + vgchange -ay testvg32947 ``` - vgchange -ay testvg32947 - ``` - -- 清除逻辑卷组 +- 清除逻辑卷组 - ``` + ```sh vgchange -a n testvg32947 vgremove -y testvg32947 ``` - ## 选择安装源出现异常 ### 问题现象 @@ -152,11 +136,11 @@ kdump服务需要系统预留一段内存用于运行kdump内核,而当前系 已安装操作系统的场景 -1. 修改/boot/efi/EFI/openEuler/grub.cfg,添加crashkernel=1024M,high。 -2. 重启系统使配置生效。 -3. 执行如下命令,检查kdump状态: +1. 修改/boot/efi/EFI/openEuler/grub.cfg,添加crashkernel=1024M,high。 +2. 重启系统使配置生效。 +3. 执行如下命令,检查kdump状态: - ``` + ```sh systemctl status kdump ``` @@ -164,7 +148,6 @@ kdump服务需要系统预留一段内存用于运行kdump内核,而当前系 ![](./figures/zh-cn_image_0229291272.png) - ### 参数说明 kdump内核预留内存参数说明如下: @@ -239,37 +222,36 @@ kdump内核预留内存参数说明如下: 因为多块磁盘组成逻辑卷相当于一个整体,所以只需要删除对应的卷组即可。 -1. 按“Ctrl+Alt+F2”可以切换到命令行,执行如下命令找到卷组。 +1. 按“Ctrl+Alt+F2”可以切换到命令行,执行如下命令找到卷组。 - ``` + ```sh vgs ``` ![](./figures/zh-cn_image_0231657950.png) -2. 执行如下命令,删除卷组。 +2. 执行如下命令,删除卷组。 - ``` + ```sh vgremove euleros ``` -3. 执行如下命令,重启安装程序即可生效。 +3. 执行如下命令,重启安装程序即可生效。 - ``` + ```sh systemctl restart anaconda ``` - >![](./public_sys-resources/icon-note.gif) **说明:** - >图形模式下也可以按“Ctrl+Alt+F6”回到图形界面,点击[图1](#fig115949762617)右下角的“Refresh”刷新存储配置生效。 - + > ![](./public_sys-resources/icon-note.gif) **说明:** + > 图形模式下也可以按“Ctrl+Alt+F6”回到图形界面,点击[图1](#fig115949762617)右下角的“Refresh”刷新存储配置生效。 ## x86物理机UEFI模式由于security boot安全选项问题无法安装 ### 问题现象 -x86物理机安装系统时,由于设置了BIOS选项security boot 为enable(默认是disable),导致系统一直停留在“No bootable device”提示界面,无法继续安装,如[图2](#fig115949762617)所示。 +x86物理机安装系统时,由于设置了BIOS选项security boot 为enable(默认是disable),导致系统一直停留在“No bootable device”提示界面,无法继续安装,如[图2](#fig115949762618)所示。 -**图 2** “No bootable device”提示界面 +**图 2** “No bootable device”提示界面 ![](./figures/No-bootable-device.png) ### 原因分析 @@ -280,18 +262,64 @@ x86物理机安装系统时,由于设置了BIOS选项security boot 为enable 进入BIOS,设置security boot为disable,重新安装即可。 -1. 系统启动时,按“F11”,输入密码“Admin@9000”进入BIOS。 +1. 系统启动时,按“F11”,输入密码“Admin@9000”进入BIOS。 ![](./figures/BIOS.png) -2. 选择进入Administer Secure Boot。 +2. 选择进入Administer Secure Boot。 ![](./figures/security.png) -3. 设置Enforce Secure Boot为Disabled。 +3. 设置Enforce Secure Boot为Disabled。 ![](./figures/select.png) - >![](./public_sys-resources/icon-note.gif) **说明:** - >设置security boot为disable之后,保存退出,重新安装即可。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > 设置security boot为disable之后,保存退出,重新安装即可。 + +## 安装openEuler时,软件选择页面选择“服务器-性能工具”,安装后messages日志有pmie_check报错信息 + +### 问题现象 + +安装系统时软件选择勾选服务器-性能工具,会安装pcp相关软件包,正常安装并重启后,/var/log/messages日志文件中会产生报错:pmie_check failed in /usr/share/pcp/lib/pmie。 + +### 原因分析 + +anaconda不支持在chroot环境中安装selinux策略模块,当安装pcp-selinux时,postin脚本安装pcp相关selinux策略模块执行失败,从而导致重启后产生报错。 + +### 解决办法 + +完成安装并重启后,以下方法选择其一。 + +1. 执行如下命令,安装selinux策略模块pcpupstream + + ```sh + /usr/libexec/pcp/bin/selinux-setup /var/lib/pcp/selinux install "pcpupstream" + ``` + +2. 重新安装pcp-selinux + + ```sh + sudo dnf reinstall pcp-selinux + ``` + +## 在两块已经安装了系统的磁盘上进行重复选择,并自定义分区时,安装失败 + +### 问题现象 + +用户在安装操作系统过程中,存在两块都已经安装过的磁盘,此时如果先选择一块盘,进行自定义分区,然后点击取消按钮,再选择第二块盘,并进行自定义分区时,会出现安装失败。 + +![](./figures/cancle_disk.png) +![](./figures/custom_paratition.png) + +### 原因分析 + +用户存在两次选择磁盘的操作,当前点击取消后,再选择第二块磁盘,磁盘信息不正确,导致安装失败。 + +### 解决方法 + +直接选择目标磁盘进行自定义分区,请勿频繁取消操作,如果一定要进行取消重选建议重新安装。 + +### issue访问链接 + diff --git a/docs/zh/docs/Installation/figures/Advanced_User_Configuration.png b/docs/zh/docs/Installation/figures/Advanced_User_Configuration.png index 63f6c87eec6758e97c976c07171343d28569d011..55eac545cd29e018a2236daed071f5b973c8746d 100644 Binary files a/docs/zh/docs/Installation/figures/Advanced_User_Configuration.png and b/docs/zh/docs/Installation/figures/Advanced_User_Configuration.png differ diff --git a/docs/zh/docs/Installation/figures/CD-ROM_drive_icon.png b/docs/zh/docs/Installation/figures/CD-ROM_drive_icon.png index b41fcb09dfbf805da4863142855e7c2de4bf4c7b..9e87cfaf1bdee860b3cbc35150decd8db492f8aa 100644 Binary files a/docs/zh/docs/Installation/figures/CD-ROM_drive_icon.png and b/docs/zh/docs/Installation/figures/CD-ROM_drive_icon.png differ diff --git a/docs/zh/docs/Installation/figures/Ending_Configuration-new.png b/docs/zh/docs/Installation/figures/Ending_Configuration-new.png deleted file mode 100644 index db408008865e51d7f92f0cb767b1cb61e3e12793..0000000000000000000000000000000000000000 Binary files a/docs/zh/docs/Installation/figures/Ending_Configuration-new.png and /dev/null differ diff --git a/docs/zh/docs/Installation/figures/Image_dialog_box.png b/docs/zh/docs/Installation/figures/Image_dialog_box.png index a7baed98a8caba6010fb8d9779a393297f224d5e..e72253b3d16d4388fa051c73b94e8923020ad467 100644 Binary files a/docs/zh/docs/Installation/figures/Image_dialog_box.png and b/docs/zh/docs/Installation/figures/Image_dialog_box.png differ diff --git a/docs/zh/docs/Installation/figures/Installation_Overview.png b/docs/zh/docs/Installation/figures/Installation_Overview.png index e30f776c50915918005be529363b2e15de9fe432..f6542ffc0c01cf2489071ebf5addb47f12b0a242 100644 Binary files a/docs/zh/docs/Installation/figures/Installation_Overview.png and b/docs/zh/docs/Installation/figures/Installation_Overview.png differ diff --git a/docs/zh/docs/Installation/figures/Installation_Procedure.png b/docs/zh/docs/Installation/figures/Installation_Procedure.png index 9ea395847259ea6a60883ead1edbef81e622afe6..06a9d14a166bdfe86c5eec0be7929a7a99c5ea45 100644 Binary files a/docs/zh/docs/Installation/figures/Installation_Procedure.png and b/docs/zh/docs/Installation/figures/Installation_Procedure.png differ diff --git a/docs/zh/docs/Installation/figures/Installation_source.png b/docs/zh/docs/Installation/figures/Installation_source.png index 74ada559531d806e31ac6fda3e45fff1e2fe3c50..b2ff6ff142722b27b4aa474ca246f5aedc278df8 100644 Binary files a/docs/zh/docs/Installation/figures/Installation_source.png and b/docs/zh/docs/Installation/figures/Installation_source.png differ diff --git a/docs/zh/docs/Installation/figures/Installation_wizard.png b/docs/zh/docs/Installation/figures/Installation_wizard.png index 69c5254413574903fc55c5eafb935a83837549e0..fc3a96c0cd4b5a2ece94a0b3fc484720440adace 100644 Binary files a/docs/zh/docs/Installation/figures/Installation_wizard.png and b/docs/zh/docs/Installation/figures/Installation_wizard.png differ diff --git a/docs/zh/docs/Installation/figures/Keyboard_layout.png b/docs/zh/docs/Installation/figures/Keyboard_layout.png index 9bb4e1b0fd26df0011a10c707e2191f934500893..12447c247e913ff4460dc2e736b1ece57a8d128b 100644 Binary files a/docs/zh/docs/Installation/figures/Keyboard_layout.png and b/docs/zh/docs/Installation/figures/Keyboard_layout.png differ diff --git a/docs/zh/docs/Installation/figures/Manual_partitioning.png b/docs/zh/docs/Installation/figures/Manual_partitioning.png deleted file mode 100644 index 89bd1b2afb39bb9ec1e8e331449f885f31dfe756..0000000000000000000000000000000000000000 Binary files a/docs/zh/docs/Installation/figures/Manual_partitioning.png and /dev/null differ diff --git a/docs/zh/docs/Installation/figures/NetworkandHostName.png b/docs/zh/docs/Installation/figures/NetworkandHostName.png index 3d0c759016fe3bb43f44258c62cd7c5b4afbda27..5d77ccbe602dd1ce565e77c48e27628cc9ec591a 100644 Binary files a/docs/zh/docs/Installation/figures/NetworkandHostName.png and b/docs/zh/docs/Installation/figures/NetworkandHostName.png differ diff --git a/docs/zh/docs/Installation/figures/Partition_expansion.png b/docs/zh/docs/Installation/figures/Partition_expansion.png new file mode 100644 index 0000000000000000000000000000000000000000..37a6ef7a2371a9a5518f6d2ce0dc6d36fc71fe1b Binary files /dev/null and b/docs/zh/docs/Installation/figures/Partition_expansion.png differ diff --git a/docs/zh/docs/Installation/figures/Semi-automatic-new.png b/docs/zh/docs/Installation/figures/Semi-automatic-new.png deleted file mode 100644 index 82218558de7ffacb4835087c90c0206b52f89198..0000000000000000000000000000000000000000 Binary files a/docs/zh/docs/Installation/figures/Semi-automatic-new.png and /dev/null differ diff --git a/docs/zh/docs/Installation/figures/Setting_the_System_Boot_Option.png b/docs/zh/docs/Installation/figures/Setting_the_System_Boot_Option.png new file mode 100644 index 0000000000000000000000000000000000000000..682f555c3a6da63e1cf6e6eed402e2851c4a7ebb Binary files /dev/null and b/docs/zh/docs/Installation/figures/Setting_the_System_Boot_Option.png differ diff --git a/docs/zh/docs/Installation/figures/Target_installation_position.png b/docs/zh/docs/Installation/figures/Target_installation_position.png index af0980e3a8e2d2510d00b6012e4aef70936b584e..c499b315e380757e718dd73b399eac2836fc79d6 100644 Binary files a/docs/zh/docs/Installation/figures/Target_installation_position.png and b/docs/zh/docs/Installation/figures/Target_installation_position.png differ diff --git a/docs/zh/docs/Installation/figures/add_inst-noverifyssl.png b/docs/zh/docs/Installation/figures/add_inst-noverifyssl.png deleted file mode 100644 index dc92fedd71a5331af870e449f843ecd0eefc9278..0000000000000000000000000000000000000000 Binary files a/docs/zh/docs/Installation/figures/add_inst-noverifyssl.png and /dev/null differ diff --git a/docs/zh/docs/Installation/figures/cancle_disk.png b/docs/zh/docs/Installation/figures/cancle_disk.png new file mode 100644 index 0000000000000000000000000000000000000000..35360ed3b2c43f4d8e94a86acc9dbb109a2df99a Binary files /dev/null and b/docs/zh/docs/Installation/figures/cancle_disk.png differ diff --git a/docs/zh/docs/Installation/figures/choosesoftware.png b/docs/zh/docs/Installation/figures/choosesoftware.png index 8330bf28b910ab88420e0ba1fb43a49b21a3374f..06240e96112779ce064d097cabb17afe66c987ed 100644 Binary files a/docs/zh/docs/Installation/figures/choosesoftware.png and b/docs/zh/docs/Installation/figures/choosesoftware.png differ diff --git a/docs/zh/docs/Installation/figures/completeinstall.png b/docs/zh/docs/Installation/figures/completeinstall.png deleted file mode 100644 index 91d38b80cf2310a7427788feb089da8d106b97b5..0000000000000000000000000000000000000000 Binary files a/docs/zh/docs/Installation/figures/completeinstall.png and /dev/null differ diff --git a/docs/zh/docs/Installation/figures/confignetwork1.png b/docs/zh/docs/Installation/figures/confignetwork1.png new file mode 100644 index 0000000000000000000000000000000000000000..d46f71cc21fb8f2defab62c08ba5537f225be328 Binary files /dev/null and b/docs/zh/docs/Installation/figures/confignetwork1.png differ diff --git a/docs/zh/docs/Installation/figures/createuser.png b/docs/zh/docs/Installation/figures/createuser.png index 3650c7ed70883500b636ae2acecee78d5724f7d8..a280f355f07f34e590bfcb5c33a16b2201051857 100644 Binary files a/docs/zh/docs/Installation/figures/createuser.png and b/docs/zh/docs/Installation/figures/createuser.png differ diff --git a/docs/zh/docs/Installation/figures/custom_paratition.png b/docs/zh/docs/Installation/figures/custom_paratition.png new file mode 100644 index 0000000000000000000000000000000000000000..06407fc67da8646b1c2cebfd34b8eda8993f11ef Binary files /dev/null and b/docs/zh/docs/Installation/figures/custom_paratition.png differ diff --git a/docs/zh/docs/Installation/figures/dateandtime.png b/docs/zh/docs/Installation/figures/dateandtime.png index 9b433ac4f14140ff75841e786a040bf991bec0db..10ff8aceeb1789333833f79a668214eb69e50643 100644 Binary files a/docs/zh/docs/Installation/figures/dateandtime.png and b/docs/zh/docs/Installation/figures/dateandtime.png differ diff --git a/docs/zh/docs/Installation/figures/filesystem_setting.png b/docs/zh/docs/Installation/figures/filesystem_setting.png new file mode 100644 index 0000000000000000000000000000000000000000..4ff41957f520ee0abdf55fbe90cd92dd0ea35f1f Binary files /dev/null and b/docs/zh/docs/Installation/figures/filesystem_setting.png differ diff --git a/docs/zh/docs/Installation/figures/installsource.png b/docs/zh/docs/Installation/figures/installsource.png new file mode 100644 index 0000000000000000000000000000000000000000..df788bdb010a1e711eef0446348587dce7b55b95 Binary files /dev/null and b/docs/zh/docs/Installation/figures/installsource.png differ diff --git a/docs/zh/docs/Installation/figures/languagesupport.png b/docs/zh/docs/Installation/figures/languagesupport.png index 47b451e97e87bfb17bc0c8039f262c5ffff84ca2..322a38cfea59362ae595ff204d907ae1fd41dc30 100644 Binary files a/docs/zh/docs/Installation/figures/languagesupport.png and b/docs/zh/docs/Installation/figures/languagesupport.png differ diff --git a/docs/zh/docs/Installation/figures/restarticon.png b/docs/zh/docs/Installation/figures/restarticon.png index a1b02b2dff42c90845d2491192507ea6967352e3..33bf7cd2e435ff04f3947eb39ba20019b12bf2d2 100644 Binary files a/docs/zh/docs/Installation/figures/restarticon.png and b/docs/zh/docs/Installation/figures/restarticon.png differ diff --git a/docs/zh/docs/Installation/figures/root_password.png b/docs/zh/docs/Installation/figures/root_password.png index 131863338be6ea5925cadd75483c08c34ec9856c..acc7ac215cecfe996a991cf61c69c52d19a06d31 100644 Binary files a/docs/zh/docs/Installation/figures/root_password.png and b/docs/zh/docs/Installation/figures/root_password.png differ diff --git a/docs/zh/docs/Installation/figures/selectlanguage.png b/docs/zh/docs/Installation/figures/selectlanguage.png index 44e736d20c86098b0e69e0a7027103871d19032b..4351e637cb673e156864cf5110e68efb3c3e1f2b 100644 Binary files a/docs/zh/docs/Installation/figures/selectlanguage.png and b/docs/zh/docs/Installation/figures/selectlanguage.png differ diff --git a/docs/zh/docs/Installation/figures/sourceftp.png b/docs/zh/docs/Installation/figures/sourceftp.png new file mode 100644 index 0000000000000000000000000000000000000000..6866700da46d0a283cb1585dc425feb79337f726 Binary files /dev/null and b/docs/zh/docs/Installation/figures/sourceftp.png differ diff --git a/docs/zh/docs/Installation/figures/sourcenfs.png b/docs/zh/docs/Installation/figures/sourcenfs.png new file mode 100644 index 0000000000000000000000000000000000000000..430d9433904fef0ac833495ec1ae704acdd9026f Binary files /dev/null and b/docs/zh/docs/Installation/figures/sourcenfs.png differ diff --git a/docs/zh/docs/Installation/figures/startinstall.png b/docs/zh/docs/Installation/figures/startinstall.png deleted file mode 100644 index 227ec876dc1b0d6cbe6991c1bce1fc0837a344c0..0000000000000000000000000000000000000000 Binary files a/docs/zh/docs/Installation/figures/startinstall.png and /dev/null differ diff --git a/docs/zh/docs/Installation/figures/startparam.png b/docs/zh/docs/Installation/figures/startparam.png new file mode 100644 index 0000000000000000000000000000000000000000..661febc759a150367509505577ea7ea216f911be Binary files /dev/null and b/docs/zh/docs/Installation/figures/startparam.png differ diff --git "a/docs/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" "b/docs/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" index 850fec214d04948a2566fc790dde351c7e609bd9..b7e58c2f831747933d429a885a7c53487190a076 100644 --- "a/docs/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" +++ "b/docs/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" @@ -1,19 +1,4 @@ # 使用kickstart自动化安装 - - -- [使用kickstart自动化安装](#使用kickstart自动化安装) - - [总体介绍](#总体介绍) - - [概述](#概述) - - [优缺点对比](#优缺点对比) - - [背景知识](#背景知识) - - [半自动化安装指导](#半自动化安装指导) - - [环境要求](#环境要求) - - [操作步骤](#操作步骤) - - [全自动化安装指导](#全自动化安装指导) - - [环境要求](#环境要求-1) - - [操作步骤](#操作步骤-1) - - ## 总体介绍 @@ -21,8 +6,8 @@ 用户可以使用kickstart工具进行openEuler系统的自动化安装,包括如下两种方式: -- 半自动化安装:安装人员不需要手动设定操作系统的键盘、语言、分区等具体属性(通过kickstart实现自动化),但是需要手动指定kickstart文件的位置。 -- 全自动化安装:实现操作系统的安装过程全自动化。 +- 半自动化安装:安装人员不需要手动设定操作系统的键盘、语言、分区等具体属性(通过kickstart实现自动化),但是需要手动指定kickstart文件的位置。 +- 全自动化安装:实现操作系统的安装过程全自动化。 ### 优缺点对比 @@ -64,9 +49,11 @@ kickstart是一种无人值守的安装方式。它的工作原理是在安装 kickstart 安装提供一个安装过程自动化的方法,可以是部分自动化,也可以是完全自动化。 +kickstart 采用开源 [pykickstart](https://github.com/pykickstart/pykickstart)来对ks.cfg文件进行语法解析。 + **PXE** -PXE(Pre-boot Execution Environment,预启动执行环境),工作于Client/Server的网络模式,支持PXE的客户端在启动过程中,能够从DHCP服务器获取IP结合TFTP(trivial file transfer protocol)等协议可以实现客户端的网络引导和安装。 +PXE(Pre-boot Execution Environment,预启动执行环境),工作于Client/Server的网络模式,支持PXE的客户端在启动过程中,能够从DHCP服务器获取IP结合TFTP(trivial file transfer protocol)等协议实现客户端的网络引导和安装。 **TFTP** @@ -78,9 +65,9 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 使用kickstart进行openEuler系统的半自动化安装的环境要求如下: -- 物理机/虚拟机(虚拟机创建可参考对应厂商的资料)。包括使用kickstart工具进行自动化安装的计算机和被安装的计算机。 -- httpd:存放kickstart文件。 -- ISO: openEuler-20.03-LTS-aarch64-dvd.iso +- 物理机/虚拟机(虚拟机创建可参考对应厂商的资料):包括使用kickstart工具进行自动化安装的计算机和被安装的计算机。 +- httpd:存放kickstart文件。 +- ISO: openEuler-{版本号}-{架构}-dvd.iso。下文中均以openEuler-20.03-LTS-SP4-aarch64-dvd.iso作为示例。 ### 操作步骤 @@ -88,25 +75,28 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 **环境准备** ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >安装之前,请确保http服务器的防火墙处于关闭状态。关闭防火墙可参照如下命令: ->``` ->iptables -F ->``` +> +>```shell +>iptables -F +>systemctl stop firewalld +>``` -1. httpd的安装与服务启动。 +1. httpd的安装与服务启动。 - ``` + ```shell # dnf install httpd -y # systemctl start httpd + # systemctl status httpd # systemctl enable httpd ``` -2. kickstart文件的准备。 +2. kickstart文件的准备。 - ``` + ```shell # mkdir /var/www/html/ks - # vim /var/www/html/ks/openEuler-ks.cfg ===>根据已安装openEuler系统自动生成的anaconda-ks.cfg修改得到,也可以使用system-config-kickstart工具做成 + # vim /var/www/html/ks/openEuler-ks.cfg ===>根据已安装openEuler系统自动生成的anaconda-ks.cfg修改得到 ==================================== ***以下内容需要根据实际需求进行修改*** #version=DEVEL @@ -156,50 +146,51 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 ===================================== ``` - >![](./public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >密码密文生成方式: - >\# python3 - >Python 3.7.0 \(default, Apr 1 2019, 00:00:00\) - >\[GCC 7.3.0\] on linux + > + >```shell + ># python3 + >Python 3.7.0 (default, Apr 1 2019, 00:00:00) + >[GCC 7.3.0] on linux >Type "help", "copyright", "credits" or "license" for more information. - >\>\>\> import crypt - >\>\>\> passwd = crypt.crypt\("myPasswd"\) - >\>\>\> print\(passwd\) + >>>> import crypt + >>>> passwd = crypt.crypt("myPasswd") + >>>> print (passwd) >$6$63c4tDmQGn5SDayV$mZoZC4pa9Jdt6/ALgaaDq6mIExiOO2EjzomB.Rf6V1BkEMJDcMddZeGdp17cMyc9l9ML9ldthytBEPVcnboR/0 + >``` -3. 将ISO镜像文件挂载到需要安装openEuler计算机的光驱上。 +3. 将ISO镜像文件挂载到需要安装openEuler计算机的光驱上。 另外,也可以选择NFS等网络安装,kickstart文件中需要指定安装源位置(默认是cdrom)。 - **安装系统** -1. 启动系统进入安装选择界面。 - 1. 在“[启动安装](./安装指导.html#启动安装)”中的“安装引导界面”中选择“Install openEuler 20.03 LTS”,并按下“e”键。 - 2. 启动参数中追加“inst.ks=http://server ip/ks/openEuler-ks.cfg”。 +1. 启动系统进入安装选择界面。 + 1. 在“[启动安装](./安装指导.html#启动安装)”中的“安装引导界面”中选择“Install openEuler 20.03 LTS SP4”,并按下“e”键。 + 2. 启动参数中追加“inst.ks=http://{server_ip}/ks/openEuler-ks.cfg”。 - ![](./figures/Semi-automatic-new.png) + ![](./figures/startparam.png) - 3. 按“Ctrl+x”,开始系统的自动安装。 + 3. 按“Ctrl+x”,开始系统的自动安装。 -2. 确认系统安装完毕。 +2. 确认系统安装完毕。 系统安装完毕以后会自动重启,如果优先从光驱启动,会再次进入到安装界面,此时关闭计算机,调整启动顺序(优先从硬盘启动)。 ![](./figures/Automatic_installation_complete.png) - ## 全自动化安装指导 ### 环境要求 使用kickstart进行openEuler系统的全自动化安装的环境要求如下: -- 物理机/虚拟机(虚拟机创建可参考对应厂商的资料)。包括使用kickstart工具进行自动化安装的计算机和被安装的计算机。 -- httpd:存放kickstart文件。 -- tftp:提供vmlinuz和initrd文件。 -- dhcpd/pxe:提供DHCP服务。 -- ISO:openEuler-20.03-LTS-aarch64-dvd.iso。 +- 物理机/虚拟机(虚拟机创建可参考对应厂商的资料)。包括使用kickstart工具进行自动化安装的计算机和被安装的计算机。 +- httpd:存放kickstart文件。 +- tftp:提供vmlinuz和initrd文件。 +- dhcpd/pxe:提供DHCP服务。 +- ISO: openEuler-{版本号}-{架构}-dvd.iso。下文中均以openEuler-20.03-LTS-SP4-aarch64-dvd.iso作为示例。 ### 操作步骤 @@ -207,24 +198,25 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 **环境准备** ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >安装之前,请确保http服务器的防火墙处于关闭状态。关闭防火墙可参照如下命令: ->``` +> +>```shell >iptables -F ->``` +>``` -1. httpd的安装与服务启动。 +1. httpd的安装与服务启动。 - ``` + ```shell # dnf install httpd -y # systemctl start httpd # systemctl enable httpd ``` -2. tftp的安装与配置。 +2. tftp的安装与配置。 - ``` - # dnf install tftp-server -y + ```shell + # dnf install tftp-server xinetd -y # vim /etc/xinetd.d/tftp service tftp { @@ -246,16 +238,16 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 # systemctl enable xinetd ``` -3. 安装源的制作。 +3. 安装源的制作。 - ``` - # mount openEuler-20.03-LTS-aarch64-dvd.iso /mnt + ```shell + # mount openEuler-20.03-LTS-SP4-aarch64-dvd.iso /mnt # cp -r /mnt/* /var/www/html/openEuler/ ``` -4. 设置和修改kickstart配置文件 openEuler-ks.cfg,参考[3](#zh-cn_topic_0151920754_l1692f6b9284e493683ffa2ef804bc7ca)安装源的目录,此处选择http安装源。 +4. 设置和修改kickstart配置文件 openEuler-ks.cfg,参考[3](#zh-cn_topic_0151920754_l1692f6b9284e493683ffa2ef804bc7ca)安装源的目录,此处选择http安装源。 - ``` + ```shell #vim /var/www/html/ks/openEuler-ks.cfg ==================================== ***以下内容根据实际需求进行修改*** @@ -271,7 +263,7 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 # System language lang zh_CN.UTF-8 #Use http installation source - url --url=//192.168.122.1/openEuler/ + url --url=http://192.168.122.1/openEuler/ %post #enable kdump sed -i "s/ ro / ro crashkernel=1024M,high /" /boot/efi/EFI/openEuler/grub.cfg @@ -279,9 +271,9 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 ... ``` -5. 修改pxe配置文件grub.cfg, 可参考如下内容。 +5. 修改pxe配置文件grub.cfg, 可参考如下内容(注意:openEuler当前不支持bls格式的cfg文件,如果架构是x86_64,请将grubaa64.efi替换成grubx64.efi)。 - ``` + ```shell # cp -r /mnt/images/pxeboot/* /var/lib/tftpboot/ # cp /mnt/EFI/BOOT/grubaa64.efi /var/lib/tftpboot/ # cp /mnt/EFI/BOOT/grub.cfg /var/lib/tftpboot/ @@ -314,29 +306,30 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 ### BEGIN /etc/grub.d/10_linux ### - menuentry 'Install openEuler 20.03 LTS' --class red --class gnu-linux --class gnu --class os { - set root=(tftp,192.168.1.1) + menuentry 'Install openEuler 20.03 LTS SP4' --class red --class gnu-linux --class gnu --class os { + set root=(tftp,192.168.122.1) linux /vmlinuz ro inst.geoloc=0 console=ttyAMA0 console=tty0 rd.iscsi.waitnet=0 inst.ks=http://192.168.122.1/ks/openEuler-ks.cfg initrd /initrd.img } ``` -6. DHCP的配置(可以使用dnsmasq代替 )。 +6. DHCP的配置(可以使用dnsmasq代替,如果架构是x86_64,请将grubaa64.efi替换成grubx64.efi)。 - ``` + ```shell # dnf install dhcp -y # + # vim /etc/dhcp/dhcpd.conf + # # DHCP Server Configuration file. # see /usr/share/doc/dhcp-server/dhcpd.conf.example # see dhcpd.conf(5) man page # - # vim /etc/dhcp/dhcpd.conf ddns-update-style interim; ignore client-updates; filename "grubaa64.efi";    # pxelinux 启动文件位置; next-server 192.168.122.1;  # (重要)TFTP Server 的IP地址; subnet 192.168.122.0 netmask 255.255.255.0 { - option routers 192.168.111.1; # 网关地址 + option routers 192.168.122.1; # 网关地址 option subnet-mask 255.255.255.0; # 子网掩码 range dynamic-bootp 192.168.122.50 192.168.122.200; # 动态ip范围 default-lease-time 21600; @@ -346,10 +339,9 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 # systemctl enable dhcpd ``` - **安装系统** -1. 在“Start boot option”界面按下“F2”选择从网络pxe启动,开始自动化安装。 +1. 在“Start boot option”界面按下“F2”选择从网络pxe启动,开始自动化安装。 ![](./figures/zh-cn_image_0229291270.png) @@ -357,8 +349,7 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 ![](./figures/zh-cn_image_0229291247.png) -2. 进入系统全自动化安装界面。 -3. 确认系统安装完毕。 +2. 进入系统全自动化安装界面。 +3. 确认系统安装完毕。 ![](./figures/Automatic_installation_complete.png) - diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" new file mode 100644 index 0000000000000000000000000000000000000000..f682d8d9e645786a1b586d2211b74ab52014cdc0 --- /dev/null +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" @@ -0,0 +1,113 @@ +# 安装准备 + +介绍安装前需要考虑软硬件兼容性状况,以及相关的配置和准备工作。 + + +- [安装准备](#安装准备) + - [获取安装源](#获取安装源) + - [镜像完整性校验](#镜像完整性校验) + - [简介](#简介) + - [前提条件](#前提条件) + - [操作指导](#操作指导) + - [安装要求](#安装要求) + - [硬件兼容支持](#硬件兼容支持) + - [最小硬件要求](#最小硬件要求) + + + +## 获取安装源 + +在安装开始前,您需要获取 openEuler 发布的树莓派镜像及其校验文件。 + +1. 登录[openEuler Repo](https://repo.openeuler.org/)网站。 +2. 单击选择 openEuler 20.03 LTS SP4 版本。 +3. 单击“raspi_img”,进入树莓派镜像的下载列表。 +4. 单击“openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz”,将 openEuler 发布的树莓派镜像下载到本地。 +5. 单击“openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz.sha256sum”,将 openEuler 发布的树莓派镜像的校验文件下载到本地。 + +## 镜像完整性校验 + +### 简介 + +为了防止软件包在传输过程中由于网络原因或者存储设备原因出现下载不完整的问题,在获取到软件包后,需要对软件包的完整性进行校验,通过了校验的软件包才能部署。 + +这里通过对比校验文件中记录的校验值和手动方式计算的文件校验值,判断软件包是否完整。若两个值相同,说明下载的文件完整,否则,下载的文件完整性被破坏,请重新获取软件包。 + +### 前提条件 + +在校验镜像文件的完整性之前,需要准备如下文件: + +镜像文件:openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz + +校验文件:openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz.sha256sum + +### 操作指导 + +文件完整性校验操作步骤如下: + +1. 获取校验文件中的校验值。执行命令如下: + + ```shell + cat openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz.sha256sum + ``` + +2. 计算文件的 sha256 校验值。执行命令如下: + + ```shell + sha256sum openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz + ``` + + 命令执行完成后,输出校验值。 + +3. 对比步骤 1 和步骤 2 计算的校验值是否一致。 + + 如果校验值一致说明下载的文件完整性没有破坏,如果校验值不一致则可以确认文件完整性已被破坏,需要重新获取。 + +## 安装要求 + +在树莓派环境上安装 openEuler 操作系统,则树莓派需要满足如下的硬件兼容性和最小硬件要求。 + +### 硬件兼容支持 + +openEuler 树莓派版本镜像目前支持树莓派 3B/3B+/4B。 + +### 最小硬件要求 + +openEuler 树莓派版本镜像所需的最小硬件要求如[表1](#tff48b99c9bf24b84bb602c53229e2542)所示。 + +**表 1** 最小硬件要求 + + + + + + + + + + + + + + + + + + + + + + +

    部件名称

    +

    最小硬件要求

    +

    说明

    +

    树莓派版本

    +
    • 树莓派 3B
    • 树莓派 3B+
    • 树莓派 4B
    +

    -

    +

    内存

    +

    不小于 2GB(为了获得更好的应用体验,建议至少 4GB)

    +

    -

    +

    硬盘

    +

    为了获得更好的应用体验,建议不小于 8GB

    +

    -

    +
    diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" index d78039353154f50ed018f00de3494c9d00128e06..6c5865df1e63509e1353288afd6820cbe1abd297 100644 --- "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" @@ -1,6 +1,7 @@ # 安装准备 介绍安装前需要考虑软硬件兼容性状况,以及相关的配置和准备工作。 + - [安装准备](#安装准备) @@ -24,64 +25,59 @@ 请按以下步骤获取openEuler的发布包和校验文件: -1. 登录[openEuler社区](https://openeuler.org)网站。 -2. 单击“下载”。 -3. 单击“获取ISO:”后面的“Link”,显示版本列表。 -4. 单击“openEuler-20.03-LTS”,进入openEuler 20.03 LTS版本下载列表。 -5. 单击“ISO”,进入ISO下载列表。 - - aarch64:AArch64架构的ISO。 - - x86\_64:x86\_64架构的ISO。 - - source:openEuler源码ISO。 - -6. 根据实际待安装环境的架构选择需要下载的openEuler的发布包和校验文件。 - - 若为AArch64架构。 - 1. 单击“aarch64”。 - 2. 单击“openEuler-20.03-LTS-aarch64-dvd.iso”,将openEuler发布包下载到本地。 - 3. 单击“openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 - - - 若为x86\_64架构。 - 1. 单击“x86\_64”。 - 2. 单击“openEuler-20.03-LTS-x86\_64-dvd.iso”,将openEuler发布包下载到本地。 - 3. 单击“openEuler-20.03-LTS-x86\_64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 +1. 登录[openEuler社区](https://openeuler.org/zh/)网站。 +2. 单击“下载” - “社区发行版”,进入版本下载页面。 +3. 单击卡片 openEuler 20.03 LTS SP4 上的“前往下载”,显示ISO下载列表。 + - AArch64:AArch64架构的ISO。 + - x86\_64:x86\_64架构的ISO。 +4. 根据实际待安装环境的架构选择需要下载的 openEuler 的发布包和校验文件。 + - 若为AArch64架构。 + 1. 单击“AArch64”。 + 2. 若选择本地安装,选择“Offline Standard ISO”或者“Offline Everything ISO”对应的“立即下载”将发布包 “openEuler-20.03-LTS-SP4-aarch64-dvd.iso”下载到本地。 + 3. 若选择网络安装,选择“Network Install ISO”将发布包 “openEuler-20.03-LTS-SP4-netinst-aarch64-dvd.iso”下载到本地。 + + - 若为x86\_64架构。 + 1. 单击“x86\_64”。 + 2. 若选择本地安装,选择“Offline Standard ISO”或者“Offline Everything ISO”对应的“立即下载”将发布包 “openEuler-20.03-LTS-SP4-x86\_64-dvd.iso”下载到本地。 + 3. 若选择网络安装,选择“Network Install ISO”将发布包 “openEuler-20.03-LTS-SP4-netinst-x86\_64-dvd.iso ”下载到本地。 + +>![本地图片](./public_sys-resources/icon-note.gif) **说明:** +> +> - 网络安装方式的 ISO 发布包较小,在有网络的安装环境可以选择网络安装方式。 +> - AArch64架构的发布包支持UEFI模式,x86\_64架构的发布包支持UEFI模式和Legacy模式。 ## 发布包完整性校验 ->![](./public_sys-resources/icon-note.gif) **说明:** ->本章节以AArch64架构的发布包完整性校验为例,x86\_64架构的发布包完整性校验的操作方法相同。 +>![本地图片](./public_sys-resources/icon-note.gif) **说明:** +>本章节以AArch64架构的发布包完整性校验为例,x86\_64架构的发布包完整性校验的操作方法相同。 ### 简介 -为了防止软件包在传输过程中由于网络原因或者存储设备原因出现下载不完整的问题,在获取到软件包后,需要对软件包的完整性进行校验,通过了校验的软件包才能部署。 +为了确认软件包在传输过程中由于网络原因或者存储设备原因是否出现下载不完整的问题,在获取到软件包后,需要对软件包的完整性进行校验,通过了校验的软件包才能部署。 -这里通过对比校验文件中记录的校验值和手动方式计算的iso文件校验值,判断软件包是否完成。若两个值相同,说明iso文件完整,否则,iso完整性被破坏,请重新获取iso发布包。 +这里通过对比校验文件中记录的校验值和手动方式计算的iso文件校验值,判断软件包是否完整。若两个值相同,说明iso文件完整,否则,iso完整性被破坏,请重新获取iso发布包。 ### 前提条件 在校验发布包完整性之前,需要准备如下文件: -iso文件:openEuler-20.03-LTS-aarch64-dvd.iso +iso文件:openEuler-20.03-LTS-SP4-aarch64-dvd.iso。 -校验文件:openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum +校验文件:ISO对应完整性校验值,复制保存对应的ISO值。 ### 操作指导 文件完整性校验操作步骤如下: -1. 获取校验文件中的校验值。执行命令如下: +1. 计算文件的sha256校验值。执行命令如下: - ``` - $ cat openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum - ``` - -2. 计算文件的sha256校验值。执行命令如下: - - ``` - $ sha256sum openEuler-20.03-LTS-aarch64-dvd.iso + ```shell + sha256sum openEuler-20.03-LTS-SP4-aarch64-dvd.iso ``` 命令执行完成后,输出校验值。 -3. 对比步骤1和步骤2计算的校验值是否一致。 +2. 对比步骤1计算的校验值与对刚刚复制的SHA256的值是否一致。 如果校验值一致说明iso文件完整性没有破坏,如果校验值不一致则可以确认文件完整性已被破坏,需要重新获取。 @@ -93,88 +89,29 @@ iso文件:openEuler-20.03-LTS-aarch64-dvd.iso openEuler安装时,应注意硬件兼容性方面的问题,当前已支持的服务器类型如[表1](#table14948632047)所示。 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![本地图片](./public_sys-resources/icon-note.gif) **说明:** > ->- TaiShan 200服务器基于华为鲲鹏920处理器。 ->- 当前仅支持华为TaiShan服务器和FusionServer Pro 机架服务器,后续将逐步增加对其他厂商服务器的支持。 - -**表 1** 支持的服务器类型 - - - - - - - - - - - - - - - - - -

    服务器形态

    -

    服务器名称

    -

    服务器型号

    -

    机架服务器

    -

    TaiShan 200

    -

    2280均衡型

    -

    机架服务器

    -

    FusionServer Pro 机架服务器

    -

    FusionServer Pro 2288H V5

    -
    说明:

    服务器要求配置Avago 3508 RAID控制卡和启用LOM-X722网卡。

    -
    -
    +>- TaiShan 200服务器基于华为鲲鹏920处理器。 +>- 当前仅支持华为TaiShan服务器和FusionServer Pro 机架服务器,后续将逐步增加对其他厂商服务器的支持。 + +**表 1** 支持的服务器类型 +| 服务器形态 | 服务器名称 | 服务器型号 | +| :---- | :---- | :---- | +| 机架服务器 | TaiShan 200 | 2280均衡型 | +| 机架服务器 | FusionServer Pro 机架服务器 | FusionServer Pro 2288H V5
    说明:
    服务器要求配置Avago 3508 RAID控制卡和启用LOM-X722网卡| ### 最小硬件要求 openEuler所需的最小硬件要求如[表2](#tff48b99c9bf24b84bb602c53229e2541)所示。 -**表 2** 最小硬件要求 - - - - - - - - - - - - - - - - - - - - - - - - - -

    部件名称

    -

    最小硬件要求

    -

    说明

    -

    架构

    -
    • AArch64
    • x86_64
    -
    • 支持Arm的64位架构。
    • 支持Intel的x86 64位架构。
    -

    CPU

    -
    • 华为鲲鹏920系列CPU
    • Intel® Xeon®处理器
    -

    -

    -

    内存

    -

    不小于4GB(为了获得更好的应用体验,建议不小于8GB)

    -

    -

    -

    硬盘

    -

    为了获得更好的应用体验,建议不小于120GB

    -

    支持IDE、SATA、SAS等接口的硬盘。

    -
    +**表 2** 最小硬件要求 + +| 部件名称 | 最小硬件要求 | +| :---- | :---- | +| 架构 | AArch64或x86_64 | +| CPU | 2个CPU | +| 内存 | 不小于4GB(为了获得更好的应用体验,建议不小于8GB) | +| 硬盘 | 不小于32GB(为了获得更好的应用体验,建议不小于120GB) | ## 虚拟机的安装要求 @@ -184,55 +121,18 @@ openEuler所需的最小硬件要求如[表2](#tff48b99c9bf24b84bb602c53229e2541 openEuler安装时,应注意虚拟化平台兼容性的问题,当前已支持的虚拟化平台为: -- openEuler自有的虚拟化组件(HostOS为openEuler,虚拟化组件为发布包中的qemu、KVM)创建的虚拟化平台。 -- 华为公有云的x86虚拟化平台。 +- openEuler自有的虚拟化组件(HostOS为openEuler,虚拟化组件为发布包中的qemu、KVM)创建的虚拟化平台。 +- 华为公有云的x86虚拟化平台。 ### 最小虚拟化空间要求 openEuler所需的最小虚拟化空间要求如[表3](#tff48b99c9bf24b84bb602c53229e2541)所示。 -**表 3** 最小虚拟化空间要求 - - - - - - - - - - - - - - - - - - - - - - - - - -

    部件名称

    -

    最小虚拟化空间要求

    -

    说明

    -

    架构

    -
    • AArch64
    • x86_64
    -

    -

    -

    CPU

    -

    2个CPU

    -

    -

    -

    内存

    -

    不小于4GB(为了获得更好的应用体验,建议不小于8GB)

    -

    -

    -

    硬盘

    -

    不小于32GB(为了获得更好的应用体验,建议不小于120GB)

    -

    -

    -
    - - +**表 3** 最小虚拟化空间要求 +| 部件名称 | 最小虚拟化空间要求 | +| :---- | :---- | +| 架构 | AArch64或x86_64 | +| CPU | 2个CPU | +| 内存 | 不小于4GB(为了获得更好的应用体验,建议不小于8GB) | +| 硬盘 | 不小于32GB(为了获得更好的应用体验,建议不小于120GB) | diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" new file mode 100644 index 0000000000000000000000000000000000000000..256a1f0899d9030ac421b6cc4dbc00d88f7821d3 --- /dev/null +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" @@ -0,0 +1,3 @@ +# 安装在服务器 + +本文是介绍 openEuler 操作系统安装在服务器的方法,使用本手册的用户需要具备基础的 Linux 系统管理知识。 \ No newline at end of file diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" new file mode 100644 index 0000000000000000000000000000000000000000..72f5e0c176383b7ccedbf937240d6263b082355e --- /dev/null +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" @@ -0,0 +1,3 @@ +# 安装在树莓派 + +本文是介绍 openEuler 操作系统安装在树莓派的方法,使用本手册的用户需要具备基础的 Linux 系统管理知识。 \ No newline at end of file diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" new file mode 100644 index 0000000000000000000000000000000000000000..8755c52a55b9aa03950adfd608a0d0938ccb2116 --- /dev/null +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" @@ -0,0 +1,176 @@ +# 安装指导 + +本章介绍将“[树莓派镜像刷写入 SD 卡](./安装方式介绍-1.html)”后,启用树莓派的主要过程。 + + +- [安装指导](#安装指导) + - [启动系统](#启动系统) + - [登录系统](#登录系统) + - [配置系统](#配置系统) + - [扩展根目录分区](#扩展根目录分区) + - [连接 WIFI](#连接-wifi) + + + +## 启动系统 + +将刷写镜像后的 SD 卡插入树莓派,通电启用。 + +树莓派硬件相关信息请参考[树莓派官网](https://www.raspberrypi.org/)。 + +## 登录系统 + +登录树莓派有以下两种方式: + +1. 本地登录 + + 树莓派连接显示器(树莓派视频输出接口为 Micro HDMI)、键盘、鼠标后,启动树莓派,可以看到树莓派启动日志输出到显示器上。待树莓派启动成功,输入用户名(root)和密码(openeuler)登录。 + +2. ssh 远程登录 + + 树莓派默认采用 DHCP 的方式自动获取 IP。如果树莓派连接已知路由器,可登录路由器查看,新增的 IP 即为树莓派 IP。例如,树莓派对应 IP 为:192.168.31.109,使用命令 `ssh root@192.168.31.109` 后输入密码 `openeuler`,即可远程登录树莓派。 + +## 配置系统 + +### 扩展根目录分区 + +默认根目录分区空间比较小,在使用之前,需要对分区进行扩容。 + +请按照以下步骤扩展根目录分区: + +1. 在 root 权限下执行 `fdisk -l` 命令查看磁盘分区信息。命令和回显如下: + + ``` + # fdisk -l + Disk /dev/mmcblk0: 14.86 GiB, 15931539456 bytes, 31116288 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0xf2dc3842 + + Device Boot Start End Sectors Size Id Type + /dev/mmcblk0p1 * 8192 593919 585728 286M c W95 FAT32 (LBA) + /dev/mmcblk0p2 593920 1593343 999424 488M 82 Linux swap / Solaris + /dev/mmcblk0p3 1593344 5044223 3450880 1.7G 83 Linux + ``` + + SD 卡对应盘符为 /dev/mmcblk0,包括 3 个分区,分别为 + + - /dev/mmcblk0p1:引导分区 + - /dev/mmcblk0p2:交换分区 + - /dev/mmcblk0p3:根目录分区 + + 这里我们需要将根目录分区 `/dev/mmcblk0p3` 进行扩容。 + +2. 在 root 权限下执行 `fdisk /dev/mmcblk0` 命令进入到交互式命令行界面,按照以下步骤扩展分区,如[图 1](#zh-cn_topic_0151920806_f6ff7658b349942ea87f4521c0256c315)所示。 + + 1. 输入 `p`,查看分区信息。 + + 记录分区 `/dev/mmcblk0p3` 的起始扇区号,即 `/dev/mmcblk0p3` 分区信息中 `Start` 列的值,示例中为 `1593344`。 + + 2. 输入 `d`,删除分区。 + 3. 输入 `3` 或直接按 `Enter`,删除序号为 `3` 的分区,即 `/dev/mmcblk0p3` 分区。 + 4. 输入 `n`,创建新的分区。 + 5. 输入 `p` 或直接按 `Enter`,创建 `Primary` 类型的分区。 + 6. 输入 `3` 或直接按 `Enter`,创建序号为 `3` 的分区,即 `/dev/mmcblk0p3` 分区。 + 7. 输入新分区的起始扇区号,即第 `1` 步中记录的起始扇区号,示例中为 `1593344`。 + + >![](./public_sys-resources/icon-notice.gif) **须知:** + >请勿直接按“Enter”或使用默认参数。 + + 8. 按 `Enter`,使用默认的最后一个扇区号作为新分区的终止扇区号。 + 9. 输入 `N`,不修改扇区标记。 + 10. 输入 `w`,保存分区设置并退出交互式命令行界面。 + + **图 1** 分区扩容 + ![](./figures/Partition_expansion.png) + +3. 在 root 权限下执行 `fdisk -l` 命令查看磁盘分区信息,以确保磁盘分区正确。命令和回显如下: + + ``` + # fdisk -l + Disk /dev/mmcblk0: 14.86 GiB, 15931539456 bytes, 31116288 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0xf2dc3842 + + Device Boot Start End Sectors Size Id Type + /dev/mmcblk0p1 * 8192 593919 585728 286M c W95 FAT32 (LBA) + /dev/mmcblk0p2 593920 1593343 999424 488M 82 Linux swap / Solaris + /dev/mmcblk0p3 1593344 31116287 29522944 14.1G 83 Linux + ``` + +4. 在 root 权限下执行 `resize2fs /dev/mmcblk0p3`,增大未加载的文件系统大小。 +5. 执行 `df -lh` 命令查看磁盘空间信息,以确保根目录分区已扩展。 + + >![](./public_sys-resources/icon-notice.gif) **须知:** + >如果根目录分区未扩展,可执行 `reboot` 命令重启树莓派之后再在 root 权限下执行 `resize2fs /dev/mmcblk0p3`。 + +### 连接 WIFI + +请按照以下步骤连接 WIFI: + +1. 查看 IP 和网卡信息 + + `ip a` + + 获取无线网卡 wlan0 信息: + + ``` + 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 + link/ether dc:a6:32:50:de:57 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.109/24 brd 192.168.31.255 scope global dynamic noprefixroute eth0 + valid_lft 41570sec preferred_lft 41570sec + inet6 fe80::cd39:a969:e647:3043/64 scope link noprefixroute + valid_lft forever preferred_lft forever + 3: wlan0: mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 + link/ether e2:e6:99:89:47:0c brd ff:ff:ff:ff:ff:ff + ``` + +2. 扫描可以连接的 WIFI 信息 + + `nmcli dev wifi` + +3. 连接 WIFI + + 在 root 权限下执行 `nmcli dev wifi connect SSID password PWD` 命令连接 WIFI。 + + 其中,`SSID` 为上一步扫描到的可供连接的 WIFI 的 SSID,`PWD` 为对应 WIFI 的密码。例如,`SSID` 为 `openEuler-wifi`,密码为 `12345678`,则连接该 WIFI 命令为:`nmcli dev wifi connect openEuler-wifi password 12345678`,连接成功: + + ``` + Device 'wlan0' successfully activated with '26becaab-4adc-4c8e-9bf0-1d63cf5fa3f1'. + ``` + +4. 查看 IP 和无线网卡信息 + + `ip a` + + ``` + 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 + link/ether dc:a6:32:50:de:57 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.109/24 brd 192.168.31.255 scope global dynamic noprefixroute eth0 + valid_lft 41386sec preferred_lft 41386sec + inet6 fe80::cd39:a969:e647:3043/64 scope link noprefixroute + valid_lft forever preferred_lft forever + 3: wlan0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether dc:a6:32:50:de:58 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.110/24 brd 192.168.31.255 scope global dynamic noprefixroute wlan0 + valid_lft 43094sec preferred_lft 43094sec + inet6 fe80::394:d086:27fa:deba/64 scope link noprefixroute + valid_lft forever preferred_lft forever + ``` diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" index 8789bb64ea9a2dd376b390e8bfecc3dfcdc5ac75..7616c3959f94c333aa98278aa02cf71b9969599a 100644 --- "a/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" @@ -1,31 +1,6 @@ # 安装指导 本章以光盘安装为例介绍安装openEuler,其他安装方式除在启动安装时的引导方式不同外,待启动安装后则安装流程相同,在此不再说明。 - - -- [安装指导](#安装指导) - - [启动安装](#启动安装) - - [使用光盘引导安装](#使用光盘引导安装) - - [安装引导界面](#安装引导界面) - - [图形化模式安装](#图形化模式安装) - - [设置安装程序语言](#设置安装程序语言) - - [进入安装界面](#进入安装界面) - - [设置键盘](#设置键盘) - - [设置系统语言](#设置系统语言) - - [设置时间和日期](#设置时间和日期) - - [设置安装源](#设置安装源) - - [选择安装软件](#选择安装软件) - - [设置安装位置](#设置安装位置) - - [存储配置](#存储配置) - - [设置网络和主机名](#设置网络和主机名) - - [开始安装](#开始安装) - - [安装过程配置](#安装过程配置) - - [密码复杂度](#密码复杂度) - - [设置root密码](#设置root密码) - - [创建用户](#创建用户) - - [安装完成](#安装完成) - - ## 启动安装 @@ -33,10 +8,10 @@ 在服务器的光驱中加载openEuler安装镜像,重启服务器,具体步骤如下。 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >在安装开始前,需要保证服务器启动选项为光驱优先。安装步骤以BMC挂载虚拟光驱进行光盘安装的操作举例。通过物理光驱安装的操作简单,启动安装后的流程相同,在此不再说明。 -1. 在虚拟界面工具栏中,单击虚拟光驱工具如下图所示。 +1. 在虚拟界面工具栏中,单击虚拟光驱工具如下图所示。 **图 1** 光驱图标 ![](./figures/CD-ROM_drive_icon.png) @@ -46,48 +21,53 @@ **图 2** 镜像对话框 ![](./figures/Image_dialog_box.png) -2. 在镜像对话框中,选择“镜像文件”, 并单击“浏览”。弹出“打开”对话框。 -3. 选择镜像文件,单击“打开”。然后在镜像对话框中,单击“连接”。当“连接”显示为“断开”后,表示虚拟光驱已连接到服务器。 -4. 在工具栏中,单击重启工具重启设备,如下图所示。 +2. 在镜像对话框中,选择“镜像文件”, 并单击“...”。弹出“打开”对话框。 +3. 选择镜像文件,单击“打开”。然后在镜像对话框中,单击“连接”。当“连接”显示为“断开”后,表示虚拟光驱已连接到服务器。 +4. 在工具栏中,单击“强制重启”重启设备,如下图所示。 **图 3** 重启图标 ![](./figures/restarticon.png) - ### 安装引导界面 -系统使用引导介质完成引导后会显示引导菜单。该引导菜单除启动安装程序外还提供一些选项。安装系统时,默认采用“Test this media & install openEuler 20.03 LTS”方式进行安装。如果要选择默认选项之外的选项,请使用键盘中的“↑”和“↓”方向键进行选择,并在选项为高亮状态时按“Enter”。 +系统使用引导介质完成引导后会显示引导菜单。该引导菜单除启动安装程序外还提供一些选项。安装系统时,默认采用“Test this media & install openEuler 20.03-LTS-SP4”方式进行安装。如果要选择默认选项之外的选项,请使用键盘中的“↑”和“↓”方向键进行选择,并在选项为高亮状态时按“Enter”。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->- 如果60秒内未按任何键,系统将从默认选项“Test this media & install openEuler 20.03 LTS”自动进入安装界面。 ->- 安装物理机时,如果使用键盘上下键无法选择启动选项,按“Enter”键无响应,可以单击BMC界面上的鼠标控制图标“![](./figures/zh-cn_image_0229420473.png)”,设置“键鼠复位”。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 如果60秒内未按任何键,系统将从默认选项“Test this media & install openEuler 20.03-LTS-SP4”自动进入安装界面。 +>- 安装物理机时,如果使用键盘上下键无法选择启动选项,按“Enter”键无响应,可以单击BMC界面上的鼠标控制图标“![](./figures/zh-cn_image_0229420473.png)”,设置“键鼠复位”。 **图 4** 安装引导界面 ![](./figures/Installation_wizard.png) 安装引导选项说明如下: -- Install openEuler 20.03 LTS —— 在您的服务器上使用图形用户界面模式安装。 +- Install openEuler 20.03-LTS-SP4 —— 在您的服务器上使用图形用户界面模式安装。 -- Test this media & install openEuler 20.03 LTS —— 默认选项,在您的服务器上使用图形用户界面模式安装,但在启动安装程序前会进行安装介质的完整性检查。 +- Test this media & install openEuler 20.03-LTS-SP4 —— 默认选项,在您的服务器上使用图形用户界面模式安装,但在启动安装程序前会进行安装介质的完整性检查。 -- Troubleshooting —— 问题定位模式,系统无法正常安装时使用。进入问题定位模式后,有如下两个选项。 - - Install openEuler 20.03-LTS in basic graphics mode —— 简单图形安装模式,该模式下在系统启动并运行之前不启动视频驱动程序。 - - Rescue the openEuler system —— 救援模式,用于修复系统。该模式下输出定向到VNC或BMC(Baseboard Management Controller)端,串口不可用。 +- Troubleshooting —— 问题定位模式,系统无法正常安装时使用。进入问题定位模式后,有如下两个选项。 + - Install openEuler 20.03-LTS-SP4 in basic graphics mode —— 简单图形安装模式,该模式下在系统启动并运行之前不启动视频驱动程序。 + - Rescue the openEuler system —— 救援模式,用于修复系统。该模式下输出定向到 VNC(Virtual Network Computing)或 BMC(Baseboard Management Controller)端,串口不可用。 + - Run a memory test(仅legacy安装模式下存在) —— 用于测试内存是否正常工作,以确定是否因内存问题导致的系统问题。 + - Boot from local drive(仅legacy安装模式下存在) —— 该模式下可以选择本地硬盘启动系统。 -在安装引导界面,按“e”进入已选选项的参数编辑界面,按“c”进入命令行模式。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- UEFI启动模式下,按“e”进入参数编辑界面;按“c”进入命令行模式。 +>- Legacy启动模式下,按“Tab”进入参数编辑界面;Legacy安装使用syslinux,不走grub,该模式下无法切换到命令行模式。 ### 图形化模式安装 -在“安装引导界面”中选择“Test this media & install openEuler 20.03 LTS”进入图形化模式安装。 +在“安装引导界面”中选择“Test this media & install openEuler 20.03-LTS-SP4”进入图形化模式安装。 可以通过键盘操作图形化安装程序。 -- “Tab”、“shift Tab”:界面控件(按钮、区域框、复选框等)间的移动。 -- “↑”、“↓”方向键:列表里的移动。 -- “←”、“→”方向键:水平工具条和表条间移动。 -- “空格”、“Enter”:选择或删除高亮显示的选项、展开或折叠下拉菜单。 -- “Alt”+“快捷键”:选择快捷键所在的控件,其中快捷键可通过按住Alt高亮(加下划线)显示。 +- “Tab”、“shift Tab”:界面控件(按钮、区域框、复选框等)间的移动。 +- “↑”、“↓”方向键:列表里的移动。 +- “←”、“→”方向键:水平工具条和表条间移动。 +- “空格”、“Enter”:选择或删除高亮显示的选项、展开或折叠下拉菜单。 +- “Alt”+“快捷键”:选择快捷键所在的控件,其中快捷键可通过按住Alt高亮(加下划线)显示。 ## 设置安装程序语言 @@ -108,92 +88,115 @@ 如果您想退出安装,可以单击“退出”并在弹出的“您确定要退出安装程序吗?”对话框中单击“是”重新进入“安装引导界面”。 -**图 6** 安装概览 +**图 6** 安装信息摘要 ![](./figures/Installation_Overview.png) ## 设置键盘 -在“安装概览”页面中选择“键盘”,用户可以在系统中添加或者删除多个键盘布局。 +在“安装信息摘要”页面中选择“键盘”,用户可以在系统中添加或者删除多个键盘布局。 -- 要查看键盘布局,请在左侧选框中单击选中该键盘布局,然后单击下面的“键盘”按钮。 -- 要测试键盘布局,请在左侧选框中添加键盘布局,然后在右上角键盘图标处进行点击切换为目标键盘,单击右侧文本框内部,输入文本以确认所选键盘布局可正常工作。 +- 要查看键盘布局,请在左侧选框中单击选中该键盘布局,然后单击下面的“键盘”按钮。 +- 要测试键盘布局,请在左侧选框中添加键盘布局,然后在右上角键盘图标处进行点击切换为目标键盘,单击右侧文本框内部,输入文本以确认所选键盘布局可正常工作。 **图 7** 键盘布局 ![](./figures/Keyboard_layout.png) -设置完成后,请单击左上角“完成”返回“安装概览”页面。 +设置完成后,请单击左上角“完成”返回“安装信息摘要”页面。 ## 设置系统语言 -在“安装概览”页面中选择“语言支持”,设置系统的语言。如[图8](#zh-cn_topic_0186390098_zh-cn_topic_0122145772_fig187301927172619)所示,用户也可根据实际情况进行调整,选择“中文”。 +在“安装信息摘要”页面中选择“语言支持”,设置系统的语言。如[图8](#zh-cn_topic_0186390098_zh-cn_topic_0122145772_fig187301927172619)所示,用户也可根据实际情况进行调整,选择“中文”。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->若选择“中文”,系统安装完成后,使用VNC登录不支持中文显示,使用串口或者SSH等方式登录支持中文显示。若选择“English”,则无影响。 +>![](./public_sys-resources/icon-note.gif) **说明:** +>若选择“中文”,系统安装完成后,可以选择使用VNC登录【不支持中文显示】、串口登录【支持中文显示】、SSH登录【支持中文显示与使用的SSH客户端有关】。若选择“English”,则无影响。 **图 8** 语言支持 ![](./figures/languagesupport.png) -设置完成后,请单击左上角“完成”返回“安装概览”页面。 +设置完成后,请单击左上角“完成”返回“安装信息摘要”页面。 ## 设置时间和日期 -在“安装概览”页面中选择“时间和日期”,设置系统的时区、日期、时间等。 +在“安装信息摘要”页面中选择“时间和日期”,设置系统的时区、日期、时间等。 -设置时区时,用户可通过鼠标在地图上单击指定的城市,也可以通过页面顶部的“地区”和“城市”下拉菜单中进行选择,如[图9](#zh-cn_topic_0186390096_zh-cn_topic_0122145900_fig1260162652312)所示。 +设置时区时,用户可通过页面顶部的“地区”和“城市”下拉菜单中进行选择,如[图9](#zh-cn_topic_0186390096_zh-cn_topic_0122145900_fig1260162652312)所示。 -如果您所在城市没有出现在地图或下拉菜单中,请选择同一时区中离您最近的城市。 +如果您所在城市没有出现下拉菜单中,请选择同一时区中离您最近的城市。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->- 手动设置时区时,请先关闭右上角“网络时间”同步开关。 ->- 如需使用网络时间,请保证网络能连通远程NTP服务器,设置网络具体请参见“[设置网络和主机名](#设置网络和主机名)”。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 手动设置时区时,请先关闭右上角“网络时间”同步开关。 +>- 如需使用网络时间,请保证网络能连通远程NTP服务器,设置网络具体请参见“[设置网络和主机名](#设置网络和主机名)”。 **图 9** 日期和时间 ![](./figures/dateandtime.png) -设置完成后,请单击左上角“完成”返回“安装概览”页面。 +设置完成后,请单击左上角“完成”返回“安装信息摘要”页面。 ## 设置安装源 -在“安装概览”页面中选择“安装源”,指定安装源的位置。 +在“安装信息摘要”页面中选择“安装源”,指定安装源的位置。 + +- 当使用完整光盘安装,安装程序会自动探测并显示安装源信息,用户直接使用默认配置即可,不需要进行设置,如[图10](#zh-cn_topic_0186390100_zh-cn_topic_0144427079_fig93633295132)所示。 + + **图 10** 安装源 + ![](./figures/Installation_source.png) + +- 当使用网络源进行安装的时候,需设置网络源的 URL。 + + 1. http 或 https 方式 -当使用完整光盘安装,安装程序会自动探测并显示安装源信息,用户直接使用默认配置即可,不需要进行设置,如[图10](#zh-cn_topic_0186390100_zh-cn_topic_0144427079_fig93633295132)所示。 + http 或 https 方式的安装源如下图所示。 + + ![](./figures/installsource.png) -**图 10** 安装源 -![](./figures/Installation_source.png) + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >- 如果 https 服务器使用的是私有证书,则需要在安装引导界面按“e”(UEFI模式下)或“Tab”(Legacy模式下)进入已选选项的参数编辑界面,在参数中增加 inst.noverifyssl 参数。UEFI模式下 inst.noverifyssl 参数应加在 linux 开头的行。 + + 输入框内容以实际版本发布的安装源地址为准,如 https://repo.openeuler.org/openEuler-20.03-LTS-SP4/ISO/x86_64/ ,其中 openEuler-20.03-LTS-SP4 为版本号,x86_64 为CPU 架构,可根据实际情况输入。 -当使用网络https源进行安装的时候,如果https服务器使用的是私有证书,则需要在安装引导界面按“e”进入已选选项的参数编辑界面,在参数中增加inst.noverifyssl参数,如[图11](#fig113517811415)所示。 + 2. ftp 方式 -**图 11** 增加inst.noverifyssl参数 -![](./figures/add_inst-noverifyssl.png) + ftp 方式的安装源如下图所示,输入框内容根据 ftp 地址输入。 + + ![](./figures/sourceftp.png) -设置完成后,请单击左上角“完成”返回“安装概览”页面。 + ftp 服务器需要用户自己搭建,将 openEuler-20.03-LTS-SP4-x86_64-dvd.iso 镜像进行挂载,挂载出的文件拷贝到ftp的共享目录中。其中 x86_64 为 CPU 架构,可根据实际情况使用镜像。 + + 3. nfs 方式 ->![](./public_sys-resources/icon-note.gif) **说明:** ->安装过程中,如果“设置安装源”有疑问,可参考“[选择安装源出现异常](./FAQ.html#选择安装源出现异常)”。 + nfs 方式的安装源如下图所示,输入框内容根据的 nfs 地址输入。 + + ![](./figures/sourcenfs.png) + + nfs 服务器需要用户自己搭建,将 openEuler-20.03-LTS-SP4-x86_64-dvd.iso 镜像进行挂载,挂载出的文件拷贝到nfs的共享目录中。其中 x86_64 为 CPU 架构,可根据实际情况使用镜像。 + +安装过程中,如果“设置安装源”有疑问,可参考“[选择安装源出现异常](./FAQ.html#选择安装源出现异常)”。 + +设置完成后,请单击左上角“完成”返回“安装信息摘要”页面。 ## 选择安装软件 -在“安装概览”页面中选择“软件选择”,指定需要安装的软件包。 +在“安装信息摘要”页面中选择“软件选择”,指定需要安装的软件包。 用户需要根据实际的业务需求,在左侧选择一个“最小安装”,在右侧选择安装环境的附加选项,如[图12](#zh-cn_topic_0186390261_zh-cn_topic_0122145865_fig03031519101414)所示。 **图 12** 软件选择 ![](./figures/choosesoftware.png) ->![](./public_sys-resources/icon-note.gif) **说明:** ->- 在最小安装的环境下,并非安装源中所有的包都会安装。如果用户需要使用的包未安装,可将安装源挂载到本地制作repo源,通过DNF工具单独安装。 ->- 选择“虚拟化主机”时会默认安装虚拟化组件qemu、libvirt、edk2,且可在附件选项处选择是否安装ovs等组件。 - -设置完成后,请单击左上角“完成”返回“安装概览”页面。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 在最小安装的环境下,并非安装源中所有的包都会安装。如果用户需要使用的包未安装,可将安装源挂载到本地制作repo源,通过DNF工具单独安装。 +>- 选择“虚拟化主机”时会默认安装虚拟化组件qemu、libvirt、edk2,且可在附加选项处选择是否安装ovs等组件。 -## 设置安装位置 +设置完成后,请单击左上角“完成”返回“安装信息摘要”页面。 -在“安装概览”页面中选择“安装位置”,设置操作系统的安装磁盘及分区。 +## 设置安装目的地 -在[图13](#fig1195417125015)所示的页面中您可以看到计算机中的本地可用存储设备。您还可以通过单击“添加磁盘”,添加指定的附加设备或者网络设备。 +在“安装信息摘要”页面中选择“安装目的地”,设置操作系统的安装磁盘及分区。 ->![](./public_sys-resources/icon-notice.gif) **须知:** ->在选择您需要安装的设备时,建议不要选择NVMe SSD存储介质作为操作系统的安装磁盘。 +在[图13](#fig1195417125015)所示的页面中您可以看到计算机中的本地可用存储设备。 **图 13** 安装目标位置 ![](./figures/Target_installation_position.png) @@ -202,128 +205,114 @@ 在“安装目标位置”界面,您需要进行存储配置以便对系统分区。您可以手动配置分区,也可以选择让安装程序自动分区。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->- 在进行分区时,出于系统性能和安全的考虑,建议您划分如下单独分区:/boot、/var、/var/log 、/var/log/audit、/home、/tmp。 ->- 系统如果配置了swap分区,当系统的物理内存不够用时,会使用swap分区。虽然 swap分区可以增大物理内存大小的限制,但是如果由于内存不足使用到swap分区,会增加系统的响应时间,性能变差。因此在物理内存充足或者性能敏感的系统中,不建议配置swap分区。 ->- 如果需要拆分逻辑卷组则需要选择“自定义”进行手动分区,并在“手动分区”界面单击“卷组”区域中的“修改”按钮重新配置卷组。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 在进行分区时,出于系统性能和安全的考虑,建议您划分如下单独分区:/boot、/var、/var/log 、/var/log/audit、/home、/tmp。 +>- 系统如果配置了swap分区,当系统的物理内存不够用时,会使用swap分区。虽然 swap分区可以增大物理内存大小的限制,但是如果由于内存不足使用到swap分区,会增加系统的响应时间,性能变差。因此在物理内存充足或者性能敏感的系统中,不建议配置swap分区。 +>- 如果需要拆分逻辑卷组则需要选择“自定义”进行手动分区,并在“手动分区”界面单击“卷组”区域中的“修改”按钮重新配置卷组。 **自动** -如果是在未使用过的存储设备中执行全新安装,或者不需要保留该存储设备中任何数据,建议选择“自动”进行自动分区。 +如果是在未使用过的存储设备中执行全新安装,或者不需要保留该存储设备中任何数据,建议选择“自动”进行自动分区。设置完成后,请单击“完成”返回“安装信息摘要”页面。 **自定义** -若用户需进行手动分区,选择“自定义”按钮,并单击左上角“完成”,出现如下手动分区界面。 +若用户需进行手动分区,选择“自定义”按钮,并单击左上角“完成”,出现手动分区界面。 -**图 14** 手动分区 -![](./figures/Manual_partitioning.png) +在“手动分区”界面可以通过如下两种方式进行分区,分区完成后如[图14](#fig1277151815248)所示。 -在“手动分区”界面可以通过如下两种方式进行分区。 +- 自动创建:在界面单击“点击这里自动创建它们”,系统会根据可用的存储空间,自动创建分区。 -- 自动创建:在界面单击“点击这里自动创建它们”,系统会根据可用的存储空间,自动分出4个挂载点:/boot 、/、/boot/efi、swap。 -- 手动创建:单击“![](./figures/zh-cn_image_0229291243.png)”添加新挂载点,建议每个挂载点的期望容量不超过可用空间。 +- 手动创建:单击“![](./figures/zh-cn_image_0229291243.png)”添加新挂载点,建议每个挂载点的期望容量不超过可用空间。 - >![](./public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >若设置的挂载点期望容量超过了可用空间,系统将剩余的可用空间全部分配给该挂载点。 +**图 14** 手动分区 +![](./figures/filesystem_setting.png) + +>![](./public_sys-resources/icon-note.gif) **说明:** +> 如果选择非 UEFI 引导,则不需要 /boot/efi 分区。若选择 UEFI 引导,则必须有 /boot/efi 分区。 + +设置完成后,请单击左上角”完成“按钮,弹出“更改摘要”对话框,提示更改产生的变更信息。 -设置完成后,请单击左上角“完成”返回“安装概览”页面。 +点击“接受更改”,返回“安装信息摘要”页面。 ## 设置网络和主机名 -在“安装概览”页面中选择“网络和主机名”,设置系统的网络功能。 +在“安装信息摘要”页面中选择“网络和主机名”,设置系统的网络功能。 -安装程序会自动探测可本地访问的接口。探测到的接口列在左侧方框中,右侧显示相应的接口详情,如[图15](#zh-cn_topic_0186390264_zh-cn_topic_0122145831_fig123700157297)所示。用户可以通过页面右上角的开关,来开启或者关闭网络接口。用户还可以单击“配置”以配置选中的接口。 +安装程序会自动探测可本地访问的接口。探测到的接口列在左侧方框中,右侧显示相应的接口详情,如[图15](#zh-cn_topic_0186390264_zh-cn_topic_0122145831_fig123700157297)所示。用户可以通过页面右上角的开关,来开启或者关闭网络接口。开关默认是关闭状态,若设置安装源选择的是在网络上安装,需要开启开关。用户还可以单击“配置”以配置选中的接口。勾选“自动以优先级连接”选项,即可将该网卡设置为开机自启动,如[图16](#zh-cn_topic_0186390264_zh-cn_topic_0122145831_fig6)所示。 用户可在页面下方“主机名”字段输入主机名。主机名可以是完全限定域名(FQDN),其格式为hostname.domainname;也可以是简要主机名,其格式为hostname。 **图 15** 网络和主机名 ![](./figures/NetworkandHostName.png) -设置完成后,请单击左上角“完成”返回“安装概览”页面。 - -## 开始安装 - -在安装界面上完成所有必填选项的配置后,界面上的警告会消失。此时,用户可以单击“开始安装”进行系统安装。 +**图 16** 配置网络 +![](./figures/confignetwork1.png) -**图 16** 开始安装 -![](./figures/startinstall.png) +设置完成后,请单击左上角“完成”返回“安装信息摘要”页面。 -## 安装过程配置 +## 设置根密码 -开始安装后会出现进度页面,显示安装进度及所选软件包写入系统的进度。 +在“安装信息摘要”页面中选择“根密码”,弹出设置“ROOT密码”界面,如[图17](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018)所示,根据[密码复杂度](#密码复杂度)输入密码并再次输入密码进行确认。 -**图 17** 安装过程 -![](./figures/Installation_Procedure.png ) +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- root帐户是用来执行关键系统管理任务,不建议您在日常工作及系统访问时使用root帐户。 +> +>- 在“ROOT密码”界面若选择“锁定root帐户”则root帐户将禁用。 -安装软件包的过程中,需要用户配置root密码、根据个人需求可以创建用户。 +**图 17** root密码 +![](./figures/root_password.png) ### 密码复杂度 用户设置的root用户密码或新创建用户的密码均需要满足密码复杂度要求,否则会导致密码设置或用户创建失败。设置密码的复杂度的要求如下: -1. 口令长度至少8个字符。 -2. 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种。 -3. 口令不能和账号一样。 -4. 口令不能使用字典词汇。 - - 查询字典 - - 在已装好的openEuler环境中,可以通过如下命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 - - ``` - cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt - ``` - - - 修改字典 - 1. 修改上面导出的字典文件,执行如下命令更新系统字典库。 - - ``` - # create-cracklib-dict dictionary.txt - ``` - - 2. 在原字典库基础上新增其他字典内容custom.txt。 - - ``` - # create-cracklib-dict dictionary.txt custom.txt - ``` - - +1. 口令长度至少8个字符。 +2. 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种。 +3. 口令不能和帐号一样。 +4. 口令不能使用字典词汇。 + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >在已装好的openEuler环境中,可以通过`cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt`命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 -### 设置root密码 +完成设置后,单击左上角的“完成”返回“安装信息摘要”页面。 -单击“root密码”,弹出设置密码界面如[图18](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018)所示,输入密码并再次输入密码进行确认。 +## 创建用户 ->![](./public_sys-resources/icon-note.gif) **说明:** ->root密码需要在安装软件包的同时进行配置,如果不配置该密码则无法完成安装。root账户是用来执行关键系统管理任务,不建议您在日常工作及系统访问时使用root账户。 +在“安装信息摘要”页面中选择“创建用户”,弹出“创建用户”的界面如[图18](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319)所示。输入用户名,并设置密码。另外您还可以通过“高级”选项设置用户主目录、用户组等,如[图19](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig128716531312)所示。 -**图 18** root密码 -![](./figures/root_password.png) +**图 18** 创建用户 +![](./figures/createuser.png) -完成设置后,单击左上角的“完成”返回安装过程界面。 +**图 19** 高级用户配置 +![](./figures/Advanced_User_Configuration.png) -### 创建用户 +完成设置后,单击左上角的“完成”返回“安装信息摘要”页面。 -单击“创建用户”,弹出创建用户的界面如[图19](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319)所示。输入用户名,并设置密码。另外您还可以通过“高级”选项设置用户主目录、用户组等,如[图20](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig128716531312)所示。 +## 开始安装 -**图 19** 创建用户 -![](./figures/createuser.png) +在安装界面上完成所有必填选项的配置后,界面上的警告会消失。此时,用户可以单击“开始安装”进行系统安装。 -**图 20** 高级用户配置 -![](./figures/Advanced_User_Configuration.png) +## 安装过程 -完成设置后,单击左上角的“完成”返回安装过程界面。 +开始安装后会出现进度页面,显示安装进度及所选软件包写入系统的进度,如[图20](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1590863119306)所示。 -单击“结束配置”,完成openEuler的相关配置。 +>![](./figures/zh-cn_image_0229291229.png) +>若系统安装过程中,单击“退出”,或复位、下电服务器,则安装过程被中断,系统将不可用,需要重新进行安装。 -![](./figures/Ending_Configuration-new.png) +**图 20** 安装过程 +![](./figures/Installation_Procedure.png) ## 安装完成 -此刻,openEuler已完成安装,如[图21](#zh-cn_topic_0186390267_zh-cn_topic_0122145917_fig1429512116338)所示。单击“重启”后,系统将重新启动。 - -**图 21** 完成安装 -![](./figures/completeinstall.png) +安装过程执行完成后,openEuler完成安装,单击“重启系统”后,系统将重新启动。 -- 如果当前使用物理光盘安装操作系统,且在重启过程中安装光盘没有自动弹出,请手动取出光盘,则可以直接进入openEuler命令行登录界面。 -- 如果当前使用虚拟光驱安装操作系统,则需要修改服务器的启动项为“硬盘”,然后重启服务器,则可以直接进入openEuler命令行登录界面。 +>![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 如果当前使用物理光盘安装操作系统,且在重启过程中安装光盘没有自动弹出,请手动取出光盘,则可以直接进入openEuler命令行登录界面。 +> - 如果当前使用虚拟光驱安装操作系统,则需要修改服务器的启动项为“硬盘”,然后重启服务器,则可以直接进入openEuler命令行登录界面。 diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" new file mode 100644 index 0000000000000000000000000000000000000000..4a5b8259d92703b1e3d387fca5e16f505c80b3ae --- /dev/null +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" @@ -0,0 +1,94 @@ +# 安装方式介绍 + +>![](./public_sys-resources/icon-notice.gif) **须知:** +> +>- 硬件仅支持树莓派 3B/3B+/4B。 +>- 采用刷写镜像到 SD 卡方式安装。本章节提供 Windows/Linux/Mac 上刷写镜像的操作方法。 +>- 本章节使用的镜像是参考“[安装准备](./安装准备-1.html)”获取 openEuler 的树莓派版本镜像。 + +## Windows 下刷写镜像 + +本节以 Windows 10 为例,介绍如何在 Windows 环境下将镜像刷写到 SD 卡。 + +### 格式化 SD 卡 + +请按照以下步骤格式化 SD 卡: + +1. 下载并安装格式化 SD 卡工具,以下操作以 SD Card Formatter 格式化工具为例。 +2. 打开 SD Card Formatter,在 “Select card” 中选择需要格式化的 SD 卡的盘符。 + + 若 SD 卡之前未安装过镜像,盘符只有一个。在 “Select card” 中选择需要格式化的 SD 卡对应盘符。 + + 若 SD 卡之前安装过镜像,盘符会有一个或多个。例如,SD 卡对应三个盘符:E、G、H。在 “Select card” 中选择需要格式化的 SD 卡对应 boot 分区盘符 E。 + +3. 在 “Formatting options” 中选择格式化方式。默认为 “Quick format”。 +4. 单击“Format”开始格式化。界面通过进度条显示格式化进度。 +5. 格式化完成后会弹出 “Formatting was successfully completed” 的提示框,单击“确定”完成格式化。 + +### 写入 SD 卡 + +>![](./public_sys-resources/icon-notice.gif) **须知:** +>如果获取的是压缩后的镜像文件“openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz”,需要先将压缩文件解压得到 “openEuler-20.03-LTS-SP4-raspi-aarch64.img”镜像文件。 + +请按照以下步骤将“openEuler-20.03-LTS-SP4-raspi-aarch64.img”镜像文件写入 SD 卡: + +1. 下载并安装刷写镜像的工具,以下操作以 Win32 Disk Imager 工具为例。 +2. 右键选择“以管理员身份运行”,打开 Win32 Disk Imager。 +3. 在“映像文件”中选择 img 格式的镜像文件路径。 +4. 在“设备”中选择待写入的 SD 卡盘符。 +5. 单击“写入”。界面通过任务进度条显示写入 SD 卡的进度。 +6. 写入完成后会弹出 “写入成功” 的提示框,单击“OK”完成写入。 + +## Linux 下刷写镜像 + +本节介绍如何在 Linux 环境下将镜像刷写到SD卡。 + +### 查看磁盘分区信息 + +在 root 权限下执行 `fdisk -l` 获取 SD 卡磁盘信息,例如 SD 卡对应磁盘为 /dev/sdb。 + +### 卸载 SD 卡挂载点 + +1. 执行 `df -lh` 命令查看当前已挂载的卷。 +2. 如果 SD 卡对应的分区未挂载,则跳过该步骤;如果 SD 卡对应分区已挂载,如 SD 卡对应的两个分区 /dev/sdb1 和 /dev/sdb3 已挂载,则需要卸载对应分区,在 root 权限下执行以下命令: + + `umount /dev/sdb1` + + `umount /dev/sdb3` + +### 写入 SD 卡 + +1. 如果获取的是压缩后的镜像,需要先执行 `xz -d openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz` 命令将压缩文件解压得到“openEuler-20.03-LTS-SP4-raspi-aarch64.img”镜像文件;否则,跳过该步骤。 +2. 将镜像 `openEuler-20.03-LTS-SP4-raspi-aarch64.img` 刷写入 SD 卡,在 root 权限下执行以下命令: + + `dd bs=4M if=openEuler-20.03-LTS-SP4-raspi-aarch64.img of=/dev/sdb` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >一般情况下,将块大小设置为 4M。如果写入失败或者写入的镜像无法使用,可以尝试将块大小设置为 1M 重新写入,但是设置为 1M 比较耗时。 + +## Mac 下刷写镜像 + +本节介绍如何在 Mac 环境下将镜像刷写到SD卡。 + +### 查看磁盘分区信息 + +在 root 权限下执行 `diskutil list` 获取 SD 卡磁盘信息,例如 SD 卡对应磁盘为 /dev/disk3。 + +### 卸载 SD 卡挂载点 + +1. 执行 `df -lh` 命令查看当前已挂载的卷。 +2. 如果 SD 卡对应的分区未挂载,则跳过该步骤;如果 SD 卡对应分区已挂载,如 SD 卡对应的两个分区 /dev/disk3s1 和 /dev/disk3s3 已挂载,则需要卸载对应分区,在 root 权限下执行以下命令: + + `diskutil umount /dev/disk3s1` + + `diskutil umount /dev/disk3s3` + +### 写入 SD 卡 + +1. 如果获取的是压缩后的镜像,需要先执行 `xz -d openEuler-20.03-LTS-SP4-raspi-aarch64.img.xz` 命令将压缩文件解压得到“openEuler-20.03-LTS-SP4-raspi-aarch64.img”镜像文件;否则,跳过该步骤。 +2. 将镜像 `openEuler-20.03-LTS-SP4-raspi-aarch64.img` 刷入 SD 卡,在 root 权限下执行以下命令: + + `dd bs=4m if=openEuler-20.03-LTS-SP4-raspi-aarch64.img of=/dev/sdb` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >一般情况下,将块大小设置为 4m。如果写入失败或者写入的镜像无法使用,可以尝试将块大小设置为 1m 重新写入,但是设置为 1m 比较耗时。 diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" index df3964172ce4861ffec14a790f0c58cea76a6b75..4f18de0b78b72893d517b8df605191802e877121 100644 --- "a/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" @@ -1,8 +1,9 @@ # 安装方式介绍 ->![](./public_sys-resources/icon-notice.gif) **须知:** ->- 硬件服务器仅支持Taishan 200服务器和FusionServer Pro 机架服务器,具体支持的服务器型号可参考“[硬件兼容支持](./安装准备.html#硬件兼容支持)”;虚拟化平台仅支持openEuler自有的虚拟化组件(HostOS为openEuler,虚拟化组件为发布包中的qemu、KVM)创建的虚拟化平台和华为公有云的x86虚拟化平台。 ->- 安装方式当前仅支持光盘、USB盘安装、网络安装、qcow2镜像安装和私有镜像安装。其中仅华为公有云的x86虚拟化平台支持私有镜像安装。 +>![本地图片](./public_sys-resources/icon-notice.gif) **须知:** +> +>- 硬件服务器仅支持Taishan 200服务器和FusionServer Pro 机架服务器,具体支持的服务器型号可参考“[硬件兼容支持](./安装准备.html#硬件兼容支持)”;虚拟化平台仅支持openEuler自有的虚拟化组件(HostOS为openEuler,虚拟化组件为发布包中的qemu、KVM)创建的虚拟化平台和华为公有云的x86虚拟化平台。 +>- 安装方式当前仅支持光盘、USB盘安装、网络安装、qcow2镜像安装和私有镜像安装。其中仅华为公有云的x86虚拟化平台支持私有镜像安装。 - [安装方式介绍](#安装方式介绍) @@ -34,13 +35,13 @@ 根据以下步骤启动安装程序: ->![](./public_sys-resources/icon-note.gif) **说明:** +>![本地图片](./public_sys-resources/icon-note.gif) **说明:** >您需要先设置您的系统优先从光盘进行启动引导。以BIOS为例,您需要将“Boot Type Order”中的“CD/DVD-ROM Drive”选项调整到首位。 -1. 断开所有安装不需要的驱动器,比如USB。 -2. 启动您的计算机系统。 -3. 在计算机中插入安装光盘。 -4. 重启计算机系统。 +1. 断开所有安装不需要的驱动器,比如USB。 +2. 启动您的计算机系统。 +3. 在计算机中插入安装光盘。 +4. 重启计算机系统。 在短暂的延迟后会出现图形化引导界面,该界面包含不同引导选项。如果您在一分钟内未进行任何操作,安装程序将自动以默认选项开始运行。 @@ -50,26 +51,26 @@ ### 准备安装源 -您需要注意USB盘容量的大小,它必须有足够的的空间放下整个镜像,建议USB盘空间大于16G。 +您需要注意USB盘容量的大小,它必须有足够的空间放下整个镜像,建议USB盘空间大于16G。 -1. 将USB盘连接到该系统中,并执行 dmesg 命令查看相关的日志信息。在该日志的最后可以看到刚刚连接的USB盘所生成的一组信息,应类似如下: +1. 将USB盘连接到该系统中,并执行 dmesg 命令查看相关的日志信息。在该日志的最后可以看到刚刚连接的USB盘所生成的一组信息,应类似如下: - ``` + ```shell [ 170.171135] sd 5:0:0:0: [sdb] Attached SCSI removable disk ``` - >![](./public_sys-resources/icon-note.gif) **说明:** + >![本地图片](./public_sys-resources/icon-note.gif) **说明:** >连接的USB盘名称以sdb进行举例。 -2. 切换为root用户。使用su命令,需要输入相应的密码。 +2. 切换为root用户。使用su命令,需要输入相应的密码。 - ``` - $ su - root + ```shell + su - root ``` -3. 确保USB盘没有被挂载。使用如下命令进行查询: +3. 确保USB盘没有被挂载。使用如下命令进行查询: - ``` + ```shell # findmnt /dev/sdb ``` @@ -77,7 +78,7 @@ - 如果输出以下信息,表明USB盘已经自动挂载。 - ``` + ```shell # findmnt /dev/sdb TARGET SOURCE FSTYPE OPTIONS /mnt/iso /dev/sdb iso9660 ro,relatime @@ -85,40 +86,46 @@ 此时,您需要使用umount命令卸载该设备。 - ``` + ```shell # umount /mnt/iso ``` -4. 使用dd命令将ISO安装镜像直接写入USB盘: +4. 使用dd命令将ISO安装镜像直接写入USB盘: - ``` + ```shell # dd if=/path/to/image.iso of=/dev/device bs=blocksize ``` 使用您下载的ISO镜像文件的完整路径替换 /path/to/image.iso,使用之前由 dmesg 命令给出的设备名称替换device,同时设置合理的块大小(例如:512k)替换 blocksize,这样可以加快写入进度。 - 例如:如果该ISO镜像文件位于 /home/testuser/Downloads/openEuler-20.03-LTS-aarch64-dvd.iso,同时探测到的设备名称为sdb,则该命令如下: + 例如:如果该ISO镜像文件位于 /home/testuser/Downloads/openEuler-20.03-LTS-SP4-aarch64-dvd.iso,同时探测到的设备名称为sdb,则该命令如下: - ``` - # dd if=/home/testuser/Downloads/openEuler-20.03-LTS-aarch64-dvd.iso of=/dev/sdb bs=512k + ```shell + # dd if=/home/testuser/Downloads/openEuler-20.03-LTS-SP4-aarch64-dvd.iso of=/dev/sdb bs=512k ``` -5. 等待镜像写入完成,拔掉USB盘。 +>![本地图片](./public_sys-resources/icon-note.gif) **说明:** +>如isolinux描述,由mkisofs命令创建的ISO 9660 文件系统会通过BIOS固件启动,但只能从CD、DVD和BD等介质启动。所以在使用dd命令制作x86的启动U盘前需要使用 isohybrid -u your.iso 对iso进行处理,然后正常使用dd命令将iso写入u盘即可。(该问题仅影响X86)。 - 镜像写入过程中不会有进度显示,当\#号再次出现时,表明写入完成。退出root账户,拔掉USB盘。此时,您可以使用该USB盘作为系统的安装源。 +5. 等待镜像写入完成,拔掉USB盘。 + 镜像写入过程中不会有进度显示,当\#号再次出现时,执行如下命令将数据同步写入磁盘。退出root帐户,拔掉USB盘。此时,您可以使用该USB盘作为系统的安装源。 + + ```bash + # sync + ``` ### 启动安装 请根据以下步骤启动安装程序: ->![](./public_sys-resources/icon-note.gif) **说明:** +>![本地图片](./public_sys-resources/icon-note.gif) **说明:** >您需要先设置您的系统优先从USB进行启动引导。以BIOS为例,您需要将“Boot Type Order”中的USB选项调整到首位。 -1. 断开所有安装不需要的驱动器。 -2. 打开您的计算机系统。 -3. 在计算机中插入USB盘。 -4. 重启计算机系统。 +1. 断开所有安装不需要的驱动器。 +2. 打开您的计算机系统。 +3. 在计算机中插入USB盘。 +4. 重启计算机系统。 在短暂的延迟后会出现图形化引导页面,该页面包含不同引导选项。如果您在一分钟内未进行任何操作,安装程序将自动开始安装。 @@ -130,7 +137,7 @@ 对于PXE网络安装,客户机通过支持PXE的网卡,向网络发送请求DHCP信息的广播,请求IP地址等信息。DHCP服务器给客户机提供一个IP地址和其他网络信息如域名服务器、ftp服务器(它提供启动安装程序所必须的文件)的IP地址或主机名,以及服务器上文件的位置。 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![本地图片](./public_sys-resources/icon-note.gif) **说明:** >此处不详细讨论tftp、DHCP、http等服务器配置,相关详细配置请参考“[全自动化安装指导](./使用kickstart自动化安装.html#全自动化安装指导)”。 ## 通过qcow2镜像安装 @@ -139,45 +146,44 @@ ### 制作qcow2镜像 -1. 安装qemu-img软件包。 +1. 安装qemu-img软件包。 - ``` + ```shell # dnf install -y qemu-img ``` -2. 使用qemu-img工具的create命令,创建镜像文件,命令格式为: +2. 使用qemu-img工具的create命令,创建镜像文件,命令格式为: - ``` - $ qemu-img create -f -o + ```shell + qemu-img create -f -o ``` 其中,各参数含义如下: - - _imgFormat_ :镜像格式,取值为raw, qcow2等。 - - _fileOption_ :文件选项,用于设置镜像文件的特性,如指定后端镜像文件,压缩,加密等特性。 - - _fileName_ :文件名称。 - - _diskSize_ :磁盘大小,用于指定块磁盘设备的大小,支持的单位有K、M、G、T,分别代表KiB、MiB、GiB、TiB。 + - _imgFormat_ :镜像格式,取值为raw, qcow2等。 + - _fileOption_ :文件选项,用于设置镜像文件的特性,如指定后端镜像文件,压缩,加密等特性。 + - _fileName_ :文件名称。 + - _diskSize_ :磁盘大小,用于指定块磁盘设备的大小,支持的单位有K、M、G、T,分别代表KiB、MiB、GiB、TiB。 - 例如,创建一个磁盘设备大小为32GB、格式为qcow2的镜像文件openEuler-imge.qcow2,命令和回显如下: + 例如,创建一个磁盘设备大小为32GB、格式为qcow2的镜像文件openEuler-image.qcow2,命令和回显如下: - ``` + ```shell $ qemu-img create -f qcow2 openEuler-image.qcow2 32G Formatting 'openEuler-image.qcow2', fmt=qcow2 size=34359738368 cluster_size=65536 lazy_refcounts=off refcount_bits=16 ``` - ### 启动安装 根据以下步骤启动安装程序: -1. 准备qcow2镜像文件。 -2. 准备虚拟机网络。 -3. 准备UEFI引导工具集EDK II。 -4. 准备虚拟机XML配置文件。 -5. 创建虚拟机。 -6. 启动虚拟机。 +1. 准备qcow2镜像文件。 +2. 准备虚拟机网络。 +3. 准备UEFI引导工具集EDK II。 +4. 准备虚拟机XML配置文件。 +5. 创建虚拟机。 +6. 启动虚拟机。 -各步骤详细的操作请参考《[openEuler 20.03 LTS 虚拟化用户指南](./../Virtualization/virtualization.html)》。 +各步骤详细的操作请参考《[openEuler 20.03 LTS SP4 虚拟化用户指南](./../Virtualization/virtualization.html)》。 ## 通过私有镜像安装 @@ -189,21 +195,4 @@ ### 启动安装 -华为公有云的x86虚拟化平台的启动请参见[ 弹性云服务器 ECS的用户指南](https://support.huaweicloud.com/wtsnew-ecs/index.html)。 - - - - - - - - - - - - - - - - - +华为公有云的x86虚拟化平台的启动请参见[弹性云服务器 ECS的用户指南](https://support.huaweicloud.com/wtsnew-ecs/index.html)。 diff --git "a/docs/zh/docs/Installation/\346\233\264\345\244\232\350\265\204\346\272\220.md" "b/docs/zh/docs/Installation/\346\233\264\345\244\232\350\265\204\346\272\220.md" new file mode 100644 index 0000000000000000000000000000000000000000..88fcb77473ace2fcc598ab5e29a547436d7bda6e --- /dev/null +++ "b/docs/zh/docs/Installation/\346\233\264\345\244\232\350\265\204\346\272\220.md" @@ -0,0 +1,4 @@ +# 参考资料 + +- 如何构建树莓派镜像文件 +- 如何使用树莓派 \ No newline at end of file diff --git "a/docs/zh/docs/KubeOS/figures/\345\256\271\345\231\250OS\346\226\207\344\273\266\345\270\203\345\261\200.png" "b/docs/zh/docs/KubeOS/figures/\345\256\271\345\231\250OS\346\226\207\344\273\266\345\270\203\345\261\200.png" new file mode 100644 index 0000000000000000000000000000000000000000..7dfdcb3aaef79462ecc196159659b22cb21b9a9d Binary files /dev/null and "b/docs/zh/docs/KubeOS/figures/\345\256\271\345\231\250OS\346\226\207\344\273\266\345\270\203\345\261\200.png" differ diff --git "a/docs/zh/docs/KubeOS/figures/\345\256\271\345\231\250OS\346\236\266\346\236\204.png" "b/docs/zh/docs/KubeOS/figures/\345\256\271\345\231\250OS\346\236\266\346\236\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..626071e62735bab2e33ec2a6f1a5839409d33319 Binary files /dev/null and "b/docs/zh/docs/KubeOS/figures/\345\256\271\345\231\250OS\346\236\266\346\236\204.png" differ diff --git a/docs/zh/docs/KubeOS/overview.md b/docs/zh/docs/KubeOS/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..beb6b093378dc4c24fd7d81e1f37081c1ebf6a91 --- /dev/null +++ b/docs/zh/docs/KubeOS/overview.md @@ -0,0 +1,9 @@ +# 容器OS升级指南 + +本文档介绍基于openEuler系统的容器OS升级特性的安装部署和使用方法,容器OS升级是使OS可以通过标准扩展方式接入调度系统,通过调度系统管理集群内节点的OS的升级。 + +本文档适用于使用openEuler系统并希望了解和使用容器OS的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备以下经验和技能: + +* 熟悉Linux基本操作。 +* 对kubernetes和docker有一定了解 + diff --git a/docs/zh/docs/KubeOS/public_sys-resources/icon-note.gif b/docs/zh/docs/KubeOS/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/KubeOS/public_sys-resources/icon-note.gif differ diff --git "a/docs/zh/docs/KubeOS/\344\275\277\347\224\250\346\226\271\346\263\225.md" "b/docs/zh/docs/KubeOS/\344\275\277\347\224\250\346\226\271\346\263\225.md" new file mode 100644 index 0000000000000000000000000000000000000000..6b21dd92bc60fb4916e96f46a4f0bbf0bfcdcb84 --- /dev/null +++ "b/docs/zh/docs/KubeOS/\344\275\277\347\224\250\346\226\271\346\263\225.md" @@ -0,0 +1,117 @@ +# 使用方法 + + + + + +- [使用方法](#使用方法) + + - [注意事项](#注意事项) + + - [升级指导](#升级指导) + + - [回退指导](#回退指导) + + - [使用场景](#使用场景) + + - [手动回退](#手动回退) + + - [工具回退](#工具回退) + + + + + +## 注意事项 + +1. 容器 OS 升级为所有软件包原子升级,默认不在容器 OS 内提供单包升级能力。 +2. 容器 OS 升级为双区升级的方式,不支持更多分区数量。 +3. 单节点的升级过程的日志可在节点的/var/log/messages文件查看。 +4. 请严格按照提供的升级和回退流程进行操作,异常调用顺序可能会导致系统无法升级或回退。 + +## 升级指导 + +编写YAML文件,在集群中部署 OS 的cr实例,用于部署cr实例的YAML示例如下: + +``` +apiVersion: upgrade.openeuler.org/v1alpha1 +kind: OS +metadata: + name: os-sample +spec: + osversion: KubeOS 1.0.0 + imageurl: edit.image.url + maxunavailable: 1 + checksum: image checksum + flagSafe: imageurl is safe or not +``` + +参数说明如下: + +| 参数 | 参数含义 | 是否必选 | +| -------------- | ----------------------------------- | -------- | +| osversion | 用于升级的镜像的 OS 版本 | 是 | +| imageurl | 用于升级的镜像的地址 | 是 | +| maxunavailable | 同时进行升级的节点数 | 是 | +| checksum | 用于升级的镜像的checksum(SHA-256)值 | 是 | +| flagSafe: | imageurl是否为安全的地址 | 是 | + +imageurl指定的地址里包含协议,只支持http或https协议。imageurl为https协议时为安全传输,imageurl为http地址时,需指定flagSafe为true,即用户明确该地址为安全时,才会下载镜像。如imageurl为http地址且没有指定flagSafe为true,默认该地址不安全,不会下载镜像并且在升级节点的日志中提示用户该地址不安全 + +对于imageurl,推荐使用https协议,使用https协议请确保升级的虚拟机已安装相应证书。如果镜像服务器由用户自己维护,需要用户自己进行签名,并保证升级节点已安装对应证书。用户将证书放在容器OS /etc/pki/ca-trust/source/anchors目录下,然后使用update-ca-trust extract 命令安装证书。地址由管理员传入,管理员应该保证网址的安全性,推荐采用内网地址。 + +假定将上面的YAML保存到upgrade_v1alpha1_os.yaml + +查看未升级的节点的 OS 版本 + +``` +kubectl get nodes -o custom-columns='NAME:.metadata.name,OS:.status.nodeInfo.osImage' +``` + +执行命令,在集群中部署cr实例后,节点会根据配置的参数信息进行升级。 + +``` +kubectl apply -f upgrade_v1alpha1_os.yaml +``` + +再次查看节点的 OS 版本来确认节点是否升级完成 + +``` +kubectl get nodes -o custom-columns='NAME:.metadata.name,OS:.status.nodeInfo.osImage' +``` + +> ![](./public_sys-resources/icon-note.gif)**说明**: +> +> 如果后续需要再次升级,与上面相同对 upgrade_v1alpha1_os.yaml 的 imageurl ,osversion,checksum,maxunavailable 或 flagSafe 字段进行相应修改。 + +## 回退指导 + +### 使用场景 + +- 虚拟机无法正常启动时,需要退回到上一可以启动的版本时进行回退操作,仅支持手动回退容器 OS 。 +- 虚拟机能够正常启动并且进入系统,需要将当前版本退回到老版本时进行回退操作,支持工具回退(类似升级方式)和手动回退,建议使用工具回退。 + +### 手动回退 + +手动重启虚拟机,选择第二启动项进行回退,手动回退仅支持回退到本次升级之前的版本。 + +### 工具回退 + +1. 修改 OS 的cr实例的YAML 配置文件(例如 upgrade_v1alpha1_os.yaml),将 imageurl 、osversion、checksum 和flagSafe 字段设置为期望回退的老版本镜像信息。 + +2. 在集群中更新cr。 + + ``` + kubectl apply -f upgrade_v1alpha1_os.yaml + ``` + + 更新完成后,节点会根据配置信息回退容器 OS。 + +3. 查看节点容器 OS 版本,确认回退是否成功。 + + ``` + kubectl get nodes -o custom-columns='NAME:.metadata.name,OS:.status.nodeInfo.osImage' + ``` + + + diff --git "a/docs/zh/docs/KubeOS/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" "b/docs/zh/docs/KubeOS/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" new file mode 100644 index 0000000000000000000000000000000000000000..63f2e5c13914b712ce2651a854e69aa12b803169 --- /dev/null +++ "b/docs/zh/docs/KubeOS/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" @@ -0,0 +1,234 @@ +# 安装与部署 + +本章介绍如何安装和部署容器 OS 升级工具。 + + + + + +- [安装与部署](#安装与部署) + + - [软硬件要求](#软硬件要求) + + - [硬件要求](#硬件要求) + - [软件要求](#软件要求) + - [环境准备](#环境准备) + + - [安装容器OS升级工具](#安装容器os升级工具) + + - [部署容器OS升级工具](#部署容器os升级工具) + + - [制作os-operator和os-proxy镜像](#制作os-operator和os-proxy镜像) + - [制作容器OS镜像](#制作容器os镜像) + - [部署CRD,operator和proxy](#部署crd,operator和proxy) + + + + + +## 软硬件要求 + +### 硬件要求 + +* 当前支持 x86 与 arm 架构 + +### 软件要求 + +* 操作系统:openEuler 20.03 LTS SP4 + +### 环境准备 + +* 安装 openEuler 系统,安装方法参考《openEuler 20.03 LTS SP4 安装指南》 +* 安装 qemu-img,bc,parted,tar,yum,docker + +## 安装容器OS升级工具 + +安装容器 OS 升级工具的操作步骤如下: + +1. 配置 yum 源:openEuler 20.03 LTS SP4 和 openEuler 20.03 LTS SP4 EPOL + + ``` + [openEuler20.03] # openEuler 20.03 LTS SP4 官方发布源 + name=openEuler20.03 + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/RPM-GPG-KEY-openEuler + ``` + + ``` + [Epol] # openEuler 20.03 LTS SP4:Epol 官方发布源 + name=Epol + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/main/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler + ``` + +2. 使用 root 帐户安装容器 OS 升级工具: + + ```shell + # yum install KubeOS KubeOS-scripts -y + ``` + + +> ![](./public_sys-resources/icon-note.gif)**说明**: +> +> 容器 OS 升级工具会安装在 /opt/kubeOS 目录下,包括os-operator,os-proxy,os-agent二进制,制作容器 OS 工具及相应配置文件 。 + +## 部署容器OS升级工具 + +容器OS升级工具安装完成后,需要对此进行配置部署,本章介绍如何配置和部署容器OS升级工具。 + +### 制作os-operator和os-proxy镜像 + +#### 环境准备 + +使用 Docker 制作容器镜像,请先确保 Docker 已经安装和配置完成。 + +#### 操作步骤 + +1. 进入工作目录。 + + ```shell + cd /opt/kubeOS + ``` + +2. 指定 proxy 的镜像仓库、镜像名及版本。 + + ```shell + export IMG_PROXY=your_imageRepository/os-proxy_imageName:version + ``` + +3. 指定 operator 的镜像仓库、镜像名及版本。 + + ```shell + export IMG_OPERATOR=your_imageRepository/os-operator_imageName:version + ``` + +4. 请用户自行编写Dockerfile来构建镜像 ,Dockfile编写请注意以下几项 + + * os-operator和os-proxy镜像需要基于baseimage进行构建,请用户保证baseimage的安全性 + * 需将os-operator和os-proxy二进制文件分别拷贝到对应的镜像中 + * 请确保os-proxy镜像中os-proxy二进制文件属主和属组为root,文件权限为500 + * 请确保os-operator镜像中os-operator二进制文件属主和属组为容器内运行os-operator进程的用户,文件权限为500 + * os-operator和os-proxy的二进制文件在镜像内的位置和容器启动时运行的命令需与部署的yaml中指定的字段相对应。 + + Dockerfile示例如下 + + ``` + FROM your_baseimage + COPY ./bin/proxy /proxy + ENTRYPOINT ["/proxy"] + ``` + + ``` + FROM your_baseimage + COPY --chown=6552:6552 ./bin/operator /operator + ENTRYPOINT ["/operator"] + ``` + + Dockerfile也可以使用多阶段构建。 + +5. 构建容器镜像(os-operator 和 os-proxy 镜像)。 + + ```shell + # 指定proxy的Dockerfile地址 + export DOCKERFILE_PROXY=your_dockerfile_proxy + # 指定operator的Dockerfile路径 + export DOCKERFILE_OPERATOR=your_dockerfile_operator + # 镜像构建 + docker build -t ${IMG_OPERATOR} -f ${DOCKERFILE_OPERATOR} . + docker build -t ${IMG_PROXY} -f ${DOCKERFILE_PROXY} . + ``` + +6. 将容器镜像 push 到镜像仓库。 + + ```shell + docker push ${IMG_OPERATOR} + docker push ${IMG_PROXY} + ``` + + +### 制作容器OS镜像 + +#### 注意事项 + +* 制作容器 OS 镜像需要使用 root 权限 +* 容器 OS 镜像制作工具的 rpm 包源为 openEuler 具体版本的 everything 仓库和 EPOL 仓库。制作镜像时提供的 repo 文件中,yum 源建议同时配置 openEuler 具体版本的 everything 仓库和 EPOL 仓库 +* 使用默认 rpmlist 制作的容器OS镜像,默认和制作工具保存在相同路径,该分区至少有 25GiB 的剩余磁盘空间 +* 制作容器 OS 镜像时,不支持用户自定义配置挂载文件 + +#### 操作步骤 + +制作容器OS的命令格式为: + +**generate.sh** *REPO_PATH VERSION AGENT_PATH ENCRYPTED_PASSWD* + +其中各参数含义为: + +- REPO_PATH :repo 文件 路径 +- AGENT_PATH:os-agent 二进制路径 + +* VERSION :制作的容器 OS 镜像的版本 + +* ENCRYPTED_PASSWD:容器 OS 镜像的 root 用户密码,加密后的带盐值的密码,可以用 openssl、kiwi 等命令生成 + + +制作容器OS的步骤如下: + +1. 进入执行目录: + + ```shell + cd /opt/kubeOS/scripts + ``` + +2. 执行 generate.sh 制作容器 OS,参考命令如下: + + ```shell + bash generate.sh xx.repo v1 ../bin/os-agent '''$1$xyz$RdLyKTL32WEvK3lg8CXID0''' + ``` + 其中 xx.repo 为制作镜像所需要的 yum 源,yum 源建议配置为 openEuler 具体版本的 everything 仓库和 EPOL 仓库。 + + 容器 OS 镜像制作完成后,会在 /opt/kubeOS/scripts 目录下生成: + + - qcow2 格式的系统镜像 system.qcow2。system.qcow2 大小默认为 20GiB,支持的根文件系统分区大小 < 2020 MiB,持久化分区 < 16GiB 。 + - 可用于升级的根文件系统分区镜像 update.img 。 + + 制作出来的容器 OS 镜像目前可用于 CPU 架构为 x86 和 arm 的虚拟机场景。 + + +### 部署CRD,operator和proxy + +#### 注意事项 + +* 请先部署 Kubernetes 集群,部署方法参考《openEuler 20.03 LTS SP4 Kubernetes 集群部署指南》 + +- 集群中准备进行升级的 Worker 节点的 OS 需要为使用上一节方式制作出来的容器 OS,如不是,请用 system.qcow2重新部署虚拟机,虚拟机部署请见《openEuler 20.03 LTS SP4 虚拟化用户指南》,Master节点目前不支持容器 OS 升级,请用openEuler 20.03 LTS SP4部署Master节点 +- 部署 OS 的 CRD(CustomResourceDefinition),os-operator,os-proxy 以及 RBAC (Role-based access control) 机制的 YAML 需要用户自行编写。 +- operator 和 proxy 部署在 kubernetes 集群中,operator 应部署为 deployment,proxy 应部署为damonset +- 尽量部署好 kubernetes 的安全措施,如 rbac 机制,pod 的 service account 和 security policy 配置等 + +#### 操作步骤 + +1. 准备 YAML 文件,包括用于部署 OS 的CRD、RBAC 机制、os- operator 和os- proxy 的 YAML 文件,可参考[yaml-example](https://gitee.com/openeuler/KubeOS/tree/master/docs/example/config)。假设分别为 crd.yaml、rbac.yaml、manager.yaml 。 + +2. 部署 CRD、RBAC、os-operator 和 os-proxy。假设 crd.yaml、rbac.yaml、manager.yaml 文件分别存放在当前目录的 config/crd、config/rbac、config/manager 目录下 ,参考命令如下: + + ```shell + kubectl apply -f config/crd + kubectl apply -f config/rbac + kubectl apply -f config/manager + ``` + +3. 部署完成后,执行以下命令,确认各个组件是否正常启动。如果所有组件的 STATUS 为 Running,说明组件已经正常启动。 + + ```shell + kubectl get pods -A + ``` + + + + + + diff --git "a/docs/zh/docs/KubeOS/\350\256\244\350\257\206\345\256\271\345\231\250OS\345\215\207\347\272\247.md" "b/docs/zh/docs/KubeOS/\350\256\244\350\257\206\345\256\271\345\231\250OS\345\215\207\347\272\247.md" new file mode 100644 index 0000000000000000000000000000000000000000..c12842050ee3aaf0df34477d27ed5c7e0d2e7200 --- /dev/null +++ "b/docs/zh/docs/KubeOS/\350\256\244\350\257\206\345\256\271\345\231\250OS\345\215\207\347\272\247.md" @@ -0,0 +1,42 @@ +# 认识容器 OS 升级 + +## 概述 + +在云场景中,容器和 kubernetes 的应用越来越广泛。然而,当前对容器和 OS 进行独立管理的方式,往往面临功能冗余、两套调度系统协同困难的问题。另外,OS 的版本管理比较困难,相同版本的 OS 在使用过程中会各自安装、更新、删除软件包,一段时间后 OS 版本变得不一致,导致版本分裂,并且 OS 可能和业务紧耦合,造成大版本升级等比较困难。为了应对上述问题,openEuler 推出了基于openEuler的容器 OS 升级工具。 + +容器 OS 针对业务以容器的形式运行的场景,专门设计的一种轻量级操作系统。基于openEuler的容器 OS 升级工具将容器 OS 作为组件接入 kubernetes,使容器 OS 和业务处于同等地位,通过 kubernetes 集群统一管理容器和容器 OS,实现一套系统管理容器和OS。 + +openEuler 容器 OS 升级工具通过 kubernetes operator 扩展机制控制容器 OS 的升级流程,对容器 OS 进行整体升级,从而实现 OS 管理器和业务协同,该升级方式会在容器 OS 升级前,将业务迁移到其他非升级节点,减少 OS 升级、配置过程中对业务的影响。该升级方式是对容器 OS 进行原子升级,使 OS 一直向预想的状态同步,保证集群里的 OS 版本一致,避免版本分裂问题。 + +## 架构介绍 + +### 容器 OS 升级架构 + +**图1** 容器 OS 升级架构 + +![](./figures/容器OS架构.png) + +如图所示,容器 OS 主要包含三个组件 os-operator,os-proxy 和 os-agent 。os-operator 和 os-proxy 运行在容器中,部署在 kubernetes 集群内;os-agent 不属于集群,直接作为进程运行在 Worker Node 中。 + +- os-operator:全局的容器 OS 管理器,持续查看所有节点的容器 OS 版本信息,并根据用户配置的信息控制同时进行升级的节点个数,并标记准备升级的节点。 + +- os-proxy:单节点的 OS 管理器,持续查看当前节点的容器 OS 版本信息。如果当前节点被 os-operator 标记为准备升级的节点后,锁定节点并驱逐 pod,转发升级信息到 os-agent 。 + +- os-agent:接收来自 proxy 的信息,从 OSImage Server 下载用于更新的容器 OS 镜像,然后进行升级并重启节点。 + + +### 容器 OS 文件系统 + +**图 2** 容器 OS 文件系统布局 + +![](./figures/容器OS文件布局.png) + + + +如图所示,容器 OS 包含四个分区: + +- boot 分区:grub2文件分区 +- Persist 分区:用于存放持久性用户数据,容器 OS 升级时,该分区的数据也会保留 +- 两个 root 分区:容器 OS 采用双分区模式,将 root 分区划分为 rootA 和 rootB。假定初始化时,系统运行在 rootA 分区上,当进行系统更新时,会下载新系统到 rootB 分区,grub会有两个启动项分别为A,B,将 grub 默认启动项设置为B,最后会重启虚拟机。虚拟机启动后容器 OS 将运行在刚更新过的 rootB 分区上。 + +容器OS的root文件系统为只读,用户的持久化数据存放在Persist持久化数据分区 。 \ No newline at end of file diff --git a/docs/zh/docs/Kubernetes/Kubernetes.md b/docs/zh/docs/Kubernetes/Kubernetes.md new file mode 100644 index 0000000000000000000000000000000000000000..723ebffb43ece55be07e43520ae4103b97caacf7 --- /dev/null +++ b/docs/zh/docs/Kubernetes/Kubernetes.md @@ -0,0 +1,14 @@ +# Kubernetes 集群部署指南 + +**声明:kubernetes软件包目前收入在openEuler的EPOL仓,本文档仅适用于实验和学习环境,不适用于商用环境** + +本文档介绍在 openEuler 操作系统上,通过二进制部署 K8S 集群的一个参考方法。 + +说明:本文所有操作均使用 `root`权限执行。 + +## 集群状态 + +本文所使用的集群状态如下: + +- 集群结构:6 个 `openEuler 20.03 LTS SP4`系统的虚拟机,3 个 master 和 3 个 node 节点 +- 物理机:`openEuler 20.03 LTS SP4`的 `x86/ARM`服务器 diff --git "a/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\231\232\346\213\237\346\234\272.md" "b/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\231\232\346\213\237\346\234\272.md" new file mode 100644 index 0000000000000000000000000000000000000000..77e18b7ad544ab12e682be5225ac32e5cec552cd --- /dev/null +++ "b/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\231\232\346\213\237\346\234\272.md" @@ -0,0 +1,152 @@ +# 准备虚拟机 + + +本章介绍使用 virt manager 安装虚拟机的方法,如果您已经准备好虚拟机,可以跳过本章节。 + +## 安装依赖工具 + +安装虚拟机,会依赖相关工具,安装依赖并使能 libvirtd 服务的参考命令如下(如果需要代理,请先配置代理): + +```bash +$ dnf install virt-install virt-manager libvirt-daemon-qemu edk2-aarch64.noarch virt-viewer +$ systemctl start libvirtd +$ systemctl enable libvirtd +``` + +## 准备虚拟机磁盘文件 + +```bash +$ dnf install -y qemu-img +$ virsh pool-define-as vmPool --type dir --target /mnt/vm/images/ +$ virsh pool-build vmPool +$ virsh pool-start vmPool +$ virsh pool-autostart vmPool +$ virsh vol-create-as --pool vmPool --name master0.img --capacity 200G --allocation 1G --format qcow2 +$ virsh vol-create-as --pool vmPool --name master1.img --capacity 200G --allocation 1G --format qcow2 +$ virsh vol-create-as --pool vmPool --name master2.img --capacity 200G --allocation 1G --format qcow2 +$ virsh vol-create-as --pool vmPool --name node1.img --capacity 300G --allocation 1G --format qcow2 +$ virsh vol-create-as --pool vmPool --name node2.img --capacity 300G --allocation 1G --format qcow2 +$ virsh vol-create-as --pool vmPool --name node3.img --capacity 300G --allocation 1G --format qcow2 +``` + +## 打开 VNC 防火墙端口 + +**方法一** + +1. 查询端口 + + ```shell + $ netstat -lntup | grep qemu-kvm + ``` + +2. 打开 VNC 的防火墙端口。假设端口从 5900 开始,参考命令如下: + + ```shell + $ firewall-cmd --zone=public --add-port=5900-6000/tcp + ``` + + + +**方法二** + +直接关闭防火墙 + +```shell +$ systemctl stop firewalld +``` + + + +## 准备虚拟机配置文件 + +创建虚拟机需要虚拟机配置文件。假设配置文件为 master.xml ,以虚拟机 hostname 为 k8smaster0 的节点为例,参考配置如下: + +```bash + cat master.xml + + + k8smaster0 + 8 + 8 + + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + /var/lib/libvirt/qemu/nvram/k8smaster0.fd + + + + + + + + + 1 + + destroy + restart + restart + + /usr/libexec/qemu-kvm + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +由于虚拟机相关配置必须唯一,新增虚拟机需要适配修改如下内容,保证虚拟机的唯一性: + +- name:虚拟机 hostname,建议尽量小写。例中为 `k8smaster0` +- nvram:nvram的句柄文件路径,需要全局唯一。例中为 `/var/lib/libvirt/qemu/nvram/k8smaster0.fd` +- disk 的 source file:虚拟机磁盘文件路径。例中为 `/mnt/vm/images/master0.img` +- interface 的 mac address:interface 的 mac 地址。例中为 `52:54:00:00:00:80` + + + +## 安装虚拟机 + +1. 创建并启动虚拟机 + + ```shell + $ virsh define master.xml + $ virsh start k8smaster0 + ``` + +2. 获取虚拟机的 VNC 端口号 + + ```shell + $ virsh vncdisplay k8smaster0 + ``` + +3. 使用虚拟机连接工具,例如 VNC Viewer 远程连接虚拟机,并根据提示依次选择配置,完成系统安装 + +4. 设置虚拟机 hostname,例如设置为 k8smaster0 + + ```shell + $ hostnamectl set-hostname k8smaster0 + ``` diff --git "a/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\257\201\344\271\246.md" "b/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\257\201\344\271\246.md" new file mode 100644 index 0000000000000000000000000000000000000000..7dd31b53a95d3f5f8c8c89b60a025d6fdd1d6415 --- /dev/null +++ "b/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\257\201\344\271\246.md" @@ -0,0 +1,388 @@ + +# 准备证书 + + +**声明:本文使用的证书为自签名,不能用于商用环境** + +部署集群前,需要生成集群各组件之间通信所需的证书。本文使用开源 CFSSL 作为验证部署工具,以便用户了解证书的配置和集群组件之间证书的关联关系。用户可以根据实际情况选择合适的工具,例如 OpenSSL 。 + +## 编译安装 CFSSL + +编译安装 CFSSL 的参考命令如下(需要互联网下载权限,需要配置代理的请先完成配置): + +```bash +$ wget --no-check-certificate https://github.com/cloudflare/cfssl/archive/v1.5.0.tar.gz +$ tar -zxf v1.5.0.tar.gz +$ cd cfssl-1.5.0/ +$ make -j6 +$ cp bin/* /usr/local/bin/ +``` + +## 生成根证书 + +编写 CA 配置文件,例如 ca-config.json: + +```bash +$ cat ca-config.json | jq +{ + "signing": { + "default": { + "expiry": "8760h" + }, + "profiles": { + "kubernetes": { + "usages": [ + "signing", + "key encipherment", + "server auth", + "client auth" + ], + "expiry": "8760h" + } + } + } +} +``` + +编写 CA CSR 文件,例如 ca-csr.json: + +```bash +$ cat ca-csr.json | jq +{ + "CN": "Kubernetes", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "openEuler", + "OU": "WWW", + "ST": "BinJiang" + } + ] +} +``` + +生成 CA 证书和密钥: +```bash +$ cfssl gencert -initca ca-csr.json | cfssljson -bare ca +``` + +得到如下证书: + +```bash +ca.csr ca-key.pem ca.pem +``` + +## 生成 admin 帐户证书 + +admin 是 K8S 用于系统管理的一个帐户,编写 admin 帐户的 CSR 配置,例如 admin-csr.json: +```bash +cat admin-csr.json | jq +{ + "CN": "admin", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "system:masters", + "OU": "Containerum", + "ST": "BinJiang" + } + ] +} +``` + +生成证书: +```bash +$ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin +``` + +结果如下: +```bash +admin.csr admin-key.pem admin.pem +``` + +## 生成 service-account 帐户证书 + +编写 service-account 帐户的 CSR 配置文件,例如 service-account-csr.json: +```bash +cat service-account-csr.json | jq +{ + "CN": "service-accounts", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "Kubernetes", + "OU": "openEuler k8s install", + "ST": "BinJiang" + } + ] +} +``` + +生成证书: +```bash +$ cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes service-account-csr.json | cfssljson -bare service-account +``` + +结果如下: +```bash +service-account.csr service-account-key.pem service-account.pem +``` + +## 生成 kube-controller-manager 组件证书 + +编写 kube-controller-manager 的 CSR 配置: +```bash +{ + "CN": "system:kube-controller-manager", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "system:kube-controller-manager", + "OU": "openEuler k8s kcm", + "ST": "BinJiang" + } + ] +} +``` + +生成证书: +```bash +$ cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager +``` + +结果如下: +```bash +kube-controller-manager.csr kube-controller-manager-key.pem kube-controller-manager.pem +``` + +## 生成 kube-proxy 证书 + +编写 kube-proxy 的 CSR 配置: +```bash +{ + "CN": "system:kube-proxy", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "system:node-proxier", + "OU": "openEuler k8s kube proxy", + "ST": "BinJiang" + } + ] +} +``` + +生成证书: +```bash +$ cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy +``` + +结果如下: +```bash +kube-proxy.csr kube-proxy-key.pem kube-proxy.pem +``` + +## 生成 kube-scheduler 证书 + +编写 kube-scheduler 的 CSR 配置: +```bash +{ + "CN": "system:kube-scheduler", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "CN", + "L": "HangZhou", + "O": "system:kube-scheduler", + "OU": "openEuler k8s kube scheduler", + "ST": "BinJiang" + } + ] +} +``` + +生成证书: +```bash +$ cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler +``` + +结果如下: +```bash +kube-scheduler.csr kube-scheduler-key.pem kube-scheduler.pem +``` + +## 生成 kubelet 证书 + +由于证书涉及到 kubelet 所在机器的 hostname 和 IP 地址信息,因此每个 node 节点配置不尽相同,所以编写脚本完成,生成脚本如下: +```bash +$ cat node_csr_gen.bash + +#!/bin/bash + +nodes=(k8snode1 k8snode2 k8snode3) +IPs=("192.168.122.157" "192.168.122.158" "192.168.122.159") + +for i in "${!nodes[@]}"; do + +cat > "${nodes[$i]}-csr.json" <24 | +| k8smaster1 | 52:54:00:00:00:81 | 192.168.122.155/24 | +| k8smaster2 | 52:54:00:00:00:82 | 192.168.122.156/24 | +| k8snode1 | 52:54:00:00:00:83 | 192.168.122.157/24 | +| k8snode2 | 52:54:00:00:00:84 | 192.168.122.158/24 | +| k8snode3 | 52:54:00:00:00:85 | 192.168.122.159/24 | + + diff --git "a/docs/zh/docs/Kubernetes/\351\203\250\347\275\262Node\350\212\202\347\202\271\347\273\204\344\273\266.md" "b/docs/zh/docs/Kubernetes/\351\203\250\347\275\262Node\350\212\202\347\202\271\347\273\204\344\273\266.md" new file mode 100644 index 0000000000000000000000000000000000000000..cd414f1b38a1056df25ed5b258131abf87cf932c --- /dev/null +++ "b/docs/zh/docs/Kubernetes/\351\203\250\347\275\262Node\350\212\202\347\202\271\347\273\204\344\273\266.md" @@ -0,0 +1,384 @@ +# 部署 Node 节点组件 + + + +本章节仅以`k8snode1`节点为例。 + +## 环境准备 + +```bash +# 内网需要配置代理 +$ dnf install -y docker iSulad conntrack-tools socat containernetworking-plugins +$ swapoff -a +$ mkdir -p /etc/kubernetes/pki/ +$ mkdir -p /etc/cni/net.d +$ mkdir -p /opt/cni +# 删除默认kubeconfig +$ rm /etc/kubernetes/kubelet.kubeconfig + +## 使用isulad作为运行时 ######## +# 配置iSulad +cat /etc/isulad/daemon.json +{ + "registry-mirrors": [ + "docker.io" + ], + "insecure-registries": [ + "k8s.gcr.io", + "quay.io" + ], + "pod-sandbox-image": "k8s.gcr.io/pause:3.2",# pause类型 + "network-plugin": "cni", # 置空表示禁用cni网络插件则下面两个路径失效, 安装插件后重启isulad即可 + "cni-bin-dir": "/usr/libexec/cni/", + "cni-conf-dir": "/etc/cni/net.d", +} + +# 在iSulad环境变量中添加代理,下载镜像 +cat /usr/lib/systemd/system/isulad.service +[Service] +Type=notify +Environment="HTTP_PROXY=http://name:password@proxy:8080" +Environment="HTTPS_PROXY=http://name:password@proxy:8080" + +# 重启iSulad并设置为开机自启 +systemctl daemon-reload +systemctl restart isulad + + + + +## 如果使用docker作为运行时 ######## +$ dnf install -y docker +# 如果需要代理的环境,可以给docker配置代理,新增配置文件http-proxy.conf,并编写如下内容,替换name,password和proxy-addr为实际的配置。 +$ cat /etc/systemd/system/docker.service.d/http-proxy.conf +[Service] +Environment="HTTP_PROXY=http://name:password@proxy-addr:8080" +$ systemctl daemon-reload +$ systemctl restart docker +``` + +## 创建 kubeconfig 配置文件 + +对各节点依次如下操作创建配置文件: + +```bash +$ kubectl config set-cluster openeuler-k8s \ + --certificate-authority=/etc/kubernetes/pki/ca.pem \ + --embed-certs=true \ + --server=https://192.168.122.154:6443 \ + --kubeconfig=k8snode1.kubeconfig + +$ kubectl config set-credentials system:node:k8snode1 \ + --client-certificate=/etc/kubernetes/pki/k8snode1.pem \ + --client-key=/etc/kubernetes/pki/k8snode1-key.pem \ + --embed-certs=true \ + --kubeconfig=k8snode1.kubeconfig + +$ kubectl config set-context default \ + --cluster=openeuler-k8s \ + --user=system:node:k8snode1 \ + --kubeconfig=k8snode1.kubeconfig + +$ kubectl config use-context default --kubeconfig=k8snode1.kubeconfig +``` + +**注:修改k8snode1为对应节点名** + +## 拷贝证书 + +和控制面一样,所有证书、密钥和相关配置都放到`/etc/kubernetes/pki/`目录。 + +```bash +$ ls /etc/kubernetes/pki/ +ca.pem k8snode1.kubeconfig kubelet_config.yaml kube-proxy-key.pem kube-proxy.pem +k8snode1-key.pem k8snode1.pem kube_proxy_config.yaml kube-proxy.kubeconfig +``` + +## CNI 网络配置 + +先通过 containernetworking-plugins 作为 kubelet 使用的 cni 插件,后续可以引入 calico,flannel 等插件,增强集群的网络能力。 + +```bash +# 桥网络配置 +$ cat /etc/cni/net.d/10-bridge.conf +{ + "cniVersion": "0.3.1", + "name": "bridge", + "type": "bridge", + "bridge": "cnio0", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "subnet": "10.244.0.0/16", + "gateway": "10.244.0.1" + }, + "dns": { + "nameservers": [ + "10.244.0.1" + ] + } +} + +# 回环网络配置 +$ cat /etc/cni/net.d/99-loopback.conf +{ + "cniVersion": "0.3.1", + "name": "lo", + "type": "loopback" +} +``` + +## 部署 kubelet 服务 + +### kubelet 依赖的配置文件 + +```bash +$ cat /etc/kubernetes/pki/kubelet_config.yaml +kind: KubeletConfiguration +apiVersion: kubelet.config.k8s.io/v1beta1 +authentication: + anonymous: + enabled: false + webhook: + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.pem +authorization: + mode: Webhook +clusterDNS: +- 10.32.0.10 +clusterDomain: cluster.local +runtimeRequestTimeout: "15m" +tlsCertFile: "/etc/kubernetes/pki/k8snode1.pem" +tlsPrivateKeyFile: "/etc/kubernetes/pki/k8snode1-key.pem" +``` + +**注意:clusterDNS 的地址为:10.32.0.10,必须和之前设置的 service-cluster-ip-range 一致** + +### 编写 systemd 配置文件 + +```bash +$ cat /usr/lib/systemd/system/kubelet.service +[Unit] +Description=kubelet: The Kubernetes Node Agent +Documentation=https://kubernetes.io/docs/ +Wants=network-online.target +After=network-online.target + +[Service] +ExecStartPre=swapoff -a +ExecStart=/usr/bin/kubelet \ + --config=/etc/kubernetes/pki/kubelet_config.yaml \ + --network-plugin=cni \ + --pod-infra-container-image=k8s.gcr.io/pause:3.2 \ + --kubeconfig=/etc/kubernetes/pki/k8snode1.kubeconfig \ + --register-node=true \ + --hostname-override=k8snode1 \ + --cni-bin-dir="/usr/libexec/cni,/opt/cni/bin" \ + --v=2 + +Restart=always +StartLimitInterval=0 +RestartSec=10 + +[Install] +WantedBy=multi-user.target +``` + +**注意:如果使用 isulad 作为 runtime,需要增加如下配置** + +```bash +--container-runtime=remote \ +--container-runtime-endpoint=unix:///var/run/isulad.sock \ +``` + +## 部署 kube-proxy + +### kube-proxy 依赖的配置文件 + +```bash +cat /etc/kubernetes/pki/kube_proxy_config.yaml +kind: KubeProxyConfiguration +apiVersion: kubeproxy.config.k8s.io/v1alpha1 +clientConnection: + kubeconfig: /etc/kubernetes/pki/kube-proxy.kubeconfig +clusterCIDR: 10.244.0.0/16 +mode: "iptables" +``` + +### 编写 systemd 配置文件 + +```bash +$ cat /usr/lib/systemd/system/kube-proxy.service +[Unit] +Description=Kubernetes Kube-Proxy Server +Documentation=https://kubernetes.io/docs/reference/generated/kube-proxy/ +After=network.target + +[Service] +EnvironmentFile=-/etc/kubernetes/config +EnvironmentFile=-/etc/kubernetes/proxy +ExecStart=/usr/bin/kube-proxy \ + $KUBE_LOGTOSTDERR \ + $KUBE_LOG_LEVEL \ + --config=/etc/kubernetes/pki/kube_proxy_config.yaml \ + --hostname-override=k8snode1 \ + $KUBE_PROXY_ARGS +Restart=on-failure +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target +``` + +## 启动组件服务 + +```bash +$ systemctl enable kubelet kube-proxy +$ systemctl start kubelet kube-proxy +``` + +其他节点依次部署即可。 + +## 验证集群状态 + +等待几分钟,使用如下命令查看node状态: + +```bash +$ kubectl get nodes --kubeconfig /etc/kubernetes/pki/admin.kubeconfig +NAME STATUS ROLES AGE VERSION +k8snode1 Ready 17h v1.20.2 +k8snode2 Ready 19m v1.20.2 +k8snode3 Ready 12m v1.20.2 +``` + +## 部署 coredns + +coredns可以部署到node节点或者master节点,本文这里部署到节点`k8snode1`。 + +### 编写 coredns 配置文件 + +```bash +$ cat /etc/kubernetes/pki/dns/Corefile +.:53 { + errors + health { + lameduck 5s + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + endpoint https://192.168.122.154:6443 + tls /etc/kubernetes/pki/ca.pem /etc/kubernetes/pki/admin-key.pem /etc/kubernetes/pki/admin.pem + kubeconfig /etc/kubernetes/pki/admin.kubeconfig default + fallthrough in-addr.arpa ip6.arpa + } + prometheus :9153 + forward . /etc/resolv.conf { + max_concurrent 1000 + } + cache 30 + loop + reload + loadbalance +} +``` + +说明: + +- 监听53端口; +- 设置kubernetes插件配置:证书、kube api的URL; + +### 准备 systemd 的 service 文件 + +```bash +cat /usr/lib/systemd/system/coredns.service +[Unit] +Description=Kubernetes Core DNS server +Documentation=https://github.com/coredns/coredns +After=network.target + +[Service] +ExecStart=bash -c "KUBE_DNS_SERVICE_HOST=10.32.0.10 coredns -conf /etc/kubernetes/pki/dns/Corefile" + +Restart=on-failure +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target +``` + +### 启动服务 + +```bash +$ systemctl enable coredns +$ systemctl start coredns +``` + +### 创建 coredns 的 Service 对象 + +```bash +$ cat coredns_server.yaml +apiVersion: v1 +kind: Service +metadata: + name: kube-dns + namespace: kube-system + annotations: + prometheus.io/port: "9153" + prometheus.io/scrape: "true" + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" +spec: + clusterIP: 10.32.0.10 + ports: + - name: dns + port: 53 + protocol: UDP + - name: dns-tcp + port: 53 + protocol: TCP + - name: metrics + port: 9153 + protocol: TCP +``` + +### 创建 coredns 的 endpoint 对象 + +```bash +$ cat coredns_ep.yaml +apiVersion: v1 +kind: Endpoints +metadata: + name: kube-dns + namespace: kube-system +subsets: + - addresses: + - ip: 192.168.122.157 + ports: + - name: dns-tcp + port: 53 + protocol: TCP + - name: dns + port: 53 + protocol: UDP + - name: metrics + port: 9153 + protocol: TCP +``` + +### 确认 coredns 服务 + +```bash +# 查看service对象 +$ kubectl get service -n kube-system kube-dns +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +kube-dns ClusterIP 10.32.0.10 53/UDP,53/TCP,9153/TCP 51m +# 查看endpoint对象 +$ kubectl get endpoints -n kube-system kube-dns +NAME ENDPOINTS AGE +kube-dns 192.168.122.157:53,192.168.122.157:53,192.168.122.157:9153 52m +``` \ No newline at end of file diff --git "a/docs/zh/docs/Kubernetes/\351\203\250\347\275\262\346\216\247\345\210\266\351\235\242\347\273\204\344\273\266.md" "b/docs/zh/docs/Kubernetes/\351\203\250\347\275\262\346\216\247\345\210\266\351\235\242\347\273\204\344\273\266.md" new file mode 100644 index 0000000000000000000000000000000000000000..725d5b73c982d0bd1aa44293b7253b119fb984a4 --- /dev/null +++ "b/docs/zh/docs/Kubernetes/\351\203\250\347\275\262\346\216\247\345\210\266\351\235\242\347\273\204\344\273\266.md" @@ -0,0 +1,364 @@ +# 部署控制面组件 + +## 打开依赖端口 + +``` +$ firewall-cmd --zone=public --add-port=6443/tcp +$ firewall-cmd --zone=public --add-port=10251-10252/tcp +``` + + +## 准备所有组件的 kubeconfig + +### kube-proxy + +```bash +$ kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://192.168.122.154:6443 --kubeconfig=kube-proxy.kubeconfig +$ kubectl config set-credentials system:kube-proxy --client-certificate=/etc/kubernetes/pki/kube-proxy.pem --client-key=/etc/kubernetes/pki/kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig +$ kubectl config set-context default --cluster=openeuler-k8s --user=system:kube-proxy --kubeconfig=kube-proxy.kubeconfig +$ kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig +``` + +### kube-controller-manager + +```bash +$ kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=kube-controller-manager.kubeconfig +$ kubectl config set-credentials system:kube-controller-manager --client-certificate=/etc/kubernetes/pki/kube-controller-manager.pem --client-key=/etc/kubernetes/pki/kube-controller-manager-key.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig +$ kubectl config set-context default --cluster=openeuler-k8s --user=system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig +$ kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig +``` + +### kube-scheduler + +```bash +$ kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=kube-scheduler.kubeconfig +$ kubectl config set-credentials system:kube-scheduler --client-certificate=/etc/kubernetes/pki/kube-scheduler.pem --client-key=/etc/kubernetes/pki/kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig +$ kubectl config set-context default --cluster=openeuler-k8s --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig +$ kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig +``` + +### admin + +```bash +$ kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=admin.kubeconfig +$ kubectl config set-credentials admin --client-certificate=/etc/kubernetes/pki/admin.pem --client-key=/etc/kubernetes/pki/admin-key.pem --embed-certs=true --kubeconfig=admin.kubeconfig +$ kubectl config set-context default --cluster=openeuler-k8s --user=admin --kubeconfig=admin.kubeconfig +$ kubectl config use-context default --kubeconfig=admin.kubeconfig +``` + +### 获得相关 kubeconfig 配置文件 + +```bash +admin.kubeconfig kube-proxy.kubeconfig kube-controller-manager.kubeconfig kube-scheduler.kubeconfig +``` + +## 生成密钥提供者的配置 + +api-server 启动时需要提供一个密钥对`--encryption-provider-config=/etc/kubernetes/pki/encryption-config.yaml`,本文通过 urandom 生成一个: + +```bash +$ cat generate.bash +#!/bin/bash + +ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64) + +cat > encryption-config.yaml < - -- [快速入门](#快速入门) - - [安装要求](#安装要求) - - [获取安装源](#获取安装源) - - [发布包完整性校验](#发布包完整性校验) - - [启动安装](#启动安装) - - [安装](#安装) - - [查看系统信息](#查看系统信息) - - +本文档以TaiShan 200服务器上安装openEuler 20.03-LTS-SP4为例,旨在指导用户快速地安装和使用openEuler操作系统,更详细的安装要求和安装方法请参考《[openEuler 20.03-LTS-SP4 安装指南](./../Installation/installation.html)》。 ## 安装要求 -- 硬件兼容支持 +- 硬件兼容支持 支持的服务器类型如[表1](#table14948632047)所示。 @@ -49,302 +38,267 @@ -- 最小硬件要求 +- 最小硬件要求 最小硬件要求如[表2](#tff48b99c9bf24b84bb602c53229e2541)所示。 **表 2** 最小硬件要求 - - - - - - - - - - - - - - - - - - - - - - +

    部件名称

    -

    最小硬件要求

    -

    说明

    -

    架构

    -
    • AArch64
    • x86_64
    -
    • 支持Arm的64位架构。
    • 支持Intel的x86 64位架构。
    -

    CPU

    -
    • 华为鲲鹏920系列CPU
    • Intel® Xeon®处理器
    -

    -

    -

    内存

    -

    不小于4GB(为了获得更好的应用体验,建议不小于8GB)

    -

    -

    -

    硬盘

    -

    为了获得更好的应用体验,建议不小于120GB

    -

    支持IDE、SATA、SAS等接口的硬盘。

    -
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    部件名称

    最小硬件要求

    说明

    架构

    • AArch64
    • x86_64
    • 支持Arm的64位架构。
    • 支持Intel的x86 64位架构。

    CPU

    • 华为鲲鹏920系列CPU
    • Intel® Xeon®处理器

    -

    内存

    不小于4GB(为了获得更好的应用体验,建议不小于8GB)

    -

    硬盘

    为了获得更好的应用体验,建议不小于120GB

    • 支持IDE、SATA、SAS等接口的硬盘。
    • 用DIF功能的NVME盘,需要对应驱动支持,如果无法使用,请联系硬件厂商。
    - ## 获取安装源 -请按以下步骤获取openEuler的发布包和校验文件: - -1. 登录[openEuler社区](https://openeuler.org)网站。 -2. 单击“下载”。 -3. 单击“获取ISO:”后面的“Link”,显示版本列表。 -4. 单击“openEuler-20.03-LTS”,进入openEuler 20.03 LTS版本下载列表。 -5. 单击“ISO”,进入ISO下载列表。 - - aarch64:AArch64架构的ISO。 - - x86\_64:x86\_64架构的ISO。 - - source:openEuler源码ISO。 - -6. 根据实际待安装环境的架构选择需要下载的openEuler的发布包和校验文件。 - - 若为AArch64架构。 - 1. 单击“aarch64”。 - 2. 单击“openEuler-20.03-LTS-aarch64-dvd.iso”,将openEuler发布包下载到本地。 - 3. 单击“openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 - - - 若为x86\_64架构。 - 1. 单击“x86\_64”。 - 2. 单击“openEuler-20.03-LTS-x86\_64-dvd.iso”,将openEuler发布包下载到本地。 - 3. 单击“openEuler-20.03-LTS-x86\_64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 +请按以下步骤获取openEuler的发布包和校验值: +1. 登录[openEuler社区](https://openeuler.org)网站。 +2. 单击“下载”。 +3. 单击“社区发行版”,显示版本列表。 +4. 单击openEuler-20.03-LTS-SP4下的“前往下载”,进入openEuler 20.03-LTS-SP4版本下载列表。 +5. 根据实际待安装环境的架构选择需要下载的openEuler发布包和校验文件。 + - 若为AArch64架构。 + 1. 在“架构”栏单击“AArch64”。 + 2. 在“软件包类型”下选择需要的ISO,单击“立即下载”。 + 3. 单击该ISO对应的完整性校验文件“SHA256”,复制校验值到本地。 + - 若为x86\_64架构。 + 1. 在“架构”栏单击“x86\_64”。 + 2. 在“软件包类型”下选择需要的ISO,单击“立即下载”。 + 3. 单击该ISO对应的完整性校验文件“SHA256”,复制校验值到本地。 ## 发布包完整性校验 为了防止软件包在传输过程中由于网络原因或者存储设备原因出现下载不完整的问题,在获取到软件包后,可按以下步骤将获取到的openEuler的软件包进行完整性校验。 -1. 获取校验文件中的校验值。执行命令如下: - - ``` - $ cat openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum - ``` - -2. 计算文件的sha256校验值。执行命令如下: +1. 计算文件的sha256校验值。执行命令如下: - ``` - $ sha256sum openEuler-20.03-LTS-aarch64-dvd.iso + ```sh + sha256sum openEuler-20.03-LTS-SP4-aarch64-dvd.iso ``` 命令执行完成后,输出校验值。 -3. 对比步骤1和步骤2计算的校验值是否一致。 +2. 对比步骤1和复制到本地的校验值是否一致。 如果校验值一致说明iso文件完整性没有破坏,如果校验值不一致则可以确认文件完整性已被破坏,需要重新获取。 - ## 启动安装 -1. 登录服务器iBMC Web界面。具体方法请参考《[TaiShan 200 服务器 用户指南 \(型号 2280\) ](https://support.huawei.com/enterprise/zh/doc/EDOC1100088652)》。 -2. 在上方标题栏中,选择“配置”,在左侧导航树中选择“系统启动项”,显示“系统启动项”界面。 +1. 登录服务器iBMC Web界面。具体方法请参考《[TaiShan 200 服务器 用户指南 (型号 2280)](https://support.huawei.com/enterprise/zh/doc/EDOC1100088652)》。 +2. 在上方标题栏中,选择“配置”,在左侧导航树中选择“系统启动项”,显示“系统启动项”界面。 将“引导介质有效期”和“引导介质”分别设置为“单次有效”和“光驱”,并单击“保存”以保存配置。如[图1](#fig1011938131018)所示。 **图 1** 设置系统启动项 ![](./figures/Setting_the_System_Boot_Option.png) -3. 在上方标题栏中,选择“远程控制”,在左侧导航树中选择“远程控制”,显示“远程控制”界面。 +3. 在上方标题栏中,选择“远程控制”,在左侧导航树中选择“远程控制”,显示“远程控制”界面。 根据实际情况选择一个集成远程控制台以进入远程虚拟控制台,如选择“Java集成远程控制台\(共享\)”。 -4. 在虚拟界面工具栏中,单击虚拟光驱工具如下图所示。 +4. 在虚拟界面工具栏中,单击虚拟光驱工具如下图所示。 **图 2** 光驱图标 - ![](./figures/CD-ROM_drive_icon.png) + ![本地图片](./figures/CD-ROM_drive_icon.png) 弹出镜像对话框,如下图所示。 **图 3** 镜像对话框 ![](./figures/Image_dialog_box.png) -5. 在镜像对话框中,选择“镜像文件”, 并单击“浏览”。弹出“打开”对话框。 -6. 选择镜像文件,单击“打开”。然后在镜像对话框中,单击“连接”。当“连接”显示为“断开”后,表示虚拟光驱已连接到服务器。 -7. 在工具栏中,单击重启工具重启设备,如下图所示。 +5. 在镜像对话框中,选择“镜像文件”, 并单击“浏览”。弹出“打开”对话框。 +6. 选择镜像文件,单击“打开”。然后在镜像对话框中,单击“连接”。当“连接”显示为“断开”后,表示虚拟光驱已连接到服务器。 +7. 在工具栏中,单击重启工具重启设备,如下图所示。 **图 4** 重启图标 ![](./figures/restarticon.png) -8. 设备重启后进入到openEuler操作系统安装引导界面,如[图5](#fig1648754873314)所示。 +8. 设备重启后进入到openEuler操作系统安装引导界面,如[图5](#fig1648754873314)所示。 - >![](./public_sys-resources/icon-note.gif) **说明:** - >- 如果60秒内未按任何键,系统将从默认选项“Test this media & install openEuler 20.03 LTS”自动进入安装界面。 - >- 安装物理机时,如果使用键盘上下键无法选择启动选项,按“Enter”键无响应,可以单击BMC界面上的鼠标控制图标“![](./figures/zh-cn_image_0229420473.png)”,设置“键鼠复位”。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - 如果60秒内未按任何键,系统将从默认选项“Test this media & install openEuler 20.03-LTS-SP4”自动进入安装界面。 + > - 安装物理机时,如果使用键盘上下键无法选择启动选项,按“Enter”键无响应,可以单击BMC界面上的鼠标控制图标“![](./figures/zh-cn_image_0229420473.png)”,设置“键鼠复位”。 **图 5** 安装引导界面 ![](./figures/Installation_wizard.png) -9. 在安装引导界面,按“Enter”,进入默认选项“Test this media & install openEuler 20.03 LTS”的图形化安装界面。 +9. 在安装引导界面,按“Enter”,进入默认选项“Test this media & install openEuler 20.03-LTS-SP4”的图形化安装界面。 ## 安装 进入图形化安装界面后,按如下步骤进行安装。 -1. 设置安装语言,默认为英语,用户可根据实际情况进行调整,如[图6](#fig874344811484)所示,选择“中文”。 +1. 设置安装语言,默认为英语,用户可根据实际情况进行调整,如[图6](#fig874344811484)所示,选择“中文”。 **图 6** 选择语言 - ![](./figures/chooselanguage.png) + ![](./figures/selectlanguage.png) -2. 在安装概览界面,根据实际情况设置各配置项。 +2. 在安装概览界面,根据实际情况设置各配置项。 - - 配置项有告警符号的,表示用户必须完成该选项配置后,告警符号消失,才能进行下一步操作。 - - 配置项无告警符号的,表示该配置项已有默认配置。 - - 所有配置项均无告警符号时用户才能单击“开始安装”进行系统安装。 + - 配置项有告警符号的,表示用户必须完成该选项配置后,告警符号消失,才能进行下一步操作。 + - 配置项无告警符号的,表示该配置项已有默认配置。 + - 所有配置项均无告警符号时用户才能单击“开始安装”进行系统安装。 **图 7** 安装概览 ![](./figures/Installation_Overview.png) - 1. 选择“软件选择”,设置“软件选择”配置项。 + 1. 选择“软件选择”,设置“软件选择”配置项。 用户需要根据实际的业务需求,在左侧选择一个“最小安装”,在右侧选择安装环境的附加选项,如[图8](#fig1133717611109)所示。 **图 8** 软件选择 ![](./figures/choosesoftware.png) - >![](./public_sys-resources/icon-note.gif) **说明:** - >- 在最小安装的环境下,并非安装源中所有的包都会安装。如果用户需要使用的包未安装,可将安装源挂载到本地制作repo源,通过DNF工具单独安装。 - >- 选择“虚拟化主机”时会默认安装虚拟化组件qemu、libvirt、edk2,且可在附件选项处选择是否安装ovs等组件。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - 在最小安装的环境下,并非安装源中所有的包都会安装。如果用户需要使用的包未安装,可将安装源挂载到本地制作repo源,通过DNF工具单独安装。 + > - 选择“虚拟化主机”时会默认安装虚拟化组件qemu、libvirt、edk2,且可在附加选项处选择是否安装ovs等组件。 设置完成后,请单击左上角“完成”返回“安装概览”页面。 - 2. 选择“安装位置”,设置“安装位置”配置项。 + 2. 选择“安装目的地”,设置“安装目的地”配置项。 + + 在安装位置页面中,您可以选择计算机中的本地可用存储设备。 - 在安装位置页面中,您可以选择计算机中的本地可用存储设备,也可以通过单击“添加磁盘”,添加指定的附加设备或者网络设备。您还需要进行存储配置以便对系统分区。您可以手动配置分区,也可以选择让安装程序自动分区。如果是在未使用过的存储设备中执行全新安装,或者不需要保留该存储设备中任何数据,建议选择“自动”进行自动分区。如[图9](#fig153381468101)所示。 + > ![](./public_sys-resources/icon-notice.gif) **须知:** + > + > - 由于很多服务器BIOS内置NVMe驱动程序版本较低,不支持NVMe的数据保护特性(数据保护:将磁盘扇区格式化为512+N或4096+N字节)。所以,在选择合适的存储介质时,建议不要选择开启数据保护特性的NVMe SSD存储介质作为系统盘,否则可能出现操作系统无法引导等问题。 + > - 用户可以选择优先咨询服务器厂商关于BIOS是否支持开启数据保护特性的NVMe磁盘作为系统盘。如果您无法确认BIOS是否支持,则不推荐使用NVMe安装操作系统,或者选择关闭NVMe盘的数据保护功能实现操作系统安装。 - >![](./public_sys-resources/icon-notice.gif) **须知:** - >在选择您需要安装的设备时,建议不要选择NVMe SSD存储介质作为操作系统的安装磁盘。 + 您还需要进行存储配置以便对系统分区。您可以手动配置分区,也可以选择让安装程序自动分区。如果是在未使用过的存储设备中执行全新安装,或者不需要保留该存储设备中任何数据,建议选择“自动”进行自动分区。如[图9](#fig153381468101)所示。 **图 9** 安装目标位置 ![](./figures/Target_installation_position.png) - >![](./public_sys-resources/icon-note.gif) **说明:** - >- 在进行分区时,出于系统性能和安全的考虑,建议您划分如下单独分区:/boot、/var、/var/log 、/var/log/audit、/home、/tmp。 - >- 系统如果配置了swap分区,当系统的物理内存不够用时,会使用swap分区。虽然 swap分区可以增大物理内存大小的限制,但是如果由于内存不足使用到swap分区,会增加系统的响应时间,性能变差。因此在物理内存充足或者性能敏感的系统中,不建议配置swap分区。 - >- 如果需要拆分逻辑卷组则需要选择“自定义”进行手动分区,并在“手动分区”界面单击“卷组”区域中的“修改”按钮重新配置卷组。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - 在进行分区时,出于系统性能和安全的考虑,建议您划分如下单独分区:/boot、/var、/var/log 、/var/log/audit、/home、/tmp。 + > - 系统如果配置了swap分区,当系统的物理内存不够用时,会使用swap分区。虽然 swap分区可以增大物理内存大小的限制,但是如果由于内存不足使用到swap分区,会增加系统的响应时间,性能变差。因此在物理内存充足或者性能敏感的系统中,不建议配置swap分区。 + > - 如果需要拆分逻辑卷组则需要选择“自定义”进行手动分区,并在“手动分区”界面单击“卷组”区域中的“修改”按钮重新配置卷组。 设置完成后,请单击左上角“完成”返回“安装概览”页面。 - 3. 设置其他配置项,其他配置项可以使用默认配置。 - -3. 单击“开始安装”进行系统安装,如[图10](#fig1717019357392)所示。 + 3. 选择“根密码”,设置“根密码”配置项。 - **图 10** 开始安装 - ![](./figures/startinstall.png) + 在“ROOT密码”页面中,如[图10](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018)所示,根据[密码复杂度](#密码复杂度)输入密码并再次输入密码进行确认。 -4. 设置root密码。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > - root帐户是用来执行关键系统管理任务,不建议您在日常工作及系统访问时使用root帐户。 + > + > - 在“ROOT密码”界面若选择“锁定root帐户”则root帐户将禁用。 - 单击“root密码”,弹出设置密码界面如[图11](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018)所示,输入密码并再次输入密码进行确认。 + **密码复杂度** - >![](./public_sys-resources/icon-note.gif) **说明:** - >root密码需要在安装软件包的同时进行配置,如果不配置该密码则无法完成安装。root账户是用来执行关键系统管理任务,不建议您在日常工作及系统访问时使用root账户。 + 用户设置的root用户密码或新创建用户的密码均需要满足密码复杂度要求,否则会导致密码设置或用户创建失败。设置密码的复杂度的要求如下: - 用户设置的root密码需要满足如下密码复杂度要求,否则会导致密码设置或用户创建失败。 + 1. 口令长度至少8个字符。 - - 口令长度至少8个字符。 - - 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种。 - - 口令不能和账号一样。 - - 口令不能使用字典词汇。 - - 查询字典 + 2. 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种。 - 在已装好的openEuler环境中,可以通过如下命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 + 3. 口令不能和帐号一样。 - ``` - cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt - ``` + 4. 口令不能使用字典词汇。 - - 修改字典 - - 修改上面导出的字典文件,执行如下命令更新系统字典库。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > 在已装好的openEuler环境中,可以通过`cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt`命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 - ``` - create-cracklib-dict dictionary.txt - ``` + **图 10** root密码 + ![](./figures/root_password.png) - - 在原字典库基础上新增其他字典内容custom.txt。 + 设置完成后,单击左上角的“完成”返回“安装概览”页面。 - ``` - create-cracklib-dict dictionary.txt custom.txt - ``` - - **图 11** root密码 - ![](./figures/rootpassword.png) - -5. 创建用户。 + 4. 选择“创建用户”,设置“创建用户”配置项。 - 单击“创建用户”,弹出创建用户的界面如[图12](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319)所示。输入用户名,并设置密码,其中密码复杂度要求与root密码复杂度要求一致。另外您还可以通过“高级”选项设置用户主目录、用户组等,如[图13](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig128716531312)所示。 + 在创建用户的界面如[图11](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319)所示。输入用户名,并设置密码,其中密码复杂度要求与root密码复杂度要求一致。另外您还可以通过“高级”选项设置用户主目录、用户组等,如[图12](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig128716531312)所示。 - **图 12** 创建用户 - ![](./figures/createuser.png) + **图 11** 创建用户 + ![](./figures/createuser.png) - **图 13** 高级用户配置 - ![](./figures/Advanced_User_Configuration.png) + **图 12** 高级用户配置 + ![](./figures/Advanced_User_Configuration.png "高级用户配置") - 完成设置后,单击左上角的“完成”返回安装过程界面。 + 完成设置后,单击左上角的“完成”返回“安装概览”页面。 -6. 安装完成后重启系统。 + 5. 设置其他配置项,其他配置项可以使用默认配置。 - openEuler完成安装,如[图14](#zh-cn_topic_0186390267_zh-cn_topic_0122145917_fig1429512116338)所示。单击“重启”后,系统将重新启动。 +3. 单击“开始安装”进行系统安装,如[图13](#fig1717019357392)所示。 - **图 14** 完成安装 - ![](./figures/completeinstall.png) + **图 13** 开始安装 + ![](./figures/Installation_Procedure.png) +4. 安装完成后重启系统。 + openEuler完成安装后,单击“重启”按钮,系统将重新启动。 ## 查看系统信息 -系统安装完成并重启后直接进入系统命令行登录界面,输入安装过程中设置的用户和密码,进入openEuler操作系统,查看如下系统信息。若需要进行系统管理和配置操作,请参考《[openEuler 20.03 LTS 管理员指南](https://openeuler.org/zh/docs/20.03_LTS/docs/Administration/administration.html)》。 +系统安装完成并重启后直接进入系统命令行登录界面,输入安装过程中设置的用户和密码,进入openEuler操作系统,查看如下系统信息。若需要进行系统管理和配置操作,请参考《[openEuler 20.03-LTS-SP4 管理员指南](https://openeuler.org/zh/docs/20.03_LTS_SP4/docs/Administration/administration.html)》。 -- 查看系统信息,命令如下: +- 查看系统信息,命令和回显如下: - ``` - cat /etc/os-release - ``` - - 例如,命令和输出如下: - - ``` + ```sh # cat /etc/os-release NAME="openEuler" - VERSION="20.03 (LTS)" + VERSION="20.03 (LTS-SP4)" ID="openEuler" VERSION_ID="20.03" - PRETTY_NAME="openEuler 20.03 (LTS)" + PRETTY_NAME="openEuler 20.03 (LTS-SP4)" ANSI_COLOR="0;31" ``` -- 查看系统相关的资源信息。 +- 查看系统相关的资源信息。 查看CPU信息,命令如下: - ``` - lscpu + ```sh + # lscpu ``` 查看内存信息,命令如下: - ``` - free + ```sh + # free ``` - 查看磁盘信息,命令如下: + 查看磁盘分区信息,命令如下: - ``` - fdisk -l + ```sh + # fdisk -l ``` -- 查看IP地址,命令如下: +- 查看IP地址,命令如下: + ```sh + # ip addr ``` - ip addr - ``` - - diff --git "a/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" "b/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" index e7374faba3b76702998bd2f4e99c7679002c1887..4ddecc7f5d4c3cdd29e993e0e0048e35e3ad51af 100644 --- "a/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" +++ "b/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" @@ -1,4 +1,3 @@ -# CVE漏洞 - -版本涉及的CVE可通过[CVE列表](https://cve.openeuler.org/#/CVE)查询。 +# CVE漏洞 +版本涉及的CVE可通过[CVE列表](https://www.openeuler.org/zh/security/cve)查询。 diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/OpenIPMI_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/OpenIPMI_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..7233dc2c8d70e444afdb9552cd09fef83805acae --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/OpenIPMI_all_result.md @@ -0,0 +1,212 @@ +# Functions changed info + +---------------diffs in OpenIPMI_libOpenIPMIutils.so.0.0.1_abidiff.out:---------------- + +---------------diffs in OpenIPMI_libOpenIPMIposix.so.0.0.1_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Added functions: + + + + 'function int sel_select_intr_sigmask(selector_s*, sel_send_sig_cb, long int, void*, timeval*, sigset_t*)' {sel_select_intr_sigmask} + + 'function int sel_setup_forked_process(selector_s*)' {sel_setup_forked_process} + + + +---------------diffs in OpenIPMI_libOpenIPMIglib.so.0.0.1_abidiff.out:---------------- + +---------------diffs in OpenIPMI_libOpenIPMIui.so.1.0.1_abidiff.out:---------------- + +---------------diffs in OpenIPMI_libOpenIPMI.so.0.0.5_abidiff.out:---------------- + +---------------diffs in OpenIPMI_libOpenIPMIpthread.so.0.0.1_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Added functions: + + + + 'function int sel_select_intr_sigmask(selector_s*, sel_send_sig_cb, long int, void*, timeval*, sigset_t*)' {sel_select_intr_sigmask} + + 'function int sel_setup_forked_process(selector_s*)' {sel_setup_forked_process} + + + +---------------diffs in OpenIPMI_libIPMIlanserv.so.0.0.1_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 4 Changed (20 filtered out), 3 Added functions + +Variables changes summary: 0 Removed, 0 Changed (4 filtered out), 0 Added variables + + + +3 Added functions: + + + + 'function void ipmbserv_handle_data(ipmbserv_data_t*, uint8_t*, unsigned int)' {ipmbserv_handle_data} + + 'function int ipmbserv_init(ipmbserv_data_t*)' {ipmbserv_init} + + 'function int ipmbserv_read_config(char**, sys_data_t*, const char**)' {ipmbserv_read_config} + + + +4 functions with some indirect sub-type change: + + + + [C]'function int chan_init(channel_t*)' at serv.c:212:1 has some indirect sub-type changes: + + parameter 1 of type 'channel_t*' has sub-type changes: + + in pointed to type 'typedef channel_t' at msg.h:61:1: + + underlying type 'struct channel_s' at serv.h:120:1 changed: + + type size changed from 1984 to 2048 (in bits) + + 1 data member insertion: + + 'int channel_s::prim_ipmb_in_cfg_file', at offset 1984 (in bits) at serv.h:224:1 + + no data member changes (19 filtered); + + + + [C]'function void debug_log_raw_msg(sys_data_t*, unsigned char*, unsigned int, const char*, ...)' at serv.c:240:1 has some indirect sub-type changes: + + parameter 1 of type 'sys_data_t*' has sub-type changes: + + in pointed to type 'typedef sys_data_t' at msg.h:124:1: + + underlying type 'struct sys_data_s' at serv.h:325:1 changed: + + type size changed from 18688 to 18752 (in bits) + + 1 data member insertion: + + 'int (void*, channel_t*)* sys_data_s::ipmb_channel_init', at offset 18688 (in bits) at serv.h:414:1 + + no data member changes (17 filtered); + + + + [C]'function void handle_asf(lanserv_data_t*, uint8_t*, int, void*, int)' at lanserv_asf.c:96:1 has some indirect sub-type changes: + + parameter 1 of type 'lanserv_data_t*' has sub-type changes: + + in pointed to type 'typedef lanserv_data_t' at lanserv.h:73:1: + + underlying type 'struct lanserv_data_s' at lanserv.h:219:1 changed: + + type size changed from 192960 to 193024 (in bits) + + 20 data member changes (1 filtered): + + + + 'user_t* lanserv_data_s::users' offset changed from 2304 to 2368 (in bits) (by +64 bits) + + 'pef_data_t* lanserv_data_s::pef' offset changed from 2368 to 2432 (in bits) (by +64 bits) + + 'unsigned int lanserv_data_s::default_session_timeout' offset changed from 2432 to 2496 (in bits) (by +64 bits) + + 'unsigned char* lanserv_data_s::bmc_key' offset changed from 2496 to 2560 (in bits) (by +64 bits) + + 'void* lanserv_data_s::user_info' offset changed from 2560 to 2624 (in bits) (by +64 bits) + + 'void (lanserv_data_t*, iovec*, int, void*, int)* lanserv_data_s::send_out' offset changed from 2624 to 2688 (in bits) (by +64 bits) + + 'int (lanserv_data_t*, void*, int)* lanserv_data_s::gen_rand' offset changed from 2688 to 2752 (in bits) (by +64 bits) + + 'session_t lanserv_data_s::sessions[64]' offset changed from 2752 to 2816 (in bits) (by +64 bits) + + 'uint32_t lanserv_data_s::sid_seq' offset changed from 191168 to 191232 (in bits) (by +64 bits) + + 'ipmi_authdata_t lanserv_data_s::challenge_auth' offset changed from 191232 to 191296 (in bits) (by +64 bits) + + 'unsigned int lanserv_data_s::next_challenge_seq' offset changed from 191296 to 191360 (in bits) (by +64 bits) + + 'lanparm_data_t lanserv_data_s::lanparm' offset changed from 191328 to 191392 (in bits) (by +64 bits) + + 'unsigned char lanserv_data_s::lanparm_changed[8]' offset changed from 191904 to 191968 (in bits) (by +64 bits) + + 'unsigned int lanserv_data_s::persist_changed' offset changed from 191968 to 192032 (in bits) (by +64 bits) + + 'lanparm_data_t lanserv_data_s::lanparm_rollback' offset changed from 192000 to 192064 (in bits) (by +64 bits) + + 'char* lanserv_data_s::config_prog' offset changed from 192576 to 192640 (in bits) (by +64 bits) + + 'lan_addr_t lanserv_data_s::lan_addr' offset changed from 192640 to 192704 (in bits) (by +64 bits) + + 'int lanserv_data_s::lan_addr_set' offset changed from 192896 to 192960 (in bits) (by +64 bits) + + 'uint16_t lanserv_data_s::port' offset changed from 192928 to 192992 (in bits) (by +64 bits) + + + + [C]'function int ra_setup(serserv_data_t*)' at serial_ipmi.c:310:1 has some indirect sub-type changes: + + parameter 1 of type 'serserv_data_t*' has sub-type changes: + + in pointed to type 'typedef serserv_data_t' at serserv.h:62:1: + + underlying type 'struct serserv_data_s' at serserv.h:80:1 changed: + + type size changed from 3072 to 3136 (in bits) + + 17 data member changes: + + + + 'os_handler_t* serserv_data_s::os_hnd' offset changed from 2240 to 2304 (in bits) (by +64 bits) + + 'sys_data_t* serserv_data_s::sysinfo' offset changed from 2304 to 2368 (in bits) (by +64 bits) + + 'void* serserv_data_s::user_info' offset changed from 2368 to 2432 (in bits) (by +64 bits) + + 'int serserv_data_s::bind_fd' offset changed from 2432 to 2496 (in bits) (by +64 bits) + + 'int serserv_data_s::con_fd' offset changed from 2464 to 2528 (in bits) (by +64 bits) + + 'int serserv_data_s::connected' offset changed from 2496 to 2560 (in bits) (by +64 bits) + + 'void (serserv_data_t*, unsigned char*, unsigned int)* serserv_data_s::send_out' offset changed from 2560 to 2624 (in bits) (by +64 bits) + + 'ser_codec_t* serserv_data_s::codec' offset changed from 2624 to 2688 (in bits) (by +64 bits) + + 'void* serserv_data_s::codec_info' offset changed from 2688 to 2752 (in bits) (by +64 bits) + + 'ser_oem_handler_t* serserv_data_s::oem' offset changed from 2752 to 2816 (in bits) (by +64 bits) + + 'void* serserv_data_s::oem_info' offset changed from 2816 to 2880 (in bits) (by +64 bits) + + 'int serserv_data_s::debug' offset changed from 2880 to 2944 (in bits) (by +64 bits) + + 'unsigned char serserv_data_s::my_ipmb' offset changed from 2920 to 2984 (in bits) (by +64 bits) + + 'unsigned char serserv_data_s::global_enables' offset changed from 2928 to 2992 (in bits) (by +64 bits) + + 'unsigned char serserv_data_s::attn_chars[8]' offset changed from 2936 to 3000 (in bits) (by +64 bits) + + 'unsigned int serserv_data_s::attn_chars_len' offset changed from 3008 to 3072 (in bits) (by +64 bits) + + + + + +---------------diffs in OpenIPMI_libOpenIPMIcmdlang.so.0.0.5_abidiff.out:---------------- + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/alsa-lib_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/alsa-lib_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..a29cbff85f3984a7e32c043d5bf7a18be253d54d --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/alsa-lib_all_result.md @@ -0,0 +1,464 @@ +# Functions changed info + +---------------diffs in alsa-lib_libasound.so.2.0.0_abidiff.out:---------------- + +Functions changes summary: 8 Removed, 8 Changed (652 filtered out), 10 Added functions + +Variables changes summary: 0 Removed, 0 Changed (1 filtered out), 0 Added variable + + + +8 Removed functions: + + + + 'function int snd_tplg_add_object(snd_tplg_t*, snd_tplg_obj_template_t*)' {snd_tplg_add_object@@ALSA_0.9} + + 'function int snd_tplg_build(snd_tplg_t*, const char*)' {snd_tplg_build@@ALSA_0.9} + + 'function int snd_tplg_build_file(snd_tplg_t*, const char*, const char*)' {snd_tplg_build_file@@ALSA_0.9} + + 'function void snd_tplg_free(snd_tplg_t*)' {snd_tplg_free@@ALSA_0.9} + + 'function snd_tplg_t* snd_tplg_new()' {snd_tplg_new@@ALSA_0.9} + + 'function int snd_tplg_set_manifest_data(snd_tplg_t*, void*, int)' {snd_tplg_set_manifest_data@@ALSA_0.9} + + 'function int snd_tplg_set_version(snd_tplg_t*, unsigned int)' {snd_tplg_set_version@@ALSA_0.9} + + 'function void snd_tplg_verbose(snd_tplg_t*, int)' {snd_tplg_verbose@@ALSA_0.9} + + + +10 Added functions: + + + + 'function int snd_config_add_after(snd_config_t*, snd_config_t*)' {snd_config_add_after@@ALSA_0.9} + + 'function int snd_config_add_before(snd_config_t*, snd_config_t*)' {snd_config_add_before@@ALSA_0.9} + + 'function int snd_config_is_array(const snd_config_t*)' {snd_config_is_array@@ALSA_0.9} + + 'function int snd_dlpath(char*, size_t, const char*)' {snd_dlpath@@ALSA_0.9} + + 'function int snd_mixer_selem_id_parse(snd_mixer_selem_id_t*, const char*)' {snd_mixer_selem_id_parse@@ALSA_0.9} + + 'function int snd_pcm_extplug_set_param_link(snd_pcm_extplug_t*, int, int)' {snd_pcm_extplug_set_param_link@@ALSA_0.9} + + 'function snd_pcm_uframes_t snd_pcm_ioplug_avail(const snd_pcm_ioplug_t* const, const snd_pcm_uframes_t, const snd_pcm_uframes_t)' {snd_pcm_ioplug_avail@@ALSA_0.9} + + 'function size_t snd_strlcpy(char*, const char*, size_t)' {snd_strlcpy@@ALSA_0.9} + + 'function int snd_use_case_parse_ctl_elem_id(snd_ctl_elem_id_t*, const char*, const char*)' {snd_use_case_parse_ctl_elem_id@@ALSA_0.9} + + 'function int snd_use_case_parse_selem_id(snd_mixer_selem_id_t*, const char*, const char*)' {snd_use_case_parse_selem_id@@ALSA_0.9} + + + +8 functions with some indirect sub-type change: + + + + [C]'function snd_pcm_access_t __old_snd_pcm_hw_params_set_access_first(snd_pcm_t*, snd_pcm_hw_params_t*)' at pcm.c:7936:1 has some indirect sub-type changes: + + Please note that the exported symbol of this function is snd_pcm_hw_params_set_access_first@ALSA_0.9 + + parameter 1 of type 'snd_pcm_t*' has sub-type changes: + + in pointed to type 'typedef snd_pcm_t' at pcm.h:394:1: + + underlying type 'struct _snd_pcm' at pcm_local.h:189:1 changed: + + type size hasn't changed + + 1 data member changes (2 filtered): + + type of 'const snd_pcm_fast_ops_t* _snd_pcm::fast_ops' changed: + + in pointed to type 'const snd_pcm_fast_ops_t': + + in unqualified underlying type 'typedef snd_pcm_fast_ops_t' at pcm_local.h:188:1: + + underlying type 'struct {int (snd_pcm_t*, snd_pcm_status_t*)* status; int (snd_pcm_t*)* prepare; int (snd_pcm_t*)* reset; int (snd_pcm_t*)* start; int (snd_pcm_t*)* drop; int (snd_pcm_t*)* drain; int (snd_pcm_t*, int)* pause; typedef snd_pcm_state_t (snd_pcm_t*)* state; int (snd_pcm_t*)* hwsync; int (snd_pcm_t*, snd_pcm_sframes_t*)* delay; int (snd_pcm_t*)* resume; int (snd_pcm_t*, snd_pcm_t*)* link; int (snd_pcm_t*, snd_pcm_t*)* link_slaves; int (snd_pcm_t*)* unlink; typedef snd_pcm_sframes_t (snd_pcm_t*)* rewindable; typedef snd_pcm_sframes_t (snd_pcm_t*, typedef snd_pcm_uframes_t)* rewind; typedef snd_pcm_sframes_t (snd_pcm_t*)* forwardable; typedef snd_pcm_sframes_t (snd_pcm_t*, typedef snd_pcm_uframes_t)* forward; typedef snd_pcm_sframes_t (snd_pcm_t*, void*, typedef snd_pcm_uframes_t)* writei; typedef snd_pcm_sframes_t (snd_pcm_t*, void**, typedef snd_pcm_uframes_t)* writen; typedef snd_pcm_sframes_t (snd_pcm_t*, void*, typedef snd_pcm_uframes_t)* readi; typedef snd_pcm_sframes_t (snd_pcm_t*, void**, typedef snd_pcm_uframes_t)* readn; typedef snd_pcm_sframes_t (snd_pcm_t*)* avail_update; typedef snd_pcm_sframes_t (snd_pcm_t*, typedef snd_pcm_uframes_t, typedef snd_pcm_uframes_t)* mmap_commit; int (snd_pcm_t*, snd_pcm_uframes_t*, snd_htimestamp_t*)* htimestamp; int (snd_pcm_t*)* poll_descriptors_count; int (snd_pcm_t*, pollfd*, unsigned int)* poll_descriptors; int (snd_pcm_t*, pollfd*, unsigned int, unsigned short int*)* poll_revents; int (snd_pcm_t*, typedef snd_pcm_uframes_t)* may_wait_for_avail_min;}' at pcm_local.h:157:1 changed: + + type size changed from 1856 to 1920 (in bits) + + 1 data member insertion: + + 'int (snd_pcm_t*, const snd_pcm_channel_area_t**, snd_pcm_uframes_t*, snd_pcm_uframes_t*)* mmap_begin', at offset 1856 (in bits) at pcm_local.h:187:1 + + 1 data member changes (18 filtered): + + type of 'int (snd_pcm_t*, snd_pcm_status_t*)* status' changed: + + in pointed to type 'function type int (snd_pcm_t*, snd_pcm_status_t*)': + + parameter 2 of type 'snd_pcm_status_t*' has sub-type changes: + + in pointed to type 'typedef snd_pcm_status_t' at pcm.h:69:1: + + underlying type 'struct snd_pcm_status' at asound.h:456:1 changed: + + type size hasn't changed + + 1 data member insertion: + + '__time_pad snd_pcm_status::pad1', at offset 32 (in bits) at asound.h:475:1 + + + + + + + + [C]'function int __snd_ctl_elem_info_get_dimension(const snd_ctl_elem_info_t*, unsigned int)' at control.c:2546:1 has some indirect sub-type changes: + + Please note that the exported symbol of this function is snd_ctl_elem_info_get_dimension@@ALSA_0.9.3 + + parameter 1 of type 'const snd_ctl_elem_info_t*' has sub-type changes: + + in pointed to type 'const snd_ctl_elem_info_t': + + in unqualified underlying type 'typedef snd_ctl_elem_info_t' at control.h:63:1: + + underlying type 'struct snd_ctl_elem_info' at asound.h:900:1 changed: + + type size hasn't changed + + 1 data member deletion: + + 'union {unsigned short int d[4]; unsigned short int* d_ptr;} snd_ctl_elem_info::dimen', at offset 1664 (in bits) at asound.h:929:1 + + + + 1 data member change: + + type of 'unsigned char snd_ctl_elem_info::reserved[56]' changed: + + type name changed from 'unsigned char[56]' to 'unsigned char[64]' + + array type size changed from 448 to 512 + + array type subrange 1 changed length from 56 to 64 + + and offset changed from 1728 to 1664 (in bits) (by -64 bits) + + + + [C]'function int _snd_ctl_hw_open(snd_ctl_t**, char*, snd_config_t*, snd_config_t*, int)' at control_hw.c:440:1 has some indirect sub-type changes: + + parameter 1 of type 'snd_ctl_t**' has sub-type changes: + + in pointed to type 'snd_ctl_t*': + + in pointed to type 'typedef snd_ctl_t' at control.h:214:1: + + underlying type 'struct _snd_ctl' at control_local.h:58:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'const snd_ctl_ops_t* _snd_ctl::ops' changed: + + in pointed to type 'const snd_ctl_ops_t': + + in unqualified underlying type 'typedef snd_ctl_ops_t' at control_local.h:56:1: + + underlying type 'struct _snd_ctl_ops' at control_local.h:24:1 changed: + + type size hasn't changed + + 1 data member changes (19 filtered): + + type of 'int (snd_ctl_t*, snd_ctl_elem_value_t*)* _snd_ctl_ops::element_read' changed: + + in pointed to type 'function type int (snd_ctl_t*, snd_ctl_elem_value_t*)': + + parameter 2 of type 'snd_ctl_elem_value_t*' has sub-type changes: + + in pointed to type 'typedef snd_ctl_elem_value_t' at control.h:66:1: + + underlying type 'struct snd_ctl_elem_value' at asound.h:933:1 changed: + + type size hasn't changed + + 1 data member deletion: + + 'timespec snd_ctl_elem_value::tstamp', at offset 8768 (in bits) at asound.h:955:1 + + + + 1 data member change: + + type of 'unsigned char snd_ctl_elem_value::reserved[112]' changed: + + type name changed from 'unsigned char[112]' to 'unsigned char[128]' + + array type size changed from 896 to 1024 + + array type subrange 1 changed length from 112 to 128 + + and offset changed from 8896 to 8768 (in bits) (by -128 bits) + + + + + + parameter 4 of type 'snd_config_t*' has sub-type changes: + + in pointed to type 'typedef snd_config_t' at conf.h:69:1: + + underlying type 'struct _snd_config' at conf.c:434:1 changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'union {long int integer; long long int integer64; char* string; double real; void* ptr; struct {list_head fields; int join;} compound;} _snd_config::u' changed: + + type size hasn't changed + + 1 data member change: + + type of 'struct {list_head fields; int join;} compound' changed: + + type size hasn't changed + + 1 data member change: + + type of 'int join' changed: + + type name changed from 'int' to 'bool' + + type size changed from 32 to 8 (in bits) + + + + + + + + + + [C]'function int _snd_rawmidi_hw_open(snd_rawmidi_t**, snd_rawmidi_t**, char*, snd_config_t*, snd_config_t*, int)' at rawmidi_hw.c:318:1 has some indirect sub-type changes: + + parameter 1 of type 'snd_rawmidi_t**' has sub-type changes: + + in pointed to type 'snd_rawmidi_t*': + + in pointed to type 'typedef snd_rawmidi_t' at rawmidi.h:68:1: + + underlying type 'struct _snd_rawmidi' at rawmidi_local.h:39:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'const snd_rawmidi_ops_t* _snd_rawmidi::ops' changed: + + in pointed to type 'const snd_rawmidi_ops_t': + + in unqualified underlying type 'typedef snd_rawmidi_ops_t' at rawmidi_local.h:37:1: + + underlying type 'struct {int (snd_rawmidi_t*)* close; int (snd_rawmidi_t*, int)* nonblock; int (snd_rawmidi_t*, snd_rawmidi_info_t*)* info; int (snd_rawmidi_t*, snd_rawmidi_params_t*)* params; int (snd_rawmidi_t*, snd_rawmidi_status_t*)* status; int (snd_rawmidi_t*)* drop; int (snd_rawmidi_t*)* drain; typedef ssize_t (snd_rawmidi_t*, void*, typedef size_t)* write; typedef ssize_t (snd_rawmidi_t*, void*, typedef size_t)* read;}' at rawmidi_local.h:27:1 changed: + + type size hasn't changed + + 1 data member changes (8 filtered): + + type of 'int (snd_rawmidi_t*, snd_rawmidi_status_t*)* status' changed: + + in pointed to type 'function type int (snd_rawmidi_t*, snd_rawmidi_status_t*)': + + parameter 2 of type 'snd_rawmidi_status_t*' has sub-type changes: + + in pointed to type 'typedef snd_rawmidi_status_t' at rawmidi.h:49:1: + + underlying type 'struct snd_rawmidi_status' at asound.h:648:1 changed: + + type size hasn't changed + + 1 data member insertion: + + '__time_pad snd_rawmidi_status::pad1', at offset 32 (in bits) at asound.h:741:1 + + + + + + no data member change (1 filtered); + + + + [C]'function long int snd_midi_event_decode(snd_midi_event_t*, unsigned char*, long int, const snd_seq_event_t*)' at seq_midi_event.c:557:1 has some indirect sub-type changes: + + parameter 1 of type 'snd_midi_event_t*' has sub-type changes: + + in pointed to type 'typedef snd_midi_event_t' at seq_midi_event.h:43:1: + + underlying type 'struct snd_midi_event' at seq_midi_event.c:37:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'size_t snd_midi_event::qlen' changed: + + typedef name changed from size_t to ssize_t at stdio.h:77:1 + + underlying type 'unsigned long int' changed: + + entity changed from 'unsigned long int' to compatible type 'typedef __ssize_t' at types.h:191:1 + + type name changed from 'unsigned long int' to 'long int' + + type size hasn't changed + + + + + + + + [C]'function int snd_pcm_direct_client_chk_xrun(snd_pcm_direct_t*, snd_pcm_t*)' at pcm_direct.c:632:1 has some indirect sub-type changes: + + parameter 1 of type 'snd_pcm_direct_t*' has sub-type changes: + + in pointed to type 'typedef snd_pcm_direct_t' at pcm_direct.h:130:1: + + underlying type 'struct snd_pcm_direct' at pcm_direct.h:120:1 changed: + + type size changed from 2816 to 2880 (in bits) + + 2 data member insertions: + + 'snd_pcm_direct_hw_ptr_alignment_t snd_pcm_direct::hw_ptr_alignment', at offset 2112 (in bits) at pcm_direct.h:175:1 + + 'int snd_pcm_direct::tstamp_type', at offset 2144 (in bits) at pcm_direct.h:176:1 + + 2 data member changes (1 filtered): + + type of 'union {struct {int shmid_sum; int* sum_buffer; mix_areas_16_t* mix_areas_16; mix_areas_32_t* mix_areas_32; mix_areas_24_t* mix_areas_24; mix_areas_u8_t* mix_areas_u8; mix_areas_16_t* remix_areas_16; mix_areas_32_t* remix_areas_32; mix_areas_24_t* remix_areas_24; mix_areas_u8_t* remix_areas_u8;} dmix; struct {} dsnoop; struct {long long unsigned int chn_mask;} dshare;} snd_pcm_direct::u' changed: + + type size hasn't changed + + 1 data member deletion: + + 'struct {} dsnoop' at pcm_direct.h:177:1 + + + + and offset changed from 2112 to 2176 (in bits) (by +64 bits) + + 'void (snd_pcm_direct_t*)* snd_pcm_direct::server_free' offset changed from 2752 to 2816 (in bits) (by +64 bits) + + + + [C]'function int snd_pcm_dmix_open(snd_pcm_t**, const char*, snd_pcm_direct_open_conf*, slave_params*, snd_config_t*, snd_config_t*, snd_pcm_stream_t, int)' at pcm_dmix.c:1010:1 has some indirect sub-type changes: + + parameter 3 of type 'snd_pcm_direct_open_conf*' has sub-type changes: + + in pointed to type 'struct snd_pcm_direct_open_conf' at pcm_direct.h:352:1: + + type size changed from 384 to 448 (in bits) + + 2 data member insertions: + + 'snd_pcm_direct_hw_ptr_alignment_t snd_pcm_direct_open_conf::hw_ptr_alignment', at offset 224 (in bits) at pcm_direct.h:360:1 + + 'int snd_pcm_direct_open_conf::tstamp_type', at offset 256 (in bits) at pcm_direct.h:361:1 + + 2 data member changes: + + 'snd_config_t* snd_pcm_direct_open_conf::slave' offset changed from 256 to 320 (in bits) (by +64 bits) + + 'snd_config_t* snd_pcm_direct_open_conf::bindings' offset changed from 320 to 384 (in bits) (by +64 bits) + + + + [C]'function int snd_use_case_get(snd_use_case_mgr_t*, const char*, const char**)' at main.c:1696:1 has some indirect sub-type changes: + + parameter 1 of type 'snd_use_case_mgr_t*' has sub-type changes: + + in pointed to type 'typedef snd_use_case_mgr_t' at use-case.h:194:1: + + underlying type 'struct snd_use_case_mgr' at ucm_local.h:191:1 changed: + + type size changed from 2752 to 1984 (in bits) + + 3 data member deletions: + + 'char snd_use_case_mgr::card_long_name[80]', at offset 64 (in bits) at ucm_local.h:193:1 + + + + 'snd_ctl_t* snd_use_case_mgr::ctl', at offset 2496 (in bits) at ucm_local.h:215:1 + + + + 'char* snd_use_case_mgr::ctl_dev', at offset 2560 (in bits) at ucm_local.h:216:1 + + + + 6 data member insertions: + + 'char* snd_use_case_mgr::conf_dir_name', at offset 128 (in bits) at ucm_local.h:218:1 + + 'int snd_use_case_mgr::conf_format', at offset 256 (in bits) at ucm_local.h:220:1 + + 'list_head snd_use_case_mgr::once_list', at offset 448 (in bits) at ucm_local.h:226:1 + + 'int snd_use_case_mgr::default_list_executed', at offset 704 (in bits) at ucm_local.h:230:1 + + 'list_head snd_use_case_mgr::variable_list', at offset 1600 (in bits) at ucm_local.h:244:1 + + 'list_head snd_use_case_mgr::ctl_list', at offset 1728 (in bits) at ucm_local.h:247:1 + + 11 data member changes: + + type of 'char snd_use_case_mgr::conf_file_name[80]' changed: + + entity changed from 'char[80]' to 'char*' + + type size changed from 640 to 64 (in bits) + + and offset changed from 704 to 64 (in bits) (by -640 bits) + + 'char* snd_use_case_mgr::comment' offset changed from 1344 to 192 (in bits) (by -1152 bits) + + 'list_head snd_use_case_mgr::verb_list' offset changed from 1408 to 320 (in bits) (by -1088 bits) + + 'list_head snd_use_case_mgr::default_list' offset changed from 1536 to 576 (in bits) (by -960 bits) + + 'list_head snd_use_case_mgr::value_list' offset changed from 1664 to 768 (in bits) (by -896 bits) + + type of 'use_case_verb* snd_use_case_mgr::active_verb' changed: + + in pointed to type 'struct use_case_verb' at ucm_local.h:181:1: + + type size changed from 1216 to 1472 (in bits) + + 2 data member insertions: + + 'list_head use_case_verb::rename_list', at offset 1216 (in bits) at ucm_local.h:208:1 + + 'list_head use_case_verb::remove_list', at offset 1344 (in bits) at ucm_local.h:209:1 + + and offset changed from 1792 to 896 (in bits) (by -896 bits) + + 'list_head snd_use_case_mgr::active_devices' offset changed from 1856 to 960 (in bits) (by -896 bits) + + 'list_head snd_use_case_mgr::active_modifiers' offset changed from 1984 to 1088 (in bits) (by -896 bits) + + 'pthread_mutex_t snd_use_case_mgr::mutex' offset changed from 2112 to 1216 (in bits) (by -896 bits) + + 'int snd_use_case_mgr::in_component_domain' offset changed from 2624 to 1856 (in bits) (by -768 bits) + + 'char* snd_use_case_mgr::cdev' offset changed from 2688 to 1920 (in bits) (by -768 bits) + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/atk_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/atk_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..15a5264a8e5fbe8a9e2bb6fa611b996162679f32 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/atk_all_result.md @@ -0,0 +1,100 @@ +# Functions changed info + +---------------diffs in atk_libatk-1.0.so.0.23609.1_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 2 Changed (63 filtered out), 5 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +5 Added functions: + + + + 'function const gchar* atk_object_get_accessible_id(AtkObject*)' {atk_object_get_accessible_id} + + 'function void atk_object_set_accessible_id(AtkObject*, const gchar*)' {atk_object_set_accessible_id} + + 'function void atk_plug_set_child(AtkPlug*, AtkObject*)' {atk_plug_set_child} + + 'function gboolean atk_text_scroll_substring_to(AtkText*, gint, gint, AtkScrollType)' {atk_text_scroll_substring_to} + + 'function gboolean atk_text_scroll_substring_to_point(AtkText*, gint, gint, AtkCoordType, gint, gint)' {atk_text_scroll_substring_to_point} + + + +2 functions with some indirect sub-type change: + + + + [C]'function guint atk_add_focus_tracker(AtkEventListener)' at atkutil.c:129:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef AtkEventListener' has sub-type changes: + + underlying type 'void (AtkObject*)*' changed: + + in pointed to type 'function type void (AtkObject*)': + + parameter 1 of type 'AtkObject*' has sub-type changes: + + in pointed to type 'typedef AtkObject' at atkobject.h:459:1: + + underlying type 'struct _AtkObject' at atkobject.h:501:1 changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'AtkRole _AtkObject::role' changed: + + underlying type 'enum __anonymous_enum__' at atkobject.h:230:1 changed: + + type size hasn't changed + + 4 enumerator insertions: + + '__anonymous_enum__::ATK_ROLE_CONTENT_DELETION' value '123' + + '__anonymous_enum__::ATK_ROLE_CONTENT_INSERTION' value '124' + + '__anonymous_enum__::ATK_ROLE_MARK' value '125' + + '__anonymous_enum__::ATK_ROLE_SUGGESTION' value '126' + + + + 1 enumerator change: + + '__anonymous_enum__::ATK_ROLE_LAST_DEFINED' from value '123' to '127' at atkobject.h:247:1 + + + + + + + + [C]'function AtkTextAttribute atk_text_attribute_for_name(const gchar*)' at atktext.c:1258:1 has some indirect sub-type changes: + + return type changed: + + underlying type 'enum __anonymous_enum__' at atktext.h:68:1 changed: + + type size hasn't changed + + 1 enumerator insertion: + + '__anonymous_enum__::ATK_TEXT_ATTR_TEXT_POSITION' value '28' + + + + 1 enumerator change: + + '__anonymous_enum__::ATK_TEXT_ATTR_LAST_DEFINED' from value '28' to '29' at atktext.h:70:1 + + + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/brltty_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/brltty_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..af4fa2becf45014ed3066e51e528c0db8672d729 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/brltty_all_result.md @@ -0,0 +1,344 @@ +# Functions changed info + +---------------diffs in brltty_libbrlttybmb.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybmd.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybal.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlapi.so.0.6.7_abidiff.out:---------------- + +---------------diffs in brltty_libbrlttybvr.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttyblt.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybnp.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttysfv.so_abidiff.out:---------------- + +---------------diffs in brltty_libbrlttyxsc.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybvd.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybpm.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybba.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybat.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybhm.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybmm.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttysbl.so_abidiff.out:---------------- + +---------------diffs in brltty_libbrlttybhw.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed (1 filtered out), 0 Added variables + + + +---------------diffs in brltty_libbrlttybic.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed (1 filtered out), 0 Added variables + + + +---------------diffs in brltty_libbrlttybbg.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybbd.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybbm.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed (1 filtered out), 0 Added variables + + + +---------------diffs in brltty_libbrlttybvo.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybhd.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybht.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed (1 filtered out), 0 Added variables + + + +---------------diffs in brltty_libbrlttysxs.so_abidiff.out:---------------- + +---------------diffs in brltty_libbrlttyscb.so_abidiff.out:---------------- + +---------------diffs in brltty_libbrlttybmt.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybeu.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed (3 filtered out), 0 Added variables + + + +---------------diffs in brltty_libbrlttybpg.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybec.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybtt.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttysgs.so_abidiff.out:---------------- + +---------------diffs in brltty_libbrlttybbl.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybbn.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybtn.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttysal.so_abidiff.out:---------------- + +---------------diffs in brltty_libbrlttybmn.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybfs.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed (1 filtered out), 0 Added variables + + + +---------------diffs in brltty_libbrlttyxlx.so_abidiff.out:---------------- + +Functions changes summary: 1 Removed, 0 Changed, 1 Added functions + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +1 Removed function: + + + + 'function void lxBrailleOfflineListener(const ReportListenerParameters*)' {lxBrailleOfflineListener} + + + +1 Added function: + + + + 'function void lxBrailleDeviceOfflineListener(const ReportListenerParameters*)' {lxBrailleDeviceOfflineListener} + + + +---------------diffs in brltty_libbrlttybvs.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybbc.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybcb.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybir.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybce.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybts.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + +---------------diffs in brltty_libbrlttybsk.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 1 Changed, 0 Added variable + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/c-ares_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/c-ares_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..e8b0284768f8318ad2835c3511213c4d04aa24ad --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/c-ares_all_result.md @@ -0,0 +1,20 @@ +# Functions changed info + +---------------diffs in c-ares_libcares.so.2.4.1_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Added functions: + + + + 'function void ares_freeaddrinfo(ares_addrinfo*)' {ares_freeaddrinfo} + + 'function void ares_getaddrinfo(ares_channel, const char*, const char*, const ares_addrinfo_hints*, ares_addrinfo_callback, void*)' {ares_getaddrinfo} + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/e2fsprogs_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/e2fsprogs_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..9ab0cf624be3afefb0e17e19a40c7327904ce5a5 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/e2fsprogs_all_result.md @@ -0,0 +1,298 @@ +# Functions changed info + +---------------diffs in e2fsprogs_libe2p.so.2.3_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed (1 filtered out), 1 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 Added function: + + + + 'function void e2p_feature_to_string(int, unsigned int, char*, size_t)' {e2p_feature_to_string} + + + +1 function with some indirect sub-type change: + + + + [C]'function void list_super(ext2_super_block*)' at ls.c:473:1 has some indirect sub-type changes: + + parameter 1 of type 'ext2_super_block*' has sub-type changes: + + in pointed to type 'struct ext2_super_block' at ext2_fs.h:639:1: + + type size hasn't changed + + 2 data member changes: + + type of 'char ext2_super_block::s_volume_name[16]' changed: + + array element type 'char' changed: + + entity changed from 'char' to compatible type 'typedef __u8' at ext2_types.h:22:1 + + type name changed from 'char' to 'unsigned char' + + type size hasn't changed + + + + type name changed from 'char[16]' to '__u8[16]' + + type size hasn't changed + + + + type of 'char ext2_super_block::s_last_mounted[64]' changed: + + array element type 'char' changed: + + entity changed from 'char' to compatible type 'typedef __u8' at ext2_types.h:22:1 + + type name changed from 'char' to 'unsigned char' + + type size hasn't changed + + + + type name changed from 'char[64]' to '__u8[64]' + + type size hasn't changed + + + + + + + +---------------diffs in e2fsprogs_libext2fs.so.2.4_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 7 Changed (388 filtered out), 15 Added functions + +Variables changes summary: 0 Removed, 0 Changed (2 filtered out), 0 Added variables + + + +15 Added functions: + + + + 'function errcode_t ext2fs_dirent_swab_in(ext2_filsys, char*, int)' {ext2fs_dirent_swab_in} + + 'function errcode_t ext2fs_dirent_swab_in2(ext2_filsys, char*, size_t, int)' {ext2fs_dirent_swab_in2} + + 'function errcode_t ext2fs_dirent_swab_out(ext2_filsys, char*, int)' {ext2fs_dirent_swab_out} + + 'function errcode_t ext2fs_dirent_swab_out2(ext2_filsys, char*, size_t, int)' {ext2fs_dirent_swab_out2} + + 'function blk64_t ext2fs_get_stat_i_blocks(ext2_filsys, ext2_inode*)' {ext2fs_get_stat_i_blocks} + + 'function errcode_t ext2fs_resize_array(unsigned long int, unsigned long int, unsigned long int, void*)' {ext2fs_resize_array} + + 'function void ext2fs_swap_ext_attr(char*, char*, int, int)' {ext2fs_swap_ext_attr} + + 'function void ext2fs_swap_ext_attr_entry(ext2_ext_attr_entry*, ext2_ext_attr_entry*)' {ext2fs_swap_ext_attr_entry} + + 'function void ext2fs_swap_ext_attr_header(ext2_ext_attr_header*, ext2_ext_attr_header*)' {ext2fs_swap_ext_attr_header} + + 'function void ext2fs_swap_group_desc(ext2_group_desc*)' {ext2fs_swap_group_desc} + + 'function void ext2fs_swap_group_desc2(ext2_filsys, ext2_group_desc*)' {ext2fs_swap_group_desc2} + + 'function void ext2fs_swap_inode(ext2_filsys, ext2_inode*, ext2_inode*, int)' {ext2fs_swap_inode} + + 'function void ext2fs_swap_inode_full(ext2_filsys, ext2_inode_large*, ext2_inode_large*, int, int)' {ext2fs_swap_inode_full} + + 'function void ext2fs_swap_mmp(mmp_struct*)' {ext2fs_swap_mmp} + + 'function void ext2fs_swap_super(ext2_super_block*)' {ext2fs_swap_super} + + + +7 functions with some indirect sub-type change: + + + + [C]'function errcode_t ext2fs_add_journal_device(ext2_filsys, ext2_filsys)' at mkjournal.c:371:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef ext2_filsys' has sub-type changes: + + underlying type 'struct_ext2_filsys*' changed: + + in pointed to type 'struct struct_ext2_filsys' at ext2fs.h:226:1: + + type size hasn't changed + + 1 data member changes (13 filtered): + + type of 'ext2_super_block* struct_ext2_filsys::orig_super' changed: + + in pointed to type 'struct ext2_super_block' at ext2_fs.h:639:1: + + type size hasn't changed + + 2 data member changes: + + type of 'char ext2_super_block::s_volume_name[16]' changed: + + array element type 'char' changed: + + entity changed from 'char' to compatible type 'typedef __u8' at ext2_types.h:22:1 + + type name changed from 'char' to 'unsigned char' + + type size hasn't changed + + + + type name changed from 'char[16]' to '__u8[16]' + + type size hasn't changed + + + + type of 'char ext2_super_block::s_last_mounted[64]' changed: + + array element type 'char' changed: + + entity changed from 'char' to compatible type 'typedef __u8' at ext2_types.h:22:1 + + type name changed from 'char' to 'unsigned char' + + type size hasn't changed + + + + type name changed from 'char[64]' to '__u8[64]' + + type size hasn't changed + + + + + + + + [C]'function ext2_off_t ext2fs_file_get_size(ext2_file_t)' at fileio.c:557:1 has some indirect sub-type changes: + + return type changed: + + underlying type 'typedef __u32' at ext2_types.h:76:1 changed: + + typedef name changed from __u32 to __s32 at ext2_types.h:98:1 + + underlying type 'unsigned int' changed: + + type name changed from 'unsigned int' to 'int' + + type size hasn't changed + + + + + + [C]'function errcode_t ext2fs_file_lseek(ext2_file_t, ext2_off_t, int, ext2_off_t*)' at fileio.c:529:1 has some indirect sub-type changes: + + parameter 2 of type 'typedef ext2_off_t' changed: + + underlying type 'typedef __u32' at ext2_types.h:76:1 changed: + + typedef name changed from __u32 to __s32 at ext2_types.h:98:1 + + underlying type 'unsigned int' changed: + + type name changed from 'unsigned int' to 'int' + + type size hasn't changed + + + + parameter 4 of type 'ext2_off_t*' changed: + + pointed to type 'typedef ext2_off_t' changed at ext2fs.h:80:1, as reported earlier + + + + [C]'function errcode_t ext2fs_file_set_size(ext2_file_t, ext2_off_t)' at fileio.c:657:1 has some indirect sub-type changes: + + + + [C]'function errcode_t ext2fs_file_set_size2(ext2_file_t, ext2_off64_t)' at fileio.c:619:1 has some indirect sub-type changes: + + parameter 2 of type 'typedef ext2_off64_t' changed: + + underlying type 'typedef __u64' at ext2_types.h:120:1 changed: + + typedef name changed from __u64 to __s64 at ext2_types.h:142:1 + + underlying type 'long long unsigned int' changed: + + type name changed from 'long long unsigned int' to 'long long int' + + type size hasn't changed + + + + + + [C]'function errcode_t ext2fs_inode_size_set(ext2_filsys, ext2_inode*, ext2_off64_t)' at blknum.c:537:1 has some indirect sub-type changes: + + parameter 3 of type 'typedef ext2_off64_t' changed: + + underlying type 'typedef __u64' at ext2_types.h:120:1 changed: + + typedef name changed from __u64 to __s64 at ext2_types.h:142:1 + + underlying type 'long long unsigned int' changed: + + type name changed from 'long long unsigned int' to 'long long int' + + type size hasn't changed + + + + + + [C]'function errcode_t ext2fs_mmp_csum_set(ext2_filsys, mmp_struct*)' at csum.c:62:1 has some indirect sub-type changes: + + parameter 2 of type 'mmp_struct*' has sub-type changes: + + in pointed to type 'struct mmp_struct' at ext2_fs.h:1097:1: + + type size hasn't changed + + 2 data member changes: + + + + type of 'char mmp_struct::mmp_bdevname[32]' changed: + + array element type 'char' changed: + + entity changed from 'char' to compatible type 'typedef __u8' at ext2_types.h:22:1 + + type name changed from 'char' to 'unsigned char' + + type size hasn't changed + + + + type name changed from 'char[32]' to '__u8[32]' + + type size hasn't changed + + + + + + + +---------------diffs in e2fsprogs_libcom_err.so.2.1_abidiff.out:---------------- + +---------------diffs in e2fsprogs_libss.so.2.0_abidiff.out:---------------- + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/exiv2_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/exiv2_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..23e7cb3b6376ab4385ab5a2127b8b84030ead768 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/exiv2_all_result.md @@ -0,0 +1,34 @@ +# Functions changed info + +---------------diffs in exiv2_libexiv2.so.26.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 1 Removed, 3 Added function symbols not referenced by debug info + +Variable symbols changes summary: 0 Removed, 0 Added variable symbol not referenced by debug info + + + +1 Removed function symbol not referenced by debug info: + + + + _ZN5Exiv29WebPImage12decodeChunksEm + + + +3 Added function symbols not referenced by debug info: + + + + _ZN5Exiv27BasicIo11readOrThrowEPhlNS_9ErrorCodeE + + _ZN5Exiv27BasicIo11readOrThrowElNS_9ErrorCodeE + + _ZN5Exiv29WebPImage12decodeChunksEj + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/fontconfig_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/fontconfig_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..dfa461ec1466bd36002e8f39d8df1230f2d94d91 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/fontconfig_all_result.md @@ -0,0 +1,112 @@ +# Functions changed info + +---------------diffs in fontconfig_libfontconfig.so.1.12.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 3 Changed (48 filtered out), 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Added functions: + + + + 'function FcChar8* IA__FcConfigGetFilename(FcConfig*, const FcChar8*)' {FcConfigGetFilename} + + 'function FcChar8* IA__FcStrBuildFilename(const FcChar8*, ...)' {FcStrBuildFilename} + + + +3 functions with some indirect sub-type change: + + + + [C]'function FcBool FcConfigAddRule(FcConfig*, FcRule*, FcMatchKind)' at fccfg.c:920:1 has some indirect sub-type changes: + + parameter 1 of type 'FcConfig*' has sub-type changes: + + in pointed to type 'typedef FcConfig' at fontconfig.h:324:1: + + underlying type 'struct _FcConfig' at fcint.h:505:1 changed: + + type size hasn't changed + + 1 data member deletion: + + 'FcHashTable* _FcConfig::uuid_table', at offset 1280 (in bits) at fcint.h:568:1 + + + + 1 data member insertion: + + 'FcStrSet* _FcConfig::configMapDirs', at offset 64 (in bits) at fcint.h:512:1 + + 17 data member changes: + + 'FcStrSet* _FcConfig::fontDirs' offset changed from 64 to 128 (in bits) (by +64 bits) + + 'FcStrSet* _FcConfig::cacheDirs' offset changed from 128 to 192 (in bits) (by +64 bits) + + 'FcStrSet* _FcConfig::configFiles' offset changed from 192 to 256 (in bits) (by +64 bits) + + 'FcPtrList* _FcConfig::subst[3]' offset changed from 256 to 320 (in bits) (by +64 bits) + + 'int _FcConfig::maxObjects' offset changed from 448 to 512 (in bits) (by +64 bits) + + 'FcStrSet* _FcConfig::acceptGlobs' offset changed from 512 to 576 (in bits) (by +64 bits) + + 'FcStrSet* _FcConfig::rejectGlobs' offset changed from 576 to 640 (in bits) (by +64 bits) + + 'FcFontSet* _FcConfig::acceptPatterns' offset changed from 640 to 704 (in bits) (by +64 bits) + + 'FcFontSet* _FcConfig::rejectPatterns' offset changed from 704 to 768 (in bits) (by +64 bits) + + 'FcFontSet* _FcConfig::fonts[2]' offset changed from 768 to 832 (in bits) (by +64 bits) + + 'time_t _FcConfig::rescanTime' offset changed from 896 to 960 (in bits) (by +64 bits) + + 'int _FcConfig::rescanInterval' offset changed from 960 to 1024 (in bits) (by +64 bits) + + 'FcRef _FcConfig::ref' offset changed from 992 to 1056 (in bits) (by +64 bits) + + 'FcExprPage* _FcConfig::expr_pool' offset changed from 1024 to 1088 (in bits) (by +64 bits) + + 'FcChar8* _FcConfig::sysRoot' offset changed from 1088 to 1152 (in bits) (by +64 bits) + + 'FcStrSet* _FcConfig::availConfigFiles' offset changed from 1152 to 1216 (in bits) (by +64 bits) + + 'FcPtrList* _FcConfig::rulesetList' offset changed from 1216 to 1280 (in bits) (by +64 bits) + + + + [C]'function void IA__FcCacheCreateTagFile(const FcConfig*)' at fccache.c:2023:1 has some indirect sub-type changes: + + Please note that the exported symbol of this function is FcCacheCreateTagFile + + parameter 1 of type 'const FcConfig*' changed: + + in pointed to type 'const FcConfig' at fontconfig.h:324:1: + + entity changed from 'const FcConfig' to 'typedef FcConfig' at fontconfig.h:324:1 + + type size hasn't changed + + + + [C]'function FcStrList* IA__FcConfigGetCacheDirs(const FcConfig*)' at fccfg.c:763:1 has some indirect sub-type changes: + + Please note that the exported symbol of this function is FcConfigGetCacheDirs + + parameter 1 of type 'const FcConfig*' changed: + + in pointed to type 'const FcConfig' at fontconfig.h:324:1: + + entity changed from 'const FcConfig' to 'typedef FcConfig' at fontconfig.h:324:1 + + type size hasn't changed + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/glib2_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/glib2_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..0a0bea0a3e2dcbc3a11c3cfe61463b0fd8403cf8 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/glib2_all_result.md @@ -0,0 +1,58 @@ +# Functions changed info + +---------------diffs in glib2_libglib-2.0.so.0.6200.5_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (1 filtered out), 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in glib2_libgio-2.0.so.0.6200.5_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 function with some indirect sub-type change: + + + + [C]'function gboolean g_file_monitor_source_handle_event(GFileMonitorSource*, GFileMonitorEvent, const gchar*, const gchar*, GFile*, gint64)' at glocalfilemonitor.c:343:1 has some indirect sub-type changes: + + parameter 1 of type 'GFileMonitorSource*' has sub-type changes: + + in pointed to type 'typedef GFileMonitorSource' at glocalfilemonitor.h:41:1: + + underlying type 'struct _GFileMonitorSource' at glocalfilemonitor.c:45:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'gpointer _GFileMonitorSource::instance' changed: + + typedef name changed from gpointer to GWeakRef at gobject.h:884:1 + + underlying type 'void*' changed: + + entity changed from 'void*' to 'struct {union {gpointer p;} priv;}' at gobject.h:881:1 + + type size hasn't changed + + and name of '_GFileMonitorSource::instance' changed to '_GFileMonitorSource::instance_ref' at glocalfilemonitor.c:49:1 + + + + + +---------------diffs in glib2_libgmodule-2.0.so.0.6200.5_abidiff.out:---------------- + +---------------diffs in glib2_libgthread-2.0.so.0.6200.5_abidiff.out:---------------- + +---------------diffs in glib2_libgobject-2.0.so.0.6200.5_abidiff.out:---------------- + +---------------diffs in glib2_libgiofam.so_abidiff.out:---------------- + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/gnutls_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/gnutls_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..96c40fef52ec74565213ae840066c66b1665cb37 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/gnutls_all_result.md @@ -0,0 +1,2048 @@ +# Functions changed info + +---------------diffs in gnutls_libgnutlsxx.so.28.1.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed (3 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 function with some indirect sub-type change: + + + + [C]'method void gnutls::certificate_credentials::set_retrieve_function(gnutls_certificate_retrieve_function*)' at gnutlsxx.cpp:735:1 has some indirect sub-type changes: + + parameter 1 of type 'gnutls_certificate_retrieve_function*' has sub-type changes: + + in pointed to type 'typedef gnutls_certificate_retrieve_function' at gnutls.h:2791:1: + + underlying type 'function type int (typedef gnutls_session_t, const gnutls_datum_t*, int, const gnutls_pk_algorithm_t*, int, gnutls_retr2_st*)' changed: + + parameter 4 of type 'const gnutls_pk_algorithm_t*' has sub-type changes: + + in pointed to type 'const gnutls_pk_algorithm_t': + + in unqualified underlying type 'typedef gnutls_pk_algorithm_t' at gnutls.h:881:1: + + underlying type 'enum __anonymous_enum__' at gnutls.h:833:1 changed: + + type size hasn't changed + + 2 enumerator insertions: + + '__anonymous_enum__::GNUTLS_PK_ECDH_X448' value '11' + + '__anonymous_enum__::GNUTLS_PK_EDDSA_ED448' value '12' + + + + 1 enumerator change: + + '__anonymous_enum__::GNUTLS_PK_MAX' from value '10' to '12' at gnutls.h:866:1 + + + + + + + +---------------diffs in gnutls_libgnutls.so.30.28.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 34 Changed (580 filtered out), 23 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +23 Added functions: + + + + 'function void _gnutls_buffer_clear(gnutls_buffer_st*)' {_gnutls_buffer_clear@@GNUTLS_PRIVATE_3_4} + + 'function void _gnutls_buffer_pop_datum(gnutls_buffer_st*, gnutls_datum_t*, size_t)' {_gnutls_buffer_pop_datum@@GNUTLS_PRIVATE_3_4} + + 'function int _gnutls_buffer_unescape(gnutls_buffer_st*)' {_gnutls_buffer_unescape@@GNUTLS_PRIVATE_3_4} + + 'function int _gnutls_iov_iter_init(iov_iter_st*, const giovec_t*, size_t, size_t)' {_gnutls_iov_iter_init@@GNUTLS_PRIVATE_3_4} + + 'function ssize_t _gnutls_iov_iter_next(iov_iter_st*, uint8_t**)' {_gnutls_iov_iter_next@@GNUTLS_PRIVATE_3_4} + + 'function int _gnutls_iov_iter_sync(iov_iter_st*, const uint8_t*, size_t)' {_gnutls_iov_iter_sync@@GNUTLS_PRIVATE_3_4} + + 'function int gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t, void*, size_t, const giovec_t*, int, const giovec_t*, int, void*, size_t)' {gnutls_aead_cipher_decryptv2@@GNUTLS_3_6_10} + + 'function int gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t, void*, size_t, const giovec_t*, int, const giovec_t*, int, void*, size_t*)' {gnutls_aead_cipher_encryptv2@@GNUTLS_3_6_10} + + 'function gnutls_certificate_verification_profiles_t gnutls_certificate_verification_profile_get_id(const char*)' {gnutls_certificate_verification_profile_get_id@@GNUTLS_3_6_12} + + 'function const char* gnutls_certificate_verification_profile_get_name(gnutls_certificate_verification_profiles_t)' {gnutls_certificate_verification_profile_get_name@@GNUTLS_3_6_12} + + 'function const char* gnutls_ext_get_name2(gnutls_session_t, unsigned int, gnutls_ext_parse_type_t)' {gnutls_ext_get_name2@@GNUTLS_3_6_14} + + 'function int gnutls_hkdf_expand(gnutls_mac_algorithm_t, const gnutls_datum_t*, const gnutls_datum_t*, void*, size_t)' {gnutls_hkdf_expand@@GNUTLS_3_6_13} + + 'function int gnutls_hkdf_extract(gnutls_mac_algorithm_t, const gnutls_datum_t*, const gnutls_datum_t*, void*)' {gnutls_hkdf_extract@@GNUTLS_3_6_13} + + 'function unsigned int gnutls_hmac_get_key_size(gnutls_mac_algorithm_t)' {gnutls_hmac_get_key_size@@GNUTLS_3_6_12} + + 'function int gnutls_pbkdf2(gnutls_mac_algorithm_t, const gnutls_datum_t*, const gnutls_datum_t*, unsigned int, void*, size_t)' {gnutls_pbkdf2@@GNUTLS_3_6_13} + + 'function int gnutls_pkcs7_print_signature_info(gnutls_pkcs7_signature_info_st*, gnutls_certificate_print_formats_t, gnutls_datum_t*)' {gnutls_pkcs7_print_signature_info@@GNUTLS_3_6_14} + + 'function gnutls_digest_algorithm_t gnutls_prf_hash_get(const gnutls_session_t)' {gnutls_prf_hash_get@@GNUTLS_3_6_13} + + 'function int gnutls_psk_server_get_username2(gnutls_session_t, gnutls_datum_t*)' {gnutls_psk_server_get_username2@@GNUTLS_3_6_13} + + 'function int gnutls_psk_set_client_credentials2(gnutls_psk_client_credentials_t, const gnutls_datum_t*, const gnutls_datum_t*, gnutls_psk_key_flags)' {gnutls_psk_set_client_credentials2@@GNUTLS_3_6_13} + + 'function void gnutls_psk_set_client_credentials_function2(gnutls_psk_client_credentials_t, gnutls_psk_client_credentials_function2*)' {gnutls_psk_set_client_credentials_function2@@GNUTLS_3_6_13} + + 'function void gnutls_psk_set_server_credentials_function2(gnutls_psk_server_credentials_t, gnutls_psk_server_credentials_function2*)' {gnutls_psk_set_server_credentials_function2@@GNUTLS_3_6_13} + + 'function gnutls_keylog_func gnutls_session_get_keylog_function(const gnutls_session_t)' {gnutls_session_get_keylog_function@@GNUTLS_3_6_13} + + 'function void gnutls_session_set_keylog_function(gnutls_session_t, gnutls_keylog_func)' {gnutls_session_set_keylog_function@@GNUTLS_3_6_13} + + + +34 functions with some indirect sub-type change: + + + + [C]'function int _gnutls13_psk_ext_iter_next_binder(psk_ext_iter_st*, gnutls_datum_t*)' at psk_ext_parser.c:94:1 has some indirect sub-type changes: + + parameter 1 of type 'psk_ext_iter_st*' has sub-type changes: + + in pointed to type 'typedef psk_ext_iter_st' at psk_ext_parser.h:35:1: + + underlying type 'struct psk_ext_parser_st' at psk_ext_parser.h:26:1 changed: + + type size hasn't changed + + 2 data member changes: + + + + type of 'ssize_t psk_ext_parser_st::binders_len' changed: + + typedef name changed from ssize_t to size_t at stddef.h:216:1 + + underlying type 'typedef __ssize_t' at types.h:191:1 changed: + + entity changed from 'typedef __ssize_t' to compatible type 'unsigned long int' + + type name changed from 'long int' to 'unsigned long int' + + type size hasn't changed + + + + + + + + [C]'function int _gnutls_cipher_get_iv(gnutls_cipher_hd_t, void*, size_t)' at crypto-api.c:192:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_cipher_hd_t' has sub-type changes: + + underlying type 'api_cipher_hd_st*' changed: + + in pointed to type 'struct api_cipher_hd_st' at crypto-api.c:36:1: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'cipher_hd_st api_cipher_hd_st::ctx_dec' changed: + + underlying type 'struct {void* handle; const cipher_entry_st* e; cipher_encrypt_func encrypt; cipher_decrypt_func decrypt; aead_cipher_encrypt_func aead_encrypt; aead_cipher_decrypt_func aead_decrypt; cipher_auth_func auth; cipher_tag_func tag; cipher_setiv_func setiv; cipher_getiv_func getiv; cipher_deinit_func deinit;}' at cipher_int.h:57:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'const cipher_entry_st* e' changed: + + in pointed to type 'const cipher_entry_st': + + in unqualified underlying type 'typedef cipher_entry_st' at gnutls_int.h:636:1: + + underlying type 'struct cipher_entry_st' at gnutls_int.h:648:1 changed: + + type size hasn't changed + + 2 data member deletions: + + 'bool cipher_entry_st::only_aead', at offset 232 (in bits) at gnutls_int.h:659:1 + + + + 'bool cipher_entry_st::no_rekey', at offset 240 (in bits) at gnutls_int.h:660:1 + + + + no data member change (1 filtered); + + 1 data member change: + + type of 'bool cipher_entry_st::xor_nonce' changed: + + type name changed from 'bool' to 'unsigned int' + + type size changed from 8 to 32 (in bits) + + and name of 'cipher_entry_st::xor_nonce' changed to 'cipher_entry_st::flags' at gnutls_int.h:635:1 + + + + + + + + [C]'function unsigned int _gnutls_ecc_curve_is_supported(gnutls_ecc_curve_t)' at ecc.c:295:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ecc_curve_t' has sub-type changes: + + underlying type 'enum __anonymous_enum__' at gnutls.h:988:1 changed: + + type size hasn't changed + + 7 enumerator insertions: + + '__anonymous_enum__::GNUTLS_ECC_CURVE_GOST512C' value '15' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_GOST256A' value '16' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_GOST256B' value '17' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_GOST256C' value '18' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_GOST256D' value '19' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_X448' value '20' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_ED448' value '21' + + + + 1 enumerator change: + + '__anonymous_enum__::GNUTLS_ECC_CURVE_MAX' from value '14' to '21' at gnutls.h:1032:1 + + + + + + [C]'function void _gnutls_hello_set_default_version(gnutls_session_t, unsigned char, unsigned char)' at state.c:937:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_session_t' has sub-type changes: + + underlying type 'gnutls_session_int*' changed: + + in pointed to type 'struct gnutls_session_int' at gnutls_int.h:1497:1: + + type size changed from 52416 to 59008 (in bits) + + 1 data member changes (3 filtered): + + type of 'internals_st gnutls_session_int::internals' changed: + + underlying type 'struct {mbuffer_head_st record_buffer; int handshake_hash_buffer_prev_len; unsigned int handshake_hash_buffer_client_hello_len; unsigned int handshake_hash_buffer_client_kx_len; unsigned int handshake_hash_buffer_server_finished_len; unsigned int handshake_hash_buffer_client_finished_len; gnutls_buffer_st handshake_hash_buffer; bool resumable; send_ticket_state_t ticket_state; bye_state_t bye_state; reauth_state_t reauth_state; handshake_state_t handshake_final_state; handshake_state_t handshake_state; bool invalid_connection; bool may_not_read; bool may_not_write; bool read_eof; int last_alert; int last_handshake_in; int last_handshake_out; gnutls_priority_st* priorities; bool allow_large_records; bool allow_small_records; bool no_etm; bool no_ext_master_secret; bool allow_key_usage_violation; bool allow_wrong_pms; bool dumbfw; uint16_t dh_prime_bits; bool resumed; bool resumption_requested; security_parameters_st resumed_security_parameters; gnutls_datum_t resumption_data; mbuffer_head_st handshake_send_buffer; mbuffer_head_st handshake_header_recv_buffer; handshake_buffer_st handshake_recv_buffer[6]; int handshake_recv_buffer_size; mbuffer_head_st record_recv_buffer; mbuffer_head_st record_send_buffer; size_t record_send_buffer_user_size; mbuffer_head_st early_data_recv_buffer; gnutls_buffer_st early_data_presend_buffer; record_send_state_t rsend_state; gnutls_buffer_st record_key_update_buffer; gnutls_buffer_st record_presend_buffer; gnutls_buffer_st reauth_buffer; time_t expire_time; const mod_auth_st_int* auth_struct; uint8_t adv_version_major; uint8_t adv_version_minor; gnutls_certificate_request_t send_cert_req; size_t max_handshake_data_buffer_size; gnutls_pull_timeout_func pull_timeout_func; gnutls_pull_func pull_func; gnutls_push_func push_func; gnutls_vec_push_func vec_push_func; gnutls_errno_func errno_func; gnutls_transport_ptr_t transport_recv_ptr; gnutls_transport_ptr_t transport_send_ptr; gnutls_db_store_func db_store_func; gnutls_db_retr_func db_retrieve_func; gnutls_db_remove_func db_remove_func; void* db_ptr; gnutls_handshake_simple_hook_func user_hello_func; gnutls_handshake_hook_func h_hook; unsigned int h_type; int16_t h_post; gnutls_pcert_st* selected_cert_list; uint16_t selected_cert_list_length; gnutls_privkey_st* selected_key; gnutls_ocsp_data_st* selected_ocsp; uint16_t selected_ocsp_length; gnutls_status_request_ocsp_func selected_ocsp_func; void* selected_ocsp_func_ptr; bool selected_need_free; uint8_t default_record_version[2]; uint8_t default_hello_version[2]; void* user_ptr; bool direction; bool ignore_rdn_sequence; uint8_t rsa_pms_version[2]; int errnum; bool initial_negotiation_completed; void* post_negotiation_lock; transport_t transport; dtls_st dtls; unsigned int handshake_suspicious_loops; bool handshake_in_progress; bool premaster_set; unsigned int cb_tls_unique_len; unsigned char cb_tls_unique[36]; timespec handshake_start_time; timespec handshake_abs_timeout; unsigned int ertt; unsigned int handshake_timeout_ms; unsigned int record_timeout_ms; gnutls_datum_t post_handshake_cr_context; gnutls_buffer_st post_handshake_hash_buffer; unsigned int hsk_flags; timespec last_key_update; unsigned int key_update_count; gnutls_buffer_st full_client_hello; int extensions_offset; gnutls_buffer_st hb_local_data; gnutls_buffer_st hb_remote_data; timespec hb_ping_start; timespec hb_ping_sent; unsigned int hb_actual_retrans_timeout_ms; unsigned int hb_retrans_timeout_ms; unsigned int hb_total_timeout_ms; bool ocsp_check_ok; heartbeat_state_t hb_state; recv_state_t recv_state; bool sc_random_set; uint64_t flags; gnutls_certificate_verify_function* verify_callback; gnutls_typed_vdata_st* vc_data; gnutls_typed_vdata_st vc_sdata; unsigned int vc_elements; unsigned int vc_status; unsigned int additional_verify_flags; uint8_t cert_hash[32]; bool cert_hash_set; char saved_username[129]; bool saved_username_set; tfo_st tfo; gnutls_supplemental_entry_st* rsup; unsigned int rsup_size; hello_ext_entry_st* rexts; unsigned int rexts_size; __anonymous_struct__ ext_data[32]; uint32_t used_exts; gnutls_ext_flags_t ext_msg; unsigned int max_recv_size; const gnutls_group_entry_st* cand_ec_group; const gnutls_group_entry_st* cand_dh_group; const gnutls_group_entry_st* cand_group; uint8_t hrr_cs[2]; int session_ticket_renew; tls13_ticket_st tls13_ticket; uint32_t early_data_received; gnutls_anti_replay_t anti_replay; void* epoch_lock;}' at gnutls_int.h:1094:1 changed: + + type size changed from 27776 to 34048 (in bits) + + 1 data member deletion: + + 'bool saved_username_set', at offset 16432 (in bits) at gnutls_int.h:1448:1 + + + + 2 data member insertions: + + 'gnutls_keylog_func keylog_func', at offset 10496 (in bits) at gnutls_int.h:1230:1 + + 'int saved_username_size', at offset 16512 (in bits) at gnutls_int.h:1431:1 + + 4 data member changes (82 filtered): + + type of 'const mod_auth_st_int* auth_struct' changed: + + in pointed to type 'const mod_auth_st_int': + + in unqualified underlying type 'struct mod_auth_st_int' at auth.h:28:1: + + type size hasn't changed + + 1 data member changes (11 filtered): + + type of 'int (typedef gnutls_session_t, gnutls_buffer_st*)* mod_auth_st_int::gnutls_generate_client_certificate' changed: + + in pointed to type 'function type int (typedef gnutls_session_t, gnutls_buffer_st*)': + + parameter 1 of type 'typedef gnutls_session_t' has sub-type changes: + + underlying type 'gnutls_session_int*' changed: + + in pointed to type 'struct gnutls_session_int' at gnutls_int.h:1497:1: + + type size changed from 52416 to 59008 (in bits) + + 3 data member changes (1 filtered): + + type of 'record_parameters_st* gnutls_session_int::record_parameters[4]' changed: + + array element type 'record_parameters_st*' changed: + + in pointed to type 'typedef record_parameters_st' at gnutls_int.h:618:1: + + underlying type 'struct record_parameters_st' at gnutls_int.h:887:1 changed: + + type size hasn't changed + + 2 data member changes (2 filtered): + + type of 'record_state_st record_parameters_st::read' changed: + + underlying type 'struct record_state_st' at gnutls_int.h:858:1 changed: + + type size hasn't changed + + 2 data member changes: + + type of 'union {auth_cipher_hd_st tls12; api_aead_cipher_hd_st aead;} record_state_st::ctx' changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'auth_cipher_hd_st tls12' changed: + + underlying type 'struct {cipher_hd_st cipher; union {digest_hd_st dig; mac_hd_st mac;} mac; unsigned int is_mac; unsigned int non_null; unsigned int etm; size_t tag_size;}' at cipher_int.h:204:1 changed: + + type size hasn't changed + + 1 data member insertion: + + 'unsigned int continuous_mac', at offset 30 (in bits) at cipher_int.h:215:1 + + 2 data member changes (2 filtered): + + 'unsigned int etm' offset changed from 29 to 28 (in bits) (by -1 bits) + + 'unsigned int non_null' offset changed from 30 to 29 (in bits) (by -1 bits) + + + + + + type of 'gnutls_uint64 record_state_st::sequence_number' changed: + + typedef name changed from gnutls_uint64 to uint64_t at stdint-uintn.h:27:1 + + underlying type 'struct {unsigned char i[8];}' at gnutls_int.h:103:1 changed: + + entity changed from 'struct {unsigned char i[8];}' to 'typedef __uint64_t' at types.h:44:1 + + type size hasn't changed + + + + + + + + type size hasn't changed + + + + type of 'internals_st gnutls_session_int::internals' changed: + + underlying type 'struct {mbuffer_head_st record_buffer; int handshake_hash_buffer_prev_len; unsigned int handshake_hash_buffer_client_hello_len; unsigned int handshake_hash_buffer_client_kx_len; unsigned int handshake_hash_buffer_server_finished_len; unsigned int handshake_hash_buffer_client_finished_len; gnutls_buffer_st handshake_hash_buffer; bool resumable; send_ticket_state_t ticket_state; bye_state_t bye_state; reauth_state_t reauth_state; handshake_state_t handshake_final_state; handshake_state_t handshake_state; bool invalid_connection; bool may_not_read; bool may_not_write; bool read_eof; int last_alert; int last_handshake_in; int last_handshake_out; gnutls_priority_st* priorities; bool allow_large_records; bool allow_small_records; bool no_etm; bool no_ext_master_secret; bool allow_key_usage_violation; bool allow_wrong_pms; bool dumbfw; uint16_t dh_prime_bits; bool resumed; bool resumption_requested; security_parameters_st resumed_security_parameters; gnutls_datum_t resumption_data; mbuffer_head_st handshake_send_buffer; mbuffer_head_st handshake_header_recv_buffer; handshake_buffer_st handshake_recv_buffer[6]; int handshake_recv_buffer_size; mbuffer_head_st record_recv_buffer; mbuffer_head_st record_send_buffer; size_t record_send_buffer_user_size; mbuffer_head_st early_data_recv_buffer; gnutls_buffer_st early_data_presend_buffer; record_send_state_t rsend_state; gnutls_buffer_st record_key_update_buffer; gnutls_buffer_st record_presend_buffer; gnutls_buffer_st reauth_buffer; time_t expire_time; const mod_auth_st_int* auth_struct; uint8_t adv_version_major; uint8_t adv_version_minor; gnutls_certificate_request_t send_cert_req; size_t max_handshake_data_buffer_size; gnutls_pull_timeout_func pull_timeout_func; gnutls_pull_func pull_func; gnutls_push_func push_func; gnutls_vec_push_func vec_push_func; gnutls_errno_func errno_func; gnutls_transport_ptr_t transport_recv_ptr; gnutls_transport_ptr_t transport_send_ptr; gnutls_db_store_func db_store_func; gnutls_db_retr_func db_retrieve_func; gnutls_db_remove_func db_remove_func; void* db_ptr; gnutls_handshake_simple_hook_func user_hello_func; gnutls_handshake_hook_func h_hook; unsigned int h_type; int16_t h_post; gnutls_pcert_st* selected_cert_list; uint16_t selected_cert_list_length; gnutls_privkey_st* selected_key; gnutls_ocsp_data_st* selected_ocsp; uint16_t selected_ocsp_length; gnutls_status_request_ocsp_func selected_ocsp_func; void* selected_ocsp_func_ptr; bool selected_need_free; uint8_t default_record_version[2]; uint8_t default_hello_version[2]; void* user_ptr; bool direction; bool ignore_rdn_sequence; uint8_t rsa_pms_version[2]; int errnum; bool initial_negotiation_completed; void* post_negotiation_lock; transport_t transport; dtls_st dtls; unsigned int handshake_suspicious_loops; bool handshake_in_progress; bool premaster_set; unsigned int cb_tls_unique_len; unsigned char cb_tls_unique[36]; timespec handshake_start_time; timespec handshake_abs_timeout; unsigned int ertt; unsigned int handshake_timeout_ms; unsigned int record_timeout_ms; gnutls_datum_t post_handshake_cr_context; gnutls_buffer_st post_handshake_hash_buffer; unsigned int hsk_flags; timespec last_key_update; unsigned int key_update_count; gnutls_buffer_st full_client_hello; int extensions_offset; gnutls_buffer_st hb_local_data; gnutls_buffer_st hb_remote_data; timespec hb_ping_start; timespec hb_ping_sent; unsigned int hb_actual_retrans_timeout_ms; unsigned int hb_retrans_timeout_ms; unsigned int hb_total_timeout_ms; bool ocsp_check_ok; heartbeat_state_t hb_state; recv_state_t recv_state; bool sc_random_set; uint64_t flags; gnutls_certificate_verify_function* verify_callback; gnutls_typed_vdata_st* vc_data; gnutls_typed_vdata_st vc_sdata; unsigned int vc_elements; unsigned int vc_status; unsigned int additional_verify_flags; uint8_t cert_hash[32]; bool cert_hash_set; char saved_username[129]; bool saved_username_set; tfo_st tfo; gnutls_supplemental_entry_st* rsup; unsigned int rsup_size; hello_ext_entry_st* rexts; unsigned int rexts_size; __anonymous_struct__ ext_data[32]; uint32_t used_exts; gnutls_ext_flags_t ext_msg; unsigned int max_recv_size; const gnutls_group_entry_st* cand_ec_group; const gnutls_group_entry_st* cand_dh_group; const gnutls_group_entry_st* cand_group; uint8_t hrr_cs[2]; int session_ticket_renew; tls13_ticket_st tls13_ticket; uint32_t early_data_received; gnutls_anti_replay_t anti_replay; void* epoch_lock;}' at gnutls_int.h:1094:1 changed: + + type size changed from 27776 to 34048 (in bits) + + 1 data member deletion: + + 'bool saved_username_set', at offset 16432 (in bits) at gnutls_int.h:1448:1 + + + + 2 data member insertions: + + 'gnutls_keylog_func keylog_func', at offset 10496 (in bits) at gnutls_int.h:1230:1 + + 'int saved_username_size', at offset 16512 (in bits) at gnutls_int.h:1431:1 + + 76 data member changes (10 filtered): + + type of 'gnutls_priority_st* priorities' changed: + + in pointed to type 'struct gnutls_priority_st' at gnutls_int.h:921:1: + + type size hasn't changed + + 1 data member changes (2 filtered): + + type of 'sign_algo_list_st gnutls_priority_st::sigalg' changed: + + underlying type 'struct sign_algo_list_st' at gnutls_int.h:935:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'const gnutls_sign_entry_st* sign_algo_list_st::entry[64]' changed: + + array element type 'const gnutls_sign_entry_st*' changed: + + in pointed to type 'const gnutls_sign_entry_st': + + in unqualified underlying type 'struct gnutls_sign_entry_st' at algorithms.h:344:1: + + type size hasn't changed + + 1 data member insertion: + + 'unsigned int gnutls_sign_entry_st::hash_output_size', at offset 416 (in bits) at algorithms.h:373:1 + + 1 data member changes (5 filtered): + + type of 'gnutls_sign_algorithm_t gnutls_sign_entry_st::id' changed: + + underlying type 'enum __anonymous_enum__' at gnutls.h:912:1 changed: + + type size hasn't changed + + 1 enumerator insertion: + + '__anonymous_enum__::GNUTLS_SIGN_EDDSA_ED448' value '46' + + + + 1 enumerator change: + + '__anonymous_enum__::GNUTLS_SIGN_MAX' from value '45' to '46' at gnutls.h:948:1 + + + + + + no data member change (1 filtered); + + type size hasn't changed + + + + + + + + type of 'security_parameters_st resumed_security_parameters' changed: + + underlying type 'struct {unsigned int entity; uint16_t epoch_read; uint16_t epoch_write; uint16_t epoch_next; uint16_t epoch_min; const gnutls_cipher_suite_entry_st* cs; const mac_entry_st* prf; uint8_t master_secret[48]; uint8_t client_random[32]; uint8_t server_random[32]; uint8_t session_id[32]; uint8_t session_id_size; time_t timestamp; uint8_t post_handshake_auth; uint16_t max_record_send_size; uint16_t max_record_recv_size; uint16_t max_user_record_send_size; uint16_t max_user_record_recv_size; uint32_t max_early_data_size; gnutls_certificate_type_t client_ctype; gnutls_certificate_type_t server_ctype; const gnutls_group_entry_st* grp; gnutls_sign_algorithm_t server_sign_algo; gnutls_sign_algorithm_t client_sign_algo; uint8_t ext_master_secret; uint8_t etm; uint8_t client_auth_type; uint8_t server_auth_type; int do_recv_supplemental; int do_send_supplemental; const version_entry_st* pversion;}' at gnutls_int.h:769:1 changed: + + type size hasn't changed + + 1 data member changes (5 filtered): + + type of 'const version_entry_st* pversion' changed: + + in pointed to type 'const version_entry_st': + + in unqualified underlying type 'typedef version_entry_st' at gnutls_int.h:713:1: + + underlying type 'struct {const char* name; gnutls_protocol_t id; unsigned int age; uint8_t major; uint8_t minor; transport_t transport; bool supported; bool explicit_iv; bool extensions; bool selectable_sighash; bool selectable_prf; bool obsolete; bool tls13_sem; bool false_start; bool only_extension; bool post_handshake_auth; bool key_shares; uint8_t tls_sig_sem;}' at gnutls_int.h:708:1 changed: + + type size hasn't changed + + 1 data member insertion: + + 'bool multi_ocsp', at offset 280 (in bits) at gnutls_int.h:706:1 + + 1 data member change: + + 'uint8_t tls_sig_sem' offset changed from 280 to 288 (in bits) (by +8 bits) + + + + + + type of 'mbuffer_head_st early_data_recv_buffer' changed: + + underlying type 'struct mbuffer_head_st' at gnutls_int.h:478:1 changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'mbuffer_st* mbuffer_head_st::head' changed: + + in pointed to type 'struct mbuffer_st' at gnutls_int.h:410:1: + + type size hasn't changed + + 1 data member changes (2 filtered): + + type of 'gnutls_uint64 mbuffer_st::record_sequence' changed: + + details were reported earlier + + + + + + + + type of 'gnutls_pcert_st* selected_cert_list' changed: + + in pointed to type 'typedef gnutls_pcert_st' at abstract.h:651:1: + + underlying type 'struct gnutls_pcert_st' at abstract.h:641:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'gnutls_pubkey_t gnutls_pcert_st::pubkey' changed: + + underlying type 'gnutls_pubkey_st*' changed: + + in pointed to type 'struct gnutls_pubkey_st' at abstract_int.h:54:1: + + type size changed from 4032 to 4096 (in bits) + + 3 data member changes: + + type of 'gnutls_pk_params_st gnutls_pubkey_st::params' changed: + + underlying type 'struct {bigint_t params[16]; unsigned int params_nr; unsigned int pkflags; unsigned int qbits; gnutls_ecc_curve_t curve; gnutls_group_t dh_group; gnutls_gost_paramset_t gost_params; gnutls_datum_t raw_pub; gnutls_datum_t raw_priv; unsigned int seed_size; uint8_t seed[256]; gnutls_digest_algorithm_t palgo; gnutls_x509_spki_st spki; gnutls_pk_algorithm_t algo;}' at crypto-backend.h:194:1 changed: + + type size changed from 3776 to 3840 (in bits) + + 2 data member changes (3 filtered): + + type of 'gnutls_x509_spki_st spki' changed: + + underlying type 'struct gnutls_x509_spki_st' at crypto-backend.h:175:1 changed: + + type size changed from 128 to 192 (in bits) + + 2 data member insertions: + + 'gnutls_digest_algorithm_t gnutls_x509_spki_st::dsa_dig', at offset 128 (in bits) at crypto-backend.h:208:1 + + 'unsigned int gnutls_x509_spki_st::flags', at offset 160 (in bits) at crypto-backend.h:212:1 + + no data member changes (2 filtered); + + + + 'gnutls_pk_algorithm_t algo' offset changed from 3712 to 3776 (in bits) (by +64 bits) + + + + 'unsigned int gnutls_pubkey_st::key_usage' offset changed from 3840 to 3904 (in bits) (by +64 bits) + + 'pin_info_st gnutls_pubkey_st::pin' offset changed from 3904 to 3968 (in bits) (by +64 bits) + + + + and offset changed from 10496 to 10560 (in bits) (by +64 bits) + + 'uint16_t selected_cert_list_length' offset changed from 10560 to 10624 (in bits) (by +64 bits) + + 'gnutls_privkey_st* selected_key' offset changed from 10624 to 10688 (in bits) (by +64 bits) + + 'gnutls_ocsp_data_st* selected_ocsp' offset changed from 10688 to 10752 (in bits) (by +64 bits) + + 'uint16_t selected_ocsp_length' offset changed from 10752 to 10816 (in bits) (by +64 bits) + + 'gnutls_status_request_ocsp_func selected_ocsp_func' offset changed from 10816 to 10880 (in bits) (by +64 bits) + + 'void* selected_ocsp_func_ptr' offset changed from 10880 to 10944 (in bits) (by +64 bits) + + 'bool selected_need_free' offset changed from 10944 to 11008 (in bits) (by +64 bits) + + 'uint8_t default_record_version[2]' offset changed from 10952 to 11016 (in bits) (by +64 bits) + + 'uint8_t default_hello_version[2]' offset changed from 10968 to 11032 (in bits) (by +64 bits) + + 'void* user_ptr' offset changed from 11008 to 11072 (in bits) (by +64 bits) + + 'bool direction' offset changed from 11072 to 11136 (in bits) (by +64 bits) + + 'bool ignore_rdn_sequence' offset changed from 11080 to 11144 (in bits) (by +64 bits) + + 'uint8_t rsa_pms_version[2]' offset changed from 11088 to 11152 (in bits) (by +64 bits) + + 'int errnum' offset changed from 11104 to 11168 (in bits) (by +64 bits) + + 'bool initial_negotiation_completed' offset changed from 11136 to 11200 (in bits) (by +64 bits) + + 'void* post_negotiation_lock' offset changed from 11200 to 11264 (in bits) (by +64 bits) + + 'transport_t transport' offset changed from 11264 to 11328 (in bits) (by +64 bits) + + 'dtls_st dtls' offset changed from 11328 to 11392 (in bits) (by +64 bits) + + 'unsigned int handshake_suspicious_loops' offset changed from 11904 to 11968 (in bits) (by +64 bits) + + 'bool handshake_in_progress' offset changed from 11936 to 12000 (in bits) (by +64 bits) + + 'bool premaster_set' offset changed from 11944 to 12008 (in bits) (by +64 bits) + + 'unsigned int cb_tls_unique_len' offset changed from 11968 to 12032 (in bits) (by +64 bits) + + 'unsigned char cb_tls_unique[36]' offset changed from 12000 to 12064 (in bits) (by +64 bits) + + 'timespec handshake_start_time' offset changed from 12288 to 12352 (in bits) (by +64 bits) + + 'timespec handshake_abs_timeout' offset changed from 12416 to 12480 (in bits) (by +64 bits) + + 'unsigned int ertt' offset changed from 12544 to 12608 (in bits) (by +64 bits) + + 'unsigned int handshake_timeout_ms' offset changed from 12576 to 12640 (in bits) (by +64 bits) + + 'unsigned int record_timeout_ms' offset changed from 12608 to 12672 (in bits) (by +64 bits) + + 'gnutls_datum_t post_handshake_cr_context' offset changed from 12672 to 12736 (in bits) (by +64 bits) + + 'gnutls_buffer_st post_handshake_hash_buffer' offset changed from 12800 to 12864 (in bits) (by +64 bits) + + 'unsigned int hsk_flags' offset changed from 13056 to 13120 (in bits) (by +64 bits) + + 'timespec last_key_update' offset changed from 13120 to 13184 (in bits) (by +64 bits) + + 'unsigned int key_update_count' offset changed from 13248 to 13312 (in bits) (by +64 bits) + + 'gnutls_buffer_st full_client_hello' offset changed from 13312 to 13376 (in bits) (by +64 bits) + + 'int extensions_offset' offset changed from 13568 to 13632 (in bits) (by +64 bits) + + 'gnutls_buffer_st hb_local_data' offset changed from 13632 to 13696 (in bits) (by +64 bits) + + 'gnutls_buffer_st hb_remote_data' offset changed from 13888 to 13952 (in bits) (by +64 bits) + + 'timespec hb_ping_start' offset changed from 14144 to 14208 (in bits) (by +64 bits) + + 'timespec hb_ping_sent' offset changed from 14272 to 14336 (in bits) (by +64 bits) + + 'unsigned int hb_actual_retrans_timeout_ms' offset changed from 14400 to 14464 (in bits) (by +64 bits) + + 'unsigned int hb_retrans_timeout_ms' offset changed from 14432 to 14496 (in bits) (by +64 bits) + + 'unsigned int hb_total_timeout_ms' offset changed from 14464 to 14528 (in bits) (by +64 bits) + + 'bool ocsp_check_ok' offset changed from 14496 to 14560 (in bits) (by +64 bits) + + 'heartbeat_state_t hb_state' offset changed from 14528 to 14592 (in bits) (by +64 bits) + + 'recv_state_t recv_state' offset changed from 14560 to 14624 (in bits) (by +64 bits) + + 'bool sc_random_set' offset changed from 14592 to 14656 (in bits) (by +64 bits) + + 'uint64_t flags' offset changed from 14656 to 14720 (in bits) (by +64 bits) + + 'gnutls_certificate_verify_function* verify_callback' offset changed from 14720 to 14784 (in bits) (by +64 bits) + + 'gnutls_typed_vdata_st* vc_data' offset changed from 14784 to 14848 (in bits) (by +64 bits) + + 'gnutls_typed_vdata_st vc_sdata' offset changed from 14848 to 14912 (in bits) (by +64 bits) + + 'unsigned int vc_elements' offset changed from 15040 to 15104 (in bits) (by +64 bits) + + 'unsigned int vc_status' offset changed from 15072 to 15136 (in bits) (by +64 bits) + + 'uint8_t cert_hash[32]' offset changed from 15136 to 15200 (in bits) (by +64 bits) + + 'bool cert_hash_set' offset changed from 15392 to 15456 (in bits) (by +64 bits) + + 'char saved_username[129]' offset changed from 15400 to 15464 (in bits) (by +64 bits) + + 'tfo_st tfo' offset changed from 16448 to 16576 (in bits) (by +128 bits) + + 'gnutls_supplemental_entry_st* rsup' offset changed from 17664 to 17792 (in bits) (by +128 bits) + + 'unsigned int rsup_size' offset changed from 17728 to 17856 (in bits) (by +128 bits) + + 'hello_ext_entry_st* rexts' offset changed from 17792 to 17920 (in bits) (by +128 bits) + + 'unsigned int rexts_size' offset changed from 17856 to 17984 (in bits) (by +128 bits) + + type of '__anonymous_struct__ ext_data[32]' changed: + + type name changed from '__anonymous_struct__[32]' to '__anonymous_struct__[64]' + + array type size changed from 6144 to 12288 + + array type subrange 1 changed length from 32 to 64 + + and offset changed from 17920 to 18048 (in bits) (by +128 bits) + + type of 'uint32_t used_exts' changed: + + typedef name changed from uint32_t to uint64_t at stdint-uintn.h:27:1 + + underlying type 'typedef __uint32_t' at types.h:41:1 changed: + + typedef name changed from __uint32_t to __uint64_t at types.h:44:1 + + underlying type 'unsigned int' changed: + + type name changed from 'unsigned int' to 'unsigned long int' + + type size changed from 32 to 64 (in bits) + + and offset changed from 24064 to 30336 (in bits) (by +6272 bits) + + 'gnutls_ext_flags_t ext_msg' offset changed from 24096 to 30400 (in bits) (by +6304 bits) + + 'unsigned int max_recv_size' offset changed from 24128 to 30432 (in bits) (by +6304 bits) + + 'const gnutls_group_entry_st* cand_ec_group' offset changed from 24192 to 30464 (in bits) (by +6272 bits) + + type of 'const gnutls_group_entry_st* cand_dh_group' changed: + + in pointed to type 'const gnutls_group_entry_st': + + in unqualified underlying type 'typedef gnutls_group_entry_st' at gnutls_int.h:666:1: + + underlying type 'struct gnutls_group_entry_st' at gnutls_int.h:681:1 changed: + + type size hasn't changed + + 1 data member changes (2 filtered): + + type of 'gnutls_pk_algorithm_t gnutls_group_entry_st::pk' changed: + + underlying type 'enum __anonymous_enum__' at gnutls.h:833:1 changed: + + type size hasn't changed + + 2 enumerator insertions: + + '__anonymous_enum__::GNUTLS_PK_ECDH_X448' value '11' + + '__anonymous_enum__::GNUTLS_PK_EDDSA_ED448' value '12' + + + + 1 enumerator change: + + '__anonymous_enum__::GNUTLS_PK_MAX' from value '10' to '12' at gnutls.h:866:1 + + + + + + and offset changed from 24256 to 30528 (in bits) (by +6272 bits) + + 'const gnutls_group_entry_st* cand_group' offset changed from 24320 to 30592 (in bits) (by +6272 bits) + + 'uint8_t hrr_cs[2]' offset changed from 24384 to 30656 (in bits) (by +6272 bits) + + 'int session_ticket_renew' offset changed from 24416 to 30688 (in bits) (by +6272 bits) + + 'tls13_ticket_st tls13_ticket' offset changed from 24448 to 30720 (in bits) (by +6272 bits) + + 'uint32_t early_data_received' offset changed from 27584 to 33856 (in bits) (by +6272 bits) + + 'void* epoch_lock' offset changed from 27712 to 33984 (in bits) (by +6272 bits) + + + + type of 'gnutls_key_st gnutls_session_int::key' changed: + + underlying type 'struct gnutls_key_st' at gnutls_int.h:535:1 changed: + + type size changed from 22336 to 22656 (in bits) + + 12 data member changes: + + type of 'struct {gnutls_pk_params_st ecdh_params; gnutls_pk_params_st ecdhx_params; gnutls_pk_params_st dh_params;} gnutls_key_st::kshare' changed: + + type size changed from 11328 to 11520 (in bits) + + 3 data member changes: + + + + 'gnutls_pk_params_st ecdhx_params' offset changed from 3776 to 3840 (in bits) (by +64 bits) + + 'gnutls_pk_params_st dh_params' offset changed from 7552 to 7680 (in bits) (by +128 bits) + + + + type of 'union {struct {uint8_t temp_secret[64]; unsigned int temp_secret_size; uint8_t e_ckey[64]; uint8_t hs_ckey[64]; uint8_t hs_skey[64]; uint8_t ap_ckey[64]; uint8_t ap_skey[64]; uint8_t ap_expkey[64]; uint8_t ap_rms[64];} tls13; struct {struct {gnutls_pk_params_st params; bigint_t x; bigint_t y; gnutls_datum_t raw;} ecdh; struct {gnutls_pk_params_st params; bigint_t client_Y;} dh; struct {bigint_t srp_key; bigint_t srp_g; bigint_t srp_p; bigint_t A; bigint_t B; bigint_t u; bigint_t b; bigint_t a; bigint_t x;} srp;} tls12;} gnutls_key_st::proto' changed: + + type size changed from 8448 to 8576 (in bits) + + 1 data member change: + + type of 'struct {struct {gnutls_pk_params_st params; bigint_t x; bigint_t y; gnutls_datum_t raw;} ecdh; struct {gnutls_pk_params_st params; bigint_t client_Y;} dh; struct {bigint_t srp_key; bigint_t srp_g; bigint_t srp_p; bigint_t A; bigint_t B; bigint_t u; bigint_t b; bigint_t a; bigint_t x;} srp;} tls12' changed: + + type size changed from 8448 to 8576 (in bits) + + 3 data member changes: + + type of 'struct {gnutls_pk_params_st params; bigint_t x; bigint_t y; gnutls_datum_t raw;} ecdh' changed: + + type size changed from 4032 to 4096 (in bits) + + 3 data member changes (1 filtered): + + 'bigint_t x' offset changed from 3776 to 3840 (in bits) (by +64 bits) + + 'bigint_t y' offset changed from 3840 to 3904 (in bits) (by +64 bits) + + 'gnutls_datum_t raw' offset changed from 3904 to 3968 (in bits) (by +64 bits) + + + + type of 'struct {gnutls_pk_params_st params; bigint_t client_Y;} dh' changed: + + type size changed from 3840 to 3904 (in bits) + + 2 data member changes: + + + + 'bigint_t client_Y' offset changed from 3776 to 3840 (in bits) (by +64 bits) + + and offset changed from 4032 to 4096 (in bits) (by +64 bits) + + 'struct {bigint_t srp_key; bigint_t srp_g; bigint_t srp_p; bigint_t A; bigint_t B; bigint_t u; bigint_t b; bigint_t a; bigint_t x;} srp' offset changed from 7872 to 8000 (in bits) (by +128 bits) + + + + and offset changed from 11328 to 11520 (in bits) (by +192 bits) + + 'binder_data_st gnutls_key_st::binders[2]' offset changed from 19776 to 20096 (in bits) (by +320 bits) + + 'gnutls_datum_t gnutls_key_st::key' offset changed from 20288 to 20608 (in bits) (by +320 bits) + + 'uint8_t gnutls_key_st::session_ticket_key[64]' offset changed from 20416 to 20736 (in bits) (by +320 bits) + + 'uint8_t gnutls_key_st::previous_ticket_key[64]' offset changed from 20928 to 21248 (in bits) (by +320 bits) + + 'uint8_t gnutls_key_st::initial_stek[64]' offset changed from 21440 to 21760 (in bits) (by +320 bits) + + 'void* gnutls_key_st::auth_info' offset changed from 21952 to 22272 (in bits) (by +320 bits) + + 'gnutls_credentials_type_t gnutls_key_st::auth_info_type' offset changed from 22016 to 22336 (in bits) (by +320 bits) + + 'int gnutls_key_st::auth_info_size' offset changed from 22048 to 22368 (in bits) (by +320 bits) + + 'auth_cred_st* gnutls_key_st::cred' offset changed from 22080 to 22400 (in bits) (by +320 bits) + + 'struct {uint64_t last_result; uint8_t was_rotated; gnutls_stek_rotation_callback_t cb;} gnutls_key_st::totp' offset changed from 22144 to 22464 (in bits) (by +320 bits) + + and offset changed from 30080 to 36352 (in bits) (by +6272 bits) + + + + + + type of 'gnutls_privkey_st* selected_key' changed: + + in pointed to type 'struct gnutls_privkey_st' at abstract_int.h:28:1: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'union {gnutls_x509_privkey_t x509; gnutls_pkcs11_privkey_t pkcs11; struct {gnutls_privkey_sign_func sign_func; gnutls_privkey_sign_data_func sign_data_func; gnutls_privkey_sign_hash_func sign_hash_func; gnutls_privkey_decrypt_func decrypt_func; gnutls_privkey_decrypt_func2 decrypt_func2; gnutls_privkey_deinit_func deinit_func; gnutls_privkey_info_func info_func; void* userdata; unsigned int bits;} ext;} gnutls_privkey_st::key' changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'gnutls_x509_privkey_t x509' changed: + + underlying type 'gnutls_x509_privkey_int*' changed: + + in pointed to type 'struct gnutls_x509_privkey_int' at x509_int.h:142:1: + + type size changed from 4032 to 4096 (in bits) + + 5 data member changes: + + + + 'unsigned int gnutls_x509_privkey_int::expanded' offset changed from 3776 to 3840 (in bits) (by +64 bits) + + 'unsigned int gnutls_x509_privkey_int::flags' offset changed from 3808 to 3872 (in bits) (by +64 bits) + + 'asn1_node gnutls_x509_privkey_int::key' offset changed from 3840 to 3904 (in bits) (by +64 bits) + + 'pin_info_st gnutls_x509_privkey_int::pin' offset changed from 3904 to 3968 (in bits) (by +64 bits) + + + + + + and offset changed from 10624 to 10688 (in bits) (by +64 bits) + + 'unsigned int additional_verify_flags' offset changed from 15104 to 15168 (in bits) (by +64 bits) + + 'gnutls_anti_replay_t anti_replay' offset changed from 27648 to 33920 (in bits) (by +6272 bits) + + + + + + [C]'function int gnutls_ocsp_req_export(gnutls_ocsp_req_t, gnutls_datum_t*)' at ocsp.c:369:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_req_t' changed: + + typedef name changed from gnutls_ocsp_req_t to gnutls_ocsp_req_const_t at ocsp.h:145:1 + + underlying type 'gnutls_ocsp_req_int*' changed: + + in pointed to type 'struct gnutls_ocsp_req_int': + + entity changed from 'struct gnutls_ocsp_req_int' to 'const gnutls_ocsp_req_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_req_get_extension(gnutls_ocsp_req_t, unsigned int, gnutls_datum_t*, unsigned int*, gnutls_datum_t*)' at ocsp.c:804:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_req_t' changed: + + typedef name changed from gnutls_ocsp_req_t to gnutls_ocsp_req_const_t at ocsp.h:145:1 + + underlying type 'gnutls_ocsp_req_int*' changed: + + in pointed to type 'struct gnutls_ocsp_req_int': + + entity changed from 'struct gnutls_ocsp_req_int' to 'const gnutls_ocsp_req_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_t, unsigned int*, gnutls_datum_t*)' at ocsp.c:909:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_req_t' changed: + + typedef name changed from gnutls_ocsp_req_t to gnutls_ocsp_req_const_t at ocsp.h:145:1 + + underlying type 'gnutls_ocsp_req_int*' changed: + + in pointed to type 'struct gnutls_ocsp_req_int': + + entity changed from 'struct gnutls_ocsp_req_int' to 'const gnutls_ocsp_req_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t)' at ocsp.c:457:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_req_t' changed: + + typedef name changed from gnutls_ocsp_req_t to gnutls_ocsp_req_const_t at ocsp.h:145:1 + + underlying type 'gnutls_ocsp_req_int*' changed: + + in pointed to type 'struct gnutls_ocsp_req_int': + + entity changed from 'struct gnutls_ocsp_req_int' to 'const gnutls_ocsp_req_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_req_print(gnutls_ocsp_req_t, gnutls_ocsp_print_formats_t, gnutls_datum_t*)' at ocsp_output.c:172:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_req_t' changed: + + typedef name changed from gnutls_ocsp_req_t to gnutls_ocsp_req_const_t at ocsp.h:145:1 + + underlying type 'gnutls_ocsp_req_int*' changed: + + in pointed to type 'struct gnutls_ocsp_req_int': + + entity changed from 'struct gnutls_ocsp_req_int' to 'const gnutls_ocsp_req_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t, unsigned int, gnutls_x509_crt_t)' at ocsp.c:1357:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_export(gnutls_ocsp_resp_t, gnutls_datum_t*)' at ocsp.c:401:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_export2(gnutls_ocsp_resp_t, gnutls_datum_t*, gnutls_x509_crt_fmt_t)' at ocsp.c:419:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t, gnutls_x509_crt_t**, size_t*)' at ocsp.c:1868:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_t, unsigned int, gnutls_datum_t*, unsigned int*, gnutls_datum_t*)' at ocsp.c:1678:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_t, unsigned int*, gnutls_datum_t*)' at ocsp.c:1756:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t)' at ocsp.c:1317:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_get_responder2(gnutls_ocsp_resp_t, gnutls_datum_t*, unsigned int)' at ocsp.c:1216:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_get_responder_raw_id(gnutls_ocsp_resp_t, unsigned int, gnutls_datum_t*)' at ocsp.c:1249:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t, gnutls_datum_t*, gnutls_datum_t*)' at ocsp.c:1095:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_get_signature_algorithm(gnutls_ocsp_resp_t)' at ocsp.c:1796:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_print(gnutls_ocsp_resp_t, gnutls_ocsp_print_formats_t, gnutls_datum_t*)' at ocsp_output.c:642:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t, gnutls_x509_trust_list_t, unsigned int*, unsigned int)' at ocsp.c:2297:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t, gnutls_x509_crt_t, unsigned int*, unsigned int)' at ocsp.c:2212:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_ocsp_resp_t' changed: + + typedef name changed from gnutls_ocsp_resp_t to gnutls_ocsp_resp_const_t at ocsp.h:197:1 + + underlying type 'gnutls_ocsp_resp_int*' changed: + + in pointed to type 'struct gnutls_ocsp_resp_int': + + entity changed from 'struct gnutls_ocsp_resp_int' to 'const gnutls_ocsp_resp_int' + + type size hasn't changed + + + + [C]'function int gnutls_ocsp_status_request_is_checked(gnutls_session_t, unsigned int)' at ocsp-api.c:622:1 has some indirect sub-type changes: + + return type changed: + + type name changed from 'int' to 'unsigned int' + + type size hasn't changed + + + + + + [C]'function int gnutls_privkey_set_spki(gnutls_privkey_t, const gnutls_x509_spki_t, unsigned int)' at privkey.c:1910:1 has some indirect sub-type changes: + + parameter 2 of type 'const gnutls_x509_spki_t' has sub-type changes: + + in unqualified underlying type 'typedef gnutls_x509_spki_t' at x509.h:431:1: + + underlying type 'gnutls_x509_spki_st*' changed: + + pointed to type 'struct gnutls_x509_spki_st' changed at crypto-backend.h:175:1, as reported earlier + + + + [C]'function int gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t*)' at psk.c:63:1 has some indirect sub-type changes: + + parameter 1 of type 'gnutls_psk_client_credentials_t*' has sub-type changes: + + in pointed to type 'typedef gnutls_psk_client_credentials_t' at gnutls.h:2590:1: + + underlying type 'gnutls_psk_client_credentials_st*' changed: + + in pointed to type 'struct gnutls_psk_client_credentials_st' at psk.h:29:1: + + type size changed from 384 to 448 (in bits) + + 1 data member insertion: + + 'gnutls_psk_client_credentials_function* gnutls_psk_client_credentials_st::get_function_legacy', at offset 320 (in bits) at psk.h:33:1 + + 2 data member changes: + + type of 'gnutls_psk_client_credentials_function* gnutls_psk_client_credentials_st::get_function' changed: + + in pointed to type 'typedef gnutls_psk_client_credentials_function' at gnutls.h:2653:1: + + typedef name changed from gnutls_psk_client_credentials_function to gnutls_psk_client_credentials_function2 at gnutls.h:2653:1 + + underlying type 'function type int (typedef gnutls_session_t, char**, gnutls_datum_t*)' changed: + + parameter 2 of type 'char**' changed: + + in pointed to type 'char*' at gnutls.h:1220:1: + + entity changed from 'char*' to 'typedef gnutls_datum_t' at gnutls.h:1220:1 + + type size changed from 64 to 128 (in bits) + + + + 'const mac_entry_st* gnutls_psk_client_credentials_st::binder_algo' offset changed from 320 to 384 (in bits) (by +64 bits) + + + + [C]'function int gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t*)' at psk.c:211:1 has some indirect sub-type changes: + + parameter 1 of type 'gnutls_psk_server_credentials_t*' has sub-type changes: + + in pointed to type 'typedef gnutls_psk_server_credentials_t' at gnutls.h:2588:1: + + underlying type 'gnutls_psk_server_credentials_st*' changed: + + in pointed to type 'struct gnutls_psk_server_credentials_st' at psk.h:38:1: + + type size changed from 448 to 512 (in bits) + + 1 data member insertion: + + 'gnutls_psk_server_credentials_function* gnutls_psk_server_credentials_st::pwd_callback_legacy', at offset 128 (in bits) at psk.h:44:1 + + 7 data member changes: + + type of 'gnutls_psk_server_credentials_function* gnutls_psk_server_credentials_st::pwd_callback' changed: + + in pointed to type 'typedef gnutls_psk_server_credentials_function' at gnutls.h:2638:1: + + typedef name changed from gnutls_psk_server_credentials_function to gnutls_psk_server_credentials_function2 at gnutls.h:2638:1 + + underlying type 'function type int (typedef gnutls_session_t, const char*, gnutls_datum_t*)' changed: + + parameter 2 of type 'const char*' changed: + + in pointed to type 'const char': + + 'const char' changed to 'const gnutls_datum_t' + + + + 'gnutls_dh_params_t gnutls_psk_server_credentials_st::dh_params' offset changed from 128 to 192 (in bits) (by +64 bits) + + 'unsigned int gnutls_psk_server_credentials_st::deinit_dh_params' offset changed from 192 to 256 (in bits) (by +64 bits) + + 'gnutls_sec_param_t gnutls_psk_server_credentials_st::dh_sec_param' offset changed from 224 to 288 (in bits) (by +64 bits) + + 'gnutls_params_function* gnutls_psk_server_credentials_st::params_func' offset changed from 256 to 320 (in bits) (by +64 bits) + + 'char* gnutls_psk_server_credentials_st::hint' offset changed from 320 to 384 (in bits) (by +64 bits) + + 'const mac_entry_st* gnutls_psk_server_credentials_st::binder_algo' offset changed from 384 to 448 (in bits) (by +64 bits) + + + + [C]'function int gnutls_pubkey_get_spki(gnutls_pubkey_t, gnutls_x509_spki_t, unsigned int)' at pubkey.c:2579:1 has some indirect sub-type changes: + + parameter 2 of type 'typedef gnutls_x509_spki_t' has sub-type changes: + + underlying type 'gnutls_x509_spki_st*' changed: + + pointed to type 'struct gnutls_x509_spki_st' changed at crypto-backend.h:175:1, as reported earlier + + + + [C]'function int gnutls_x509_crq_get_spki(gnutls_x509_crq_t, gnutls_x509_spki_t, unsigned int)' at crq.c:1065:1 has some indirect sub-type changes: + + parameter 2 of type 'typedef gnutls_x509_spki_t' has sub-type changes: + + underlying type 'gnutls_x509_spki_st*' changed: + + pointed to type 'struct gnutls_x509_spki_st' changed at crypto-backend.h:175:1, as reported earlier + + + + [C]'function int gnutls_x509_crq_get_tlsfeatures(gnutls_x509_crq_t, gnutls_x509_tlsfeatures_t, unsigned int, unsigned int*)' at crq.c:2857:1 has some indirect sub-type changes: + + parameter 2 of type 'typedef gnutls_x509_tlsfeatures_t' has sub-type changes: + + underlying type 'gnutls_x509_tlsfeatures_st*' changed: + + in pointed to type 'struct gnutls_x509_tlsfeatures_st' at x509_int.h:544:1: + + type size changed from 544 to 1056 (in bits) + + 2 data member changes: + + type of 'uint16_t gnutls_x509_tlsfeatures_st::feature[32]' changed: + + type name changed from 'uint16_t[32]' to 'uint16_t[64]' + + array type size changed from 512 to 1024 + + array type subrange 1 changed length from 32 to 64 + + + + 'unsigned int gnutls_x509_tlsfeatures_st::size' offset changed from 512 to 1024 (in bits) (by +512 bits) + + + + [C]'function int gnutls_x509_crt_get_spki(gnutls_x509_crt_t, gnutls_x509_spki_t, unsigned int)' at x509.c:1632:1 has some indirect sub-type changes: + + parameter 2 of type 'typedef gnutls_x509_spki_t' has sub-type changes: + + underlying type 'gnutls_x509_spki_st*' changed: + + pointed to type 'struct gnutls_x509_spki_st' changed at crypto-backend.h:175:1, as reported earlier + + + + [C]'function int gnutls_x509_privkey_get_spki(gnutls_x509_privkey_t, gnutls_x509_spki_t, unsigned int)' at privkey.c:1363:1 has some indirect sub-type changes: + + parameter 2 of type 'typedef gnutls_x509_spki_t' has sub-type changes: + + underlying type 'gnutls_x509_spki_st*' changed: + + pointed to type 'struct gnutls_x509_spki_st' changed at crypto-backend.h:175:1, as reported earlier + + + + [C]'function void gnutls_x509_spki_deinit(gnutls_x509_spki_t)' at spki.c:71:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef gnutls_x509_spki_t' has sub-type changes: + + underlying type 'gnutls_x509_spki_st*' changed: + + pointed to type 'struct gnutls_x509_spki_st' changed at crypto-backend.h:175:1, as reported earlier + + + + [C]'function int gnutls_x509_spki_init(gnutls_x509_spki_t*)' at spki.c:44:1 has some indirect sub-type changes: + + parameter 1 of type 'gnutls_x509_spki_t*' has sub-type changes: + + pointed to type 'typedef gnutls_x509_spki_t' changed at x509.h:431:1, as reported earlier + + + + + +---------------diffs in gnutls_libgnutls-dane.so.0.4.1_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 2 Changed (7 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 functions with some indirect sub-type change: + + + + [C]'function int dane_query_data(dane_query_t, unsigned int, unsigned int*, unsigned int*, unsigned int*, gnutls_datum_t*)' at dane.c:116:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef dane_query_t' has sub-type changes: + + underlying type 'dane_query_st*' changed: + + in pointed to type 'struct dane_query_st' at dane.c:62:1: + + type size hasn't changed + + 1 data member change: + + type of 'ub_result* dane_query_st::result' changed: + + in pointed to type 'struct ub_result' at unbound.h:123:1: + + type size hasn't changed + + 1 data member insertion: + + 'int ub_result::was_ratelimited', at offset 704 (in bits) at unbound.h:211:1 + + 1 data member change: + + 'int ub_result::ttl' offset changed from 704 to 736 (in bits) (by +32 bits) + + + + + + [C]'function int dane_verify_session_crt(dane_state_t, gnutls_session_t, const char*, const char*, unsigned int, unsigned int, unsigned int, unsigned int*)' at dane.c:929:1 has some indirect sub-type changes: + + parameter 2 of type 'typedef gnutls_session_t' has sub-type changes: + + underlying type 'gnutls_session_int*' changed: + + in pointed to type 'struct gnutls_session_int' at gnutls_int.h:1497:1: + + type size changed from 52416 to 59008 (in bits) + + 3 data member changes (1 filtered): + + type of 'record_parameters_st* gnutls_session_int::record_parameters[4]' changed: + + array element type 'record_parameters_st*' changed: + + in pointed to type 'typedef record_parameters_st' at gnutls_int.h:618:1: + + underlying type 'struct record_parameters_st' at gnutls_int.h:887:1 changed: + + type size hasn't changed + + 3 data member changes (1 filtered): + + type of 'const cipher_entry_st* record_parameters_st::cipher' changed: + + in pointed to type 'const cipher_entry_st': + + in unqualified underlying type 'typedef cipher_entry_st' at gnutls_int.h:636:1: + + underlying type 'struct cipher_entry_st' at gnutls_int.h:648:1 changed: + + type size hasn't changed + + 2 data member deletions: + + 'bool cipher_entry_st::only_aead', at offset 232 (in bits) at gnutls_int.h:659:1 + + + + 'bool cipher_entry_st::no_rekey', at offset 240 (in bits) at gnutls_int.h:660:1 + + + + no data member change (1 filtered); + + 1 data member change: + + type of 'bool cipher_entry_st::xor_nonce' changed: + + type name changed from 'bool' to 'unsigned int' + + type size changed from 8 to 32 (in bits) + + and name of 'cipher_entry_st::xor_nonce' changed to 'cipher_entry_st::flags' at gnutls_int.h:635:1 + + + + type of 'record_state_st record_parameters_st::read' changed: + + underlying type 'struct record_state_st' at gnutls_int.h:858:1 changed: + + type size hasn't changed + + 2 data member changes: + + type of 'union {auth_cipher_hd_st tls12; api_aead_cipher_hd_st aead;} record_state_st::ctx' changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'auth_cipher_hd_st tls12' changed: + + underlying type 'struct {cipher_hd_st cipher; union {digest_hd_st dig; mac_hd_st mac;} mac; unsigned int is_mac; unsigned int non_null; unsigned int etm; size_t tag_size;}' at cipher_int.h:204:1 changed: + + type size hasn't changed + + 1 data member insertion: + + 'unsigned int continuous_mac', at offset 30 (in bits) at cipher_int.h:215:1 + + 2 data member changes (2 filtered): + + 'unsigned int etm' offset changed from 29 to 28 (in bits) (by -1 bits) + + 'unsigned int non_null' offset changed from 30 to 29 (in bits) (by -1 bits) + + + + + + type of 'gnutls_uint64 record_state_st::sequence_number' changed: + + typedef name changed from gnutls_uint64 to uint64_t at stdint-uintn.h:27:1 + + underlying type 'struct {unsigned char i[8];}' at gnutls_int.h:103:1 changed: + + entity changed from 'struct {unsigned char i[8];}' to 'typedef __uint64_t' at types.h:44:1 + + type size hasn't changed + + + + + + + + type size hasn't changed + + + + type of 'internals_st gnutls_session_int::internals' changed: + + underlying type 'struct {mbuffer_head_st record_buffer; int handshake_hash_buffer_prev_len; unsigned int handshake_hash_buffer_client_hello_len; unsigned int handshake_hash_buffer_client_kx_len; unsigned int handshake_hash_buffer_server_finished_len; unsigned int handshake_hash_buffer_client_finished_len; gnutls_buffer_st handshake_hash_buffer; bool resumable; send_ticket_state_t ticket_state; bye_state_t bye_state; reauth_state_t reauth_state; handshake_state_t handshake_final_state; handshake_state_t handshake_state; bool invalid_connection; bool may_not_read; bool may_not_write; bool read_eof; int last_alert; int last_handshake_in; int last_handshake_out; gnutls_priority_st* priorities; bool allow_large_records; bool allow_small_records; bool no_etm; bool no_ext_master_secret; bool allow_key_usage_violation; bool allow_wrong_pms; bool dumbfw; uint16_t dh_prime_bits; bool resumed; bool resumption_requested; security_parameters_st resumed_security_parameters; gnutls_datum_t resumption_data; mbuffer_head_st handshake_send_buffer; mbuffer_head_st handshake_header_recv_buffer; handshake_buffer_st handshake_recv_buffer[6]; int handshake_recv_buffer_size; mbuffer_head_st record_recv_buffer; mbuffer_head_st record_send_buffer; size_t record_send_buffer_user_size; mbuffer_head_st early_data_recv_buffer; gnutls_buffer_st early_data_presend_buffer; record_send_state_t rsend_state; gnutls_buffer_st record_key_update_buffer; gnutls_buffer_st record_presend_buffer; gnutls_buffer_st reauth_buffer; time_t expire_time; const mod_auth_st_int* auth_struct; uint8_t adv_version_major; uint8_t adv_version_minor; gnutls_certificate_request_t send_cert_req; size_t max_handshake_data_buffer_size; gnutls_pull_timeout_func pull_timeout_func; gnutls_pull_func pull_func; gnutls_push_func push_func; gnutls_vec_push_func vec_push_func; gnutls_errno_func errno_func; gnutls_transport_ptr_t transport_recv_ptr; gnutls_transport_ptr_t transport_send_ptr; gnutls_db_store_func db_store_func; gnutls_db_retr_func db_retrieve_func; gnutls_db_remove_func db_remove_func; void* db_ptr; gnutls_handshake_simple_hook_func user_hello_func; gnutls_handshake_hook_func h_hook; unsigned int h_type; int16_t h_post; gnutls_pcert_st* selected_cert_list; uint16_t selected_cert_list_length; gnutls_privkey_st* selected_key; gnutls_ocsp_data_st* selected_ocsp; uint16_t selected_ocsp_length; gnutls_status_request_ocsp_func selected_ocsp_func; void* selected_ocsp_func_ptr; bool selected_need_free; uint8_t default_record_version[2]; uint8_t default_hello_version[2]; void* user_ptr; bool direction; bool ignore_rdn_sequence; uint8_t rsa_pms_version[2]; int errnum; bool initial_negotiation_completed; void* post_negotiation_lock; transport_t transport; dtls_st dtls; unsigned int handshake_suspicious_loops; bool handshake_in_progress; bool premaster_set; unsigned int cb_tls_unique_len; unsigned char cb_tls_unique[36]; timespec handshake_start_time; timespec handshake_abs_timeout; unsigned int ertt; unsigned int handshake_timeout_ms; unsigned int record_timeout_ms; gnutls_datum_t post_handshake_cr_context; gnutls_buffer_st post_handshake_hash_buffer; unsigned int hsk_flags; timespec last_key_update; unsigned int key_update_count; gnutls_buffer_st full_client_hello; int extensions_offset; gnutls_buffer_st hb_local_data; gnutls_buffer_st hb_remote_data; timespec hb_ping_start; timespec hb_ping_sent; unsigned int hb_actual_retrans_timeout_ms; unsigned int hb_retrans_timeout_ms; unsigned int hb_total_timeout_ms; bool ocsp_check_ok; heartbeat_state_t hb_state; recv_state_t recv_state; bool sc_random_set; uint64_t flags; gnutls_certificate_verify_function* verify_callback; gnutls_typed_vdata_st* vc_data; gnutls_typed_vdata_st vc_sdata; unsigned int vc_elements; unsigned int vc_status; unsigned int additional_verify_flags; uint8_t cert_hash[32]; bool cert_hash_set; char saved_username[129]; bool saved_username_set; tfo_st tfo; gnutls_supplemental_entry_st* rsup; unsigned int rsup_size; hello_ext_entry_st* rexts; unsigned int rexts_size; __anonymous_struct__ ext_data[32]; uint32_t used_exts; gnutls_ext_flags_t ext_msg; unsigned int max_recv_size; const gnutls_group_entry_st* cand_ec_group; const gnutls_group_entry_st* cand_dh_group; const gnutls_group_entry_st* cand_group; uint8_t hrr_cs[2]; int session_ticket_renew; tls13_ticket_st tls13_ticket; uint32_t early_data_received; gnutls_anti_replay_t anti_replay; void* epoch_lock;}' at gnutls_int.h:1094:1 changed: + + type size changed from 27776 to 34048 (in bits) + + 1 data member deletion: + + 'bool saved_username_set', at offset 16432 (in bits) at gnutls_int.h:1448:1 + + + + 2 data member insertions: + + 'gnutls_keylog_func keylog_func', at offset 10496 (in bits) at gnutls_int.h:1230:1 + + 'int saved_username_size', at offset 16512 (in bits) at gnutls_int.h:1431:1 + + 78 data member changes (8 filtered): + + type of 'gnutls_priority_st* priorities' changed: + + in pointed to type 'struct gnutls_priority_st' at gnutls_int.h:921:1: + + type size hasn't changed + + 1 data member changes (2 filtered): + + type of 'sign_algo_list_st gnutls_priority_st::sigalg' changed: + + underlying type 'struct sign_algo_list_st' at gnutls_int.h:935:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'const gnutls_sign_entry_st* sign_algo_list_st::entry[64]' changed: + + array element type 'const gnutls_sign_entry_st*' changed: + + in pointed to type 'const gnutls_sign_entry_st': + + in unqualified underlying type 'struct gnutls_sign_entry_st' at algorithms.h:344:1: + + type size hasn't changed + + 1 data member insertion: + + 'unsigned int gnutls_sign_entry_st::hash_output_size', at offset 416 (in bits) at algorithms.h:373:1 + + 1 data member changes (5 filtered): + + type of 'gnutls_sign_algorithm_t gnutls_sign_entry_st::id' changed: + + underlying type 'enum __anonymous_enum__' at gnutls.h:912:1 changed: + + type size hasn't changed + + 1 enumerator insertion: + + '__anonymous_enum__::GNUTLS_SIGN_EDDSA_ED448' value '46' + + + + 1 enumerator change: + + '__anonymous_enum__::GNUTLS_SIGN_MAX' from value '45' to '46' at gnutls.h:948:1 + + + + + + no data member change (1 filtered); + + type size hasn't changed + + + + + + + + type of 'security_parameters_st resumed_security_parameters' changed: + + underlying type 'struct {unsigned int entity; uint16_t epoch_read; uint16_t epoch_write; uint16_t epoch_next; uint16_t epoch_min; const gnutls_cipher_suite_entry_st* cs; const mac_entry_st* prf; uint8_t master_secret[48]; uint8_t client_random[32]; uint8_t server_random[32]; uint8_t session_id[32]; uint8_t session_id_size; time_t timestamp; uint8_t post_handshake_auth; uint16_t max_record_send_size; uint16_t max_record_recv_size; uint16_t max_user_record_send_size; uint16_t max_user_record_recv_size; uint32_t max_early_data_size; gnutls_certificate_type_t client_ctype; gnutls_certificate_type_t server_ctype; const gnutls_group_entry_st* grp; gnutls_sign_algorithm_t server_sign_algo; gnutls_sign_algorithm_t client_sign_algo; uint8_t ext_master_secret; uint8_t etm; uint8_t client_auth_type; uint8_t server_auth_type; int do_recv_supplemental; int do_send_supplemental; const version_entry_st* pversion;}' at gnutls_int.h:769:1 changed: + + type size hasn't changed + + 1 data member changes (5 filtered): + + type of 'const version_entry_st* pversion' changed: + + in pointed to type 'const version_entry_st': + + in unqualified underlying type 'typedef version_entry_st' at gnutls_int.h:713:1: + + underlying type 'struct {const char* name; gnutls_protocol_t id; unsigned int age; uint8_t major; uint8_t minor; transport_t transport; bool supported; bool explicit_iv; bool extensions; bool selectable_sighash; bool selectable_prf; bool obsolete; bool tls13_sem; bool false_start; bool only_extension; bool post_handshake_auth; bool key_shares; uint8_t tls_sig_sem;}' at gnutls_int.h:708:1 changed: + + type size hasn't changed + + 1 data member insertion: + + 'bool multi_ocsp', at offset 280 (in bits) at gnutls_int.h:706:1 + + 1 data member change: + + 'uint8_t tls_sig_sem' offset changed from 280 to 288 (in bits) (by +8 bits) + + + + + + type of 'mbuffer_head_st early_data_recv_buffer' changed: + + underlying type 'struct mbuffer_head_st' at gnutls_int.h:478:1 changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'mbuffer_st* mbuffer_head_st::head' changed: + + in pointed to type 'struct mbuffer_st' at gnutls_int.h:410:1: + + type size hasn't changed + + 1 data member changes (2 filtered): + + type of 'gnutls_uint64 mbuffer_st::record_sequence' changed: + + details were reported earlier + + + + + + + + 'gnutls_pcert_st* selected_cert_list' offset changed from 10496 to 10560 (in bits) (by +64 bits) + + 'uint16_t selected_cert_list_length' offset changed from 10560 to 10624 (in bits) (by +64 bits) + + 'gnutls_privkey_st* selected_key' offset changed from 10624 to 10688 (in bits) (by +64 bits) + + 'gnutls_ocsp_data_st* selected_ocsp' offset changed from 10688 to 10752 (in bits) (by +64 bits) + + 'uint16_t selected_ocsp_length' offset changed from 10752 to 10816 (in bits) (by +64 bits) + + 'gnutls_status_request_ocsp_func selected_ocsp_func' offset changed from 10816 to 10880 (in bits) (by +64 bits) + + 'void* selected_ocsp_func_ptr' offset changed from 10880 to 10944 (in bits) (by +64 bits) + + 'bool selected_need_free' offset changed from 10944 to 11008 (in bits) (by +64 bits) + + 'uint8_t default_record_version[2]' offset changed from 10952 to 11016 (in bits) (by +64 bits) + + 'uint8_t default_hello_version[2]' offset changed from 10968 to 11032 (in bits) (by +64 bits) + + 'void* user_ptr' offset changed from 11008 to 11072 (in bits) (by +64 bits) + + 'bool direction' offset changed from 11072 to 11136 (in bits) (by +64 bits) + + 'bool ignore_rdn_sequence' offset changed from 11080 to 11144 (in bits) (by +64 bits) + + 'uint8_t rsa_pms_version[2]' offset changed from 11088 to 11152 (in bits) (by +64 bits) + + 'int errnum' offset changed from 11104 to 11168 (in bits) (by +64 bits) + + 'bool initial_negotiation_completed' offset changed from 11136 to 11200 (in bits) (by +64 bits) + + 'void* post_negotiation_lock' offset changed from 11200 to 11264 (in bits) (by +64 bits) + + 'transport_t transport' offset changed from 11264 to 11328 (in bits) (by +64 bits) + + 'dtls_st dtls' offset changed from 11328 to 11392 (in bits) (by +64 bits) + + 'unsigned int handshake_suspicious_loops' offset changed from 11904 to 11968 (in bits) (by +64 bits) + + 'bool handshake_in_progress' offset changed from 11936 to 12000 (in bits) (by +64 bits) + + 'bool premaster_set' offset changed from 11944 to 12008 (in bits) (by +64 bits) + + 'unsigned int cb_tls_unique_len' offset changed from 11968 to 12032 (in bits) (by +64 bits) + + 'unsigned char cb_tls_unique[36]' offset changed from 12000 to 12064 (in bits) (by +64 bits) + + 'timespec handshake_start_time' offset changed from 12288 to 12352 (in bits) (by +64 bits) + + 'timespec handshake_abs_timeout' offset changed from 12416 to 12480 (in bits) (by +64 bits) + + 'unsigned int ertt' offset changed from 12544 to 12608 (in bits) (by +64 bits) + + 'unsigned int handshake_timeout_ms' offset changed from 12576 to 12640 (in bits) (by +64 bits) + + 'unsigned int record_timeout_ms' offset changed from 12608 to 12672 (in bits) (by +64 bits) + + 'gnutls_datum_t post_handshake_cr_context' offset changed from 12672 to 12736 (in bits) (by +64 bits) + + 'gnutls_buffer_st post_handshake_hash_buffer' offset changed from 12800 to 12864 (in bits) (by +64 bits) + + 'unsigned int hsk_flags' offset changed from 13056 to 13120 (in bits) (by +64 bits) + + 'timespec last_key_update' offset changed from 13120 to 13184 (in bits) (by +64 bits) + + 'unsigned int key_update_count' offset changed from 13248 to 13312 (in bits) (by +64 bits) + + 'gnutls_buffer_st full_client_hello' offset changed from 13312 to 13376 (in bits) (by +64 bits) + + 'int extensions_offset' offset changed from 13568 to 13632 (in bits) (by +64 bits) + + 'gnutls_buffer_st hb_local_data' offset changed from 13632 to 13696 (in bits) (by +64 bits) + + 'gnutls_buffer_st hb_remote_data' offset changed from 13888 to 13952 (in bits) (by +64 bits) + + 'timespec hb_ping_start' offset changed from 14144 to 14208 (in bits) (by +64 bits) + + 'timespec hb_ping_sent' offset changed from 14272 to 14336 (in bits) (by +64 bits) + + 'unsigned int hb_actual_retrans_timeout_ms' offset changed from 14400 to 14464 (in bits) (by +64 bits) + + 'unsigned int hb_retrans_timeout_ms' offset changed from 14432 to 14496 (in bits) (by +64 bits) + + 'unsigned int hb_total_timeout_ms' offset changed from 14464 to 14528 (in bits) (by +64 bits) + + 'bool ocsp_check_ok' offset changed from 14496 to 14560 (in bits) (by +64 bits) + + 'heartbeat_state_t hb_state' offset changed from 14528 to 14592 (in bits) (by +64 bits) + + 'recv_state_t recv_state' offset changed from 14560 to 14624 (in bits) (by +64 bits) + + 'bool sc_random_set' offset changed from 14592 to 14656 (in bits) (by +64 bits) + + 'uint64_t flags' offset changed from 14656 to 14720 (in bits) (by +64 bits) + + 'gnutls_certificate_verify_function* verify_callback' offset changed from 14720 to 14784 (in bits) (by +64 bits) + + 'gnutls_typed_vdata_st* vc_data' offset changed from 14784 to 14848 (in bits) (by +64 bits) + + 'gnutls_typed_vdata_st vc_sdata' offset changed from 14848 to 14912 (in bits) (by +64 bits) + + 'unsigned int vc_elements' offset changed from 15040 to 15104 (in bits) (by +64 bits) + + 'unsigned int vc_status' offset changed from 15072 to 15136 (in bits) (by +64 bits) + + 'unsigned int additional_verify_flags' offset changed from 15104 to 15168 (in bits) (by +64 bits) + + 'uint8_t cert_hash[32]' offset changed from 15136 to 15200 (in bits) (by +64 bits) + + 'bool cert_hash_set' offset changed from 15392 to 15456 (in bits) (by +64 bits) + + 'char saved_username[129]' offset changed from 15400 to 15464 (in bits) (by +64 bits) + + 'tfo_st tfo' offset changed from 16448 to 16576 (in bits) (by +128 bits) + + 'gnutls_supplemental_entry_st* rsup' offset changed from 17664 to 17792 (in bits) (by +128 bits) + + 'unsigned int rsup_size' offset changed from 17728 to 17856 (in bits) (by +128 bits) + + 'hello_ext_entry_st* rexts' offset changed from 17792 to 17920 (in bits) (by +128 bits) + + 'unsigned int rexts_size' offset changed from 17856 to 17984 (in bits) (by +128 bits) + + type of '__anonymous_struct__ ext_data[32]' changed: + + type name changed from '__anonymous_struct__[32]' to '__anonymous_struct__[64]' + + array type size changed from 6144 to 12288 + + array type subrange 1 changed length from 32 to 64 + + and offset changed from 17920 to 18048 (in bits) (by +128 bits) + + type of 'uint32_t used_exts' changed: + + typedef name changed from uint32_t to uint64_t at stdint-uintn.h:27:1 + + underlying type 'typedef __uint32_t' at types.h:41:1 changed: + + typedef name changed from __uint32_t to __uint64_t at types.h:44:1 + + underlying type 'unsigned int' changed: + + type name changed from 'unsigned int' to 'unsigned long int' + + type size changed from 32 to 64 (in bits) + + and offset changed from 24064 to 30336 (in bits) (by +6272 bits) + + 'gnutls_ext_flags_t ext_msg' offset changed from 24096 to 30400 (in bits) (by +6304 bits) + + 'unsigned int max_recv_size' offset changed from 24128 to 30432 (in bits) (by +6304 bits) + + 'const gnutls_group_entry_st* cand_ec_group' offset changed from 24192 to 30464 (in bits) (by +6272 bits) + + type of 'const gnutls_group_entry_st* cand_dh_group' changed: + + in pointed to type 'const gnutls_group_entry_st': + + in unqualified underlying type 'typedef gnutls_group_entry_st' at gnutls_int.h:666:1: + + underlying type 'struct gnutls_group_entry_st' at gnutls_int.h:681:1 changed: + + type size hasn't changed + + 2 data member changes (1 filtered): + + type of 'gnutls_ecc_curve_t gnutls_group_entry_st::curve' changed: + + underlying type 'enum __anonymous_enum__' at gnutls.h:988:1 changed: + + type size hasn't changed + + 7 enumerator insertions: + + '__anonymous_enum__::GNUTLS_ECC_CURVE_GOST512C' value '15' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_GOST256A' value '16' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_GOST256B' value '17' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_GOST256C' value '18' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_GOST256D' value '19' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_X448' value '20' + + '__anonymous_enum__::GNUTLS_ECC_CURVE_ED448' value '21' + + + + 1 enumerator change: + + '__anonymous_enum__::GNUTLS_ECC_CURVE_MAX' from value '14' to '21' at gnutls.h:1032:1 + + + + + + type of 'gnutls_pk_algorithm_t gnutls_group_entry_st::pk' changed: + + underlying type 'enum __anonymous_enum__' at gnutls.h:833:1 changed: + + type size hasn't changed + + 2 enumerator insertions: + + '__anonymous_enum__::GNUTLS_PK_ECDH_X448' value '11' + + '__anonymous_enum__::GNUTLS_PK_EDDSA_ED448' value '12' + + + + 1 enumerator change: + + '__anonymous_enum__::GNUTLS_PK_MAX' from value '10' to '12' at gnutls.h:866:1 + + + + + + and offset changed from 24256 to 30528 (in bits) (by +6272 bits) + + 'const gnutls_group_entry_st* cand_group' offset changed from 24320 to 30592 (in bits) (by +6272 bits) + + 'uint8_t hrr_cs[2]' offset changed from 24384 to 30656 (in bits) (by +6272 bits) + + 'int session_ticket_renew' offset changed from 24416 to 30688 (in bits) (by +6272 bits) + + 'tls13_ticket_st tls13_ticket' offset changed from 24448 to 30720 (in bits) (by +6272 bits) + + 'uint32_t early_data_received' offset changed from 27584 to 33856 (in bits) (by +6272 bits) + + 'gnutls_anti_replay_t anti_replay' offset changed from 27648 to 33920 (in bits) (by +6272 bits) + + 'void* epoch_lock' offset changed from 27712 to 33984 (in bits) (by +6272 bits) + + + + type of 'gnutls_key_st gnutls_session_int::key' changed: + + underlying type 'struct gnutls_key_st' at gnutls_int.h:535:1 changed: + + type size changed from 22336 to 22656 (in bits) + + 12 data member changes: + + type of 'struct {gnutls_pk_params_st ecdh_params; gnutls_pk_params_st ecdhx_params; gnutls_pk_params_st dh_params;} gnutls_key_st::kshare' changed: + + type size changed from 11328 to 11520 (in bits) + + 3 data member changes: + + + + 'gnutls_pk_params_st ecdhx_params' offset changed from 3776 to 3840 (in bits) (by +64 bits) + + type of 'gnutls_pk_params_st dh_params' changed: + + underlying type 'struct {bigint_t params[16]; unsigned int params_nr; unsigned int pkflags; unsigned int qbits; gnutls_ecc_curve_t curve; gnutls_group_t dh_group; gnutls_gost_paramset_t gost_params; gnutls_datum_t raw_pub; gnutls_datum_t raw_priv; unsigned int seed_size; uint8_t seed[256]; gnutls_digest_algorithm_t palgo; gnutls_x509_spki_st spki; gnutls_pk_algorithm_t algo;}' at crypto-backend.h:194:1 changed: + + type size changed from 3776 to 3840 (in bits) + + 2 data member changes (3 filtered): + + type of 'gnutls_x509_spki_st spki' changed: + + underlying type 'struct gnutls_x509_spki_st' at crypto-backend.h:175:1 changed: + + type size changed from 128 to 192 (in bits) + + 2 data member insertions: + + 'gnutls_digest_algorithm_t gnutls_x509_spki_st::dsa_dig', at offset 128 (in bits) at crypto-backend.h:208:1 + + 'unsigned int gnutls_x509_spki_st::flags', at offset 160 (in bits) at crypto-backend.h:212:1 + + no data member changes (2 filtered); + + + + 'gnutls_pk_algorithm_t algo' offset changed from 3712 to 3776 (in bits) (by +64 bits) + + and offset changed from 7552 to 7680 (in bits) (by +128 bits) + + + + type of 'union {struct {uint8_t temp_secret[64]; unsigned int temp_secret_size; uint8_t e_ckey[64]; uint8_t hs_ckey[64]; uint8_t hs_skey[64]; uint8_t ap_ckey[64]; uint8_t ap_skey[64]; uint8_t ap_expkey[64]; uint8_t ap_rms[64];} tls13; struct {struct {gnutls_pk_params_st params; bigint_t x; bigint_t y; gnutls_datum_t raw;} ecdh; struct {gnutls_pk_params_st params; bigint_t client_Y;} dh; struct {bigint_t srp_key; bigint_t srp_g; bigint_t srp_p; bigint_t A; bigint_t B; bigint_t u; bigint_t b; bigint_t a; bigint_t x;} srp;} tls12;} gnutls_key_st::proto' changed: + + type size changed from 8448 to 8576 (in bits) + + 1 data member change: + + type of 'struct {struct {gnutls_pk_params_st params; bigint_t x; bigint_t y; gnutls_datum_t raw;} ecdh; struct {gnutls_pk_params_st params; bigint_t client_Y;} dh; struct {bigint_t srp_key; bigint_t srp_g; bigint_t srp_p; bigint_t A; bigint_t B; bigint_t u; bigint_t b; bigint_t a; bigint_t x;} srp;} tls12' changed: + + type size changed from 8448 to 8576 (in bits) + + 3 data member changes: + + type of 'struct {gnutls_pk_params_st params; bigint_t x; bigint_t y; gnutls_datum_t raw;} ecdh' changed: + + type size changed from 4032 to 4096 (in bits) + + 3 data member changes (1 filtered): + + 'bigint_t x' offset changed from 3776 to 3840 (in bits) (by +64 bits) + + 'bigint_t y' offset changed from 3840 to 3904 (in bits) (by +64 bits) + + 'gnutls_datum_t raw' offset changed from 3904 to 3968 (in bits) (by +64 bits) + + + + type of 'struct {gnutls_pk_params_st params; bigint_t client_Y;} dh' changed: + + type size changed from 3840 to 3904 (in bits) + + 2 data member changes: + + + + 'bigint_t client_Y' offset changed from 3776 to 3840 (in bits) (by +64 bits) + + and offset changed from 4032 to 4096 (in bits) (by +64 bits) + + 'struct {bigint_t srp_key; bigint_t srp_g; bigint_t srp_p; bigint_t A; bigint_t B; bigint_t u; bigint_t b; bigint_t a; bigint_t x;} srp' offset changed from 7872 to 8000 (in bits) (by +128 bits) + + + + and offset changed from 11328 to 11520 (in bits) (by +192 bits) + + 'binder_data_st gnutls_key_st::binders[2]' offset changed from 19776 to 20096 (in bits) (by +320 bits) + + 'gnutls_datum_t gnutls_key_st::key' offset changed from 20288 to 20608 (in bits) (by +320 bits) + + 'uint8_t gnutls_key_st::session_ticket_key[64]' offset changed from 20416 to 20736 (in bits) (by +320 bits) + + 'uint8_t gnutls_key_st::previous_ticket_key[64]' offset changed from 20928 to 21248 (in bits) (by +320 bits) + + 'uint8_t gnutls_key_st::initial_stek[64]' offset changed from 21440 to 21760 (in bits) (by +320 bits) + + 'void* gnutls_key_st::auth_info' offset changed from 21952 to 22272 (in bits) (by +320 bits) + + 'gnutls_credentials_type_t gnutls_key_st::auth_info_type' offset changed from 22016 to 22336 (in bits) (by +320 bits) + + 'int gnutls_key_st::auth_info_size' offset changed from 22048 to 22368 (in bits) (by +320 bits) + + 'auth_cred_st* gnutls_key_st::cred' offset changed from 22080 to 22400 (in bits) (by +320 bits) + + 'struct {uint64_t last_result; uint8_t was_rotated; gnutls_stek_rotation_callback_t cb;} gnutls_key_st::totp' offset changed from 22144 to 22464 (in bits) (by +320 bits) + + and offset changed from 30080 to 36352 (in bits) (by +6272 bits) + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/grpc_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/grpc_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..cfab13cd53e3b6b1b666b381f6c162d2a357a11c --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/grpc_all_result.md @@ -0,0 +1,16252 @@ +# Functions changed info + +---------------diffs in grpc_libgrpc_unsecure.so.11.0.0_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 522 Removed, 951 Added function symbols not referenced by debug info + +Variable symbols changes summary: 28 Removed, 670 Added variable symbols not referenced by debug info + + + +SONAME changed from 'libgrpc_unsecure.so.7' to 'libgrpc_unsecure.so.11' + + + +522 Removed function symbols not referenced by debug info: + + + + [D] _Z10gpr_getenvPKc + + [D] _Z10gpr_setenvPKcS0_ + + [D] _Z10int64_ttoalPc + + [D] _Z11gpr_leftpadPKccm + + [D] _Z11gpr_memrchrPKvim + + [D] _Z11gpr_stricmpPKcS0_ + + [D] _Z11gpr_strjoinPPKcmPm + + [D] _Z12gpr_unsetenvPKc + + [D] _Z13gpr_mpscq_popP9gpr_mpscq + + [D] _Z14gpr_mpscq_initP9gpr_mpscq + + [D] _Z14gpr_mpscq_pushP9gpr_mpscqP14gpr_mpscq_node + + [D] _Z14gpr_strvec_addP10gpr_strvecPc + + [D] _Z14grpc_op_stringPK7grpc_op + + [D] _Z15gpr_default_logP17gpr_log_func_args + + [D] _Z15gpr_strjoin_sepPPKcmS0_Pm + + [D] _Z15gpr_strvec_initP10gpr_strvec + + [D] _Z16gpr_murmur_hash3PKvmj + + [D] _Z16gpr_string_splitPKcS0_PPPcPm + + [D] _Z16grpc_json_create14grpc_json_type + + [D] _Z17gpr_mpscq_destroyP9gpr_mpscq + + [D] _Z17gpr_reverse_bytesPci + + [D] _Z17grpc_combiner_refP13grpc_combiner + + [D] _Z17grpc_error_do_refP10grpc_error + + [D] _Z17grpc_event_stringP10grpc_event + + [D] _Z17grpc_json_destroyP9grpc_json + + [D] _Z18gpr_join_host_portPPcPKci + + [D] _Z18gpr_strvec_destroyP10gpr_strvec + + [D] _Z18gpr_strvec_flattenP10gpr_strvecPm + + [D] _Z18grpc_closure_schedP12grpc_closureP10grpc_error + + [D] _Z18grpc_connector_refP14grpc_connector + + [D] _Z18http_proxy_enabledPK17grpc_channel_args + + [D] _Z18pollset_set_createv + + [D] _Z19gpr_dump_return_lenPKcmjPm + + [D] _Z19gpr_format_timespec12gpr_timespec + + [D] _Z19gpr_split_host_portPKcPPcS2_ + + [D] _Z19grpc_call_log_batchPKci16gpr_log_severityP9grpc_callPK7grpc_opmPv + + [D] _Z19grpc_combiner_unrefP13grpc_combiner + + [D] _Z19grpc_error_do_unrefP10grpc_error + + [D] _Z19pollset_set_destroyP16grpc_pollset_set + + [D] _Z20gpr_locked_mpscq_popP16gpr_locked_mpscq + + [D] _Z20gpr_parse_bool_valuePKcPb + + [D] _Z20grpc_connector_unrefP14grpc_connector + + [D] _Z20grpc_cq_internal_refP21grpc_completion_queue + + [D] _Z20grpc_json_link_childP9grpc_jsonS0_S0_ + + [D] _Z20grpc_json_reader_runP16grpc_json_reader + + [D] _Z20grpc_mdelem_do_unref11grpc_mdelem + + [D] _Z20grpc_sockaddr_to_uriPK21grpc_resolved_address + + [D] _Z20grpc_stream_ref_initP20grpc_stream_refcountiPFvPvP10grpc_errorES1_ + + [D] _Z21gpr_locked_mpscq_initP16gpr_locked_mpscq + + [D] _Z21gpr_locked_mpscq_pushP16gpr_locked_mpscqP14gpr_mpscq_node + + [D] _Z21gpr_precise_clock_nowP12gpr_timespec + + [D] _Z21gpr_timer_set_enabledi + + [D] _Z21grpc_json_reader_initP16grpc_json_readerP23grpc_json_reader_vtablePv + + [D] _Z21grpc_json_writer_initP16grpc_json_writeriP23grpc_json_writer_vtablePv + + [D] _Z21grpc_tcp_server_startP15grpc_tcp_serverPP12grpc_pollsetmPFvPvP13grpc_endpointS2_P24grpc_tcp_server_acceptorES4_ + + [D] _Z21grpc_udp_server_startP15grpc_udp_serverPP12grpc_pollsetmPv + + [D] _Z22gpr_precise_clock_initv + + [D] _Z22gpr_timers_global_initv + + [D] _Z22grpc_call_internal_refP9grpc_call + + [D] _Z22grpc_chttp2_hptbl_initP17grpc_chttp2_hptbl + + [D] _Z22grpc_chttp2_stream_refP18grpc_chttp2_stream + + [D] _Z22grpc_connector_connectP14grpc_connectorPK20grpc_connect_in_argsP21grpc_connect_out_argsP12grpc_closure + + [D] _Z22grpc_cq_internal_unrefP21grpc_completion_queue + + [D] _Z22grpc_json_create_childP9grpc_jsonS0_PKcS2_14grpc_json_typeb + + [D] _Z22grpc_json_parse_stringPc + + [D] _Z22grpc_proxy_mapper_initPK24grpc_proxy_mapper_vtableP17grpc_proxy_mapper + + [D] _Z23done_published_shutdownPvP18grpc_cq_completion + + [D] _Z23grpc_combiner_schedulerP13grpc_combiner + + [D] _Z23grpc_connector_shutdownP14grpc_connectorP10grpc_error + + [D] _Z23grpc_lb_policy_xds_initv + + [D] _Z23grpc_sockaddr_to_stringPPcPK21grpc_resolved_addressi + + [D] _Z23grpc_stats_data_as_jsonPK15grpc_stats_data + + [D] _Z23pollset_set_add_pollsetP16grpc_pollset_setP12grpc_pollset + + [D] _Z23pollset_set_del_pollsetP16grpc_pollset_setP12grpc_pollset + + [D] _Z24gpr_locked_mpscq_destroyP16gpr_locked_mpscq + + [D] _Z24gpr_locked_mpscq_try_popP16gpr_locked_mpscq + + [D] _Z24grpc_call_internal_unrefP9grpc_call + + [D] _Z24grpc_channel_args_stringPK17grpc_channel_args + + [D] _Z24grpc_chttp2_hptbl_lookupPK17grpc_chttp2_hptblj + + [D] _Z24grpc_chttp2_stream_unrefP18grpc_chttp2_stream + + [D] _Z24grpc_json_dump_to_stringP9grpc_jsoni + + [D] _Z24grpc_server_add_listenerP11grpc_serverPvPFvS0_S1_PP12grpc_pollsetmEPFvS0_S1_P12grpc_closureEl + + [D] _Z24grpc_server_get_pollsetsP11grpc_serverPPP12grpc_pollsetPm + + [D] _Z24grpc_transport_op_stringP17grpc_transport_op + + [D] _Z24xds_grpclb_server_equalsPK18_grpc_lb_v1_ServerS1_ + + [D] _Z25gpr_parse_bytes_to_uint32PKcmPj + + [D] _Z25gpr_parse_nonnegative_intPKc + + [D] _Z25gpr_timers_global_destroyv + + [D] _Z25grpc_grpclb_server_equalsPK18_grpc_lb_v1_ServerS1_ + + [D] _Z25grpc_proxy_mapper_destroyP17grpc_proxy_mapper + + [D] _Z25xds_grpclb_request_createPKc + + [D] _Z25xds_grpclb_request_encodePK30_grpc_lb_v1_LoadBalanceRequest + + [D] _Z26custom_tcp_endpoint_createP18grpc_custom_socketP19grpc_resource_quotaPc + + [D] _Z26grpc_grpclb_request_createPKc + + [D] _Z26grpc_grpclb_request_encodePK30_grpc_lb_v1_LoadBalanceRequest + + [D] _Z26grpc_json_writer_value_rawP16grpc_json_writerPKc + + [D] _Z26grpc_mdelem_on_final_unref24grpc_mdelem_data_storagePvj + + [D] _Z26grpc_proxy_mapper_map_nameP17grpc_proxy_mapperPKcPK17grpc_channel_argsPPcPPS3_ + + [D] _Z26grpc_proxy_mapper_registerbP17grpc_proxy_mapper + + [D] _Z26grpc_tcp_client_prepare_fdPK17grpc_channel_argsPK21grpc_resolved_addressPS2_PP7grpc_fd + + [D] _Z26xds_grpclb_request_destroyP30_grpc_lb_v1_LoadBalanceRequest + + [D] _Z26xds_grpclb_serverlist_copyPK21xds_grpclb_serverlist + + [D] _Z27gpr_mpscq_pop_and_check_endP9gpr_mpscqPb + + [D] _Z27gpr_timers_set_log_filenamePKc + + [D] _Z27grpc_chttp2_server_add_portP11grpc_serverPKcP17grpc_channel_argsPi + + [D] _Z27grpc_connectivity_state_setP31grpc_connectivity_state_tracker23grpc_connectivity_statePKc + + [D] _Z27grpc_grpclb_request_destroyP30_grpc_lb_v1_LoadBalanceRequest + + [D] _Z27grpc_grpclb_serverlist_copyPK22grpc_grpclb_serverlist + + [D] _Z27grpc_json_writer_object_keyP16grpc_json_writerPKc + + [D] _Z27grpc_lb_policy_xds_shutdownv + + [D] _Z27grpc_proxy_mappers_map_namePKcPK17grpc_channel_argsPPcPPS1_ + + [D] _Z27grpc_server_setup_transportP11grpc_serverP14grpc_transportP12grpc_pollsetPK17grpc_channel_argsN9grpc_core13RefCountedPtrINS8_8channelz10SocketNodeEEEP18grpc_resource_user + + [D] _Z27pollset_set_add_pollset_setP16grpc_pollset_setS0_ + + [D] _Z27pollset_set_del_pollset_setP16grpc_pollset_setS0_ + + [D] _Z27xds_grpclb_duration_comparePK25_google_protobuf_DurationS1_ + + [D] _Z28grpc_chttp2_connector_createv + + [D] _Z28grpc_connectivity_state_initP31grpc_connectivity_state_tracker23grpc_connectivity_statePKc + + [D] _Z28grpc_connectivity_state_name23grpc_connectivity_state + + [D] _Z28grpc_grpclb_duration_comparePK25_google_protobuf_DurationS1_ + + [D] _Z28grpc_json_reader_is_completeP16grpc_json_reader + + [D] _Z28grpc_slice_from_moved_bufferSt10unique_ptrIcN9grpc_core13DefaultDeleteIcEEEm + + [D] _Z28grpc_slice_from_moved_stringSt10unique_ptrIcN9grpc_core13DefaultDeleteIcEEE + + [D] _Z28xds_grpclb_serverlist_equalsPK21xds_grpclb_serverlistS1_ + + [D] _Z29grpc_connectivity_state_checkP31grpc_connectivity_state_tracker + + [D] _Z29grpc_grpclb_serverlist_equalsPK22grpc_grpclb_serverlistS1_ + + [D] _Z29grpc_json_writer_value_stringP16grpc_json_writerPKc + + [D] _Z29grpc_proxy_mapper_map_addressP17grpc_proxy_mapperPK21grpc_resolved_addressPK17grpc_channel_argsPPS1_PPS4_ + + [D] _Z29xds_grpclb_destroy_serverlistP21xds_grpclb_serverlist + + [D] _Z29xds_grpclb_duration_to_millisP25_google_protobuf_Duration + + [D] _Z30grpc_grpclb_destroy_serverlistP22grpc_grpclb_serverlist + + [D] _Z30grpc_grpclb_duration_to_millisP25_google_protobuf_Duration + + [D] _Z30grpc_proxy_mappers_map_addressPK21grpc_resolved_addressPK17grpc_channel_argsPPS_PPS2_ + + [D] _Z31grpc_chttp2_add_incoming_goawayP21grpc_chttp2_transportjRK10grpc_slice + + [D] _Z31grpc_combiner_finally_schedulerP13grpc_combiner + + [D] _Z31grpc_connectivity_state_destroyP31grpc_connectivity_state_tracker + + [D] _Z31grpc_json_parse_string_with_lenPcm + + [D] _Z31grpc_json_writer_container_endsP16grpc_json_writer14grpc_json_type + + [D] _Z31grpc_proxy_mapper_registry_initv + + [D] _Z31grpc_register_http_proxy_mapperv + + [D] _Z33grpc_ares_ev_driver_create_lockedPP19grpc_ares_ev_driverP16grpc_pollset_setiP13grpc_combinerP17grpc_ares_request + + [D] _Z33grpc_base64_estimate_encoded_sizemii + + [D] _Z33grpc_chttp2_parsing_lookup_streamP21grpc_chttp2_transportj + + [D] _Z33grpc_json_add_number_string_childP9grpc_jsonS0_PKcl + + [D] _Z33grpc_json_writer_container_beginsP16grpc_json_writer14grpc_json_type + + [D] _Z33xds_grpclb_initial_response_parseRK10grpc_slice + + [D] _Z34grpc_grpclb_initial_response_parseRK10grpc_slice + + [D] _Z35grpc_json_writer_value_raw_with_lenP16grpc_json_writerPKcm + + [D] _Z35grpc_proxy_mapper_registry_shutdownv + + [D] _Z35grpc_server_populate_listen_socketsP11grpc_serverPN9grpc_core13InlinedVectorIlLm10EEE + + [D] _Z35grpc_server_populate_server_socketsP11grpc_serverPN9grpc_core13InlinedVectorIPNS1_8channelz10SocketNodeELm10EEEl + + [D] _Z35xds_grpclb_initial_response_destroyP38_grpc_lb_v1_InitialLoadBalanceResponse + + [D] _Z36gpr_global_config_get_grpc_verbosityv + + [D] _Z36gpr_global_config_set_grpc_verbosityPKc + + [D] _Z36grpc_connectivity_state_has_watchersP31grpc_connectivity_state_tracker + + [D] _Z36grpc_grpclb_initial_response_destroyP38_grpc_lb_v1_InitialLoadBalanceResponse + + [D] _Z36xds_grpclb_response_parse_serverlistRK10grpc_slice + + [D] _Z37grpc_grpclb_response_parse_serverlistRK10grpc_slice + + [D] _Z37grpc_sockaddr_to_uri_unix_if_possiblePK21grpc_resolved_address + + [D] _Z37grpc_transport_stream_op_batch_stringP30grpc_transport_stream_op_batch + + [D] _Z38grpc_grpclb_load_report_request_createPN9grpc_core17GrpcLbClientStatsE + + [D] _Z39grpc_cares_wrapper_address_sorting_sortPN9grpc_core13InlinedVectorINS_13ServerAddressELm1EEE + + [D] _Z39grpc_tcp_client_create_from_prepared_fdP16grpc_pollset_setP12grpc_closureP7grpc_fdPK17grpc_channel_argsPK21grpc_resolved_addresslPP13grpc_endpoint + + [D] _Z40grpc_deframe_unprocessed_incoming_framesP23grpc_chttp2_data_parserP18grpc_chttp2_streamP17grpc_slice_bufferP10grpc_slicePSt10unique_ptrIN9grpc_core10ByteStreamENS8_16OrphanableDeleteIS9_EEE + + [D] _Z41grpc_lb_policy_xds_modify_lb_channel_argsP17grpc_channel_args + + [D] _Z43grpc_channel_args_get_compression_algorithmPK17grpc_channel_args + + [D] _Z43grpc_channel_args_set_compression_algorithmP17grpc_channel_args26grpc_compression_algorithm + + [D] _Z44grpc_channel_get_reffed_status_elem_slowpathP12grpc_channeli + + [D] _Z44grpc_lb_policy_grpclb_modify_lb_channel_argsRKN9grpc_core13InlinedVectorINS_13ServerAddressELm1EEEP17grpc_channel_args + + [D] _Z44xds_grpclb_load_report_request_create_lockedPN9grpc_core16XdsLbClientStatsE + + [D] _Z46gpr_global_config_get_grpc_enable_fork_supportv + + [D] _Z46gpr_global_config_set_grpc_enable_fork_supportb + + [D] _Z46grpc_connectivity_state_notify_on_state_changeP31grpc_connectivity_state_trackerP23grpc_connectivity_stateP12grpc_closure + + [D] _Z74grpc_dns_lookup_ares_continue_after_check_localhost_and_ip_literals_lockedP17grpc_ares_requestPKcS2_S2_P16grpc_pollset_setbiP13grpc_combiner + + [D] _Z8gpr_dumpPKcmj + + [D] _Z8gpr_ltoalPc + + [D] _Z8tcp_sendiPK6msghdr + + [D] _ZN15GrpcUdpListener14StartListeningEPP12grpc_pollsetmP21GrpcUdpHandlerFactory + + [D] _ZN9grpc_core10HandshakerD0Ev + + [D] _ZN9grpc_core10HandshakerD1Ev + + [D] _ZN9grpc_core10HandshakerD2Ev, aliases _ZN9grpc_core10HandshakerD1Ev + + [D] _ZN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcher15OnHealthChangedEPvP10grpc_error + + [D] _ZN9grpc_core10Subchannel16HealthWatcherMap16AddWatcherLockedEPS0_23grpc_connectivity_stateSt10unique_ptrIcNS_13DefaultDeleteIcEEES4_INS_19SubchannelInterface24ConnectivityStateWatcherENS5_IS9_EEE + + [D] _ZN9grpc_core10Subchannel16HealthWatcherMap19RemoveWatcherLockedEPKcPNS_19SubchannelInterface24ConnectivityStateWatcherE + + [D] _ZN9grpc_core10Subchannel18GetChildSocketUuidEv + + [D] _ZN9grpc_core10Subchannel22WatchConnectivityStateE23grpc_connectivity_stateSt10unique_ptrIcNS_13DefaultDeleteIcEEES2_INS_19SubchannelInterface24ConnectivityStateWatcherENS3_IS7_EEE + + [D] _ZN9grpc_core10Subchannel28CancelConnectivityStateWatchEPKcPNS_19SubchannelInterface24ConnectivityStateWatcherE + + [D] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherList16AddWatcherLockedESt10unique_ptrINS_19SubchannelInterface24ConnectivityStateWatcherENS_13DefaultDeleteIS4_EEE + + [D] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherList19RemoveWatcherLockedEPNS_19SubchannelInterface24ConnectivityStateWatcherE + + [D] _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcher21OnConnectivityChangedEPvP10grpc_error + + [D] _ZN9grpc_core10Subchannel3RefEv + + [D] _ZN9grpc_core10Subchannel5UnrefEv + + [D] _ZN9grpc_core10Subchannel6CreateEP14grpc_connectorPK17grpc_channel_args + + [D] _ZN9grpc_core10Subchannel7WeakRefEv + + [D] _ZN9grpc_core10Subchannel9RefMutateEli + + [D] _ZN9grpc_core10Subchannel9WeakUnrefEv + + [D] _ZN9grpc_core10SubchannelC1EPNS_13SubchannelKeyEP14grpc_connectorPK17grpc_channel_args, aliases _ZN9grpc_core10SubchannelC2EPNS_13SubchannelKeyEP14grpc_connectorPK17grpc_channel_args + + [D] _ZN9grpc_core10SubchannelC2EPNS_13SubchannelKeyEP14grpc_connectorPK17grpc_channel_args + + [D] _ZN9grpc_core12CallCombiner4StopEPKc + + [D] _ZN9grpc_core12CallCombiner5StartEP12grpc_closureP10grpc_errorPKc + + [D] _ZN9grpc_core12FakeResolver24ReturnReresolutionResultEPvP10grpc_error + + [D] _ZN9grpc_core12GrpcPolledFdD0Ev + + [D] _ZN9grpc_core12GrpcPolledFdD1Ev + + [D] _ZN9grpc_core12GrpcPolledFdD2Ev, aliases _ZN9grpc_core12GrpcPolledFdD1Ev + + [D] _ZN9grpc_core13ServiceConfig12ParsedConfigD0Ev + + [D] _ZN9grpc_core13ServiceConfig12ParsedConfigD1Ev + + [D] _ZN9grpc_core13ServiceConfig12ParsedConfigD2Ev, aliases _ZN9grpc_core13ServiceConfig12ParsedConfigD1Ev + + [D] _ZN9grpc_core13ServiceConfig14RegisterParserESt10unique_ptrINS0_6ParserENS_13DefaultDeleteIS2_EEE + + [D] _ZN9grpc_core13ServiceConfig17ParseGlobalParamsEPK9grpc_json + + [D] _ZN9grpc_core13ServiceConfig19ParseJsonMethodNameEP9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core13ServiceConfig20ParsePerMethodParamsEPK9grpc_json + + [D] _ZN9grpc_core13ServiceConfig24CountNamesInMethodConfigEP9grpc_json + + [D] _ZN9grpc_core13ServiceConfig27GetMethodParsedConfigVectorERK10grpc_slice + + [D] _ZN9grpc_core13ServiceConfig47ParseJsonMethodConfigToServiceConfigVectorTableEPK9grpc_jsonPNS_14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS0_12ParsedConfigENS_13DefaultDeleteIS7_EEELm4EEEE5EntryEPm + + [D] _ZN9grpc_core13ServiceConfig4InitEv + + [D] _ZN9grpc_core13ServiceConfig6CreateEPKcPP10grpc_error + + [D] _ZN9grpc_core13ServiceConfig6Parser17ParseGlobalParamsEPK9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core13ServiceConfig6Parser20ParsePerMethodParamsEPK9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core13ServiceConfig6ParserD0Ev + + [D] _ZN9grpc_core13ServiceConfig6ParserD1Ev, aliases _ZN9grpc_core13ServiceConfig6ParserD2Ev + + [D] _ZN9grpc_core13ServiceConfig6ParserD2Ev + + [D] _ZN9grpc_core13ServiceConfig8ShutdownEv + + [D] _ZN9grpc_core13ServiceConfigC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEES4_P9grpc_jsonPP10grpc_error, aliases _ZN9grpc_core13ServiceConfigC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEES4_P9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core13ServiceConfigC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEES4_P9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEEC1EmPNSB_5EntryEPFiRKSA_SF_E + + [D] _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEEC2EmPNSB_5EntryEPFiRKSA_SF_E, aliases _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEEC1EmPNSB_5EntryEPFiRKSA_SF_E + + [D] _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEED0Ev + + [D] _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEED1Ev + + [D] _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEED2Ev, aliases _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEED1Ev + + [D] _ZN9grpc_core15ByteStreamCacheC1ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteIS2_EEE + + [D] _ZN9grpc_core15ByteStreamCacheC2ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteIS2_EEE, aliases _ZN9grpc_core15ByteStreamCacheC1ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteIS2_EEE + + [D] _ZN9grpc_core15GlobalConfigEnv5UnsetEv + + [D] _ZN9grpc_core15GlobalConfigEnv7GetNameEv + + [D] _ZN9grpc_core15GlobalConfigEnv8GetValueEv + + [D] _ZN9grpc_core15GlobalConfigEnv8SetValueEPKc + + [D] _ZN9grpc_core15ResolverFactoryD0Ev + + [D] _ZN9grpc_core15ResolverFactoryD1Ev, aliases _ZN9grpc_core15ResolverFactoryD2Ev + + [D] _ZN9grpc_core15ResolverFactoryD2Ev + + [D] _ZN9grpc_core16ResolverRegistry14CreateResolverEPKcPK17grpc_channel_argsP16grpc_pollset_setP13grpc_combinerSt10unique_ptrINS_8Resolver13ResultHandlerENS_13DefaultDeleteISC_EEE + + [D] _ZN9grpc_core16ResolverRegistry7Builder23RegisterResolverFactoryESt10unique_ptrINS_15ResolverFactoryENS_13DefaultDeleteIS3_EEE + + [D] _ZN9grpc_core16XdsLbClientStats14AddCallStartedEv + + [D] _ZN9grpc_core16XdsLbClientStats15AddCallFinishedEbb + + [D] _ZN9grpc_core16XdsLbClientStats20AddCallDroppedLockedEPc + + [D] _ZN9grpc_core16XdsLbClientStats9GetLockedEPlS1_S1_S1_PSt10unique_ptrINS_13InlinedVectorINS0_14DropTokenCountELm10EEENS_13DefaultDeleteIS5_EEE + + [D] _ZN9grpc_core16XdsLbClientStatsD0Ev + + [D] _ZN9grpc_core16XdsLbClientStatsD1Ev + + [D] _ZN9grpc_core16XdsLbClientStatsD2Ev, aliases _ZN9grpc_core16XdsLbClientStatsD1Ev + + [D] _ZN9grpc_core17GrpcLbClientStats3GetEPlS1_S1_S1_PSt10unique_ptrINS_13InlinedVectorINS0_14DropTokenCountELm10EEENS_13DefaultDeleteIS5_EEE + + [D] _ZN9grpc_core17GrpcLbClientStats7DestroyEPv + + [D] _ZN9grpc_core17HandshakerFactoryD0Ev + + [D] _ZN9grpc_core17HandshakerFactoryD1Ev, aliases _ZN9grpc_core17HandshakerFactoryD2Ev + + [D] _ZN9grpc_core17HandshakerFactoryD2Ev + + [D] _ZN9grpc_core17HealthCheckClient15SetHealthStatusE23grpc_connectivity_stateP10grpc_error + + [D] _ZN9grpc_core17HealthCheckClient15StartRetryTimerEv + + [D] _ZN9grpc_core17HealthCheckClient20NotifyOnHealthChangeEP23grpc_connectivity_stateP12grpc_closure + + [D] _ZN9grpc_core17HealthCheckClient21SetHealthStatusLockedE23grpc_connectivity_stateP10grpc_error + + [D] _ZN9grpc_core17HealthCheckClient9CallState14CallEndedRetryEPvP10grpc_error + + [D] _ZN9grpc_core17HealthCheckClient9CallState9CallEndedEb + + [D] _ZN9grpc_core17HealthCheckClientC1EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEE + + [D] _ZN9grpc_core17HealthCheckClientC2EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEE, aliases _ZN9grpc_core17HealthCheckClientC1EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEE + + [D] _ZN9grpc_core17MessageSizeParser20ParsePerMethodParamsEPK9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core18HandshakerRegistry25RegisterHandshakerFactoryEbNS_14HandshakerTypeESt10unique_ptrINS_17HandshakerFactoryENS_13DefaultDeleteIS3_EEE + + [D] _ZN9grpc_core19ConnectedSubchannel10CreateCallERKNS0_8CallArgsEPP10grpc_error + + [D] _ZN9grpc_core19ConnectedSubchannel19NotifyOnStateChangeEP16grpc_pollset_setP23grpc_connectivity_stateP12grpc_closure + + [D] _ZN9grpc_core19ConnectedSubchannelC1EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEEl + + [D] _ZN9grpc_core19ConnectedSubchannelC2EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEEl, aliases _ZN9grpc_core19ConnectedSubchannelC1EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEEl + + [D] _ZN9grpc_core19GlobalConfigEnvBool3GetEv + + [D] _ZN9grpc_core19GlobalConfigEnvBool3SetEb + + [D] _ZN9grpc_core19GrpcPolledFdFactoryD0Ev + + [D] _ZN9grpc_core19GrpcPolledFdFactoryD1Ev, aliases _ZN9grpc_core19GrpcPolledFdFactoryD2Ev + + [D] _ZN9grpc_core19GrpcPolledFdFactoryD2Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy11QueuePicker12CallExitIdleEPvP10grpc_error + + [D] _ZN9grpc_core19LoadBalancingPolicy12UpdateLockedENS0_10UpdateArgsE + + [D] _ZN9grpc_core19LoadBalancingPolicy14ShutdownLockedEv + + [D] _ZN9grpc_core19LoadBalancingPolicy18ResetBackoffLockedEv + + [D] _ZN9grpc_core19LoadBalancingPolicy20ChannelControlHelper13AddTraceEventENS1_13TraceSeverityEPKc + + [D] _ZN9grpc_core19LoadBalancingPolicy20ChannelControlHelperD0Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy20ChannelControlHelperD1Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy20ChannelControlHelperD2Ev, aliases _ZN9grpc_core19LoadBalancingPolicy20ChannelControlHelperD1Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy22ShutdownAndUnrefLockedEPvP10grpc_error + + [D] _ZN9grpc_core19LoadBalancingPolicy6ConfigD0Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy6ConfigD1Ev, aliases _ZN9grpc_core19LoadBalancingPolicy6ConfigD2Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy6ConfigD2Ev + + [D] _ZN9grpc_core19SubchannelInterface24ConnectivityStateWatcherD0Ev + + [D] _ZN9grpc_core19SubchannelInterface24ConnectivityStateWatcherD1Ev, aliases _ZN9grpc_core19SubchannelInterface24ConnectivityStateWatcherD2Ev + + [D] _ZN9grpc_core19SubchannelInterface24ConnectivityStateWatcherD2Ev + + [D] _ZN9grpc_core19SubchannelInterfaceD0Ev + + [D] _ZN9grpc_core19SubchannelInterfaceD1Ev, aliases _ZN9grpc_core19SubchannelInterfaceD2Ev + + [D] _ZN9grpc_core19SubchannelInterfaceD2Ev + + [D] _ZN9grpc_core20GlobalConfigEnvInt323GetEv + + [D] _ZN9grpc_core20GlobalConfigEnvInt323SetEi + + [D] _ZN9grpc_core21GlobalConfigEnvString3GetEv + + [D] _ZN9grpc_core21GlobalConfigEnvString3SetEPKc + + [D] _ZN9grpc_core22NewGrpcPolledFdFactoryEP13grpc_combiner + + [D] _ZN9grpc_core23SubchannelPoolInterfaceD0Ev + + [D] _ZN9grpc_core23SubchannelPoolInterfaceD1Ev + + [D] _ZN9grpc_core23SubchannelPoolInterfaceD2Ev, aliases _ZN9grpc_core23SubchannelPoolInterfaceD1Ev + + [D] _ZN9grpc_core24GrpcPolledFdFactoryPosix21NewGrpcPolledFdLockedEiP16grpc_pollset_setP13grpc_combiner + + [D] _ZN9grpc_core26LoadBalancingPolicyFactoryD0Ev + + [D] _ZN9grpc_core26LoadBalancingPolicyFactoryD1Ev, aliases _ZN9grpc_core26LoadBalancingPolicyFactoryD2Ev + + [D] _ZN9grpc_core26LoadBalancingPolicyFactoryD2Ev + + [D] _ZN9grpc_core27LoadBalancingPolicyRegistry24ParseLoadBalancingConfigEPK9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core27LoadBalancingPolicyRegistry7Builder34RegisterLoadBalancingPolicyFactoryESt10unique_ptrINS_26LoadBalancingPolicyFactoryENS_13DefaultDeleteIS3_EEE + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy20CreateLbPolicyLockedEPKcRK17grpc_channel_argsPNS_13InlinedVectorIPcLm3EEE + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy20StartResolvingLockedEv + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelper11UpdateStateE23grpc_connectivity_stateSt10unique_ptrINS_19LoadBalancingPolicy16SubchannelPickerENS_13DefaultDeleteIS5_EEE + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelper13CreateChannelEPKcRK17grpc_channel_args + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy28CreateOrUpdateLbPolicyLockedEPKcNS_13RefCountedPtrINS_19LoadBalancingPolicy6ConfigEEENS_8Resolver6ResultEPNS_13InlinedVectorIPcLm3EEE + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy44MaybeAddTraceMessagesForAddressChangesLockedEbPNS_13InlinedVectorIPcLm3EEE + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy4InitERK17grpc_channel_args + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicyC1ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEEPFbPvRKNS_8Resolver6ResultEPPKcPNS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_errorES9_SN_ + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicyC1ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEES8_NS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_error, aliases _ZN9grpc_core28ResolvingLoadBalancingPolicyC2ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEES8_NS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_error + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicyC2ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEEPFbPvRKNS_8Resolver6ResultEPPKcPNS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_errorES9_SN_, aliases _ZN9grpc_core28ResolvingLoadBalancingPolicyC1ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEEPFbPvRKNS_8Resolver6ResultEPPKcPNS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_errorES9_SN_ + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicyC2ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEES8_NS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_error + + [D] _ZN9grpc_core29FakeResolverResponseGenerator16SetFailureLockedEPvP10grpc_error + + [D] _ZN9grpc_core29FakeResolverResponseGenerator17SetResponseLockedEPvP10grpc_error + + [D] _ZN9grpc_core29FakeResolverResponseGenerator29SetReresolutionResponseLockedEPvP10grpc_error + + [D] _ZN9grpc_core31SetGlobalConfigEnvErrorFunctionEPFvPKcE + + [D] _ZN9grpc_core34Chttp2InsecureClientChannelFactory13CreateChannelEPKcPK17grpc_channel_args + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE10RotateLeftEPNSB_5EntryE + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE11RotateRightEPNSB_5EntryE + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE15InsertRecursiveEPNSB_5EntryEOSt4pairIS2_S9_E + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE15RemoveRecursiveEPNSB_5EntryERKS2_ + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE26RebalanceTreeAfterDeletionEPNSB_5EntryE + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE27RebalanceTreeAfterInsertionEPNSB_5EntryERKS2_ + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE4findERKS2_ + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE5eraseENSB_8iteratorE + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE10RotateLeftEPNS5_5EntryE + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE11RotateRightEPNS5_5EntryE + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE15InsertRecursiveEPNS5_5EntryEOSt4pairIS2_iE + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE15RemoveRecursiveEPNS5_5EntryERKS2_ + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE26RebalanceTreeAfterDeletionEPNS5_5EntryE + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE27RebalanceTreeAfterInsertionEPNS5_5EntryERKS2_ + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE5eraseENS5_8iteratorE + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE10RotateLeftEPNSA_5EntryE + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE11RotateRightEPNSA_5EntryE + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE15InsertRecursiveEPNSA_5EntryEOSt4pairIS3_S7_E + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE15RemoveRecursiveEPNSA_5EntryERKS3_ + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE26RebalanceTreeAfterDeletionEPNSA_5EntryE + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE27RebalanceTreeAfterInsertionEPNSA_5EntryERKS3_ + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE5eraseENSA_8iteratorE + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE10RotateLeftEPNS6_5EntryE + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE11RotateRightEPNS6_5EntryE + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE15InsertRecursiveEPNS6_5EntryEOSt4pairIlS3_E + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE15RemoveRecursiveEPNS6_5EntryERKl + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE26RebalanceTreeAfterDeletionEPNS6_5EntryE + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE27RebalanceTreeAfterInsertionEPNS6_5EntryERKl + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE5eraseENS6_8iteratorE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE10RotateLeftEPNS3_5EntryE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE11RotateRightEPNS3_5EntryE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE15InsertRecursiveEPNS3_5EntryEOSt4pairIlbE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE15RemoveRecursiveEPNS3_5EntryERKl + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE26RebalanceTreeAfterDeletionEPNS3_5EntryE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE27RebalanceTreeAfterInsertionEPNS3_5EntryERKl + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE5eraseENS3_8iteratorE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE5eraseERKl + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE7emplaceIJSt4pairIlbEEEES5_INS3_8iteratorEbEDpOT_ + + [D] _ZN9grpc_core4Fork10GlobalInitEv + + [D] _ZN9grpc_core4Fork12AllowExecCtxEv + + [D] _ZN9grpc_core4Fork12AwaitThreadsEv + + [D] _ZN9grpc_core4Fork12BlockExecCtxEv + + [D] _ZN9grpc_core4Fork14DecThreadCountEv + + [D] _ZN9grpc_core4Fork14GlobalShutdownEv + + [D] _ZN9grpc_core4Fork14IncThreadCountEv + + [D] _ZN9grpc_core4Fork15DecExecCtxCountEv + + [D] _ZN9grpc_core4Fork15IncExecCtxCountEv + + [D] _ZN9grpc_core4Fork30GetResetChildPollingEngineFuncEv + + [D] _ZN9grpc_core4Fork30SetResetChildPollingEngineFuncEPFvvE + + [D] _ZN9grpc_core4Fork6EnableEb + + [D] _ZN9grpc_core4Fork7EnabledEv + + [D] _ZN9grpc_core5Arena15CreateWithAllocEmm + + [D] _ZN9grpc_core5Arena6CreateEm + + [D] _ZN9grpc_core5Arena7DestroyEv + + [D] _ZN9grpc_core5Arena9AllocZoneEm + + [D] _ZN9grpc_core5ArenaD1Ev + + [D] _ZN9grpc_core5ArenaD2Ev, aliases _ZN9grpc_core5ArenaD1Ev + + [D] _ZN9grpc_core6ThreadC1EPKcPFvPvES3_PbRKNS0_7OptionsE, aliases _ZN9grpc_core6ThreadC2EPKcPFvPvES3_PbRKNS0_7OptionsE + + [D] _ZN9grpc_core6ThreadC2EPKcPFvPvES3_PbRKNS0_7OptionsE + + [D] _ZN9grpc_core8Executor9SchedulerENS_12ExecutorTypeENS_15ExecutorJobTypeE + + [D] _ZN9grpc_core8Executor9SchedulerENS_15ExecutorJobTypeE + + [D] _ZN9grpc_core8Resolver11StartLockedEv + + [D] _ZN9grpc_core8Resolver13ResultHandlerD0Ev + + [D] _ZN9grpc_core8Resolver13ResultHandlerD1Ev + + [D] _ZN9grpc_core8Resolver13ResultHandlerD2Ev, aliases _ZN9grpc_core8Resolver13ResultHandlerD1Ev + + [D] _ZN9grpc_core8Resolver14ShutdownLockedEv + + [D] _ZN9grpc_core8Resolver22ShutdownAndUnrefLockedEPvP10grpc_error + + [D] _ZN9grpc_core8ResolverC1EP13grpc_combinerSt10unique_ptrINS0_13ResultHandlerENS_13DefaultDeleteIS4_EEE + + [D] _ZN9grpc_core8ResolverC2EP13grpc_combinerSt10unique_ptrINS0_13ResultHandlerENS_13DefaultDeleteIS4_EEE, aliases _ZN9grpc_core8ResolverC1EP13grpc_combinerSt10unique_ptrINS0_13ResultHandlerENS_13DefaultDeleteIS4_EEE + + [D] _ZN9grpc_core8channelz10ServerNode19RenderServerSocketsEll + + [D] _ZN9grpc_core8channelz10SocketNodeC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEES5_ + + [D] _ZN9grpc_core8channelz10SocketNodeC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEES5_, aliases _ZN9grpc_core8channelz10SocketNodeC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEES5_ + + [D] _ZN9grpc_core8channelz11ChannelNode17PopulateChildRefsEP9grpc_json + + [D] _ZN9grpc_core8channelz11ChannelNodeC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEEml, aliases _ZN9grpc_core8channelz11ChannelNodeC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEEml + + [D] _ZN9grpc_core8channelz11ChannelNodeC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEEml + + [D] _ZN9grpc_core8channelz14SubchannelNode25PopulateConnectivityStateEP9grpc_json + + [D] _ZN9grpc_core8channelz14SubchannelNodeC1EPNS_10SubchannelEm + + [D] _ZN9grpc_core8channelz14SubchannelNodeC2EPNS_10SubchannelEm, aliases _ZN9grpc_core8channelz14SubchannelNodeC1EPNS_10SubchannelEm + + [D] _ZN9grpc_core8channelz16ChannelzRegistry18InternalGetServersEl + + [D] _ZN9grpc_core8channelz16ChannelzRegistry22InternalGetTopChannelsEl + + [D] _ZN9grpc_core8channelz16ListenSocketNodeC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEE + + [D] _ZN9grpc_core8channelz16ListenSocketNodeC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEE, aliases _ZN9grpc_core8channelz16ListenSocketNodeC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEE + + [D] _ZN9grpc_core8channelz18CallCountingHelper18PopulateCallCountsEP9grpc_json + + [D] _ZN9grpc_core8channelz18CallCountingHelperD1Ev + + [D] _ZN9grpc_core8channelz18CallCountingHelperD2Ev, aliases _ZN9grpc_core8channelz18CallCountingHelperD1Ev + + [D] _ZN9grpc_core8channelz8BaseNode10RenderJsonEv + + [D] _ZN9grpc_core8channelz8BaseNode16RenderJsonStringEv + + [D] _ZN9grpc_core8channelz8BaseNodeC1ENS1_10EntityTypeE + + [D] _ZN9grpc_core8channelz8BaseNodeC2ENS1_10EntityTypeE, aliases _ZN9grpc_core8channelz8BaseNodeC1ENS1_10EntityTypeE + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD0Ev + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD1Ev, aliases _ZN9grpc_core8internal24ThreadInternalsInterfaceD2Ev + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD2Ev + + [D] _ZN9grpc_core8internal32ClientChannelServiceConfigParser17ParseGlobalParamsEPK9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core8internal32ClientChannelServiceConfigParser20ParsePerMethodParamsEPK9grpc_jsonPP10grpc_error + + [D] _ZNK9grpc_core13ServerAddress10IsBalancerEv + + [D] _ZNK9grpc_core13ServerAddresseqERKS0_ + + [D] _ZNK9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEE3GetERK10grpc_slice + + [D] _ZNK9grpc_core19ConnectedSubchannel4argsEv + + [D] _ZNK9grpc_core19LoadBalancingPolicy4nameEv + + [D] _ZNK9grpc_core28ResolvingLoadBalancingPolicy35ConcatenateAndAddChannelTraceLockedEPNS_13InlinedVectorIPcLm3EEE + + [D] _ZNK9grpc_core8channelz12ChannelTrace10TraceEvent16RenderTraceEventEP9grpc_json + + [D] _ZNSt3_V28__rotateIPSt10unique_ptrIN9grpc_core17HandshakerFactoryENS2_13DefaultDeleteIS3_EEEEET_S8_S8_S8_St26random_access_iterator_tag + + [D] address_sorting_abstract_get_family + + [D] address_sorting_create_source_addr_factory_for_current_platform + + [D] address_sorting_get_source_addr_for_testing + + [D] address_sorting_init + + [D] address_sorting_override_source_addr_factory_for_testing + + [D] address_sorting_rfc_6724_sort + + [D] address_sorting_shutdown + + [D] gpr_asprintf + + [D] gpr_atm_no_barrier_clamped_add + + [D] gpr_convert_clock_type + + [D] gpr_cpu_current_cpu + + [D] gpr_cpu_num_cores + + [D] gpr_cv_broadcast + + [D] gpr_cv_destroy + + [D] gpr_cv_init + + [D] gpr_cv_signal + + [D] gpr_cv_wait + + [D] gpr_event_get + + [D] gpr_event_init + + [D] gpr_event_set + + [D] gpr_event_wait + + [D] gpr_free + + [D] gpr_free_aligned + + [D] gpr_get_allocation_functions + + [D] gpr_inf_future + + [D] gpr_inf_past + + [D] gpr_log + + [D] gpr_log_message + + [D] gpr_log_severity_string + + [D] gpr_log_verbosity_init + + [D] gpr_malloc + + [D] gpr_malloc_aligned + + [D] gpr_mu_destroy + + [D] gpr_mu_init + + [D] gpr_mu_lock + + [D] gpr_mu_trylock + + [D] gpr_mu_unlock + + [D] gpr_now + + [D] gpr_once_init + + [D] gpr_realloc + + [D] gpr_ref + + [D] gpr_ref_init + + [D] gpr_ref_is_unique + + [D] gpr_ref_non_zero + + [D] gpr_refn + + [D] gpr_set_allocation_functions + + [D] gpr_set_log_function + + [D] gpr_set_log_verbosity + + [D] gpr_should_log + + [D] gpr_sleep_until + + [D] gpr_stats_inc + + [D] gpr_stats_init + + [D] gpr_stats_read + + [D] gpr_strdup + + [D] gpr_thd_currentid + + [D] gpr_time_0 + + [D] gpr_time_add + + [D] gpr_time_cmp + + [D] gpr_time_from_hours + + [D] gpr_time_from_micros + + [D] gpr_time_from_millis + + [D] gpr_time_from_minutes + + [D] gpr_time_from_nanos + + [D] gpr_time_from_seconds + + [D] gpr_time_init + + [D] gpr_time_max + + [D] gpr_time_min + + [D] gpr_time_similar + + [D] gpr_time_sub + + [D] gpr_time_to_millis + + [D] gpr_timespec_to_micros + + [D] gpr_unref + + [D] gpr_zalloc + + [D] pb_close_string_substream + + [D] pb_decode + + [D] pb_decode_delimited + + [D] pb_decode_fixed32 + + [D] pb_decode_fixed64 + + [D] pb_decode_noinit + + [D] pb_decode_svarint + + [D] pb_decode_tag + + [D] pb_decode_varint + + [D] pb_encode + + [D] pb_encode_delimited + + [D] pb_encode_fixed32 + + [D] pb_encode_fixed64 + + [D] pb_encode_string + + [D] pb_encode_submessage + + [D] pb_encode_svarint + + [D] pb_encode_tag + + [D] pb_encode_tag_for_field + + [D] pb_encode_varint + + [D] pb_field_iter_begin + + [D] pb_field_iter_find + + [D] pb_field_iter_next + + [D] pb_get_encoded_size + + [D] pb_istream_from_buffer + + [D] pb_make_string_substream + + [D] pb_ostream_from_buffer + + [D] pb_read + + [D] pb_skip_field + + [D] pb_write + + + +951 Added function symbols not referenced by debug info: + + + + [A] _Z12grpc_cq_initv + + [A] _Z15grpc_mdelem_ref11grpc_mdelemPKci + + [A] _Z15grpc_stream_refP20grpc_stream_refcountPKc + + [A] _Z16functor_callbackPvP10grpc_error + + [A] _Z16grpc_cq_shutdownv + + [A] _Z17grpc_combiner_refPN9grpc_core8CombinerEPKciS3_ + + [A] _Z17grpc_error_do_refP10grpc_errorPKci + + [A] _Z17grpc_event_stringB5cxx11P10grpc_event + + [A] _Z17grpc_stream_unrefP20grpc_stream_refcountPKc + + [A] _Z18grpc_mdelem_createRKN9grpc_core19StaticMetadataSliceERK10grpc_sliceP16grpc_mdelem_data + + [A] _Z19grpc_call_log_batchPKci16gpr_log_severityPK7grpc_opm + + [A] _Z19grpc_combiner_unrefPN9grpc_core8CombinerEPKciS3_ + + [A] _Z19grpc_error_do_unrefP10grpc_errorPKci + + [A] _Z20grpc_cq_internal_refP21grpc_completion_queuePKcS2_i + + [A] _Z20grpc_mdelem_do_unref11grpc_mdelemPKci + + [A] _Z20grpc_sockaddr_to_uriB5cxx11PK21grpc_resolved_address + + [A] _Z20grpc_stream_ref_initP20grpc_stream_refcountiPFvPvP10grpc_errorES1_PKc + + [A] _Z21grpc_mdelem_trace_refPvRK10grpc_sliceS2_lPKci + + [A] _Z21grpc_slice_sub_no_refRKN9grpc_core20UnmanagedMemorySliceEmm + + [A] _Z21grpc_tcp_server_startP15grpc_tcp_serverPKSt6vectorIP12grpc_pollsetSaIS3_EEPFvPvP13grpc_endpointS3_P24grpc_tcp_server_acceptorES8_ + + [A] _Z21grpc_udp_server_startP15grpc_udp_serverPKSt6vectorIP12grpc_pollsetSaIS3_EEPv + + [A] _Z22grpc_call_internal_refP9grpc_callPKc + + [A] _Z22grpc_chttp2_stream_refP18grpc_chttp2_streamPKc + + [A] _Z22grpc_cq_internal_unrefP21grpc_completion_queuePKcS2_i + + [A] _Z22grpc_iomgr_non_pollingv + + [A] _Z22grpc_resolver_xds_initv + + [A] _Z23grpc_lb_policy_cds_initv + + [A] _Z23grpc_lb_policy_eds_initv + + [A] _Z23grpc_lb_policy_lrs_initv + + [A] _Z23grpc_mdelem_from_slicesRKN9grpc_core18ManagedMemorySliceES2_ + + [A] _Z23grpc_mdelem_from_slicesRKN9grpc_core19StaticMetadataSliceERK10grpc_slice + + [A] _Z23grpc_mdelem_from_slicesRKN9grpc_core19StaticMetadataSliceERKNS_18ManagedMemorySliceE + + [A] _Z23grpc_mdelem_from_slicesRKN9grpc_core19StaticMetadataSliceES2_ + + [A] _Z23grpc_mdelem_trace_unrefPvRK10grpc_sliceS2_lPKci + + [A] _Z23grpc_sockaddr_to_stringB5cxx11PK21grpc_resolved_addressb + + [A] _Z23grpc_stats_data_as_jsonB5cxx11PK15grpc_stats_data + + [A] _Z24grpc_call_internal_unrefP9grpc_callPKc + + [A] _Z24grpc_channel_args_stringB5cxx11PK17grpc_channel_args + + [A] _Z24grpc_chttp2_stream_unrefP18grpc_chttp2_streamPKc + + [A] _Z24grpc_server_add_listenerP11grpc_serverSt10unique_ptrIN9grpc_core23ServerListenerInterfaceENS2_16OrphanableDeleteEE + + [A] _Z24grpc_server_get_pollsetsP11grpc_server + + [A] _Z24grpc_set_socket_zerocopyi + + [A] _Z24grpc_transport_op_stringB5cxx11P17grpc_transport_op + + [A] _Z25grpc_set_socket_dualstacki + + [A] _Z26custom_tcp_endpoint_createP18grpc_custom_socketP19grpc_resource_quotaPKc + + [A] _Z26grpc_mdelem_on_final_unref24grpc_mdelem_data_storagePvjPKci + + [A] _Z26grpc_metadata_batch_removeP19grpc_metadata_batch34grpc_metadata_batch_callouts_index + + [A] _Z26grpc_resolver_xds_shutdownv + + [A] _Z26grpc_slice_from_cpp_stringNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _Z26grpc_tcp_client_prepare_fdPK17grpc_channel_argsPK21grpc_resolved_addressPS2_Pi + + [A] _Z27grpc_channel_args_find_boolPK17grpc_channel_argsPKcb + + [A] _Z27grpc_lb_policy_cds_shutdownv + + [A] _Z27grpc_lb_policy_eds_shutdownv + + [A] _Z27grpc_lb_policy_lrs_shutdownv + + [A] _Z27grpc_server_setup_transportP11grpc_serverP14grpc_transportP12grpc_pollsetPK17grpc_channel_argsRKN9grpc_core13RefCountedPtrINS8_8channelz10SocketNodeEEEP18grpc_resource_user + + [A] _Z28grpc_chttp2_reset_ping_clockP21grpc_chttp2_transport + + [A] _Z28grpc_client_idle_filter_initv + + [A] _Z28grpc_lb_policy_priority_initv + + [A] _Z28grpc_metadata_batch_add_tailP19grpc_metadata_batchP18grpc_linked_mdelem11grpc_mdelem34grpc_metadata_batch_callouts_index + + [A] _Z28grpc_slice_from_moved_bufferSt10unique_ptrIcN9grpc_core17DefaultDeleteCharEEm + + [A] _Z28grpc_slice_from_moved_stringSt10unique_ptrIcN9grpc_core17DefaultDeleteCharEE + + [A] _Z29grpc_channel_args_find_stringPK17grpc_channel_argsPKc + + [A] _Z29grpc_channel_destroy_internalP12grpc_channel + + [A] _Z29grpc_init_static_metadata_ctxv + + [A] _Z29grpc_metadata_batch_assert_okP19grpc_metadata_batch + + [A] _Z29grpc_metadata_batch_link_headP19grpc_metadata_batchP18grpc_linked_mdelem34grpc_metadata_batch_callouts_index + + [A] _Z29grpc_metadata_batch_link_tailP19grpc_metadata_batchP18grpc_linked_mdelem34grpc_metadata_batch_callouts_index + + [A] _Z30grpc_channel_args_find_integerPK17grpc_channel_argsPKc20grpc_integer_options + + [A] _Z31grpc_chttp2_add_incoming_goawayP21grpc_chttp2_transportjjRK10grpc_slice + + [A] _Z31grpc_chttp2_retry_initiate_pingPvP10grpc_error + + [A] _Z31grpc_lb_policy_xds_routing_initv + + [A] _Z32grpc_client_idle_filter_shutdownv + + [A] _Z32grpc_destroy_static_metadata_ctxv + + [A] _Z32grpc_lb_policy_priority_shutdownv + + [A] _Z33grpc_apply_socket_mutator_in_argsiPK17grpc_channel_args + + [A] _Z33grpc_ares_ev_driver_create_lockedPP19grpc_ares_ev_driverP16grpc_pollset_setiSt10shared_ptrIN9grpc_core14WorkSerializerEEP17grpc_ares_request + + [A] _Z33grpc_base64_estimate_encoded_sizemi + + [A] _Z35grpc_lb_policy_weighted_target_initv + + [A] _Z35grpc_lb_policy_xds_routing_shutdownv + + [A] _Z36grpc_get_reffed_status_elem_slowpathi + + [A] _Z36grpc_iomgr_mark_non_polling_internalv + + [A] _Z37grpc_cycle_counter_to_millis_round_upd + + [A] _Z37grpc_sockaddr_to_uri_unix_if_possibleB5cxx11PK21grpc_resolved_address + + [A] _Z37grpc_transport_stream_op_batch_stringB5cxx11P30grpc_transport_stream_op_batch + + [A] _Z38grpc_chttp2_hptbl_lookup_dynamic_indexPK17grpc_chttp2_hptblj + + [A] _Z39grpc_cares_wrapper_address_sorting_sortPK17grpc_ares_requestPN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaIS6_EEE + + [A] _Z39grpc_cycle_counter_to_millis_round_downd + + [A] _Z39grpc_lb_policy_weighted_target_shutdownv + + [A] _Z39grpc_tcp_client_create_from_prepared_fdP16grpc_pollset_setP12grpc_closureiPK17grpc_channel_argsPK21grpc_resolved_addresslPP13grpc_endpoint + + [A] _Z39grpc_timer_manager_get_wakeups_testonlyv + + [A] _Z40grpc_chttp2_add_rst_stream_to_next_writeP21grpc_chttp2_transportjjP28grpc_transport_one_way_stats + + [A] _Z40grpc_deframe_unprocessed_incoming_framesP23grpc_chttp2_data_parserP18grpc_chttp2_streamP17grpc_slice_bufferP10grpc_slicePSt10unique_ptrIN9grpc_core10ByteStreamENS8_16OrphanableDeleteEE + + [A] _Z42grpc_chttp2_hptbl_lookup_ref_dynamic_indexPK17grpc_chttp2_hptblj + + [A] _Z43grpc_client_channel_stop_connectivity_watchP20grpc_channel_elementPN9grpc_core38AsyncConnectivityStateWatcherInterfaceE + + [A] _Z43grpc_service_config_channel_arg_filter_initv + + [A] _Z44grpc_client_channel_start_connectivity_watchP20grpc_channel_element23grpc_connectivity_stateSt10unique_ptrIN9grpc_core38AsyncConnectivityStateWatcherInterfaceENS3_16OrphanableDeleteEE + + [A] _Z47grpc_service_config_channel_arg_filter_shutdownv + + [A] _Z53grpc_channel_args_get_client_channel_creation_mutatorv + + [A] _Z53grpc_channel_args_set_client_channel_creation_mutatorPFP17grpc_channel_argsPKcS0_23grpc_channel_stack_typeE + + [A] _Z59grpc_channel_args_get_channel_default_compression_algorithmPK17grpc_channel_args + + [A] _Z59grpc_channel_args_set_channel_default_compression_algorithmP17grpc_channel_args26grpc_compression_algorithm + + [A] _Z74grpc_dns_lookup_ares_continue_after_check_localhost_and_ip_literals_lockedP17grpc_ares_requestPKcS2_S2_P16grpc_pollset_setiSt10shared_ptrIN9grpc_core14WorkSerializerEE + + [A] _Z8tcp_sendiPK6msghdri + + [A] _ZN15GrpcUdpListener14StartListeningEPKSt6vectorIP12grpc_pollsetSaIS2_EEP21GrpcUdpHandlerFactory + + [A] _ZN19grpc_slice_refcount5UnrefEv + + [A] _ZN4absl14lts_2020_02_2511make_uniqueIN3re23RE2EJRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEEENS0_15memory_internal16MakeUniqueResultIT_E6scalarEDpOT0_ + + [A] _ZN4absl14lts_2020_02_2511make_uniqueIN9grpc_core12XdsBootstrap4NodeEJEEENS0_15memory_internal16MakeUniqueResultIT_E6scalarEDpOT0_ + + [A] _ZN4absl14lts_2020_02_2511make_uniqueIN9grpc_core19LoadBalancingPolicy11QueuePickerEJNS2_13RefCountedPtrIS3_EEEEENS0_15memory_internal16MakeUniqueResultIT_E6scalarEDpOT0_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core12XdsBootstrap12ChannelCredsELm1ESaIS4_EEC1EOS6_, aliases _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core12XdsBootstrap12ChannelCredsELm1ESaIS4_EEC2EOS6_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core12XdsBootstrap12ChannelCredsELm1ESaIS4_EEC2EOS6_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaIS3_EEC1EOS5_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaIS3_EEC2EOS5_, aliases _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaIS3_EEC1EOS5_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS5_EEC1EOS7_, aliases _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS5_EEC2EOS7_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS5_EEC2EOS7_ + + [A] _ZN4absl14lts_2020_02_2516strings_internal13JoinAlgorithmIN9__gnu_cxx17__normal_iteratorIPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt6vectorISA_SaISA_EEEEvEESA_T_SH_NS0_11string_viewENS1_11NoFormatterE + + [A] _ZN4absl14lts_2020_02_2516strings_internal13JoinAlgorithmISt23_Rb_tree_const_iteratorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEvEES9_T_SB_NS0_11string_viewENS1_11NoFormatterE + + [A] _ZN4absl14lts_2020_02_2516strings_internal9JoinRangeINS0_13InlinedVectorINS0_11string_viewELm1ESaIS4_EEEEENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKT_S4_ + + [A] _ZN4absl14lts_2020_02_2517optional_internal13optional_dataIN9grpc_core6XdsApi9RdsUpdateELb0EEC1EOS6_, aliases _ZN4absl14lts_2020_02_2517optional_internal13optional_dataIN9grpc_core6XdsApi9RdsUpdateELb0EEC2EOS6_ + + [A] _ZN4absl14lts_2020_02_2517optional_internal13optional_dataIN9grpc_core6XdsApi9RdsUpdateELb0EEC2EOS6_ + + [A] _ZN4absl14lts_2020_02_2517optional_internal13optional_dataINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEELb0EEC1EOS9_ + + [A] _ZN4absl14lts_2020_02_2517optional_internal13optional_dataINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEELb0EEC2EOS9_, aliases _ZN4absl14lts_2020_02_2517optional_internal13optional_dataINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEELb0EEC1EOS9_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI15GrpcUdpListenerLm16ESaIS3_EE11EmplaceBackIJRP15grpc_udp_serverRiRPK21grpc_resolved_addressEEERS3_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm1ESaIS3_EE11EmplaceBackIJS3_EEERS3_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm2ESaIS3_EE11EmplaceBackIJS3_EEERS3_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm2ESaIS3_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm2ESaIS3_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm2ESaIS3_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm3ESaIS3_EE11EmplaceBackIJRS3_EEES7_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm3ESaIS3_EE11EmplaceBackIJS3_EEERS3_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm3ESaIS3_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm3ESaIS3_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm3ESaIS3_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core12XdsBootstrap12ChannelCredsELm1ESaIS5_EE11EmplaceBackIJS5_EEERS5_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core12XdsBootstrap9XdsServerELm1ESaIS5_EE11EmplaceBackIJEEERS5_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_10HandshakerEEELm2ESaIS6_EE11EmplaceBackIJS6_EEERS6_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_19SubchannelInterfaceEEELm10ESaIS6_EE11EmplaceBackIJS6_EEERS6_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_8channelz8BaseNodeEEELm10ESaIS7_EE11EmplaceBackIJRPS6_EEERS7_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_8channelz8BaseNodeEEELm10ESaIS7_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_8channelz8BaseNodeEEELm10ESaIS7_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_8channelz8BaseNodeEEELm10ESaIS7_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE10InitializeINS1_20IteratorValueAdapterIS5_PKS4_EEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE11EmplaceBackIJPA128_cRjDnEEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE11EmplaceBackIJR21grpc_resolved_addressDnEEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE11EmplaceBackIJRK21grpc_resolved_addressRP17grpc_channel_argsEEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE11EmplaceBackIJRS4_EEES8_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE6AssignINS1_20IteratorValueAdapterIS5_PKS4_EEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE6AssignINS1_20IteratorValueAdapterIS5_St13move_iteratorIPS4_EEEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EED2Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core17GrpcLbClientStats14DropTokenCountELm10ESaIS5_EE11EmplaceBackIJSt10unique_ptrIcNS3_17DefaultDeleteCharEEiEEERS5_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core23CallCombinerClosureList19CallCombinerClosureELm6ESaIS5_EE11EmplaceBackIJRP12grpc_closureRP10grpc_errorRPKcEEERS5_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core23CallCombinerClosureList19CallCombinerClosureELm6ESaIS5_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core23CallCombinerClosureList19CallCombinerClosureELm6ESaIS5_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core23CallCombinerClosureList19CallCombinerClosureELm6ESaIS5_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi10DropConfig12DropCategoryELm2ESaIS6_EE11EmplaceBackIJS6_EEERS6_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS6_EE6AssignINS1_20IteratorValueAdapterIS7_St13move_iteratorIPS6_EEEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS6_EE6ResizeINS1_19DefaultValueAdapterIS7_EEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS6_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS6_EED2Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS6_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core8channelz18CallCountingHelper17AtomicCounterDataELm1ESaIS6_EE11EmplaceBackIJEEERS6_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core8channelz18CallCountingHelper17AtomicCounterDataELm1ESaIS6_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core8channelz18CallCountingHelper17AtomicCounterDataELm1ESaIS6_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core8channelz18CallCountingHelper17AtomicCounterDataELm1ESaIS6_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageINS0_11string_viewELm1ESaIS3_EE11EmplaceBackIJRKS3_EEERS3_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIP10grpc_errorLm4ESaIS4_EE11EmplaceBackIJS4_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIPKcLm1ESaIS4_EE11EmplaceBackIJS4_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIPKcLm3ESaIS4_EE11EmplaceBackIJS4_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIPN9grpc_core15ByteStreamCacheELm3ESaIS5_EE11EmplaceBackIJRKS5_EEERS5_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core15ResolverFactoryESt14default_deleteIS5_EELm10ESaIS8_EE11EmplaceBackIJS8_EEERS8_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core17HandshakerFactoryESt14default_deleteIS5_EELm2ESaIS8_EE11EmplaceBackIJS8_EEERS8_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS6_EELm4ESaIS9_EE11EmplaceBackIJS9_EEERS9_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS6_EELm4ESaIS9_EE6AssignINS1_20IteratorValueAdapterISA_St13move_iteratorIPS9_EEEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS6_EELm4ESaIS9_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS6_EELm4ESaIS9_EED2Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS6_EELm4ESaIS9_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser6ParserESt14default_deleteIS6_EELm4ESaIS9_EE11EmplaceBackIJS9_EEERS9_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core26LoadBalancingPolicyFactoryESt14default_deleteIS5_EELm10ESaIS8_EE11EmplaceBackIJS8_EEERS8_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrINS0_13InlinedVectorIS3_IN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS7_EELm4ESaISA_EEES8_ISC_EELm32ESaISE_EE11EmplaceBackIJSE_EEERSE_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIiLm1ESaIiEE11EmplaceBackIJRKiEEERiDpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIiLm1ESaIiEED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIiLm1ESaIiEED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIiLm1ESaIiEED2Ev + + [A] _ZN4absl14lts_2020_02_25eqIN9grpc_core6XdsApi9RdsUpdateES4_EEDTcl19convertible_to_booleqdefp_defp0_EERKNS0_8optionalIT_EERKNS6_IT0_EE + + [A] _ZN4grpc12experimental17LibuvEventManager10ShouldStopEv + + [A] _ZN4grpc12experimental17LibuvEventManager11ShutdownRefEv + + [A] _ZN4grpc12experimental17LibuvEventManager13RunWorkerLoopEv + + [A] _ZN4grpc12experimental17LibuvEventManager13ShutdownUnrefEv + + [A] _ZN4grpc12experimental17LibuvEventManager7OptionsC1Ei + + [A] _ZN4grpc12experimental17LibuvEventManager7OptionsC1Ev + + [A] _ZN4grpc12experimental17LibuvEventManager7OptionsC2Ei, aliases _ZN4grpc12experimental17LibuvEventManager7OptionsC1Ei + + [A] _ZN4grpc12experimental17LibuvEventManager7OptionsC2Ev, aliases _ZN4grpc12experimental17LibuvEventManager7OptionsC1Ev + + [A] _ZN4grpc12experimental17LibuvEventManager8ShutdownEv + + [A] _ZN4grpc12experimental17LibuvEventManagerC1ERKNS1_7OptionsE + + [A] _ZN4grpc12experimental17LibuvEventManagerC2ERKNS1_7OptionsE, aliases _ZN4grpc12experimental17LibuvEventManagerC1ERKNS1_7OptionsE + + [A] _ZN4grpc12experimental17LibuvEventManagerD0Ev + + [A] _ZN4grpc12experimental17LibuvEventManagerD1Ev + + [A] _ZN4grpc12experimental17LibuvEventManagerD2Ev, aliases _ZN4grpc12experimental17LibuvEventManagerD1Ev + + [A] _ZN9__gnu_cxx12__to_xstringINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEcEET_PFiPT0_mPKS8_St9__va_listEmSB_z + + [A] _ZN9grpc_core10RefCountedINS_10HandshakerENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_10Subchannel33ConnectivityStateWatcherInterfaceENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_13ServiceConfigENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_14ConfigSelectorENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_15XdsLocalityNameENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_16HandshakeManagerENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_17GrpcLbClientStatsENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_19ConnectedSubchannelENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_19LoadBalancingPolicy6ConfigENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_19SubchannelInterfaceENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_19XdsClusterDropStatsENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_23SubchannelPoolInterfaceENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_23XdsClusterLocalityStatsENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_29FakeResolverResponseGeneratorENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_6XdsApi10DropConfigENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_8channelz8BaseNodeENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_8internal23ServerRetryThrottleDataENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcher25OnConnectivityStateChangeE23grpc_connectivity_state + + [A] _ZN9grpc_core10Subchannel16HealthWatcherMap16AddWatcherLockedEPS0_23grpc_connectivity_stateSt10unique_ptrIcNS_17DefaultDeleteCharEENS_13RefCountedPtrINS0_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZN9grpc_core10Subchannel16HealthWatcherMap19RemoveWatcherLockedEPKcPNS0_33ConnectivityStateWatcherInterfaceE + + [A] _ZN9grpc_core10Subchannel22WatchConnectivityStateE23grpc_connectivity_stateSt10unique_ptrIcNS_17DefaultDeleteCharEENS_13RefCountedPtrINS0_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZN9grpc_core10Subchannel28CancelConnectivityStateWatchEPKcPNS0_33ConnectivityStateWatcherInterfaceE + + [A] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherList16AddWatcherLockedENS_13RefCountedPtrINS0_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherList19RemoveWatcherLockedEPNS0_33ConnectivityStateWatcherInterfaceE + + [A] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherListD1Ev + + [A] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherListD2Ev, aliases _ZN9grpc_core10Subchannel28ConnectivityStateWatcherListD1Ev + + [A] _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcher25OnConnectivityStateChangeE23grpc_connectivity_state + + [A] _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherD0Ev + + [A] _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherD1Ev + + [A] _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherD2Ev, aliases _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherD1Ev + + [A] _ZN9grpc_core10Subchannel33ConnectivityStateWatcherInterface26PopConnectivityStateChangeEv + + [A] _ZN9grpc_core10Subchannel33ConnectivityStateWatcherInterface27PushConnectivityStateChangeENS1_23ConnectivityStateChangeE + + [A] _ZN9grpc_core10Subchannel3RefEPKciS2_ + + [A] _ZN9grpc_core10Subchannel5UnrefEPKciS2_ + + [A] _ZN9grpc_core10Subchannel6CreateESt10unique_ptrINS_19SubchannelConnectorENS_16OrphanableDeleteEEPK17grpc_channel_args + + [A] _ZN9grpc_core10Subchannel7WeakRefEPKciS2_ + + [A] _ZN9grpc_core10Subchannel9RefMutateEliPKciS2_S2_ + + [A] _ZN9grpc_core10Subchannel9WeakUnrefEPKciS2_ + + [A] _ZN9grpc_core10SubchannelC1EPNS_13SubchannelKeyESt10unique_ptrINS_19SubchannelConnectorENS_16OrphanableDeleteEEPK17grpc_channel_args + + [A] _ZN9grpc_core10SubchannelC2EPNS_13SubchannelKeyESt10unique_ptrINS_19SubchannelConnectorENS_16OrphanableDeleteEEPK17grpc_channel_args, aliases _ZN9grpc_core10SubchannelC1EPNS_13SubchannelKeyESt10unique_ptrINS_19SubchannelConnectorENS_16OrphanableDeleteEEPK17grpc_channel_args + + [A] _ZN9grpc_core10ThreadPool16DefaultStackSizeEv + + [A] _ZN9grpc_core10ThreadPool24AssertHasNotBeenShutDownEv + + [A] _ZN9grpc_core10ThreadPool27SharedThreadPoolConstructorEv + + [A] _ZN9grpc_core10ThreadPool3AddEP42grpc_experimental_completion_queue_functor + + [A] _ZN9grpc_core10ThreadPoolC1Ei + + [A] _ZN9grpc_core10ThreadPoolC1EiPKc, aliases _ZN9grpc_core10ThreadPoolC2EiPKc + + [A] _ZN9grpc_core10ThreadPoolC1EiPKcRKNS_6Thread7OptionsE, aliases _ZN9grpc_core10ThreadPoolC2EiPKcRKNS_6Thread7OptionsE + + [A] _ZN9grpc_core10ThreadPoolC2Ei, aliases _ZN9grpc_core10ThreadPoolC1Ei + + [A] _ZN9grpc_core10ThreadPoolC2EiPKc + + [A] _ZN9grpc_core10ThreadPoolC2EiPKcRKNS_6Thread7OptionsE + + [A] _ZN9grpc_core10ThreadPoolD0Ev + + [A] _ZN9grpc_core10ThreadPoolD1Ev, aliases _ZN9grpc_core10ThreadPoolD2Ev + + [A] _ZN9grpc_core10ThreadPoolD2Ev + + [A] _ZN9grpc_core12CallCombiner4StopEPKciS2_ + + [A] _ZN9grpc_core12CallCombiner5StartEP12grpc_closureP10grpc_errorPKciS6_ + + [A] _ZN9grpc_core12FakeResolver24ReturnReresolutionResultEv + + [A] _ZN9grpc_core12ResolverArgsD1Ev + + [A] _ZN9grpc_core12ResolverArgsD2Ev, aliases _ZN9grpc_core12ResolverArgsD1Ev + + [A] _ZN9grpc_core12XdsBootstrap12ReadFromFileEPNS_9XdsClientEPNS_9TraceFlagEPP10grpc_error + + [A] _ZN9grpc_core12XdsBootstrap13ParseLocalityEPNS_4JsonE + + [A] _ZN9grpc_core12XdsBootstrap14ParseXdsServerEPNS_4JsonEm + + [A] _ZN9grpc_core12XdsBootstrap17ParseChannelCredsEPNS_4JsonEmPNS0_9XdsServerE + + [A] _ZN9grpc_core12XdsBootstrap18ParseXdsServerListEPNS_4JsonE + + [A] _ZN9grpc_core12XdsBootstrap22ParseChannelCredsArrayEPNS_4JsonEPNS0_9XdsServerE + + [A] _ZN9grpc_core12XdsBootstrap9ParseNodeEPNS_4JsonE + + [A] _ZN9grpc_core12XdsBootstrapC1ENS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core12XdsBootstrapC2ENS_4JsonEPP10grpc_error, aliases _ZN9grpc_core12XdsBootstrapC1ENS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core13InternedSliceC1EPNS_21InternedSliceRefcountE + + [A] _ZN9grpc_core13InternedSliceC2EPNS_21InternedSliceRefcountE, aliases _ZN9grpc_core13InternedSliceC1EPNS_21InternedSliceRefcountE + + [A] _ZN9grpc_core13ServiceConfig19ParseJsonMethodNameB5cxx11ERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core13ServiceConfig20ParsePerMethodParamsEv + + [A] _ZN9grpc_core13ServiceConfig21ParseJsonMethodConfigERKNS_4JsonE + + [A] _ZN9grpc_core13ServiceConfig6CreateEN4absl14lts_2020_02_2511string_viewEPP10grpc_error + + [A] _ZN9grpc_core13ServiceConfigC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_4JsonEPP10grpc_error, aliases _ZN9grpc_core13ServiceConfigC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core13ServiceConfigC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core14ConfigSelector10CallConfigD1Ev, aliases _ZN9grpc_core14ConfigSelector10CallConfigD2Ev + + [A] _ZN9grpc_core14ConfigSelector10CallConfigD2Ev + + [A] _ZN9grpc_core14ConfigSelector18GetFromChannelArgsERK17grpc_channel_args + + [A] _ZN9grpc_core14RegisteredCallC1EOS0_, aliases _ZN9grpc_core14RegisteredCallC2EOS0_ + + [A] _ZN9grpc_core14RegisteredCallC1EPKcS2_, aliases _ZN9grpc_core14RegisteredCallC2EPKcS2_ + + [A] _ZN9grpc_core14RegisteredCallC1ERKS0_ + + [A] _ZN9grpc_core14RegisteredCallC2EOS0_ + + [A] _ZN9grpc_core14RegisteredCallC2EPKcS2_ + + [A] _ZN9grpc_core14RegisteredCallC2ERKS0_, aliases _ZN9grpc_core14RegisteredCallC1ERKS0_ + + [A] _ZN9grpc_core14RegisteredCallD1Ev + + [A] _ZN9grpc_core14RegisteredCallD2Ev, aliases _ZN9grpc_core14RegisteredCallD1Ev + + [A] _ZN9grpc_core14SubchannelCall6CreateENS0_4ArgsEPP10grpc_error + + [A] _ZN9grpc_core14SubchannelCallC1ENS0_4ArgsEPP10grpc_error + + [A] _ZN9grpc_core14SubchannelCallC2ENS0_4ArgsEPP10grpc_error, aliases _ZN9grpc_core14SubchannelCallC1ENS0_4ArgsEPP10grpc_error + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImpl10DrainQueueEv + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImpl3RunESt8functionIFvvEERKNS_13DebugLocationE + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImpl6OrphanEv + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImplD0Ev + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImplD1Ev + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImplD2Ev, aliases _ZN9grpc_core14WorkSerializer18WorkSerializerImplD1Ev + + [A] _ZN9grpc_core14WorkSerializer3RunESt8functionIFvvEERKNS_13DebugLocationE + + [A] _ZN9grpc_core14WorkSerializerC1Ev, aliases _ZN9grpc_core14WorkSerializerC2Ev + + [A] _ZN9grpc_core14WorkSerializerC2Ev + + [A] _ZN9grpc_core14WorkSerializerD1Ev + + [A] _ZN9grpc_core14WorkSerializerD2Ev, aliases _ZN9grpc_core14WorkSerializerD1Ev + + [A] _ZN9grpc_core15ByteStreamCacheC1ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteEE + + [A] _ZN9grpc_core15ByteStreamCacheC2ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteEE, aliases _ZN9grpc_core15ByteStreamCacheC1ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteEE + + [A] _ZN9grpc_core15Chttp2Connector15OnHandshakeDoneEPvP10grpc_error + + [A] _ZN9grpc_core15Chttp2Connector20StartHandshakeLockedEv + + [A] _ZN9grpc_core15Chttp2Connector7ConnectERKNS_19SubchannelConnector4ArgsEPNS1_6ResultEP12grpc_closure + + [A] _ZN9grpc_core15Chttp2Connector8ShutdownEP10grpc_error + + [A] _ZN9grpc_core15Chttp2Connector9ConnectedEPvP10grpc_error + + [A] _ZN9grpc_core15Chttp2ConnectorC1Ev + + [A] _ZN9grpc_core15Chttp2ConnectorC2Ev, aliases _ZN9grpc_core15Chttp2ConnectorC1Ev + + [A] _ZN9grpc_core15Chttp2ConnectorD0Ev + + [A] _ZN9grpc_core15Chttp2ConnectorD1Ev, aliases _ZN9grpc_core15Chttp2ConnectorD2Ev + + [A] _ZN9grpc_core15Chttp2ConnectorD2Ev + + [A] _ZN9grpc_core15InfLenFIFOQueue10PushWaiterEPNS0_6WaiterE + + [A] _ZN9grpc_core15InfLenFIFOQueue12RemoveWaiterEPNS0_6WaiterE + + [A] _ZN9grpc_core15InfLenFIFOQueue13AllocateNodesEi + + [A] _ZN9grpc_core15InfLenFIFOQueue3GetEP12gpr_timespec + + [A] _ZN9grpc_core15InfLenFIFOQueue3PutEPv + + [A] _ZN9grpc_core15InfLenFIFOQueue9TopWaiterEv + + [A] _ZN9grpc_core15InfLenFIFOQueueC1Ev + + [A] _ZN9grpc_core15InfLenFIFOQueueC2Ev, aliases _ZN9grpc_core15InfLenFIFOQueueC1Ev + + [A] _ZN9grpc_core15InfLenFIFOQueueD0Ev + + [A] _ZN9grpc_core15InfLenFIFOQueueD1Ev, aliases _ZN9grpc_core15InfLenFIFOQueueD2Ev + + [A] _ZN9grpc_core15InfLenFIFOQueueD2Ev + + [A] _ZN9grpc_core15XdsLocalityNameD0Ev + + [A] _ZN9grpc_core15XdsLocalityNameD1Ev, aliases _ZN9grpc_core15XdsLocalityNameD2Ev + + [A] _ZN9grpc_core15XdsLocalityNameD2Ev + + [A] _ZN9grpc_core16CreateXdsChannelERKNS_12XdsBootstrapERK17grpc_channel_argsPP10grpc_error + + [A] _ZN9grpc_core16InternedMetadataC1ERK10grpc_sliceS3_jPS0_PKNS0_8NoRefKeyE, aliases _ZN9grpc_core16InternedMetadataC2ERK10grpc_sliceS3_jPS0_PKNS0_8NoRefKeyE + + [A] _ZN9grpc_core16InternedMetadataC2ERK10grpc_sliceS3_jPS0_PKNS0_8NoRefKeyE + + [A] _ZN9grpc_core16RefcountedMdBase12TraceAtStartEPKc + + [A] _ZN9grpc_core16ResolverRegistry13IsValidTargetEPKc + + [A] _ZN9grpc_core16ResolverRegistry14CreateResolverEPKcPK17grpc_channel_argsP16grpc_pollset_setSt10shared_ptrINS_14WorkSerializerEESt10unique_ptrINS_8Resolver13ResultHandlerESt14default_deleteISD_EE + + [A] _ZN9grpc_core16ResolverRegistry7Builder23RegisterResolverFactoryESt10unique_ptrINS_15ResolverFactoryESt14default_deleteIS3_EE + + [A] _ZN9grpc_core16ThreadPoolWorker3RunEv + + [A] _ZN9grpc_core17AllocatedMetadataC1ERK10grpc_sliceS3_PKNS0_8NoRefKeyE + + [A] _ZN9grpc_core17AllocatedMetadataC1ERKNS_18ManagedMemorySliceERKNS_20UnmanagedMemorySliceE + + [A] _ZN9grpc_core17AllocatedMetadataC1ERKNS_22ExternallyManagedSliceERKNS_20UnmanagedMemorySliceE + + [A] _ZN9grpc_core17AllocatedMetadataC2ERK10grpc_sliceS3_PKNS0_8NoRefKeyE, aliases _ZN9grpc_core17AllocatedMetadataC1ERK10grpc_sliceS3_PKNS0_8NoRefKeyE + + [A] _ZN9grpc_core17AllocatedMetadataC2ERKNS_18ManagedMemorySliceERKNS_20UnmanagedMemorySliceE, aliases _ZN9grpc_core17AllocatedMetadataC1ERKNS_18ManagedMemorySliceERKNS_20UnmanagedMemorySliceE + + [A] _ZN9grpc_core17AllocatedMetadataC2ERKNS_22ExternallyManagedSliceERKNS_20UnmanagedMemorySliceE, aliases _ZN9grpc_core17AllocatedMetadataC1ERKNS_22ExternallyManagedSliceERKNS_20UnmanagedMemorySliceE + + [A] _ZN9grpc_core17GrpcLbClientStats3GetEPlS1_S1_S1_PSt10unique_ptrIN4absl14lts_2020_02_2513InlinedVectorINS0_14DropTokenCountELm10ESaIS6_EEESt14default_deleteIS8_EE + + [A] _ZN9grpc_core17HealthCheckClient15SetHealthStatusE23grpc_connectivity_statePKc + + [A] _ZN9grpc_core17HealthCheckClient21SetHealthStatusLockedE23grpc_connectivity_statePKc + + [A] _ZN9grpc_core17HealthCheckClient21StartRetryTimerLockedEv + + [A] _ZN9grpc_core17HealthCheckClient9CallState15CallEndedLockedEb + + [A] _ZN9grpc_core17HealthCheckClientC1EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEENS3_INS_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZN9grpc_core17HealthCheckClientC2EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEENS3_INS_33ConnectivityStateWatcherInterfaceEEE, aliases _ZN9grpc_core17HealthCheckClientC1EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEENS3_INS_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZN9grpc_core17MessageSizeParser20ParsePerMethodParamsERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core18ChildPolicyHandler12UpdateLockedENS_19LoadBalancingPolicy10UpdateArgsE + + [A] _ZN9grpc_core18ChildPolicyHandler14ExitIdleLockedEv + + [A] _ZN9grpc_core18ChildPolicyHandler14ShutdownLockedEv + + [A] _ZN9grpc_core18ChildPolicyHandler17CreateChildPolicyEPKcRK17grpc_channel_args + + [A] _ZN9grpc_core18ChildPolicyHandler18ResetBackoffLockedEv + + [A] _ZN9grpc_core18ChildPolicyHandler6Helper11UpdateStateE23grpc_connectivity_stateSt10unique_ptrINS_19LoadBalancingPolicy16SubchannelPickerESt14default_deleteIS5_EE + + [A] _ZN9grpc_core18ChildPolicyHandler6Helper13AddTraceEventENS_19LoadBalancingPolicy20ChannelControlHelper13TraceSeverityEN4absl14lts_2020_02_2511string_viewE + + [A] _ZN9grpc_core18ChildPolicyHandler6Helper16CreateSubchannelERK17grpc_channel_args + + [A] _ZN9grpc_core18ChildPolicyHandler6Helper19RequestReresolutionEv + + [A] _ZN9grpc_core18ChildPolicyHandler6HelperD0Ev + + [A] _ZN9grpc_core18ChildPolicyHandler6HelperD1Ev + + [A] _ZN9grpc_core18ChildPolicyHandler6HelperD2Ev, aliases _ZN9grpc_core18ChildPolicyHandler6HelperD1Ev + + [A] _ZN9grpc_core18ChildPolicyHandlerD0Ev + + [A] _ZN9grpc_core18ChildPolicyHandlerD1Ev, aliases _ZN9grpc_core18ChildPolicyHandlerD2Ev + + [A] _ZN9grpc_core18ChildPolicyHandlerD2Ev + + [A] _ZN9grpc_core18HandshakerRegistry25RegisterHandshakerFactoryEbNS_14HandshakerTypeESt10unique_ptrINS_17HandshakerFactoryESt14default_deleteIS3_EE + + [A] _ZN9grpc_core18ManagedMemorySliceC1EPK10grpc_slice, aliases _ZN9grpc_core18ManagedMemorySliceC2EPK10grpc_slice + + [A] _ZN9grpc_core18ManagedMemorySliceC1EPKc, aliases _ZN9grpc_core18ManagedMemorySliceC2EPKc + + [A] _ZN9grpc_core18ManagedMemorySliceC1EPKcm, aliases _ZN9grpc_core18ManagedMemorySliceC2EPKcm + + [A] _ZN9grpc_core18ManagedMemorySliceC2EPK10grpc_slice + + [A] _ZN9grpc_core18ManagedMemorySliceC2EPKc + + [A] _ZN9grpc_core18ManagedMemorySliceC2EPKcm + + [A] _ZN9grpc_core19Chttp2ServerAddPortEP11grpc_serverPKcP17grpc_channel_argsPi + + [A] _ZN9grpc_core19ConnectedSubchannel10StartWatchEP16grpc_pollset_setSt10unique_ptrINS_33ConnectivityStateWatcherInterfaceENS_16OrphanableDeleteEE + + [A] _ZN9grpc_core19ConnectedSubchannelC1EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEE + + [A] _ZN9grpc_core19ConnectedSubchannelC2EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEE, aliases _ZN9grpc_core19ConnectedSubchannelC1EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEE + + [A] _ZN9grpc_core19ConnectivityWatcher25OnConnectivityStateChangeE23grpc_connectivity_state + + [A] _ZN9grpc_core19ConnectivityWatcherD0Ev + + [A] _ZN9grpc_core19ConnectivityWatcherD1Ev + + [A] _ZN9grpc_core19ConnectivityWatcherD2Ev, aliases _ZN9grpc_core19ConnectivityWatcherD1Ev + + [A] _ZN9grpc_core19GrpcLbRequestCreateEPKcP9upb_arena + + [A] _ZN9grpc_core19GrpcLbResponseParseERK10grpc_sliceP9upb_arenaPNS_14GrpcLbResponseE + + [A] _ZN9grpc_core19LoadBalancingPolicy10PickResultD1Ev, aliases _ZN9grpc_core19LoadBalancingPolicy10PickResultD2Ev + + [A] _ZN9grpc_core19LoadBalancingPolicy10PickResultD2Ev + + [A] _ZN9grpc_core19LoadBalancingPolicy10UpdateArgsD1Ev, aliases _ZN9grpc_core19LoadBalancingPolicy10UpdateArgsD2Ev + + [A] _ZN9grpc_core19LoadBalancingPolicy10UpdateArgsD2Ev + + [A] _ZN9grpc_core19LoadBalancingPolicy4ArgsD1Ev, aliases _ZN9grpc_core19LoadBalancingPolicy4ArgsD2Ev + + [A] _ZN9grpc_core19LoadBalancingPolicy4ArgsD2Ev + + [A] _ZN9grpc_core19ProxyMapperRegistry10MapAddressERK21grpc_resolved_addressPK17grpc_channel_argsPPS1_PPS4_ + + [A] _ZN9grpc_core19ProxyMapperRegistry4InitEv + + [A] _ZN9grpc_core19ProxyMapperRegistry7MapNameEPKcPK17grpc_channel_argsPPcPPS3_ + + [A] _ZN9grpc_core19ProxyMapperRegistry8RegisterEbSt10unique_ptrINS_20ProxyMapperInterfaceESt14default_deleteIS2_EE + + [A] _ZN9grpc_core19ProxyMapperRegistry8ShutdownEv + + [A] _ZN9grpc_core19ServiceConfigParser12ParsedConfigD0Ev + + [A] _ZN9grpc_core19ServiceConfigParser12ParsedConfigD1Ev, aliases _ZN9grpc_core19ServiceConfigParser12ParsedConfigD2Ev + + [A] _ZN9grpc_core19ServiceConfigParser12ParsedConfigD2Ev + + [A] _ZN9grpc_core19ServiceConfigParser14RegisterParserESt10unique_ptrINS0_6ParserESt14default_deleteIS2_EE + + [A] _ZN9grpc_core19ServiceConfigParser21ParseGlobalParametersERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core19ServiceConfigParser24ParsePerMethodParametersERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core19ServiceConfigParser4InitEv + + [A] _ZN9grpc_core19ServiceConfigParser6Parser17ParseGlobalParamsERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core19ServiceConfigParser6Parser20ParsePerMethodParamsERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core19ServiceConfigParser6ParserD0Ev + + [A] _ZN9grpc_core19ServiceConfigParser6ParserD1Ev, aliases _ZN9grpc_core19ServiceConfigParser6ParserD2Ev + + [A] _ZN9grpc_core19ServiceConfigParser6ParserD2Ev + + [A] _ZN9grpc_core19ServiceConfigParser8ShutdownEv + + [A] _ZN9grpc_core19SubchannelConnector6OrphanEv + + [A] _ZN9grpc_core19XdsClusterDropStats14AddCallDroppedERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core19XdsClusterDropStats19GetSnapshotAndResetB5cxx11Ev + + [A] _ZN9grpc_core19XdsClusterDropStatsC1ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_, aliases _ZN9grpc_core19XdsClusterDropStatsC2ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_ + + [A] _ZN9grpc_core19XdsClusterDropStatsC2ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_ + + [A] _ZN9grpc_core19XdsClusterDropStatsD0Ev + + [A] _ZN9grpc_core19XdsClusterDropStatsD1Ev, aliases _ZN9grpc_core19XdsClusterDropStatsD2Ev + + [A] _ZN9grpc_core19XdsClusterDropStatsD2Ev + + [A] _ZN9grpc_core20InternallyRefCountedINS_17HealthCheckClientEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_19LoadBalancingPolicyEE5UnrefERKNS_13DebugLocationEPKc + + [A] _ZN9grpc_core20InternallyRefCountedINS_19LoadBalancingPolicyEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_33ConnectivityStateWatcherInterfaceEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_8ResolverEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12LrsCallStateEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12AdsCallStateEEEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12LrsCallStateEEEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelStateEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_9XdsClientEE5UnrefEv + + [A] _ZN9grpc_core20ModifyXdsChannelArgsEP17grpc_channel_args + + [A] _ZN9grpc_core20UnmanagedMemorySlice8HeapInitEm + + [A] _ZN9grpc_core20UnmanagedMemorySliceC1EPKc + + [A] _ZN9grpc_core20UnmanagedMemorySliceC1EPKcm + + [A] _ZN9grpc_core20UnmanagedMemorySliceC1Em, aliases _ZN9grpc_core20UnmanagedMemorySliceC2Em + + [A] _ZN9grpc_core20UnmanagedMemorySliceC2EPKc, aliases _ZN9grpc_core20UnmanagedMemorySliceC1EPKc + + [A] _ZN9grpc_core20UnmanagedMemorySliceC2EPKcm, aliases _ZN9grpc_core20UnmanagedMemorySliceC1EPKcm + + [A] _ZN9grpc_core20UnmanagedMemorySliceC2Em + + [A] _ZN9grpc_core21ConnectivityStateNameE23grpc_connectivity_state + + [A] _ZN9grpc_core21DefaultConfigSelector13GetCallConfigENS_14ConfigSelector17GetCallConfigArgsE + + [A] _ZN9grpc_core21DefaultConfigSelectorD0Ev + + [A] _ZN9grpc_core21DefaultConfigSelectorD1Ev + + [A] _ZN9grpc_core21DefaultConfigSelectorD2Ev, aliases _ZN9grpc_core21DefaultConfigSelectorD1Ev + + [A] _ZN9grpc_core21ServiceConfigCallData7DestroyEPv + + [A] _ZN9grpc_core21TcpZerocopySendRecord12PopulateIovsEPmS1_S1_P5iovec + + [A] _ZN9grpc_core21TcpZerocopySendRecord24UpdateOffsetForBytesSentEmm + + [A] _ZN9grpc_core22NewGrpcPolledFdFactoryESt10shared_ptrINS_14WorkSerializerEE + + [A] _ZN9grpc_core22ParseBackendMetricDataERK10grpc_slicePNS_5ArenaE + + [A] _ZN9grpc_core23CallCombinerClosureList11RunClosuresEPNS_12CallCombinerE + + [A] _ZN9grpc_core23MakeHierarchicalPathArgERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS6_EE + + [A] _ZN9grpc_core23MessageSizeParsedConfig18GetFromCallContextEPK25grpc_call_context_element + + [A] _ZN9grpc_core23RegisterHttpProxyMapperEv + + [A] _ZN9grpc_core23XdsClusterLocalityStats14AddCallStartedEv + + [A] _ZN9grpc_core23XdsClusterLocalityStats15AddCallFinishedEb + + [A] _ZN9grpc_core23XdsClusterLocalityStats19GetSnapshotAndResetEv + + [A] _ZN9grpc_core23XdsClusterLocalityStatsC1ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_NS1_INS_15XdsLocalityNameEEE + + [A] _ZN9grpc_core23XdsClusterLocalityStatsC2ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_NS1_INS_15XdsLocalityNameEEE, aliases _ZN9grpc_core23XdsClusterLocalityStatsC1ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_NS1_INS_15XdsLocalityNameEEE + + [A] _ZN9grpc_core23XdsClusterLocalityStatsD0Ev + + [A] _ZN9grpc_core23XdsClusterLocalityStatsD1Ev, aliases _ZN9grpc_core23XdsClusterLocalityStatsD2Ev + + [A] _ZN9grpc_core23XdsClusterLocalityStatsD2Ev + + [A] _ZN9grpc_core24ConnectivityStateTracker10AddWatcherE23grpc_connectivity_stateSt10unique_ptrINS_33ConnectivityStateWatcherInterfaceENS_16OrphanableDeleteEE + + [A] _ZN9grpc_core24ConnectivityStateTracker13RemoveWatcherEPNS_33ConnectivityStateWatcherInterfaceE + + [A] _ZN9grpc_core24ConnectivityStateTracker8SetStateE23grpc_connectivity_statePKc + + [A] _ZN9grpc_core24ConnectivityStateTrackerD1Ev, aliases _ZN9grpc_core24ConnectivityStateTrackerD2Ev + + [A] _ZN9grpc_core24ConnectivityStateTrackerD2Ev + + [A] _ZN9grpc_core24GrpcPolledFdFactoryPosix21NewGrpcPolledFdLockedEiP16grpc_pollset_setSt10shared_ptrINS_14WorkSerializerEE + + [A] _ZN9grpc_core24StaticMetadataInitCanaryEv + + [A] _ZN9grpc_core25grpc_executor_global_initEv + + [A] _ZN9grpc_core26FakeResolverResponseSetter16SetFailureLockedEv + + [A] _ZN9grpc_core26FakeResolverResponseSetter17SetResponseLockedEv + + [A] _ZN9grpc_core26FakeResolverResponseSetter29SetReresolutionResponseLockedEv + + [A] _ZN9grpc_core26MakeHierarchicalAddressMapB5cxx11ERKN4absl14lts_2020_02_2513InlinedVectorINS_13ServerAddressELm1ESaIS3_EEE + + [A] _ZN9grpc_core27CreateGrpclbBalancerChannelEPKcRK17grpc_channel_args + + [A] _ZN9grpc_core27CreateGrpclbBalancerNameArgEPKc + + [A] _ZN9grpc_core27LoadBalancingPolicyRegistry24ParseLoadBalancingConfigERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core27LoadBalancingPolicyRegistry7Builder34RegisterLoadBalancingPolicyFactoryESt10unique_ptrINS_26LoadBalancingPolicyFactoryESt14default_deleteIS3_EE + + [A] _ZN9grpc_core27MovedCppStringSliceRefCount7DestroyEPv + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicy20CreateLbPolicyLockedERK17grpc_channel_args + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelper11UpdateStateE23grpc_connectivity_stateSt10unique_ptrINS_19LoadBalancingPolicy16SubchannelPickerESt14default_deleteIS5_EE + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelper13AddTraceEventENS_19LoadBalancingPolicy20ChannelControlHelper13TraceSeverityEN4absl14lts_2020_02_2511string_viewE + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicy28CreateOrUpdateLbPolicyLockedENS_13RefCountedPtrINS_19LoadBalancingPolicy6ConfigEEENS_8Resolver6ResultE + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicy44MaybeAddTraceMessagesForAddressChangesLockedEbPN4absl14lts_2020_02_2513InlinedVectorIPKcLm3ESaIS5_EEE + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicyC1ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_17DefaultDeleteCharEEPNS0_19ChannelConfigHelperE + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicyC2ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_17DefaultDeleteCharEEPNS0_19ChannelConfigHelperE, aliases _ZN9grpc_core28ResolvingLoadBalancingPolicyC1ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_17DefaultDeleteCharEEPNS0_19ChannelConfigHelperE + + [A] _ZN9grpc_core29FakeResolverResponseGenerator15SetFakeResolverENS_13RefCountedPtrINS_12FakeResolverEEE + + [A] _ZN9grpc_core29FakeResolverResponseGeneratorC1Ev, aliases _ZN9grpc_core29FakeResolverResponseGeneratorC2Ev + + [A] _ZN9grpc_core29FakeResolverResponseGeneratorC2Ev + + [A] _ZN9grpc_core29GetMaxRecvSizeFromChannelArgsEPK17grpc_channel_args + + [A] _ZN9grpc_core29GetMaxSendSizeFromChannelArgsEPK17grpc_channel_args + + [A] _ZN9grpc_core29GrpcLbLoadReportRequestCreateEllllPKN4absl14lts_2020_02_2513InlinedVectorINS_17GrpcLbClientStats14DropTokenCountELm10ESaIS4_EEEP9upb_arena + + [A] _ZN9grpc_core29SetServerBatchMethodAllocatorEP11grpc_serverP21grpc_completion_queueSt8functionIFNS_25ServerBatchCallAllocationEvEE + + [A] _ZN9grpc_core31ModifyGrpclbBalancerChannelArgsERKN4absl14lts_2020_02_2513InlinedVectorINS_13ServerAddressELm1ESaIS3_EEEP17grpc_channel_args + + [A] _ZN9grpc_core32CreateGrpclbBalancerAddressesArgEPKN4absl14lts_2020_02_2513InlinedVectorINS_13ServerAddressELm1ESaIS3_EEE + + [A] _ZN9grpc_core32MultiProducerSingleConsumerQueueD1Ev, aliases _ZN9grpc_core32MultiProducerSingleConsumerQueueD2Ev + + [A] _ZN9grpc_core32MultiProducerSingleConsumerQueueD2Ev + + [A] _ZN9grpc_core33ConnectivityStateWatcherInterface6OrphanEv + + [A] _ZN9grpc_core34SetServerRegisteredMethodAllocatorEP11grpc_serverP21grpc_completion_queuePvSt8functionIFNS_30ServerRegisteredCallAllocationEvEE + + [A] _ZN9grpc_core35FindGrpclbBalancerNameInChannelArgsERK17grpc_channel_args + + [A] _ZN9grpc_core38AsyncConnectivityStateWatcherInterface6NotifyE23grpc_connectivity_state + + [A] _ZN9grpc_core38AsyncConnectivityStateWatcherInterface8Notifier16SendNotificationEPvP10grpc_error + + [A] _ZN9grpc_core40FindGrpclbBalancerAddressesInChannelArgsERK17grpc_channel_args + + [A] _ZN9grpc_core4Json5ParseEN4absl14lts_2020_02_2511string_viewEPP10grpc_error + + [A] _ZN9grpc_core4Json8CopyFromERKS0_ + + [A] _ZN9grpc_core4Json8MoveFromEOS0_ + + [A] _ZN9grpc_core4JsonC1ERKS0_ + + [A] _ZN9grpc_core4JsonC2ERKS0_, aliases _ZN9grpc_core4JsonC1ERKS0_ + + [A] _ZN9grpc_core4JsonD1Ev + + [A] _ZN9grpc_core4JsonD2Ev, aliases _ZN9grpc_core4JsonD1Ev + + [A] _ZN9grpc_core5Arena5AllocEm + + [A] _ZN9grpc_core6XdsApi10DropConfigD0Ev + + [A] _ZN9grpc_core6XdsApi10DropConfigD1Ev, aliases _ZN9grpc_core6XdsApi10DropConfigD2Ev + + [A] _ZN9grpc_core6XdsApi10DropConfigD2Ev + + [A] _ZN9grpc_core6XdsApi16CreateAdsRequestERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKSt3setIN4absl14lts_2020_02_2511string_viewESt4lessISC_ESaISC_EES8_S8_P10grpc_errorb + + [A] _ZN9grpc_core6XdsApi16CreateLrsRequestESt3mapISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_ENS0_17ClusterLoadReportESt4lessIS9_ESaIS2_IKS9_SA_EEE + + [A] _ZN9grpc_core6XdsApi16ParseAdsResponseERK10grpc_sliceRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKSt3setIN4absl14lts_2020_02_2511string_viewESt4lessISF_ESaISF_EESL_SL_PNSE_8optionalINS0_9LdsUpdateEEEPNSM_INS0_9RdsUpdateEEEPSt3mapIS9_NS0_9CdsUpdateESG_IS9_ESaISt4pairISA_SU_EEEPST_IS9_NS0_9EdsUpdateESV_SaISW_ISA_S11_EEEPS9_S16_S16_ + + [A] _ZN9grpc_core6XdsApi16ParseLrsResponseERK10grpc_slicePbPSt3setINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4lessISB_ESaISB_EEPl + + [A] _ZN9grpc_core6XdsApi18PriorityListUpdate11LocalityMap8LocalityD1Ev + + [A] _ZN9grpc_core6XdsApi18PriorityListUpdate11LocalityMap8LocalityD2Ev, aliases _ZN9grpc_core6XdsApi18PriorityListUpdate11LocalityMap8LocalityD1Ev + + [A] _ZN9grpc_core6XdsApi18PriorityListUpdate3AddENS1_11LocalityMap8LocalityE + + [A] _ZN9grpc_core6XdsApi18PriorityListUpdate8ContainsERKNS_13RefCountedPtrINS_15XdsLocalityNameEEE + + [A] _ZN9grpc_core6XdsApi23CreateLrsInitialRequestERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core6XdsApi9CdsUpdateD1Ev + + [A] _ZN9grpc_core6XdsApi9CdsUpdateD2Ev, aliases _ZN9grpc_core6XdsApi9CdsUpdateD1Ev + + [A] _ZN9grpc_core6XdsApi9EdsUpdateD1Ev, aliases _ZN9grpc_core6XdsApi9EdsUpdateD2Ev + + [A] _ZN9grpc_core6XdsApi9EdsUpdateD2Ev + + [A] _ZN9grpc_core6XdsApi9LdsUpdateD1Ev + + [A] _ZN9grpc_core6XdsApi9LdsUpdateD2Ev, aliases _ZN9grpc_core6XdsApi9LdsUpdateD1Ev + + [A] _ZN9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcherD1Ev + + [A] _ZN9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcherD2Ev, aliases _ZN9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcherD1Ev + + [A] _ZN9grpc_core6XdsApi9RdsUpdate8RdsRouteD1Ev + + [A] _ZN9grpc_core6XdsApi9RdsUpdate8RdsRouteD2Ev, aliases _ZN9grpc_core6XdsApi9RdsUpdate8RdsRouteD1Ev + + [A] _ZN9grpc_core6XdsApiC1EPNS_9XdsClientEPNS_9TraceFlagEPKNS_12XdsBootstrap4NodeE, aliases _ZN9grpc_core6XdsApiC2EPNS_9XdsClientEPNS_9TraceFlagEPKNS_12XdsBootstrap4NodeE + + [A] _ZN9grpc_core6XdsApiC2EPNS_9XdsClientEPNS_9TraceFlagEPKNS_12XdsBootstrap4NodeE + + [A] _ZN9grpc_core7Closure3RunERKNS_13DebugLocationEP12grpc_closureP10grpc_error + + [A] _ZN9grpc_core7ExecCtx3RunERKNS_13DebugLocationEP12grpc_closureP10grpc_error + + [A] _ZN9grpc_core7ExecCtx7RunListERKNS_13DebugLocationEP17grpc_closure_list + + [A] _ZN9grpc_core8Combiner10FinallyRunEP12grpc_closureP10grpc_error + + [A] _ZN9grpc_core8Combiner3RunEP12grpc_closureP10grpc_error + + [A] _ZN9grpc_core8Executor3RunEP12grpc_closureP10grpc_errorNS_12ExecutorTypeENS_15ExecutorJobTypeE + + [A] _ZN9grpc_core8RefCount10RefNonZeroEv + + [A] _ZN9grpc_core8RefCount3RefERKNS_13DebugLocationEPKcl + + [A] _ZN9grpc_core8RefCount3RefEl + + [A] _ZN9grpc_core8RefCount5UnrefERKNS_13DebugLocationEPKc + + [A] _ZN9grpc_core8RefCount5UnrefEv + + [A] _ZN9grpc_core8ResolverC1ESt10shared_ptrINS_14WorkSerializerEESt10unique_ptrINS0_13ResultHandlerESt14default_deleteIS5_EE, aliases _ZN9grpc_core8ResolverC2ESt10shared_ptrINS_14WorkSerializerEESt10unique_ptrINS0_13ResultHandlerESt14default_deleteIS5_EE + + [A] _ZN9grpc_core8ResolverC2ESt10shared_ptrINS_14WorkSerializerEESt10unique_ptrINS0_13ResultHandlerESt14default_deleteIS5_EE + + [A] _ZN9grpc_core8channelz10ServerNode14AddChildSocketENS_13RefCountedPtrINS0_10SocketNodeEEE + + [A] _ZN9grpc_core8channelz10ServerNode17RemoveChildSocketEl + + [A] _ZN9grpc_core8channelz10ServerNode19RenderServerSocketsB5cxx11Ell + + [A] _ZN9grpc_core8channelz10ServerNode20AddChildListenSocketENS_13RefCountedPtrINS0_16ListenSocketNodeEEE + + [A] _ZN9grpc_core8channelz10ServerNode23RemoveChildListenSocketEl + + [A] _ZN9grpc_core8channelz10SocketNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_S7_, aliases _ZN9grpc_core8channelz10SocketNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_S7_ + + [A] _ZN9grpc_core8channelz10SocketNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_S7_ + + [A] _ZN9grpc_core8channelz11ChannelNode17PopulateChildRefsEPSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_4JsonESt4lessIS8_ESaISt4pairIKS8_S9_EEE + + [A] _ZN9grpc_core8channelz11ChannelNode39GetChannelConnectivityStateChangeStringE23grpc_connectivity_state + + [A] _ZN9grpc_core8channelz11ChannelNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEml + + [A] _ZN9grpc_core8channelz11ChannelNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEml, aliases _ZN9grpc_core8channelz11ChannelNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEml + + [A] _ZN9grpc_core8channelz14SubchannelNode14SetChildSocketENS_13RefCountedPtrINS0_10SocketNodeEEE + + [A] _ZN9grpc_core8channelz14SubchannelNode23UpdateConnectivityStateE23grpc_connectivity_state + + [A] _ZN9grpc_core8channelz14SubchannelNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEm + + [A] _ZN9grpc_core8channelz14SubchannelNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEm, aliases _ZN9grpc_core8channelz14SubchannelNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEm + + [A] _ZN9grpc_core8channelz16ChannelzRegistry18InternalGetServersB5cxx11El + + [A] _ZN9grpc_core8channelz16ChannelzRegistry22InternalGetTopChannelsB5cxx11El + + [A] _ZN9grpc_core8channelz16ListenSocketNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_, aliases _ZN9grpc_core8channelz16ListenSocketNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_ + + [A] _ZN9grpc_core8channelz16ListenSocketNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_ + + [A] _ZN9grpc_core8channelz18CallCountingHelper18PopulateCallCountsEPSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_4JsonESt4lessIS8_ESaISt4pairIKS8_S9_EEE + + [A] _ZN9grpc_core8channelz8BaseNode16RenderJsonStringB5cxx11Ev + + [A] _ZN9grpc_core8channelz8BaseNodeC1ENS1_10EntityTypeENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN9grpc_core8channelz8BaseNodeC2ENS1_10EntityTypeENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core8channelz8BaseNodeC2ENS1_10EntityTypeENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core8internal32ClientChannelServiceConfigParser17ParseGlobalParamsERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core8internal32ClientChannelServiceConfigParser20ParsePerMethodParamsERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState11StopLrsCallEv + + [A] _ZN9grpc_core9XdsClient12ChannelState11UnsubscribeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_b + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState11UnsubscribeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESA_b + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13OnRequestSentEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState13OnTimerLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState7OnTimerEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateD1Ev, aliases _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState15AcceptCdsUpdateESt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_6XdsApi9CdsUpdateESt4lessIS9_ESaISt4pairIKS9_SB_EEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState15AcceptEdsUpdateESt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_6XdsApi9EdsUpdateESt4lessIS9_ESaISt4pairIKS9_SB_EEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState15AcceptLdsUpdateEN4absl14lts_2020_02_258optionalINS_6XdsApi9LdsUpdateEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState15AcceptRdsUpdateEN4absl14lts_2020_02_258optionalINS_6XdsApi9RdsUpdateEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState16OnStatusReceivedEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState17SendMessageLockedERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState18OnResponseReceivedEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState19OnRequestSentLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState22OnStatusReceivedLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState23ResourceNamesForRequestERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState24OnResponseReceivedLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState9SubscribeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESA_ + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateC1ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE, aliases _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateC2ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateC2ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateD2Ev, aliases _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState16OnStatusReceivedEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState18OnResponseReceivedEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState20OnInitialRequestSentEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState22OnStatusReceivedLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState24OnResponseReceivedLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState25MaybeStartReportingLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState26OnInitialRequestSentLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter12OnReportDoneEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter16SendReportLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter17OnNextReportTimerEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter18OnReportDoneLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter23OnNextReportTimerLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter24ScheduleNextReportLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterD1Ev, aliases _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateC1ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE, aliases _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateC2ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateC2ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateD2Ev, aliases _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12StateWatcher25OnConnectivityStateChangeE23grpc_connectivity_state + + [A] _ZN9grpc_core9XdsClient12ChannelState12StateWatcherD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12StateWatcherD1Ev, aliases _ZN9grpc_core9XdsClient12ChannelState12StateWatcherD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12StateWatcherD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE12OnRetryTimerEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE18StartNewCallLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE21StartRetryTimerLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEED0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEED1Ev, aliases _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEED2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEED2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE12OnRetryTimerEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE18StartNewCallLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE21StartRetryTimerLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEED0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEED1Ev, aliases _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEED2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEED2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState17MaybeStartLrsCallEv + + [A] _ZN9grpc_core9XdsClient12ChannelState28StartConnectivityWatchLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState29CancelConnectivityWatchLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState9SubscribeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_ + + [A] _ZN9grpc_core9XdsClient12ChannelStateC1ENS_13RefCountedPtrIS0_EEP12grpc_channel, aliases _ZN9grpc_core9XdsClient12ChannelStateC2ENS_13RefCountedPtrIS0_EEP12grpc_channel + + [A] _ZN9grpc_core9XdsClient12ChannelStateC2ENS_13RefCountedPtrIS0_EEP12grpc_channel + + [A] _ZN9grpc_core9XdsClient12ChannelStateD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ChannelStateD2Ev, aliases _ZN9grpc_core9XdsClient12ChannelStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ResetBackoffEv + + [A] _ZN9grpc_core9XdsClient13ChannelArgCmpEPvS1_ + + [A] _ZN9grpc_core9XdsClient13NotifyOnErrorEP10grpc_error + + [A] _ZN9grpc_core9XdsClient14ChannelArgCopyEPv + + [A] _ZN9grpc_core9XdsClient15LoadReportStateD1Ev, aliases _ZN9grpc_core9XdsClient15LoadReportStateD2Ev + + [A] _ZN9grpc_core9XdsClient15LoadReportStateD2Ev + + [A] _ZN9grpc_core9XdsClient16WatchClusterDataEN4absl14lts_2020_02_2511string_viewESt10unique_ptrINS0_23ClusterWatcherInterfaceESt14default_deleteIS5_EE + + [A] _ZN9grpc_core9XdsClient17ChannelArgDestroyEPv + + [A] _ZN9grpc_core9XdsClient17WatchEndpointDataEN4absl14lts_2020_02_2511string_viewESt10unique_ptrINS0_24EndpointWatcherInterfaceESt14default_deleteIS5_EE + + [A] _ZN9grpc_core9XdsClient18GetFromChannelArgsERK17grpc_channel_args + + [A] _ZN9grpc_core9XdsClient19AddClusterDropStatsEN4absl14lts_2020_02_2511string_viewES3_S3_ + + [A] _ZN9grpc_core9XdsClient19CreateServiceConfigERKNS_6XdsApi9RdsUpdateEPNS_13RefCountedPtrINS_13ServiceConfigEEE + + [A] _ZN9grpc_core9XdsClient21RemoveFromChannelArgsERK17grpc_channel_args + + [A] _ZN9grpc_core9XdsClient22CancelClusterDataWatchEN4absl14lts_2020_02_2511string_viewEPNS0_23ClusterWatcherInterfaceEb + + [A] _ZN9grpc_core9XdsClient22RemoveClusterDropStatsEN4absl14lts_2020_02_2511string_viewES3_S3_PNS_19XdsClusterDropStatsE + + [A] _ZN9grpc_core9XdsClient23AddClusterLocalityStatsEN4absl14lts_2020_02_2511string_viewES3_S3_NS_13RefCountedPtrINS_15XdsLocalityNameEEE + + [A] _ZN9grpc_core9XdsClient23BuildLoadReportSnapshotEbRKSt3setINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4lessIS7_ESaIS7_EE + + [A] _ZN9grpc_core9XdsClient23CancelEndpointDataWatchEN4absl14lts_2020_02_2511string_viewEPNS0_24EndpointWatcherInterfaceEb + + [A] _ZN9grpc_core9XdsClient26RemoveClusterLocalityStatsEN4absl14lts_2020_02_2511string_viewES3_S3_RKNS_13RefCountedPtrINS_15XdsLocalityNameEEEPNS_23XdsClusterLocalityStatsE + + [A] _ZN9grpc_core9XdsClient26WeightedClustersActionNameB5cxx11ERKSt6vectorINS_6XdsApi9RdsUpdate8RdsRoute13ClusterWeightESaIS5_EE + + [A] _ZN9grpc_core9XdsClient29UpdateWeightedClusterIndexMapERKNS_6XdsApi9RdsUpdateE + + [A] _ZN9grpc_core9XdsClient6OrphanEv + + [A] _ZN9grpc_core9XdsClientC1ESt10shared_ptrINS_14WorkSerializerEEP16grpc_pollset_setN4absl14lts_2020_02_2511string_viewESt10unique_ptrINS0_29ServiceConfigWatcherInterfaceESt14default_deleteISA_EERK17grpc_channel_argsPP10grpc_error + + [A] _ZN9grpc_core9XdsClientC2ESt10shared_ptrINS_14WorkSerializerEEP16grpc_pollset_setN4absl14lts_2020_02_2511string_viewESt10unique_ptrINS0_29ServiceConfigWatcherInterfaceESt14default_deleteISA_EERK17grpc_channel_argsPP10grpc_error, aliases _ZN9grpc_core9XdsClientC1ESt10shared_ptrINS_14WorkSerializerEEP16grpc_pollset_setN4absl14lts_2020_02_2511string_viewESt10unique_ptrINS0_29ServiceConfigWatcherInterfaceESt14default_deleteISA_EERK17grpc_channel_argsPP10grpc_error + + [A] _ZN9grpc_core9XdsClientD0Ev + + [A] _ZN9grpc_core9XdsClientD1Ev, aliases _ZN9grpc_core9XdsClientD2Ev + + [A] _ZN9grpc_core9XdsClientD2Ev + + [A] _ZNK4absl14lts_2020_02_2516strings_internal8SplitterINS1_13MaxSplitsImplINS0_6ByCharEEENS0_10AllowEmptyEE18ConvertToContainerISt6vectorINS0_11string_viewESaISA_EESA_Lb0EEclERKS7_ + + [A] _ZNK9grpc_core10ThreadPool11thread_nameEv + + [A] _ZNK9grpc_core10ThreadPool13pool_capacityEv + + [A] _ZNK9grpc_core10ThreadPool14thread_optionsEv + + [A] _ZNK9grpc_core10ThreadPool20num_pending_closuresEv + + [A] _ZNK9grpc_core12GrpcLbServereqERKS0_ + + [A] _ZNK9grpc_core13ServerAddress3CmpERKS0_ + + [A] _ZNK9grpc_core13ServiceConfig27GetMethodParsedConfigVectorERK10grpc_slice + + [A] _ZNK9grpc_core14ConfigSelector14MakeChannelArgEv + + [A] _ZNK9grpc_core15InfLenFIFOQueue5countEv + + [A] _ZNK9grpc_core15XdsLocalityName7CompareERKS0_ + + [A] _ZNK9grpc_core18ChildPolicyHandler25CreateLoadBalancingPolicyEPKcNS_19LoadBalancingPolicy4ArgsE + + [A] _ZNK9grpc_core18ChildPolicyHandler37ConfigChangeRequiresNewPolicyInstanceEPNS_19LoadBalancingPolicy6ConfigES3_ + + [A] _ZNK9grpc_core18ChildPolicyHandler4nameEv + + [A] _ZNK9grpc_core24ConnectivityStateTracker5stateEv + + [A] _ZNK9grpc_core28ResolvingLoadBalancingPolicy35ConcatenateAndAddChannelTraceLockedERKN4absl14lts_2020_02_2513InlinedVectorIPKcLm3ESaIS5_EEE + + [A] _ZNK9grpc_core4Json4DumpB5cxx11Ei + + [A] _ZNK9grpc_core6XdsApi10DropConfig10ShouldDropEPPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZNK9grpc_core6XdsApi18PriorityListUpdate4FindEj + + [A] _ZNK9grpc_core6XdsApi18PriorityListUpdateeqERKS1_ + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8RdsRoute13ClusterWeight8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers11PathMatcher8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcher8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8RdsRoute8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core8channelz12ChannelTrace10TraceEvent16RenderTraceEventEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState12AdsCallState22HasSubscribedResourcesEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState12AdsCallState22IsCurrentCallOnChannelEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState12LrsCallState22IsCurrentCallOnChannelEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState16HasActiveAdsCallEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState9ads_calldEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState9lrs_calldEv + + [A] _ZNK9grpc_core9XdsClient14MakeChannelArgEv + + [A] _ZNKSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEE19_M_find_before_nodeEmRS2_m + + [A] _ZNKSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEE4findERS2_ + + [A] _ZNKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12_M_check_lenEmPKc + + [A] _ZNKSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE4findERKS2_ + + [A] _ZNKSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core13RefCountedPtrINS8_19LoadBalancingPolicy6ConfigEEEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE4findERS7_ + + [A] _ZNKSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE4findERS7_ + + [A] _ZNSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEE9_M_rehashEmRKm + + [A] _ZNSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEED1Ev + + [A] _ZNSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEED2Ev, aliases _ZNSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEED1Ev + + [A] _ZNSt10_HashtableIjSt4pairIKjPN9grpc_core21TcpZerocopySendRecordEESaIS5_ENSt8__detail10_Select1stESt8equal_toIjESt4hashIjENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb0ELb0ELb1EEEE21_M_insert_unique_nodeEmmPNS7_10_Hash_nodeIS5_Lb0EEE + + [A] _ZNSt10_HashtableIjSt4pairIKjPN9grpc_core21TcpZerocopySendRecordEESaIS5_ENSt8__detail10_Select1stESt8equal_toIjESt4hashIjENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb0ELb0ELb1EEEE9_M_rehashEmRKm + + [A] _ZNSt10_HashtableIjSt4pairIKjPN9grpc_core21TcpZerocopySendRecordEESaIS5_ENSt8__detail10_Select1stESt8equal_toIjESt4hashIjENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb0ELb0ELb1EEEED1Ev + + [A] _ZNSt10_HashtableIjSt4pairIKjPN9grpc_core21TcpZerocopySendRecordEESaIS5_ENSt8__detail10_Select1stESt8equal_toIjESt4hashIjENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb0ELb0ELb1EEEED2Ev, aliases _ZNSt10_HashtableIjSt4pairIKjPN9grpc_core21TcpZerocopySendRecordEESaIS5_ENSt8__detail10_Select1stESt8equal_toIjESt4hashIjENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb0ELb0ELb1EEEED1Ev + + [A] _ZNSt10unique_ptrIN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core17GrpcLbClientStats14DropTokenCountELm10ESaIS5_EEESt14default_deleteIS7_EED1Ev + + [A] _ZNSt10unique_ptrIN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core17GrpcLbClientStats14DropTokenCountELm10ESaIS5_EEESt14default_deleteIS7_EED2Ev, aliases _ZNSt10unique_ptrIN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core17GrpcLbClientStats14DropTokenCountELm10ESaIS5_EEESt14default_deleteIS7_EED1Ev + + [A] _ZNSt10unique_ptrIN9grpc_core12XdsBootstrapESt14default_deleteIS1_EED1Ev, aliases _ZNSt10unique_ptrIN9grpc_core12XdsBootstrapESt14default_deleteIS1_EED2Ev + + [A] _ZNSt10unique_ptrIN9grpc_core12XdsBootstrapESt14default_deleteIS1_EED2Ev + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_core38AsyncConnectivityStateWatcherInterface8NotifierC4ENS1_13RefCountedPtrIS2_EE23grpc_connectivity_stateRKSt10shared_ptrINS1_14WorkSerializerEEEUlvE_E10_M_managerERSt9_Any_dataRKSE_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState7OnTimerEPvP10grpc_errorEUlvE_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_core9XdsClient12ChannelState13RetryableCallINS3_12AdsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_E10_M_managerERSt9_Any_dataRKSC_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_core9XdsClient12ChannelState13RetryableCallINS3_12LrsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_E10_M_managerERSt9_Any_dataRKSC_St18_Manager_operation + + [A] _ZNSt15_Sp_counted_ptrIDnLN9__gnu_cxx12_Lock_policyE2EE10_M_disposeEv + + [A] _ZNSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE10_M_destroyEv + + [A] _ZNSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE10_M_releaseEv + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_core38AsyncConnectivityStateWatcherInterface8NotifierC4ENS1_13RefCountedPtrIS2_EE23grpc_connectivity_stateRKSt10shared_ptrINS1_14WorkSerializerEEEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState7OnTimerEPvP10grpc_errorEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_core9XdsClient12ChannelState13RetryableCallINS3_12AdsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_core9XdsClient12ChannelState13RetryableCallINS3_12LrsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt20__uninitialized_copyILb0EE13__uninit_copyISt13move_iteratorIPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEES9_EET0_T_SC_SB_ + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE10_M_destroyEv + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE10_M_disposeEv + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EED0Ev + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EED1Ev, aliases _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EED2Ev + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EED2Ev + + [A] _ZNSt3_V28__rotateIPSt10unique_ptrIN9grpc_core17HandshakerFactoryESt14default_deleteIS3_EEEET_S8_S8_S8_St26random_access_iterator_tag + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonESt4lessIS5_ESaISt4pairIKS5_S7_EEEC1ESt16initializer_listISC_ERKS9_RKSD_, aliases _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonESt4lessIS5_ESaISt4pairIKS5_S7_EEEC2ESt16initializer_listISC_ERKS9_RKSD_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonESt4lessIS5_ESaISt4pairIKS5_S7_EEEC2ESt16initializer_listISC_ERKS9_RKSD_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonESt4lessIS5_ESaISt4pairIKS5_S7_EEEixEOS5_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateESt4lessIS5_ESaISt4pairIKS5_SA_EEEixEOS5_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateESt4lessIS5_ESaISt4pairIKS5_SA_EEEixERSE_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core9XdsClient12ClusterStateESt4lessIS5_ESaISt4pairIKS5_S8_EEEixERSC_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core9XdsClient13EndpointStateESt4lessIS5_ESaISt4pairIKS5_S8_EEEixERSC_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS7_16OrphanableDeleteEESt4lessIS5_ESaISt4pairIKS5_SD_EEEixERSH_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEmSt4lessIS5_ESaISt4pairIKS5_mEEEixERS9_ + + [A] _ZNSt4pairIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonEED1Ev, aliases _ZNSt4pairIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonEED2Ev + + [A] _ZNSt4pairIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonEED2Ev + + [A] _ZNSt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_ED1Ev + + [A] _ZNSt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_ED2Ev, aliases _ZNSt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_ED1Ev + + [A] _ZNSt5dequeIN9grpc_core10Subchannel33ConnectivityStateWatcherInterface23ConnectivityStateChangeESaIS3_EED1Ev, aliases _ZNSt5dequeIN9grpc_core10Subchannel33ConnectivityStateWatcherInterface23ConnectivityStateChangeESaIS3_EED2Ev + + [A] _ZNSt5dequeIN9grpc_core10Subchannel33ConnectivityStateWatcherInterface23ConnectivityStateChangeESaIS3_EED2Ev + + [A] _ZNSt6vectorIN4absl14lts_2020_02_2511string_viewESaIS2_EE15_M_range_insertIPZNKS1_16strings_internal8SplitterINS6_13MaxSplitsImplINS1_6ByCharEEENS1_10AllowEmptyEE18ConvertToContainerIS4_S2_Lb0EEclERKSC_E8raw_viewEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EET_SN_St20forward_iterator_tag + + [A] _ZNSt6vectorIN9grpc_core12GrpcLbServerESaIS1_EE14_M_emplace_auxIJEEEN9__gnu_cxx17__normal_iteratorIPS1_S3_EENS6_IPKS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core12GrpcLbServerESaIS1_EE17_M_realloc_insertIJEEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core23XdsClusterLocalityStats8SnapshotESaIS2_EE17_M_realloc_insertIJS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE12emplace_backIJS1_EEEvDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE12emplace_backIJSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES1_St4lessISB_ESaISt4pairIKSB_S1_EEEEEEvDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE17_M_realloc_insertIJEEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE17_M_realloc_insertIJRNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE17_M_realloc_insertIJS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE17_M_realloc_insertIJSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES1_St4lessISB_ESaISt4pairIKSB_S1_EEEEEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EEC1ESt16initializer_listIS1_ERKS2_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EEC2ESt16initializer_listIS1_ERKS2_, aliases _ZNSt6vectorIN9grpc_core4JsonESaIS1_EEC1ESt16initializer_listIS1_ERKS2_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EED1Ev + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EED2Ev, aliases _ZNSt6vectorIN9grpc_core4JsonESaIS1_EED1Ev + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EEaSERKS3_ + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRoute13ClusterWeightESaIS4_EE17_M_realloc_insertIJS4_EEEvN9__gnu_cxx17__normal_iteratorIPS4_S6_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcherESaIS5_EE17_M_realloc_insertIJEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcherESaIS5_EE17_M_realloc_insertIJS5_EEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRouteESaIS3_EE17_M_realloc_insertIJS3_EEEvN9__gnu_cxx17__normal_iteratorIPS3_S5_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRouteESaIS3_EED1Ev, aliases _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRouteESaIS3_EED2Ev + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRouteESaIS3_EED2Ev + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA10_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA12_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA13_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA15_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA16_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA19_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA21_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA25_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA28_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA29_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA2_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA35_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA4_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA6_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA8_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJS5_EEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA10_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA12_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA13_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA15_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA16_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA17_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA19_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA21_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA22_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA23_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA24_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA25_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA26_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA27_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA28_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA29_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA2_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA32_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA33_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA35_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA4_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA6_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA7_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA8_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA9_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRKS5_EEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJS5_EEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EED1Ev, aliases _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EED2Ev + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EED2Ev + + [A] _ZNSt6vectorIP10grpc_errorSaIS1_EE12emplace_backIJS1_EEEvDpOT_ + + [A] _ZNSt6vectorIP10grpc_errorSaIS1_EE17_M_realloc_insertIJRKS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIP10grpc_errorSaIS1_EE17_M_realloc_insertIJS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIP12grpc_channelSaIS1_EE17_M_realloc_insertIJRKS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIP12grpc_pollsetSaIS1_EE17_M_realloc_insertIJS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIP21grpc_completion_queueSaIS1_EE17_M_realloc_insertIJRKS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIPN9grpc_core4JsonESaIS2_EE17_M_realloc_insertIJRKS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [A] _ZNSt6vectorISt10unique_ptrIN9grpc_core20ProxyMapperInterfaceESt14default_deleteIS2_EESaIS5_EE17_M_realloc_insertIJS5_EEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorImSaImEE17_M_realloc_insertIJRKmEEEvN9__gnu_cxx17__normal_iteratorIPmS1_EEDpOT_ + + [A] _ZNSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE24_M_get_insert_unique_posERKS2_ + + [A] _ZNSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + + [A] _ZNSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewESt4pairIKS2_dESt10_Select1stIS5_EN9grpc_core10StringLessESaIS5_EE24_M_get_insert_unique_posERS4_ + + [A] _ZNSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewESt4pairIKS2_dESt10_Select1stIS5_EN9grpc_core10StringLessESaIS5_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS5_ERS4_ + + [A] _ZNSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewESt4pairIKS2_dESt10_Select1stIS5_EN9grpc_core10StringLessESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_23XdsClusterLocalityStats8SnapshotEESt10_Select1stIS8_ENS2_4LessESaIS8_EE24_M_get_insert_unique_posERS5_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_23XdsClusterLocalityStats8SnapshotEESt10_Select1stIS8_ENS2_4LessESaIS8_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS8_ERS5_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_23XdsClusterLocalityStats8SnapshotEESt10_Select1stIS8_ENS2_4LessESaIS8_EE8_M_eraseEPSt13_Rb_tree_nodeIS8_E + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_6XdsApi18PriorityListUpdate11LocalityMap8LocalityEESt10_Select1stISA_ENS2_4LessESaISA_EE17_M_emplace_uniqueIJRS3_S9_EEES4_ISt17_Rb_tree_iteratorISA_EbEDpOT_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_6XdsApi18PriorityListUpdate11LocalityMap8LocalityEESt10_Select1stISA_ENS2_4LessESaISA_EE7_M_copyINSF_11_Alloc_nodeEEEPSt13_Rb_tree_nodeISA_EPKSJ_PSt18_Rb_tree_node_baseRT_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_6XdsApi18PriorityListUpdate11LocalityMap8LocalityEESt10_Select1stISA_ENS2_4LessESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_9XdsClient15LoadReportState13LocalityStateEESt10_Select1stIS9_ENS2_4LessESaIS9_EE24_M_get_insert_unique_posERS5_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_9XdsClient15LoadReportState13LocalityStateEESt10_Select1stIS9_ENS2_4LessESaIS9_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS9_ERS5_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_9XdsClient15LoadReportState13LocalityStateEESt10_Select1stIS9_ENS2_4LessESaIS9_EE8_M_eraseEPSt13_Rb_tree_nodeIS9_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE11equal_rangeERKS5_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSD_PSt13_Rb_tree_nodeIS5_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE16_M_insert_uniqueIRKS5_EESt4pairISt17_Rb_tree_iteratorIS5_EbEOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE17_M_emplace_uniqueIJRKPKcRKmEEESt4pairISt17_Rb_tree_iteratorIS5_EbEDpOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE17_M_emplace_uniqueIJS5_EEESt4pairISt17_Rb_tree_iteratorIS5_EbEDpOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE24_M_get_insert_unique_posERKS5_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE4findERKS5_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE5eraseERKS5_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaISC_EEEESt10_Select1stISF_ESt4lessIS5_ESaISF_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaISC_EEEESt10_Select1stISF_ESt4lessIS5_ESaISF_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISF_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaISC_EEEESt10_Select1stISF_ESt4lessIS5_ESaISF_EE8_M_eraseEPSt13_Rb_tree_nodeISF_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core13RefCountedPtrINS8_19LoadBalancingPolicy6ConfigEEEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core13RefCountedPtrINS8_19LoadBalancingPolicy6ConfigEEEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISD_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core13RefCountedPtrINS8_19LoadBalancingPolicy6ConfigEEEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE8_M_eraseEPSt13_Rb_tree_nodeISD_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core23XdsClusterLocalityStats13BackendMetricEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core23XdsClusterLocalityStats13BackendMetricEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISB_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core23XdsClusterLocalityStats13BackendMetricEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSI_PSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISA_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE4findERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE7_M_copyINSG_20_Reuse_or_alloc_nodeEEEPSt13_Rb_tree_nodeISA_EPKSK_PSt18_Rb_tree_node_baseRT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EEaSERKSG_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core6XdsApi9CdsUpdateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE17_M_emplace_uniqueIJS5_SA_EEES6_ISt17_Rb_tree_iteratorISB_EbEDpOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core6XdsApi9CdsUpdateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core6XdsApi9EdsUpdateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE17_M_emplace_uniqueIJS5_SA_EEES6_ISt17_Rb_tree_iteratorISB_EbEDpOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core6XdsApi9EdsUpdateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE11equal_rangeERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSL_PSt13_Rb_tree_nodeISD_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISD_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE5eraseERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE8_M_eraseEPSt13_Rb_tree_nodeISD_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE11equal_rangeERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSJ_PSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISB_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE5eraseERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE11equal_rangeERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSJ_PSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISB_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE5eraseERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient16ClusterNamesInfoEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient16ClusterNamesInfoEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISB_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient16ClusterNamesInfoEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE4findERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient16ClusterNamesInfoEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS8_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE8_M_eraseEPSt13_Rb_tree_nodeIS8_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS9_16OrphanableDeleteEEESt10_Select1stISG_ESt4lessIS5_ESaISG_EE11equal_rangeERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS9_16OrphanableDeleteEEESt10_Select1stISG_ESt4lessIS5_ESaISG_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSO_PSt13_Rb_tree_nodeISG_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS9_16OrphanableDeleteEEESt10_Select1stISG_ESt4lessIS5_ESaISG_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS9_16OrphanableDeleteEEESt10_Select1stISG_ESt4lessIS5_ESaISG_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISG_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS9_16OrphanableDeleteEEESt10_Select1stISG_ESt4lessIS5_ESaISG_EE8_M_eraseEPSt13_Rb_tree_nodeISG_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_mESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_mESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS8_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_mESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE8_M_eraseEPSt13_Rb_tree_nodeIS8_E + + [A] _ZNSt8_Rb_treeIPKcSt4pairIKS1_N4absl14lts_2020_02_2511string_viewEESt10_Select1stIS7_ESt4lessIS1_ESaIS7_EE8_M_eraseEPSt13_Rb_tree_nodeIS7_E + + [A] _ZNSt8_Rb_treeIPKcSt4pairIKS1_St10unique_ptrIN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherENS5_16OrphanableDeleteEEESt10_Select1stISB_ENS5_10StringLessESaISB_EE24_M_get_insert_unique_posERS3_ + + [A] _ZNSt8_Rb_treeIPKcSt4pairIKS1_St10unique_ptrIN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherENS5_16OrphanableDeleteEEESt10_Select1stISB_ENS5_10StringLessESaISB_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISB_ERS3_ + + [A] _ZNSt8_Rb_treeIPKcSt4pairIKS1_St10unique_ptrIN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherENS5_16OrphanableDeleteEEESt10_Select1stISB_ENS5_10StringLessESaISB_EE4findERS3_ + + [A] _ZNSt8_Rb_treeIPKcSt4pairIKS1_St10unique_ptrIN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherENS5_16OrphanableDeleteEEESt10_Select1stISB_ENS5_10StringLessESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core10Subchannel33ConnectivityStateWatcherInterfaceESt4pairIKS3_NS0_13RefCountedPtrIS2_EEESt10_Select1stIS8_ESt4lessIS3_ESaIS8_EE8_M_eraseEPSt13_Rb_tree_nodeIS8_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core10SubchannelESt4pairIKS2_iESt10_Select1stIS5_ESt4lessIS2_ESaIS5_EE17_M_emplace_uniqueIJRS2_iEEES3_ISt17_Rb_tree_iteratorIS5_EbEDpOT_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core10SubchannelESt4pairIKS2_iESt10_Select1stIS5_ESt4lessIS2_ESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameESt4pairIKS2_mESt10_Select1stIS5_ENS1_4LessESaIS5_EE11equal_rangeERS4_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameESt4pairIKS2_mESt10_Select1stIS5_ENS1_4LessESaIS5_EE24_M_get_insert_unique_posERS4_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameESt4pairIKS2_mESt10_Select1stIS5_ENS1_4LessESaIS5_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS5_ERS4_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameESt4pairIKS2_mESt10_Select1stIS5_ENS1_4LessESaIS5_EE5eraseERS4_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameESt4pairIKS2_mESt10_Select1stIS5_ENS1_4LessESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core19XdsClusterDropStatsES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE16_M_insert_uniqueIS2_EESt4pairISt17_Rb_tree_iteratorIS2_EbEOT_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core19XdsClusterDropStatsES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core23XdsClusterLocalityStatsES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE16_M_insert_uniqueIS2_EESt4pairISt17_Rb_tree_iteratorIS2_EbEOT_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core23XdsClusterLocalityStatsES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core33ConnectivityStateWatcherInterfaceESt4pairIKS2_St10unique_ptrIS1_NS0_16OrphanableDeleteEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE16_M_insert_uniqueIS3_IS2_S7_EEES3_ISt17_Rb_tree_iteratorIS8_EbEOT_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core33ConnectivityStateWatcherInterfaceESt4pairIKS2_St10unique_ptrIS1_NS0_16OrphanableDeleteEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE8_M_eraseEPSt13_Rb_tree_nodeIS8_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient23ClusterWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE24_M_get_insert_unique_posERS5_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient23ClusterWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISA_ERS5_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient23ClusterWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient24EndpointWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE24_M_get_insert_unique_posERS5_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient24EndpointWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISA_ERS5_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient24EndpointWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core6XdsApi17ClusterLoadReportEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE24_M_get_insert_unique_posERS8_ + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core6XdsApi17ClusterLoadReportEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISC_ERS8_ + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core6XdsApi17ClusterLoadReportEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE8_M_eraseEPSt13_Rb_tree_nodeISC_E + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core9XdsClient15LoadReportStateEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE17_M_emplace_uniqueIJS0_IS7_SB_EEEES0_ISt17_Rb_tree_iteratorISC_EbEDpOT_ + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core9XdsClient15LoadReportStateEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE4findERS8_ + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core9XdsClient15LoadReportStateEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE8_M_eraseEPSt13_Rb_tree_nodeISC_E + + [A] _ZNSt8_Rb_treeISt4pairIPKcS2_ES0_IKS3_N9grpc_core14RegisteredCallEESt10_Select1stIS7_ESt4lessIS3_ESaIS7_EE16_M_insert_uniqueIS7_EES0_ISt17_Rb_tree_iteratorIS7_EbEOT_ + + [A] _ZNSt8_Rb_treeISt4pairIPKcS2_ES0_IKS3_N9grpc_core14RegisteredCallEESt10_Select1stIS7_ESt4lessIS3_ESaIS7_EE8_M_eraseEPSt13_Rb_tree_nodeIS7_E + + [A] _ZNSt8_Rb_treeIlSt4pairIKlN9grpc_core13RefCountedPtrINS2_8channelz10SocketNodeEEEESt10_Select1stIS7_ESt4lessIlESaIS7_EE8_M_eraseEPSt13_Rb_tree_nodeIS7_E + + [A] _ZNSt8_Rb_treeIlSt4pairIKlN9grpc_core13RefCountedPtrINS2_8channelz16ListenSocketNodeEEEESt10_Select1stIS7_ESt4lessIlESaIS7_EE8_M_eraseEPSt13_Rb_tree_nodeIS7_E + + [A] _ZNSt8_Rb_treeIlSt4pairIKlPN9grpc_core8channelz8BaseNodeEESt10_Select1stIS6_ESt4lessIlESaIS6_EE24_M_get_insert_unique_posERS1_ + + [A] _ZNSt8_Rb_treeIlSt4pairIKlPN9grpc_core8channelz8BaseNodeEESt10_Select1stIS6_ESt4lessIlESaIS6_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS6_ERS1_ + + [A] _ZNSt8_Rb_treeIlSt4pairIKlPN9grpc_core8channelz8BaseNodeEESt10_Select1stIS6_ESt4lessIlESaIS6_EE5eraseERS1_ + + [A] _ZNSt8_Rb_treeIlSt4pairIKlPN9grpc_core8channelz8BaseNodeEESt10_Select1stIS6_ESt4lessIlESaIS6_EE8_M_eraseEPSt13_Rb_tree_nodeIS6_E + + [A] _ZNSt8_Rb_treeIlSt4pairIKlbESt10_Select1stIS2_ESt4lessIlESaIS2_EE16_M_insert_uniqueIS0_IlbEEES0_ISt17_Rb_tree_iteratorIS2_EbEOT_ + + [A] _ZNSt8_Rb_treeIlSt4pairIKlbESt10_Select1stIS2_ESt4lessIlESaIS2_EE5eraseERS1_ + + [A] _ZNSt8_Rb_treeIlSt4pairIKlbESt10_Select1stIS2_ESt4lessIlESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + + [A] _ZNSt8_Rb_treeImSt4pairIKmSt3setIPN9grpc_core15XdsLocalityNameESt4lessIS5_ESaIS5_EEESt10_Select1stISA_ES6_ImESaISA_EE24_M_get_insert_unique_posERS1_ + + [A] _ZNSt8_Rb_treeImSt4pairIKmSt3setIPN9grpc_core15XdsLocalityNameESt4lessIS5_ESaIS5_EEESt10_Select1stISA_ES6_ImESaISA_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISA_ERS1_ + + [A] _ZNSt8_Rb_treeImSt4pairIKmSt3setIPN9grpc_core15XdsLocalityNameESt4lessIS5_ESaIS5_EEESt10_Select1stISA_ES6_ImESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8__detail9_Map_baseI10grpc_sliceSt4pairIKS1_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteISA_EELm4ESaISD_EEEESaISI_ENS_10_Select1stESt8equal_toIS1_ENS8_9SliceHashENS_18_Mod_range_hashingENS_20_Default_ranged_hashENS_20_Prime_rehash_policyENS_17_Hashtable_traitsILb1ELb0ELb1EEELb1EEixERS3_ + + [A] _ZSteqIcEN9__gnu_cxx11__enable_ifIXsrSt9__is_charIT_E7__valueEbE6__typeERKNSt7__cxx1112basic_stringIS3_St11char_traitsIS3_ESaIS3_EEESE_ + + [A] _ZStltINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_EbRKSt4pairIT_T0_ESB_ + + [A] _ZZN4absl14lts_2020_02_2511string_view19CheckLengthInternalEmENKUlvE_clEv + + [A] _ZZN4absl14lts_2020_02_2511string_view19CheckLengthInternalEmENUlvE_4_FUNEv + + [A] _ZZN9grpc_core10Subchannel26AsyncWatcherNotifierLockedC4ENS_13RefCountedPtrINS0_33ConnectivityStateWatcherInterfaceEEEPS0_23grpc_connectivity_stateENKUlPvP10grpc_errorE_clES7_S9_ + + [A] _ZZN9grpc_core10Subchannel26AsyncWatcherNotifierLockedC4ENS_13RefCountedPtrINS0_33ConnectivityStateWatcherInterfaceEEEPS0_23grpc_connectivity_stateENUlPvP10grpc_errorE_4_FUNES7_S9_ + + [A] _ZZN9grpc_core16ThreadPoolWorkerC4EPKcPNS_18MPMCQueueInterfaceERNS_6Thread7OptionsEiENKUlPvE_clES8_ + + [A] _ZZN9grpc_core16ThreadPoolWorkerC4EPKcPNS_18MPMCQueueInterfaceERNS_6Thread7OptionsEiENUlPvE_4_FUNES8_ + + + +28 Removed variable symbols not referenced by debug info: + + + + _ZN9grpc_core17grpc_lb_xds_traceE + + _ZN9grpc_core4Fork13thread_state_E + + _ZN9grpc_core4Fork15exec_ctx_state_E + + _ZN9grpc_core4Fork16support_enabled_E + + _ZN9grpc_core4Fork17override_enabled_E + + _ZN9grpc_core4Fork27reset_child_polling_engine_E + + _ZTVN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEEE + + _ZTVN9grpc_core16XdsLbClientStatsE + + g_hash_seed + + google_protobuf_Duration_fields + + google_protobuf_Timestamp_fields + + gpr_now_impl + + grpc_connectivity_state_trace + + grpc_health_v1_HealthCheckRequest_fields + + grpc_health_v1_HealthCheckResponse_fields + + grpc_lb_v1_ClientStatsPerToken_fields + + grpc_lb_v1_ClientStats_fields + + grpc_lb_v1_InitialLoadBalanceRequest_fields + + grpc_lb_v1_InitialLoadBalanceResponse_fields + + grpc_lb_v1_LoadBalanceRequest_fields + + grpc_lb_v1_LoadBalanceResponse_fields + + grpc_lb_v1_ServerList_fields + + grpc_lb_v1_Server_fields + + grpc_schedule_on_exec_ctx + + grpc_server_channel_trace + + grpc_static_mdelem_table + + grpc_static_metadata_refcounts + + grpc_static_slice_table + + + +670 Added variable symbols not referenced by debug info: + + + + [A] _ZN9grpc_core11g_hash_seedE + + [A] _ZN9grpc_core13kNoopRefcountE + + [A] _ZN9grpc_core17grpc_cds_lb_traceE + + [A] _ZN9grpc_core17grpc_lb_eds_traceE + + [A] _ZN9grpc_core17grpc_lb_lrs_traceE + + [A] _ZN9grpc_core19StaticSliceRefcount18kStaticSubRefcountE + + [A] _ZN9grpc_core21g_static_mdelem_tableE + + [A] _ZN9grpc_core21grpc_xds_client_traceE + + [A] _ZN9grpc_core22grpc_lb_priority_traceE + + [A] _ZN9grpc_core22grpc_thread_pool_traceE + + [A] _ZN9grpc_core23MessageDecompressFilterE + + [A] _ZN9grpc_core23grpc_xds_resolver_traceE + + [A] _ZN9grpc_core25grpc_server_channel_traceE + + [A] _ZN9grpc_core25grpc_xds_routing_lb_traceE + + [A] _ZN9grpc_core25kGrpcLbLbTokenMetadataKeyE + + [A] _ZN9grpc_core26g_static_mdelem_manifestedE + + [A] _ZN9grpc_core26grpc_work_serializer_traceE + + [A] _ZN9grpc_core29g_static_metadata_slice_tableE + + [A] _ZN9grpc_core29grpc_connectivity_state_traceE + + [A] _ZN9grpc_core29grpc_lb_weighted_target_traceE + + [A] _ZN9grpc_core29grpc_trace_client_idle_filterE + + [A] _ZN9grpc_core29kGrpcLbClientStatsMetadataKeyE + + [A] _ZN9grpc_core33g_static_metadata_slice_refcountsE + + [A] _ZN9grpc_core6XdsApi11kCdsTypeUrlE + + [A] _ZN9grpc_core6XdsApi11kEdsTypeUrlE + + [A] _ZN9grpc_core6XdsApi11kLdsTypeUrlE + + [A] _ZN9grpc_core6XdsApi11kRdsTypeUrlE + + [A] _ZN9grpc_core9XdsClient16kXdsClientVtableE + + [A] _ZTI11ExecCtxNext + + [A] _ZTI12ExecCtxPluck + + [A] _ZTIN4grpc12experimental17LibuvEventManagerE + + [A] _ZTIN9grpc_core10ByteStreamE + + [A] _ZTIN9grpc_core10HandshakerE + + [A] _ZTIN9grpc_core10OrphanableE + + [A] _ZTIN9grpc_core10RefCountedINS_10HandshakerENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_10Subchannel33ConnectivityStateWatcherInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_13ServiceConfigENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_14ConfigSelectorENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_15XdsLocalityNameENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_16HandshakeManagerENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_17GrpcLbClientStatsENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_19ConnectedSubchannelENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_19LoadBalancingPolicy6ConfigENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_19SubchannelInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_19XdsClusterDropStatsENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_23SubchannelPoolInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_23XdsClusterLocalityStatsENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_29FakeResolverResponseGeneratorENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_6XdsApi10DropConfigENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_8channelz8BaseNodeENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_8internal23ServerRetryThrottleDataENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherE + + [A] _ZTIN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherE + + [A] _ZTIN9grpc_core10Subchannel33ConnectivityStateWatcherInterfaceE + + [A] _ZTIN9grpc_core10ThreadPoolE + + [A] _ZTIN9grpc_core12FakeResolverE + + [A] _ZTIN9grpc_core12GrpcPolledFdE + + [A] _ZTIN9grpc_core13ServiceConfigE + + [A] _ZTIN9grpc_core14ConfigSelectorE + + [A] _ZTIN9grpc_core14WorkSerializer18WorkSerializerImplE + + [A] _ZTIN9grpc_core15ByteStreamCache17CachingByteStreamE + + [A] _ZTIN9grpc_core15Chttp2ConnectorE + + [A] _ZTIN9grpc_core15InfLenFIFOQueueE + + [A] _ZTIN9grpc_core15ResolverFactoryE + + [A] _ZTIN9grpc_core15XdsLocalityNameE + + [A] _ZTIN9grpc_core16HandshakeManagerE + + [A] _ZTIN9grpc_core17GrpcLbClientStatsE + + [A] _ZTIN9grpc_core17GrpcPolledFdPosixE + + [A] _ZTIN9grpc_core17HandshakerFactoryE + + [A] _ZTIN9grpc_core17HealthCheckClient9CallStateE + + [A] _ZTIN9grpc_core17HealthCheckClientE + + [A] _ZTIN9grpc_core17MessageSizeParserE + + [A] _ZTIN9grpc_core18ChildPolicyHandler6HelperE + + [A] _ZTIN9grpc_core18ChildPolicyHandlerE + + [A] _ZTIN9grpc_core18MPMCQueueInterfaceE + + [A] _ZTIN9grpc_core18TcpServerFdHandlerE + + [A] _ZTIN9grpc_core19ConnectedSubchannelE + + [A] _ZTIN9grpc_core19ConnectivityWatcherE + + [A] _ZTIN9grpc_core19GrpcPolledFdFactoryE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy11QueuePickerE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy16SubchannelPickerE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy17MetadataInterfaceE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy20ChannelControlHelperE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy22TransientFailurePickerE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy6ConfigE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy9CallStateE + + [A] _ZTIN9grpc_core19LoadBalancingPolicyE + + [A] _ZTIN9grpc_core19LocalSubchannelPoolE + + [A] _ZTIN9grpc_core19PolymorphicRefCountE + + [A] _ZTIN9grpc_core19ServiceConfigParser12ParsedConfigE + + [A] _ZTIN9grpc_core19ServiceConfigParser6ParserE + + [A] _ZTIN9grpc_core19SubchannelConnectorE + + [A] _ZTIN9grpc_core19SubchannelInterface33ConnectivityStateWatcherInterfaceE + + [A] _ZTIN9grpc_core19SubchannelInterfaceE + + [A] _ZTIN9grpc_core19ThreadPoolInterfaceE + + [A] _ZTIN9grpc_core19XdsClusterDropStatsE + + [A] _ZTIN9grpc_core20ClientChannelFactoryE + + [A] _ZTIN9grpc_core20GlobalSubchannelPoolE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_17HealthCheckClientEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_19LoadBalancingPolicyEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_19SubchannelConnectorEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_8ResolverEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12AdsCallState13ResourceStateEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12AdsCallStateEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12LrsCallState8ReporterEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12LrsCallStateEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12AdsCallStateEEEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12LrsCallStateEEEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelStateEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClientEEE + + [A] _ZTIN9grpc_core20ProxyMapperInterfaceE + + [A] _ZTIN9grpc_core21DefaultConfigSelectorE + + [A] _ZTIN9grpc_core21SliceBufferByteStreamE + + [A] _ZTIN9grpc_core23MessageSizeParsedConfigE + + [A] _ZTIN9grpc_core23ServerListenerInterfaceE + + [A] _ZTIN9grpc_core23SubchannelPoolInterfaceE + + [A] _ZTIN9grpc_core23XdsClusterLocalityStatsE + + [A] _ZTIN9grpc_core24Chttp2IncomingByteStreamE + + [A] _ZTIN9grpc_core24GrpcPolledFdFactoryPosixE + + [A] _ZTIN9grpc_core26LoadBalancingPolicyFactoryE + + [A] _ZTIN9grpc_core28ResolvingLoadBalancingPolicy19ChannelConfigHelperE + + [A] _ZTIN9grpc_core28ResolvingLoadBalancingPolicy21ResolverResultHandlerE + + [A] _ZTIN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelperE + + [A] _ZTIN9grpc_core28ResolvingLoadBalancingPolicyE + + [A] _ZTIN9grpc_core29FakeResolverResponseGeneratorE + + [A] _ZTIN9grpc_core33ConnectivityStateWatcherInterfaceE + + [A] _ZTIN9grpc_core34Chttp2InsecureClientChannelFactoryE + + [A] _ZTIN9grpc_core38AsyncConnectivityStateWatcherInterfaceE + + [A] _ZTIN9grpc_core6XdsApi10DropConfigE + + [A] _ZTIN9grpc_core6chttp217StreamFlowControlE + + [A] _ZTIN9grpc_core6chttp220TransportFlowControlE + + [A] _ZTIN9grpc_core6chttp221StreamFlowControlBaseE + + [A] _ZTIN9grpc_core6chttp224TransportFlowControlBaseE + + [A] _ZTIN9grpc_core6chttp225StreamFlowControlDisabledE + + [A] _ZTIN9grpc_core6chttp228TransportFlowControlDisabledE + + [A] _ZTIN9grpc_core7ExecCtxE + + [A] _ZTIN9grpc_core8Resolver13ResultHandlerE + + [A] _ZTIN9grpc_core8ResolverE + + [A] _ZTIN9grpc_core8channelz10ServerNodeE + + [A] _ZTIN9grpc_core8channelz10SocketNodeE + + [A] _ZTIN9grpc_core8channelz11ChannelNodeE + + [A] _ZTIN9grpc_core8channelz14SubchannelNodeE + + [A] _ZTIN9grpc_core8channelz16ListenSocketNodeE + + [A] _ZTIN9grpc_core8channelz8BaseNodeE + + [A] _ZTIN9grpc_core8internal23ServerRetryThrottleDataE + + [A] _ZTIN9grpc_core8internal31ClientChannelGlobalParsedConfigE + + [A] _ZTIN9grpc_core8internal31ClientChannelMethodParsedConfigE + + [A] _ZTIN9grpc_core8internal32ClientChannelServiceConfigParserE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState12AdsCallStateE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState12LrsCallStateE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState12StateWatcherE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEEE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEEE + + [A] _ZTIN9grpc_core9XdsClient12ChannelStateE + + [A] _ZTIN9grpc_core9XdsClient23ClusterWatcherInterfaceE + + [A] _ZTIN9grpc_core9XdsClient24EndpointWatcherInterfaceE + + [A] _ZTIN9grpc_core9XdsClient29ServiceConfigWatcherInterfaceE + + [A] _ZTIN9grpc_core9XdsClientE + + [A] _ZTISt11_Mutex_baseILN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTISt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTISt19_Sp_make_shared_tag + + [A] _ZTISt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTIZN9grpc_core38AsyncConnectivityStateWatcherInterface8NotifierC4ENS_13RefCountedPtrIS0_EE23grpc_connectivity_stateRKSt10shared_ptrINS_14WorkSerializerEEEUlvE_ + + [A] _ZTIZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState7OnTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTIZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTIZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTS11ExecCtxNext + + [A] _ZTS12ExecCtxPluck + + [A] _ZTSN4grpc12experimental17LibuvEventManagerE + + [A] _ZTSN9grpc_core10ByteStreamE + + [A] _ZTSN9grpc_core10HandshakerE + + [A] _ZTSN9grpc_core10OrphanableE + + [A] _ZTSN9grpc_core10RefCountedINS_10HandshakerENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_10Subchannel33ConnectivityStateWatcherInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_13ServiceConfigENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_14ConfigSelectorENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_15XdsLocalityNameENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_16HandshakeManagerENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_17GrpcLbClientStatsENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_19ConnectedSubchannelENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_19LoadBalancingPolicy6ConfigENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_19SubchannelInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_19XdsClusterDropStatsENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_23SubchannelPoolInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_23XdsClusterLocalityStatsENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_29FakeResolverResponseGeneratorENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_6XdsApi10DropConfigENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_8channelz8BaseNodeENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_8internal23ServerRetryThrottleDataENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherE + + [A] _ZTSN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherE + + [A] _ZTSN9grpc_core10Subchannel33ConnectivityStateWatcherInterfaceE + + [A] _ZTSN9grpc_core10ThreadPoolE + + [A] _ZTSN9grpc_core12FakeResolverE + + [A] _ZTSN9grpc_core12GrpcPolledFdE + + [A] _ZTSN9grpc_core13ServiceConfigE + + [A] _ZTSN9grpc_core14ConfigSelectorE + + [A] _ZTSN9grpc_core14WorkSerializer18WorkSerializerImplE + + [A] _ZTSN9grpc_core15ByteStreamCache17CachingByteStreamE + + [A] _ZTSN9grpc_core15Chttp2ConnectorE + + [A] _ZTSN9grpc_core15InfLenFIFOQueueE + + [A] _ZTSN9grpc_core15ResolverFactoryE + + [A] _ZTSN9grpc_core15XdsLocalityNameE + + [A] _ZTSN9grpc_core16HandshakeManagerE + + [A] _ZTSN9grpc_core17GrpcLbClientStatsE + + [A] _ZTSN9grpc_core17GrpcPolledFdPosixE + + [A] _ZTSN9grpc_core17HandshakerFactoryE + + [A] _ZTSN9grpc_core17HealthCheckClient9CallStateE + + [A] _ZTSN9grpc_core17HealthCheckClientE + + [A] _ZTSN9grpc_core17MessageSizeParserE + + [A] _ZTSN9grpc_core18ChildPolicyHandler6HelperE + + [A] _ZTSN9grpc_core18ChildPolicyHandlerE + + [A] _ZTSN9grpc_core18MPMCQueueInterfaceE + + [A] _ZTSN9grpc_core18TcpServerFdHandlerE + + [A] _ZTSN9grpc_core19ConnectedSubchannelE + + [A] _ZTSN9grpc_core19ConnectivityWatcherE + + [A] _ZTSN9grpc_core19GrpcPolledFdFactoryE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy11QueuePickerE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy16SubchannelPickerE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy17MetadataInterfaceE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy20ChannelControlHelperE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy22TransientFailurePickerE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy6ConfigE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy9CallStateE + + [A] _ZTSN9grpc_core19LoadBalancingPolicyE + + [A] _ZTSN9grpc_core19LocalSubchannelPoolE + + [A] _ZTSN9grpc_core19PolymorphicRefCountE + + [A] _ZTSN9grpc_core19ServiceConfigParser12ParsedConfigE + + [A] _ZTSN9grpc_core19ServiceConfigParser6ParserE + + [A] _ZTSN9grpc_core19SubchannelConnectorE + + [A] _ZTSN9grpc_core19SubchannelInterface33ConnectivityStateWatcherInterfaceE + + [A] _ZTSN9grpc_core19SubchannelInterfaceE + + [A] _ZTSN9grpc_core19ThreadPoolInterfaceE + + [A] _ZTSN9grpc_core19XdsClusterDropStatsE + + [A] _ZTSN9grpc_core20ClientChannelFactoryE + + [A] _ZTSN9grpc_core20GlobalSubchannelPoolE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_17HealthCheckClientEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_19LoadBalancingPolicyEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_19SubchannelConnectorEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_8ResolverEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12AdsCallState13ResourceStateEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12AdsCallStateEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12LrsCallState8ReporterEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12LrsCallStateEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12AdsCallStateEEEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12LrsCallStateEEEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelStateEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClientEEE + + [A] _ZTSN9grpc_core20ProxyMapperInterfaceE + + [A] _ZTSN9grpc_core21DefaultConfigSelectorE + + [A] _ZTSN9grpc_core21SliceBufferByteStreamE + + [A] _ZTSN9grpc_core23MessageSizeParsedConfigE + + [A] _ZTSN9grpc_core23ServerListenerInterfaceE + + [A] _ZTSN9grpc_core23SubchannelPoolInterfaceE + + [A] _ZTSN9grpc_core23XdsClusterLocalityStatsE + + [A] _ZTSN9grpc_core24Chttp2IncomingByteStreamE + + [A] _ZTSN9grpc_core24GrpcPolledFdFactoryPosixE + + [A] _ZTSN9grpc_core26LoadBalancingPolicyFactoryE + + [A] _ZTSN9grpc_core28ResolvingLoadBalancingPolicy19ChannelConfigHelperE + + [A] _ZTSN9grpc_core28ResolvingLoadBalancingPolicy21ResolverResultHandlerE + + [A] _ZTSN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelperE + + [A] _ZTSN9grpc_core28ResolvingLoadBalancingPolicyE + + [A] _ZTSN9grpc_core29FakeResolverResponseGeneratorE + + [A] _ZTSN9grpc_core33ConnectivityStateWatcherInterfaceE + + [A] _ZTSN9grpc_core34Chttp2InsecureClientChannelFactoryE + + [A] _ZTSN9grpc_core38AsyncConnectivityStateWatcherInterfaceE + + [A] _ZTSN9grpc_core6XdsApi10DropConfigE + + [A] _ZTSN9grpc_core6chttp217StreamFlowControlE + + [A] _ZTSN9grpc_core6chttp220TransportFlowControlE + + [A] _ZTSN9grpc_core6chttp221StreamFlowControlBaseE + + [A] _ZTSN9grpc_core6chttp224TransportFlowControlBaseE + + [A] _ZTSN9grpc_core6chttp225StreamFlowControlDisabledE + + [A] _ZTSN9grpc_core6chttp228TransportFlowControlDisabledE + + [A] _ZTSN9grpc_core7ExecCtxE + + [A] _ZTSN9grpc_core8Resolver13ResultHandlerE + + [A] _ZTSN9grpc_core8ResolverE + + [A] _ZTSN9grpc_core8channelz10ServerNodeE + + [A] _ZTSN9grpc_core8channelz10SocketNodeE + + [A] _ZTSN9grpc_core8channelz11ChannelNodeE + + [A] _ZTSN9grpc_core8channelz14SubchannelNodeE + + [A] _ZTSN9grpc_core8channelz16ListenSocketNodeE + + [A] _ZTSN9grpc_core8channelz8BaseNodeE + + [A] _ZTSN9grpc_core8internal23ServerRetryThrottleDataE + + [A] _ZTSN9grpc_core8internal31ClientChannelGlobalParsedConfigE + + [A] _ZTSN9grpc_core8internal31ClientChannelMethodParsedConfigE + + [A] _ZTSN9grpc_core8internal32ClientChannelServiceConfigParserE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState12AdsCallStateE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState12LrsCallStateE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState12StateWatcherE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEEE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEEE + + [A] _ZTSN9grpc_core9XdsClient12ChannelStateE + + [A] _ZTSN9grpc_core9XdsClient23ClusterWatcherInterfaceE + + [A] _ZTSN9grpc_core9XdsClient24EndpointWatcherInterfaceE + + [A] _ZTSN9grpc_core9XdsClient29ServiceConfigWatcherInterfaceE + + [A] _ZTSN9grpc_core9XdsClientE + + [A] _ZTSSt11_Mutex_baseILN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTSSt19_Sp_make_shared_tag + + [A] _ZTSSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTSZN9grpc_core38AsyncConnectivityStateWatcherInterface8NotifierC4ENS_13RefCountedPtrIS0_EE23grpc_connectivity_stateRKSt10shared_ptrINS_14WorkSerializerEEEUlvE_ + + [A] _ZTSZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState7OnTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTSZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTSZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTVN4grpc12experimental17LibuvEventManagerE + + [A] _ZTVN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherE + + [A] _ZTVN9grpc_core10Subchannel33ConnectivityStateWatcherInterfaceE + + [A] _ZTVN9grpc_core10ThreadPoolE + + [A] _ZTVN9grpc_core14WorkSerializer18WorkSerializerImplE + + [A] _ZTVN9grpc_core15Chttp2ConnectorE + + [A] _ZTVN9grpc_core15InfLenFIFOQueueE + + [A] _ZTVN9grpc_core15XdsLocalityNameE + + [A] _ZTVN9grpc_core18ChildPolicyHandler6HelperE + + [A] _ZTVN9grpc_core18ChildPolicyHandlerE + + [A] _ZTVN9grpc_core19ConnectivityWatcherE + + [A] _ZTVN9grpc_core19XdsClusterDropStatsE + + [A] _ZTVN9grpc_core21DefaultConfigSelectorE + + [A] _ZTVN9grpc_core23XdsClusterLocalityStatsE + + [A] _ZTVN9grpc_core38AsyncConnectivityStateWatcherInterfaceE + + [A] _ZTVN9grpc_core6XdsApi10DropConfigE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState12AdsCallStateE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState12LrsCallStateE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState12StateWatcherE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEEE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEEE + + [A] _ZTVN9grpc_core9XdsClient12ChannelStateE + + [A] _ZTVN9grpc_core9XdsClientE + + [A] _ZTVSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + [A] envoy_annotations_ResourceAnnotation_msginit + + [A] envoy_api_v2_CdsDummy_msginit + + [A] envoy_api_v2_ClusterLoadAssignment_NamedEndpointsEntry_msginit + + [A] envoy_api_v2_ClusterLoadAssignment_Policy_DropOverload_msginit + + [A] envoy_api_v2_ClusterLoadAssignment_Policy_msginit + + [A] envoy_api_v2_ClusterLoadAssignment_msginit + + [A] envoy_api_v2_Cluster_CommonLbConfig_ConsistentHashingLbConfig_msginit + + [A] envoy_api_v2_Cluster_CommonLbConfig_LocalityWeightedLbConfig_msginit + + [A] envoy_api_v2_Cluster_CommonLbConfig_ZoneAwareLbConfig_msginit + + [A] envoy_api_v2_Cluster_CommonLbConfig_msginit + + [A] envoy_api_v2_Cluster_CustomClusterType_msginit + + [A] envoy_api_v2_Cluster_EdsClusterConfig_msginit + + [A] envoy_api_v2_Cluster_ExtensionProtocolOptionsEntry_msginit + + [A] envoy_api_v2_Cluster_LbSubsetConfig_LbSubsetSelector_msginit + + [A] envoy_api_v2_Cluster_LbSubsetConfig_msginit + + [A] envoy_api_v2_Cluster_LeastRequestLbConfig_msginit + + [A] envoy_api_v2_Cluster_OriginalDstLbConfig_msginit + + [A] envoy_api_v2_Cluster_RefreshRate_msginit + + [A] envoy_api_v2_Cluster_RingHashLbConfig_msginit + + [A] envoy_api_v2_Cluster_TransportSocketMatch_msginit + + [A] envoy_api_v2_Cluster_TypedExtensionProtocolOptionsEntry_msginit + + [A] envoy_api_v2_Cluster_msginit + + [A] envoy_api_v2_DeltaDiscoveryRequest_InitialResourceVersionsEntry_msginit + + [A] envoy_api_v2_DeltaDiscoveryRequest_msginit + + [A] envoy_api_v2_DeltaDiscoveryResponse_msginit + + [A] envoy_api_v2_DiscoveryRequest_msginit + + [A] envoy_api_v2_DiscoveryResponse_msginit + + [A] envoy_api_v2_EdsDummy_msginit + + [A] envoy_api_v2_LdsDummy_msginit + + [A] envoy_api_v2_Listener_ConnectionBalanceConfig_ExactBalance_msginit + + [A] envoy_api_v2_Listener_ConnectionBalanceConfig_msginit + + [A] envoy_api_v2_Listener_DeprecatedV1_msginit + + [A] envoy_api_v2_Listener_msginit + + [A] envoy_api_v2_LoadBalancingPolicy_Policy_msginit + + [A] envoy_api_v2_LoadBalancingPolicy_msginit + + [A] envoy_api_v2_RdsDummy_msginit + + [A] envoy_api_v2_Resource_msginit + + [A] envoy_api_v2_RouteConfiguration_msginit + + [A] envoy_api_v2_ScopedRouteConfiguration_Key_Fragment_msginit + + [A] envoy_api_v2_ScopedRouteConfiguration_Key_msginit + + [A] envoy_api_v2_ScopedRouteConfiguration_msginit + + [A] envoy_api_v2_SrdsDummy_msginit + + [A] envoy_api_v2_UpstreamBindConfig_msginit + + [A] envoy_api_v2_UpstreamConnectionOptions_msginit + + [A] envoy_api_v2_Vhds_msginit + + [A] envoy_api_v2_auth_CertificateValidationContext_msginit + + [A] envoy_api_v2_auth_CommonTlsContext_CombinedCertificateValidationContext_msginit + + [A] envoy_api_v2_auth_CommonTlsContext_msginit + + [A] envoy_api_v2_auth_DownstreamTlsContext_msginit + + [A] envoy_api_v2_auth_GenericSecret_msginit + + [A] envoy_api_v2_auth_PrivateKeyProvider_msginit + + [A] envoy_api_v2_auth_SdsSecretConfig_msginit + + [A] envoy_api_v2_auth_Secret_msginit + + [A] envoy_api_v2_auth_TlsCertificate_msginit + + [A] envoy_api_v2_auth_TlsParameters_msginit + + [A] envoy_api_v2_auth_TlsSessionTicketKeys_msginit + + [A] envoy_api_v2_auth_UpstreamTlsContext_msginit + + [A] envoy_api_v2_cluster_CircuitBreakers_Thresholds_RetryBudget_msginit + + [A] envoy_api_v2_cluster_CircuitBreakers_Thresholds_msginit + + [A] envoy_api_v2_cluster_CircuitBreakers_msginit + + [A] envoy_api_v2_cluster_Filter_msginit + + [A] envoy_api_v2_cluster_OutlierDetection_msginit + + [A] envoy_api_v2_core_Address_msginit + + [A] envoy_api_v2_core_AggregatedConfigSource_msginit + + [A] envoy_api_v2_core_ApiConfigSource_msginit + + [A] envoy_api_v2_core_AsyncDataSource_msginit + + [A] envoy_api_v2_core_BackoffStrategy_msginit + + [A] envoy_api_v2_core_BindConfig_msginit + + [A] envoy_api_v2_core_BuildVersion_msginit + + [A] envoy_api_v2_core_CidrRange_msginit + + [A] envoy_api_v2_core_ConfigSource_msginit + + [A] envoy_api_v2_core_ControlPlane_msginit + + [A] envoy_api_v2_core_DataSource_msginit + + [A] envoy_api_v2_core_EventServiceConfig_msginit + + [A] envoy_api_v2_core_Extension_msginit + + [A] envoy_api_v2_core_GrpcProtocolOptions_msginit + + [A] envoy_api_v2_core_GrpcService_EnvoyGrpc_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_CallCredentials_GoogleIAMCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_CallCredentials_MetadataCredentialsFromPlugin_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_CallCredentials_ServiceAccountJWTAccessCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_CallCredentials_StsService_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_CallCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_ChannelCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_GoogleLocalCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_SslCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_msginit + + [A] envoy_api_v2_core_GrpcService_msginit + + [A] envoy_api_v2_core_HeaderMap_msginit + + [A] envoy_api_v2_core_HeaderValueOption_msginit + + [A] envoy_api_v2_core_HeaderValue_msginit + + [A] envoy_api_v2_core_HealthCheck_CustomHealthCheck_msginit + + [A] envoy_api_v2_core_HealthCheck_GrpcHealthCheck_msginit + + [A] envoy_api_v2_core_HealthCheck_HttpHealthCheck_msginit + + [A] envoy_api_v2_core_HealthCheck_Payload_msginit + + [A] envoy_api_v2_core_HealthCheck_RedisHealthCheck_msginit + + [A] envoy_api_v2_core_HealthCheck_TcpHealthCheck_msginit + + [A] envoy_api_v2_core_HealthCheck_TlsOptions_msginit + + [A] envoy_api_v2_core_HealthCheck_msginit + + [A] envoy_api_v2_core_Http1ProtocolOptions_HeaderKeyFormat_ProperCaseWords_msginit + + [A] envoy_api_v2_core_Http1ProtocolOptions_HeaderKeyFormat_msginit + + [A] envoy_api_v2_core_Http1ProtocolOptions_msginit + + [A] envoy_api_v2_core_Http2ProtocolOptions_SettingsParameter_msginit + + [A] envoy_api_v2_core_Http2ProtocolOptions_msginit + + [A] envoy_api_v2_core_HttpProtocolOptions_msginit + + [A] envoy_api_v2_core_HttpUri_msginit + + [A] envoy_api_v2_core_Locality_msginit + + [A] envoy_api_v2_core_Metadata_FilterMetadataEntry_msginit + + [A] envoy_api_v2_core_Metadata_msginit + + [A] envoy_api_v2_core_Node_msginit + + [A] envoy_api_v2_core_Pipe_msginit + + [A] envoy_api_v2_core_RateLimitSettings_msginit + + [A] envoy_api_v2_core_RemoteDataSource_msginit + + [A] envoy_api_v2_core_RetryPolicy_msginit + + [A] envoy_api_v2_core_RuntimeDouble_msginit + + [A] envoy_api_v2_core_RuntimeFeatureFlag_msginit + + [A] envoy_api_v2_core_RuntimeFractionalPercent_msginit + + [A] envoy_api_v2_core_RuntimeUInt32_msginit + + [A] envoy_api_v2_core_SelfConfigSource_msginit + + [A] envoy_api_v2_core_SocketAddress_msginit + + [A] envoy_api_v2_core_SocketOption_msginit + + [A] envoy_api_v2_core_TcpKeepalive_msginit + + [A] envoy_api_v2_core_TcpProtocolOptions_msginit + + [A] envoy_api_v2_core_TransportSocket_msginit + + [A] envoy_api_v2_core_UpstreamHttpProtocolOptions_msginit + + [A] envoy_api_v2_endpoint_ClusterStats_DroppedRequests_msginit + + [A] envoy_api_v2_endpoint_ClusterStats_msginit + + [A] envoy_api_v2_endpoint_EndpointLoadMetricStats_msginit + + [A] envoy_api_v2_endpoint_Endpoint_HealthCheckConfig_msginit + + [A] envoy_api_v2_endpoint_Endpoint_msginit + + [A] envoy_api_v2_endpoint_LbEndpoint_msginit + + [A] envoy_api_v2_endpoint_LocalityLbEndpoints_msginit + + [A] envoy_api_v2_endpoint_UpstreamEndpointStats_msginit + + [A] envoy_api_v2_endpoint_UpstreamLocalityStats_msginit + + [A] envoy_api_v2_listener_ActiveRawUdpListenerConfig_msginit + + [A] envoy_api_v2_listener_FilterChainMatch_msginit + + [A] envoy_api_v2_listener_FilterChain_msginit + + [A] envoy_api_v2_listener_Filter_msginit + + [A] envoy_api_v2_listener_ListenerFilterChainMatchPredicate_MatchSet_msginit + + [A] envoy_api_v2_listener_ListenerFilterChainMatchPredicate_msginit + + [A] envoy_api_v2_listener_ListenerFilter_msginit + + [A] envoy_api_v2_listener_UdpListenerConfig_msginit + + [A] envoy_api_v2_route_CorsPolicy_msginit + + [A] envoy_api_v2_route_Decorator_msginit + + [A] envoy_api_v2_route_DirectResponseAction_msginit + + [A] envoy_api_v2_route_FilterAction_msginit + + [A] envoy_api_v2_route_HeaderMatcher_msginit + + [A] envoy_api_v2_route_HedgePolicy_msginit + + [A] envoy_api_v2_route_QueryParameterMatcher_msginit + + [A] envoy_api_v2_route_RateLimit_Action_DestinationCluster_msginit + + [A] envoy_api_v2_route_RateLimit_Action_GenericKey_msginit + + [A] envoy_api_v2_route_RateLimit_Action_HeaderValueMatch_msginit + + [A] envoy_api_v2_route_RateLimit_Action_RemoteAddress_msginit + + [A] envoy_api_v2_route_RateLimit_Action_RequestHeaders_msginit + + [A] envoy_api_v2_route_RateLimit_Action_SourceCluster_msginit + + [A] envoy_api_v2_route_RateLimit_Action_msginit + + [A] envoy_api_v2_route_RateLimit_msginit + + [A] envoy_api_v2_route_RedirectAction_msginit + + [A] envoy_api_v2_route_RetryPolicy_RetryBackOff_msginit + + [A] envoy_api_v2_route_RetryPolicy_RetryHostPredicate_msginit + + [A] envoy_api_v2_route_RetryPolicy_RetryPriority_msginit + + [A] envoy_api_v2_route_RetryPolicy_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_ConnectionProperties_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_Cookie_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_FilterState_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_Header_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_QueryParameter_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_msginit + + [A] envoy_api_v2_route_RouteAction_RequestMirrorPolicy_msginit + + [A] envoy_api_v2_route_RouteAction_UpgradeConfig_msginit + + [A] envoy_api_v2_route_RouteAction_msginit + + [A] envoy_api_v2_route_RouteMatch_GrpcRouteMatchOptions_msginit + + [A] envoy_api_v2_route_RouteMatch_TlsContextMatchOptions_msginit + + [A] envoy_api_v2_route_RouteMatch_msginit + + [A] envoy_api_v2_route_Route_PerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_Route_TypedPerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_Route_msginit + + [A] envoy_api_v2_route_Tracing_msginit + + [A] envoy_api_v2_route_VirtualCluster_msginit + + [A] envoy_api_v2_route_VirtualHost_PerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_VirtualHost_TypedPerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_VirtualHost_msginit + + [A] envoy_api_v2_route_WeightedCluster_ClusterWeight_PerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_WeightedCluster_ClusterWeight_TypedPerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_WeightedCluster_ClusterWeight_msginit + + [A] envoy_api_v2_route_WeightedCluster_msginit + + [A] envoy_config_filter_accesslog_v2_AccessLogFilter_msginit + + [A] envoy_config_filter_accesslog_v2_AccessLog_msginit + + [A] envoy_config_filter_accesslog_v2_AndFilter_msginit + + [A] envoy_config_filter_accesslog_v2_ComparisonFilter_msginit + + [A] envoy_config_filter_accesslog_v2_DurationFilter_msginit + + [A] envoy_config_filter_accesslog_v2_ExtensionFilter_msginit + + [A] envoy_config_filter_accesslog_v2_GrpcStatusFilter_msginit + + [A] envoy_config_filter_accesslog_v2_HeaderFilter_msginit + + [A] envoy_config_filter_accesslog_v2_NotHealthCheckFilter_msginit + + [A] envoy_config_filter_accesslog_v2_OrFilter_msginit + + [A] envoy_config_filter_accesslog_v2_ResponseFlagFilter_msginit + + [A] envoy_config_filter_accesslog_v2_RuntimeFilter_msginit + + [A] envoy_config_filter_accesslog_v2_StatusCodeFilter_msginit + + [A] envoy_config_filter_accesslog_v2_TraceableFilter_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpConnectionManager_InternalAddressConfig_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpConnectionManager_SetCurrentClientCertDetails_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpConnectionManager_Tracing_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpConnectionManager_UpgradeConfig_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpConnectionManager_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpFilter_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_Rds_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_RequestIDExtension_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRds_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRouteConfigurationsList_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRoutes_ScopeKeyBuilder_FragmentBuilder_HeaderValueExtractor_KvElement_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRoutes_ScopeKeyBuilder_FragmentBuilder_HeaderValueExtractor_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRoutes_ScopeKeyBuilder_FragmentBuilder_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRoutes_ScopeKeyBuilder_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRoutes_msginit + + [A] envoy_config_listener_v2_ApiListener_msginit + + [A] envoy_config_trace_v2_Tracing_Http_msginit + + [A] envoy_config_trace_v2_Tracing_msginit + + [A] envoy_service_discovery_v2_AdsDummy_msginit + + [A] envoy_service_load_stats_v2_LoadStatsRequest_msginit + + [A] envoy_service_load_stats_v2_LoadStatsResponse_msginit + + [A] envoy_type_DoubleRange_msginit + + [A] envoy_type_FractionalPercent_msginit + + [A] envoy_type_Int32Range_msginit + + [A] envoy_type_Int64Range_msginit + + [A] envoy_type_Percent_msginit + + [A] envoy_type_SemanticVersion_msginit + + [A] envoy_type_matcher_ListStringMatcher_msginit + + [A] envoy_type_matcher_RegexMatchAndSubstitute_msginit + + [A] envoy_type_matcher_RegexMatcher_GoogleRE2_msginit + + [A] envoy_type_matcher_RegexMatcher_msginit + + [A] envoy_type_matcher_StringMatcher_msginit + + [A] envoy_type_metadata_v2_MetadataKey_PathSegment_msginit + + [A] envoy_type_metadata_v2_MetadataKey_msginit + + [A] envoy_type_metadata_v2_MetadataKind_Cluster_msginit + + [A] envoy_type_metadata_v2_MetadataKind_Host_msginit + + [A] envoy_type_metadata_v2_MetadataKind_Request_msginit + + [A] envoy_type_metadata_v2_MetadataKind_Route_msginit + + [A] envoy_type_metadata_v2_MetadataKind_msginit + + [A] envoy_type_tracing_v2_CustomTag_Environment_msginit + + [A] envoy_type_tracing_v2_CustomTag_Header_msginit + + [A] envoy_type_tracing_v2_CustomTag_Literal_msginit + + [A] envoy_type_tracing_v2_CustomTag_Metadata_msginit + + [A] envoy_type_tracing_v2_CustomTag_msginit + + [A] google_api_CustomHttpPattern_msginit + + [A] google_api_HttpRule_msginit + + [A] google_api_Http_msginit + + [A] google_protobuf_Any_msginit + + [A] google_protobuf_BoolValue_msginit + + [A] google_protobuf_BytesValue_msginit + + [A] google_protobuf_DescriptorProto_ExtensionRange_msginit + + [A] google_protobuf_DescriptorProto_ReservedRange_msginit + + [A] google_protobuf_DescriptorProto_msginit + + [A] google_protobuf_DoubleValue_msginit + + [A] google_protobuf_Duration_msginit + + [A] google_protobuf_Empty_msginit + + [A] google_protobuf_EnumDescriptorProto_EnumReservedRange_msginit + + [A] google_protobuf_EnumDescriptorProto_msginit + + [A] google_protobuf_EnumOptions_msginit + + [A] google_protobuf_EnumValueDescriptorProto_msginit + + [A] google_protobuf_EnumValueOptions_msginit + + [A] google_protobuf_ExtensionRangeOptions_msginit + + [A] google_protobuf_FieldDescriptorProto_msginit + + [A] google_protobuf_FieldOptions_msginit + + [A] google_protobuf_FileDescriptorProto_msginit + + [A] google_protobuf_FileDescriptorSet_msginit + + [A] google_protobuf_FileOptions_msginit + + [A] google_protobuf_FloatValue_msginit + + [A] google_protobuf_GeneratedCodeInfo_Annotation_msginit + + [A] google_protobuf_GeneratedCodeInfo_msginit + + [A] google_protobuf_Int32Value_msginit + + [A] google_protobuf_Int64Value_msginit + + [A] google_protobuf_ListValue_msginit + + [A] google_protobuf_MessageOptions_msginit + + [A] google_protobuf_MethodDescriptorProto_msginit + + [A] google_protobuf_MethodOptions_msginit + + [A] google_protobuf_OneofDescriptorProto_msginit + + [A] google_protobuf_OneofOptions_msginit + + [A] google_protobuf_ServiceDescriptorProto_msginit + + [A] google_protobuf_ServiceOptions_msginit + + [A] google_protobuf_SourceCodeInfo_Location_msginit + + [A] google_protobuf_SourceCodeInfo_msginit + + [A] google_protobuf_StringValue_msginit + + [A] google_protobuf_Struct_FieldsEntry_msginit + + [A] google_protobuf_Struct_msginit + + [A] google_protobuf_Timestamp_msginit + + [A] google_protobuf_UInt32Value_msginit + + [A] google_protobuf_UInt64Value_msginit + + [A] google_protobuf_UninterpretedOption_NamePart_msginit + + [A] google_protobuf_UninterpretedOption_msginit + + [A] google_protobuf_Value_msginit + + [A] google_rpc_Status_msginit + + [A] grpc_health_v1_HealthCheckRequest_msginit + + [A] grpc_health_v1_HealthCheckResponse_msginit + + [A] grpc_keepalive_trace + + [A] grpc_lb_v1_ClientStatsPerToken_msginit + + [A] grpc_lb_v1_ClientStats_msginit + + [A] grpc_lb_v1_FallbackResponse_msginit + + [A] grpc_lb_v1_InitialLoadBalanceRequest_msginit + + [A] grpc_lb_v1_InitialLoadBalanceResponse_msginit + + [A] grpc_lb_v1_LoadBalanceRequest_msginit + + [A] grpc_lb_v1_LoadBalanceResponse_msginit + + [A] grpc_lb_v1_ServerList_msginit + + [A] grpc_lb_v1_Server_msginit + + [A] grpc_trace_chttp2_hpack_parser + + [A] udpa_annotations_FieldMigrateAnnotation_msginit + + [A] udpa_annotations_FileMigrateAnnotation_msginit + + [A] udpa_annotations_MigrateAnnotation_msginit + + [A] udpa_annotations_StatusAnnotation_msginit + + [A] udpa_data_orca_v1_OrcaLoadReport_RequestCostEntry_msginit + + [A] udpa_data_orca_v1_OrcaLoadReport_UtilizationEntry_msginit + + [A] udpa_data_orca_v1_OrcaLoadReport_msginit + + [A] validate_AnyRules_msginit + + [A] validate_BoolRules_msginit + + [A] validate_BytesRules_msginit + + [A] validate_DoubleRules_msginit + + [A] validate_DurationRules_msginit + + [A] validate_EnumRules_msginit + + [A] validate_FieldRules_msginit + + [A] validate_Fixed32Rules_msginit + + [A] validate_Fixed64Rules_msginit + + [A] validate_FloatRules_msginit + + [A] validate_Int32Rules_msginit + + [A] validate_Int64Rules_msginit + + [A] validate_MapRules_msginit + + [A] validate_MessageRules_msginit + + [A] validate_RepeatedRules_msginit + + [A] validate_SFixed32Rules_msginit + + [A] validate_SFixed64Rules_msginit + + [A] validate_SInt32Rules_msginit + + [A] validate_SInt64Rules_msginit + + [A] validate_StringRules_msginit + + [A] validate_TimestampRules_msginit + + [A] validate_UInt32Rules_msginit + + [A] validate_UInt64Rules_msginit + + + +---------------diffs in grpc_libgrpc++_unsecure.so.1.31.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 377 Removed, 224 Added function symbols not referenced by debug info + +Variable symbols changes summary: 147 Removed, 99 Added variable symbols not referenced by debug info + + + +377 Removed function symbols not referenced by debug info: + + + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10ByteBufferES2_E10OnReadDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10ByteBufferES2_E11OnWriteDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10ByteBufferES2_E16OnWritesDoneDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10ByteBufferES2_E25OnReadInitialMetadataDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10ByteBufferES2_E6OnDoneERKNS_6StatusE + + [D] _ZN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_E10BindStreamEPNS0_26ServerCallbackReaderWriterIS2_S2_EE + + [D] _ZN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_E10OnReadDoneEb + + [D] _ZN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_E11OnWriteDoneEb + + [D] _ZN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_E25OnSendInitialMetadataDoneEb + + [D] _ZN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_E8OnCancelEv + + [D] _ZN4grpc12experimental22CallbackGenericService13CreateReactorEv + + [D] _ZN4grpc12experimental24ServerGenericBidiReactor9OnStartedEPN9grpc_impl13ServerContextE + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE14WriteAndFinishERKS1_NS_12WriteOptionsERKNS_6StatusEPv + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE19SendInitialMetadataEPv + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE5WriteERKS1_Pv + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE6FinishERKNS_6StatusEPv + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE8BindCallEPNS_8internal4CallE + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEED0Ev + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEED1Ev, aliases _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEED2Ev + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEED2Ev + + [D] _ZN4grpc19AsyncGenericService11RequestCallEPNS_20GenericServerContextEPNS_23ServerAsyncReaderWriterINS_10ByteBufferES4_EEPN9grpc_impl15CompletionQueueEPNS7_21ServerCompletionQueueEPv + + [D] _ZN4grpc19ServerBuilderPlugin19UpdateServerBuilderEPN9grpc_impl13ServerBuilderE + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E10WritesDoneEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E19ReadInitialMetadataEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E4ReadEPS1_Pv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_Pv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E6FinishEPNS_6StatusEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E9StartCallEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED1Ev, aliases _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED2Ev + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED2Ev + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E14WriteAndFinishERKS1_NS_12WriteOptionsERKNS_6StatusEPv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E19SendInitialMetadataEPv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E4ReadEPS1_Pv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_Pv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E6FinishERKNS_6StatusEPv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E8BindCallEPNS_8internal4CallE + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED1Ev, aliases _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED2Ev + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEE19ReadInitialMetadataEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEE6FinishEPS1_PNS_6StatusEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEE9StartCallEv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED0Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED1Ev, _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED1Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED2Ev + + [D] _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEE19SendInitialMetadataEPv + + [D] _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEE8BindCallEPNS_8internal4CallE + + [D] _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEED0Ev + + [D] _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEED1Ev, aliases _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEED2Ev + + [D] _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEED2Ev + + [D] _ZN4grpc37HealthCheckServiceServerBuilderOptionC1ESt10unique_ptrIN9grpc_impl27HealthCheckServiceInterfaceESt14default_deleteIS3_EE, aliases _ZN4grpc37HealthCheckServiceServerBuilderOptionC2ESt10unique_ptrIN9grpc_impl27HealthCheckServiceInterfaceESt14default_deleteIS3_EE + + [D] _ZN4grpc37HealthCheckServiceServerBuilderOptionC2ESt10unique_ptrIN9grpc_impl27HealthCheckServiceInterfaceESt14default_deleteIS3_EE + + [D] _ZN4grpc8internal16CatchingCallbackISt8functionIFvNS_6StatusEEEJS3_EEEvOT_DpOT0_ + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EED0Ev + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EED1Ev, aliases _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EED2Ev + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EED2Ev + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EED0Ev + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EED1Ev, aliases _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EED2Ev + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EED2Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl14WriteAndFinishEPKS2_NS_12WriteOptionsENS_6StatusE + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEv + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl4ReadEPS2_ + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl5WriteEPKS2_NS_12WriteOptionsE + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl6FinishENS_6StatusE + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl9MaybeDoneEv + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplD0Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplD1Ev, aliases _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplD2Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplD2Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_ED0Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_ED1Ev, aliases _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal21CallbackWithStatusTag9StaticRunEP42grpc_experimental_completion_queue_functori + + [D] _ZN4grpc8internal22CallOpClientRecvStatus8FinishOpEPb + + [D] _ZN4grpc8internal22CallbackWithSuccessTag3SetEP9grpc_callSt8functionIFvbEEPNS0_18CompletionQueueTagE + + [D] _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_E6OnDoneEv + + [D] _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_E9OnStartedEPN9grpc_impl13ServerContextE + + [D] _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_ED0Ev + + [D] _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_ED1Ev, aliases _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E10RemoveHoldEv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E10WritesDoneEv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E4ReadEPS2_ + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E5WriteEPKS2_NS_12WriteOptionsE + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E7AddHoldEi + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_ED0Ev + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_ED1Ev, aliases _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal30ExternalConnectionAcceptorImplC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_impl13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrINSA_17ServerCredentialsEE, aliases _ZN4grpc8internal30ExternalConnectionAcceptorImplC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_impl13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrINSA_17ServerCredentialsEE + + [D] _ZN4grpc8internal30ExternalConnectionAcceptorImplC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_impl13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrINSA_17ServerCredentialsEE + + [D] _ZN4grpc8internal31UnimplementedGenericBidiReactor6OnDoneEv + + [D] _ZN4grpc8internal31UnimplementedGenericBidiReactor9OnStartedEPNS_20GenericServerContextE + + [D] _ZN4grpc8internal31UnimplementedGenericBidiReactorD0Ev + + [D] _ZN4grpc8internal31UnimplementedGenericBidiReactorD1Ev, aliases _ZN4grpc8internal31UnimplementedGenericBidiReactorD2Ev + + [D] _ZN4grpc8internal31UnimplementedGenericBidiReactorD2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD0Ev + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD1Ev, aliases _ZN9grpc_core8internal24ThreadInternalsInterfaceD2Ev + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD2Ev + + [D] _ZN9grpc_impl11GenericStub11PrepareCallEPNS_13ClientContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPNS_15CompletionQueueE + + [D] _ZN9grpc_impl11GenericStub16PrepareUnaryCallEPNS_13ClientContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKN4grpc10ByteBufferEPNS_15CompletionQueueE + + [D] _ZN9grpc_impl11GenericStub17experimental_type24PrepareBidiStreamingCallEPNS_13ClientContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPN4grpc12experimental17ClientBidiReactorINSC_10ByteBufferESF_EE + + [D] _ZN9grpc_impl11GenericStub17experimental_type9UnaryCallEPNS_13ClientContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPKN4grpc10ByteBufferEPSD_St8functionIFvNSC_6StatusEEE + + [D] _ZN9grpc_impl11GenericStub4CallEPNS_13ClientContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPNS_15CompletionQueueEPv + + [D] _ZN9grpc_impl12experimental49CreateCustomInsecureChannelWithInterceptorsFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEiRKNS_16ChannelArgumentsESt6vectorISt10unique_ptrIN4grpc12experimental33ClientInterceptorFactoryInterfaceESt14default_deleteISG_EESaISJ_EE + + [D] _ZN9grpc_impl13ResourceQuota13SetMaxThreadsEi + + [D] _ZN9grpc_impl13ResourceQuota6ResizeEm + + [D] _ZN9grpc_impl13ResourceQuotaC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [D] _ZN9grpc_impl13ResourceQuotaC1Ev, aliases _ZN9grpc_impl13ResourceQuotaC2Ev + + [D] _ZN9grpc_impl13ResourceQuotaC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN9grpc_impl13ResourceQuotaC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [D] _ZN9grpc_impl13ResourceQuotaC2Ev + + [D] _ZN9grpc_impl13ResourceQuotaD0Ev + + [D] _ZN9grpc_impl13ResourceQuotaD1Ev, aliases _ZN9grpc_impl13ResourceQuotaD2Ev + + [D] _ZN9grpc_impl13ResourceQuotaD2Ev + + [D] _ZN9grpc_impl13ServerBuilder13BuildAndStartEv + + [D] _ZN9grpc_impl13ServerBuilder15RegisterServiceEPN4grpc7ServiceE + + [D] _ZN9grpc_impl13ServerBuilder15RegisterServiceERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPN4grpc7ServiceE + + [D] _ZN9grpc_impl13ServerBuilder16AddListeningPortERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10shared_ptrINS_17ServerCredentialsEEPi + + [D] _ZN9grpc_impl13ServerBuilder16EnableWorkaroundE20grpc_workaround_list + + [D] _ZN9grpc_impl13ServerBuilder16SetResourceQuotaERKNS_13ResourceQuotaE + + [D] _ZN9grpc_impl13ServerBuilder17experimental_type29AddExternalConnectionAcceptorENS1_22ExternalConnectionTypeESt10shared_ptrINS_17ServerCredentialsEE + + [D] _ZN9grpc_impl13ServerBuilder17experimental_type30RegisterCallbackGenericServiceEPN4grpc12experimental22CallbackGenericServiceE + + [D] _ZN9grpc_impl13ServerBuilder18AddCompletionQueueEb + + [D] _ZN9grpc_impl13ServerBuilder19SetSyncServerOptionENS0_16SyncServerOptionEi + + [D] _ZN9grpc_impl13ServerBuilder24InternalAddPluginFactoryEPFSt10unique_ptrIN4grpc19ServerBuilderPluginESt14default_deleteIS3_EEvE + + [D] _ZN9grpc_impl13ServerBuilder26SetDefaultCompressionLevelE22grpc_compression_level + + [D] _ZN9grpc_impl13ServerBuilder27RegisterAsyncGenericServiceEPN4grpc19AsyncGenericServiceE + + [D] _ZN9grpc_impl13ServerBuilder30SetDefaultCompressionAlgorithmE26grpc_compression_algorithm + + [D] _ZN9grpc_impl13ServerBuilder36SetCompressionAlgorithmSupportStatusE26grpc_compression_algorithmb + + [D] _ZN9grpc_impl13ServerBuilder4PortD1Ev, aliases _ZN9grpc_impl13ServerBuilder4PortD2Ev + + [D] _ZN9grpc_impl13ServerBuilder4PortD2Ev + + [D] _ZN9grpc_impl13ServerBuilder9SetOptionESt10unique_ptrINS_19ServerBuilderOptionESt14default_deleteIS2_EE + + [D] _ZN9grpc_impl13ServerBuilderC1Ev, aliases _ZN9grpc_impl13ServerBuilderC2Ev + + [D] _ZN9grpc_impl13ServerBuilderC2Ev + + [D] _ZN9grpc_impl13ServerBuilderD0Ev + + [D] _ZN9grpc_impl13ServerBuilderD1Ev, aliases _ZN9grpc_impl13ServerBuilderD2Ev + + [D] _ZN9grpc_impl13ServerBuilderD2Ev + + [D] _ZN9grpc_impl13ServerContext12CompletionOp11core_cq_tagEv + + [D] _ZN9grpc_impl13ServerContext12CompletionOp14FinalizeResultEPPvPb + + [D] _ZN9grpc_impl13ServerContext12CompletionOp17SetHijackingStateEv + + [D] _ZN9grpc_impl13ServerContext12CompletionOp32ContinueFillOpsAfterInterceptionEv + + [D] _ZN9grpc_impl13ServerContext12CompletionOp39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN9grpc_impl13ServerContext12CompletionOp5UnrefEv + + [D] _ZN9grpc_impl13ServerContext12CompletionOp7FillOpsEPN4grpc8internal4CallE + + [D] _ZN9grpc_impl13ServerContext12CompletionOpD0Ev + + [D] _ZN9grpc_impl13ServerContext12CompletionOpD1Ev + + [D] _ZN9grpc_impl13ServerContext12CompletionOpD2Ev, aliases _ZN9grpc_impl13ServerContext12CompletionOpD1Ev + + [D] _ZN9grpc_impl13ServerContext17BeginCompletionOpEPN4grpc8internal4CallESt8functionIFvbEEPNS2_13ServerReactorE + + [D] _ZN9grpc_impl13ServerContext17SetCancelCallbackESt8functionIFvvEE + + [D] _ZN9grpc_impl13ServerContext18AddInitialMetadataERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_ + + [D] _ZN9grpc_impl13ServerContext18GetCompletionOpTagEv + + [D] _ZN9grpc_impl13ServerContext19AddTrailingMetadataERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_ + + [D] _ZN9grpc_impl13ServerContext19ClearCancelCallbackEv + + [D] _ZN9grpc_impl13ServerContext19set_server_rpc_infoEPKcN4grpc8internal9RpcMethod7RpcTypeERKSt6vectorISt10unique_ptrINS3_12experimental33ServerInterceptorFactoryInterfaceESt14default_deleteISA_EESaISD_EE + + [D] _ZN9grpc_impl13ServerContext21SetLoadReportingCostsERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EE + + [D] _ZN9grpc_impl13ServerContext23BindDeadlineAndMetadataE12gpr_timespecP19grpc_metadata_array + + [D] _ZN9grpc_impl13ServerContext25set_compression_algorithmE26grpc_compression_algorithm + + [D] _ZN9grpc_impl13ServerContext5ClearEv + + [D] _ZN9grpc_impl13ServerContext5SetupE12gpr_timespec + + [D] _ZN9grpc_impl13ServerContextC1E12gpr_timespecP19grpc_metadata_array + + [D] _ZN9grpc_impl13ServerContextC1Ev, aliases _ZN9grpc_impl13ServerContextC2Ev + + [D] _ZN9grpc_impl13ServerContextC2E12gpr_timespecP19grpc_metadata_array, aliases _ZN9grpc_impl13ServerContextC1E12gpr_timespecP19grpc_metadata_array + + [D] _ZN9grpc_impl13ServerContextC2Ev + + [D] _ZN9grpc_impl16ChannelArguments16SetResourceQuotaERKNS_13ResourceQuotaE + + [D] _ZN9grpc_impl24AddInsecureChannelFromFdEPNS_6ServerEi + + [D] _ZN9grpc_impl27CreateInsecureChannelFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEi + + [D] _ZN9grpc_impl31EnableDefaultHealthCheckServiceEb + + [D] _ZN9grpc_impl32DefaultHealthCheckServiceEnabledEv + + [D] _ZN9grpc_impl33CreateCustomInsecureChannelFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEiRKNS_16ChannelArgumentsE + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE14FinalizeResultEPPvPb + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEv + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag3RunEb + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag9StaticRunEP42grpc_experimental_completion_queue_functori + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE7RequestEv + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEED0Ev + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEED1Ev, aliases _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEED2Ev + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEED2Ev + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE14FinalizeResultEPPvPb + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEv + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag3RunEb + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag9StaticRunEP42grpc_experimental_completion_queue_functori + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE7RequestEv + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEED0Ev + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEED1Ev, aliases _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEED2Ev + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEED2Ev + + [D] _ZN9grpc_impl6ServerC1EiPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE, aliases _ZN9grpc_impl6ServerC2EiPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE + + [D] _ZN9grpc_impl6ServerC2EiPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE + + [D] _ZNK9grpc_impl13ServerContext11IsCancelledEv + + [D] _ZNK9grpc_impl13ServerContext14census_contextEv + + [D] _ZNK9grpc_impl13ServerContext4peerB5cxx11Ev + + [D] _ZNK9grpc_impl13ServerContext9TryCancelEv + + [D] _ZNK9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE11method_nameEv + + [D] _ZNK9grpc_impl6Server15CallbackRequestINS_13ServerContextEE11method_nameEv + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc12experimental22CallbackGenericService7HandlerEvEUlvE_E10_M_managerERSt9_Any_dataRKS6_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImpl6FinishENS1_6StatusEEUlbE_E10_M_managerERSt9_Any_dataRKSA_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE0_E10_M_managerERSt9_Any_dataRKSL_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE1_E10_M_managerERSt9_Any_dataRKSL_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE_E10_M_managerERSt9_Any_dataRKSL_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E10WritesDoneEvEUlbE_E10_M_managerERSt9_Any_dataRKS8_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE0_E10_M_managerERSt9_Any_dataRKS8_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE1_E10_M_managerERSt9_Any_dataRKS8_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE2_E10_M_managerERSt9_Any_dataRKS8_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE_E10_M_managerERSt9_Any_dataRKS8_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E10_M_managerERSt9_Any_dataRKSA_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag3RunEbEUlvE_E10_M_managerERSt9_Any_dataRKSA_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestINS1_13ServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestINS1_13ServerContextEE15CallbackCallTag3RunEbEUlvE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [D] _ZNSt17_Function_handlerIFPN4grpc12experimental17ServerBidiReactorINS0_10ByteBufferES3_EEvEZNS1_22CallbackGenericService7HandlerEvEUlvE_E9_M_invokeERKSt9_Any_data + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImpl6FinishENS1_6StatusEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE0_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE1_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E10WritesDoneEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE0_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE1_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE2_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E9_M_invokeERKSt9_Any_data + + [D] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag3RunEbEUlvE_E9_M_invokeERKSt9_Any_data + + [D] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestINS1_13ServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E9_M_invokeERKSt9_Any_data + + [D] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestINS1_13ServerContextEE15CallbackCallTag3RunEbEUlvE_E9_M_invokeERKSt9_Any_data + + [D] _ZNSt6vectorIN9grpc_impl13ServerBuilder4PortESaIS2_EE17_M_realloc_insertIJRKS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [D] _ZNSt6vectorIN9grpc_impl13ServerBuilder4PortESaIS2_EED1Ev, aliases _ZNSt6vectorIN9grpc_impl13ServerBuilder4PortESaIS2_EED2Ev + + [D] _ZNSt6vectorIN9grpc_impl13ServerBuilder4PortESaIS2_EED2Ev + + [D] _ZNSt6vectorISt10unique_ptrIN9grpc_impl13ServerBuilder12NamedServiceESt14default_deleteIS3_EESaIS6_EE12emplace_backIJPS3_EEEvDpOT_ + + [D] _ZNSt6vectorISt10unique_ptrIN9grpc_impl13ServerBuilder12NamedServiceESt14default_deleteIS3_EESaIS6_EE17_M_realloc_insertIJPS3_EEEvN9__gnu_cxx17__normal_iteratorIPS6_S8_EEDpOT_ + + [D] _ZNSt6vectorIlSaIlEE12emplace_backIJlEEEvDpOT_ + + [D] _ZNSt6vectorIlSaIlEE17_M_realloc_insertIJlEEEvN9__gnu_cxx17__normal_iteratorIPlS1_EEDpOT_ + + [D] _ZNSt8functionIFvN4grpc6StatusEEEC1ERKS3_, aliases _ZNSt8functionIFvN4grpc6StatusEEEC2ERKS3_ + + [D] _ZNSt8functionIFvN4grpc6StatusEEEC2ERKS3_ + + [D] _ZThn16_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E4ReadEPS1_Pv + + [D] _ZThn16_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZThn16_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED1Ev + + [D] _ZThn16_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E4ReadEPS1_Pv + + [D] _ZThn16_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZThn16_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED1Ev + + [D] _ZThn8_N4grpc17ServerAsyncWriterINS_10ByteBufferEE5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZThn8_N4grpc17ServerAsyncWriterINS_10ByteBufferEE5WriteERKS1_Pv + + [D] _ZThn8_N4grpc17ServerAsyncWriterINS_10ByteBufferEED0Ev + + [D] _ZThn8_N4grpc17ServerAsyncWriterINS_10ByteBufferEED1Ev + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_Pv + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED1Ev + + [D] _ZThn8_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZThn8_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_Pv + + [D] _ZThn8_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZThn8_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED1Ev + + [D] pb_close_string_substream + + [D] pb_decode + + [D] pb_decode_delimited + + [D] pb_decode_fixed32 + + [D] pb_decode_fixed64 + + [D] pb_decode_noinit + + [D] pb_decode_svarint + + [D] pb_decode_tag + + [D] pb_decode_varint + + [D] pb_encode + + [D] pb_encode_delimited + + [D] pb_encode_fixed32 + + [D] pb_encode_fixed64 + + [D] pb_encode_string + + [D] pb_encode_submessage + + [D] pb_encode_svarint + + [D] pb_encode_tag + + [D] pb_encode_tag_for_field + + [D] pb_encode_varint + + [D] pb_field_iter_begin + + [D] pb_field_iter_find + + [D] pb_field_iter_next + + [D] pb_get_encoded_size + + [D] pb_istream_from_buffer + + [D] pb_make_string_substream + + [D] pb_ostream_from_buffer + + [D] pb_read + + [D] pb_skip_field + + [D] pb_write + + + +224 Added function symbols not referenced by debug info: + + + + [A] _ZN12closure_impl15closure_wrapperEPvP10grpc_error + + [A] _ZN4grpc11CoreCodegen25grpc_call_error_to_stringE15grpc_call_error + + [A] _ZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextE + + [A] _ZN4grpc12experimental28GenericCallbackServerContextD0Ev + + [A] _ZN4grpc12experimental28GenericCallbackServerContextD1Ev + + [A] _ZN4grpc12experimental28GenericCallbackServerContextD2Ev, aliases _ZN4grpc12experimental28GenericCallbackServerContextD1Ev + + [A] _ZN4grpc12experimental49CreateCustomInsecureChannelWithInterceptorsFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEiRKN9grpc_impl16ChannelArgumentsESt6vectorISt10unique_ptrINS0_33ClientInterceptorFactoryInterfaceESt14default_deleteISF_EESaISI_EE + + [A] _ZN4grpc13ResourceQuota13SetMaxThreadsEi + + [A] _ZN4grpc13ResourceQuota6ResizeEm + + [A] _ZN4grpc13ResourceQuotaC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN4grpc13ResourceQuotaC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN4grpc13ResourceQuotaC1Ev, aliases _ZN4grpc13ResourceQuotaC2Ev + + [A] _ZN4grpc13ResourceQuotaC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN4grpc13ResourceQuotaC2Ev + + [A] _ZN4grpc13ResourceQuotaD0Ev + + [A] _ZN4grpc13ResourceQuotaD1Ev, aliases _ZN4grpc13ResourceQuotaD2Ev + + [A] _ZN4grpc13ResourceQuotaD2Ev + + [A] _ZN4grpc13ServerBuilder13BuildAndStartEv + + [A] _ZN4grpc13ServerBuilder15RegisterServiceEPNS_7ServiceE + + [A] _ZN4grpc13ServerBuilder15RegisterServiceERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPNS_7ServiceE + + [A] _ZN4grpc13ServerBuilder16AddListeningPortERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10shared_ptrIN9grpc_impl17ServerCredentialsEEPi + + [A] _ZN4grpc13ServerBuilder16EnableWorkaroundE20grpc_workaround_list + + [A] _ZN4grpc13ServerBuilder16SetResourceQuotaERKNS_13ResourceQuotaE + + [A] _ZN4grpc13ServerBuilder17experimental_type29AddExternalConnectionAcceptorENS1_22ExternalConnectionTypeESt10shared_ptrIN9grpc_impl17ServerCredentialsEE + + [A] _ZN4grpc13ServerBuilder17experimental_type30RegisterCallbackGenericServiceEPNS_12experimental22CallbackGenericServiceE + + [A] _ZN4grpc13ServerBuilder18AddCompletionQueueEb + + [A] _ZN4grpc13ServerBuilder19SetSyncServerOptionENS0_16SyncServerOptionEi + + [A] _ZN4grpc13ServerBuilder24InternalAddPluginFactoryEPFSt10unique_ptrINS_19ServerBuilderPluginESt14default_deleteIS2_EEvE + + [A] _ZN4grpc13ServerBuilder26SetDefaultCompressionLevelE22grpc_compression_level + + [A] _ZN4grpc13ServerBuilder27RegisterAsyncGenericServiceEPNS_19AsyncGenericServiceE + + [A] _ZN4grpc13ServerBuilder30SetDefaultCompressionAlgorithmE26grpc_compression_algorithm + + [A] _ZN4grpc13ServerBuilder36SetCompressionAlgorithmSupportStatusE26grpc_compression_algorithmb + + [A] _ZN4grpc13ServerBuilder4PortD1Ev, aliases _ZN4grpc13ServerBuilder4PortD2Ev + + [A] _ZN4grpc13ServerBuilder4PortD2Ev + + [A] _ZN4grpc13ServerBuilder9SetOptionESt10unique_ptrIN9grpc_impl19ServerBuilderOptionESt14default_deleteIS3_EE + + [A] _ZN4grpc13ServerBuilderC1Ev, aliases _ZN4grpc13ServerBuilderC2Ev + + [A] _ZN4grpc13ServerBuilderC2Ev + + [A] _ZN4grpc13ServerBuilderD0Ev + + [A] _ZN4grpc13ServerBuilderD1Ev, aliases _ZN4grpc13ServerBuilderD2Ev + + [A] _ZN4grpc13ServerBuilderD2Ev + + [A] _ZN4grpc19AsyncGenericService11RequestCallEPNS_20GenericServerContextEPN9grpc_impl23ServerAsyncReaderWriterINS_10ByteBufferES5_EEPNS3_15CompletionQueueEPNS3_21ServerCompletionQueueEPv + + [A] _ZN4grpc19ServerBuilderPlugin19UpdateServerBuilderEPNS_13ServerBuilderE + + [A] _ZN4grpc20GenericServerContextD0Ev + + [A] _ZN4grpc24AddInsecureChannelFromFdEPN9grpc_impl6ServerEi + + [A] _ZN4grpc27CreateInsecureChannelFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEi + + [A] _ZN4grpc31EnableDefaultHealthCheckServiceEb + + [A] _ZN4grpc32DefaultHealthCheckServiceEnabledEv + + [A] _ZN4grpc33CreateCustomInsecureChannelFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEiRKN9grpc_impl16ChannelArgumentsE + + [A] _ZN4grpc37HealthCheckServiceServerBuilderOptionC1ESt10unique_ptrINS_27HealthCheckServiceInterfaceESt14default_deleteIS2_EE + + [A] _ZN4grpc37HealthCheckServiceServerBuilderOptionC2ESt10unique_ptrINS_27HealthCheckServiceInterfaceESt14default_deleteIS2_EE, aliases _ZN4grpc37HealthCheckServiceServerBuilderOptionC1ESt10unique_ptrINS_27HealthCheckServiceInterfaceESt14default_deleteIS2_EE + + [A] _ZN4grpc8internal22CallbackWithSuccessTag3SetEP9grpc_callSt8functionIFvbEEPNS0_18CompletionQueueTagEb + + [A] _ZN4grpc8internal30ExternalConnectionAcceptorImplC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrIN9grpc_impl17ServerCredentialsEE, aliases _ZN4grpc8internal30ExternalConnectionAcceptorImplC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrIN9grpc_impl17ServerCredentialsEE + + [A] _ZN4grpc8internal30ExternalConnectionAcceptorImplC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrIN9grpc_impl17ServerCredentialsEE + + [A] _ZN9grpc_impl13ClientContext15set_credentialsERKSt10shared_ptrINS_15CallCredentialsEE + + [A] _ZN9grpc_impl13ClientContext25FromCallbackServerContextERKNS_21CallbackServerContextENS_18PropagationOptionsE + + [A] _ZN9grpc_impl13ClientContext25FromInternalServerContextERKNS_17ServerContextBaseENS_18PropagationOptionsE + + [A] _ZN9grpc_impl13ServerContextD0Ev + + [A] _ZN9grpc_impl15CallCredentials11DebugStringB5cxx11Ev + + [A] _ZN9grpc_impl16ChannelArguments16SetResourceQuotaERKN4grpc13ResourceQuotaE + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE14WriteAndFinishERKS2_NS1_12WriteOptionsERKNS1_6StatusEPv + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE19SendInitialMetadataEPv + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE5WriteERKS2_NS1_12WriteOptionsEPv + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE5WriteERKS2_Pv + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE6FinishERKNS1_6StatusEPv + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE8BindCallEPNS1_8internal4CallE + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED0Ev + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED1Ev, aliases _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED2Ev + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED2Ev + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E10OnReadDoneEb + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E11OnWriteDoneEb + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E18InternalBindStreamEPNS_26ServerCallbackReaderWriterIS2_S2_EE + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E25OnSendInitialMetadataDoneEb + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E6FinishENS1_6StatusE + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E8OnCancelEv + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_ED0Ev + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_ED1Ev, aliases _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_ED2Ev + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_ED2Ev + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp11core_cq_tagEv + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp14FinalizeResultEPPvPb + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp17SetHijackingStateEv + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp32ContinueFillOpsAfterInterceptionEv + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp39ContinueFinalizeResultAfterInterceptionEv + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp5UnrefEv + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp7FillOpsEPN4grpc8internal4CallE + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOpD0Ev + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOpD1Ev, aliases _ZN9grpc_impl17ServerContextBase12CompletionOpD2Ev + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOpD2Ev + + [A] _ZN9grpc_impl17ServerContextBase17BeginCompletionOpEPN4grpc8internal4CallESt8functionIFvbEEPNS_8internal18ServerCallbackCallE + + [A] _ZN9grpc_impl17ServerContextBase18AddInitialMetadataERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_ + + [A] _ZN9grpc_impl17ServerContextBase18GetCompletionOpTagEv + + [A] _ZN9grpc_impl17ServerContextBase19AddTrailingMetadataERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_ + + [A] _ZN9grpc_impl17ServerContextBase19set_server_rpc_infoEPKcN4grpc8internal9RpcMethod7RpcTypeERKSt6vectorISt10unique_ptrINS3_12experimental33ServerInterceptorFactoryInterfaceESt14default_deleteISA_EESaISD_EE + + [A] _ZN9grpc_impl17ServerContextBase21SetLoadReportingCostsERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EE + + [A] _ZN9grpc_impl17ServerContextBase23BindDeadlineAndMetadataE12gpr_timespecP19grpc_metadata_array + + [A] _ZN9grpc_impl17ServerContextBase23TestServerCallbackUnary7reactorEv + + [A] _ZN9grpc_impl17ServerContextBase25set_compression_algorithmE26grpc_compression_algorithm + + [A] _ZN9grpc_impl17ServerContextBase5ClearEv + + [A] _ZN9grpc_impl17ServerContextBase5SetupE12gpr_timespec + + [A] _ZN9grpc_impl17ServerContextBaseC1E12gpr_timespecP19grpc_metadata_array + + [A] _ZN9grpc_impl17ServerContextBaseC1Ev, aliases _ZN9grpc_impl17ServerContextBaseC2Ev + + [A] _ZN9grpc_impl17ServerContextBaseC2E12gpr_timespecP19grpc_metadata_array, aliases _ZN9grpc_impl17ServerContextBaseC1E12gpr_timespecP19grpc_metadata_array + + [A] _ZN9grpc_impl17ServerContextBaseC2Ev + + [A] _ZN9grpc_impl17ServerContextBaseD0Ev + + [A] _ZN9grpc_impl17ServerContextBaseD1Ev, aliases _ZN9grpc_impl17ServerContextBaseD2Ev + + [A] _ZN9grpc_impl17ServerContextBaseD2Ev + + [A] _ZN9grpc_impl18ClientUnaryReactor6OnDoneERKN4grpc6StatusE + + [A] _ZN9grpc_impl18ServerUnaryReactor8OnCancelEv + + [A] _ZN9grpc_impl21CallbackServerContextD0Ev + + [A] _ZN9grpc_impl21CallbackServerContextD1Ev, aliases _ZN9grpc_impl21CallbackServerContextD2Ev + + [A] _ZN9grpc_impl21CallbackServerContextD2Ev + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E14WriteAndFinishERKS2_NS1_12WriteOptionsERKNS1_6StatusEPv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E19SendInitialMetadataEPv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E4ReadEPS2_Pv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E5WriteERKS2_NS1_12WriteOptionsEPv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E5WriteERKS2_Pv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E6FinishERKNS1_6StatusEPv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E8BindCallEPNS1_8internal4CallE + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED0Ev + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED1Ev, aliases _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED2Ev + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED2Ev + + [A] _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEE19SendInitialMetadataEPv + + [A] _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEE8BindCallEPNS1_8internal4CallE + + [A] _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEED0Ev + + [A] _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEED1Ev, aliases _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEED2Ev + + [A] _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEED2Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE14FinalizeResultEPPvPb + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEv + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag3RunEb + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag9StaticRunEP42grpc_experimental_completion_queue_functori + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEED0Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEED1Ev, aliases _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEED2Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEED2Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE14FinalizeResultEPPvPb + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEv + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag3RunEb + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag9StaticRunEP42grpc_experimental_completion_queue_functori + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEED0Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEED1Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEED2Ev, aliases _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEED1Ev + + [A] _ZN9grpc_impl6Server18UnrefAndWaitLockedEv + + [A] _ZN9grpc_impl6Server23UnrefWithPossibleNotifyEv + + [A] _ZN9grpc_impl6Server3RefEv + + [A] _ZN9grpc_impl6ServerC1EPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE + + [A] _ZN9grpc_impl6ServerC2EPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE, aliases _ZN9grpc_impl6ServerC1EPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE + + [A] _ZN9grpc_impl8internal13ClientReactor22InternalScheduleOnDoneEN4grpc6StatusE + + [A] _ZN9grpc_impl8internal13ServerReactor18InternalInlineableEv + + [A] _ZN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEE6OnDoneEv + + [A] _ZN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEED0Ev + + [A] _ZN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEED1Ev, aliases _ZN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEED2Ev + + [A] _ZN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEED2Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EED0Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EED1Ev, aliases _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EED2Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EED2Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EED0Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EED1Ev, aliases _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EED2Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EED2Ev + + [A] _ZN9grpc_impl8internal18ServerCallbackCall12CallOnCancelEPNS0_13ServerReactorE + + [A] _ZN9grpc_impl8internal18ServerCallbackCall14ScheduleOnDoneEb + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl10CallOnDoneEv + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl14WriteAndFinishEPKS3_NS2_12WriteOptionsENS2_6StatusE + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEv + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl4ReadEPS3_ + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl5WriteEPKS3_NS2_12WriteOptionsE + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl6FinishENS2_6StatusE + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl7reactorEv + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplD0Ev + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplD1Ev, aliases _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplD2Ev + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplD2Ev + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_ED0Ev + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_ED1Ev, aliases _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_ED2Ev + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_ED2Ev + + [A] _ZNK9grpc_impl17ServerContextBase11IsCancelledEv + + [A] _ZNK9grpc_impl17ServerContextBase14census_contextEv + + [A] _ZNK9grpc_impl17ServerContextBase4peerB5cxx11Ev + + [A] _ZNK9grpc_impl17ServerContextBase9TryCancelEv + + [A] _ZNK9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE11method_nameEv + + [A] _ZNK9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE11method_nameEv + + [A] _ZNSt14_Function_base13_Base_managerIZN4grpc12experimental22CallbackGenericService7HandlerEvEUlPN9grpc_impl21CallbackServerContextEE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag3RunEbEUlvE_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestINS1_21CallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestINS1_21CallbackServerContextEE15CallbackCallTag3RunEbEUlvE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E10RunHandlerERKNS4_8internal13MethodHandler16HandlerParameterEEUlbE_E10_M_managerERSt9_Any_dataRKSE_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS1_17ServerBidiReactorIS5_S5_EEEUlbE0_E10_M_managerERSt9_Any_dataRKSD_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS1_17ServerBidiReactorIS5_S5_EEEUlbE_E10_M_managerERSt9_Any_dataRKSD_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_E10_M_managerERSt9_Any_dataRKSA_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl6FinishENS4_6StatusEEUlbE_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [A] _ZNSt17_Function_handlerIFPN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES3_EEPNS0_21CallbackServerContextEEZNS2_12experimental22CallbackGenericService7HandlerEvEUlS7_E_E9_M_invokeERKSt9_Any_dataOS7_ + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E10RunHandlerERKNS4_8internal13MethodHandler16HandlerParameterEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS1_17ServerBidiReactorIS5_S5_EEEUlbE0_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS1_17ServerBidiReactorIS5_S5_EEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl6FinishENS4_6StatusEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag3RunEbEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestINS1_21CallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestINS1_21CallbackServerContextEE15CallbackCallTag3RunEbEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt6vectorIN4grpc13ServerBuilder4PortESaIS2_EE17_M_realloc_insertIJRKS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [A] _ZNSt6vectorIN4grpc13ServerBuilder4PortESaIS2_EED1Ev, aliases _ZNSt6vectorIN4grpc13ServerBuilder4PortESaIS2_EED2Ev + + [A] _ZNSt6vectorIN4grpc13ServerBuilder4PortESaIS2_EED2Ev + + [A] _ZNSt6vectorIPN9grpc_impl15CompletionQueueESaIS2_EE17_M_realloc_insertIJS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [A] _ZNSt6vectorISt10unique_ptrIN4grpc13ServerBuilder12NamedServiceESt14default_deleteIS3_EESaIS6_EE12emplace_backIJPS3_EEEvDpOT_ + + [A] _ZNSt6vectorISt10unique_ptrIN4grpc13ServerBuilder12NamedServiceESt14default_deleteIS3_EESaIS6_EE17_M_realloc_insertIJPS3_EEEvN9__gnu_cxx17__normal_iteratorIPS6_S8_EEDpOT_ + + [A] _ZThn16_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E4ReadEPS2_Pv + + [A] _ZThn16_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED0Ev + + [A] _ZThn16_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED1Ev + + [A] _ZThn8_N9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE5WriteERKS2_NS1_12WriteOptionsEPv + + [A] _ZThn8_N9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE5WriteERKS2_Pv + + [A] _ZThn8_N9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED0Ev + + [A] _ZThn8_N9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED1Ev + + [A] _ZThn8_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E5WriteERKS2_NS1_12WriteOptionsEPv + + [A] _ZThn8_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E5WriteERKS2_Pv + + [A] _ZThn8_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED0Ev + + [A] _ZThn8_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED1Ev + + [A] _ZZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEEN7Reactor6OnDoneEv + + [A] _ZZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEEN7ReactorD0Ev + + [A] _ZZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEEN7ReactorD1Ev, aliases _ZZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEEN7ReactorD2Ev + + [A] _ZZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEEN7ReactorD2Ev + + [A] _ZZZN9grpc_impl8internal9AlarmImpl3SetE12gpr_timespecSt8functionIFvbEEENKUlPvP10grpc_errorE_clES6_S8_ENKUlS6_S8_E_clES6_S8_ + + [A] _ZZZN9grpc_impl8internal9AlarmImpl3SetE12gpr_timespecSt8functionIFvbEEENKUlPvP10grpc_errorE_clES6_S8_ENUlS6_S8_E_4_FUNES6_S8_ + + + +147 Removed variable symbols not referenced by debug info: + + + + [D] _ZTIN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc12experimental24ServerGenericBidiReactorE + + [D] _ZTIN4grpc12experimental26ClientCallbackReaderWriterINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc12experimental26ServerCallbackReaderWriterINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc17ServerAsyncWriterINS_10ByteBufferEEE + + [D] _ZTIN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTIN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTIN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEEE + + [D] _ZTIN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEEE + + [D] _ZTIN4grpc26ServerAsyncWriterInterfaceINS_10ByteBufferEEE + + [D] _ZTIN4grpc32ClientAsyncReaderWriterInterfaceINS_10ByteBufferES1_EE + + [D] _ZTIN4grpc32ServerAsyncReaderWriterInterfaceINS_10ByteBufferES1_EE + + [D] _ZTIN4grpc34ClientAsyncResponseReaderInterfaceINS_10ByteBufferEEE + + [D] _ZTIN4grpc8internal13ServerReactorE + + [D] _ZTIN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EEE + + [D] _ZTIN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EEE + + [D] _ZTIN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplE + + [D] _ZTIN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc8internal20AsyncReaderInterfaceINS_10ByteBufferEEE + + [D] _ZTIN4grpc8internal20AsyncWriterInterfaceINS_10ByteBufferEEE + + [D] _ZTIN4grpc8internal21CallOpClientSendCloseE + + [D] _ZTIN4grpc8internal22CallOpClientRecvStatusE + + [D] _ZTIN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc8internal25CallOpRecvInitialMetadataE + + [D] _ZTIN4grpc8internal29ClientAsyncStreamingInterfaceE + + [D] _ZTIN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc8internal31UnimplementedGenericBidiReactorE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTIN9grpc_impl13ResourceQuotaE + + [D] _ZTIN9grpc_impl13ServerBuilderE + + [D] _ZTIN9grpc_impl13ServerContext12CompletionOpE + + [D] _ZTIN9grpc_impl27HealthCheckServiceInterfaceE + + [D] _ZTIN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEEE + + [D] _ZTIN9grpc_impl6Server15CallbackRequestINS_13ServerContextEEE + + [D] _ZTIN9grpc_impl6Server19CallbackRequestBaseE + + [D] _ZTIZN4grpc12experimental22CallbackGenericService7HandlerEvEUlvE_ + + [D] _ZTIZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_ + + [D] _ZTIZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl6FinishENS_6StatusEEUlbE_ + + [D] _ZTIZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE0_ + + [D] _ZTIZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE1_ + + [D] _ZTIZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE_ + + [D] _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E10WritesDoneEvEUlbE_ + + [D] _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE0_ + + [D] _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE1_ + + [D] _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE2_ + + [D] _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE_ + + [D] _ZTIZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + [D] _ZTIZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag3RunEbEUlvE_ + + [D] _ZTIZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + [D] _ZTIZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag3RunEbEUlvE_ + + [D] _ZTSN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc12experimental24ServerGenericBidiReactorE + + [D] _ZTSN4grpc12experimental26ClientCallbackReaderWriterINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc12experimental26ServerCallbackReaderWriterINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc17ServerAsyncWriterINS_10ByteBufferEEE + + [D] _ZTSN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTSN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTSN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEEE + + [D] _ZTSN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEEE + + [D] _ZTSN4grpc26ServerAsyncWriterInterfaceINS_10ByteBufferEEE + + [D] _ZTSN4grpc32ClientAsyncReaderWriterInterfaceINS_10ByteBufferES1_EE + + [D] _ZTSN4grpc32ServerAsyncReaderWriterInterfaceINS_10ByteBufferES1_EE + + [D] _ZTSN4grpc34ClientAsyncResponseReaderInterfaceINS_10ByteBufferEEE + + [D] _ZTSN4grpc8internal13ServerReactorE + + [D] _ZTSN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EEE + + [D] _ZTSN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EEE + + [D] _ZTSN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplE + + [D] _ZTSN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc8internal20AsyncReaderInterfaceINS_10ByteBufferEEE + + [D] _ZTSN4grpc8internal20AsyncWriterInterfaceINS_10ByteBufferEEE + + [D] _ZTSN4grpc8internal21CallOpClientSendCloseE + + [D] _ZTSN4grpc8internal22CallOpClientRecvStatusE + + [D] _ZTSN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc8internal25CallOpRecvInitialMetadataE + + [D] _ZTSN4grpc8internal29ClientAsyncStreamingInterfaceE + + [D] _ZTSN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc8internal31UnimplementedGenericBidiReactorE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTSN9grpc_impl13ResourceQuotaE + + [D] _ZTSN9grpc_impl13ServerBuilderE + + [D] _ZTSN9grpc_impl13ServerContext12CompletionOpE + + [D] _ZTSN9grpc_impl27HealthCheckServiceInterfaceE + + [D] _ZTSN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEEE + + [D] _ZTSN9grpc_impl6Server15CallbackRequestINS_13ServerContextEEE + + [D] _ZTSN9grpc_impl6Server19CallbackRequestBaseE + + [D] _ZTSZN4grpc12experimental22CallbackGenericService7HandlerEvEUlvE_ + + [D] _ZTSZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_ + + [D] _ZTSZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl6FinishENS_6StatusEEUlbE_ + + [D] _ZTSZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE0_ + + [D] _ZTSZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE1_ + + [D] _ZTSZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE_ + + [D] _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E10WritesDoneEvEUlbE_ + + [D] _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE0_ + + [D] _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE1_ + + [D] _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE2_ + + [D] _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE_ + + [D] _ZTSZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + [D] _ZTSZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag3RunEbEUlvE_ + + [D] _ZTSZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + [D] _ZTSZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag3RunEbEUlvE_ + + [D] _ZTVN4grpc17ServerAsyncWriterINS_10ByteBufferEEE + + [D] _ZTVN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTVN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTVN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEEE + + [D] _ZTVN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEEE + + [D] _ZTVN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EEE + + [D] _ZTVN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EEE + + [D] _ZTVN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplE + + [D] _ZTVN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_EE + + [D] _ZTVN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_EE + + [D] _ZTVN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_EE + + [D] _ZTVN4grpc8internal31UnimplementedGenericBidiReactorE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTVN9grpc_impl13ResourceQuotaE + + [D] _ZTVN9grpc_impl13ServerBuilderE + + [D] _ZTVN9grpc_impl13ServerContext12CompletionOpE + + [D] _ZTVN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEEE + + [D] _ZTVN9grpc_impl6Server15CallbackRequestINS_13ServerContextEEE + + [D] grpc_health_v1_HealthCheckRequest_fields + + [D] grpc_health_v1_HealthCheckResponse_fields + + + +99 Added variable symbols not referenced by debug info: + + + + _ZTIN4grpc12experimental28GenericCallbackServerContextE + + _ZTIN4grpc13ResourceQuotaE + + _ZTIN4grpc13ServerBuilderE + + _ZTIN4grpc20GenericServerContextE + + _ZTIN4grpc27HealthCheckServiceInterfaceE + + _ZTIN9grpc_impl13ServerContextE + + _ZTIN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEEE + + _ZTIN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_EE + + _ZTIN9grpc_impl17ServerContextBase12CompletionOpE + + _ZTIN9grpc_impl17ServerContextBaseE + + _ZTIN9grpc_impl21CallbackServerContextE + + _ZTIN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_EE + + _ZTIN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEEE + + _ZTIN9grpc_impl26ServerAsyncWriterInterfaceIN4grpc10ByteBufferEEE + + _ZTIN9grpc_impl26ServerCallbackReaderWriterIN4grpc10ByteBufferES2_EE + + _ZTIN9grpc_impl32ServerAsyncReaderWriterInterfaceIN4grpc10ByteBufferES2_EE + + _ZTIN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEEE + + _ZTIN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEEE + + _ZTIN9grpc_impl8internal13ClientReactorE + + _ZTIN9grpc_impl8internal13ServerReactorE + + _ZTIN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEEE + + _ZTIN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EEE + + _ZTIN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EEE + + _ZTIN9grpc_impl8internal18ServerCallbackCallE + + _ZTIN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplE + + _ZTIN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_EE + + _ZTIN9grpc_impl8internal20AsyncReaderInterfaceIN4grpc10ByteBufferEEE + + _ZTIN9grpc_impl8internal20AsyncWriterInterfaceIN4grpc10ByteBufferEEE + + _ZTIZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEE7Reactor + + _ZTIZN4grpc12experimental22CallbackGenericService7HandlerEvEUlPN9grpc_impl21CallbackServerContextEE_ + + _ZTIZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + _ZTIZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag3RunEbEUlvE_ + + _ZTIZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + _ZTIZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag3RunEbEUlvE_ + + _ZTIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterEEUlbE_ + + _ZTIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS_17ServerBidiReactorIS3_S3_EEEUlbE0_ + + _ZTIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS_17ServerBidiReactorIS3_S3_EEEUlbE_ + + _ZTIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_ + + _ZTIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl6FinishENS2_6StatusEEUlbE_ + + _ZTSN4grpc12experimental28GenericCallbackServerContextE + + _ZTSN4grpc13ResourceQuotaE + + _ZTSN4grpc13ServerBuilderE + + _ZTSN4grpc20GenericServerContextE + + _ZTSN4grpc27HealthCheckServiceInterfaceE + + _ZTSN9grpc_impl13ServerContextE + + _ZTSN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEEE + + _ZTSN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_EE + + _ZTSN9grpc_impl17ServerContextBase12CompletionOpE + + _ZTSN9grpc_impl17ServerContextBaseE + + _ZTSN9grpc_impl21CallbackServerContextE + + _ZTSN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_EE + + _ZTSN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEEE + + _ZTSN9grpc_impl26ServerAsyncWriterInterfaceIN4grpc10ByteBufferEEE + + _ZTSN9grpc_impl26ServerCallbackReaderWriterIN4grpc10ByteBufferES2_EE + + _ZTSN9grpc_impl32ServerAsyncReaderWriterInterfaceIN4grpc10ByteBufferES2_EE + + _ZTSN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEEE + + _ZTSN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEEE + + _ZTSN9grpc_impl8internal13ClientReactorE + + _ZTSN9grpc_impl8internal13ServerReactorE + + _ZTSN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEEE + + _ZTSN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EEE + + _ZTSN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EEE + + _ZTSN9grpc_impl8internal18ServerCallbackCallE + + _ZTSN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplE + + _ZTSN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_EE + + _ZTSN9grpc_impl8internal20AsyncReaderInterfaceIN4grpc10ByteBufferEEE + + _ZTSN9grpc_impl8internal20AsyncWriterInterfaceIN4grpc10ByteBufferEEE + + _ZTSZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEE7Reactor + + _ZTSZN4grpc12experimental22CallbackGenericService7HandlerEvEUlPN9grpc_impl21CallbackServerContextEE_ + + _ZTSZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + _ZTSZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag3RunEbEUlvE_ + + _ZTSZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + _ZTSZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag3RunEbEUlvE_ + + _ZTSZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterEEUlbE_ + + _ZTSZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS_17ServerBidiReactorIS3_S3_EEEUlbE0_ + + _ZTSZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS_17ServerBidiReactorIS3_S3_EEEUlbE_ + + _ZTSZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_ + + _ZTSZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl6FinishENS2_6StatusEEUlbE_ + + _ZTVN4grpc12experimental28GenericCallbackServerContextE + + _ZTVN4grpc13ResourceQuotaE + + _ZTVN4grpc13ServerBuilderE + + _ZTVN4grpc20GenericServerContextE + + _ZTVN9grpc_impl13ServerContextE + + _ZTVN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEEE + + _ZTVN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_EE + + _ZTVN9grpc_impl17ServerContextBase12CompletionOpE + + _ZTVN9grpc_impl17ServerContextBaseE + + _ZTVN9grpc_impl21CallbackServerContextE + + _ZTVN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_EE + + _ZTVN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEEE + + _ZTVN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEEE + + _ZTVN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEEE + + _ZTVN9grpc_impl8internal13ClientReactorE + + _ZTVN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEEE + + _ZTVN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EEE + + _ZTVN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EEE + + _ZTVN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplE + + _ZTVN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_EE + + _ZTVZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEE7Reactor + + + +---------------diffs in grpc_libgrpc++_reflection.so.1.31.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 162 Removed, 157 Added function symbols not referenced by debug info + +Variable symbols changes summary: 74 Removed, 60 Added variable symbols not referenced by debug info + + + +162 Removed function symbols not referenced by debug info: + + + + [D] _ZN4grpc10reflection7v1alpha13ErrorResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc10reflection7v1alpha13ErrorResponseC1Ev, aliases _ZN4grpc10reflection7v1alpha13ErrorResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha13ErrorResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha15ServiceResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc10reflection7v1alpha15ServiceResponseC1Ev, aliases _ZN4grpc10reflection7v1alpha15ServiceResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha15ServiceResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha16ExtensionRequest27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc10reflection7v1alpha16ExtensionRequestC1Ev, aliases _ZN4grpc10reflection7v1alpha16ExtensionRequestC2Ev + + [D] _ZN4grpc10reflection7v1alpha16ExtensionRequestC2Ev + + [D] _ZN4grpc10reflection7v1alpha16ServerReflection4Stub18experimental_async20ServerReflectionInfoEPN9grpc_impl13ClientContextEPNS_12experimental17ClientBidiReactorINS1_23ServerReflectionRequestENS1_24ServerReflectionResponseEEE + + [D] _ZN4grpc10reflection7v1alpha16ServerReflection7Service20ServerReflectionInfoEPN9grpc_impl13ServerContextEPNS_18ServerReaderWriterINS1_24ServerReflectionResponseENS1_23ServerReflectionRequestEEE + + [D] _ZN4grpc10reflection7v1alpha19ListServiceResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc10reflection7v1alpha19ListServiceResponseC1Ev, aliases _ZN4grpc10reflection7v1alpha19ListServiceResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha19ListServiceResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha22FileDescriptorResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc10reflection7v1alpha22FileDescriptorResponseC1Ev, aliases _ZN4grpc10reflection7v1alpha22FileDescriptorResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha22FileDescriptorResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha23ExtensionNumberResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc10reflection7v1alpha23ExtensionNumberResponseC1Ev, aliases _ZN4grpc10reflection7v1alpha23ExtensionNumberResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha23ExtensionNumberResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha23ServerReflectionRequest27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc10reflection7v1alpha23ServerReflectionRequestC1Ev, aliases _ZN4grpc10reflection7v1alpha23ServerReflectionRequestC2Ev + + [D] _ZN4grpc10reflection7v1alpha23ServerReflectionRequestC2Ev + + [D] _ZN4grpc10reflection7v1alpha24ServerReflectionResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc10reflection7v1alpha24ServerReflectionResponseC1Ev, aliases _ZN4grpc10reflection7v1alpha24ServerReflectionResponseC2Ev + + [D] _ZN4grpc10reflection7v1alpha24ServerReflectionResponseC2Ev + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE10OnReadDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE11OnWriteDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE16OnWritesDoneDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE25OnReadInitialMetadataDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE6OnDoneERKNS_6StatusE + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE10WritesDoneEv + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE15NextMessageSizeEPj + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE22WaitForInitialMetadataEv + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE4ReadEPS4_ + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE5WriteERKS3_NS_12WriteOptionsE + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE6FinishEv + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEC1EPNS_16ChannelInterfaceERKNS_8internal9RpcMethodEPN9grpc_impl13ClientContextE, aliases _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEC2EPNS_16ChannelInterfaceERKNS_8internal9RpcMethodEPN9grpc_impl13ClientContextE + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEC2EPNS_16ChannelInterfaceERKNS_8internal9RpcMethodEPN9grpc_impl13ClientContextE + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED0Ev + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED1Ev + + [D] _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED2Ev, aliases _ZN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED1Ev + + [D] _ZN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEE15NextMessageSizeEPj + + [D] _ZN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEE19SendInitialMetadataEv + + [D] _ZN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEE4ReadEPS4_ + + [D] _ZN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEE5WriteERKS3_NS_12WriteOptionsE + + [D] _ZN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEED0Ev + + [D] _ZN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEED1Ev, aliases _ZN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEED2Ev + + [D] _ZN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEED2Ev + + [D] _ZN4grpc19ServerBuilderPlugin19UpdateServerBuilderEPN9grpc_impl13ServerBuilderE + + [D] _ZN4grpc21ProtoServerReflection20ServerReflectionInfoEPN9grpc_impl13ServerContextEPNS_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS6_23ServerReflectionRequestEEE + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE10WritesDoneEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE19ReadInitialMetadataEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE4ReadEPS4_Pv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE5WriteERKS3_NS_12WriteOptionsEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE5WriteERKS3_Pv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE6FinishEPNS_6StatusEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE9StartCallEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED0Ev + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED1Ev, aliases _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED2Ev + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED2Ev + + [D] _ZN4grpc8internal20BidiStreamingHandlerINS_10reflection7v1alpha16ServerReflection7ServiceENS3_23ServerReflectionRequestENS3_24ServerReflectionResponseEED0Ev + + [D] _ZN4grpc8internal20BidiStreamingHandlerINS_10reflection7v1alpha16ServerReflection7ServiceENS3_23ServerReflectionRequestENS3_24ServerReflectionResponseEED1Ev, aliases _ZN4grpc8internal20BidiStreamingHandlerINS_10reflection7v1alpha16ServerReflection7ServiceENS3_23ServerReflectionRequestENS3_24ServerReflectionResponseEED2Ev + + [D] _ZN4grpc8internal20BidiStreamingHandlerINS_10reflection7v1alpha16ServerReflection7ServiceENS3_23ServerReflectionRequestENS3_24ServerReflectionResponseEED2Ev + + [D] _ZN4grpc8internal22CallbackWithSuccessTag3SetEP9grpc_callSt8functionIFvbEEPNS0_18CompletionQueueTagE + + [D] _ZN4grpc8internal22ServerReaderWriterBodyINS_10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEE19SendInitialMetadataEv + + [D] _ZN4grpc8internal23CatchingFunctionHandlerIZNS0_29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS5_23ServerReflectionRequestEEELb0EE10RunHandlerERKNS0_13MethodHandler16HandlerParameterEEUlvE_EENS_6StatusEOT_ + + [D] _ZN4grpc8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS4_23ServerReflectionRequestEEELb0EE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS4_23ServerReflectionRequestEEELb0EED0Ev + + [D] _ZN4grpc8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS4_23ServerReflectionRequestEEELb0EED1Ev, aliases _ZN4grpc8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS4_23ServerReflectionRequestEEELb0EED2Ev + + [D] _ZN4grpc8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS4_23ServerReflectionRequestEEELb0EED2Ev + + [D] _ZN4grpc8internal30ClientAsyncReaderWriterFactoryINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE6CreateEPNS_16ChannelInterfaceEPN9grpc_impl15CompletionQueueERKNS0_9RpcMethodEPNS9_13ClientContextEbPv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE10RemoveHoldEv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE10WritesDoneEv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE11MaybeFinishEv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE4ReadEPS5_ + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE5WriteEPKS4_NS_12WriteOptionsE + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE7AddHoldEi + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE9StartCallEv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED0Ev + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED1Ev + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED2Ev, aliases _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED1Ev + + [D] _ZN6google8protobuf8internal14ArenaStringPtr21CreateInstanceNoArenaEPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc10reflection7v1alpha13ErrorResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc10reflection7v1alpha15ServiceResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc10reflection7v1alpha16ExtensionRequestEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc10reflection7v1alpha19ListServiceResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc10reflection7v1alpha22FileDescriptorResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc10reflection7v1alpha23ExtensionNumberResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc10reflection7v1alpha23ServerReflectionRequestEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc10reflection7v1alpha24ServerReflectionResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectINS1_29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE9ContainerEEEvPv + + [D] _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE27mutable_unknown_fields_slowEv + + [D] _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEED1Ev, aliases _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEED2Ev + + [D] _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEED2Ev + + [D] _ZN9grpc_impl10reflection27ProtoServerReflectionPlugin10InitServerEPNS_17ServerInitializerE + + [D] _ZN9grpc_impl10reflection27ProtoServerReflectionPlugin15ChangeArgumentsERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPv + + [D] _ZN9grpc_impl10reflection27ProtoServerReflectionPlugin4nameB5cxx11Ev + + [D] _ZN9grpc_impl10reflection27ProtoServerReflectionPlugin6FinishEPNS_17ServerInitializerE + + [D] _ZN9grpc_impl10reflection27ProtoServerReflectionPluginC1Ev, aliases _ZN9grpc_impl10reflection27ProtoServerReflectionPluginC2Ev + + [D] _ZN9grpc_impl10reflection27ProtoServerReflectionPluginC2Ev + + [D] _ZN9grpc_impl10reflection27ProtoServerReflectionPluginD0Ev + + [D] _ZN9grpc_impl10reflection27ProtoServerReflectionPluginD1Ev, aliases _ZN9grpc_impl10reflection27ProtoServerReflectionPluginD2Ev + + [D] _ZN9grpc_impl10reflection27ProtoServerReflectionPluginD2Ev + + [D] _ZN9grpc_impl10reflection38InitProtoReflectionServerBuilderPluginEv + + [D] _ZNK4grpc10reflection7v1alpha13ErrorResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc10reflection7v1alpha13ErrorResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc10reflection7v1alpha15ServiceResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc10reflection7v1alpha15ServiceResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc10reflection7v1alpha16ExtensionRequest24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc10reflection7v1alpha16ExtensionRequest39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc10reflection7v1alpha19ListServiceResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc10reflection7v1alpha19ListServiceResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc10reflection7v1alpha22FileDescriptorResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc10reflection7v1alpha22FileDescriptorResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc10reflection7v1alpha23ExtensionNumberResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc10reflection7v1alpha23ExtensionNumberResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc10reflection7v1alpha23ServerReflectionRequest24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc10reflection7v1alpha23ServerReflectionRequest39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc10reflection7v1alpha24ServerReflectionResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc10reflection7v1alpha24ServerReflectionResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK6google8protobuf11MessageLite20GetMaybeArenaPointerEv + + [D] _ZNK6google8protobuf11MessageLite8GetArenaEv + + [D] _ZNK9grpc_impl10reflection27ProtoServerReflectionPlugin16has_sync_methodsEv + + [D] _ZNK9grpc_impl10reflection27ProtoServerReflectionPlugin17has_async_methodsEv + + [D] _ZNSt14_Function_base13_Base_managerISt5_BindIFSt8functionIFN4grpc6StatusEPNS3_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS3_18ServerReaderWriterINS6_24ServerReflectionResponseENS6_23ServerReflectionRequestEEEEES9_St12_PlaceholderILi1EESK_ILi2EEEEE10_M_managerERSt9_Any_dataRKSQ_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerISt7_Mem_fnIMN4grpc10reflection7v1alpha16ServerReflection7ServiceEFNS2_6StatusEPN9grpc_impl13ServerContextEPNS2_18ServerReaderWriterINS4_24ServerReflectionResponseENS4_23ServerReflectionRequestEEEEEE10_M_managerERSt9_Any_dataRKSK_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10reflection7v1alpha23ServerReflectionRequestENS5_24ServerReflectionResponseEE10WritesDoneEvEUlbE_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10reflection7v1alpha23ServerReflectionRequestENS5_24ServerReflectionResponseEE9StartCallEvEUlbE0_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10reflection7v1alpha23ServerReflectionRequestENS5_24ServerReflectionResponseEE9StartCallEvEUlbE1_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10reflection7v1alpha23ServerReflectionRequestENS5_24ServerReflectionResponseEE9StartCallEvEUlbE2_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10reflection7v1alpha23ServerReflectionRequestENS5_24ServerReflectionResponseEE9StartCallEvEUlbE_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [D] _ZNSt17_Function_handlerIFN4grpc6StatusEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS0_10reflection7v1alpha24ServerReflectionResponseENS7_23ServerReflectionRequestEEEESt5_BindIFSt8functionIFS1_PNS7_16ServerReflection7ServiceES4_SB_EESH_St12_PlaceholderILi1EESK_ILi2EEEEE9_M_invokeERKSt9_Any_dataOS4_OSB_ + + [D] _ZNSt17_Function_handlerIFN4grpc6StatusEPNS0_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS3_24ServerReflectionResponseENS3_23ServerReflectionRequestEEEESt7_Mem_fnIMS5_FS1_S9_SE_EEE9_M_invokeERKSt9_Any_dataOS6_OS9_OSE_ + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10reflection7v1alpha23ServerReflectionRequestENS5_24ServerReflectionResponseEE10WritesDoneEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10reflection7v1alpha23ServerReflectionRequestENS5_24ServerReflectionResponseEE9StartCallEvEUlbE0_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10reflection7v1alpha23ServerReflectionRequestENS5_24ServerReflectionResponseEE9StartCallEvEUlbE1_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10reflection7v1alpha23ServerReflectionRequestENS5_24ServerReflectionResponseEE9StartCallEvEUlbE2_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10reflection7v1alpha23ServerReflectionRequestENS5_24ServerReflectionResponseEE9StartCallEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt8functionIFN4grpc6StatusEPNS0_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS3_24ServerReflectionResponseENS3_23ServerReflectionRequestEEEEEC1ERKSG_ + + [D] _ZNSt8functionIFN4grpc6StatusEPNS0_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS3_24ServerReflectionResponseENS3_23ServerReflectionRequestEEEEEC2ERKSG_, aliases _ZNSt8functionIFN4grpc6StatusEPNS0_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS3_24ServerReflectionResponseENS3_23ServerReflectionRequestEEEEEC1ERKSG_ + + [D] _ZThn16_N4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE15NextMessageSizeEPj + + [D] _ZThn16_N4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE4ReadEPS4_ + + [D] _ZThn16_N4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED0Ev + + [D] _ZThn16_N4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED1Ev + + [D] _ZThn16_N4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEE15NextMessageSizeEPj + + [D] _ZThn16_N4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEE4ReadEPS4_ + + [D] _ZThn16_N4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEED0Ev + + [D] _ZThn16_N4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEED1Ev + + [D] _ZThn16_N4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE4ReadEPS4_Pv + + [D] _ZThn16_N4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED0Ev + + [D] _ZThn16_N4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED1Ev + + [D] _ZThn8_N4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE5WriteERKS3_NS_12WriteOptionsE + + [D] _ZThn8_N4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED0Ev + + [D] _ZThn8_N4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED1Ev + + [D] _ZThn8_N4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEE5WriteERKS3_NS_12WriteOptionsE + + [D] _ZThn8_N4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEED0Ev + + [D] _ZThn8_N4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEED1Ev + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE5WriteERKS3_NS_12WriteOptionsEPv + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEE5WriteERKS3_Pv + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED0Ev + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEED1Ev + + + +157 Added function symbols not referenced by debug info: + + + + [A] _ZN4grpc10reflection27ProtoServerReflectionPlugin10InitServerEPN9grpc_impl17ServerInitializerE + + [A] _ZN4grpc10reflection27ProtoServerReflectionPlugin15ChangeArgumentsERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPv + + [A] _ZN4grpc10reflection27ProtoServerReflectionPlugin4nameB5cxx11Ev + + [A] _ZN4grpc10reflection27ProtoServerReflectionPlugin6FinishEPN9grpc_impl17ServerInitializerE + + [A] _ZN4grpc10reflection27ProtoServerReflectionPluginC1Ev, aliases _ZN4grpc10reflection27ProtoServerReflectionPluginC2Ev + + [A] _ZN4grpc10reflection27ProtoServerReflectionPluginC2Ev + + [A] _ZN4grpc10reflection27ProtoServerReflectionPluginD0Ev + + [A] _ZN4grpc10reflection27ProtoServerReflectionPluginD1Ev + + [A] _ZN4grpc10reflection27ProtoServerReflectionPluginD2Ev, aliases _ZN4grpc10reflection27ProtoServerReflectionPluginD1Ev + + [A] _ZN4grpc10reflection38InitProtoReflectionServerBuilderPluginEv + + [A] _ZN4grpc10reflection7v1alpha13ErrorResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc10reflection7v1alpha13ErrorResponse9ArenaDtorEPv + + [A] _ZN4grpc10reflection7v1alpha13ErrorResponseC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc10reflection7v1alpha13ErrorResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha13ErrorResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha15ServiceResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc10reflection7v1alpha15ServiceResponse9ArenaDtorEPv + + [A] _ZN4grpc10reflection7v1alpha15ServiceResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha15ServiceResponseC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc10reflection7v1alpha15ServiceResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha16ExtensionRequest14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc10reflection7v1alpha16ExtensionRequest9ArenaDtorEPv + + [A] _ZN4grpc10reflection7v1alpha16ExtensionRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha16ExtensionRequestC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc10reflection7v1alpha16ExtensionRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha16ServerReflection4Stub18experimental_async20ServerReflectionInfoEPN9grpc_impl13ClientContextEPNS5_17ClientBidiReactorINS1_23ServerReflectionRequestENS1_24ServerReflectionResponseEEE + + [A] _ZN4grpc10reflection7v1alpha16ServerReflection7Service20ServerReflectionInfoEPN9grpc_impl13ServerContextEPNS4_18ServerReaderWriterINS1_24ServerReflectionResponseENS1_23ServerReflectionRequestEEE + + [A] _ZN4grpc10reflection7v1alpha19ListServiceResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc10reflection7v1alpha19ListServiceResponse9ArenaDtorEPv + + [A] _ZN4grpc10reflection7v1alpha19ListServiceResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha19ListServiceResponseC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc10reflection7v1alpha19ListServiceResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha22FileDescriptorResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc10reflection7v1alpha22FileDescriptorResponse9ArenaDtorEPv + + [A] _ZN4grpc10reflection7v1alpha22FileDescriptorResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha22FileDescriptorResponseC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc10reflection7v1alpha22FileDescriptorResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha23ExtensionNumberResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc10reflection7v1alpha23ExtensionNumberResponse9ArenaDtorEPv + + [A] _ZN4grpc10reflection7v1alpha23ExtensionNumberResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha23ExtensionNumberResponseC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc10reflection7v1alpha23ExtensionNumberResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha23ServerReflectionRequest14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc10reflection7v1alpha23ServerReflectionRequest9ArenaDtorEPv + + [A] _ZN4grpc10reflection7v1alpha23ServerReflectionRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha23ServerReflectionRequestC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc10reflection7v1alpha23ServerReflectionRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha24ServerReflectionResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc10reflection7v1alpha24ServerReflectionResponse9ArenaDtorEPv + + [A] _ZN4grpc10reflection7v1alpha24ServerReflectionResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc10reflection7v1alpha24ServerReflectionResponseC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc10reflection7v1alpha24ServerReflectionResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc19ServerBuilderPlugin19UpdateServerBuilderEPNS_13ServerBuilderE + + [A] _ZN4grpc21ProtoServerReflection20ServerReflectionInfoEPN9grpc_impl13ServerContextEPNS1_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS6_23ServerReflectionRequestEEE + + [A] _ZN4grpc8internal22CallbackWithSuccessTag3SetEP9grpc_callSt8functionIFvbEEPNS0_18CompletionQueueTagEb + + [A] _ZN4grpc8internal22CallbackWithSuccessTagD1Ev, aliases _ZN4grpc8internal22CallbackWithSuccessTagD2Ev + + [A] _ZN4grpc8internal22CallbackWithSuccessTagD2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc10reflection7v1alpha15ServiceResponseEED1Ev, aliases _ZN6google8protobuf16RepeatedPtrFieldIN4grpc10reflection7v1alpha15ServiceResponseEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc10reflection7v1alpha15ServiceResponseEED2Ev + + [A] _ZN6google8protobuf8internal11VarintParseImEEPKcS4_PT_ + + [A] _ZN6google8protobuf8internal14ArenaStringPtr14CreateInstanceEPNS0_5ArenaEPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN6google8protobuf8internal16InternalMetadata27mutable_unknown_fields_slowINS0_15UnknownFieldSetEEEPT_v + + [A] _ZN6google8protobuf8internal20RepeatedPtrFieldBase5ClearINS0_16RepeatedPtrFieldIN4grpc10reflection7v1alpha15ServiceResponseEE11TypeHandlerEEEvv + + [A] _ZN6google8protobuf8internal21arena_destruct_objectINS1_16InternalMetadata9ContainerINS0_15UnknownFieldSetEEEEEvPv + + [A] _ZN6google8protobuf8internal21arena_destruct_objectINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEEvPv + + [A] _ZN9grpc_impl17ClientBidiReactorIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE10OnReadDoneEb + + [A] _ZN9grpc_impl17ClientBidiReactorIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE11OnWriteDoneEb + + [A] _ZN9grpc_impl17ClientBidiReactorIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE16OnWritesDoneDoneEb + + [A] _ZN9grpc_impl17ClientBidiReactorIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE25OnReadInitialMetadataDoneEb + + [A] _ZN9grpc_impl17ClientBidiReactorIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE6OnDoneERKNS1_6StatusE + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE10WritesDoneEv + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE15NextMessageSizeEPj + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE22WaitForInitialMetadataEv + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE4ReadEPS5_ + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE5WriteERKS4_NS1_12WriteOptionsE + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE6FinishEv + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEC1EPNS1_16ChannelInterfaceERKNS1_8internal9RpcMethodEPNS_13ClientContextE + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEC2EPNS1_16ChannelInterfaceERKNS1_8internal9RpcMethodEPNS_13ClientContextE, aliases _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEC1EPNS1_16ChannelInterfaceERKNS1_8internal9RpcMethodEPNS_13ClientContextE + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED0Ev + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED1Ev, aliases _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED2Ev + + [A] _ZN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED2Ev + + [A] _ZN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEE15NextMessageSizeEPj + + [A] _ZN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEE19SendInitialMetadataEv + + [A] _ZN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEE4ReadEPS5_ + + [A] _ZN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEE5WriteERKS4_NS1_12WriteOptionsE + + [A] _ZN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEED0Ev + + [A] _ZN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEED1Ev, aliases _ZN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEED2Ev + + [A] _ZN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEED2Ev + + [A] _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE10WritesDoneEPv + + [A] _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE19ReadInitialMetadataEPv + + [A] _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE4ReadEPS5_Pv + + [A] _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE5WriteERKS4_NS1_12WriteOptionsEPv + + [A] _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE5WriteERKS4_Pv + + [A] _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE6FinishEPNS1_6StatusEPv + + [A] _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE9StartCallEPv + + [A] _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED0Ev + + [A] _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED1Ev + + [A] _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED2Ev, aliases _ZN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED1Ev + + [A] _ZN9grpc_impl8internal20BidiStreamingHandlerIN4grpc10reflection7v1alpha16ServerReflection7ServiceENS4_23ServerReflectionRequestENS4_24ServerReflectionResponseEED0Ev + + [A] _ZN9grpc_impl8internal20BidiStreamingHandlerIN4grpc10reflection7v1alpha16ServerReflection7ServiceENS4_23ServerReflectionRequestENS4_24ServerReflectionResponseEED1Ev, aliases _ZN9grpc_impl8internal20BidiStreamingHandlerIN4grpc10reflection7v1alpha16ServerReflection7ServiceENS4_23ServerReflectionRequestENS4_24ServerReflectionResponseEED2Ev + + [A] _ZN9grpc_impl8internal20BidiStreamingHandlerIN4grpc10reflection7v1alpha16ServerReflection7ServiceENS4_23ServerReflectionRequestENS4_24ServerReflectionResponseEED2Ev + + [A] _ZN9grpc_impl8internal22ServerReaderWriterBodyIN4grpc10reflection7v1alpha24ServerReflectionResponseENS4_23ServerReflectionRequestEE19SendInitialMetadataEv + + [A] _ZN9grpc_impl8internal23CatchingFunctionHandlerIZNS0_29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS6_23ServerReflectionRequestEEELb0EE10RunHandlerERKNS4_8internal13MethodHandler16HandlerParameterEEUlvE_EENS4_6StatusEOT_ + + [A] _ZN9grpc_impl8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS5_23ServerReflectionRequestEEELb0EE10RunHandlerERKNS3_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS5_23ServerReflectionRequestEEELb0EED0Ev + + [A] _ZN9grpc_impl8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS5_23ServerReflectionRequestEEELb0EED1Ev, aliases _ZN9grpc_impl8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS5_23ServerReflectionRequestEEELb0EED2Ev + + [A] _ZN9grpc_impl8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS5_23ServerReflectionRequestEEELb0EED2Ev + + [A] _ZN9grpc_impl8internal30ClientAsyncReaderWriterFactoryIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEE6CreateEPNS2_16ChannelInterfaceEPNS_15CompletionQueueERKNS2_8internal9RpcMethodEPNS_13ClientContextEbPv + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEE10RemoveHoldEv + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEE10WritesDoneEv + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEE11MaybeFinishEb + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEE4ReadEPS6_ + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEE5WriteEPKS5_NS2_12WriteOptionsE + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEE7AddHoldEi + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEE9StartCallEv + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC1ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EE + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC2ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EE, aliases _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC1ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EE + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEED0Ev + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEED1Ev, aliases _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEED2Ev + + [A] _ZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEED2Ev + + [A] _ZNK4grpc10reflection27ProtoServerReflectionPlugin16has_sync_methodsEv + + [A] _ZNK4grpc10reflection27ProtoServerReflectionPlugin17has_async_methodsEv + + [A] _ZNK4grpc10reflection7v1alpha13ErrorResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc10reflection7v1alpha15ServiceResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc10reflection7v1alpha16ExtensionRequest18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc10reflection7v1alpha19ListServiceResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc10reflection7v1alpha22FileDescriptorResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc10reflection7v1alpha23ExtensionNumberResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc10reflection7v1alpha23ServerReflectionRequest18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc10reflection7v1alpha24ServerReflectionResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal20BidiStreamingHandlerIN4grpc10reflection7v1alpha16ServerReflection7ServiceENS6_23ServerReflectionRequestENS6_24ServerReflectionResponseEEC4ESt8functionIFNS4_6StatusEPS8_PNS1_13ServerContextEPNS1_18ServerReaderWriterISA_S9_EEEESE_EUlSG_SJ_E_E10_M_managerERSt9_Any_dataRKSO_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS6_24ServerReflectionResponseEE10WritesDoneEvEUlbE_E10_M_managerERSt9_Any_dataRKSC_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS6_24ServerReflectionResponseEEC4ENS4_8internal4CallEPNS1_13ClientContextEPNS1_17ClientBidiReactorIS7_S8_EEEUlbE0_E10_M_managerERSt9_Any_dataRKSJ_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS6_24ServerReflectionResponseEEC4ENS4_8internal4CallEPNS1_13ClientContextEPNS1_17ClientBidiReactorIS7_S8_EEEUlbE1_E10_M_managerERSt9_Any_dataRKSJ_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS6_24ServerReflectionResponseEEC4ENS4_8internal4CallEPNS1_13ClientContextEPNS1_17ClientBidiReactorIS7_S8_EEEUlbE2_E10_M_managerERSt9_Any_dataRKSJ_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS6_24ServerReflectionResponseEEC4ENS4_8internal4CallEPNS1_13ClientContextEPNS1_17ClientBidiReactorIS7_S8_EEEUlbE_E10_M_managerERSt9_Any_dataRKSJ_St18_Manager_operation + + [A] _ZNSt17_Function_handlerIFN4grpc6StatusEPN9grpc_impl13ServerContextEPNS2_18ServerReaderWriterINS0_10reflection7v1alpha24ServerReflectionResponseENS7_23ServerReflectionRequestEEEEZNS2_8internal20BidiStreamingHandlerINS7_16ServerReflection7ServiceES9_S8_EC4ESt8functionIFS1_PSG_S4_SB_EESJ_EUlS4_SB_E_E9_M_invokeERKSt9_Any_dataOS4_OSB_ + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS6_24ServerReflectionResponseEE10WritesDoneEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS6_24ServerReflectionResponseEEC4ENS4_8internal4CallEPNS1_13ClientContextEPNS1_17ClientBidiReactorIS7_S8_EEEUlbE0_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS6_24ServerReflectionResponseEEC4ENS4_8internal4CallEPNS1_13ClientContextEPNS1_17ClientBidiReactorIS7_S8_EEEUlbE1_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS6_24ServerReflectionResponseEEC4ENS4_8internal4CallEPNS1_13ClientContextEPNS1_17ClientBidiReactorIS7_S8_EEEUlbE2_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS6_24ServerReflectionResponseEEC4ENS4_8internal4CallEPNS1_13ClientContextEPNS1_17ClientBidiReactorIS7_S8_EEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt8functionIFN4grpc6StatusEPNS0_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS7_18ServerReaderWriterINS3_24ServerReflectionResponseENS3_23ServerReflectionRequestEEEEEC1ERKSG_, aliases _ZNSt8functionIFN4grpc6StatusEPNS0_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS7_18ServerReaderWriterINS3_24ServerReflectionResponseENS3_23ServerReflectionRequestEEEEEC2ERKSG_ + + [A] _ZNSt8functionIFN4grpc6StatusEPNS0_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS7_18ServerReaderWriterINS3_24ServerReflectionResponseENS3_23ServerReflectionRequestEEEEEC2ERKSG_ + + [A] _ZThn16_N9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE15NextMessageSizeEPj + + [A] _ZThn16_N9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE4ReadEPS5_ + + [A] _ZThn16_N9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED0Ev + + [A] _ZThn16_N9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED1Ev + + [A] _ZThn16_N9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEE15NextMessageSizeEPj + + [A] _ZThn16_N9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEE4ReadEPS5_ + + [A] _ZThn16_N9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEED0Ev + + [A] _ZThn16_N9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEED1Ev + + [A] _ZThn16_N9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE4ReadEPS5_Pv + + [A] _ZThn16_N9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED0Ev + + [A] _ZThn16_N9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED1Ev + + [A] _ZThn8_N9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE5WriteERKS4_NS1_12WriteOptionsE + + [A] _ZThn8_N9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED0Ev + + [A] _ZThn8_N9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED1Ev + + [A] _ZThn8_N9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEE5WriteERKS4_NS1_12WriteOptionsE + + [A] _ZThn8_N9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEED0Ev + + [A] _ZThn8_N9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEED1Ev + + [A] _ZThn8_N9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE5WriteERKS4_NS1_12WriteOptionsEPv + + [A] _ZThn8_N9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE5WriteERKS4_Pv + + [A] _ZThn8_N9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED0Ev + + [A] _ZThn8_N9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEED1Ev + + + +74 Removed variable symbols not referenced by debug info: + + + + _ZN9grpc_impl10reflection42static_proto_reflection_plugin_initializerE + + _ZTIN4grpc12experimental26ClientCallbackReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTIN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEE + + _ZTIN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEEE + + _ZTIN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEE + + _ZTIN4grpc27ClientReaderWriterInterfaceINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEE + + _ZTIN4grpc27ServerReaderWriterInterfaceINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEEE + + _ZTIN4grpc32ClientAsyncReaderWriterInterfaceINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEE + + _ZTIN4grpc8internal15ReaderInterfaceINS_10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTIN4grpc8internal15ReaderInterfaceINS_10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTIN4grpc8internal15WriterInterfaceINS_10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTIN4grpc8internal15WriterInterfaceINS_10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTIN4grpc8internal20AsyncReaderInterfaceINS_10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTIN4grpc8internal20AsyncWriterInterfaceINS_10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTIN4grpc8internal20BidiStreamingHandlerINS_10reflection7v1alpha16ServerReflection7ServiceENS3_23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTIN4grpc8internal24ClientStreamingInterfaceE + + _ZTIN4grpc8internal24ServerStreamingInterfaceE + + _ZTIN4grpc8internal29ClientAsyncStreamingInterfaceE + + _ZTIN4grpc8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS4_23ServerReflectionRequestEEELb0EEE + + _ZTIN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTIN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE9ContainerE + + _ZTIN9grpc_impl10reflection27ProtoServerReflectionPluginE + + _ZTISt12_Mem_fn_baseIMN4grpc10reflection7v1alpha16ServerReflection7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS2_24ServerReflectionResponseENS2_23ServerReflectionRequestEEEELb1EE + + _ZTISt17_Weak_result_typeISt8functionIFN4grpc6StatusEPNS1_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS1_18ServerReaderWriterINS4_24ServerReflectionResponseENS4_23ServerReflectionRequestEEEEEE + + _ZTISt22_Maybe_get_result_typeISt8functionIFN4grpc6StatusEPNS1_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS1_18ServerReaderWriterINS4_24ServerReflectionResponseENS4_23ServerReflectionRequestEEEEEvE + + _ZTISt22_Weak_result_type_implISt8functionIFN4grpc6StatusEPNS1_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS1_18ServerReaderWriterINS4_24ServerReflectionResponseENS4_23ServerReflectionRequestEEEEEE + + _ZTISt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS3_24ServerReflectionResponseENS3_23ServerReflectionRequestEEEEE + + _ZTISt5_BindIFSt8functionIFN4grpc6StatusEPNS1_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS1_18ServerReaderWriterINS4_24ServerReflectionResponseENS4_23ServerReflectionRequestEEEEES7_St12_PlaceholderILi1EESI_ILi2EEEE + + _ZTISt7_Mem_fnIMN4grpc10reflection7v1alpha16ServerReflection7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS2_24ServerReflectionResponseENS2_23ServerReflectionRequestEEEEE + + _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE10WritesDoneEvEUlbE_ + + _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE9StartCallEvEUlbE0_ + + _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE9StartCallEvEUlbE1_ + + _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE9StartCallEvEUlbE2_ + + _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE9StartCallEvEUlbE_ + + _ZTSN4grpc12experimental26ClientCallbackReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTSN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEE + + _ZTSN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEEE + + _ZTSN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEE + + _ZTSN4grpc27ClientReaderWriterInterfaceINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEE + + _ZTSN4grpc27ServerReaderWriterInterfaceINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEEE + + _ZTSN4grpc32ClientAsyncReaderWriterInterfaceINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEE + + _ZTSN4grpc8internal15ReaderInterfaceINS_10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTSN4grpc8internal15ReaderInterfaceINS_10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTSN4grpc8internal15WriterInterfaceINS_10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTSN4grpc8internal15WriterInterfaceINS_10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTSN4grpc8internal20AsyncReaderInterfaceINS_10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTSN4grpc8internal20AsyncWriterInterfaceINS_10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTSN4grpc8internal20BidiStreamingHandlerINS_10reflection7v1alpha16ServerReflection7ServiceENS3_23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTSN4grpc8internal24ClientStreamingInterfaceE + + _ZTSN4grpc8internal24ServerStreamingInterfaceE + + _ZTSN4grpc8internal29ClientAsyncStreamingInterfaceE + + _ZTSN4grpc8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS4_23ServerReflectionRequestEEELb0EEE + + _ZTSN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTSN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE9ContainerE + + _ZTSN9grpc_impl10reflection27ProtoServerReflectionPluginE + + _ZTSSt12_Mem_fn_baseIMN4grpc10reflection7v1alpha16ServerReflection7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS2_24ServerReflectionResponseENS2_23ServerReflectionRequestEEEELb1EE + + _ZTSSt17_Weak_result_typeISt8functionIFN4grpc6StatusEPNS1_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS1_18ServerReaderWriterINS4_24ServerReflectionResponseENS4_23ServerReflectionRequestEEEEEE + + _ZTSSt22_Maybe_get_result_typeISt8functionIFN4grpc6StatusEPNS1_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS1_18ServerReaderWriterINS4_24ServerReflectionResponseENS4_23ServerReflectionRequestEEEEEvE + + _ZTSSt22_Weak_result_type_implISt8functionIFN4grpc6StatusEPNS1_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS1_18ServerReaderWriterINS4_24ServerReflectionResponseENS4_23ServerReflectionRequestEEEEEE + + _ZTSSt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS3_24ServerReflectionResponseENS3_23ServerReflectionRequestEEEEE + + _ZTSSt5_BindIFSt8functionIFN4grpc6StatusEPNS1_10reflection7v1alpha16ServerReflection7ServiceEPN9grpc_impl13ServerContextEPNS1_18ServerReaderWriterINS4_24ServerReflectionResponseENS4_23ServerReflectionRequestEEEEES7_St12_PlaceholderILi1EESI_ILi2EEEE + + _ZTSSt7_Mem_fnIMN4grpc10reflection7v1alpha16ServerReflection7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPNS0_18ServerReaderWriterINS2_24ServerReflectionResponseENS2_23ServerReflectionRequestEEEEE + + _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE10WritesDoneEvEUlbE_ + + _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE9StartCallEvEUlbE0_ + + _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE9StartCallEvEUlbE1_ + + _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE9StartCallEvEUlbE2_ + + _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEE9StartCallEvEUlbE_ + + _ZTVN4grpc18ClientReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEE + + _ZTVN4grpc18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS2_23ServerReflectionRequestEEE + + _ZTVN4grpc23ClientAsyncReaderWriterINS_10reflection7v1alpha23ServerReflectionRequestENS2_24ServerReflectionResponseEEE + + _ZTVN4grpc8internal20BidiStreamingHandlerINS_10reflection7v1alpha16ServerReflection7ServiceENS3_23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTVN4grpc8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterINS_10reflection7v1alpha24ServerReflectionResponseENS4_23ServerReflectionRequestEEELb0EEE + + _ZTVN4grpc8internal30ClientCallbackReaderWriterImplINS_10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTVN9grpc_impl10reflection27ProtoServerReflectionPluginE + + + +60 Added variable symbols not referenced by debug info: + + + + _ZN4grpc10reflection42static_proto_reflection_plugin_initializerE + + _ZTIN4grpc10reflection27ProtoServerReflectionPluginE + + _ZTIN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTIN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEEE + + _ZTIN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTIN9grpc_impl26ClientCallbackReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTIN9grpc_impl27ClientReaderWriterInterfaceIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTIN9grpc_impl27ServerReaderWriterInterfaceIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEEE + + _ZTIN9grpc_impl32ClientAsyncReaderWriterInterfaceIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTIN9grpc_impl8internal15ReaderInterfaceIN4grpc10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTIN9grpc_impl8internal15ReaderInterfaceIN4grpc10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTIN9grpc_impl8internal15WriterInterfaceIN4grpc10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTIN9grpc_impl8internal15WriterInterfaceIN4grpc10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTIN9grpc_impl8internal20AsyncReaderInterfaceIN4grpc10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTIN9grpc_impl8internal20AsyncWriterInterfaceIN4grpc10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTIN9grpc_impl8internal20BidiStreamingHandlerIN4grpc10reflection7v1alpha16ServerReflection7ServiceENS4_23ServerReflectionRequestENS4_24ServerReflectionResponseEEE + + _ZTIN9grpc_impl8internal24ClientStreamingInterfaceE + + _ZTIN9grpc_impl8internal24ServerStreamingInterfaceE + + _ZTIN9grpc_impl8internal29ClientAsyncStreamingInterfaceE + + _ZTIN9grpc_impl8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS5_23ServerReflectionRequestEEELb0EEE + + _ZTIN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEE + + _ZTIZN9grpc_impl8internal20BidiStreamingHandlerIN4grpc10reflection7v1alpha16ServerReflection7ServiceENS4_23ServerReflectionRequestENS4_24ServerReflectionResponseEEC4ESt8functionIFNS2_6StatusEPS6_PNS_13ServerContextEPNS_18ServerReaderWriterIS8_S7_EEEESC_EUlSE_SH_E_ + + _ZTIZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEE10WritesDoneEvEUlbE_ + + _ZTIZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC4ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EEEUlbE0_ + + _ZTIZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC4ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EEEUlbE1_ + + _ZTIZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC4ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EEEUlbE2_ + + _ZTIZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC4ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EEEUlbE_ + + _ZTSN4grpc10reflection27ProtoServerReflectionPluginE + + _ZTSN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTSN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEEE + + _ZTSN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTSN9grpc_impl26ClientCallbackReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTSN9grpc_impl27ClientReaderWriterInterfaceIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTSN9grpc_impl27ServerReaderWriterInterfaceIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEEE + + _ZTSN9grpc_impl32ClientAsyncReaderWriterInterfaceIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTSN9grpc_impl8internal15ReaderInterfaceIN4grpc10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTSN9grpc_impl8internal15ReaderInterfaceIN4grpc10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTSN9grpc_impl8internal15WriterInterfaceIN4grpc10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTSN9grpc_impl8internal15WriterInterfaceIN4grpc10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTSN9grpc_impl8internal20AsyncReaderInterfaceIN4grpc10reflection7v1alpha24ServerReflectionResponseEEE + + _ZTSN9grpc_impl8internal20AsyncWriterInterfaceIN4grpc10reflection7v1alpha23ServerReflectionRequestEEE + + _ZTSN9grpc_impl8internal20BidiStreamingHandlerIN4grpc10reflection7v1alpha16ServerReflection7ServiceENS4_23ServerReflectionRequestENS4_24ServerReflectionResponseEEE + + _ZTSN9grpc_impl8internal24ClientStreamingInterfaceE + + _ZTSN9grpc_impl8internal24ServerStreamingInterfaceE + + _ZTSN9grpc_impl8internal29ClientAsyncStreamingInterfaceE + + _ZTSN9grpc_impl8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS5_23ServerReflectionRequestEEELb0EEE + + _ZTSN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEE + + _ZTSZN9grpc_impl8internal20BidiStreamingHandlerIN4grpc10reflection7v1alpha16ServerReflection7ServiceENS4_23ServerReflectionRequestENS4_24ServerReflectionResponseEEC4ESt8functionIFNS2_6StatusEPS6_PNS_13ServerContextEPNS_18ServerReaderWriterIS8_S7_EEEESC_EUlSE_SH_E_ + + _ZTSZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEE10WritesDoneEvEUlbE_ + + _ZTSZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC4ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EEEUlbE0_ + + _ZTSZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC4ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EEEUlbE1_ + + _ZTSZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC4ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EEEUlbE2_ + + _ZTSZN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEC4ENS2_8internal4CallEPNS_13ClientContextEPNS_17ClientBidiReactorIS5_S6_EEEUlbE_ + + _ZTVN4grpc10reflection27ProtoServerReflectionPluginE + + _ZTVN9grpc_impl18ClientReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTVN9grpc_impl18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS3_23ServerReflectionRequestEEE + + _ZTVN9grpc_impl23ClientAsyncReaderWriterIN4grpc10reflection7v1alpha23ServerReflectionRequestENS3_24ServerReflectionResponseEEE + + _ZTVN9grpc_impl8internal20BidiStreamingHandlerIN4grpc10reflection7v1alpha16ServerReflection7ServiceENS4_23ServerReflectionRequestENS4_24ServerReflectionResponseEEE + + _ZTVN9grpc_impl8internal29TemplatedBidiStreamingHandlerINS_18ServerReaderWriterIN4grpc10reflection7v1alpha24ServerReflectionResponseENS5_23ServerReflectionRequestEEELb0EEE + + _ZTVN9grpc_impl8internal30ClientCallbackReaderWriterImplIN4grpc10reflection7v1alpha23ServerReflectionRequestENS4_24ServerReflectionResponseEEE + + + +---------------diffs in grpc_libgrpc.so.11.0.0_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 653 Removed, 1093 Added function symbols not referenced by debug info + +Variable symbols changes summary: 47 Removed, 786 Added variable symbols not referenced by debug info + + + +SONAME changed from 'libgrpc.so.7' to 'libgrpc.so.11' + + + +653 Removed function symbols not referenced by debug info: + + + + [D] _Z10gpr_getenvPKc + + [D] _Z10gpr_setenvPKcS0_ + + [D] _Z10int64_ttoalPc + + [D] _Z11gpr_leftpadPKccm + + [D] _Z11gpr_memrchrPKvim + + [D] _Z11gpr_stricmpPKcS0_ + + [D] _Z11gpr_strjoinPPKcmPm + + [D] _Z12create_slicePKcm + + [D] _Z12gpr_unsetenvPKc + + [D] _Z13destroy_sliceP10grpc_slice + + [D] _Z13gpr_mpscq_popP9gpr_mpscq + + [D] _Z14gpr_mpscq_initP9gpr_mpscq + + [D] _Z14gpr_mpscq_pushP9gpr_mpscqP14gpr_mpscq_node + + [D] _Z14gpr_strvec_addP10gpr_strvecPc + + [D] _Z14grpc_op_stringPK7grpc_op + + [D] _Z15gpr_default_logP17gpr_log_func_args + + [D] _Z15gpr_strjoin_sepPPKcmS0_Pm + + [D] _Z15gpr_strvec_initP10gpr_strvec + + [D] _Z16gpr_murmur_hash3PKvmj + + [D] _Z16gpr_string_splitPKcS0_PPPcPm + + [D] _Z16grpc_json_create14grpc_json_type + + [D] _Z17gpr_mpscq_destroyP9gpr_mpscq + + [D] _Z17gpr_reverse_bytesPci + + [D] _Z17grpc_combiner_refP13grpc_combiner + + [D] _Z17grpc_error_do_refP10grpc_error + + [D] _Z17grpc_event_stringP10grpc_event + + [D] _Z17grpc_json_destroyP9grpc_json + + [D] _Z18add_repeated_fieldPP15repeated_field_PKv + + [D] _Z18gpr_join_host_portPPcPKci + + [D] _Z18gpr_strvec_destroyP10gpr_strvec + + [D] _Z18gpr_strvec_flattenP10gpr_strvecPm + + [D] _Z18grpc_closure_schedP12grpc_closureP10grpc_error + + [D] _Z18grpc_connector_refP14grpc_connector + + [D] _Z18http_proxy_enabledPK17grpc_channel_args + + [D] _Z18pollset_set_createv + + [D] _Z19gpr_dump_return_lenPKcmjPm + + [D] _Z19gpr_format_timespec12gpr_timespec + + [D] _Z19gpr_split_host_portPKcPPcS2_ + + [D] _Z19grpc_call_log_batchPKci16gpr_log_severityP9grpc_callPK7grpc_opmPv + + [D] _Z19grpc_combiner_unrefP13grpc_combiner + + [D] _Z19grpc_error_do_unrefP10grpc_error + + [D] _Z19pollset_set_destroyP16grpc_pollset_set + + [D] _Z20gpr_locked_mpscq_popP16gpr_locked_mpscq + + [D] _Z20gpr_parse_bool_valuePKcPb + + [D] _Z20grpc_connector_unrefP14grpc_connector + + [D] _Z20grpc_cq_internal_refP21grpc_completion_queue + + [D] _Z20grpc_json_link_childP9grpc_jsonS0_S0_ + + [D] _Z20grpc_json_reader_runP16grpc_json_reader + + [D] _Z20grpc_mdelem_do_unref11grpc_mdelem + + [D] _Z20grpc_sockaddr_to_uriPK21grpc_resolved_address + + [D] _Z20grpc_stream_ref_initP20grpc_stream_refcountiPFvPvP10grpc_errorES1_ + + [D] _Z21gpr_locked_mpscq_initP16gpr_locked_mpscq + + [D] _Z21gpr_locked_mpscq_pushP16gpr_locked_mpscqP14gpr_mpscq_node + + [D] _Z21gpr_precise_clock_nowP12gpr_timespec + + [D] _Z21gpr_timer_set_enabledi + + [D] _Z21grpc_json_reader_initP16grpc_json_readerP23grpc_json_reader_vtablePv + + [D] _Z21grpc_json_writer_initP16grpc_json_writeriP23grpc_json_writer_vtablePv + + [D] _Z21grpc_tcp_server_startP15grpc_tcp_serverPP12grpc_pollsetmPFvPvP13grpc_endpointS2_P24grpc_tcp_server_acceptorES4_ + + [D] _Z21grpc_udp_server_startP15grpc_udp_serverPP12grpc_pollsetmPv + + [D] _Z22gpr_precise_clock_initv + + [D] _Z22gpr_timers_global_initv + + [D] _Z22grpc_call_internal_refP9grpc_call + + [D] _Z22grpc_chttp2_hptbl_initP17grpc_chttp2_hptbl + + [D] _Z22grpc_chttp2_stream_refP18grpc_chttp2_stream + + [D] _Z22grpc_connector_connectP14grpc_connectorPK20grpc_connect_in_argsP21grpc_connect_out_argsP12grpc_closure + + [D] _Z22grpc_cq_internal_unrefP21grpc_completion_queue + + [D] _Z22grpc_json_create_childP9grpc_jsonS0_PKcS2_14grpc_json_typeb + + [D] _Z22grpc_json_parse_stringPc + + [D] _Z22grpc_proxy_mapper_initPK24grpc_proxy_mapper_vtableP17grpc_proxy_mapper + + [D] _Z23done_published_shutdownPvP18grpc_cq_completion + + [D] _Z23grpc_combiner_schedulerP13grpc_combiner + + [D] _Z23grpc_connector_shutdownP14grpc_connectorP10grpc_error + + [D] _Z23grpc_lb_policy_xds_initv + + [D] _Z23grpc_sockaddr_to_stringPPcPK21grpc_resolved_addressi + + [D] _Z23grpc_stats_data_as_jsonPK15grpc_stats_data + + [D] _Z23pollset_set_add_pollsetP16grpc_pollset_setP12grpc_pollset + + [D] _Z23pollset_set_del_pollsetP16grpc_pollset_setP12grpc_pollset + + [D] _Z24gpr_locked_mpscq_destroyP16gpr_locked_mpscq + + [D] _Z24gpr_locked_mpscq_try_popP16gpr_locked_mpscq + + [D] _Z24grpc_call_internal_unrefP9grpc_call + + [D] _Z24grpc_channel_args_stringPK17grpc_channel_args + + [D] _Z24grpc_chttp2_hptbl_lookupPK17grpc_chttp2_hptblj + + [D] _Z24grpc_chttp2_stream_unrefP18grpc_chttp2_stream + + [D] _Z24grpc_json_dump_to_stringP9grpc_jsoni + + [D] _Z24grpc_server_add_listenerP11grpc_serverPvPFvS0_S1_PP12grpc_pollsetmEPFvS0_S1_P12grpc_closureEl + + [D] _Z24grpc_server_get_pollsetsP11grpc_serverPPP12grpc_pollsetPm + + [D] _Z24grpc_ssl_check_call_hostPKcS0_S0_P17grpc_auth_contextP12grpc_closurePP10grpc_error + + [D] _Z24grpc_ssl_check_peer_namePKcPK8tsi_peer + + [D] _Z24grpc_ssl_cmp_target_namePKcS0_S0_S0_ + + [D] _Z24grpc_transport_op_stringP17grpc_transport_op + + [D] _Z24xds_grpclb_server_equalsPK18_grpc_lb_v1_ServerS1_ + + [D] _Z25decode_repeated_string_cbP12pb_istream_sPK10pb_field_sPPv + + [D] _Z25decode_string_or_bytes_cbP12pb_istream_sPK10pb_field_sPPv + + [D] _Z25encode_repeated_string_cbP12pb_ostream_sPK10pb_field_sPKPv + + [D] _Z25encode_string_or_bytes_cbP12pb_ostream_sPK10pb_field_sPKPv + + [D] _Z25gpr_parse_bytes_to_uint32PKcmPj + + [D] _Z25gpr_parse_nonnegative_intPKc + + [D] _Z25gpr_timers_global_destroyv + + [D] _Z25grpc_grpclb_server_equalsPK18_grpc_lb_v1_ServerS1_ + + [D] _Z25grpc_jwt_claims_from_jsonP9grpc_jsonRK10grpc_slice + + [D] _Z25grpc_proxy_mapper_destroyP17grpc_proxy_mapper + + [D] _Z25tsi_ssl_peer_matches_namePK8tsi_peerPKc + + [D] _Z25xds_grpclb_request_createPKc + + [D] _Z25xds_grpclb_request_encodePK30_grpc_lb_v1_LoadBalanceRequest + + [D] _Z26alts_tsi_handshaker_createPK29grpc_alts_credentials_optionsPKcS3_bP16grpc_pollset_setPP14tsi_handshaker + + [D] _Z26custom_tcp_endpoint_createP18grpc_custom_socketP19grpc_resource_quotaPc + + [D] _Z26grpc_grpclb_request_createPKc + + [D] _Z26grpc_grpclb_request_encodePK30_grpc_lb_v1_LoadBalanceRequest + + [D] _Z26grpc_json_writer_value_rawP16grpc_json_writerPKc + + [D] _Z26grpc_mdelem_on_final_unref24grpc_mdelem_data_storagePvj + + [D] _Z26grpc_proxy_mapper_map_nameP17grpc_proxy_mapperPKcPK17grpc_channel_argsPPcPPS3_ + + [D] _Z26grpc_proxy_mapper_registerbP17grpc_proxy_mapper + + [D] _Z26grpc_ssl_host_matches_namePK8tsi_peerPKc + + [D] _Z26grpc_tcp_client_prepare_fdPK17grpc_channel_argsPK21grpc_resolved_addressPS2_PP7grpc_fd + + [D] _Z26xds_grpclb_request_destroyP30_grpc_lb_v1_LoadBalanceRequest + + [D] _Z26xds_grpclb_serverlist_copyPK21xds_grpclb_serverlist + + [D] _Z27decode_repeated_identity_cbP12pb_istream_sPK10pb_field_sPPv + + [D] _Z27encode_repeated_identity_cbP12pb_ostream_sPK10pb_field_sPKPv + + [D] _Z27gpr_mpscq_pop_and_check_endP9gpr_mpscqPb + + [D] _Z27gpr_timers_set_log_filenamePKc + + [D] _Z27grpc_chttp2_server_add_portP11grpc_serverPKcP17grpc_channel_argsPi + + [D] _Z27grpc_connectivity_state_setP31grpc_connectivity_state_tracker23grpc_connectivity_statePKc + + [D] _Z27grpc_grpclb_request_destroyP30_grpc_lb_v1_LoadBalanceRequest + + [D] _Z27grpc_grpclb_serverlist_copyPK22grpc_grpclb_serverlist + + [D] _Z27grpc_json_writer_object_keyP16grpc_json_writerPKc + + [D] _Z27grpc_lb_policy_xds_shutdownv + + [D] _Z27grpc_proxy_mappers_map_namePKcPK17grpc_channel_argsPPcPPS1_ + + [D] _Z27grpc_server_setup_transportP11grpc_serverP14grpc_transportP12grpc_pollsetPK17grpc_channel_argsN9grpc_core13RefCountedPtrINS8_8channelz10SocketNodeEEEP18grpc_resource_user + + [D] _Z27pollset_set_add_pollset_setP16grpc_pollset_setS0_ + + [D] _Z27pollset_set_del_pollset_setP16grpc_pollset_setS0_ + + [D] _Z27xds_grpclb_duration_comparePK25_google_protobuf_DurationS1_ + + [D] _Z28grpc_chttp2_connector_createv + + [D] _Z28grpc_connectivity_state_initP31grpc_connectivity_state_tracker23grpc_connectivity_statePKc + + [D] _Z28grpc_connectivity_state_name23grpc_connectivity_state + + [D] _Z28grpc_grpclb_duration_comparePK25_google_protobuf_DurationS1_ + + [D] _Z28grpc_json_reader_is_completeP16grpc_json_reader + + [D] _Z28grpc_slice_from_moved_bufferSt10unique_ptrIcN9grpc_core13DefaultDeleteIcEEEm + + [D] _Z28grpc_slice_from_moved_stringSt10unique_ptrIcN9grpc_core13DefaultDeleteIcEEE + + [D] _Z28xds_grpclb_serverlist_equalsPK21xds_grpclb_serverlistS1_ + + [D] _Z29grpc_connectivity_state_checkP31grpc_connectivity_state_tracker + + [D] _Z29grpc_grpclb_serverlist_equalsPK22grpc_grpclb_serverlistS1_ + + [D] _Z29grpc_json_get_string_propertyPK9grpc_jsonPKc + + [D] _Z29grpc_json_writer_value_stringP16grpc_json_writerPKc + + [D] _Z29grpc_proxy_mapper_map_addressP17grpc_proxy_mapperPK21grpc_resolved_addressPK17grpc_channel_argsPPS1_PPS4_ + + [D] _Z29grpc_ssl_peer_to_auth_contextPK8tsi_peer + + [D] _Z29xds_grpclb_destroy_serverlistP21xds_grpclb_serverlist + + [D] _Z29xds_grpclb_duration_to_millisP25_google_protobuf_Duration + + [D] _Z30grpc_copy_json_string_propertyPK9grpc_jsonPKcPPc + + [D] _Z30grpc_gcp_handshaker_req_create28grpc_gcp_handshaker_req_type + + [D] _Z30grpc_gcp_handshaker_req_encodeP23_grpc_gcp_HandshakerReqP10grpc_slice + + [D] _Z30grpc_grpclb_destroy_serverlistP22grpc_grpclb_serverlist + + [D] _Z30grpc_grpclb_duration_to_millisP25_google_protobuf_Duration + + [D] _Z30grpc_proxy_mappers_map_addressPK21grpc_resolved_addressPK17grpc_channel_argsPPS_PPS2_ + + [D] _Z31grpc_auth_metadata_context_copyP26grpc_auth_metadata_contextS0_ + + [D] _Z31grpc_chttp2_add_incoming_goawayP21grpc_chttp2_transportjRK10grpc_slice + + [D] _Z31grpc_combiner_finally_schedulerP13grpc_combiner + + [D] _Z31grpc_connectivity_state_destroyP31grpc_connectivity_state_tracker + + [D] _Z31grpc_gcp_handshaker_req_destroyP23_grpc_gcp_HandshakerReq + + [D] _Z31grpc_gcp_handshaker_resp_createv + + [D] _Z31grpc_gcp_handshaker_resp_decode10grpc_sliceP24_grpc_gcp_HandshakerResp + + [D] _Z31grpc_json_parse_string_with_lenPcm + + [D] _Z31grpc_json_writer_container_endsP16grpc_json_writer14grpc_json_type + + [D] _Z31grpc_proxy_mapper_registry_initv + + [D] _Z31grpc_register_http_proxy_mapperv + + [D] _Z31grpc_security_handshaker_createP14tsi_handshakerP23grpc_security_connector + + [D] _Z32grpc_auth_metadata_context_resetP26grpc_auth_metadata_context + + [D] _Z32grpc_gcp_handshaker_resp_destroyP24_grpc_gcp_HandshakerResp + + [D] _Z33alts_tsi_handshaker_result_createP24_grpc_gcp_HandshakerRespbPP21tsi_handshaker_result + + [D] _Z33grpc_ares_ev_driver_create_lockedPP19grpc_ares_ev_driverP16grpc_pollset_setiP13grpc_combinerP17grpc_ares_request + + [D] _Z33grpc_base64_estimate_encoded_sizemii + + [D] _Z33grpc_chttp2_parsing_lookup_streamP21grpc_chttp2_transportj + + [D] _Z33grpc_json_add_number_string_childP9grpc_jsonS0_PKcl + + [D] _Z33grpc_json_writer_container_beginsP16grpc_json_writer14grpc_json_type + + [D] _Z33xds_grpclb_initial_response_parseRK10grpc_slice + + [D] _Z34alts_grpc_handshaker_client_createP19alts_tsi_handshakerP12grpc_channelPKcP16grpc_pollset_setP29grpc_alts_credentials_optionsRK10grpc_slicePFvPvP10grpc_errorEPFv10tsi_resultSC_PKhmP21tsi_handshaker_resultESC_P29alts_handshaker_client_vtableb + + [D] _Z34destroy_repeated_field_list_stringP15repeated_field_ + + [D] _Z34grpc_grpclb_initial_response_parseRK10grpc_slice + + [D] _Z35alts_tsi_utils_deserialize_responseP16grpc_byte_buffer + + [D] _Z35grpc_auth_json_key_create_from_jsonPK9grpc_json + + [D] _Z35grpc_json_writer_value_raw_with_lenP16grpc_json_writerPKcm + + [D] _Z35grpc_proxy_mapper_registry_shutdownv + + [D] _Z35grpc_server_populate_listen_socketsP11grpc_serverPN9grpc_core13InlinedVectorIlLm10EEE + + [D] _Z35grpc_server_populate_server_socketsP11grpc_serverPN9grpc_core13InlinedVectorIPNS1_8channelz10SocketNodeELm10EEEl + + [D] _Z35xds_grpclb_initial_response_destroyP38_grpc_lb_v1_InitialLoadBalanceResponse + + [D] _Z36destroy_repeated_field_list_identityP15repeated_field_ + + [D] _Z36gpr_global_config_get_grpc_verbosityv + + [D] _Z36gpr_global_config_set_grpc_verbosityPKc + + [D] _Z36grpc_connectivity_state_has_watchersP31grpc_connectivity_state_tracker + + [D] _Z36grpc_gcp_handshaker_req_set_in_bytesP23_grpc_gcp_HandshakerReqPKcm + + [D] _Z36grpc_grpclb_initial_response_destroyP38_grpc_lb_v1_InitialLoadBalanceResponse + + [D] _Z36xds_grpclb_response_parse_serverlistRK10grpc_slice + + [D] _Z37grpc_grpclb_response_parse_serverlistRK10grpc_slice + + [D] _Z37grpc_sockaddr_to_uri_unix_if_possiblePK21grpc_resolved_address + + [D] _Z37grpc_transport_stream_op_batch_stringP30grpc_transport_stream_op_batch + + [D] _Z38grpc_grpclb_load_report_request_createPN9grpc_core17GrpcLbClientStatsE + + [D] _Z39grpc_cares_wrapper_address_sorting_sortPN9grpc_core13InlinedVectorINS_13ServerAddressELm1EEE + + [D] _Z39grpc_gcp_handshaker_req_set_target_nameP23_grpc_gcp_HandshakerReqPKc + + [D] _Z39grpc_tcp_client_create_from_prepared_fdP16grpc_pollset_setP12grpc_closureP7grpc_fdPK17grpc_channel_argsPK21grpc_resolved_addresslPP13grpc_endpoint + + [D] _Z40grpc_auth_refresh_token_create_from_jsonPK9grpc_json + + [D] _Z40grpc_deframe_unprocessed_incoming_framesP23grpc_chttp2_data_parserP18grpc_chttp2_streamP17grpc_slice_bufferP10grpc_slicePSt10unique_ptrIN9grpc_core10ByteStreamENS8_16OrphanableDeleteIS9_EEE + + [D] _Z40grpc_gcp_handshaker_req_set_rpc_versionsP23_grpc_gcp_HandshakerReqjjjj + + [D] _Z41grpc_lb_policy_xds_modify_lb_channel_argsP17grpc_channel_args + + [D] _Z42grpc_gcp_handshaker_req_set_local_endpointP23_grpc_gcp_HandshakerReqPKcm25_grpc_gcp_NetworkProtocol + + [D] _Z43grpc_channel_args_get_compression_algorithmPK17grpc_channel_args + + [D] _Z43grpc_channel_args_set_compression_algorithmP17grpc_channel_args26grpc_compression_algorithm + + [D] _Z43grpc_gcp_handshaker_req_add_record_protocolP23_grpc_gcp_HandshakerReqPKc + + [D] _Z43grpc_gcp_handshaker_req_set_remote_endpointP23_grpc_gcp_HandshakerReqPKcm25_grpc_gcp_NetworkProtocol + + [D] _Z43grpc_ssl_tsi_client_handshaker_factory_initP25tsi_ssl_pem_key_cert_pairPKcP21tsi_ssl_session_cachePP33tsi_ssl_client_handshaker_factory + + [D] _Z43grpc_ssl_tsi_server_handshaker_factory_initP25tsi_ssl_pem_key_cert_pairmPKc40grpc_ssl_client_certificate_request_typePP33tsi_ssl_server_handshaker_factory + + [D] _Z44grpc_channel_get_reffed_status_elem_slowpathP12grpc_channeli + + [D] _Z44grpc_gcp_rpc_protocol_versions_encode_lengthPK29_grpc_gcp_RpcProtocolVersions + + [D] _Z44grpc_lb_policy_grpclb_modify_lb_channel_argsRKN9grpc_core13InlinedVectorINS_13ServerAddressELm1EEEP17grpc_channel_args + + [D] _Z44xds_grpclb_load_report_request_create_lockedPN9grpc_core16XdsLbClientStatsE + + [D] _Z46gpr_global_config_get_grpc_enable_fork_supportv + + [D] _Z46gpr_global_config_set_grpc_enable_fork_supportb + + [D] _Z46grpc_connectivity_state_notify_on_state_changeP31grpc_connectivity_state_trackerP23grpc_connectivity_stateP12grpc_closure + + [D] _Z46grpc_gcp_handshaker_req_set_handshake_protocolP23_grpc_gcp_HandshakerReq27_grpc_gcp_HandshakeProtocol + + [D] _Z48grpc_gcp_handshaker_req_add_application_protocolP23_grpc_gcp_HandshakerReqPKc + + [D] _Z48grpc_get_well_known_google_credentials_file_pathv + + [D] _Z48grpc_override_well_known_credentials_path_getterPFPcvE + + [D] _Z49grpc_gcp_handshaker_req_param_add_record_protocolP23_grpc_gcp_HandshakerReq27_grpc_gcp_HandshakeProtocolPKc + + [D] _Z50grpc_gcp_rpc_protocol_versions_encode_to_raw_bytesPK29_grpc_gcp_RpcProtocolVersionsPhm + + [D] _Z51grpc_gcp_handshaker_req_set_local_identity_hostnameP23_grpc_gcp_HandshakerReqPKc + + [D] _Z52grpc_gcp_handshaker_req_add_target_identity_hostnameP23_grpc_gcp_HandshakerReqPKc + + [D] _Z53grpc_get_well_known_google_credentials_file_path_implv + + [D] _Z57grpc_gcp_handshaker_req_param_add_local_identity_hostnameP23_grpc_gcp_HandshakerReq27_grpc_gcp_HandshakeProtocolPKc + + [D] _Z58grpc_gcp_handshaker_req_set_local_identity_service_accountP23_grpc_gcp_HandshakerReqPKc + + [D] _Z59grpc_gcp_handshaker_req_add_target_identity_service_accountP23_grpc_gcp_HandshakerReqPKc + + [D] _Z64grpc_gcp_handshaker_req_param_add_local_identity_service_accountP23_grpc_gcp_HandshakerReq27_grpc_gcp_HandshakeProtocolPKc + + [D] _Z74grpc_dns_lookup_ares_continue_after_check_localhost_and_ip_literals_lockedP17grpc_ares_requestPKcS2_S2_P16grpc_pollset_setbiP13grpc_combiner + + [D] _Z8gpr_dumpPKcmj + + [D] _Z8gpr_ltoalPc + + [D] _Z8tcp_sendiPK6msghdr + + [D] _ZN15GrpcUdpListener14StartListeningEPP12grpc_pollsetmP21GrpcUdpHandlerFactory + + [D] _ZN17SpiffeCredentials25create_security_connectorEN9grpc_core13RefCountedPtrI21grpc_call_credentialsEEPKcPK17grpc_channel_argsPPS6_ + + [D] _ZN17SpiffeCredentialsC1EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE + + [D] _ZN17SpiffeCredentialsC2EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE, aliases _ZN17SpiffeCredentialsC1EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE + + [D] _ZN17SpiffeCredentialsD0Ev + + [D] _ZN17SpiffeCredentialsD1Ev, aliases _ZN17SpiffeCredentialsD2Ev + + [D] _ZN17SpiffeCredentialsD2Ev + + [D] _ZN21grpc_call_credentialsD0Ev + + [D] _ZN21grpc_call_credentialsD1Ev + + [D] _ZN21grpc_call_credentialsD2Ev, aliases _ZN21grpc_call_credentialsD1Ev + + [D] _ZN23SpiffeServerCredentials25create_security_connectorEv + + [D] _ZN23SpiffeServerCredentialsC1EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE + + [D] _ZN23SpiffeServerCredentialsC2EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE, aliases _ZN23SpiffeServerCredentialsC1EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE + + [D] _ZN23SpiffeServerCredentialsD0Ev + + [D] _ZN23SpiffeServerCredentialsD1Ev, aliases _ZN23SpiffeServerCredentialsD2Ev + + [D] _ZN23SpiffeServerCredentialsD2Ev + + [D] _ZN23grpc_plugin_credentialsC1E32grpc_metadata_credentials_plugin + + [D] _ZN23grpc_plugin_credentialsC2E32grpc_metadata_credentials_plugin, aliases _ZN23grpc_plugin_credentialsC1E32grpc_metadata_credentials_plugin + + [D] _ZN23grpc_security_connector10check_peerE8tsi_peerP13grpc_endpointPN9grpc_core13RefCountedPtrI17grpc_auth_contextEEP12grpc_closure + + [D] _ZN23grpc_server_credentials25create_security_connectorEv + + [D] _ZN23grpc_server_credentialsD0Ev + + [D] _ZN23grpc_server_credentialsD1Ev + + [D] _ZN23grpc_server_credentialsD2Ev, aliases _ZN23grpc_server_credentialsD1Ev + + [D] _ZN24grpc_channel_credentialsD0Ev + + [D] _ZN24grpc_channel_credentialsD1Ev, aliases _ZN24grpc_channel_credentialsD2Ev + + [D] _ZN24grpc_channel_credentialsD2Ev + + [D] _ZN29SpiffeServerSecurityConnector10check_peerE8tsi_peerP13grpc_endpointPN9grpc_core13RefCountedPtrI17grpc_auth_contextEEP12grpc_closure + + [D] _ZN29SpiffeServerSecurityConnector15add_handshakersEP16grpc_pollset_setPN9grpc_core16HandshakeManagerE + + [D] _ZN29SpiffeServerSecurityConnector30RefreshServerHandshakerFactoryEv + + [D] _ZN29SpiffeServerSecurityConnector35CreateSpiffeServerSecurityConnectorEN9grpc_core13RefCountedPtrI23grpc_server_credentialsEE + + [D] _ZN29SpiffeServerSecurityConnectorC1EN9grpc_core13RefCountedPtrI23grpc_server_credentialsEE + + [D] _ZN29SpiffeServerSecurityConnectorC2EN9grpc_core13RefCountedPtrI23grpc_server_credentialsEE, aliases _ZN29SpiffeServerSecurityConnectorC1EN9grpc_core13RefCountedPtrI23grpc_server_credentialsEE + + [D] _ZN29SpiffeServerSecurityConnectorD0Ev + + [D] _ZN29SpiffeServerSecurityConnectorD1Ev + + [D] _ZN29SpiffeServerSecurityConnectorD2Ev, aliases _ZN29SpiffeServerSecurityConnectorD1Ev + + [D] _ZN29grpc_tls_key_materials_config17set_key_materialsESt10unique_ptrIcN9grpc_core13DefaultDeleteIcEEENS1_13InlinedVectorINS1_14PemKeyCertPairELm1EEE + + [D] _ZN30SpiffeChannelSecurityConnector10check_peerE8tsi_peerP13grpc_endpointPN9grpc_core13RefCountedPtrI17grpc_auth_contextEEP12grpc_closure + + [D] _ZN30SpiffeChannelSecurityConnector15add_handshakersEP16grpc_pollset_setPN9grpc_core16HandshakeManagerE + + [D] _ZN30SpiffeChannelSecurityConnector15check_call_hostEPKcP17grpc_auth_contextP12grpc_closurePP10grpc_error + + [D] _ZN30SpiffeChannelSecurityConnector22cancel_check_call_hostEP12grpc_closureP10grpc_error + + [D] _ZN30SpiffeChannelSecurityConnector27InitializeHandshakerFactoryEP21tsi_ssl_session_cache + + [D] _ZN30SpiffeChannelSecurityConnector28ServerAuthorizationCheckDoneEP39grpc_tls_server_authorization_check_arg + + [D] _ZN30SpiffeChannelSecurityConnector33ServerAuthorizationCheckArgCreateEPv + + [D] _ZN30SpiffeChannelSecurityConnector34ServerAuthorizationCheckArgDestroyEP39grpc_tls_server_authorization_check_arg + + [D] _ZN30SpiffeChannelSecurityConnector36CreateSpiffeChannelSecurityConnectorEN9grpc_core13RefCountedPtrI24grpc_channel_credentialsEENS1_I21grpc_call_credentialsEEPKcS7_P21tsi_ssl_session_cache + + [D] _ZN30SpiffeChannelSecurityConnector37ProcessServerAuthorizationCheckResultEP39grpc_tls_server_authorization_check_arg + + [D] _ZN30SpiffeChannelSecurityConnectorC1EN9grpc_core13RefCountedPtrI24grpc_channel_credentialsEENS1_I21grpc_call_credentialsEEPKcS7_, aliases _ZN30SpiffeChannelSecurityConnectorC2EN9grpc_core13RefCountedPtrI24grpc_channel_credentialsEENS1_I21grpc_call_credentialsEEPKcS7_ + + [D] _ZN30SpiffeChannelSecurityConnectorC2EN9grpc_core13RefCountedPtrI24grpc_channel_credentialsEENS1_I21grpc_call_credentialsEEPKcS7_ + + [D] _ZN30SpiffeChannelSecurityConnectorD0Ev + + [D] _ZN30SpiffeChannelSecurityConnectorD1Ev + + [D] _ZN30SpiffeChannelSecurityConnectorD2Ev, aliases _ZN30SpiffeChannelSecurityConnectorD1Ev + + [D] _ZN30grpc_server_security_connector15add_handshakersEP16grpc_pollset_setPN9grpc_core16HandshakeManagerE + + [D] _ZN31grpc_channel_security_connector15add_handshakersEP16grpc_pollset_setPN9grpc_core16HandshakeManagerE + + [D] _ZN31grpc_channel_security_connector15check_call_hostEPKcP17grpc_auth_contextP12grpc_closurePP10grpc_error + + [D] _ZN31grpc_channel_security_connector22cancel_check_call_hostEP12grpc_closureP10grpc_error + + [D] _ZN37grpc_oauth2_token_fetcher_credentials12fetch_oauth2EP33grpc_credentials_metadata_requestP20grpc_httpcli_contextP19grpc_polling_entityPFvPvP10grpc_errorEl + + [D] _ZN3tsi16SslCachedSessionD0Ev + + [D] _ZN3tsi16SslCachedSessionD1Ev, aliases _ZN3tsi16SslCachedSessionD2Ev + + [D] _ZN3tsi16SslCachedSessionD2Ev + + [D] _ZN43grpc_httpcli_ssl_channel_security_connector15add_handshakersEP16grpc_pollset_setPN9grpc_core16HandshakeManagerE + + [D] _ZN43grpc_httpcli_ssl_channel_security_connector15check_call_hostEPKcP17grpc_auth_contextP12grpc_closurePP10grpc_error + + [D] _ZN9grpc_core10HandshakerD0Ev + + [D] _ZN9grpc_core10HandshakerD1Ev + + [D] _ZN9grpc_core10HandshakerD2Ev, aliases _ZN9grpc_core10HandshakerD1Ev + + [D] _ZN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcher15OnHealthChangedEPvP10grpc_error + + [D] _ZN9grpc_core10Subchannel16HealthWatcherMap16AddWatcherLockedEPS0_23grpc_connectivity_stateSt10unique_ptrIcNS_13DefaultDeleteIcEEES4_INS_19SubchannelInterface24ConnectivityStateWatcherENS5_IS9_EEE + + [D] _ZN9grpc_core10Subchannel16HealthWatcherMap19RemoveWatcherLockedEPKcPNS_19SubchannelInterface24ConnectivityStateWatcherE + + [D] _ZN9grpc_core10Subchannel18GetChildSocketUuidEv + + [D] _ZN9grpc_core10Subchannel22WatchConnectivityStateE23grpc_connectivity_stateSt10unique_ptrIcNS_13DefaultDeleteIcEEES2_INS_19SubchannelInterface24ConnectivityStateWatcherENS3_IS7_EEE + + [D] _ZN9grpc_core10Subchannel28CancelConnectivityStateWatchEPKcPNS_19SubchannelInterface24ConnectivityStateWatcherE + + [D] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherList16AddWatcherLockedESt10unique_ptrINS_19SubchannelInterface24ConnectivityStateWatcherENS_13DefaultDeleteIS4_EEE + + [D] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherList19RemoveWatcherLockedEPNS_19SubchannelInterface24ConnectivityStateWatcherE + + [D] _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcher21OnConnectivityChangedEPvP10grpc_error + + [D] _ZN9grpc_core10Subchannel3RefEv + + [D] _ZN9grpc_core10Subchannel5UnrefEv + + [D] _ZN9grpc_core10Subchannel6CreateEP14grpc_connectorPK17grpc_channel_args + + [D] _ZN9grpc_core10Subchannel7WeakRefEv + + [D] _ZN9grpc_core10Subchannel9RefMutateEli + + [D] _ZN9grpc_core10Subchannel9WeakUnrefEv + + [D] _ZN9grpc_core10SubchannelC1EPNS_13SubchannelKeyEP14grpc_connectorPK17grpc_channel_args, aliases _ZN9grpc_core10SubchannelC2EPNS_13SubchannelKeyEP14grpc_connectorPK17grpc_channel_args + + [D] _ZN9grpc_core10SubchannelC2EPNS_13SubchannelKeyEP14grpc_connectorPK17grpc_channel_args + + [D] _ZN9grpc_core12CallCombiner4StopEPKc + + [D] _ZN9grpc_core12CallCombiner5StartEP12grpc_closureP10grpc_errorPKc + + [D] _ZN9grpc_core12FakeResolver24ReturnReresolutionResultEPvP10grpc_error + + [D] _ZN9grpc_core12GrpcPolledFdD0Ev + + [D] _ZN9grpc_core12GrpcPolledFdD1Ev + + [D] _ZN9grpc_core12GrpcPolledFdD2Ev, aliases _ZN9grpc_core12GrpcPolledFdD1Ev + + [D] _ZN9grpc_core13ServiceConfig12ParsedConfigD0Ev + + [D] _ZN9grpc_core13ServiceConfig12ParsedConfigD1Ev + + [D] _ZN9grpc_core13ServiceConfig12ParsedConfigD2Ev, aliases _ZN9grpc_core13ServiceConfig12ParsedConfigD1Ev + + [D] _ZN9grpc_core13ServiceConfig14RegisterParserESt10unique_ptrINS0_6ParserENS_13DefaultDeleteIS2_EEE + + [D] _ZN9grpc_core13ServiceConfig17ParseGlobalParamsEPK9grpc_json + + [D] _ZN9grpc_core13ServiceConfig19ParseJsonMethodNameEP9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core13ServiceConfig20ParsePerMethodParamsEPK9grpc_json + + [D] _ZN9grpc_core13ServiceConfig24CountNamesInMethodConfigEP9grpc_json + + [D] _ZN9grpc_core13ServiceConfig27GetMethodParsedConfigVectorERK10grpc_slice + + [D] _ZN9grpc_core13ServiceConfig47ParseJsonMethodConfigToServiceConfigVectorTableEPK9grpc_jsonPNS_14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS0_12ParsedConfigENS_13DefaultDeleteIS7_EEELm4EEEE5EntryEPm + + [D] _ZN9grpc_core13ServiceConfig4InitEv + + [D] _ZN9grpc_core13ServiceConfig6CreateEPKcPP10grpc_error + + [D] _ZN9grpc_core13ServiceConfig6Parser17ParseGlobalParamsEPK9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core13ServiceConfig6Parser20ParsePerMethodParamsEPK9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core13ServiceConfig6ParserD0Ev + + [D] _ZN9grpc_core13ServiceConfig6ParserD1Ev, aliases _ZN9grpc_core13ServiceConfig6ParserD2Ev + + [D] _ZN9grpc_core13ServiceConfig6ParserD2Ev + + [D] _ZN9grpc_core13ServiceConfig8ShutdownEv + + [D] _ZN9grpc_core13ServiceConfigC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEES4_P9grpc_jsonPP10grpc_error, aliases _ZN9grpc_core13ServiceConfigC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEES4_P9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core13ServiceConfigC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEES4_P9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEEC1EmPNSB_5EntryEPFiRKSA_SF_E + + [D] _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEEC2EmPNSB_5EntryEPFiRKSA_SF_E, aliases _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEEC1EmPNSB_5EntryEPFiRKSA_SF_E + + [D] _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEED0Ev + + [D] _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEED1Ev + + [D] _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEED2Ev, aliases _ZN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEED1Ev + + [D] _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_13DefaultDeleteIcEEEE15DefaultValueCmpERKS4_S7_ + + [D] _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_13DefaultDeleteIcEEEE3AddERK10grpc_sliceRS4_ + + [D] _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_13DefaultDeleteIcEEEED0Ev + + [D] _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_13DefaultDeleteIcEEEED1Ev, aliases _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_13DefaultDeleteIcEEEED2Ev + + [D] _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_13DefaultDeleteIcEEEED2Ev + + [D] _ZN9grpc_core15ByteStreamCacheC1ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteIS2_EEE + + [D] _ZN9grpc_core15ByteStreamCacheC2ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteIS2_EEE, aliases _ZN9grpc_core15ByteStreamCacheC1ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteIS2_EEE + + [D] _ZN9grpc_core15GlobalConfigEnv5UnsetEv + + [D] _ZN9grpc_core15GlobalConfigEnv7GetNameEv + + [D] _ZN9grpc_core15GlobalConfigEnv8GetValueEv + + [D] _ZN9grpc_core15GlobalConfigEnv8SetValueEPKc + + [D] _ZN9grpc_core15ResolverFactoryD0Ev + + [D] _ZN9grpc_core15ResolverFactoryD1Ev, aliases _ZN9grpc_core15ResolverFactoryD2Ev + + [D] _ZN9grpc_core15ResolverFactoryD2Ev + + [D] _ZN9grpc_core16ResolverRegistry14CreateResolverEPKcPK17grpc_channel_argsP16grpc_pollset_setP13grpc_combinerSt10unique_ptrINS_8Resolver13ResultHandlerENS_13DefaultDeleteISC_EEE + + [D] _ZN9grpc_core16ResolverRegistry7Builder23RegisterResolverFactoryESt10unique_ptrINS_15ResolverFactoryENS_13DefaultDeleteIS3_EEE + + [D] _ZN9grpc_core16XdsLbClientStats14AddCallStartedEv + + [D] _ZN9grpc_core16XdsLbClientStats15AddCallFinishedEbb + + [D] _ZN9grpc_core16XdsLbClientStats20AddCallDroppedLockedEPc + + [D] _ZN9grpc_core16XdsLbClientStats9GetLockedEPlS1_S1_S1_PSt10unique_ptrINS_13InlinedVectorINS0_14DropTokenCountELm10EEENS_13DefaultDeleteIS5_EEE + + [D] _ZN9grpc_core16XdsLbClientStatsD0Ev + + [D] _ZN9grpc_core16XdsLbClientStatsD1Ev + + [D] _ZN9grpc_core16XdsLbClientStatsD2Ev, aliases _ZN9grpc_core16XdsLbClientStatsD1Ev + + [D] _ZN9grpc_core17GrpcLbClientStats3GetEPlS1_S1_S1_PSt10unique_ptrINS_13InlinedVectorINS0_14DropTokenCountELm10EEENS_13DefaultDeleteIS5_EEE + + [D] _ZN9grpc_core17GrpcLbClientStats7DestroyEPv + + [D] _ZN9grpc_core17HandshakerFactoryD0Ev + + [D] _ZN9grpc_core17HandshakerFactoryD1Ev, aliases _ZN9grpc_core17HandshakerFactoryD2Ev + + [D] _ZN9grpc_core17HandshakerFactoryD2Ev + + [D] _ZN9grpc_core17HealthCheckClient15SetHealthStatusE23grpc_connectivity_stateP10grpc_error + + [D] _ZN9grpc_core17HealthCheckClient15StartRetryTimerEv + + [D] _ZN9grpc_core17HealthCheckClient20NotifyOnHealthChangeEP23grpc_connectivity_stateP12grpc_closure + + [D] _ZN9grpc_core17HealthCheckClient21SetHealthStatusLockedE23grpc_connectivity_stateP10grpc_error + + [D] _ZN9grpc_core17HealthCheckClient9CallState14CallEndedRetryEPvP10grpc_error + + [D] _ZN9grpc_core17HealthCheckClient9CallState9CallEndedEb + + [D] _ZN9grpc_core17HealthCheckClientC1EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEE + + [D] _ZN9grpc_core17HealthCheckClientC2EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEE, aliases _ZN9grpc_core17HealthCheckClientC1EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEE + + [D] _ZN9grpc_core17MessageSizeParser20ParsePerMethodParamsEPK9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core18HandshakerRegistry25RegisterHandshakerFactoryEbNS_14HandshakerTypeESt10unique_ptrINS_17HandshakerFactoryENS_13DefaultDeleteIS3_EEE + + [D] _ZN9grpc_core19ConnectedSubchannel10CreateCallERKNS0_8CallArgsEPP10grpc_error + + [D] _ZN9grpc_core19ConnectedSubchannel19NotifyOnStateChangeEP16grpc_pollset_setP23grpc_connectivity_stateP12grpc_closure + + [D] _ZN9grpc_core19ConnectedSubchannelC1EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEEl + + [D] _ZN9grpc_core19ConnectedSubchannelC2EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEEl, aliases _ZN9grpc_core19ConnectedSubchannelC1EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEEl + + [D] _ZN9grpc_core19GlobalConfigEnvBool3GetEv + + [D] _ZN9grpc_core19GlobalConfigEnvBool3SetEb + + [D] _ZN9grpc_core19GrpcPolledFdFactoryD0Ev + + [D] _ZN9grpc_core19GrpcPolledFdFactoryD1Ev, aliases _ZN9grpc_core19GrpcPolledFdFactoryD2Ev + + [D] _ZN9grpc_core19GrpcPolledFdFactoryD2Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy11QueuePicker12CallExitIdleEPvP10grpc_error + + [D] _ZN9grpc_core19LoadBalancingPolicy12UpdateLockedENS0_10UpdateArgsE + + [D] _ZN9grpc_core19LoadBalancingPolicy14ShutdownLockedEv + + [D] _ZN9grpc_core19LoadBalancingPolicy18ResetBackoffLockedEv + + [D] _ZN9grpc_core19LoadBalancingPolicy20ChannelControlHelper13AddTraceEventENS1_13TraceSeverityEPKc + + [D] _ZN9grpc_core19LoadBalancingPolicy20ChannelControlHelperD0Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy20ChannelControlHelperD1Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy20ChannelControlHelperD2Ev, aliases _ZN9grpc_core19LoadBalancingPolicy20ChannelControlHelperD1Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy22ShutdownAndUnrefLockedEPvP10grpc_error + + [D] _ZN9grpc_core19LoadBalancingPolicy6ConfigD0Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy6ConfigD1Ev, aliases _ZN9grpc_core19LoadBalancingPolicy6ConfigD2Ev + + [D] _ZN9grpc_core19LoadBalancingPolicy6ConfigD2Ev + + [D] _ZN9grpc_core19SubchannelInterface24ConnectivityStateWatcherD0Ev + + [D] _ZN9grpc_core19SubchannelInterface24ConnectivityStateWatcherD1Ev, aliases _ZN9grpc_core19SubchannelInterface24ConnectivityStateWatcherD2Ev + + [D] _ZN9grpc_core19SubchannelInterface24ConnectivityStateWatcherD2Ev + + [D] _ZN9grpc_core19SubchannelInterfaceD0Ev + + [D] _ZN9grpc_core19SubchannelInterfaceD1Ev, aliases _ZN9grpc_core19SubchannelInterfaceD2Ev + + [D] _ZN9grpc_core19SubchannelInterfaceD2Ev + + [D] _ZN9grpc_core20GlobalConfigEnvInt323GetEv + + [D] _ZN9grpc_core20GlobalConfigEnvInt323SetEi + + [D] _ZN9grpc_core21GlobalConfigEnvString3GetEv + + [D] _ZN9grpc_core21GlobalConfigEnvString3SetEPKc + + [D] _ZN9grpc_core22NewGrpcPolledFdFactoryEP13grpc_combiner + + [D] _ZN9grpc_core23SubchannelPoolInterfaceD0Ev + + [D] _ZN9grpc_core23SubchannelPoolInterfaceD1Ev + + [D] _ZN9grpc_core23SubchannelPoolInterfaceD2Ev, aliases _ZN9grpc_core23SubchannelPoolInterfaceD1Ev + + [D] _ZN9grpc_core24GrpcPolledFdFactoryPosix21NewGrpcPolledFdLockedEiP16grpc_pollset_setP13grpc_combiner + + [D] _ZN9grpc_core24SecurityHandshakerCreateEP14tsi_handshakerP23grpc_security_connector + + [D] _ZN9grpc_core26LoadBalancingPolicyFactoryD0Ev + + [D] _ZN9grpc_core26LoadBalancingPolicyFactoryD1Ev, aliases _ZN9grpc_core26LoadBalancingPolicyFactoryD2Ev + + [D] _ZN9grpc_core26LoadBalancingPolicyFactoryD2Ev + + [D] _ZN9grpc_core27LoadBalancingPolicyRegistry24ParseLoadBalancingConfigEPK9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core27LoadBalancingPolicyRegistry7Builder34RegisterLoadBalancingPolicyFactoryESt10unique_ptrINS_26LoadBalancingPolicyFactoryENS_13DefaultDeleteIS3_EEE + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy20CreateLbPolicyLockedEPKcRK17grpc_channel_argsPNS_13InlinedVectorIPcLm3EEE + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy20StartResolvingLockedEv + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelper11UpdateStateE23grpc_connectivity_stateSt10unique_ptrINS_19LoadBalancingPolicy16SubchannelPickerENS_13DefaultDeleteIS5_EEE + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelper13CreateChannelEPKcRK17grpc_channel_args + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy28CreateOrUpdateLbPolicyLockedEPKcNS_13RefCountedPtrINS_19LoadBalancingPolicy6ConfigEEENS_8Resolver6ResultEPNS_13InlinedVectorIPcLm3EEE + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy44MaybeAddTraceMessagesForAddressChangesLockedEbPNS_13InlinedVectorIPcLm3EEE + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicy4InitERK17grpc_channel_args + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicyC1ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEEPFbPvRKNS_8Resolver6ResultEPPKcPNS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_errorES9_SN_ + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicyC1ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEES8_NS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_error, aliases _ZN9grpc_core28ResolvingLoadBalancingPolicyC2ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEES8_NS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_error + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicyC2ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEEPFbPvRKNS_8Resolver6ResultEPPKcPNS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_errorES9_SN_, aliases _ZN9grpc_core28ResolvingLoadBalancingPolicyC1ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEEPFbPvRKNS_8Resolver6ResultEPPKcPNS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_errorES9_SN_ + + [D] _ZN9grpc_core28ResolvingLoadBalancingPolicyC2ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_13DefaultDeleteIcEEES8_NS_13RefCountedPtrINS1_6ConfigEEEPP10grpc_error + + [D] _ZN9grpc_core29FakeResolverResponseGenerator16SetFailureLockedEPvP10grpc_error + + [D] _ZN9grpc_core29FakeResolverResponseGenerator17SetResponseLockedEPvP10grpc_error + + [D] _ZN9grpc_core29FakeResolverResponseGenerator29SetReresolutionResponseLockedEPvP10grpc_error + + [D] _ZN9grpc_core31SetGlobalConfigEnvErrorFunctionEPFvPKcE + + [D] _ZN9grpc_core32Chttp2SecureClientChannelFactory13CreateChannelEPKcPK17grpc_channel_args + + [D] _ZN9grpc_core34Chttp2InsecureClientChannelFactory13CreateChannelEPKcPK17grpc_channel_args + + [D] _ZN9grpc_core36CreateTargetAuthorityTableChannelArgEPNS_14SliceHashTableISt10unique_ptrIcNS_13DefaultDeleteIcEEEEE + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE10RotateLeftEPNSB_5EntryE + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE11RotateRightEPNSB_5EntryE + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE15InsertRecursiveEPNSB_5EntryEOSt4pairIS2_S9_E + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE15RemoveRecursiveEPNSB_5EntryERKS2_ + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE26RebalanceTreeAfterDeletionEPNSB_5EntryE + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE27RebalanceTreeAfterInsertionEPNSB_5EntryERKS2_ + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE4findERKS2_ + + [D] _ZN9grpc_core3MapIPKcSt10unique_ptrINS_10Subchannel16HealthWatcherMap13HealthWatcherENS_16OrphanableDeleteIS6_EEENS_10StringLessEE5eraseENSB_8iteratorE + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE10RotateLeftEPNS5_5EntryE + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE11RotateRightEPNS5_5EntryE + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE15InsertRecursiveEPNS5_5EntryEOSt4pairIS2_iE + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE15RemoveRecursiveEPNS5_5EntryERKS2_ + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE26RebalanceTreeAfterDeletionEPNS5_5EntryE + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE27RebalanceTreeAfterInsertionEPNS5_5EntryERKS2_ + + [D] _ZN9grpc_core3MapIPNS_10SubchannelEiSt4lessIS2_EE5eraseENS5_8iteratorE + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE10RotateLeftEPNSA_5EntryE + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE11RotateRightEPNSA_5EntryE + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE15InsertRecursiveEPNSA_5EntryEOSt4pairIS3_S7_E + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE15RemoveRecursiveEPNSA_5EntryERKS3_ + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE26RebalanceTreeAfterDeletionEPNSA_5EntryE + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE27RebalanceTreeAfterInsertionEPNSA_5EntryERKS3_ + + [D] _ZN9grpc_core3MapIPNS_19SubchannelInterface24ConnectivityStateWatcherESt10unique_ptrIS2_NS_13DefaultDeleteIS2_EEESt4lessIS3_EE5eraseENSA_8iteratorE + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE10RotateLeftEPNS6_5EntryE + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE11RotateRightEPNS6_5EntryE + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE15InsertRecursiveEPNS6_5EntryEOSt4pairIlS3_E + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE15RemoveRecursiveEPNS6_5EntryERKl + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE26RebalanceTreeAfterDeletionEPNS6_5EntryE + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE27RebalanceTreeAfterInsertionEPNS6_5EntryERKl + + [D] _ZN9grpc_core3MapIlPNS_8channelz8BaseNodeESt4lessIlEE5eraseENS6_8iteratorE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE10RotateLeftEPNS3_5EntryE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE11RotateRightEPNS3_5EntryE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE15InsertRecursiveEPNS3_5EntryEOSt4pairIlbE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE15RemoveRecursiveEPNS3_5EntryERKl + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE26RebalanceTreeAfterDeletionEPNS3_5EntryE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE27RebalanceTreeAfterInsertionEPNS3_5EntryERKl + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE5eraseENS3_8iteratorE + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE5eraseERKl + + [D] _ZN9grpc_core3MapIlbSt4lessIlEE7emplaceIJSt4pairIlbEEEES5_INS3_8iteratorEbEDpOT_ + + [D] _ZN9grpc_core4Fork10GlobalInitEv + + [D] _ZN9grpc_core4Fork12AllowExecCtxEv + + [D] _ZN9grpc_core4Fork12AwaitThreadsEv + + [D] _ZN9grpc_core4Fork12BlockExecCtxEv + + [D] _ZN9grpc_core4Fork14DecThreadCountEv + + [D] _ZN9grpc_core4Fork14GlobalShutdownEv + + [D] _ZN9grpc_core4Fork14IncThreadCountEv + + [D] _ZN9grpc_core4Fork15DecExecCtxCountEv + + [D] _ZN9grpc_core4Fork15IncExecCtxCountEv + + [D] _ZN9grpc_core4Fork30GetResetChildPollingEngineFuncEv + + [D] _ZN9grpc_core4Fork30SetResetChildPollingEngineFuncEPFvvE + + [D] _ZN9grpc_core4Fork6EnableEb + + [D] _ZN9grpc_core4Fork7EnabledEv + + [D] _ZN9grpc_core5Arena15CreateWithAllocEmm + + [D] _ZN9grpc_core5Arena6CreateEm + + [D] _ZN9grpc_core5Arena7DestroyEv + + [D] _ZN9grpc_core5Arena9AllocZoneEm + + [D] _ZN9grpc_core5ArenaD1Ev + + [D] _ZN9grpc_core5ArenaD2Ev, aliases _ZN9grpc_core5ArenaD1Ev + + [D] _ZN9grpc_core6ThreadC1EPKcPFvPvES3_PbRKNS0_7OptionsE, aliases _ZN9grpc_core6ThreadC2EPKcPFvPvES3_PbRKNS0_7OptionsE + + [D] _ZN9grpc_core6ThreadC2EPKcPFvPvES3_PbRKNS0_7OptionsE + + [D] _ZN9grpc_core8Executor9SchedulerENS_12ExecutorTypeENS_15ExecutorJobTypeE + + [D] _ZN9grpc_core8Executor9SchedulerENS_15ExecutorJobTypeE + + [D] _ZN9grpc_core8Resolver11StartLockedEv + + [D] _ZN9grpc_core8Resolver13ResultHandlerD0Ev + + [D] _ZN9grpc_core8Resolver13ResultHandlerD1Ev + + [D] _ZN9grpc_core8Resolver13ResultHandlerD2Ev, aliases _ZN9grpc_core8Resolver13ResultHandlerD1Ev + + [D] _ZN9grpc_core8Resolver14ShutdownLockedEv + + [D] _ZN9grpc_core8Resolver22ShutdownAndUnrefLockedEPvP10grpc_error + + [D] _ZN9grpc_core8ResolverC1EP13grpc_combinerSt10unique_ptrINS0_13ResultHandlerENS_13DefaultDeleteIS4_EEE + + [D] _ZN9grpc_core8ResolverC2EP13grpc_combinerSt10unique_ptrINS0_13ResultHandlerENS_13DefaultDeleteIS4_EEE, aliases _ZN9grpc_core8ResolverC1EP13grpc_combinerSt10unique_ptrINS0_13ResultHandlerENS_13DefaultDeleteIS4_EEE + + [D] _ZN9grpc_core8channelz10ServerNode19RenderServerSocketsEll + + [D] _ZN9grpc_core8channelz10SocketNodeC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEES5_ + + [D] _ZN9grpc_core8channelz10SocketNodeC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEES5_, aliases _ZN9grpc_core8channelz10SocketNodeC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEES5_ + + [D] _ZN9grpc_core8channelz11ChannelNode17PopulateChildRefsEP9grpc_json + + [D] _ZN9grpc_core8channelz11ChannelNodeC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEEml, aliases _ZN9grpc_core8channelz11ChannelNodeC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEEml + + [D] _ZN9grpc_core8channelz11ChannelNodeC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEEml + + [D] _ZN9grpc_core8channelz14SubchannelNode25PopulateConnectivityStateEP9grpc_json + + [D] _ZN9grpc_core8channelz14SubchannelNodeC1EPNS_10SubchannelEm + + [D] _ZN9grpc_core8channelz14SubchannelNodeC2EPNS_10SubchannelEm, aliases _ZN9grpc_core8channelz14SubchannelNodeC1EPNS_10SubchannelEm + + [D] _ZN9grpc_core8channelz16ChannelzRegistry18InternalGetServersEl + + [D] _ZN9grpc_core8channelz16ChannelzRegistry22InternalGetTopChannelsEl + + [D] _ZN9grpc_core8channelz16ListenSocketNodeC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEE + + [D] _ZN9grpc_core8channelz16ListenSocketNodeC2ESt10unique_ptrIcNS_13DefaultDeleteIcEEE, aliases _ZN9grpc_core8channelz16ListenSocketNodeC1ESt10unique_ptrIcNS_13DefaultDeleteIcEEE + + [D] _ZN9grpc_core8channelz18CallCountingHelper18PopulateCallCountsEP9grpc_json + + [D] _ZN9grpc_core8channelz18CallCountingHelperD1Ev + + [D] _ZN9grpc_core8channelz18CallCountingHelperD2Ev, aliases _ZN9grpc_core8channelz18CallCountingHelperD1Ev + + [D] _ZN9grpc_core8channelz8BaseNode10RenderJsonEv + + [D] _ZN9grpc_core8channelz8BaseNode16RenderJsonStringEv + + [D] _ZN9grpc_core8channelz8BaseNodeC1ENS1_10EntityTypeE + + [D] _ZN9grpc_core8channelz8BaseNodeC2ENS1_10EntityTypeE, aliases _ZN9grpc_core8channelz8BaseNodeC1ENS1_10EntityTypeE + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD0Ev + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD1Ev, aliases _ZN9grpc_core8internal24ThreadInternalsInterfaceD2Ev + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD2Ev + + [D] _ZN9grpc_core8internal32ClientChannelServiceConfigParser17ParseGlobalParamsEPK9grpc_jsonPP10grpc_error + + [D] _ZN9grpc_core8internal32ClientChannelServiceConfigParser20ParsePerMethodParamsEPK9grpc_jsonPP10grpc_error + + [D] _ZNK23grpc_security_connector3cmpEPKS_ + + [D] _ZNK29SpiffeServerSecurityConnector3cmpEPK23grpc_security_connector + + [D] _ZNK30SpiffeChannelSecurityConnector3cmpEPK23grpc_security_connector + + [D] _ZNK9grpc_core13ServerAddress10IsBalancerEv + + [D] _ZNK9grpc_core13ServerAddresseqERKS0_ + + [D] _ZNK9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEE3GetERK10grpc_slice + + [D] _ZNK9grpc_core14SliceHashTableISt10unique_ptrIcNS_13DefaultDeleteIcEEEE3GetERK10grpc_slice + + [D] _ZNK9grpc_core19ConnectedSubchannel4argsEv + + [D] _ZNK9grpc_core19LoadBalancingPolicy4nameEv + + [D] _ZNK9grpc_core28ResolvingLoadBalancingPolicy35ConcatenateAndAddChannelTraceLockedEPNS_13InlinedVectorIPcLm3EEE + + [D] _ZNK9grpc_core8channelz12ChannelTrace10TraceEvent16RenderTraceEventEP9grpc_json + + [D] _ZNSt3_V28__rotateIPSt10unique_ptrIN9grpc_core17HandshakerFactoryENS2_13DefaultDeleteIS3_EEEEET_S8_S8_S8_St26random_access_iterator_tag + + [D] address_sorting_abstract_get_family + + [D] address_sorting_create_source_addr_factory_for_current_platform + + [D] address_sorting_get_source_addr_for_testing + + [D] address_sorting_init + + [D] address_sorting_override_source_addr_factory_for_testing + + [D] address_sorting_rfc_6724_sort + + [D] address_sorting_shutdown + + [D] gpr_asprintf + + [D] gpr_atm_no_barrier_clamped_add + + [D] gpr_convert_clock_type + + [D] gpr_cpu_current_cpu + + [D] gpr_cpu_num_cores + + [D] gpr_cv_broadcast + + [D] gpr_cv_destroy + + [D] gpr_cv_init + + [D] gpr_cv_signal + + [D] gpr_cv_wait + + [D] gpr_event_get + + [D] gpr_event_init + + [D] gpr_event_set + + [D] gpr_event_wait + + [D] gpr_free + + [D] gpr_free_aligned + + [D] gpr_get_allocation_functions + + [D] gpr_inf_future + + [D] gpr_inf_past + + [D] gpr_log + + [D] gpr_log_message + + [D] gpr_log_severity_string + + [D] gpr_log_verbosity_init + + [D] gpr_malloc + + [D] gpr_malloc_aligned + + [D] gpr_mu_destroy + + [D] gpr_mu_init + + [D] gpr_mu_lock + + [D] gpr_mu_trylock + + [D] gpr_mu_unlock + + [D] gpr_now + + [D] gpr_once_init + + [D] gpr_realloc + + [D] gpr_ref + + [D] gpr_ref_init + + [D] gpr_ref_is_unique + + [D] gpr_ref_non_zero + + [D] gpr_refn + + [D] gpr_set_allocation_functions + + [D] gpr_set_log_function + + [D] gpr_set_log_verbosity + + [D] gpr_should_log + + [D] gpr_sleep_until + + [D] gpr_stats_inc + + [D] gpr_stats_init + + [D] gpr_stats_read + + [D] gpr_strdup + + [D] gpr_thd_currentid + + [D] gpr_time_0 + + [D] gpr_time_add + + [D] gpr_time_cmp + + [D] gpr_time_from_hours + + [D] gpr_time_from_micros + + [D] gpr_time_from_millis + + [D] gpr_time_from_minutes + + [D] gpr_time_from_nanos + + [D] gpr_time_from_seconds + + [D] gpr_time_init + + [D] gpr_time_max + + [D] gpr_time_min + + [D] gpr_time_similar + + [D] gpr_time_sub + + [D] gpr_time_to_millis + + [D] gpr_timespec_to_micros + + [D] gpr_unref + + [D] gpr_zalloc + + [D] grpc_tls_spiffe_credentials_create + + [D] grpc_tls_spiffe_server_credentials_create + + [D] pb_close_string_substream + + [D] pb_decode + + [D] pb_decode_delimited + + [D] pb_decode_fixed32 + + [D] pb_decode_fixed64 + + [D] pb_decode_noinit + + [D] pb_decode_svarint + + [D] pb_decode_tag + + [D] pb_decode_varint + + [D] pb_encode + + [D] pb_encode_delimited + + [D] pb_encode_fixed32 + + [D] pb_encode_fixed64 + + [D] pb_encode_string + + [D] pb_encode_submessage + + [D] pb_encode_svarint + + [D] pb_encode_tag + + [D] pb_encode_tag_for_field + + [D] pb_encode_varint + + [D] pb_field_iter_begin + + [D] pb_field_iter_find + + [D] pb_field_iter_next + + [D] pb_get_encoded_size + + [D] pb_istream_from_buffer + + [D] pb_make_string_substream + + [D] pb_ostream_from_buffer + + [D] pb_read + + [D] pb_skip_field + + [D] pb_write + + + +1093 Added function symbols not referenced by debug info: + + + + [A] _Z12grpc_cq_initv + + [A] _Z15grpc_mdelem_ref11grpc_mdelemPKci + + [A] _Z15grpc_stream_refP20grpc_stream_refcountPKc + + [A] _Z16functor_callbackPvP10grpc_error + + [A] _Z16grpc_cq_shutdownv + + [A] _Z17grpc_combiner_refPN9grpc_core8CombinerEPKciS3_ + + [A] _Z17grpc_error_do_refP10grpc_errorPKci + + [A] _Z17grpc_event_stringB5cxx11P10grpc_event + + [A] _Z17grpc_mdelem_unref11grpc_mdelemPKci + + [A] _Z17grpc_stream_unrefP20grpc_stream_refcountPKc + + [A] _Z18grpc_mdelem_createRKN9grpc_core19StaticMetadataSliceERK10grpc_sliceP16grpc_mdelem_data + + [A] _Z19grpc_call_log_batchPKci16gpr_log_severityPK7grpc_opm + + [A] _Z19grpc_combiner_unrefPN9grpc_core8CombinerEPKciS3_ + + [A] _Z19grpc_error_do_unrefP10grpc_errorPKci + + [A] _Z20grpc_cq_internal_refP21grpc_completion_queuePKcS2_i + + [A] _Z20grpc_mdelem_do_unref11grpc_mdelemPKci + + [A] _Z20grpc_sockaddr_to_uriB5cxx11PK21grpc_resolved_address + + [A] _Z20grpc_stream_ref_initP20grpc_stream_refcountiPFvPvP10grpc_errorES1_PKc + + [A] _Z21grpc_mdelem_trace_refPvRK10grpc_sliceS2_lPKci + + [A] _Z21grpc_slice_sub_no_refRKN9grpc_core20UnmanagedMemorySliceEmm + + [A] _Z21grpc_tcp_server_startP15grpc_tcp_serverPKSt6vectorIP12grpc_pollsetSaIS3_EEPFvPvP13grpc_endpointS3_P24grpc_tcp_server_acceptorES8_ + + [A] _Z21grpc_udp_server_startP15grpc_udp_serverPKSt6vectorIP12grpc_pollsetSaIS3_EEPv + + [A] _Z22grpc_call_internal_refP9grpc_callPKc + + [A] _Z22grpc_chttp2_stream_refP18grpc_chttp2_streamPKc + + [A] _Z22grpc_cq_internal_unrefP21grpc_completion_queuePKcS2_i + + [A] _Z22grpc_iomgr_non_pollingv + + [A] _Z22grpc_resolver_xds_initv + + [A] _Z23grpc_lb_policy_cds_initv + + [A] _Z23grpc_lb_policy_eds_initv + + [A] _Z23grpc_lb_policy_lrs_initv + + [A] _Z23grpc_mdelem_from_slicesRKN9grpc_core18ManagedMemorySliceES2_ + + [A] _Z23grpc_mdelem_from_slicesRKN9grpc_core19StaticMetadataSliceERK10grpc_slice + + [A] _Z23grpc_mdelem_from_slicesRKN9grpc_core19StaticMetadataSliceERKNS_18ManagedMemorySliceE + + [A] _Z23grpc_mdelem_from_slicesRKN9grpc_core19StaticMetadataSliceES2_ + + [A] _Z23grpc_mdelem_trace_unrefPvRK10grpc_sliceS2_lPKci + + [A] _Z23grpc_sockaddr_to_stringB5cxx11PK21grpc_resolved_addressb + + [A] _Z23grpc_stats_data_as_jsonB5cxx11PK15grpc_stats_data + + [A] _Z24grpc_call_internal_unrefP9grpc_callPKc + + [A] _Z24grpc_channel_args_stringB5cxx11PK17grpc_channel_args + + [A] _Z24grpc_chttp2_stream_unrefP18grpc_chttp2_streamPKc + + [A] _Z24grpc_get_tsi_tls_version16grpc_tls_version + + [A] _Z24grpc_server_add_listenerP11grpc_serverSt10unique_ptrIN9grpc_core23ServerListenerInterfaceENS2_16OrphanableDeleteEE + + [A] _Z24grpc_server_get_pollsetsP11grpc_server + + [A] _Z24grpc_set_socket_zerocopyi + + [A] _Z24grpc_ssl_check_call_hostN4absl14lts_2020_02_2511string_viewES1_S1_P17grpc_auth_contextPP10grpc_error + + [A] _Z24grpc_ssl_check_peer_nameN4absl14lts_2020_02_2511string_viewEPK8tsi_peer + + [A] _Z24grpc_ssl_cmp_target_nameN4absl14lts_2020_02_2511string_viewES1_S1_S1_ + + [A] _Z24grpc_transport_op_stringB5cxx11P17grpc_transport_op + + [A] _Z25grpc_check_security_level19grpc_security_levelS_ + + [A] _Z25grpc_jwt_claims_from_jsonN9grpc_core4JsonE + + [A] _Z25grpc_set_socket_dualstacki + + [A] _Z25tsi_ssl_peer_matches_namePK8tsi_peerN4absl14lts_2020_02_2511string_viewE + + [A] _Z26alts_tsi_handshaker_createPK29grpc_alts_credentials_optionsPKcS3_bP16grpc_pollset_setPP14tsi_handshakerm + + [A] _Z26custom_tcp_endpoint_createP18grpc_custom_socketP19grpc_resource_quotaPKc + + [A] _Z26grpc_mdelem_on_final_unref24grpc_mdelem_data_storagePvjPKci + + [A] _Z26grpc_metadata_batch_removeP19grpc_metadata_batch34grpc_metadata_batch_callouts_index + + [A] _Z26grpc_resolver_xds_shutdownv + + [A] _Z26grpc_slice_from_cpp_stringNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _Z26grpc_ssl_host_matches_namePK8tsi_peerN4absl14lts_2020_02_2511string_viewE + + [A] _Z26grpc_tcp_client_prepare_fdPK17grpc_channel_argsPK21grpc_resolved_addressPS2_Pi + + [A] _Z27grpc_channel_args_find_boolPK17grpc_channel_argsPKcb + + [A] _Z27grpc_lb_policy_cds_shutdownv + + [A] _Z27grpc_lb_policy_eds_shutdownv + + [A] _Z27grpc_lb_policy_lrs_shutdownv + + [A] _Z27grpc_server_setup_transportP11grpc_serverP14grpc_transportP12grpc_pollsetPK17grpc_channel_argsRKN9grpc_core13RefCountedPtrINS8_8channelz10SocketNodeEEEP18grpc_resource_user + + [A] _Z28grpc_chttp2_reset_ping_clockP21grpc_chttp2_transport + + [A] _Z28grpc_client_idle_filter_initv + + [A] _Z28grpc_lb_policy_priority_initv + + [A] _Z28grpc_metadata_batch_add_tailP19grpc_metadata_batchP18grpc_linked_mdelem11grpc_mdelem34grpc_metadata_batch_callouts_index + + [A] _Z28grpc_slice_from_moved_bufferSt10unique_ptrIcN9grpc_core17DefaultDeleteCharEEm + + [A] _Z28grpc_slice_from_moved_stringSt10unique_ptrIcN9grpc_core17DefaultDeleteCharEE + + [A] _Z28tsi_security_level_to_string18tsi_security_level + + [A] _Z29grpc_channel_args_find_stringPK17grpc_channel_argsPKc + + [A] _Z29grpc_channel_destroy_internalP12grpc_channel + + [A] _Z29grpc_init_static_metadata_ctxv + + [A] _Z29grpc_json_get_string_propertyRKN9grpc_core4JsonEPKcPP10grpc_error + + [A] _Z29grpc_metadata_batch_assert_okP19grpc_metadata_batch + + [A] _Z29grpc_metadata_batch_link_headP19grpc_metadata_batchP18grpc_linked_mdelem34grpc_metadata_batch_callouts_index + + [A] _Z29grpc_metadata_batch_link_tailP19grpc_metadata_batchP18grpc_linked_mdelem34grpc_metadata_batch_callouts_index + + [A] _Z29grpc_security_level_to_string19grpc_security_level + + [A] _Z29grpc_ssl_peer_to_auth_contextPK8tsi_peerPKc + + [A] _Z30grpc_channel_args_find_integerPK17grpc_channel_argsPKc20grpc_integer_options + + [A] _Z30grpc_copy_json_string_propertyRKN9grpc_core4JsonEPKcPPc + + [A] _Z31grpc_chttp2_add_incoming_goawayP21grpc_chttp2_transportjjRK10grpc_slice + + [A] _Z31grpc_chttp2_retry_initiate_pingPvP10grpc_error + + [A] _Z31grpc_lb_policy_xds_routing_initv + + [A] _Z31grpc_security_handshaker_createP14tsi_handshakerP23grpc_security_connectorPK17grpc_channel_args + + [A] _Z31tsi_ssl_get_cert_chain_contentsP13stack_st_X509P17tsi_peer_property + + [A] _Z32grpc_client_idle_filter_shutdownv + + [A] _Z32grpc_destroy_static_metadata_ctxv + + [A] _Z32grpc_lb_policy_priority_shutdownv + + [A] _Z33alts_tsi_handshaker_result_createP23grpc_gcp_HandshakerRespbPP21tsi_handshaker_result + + [A] _Z33grpc_apply_socket_mutator_in_argsiPK17grpc_channel_args + + [A] _Z33grpc_ares_ev_driver_create_lockedPP19grpc_ares_ev_driverP16grpc_pollset_setiSt10shared_ptrIN9grpc_core14WorkSerializerEEP17grpc_ares_request + + [A] _Z33grpc_base64_estimate_encoded_sizemi + + [A] _Z34alts_grpc_handshaker_client_createP19alts_tsi_handshakerP12grpc_channelPKcP16grpc_pollset_setP29grpc_alts_credentials_optionsRK10grpc_slicePFvPvP10grpc_errorEPFv10tsi_resultSC_PKhmP21tsi_handshaker_resultESC_P29alts_handshaker_client_vtablebm + + [A] _Z35alts_tsi_utils_deserialize_responseP16grpc_byte_bufferP9upb_arena + + [A] _Z35grpc_alts_set_rpc_protocol_versionsP29_grpc_gcp_RpcProtocolVersions + + [A] _Z35grpc_auth_json_key_create_from_jsonRKN9grpc_core4JsonE + + [A] _Z35grpc_lb_policy_weighted_target_initv + + [A] _Z35grpc_lb_policy_xds_routing_shutdownv + + [A] _Z36grpc_get_reffed_status_elem_slowpathi + + [A] _Z36grpc_iomgr_mark_non_polling_internalv + + [A] _Z37grpc_cycle_counter_to_millis_round_upd + + [A] _Z37grpc_gcp_rpc_protocol_versions_encodePK28grpc_gcp_RpcProtocolVersionsP9upb_arenaP10grpc_slice + + [A] _Z37grpc_sockaddr_to_uri_unix_if_possibleB5cxx11PK21grpc_resolved_address + + [A] _Z37grpc_transport_stream_op_batch_stringB5cxx11P30grpc_transport_stream_op_batch + + [A] _Z38grpc_chttp2_hptbl_lookup_dynamic_indexPK17grpc_chttp2_hptblj + + [A] _Z38grpc_tsi_security_level_string_to_enumPKc + + [A] _Z39grpc_cares_wrapper_address_sorting_sortPK17grpc_ares_requestPN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaIS6_EEE + + [A] _Z39grpc_cycle_counter_to_millis_round_downd + + [A] _Z39grpc_lb_policy_weighted_target_shutdownv + + [A] _Z39grpc_tcp_client_create_from_prepared_fdP16grpc_pollset_setP12grpc_closureiPK17grpc_channel_argsPK21grpc_resolved_addresslPP13grpc_endpoint + + [A] _Z39grpc_timer_manager_get_wakeups_testonlyv + + [A] _Z40grpc_auth_refresh_token_create_from_jsonRKN9grpc_core4JsonE + + [A] _Z40grpc_chttp2_add_rst_stream_to_next_writeP21grpc_chttp2_transportjjP28grpc_transport_one_way_stats + + [A] _Z40grpc_deframe_unprocessed_incoming_framesP23grpc_chttp2_data_parserP18grpc_chttp2_streamP17grpc_slice_bufferP10grpc_slicePSt10unique_ptrIN9grpc_core10ByteStreamENS8_16OrphanableDeleteEE + + [A] _Z42grpc_chttp2_hptbl_lookup_ref_dynamic_indexPK17grpc_chttp2_hptblj + + [A] _Z43grpc_client_channel_stop_connectivity_watchP20grpc_channel_elementPN9grpc_core38AsyncConnectivityStateWatcherInterfaceE + + [A] _Z43grpc_service_config_channel_arg_filter_initv + + [A] _Z43grpc_ssl_tsi_client_handshaker_factory_initP25tsi_ssl_pem_key_cert_pairPKcb15tsi_tls_versionS3_P21tsi_ssl_session_cachePP33tsi_ssl_client_handshaker_factory + + [A] _Z43grpc_ssl_tsi_server_handshaker_factory_initP25tsi_ssl_pem_key_cert_pairmPKc40grpc_ssl_client_certificate_request_type15tsi_tls_versionS4_PP33tsi_ssl_server_handshaker_factory + + [A] _Z43tsi_zero_copy_grpc_protector_max_frame_sizeP28tsi_zero_copy_grpc_protectorPm + + [A] _Z44grpc_client_channel_start_connectivity_watchP20grpc_channel_element23grpc_connectivity_stateSt10unique_ptrIN9grpc_core38AsyncConnectivityStateWatcherInterfaceENS3_16OrphanableDeleteEE + + [A] _Z46grpc_gcp_rpc_protocol_versions_assign_from_upbP29_grpc_gcp_RpcProtocolVersionsPK28grpc_gcp_RpcProtocolVersions + + [A] _Z47grpc_gcp_RpcProtocolVersions_assign_from_structP28grpc_gcp_RpcProtocolVersionsP9upb_arenaPK29_grpc_gcp_RpcProtocolVersions + + [A] _Z47grpc_service_config_channel_arg_filter_shutdownv + + [A] _Z48grpc_get_well_known_google_credentials_file_pathB5cxx11v + + [A] _Z48grpc_override_well_known_credentials_path_getterPFNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEvE + + [A] _Z48tsi_ssl_extract_x509_subject_names_from_pem_certPKcP8tsi_peer + + [A] _Z53grpc_channel_args_get_client_channel_creation_mutatorv + + [A] _Z53grpc_channel_args_set_client_channel_creation_mutatorPFP17grpc_channel_argsPKcS0_23grpc_channel_stack_typeE + + [A] _Z53grpc_get_well_known_google_credentials_file_path_implB5cxx11v + + [A] _Z59grpc_channel_args_get_channel_default_compression_algorithmPK17grpc_channel_args + + [A] _Z59grpc_channel_args_set_channel_default_compression_algorithmP17grpc_channel_args26grpc_compression_algorithm + + [A] _Z74grpc_dns_lookup_ares_continue_after_check_localhost_and_ip_literals_lockedP17grpc_ares_requestPKcS2_S2_P16grpc_pollset_setiSt10shared_ptrIN9grpc_core14WorkSerializerEE + + [A] _Z8tcp_sendiPK6msghdri + + [A] _ZN14TlsCredentials25create_security_connectorEN9grpc_core13RefCountedPtrI21grpc_call_credentialsEEPKcPK17grpc_channel_argsPPS6_ + + [A] _ZN14TlsCredentialsC1EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE + + [A] _ZN14TlsCredentialsC2EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE, aliases _ZN14TlsCredentialsC1EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE + + [A] _ZN14TlsCredentialsD0Ev + + [A] _ZN14TlsCredentialsD1Ev, aliases _ZN14TlsCredentialsD2Ev + + [A] _ZN14TlsCredentialsD2Ev + + [A] _ZN15GrpcUdpListener14StartListeningEPKSt6vectorIP12grpc_pollsetSaIS2_EEP21GrpcUdpHandlerFactory + + [A] _ZN19grpc_slice_refcount5UnrefEv + + [A] _ZN20TlsServerCredentials25create_security_connectorEv + + [A] _ZN20TlsServerCredentialsC1EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE + + [A] _ZN20TlsServerCredentialsC2EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE, aliases _ZN20TlsServerCredentialsC1EN9grpc_core13RefCountedPtrI28grpc_tls_credentials_optionsEE + + [A] _ZN20TlsServerCredentialsD0Ev + + [A] _ZN20TlsServerCredentialsD1Ev + + [A] _ZN20TlsServerCredentialsD2Ev, aliases _ZN20TlsServerCredentialsD1Ev + + [A] _ZN20grpc_ssl_credentials19set_max_tls_versionE16grpc_tls_version + + [A] _ZN20grpc_ssl_credentials19set_min_tls_versionE16grpc_tls_version + + [A] _ZN22grpc_tls_error_detailsD0Ev + + [A] _ZN22grpc_tls_error_detailsD1Ev + + [A] _ZN22grpc_tls_error_detailsD2Ev, aliases _ZN22grpc_tls_error_detailsD1Ev + + [A] _ZN23grpc_plugin_credentials12debug_stringB5cxx11Ev + + [A] _ZN23grpc_plugin_credentialsC1E32grpc_metadata_credentials_plugin19grpc_security_level + + [A] _ZN23grpc_plugin_credentialsC2E32grpc_metadata_credentials_plugin19grpc_security_level, aliases _ZN23grpc_plugin_credentialsC1E32grpc_metadata_credentials_plugin19grpc_security_level + + [A] _ZN27grpc_google_iam_credentials12debug_stringB5cxx11Ev + + [A] _ZN27grpc_ssl_server_credentials19set_max_tls_versionE16grpc_tls_version + + [A] _ZN27grpc_ssl_server_credentials19set_min_tls_versionE16grpc_tls_version + + [A] _ZN29grpc_access_token_credentials12debug_stringB5cxx11Ev + + [A] _ZN29grpc_md_only_test_credentials12debug_stringB5cxx11Ev + + [A] _ZN29grpc_tls_key_materials_config17set_key_materialsEPKcPPK26grpc_ssl_pem_key_cert_pairm + + [A] _ZN29grpc_tls_key_materials_config17set_key_materialsEPKcRKN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core14PemKeyCertPairELm1ESaIS6_EEE + + [A] _ZN31grpc_composite_call_credentials12debug_stringB5cxx11Ev + + [A] _ZN37grpc_google_refresh_token_credentials12debug_stringB5cxx11Ev + + [A] _ZN37grpc_oauth2_token_fetcher_credentials12debug_stringB5cxx11Ev + + [A] _ZN43grpc_httpcli_ssl_channel_security_connector15add_handshakersEPK17grpc_channel_argsP16grpc_pollset_setPN9grpc_core16HandshakeManagerE + + [A] _ZN43grpc_httpcli_ssl_channel_security_connector15check_call_hostEN4absl14lts_2020_02_2511string_viewEP17grpc_auth_contextP12grpc_closurePP10grpc_error + + [A] _ZN43grpc_service_account_jwt_access_credentials12debug_stringB5cxx11Ev + + [A] _ZN4absl14lts_2020_02_2511make_uniqueIN3re23RE2EJRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEEENS0_15memory_internal16MakeUniqueResultIT_E6scalarEDpOT0_ + + [A] _ZN4absl14lts_2020_02_2511make_uniqueIN9grpc_core12XdsBootstrap4NodeEJEEENS0_15memory_internal16MakeUniqueResultIT_E6scalarEDpOT0_ + + [A] _ZN4absl14lts_2020_02_2511make_uniqueIN9grpc_core19LoadBalancingPolicy11QueuePickerEJNS2_13RefCountedPtrIS3_EEEEENS0_15memory_internal16MakeUniqueResultIT_E6scalarEDpOT0_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core12XdsBootstrap12ChannelCredsELm1ESaIS4_EEC1EOS6_, aliases _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core12XdsBootstrap12ChannelCredsELm1ESaIS4_EEC2EOS6_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core12XdsBootstrap12ChannelCredsELm1ESaIS4_EEC2EOS6_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaIS3_EEC1EOS5_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaIS3_EEC2EOS5_, aliases _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaIS3_EEC1EOS5_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS5_EEC1EOS7_, aliases _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS5_EEC2EOS7_ + + [A] _ZN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS5_EEC2EOS7_ + + [A] _ZN4absl14lts_2020_02_2516strings_internal13JoinAlgorithmIN9__gnu_cxx17__normal_iteratorIPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt6vectorISA_SaISA_EEEEvEESA_T_SH_NS0_11string_viewENS1_11NoFormatterE + + [A] _ZN4absl14lts_2020_02_2516strings_internal13JoinAlgorithmISt23_Rb_tree_const_iteratorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEvEES9_T_SB_NS0_11string_viewENS1_11NoFormatterE + + [A] _ZN4absl14lts_2020_02_2516strings_internal9JoinRangeINS0_13InlinedVectorINS0_11string_viewELm1ESaIS4_EEEEENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKT_S4_ + + [A] _ZN4absl14lts_2020_02_2517optional_internal13optional_dataIN9grpc_core6XdsApi9RdsUpdateELb0EEC1EOS6_, aliases _ZN4absl14lts_2020_02_2517optional_internal13optional_dataIN9grpc_core6XdsApi9RdsUpdateELb0EEC2EOS6_ + + [A] _ZN4absl14lts_2020_02_2517optional_internal13optional_dataIN9grpc_core6XdsApi9RdsUpdateELb0EEC2EOS6_ + + [A] _ZN4absl14lts_2020_02_2517optional_internal13optional_dataINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEELb0EEC1EOS9_ + + [A] _ZN4absl14lts_2020_02_2517optional_internal13optional_dataINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEELb0EEC2EOS9_, aliases _ZN4absl14lts_2020_02_2517optional_internal13optional_dataINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEELb0EEC1EOS9_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI15GrpcUdpListenerLm16ESaIS3_EE11EmplaceBackIJRP15grpc_udp_serverRiRPK21grpc_resolved_addressEEERS3_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm1ESaIS3_EE11EmplaceBackIJS3_EEERS3_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm2ESaIS3_EE11EmplaceBackIJS3_EEERS3_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm2ESaIS3_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm2ESaIS3_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm2ESaIS3_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm3ESaIS3_EE11EmplaceBackIJRS3_EEES7_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm3ESaIS3_EE11EmplaceBackIJS3_EEERS3_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm3ESaIS3_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm3ESaIS3_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageI8grpc_argLm3ESaIS3_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core12XdsBootstrap12ChannelCredsELm1ESaIS5_EE11EmplaceBackIJS5_EEERS5_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core12XdsBootstrap9XdsServerELm1ESaIS5_EE11EmplaceBackIJEEERS5_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrI21grpc_call_credentialsEELm2ESaIS6_EE11EmplaceBackIJS6_EEERS6_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrI21grpc_call_credentialsEELm2ESaIS6_EE7ReserveEm + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_10HandshakerEEELm2ESaIS6_EE11EmplaceBackIJS6_EEERS6_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_19SubchannelInterfaceEEELm10ESaIS6_EE11EmplaceBackIJS6_EEERS6_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_8channelz8BaseNodeEEELm10ESaIS7_EE11EmplaceBackIJRPS6_EEERS7_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_8channelz8BaseNodeEEELm10ESaIS7_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_8channelz8BaseNodeEEELm10ESaIS7_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13RefCountedPtrINS3_8channelz8BaseNodeEEELm10ESaIS7_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE10InitializeINS1_20IteratorValueAdapterIS5_PKS4_EEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE11EmplaceBackIJPA128_cRjDnEEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE11EmplaceBackIJR21grpc_resolved_addressDnEEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE11EmplaceBackIJRK21grpc_resolved_addressRP17grpc_channel_argsEEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE11EmplaceBackIJRS4_EEES8_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE6AssignINS1_20IteratorValueAdapterIS5_PKS4_EEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EE6AssignINS1_20IteratorValueAdapterIS5_St13move_iteratorIPS4_EEEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EED2Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core13ServerAddressELm1ESaIS4_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core14PemKeyCertPairELm1ESaIS4_EE11EmplaceBackIJS4_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core14PemKeyCertPairELm1ESaIS4_EE6AssignINS1_20IteratorValueAdapterIS5_St13move_iteratorIPS4_EEEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core14PemKeyCertPairELm1ESaIS4_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core14PemKeyCertPairELm1ESaIS4_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core14PemKeyCertPairELm1ESaIS4_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core17GrpcLbClientStats14DropTokenCountELm10ESaIS5_EE11EmplaceBackIJSt10unique_ptrIcNS3_17DefaultDeleteCharEEiEEERS5_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core23CallCombinerClosureList19CallCombinerClosureELm6ESaIS5_EE11EmplaceBackIJRP12grpc_closureRP10grpc_errorRPKcEEERS5_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core23CallCombinerClosureList19CallCombinerClosureELm6ESaIS5_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core23CallCombinerClosureList19CallCombinerClosureELm6ESaIS5_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core23CallCombinerClosureList19CallCombinerClosureELm6ESaIS5_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi10DropConfig12DropCategoryELm2ESaIS6_EE11EmplaceBackIJS6_EEERS6_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS6_EE6AssignINS1_20IteratorValueAdapterIS7_St13move_iteratorIPS6_EEEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS6_EE6ResizeINS1_19DefaultValueAdapterIS7_EEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS6_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS6_EED2Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core6XdsApi18PriorityListUpdate11LocalityMapELm2ESaIS6_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core8channelz18CallCountingHelper17AtomicCounterDataELm1ESaIS6_EE11EmplaceBackIJEEERS6_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core8channelz18CallCountingHelper17AtomicCounterDataELm1ESaIS6_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core8channelz18CallCountingHelper17AtomicCounterDataELm1ESaIS6_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core8channelz18CallCountingHelper17AtomicCounterDataELm1ESaIS6_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageINS0_11string_viewELm1ESaIS3_EE11EmplaceBackIJRKS3_EEERS3_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIP10grpc_errorLm3ESaIS4_EE11EmplaceBackIJS4_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIP10grpc_errorLm4ESaIS4_EE11EmplaceBackIJS4_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIPKcLm1ESaIS4_EE11EmplaceBackIJRA25_S3_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIPKcLm1ESaIS4_EE11EmplaceBackIJS4_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIPKcLm3ESaIS4_EE11EmplaceBackIJS4_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIPN9grpc_core15ByteStreamCacheELm3ESaIS5_EE11EmplaceBackIJRKS5_EEERS5_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core15ResolverFactoryESt14default_deleteIS5_EELm10ESaIS8_EE11EmplaceBackIJS8_EEERS8_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core17HandshakerFactoryESt14default_deleteIS5_EELm2ESaIS8_EE11EmplaceBackIJS8_EEERS8_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS6_EELm4ESaIS9_EE11EmplaceBackIJS9_EEERS9_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS6_EELm4ESaIS9_EE6AssignINS1_20IteratorValueAdapterISA_St13move_iteratorIPS9_EEEEEvT_m + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS6_EELm4ESaIS9_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS6_EELm4ESaIS9_EED2Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS6_EELm4ESaIS9_EED1Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core19ServiceConfigParser6ParserESt14default_deleteIS6_EELm4ESaIS9_EE11EmplaceBackIJS9_EEERS9_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrIN9grpc_core26LoadBalancingPolicyFactoryESt14default_deleteIS5_EELm10ESaIS8_EE11EmplaceBackIJS8_EEERS8_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageISt10unique_ptrINS0_13InlinedVectorIS3_IN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS7_EELm4ESaISA_EEES8_ISC_EELm32ESaISE_EE11EmplaceBackIJSE_EEERSE_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIiLm1ESaIiEE11EmplaceBackIJRKiEEERiDpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIiLm1ESaIiEED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIiLm1ESaIiEED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIiLm1ESaIiEED2Ev + + [A] _ZN4absl14lts_2020_02_25eqIN9grpc_core6XdsApi9RdsUpdateES4_EEDTcl19convertible_to_booleqdefp_defp0_EERKNS0_8optionalIT_EERKNS6_IT0_EE + + [A] _ZN4grpc12experimental17LibuvEventManager10ShouldStopEv + + [A] _ZN4grpc12experimental17LibuvEventManager11ShutdownRefEv + + [A] _ZN4grpc12experimental17LibuvEventManager13RunWorkerLoopEv + + [A] _ZN4grpc12experimental17LibuvEventManager13ShutdownUnrefEv + + [A] _ZN4grpc12experimental17LibuvEventManager7OptionsC1Ei + + [A] _ZN4grpc12experimental17LibuvEventManager7OptionsC1Ev + + [A] _ZN4grpc12experimental17LibuvEventManager7OptionsC2Ei, aliases _ZN4grpc12experimental17LibuvEventManager7OptionsC1Ei + + [A] _ZN4grpc12experimental17LibuvEventManager7OptionsC2Ev, aliases _ZN4grpc12experimental17LibuvEventManager7OptionsC1Ev + + [A] _ZN4grpc12experimental17LibuvEventManager8ShutdownEv + + [A] _ZN4grpc12experimental17LibuvEventManagerC1ERKNS1_7OptionsE + + [A] _ZN4grpc12experimental17LibuvEventManagerC2ERKNS1_7OptionsE, aliases _ZN4grpc12experimental17LibuvEventManagerC1ERKNS1_7OptionsE + + [A] _ZN4grpc12experimental17LibuvEventManagerD0Ev + + [A] _ZN4grpc12experimental17LibuvEventManagerD1Ev + + [A] _ZN4grpc12experimental17LibuvEventManagerD2Ev, aliases _ZN4grpc12experimental17LibuvEventManagerD1Ev + + [A] _ZN9__gnu_cxx12__to_xstringINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEcEET_PFiPT0_mPKS8_St9__va_listEmSB_z + + [A] _ZN9grpc_core10RefCountedI17grpc_auth_contextNS_22NonPolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedI21grpc_call_credentialsNS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedI23grpc_security_connectorNS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedI24grpc_channel_credentialsNS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedI28grpc_tls_credentials_optionsNS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedI29grpc_tls_key_materials_configNS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedI33grpc_tls_credential_reload_configNS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedI42grpc_tls_server_authorization_check_configNS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedIN3tsi18SslSessionLRUCacheENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_10HandshakerENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_10Subchannel33ConnectivityStateWatcherInterfaceENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_13ServiceConfigENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_14ConfigSelectorENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEEENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_15XdsLocalityNameENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_16HandshakeManagerENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_17GrpcLbClientStatsENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_19ConnectedSubchannelENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_19LoadBalancingPolicy6ConfigENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_19SubchannelInterfaceENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_19XdsClusterDropStatsENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_23SubchannelPoolInterfaceENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_23XdsClusterLocalityStatsENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_29FakeResolverResponseGeneratorENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_6XdsApi10DropConfigENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_8channelz8BaseNodeENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10RefCountedINS_8internal23ServerRetryThrottleDataENS_19PolymorphicRefCountEE5UnrefEv + + [A] _ZN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcher25OnConnectivityStateChangeE23grpc_connectivity_state + + [A] _ZN9grpc_core10Subchannel16HealthWatcherMap16AddWatcherLockedEPS0_23grpc_connectivity_stateSt10unique_ptrIcNS_17DefaultDeleteCharEENS_13RefCountedPtrINS0_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZN9grpc_core10Subchannel16HealthWatcherMap19RemoveWatcherLockedEPKcPNS0_33ConnectivityStateWatcherInterfaceE + + [A] _ZN9grpc_core10Subchannel22WatchConnectivityStateE23grpc_connectivity_stateSt10unique_ptrIcNS_17DefaultDeleteCharEENS_13RefCountedPtrINS0_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZN9grpc_core10Subchannel28CancelConnectivityStateWatchEPKcPNS0_33ConnectivityStateWatcherInterfaceE + + [A] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherList16AddWatcherLockedENS_13RefCountedPtrINS0_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherList19RemoveWatcherLockedEPNS0_33ConnectivityStateWatcherInterfaceE + + [A] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherListD1Ev + + [A] _ZN9grpc_core10Subchannel28ConnectivityStateWatcherListD2Ev, aliases _ZN9grpc_core10Subchannel28ConnectivityStateWatcherListD1Ev + + [A] _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcher25OnConnectivityStateChangeE23grpc_connectivity_state + + [A] _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherD0Ev + + [A] _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherD1Ev + + [A] _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherD2Ev, aliases _ZN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherD1Ev + + [A] _ZN9grpc_core10Subchannel33ConnectivityStateWatcherInterface26PopConnectivityStateChangeEv + + [A] _ZN9grpc_core10Subchannel33ConnectivityStateWatcherInterface27PushConnectivityStateChangeENS1_23ConnectivityStateChangeE + + [A] _ZN9grpc_core10Subchannel3RefEPKciS2_ + + [A] _ZN9grpc_core10Subchannel5UnrefEPKciS2_ + + [A] _ZN9grpc_core10Subchannel6CreateESt10unique_ptrINS_19SubchannelConnectorENS_16OrphanableDeleteEEPK17grpc_channel_args + + [A] _ZN9grpc_core10Subchannel7WeakRefEPKciS2_ + + [A] _ZN9grpc_core10Subchannel9RefMutateEliPKciS2_S2_ + + [A] _ZN9grpc_core10Subchannel9WeakUnrefEPKciS2_ + + [A] _ZN9grpc_core10SubchannelC1EPNS_13SubchannelKeyESt10unique_ptrINS_19SubchannelConnectorENS_16OrphanableDeleteEEPK17grpc_channel_args + + [A] _ZN9grpc_core10SubchannelC2EPNS_13SubchannelKeyESt10unique_ptrINS_19SubchannelConnectorENS_16OrphanableDeleteEEPK17grpc_channel_args, aliases _ZN9grpc_core10SubchannelC1EPNS_13SubchannelKeyESt10unique_ptrINS_19SubchannelConnectorENS_16OrphanableDeleteEEPK17grpc_channel_args + + [A] _ZN9grpc_core10ThreadPool16DefaultStackSizeEv + + [A] _ZN9grpc_core10ThreadPool24AssertHasNotBeenShutDownEv + + [A] _ZN9grpc_core10ThreadPool27SharedThreadPoolConstructorEv + + [A] _ZN9grpc_core10ThreadPool3AddEP42grpc_experimental_completion_queue_functor + + [A] _ZN9grpc_core10ThreadPoolC1Ei + + [A] _ZN9grpc_core10ThreadPoolC1EiPKc, aliases _ZN9grpc_core10ThreadPoolC2EiPKc + + [A] _ZN9grpc_core10ThreadPoolC1EiPKcRKNS_6Thread7OptionsE, aliases _ZN9grpc_core10ThreadPoolC2EiPKcRKNS_6Thread7OptionsE + + [A] _ZN9grpc_core10ThreadPoolC2Ei, aliases _ZN9grpc_core10ThreadPoolC1Ei + + [A] _ZN9grpc_core10ThreadPoolC2EiPKc + + [A] _ZN9grpc_core10ThreadPoolC2EiPKcRKNS_6Thread7OptionsE + + [A] _ZN9grpc_core10ThreadPoolD0Ev + + [A] _ZN9grpc_core10ThreadPoolD1Ev, aliases _ZN9grpc_core10ThreadPoolD2Ev + + [A] _ZN9grpc_core10ThreadPoolD2Ev + + [A] _ZN9grpc_core12CallCombiner4StopEPKciS2_ + + [A] _ZN9grpc_core12CallCombiner5StartEP12grpc_closureP10grpc_errorPKciS6_ + + [A] _ZN9grpc_core12FakeResolver24ReturnReresolutionResultEv + + [A] _ZN9grpc_core12ResolverArgsD1Ev + + [A] _ZN9grpc_core12ResolverArgsD2Ev, aliases _ZN9grpc_core12ResolverArgsD1Ev + + [A] _ZN9grpc_core12XdsBootstrap12ReadFromFileEPNS_9XdsClientEPNS_9TraceFlagEPP10grpc_error + + [A] _ZN9grpc_core12XdsBootstrap13ParseLocalityEPNS_4JsonE + + [A] _ZN9grpc_core12XdsBootstrap14ParseXdsServerEPNS_4JsonEm + + [A] _ZN9grpc_core12XdsBootstrap17ParseChannelCredsEPNS_4JsonEmPNS0_9XdsServerE + + [A] _ZN9grpc_core12XdsBootstrap18ParseXdsServerListEPNS_4JsonE + + [A] _ZN9grpc_core12XdsBootstrap22ParseChannelCredsArrayEPNS_4JsonEPNS0_9XdsServerE + + [A] _ZN9grpc_core12XdsBootstrap9ParseNodeEPNS_4JsonE + + [A] _ZN9grpc_core12XdsBootstrapC1ENS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core12XdsBootstrapC2ENS_4JsonEPP10grpc_error, aliases _ZN9grpc_core12XdsBootstrapC1ENS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core13InternedSliceC1EPNS_21InternedSliceRefcountE + + [A] _ZN9grpc_core13InternedSliceC2EPNS_21InternedSliceRefcountE, aliases _ZN9grpc_core13InternedSliceC1EPNS_21InternedSliceRefcountE + + [A] _ZN9grpc_core13ServiceConfig19ParseJsonMethodNameB5cxx11ERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core13ServiceConfig20ParsePerMethodParamsEv + + [A] _ZN9grpc_core13ServiceConfig21ParseJsonMethodConfigERKNS_4JsonE + + [A] _ZN9grpc_core13ServiceConfig6CreateEN4absl14lts_2020_02_2511string_viewEPP10grpc_error + + [A] _ZN9grpc_core13ServiceConfigC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_4JsonEPP10grpc_error, aliases _ZN9grpc_core13ServiceConfigC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core13ServiceConfigC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core14ConfigSelector10CallConfigD1Ev, aliases _ZN9grpc_core14ConfigSelector10CallConfigD2Ev + + [A] _ZN9grpc_core14ConfigSelector10CallConfigD2Ev + + [A] _ZN9grpc_core14ConfigSelector18GetFromChannelArgsERK17grpc_channel_args + + [A] _ZN9grpc_core14RegisteredCallC1EOS0_, aliases _ZN9grpc_core14RegisteredCallC2EOS0_ + + [A] _ZN9grpc_core14RegisteredCallC1EPKcS2_, aliases _ZN9grpc_core14RegisteredCallC2EPKcS2_ + + [A] _ZN9grpc_core14RegisteredCallC1ERKS0_ + + [A] _ZN9grpc_core14RegisteredCallC2EOS0_ + + [A] _ZN9grpc_core14RegisteredCallC2EPKcS2_ + + [A] _ZN9grpc_core14RegisteredCallC2ERKS0_, aliases _ZN9grpc_core14RegisteredCallC1ERKS0_ + + [A] _ZN9grpc_core14RegisteredCallD1Ev + + [A] _ZN9grpc_core14RegisteredCallD2Ev, aliases _ZN9grpc_core14RegisteredCallD1Ev + + [A] _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEE15DefaultValueCmpERKS3_S6_ + + [A] _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEE3AddERK10grpc_sliceRS3_ + + [A] _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEED0Ev + + [A] _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEED1Ev + + [A] _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEED2Ev, aliases _ZN9grpc_core14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEED1Ev + + [A] _ZN9grpc_core14SubchannelCall6CreateENS0_4ArgsEPP10grpc_error + + [A] _ZN9grpc_core14SubchannelCallC1ENS0_4ArgsEPP10grpc_error + + [A] _ZN9grpc_core14SubchannelCallC2ENS0_4ArgsEPP10grpc_error, aliases _ZN9grpc_core14SubchannelCallC1ENS0_4ArgsEPP10grpc_error + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImpl10DrainQueueEv + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImpl3RunESt8functionIFvvEERKNS_13DebugLocationE + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImpl6OrphanEv + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImplD0Ev + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImplD1Ev + + [A] _ZN9grpc_core14WorkSerializer18WorkSerializerImplD2Ev, aliases _ZN9grpc_core14WorkSerializer18WorkSerializerImplD1Ev + + [A] _ZN9grpc_core14WorkSerializer3RunESt8functionIFvvEERKNS_13DebugLocationE + + [A] _ZN9grpc_core14WorkSerializerC1Ev, aliases _ZN9grpc_core14WorkSerializerC2Ev + + [A] _ZN9grpc_core14WorkSerializerC2Ev + + [A] _ZN9grpc_core14WorkSerializerD1Ev + + [A] _ZN9grpc_core14WorkSerializerD2Ev, aliases _ZN9grpc_core14WorkSerializerD1Ev + + [A] _ZN9grpc_core15ByteStreamCacheC1ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteEE + + [A] _ZN9grpc_core15ByteStreamCacheC2ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteEE, aliases _ZN9grpc_core15ByteStreamCacheC1ESt10unique_ptrINS_10ByteStreamENS_16OrphanableDeleteEE + + [A] _ZN9grpc_core15Chttp2Connector15OnHandshakeDoneEPvP10grpc_error + + [A] _ZN9grpc_core15Chttp2Connector20StartHandshakeLockedEv + + [A] _ZN9grpc_core15Chttp2Connector7ConnectERKNS_19SubchannelConnector4ArgsEPNS1_6ResultEP12grpc_closure + + [A] _ZN9grpc_core15Chttp2Connector8ShutdownEP10grpc_error + + [A] _ZN9grpc_core15Chttp2Connector9ConnectedEPvP10grpc_error + + [A] _ZN9grpc_core15Chttp2ConnectorC1Ev + + [A] _ZN9grpc_core15Chttp2ConnectorC2Ev, aliases _ZN9grpc_core15Chttp2ConnectorC1Ev + + [A] _ZN9grpc_core15Chttp2ConnectorD0Ev + + [A] _ZN9grpc_core15Chttp2ConnectorD1Ev, aliases _ZN9grpc_core15Chttp2ConnectorD2Ev + + [A] _ZN9grpc_core15Chttp2ConnectorD2Ev + + [A] _ZN9grpc_core15InfLenFIFOQueue10PushWaiterEPNS0_6WaiterE + + [A] _ZN9grpc_core15InfLenFIFOQueue12RemoveWaiterEPNS0_6WaiterE + + [A] _ZN9grpc_core15InfLenFIFOQueue13AllocateNodesEi + + [A] _ZN9grpc_core15InfLenFIFOQueue3GetEP12gpr_timespec + + [A] _ZN9grpc_core15InfLenFIFOQueue3PutEPv + + [A] _ZN9grpc_core15InfLenFIFOQueue9TopWaiterEv + + [A] _ZN9grpc_core15InfLenFIFOQueueC1Ev + + [A] _ZN9grpc_core15InfLenFIFOQueueC2Ev, aliases _ZN9grpc_core15InfLenFIFOQueueC1Ev + + [A] _ZN9grpc_core15InfLenFIFOQueueD0Ev + + [A] _ZN9grpc_core15InfLenFIFOQueueD1Ev, aliases _ZN9grpc_core15InfLenFIFOQueueD2Ev + + [A] _ZN9grpc_core15InfLenFIFOQueueD2Ev + + [A] _ZN9grpc_core15XdsLocalityNameD0Ev + + [A] _ZN9grpc_core15XdsLocalityNameD1Ev, aliases _ZN9grpc_core15XdsLocalityNameD2Ev + + [A] _ZN9grpc_core15XdsLocalityNameD2Ev + + [A] _ZN9grpc_core16CreateXdsChannelERKNS_12XdsBootstrapERK17grpc_channel_argsPP10grpc_error + + [A] _ZN9grpc_core16InternedMetadataC1ERK10grpc_sliceS3_jPS0_PKNS0_8NoRefKeyE, aliases _ZN9grpc_core16InternedMetadataC2ERK10grpc_sliceS3_jPS0_PKNS0_8NoRefKeyE + + [A] _ZN9grpc_core16InternedMetadataC2ERK10grpc_sliceS3_jPS0_PKNS0_8NoRefKeyE + + [A] _ZN9grpc_core16RefcountedMdBase12TraceAtStartEPKc + + [A] _ZN9grpc_core16ResolverRegistry13IsValidTargetEPKc + + [A] _ZN9grpc_core16ResolverRegistry14CreateResolverEPKcPK17grpc_channel_argsP16grpc_pollset_setSt10shared_ptrINS_14WorkSerializerEESt10unique_ptrINS_8Resolver13ResultHandlerESt14default_deleteISD_EE + + [A] _ZN9grpc_core16ResolverRegistry7Builder23RegisterResolverFactoryESt10unique_ptrINS_15ResolverFactoryESt14default_deleteIS3_EE + + [A] _ZN9grpc_core16ThreadPoolWorker3RunEv + + [A] _ZN9grpc_core16TlsCheckHostNameEPKcPK8tsi_peer + + [A] _ZN9grpc_core17AllocatedMetadataC1ERK10grpc_sliceS3_PKNS0_8NoRefKeyE + + [A] _ZN9grpc_core17AllocatedMetadataC1ERKNS_18ManagedMemorySliceERKNS_20UnmanagedMemorySliceE + + [A] _ZN9grpc_core17AllocatedMetadataC1ERKNS_22ExternallyManagedSliceERKNS_20UnmanagedMemorySliceE + + [A] _ZN9grpc_core17AllocatedMetadataC2ERK10grpc_sliceS3_PKNS0_8NoRefKeyE, aliases _ZN9grpc_core17AllocatedMetadataC1ERK10grpc_sliceS3_PKNS0_8NoRefKeyE + + [A] _ZN9grpc_core17AllocatedMetadataC2ERKNS_18ManagedMemorySliceERKNS_20UnmanagedMemorySliceE, aliases _ZN9grpc_core17AllocatedMetadataC1ERKNS_18ManagedMemorySliceERKNS_20UnmanagedMemorySliceE + + [A] _ZN9grpc_core17AllocatedMetadataC2ERKNS_22ExternallyManagedSliceERKNS_20UnmanagedMemorySliceE, aliases _ZN9grpc_core17AllocatedMetadataC1ERKNS_22ExternallyManagedSliceERKNS_20UnmanagedMemorySliceE + + [A] _ZN9grpc_core17GrpcLbClientStats3GetEPlS1_S1_S1_PSt10unique_ptrIN4absl14lts_2020_02_2513InlinedVectorINS0_14DropTokenCountELm10ESaIS6_EEESt14default_deleteIS8_EE + + [A] _ZN9grpc_core17HealthCheckClient15SetHealthStatusE23grpc_connectivity_statePKc + + [A] _ZN9grpc_core17HealthCheckClient21SetHealthStatusLockedE23grpc_connectivity_statePKc + + [A] _ZN9grpc_core17HealthCheckClient21StartRetryTimerLockedEv + + [A] _ZN9grpc_core17HealthCheckClient9CallState15CallEndedLockedEb + + [A] _ZN9grpc_core17HealthCheckClientC1EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEENS3_INS_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZN9grpc_core17HealthCheckClientC2EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEENS3_INS_33ConnectivityStateWatcherInterfaceEEE, aliases _ZN9grpc_core17HealthCheckClientC1EPKcNS_13RefCountedPtrINS_19ConnectedSubchannelEEEP16grpc_pollset_setNS3_INS_8channelz14SubchannelNodeEEENS3_INS_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZN9grpc_core17MessageSizeParser20ParsePerMethodParamsERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core18ChildPolicyHandler12UpdateLockedENS_19LoadBalancingPolicy10UpdateArgsE + + [A] _ZN9grpc_core18ChildPolicyHandler14ExitIdleLockedEv + + [A] _ZN9grpc_core18ChildPolicyHandler14ShutdownLockedEv + + [A] _ZN9grpc_core18ChildPolicyHandler17CreateChildPolicyEPKcRK17grpc_channel_args + + [A] _ZN9grpc_core18ChildPolicyHandler18ResetBackoffLockedEv + + [A] _ZN9grpc_core18ChildPolicyHandler6Helper11UpdateStateE23grpc_connectivity_stateSt10unique_ptrINS_19LoadBalancingPolicy16SubchannelPickerESt14default_deleteIS5_EE + + [A] _ZN9grpc_core18ChildPolicyHandler6Helper13AddTraceEventENS_19LoadBalancingPolicy20ChannelControlHelper13TraceSeverityEN4absl14lts_2020_02_2511string_viewE + + [A] _ZN9grpc_core18ChildPolicyHandler6Helper16CreateSubchannelERK17grpc_channel_args + + [A] _ZN9grpc_core18ChildPolicyHandler6Helper19RequestReresolutionEv + + [A] _ZN9grpc_core18ChildPolicyHandler6HelperD0Ev + + [A] _ZN9grpc_core18ChildPolicyHandler6HelperD1Ev + + [A] _ZN9grpc_core18ChildPolicyHandler6HelperD2Ev, aliases _ZN9grpc_core18ChildPolicyHandler6HelperD1Ev + + [A] _ZN9grpc_core18ChildPolicyHandlerD0Ev + + [A] _ZN9grpc_core18ChildPolicyHandlerD1Ev, aliases _ZN9grpc_core18ChildPolicyHandlerD2Ev + + [A] _ZN9grpc_core18ChildPolicyHandlerD2Ev + + [A] _ZN9grpc_core18HandshakerRegistry25RegisterHandshakerFactoryEbNS_14HandshakerTypeESt10unique_ptrINS_17HandshakerFactoryESt14default_deleteIS3_EE + + [A] _ZN9grpc_core18ManagedMemorySliceC1EPK10grpc_slice, aliases _ZN9grpc_core18ManagedMemorySliceC2EPK10grpc_slice + + [A] _ZN9grpc_core18ManagedMemorySliceC1EPKc, aliases _ZN9grpc_core18ManagedMemorySliceC2EPKc + + [A] _ZN9grpc_core18ManagedMemorySliceC1EPKcm, aliases _ZN9grpc_core18ManagedMemorySliceC2EPKcm + + [A] _ZN9grpc_core18ManagedMemorySliceC2EPK10grpc_slice + + [A] _ZN9grpc_core18ManagedMemorySliceC2EPKc + + [A] _ZN9grpc_core18ManagedMemorySliceC2EPKcm + + [A] _ZN9grpc_core19Chttp2ServerAddPortEP11grpc_serverPKcP17grpc_channel_argsPi + + [A] _ZN9grpc_core19ConnectedSubchannel10StartWatchEP16grpc_pollset_setSt10unique_ptrINS_33ConnectivityStateWatcherInterfaceENS_16OrphanableDeleteEE + + [A] _ZN9grpc_core19ConnectedSubchannelC1EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEE + + [A] _ZN9grpc_core19ConnectedSubchannelC2EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEE, aliases _ZN9grpc_core19ConnectedSubchannelC1EP18grpc_channel_stackPK17grpc_channel_argsNS_13RefCountedPtrINS_8channelz14SubchannelNodeEEE + + [A] _ZN9grpc_core19ConnectivityWatcher25OnConnectivityStateChangeE23grpc_connectivity_state + + [A] _ZN9grpc_core19ConnectivityWatcherD0Ev + + [A] _ZN9grpc_core19ConnectivityWatcherD1Ev + + [A] _ZN9grpc_core19ConnectivityWatcherD2Ev, aliases _ZN9grpc_core19ConnectivityWatcherD1Ev + + [A] _ZN9grpc_core19GrpcLbRequestCreateEPKcP9upb_arena + + [A] _ZN9grpc_core19GrpcLbResponseParseERK10grpc_sliceP9upb_arenaPNS_14GrpcLbResponseE + + [A] _ZN9grpc_core19LoadBalancingPolicy10PickResultD1Ev, aliases _ZN9grpc_core19LoadBalancingPolicy10PickResultD2Ev + + [A] _ZN9grpc_core19LoadBalancingPolicy10PickResultD2Ev + + [A] _ZN9grpc_core19LoadBalancingPolicy10UpdateArgsD1Ev, aliases _ZN9grpc_core19LoadBalancingPolicy10UpdateArgsD2Ev + + [A] _ZN9grpc_core19LoadBalancingPolicy10UpdateArgsD2Ev + + [A] _ZN9grpc_core19LoadBalancingPolicy4ArgsD1Ev, aliases _ZN9grpc_core19LoadBalancingPolicy4ArgsD2Ev + + [A] _ZN9grpc_core19LoadBalancingPolicy4ArgsD2Ev + + [A] _ZN9grpc_core19ProxyMapperRegistry10MapAddressERK21grpc_resolved_addressPK17grpc_channel_argsPPS1_PPS4_ + + [A] _ZN9grpc_core19ProxyMapperRegistry4InitEv + + [A] _ZN9grpc_core19ProxyMapperRegistry7MapNameEPKcPK17grpc_channel_argsPPcPPS3_ + + [A] _ZN9grpc_core19ProxyMapperRegistry8RegisterEbSt10unique_ptrINS_20ProxyMapperInterfaceESt14default_deleteIS2_EE + + [A] _ZN9grpc_core19ProxyMapperRegistry8ShutdownEv + + [A] _ZN9grpc_core19ServiceConfigParser12ParsedConfigD0Ev + + [A] _ZN9grpc_core19ServiceConfigParser12ParsedConfigD1Ev, aliases _ZN9grpc_core19ServiceConfigParser12ParsedConfigD2Ev + + [A] _ZN9grpc_core19ServiceConfigParser12ParsedConfigD2Ev + + [A] _ZN9grpc_core19ServiceConfigParser14RegisterParserESt10unique_ptrINS0_6ParserESt14default_deleteIS2_EE + + [A] _ZN9grpc_core19ServiceConfigParser21ParseGlobalParametersERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core19ServiceConfigParser24ParsePerMethodParametersERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core19ServiceConfigParser4InitEv + + [A] _ZN9grpc_core19ServiceConfigParser6Parser17ParseGlobalParamsERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core19ServiceConfigParser6Parser20ParsePerMethodParamsERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core19ServiceConfigParser6ParserD0Ev + + [A] _ZN9grpc_core19ServiceConfigParser6ParserD1Ev, aliases _ZN9grpc_core19ServiceConfigParser6ParserD2Ev + + [A] _ZN9grpc_core19ServiceConfigParser6ParserD2Ev + + [A] _ZN9grpc_core19ServiceConfigParser8ShutdownEv + + [A] _ZN9grpc_core19SubchannelConnector6OrphanEv + + [A] _ZN9grpc_core19XdsClusterDropStats14AddCallDroppedERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core19XdsClusterDropStats19GetSnapshotAndResetB5cxx11Ev + + [A] _ZN9grpc_core19XdsClusterDropStatsC1ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_, aliases _ZN9grpc_core19XdsClusterDropStatsC2ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_ + + [A] _ZN9grpc_core19XdsClusterDropStatsC2ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_ + + [A] _ZN9grpc_core19XdsClusterDropStatsD0Ev + + [A] _ZN9grpc_core19XdsClusterDropStatsD1Ev, aliases _ZN9grpc_core19XdsClusterDropStatsD2Ev + + [A] _ZN9grpc_core19XdsClusterDropStatsD2Ev + + [A] _ZN9grpc_core20InternallyRefCountedINS_17HealthCheckClientEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_19LoadBalancingPolicyEE5UnrefERKNS_13DebugLocationEPKc + + [A] _ZN9grpc_core20InternallyRefCountedINS_19LoadBalancingPolicyEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_33ConnectivityStateWatcherInterfaceEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_8ResolverEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12LrsCallStateEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12AdsCallStateEEEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12LrsCallStateEEEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelStateEE5UnrefEv + + [A] _ZN9grpc_core20InternallyRefCountedINS_9XdsClientEE5UnrefEv + + [A] _ZN9grpc_core20ModifyXdsChannelArgsEP17grpc_channel_args + + [A] _ZN9grpc_core20TlsFetchKeyMaterialsERKNS_13RefCountedPtrI29grpc_tls_key_materials_configEERK28grpc_tls_credentials_optionsbP41grpc_ssl_certificate_config_reload_status + + [A] _ZN9grpc_core20UnmanagedMemorySlice8HeapInitEm + + [A] _ZN9grpc_core20UnmanagedMemorySliceC1EPKc + + [A] _ZN9grpc_core20UnmanagedMemorySliceC1EPKcm + + [A] _ZN9grpc_core20UnmanagedMemorySliceC1Em, aliases _ZN9grpc_core20UnmanagedMemorySliceC2Em + + [A] _ZN9grpc_core20UnmanagedMemorySliceC2EPKc, aliases _ZN9grpc_core20UnmanagedMemorySliceC1EPKc + + [A] _ZN9grpc_core20UnmanagedMemorySliceC2EPKcm, aliases _ZN9grpc_core20UnmanagedMemorySliceC1EPKcm + + [A] _ZN9grpc_core20UnmanagedMemorySliceC2Em + + [A] _ZN9grpc_core21ConnectivityStateNameE23grpc_connectivity_state + + [A] _ZN9grpc_core21DefaultConfigSelector13GetCallConfigENS_14ConfigSelector17GetCallConfigArgsE + + [A] _ZN9grpc_core21DefaultConfigSelectorD0Ev + + [A] _ZN9grpc_core21DefaultConfigSelectorD1Ev + + [A] _ZN9grpc_core21DefaultConfigSelectorD2Ev, aliases _ZN9grpc_core21DefaultConfigSelectorD1Ev + + [A] _ZN9grpc_core21ServiceConfigCallData7DestroyEPv + + [A] _ZN9grpc_core21TcpZerocopySendRecord12PopulateIovsEPmS1_S1_P5iovec + + [A] _ZN9grpc_core21TcpZerocopySendRecord24UpdateOffsetForBytesSentEmm + + [A] _ZN9grpc_core22NewGrpcPolledFdFactoryESt10shared_ptrINS_14WorkSerializerEE + + [A] _ZN9grpc_core22ParseBackendMetricDataERK10grpc_slicePNS_5ArenaE + + [A] _ZN9grpc_core23CallCombinerClosureList11RunClosuresEPNS_12CallCombinerE + + [A] _ZN9grpc_core23MakeHierarchicalPathArgERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS6_EE + + [A] _ZN9grpc_core23MessageSizeParsedConfig18GetFromCallContextEPK25grpc_call_context_element + + [A] _ZN9grpc_core23RegisterHttpProxyMapperEv + + [A] _ZN9grpc_core23XdsClusterLocalityStats14AddCallStartedEv + + [A] _ZN9grpc_core23XdsClusterLocalityStats15AddCallFinishedEb + + [A] _ZN9grpc_core23XdsClusterLocalityStats19GetSnapshotAndResetEv + + [A] _ZN9grpc_core23XdsClusterLocalityStatsC1ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_NS1_INS_15XdsLocalityNameEEE + + [A] _ZN9grpc_core23XdsClusterLocalityStatsC2ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_NS1_INS_15XdsLocalityNameEEE, aliases _ZN9grpc_core23XdsClusterLocalityStatsC1ENS_13RefCountedPtrINS_9XdsClientEEEN4absl14lts_2020_02_2511string_viewES6_S6_NS1_INS_15XdsLocalityNameEEE + + [A] _ZN9grpc_core23XdsClusterLocalityStatsD0Ev + + [A] _ZN9grpc_core23XdsClusterLocalityStatsD1Ev, aliases _ZN9grpc_core23XdsClusterLocalityStatsD2Ev + + [A] _ZN9grpc_core23XdsClusterLocalityStatsD2Ev + + [A] _ZN9grpc_core24ConnectivityStateTracker10AddWatcherE23grpc_connectivity_stateSt10unique_ptrINS_33ConnectivityStateWatcherInterfaceENS_16OrphanableDeleteEE + + [A] _ZN9grpc_core24ConnectivityStateTracker13RemoveWatcherEPNS_33ConnectivityStateWatcherInterfaceE + + [A] _ZN9grpc_core24ConnectivityStateTracker8SetStateE23grpc_connectivity_statePKc + + [A] _ZN9grpc_core24ConnectivityStateTrackerD1Ev, aliases _ZN9grpc_core24ConnectivityStateTrackerD2Ev + + [A] _ZN9grpc_core24ConnectivityStateTrackerD2Ev + + [A] _ZN9grpc_core24GrpcPolledFdFactoryPosix21NewGrpcPolledFdLockedEiP16grpc_pollset_setSt10shared_ptrINS_14WorkSerializerEE + + [A] _ZN9grpc_core24SecurityHandshakerCreateEP14tsi_handshakerP23grpc_security_connectorPK17grpc_channel_args + + [A] _ZN9grpc_core24StaticMetadataInitCanaryEv + + [A] _ZN9grpc_core25grpc_executor_global_initEv + + [A] _ZN9grpc_core26FakeResolverResponseSetter16SetFailureLockedEv + + [A] _ZN9grpc_core26FakeResolverResponseSetter17SetResponseLockedEv + + [A] _ZN9grpc_core26FakeResolverResponseSetter29SetReresolutionResponseLockedEv + + [A] _ZN9grpc_core26MakeHierarchicalAddressMapB5cxx11ERKN4absl14lts_2020_02_2513InlinedVectorINS_13ServerAddressELm1ESaIS3_EEE + + [A] _ZN9grpc_core26TlsServerSecurityConnector10check_peerE8tsi_peerP13grpc_endpointPNS_13RefCountedPtrI17grpc_auth_contextEEP12grpc_closure + + [A] _ZN9grpc_core26TlsServerSecurityConnector15add_handshakersEPK17grpc_channel_argsP16grpc_pollset_setPNS_16HandshakeManagerE + + [A] _ZN9grpc_core26TlsServerSecurityConnector24RefreshHandshakerFactoryEv + + [A] _ZN9grpc_core26TlsServerSecurityConnector24ReplaceHandshakerFactoryEv + + [A] _ZN9grpc_core26TlsServerSecurityConnector27InitializeHandshakerFactoryEv + + [A] _ZN9grpc_core26TlsServerSecurityConnector32CreateTlsServerSecurityConnectorENS_13RefCountedPtrI23grpc_server_credentialsEE + + [A] _ZN9grpc_core26TlsServerSecurityConnectorC1ENS_13RefCountedPtrI23grpc_server_credentialsEE, aliases _ZN9grpc_core26TlsServerSecurityConnectorC2ENS_13RefCountedPtrI23grpc_server_credentialsEE + + [A] _ZN9grpc_core26TlsServerSecurityConnectorC2ENS_13RefCountedPtrI23grpc_server_credentialsEE + + [A] _ZN9grpc_core26TlsServerSecurityConnectorD0Ev + + [A] _ZN9grpc_core26TlsServerSecurityConnectorD1Ev + + [A] _ZN9grpc_core26TlsServerSecurityConnectorD2Ev, aliases _ZN9grpc_core26TlsServerSecurityConnectorD1Ev + + [A] _ZN9grpc_core27CreateGrpclbBalancerChannelEPKcRK17grpc_channel_args + + [A] _ZN9grpc_core27CreateGrpclbBalancerNameArgEPKc + + [A] _ZN9grpc_core27LoadBalancingPolicyRegistry24ParseLoadBalancingConfigERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core27LoadBalancingPolicyRegistry7Builder34RegisterLoadBalancingPolicyFactoryESt10unique_ptrINS_26LoadBalancingPolicyFactoryESt14default_deleteIS3_EE + + [A] _ZN9grpc_core27MovedCppStringSliceRefCount7DestroyEPv + + [A] _ZN9grpc_core27TlsChannelSecurityConnector10check_peerE8tsi_peerP13grpc_endpointPNS_13RefCountedPtrI17grpc_auth_contextEEP12grpc_closure + + [A] _ZN9grpc_core27TlsChannelSecurityConnector15add_handshakersEPK17grpc_channel_argsP16grpc_pollset_setPNS_16HandshakeManagerE + + [A] _ZN9grpc_core27TlsChannelSecurityConnector15check_call_hostEN4absl14lts_2020_02_2511string_viewEP17grpc_auth_contextP12grpc_closurePP10grpc_error + + [A] _ZN9grpc_core27TlsChannelSecurityConnector22cancel_check_call_hostEP12grpc_closureP10grpc_error + + [A] _ZN9grpc_core27TlsChannelSecurityConnector24RefreshHandshakerFactoryEv + + [A] _ZN9grpc_core27TlsChannelSecurityConnector24ReplaceHandshakerFactoryEP21tsi_ssl_session_cache + + [A] _ZN9grpc_core27TlsChannelSecurityConnector27InitializeHandshakerFactoryEP21tsi_ssl_session_cache + + [A] _ZN9grpc_core27TlsChannelSecurityConnector28ServerAuthorizationCheckDoneEP39grpc_tls_server_authorization_check_arg + + [A] _ZN9grpc_core27TlsChannelSecurityConnector33CreateTlsChannelSecurityConnectorENS_13RefCountedPtrI24grpc_channel_credentialsEENS1_I21grpc_call_credentialsEEPKcS7_P21tsi_ssl_session_cache + + [A] _ZN9grpc_core27TlsChannelSecurityConnector33ServerAuthorizationCheckArgCreateEPv + + [A] _ZN9grpc_core27TlsChannelSecurityConnector34ServerAuthorizationCheckArgDestroyEP39grpc_tls_server_authorization_check_arg + + [A] _ZN9grpc_core27TlsChannelSecurityConnector37ProcessServerAuthorizationCheckResultEP39grpc_tls_server_authorization_check_arg + + [A] _ZN9grpc_core27TlsChannelSecurityConnectorC1ENS_13RefCountedPtrI24grpc_channel_credentialsEENS1_I21grpc_call_credentialsEEPKcS7_, aliases _ZN9grpc_core27TlsChannelSecurityConnectorC2ENS_13RefCountedPtrI24grpc_channel_credentialsEENS1_I21grpc_call_credentialsEEPKcS7_ + + [A] _ZN9grpc_core27TlsChannelSecurityConnectorC2ENS_13RefCountedPtrI24grpc_channel_credentialsEENS1_I21grpc_call_credentialsEEPKcS7_ + + [A] _ZN9grpc_core27TlsChannelSecurityConnectorD0Ev + + [A] _ZN9grpc_core27TlsChannelSecurityConnectorD1Ev + + [A] _ZN9grpc_core27TlsChannelSecurityConnectorD2Ev, aliases _ZN9grpc_core27TlsChannelSecurityConnectorD1Ev + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicy20CreateLbPolicyLockedERK17grpc_channel_args + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelper11UpdateStateE23grpc_connectivity_stateSt10unique_ptrINS_19LoadBalancingPolicy16SubchannelPickerESt14default_deleteIS5_EE + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelper13AddTraceEventENS_19LoadBalancingPolicy20ChannelControlHelper13TraceSeverityEN4absl14lts_2020_02_2511string_viewE + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicy28CreateOrUpdateLbPolicyLockedENS_13RefCountedPtrINS_19LoadBalancingPolicy6ConfigEEENS_8Resolver6ResultE + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicy44MaybeAddTraceMessagesForAddressChangesLockedEbPN4absl14lts_2020_02_2513InlinedVectorIPKcLm3ESaIS5_EEE + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicyC1ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_17DefaultDeleteCharEEPNS0_19ChannelConfigHelperE + + [A] _ZN9grpc_core28ResolvingLoadBalancingPolicyC2ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_17DefaultDeleteCharEEPNS0_19ChannelConfigHelperE, aliases _ZN9grpc_core28ResolvingLoadBalancingPolicyC1ENS_19LoadBalancingPolicy4ArgsEPNS_9TraceFlagESt10unique_ptrIcNS_17DefaultDeleteCharEEPNS0_19ChannelConfigHelperE + + [A] _ZN9grpc_core29FakeResolverResponseGenerator15SetFakeResolverENS_13RefCountedPtrINS_12FakeResolverEEE + + [A] _ZN9grpc_core29FakeResolverResponseGeneratorC1Ev, aliases _ZN9grpc_core29FakeResolverResponseGeneratorC2Ev + + [A] _ZN9grpc_core29FakeResolverResponseGeneratorC2Ev + + [A] _ZN9grpc_core29GetMaxRecvSizeFromChannelArgsEPK17grpc_channel_args + + [A] _ZN9grpc_core29GetMaxSendSizeFromChannelArgsEPK17grpc_channel_args + + [A] _ZN9grpc_core29GrpcLbLoadReportRequestCreateEllllPKN4absl14lts_2020_02_2513InlinedVectorINS_17GrpcLbClientStats14DropTokenCountELm10ESaIS4_EEEP9upb_arena + + [A] _ZN9grpc_core29SetServerBatchMethodAllocatorEP11grpc_serverP21grpc_completion_queueSt8functionIFNS_25ServerBatchCallAllocationEvEE + + [A] _ZN9grpc_core29ValidateStsCredentialsOptionsEPK28grpc_sts_credentials_optionsPP8grpc_uri + + [A] _ZN9grpc_core31ModifyGrpclbBalancerChannelArgsERKN4absl14lts_2020_02_2513InlinedVectorINS_13ServerAddressELm1ESaIS3_EEEP17grpc_channel_args + + [A] _ZN9grpc_core32CreateGrpclbBalancerAddressesArgEPKN4absl14lts_2020_02_2513InlinedVectorINS_13ServerAddressELm1ESaIS3_EEE + + [A] _ZN9grpc_core32MultiProducerSingleConsumerQueueD1Ev, aliases _ZN9grpc_core32MultiProducerSingleConsumerQueueD2Ev + + [A] _ZN9grpc_core32MultiProducerSingleConsumerQueueD2Ev + + [A] _ZN9grpc_core33ConnectivityStateWatcherInterface6OrphanEv + + [A] _ZN9grpc_core34SetServerRegisteredMethodAllocatorEP11grpc_serverP21grpc_completion_queuePvSt8functionIFNS_30ServerRegisteredCallAllocationEvEE + + [A] _ZN9grpc_core35FindGrpclbBalancerNameInChannelArgsERK17grpc_channel_args + + [A] _ZN9grpc_core36CreateTargetAuthorityTableChannelArgEPNS_14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEEE + + [A] _ZN9grpc_core38AsyncConnectivityStateWatcherInterface6NotifyE23grpc_connectivity_state + + [A] _ZN9grpc_core38AsyncConnectivityStateWatcherInterface8Notifier16SendNotificationEPvP10grpc_error + + [A] _ZN9grpc_core40FindGrpclbBalancerAddressesInChannelArgsERK17grpc_channel_args + + [A] _ZN9grpc_core4Json5ParseEN4absl14lts_2020_02_2511string_viewEPP10grpc_error + + [A] _ZN9grpc_core4Json8CopyFromERKS0_ + + [A] _ZN9grpc_core4Json8MoveFromEOS0_ + + [A] _ZN9grpc_core4JsonC1ERKS0_ + + [A] _ZN9grpc_core4JsonC2ERKS0_, aliases _ZN9grpc_core4JsonC1ERKS0_ + + [A] _ZN9grpc_core4JsonD1Ev + + [A] _ZN9grpc_core4JsonD2Ev, aliases _ZN9grpc_core4JsonD1Ev + + [A] _ZN9grpc_core5Arena5AllocEm + + [A] _ZN9grpc_core6XdsApi10DropConfigD0Ev + + [A] _ZN9grpc_core6XdsApi10DropConfigD1Ev, aliases _ZN9grpc_core6XdsApi10DropConfigD2Ev + + [A] _ZN9grpc_core6XdsApi10DropConfigD2Ev + + [A] _ZN9grpc_core6XdsApi16CreateAdsRequestERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKSt3setIN4absl14lts_2020_02_2511string_viewESt4lessISC_ESaISC_EES8_S8_P10grpc_errorb + + [A] _ZN9grpc_core6XdsApi16CreateLrsRequestESt3mapISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_ENS0_17ClusterLoadReportESt4lessIS9_ESaIS2_IKS9_SA_EEE + + [A] _ZN9grpc_core6XdsApi16ParseAdsResponseERK10grpc_sliceRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKSt3setIN4absl14lts_2020_02_2511string_viewESt4lessISF_ESaISF_EESL_SL_PNSE_8optionalINS0_9LdsUpdateEEEPNSM_INS0_9RdsUpdateEEEPSt3mapIS9_NS0_9CdsUpdateESG_IS9_ESaISt4pairISA_SU_EEEPST_IS9_NS0_9EdsUpdateESV_SaISW_ISA_S11_EEEPS9_S16_S16_ + + [A] _ZN9grpc_core6XdsApi16ParseLrsResponseERK10grpc_slicePbPSt3setINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4lessISB_ESaISB_EEPl + + [A] _ZN9grpc_core6XdsApi18PriorityListUpdate11LocalityMap8LocalityD1Ev + + [A] _ZN9grpc_core6XdsApi18PriorityListUpdate11LocalityMap8LocalityD2Ev, aliases _ZN9grpc_core6XdsApi18PriorityListUpdate11LocalityMap8LocalityD1Ev + + [A] _ZN9grpc_core6XdsApi18PriorityListUpdate3AddENS1_11LocalityMap8LocalityE + + [A] _ZN9grpc_core6XdsApi18PriorityListUpdate8ContainsERKNS_13RefCountedPtrINS_15XdsLocalityNameEEE + + [A] _ZN9grpc_core6XdsApi23CreateLrsInitialRequestERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core6XdsApi9CdsUpdateD1Ev + + [A] _ZN9grpc_core6XdsApi9CdsUpdateD2Ev, aliases _ZN9grpc_core6XdsApi9CdsUpdateD1Ev + + [A] _ZN9grpc_core6XdsApi9EdsUpdateD1Ev, aliases _ZN9grpc_core6XdsApi9EdsUpdateD2Ev + + [A] _ZN9grpc_core6XdsApi9EdsUpdateD2Ev + + [A] _ZN9grpc_core6XdsApi9LdsUpdateD1Ev + + [A] _ZN9grpc_core6XdsApi9LdsUpdateD2Ev, aliases _ZN9grpc_core6XdsApi9LdsUpdateD1Ev + + [A] _ZN9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcherD1Ev + + [A] _ZN9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcherD2Ev, aliases _ZN9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcherD1Ev + + [A] _ZN9grpc_core6XdsApi9RdsUpdate8RdsRouteD1Ev + + [A] _ZN9grpc_core6XdsApi9RdsUpdate8RdsRouteD2Ev, aliases _ZN9grpc_core6XdsApi9RdsUpdate8RdsRouteD1Ev + + [A] _ZN9grpc_core6XdsApiC1EPNS_9XdsClientEPNS_9TraceFlagEPKNS_12XdsBootstrap4NodeE, aliases _ZN9grpc_core6XdsApiC2EPNS_9XdsClientEPNS_9TraceFlagEPKNS_12XdsBootstrap4NodeE + + [A] _ZN9grpc_core6XdsApiC2EPNS_9XdsClientEPNS_9TraceFlagEPKNS_12XdsBootstrap4NodeE + + [A] _ZN9grpc_core7Closure3RunERKNS_13DebugLocationEP12grpc_closureP10grpc_error + + [A] _ZN9grpc_core7ExecCtx3RunERKNS_13DebugLocationEP12grpc_closureP10grpc_error + + [A] _ZN9grpc_core7ExecCtx7RunListERKNS_13DebugLocationEP17grpc_closure_list + + [A] _ZN9grpc_core8Combiner10FinallyRunEP12grpc_closureP10grpc_error + + [A] _ZN9grpc_core8Combiner3RunEP12grpc_closureP10grpc_error + + [A] _ZN9grpc_core8Executor3RunEP12grpc_closureP10grpc_errorNS_12ExecutorTypeENS_15ExecutorJobTypeE + + [A] _ZN9grpc_core8RefCount10RefNonZeroEv + + [A] _ZN9grpc_core8RefCount3RefERKNS_13DebugLocationEPKcl + + [A] _ZN9grpc_core8RefCount3RefEl + + [A] _ZN9grpc_core8RefCount5UnrefERKNS_13DebugLocationEPKc + + [A] _ZN9grpc_core8RefCount5UnrefEv + + [A] _ZN9grpc_core8ResolverC1ESt10shared_ptrINS_14WorkSerializerEESt10unique_ptrINS0_13ResultHandlerESt14default_deleteIS5_EE, aliases _ZN9grpc_core8ResolverC2ESt10shared_ptrINS_14WorkSerializerEESt10unique_ptrINS0_13ResultHandlerESt14default_deleteIS5_EE + + [A] _ZN9grpc_core8ResolverC2ESt10shared_ptrINS_14WorkSerializerEESt10unique_ptrINS0_13ResultHandlerESt14default_deleteIS5_EE + + [A] _ZN9grpc_core8channelz10ServerNode14AddChildSocketENS_13RefCountedPtrINS0_10SocketNodeEEE + + [A] _ZN9grpc_core8channelz10ServerNode17RemoveChildSocketEl + + [A] _ZN9grpc_core8channelz10ServerNode19RenderServerSocketsB5cxx11Ell + + [A] _ZN9grpc_core8channelz10ServerNode20AddChildListenSocketENS_13RefCountedPtrINS0_16ListenSocketNodeEEE + + [A] _ZN9grpc_core8channelz10ServerNode23RemoveChildListenSocketEl + + [A] _ZN9grpc_core8channelz10SocketNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_S7_, aliases _ZN9grpc_core8channelz10SocketNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_S7_ + + [A] _ZN9grpc_core8channelz10SocketNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_S7_ + + [A] _ZN9grpc_core8channelz11ChannelNode17PopulateChildRefsEPSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_4JsonESt4lessIS8_ESaISt4pairIKS8_S9_EEE + + [A] _ZN9grpc_core8channelz11ChannelNode39GetChannelConnectivityStateChangeStringE23grpc_connectivity_state + + [A] _ZN9grpc_core8channelz11ChannelNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEml + + [A] _ZN9grpc_core8channelz11ChannelNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEml, aliases _ZN9grpc_core8channelz11ChannelNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEml + + [A] _ZN9grpc_core8channelz14SubchannelNode14SetChildSocketENS_13RefCountedPtrINS0_10SocketNodeEEE + + [A] _ZN9grpc_core8channelz14SubchannelNode23UpdateConnectivityStateE23grpc_connectivity_state + + [A] _ZN9grpc_core8channelz14SubchannelNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEm + + [A] _ZN9grpc_core8channelz14SubchannelNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEm, aliases _ZN9grpc_core8channelz14SubchannelNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEm + + [A] _ZN9grpc_core8channelz16ChannelzRegistry18InternalGetServersB5cxx11El + + [A] _ZN9grpc_core8channelz16ChannelzRegistry22InternalGetTopChannelsB5cxx11El + + [A] _ZN9grpc_core8channelz16ListenSocketNodeC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_, aliases _ZN9grpc_core8channelz16ListenSocketNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_ + + [A] _ZN9grpc_core8channelz16ListenSocketNodeC2ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_ + + [A] _ZN9grpc_core8channelz18CallCountingHelper18PopulateCallCountsEPSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_4JsonESt4lessIS8_ESaISt4pairIKS8_S9_EEE + + [A] _ZN9grpc_core8channelz8BaseNode16RenderJsonStringB5cxx11Ev + + [A] _ZN9grpc_core8channelz8BaseNodeC1ENS1_10EntityTypeENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN9grpc_core8channelz8BaseNodeC2ENS1_10EntityTypeENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core8channelz8BaseNodeC2ENS1_10EntityTypeENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core8internal32ClientChannelServiceConfigParser17ParseGlobalParamsERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core8internal32ClientChannelServiceConfigParser20ParsePerMethodParamsERKNS_4JsonEPP10grpc_error + + [A] _ZN9grpc_core8internal38alts_handshaker_client_ref_for_testingEP22alts_handshaker_client + + [A] _ZN9grpc_core8internal53alts_handshaker_client_on_status_received_for_testingEP22alts_handshaker_client16grpc_status_codeP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState11StopLrsCallEv + + [A] _ZN9grpc_core9XdsClient12ChannelState11UnsubscribeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_b + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState11UnsubscribeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESA_b + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13OnRequestSentEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState13OnTimerLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState7OnTimerEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateD1Ev, aliases _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState15AcceptCdsUpdateESt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_6XdsApi9CdsUpdateESt4lessIS9_ESaISt4pairIKS9_SB_EEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState15AcceptEdsUpdateESt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_6XdsApi9EdsUpdateESt4lessIS9_ESaISt4pairIKS9_SB_EEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState15AcceptLdsUpdateEN4absl14lts_2020_02_258optionalINS_6XdsApi9LdsUpdateEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState15AcceptRdsUpdateEN4absl14lts_2020_02_258optionalINS_6XdsApi9RdsUpdateEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState16OnStatusReceivedEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState17SendMessageLockedERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState18OnResponseReceivedEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState19OnRequestSentLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState22OnStatusReceivedLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState23ResourceNamesForRequestERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState24OnResponseReceivedLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallState9SubscribeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESA_ + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateC1ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE, aliases _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateC2ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateC2ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateD2Ev, aliases _ZN9grpc_core9XdsClient12ChannelState12AdsCallStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState16OnStatusReceivedEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState18OnResponseReceivedEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState20OnInitialRequestSentEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState22OnStatusReceivedLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState24OnResponseReceivedLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState25MaybeStartReportingLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState26OnInitialRequestSentLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter12OnReportDoneEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter16SendReportLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter17OnNextReportTimerEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter18OnReportDoneLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter23OnNextReportTimerLockedEP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter24ScheduleNextReportLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8Reporter6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterD1Ev, aliases _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateC1ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE, aliases _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateC2ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateC2ENS_13RefCountedPtrINS1_13RetryableCallIS2_EEEE + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateD2Ev, aliases _ZN9grpc_core9XdsClient12ChannelState12LrsCallStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12StateWatcher25OnConnectivityStateChangeE23grpc_connectivity_state + + [A] _ZN9grpc_core9XdsClient12ChannelState12StateWatcherD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12StateWatcherD1Ev, aliases _ZN9grpc_core9XdsClient12ChannelState12StateWatcherD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState12StateWatcherD2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE12OnRetryTimerEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE18StartNewCallLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE21StartRetryTimerLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEED0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEED1Ev, aliases _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEED2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEED2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE12OnRetryTimerEPvP10grpc_error + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE18StartNewCallLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE21StartRetryTimerLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEED0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEED1Ev, aliases _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEED2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEED2Ev + + [A] _ZN9grpc_core9XdsClient12ChannelState17MaybeStartLrsCallEv + + [A] _ZN9grpc_core9XdsClient12ChannelState28StartConnectivityWatchLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState29CancelConnectivityWatchLockedEv + + [A] _ZN9grpc_core9XdsClient12ChannelState6OrphanEv + + [A] _ZN9grpc_core9XdsClient12ChannelState9SubscribeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_ + + [A] _ZN9grpc_core9XdsClient12ChannelStateC1ENS_13RefCountedPtrIS0_EEP12grpc_channel, aliases _ZN9grpc_core9XdsClient12ChannelStateC2ENS_13RefCountedPtrIS0_EEP12grpc_channel + + [A] _ZN9grpc_core9XdsClient12ChannelStateC2ENS_13RefCountedPtrIS0_EEP12grpc_channel + + [A] _ZN9grpc_core9XdsClient12ChannelStateD0Ev + + [A] _ZN9grpc_core9XdsClient12ChannelStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ChannelStateD2Ev, aliases _ZN9grpc_core9XdsClient12ChannelStateD1Ev + + [A] _ZN9grpc_core9XdsClient12ResetBackoffEv + + [A] _ZN9grpc_core9XdsClient13ChannelArgCmpEPvS1_ + + [A] _ZN9grpc_core9XdsClient13NotifyOnErrorEP10grpc_error + + [A] _ZN9grpc_core9XdsClient14ChannelArgCopyEPv + + [A] _ZN9grpc_core9XdsClient15LoadReportStateD1Ev, aliases _ZN9grpc_core9XdsClient15LoadReportStateD2Ev + + [A] _ZN9grpc_core9XdsClient15LoadReportStateD2Ev + + [A] _ZN9grpc_core9XdsClient16WatchClusterDataEN4absl14lts_2020_02_2511string_viewESt10unique_ptrINS0_23ClusterWatcherInterfaceESt14default_deleteIS5_EE + + [A] _ZN9grpc_core9XdsClient17ChannelArgDestroyEPv + + [A] _ZN9grpc_core9XdsClient17WatchEndpointDataEN4absl14lts_2020_02_2511string_viewESt10unique_ptrINS0_24EndpointWatcherInterfaceESt14default_deleteIS5_EE + + [A] _ZN9grpc_core9XdsClient18GetFromChannelArgsERK17grpc_channel_args + + [A] _ZN9grpc_core9XdsClient19AddClusterDropStatsEN4absl14lts_2020_02_2511string_viewES3_S3_ + + [A] _ZN9grpc_core9XdsClient19CreateServiceConfigERKNS_6XdsApi9RdsUpdateEPNS_13RefCountedPtrINS_13ServiceConfigEEE + + [A] _ZN9grpc_core9XdsClient21RemoveFromChannelArgsERK17grpc_channel_args + + [A] _ZN9grpc_core9XdsClient22CancelClusterDataWatchEN4absl14lts_2020_02_2511string_viewEPNS0_23ClusterWatcherInterfaceEb + + [A] _ZN9grpc_core9XdsClient22RemoveClusterDropStatsEN4absl14lts_2020_02_2511string_viewES3_S3_PNS_19XdsClusterDropStatsE + + [A] _ZN9grpc_core9XdsClient23AddClusterLocalityStatsEN4absl14lts_2020_02_2511string_viewES3_S3_NS_13RefCountedPtrINS_15XdsLocalityNameEEE + + [A] _ZN9grpc_core9XdsClient23BuildLoadReportSnapshotEbRKSt3setINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4lessIS7_ESaIS7_EE + + [A] _ZN9grpc_core9XdsClient23CancelEndpointDataWatchEN4absl14lts_2020_02_2511string_viewEPNS0_24EndpointWatcherInterfaceEb + + [A] _ZN9grpc_core9XdsClient26RemoveClusterLocalityStatsEN4absl14lts_2020_02_2511string_viewES3_S3_RKNS_13RefCountedPtrINS_15XdsLocalityNameEEEPNS_23XdsClusterLocalityStatsE + + [A] _ZN9grpc_core9XdsClient26WeightedClustersActionNameB5cxx11ERKSt6vectorINS_6XdsApi9RdsUpdate8RdsRoute13ClusterWeightESaIS5_EE + + [A] _ZN9grpc_core9XdsClient29UpdateWeightedClusterIndexMapERKNS_6XdsApi9RdsUpdateE + + [A] _ZN9grpc_core9XdsClient6OrphanEv + + [A] _ZN9grpc_core9XdsClientC1ESt10shared_ptrINS_14WorkSerializerEEP16grpc_pollset_setN4absl14lts_2020_02_2511string_viewESt10unique_ptrINS0_29ServiceConfigWatcherInterfaceESt14default_deleteISA_EERK17grpc_channel_argsPP10grpc_error + + [A] _ZN9grpc_core9XdsClientC2ESt10shared_ptrINS_14WorkSerializerEEP16grpc_pollset_setN4absl14lts_2020_02_2511string_viewESt10unique_ptrINS0_29ServiceConfigWatcherInterfaceESt14default_deleteISA_EERK17grpc_channel_argsPP10grpc_error, aliases _ZN9grpc_core9XdsClientC1ESt10shared_ptrINS_14WorkSerializerEEP16grpc_pollset_setN4absl14lts_2020_02_2511string_viewESt10unique_ptrINS0_29ServiceConfigWatcherInterfaceESt14default_deleteISA_EERK17grpc_channel_argsPP10grpc_error + + [A] _ZN9grpc_core9XdsClientD0Ev + + [A] _ZN9grpc_core9XdsClientD1Ev, aliases _ZN9grpc_core9XdsClientD2Ev + + [A] _ZN9grpc_core9XdsClientD2Ev + + [A] _ZNK21grpc_call_credentials18min_security_levelEv + + [A] _ZNK31grpc_composite_call_credentials18min_security_levelEv + + [A] _ZNK4absl14lts_2020_02_2516strings_internal8SplitterINS1_13MaxSplitsImplINS0_6ByCharEEENS0_10AllowEmptyEE18ConvertToContainerISt6vectorINS0_11string_viewESaISA_EESA_Lb0EEclERKS7_ + + [A] _ZNK9grpc_core10ThreadPool11thread_nameEv + + [A] _ZNK9grpc_core10ThreadPool13pool_capacityEv + + [A] _ZNK9grpc_core10ThreadPool14thread_optionsEv + + [A] _ZNK9grpc_core10ThreadPool20num_pending_closuresEv + + [A] _ZNK9grpc_core12GrpcLbServereqERKS0_ + + [A] _ZNK9grpc_core13ServerAddress3CmpERKS0_ + + [A] _ZNK9grpc_core13ServiceConfig27GetMethodParsedConfigVectorERK10grpc_slice + + [A] _ZNK9grpc_core14ConfigSelector14MakeChannelArgEv + + [A] _ZNK9grpc_core14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEE3GetERK10grpc_slice + + [A] _ZNK9grpc_core15InfLenFIFOQueue5countEv + + [A] _ZNK9grpc_core15XdsLocalityName7CompareERKS0_ + + [A] _ZNK9grpc_core18ChildPolicyHandler25CreateLoadBalancingPolicyEPKcNS_19LoadBalancingPolicy4ArgsE + + [A] _ZNK9grpc_core18ChildPolicyHandler37ConfigChangeRequiresNewPolicyInstanceEPNS_19LoadBalancingPolicy6ConfigES3_ + + [A] _ZNK9grpc_core18ChildPolicyHandler4nameEv + + [A] _ZNK9grpc_core24ConnectivityStateTracker5stateEv + + [A] _ZNK9grpc_core26TlsServerSecurityConnector3cmpEPK23grpc_security_connector + + [A] _ZNK9grpc_core27TlsChannelSecurityConnector3cmpEPK23grpc_security_connector + + [A] _ZNK9grpc_core28ResolvingLoadBalancingPolicy35ConcatenateAndAddChannelTraceLockedERKN4absl14lts_2020_02_2513InlinedVectorIPKcLm3ESaIS5_EEE + + [A] _ZNK9grpc_core4Json4DumpB5cxx11Ei + + [A] _ZNK9grpc_core6XdsApi10DropConfig10ShouldDropEPPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZNK9grpc_core6XdsApi18PriorityListUpdate4FindEj + + [A] _ZNK9grpc_core6XdsApi18PriorityListUpdateeqERKS1_ + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8RdsRoute13ClusterWeight8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers11PathMatcher8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcher8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8RdsRoute8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core6XdsApi9RdsUpdate8ToStringB5cxx11Ev + + [A] _ZNK9grpc_core8channelz12ChannelTrace10TraceEvent16RenderTraceEventEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState12AdsCallState22HasSubscribedResourcesEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState12AdsCallState22IsCurrentCallOnChannelEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState12LrsCallState22IsCurrentCallOnChannelEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState16HasActiveAdsCallEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState9ads_calldEv + + [A] _ZNK9grpc_core9XdsClient12ChannelState9lrs_calldEv + + [A] _ZNK9grpc_core9XdsClient14MakeChannelArgEv + + [A] _ZNKSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEE19_M_find_before_nodeEmRS2_m + + [A] _ZNKSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEE4findERS2_ + + [A] _ZNKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12_M_check_lenEmPKc + + [A] _ZNKSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE4findERKS2_ + + [A] _ZNKSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core13RefCountedPtrINS8_19LoadBalancingPolicy6ConfigEEEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE4findERS7_ + + [A] _ZNKSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE4findERS7_ + + [A] _ZNSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEE9_M_rehashEmRKm + + [A] _ZNSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEED1Ev + + [A] _ZNSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEED2Ev, aliases _ZNSt10_HashtableI10grpc_sliceSt4pairIKS0_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteIS9_EELm4ESaISC_EEEESaISH_ENSt8__detail10_Select1stESt8equal_toIS0_ENS7_9SliceHashENSJ_18_Mod_range_hashingENSJ_20_Default_ranged_hashENSJ_20_Prime_rehash_policyENSJ_17_Hashtable_traitsILb1ELb0ELb1EEEED1Ev + + [A] _ZNSt10_HashtableIjSt4pairIKjPN9grpc_core21TcpZerocopySendRecordEESaIS5_ENSt8__detail10_Select1stESt8equal_toIjESt4hashIjENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb0ELb0ELb1EEEE21_M_insert_unique_nodeEmmPNS7_10_Hash_nodeIS5_Lb0EEE + + [A] _ZNSt10_HashtableIjSt4pairIKjPN9grpc_core21TcpZerocopySendRecordEESaIS5_ENSt8__detail10_Select1stESt8equal_toIjESt4hashIjENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb0ELb0ELb1EEEE9_M_rehashEmRKm + + [A] _ZNSt10_HashtableIjSt4pairIKjPN9grpc_core21TcpZerocopySendRecordEESaIS5_ENSt8__detail10_Select1stESt8equal_toIjESt4hashIjENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb0ELb0ELb1EEEED1Ev + + [A] _ZNSt10_HashtableIjSt4pairIKjPN9grpc_core21TcpZerocopySendRecordEESaIS5_ENSt8__detail10_Select1stESt8equal_toIjESt4hashIjENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb0ELb0ELb1EEEED2Ev, aliases _ZNSt10_HashtableIjSt4pairIKjPN9grpc_core21TcpZerocopySendRecordEESaIS5_ENSt8__detail10_Select1stESt8equal_toIjESt4hashIjENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb0ELb0ELb1EEEED1Ev + + [A] _ZNSt10unique_ptrIN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core17GrpcLbClientStats14DropTokenCountELm10ESaIS5_EEESt14default_deleteIS7_EED1Ev + + [A] _ZNSt10unique_ptrIN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core17GrpcLbClientStats14DropTokenCountELm10ESaIS5_EEESt14default_deleteIS7_EED2Ev, aliases _ZNSt10unique_ptrIN4absl14lts_2020_02_2513InlinedVectorIN9grpc_core17GrpcLbClientStats14DropTokenCountELm10ESaIS5_EEESt14default_deleteIS7_EED1Ev + + [A] _ZNSt10unique_ptrIN9grpc_core12XdsBootstrapESt14default_deleteIS1_EED1Ev, aliases _ZNSt10unique_ptrIN9grpc_core12XdsBootstrapESt14default_deleteIS1_EED2Ev + + [A] _ZNSt10unique_ptrIN9grpc_core12XdsBootstrapESt14default_deleteIS1_EED2Ev + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_core38AsyncConnectivityStateWatcherInterface8NotifierC4ENS1_13RefCountedPtrIS2_EE23grpc_connectivity_stateRKSt10shared_ptrINS1_14WorkSerializerEEEUlvE_E10_M_managerERSt9_Any_dataRKSE_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState7OnTimerEPvP10grpc_errorEUlvE_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_core9XdsClient12ChannelState13RetryableCallINS3_12AdsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_E10_M_managerERSt9_Any_dataRKSC_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_core9XdsClient12ChannelState13RetryableCallINS3_12LrsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_E10_M_managerERSt9_Any_dataRKSC_St18_Manager_operation + + [A] _ZNSt15_Sp_counted_ptrIDnLN9__gnu_cxx12_Lock_policyE2EE10_M_disposeEv + + [A] _ZNSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE10_M_destroyEv + + [A] _ZNSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE10_M_releaseEv + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_core38AsyncConnectivityStateWatcherInterface8NotifierC4ENS1_13RefCountedPtrIS2_EE23grpc_connectivity_stateRKSt10shared_ptrINS1_14WorkSerializerEEEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState7OnTimerEPvP10grpc_errorEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_core9XdsClient12ChannelState13RetryableCallINS3_12AdsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_core9XdsClient12ChannelState13RetryableCallINS3_12LrsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt20__uninitialized_copyILb0EE13__uninit_copyISt13move_iteratorIPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEES9_EET0_T_SC_SB_ + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE10_M_destroyEv + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE10_M_disposeEv + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EED0Ev + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EED1Ev, aliases _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EED2Ev + + [A] _ZNSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EED2Ev + + [A] _ZNSt3_V28__rotateIPSt10unique_ptrIN9grpc_core17HandshakerFactoryESt14default_deleteIS3_EEEET_S8_S8_S8_St26random_access_iterator_tag + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonESt4lessIS5_ESaISt4pairIKS5_S7_EEEC1ESt16initializer_listISC_ERKS9_RKSD_, aliases _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonESt4lessIS5_ESaISt4pairIKS5_S7_EEEC2ESt16initializer_listISC_ERKS9_RKSD_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonESt4lessIS5_ESaISt4pairIKS5_S7_EEEC2ESt16initializer_listISC_ERKS9_RKSD_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonESt4lessIS5_ESaISt4pairIKS5_S7_EEEixEOS5_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateESt4lessIS5_ESaISt4pairIKS5_SA_EEEixEOS5_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateESt4lessIS5_ESaISt4pairIKS5_SA_EEEixERSE_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core9XdsClient12ClusterStateESt4lessIS5_ESaISt4pairIKS5_S8_EEEixERSC_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core9XdsClient13EndpointStateESt4lessIS5_ESaISt4pairIKS5_S8_EEEixERSC_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS7_16OrphanableDeleteEESt4lessIS5_ESaISt4pairIKS5_SD_EEEixERSH_ + + [A] _ZNSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEmSt4lessIS5_ESaISt4pairIKS5_mEEEixERS9_ + + [A] _ZNSt4pairIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonEED1Ev, aliases _ZNSt4pairIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonEED2Ev + + [A] _ZNSt4pairIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_core4JsonEED2Ev + + [A] _ZNSt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_ED1Ev + + [A] _ZNSt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_ED2Ev, aliases _ZNSt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_ED1Ev + + [A] _ZNSt5dequeIN9grpc_core10Subchannel33ConnectivityStateWatcherInterface23ConnectivityStateChangeESaIS3_EED1Ev, aliases _ZNSt5dequeIN9grpc_core10Subchannel33ConnectivityStateWatcherInterface23ConnectivityStateChangeESaIS3_EED2Ev + + [A] _ZNSt5dequeIN9grpc_core10Subchannel33ConnectivityStateWatcherInterface23ConnectivityStateChangeESaIS3_EED2Ev + + [A] _ZNSt6vectorIN4absl14lts_2020_02_2511string_viewESaIS2_EE15_M_range_insertIPZNKS1_16strings_internal8SplitterINS1_6ByCharENS1_10AllowEmptyEE18ConvertToContainerIS4_S2_Lb0EEclERKSA_E8raw_viewEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EET_SL_St20forward_iterator_tag + + [A] _ZNSt6vectorIN4absl14lts_2020_02_2511string_viewESaIS2_EE15_M_range_insertIPZNKS1_16strings_internal8SplitterINS6_13MaxSplitsImplINS1_6ByCharEEENS1_10AllowEmptyEE18ConvertToContainerIS4_S2_Lb0EEclERKSC_E8raw_viewEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EET_SN_St20forward_iterator_tag + + [A] _ZNSt6vectorIN9grpc_core12GrpcLbServerESaIS1_EE14_M_emplace_auxIJEEEN9__gnu_cxx17__normal_iteratorIPS1_S3_EENS6_IPKS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core12GrpcLbServerESaIS1_EE17_M_realloc_insertIJEEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core23XdsClusterLocalityStats8SnapshotESaIS2_EE17_M_realloc_insertIJS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE12emplace_backIJS1_EEEvDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE12emplace_backIJSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES1_St4lessISB_ESaISt4pairIKSB_S1_EEEEEEvDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE17_M_realloc_insertIJEEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE17_M_realloc_insertIJRNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE17_M_realloc_insertIJS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EE17_M_realloc_insertIJSt3mapINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES1_St4lessISB_ESaISt4pairIKSB_S1_EEEEEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EEC1ESt16initializer_listIS1_ERKS2_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EEC2ESt16initializer_listIS1_ERKS2_, aliases _ZNSt6vectorIN9grpc_core4JsonESaIS1_EEC1ESt16initializer_listIS1_ERKS2_ + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EED1Ev + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EED2Ev, aliases _ZNSt6vectorIN9grpc_core4JsonESaIS1_EED1Ev + + [A] _ZNSt6vectorIN9grpc_core4JsonESaIS1_EEaSERKS3_ + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRoute13ClusterWeightESaIS4_EE17_M_realloc_insertIJS4_EEEvN9__gnu_cxx17__normal_iteratorIPS4_S6_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcherESaIS5_EE17_M_realloc_insertIJEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRoute8Matchers13HeaderMatcherESaIS5_EE17_M_realloc_insertIJS5_EEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRouteESaIS3_EE17_M_realloc_insertIJS3_EEEvN9__gnu_cxx17__normal_iteratorIPS3_S5_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRouteESaIS3_EED1Ev, aliases _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRouteESaIS3_EED2Ev + + [A] _ZNSt6vectorIN9grpc_core6XdsApi9RdsUpdate8RdsRouteESaIS3_EED2Ev + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA10_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA12_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA13_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA15_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA16_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA19_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA21_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA25_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA28_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA29_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA2_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA35_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA4_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA6_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJRA8_KcEEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE12emplace_backIJS5_EEEvDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA10_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA12_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA13_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA15_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA16_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA17_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA19_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA21_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA22_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA23_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA24_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA25_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA26_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA27_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA28_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA29_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA2_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA32_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA33_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA35_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA4_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA6_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA7_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA8_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRA9_KcEEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJRKS5_EEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJS5_EEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EED1Ev, aliases _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EED2Ev + + [A] _ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EED2Ev + + [A] _ZNSt6vectorIP10grpc_errorSaIS1_EE12emplace_backIJS1_EEEvDpOT_ + + [A] _ZNSt6vectorIP10grpc_errorSaIS1_EE17_M_realloc_insertIJRKS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIP10grpc_errorSaIS1_EE17_M_realloc_insertIJS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIP12grpc_channelSaIS1_EE17_M_realloc_insertIJRKS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIP12grpc_pollsetSaIS1_EE17_M_realloc_insertIJS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIP21grpc_completion_queueSaIS1_EE17_M_realloc_insertIJRKS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIPN9grpc_core4JsonESaIS2_EE17_M_realloc_insertIJRKS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [A] _ZNSt6vectorISt10unique_ptrIN9grpc_core20ProxyMapperInterfaceESt14default_deleteIS2_EESaIS5_EE17_M_realloc_insertIJS5_EEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_ + + [A] _ZNSt6vectorImSaImEE17_M_realloc_insertIJRKmEEEvN9__gnu_cxx17__normal_iteratorIPmS1_EEDpOT_ + + [A] _ZNSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE24_M_get_insert_unique_posERKS2_ + + [A] _ZNSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + + [A] _ZNSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewESt4pairIKS2_dESt10_Select1stIS5_EN9grpc_core10StringLessESaIS5_EE24_M_get_insert_unique_posERS4_ + + [A] _ZNSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewESt4pairIKS2_dESt10_Select1stIS5_EN9grpc_core10StringLessESaIS5_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS5_ERS4_ + + [A] _ZNSt8_Rb_treeIN4absl14lts_2020_02_2511string_viewESt4pairIKS2_dESt10_Select1stIS5_EN9grpc_core10StringLessESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_23XdsClusterLocalityStats8SnapshotEESt10_Select1stIS8_ENS2_4LessESaIS8_EE24_M_get_insert_unique_posERS5_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_23XdsClusterLocalityStats8SnapshotEESt10_Select1stIS8_ENS2_4LessESaIS8_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS8_ERS5_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_23XdsClusterLocalityStats8SnapshotEESt10_Select1stIS8_ENS2_4LessESaIS8_EE8_M_eraseEPSt13_Rb_tree_nodeIS8_E + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_6XdsApi18PriorityListUpdate11LocalityMap8LocalityEESt10_Select1stISA_ENS2_4LessESaISA_EE17_M_emplace_uniqueIJRS3_S9_EEES4_ISt17_Rb_tree_iteratorISA_EbEDpOT_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_6XdsApi18PriorityListUpdate11LocalityMap8LocalityEESt10_Select1stISA_ENS2_4LessESaISA_EE7_M_copyINSF_11_Alloc_nodeEEEPSt13_Rb_tree_nodeISA_EPKSJ_PSt18_Rb_tree_node_baseRT_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_6XdsApi18PriorityListUpdate11LocalityMap8LocalityEESt10_Select1stISA_ENS2_4LessESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_9XdsClient15LoadReportState13LocalityStateEESt10_Select1stIS9_ENS2_4LessESaIS9_EE24_M_get_insert_unique_posERS5_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_9XdsClient15LoadReportState13LocalityStateEESt10_Select1stIS9_ENS2_4LessESaIS9_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS9_ERS5_ + + [A] _ZNSt8_Rb_treeIN9grpc_core13RefCountedPtrINS0_15XdsLocalityNameEEESt4pairIKS3_NS0_9XdsClient15LoadReportState13LocalityStateEESt10_Select1stIS9_ENS2_4LessESaIS9_EE8_M_eraseEPSt13_Rb_tree_nodeIS9_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE11equal_rangeERKS5_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSD_PSt13_Rb_tree_nodeIS5_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE16_M_insert_uniqueIRKS5_EESt4pairISt17_Rb_tree_iteratorIS5_EbEOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE17_M_emplace_uniqueIJRKPKcRKmEEESt4pairISt17_Rb_tree_iteratorIS5_EbEDpOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE17_M_emplace_uniqueIJS5_EEESt4pairISt17_Rb_tree_iteratorIS5_EbEDpOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE24_M_get_insert_unique_posERKS5_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE4findERKS5_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE5eraseERKS5_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaISC_EEEESt10_Select1stISF_ESt4lessIS5_ESaISF_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaISC_EEEESt10_Select1stISF_ESt4lessIS5_ESaISF_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISF_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N4absl14lts_2020_02_2513InlinedVectorIN9grpc_core13ServerAddressELm1ESaISC_EEEESt10_Select1stISF_ESt4lessIS5_ESaISF_EE8_M_eraseEPSt13_Rb_tree_nodeISF_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core13RefCountedPtrINS8_19LoadBalancingPolicy6ConfigEEEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core13RefCountedPtrINS8_19LoadBalancingPolicy6ConfigEEEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISD_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core13RefCountedPtrINS8_19LoadBalancingPolicy6ConfigEEEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE8_M_eraseEPSt13_Rb_tree_nodeISD_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core23XdsClusterLocalityStats13BackendMetricEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core23XdsClusterLocalityStats13BackendMetricEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISB_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core23XdsClusterLocalityStats13BackendMetricEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSI_PSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISA_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE4findERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE7_M_copyINSG_11_Alloc_nodeEEEPSt13_Rb_tree_nodeISA_EPKSK_PSt18_Rb_tree_node_baseRT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE7_M_copyINSG_20_Reuse_or_alloc_nodeEEEPSt13_Rb_tree_nodeISA_EPKSK_PSt18_Rb_tree_node_baseRT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EEaSERKSG_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core6XdsApi9CdsUpdateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE17_M_emplace_uniqueIJS5_SA_EEES6_ISt17_Rb_tree_iteratorISB_EbEDpOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core6XdsApi9CdsUpdateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core6XdsApi9EdsUpdateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE17_M_emplace_uniqueIJS5_SA_EEES6_ISt17_Rb_tree_iteratorISB_EbEDpOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core6XdsApi9EdsUpdateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE11equal_rangeERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSL_PSt13_Rb_tree_nodeISD_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISD_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE5eraseERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ChannelState12AdsCallState17ResourceTypeStateEESt10_Select1stISD_ESt4lessIS5_ESaISD_EE8_M_eraseEPSt13_Rb_tree_nodeISD_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE11equal_rangeERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSJ_PSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISB_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE5eraseERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient12ClusterStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE11equal_rangeERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSJ_PSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISB_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE5eraseERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient13EndpointStateEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient16ClusterNamesInfoEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient16ClusterNamesInfoEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISB_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient16ClusterNamesInfoEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE4findERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core9XdsClient16ClusterNamesInfoEESt10_Select1stISB_ESt4lessIS5_ESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS8_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_S5_ESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE8_M_eraseEPSt13_Rb_tree_nodeIS8_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS9_16OrphanableDeleteEEESt10_Select1stISG_ESt4lessIS5_ESaISG_EE11equal_rangeERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS9_16OrphanableDeleteEEESt10_Select1stISG_ESt4lessIS5_ESaISG_EE14_M_insert_nodeEPSt18_Rb_tree_node_baseSO_PSt13_Rb_tree_nodeISG_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS9_16OrphanableDeleteEEESt10_Select1stISG_ESt4lessIS5_ESaISG_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS9_16OrphanableDeleteEEESt10_Select1stISG_ESt4lessIS5_ESaISG_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISG_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_St10unique_ptrIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateENS9_16OrphanableDeleteEEESt10_Select1stISG_ESt4lessIS5_ESaISG_EE8_M_eraseEPSt13_Rb_tree_nodeISG_E + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_mESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE24_M_get_insert_unique_posERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_mESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS8_ERS7_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_mESt10_Select1stIS8_ESt4lessIS5_ESaIS8_EE8_M_eraseEPSt13_Rb_tree_nodeIS8_E + + [A] _ZNSt8_Rb_treeIPKcSt4pairIKS1_N4absl14lts_2020_02_2511string_viewEESt10_Select1stIS7_ESt4lessIS1_ESaIS7_EE8_M_eraseEPSt13_Rb_tree_nodeIS7_E + + [A] _ZNSt8_Rb_treeIPKcSt4pairIKS1_St10unique_ptrIN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherENS5_16OrphanableDeleteEEESt10_Select1stISB_ENS5_10StringLessESaISB_EE24_M_get_insert_unique_posERS3_ + + [A] _ZNSt8_Rb_treeIPKcSt4pairIKS1_St10unique_ptrIN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherENS5_16OrphanableDeleteEEESt10_Select1stISB_ENS5_10StringLessESaISB_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISB_ERS3_ + + [A] _ZNSt8_Rb_treeIPKcSt4pairIKS1_St10unique_ptrIN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherENS5_16OrphanableDeleteEEESt10_Select1stISB_ENS5_10StringLessESaISB_EE4findERS3_ + + [A] _ZNSt8_Rb_treeIPKcSt4pairIKS1_St10unique_ptrIN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherENS5_16OrphanableDeleteEEESt10_Select1stISB_ENS5_10StringLessESaISB_EE8_M_eraseEPSt13_Rb_tree_nodeISB_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core10Subchannel33ConnectivityStateWatcherInterfaceESt4pairIKS3_NS0_13RefCountedPtrIS2_EEESt10_Select1stIS8_ESt4lessIS3_ESaIS8_EE8_M_eraseEPSt13_Rb_tree_nodeIS8_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core10SubchannelESt4pairIKS2_iESt10_Select1stIS5_ESt4lessIS2_ESaIS5_EE17_M_emplace_uniqueIJRS2_iEEES3_ISt17_Rb_tree_iteratorIS5_EbEDpOT_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core10SubchannelESt4pairIKS2_iESt10_Select1stIS5_ESt4lessIS2_ESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameESt4pairIKS2_mESt10_Select1stIS5_ENS1_4LessESaIS5_EE11equal_rangeERS4_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameESt4pairIKS2_mESt10_Select1stIS5_ENS1_4LessESaIS5_EE24_M_get_insert_unique_posERS4_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameESt4pairIKS2_mESt10_Select1stIS5_ENS1_4LessESaIS5_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS5_ERS4_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameESt4pairIKS2_mESt10_Select1stIS5_ENS1_4LessESaIS5_EE5eraseERS4_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core15XdsLocalityNameESt4pairIKS2_mESt10_Select1stIS5_ENS1_4LessESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core19XdsClusterDropStatsES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE16_M_insert_uniqueIS2_EESt4pairISt17_Rb_tree_iteratorIS2_EbEOT_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core19XdsClusterDropStatsES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core23XdsClusterLocalityStatsES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE16_M_insert_uniqueIS2_EESt4pairISt17_Rb_tree_iteratorIS2_EbEOT_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core23XdsClusterLocalityStatsES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core33ConnectivityStateWatcherInterfaceESt4pairIKS2_St10unique_ptrIS1_NS0_16OrphanableDeleteEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE16_M_insert_uniqueIS3_IS2_S7_EEES3_ISt17_Rb_tree_iteratorIS8_EbEOT_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core33ConnectivityStateWatcherInterfaceESt4pairIKS2_St10unique_ptrIS1_NS0_16OrphanableDeleteEEESt10_Select1stIS8_ESt4lessIS2_ESaIS8_EE8_M_eraseEPSt13_Rb_tree_nodeIS8_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient23ClusterWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE24_M_get_insert_unique_posERS5_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient23ClusterWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISA_ERS5_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient23ClusterWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient24EndpointWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE24_M_get_insert_unique_posERS5_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient24EndpointWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISA_ERS5_ + + [A] _ZNSt8_Rb_treeIPN9grpc_core9XdsClient24EndpointWatcherInterfaceESt4pairIKS3_St10unique_ptrIS2_St14default_deleteIS2_EEESt10_Select1stISA_ESt4lessIS3_ESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core6XdsApi17ClusterLoadReportEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE24_M_get_insert_unique_posERS8_ + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core6XdsApi17ClusterLoadReportEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISC_ERS8_ + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core6XdsApi17ClusterLoadReportEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE8_M_eraseEPSt13_Rb_tree_nodeISC_E + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core9XdsClient15LoadReportStateEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE17_M_emplace_uniqueIJS0_IS7_SB_EEEES0_ISt17_Rb_tree_iteratorISC_EbEDpOT_ + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core9XdsClient15LoadReportStateEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE4findERS8_ + + [A] _ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_N9grpc_core9XdsClient15LoadReportStateEESt10_Select1stISC_ESt4lessIS7_ESaISC_EE8_M_eraseEPSt13_Rb_tree_nodeISC_E + + [A] _ZNSt8_Rb_treeISt4pairIPKcS2_ES0_IKS3_N9grpc_core14RegisteredCallEESt10_Select1stIS7_ESt4lessIS3_ESaIS7_EE16_M_insert_uniqueIS7_EES0_ISt17_Rb_tree_iteratorIS7_EbEOT_ + + [A] _ZNSt8_Rb_treeISt4pairIPKcS2_ES0_IKS3_N9grpc_core14RegisteredCallEESt10_Select1stIS7_ESt4lessIS3_ESaIS7_EE8_M_eraseEPSt13_Rb_tree_nodeIS7_E + + [A] _ZNSt8_Rb_treeIlSt4pairIKlN9grpc_core13RefCountedPtrINS2_8channelz10SocketNodeEEEESt10_Select1stIS7_ESt4lessIlESaIS7_EE8_M_eraseEPSt13_Rb_tree_nodeIS7_E + + [A] _ZNSt8_Rb_treeIlSt4pairIKlN9grpc_core13RefCountedPtrINS2_8channelz16ListenSocketNodeEEEESt10_Select1stIS7_ESt4lessIlESaIS7_EE8_M_eraseEPSt13_Rb_tree_nodeIS7_E + + [A] _ZNSt8_Rb_treeIlSt4pairIKlPN9grpc_core8channelz8BaseNodeEESt10_Select1stIS6_ESt4lessIlESaIS6_EE24_M_get_insert_unique_posERS1_ + + [A] _ZNSt8_Rb_treeIlSt4pairIKlPN9grpc_core8channelz8BaseNodeEESt10_Select1stIS6_ESt4lessIlESaIS6_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorIS6_ERS1_ + + [A] _ZNSt8_Rb_treeIlSt4pairIKlPN9grpc_core8channelz8BaseNodeEESt10_Select1stIS6_ESt4lessIlESaIS6_EE5eraseERS1_ + + [A] _ZNSt8_Rb_treeIlSt4pairIKlPN9grpc_core8channelz8BaseNodeEESt10_Select1stIS6_ESt4lessIlESaIS6_EE8_M_eraseEPSt13_Rb_tree_nodeIS6_E + + [A] _ZNSt8_Rb_treeIlSt4pairIKlbESt10_Select1stIS2_ESt4lessIlESaIS2_EE16_M_insert_uniqueIS0_IlbEEES0_ISt17_Rb_tree_iteratorIS2_EbEOT_ + + [A] _ZNSt8_Rb_treeIlSt4pairIKlbESt10_Select1stIS2_ESt4lessIlESaIS2_EE5eraseERS1_ + + [A] _ZNSt8_Rb_treeIlSt4pairIKlbESt10_Select1stIS2_ESt4lessIlESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + + [A] _ZNSt8_Rb_treeImSt4pairIKmSt3setIPN9grpc_core15XdsLocalityNameESt4lessIS5_ESaIS5_EEESt10_Select1stISA_ES6_ImESaISA_EE24_M_get_insert_unique_posERS1_ + + [A] _ZNSt8_Rb_treeImSt4pairIKmSt3setIPN9grpc_core15XdsLocalityNameESt4lessIS5_ESaIS5_EEESt10_Select1stISA_ES6_ImESaISA_EE29_M_get_insert_hint_unique_posESt23_Rb_tree_const_iteratorISA_ERS1_ + + [A] _ZNSt8_Rb_treeImSt4pairIKmSt3setIPN9grpc_core15XdsLocalityNameESt4lessIS5_ESaIS5_EEESt10_Select1stISA_ES6_ImESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZNSt8__detail9_Map_baseI10grpc_sliceSt4pairIKS1_PKN4absl14lts_2020_02_2513InlinedVectorISt10unique_ptrIN9grpc_core19ServiceConfigParser12ParsedConfigESt14default_deleteISA_EELm4ESaISD_EEEESaISI_ENS_10_Select1stESt8equal_toIS1_ENS8_9SliceHashENS_18_Mod_range_hashingENS_20_Default_ranged_hashENS_20_Prime_rehash_policyENS_17_Hashtable_traitsILb1ELb0ELb1EEELb1EEixERS3_ + + [A] _ZSteqIcEN9__gnu_cxx11__enable_ifIXsrSt9__is_charIT_E7__valueEbE6__typeERKNSt7__cxx1112basic_stringIS3_St11char_traitsIS3_ESaIS3_EEESE_ + + [A] _ZStltINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_EbRKSt4pairIT_T0_ESB_ + + [A] _ZZN4absl14lts_2020_02_2511string_view19CheckLengthInternalEmENKUlvE_clEv + + [A] _ZZN4absl14lts_2020_02_2511string_view19CheckLengthInternalEmENUlvE_4_FUNEv + + [A] _ZZN9grpc_core10Subchannel26AsyncWatcherNotifierLockedC4ENS_13RefCountedPtrINS0_33ConnectivityStateWatcherInterfaceEEEPS0_23grpc_connectivity_stateENKUlPvP10grpc_errorE_clES7_S9_ + + [A] _ZZN9grpc_core10Subchannel26AsyncWatcherNotifierLockedC4ENS_13RefCountedPtrINS0_33ConnectivityStateWatcherInterfaceEEEPS0_23grpc_connectivity_stateENUlPvP10grpc_errorE_4_FUNES7_S9_ + + [A] _ZZN9grpc_core16ThreadPoolWorkerC4EPKcPNS_18MPMCQueueInterfaceERNS_6Thread7OptionsEiENKUlPvE_clES8_ + + [A] _ZZN9grpc_core16ThreadPoolWorkerC4EPKcPNS_18MPMCQueueInterfaceERNS_6Thread7OptionsEiENUlPvE_4_FUNES8_ + + [A] _ZZNK4absl14lts_2020_02_2511string_view4backEvENKUlvE_clEv + + [A] _ZZNK4absl14lts_2020_02_2511string_view4backEvENUlvE_4_FUNEv + + [A] grpc_auth_metadata_context_copy + + [A] grpc_auth_metadata_context_reset + + [A] grpc_sts_credentials_create + + [A] grpc_tls_credentials_create + + [A] grpc_tls_credentials_options_set_server_verification_option + + [A] grpc_tls_key_materials_config_get_version + + [A] grpc_tls_key_materials_config_set_version + + [A] grpc_tls_server_credentials_create + + + +47 Removed variable symbols not referenced by debug info: + + + + _ZN9grpc_core17grpc_lb_xds_traceE + + _ZN9grpc_core4Fork13thread_state_E + + _ZN9grpc_core4Fork15exec_ctx_state_E + + _ZN9grpc_core4Fork16support_enabled_E + + _ZN9grpc_core4Fork17override_enabled_E + + _ZN9grpc_core4Fork27reset_child_polling_engine_E + + _ZTV17SpiffeCredentials + + _ZTV23SpiffeServerCredentials + + _ZTV29SpiffeServerSecurityConnector + + _ZTV30SpiffeChannelSecurityConnector + + _ZTVN9grpc_core14SliceHashTableIPKNS_13InlinedVectorISt10unique_ptrINS_13ServiceConfig12ParsedConfigENS_13DefaultDeleteIS4_EEELm4EEEEE + + _ZTVN9grpc_core14SliceHashTableISt10unique_ptrIcNS_13DefaultDeleteIcEEEEE + + _ZTVN9grpc_core16XdsLbClientStatsE + + g_hash_seed + + google_protobuf_Duration_fields + + google_protobuf_Timestamp_fields + + gpr_now_impl + + grpc_connectivity_state_trace + + grpc_gcp_AltsContext_fields + + grpc_gcp_Endpoint_fields + + grpc_gcp_HandshakerReq_fields + + grpc_gcp_HandshakerResp_fields + + grpc_gcp_HandshakerResult_fields + + grpc_gcp_HandshakerStatus_fields + + grpc_gcp_Identity_fields + + grpc_gcp_NextHandshakeMessageReq_fields + + grpc_gcp_RpcProtocolVersions_Version_fields + + grpc_gcp_RpcProtocolVersions_fields + + grpc_gcp_ServerHandshakeParameters_fields + + grpc_gcp_StartClientHandshakeReq_fields + + grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_fields + + grpc_gcp_StartServerHandshakeReq_fields + + grpc_health_v1_HealthCheckRequest_fields + + grpc_health_v1_HealthCheckResponse_fields + + grpc_lb_v1_ClientStatsPerToken_fields + + grpc_lb_v1_ClientStats_fields + + grpc_lb_v1_InitialLoadBalanceRequest_fields + + grpc_lb_v1_InitialLoadBalanceResponse_fields + + grpc_lb_v1_LoadBalanceRequest_fields + + grpc_lb_v1_LoadBalanceResponse_fields + + grpc_lb_v1_ServerList_fields + + grpc_lb_v1_Server_fields + + grpc_schedule_on_exec_ctx + + grpc_server_channel_trace + + grpc_static_mdelem_table + + grpc_static_metadata_refcounts + + grpc_static_slice_table + + + +786 Added variable symbols not referenced by debug info: + + + + [A] _ZN9grpc_core11g_hash_seedE + + [A] _ZN9grpc_core13kNoopRefcountE + + [A] _ZN9grpc_core17grpc_cds_lb_traceE + + [A] _ZN9grpc_core17grpc_lb_eds_traceE + + [A] _ZN9grpc_core17grpc_lb_lrs_traceE + + [A] _ZN9grpc_core19StaticSliceRefcount18kStaticSubRefcountE + + [A] _ZN9grpc_core21g_static_mdelem_tableE + + [A] _ZN9grpc_core21grpc_xds_client_traceE + + [A] _ZN9grpc_core22grpc_lb_priority_traceE + + [A] _ZN9grpc_core22grpc_thread_pool_traceE + + [A] _ZN9grpc_core23MessageDecompressFilterE + + [A] _ZN9grpc_core23grpc_xds_resolver_traceE + + [A] _ZN9grpc_core25grpc_server_channel_traceE + + [A] _ZN9grpc_core25grpc_xds_routing_lb_traceE + + [A] _ZN9grpc_core25kGrpcLbLbTokenMetadataKeyE + + [A] _ZN9grpc_core26g_static_mdelem_manifestedE + + [A] _ZN9grpc_core26grpc_work_serializer_traceE + + [A] _ZN9grpc_core29g_static_metadata_slice_tableE + + [A] _ZN9grpc_core29grpc_connectivity_state_traceE + + [A] _ZN9grpc_core29grpc_lb_weighted_target_traceE + + [A] _ZN9grpc_core29grpc_trace_client_idle_filterE + + [A] _ZN9grpc_core29kGrpcLbClientStatsMetadataKeyE + + [A] _ZN9grpc_core33g_static_metadata_slice_refcountsE + + [A] _ZN9grpc_core6XdsApi11kCdsTypeUrlE + + [A] _ZN9grpc_core6XdsApi11kEdsTypeUrlE + + [A] _ZN9grpc_core6XdsApi11kLdsTypeUrlE + + [A] _ZN9grpc_core6XdsApi11kRdsTypeUrlE + + [A] _ZN9grpc_core9XdsClient16kXdsClientVtableE + + [A] _ZTI11ExecCtxNext + + [A] _ZTI12ExecCtxPluck + + [A] _ZTI14TlsCredentials + + [A] _ZTI20TlsServerCredentials + + [A] _ZTI20grpc_ssl_credentials + + [A] _ZTI21grpc_alts_credentials + + [A] _ZTI21grpc_call_credentials + + [A] _ZTI22grpc_local_credentials + + [A] _ZTI22grpc_tls_error_details + + [A] _ZTI23grpc_plugin_credentials + + [A] _ZTI23grpc_security_connector + + [A] _ZTI23grpc_server_credentials + + [A] _ZTI24grpc_channel_credentials + + [A] _ZTI27grpc_google_iam_credentials + + [A] _ZTI27grpc_ssl_server_credentials + + [A] _ZTI28grpc_alts_server_credentials + + [A] _ZTI28grpc_tls_credentials_options + + [A] _ZTI29grpc_access_token_credentials + + [A] _ZTI29grpc_local_server_credentials + + [A] _ZTI29grpc_md_only_test_credentials + + [A] _ZTI29grpc_tls_key_materials_config + + [A] _ZTI30grpc_server_security_connector + + [A] _ZTI31grpc_channel_security_connector + + [A] _ZTI31grpc_composite_call_credentials + + [A] _ZTI33grpc_tls_credential_reload_config + + [A] _ZTI34grpc_composite_channel_credentials + + [A] _ZTI37grpc_google_refresh_token_credentials + + [A] _ZTI37grpc_oauth2_token_fetcher_credentials + + [A] _ZTI39grpc_google_default_channel_credentials + + [A] _ZTI42grpc_tls_server_authorization_check_config + + [A] _ZTI43grpc_httpcli_ssl_channel_security_connector + + [A] _ZTI43grpc_service_account_jwt_access_credentials + + [A] _ZTIN3tsi16SslCachedSessionE + + [A] _ZTIN3tsi18SslSessionLRUCacheE + + [A] _ZTIN4grpc12experimental17LibuvEventManagerE + + [A] _ZTIN9grpc_core10ByteStreamE + + [A] _ZTIN9grpc_core10HandshakerE + + [A] _ZTIN9grpc_core10OrphanableE + + [A] _ZTIN9grpc_core10RefCountedI21grpc_call_credentialsNS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedI22grpc_tls_error_detailsNS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedI23grpc_security_connectorNS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedI23grpc_server_credentialsNS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedI24grpc_channel_credentialsNS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedI28grpc_tls_credentials_optionsNS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedI29grpc_tls_key_materials_configNS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedI33grpc_tls_credential_reload_configNS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedI42grpc_tls_server_authorization_check_configNS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedIN3tsi18SslSessionLRUCacheENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_10HandshakerENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_10Subchannel33ConnectivityStateWatcherInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_13ServiceConfigENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_14ConfigSelectorENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEEENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_15XdsLocalityNameENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_16HandshakeManagerENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_17GrpcLbClientStatsENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_19ConnectedSubchannelENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_19LoadBalancingPolicy6ConfigENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_19SubchannelInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_19XdsClusterDropStatsENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_23SubchannelPoolInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_23XdsClusterLocalityStatsENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_29FakeResolverResponseGeneratorENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_6XdsApi10DropConfigENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_8channelz8BaseNodeENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10RefCountedINS_8internal23ServerRetryThrottleDataENS_19PolymorphicRefCountEEE + + [A] _ZTIN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherE + + [A] _ZTIN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherE + + [A] _ZTIN9grpc_core10Subchannel33ConnectivityStateWatcherInterfaceE + + [A] _ZTIN9grpc_core10ThreadPoolE + + [A] _ZTIN9grpc_core12FakeResolverE + + [A] _ZTIN9grpc_core12GrpcPolledFdE + + [A] _ZTIN9grpc_core13ServiceConfigE + + [A] _ZTIN9grpc_core14ConfigSelectorE + + [A] _ZTIN9grpc_core14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEEE + + [A] _ZTIN9grpc_core14WorkSerializer18WorkSerializerImplE + + [A] _ZTIN9grpc_core15ByteStreamCache17CachingByteStreamE + + [A] _ZTIN9grpc_core15Chttp2ConnectorE + + [A] _ZTIN9grpc_core15InfLenFIFOQueueE + + [A] _ZTIN9grpc_core15ResolverFactoryE + + [A] _ZTIN9grpc_core15XdsLocalityNameE + + [A] _ZTIN9grpc_core16HandshakeManagerE + + [A] _ZTIN9grpc_core17GrpcLbClientStatsE + + [A] _ZTIN9grpc_core17GrpcPolledFdPosixE + + [A] _ZTIN9grpc_core17HandshakerFactoryE + + [A] _ZTIN9grpc_core17HealthCheckClient9CallStateE + + [A] _ZTIN9grpc_core17HealthCheckClientE + + [A] _ZTIN9grpc_core17MessageSizeParserE + + [A] _ZTIN9grpc_core18ChildPolicyHandler6HelperE + + [A] _ZTIN9grpc_core18ChildPolicyHandlerE + + [A] _ZTIN9grpc_core18MPMCQueueInterfaceE + + [A] _ZTIN9grpc_core18TcpServerFdHandlerE + + [A] _ZTIN9grpc_core19ConnectedSubchannelE + + [A] _ZTIN9grpc_core19ConnectivityWatcherE + + [A] _ZTIN9grpc_core19GrpcPolledFdFactoryE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy11QueuePickerE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy16SubchannelPickerE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy17MetadataInterfaceE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy20ChannelControlHelperE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy22TransientFailurePickerE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy6ConfigE + + [A] _ZTIN9grpc_core19LoadBalancingPolicy9CallStateE + + [A] _ZTIN9grpc_core19LoadBalancingPolicyE + + [A] _ZTIN9grpc_core19LocalSubchannelPoolE + + [A] _ZTIN9grpc_core19PolymorphicRefCountE + + [A] _ZTIN9grpc_core19ServiceConfigParser12ParsedConfigE + + [A] _ZTIN9grpc_core19ServiceConfigParser6ParserE + + [A] _ZTIN9grpc_core19SubchannelConnectorE + + [A] _ZTIN9grpc_core19SubchannelInterface33ConnectivityStateWatcherInterfaceE + + [A] _ZTIN9grpc_core19SubchannelInterfaceE + + [A] _ZTIN9grpc_core19ThreadPoolInterfaceE + + [A] _ZTIN9grpc_core19XdsClusterDropStatsE + + [A] _ZTIN9grpc_core20ClientChannelFactoryE + + [A] _ZTIN9grpc_core20GlobalSubchannelPoolE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_17HealthCheckClientEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_19LoadBalancingPolicyEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_19SubchannelConnectorEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_8ResolverEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12AdsCallState13ResourceStateEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12AdsCallStateEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12LrsCallState8ReporterEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12LrsCallStateEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12AdsCallStateEEEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12LrsCallStateEEEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelStateEEE + + [A] _ZTIN9grpc_core20InternallyRefCountedINS_9XdsClientEEE + + [A] _ZTIN9grpc_core20ProxyMapperInterfaceE + + [A] _ZTIN9grpc_core21DefaultConfigSelectorE + + [A] _ZTIN9grpc_core21SliceBufferByteStreamE + + [A] _ZTIN9grpc_core23MessageSizeParsedConfigE + + [A] _ZTIN9grpc_core23ServerListenerInterfaceE + + [A] _ZTIN9grpc_core23SubchannelPoolInterfaceE + + [A] _ZTIN9grpc_core23XdsClusterLocalityStatsE + + [A] _ZTIN9grpc_core24Chttp2IncomingByteStreamE + + [A] _ZTIN9grpc_core24GrpcPolledFdFactoryPosixE + + [A] _ZTIN9grpc_core26LoadBalancingPolicyFactoryE + + [A] _ZTIN9grpc_core26TlsServerSecurityConnectorE + + [A] _ZTIN9grpc_core27TlsChannelSecurityConnectorE + + [A] _ZTIN9grpc_core28ResolvingLoadBalancingPolicy19ChannelConfigHelperE + + [A] _ZTIN9grpc_core28ResolvingLoadBalancingPolicy21ResolverResultHandlerE + + [A] _ZTIN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelperE + + [A] _ZTIN9grpc_core28ResolvingLoadBalancingPolicyE + + [A] _ZTIN9grpc_core29FakeResolverResponseGeneratorE + + [A] _ZTIN9grpc_core32Chttp2SecureClientChannelFactoryE + + [A] _ZTIN9grpc_core33ConnectivityStateWatcherInterfaceE + + [A] _ZTIN9grpc_core34Chttp2InsecureClientChannelFactoryE + + [A] _ZTIN9grpc_core38AsyncConnectivityStateWatcherInterfaceE + + [A] _ZTIN9grpc_core6XdsApi10DropConfigE + + [A] _ZTIN9grpc_core6chttp217StreamFlowControlE + + [A] _ZTIN9grpc_core6chttp220TransportFlowControlE + + [A] _ZTIN9grpc_core6chttp221StreamFlowControlBaseE + + [A] _ZTIN9grpc_core6chttp224TransportFlowControlBaseE + + [A] _ZTIN9grpc_core6chttp225StreamFlowControlDisabledE + + [A] _ZTIN9grpc_core6chttp228TransportFlowControlDisabledE + + [A] _ZTIN9grpc_core7ExecCtxE + + [A] _ZTIN9grpc_core8Resolver13ResultHandlerE + + [A] _ZTIN9grpc_core8ResolverE + + [A] _ZTIN9grpc_core8channelz10ServerNodeE + + [A] _ZTIN9grpc_core8channelz10SocketNodeE + + [A] _ZTIN9grpc_core8channelz11ChannelNodeE + + [A] _ZTIN9grpc_core8channelz14SubchannelNodeE + + [A] _ZTIN9grpc_core8channelz16ListenSocketNodeE + + [A] _ZTIN9grpc_core8channelz8BaseNodeE + + [A] _ZTIN9grpc_core8internal23ServerRetryThrottleDataE + + [A] _ZTIN9grpc_core8internal31ClientChannelGlobalParsedConfigE + + [A] _ZTIN9grpc_core8internal31ClientChannelMethodParsedConfigE + + [A] _ZTIN9grpc_core8internal32ClientChannelServiceConfigParserE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState12AdsCallStateE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState12LrsCallStateE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState12StateWatcherE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEEE + + [A] _ZTIN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEEE + + [A] _ZTIN9grpc_core9XdsClient12ChannelStateE + + [A] _ZTIN9grpc_core9XdsClient23ClusterWatcherInterfaceE + + [A] _ZTIN9grpc_core9XdsClient24EndpointWatcherInterfaceE + + [A] _ZTIN9grpc_core9XdsClient29ServiceConfigWatcherInterfaceE + + [A] _ZTIN9grpc_core9XdsClientE + + [A] _ZTISt11_Mutex_baseILN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTISt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTISt19_Sp_make_shared_tag + + [A] _ZTISt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTIZN9grpc_core38AsyncConnectivityStateWatcherInterface8NotifierC4ENS_13RefCountedPtrIS0_EE23grpc_connectivity_stateRKSt10shared_ptrINS_14WorkSerializerEEEUlvE_ + + [A] _ZTIZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState7OnTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTIZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTIZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTS11ExecCtxNext + + [A] _ZTS12ExecCtxPluck + + [A] _ZTS14TlsCredentials + + [A] _ZTS20TlsServerCredentials + + [A] _ZTS20grpc_ssl_credentials + + [A] _ZTS21grpc_alts_credentials + + [A] _ZTS21grpc_call_credentials + + [A] _ZTS22grpc_local_credentials + + [A] _ZTS22grpc_tls_error_details + + [A] _ZTS23grpc_plugin_credentials + + [A] _ZTS23grpc_security_connector + + [A] _ZTS23grpc_server_credentials + + [A] _ZTS24grpc_channel_credentials + + [A] _ZTS27grpc_google_iam_credentials + + [A] _ZTS27grpc_ssl_server_credentials + + [A] _ZTS28grpc_alts_server_credentials + + [A] _ZTS28grpc_tls_credentials_options + + [A] _ZTS29grpc_access_token_credentials + + [A] _ZTS29grpc_local_server_credentials + + [A] _ZTS29grpc_md_only_test_credentials + + [A] _ZTS29grpc_tls_key_materials_config + + [A] _ZTS30grpc_server_security_connector + + [A] _ZTS31grpc_channel_security_connector + + [A] _ZTS31grpc_composite_call_credentials + + [A] _ZTS33grpc_tls_credential_reload_config + + [A] _ZTS34grpc_composite_channel_credentials + + [A] _ZTS37grpc_google_refresh_token_credentials + + [A] _ZTS37grpc_oauth2_token_fetcher_credentials + + [A] _ZTS39grpc_google_default_channel_credentials + + [A] _ZTS42grpc_tls_server_authorization_check_config + + [A] _ZTS43grpc_httpcli_ssl_channel_security_connector + + [A] _ZTS43grpc_service_account_jwt_access_credentials + + [A] _ZTSN3tsi16SslCachedSessionE + + [A] _ZTSN3tsi18SslSessionLRUCacheE + + [A] _ZTSN4grpc12experimental17LibuvEventManagerE + + [A] _ZTSN9grpc_core10ByteStreamE + + [A] _ZTSN9grpc_core10HandshakerE + + [A] _ZTSN9grpc_core10OrphanableE + + [A] _ZTSN9grpc_core10RefCountedI21grpc_call_credentialsNS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedI22grpc_tls_error_detailsNS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedI23grpc_security_connectorNS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedI23grpc_server_credentialsNS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedI24grpc_channel_credentialsNS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedI28grpc_tls_credentials_optionsNS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedI29grpc_tls_key_materials_configNS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedI33grpc_tls_credential_reload_configNS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedI42grpc_tls_server_authorization_check_configNS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedIN3tsi18SslSessionLRUCacheENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_10HandshakerENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_10Subchannel33ConnectivityStateWatcherInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_13ServiceConfigENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_14ConfigSelectorENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEEENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_15XdsLocalityNameENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_16HandshakeManagerENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_17GrpcLbClientStatsENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_19ConnectedSubchannelENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_19LoadBalancingPolicy6ConfigENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_19SubchannelInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_19XdsClusterDropStatsENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_23SubchannelPoolInterfaceENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_23XdsClusterLocalityStatsENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_29FakeResolverResponseGeneratorENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_6XdsApi10DropConfigENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_8channelz8BaseNodeENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10RefCountedINS_8internal23ServerRetryThrottleDataENS_19PolymorphicRefCountEEE + + [A] _ZTSN9grpc_core10Subchannel16HealthWatcherMap13HealthWatcherE + + [A] _ZTSN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherE + + [A] _ZTSN9grpc_core10Subchannel33ConnectivityStateWatcherInterfaceE + + [A] _ZTSN9grpc_core10ThreadPoolE + + [A] _ZTSN9grpc_core12FakeResolverE + + [A] _ZTSN9grpc_core12GrpcPolledFdE + + [A] _ZTSN9grpc_core13ServiceConfigE + + [A] _ZTSN9grpc_core14ConfigSelectorE + + [A] _ZTSN9grpc_core14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEEE + + [A] _ZTSN9grpc_core14WorkSerializer18WorkSerializerImplE + + [A] _ZTSN9grpc_core15ByteStreamCache17CachingByteStreamE + + [A] _ZTSN9grpc_core15Chttp2ConnectorE + + [A] _ZTSN9grpc_core15InfLenFIFOQueueE + + [A] _ZTSN9grpc_core15ResolverFactoryE + + [A] _ZTSN9grpc_core15XdsLocalityNameE + + [A] _ZTSN9grpc_core16HandshakeManagerE + + [A] _ZTSN9grpc_core17GrpcLbClientStatsE + + [A] _ZTSN9grpc_core17GrpcPolledFdPosixE + + [A] _ZTSN9grpc_core17HandshakerFactoryE + + [A] _ZTSN9grpc_core17HealthCheckClient9CallStateE + + [A] _ZTSN9grpc_core17HealthCheckClientE + + [A] _ZTSN9grpc_core17MessageSizeParserE + + [A] _ZTSN9grpc_core18ChildPolicyHandler6HelperE + + [A] _ZTSN9grpc_core18ChildPolicyHandlerE + + [A] _ZTSN9grpc_core18MPMCQueueInterfaceE + + [A] _ZTSN9grpc_core18TcpServerFdHandlerE + + [A] _ZTSN9grpc_core19ConnectedSubchannelE + + [A] _ZTSN9grpc_core19ConnectivityWatcherE + + [A] _ZTSN9grpc_core19GrpcPolledFdFactoryE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy11QueuePickerE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy16SubchannelPickerE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy17MetadataInterfaceE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy20ChannelControlHelperE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy22TransientFailurePickerE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy6ConfigE + + [A] _ZTSN9grpc_core19LoadBalancingPolicy9CallStateE + + [A] _ZTSN9grpc_core19LoadBalancingPolicyE + + [A] _ZTSN9grpc_core19LocalSubchannelPoolE + + [A] _ZTSN9grpc_core19PolymorphicRefCountE + + [A] _ZTSN9grpc_core19ServiceConfigParser12ParsedConfigE + + [A] _ZTSN9grpc_core19ServiceConfigParser6ParserE + + [A] _ZTSN9grpc_core19SubchannelConnectorE + + [A] _ZTSN9grpc_core19SubchannelInterface33ConnectivityStateWatcherInterfaceE + + [A] _ZTSN9grpc_core19SubchannelInterfaceE + + [A] _ZTSN9grpc_core19ThreadPoolInterfaceE + + [A] _ZTSN9grpc_core19XdsClusterDropStatsE + + [A] _ZTSN9grpc_core20ClientChannelFactoryE + + [A] _ZTSN9grpc_core20GlobalSubchannelPoolE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_17HealthCheckClientEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_19LoadBalancingPolicyEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_19SubchannelConnectorEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_33ConnectivityStateWatcherInterfaceEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_8ResolverEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12AdsCallState13ResourceStateEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12AdsCallStateEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12LrsCallState8ReporterEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState12LrsCallStateEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12AdsCallStateEEEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelState13RetryableCallINS2_12LrsCallStateEEEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClient12ChannelStateEEE + + [A] _ZTSN9grpc_core20InternallyRefCountedINS_9XdsClientEEE + + [A] _ZTSN9grpc_core20ProxyMapperInterfaceE + + [A] _ZTSN9grpc_core21DefaultConfigSelectorE + + [A] _ZTSN9grpc_core21SliceBufferByteStreamE + + [A] _ZTSN9grpc_core23MessageSizeParsedConfigE + + [A] _ZTSN9grpc_core23ServerListenerInterfaceE + + [A] _ZTSN9grpc_core23SubchannelPoolInterfaceE + + [A] _ZTSN9grpc_core23XdsClusterLocalityStatsE + + [A] _ZTSN9grpc_core24Chttp2IncomingByteStreamE + + [A] _ZTSN9grpc_core24GrpcPolledFdFactoryPosixE + + [A] _ZTSN9grpc_core26LoadBalancingPolicyFactoryE + + [A] _ZTSN9grpc_core26TlsServerSecurityConnectorE + + [A] _ZTSN9grpc_core27TlsChannelSecurityConnectorE + + [A] _ZTSN9grpc_core28ResolvingLoadBalancingPolicy19ChannelConfigHelperE + + [A] _ZTSN9grpc_core28ResolvingLoadBalancingPolicy21ResolverResultHandlerE + + [A] _ZTSN9grpc_core28ResolvingLoadBalancingPolicy22ResolvingControlHelperE + + [A] _ZTSN9grpc_core28ResolvingLoadBalancingPolicyE + + [A] _ZTSN9grpc_core29FakeResolverResponseGeneratorE + + [A] _ZTSN9grpc_core32Chttp2SecureClientChannelFactoryE + + [A] _ZTSN9grpc_core33ConnectivityStateWatcherInterfaceE + + [A] _ZTSN9grpc_core34Chttp2InsecureClientChannelFactoryE + + [A] _ZTSN9grpc_core38AsyncConnectivityStateWatcherInterfaceE + + [A] _ZTSN9grpc_core6XdsApi10DropConfigE + + [A] _ZTSN9grpc_core6chttp217StreamFlowControlE + + [A] _ZTSN9grpc_core6chttp220TransportFlowControlE + + [A] _ZTSN9grpc_core6chttp221StreamFlowControlBaseE + + [A] _ZTSN9grpc_core6chttp224TransportFlowControlBaseE + + [A] _ZTSN9grpc_core6chttp225StreamFlowControlDisabledE + + [A] _ZTSN9grpc_core6chttp228TransportFlowControlDisabledE + + [A] _ZTSN9grpc_core7ExecCtxE + + [A] _ZTSN9grpc_core8Resolver13ResultHandlerE + + [A] _ZTSN9grpc_core8ResolverE + + [A] _ZTSN9grpc_core8channelz10ServerNodeE + + [A] _ZTSN9grpc_core8channelz10SocketNodeE + + [A] _ZTSN9grpc_core8channelz11ChannelNodeE + + [A] _ZTSN9grpc_core8channelz14SubchannelNodeE + + [A] _ZTSN9grpc_core8channelz16ListenSocketNodeE + + [A] _ZTSN9grpc_core8channelz8BaseNodeE + + [A] _ZTSN9grpc_core8internal23ServerRetryThrottleDataE + + [A] _ZTSN9grpc_core8internal31ClientChannelGlobalParsedConfigE + + [A] _ZTSN9grpc_core8internal31ClientChannelMethodParsedConfigE + + [A] _ZTSN9grpc_core8internal32ClientChannelServiceConfigParserE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState12AdsCallStateE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState12LrsCallStateE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState12StateWatcherE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEEE + + [A] _ZTSN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEEE + + [A] _ZTSN9grpc_core9XdsClient12ChannelStateE + + [A] _ZTSN9grpc_core9XdsClient23ClusterWatcherInterfaceE + + [A] _ZTSN9grpc_core9XdsClient24EndpointWatcherInterfaceE + + [A] _ZTSN9grpc_core9XdsClient29ServiceConfigWatcherInterfaceE + + [A] _ZTSN9grpc_core9XdsClientE + + [A] _ZTSSt11_Mutex_baseILN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTSSt19_Sp_make_shared_tag + + [A] _ZTSSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + [A] _ZTSZN9grpc_core38AsyncConnectivityStateWatcherInterface8NotifierC4ENS_13RefCountedPtrIS0_EE23grpc_connectivity_stateRKSt10shared_ptrINS_14WorkSerializerEEEUlvE_ + + [A] _ZTSZN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceState7OnTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTSZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTSZN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEE12OnRetryTimerEPvP10grpc_errorEUlvE_ + + [A] _ZTV14TlsCredentials + + [A] _ZTV20TlsServerCredentials + + [A] _ZTV22grpc_tls_error_details + + [A] _ZTVN4grpc12experimental17LibuvEventManagerE + + [A] _ZTVN9grpc_core10Subchannel31ConnectedSubchannelStateWatcherE + + [A] _ZTVN9grpc_core10Subchannel33ConnectivityStateWatcherInterfaceE + + [A] _ZTVN9grpc_core10ThreadPoolE + + [A] _ZTVN9grpc_core14SliceHashTableISt10unique_ptrIcNS_17DefaultDeleteCharEEEE + + [A] _ZTVN9grpc_core14WorkSerializer18WorkSerializerImplE + + [A] _ZTVN9grpc_core15Chttp2ConnectorE + + [A] _ZTVN9grpc_core15InfLenFIFOQueueE + + [A] _ZTVN9grpc_core15XdsLocalityNameE + + [A] _ZTVN9grpc_core18ChildPolicyHandler6HelperE + + [A] _ZTVN9grpc_core18ChildPolicyHandlerE + + [A] _ZTVN9grpc_core19ConnectivityWatcherE + + [A] _ZTVN9grpc_core19XdsClusterDropStatsE + + [A] _ZTVN9grpc_core21DefaultConfigSelectorE + + [A] _ZTVN9grpc_core23XdsClusterLocalityStatsE + + [A] _ZTVN9grpc_core26TlsServerSecurityConnectorE + + [A] _ZTVN9grpc_core27TlsChannelSecurityConnectorE + + [A] _ZTVN9grpc_core38AsyncConnectivityStateWatcherInterfaceE + + [A] _ZTVN9grpc_core6XdsApi10DropConfigE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState12AdsCallState13ResourceStateE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState12AdsCallStateE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState12LrsCallState8ReporterE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState12LrsCallStateE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState12StateWatcherE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12AdsCallStateEEE + + [A] _ZTVN9grpc_core9XdsClient12ChannelState13RetryableCallINS1_12LrsCallStateEEE + + [A] _ZTVN9grpc_core9XdsClient12ChannelStateE + + [A] _ZTVN9grpc_core9XdsClientE + + [A] _ZTVSt23_Sp_counted_ptr_inplaceIN9grpc_core14WorkSerializerESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + [A] envoy_annotations_ResourceAnnotation_msginit + + [A] envoy_api_v2_CdsDummy_msginit + + [A] envoy_api_v2_ClusterLoadAssignment_NamedEndpointsEntry_msginit + + [A] envoy_api_v2_ClusterLoadAssignment_Policy_DropOverload_msginit + + [A] envoy_api_v2_ClusterLoadAssignment_Policy_msginit + + [A] envoy_api_v2_ClusterLoadAssignment_msginit + + [A] envoy_api_v2_Cluster_CommonLbConfig_ConsistentHashingLbConfig_msginit + + [A] envoy_api_v2_Cluster_CommonLbConfig_LocalityWeightedLbConfig_msginit + + [A] envoy_api_v2_Cluster_CommonLbConfig_ZoneAwareLbConfig_msginit + + [A] envoy_api_v2_Cluster_CommonLbConfig_msginit + + [A] envoy_api_v2_Cluster_CustomClusterType_msginit + + [A] envoy_api_v2_Cluster_EdsClusterConfig_msginit + + [A] envoy_api_v2_Cluster_ExtensionProtocolOptionsEntry_msginit + + [A] envoy_api_v2_Cluster_LbSubsetConfig_LbSubsetSelector_msginit + + [A] envoy_api_v2_Cluster_LbSubsetConfig_msginit + + [A] envoy_api_v2_Cluster_LeastRequestLbConfig_msginit + + [A] envoy_api_v2_Cluster_OriginalDstLbConfig_msginit + + [A] envoy_api_v2_Cluster_RefreshRate_msginit + + [A] envoy_api_v2_Cluster_RingHashLbConfig_msginit + + [A] envoy_api_v2_Cluster_TransportSocketMatch_msginit + + [A] envoy_api_v2_Cluster_TypedExtensionProtocolOptionsEntry_msginit + + [A] envoy_api_v2_Cluster_msginit + + [A] envoy_api_v2_DeltaDiscoveryRequest_InitialResourceVersionsEntry_msginit + + [A] envoy_api_v2_DeltaDiscoveryRequest_msginit + + [A] envoy_api_v2_DeltaDiscoveryResponse_msginit + + [A] envoy_api_v2_DiscoveryRequest_msginit + + [A] envoy_api_v2_DiscoveryResponse_msginit + + [A] envoy_api_v2_EdsDummy_msginit + + [A] envoy_api_v2_LdsDummy_msginit + + [A] envoy_api_v2_Listener_ConnectionBalanceConfig_ExactBalance_msginit + + [A] envoy_api_v2_Listener_ConnectionBalanceConfig_msginit + + [A] envoy_api_v2_Listener_DeprecatedV1_msginit + + [A] envoy_api_v2_Listener_msginit + + [A] envoy_api_v2_LoadBalancingPolicy_Policy_msginit + + [A] envoy_api_v2_LoadBalancingPolicy_msginit + + [A] envoy_api_v2_RdsDummy_msginit + + [A] envoy_api_v2_Resource_msginit + + [A] envoy_api_v2_RouteConfiguration_msginit + + [A] envoy_api_v2_ScopedRouteConfiguration_Key_Fragment_msginit + + [A] envoy_api_v2_ScopedRouteConfiguration_Key_msginit + + [A] envoy_api_v2_ScopedRouteConfiguration_msginit + + [A] envoy_api_v2_SrdsDummy_msginit + + [A] envoy_api_v2_UpstreamBindConfig_msginit + + [A] envoy_api_v2_UpstreamConnectionOptions_msginit + + [A] envoy_api_v2_Vhds_msginit + + [A] envoy_api_v2_auth_CertificateValidationContext_msginit + + [A] envoy_api_v2_auth_CommonTlsContext_CombinedCertificateValidationContext_msginit + + [A] envoy_api_v2_auth_CommonTlsContext_msginit + + [A] envoy_api_v2_auth_DownstreamTlsContext_msginit + + [A] envoy_api_v2_auth_GenericSecret_msginit + + [A] envoy_api_v2_auth_PrivateKeyProvider_msginit + + [A] envoy_api_v2_auth_SdsSecretConfig_msginit + + [A] envoy_api_v2_auth_Secret_msginit + + [A] envoy_api_v2_auth_TlsCertificate_msginit + + [A] envoy_api_v2_auth_TlsParameters_msginit + + [A] envoy_api_v2_auth_TlsSessionTicketKeys_msginit + + [A] envoy_api_v2_auth_UpstreamTlsContext_msginit + + [A] envoy_api_v2_cluster_CircuitBreakers_Thresholds_RetryBudget_msginit + + [A] envoy_api_v2_cluster_CircuitBreakers_Thresholds_msginit + + [A] envoy_api_v2_cluster_CircuitBreakers_msginit + + [A] envoy_api_v2_cluster_Filter_msginit + + [A] envoy_api_v2_cluster_OutlierDetection_msginit + + [A] envoy_api_v2_core_Address_msginit + + [A] envoy_api_v2_core_AggregatedConfigSource_msginit + + [A] envoy_api_v2_core_ApiConfigSource_msginit + + [A] envoy_api_v2_core_AsyncDataSource_msginit + + [A] envoy_api_v2_core_BackoffStrategy_msginit + + [A] envoy_api_v2_core_BindConfig_msginit + + [A] envoy_api_v2_core_BuildVersion_msginit + + [A] envoy_api_v2_core_CidrRange_msginit + + [A] envoy_api_v2_core_ConfigSource_msginit + + [A] envoy_api_v2_core_ControlPlane_msginit + + [A] envoy_api_v2_core_DataSource_msginit + + [A] envoy_api_v2_core_EventServiceConfig_msginit + + [A] envoy_api_v2_core_Extension_msginit + + [A] envoy_api_v2_core_GrpcProtocolOptions_msginit + + [A] envoy_api_v2_core_GrpcService_EnvoyGrpc_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_CallCredentials_GoogleIAMCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_CallCredentials_MetadataCredentialsFromPlugin_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_CallCredentials_ServiceAccountJWTAccessCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_CallCredentials_StsService_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_CallCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_ChannelCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_GoogleLocalCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_SslCredentials_msginit + + [A] envoy_api_v2_core_GrpcService_GoogleGrpc_msginit + + [A] envoy_api_v2_core_GrpcService_msginit + + [A] envoy_api_v2_core_HeaderMap_msginit + + [A] envoy_api_v2_core_HeaderValueOption_msginit + + [A] envoy_api_v2_core_HeaderValue_msginit + + [A] envoy_api_v2_core_HealthCheck_CustomHealthCheck_msginit + + [A] envoy_api_v2_core_HealthCheck_GrpcHealthCheck_msginit + + [A] envoy_api_v2_core_HealthCheck_HttpHealthCheck_msginit + + [A] envoy_api_v2_core_HealthCheck_Payload_msginit + + [A] envoy_api_v2_core_HealthCheck_RedisHealthCheck_msginit + + [A] envoy_api_v2_core_HealthCheck_TcpHealthCheck_msginit + + [A] envoy_api_v2_core_HealthCheck_TlsOptions_msginit + + [A] envoy_api_v2_core_HealthCheck_msginit + + [A] envoy_api_v2_core_Http1ProtocolOptions_HeaderKeyFormat_ProperCaseWords_msginit + + [A] envoy_api_v2_core_Http1ProtocolOptions_HeaderKeyFormat_msginit + + [A] envoy_api_v2_core_Http1ProtocolOptions_msginit + + [A] envoy_api_v2_core_Http2ProtocolOptions_SettingsParameter_msginit + + [A] envoy_api_v2_core_Http2ProtocolOptions_msginit + + [A] envoy_api_v2_core_HttpProtocolOptions_msginit + + [A] envoy_api_v2_core_HttpUri_msginit + + [A] envoy_api_v2_core_Locality_msginit + + [A] envoy_api_v2_core_Metadata_FilterMetadataEntry_msginit + + [A] envoy_api_v2_core_Metadata_msginit + + [A] envoy_api_v2_core_Node_msginit + + [A] envoy_api_v2_core_Pipe_msginit + + [A] envoy_api_v2_core_RateLimitSettings_msginit + + [A] envoy_api_v2_core_RemoteDataSource_msginit + + [A] envoy_api_v2_core_RetryPolicy_msginit + + [A] envoy_api_v2_core_RuntimeDouble_msginit + + [A] envoy_api_v2_core_RuntimeFeatureFlag_msginit + + [A] envoy_api_v2_core_RuntimeFractionalPercent_msginit + + [A] envoy_api_v2_core_RuntimeUInt32_msginit + + [A] envoy_api_v2_core_SelfConfigSource_msginit + + [A] envoy_api_v2_core_SocketAddress_msginit + + [A] envoy_api_v2_core_SocketOption_msginit + + [A] envoy_api_v2_core_TcpKeepalive_msginit + + [A] envoy_api_v2_core_TcpProtocolOptions_msginit + + [A] envoy_api_v2_core_TransportSocket_msginit + + [A] envoy_api_v2_core_UpstreamHttpProtocolOptions_msginit + + [A] envoy_api_v2_endpoint_ClusterStats_DroppedRequests_msginit + + [A] envoy_api_v2_endpoint_ClusterStats_msginit + + [A] envoy_api_v2_endpoint_EndpointLoadMetricStats_msginit + + [A] envoy_api_v2_endpoint_Endpoint_HealthCheckConfig_msginit + + [A] envoy_api_v2_endpoint_Endpoint_msginit + + [A] envoy_api_v2_endpoint_LbEndpoint_msginit + + [A] envoy_api_v2_endpoint_LocalityLbEndpoints_msginit + + [A] envoy_api_v2_endpoint_UpstreamEndpointStats_msginit + + [A] envoy_api_v2_endpoint_UpstreamLocalityStats_msginit + + [A] envoy_api_v2_listener_ActiveRawUdpListenerConfig_msginit + + [A] envoy_api_v2_listener_FilterChainMatch_msginit + + [A] envoy_api_v2_listener_FilterChain_msginit + + [A] envoy_api_v2_listener_Filter_msginit + + [A] envoy_api_v2_listener_ListenerFilterChainMatchPredicate_MatchSet_msginit + + [A] envoy_api_v2_listener_ListenerFilterChainMatchPredicate_msginit + + [A] envoy_api_v2_listener_ListenerFilter_msginit + + [A] envoy_api_v2_listener_UdpListenerConfig_msginit + + [A] envoy_api_v2_route_CorsPolicy_msginit + + [A] envoy_api_v2_route_Decorator_msginit + + [A] envoy_api_v2_route_DirectResponseAction_msginit + + [A] envoy_api_v2_route_FilterAction_msginit + + [A] envoy_api_v2_route_HeaderMatcher_msginit + + [A] envoy_api_v2_route_HedgePolicy_msginit + + [A] envoy_api_v2_route_QueryParameterMatcher_msginit + + [A] envoy_api_v2_route_RateLimit_Action_DestinationCluster_msginit + + [A] envoy_api_v2_route_RateLimit_Action_GenericKey_msginit + + [A] envoy_api_v2_route_RateLimit_Action_HeaderValueMatch_msginit + + [A] envoy_api_v2_route_RateLimit_Action_RemoteAddress_msginit + + [A] envoy_api_v2_route_RateLimit_Action_RequestHeaders_msginit + + [A] envoy_api_v2_route_RateLimit_Action_SourceCluster_msginit + + [A] envoy_api_v2_route_RateLimit_Action_msginit + + [A] envoy_api_v2_route_RateLimit_msginit + + [A] envoy_api_v2_route_RedirectAction_msginit + + [A] envoy_api_v2_route_RetryPolicy_RetryBackOff_msginit + + [A] envoy_api_v2_route_RetryPolicy_RetryHostPredicate_msginit + + [A] envoy_api_v2_route_RetryPolicy_RetryPriority_msginit + + [A] envoy_api_v2_route_RetryPolicy_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_ConnectionProperties_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_Cookie_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_FilterState_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_Header_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_QueryParameter_msginit + + [A] envoy_api_v2_route_RouteAction_HashPolicy_msginit + + [A] envoy_api_v2_route_RouteAction_RequestMirrorPolicy_msginit + + [A] envoy_api_v2_route_RouteAction_UpgradeConfig_msginit + + [A] envoy_api_v2_route_RouteAction_msginit + + [A] envoy_api_v2_route_RouteMatch_GrpcRouteMatchOptions_msginit + + [A] envoy_api_v2_route_RouteMatch_TlsContextMatchOptions_msginit + + [A] envoy_api_v2_route_RouteMatch_msginit + + [A] envoy_api_v2_route_Route_PerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_Route_TypedPerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_Route_msginit + + [A] envoy_api_v2_route_Tracing_msginit + + [A] envoy_api_v2_route_VirtualCluster_msginit + + [A] envoy_api_v2_route_VirtualHost_PerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_VirtualHost_TypedPerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_VirtualHost_msginit + + [A] envoy_api_v2_route_WeightedCluster_ClusterWeight_PerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_WeightedCluster_ClusterWeight_TypedPerFilterConfigEntry_msginit + + [A] envoy_api_v2_route_WeightedCluster_ClusterWeight_msginit + + [A] envoy_api_v2_route_WeightedCluster_msginit + + [A] envoy_config_filter_accesslog_v2_AccessLogFilter_msginit + + [A] envoy_config_filter_accesslog_v2_AccessLog_msginit + + [A] envoy_config_filter_accesslog_v2_AndFilter_msginit + + [A] envoy_config_filter_accesslog_v2_ComparisonFilter_msginit + + [A] envoy_config_filter_accesslog_v2_DurationFilter_msginit + + [A] envoy_config_filter_accesslog_v2_ExtensionFilter_msginit + + [A] envoy_config_filter_accesslog_v2_GrpcStatusFilter_msginit + + [A] envoy_config_filter_accesslog_v2_HeaderFilter_msginit + + [A] envoy_config_filter_accesslog_v2_NotHealthCheckFilter_msginit + + [A] envoy_config_filter_accesslog_v2_OrFilter_msginit + + [A] envoy_config_filter_accesslog_v2_ResponseFlagFilter_msginit + + [A] envoy_config_filter_accesslog_v2_RuntimeFilter_msginit + + [A] envoy_config_filter_accesslog_v2_StatusCodeFilter_msginit + + [A] envoy_config_filter_accesslog_v2_TraceableFilter_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpConnectionManager_InternalAddressConfig_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpConnectionManager_SetCurrentClientCertDetails_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpConnectionManager_Tracing_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpConnectionManager_UpgradeConfig_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpConnectionManager_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_HttpFilter_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_Rds_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_RequestIDExtension_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRds_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRouteConfigurationsList_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRoutes_ScopeKeyBuilder_FragmentBuilder_HeaderValueExtractor_KvElement_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRoutes_ScopeKeyBuilder_FragmentBuilder_HeaderValueExtractor_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRoutes_ScopeKeyBuilder_FragmentBuilder_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRoutes_ScopeKeyBuilder_msginit + + [A] envoy_config_filter_network_http_connection_manager_v2_ScopedRoutes_msginit + + [A] envoy_config_listener_v2_ApiListener_msginit + + [A] envoy_config_trace_v2_Tracing_Http_msginit + + [A] envoy_config_trace_v2_Tracing_msginit + + [A] envoy_service_discovery_v2_AdsDummy_msginit + + [A] envoy_service_load_stats_v2_LoadStatsRequest_msginit + + [A] envoy_service_load_stats_v2_LoadStatsResponse_msginit + + [A] envoy_type_DoubleRange_msginit + + [A] envoy_type_FractionalPercent_msginit + + [A] envoy_type_Int32Range_msginit + + [A] envoy_type_Int64Range_msginit + + [A] envoy_type_Percent_msginit + + [A] envoy_type_SemanticVersion_msginit + + [A] envoy_type_matcher_ListStringMatcher_msginit + + [A] envoy_type_matcher_RegexMatchAndSubstitute_msginit + + [A] envoy_type_matcher_RegexMatcher_GoogleRE2_msginit + + [A] envoy_type_matcher_RegexMatcher_msginit + + [A] envoy_type_matcher_StringMatcher_msginit + + [A] envoy_type_metadata_v2_MetadataKey_PathSegment_msginit + + [A] envoy_type_metadata_v2_MetadataKey_msginit + + [A] envoy_type_metadata_v2_MetadataKind_Cluster_msginit + + [A] envoy_type_metadata_v2_MetadataKind_Host_msginit + + [A] envoy_type_metadata_v2_MetadataKind_Request_msginit + + [A] envoy_type_metadata_v2_MetadataKind_Route_msginit + + [A] envoy_type_metadata_v2_MetadataKind_msginit + + [A] envoy_type_tracing_v2_CustomTag_Environment_msginit + + [A] envoy_type_tracing_v2_CustomTag_Header_msginit + + [A] envoy_type_tracing_v2_CustomTag_Literal_msginit + + [A] envoy_type_tracing_v2_CustomTag_Metadata_msginit + + [A] envoy_type_tracing_v2_CustomTag_msginit + + [A] google_api_CustomHttpPattern_msginit + + [A] google_api_HttpRule_msginit + + [A] google_api_Http_msginit + + [A] google_protobuf_Any_msginit + + [A] google_protobuf_BoolValue_msginit + + [A] google_protobuf_BytesValue_msginit + + [A] google_protobuf_DescriptorProto_ExtensionRange_msginit + + [A] google_protobuf_DescriptorProto_ReservedRange_msginit + + [A] google_protobuf_DescriptorProto_msginit + + [A] google_protobuf_DoubleValue_msginit + + [A] google_protobuf_Duration_msginit + + [A] google_protobuf_Empty_msginit + + [A] google_protobuf_EnumDescriptorProto_EnumReservedRange_msginit + + [A] google_protobuf_EnumDescriptorProto_msginit + + [A] google_protobuf_EnumOptions_msginit + + [A] google_protobuf_EnumValueDescriptorProto_msginit + + [A] google_protobuf_EnumValueOptions_msginit + + [A] google_protobuf_ExtensionRangeOptions_msginit + + [A] google_protobuf_FieldDescriptorProto_msginit + + [A] google_protobuf_FieldOptions_msginit + + [A] google_protobuf_FileDescriptorProto_msginit + + [A] google_protobuf_FileDescriptorSet_msginit + + [A] google_protobuf_FileOptions_msginit + + [A] google_protobuf_FloatValue_msginit + + [A] google_protobuf_GeneratedCodeInfo_Annotation_msginit + + [A] google_protobuf_GeneratedCodeInfo_msginit + + [A] google_protobuf_Int32Value_msginit + + [A] google_protobuf_Int64Value_msginit + + [A] google_protobuf_ListValue_msginit + + [A] google_protobuf_MessageOptions_msginit + + [A] google_protobuf_MethodDescriptorProto_msginit + + [A] google_protobuf_MethodOptions_msginit + + [A] google_protobuf_OneofDescriptorProto_msginit + + [A] google_protobuf_OneofOptions_msginit + + [A] google_protobuf_ServiceDescriptorProto_msginit + + [A] google_protobuf_ServiceOptions_msginit + + [A] google_protobuf_SourceCodeInfo_Location_msginit + + [A] google_protobuf_SourceCodeInfo_msginit + + [A] google_protobuf_StringValue_msginit + + [A] google_protobuf_Struct_FieldsEntry_msginit + + [A] google_protobuf_Struct_msginit + + [A] google_protobuf_Timestamp_msginit + + [A] google_protobuf_UInt32Value_msginit + + [A] google_protobuf_UInt64Value_msginit + + [A] google_protobuf_UninterpretedOption_NamePart_msginit + + [A] google_protobuf_UninterpretedOption_msginit + + [A] google_protobuf_Value_msginit + + [A] google_rpc_Status_msginit + + [A] grpc_gcp_AltsContext_PeerAttributesEntry_msginit + + [A] grpc_gcp_AltsContext_msginit + + [A] grpc_gcp_Endpoint_msginit + + [A] grpc_gcp_HandshakerReq_msginit + + [A] grpc_gcp_HandshakerResp_msginit + + [A] grpc_gcp_HandshakerResult_msginit + + [A] grpc_gcp_HandshakerStatus_msginit + + [A] grpc_gcp_Identity_AttributesEntry_msginit + + [A] grpc_gcp_Identity_msginit + + [A] grpc_gcp_NextHandshakeMessageReq_msginit + + [A] grpc_gcp_RpcProtocolVersions_Version_msginit + + [A] grpc_gcp_RpcProtocolVersions_msginit + + [A] grpc_gcp_ServerHandshakeParameters_msginit + + [A] grpc_gcp_StartClientHandshakeReq_msginit + + [A] grpc_gcp_StartServerHandshakeReq_HandshakeParametersEntry_msginit + + [A] grpc_gcp_StartServerHandshakeReq_msginit + + [A] grpc_health_v1_HealthCheckRequest_msginit + + [A] grpc_health_v1_HealthCheckResponse_msginit + + [A] grpc_keepalive_trace + + [A] grpc_lb_v1_ClientStatsPerToken_msginit + + [A] grpc_lb_v1_ClientStats_msginit + + [A] grpc_lb_v1_FallbackResponse_msginit + + [A] grpc_lb_v1_InitialLoadBalanceRequest_msginit + + [A] grpc_lb_v1_InitialLoadBalanceResponse_msginit + + [A] grpc_lb_v1_LoadBalanceRequest_msginit + + [A] grpc_lb_v1_LoadBalanceResponse_msginit + + [A] grpc_lb_v1_ServerList_msginit + + [A] grpc_lb_v1_Server_msginit + + [A] grpc_trace_chttp2_hpack_parser + + [A] udpa_annotations_FieldMigrateAnnotation_msginit + + [A] udpa_annotations_FileMigrateAnnotation_msginit + + [A] udpa_annotations_MigrateAnnotation_msginit + + [A] udpa_annotations_StatusAnnotation_msginit + + [A] udpa_data_orca_v1_OrcaLoadReport_RequestCostEntry_msginit + + [A] udpa_data_orca_v1_OrcaLoadReport_UtilizationEntry_msginit + + [A] udpa_data_orca_v1_OrcaLoadReport_msginit + + [A] validate_AnyRules_msginit + + [A] validate_BoolRules_msginit + + [A] validate_BytesRules_msginit + + [A] validate_DoubleRules_msginit + + [A] validate_DurationRules_msginit + + [A] validate_EnumRules_msginit + + [A] validate_FieldRules_msginit + + [A] validate_Fixed32Rules_msginit + + [A] validate_Fixed64Rules_msginit + + [A] validate_FloatRules_msginit + + [A] validate_Int32Rules_msginit + + [A] validate_Int64Rules_msginit + + [A] validate_MapRules_msginit + + [A] validate_MessageRules_msginit + + [A] validate_RepeatedRules_msginit + + [A] validate_SFixed32Rules_msginit + + [A] validate_SFixed64Rules_msginit + + [A] validate_SInt32Rules_msginit + + [A] validate_SInt64Rules_msginit + + [A] validate_StringRules_msginit + + [A] validate_TimestampRules_msginit + + [A] validate_UInt32Rules_msginit + + [A] validate_UInt64Rules_msginit + + + +---------------diffs in grpc_libgrpc++.so.1.31.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 385 Removed, 312 Added function symbols not referenced by debug info + +Variable symbols changes summary: 147 Removed, 99 Added variable symbols not referenced by debug info + + + +385 Removed function symbols not referenced by debug info: + + + + [D] _ZN21grpc_call_credentialsD0Ev + + [D] _ZN21grpc_call_credentialsD1Ev, aliases _ZN21grpc_call_credentialsD2Ev + + [D] _ZN21grpc_call_credentialsD2Ev + + [D] _ZN24grpc_channel_credentialsD0Ev + + [D] _ZN24grpc_channel_credentialsD1Ev, aliases _ZN24grpc_channel_credentialsD2Ev + + [D] _ZN24grpc_channel_credentialsD2Ev + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10ByteBufferES2_E10OnReadDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10ByteBufferES2_E11OnWriteDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10ByteBufferES2_E16OnWritesDoneDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10ByteBufferES2_E25OnReadInitialMetadataDoneEb + + [D] _ZN4grpc12experimental17ClientBidiReactorINS_10ByteBufferES2_E6OnDoneERKNS_6StatusE + + [D] _ZN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_E10BindStreamEPNS0_26ServerCallbackReaderWriterIS2_S2_EE + + [D] _ZN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_E10OnReadDoneEb + + [D] _ZN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_E11OnWriteDoneEb + + [D] _ZN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_E25OnSendInitialMetadataDoneEb + + [D] _ZN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_E8OnCancelEv + + [D] _ZN4grpc12experimental22CallbackGenericService13CreateReactorEv + + [D] _ZN4grpc12experimental24ServerGenericBidiReactor9OnStartedEPN9grpc_impl13ServerContextE + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE14WriteAndFinishERKS1_NS_12WriteOptionsERKNS_6StatusEPv + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE19SendInitialMetadataEPv + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE5WriteERKS1_Pv + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE6FinishERKNS_6StatusEPv + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEE8BindCallEPNS_8internal4CallE + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEED0Ev + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEED1Ev, aliases _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEED2Ev + + [D] _ZN4grpc17ServerAsyncWriterINS_10ByteBufferEED2Ev + + [D] _ZN4grpc19AsyncGenericService11RequestCallEPNS_20GenericServerContextEPNS_23ServerAsyncReaderWriterINS_10ByteBufferES4_EEPN9grpc_impl15CompletionQueueEPNS7_21ServerCompletionQueueEPv + + [D] _ZN4grpc19ServerBuilderPlugin19UpdateServerBuilderEPN9grpc_impl13ServerBuilderE + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E10WritesDoneEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E19ReadInitialMetadataEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E4ReadEPS1_Pv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_Pv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E6FinishEPNS_6StatusEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E9StartCallEPv + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED1Ev, aliases _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED2Ev + + [D] _ZN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED2Ev + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E14WriteAndFinishERKS1_NS_12WriteOptionsERKNS_6StatusEPv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E19SendInitialMetadataEPv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E4ReadEPS1_Pv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_Pv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E6FinishERKNS_6StatusEPv + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E8BindCallEPNS_8internal4CallE + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED1Ev, aliases _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED2Ev + + [D] _ZN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEE19ReadInitialMetadataEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEE6FinishEPS1_PNS_6StatusEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEE9StartCallEv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED0Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED1Ev, _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED1Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEED2Ev + + [D] _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEE19SendInitialMetadataEPv + + [D] _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEE8BindCallEPNS_8internal4CallE + + [D] _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEED0Ev + + [D] _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEED1Ev, aliases _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEED2Ev + + [D] _ZN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEED2Ev + + [D] _ZN4grpc37HealthCheckServiceServerBuilderOptionC1ESt10unique_ptrIN9grpc_impl27HealthCheckServiceInterfaceESt14default_deleteIS3_EE, aliases _ZN4grpc37HealthCheckServiceServerBuilderOptionC2ESt10unique_ptrIN9grpc_impl27HealthCheckServiceInterfaceESt14default_deleteIS3_EE + + [D] _ZN4grpc37HealthCheckServiceServerBuilderOptionC2ESt10unique_ptrIN9grpc_impl27HealthCheckServiceInterfaceESt14default_deleteIS3_EE + + [D] _ZN4grpc8internal16CatchingCallbackISt8functionIFvNS_6StatusEEEJS3_EEEvOT_DpOT0_ + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EED0Ev + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EED1Ev, aliases _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EED2Ev + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EED2Ev + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EED0Ev + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EED1Ev, aliases _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EED2Ev + + [D] _ZN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EED2Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl14WriteAndFinishEPKS2_NS_12WriteOptionsENS_6StatusE + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEv + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl4ReadEPS2_ + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl5WriteEPKS2_NS_12WriteOptionsE + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl6FinishENS_6StatusE + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl9MaybeDoneEv + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplD0Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplD1Ev, aliases _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplD2Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplD2Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_ED0Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_ED1Ev, aliases _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal21CallbackWithStatusTag9StaticRunEP42grpc_experimental_completion_queue_functori + + [D] _ZN4grpc8internal22CallOpClientRecvStatus8FinishOpEPb + + [D] _ZN4grpc8internal22CallbackWithSuccessTag3SetEP9grpc_callSt8functionIFvbEEPNS0_18CompletionQueueTagE + + [D] _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_E6OnDoneEv + + [D] _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_E9OnStartedEPN9grpc_impl13ServerContextE + + [D] _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_ED0Ev + + [D] _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_ED1Ev, aliases _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E10RemoveHoldEv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E10WritesDoneEv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E4ReadEPS2_ + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E5WriteEPKS2_NS_12WriteOptionsE + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E7AddHoldEi + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEv + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_ED0Ev + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_ED1Ev, aliases _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_ED2Ev + + [D] _ZN4grpc8internal30ExternalConnectionAcceptorImplC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_impl13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrINSA_17ServerCredentialsEE, aliases _ZN4grpc8internal30ExternalConnectionAcceptorImplC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_impl13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrINSA_17ServerCredentialsEE + + [D] _ZN4grpc8internal30ExternalConnectionAcceptorImplC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEN9grpc_impl13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrINSA_17ServerCredentialsEE + + [D] _ZN4grpc8internal31UnimplementedGenericBidiReactor6OnDoneEv + + [D] _ZN4grpc8internal31UnimplementedGenericBidiReactor9OnStartedEPNS_20GenericServerContextE + + [D] _ZN4grpc8internal31UnimplementedGenericBidiReactorD0Ev + + [D] _ZN4grpc8internal31UnimplementedGenericBidiReactorD1Ev, aliases _ZN4grpc8internal31UnimplementedGenericBidiReactorD2Ev + + [D] _ZN4grpc8internal31UnimplementedGenericBidiReactorD2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE11core_cq_tagEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE14FinalizeResultEPPvPb + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE17SetHijackingStateEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE32ContinueFillOpsAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEE7FillOpsEPNS0_4CallE + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED0Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED1Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEED2Ev + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD0Ev + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD1Ev, aliases _ZN9grpc_core8internal24ThreadInternalsInterfaceD2Ev + + [D] _ZN9grpc_core8internal24ThreadInternalsInterfaceD2Ev + + [D] _ZN9grpc_impl11GenericStub11PrepareCallEPNS_13ClientContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPNS_15CompletionQueueE + + [D] _ZN9grpc_impl11GenericStub16PrepareUnaryCallEPNS_13ClientContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKN4grpc10ByteBufferEPNS_15CompletionQueueE + + [D] _ZN9grpc_impl11GenericStub17experimental_type24PrepareBidiStreamingCallEPNS_13ClientContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPN4grpc12experimental17ClientBidiReactorINSC_10ByteBufferESF_EE + + [D] _ZN9grpc_impl11GenericStub17experimental_type9UnaryCallEPNS_13ClientContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPKN4grpc10ByteBufferEPSD_St8functionIFvNSC_6StatusEEE + + [D] _ZN9grpc_impl11GenericStub4CallEPNS_13ClientContextERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPNS_15CompletionQueueEPv + + [D] _ZN9grpc_impl12experimental49CreateCustomInsecureChannelWithInterceptorsFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEiRKNS_16ChannelArgumentsESt6vectorISt10unique_ptrIN4grpc12experimental33ClientInterceptorFactoryInterfaceESt14default_deleteISG_EESaISJ_EE + + [D] _ZN9grpc_impl13ResourceQuota13SetMaxThreadsEi + + [D] _ZN9grpc_impl13ResourceQuota6ResizeEm + + [D] _ZN9grpc_impl13ResourceQuotaC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [D] _ZN9grpc_impl13ResourceQuotaC1Ev, aliases _ZN9grpc_impl13ResourceQuotaC2Ev + + [D] _ZN9grpc_impl13ResourceQuotaC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN9grpc_impl13ResourceQuotaC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [D] _ZN9grpc_impl13ResourceQuotaC2Ev + + [D] _ZN9grpc_impl13ResourceQuotaD0Ev + + [D] _ZN9grpc_impl13ResourceQuotaD1Ev, aliases _ZN9grpc_impl13ResourceQuotaD2Ev + + [D] _ZN9grpc_impl13ResourceQuotaD2Ev + + [D] _ZN9grpc_impl13ServerBuilder13BuildAndStartEv + + [D] _ZN9grpc_impl13ServerBuilder15RegisterServiceEPN4grpc7ServiceE + + [D] _ZN9grpc_impl13ServerBuilder15RegisterServiceERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPN4grpc7ServiceE + + [D] _ZN9grpc_impl13ServerBuilder16AddListeningPortERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10shared_ptrINS_17ServerCredentialsEEPi + + [D] _ZN9grpc_impl13ServerBuilder16EnableWorkaroundE20grpc_workaround_list + + [D] _ZN9grpc_impl13ServerBuilder16SetResourceQuotaERKNS_13ResourceQuotaE + + [D] _ZN9grpc_impl13ServerBuilder17experimental_type29AddExternalConnectionAcceptorENS1_22ExternalConnectionTypeESt10shared_ptrINS_17ServerCredentialsEE + + [D] _ZN9grpc_impl13ServerBuilder17experimental_type30RegisterCallbackGenericServiceEPN4grpc12experimental22CallbackGenericServiceE + + [D] _ZN9grpc_impl13ServerBuilder18AddCompletionQueueEb + + [D] _ZN9grpc_impl13ServerBuilder19SetSyncServerOptionENS0_16SyncServerOptionEi + + [D] _ZN9grpc_impl13ServerBuilder24InternalAddPluginFactoryEPFSt10unique_ptrIN4grpc19ServerBuilderPluginESt14default_deleteIS3_EEvE + + [D] _ZN9grpc_impl13ServerBuilder26SetDefaultCompressionLevelE22grpc_compression_level + + [D] _ZN9grpc_impl13ServerBuilder27RegisterAsyncGenericServiceEPN4grpc19AsyncGenericServiceE + + [D] _ZN9grpc_impl13ServerBuilder30SetDefaultCompressionAlgorithmE26grpc_compression_algorithm + + [D] _ZN9grpc_impl13ServerBuilder36SetCompressionAlgorithmSupportStatusE26grpc_compression_algorithmb + + [D] _ZN9grpc_impl13ServerBuilder4PortD1Ev, aliases _ZN9grpc_impl13ServerBuilder4PortD2Ev + + [D] _ZN9grpc_impl13ServerBuilder4PortD2Ev + + [D] _ZN9grpc_impl13ServerBuilder9SetOptionESt10unique_ptrINS_19ServerBuilderOptionESt14default_deleteIS2_EE + + [D] _ZN9grpc_impl13ServerBuilderC1Ev, aliases _ZN9grpc_impl13ServerBuilderC2Ev + + [D] _ZN9grpc_impl13ServerBuilderC2Ev + + [D] _ZN9grpc_impl13ServerBuilderD0Ev + + [D] _ZN9grpc_impl13ServerBuilderD1Ev, aliases _ZN9grpc_impl13ServerBuilderD2Ev + + [D] _ZN9grpc_impl13ServerBuilderD2Ev + + [D] _ZN9grpc_impl13ServerContext12CompletionOp11core_cq_tagEv + + [D] _ZN9grpc_impl13ServerContext12CompletionOp14FinalizeResultEPPvPb + + [D] _ZN9grpc_impl13ServerContext12CompletionOp17SetHijackingStateEv + + [D] _ZN9grpc_impl13ServerContext12CompletionOp32ContinueFillOpsAfterInterceptionEv + + [D] _ZN9grpc_impl13ServerContext12CompletionOp39ContinueFinalizeResultAfterInterceptionEv + + [D] _ZN9grpc_impl13ServerContext12CompletionOp5UnrefEv + + [D] _ZN9grpc_impl13ServerContext12CompletionOp7FillOpsEPN4grpc8internal4CallE + + [D] _ZN9grpc_impl13ServerContext12CompletionOpD0Ev + + [D] _ZN9grpc_impl13ServerContext12CompletionOpD1Ev + + [D] _ZN9grpc_impl13ServerContext12CompletionOpD2Ev, aliases _ZN9grpc_impl13ServerContext12CompletionOpD1Ev + + [D] _ZN9grpc_impl13ServerContext17BeginCompletionOpEPN4grpc8internal4CallESt8functionIFvbEEPNS2_13ServerReactorE + + [D] _ZN9grpc_impl13ServerContext17SetCancelCallbackESt8functionIFvvEE + + [D] _ZN9grpc_impl13ServerContext18AddInitialMetadataERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_ + + [D] _ZN9grpc_impl13ServerContext18GetCompletionOpTagEv + + [D] _ZN9grpc_impl13ServerContext19AddTrailingMetadataERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_ + + [D] _ZN9grpc_impl13ServerContext19ClearCancelCallbackEv + + [D] _ZN9grpc_impl13ServerContext19set_server_rpc_infoEPKcN4grpc8internal9RpcMethod7RpcTypeERKSt6vectorISt10unique_ptrINS3_12experimental33ServerInterceptorFactoryInterfaceESt14default_deleteISA_EESaISD_EE + + [D] _ZN9grpc_impl13ServerContext21SetLoadReportingCostsERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EE + + [D] _ZN9grpc_impl13ServerContext23BindDeadlineAndMetadataE12gpr_timespecP19grpc_metadata_array + + [D] _ZN9grpc_impl13ServerContext25set_compression_algorithmE26grpc_compression_algorithm + + [D] _ZN9grpc_impl13ServerContext5ClearEv + + [D] _ZN9grpc_impl13ServerContext5SetupE12gpr_timespec + + [D] _ZN9grpc_impl13ServerContextC1E12gpr_timespecP19grpc_metadata_array + + [D] _ZN9grpc_impl13ServerContextC1Ev, aliases _ZN9grpc_impl13ServerContextC2Ev + + [D] _ZN9grpc_impl13ServerContextC2E12gpr_timespecP19grpc_metadata_array, aliases _ZN9grpc_impl13ServerContextC1E12gpr_timespecP19grpc_metadata_array + + [D] _ZN9grpc_impl13ServerContextC2Ev + + [D] _ZN9grpc_impl16ChannelArguments16SetResourceQuotaERKNS_13ResourceQuotaE + + [D] _ZN9grpc_impl23SecureServerCredentials24SetAuthMetadataProcessorERKSt10shared_ptrINS_21AuthMetadataProcessorEE + + [D] _ZN9grpc_impl24AddInsecureChannelFromFdEPNS_6ServerEi + + [D] _ZN9grpc_impl27CreateInsecureChannelFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEi + + [D] _ZN9grpc_impl31EnableDefaultHealthCheckServiceEb + + [D] _ZN9grpc_impl32DefaultHealthCheckServiceEnabledEv + + [D] _ZN9grpc_impl33CreateCustomInsecureChannelFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEiRKNS_16ChannelArgumentsE + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE14FinalizeResultEPPvPb + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEv + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag3RunEb + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag9StaticRunEP42grpc_experimental_completion_queue_functori + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE7RequestEv + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEED0Ev + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEED1Ev, aliases _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEED2Ev + + [D] _ZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEED2Ev + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE14FinalizeResultEPPvPb + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEv + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag3RunEb + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag9StaticRunEP42grpc_experimental_completion_queue_functori + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE7RequestEv + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEED0Ev + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEED1Ev, aliases _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEED2Ev + + [D] _ZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEED2Ev + + [D] _ZN9grpc_impl6ServerC1EiPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE, aliases _ZN9grpc_impl6ServerC2EiPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE + + [D] _ZN9grpc_impl6ServerC2EiPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE + + [D] _ZNK9grpc_impl13ServerContext11IsCancelledEv + + [D] _ZNK9grpc_impl13ServerContext14census_contextEv + + [D] _ZNK9grpc_impl13ServerContext4peerB5cxx11Ev + + [D] _ZNK9grpc_impl13ServerContext9TryCancelEv + + [D] _ZNK9grpc_impl21AuthMetadataProcessor10IsBlockingEv + + [D] _ZNK9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE11method_nameEv + + [D] _ZNK9grpc_impl6Server15CallbackRequestINS_13ServerContextEE11method_nameEv + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc12experimental22CallbackGenericService7HandlerEvEUlvE_E10_M_managerERSt9_Any_dataRKS6_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImpl6FinishENS1_6StatusEEUlbE_E10_M_managerERSt9_Any_dataRKSA_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE0_E10_M_managerERSt9_Any_dataRKSL_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE1_E10_M_managerERSt9_Any_dataRKSL_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE_E10_M_managerERSt9_Any_dataRKSL_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E10WritesDoneEvEUlbE_E10_M_managerERSt9_Any_dataRKS8_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE0_E10_M_managerERSt9_Any_dataRKS8_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE1_E10_M_managerERSt9_Any_dataRKS8_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE2_E10_M_managerERSt9_Any_dataRKS8_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE_E10_M_managerERSt9_Any_dataRKS8_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E10_M_managerERSt9_Any_dataRKSA_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag3RunEbEUlvE_E10_M_managerERSt9_Any_dataRKSA_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestINS1_13ServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestINS1_13ServerContextEE15CallbackCallTag3RunEbEUlvE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [D] _ZNSt17_Function_handlerIFPN4grpc12experimental17ServerBidiReactorINS0_10ByteBufferES3_EEvEZNS1_22CallbackGenericService7HandlerEvEUlvE_E9_M_invokeERKSt9_Any_data + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImpl6FinishENS1_6StatusEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE0_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE1_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal19CallbackBidiHandlerINS1_10ByteBufferES4_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS2_4CallESt8functionIFvvEEPNS1_12experimental17ServerBidiReactorIS4_S4_EEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E10WritesDoneEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE0_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE1_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE2_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal30ClientCallbackReaderWriterImplINS1_10ByteBufferES4_E9StartCallEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E9_M_invokeERKSt9_Any_data + + [D] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag3RunEbEUlvE_E9_M_invokeERKSt9_Any_data + + [D] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestINS1_13ServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E9_M_invokeERKSt9_Any_data + + [D] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestINS1_13ServerContextEE15CallbackCallTag3RunEbEUlvE_E9_M_invokeERKSt9_Any_data + + [D] _ZNSt6vectorIN9grpc_impl13ServerBuilder4PortESaIS2_EE17_M_realloc_insertIJRKS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [D] _ZNSt6vectorIN9grpc_impl13ServerBuilder4PortESaIS2_EED1Ev, aliases _ZNSt6vectorIN9grpc_impl13ServerBuilder4PortESaIS2_EED2Ev + + [D] _ZNSt6vectorIN9grpc_impl13ServerBuilder4PortESaIS2_EED2Ev + + [D] _ZNSt6vectorISt10unique_ptrIN9grpc_impl13ServerBuilder12NamedServiceESt14default_deleteIS3_EESaIS6_EE12emplace_backIJPS3_EEEvDpOT_ + + [D] _ZNSt6vectorISt10unique_ptrIN9grpc_impl13ServerBuilder12NamedServiceESt14default_deleteIS3_EESaIS6_EE17_M_realloc_insertIJPS3_EEEvN9__gnu_cxx17__normal_iteratorIPS6_S8_EEDpOT_ + + [D] _ZNSt6vectorIlSaIlEE12emplace_backIJlEEEvDpOT_ + + [D] _ZNSt6vectorIlSaIlEE17_M_realloc_insertIJlEEEvN9__gnu_cxx17__normal_iteratorIPlS1_EEDpOT_ + + [D] _ZNSt8functionIFvN4grpc6StatusEEEC1ERKS3_, aliases _ZNSt8functionIFvN4grpc6StatusEEEC2ERKS3_ + + [D] _ZNSt8functionIFvN4grpc6StatusEEEC2ERKS3_ + + [D] _ZThn16_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E4ReadEPS1_Pv + + [D] _ZThn16_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZThn16_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED1Ev + + [D] _ZThn16_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E4ReadEPS1_Pv + + [D] _ZThn16_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZThn16_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED1Ev + + [D] _ZThn8_N4grpc17ServerAsyncWriterINS_10ByteBufferEE5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZThn8_N4grpc17ServerAsyncWriterINS_10ByteBufferEE5WriteERKS1_Pv + + [D] _ZThn8_N4grpc17ServerAsyncWriterINS_10ByteBufferEED0Ev + + [D] _ZThn8_N4grpc17ServerAsyncWriterINS_10ByteBufferEED1Ev + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_Pv + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZThn8_N4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_ED1Ev + + [D] _ZThn8_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_NS_12WriteOptionsEPv + + [D] _ZThn8_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_E5WriteERKS1_Pv + + [D] _ZThn8_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED0Ev + + [D] _ZThn8_N4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_ED1Ev + + [D] pb_close_string_substream + + [D] pb_decode + + [D] pb_decode_delimited + + [D] pb_decode_fixed32 + + [D] pb_decode_fixed64 + + [D] pb_decode_noinit + + [D] pb_decode_svarint + + [D] pb_decode_tag + + [D] pb_decode_varint + + [D] pb_encode + + [D] pb_encode_delimited + + [D] pb_encode_fixed32 + + [D] pb_encode_fixed64 + + [D] pb_encode_string + + [D] pb_encode_submessage + + [D] pb_encode_svarint + + [D] pb_encode_tag + + [D] pb_encode_tag_for_field + + [D] pb_encode_varint + + [D] pb_field_iter_begin + + [D] pb_field_iter_find + + [D] pb_field_iter_next + + [D] pb_get_encoded_size + + [D] pb_istream_from_buffer + + [D] pb_make_string_substream + + [D] pb_ostream_from_buffer + + [D] pb_read + + [D] pb_skip_field + + [D] pb_write + + + +312 Added function symbols not referenced by debug info: + + + + [A] _ZN21grpc_call_credentials12debug_stringB5cxx11Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core14PemKeyCertPairELm1ESaIS4_EE11EmplaceBackIJRKS4_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core14PemKeyCertPairELm1ESaIS4_EE11EmplaceBackIJS4_EEERS4_DpOT_ + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core14PemKeyCertPairELm1ESaIS4_EED1Ev, aliases _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core14PemKeyCertPairELm1ESaIS4_EED2Ev + + [A] _ZN4absl14lts_2020_02_2523inlined_vector_internal7StorageIN9grpc_core14PemKeyCertPairELm1ESaIS4_EED2Ev + + [A] _ZN4grpc11CoreCodegen25grpc_call_error_to_stringE15grpc_call_error + + [A] _ZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextE + + [A] _ZN4grpc12experimental28GenericCallbackServerContextD0Ev + + [A] _ZN4grpc12experimental28GenericCallbackServerContextD1Ev + + [A] _ZN4grpc12experimental28GenericCallbackServerContextD2Ev, aliases _ZN4grpc12experimental28GenericCallbackServerContextD1Ev + + [A] _ZN4grpc12experimental49CreateCustomInsecureChannelWithInterceptorsFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEiRKN9grpc_impl16ChannelArgumentsESt6vectorISt10unique_ptrINS0_33ClientInterceptorFactoryInterfaceESt14default_deleteISF_EESaISI_EE + + [A] _ZN4grpc13ResourceQuota13SetMaxThreadsEi + + [A] _ZN4grpc13ResourceQuota6ResizeEm + + [A] _ZN4grpc13ResourceQuotaC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN4grpc13ResourceQuotaC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN4grpc13ResourceQuotaC1Ev, aliases _ZN4grpc13ResourceQuotaC2Ev + + [A] _ZN4grpc13ResourceQuotaC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN4grpc13ResourceQuotaC2Ev + + [A] _ZN4grpc13ResourceQuotaD0Ev + + [A] _ZN4grpc13ResourceQuotaD1Ev, aliases _ZN4grpc13ResourceQuotaD2Ev + + [A] _ZN4grpc13ResourceQuotaD2Ev + + [A] _ZN4grpc13ServerBuilder13BuildAndStartEv + + [A] _ZN4grpc13ServerBuilder15RegisterServiceEPNS_7ServiceE + + [A] _ZN4grpc13ServerBuilder15RegisterServiceERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPNS_7ServiceE + + [A] _ZN4grpc13ServerBuilder16AddListeningPortERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10shared_ptrIN9grpc_impl17ServerCredentialsEEPi + + [A] _ZN4grpc13ServerBuilder16EnableWorkaroundE20grpc_workaround_list + + [A] _ZN4grpc13ServerBuilder16SetResourceQuotaERKNS_13ResourceQuotaE + + [A] _ZN4grpc13ServerBuilder17experimental_type29AddExternalConnectionAcceptorENS1_22ExternalConnectionTypeESt10shared_ptrIN9grpc_impl17ServerCredentialsEE + + [A] _ZN4grpc13ServerBuilder17experimental_type30RegisterCallbackGenericServiceEPNS_12experimental22CallbackGenericServiceE + + [A] _ZN4grpc13ServerBuilder18AddCompletionQueueEb + + [A] _ZN4grpc13ServerBuilder19SetSyncServerOptionENS0_16SyncServerOptionEi + + [A] _ZN4grpc13ServerBuilder24InternalAddPluginFactoryEPFSt10unique_ptrINS_19ServerBuilderPluginESt14default_deleteIS2_EEvE + + [A] _ZN4grpc13ServerBuilder26SetDefaultCompressionLevelE22grpc_compression_level + + [A] _ZN4grpc13ServerBuilder27RegisterAsyncGenericServiceEPNS_19AsyncGenericServiceE + + [A] _ZN4grpc13ServerBuilder30SetDefaultCompressionAlgorithmE26grpc_compression_algorithm + + [A] _ZN4grpc13ServerBuilder36SetCompressionAlgorithmSupportStatusE26grpc_compression_algorithmb + + [A] _ZN4grpc13ServerBuilder4PortD1Ev, aliases _ZN4grpc13ServerBuilder4PortD2Ev + + [A] _ZN4grpc13ServerBuilder4PortD2Ev + + [A] _ZN4grpc13ServerBuilder9SetOptionESt10unique_ptrIN9grpc_impl19ServerBuilderOptionESt14default_deleteIS3_EE + + [A] _ZN4grpc13ServerBuilderC1Ev, aliases _ZN4grpc13ServerBuilderC2Ev + + [A] _ZN4grpc13ServerBuilderC2Ev + + [A] _ZN4grpc13ServerBuilderD0Ev + + [A] _ZN4grpc13ServerBuilderD1Ev, aliases _ZN4grpc13ServerBuilderD2Ev + + [A] _ZN4grpc13ServerBuilderD2Ev + + [A] _ZN4grpc19AsyncGenericService11RequestCallEPNS_20GenericServerContextEPN9grpc_impl23ServerAsyncReaderWriterINS_10ByteBufferES5_EEPNS3_15CompletionQueueEPNS3_21ServerCompletionQueueEPv + + [A] _ZN4grpc19ServerBuilderPlugin19UpdateServerBuilderEPNS_13ServerBuilderE + + [A] _ZN4grpc20GenericServerContextD0Ev + + [A] _ZN4grpc24AddInsecureChannelFromFdEPN9grpc_impl6ServerEi + + [A] _ZN4grpc27CreateInsecureChannelFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEi + + [A] _ZN4grpc31EnableDefaultHealthCheckServiceEb + + [A] _ZN4grpc32DefaultHealthCheckServiceEnabledEv + + [A] _ZN4grpc32MetadataCredentialsPluginWrapper11DebugStringEPv + + [A] _ZN4grpc33CreateCustomInsecureChannelFromFdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEiRKN9grpc_impl16ChannelArgumentsE + + [A] _ZN4grpc37HealthCheckServiceServerBuilderOptionC1ESt10unique_ptrINS_27HealthCheckServiceInterfaceESt14default_deleteIS2_EE + + [A] _ZN4grpc37HealthCheckServiceServerBuilderOptionC2ESt10unique_ptrINS_27HealthCheckServiceInterfaceESt14default_deleteIS2_EE, aliases _ZN4grpc37HealthCheckServiceServerBuilderOptionC1ESt10unique_ptrINS_27HealthCheckServiceInterfaceESt14default_deleteIS2_EE + + [A] _ZN4grpc8internal22CallbackWithSuccessTag3SetEP9grpc_callSt8functionIFvbEEPNS0_18CompletionQueueTagEb + + [A] _ZN4grpc8internal30ExternalConnectionAcceptorImplC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrIN9grpc_impl17ServerCredentialsEE, aliases _ZN4grpc8internal30ExternalConnectionAcceptorImplC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrIN9grpc_impl17ServerCredentialsEE + + [A] _ZN4grpc8internal30ExternalConnectionAcceptorImplC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_13ServerBuilder17experimental_type22ExternalConnectionTypeESt10shared_ptrIN9grpc_impl17ServerCredentialsEE + + [A] _ZN9grpc_core14PemKeyCertPairD1Ev, aliases _ZN9grpc_core14PemKeyCertPairD2Ev + + [A] _ZN9grpc_core14PemKeyCertPairD2Ev + + [A] _ZN9grpc_core4JsonD1Ev, aliases _ZN9grpc_core4JsonD2Ev + + [A] _ZN9grpc_core4JsonD2Ev + + [A] _ZN9grpc_impl12experimental14StsCredentialsERKNS0_21StsCredentialsOptionsE + + [A] _ZN9grpc_impl12experimental14TlsCredentialsERKNS0_21TlsCredentialsOptionsE + + [A] _ZN9grpc_impl12experimental20TlsServerCredentialsERKNS0_21TlsCredentialsOptionsE + + [A] _ZN9grpc_impl12experimental21TlsCredentialsOptionsC1E35grpc_tls_server_verification_optionSt10shared_ptrINS0_21TlsKeyMaterialsConfigEES3_INS0_25TlsCredentialReloadConfigEES3_INS0_33TlsServerAuthorizationCheckConfigEE, aliases _ZN9grpc_impl12experimental21TlsCredentialsOptionsC2E35grpc_tls_server_verification_optionSt10shared_ptrINS0_21TlsKeyMaterialsConfigEES3_INS0_25TlsCredentialReloadConfigEES3_INS0_33TlsServerAuthorizationCheckConfigEE + + [A] _ZN9grpc_impl12experimental21TlsCredentialsOptionsC1E40grpc_ssl_client_certificate_request_type35grpc_tls_server_verification_optionSt10shared_ptrINS0_21TlsKeyMaterialsConfigEES4_INS0_25TlsCredentialReloadConfigEES4_INS0_33TlsServerAuthorizationCheckConfigEE + + [A] _ZN9grpc_impl12experimental21TlsCredentialsOptionsC1E40grpc_ssl_client_certificate_request_typeSt10shared_ptrINS0_21TlsKeyMaterialsConfigEES3_INS0_25TlsCredentialReloadConfigEE + + [A] _ZN9grpc_impl12experimental21TlsCredentialsOptionsC2E35grpc_tls_server_verification_optionSt10shared_ptrINS0_21TlsKeyMaterialsConfigEES3_INS0_25TlsCredentialReloadConfigEES3_INS0_33TlsServerAuthorizationCheckConfigEE + + [A] _ZN9grpc_impl12experimental21TlsCredentialsOptionsC2E40grpc_ssl_client_certificate_request_type35grpc_tls_server_verification_optionSt10shared_ptrINS0_21TlsKeyMaterialsConfigEES4_INS0_25TlsCredentialReloadConfigEES4_INS0_33TlsServerAuthorizationCheckConfigEE, aliases _ZN9grpc_impl12experimental21TlsCredentialsOptionsC1E40grpc_ssl_client_certificate_request_type35grpc_tls_server_verification_optionSt10shared_ptrINS0_21TlsKeyMaterialsConfigEES4_INS0_25TlsCredentialReloadConfigEES4_INS0_33TlsServerAuthorizationCheckConfigEE + + [A] _ZN9grpc_impl12experimental21TlsCredentialsOptionsC2E40grpc_ssl_client_certificate_request_typeSt10shared_ptrINS0_21TlsKeyMaterialsConfigEES3_INS0_25TlsCredentialReloadConfigEE, aliases _ZN9grpc_impl12experimental21TlsCredentialsOptionsC1E40grpc_ssl_client_certificate_request_typeSt10shared_ptrINS0_21TlsKeyMaterialsConfigEES3_INS0_25TlsCredentialReloadConfigEE + + [A] _ZN9grpc_impl12experimental21TlsCredentialsOptionsD1Ev, aliases _ZN9grpc_impl12experimental21TlsCredentialsOptionsD2Ev + + [A] _ZN9grpc_impl12experimental21TlsCredentialsOptionsD2Ev + + [A] _ZN9grpc_impl12experimental21TlsKeyMaterialsConfig14PemKeyCertPairD1Ev, aliases _ZN9grpc_impl12experimental21TlsKeyMaterialsConfig14PemKeyCertPairD2Ev + + [A] _ZN9grpc_impl12experimental21TlsKeyMaterialsConfig14PemKeyCertPairD2Ev + + [A] _ZN9grpc_impl12experimental21TlsKeyMaterialsConfig17set_key_materialsERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKSt6vectorINS1_14PemKeyCertPairESaISB_EE + + [A] _ZN9grpc_impl12experimental21TlsKeyMaterialsConfig18set_pem_root_certsERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_impl12experimental21TlsKeyMaterialsConfig21add_pem_key_cert_pairERKNS1_14PemKeyCertPairE + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArg10set_statusE41grpc_ssl_certificate_config_reload_status + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArg16set_cb_user_dataEPv + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArg17set_error_detailsERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArg17set_key_materialsERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt6vectorINS0_21TlsKeyMaterialsConfig14PemKeyCertPairESaISC_EE + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArg18set_pem_root_certsERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArg21add_pem_key_cert_pairERKNS0_21TlsKeyMaterialsConfig14PemKeyCertPairE + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArg24set_key_materials_configERKSt10shared_ptrINS0_21TlsKeyMaterialsConfigEE + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArg30OnCredentialReloadDoneCallbackEv + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArgC1EP30grpc_tls_credential_reload_arg + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArgC2EP30grpc_tls_credential_reload_arg, aliases _ZN9grpc_impl12experimental22TlsCredentialReloadArgC1EP30grpc_tls_credential_reload_arg + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArgD1Ev, aliases _ZN9grpc_impl12experimental22TlsCredentialReloadArgD2Ev + + [A] _ZN9grpc_impl12experimental22TlsCredentialReloadArgD2Ev + + [A] _ZN9grpc_impl12experimental25TlsCredentialReloadConfigC1ESt10shared_ptrINS0_28TlsCredentialReloadInterfaceEE + + [A] _ZN9grpc_impl12experimental25TlsCredentialReloadConfigC2ESt10shared_ptrINS0_28TlsCredentialReloadInterfaceEE, aliases _ZN9grpc_impl12experimental25TlsCredentialReloadConfigC1ESt10shared_ptrINS0_28TlsCredentialReloadInterfaceEE + + [A] _ZN9grpc_impl12experimental25TlsCredentialReloadConfigD1Ev, aliases _ZN9grpc_impl12experimental25TlsCredentialReloadConfigD2Ev + + [A] _ZN9grpc_impl12experimental25TlsCredentialReloadConfigD2Ev + + [A] _ZN9grpc_impl12experimental28ConvertToCKeyMaterialsConfigERKSt10shared_ptrINS0_21TlsKeyMaterialsConfigEE + + [A] _ZN9grpc_impl12experimental28StsCredentialsOptionsFromEnvEPNS0_21StsCredentialsOptionsE + + [A] _ZN9grpc_impl12experimental28TlsCredentialReloadInterface6CancelEPNS0_22TlsCredentialReloadArgE + + [A] _ZN9grpc_impl12experimental29MetadataCredentialsFromPluginESt10unique_ptrINS_25MetadataCredentialsPluginESt14default_deleteIS2_EE19grpc_security_level + + [A] _ZN9grpc_impl12experimental29StsCredentialsOptionsFromJsonERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPNS0_21StsCredentialsOptionsE + + [A] _ZN9grpc_impl12experimental30StsCredentialsCppToCoreOptionsERKNS0_21StsCredentialsOptionsE + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArg10set_statusE16grpc_status_code + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArg11set_successEi + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArg13set_peer_certERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArg15set_target_nameERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArg16set_cb_user_dataEPv + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArg17set_error_detailsERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArg24set_peer_cert_full_chainERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArg38OnServerAuthorizationCheckDoneCallbackEv + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArgC1EP39grpc_tls_server_authorization_check_arg, aliases _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArgC2EP39grpc_tls_server_authorization_check_arg + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArgC2EP39grpc_tls_server_authorization_check_arg + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArgD1Ev, aliases _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArgD2Ev + + [A] _ZN9grpc_impl12experimental30TlsServerAuthorizationCheckArgD2Ev + + [A] _ZN9grpc_impl12experimental32TlsCredentialReloadConfigCCancelEPvP30grpc_tls_credential_reload_arg + + [A] _ZN9grpc_impl12experimental33TlsServerAuthorizationCheckConfigC1ESt10shared_ptrINS0_36TlsServerAuthorizationCheckInterfaceEE, aliases _ZN9grpc_impl12experimental33TlsServerAuthorizationCheckConfigC2ESt10shared_ptrINS0_36TlsServerAuthorizationCheckInterfaceEE + + [A] _ZN9grpc_impl12experimental33TlsServerAuthorizationCheckConfigC2ESt10shared_ptrINS0_36TlsServerAuthorizationCheckInterfaceEE + + [A] _ZN9grpc_impl12experimental33TlsServerAuthorizationCheckConfigD1Ev, aliases _ZN9grpc_impl12experimental33TlsServerAuthorizationCheckConfigD2Ev + + [A] _ZN9grpc_impl12experimental33TlsServerAuthorizationCheckConfigD2Ev + + [A] _ZN9grpc_impl12experimental34TlsCredentialReloadConfigCScheduleEPvP30grpc_tls_credential_reload_arg + + [A] _ZN9grpc_impl12experimental36TlsCredentialReloadArgDestroyContextEPv + + [A] _ZN9grpc_impl12experimental36TlsServerAuthorizationCheckInterface6CancelEPNS0_30TlsServerAuthorizationCheckArgE + + [A] _ZN9grpc_impl12experimental40TlsServerAuthorizationCheckConfigCCancelEPvP39grpc_tls_server_authorization_check_arg + + [A] _ZN9grpc_impl12experimental42TlsServerAuthorizationCheckConfigCScheduleEPvP39grpc_tls_server_authorization_check_arg + + [A] _ZN9grpc_impl12experimental44TlsServerAuthorizationCheckArgDestroyContextEPv + + [A] _ZN9grpc_impl13ClientContext15set_credentialsERKSt10shared_ptrINS_15CallCredentialsEE + + [A] _ZN9grpc_impl13ClientContext25FromCallbackServerContextERKNS_21CallbackServerContextENS_18PropagationOptionsE + + [A] _ZN9grpc_impl13ClientContext25FromInternalServerContextERKNS_17ServerContextBaseENS_18PropagationOptionsE + + [A] _ZN9grpc_impl13ServerContextD0Ev + + [A] _ZN9grpc_impl15CallCredentials11DebugStringB5cxx11Ev + + [A] _ZN9grpc_impl16ChannelArguments16SetResourceQuotaERKN4grpc13ResourceQuotaE + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE14WriteAndFinishERKS2_NS1_12WriteOptionsERKNS1_6StatusEPv + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE19SendInitialMetadataEPv + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE5WriteERKS2_NS1_12WriteOptionsEPv + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE5WriteERKS2_Pv + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE6FinishERKNS1_6StatusEPv + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE8BindCallEPNS1_8internal4CallE + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED0Ev + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED1Ev, aliases _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED2Ev + + [A] _ZN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED2Ev + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E10OnReadDoneEb + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E11OnWriteDoneEb + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E18InternalBindStreamEPNS_26ServerCallbackReaderWriterIS2_S2_EE + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E25OnSendInitialMetadataDoneEb + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E6FinishENS1_6StatusE + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_E8OnCancelEv + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_ED0Ev + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_ED1Ev, aliases _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_ED2Ev + + [A] _ZN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_ED2Ev + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp11core_cq_tagEv + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp14FinalizeResultEPPvPb + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp17SetHijackingStateEv + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp32ContinueFillOpsAfterInterceptionEv + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp39ContinueFinalizeResultAfterInterceptionEv + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp5UnrefEv + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOp7FillOpsEPN4grpc8internal4CallE + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOpD0Ev + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOpD1Ev, aliases _ZN9grpc_impl17ServerContextBase12CompletionOpD2Ev + + [A] _ZN9grpc_impl17ServerContextBase12CompletionOpD2Ev + + [A] _ZN9grpc_impl17ServerContextBase17BeginCompletionOpEPN4grpc8internal4CallESt8functionIFvbEEPNS_8internal18ServerCallbackCallE + + [A] _ZN9grpc_impl17ServerContextBase18AddInitialMetadataERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_ + + [A] _ZN9grpc_impl17ServerContextBase18GetCompletionOpTagEv + + [A] _ZN9grpc_impl17ServerContextBase19AddTrailingMetadataERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_ + + [A] _ZN9grpc_impl17ServerContextBase19set_server_rpc_infoEPKcN4grpc8internal9RpcMethod7RpcTypeERKSt6vectorISt10unique_ptrINS3_12experimental33ServerInterceptorFactoryInterfaceESt14default_deleteISA_EESaISD_EE + + [A] _ZN9grpc_impl17ServerContextBase21SetLoadReportingCostsERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EE + + [A] _ZN9grpc_impl17ServerContextBase23BindDeadlineAndMetadataE12gpr_timespecP19grpc_metadata_array + + [A] _ZN9grpc_impl17ServerContextBase23TestServerCallbackUnary7reactorEv + + [A] _ZN9grpc_impl17ServerContextBase25set_compression_algorithmE26grpc_compression_algorithm + + [A] _ZN9grpc_impl17ServerContextBase5ClearEv + + [A] _ZN9grpc_impl17ServerContextBase5SetupE12gpr_timespec + + [A] _ZN9grpc_impl17ServerContextBaseC1E12gpr_timespecP19grpc_metadata_array + + [A] _ZN9grpc_impl17ServerContextBaseC1Ev, aliases _ZN9grpc_impl17ServerContextBaseC2Ev + + [A] _ZN9grpc_impl17ServerContextBaseC2E12gpr_timespecP19grpc_metadata_array, aliases _ZN9grpc_impl17ServerContextBaseC1E12gpr_timespecP19grpc_metadata_array + + [A] _ZN9grpc_impl17ServerContextBaseC2Ev + + [A] _ZN9grpc_impl17ServerContextBaseD0Ev + + [A] _ZN9grpc_impl17ServerContextBaseD1Ev, aliases _ZN9grpc_impl17ServerContextBaseD2Ev + + [A] _ZN9grpc_impl17ServerContextBaseD2Ev + + [A] _ZN9grpc_impl18ClientUnaryReactor6OnDoneERKN4grpc6StatusE + + [A] _ZN9grpc_impl18ServerUnaryReactor8OnCancelEv + + [A] _ZN9grpc_impl21CallbackServerContextD0Ev + + [A] _ZN9grpc_impl21CallbackServerContextD1Ev, aliases _ZN9grpc_impl21CallbackServerContextD2Ev + + [A] _ZN9grpc_impl21CallbackServerContextD2Ev + + [A] _ZN9grpc_impl21SecureCallCredentials11DebugStringB5cxx11Ev + + [A] _ZN9grpc_impl23SecureServerCredentials24SetAuthMetadataProcessorERKSt10shared_ptrIN4grpc21AuthMetadataProcessorEE + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E14WriteAndFinishERKS2_NS1_12WriteOptionsERKNS1_6StatusEPv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E19SendInitialMetadataEPv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E4ReadEPS2_Pv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E5WriteERKS2_NS1_12WriteOptionsEPv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E5WriteERKS2_Pv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E6FinishERKNS1_6StatusEPv + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E8BindCallEPNS1_8internal4CallE + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED0Ev + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED1Ev, aliases _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED2Ev + + [A] _ZN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED2Ev + + [A] _ZN9grpc_impl25MetadataCredentialsPlugin11DebugStringB5cxx11Ev + + [A] _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEE19SendInitialMetadataEPv + + [A] _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEE8BindCallEPNS1_8internal4CallE + + [A] _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEED0Ev + + [A] _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEED1Ev, aliases _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEED2Ev + + [A] _ZN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEED2Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE14FinalizeResultEPPvPb + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEv + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag3RunEb + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag9StaticRunEP42grpc_experimental_completion_queue_functori + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEED0Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEED1Ev, aliases _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEED2Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEED2Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE14FinalizeResultEPPvPb + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEv + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag3RunEb + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag9StaticRunEP42grpc_experimental_completion_queue_functori + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEED0Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEED1Ev + + [A] _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEED2Ev, aliases _ZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEED1Ev + + [A] _ZN9grpc_impl6Server18UnrefAndWaitLockedEv + + [A] _ZN9grpc_impl6Server23UnrefWithPossibleNotifyEv + + [A] _ZN9grpc_impl6Server3RefEv + + [A] _ZN9grpc_impl6ServerC1EPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE + + [A] _ZN9grpc_impl6ServerC2EPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE, aliases _ZN9grpc_impl6ServerC1EPNS_16ChannelArgumentsESt10shared_ptrISt6vectorISt10unique_ptrINS_21ServerCompletionQueueESt14default_deleteIS6_EESaIS9_EEEiiiS4_IS3_IN4grpc8internal30ExternalConnectionAcceptorImplEESaISG_EEP19grpc_resource_quotaS4_IS5_INSD_12experimental33ServerInterceptorFactoryInterfaceES7_ISM_EESaISO_EE + + [A] _ZN9grpc_impl8internal13ClientReactor22InternalScheduleOnDoneEN4grpc6StatusE + + [A] _ZN9grpc_impl8internal13ServerReactor18InternalInlineableEv + + [A] _ZN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEE6OnDoneEv + + [A] _ZN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEED0Ev + + [A] _ZN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEED1Ev, aliases _ZN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEED2Ev + + [A] _ZN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEED2Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EED0Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EED1Ev, aliases _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EED2Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EED2Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EED0Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EED1Ev, aliases _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EED2Ev + + [A] _ZN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EED2Ev + + [A] _ZN9grpc_impl8internal18ServerCallbackCall12CallOnCancelEPNS0_13ServerReactorE + + [A] _ZN9grpc_impl8internal18ServerCallbackCall14ScheduleOnDoneEb + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl10CallOnDoneEv + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl14WriteAndFinishEPKS3_NS2_12WriteOptionsENS2_6StatusE + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEv + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl4ReadEPS3_ + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl5WriteEPKS3_NS2_12WriteOptionsE + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl6FinishENS2_6StatusE + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl7reactorEv + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplD0Ev + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplD1Ev, aliases _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplD2Ev + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplD2Ev + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_ED0Ev + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_ED1Ev, aliases _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_ED2Ev + + [A] _ZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_ED2Ev + + [A] _ZNK4grpc21AuthMetadataProcessor10IsBlockingEv + + [A] _ZNK9grpc_impl12experimental22TlsCredentialReloadArg12cb_user_dataEv + + [A] _ZNK9grpc_impl12experimental22TlsCredentialReloadArg13error_detailsB5cxx11Ev + + [A] _ZNK9grpc_impl12experimental22TlsCredentialReloadArg31is_pem_key_cert_pair_list_emptyEv + + [A] _ZNK9grpc_impl12experimental22TlsCredentialReloadArg6statusEv + + [A] _ZNK9grpc_impl12experimental30TlsServerAuthorizationCheckArg11target_nameB5cxx11Ev + + [A] _ZNK9grpc_impl12experimental30TlsServerAuthorizationCheckArg12cb_user_dataEv + + [A] _ZNK9grpc_impl12experimental30TlsServerAuthorizationCheckArg13error_detailsB5cxx11Ev + + [A] _ZNK9grpc_impl12experimental30TlsServerAuthorizationCheckArg20peer_cert_full_chainB5cxx11Ev + + [A] _ZNK9grpc_impl12experimental30TlsServerAuthorizationCheckArg6statusEv + + [A] _ZNK9grpc_impl12experimental30TlsServerAuthorizationCheckArg7successEv + + [A] _ZNK9grpc_impl12experimental30TlsServerAuthorizationCheckArg9peer_certB5cxx11Ev + + [A] _ZNK9grpc_impl17ServerContextBase11IsCancelledEv + + [A] _ZNK9grpc_impl17ServerContextBase14census_contextEv + + [A] _ZNK9grpc_impl17ServerContextBase4peerB5cxx11Ev + + [A] _ZNK9grpc_impl17ServerContextBase9TryCancelEv + + [A] _ZNK9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE11method_nameEv + + [A] _ZNK9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE11method_nameEv + + [A] _ZNSt14_Function_base13_Base_managerIZN4grpc12experimental22CallbackGenericService7HandlerEvEUlPN9grpc_impl21CallbackServerContextEE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag3RunEbEUlvE_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestINS1_21CallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl6Server15CallbackRequestINS1_21CallbackServerContextEE15CallbackCallTag3RunEbEUlvE_E10_M_managerERSt9_Any_dataRKS9_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E10RunHandlerERKNS4_8internal13MethodHandler16HandlerParameterEEUlbE_E10_M_managerERSt9_Any_dataRKSE_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS1_17ServerBidiReactorIS5_S5_EEEUlbE0_E10_M_managerERSt9_Any_dataRKSD_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS1_17ServerBidiReactorIS5_S5_EEEUlbE_E10_M_managerERSt9_Any_dataRKSD_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_E10_M_managerERSt9_Any_dataRKSA_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl6FinishENS4_6StatusEEUlbE_E10_M_managerERSt9_Any_dataRKSB_St18_Manager_operation + + [A] _ZNSt17_Function_handlerIFPN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES3_EEPNS0_21CallbackServerContextEEZNS2_12experimental22CallbackGenericService7HandlerEvEUlS7_E_E9_M_invokeERKSt9_Any_dataOS7_ + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E10RunHandlerERKNS4_8internal13MethodHandler16HandlerParameterEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS1_17ServerBidiReactorIS5_S5_EEEUlbE0_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS1_17ServerBidiReactorIS5_S5_EEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES5_E30ServerCallbackReaderWriterImpl6FinishENS4_6StatusEEUlbE_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag3RunEbEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestINS1_21CallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt17_Function_handlerIFvvEZN9grpc_impl6Server15CallbackRequestINS1_21CallbackServerContextEE15CallbackCallTag3RunEbEUlvE_E9_M_invokeERKSt9_Any_data + + [A] _ZNSt6vectorIN4grpc13ServerBuilder4PortESaIS2_EE17_M_realloc_insertIJRKS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [A] _ZNSt6vectorIN4grpc13ServerBuilder4PortESaIS2_EED1Ev, aliases _ZNSt6vectorIN4grpc13ServerBuilder4PortESaIS2_EED2Ev + + [A] _ZNSt6vectorIN4grpc13ServerBuilder4PortESaIS2_EED2Ev + + [A] _ZNSt6vectorIN9grpc_impl12experimental21TlsKeyMaterialsConfig14PemKeyCertPairESaIS3_EE17_M_realloc_insertIJRKS3_EEEvN9__gnu_cxx17__normal_iteratorIPS3_S5_EEDpOT_ + + [A] _ZNSt6vectorIN9grpc_impl12experimental21TlsKeyMaterialsConfig14PemKeyCertPairESaIS3_EEaSERKS5_ + + [A] _ZNSt6vectorIPN9grpc_impl15CompletionQueueESaIS2_EE17_M_realloc_insertIJS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [A] _ZNSt6vectorISt10unique_ptrIN4grpc13ServerBuilder12NamedServiceESt14default_deleteIS3_EESaIS6_EE12emplace_backIJPS3_EEEvDpOT_ + + [A] _ZNSt6vectorISt10unique_ptrIN4grpc13ServerBuilder12NamedServiceESt14default_deleteIS3_EESaIS6_EE17_M_realloc_insertIJPS3_EEEvN9__gnu_cxx17__normal_iteratorIPS6_S8_EEDpOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4pairIKS5_N9grpc_core4JsonEESt10_Select1stISA_ESt4lessIS5_ESaISA_EE8_M_eraseEPSt13_Rb_tree_nodeISA_E + + [A] _ZThn16_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E4ReadEPS2_Pv + + [A] _ZThn16_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED0Ev + + [A] _ZThn16_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED1Ev + + [A] _ZThn8_N9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE5WriteERKS2_NS1_12WriteOptionsEPv + + [A] _ZThn8_N9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEE5WriteERKS2_Pv + + [A] _ZThn8_N9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED0Ev + + [A] _ZThn8_N9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEED1Ev + + [A] _ZThn8_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E5WriteERKS2_NS1_12WriteOptionsEPv + + [A] _ZThn8_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_E5WriteERKS2_Pv + + [A] _ZThn8_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED0Ev + + [A] _ZThn8_N9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_ED1Ev + + [A] _ZZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEEN7Reactor6OnDoneEv + + [A] _ZZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEEN7ReactorD0Ev + + [A] _ZZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEEN7ReactorD1Ev, aliases _ZZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEEN7ReactorD2Ev + + [A] _ZZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEEN7ReactorD2Ev + + [A] _ZZZN9grpc_impl8internal9AlarmImpl3SetE12gpr_timespecSt8functionIFvbEEENKUlPvP10grpc_errorE_clES6_S8_ENKUlS6_S8_E_clES6_S8_ + + [A] _ZZZN9grpc_impl8internal9AlarmImpl3SetE12gpr_timespecSt8functionIFvbEEENKUlPvP10grpc_errorE_clES6_S8_ENUlS6_S8_E_4_FUNES6_S8_ + + + +147 Removed variable symbols not referenced by debug info: + + + + [D] _ZTIN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc12experimental24ServerGenericBidiReactorE + + [D] _ZTIN4grpc12experimental26ClientCallbackReaderWriterINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc12experimental26ServerCallbackReaderWriterINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc17ServerAsyncWriterINS_10ByteBufferEEE + + [D] _ZTIN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTIN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTIN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEEE + + [D] _ZTIN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEEE + + [D] _ZTIN4grpc26ServerAsyncWriterInterfaceINS_10ByteBufferEEE + + [D] _ZTIN4grpc32ClientAsyncReaderWriterInterfaceINS_10ByteBufferES1_EE + + [D] _ZTIN4grpc32ServerAsyncReaderWriterInterfaceINS_10ByteBufferES1_EE + + [D] _ZTIN4grpc34ClientAsyncResponseReaderInterfaceINS_10ByteBufferEEE + + [D] _ZTIN4grpc8internal13ServerReactorE + + [D] _ZTIN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EEE + + [D] _ZTIN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EEE + + [D] _ZTIN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplE + + [D] _ZTIN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc8internal20AsyncReaderInterfaceINS_10ByteBufferEEE + + [D] _ZTIN4grpc8internal20AsyncWriterInterfaceINS_10ByteBufferEEE + + [D] _ZTIN4grpc8internal21CallOpClientSendCloseE + + [D] _ZTIN4grpc8internal22CallOpClientRecvStatusE + + [D] _ZTIN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc8internal25CallOpRecvInitialMetadataE + + [D] _ZTIN4grpc8internal29ClientAsyncStreamingInterfaceE + + [D] _ZTIN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_EE + + [D] _ZTIN4grpc8internal31UnimplementedGenericBidiReactorE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTIN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTIN9grpc_impl13ResourceQuotaE + + [D] _ZTIN9grpc_impl13ServerBuilderE + + [D] _ZTIN9grpc_impl13ServerContext12CompletionOpE + + [D] _ZTIN9grpc_impl27HealthCheckServiceInterfaceE + + [D] _ZTIN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEEE + + [D] _ZTIN9grpc_impl6Server15CallbackRequestINS_13ServerContextEEE + + [D] _ZTIN9grpc_impl6Server19CallbackRequestBaseE + + [D] _ZTIZN4grpc12experimental22CallbackGenericService7HandlerEvEUlvE_ + + [D] _ZTIZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_ + + [D] _ZTIZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl6FinishENS_6StatusEEUlbE_ + + [D] _ZTIZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE0_ + + [D] _ZTIZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE1_ + + [D] _ZTIZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE_ + + [D] _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E10WritesDoneEvEUlbE_ + + [D] _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE0_ + + [D] _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE1_ + + [D] _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE2_ + + [D] _ZTIZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE_ + + [D] _ZTIZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + [D] _ZTIZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag3RunEbEUlvE_ + + [D] _ZTIZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + [D] _ZTIZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag3RunEbEUlvE_ + + [D] _ZTSN4grpc12experimental17ServerBidiReactorINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc12experimental24ServerGenericBidiReactorE + + [D] _ZTSN4grpc12experimental26ClientCallbackReaderWriterINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc12experimental26ServerCallbackReaderWriterINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc17ServerAsyncWriterINS_10ByteBufferEEE + + [D] _ZTSN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTSN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTSN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEEE + + [D] _ZTSN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEEE + + [D] _ZTSN4grpc26ServerAsyncWriterInterfaceINS_10ByteBufferEEE + + [D] _ZTSN4grpc32ClientAsyncReaderWriterInterfaceINS_10ByteBufferES1_EE + + [D] _ZTSN4grpc32ServerAsyncReaderWriterInterfaceINS_10ByteBufferES1_EE + + [D] _ZTSN4grpc34ClientAsyncResponseReaderInterfaceINS_10ByteBufferEEE + + [D] _ZTSN4grpc8internal13ServerReactorE + + [D] _ZTSN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EEE + + [D] _ZTSN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EEE + + [D] _ZTSN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplE + + [D] _ZTSN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc8internal20AsyncReaderInterfaceINS_10ByteBufferEEE + + [D] _ZTSN4grpc8internal20AsyncWriterInterfaceINS_10ByteBufferEEE + + [D] _ZTSN4grpc8internal21CallOpClientSendCloseE + + [D] _ZTSN4grpc8internal22CallOpClientRecvStatusE + + [D] _ZTSN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc8internal25CallOpRecvInitialMetadataE + + [D] _ZTSN4grpc8internal29ClientAsyncStreamingInterfaceE + + [D] _ZTSN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_EE + + [D] _ZTSN4grpc8internal31UnimplementedGenericBidiReactorE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTSN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTSN9grpc_impl13ResourceQuotaE + + [D] _ZTSN9grpc_impl13ServerBuilderE + + [D] _ZTSN9grpc_impl13ServerContext12CompletionOpE + + [D] _ZTSN9grpc_impl27HealthCheckServiceInterfaceE + + [D] _ZTSN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEEE + + [D] _ZTSN9grpc_impl6Server15CallbackRequestINS_13ServerContextEEE + + [D] _ZTSN9grpc_impl6Server19CallbackRequestBaseE + + [D] _ZTSZN4grpc12experimental22CallbackGenericService7HandlerEvEUlvE_ + + [D] _ZTSZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_ + + [D] _ZTSZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImpl6FinishENS_6StatusEEUlbE_ + + [D] _ZTSZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE0_ + + [D] _ZTSZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE1_ + + [D] _ZTSZN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplC4EPN9grpc_impl13ServerContextEPNS0_4CallESt8functionIFvvEEPNS_12experimental17ServerBidiReactorIS2_S2_EEEUlbE_ + + [D] _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E10WritesDoneEvEUlbE_ + + [D] _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE0_ + + [D] _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE1_ + + [D] _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE2_ + + [D] _ZTSZN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_E9StartCallEvEUlbE_ + + [D] _ZTSZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + [D] _ZTSZN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEE15CallbackCallTag3RunEbEUlvE_ + + [D] _ZTSZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + [D] _ZTSZN9grpc_impl6Server15CallbackRequestINS_13ServerContextEE15CallbackCallTag3RunEbEUlvE_ + + [D] _ZTVN4grpc17ServerAsyncWriterINS_10ByteBufferEEE + + [D] _ZTVN4grpc23ClientAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTVN4grpc23ServerAsyncReaderWriterINS_10ByteBufferES1_EE + + [D] _ZTVN4grpc25ClientAsyncResponseReaderINS_10ByteBufferEEE + + [D] _ZTVN4grpc25ServerAsyncResponseWriterINS_10ByteBufferEEE + + [D] _ZTVN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE12EEE + + [D] _ZTVN4grpc8internal18ErrorMethodHandlerILNS_10StatusCodeE8EEE + + [D] _ZTVN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_E30ServerCallbackReaderWriterImplE + + [D] _ZTVN4grpc8internal19CallbackBidiHandlerINS_10ByteBufferES2_EE + + [D] _ZTVN4grpc8internal24UnimplementedBidiReactorINS_10ByteBufferES2_EE + + [D] _ZTVN4grpc8internal30ClientCallbackReaderWriterImplINS_10ByteBufferES2_EE + + [D] _ZTVN4grpc8internal31UnimplementedGenericBidiReactorE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_22CallOpClientRecvStatusENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_8CallNoOpILi3EEENS6_ILi4EEENS6_ILi5EEENS6_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_22CallOpClientRecvStatusENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi2EEENS3_ILi3EEENS3_ILi4EEENS3_ILi5EEENS3_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_22CallOpClientRecvStatusEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_8CallNoOpILi4EEENS5_ILi5EEENS5_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_25CallOpRecvInitialMetadataENS0_17CallOpRecvMessageINS_10ByteBufferEEENS0_21CallOpClientSendCloseENS0_22CallOpClientRecvStatusEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_21CallOpClientSendCloseENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTVN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi3EEENS4_ILi4EEENS4_ILi5EEENS4_ILi6EEEEE + + [D] _ZTVN9grpc_impl13ResourceQuotaE + + [D] _ZTVN9grpc_impl13ServerBuilderE + + [D] _ZTVN9grpc_impl13ServerContext12CompletionOpE + + [D] _ZTVN9grpc_impl6Server15CallbackRequestIN4grpc20GenericServerContextEEE + + [D] _ZTVN9grpc_impl6Server15CallbackRequestINS_13ServerContextEEE + + [D] grpc_health_v1_HealthCheckRequest_fields + + [D] grpc_health_v1_HealthCheckResponse_fields + + + +99 Added variable symbols not referenced by debug info: + + + + _ZTIN4grpc12experimental28GenericCallbackServerContextE + + _ZTIN4grpc13ResourceQuotaE + + _ZTIN4grpc13ServerBuilderE + + _ZTIN4grpc20GenericServerContextE + + _ZTIN4grpc27HealthCheckServiceInterfaceE + + _ZTIN9grpc_impl13ServerContextE + + _ZTIN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEEE + + _ZTIN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_EE + + _ZTIN9grpc_impl17ServerContextBase12CompletionOpE + + _ZTIN9grpc_impl17ServerContextBaseE + + _ZTIN9grpc_impl21CallbackServerContextE + + _ZTIN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_EE + + _ZTIN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEEE + + _ZTIN9grpc_impl26ServerAsyncWriterInterfaceIN4grpc10ByteBufferEEE + + _ZTIN9grpc_impl26ServerCallbackReaderWriterIN4grpc10ByteBufferES2_EE + + _ZTIN9grpc_impl32ServerAsyncReaderWriterInterfaceIN4grpc10ByteBufferES2_EE + + _ZTIN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEEE + + _ZTIN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEEE + + _ZTIN9grpc_impl8internal13ClientReactorE + + _ZTIN9grpc_impl8internal13ServerReactorE + + _ZTIN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEEE + + _ZTIN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EEE + + _ZTIN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EEE + + _ZTIN9grpc_impl8internal18ServerCallbackCallE + + _ZTIN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplE + + _ZTIN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_EE + + _ZTIN9grpc_impl8internal20AsyncReaderInterfaceIN4grpc10ByteBufferEEE + + _ZTIN9grpc_impl8internal20AsyncWriterInterfaceIN4grpc10ByteBufferEEE + + _ZTIZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEE7Reactor + + _ZTIZN4grpc12experimental22CallbackGenericService7HandlerEvEUlPN9grpc_impl21CallbackServerContextEE_ + + _ZTIZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + _ZTIZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag3RunEbEUlvE_ + + _ZTIZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + _ZTIZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag3RunEbEUlvE_ + + _ZTIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterEEUlbE_ + + _ZTIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS_17ServerBidiReactorIS3_S3_EEEUlbE0_ + + _ZTIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS_17ServerBidiReactorIS3_S3_EEEUlbE_ + + _ZTIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_ + + _ZTIZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl6FinishENS2_6StatusEEUlbE_ + + _ZTSN4grpc12experimental28GenericCallbackServerContextE + + _ZTSN4grpc13ResourceQuotaE + + _ZTSN4grpc13ServerBuilderE + + _ZTSN4grpc20GenericServerContextE + + _ZTSN4grpc27HealthCheckServiceInterfaceE + + _ZTSN9grpc_impl13ServerContextE + + _ZTSN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEEE + + _ZTSN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_EE + + _ZTSN9grpc_impl17ServerContextBase12CompletionOpE + + _ZTSN9grpc_impl17ServerContextBaseE + + _ZTSN9grpc_impl21CallbackServerContextE + + _ZTSN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_EE + + _ZTSN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEEE + + _ZTSN9grpc_impl26ServerAsyncWriterInterfaceIN4grpc10ByteBufferEEE + + _ZTSN9grpc_impl26ServerCallbackReaderWriterIN4grpc10ByteBufferES2_EE + + _ZTSN9grpc_impl32ServerAsyncReaderWriterInterfaceIN4grpc10ByteBufferES2_EE + + _ZTSN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEEE + + _ZTSN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEEE + + _ZTSN9grpc_impl8internal13ClientReactorE + + _ZTSN9grpc_impl8internal13ServerReactorE + + _ZTSN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEEE + + _ZTSN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EEE + + _ZTSN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EEE + + _ZTSN9grpc_impl8internal18ServerCallbackCallE + + _ZTSN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplE + + _ZTSN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_EE + + _ZTSN9grpc_impl8internal20AsyncReaderInterfaceIN4grpc10ByteBufferEEE + + _ZTSN9grpc_impl8internal20AsyncWriterInterfaceIN4grpc10ByteBufferEEE + + _ZTSZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEE7Reactor + + _ZTSZN4grpc12experimental22CallbackGenericService7HandlerEvEUlPN9grpc_impl21CallbackServerContextEE_ + + _ZTSZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + _ZTSZN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEE15CallbackCallTag3RunEbEUlvE_ + + _ZTSZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag28ContinueRunAfterInterceptionEvEUlvE_ + + _ZTSZN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEE15CallbackCallTag3RunEbEUlvE_ + + _ZTSZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterEEUlbE_ + + _ZTSZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS_17ServerBidiReactorIS3_S3_EEEUlbE0_ + + _ZTSZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl12SetupReactorEPNS_17ServerBidiReactorIS3_S3_EEEUlbE_ + + _ZTSZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl19SendInitialMetadataEvEUlbE_ + + _ZTSZN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImpl6FinishENS2_6StatusEEUlbE_ + + _ZTVN4grpc12experimental28GenericCallbackServerContextE + + _ZTVN4grpc13ResourceQuotaE + + _ZTVN4grpc13ServerBuilderE + + _ZTVN4grpc20GenericServerContextE + + _ZTVN9grpc_impl13ServerContextE + + _ZTVN9grpc_impl17ServerAsyncWriterIN4grpc10ByteBufferEEE + + _ZTVN9grpc_impl17ServerBidiReactorIN4grpc10ByteBufferES2_EE + + _ZTVN9grpc_impl17ServerContextBase12CompletionOpE + + _ZTVN9grpc_impl17ServerContextBaseE + + _ZTVN9grpc_impl21CallbackServerContextE + + _ZTVN9grpc_impl23ServerAsyncReaderWriterIN4grpc10ByteBufferES2_EE + + _ZTVN9grpc_impl25ServerAsyncResponseWriterIN4grpc10ByteBufferEEE + + _ZTVN9grpc_impl6Server15CallbackRequestIN4grpc12experimental28GenericCallbackServerContextEEE + + _ZTVN9grpc_impl6Server15CallbackRequestINS_21CallbackServerContextEEE + + _ZTVN9grpc_impl8internal13ClientReactorE + + _ZTVN9grpc_impl8internal17FinishOnlyReactorINS_17ServerBidiReactorIN4grpc10ByteBufferES4_EEEE + + _ZTVN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE12EEE + + _ZTVN9grpc_impl8internal18ErrorMethodHandlerILN4grpc10StatusCodeE8EEE + + _ZTVN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_E30ServerCallbackReaderWriterImplE + + _ZTVN9grpc_impl8internal19CallbackBidiHandlerIN4grpc10ByteBufferES3_EE + + _ZTVZN4grpc12experimental22CallbackGenericService13CreateReactorEPNS0_28GenericCallbackServerContextEE7Reactor + + + +---------------diffs in grpc_libgrpc++_error_details.so.1.31.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 13 Removed, 13 Added function symbols not referenced by debug info + +Variable symbols changes summary: 2 Removed, 0 Added variable symbols not referenced by debug info + + + +13 Removed function symbols not referenced by debug info: + + + + _ZN6google3rpc6Status27MergePartialFromCodedStreamEPNS_8protobuf2io16CodedInputStreamE + + _ZN6google3rpc6StatusC1Ev + + _ZN6google3rpc6StatusC2Ev, aliases _ZN6google3rpc6StatusC1Ev + + _ZN6google8protobuf8internal14ArenaStringPtr21CreateInstanceNoArenaEPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + _ZN6google8protobuf8internal21arena_destruct_objectINS1_29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE9ContainerEEEvPv + + _ZN6google8protobuf8internal21arena_destruct_objectINS_3rpc6StatusEEEvPv + + _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE27mutable_unknown_fields_slowEv + + _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEED1Ev + + _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEED2Ev, aliases _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEED1Ev + + _ZNK6google3rpc6Status24SerializeWithCachedSizesEPNS_8protobuf2io17CodedOutputStreamE + + _ZNK6google3rpc6Status39InternalSerializeWithCachedSizesToArrayEPh + + _ZNK6google8protobuf11MessageLite20GetMaybeArenaPointerEv + + _ZNK6google8protobuf11MessageLite8GetArenaEv + + + +13 Added function symbols not referenced by debug info: + + + + _ZN6google3rpc6Status14_InternalParseEPKcPNS_8protobuf8internal12ParseContextE + + _ZN6google3rpc6Status9ArenaDtorEPv + + _ZN6google3rpc6StatusC1EPNS_8protobuf5ArenaE + + _ZN6google3rpc6StatusC2EPNS_8protobuf5ArenaE, aliases _ZN6google3rpc6StatusC1EPNS_8protobuf5ArenaE + + _ZN6google8protobuf16RepeatedPtrFieldINS0_3AnyEED1Ev + + _ZN6google8protobuf16RepeatedPtrFieldINS0_3AnyEED2Ev, aliases _ZN6google8protobuf16RepeatedPtrFieldINS0_3AnyEED1Ev + + _ZN6google8protobuf8internal12ParseContext12ParseMessageINS0_3AnyEEEPKcPT_S6_ + + _ZN6google8protobuf8internal14ArenaStringPtr14CreateInstanceEPNS0_5ArenaEPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + _ZN6google8protobuf8internal16InternalMetadata27mutable_unknown_fields_slowINS0_15UnknownFieldSetEEEPT_v + + _ZN6google8protobuf8internal20RepeatedPtrFieldBase5ClearINS0_16RepeatedPtrFieldINS0_3AnyEE11TypeHandlerEEEvv + + _ZN6google8protobuf8internal21arena_destruct_objectINS1_16InternalMetadata9ContainerINS0_15UnknownFieldSetEEEEEvPv + + _ZN6google8protobuf8internal21arena_destruct_objectINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEEvPv + + _ZNK6google3rpc6Status18_InternalSerializeEPhPNS_8protobuf2io19EpsCopyOutputStreamE + + + +2 Removed variable symbols not referenced by debug info: + + + + _ZTIN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE9ContainerE + + _ZTSN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE9ContainerE + + + +---------------diffs in grpc_libgrpcpp_channelz.so.1.31.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 373 Removed, 364 Added function symbols not referenced by debug info + +Variable symbols changes summary: 109 Removed, 65 Added variable symbols not referenced by debug info + + + +373 Removed function symbols not referenced by debug info: + + + + [D] _ZN4grpc12experimental18ClientUnaryReactor25OnReadInitialMetadataDoneEb + + [D] _ZN4grpc12experimental18ClientUnaryReactor6OnDoneERKNS_6StatusE + + [D] _ZN4grpc19ServerBuilderPlugin19UpdateServerBuilderEPN9grpc_impl13ServerBuilderE + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEE19ReadInitialMetadataEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEE6FinishEPS3_PNS_6StatusEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEE9StartCallEv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEED0Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEED2Ev, _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEED1Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEED1Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEED2Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEED1Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEE19ReadInitialMetadataEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEE6FinishEPS3_PNS_6StatusEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEE9StartCallEv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEED0Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEED2Ev, _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEED1Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEED1Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEED2Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEED1Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEE19ReadInitialMetadataEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEE6FinishEPS3_PNS_6StatusEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEE9StartCallEv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEED0Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEED1Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEED0Ev, _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEE19ReadInitialMetadataEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEE6FinishEPS3_PNS_6StatusEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEE9StartCallEv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEED0Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEED1Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEED0Ev, _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEE19ReadInitialMetadataEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEE6FinishEPS3_PNS_6StatusEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEE9StartCallEv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEED0Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEED1Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEED0Ev, _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEE19ReadInitialMetadataEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEE6FinishEPS3_PNS_6StatusEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEE9StartCallEv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEED0Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEED1Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEED0Ev, _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEED2Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEE19ReadInitialMetadataEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEE6FinishEPS3_PNS_6StatusEPv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEE9StartCallEv + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEED0Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEED2Ev, _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEED1Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEED1Ev + + [D] _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEED2Ev, aliases _ZN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEED1Ev + + [D] _ZN4grpc8channelz2v110ChannelRef27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v110ChannelRefC1Ev, aliases _ZN4grpc8channelz2v110ChannelRefC2Ev + + [D] _ZN4grpc8channelz2v110ChannelRefC2Ev + + [D] _ZN4grpc8channelz2v110ServerData27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v110ServerDataC1Ev, aliases _ZN4grpc8channelz2v110ServerDataC2Ev + + [D] _ZN4grpc8channelz2v110ServerDataC2Ev + + [D] _ZN4grpc8channelz2v110SocketData27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v110SocketDataC1Ev, aliases _ZN4grpc8channelz2v110SocketDataC2Ev + + [D] _ZN4grpc8channelz2v110SocketDataC2Ev + + [D] _ZN4grpc8channelz2v110Subchannel27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v110SubchannelC1Ev + + [D] _ZN4grpc8channelz2v110SubchannelC2Ev, aliases _ZN4grpc8channelz2v110SubchannelC1Ev + + [D] _ZN4grpc8channelz2v111ChannelData27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v111ChannelDataC1Ev + + [D] _ZN4grpc8channelz2v111ChannelDataC2Ev, aliases _ZN4grpc8channelz2v111ChannelDataC1Ev + + [D] _ZN4grpc8channelz2v112ChannelTrace27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v112ChannelTraceC1Ev + + [D] _ZN4grpc8channelz2v112ChannelTraceC2Ev, aliases _ZN4grpc8channelz2v112ChannelTraceC1Ev + + [D] _ZN4grpc8channelz2v112Security_Tls27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v112Security_TlsC1Ev + + [D] _ZN4grpc8channelz2v112Security_TlsC2Ev, aliases _ZN4grpc8channelz2v112Security_TlsC1Ev + + [D] _ZN4grpc8channelz2v112SocketOption27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v112SocketOptionC1Ev, aliases _ZN4grpc8channelz2v112SocketOptionC2Ev + + [D] _ZN4grpc8channelz2v112SocketOptionC2Ev + + [D] _ZN4grpc8channelz2v113SubchannelRef27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v113SubchannelRefC1Ev + + [D] _ZN4grpc8channelz2v113SubchannelRefC2Ev, aliases _ZN4grpc8channelz2v113SubchannelRefC1Ev + + [D] _ZN4grpc8channelz2v116GetServerRequest27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v116GetServerRequestC1Ev, aliases _ZN4grpc8channelz2v116GetServerRequestC2Ev + + [D] _ZN4grpc8channelz2v116GetServerRequestC2Ev + + [D] _ZN4grpc8channelz2v116GetSocketRequest27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v116GetSocketRequestC1Ev + + [D] _ZN4grpc8channelz2v116GetSocketRequestC2Ev, aliases _ZN4grpc8channelz2v116GetSocketRequestC1Ev + + [D] _ZN4grpc8channelz2v117ChannelTraceEvent27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v117ChannelTraceEventC1Ev + + [D] _ZN4grpc8channelz2v117ChannelTraceEventC2Ev, aliases _ZN4grpc8channelz2v117ChannelTraceEventC1Ev + + [D] _ZN4grpc8channelz2v117GetChannelRequest27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v117GetChannelRequestC1Ev + + [D] _ZN4grpc8channelz2v117GetChannelRequestC2Ev, aliases _ZN4grpc8channelz2v117GetChannelRequestC1Ev + + [D] _ZN4grpc8channelz2v117GetServerResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v117GetServerResponseC1Ev + + [D] _ZN4grpc8channelz2v117GetServerResponseC2Ev, aliases _ZN4grpc8channelz2v117GetServerResponseC1Ev + + [D] _ZN4grpc8channelz2v117GetServersRequest27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v117GetServersRequestC1Ev, aliases _ZN4grpc8channelz2v117GetServersRequestC2Ev + + [D] _ZN4grpc8channelz2v117GetServersRequestC2Ev + + [D] _ZN4grpc8channelz2v117GetSocketResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v117GetSocketResponseC1Ev + + [D] _ZN4grpc8channelz2v117GetSocketResponseC2Ev, aliases _ZN4grpc8channelz2v117GetSocketResponseC1Ev + + [D] _ZN4grpc8channelz2v118Address_UdsAddress27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v118Address_UdsAddressC1Ev + + [D] _ZN4grpc8channelz2v118Address_UdsAddressC2Ev, aliases _ZN4grpc8channelz2v118Address_UdsAddressC1Ev + + [D] _ZN4grpc8channelz2v118GetChannelResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v118GetChannelResponseC1Ev + + [D] _ZN4grpc8channelz2v118GetChannelResponseC2Ev, aliases _ZN4grpc8channelz2v118GetChannelResponseC1Ev + + [D] _ZN4grpc8channelz2v118GetServersResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v118GetServersResponseC1Ev, aliases _ZN4grpc8channelz2v118GetServersResponseC2Ev + + [D] _ZN4grpc8channelz2v118GetServersResponseC2Ev + + [D] _ZN4grpc8channelz2v118SocketOptionLinger27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v118SocketOptionLingerC1Ev, aliases _ZN4grpc8channelz2v118SocketOptionLingerC2Ev + + [D] _ZN4grpc8channelz2v118SocketOptionLingerC2Ev + + [D] _ZN4grpc8channelz2v119SocketOptionTcpInfo27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v119SocketOptionTcpInfoC1Ev, aliases _ZN4grpc8channelz2v119SocketOptionTcpInfoC2Ev + + [D] _ZN4grpc8channelz2v119SocketOptionTcpInfoC2Ev + + [D] _ZN4grpc8channelz2v119SocketOptionTimeout27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v119SocketOptionTimeoutC1Ev + + [D] _ZN4grpc8channelz2v119SocketOptionTimeoutC2Ev, aliases _ZN4grpc8channelz2v119SocketOptionTimeoutC1Ev + + [D] _ZN4grpc8channelz2v120Address_OtherAddress27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v120Address_OtherAddressC1Ev + + [D] _ZN4grpc8channelz2v120Address_OtherAddressC2Ev, aliases _ZN4grpc8channelz2v120Address_OtherAddressC1Ev + + [D] _ZN4grpc8channelz2v120Address_TcpIpAddress27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v120Address_TcpIpAddressC1Ev + + [D] _ZN4grpc8channelz2v120Address_TcpIpAddressC2Ev, aliases _ZN4grpc8channelz2v120Address_TcpIpAddressC1Ev + + [D] _ZN4grpc8channelz2v120GetSubchannelRequest27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v120GetSubchannelRequestC1Ev + + [D] _ZN4grpc8channelz2v120GetSubchannelRequestC2Ev, aliases _ZN4grpc8channelz2v120GetSubchannelRequestC1Ev + + [D] _ZN4grpc8channelz2v121GetSubchannelResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v121GetSubchannelResponseC1Ev, aliases _ZN4grpc8channelz2v121GetSubchannelResponseC2Ev + + [D] _ZN4grpc8channelz2v121GetSubchannelResponseC2Ev + + [D] _ZN4grpc8channelz2v121GetTopChannelsRequest27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v121GetTopChannelsRequestC1Ev + + [D] _ZN4grpc8channelz2v121GetTopChannelsRequestC2Ev, aliases _ZN4grpc8channelz2v121GetTopChannelsRequestC1Ev + + [D] _ZN4grpc8channelz2v122GetTopChannelsResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v122GetTopChannelsResponseC1Ev, aliases _ZN4grpc8channelz2v122GetTopChannelsResponseC2Ev + + [D] _ZN4grpc8channelz2v122GetTopChannelsResponseC2Ev + + [D] _ZN4grpc8channelz2v122Security_OtherSecurity27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v122Security_OtherSecurityC1Ev, aliases _ZN4grpc8channelz2v122Security_OtherSecurityC2Ev + + [D] _ZN4grpc8channelz2v122Security_OtherSecurityC2Ev + + [D] _ZN4grpc8channelz2v123GetServerSocketsRequest27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v123GetServerSocketsRequestC1Ev, aliases _ZN4grpc8channelz2v123GetServerSocketsRequestC2Ev + + [D] _ZN4grpc8channelz2v123GetServerSocketsRequestC2Ev + + [D] _ZN4grpc8channelz2v124ChannelConnectivityState27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v124ChannelConnectivityStateC1Ev, aliases _ZN4grpc8channelz2v124ChannelConnectivityStateC2Ev + + [D] _ZN4grpc8channelz2v124ChannelConnectivityStateC2Ev + + [D] _ZN4grpc8channelz2v124GetServerSocketsResponse27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v124GetServerSocketsResponseC1Ev, aliases _ZN4grpc8channelz2v124GetServerSocketsResponseC2Ev + + [D] _ZN4grpc8channelz2v124GetServerSocketsResponseC2Ev + + [D] _ZN4grpc8channelz2v16Server27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v16ServerC1Ev + + [D] _ZN4grpc8channelz2v16ServerC2Ev, aliases _ZN4grpc8channelz2v16ServerC1Ev + + [D] _ZN4grpc8channelz2v16Socket27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v16SocketC1Ev, aliases _ZN4grpc8channelz2v16SocketC2Ev + + [D] _ZN4grpc8channelz2v16SocketC2Ev + + [D] _ZN4grpc8channelz2v17Address27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v17AddressC1Ev, aliases _ZN4grpc8channelz2v17AddressC2Ev + + [D] _ZN4grpc8channelz2v17AddressC2Ev + + [D] _ZN4grpc8channelz2v17Channel27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v17ChannelC1Ev, aliases _ZN4grpc8channelz2v17ChannelC2Ev + + [D] _ZN4grpc8channelz2v17ChannelC2Ev + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async10GetChannelEPN9grpc_impl13ClientContextEPKNS1_17GetChannelRequestEPNS1_18GetChannelResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async10GetChannelEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_18GetChannelResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async10GetServersEPN9grpc_impl13ClientContextEPKNS1_17GetServersRequestEPNS1_18GetServersResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async10GetServersEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_18GetServersResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async13GetSubchannelEPN9grpc_impl13ClientContextEPKNS1_20GetSubchannelRequestEPNS1_21GetSubchannelResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async13GetSubchannelEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_21GetSubchannelResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async14GetTopChannelsEPN9grpc_impl13ClientContextEPKNS1_21GetTopChannelsRequestEPNS1_22GetTopChannelsResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async14GetTopChannelsEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_22GetTopChannelsResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async16GetServerSocketsEPN9grpc_impl13ClientContextEPKNS1_23GetServerSocketsRequestEPNS1_24GetServerSocketsResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async16GetServerSocketsEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_24GetServerSocketsResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async9GetServerEPN9grpc_impl13ClientContextEPKNS1_16GetServerRequestEPNS1_17GetServerResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async9GetServerEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_17GetServerResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async9GetSocketEPN9grpc_impl13ClientContextEPKNS1_16GetSocketRequestEPNS1_17GetSocketResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async9GetSocketEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_17GetSocketResponseEPNS_12experimental18ClientUnaryReactorE + + [D] _ZN4grpc8channelz2v18Security27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v18SecurityC1Ev, aliases _ZN4grpc8channelz2v18SecurityC2Ev + + [D] _ZN4grpc8channelz2v18SecurityC2Ev + + [D] _ZN4grpc8channelz2v19ServerRef27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v19ServerRefC1Ev, aliases _ZN4grpc8channelz2v19ServerRefC2Ev + + [D] _ZN4grpc8channelz2v19ServerRefC2Ev + + [D] _ZN4grpc8channelz2v19SocketRef27MergePartialFromCodedStreamEPN6google8protobuf2io16CodedInputStreamE + + [D] _ZN4grpc8channelz2v19SocketRefC1Ev, aliases _ZN4grpc8channelz2v19SocketRefC2Ev + + [D] _ZN4grpc8channelz2v19SocketRefC2Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetServerRequestENS3_17GetServerResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetServerRequestENS3_17GetServerResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetServerRequestENS3_17GetServerResponseEED0Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetServerRequestENS3_17GetServerResponseEED1Ev, aliases _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetServerRequestENS3_17GetServerResponseEED2Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetServerRequestENS3_17GetServerResponseEED2Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetSocketRequestENS3_17GetSocketResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetSocketRequestENS3_17GetSocketResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetSocketRequestENS3_17GetSocketResponseEED0Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetSocketRequestENS3_17GetSocketResponseEED1Ev, aliases _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetSocketRequestENS3_17GetSocketResponseEED2Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetSocketRequestENS3_17GetSocketResponseEED2Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetChannelRequestENS3_18GetChannelResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetChannelRequestENS3_18GetChannelResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetChannelRequestENS3_18GetChannelResponseEED0Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetChannelRequestENS3_18GetChannelResponseEED1Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetChannelRequestENS3_18GetChannelResponseEED2Ev, aliases _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetChannelRequestENS3_18GetChannelResponseEED1Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetServersRequestENS3_18GetServersResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetServersRequestENS3_18GetServersResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetServersRequestENS3_18GetServersResponseEED0Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetServersRequestENS3_18GetServersResponseEED1Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetServersRequestENS3_18GetServersResponseEED2Ev, aliases _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetServersRequestENS3_18GetServersResponseEED1Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_20GetSubchannelRequestENS3_21GetSubchannelResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_20GetSubchannelRequestENS3_21GetSubchannelResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_20GetSubchannelRequestENS3_21GetSubchannelResponseEED0Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_20GetSubchannelRequestENS3_21GetSubchannelResponseEED1Ev, aliases _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_20GetSubchannelRequestENS3_21GetSubchannelResponseEED2Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_20GetSubchannelRequestENS3_21GetSubchannelResponseEED2Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_21GetTopChannelsRequestENS3_22GetTopChannelsResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_21GetTopChannelsRequestENS3_22GetTopChannelsResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_21GetTopChannelsRequestENS3_22GetTopChannelsResponseEED0Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_21GetTopChannelsRequestENS3_22GetTopChannelsResponseEED1Ev, aliases _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_21GetTopChannelsRequestENS3_22GetTopChannelsResponseEED2Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_21GetTopChannelsRequestENS3_22GetTopChannelsResponseEED2Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_23GetServerSocketsRequestENS3_24GetServerSocketsResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterE + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_23GetServerSocketsRequestENS3_24GetServerSocketsResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS_6StatusEPPv + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_23GetServerSocketsRequestENS3_24GetServerSocketsResponseEED0Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_23GetServerSocketsRequestENS3_24GetServerSocketsResponseEED1Ev, aliases _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_23GetServerSocketsRequestENS3_24GetServerSocketsResponseEED2Ev + + [D] _ZN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_23GetServerSocketsRequestENS3_24GetServerSocketsResponseEED2Ev + + [D] _ZN4grpc8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS4_16GetServerRequestENS4_17GetServerResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterEEUlvE_EENS_6StatusEOT_ + + [D] _ZN4grpc8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS4_16GetSocketRequestENS4_17GetSocketResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterEEUlvE_EENS_6StatusEOT_ + + [D] _ZN4grpc8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS4_17GetChannelRequestENS4_18GetChannelResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterEEUlvE_EENS_6StatusEOT_ + + [D] _ZN4grpc8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS4_17GetServersRequestENS4_18GetServersResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterEEUlvE_EENS_6StatusEOT_ + + [D] _ZN4grpc8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS4_20GetSubchannelRequestENS4_21GetSubchannelResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterEEUlvE_EENS_6StatusEOT_ + + [D] _ZN4grpc8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS4_21GetTopChannelsRequestENS4_22GetTopChannelsResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterEEUlvE_EENS_6StatusEOT_ + + [D] _ZN4grpc8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS4_23GetServerSocketsRequestENS4_24GetServerSocketsResponseEE10RunHandlerERKNS0_13MethodHandler16HandlerParameterEEUlvE_EENS_6StatusEOT_ + + [D] _ZN4grpc8internal23ClientCallbackUnaryImpl9StartCallEv + + [D] _ZN4grpc8internal23ClientCallbackUnaryImplD0Ev + + [D] _ZN4grpc8internal23ClientCallbackUnaryImplD1Ev + + [D] _ZN4grpc8internal23ClientCallbackUnaryImplD2Ev, aliases _ZN4grpc8internal23ClientCallbackUnaryImplD1Ev + + [D] _ZN4grpc8internal32ClientAsyncResponseReaderFactoryINS_8channelz2v117GetServerResponseEE6CreateINS3_16GetServerRequestEEEPNS_25ClientAsyncResponseReaderIS4_EEPNS_16ChannelInterfaceEPN9grpc_impl15CompletionQueueERKNS0_9RpcMethodEPNSD_13ClientContextERKT_b + + [D] _ZN4grpc8internal32ClientAsyncResponseReaderFactoryINS_8channelz2v117GetSocketResponseEE6CreateINS3_16GetSocketRequestEEEPNS_25ClientAsyncResponseReaderIS4_EEPNS_16ChannelInterfaceEPN9grpc_impl15CompletionQueueERKNS0_9RpcMethodEPNSD_13ClientContextERKT_b + + [D] _ZN4grpc8internal32ClientAsyncResponseReaderFactoryINS_8channelz2v118GetChannelResponseEE6CreateINS3_17GetChannelRequestEEEPNS_25ClientAsyncResponseReaderIS4_EEPNS_16ChannelInterfaceEPN9grpc_impl15CompletionQueueERKNS0_9RpcMethodEPNSD_13ClientContextERKT_b + + [D] _ZN4grpc8internal32ClientAsyncResponseReaderFactoryINS_8channelz2v118GetServersResponseEE6CreateINS3_17GetServersRequestEEEPNS_25ClientAsyncResponseReaderIS4_EEPNS_16ChannelInterfaceEPN9grpc_impl15CompletionQueueERKNS0_9RpcMethodEPNSD_13ClientContextERKT_b + + [D] _ZN4grpc8internal32ClientAsyncResponseReaderFactoryINS_8channelz2v121GetSubchannelResponseEE6CreateINS3_20GetSubchannelRequestEEEPNS_25ClientAsyncResponseReaderIS4_EEPNS_16ChannelInterfaceEPN9grpc_impl15CompletionQueueERKNS0_9RpcMethodEPNSD_13ClientContextERKT_b + + [D] _ZN4grpc8internal32ClientAsyncResponseReaderFactoryINS_8channelz2v122GetTopChannelsResponseEE6CreateINS3_21GetTopChannelsRequestEEEPNS_25ClientAsyncResponseReaderIS4_EEPNS_16ChannelInterfaceEPN9grpc_impl15CompletionQueueERKNS0_9RpcMethodEPNSD_13ClientContextERKT_b + + [D] _ZN4grpc8internal32ClientAsyncResponseReaderFactoryINS_8channelz2v124GetServerSocketsResponseEE6CreateINS3_23GetServerSocketsRequestEEEPNS_25ClientAsyncResponseReaderIS4_EEPNS_16ChannelInterfaceEPN9grpc_impl15CompletionQueueERKNS0_9RpcMethodEPNSD_13ClientContextERKT_b + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi5EEENS6_ILi6EEEEC1Ev + + [D] _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi5EEENS6_ILi6EEEEC2Ev, aliases _ZN4grpc8internal9CallOpSetINS0_25CallOpSendInitialMetadataENS0_17CallOpSendMessageENS0_21CallOpClientSendCloseENS0_25CallOpRecvInitialMetadataENS0_8CallNoOpILi5EEENS6_ILi6EEEEC1Ev + + [D] _ZN4grpc9ParseJsonEPKcPN6google8protobuf7MessageE + + [D] _ZN6google8protobuf8internal14ArenaStringPtr21CreateInstanceNoArenaEPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v110ChannelRefEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v110ServerDataEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v110SocketDataEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v110SubchannelEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v111ChannelDataEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v112ChannelTraceEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v112Security_TlsEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v112SocketOptionEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v113SubchannelRefEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v116GetServerRequestEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v116GetSocketRequestEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v117ChannelTraceEventEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v117GetChannelRequestEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v117GetServerResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v117GetServersRequestEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v117GetSocketResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v118Address_UdsAddressEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v118GetChannelResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v118GetServersResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v118SocketOptionLingerEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v119SocketOptionTcpInfoEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v119SocketOptionTimeoutEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v120Address_OtherAddressEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v120Address_TcpIpAddressEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v120GetSubchannelRequestEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v121GetSubchannelResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v121GetTopChannelsRequestEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v122GetTopChannelsResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v122Security_OtherSecurityEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v123GetServerSocketsRequestEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v124ChannelConnectivityStateEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v124GetServerSocketsResponseEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v16ServerEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v16SocketEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v17AddressEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v17ChannelEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v18SecurityEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v19ServerRefEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectIN4grpc8channelz2v19SocketRefEEEvPv + + [D] _ZN6google8protobuf8internal21arena_destruct_objectINS1_29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE9ContainerEEEvPv + + [D] _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE27mutable_unknown_fields_slowEv + + [D] _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEED1Ev, aliases _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEED2Ev + + [D] _ZN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEED2Ev + + [D] _ZNK4grpc8channelz2v110ChannelRef24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v110ChannelRef39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v110ServerData24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v110ServerData39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v110SocketData24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v110SocketData39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v110Subchannel24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v110Subchannel39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v111ChannelData24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v111ChannelData39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v112ChannelTrace24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v112ChannelTrace39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v112Security_Tls24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v112Security_Tls39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v112SocketOption24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v112SocketOption39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v113SubchannelRef24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v113SubchannelRef39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v116GetServerRequest24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v116GetServerRequest39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v116GetSocketRequest24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v116GetSocketRequest39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v117ChannelTraceEvent24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v117ChannelTraceEvent39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v117GetChannelRequest24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v117GetChannelRequest39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v117GetServerResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v117GetServerResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v117GetServersRequest24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v117GetServersRequest39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v117GetSocketResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v117GetSocketResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v118Address_UdsAddress24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v118Address_UdsAddress39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v118GetChannelResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v118GetChannelResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v118GetServersResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v118GetServersResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v118SocketOptionLinger24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v118SocketOptionLinger39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v119SocketOptionTcpInfo24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v119SocketOptionTcpInfo39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v119SocketOptionTimeout24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v119SocketOptionTimeout39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v120Address_OtherAddress24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v120Address_OtherAddress39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v120Address_TcpIpAddress24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v120Address_TcpIpAddress39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v120GetSubchannelRequest24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v120GetSubchannelRequest39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v121GetSubchannelResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v121GetSubchannelResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v121GetTopChannelsRequest24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v121GetTopChannelsRequest39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v122GetTopChannelsResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v122GetTopChannelsResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v122Security_OtherSecurity24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v122Security_OtherSecurity39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v123GetServerSocketsRequest24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v123GetServerSocketsRequest39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v124ChannelConnectivityState24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v124ChannelConnectivityState39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v124GetServerSocketsResponse24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v124GetServerSocketsResponse39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v16Server24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v16Server39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v16Socket24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v16Socket39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v17Address24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v17Address39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v17Channel24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v17Channel39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v18Security24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v18Security39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v19ServerRef24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v19ServerRef39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK4grpc8channelz2v19SocketRef24SerializeWithCachedSizesEPN6google8protobuf2io17CodedOutputStreamE + + [D] _ZNK4grpc8channelz2v19SocketRef39InternalSerializeWithCachedSizesToArrayEPh + + [D] _ZNK6google8protobuf11MessageLite20GetMaybeArenaPointerEv + + [D] _ZNSt14_Function_base13_Base_managerISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS2_6StatusEPN9grpc_impl13ServerContextEPKNS4_16GetServerRequestEPNS4_17GetServerResponseEEEE10_M_managerERSt9_Any_dataRKSK_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS2_6StatusEPN9grpc_impl13ServerContextEPKNS4_16GetSocketRequestEPNS4_17GetSocketResponseEEEE10_M_managerERSt9_Any_dataRKSK_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS2_6StatusEPN9grpc_impl13ServerContextEPKNS4_17GetChannelRequestEPNS4_18GetChannelResponseEEEE10_M_managerERSt9_Any_dataRKSK_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS2_6StatusEPN9grpc_impl13ServerContextEPKNS4_17GetServersRequestEPNS4_18GetServersResponseEEEE10_M_managerERSt9_Any_dataRKSK_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS2_6StatusEPN9grpc_impl13ServerContextEPKNS4_20GetSubchannelRequestEPNS4_21GetSubchannelResponseEEEE10_M_managerERSt9_Any_dataRKSK_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS2_6StatusEPN9grpc_impl13ServerContextEPKNS4_21GetTopChannelsRequestEPNS4_22GetTopChannelsResponseEEEE10_M_managerERSt9_Any_dataRKSK_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS2_6StatusEPN9grpc_impl13ServerContextEPKNS4_23GetServerSocketsRequestEPNS4_24GetServerSocketsResponseEEEE10_M_managerERSt9_Any_dataRKSK_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE0_E10_M_managerERSt9_Any_dataRKS6_St18_Manager_operation + + [D] _ZNSt14_Function_base13_Base_managerIZN4grpc8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE_E10_M_managerERSt9_Any_dataRKS6_St18_Manager_operation + + [D] _ZNSt17_Function_handlerIFN4grpc6StatusEPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_16GetServerRequestEPNS3_17GetServerResponseEESt7_Mem_fnIMS5_FS1_S9_SC_SE_EEE9_M_invokeERKSt9_Any_dataOS6_OS9_OSC_OSE_ + + [D] _ZNSt17_Function_handlerIFN4grpc6StatusEPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_16GetSocketRequestEPNS3_17GetSocketResponseEESt7_Mem_fnIMS5_FS1_S9_SC_SE_EEE9_M_invokeERKSt9_Any_dataOS6_OS9_OSC_OSE_ + + [D] _ZNSt17_Function_handlerIFN4grpc6StatusEPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_17GetChannelRequestEPNS3_18GetChannelResponseEESt7_Mem_fnIMS5_FS1_S9_SC_SE_EEE9_M_invokeERKSt9_Any_dataOS6_OS9_OSC_OSE_ + + [D] _ZNSt17_Function_handlerIFN4grpc6StatusEPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_17GetServersRequestEPNS3_18GetServersResponseEESt7_Mem_fnIMS5_FS1_S9_SC_SE_EEE9_M_invokeERKSt9_Any_dataOS6_OS9_OSC_OSE_ + + [D] _ZNSt17_Function_handlerIFN4grpc6StatusEPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_20GetSubchannelRequestEPNS3_21GetSubchannelResponseEESt7_Mem_fnIMS5_FS1_S9_SC_SE_EEE9_M_invokeERKSt9_Any_dataOS6_OS9_OSC_OSE_ + + [D] _ZNSt17_Function_handlerIFN4grpc6StatusEPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_21GetTopChannelsRequestEPNS3_22GetTopChannelsResponseEESt7_Mem_fnIMS5_FS1_S9_SC_SE_EEE9_M_invokeERKSt9_Any_dataOS6_OS9_OSC_OSE_ + + [D] _ZNSt17_Function_handlerIFN4grpc6StatusEPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_23GetServerSocketsRequestEPNS3_24GetServerSocketsResponseEESt7_Mem_fnIMS5_FS1_S9_SC_SE_EEE9_M_invokeERKSt9_Any_dataOS6_OS9_OSC_OSE_ + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE0_E9_M_invokeERKSt9_Any_dataOb + + [D] _ZNSt17_Function_handlerIFvbEZN4grpc8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + + +364 Added function symbols not referenced by debug info: + + + + [A] _ZN4grpc19ServerBuilderPlugin19UpdateServerBuilderEPNS_13ServerBuilderE + + [A] _ZN4grpc8channelz2v110ChannelRef14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v110ChannelRef9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v110ChannelRefC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v110ChannelRefC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v110ChannelRefC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v110ServerData14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v110ServerData9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v110ServerDataC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v110ServerDataC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v110ServerDataC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v110SocketData14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v110SocketData9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v110SocketDataC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v110SocketDataC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v110SocketDataC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v110Subchannel14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v110Subchannel9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v110SubchannelC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v110SubchannelC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v110SubchannelC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v111ChannelData14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v111ChannelData9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v111ChannelDataC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v111ChannelDataC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v111ChannelDataC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v112ChannelTrace14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v112ChannelTrace9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v112ChannelTraceC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v112ChannelTraceC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v112ChannelTraceC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v112Security_Tls14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v112Security_Tls9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v112Security_TlsC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v112Security_TlsC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v112Security_TlsC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v112SocketOption14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v112SocketOption9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v112SocketOptionC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v112SocketOptionC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v112SocketOptionC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v113SubchannelRef14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v113SubchannelRef9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v113SubchannelRefC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v113SubchannelRefC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v113SubchannelRefC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v116GetServerRequest14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v116GetServerRequest9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v116GetServerRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v116GetServerRequestC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v116GetServerRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v116GetSocketRequest14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v116GetSocketRequest9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v116GetSocketRequestC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v116GetSocketRequestC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v116GetSocketRequestC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v117ChannelTraceEvent14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v117ChannelTraceEvent9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v117ChannelTraceEventC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v117ChannelTraceEventC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v117ChannelTraceEventC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v117GetChannelRequest14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v117GetChannelRequest9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v117GetChannelRequestC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v117GetChannelRequestC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v117GetChannelRequestC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v117GetServerResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v117GetServerResponse9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v117GetServerResponseC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v117GetServerResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v117GetServerResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v117GetServersRequest14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v117GetServersRequest9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v117GetServersRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v117GetServersRequestC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v117GetServersRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v117GetSocketResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v117GetSocketResponse9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v117GetSocketResponseC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v117GetSocketResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v117GetSocketResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v118Address_UdsAddress14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v118Address_UdsAddress9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v118Address_UdsAddressC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v118Address_UdsAddressC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v118Address_UdsAddressC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v118GetChannelResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v118GetChannelResponse9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v118GetChannelResponseC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v118GetChannelResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v118GetChannelResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v118GetServersResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v118GetServersResponse9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v118GetServersResponseC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v118GetServersResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v118GetServersResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v118SocketOptionLinger14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v118SocketOptionLinger9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v118SocketOptionLingerC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v118SocketOptionLingerC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v118SocketOptionLingerC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v119SocketOptionTcpInfo14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v119SocketOptionTcpInfo9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v119SocketOptionTcpInfoC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v119SocketOptionTcpInfoC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v119SocketOptionTcpInfoC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v119SocketOptionTimeout14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v119SocketOptionTimeout9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v119SocketOptionTimeoutC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v119SocketOptionTimeoutC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v119SocketOptionTimeoutC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v120Address_OtherAddress14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v120Address_OtherAddress9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v120Address_OtherAddressC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v120Address_OtherAddressC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v120Address_OtherAddressC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v120Address_TcpIpAddress14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v120Address_TcpIpAddress9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v120Address_TcpIpAddressC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v120Address_TcpIpAddressC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v120Address_TcpIpAddressC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v120GetSubchannelRequest14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v120GetSubchannelRequest9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v120GetSubchannelRequestC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v120GetSubchannelRequestC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v120GetSubchannelRequestC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v121GetSubchannelResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v121GetSubchannelResponse9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v121GetSubchannelResponseC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v121GetSubchannelResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v121GetSubchannelResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v121GetTopChannelsRequest14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v121GetTopChannelsRequest9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v121GetTopChannelsRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v121GetTopChannelsRequestC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v121GetTopChannelsRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v122GetTopChannelsResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v122GetTopChannelsResponse9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v122GetTopChannelsResponseC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v122GetTopChannelsResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v122GetTopChannelsResponseC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v122Security_OtherSecurity14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v122Security_OtherSecurity9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v122Security_OtherSecurityC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v122Security_OtherSecurityC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v122Security_OtherSecurityC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v123GetServerSocketsRequest14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v123GetServerSocketsRequest9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v123GetServerSocketsRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v123GetServerSocketsRequestC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v123GetServerSocketsRequestC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v124ChannelConnectivityState14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v124ChannelConnectivityState9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v124ChannelConnectivityStateC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v124ChannelConnectivityStateC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v124ChannelConnectivityStateC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v124GetServerSocketsResponse14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v124GetServerSocketsResponse9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v124GetServerSocketsResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v124GetServerSocketsResponseC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v124GetServerSocketsResponseC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v16Server14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v16Server9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v16ServerC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v16ServerC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v16ServerC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v16Socket14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v16Socket9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v16SocketC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v16SocketC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v16SocketC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v17Address14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v17Address9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v17AddressC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v17AddressC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v17AddressC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v17Channel14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v17Channel9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v17ChannelC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v17ChannelC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v17ChannelC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async10GetChannelEPN9grpc_impl13ClientContextEPKNS1_17GetChannelRequestEPNS1_18GetChannelResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async10GetChannelEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_18GetChannelResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async10GetServersEPN9grpc_impl13ClientContextEPKNS1_17GetServersRequestEPNS1_18GetServersResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async10GetServersEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_18GetServersResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async13GetSubchannelEPN9grpc_impl13ClientContextEPKNS1_20GetSubchannelRequestEPNS1_21GetSubchannelResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async13GetSubchannelEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_21GetSubchannelResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async14GetTopChannelsEPN9grpc_impl13ClientContextEPKNS1_21GetTopChannelsRequestEPNS1_22GetTopChannelsResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async14GetTopChannelsEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_22GetTopChannelsResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async16GetServerSocketsEPN9grpc_impl13ClientContextEPKNS1_23GetServerSocketsRequestEPNS1_24GetServerSocketsResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async16GetServerSocketsEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_24GetServerSocketsResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async9GetServerEPN9grpc_impl13ClientContextEPKNS1_16GetServerRequestEPNS1_17GetServerResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async9GetServerEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_17GetServerResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async9GetSocketEPN9grpc_impl13ClientContextEPKNS1_16GetSocketRequestEPNS1_17GetSocketResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Channelz4Stub18experimental_async9GetSocketEPN9grpc_impl13ClientContextEPKNS_10ByteBufferEPNS1_17GetSocketResponseEPNS5_18ClientUnaryReactorE + + [A] _ZN4grpc8channelz2v18Security14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v18Security9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v18SecurityC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v18SecurityC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v18SecurityC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v19ServerRef14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v19ServerRef9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v19ServerRefC1EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v19ServerRefC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v19ServerRefC2EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v19SocketRef14_InternalParseEPKcPN6google8protobuf8internal12ParseContextE + + [A] _ZN4grpc8channelz2v19SocketRef9ArenaDtorEPv + + [A] _ZN4grpc8channelz2v19SocketRefC1EPN6google8protobuf5ArenaE + + [A] _ZN4grpc8channelz2v19SocketRefC2EPN6google8protobuf5ArenaE, aliases _ZN4grpc8channelz2v19SocketRefC1EPN6google8protobuf5ArenaE + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v110ChannelRefEED1Ev, aliases _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v110ChannelRefEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v110ChannelRefEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v112SocketOptionEED1Ev, aliases _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v112SocketOptionEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v112SocketOptionEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v113SubchannelRefEED1Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v113SubchannelRefEED2Ev, aliases _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v113SubchannelRefEED1Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v117ChannelTraceEventEED1Ev, aliases _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v117ChannelTraceEventEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v117ChannelTraceEventEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v16ServerEED1Ev, aliases _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v16ServerEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v16ServerEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v17ChannelEED1Ev, aliases _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v17ChannelEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v17ChannelEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v19SocketRefEED1Ev, aliases _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v19SocketRefEED2Ev + + [A] _ZN6google8protobuf16RepeatedPtrFieldIN4grpc8channelz2v19SocketRefEED2Ev + + [A] _ZN6google8protobuf2io19EpsCopyOutputStream23WriteStringMaybeAliasedEjRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPh + + [A] _ZN6google8protobuf8internal11VarintParseIjEEPKcS4_PT_ + + [A] _ZN6google8protobuf8internal11VarintParseImEEPKcS4_PT_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageIN4grpc8channelz2v110ChannelRefEEEPKcPT_S9_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageIN4grpc8channelz2v111ChannelDataEEEPKcPT_S9_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageIN4grpc8channelz2v112ChannelTraceEEEPKcPT_S9_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageIN4grpc8channelz2v113SubchannelRefEEEPKcPT_S9_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageIN4grpc8channelz2v16ServerEEEPKcPT_S9_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageIN4grpc8channelz2v17AddressEEEPKcPT_S9_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageIN4grpc8channelz2v17ChannelEEEPKcPT_S9_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageIN4grpc8channelz2v19SocketRefEEEPKcPT_S9_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageINS0_10Int64ValueEEEPKcPT_S6_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageINS0_3AnyEEEPKcPT_S6_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageINS0_8DurationEEEPKcPT_S6_ + + [A] _ZN6google8protobuf8internal12ParseContext12ParseMessageINS0_9TimestampEEEPKcPT_S6_ + + [A] _ZN6google8protobuf8internal14ArenaStringPtr14CreateInstanceEPNS0_5ArenaEPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN6google8protobuf8internal16InternalMetadata11DoMergeFromINS0_15UnknownFieldSetEEEvRKT_ + + [A] _ZN6google8protobuf8internal16InternalMetadata27mutable_unknown_fields_slowINS0_15UnknownFieldSetEEEPT_v + + [A] _ZN6google8protobuf8internal16InternalMetadata6DoSwapINS0_15UnknownFieldSetEEEvPT_ + + [A] _ZN6google8protobuf8internal16InternalMetadata7DoClearINS0_15UnknownFieldSetEEEvv + + [A] _ZN6google8protobuf8internal18EpsCopyInputStream13DoneWithCheckEPPKci + + [A] _ZN6google8protobuf8internal18EpsCopyInputStream9PushLimitEPKci + + [A] _ZN6google8protobuf8internal20RepeatedPtrFieldBase12InternalSwapEPS2_ + + [A] _ZN6google8protobuf8internal20RepeatedPtrFieldBase5ClearINS0_16RepeatedPtrFieldIN4grpc8channelz2v110ChannelRefEE11TypeHandlerEEEvv + + [A] _ZN6google8protobuf8internal20RepeatedPtrFieldBase5ClearINS0_16RepeatedPtrFieldIN4grpc8channelz2v112SocketOptionEE11TypeHandlerEEEvv + + [A] _ZN6google8protobuf8internal20RepeatedPtrFieldBase5ClearINS0_16RepeatedPtrFieldIN4grpc8channelz2v113SubchannelRefEE11TypeHandlerEEEvv + + [A] _ZN6google8protobuf8internal20RepeatedPtrFieldBase5ClearINS0_16RepeatedPtrFieldIN4grpc8channelz2v117ChannelTraceEventEE11TypeHandlerEEEvv + + [A] _ZN6google8protobuf8internal20RepeatedPtrFieldBase5ClearINS0_16RepeatedPtrFieldIN4grpc8channelz2v16ServerEE11TypeHandlerEEEvv + + [A] _ZN6google8protobuf8internal20RepeatedPtrFieldBase5ClearINS0_16RepeatedPtrFieldIN4grpc8channelz2v17ChannelEE11TypeHandlerEEEvv + + [A] _ZN6google8protobuf8internal20RepeatedPtrFieldBase5ClearINS0_16RepeatedPtrFieldIN4grpc8channelz2v19SocketRefEE11TypeHandlerEEEvv + + [A] _ZN6google8protobuf8internal20RepeatedPtrFieldBase9MergeFromINS0_16RepeatedPtrFieldIN4grpc8channelz2v19SocketRefEE11TypeHandlerEEEvRKS2_ + + [A] _ZN6google8protobuf8internal21arena_destruct_objectINS1_16InternalMetadata9ContainerINS0_15UnknownFieldSetEEEEEvPv + + [A] _ZN6google8protobuf8internal21arena_destruct_objectINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEEvPv + + [A] _ZN6google8protobuf8internal7memswapILi100EEENSt9enable_ifIXaageT_stoltT_lsLj1ELi31EEvE4typeEPcS6_ + + [A] _ZN6google8protobuf8internal7memswapILi24EEENSt9enable_ifIXaageT_stoltT_lsLj1ELi31EEvE4typeEPcS6_ + + [A] _ZN6google8protobuf8internal7memswapILi40EEENSt9enable_ifIXaageT_stoltT_lsLj1ELi31EEvE4typeEPcS6_ + + [A] _ZN6google8protobuf8internal7memswapILi48EEENSt9enable_ifIXaageT_stoltT_lsLj1ELi31EEvE4typeEPcS6_ + + [A] _ZN6google8protobuf8internal7memswapILi9EEENSt9enable_ifIXaageT_stmltT_Li16EEvE4typeEPcS6_ + + [A] _ZN6google8protobuf8internal8ReadSizeEPPKc + + [A] _ZN9grpc_impl18ClientUnaryReactor25OnReadInitialMetadataDoneEb + + [A] _ZN9grpc_impl18ClientUnaryReactor6OnDoneERKN4grpc6StatusE + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEE19ReadInitialMetadataEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEE6FinishEPS4_PNS1_6StatusEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEE9StartCallEv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEED0Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEED2Ev, _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEED2Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEE19ReadInitialMetadataEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEE6FinishEPS4_PNS1_6StatusEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEE9StartCallEv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEED0Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEED1Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEED0Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEED2Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEED1Ev, _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEED0Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEE19ReadInitialMetadataEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEE6FinishEPS4_PNS1_6StatusEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEE9StartCallEv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEED0Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEED2Ev, _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEED2Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEE19ReadInitialMetadataEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEE6FinishEPS4_PNS1_6StatusEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEE9StartCallEv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEED0Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEED2Ev, _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEED2Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEE19ReadInitialMetadataEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEE6FinishEPS4_PNS1_6StatusEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEE9StartCallEv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEED0Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEED2Ev, _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEED2Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEED1Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEE19ReadInitialMetadataEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEE6FinishEPS4_PNS1_6StatusEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEE9StartCallEv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEED0Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEED2Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEED1Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEED0Ev, _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEED2Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEED2Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEE19ReadInitialMetadataEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEE6FinishEPS4_PNS1_6StatusEPv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEE9StartCallEv + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEED0Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEED2Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEED1Ev, aliases _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEED0Ev, _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEED2Ev + + [A] _ZN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEED2Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetServerRequestENS4_17GetServerResponseEE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetServerRequestENS4_17GetServerResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetServerRequestENS4_17GetServerResponseEED0Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetServerRequestENS4_17GetServerResponseEED1Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetServerRequestENS4_17GetServerResponseEED2Ev, aliases _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetServerRequestENS4_17GetServerResponseEED1Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetSocketRequestENS4_17GetSocketResponseEE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetSocketRequestENS4_17GetSocketResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetSocketRequestENS4_17GetSocketResponseEED0Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetSocketRequestENS4_17GetSocketResponseEED1Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetSocketRequestENS4_17GetSocketResponseEED2Ev, aliases _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetSocketRequestENS4_17GetSocketResponseEED1Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetChannelRequestENS4_18GetChannelResponseEE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetChannelRequestENS4_18GetChannelResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetChannelRequestENS4_18GetChannelResponseEED0Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetChannelRequestENS4_18GetChannelResponseEED1Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetChannelRequestENS4_18GetChannelResponseEED2Ev, aliases _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetChannelRequestENS4_18GetChannelResponseEED1Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetServersRequestENS4_18GetServersResponseEE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetServersRequestENS4_18GetServersResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetServersRequestENS4_18GetServersResponseEED0Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetServersRequestENS4_18GetServersResponseEED1Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetServersRequestENS4_18GetServersResponseEED2Ev, aliases _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetServersRequestENS4_18GetServersResponseEED1Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_20GetSubchannelRequestENS4_21GetSubchannelResponseEE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_20GetSubchannelRequestENS4_21GetSubchannelResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_20GetSubchannelRequestENS4_21GetSubchannelResponseEED0Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_20GetSubchannelRequestENS4_21GetSubchannelResponseEED1Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_20GetSubchannelRequestENS4_21GetSubchannelResponseEED2Ev, aliases _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_20GetSubchannelRequestENS4_21GetSubchannelResponseEED1Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_21GetTopChannelsRequestENS4_22GetTopChannelsResponseEE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_21GetTopChannelsRequestENS4_22GetTopChannelsResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_21GetTopChannelsRequestENS4_22GetTopChannelsResponseEED0Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_21GetTopChannelsRequestENS4_22GetTopChannelsResponseEED1Ev, aliases _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_21GetTopChannelsRequestENS4_22GetTopChannelsResponseEED2Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_21GetTopChannelsRequestENS4_22GetTopChannelsResponseEED2Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_23GetServerSocketsRequestENS4_24GetServerSocketsResponseEE10RunHandlerERKNS2_8internal13MethodHandler16HandlerParameterE + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_23GetServerSocketsRequestENS4_24GetServerSocketsResponseEE11DeserializeEP9grpc_callP16grpc_byte_bufferPNS2_6StatusEPPv + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_23GetServerSocketsRequestENS4_24GetServerSocketsResponseEED0Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_23GetServerSocketsRequestENS4_24GetServerSocketsResponseEED1Ev, aliases _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_23GetServerSocketsRequestENS4_24GetServerSocketsResponseEED2Ev + + [A] _ZN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_23GetServerSocketsRequestENS4_24GetServerSocketsResponseEED2Ev + + [A] _ZN9grpc_impl8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS5_16GetServerRequestENS5_17GetServerResponseEE10RunHandlerERKNS3_8internal13MethodHandler16HandlerParameterEEUlvE_EENS3_6StatusEOT_ + + [A] _ZN9grpc_impl8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS5_16GetSocketRequestENS5_17GetSocketResponseEE10RunHandlerERKNS3_8internal13MethodHandler16HandlerParameterEEUlvE_EENS3_6StatusEOT_ + + [A] _ZN9grpc_impl8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS5_17GetChannelRequestENS5_18GetChannelResponseEE10RunHandlerERKNS3_8internal13MethodHandler16HandlerParameterEEUlvE_EENS3_6StatusEOT_ + + [A] _ZN9grpc_impl8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS5_17GetServersRequestENS5_18GetServersResponseEE10RunHandlerERKNS3_8internal13MethodHandler16HandlerParameterEEUlvE_EENS3_6StatusEOT_ + + [A] _ZN9grpc_impl8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS5_20GetSubchannelRequestENS5_21GetSubchannelResponseEE10RunHandlerERKNS3_8internal13MethodHandler16HandlerParameterEEUlvE_EENS3_6StatusEOT_ + + [A] _ZN9grpc_impl8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS5_21GetTopChannelsRequestENS5_22GetTopChannelsResponseEE10RunHandlerERKNS3_8internal13MethodHandler16HandlerParameterEEUlvE_EENS3_6StatusEOT_ + + [A] _ZN9grpc_impl8internal23CatchingFunctionHandlerIZNS0_16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS5_23GetServerSocketsRequestENS5_24GetServerSocketsResponseEE10RunHandlerERKNS3_8internal13MethodHandler16HandlerParameterEEUlvE_EENS3_6StatusEOT_ + + [A] _ZN9grpc_impl8internal23ClientCallbackUnaryImpl9StartCallEv + + [A] _ZN9grpc_impl8internal23ClientCallbackUnaryImplD0Ev + + [A] _ZN9grpc_impl8internal23ClientCallbackUnaryImplD1Ev + + [A] _ZN9grpc_impl8internal23ClientCallbackUnaryImplD2Ev, aliases _ZN9grpc_impl8internal23ClientCallbackUnaryImplD1Ev + + [A] _ZN9grpc_impl8internal32ClientAsyncResponseReaderFactoryIN4grpc8channelz2v117GetServerResponseEE6CreateINS4_16GetServerRequestEEEPNS_25ClientAsyncResponseReaderIS5_EEPNS2_16ChannelInterfaceEPNS_15CompletionQueueERKNS2_8internal9RpcMethodEPNS_13ClientContextERKT_b + + [A] _ZN9grpc_impl8internal32ClientAsyncResponseReaderFactoryIN4grpc8channelz2v117GetSocketResponseEE6CreateINS4_16GetSocketRequestEEEPNS_25ClientAsyncResponseReaderIS5_EEPNS2_16ChannelInterfaceEPNS_15CompletionQueueERKNS2_8internal9RpcMethodEPNS_13ClientContextERKT_b + + [A] _ZN9grpc_impl8internal32ClientAsyncResponseReaderFactoryIN4grpc8channelz2v118GetChannelResponseEE6CreateINS4_17GetChannelRequestEEEPNS_25ClientAsyncResponseReaderIS5_EEPNS2_16ChannelInterfaceEPNS_15CompletionQueueERKNS2_8internal9RpcMethodEPNS_13ClientContextERKT_b + + [A] _ZN9grpc_impl8internal32ClientAsyncResponseReaderFactoryIN4grpc8channelz2v118GetServersResponseEE6CreateINS4_17GetServersRequestEEEPNS_25ClientAsyncResponseReaderIS5_EEPNS2_16ChannelInterfaceEPNS_15CompletionQueueERKNS2_8internal9RpcMethodEPNS_13ClientContextERKT_b + + [A] _ZN9grpc_impl8internal32ClientAsyncResponseReaderFactoryIN4grpc8channelz2v121GetSubchannelResponseEE6CreateINS4_20GetSubchannelRequestEEEPNS_25ClientAsyncResponseReaderIS5_EEPNS2_16ChannelInterfaceEPNS_15CompletionQueueERKNS2_8internal9RpcMethodEPNS_13ClientContextERKT_b + + [A] _ZN9grpc_impl8internal32ClientAsyncResponseReaderFactoryIN4grpc8channelz2v122GetTopChannelsResponseEE6CreateINS4_21GetTopChannelsRequestEEEPNS_25ClientAsyncResponseReaderIS5_EEPNS2_16ChannelInterfaceEPNS_15CompletionQueueERKNS2_8internal9RpcMethodEPNS_13ClientContextERKT_b + + [A] _ZN9grpc_impl8internal32ClientAsyncResponseReaderFactoryIN4grpc8channelz2v124GetServerSocketsResponseEE6CreateINS4_23GetServerSocketsRequestEEEPNS_25ClientAsyncResponseReaderIS5_EEPNS2_16ChannelInterfaceEPNS_15CompletionQueueERKNS2_8internal9RpcMethodEPNS_13ClientContextERKT_b + + [A] _ZNK4grpc8channelz2v110ChannelRef18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v110ServerData18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v110SocketData18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v110Subchannel18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v111ChannelData18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v112ChannelTrace18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v112Security_Tls18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v112SocketOption18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v113SubchannelRef18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v116GetServerRequest18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v116GetSocketRequest18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v117ChannelTraceEvent18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v117GetChannelRequest18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v117GetServerResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v117GetServersRequest18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v117GetSocketResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v118Address_UdsAddress18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v118GetChannelResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v118GetServersResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v118SocketOptionLinger18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v119SocketOptionTcpInfo18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v119SocketOptionTimeout18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v120Address_OtherAddress18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v120Address_TcpIpAddress18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v120GetSubchannelRequest18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v121GetSubchannelResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v121GetTopChannelsRequest18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v122GetTopChannelsResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v122Security_OtherSecurity18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v123GetServerSocketsRequest18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v124ChannelConnectivityState18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v124GetServerSocketsResponse18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v16Server18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v16Socket18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v17Address18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v17Channel18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v18Security18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v19ServerRef18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNK4grpc8channelz2v19SocketRef18_InternalSerializeEPhPN6google8protobuf2io19EpsCopyOutputStreamE + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE0_E10_M_managerERSt9_Any_dataRKS6_St18_Manager_operation + + [A] _ZNSt14_Function_base13_Base_managerIZN9grpc_impl8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE_E10_M_managerERSt9_Any_dataRKS6_St18_Manager_operation + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE0_E9_M_invokeERKSt9_Any_dataOb + + [A] _ZNSt17_Function_handlerIFvbEZN9grpc_impl8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE_E9_M_invokeERKSt9_Any_dataOb + + + +109 Removed variable symbols not referenced by debug info: + + + + [D] _ZTIN4grpc12experimental19ClientCallbackUnaryE + + [D] _ZTIN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEEE + + [D] _ZTIN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEEE + + [D] _ZTIN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEEE + + [D] _ZTIN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEEE + + [D] _ZTIN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEEE + + [D] _ZTIN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEEE + + [D] _ZTIN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEEE + + [D] _ZTIN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v117GetServerResponseEEE + + [D] _ZTIN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v117GetSocketResponseEEE + + [D] _ZTIN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v118GetChannelResponseEEE + + [D] _ZTIN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v118GetServersResponseEEE + + [D] _ZTIN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v121GetSubchannelResponseEEE + + [D] _ZTIN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v122GetTopChannelsResponseEEE + + [D] _ZTIN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v124GetServerSocketsResponseEEE + + [D] _ZTIN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetServerRequestENS3_17GetServerResponseEEE + + [D] _ZTIN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetSocketRequestENS3_17GetSocketResponseEEE + + [D] _ZTIN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetChannelRequestENS3_18GetChannelResponseEEE + + [D] _ZTIN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetServersRequestENS3_18GetServersResponseEEE + + [D] _ZTIN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_20GetSubchannelRequestENS3_21GetSubchannelResponseEEE + + [D] _ZTIN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_21GetTopChannelsRequestENS3_22GetTopChannelsResponseEEE + + [D] _ZTIN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_23GetServerSocketsRequestENS3_24GetServerSocketsResponseEEE + + [D] _ZTIN4grpc8internal23ClientCallbackUnaryImplE + + [D] _ZTIN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE9ContainerE + + [D] _ZTISt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_16GetServerRequestEPNS2_17GetServerResponseEELb1EE + + [D] _ZTISt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_16GetSocketRequestEPNS2_17GetSocketResponseEELb1EE + + [D] _ZTISt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_17GetChannelRequestEPNS2_18GetChannelResponseEELb1EE + + [D] _ZTISt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_17GetServersRequestEPNS2_18GetServersResponseEELb1EE + + [D] _ZTISt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_20GetSubchannelRequestEPNS2_21GetSubchannelResponseEELb1EE + + [D] _ZTISt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_21GetTopChannelsRequestEPNS2_22GetTopChannelsResponseEELb1EE + + [D] _ZTISt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_23GetServerSocketsRequestEPNS2_24GetServerSocketsResponseEELb1EE + + [D] _ZTISt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_16GetServerRequestEPNS3_17GetServerResponseEEE + + [D] _ZTISt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_16GetSocketRequestEPNS3_17GetSocketResponseEEE + + [D] _ZTISt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_17GetChannelRequestEPNS3_18GetChannelResponseEEE + + [D] _ZTISt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_17GetServersRequestEPNS3_18GetServersResponseEEE + + [D] _ZTISt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_20GetSubchannelRequestEPNS3_21GetSubchannelResponseEEE + + [D] _ZTISt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_21GetTopChannelsRequestEPNS3_22GetTopChannelsResponseEEE + + [D] _ZTISt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_23GetServerSocketsRequestEPNS3_24GetServerSocketsResponseEEE + + [D] _ZTISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_16GetServerRequestEPNS2_17GetServerResponseEEE + + [D] _ZTISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_16GetSocketRequestEPNS2_17GetSocketResponseEEE + + [D] _ZTISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_17GetChannelRequestEPNS2_18GetChannelResponseEEE + + [D] _ZTISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_17GetServersRequestEPNS2_18GetServersResponseEEE + + [D] _ZTISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_20GetSubchannelRequestEPNS2_21GetSubchannelResponseEEE + + [D] _ZTISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_21GetTopChannelsRequestEPNS2_22GetTopChannelsResponseEEE + + [D] _ZTISt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_23GetServerSocketsRequestEPNS2_24GetServerSocketsResponseEEE + + [D] _ZTIZN4grpc8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE0_ + + [D] _ZTIZN4grpc8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE_ + + [D] _ZTSN4grpc12experimental19ClientCallbackUnaryE + + [D] _ZTSN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEEE + + [D] _ZTSN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEEE + + [D] _ZTSN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEEE + + [D] _ZTSN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEEE + + [D] _ZTSN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEEE + + [D] _ZTSN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEEE + + [D] _ZTSN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEEE + + [D] _ZTSN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v117GetServerResponseEEE + + [D] _ZTSN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v117GetSocketResponseEEE + + [D] _ZTSN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v118GetChannelResponseEEE + + [D] _ZTSN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v118GetServersResponseEEE + + [D] _ZTSN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v121GetSubchannelResponseEEE + + [D] _ZTSN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v122GetTopChannelsResponseEEE + + [D] _ZTSN4grpc34ClientAsyncResponseReaderInterfaceINS_8channelz2v124GetServerSocketsResponseEEE + + [D] _ZTSN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetServerRequestENS3_17GetServerResponseEEE + + [D] _ZTSN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetSocketRequestENS3_17GetSocketResponseEEE + + [D] _ZTSN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetChannelRequestENS3_18GetChannelResponseEEE + + [D] _ZTSN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetServersRequestENS3_18GetServersResponseEEE + + [D] _ZTSN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_20GetSubchannelRequestENS3_21GetSubchannelResponseEEE + + [D] _ZTSN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_21GetTopChannelsRequestENS3_22GetTopChannelsResponseEEE + + [D] _ZTSN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_23GetServerSocketsRequestENS3_24GetServerSocketsResponseEEE + + [D] _ZTSN4grpc8internal23ClientCallbackUnaryImplE + + [D] _ZTSN6google8protobuf8internal29InternalMetadataWithArenaBaseINS0_15UnknownFieldSetENS1_25InternalMetadataWithArenaEE9ContainerE + + [D] _ZTSSt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_16GetServerRequestEPNS2_17GetServerResponseEELb1EE + + [D] _ZTSSt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_16GetSocketRequestEPNS2_17GetSocketResponseEELb1EE + + [D] _ZTSSt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_17GetChannelRequestEPNS2_18GetChannelResponseEELb1EE + + [D] _ZTSSt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_17GetServersRequestEPNS2_18GetServersResponseEELb1EE + + [D] _ZTSSt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_20GetSubchannelRequestEPNS2_21GetSubchannelResponseEELb1EE + + [D] _ZTSSt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_21GetTopChannelsRequestEPNS2_22GetTopChannelsResponseEELb1EE + + [D] _ZTSSt12_Mem_fn_baseIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_23GetServerSocketsRequestEPNS2_24GetServerSocketsResponseEELb1EE + + [D] _ZTSSt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_16GetServerRequestEPNS3_17GetServerResponseEEE + + [D] _ZTSSt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_16GetSocketRequestEPNS3_17GetSocketResponseEEE + + [D] _ZTSSt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_17GetChannelRequestEPNS3_18GetChannelResponseEEE + + [D] _ZTSSt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_17GetServersRequestEPNS3_18GetServersResponseEEE + + [D] _ZTSSt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_20GetSubchannelRequestEPNS3_21GetSubchannelResponseEEE + + [D] _ZTSSt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_21GetTopChannelsRequestEPNS3_22GetTopChannelsResponseEEE + + [D] _ZTSSt31_Maybe_unary_or_binary_functionIN4grpc6StatusEJPNS0_8channelz2v18Channelz7ServiceEPN9grpc_impl13ServerContextEPKNS3_23GetServerSocketsRequestEPNS3_24GetServerSocketsResponseEEE + + [D] _ZTSSt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_16GetServerRequestEPNS2_17GetServerResponseEEE + + [D] _ZTSSt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_16GetSocketRequestEPNS2_17GetSocketResponseEEE + + [D] _ZTSSt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_17GetChannelRequestEPNS2_18GetChannelResponseEEE + + [D] _ZTSSt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_17GetServersRequestEPNS2_18GetServersResponseEEE + + [D] _ZTSSt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_20GetSubchannelRequestEPNS2_21GetSubchannelResponseEEE + + [D] _ZTSSt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_21GetTopChannelsRequestEPNS2_22GetTopChannelsResponseEEE + + [D] _ZTSSt7_Mem_fnIMN4grpc8channelz2v18Channelz7ServiceEFNS0_6StatusEPN9grpc_impl13ServerContextEPKNS2_23GetServerSocketsRequestEPNS2_24GetServerSocketsResponseEEE + + [D] _ZTSZN4grpc8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE0_ + + [D] _ZTSZN4grpc8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE_ + + [D] _ZTVN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetServerResponseEEE + + [D] _ZTVN4grpc25ClientAsyncResponseReaderINS_8channelz2v117GetSocketResponseEEE + + [D] _ZTVN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetChannelResponseEEE + + [D] _ZTVN4grpc25ClientAsyncResponseReaderINS_8channelz2v118GetServersResponseEEE + + [D] _ZTVN4grpc25ClientAsyncResponseReaderINS_8channelz2v121GetSubchannelResponseEEE + + [D] _ZTVN4grpc25ClientAsyncResponseReaderINS_8channelz2v122GetTopChannelsResponseEEE + + [D] _ZTVN4grpc25ClientAsyncResponseReaderINS_8channelz2v124GetServerSocketsResponseEEE + + [D] _ZTVN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetServerRequestENS3_17GetServerResponseEEE + + [D] _ZTVN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_16GetSocketRequestENS3_17GetSocketResponseEEE + + [D] _ZTVN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetChannelRequestENS3_18GetChannelResponseEEE + + [D] _ZTVN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_17GetServersRequestENS3_18GetServersResponseEEE + + [D] _ZTVN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_20GetSubchannelRequestENS3_21GetSubchannelResponseEEE + + [D] _ZTVN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_21GetTopChannelsRequestENS3_22GetTopChannelsResponseEEE + + [D] _ZTVN4grpc8internal16RpcMethodHandlerINS_8channelz2v18Channelz7ServiceENS3_23GetServerSocketsRequestENS3_24GetServerSocketsResponseEEE + + [D] _ZTVN4grpc8internal23ClientCallbackUnaryImplE + + + +65 Added variable symbols not referenced by debug info: + + + + _ZTIN9grpc_impl19ClientCallbackUnaryE + + _ZTIN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEEE + + _ZTIN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEEE + + _ZTIN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEEE + + _ZTIN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEEE + + _ZTIN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEEE + + _ZTIN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEEE + + _ZTIN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEEE + + _ZTIN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v117GetServerResponseEEE + + _ZTIN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v117GetSocketResponseEEE + + _ZTIN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v118GetChannelResponseEEE + + _ZTIN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v118GetServersResponseEEE + + _ZTIN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v121GetSubchannelResponseEEE + + _ZTIN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v122GetTopChannelsResponseEEE + + _ZTIN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v124GetServerSocketsResponseEEE + + _ZTIN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetServerRequestENS4_17GetServerResponseEEE + + _ZTIN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetSocketRequestENS4_17GetSocketResponseEEE + + _ZTIN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetChannelRequestENS4_18GetChannelResponseEEE + + _ZTIN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetServersRequestENS4_18GetServersResponseEEE + + _ZTIN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_20GetSubchannelRequestENS4_21GetSubchannelResponseEEE + + _ZTIN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_21GetTopChannelsRequestENS4_22GetTopChannelsResponseEEE + + _ZTIN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_23GetServerSocketsRequestENS4_24GetServerSocketsResponseEEE + + _ZTIN9grpc_impl8internal23ClientCallbackUnaryImplE + + _ZTIZN9grpc_impl8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE0_ + + _ZTIZN9grpc_impl8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE_ + + _ZTSN9grpc_impl19ClientCallbackUnaryE + + _ZTSN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEEE + + _ZTSN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEEE + + _ZTSN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEEE + + _ZTSN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEEE + + _ZTSN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEEE + + _ZTSN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEEE + + _ZTSN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEEE + + _ZTSN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v117GetServerResponseEEE + + _ZTSN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v117GetSocketResponseEEE + + _ZTSN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v118GetChannelResponseEEE + + _ZTSN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v118GetServersResponseEEE + + _ZTSN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v121GetSubchannelResponseEEE + + _ZTSN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v122GetTopChannelsResponseEEE + + _ZTSN9grpc_impl34ClientAsyncResponseReaderInterfaceIN4grpc8channelz2v124GetServerSocketsResponseEEE + + _ZTSN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetServerRequestENS4_17GetServerResponseEEE + + _ZTSN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetSocketRequestENS4_17GetSocketResponseEEE + + _ZTSN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetChannelRequestENS4_18GetChannelResponseEEE + + _ZTSN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetServersRequestENS4_18GetServersResponseEEE + + _ZTSN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_20GetSubchannelRequestENS4_21GetSubchannelResponseEEE + + _ZTSN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_21GetTopChannelsRequestENS4_22GetTopChannelsResponseEEE + + _ZTSN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_23GetServerSocketsRequestENS4_24GetServerSocketsResponseEEE + + _ZTSN9grpc_impl8internal23ClientCallbackUnaryImplE + + _ZTSZN9grpc_impl8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE0_ + + _ZTSZN9grpc_impl8internal23ClientCallbackUnaryImpl9StartCallEvEUlbE_ + + _ZTVN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetServerResponseEEE + + _ZTVN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v117GetSocketResponseEEE + + _ZTVN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetChannelResponseEEE + + _ZTVN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v118GetServersResponseEEE + + _ZTVN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v121GetSubchannelResponseEEE + + _ZTVN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v122GetTopChannelsResponseEEE + + _ZTVN9grpc_impl25ClientAsyncResponseReaderIN4grpc8channelz2v124GetServerSocketsResponseEEE + + _ZTVN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetServerRequestENS4_17GetServerResponseEEE + + _ZTVN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_16GetSocketRequestENS4_17GetSocketResponseEEE + + _ZTVN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetChannelRequestENS4_18GetChannelResponseEEE + + _ZTVN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_17GetServersRequestENS4_18GetServersResponseEEE + + _ZTVN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_20GetSubchannelRequestENS4_21GetSubchannelResponseEEE + + _ZTVN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_21GetTopChannelsRequestENS4_22GetTopChannelsResponseEEE + + _ZTVN9grpc_impl8internal16RpcMethodHandlerIN4grpc8channelz2v18Channelz7ServiceENS4_23GetServerSocketsRequestENS4_24GetServerSocketsResponseEEE + + _ZTVN9grpc_impl8internal23ClientCallbackUnaryImplE + + + +---------------diffs in grpc_libaddress_sorting.so.11.0.0_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +SONAME changed from 'libaddress_sorting.so.7' to 'libaddress_sorting.so.11' + + + +---------------diffs in grpc_libgpr.so.11.0.0_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 21 Removed, 16 Added function symbols not referenced by debug info + +Variable symbols changes summary: 0 Removed, 2 Added variable symbols not referenced by debug info + + + +SONAME changed from 'libgpr.so.7' to 'libgpr.so.11' + + + +21 Removed function symbols not referenced by debug info: + + + + _Z13gpr_mpscq_popP9gpr_mpscq + + _Z14gpr_mpscq_initP9gpr_mpscq + + _Z14gpr_mpscq_pushP9gpr_mpscqP14gpr_mpscq_node + + _Z14gpr_strvec_addP10gpr_strvecPc + + _Z15gpr_strvec_initP10gpr_strvec + + _Z17gpr_mpscq_destroyP9gpr_mpscq + + _Z18gpr_join_host_portPPcPKci + + _Z18gpr_strvec_destroyP10gpr_strvec + + _Z18gpr_strvec_flattenP10gpr_strvecPm + + _Z19gpr_format_timespec12gpr_timespec + + _Z19gpr_split_host_portPKcPPcS2_ + + _Z20gpr_locked_mpscq_popP16gpr_locked_mpscq + + _Z21gpr_locked_mpscq_initP16gpr_locked_mpscq + + _Z21gpr_locked_mpscq_pushP16gpr_locked_mpscqP14gpr_mpscq_node + + _Z24gpr_locked_mpscq_destroyP16gpr_locked_mpscq + + _Z24gpr_locked_mpscq_try_popP16gpr_locked_mpscq + + _Z27gpr_mpscq_pop_and_check_endP9gpr_mpscqPb + + _ZN9grpc_core4Fork15DecExecCtxCountEv + + _ZN9grpc_core4Fork15IncExecCtxCountEv + + gpr_get_allocation_functions + + gpr_set_allocation_functions + + + +16 Added function symbols not referenced by debug info: + + + + _Z12gpr_strincmpPKcS0_m + + _Z19gpr_format_timespecB5cxx1112gpr_timespec + + _Z21gpr_cycle_counter_subdd + + _Z21gpr_get_cycle_counterv + + _Z25gpr_cycle_counter_to_timed + + _ZN9grpc_core12JoinHostPortB5cxx11EN4absl14lts_2020_02_2511string_viewEi + + _ZN9grpc_core13SplitHostPortEN4absl14lts_2020_02_2511string_viewEPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_ + + _ZN9grpc_core13SplitHostPortEN4absl14lts_2020_02_2511string_viewEPS2_S3_ + + _ZN9grpc_core32MultiProducerSingleConsumerQueue14PopAndCheckEndEPb + + _ZN9grpc_core32MultiProducerSingleConsumerQueue3PopEv + + _ZN9grpc_core32MultiProducerSingleConsumerQueue4PushEPNS0_4NodeE + + _ZN9grpc_core38LockedMultiProducerSingleConsumerQueue3PopEv + + _ZN9grpc_core38LockedMultiProducerSingleConsumerQueue4PushEPNS_32MultiProducerSingleConsumerQueue4NodeE + + _ZN9grpc_core38LockedMultiProducerSingleConsumerQueue6TryPopEv + + _ZN9grpc_core4Fork17DoDecExecCtxCountEv + + _ZN9grpc_core4Fork17DoIncExecCtxCountEv + + + +2 Added variable symbols not referenced by debug info: + + + + _ZTIN9grpc_core8internal24ThreadInternalsInterfaceE + + _ZTSN9grpc_core8internal24ThreadInternalsInterfaceE + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/haveged_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/haveged_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..f43c7bccd6a36a26d9ea96bfa4d81b46e465251d --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/haveged_all_result.md @@ -0,0 +1,24 @@ +# Functions changed info + +---------------diffs in haveged_libhavege.so.2.0.0_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 0 Removed, 0 Changed, 1 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +SONAME changed from 'libhavege.so.1' to 'libhavege.so.2' + + + +1 Added function: + + + + 'function void havege_reparent(H_PTR)' {havege_reparent} + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libcap-ng_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libcap-ng_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..e77d9bedf45c661b77fe37c6f11330250dc8e2b8 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libcap-ng_all_result.md @@ -0,0 +1,18 @@ +# Functions changed info + +---------------diffs in libcap-ng_libcap-ng.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 1 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 Added function: + + + + 'function capng_results_t capng_have_permitted_capabilities()' {capng_have_permitted_capabilities} + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libcomps_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libcomps_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..ac0c842af1f6abd5994e2cdb9dd3d14fb1fe5ce3 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libcomps_all_result.md @@ -0,0 +1,16 @@ +# Functions changed info + +---------------diffs in libcomps_libcomps.so.0.1.10_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +SONAME changed from 'libcomps.so.0.1.6' to 'libcomps.so.0.1.10' + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libdnf_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libdnf_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..9ce7fc27a1d6decb5ec188d68309ef33e71bccd0 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libdnf_all_result.md @@ -0,0 +1,582 @@ +# Functions changed info + +---------------diffs in libdnf_libdnf.so.2_abidiff.out:---------------- + +Functions changes summary: 31 Removed (16 filtered out), 0 Changed, 0 Added functions + +Variables changes summary: 0 Removed (1 filtered out), 0 Changed, 0 Added variable + +Function symbols changes summary: 34 Removed, 132 Added function symbols not referenced by debug info + +Variable symbols changes summary: 36 Removed, 36 Added variable symbols not referenced by debug info + + + +31 Removed functions: + + + + 'method libdnf::DependencyContainer::DependencyContainer(DnfSack*, Queue)' {_ZN6libdnf19DependencyContainerC1EP8_DnfSack7s_Queue, aliases _ZN6libdnf19DependencyContainerC2EP8_DnfSack7s_Queue} + + 'method libdnf::File::OpenException::OpenException(const std::__cxx11::string&, const std::__cxx11::string&)' {_ZN6libdnf4File13OpenExceptionC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_, aliases _ZN6libdnf4File13OpenExceptionC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_} + + 'method libdnf::ModuleDefaultsContainer::ModuleDefaultsContainer()' {_ZN6libdnf23ModuleDefaultsContainerC1Ev, aliases _ZN6libdnf23ModuleDefaultsContainerC2Ev} + + 'method void libdnf::ModuleDefaultsContainer::fromString(const std::__cxx11::string&, int)' {_ZN6libdnf23ModuleDefaultsContainer10fromStringERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEi} + + 'method std::vector, std::allocator >, std::allocator, std::allocator > > > libdnf::ModuleDefaultsContainer::getDefaultProfiles(std::__cxx11::string&, std::__cxx11::string&)' {_ZN6libdnf23ModuleDefaultsContainer18getDefaultProfilesERNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_} + + 'method std::__cxx11::string libdnf::ModuleDefaultsContainer::getDefaultStreamFor(std::__cxx11::string)' {_ZN6libdnf23ModuleDefaultsContainer19getDefaultStreamForENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE} + + 'method std::map, std::allocator >, std::__cxx11::basic_string, std::allocator >, std::less, std::allocator > >, std::allocator, std::allocator >, std::__cxx11::basic_string, std::allocator > > > > libdnf::ModuleDefaultsContainer::getDefaultStreams()' {_ZN6libdnf23ModuleDefaultsContainer17getDefaultStreamsB5cxx11Ev} + + 'method void libdnf::ModuleDefaultsContainer::reportFailures(const GPtrArray*) const' {_ZNK6libdnf23ModuleDefaultsContainer14reportFailuresEPK10_GPtrArray} + + 'method void libdnf::ModuleDefaultsContainer::resolve()' {_ZN6libdnf23ModuleDefaultsContainer7resolveEv} + + 'method void libdnf::ModuleDefaultsContainer::saveDefaults(GPtrArray*, int)' {_ZN6libdnf23ModuleDefaultsContainer12saveDefaultsEP10_GPtrArrayi} + + 'method libdnf::ModuleDefaultsContainer::~ModuleDefaultsContainer(int)' {_ZN6libdnf23ModuleDefaultsContainerD2Ev, aliases _ZN6libdnf23ModuleDefaultsContainerD1Ev} + + 'method std::vector, std::allocator >, std::vector, std::allocator >, std::allocator, std::allocator > > >, std::less, std::allocator > >, std::allocator, std::allocator >, std::vector, std::allocator >, std::allocator, std::allocator > > > > > >, std::allocator, std::allocator >, std::vector, std::allocator >, std::allocator, std::allocator > > >, std::less, std::allocator > >, std::allocator, std::allocator >, std::vector, std::allocator >, std::allocator, std::allocator > > > > > > > > libdnf::ModuleDependencies::getRequirements(GHashTable*) const' {_ZNK6libdnf18ModuleDependencies15getRequirementsB5cxx11EP11_GHashTable} + + 'method std::map, std::allocator >, std::vector, std::allocator >, std::allocator, std::allocator > > >, std::less, std::allocator > >, std::allocator, std::allocator >, std::vector, std::allocator >, std::allocator, std::allocator > > > > > > libdnf::ModuleDependencies::wrapModuleDependencies(const char*, ModulemdSimpleSet*) const' {_ZNK6libdnf18ModuleDependencies22wrapModuleDependenciesB5cxx11EPKcP18_ModulemdSimpleSet} + + 'method libdnf::ModuleMetadata::ModuleMetadata(std::unique_ptr<_ModulemdModule, std::default_delete<_ModulemdModule> >&&)' {_ZN6libdnf14ModuleMetadataC2EOSt10unique_ptrI15_ModulemdModuleSt14default_deleteIS2_EE, aliases _ZN6libdnf14ModuleMetadataC1EOSt10unique_ptrI15_ModulemdModuleSt14default_deleteIS2_EE} + + 'method const char* libdnf::ModuleMetadata::getArchitecture() const' {_ZNK6libdnf14ModuleMetadata15getArchitectureEv} + + 'method std::vector, std::allocator >, std::allocator, std::allocator > > > libdnf::ModuleMetadata::getArtifacts() const' {_ZNK6libdnf14ModuleMetadata12getArtifactsB5cxx11Ev} + + 'method const char* libdnf::ModuleMetadata::getContext() const' {_ZNK6libdnf14ModuleMetadata10getContextEv} + + 'method std::vector > libdnf::ModuleMetadata::getDependencies() const' {_ZNK6libdnf14ModuleMetadata15getDependenciesEv} + + 'method std::__cxx11::string libdnf::ModuleMetadata::getDescription() const' {_ZNK6libdnf14ModuleMetadata14getDescriptionB5cxx11Ev} + + 'method const char* libdnf::ModuleMetadata::getName() const' {_ZNK6libdnf14ModuleMetadata7getNameEv} + + 'method std::vector > libdnf::ModuleMetadata::getProfiles(const std::__cxx11::string&) const' {_ZNK6libdnf14ModuleMetadata11getProfilesERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE} + + 'method const char* libdnf::ModuleMetadata::getStream() const' {_ZNK6libdnf14ModuleMetadata9getStreamEv} + + 'method std::__cxx11::string libdnf::ModuleMetadata::getSummary() const' {_ZNK6libdnf14ModuleMetadata10getSummaryB5cxx11Ev} + + 'method long long int libdnf::ModuleMetadata::getVersion() const' {_ZNK6libdnf14ModuleMetadata10getVersionEv} + + 'method std::__cxx11::string libdnf::ModuleMetadata::getYaml() const' {_ZNK6libdnf14ModuleMetadata7getYamlB5cxx11Ev} + + 'method std::vector > libdnf::ModuleMetadata::metadataFromString()' {_ZN6libdnf14ModuleMetadata18metadataFromStringERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE} + + 'method std::vector > libdnf::ModuleMetadata::wrapModulemdModule()' {_ZN6libdnf14ModuleMetadata18wrapModulemdModuleEP10_GPtrArray} + + 'method libdnf::ModuleMetadata::~ModuleMetadata(int)' {_ZN6libdnf14ModuleMetadataD1Ev, aliases _ZN6libdnf14ModuleMetadataD2Ev} + + 'method libdnf::ModulePackage::ModulePackage(DnfSack*, libdnf::LibsolvRepo*, libdnf::ModuleMetadata&&, const std::__cxx11::string&)' {_ZN6libdnf13ModulePackageC2EP8_DnfSackP6s_RepoONS_14ModuleMetadataERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN6libdnf13ModulePackageC1EP8_DnfSackP6s_RepoONS_14ModuleMetadataERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE} + + 'method std::unique_ptr<_LrHandle, std::default_delete<_LrHandle> > libdnf::Repo::Impl::lrHandleInitRemote(const char*, bool)' {_ZN6libdnf4Repo4Impl18lrHandleInitRemoteEPKcb} + + 'method int64_t libdnf::Swdb::beginTransaction(int64_t, std::__cxx11::string, std::__cxx11::string, uint32_t)' {_ZN6libdnf4Swdb16beginTransactionElNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_j} + + + +34 Removed function symbols not referenced by debug info: + + + + _ZN6libdnf23ModuleDefaultsContainer16ResolveExceptionD0Ev + + _ZN6libdnf23ModuleDefaultsContainer16ResolveExceptionD1Ev + + _ZN6libdnf23ModuleDefaultsContainer16ResolveExceptionD2Ev, aliases _ZN6libdnf23ModuleDefaultsContainer16ResolveExceptionD1Ev + + _ZN6libdnf23ModuleDefaultsContainer17ConflictExceptionD0Ev + + _ZN6libdnf23ModuleDefaultsContainer17ConflictExceptionD1Ev, aliases _ZN6libdnf23ModuleDefaultsContainer17ConflictExceptionD2Ev + + _ZN6libdnf23ModuleDefaultsContainer17ConflictExceptionD2Ev + + _ZN6libdnf23ModuleDefaultsContainer9ExceptionD0Ev + + _ZN6libdnf23ModuleDefaultsContainer9ExceptionD1Ev + + _ZN6libdnf23ModuleDefaultsContainer9ExceptionD2Ev, aliases _ZN6libdnf23ModuleDefaultsContainer9ExceptionD1Ev + + _ZN6libdnf4File11IOExceptionD0Ev + + _ZN6libdnf4File11IOExceptionD1Ev + + _ZN6libdnf4File11IOExceptionD2Ev, aliases _ZN6libdnf4File11IOExceptionD1Ev + + _ZN6libdnf4File13OpenExceptionD0Ev + + _ZN6libdnf4File13OpenExceptionD1Ev, aliases _ZN6libdnf4File13OpenExceptionD2Ev + + _ZN6libdnf4File13OpenExceptionD2Ev + + _ZN6libdnf4File14CloseExceptionD0Ev + + _ZN6libdnf4File14CloseExceptionD1Ev, aliases _ZN6libdnf4File14CloseExceptionD2Ev + + _ZN6libdnf4File14CloseExceptionD2Ev + + _ZN6libdnf4File18ShortReadExceptionD0Ev + + _ZN6libdnf4File18ShortReadExceptionD1Ev + + _ZN6libdnf4File18ShortReadExceptionD2Ev, aliases _ZN6libdnf4File18ShortReadExceptionD1Ev + + _ZN6libdnf4Goal9ExceptionD0Ev + + _ZN6libdnf4Goal9ExceptionD1Ev + + _ZN6libdnf4Goal9ExceptionD2Ev, aliases _ZN6libdnf4Goal9ExceptionD1Ev + + _ZN7SQLite312LibExceptionD0Ev + + _ZN7SQLite312LibExceptionD1Ev + + _ZN7SQLite312LibExceptionD2Ev, aliases _ZN7SQLite312LibExceptionD1Ev + + _ZN7SQLite39ExceptionD0Ev + + _ZN7SQLite39ExceptionD1Ev + + _ZN7SQLite39ExceptionD2Ev, aliases _ZN7SQLite39ExceptionD1Ev + + _ZNSt4pairIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt6vectorIS5_SaIS5_EEED1Ev, aliases _ZNSt4pairIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt6vectorIS5_SaIS5_EEED2Ev + + _ZNSt4pairIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt6vectorIS5_SaIS5_EEED2Ev + + _ZNSt5arrayIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEELm1EED1Ev + + _ZNSt5arrayIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEELm1EED2Ev, aliases _ZNSt5arrayIKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEELm1EED1Ev + + + +132 Added function symbols not referenced by debug info: + + + + [A] _ZN10tinyformat6detail21parseWidthOrPrecisionERiRPKcbPKNS0_9FormatArgES1_i + + [A] _ZN6libdnf11TransactionD0Ev + + [A] _ZN6libdnf11Transformer13migrateSchemaESt10shared_ptrI7SQLite3E + + [A] _ZN6libdnf12swdb_private11TransactionD0Ev + + [A] _ZN6libdnf12swdb_private11TransactionD1Ev + + [A] _ZN6libdnf12swdb_private11TransactionD2Ev, aliases _ZN6libdnf12swdb_private11TransactionD1Ev + + [A] _ZN6libdnf13ModulePackageC1EP8_DnfSackP6s_RepoP21_ModulemdModuleStreamRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN6libdnf13ModulePackageC2EP8_DnfSackP6s_RepoP21_ModulemdModuleStreamRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN6libdnf13ModulePackageC1EP8_DnfSackP6s_RepoP21_ModulemdModuleStreamRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN6libdnf14ModuleMetadata17getDefaultStreamsB5cxx11Ev + + [A] _ZN6libdnf14ModuleMetadata18getDefaultProfilesENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ + + [A] _ZN6libdnf14ModuleMetadata20getAllModulePackagesEP8_DnfSackP6s_RepoRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN6libdnf14ModuleMetadata20resolveAddedMetadataEv + + [A] _ZN6libdnf14ModuleMetadata21addMetadataFromStringERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEi + + [A] _ZN6libdnf14ModuleMetadataC1Ev + + [A] _ZN6libdnf14ModuleMetadataC2Ev, aliases _ZN6libdnf14ModuleMetadataC1Ev + + [A] _ZN6libdnf19DependencyContainerC1EP8_DnfSackO7s_Queue + + [A] _ZN6libdnf19DependencyContainerC1EP8_DnfSackRK7s_Queue + + [A] _ZN6libdnf19DependencyContainerC2EP8_DnfSackO7s_Queue, aliases _ZN6libdnf19DependencyContainerC1EP8_DnfSackO7s_Queue + + [A] _ZN6libdnf19DependencyContainerC2EP8_DnfSackRK7s_Queue, aliases _ZN6libdnf19DependencyContainerC1EP8_DnfSackRK7s_Queue + + [A] _ZN6libdnf21pathExistsOrExceptionERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN6libdnf22ModulePackageContainer16ResolveExceptionD0Ev + + [A] _ZN6libdnf22ModulePackageContainer16ResolveExceptionD1Ev + + [A] _ZN6libdnf22ModulePackageContainer16ResolveExceptionD2Ev, aliases _ZN6libdnf22ModulePackageContainer16ResolveExceptionD1Ev + + [A] _ZN6libdnf22ModulePackageContainer17ConflictExceptionD0Ev + + [A] _ZN6libdnf22ModulePackageContainer17ConflictExceptionD1Ev, aliases _ZN6libdnf22ModulePackageContainer17ConflictExceptionD2Ev + + [A] _ZN6libdnf22ModulePackageContainer17ConflictExceptionD2Ev + + [A] _ZN6libdnf22TransformerTransactionD0Ev + + [A] _ZN6libdnf22TransformerTransactionD1Ev + + [A] _ZN6libdnf22TransformerTransactionD2Ev, aliases _ZN6libdnf22TransformerTransactionD1Ev + + [A] _ZN6libdnf4File10CloseErrorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN6libdnf4File10CloseErrorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN6libdnf4File10CloseErrorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN6libdnf4File10CloseErrorD0Ev + + [A] _ZN6libdnf4File10CloseErrorD1Ev, aliases _ZN6libdnf4File10CloseErrorD2Ev + + [A] _ZN6libdnf4File10CloseErrorD2Ev + + [A] _ZN6libdnf4File7IOErrorD0Ev + + [A] _ZN6libdnf4File7IOErrorD1Ev, aliases _ZN6libdnf4File7IOErrorD2Ev + + [A] _ZN6libdnf4File7IOErrorD2Ev + + [A] _ZN6libdnf4File9OpenErrorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_ + + [A] _ZN6libdnf4File9OpenErrorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_, aliases _ZN6libdnf4File9OpenErrorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_ + + [A] _ZN6libdnf4File9OpenErrorD0Ev + + [A] _ZN6libdnf4File9OpenErrorD1Ev + + [A] _ZN6libdnf4File9OpenErrorD2Ev, aliases _ZN6libdnf4File9OpenErrorD1Ev + + [A] _ZN6libdnf4File9ReadErrorD0Ev + + [A] _ZN6libdnf4File9ReadErrorD1Ev, aliases _ZN6libdnf4File9ReadErrorD2Ev + + [A] _ZN6libdnf4File9ReadErrorD2Ev + + [A] _ZN6libdnf4Goal26set_protect_running_kernelEb + + [A] _ZN6libdnf4Goal4Impl22protectedRunningKernelEv + + [A] _ZN6libdnf4Goal5ErrorC1EPKci, aliases _ZN6libdnf4Goal5ErrorC2EPKci + + [A] _ZN6libdnf4Goal5ErrorC2EPKci + + [A] _ZN6libdnf4Goal5ErrorD0Ev + + [A] _ZN6libdnf4Goal5ErrorD1Ev, aliases _ZN6libdnf4Goal5ErrorD2Ev + + [A] _ZN6libdnf4Goal5ErrorD2Ev + + [A] _ZN6libdnf4Goal5favorEP11_DnfPackage + + [A] _ZN6libdnf4Goal8disfavorEP11_DnfPackage + + [A] _ZN6libdnf4Repo4Impl18lrHandleInitRemoteEPKc + + [A] _ZN6libdnf4Swdb16beginTransactionElNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_jS6_ + + [A] _ZN6libdnf5ErrorD0Ev + + [A] _ZN6libdnf5ErrorD1Ev + + [A] _ZN6libdnf5ErrorD2Ev, aliases _ZN6libdnf5ErrorD1Ev + + [A] _ZN6libdnf5Query4Impl17filterDepSolvableERKNS_6FilterEP5s_Map + + [A] _ZN6libdnf5Query4Impl19obsoletesByPriorityEP6s_PoolP10s_SolvableP5s_MapPKS6_i + + [A] _ZN6libdnf5Query4Impl22filterUpdownByPriorityERKNS_6FilterEP5s_Map + + [A] _ZN6libdnf5Query4Impl25filterObsoletesByPriorityERKNS_6FilterEP5s_Map + + [A] _ZN6libdnf9ExceptionD0Ev + + [A] _ZN6libdnf9ExceptionD1Ev, aliases _ZN6libdnf9ExceptionD2Ev + + [A] _ZN6libdnf9ExceptionD2Ev + + [A] _ZN6libdnf9RepoErrorD0Ev + + [A] _ZN6libdnf9RepoErrorD1Ev + + [A] _ZN6libdnf9RepoErrorD2Ev, aliases _ZN6libdnf9RepoErrorD1Ev + + [A] _ZN6libdnf9urlEncodeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_ + + [A] _ZN7SQLite35ErrorC1ERKS_iRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN7SQLite35ErrorC2ERKS_iRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN7SQLite35ErrorC1ERKS_iRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN7SQLite35ErrorD0Ev + + [A] _ZN7SQLite35ErrorD1Ev, aliases _ZN7SQLite35ErrorD2Ev + + [A] _ZN7SQLite35ErrorD2Ev + + [A] _ZN7SQLite39Statement5ErrorC1ERS0_iRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN7SQLite39Statement5ErrorC2ERS0_iRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE, aliases _ZN7SQLite39Statement5ErrorC1ERS0_iRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + + [A] _ZN7SQLite39Statement5ErrorD0Ev + + [A] _ZN7SQLite39Statement5ErrorD1Ev, aliases _ZN7SQLite39Statement5ErrorD2Ev + + [A] _ZN7SQLite39Statement5ErrorD2Ev + + [A] _ZNK6libdnf13ModulePackage7getYamlB5cxx11Ev + + [A] _ZNK6libdnf17MergedTransaction12listCommentsB5cxx11Ev + + [A] _ZNK6libdnf4Goal26get_protect_running_kernelEv + + [A] _ZNKSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE4findERKS5_ + + [A] _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_SaIS5_ENSt8__detail9_IdentityESt8equal_toIS5_ESt4hashIS5_ENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb1ELb1ELb1EEEE10_M_emplaceIJS5_EEESt4pairINS7_14_Node_iteratorIS5_Lb1ELb1EEEbESt17integral_constantIbLb1EEDpOT_ + + [A] _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_SaIS5_ENSt8__detail9_IdentityESt8equal_toIS5_ESt4hashIS5_ENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb1ELb1ELb1EEEE9_M_rehashEmRKm + + [A] _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_SaIS5_ENSt8__detail9_IdentityESt8equal_toIS5_ESt4hashIS5_ENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb1ELb1ELb1EEEED1Ev, aliases _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_SaIS5_ENSt8__detail9_IdentityESt8equal_toIS5_ESt4hashIS5_ENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb1ELb1ELb1EEEED2Ev + + [A] _ZNSt10_HashtableINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_SaIS5_ENSt8__detail9_IdentityESt8equal_toIS5_ESt4hashIS5_ENS7_18_Mod_range_hashingENS7_20_Default_ranged_hashENS7_20_Prime_rehash_policyENS7_17_Hashtable_traitsILb1ELb1ELb1EEEED2Ev + + [A] _ZNSt10unique_ptrIN6libdnf5NevraESt14default_deleteIS1_EED1Ev, aliases _ZNSt10unique_ptrIN6libdnf5NevraESt14default_deleteIS1_EED2Ev + + [A] _ZNSt10unique_ptrIN6libdnf5NevraESt14default_deleteIS1_EED2Ev + + [A] _ZNSt10unique_ptrINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt14default_deleteIS5_EED1Ev, aliases _ZNSt10unique_ptrINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt14default_deleteIS5_EED2Ev + + [A] _ZNSt10unique_ptrINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt14default_deleteIS5_EED2Ev + + [A] _ZNSt12__shared_ptrI7SQLite3LN9__gnu_cxx12_Lock_policyE2EEC1ERKS3_ + + [A] _ZNSt12__shared_ptrI7SQLite3LN9__gnu_cxx12_Lock_policyE2EEC1ISaIS0_EJRA9_KcEEESt19_Sp_make_shared_tagRKT_DpOT0_ + + [A] _ZNSt12__shared_ptrI7SQLite3LN9__gnu_cxx12_Lock_policyE2EEC2ERKS3_, aliases _ZNSt12__shared_ptrI7SQLite3LN9__gnu_cxx12_Lock_policyE2EEC1ERKS3_ + + [A] _ZNSt12__shared_ptrI7SQLite3LN9__gnu_cxx12_Lock_policyE2EEC2ISaIS0_EJRA9_KcEEESt19_Sp_make_shared_tagRKT_DpOT0_, aliases _ZNSt12__shared_ptrI7SQLite3LN9__gnu_cxx12_Lock_policyE2EEC1ISaIS0_EJRA9_KcEEESt19_Sp_make_shared_tagRKT_DpOT0_ + + [A] _ZNSt3setINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4lessIS5_ESaIS5_EED1Ev, aliases _ZNSt3setINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4lessIS5_ESaIS5_EED2Ev + + [A] _ZNSt3setINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt4lessIS5_ESaIS5_EED2Ev + + [A] _ZNSt6vectorIN6libdnf7Plugins14PluginWithDataESaIS2_EE17_M_realloc_insertIJS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [A] _ZNSt6vectorIP10s_SolvableSaIS1_EE17_M_realloc_insertIJRKS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_ + + [A] _ZNSt6vectorIP10s_SolvableSaIS1_EE7reserveEm + + [A] _ZNSt6vectorIPN6libdnf13ModulePackageESaIS2_EE17_M_realloc_insertIJS2_EEEvN9__gnu_cxx17__normal_iteratorIPS2_S4_EEDpOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE16_M_insert_uniqueIRKS5_EESt4pairISt17_Rb_tree_iteratorIS5_EbEOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE16_M_insert_uniqueIS5_EESt4pairISt17_Rb_tree_iteratorIS5_EbEOT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE24_M_get_insert_unique_posERKS5_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EE7_M_copyINSB_20_Reuse_or_alloc_nodeEEEPSt13_Rb_tree_nodeIS5_EPKSF_PSt18_Rb_tree_node_baseRT_ + + [A] _ZNSt8_Rb_treeINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES5_St9_IdentityIS5_ESt4lessIS5_ESaIS5_EEaSERKSB_ + + [A] _ZSt22__final_insertion_sortIN9__gnu_cxx17__normal_iteratorIPP10s_SolvableSt6vectorIS3_SaIS3_EEEENS0_5__ops15_Iter_comp_iterIPFbPKS2_SC_EEEEvT_SG_T0_ + + [A] _ZSt9__find_ifIN9__gnu_cxx17__normal_iteratorIPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt6vectorIS7_SaIS7_EEEENS0_5__ops16_Iter_equals_valIA4_KcEEET_SJ_SJ_T0_St26random_access_iterator_tag + + [A] _ZSt9__find_ifIN9__gnu_cxx17__normal_iteratorIPKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt6vectorIS7_SaIS7_EEEENS0_5__ops16_Iter_equals_valIA5_KcEEET_SJ_SJ_T0_St26random_access_iterator_tag + + [A] dnf_context_disable_plugins + + [A] dnf_context_enable_plugins + + [A] dnf_context_get_config_file_path + + [A] dnf_context_get_disabled_plugins + + [A] dnf_context_get_enabled_plugins + + [A] dnf_context_get_install_weak_deps + + [A] dnf_context_get_plugins_all_disabled + + [A] dnf_context_get_repos_dir + + [A] dnf_context_is_set_config_file_path + + [A] dnf_context_reset_all_modules + + [A] dnf_context_set_config_file_path + + [A] dnf_context_set_install_weak_deps + + [A] dnf_context_set_plugins_all_disabled + + [A] dnf_context_set_repos_dir + + [A] dnf_package_get_prereq_ignoreinst + + [A] dnf_package_get_regular_requires + + [A] dnf_package_is_local + + [A] dnf_repo_set_skip_if_unavailable + + [A] dnf_transaction_set_dont_solve_goal + + [A] hy_goal_disfavor + + [A] hy_goal_favor + + [A] hy_nevra_free + + + +36 Removed variable symbols not referenced by debug info: + + + + _ZTIN6libdnf23ModuleDefaultsContainer16ResolveExceptionE + + _ZTIN6libdnf23ModuleDefaultsContainer17ConflictExceptionE + + _ZTIN6libdnf23ModuleDefaultsContainer9ExceptionE + + _ZTIN6libdnf4File11IOExceptionE + + _ZTIN6libdnf4File13OpenExceptionE + + _ZTIN6libdnf4File14CloseExceptionE + + _ZTIN6libdnf4File18ShortReadExceptionE + + _ZTIN6libdnf4Goal9ExceptionE + + _ZTIN7SQLite312LibExceptionE + + _ZTIN7SQLite39ExceptionE + + _ZTISt23_Sp_counted_ptr_inplaceIN6libdnf14CompressedFileESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + _ZTISt23_Sp_counted_ptr_inplaceIN6libdnf4FileESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + _ZTSN6libdnf23ModuleDefaultsContainer16ResolveExceptionE + + _ZTSN6libdnf23ModuleDefaultsContainer17ConflictExceptionE + + _ZTSN6libdnf23ModuleDefaultsContainer9ExceptionE + + _ZTSN6libdnf4File11IOExceptionE + + _ZTSN6libdnf4File13OpenExceptionE + + _ZTSN6libdnf4File14CloseExceptionE + + _ZTSN6libdnf4File18ShortReadExceptionE + + _ZTSN6libdnf4Goal9ExceptionE + + _ZTSN7SQLite312LibExceptionE + + _ZTSN7SQLite39ExceptionE + + _ZTSSt23_Sp_counted_ptr_inplaceIN6libdnf14CompressedFileESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + _ZTSSt23_Sp_counted_ptr_inplaceIN6libdnf4FileESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + _ZTVN6libdnf23ModuleDefaultsContainer16ResolveExceptionE + + _ZTVN6libdnf23ModuleDefaultsContainer17ConflictExceptionE + + _ZTVN6libdnf23ModuleDefaultsContainer9ExceptionE + + _ZTVN6libdnf4File11IOExceptionE + + _ZTVN6libdnf4File13OpenExceptionE + + _ZTVN6libdnf4File14CloseExceptionE + + _ZTVN6libdnf4File18ShortReadExceptionE + + _ZTVN6libdnf4Goal9ExceptionE + + _ZTVN7SQLite312LibExceptionE + + _ZTVN7SQLite39ExceptionE + + _ZTVSt23_Sp_counted_ptr_inplaceIN6libdnf14CompressedFileESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + _ZTVSt23_Sp_counted_ptr_inplaceIN6libdnf4FileESaIS1_ELN9__gnu_cxx12_Lock_policyE2EE + + + +36 Added variable symbols not referenced by debug info: + + + + _ZTIN6libdnf22ModulePackageContainer16ResolveExceptionE + + _ZTIN6libdnf22ModulePackageContainer17ConflictExceptionE + + _ZTIN6libdnf4File10CloseErrorE + + _ZTIN6libdnf4File7IOErrorE + + _ZTIN6libdnf4File9OpenErrorE + + _ZTIN6libdnf4File9ReadErrorE + + _ZTIN6libdnf4Goal5ErrorE + + _ZTIN6libdnf5ErrorE + + _ZTIN6libdnf9ExceptionE + + _ZTIN6libdnf9RepoErrorE + + _ZTIN7SQLite35ErrorE + + _ZTIN7SQLite39Statement5ErrorE + + _ZTSN6libdnf22ModulePackageContainer16ResolveExceptionE + + _ZTSN6libdnf22ModulePackageContainer17ConflictExceptionE + + _ZTSN6libdnf4File10CloseErrorE + + _ZTSN6libdnf4File7IOErrorE + + _ZTSN6libdnf4File9OpenErrorE + + _ZTSN6libdnf4File9ReadErrorE + + _ZTSN6libdnf4Goal5ErrorE + + _ZTSN6libdnf5ErrorE + + _ZTSN6libdnf9ExceptionE + + _ZTSN6libdnf9RepoErrorE + + _ZTSN7SQLite35ErrorE + + _ZTSN7SQLite39Statement5ErrorE + + _ZTVN6libdnf22ModulePackageContainer16ResolveExceptionE + + _ZTVN6libdnf22ModulePackageContainer17ConflictExceptionE + + _ZTVN6libdnf4File10CloseErrorE + + _ZTVN6libdnf4File7IOErrorE + + _ZTVN6libdnf4File9OpenErrorE + + _ZTVN6libdnf4File9ReadErrorE + + _ZTVN6libdnf4Goal5ErrorE + + _ZTVN6libdnf5ErrorE + + _ZTVN6libdnf9ExceptionE + + _ZTVN6libdnf9RepoErrorE + + _ZTVN7SQLite35ErrorE + + _ZTVN7SQLite39Statement5ErrorE + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libdrm_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libdrm_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..1683b72fbc4e428f21ec0773ea4e537928a5f0e1 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libdrm_all_result.md @@ -0,0 +1,694 @@ +# Functions changed info + +---------------diffs in libdrm_libdrm.so.2.4.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 8 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +8 Added functions: + + + + 'function int drmIsMaster(int)' {drmIsMaster} + + 'function void drmModeFreeFB2(drmModeFB2Ptr)' {drmModeFreeFB2} + + 'function drmModeFB2Ptr drmModeGetFB2(int, uint32_t)' {drmModeGetFB2} + + 'function int drmSyncobjQuery(int, uint32_t*, uint64_t*, uint32_t)' {drmSyncobjQuery} + + 'function int drmSyncobjQuery2(int, uint32_t*, uint64_t*, uint32_t, uint32_t)' {drmSyncobjQuery2} + + 'function int drmSyncobjTimelineSignal(int, const uint32_t*, uint64_t*, uint32_t)' {drmSyncobjTimelineSignal} + + 'function int drmSyncobjTimelineWait(int, uint32_t*, uint64_t*, unsigned int, int64_t, unsigned int, uint32_t*)' {drmSyncobjTimelineWait} + + 'function int drmSyncobjTransfer(int, uint32_t, uint64_t, uint32_t, uint64_t, uint32_t)' {drmSyncobjTransfer} + + + +---------------diffs in libdrm_libdrm_exynos.so.1.0.0_abidiff.out:---------------- + +---------------diffs in libdrm_libdrm_nouveau.so.2.0.0_abidiff.out:---------------- + +---------------diffs in libdrm_libdrm_amdgpu.so.1.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 35 Changed (27 filtered out), 12 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +12 Added functions: + + + + 'function int amdgpu_bo_list_create_raw(amdgpu_device_handle, uint32_t, drm_amdgpu_bo_list_entry*, uint32_t*)' {amdgpu_bo_list_create_raw} + + 'function int amdgpu_bo_list_destroy_raw(amdgpu_device_handle, uint32_t)' {amdgpu_bo_list_destroy_raw} + + 'function int amdgpu_cs_ctx_override_priority(amdgpu_device_handle, amdgpu_context_handle, int, unsigned int)' {amdgpu_cs_ctx_override_priority} + + 'function int amdgpu_cs_query_reset_state2(amdgpu_context_handle, uint64_t*)' {amdgpu_cs_query_reset_state2} + + 'function int amdgpu_cs_submit_raw2(amdgpu_device_handle, amdgpu_context_handle, uint32_t, int, drm_amdgpu_cs_chunk*, uint64_t*)' {amdgpu_cs_submit_raw2} + + 'function int amdgpu_cs_syncobj_export_sync_file2(amdgpu_device_handle, uint32_t, uint64_t, uint32_t, int*)' {amdgpu_cs_syncobj_export_sync_file2} + + 'function int amdgpu_cs_syncobj_import_sync_file2(amdgpu_device_handle, uint32_t, uint64_t, int)' {amdgpu_cs_syncobj_import_sync_file2} + + 'function int amdgpu_cs_syncobj_query(amdgpu_device_handle, uint32_t*, uint64_t*, unsigned int)' {amdgpu_cs_syncobj_query} + + 'function int amdgpu_cs_syncobj_query2(amdgpu_device_handle, uint32_t*, uint64_t*, unsigned int, uint32_t)' {amdgpu_cs_syncobj_query2} + + 'function int amdgpu_cs_syncobj_timeline_signal(amdgpu_device_handle, const uint32_t*, uint64_t*, uint32_t)' {amdgpu_cs_syncobj_timeline_signal} + + 'function int amdgpu_cs_syncobj_timeline_wait(amdgpu_device_handle, uint32_t*, uint64_t*, unsigned int, int64_t, unsigned int, uint32_t*)' {amdgpu_cs_syncobj_timeline_wait} + + 'function int amdgpu_cs_syncobj_transfer(amdgpu_device_handle, uint32_t, uint64_t, uint32_t, uint64_t, uint32_t)' {amdgpu_cs_syncobj_transfer} + + + +35 functions with some indirect sub-type change: + + + + [C]'function int amdgpu_bo_alloc(amdgpu_device_handle, amdgpu_bo_alloc_request*, amdgpu_bo_handle*)' at amdgpu_bo.c:78:1 has some indirect sub-type changes: + + parameter 3 of type 'amdgpu_bo_handle*' has sub-type changes: + + in pointed to type 'typedef amdgpu_bo_handle' at amdgpu.h:129:1: + + underlying type 'amdgpu_bo*' changed: + + in pointed to type 'struct amdgpu_bo' at amdgpu_internal.h:94:1: + + type size hasn't changed + + 2 data member changes: + + type of 'amdgpu_device* amdgpu_bo::dev' changed: + + in pointed to type 'struct amdgpu_device' at amdgpu_internal.h:67:1: + + type size changed from 9664 to 9792 (in bits) + + 6 data member changes (1 filtered): + + type of 'drm_amdgpu_info_device amdgpu_device::dev_info' changed: + + type size changed from 2816 to 2944 (in bits) + + 2 data member insertions: + + '__u32 drm_amdgpu_info_device::pa_sc_tile_steering_override', at offset 2816 (in bits) at amdgpu_drm.h:1005:1 + + '__u64 drm_amdgpu_info_device::tcc_disabled_mask', at offset 2880 (in bits) at amdgpu_drm.h:1007:1 + + + + 'amdgpu_gpu_info amdgpu_device::info' offset changed from 3776 to 3904 (in bits) (by +128 bits) + + 'amdgpu_bo_va_mgr amdgpu_device::vamgr' offset changed from 7104 to 7232 (in bits) (by +128 bits) + + 'amdgpu_bo_va_mgr amdgpu_device::vamgr_32' offset changed from 7744 to 7872 (in bits) (by +128 bits) + + 'amdgpu_bo_va_mgr amdgpu_device::vamgr_high' offset changed from 8384 to 8512 (in bits) (by +128 bits) + + 'amdgpu_bo_va_mgr amdgpu_device::vamgr_high_32' offset changed from 9024 to 9152 (in bits) (by +128 bits) + + + + type of 'int amdgpu_bo::cpu_map_count' changed: + + entity changed from 'int' to compatible type 'typedef int64_t' at stdint-intn.h:27:1 + + type name changed from 'int' to 'long int' + + type size changed from 32 to 64 (in bits) + + + + + + [C]'function int amdgpu_bo_import(amdgpu_device_handle, amdgpu_bo_handle_type, uint32_t, amdgpu_bo_import_result*)' at amdgpu_bo.c:256:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_bo_list_create(amdgpu_device_handle, uint32_t, amdgpu_bo_handle*, uint8_t*, amdgpu_bo_list_handle*)' at amdgpu_bo.c:642:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + parameter 5 of type 'amdgpu_bo_list_handle*' has sub-type changes: + + in pointed to type 'typedef amdgpu_bo_list_handle' at amdgpu.h:134:1: + + underlying type 'amdgpu_bo_list*' changed: + + in pointed to type 'struct amdgpu_bo_list' at amdgpu_internal.h:108:1: + + type size hasn't changed + + 1 data member change: + + type of 'amdgpu_device* amdgpu_bo_list::dev' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + + + [C]'function int amdgpu_bo_va_op_raw(amdgpu_device_handle, amdgpu_bo_handle, uint64_t, uint64_t, uint64_t, uint64_t, uint32_t)' at amdgpu_bo.c:773:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_create_bo_from_user_mem(amdgpu_device_handle, void*, uint64_t, amdgpu_bo_handle*)' at amdgpu_bo.c:580:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function void amdgpu_cs_chunk_fence_to_dep(amdgpu_cs_fence*, drm_amdgpu_cs_chunk_dep*)' at amdgpu_cs.c:919:1 has some indirect sub-type changes: + + parameter 1 of type 'amdgpu_cs_fence*' has sub-type changes: + + in pointed to type 'struct amdgpu_cs_fence' at amdgpu.h:270:1: + + type size hasn't changed + + 1 data member change: + + type of 'amdgpu_context_handle amdgpu_cs_fence::context' changed: + + underlying type 'amdgpu_context*' changed: + + in pointed to type 'struct amdgpu_context' at amdgpu_internal.h:114:1: + + type size hasn't changed + + 1 data member change: + + type of 'amdgpu_device* amdgpu_context::dev' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + + + + + [C]'function int amdgpu_cs_create_syncobj(amdgpu_device_handle, uint32_t*)' at amdgpu_cs.c:648:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_create_syncobj2(amdgpu_device_handle, uint32_t, uint32_t*)' at amdgpu_cs.c:638:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_ctx_create(amdgpu_device_handle, amdgpu_context_handle*)' at amdgpu_cs.c:97:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_ctx_create2(amdgpu_device_handle, uint32_t, amdgpu_context_handle*)' at amdgpu_cs.c:51:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_destroy_syncobj(amdgpu_device_handle, uint32_t)' at amdgpu_cs.c:657:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_export_syncobj(amdgpu_device_handle, uint32_t, int*)' at amdgpu_cs.c:743:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_fence_to_handle(amdgpu_device_handle, amdgpu_cs_fence*, uint32_t, uint32_t*)' at amdgpu_cs.c:929:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_import_syncobj(amdgpu_device_handle, int, uint32_t*)' at amdgpu_cs.c:753:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_submit_raw(amdgpu_device_handle, amdgpu_context_handle, amdgpu_bo_list_handle, int, drm_amdgpu_cs_chunk*, uint64_t*)' at amdgpu_cs.c:855:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_syncobj_import_sync_file(amdgpu_device_handle, uint32_t, int)' at amdgpu_cs.c:773:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_syncobj_reset(amdgpu_device_handle, const uint32_t*, uint32_t)' at amdgpu_cs.c:666:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_cs_syncobj_wait(amdgpu_device_handle, uint32_t*, unsigned int, int64_t, unsigned int, uint32_t*)' at amdgpu_cs.c:698:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_device_deinitialize(amdgpu_device_handle)' at amdgpu_device.c:282:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_device_initialize(int, uint32_t*, uint32_t*, amdgpu_device_handle*)' at amdgpu_device.c:143:1 has some indirect sub-type changes: + + parameter 4 of type 'amdgpu_device_handle*' has sub-type changes: + + pointed to type 'typedef amdgpu_device_handle' changed at amdgpu.h:116:1, as reported earlier + + + + [C]'function int amdgpu_find_bo_by_cpu_mapping(amdgpu_device_handle, void*, uint64_t, amdgpu_bo_handle*, uint64_t*)' at amdgpu_bo.c:538:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function const char* amdgpu_get_marketing_name(amdgpu_device_handle)' at amdgpu_device.c:288:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_query_buffer_size_alignment(amdgpu_device_handle, amdgpu_buffer_size_alignments*)' at amdgpu_bo.c:507:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_query_crtc_from_id(amdgpu_device_handle, unsigned int, int32_t*)' at amdgpu_gpu_info.c:47:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_query_firmware_version(amdgpu_device_handle, unsigned int, unsigned int, unsigned int, uint32_t*, uint32_t*)' at amdgpu_gpu_info.c:114:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_query_gds_info(amdgpu_device_handle, amdgpu_gds_resource_info*)' at amdgpu_gpu_info.c:295:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_query_gpu_info(amdgpu_device_handle, amdgpu_gpu_info*)' at amdgpu_gpu_info.c:231:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_query_heap_info(amdgpu_device_handle, uint32_t, uint32_t, amdgpu_heap_info*)' at amdgpu_gpu_info.c:243:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_query_hw_ip_count(amdgpu_device_handle, unsigned int, uint32_t*)' at amdgpu_gpu_info.c:81:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_query_hw_ip_info(amdgpu_device_handle, unsigned int, unsigned int, drm_amdgpu_info_hw_ip*)' at amdgpu_gpu_info.c:97:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_query_info(amdgpu_device_handle, unsigned int, unsigned int, void*)' at amdgpu_gpu_info.c:33:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_query_sw_info(amdgpu_device_handle, amdgpu_sw_info, void*)' at amdgpu_device.c:293:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_read_mm_registers(amdgpu_device_handle, unsigned int, unsigned int, uint32_t, uint32_t, uint32_t*)' at amdgpu_gpu_info.c:62:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + [C]'function int amdgpu_va_range_alloc(amdgpu_device_handle, amdgpu_gpu_va_range, uint64_t, uint64_t, uint64_t, uint64_t*, amdgpu_va_handle*, uint64_t)' at amdgpu_vamgr.c:189:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + parameter 7 of type 'amdgpu_va_handle*' has sub-type changes: + + in pointed to type 'typedef amdgpu_va_handle' at amdgpu.h:139:1: + + underlying type 'amdgpu_va*' changed: + + in pointed to type 'struct amdgpu_va' at amdgpu_internal.h:59:1: + + type size hasn't changed + + 1 data member change: + + type of 'amdgpu_device_handle amdgpu_va::dev' changed: + + details were reported earlier + + + + + + [C]'function int amdgpu_va_range_query(amdgpu_device_handle, amdgpu_gpu_va_range, uint64_t*, uint64_t*)' at amdgpu_vamgr.c:32:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef amdgpu_device_handle' has sub-type changes: + + underlying type 'amdgpu_device*' changed: + + pointed to type 'struct amdgpu_device' changed at amdgpu_internal.h:67:1, as reported earlier + + + + + +---------------diffs in libdrm_libdrm_etnaviv.so.1.0.0_abidiff.out:---------------- + +---------------diffs in libdrm_libkms.so.1.0.0_abidiff.out:---------------- + +---------------diffs in libdrm_libdrm_tegra.so.0.0.0_abidiff.out:---------------- + +---------------diffs in libdrm_libdrm_radeon.so.1.0.1_abidiff.out:---------------- + +---------------diffs in libdrm_libdrm_freedreno.so.1.0.0_abidiff.out:---------------- + +Functions changes summary: 6 Removed, 1 Changed (42 filtered out), 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +6 Removed functions: + + + + 'function void fd_ringbuffer_emit_reloc_ring(fd_ringbuffer*, fd_ringmarker*, fd_ringmarker*)' {fd_ringbuffer_emit_reloc_ring} + + 'function void fd_ringmarker_del(fd_ringmarker*)' {fd_ringmarker_del} + + 'function uint32_t fd_ringmarker_dwords(fd_ringmarker*, fd_ringmarker*)' {fd_ringmarker_dwords} + + 'function int fd_ringmarker_flush(fd_ringmarker*)' {fd_ringmarker_flush} + + 'function void fd_ringmarker_mark(fd_ringmarker*)' {fd_ringmarker_mark} + + 'function fd_ringmarker* fd_ringmarker_new(fd_ringbuffer*)' {fd_ringmarker_new} + + + +2 Added functions: + + + + 'function fd_ringbuffer* fd_ringbuffer_new_flags(fd_pipe*, uint32_t, fd_ringbuffer_flags)' {fd_ringbuffer_new_flags} + + 'function fd_ringbuffer* fd_ringbuffer_ref(fd_ringbuffer*)' {fd_ringbuffer_ref} + + + +1 function with some indirect sub-type change: + + + + [C]'function void fd_bo_cpu_fini(fd_bo*)' at freedreno_bo.c:355:1 has some indirect sub-type changes: + + parameter 1 of type 'fd_bo*' has sub-type changes: + + in pointed to type 'struct fd_bo' at freedreno_priv.h:157:1: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'fd_device* fd_bo::dev' changed: + + in pointed to type 'struct fd_device' at freedreno_priv.h:82:1: + + type size hasn't changed + + 1 data member change: + + type of 'const fd_device_funcs* fd_device::funcs' changed: + + in pointed to type 'const fd_device_funcs': + + in unqualified underlying type 'struct fd_device_funcs' at freedreno_priv.h:61:1: + + type size hasn't changed + + 1 data member changes (2 filtered): + + type of 'fd_pipe* (fd_device*, enum fd_pipe_id, unsigned int)* fd_device_funcs::pipe_new' changed: + + in pointed to type 'function type fd_pipe* (fd_device*, enum fd_pipe_id, unsigned int)': + + return type changed: + + in pointed to type 'struct fd_pipe' at freedreno_priv.h:126:1: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'const fd_pipe_funcs* fd_pipe::funcs' changed: + + in pointed to type 'const fd_pipe_funcs': + + in unqualified underlying type 'struct fd_pipe_funcs' at freedreno_priv.h:118:1: + + type size hasn't changed + + 1 data member changes (3 filtered): + + type of 'fd_ringbuffer* (fd_pipe*, typedef uint32_t, enum fd_ringbuffer_flags)* fd_pipe_funcs::ringbuffer_new' changed: + + in pointed to type 'function type fd_ringbuffer* (fd_pipe*, typedef uint32_t, enum fd_ringbuffer_flags)': + + return type changed: + + in pointed to type 'struct fd_ringbuffer' at freedreno_ringbuffer.h:64:1: + + type size changed from 704 to 768 (in bits) + + 1 data member insertion: + + 'union {atomic_t refcnt; uint64_t __pad;}', at offset 704 (in bits) + + 2 data member changes (2 filtered): + + type of 'const fd_ringbuffer_funcs* fd_ringbuffer::funcs' changed: + + in pointed to type 'const fd_ringbuffer_funcs': + + in unqualified underlying type 'struct fd_ringbuffer_funcs' at freedreno_priv.h:134:1: + + type size hasn't changed + + 1 data member changes (7 filtered): + + type of 'typedef uint32_t (fd_ringbuffer*, fd_ringbuffer*, typedef uint32_t, typedef uint32_t, typedef uint32_t)* fd_ringbuffer_funcs::emit_reloc_ring' changed: + + in pointed to type 'function type typedef uint32_t (fd_ringbuffer*, fd_ringbuffer*, typedef uint32_t, typedef uint32_t, typedef uint32_t)': + + parameter 4 of type 'typedef uint32_t' was removed + + parameter 5 of type 'typedef uint32_t' was removed + + + + + + + + type of 'uint32_t fd_ringbuffer::flags' changed: + + entity changed from 'typedef uint32_t' to 'enum fd_ringbuffer_flags' at freedreno_ringbuffer.h:41:1 + + type size hasn't changed + + type alignement changed from 0 to 32 + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libell_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libell_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..8fde188df798af33c876f6e23e51e32c14765c73 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libell_all_result.md @@ -0,0 +1,344 @@ +# Functions changed info + +---------------diffs in libell_libell.so.0.0.2_abidiff.out:---------------- + +Functions changes summary: 13 Removed, 0 Changed, 148 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added (1 filtered out) variable + + + +13 Removed functions: + + + + [D] 'function void l_fswatch_destroy(l_fswatch*)' {l_fswatch_destroy} + + [D] 'function l_fswatch* l_fswatch_new(const char*, l_fswatch_cb_t, void*, l_fswatch_destroy_cb_t)' {l_fswatch_new} + + [D] 'function bool l_genl_family_can_dump(l_genl_family*, uint8_t)' {l_genl_family_can_dump} + + [D] 'function bool l_genl_family_can_send(l_genl_family*, uint8_t)' {l_genl_family_can_send} + + [D] 'function uint32_t l_genl_family_get_version(l_genl_family*)' {l_genl_family_get_version} + + [D] 'function bool l_genl_family_has_group(l_genl_family*, const char*)' {l_genl_family_has_group} + + [D] 'function l_genl_family* l_genl_family_ref(l_genl_family*)' {l_genl_family_ref} + + [D] 'function bool l_genl_family_set_watches(l_genl_family*, l_genl_watch_func_t, l_genl_watch_func_t, void*, l_genl_destroy_func_t)' {l_genl_family_set_watches} + + [D] 'function void l_genl_family_unref(l_genl_family*)' {l_genl_family_unref} + + [D] 'function l_genl* l_genl_new_default()' {l_genl_new_default} + + [D] 'function bool l_genl_set_close_on_unref(l_genl*, bool)' {l_genl_set_close_on_unref} + + [D] 'function bool l_genl_set_unicast_handler(l_genl*, l_genl_msg_func_t, void*, l_genl_destroy_func_t)' {l_genl_set_unicast_handler} + + [D] 'function uint8_t* l_pem_load_certificate(const char*, size_t*)' {l_pem_load_certificate} + + + +148 Added functions: + + + + [A] 'function bool l_aead_cipher_is_supported(l_aead_cipher_type)' {l_aead_cipher_is_supported@@ELL_0.10} + + [A] 'function void l_cert_free(l_cert*)' {l_cert_free@@ELL_0.10} + + [A] 'function const uint8_t* l_cert_get_der_data(l_cert*, size_t*)' {l_cert_get_der_data@@ELL_0.10} + + [A] 'function const uint8_t* l_cert_get_dn(l_cert*, size_t*)' {l_cert_get_dn@@ELL_0.10} + + [A] 'function l_key* l_cert_get_pubkey(l_cert*)' {l_cert_get_pubkey@@ELL_0.10} + + [A] 'function l_cert_key_type l_cert_get_pubkey_type(l_cert*)' {l_cert_get_pubkey_type@@ELL_0.10} + + [A] 'function l_cert* l_cert_new_from_der(const uint8_t*, size_t)' {l_cert_new_from_der@@ELL_0.10} + + [A] 'function void l_certchain_free(l_certchain*)' {l_certchain_free@@ELL_0.10} + + [A] 'function l_cert* l_certchain_get_leaf(l_certchain*)' {l_certchain_get_leaf@@ELL_0.10} + + [A] 'function bool l_certchain_verify(l_certchain*, l_queue*, const char**)' {l_certchain_verify@@ELL_0.10} + + [A] 'function void l_certchain_walk_from_ca(l_certchain*, l_cert_walk_cb_t, void*)' {l_certchain_walk_from_ca@@ELL_0.10} + + [A] 'function void l_certchain_walk_from_leaf(l_certchain*, l_cert_walk_cb_t, void*)' {l_certchain_walk_from_leaf@@ELL_0.10} + + [A] 'function ssize_t l_checksum_digest_length(l_checksum_type)' {l_checksum_digest_length@@ELL_0.10} + + [A] 'function bool l_cipher_is_supported(l_cipher_type)' {l_cipher_is_supported@@ELL_0.10} + + [A] 'function void* l_dbus_object_get_data(l_dbus*, const char*, const char*)' {l_dbus_object_get_data@@ELL_0.10} + + [A] 'function bool l_dhcp_client_set_debug(l_dhcp_client*, l_dhcp_debug_cb_t, void*, l_dhcp_destroy_cb_t)' {l_dhcp_client_set_debug@@ELL_0.10} + + [A] 'function char** l_dhcp_lease_get_dns(const l_dhcp_lease*)' {l_dhcp_lease_get_dns@@ELL_0.10} + + [A] 'function char* l_dhcp_lease_get_domain_name(const l_dhcp_lease*)' {l_dhcp_lease_get_domain_name@@ELL_0.10} + + [A] 'function void l_dir_watch_destroy(l_dir_watch*)' {l_dir_watch_destroy@@ELL_0.10} + + [A] 'function l_dir_watch* l_dir_watch_new(const char*, l_dir_watch_event_func_t, void*, l_dir_watch_destroy_func_t)' {l_dir_watch_new@@ELL_0.10} + + [A] 'function const l_ecc_curve* l_ecc_curve_get(const char*)' {l_ecc_curve_get@@ELL_0.10} + + [A] 'function const l_ecc_curve* l_ecc_curve_get_ike_group(unsigned int)' {l_ecc_curve_get_ike_group@@ELL_0.10} + + [A] 'function const char* l_ecc_curve_get_name(const l_ecc_curve*)' {l_ecc_curve_get_name@@ELL_0.10} + + [A] 'function l_ecc_scalar* l_ecc_curve_get_order(const l_ecc_curve*)' {l_ecc_curve_get_order@@ELL_0.10} + + [A] 'function l_ecc_scalar* l_ecc_curve_get_prime(const l_ecc_curve*)' {l_ecc_curve_get_prime@@ELL_0.10} + + [A] 'function size_t l_ecc_curve_get_scalar_bytes(const l_ecc_curve*)' {l_ecc_curve_get_scalar_bytes@@ELL_0.10} + + [A] 'function const unsigned int* l_ecc_curve_get_supported_ike_groups()' {l_ecc_curve_get_supported_ike_groups@@ELL_0.10} + + [A] 'function const unsigned int* l_ecc_curve_get_supported_tls_groups()' {l_ecc_curve_get_supported_tls_groups@@ELL_0.10} + + [A] 'function const l_ecc_curve* l_ecc_curve_get_tls_group(unsigned int)' {l_ecc_curve_get_tls_group@@ELL_0.10} + + [A] 'function bool l_ecc_point_add(l_ecc_point*, const l_ecc_point*, const l_ecc_point*)' {l_ecc_point_add@@ELL_0.10} + + [A] 'function void l_ecc_point_free(l_ecc_point*)' {l_ecc_point_free@@ELL_0.10} + + [A] 'function l_ecc_point* l_ecc_point_from_data(const l_ecc_curve*, l_ecc_point_type, void*, size_t)' {l_ecc_point_from_data@@ELL_0.10} + + [A] 'function ssize_t l_ecc_point_get_data(const l_ecc_point*, void*, size_t)' {l_ecc_point_get_data@@ELL_0.10} + + [A] 'function ssize_t l_ecc_point_get_x(const l_ecc_point*, void*, size_t)' {l_ecc_point_get_x@@ELL_0.10} + + [A] 'function bool l_ecc_point_inverse(l_ecc_point*)' {l_ecc_point_inverse@@ELL_0.10} + + [A] 'function bool l_ecc_point_multiply(l_ecc_point*, const l_ecc_scalar*, const l_ecc_point*)' {l_ecc_point_multiply@@ELL_0.10} + + [A] 'function l_ecc_point* l_ecc_point_new(const l_ecc_curve*)' {l_ecc_point_new@@ELL_0.10} + + [A] 'function bool l_ecc_points_are_equal(const l_ecc_point*, const l_ecc_point*)' {l_ecc_points_are_equal@@ELL_0.10} + + [A] 'function bool l_ecc_scalar_add(l_ecc_scalar*, const l_ecc_scalar*, const l_ecc_scalar*, const l_ecc_scalar*)' {l_ecc_scalar_add@@ELL_0.10} + + [A] 'function void l_ecc_scalar_free(l_ecc_scalar*)' {l_ecc_scalar_free@@ELL_0.10} + + [A] 'function ssize_t l_ecc_scalar_get_data(const l_ecc_scalar*, void*, size_t)' {l_ecc_scalar_get_data@@ELL_0.10} + + [A] 'function int l_ecc_scalar_legendre(l_ecc_scalar*)' {l_ecc_scalar_legendre@@ELL_0.10} + + [A] 'function bool l_ecc_scalar_multiply(l_ecc_scalar*, const l_ecc_scalar*, const l_ecc_scalar*)' {l_ecc_scalar_multiply@@ELL_0.10} + + [A] 'function l_ecc_scalar* l_ecc_scalar_new(const l_ecc_curve*, void*, size_t)' {l_ecc_scalar_new@@ELL_0.10} + + [A] 'function l_ecc_scalar* l_ecc_scalar_new_random(const l_ecc_curve*)' {l_ecc_scalar_new_random@@ELL_0.10} + + [A] 'function bool l_ecc_scalar_sum_x(l_ecc_scalar*, const l_ecc_scalar*)' {l_ecc_scalar_sum_x@@ELL_0.10} + + [A] 'function bool l_ecc_scalars_are_equal(const l_ecc_scalar*, const l_ecc_scalar*)' {l_ecc_scalars_are_equal@@ELL_0.10} + + [A] 'function bool l_ecdh_generate_key_pair(const l_ecc_curve*, l_ecc_scalar**, l_ecc_point**)' {l_ecdh_generate_key_pair@@ELL_0.10} + + [A] 'function bool l_ecdh_generate_shared_secret(const l_ecc_scalar*, const l_ecc_point*, l_ecc_scalar**)' {l_ecdh_generate_shared_secret@@ELL_0.10} + + [A] 'function unsigned int l_genl_add_family_watch(l_genl*, const char*, l_genl_discover_func_t, l_genl_vanished_func_t, void*, l_genl_destroy_func_t)' {l_genl_add_family_watch@@ELL_0.10} + + [A] 'function unsigned int l_genl_add_unicast_watch(l_genl*, const char*, l_genl_msg_func_t, void*, l_genl_destroy_func_t)' {l_genl_add_unicast_watch@@ELL_0.10} + + [A] 'function bool l_genl_discover_families(l_genl*, l_genl_discover_func_t, void*, l_genl_destroy_func_t)' {l_genl_discover_families@@ELL_0.10} + + [A] 'function void l_genl_family_free(l_genl_family*)' {l_genl_family_free@@ELL_0.10} + + [A] 'function const l_genl_family_info* l_genl_family_get_info(l_genl_family*)' {l_genl_family_get_info@@ELL_0.10} + + [A] 'function bool l_genl_family_info_can_dump(const l_genl_family_info*, uint8_t)' {l_genl_family_info_can_dump@@ELL_0.10} + + [A] 'function bool l_genl_family_info_can_send(const l_genl_family_info*, uint8_t)' {l_genl_family_info_can_send@@ELL_0.10} + + [A] 'function char** l_genl_family_info_get_groups(const l_genl_family_info*)' {l_genl_family_info_get_groups@@ELL_0.10} + + [A] 'function uint32_t l_genl_family_info_get_id(const l_genl_family_info*)' {l_genl_family_info_get_id@@ELL_0.10} + + [A] 'function const char* l_genl_family_info_get_name(const l_genl_family_info*)' {l_genl_family_info_get_name@@ELL_0.10} + + [A] 'function uint32_t l_genl_family_info_get_version(const l_genl_family_info*)' {l_genl_family_info_get_version@@ELL_0.10} + + [A] 'function bool l_genl_family_info_has_group(const l_genl_family_info*, const char*)' {l_genl_family_info_has_group@@ELL_0.10} + + [A] 'function const char* l_genl_msg_get_extended_error(l_genl_msg*)' {l_genl_msg_get_extended_error@@ELL_0.10} + + [A] 'function l_genl_msg* l_genl_msg_new_from_data(void*, size_t)' {l_genl_msg_new_from_data@@ELL_0.10} + + [A] 'function void* l_genl_msg_to_data(l_genl_msg*, uint16_t, uint16_t, uint32_t, uint32_t, size_t*)' {l_genl_msg_to_data@@ELL_0.10} + + [A] 'function bool l_genl_remove_family_watch(l_genl*, unsigned int)' {l_genl_remove_family_watch@@ELL_0.10} + + [A] 'function bool l_genl_remove_unicast_watch(l_genl*, unsigned int)' {l_genl_remove_unicast_watch@@ELL_0.10} + + [A] 'function bool l_genl_request_family(l_genl*, const char*, l_genl_discover_func_t, void*, l_genl_destroy_func_t)' {l_genl_request_family@@ELL_0.10} + + [A] 'function uint32_t l_getrandom_uint32()' {l_getrandom_uint32@@ELL_0.10} + + [A] 'function bool l_gpio_chip_find_line_offset(l_gpio_chip*, const char*, uint32_t*)' {l_gpio_chip_find_line_offset@@ELL_0.10} + + [A] 'function void l_gpio_chip_free(l_gpio_chip*)' {l_gpio_chip_free@@ELL_0.10} + + [A] 'function const char* l_gpio_chip_get_label(l_gpio_chip*)' {l_gpio_chip_get_label@@ELL_0.10} + + [A] 'function char* l_gpio_chip_get_line_consumer(l_gpio_chip*, uint32_t)' {l_gpio_chip_get_line_consumer@@ELL_0.10} + + [A] 'function char* l_gpio_chip_get_line_label(l_gpio_chip*, uint32_t)' {l_gpio_chip_get_line_label@@ELL_0.10} + + [A] 'function const char* l_gpio_chip_get_name(l_gpio_chip*)' {l_gpio_chip_get_name@@ELL_0.10} + + [A] 'function uint32_t l_gpio_chip_get_num_lines(l_gpio_chip*)' {l_gpio_chip_get_num_lines@@ELL_0.10} + + [A] 'function l_gpio_chip* l_gpio_chip_new(const char*)' {l_gpio_chip_new@@ELL_0.10} + + [A] 'function char** l_gpio_chips_with_line_label(const char*)' {l_gpio_chips_with_line_label@@ELL_0.10} + + [A] 'function void l_gpio_reader_free(l_gpio_reader*)' {l_gpio_reader_free@@ELL_0.10} + + [A] 'function bool l_gpio_reader_get(l_gpio_reader*, uint32_t, uint32_t*)' {l_gpio_reader_get@@ELL_0.10} + + [A] 'function l_gpio_reader* l_gpio_reader_new(l_gpio_chip*, const char*, uint32_t, const uint32_t*)' {l_gpio_reader_new@@ELL_0.10} + + [A] 'function void l_gpio_writer_free(l_gpio_writer*)' {l_gpio_writer_free@@ELL_0.10} + + [A] 'function l_gpio_writer* l_gpio_writer_new(l_gpio_chip*, const char*, uint32_t, const uint32_t*, const uint32_t*)' {l_gpio_writer_new@@ELL_0.10} + + [A] 'function bool l_gpio_writer_set(l_gpio_writer*, uint32_t, const uint32_t*)' {l_gpio_writer_set@@ELL_0.10} + + [A] 'function l_key* l_key_generate_dh_private(void*, size_t)' {l_key_generate_dh_private@@ELL_0.10} + + [A] 'function bool l_key_get_info(l_key*, l_key_cipher_type, l_checksum_type, size_t*, bool*)' {l_key_get_info@@ELL_0.10} + + [A] 'function bool l_key_is_supported(uint32_t)' {l_key_is_supported@@ELL_0.10} + + [A] 'function bool l_key_validate_dh_payload(void*, size_t, void*, size_t)' {l_key_validate_dh_payload@@ELL_0.10} + + [A] 'function bool l_keyring_link(l_keyring*, const l_key*)' {l_keyring_link@@ELL_0.10} + + [A] 'function bool l_keyring_link_nested(l_keyring*, const l_keyring*)' {l_keyring_link_nested@@ELL_0.10} + + [A] 'function bool l_keyring_unlink(l_keyring*, const l_key*)' {l_keyring_unlink@@ELL_0.10} + + [A] 'function bool l_keyring_unlink_nested(l_keyring*, const l_keyring*)' {l_keyring_unlink_nested@@ELL_0.10} + + [A] 'function bool l_net_hostname_is_localhost(const char*)' {l_net_hostname_is_localhost@@ELL_0.10} + + [A] 'function bool l_net_hostname_is_root(const char*)' {l_net_hostname_is_root@@ELL_0.10} + + [A] 'function char* l_path_find(const char*, const char*, int)' {l_path_find@@ELL_0.10} + + [A] 'function uint64_t l_path_get_mtime(const char*)' {l_path_get_mtime@@ELL_0.10} + + [A] 'function const char* l_path_next(const char*, char**)' {l_path_next@@ELL_0.10} + + [A] 'function int l_path_touch(const char*)' {l_path_touch@@ELL_0.10} + + [A] 'function l_certchain* l_pem_load_certificate_chain(const char*)' {l_pem_load_certificate_chain@@ELL_0.10} + + [A] 'function l_certchain* l_pem_load_certificate_chain_from_data(void*, size_t)' {l_pem_load_certificate_chain_from_data@@ELL_0.10} + + [A] 'function l_queue* l_pem_load_certificate_list(const char*)' {l_pem_load_certificate_list@@ELL_0.10} + + [A] 'function l_queue* l_pem_load_certificate_list_from_data(void*, size_t)' {l_pem_load_certificate_list_from_data@@ELL_0.10} + + [A] 'function l_key* l_pem_load_private_key_from_data(void*, size_t, const char*, bool*)' {l_pem_load_private_key_from_data@@ELL_0.10} + + [A] 'function ssize_t l_ringbuf_append(l_ringbuf*, void*, size_t)' {l_ringbuf_append@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_ifaddr4_add(l_netlink*, int, uint8_t, const char*, const char*, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_ifaddr4_add@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_ifaddr4_delete(l_netlink*, int, uint8_t, const char*, const char*, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_ifaddr4_delete@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_ifaddr4_dump(l_netlink*, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_ifaddr4_dump@@ELL_0.10} + + [A] 'function void l_rtnl_ifaddr4_extract(const ifaddrmsg*, int, char**, char**, char**)' {l_rtnl_ifaddr4_extract@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_ifaddr6_add(l_netlink*, int, uint8_t, const char*, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_ifaddr6_add@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_ifaddr6_delete(l_netlink*, int, uint8_t, const char*, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_ifaddr6_delete@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_ifaddr6_dump(l_netlink*, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_ifaddr6_dump@@ELL_0.10} + + [A] 'function void l_rtnl_ifaddr6_extract(const ifaddrmsg*, int, char**)' {l_rtnl_ifaddr6_extract@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_route4_add_connected(l_netlink*, int, uint8_t, const char*, const char*, uint8_t, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_route4_add_connected@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_route4_add_gateway(l_netlink*, int, const char*, const char*, uint32_t, uint8_t, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_route4_add_gateway@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_route4_dump(l_netlink*, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_route4_dump@@ELL_0.10} + + [A] 'function void l_rtnl_route4_extract(const rtmsg*, uint32_t, uint32_t*, uint32_t*, char**, char**, char**)' {l_rtnl_route4_extract@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_route6_add_gateway(l_netlink*, int, const char*, uint32_t, uint8_t, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_route6_add_gateway@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_route6_delete_gateway(l_netlink*, int, const char*, uint32_t, uint8_t, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_route6_delete_gateway@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_route6_dump(l_netlink*, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_route6_dump@@ELL_0.10} + + [A] 'function void l_rtnl_route6_extract(const rtmsg*, uint32_t, uint32_t*, uint32_t*, char**, char**, char**)' {l_rtnl_route6_extract@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_set_linkmode_and_operstate(l_netlink*, int, uint8_t, uint8_t, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_set_linkmode_and_operstate@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_set_mac(l_netlink*, int, const uint8_t*, bool, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_set_mac@@ELL_0.10} + + [A] 'function uint32_t l_rtnl_set_powered(l_netlink*, int, bool, l_netlink_command_func_t, void*, l_netlink_destroy_func_t)' {l_rtnl_set_powered@@ELL_0.10} + + [A] 'function char** l_settings_get_embedded_groups(l_settings*)' {l_settings_get_embedded_groups@@ELL_0.10} + + [A] 'function const char* l_settings_get_embedded_value(l_settings*, const char*, const char**)' {l_settings_get_embedded_value@@ELL_0.10} + + [A] 'function bool l_settings_has_embedded_group(l_settings*, const char*)' {l_settings_has_embedded_group@@ELL_0.10} + + [A] 'function char** l_strv_append(char**, const char*)' {l_strv_append@@ELL_0.10} + + [A] 'function char** l_strv_append_printf(char**, const char*, ...)' {l_strv_append_printf@@ELL_0.10} + + [A] 'function char** l_strv_append_vprintf(char**, const char*, va_list)' {l_strv_append_vprintf@@ELL_0.10} + + [A] 'function char** l_strv_copy(char**)' {l_strv_copy@@ELL_0.10} + + [A] 'function void l_strv_free(char**)' {l_strv_free@@ELL_0.10} + + [A] 'function char** l_strv_new()' {l_strv_new@@ELL_0.10} + + [A] 'function uint64_t l_time_now()' {l_time_now@@ELL_0.10} + + [A] 'function void l_timeout_set_callback(l_timeout*, l_timeout_notify_cb_t, void*, l_timeout_destroy_cb_t)' {l_timeout_set_callback@@ELL_0.10} + + [A] 'function bool l_tls_prf_get_bytes(l_tls*, bool, const char*, uint8_t*, size_t)' {l_tls_prf_get_bytes@@ELL_0.10} + + [A] 'function bool l_tls_set_debug(l_tls*, l_tls_debug_cb_t, void*, l_tls_destroy_cb_t)' {l_tls_set_debug@@ELL_0.10} + + [A] 'function void l_tls_set_domain_mask(l_tls*, char**)' {l_tls_set_domain_mask@@ELL_0.10} + + [A] 'function void l_tls_set_version_range(l_tls*, l_tls_version, l_tls_version)' {l_tls_set_version_range@@ELL_0.10} + + [A] 'function bool l_tls_start(l_tls*)' {l_tls_start@@ELL_0.10} + + [A] 'function uint32_t l_uintset_find_unused(l_uintset*, uint32_t)' {l_uintset_find_unused@@ELL_0.10} + + [A] 'function void l_uintset_foreach(l_uintset*, l_uintset_foreach_func_t, void*)' {l_uintset_foreach@@ELL_0.10} + + [A] 'function l_uintset* l_uintset_intersect(const l_uintset*, const l_uintset*)' {l_uintset_intersect@@ELL_0.10} + + [A] 'function bool l_uintset_isempty(const l_uintset*)' {l_uintset_isempty@@ELL_0.10} + + [A] 'function char* l_utf8_from_ucs2be(void*, ssize_t)' {l_utf8_from_ucs2be@@ELL_0.10} + + [A] 'function size_t l_utf8_from_wchar(wchar_t, char*)' {l_utf8_from_wchar@@ELL_0.10} + + [A] 'function void* l_utf8_to_ucs2be(const char*, size_t*)' {l_utf8_to_ucs2be@@ELL_0.10} + + [A] 'function char* l_util_hexstring_upper(const unsigned char*, size_t)' {l_util_hexstring_upper@@ELL_0.10} + + [A] 'function bool l_uuid_from_string(const char*, uint8_t*)' {l_uuid_from_string@@ELL_0.10} + + [A] 'function bool l_uuid_v4(uint8_t*)' {l_uuid_v4@@ELL_0.10} + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libgusb_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libgusb_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..d16e657787d42077280e8e6c743c4c8b1c90a0cb --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libgusb_all_result.md @@ -0,0 +1,74 @@ +# Functions changed info + +---------------diffs in libgusb_libgusb.so.2.0.10_abidiff.out:---------------- + +Functions changes summary: 2 Removed, 1 Changed (11 filtered out), 13 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Removed functions: + + + + 'function GType g_usb_interface_get_type()' {g_usb_interface_get_type@@LIBGUSB_0.1.0} + + 'function void g_usb_source_set_callback(GUsbSource*, GSourceFunc, gpointer, GDestroyNotify)' {g_usb_source_set_callback@@LIBGUSB_0.1.0} + + + +13 Added functions: + + + + 'function guint16 g_usb_device_get_spec(GUsbDevice*)' {g_usb_device_get_spec@@LIBGUSB_0.3.1} + + 'function guint8 g_usb_endpoint_get_address(GUsbEndpoint*)' {g_usb_endpoint_get_address@@LIBGUSB_0.3.3} + + 'function GUsbDeviceDirection g_usb_endpoint_get_direction(GUsbEndpoint*)' {g_usb_endpoint_get_direction@@LIBGUSB_0.3.3} + + 'function GBytes* g_usb_endpoint_get_extra(GUsbEndpoint*)' {g_usb_endpoint_get_extra@@LIBGUSB_0.3.3} + + 'function guint8 g_usb_endpoint_get_kind(GUsbEndpoint*)' {g_usb_endpoint_get_kind@@LIBGUSB_0.3.3} + + 'function guint16 g_usb_endpoint_get_maximum_packet_size(GUsbEndpoint*)' {g_usb_endpoint_get_maximum_packet_size@@LIBGUSB_0.3.3} + + 'function guint8 g_usb_endpoint_get_number(GUsbEndpoint*)' {g_usb_endpoint_get_number@@LIBGUSB_0.3.3} + + 'function guint8 g_usb_endpoint_get_polling_interval(GUsbEndpoint*)' {g_usb_endpoint_get_polling_interval@@LIBGUSB_0.3.3} + + 'function guint8 g_usb_endpoint_get_refresh(GUsbEndpoint*)' {g_usb_endpoint_get_refresh@@LIBGUSB_0.3.3} + + 'function guint8 g_usb_endpoint_get_synch_address(GUsbEndpoint*)' {g_usb_endpoint_get_synch_address@@LIBGUSB_0.3.3} + + 'function GType g_usb_endpoint_get_type()' {g_usb_endpoint_get_type@@LIBGUSB_0.3.3} + + 'function GPtrArray* g_usb_interface_get_endpoints(GUsbInterface*)' {g_usb_interface_get_endpoints@@LIBGUSB_0.3.3} + + 'function const gchar* g_usb_version_string()' {g_usb_version_string@@LIBGUSB_0.3.1} + + + +1 function with some indirect sub-type change: + + + + [C]'function GUsbInterface* g_usb_device_get_interface(GUsbDevice*, guint8, guint8, guint8, GError**)' at gusb-device.c:500:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef GUsbInterface' at gusb-interface.h:17:1: + + underlying type 'struct _GUsbInterface' at gusb-interface.c:38:1 changed: + + type size changed from 576 to 640 (in bits) + + 1 data member insertion: + + 'GPtrArray* _GUsbInterface::endpoints', at offset 576 (in bits) at gusb-interface.c:34:1 + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libical_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libical_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..bed04d37395bc95295df3feca0cbf64e237bdab4 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libical_all_result.md @@ -0,0 +1,1774 @@ +# Functions changed info + +---------------diffs in libical_libical_cxx.so.3.0.8_abidiff.out:---------------- + +---------------diffs in libical_libicalss_cxx.so.3.0.8_abidiff.out:---------------- + +---------------diffs in libical_libicalvcal.so.3.0.8_abidiff.out:---------------- + +---------------diffs in libical_libical.so.3.0.8_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed, 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Added functions: + + + + 'function icaltimetype icalproperty_get_datetime_with_component(icalproperty*, icalcomponent*)' {icalproperty_get_datetime_with_component} + + 'function void icaltimezone_truncate_vtimezone(icalcomponent*, icaltimetype, icaltimetype, int)' {icaltimezone_truncate_vtimezone} + + + +1 function with some indirect sub-type change: + + + + [C]'function icalattach* icalattach_new_from_data(const char*, icalattach_free_fn_t, void*)' at icalattach.c:60:1 has some indirect sub-type changes: + + parameter 2 of type 'typedef icalattach_free_fn_t' changed: + + underlying type 'void (unsigned char*, void*)*' changed: + + in pointed to type 'function type void (unsigned char*, void*)': + + parameter 1 of type 'unsigned char*' changed: + + in pointed to type 'unsigned char': + + type name changed from 'unsigned char' to 'char' + + type size hasn't changed + + + + + + + +---------------diffs in libical_libicalss.so.3.0.8_abidiff.out:---------------- + +---------------diffs in libical_libical-glib.so.3.0.8_abidiff.out:---------------- + +Functions changes summary: 196 Removed, 137 Changed (46 filtered out), 199 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 0 Removed, 1 Added function symbol not referenced by debug info + +Variable symbols changes summary: 0 Removed, 0 Added variable symbol not referenced by debug info + + + +196 Removed functions: + + + + [D] 'function void i_cal_array_append(ICalArray*, GObject*)' {i_cal_array_append} + + [D] 'function GObject* i_cal_array_element_at(ICalArray*, gint)' {i_cal_array_element_at} + + [D] 'function ICalArray* i_cal_array_new(gint, gint)' {i_cal_array_new} + + [D] 'function gchar* i_cal_component_as_ical_string_r(ICalComponent*)' {i_cal_component_as_ical_string_r} + + [D] 'function ICalComponent* i_cal_component_new_clone(ICalComponent*)' {i_cal_component_new_clone} + + [D] 'function ICalComponentKind i_cal_component_string_to_kind(const gchar*)' {i_cal_component_string_to_kind} + + [D] 'function ICalPeriodType* i_cal_datetimeperiod_type_get_period(ICalDatetimeperiodType*)' {i_cal_datetimeperiod_type_get_period} + + [D] 'function ICalTimetype* i_cal_datetimeperiod_type_get_time(ICalDatetimeperiodType*)' {i_cal_datetimeperiod_type_get_time} + + [D] 'function GType i_cal_datetimeperiod_type_get_type()' {i_cal_datetimeperiod_type_get_type} + + [D] 'function void i_cal_datetimeperiod_type_set_period(ICalDatetimeperiodType*, ICalPeriodType*)' {i_cal_datetimeperiod_type_set_period} + + [D] 'function void i_cal_datetimeperiod_type_set_time(ICalDatetimeperiodType*, ICalTimetype*)' {i_cal_datetimeperiod_type_set_time} + + [D] 'function gchar* i_cal_duration_type_as_ical_string_r(ICalDurationType*)' {i_cal_duration_type_as_ical_string_r} + + [D] 'function gint i_cal_duration_type_as_int(ICalDurationType*)' {i_cal_duration_type_as_int} + + [D] 'function ICalDurationType* i_cal_duration_type_bad_duration()' {i_cal_duration_type_bad_duration} + + [D] 'function ICalDurationType* i_cal_duration_type_from_int(gint)' {i_cal_duration_type_from_int} + + [D] 'function ICalDurationType* i_cal_duration_type_from_string(const gchar*)' {i_cal_duration_type_from_string} + + [D] 'function guint i_cal_duration_type_get_days(ICalDurationType*)' {i_cal_duration_type_get_days} + + [D] 'function guint i_cal_duration_type_get_hours(ICalDurationType*)' {i_cal_duration_type_get_hours} + + [D] 'function guint i_cal_duration_type_get_minutes(ICalDurationType*)' {i_cal_duration_type_get_minutes} + + [D] 'function guint i_cal_duration_type_get_seconds(ICalDurationType*)' {i_cal_duration_type_get_seconds} + + [D] 'function GType i_cal_duration_type_get_type()' {i_cal_duration_type_get_type} + + [D] 'function guint i_cal_duration_type_get_weeks(ICalDurationType*)' {i_cal_duration_type_get_weeks} + + [D] 'function gint i_cal_duration_type_is_bad_duration(ICalDurationType*)' {i_cal_duration_type_is_bad_duration} + + [D] 'function gint i_cal_duration_type_is_neg(ICalDurationType*)' {i_cal_duration_type_is_neg} + + [D] 'function gint i_cal_duration_type_is_null_duration(ICalDurationType*)' {i_cal_duration_type_is_null_duration} + + [D] 'function ICalDurationType* i_cal_duration_type_null_duration()' {i_cal_duration_type_null_duration} + + [D] 'function void i_cal_duration_type_set_days(ICalDurationType*, guint)' {i_cal_duration_type_set_days} + + [D] 'function void i_cal_duration_type_set_hours(ICalDurationType*, guint)' {i_cal_duration_type_set_hours} + + [D] 'function void i_cal_duration_type_set_is_neg(ICalDurationType*, gint)' {i_cal_duration_type_set_is_neg} + + [D] 'function void i_cal_duration_type_set_minutes(ICalDurationType*, guint)' {i_cal_duration_type_set_minutes} + + [D] 'function void i_cal_duration_type_set_seconds(ICalDurationType*, guint)' {i_cal_duration_type_set_seconds} + + [D] 'function void i_cal_duration_type_set_weeks(ICalDurationType*, guint)' {i_cal_duration_type_set_weeks} + + [D] 'function ICalRequestStatus i_cal_enum_num_to_reqstat(gshort, gshort)' {i_cal_enum_num_to_reqstat} + + [D] 'function gchar* i_cal_enum_reqstat_code_r(ICalRequestStatus)' {i_cal_enum_reqstat_code_r} + + [D] 'function const gchar* i_cal_enum_reqstat_desc(ICalRequestStatus)' {i_cal_enum_reqstat_desc} + + [D] 'function gshort i_cal_enum_reqstat_major(ICalRequestStatus)' {i_cal_enum_reqstat_major} + + [D] 'function gshort i_cal_enum_reqstat_minor(ICalRequestStatus)' {i_cal_enum_reqstat_minor} + + [D] 'function gdouble i_cal_geo_type_get_lat(ICalGeoType*)' {i_cal_geo_type_get_lat} + + [D] 'function gdouble i_cal_geo_type_get_lon(ICalGeoType*)' {i_cal_geo_type_get_lon} + + [D] 'function GType i_cal_geo_type_get_type()' {i_cal_geo_type_get_type} + + [D] 'function icalgeotype i_cal_geo_type_new_default()' {i_cal_geo_type_new_default} + + [D] 'function void i_cal_geo_type_set_lat(ICalGeoType*, gdouble)' {i_cal_geo_type_set_lat} + + [D] 'function void i_cal_geo_type_set_lon(ICalGeoType*, gdouble)' {i_cal_geo_type_set_lon} + + [D] 'function gint i_cal_langbind_access_array(gint*, gint)' {i_cal_langbind_access_array} + + [D] 'function void i_cal_langbind_free_array(gint*)' {i_cal_langbind_free_array} + + [D] 'function ICalComponent* i_cal_langbind_get_first_component(ICalComponent*, const gchar*)' {i_cal_langbind_get_first_component} + + [D] 'function ICalParameter* i_cal_langbind_get_first_parameter(ICalProperty*)' {i_cal_langbind_get_first_parameter} + + [D] 'function ICalProperty* i_cal_langbind_get_first_property(ICalComponent*, const gchar*)' {i_cal_langbind_get_first_property} + + [D] 'function ICalComponent* i_cal_langbind_get_next_component(ICalComponent*, const gchar*)' {i_cal_langbind_get_next_component} + + [D] 'function ICalParameter* i_cal_langbind_get_next_parameter(ICalProperty*)' {i_cal_langbind_get_next_parameter} + + [D] 'function ICalProperty* i_cal_langbind_get_next_property(ICalComponent*, const gchar*)' {i_cal_langbind_get_next_property} + + [D] 'function gint* i_cal_langbind_new_array(gint)' {i_cal_langbind_new_array} + + [D] 'function gchar* i_cal_langbind_property_eval_string_r(ICalProperty*, const gchar*)' {i_cal_langbind_property_eval_string_r} + + [D] 'function gchar* i_cal_langbind_quote_as_ical_r(const gchar*)' {i_cal_langbind_quote_as_ical_r} + + [D] 'function gint i_cal_langbind_string_to_open_flag(const gchar*)' {i_cal_langbind_string_to_open_flag} + + [D] 'function gchar* i_cal_parameter_as_ical_string_r(ICalParameter*)' {i_cal_parameter_as_ical_string_r} + + [D] 'function ICalParameter* i_cal_parameter_new_clone(ICalParameter*)' {i_cal_parameter_new_clone} + + [D] 'function ICalParameterKind i_cal_parameter_string_to_kind(const gchar*)' {i_cal_parameter_string_to_kind} + + [D] 'function void i_cal_parser_set_gen_data(ICalParser*, void*)' {i_cal_parser_set_gen_data} + + [D] 'function gchar* i_cal_parser_string_line_generator(gchar*, size_t, void*)' {i_cal_parser_string_line_generator} + + [D] 'function gchar* i_cal_period_type_as_ical_string_r(ICalPeriodType*)' {i_cal_period_type_as_ical_string_r} + + [D] 'function ICalPeriodType* i_cal_period_type_from_string(const gchar*)' {i_cal_period_type_from_string} + + [D] 'function ICalDurationType* i_cal_period_type_get_duration(ICalPeriodType*)' {i_cal_period_type_get_duration} + + [D] 'function ICalTimetype* i_cal_period_type_get_end(ICalPeriodType*)' {i_cal_period_type_get_end} + + [D] 'function ICalTimetype* i_cal_period_type_get_start(ICalPeriodType*)' {i_cal_period_type_get_start} + + [D] 'function GType i_cal_period_type_get_type()' {i_cal_period_type_get_type} + + [D] 'function gint i_cal_period_type_is_null_period(ICalPeriodType*)' {i_cal_period_type_is_null_period} + + [D] 'function gint i_cal_period_type_is_valid_period(ICalPeriodType*)' {i_cal_period_type_is_valid_period} + + [D] 'function ICalPeriodType* i_cal_period_type_null_period()' {i_cal_period_type_null_period} + + [D] 'function void i_cal_period_type_set_duration(ICalPeriodType*, ICalDurationType*)' {i_cal_period_type_set_duration} + + [D] 'function void i_cal_period_type_set_end(ICalPeriodType*, ICalTimetype*)' {i_cal_period_type_set_end} + + [D] 'function void i_cal_period_type_set_start(ICalPeriodType*, ICalTimetype*)' {i_cal_period_type_set_start} + + [D] 'function const gchar* i_cal_property_as_ical_string_r(ICalProperty*)' {i_cal_property_as_ical_string_r} + + [D] 'function gint i_cal_property_enum_belongs_to_property(ICalPropertyKind, gint)' {i_cal_property_enum_belongs_to_property} + + [D] 'function gchar* i_cal_property_enum_to_string_r(gint)' {i_cal_property_enum_to_string_r} + + [D] 'function gchar* i_cal_property_get_parameter_as_string_r(ICalProperty*, const gchar*)' {i_cal_property_get_parameter_as_string_r} + + [D] 'function gchar* i_cal_property_get_property_name_r(const ICalProperty*)' {i_cal_property_get_property_name_r} + + [D] 'function gchar* i_cal_property_get_value_as_string_r(const ICalProperty*)' {i_cal_property_get_value_as_string_r} + + [D] 'function ICalProperty* i_cal_property_new_clone(ICalProperty*)' {i_cal_property_new_clone} + + [D] 'function ICalPropertyKind i_cal_property_string_to_kind(const gchar*)' {i_cal_property_string_to_kind} + + [D] 'function ICalPropertyMethod i_cal_property_string_to_method(const gchar*)' {i_cal_property_string_to_method} + + [D] 'function ICalPropertyStatus i_cal_property_string_to_status(const gchar*)' {i_cal_property_string_to_status} + + [D] 'function ICalPropertyKind i_cal_property_value_kind_to_kind(ICalValueKind)' {i_cal_property_value_kind_to_kind} + + [D] 'function const gchar* i_cal_recur_freq_to_string(ICalRecurrenceTypeFrequency)' {i_cal_recur_freq_to_string} + + [D] 'function const gchar* i_cal_recur_skip_to_string(ICalRecurrenceTypeSkip)' {i_cal_recur_skip_to_string} + + [D] 'function ICalRecurrenceTypeFrequency i_cal_recur_string_to_freq(const gchar*)' {i_cal_recur_string_to_freq} + + [D] 'function ICalRecurrenceTypeSkip i_cal_recur_string_to_skip(const gchar*)' {i_cal_recur_string_to_skip} + + [D] 'function ICalRecurrenceTypeWeekday i_cal_recur_string_to_weekday(const gchar*)' {i_cal_recur_string_to_weekday} + + [D] 'function const gchar* i_cal_recur_weekday_to_string(ICalRecurrenceTypeWeekday)' {i_cal_recur_weekday_to_string} + + [D] 'function gchar* i_cal_recurrence_type_as_string_r(ICalRecurrenceType*)' {i_cal_recurrence_type_as_string_r} + + [D] 'function void i_cal_recurrence_type_clear(ICalRecurrenceType*)' {i_cal_recurrence_type_clear} + + [D] 'function ICalRecurrenceTypeWeekday i_cal_recurrence_type_day_day_of_week(gshort)' {i_cal_recurrence_type_day_day_of_week} + + [D] 'function gint i_cal_recurrence_type_day_position(gshort)' {i_cal_recurrence_type_day_position} + + [D] 'function ICalRecurrenceType* i_cal_recurrence_type_from_string(const gchar*)' {i_cal_recurrence_type_from_string} + + [D] 'function GArray* i_cal_recurrence_type_get_by_day(ICalRecurrenceType*)' {i_cal_recurrence_type_get_by_day} + + [D] 'function GArray* i_cal_recurrence_type_get_by_hour(ICalRecurrenceType*)' {i_cal_recurrence_type_get_by_hour} + + [D] 'function GArray* i_cal_recurrence_type_get_by_minute(ICalRecurrenceType*)' {i_cal_recurrence_type_get_by_minute} + + [D] 'function GArray* i_cal_recurrence_type_get_by_month(ICalRecurrenceType*)' {i_cal_recurrence_type_get_by_month} + + [D] 'function GArray* i_cal_recurrence_type_get_by_month_day(ICalRecurrenceType*)' {i_cal_recurrence_type_get_by_month_day} + + [D] 'function GArray* i_cal_recurrence_type_get_by_second(ICalRecurrenceType*)' {i_cal_recurrence_type_get_by_second} + + [D] 'function GArray* i_cal_recurrence_type_get_by_set_pos(ICalRecurrenceType*)' {i_cal_recurrence_type_get_by_set_pos} + + [D] 'function GArray* i_cal_recurrence_type_get_by_week_no(ICalRecurrenceType*)' {i_cal_recurrence_type_get_by_week_no} + + [D] 'function GArray* i_cal_recurrence_type_get_by_year_day(ICalRecurrenceType*)' {i_cal_recurrence_type_get_by_year_day} + + [D] 'function gint i_cal_recurrence_type_get_count(ICalRecurrenceType*)' {i_cal_recurrence_type_get_count} + + [D] 'function ICalRecurrenceTypeFrequency i_cal_recurrence_type_get_freq(ICalRecurrenceType*)' {i_cal_recurrence_type_get_freq} + + [D] 'function gshort i_cal_recurrence_type_get_interval(ICalRecurrenceType*)' {i_cal_recurrence_type_get_interval} + + [D] 'function GType i_cal_recurrence_type_get_type()' {i_cal_recurrence_type_get_type} + + [D] 'function ICalTimetype* i_cal_recurrence_type_get_until(ICalRecurrenceType*)' {i_cal_recurrence_type_get_until} + + [D] 'function ICalRecurrenceTypeWeekday i_cal_recurrence_type_get_week_start(ICalRecurrenceType*)' {i_cal_recurrence_type_get_week_start} + + [D] 'function gint i_cal_recurrence_type_month_is_leap(gshort)' {i_cal_recurrence_type_month_is_leap} + + [D] 'function gint i_cal_recurrence_type_month_month(gshort)' {i_cal_recurrence_type_month_month} + + [D] 'function gint i_cal_recurrence_type_rscale_is_supported()' {i_cal_recurrence_type_rscale_is_supported} + + [D] 'function ICalArray* i_cal_recurrence_type_rscale_supported_calendars()' {i_cal_recurrence_type_rscale_supported_calendars} + + [D] 'function void i_cal_recurrence_type_set_by_day(ICalRecurrenceType*, guint, gshort)' {i_cal_recurrence_type_set_by_day} + + [D] 'function void i_cal_recurrence_type_set_by_hour(ICalRecurrenceType*, guint, gshort)' {i_cal_recurrence_type_set_by_hour} + + [D] 'function void i_cal_recurrence_type_set_by_minute(ICalRecurrenceType*, guint, gshort)' {i_cal_recurrence_type_set_by_minute} + + [D] 'function void i_cal_recurrence_type_set_by_month(ICalRecurrenceType*, guint, gshort)' {i_cal_recurrence_type_set_by_month} + + [D] 'function void i_cal_recurrence_type_set_by_month_day(ICalRecurrenceType*, guint, gshort)' {i_cal_recurrence_type_set_by_month_day} + + [D] 'function void i_cal_recurrence_type_set_by_second(ICalRecurrenceType*, guint, gshort)' {i_cal_recurrence_type_set_by_second} + + [D] 'function void i_cal_recurrence_type_set_by_set_pos(ICalRecurrenceType*, guint, gshort)' {i_cal_recurrence_type_set_by_set_pos} + + [D] 'function void i_cal_recurrence_type_set_by_week_no(ICalRecurrenceType*, guint, gshort)' {i_cal_recurrence_type_set_by_week_no} + + [D] 'function void i_cal_recurrence_type_set_by_year_day(ICalRecurrenceType*, guint, gshort)' {i_cal_recurrence_type_set_by_year_day} + + [D] 'function void i_cal_recurrence_type_set_count(ICalRecurrenceType*, gint)' {i_cal_recurrence_type_set_count} + + [D] 'function void i_cal_recurrence_type_set_freq(ICalRecurrenceType*, ICalRecurrenceTypeFrequency)' {i_cal_recurrence_type_set_freq} + + [D] 'function void i_cal_recurrence_type_set_interval(ICalRecurrenceType*, gshort)' {i_cal_recurrence_type_set_interval} + + [D] 'function void i_cal_recurrence_type_set_until(ICalRecurrenceType*, ICalTimetype*)' {i_cal_recurrence_type_set_until} + + [D] 'function void i_cal_recurrence_type_set_week_start(ICalRecurrenceType*, ICalRecurrenceTypeWeekday)' {i_cal_recurrence_type_set_week_start} + + [D] 'function gchar* i_cal_reqstat_type_as_string_r(ICalReqstatType*)' {i_cal_reqstat_type_as_string_r} + + [D] 'function ICalReqstatType* i_cal_reqstat_type_from_string(const gchar*)' {i_cal_reqstat_type_from_string} + + [D] 'function ICalRequestStatus i_cal_reqstat_type_get_code(ICalReqstatType*)' {i_cal_reqstat_type_get_code} + + [D] 'function const gchar* i_cal_reqstat_type_get_debug(ICalReqstatType*)' {i_cal_reqstat_type_get_debug} + + [D] 'function const gchar* i_cal_reqstat_type_get_desc(ICalReqstatType*)' {i_cal_reqstat_type_get_desc} + + [D] 'function GType i_cal_reqstat_type_get_type()' {i_cal_reqstat_type_get_type} + + [D] 'function void i_cal_reqstat_type_set_code(ICalReqstatType*, ICalRequestStatus)' {i_cal_reqstat_type_set_code} + + [D] 'function gchar* i_cal_time_as_ical_string_r(ICalTimetype*)' {i_cal_time_as_ical_string_r} + + [D] 'function ICalTimetype* i_cal_time_current_time_with_zone(ICalTimezone*)' {i_cal_time_current_time_with_zone} + + [D] 'function ICalTimetype* i_cal_time_from_day_of_year(const gint, const gint)' {i_cal_time_from_day_of_year} + + [D] 'function ICalTimetype* i_cal_time_from_string(const gchar*)' {i_cal_time_from_string} + + [D] 'function ICalTimetype* i_cal_time_from_timet_with_zone(const time_t, gint, ICalTimezone*)' {i_cal_time_from_timet_with_zone} + + [D] 'function ICalTimetype* i_cal_time_null_date()' {i_cal_time_null_date} + + [D] 'function ICalTimetype* i_cal_time_null_time()' {i_cal_time_null_time} + + [D] 'function gint i_cal_time_span_is_busy(ICalTimeSpan*)' {i_cal_time_span_is_busy} + + [D] 'function void i_cal_time_tiemzone_expand_vtimezone(ICalComponent*, gint, ICalArray*)' {i_cal_time_tiemzone_expand_vtimezone} + + [D] 'function ICalTimetype* i_cal_time_today()' {i_cal_time_today} + + [D] 'function gint i_cal_timetype_get_day(ICalTimetype*)' {i_cal_timetype_get_day} + + [D] 'function gint i_cal_timetype_get_hour(ICalTimetype*)' {i_cal_timetype_get_hour} + + [D] 'function gint i_cal_timetype_get_minute(ICalTimetype*)' {i_cal_timetype_get_minute} + + [D] 'function gint i_cal_timetype_get_month(ICalTimetype*)' {i_cal_timetype_get_month} + + [D] 'function gint i_cal_timetype_get_second(ICalTimetype*)' {i_cal_timetype_get_second} + + [D] 'function GType i_cal_timetype_get_type()' {i_cal_timetype_get_type} + + [D] 'function gint i_cal_timetype_get_year(ICalTimetype*)' {i_cal_timetype_get_year} + + [D] 'function const ICalTimezone* i_cal_timetype_get_zone(ICalTimetype*)' {i_cal_timetype_get_zone} + + [D] 'function gint i_cal_timetype_is_date(ICalTimetype*)' {i_cal_timetype_is_date} + + [D] 'function gint i_cal_timetype_is_daylight(ICalTimetype*)' {i_cal_timetype_is_daylight} + + [D] 'function gint i_cal_timetype_is_utc(ICalTimetype*)' {i_cal_timetype_is_utc} + + [D] 'function ICalTimetype* i_cal_timetype_new()' {i_cal_timetype_new} + + [D] 'function void i_cal_timetype_set_day(ICalTimetype*, gint)' {i_cal_timetype_set_day} + + [D] 'function void i_cal_timetype_set_hour(ICalTimetype*, gint)' {i_cal_timetype_set_hour} + + [D] 'function void i_cal_timetype_set_is_date(ICalTimetype*, gint)' {i_cal_timetype_set_is_date} + + [D] 'function void i_cal_timetype_set_is_daylight(ICalTimetype*, gint)' {i_cal_timetype_set_is_daylight} + + [D] 'function void i_cal_timetype_set_minute(ICalTimetype*, gint)' {i_cal_timetype_set_minute} + + [D] 'function void i_cal_timetype_set_month(ICalTimetype*, gint)' {i_cal_timetype_set_month} + + [D] 'function void i_cal_timetype_set_second(ICalTimetype*, gint)' {i_cal_timetype_set_second} + + [D] 'function void i_cal_timetype_set_year(ICalTimetype*, gint)' {i_cal_timetype_set_year} + + [D] 'function void i_cal_timezone_convert_time(ICalTimetype*, ICalTimezone*, ICalTimezone*)' {i_cal_timezone_convert_time} + + [D] 'function const gchar* i_cal_timezone_phase_get_comment(ICalTimezonePhase*)' {i_cal_timezone_phase_get_comment} + + [D] 'function ICalTimetype* i_cal_timezone_phase_get_dtstart(ICalTimezonePhase*)' {i_cal_timezone_phase_get_dtstart} + + [D] 'function gint i_cal_timezone_phase_get_offsetto(ICalTimezonePhase*)' {i_cal_timezone_phase_get_offsetto} + + [D] 'function ICalDatetimeperiodType* i_cal_timezone_phase_get_rdate(ICalTimezonePhase*)' {i_cal_timezone_phase_get_rdate} + + [D] 'function const gchar* i_cal_timezone_phase_get_rrule(ICalTimezonePhase*)' {i_cal_timezone_phase_get_rrule} + + [D] 'function GType i_cal_timezone_phase_get_type()' {i_cal_timezone_phase_get_type} + + [D] 'function const gchar* i_cal_timezone_phase_get_tzname(ICalTimezonePhase*)' {i_cal_timezone_phase_get_tzname} + + [D] 'function gint i_cal_timezone_phase_get_tzoffsetfrom(ICalTimezonePhase*)' {i_cal_timezone_phase_get_tzoffsetfrom} + + [D] 'function gint i_cal_timezone_phase_is_stdandard(ICalTimezonePhase*)' {i_cal_timezone_phase_is_stdandard} + + [D] 'function void i_cal_timezone_phase_set_dtstart(ICalTimezonePhase*, ICalTimetype*)' {i_cal_timezone_phase_set_dtstart} + + [D] 'function void i_cal_timezone_phase_set_is_stdandard(ICalTimezonePhase*, gint)' {i_cal_timezone_phase_set_is_stdandard} + + [D] 'function void i_cal_timezone_phase_set_offsetto(ICalTimezonePhase*, gint)' {i_cal_timezone_phase_set_offsetto} + + [D] 'function void i_cal_timezone_phase_set_rdate(ICalTimezonePhase*, ICalDatetimeperiodType*)' {i_cal_timezone_phase_set_rdate} + + [D] 'function void i_cal_timezone_phase_set_tzoffsetfrom(ICalTimezonePhase*, gint)' {i_cal_timezone_phase_set_tzoffsetfrom} + + [D] 'function ICalTimetype* i_cal_timezonetype_get_last_mod(ICalTimezonetype*)' {i_cal_timezonetype_get_last_mod} + + [D] 'function GType i_cal_timezonetype_get_type()' {i_cal_timezonetype_get_type} + + [D] 'function const gchar* i_cal_timezonetype_get_tzid(ICalTimezonetype*)' {i_cal_timezonetype_get_tzid} + + [D] 'function const gchar* i_cal_timezonetype_get_tzurl(ICalTimezonetype*)' {i_cal_timezonetype_get_tzurl} + + [D] 'function void i_cal_timezonetype_set_last_mod(ICalTimezonetype*, ICalTimetype*)' {i_cal_timezonetype_set_last_mod} + + [D] 'function ICalTriggerType* i_cal_trigger_type_from_int(const gint)' {i_cal_trigger_type_from_int} + + [D] 'function ICalTriggerType* i_cal_trigger_type_from_string(const gchar*)' {i_cal_trigger_type_from_string} + + [D] 'function ICalDurationType* i_cal_trigger_type_get_duration(ICalTriggerType*)' {i_cal_trigger_type_get_duration} + + [D] 'function ICalTimetype* i_cal_trigger_type_get_time(ICalTriggerType*)' {i_cal_trigger_type_get_time} + + [D] 'function GType i_cal_trigger_type_get_type()' {i_cal_trigger_type_get_type} + + [D] 'function gint i_cal_trigger_type_is_bad_trigger(ICalTriggerType*)' {i_cal_trigger_type_is_bad_trigger} + + [D] 'function gint i_cal_trigger_type_is_null_trigger(ICalTriggerType*)' {i_cal_trigger_type_is_null_trigger} + + [D] 'function void i_cal_trigger_type_set_duration(ICalTriggerType*, ICalDurationType*)' {i_cal_trigger_type_set_duration} + + [D] 'function void i_cal_trigger_type_set_time(ICalTriggerType*, ICalTimetype*)' {i_cal_trigger_type_set_time} + + [D] 'function gchar* i_cal_value_as_ical_string_r(const ICalValue*)' {i_cal_value_as_ical_string_r} + + [D] 'function ICalValue* i_cal_value_new_clone(const ICalValue*)' {i_cal_value_new_clone} + + [D] 'function ICalValueKind i_cal_value_string_to_kind(const gchar*)' {i_cal_value_string_to_kind} + + + +199 Added functions: + + + + [A] 'function ICalAttach* i_cal_attach_new_from_bytes(GBytes*)' {i_cal_attach_new_from_bytes} + + [A] 'function gchar* i_cal_component_as_ical_string(ICalComponent*)' {i_cal_component_as_ical_string} + + [A] 'function ICalComponent* i_cal_component_clone(ICalComponent*)' {i_cal_component_clone} + + [A] 'function void i_cal_component_foreach_recurrence(ICalComponent*, ICalTime*, ICalTime*, ICalComponentForeachRecurrenceFunc, gpointer)' {i_cal_component_foreach_recurrence} + + [A] 'function ICalComponent* i_cal_component_get_parent(ICalComponent*)' {i_cal_component_get_parent} + + [A] 'function ICalComponentKind i_cal_component_kind_from_string(const gchar*)' {i_cal_component_kind_from_string} + + [A] 'function void i_cal_component_set_parent(ICalComponent*, ICalComponent*)' {i_cal_component_set_parent} + + [A] 'function void i_cal_component_take_component(ICalComponent*, ICalComponent*)' {i_cal_component_take_component} + + [A] 'function void i_cal_component_take_property(ICalComponent*, ICalProperty*)' {i_cal_component_take_property} + + [A] 'function ICalPeriod* i_cal_datetimeperiod_get_period(ICalDatetimeperiod*)' {i_cal_datetimeperiod_get_period} + + [A] 'function ICalTime* i_cal_datetimeperiod_get_time(ICalDatetimeperiod*)' {i_cal_datetimeperiod_get_time} + + [A] 'function GType i_cal_datetimeperiod_get_type()' {i_cal_datetimeperiod_get_type} + + [A] 'function ICalDatetimeperiod* i_cal_datetimeperiod_new()' {i_cal_datetimeperiod_new} + + [A] 'function void i_cal_datetimeperiod_set_period(ICalDatetimeperiod*, ICalPeriod*)' {i_cal_datetimeperiod_set_period} + + [A] 'function void i_cal_datetimeperiod_set_time(ICalDatetimeperiod*, ICalTime*)' {i_cal_datetimeperiod_set_time} + + [A] 'function gchar* i_cal_duration_as_ical_string(ICalDuration*)' {i_cal_duration_as_ical_string} + + [A] 'function gint i_cal_duration_as_int(ICalDuration*)' {i_cal_duration_as_int} + + [A] 'function guint i_cal_duration_get_days(ICalDuration*)' {i_cal_duration_get_days} + + [A] 'function guint i_cal_duration_get_hours(ICalDuration*)' {i_cal_duration_get_hours} + + [A] 'function guint i_cal_duration_get_minutes(ICalDuration*)' {i_cal_duration_get_minutes} + + [A] 'function guint i_cal_duration_get_seconds(ICalDuration*)' {i_cal_duration_get_seconds} + + [A] 'function GType i_cal_duration_get_type()' {i_cal_duration_get_type} + + [A] 'function guint i_cal_duration_get_weeks(ICalDuration*)' {i_cal_duration_get_weeks} + + [A] 'function gboolean i_cal_duration_is_bad_duration(ICalDuration*)' {i_cal_duration_is_bad_duration} + + [A] 'function gboolean i_cal_duration_is_neg(ICalDuration*)' {i_cal_duration_is_neg} + + [A] 'function gboolean i_cal_duration_is_null_duration(ICalDuration*)' {i_cal_duration_is_null_duration} + + [A] 'function ICalDuration* i_cal_duration_new_bad_duration()' {i_cal_duration_new_bad_duration} + + [A] 'function ICalDuration* i_cal_duration_new_from_int(gint)' {i_cal_duration_new_from_int} + + [A] 'function ICalDuration* i_cal_duration_new_from_string(const gchar*)' {i_cal_duration_new_from_string} + + [A] 'function ICalDuration* i_cal_duration_new_null_duration()' {i_cal_duration_new_null_duration} + + [A] 'function void i_cal_duration_set_days(ICalDuration*, guint)' {i_cal_duration_set_days} + + [A] 'function void i_cal_duration_set_hours(ICalDuration*, guint)' {i_cal_duration_set_hours} + + [A] 'function void i_cal_duration_set_is_neg(ICalDuration*, gboolean)' {i_cal_duration_set_is_neg} + + [A] 'function void i_cal_duration_set_minutes(ICalDuration*, guint)' {i_cal_duration_set_minutes} + + [A] 'function void i_cal_duration_set_seconds(ICalDuration*, guint)' {i_cal_duration_set_seconds} + + [A] 'function void i_cal_duration_set_weeks(ICalDuration*, guint)' {i_cal_duration_set_weeks} + + [A] 'function ICalGeo* i_cal_geo_clone(const ICalGeo*)' {i_cal_geo_clone} + + [A] 'function gdouble i_cal_geo_get_lat(ICalGeo*)' {i_cal_geo_get_lat} + + [A] 'function gdouble i_cal_geo_get_lon(ICalGeo*)' {i_cal_geo_get_lon} + + [A] 'function GType i_cal_geo_get_type()' {i_cal_geo_get_type} + + [A] 'function ICalGeo* i_cal_geo_new(gdouble, gdouble)' {i_cal_geo_new} + + [A] 'function void i_cal_geo_set_lat(ICalGeo*, gdouble)' {i_cal_geo_set_lat} + + [A] 'function void i_cal_geo_set_lon(ICalGeo*, gdouble)' {i_cal_geo_set_lon} + + [A] 'function void i_cal_object_free_global_objects()' {i_cal_object_free_global_objects} + + [A] 'function gchar* i_cal_parameter_as_ical_string(ICalParameter*)' {i_cal_parameter_as_ical_string} + + [A] 'function ICalParameter* i_cal_parameter_clone(ICalParameter*)' {i_cal_parameter_clone} + + [A] 'function ICalParameterKind i_cal_parameter_kind_from_string(const gchar*)' {i_cal_parameter_kind_from_string} + + [A] 'function gchar* i_cal_period_as_ical_string(ICalPeriod*)' {i_cal_period_as_ical_string} + + [A] 'function ICalDuration* i_cal_period_get_duration(ICalPeriod*)' {i_cal_period_get_duration} + + [A] 'function ICalTime* i_cal_period_get_end(ICalPeriod*)' {i_cal_period_get_end} + + [A] 'function ICalTime* i_cal_period_get_start(ICalPeriod*)' {i_cal_period_get_start} + + [A] 'function GType i_cal_period_get_type()' {i_cal_period_get_type} + + [A] 'function gboolean i_cal_period_is_null_period(ICalPeriod*)' {i_cal_period_is_null_period} + + [A] 'function gboolean i_cal_period_is_valid_period(ICalPeriod*)' {i_cal_period_is_valid_period} + + [A] 'function ICalPeriod* i_cal_period_new_from_string(const gchar*)' {i_cal_period_new_from_string} + + [A] 'function ICalPeriod* i_cal_period_new_null_period()' {i_cal_period_new_null_period} + + [A] 'function void i_cal_period_set_duration(ICalPeriod*, ICalDuration*)' {i_cal_period_set_duration} + + [A] 'function void i_cal_period_set_end(ICalPeriod*, ICalTime*)' {i_cal_period_set_end} + + [A] 'function void i_cal_period_set_start(ICalPeriod*, ICalTime*)' {i_cal_period_set_start} + + [A] 'function gchar* i_cal_property_as_ical_string(ICalProperty*)' {i_cal_property_as_ical_string} + + [A] 'function ICalProperty* i_cal_property_clone(ICalProperty*)' {i_cal_property_clone} + + [A] 'function gchar* i_cal_property_enum_to_string(gint)' {i_cal_property_enum_to_string} + + [A] 'function const gchar* i_cal_property_get_color(ICalProperty*)' {i_cal_property_get_color} + + [A] 'function ICalTime* i_cal_property_get_datetime_with_component(ICalProperty*, ICalComponent*)' {i_cal_property_get_datetime_with_component} + + [A] 'function gchar* i_cal_property_get_parameter_as_string(ICalProperty*, const gchar*)' {i_cal_property_get_parameter_as_string} + + [A] 'function gchar* i_cal_property_get_property_name(const ICalProperty*)' {i_cal_property_get_property_name} + + [A] 'function gchar* i_cal_property_get_value_as_string(const ICalProperty*)' {i_cal_property_get_value_as_string} + + [A] 'function ICalPropertyKind i_cal_property_kind_from_string(const gchar*)' {i_cal_property_kind_from_string} + + [A] 'function gint i_cal_property_kind_has_property(ICalPropertyKind, gint)' {i_cal_property_kind_has_property} + + [A] 'function ICalPropertyMethod i_cal_property_method_from_string(const gchar*)' {i_cal_property_method_from_string} + + [A] 'function ICalProperty* i_cal_property_new_color(const gchar*)' {i_cal_property_new_color} + + [A] 'function void i_cal_property_set_color(ICalProperty*, const gchar*)' {i_cal_property_set_color} + + [A] 'function ICalPropertyStatus i_cal_property_status_from_string(const gchar*)' {i_cal_property_status_from_string} + + [A] 'function void i_cal_property_take_parameter(ICalProperty*, ICalParameter*)' {i_cal_property_take_parameter} + + [A] 'function void i_cal_property_take_value(ICalProperty*, ICalValue*)' {i_cal_property_take_value} + + [A] 'function void i_cal_recurrence_clear(ICalRecurrence*)' {i_cal_recurrence_clear} + + [A] 'function ICalRecurrenceWeekday i_cal_recurrence_day_day_of_week(gshort)' {i_cal_recurrence_day_day_of_week} + + [A] 'function gint i_cal_recurrence_day_position(gshort)' {i_cal_recurrence_day_position} + + [A] 'function ICalRecurrenceFrequency i_cal_recurrence_frequency_from_string(const gchar*)' {i_cal_recurrence_frequency_from_string} + + [A] 'function const gchar* i_cal_recurrence_frequency_to_string(ICalRecurrenceFrequency)' {i_cal_recurrence_frequency_to_string} + + [A] 'function gshort i_cal_recurrence_get_by_day(ICalRecurrence*, guint)' {i_cal_recurrence_get_by_day} + + [A] 'function GArray* i_cal_recurrence_get_by_day_array(ICalRecurrence*)' {i_cal_recurrence_get_by_day_array} + + [A] 'function gshort i_cal_recurrence_get_by_hour(ICalRecurrence*, guint)' {i_cal_recurrence_get_by_hour} + + [A] 'function GArray* i_cal_recurrence_get_by_hour_array(ICalRecurrence*)' {i_cal_recurrence_get_by_hour_array} + + [A] 'function gshort i_cal_recurrence_get_by_minute(ICalRecurrence*, guint)' {i_cal_recurrence_get_by_minute} + + [A] 'function GArray* i_cal_recurrence_get_by_minute_array(ICalRecurrence*)' {i_cal_recurrence_get_by_minute_array} + + [A] 'function gshort i_cal_recurrence_get_by_month(ICalRecurrence*, guint)' {i_cal_recurrence_get_by_month} + + [A] 'function GArray* i_cal_recurrence_get_by_month_array(ICalRecurrence*)' {i_cal_recurrence_get_by_month_array} + + [A] 'function gshort i_cal_recurrence_get_by_month_day(ICalRecurrence*, guint)' {i_cal_recurrence_get_by_month_day} + + [A] 'function GArray* i_cal_recurrence_get_by_month_day_array(ICalRecurrence*)' {i_cal_recurrence_get_by_month_day_array} + + [A] 'function gshort i_cal_recurrence_get_by_second(ICalRecurrence*, guint)' {i_cal_recurrence_get_by_second} + + [A] 'function GArray* i_cal_recurrence_get_by_second_array(ICalRecurrence*)' {i_cal_recurrence_get_by_second_array} + + [A] 'function gshort i_cal_recurrence_get_by_set_pos(ICalRecurrence*, guint)' {i_cal_recurrence_get_by_set_pos} + + [A] 'function GArray* i_cal_recurrence_get_by_set_pos_array(ICalRecurrence*)' {i_cal_recurrence_get_by_set_pos_array} + + [A] 'function gshort i_cal_recurrence_get_by_week_no(ICalRecurrence*, guint)' {i_cal_recurrence_get_by_week_no} + + [A] 'function GArray* i_cal_recurrence_get_by_week_no_array(ICalRecurrence*)' {i_cal_recurrence_get_by_week_no_array} + + [A] 'function gshort i_cal_recurrence_get_by_year_day(ICalRecurrence*, guint)' {i_cal_recurrence_get_by_year_day} + + [A] 'function GArray* i_cal_recurrence_get_by_year_day_array(ICalRecurrence*)' {i_cal_recurrence_get_by_year_day_array} + + [A] 'function gint i_cal_recurrence_get_count(ICalRecurrence*)' {i_cal_recurrence_get_count} + + [A] 'function ICalRecurrenceFrequency i_cal_recurrence_get_freq(ICalRecurrence*)' {i_cal_recurrence_get_freq} + + [A] 'function gshort i_cal_recurrence_get_interval(ICalRecurrence*)' {i_cal_recurrence_get_interval} + + [A] 'function GType i_cal_recurrence_get_type()' {i_cal_recurrence_get_type} + + [A] 'function ICalTime* i_cal_recurrence_get_until(ICalRecurrence*)' {i_cal_recurrence_get_until} + + [A] 'function ICalRecurrenceWeekday i_cal_recurrence_get_week_start(ICalRecurrence*)' {i_cal_recurrence_get_week_start} + + [A] 'function gboolean i_cal_recurrence_month_is_leap(gshort)' {i_cal_recurrence_month_is_leap} + + [A] 'function gint i_cal_recurrence_month_month(gshort)' {i_cal_recurrence_month_month} + + [A] 'function ICalRecurrence* i_cal_recurrence_new()' {i_cal_recurrence_new} + + [A] 'function ICalRecurrence* i_cal_recurrence_new_from_string(const gchar*)' {i_cal_recurrence_new_from_string} + + [A] 'function gboolean i_cal_recurrence_rscale_is_supported()' {i_cal_recurrence_rscale_is_supported} + + [A] 'function ICalArray* i_cal_recurrence_rscale_supported_calendars()' {i_cal_recurrence_rscale_supported_calendars} + + [A] 'function void i_cal_recurrence_set_by_day(ICalRecurrence*, guint, gshort)' {i_cal_recurrence_set_by_day} + + [A] 'function void i_cal_recurrence_set_by_day_array(ICalRecurrence*, GArray*)' {i_cal_recurrence_set_by_day_array} + + [A] 'function void i_cal_recurrence_set_by_hour(ICalRecurrence*, guint, gshort)' {i_cal_recurrence_set_by_hour} + + [A] 'function void i_cal_recurrence_set_by_hour_array(ICalRecurrence*, GArray*)' {i_cal_recurrence_set_by_hour_array} + + [A] 'function void i_cal_recurrence_set_by_minute(ICalRecurrence*, guint, gshort)' {i_cal_recurrence_set_by_minute} + + [A] 'function void i_cal_recurrence_set_by_minute_array(ICalRecurrence*, GArray*)' {i_cal_recurrence_set_by_minute_array} + + [A] 'function void i_cal_recurrence_set_by_month(ICalRecurrence*, guint, gshort)' {i_cal_recurrence_set_by_month} + + [A] 'function void i_cal_recurrence_set_by_month_array(ICalRecurrence*, GArray*)' {i_cal_recurrence_set_by_month_array} + + [A] 'function void i_cal_recurrence_set_by_month_day(ICalRecurrence*, guint, gshort)' {i_cal_recurrence_set_by_month_day} + + [A] 'function void i_cal_recurrence_set_by_month_day_array(ICalRecurrence*, GArray*)' {i_cal_recurrence_set_by_month_day_array} + + [A] 'function void i_cal_recurrence_set_by_second(ICalRecurrence*, guint, gshort)' {i_cal_recurrence_set_by_second} + + [A] 'function void i_cal_recurrence_set_by_second_array(ICalRecurrence*, GArray*)' {i_cal_recurrence_set_by_second_array} + + [A] 'function void i_cal_recurrence_set_by_set_pos(ICalRecurrence*, guint, gshort)' {i_cal_recurrence_set_by_set_pos} + + [A] 'function void i_cal_recurrence_set_by_set_pos_array(ICalRecurrence*, GArray*)' {i_cal_recurrence_set_by_set_pos_array} + + [A] 'function void i_cal_recurrence_set_by_week_no(ICalRecurrence*, guint, gshort)' {i_cal_recurrence_set_by_week_no} + + [A] 'function void i_cal_recurrence_set_by_week_no_array(ICalRecurrence*, GArray*)' {i_cal_recurrence_set_by_week_no_array} + + [A] 'function void i_cal_recurrence_set_by_year_day(ICalRecurrence*, guint, gshort)' {i_cal_recurrence_set_by_year_day} + + [A] 'function void i_cal_recurrence_set_by_year_day_array(ICalRecurrence*, GArray*)' {i_cal_recurrence_set_by_year_day_array} + + [A] 'function void i_cal_recurrence_set_count(ICalRecurrence*, gint)' {i_cal_recurrence_set_count} + + [A] 'function void i_cal_recurrence_set_freq(ICalRecurrence*, ICalRecurrenceFrequency)' {i_cal_recurrence_set_freq} + + [A] 'function void i_cal_recurrence_set_interval(ICalRecurrence*, gshort)' {i_cal_recurrence_set_interval} + + [A] 'function void i_cal_recurrence_set_until(ICalRecurrence*, ICalTime*)' {i_cal_recurrence_set_until} + + [A] 'function void i_cal_recurrence_set_week_start(ICalRecurrence*, ICalRecurrenceWeekday)' {i_cal_recurrence_set_week_start} + + [A] 'function ICalRecurrenceSkip i_cal_recurrence_skip_from_string(const gchar*)' {i_cal_recurrence_skip_from_string} + + [A] 'function const gchar* i_cal_recurrence_skip_to_string(ICalRecurrenceSkip)' {i_cal_recurrence_skip_to_string} + + [A] 'function gchar* i_cal_recurrence_to_string(ICalRecurrence*)' {i_cal_recurrence_to_string} + + [A] 'function ICalRecurrenceWeekday i_cal_recurrence_weekday_from_string(const gchar*)' {i_cal_recurrence_weekday_from_string} + + [A] 'function const gchar* i_cal_recurrence_weekday_to_string(ICalRecurrenceWeekday)' {i_cal_recurrence_weekday_to_string} + + [A] 'function ICalRequestStatus i_cal_reqstat_get_code(ICalReqstat*)' {i_cal_reqstat_get_code} + + [A] 'function const gchar* i_cal_reqstat_get_debug(const ICalReqstat*)' {i_cal_reqstat_get_debug} + + [A] 'function const gchar* i_cal_reqstat_get_desc(const ICalReqstat*)' {i_cal_reqstat_get_desc} + + [A] 'function GType i_cal_reqstat_get_type()' {i_cal_reqstat_get_type} + + [A] 'function ICalReqstat* i_cal_reqstat_new_from_string(const gchar*)' {i_cal_reqstat_new_from_string} + + [A] 'function void i_cal_reqstat_set_code(ICalReqstat*, ICalRequestStatus)' {i_cal_reqstat_set_code} + + [A] 'function gchar* i_cal_reqstat_to_string(ICalReqstat*)' {i_cal_reqstat_to_string} + + [A] 'function gchar* i_cal_request_status_code(ICalRequestStatus)' {i_cal_request_status_code} + + [A] 'function const gchar* i_cal_request_status_desc(ICalRequestStatus)' {i_cal_request_status_desc} + + [A] 'function ICalRequestStatus i_cal_request_status_from_num(gshort, gshort)' {i_cal_request_status_from_num} + + [A] 'function gshort i_cal_request_status_major(ICalRequestStatus)' {i_cal_request_status_major} + + [A] 'function gshort i_cal_request_status_minor(ICalRequestStatus)' {i_cal_request_status_minor} + + [A] 'function gchar* i_cal_time_as_ical_string(const ICalTime*)' {i_cal_time_as_ical_string} + + [A] 'function ICalTime* i_cal_time_clone(const ICalTime*)' {i_cal_time_clone} + + [A] 'function void i_cal_time_convert_timezone(ICalTime*, ICalTimezone*, ICalTimezone*)' {i_cal_time_convert_timezone} + + [A] 'function void i_cal_time_convert_to_zone_inplace(ICalTime*, ICalTimezone*)' {i_cal_time_convert_to_zone_inplace} + + [A] 'function void i_cal_time_get_date(const ICalTime*, gint*, gint*, gint*)' {i_cal_time_get_date} + + [A] 'function gint i_cal_time_get_day(const ICalTime*)' {i_cal_time_get_day} + + [A] 'function gint i_cal_time_get_hour(const ICalTime*)' {i_cal_time_get_hour} + + [A] 'function gint i_cal_time_get_minute(const ICalTime*)' {i_cal_time_get_minute} + + [A] 'function gint i_cal_time_get_month(const ICalTime*)' {i_cal_time_get_month} + + [A] 'function gint i_cal_time_get_second(const ICalTime*)' {i_cal_time_get_second} + + [A] 'function void i_cal_time_get_time(const ICalTime*, gint*, gint*, gint*)' {i_cal_time_get_time} + + [A] 'function GType i_cal_time_get_type()' {i_cal_time_get_type} + + [A] 'function gint i_cal_time_get_year(const ICalTime*)' {i_cal_time_get_year} + + [A] 'function gboolean i_cal_time_is_daylight(const ICalTime*)' {i_cal_time_is_daylight} + + [A] 'function ICalTime* i_cal_time_new()' {i_cal_time_new} + + [A] 'function ICalTime* i_cal_time_new_current_with_zone(ICalTimezone*)' {i_cal_time_new_current_with_zone} + + [A] 'function ICalTime* i_cal_time_new_from_day_of_year(const gint, const gint)' {i_cal_time_new_from_day_of_year} + + [A] 'function ICalTime* i_cal_time_new_from_string(const gchar*)' {i_cal_time_new_from_string} + + [A] 'function ICalTime* i_cal_time_new_from_timet_with_zone(const time_t, gint, ICalTimezone*)' {i_cal_time_new_from_timet_with_zone} + + [A] 'function ICalTime* i_cal_time_new_null_date()' {i_cal_time_new_null_date} + + [A] 'function ICalTime* i_cal_time_new_today()' {i_cal_time_new_today} + + [A] 'function void i_cal_time_normalize_inplace(ICalTime*)' {i_cal_time_normalize_inplace} + + [A] 'function void i_cal_time_set_date(ICalTime*, gint, gint, gint)' {i_cal_time_set_date} + + [A] 'function void i_cal_time_set_day(ICalTime*, gint)' {i_cal_time_set_day} + + [A] 'function void i_cal_time_set_hour(ICalTime*, gint)' {i_cal_time_set_hour} + + [A] 'function void i_cal_time_set_is_date(ICalTime*, gboolean)' {i_cal_time_set_is_date} + + [A] 'function void i_cal_time_set_is_daylight(ICalTime*, gboolean)' {i_cal_time_set_is_daylight} + + [A] 'function void i_cal_time_set_minute(ICalTime*, gint)' {i_cal_time_set_minute} + + [A] 'function void i_cal_time_set_month(ICalTime*, gint)' {i_cal_time_set_month} + + [A] 'function void i_cal_time_set_second(ICalTime*, gint)' {i_cal_time_set_second} + + [A] 'function void i_cal_time_set_time(ICalTime*, gint, gint, gint)' {i_cal_time_set_time} + + [A] 'function void i_cal_time_set_year(ICalTime*, gint)' {i_cal_time_set_year} + + [A] 'function ICalTimeSpan* i_cal_time_span_clone(const ICalTimeSpan*)' {i_cal_time_span_clone} + + [A] 'function gboolean i_cal_time_span_get_is_busy(ICalTimeSpan*)' {i_cal_time_span_get_is_busy} + + [A] 'function ICalTimeSpan* i_cal_time_span_new_timet(time_t, time_t, gboolean)' {i_cal_time_span_new_timet} + + [A] 'function void i_cal_time_timezone_expand_vtimezone(ICalComponent*, gint, ICalArray*)' {i_cal_time_timezone_expand_vtimezone} + + [A] 'function ICalDuration* i_cal_trigger_get_duration(ICalTrigger*)' {i_cal_trigger_get_duration} + + [A] 'function ICalTime* i_cal_trigger_get_time(ICalTrigger*)' {i_cal_trigger_get_time} + + [A] 'function GType i_cal_trigger_get_type()' {i_cal_trigger_get_type} + + [A] 'function gboolean i_cal_trigger_is_bad_trigger(ICalTrigger*)' {i_cal_trigger_is_bad_trigger} + + [A] 'function gboolean i_cal_trigger_is_null_trigger(ICalTrigger*)' {i_cal_trigger_is_null_trigger} + + [A] 'function ICalTrigger* i_cal_trigger_new_from_int(const gint)' {i_cal_trigger_new_from_int} + + [A] 'function ICalTrigger* i_cal_trigger_new_from_string(const gchar*)' {i_cal_trigger_new_from_string} + + [A] 'function void i_cal_trigger_set_duration(ICalTrigger*, ICalDuration*)' {i_cal_trigger_set_duration} + + [A] 'function void i_cal_trigger_set_time(ICalTrigger*, ICalTime*)' {i_cal_trigger_set_time} + + [A] 'function gchar* i_cal_value_as_ical_string(const ICalValue*)' {i_cal_value_as_ical_string} + + [A] 'function ICalValue* i_cal_value_clone(const ICalValue*)' {i_cal_value_clone} + + [A] 'function ICalValueKind i_cal_value_kind_from_string(const gchar*)' {i_cal_value_kind_from_string} + + [A] 'function ICalPropertyKind i_cal_value_kind_to_property_kind(ICalValueKind)' {i_cal_value_kind_to_property_kind} + + + +137 functions with some indirect sub-type change: + + + + [C]'function guchar* i_cal_attach_get_data(ICalAttach*)' at i-cal-attach.c:224:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef guchar': + + entity changed from 'typedef guchar' to 'const gchar' + + type size hasn't changed + + + + [C]'function ICalTimetype* i_cal_component_get_dtend(ICalComponent*)' at i-cal-component.c:1065:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef ICalTimetype' at i-cal-forward-declarations.h:44:1: + + typedef name changed from ICalTimetype to ICalTime at i-cal-forward-declarations.h:44:1 + + underlying type 'struct _ICalTimetype' at i-cal-timetype.h:63:1 changed: + + type name changed from '_ICalTimetype' to '_ICalTime' + + type size hasn't changed + + + + no data member change (1 filtered); + + + + [C]'function ICalTimetype* i_cal_component_get_dtstamp(ICalComponent*)' at i-cal-component.c:1220:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_component_get_dtstart(ICalComponent*)' at i-cal-component.c:1026:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_component_get_due(ICalComponent*)' at i-cal-component.c:1104:1 has some indirect sub-type changes: + + + + [C]'function ICalDurationType* i_cal_component_get_duration(ICalComponent*)' at i-cal-component.c:1143:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef ICalDurationType' at i-cal-forward-declarations.h:35:1: + + typedef name changed from ICalDurationType to ICalDuration at i-cal-forward-declarations.h:35:1 + + underlying type 'struct _ICalDurationType' at i-cal-duration-type.h:63:1 changed: + + type name changed from '_ICalDurationType' to '_ICalDuration' + + type size hasn't changed + + + + no data member change (1 filtered); + + + + [C]'function ICalTimetype* i_cal_component_get_recurrenceid(ICalComponent*)' at i-cal-component.c:1415:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_component_set_dtend(ICalComponent*, ICalTimetype*)' at i-cal-component.c:1044:1 has some indirect sub-type changes: + + parameter 2 of type 'ICalTimetype*' changed: + + pointed to type 'typedef ICalTimetype' changed at i-cal-forward-declarations.h:45:1, as reported earlier + + + + [C]'function void i_cal_component_set_dtstamp(ICalComponent*, ICalTimetype*)' at i-cal-component.c:1199:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_component_set_dtstart(ICalComponent*, ICalTimetype*)' at i-cal-component.c:1005:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_component_set_due(ICalComponent*, ICalTimetype*)' at i-cal-component.c:1083:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_component_set_duration(ICalComponent*, ICalDurationType*)' at i-cal-component.c:1122:1 has some indirect sub-type changes: + + parameter 2 of type 'ICalDurationType*' changed: + + pointed to type 'typedef ICalDurationType' changed at i-cal-forward-declarations.h:35:1, as reported earlier + + + + [C]'function void i_cal_component_set_recurrenceid(ICalComponent*, ICalTimetype*)' at i-cal-component.c:1394:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_object_construct(ICalObject*, gpointer, GDestroyNotify, gboolean, GObject*)' at i-cal-object.c:320:1 has some indirect sub-type changes: + + return type changed: + + entity changed from 'void' to 'typedef gpointer' at gtypes.h:103:1 + + type size changed from 0 to 64 (in bits) + + parameter 1 of type 'ICalObject*' changed: + + entity changed from 'ICalObject*' to 'typedef GType' at gtype.h:384:1 + + type size hasn't changed + + + + [C]'function gchar* i_cal_parser_get_line(ICalParser*, gchar* (gchar*, typedef size_t, void*)*)' at i-cal-parser.c:220:1 has some indirect sub-type changes: + + parameter 2 of type 'gchar* (gchar*, typedef size_t, void*)*' changed: + + entity changed from 'gchar* (gchar*, typedef size_t, void*)*' to compatible type 'typedef ICalParserLineGenFunc' at i-cal-parser.h:80:1 + + parameter 3 of type 'typedef gpointer' was added + + + + + + [C]'function ICalComponent* i_cal_parser_parse(ICalParser*, gchar* (gchar*, typedef size_t, void*)*)' at i-cal-parser.c:177:1 has some indirect sub-type changes: + + parameter 3 of type 'typedef gpointer' was added + + + + + + [C]'function ICalTimetype* i_cal_property_get_acknowledged(ICalProperty*)' at i-cal-derived-property.c:146:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_completed(ICalProperty*)' at i-cal-derived-property.c:1118:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_created(ICalProperty*)' at i-cal-derived-property.c:1292:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_datemax(ICalProperty*)' at i-cal-derived-property.c:1408:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_datemin(ICalProperty*)' at i-cal-derived-property.c:1466:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_dtend(ICalProperty*)' at i-cal-derived-property.c:1930:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_dtstamp(ICalProperty*)' at i-cal-derived-property.c:1988:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_dtstart(ICalProperty*)' at i-cal-derived-property.c:2046:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_due(ICalProperty*)' at i-cal-derived-property.c:2104:1 has some indirect sub-type changes: + + + + [C]'function ICalDurationType* i_cal_property_get_duration(ICalProperty*)' at i-cal-derived-property.c:2162:1 has some indirect sub-type changes: + + + + [C]'function ICalDurationType* i_cal_property_get_estimatedduration(ICalProperty*)' at i-cal-derived-property.c:2220:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_exdate(ICalProperty*)' at i-cal-derived-property.c:2278:1 has some indirect sub-type changes: + + + + [C]'function ICalRecurrenceType* i_cal_property_get_exrule(ICalProperty*)' at i-cal-derived-property.c:2391:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef ICalRecurrenceType' at i-cal-forward-declarations.h:42:1: + + typedef name changed from ICalRecurrenceType to ICalRecurrence at i-cal-forward-declarations.h:42:1 + + underlying type 'struct _ICalRecurrenceType' at i-cal-recurrence-type.h:63:1 changed: + + type name changed from '_ICalRecurrenceType' to '_ICalRecurrence' + + type size hasn't changed + + + + no data member change (1 filtered); + + + + [C]'function ICalPeriodType* i_cal_property_get_freebusy(ICalProperty*)' at i-cal-derived-property.c:2449:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef ICalPeriodType' at i-cal-forward-declarations.h:39:1: + + typedef name changed from ICalPeriodType to ICalPeriod at i-cal-forward-declarations.h:39:1 + + underlying type 'struct _ICalPeriodType' at i-cal-period-type.h:63:1 changed: + + type name changed from '_ICalPeriodType' to '_ICalPeriod' + + type size hasn't changed + + + + no data member change (1 filtered); + + + + [C]'function ICalGeoType* i_cal_property_get_geo(ICalProperty*)' at i-cal-derived-property.c:2507:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef ICalGeoType' at i-cal-forward-declarations.h:36:1: + + typedef name changed from ICalGeoType to ICalGeo at i-cal-forward-declarations.h:36:1 + + underlying type 'struct _ICalGeoType' at i-cal-geo-type.h:63:1 changed: + + type name changed from '_ICalGeoType' to '_ICalGeo' + + type size hasn't changed + + + + no data member change (1 filtered); + + + + [C]'function ICalTimetype* i_cal_property_get_lastmodified(ICalProperty*)' at i-cal-derived-property.c:2681:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_maxdate(ICalProperty*)' at i-cal-derived-property.c:2852:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_property_get_mindate(ICalProperty*)' at i-cal-derived-property.c:3075:1 has some indirect sub-type changes: + + + + [C]'function ICalDatetimeperiodType* i_cal_property_get_rdate(ICalProperty*)' at i-cal-derived-property.c:4098:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef ICalDatetimeperiodType' at i-cal-forward-declarations.h:34:1: + + typedef name changed from ICalDatetimeperiodType to ICalDatetimeperiod at i-cal-forward-declarations.h:34:1 + + underlying type 'struct _ICalDatetimeperiodType' at i-cal-datetimeperiod-type.h:65:1 changed: + + type name changed from '_ICalDatetimeperiodType' to '_ICalDatetimeperiod' + + type size hasn't changed + + + + no data member change (1 filtered); + + + + [C]'function ICalTimetype* i_cal_property_get_recurrenceid(ICalProperty*)' at i-cal-derived-property.c:4330:1 has some indirect sub-type changes: + + + + [C]'function ICalReqstatType* i_cal_property_get_requeststatus(ICalProperty*)' at i-cal-derived-property.c:4617:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef ICalReqstatType' at i-cal-forward-declarations.h:43:1: + + typedef name changed from ICalReqstatType to ICalReqstat at i-cal-forward-declarations.h:43:1 + + underlying type 'struct _ICalReqstatType' at i-cal-reqstat-type.h:64:1 changed: + + type name changed from '_ICalReqstatType' to '_ICalReqstat' + + type size hasn't changed + + + + no data member change (1 filtered); + + + + [C]'function ICalRecurrenceType* i_cal_property_get_rrule(ICalProperty*)' at i-cal-derived-property.c:4846:1 has some indirect sub-type changes: + + + + [C]'function ICalTriggerType* i_cal_property_get_trigger(ICalProperty*)' at i-cal-derived-property.c:5356:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef ICalTriggerType' at i-cal-forward-declarations.h:47:1: + + typedef name changed from ICalTriggerType to ICalTrigger at i-cal-forward-declarations.h:47:1 + + underlying type 'struct _ICalTriggerType' at i-cal-trigger-type.h:63:1 changed: + + type name changed from '_ICalTriggerType' to '_ICalTrigger' + + type size hasn't changed + + + + no data member change (1 filtered); + + + + [C]'function ICalTimetype* i_cal_property_get_tzuntil(ICalProperty*)' at i-cal-derived-property.c:5698:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_acknowledged(ICalTimetype*)' at i-cal-derived-property.c:107:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + pointed to type 'typedef ICalTimetype' changed at i-cal-forward-declarations.h:45:1, as reported earlier + + + + [C]'function ICalProperty* i_cal_property_new_completed(ICalTimetype*)' at i-cal-derived-property.c:1079:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_created(ICalTimetype*)' at i-cal-derived-property.c:1253:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_datemax(ICalTimetype*)' at i-cal-derived-property.c:1369:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_datemin(ICalTimetype*)' at i-cal-derived-property.c:1427:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_dtend(ICalTimetype*)' at i-cal-derived-property.c:1891:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_dtstamp(ICalTimetype*)' at i-cal-derived-property.c:1949:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_dtstart(ICalTimetype*)' at i-cal-derived-property.c:2007:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_due(ICalTimetype*)' at i-cal-derived-property.c:2065:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_duration(ICalDurationType*)' at i-cal-derived-property.c:2123:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalDurationType*' changed: + + pointed to type 'typedef ICalDurationType' changed at i-cal-forward-declarations.h:35:1, as reported earlier + + + + [C]'function ICalProperty* i_cal_property_new_estimatedduration(ICalDurationType*)' at i-cal-derived-property.c:2181:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_exdate(ICalTimetype*)' at i-cal-derived-property.c:2239:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_exrule(ICalRecurrenceType*)' at i-cal-derived-property.c:2352:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalRecurrenceType*' changed: + + pointed to type 'typedef ICalRecurrenceType' changed at i-cal-forward-declarations.h:42:1, as reported earlier + + + + [C]'function ICalProperty* i_cal_property_new_freebusy(ICalPeriodType*)' at i-cal-derived-property.c:2410:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalPeriodType*' changed: + + pointed to type 'typedef ICalPeriodType' changed at i-cal-forward-declarations.h:39:1, as reported earlier + + + + [C]'function ICalProperty* i_cal_property_new_geo(ICalGeoType*)' at i-cal-derived-property.c:2468:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalGeoType*' changed: + + pointed to type 'typedef ICalGeoType' changed at i-cal-forward-declarations.h:36:1, as reported earlier + + + + [C]'function ICalProperty* i_cal_property_new_lastmodified(ICalTimetype*)' at i-cal-derived-property.c:2642:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_maxdate(ICalTimetype*)' at i-cal-derived-property.c:2813:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_mindate(ICalTimetype*)' at i-cal-derived-property.c:3036:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_rdate(ICalDatetimeperiodType*)' at i-cal-derived-property.c:4059:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalDatetimeperiodType*' changed: + + pointed to type 'typedef ICalDatetimeperiodType' changed at i-cal-forward-declarations.h:34:1, as reported earlier + + + + [C]'function ICalProperty* i_cal_property_new_recurrenceid(ICalTimetype*)' at i-cal-derived-property.c:4291:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_requeststatus(ICalReqstatType*)' at i-cal-derived-property.c:4578:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalReqstatType*' changed: + + pointed to type 'typedef ICalReqstatType' changed at i-cal-forward-declarations.h:43:1, as reported earlier + + + + [C]'function ICalProperty* i_cal_property_new_rrule(ICalRecurrenceType*)' at i-cal-derived-property.c:4807:1 has some indirect sub-type changes: + + + + [C]'function ICalProperty* i_cal_property_new_trigger(ICalTriggerType*)' at i-cal-derived-property.c:5317:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTriggerType*' changed: + + pointed to type 'typedef ICalTriggerType' changed at i-cal-forward-declarations.h:49:1, as reported earlier + + + + [C]'function ICalProperty* i_cal_property_new_tzuntil(ICalTimetype*)' at i-cal-derived-property.c:5659:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_acknowledged(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:125:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_completed(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:1097:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_created(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:1271:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_datemax(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:1387:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_datemin(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:1445:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_dtend(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:1909:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_dtstamp(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:1967:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_dtstart(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:2025:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_due(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:2083:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_duration(ICalProperty*, ICalDurationType*)' at i-cal-derived-property.c:2141:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_estimatedduration(ICalProperty*, ICalDurationType*)' at i-cal-derived-property.c:2199:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_exdate(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:2257:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_exrule(ICalProperty*, ICalRecurrenceType*)' at i-cal-derived-property.c:2370:1 has some indirect sub-type changes: + + parameter 2 of type 'ICalRecurrenceType*' changed: + + pointed to type 'typedef ICalRecurrenceType' changed at i-cal-forward-declarations.h:42:1, as reported earlier + + + + [C]'function void i_cal_property_set_freebusy(ICalProperty*, ICalPeriodType*)' at i-cal-derived-property.c:2428:1 has some indirect sub-type changes: + + parameter 2 of type 'ICalPeriodType*' changed: + + pointed to type 'typedef ICalPeriodType' changed at i-cal-forward-declarations.h:39:1, as reported earlier + + + + [C]'function void i_cal_property_set_geo(ICalProperty*, ICalGeoType*)' at i-cal-derived-property.c:2486:1 has some indirect sub-type changes: + + parameter 2 of type 'ICalGeoType*' changed: + + pointed to type 'typedef ICalGeoType' changed at i-cal-forward-declarations.h:36:1, as reported earlier + + + + [C]'function void i_cal_property_set_lastmodified(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:2660:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_maxdate(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:2831:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_mindate(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:3054:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_rdate(ICalProperty*, ICalDatetimeperiodType*)' at i-cal-derived-property.c:4077:1 has some indirect sub-type changes: + + parameter 2 of type 'ICalDatetimeperiodType*' changed: + + pointed to type 'typedef ICalDatetimeperiodType' changed at i-cal-forward-declarations.h:34:1, as reported earlier + + + + [C]'function void i_cal_property_set_recurrenceid(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:4309:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_requeststatus(ICalProperty*, ICalReqstatType*)' at i-cal-derived-property.c:4596:1 has some indirect sub-type changes: + + parameter 2 of type 'ICalReqstatType*' changed: + + pointed to type 'typedef ICalReqstatType' changed at i-cal-forward-declarations.h:43:1, as reported earlier + + + + [C]'function void i_cal_property_set_rrule(ICalProperty*, ICalRecurrenceType*)' at i-cal-derived-property.c:4825:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_property_set_trigger(ICalProperty*, ICalTriggerType*)' at i-cal-derived-property.c:5335:1 has some indirect sub-type changes: + + parameter 2 of type 'ICalTriggerType*' changed: + + pointed to type 'typedef ICalTriggerType' changed at i-cal-forward-declarations.h:49:1, as reported earlier + + + + [C]'function void i_cal_property_set_tzuntil(ICalProperty*, ICalTimetype*)' at i-cal-derived-property.c:5677:1 has some indirect sub-type changes: + + + + [C]'function ICalRecurIterator* i_cal_recur_iterator_new(ICalRecurrenceType*, ICalTimetype*)' at i-cal-recur-iterator.c:81:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_recur_iterator_next(ICalRecurIterator*)' at i-cal-recur-iterator.c:102:1 has some indirect sub-type changes: + + + + [C]'function gint i_cal_recur_iterator_set_start(ICalRecurIterator*, ICalTimetype*)' at i-cal-recur-iterator.c:124:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_time_add(ICalTimetype*, ICalDurationType*)' at i-cal-time.c:831:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_time_adjust(ICalTimetype*, const gint, const gint, const gint, const gint)' at i-cal-time.c:596:1 has some indirect sub-type changes: + + + + [C]'function time_t i_cal_time_as_timet(ICalTimetype*)' at i-cal-time.c:250:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + + + [C]'function gint i_cal_time_compare(ICalTimetype*, ICalTimetype*)' at i-cal-time.c:525:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + parameter 2 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + + + [C]'function gint i_cal_time_compare_date_only(ICalTimetype*, ICalTimetype*)' at i-cal-time.c:547:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + parameter 2 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + + + [C]'function gint i_cal_time_compare_date_only_tz(ICalTimetype*, ICalTimetype*, ICalTimezone*)' at i-cal-time.c:570:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + parameter 2 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + + + [C]'function ICalTimetype* i_cal_time_convert_to_zone(ICalTimetype*, ICalTimezone*)' at i-cal-time.c:661:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + + + [C]'function gint i_cal_time_day_of_week(ICalTimetype*)' at i-cal-time.c:389:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + + + [C]'function gint i_cal_time_day_of_year(ICalTimetype*)' at i-cal-time.c:370:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + + + [C]'function ICalTimetype* i_cal_time_normalize(ICalTimetype*)' at i-cal-time.c:619:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + + + [C]'function ICalTimeSpan* i_cal_time_span_new(ICalTimetype*, ICalTimetype*, gint)' at i-cal-time.c:764:1 has some indirect sub-type changes: + + + + [C]'function gint i_cal_time_start_doy_week(ICalTimetype*, gint)' at i-cal-time.c:409:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + + + [C]'function ICalDurationType* i_cal_time_subtract(ICalTimetype*, ICalTimetype*)' at i-cal-time.c:853:1 has some indirect sub-type changes: + + + + [C]'function gint i_cal_time_week_number(ICalTimetype*)' at i-cal-time.c:429:1 has some indirect sub-type changes: + + parameter 1 of type 'ICalTimetype*' changed: + + in pointed to type 'typedef ICalTimetype': + + entity changed from 'typedef ICalTimetype' to 'const ICalTime' + + type size hasn't changed + + + + [C]'function void i_cal_timezone_get_utc_offset(ICalTimezone*, ICalTimetype*, gint*)' at i-cal-timezone.c:469:1 has some indirect sub-type changes: + + return type changed: + + entity changed from 'void' to compatible type 'typedef gint' at gtypes.h:49:1 + + type name changed from 'void' to 'int' + + type size changed from 0 to 32 (in bits) + + + + [C]'function void i_cal_timezone_get_utc_offset_of_utc_time(ICalTimezone*, ICalTimetype*, gint*)' at i-cal-timezone.c:497:1 has some indirect sub-type changes: + + return type changed: + + entity changed from 'void' to compatible type 'typedef gint' at gtypes.h:49:1 + + type name changed from 'void' to 'int' + + type size changed from 0 to 32 (in bits) + + + + [C]'function ICalTimetype* i_cal_value_get_date(ICalValue*)' at i-cal-derived-value.c:1806:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_value_get_datetime(ICalValue*)' at i-cal-derived-value.c:261:1 has some indirect sub-type changes: + + + + [C]'function ICalTimetype* i_cal_value_get_datetimedate(ICalValue*)' at i-cal-derived-value.c:319:1 has some indirect sub-type changes: + + + + [C]'function ICalDatetimeperiodType* i_cal_value_get_datetimeperiod(ICalValue*)' at i-cal-derived-value.c:377:1 has some indirect sub-type changes: + + + + [C]'function ICalDurationType* i_cal_value_get_duration(ICalValue*)' at i-cal-derived-value.c:1296:1 has some indirect sub-type changes: + + + + [C]'function ICalGeoType* i_cal_value_get_geo(ICalValue*)' at i-cal-derived-value.c:435:1 has some indirect sub-type changes: + + + + [C]'function ICalPeriodType* i_cal_value_get_period(ICalValue*)' at i-cal-derived-value.c:1067:1 has some indirect sub-type changes: + + + + [C]'function ICalRecurrenceType* i_cal_value_get_recur(ICalValue*)' at i-cal-derived-value.c:145:1 has some indirect sub-type changes: + + + + [C]'function ICalReqstatType* i_cal_value_get_requeststatus(ICalValue*)' at i-cal-derived-value.c:1748:1 has some indirect sub-type changes: + + + + [C]'function ICalTriggerType* i_cal_value_get_trigger(ICalValue*)' at i-cal-derived-value.c:203:1 has some indirect sub-type changes: + + + + [C]'function ICalValue* i_cal_value_new_date(ICalTimetype*)' at i-cal-derived-value.c:1787:1 has some indirect sub-type changes: + + + + [C]'function ICalValue* i_cal_value_new_datetime(ICalTimetype*)' at i-cal-derived-value.c:242:1 has some indirect sub-type changes: + + + + [C]'function ICalValue* i_cal_value_new_datetimedate(ICalTimetype*)' at i-cal-derived-value.c:300:1 has some indirect sub-type changes: + + + + [C]'function ICalValue* i_cal_value_new_datetimeperiod(ICalDatetimeperiodType*)' at i-cal-derived-value.c:358:1 has some indirect sub-type changes: + + + + [C]'function ICalValue* i_cal_value_new_duration(ICalDurationType*)' at i-cal-derived-value.c:1277:1 has some indirect sub-type changes: + + + + [C]'function ICalValue* i_cal_value_new_geo(ICalGeoType*)' at i-cal-derived-value.c:416:1 has some indirect sub-type changes: + + + + [C]'function ICalValue* i_cal_value_new_period(ICalPeriodType*)' at i-cal-derived-value.c:1048:1 has some indirect sub-type changes: + + + + [C]'function ICalValue* i_cal_value_new_recur(ICalRecurrenceType*)' at i-cal-derived-value.c:126:1 has some indirect sub-type changes: + + + + [C]'function ICalValue* i_cal_value_new_requeststatus(ICalReqstatType*)' at i-cal-derived-value.c:1729:1 has some indirect sub-type changes: + + + + [C]'function ICalValue* i_cal_value_new_trigger(ICalTriggerType*)' at i-cal-derived-value.c:184:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_value_set_date(ICalValue*, ICalTimetype*)' at i-cal-derived-value.c:1766:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_value_set_datetime(ICalValue*, ICalTimetype*)' at i-cal-derived-value.c:221:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_value_set_datetimedate(ICalValue*, ICalTimetype*)' at i-cal-derived-value.c:279:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_value_set_datetimeperiod(ICalValue*, ICalDatetimeperiodType*)' at i-cal-derived-value.c:337:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_value_set_duration(ICalValue*, ICalDurationType*)' at i-cal-derived-value.c:1256:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_value_set_geo(ICalValue*, ICalGeoType*)' at i-cal-derived-value.c:395:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_value_set_period(ICalValue*, ICalPeriodType*)' at i-cal-derived-value.c:1027:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_value_set_recur(ICalValue*, ICalRecurrenceType*)' at i-cal-derived-value.c:105:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_value_set_requeststatus(ICalValue*, ICalReqstatType*)' at i-cal-derived-value.c:1708:1 has some indirect sub-type changes: + + + + [C]'function void i_cal_value_set_trigger(ICalValue*, ICalTriggerType*)' at i-cal-derived-value.c:163:1 has some indirect sub-type changes: + + + + + +1 Added function symbol not referenced by debug info: + + + + i_cal_time_new_null_time + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libid3tag_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libid3tag_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..c3d7f2bf82f0e06a4b343532a11e935594f0d23f --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libid3tag_all_result.md @@ -0,0 +1,38 @@ +# Functions changed info + +---------------diffs in libid3tag_libid3tag.so.0.3.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed, 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Added functions: + + + + 'function int id3_compat_fixup(id3_tag*)' {id3_compat_fixup} + + 'function const id3_compat* id3_compat_lookup(const char*, size_t)' {id3_compat_lookup} + + + +1 function with some indirect sub-type change: + + + + [C]'function const id3_frametype* id3_frametype_lookup(const char*, unsigned int)' at frametype.gperf:327:1 has some indirect sub-type changes: + + parameter 2 of type 'unsigned int' changed: + + entity changed from 'unsigned int' to compatible type 'typedef size_t' at stddef.h:216:1 + + type name changed from 'unsigned int' to 'unsigned long int' + + type size changed from 32 to 64 (in bits) + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libiscsi_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libiscsi_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..81b25ce2de73fcc394f3c6ed7ca9d58d319a0854 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libiscsi_all_result.md @@ -0,0 +1,132 @@ +# Functions changed info + +---------------diffs in libiscsi_libiscsi.so.9.0.0_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 0 Removed, 1 Changed (196 filtered out), 4 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +SONAME changed from 'libiscsi.so.8' to 'libiscsi.so.9' + + + +4 Added functions: + + + + 'function scsi_task* iscsi_extended_copy_sync(iscsi_context*, int, iscsi_data*)' {iscsi_extended_copy_sync} + + 'function scsi_task* iscsi_extended_copy_task(iscsi_context*, int, iscsi_data*, iscsi_command_cb, void*)' {iscsi_extended_copy_task} + + 'function scsi_task* iscsi_receive_copy_results_sync(iscsi_context*, int, int, int, int)' {iscsi_receive_copy_results_sync} + + 'function scsi_task* iscsi_receive_copy_results_task(iscsi_context*, int, int, int, int, iscsi_command_cb, void*)' {iscsi_receive_copy_results_task} + + + +1 function with some indirect sub-type change: + + + + [C]'function scsi_task* iscsi_compareandwrite_iov_sync(iscsi_context*, int, uint64_t, unsigned char*, uint32_t, int, int, int, int, int, int, scsi_iovec*, int)' at sync.c:1164:1 has some indirect sub-type changes: + + parameter 1 of type 'iscsi_context*' has sub-type changes: + + in pointed to type 'struct iscsi_context' at iscsi-private.h:68:1: + + type size changed from 51968 to 51904 (in bits) + + 1 data member deletion: + + 'iscsi_in_pdu* iscsi_context::inqueue', at offset 42624 (in bits) at iscsi-private.h:145:1 + + + + 1 data member insertion: + + 'int iscsi_context::tcp_nonblocking', at offset 41920 (in bits) at iscsi-private.h:112:1 + + 37 data member changes (5 filtered): + + 'int iscsi_context::current_phase' offset changed from 41920 to 41952 (in bits) (by +32 bits) + + 'int iscsi_context::next_phase' offset changed from 41952 to 41984 (in bits) (by +32 bits) + + 'int iscsi_context::secneg_phase' offset changed from 41984 to 42016 (in bits) (by +32 bits) + + 'int iscsi_context::login_attempts' offset changed from 42016 to 42048 (in bits) (by +32 bits) + + 'int iscsi_context::is_loggedin' offset changed from 42048 to 42080 (in bits) (by +32 bits) + + 'int iscsi_context::bind_interfaces_cnt' offset changed from 42080 to 42112 (in bits) (by +32 bits) + + 'int iscsi_context::nops_in_flight' offset changed from 42112 to 42144 (in bits) (by +32 bits) + + 'int iscsi_context::chap_a' offset changed from 42144 to 42176 (in bits) (by +32 bits) + + 'int iscsi_context::chap_i' offset changed from 42176 to 42208 (in bits) (by +32 bits) + + 'uint32_t iscsi_context::max_burst_length' offset changed from 42688 to 42624 (in bits) (by -64 bits) + + 'uint32_t iscsi_context::first_burst_length' offset changed from 42720 to 42656 (in bits) (by -64 bits) + + 'uint32_t iscsi_context::initiator_max_recv_data_segment_length' offset changed from 42752 to 42688 (in bits) (by -64 bits) + + 'uint32_t iscsi_context::target_max_recv_data_segment_length' offset changed from 42784 to 42720 (in bits) (by -64 bits) + + 'iscsi_initial_r2t iscsi_context::want_initial_r2t' offset changed from 42816 to 42752 (in bits) (by -64 bits) + + 'iscsi_initial_r2t iscsi_context::use_initial_r2t' offset changed from 42848 to 42784 (in bits) (by -64 bits) + + 'iscsi_immediate_data iscsi_context::want_immediate_data' offset changed from 42880 to 42816 (in bits) (by -64 bits) + + 'iscsi_immediate_data iscsi_context::use_immediate_data' offset changed from 42912 to 42848 (in bits) (by -64 bits) + + 'int iscsi_context::lun' offset changed from 42944 to 42880 (in bits) (by -64 bits) + + 'int iscsi_context::no_auto_reconnect' offset changed from 42976 to 42912 (in bits) (by -64 bits) + + 'int iscsi_context::reconnect_deferred' offset changed from 43008 to 42944 (in bits) (by -64 bits) + + 'int iscsi_context::reconnect_max_retries' offset changed from 43040 to 42976 (in bits) (by -64 bits) + + 'int iscsi_context::pending_reconnect' offset changed from 43072 to 43008 (in bits) (by -64 bits) + + 'int iscsi_context::log_level' offset changed from 43104 to 43040 (in bits) (by -64 bits) + + 'iscsi_log_fn iscsi_context::log_fn' offset changed from 43136 to 43072 (in bits) (by -64 bits) + + 'int iscsi_context::mallocs' offset changed from 43200 to 43136 (in bits) (by -64 bits) + + 'int iscsi_context::reallocs' offset changed from 43232 to 43168 (in bits) (by -64 bits) + + 'int iscsi_context::frees' offset changed from 43264 to 43200 (in bits) (by -64 bits) + + 'int iscsi_context::smallocs' offset changed from 43296 to 43232 (in bits) (by -64 bits) + + 'void* iscsi_context::smalloc_ptrs[128]' offset changed from 43328 to 43264 (in bits) (by -64 bits) + + 'int iscsi_context::smalloc_free' offset changed from 51520 to 51456 (in bits) (by -64 bits) + + 'size_t iscsi_context::smalloc_size' offset changed from 51584 to 51520 (in bits) (by -64 bits) + + 'int iscsi_context::cache_allocations' offset changed from 51648 to 51584 (in bits) (by -64 bits) + + 'time_t iscsi_context::next_reconnect' offset changed from 51712 to 51648 (in bits) (by -64 bits) + + 'int iscsi_context::scsi_timeout' offset changed from 51776 to 51712 (in bits) (by -64 bits) + + 'iscsi_context* iscsi_context::old_iscsi' offset changed from 51840 to 51776 (in bits) (by -64 bits) + + 'int iscsi_context::retry_cnt' offset changed from 51904 to 51840 (in bits) (by -64 bits) + + 'int iscsi_context::no_ua_on_reconnect' offset changed from 51936 to 51872 (in bits) (by -64 bits) + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libksba_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libksba_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..81bcc02b64d458facdad40c1d675e3211c0bbbd9 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libksba_all_result.md @@ -0,0 +1,68 @@ +# Functions changed info + +---------------diffs in libksba_libksba.so.8.12.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed (3 filtered out), 12 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +12 Added functions: + + + + 'function void ksba_der_add_bts(ksba_der_t, void*, size_t, unsigned int)' {ksba_der_add_bts@@KSBA_0.9} + + 'function void ksba_der_add_der(ksba_der_t, void*, size_t)' {ksba_der_add_der@@KSBA_0.9} + + 'function void ksba_der_add_end(ksba_der_t)' {ksba_der_add_end@@KSBA_0.9} + + 'function void ksba_der_add_int(ksba_der_t, void*, size_t, int)' {ksba_der_add_int@@KSBA_0.9} + + 'function void ksba_der_add_oid(ksba_der_t, const char*)' {ksba_der_add_oid@@KSBA_0.9} + + 'function void ksba_der_add_ptr(ksba_der_t, int, int, void*, size_t)' {ksba_der_add_ptr@@KSBA_0.9} + + 'function void ksba_der_add_tag(ksba_der_t, int, int)' {ksba_der_add_tag@@KSBA_0.9} + + 'function void ksba_der_add_val(ksba_der_t, int, int, void*, size_t)' {ksba_der_add_val@@KSBA_0.9} + + 'function gpg_error_t ksba_der_builder_get(ksba_der_t, unsigned char**, size_t*)' {ksba_der_builder_get@@KSBA_0.9} + + 'function ksba_der_t ksba_der_builder_new(unsigned int)' {ksba_der_builder_new@@KSBA_0.9} + + 'function void ksba_der_builder_reset(ksba_der_t)' {ksba_der_builder_reset@@KSBA_0.9} + + 'function void ksba_der_release(ksba_der_t)' {ksba_der_release@@KSBA_0.9} + + + +1 function with some indirect sub-type change: + + + + [C]'function gpg_error_t _ksba_keyinfo_from_sexp(ksba_const_sexp_t, unsigned char**, size_t*)' at keyinfo.c:940:1 has some indirect sub-type changes: + + parameter 2 of type 'unsigned char**' changed: + + entity changed from 'unsigned char**' to 'int' + + type size changed from 64 to 32 (in bits) + + parameter 3 of type 'size_t*' changed: + + in pointed to type 'typedef size_t': + + entity changed from 'typedef size_t' to 'unsigned char*' + + type size hasn't changed + + parameter 4 of type 'size_t*' was added + + + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libmpc_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libmpc_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..2ddd82b44b84c995b91c36d604f579d32db71c5a --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libmpc_all_result.md @@ -0,0 +1,20 @@ +# Functions changed info + +---------------diffs in libmpc_libmpc.so.3.2.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Added functions: + + + + 'function int mpc_dot(mpc_ptr, const mpc_ptr*, const mpc_ptr*, unsigned long int, mpc_rnd_t)' {mpc_dot} + + 'function int mpc_sum(mpc_ptr, const mpc_ptr*, unsigned long int, mpc_rnd_t)' {mpc_sum} + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libnet_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libnet_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..0ebde1ac038bbb0b540613f5c18012f61df18974 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libnet_all_result.md @@ -0,0 +1,84 @@ +# Functions changed info + +---------------diffs in libnet_libnet.so.9.0.0_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 1 Removed, 1 Changed (132 filtered out), 1 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +SONAME changed from 'libnet.so.1' to 'libnet.so.9' + + + +1 Removed function: + + + + 'function void __libnet_print_vers()' {__libnet_print_vers} + + + +1 Added function: + + + + 'function libnet_ptag_t libnet_build_ospfv2_hello_neighbor(uint32_t, uint16_t, uint8_t, uint8_t, uint32_t, uint32_t, uint32_t, uint32_t, const uint8_t*, uint32_t, libnet_t*, libnet_ptag_t)' {libnet_build_ospfv2_hello_neighbor} + + + +1 function with some indirect sub-type change: + + + + [C]'function int libnet_adv_cull_header(libnet_t*, libnet_ptag_t, uint8_t**, uint32_t*)' at libnet_advanced.c:53:1 has some indirect sub-type changes: + + parameter 1 of type 'libnet_t*' has sub-type changes: + + in pointed to type 'typedef libnet_t' at libnet-structures.h:229:1: + + underlying type 'struct libnet_context' at libnet-structures.h:186:1 changed: + + type size changed from 3200 to 3264 (in bits) + + 1 data member insertion: + + 'libnet_ether_addr libnet_context::link_addr', at offset 3200 (in bits) at libnet-structures.h:227:1 + + 1 data member change: + + type of 'libnet_stats libnet_context::stats' changed: + + type size hasn't changed + + 3 data member changes: + + + + + + type of 'uint64_t libnet_stats::bytes_written' changed: + + typedef name changed from uint64_t to __int64_t at types.h:43:1 + + underlying type 'typedef __uint64_t' at types.h:44:1 changed: + + entity changed from 'typedef __uint64_t' to compatible type 'long int' + + type name changed from 'unsigned long int' to 'long int' + + type size hasn't changed + + + + + + + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libpsl_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libpsl_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..8a885ec6258b59d8ee3ab482ce83d71bcc19ee0e --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libpsl_all_result.md @@ -0,0 +1,114 @@ +# Functions changed info + +---------------diffs in libpsl_libpsl.so.5.3.3_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 11 Changed (2 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +11 functions with some indirect sub-type change: + + + + [C]'function const psl_ctx_t* psl_builtin()' at psl.c:1365:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'const psl_ctx_t': + + in unqualified underlying type 'typedef psl_ctx_t' at libpsl.h:94:1: + + underlying type 'struct _psl_ctx_st' at psl.c:153:1 changed: + + type name changed from '_psl_ctx_st' to 'psl_ctx_st' + + type size hasn't changed + + + + 1 data member changes (6 filtered): + + type of '_psl_vector_t* _psl_ctx_st::suffixes' changed: + + in pointed to type 'typedef _psl_vector_t' at psl.c:151:1: + + typedef name changed from _psl_vector_t to psl_vector_t at psl.c:151:1 + + underlying type 'struct {int (const _psl_entry_t**, const _psl_entry_t**)* cmp; _psl_entry_t** entry; int max; int cur;}' at psl.c:143:1 changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'int (const _psl_entry_t**, const _psl_entry_t**)* cmp' changed: + + in pointed to type 'function type int (const _psl_entry_t**, const _psl_entry_t**)': + + parameter 1 of type 'const _psl_entry_t**' has sub-type changes: + + in pointed to type 'const _psl_entry_t*': + + in pointed to type 'const _psl_entry_t': + + 'const _psl_entry_t' changed to 'const psl_entry_t' + + + + and name of '_psl_ctx_st::suffixes' changed to 'psl_ctx_st::suffixes' at psl.c:155:1 + + + + [C]'function void psl_free(psl_ctx_t*)' at psl.c:1340:1 has some indirect sub-type changes: + + parameter 1 of type 'psl_ctx_t*' changed: + + pointed to type 'typedef psl_ctx_t' changed at libpsl.h:89:1, as reported earlier + + + + [C]'function int psl_is_cookie_domain_acceptable(const psl_ctx_t*, const char*, const char*)' at psl.c:1636:1 has some indirect sub-type changes: + + parameter 1 of type 'const psl_ctx_t*' changed: + + in pointed to type 'const psl_ctx_t': + + unqualified underlying type 'typedef psl_ctx_t' changed at libpsl.h:89:1, as reported earlier + + + + [C]'function int psl_is_public_suffix(const psl_ctx_t*, const char*)' at psl.c:990:1 has some indirect sub-type changes: + + + + [C]'function int psl_is_public_suffix2(const psl_ctx_t*, const char*, int)' at psl.c:1025:1 has some indirect sub-type changes: + + + + [C]'function psl_ctx_t* psl_latest(const char*)' at psl.c:1931:1 has some indirect sub-type changes: + + + + [C]'function psl_ctx_t* psl_load_file(const char*)' at psl.c:1155:1 has some indirect sub-type changes: + + + + [C]'function psl_ctx_t* psl_load_fp(FILE*)' at psl.c:1184:1 has some indirect sub-type changes: + + + + [C]'function int psl_suffix_count(const psl_ctx_t*)' at psl.c:1388:1 has some indirect sub-type changes: + + + + [C]'function int psl_suffix_exception_count(const psl_ctx_t*)' at psl.c:1411:1 has some indirect sub-type changes: + + + + [C]'function int psl_suffix_wildcard_count(const psl_ctx_t*)' at psl.c:1434:1 has some indirect sub-type changes: + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/librepo_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/librepo_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..c297c50b0a775aae0633d8d6126188568bbe41a8 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/librepo_all_result.md @@ -0,0 +1,18 @@ +# Functions changed info + +---------------diffs in librepo_librepo.so.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 1 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 Added function: + + + + 'function void ensure_socket_dir_exists()' {ensure_socket_dir_exists} + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libsecret_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libsecret_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..ae8e1c7237b1d8f700d1f6167667f7be89babec0 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libsecret_all_result.md @@ -0,0 +1,86 @@ +# Functions changed info + +---------------diffs in libsecret_libsecret-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 35 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +35 Added functions: + + + + 'function GType secret_backend_flags_get_type()' {secret_backend_flags_get_type} + + 'function void secret_backend_get(SecretBackendFlags, GCancellable*, GAsyncReadyCallback, gpointer)' {secret_backend_get} + + 'function SecretBackend* secret_backend_get_finish(GAsyncResult*, GError**)' {secret_backend_get_finish} + + 'function GType secret_backend_get_type()' {secret_backend_get_type} + + 'function GType secret_file_backend_get_type()' {secret_file_backend_get_type} + + 'function gboolean secret_file_collection_clear(SecretFileCollection*, GHashTable*, GError**)' {secret_file_collection_clear} + + 'function GType secret_file_collection_get_type()' {secret_file_collection_get_type} + + 'function gboolean secret_file_collection_replace(SecretFileCollection*, GHashTable*, const gchar*, SecretValue*, GError**)' {secret_file_collection_replace} + + 'function GList* secret_file_collection_search(SecretFileCollection*, GHashTable*)' {secret_file_collection_search} + + 'function void secret_file_collection_write(SecretFileCollection*, GCancellable*, GAsyncReadyCallback, gpointer)' {secret_file_collection_write} + + 'function gboolean secret_file_collection_write_finish(SecretFileCollection*, GAsyncResult*, GError**)' {secret_file_collection_write_finish} + + 'function SecretFileItem* secret_file_item_deserialize(GVariant*)' {secret_file_item_deserialize} + + 'function GType secret_file_item_get_type()' {secret_file_item_get_type} + + 'function GVariant* secret_file_item_serialize(SecretFileItem*)' {secret_file_item_serialize} + + 'function SecretValue* secret_password_lookup_binary_finish(GAsyncResult*, GError**)' {secret_password_lookup_binary_finish} + + 'function SecretValue* secret_password_lookup_binary_sync(const SecretSchema*, GCancellable*, GError**, ...)' {secret_password_lookup_binary_sync} + + 'function SecretValue* secret_password_lookupv_binary_sync(const SecretSchema*, GHashTable*, GCancellable*, GError**)' {secret_password_lookupv_binary_sync} + + 'function void secret_password_search(const SecretSchema*, SecretSearchFlags, GCancellable*, GAsyncReadyCallback, gpointer, ...)' {secret_password_search} + + 'function GList* secret_password_search_finish(GAsyncResult*, GError**)' {secret_password_search_finish} + + 'function GList* secret_password_search_sync(const SecretSchema*, SecretSearchFlags, GCancellable*, GError**, ...)' {secret_password_search_sync} + + 'function void secret_password_searchv(const SecretSchema*, GHashTable*, SecretSearchFlags, GCancellable*, GAsyncReadyCallback, gpointer)' {secret_password_searchv} + + 'function GList* secret_password_searchv_sync(const SecretSchema*, GHashTable*, SecretSearchFlags, GCancellable*, GError**)' {secret_password_searchv_sync} + + 'function void secret_password_store_binary(const SecretSchema*, const gchar*, const gchar*, SecretValue*, GCancellable*, GAsyncReadyCallback, gpointer, ...)' {secret_password_store_binary} + + 'function gboolean secret_password_store_binary_sync(const SecretSchema*, const gchar*, const gchar*, SecretValue*, GCancellable*, GError**, ...)' {secret_password_store_binary_sync} + + 'function void secret_password_storev_binary(const SecretSchema*, GHashTable*, const gchar*, const gchar*, SecretValue*, GCancellable*, GAsyncReadyCallback, gpointer)' {secret_password_storev_binary} + + 'function gboolean secret_password_storev_binary_sync(const SecretSchema*, GHashTable*, const gchar*, const gchar*, SecretValue*, GCancellable*, GError**)' {secret_password_storev_binary_sync} + + 'function GHashTable* secret_retrievable_get_attributes(SecretRetrievable*)' {secret_retrievable_get_attributes} + + 'function guint64 secret_retrievable_get_created(SecretRetrievable*)' {secret_retrievable_get_created} + + 'function gchar* secret_retrievable_get_label(SecretRetrievable*)' {secret_retrievable_get_label} + + 'function guint64 secret_retrievable_get_modified(SecretRetrievable*)' {secret_retrievable_get_modified} + + 'function GType secret_retrievable_get_type()' {secret_retrievable_get_type} + + 'function void secret_retrievable_retrieve_secret(SecretRetrievable*, GCancellable*, GAsyncReadyCallback, gpointer)' {secret_retrievable_retrieve_secret} + + 'function SecretValue* secret_retrievable_retrieve_secret_finish(SecretRetrievable*, GAsyncResult*, GError**)' {secret_retrievable_retrieve_secret_finish} + + 'function SecretValue* secret_retrievable_retrieve_secret_sync(SecretRetrievable*, GCancellable*, GError**)' {secret_retrievable_retrieve_secret_sync} + + 'function gchar* secret_value_unref_to_password(SecretValue*, gsize*)' {secret_value_unref_to_password} + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libvma_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libvma_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..848a6b41d29011a4dd1f0f4bb605b6b9fa3d2a73 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libvma_all_result.md @@ -0,0 +1,296 @@ +# Functions changed info + +---------------diffs in libvma_libvma.so.8.9.4_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 5 Changed (274 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed (13 filtered out), 0 Added variables + + + +5 functions with some indirect sub-type change: + + + + [C]'function void Floyd_LogCircleInfo(Node)' at buffer_pool.cpp:234:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef Node' has sub-type changes: + + underlying type 'mem_buf_desc_t*' changed: + + in pointed to type 'class mem_buf_desc_t' at mem_buf_desc.h:60:1: + + type size hasn't changed + + 1 data member changes (2 filtered): + + type of 'ring_slave* mem_buf_desc_t::p_desc_owner' changed: + + in pointed to type 'class ring_slave' at ring_slave.h:159:1: + + type size hasn't changed + + 1 base class change: + + 'class ring' at ring.h:73:1 changed: + + type size hasn't changed + + 1 member function changes (10 filtered): + + 'method virtual bool ring::attach_flow(flow_tuple&, pkt_rcvr_sink*)' has some sub-type changes: + + parameter 2 of type 'pkt_rcvr_sink*' has sub-type changes: + + in pointed to type 'class pkt_rcvr_sink' at pkt_rcvr_sink.h:52:1: + + type size hasn't changed + + 1 member function changes (2 filtered): + + 'method virtual void pkt_rcvr_sink::rx_add_ring_cb(flow_tuple_with_local_if&, ring*, bool)' has some sub-type changes: + + parameter 2 of type 'ring*' has sub-type changes: + + pointed to type 'class ring' changed; details are being reported + + + + + + no data member change (1 filtered); + + + + no member function changes (6 filtered); + + + + no data member changes (5 filtered); + + + + + + [C]'method uint32_t buffer_pool::find_lkey_by_ib_ctx_thread_safe(ib_ctx_handler*)' at buffer_pool.h:60:1 has some indirect sub-type changes: + + parameter 1 of type 'ib_ctx_handler*' has sub-type changes: + + in pointed to type 'class ib_ctx_handler' at ib_ctx_handler.h:57:1: + + type size hasn't changed + + 1 data member changes (6 filtered): + + type of 'vma_ibv_device_attr_ex* ib_ctx_handler::m_p_ibv_device_attr' changed: + + in pointed to type 'typedef vma_ibv_device_attr_ex' at verbs_extra.h:144:1: + + underlying type 'struct ibv_device_attr_ex' at verbs.h:296:1 changed: + + type size changed from 3072 to 3200 (in bits) + + 2 data member insertions: + + 'ibv_pci_atomic_caps ibv_device_attr_ex::pci_atomic_caps', at offset 3072 (in bits) at verbs.h:331:1 + + 'uint32_t ibv_device_attr_ex::xrc_odp_caps', at offset 3136 (in bits) at verbs.h:332:1 + + + + + + [C]'method virtual void cq_mgr::add_qp_rx(qp_mgr*)' at cq_mgr.cpp:244:1 has some indirect sub-type changes: + + parameter 1 of type 'qp_mgr*' has sub-type changes: + + in pointed to type 'class qp_mgr' at qp_mgr.h:94:1: + + type size hasn't changed + + 2 member function changes (4 filtered): + + 'method virtual int qp_mgr::prepare_ibv_qp(vma_ibv_qp_init_attr&)' has some sub-type changes: + + parameter 1 of type 'vma_ibv_qp_init_attr&' has sub-type changes: + + in referenced type 'typedef vma_ibv_qp_init_attr' at verbs_extra.h:126:1: + + underlying type 'struct ibv_qp_init_attr_ex' at verbs.h:877:1 changed: + + type size changed from 1024 to 1088 (in bits) + + 1 data member insertion: + + 'uint64_t ibv_qp_init_attr_ex::send_ops_flags', at offset 1024 (in bits) at verbs.h:949:1 + + no data member changes (6 filtered); + + + + 'method virtual cq_mgr* qp_mgr::init_rx_cq_mgr(ibv_comp_channel*)' has some sub-type changes: + + return type changed: + + in pointed to type 'class cq_mgr' at cq_mgr.h:95:1: + + type size hasn't changed + + no member function changes (5 filtered); + + + + 1 data member changes (7 filtered): + + type of 'ring_simple* cq_mgr::m_p_ring' changed: + + in pointed to type 'class ring_simple' at ring_simple.h:58:1: + + type size hasn't changed + + 1 base class change: + + 'class ring_slave' at ring_slave.h:159:1 changed: + + details were reported earlier + + + + no member function changes (9 filtered); + + + + no data member changes (6 filtered); + + + + + + no data member changes (7 filtered); + + + + [C]'method sockinfo_tcp* sockinfo_tcp::accept_clone()' at sockinfo_tcp.cpp:2695:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'class sockinfo_tcp' at sockinfo_tcp.h:116:1: + + type size hasn't changed + + 1 base class change: + + 'class sockinfo' at sockinfo.h:157:1 changed: + + type size hasn't changed + + 1 base class changes (1 filtered): + + 'class pkt_rcvr_sink' at pkt_rcvr_sink.h:52:1 changed: + + details were reported earlier + + + + no member function changes (10 filtered); + + + + no data member changes (5 filtered); + + + + no member function changes (7 filtered); + + + + no data member changes (2 filtered); + + + + [C]'function int vma_ib_mlx5dv_init_obj(mlx5dv_obj*, uint64_t)' at ib_mlx5_dv.cpp:41:1 has some indirect sub-type changes: + + parameter 1 of type 'mlx5dv_obj*' has sub-type changes: + + in pointed to type 'struct mlx5dv_obj' at mlx5dv.h:495:1: + + type size changed from 768 to 896 (in bits) + + 1 data member insertion: + + 'struct {ibv_pd* in; mlx5dv_pd* out;} mlx5dv_obj::pd', at offset 768 (in bits) at mlx5dv.h:523:1 + + 3 data member changes (3 filtered): + + type of 'struct {ibv_qp* in; mlx5dv_qp* out;} mlx5dv_obj::qp' changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'mlx5dv_qp* out' changed: + + in pointed to type 'struct mlx5dv_qp' at mlx5dv.h:406:1: + + type size changed from 576 to 768 (in bits) + + 5 data member insertions: + + 'uint32_t mlx5dv_qp::tirn', at offset 576 (in bits) at mlx5dv.h:424:1 + + 'uint32_t mlx5dv_qp::tisn', at offset 608 (in bits) at mlx5dv.h:425:1 + + 'uint32_t mlx5dv_qp::rqn', at offset 640 (in bits) at mlx5dv.h:426:1 + + 'uint32_t mlx5dv_qp::sqn', at offset 672 (in bits) at mlx5dv.h:427:1 + + 'uint64_t mlx5dv_qp::tir_icm_addr', at offset 704 (in bits) at mlx5dv.h:428:1 + + + + + + type of 'struct {ibv_srq* in; mlx5dv_srq* out;} mlx5dv_obj::srq' changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'mlx5dv_srq* out' changed: + + in pointed to type 'struct mlx5dv_srq' at mlx5dv.h:445:1: + + type size changed from 320 to 384 (in bits) + + 1 data member insertion: + + 'uint32_t mlx5dv_srq::srqn', at offset 320 (in bits) at mlx5dv.h:452:1 + + + + + + type of 'struct {ibv_dm* in; mlx5dv_dm* out;} mlx5dv_obj::dm' changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'mlx5dv_dm* out' changed: + + in pointed to type 'struct mlx5dv_dm' at mlx5dv.h:472:1: + + type size changed from 192 to 256 (in bits) + + 1 data member insertion: + + 'uint64_t mlx5dv_dm::remote_va', at offset 192 (in bits) at mlx5dv.h:476:1 + + + + + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libwebsockets_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libwebsockets_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..52672efe01795ea08cea1027cf1e4ad555dab630 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libwebsockets_all_result.md @@ -0,0 +1,2668 @@ +# Functions changed info + +---------------diffs in libwebsockets_libwebsockets.so.16_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 39 Removed, 19 Changed (100 filtered out), 274 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added (3 filtered out) variables + + + +SONAME changed from 'libwebsockets.so.12' to 'libwebsockets.so.16' + + + +39 Removed functions: + + + + [D] 'function int interface_to_sa(lws_vhost*, const char*, sockaddr_in*, size_t)' {interface_to_sa} + + [D] 'function int lws_alloc_vfs_file(lws_context*, const char*, uint8_t**, lws_filepos_t*)' {lws_alloc_vfs_file} + + [D] 'function lws* lws_client_connect(lws_context*, const char*, int, int, const char*, const char*, const char*, const char*, int)' {lws_client_connect} + + [D] 'function lws* lws_client_connect_extended(lws_context*, const char*, int, int, const char*, const char*, const char*, const char*, int, void*)' {lws_client_connect_extended} + + [D] 'function void lws_context_destroy2(lws_context*)' {lws_context_destroy2} + + [D] 'function void lws_context_init_extensions(lws_context_creation_info*, lws_context*)' {lws_context_init_extensions} + + [D] 'function int lws_context_init_server_ssl(lws_context_creation_info*, lws_vhost*)' {lws_context_init_server_ssl} + + [D] 'function int lws_ext_parse_options(const lws_extension*, lws*, void*, const lws_ext_options*, const char*, int)' {lws_ext_parse_options} + + [D] 'function int lws_extension_callback_pm_deflate(lws_context*, const lws_extension*, lws*, lws_extension_callback_reasons, void*, void*, size_t)' {lws_extension_callback_pm_deflate} + + [D] 'function int lws_plat_change_pollfd(lws_context*, lws*, pollfd*)' {lws_plat_change_pollfd} + + [D] 'function int lws_plat_check_connection_error(lws*)' {lws_plat_check_connection_error} + + [D] 'function void lws_plat_context_early_destroy(lws_context*)' {lws_plat_context_early_destroy} + + [D] 'function int lws_plat_context_early_init()' {lws_plat_context_early_init} + + [D] 'function void lws_plat_context_late_destroy(lws_context*)' {lws_plat_context_late_destroy} + + [D] 'function void lws_plat_delete_socket_from_fds(lws_context*, lws*, int)' {lws_plat_delete_socket_from_fds} + + [D] 'function void lws_plat_drop_app_privileges(lws_context_creation_info*)' {lws_plat_drop_app_privileges} + + [D] 'function const char* lws_plat_inet_ntop(int, void*, char*, int)' {lws_plat_inet_ntop} + + [D] 'function int lws_plat_inet_pton(int, const char*, void*)' {lws_plat_inet_pton} + + [D] 'function int lws_plat_init(lws_context*, lws_context_creation_info*)' {lws_plat_init} + + [D] 'function void lws_plat_insert_socket_into_fds(lws_context*, lws*)' {lws_plat_insert_socket_into_fds} + + [D] 'function int lws_plat_service(lws_context*, int)' {lws_plat_service} + + [D] 'function void lws_plat_service_periodic(lws_context*)' {lws_plat_service_periodic} + + [D] 'function int lws_plat_set_socket_options(lws_vhost*, int)' {lws_plat_set_socket_options} + + [D] 'function int lws_poll_listen_fd(pollfd*)' {lws_poll_listen_fd} + + [D] 'function int lws_read(lws*, unsigned char*, lws_filepos_t)' {lws_read} + + [D] 'function void lws_server_get_canonical_hostname(lws_context*, lws_context_creation_info*)' {lws_server_get_canonical_hostname} + + [D] 'function int lws_server_socket_service(lws_context*, lws*, pollfd*)' {lws_server_socket_service} + + [D] 'function int lws_server_socket_service_ssl(lws*, lws_sockfd_type)' {lws_server_socket_service_ssl} + + [D] 'function void lws_set_parent_carries_io(lws*)' {lws_set_parent_carries_io} + + [D] 'function int lws_ssl_capable_read(lws*, unsigned char*, int)' {lws_ssl_capable_read} + + [D] 'function int lws_ssl_capable_read_no_ssl(lws*, unsigned char*, int)' {lws_ssl_capable_read_no_ssl} + + [D] 'function int lws_ssl_capable_write(lws*, unsigned char*, int)' {lws_ssl_capable_write} + + [D] 'function int lws_ssl_capable_write_no_ssl(lws*, unsigned char*, int)' {lws_ssl_capable_write_no_ssl} + + [D] 'function int lws_ssl_close(lws*)' {lws_ssl_close} + + [D] 'function void lws_ssl_destroy(lws_vhost*)' {lws_ssl_destroy} + + [D] 'function int lws_ssl_pending(lws*)' {lws_ssl_pending} + + [D] 'function int lws_ssl_pending_no_ssl(lws*)' {lws_ssl_pending_no_ssl} + + [D] 'function void lws_union_transition(lws*, connection_mode)' {lws_union_transition} + + [D] 'function lws_vhost* lws_vhost_get(lws*)' {lws_vhost_get} + + + +274 Added functions: + + + + [A] 'function int __lws_sul_insert(lws_dll2_owner_t*, lws_sorted_usec_list_t*, lws_usec_t)' {__lws_sul_insert} + + [A] 'function lws_usec_t __lws_sul_service_ripe(lws_dll2_owner_t*, lws_usec_t)' {__lws_sul_service_ripe} + + [A] 'function int __lws_system_attach(lws_context*, int, lws_attach_cb_t, lws_system_states_t, void*, lws_attach_item**)' {__lws_system_attach} + + [A] 'function void lejp_change_callback(lejp_ctx*, signed char (lejp_ctx*, char)*)' {lejp_change_callback} + + [A] 'function void lejp_check_path_match(lejp_ctx*)' {lejp_check_path_match} + + [A] 'function void lejp_construct(lejp_ctx*, signed char (lejp_ctx*, char)*, void*, const char* const*, unsigned char)' {lejp_construct} + + [A] 'function void lejp_destruct(lejp_ctx*)' {lejp_destruct} + + [A] 'function const char* lejp_error_to_string(int)' {lejp_error_to_string} + + [A] 'function int lejp_get_wildcard(lejp_ctx*, int, char*, int)' {lejp_get_wildcard} + + [A] 'function int lejp_parse(lejp_ctx*, const unsigned char*, int)' {lejp_parse} + + [A] 'function int lejp_parser_pop(lejp_ctx*)' {lejp_parser_pop} + + [A] 'function int lejp_parser_push(lejp_ctx*, void*, const char* const*, unsigned char, lejp_callback)' {lejp_parser_push} + + [A] 'function int lws_add_http_common_headers(lws*, unsigned int, const char*, lws_filepos_t, unsigned char**, unsigned char*)' {lws_add_http_common_headers} + + [A] 'function lws* lws_adopt_descriptor_vhost_via_info(const lws_adopt_desc_t*)' {lws_adopt_descriptor_vhost_via_info} + + [A] 'function void lws_b64_decode_state_init(lws_b64state*)' {lws_b64_decode_state_init} + + [A] 'function int lws_b64_decode_stateful(lws_b64state*, const char*, size_t*, uint8_t*, size_t*, int)' {lws_b64_decode_stateful} + + [A] 'function int lws_b64_decode_string_len(const char*, int, char*, int)' {lws_b64_decode_string_len} + + [A] 'function int lws_b64_encode_string_url(const char*, int, char*, int)' {lws_b64_encode_string_url} + + [A] 'function int lws_base64_size(int)' {lws_base64_size} + + [A] 'function int lws_buflist_append_segment(lws_buflist**, const uint8_t*, size_t)' {lws_buflist_append_segment} + + [A] 'function void lws_buflist_describe(lws_buflist**, void*, const char*)' {lws_buflist_describe} + + [A] 'function void lws_buflist_destroy_all_segments(lws_buflist**)' {lws_buflist_destroy_all_segments} + + [A] 'function int lws_buflist_linear_copy(lws_buflist**, size_t, uint8_t*, size_t)' {lws_buflist_linear_copy} + + [A] 'function size_t lws_buflist_next_segment_len(lws_buflist**, uint8_t**)' {lws_buflist_next_segment_len} + + [A] 'function size_t lws_buflist_total_len(lws_buflist**)' {lws_buflist_total_len} + + [A] 'function size_t lws_buflist_use_segment(lws_buflist**, size_t)' {lws_buflist_use_segment} + + [A] 'function int lws_callback_vhost_protocols_vhost(lws_vhost*, int, void*, size_t)' {lws_callback_vhost_protocols_vhost} + + [A] 'function int lws_client_http_multipart(lws*, const char*, const char*, const char*, char**, char*)' {lws_client_http_multipart} + + [A] 'function const char* lws_cmdline_option(int, const char**, const char*)' {lws_cmdline_option} + + [A] 'function void lws_cmdline_option_handle_builtin(int, const char**, lws_context_creation_info*)' {lws_cmdline_option_handle_builtin} + + [A] 'function lws* lws_create_adopt_udp(lws_vhost*, const char*, int, int, const char*, const char*, lws*, void*, const lws_retry_bo_t*)' {lws_create_adopt_udp} + + [A] 'function int lws_dir(const char*, void*, lws_dir_callback_function*)' {lws_dir} + + [A] 'function lws_diskcache_scan* lws_diskcache_create(const char*, uint64_t)' {lws_diskcache_create} + + [A] 'function void lws_diskcache_destroy(lws_diskcache_scan**)' {lws_diskcache_destroy} + + [A] 'function int lws_diskcache_finalize_name(char*)' {lws_diskcache_finalize_name} + + [A] 'function int lws_diskcache_prepare(const char*, int, int)' {lws_diskcache_prepare} + + [A] 'function int lws_diskcache_query(lws_diskcache_scan*, int, const char*, int*, char*, int, size_t*)' {lws_diskcache_query} + + [A] 'function int lws_diskcache_secs_to_idle(lws_diskcache_scan*)' {lws_diskcache_secs_to_idle} + + [A] 'function int lws_diskcache_trim(lws_diskcache_scan*)' {lws_diskcache_trim} + + [A] 'function void lws_dll2_add_before(lws_dll2*, lws_dll2*)' {lws_dll2_add_before} + + [A] 'function void lws_dll2_add_head(lws_dll2*, lws_dll2_owner*)' {lws_dll2_add_head} + + [A] 'function void lws_dll2_add_sorted(lws_dll2_t*, lws_dll2_owner_t*, int (const lws_dll2_t*, const lws_dll2_t*)*)' {lws_dll2_add_sorted} + + [A] 'function void lws_dll2_add_tail(lws_dll2*, lws_dll2_owner*)' {lws_dll2_add_tail} + + [A] 'function void lws_dll2_clear(lws_dll2*)' {lws_dll2_clear} + + [A] 'function int lws_dll2_foreach_safe(lws_dll2_owner*, void*, int (lws_dll2*, void*)*)' {lws_dll2_foreach_safe} + + [A] 'function void lws_dll2_owner_clear(lws_dll2_owner*)' {lws_dll2_owner_clear} + + [A] 'function void lws_dll2_remove(lws_dll2*)' {lws_dll2_remove} + + [A] 'function void lws_explicit_bzero(void*, size_t)' {lws_explicit_bzero} + + [A] 'function void lws_filename_purify_inplace(char*)' {lws_filename_purify_inplace} + + [A] 'function int lws_finalize_write_http_header(lws*, unsigned char*, unsigned char**, unsigned char*)' {lws_finalize_write_http_header} + + [A] 'function void lws_fts_close(lws_fts_file*)' {lws_fts_close} + + [A] 'function lws_fts* lws_fts_create(int)' {lws_fts_create} + + [A] 'function void lws_fts_destroy(lws_fts**)' {lws_fts_destroy} + + [A] 'function int lws_fts_file_index(lws_fts*, const char*, int, int)' {lws_fts_file_index} + + [A] 'function int lws_fts_fill(lws_fts*, uint32_t, const char*, size_t)' {lws_fts_fill} + + [A] 'function lws_fts_file* lws_fts_open(const char*)' {lws_fts_open} + + [A] 'function lws_fts_result* lws_fts_search(lws_fts_file*, lws_fts_search_params*)' {lws_fts_search} + + [A] 'function int lws_fts_serialize(lws_fts*)' {lws_fts_serialize} + + [A] 'function int lws_genaes_create(lws_genaes_ctx*, enum_aes_operation, enum_aes_modes, lws_gencrypto_keyelem*, enum_aes_padding, void*)' {lws_genaes_create} + + [A] 'function int lws_genaes_crypt(lws_genaes_ctx*, const uint8_t*, size_t, uint8_t*, uint8_t*, uint8_t*, size_t*, int)' {lws_genaes_crypt} + + [A] 'function int lws_genaes_destroy(lws_genaes_ctx*, unsigned char*, size_t)' {lws_genaes_destroy} + + [A] 'function int lws_gencrypto_bits_to_bytes(int)' {lws_gencrypto_bits_to_bytes} + + [A] 'function int lws_gencrypto_jwe_alg_to_definition(const char*, const lws_jose_jwe_alg**)' {lws_gencrypto_jwe_alg_to_definition} + + [A] 'function int lws_gencrypto_jwe_enc_to_definition(const char*, const lws_jose_jwe_alg**)' {lws_gencrypto_jwe_enc_to_definition} + + [A] 'function int lws_gencrypto_jws_alg_to_definition(const char*, const lws_jose_jwe_alg**)' {lws_gencrypto_jws_alg_to_definition} + + [A] 'function size_t lws_gencrypto_padded_length(size_t, size_t)' {lws_gencrypto_padded_length} + + [A] 'function void lws_genec_destroy(lws_genec_ctx*)' {lws_genec_destroy} + + [A] 'function void lws_genec_destroy_elements(lws_gencrypto_keyelem*)' {lws_genec_destroy_elements} + + [A] 'function int lws_genec_dump(lws_gencrypto_keyelem*)' {lws_genec_dump} + + [A] 'function int lws_genecdh_compute_shared_secret(lws_genec_ctx*, uint8_t*, int*)' {lws_genecdh_compute_shared_secret} + + [A] 'function int lws_genecdh_create(lws_genec_ctx*, lws_context*, const lws_ec_curves*)' {lws_genecdh_create} + + [A] 'function int lws_genecdh_new_keypair(lws_genec_ctx*, enum_lws_dh_side, const char*, lws_gencrypto_keyelem*)' {lws_genecdh_new_keypair} + + [A] 'function int lws_genecdh_set_key(lws_genec_ctx*, lws_gencrypto_keyelem*, enum_lws_dh_side)' {lws_genecdh_set_key} + + [A] 'function int lws_genecdsa_create(lws_genec_ctx*, lws_context*, const lws_ec_curves*)' {lws_genecdsa_create} + + [A] 'function int lws_genecdsa_hash_sig_verify_jws(lws_genec_ctx*, const uint8_t*, lws_genhash_types, int, const uint8_t*, size_t)' {lws_genecdsa_hash_sig_verify_jws} + + [A] 'function int lws_genecdsa_hash_sign_jws(lws_genec_ctx*, const uint8_t*, lws_genhash_types, int, uint8_t*, size_t)' {lws_genecdsa_hash_sign_jws} + + [A] 'function int lws_genecdsa_new_keypair(lws_genec_ctx*, const char*, lws_gencrypto_keyelem*)' {lws_genecdsa_new_keypair} + + [A] 'function int lws_genecdsa_set_key(lws_genec_ctx*, lws_gencrypto_keyelem*)' {lws_genecdsa_set_key} + + [A] 'function int lws_genhmac_destroy(lws_genhmac_ctx*, void*)' {lws_genhmac_destroy} + + [A] 'function int lws_genhmac_init(lws_genhmac_ctx*, lws_genhmac_types, const uint8_t*, size_t)' {lws_genhmac_init} + + [A] 'function size_t lws_genhmac_size(lws_genhmac_types)' {lws_genhmac_size} + + [A] 'function int lws_genhmac_update(lws_genhmac_ctx*, void*, size_t)' {lws_genhmac_update} + + [A] 'function int lws_genrsa_create(lws_genrsa_ctx*, lws_gencrypto_keyelem*, lws_context*, enum_genrsa_mode, lws_genhash_types)' {lws_genrsa_create} + + [A] 'function void lws_genrsa_destroy(lws_genrsa_ctx*)' {lws_genrsa_destroy} + + [A] 'function void lws_genrsa_destroy_elements(lws_gencrypto_keyelem*)' {lws_genrsa_destroy_elements} + + [A] 'function int lws_genrsa_hash_sig_verify(lws_genrsa_ctx*, const uint8_t*, lws_genhash_types, const uint8_t*, size_t)' {lws_genrsa_hash_sig_verify} + + [A] 'function int lws_genrsa_hash_sign(lws_genrsa_ctx*, const uint8_t*, lws_genhash_types, uint8_t*, size_t)' {lws_genrsa_hash_sign} + + [A] 'function int lws_genrsa_new_keypair(lws_context*, lws_genrsa_ctx*, enum_genrsa_mode, lws_gencrypto_keyelem*, int)' {lws_genrsa_new_keypair} + + [A] 'function int lws_genrsa_private_decrypt(lws_genrsa_ctx*, const uint8_t*, size_t, uint8_t*, size_t)' {lws_genrsa_private_decrypt} + + [A] 'function int lws_genrsa_private_encrypt(lws_genrsa_ctx*, const uint8_t*, size_t, uint8_t*)' {lws_genrsa_private_encrypt} + + [A] 'function int lws_genrsa_public_decrypt(lws_genrsa_ctx*, const uint8_t*, size_t, uint8_t*, size_t)' {lws_genrsa_public_decrypt} + + [A] 'function int lws_genrsa_public_encrypt(lws_genrsa_ctx*, const uint8_t*, size_t, uint8_t*)' {lws_genrsa_public_encrypt} + + [A] 'function void lws_get_effective_uid_gid(lws_context*, int*, int*)' {lws_get_effective_uid_gid} + + [A] 'function void* lws_get_opaque_user_data(const lws*)' {lws_get_opaque_user_data} + + [A] 'function const char* lws_get_peer_simple_fd(lws_sockfd_type, char*, size_t)' {lws_get_peer_simple_fd} + + [A] 'function int lws_get_tsi(lws*)' {lws_get_tsi} + + [A] 'function const lws_udp* lws_get_udp(const lws*)' {lws_get_udp} + + [A] 'function lws_vhost* lws_get_vhost_by_name(lws_context*, const char*)' {lws_get_vhost_by_name} + + [A] 'function const char* lws_get_vhost_iface(lws_vhost*)' {lws_get_vhost_iface} + + [A] 'function int lws_get_vhost_listen_port(lws_vhost*)' {lws_get_vhost_listen_port} + + [A] 'function const char* lws_get_vhost_name(lws_vhost*)' {lws_get_vhost_name} + + [A] 'function int lws_get_vhost_port(lws_vhost*)' {lws_get_vhost_port} + + [A] 'function void* lws_get_vhost_user(lws_vhost*)' {lws_get_vhost_user} + + [A] 'function int lws_h2_client_stream_long_poll_rxonly(lws*)' {lws_h2_client_stream_long_poll_rxonly} + + [A] 'function int lws_h2_get_peer_txcredit_estimate(lws*)' {lws_h2_get_peer_txcredit_estimate} + + [A] 'function int lws_h2_update_peer_txcredit(lws*, int, int)' {lws_h2_update_peer_txcredit} + + [A] 'function int lws_hdr_custom_copy(lws*, char*, int, const char*, int)' {lws_hdr_custom_copy} + + [A] 'function int lws_hdr_custom_length(lws*, const char*, int)' {lws_hdr_custom_length} + + [A] 'function int lws_hex_to_byte_array(const char*, uint8_t*, int)' {lws_hex_to_byte_array} + + [A] 'function int lws_http_basic_auth_gen(const char*, const char*, char*, size_t)' {lws_http_basic_auth_gen} + + [A] 'function int lws_http_compression_apply(lws*, const char*, unsigned char**, unsigned char*, char)' {lws_http_compression_apply} + + [A] 'function int lws_http_get_uri_and_method(lws*, char**, int*)' {lws_http_get_uri_and_method} + + [A] 'function int lws_http_headers_detach(lws*)' {lws_http_headers_detach} + + [A] 'function int lws_http_is_redirected_to_get(lws*)' {lws_http_is_redirected_to_get} + + [A] 'function int lws_http_mark_sse(lws*)' {lws_http_mark_sse} + + [A] 'function int lws_humanize(char*, int, uint64_t, const lws_humanize_unit_t*)' {lws_humanize} + + [A] 'function void lws_jose_destroy(lws_jose*)' {lws_jose_destroy} + + [A] 'function void lws_jose_init(lws_jose*)' {lws_jose_init} + + [A] 'function int lws_json_purify_len(const char*)' {lws_json_purify_len} + + [A] 'function int lws_jwa_concat_kdf(lws_jwe*, int, uint8_t*, const uint8_t*, int)' {lws_jwa_concat_kdf} + + [A] 'function int lws_jwe_auth_and_decrypt(lws_jwe*, char*, int*)' {lws_jwe_auth_and_decrypt} + + [A] 'function int lws_jwe_auth_and_decrypt_cbc_hs(lws_jwe*, uint8_t*, uint8_t*, int)' {lws_jwe_auth_and_decrypt_cbc_hs} + + [A] 'function void lws_jwe_be64(uint64_t, uint8_t*)' {lws_jwe_be64} + + [A] 'function int lws_jwe_create_packet(lws_jwe*, const char*, size_t, const char*, char*, size_t, lws_context*)' {lws_jwe_create_packet} + + [A] 'function void lws_jwe_destroy(lws_jwe*)' {lws_jwe_destroy} + + [A] 'function int lws_jwe_encrypt(lws_jwe*, char*, int*)' {lws_jwe_encrypt} + + [A] 'function void lws_jwe_init(lws_jwe*, lws_context*)' {lws_jwe_init} + + [A] 'function int lws_jwe_json_parse(lws_jwe*, const uint8_t*, int, char*, int*)' {lws_jwe_json_parse} + + [A] 'function int lws_jwe_parse_jose(lws_jose*, const char*, int, char*, int*)' {lws_jwe_parse_jose} + + [A] 'function int lws_jwe_render_compact(lws_jwe*, char*, size_t)' {lws_jwe_render_compact} + + [A] 'function int lws_jwe_render_flattened(lws_jwe*, char*, size_t)' {lws_jwe_render_flattened} + + [A] 'function void lws_jwk_destroy(lws_jwk*)' {lws_jwk_destroy} + + [A] 'function int lws_jwk_dump(lws_jwk*)' {lws_jwk_dump} + + [A] 'function int lws_jwk_dup_oct(lws_jwk*, void*, int)' {lws_jwk_dup_oct} + + [A] 'function int lws_jwk_export(lws_jwk*, int, char*, int*)' {lws_jwk_export} + + [A] 'function int lws_jwk_generate(lws_context*, lws_jwk*, lws_gencrypto_kty, int, const char*)' {lws_jwk_generate} + + [A] 'function int lws_jwk_import(lws_jwk*, lws_jwk_key_import_callback, void*, const char*, size_t)' {lws_jwk_import} + + [A] 'function int lws_jwk_load(lws_jwk*, const char*, lws_jwk_key_import_callback, void*)' {lws_jwk_load} + + [A] 'function int lws_jwk_rfc7638_fingerprint(lws_jwk*, char*)' {lws_jwk_rfc7638_fingerprint} + + [A] 'function int lws_jwk_save(lws_jwk*, const char*)' {lws_jwk_save} + + [A] 'function int lws_jwk_strdup_meta(lws_jwk*, enum_jwk_meta_tok, const char*, int)' {lws_jwk_strdup_meta} + + [A] 'function int lws_jws_alloc_element(lws_jws_map*, int, char*, int*, size_t, size_t)' {lws_jws_alloc_element} + + [A] 'function int lws_jws_b64_compact_map(const char*, int, lws_jws_map*)' {lws_jws_b64_compact_map} + + [A] 'function int lws_jws_base64_enc(const char*, size_t, char*, size_t)' {lws_jws_base64_enc} + + [A] 'function int lws_jws_compact_decode(const char*, int, lws_jws_map*, lws_jws_map*, char*, int*)' {lws_jws_compact_decode} + + [A] 'function int lws_jws_compact_encode(lws_jws_map*, const lws_jws_map*, char*, int*)' {lws_jws_compact_encode} + + [A] 'function void lws_jws_destroy(lws_jws*)' {lws_jws_destroy} + + [A] 'function int lws_jws_dup_element(lws_jws_map*, int, char*, int*, void*, size_t, size_t)' {lws_jws_dup_element} + + [A] 'function int lws_jws_encode_b64_element(lws_jws_map*, int, char*, int*, void*, size_t)' {lws_jws_encode_b64_element} + + [A] 'function int lws_jws_encode_section(const char*, size_t, int, char**, char*)' {lws_jws_encode_section} + + [A] 'function void lws_jws_init(lws_jws*, lws_jwk*, lws_context*)' {lws_jws_init} + + [A] 'function int lws_jws_parse_jose(lws_jose*, const char*, int, char*, int*)' {lws_jws_parse_jose} + + [A] 'function int lws_jws_randomize_element(lws_context*, lws_jws_map*, int, char*, int*, size_t, size_t)' {lws_jws_randomize_element} + + [A] 'function int lws_jws_sig_confirm(lws_jws_map*, lws_jws_map*, lws_jwk*, lws_context*)' {lws_jws_sig_confirm} + + [A] 'function int lws_jws_sig_confirm_compact(lws_jws_map*, lws_jwk*, lws_context*, char*, int*)' {lws_jws_sig_confirm_compact} + + [A] 'function int lws_jws_sig_confirm_compact_b64(const char*, size_t, lws_jws_map*, lws_jwk*, lws_context*, char*, int*)' {lws_jws_sig_confirm_compact_b64} + + [A] 'function int lws_jws_sig_confirm_compact_b64_map(lws_jws_map*, lws_jwk*, lws_context*, char*, int*)' {lws_jws_sig_confirm_compact_b64_map} + + [A] 'function int lws_jws_sig_confirm_json(const char*, size_t, lws_jws*, lws_jwk*, lws_context*, char*, int*)' {lws_jws_sig_confirm_json} + + [A] 'function int lws_jws_sign_from_b64(lws_jose*, lws_jws*, char*, size_t)' {lws_jws_sign_from_b64} + + [A] 'function int lws_jws_write_compact(lws_jws*, char*, size_t)' {lws_jws_write_compact} + + [A] 'function int lws_jws_write_flattened_json(lws_jws*, char*, size_t)' {lws_jws_write_flattened_json} + + [A] 'function void lws_list_ptr_insert(lws_list_ptr*, lws_list_ptr*, lws_list_ptr_sort_func_t)' {lws_list_ptr_insert} + + [A] 'function lws_usec_t lws_now_usecs()' {lws_now_usecs} + + [A] 'function int lws_open(const char*, int, ...)' {lws_open} + + [A] 'function int lws_parse_numeric_address(const char*, uint8_t*, size_t)' {lws_parse_numeric_address} + + [A] 'function int lws_plat_read_file(const char*, void*, int)' {lws_plat_read_file} + + [A] 'function int lws_plat_recommended_rsa_bits()' {lws_plat_recommended_rsa_bits} + + [A] 'function int lws_plat_write_cert(lws_vhost*, int, int, void*, int)' {lws_plat_write_cert} + + [A] 'function int lws_plat_write_file(const char*, void*, int)' {lws_plat_write_file} + + [A] 'function int lws_pvo_get_str(void*, const char*, const char**)' {lws_pvo_get_str} + + [A] 'function const lws_protocol_vhost_options* lws_pvo_search(const lws_protocol_vhost_options*, const char*)' {lws_pvo_search} + + [A] 'function int lws_raw_transaction_completed(lws*)' {lws_raw_transaction_completed} + + [A] 'function unsigned int lws_retry_get_delay_ms(lws_context*, const lws_retry_bo_t*, uint16_t*, char*)' {lws_retry_get_delay_ms} + + [A] 'function int lws_retry_sul_schedule(lws_context*, int, lws_sorted_usec_list_t*, const lws_retry_bo_t*, sul_cb_t, uint16_t*)' {lws_retry_sul_schedule} + + [A] 'function int lws_retry_sul_schedule_retry_wsi(lws*, lws_sorted_usec_list_t*, sul_cb_t, uint16_t*)' {lws_retry_sul_schedule_retry_wsi} + + [A] 'function void lws_ring_dump(lws_ring*, uint32_t*)' {lws_ring_dump} + + [A] 'function int lws_sa46_compare_ads(const lws_sockaddr46*, const lws_sockaddr46*)' {lws_sa46_compare_ads} + + [A] 'function int lws_sa46_parse_numeric_address(const char*, lws_sockaddr46*)' {lws_sa46_parse_numeric_address} + + [A] 'function int lws_sa46_write_numeric_address(lws_sockaddr46*, char*, size_t)' {lws_sa46_write_numeric_address} + + [A] 'function int lws_seq_check_wsi(lws_seq_t*, lws*)' {lws_seq_check_wsi} + + [A] 'function lws_seq_t* lws_seq_create(lws_seq_info_t*)' {lws_seq_create} + + [A] 'function void lws_seq_destroy(lws_seq_t**)' {lws_seq_destroy} + + [A] 'function lws_seq_t* lws_seq_from_user(void*)' {lws_seq_from_user} + + [A] 'function lws_context* lws_seq_get_context(lws_seq_t*)' {lws_seq_get_context} + + [A] 'function const char* lws_seq_name(lws_seq_t*)' {lws_seq_name} + + [A] 'function int lws_seq_queue_event(lws_seq_t*, lws_seq_events_t, void*, void*)' {lws_seq_queue_event} + + [A] 'function int lws_seq_timeout_us(lws_seq_t*, lws_usec_t)' {lws_seq_timeout_us} + + [A] 'function lws_usec_t lws_seq_us_since_creation(lws_seq_t*)' {lws_seq_us_since_creation} + + [A] 'function uint16_t lws_ser_ru16be(const uint8_t*)' {lws_ser_ru16be} + + [A] 'function uint32_t lws_ser_ru32be(const uint8_t*)' {lws_ser_ru32be} + + [A] 'function uint64_t lws_ser_ru64be(const uint8_t*)' {lws_ser_ru64be} + + [A] 'function void lws_ser_wu16be(uint8_t*, uint16_t)' {lws_ser_wu16be} + + [A] 'function void lws_ser_wu32be(uint8_t*, uint32_t)' {lws_ser_wu32be} + + [A] 'function void lws_ser_wu64be(uint8_t*, uint64_t)' {lws_ser_wu64be} + + [A] 'function void lws_set_opaque_user_data(lws*, void*)' {lws_set_opaque_user_data} + + [A] 'function int lws_set_socks(lws_vhost*, const char*)' {lws_set_socks} + + [A] 'function void lws_set_timer_usecs(lws*, lws_usec_t)' {lws_set_timer_usecs} + + [A] 'function lws_spa* lws_spa_create_via_info(lws*, const lws_spa_create_info_t*)' {lws_spa_create_via_info} + + [A] 'function void lws_state_reg_deregister(lws_state_notify_link_t*)' {lws_state_reg_deregister} + + [A] 'function void lws_state_reg_notifier(lws_state_manager_t*, lws_state_notify_link_t*)' {lws_state_reg_notifier} + + [A] 'function void lws_state_reg_notifier_list(lws_state_manager_t*, lws_state_notify_link_t* const*)' {lws_state_reg_notifier_list} + + [A] 'function int lws_state_transition(lws_state_manager_t*, int)' {lws_state_transition} + + [A] 'function int lws_state_transition_steps(lws_state_manager_t*, int)' {lws_state_transition_steps} + + [A] 'function int lws_strexp_expand(lws_strexp_t*, const char*, size_t, size_t*, size_t*)' {lws_strexp_expand} + + [A] 'function void lws_strexp_init(lws_strexp_t*, void*, lws_strexp_expand_cb, char*, size_t)' {lws_strexp_init} + + [A] 'function void lws_strexp_reset_out(lws_strexp_t*, char*, size_t)' {lws_strexp_reset_out} + + [A] 'function char* lws_strncpy(char*, const char*, size_t)' {lws_strncpy} + + [A] 'function void lws_sul_schedule(lws_context*, int, lws_sorted_usec_list_t*, sul_cb_t, lws_usec_t)' {lws_sul_schedule} + + [A] 'function void lws_system_blob_destroy(lws_system_blob_t*)' {lws_system_blob_destroy} + + [A] 'function void lws_system_blob_direct_set(lws_system_blob_t*, const uint8_t*, size_t)' {lws_system_blob_direct_set} + + [A] 'function int lws_system_blob_get(lws_system_blob_t*, uint8_t*, size_t*, size_t)' {lws_system_blob_get} + + [A] 'function int lws_system_blob_get_single_ptr(lws_system_blob_t*, const uint8_t**)' {lws_system_blob_get_single_ptr} + + [A] 'function size_t lws_system_blob_get_size(lws_system_blob_t*)' {lws_system_blob_get_size} + + [A] 'function int lws_system_blob_heap_append(lws_system_blob_t*, const uint8_t*, size_t)' {lws_system_blob_heap_append} + + [A] 'function void lws_system_blob_heap_empty(lws_system_blob_t*)' {lws_system_blob_heap_empty} + + [A] 'function lws_context* lws_system_context_from_system_mgr(lws_state_manager_t*)' {lws_system_context_from_system_mgr} + + [A] 'function lws_system_blob_t* lws_system_get_blob(lws_context*, lws_system_blob_item_t, int)' {lws_system_get_blob} + + [A] 'function const lws_system_ops_t* lws_system_get_ops(lws_context*)' {lws_system_get_ops} + + [A] 'function lws_state_manager_t* lws_system_get_state_manager(lws_context*)' {lws_system_get_state_manager} + + [A] 'function lws_threadpool* lws_threadpool_create(lws_context*, const lws_threadpool_create_args*, const char*, ...)' {lws_threadpool_create} + + [A] 'function int lws_threadpool_dequeue(lws*)' {lws_threadpool_dequeue} + + [A] 'function void lws_threadpool_destroy(lws_threadpool*)' {lws_threadpool_destroy} + + [A] 'function void lws_threadpool_dump(lws_threadpool*)' {lws_threadpool_dump} + + [A] 'function lws_threadpool_task* lws_threadpool_enqueue(lws_threadpool*, const lws_threadpool_task_args*, const char*, ...)' {lws_threadpool_enqueue} + + [A] 'function void lws_threadpool_finish(lws_threadpool*)' {lws_threadpool_finish} + + [A] 'function lws_threadpool_task_status lws_threadpool_task_status_wsi(lws*, lws_threadpool_task**, void**)' {lws_threadpool_task_status_wsi} + + [A] 'function void lws_threadpool_task_sync(lws_threadpool_task*, int)' {lws_threadpool_task_sync} + + [A] 'function int lws_timed_callback_vh_protocol(lws_vhost*, const lws_protocols*, int, int)' {lws_timed_callback_vh_protocol} + + [A] 'function int lws_timed_callback_vh_protocol_us(lws_vhost*, const lws_protocols*, int, lws_usec_t)' {lws_timed_callback_vh_protocol_us} + + [A] 'function int lws_timingsafe_bcmp(void*, void*, uint32_t)' {lws_timingsafe_bcmp} + + [A] 'function int lws_tls_acme_sni_cert_create(lws_vhost*, const char*, const char*)' {lws_tls_acme_sni_cert_create} + + [A] 'function int lws_tls_acme_sni_csr_create(lws_context*, const char**, uint8_t*, size_t, char**, size_t*)' {lws_tls_acme_sni_csr_create} + + [A] 'function int lws_tls_cert_updated(lws_context*, const char*, const char*, const char*, size_t, const char*, size_t)' {lws_tls_cert_updated} + + [A] 'function int lws_tls_client_vhost_extra_cert_mem(lws_vhost*, const uint8_t*, size_t)' {lws_tls_client_vhost_extra_cert_mem} + + [A] 'function int lws_tls_peer_cert_info(lws*, lws_tls_cert_info, lws_tls_cert_info_results*, size_t)' {lws_tls_peer_cert_info} + + [A] 'function int lws_tls_vhost_cert_info(lws_vhost*, lws_tls_cert_info, lws_tls_cert_info_results*, size_t)' {lws_tls_vhost_cert_info} + + [A] 'function lws_tokenize_elem lws_tokenize(lws_tokenize*)' {lws_tokenize} + + [A] 'function int lws_tokenize_cstr(lws_tokenize*, char*, size_t)' {lws_tokenize_cstr} + + [A] 'function void lws_tokenize_init(lws_tokenize*, const char*, int)' {lws_tokenize_init} + + [A] 'function void lws_validity_confirmed(lws*)' {lws_validity_confirmed} + + [A] 'function int lws_vbi_decode(void*, uint64_t*, size_t)' {lws_vbi_decode} + + [A] 'function int lws_vbi_encode(uint64_t, void*)' {lws_vbi_encode} + + [A] 'function int lws_write_numeric_address(const uint8_t*, int, char*, size_t)' {lws_write_numeric_address} + + [A] 'function int lws_wsi_tx_credit(lws*, char, int)' {lws_wsi_tx_credit} + + [A] 'function int lws_x509_create(lws_x509_cert**)' {lws_x509_create} + + [A] 'function void lws_x509_destroy(lws_x509_cert**)' {lws_x509_destroy} + + [A] 'function int lws_x509_info(lws_x509_cert*, lws_tls_cert_info, lws_tls_cert_info_results*, size_t)' {lws_x509_info} + + [A] 'function int lws_x509_jwk_privkey_pem(lws_jwk*, void*, size_t, const char*)' {lws_x509_jwk_privkey_pem} + + [A] 'function int lws_x509_parse_from_pem(lws_x509_cert*, void*, size_t)' {lws_x509_parse_from_pem} + + [A] 'function int lws_x509_public_to_jwk(lws_jwk*, lws_x509_cert*, const char*, int)' {lws_x509_public_to_jwk} + + [A] 'function int lws_x509_verify(lws_x509_cert*, lws_x509_cert*, const char*)' {lws_x509_verify} + + [A] 'function size_t lwsac_align(size_t)' {lwsac_align} + + [A] 'function int lwsac_cached_file(const char*, lwsac_cached_file_t*, size_t*)' {lwsac_cached_file} + + [A] 'function void lwsac_detach(lwsac**)' {lwsac_detach} + + [A] 'function int lwsac_extend(lwsac*, int)' {lwsac_extend} + + [A] 'function void lwsac_free(lwsac**)' {lwsac_free} + + [A] 'function lwsac* lwsac_get_next(lwsac*)' {lwsac_get_next} + + [A] 'function size_t lwsac_get_tail_pos(lwsac*)' {lwsac_get_tail_pos} + + [A] 'function void lwsac_info(lwsac*)' {lwsac_info} + + [A] 'function void lwsac_reference(lwsac*)' {lwsac_reference} + + [A] 'function uint8_t* lwsac_scan_extant(lwsac*, uint8_t*, size_t, int)' {lwsac_scan_extant} + + [A] 'function size_t lwsac_sizeof(int)' {lwsac_sizeof} + + [A] 'function uint64_t lwsac_total_alloc(lwsac*)' {lwsac_total_alloc} + + [A] 'function uint64_t lwsac_total_overhead(lwsac*)' {lwsac_total_overhead} + + [A] 'function void lwsac_unreference(lwsac**)' {lwsac_unreference} + + [A] 'function void* lwsac_use(lwsac**, size_t, size_t)' {lwsac_use} + + [A] 'function void* lwsac_use_backfill(lwsac**, size_t, size_t)' {lwsac_use_backfill} + + [A] 'function void lwsac_use_cached_file_detach(lwsac_cached_file_t*)' {lwsac_use_cached_file_detach} + + [A] 'function void lwsac_use_cached_file_end(lwsac_cached_file_t*)' {lwsac_use_cached_file_end} + + [A] 'function void lwsac_use_cached_file_start(lwsac_cached_file_t)' {lwsac_use_cached_file_start} + + [A] 'function void* lwsac_use_zero(lwsac**, size_t, size_t)' {lwsac_use_zero} + + [A] 'function void lwsl_emit_stderr_notimestamp(int, const char*)' {lwsl_emit_stderr_notimestamp} + + [A] 'function int lwsws_get_config_globals(lws_context_creation_info*, const char*, char**, int*)' {lwsws_get_config_globals} + + [A] 'function int lwsws_get_config_vhosts(lws_context*, lws_context_creation_info*, const char*, char**, int*)' {lwsws_get_config_vhosts} + + + +19 functions with some indirect sub-type change: + + + + [C]'function int _lws_plat_service_tsi(lws_context*, int, int)' at unix-service.c:68:1 has some indirect sub-type changes: + + parameter 1 of type 'lws_context*' has sub-type changes: + + in pointed to type 'struct lws_context' at private-lib-core.h:303:1: + + type size changed from 46272 to 11392 (in bits) + + 9 data member deletions: + + 'time_t lws_context::last_timeout_check_s', at offset 0 (in bits) at private-libwebsockets.h:1017:1 + + + + 'unsigned int lws_context::ssl_gate_accepts', at offset 26 (in bits) at private-libwebsockets.h:1124:1 + + + + 'lws_conn_stats lws_context::conn_stats', at offset 42752 (in bits) at private-libwebsockets.h:1029:1 + + + + 'pthread_mutex_t lws_context::lock', at offset 43392 (in bits) at private-libwebsockets.h:1031:1 + + + + 'int lws_context::lock_depth', at offset 43776 (in bits) at private-libwebsockets.h:1032:1 + + + + 'lws_plugin* lws_context::plugin_list', at offset 44032 (in bits) at private-libwebsockets.h:1049:1 + + + + 'int lws_context::started_with_parent', at offset 45600 (in bits) at private-libwebsockets.h:1099:1 + + + + 'volatile int lws_context::service_tid', at offset 46080 (in bits) at private-libwebsockets.h:1132:1 + + + + 'int lws_context::service_tid_detected', at offset 46112 (in bits) at private-libwebsockets.h:1133:1 + + + + 26 data member insertions: + + 'unsigned int lws_context::policy_updated', at offset 20 (in bits) at private-lib-core.h:511:1 + + 'unsigned int lws_context::max_fds_unrelated_to_ulimit', at offset 21 (in bits) at private-lib-core.h:510:1 + + 'unsigned int lws_context::finalize_destroy_after_internal_loops_stopped', at offset 22 (in bits) at private-lib-core.h:509:1 + + 'unsigned int lws_context::done_protocol_destroy_cb', at offset 23 (in bits) at private-lib-core.h:508:1 + + 'unsigned int lws_context::being_destroyed2', at offset 27 (in bits) at private-lib-core.h:504:1 + + 'unsigned int lws_context::inside_context_destroy', at offset 30 (in bits) at private-lib-core.h:501:1 + + 'lws_system_blob_t lws_context::system_blobs[8]', at offset 2304 (in bits) at private-lib-core.h:316:1 + + 'lws_retry_bo_t lws_context::default_retry', at offset 6976 (in bits) at private-lib-core.h:320:1 + + 'lws_sorted_usec_list_t lws_context::sul_system_state', at offset 7168 (in bits) at private-lib-core.h:321:1 + + 'http2_settings lws_context::set', at offset 7488 (in bits) at private-lib-core.h:328:1 + + 'lws_context_tls lws_context::tls', at offset 7808 (in bits) at private-lib-core.h:353:1 + + 'lws_state_manager_t lws_context::mgr_system', at offset 8448 (in bits) at private-lib-core.h:368:1 + + 'lws_state_notify_link_t lws_context::protocols_notify', at offset 8896 (in bits) at private-lib-core.h:369:1 + + 'lws_vhost* lws_context::no_listener_vhost_list', at offset 9280 (in bits) at private-lib-core.h:378:1 + + 'lws_vhost* lws_context::vhost_system', at offset 9408 (in bits) at private-lib-core.h:380:1 + + 'lws_event_loop_ops* lws_context::event_loop_ops', at offset 9536 (in bits) at private-lib-core.h:386:1 + + 'const lws_tls_ops* lws_context::tls_ops', at offset 9600 (in bits) at private-lib-core.h:390:1 + + 'lws_context** lws_context::pcontext_finalize', at offset 9792 (in bits) at private-lib-core.h:417:1 + + 'const char* lws_context::username', at offset 9856 (in bits) at private-lib-core.h:418:1 + + 'const char* lws_context::groupname', at offset 9920 (in bits) at private-lib-core.h:418:1 + + 'lws_threadpool* lws_context::tp_list_head', at offset 10048 (in bits) at private-lib-core.h:431:1 + + 'const lws_system_ops_t* lws_context::system_ops', at offset 10112 (in bits) at private-lib-core.h:440:1 + + 'void (void*, int)* lws_context::eventlib_signal_cb', at offset 10496 (in bits) at private-lib-core.h:456:1 + + 'int lws_context::count_event_loop_static_asset_handles', at offset 10784 (in bits) at private-lib-core.h:475:1 + + 'uint8_t lws_context::udp_loss_sim_tx_pc', at offset 11320 (in bits) at private-lib-core.h:524:1 + + 'uint8_t lws_context::udp_loss_sim_rx_pc', at offset 11328 (in bits) at private-lib-core.h:525:1 + + 43 data member changes: + + 'unsigned int lws_context::protocol_init_done' offset changed from 27 to 25 (in bits) (by -2 bits) + + 'unsigned int lws_context::requested_kill' offset changed from 28 to 26 (in bits) (by -2 bits) + + 'unsigned int lws_context::being_destroyed1' offset changed from 29 to 28 (in bits) (by -1 bits) + + 'unsigned int lws_context::being_destroyed' offset changed from 30 to 29 (in bits) (by -1 bits) + + 'time_t lws_context::last_ws_ping_pong_check_s' offset changed from 64 to 10688 (in bits) (by +10624 bits) + + 'time_t lws_context::time_up' offset changed from 128 to 10560 (in bits) (by +10432 bits) + + 'const lws_plat_file_ops* lws_context::fops' offset changed from 192 to 9728 (in bits) (by +9536 bits) + + 'lws_plat_file_ops lws_context::fops_platform' offset changed from 256 to 768 (in bits) (by +512 bits) + + 'lws_plat_file_ops lws_context::fops_zip' offset changed from 1024 to 1536 (in bits) (by +512 bits) + + type of 'lws_context_per_thread lws_context::pt[32]' changed: + + array element type 'struct lws_context_per_thread' changed: + + type size changed from 1280 to 3136 (in bits) + + 9 data member deletions: + + 'lws* lws_context_per_thread::rx_draining_ext_list', at offset 448 (in bits) at private-libwebsockets.h:801:1 + + + + 'lws* lws_context_per_thread::tx_draining_ext_list', at offset 512 (in bits) at private-libwebsockets.h:802:1 + + + + 'void* lws_context_per_thread::http_header_data', at offset 640 (in bits) at private-libwebsockets.h:810:1 + + + + 'allocated_headers* lws_context_per_thread::ah_list', at offset 704 (in bits) at private-libwebsockets.h:811:1 + + + + 'int lws_context_per_thread::ah_wait_list_length', at offset 832 (in bits) at private-libwebsockets.h:813:1 + + + + 'lws* lws_context_per_thread::pending_read_list', at offset 896 (in bits) at private-libwebsockets.h:815:1 + + + + 'uint32_t lws_context_per_thread::ah_pool_length', at offset 1184 (in bits) at private-libwebsockets.h:850:1 + + + + 'short int lws_context_per_thread::ah_count_in_use', at offset 1216 (in bits) at private-libwebsockets.h:852:1 + + + + 'unsigned char lws_context_per_thread::lock_depth', at offset 1240 (in bits) at private-libwebsockets.h:854:1 + + + + 21 data member insertions: + + 'unsigned char lws_context_per_thread::is_destroyed', at offset 2 (in bits) at private-lib-core-net.h:479:1 + + 'unsigned char lws_context_per_thread::destroy_self', at offset 3 (in bits) at private-lib-core-net.h:478:1 + + 'unsigned char lws_context_per_thread::event_loop_destroy_processing_done', at offset 4 (in bits) at private-lib-core-net.h:477:1 + + 'unsigned char lws_context_per_thread::event_loop_foreign', at offset 5 (in bits) at private-lib-core-net.h:476:1 + + 'unsigned char lws_context_per_thread::inside_lws_service', at offset 6 (in bits) at private-lib-core-net.h:475:1 + + 'unsigned char lws_context_per_thread::inside_service', at offset 7 (in bits) at private-lib-core-net.h:474:1 + + 'lws_dll2_owner lws_context_per_thread::seq_owner', at offset 192 (in bits) at private-lib-core-net.h:359:1 + + 'lws_dll2_owner_t lws_context_per_thread::attach_owner', at offset 384 (in bits) at private-lib-core-net.h:360:1 + + 'lws_sorted_usec_list_t lws_context_per_thread::sul_ah_lifecheck', at offset 1088 (in bits) at private-lib-core-net.h:377:1 + + 'lws_sorted_usec_list_t lws_context_per_thread::sul_tls', at offset 1408 (in bits) at private-lib-core-net.h:380:1 + + 'lws_sorted_usec_list_t lws_context_per_thread::sul_plat', at offset 1728 (in bits) at private-lib-core-net.h:383:1 + + 'lws_pt_tls lws_context_per_thread::tls', at offset 2048 (in bits) at private-lib-core-net.h:398:1 + + 'lws* lws_context_per_thread::fake_wsi', at offset 2240 (in bits) at private-lib-core-net.h:400:1 + + 'lws_context* lws_context_per_thread::context', at offset 2304 (in bits) at private-lib-core-net.h:402:1 + + 'volatile lws_foreign_thread_pollfd* volatile lws_context_per_thread::foreign_pfd_list', at offset 2496 (in bits) at private-lib-core-net.h:412:1 + + 'lws* lws_context_per_thread::pipe_wsi', at offset 2624 (in bits) at private-lib-core-net.h:418:1 + + 'lws_pt_role_http lws_context_per_thread::http', at offset 2688 (in bits) at private-lib-core-net.h:426:1 + + 'volatile int lws_context_per_thread::service_tid', at offset 3040 (in bits) at private-lib-core-net.h:466:1 + + 'int lws_context_per_thread::service_tid_detected', at offset 3072 (in bits) at private-lib-core-net.h:467:1 + + 'volatile unsigned char lws_context_per_thread::inside_poll', at offset 3104 (in bits) at private-lib-core-net.h:469:1 + + 'volatile unsigned char lws_context_per_thread::foreign_spinlock', at offset 3112 (in bits) at private-lib-core-net.h:470:1 + + 6 data member changes: + + 'pollfd* lws_context_per_thread::fds' offset changed from 384 to 2432 (in bits) (by +2048 bits) + + 'unsigned long int lws_context_per_thread::count_conns' offset changed from 960 to 2944 (in bits) (by +1984 bits) + + 'unsigned char* lws_context_per_thread::serv_buf' offset changed from 1024 to 2368 (in bits) (by +1344 bits) + + 'lws_sockfd_type lws_context_per_thread::dummy_pipe_fds[2]' offset changed from 1088 to 2560 (in bits) (by +1472 bits) + + 'unsigned int lws_context_per_thread::fds_count' offset changed from 1152 to 3008 (in bits) (by +1856 bits) + + 'unsigned char lws_context_per_thread::tid' offset changed from 1232 to 3120 (in bits) (by +1888 bits) + + 3 data member changes: + + type of 'pthread_mutex_t lws_context_per_thread::lock' changed: + + entity changed from 'typedef pthread_mutex_t' to 'struct lws_dll2_owner' at lws-dll2.h:261:1 + + type size changed from 384 to 192 (in bits) + + and name of 'lws_context_per_thread::lock' changed to 'lws_context_per_thread::dll_buflist_owner' at private-lib-core-net.h:358:1 + + type of 'lws* lws_context_per_thread::timeout_list' changed: + + entity changed from 'lws*' to 'struct lws_dll2_owner' at lws-dll2.h:261:1 + + type size changed from 64 to 192 (in bits) + + and name of 'lws_context_per_thread::timeout_list' changed to 'lws_context_per_thread::pt_sul_owner' at private-lib-core-net.h:371:1 + + type of 'lws* lws_context_per_thread::ah_wait_list' changed: + + entity changed from 'lws*' to 'typedef lws_sorted_usec_list_t' at lws-timeout-timer.h:205:1 + + type size changed from 64 to 320 (in bits) + + and name of 'lws_context_per_thread::ah_wait_list' changed to 'lws_context_per_thread::sul_seq_heartbeat' at private-lib-core-net.h:374:1 + + type name changed from 'lws_context_per_thread[32]' to 'lws_context_per_thread[1]' + + array type size changed from 40960 to 3136 + + array type subrange 1 changed length from 32 to 1 + + and offset changed from 1792 to 3840 (in bits) (by +2048 bits) + + type of 'lws** lws_context::lws_lookup' changed: + + in pointed to type 'lws*': + + in pointed to type 'struct lws' at private-lib-core-net.h:642:1: + + type size changed from 4864 to 8256 (in bits) + + 19 data member deletions: + + 'unsigned int lws::extension_data_pending', at offset 2 (in bits) at private-libwebsockets.h:1960:1 + + + + 'time_t lws::pending_timeout_limit', at offset 2880 (in bits) at private-libwebsockets.h:1850:1 + + + + 'lws** lws::same_vh_protocol_prev', at offset 3328 (in bits) at private-libwebsockets.h:1863:1 + + + + 'lws* lws::same_vh_protocol_next', at offset 3392 (in bits) at private-libwebsockets.h:1863:1 + + + + 'unsigned char* lws::rxflow_buffer', at offset 3712 (in bits) at private-libwebsockets.h:1873:1 + + + + 'unsigned char* lws::trunc_alloc', at offset 3776 (in bits) at private-libwebsockets.h:1875:1 + + + + 'SSL* lws::ssl', at offset 4096 (in bits) at private-libwebsockets.h:1887:1 + + + + 'BIO* lws::client_bio', at offset 4160 (in bits) at private-libwebsockets.h:1888:1 + + + + 'lws* lws::pending_read_list_prev', at offset 4224 (in bits) at private-libwebsockets.h:1889:1 + + + + 'uint32_t lws::rxflow_len', at offset 4416 (in bits) at private-libwebsockets.h:1908:1 + + + + 'uint32_t lws::rxflow_pos', at offset 4448 (in bits) at private-libwebsockets.h:1909:1 + + + + 'unsigned int lws::trunc_alloc_len', at offset 4480 (in bits) at private-libwebsockets.h:1910:1 + + + + 'unsigned int lws::trunc_offset', at offset 4512 (in bits) at private-libwebsockets.h:1911:1 + + + + 'unsigned int lws::trunc_len', at offset 4544 (in bits) at private-libwebsockets.h:1912:1 + + + + 'unsigned char lws::count_act_ext', at offset 4704 (in bits) at private-libwebsockets.h:1982:1 + + + + 'uint8_t lws::ietf_spec_revision', at offset 4712 (in bits) at private-libwebsockets.h:1984:1 + + + + 'char lws::mode', at offset 4720 (in bits) at private-libwebsockets.h:1985:1 + + + + 'char lws::state', at offset 4728 (in bits) at private-libwebsockets.h:1986:1 + + + + 'char lws::state_pre_close', at offset 4736 (in bits) at private-libwebsockets.h:1987:1 + + + + 61 data member insertions: + + 'unsigned int lws::client_suppress_CONNECTION_ERROR', at offset 3 (in bits) at private-lib-core-net.h:825:1 + + 'unsigned int lws::client_no_follow_redirect', at offset 4 (in bits) at private-lib-core-net.h:824:1 + + 'unsigned int lws::client_subsequent_mime_part', at offset 5 (in bits) at private-lib-core-net.h:823:1 + + 'unsigned int lws::close_needs_ack', at offset 5 (in bits) at private-lib-core-net.h:785:1 + + 'unsigned int lws::client_mux_migrated', at offset 6 (in bits) at private-lib-core-net.h:822:1 + + 'unsigned int lws::client_mux_substream', at offset 7 (in bits) at private-lib-core-net.h:821:1 + + 'unsigned int lws::told_event_loop_closed', at offset 7 (in bits) at private-lib-core-net.h:783:1 + + 'unsigned int lws::client_h2_alpn', at offset 8 (in bits) at private-lib-core-net.h:820:1 + + 'unsigned int lws::client_pipeline', at offset 9 (in bits) at private-lib-core-net.h:819:1 + + 'unsigned int lws::interpreting', at offset 10 (in bits) at private-lib-core-net.h:780:1 + + 'unsigned int lws::redirected_to_get', at offset 10 (in bits) at private-lib-core-net.h:818:1 + + 'unsigned int lws::keepalive_active', at offset 12 (in bits) at private-lib-core-net.h:816:1 + + 'unsigned int lws::transaction_from_pipeline_queue', at offset 13 (in bits) at private-lib-core-net.h:815:1 + + 'unsigned int lws::shadow', at offset 18 (in bits) at private-lib-core-net.h:805:1 + + 'unsigned int lws::outer_will_close', at offset 19 (in bits) at private-lib-core-net.h:804:1 + + 'unsigned int lws::could_have_pending', at offset 20 (in bits) at private-lib-core-net.h:803:1 + + 'unsigned int lws::do_broadcast', at offset 21 (in bits) at private-lib-core-net.h:770:1 + + 'unsigned int lws::skip_fallback', at offset 21 (in bits) at private-lib-core-net.h:801:1 + + 'unsigned int lws::validity_hup', at offset 22 (in bits) at private-lib-core-net.h:800:1 + + 'unsigned int lws::oom4', at offset 23 (in bits) at private-lib-core-net.h:799:1 + + 'unsigned int lws::do_bind', at offset 24 (in bits) at private-lib-core-net.h:798:1 + + 'unsigned int lws::h2_acked_settings', at offset 25 (in bits) at private-lib-core-net.h:766:1 + + 'unsigned int lws::proxied_ws_parent', at offset 25 (in bits) at private-lib-core-net.h:797:1 + + 'unsigned int lws::h1_ws_proxied', at offset 26 (in bits) at private-lib-core-net.h:796:1 + + 'unsigned int lws::h2_stream_carries_sse', at offset 26 (in bits) at private-lib-core-net.h:765:1 + + 'unsigned int lws::close_when_buffered_out_drained', at offset 27 (in bits) at private-lib-core-net.h:795:1 + + 'unsigned int lws::unix_skt', at offset 28 (in bits) at private-lib-core-net.h:794:1 + + 'unsigned int lws::protocol_bind_balance', at offset 29 (in bits) at private-lib-core-net.h:793:1 + + 'unsigned int lws::mux_substream', at offset 30 (in bits) at private-lib-core-net.h:761:1 + + 'unsigned int lws::event_pipe', at offset 31 (in bits) at private-lib-core-net.h:791:1 + + '_lws_h2_related lws::h2', at offset 3264 (in bits) at private-lib-core-net.h:649:1 + + 'lws_sorted_usec_list_t lws::sul_validity', at offset 4608 (in bits) at private-lib-core-net.h:682:1 + + 'lws_dll2 lws::dll_buflist', at offset 4928 (in bits) at private-lib-core-net.h:684:1 + + 'lws_dll2 lws::same_vh_protocol', at offset 5120 (in bits) at private-lib-core-net.h:685:1 + + 'lws_dll2 lws::vh_awaiting_socket', at offset 5312 (in bits) at private-lib-core-net.h:686:1 + + 'lws_dll2 lws::dll_cli_active_conns', at offset 5504 (in bits) at private-lib-core-net.h:692:1 + + 'lws_dll2 lws::dll2_cli_txn_queue', at offset 5696 (in bits) at private-lib-core-net.h:693:1 + + 'lws_dll2_owner lws::dll2_cli_txn_queue_owner', at offset 5888 (in bits) at private-lib-core-net.h:694:1 + + 'const lws_role_ops* lws::role_ops', at offset 6400 (in bits) at private-lib-core-net.h:707:1 + + 'lws_sequencer* lws::seq', at offset 6528 (in bits) at private-lib-core-net.h:709:1 + + 'const lws_retry_bo_t* lws::retry_policy', at offset 6592 (in bits) at private-lib-core-net.h:710:1 + + 'lws_threadpool_task* lws::tp_task', at offset 6656 (in bits) at private-lib-core-net.h:713:1 + + 'lws_udp* lws::udp', at offset 6720 (in bits) at private-lib-core-net.h:721:1 + + 'client_info_stash* lws::stash', at offset 6784 (in bits) at private-lib-core-net.h:724:1 + + 'char* lws::cli_hostname_copy', at offset 6848 (in bits) at private-lib-core-net.h:725:1 + + 'const addrinfo* lws::dns_results', at offset 6912 (in bits) at private-lib-core-net.h:726:1 + + 'const addrinfo* lws::dns_results_next', at offset 6976 (in bits) at private-lib-core-net.h:727:1 + + 'void* lws::opaque_user_data', at offset 7168 (in bits) at private-lib-core-net.h:731:1 + + 'lws_buflist* lws::buflist', at offset 7232 (in bits) at private-lib-core-net.h:733:1 + + 'lws_buflist* lws::buflist_out', at offset 7296 (in bits) at private-lib-core-net.h:734:1 + + 'lws_lws_tls lws::tls', at offset 7360 (in bits) at private-lib-core-net.h:737:1 + + 'lws_wsi_state_t lws::wsistate', at offset 7776 (in bits) at private-lib-core-net.h:747:1 + + 'lws_wsi_state_t lws::wsistate_pre_close', at offset 7808 (in bits) at private-lib-core-net.h:748:1 + + 'int lws::flags', at offset 7904 (in bits) at private-lib-core-net.h:756:1 + + 'uint16_t lws::ocport', at offset 8032 (in bits) at private-lib-core-net.h:834:1 + + 'uint16_t lws::retry', at offset 8064 (in bits) at private-lib-core-net.h:835:1 + + 'uint8_t lws::bound_vhost_index', at offset 8136 (in bits) at private-lib-core-net.h:846:1 + + 'uint8_t lws::lsp_channel', at offset 8144 (in bits) at private-lib-core-net.h:847:1 + + 'uint8_t lws::addrinfo_idx', at offset 8160 (in bits) at private-lib-core-net.h:853:1 + + 'uint8_t lws::sys_tls_client_cert', at offset 8168 (in bits) at private-lib-core-net.h:854:1 + + 'uint8_t lws::immortal_substream_count', at offset 8184 (in bits) at private-lib-core-net.h:862:1 + + 47 data member changes: + + 'unsigned int lws::client_http_body_pending' offset changed from 3 to 14 (in bits) (by +11 bits) + + 'unsigned int lws::client_rx_avail' offset changed from 4 to 15 (in bits) (by +11 bits) + + 'unsigned int lws::chunked' offset changed from 5 to 16 (in bits) (by +11 bits) + + 'unsigned int lws::do_ws' offset changed from 6 to 17 (in bits) (by +11 bits) + + 'unsigned int lws::rxflow_will_be_applied' offset changed from 7 to 7968 (in bits) (by +7961 bits) + + 'unsigned int lws::seen_zero_length_recv' offset changed from 8 to 1 (in bits) (by -7 bits) + + 'unsigned int lws::cgi_stdout_zero_length' offset changed from 9 to 2 (in bits) (by -7 bits) + + 'unsigned int lws::parent_pending_cb_on_writable' offset changed from 10 to 3 (in bits) (by -7 bits) + + 'unsigned int lws::ipv6' offset changed from 12 to 4 (in bits) (by -8 bits) + + 'unsigned int lws::waiting_to_send_close_frame' offset changed from 13 to 6 (in bits) (by -7 bits) + + 'unsigned int lws::told_user_closed' offset changed from 14 to 8 (in bits) (by -6 bits) + + 'unsigned int lws::already_did_cce' offset changed from 15 to 9 (in bits) (by -6 bits) + + 'unsigned int lws::sending_chunked' offset changed from 16 to 11 (in bits) (by -5 bits) + + 'unsigned int lws::favoured_pollin' offset changed from 17 to 12 (in bits) (by -5 bits) + + 'unsigned int lws::cache_intermediaries' offset changed from 18 to 13 (in bits) (by -5 bits) + + 'unsigned int lws::cache_revalidate' offset changed from 19 to 14 (in bits) (by -5 bits) + + 'unsigned int lws::cache_reuse' offset changed from 20 to 15 (in bits) (by -5 bits) + + 'unsigned int lws::conn_stat_done' offset changed from 21 to 16 (in bits) (by -5 bits) + + 'unsigned int lws::rxflow_change_to' offset changed from 23 to 17 (in bits) (by -6 bits) + + type of 'volatile unsigned int lws::leave_pollout_active' changed: + + 'volatile unsigned int' changed to 'volatile char' + + and offset changed from 25 to 8200 (in bits) (by +8175 bits) + + 'unsigned int lws::socket_is_permanently_unusable' offset changed from 25 to 19 (in bits) (by -6 bits) + + type of 'volatile unsigned int lws::handling_pollout' changed: + + 'volatile unsigned int' changed to 'volatile char' + + and offset changed from 26 to 8192 (in bits) (by +8166 bits) + + 'unsigned int lws::user_space_externally_allocated' offset changed from 26 to 20 (in bits) (by -6 bits) + + 'unsigned int lws::listener' offset changed from 27 to 23 (in bits) (by -4 bits) + + 'unsigned int lws::seen_nonpseudoheader' offset changed from 28 to 24 (in bits) (by -4 bits) + + 'lws_context* lws::context' offset changed from 2944 to 6080 (in bits) (by +3136 bits) + + type of 'lws_vhost* lws::vhost' changed: + + in pointed to type 'struct lws_vhost' at private-lib-core-net.h:511:1: + + type size changed from 4160 to 8192 (in bits) + + 11 data member deletions: + + 'char lws_vhost::http_proxy_address[128]', at offset 0 (in bits) at private-libwebsockets.h:902:1 + + + + 'unsigned int lws_vhost::user_supplied_ssl_ctx', at offset 31 (in bits) at private-libwebsockets.h:964:1 + + + + 'lws_conn_stats lws_vhost::conn_stats', at offset 2048 (in bits) at private-libwebsockets.h:917:1 + + + + 'const lws_http_mount* lws_vhost::mount_list', at offset 2816 (in bits) at private-libwebsockets.h:920:1 + + + + 'lws** lws_vhost::same_vh_protocol_list', at offset 3392 (in bits) at private-libwebsockets.h:931:1 + + + + 'SSL_CTX* lws_vhost::ssl_ctx', at offset 3456 (in bits) at private-libwebsockets.h:933:1 + + + + 'SSL_CTX* lws_vhost::ssl_client_ctx', at offset 3520 (in bits) at private-libwebsockets.h:934:1 + + + + 'unsigned int lws_vhost::http_proxy_port', at offset 3744 (in bits) at private-libwebsockets.h:945:1 + + + + 'int lws_vhost::ssl_info_event_mask', at offset 4000 (in bits) at private-libwebsockets.h:956:1 + + + + 'int lws_vhost::use_ssl', at offset 4032 (in bits) at private-libwebsockets.h:962:1 + + + + 'int lws_vhost::allow_non_ssl_on_ssl_port', at offset 4064 (in bits) at private-libwebsockets.h:963:1 + + + + 21 data member insertions: + + 'uint8_t lws_vhost::from_ss_policy', at offset 4 (in bits) at private-lib-core-net.h:603:1 + + 'uint8_t lws_vhost::allocated_vhost_protocols', at offset 7 (in bits) at private-lib-core-net.h:600:1 + + 'lws_vhost_role_h2 lws_vhost::h2', at offset 1024 (in bits) at private-lib-core-net.h:521:1 + + 'lws_vhost_role_http lws_vhost::http', at offset 1344 (in bits) at private-lib-core-net.h:524:1 + + 'char lws_vhost::socks_proxy_address[128]', at offset 2560 (in bits) at private-lib-core-net.h:531:1 + + 'char lws_vhost::socks_password[96]', at offset 4352 (in bits) at private-lib-core-net.h:533:1 + + 'const lws_retry_bo_t* lws_vhost::retry_policy', at offset 5312 (in bits) at private-lib-core-net.h:547:1 + + 'const char* lws_vhost::listen_accept_role', at offset 5568 (in bits) at private-lib-core-net.h:552:1 + + 'const char* lws_vhost::listen_accept_protocol', at offset 5632 (in bits) at private-lib-core-net.h:553:1 + + 'const char* lws_vhost::unix_socket_perms', at offset 5696 (in bits) at private-lib-core-net.h:554:1 + + 'void (lws_vhost*, void*)* lws_vhost::finalize', at offset 5760 (in bits) at private-lib-core-net.h:556:1 + + 'void* lws_vhost::finalize_arg', at offset 5824 (in bits) at private-lib-core-net.h:557:1 + + 'lws_dll2_owner* lws_vhost::same_vh_protocol_owner', at offset 6144 (in bits) at private-lib-core-net.h:563:1 + + 'lws_vhost* lws_vhost::no_listener_vhost_list', at offset 6208 (in bits) at private-lib-core-net.h:564:1 + + 'lws_dll2_owner lws_vhost::abstract_instances_owner', at offset 6272 (in bits) at private-lib-core-net.h:565:1 + + 'lws_dll2_owner lws_vhost::dll_cli_active_conns_owner', at offset 6464 (in bits) at private-lib-core-net.h:568:1 + + 'lws_dll2_owner lws_vhost::vh_awaiting_socket_owner', at offset 6656 (in bits) at private-lib-core-net.h:570:1 + + 'lws_vhost_tls lws_vhost::tls', at offset 6848 (in bits) at private-lib-core-net.h:573:1 + + 'lws_timed_vh_protocol* lws_vhost::timed_vh_protocol_list', at offset 7680 (in bits) at private-lib-core-net.h:576:1 + + 'unsigned int lws_vhost::socks_proxy_port', at offset 7872 (in bits) at private-lib-core-net.h:585:1 + + 'int lws_vhost::count_bound_wsi', at offset 8096 (in bits) at private-lib-core-net.h:594:1 + + 24 data member changes: + + type of 'unsigned int lws_vhost::being_destroyed' changed: + + entity changed from 'unsigned int' to compatible type 'typedef uint8_t' at stdint-uintn.h:24:1 + + type name changed from 'unsigned int' to 'unsigned char' + + type size changed from 32 to 8 (in bits) + + and offset changed from 29 to 5 (in bits) (by -24 bits) + + type of 'unsigned int lws_vhost::created_vhost_protocols' changed: + + entity changed from 'unsigned int' to compatible type 'typedef uint8_t' at stdint-uintn.h:24:1 + + type name changed from 'unsigned int' to 'unsigned char' + + type size changed from 32 to 8 (in bits) + + and offset changed from 30 to 6 (in bits) (by -24 bits) + + 'char lws_vhost::proxy_basic_auth_token[128]' offset changed from 1024 to 0 (in bits) (by -1024 bits) + + 'lws_context* lws_vhost::context' offset changed from 2688 to 5184 (in bits) (by +2496 bits) + + 'lws_vhost* lws_vhost::vhost_next' offset changed from 2752 to 5248 (in bits) (by +2496 bits) + + 'lws* lws_vhost::lserv_wsi' offset changed from 2880 to 5376 (in bits) (by +2496 bits) + + 'const char* lws_vhost::name' offset changed from 2944 to 5440 (in bits) (by +2496 bits) + + 'const char* lws_vhost::iface' offset changed from 3008 to 5504 (in bits) (by +2496 bits) + + 'int lws_vhost::bind_iface' offset changed from 3072 to 7840 (in bits) (by +4768 bits) + + 'const lws_protocols* lws_vhost::protocols' offset changed from 3136 to 5888 (in bits) (by +2752 bits) + + 'void** lws_vhost::protocol_vh_privs' offset changed from 3200 to 5952 (in bits) (by +2752 bits) + + 'const lws_protocol_vhost_options* lws_vhost::pvo' offset changed from 3264 to 6016 (in bits) (by +2752 bits) + + 'const lws_protocol_vhost_options* lws_vhost::headers' offset changed from 3328 to 6080 (in bits) (by +2752 bits) + + 'void* lws_vhost::user' offset changed from 3648 to 7744 (in bits) (by +4096 bits) + + 'int lws_vhost::listen_port' offset changed from 3712 to 7808 (in bits) (by +4096 bits) + + type of 'unsigned int lws_vhost::options' changed: + + entity changed from 'unsigned int' to compatible type 'typedef uint64_t' at stdint-uintn.h:27:1 + + type name changed from 'unsigned int' to 'unsigned long int' + + type size changed from 32 to 64 (in bits) + + and offset changed from 3776 to 5120 (in bits) (by +1344 bits) + + 'int lws_vhost::count_protocols' offset changed from 3808 to 7904 (in bits) (by +4096 bits) + + 'int lws_vhost::ka_time' offset changed from 3840 to 7936 (in bits) (by +4096 bits) + + 'int lws_vhost::ka_probes' offset changed from 3872 to 7968 (in bits) (by +4096 bits) + + 'int lws_vhost::ka_interval' offset changed from 3904 to 8000 (in bits) (by +4096 bits) + + 'int lws_vhost::keepalive_timeout' offset changed from 3936 to 8032 (in bits) (by +4096 bits) + + 'int lws_vhost::timeout_secs_ah_idle' offset changed from 3968 to 8064 (in bits) (by +4096 bits) + + 'unsigned char lws_vhost::default_protocol_index' offset changed from 4104 to 8136 (in bits) (by +4032 bits) + + 'unsigned char lws_vhost::raw_protocol_index' offset changed from 4112 to 8144 (in bits) (by +4032 bits) + + 1 data member change: + + type of 'const lws_extension* lws_vhost::extensions' changed: + + entity changed from 'const lws_extension*' to 'char[96]' + + type size changed from 64 to 768 (in bits) + + and name of 'lws_vhost::extensions' changed to 'lws_vhost::socks_user' at private-lib-core-net.h:532:1 + + and offset changed from 3008 to 6144 (in bits) (by +3136 bits) + + 'lws* lws::parent' offset changed from 3072 to 6208 (in bits) (by +3136 bits) + + 'lws* lws::child_list' offset changed from 3136 to 6272 (in bits) (by +3136 bits) + + 'lws* lws::sibling_list' offset changed from 3200 to 6336 (in bits) (by +3136 bits) + + type of 'const lws_protocols* lws::protocol' changed: + + in pointed to type 'const lws_protocols': + + in unqualified underlying type 'struct lws_protocols' at lws-protocols-plugins.h:44:1: + + type size hasn't changed + + 1 data member change: + + type of 'lws_callback_function* lws_protocols::callback' changed: + + in pointed to type 'typedef lws_callback_function' at lws-callbacks.h:879:1: + + underlying type 'function type int (lws*, enum lws_callback_reasons, void*, void*, typedef size_t)' changed: + + parameter 2 of type 'enum lws_callback_reasons' has sub-type changes: + + type size hasn't changed + + 1 enumerator deletion: + + 'lws_callback_reasons::LWS_CALLBACK_CHILD_WRITE_VIA_PARENT' value '68' + + + + 42 enumerator insertions: + + 'lws_callback_reasons::LWS_CALLBACK_EVENT_WAIT_CANCELLED' value '71' + + 'lws_callback_reasons::LWS_CALLBACK_VHOST_CERT_AGING' value '72' + + 'lws_callback_reasons::LWS_CALLBACK_TIMER' value '73' + + 'lws_callback_reasons::LWS_CALLBACK_VHOST_CERT_UPDATE' value '74' + + 'lws_callback_reasons::LWS_CALLBACK_CLIENT_CLOSED' value '75' + + 'lws_callback_reasons::LWS_CALLBACK_CLIENT_HTTP_DROP_PROTOCOL' value '76' + + 'lws_callback_reasons::LWS_CALLBACK_WS_SERVER_BIND_PROTOCOL' value '77' + + 'lws_callback_reasons::LWS_CALLBACK_WS_SERVER_DROP_PROTOCOL' value '78' + + 'lws_callback_reasons::LWS_CALLBACK_WS_CLIENT_BIND_PROTOCOL' value '79' + + 'lws_callback_reasons::LWS_CALLBACK_WS_CLIENT_DROP_PROTOCOL' value '80' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_SKT_BIND_PROTOCOL' value '81' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_SKT_DROP_PROTOCOL' value '82' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_FILE_BIND_PROTOCOL' value '83' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_FILE_DROP_PROTOCOL' value '84' + + 'lws_callback_reasons::LWS_CALLBACK_CLIENT_HTTP_BIND_PROTOCOL' value '85' + + 'lws_callback_reasons::LWS_CALLBACK_HTTP_CONFIRM_UPGRADE' value '86' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_CLI_RX' value '89' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_SRV_RX' value '90' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_CLI_CLOSE' value '91' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_SRV_CLOSE' value '92' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_CLI_WRITEABLE' value '93' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_SRV_WRITEABLE' value '94' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_CLI_ADOPT' value '95' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_SRV_ADOPT' value '96' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_CLI_BIND_PROTOCOL' value '97' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_SRV_BIND_PROTOCOL' value '98' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_CLI_DROP_PROTOCOL' value '99' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_PROXY_SRV_DROP_PROTOCOL' value '100' + + 'lws_callback_reasons::LWS_CALLBACK_RAW_CONNECTED' value '101' + + 'lws_callback_reasons::LWS_CALLBACK_VERIFY_BASIC_AUTHORIZATION' value '102' + + 'lws_callback_reasons::LWS_CALLBACK_WSI_TX_CREDIT_GET' value '103' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_NEW_CLIENT_INSTANTIATED' value '200' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_IDLE' value '201' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_CLIENT_ESTABLISHED' value '202' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_SUBSCRIBED' value '203' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_CLIENT_WRITEABLE' value '204' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_CLIENT_RX' value '205' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_UNSUBSCRIBED' value '206' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_DROP_PROTOCOL' value '207' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_CLIENT_CLOSED' value '208' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_ACK' value '209' + + 'lws_callback_reasons::LWS_CALLBACK_MQTT_RESEND' value '210' + + + + + + and offset changed from 3264 to 6464 (in bits) (by +3200 bits) + + 'void* lws::user_space' offset changed from 3584 to 7040 (in bits) (by +3456 bits) + + 'void* lws::opaque_parent_data' offset changed from 3648 to 7104 (in bits) (by +3456 bits) + + 'lws_sock_file_fd_type lws::desc' offset changed from 4352 to 7744 (in bits) (by +3392 bits) + + 'int lws::position_in_fds_table' offset changed from 4384 to 7840 (in bits) (by +3456 bits) + + 'int lws::chunk_remaining' offset changed from 4576 to 7872 (in bits) (by +3296 bits) + + 'unsigned int lws::cache_secs' offset changed from 4608 to 7936 (in bits) (by +3328 bits) + + 'unsigned short int lws::c_port' offset changed from 4688 to 8048 (in bits) (by +3360 bits) + + 'char lws::lws_rx_parse_state' offset changed from 4744 to 8080 (in bits) (by +3336 bits) + + 'char lws::rx_frame_type' offset changed from 4752 to 8088 (in bits) (by +3336 bits) + + 'char lws::pending_timeout' offset changed from 4760 to 8096 (in bits) (by +3336 bits) + + 'char lws::tsi' offset changed from 4768 to 8104 (in bits) (by +3336 bits) + + 'char lws::protocol_interpret_idx' offset changed from 4776 to 8112 (in bits) (by +3336 bits) + + 'char lws::redirects' offset changed from 4784 to 8120 (in bits) (by +3336 bits) + + 'uint8_t lws::rxflow_bitmap' offset changed from 4792 to 8128 (in bits) (by +3336 bits) + + 'char lws::chunk_parser' offset changed from 4800 to 8152 (in bits) (by +3352 bits) + + 'char lws::reason_bf' offset changed from 4808 to 8176 (in bits) (by +3368 bits) + + 6 data member changes (5 filtered): + + type of 'u lws::u' changed: + + entity changed from 'union u' to 'struct _lws_http_mode_related' at private-lib-roles-http.h:217:1 + + type size changed from 2880 to 3264 (in bits) + + and name of 'lws::u' changed to 'lws::http' at private-lib-core-net.h:646:1 + + type of 'lws* lws::timeout_list' changed: + + in pointed to type 'struct lws' at private-lib-roles-ws.h:90:1: + + type name changed from 'lws' to '_lws_websocket_related' + + type size changed from 4864 to 1920 (in bits) + + 62 data member deletions: + + 'unsigned int lws::extension_data_pending', at offset 2 (in bits) at private-libwebsockets.h:1960:1 + + + + 'unsigned int lws::client_http_body_pending', at offset 3 (in bits) at private-libwebsockets.h:1954:1 + + + + 'unsigned int lws::client_rx_avail', at offset 4 (in bits) at private-libwebsockets.h:1953:1 + + + + 'unsigned int lws::chunked', at offset 5 (in bits) at private-libwebsockets.h:1952:1 + + + + 'unsigned int lws::do_ws', at offset 6 (in bits) at private-libwebsockets.h:1951:1 + + + + 'unsigned int lws::rxflow_will_be_applied', at offset 7 (in bits) at private-libwebsockets.h:1941:1 + + + + 'volatile unsigned int lws::leave_pollout_active', at offset 25 (in bits) at private-libwebsockets.h:1974:1 + + + + 'unsigned int lws::socket_is_permanently_unusable', at offset 25 (in bits) at private-libwebsockets.h:1924:1 + + + + 'volatile unsigned int lws::handling_pollout', at offset 26 (in bits) at private-libwebsockets.h:1973:1 + + + + 'unsigned int lws::user_space_externally_allocated', at offset 26 (in bits) at private-libwebsockets.h:1923:1 + + + + 'unsigned int lws::listener', at offset 27 (in bits) at private-libwebsockets.h:1922:1 + + + + 'unsigned int lws::redirect_to_https', at offset 27 (in bits) at private-libwebsockets.h:1969:1 + + + + 'unsigned int lws::seen_nonpseudoheader', at offset 28 (in bits) at private-libwebsockets.h:1921:1 + + + + 'unsigned int lws::use_ssl', at offset 28 (in bits) at private-libwebsockets.h:1963:1 + + + + 'unsigned int lws::upgraded_to_http2', at offset 29 (in bits) at private-libwebsockets.h:1920:1 + + + + 'unsigned int lws::http2_substream', at offset 30 (in bits) at private-libwebsockets.h:1919:1 + + + + 'unsigned int lws::hdr_parsing_completed', at offset 31 (in bits) at private-libwebsockets.h:1918:1 + + + + 'time_t lws::pending_timeout_limit', at offset 2880 (in bits) at private-libwebsockets.h:1850:1 + + + + 'lws_context* lws::context', at offset 2944 (in bits) at private-libwebsockets.h:1854:1 + + + + 'lws_vhost* lws::vhost', at offset 3008 (in bits) at private-libwebsockets.h:1855:1 + + + + 'lws* lws::parent', at offset 3072 (in bits) at private-libwebsockets.h:1856:1 + + + + 'lws* lws::child_list', at offset 3136 (in bits) at private-libwebsockets.h:1857:1 + + + + 'lws* lws::sibling_list', at offset 3200 (in bits) at private-libwebsockets.h:1858:1 + + + + 'const lws_protocols* lws::protocol', at offset 3264 (in bits) at private-libwebsockets.h:1862:1 + + + + 'lws** lws::same_vh_protocol_prev', at offset 3328 (in bits) at private-libwebsockets.h:1863:1 + + + + 'lws* lws::same_vh_protocol_next', at offset 3392 (in bits) at private-libwebsockets.h:1863:1 + + + + 'lws* lws::timeout_list', at offset 3456 (in bits) at private-libwebsockets.h:1864:1 + + + + 'lws** lws::timeout_list_prev', at offset 3520 (in bits) at private-libwebsockets.h:1865:1 + + + + 'void* lws::user_space', at offset 3584 (in bits) at private-libwebsockets.h:1870:1 + + + + 'void* lws::opaque_parent_data', at offset 3648 (in bits) at private-libwebsockets.h:1871:1 + + + + 'unsigned char* lws::rxflow_buffer', at offset 3712 (in bits) at private-libwebsockets.h:1873:1 + + + + 'unsigned char* lws::trunc_alloc', at offset 3776 (in bits) at private-libwebsockets.h:1875:1 + + + + 'const lws_extension* lws::active_extensions[2]', at offset 3840 (in bits) at private-libwebsockets.h:1883:1 + + + + 'void* lws::act_ext_user[2]', at offset 3968 (in bits) at private-libwebsockets.h:1884:1 + + + + 'SSL* lws::ssl', at offset 4096 (in bits) at private-libwebsockets.h:1887:1 + + + + 'BIO* lws::client_bio', at offset 4160 (in bits) at private-libwebsockets.h:1888:1 + + + + 'lws* lws::pending_read_list_prev', at offset 4224 (in bits) at private-libwebsockets.h:1889:1 + + + + 'lws* lws::pending_read_list_next', at offset 4288 (in bits) at private-libwebsockets.h:1889:1 + + + + 'lws_sock_file_fd_type lws::desc', at offset 4352 (in bits) at private-libwebsockets.h:1902:1 + + + + 'int lws::position_in_fds_table', at offset 4384 (in bits) at private-libwebsockets.h:1907:1 + + + + 'uint32_t lws::rxflow_len', at offset 4416 (in bits) at private-libwebsockets.h:1908:1 + + + + 'uint32_t lws::rxflow_pos', at offset 4448 (in bits) at private-libwebsockets.h:1909:1 + + + + 'unsigned int lws::trunc_alloc_len', at offset 4480 (in bits) at private-libwebsockets.h:1910:1 + + + + 'unsigned int lws::trunc_offset', at offset 4512 (in bits) at private-libwebsockets.h:1911:1 + + + + 'unsigned int lws::trunc_len', at offset 4544 (in bits) at private-libwebsockets.h:1912:1 + + + + 'int lws::chunk_remaining', at offset 4576 (in bits) at private-libwebsockets.h:1914:1 + + + + 'unsigned int lws::cache_secs', at offset 4608 (in bits) at private-libwebsockets.h:1916:1 + + + + 'unsigned short int lws::c_port', at offset 4688 (in bits) at private-libwebsockets.h:1977:1 + + + + 'unsigned char lws::count_act_ext', at offset 4704 (in bits) at private-libwebsockets.h:1982:1 + + + + 'uint8_t lws::ietf_spec_revision', at offset 4712 (in bits) at private-libwebsockets.h:1984:1 + + + + 'char lws::mode', at offset 4720 (in bits) at private-libwebsockets.h:1985:1 + + + + 'char lws::state', at offset 4728 (in bits) at private-libwebsockets.h:1986:1 + + + + 'char lws::state_pre_close', at offset 4736 (in bits) at private-libwebsockets.h:1987:1 + + + + 'char lws::lws_rx_parse_state', at offset 4744 (in bits) at private-libwebsockets.h:1988:1 + + + + 'char lws::rx_frame_type', at offset 4752 (in bits) at private-libwebsockets.h:1989:1 + + + + 'char lws::pending_timeout', at offset 4760 (in bits) at private-libwebsockets.h:1990:1 + + + + 'char lws::tsi', at offset 4768 (in bits) at private-libwebsockets.h:1991:1 + + + + 'char lws::protocol_interpret_idx', at offset 4776 (in bits) at private-libwebsockets.h:1992:1 + + + + 'char lws::redirects', at offset 4784 (in bits) at private-libwebsockets.h:1993:1 + + + + 'uint8_t lws::rxflow_bitmap', at offset 4792 (in bits) at private-libwebsockets.h:1994:1 + + + + 'char lws::chunk_parser', at offset 4800 (in bits) at private-libwebsockets.h:2000:1 + + + + 'char lws::reason_bf', at offset 4808 (in bits) at private-libwebsockets.h:2003:1 + + + + 18 data member insertions: + + 'lws_dll2_owner _lws_websocket_related::proxy_owner', at offset 64 (in bits) at private-lib-roles-ws.h:100:1 + + 'char _lws_websocket_related::actual_protocol[16]', at offset 256 (in bits) at private-lib-roles-ws.h:101:1 + + 'size_t _lws_websocket_related::proxy_buffered', at offset 384 (in bits) at private-lib-roles-ws.h:102:1 + + 'uint8_t _lws_websocket_related::ping_payload_buf[141]', at offset 448 (in bits) at private-lib-roles-ws.h:106:1 + + 'uint8_t _lws_websocket_related::mask[4]', at offset 1592 (in bits) at private-lib-roles-ws.h:131:1 + + 'size_t _lws_websocket_related::rx_packet_length', at offset 1664 (in bits) at private-lib-roles-ws.h:133:1 + + 'uint32_t _lws_websocket_related::rx_ubuf_head', at offset 1728 (in bits) at private-lib-roles-ws.h:134:1 + + 'uint32_t _lws_websocket_related::rx_ubuf_alloc', at offset 1760 (in bits) at private-lib-roles-ws.h:135:1 + + 'uint8_t _lws_websocket_related::ping_payload_len', at offset 1792 (in bits) at private-lib-roles-ws.h:137:1 + + 'uint8_t _lws_websocket_related::mask_idx', at offset 1800 (in bits) at private-lib-roles-ws.h:138:1 + + 'uint8_t _lws_websocket_related::opcode', at offset 1808 (in bits) at private-lib-roles-ws.h:139:1 + + 'uint8_t _lws_websocket_related::rsv', at offset 1816 (in bits) at private-lib-roles-ws.h:140:1 + + 'uint8_t _lws_websocket_related::rsv_first_msg', at offset 1824 (in bits) at private-lib-roles-ws.h:141:1 + + 'uint8_t _lws_websocket_related::close_in_ping_buffer_len', at offset 1832 (in bits) at private-lib-roles-ws.h:143:1 + + 'uint8_t _lws_websocket_related::utf8', at offset 1840 (in bits) at private-lib-roles-ws.h:144:1 + + 'uint8_t _lws_websocket_related::stashed_write_type', at offset 1848 (in bits) at private-lib-roles-ws.h:145:1 + + 'uint8_t _lws_websocket_related::tx_draining_stashed_wp', at offset 1856 (in bits) at private-lib-roles-ws.h:146:1 + + 'uint8_t _lws_websocket_related::ietf_spec_revision', at offset 1864 (in bits) at private-lib-roles-ws.h:147:1 + + 1 data member changes (16 filtered): + + type of 'u lws::u' changed: + + entity changed from 'union u' to 'unsigned char*' + + type size changed from 2880 to 64 (in bits) + + and name of 'lws::u' changed to '_lws_websocket_related::rx_ubuf' at private-lib-roles-ws.h:91:1 + + and name of 'lws::timeout_list' changed to 'lws::ws' at private-lib-core-net.h:652:1 + + type of 'lws** lws::timeout_list_prev' changed: + + entity changed from 'lws**' to 'struct lws_muxable' at private-lib-core-net.h:36:1 + + type size changed from 64 to 320 (in bits) + + and name of 'lws::timeout_list_prev' changed to 'lws::mux' at private-lib-core-net.h:662:1 + + type of 'const lws_extension* lws::active_extensions[2]' changed: + + entity changed from 'const lws_extension*[2]' to 'struct lws_tx_credit' at private-lib-core.h:141:1 + + and name of 'lws::active_extensions' changed to 'lws::txc' at private-lib-core-net.h:663:1 + + type of 'void* lws::act_ext_user[2]' changed: + + entity changed from 'void*[2]' to 'typedef lws_sorted_usec_list_t' at lws-timeout-timer.h:205:1 + + type size changed from 128 to 320 (in bits) + + and name of 'lws::act_ext_user' changed to 'lws::sul_timeout' at private-lib-core-net.h:680:1 + + type of 'lws* lws::pending_read_list_next' changed: + + entity changed from 'lws*' to 'typedef lws_sorted_usec_list_t' at lws-timeout-timer.h:205:1 + + type size changed from 64 to 320 (in bits) + + and name of 'lws::pending_read_list_next' changed to 'lws::sul_hrtimer' at private-lib-core-net.h:681:1 + + and offset changed from 43840 to 9664 (in bits) (by -34176 bits) + + 'lws_vhost* lws_context::vhost_list' offset changed from 43904 to 9216 (in bits) (by -34688 bits) + + 'lws_vhost* lws_context::vhost_pending_destruction_list' offset changed from 43968 to 9344 (in bits) (by -34624 bits) + + 'lws_deferred_free* lws_context::deferred_free_list' offset changed from 44096 to 9984 (in bits) (by -34112 bits) + + 'void* lws_context::external_baggage_free_on_destroy' offset changed from 44160 to 10176 (in bits) (by -33984 bits) + + type of 'const lws_token_limits* lws_context::token_limits' changed: + + in pointed to type 'const lws_token_limits': + + in unqualified underlying type 'struct lws_token_limits' at lws-http.h:368:1: + + type size changed from 1456 to 1520 (in bits) + + 1 data member change: + + type of 'unsigned short int lws_token_limits::token_limit[91]' changed: + + type name changed from 'unsigned short int[91]' to 'unsigned short int[95]' + + array type size changed from 1456 to 1520 + + array type subrange 1 changed length from 91 to 95 + + + + and offset changed from 44224 to 10240 (in bits) (by -33984 bits) + + 'void* lws_context::user_space' offset changed from 44288 to 10304 (in bits) (by -33984 bits) + + 'const char* lws_context::server_string' offset changed from 44352 to 9472 (in bits) (by -34880 bits) + + 'const lws_protocol_vhost_options* lws_context::reject_service_keywords' offset changed from 44416 to 10368 (in bits) (by -34048 bits) + + 'lws_reload_func lws_context::deprecation_cb' offset changed from 44480 to 10432 (in bits) (by -34048 bits) + + type of 'char lws_context::canonical_hostname[128]' changed: + + type name changed from 'char[128]' to 'char[96]' + + array type size changed from 1024 to 768 + + array type subrange 1 changed length from 128 to 96 + + and offset changed from 44544 to 0 (in bits) (by -44544 bits) + + 'int lws_context::max_fds' offset changed from 45568 to 10752 (in bits) (by -34816 bits) + + 'int lws_context::uid' offset changed from 45632 to 10816 (in bits) (by -34816 bits) + + 'int lws_context::gid' offset changed from 45664 to 10848 (in bits) (by -34816 bits) + + 'int lws_context::fd_random' offset changed from 45696 to 10880 (in bits) (by -34816 bits) + + 'int lws_context::count_wsi_allocated' offset changed from 45728 to 10912 (in bits) (by -34816 bits) + + 'int lws_context::count_cgi_spawned' offset changed from 45760 to 10944 (in bits) (by -34816 bits) + + type of 'unsigned int lws_context::options' changed: + + entity changed from 'unsigned int' to compatible type 'typedef uint64_t' at stdint-uintn.h:27:1 + + type name changed from 'unsigned int' to 'unsigned long int' + + type size changed from 32 to 64 (in bits) + + and offset changed from 45792 to 10624 (in bits) (by -35168 bits) + + 'unsigned int lws_context::fd_limit_per_thread' offset changed from 45824 to 10976 (in bits) (by -34848 bits) + + 'unsigned int lws_context::timeout_secs' offset changed from 45856 to 11008 (in bits) (by -34848 bits) + + 'unsigned int lws_context::pt_serv_buf_size' offset changed from 45888 to 11040 (in bits) (by -34848 bits) + + 'int lws_context::max_http_header_data' offset changed from 45920 to 11072 (in bits) (by -34848 bits) + + 'int lws_context::simultaneous_ssl_restriction' offset changed from 45952 to 11136 (in bits) (by -34816 bits) + + 'int lws_context::simultaneous_ssl' offset changed from 45984 to 11168 (in bits) (by -34816 bits) + + 'unsigned int lws_context::doing_protocol_init' offset changed from 46048 to 24 (in bits) (by -46024 bits) + + type of 'short int lws_context::max_http_header_pool' changed: + + type name changed from 'short int' to 'int' + + type size changed from 16 to 32 (in bits) + + and offset changed from 46144 to 11104 (in bits) (by -35040 bits) + + 'short int lws_context::count_threads' offset changed from 46160 to 11216 (in bits) (by -34944 bits) + + 'short int lws_context::plugin_protocol_count' offset changed from 46176 to 11232 (in bits) (by -34944 bits) + + 'short int lws_context::plugin_extension_count' offset changed from 46192 to 11248 (in bits) (by -34944 bits) + + 'short int lws_context::server_string_len' offset changed from 46208 to 11264 (in bits) (by -34944 bits) + + 'unsigned short int lws_context::ws_ping_pong_interval' offset changed from 46224 to 11280 (in bits) (by -34944 bits) + + 'unsigned short int lws_context::deprecation_pending_listen_close_count' offset changed from 46240 to 11296 (in bits) (by -34944 bits) + + 'uint8_t lws_context::max_fi' offset changed from 46256 to 11312 (in bits) (by -34944 bits) + + + + [C]'function int lws_add_http_header_by_token(lws*, lws_token_indexes, const unsigned char*, int, unsigned char**, unsigned char*)' at header.c:108:1 has some indirect sub-type changes: + + parameter 2 of type 'enum lws_token_indexes' has sub-type changes: + + type size hasn't changed + + 5 enumerator insertions: + + 'lws_token_indexes::WSI_TOKEN_REPLAY_NONCE' value '84' + + 'lws_token_indexes::WSI_TOKEN_COLON_PROTOCOL' value '85' + + 'lws_token_indexes::WSI_TOKEN_X_AUTH_TOKEN' value '86' + + 'lws_token_indexes::_WSI_TOKEN_CLIENT_ALPN' value '94' + + 'lws_token_indexes::WSI_TOKEN_UNKNOWN_VALUE_PART' value '97' + + + + 13 enumerator changes: + + 'lws_token_indexes::_WSI_TOKEN_CLIENT_SENT_PROTOCOLS' from value '84' to '87' at lws-http.h:215:1 + + 'lws_token_indexes::_WSI_TOKEN_CLIENT_PEER_ADDRESS' from value '85' to '88' at lws-http.h:215:1 + + 'lws_token_indexes::_WSI_TOKEN_CLIENT_URI' from value '86' to '89' at lws-http.h:215:1 + + 'lws_token_indexes::_WSI_TOKEN_CLIENT_HOST' from value '87' to '90' at lws-http.h:215:1 + + 'lws_token_indexes::_WSI_TOKEN_CLIENT_ORIGIN' from value '88' to '91' at lws-http.h:215:1 + + 'lws_token_indexes::_WSI_TOKEN_CLIENT_METHOD' from value '89' to '92' at lws-http.h:215:1 + + 'lws_token_indexes::_WSI_TOKEN_CLIENT_IFACE' from value '90' to '93' at lws-http.h:215:1 + + 'lws_token_indexes::WSI_TOKEN_COUNT' from value '91' to '95' at lws-http.h:215:1 + + 'lws_token_indexes::WSI_TOKEN_NAME_PART' from value '92' to '96' at lws-http.h:215:1 + + 'lws_token_indexes::WSI_TOKEN_SKIPPING' from value '93' to '98' at lws-http.h:215:1 + + 'lws_token_indexes::WSI_TOKEN_SKIPPING_SAW_CR' from value '94' to '99' at lws-http.h:215:1 + + 'lws_token_indexes::WSI_PARSING_COMPLETE' from value '95' to '100' at lws-http.h:215:1 + + 'lws_token_indexes::WSI_INIT_TOKEN_MUXURL' from value '96' to '101' at lws-http.h:215:1 + + + + + + [C]'function lws* lws_adopt_descriptor_vhost(lws_vhost*, lws_adoption_type, lws_sock_file_fd_type, const char*, lws*)' at adopt.c:312:1 has some indirect sub-type changes: + + parameter 2 of type 'typedef lws_adoption_type' has sub-type changes: + + underlying type 'enum __anonymous_enum__' at libwebsockets.h:4484:1 changed: + + type size hasn't changed + + 1 enumerator deletion: + + '__anonymous_enum__::LWS_ADOPT_WS_PARENTIO' value '8' + + + + 3 enumerator insertions: + + '__anonymous_enum__::LWS_ADOPT_FLAG_UDP' value '16' + + '__anonymous_enum__::LWS_ADOPT_RAW_SOCKET_UDP' value '18' + + '__anonymous_enum__::LWS_ADOPT_FLAG_RAW_PROXY' value '32' + + + + + + [C]'function int lws_chunked_html_process(lws_process_html_args*, lws_process_html_state*)' at server.c:3066:1 has some indirect sub-type changes: + + parameter 1 of type 'lws_process_html_args*' has sub-type changes: + + in pointed to type 'struct lws_process_html_args' at lws-http.h:132:1: + + type size hasn't changed + + 1 data member insertion: + + 'int lws_process_html_args::chunked', at offset 160 (in bits) at lws-http.h:137:1 + + + + [C]'function lws* lws_client_connect_via_info(lws_client_connect_info*)' at connect.c:29:1 has some indirect sub-type changes: + + parameter 1 of type 'lws_client_connect_info*' changed: + + in pointed to type 'struct lws_client_connect_info': + + entity changed from 'struct lws_client_connect_info' to 'const lws_client_connect_info' + + type size changed from 1344 to 1792 (in bits) + + + + [C]'function lws* lws_client_reset(lws**, int, const char*, int, const char*, const char*)' at client-handshake.c:1043:1 has some indirect sub-type changes: + + parameter 7 of type 'char' was added + + + + + + [C]'function lws_context* lws_create_context(lws_context_creation_info*)' at context.c:194:1 has some indirect sub-type changes: + + parameter 1 of type 'lws_context_creation_info*' changed: + + in pointed to type 'struct lws_context_creation_info': + + entity changed from 'struct lws_context_creation_info' to 'const lws_context_creation_info' + + type size changed from 3584 to 5440 (in bits) + + + + [C]'function lws_vhost* lws_create_vhost(lws_context*, lws_context_creation_info*)' at vhost.c:466:1 has some indirect sub-type changes: + + parameter 2 of type 'lws_context_creation_info*' changed: + + in pointed to type 'struct lws_context_creation_info': + + entity changed from 'struct lws_context_creation_info' to 'const lws_context_creation_info' + + type size changed from 3584 to 5440 (in bits) + + + + [C]'function int lws_genhash_init(lws_genhash_ctx*, int)' at lws-genhash.c:35:1 has some indirect sub-type changes: + + parameter 2 of type 'int' changed: + + entity changed from 'int' to 'enum lws_genhash_types' at lws-genhash.h:36:1 + + type size hasn't changed + + type alignement changed from 0 to 32 + + + + [C]'function size_t lws_genhash_size(int)' at lws-gencrypto-common.c:630:1 has some indirect sub-type changes: + + parameter 1 of type 'int' changed: + + entity changed from 'int' to 'enum lws_genhash_types' at lws-genhash.h:36:1 + + type size hasn't changed + + type alignement changed from 0 to 32 + + + + [C]'function const char* lws_get_peer_simple(lws*, char*, int)' at network.c:132:1 has some indirect sub-type changes: + + parameter 3 of type 'int' changed: + + entity changed from 'int' to compatible type 'typedef size_t' at stddef.h:216:1 + + type name changed from 'int' to 'unsigned long int' + + type size changed from 32 to 64 (in bits) + + + + [C]'function size_t lws_get_peer_write_allowance(lws*)' at wsi.c:437:1 has some indirect sub-type changes: + + return type changed: + + typedef name changed from size_t to lws_fileofs_t at libwebsockets.h:514:1 + + underlying type 'unsigned long int' changed: + + type name changed from 'unsigned long int' to 'long long int' + + type size hasn't changed + + + + + + [C]'function int lws_get_random(lws_context*, void*, int)' at unix-misc.c:51:1 has some indirect sub-type changes: + + return type changed: + + entity changed from 'int' to compatible type 'typedef size_t' at stddef.h:216:1 + + type name changed from 'int' to 'unsigned long int' + + type size changed from 32 to 64 (in bits) + + + + [C]'function int lws_hdr_copy(lws*, char*, int, lws_token_indexes)' at parsers.c:539:1 has some indirect sub-type changes: + + parameter 4 of type 'enum lws_token_indexes' has sub-type changes: + + enum type 'enum lws_token_indexes' changed at libwebsockets.h:3313:1, as reported earlier + + + + [C]'function int lws_init_vhost_client_ssl(const lws_context_creation_info*, lws_vhost*)' at vhost.c:863:1 has some indirect sub-type changes: + + parameter 1 of type 'const lws_context_creation_info*' has sub-type changes: + + in pointed to type 'const lws_context_creation_info': + + in unqualified underlying type 'struct lws_context_creation_info' at lws-context-vhost.h:244:1: + + type size changed from 3584 to 5440 (in bits) + + 35 data member insertions: + + 'void* lws_context_creation_info::client_ssl_cert_mem', at offset 2368 (in bits) at lws-context-vhost.h:477:1 + + 'unsigned int lws_context_creation_info::client_ssl_cert_mem_len', at offset 2432 (in bits) at lws-context-vhost.h:480:1 + + 'void* lws_context_creation_info::client_ssl_ca_mem', at offset 2624 (in bits) at lws-context-vhost.h:491:1 + + 'unsigned int lws_context_creation_info::client_ssl_ca_mem_len', at offset 2688 (in bits) at lws-context-vhost.h:494:1 + + 'const char* lws_context_creation_info::error_document_404', at offset 3392 (in bits) at lws-context-vhost.h:574:1 + + 'const char* lws_context_creation_info::alpn', at offset 3456 (in bits) at lws-context-vhost.h:578:1 + + 'void** lws_context_creation_info::foreign_loops', at offset 3520 (in bits) at lws-context-vhost.h:585:1 + + 'void (void*, int)* lws_context_creation_info::signal_cb', at offset 3584 (in bits) at lws-context-vhost.h:599:1 + + 'lws_context** lws_context_creation_info::pcontext', at offset 3648 (in bits) at lws-context-vhost.h:605:1 + + 'void (lws_vhost*, void*)* lws_context_creation_info::finalize', at offset 3712 (in bits) at lws-context-vhost.h:611:1 + + 'void* lws_context_creation_info::finalize_arg', at offset 3776 (in bits) at lws-context-vhost.h:616:1 + + 'unsigned int lws_context_creation_info::max_http_header_pool2', at offset 3840 (in bits) at lws-context-vhost.h:620:1 + + 'long int lws_context_creation_info::ssl_client_options_set', at offset 3904 (in bits) at lws-context-vhost.h:626:1 + + 'long int lws_context_creation_info::ssl_client_options_clear', at offset 3968 (in bits) at lws-context-vhost.h:628:1 + + 'const char* lws_context_creation_info::tls1_3_plus_cipher_list', at offset 4032 (in bits) at lws-context-vhost.h:631:1 + + 'const char* lws_context_creation_info::client_tls_1_3_plus_cipher_list', at offset 4096 (in bits) at lws-context-vhost.h:638:1 + + 'const char* lws_context_creation_info::listen_accept_role', at offset 4160 (in bits) at lws-context-vhost.h:644:1 + + 'const char* lws_context_creation_info::listen_accept_protocol', at offset 4224 (in bits) at lws-context-vhost.h:649:1 + + 'const lws_protocols** lws_context_creation_info::pprotocols', at offset 4288 (in bits) at lws-context-vhost.h:653:1 + + 'void* lws_context_creation_info::server_ssl_cert_mem', at offset 4352 (in bits) at lws-context-vhost.h:664:1 + + 'unsigned int lws_context_creation_info::server_ssl_cert_mem_len', at offset 4416 (in bits) at lws-context-vhost.h:668:1 + + 'void* lws_context_creation_info::server_ssl_private_key_mem', at offset 4480 (in bits) at lws-context-vhost.h:671:1 + + 'unsigned int lws_context_creation_info::server_ssl_private_key_mem_len', at offset 4544 (in bits) at lws-context-vhost.h:676:1 + + 'void* lws_context_creation_info::server_ssl_ca_mem', at offset 4608 (in bits) at lws-context-vhost.h:678:1 + + 'unsigned int lws_context_creation_info::server_ssl_ca_mem_len', at offset 4672 (in bits) at lws-context-vhost.h:682:1 + + 'const char* lws_context_creation_info::username', at offset 4736 (in bits) at lws-context-vhost.h:684:1 + + 'const char* lws_context_creation_info::groupname', at offset 4800 (in bits) at lws-context-vhost.h:686:1 + + 'const char* lws_context_creation_info::unix_socket_perms', at offset 4864 (in bits) at lws-context-vhost.h:688:1 + + 'const lws_system_ops_t* lws_context_creation_info::system_ops', at offset 4928 (in bits) at lws-context-vhost.h:692:1 + + 'det_lat_buf_cb_t lws_context_creation_info::detailed_latency_cb', at offset 4992 (in bits) at lws-context-vhost.h:695:1 + + 'const char* lws_context_creation_info::detailed_latency_filepath', at offset 5056 (in bits) at lws-context-vhost.h:698:1 + + 'const lws_retry_bo_t* lws_context_creation_info::retry_and_idle_policy', at offset 5120 (in bits) at lws-context-vhost.h:700:1 + + 'lws_state_notify_link_t* const* lws_context_creation_info::register_notifier_list', at offset 5184 (in bits) at lws-context-vhost.h:704:1 + + 'uint8_t lws_context_creation_info::udp_loss_sim_tx_pc', at offset 5248 (in bits) at lws-context-vhost.h:708:1 + + 'uint8_t lws_context_creation_info::udp_loss_sim_rx_pc', at offset 5256 (in bits) at lws-context-vhost.h:711:1 + + 44 data member changes (2 filtered): + + type of 'const lws_extension* lws_context_creation_info::extensions' changed: + + in pointed to type 'const lws_extension': + + in unqualified underlying type 'struct lws_extension' at lws-ws-ext.h:139:1: + + type size hasn't changed + + 1 data member change: + + type of 'lws_extension_callback_function* lws_extension::callback' changed: + + in pointed to type 'typedef lws_extension_callback_function' at lws-ws-ext.h:133:1: + + underlying type 'function type int (lws_context*, const lws_extension*, lws*, enum lws_extension_callback_reasons, void*, void*, typedef size_t)' changed: + + parameter 4 of type 'enum lws_extension_callback_reasons' has sub-type changes: + + type size hasn't changed + + 17 enumerator deletions: + + 'lws_extension_callback_reasons::LWS_EXT_CB_SERVER_CONTEXT_CONSTRUCT' value '0' + + 'lws_extension_callback_reasons::LWS_EXT_CB_CLIENT_CONTEXT_CONSTRUCT' value '1' + + 'lws_extension_callback_reasons::LWS_EXT_CB_SERVER_CONTEXT_DESTRUCT' value '2' + + 'lws_extension_callback_reasons::LWS_EXT_CB_CLIENT_CONTEXT_DESTRUCT' value '3' + + 'lws_extension_callback_reasons::LWS_EXT_CB_CHECK_OK_TO_REALLY_CLOSE' value '6' + + 'lws_extension_callback_reasons::LWS_EXT_CB_CHECK_OK_TO_PROPOSE_EXTENSION' value '7' + + 'lws_extension_callback_reasons::LWS_EXT_CB_DESTROY_ANY_WSI_CLOSING' value '9' + + 'lws_extension_callback_reasons::LWS_EXT_CB_ANY_WSI_ESTABLISHED' value '10' + + 'lws_extension_callback_reasons::LWS_EXT_CB_PACKET_RX_PREPARSE' value '11' + + 'lws_extension_callback_reasons::LWS_EXT_CB_PACKET_TX_DO_SEND' value '13' + + 'lws_extension_callback_reasons::LWS_EXT_CB_HANDSHAKE_REPLY_TX' value '14' + + 'lws_extension_callback_reasons::LWS_EXT_CB_FLUSH_PENDING_TX' value '15' + + 'lws_extension_callback_reasons::LWS_EXT_CB_EXTENDED_PAYLOAD_RX' value '16' + + 'lws_extension_callback_reasons::LWS_EXT_CB_CAN_PROXY_CLIENT_CONNECTION' value '17' + + 'lws_extension_callback_reasons::LWS_EXT_CB_1HZ' value '18' + + 'lws_extension_callback_reasons::LWS_EXT_CB_REQUEST_ON_WRITEABLE' value '19' + + 'lws_extension_callback_reasons::LWS_EXT_CB_IS_WRITEABLE' value '20' + + + + + + + + type of 'unsigned int lws_context_creation_info::options' changed: + + entity changed from 'unsigned int' to compatible type 'typedef uint64_t' at stdint-uintn.h:27:1 + + type name changed from 'unsigned int' to 'unsigned long int' + + type size changed from 32 to 64 (in bits) + + and offset changed from 800 to 832 (in bits) (by +32 bits) + + 'void* lws_context_creation_info::user' offset changed from 832 to 896 (in bits) (by +64 bits) + + 'int lws_context_creation_info::ka_time' offset changed from 896 to 960 (in bits) (by +64 bits) + + 'int lws_context_creation_info::ka_probes' offset changed from 928 to 992 (in bits) (by +64 bits) + + 'int lws_context_creation_info::ka_interval' offset changed from 960 to 1024 (in bits) (by +64 bits) + + 'SSL_CTX* lws_context_creation_info::provided_client_ssl_ctx' offset changed from 1024 to 1088 (in bits) (by +64 bits) + + type of 'short int lws_context_creation_info::max_http_header_data' changed: + + type name changed from 'short int' to 'unsigned short int' + + type size hasn't changed + + + + and offset changed from 1088 to 1152 (in bits) (by +64 bits) + + type of 'short int lws_context_creation_info::max_http_header_pool' changed: + + type name changed from 'short int' to 'unsigned short int' + + type size hasn't changed + + + + and offset changed from 1104 to 1168 (in bits) (by +64 bits) + + 'unsigned int lws_context_creation_info::count_threads' offset changed from 1120 to 1184 (in bits) (by +64 bits) + + 'unsigned int lws_context_creation_info::fd_limit_per_thread' offset changed from 1152 to 1216 (in bits) (by +64 bits) + + 'unsigned int lws_context_creation_info::timeout_secs' offset changed from 1184 to 1248 (in bits) (by +64 bits) + + 'const char* lws_context_creation_info::ecdh_curve' offset changed from 1216 to 1280 (in bits) (by +64 bits) + + 'const char* lws_context_creation_info::vhost_name' offset changed from 1280 to 1344 (in bits) (by +64 bits) + + 'const char* const* lws_context_creation_info::plugin_dirs' offset changed from 1344 to 1408 (in bits) (by +64 bits) + + 'const lws_protocol_vhost_options* lws_context_creation_info::pvo' offset changed from 1408 to 1472 (in bits) (by +64 bits) + + 'int lws_context_creation_info::keepalive_timeout' offset changed from 1472 to 1536 (in bits) (by +64 bits) + + 'const char* lws_context_creation_info::log_filepath' offset changed from 1536 to 1600 (in bits) (by +64 bits) + + 'const lws_http_mount* lws_context_creation_info::mounts' offset changed from 1600 to 1664 (in bits) (by +64 bits) + + 'const char* lws_context_creation_info::server_string' offset changed from 1664 to 1728 (in bits) (by +64 bits) + + 'unsigned int lws_context_creation_info::pt_serv_buf_size' offset changed from 1728 to 1792 (in bits) (by +64 bits) + + 'unsigned int lws_context_creation_info::max_http_header_data2' offset changed from 1760 to 1824 (in bits) (by +64 bits) + + 'long int lws_context_creation_info::ssl_options_set' offset changed from 1792 to 1856 (in bits) (by +64 bits) + + 'long int lws_context_creation_info::ssl_options_clear' offset changed from 1856 to 1920 (in bits) (by +64 bits) + + 'unsigned short int lws_context_creation_info::ws_ping_pong_interval' offset changed from 1920 to 1984 (in bits) (by +64 bits) + + 'const lws_protocol_vhost_options* lws_context_creation_info::headers' offset changed from 1984 to 2048 (in bits) (by +64 bits) + + 'const lws_protocol_vhost_options* lws_context_creation_info::reject_service_keywords' offset changed from 2048 to 2112 (in bits) (by +64 bits) + + 'void* lws_context_creation_info::external_baggage_free_on_destroy' offset changed from 2112 to 2176 (in bits) (by +64 bits) + + 'const char* lws_context_creation_info::client_ssl_private_key_password' offset changed from 2176 to 2240 (in bits) (by +64 bits) + + 'const char* lws_context_creation_info::client_ssl_cert_filepath' offset changed from 2240 to 2304 (in bits) (by +64 bits) + + 'const char* lws_context_creation_info::client_ssl_private_key_filepath' offset changed from 2304 to 2496 (in bits) (by +192 bits) + + 'const char* lws_context_creation_info::client_ssl_ca_filepath' offset changed from 2368 to 2560 (in bits) (by +192 bits) + + 'const char* lws_context_creation_info::client_ssl_cipher_list' offset changed from 2432 to 2752 (in bits) (by +320 bits) + + 'const lws_plat_file_ops* lws_context_creation_info::fops' offset changed from 2496 to 2816 (in bits) (by +320 bits) + + 'int lws_context_creation_info::simultaneous_ssl_restriction' offset changed from 2560 to 2880 (in bits) (by +320 bits) + + 'const char* lws_context_creation_info::socks_proxy_address' offset changed from 2624 to 2944 (in bits) (by +320 bits) + + 'unsigned int lws_context_creation_info::socks_proxy_port' offset changed from 2688 to 3008 (in bits) (by +320 bits) + + 'int lws_context_creation_info::bind_iface' offset changed from 2720 to 3040 (in bits) (by +320 bits) + + 'int lws_context_creation_info::ssl_info_event_mask' offset changed from 2752 to 3072 (in bits) (by +320 bits) + + 'unsigned int lws_context_creation_info::timeout_secs_ah_idle' offset changed from 2784 to 3104 (in bits) (by +320 bits) + + 'unsigned short int lws_context_creation_info::ip_limit_ah' offset changed from 2816 to 3136 (in bits) (by +320 bits) + + 'unsigned short int lws_context_creation_info::ip_limit_wsi' offset changed from 2832 to 3152 (in bits) (by +320 bits) + + 'uint32_t lws_context_creation_info::http2_settings[7]' offset changed from 2848 to 3168 (in bits) (by +320 bits) + + type of 'void* lws_context_creation_info::_unused[8]' changed: + + type name changed from 'void*[8]' to 'void*[2]' + + array type size changed from 512 to 128 + + array type subrange 1 changed length from 8 to 2 + + and offset changed from 3072 to 5312 (in bits) (by +2240 bits) + + + + [C]'function void lws_ring_bump_head(lws_ring*, size_t)' at lws-ring.c:152:1 has some indirect sub-type changes: + + parameter 1 of type 'lws_ring*' has sub-type changes: + + in pointed to type 'struct lws_ring' at private-lib-core.h:185:1: + + type size changed from 320 to 256 (in bits) + + 4 data member changes: + + type of 'size_t lws_ring::buflen' changed: + + typedef name changed from size_t to uint32_t at stdint-uintn.h:26:1 + + underlying type 'unsigned long int' changed: + + entity changed from 'unsigned long int' to compatible type 'typedef __uint32_t' at types.h:41:1 + + type name changed from 'unsigned long int' to 'unsigned int' + + type size changed from 64 to 32 (in bits) + + + + 'size_t lws_ring::element_len' offset changed from 192 to 160 (in bits) (by -32 bits) + + 'uint32_t lws_ring::head' offset changed from 256 to 192 (in bits) (by -64 bits) + + 'uint32_t lws_ring::oldest_tail' offset changed from 288 to 224 (in bits) (by -64 bits) + + + + [C]'function void lws_set_timeout(lws*, pending_timeout, int)' at wsi-timeout.c:138:1 has some indirect sub-type changes: + + parameter 2 of type 'enum pending_timeout' has sub-type changes: + + type size hasn't changed + + 1 enumerator deletion: + + 'pending_timeout::PENDING_TIMEOUT_AWAITING_EXTENSION_CONNECT_RESPONSE' value '7' + + + + 8 enumerator insertions: + + 'pending_timeout::PENDING_TIMEOUT_UNUSED1' value '7' + + 'pending_timeout::PENDING_TIMEOUT_UDP_IDLE' value '26' + + 'pending_timeout::PENDING_TIMEOUT_CLIENT_CONN_IDLE' value '27' + + 'pending_timeout::PENDING_TIMEOUT_LAGGING' value '28' + + 'pending_timeout::PENDING_TIMEOUT_THREADPOOL' value '29' + + 'pending_timeout::PENDING_TIMEOUT_THREADPOOL_TASK' value '30' + + 'pending_timeout::PENDING_TIMEOUT_KILLED_BY_PROXY_CLIENT_CLOSE' value '31' + + 'pending_timeout::PENDING_TIMEOUT_USER_OK' value '32' + + + + + + [C]'function lws_spa* lws_spa_create(lws*, const char* const*, int, int, lws_spa_fileupload_cb, void*)' at lws-spa.c:624:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'struct lws_spa' at lws-spa.c:87:1: + + type size changed from 640 to 832 (in bits) + + 4 data member deletions: + + 'const char* const* lws_spa::param_names', at offset 128 (in bits) at lws-spa.c:401:1 + + + + 'int lws_spa::count_params', at offset 192 (in bits) at lws-spa.c:402:1 + + + + 'void* lws_spa::opt_data', at offset 384 (in bits) at lws-spa.c:405:1 + + + + 'int lws_spa::max_storage', at offset 576 (in bits) at lws-spa.c:409:1 + + + + 6 data member changes: + + type of 'lws_urldecode_stateful* lws_spa::s' changed: + + in pointed to type 'struct lws_urldecode_stateful' at lws-spa.c:59:1: + + type size changed from 4544 to 4608 (in bits) + + 2 data member insertions: + + 'lws* lws_urldecode_stateful::wsi', at offset 128 (in bits) at lws-spa.c:62:1 + + 'uint8_t lws_urldecode_stateful::matchable', at offset 4448 (in bits) at lws-spa.c:75:1 + + 17 data member changes (1 filtered): + + type of 'unsigned int lws_urldecode_stateful::boundary_real_crlf' changed: + + entity changed from 'unsigned int' to compatible type 'typedef uint8_t' at stdint-uintn.h:24:1 + + type name changed from 'unsigned int' to 'unsigned char' + + type size changed from 32 to 8 (in bits) + + and offset changed from 28 to 4 (in bits) (by -24 bits) + + type of 'unsigned int lws_urldecode_stateful::subname' changed: + + entity changed from 'unsigned int' to compatible type 'typedef uint8_t' at stdint-uintn.h:24:1 + + type name changed from 'unsigned int' to 'unsigned char' + + type size changed from 32 to 8 (in bits) + + and offset changed from 29 to 5 (in bits) (by -24 bits) + + type of 'unsigned int lws_urldecode_stateful::inside_quote' changed: + + entity changed from 'unsigned int' to compatible type 'typedef uint8_t' at stdint-uintn.h:24:1 + + type name changed from 'unsigned int' to 'unsigned char' + + type size changed from 32 to 8 (in bits) + + and offset changed from 30 to 6 (in bits) (by -24 bits) + + type of 'unsigned int lws_urldecode_stateful::multipart_form_data' changed: + + entity changed from 'unsigned int' to compatible type 'typedef uint8_t' at stdint-uintn.h:24:1 + + type name changed from 'unsigned int' to 'unsigned char' + + type size changed from 32 to 8 (in bits) + + and offset changed from 31 to 7 (in bits) (by -24 bits) + + 'char lws_urldecode_stateful::name[32]' offset changed from 128 to 192 (in bits) (by +64 bits) + + 'char lws_urldecode_stateful::temp[32]' offset changed from 384 to 448 (in bits) (by +64 bits) + + 'char lws_urldecode_stateful::content_type[32]' offset changed from 640 to 704 (in bits) (by +64 bits) + + 'char lws_urldecode_stateful::content_disp[32]' offset changed from 896 to 960 (in bits) (by +64 bits) + + 'char lws_urldecode_stateful::content_disp_filename[256]' offset changed from 1152 to 1216 (in bits) (by +64 bits) + + 'char lws_urldecode_stateful::mime_boundary[128]' offset changed from 3200 to 3264 (in bits) (by +64 bits) + + 'int lws_urldecode_stateful::out_len' offset changed from 4224 to 4288 (in bits) (by +64 bits) + + 'int lws_urldecode_stateful::pos' offset changed from 4256 to 4320 (in bits) (by +64 bits) + + 'int lws_urldecode_stateful::hdr_idx' offset changed from 4288 to 4352 (in bits) (by +64 bits) + + 'int lws_urldecode_stateful::mp' offset changed from 4320 to 4384 (in bits) (by +64 bits) + + 'int lws_urldecode_stateful::sum' offset changed from 4352 to 4416 (in bits) (by +64 bits) + + 'urldecode_stateful lws_urldecode_stateful::state' offset changed from 4416 to 4480 (in bits) (by +64 bits) + + 'lws_urldecode_stateful_cb lws_urldecode_stateful::output' offset changed from 4480 to 4544 (in bits) (by +64 bits) + + + + 'char** lws_spa::params' offset changed from 256 to 640 (in bits) (by +384 bits) + + 'int* lws_spa::param_length' offset changed from 320 to 512 (in bits) (by +192 bits) + + 'char* lws_spa::storage' offset changed from 448 to 704 (in bits) (by +256 bits) + + 'char* lws_spa::end' offset changed from 512 to 768 (in bits) (by +256 bits) + + 'char lws_spa::finalized' offset changed from 608 to 576 (in bits) (by -32 bits) + + 1 data member change: + + type of 'lws_spa_fileupload_cb lws_spa::opt_cb' changed: + + typedef name changed from lws_spa_fileupload_cb to lws_spa_create_info_t at lws-spa.h:115:1 + + underlying type 'int (void*, const char*, const char*, char*, int, enum lws_spa_fileupload_states)*' changed: + + entity changed from 'int (void*, const char*, const char*, char*, int, enum lws_spa_fileupload_states)*' to 'struct lws_spa_create_info' at lws-spa.h:104:1 + + type size changed from 64 to 448 (in bits) + + and name of 'lws_spa::opt_cb' changed to 'lws_spa::i' at lws-spa.c:89:1 + + + + [C]'function const unsigned char* lws_token_to_string(lws_token_indexes)' at header.c:30:1 has some indirect sub-type changes: + + parameter 1 of type 'enum lws_token_indexes' has sub-type changes: + + enum type 'enum lws_token_indexes' changed at libwebsockets.h:3313:1, as reported earlier + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libxslt_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libxslt_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..a982d01c742c7699033936736ae7a640fd22d87e --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/libxslt_all_result.md @@ -0,0 +1,402 @@ +# Functions changed info + +---------------diffs in libxslt_libexslt.so.0.8.20_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed (3 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 function with some indirect sub-type change: + + + + [C]'function int exsltDateXpathCtxtRegister(xmlXPathContextPtr, const xmlChar*)' at date.c:3852:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef xmlXPathContextPtr' has sub-type changes: + + underlying type 'xmlXPathContext*' changed: + + in pointed to type 'typedef xmlXPathContext' at xpath.h:39:1: + + underlying type 'struct _xmlXPathContext' at xpath.h:288:1 changed: + + type size changed from 2816 to 3072 (in bits) + + 5 data member insertions: + + 'unsigned long int _xmlXPathContext::opLimit', at offset 2816 (in bits) at xpath.h:359:1 + + 'unsigned long int _xmlXPathContext::opCount', at offset 2880 (in bits) at xpath.h:360:1 + + 'int _xmlXPathContext::depth', at offset 2944 (in bits) at xpath.h:361:1 + + 'int _xmlXPathContext::maxDepth', at offset 2976 (in bits) at xpath.h:362:1 + + 'int _xmlXPathContext::maxParserDepth', at offset 3008 (in bits) at xpath.h:363:1 + + no data member changes (2 filtered); + + + + + +---------------diffs in libxslt_libxslt.so.1.1.34_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 20 Changed (175 filtered out), 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Added functions: + + + + 'function void xsltCompMatchClearCache(xsltTransformContextPtr, xsltCompMatchPtr)' {xsltCompMatchClearCache@@LIBXML2_1.1.34} + + 'function int xsltParseStylesheetUser(xsltStylesheetPtr, xmlDocPtr)' {xsltParseStylesheetUser@@LIBXML2_1.1.34} + + + +20 functions with some indirect sub-type change: + + + + [C]'function int xslAddCall(xsltTemplatePtr, xmlNodePtr)' at xsltutils.c:2457:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef xsltTemplatePtr' has sub-type changes: + + underlying type 'xsltTemplate*' changed: + + in pointed to type 'typedef xsltTemplate' at xsltInternals.h:264:1: + + underlying type 'struct _xsltTemplate' at xsltInternals.h:274:1 changed: + + type size hasn't changed + + 1 data member changes (2 filtered): + + type of '_xsltStylesheet* _xsltTemplate::style' changed: + + in pointed to type 'struct _xsltStylesheet' at xsltInternals.h:1476:1: + + type size changed from 3328 to 3392 (in bits) + + 1 data member insertion: + + 'xmlXPathContextPtr _xsltStylesheet::xpathCtxt', at offset 3328 (in bits) at xsltInternals.h:1635:1 + + 1 data member changes (6 filtered): + + type of 'xsltElemPreCompPtr _xsltStylesheet::preComps' changed: + + underlying type 'xsltElemPreComp*' changed: + + in pointed to type 'typedef xsltElemPreComp' at xsltInternals.h:391:1: + + underlying type 'struct _xsltElemPreComp' at xsltInternals.h:479:1 changed: + + type size hasn't changed + + 1 data member changes (2 filtered): + + type of 'xsltTransformFunction _xsltElemPreComp::func' changed: + + underlying type 'void (typedef xsltTransformContextPtr, typedef xmlNodePtr, typedef xmlNodePtr, typedef xsltElemPreCompPtr)*' changed: + + in pointed to type 'function type void (typedef xsltTransformContextPtr, typedef xmlNodePtr, typedef xmlNodePtr, typedef xsltElemPreCompPtr)': + + parameter 1 of type 'typedef xsltTransformContextPtr' has sub-type changes: + + underlying type 'xsltTransformContext*' changed: + + in pointed to type 'typedef xsltTransformContext' at xsltInternals.h:382:1: + + underlying type 'struct _xsltTransformContext' at xsltInternals.h:1677:1 changed: + + type size changed from 3776 to 3904 (in bits) + + 2 data member insertions: + + 'unsigned long int _xsltTransformContext::opLimit', at offset 3776 (in bits) at xsltInternals.h:1783:1 + + 'unsigned long int _xsltTransformContext::opCount', at offset 3840 (in bits) at xsltInternals.h:1784:1 + + 1 data member changes (8 filtered): + + type of 'xmlXPathContextPtr _xsltTransformContext::xpathCtxt' changed: + + underlying type 'xmlXPathContext*' changed: + + in pointed to type 'typedef xmlXPathContext' at xpath.h:39:1: + + underlying type 'struct _xmlXPathContext' at xpath.h:288:1 changed: + + type size changed from 2816 to 3072 (in bits) + + 5 data member insertions: + + 'unsigned long int _xmlXPathContext::opLimit', at offset 2816 (in bits) at xpath.h:359:1 + + 'unsigned long int _xmlXPathContext::opCount', at offset 2880 (in bits) at xpath.h:360:1 + + 'int _xmlXPathContext::depth', at offset 2944 (in bits) at xpath.h:361:1 + + 'int _xmlXPathContext::maxDepth', at offset 2976 (in bits) at xpath.h:362:1 + + 'int _xmlXPathContext::maxParserDepth', at offset 3008 (in bits) at xpath.h:363:1 + + no data member changes (2 filtered); + + + + + + + + + + + + [C]'function void xsltApplyImports(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:4685:1 has some indirect sub-type changes: + + parameter 4 of type 'typedef xsltStylePreCompPtr' changed: + + typedef name changed from xsltStylePreCompPtr to xsltElemPreCompPtr at xsltInternals.h:392:1 + + underlying type 'xsltStylePreComp*' changed: + + in pointed to type 'typedef xsltStylePreComp' at xsltInternals.h:391:1: + + typedef name changed from xsltStylePreComp to xsltElemPreComp at xsltInternals.h:391:1 + + underlying type 'struct _xsltStylePreComp' at xsltInternals.h:1370:1 changed: + + type name changed from '_xsltStylePreComp' to '_xsltElemPreComp' + + type size changed from 2624 to 320 (in bits) + + 29 data member deletions: + + 'int _xsltStylePreComp::has_stype', at offset 320 (in bits) at xsltInternals.h:1381:1 + + + + 'int _xsltStylePreComp::number', at offset 352 (in bits) at xsltInternals.h:1382:1 + + + + 'const xmlChar* _xsltStylePreComp::order', at offset 384 (in bits) at xsltInternals.h:1383:1 + + + + 'int _xsltStylePreComp::has_order', at offset 448 (in bits) at xsltInternals.h:1384:1 + + + + 'int _xsltStylePreComp::descending', at offset 480 (in bits) at xsltInternals.h:1385:1 + + + + 'const xmlChar* _xsltStylePreComp::lang', at offset 512 (in bits) at xsltInternals.h:1386:1 + + + + 'int _xsltStylePreComp::has_lang', at offset 576 (in bits) at xsltInternals.h:1387:1 + + + + 'xsltLocale _xsltStylePreComp::locale', at offset 640 (in bits) at xsltInternals.h:1388:1 + + + + 'const xmlChar* _xsltStylePreComp::case_order', at offset 704 (in bits) at xsltInternals.h:1389:1 + + + + 'int _xsltStylePreComp::lower_first', at offset 768 (in bits) at xsltInternals.h:1390:1 + + + + 'const xmlChar* _xsltStylePreComp::use', at offset 832 (in bits) at xsltInternals.h:1392:1 + + + + 'int _xsltStylePreComp::has_use', at offset 896 (in bits) at xsltInternals.h:1393:1 + + + + 'int _xsltStylePreComp::noescape', at offset 928 (in bits) at xsltInternals.h:1395:1 + + + + 'const xmlChar* _xsltStylePreComp::name', at offset 960 (in bits) at xsltInternals.h:1397:1 + + + + 'int _xsltStylePreComp::has_name', at offset 1024 (in bits) at xsltInternals.h:1398:1 + + + + 'const xmlChar* _xsltStylePreComp::ns', at offset 1088 (in bits) at xsltInternals.h:1399:1 + + + + 'int _xsltStylePreComp::has_ns', at offset 1152 (in bits) at xsltInternals.h:1400:1 + + + + 'const xmlChar* _xsltStylePreComp::mode', at offset 1216 (in bits) at xsltInternals.h:1402:1 + + + + 'const xmlChar* _xsltStylePreComp::modeURI', at offset 1280 (in bits) at xsltInternals.h:1403:1 + + + + 'const xmlChar* _xsltStylePreComp::test', at offset 1344 (in bits) at xsltInternals.h:1405:1 + + + + 'xsltTemplatePtr _xsltStylePreComp::templ', at offset 1408 (in bits) at xsltInternals.h:1407:1 + + + + 'const xmlChar* _xsltStylePreComp::select', at offset 1472 (in bits) at xsltInternals.h:1409:1 + + + + 'int _xsltStylePreComp::ver11', at offset 1536 (in bits) at xsltInternals.h:1411:1 + + + + 'const xmlChar* _xsltStylePreComp::filename', at offset 1600 (in bits) at xsltInternals.h:1412:1 + + + + 'int _xsltStylePreComp::has_filename', at offset 1664 (in bits) at xsltInternals.h:1413:1 + + + + 'xsltNumberData _xsltStylePreComp::numdata', at offset 1728 (in bits) at xsltInternals.h:1415:1 + + + + 'xmlXPathCompExprPtr _xsltStylePreComp::comp', at offset 2432 (in bits) at xsltInternals.h:1417:1 + + + + 'xmlNsPtr* _xsltStylePreComp::nsList', at offset 2496 (in bits) at xsltInternals.h:1418:1 + + + + 'int _xsltStylePreComp::nsNr', at offset 2560 (in bits) at xsltInternals.h:1419:1 + + + + 3 data member changes (2 filtered): + + name of '_xsltStylePreComp::next' changed to '_xsltElemPreComp::next' at xsltInternals.h:472:1 + + name of '_xsltStylePreComp::func' changed to '_xsltElemPreComp::func' at xsltInternals.h:475:1 + + type of 'const xmlChar* _xsltStylePreComp::stype' changed: + + entity changed from 'const xmlChar*' to compatible type 'typedef xsltElemPreCompDeallocator' at xsltInternals.h:461:1 + + in pointed to type 'const unsigned char': + + entity changed from 'const unsigned char' to 'function type void (_xsltElemPreComp*)' + + type size changed from 8 to 64 (in bits) + + and name of '_xsltStylePreComp::stype' changed to '_xsltElemPreComp::free' at xsltInternals.h:480:1 + + + + [C]'function void xsltApplyTemplates(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:4857:1 has some indirect sub-type changes: + + + + [C]'function void xsltAttribute(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at attributes.c:754:1 has some indirect sub-type changes: + + + + [C]'function void xsltCallTemplate(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:4754:1 has some indirect sub-type changes: + + + + [C]'function void xsltChoose(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:5234:1 has some indirect sub-type changes: + + + + [C]'function void xsltComment(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:4300:1 has some indirect sub-type changes: + + + + [C]'function void xsltCopy(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:3936:1 has some indirect sub-type changes: + + + + [C]'function void xsltCopyOf(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:4410:1 has some indirect sub-type changes: + + + + [C]'function void xsltDebug(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at extra.c:55:1 has some indirect sub-type changes: + + + + [C]'function void xsltDocumentElem(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:3400:1 has some indirect sub-type changes: + + + + [C]'function void xsltElement(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:4092:1 has some indirect sub-type changes: + + + + [C]'function void xsltForEach(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:5499:1 has some indirect sub-type changes: + + + + [C]'function void xsltIf(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:5393:1 has some indirect sub-type changes: + + + + [C]'function void xsltNumber(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:4628:1 has some indirect sub-type changes: + + + + [C]'function void xsltProcessingInstruction(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:4344:1 has some indirect sub-type changes: + + + + [C]'function void xsltSort(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:3914:1 has some indirect sub-type changes: + + + + [C]'function void xsltText(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:4055:1 has some indirect sub-type changes: + + + + [C]'function void xsltValueOf(xsltTransformContextPtr, xmlNodePtr, xmlNodePtr, xsltStylePreCompPtr)' at transform.c:4554:1 has some indirect sub-type changes: + + + + [C]'function xmlXPathFunction xsltXPathFunctionLookup(xmlXPathContextPtr, const xmlChar*, const xmlChar*)' at functions.c:68:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef xmlXPathContextPtr' changed: + + entity changed from 'typedef xmlXPathContextPtr' to compatible type 'void*' + + in pointed to type 'struct _xmlXPathContext': + + entity changed from 'struct _xmlXPathContext' to 'void' + + type size changed from 2816 to 0 (in bits) + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/lm_sensors_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/lm_sensors_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..d36adffc250661391de4118f7e758c95d40ceed3 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/lm_sensors_all_result.md @@ -0,0 +1,16 @@ +# Functions changed info + +---------------diffs in lm_sensors_libsensors.so.5.0.0_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 0 Removed, 0 Changed (2 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +SONAME changed from 'libsensors.so.4' to 'libsensors.so.5' + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/nftables_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/nftables_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..c1ce8a1f2cd8c91c6e373d9ae4f17c60dd232187 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/nftables_all_result.md @@ -0,0 +1,1046 @@ +# Functions changed info + +---------------diffs in nftables_libnftables.so.1.0.0_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 409 Removed, 2 Changed (16 filtered out), 2 Added functions + +Variables changes summary: 0 Removed (87 filtered out), 0 Changed, 0 Added variables + +Function symbols changes summary: 2 Removed, 0 Added function symbols not referenced by debug info + +Variable symbols changes summary: 0 Removed, 0 Added variable symbol not referenced by debug info + + + +SONAME changed from 'libnftables.so.0' to 'libnftables.so.1' + + + +409 Removed functions: + + + + [D] 'function void __memory_allocation_error(const char*, uint32_t)' {__memory_allocation_error} + + [D] 'function void __netlink_abi_error(const char*, int, const char*)' {__netlink_abi_error} + + [D] 'function void __netlink_init_error(const char*, int, const char*)' {__netlink_init_error} + + [D] 'function int __stmt_binary_error(eval_ctx*, const location*, const location*, const char*, ...)' {__stmt_binary_error} + + [D] 'function nftnl_expr* alloc_nft_expr(const char*)' {alloc_nft_expr} + + [D] 'function nftnl_chain* alloc_nftnl_chain(const handle*)' {alloc_nftnl_chain} + + [D] 'function nftnl_rule* alloc_nftnl_rule(const handle*)' {alloc_nftnl_rule} + + [D] 'function nftnl_set* alloc_nftnl_set(const handle*)' {alloc_nftnl_set} + + [D] 'function nftnl_table* alloc_nftnl_table(const handle*)' {alloc_nftnl_table} + + [D] 'function expr* binop_expr_alloc(const location*, ops, expr*, expr*)' {binop_expr_alloc} + + [D] 'function expr* bitmask_expr_to_binops(expr*)' {bitmask_expr_to_binops} + + [D] 'function void cache_flush(mnl_socket*, nft_cache*, cmd_ops, list_head*, unsigned int, output_ctx*)' {cache_flush} + + [D] 'function void cache_release(nft_cache*)' {cache_release} + + [D] 'function int cache_update(mnl_socket*, nft_cache*, cmd_ops, list_head*, unsigned int, output_ctx*)' {cache_update} + + [D] 'function void chain_add_hash(chain*, table*)' {chain_add_hash} + + [D] 'function chain* chain_alloc(const char*)' {chain_alloc} + + [D] 'function void chain_free(chain*)' {chain_free} + + [D] 'function chain* chain_get(chain*)' {chain_get} + + [D] 'function const char* chain_hookname_lookup(const char*)' {chain_hookname_lookup} + + [D] 'function chain* chain_lookup(const table*, const handle*)' {chain_lookup} + + [D] 'function const char* chain_policy2str(uint32_t)' {chain_policy2str} + + [D] 'function void chain_print_plain(const chain*, output_ctx*)' {chain_print_plain} + + [D] 'function const char* chain_type_name_lookup(const char*)' {chain_type_name_lookup} + + [D] 'function cmd* cmd_alloc(cmd_ops, cmd_obj, const handle*, const location*, void*)' {cmd_alloc} + + [D] 'function cmd* cmd_alloc_obj_ct(cmd_ops, int, const handle*, const location*, obj*)' {cmd_alloc_obj_ct} + + [D] 'function int cmd_evaluate(eval_ctx*, cmd*)' {cmd_evaluate} + + [D] 'function void cmd_free(cmd*)' {cmd_free} + + [D] 'function void compound_expr_add(expr*, expr*)' {compound_expr_add} + + [D] 'function expr* compound_expr_alloc(const location*, const expr_ops*)' {compound_expr_alloc} + + [D] 'function void compound_expr_remove(expr*, expr*)' {compound_expr_remove} + + [D] 'function expr* concat_expr_alloc(const location*)' {concat_expr_alloc} + + [D] 'function const datatype* concat_type_alloc(uint32_t)' {concat_type_alloc} + + [D] 'function void concat_type_destroy(const datatype*)' {concat_type_destroy} + + [D] 'function stmt* connlimit_stmt_alloc(const location*)' {connlimit_stmt_alloc} + + [D] 'function expr* constant_expr_alloc(const location*, const datatype*, byteorder, unsigned int, void*)' {constant_expr_alloc} + + [D] 'function expr* constant_expr_join(const expr*, const expr*)' {constant_expr_join} + + [D] 'function expr* constant_expr_splice(expr*, unsigned int)' {constant_expr_splice} + + [D] 'function stmt* counter_stmt_alloc(const location*)' {counter_stmt_alloc} + + [D] 'function const char* ct_dir2str(int)' {ct_dir2str} + + [D] 'function expr* ct_expr_alloc(const location*, nft_ct_keys, int8_t, uint8_t)' {ct_expr_alloc} + + [D] 'function void ct_expr_update_type(proto_ctx*, expr*)' {ct_expr_update_type} + + [D] 'function const char* ct_label2str(unsigned long int)' {ct_label2str} + + [D] 'function void ct_label_table_exit()' {ct_label_table_exit} + + [D] 'function void ct_label_table_init()' {ct_label_table_init} + + [D] 'function stmt* ct_stmt_alloc(const location*, nft_ct_keys, int8_t, expr*)' {ct_stmt_alloc} + + [D] 'function error_record* data_unit_parse(const location*, const char*, uint64_t*)' {data_unit_parse} + + [D] 'function const datatype* datatype_lookup(datatypes)' {datatype_lookup} + + [D] 'function const datatype* datatype_lookup_byname(const char*)' {datatype_lookup_byname} + + [D] 'function void datatype_print(const expr*, output_ctx*)' {datatype_print} + + [D] 'function void devgroup_table_exit()' {devgroup_table_exit} + + [D] 'function void devgroup_table_init()' {devgroup_table_init} + + [D] 'function int do_command(netlink_ctx*, cmd*)' {do_command} + + [D] 'function stmt* dup_stmt_alloc(const location*)' {dup_stmt_alloc} + + [D] 'function void erec_add_location(error_record*, const location*)' {erec_add_location} + + [D] 'function error_record* erec_create(error_record_types, const location*, const char*, ...)' {erec_create} + + [D] 'function void erec_destroy(error_record*)' {erec_destroy} + + [D] 'function void erec_print(output_ctx*, const error_record*, unsigned int)' {erec_print} + + [D] 'function void erec_print_list(output_ctx*, list_head*, unsigned int)' {erec_print_list} + + [D] 'function error_record* erec_vcreate(error_record_types, const location*, const char*, va_list)' {erec_vcreate} + + [D] 'function expr* expr_alloc(const location*, const expr_ops*, const datatype*, byteorder, unsigned int)' {expr_alloc} + + [D] 'function const datatype* expr_basetype(const expr*)' {expr_basetype} + + [D] 'function int expr_binary_error(list_head*, const expr*, const expr*, const char*, ...)' {expr_binary_error} + + [D] 'function expr* expr_clone(const expr*)' {expr_clone} + + [D] 'function bool expr_cmp(const expr*, const expr*)' {expr_cmp} + + [D] 'function void expr_describe(const expr*, output_ctx*)' {expr_describe} + + [D] 'function void expr_free(expr*)' {expr_free} + + [D] 'function expr* expr_get(expr*)' {expr_get} + + [D] 'function void expr_print(const expr*, output_ctx*)' {expr_print} + + [D] 'function void expr_set_type(expr*, const datatype*, byteorder)' {expr_set_type} + + [D] 'function stmt* expr_stmt_alloc(const location*, expr*)' {expr_stmt_alloc} + + [D] 'function void exthdr_dependency_kill(payload_dep_ctx*, expr*, unsigned int)' {exthdr_dependency_kill} + + [D] 'function expr* exthdr_expr_alloc(const location*, const exthdr_desc*, uint8_t)' {exthdr_expr_alloc} + + [D] 'function const exthdr_desc* exthdr_find_proto(uint8_t)' {exthdr_find_proto} + + [D] 'function bool exthdr_find_template(expr*, const expr*, unsigned int*)' {exthdr_find_template} + + [D] 'function int exthdr_gen_dependency(eval_ctx*, const expr*, const proto_desc*, proto_bases, stmt**)' {exthdr_gen_dependency} + + [D] 'function void exthdr_init_raw(expr*, uint8_t, unsigned int, unsigned int, nft_exthdr_op, uint32_t)' {exthdr_init_raw} + + [D] 'function stmt* exthdr_stmt_alloc(const location*, expr*, expr*)' {exthdr_stmt_alloc} + + [D] 'function const char* family2str(unsigned int)' {family2str} + + [D] 'function expr* fib_expr_alloc(const location*, unsigned int, unsigned int)' {fib_expr_alloc} + + [D] 'function const char* fib_result_str(nft_fib_result)' {fib_result_str} + + [D] 'function expr* flag_expr_alloc(const location*, const datatype*, byteorder, unsigned int, unsigned long int)' {flag_expr_alloc} + + [D] 'function stmt* flow_offload_stmt_alloc(const location*, const char*)' {flow_offload_stmt_alloc} + + [D] 'function void flowtable_add_hash(flowtable*, table*)' {flowtable_add_hash} + + [D] 'function flowtable* flowtable_alloc(const location*)' {flowtable_alloc} + + [D] 'function void flowtable_free(flowtable*)' {flowtable_free} + + [D] 'function flowtable* flowtable_get(flowtable*)' {flowtable_get} + + [D] 'function void flowtable_print(const flowtable*, output_ctx*)' {flowtable_print} + + [D] 'function stmt* fwd_stmt_alloc(const location*)' {fwd_stmt_alloc} + + [D] 'function const char* get_rate(uint64_t, uint64_t*)' {get_rate} + + [D] 'function void get_set_decompose(table*, set*)' {get_set_decompose} + + [D] 'function expr* get_set_intervals(const set*, const expr*)' {get_set_intervals} + + [D] 'function const char* get_unit(uint64_t)' {get_unit} + + [D] 'function void gmp_init()' {gmp_init} + + [D] 'function void handle_free(handle*)' {handle_free} + + [D] 'function void handle_merge(handle*, const handle*)' {handle_merge} + + [D] 'function expr* hash_expr_alloc(const location*, uint32_t, bool, uint32_t, uint32_t, nft_hash_types)' {hash_expr_alloc} + + [D] 'function const char* hooknum2str(unsigned int, unsigned int)' {hooknum2str} + + [D] 'function void iface_cache_release()' {iface_cache_release} + + [D] 'function void iface_cache_update()' {iface_cache_update} + + [D] 'function void interval_map_decompose(expr*)' {interval_map_decompose} + + [D] 'function stmt* limit_stmt_alloc(const location*)' {limit_stmt_alloc} + + [D] 'function expr* list_expr_alloc(const location*)' {list_expr_alloc} + + [D] 'function void list_expr_sort(list_head*)' {list_expr_sort} + + [D] 'function const char* log_level(uint32_t)' {log_level} + + [D] 'function int log_level_parse(const char*)' {log_level_parse} + + [D] 'function stmt* log_stmt_alloc(const location*)' {log_stmt_alloc} + + [D] 'function expr* map_expr_alloc(const location*, expr*, expr*)' {map_expr_alloc} + + [D] 'function stmt* map_stmt_alloc(const location*)' {map_stmt_alloc} + + [D] 'function expr* mapping_expr_alloc(const location*, expr*, expr*)' {mapping_expr_alloc} + + [D] 'function void mark_table_exit()' {mark_table_exit} + + [D] 'function void mark_table_init()' {mark_table_init} + + [D] 'function markup* markup_alloc(uint32_t)' {markup_alloc} + + [D] 'function void markup_free(markup*)' {markup_free} + + [D] 'function expr* meta_expr_alloc(const location*, nft_meta_keys)' {meta_expr_alloc} + + [D] 'function error_record* meta_key_parse(const location*, const char*, unsigned int*)' {meta_key_parse} + + [D] 'function stmt* meta_stmt_alloc(const location*, nft_meta_keys, expr*)' {meta_stmt_alloc} + + [D] 'function stmt* meta_stmt_meta_iiftype(const location*, uint16_t)' {meta_stmt_meta_iiftype} + + [D] 'function stmt* meter_stmt_alloc(const location*)' {meter_stmt_alloc} + + [D] 'function uint32_t mnl_batch_begin(nftnl_batch*, uint32_t)' {mnl_batch_begin} + + [D] 'function void mnl_batch_end(nftnl_batch*, uint32_t)' {mnl_batch_end} + + [D] 'function nftnl_batch* mnl_batch_init()' {mnl_batch_init} + + [D] 'function bool mnl_batch_ready(nftnl_batch*)' {mnl_batch_ready} + + [D] 'function void mnl_batch_reset(nftnl_batch*)' {mnl_batch_reset} + + [D] 'function int mnl_batch_talk(netlink_ctx*, list_head*)' {mnl_batch_talk} + + [D] 'function void mnl_err_list_free(mnl_err*)' {mnl_err_list_free} + + [D] 'function uint16_t mnl_genid_get(netlink_ctx*)' {mnl_genid_get} + + [D] 'function int mnl_nft_chain_batch_add(nftnl_chain*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_chain_batch_add} + + [D] 'function int mnl_nft_chain_batch_del(nftnl_chain*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_chain_batch_del} + + [D] 'function nftnl_chain_list* mnl_nft_chain_dump(netlink_ctx*, int)' {mnl_nft_chain_dump} + + [D] 'function int mnl_nft_event_listener(mnl_socket*, unsigned int, output_ctx*, int (const nlmsghdr*, void*)*, void*)' {mnl_nft_event_listener} + + [D] 'function int mnl_nft_flowtable_batch_add(nftnl_flowtable*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_flowtable_batch_add} + + [D] 'function int mnl_nft_flowtable_batch_del(nftnl_flowtable*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_flowtable_batch_del} + + [D] 'function nftnl_flowtable_list* mnl_nft_flowtable_dump(netlink_ctx*, int, const char*)' {mnl_nft_flowtable_dump} + + [D] 'function int mnl_nft_obj_batch_add(nftnl_obj*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_obj_batch_add} + + [D] 'function int mnl_nft_obj_batch_del(nftnl_obj*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_obj_batch_del} + + [D] 'function nftnl_obj_list* mnl_nft_obj_dump(netlink_ctx*, int, const char*, const char*, uint32_t, bool, bool)' {mnl_nft_obj_dump} + + [D] 'function int mnl_nft_rule_batch_add(nftnl_rule*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_rule_batch_add} + + [D] 'function int mnl_nft_rule_batch_del(nftnl_rule*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_rule_batch_del} + + [D] 'function int mnl_nft_rule_batch_replace(nftnl_rule*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_rule_batch_replace} + + [D] 'function nftnl_rule_list* mnl_nft_rule_dump(netlink_ctx*, int)' {mnl_nft_rule_dump} + + [D] 'function nftnl_ruleset* mnl_nft_ruleset_dump(netlink_ctx*, uint32_t)' {mnl_nft_ruleset_dump} + + [D] 'function int mnl_nft_set_batch_add(nftnl_set*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_set_batch_add} + + [D] 'function int mnl_nft_set_batch_del(nftnl_set*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_set_batch_del} + + [D] 'function nftnl_set_list* mnl_nft_set_dump(netlink_ctx*, int, const char*)' {mnl_nft_set_dump} + + [D] 'function int mnl_nft_setelem_batch_add(nftnl_set*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_setelem_batch_add} + + [D] 'function int mnl_nft_setelem_batch_del(nftnl_set*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_setelem_batch_del} + + [D] 'function int mnl_nft_setelem_batch_flush(nftnl_set*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_setelem_batch_flush} + + [D] 'function int mnl_nft_setelem_get(netlink_ctx*, nftnl_set*)' {mnl_nft_setelem_get} + + [D] 'function nftnl_set* mnl_nft_setelem_get_one(netlink_ctx*, nftnl_set*)' {mnl_nft_setelem_get_one} + + [D] 'function int mnl_nft_table_batch_add(nftnl_table*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_table_batch_add} + + [D] 'function int mnl_nft_table_batch_del(nftnl_table*, nftnl_batch*, unsigned int, uint32_t)' {mnl_nft_table_batch_del} + + [D] 'function nftnl_table_list* mnl_nft_table_dump(netlink_ctx*, int)' {mnl_nft_table_dump} + + [D] 'function uint32_t mnl_seqnum_alloc(unsigned int*)' {mnl_seqnum_alloc} + + [D] 'function monitor* monitor_alloc(uint32_t, uint32_t, const char*)' {monitor_alloc} + + [D] 'function void monitor_free(monitor*)' {monitor_free} + + [D] 'function void mpz_bitmask(__mpz_struct*, unsigned int)' {mpz_bitmask} + + [D] 'function void* mpz_export_data(void*, const __mpz_struct*, byteorder, unsigned int)' {mpz_export_data} + + [D] 'function uint16_t mpz_get_be16(const __mpz_struct*)' {mpz_get_be16} + + [D] 'function uint32_t mpz_get_be32(const __mpz_struct*)' {mpz_get_be32} + + [D] 'function uint16_t mpz_get_uint16(const __mpz_struct*)' {mpz_get_uint16} + + [D] 'function uint32_t mpz_get_uint32(const __mpz_struct*)' {mpz_get_uint32} + + [D] 'function uint64_t mpz_get_uint64(const __mpz_struct*)' {mpz_get_uint64} + + [D] 'function uint8_t mpz_get_uint8(const __mpz_struct*)' {mpz_get_uint8} + + [D] 'function void mpz_import_data(__mpz_struct*, void*, byteorder, unsigned int)' {mpz_import_data} + + [D] 'function void mpz_init_bitmask(__mpz_struct*, unsigned int)' {mpz_init_bitmask} + + [D] 'function void mpz_lshift_ui(__mpz_struct*, unsigned int)' {mpz_lshift_ui} + + [D] 'function void mpz_prefixmask(__mpz_struct*, unsigned int, unsigned int)' {mpz_prefixmask} + + [D] 'function void mpz_rshift_ui(__mpz_struct*, unsigned int)' {mpz_rshift_ui} + + [D] 'function void mpz_switch_byteorder(__mpz_struct*, unsigned int)' {mpz_switch_byteorder} + + [D] 'function bool must_print_eq_op(const expr*)' {must_print_eq_op} + + [D] 'function const char* nat_etype2str(nft_nat_etypes)' {nat_etype2str} + + [D] 'function stmt* nat_stmt_alloc(const location*, nft_nat_etypes)' {nat_stmt_alloc} + + [D] 'function int netlink_add_chain_batch(netlink_ctx*, const cmd*, uint32_t)' {netlink_add_chain_batch} + + [D] 'function int netlink_add_flowtable(netlink_ctx*, const cmd*, uint32_t)' {netlink_add_flowtable} + + [D] 'function int netlink_add_obj(netlink_ctx*, const cmd*, uint32_t)' {netlink_add_obj} + + [D] 'function int netlink_add_rule_batch(netlink_ctx*, const cmd*, uint32_t)' {netlink_add_rule_batch} + + [D] 'function int netlink_add_set_batch(netlink_ctx*, const cmd*, uint32_t)' {netlink_add_set_batch} + + [D] 'function int netlink_add_setelems_batch(netlink_ctx*, const handle*, const expr*, uint32_t)' {netlink_add_setelems_batch} + + [D] 'function int netlink_add_table_batch(netlink_ctx*, const cmd*, uint32_t)' {netlink_add_table_batch} + + [D] 'function expr* netlink_alloc_data(const location*, const nft_data_delinearize*, nft_registers)' {netlink_alloc_data} + + [D] 'function expr* netlink_alloc_value(const location*, const nft_data_delinearize*)' {netlink_alloc_value} + + [D] 'function int netlink_batch_send(netlink_ctx*, list_head*)' {netlink_batch_send} + + [D] 'function void netlink_close_sock(mnl_socket*)' {netlink_close_sock} + + [D] 'function int netlink_del_rule_batch(netlink_ctx*, const cmd*)' {netlink_del_rule_batch} + + [D] 'function int netlink_delete_chain_batch(netlink_ctx*, const cmd*)' {netlink_delete_chain_batch} + + [D] 'function int netlink_delete_flowtable(netlink_ctx*, const cmd*)' {netlink_delete_flowtable} + + [D] 'function int netlink_delete_obj(netlink_ctx*, const cmd*, uint32_t)' {netlink_delete_obj} + + [D] 'function int netlink_delete_set_batch(netlink_ctx*, const cmd*)' {netlink_delete_set_batch} + + [D] 'function int netlink_delete_setelems_batch(netlink_ctx*, const cmd*)' {netlink_delete_setelems_batch} + + [D] 'function int netlink_delete_table_batch(netlink_ctx*, const cmd*)' {netlink_delete_table_batch} + + [D] 'function chain* netlink_delinearize_chain(netlink_ctx*, const nftnl_chain*)' {netlink_delinearize_chain} + + [D] 'function obj* netlink_delinearize_obj(netlink_ctx*, nftnl_obj*)' {netlink_delinearize_obj} + + [D] 'function rule* netlink_delinearize_rule(netlink_ctx*, nftnl_rule*)' {netlink_delinearize_rule} + + [D] 'function set* netlink_delinearize_set(netlink_ctx*, const nftnl_set*)' {netlink_delinearize_set} + + [D] 'function int netlink_delinearize_setelem(nftnl_set_elem*, const set*, nft_cache*)' {netlink_delinearize_setelem} + + [D] 'function table* netlink_delinearize_table(netlink_ctx*, const nftnl_table*)' {netlink_delinearize_table} + + [D] 'function void netlink_dump_chain(const nftnl_chain*, netlink_ctx*)' {netlink_dump_chain} + + [D] 'function void netlink_dump_expr(const nftnl_expr*, FILE*, unsigned int)' {netlink_dump_expr} + + [D] 'function void netlink_dump_obj(nftnl_obj*, netlink_ctx*)' {netlink_dump_obj} + + [D] 'function void netlink_dump_rule(const nftnl_rule*, netlink_ctx*)' {netlink_dump_rule} + + [D] 'function nftnl_ruleset* netlink_dump_ruleset(netlink_ctx*, const handle*, const location*)' {netlink_dump_ruleset} + + [D] 'function void netlink_dump_set(const nftnl_set*, netlink_ctx*)' {netlink_dump_set} + + [D] 'function int netlink_echo_callback(const nlmsghdr*, void*)' {netlink_echo_callback} + + [D] 'function int netlink_events_trace_cb(const nlmsghdr*, int, netlink_mon_handler*)' {netlink_events_trace_cb} + + [D] 'function int netlink_flush_chain(netlink_ctx*, const cmd*)' {netlink_flush_chain} + + [D] 'function int netlink_flush_setelems(netlink_ctx*, const cmd*)' {netlink_flush_setelems} + + [D] 'function void netlink_gen_data(const expr*, nft_data_linearize*)' {netlink_gen_data} + + [D] 'function void netlink_gen_raw_data(const __mpz_struct*, byteorder, unsigned int, nft_data_linearize*)' {netlink_gen_raw_data} + + [D] 'function uint16_t netlink_genid_get(netlink_ctx*)' {netlink_genid_get} + + [D] 'function int netlink_get_setelem(netlink_ctx*, const handle*, const location*, table*, set*, expr*)' {netlink_get_setelem} + + [D] 'function int netlink_io_error(netlink_ctx*, const location*, const char*, ...)' {netlink_io_error} + + [D] 'function void netlink_linearize_rule(netlink_ctx*, nftnl_rule*, const rule*)' {netlink_linearize_rule} + + [D] 'function int netlink_list_chains(netlink_ctx*, const handle*)' {netlink_list_chains} + + [D] 'function int netlink_list_flowtables(netlink_ctx*, const handle*)' {netlink_list_flowtables} + + [D] 'function int netlink_list_objs(netlink_ctx*, const handle*)' {netlink_list_objs} + + [D] 'function int netlink_list_setelems(netlink_ctx*, const handle*, set*)' {netlink_list_setelems} + + [D] 'function int netlink_list_sets(netlink_ctx*, const handle*)' {netlink_list_sets} + + [D] 'function int netlink_list_table(netlink_ctx*, const handle*)' {netlink_list_table} + + [D] 'function int netlink_list_tables(netlink_ctx*, const handle*)' {netlink_list_tables} + + [D] 'function int netlink_markup_parse_cb(const nftnl_parse_ctx*)' {netlink_markup_parse_cb} + + [D] 'function int netlink_monitor(netlink_mon_handler*, mnl_socket*)' {netlink_monitor} + + [D] 'function mnl_socket* netlink_open_sock()' {netlink_open_sock} + + [D] 'function stmt* netlink_parse_set_expr(const set*, const nft_cache*, const nftnl_expr*)' {netlink_parse_set_expr} + + [D] 'function int netlink_rename_chain_batch(netlink_ctx*, const handle*, const cmd*)' {netlink_rename_chain_batch} + + [D] 'function int netlink_replace_rule_batch(netlink_ctx*, const cmd*)' {netlink_replace_rule_batch} + + [D] 'function int netlink_reset_objs(netlink_ctx*, const cmd*, uint32_t, bool)' {netlink_reset_objs} + + [D] 'function void netlink_restart(mnl_socket*)' {netlink_restart} + + [D] 'function YY_BUFFER_STATE nft__create_buffer(FILE*, int, yyscan_t)' {nft__create_buffer} + + [D] 'function void nft__delete_buffer(YY_BUFFER_STATE, yyscan_t)' {nft__delete_buffer} + + [D] 'function void nft__flush_buffer(YY_BUFFER_STATE, yyscan_t)' {nft__flush_buffer} + + [D] 'function YY_BUFFER_STATE nft__scan_buffer(char*, yy_size_t, yyscan_t)' {nft__scan_buffer} + + [D] 'function YY_BUFFER_STATE nft__scan_bytes(const char*, int, yyscan_t)' {nft__scan_bytes} + + [D] 'function YY_BUFFER_STATE nft__scan_string(const char*, yyscan_t)' {nft__scan_string} + + [D] 'function void nft__switch_to_buffer(YY_BUFFER_STATE, yyscan_t)' {nft__switch_to_buffer} + + [D] 'function void* nft_alloc(yy_size_t, yyscan_t)' {nft_alloc} + + [D] 'function void nft_cmd_expand(cmd*)' {nft_cmd_expand} + + [D] 'function bool nft_ctx_output_get_echo(nft_ctx*)' {nft_ctx_output_get_echo} + + [D] 'function bool nft_ctx_output_get_handle(nft_ctx*)' {nft_ctx_output_get_handle} + + [D] 'function bool nft_ctx_output_get_ip2name(nft_ctx*)' {nft_ctx_output_get_ip2name} + + [D] 'function bool nft_ctx_output_get_json(nft_ctx*)' {nft_ctx_output_get_json} + + [D] 'function nft_numeric_level nft_ctx_output_get_numeric(nft_ctx*)' {nft_ctx_output_get_numeric} + + [D] 'function bool nft_ctx_output_get_stateless(nft_ctx*)' {nft_ctx_output_get_stateless} + + [D] 'function void nft_ctx_output_set_echo(nft_ctx*, bool)' {nft_ctx_output_set_echo} + + [D] 'function void nft_ctx_output_set_handle(nft_ctx*, bool)' {nft_ctx_output_set_handle} + + [D] 'function void nft_ctx_output_set_ip2name(nft_ctx*, bool)' {nft_ctx_output_set_ip2name} + + [D] 'function void nft_ctx_output_set_json(nft_ctx*, bool)' {nft_ctx_output_set_json} + + [D] 'function void nft_ctx_output_set_numeric(nft_ctx*, nft_numeric_level)' {nft_ctx_output_set_numeric} + + [D] 'function void nft_ctx_output_set_stateless(nft_ctx*, bool)' {nft_ctx_output_set_stateless} + + [D] 'function void nft_free(void*, yyscan_t)' {nft_free} + + [D] 'function int nft_get_column(yyscan_t)' {nft_get_column} + + [D] 'function int nft_get_debug(yyscan_t)' {nft_get_debug} + + [D] 'function void* nft_get_extra(yyscan_t)' {nft_get_extra} + + [D] 'function FILE* nft_get_in(yyscan_t)' {nft_get_in} + + [D] 'function int nft_get_leng(yyscan_t)' {nft_get_leng} + + [D] 'function int nft_get_lineno(yyscan_t)' {nft_get_lineno} + + [D] 'function location* nft_get_lloc(yyscan_t)' {nft_get_lloc} + + [D] 'function YYSTYPE* nft_get_lval(yyscan_t)' {nft_get_lval} + + [D] 'function FILE* nft_get_out(yyscan_t)' {nft_get_out} + + [D] 'function char* nft_get_text(yyscan_t)' {nft_get_text} + + [D] 'function int nft_gmp_print(output_ctx*, const char*, ...)' {nft_gmp_print} + + [D] 'function char* nft_if_indextoname(unsigned int, char*)' {nft_if_indextoname} + + [D] 'function unsigned int nft_if_nametoindex(const char*)' {nft_if_nametoindex} + + [D] 'function int nft_lex(YYSTYPE*, location*, yyscan_t)' {nft_lex} + + [D] 'function int nft_lex_destroy(yyscan_t)' {nft_lex_destroy} + + [D] 'function int nft_lex_init(yyscan_t*)' {nft_lex_init} + + [D] 'function int nft_lex_init_extra(void*, yyscan_t*)' {nft_lex_init_extra} + + [D] 'function int nft_parse(nft_ctx*, void*, parser_state*)' {nft_parse} + + [D] 'function void nft_pop_buffer_state(yyscan_t)' {nft_pop_buffer_state} + + [D] 'function int nft_print(output_ctx*, const char*, ...)' {nft_print} + + [D] 'function void nft_push_buffer_state(YY_BUFFER_STATE, yyscan_t)' {nft_push_buffer_state} + + [D] 'function void* nft_realloc(void*, yy_size_t, yyscan_t)' {nft_realloc} + + [D] 'function void nft_restart(FILE*, yyscan_t)' {nft_restart} + + [D] 'function void nft_set_column(int, yyscan_t)' {nft_set_column} + + [D] 'function void nft_set_debug(int, yyscan_t)' {nft_set_debug} + + [D] 'function void nft_set_extra(void*, yyscan_t)' {nft_set_extra} + + [D] 'function void nft_set_in(FILE*, yyscan_t)' {nft_set_in} + + [D] 'function void nft_set_lineno(int, yyscan_t)' {nft_set_lineno} + + [D] 'function void nft_set_lloc(location*, yyscan_t)' {nft_set_lloc} + + [D] 'function void nft_set_lval(YYSTYPE*, yyscan_t)' {nft_set_lval} + + [D] 'function void nft_set_out(FILE*, yyscan_t)' {nft_set_out} + + [D] 'function stmt* notrack_stmt_alloc(const location*)' {notrack_stmt_alloc} + + [D] 'function expr* numgen_expr_alloc(const location*, nft_ng_types, uint32_t, uint32_t)' {numgen_expr_alloc} + + [D] 'function void obj_add_hash(obj*, table*)' {obj_add_hash} + + [D] 'function obj* obj_alloc(const location*)' {obj_alloc} + + [D] 'function void obj_free(obj*)' {obj_free} + + [D] 'function obj* obj_get(obj*)' {obj_get} + + [D] 'function obj* obj_lookup(const table*, const char*, uint32_t)' {obj_lookup} + + [D] 'function void obj_print(const obj*, output_ctx*)' {obj_print} + + [D] 'function void obj_print_plain(const obj*, output_ctx*)' {obj_print_plain} + + [D] 'function const char* obj_type_name(stmt_types)' {obj_type_name} + + [D] 'function uint32_t obj_type_to_cmd(uint32_t)' {obj_type_to_cmd} + + [D] 'function stmt* objref_stmt_alloc(const location*)' {objref_stmt_alloc} + + [D] 'function const char* objref_type_name(uint32_t)' {objref_type_name} + + [D] 'function void parser_init(nft_ctx*, parser_state*, list_head*, list_head*)' {parser_init} + + [D] 'function bool payload_can_merge(const expr*, const expr*)' {payload_can_merge} + + [D] 'function bool payload_dependency_exists(const payload_dep_ctx*, proto_bases)' {payload_dependency_exists} + + [D] 'function void payload_dependency_kill(payload_dep_ctx*, expr*, unsigned int)' {payload_dependency_kill} + + [D] 'function void payload_dependency_release(payload_dep_ctx*)' {payload_dependency_release} + + [D] 'function void payload_dependency_reset(payload_dep_ctx*)' {payload_dependency_reset} + + [D] 'function void payload_dependency_store(payload_dep_ctx*, stmt*, proto_bases)' {payload_dependency_store} + + [D] 'function expr* payload_expr_alloc(const location*, const proto_desc*, unsigned int)' {payload_expr_alloc} + + [D] 'function void payload_expr_complete(expr*, const proto_ctx*)' {payload_expr_complete} + + [D] 'function void payload_expr_expand(list_head*, expr*, const proto_ctx*)' {payload_expr_expand} + + [D] 'function expr* payload_expr_join(const expr*, const expr*)' {payload_expr_join} + + [D] 'function bool payload_expr_trim(expr*, expr*, const proto_ctx*, unsigned int*)' {payload_expr_trim} + + [D] 'function int payload_gen_dependency(eval_ctx*, const expr*, stmt**)' {payload_gen_dependency} + + [D] 'function unsigned int payload_hdr_field(const expr*)' {payload_hdr_field} + + [D] 'function void payload_init_raw(expr*, proto_bases, unsigned int, unsigned int)' {payload_init_raw} + + [D] 'function bool payload_is_known(const expr*)' {payload_is_known} + + [D] 'function bool payload_is_stacked(const proto_desc*, const expr*)' {payload_is_stacked} + + [D] 'function stmt* payload_stmt_alloc(const location*, expr*, expr*)' {payload_stmt_alloc} + + [D] 'function expr* prefix_expr_alloc(const location*, expr*, unsigned int)' {prefix_expr_alloc} + + [D] 'function void proto_ctx_init(proto_ctx*, unsigned int, unsigned int)' {proto_ctx_init} + + [D] 'function void proto_ctx_update(proto_ctx*, proto_bases, const location*, const proto_desc*)' {proto_ctx_update} + + [D] 'function const proto_desc* proto_dev_desc(uint16_t)' {proto_dev_desc} + + [D] 'function int proto_dev_type(const proto_desc*, uint16_t*)' {proto_dev_type} + + [D] 'function int proto_find_num(const proto_desc*, const proto_desc*)' {proto_find_num} + + [D] 'function const proto_desc* proto_find_upper(const proto_desc*, unsigned int)' {proto_find_upper} + + [D] 'function stmt* queue_stmt_alloc(const location*)' {queue_stmt_alloc} + + [D] 'function stmt* quota_stmt_alloc(const location*)' {quota_stmt_alloc} + + [D] 'function expr* range_expr_alloc(const location*, expr*, expr*)' {range_expr_alloc} + + [D] 'function void range_expr_value_high(__mpz_struct*, const expr*)' {range_expr_value_high} + + [D] 'function void range_expr_value_low(__mpz_struct*, const expr*)' {range_expr_value_low} + + [D] 'function error_record* rate_parse(const location*, const char*, uint64_t*, uint64_t*)' {rate_parse} + + [D] 'function void rb_erase(rb_node*, rb_root*)' {rb_erase} + + [D] 'function rb_node* rb_first(rb_root*)' {rb_first} + + [D] 'function void rb_insert_color(rb_node*, rb_root*)' {rb_insert_color} + + [D] 'function rb_node* rb_last(rb_root*)' {rb_last} + + [D] 'function rb_node* rb_next(rb_node*)' {rb_next} + + [D] 'function rb_node* rb_prev(rb_node*)' {rb_prev} + + [D] 'function void rb_replace_node(rb_node*, rb_node*, rb_root*)' {rb_replace_node} + + [D] 'function void realm_table_meta_exit()' {realm_table_meta_exit} + + [D] 'function void realm_table_meta_init()' {realm_table_meta_init} + + [D] 'function void realm_table_rt_exit()' {realm_table_rt_exit} + + [D] 'function void realm_table_rt_init()' {realm_table_rt_init} + + [D] 'function stmt* reject_stmt_alloc(const location*)' {reject_stmt_alloc} + + [D] 'function expr* relational_expr_alloc(const location*, ops, expr*, expr*)' {relational_expr_alloc} + + [D] 'function void relational_expr_pctx_update(proto_ctx*, const expr*)' {relational_expr_pctx_update} + + [D] 'function expr* rt_expr_alloc(const location*, nft_rt_keys, bool)' {rt_expr_alloc} + + [D] 'function void rt_expr_update_type(proto_ctx*, expr*)' {rt_expr_update_type} + + [D] 'function void rt_symbol_table_free(symbol_table*)' {rt_symbol_table_free} + + [D] 'function symbol_table* rt_symbol_table_init(const char*)' {rt_symbol_table_init} + + [D] 'function rule* rule_alloc(const location*, const handle*)' {rule_alloc} + + [D] 'function void rule_free(rule*)' {rule_free} + + [D] 'function rule* rule_get(rule*)' {rule_get} + + [D] 'function rule* rule_lookup(const chain*, uint64_t)' {rule_lookup} + + [D] 'function error_record* rule_postprocess(rule*)' {rule_postprocess} + + [D] 'function void rule_print(const rule*, output_ctx*)' {rule_print} + + [D] 'function void scanner_destroy(void*)' {scanner_destroy} + + [D] 'function int scanner_include_file(nft_ctx*, void*, const char*, const location*)' {scanner_include_file} + + [D] 'function void* scanner_init(parser_state*)' {scanner_init} + + [D] 'function void scanner_push_buffer(void*, const input_descriptor*, const char*)' {scanner_push_buffer} + + [D] 'function int scanner_read_file(void*, const char*, const location*)' {scanner_read_file} + + [D] 'function scope* scope_init(scope*, const scope*)' {scope_init} + + [D] 'function void scope_release(const scope*)' {scope_release} + + [D] 'function void set_add_hash(set*, table*)' {set_add_hash} + + [D] 'function set* set_alloc(const location*)' {set_alloc} + + [D] 'function set* set_clone(const set*)' {set_clone} + + [D] 'function const datatype* set_datatype_alloc(const datatype*, unsigned int)' {set_datatype_alloc} + + [D] 'function void set_datatype_destroy(const datatype*)' {set_datatype_destroy} + + [D] 'function expr* set_elem_expr_alloc(const location*, expr*)' {set_elem_expr_alloc} + + [D] 'function expr* set_expr_alloc(const location*, const set*)' {set_expr_alloc} + + [D] 'function void set_free(set*)' {set_free} + + [D] 'function set* set_get(set*)' {set_get} + + [D] 'function set* set_lookup(const table*, const char*)' {set_lookup} + + [D] 'function set* set_lookup_global(uint32_t, const char*, const char*, nft_cache*)' {set_lookup_global} + + [D] 'function const char* set_policy2str(uint32_t)' {set_policy2str} + + [D] 'function void set_print(const set*, output_ctx*)' {set_print} + + [D] 'function void set_print_plain(const set*, output_ctx*)' {set_print_plain} + + [D] 'function expr* set_ref_expr_alloc(const location*, set*)' {set_ref_expr_alloc} + + [D] 'function stmt* set_stmt_alloc(const location*)' {set_stmt_alloc} + + [D] 'function int set_to_intervals(list_head*, set*, expr*, bool, unsigned int, bool)' {set_to_intervals} + + [D] 'function expr* socket_expr_alloc(const location*, nft_socket_keys)' {socket_expr_alloc} + + [D] 'function stmt* stmt_alloc(const location*, const stmt_ops*)' {stmt_alloc} + + [D] 'function int stmt_evaluate(eval_ctx*, stmt*)' {stmt_evaluate} + + [D] 'function void stmt_free(stmt*)' {stmt_free} + + [D] 'function void stmt_list_free(list_head*)' {stmt_list_free} + + [D] 'function void stmt_print(const stmt*, output_ctx*)' {stmt_print} + + [D] 'function void symbol_bind(scope*, const char*, expr*)' {symbol_bind} + + [D] 'function expr* symbol_expr_alloc(const location*, symbol_types, scope*, const char*)' {symbol_expr_alloc} + + [D] 'function symbol* symbol_get(const scope*, const char*)' {symbol_get} + + [D] 'function symbol* symbol_lookup(const scope*, const char*)' {symbol_lookup} + + [D] 'function error_record* symbol_parse(const expr*, expr**)' {symbol_parse} + + [D] 'function void symbol_table_print(const symbol_table*, const datatype*, byteorder, output_ctx*)' {symbol_table_print} + + [D] 'function int symbol_unbind(const scope*, const char*)' {symbol_unbind} + + [D] 'function error_record* symbolic_constant_parse(const expr*, const symbol_table*, expr**)' {symbolic_constant_parse} + + [D] 'function void symbolic_constant_print(const symbol_table*, const expr*, bool, output_ctx*)' {symbolic_constant_print} + + [D] 'function void table_add_hash(table*, nft_cache*)' {table_add_hash} + + [D] 'function table* table_alloc()' {table_alloc} + + [D] 'function void table_free(table*)' {table_free} + + [D] 'function table* table_get(table*)' {table_get} + + [D] 'function table* table_lookup(const handle*, const nft_cache*)' {table_lookup} + + [D] 'function expr* tcpopt_expr_alloc(const location*, uint8_t, uint8_t)' {tcpopt_expr_alloc} + + [D] 'function bool tcpopt_find_template(expr*, const expr*, unsigned int*)' {tcpopt_find_template} + + [D] 'function void tcpopt_init_raw(expr*, uint8_t, unsigned int, unsigned int, uint32_t)' {tcpopt_init_raw} + + [D] 'function error_record* time_parse(const location*, const char*, uint64_t*)' {time_parse} + + [D] 'function void time_print(uint64_t, output_ctx*)' {time_print} + + [D] 'function expr* unary_expr_alloc(const location*, ops, expr*)' {unary_expr_alloc} + + [D] 'function expr* variable_expr_alloc(const location*, scope*, symbol*)' {variable_expr_alloc} + + [D] 'function expr* verdict_expr_alloc(const location*, int, const char*)' {verdict_expr_alloc} + + [D] 'function stmt* verdict_stmt_alloc(const location*, expr*)' {verdict_stmt_alloc} + + [D] 'function void xfree(void*)' {xfree} + + [D] 'function void* xmalloc(size_t)' {xmalloc} + + [D] 'function void* xmalloc_array(size_t, size_t)' {xmalloc_array} + + [D] 'function void* xrealloc(void*, size_t)' {xrealloc} + + [D] 'function char* xstrdup(const char*)' {xstrdup} + + [D] 'function void xstrunescape(const char*, char*)' {xstrunescape} + + [D] 'function stmt* xt_stmt_alloc(const location*)' {xt_stmt_alloc} + + [D] 'function void* xzalloc(size_t)' {xzalloc} + + + +2 Added functions: + + + + [A] 'function unsigned int nft_ctx_output_get_flags(nft_ctx*)' {nft_ctx_output_get_flags} + + [A] 'function void nft_ctx_output_set_flags(nft_ctx*, unsigned int)' {nft_ctx_output_set_flags} + + + +2 functions with some indirect sub-type change: + + + + [C]'function int nft_ctx_add_include_path(nft_ctx*, const char*)' at libnftables.c:102:1 has some indirect sub-type changes: + + parameter 1 of type 'nft_ctx*' has sub-type changes: + + in pointed to type 'struct nft_ctx' at nftables.h:111:1: + + type size changed from 1600 to 1856 (in bits) + + 2 data member insertions: + + 'scope* nft_ctx::top_scope', at offset 1728 (in bits) at nftables.h:123:1 + + 'void* nft_ctx::json_root', at offset 1792 (in bits) at nftables.h:124:1 + + 6 data member changes: + + type of 'output_ctx nft_ctx::output' changed: + + type size changed from 832 to 960 (in bits) + + 5 data member deletions: + + 'unsigned int output_ctx::stateless', at offset 32 (in bits) at nftables.h:20:1 + + + + 'unsigned int output_ctx::ip2name', at offset 64 (in bits) at nftables.h:21:1 + + + + 'unsigned int output_ctx::handle', at offset 96 (in bits) at nftables.h:22:1 + + + + 'unsigned int output_ctx::echo', at offset 128 (in bits) at nftables.h:23:1 + + + + 'unsigned int output_ctx::json', at offset 160 (in bits) at nftables.h:24:1 + + + + 1 data member insertion: + + 'symbol_tables output_ctx::tbl', at offset 704 (in bits) at nftables.h:35:1 + + 1 data member change: + + offset changed from 192 to 64 (in bits) (by -128 bits) + + no data member change (1 filtered); + + + + 'bool nft_ctx::check' offset changed from 1088 to 1216 (in bits) (by +128 bits) + + type of 'nft_cache nft_ctx::cache' changed: + + type size hasn't changed + + 1 data member insertion: + + 'uint32_t nft_cache::flags', at offset 224 (in bits) at nftables.h:102:1 + + 1 data member change: + + type of 'uint16_t nft_cache::genid' changed: + + typedef name changed from uint16_t to uint32_t at stdint-uintn.h:26:1 + + underlying type 'typedef __uint16_t' at types.h:39:1 changed: + + typedef name changed from __uint16_t to __uint32_t at types.h:41:1 + + underlying type 'unsigned short int' changed: + + type name changed from 'unsigned short int' to 'unsigned int' + + type size changed from 16 to 32 (in bits) + + + + and offset changed from 1152 to 1280 (in bits) (by +128 bits) + + 'uint32_t nft_ctx::flags' offset changed from 1408 to 1536 (in bits) (by +128 bits) + + type of 'parser_state* nft_ctx::state' changed: + + in pointed to type 'struct parser_state' at parser.h:16:1: + + type size changed from 14720 to 640 (in bits) + + 3 data member deletions: + + 'unsigned int parser_state::indesc_idx', at offset 11328 (in bits) at parser.h:19:1 + + + + 'scope parser_state::top_scope', at offset 11520 (in bits) at parser.h:24:1 + + + + 'eval_ctx parser_state::ectx', at offset 12032 (in bits) at parser.h:29:1 + + + + 6 data member changes: + + type of 'input_descriptor* parser_state::indesc' changed: + + in pointed to type 'struct input_descriptor' at nftables.h:188:1: + + type size changed from 704 to 960 (in bits) + + 3 data member insertions: + + 'list_head input_descriptor::list', at offset 0 (in bits) at nftables.h:189:1 + + 'FILE* input_descriptor::f', at offset 128 (in bits) at nftables.h:190:1 + + 'unsigned int input_descriptor::depth', at offset 192 (in bits) at nftables.h:191:1 + + 8 data member changes: + + 'location input_descriptor::location' offset changed from 0 to 256 (in bits) (by +256 bits) + + 'input_descriptor_types input_descriptor::type' offset changed from 320 to 576 (in bits) (by +256 bits) + + 'const char* input_descriptor::name' offset changed from 384 to 640 (in bits) (by +256 bits) + + 'const char* input_descriptor::data' offset changed from 448 to 704 (in bits) (by +256 bits) + + 'unsigned int input_descriptor::lineno' offset changed from 512 to 768 (in bits) (by +256 bits) + + 'unsigned int input_descriptor::column' offset changed from 544 to 800 (in bits) (by +256 bits) + + 'off_t input_descriptor::token_offset' offset changed from 576 to 832 (in bits) (by +256 bits) + + 'off_t input_descriptor::line_offset' offset changed from 640 to 896 (in bits) (by +256 bits) + + + + 'list_head* parser_state::msgs' offset changed from 11392 to 192 (in bits) (by -11200 bits) + + 'unsigned int parser_state::nerrs' offset changed from 11456 to 256 (in bits) (by -11200 bits) + + 'scope* parser_state::scopes[3]' offset changed from 11712 to 320 (in bits) (by -11392 bits) + + 'unsigned int parser_state::scope' offset changed from 11904 to 512 (in bits) (by -11392 bits) + + 'list_head* parser_state::cmds' offset changed from 11968 to 576 (in bits) (by -11392 bits) + + 1 data member change: + + type of 'input_descriptor parser_state::indescs[16]' changed: + + entity changed from 'input_descriptor[16]' to 'struct list_head' at list.h:21:1 + + type size changed from 11264 to 128 (in bits) + + and name of 'parser_state::indescs' changed to 'parser_state::indesc_list' at parser.h:18:1 + + and offset changed from 1472 to 1600 (in bits) (by +128 bits) + + 'void* nft_ctx::scanner' offset changed from 1536 to 1664 (in bits) (by +128 bits) + + + + [C]'function int nft_run_cmd_from_buffer(nft_ctx*, char*, size_t)' at libnftables.c:433:1 has some indirect sub-type changes: + + parameter 3 of type 'typedef size_t' was removed + + + + + + + +2 Removed function symbols not referenced by debug info: + + + + netlink_flush_ruleset + + netlink_flush_table + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/openhpi_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/openhpi_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..52b657ec772ee7c7ea5b7aac5e03ae6cc41022b5 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/openhpi_all_result.md @@ -0,0 +1,84 @@ +# Functions changed info + +---------------diffs in openhpi_libopenhpi.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libopenhpiutils.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libopenhpimarshal.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_liboa_soap.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libopenhpitransport.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libilo2_ribcl.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libtest_agent.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libov_rest.so.3.8.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 function with some indirect sub-type change: + + + + [C]'function SaErrorT curlerr_to_ov_rest_err(CURLcode)' at ov_rest_callsupport.c:82:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef CURLcode' has sub-type changes: + + underlying type 'enum __anonymous_enum__' at curl.h:475:1 changed: + + type size hasn't changed + + 2 enumerator insertions: + + '__anonymous_enum__::CURLE_HTTP3' value '95' + + '__anonymous_enum__::CURLE_QUIC_CONNECT_ERROR' value '96' + + + + 1 enumerator change: + + '__anonymous_enum__::CURL_LAST' from value '95' to '97' at curl.h:481:1 + + + + + + + +---------------diffs in openhpi_libsimulator.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libipmidirect.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libslave.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libopenhpi_snmp.so.3.8.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (4 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in openhpi_libsnmp_bc.so.3.8.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (11 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in openhpi_libsysfs2hpi.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libdyn_simulator.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libopenhpi_ssl.so.3.8.0_abidiff.out:---------------- + +---------------diffs in openhpi_libwatchdog.so.3.8.0_abidiff.out:---------------- + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/openldap_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/openldap_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..7fea97b240b91b23b8ed2d44edfeba5f0321f01a --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/openldap_all_result.md @@ -0,0 +1,224 @@ +# Functions changed info + +---------------diffs in openldap_libldap-2.4.so.2.10.13_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 4 Changed (188 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 2 Changed, 0 Added variables + + + +4 functions with some indirect sub-type change: + + + + [C]'function int ldap_abandon(LDAP*, int)' at abandon.c:99:1 has some indirect sub-type changes: + + parameter 1 of type 'LDAP*' has sub-type changes: + + in pointed to type 'typedef LDAP' at ldap.h:754:1: + + underlying type 'struct ldap' at ldap-int.h:477:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'ldap_common* ldap::ldc' changed: + + in pointed to type 'struct ldap_common' at ldap-int.h:389:1: + + type size changed from 3840 to 3904 (in bits) + + 1 data member change: + + type of 'ldapoptions ldap_common::ldc_options' changed: + + type size changed from 3072 to 3136 (in bits) + + 10 data member changes (4 filtered): + + type of 'ldaptls ldapoptions::ldo_tls_info' changed: + + type size changed from 576 to 640 (in bits) + + 1 data member insertion: + + 'char* ldaptls::lt_ecname', at offset 512 (in bits) at ldap-int.h:168:1 + + 1 data member change: + + 'int ldaptls::lt_protocol_min' offset changed from 512 to 576 (in bits) (by +64 bits) + + + + 'int ldapoptions::ldo_tls_mode' offset changed from 2432 to 2496 (in bits) (by +64 bits) + + 'int ldapoptions::ldo_tls_require_cert' offset changed from 2464 to 2528 (in bits) (by +64 bits) + + 'int ldapoptions::ldo_tls_impl' offset changed from 2496 to 2560 (in bits) (by +64 bits) + + 'int ldapoptions::ldo_tls_crlcheck' offset changed from 2528 to 2592 (in bits) (by +64 bits) + + 'char* ldapoptions::ldo_def_sasl_mech' offset changed from 2560 to 2624 (in bits) (by +64 bits) + + 'char* ldapoptions::ldo_def_sasl_realm' offset changed from 2624 to 2688 (in bits) (by +64 bits) + + 'char* ldapoptions::ldo_def_sasl_authcid' offset changed from 2688 to 2752 (in bits) (by +64 bits) + + 'char* ldapoptions::ldo_def_sasl_authzid' offset changed from 2752 to 2816 (in bits) (by +64 bits) + + 'sasl_security_properties ldapoptions::ldo_sasl_secprops' offset changed from 2816 to 2880 (in bits) (by +64 bits) + + + + + + + + [C]'function void ldap_int_initialize_global_options(ldapoptions*, int*)' at init.c:517:1 has some indirect sub-type changes: + + parameter 1 of type 'ldapoptions*' has sub-type changes: + + pointed to type 'struct ldapoptions' changed at ldap-int.h:183:1, as reported earlier + + + + [C]'function int ldap_int_sasl_config(ldapoptions*, int, const char*)' at cyrus.c:909:1 has some indirect sub-type changes: + + parameter 1 of type 'ldapoptions*' has sub-type changes: + + pointed to type 'struct ldapoptions' changed at ldap-int.h:183:1, as reported earlier + + + + [C]'function void ldap_int_tls_destroy(ldapoptions*)' at tls2.c:102:1 has some indirect sub-type changes: + + parameter 1 of type 'ldapoptions*' has sub-type changes: + + pointed to type 'struct ldapoptions' changed at ldap-int.h:183:1, as reported earlier + + + + + +---------------diffs in openldap_libslapi-2.4.so.2.10.13_abidiff.out:---------------- + +---------------diffs in openldap_libldap_r-2.4.so.2.10.13_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 4 Changed (188 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 2 Changed, 0 Added variables + + + +4 functions with some indirect sub-type change: + + + + [C]'function int ldap_abandon(LDAP*, int)' at abandon.c:99:1 has some indirect sub-type changes: + + parameter 1 of type 'LDAP*' has sub-type changes: + + in pointed to type 'typedef LDAP' at ldap.h:754:1: + + underlying type 'struct ldap' at ldap-int.h:477:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'ldap_common* ldap::ldc' changed: + + in pointed to type 'struct ldap_common' at ldap-int.h:389:1: + + type size changed from 6528 to 6592 (in bits) + + 7 data member changes: + + type of 'ldapoptions ldap_common::ldc_options' changed: + + type size changed from 3456 to 3520 (in bits) + + 11 data member changes (4 filtered): + + type of 'ldaptls ldapoptions::ldo_tls_info' changed: + + type size changed from 576 to 640 (in bits) + + 1 data member insertion: + + 'char* ldaptls::lt_ecname', at offset 512 (in bits) at ldap-int.h:168:1 + + 1 data member change: + + 'int ldaptls::lt_protocol_min' offset changed from 512 to 576 (in bits) (by +64 bits) + + + + 'int ldapoptions::ldo_tls_mode' offset changed from 2432 to 2496 (in bits) (by +64 bits) + + 'int ldapoptions::ldo_tls_require_cert' offset changed from 2464 to 2528 (in bits) (by +64 bits) + + 'int ldapoptions::ldo_tls_impl' offset changed from 2496 to 2560 (in bits) (by +64 bits) + + 'int ldapoptions::ldo_tls_crlcheck' offset changed from 2528 to 2592 (in bits) (by +64 bits) + + 'char* ldapoptions::ldo_def_sasl_mech' offset changed from 2560 to 2624 (in bits) (by +64 bits) + + 'char* ldapoptions::ldo_def_sasl_realm' offset changed from 2624 to 2688 (in bits) (by +64 bits) + + 'char* ldapoptions::ldo_def_sasl_authcid' offset changed from 2688 to 2752 (in bits) (by +64 bits) + + 'char* ldapoptions::ldo_def_sasl_authzid' offset changed from 2752 to 2816 (in bits) (by +64 bits) + + 'sasl_security_properties ldapoptions::ldo_sasl_secprops' offset changed from 2816 to 2880 (in bits) (by +64 bits) + + 'ldap_pvt_thread_mutex_t ldapoptions::ldo_mutex' offset changed from 3072 to 3136 (in bits) (by +64 bits) + + + + 'ldap_pvt_thread_mutex_t ldap_common::ldc_mutex' offset changed from 4224 to 4288 (in bits) (by +64 bits) + + 'ldap_pvt_thread_mutex_t ldap_common::ldc_msgid_mutex' offset changed from 4608 to 4672 (in bits) (by +64 bits) + + 'ldap_pvt_thread_mutex_t ldap_common::ldc_conn_mutex' offset changed from 4992 to 5056 (in bits) (by +64 bits) + + 'ldap_pvt_thread_mutex_t ldap_common::ldc_req_mutex' offset changed from 5376 to 5440 (in bits) (by +64 bits) + + 'ldap_pvt_thread_mutex_t ldap_common::ldc_res_mutex' offset changed from 5760 to 5824 (in bits) (by +64 bits) + + 'ldap_pvt_thread_mutex_t ldap_common::ldc_abandon_mutex' offset changed from 6144 to 6208 (in bits) (by +64 bits) + + + + + + [C]'function void ldap_int_initialize_global_options(ldapoptions*, int*)' at init.c:517:1 has some indirect sub-type changes: + + parameter 1 of type 'ldapoptions*' has sub-type changes: + + pointed to type 'struct ldapoptions' changed at ldap-int.h:183:1, as reported earlier + + + + [C]'function int ldap_int_sasl_config(ldapoptions*, int, const char*)' at cyrus.c:909:1 has some indirect sub-type changes: + + parameter 1 of type 'ldapoptions*' has sub-type changes: + + pointed to type 'struct ldapoptions' changed at ldap-int.h:183:1, as reported earlier + + + + [C]'function void ldap_int_tls_destroy(ldapoptions*)' at tls2.c:102:1 has some indirect sub-type changes: + + parameter 1 of type 'ldapoptions*' has sub-type changes: + + pointed to type 'struct ldapoptions' changed at ldap-int.h:183:1, as reported earlier + + + + + +---------------diffs in openldap_liblber-2.4.so.2.10.13_abidiff.out:---------------- + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/pam_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/pam_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..49e36c7856c479c98b624ef9192857ea0e054b8b --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/pam_all_result.md @@ -0,0 +1,170 @@ +# Functions changed info + +---------------diffs in pam_pam_timestamp.so_abidiff.out:---------------- + +---------------diffs in pam_pam_filter.so_abidiff.out:---------------- + +---------------diffs in pam_pam_issue.so_abidiff.out:---------------- + +---------------diffs in pam_pam_debug.so_abidiff.out:---------------- + +---------------diffs in pam_pam_userdb.so_abidiff.out:---------------- + +---------------diffs in pam_pam_mkhomedir.so_abidiff.out:---------------- + +---------------diffs in pam_pam_loginuid.so_abidiff.out:---------------- + +---------------diffs in pam_pam_echo.so_abidiff.out:---------------- + +---------------diffs in pam_pam_securetty.so_abidiff.out:---------------- + +---------------diffs in pam_pam_group.so_abidiff.out:---------------- + +---------------diffs in pam_pam_limits.so_abidiff.out:---------------- + +---------------diffs in pam_pam_tty_audit.so_abidiff.out:---------------- + +---------------diffs in pam_pam_motd.so_abidiff.out:---------------- + +---------------diffs in pam_pam_rhosts.so_abidiff.out:---------------- + +---------------diffs in pam_pam_selinux.so_abidiff.out:---------------- + +---------------diffs in pam_libpam.so.0.85.1_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed (38 filtered out), 3 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +3 Added functions: + + + + 'function int pam_modutil_check_user_in_passwd(pam_handle_t*, const char*, const char*)' {pam_modutil_check_user_in_passwd@@LIBPAM_MODUTIL_1.4.1} + + 'function char* pam_modutil_search_key(pam_handle_t*, const char*, const char*)' {pam_modutil_search_key@@LIBPAM_MODUTIL_1.3.2} + + 'function int pam_start_confdir(const char*, const char*, const pam_conv*, const char*, pam_handle_t**)' {pam_start_confdir@@LIBPAM_1.4} + + + +1 function with some indirect sub-type change: + + + + [C]'function int pam_acct_mgmt(pam_handle_t*, int)' at pam_account.c:7:1 has some indirect sub-type changes: + + parameter 1 of type 'pam_handle_t*' has sub-type changes: + + in pointed to type 'typedef pam_handle_t' at _pam_types.h:18:1: + + underlying type 'struct pam_handle' at pam_private.h:147:1 changed: + + type size changed from 2944 to 3072 (in bits) + + 2 data member insertions: + + 'int pam_handle::authtok_verified', at offset 2944 (in bits) at pam_private.h:180:1 + + 'char* pam_handle::confdir', at offset 3008 (in bits) at pam_private.h:181:1 + + no data member changes (2 filtered); + + + + + +---------------diffs in pam_pam_access.so_abidiff.out:---------------- + +---------------diffs in pam_pam_sepermit.so_abidiff.out:---------------- + +---------------diffs in pam_pam_pwhistory.so_abidiff.out:---------------- + +---------------diffs in pam_pam_rootok.so_abidiff.out:---------------- + +---------------diffs in pam_pam_cracklib.so_abidiff.out:---------------- + +---------------diffs in pam_pam_ftp.so_abidiff.out:---------------- + +---------------diffs in pam_libpam_misc.so.0.82.1_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed (2 filtered out), 0 Added variables + + + +---------------diffs in pam_pam_keyinit.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Added functions: + + + + 'function int pam_sm_authenticate(pam_handle_t*, int, int, const char**)' {pam_sm_authenticate} + + 'function int pam_sm_setcred(pam_handle_t*, int, int, const char**)' {pam_sm_setcred} + + + +---------------diffs in pam_pam_mail.so_abidiff.out:---------------- + +---------------diffs in pam_pam_nologin.so_abidiff.out:---------------- + +---------------diffs in pam_pam_tally2.so_abidiff.out:---------------- + +---------------diffs in pam_pam_xauth.so_abidiff.out:---------------- + +---------------diffs in pam_pam_warn.so_abidiff.out:---------------- + +---------------diffs in pam_pam_exec.so_abidiff.out:---------------- + +---------------diffs in pam_pam_umask.so_abidiff.out:---------------- + +---------------diffs in pam_pam_stress.so_abidiff.out:---------------- + +---------------diffs in pam_pam_wheel.so_abidiff.out:---------------- + +---------------diffs in pam_pam_localuser.so_abidiff.out:---------------- + +---------------diffs in pam_pam_lastlog.so_abidiff.out:---------------- + +---------------diffs in pam_pam_faillock.so_abidiff.out:---------------- + +---------------diffs in pam_pam_time.so_abidiff.out:---------------- + +---------------diffs in pam_pam_tally.so_abidiff.out:---------------- + +---------------diffs in pam_pam_permit.so_abidiff.out:---------------- + +---------------diffs in pam_pam_unix.so_abidiff.out:---------------- + +---------------diffs in pam_pam_shells.so_abidiff.out:---------------- + +---------------diffs in pam_pam_faildelay.so_abidiff.out:---------------- + +---------------diffs in pam_pam_env.so_abidiff.out:---------------- + +---------------diffs in pam_pam_listfile.so_abidiff.out:---------------- + +---------------diffs in pam_libpamc.so.0.82.1_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (1 filtered out), 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in pam_pam_namespace.so_abidiff.out:---------------- + +---------------diffs in pam_pam_deny.so_abidiff.out:---------------- + +---------------diffs in pam_pam_succeed_if.so_abidiff.out:---------------- + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/pkgconf_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/pkgconf_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..a000f470df9d192ea9ae153aa99b68a6f680afee --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/pkgconf_all_result.md @@ -0,0 +1,34 @@ +# Functions changed info + +---------------diffs in pkgconf_libpkgconf.so.3.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed (4 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 function with some indirect sub-type change: + + + + [C]'function void pkgconf_client_dir_list_build(pkgconf_client_t*, const pkgconf_cross_personality_t*)' at client.c:61:1 has some indirect sub-type changes: + + parameter 2 of type 'const pkgconf_cross_personality_t*' has sub-type changes: + + in pointed to type 'const pkgconf_cross_personality_t': + + in unqualified underlying type 'typedef pkgconf_cross_personality_t' at libpkgconf.h:68:1: + + underlying type 'struct pkgconf_cross_personality_' at libpkgconf.h:196:1 changed: + + type size changed from 704 to 768 (in bits) + + 1 data member insertion: + + 'bool pkgconf_cross_personality_::want_default_static', at offset 704 (in bits) at libpkgconf.h:206:1 + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/plymouth_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/plymouth_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..43ade02c4fc79aecb97402752c4e6c5411bbca30 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/plymouth_all_result.md @@ -0,0 +1,294 @@ +# Functions changed info + +---------------diffs in plymouth_details.so_abidiff.out:---------------- + +---------------diffs in plymouth_libply-splash-core.so.5.0.0_abidiff.out:---------------- + +Functions changes summary: 4 Removed, 0 Changed (14 filtered out), 4 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +4 Removed functions: + + + + 'function double ply_text_progress_bar_get_percent_done(ply_text_progress_bar_t*)' {ply_text_progress_bar_get_percent_done} + + 'function void ply_text_progress_bar_set_percent_done(ply_text_progress_bar_t*, double)' {ply_text_progress_bar_set_percent_done} + + 'function double ply_text_step_bar_get_percent_done(ply_text_step_bar_t*)' {ply_text_step_bar_get_percent_done} + + 'function void ply_text_step_bar_set_percent_done(ply_text_step_bar_t*, double)' {ply_text_step_bar_set_percent_done} + + + +4 Added functions: + + + + 'function double ply_text_progress_bar_get_fraction_done(ply_text_progress_bar_t*)' {ply_text_progress_bar_get_fraction_done} + + 'function void ply_text_progress_bar_set_fraction_done(ply_text_progress_bar_t*, double)' {ply_text_progress_bar_set_fraction_done} + + 'function double ply_text_step_bar_get_fraction_done(ply_text_step_bar_t*)' {ply_text_step_bar_get_fraction_done} + + 'function void ply_text_step_bar_set_fraction_done(ply_text_step_bar_t*, double)' {ply_text_step_bar_set_fraction_done} + + + +---------------diffs in plymouth_label.so_abidiff.out:---------------- + +---------------diffs in plymouth_frame-buffer.so_abidiff.out:---------------- + +---------------diffs in plymouth_drm.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 function with some indirect sub-type change: + + + + [C]'function ply_renderer_plugin_interface_t* ply_renderer_backend_get_interface()' at plugin.c:1847:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef ply_renderer_plugin_interface_t' at ply-renderer-plugin.h:79:1: + + underlying type 'struct {ply_renderer_backend_t* (const char*, ply_terminal_t*)* create_backend; void (ply_renderer_backend_t*)* destroy_backend; bool (ply_renderer_backend_t*)* open_device; void (ply_renderer_backend_t*)* close_device; bool (ply_renderer_backend_t*)* query_device; bool (ply_renderer_backend_t*)* handle_change_event; bool (ply_renderer_backend_t*)* map_to_device; void (ply_renderer_backend_t*)* unmap_from_device; void (ply_renderer_backend_t*)* activate; void (ply_renderer_backend_t*)* deactivate; void (ply_renderer_backend_t*, ply_renderer_head_t*)* flush_head; ply_list_t* (ply_renderer_backend_t*)* get_heads; ply_pixel_buffer_t* (ply_renderer_backend_t*, ply_renderer_head_t*)* get_buffer_for_head; ply_renderer_input_source_t* (ply_renderer_backend_t*)* get_input_source; bool (ply_renderer_backend_t*, ply_renderer_input_source_t*)* open_input_source; void (ply_renderer_backend_t*, ply_renderer_input_source_t*, typedef ply_renderer_input_source_handler_t, void*)* set_handler_for_input_source; void (ply_renderer_backend_t*, ply_renderer_input_source_t*)* close_input_source; const char* (ply_renderer_backend_t*)* get_device_name; bool (ply_renderer_backend_t*, int*, int*, ply_pixel_buffer_rotation_t*, int*)* get_panel_properties; bool (ply_renderer_backend_t*)* get_capslock_state; const char* (ply_renderer_backend_t*)* get_keymap;}' at ply-renderer-plugin.h:38:1 changed: + + type size hasn't changed + + 2 data member changes (19 filtered): + + type of 'void (ply_renderer_backend_t*)* activate' changed: + + in pointed to type 'function type void (ply_renderer_backend_t*)': + + parameter 1 of type 'ply_renderer_backend_t*' has sub-type changes: + + in pointed to type 'typedef ply_renderer_backend_t' at ply-renderer-plugin.h:36:1: + + underlying type 'struct _ply_renderer_backend' at plugin.c:132:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'ply_output_t* _ply_renderer_backend::outputs' changed: + + in pointed to type 'typedef ply_output_t' at plugin.c:133:1: + + underlying type 'struct {drmModeModeInfo mode; uint32_t connector_id; uint32_t connector_type; uint32_t controller_id; uint32_t possible_controllers; int device_scale; int link_status; ply_pixel_buffer_rotation_t rotation; bool tiled; bool connected;}' at plugin.c:118:1 changed: + + type size hasn't changed + + 1 data member insertion: + + 'bool uses_hw_rotation', at offset 784 (in bits) at plugin.c:132:1 + + + + + + type of 'void (ply_renderer_backend_t*, ply_renderer_head_t*)* flush_head' changed: + + in pointed to type 'function type void (ply_renderer_backend_t*, ply_renderer_head_t*)': + + parameter 2 of type 'ply_renderer_head_t*' has sub-type changes: + + in pointed to type 'typedef ply_renderer_head_t' at ply-renderer.h:35:1: + + underlying type 'struct _ply_renderer_head' at plugin.c:71:1 changed: + + type size hasn't changed + + 1 data member insertion: + + 'bool _ply_renderer_head::uses_hw_rotation', at offset 1160 (in bits) at plugin.c:87:1 + + no data member change (1 filtered); + + + + + + + +---------------diffs in plymouth_libply-boot-client.so.5.0.0_abidiff.out:---------------- + +---------------diffs in plymouth_text.so_abidiff.out:---------------- + +---------------diffs in plymouth_tribar.so_abidiff.out:---------------- + +---------------diffs in plymouth_space-flares.so_abidiff.out:---------------- + +---------------diffs in plymouth_fade-throbber.so_abidiff.out:---------------- + +---------------diffs in plymouth_libply.so.5.0.0_abidiff.out:---------------- + +---------------diffs in plymouth_libply-splash-graphics.so.5.0.0_abidiff.out:---------------- + +Functions changes summary: 4 Removed, 0 Changed (21 filtered out), 4 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +4 Removed functions: + + + + 'function double ply_progress_animation_get_percent_done(ply_progress_animation_t*)' {ply_progress_animation_get_percent_done} + + 'function void ply_progress_animation_set_percent_done(ply_progress_animation_t*, double)' {ply_progress_animation_set_percent_done} + + 'function double ply_progress_bar_get_percent_done(ply_progress_bar_t*)' {ply_progress_bar_get_percent_done} + + 'function void ply_progress_bar_set_percent_done(ply_progress_bar_t*, double)' {ply_progress_bar_set_percent_done} + + + +4 Added functions: + + + + 'function double ply_progress_animation_get_fraction_done(ply_progress_animation_t*)' {ply_progress_animation_get_fraction_done} + + 'function void ply_progress_animation_set_fraction_done(ply_progress_animation_t*, double)' {ply_progress_animation_set_fraction_done} + + 'function double ply_progress_bar_get_fraction_done(ply_progress_bar_t*)' {ply_progress_bar_get_fraction_done} + + 'function void ply_progress_bar_set_fraction_done(ply_progress_bar_t*, double)' {ply_progress_bar_set_fraction_done} + + + +---------------diffs in plymouth_two-step.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 function with some indirect sub-type change: + + + + [C]'function ply_boot_splash_plugin_interface_t* ply_boot_splash_plugin_get_interface()' at plugin.c:1982:1 has some indirect sub-type changes: + + return type changed: + + in pointed to type 'typedef ply_boot_splash_plugin_interface_t' at ply-boot-splash-plugin.h:98:1: + + underlying type 'struct {ply_boot_splash_plugin_t* (ply_key_file_t*)* create_plugin; void (ply_boot_splash_plugin_t*)* destroy_plugin; void (ply_boot_splash_plugin_t*, ply_keyboard_t*)* set_keyboard; void (ply_boot_splash_plugin_t*, ply_keyboard_t*)* unset_keyboard; void (ply_boot_splash_plugin_t*, ply_pixel_display_t*)* add_pixel_display; void (ply_boot_splash_plugin_t*, ply_pixel_display_t*)* remove_pixel_display; void (ply_boot_splash_plugin_t*, ply_text_display_t*)* add_text_display; void (ply_boot_splash_plugin_t*, ply_text_display_t*)* remove_text_display; bool (ply_boot_splash_plugin_t*, ply_event_loop_t*, ply_buffer_t*, typedef ply_boot_splash_mode_t)* show_splash_screen; void (ply_boot_splash_plugin_t*, int)* system_update; void (ply_boot_splash_plugin_t*, const char*)* update_status; void (ply_boot_splash_plugin_t*, const char*, typedef size_t)* on_boot_output; void (ply_boot_splash_plugin_t*, double, double)* on_boot_progress; void (ply_boot_splash_plugin_t*)* on_root_mounted; void (ply_boot_splash_plugin_t*, ply_event_loop_t*)* hide_splash_screen; void (ply_boot_splash_plugin_t*, const char*)* display_message; void (ply_boot_splash_plugin_t*, const char*)* hide_message; void (ply_boot_splash_plugin_t*)* display_normal; void (ply_boot_splash_plugin_t*, const char*, int)* display_password; void (ply_boot_splash_plugin_t*, const char*, const char*)* display_question; void (ply_boot_splash_plugin_t*, ply_trigger_t*)* become_idle;}' at ply-boot-splash-plugin.h:51:1 changed: + + type size hasn't changed + + 1 data member changes (20 filtered): + + type of 'void (ply_boot_splash_plugin_t*, ply_pixel_display_t*)* add_pixel_display' changed: + + in pointed to type 'function type void (ply_boot_splash_plugin_t*, ply_pixel_display_t*)': + + parameter 1 of type 'ply_boot_splash_plugin_t*' has sub-type changes: + + in pointed to type 'typedef ply_boot_splash_plugin_t' at ply-boot-splash-plugin.h:49:1: + + underlying type 'struct _ply_boot_splash_plugin' at plugin.c:129:1 changed: + + type size changed from 3520 to 3392 (in bits) + + 2 data member deletions: + + 'double _ply_boot_splash_plugin::keyboard_indicator_horizontal_alignment', at offset 2048 (in bits) at plugin.c:149:1 + + + + 'double _ply_boot_splash_plugin::keyboard_indicator_vertical_alignment', at offset 2112 (in bits) at plugin.c:150:1 + + + + 1 data member insertion: + + 'int _ply_boot_splash_plugin::background_bgrt_raw_height', at offset 2784 (in bits) at plugin.c:167:1 + + 23 data member changes: + + type of 'mode_settings_t _ply_boot_splash_plugin::mode_settings[6]' changed: + + array element type 'typedef mode_settings_t' changed: + + underlying type 'struct {bool suppress_messages; bool progress_bar_show_percent_complete; bool use_progress_bar; bool use_animation; bool use_firmware_background; char* title; char* subtitle;}' at plugin.c:118:1 changed: + + type size hasn't changed + + 1 data member insertion: + + 'bool use_end_animation', at offset 32 (in bits) at plugin.c:124:1 + + 1 data member change: + + 'bool use_firmware_background' offset changed from 32 to 40 (in bits) (by +8 bits) + + type size hasn't changed + + + + 'double _ply_boot_splash_plugin::title_horizontal_alignment' offset changed from 2176 to 2048 (in bits) (by -128 bits) + + 'double _ply_boot_splash_plugin::title_vertical_alignment' offset changed from 2240 to 2112 (in bits) (by -128 bits) + + 'char* _ply_boot_splash_plugin::title_font' offset changed from 2304 to 2176 (in bits) (by -128 bits) + + 'double _ply_boot_splash_plugin::watermark_horizontal_alignment' offset changed from 2368 to 2240 (in bits) (by -128 bits) + + 'double _ply_boot_splash_plugin::watermark_vertical_alignment' offset changed from 2432 to 2304 (in bits) (by -128 bits) + + 'double _ply_boot_splash_plugin::animation_horizontal_alignment' offset changed from 2496 to 2368 (in bits) (by -128 bits) + + 'double _ply_boot_splash_plugin::animation_vertical_alignment' offset changed from 2560 to 2432 (in bits) (by -128 bits) + + 'char* _ply_boot_splash_plugin::animation_dir' offset changed from 2624 to 2496 (in bits) (by -128 bits) + + 'ply_progress_animation_transition_t _ply_boot_splash_plugin::transition' offset changed from 2688 to 2560 (in bits) (by -128 bits) + + 'double _ply_boot_splash_plugin::transition_duration' offset changed from 2752 to 2624 (in bits) (by -128 bits) + + 'uint32_t _ply_boot_splash_plugin::background_start_color' offset changed from 2816 to 2688 (in bits) (by -128 bits) + + 'uint32_t _ply_boot_splash_plugin::background_end_color' offset changed from 2848 to 2720 (in bits) (by -128 bits) + + 'int _ply_boot_splash_plugin::background_bgrt_raw_width' offset changed from 2880 to 2752 (in bits) (by -128 bits) + + 'double _ply_boot_splash_plugin::progress_bar_horizontal_alignment' offset changed from 2944 to 2816 (in bits) (by -128 bits) + + 'double _ply_boot_splash_plugin::progress_bar_vertical_alignment' offset changed from 3008 to 2880 (in bits) (by -128 bits) + + 'long int _ply_boot_splash_plugin::progress_bar_width' offset changed from 3072 to 2944 (in bits) (by -128 bits) + + 'long int _ply_boot_splash_plugin::progress_bar_height' offset changed from 3136 to 3008 (in bits) (by -128 bits) + + 'uint32_t _ply_boot_splash_plugin::progress_bar_bg_color' offset changed from 3200 to 3072 (in bits) (by -128 bits) + + 'uint32_t _ply_boot_splash_plugin::progress_bar_fg_color' offset changed from 3232 to 3104 (in bits) (by -128 bits) + + 'progress_function_t _ply_boot_splash_plugin::progress_function' offset changed from 3264 to 3136 (in bits) (by -128 bits) + + 'ply_trigger_t* _ply_boot_splash_plugin::idle_trigger' offset changed from 3328 to 3200 (in bits) (by -128 bits) + + 'ply_trigger_t* _ply_boot_splash_plugin::stop_trigger' offset changed from 3392 to 3264 (in bits) (by -128 bits) + + + + + + + +---------------diffs in plymouth_script.so_abidiff.out:---------------- + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/readline_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/readline_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..44c52f3df09e3babd8fccea5f17e98057ff6f0fd --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/readline_all_result.md @@ -0,0 +1,28 @@ +# Functions changed info + +---------------diffs in readline_libreadline.so.7.0_abidiff.out:---------------- + +---------------diffs in readline_libhistory.so.8.0_abidiff.out:---------------- + +ELF SONAME changed + +Functions changes summary: 0 Removed, 0 Changed, 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added (1 filtered out) variable + + + +SONAME changed from 'libhistory.so.7' to 'libhistory.so.8' + + + +2 Added functions: + + + + 'function int _hs_history_patsearch(const char*, int, int)' {_hs_history_patsearch} + + 'function HIST_ENTRY** remove_history_range(int, int)' {remove_history_range} + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/rhash_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/rhash_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..43ae1d91a7af8377386e9543f956db463ddbae87 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/rhash_all_result.md @@ -0,0 +1,72 @@ +# Functions changed info + +---------------diffs in rhash_librhash.so.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 3 Changed, 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +3 functions with some indirect sub-type change: + + + + [C]'function int rhash_torrent_add_file(rhash, const char*, uint64_t)' at rhash_torrent.c:30:1 has some indirect sub-type changes: + + parameter 3 of type 'typedef uint64_t' changed: + + entity changed from 'typedef uint64_t' to compatible type 'long long unsigned int' + + type name changed from 'unsigned long int' to 'long long unsigned int' + + type size hasn't changed + + + + + + [C]'function size_t rhash_torrent_get_default_piece_length(uint64_t)' at rhash_torrent.c:60:1 has some indirect sub-type changes: + + parameter 1 of type 'typedef uint64_t' changed: + + entity changed from 'typedef uint64_t' to compatible type 'long long unsigned int' + + type name changed from 'unsigned long int' to 'long long unsigned int' + + type size hasn't changed + + + + + + [C]'function rhash_uptr_t rhash_transmit(unsigned int, void*, rhash_uptr_t, rhash_uptr_t)' at rhash.c:695:1 has some indirect sub-type changes: + + parameter 3 of type 'typedef rhash_uptr_t' changed: + + underlying type 'typedef uintptr_t' at stdint.h:90:1 changed: + + entity changed from 'typedef uintptr_t' to compatible type 'long long unsigned int' + + type name changed from 'unsigned long int' to 'long long unsigned int' + + type size hasn't changed + + + + parameter 4 of type 'typedef rhash_uptr_t' changed: + + underlying type 'typedef uintptr_t' at stdint.h:90:1 changed: + + entity changed from 'typedef uintptr_t' to compatible type 'long long unsigned int' + + type name changed from 'unsigned long int' to 'long long unsigned int' + + type size hasn't changed + + + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/subversion_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/subversion_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..d7905606bb98cca2341410c7ffa8394601eb0559 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/subversion_all_result.md @@ -0,0 +1,668 @@ +# Functions changed info + +---------------diffs in subversion_libsvn_fs_base-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (163 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in subversion_mod_authz_svn.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed (1 filtered out), 0 Added variable + + + +---------------diffs in subversion_libsvn_ra_svn-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (127 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in subversion_libsvn_repos-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed (48 filtered out), 5 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +5 Added functions: + + + + 'function svn_error_t* svn_repos__dump_magic_header_record(svn_stream_t*, int, apr_pool_t*)' {svn_repos__dump_magic_header_record} + + 'function svn_error_t* svn_repos__dump_uuid_header_record(svn_stream_t*, const char*, apr_pool_t*)' {svn_repos__dump_uuid_header_record} + + 'function svn_error_t* svn_repos__get_dump_editor(const svn_delta_editor_t**, void**, svn_stream_t*, const char*, apr_pool_t*)' {svn_repos__get_dump_editor} + + 'function svn_error_t* svn_repos_authz_parse2(svn_authz_t**, svn_stream_t*, svn_stream_t*, svn_repos_authz_warning_func_t, void*, apr_pool_t*, apr_pool_t*)' {svn_repos_authz_parse2} + + 'function svn_error_t* svn_repos_authz_read4(svn_authz_t**, const char*, const char*, svn_boolean_t, svn_repos_t*, svn_repos_authz_warning_func_t, void*, apr_pool_t*, apr_pool_t*)' {svn_repos_authz_read4} + + + +1 function with some indirect sub-type change: + + + + [C]'function svn_error_t* svn_authz__parse(authz_full_t**, svn_stream_t*, svn_stream_t*, apr_pool_t*, apr_pool_t*)' at authz_parse.c:1369:1 has some indirect sub-type changes: + + parameter 4 of type 'apr_pool_t*' changed: + + entity changed from 'apr_pool_t*' to compatible type 'typedef svn_repos_authz_warning_func_t' at svn_repos.h:4158:1 + + in pointed to type 'struct apr_pool_t': + + entity changed from 'struct apr_pool_t' to 'function type void (void*, const svn_error_t*, apr_pool_t*)' + + type size changed from 0 to 64 (in bits) + + parameter 5 of type 'apr_pool_t*' changed: + + in pointed to type 'typedef apr_pool_t': + + entity changed from 'typedef apr_pool_t' to 'void' + + type size hasn't changed + + parameter 6 of type 'apr_pool_t*' was added + + parameter 7 of type 'apr_pool_t*' was added + + + + + + + +---------------diffs in subversion_libsvn_client-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 8 Removed, 1 Changed (264 filtered out), 41 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +8 Removed functions: + + + + 'function svn_error_t* svn_client__copy_foreign(const char*, const char*, svn_opt_revision_t*, svn_opt_revision_t*, svn_depth_t, svn_boolean_t, svn_boolean_t, svn_client_ctx_t*, apr_pool_t*)' {svn_client__copy_foreign} + + 'function svn_error_t* svn_client_shelf_get_paths(apr_hash_t**, const char*, const char*, svn_client_ctx_t*, apr_pool_t*, apr_pool_t*)' {svn_client_shelf_get_paths} + + 'function svn_error_t* svn_client_shelf_has_changes(svn_boolean_t*, const char*, const char*, svn_client_ctx_t*, apr_pool_t*)' {svn_client_shelf_has_changes} + + 'function svn_error_t* svn_client_shelve(const char*, const apr_array_header_t*, svn_depth_t, const apr_array_header_t*, svn_boolean_t, svn_boolean_t, svn_client_ctx_t*, apr_pool_t*)' {svn_client_shelve} + + 'function svn_error_t* svn_client_shelves_any(svn_boolean_t*, const char*, svn_client_ctx_t*, apr_pool_t*)' {svn_client_shelves_any} + + 'function svn_error_t* svn_client_shelves_delete(const char*, const char*, svn_boolean_t, svn_client_ctx_t*, apr_pool_t*)' {svn_client_shelves_delete} + + 'function svn_error_t* svn_client_shelves_list(apr_hash_t**, const char*, svn_client_ctx_t*, apr_pool_t*, apr_pool_t*)' {svn_client_shelves_list} + + 'function svn_error_t* svn_client_unshelve(const char*, const char*, svn_boolean_t, svn_boolean_t, svn_client_ctx_t*, apr_pool_t*)' {svn_client_unshelve} + + + +41 Added functions: + + + + 'function svn_error_t* svn_client__condense_commit_items2(const char*, apr_array_header_t*, apr_pool_t*)' {svn_client__condense_commit_items2} + + 'function svn_error_t* svn_client__get_diff_writer_svn(svn_diff_tree_processor_t**, const char*, const char*, const char*, const apr_array_header_t*, const char*, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, const char*, svn_stream_t*, svn_stream_t*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__get_diff_writer_svn} + + 'function svn_error_t* svn_client__layout_list(const char*, svn_client__layout_func_t, void*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__layout_list} + + 'function svn_error_t* svn_client__repos_to_wc_copy_by_editor(svn_boolean_t*, svn_node_kind_t, const char*, svn_revnum_t, const char*, svn_ra_session_t*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__repos_to_wc_copy_by_editor} + + 'function svn_error_t* svn_client__repos_to_wc_copy_internal(svn_boolean_t*, svn_node_kind_t, const char*, svn_revnum_t, const char*, svn_ra_session_t*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__repos_to_wc_copy_internal} + + 'function svn_error_t* svn_client__shelf_apply(svn_client__shelf_version_t*, svn_boolean_t, apr_pool_t*)' {svn_client__shelf_apply} + + 'function svn_error_t* svn_client__shelf_close(svn_client__shelf_t*, apr_pool_t*)' {svn_client__shelf_close} + + 'function svn_error_t* svn_client__shelf_delete(const char*, const char*, svn_boolean_t, svn_client_ctx_t*, apr_pool_t*)' {svn_client__shelf_delete} + + 'function svn_error_t* svn_client__shelf_delete_newer_versions(svn_client__shelf_t*, svn_client__shelf_version_t*, apr_pool_t*)' {svn_client__shelf_delete_newer_versions} + + 'function svn_error_t* svn_client__shelf_diff(svn_client__shelf_version_t*, const char*, svn_depth_t, svn_boolean_t, const svn_diff_tree_processor_t*, apr_pool_t*)' {svn_client__shelf_diff} + + 'function svn_error_t* svn_client__shelf_get_all_versions(apr_array_header_t**, svn_client__shelf_t*, apr_pool_t*, apr_pool_t*)' {svn_client__shelf_get_all_versions} + + 'function svn_error_t* svn_client__shelf_get_log_message(char**, svn_client__shelf_t*, apr_pool_t*)' {svn_client__shelf_get_log_message} + + 'function svn_error_t* svn_client__shelf_get_newest_version(svn_client__shelf_version_t**, svn_client__shelf_t*, apr_pool_t*, apr_pool_t*)' {svn_client__shelf_get_newest_version} + + 'function svn_error_t* svn_client__shelf_list(apr_hash_t**, const char*, svn_client_ctx_t*, apr_pool_t*, apr_pool_t*)' {svn_client__shelf_list} + + 'function svn_error_t* svn_client__shelf_mods_editor(const svn_delta_editor_t**, void**, svn_client__shelf_version_t*, svn_wc_notify_func2_t, void*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__shelf_mods_editor} + + 'function svn_error_t* svn_client__shelf_open_existing(svn_client__shelf_t**, const char*, const char*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__shelf_open_existing} + + 'function svn_error_t* svn_client__shelf_open_or_create(svn_client__shelf_t**, const char*, const char*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__shelf_open_or_create} + + 'function svn_error_t* svn_client__shelf_paths_changed(apr_hash_t**, svn_client__shelf_version_t*, apr_pool_t*, apr_pool_t*)' {svn_client__shelf_paths_changed} + + 'function svn_error_t* svn_client__shelf_replay(svn_client__shelf_version_t*, const char*, const svn_delta_editor_t*, void*, svn_wc_notify_func2_t, void*, apr_pool_t*)' {svn_client__shelf_replay} + + 'function svn_error_t* svn_client__shelf_revprop_get(svn_string_t**, svn_client__shelf_t*, const char*, apr_pool_t*)' {svn_client__shelf_revprop_get} + + 'function svn_error_t* svn_client__shelf_revprop_list(apr_hash_t**, svn_client__shelf_t*, apr_pool_t*)' {svn_client__shelf_revprop_list} + + 'function svn_error_t* svn_client__shelf_revprop_set(svn_client__shelf_t*, const char*, const svn_string_t*, apr_pool_t*)' {svn_client__shelf_revprop_set} + + 'function svn_error_t* svn_client__shelf_revprop_set_all(svn_client__shelf_t*, apr_hash_t*, apr_pool_t*)' {svn_client__shelf_revprop_set_all} + + 'function svn_error_t* svn_client__shelf_save_new_version3(svn_client__shelf_version_t**, svn_client__shelf_t*, const apr_array_header_t*, svn_depth_t, const apr_array_header_t*, svn_client_status_func_t, void*, svn_client_status_func_t, void*, apr_pool_t*)' {svn_client__shelf_save_new_version3} + + 'function svn_error_t* svn_client__shelf_set_log_message(svn_client__shelf_t*, const char*, apr_pool_t*)' {svn_client__shelf_set_log_message} + + 'function svn_error_t* svn_client__shelf_test_apply_file(svn_boolean_t*, svn_client__shelf_version_t*, const char*, apr_pool_t*)' {svn_client__shelf_test_apply_file} + + 'function svn_error_t* svn_client__shelf_unapply(svn_client__shelf_version_t*, svn_boolean_t, apr_pool_t*)' {svn_client__shelf_unapply} + + 'function svn_error_t* svn_client__shelf_version_open(svn_client__shelf_version_t**, svn_client__shelf_t*, int, apr_pool_t*, apr_pool_t*)' {svn_client__shelf_version_open} + + 'function svn_error_t* svn_client__shelf_version_status_walk(svn_client__shelf_version_t*, const char*, svn_wc_status_func4_t, void*, apr_pool_t*)' {svn_client__shelf_version_status_walk} + + 'function svn_error_t* svn_client__wc_copy_mods(const char*, const char*, svn_wc_notify_func2_t, void*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__wc_copy_mods} + + 'function svn_error_t* svn_client__wc_editor(const svn_delta_editor_t**, void**, const char*, svn_wc_notify_func2_t, void*, svn_ra_session_t*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__wc_editor} + + 'function svn_error_t* svn_client__wc_editor_internal(const svn_delta_editor_t**, void**, const char*, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_wc_notify_func2_t, void*, svn_ra_session_t*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__wc_editor_internal} + + 'function svn_error_t* svn_client__wc_replay(const char*, const apr_array_header_t*, svn_depth_t, const apr_array_header_t*, const svn_delta_editor_t*, void*, svn_wc_notify_func2_t, void*, svn_client_ctx_t*, apr_pool_t*)' {svn_client__wc_replay} + + 'function svn_error_t* svn_client_blame6(svn_revnum_t*, svn_revnum_t*, const char*, const svn_opt_revision_t*, const svn_opt_revision_t*, const svn_opt_revision_t*, const svn_diff_file_options_t*, svn_boolean_t, svn_boolean_t, svn_client_blame_receiver4_t, void*, svn_client_ctx_t*, apr_pool_t*)' {svn_client_blame6} + + 'function svn_error_t* svn_client_conflict_option_get_moved_to_abspath_candidates2(apr_array_header_t**, svn_client_conflict_option_t*, apr_pool_t*, apr_pool_t*)' {svn_client_conflict_option_get_moved_to_abspath_candidates2} + + 'function svn_error_t* svn_client_conflict_option_get_moved_to_repos_relpath_candidates2(apr_array_header_t**, svn_client_conflict_option_t*, apr_pool_t*, apr_pool_t*)' {svn_client_conflict_option_get_moved_to_repos_relpath_candidates2} + + 'function svn_error_t* svn_client_conflict_option_set_moved_to_abspath2(svn_client_conflict_option_t*, int, svn_client_ctx_t*, apr_pool_t*)' {svn_client_conflict_option_set_moved_to_abspath2} + + 'function svn_error_t* svn_client_conflict_option_set_moved_to_repos_relpath2(svn_client_conflict_option_t*, int, svn_client_ctx_t*, apr_pool_t*)' {svn_client_conflict_option_set_moved_to_repos_relpath2} + + 'function svn_error_t* svn_client_diff7(const apr_array_header_t*, const char*, const svn_opt_revision_t*, const char*, const svn_opt_revision_t*, const char*, svn_depth_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, const char*, svn_stream_t*, svn_stream_t*, const apr_array_header_t*, svn_client_ctx_t*, apr_pool_t*)' {svn_client_diff7} + + 'function svn_error_t* svn_client_diff_peg7(const apr_array_header_t*, const char*, const svn_opt_revision_t*, const svn_opt_revision_t*, const svn_opt_revision_t*, const char*, svn_depth_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_boolean_t, const char*, svn_stream_t*, svn_stream_t*, const apr_array_header_t*, svn_client_ctx_t*, apr_pool_t*)' {svn_client_diff_peg7} + + 'function svn_error_t* svn_client_revert4(const apr_array_header_t*, svn_depth_t, const apr_array_header_t*, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_client_ctx_t*, apr_pool_t*)' {svn_client_revert4} + + + +1 function with some indirect sub-type change: + + + + [C]'function svn_error_t* svn_client__arbitrary_nodes_diff(const char**, svn_boolean_t*, const char*, const char*, svn_depth_t, const svn_diff_tree_processor_t*, svn_client_ctx_t*, apr_pool_t*, apr_pool_t*)' at diff_local.c:650:1 has some indirect sub-type changes: + + parameter 1 of type 'const char**' changed: + + in pointed to type 'const char*': + + entity changed from 'const char*' to 'const char' + + type size changed from 64 to 8 (in bits) + + parameter 2 of type 'svn_boolean_t*' changed: + + in pointed to type 'typedef svn_boolean_t': + + entity changed from 'typedef svn_boolean_t' to 'const char' + + type size changed from 32 to 8 (in bits) + + parameter 3 of type 'const char*' changed: + + entity changed from 'const char*' to 'typedef svn_depth_t' at svn_types_impl.h:151:1 + + type size changed from 64 to 32 (in bits) + + type alignement changed from 0 to 32 + + parameter 4 of type 'const char*' changed: + + in pointed to type 'const char': + + 'const char' changed to 'const svn_diff_tree_processor_t' + + parameter 5 of type 'typedef svn_depth_t' changed: + + entity changed from 'typedef svn_depth_t' to 'svn_client_ctx_t*' + + type size changed from 32 to 64 (in bits) + + type alignement changed from 32 to 0 + + parameter 6 of type 'const svn_diff_tree_processor_t*' changed: + + in pointed to type 'const svn_diff_tree_processor_t' at apr_pools.h:60:1: + + entity changed from 'const svn_diff_tree_processor_t' to 'typedef apr_pool_t' at apr_pools.h:60:1 + + type size changed from 768 to 0 (in bits) + + parameter 7 of type 'svn_client_ctx_t*' was removed + + parameter 8 of type 'apr_pool_t*' was removed + + parameter 9 of type 'apr_pool_t*' was removed + + + + + + + +---------------diffs in subversion_libsvn_diff-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed (18 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 function with some indirect sub-type change: + + + + [C]'function svn_error_t* svn_diff_hunk__create_adds_single_line(svn_diff_hunk_t**, const char*, const svn_patch_t*, apr_pool_t*, apr_pool_t*)' at parse-diff.c:212:1 has some indirect sub-type changes: + + parameter 1 of type 'svn_diff_hunk_t**' has sub-type changes: + + in pointed to type 'svn_diff_hunk_t*': + + in pointed to type 'typedef svn_diff_hunk_t' at svn_diff.h:1077:1: + + underlying type 'struct svn_diff_hunk_t' at parse-diff.c:65:1 changed: + + type size changed from 1280 to 1344 (in bits) + + 1 data member insertion: + + 'svn_boolean_t svn_diff_hunk_t::is_pretty_print_mergeinfo', at offset 128 (in bits) at parse-diff.c:75:1 + + 13 data member changes (1 filtered): + + 'svn_diff__hunk_range svn_diff_hunk_t::diff_text_range' offset changed from 128 to 192 (in bits) (by +64 bits) + + 'svn_diff__hunk_range svn_diff_hunk_t::original_text_range' offset changed from 320 to 384 (in bits) (by +64 bits) + + 'svn_diff__hunk_range svn_diff_hunk_t::modified_text_range' offset changed from 512 to 576 (in bits) (by +64 bits) + + 'svn_linenum_t svn_diff_hunk_t::original_start' offset changed from 704 to 768 (in bits) (by +64 bits) + + 'svn_linenum_t svn_diff_hunk_t::original_length' offset changed from 768 to 832 (in bits) (by +64 bits) + + 'svn_linenum_t svn_diff_hunk_t::modified_start' offset changed from 832 to 896 (in bits) (by +64 bits) + + 'svn_linenum_t svn_diff_hunk_t::modified_length' offset changed from 896 to 960 (in bits) (by +64 bits) + + 'svn_linenum_t svn_diff_hunk_t::leading_context' offset changed from 960 to 1024 (in bits) (by +64 bits) + + 'svn_linenum_t svn_diff_hunk_t::trailing_context' offset changed from 1024 to 1088 (in bits) (by +64 bits) + + 'svn_boolean_t svn_diff_hunk_t::original_no_final_eol' offset changed from 1088 to 1152 (in bits) (by +64 bits) + + 'svn_boolean_t svn_diff_hunk_t::modified_no_final_eol' offset changed from 1120 to 1184 (in bits) (by +64 bits) + + 'svn_linenum_t svn_diff_hunk_t::original_fuzz' offset changed from 1152 to 1216 (in bits) (by +64 bits) + + 'svn_linenum_t svn_diff_hunk_t::modified_fuzz' offset changed from 1216 to 1280 (in bits) (by +64 bits) + + + + + +---------------diffs in subversion_libsvn_fs_x-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (250 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in subversion_libsvn_fs_util-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (1 filtered out), 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in subversion_mod_dav_svn.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (76 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed (6 filtered out), 0 Added variables + + + +---------------diffs in subversion_libsvn_swig_py-1.so.0.0.0_abidiff.out:---------------- + +---------------diffs in subversion_libsvn_auth_gnome_keyring-1.so.0.0.0_abidiff.out:---------------- + +---------------diffs in subversion_libsvn_ra_local-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (1 filtered out), 0 Added function + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in subversion_libsvn_ra-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (72 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in subversion_libsvn_fs-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (108 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in subversion_libsvn_ra_serf-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (58 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +---------------diffs in subversion_libsvn_subr-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 1 Removed, 0 Changed (122 filtered out), 11 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +1 Removed function: + + + + 'function const char* svn_relpath__internal_style(const char*, apr_pool_t*)' {svn_relpath__internal_style} + + + +11 Added functions: + + + + 'function svn_error_t* svn_dirent_canonicalize_safe(const char**, const char**, const char*, apr_pool_t*, apr_pool_t*)' {svn_dirent_canonicalize_safe} + + 'function svn_error_t* svn_dirent_internal_style_safe(const char**, const char**, const char*, apr_pool_t*, apr_pool_t*)' {svn_dirent_internal_style_safe} + + 'function const svn_opt_subcommand_desc3_t* svn_opt_get_canonical_subcommand3(const svn_opt_subcommand_desc3_t*, const char*)' {svn_opt_get_canonical_subcommand3} + + 'function const apr_getopt_option_t* svn_opt_get_option_from_code3(int, const apr_getopt_option_t*, const svn_opt_subcommand_desc3_t*, apr_pool_t*)' {svn_opt_get_option_from_code3} + + 'function void svn_opt_print_generic_help3(const char*, const svn_opt_subcommand_desc3_t*, const apr_getopt_option_t*, const char*, apr_pool_t*, FILE*)' {svn_opt_print_generic_help3} + + 'function svn_error_t* svn_opt_print_help5(apr_getopt_t*, const char*, svn_boolean_t, svn_boolean_t, svn_boolean_t, const char*, const char*, const svn_opt_subcommand_desc3_t*, const apr_getopt_option_t*, const int*, const char*, apr_pool_t*)' {svn_opt_print_help5} + + 'function void svn_opt_subcommand_help4(const char*, const svn_opt_subcommand_desc3_t*, const apr_getopt_option_t*, const int*, apr_pool_t*)' {svn_opt_subcommand_help4} + + 'function svn_boolean_t svn_opt_subcommand_takes_option4(const svn_opt_subcommand_desc3_t*, int, const int*)' {svn_opt_subcommand_takes_option4} + + 'function svn_error_t* svn_relpath__make_internal(const char**, const char*, apr_pool_t*, apr_pool_t*)' {svn_relpath__make_internal} + + 'function svn_error_t* svn_relpath_canonicalize_safe(const char**, const char**, const char*, apr_pool_t*, apr_pool_t*)' {svn_relpath_canonicalize_safe} + + 'function svn_error_t* svn_uri_canonicalize_safe(const char**, const char**, const char*, apr_pool_t*, apr_pool_t*)' {svn_uri_canonicalize_safe} + + + +---------------diffs in subversion_mod_dontdothat.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 0 Added function + +Variables changes summary: 0 Removed, 0 Changed (1 filtered out), 0 Added variable + + + +---------------diffs in subversion_libsvn_delta-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 1 Changed (37 filtered out), 4 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +4 Added functions: + + + + 'function svn_error_t* svn_delta_path_driver3(const svn_delta_editor_t*, void*, const apr_array_header_t*, svn_boolean_t, svn_delta_path_driver_cb_func2_t, void*, apr_pool_t*)' {svn_delta_path_driver3} + + 'function svn_error_t* svn_delta_path_driver_finish(svn_delta_path_driver_state_t*, apr_pool_t*)' {svn_delta_path_driver_finish} + + 'function svn_error_t* svn_delta_path_driver_start(svn_delta_path_driver_state_t**, const svn_delta_editor_t*, void*, svn_delta_path_driver_cb_func2_t, void*, apr_pool_t*)' {svn_delta_path_driver_start} + + 'function svn_error_t* svn_delta_path_driver_step(svn_delta_path_driver_state_t*, const char*, apr_pool_t*)' {svn_delta_path_driver_step} + + + +1 function with some indirect sub-type change: + + + + [C]'function svn_error_t* svn_element__tree_set(svn_element__tree_t*, int, const svn_element__content_t*)' at element.c:379:1 has some indirect sub-type changes: + + return type changed: + + entity changed from 'svn_error_t*' to 'void' + + type size changed from 64 to 0 (in bits) + + + + + +---------------diffs in subversion_libsvn_wc-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 2 Removed, 3 Changed (173 filtered out), 7 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Removed functions: + + + + 'function svn_error_t* svn_wc__find_repos_node_in_wc(apr_array_header_t**, svn_wc__db_t*, const char*, const char*, apr_pool_t*, apr_pool_t*)' {svn_wc__find_repos_node_in_wc} + + 'function svn_error_t* svn_wc__get_shelves_dir(char**, svn_wc_context_t*, const char*, apr_pool_t*, apr_pool_t*)' {svn_wc__get_shelves_dir} + + + +7 Added functions: + + + + 'function svn_error_t* svn_wc__db_find_copies_of_repos_path(apr_array_header_t**, svn_wc__db_t*, const char*, const char*, svn_node_kind_t, apr_pool_t*, apr_pool_t*)' {svn_wc__db_find_copies_of_repos_path} + + 'function svn_error_t* svn_wc__db_find_repos_node_in_wc(apr_array_header_t**, svn_wc__db_t*, const char*, const char*, apr_pool_t*, apr_pool_t*)' {svn_wc__db_find_repos_node_in_wc} + + 'function svn_error_t* svn_wc__db_find_working_nodes_with_basename(apr_array_header_t**, svn_wc__db_t*, const char*, const char*, svn_node_kind_t, apr_pool_t*, apr_pool_t*)' {svn_wc__db_find_working_nodes_with_basename} + + 'function svn_error_t* svn_wc__find_copies_of_repos_path(apr_array_header_t**, const char*, const char*, svn_node_kind_t, svn_wc_context_t*, apr_pool_t*, apr_pool_t*)' {svn_wc__find_copies_of_repos_path} + + 'function svn_error_t* svn_wc__find_working_nodes_with_basename(apr_array_header_t**, const char*, const char*, svn_node_kind_t, svn_wc_context_t*, apr_pool_t*, apr_pool_t*)' {svn_wc__find_working_nodes_with_basename} + + 'function svn_error_t* svn_wc__get_experimental_dir(char**, svn_wc_context_t*, const char*, apr_pool_t*, apr_pool_t*)' {svn_wc__get_experimental_dir} + + 'function svn_error_t* svn_wc_revert6(svn_wc_context_t*, const char*, svn_depth_t, svn_boolean_t, const apr_array_header_t*, svn_boolean_t, svn_boolean_t, svn_boolean_t, svn_cancel_func_t, void*, svn_wc_notify_func2_t, void*, apr_pool_t*)' {svn_wc_revert6} + + + +3 functions with some indirect sub-type change: + + + + [C]'function svn_error_t* svn_wc__conflict_read_tree_conflict(svn_wc_conflict_reason_t*, svn_wc_conflict_action_t*, const char**, svn_wc__db_t*, const char*, const svn_skel_t*, apr_pool_t*, apr_pool_t*)' at conflicts.c:948:1 has some indirect sub-type changes: + + parameter 4 of type 'svn_wc__db_t*' changed: + + in pointed to type 'typedef svn_wc__db_t': + + entity changed from 'typedef svn_wc__db_t' to 'const char*' + + type size changed from 448 to 64 (in bits) + + parameter 5 of type 'const char*' changed: + + in pointed to type 'const char' at wc_db.h:128:1: + + entity changed from 'const char' to 'typedef svn_wc__db_t' at wc_db.h:128:1 + + type size changed from 8 to 448 (in bits) + + parameter 6 of type 'const svn_skel_t*' changed: + + in pointed to type 'const svn_skel_t': + + 'const svn_skel_t' changed to 'const char' + + parameter 7 of type 'apr_pool_t*' changed: + + in pointed to type 'typedef apr_pool_t': + + entity changed from 'typedef apr_pool_t' to 'const svn_skel_t' + + type size changed from 0 to 320 (in bits) + + parameter 9 of type 'apr_pool_t*' was added + + + + + + [C]'function svn_error_t* svn_wc__conflict_skel_add_tree_conflict(svn_skel_t*, svn_wc__db_t*, const char*, svn_wc_conflict_reason_t, svn_wc_conflict_action_t, const char*, apr_pool_t*, apr_pool_t*)' at conflicts.c:536:1 has some indirect sub-type changes: + + parameter 7 of type 'apr_pool_t*' changed: + + in pointed to type 'typedef apr_pool_t': + + entity changed from 'typedef apr_pool_t' to 'const char' + + type size changed from 0 to 8 (in bits) + + parameter 9 of type 'apr_pool_t*' was added + + + + + + [C]'function svn_error_t* svn_wc__diff7(const char**, svn_boolean_t*, svn_wc_context_t*, const char*, svn_depth_t, svn_boolean_t, const apr_array_header_t*, const svn_diff_tree_processor_t*, svn_cancel_func_t, void*, apr_pool_t*, apr_pool_t*)' at diff_local.c:436:1 has some indirect sub-type changes: + + parameter 1 of type 'const char**' changed: + + entity changed from 'const char**' to 'typedef svn_boolean_t' at svn_types.h:141:1 + + type size changed from 64 to 32 (in bits) + + parameter 2 of type 'svn_boolean_t*' changed: + + in pointed to type 'typedef svn_boolean_t' at svn_wc.h:179:1: + + typedef name changed from svn_boolean_t to svn_wc_context_t at svn_wc.h:179:1 + + underlying type 'int' changed: + + entity changed from 'int' to 'struct svn_wc_context_t' at wc.h:220:1 + + type size changed from 32 to 192 (in bits) + + parameter 3 of type 'svn_wc_context_t*' changed: + + in pointed to type 'typedef svn_wc_context_t': + + entity changed from 'typedef svn_wc_context_t' to 'const char' + + type size changed from 192 to 8 (in bits) + + parameter 4 of type 'const char*' changed: + + entity changed from 'const char*' to 'typedef svn_depth_t' at svn_types_impl.h:151:1 + + type size changed from 64 to 32 (in bits) + + type alignement changed from 0 to 32 + + parameter 5 of type 'typedef svn_depth_t' changed: + + typedef name changed from svn_depth_t to svn_boolean_t at svn_types.h:141:1 + + underlying type 'enum svn_depth_t' at svn_types.h:504:1 changed: + + entity changed from 'enum svn_depth_t' to 'int' + + type size hasn't changed + + type alignement changed from 32 to 0 + + parameter 6 of type 'typedef svn_boolean_t' changed: + + entity changed from 'typedef svn_boolean_t' to 'const apr_array_header_t*' + + type size changed from 32 to 64 (in bits) + + parameter 7 of type 'const apr_array_header_t*' changed: + + in pointed to type 'const apr_array_header_t': + + 'const apr_array_header_t' changed to 'const svn_diff_tree_processor_t' + + parameter 8 of type 'const svn_diff_tree_processor_t*' changed: + + entity changed from 'const svn_diff_tree_processor_t*' to compatible type 'typedef svn_cancel_func_t' at svn_types.h:1085:1 + + in pointed to type 'const svn_diff_tree_processor_t': + + entity changed from 'const svn_diff_tree_processor_t' to 'function type svn_error_t* (void*)' + + type size changed from 768 to 64 (in bits) + + parameter 9 of type 'typedef svn_cancel_func_t' changed: + + entity changed from 'typedef svn_cancel_func_t' to compatible type 'void*' + + in pointed to type 'function type svn_error_t* (void*)': + + entity changed from 'function type svn_error_t* (void*)' to 'void' + + type size changed from 64 to 0 (in bits) + + parameter 12 of type 'apr_pool_t*' was removed + + + + + + + +---------------diffs in subversion_libsvn_fs_fs-1.so.0.0.0_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed (234 filtered out), 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/tcl_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/tcl_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..3a24b09015a3610184b9c86d2443c7fe5be02e9b --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/tcl_all_result.md @@ -0,0 +1,230 @@ +# Functions changed info + +---------------diffs in tcl_libtcl8.6.so_abidiff.out:---------------- + +Functions changes summary: 4 Removed, 2 Changed (95 filtered out), 6 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added (3 filtered out) variables + + + +4 Removed functions: + + + + 'function int TclOODefineMixinObjCmd(ClientData, Tcl_Interp*, const int, Tcl_Obj* const*)' {TclOODefineMixinObjCmd} + + 'function int TclSkipUnlink(Tcl_Obj*)' {TclSkipUnlink} + + 'function int Tcl_EncodingObjCmd(ClientData, Tcl_Interp*, int, Tcl_Obj* const*)' {Tcl_EncodingObjCmd} + + 'function void TclpUnloadFile(Tcl_LoadHandle)' {TclpUnloadFile} + + + +6 Added functions: + + + + 'function mp_err TclBN_mp_balance_mul(const mp_int*, const mp_int*, mp_int*)' {TclBN_mp_balance_mul} + + 'function int TclBN_mp_expt_d_ex(const mp_int*, mp_digit, mp_int*, int)' {TclBN_mp_expt_d_ex} + + 'function void TclBN_mp_set_ull(mp_int*, Tcl_WideUInt)' {TclBN_mp_set_ull} + + 'function mp_err TclBN_mp_signed_rsh(const mp_int*, int, mp_int*)' {TclBN_mp_signed_rsh} + + 'function mp_err TclBN_mp_to_radix(const mp_int*, char*, size_t, size_t*, int)' {TclBN_mp_to_radix} + + 'function mp_err TclBN_mp_to_ubin(const mp_int*, unsigned char*, size_t, size_t*)' {TclBN_mp_to_ubin} + + + +2 functions with some indirect sub-type change: + + + + [C]'function int TclAddLiteralObj(CompileEnv*, Tcl_Obj*, LiteralEntry**)' at tclLiteral.c:601:1 has some indirect sub-type changes: + + parameter 1 of type 'CompileEnv*' has sub-type changes: + + in pointed to type 'typedef CompileEnv' at tclCompile.h:388:1: + + underlying type 'struct CompileEnv' at tclCompile.h:284:1 changed: + + type size hasn't changed + + 1 data member changes (3 filtered): + + type of 'AuxData* CompileEnv::auxDataArrayPtr' changed: + + in pointed to type 'typedef AuxData' at tclCompile.h:270:1: + + underlying type 'struct AuxData' at tclCompile.h:266:1 changed: + + type size hasn't changed + + 1 data member change: + + type of 'const AuxDataType* AuxData::type' changed: + + in pointed to type 'const AuxDataType': + + in unqualified underlying type 'typedef AuxDataType' at tclCompile.h:258:1: + + underlying type 'struct AuxDataType' at tclCompile.h:233:1 changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'AuxDataPrintProc* AuxDataType::disassembleProc' changed: + + in pointed to type 'typedef AuxDataPrintProc' at tclCompile.h:222:1: + + underlying type 'function type void (typedef ClientData, Tcl_Obj*, ByteCode*, unsigned int)' changed: + + parameter 3 of type 'ByteCode*' has sub-type changes: + + in pointed to type 'struct ByteCode' at tclCompile.h:414:1: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'Proc* ByteCode::procPtr' changed: + + in pointed to type 'typedef Proc' at tclInt.h:963:1: + + underlying type 'struct Proc' at tclInt.h:937:1 changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'Interp* Proc::iPtr' changed: + + in pointed to type 'typedef Interp' at tclInt.h:2145:1: + + underlying type 'struct Interp' at tclInt.h:1761:1 changed: + + type size hasn't changed + + 1 data member changes (8 filtered): + + type of 'const TclStubs* Interp::stubTable' changed: + + in pointed to type 'const TclStubs': + + in unqualified underlying type 'struct TclStubs' at tclDecls.h:1845:1: + + type size changed from 40512 to 41664 (in bits) + + 18 data member insertions: + + 'void ()* TclStubs::reserved631', at offset 40512 (in bits) at tclDecls.h:2504:1 + + 'void ()* TclStubs::reserved632', at offset 40576 (in bits) at tclDecls.h:2505:1 + + 'void ()* TclStubs::reserved633', at offset 40640 (in bits) at tclDecls.h:2506:1 + + 'void ()* TclStubs::reserved634', at offset 40704 (in bits) at tclDecls.h:2507:1 + + 'void ()* TclStubs::reserved635', at offset 40768 (in bits) at tclDecls.h:2508:1 + + 'void ()* TclStubs::reserved636', at offset 40832 (in bits) at tclDecls.h:2509:1 + + 'void ()* TclStubs::reserved637', at offset 40896 (in bits) at tclDecls.h:2510:1 + + 'void ()* TclStubs::reserved638', at offset 40960 (in bits) at tclDecls.h:2511:1 + + 'void ()* TclStubs::reserved639', at offset 41024 (in bits) at tclDecls.h:2512:1 + + 'void ()* TclStubs::reserved640', at offset 41088 (in bits) at tclDecls.h:2513:1 + + 'void ()* TclStubs::reserved641', at offset 41152 (in bits) at tclDecls.h:2514:1 + + 'void ()* TclStubs::reserved642', at offset 41216 (in bits) at tclDecls.h:2515:1 + + 'void ()* TclStubs::reserved643', at offset 41280 (in bits) at tclDecls.h:2516:1 + + 'void ()* TclStubs::reserved644', at offset 41344 (in bits) at tclDecls.h:2517:1 + + 'void ()* TclStubs::reserved645', at offset 41408 (in bits) at tclDecls.h:2518:1 + + 'void ()* TclStubs::reserved646', at offset 41472 (in bits) at tclDecls.h:2519:1 + + 'void ()* TclStubs::reserved647', at offset 41536 (in bits) at tclDecls.h:2520:1 + + 'void ()* TclStubs::tclUnusedStubEntry', at offset 41600 (in bits) at tclDecls.h:2521:1 + + 1 data member changes (6 filtered): + + type of 'const TclStubHooks* TclStubs::hooks' changed: + + in pointed to type 'const TclStubHooks': + + in unqualified underlying type 'typedef TclStubHooks' at tclDecls.h:1843:1: + + underlying type 'struct {const TclPlatStubs* tclPlatStubs; const TclIntStubs* tclIntStubs; const TclIntPlatStubs* tclIntPlatStubs;}' at tclDecls.h:1820:1 changed: + + type size hasn't changed + + 1 data member changes (1 filtered): + + type of 'const TclIntStubs* tclIntStubs' changed: + + in pointed to type 'const TclIntStubs': + + in unqualified underlying type 'struct TclIntStubs' at tclIntDecls.h:645:1: + + type size changed from 16576 to 16704 (in bits) + + 2 data member insertions: + + 'void ()* TclIntStubs::reserved257', at offset 16576 (in bits) at tclIntDecls.h:906:1 + + 'void ()* TclIntStubs::tclUnusedStubEntry', at offset 16640 (in bits) at tclIntDecls.h:907:1 + + no data member changes (26 filtered); + + + + + + + + + + + + + + + + + + + + [C]'function int TclBN_mp_unsigned_bin_size(mp_int*)' at bn_mp_ubin_size.c:7:1 has some indirect sub-type changes: + + return type changed: + + entity changed from 'int' to compatible type 'typedef size_t' at stddef.h:216:1 + + type name changed from 'int' to 'unsigned long int' + + type size changed from 32 to 64 (in bits) + + parameter 1 of type 'mp_int*' changed: + + in pointed to type 'typedef mp_int': + + entity changed from 'typedef mp_int' to 'const mp_int' + + type size hasn't changed + + + + + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/xorg-x11-server_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/xorg-x11-server_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..50f5a71b4bccc7ec1e5565dab926223829ddc0d7 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/xorg-x11-server_all_result.md @@ -0,0 +1,38 @@ +# Functions changed info + +---------------diffs in xorg-x11-server_libshadow.so_abidiff.out:---------------- + +---------------diffs in xorg-x11-server_libfb.so_abidiff.out:---------------- + +---------------diffs in xorg-x11-server_libwfb.so_abidiff.out:---------------- + +---------------diffs in xorg-x11-server_libglamoregl.so_abidiff.out:---------------- + +Functions changes summary: 0 Removed, 0 Changed, 2 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + + + +2 Added functions: + + + + 'function void glamor_clear_pixmap(PixmapPtr)' {glamor_clear_pixmap} + + 'function const char* glamor_egl_get_driver_name(ScreenPtr)' {glamor_egl_get_driver_name} + + + +---------------diffs in xorg-x11-server_modesetting_drv.so_abidiff.out:---------------- + +---------------diffs in xorg-x11-server_libshadowfb.so_abidiff.out:---------------- + +---------------diffs in xorg-x11-server_libfbdevhw.so_abidiff.out:---------------- + +---------------diffs in xorg-x11-server_libexa.so_abidiff.out:---------------- + +---------------diffs in xorg-x11-server_libglx.so_abidiff.out:---------------- + +---------------diffs in xorg-x11-server_libvgahw.so_abidiff.out:---------------- + diff --git a/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/zstd_all_result.md b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/zstd_all_result.md new file mode 100644 index 0000000000000000000000000000000000000000..73c2fb1b09be6b17c037cfd679feef43d123fff3 --- /dev/null +++ b/docs/zh/docs/Releasenotes/LTS_to_SP1_changed_abi_detail/zstd_all_result.md @@ -0,0 +1,98 @@ +# Functions changed info + +---------------diffs in zstd_libzstd.so.1.4.5_abidiff.out:---------------- + +Functions changes summary: 24 Removed, 0 Changed, 0 Added functions + +Variables changes summary: 0 Removed, 0 Changed, 0 Added variable + +Function symbols changes summary: 0 Removed, 12 Added function symbols not referenced by debug info + +Variable symbols changes summary: 0 Removed, 0 Added variable symbol not referenced by debug info + + + +24 Removed functions: + + + + 'function size_t ZSTDMT_compressCCtx(ZSTDMT_CCtx*, void*, size_t, void*, size_t, int)' {ZSTDMT_compressCCtx} + + 'function size_t ZSTDMT_compressStream(ZSTDMT_CCtx*, ZSTD_outBuffer*, ZSTD_inBuffer*)' {ZSTDMT_compressStream} + + 'function size_t ZSTDMT_compressStream_generic(ZSTDMT_CCtx*, ZSTD_outBuffer*, ZSTD_inBuffer*, ZSTD_EndDirective)' {ZSTDMT_compressStream_generic} + + 'function size_t ZSTDMT_compress_advanced(ZSTDMT_CCtx*, void*, size_t, void*, size_t, const ZSTD_CDict*, ZSTD_parameters, unsigned int)' {ZSTDMT_compress_advanced} + + 'function ZSTDMT_CCtx* ZSTDMT_createCCtx(unsigned int)' {ZSTDMT_createCCtx} + + 'function ZSTDMT_CCtx* ZSTDMT_createCCtx_advanced(unsigned int, ZSTD_customMem)' {ZSTDMT_createCCtx_advanced} + + 'function size_t ZSTDMT_endStream(ZSTDMT_CCtx*, ZSTD_outBuffer*)' {ZSTDMT_endStream} + + 'function size_t ZSTDMT_flushStream(ZSTDMT_CCtx*, ZSTD_outBuffer*)' {ZSTDMT_flushStream} + + 'function size_t ZSTDMT_freeCCtx(ZSTDMT_CCtx*)' {ZSTDMT_freeCCtx} + + 'function size_t ZSTDMT_getMTCtxParameter(ZSTDMT_CCtx*, ZSTDMT_parameter, unsigned int*)' {ZSTDMT_getMTCtxParameter} + + 'function size_t ZSTDMT_initCStream(ZSTDMT_CCtx*, int)' {ZSTDMT_initCStream} + + 'function size_t ZSTDMT_initCStream_advanced(ZSTDMT_CCtx*, void*, size_t, ZSTD_parameters, long long unsigned int)' {ZSTDMT_initCStream_advanced} + + 'function size_t ZSTDMT_initCStream_usingCDict(ZSTDMT_CCtx*, const ZSTD_CDict*, ZSTD_frameParameters, long long unsigned int)' {ZSTDMT_initCStream_usingCDict} + + 'function size_t ZSTDMT_resetCStream(ZSTDMT_CCtx*, long long unsigned int)' {ZSTDMT_resetCStream} + + 'function size_t ZSTDMT_setMTCtxParameter(ZSTDMT_CCtx*, ZSTDMT_parameter, unsigned int)' {ZSTDMT_setMTCtxParameter} + + 'function size_t ZSTDMT_sizeof_CCtx(ZSTDMT_CCtx*)' {ZSTDMT_sizeof_CCtx} + + 'function size_t ZSTD_CCtxParam_getParameter(ZSTD_CCtx_params*, ZSTD_cParameter, unsigned int*)' {ZSTD_CCtxParam_getParameter} + + 'function size_t ZSTD_CCtxParam_setParameter(ZSTD_CCtx_params*, ZSTD_cParameter, unsigned int)' {ZSTD_CCtxParam_setParameter} + + 'function size_t ZSTD_CCtx_resetParameters(ZSTD_CCtx*)' {ZSTD_CCtx_resetParameters} + + 'function size_t ZSTD_compress_generic(ZSTD_CCtx*, ZSTD_outBuffer*, ZSTD_inBuffer*, ZSTD_EndDirective)' {ZSTD_compress_generic} + + 'function size_t ZSTD_compress_generic_simpleArgs(ZSTD_CCtx*, void*, size_t, size_t*, void*, size_t, size_t*, ZSTD_EndDirective)' {ZSTD_compress_generic_simpleArgs} + + 'function size_t ZSTD_decompress_generic(ZSTD_DCtx*, ZSTD_outBuffer*, ZSTD_inBuffer*)' {ZSTD_decompress_generic} + + 'function size_t ZSTD_decompress_generic_simpleArgs(ZSTD_DCtx*, void*, size_t, size_t*, void*, size_t, size_t*)' {ZSTD_decompress_generic_simpleArgs} + + 'function size_t ZSTD_setDStreamParameter(ZSTD_DStream*, ZSTD_DStreamParameter_e, unsigned int)' {ZSTD_setDStreamParameter} + + + +12 Added function symbols not referenced by debug info: + + + + ZDICT_getDictHeaderSize + + ZSTD_CCtxParams_getParameter + + ZSTD_CCtxParams_setParameter + + ZSTD_DCtx_setParameter + + ZSTD_cParam_getBounds + + ZSTD_compress2 + + ZSTD_compressStream2 + + ZSTD_compressStream2_simpleArgs + + ZSTD_dParam_getBounds + + ZSTD_decompressBound + + ZSTD_decompressStream_simpleArgs + + ZSTD_getSequences + + + diff --git a/docs/zh/docs/Releasenotes/release_notes.md b/docs/zh/docs/Releasenotes/release_notes.md index 6bae599cc4903bdc759f4e679f5a875d77b5e9ef..5f46029c88cb7d712347197eed87440b03068a06 100644 --- a/docs/zh/docs/Releasenotes/release_notes.md +++ b/docs/zh/docs/Releasenotes/release_notes.md @@ -1 +1 @@ -本文是 openEuler 20.03 LTS 版本的发行说明。 \ No newline at end of file +本文是 openEuler 20.03 LTS SP4版本的发行说明。 diff --git a/docs/zh/docs/Releasenotes/zh-cn_bookmap_0225720059.md b/docs/zh/docs/Releasenotes/zh-cn_bookmap_0225720059.md deleted file mode 100644 index 5d775e30182a7156ece2c9bb4a4e0f4afa6fe288..0000000000000000000000000000000000000000 --- a/docs/zh/docs/Releasenotes/zh-cn_bookmap_0225720059.md +++ /dev/null @@ -1,14 +0,0 @@ -# 版本发行说明 - -- [法律声明](./法律声明.md) -- [用户须知](./用户须知.md) -- [简介](./简介.md) -- [系统安装](./系统安装.md) -- [关键特性](./关键特性.md) -- [已知问题](./已知问题.md) -- [已修复问题](./已修复问题.md) -- [CVE漏洞](./CVE漏洞.md) -- [源代码](./源代码.md) -- [参与贡献](./参与贡献.md) -- [致谢](./致谢.md) - diff --git "a/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" "b/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" index 357859efa19f59c4ec9846ee92cbca9694676a3d..829de8e6a1c53be4eb962356a05a01af092dc436 100644 --- "a/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" +++ "b/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" @@ -1,30 +1,88 @@ -# 关键特性 - -- iSula轻量级容器解决方案,统一IoT,边缘和云计算容器解决方案 - - 缩短三级调用链,百容器内存资源占用相比Docker引擎显著下降 - - 支持CRI/OCI标准开源接口,灵活对接runc、kata等多种OCI运行时 - - 通过Smart-loading智能镜像下载技术,显著提升镜像下载速度 - - 安全容器:虚拟化技术和容器技术的有机结合,安全容器具有更好的隔离性 - - 系统容器:支持本地文件系统启动,可实现快速部署。支持部署systemd,提升user namespace隔离性 - -- Kunpeng加速引擎(KAE),支持加解密加速 - - 摘要算法SM3,支持异步模型 - - 对称加密算法SM4,支持异步模型,支持CTR/XTS/CBC模式 - - 对称加密算法AES,支持异步模型,支持ECB/CTR/XTS/CBC模式 - - 非对称算法RSA,支持异步模型,支持Key Sizes 1024/2048/3072/4096 - - 密钥协商算法DH,支持异步模型,支持Key Sizes 768/1024/1536/2048/3072/4096 - - -- A-Tune智能系统性能优化引擎,推理出业务特征,配置最佳的系统参数合,使业务处于最优运行状态。 -- 增强glibc/zlib/gzip性能,充分利用AArch64的neon指令集,提升基础库性能。 -- 内核特性增强 - - 支持ARM64内核热补丁 - - Numa Aware Qspinlock:减少跨NUMA节点的Cache/总线冲突 - - 通过优化 IOVA 页表查找和页表释放算法,提升 I/O MMU 子系统性能 - - 根据 ARM64 指令以及流水线特点,优化 CRC32 及 checksum 实现,大幅提升数据校验性能 - - 支持 ARM v8.4 MPAM(Memory System Resource Partitioning and Monitoring) -- 虚拟化特性增强 - - 中断虚拟化优化:IRQfd路径注入中断优化,大幅提升高性能直通设备(网卡、SSD磁盘等)性能 - - 内存虚拟化优化:借助鲲鹏硬件特性,提升虚拟机启动内存加载速度 - - 存储虚拟化优化:iSCSI模块kworker的NUMA亲和性自绑定优化,提升IPSAN磁盘的IO性能 +# 关键特性 +## 内存分级扩展 + +当前内存制造工艺已经达到瓶颈,Arm 生态发展让每个 CPU 核的成本越来越低。数据库、虚拟机、大数据、人工智能、深度学习场景同时需要算力和内存的支持。内存容量成为了制约业务和算力的问题。 +内存分级扩展通过 DRAM 和低速内存介质,如 AEP/SCM ,以及 RDMA 远端内存等形成多级内存,通过内存自动调度让热数据在 DRAM 高速内存区中运行,让冷数据交换到低速内存区,从而增加内存容量,保证核心业务高效平稳运行。该特性适用于内存缓存多,且随机访问模型的业务,实测等成本条件下MySQL性能提升40%。针对用户态存储框架和用户需求,新增用户态的内存交换机制。 + +- **进程级控制**,etmem 支持通过配置文件来进行内存扩展的进程,相比于操作系统原生的基于 LRU 淘汰的 kswap 机制,更加灵活和精准。 +- **冷热分级**,用户态触发对指定进程进行内存访问扫描,根据分级策略配置文件,对内存访问结果进行分级,区分出热内存和冷内存。 +- **淘汰策略**,根据配置文件和系统环境配置,对冷内存进行淘汰,淘汰流程使用内核原生能力,安全可靠,用户无感知。 +- **多介质扩展支持**,支持 SCM、XL Flash、NVMe SSD 等多种介质作为扩展内存,根据介质自身访问速度指定内存冷热分层方案,达到扩展内存并减少性能损失的目的。 + +**应用场景**:节点内业务进程内存分级扩展。 +适用于对内存使用较多,且访问相对不频繁的业务软件,扩展效果较好,比如 MySQL、Redis、Nginx 等,内存扩展操作均在节点内部,不涉及跨节点远端操作。 +在用户态存储框架的场景中,可通过策略框架的用户态userswap功能,使用用户态存储作为交换设备。 + +## KubeOS容器操作系统 + +云原生是云计算发展的下一跳,k8s 事实上已经成为云原生软件基础设施的底座。业界主流操作系统厂商都推出了针对云原生场景的 OS,如 Rehat RCHOS,AWS BottleRocket 等,实现 OS 容器化部署、运维,提供与业务容器一致的管理和运维体验。 + +openEuler 适应云原生发展趋势,推出容器化操作系统KubeOS,实现云原生集群OS的统一容器化管理,具备如下特点: + +- OS容器化管理、对接K8S,原子化的生命周期管理; + +- OS轻量化裁剪,减少不必要的冗余包,可实现快速升级、替换等。 + +**应用场景**:基于 K8S 容器云平台的业务节点服务器主机 OS 的容器化管理,提供容器业务相同的生命周期管理和运维体验。 + +## Eggo K8s 部署工具 + +Eggo 是 openEuler 云原生 Sig 组 K8S 集群部署管理项目,提供高效稳定的集群部署能力。支持单集群多架构、支持在线和离线部署模式多种部署模式,结合 GitOps 管理能力、感知集群配置变化,驱动集群 OS 统一高效部署。 + +- **集群配置版本化管理**,配置统一 Git repo 版本化管理,使用仓库汇总和跟踪集群的配置信息。 +- **配置感知**, GitOps 会感知 git 配置库中集群配置信息的变化,给部署引擎发起集群相应的操作请求。 +- **部署引擎**,部署引擎负责下发任务给业务集群,触发部署业务集群、销毁业务集群、新增节点和删除节点等任务。 + +**应用场景**:X86/ARM 双平面云基础设施,基于 K8S 云原生框架,实现 OS 统一集群化部署、监控、审计等场景。 + +## A-Ops 智能运维 + +A-Ops 是一款基于操作系统维度的故障运维平台,提供从数据采集,健康巡检,故障诊断,故障修复的到智能运维解决方案。A-Ops 项目包括了若干子项目:覆盖故障发现(gala),故障定位支撑(X-diagnosis),缺陷修复(apollo)等。 + +**社区热补丁流水线** + +- 热补丁制作:支持在冷补丁 PR 内指定软件包的目标版本和 patch 文件,构建热补丁。 + +- 热补丁发布: 支持通过热补丁 issue 自动收集待发布热补丁,复用冷补丁 update 版本发布逻辑进行发布。 + +**漏洞管理能力** + +- 智能补丁巡检:支持单机/集群的 CVE 巡检和通知能力,一键式修复和回退。 + +- 热修复:支持部分 CVE 通过热补丁修复,做到业务零中断修复。 + +- 补丁服务:支持冷热补丁订阅,提供补丁在线获取能力。 + +**时延分析工具 da-tool** + +时延分析工具 da-tool 是一个基于 kprobe 的运维工具,旨在简化 kprobe 的配置流程,直观显示 trace 中函数的时延特征。本次发布的版本支持: + +- 分析 udp 收发相关函数时延特征。 + +- 分析 udp 相关进程调度行为。 + +## OpenStack Train 支持 + +OpenStack Train 是一款简单、可大规模扩展、丰富、标准统一的云管理操作系统,更多特性请参考 OpenStack Train 官方发行说明。 + +- **集成 openstack Train 版本**,使能基础设施即服务(IaaS)解决方案。 +- **增强块存储服务能力**,增加容量扩展、快照和虚拟机镜像克隆等高级功能。 +- **增强容器化部署和网络能力**,与容器能更好的集成。 +- **增加扩展服务支持**,支持控制面板管理、裸机部署、云资源追踪等扩展服务。 +- **openstack Train 版本**,新增 Neutron 端口转发、ironic DPU 卸载特性,Patch 源码请参考 + +## 桌面支持 + +- Kiran 麒麟信安桌面系统:是一款以用户和市场需求为主导的稳定、高效、易用的桌面环境,主要包括了桌面、任务栏、托盘、控制中心和窗口管理等组件。 + +## 兼容性清单 + +- 上线[北向兼容性清单](https://www.openeuler.org/zh/compatibility/)。 +- 支持 intel ice lake。 + +## 根据用户情况自动优化下载软件包(metalink) + +当前有30个站点为 openEuler 提供了镜像服务,这些站点分布在亚洲、欧洲和北美。支持用户从最近的多个站点下载软件包,进而提高其下载软件包的速度。 + +在 dnf 或 yum 的配置文件中配置 metalink(随版本发布),其值是 metalink service 提供的 API 的 URL 地址。当用户下载软件包时,dnf 或 yum 客户端会请求 metalink 指向的 URL,该 URL 对应的服务会返回 xml 格式的数据,该数据包含离用户最近的多个镜像站点的地址。dnf 或 yum 客户端会从这些地址中选择最优的站点进行下载,进而提高其下载软件包的速度。 diff --git "a/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" "b/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" index e14ad24e2bf3f670106ed94079d8af84e65fb389..c14573723b6b7dababc9ebd8c6ec8ad241682af4 100644 --- "a/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" +++ "b/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" @@ -1,22 +1,22 @@ # 参与贡献 -作为openEuler用户,你可以通过多种方式协助openEuler社区。参与社区贡献的方法请参见[社区贡献](https://openeuler.org/zh/developer.html),这里简单列出部分方式供参考。 +作为openEuler用户,你可以通过多种方式协助openEuler社区。参与社区贡献的方法请参见[贡献攻略](https://www.openeuler.org/zh/community/contribution/),这里简单列出部分方式供参考。 ## 特别兴趣小组 -openEuler将拥有共同兴趣的人们聚在一起,组成了不同的特别兴趣小组(SIG)。当前已有的SIG请参见[SIG列表](https://openeuler.org/zh/sig.html)。 +openEuler将拥有共同兴趣的人们聚在一起,组成了不同的特别兴趣小组(SIG)。当前已有的SIG请参见[SIG列表](https://www.openeuler.org/zh/sig/sig-list/)。 -我们欢迎并鼓励你加入已有的SIG或创建新的SIG,创建方法请参见[SIG管理指南](https://gitee.com/openeuler/community/blob/master/zh/technical-committee/governance/README.md)。 +我们欢迎并鼓励你加入已有的SIG或创建新的SIG,创建方法请参见SIG管理指南。 ## 邮件列表和任务 -欢迎你积极地帮助用户解决在[邮件列表](https://openeuler.org/zh/community/mails.html)和issue任务(包括[代码仓任务](https://gitee.com/organizations/openeuler/issues)和[软件包仓任务](https://gitee.com/organizations/src-openeuler/issues)) 中提出的问题。另外,我们也欢迎你提出问题。这些都将帮助openEuler社区更好地发展。 +欢迎你积极地帮助用户解决在[邮件列表](https://www.openeuler.org/zh/community/mailing-list/)和issue任务(包括[代码仓任务](https://gitee.com/organizations/openeuler/issues)和[软件包仓任务](https://gitee.com/organizations/src-openeuler/issues)) 中提出的问题。另外,我们也欢迎你提出问题。这些都将帮助openEuler社区更好地发展。 ## 文档 -你不仅可以通过提交代码参与社区贡献,我们也欢迎你反馈遇到的问题、困难,或者对文档易用性、完整性的改进建议等。例如获取软件或文档过程中的问题,使用系统过程中的难点。欢迎关注并改进[openEuler社区](https://openeuler.org/zh/)的文档模块。 +你不仅可以通过提交代码参与社区贡献,我们也欢迎你反馈遇到的问题、困难,或者对文档易用性、完整性的改进建议等。例如获取软件或文档过程中的问题,使用系统过程中的难点。欢迎关注并改进[openEuler社区](https://www.openeuler.org/zh/)的文档模块。 ## IRC -openEuler也在IRC开辟了频道,作为提供社区支持和交互的额外渠道。详情请参见[openEuler IRC](https://openeuler.org/zh/community/irc.html)。 +openEuler也在IRC开辟了频道,作为提供社区支持和交互的额外渠道。详情请参见[openEuler IRC](https://gitee.com/openeuler/community/tree/master/zh/communication)。 diff --git "a/docs/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" "b/docs/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" index 005aa7bea6fefb62e02f84f743d8e8a88ec07f91..c908b61c4f3222658840bf0b19d053144b79d072 100644 --- "a/docs/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" +++ "b/docs/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" @@ -2,74 +2,248 @@ 完整问题清单请参见[完整问题清单](https://gitee.com/organizations/src-openeuler/issues)。 -完整的内核提交记录请参见[提交记录](https://gitee.com/openeuler/kernel/commits/openEuler-1.0-LTS)。 - 已修复问题请参见[表1](#table249714911433)。 -**表 1** 修复问题列表 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    ISSUE

    -

    问题描述

    -

    I1BJTF

    -

    【kernel bug】arm机器上lscpu命令无法显示cpu主频,cpu cache错误

    -

    I1BWPD

    -

    使用isula/crictl pull镜像失败

    -

    I1BV56

    -

    delete redundant gpg sig file for shadow-4.6

    -

    I1BV38

    -

    unbuffer命令不可用

    -

    I1BA9B

    -

    arping -w参数失效

    -

    I1AV3S

    -

    跑最新LTP中的pty03用例,必现oops

    -

    I1AZ1I

    -

    启动500个定时任务,4~5分钟后,任务处理不过来,系统会卡死

    -

    I1AH2C

    -

    启动kata容器失败抓到warning信息不足定位,需要打印更多报错

    -

    I1AGXO

    -

    kata-runtime远程模式下isula rm -f没有执行kill导致残留

    -

    I1AF39

    -

    ext4文件系统上触发open时发现softlockup

    -

    I1ADUD

    -

    kubectl创建pod导致isulad崩溃

    -
    +**表 1** 修复问题列表 +| ISSUE ID | 关联仓库 | 问题描述 | ISSUE路径 | +|-|-|-|-| +|I877SV|src-openEuler/libkae|[EulerMaker] libkae build problem in openEuler-20.03-LTS-SP4:everything|| +|I878C5|src-openEuler/kae_driver|[EulerMaker] kae_driver build problem in openEuler-20.03-LTS-SP4:everything|| +|I878C8|src-openEuler/eclipse|[EulerMaker] eclipse build problem in openEuler-20.03-LTS-SP4:everything|| +|I878C9|src-openEuler/jss|[EulerMaker] jss build problem in openEuler-20.03-LTS-SP4:everything|| +|I878CD|src-openEuler/lldb|[EulerMaker] lldb build problem in openEuler-20.03-LTS-SP4:everything|| +|I878CG|src-openEuler/i40e|[EulerMaker] i40e build problem in openEuler-20.03-LTS-SP4:everything|| +|I878CH|src-openEuler/hadoop|[EulerMaker] hadoop build problem in openEuler-20.03-LTS-SP4:everything|| +|I878CK|src-openEuler/python-requests-ftp|[EulerMaker] python-requests-ftp build problem in openEuler-20.03-LTS-SP4:everything|| +|I878CM|src-openEuler/iavf|[EulerMaker] iavf build problem in openEuler-20.03-LTS-SP4:everything|| +|I87LPS|src-openEuler/perl-Mail-DKIM|[EulerMaker] perl-Mail-DKIM build problem in openEuler-20.03-LTS-SP4:everything|| +|I87LVG|src-openEuler/libguestfs|[EulerMaker] libguestfs build problem in openEuler-20.03-LTS-SP4:everything|| +|I87LVJ|src-openEuler/gnome-abrt|[EulerMaker] gnome-abrt build problem in openEuler-20.03-LTS-SP4:everything|| +|I87LVK|src-openEuler/ansible|[EulerMaker] ansible build problem in openEuler-20.03-LTS-SP4:everything|| +|I87LVL|src-openEuler/pylint|[EulerMaker] pylint build problem in openEuler-20.03-LTS-SP4:everything|| +|I87OFY|src-openEuler/openjdk-17|[EulerMaker] openjdk-17 build problem in openEuler-20.03-LTS-SP4:everything|| +|I87OFZ|src-openEuler/openjdk-1.8.0|[EulerMaker] openjdk-1.8.0 build problem in openEuler-20.03-LTS-SP4:everything|| +|I87OG0|src-openEuler/openjdk-latest|[EulerMaker] openjdk-latest build problem in openEuler-20.03-LTS-SP4:everything|| +|I87W8R|src-openEuler/kata-containers|[EulerMaker] kata-containers build problem in openEuler-20.03-LTS-SP4:everything|| +|I87Y9P|src-openEuler/java-atk-wrapper|[EulerMaker] java-atk-wrapper build problem in openEuler-20.03-LTS-SP4:everything|| +|I87Y9Q|src-openEuler/prefetch_tuning|[EulerMaker] prefetch_tuning build problem in openEuler-20.03-LTS-SP4:everything|| +|I88ILD|src-openEuler/kata-containers|[EulerMaker] kata-containers build problem in openEuler-20.03-LTS-SP4:everything|| +|I88JJS|src-openEuler/libmypaint|[EulerMaker] libmypaint build problem in openEuler-20.03-LTS-SP4:everything|| +|I88JJT|src-openEuler/perl-XML-Simple|[EulerMaker] perl-XML-Simple build problem in openEuler-20.03-LTS-SP4:everything|| +|I88JJV|src-openEuler/perl-Config-General|[EulerMaker] perl-Config-General build problem in openEuler-20.03-LTS-SP4:everything|| +|I88JKT|src-openEuler/mate-session-manager|[EulerMaker] mate-session-manager build problem in openEuler-20.03-LTS-SP4:epol|| +|I88JKU|src-openEuler/ovirt-engine|[EulerMaker] ovirt-engine build problem in openEuler-20.03-LTS-SP4:epol|| +|I88JKW|src-openEuler/ukwm|[EulerMaker] ukwm build problem in openEuler-20.03-LTS-SP4:epol|| +|I88JKX|src-openEuler/pki-core|[EulerMaker] pki-core build problem in openEuler-20.03-LTS-SP4:epol|| +|I89MZB|src-openEuler/oemaker|使用oemaker制作openEuler-20.03-LTS-SP4分支的netinst镜像制作失败|| +|I8ACDW|src-openEuler/nodejs-istanbul|[EulerMaker] nodejs-istanbul build problem in openEuler-20.03-LTS-SP4:epol|| +|I8ACDZ|src-openEuler/nodejs-raw-body|[EulerMaker] nodejs-raw-body build problem in openEuler-20.03-LTS-SP4:epol|| +|I8ACE1|src-openEuler/deepin-font-manager|[EulerMaker] deepin-font-manager build problem in openEuler-20.03-LTS-SP4:epol|| +|I8ACE3|src-openEuler/ukwm|[EulerMaker] ukwm build problem in openEuler-20.03-LTS-SP4:epol|| +|I8ACE5|src-openEuler/dtkwidget|[EulerMaker] dtkwidget build problem in openEuler-20.03-LTS-SP4:epol|| +|I8ATDE|src-openEuler/python-pluggy|[20.03-LTS-SP4]python-pluggy在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8ATM8|src-openEuler/docker|[20.03-LTS-SP4]docker在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8ATSW|src-openEuler/lwip|[20.03-LTS-SP4]lwip在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8AU4T|src-openEuler/glib2|[20.03-LTS-SP4]glib2在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8AU8J|src-openEuler/shim|[20.03-LTS-SP4]shim在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8AUE5|src-openEuler/gazelle|[20.03-LTS-SP4]gazelle在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8AUIA|src-openEuler/golang|【20.03-SP4-alpha】golang包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8AUKW|src-openEuler/libxml2|【20.03-SP4-alpha】libxml2包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8AUNS|src-openEuler/blivet-gui|【20.03-SP4-alpha】blivet-gui包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8AUPZ|src-openEuler/python-paramiko|[20.03-LTS-SP4]python-paramiko在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8AUQ8|src-openEuler/python-urllib3|【20.03-SP4-alpha】python-urllib3包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8AUV7|src-openEuler/gcc|【20.03-SP4-alpha】gcc包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8AV36|src-openEuler/rest|【20.03-SP4-alpha】rest包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8B0YO|src-openEuler/lwip|[EulerMaker] lwip build problem in openEuler-20.03-LTS-SP4:everything|| +|I8B0YP|src-openEuler/gazelle|[EulerMaker] gazelle build problem in openEuler-20.03-LTS-SP4:everything|| +|I8B3UL|src-openEuler/openEuler-menus|【20.03 LTS SP4 alpha】【arm\x86】redhat-menus和openEuler-menus安装存在冲突|| +|I8B4J0|src-openEuler/lightdm-gtk|【20.03 LTS SP4 alpha】【arm\x86】lightdm-gtk-greeter和lightdm-gtk安装存在冲突|| +|I8B558|src-openEuler/python-suds-jurko|【20.03 LTS SP4 alpha】【arm\x86】python3-suds-jurko和python3-yarg安装存在冲突|| +|I8B7RN|src-openEuler/deepin-reader|[EulerMaker] deepin-reader build problem in openEuler-20.03-LTS-SP4:epol|| +|I8B7RO|src-openEuler/dde-file-manager|[EulerMaker] dde-file-manager build problem in openEuler-20.03-LTS-SP4:epol|| +|I8B7RP|src-openEuler/dde-control-center|[EulerMaker] dde-control-center build problem in openEuler-20.03-LTS-SP4:epol|| +|I8BAMG|src-openEuler/ipmitool|【20.03 LTS SP4 alpha】【arm\x86】ipmitool从20.03-LTS-SP3向20.03-LTS-SP4升级时有异常提示|| +|I8BCBF|src-openEuler/kmod-kvdo|【20.03 LTS SP4 alpha】【arm\x86】kmod-kvdo从20.03-LTS-SP3向20.03-LTS-SP4升级时有异常提示|| +|I8BHSP|src-openEuler/oec-hardware|【20.03-SP4-alpha】oec-hardware包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8BHXN|src-openEuler/pyflakes|【20.03-SP4-alpha】pyflakes包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8BI1X|src-openEuler/mariadb|【20.03-SP4-alpha】mariadb包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8BI80|src-openEuler/libvpx|【20.03-SP4-alpha】libvpx包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8C0QJ|src-openEuler/python-django|【20.03-SP4-alpha】python-django包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8C0TH|src-openEuler/python-flake8|【20.03-SP4-alpha】python-flake8包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8C0WK|src-openEuler/python-pycodestyle|【20.03-SP4-alpha】python-pycodestyle包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8C9D2|src-openEuler/python-APScheduler|【20.03-SP4-alpha】需要将python-APScheduler引入到20.03-sp4版本|| +|I8C9DT|src-openEuler/python-tzlocal|【20.03-SP4-alpha】需要将python-tzlocal引入到20.03-sp4版本|| +|I8C9FY|src-openEuler/python-Flask-APScheduler|【20.03-SP4-alpha】需要将python-Flask-APScheduler引入到20.03-sp4版本|| +|I8C9GD|src-openEuler/kafka-python|【20.03-SP4-alpha】需要将kafka-python引入到20.03-sp4版本|| +|I8CHLK|src-openEuler/nvwa|[openEuler-20.03-LTS-SP4 alpha】【x86】nvwa-pre.service, nvwa.service服务启动失败|| +|I8CRGY|src-openEuler/booth|【openEuler-20.03-LTS-SP4 alpha】booth-arbitrator.service服务启动后有报错信息|| +|I8CTXZ|src-openEuler/php|【openEuler-20.03-LTS-SP4 alpha】x86环境上同时安装php-fpm软件包和php-opcache软件包后会导致php-fpm.service服务启动失败|| +|I8D5A5|src-openEuler/aops-hermes|[EulerMaker] aops-hermes build problem in openEuler-20.03-LTS-SP4:epol|| +|I8D5A8|openEuler/syscare|[EulerMaker] syscare build problem in openEuler-20.03-LTS-SP4:epol|| +|I8D5V3|src-openEuler/fence-agents|【20.03-SP4-rc1】fence-agents包x86架构二进制软件包缺失|| +|I8D66K|src-openEuler/hadoop-3.1|[EBS] hadoop-3.1 install problem in openEuler-20.03-LTS-SP4:everything|| +|I8D66L|src-openEuler/hive|[EBS] hive install problem in openEuler-20.03-LTS-SP4:everything|| +|I8D66M|src-openEuler/python-Flask-APScheduler|[EBS] python-Flask-APScheduler install problem in openEuler-20.03-LTS-SP4:everything|| +|I8D66O|src-openEuler/python-APScheduler|[EBS] python-APScheduler install problem in openEuler-20.03-LTS-SP4:everything|| +|I8D66Q|src-openEuler/python-tzlocal|[EBS] python-tzlocal install problem in openEuler-20.03-LTS-SP4:everything|| +|I8D68M|src-openEuler/python-elasticsearch7|[EulerMaker] python-elasticsearch7 install problem in openEuler-20.03-LTS-SP4:everything|| +|I8D69H|src-openEuler/fence-agents|[EulerMaker] fence-agents install problem in openEuler-20.03-LTS-SP4:everything|| +|I8D7IZ|src-openEuler/secGear|【20.03-SP4-rc1】secGear包x86架构二进制软件包缺失|| +|I8DB3N|src-openEuler/jakarta-servlet|【20.03 LTS SP4 round1】【arm\x86】jakarta-servlet和glassfish-servlet-api安装存在冲突|| +|I8DBFX|src-openEuler/openstack-tempest|【20.03 LTS SP4 round1】【arm\x86】安装openstack-tempest和python3-tempest-lib冲突|| +|I8DBHP|src-openEuler/python-rtslib|【20.03 LTS SP4 round1】【arm\x86】安装python3-rtslib-fb和python3-rtslib冲突|| +|I8DBKT|src-openEuler/python-openvswitch|【20.03 LTS SP4 round1】【arm\x86】python3-ovs与openvswitch提供了相同的ovs文件,导致安装冲突,建议在spec中增加conflict|| +|I8DC9C|src-openEuler/drbd|【openEuler-20.03-LTS-SP4 rc1】drbd.service启动失败|| +|I8DLQZ|src-openEuler/mariadb|[20.03 SP4-RC1] [x86/arm] mariadb授权给指定用户,用户连接数据库失败|| +|I8DQKY|src-openEuler/three-eight-nine-ds-base|【openEuler-20.03-LTS-SP4 rc1】dirsrv-snmp.service服务启动失败|| +|I8DSDG|src-openEuler/openvswitch|【openEuler-20.03-LTS-SP4 rc1】ovs-vswitchd.service,openvswitch.service启动失败|| +|I8DT1W|src-openEuler/rasdaemon|【openEuler-20.03-LTS-SP4 rc1】【arm】ras-mc-ctl.service启动失败|| +|I8DTF9|src-openEuler/openEuler-release|【20.03-LTS-SP4-RC1】登录界面提示缺少bc命令|| +|I8E1K4|src-openEuler/openapi-spec-validator|[EulerMaker] openapi-spec-validator build problem in openEuler-20.03-LTS-SP4:epol|| +|I8E1K5|src-openEuler/deepin-devicemanager|[EulerMaker] deepin-devicemanager build problem in openEuler-20.03-LTS-SP4:epol|| +|I8E1K6|src-openEuler/swagger-ui-bundle|[EulerMaker] swagger-ui-bundle build problem in openEuler-20.03-LTS-SP4:epol|| +|I8E1K8|src-openEuler/python-clickclick|[EulerMaker] python-clickclick build problem in openEuler-20.03-LTS-SP4:epol|| +|I8E1NX|src-openEuler/python-connexion|[EulerMaker] python-connexion build problem in openEuler-20.03-LTS-SP4:epol|| +|I8E1O2|openEuler/gala-ragdoll|[EulerMaker] gala-ragdoll build problem in openEuler-20.03-LTS-SP4:epol|| +|I8E5OO|src-openEuler/tycho|[EulerMaker] tycho build problem in openEuler-20.03-LTS-SP4:everything|| +|I8E686|src-openEuler/obs-server|【openEuler-20.03-LTS-SP4 SP1】obs-server 下一些服务需要关闭selinux 才能启动成功|| +|I8E82W|src-openEuler/libcgroup|【20.03-SP4-rc1】libcgroup包在20.03-LTS-SP4-RC1中相比20.03-LTS-SP3版本降级|| +|I8E85Y|src-openEuler/liberation-fonts|【20.03-SP4-rc1】liberation-fonts包在20.03-LTS-SP4-RC1中相比20.03-LTS-SP3版本降级|| +|I8EDF3|src-openEuler/sudo|【20.03-LTS-SP4 round1】【x86/arm】sudo-1.9.2-13.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EEX0|src-openEuler/pulseaudio|【20.03-LTS-SP4 round1】【x86/arm】pulseaudio-13.0-5.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EFDC|src-openEuler/rdate|【20.03-LTS-SP4 round1】【x86/arm】rdate-1.5-1.oe2003sp4安全编译选项Strip不满足|| +|I8EH77|src-openEuler/tcpdump|【20.03-LTS-SP4 round1】【x86/arm】tcpdump-4.9.3-7.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EH8Z|src-openEuler/tpm2-tools|【20.03-LTS-SP4 round1】【x86/arm】tpm2-tools-5.0-3.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EHCC|src-openEuler/valgrind|【20.03-LTS-SP4 round1】【x86/arm】valgrind-3.13.0-29.oe2003sp4安全编译选项PIE不满足|| +|I8EHK4|src-openEuler/custodia|【20.03 LTS SP4 round1】【arm\x86】custodia安装和卸载有异常提示|| +|I8EHWQ|src-openEuler/ceph|【20.03 LTS SP4 round1】【arm\x86】安装ceph相关包有异常提示|| +|I8EHXL|src-openEuler/tracker|【20.03-LTS-SP4 round1】【x86/arm】tracker-2.1.5-3.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EI5C|src-openEuler/tokyocabinet|【20.03-LTS-SP4 round1】【x86/arm】tokyocabinet-1.4.48-15.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EI97|src-openEuler/syscontainer-tools|【20.03-LTS-SP4 round1】【x86/arm】syscontainer-tools-0.9-48.oe2003sp4安全编译选项Strip不满足|| +|I8EIDF|src-openEuler/rarian|【20.03-LTS-SP4 round1】【x86/arm】rarian-0.8.1-23.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EIGV|src-openEuler/gcc|[20.03 SP4 RC1] [deja]系统自带gcc带有isl库执行用例报ICE:internal compiler error:Aborted|| +|I8EIKA|src-openEuler/gcc|[20.03 SP4 RC1][deja]生成的过程或目标文件中找不到预期目标字段|| +|I8EJCD|src-openEuler/gcc|[20.03 SP4 RC1][bs_test] -O3 编译出现ICE:at tree-scalar-evolution.c:1779|| +|I8EJEP|src-openEuler/kernel|【20.03-SP4-rc1】【x86/arm】kernel源码包本地自编译失败,缺少linux-kernel-test.patch文件|| +|I8EKZQ|src-openEuler/alsa-firmware|【20.03-LTS-SP4 round1】【x86/arm】alsa-firmware-1.2.1-1.oe2003sp4安全编译选项PIE、NO Rpath/RunPath不满足|| +|I8EM6E|src-openEuler/autogen|【20.03-LTS-SP4 round1】【x86/arm】autogen-5.18.16-1.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EM6W|src-openEuler/babeltrace|【20.03-LTS-SP4 round1】【x86/arm】babeltrace-1.5.8-1.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EM7K|src-openEuler/eog|【20.03-LTS-SP4 round1】【x86/arm】eog-3.28.4-3.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EM7Z|src-openEuler/audiofile|【20.03-LTS-SP4 round1】【x86/arm】audiofile-0.3.6-25.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EM9Q|src-openEuler/exiv2|【20.03-LTS-SP4 round1】【x86/arm】exiv2-0.27.5-2.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMAM|src-openEuler/cracklib|【20.03-LTS-SP4 round1】【x86/arm】cracklib-2.9.7-6.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMCP|src-openEuler/binutils|【20.03-LTS-SP4 round1】【x86/arm】binutils-2.34-30.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMDD|src-openEuler/enchant|【20.03-LTS-SP4 round1】【x86/arm】enchant-1.6.1-2.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMEH|src-openEuler/evolution-data-server|【20.03-LTS-SP4 round1】【x86/arm】evolution-data-server-3.30.1-5.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMEI|src-openEuler/esc|【20.03-LTS-SP4 round1】【x86/arm】esc-1.1.2-4.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMPL|src-openEuler/gvfs|【20.03-LTS-SP4 round1】【x86/arm】gvfs-1.40.2-8.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMPS|src-openEuler/gnome-settings-daemon|【20.03-LTS-SP4 round1】【x86/arm】gnome-settings-daemon-3.30.1.2-2.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMQ6|src-openEuler/harfbuzz|【20.03-LTS-SP4 round1】【x86/arm】harfbuzz-2.8.1-4.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMQN|src-openEuler/glibc|【20.03-LTS-SP4 round1】【x86/arm】glibc-2.28-97.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMR0|src-openEuler/graphviz|【20.03-LTS-SP4 round1】【x86/arm】graphviz-2.44.0-3.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMRB|src-openEuler/gnome-shell|【20.03-LTS-SP4 round1】【x86/arm】gnome-shell-3.30.1-10.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMRO|src-openEuler/freeradius|【20.03-LTS-SP4 round1】【x86/arm】freeradius-3.0.15-25.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EMS0|src-openEuler/glibc|【20.03-LTS-SP4 round1】【x86/arm】pulseaudio-13.0-5.oe2003sp4安全编译选项PIE不满足|| +|I8EMTB|src-openEuler/golang|【20.03-LTS-SP4 round1】【x86/arm】golang-1.15.7-36.oe2003sp4安全编译选项PIE、STRIP不满足|| +|I8EMUW|src-openEuler/gcc|[20.03 SP4 RC1][llvm_lit] gcc -c -w 编译报错error: wrong number of arguments specified for ‘long_call’ attribute|| +|I8EN1F|src-openEuler/mysql|【20.03-LTS-SP4 round1】【x86/arm】mysql-8.0.28-2.oe2003sp4安全编译选项Runpath/Rpath、Strip不满足|| +|I8EP4X|src-openEuler/mstflint|【20.03-LTS-SP4 round1】【x86/arm】mstflint-4.10.0-5.oe2003sp4安全编译选项Strip不满足|| +|I8EP66|src-openEuler/man-db|【20.03-LTS-SP4 round1】【x86/arm】man-db-2.8.7-8.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EPR2|src-openEuler/openscap|【20.03-LTS-SP4 round1】【x86/arm】openscap-1.3.2-8.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EPRT|src-openEuler/nftables|【20.03-LTS-SP4 round1】【x86/arm】nftables-0.9.6-5.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EPTB|src-openEuler/mcpp|【20.03-LTS-SP4 round1】【x86/arm】mcpp-2.7.2-26.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EQGN|src-openEuler/mutter|【20.03-LTS-SP4 round1】【x86/arm】mutter-3.30.1-9.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8ETWT|src-openEuler/linux-firmware|【20.03-LTS-SP4 round1】【x86/arm】linux-firmware-20211027-1.oe2003sp4安全编译选项PIE、STRIP不满足|| +|I8ETXT|src-openEuler/lapack|【20.03-LTS-SP4 round1】【x86/arm】lapack-3.9.0-6.oe2003sp4安全编译选项STRIP不满足|| +|I8ETYV|src-openEuler/libpsl|【20.03-LTS-SP4 round1】【x86/arm】libpsl-0.21.1-1.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8ETZQ|src-openEuler/libmetalink|【20.03-LTS-SP4 round1】【x86/arm】libmetalink-0.1.3-8.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EU2B|src-openEuler/llvm|【20.03-LTS-SP4 round1】【x86/arm】llvm-10.0.1-2.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EU2V|src-openEuler/libvorbis|【20.03-LTS-SP4 round1】【x86/arm】libvorbis-1.3.7-1.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EU7W|src-openEuler/libgphoto2|【20.03-LTS-SP4 round1】【x86/arm】libgphoto2-2.5.18-3.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EU8S|src-openEuler/libpeas|【20.03-LTS-SP4 round1】【x86/arm】libpeas-1.22.0-11.oe2003sp4安全编译选项Runpath/Rpath不满足|| +|I8EUA2|src-openEuler/kata-containers|【20.03-LTS-SP4 round1】【x86/arm】kata-containers-v1.11.1-14.oe2003sp4安全编译选项PIE不满足|| +|I8EUBJ|src-openEuler/linuxdoc-tools|【20.03 LTS SP4 round1】【arm\x86】linuxdoc -B info和sgml2info的--language参数未生效|| +|I8EWX3|src-openEuler/linuxdoc-tools|【20.03 LTS SP4 round1】【arm\x86】linuxdoc -B info和sgml2info的--charset参数未生效|| +|I8EY8K|src-openEuler/beakerlib|[20.03-LTS-SP4]beakerlib-deja-summarize命令执行报错|| +|I8F1BR|src-openEuler/dpdk|【20.03-SP4-rc2】dpdk包在20.03-LTS-SP4中相比20.03-LTS-SP3版本降级|| +|I8F1ZX|src-openEuler/ddcutil|[EulerMaker] ddcutil build problem in openEuler-20.03-LTS-SP4:epol|| +|I8F2GD|src-openEuler/selinux-policy|【20.03-LTS-SP4 round2】【x86/arm】selinux默认关闭|| +|I8FCE6|src-openEuler/aops-vulcanus|[20.03-LTS-SP4-RC2][arm/x86][Aops] aops-vulcanus安装失败|| +|I8FOB4|src-openEuler/openstack-neutron|【2003_SP4_RC2_epol】【arm/x86】安装python3-neutron包提示缺少依赖python3-os-xenapi无法安装|| +|I8FOEI|src-openEuler/aops-apollo|【2003_SP4_RC2_epol】【arm/x86】安装aops-apollo包提示缺少依赖python3-elasticsearch无法安装|| +|I8FOS2|src-openEuler/anaconda|[20.03-LTS-SP4]中文安装系统时多个页面出现英文|| +|I8FWV1|src-openEuler/tycho|【20.03-SP4-rc2】【arm/x86】tycho源码包本地自编译失败|| +|I8G049|src-openEuler/gcc-10|[20.03 SP4 RC2][deja]gcc和g++跑ubsan.exp的相关用例报错|| +|I8G0RB|src-openEuler/deepin-log-viewer|【20.03-SP4-rc2】【arm/x86】deepin-log-viewer源码包本地自编译失败,缺少编译依赖minizip1.2-devel|| +|I8G2SG|src-openEuler/geronimo-jaxrpc|【20.03-SP4-rc2】【arm/x86】geronimo-jaxrpc源码包本地自编译失败,缺少geronimo-servlet_3.0_spec:jar:1.0|| +|I8GMQ6|src-openEuler/dde|【openEuler-20.03-LTS-SP4 rc2】升级DDE后重启黑屏,无法正常显示|| +|I8GO7N|src-openEuler/gcc|[20.03 SP4 RC2][csmith]-O3 -mcpu=tsv110 -fselective-scheduling -fvar-tracking-assignments-toggle 选项编译导致ICE:internal compiler error: Segmentation fault|| +|I8GUMS|src-openEuler/kata-containers|[EulerMaker] kata-containers build problem in openEuler-20.03-LTS-SP4:everything|| +|I8H3PV|src-openEuler/cryfs|[EulerMaker] cryfs build problem in openEuler-20.03-LTS-SP4:epol|| +|I8H4AA|src-openEuler/openEuler-release|[20.03-LTS-SP4-RC3]登录界面有报错信息expr: syntax error: unexpected argument|| +|I8H76R|src-openEuler/shim|openEuler-20.03-LTS-SP4镜像在鲲鹏服务器上启动失败|| +|I8HIRD|src-openEuler/lm_sensors|【2003_SP4_RC3_everything】【arm/x86】lm_sensors降级过程存在错误信息|| +|I8HRV4|src-openEuler/obs-server|【2003_SP4_RC3_everything】【arm/x86】obs-api安装过程存在告警信息|| +|I8HW99|src-openEuler/aops-ceres|[20.03-LTS-SP4-RC3][arm/x86][Aops] aops-ceres 安装提示错误信息,修复cve时失败|| +|I8HXD8|src-openEuler/network-manager-applet|【openEuler-20.03-SP4-RC3】中文安装“环境和主机名”配置页面多处显示英文|| +|I8I30B|src-openEuler/mongo-java-driver|[EulerMaker] mongo-java-driver build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30D|src-openEuler/firebird|[EulerMaker] firebird build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30I|src-openEuler/llvm|[EulerMaker] llvm build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30L|src-openEuler/gpars|[EulerMaker] gpars build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30N|src-openEuler/jq|[EulerMaker] jq build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30O|src-openEuler/texlive-base|[EulerMaker] texlive-base build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30Q|src-openEuler/mod_wsgi|[EulerMaker] mod_wsgi build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30R|src-openEuler/sshj|[EulerMaker] sshj build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30U|src-openEuler/graphviz|[EulerMaker] graphviz build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30V|src-openEuler/uwsgi|[EulerMaker] uwsgi build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30W|src-openEuler/cfitsio|[EulerMaker] cfitsio build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I30Z|src-openEuler/tss2|[EulerMaker] tss2 build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I310|src-openEuler/mongo-c-driver|[EulerMaker] mongo-c-driver build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I315|src-openEuler/gradle|[EulerMaker] gradle build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I31E|src-openEuler/subversion|[EulerMaker] subversion build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I31N|src-openEuler/linux-sgx|[EulerMaker] linux-sgx build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I31W|src-openEuler/apache-poi|[EulerMaker] apache-poi build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I31Y|src-openEuler/openjade|[EulerMaker] openjade build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I3P1|src-openEuler/i40e|[EulerMaker] i40e build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I3P2|src-openEuler/spdk|[EulerMaker] spdk build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I3P5|src-openEuler/scipy|[EulerMaker] scipy build problem in openEuler-20.03-LTS-SP4:everything|| +|I8I3QZ|src-openEuler/gnome-shell|【2003_SP4_RC3】【arm/x86】gnome-shell命令参数报错error while loading shared libraries|| +|I8I8DP|src-openEuler/NetworkManager-l2tp|[EulerMaker] NetworkManager-l2tp install problem in openEuler-20.03-LTS-SP4:epol|| +|I8I8DU|src-openEuler/kiran-menu|[EulerMaker] kiran-menu install problem in openEuler-20.03-LTS-SP4:epol|| +|I8I8DW|src-openEuler/ovirt-engine-ui-extensions|[EulerMaker] ovirt-engine-ui-extensions install problem in openEuler-20.03-LTS-SP4:epol|| +|I8I8DZ|src-openEuler/ovirt-engine-dwh|[EulerMaker] ovirt-engine-dwh install problem in openEuler-20.03-LTS-SP4:epol|| +|I8I8E1|src-openEuler/python-cassandra-driver|[EulerMaker] python-cassandra-driver install problem in openEuler-20.03-LTS-SP4:epol|| +|I8I8E3|src-openEuler/python-feedparser|[EulerMaker] python-feedparser install problem in openEuler-20.03-LTS-SP4:epol|| +|I8I8E5|src-openEuler/python-os-api-ref|[EulerMaker] python-os-api-ref install problem in openEuler-20.03-LTS-SP4:epol|| +|I8I8E9|src-openEuler/python-pep8-naming|[EulerMaker] python-pep8-naming install problem in openEuler-20.03-LTS-SP4:epol|| +|I8I8EB|src-openEuler/python-pyxcli|[EulerMaker] python-pyxcli install problem in openEuler-20.03-LTS-SP4:epol|| +|I8I8EE|src-openEuler/scl-utils|[EulerMaker] scl-utils install problem in openEuler-20.03-LTS-SP4:epol|| +|I8IH58|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【arm/x86】执行da-tool.sh -?没有给出help信息|| +|I8IK40|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【arm/x86】/etc/da-tool.conf中配置不存在的k,没有进行检验|| +|I8IOAY|src-openEuler/kernel|openEuler-20.03-LTS-SP4版本制作aarch64架构的stratovirt_img失败|| +|I8IRI2|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【arm/x86】da-tool的配置文件中配置了重复的k(内核符号),执行da-tool.sh直接中断|| +|I8ITPO|src-openEuler/aops-hermes|[20.03-LTS-SP4-RC3][arm/x86][Aops]任务修复界面,展开二级列表后搜索显示异常|| +|I8IVJC|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【arm/x86】/etc/da-tool.conf中配置重复的u,生成的func_delay_stack文件高达4.7G|| +|I8IZ98|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【arm/x86】/etc/da-tool.conf配置正常,使用case1进行测试,执行da-tool.sh超过10s,分析结果中函数调用关系异常|| +|I8J3YF|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【arm/x86】执行da-tool.sh -x 1(错误参数),没有给出help信息|| +|I8J43M|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【arm/x86】执行da-tool.sh 5未报错|| +|I8J4CI|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【arm/x86】执行da-tool.sh -t -m 5(错误参数组合),没有报错|| +|I8J4Q4|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【arm/x86】执行da-tool.sh -t 1000000000000000000000000000004(超大值),命令没有报错继续执行|| +|I8J6ND|src-openEuler/deepin-compressor|【20.03-SP4-rc4】【arm/x86】deepin-compressor源码包本地自编译失败,缺少编译依赖minizip1.2-devel|| +|I8J7H7|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【arm/x86】da-tool.sh -t后加浮点数、字母、汉字、特殊字符,没有进行校验|| +|I8JGDC|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC3】【资料问题】da-tool使用手册.md资料问题|| +|I8JHZF|src-openEuler/kata-containers|[EulerMaker] kata-containers build problem in openEuler-20.03-LTS-SP4:everything|| +|I8JHZK|src-openEuler/deepin-screen-recorder|[EulerMaker] deepin-screen-recorder build problem in openEuler-20.03-LTS-SP4:epol|| +|I8JHZL|src-openEuler/deepin-terminal|[EulerMaker] deepin-terminal build problem in openEuler-20.03-LTS-SP4:epol|| +|I8JI13|src-openEuler/php-pecl-zip|[EulerMaker] php-pecl-zip build problem in openEuler-20.03-LTS-SP4:epol|| +|I8JMHY|src-openEuler/proselint|[EulerMaker] proselint install problem in openEuler-20.03-LTS-SP4:epol|| +|I8JMJ7|src-openEuler/oath-toolkit|[EulerMaker] oath-toolkit install problem in openEuler-20.03-LTS-SP4:epol|| +|I8JU4P|src-openEuler/aops-hermes|[20.03-LTS-SP4-RC4][arm/x86][Aops] 批量添加主机弹窗页面,二级列表页面缓存未清空|| +|I8JYBD|src-openEuler/multipath-tools|[EulerMaker] multipath-tools build problem in openEuler-20.03-LTS-SP4:everything|| +|I8JYBF|src-openEuler/erlang|[EulerMaker] erlang build problem in openEuler-20.03-LTS-SP4:everything|| +|I8JYBJ|src-openEuler/kae_driver|[EulerMaker] kae_driver build problem in openEuler-20.03-LTS-SP4:everything|| +|I8K72V|src-openEuler/e2fsprogs|[20.03-LTS-SP4]物理机格式化mkfs.ext3磁盘,会卡住|| +|I8KEU5|src-openEuler/dde|【openEuler-20.03-LTS-SP4 rc4】安装时自动配ip安装后没有ip以及dde安装后无法通过创建的用户登录|| +|I8KJ90|src-openEuler/gcc|gcc疑似在PR(360)中添加了编译选项导致efl编译卡死|| +|I8KRT0|src-openEuler/aops-ceres|【openEuler-20.03-LTS-SP4-RC5】【易用性】【arm/x86】执行da-tool.sh -t 0(不符合规范的值),没有明确给出具体错误信息|| diff --git "a/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" "b/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" index 4050f4ea80bd390900fffd4fbab03091f6cc05cf..40a41e5a3c517f2aab95f78afaca8fbb367722fd 100644 --- "a/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" +++ "b/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" @@ -1,21 +1,6 @@ -# 已知问题 - -- 内核FIPS启动模式还未经过完整认证,FIPS启动可能存在问题。[I17Z18](https://gitee.com/src-openeuler/crypto-policies/issues/I17Z18?from=project-issue) -- 使用libvirt启动glusterfs虚拟机,每次会有300字节的内存泄漏。讨论详情请参见[社区讨论](https://github.com/gluster/glusterfs/issues/818)。[I185CH](https://gitee.com/src-openeuler/glusterfs/issues/I185CH?from=project-issue) -- 使用libvirt接口连续执行磁盘热插拔操作,概率性出现热拔接口返回成功,但磁盘未真正拔除,也不能再次热插和热拔该磁盘。关闭虚拟机后再启动可恢复正常。[I1C72L](https://gitee.com/src-openeuler/qemu/issues/I1C72L?from=project-issue) -- 使用x86\_64虚拟机安装时,极小概率可能出现未知安装异常,请再次安装恢复。[I1C8HS](https://gitee.com/src-openeuler/anaconda/issues/I1C8HS?from=project-issue) -- CVE-2012-0039在本地应用程序通过调用g\_str\_hash函数,调用该接口的应用会持续消耗CPU,导致拒绝服务攻击,社区已经明确不解决。 -- CVE-2015-9541通过构造异常的SVG文档进行指数级XML实体扩展攻击,当Qt尝试解析SVG时,可能会发生内存不足的情况。讨论详情请参见[社区讨论](https://codereview.qt-project.org/c/qt/qtbase/+/293909)。 -- 部分开源包编译前需要提前安装gdb,gcc,make等基础软件,否则会由于缺少依赖而编译失败。 -- AArch64和x86\_64在char类型上定义不一致,导致coreutils,augeas,diffutils自检报错,请增加--fsigned-char编译选项解决。 -- 针对20.03LTS版本,如果用户从mysql-8.0.17-3.oe1版本升级到较新版本,使用rpm -Uvh xxx(其中XXX指具体的版本,例如mysql-8.0.21-1.oe1.aarch64.rpm)命令,升级后功能不可用,可以通过以下两种方式进行版本升级(以mysql-8.0.17-3.oe1升级到mysql-8.0.21-1.oe1举例): - - 方法1,执行如下升级命令实现: - ``` - # rpm -Uvh mysql-8.0.21-1.oe1.aarch64.rpm --noscripts - ``` - - 方法2,先卸载旧版本的mysql,再安装新版本的mysql,命令如下: - ``` - # rpm -e mysql-8.0.17-3.oe1 - # rpm -ivh mysql-8.0.21-1.oe1.aarch64.rpm - ``` +# 已知问题 +| ISSUE | 关联仓库 | 问题描述 | +| ---- | ---- | ---- | +| [I8D3YK](https://gitee.com/open_euler/dashboard?issue_id=I8D3YK) | src-openEuler/dtkcommon |【20.03-SP4-rc1】dtkcommon包在20.03-LTS-SP4-RC1中相比20.03-LTS-SP3&20.03-LTS-SP4-alpha版本降级 | +| [I8DBPV](https://gitee.com/open_euler/dashboard?issue_id=I8DBPV) | src-openEuler/hadoop |【20.03 LTS SP4 round1】【arm\x86】安装 nodejs-yarn和hadoop-yarn冲突 | diff --git "a/docs/zh/docs/Releasenotes/\346\216\245\345\217\243\345\217\230\346\233\264.md" "b/docs/zh/docs/Releasenotes/\346\216\245\345\217\243\345\217\230\346\233\264.md" new file mode 100644 index 0000000000000000000000000000000000000000..5ee2fabd880fe9ce78d6cdbc4e2ab78ea8090699 --- /dev/null +++ "b/docs/zh/docs/Releasenotes/\346\216\245\345\217\243\345\217\230\346\233\264.md" @@ -0,0 +1,2265 @@ +# 接口变更 + +以下是 C/C++ 接口变更说明。 + +## alsa-lib + +详见 [alsa-lib](./LTS_to_SP2_changed_abi_detail/alsa-lib_all_result.md\) + +| function | type | +|:---- |:-- | +| snd_tplg_add_object | remove | +| snd_tplg_build | remove | +| snd_tplg_build_file | remove | +| snd_tplg_free | remove | +| snd_tplg_new | remove | +| snd_tplg_set_manifest_data | remove | +| snd_tplg_set_version | remove | +| snd_tplg_verbose | remove | +| snd_config_add_after | add | +| snd_config_add_before | add | +| snd_config_is_array | add | +| snd_dlpath | add | +| snd_mixer_selem_id_parse | add | +| snd_pcm_extplug_set_param_link | add | +| snd_pcm_ioplug_avail | add | +| snd_strlcpy | add | +| snd_use_case_parse_ctl_elem_id | add | +| snd_use_case_parse_selem_id | add | +| __old_snd_pcm_hw_params_set_access_first | change | +| __snd_ctl_elem_info_get_dimension | change | +| _snd_ctl_hw_open | change | +| _snd_rawmidi_hw_open | change | +| snd_midi_event_decode | change | +| snd_pcm_direct_client_chk_xrun | change | +| snd_pcm_dmix_open | change | +| snd_use_case_get | change | + +## atk + +详见 [atk](./LTS_to_SP2_changed_abi_detail/atk_all_result.md\) + +| function | type | +|:---- |:-- | +| atk_object_get_accessible_id | add | +| atk_object_set_accessible_id | add | +| atk_plug_set_child | add | +| atk_text_scroll_substring_to | add | +| atk_text_scroll_substring_to_point | add | +| atk_add_focus_tracker | change | +| atk_text_attribute_for_name | change | + +## brltty + +详见 [brltty](./LTS_to_SP2_changed_abi_detail/brltty_all_result.md\) + +| function | type | +|:---- |:-- | +| lxBrailleOfflineListener | remove | +| lxBrailleDeviceOfflineListener | add | + +## c-ares + +详见 [c-ares](./LTS_to_SP2_changed_abi_detail/c-ares_all_result.md\) + +| function | type | +|:---- |:-- | +| ares_freeaddrinfo | add | +| ares_getaddrinfo | add | + +## e2fsprogs + +详见 [e2fsprogs](./LTS_to_SP2_changed_abi_detail/e2fsprogs_all_result.md\) + +| function | type | +|:---- |:-- | +| e2p_feature_to_string | add | +| list_super | change | +| ext2fs_dirent_swab_in | add | +| ext2fs_dirent_swab_in2 | add | +| ext2fs_dirent_swab_out | add | +| ext2fs_dirent_swab_out2 | add | +| ext2fs_get_stat_i_blocks | add | +| ext2fs_resize_array | add | +| ext2fs_swap_ext_attr | add | +| ext2fs_swap_ext_attr_entry | add | +| ext2fs_swap_ext_attr_header | add | +| ext2fs_swap_group_desc | add | +| ext2fs_swap_group_desc2 | add | +| ext2fs_swap_inode | add | +| ext2fs_swap_inode_full | add | +| ext2fs_swap_mmp | add | +| ext2fs_swap_super | add | +| ext2fs_add_journal_device | change | +| ext2fs_file_get_size | change | +| ext2fs_file_lseek | change | +| ext2fs_file_set_size | change | +| ext2fs_file_set_size2 | change | +| ext2fs_inode_size_set | change | +| ext2fs_mmp_csum_set | change | + +## exiv2 + +详见 [exiv2](./LTS_to_SP2_changed_abi_detail/exiv2_all_result.md\) + +| function | type | +|:---- |:-- | +| None | None | + +## fontconfig + +详见 [fontconfig](./LTS_to_SP2_changed_abi_detail/fontconfig_all_result.md\) + +| function | type | +|:---- |:-- | +| IA__FcConfigGetFilename | add | +| IA__FcStrBuildFilename | add | +| FcConfigAddRule | change | +| IA__FcCacheCreateTagFile | change | +| IA__FcConfigGetCacheDirs | change | + +## glib2 + +详见 [glib2](./LTS_to_SP2_changed_abi_detail/glib2_all_result.md\) + +| function | type | +|:---- |:-- | +| g_file_monitor_source_handle_event | change | + +### gnutls + +详见 [gnutls](./LTS_to_SP2_changed_abi_detail/gnutls_all_result.md\) + +| function | type | +|:---- |:-- | +| gnutls::certificate_credentials::set_retrieve_function | change | +| _gnutls_buffer_clear | add | +| _gnutls_buffer_pop_datum | add | +| _gnutls_buffer_unescape | add | +| _gnutls_iov_iter_init | add | +| _gnutls_iov_iter_next | add | +| _gnutls_iov_iter_sync | add | +| gnutls_aead_cipher_decryptv2 | add | +| gnutls_aead_cipher_encryptv2 | add | +| gnutls_certificate_verification_profile_get_id | add | +| gnutls_certificate_verification_profile_get_name | add | +| gnutls_ext_get_name2 | add | +| gnutls_hkdf_expand | add | +| gnutls_hkdf_extract | add | +| gnutls_hmac_get_key_size | add | +| gnutls_pbkdf2 | add | +| gnutls_pkcs7_print_signature_info | add | +| gnutls_prf_hash_get | add | +| gnutls_psk_server_get_username2 | add | +| gnutls_psk_set_client_credentials2 | add | +| gnutls_psk_set_client_credentials_function2 | add | +| gnutls_psk_set_server_credentials_function2 | add | +| gnutls_session_get_keylog_function | add | +| gnutls_session_set_keylog_function | add | +| _gnutls13_psk_ext_iter_next_binder | change | +| _gnutls_cipher_get_iv | change | +| _gnutls_ecc_curve_is_supported | change | +| _gnutls_hello_set_default_version | change | +| gnutls_ocsp_req_export | change | +| gnutls_ocsp_req_get_extension | change | +| gnutls_ocsp_req_get_nonce | change | +| gnutls_ocsp_req_get_version | change | +| gnutls_ocsp_req_print | change | +| gnutls_ocsp_resp_check_crt | change | +| gnutls_ocsp_resp_export | change | +| gnutls_ocsp_resp_export2 | change | +| gnutls_ocsp_resp_get_certs | change | +| gnutls_ocsp_resp_get_extension | change | +| gnutls_ocsp_resp_get_nonce | change | +| gnutls_ocsp_resp_get_produced | change | +| gnutls_ocsp_resp_get_responder2 | change | +| gnutls_ocsp_resp_get_responder_raw_id | change | +| gnutls_ocsp_resp_get_response | change | +| gnutls_ocsp_resp_get_signature_algorithm | change | +| gnutls_ocsp_resp_print | change | +| gnutls_ocsp_resp_verify | change | +| gnutls_ocsp_resp_verify_direct | change | +| gnutls_ocsp_status_request_is_checked | change | +| gnutls_privkey_set_spki | change | +| gnutls_psk_allocate_client_credentials | change | +| gnutls_psk_allocate_server_credentials | change | +| gnutls_pubkey_get_spki | change | +| gnutls_x509_crq_get_spki | change | +| gnutls_x509_crq_get_tlsfeatures | change | +| gnutls_x509_crt_get_spki | change | +| gnutls_x509_privkey_get_spki | change | +| gnutls_x509_spki_deinit | change | +| gnutls_x509_spki_init | change | +| dane_query_data | change | +| dane_verify_session_crt | change | + +## grpc + +详见 [grpc](./LTS_to_SP2_changed_abi_detail/grpc_all_result.md\) + +| function | type | +|:---- |:-- | +| None | None | + +## haveged + +详见 [haveged](./LTS_to_SP2_changed_abi_detail/haveged_all_result.md\) + +| function | type | +|:---- |:-- | +| havege_reparent | add | + +## libcap-ng + +详见 [libcap-ng](./LTS_to_SP2_changed_abi_detail/libcap-ng_all_result.md\) + +| function | type | +|:---- |:-- | +| capng_have_permitted_capabilities | add | + +## libcomps + +详见 [libcomps](./LTS_to_SP2_changed_abi_detail/libcomps_all_result.md\) + +| function | type | +|:---- |:-- | +| None | None | + +## libdnf + +详见 [libdnf](./LTS_to_SP2_changed_abi_detail/libdnf_all_result.md\) + +| function | type | +|:---- |:-- | +| libdnf::DependencyContainer::DependencyContainer | remove | +| libdnf::File::OpenException::OpenException | remove | +| libdnf::ModuleDefaultsContainer::ModuleDefaultsContainer | remove | +| libdnf::ModuleDefaultsContainer::fromString | remove | +| libdnf::ModuleDefaultsContainer::getDefaultProfiles | remove | +| libdnf::ModuleDefaultsContainer::getDefaultStreamFor | remove | +| libdnf::ModuleDefaultsContainer::getDefaultStreams | remove | +| libdnf::ModuleDefaultsContainer::reportFailures | remove | +| libdnf::ModuleDefaultsContainer::resolve | remove | +| libdnf::ModuleDefaultsContainer::saveDefaults | remove | +| libdnf::ModuleDefaultsContainer::~ModuleDefaultsContainer | remove | +| libdnf::ModuleDependencies::getRequirements | remove | +| libdnf::ModuleDependencies::wrapModuleDependencies | remove | +| libdnf::ModuleMetadata::ModuleMetadata | remove | +| libdnf::ModuleMetadata::getArchitecture | remove | +| libdnf::ModuleMetadata::getArtifacts | remove | +| libdnf::ModuleMetadata::getContext | remove | +| libdnf::ModuleMetadata::getDependencies | remove | +| libdnf::ModuleMetadata::getDescription | remove | +| libdnf::ModuleMetadata::getName | remove | +| libdnf::ModuleMetadata::getProfiles | remove | +| libdnf::ModuleMetadata::getStream | remove | +| libdnf::ModuleMetadata::getSummary | remove | +| libdnf::ModuleMetadata::getVersion | remove | +| libdnf::ModuleMetadata::getYaml | remove | +| libdnf::ModuleMetadata::metadataFromString | remove | +| libdnf::ModuleMetadata::wrapModulemdModule | remove | +| libdnf::ModuleMetadata::~ModuleMetadata | remove | +| libdnf::ModulePackage::ModulePackage | remove | +| libdnf::Repo::Impl::lrHandleInitRemote | remove | +| libdnf::Swdb::beginTransaction | remove | + +## libdrm + +详见 [libdrm](./LTS_to_SP2_changed_abi_detail/libdrm_all_result.md\) + +| function | type | +|:---- |:-- | +| drmIsMaster | add | +| drmModeFreeFB2 | add | +| drmModeGetFB2 | add | +| drmSyncobjQuery | add | +| drmSyncobjQuery2 | add | +| drmSyncobjTimelineSignal | add | +| drmSyncobjTimelineWait | add | +| drmSyncobjTransfer | add | +| amdgpu_bo_list_create_raw | add | +| amdgpu_bo_list_destroy_raw | add | +| amdgpu_cs_ctx_override_priority | add | +| amdgpu_cs_query_reset_state2 | add | +| amdgpu_cs_submit_raw2 | add | +| amdgpu_cs_syncobj_export_sync_file2 | add | +| amdgpu_cs_syncobj_import_sync_file2 | add | +| amdgpu_cs_syncobj_query | add | +| amdgpu_cs_syncobj_query2 | add | +| amdgpu_cs_syncobj_timeline_signal | add | +| amdgpu_cs_syncobj_timeline_wait | add | +| amdgpu_cs_syncobj_transfer | add | +| amdgpu_bo_alloc | change | +| amdgpu_bo_import | change | +| amdgpu_bo_list_create | change | +| amdgpu_bo_va_op_raw | change | +| amdgpu_create_bo_from_user_mem | change | +| amdgpu_cs_chunk_fence_to_dep | change | +| amdgpu_cs_create_syncobj | change | +| amdgpu_cs_create_syncobj2 | change | +| amdgpu_cs_ctx_create | change | +| amdgpu_cs_ctx_create2 | change | +| amdgpu_cs_destroy_syncobj | change | +| amdgpu_cs_export_syncobj | change | +| amdgpu_cs_fence_to_handle | change | +| amdgpu_cs_import_syncobj | change | +| amdgpu_cs_submit_raw | change | +| amdgpu_cs_syncobj_import_sync_file | change | +| amdgpu_cs_syncobj_reset | change | +| amdgpu_cs_syncobj_wait | change | +| amdgpu_device_deinitialize | change | +| amdgpu_device_initialize | change | +| amdgpu_find_bo_by_cpu_mapping | change | +| amdgpu_get_marketing_name | change | +| amdgpu_query_buffer_size_alignment | change | +| amdgpu_query_crtc_from_id | change | +| amdgpu_query_firmware_version | change | +| amdgpu_query_gds_info | change | +| amdgpu_query_gpu_info | change | +| amdgpu_query_heap_info | change | +| amdgpu_query_hw_ip_count | change | +| amdgpu_query_hw_ip_info | change | +| amdgpu_query_info | change | +| amdgpu_query_sw_info | change | +| amdgpu_read_mm_registers | change | +| amdgpu_va_range_alloc | change | +| amdgpu_va_range_query | change | +| fd_ringbuffer_emit_reloc_ring | remove | +| fd_ringmarker_del | remove | +| fd_ringmarker_dwords | remove | +| fd_ringmarker_flush | remove | +| fd_ringmarker_mark | remove | +| fd_ringmarker_new | remove | +| fd_ringbuffer_new_flags | add | +| fd_ringbuffer_ref | add | +| fd_bo_cpu_fini | change | + +## libell + +详见 [libell](./LTS_to_SP2_changed_abi_detail/libell_all_result.md\) + +| function | type | +|:---- |:-- | +| l_fswatch_destroy | remove | +| l_fswatch_new | remove | +| l_genl_family_can_dump | remove | +| l_genl_family_can_send | remove | +| l_genl_family_get_version | remove | +| l_genl_family_has_group | remove | +| l_genl_family_ref | remove | +| l_genl_family_set_watches | remove | +| l_genl_family_unref | remove | +| l_genl_new_default | remove | +| l_genl_set_close_on_unref | remove | +| l_genl_set_unicast_handler | remove | +| l_pem_load_certificate | remove | +| l_aead_cipher_is_supported | add | +| l_cert_free | add | +| l_cert_get_der_data | add | +| l_cert_get_dn | add | +| l_cert_get_pubkey | add | +| l_cert_get_pubkey_type | add | +| l_cert_new_from_der | add | +| l_certchain_free | add | +| l_certchain_get_leaf | add | +| l_certchain_verify | add | +| l_certchain_walk_from_ca | add | +| l_certchain_walk_from_leaf | add | +| l_checksum_digest_length | add | +| l_cipher_is_supported | add | +| l_dbus_object_get_data | add | +| l_dhcp_client_set_debug | add | +| l_dhcp_lease_get_dns | add | +| l_dhcp_lease_get_domain_name | add | +| l_dir_watch_destroy | add | +| l_dir_watch_new | add | +| l_ecc_curve_get | add | +| l_ecc_curve_get_ike_group | add | +| l_ecc_curve_get_name | add | +| l_ecc_curve_get_order | add | +| l_ecc_curve_get_prime | add | +| l_ecc_curve_get_scalar_bytes | add | +| l_ecc_curve_get_supported_ike_groups | add | +| l_ecc_curve_get_supported_tls_groups | add | +| l_ecc_curve_get_tls_group | add | +| l_ecc_point_add | add | +| l_ecc_point_free | add | +| l_ecc_point_from_data | add | +| l_ecc_point_get_data | add | +| l_ecc_point_get_x | add | +| l_ecc_point_inverse | add | +| l_ecc_point_multiply | add | +| l_ecc_point_new | add | +| l_ecc_points_are_equal | add | +| l_ecc_scalar_add | add | +| l_ecc_scalar_free | add | +| l_ecc_scalar_get_data | add | +| l_ecc_scalar_legendre | add | +| l_ecc_scalar_multiply | add | +| l_ecc_scalar_new | add | +| l_ecc_scalar_new_random | add | +| l_ecc_scalar_sum_x | add | +| l_ecc_scalars_are_equal | add | +| l_ecdh_generate_key_pair | add | +| l_ecdh_generate_shared_secret | add | +| l_genl_add_family_watch | add | +| l_genl_add_unicast_watch | add | +| l_genl_discover_families | add | +| l_genl_family_free | add | +| l_genl_family_get_info | add | +| l_genl_family_info_can_dump | add | +| l_genl_family_info_can_send | add | +| l_genl_family_info_get_groups | add | +| l_genl_family_info_get_id | add | +| l_genl_family_info_get_name | add | +| l_genl_family_info_get_version | add | +| l_genl_family_info_has_group | add | +| l_genl_msg_get_extended_error | add | +| l_genl_msg_new_from_data | add | +| l_genl_msg_to_data | add | +| l_genl_remove_family_watch | add | +| l_genl_remove_unicast_watch | add | +| l_genl_request_family | add | +| l_getrandom_uint32 | add | +| l_gpio_chip_find_line_offset | add | +| l_gpio_chip_free | add | +| l_gpio_chip_get_label | add | +| l_gpio_chip_get_line_consumer | add | +| l_gpio_chip_get_line_label | add | +| l_gpio_chip_get_name | add | +| l_gpio_chip_get_num_lines | add | +| l_gpio_chip_new | add | +| l_gpio_chips_with_line_label | add | +| l_gpio_reader_free | add | +| l_gpio_reader_get | add | +| l_gpio_reader_new | add | +| l_gpio_writer_free | add | +| l_gpio_writer_new | add | +| l_gpio_writer_set | add | +| l_key_generate_dh_private | add | +| l_key_get_info | add | +| l_key_is_supported | add | +| l_key_validate_dh_payload | add | +| l_keyring_link | add | +| l_keyring_link_nested | add | +| l_keyring_unlink | add | +| l_keyring_unlink_nested | add | +| l_net_hostname_is_localhost | add | +| l_net_hostname_is_root | add | +| l_path_find | add | +| l_path_get_mtime | add | +| l_path_next | add | +| l_path_touch | add | +| l_pem_load_certificate_chain | add | +| l_pem_load_certificate_chain_from_data | add | +| l_pem_load_certificate_list | add | +| l_pem_load_certificate_list_from_data | add | +| l_pem_load_private_key_from_data | add | +| l_ringbuf_append | add | +| l_rtnl_ifaddr4_add | add | +| l_rtnl_ifaddr4_delete | add | +| l_rtnl_ifaddr4_dump | add | +| l_rtnl_ifaddr4_extract | add | +| l_rtnl_ifaddr6_add | add | +| l_rtnl_ifaddr6_delete | add | +| l_rtnl_ifaddr6_dump | add | +| l_rtnl_ifaddr6_extract | add | +| l_rtnl_route4_add_connected | add | +| l_rtnl_route4_add_gateway | add | +| l_rtnl_route4_dump | add | +| l_rtnl_route4_extract | add | +| l_rtnl_route6_add_gateway | add | +| l_rtnl_route6_delete_gateway | add | +| l_rtnl_route6_dump | add | +| l_rtnl_route6_extract | add | +| l_rtnl_set_linkmode_and_operstate | add | +| l_rtnl_set_mac | add | +| l_rtnl_set_powered | add | +| l_settings_get_embedded_groups | add | +| l_settings_get_embedded_value | add | +| l_settings_has_embedded_group | add | +| l_strv_append | add | +| l_strv_append_printf | add | +| l_strv_append_vprintf | add | +| l_strv_copy | add | +| l_strv_free | add | +| l_strv_new | add | +| l_time_now | add | +| l_timeout_set_callback | add | +| l_tls_prf_get_bytes | add | +| l_tls_set_debug | add | +| l_tls_set_domain_mask | add | +| l_tls_set_version_range | add | +| l_tls_start | add | +| l_uintset_find_unused | add | +| l_uintset_foreach | add | +| l_uintset_intersect | add | +| l_uintset_isempty | add | +| l_utf8_from_ucs2be | add | +| l_utf8_from_wchar | add | +| l_utf8_to_ucs2be | add | +| l_util_hexstring_upper | add | +| l_uuid_from_string | add | +| l_uuid_v4 | add | + +## libgusb + +详见 [libgusb](./LTS_to_SP2_changed_abi_detail/libgusb_all_result.md\) + +| function | type | +|:---- |:-- | +| g_usb_interface_get_type | remove | +| g_usb_source_set_callback | remove | +| g_usb_device_get_spec | add | +| g_usb_endpoint_get_address | add | +| g_usb_endpoint_get_direction | add | +| g_usb_endpoint_get_extra | add | +| g_usb_endpoint_get_kind | add | +| g_usb_endpoint_get_maximum_packet_size | add | +| g_usb_endpoint_get_number | add | +| g_usb_endpoint_get_polling_interval | add | +| g_usb_endpoint_get_refresh | add | +| g_usb_endpoint_get_synch_address | add | +| g_usb_endpoint_get_type | add | +| g_usb_interface_get_endpoints | add | +| g_usb_version_string | add | +| g_usb_device_get_interface | change | + +## libical + +详见 [libical](./LTS_to_SP2_changed_abi_detail/libical_all_result.md\) + +| function | type | +|:---- |:-- | +| icalproperty_get_datetime_with_component | add | +| icaltimezone_truncate_vtimezone | add | +| icalattach_new_from_data | change | +| i_cal_array_append | remove | +| i_cal_array_element_at | remove | +| i_cal_array_new | remove | +| i_cal_component_as_ical_string_r | remove | +| i_cal_component_new_clone | remove | +| i_cal_component_string_to_kind | remove | +| i_cal_datetimeperiod_type_get_period | remove | +| i_cal_datetimeperiod_type_get_time | remove | +| i_cal_datetimeperiod_type_get_type | remove | +| i_cal_datetimeperiod_type_set_period | remove | +| i_cal_datetimeperiod_type_set_time | remove | +| i_cal_duration_type_as_ical_string_r | remove | +| i_cal_duration_type_as_int | remove | +| i_cal_duration_type_bad_duration | remove | +| i_cal_duration_type_from_int | remove | +| i_cal_duration_type_from_string | remove | +| i_cal_duration_type_get_days | remove | +| i_cal_duration_type_get_hours | remove | +| i_cal_duration_type_get_minutes | remove | +| i_cal_duration_type_get_seconds | remove | +| i_cal_duration_type_get_type | remove | +| i_cal_duration_type_get_weeks | remove | +| i_cal_duration_type_is_bad_duration | remove | +| i_cal_duration_type_is_neg | remove | +| i_cal_duration_type_is_null_duration | remove | +| i_cal_duration_type_null_duration | remove | +| i_cal_duration_type_set_days | remove | +| i_cal_duration_type_set_hours | remove | +| i_cal_duration_type_set_is_neg | remove | +| i_cal_duration_type_set_minutes | remove | +| i_cal_duration_type_set_seconds | remove | +| i_cal_duration_type_set_weeks | remove | +| i_cal_enum_num_to_reqstat | remove | +| i_cal_enum_reqstat_code_r | remove | +| i_cal_enum_reqstat_desc | remove | +| i_cal_enum_reqstat_major | remove | +| i_cal_enum_reqstat_minor | remove | +| i_cal_geo_type_get_lat | remove | +| i_cal_geo_type_get_lon | remove | +| i_cal_geo_type_get_type | remove | +| i_cal_geo_type_new_default | remove | +| i_cal_geo_type_set_lat | remove | +| i_cal_geo_type_set_lon | remove | +| i_cal_langbind_access_array | remove | +| i_cal_langbind_free_array | remove | +| i_cal_langbind_get_first_component | remove | +| i_cal_langbind_get_first_parameter | remove | +| i_cal_langbind_get_first_property | remove | +| i_cal_langbind_get_next_component | remove | +| i_cal_langbind_get_next_parameter | remove | +| i_cal_langbind_get_next_property | remove | +| i_cal_langbind_new_array | remove | +| i_cal_langbind_property_eval_string_r | remove | +| i_cal_langbind_quote_as_ical_r | remove | +| i_cal_langbind_string_to_open_flag | remove | +| i_cal_parameter_as_ical_string_r | remove | +| i_cal_parameter_new_clone | remove | +| i_cal_parameter_string_to_kind | remove | +| i_cal_parser_set_gen_data | remove | +| i_cal_parser_string_line_generator | remove | +| i_cal_period_type_as_ical_string_r | remove | +| i_cal_period_type_from_string | remove | +| i_cal_period_type_get_duration | remove | +| i_cal_period_type_get_end | remove | +| i_cal_period_type_get_start | remove | +| i_cal_period_type_get_type | remove | +| i_cal_period_type_is_null_period | remove | +| i_cal_period_type_is_valid_period | remove | +| i_cal_period_type_null_period | remove | +| i_cal_period_type_set_duration | remove | +| i_cal_period_type_set_end | remove | +| i_cal_period_type_set_start | remove | +| i_cal_property_as_ical_string_r | remove | +| i_cal_property_enum_belongs_to_property | remove | +| i_cal_property_enum_to_string_r | remove | +| i_cal_property_get_parameter_as_string_r | remove | +| i_cal_property_get_property_name_r | remove | +| i_cal_property_get_value_as_string_r | remove | +| i_cal_property_new_clone | remove | +| i_cal_property_string_to_kind | remove | +| i_cal_property_string_to_method | remove | +| i_cal_property_string_to_status | remove | +| i_cal_property_value_kind_to_kind | remove | +| i_cal_recur_freq_to_string | remove | +| i_cal_recur_skip_to_string | remove | +| i_cal_recur_string_to_freq | remove | +| i_cal_recur_string_to_skip | remove | +| i_cal_recur_string_to_weekday | remove | +| i_cal_recur_weekday_to_string | remove | +| i_cal_recurrence_type_as_string_r | remove | +| i_cal_recurrence_type_clear | remove | +| i_cal_recurrence_type_day_day_of_week | remove | +| i_cal_recurrence_type_day_position | remove | +| i_cal_recurrence_type_from_string | remove | +| i_cal_recurrence_type_get_by_day | remove | +| i_cal_recurrence_type_get_by_hour | remove | +| i_cal_recurrence_type_get_by_minute | remove | +| i_cal_recurrence_type_get_by_month | remove | +| i_cal_recurrence_type_get_by_month_day | remove | +| i_cal_recurrence_type_get_by_second | remove | +| i_cal_recurrence_type_get_by_set_pos | remove | +| i_cal_recurrence_type_get_by_week_no | remove | +| i_cal_recurrence_type_get_by_year_day | remove | +| i_cal_recurrence_type_get_count | remove | +| i_cal_recurrence_type_get_freq | remove | +| i_cal_recurrence_type_get_interval | remove | +| i_cal_recurrence_type_get_type | remove | +| i_cal_recurrence_type_get_until | remove | +| i_cal_recurrence_type_get_week_start | remove | +| i_cal_recurrence_type_month_is_leap | remove | +| i_cal_recurrence_type_month_month | remove | +| i_cal_recurrence_type_rscale_is_supported | remove | +| i_cal_recurrence_type_rscale_supported_calendars | remove | +| i_cal_recurrence_type_set_by_day | remove | +| i_cal_recurrence_type_set_by_hour | remove | +| i_cal_recurrence_type_set_by_minute | remove | +| i_cal_recurrence_type_set_by_month | remove | +| i_cal_recurrence_type_set_by_month_day | remove | +| i_cal_recurrence_type_set_by_second | remove | +| i_cal_recurrence_type_set_by_set_pos | remove | +| i_cal_recurrence_type_set_by_week_no | remove | +| i_cal_recurrence_type_set_by_year_day | remove | +| i_cal_recurrence_type_set_count | remove | +| i_cal_recurrence_type_set_freq | remove | +| i_cal_recurrence_type_set_interval | remove | +| i_cal_recurrence_type_set_until | remove | +| i_cal_recurrence_type_set_week_start | remove | +| i_cal_reqstat_type_as_string_r | remove | +| i_cal_reqstat_type_from_string | remove | +| i_cal_reqstat_type_get_code | remove | +| i_cal_reqstat_type_get_debug | remove | +| i_cal_reqstat_type_get_desc | remove | +| i_cal_reqstat_type_get_type | remove | +| i_cal_reqstat_type_set_code | remove | +| i_cal_time_as_ical_string_r | remove | +| i_cal_time_current_time_with_zone | remove | +| i_cal_time_from_day_of_year | remove | +| i_cal_time_from_string | remove | +| i_cal_time_from_timet_with_zone | remove | +| i_cal_time_null_date | remove | +| i_cal_time_null_time | remove | +| i_cal_time_span_is_busy | remove | +| i_cal_time_tiemzone_expand_vtimezone | remove | +| i_cal_time_today | remove | +| i_cal_timetype_get_day | remove | +| i_cal_timetype_get_hour | remove | +| i_cal_timetype_get_minute | remove | +| i_cal_timetype_get_month | remove | +| i_cal_timetype_get_second | remove | +| i_cal_timetype_get_type | remove | +| i_cal_timetype_get_year | remove | +| i_cal_timetype_get_zone | remove | +| i_cal_timetype_is_date | remove | +| i_cal_timetype_is_daylight | remove | +| i_cal_timetype_is_utc | remove | +| i_cal_timetype_new | remove | +| i_cal_timetype_set_day | remove | +| i_cal_timetype_set_hour | remove | +| i_cal_timetype_set_is_date | remove | +| i_cal_timetype_set_is_daylight | remove | +| i_cal_timetype_set_minute | remove | +| i_cal_timetype_set_month | remove | +| i_cal_timetype_set_second | remove | +| i_cal_timetype_set_year | remove | +| i_cal_timezone_convert_time | remove | +| i_cal_timezone_phase_get_comment | remove | +| i_cal_timezone_phase_get_dtstart | remove | +| i_cal_timezone_phase_get_offsetto | remove | +| i_cal_timezone_phase_get_rdate | remove | +| i_cal_timezone_phase_get_rrule | remove | +| i_cal_timezone_phase_get_type | remove | +| i_cal_timezone_phase_get_tzname | remove | +| i_cal_timezone_phase_get_tzoffsetfrom | remove | +| i_cal_timezone_phase_is_stdandard | remove | +| i_cal_timezone_phase_set_dtstart | remove | +| i_cal_timezone_phase_set_is_stdandard | remove | +| i_cal_timezone_phase_set_offsetto | remove | +| i_cal_timezone_phase_set_rdate | remove | +| i_cal_timezone_phase_set_tzoffsetfrom | remove | +| i_cal_timezonetype_get_last_mod | remove | +| i_cal_timezonetype_get_type | remove | +| i_cal_timezonetype_get_tzid | remove | +| i_cal_timezonetype_get_tzurl | remove | +| i_cal_timezonetype_set_last_mod | remove | +| i_cal_trigger_type_from_int | remove | +| i_cal_trigger_type_from_string | remove | +| i_cal_trigger_type_get_duration | remove | +| i_cal_trigger_type_get_time | remove | +| i_cal_trigger_type_get_type | remove | +| i_cal_trigger_type_is_bad_trigger | remove | +| i_cal_trigger_type_is_null_trigger | remove | +| i_cal_trigger_type_set_duration | remove | +| i_cal_trigger_type_set_time | remove | +| i_cal_value_as_ical_string_r | remove | +| i_cal_value_new_clone | remove | +| i_cal_value_string_to_kind | remove | +| i_cal_attach_new_from_bytes | add | +| i_cal_component_as_ical_string | add | +| i_cal_component_clone | add | +| i_cal_component_foreach_recurrence | add | +| i_cal_component_get_parent | add | +| i_cal_component_kind_from_string | add | +| i_cal_component_set_parent | add | +| i_cal_component_take_component | add | +| i_cal_component_take_property | add | +| i_cal_datetimeperiod_get_period | add | +| i_cal_datetimeperiod_get_time | add | +| i_cal_datetimeperiod_get_type | add | +| i_cal_datetimeperiod_new | add | +| i_cal_datetimeperiod_set_period | add | +| i_cal_datetimeperiod_set_time | add | +| i_cal_duration_as_ical_string | add | +| i_cal_duration_as_int | add | +| i_cal_duration_get_days | add | +| i_cal_duration_get_hours | add | +| i_cal_duration_get_minutes | add | +| i_cal_duration_get_seconds | add | +| i_cal_duration_get_type | add | +| i_cal_duration_get_weeks | add | +| i_cal_duration_is_bad_duration | add | +| i_cal_duration_is_neg | add | +| i_cal_duration_is_null_duration | add | +| i_cal_duration_new_bad_duration | add | +| i_cal_duration_new_from_int | add | +| i_cal_duration_new_from_string | add | +| i_cal_duration_new_null_duration | add | +| i_cal_duration_set_days | add | +| i_cal_duration_set_hours | add | +| i_cal_duration_set_is_neg | add | +| i_cal_duration_set_minutes | add | +| i_cal_duration_set_seconds | add | +| i_cal_duration_set_weeks | add | +| i_cal_geo_clone | add | +| i_cal_geo_get_lat | add | +| i_cal_geo_get_lon | add | +| i_cal_geo_get_type | add | +| i_cal_geo_new | add | +| i_cal_geo_set_lat | add | +| i_cal_geo_set_lon | add | +| i_cal_object_free_global_objects | add | +| i_cal_parameter_as_ical_string | add | +| i_cal_parameter_clone | add | +| i_cal_parameter_kind_from_string | add | +| i_cal_period_as_ical_string | add | +| i_cal_period_get_duration | add | +| i_cal_period_get_end | add | +| i_cal_period_get_start | add | +| i_cal_period_get_type | add | +| i_cal_period_is_null_period | add | +| i_cal_period_is_valid_period | add | +| i_cal_period_new_from_string | add | +| i_cal_period_new_null_period | add | +| i_cal_period_set_duration | add | +| i_cal_period_set_end | add | +| i_cal_period_set_start | add | +| i_cal_property_as_ical_string | add | +| i_cal_property_clone | add | +| i_cal_property_enum_to_string | add | +| i_cal_property_get_color | add | +| i_cal_property_get_datetime_with_component | add | +| i_cal_property_get_parameter_as_string | add | +| i_cal_property_get_property_name | add | +| i_cal_property_get_value_as_string | add | +| i_cal_property_kind_from_string | add | +| i_cal_property_kind_has_property | add | +| i_cal_property_method_from_string | add | +| i_cal_property_new_color | add | +| i_cal_property_set_color | add | +| i_cal_property_status_from_string | add | +| i_cal_property_take_parameter | add | +| i_cal_property_take_value | add | +| i_cal_recurrence_clear | add | +| i_cal_recurrence_day_day_of_week | add | +| i_cal_recurrence_day_position | add | +| i_cal_recurrence_frequency_from_string | add | +| i_cal_recurrence_frequency_to_string | add | +| i_cal_recurrence_get_by_day | add | +| i_cal_recurrence_get_by_day_array | add | +| i_cal_recurrence_get_by_hour | add | +| i_cal_recurrence_get_by_hour_array | add | +| i_cal_recurrence_get_by_minute | add | +| i_cal_recurrence_get_by_minute_array | add | +| i_cal_recurrence_get_by_month | add | +| i_cal_recurrence_get_by_month_array | add | +| i_cal_recurrence_get_by_month_day | add | +| i_cal_recurrence_get_by_month_day_array | add | +| i_cal_recurrence_get_by_second | add | +| i_cal_recurrence_get_by_second_array | add | +| i_cal_recurrence_get_by_set_pos | add | +| i_cal_recurrence_get_by_set_pos_array | add | +| i_cal_recurrence_get_by_week_no | add | +| i_cal_recurrence_get_by_week_no_array | add | +| i_cal_recurrence_get_by_year_day | add | +| i_cal_recurrence_get_by_year_day_array | add | +| i_cal_recurrence_get_count | add | +| i_cal_recurrence_get_freq | add | +| i_cal_recurrence_get_interval | add | +| i_cal_recurrence_get_type | add | +| i_cal_recurrence_get_until | add | +| i_cal_recurrence_get_week_start | add | +| i_cal_recurrence_month_is_leap | add | +| i_cal_recurrence_month_month | add | +| i_cal_recurrence_new | add | +| i_cal_recurrence_new_from_string | add | +| i_cal_recurrence_rscale_is_supported | add | +| i_cal_recurrence_rscale_supported_calendars | add | +| i_cal_recurrence_set_by_day | add | +| i_cal_recurrence_set_by_day_array | add | +| i_cal_recurrence_set_by_hour | add | +| i_cal_recurrence_set_by_hour_array | add | +| i_cal_recurrence_set_by_minute | add | +| i_cal_recurrence_set_by_minute_array | add | +| i_cal_recurrence_set_by_month | add | +| i_cal_recurrence_set_by_month_array | add | +| i_cal_recurrence_set_by_month_day | add | +| i_cal_recurrence_set_by_month_day_array | add | +| i_cal_recurrence_set_by_second | add | +| i_cal_recurrence_set_by_second_array | add | +| i_cal_recurrence_set_by_set_pos | add | +| i_cal_recurrence_set_by_set_pos_array | add | +| i_cal_recurrence_set_by_week_no | add | +| i_cal_recurrence_set_by_week_no_array | add | +| i_cal_recurrence_set_by_year_day | add | +| i_cal_recurrence_set_by_year_day_array | add | +| i_cal_recurrence_set_count | add | +| i_cal_recurrence_set_freq | add | +| i_cal_recurrence_set_interval | add | +| i_cal_recurrence_set_until | add | +| i_cal_recurrence_set_week_start | add | +| i_cal_recurrence_skip_from_string | add | +| i_cal_recurrence_skip_to_string | add | +| i_cal_recurrence_to_string | add | +| i_cal_recurrence_weekday_from_string | add | +| i_cal_recurrence_weekday_to_string | add | +| i_cal_reqstat_get_code | add | +| i_cal_reqstat_get_debug | add | +| i_cal_reqstat_get_desc | add | +| i_cal_reqstat_get_type | add | +| i_cal_reqstat_new_from_string | add | +| i_cal_reqstat_set_code | add | +| i_cal_reqstat_to_string | add | +| i_cal_request_status_code | add | +| i_cal_request_status_desc | add | +| i_cal_request_status_from_num | add | +| i_cal_request_status_major | add | +| i_cal_request_status_minor | add | +| i_cal_time_as_ical_string | add | +| i_cal_time_clone | add | +| i_cal_time_convert_timezone | add | +| i_cal_time_convert_to_zone_inplace | add | +| i_cal_time_get_date | add | +| i_cal_time_get_day | add | +| i_cal_time_get_hour | add | +| i_cal_time_get_minute | add | +| i_cal_time_get_month | add | +| i_cal_time_get_second | add | +| i_cal_time_get_time | add | +| i_cal_time_get_type | add | +| i_cal_time_get_year | add | +| i_cal_time_is_daylight | add | +| i_cal_time_new | add | +| i_cal_time_new_current_with_zone | add | +| i_cal_time_new_from_day_of_year | add | +| i_cal_time_new_from_string | add | +| i_cal_time_new_from_timet_with_zone | add | +| i_cal_time_new_null_date | add | +| i_cal_time_new_today | add | +| i_cal_time_normalize_inplace | add | +| i_cal_time_set_date | add | +| i_cal_time_set_day | add | +| i_cal_time_set_hour | add | +| i_cal_time_set_is_date | add | +| i_cal_time_set_is_daylight | add | +| i_cal_time_set_minute | add | +| i_cal_time_set_month | add | +| i_cal_time_set_second | add | +| i_cal_time_set_time | add | +| i_cal_time_set_year | add | +| i_cal_time_span_clone | add | +| i_cal_time_span_get_is_busy | add | +| i_cal_time_span_new_timet | add | +| i_cal_time_timezone_expand_vtimezone | add | +| i_cal_trigger_get_duration | add | +| i_cal_trigger_get_time | add | +| i_cal_trigger_get_type | add | +| i_cal_trigger_is_bad_trigger | add | +| i_cal_trigger_is_null_trigger | add | +| i_cal_trigger_new_from_int | add | +| i_cal_trigger_new_from_string | add | +| i_cal_trigger_set_duration | add | +| i_cal_trigger_set_time | add | +| i_cal_value_as_ical_string | add | +| i_cal_value_clone | add | +| i_cal_value_kind_from_string | add | +| i_cal_value_kind_to_property_kind | add | +| i_cal_attach_get_data | change | +| i_cal_component_get_dtend | change | +| i_cal_component_get_dtstamp | change | +| i_cal_component_get_dtstart | change | +| i_cal_component_get_due | change | +| i_cal_component_get_duration | change | +| i_cal_component_get_recurrenceid | change | +| i_cal_component_set_dtend | change | +| i_cal_component_set_dtstamp | change | +| i_cal_component_set_dtstart | change | +| i_cal_component_set_due | change | +| i_cal_component_set_duration | change | +| i_cal_component_set_recurrenceid | change | +| i_cal_object_construct | change | +| i_cal_parser_get_line | change | +| i_cal_parser_parse | change | +| i_cal_property_get_acknowledged | change | +| i_cal_property_get_completed | change | +| i_cal_property_get_created | change | +| i_cal_property_get_datemax | change | +| i_cal_property_get_datemin | change | +| i_cal_property_get_dtend | change | +| i_cal_property_get_dtstamp | change | +| i_cal_property_get_dtstart | change | +| i_cal_property_get_due | change | +| i_cal_property_get_duration | change | +| i_cal_property_get_estimatedduration | change | +| i_cal_property_get_exdate | change | +| i_cal_property_get_exrule | change | +| i_cal_property_get_freebusy | change | +| i_cal_property_get_geo | change | +| i_cal_property_get_lastmodified | change | +| i_cal_property_get_maxdate | change | +| i_cal_property_get_mindate | change | +| i_cal_property_get_rdate | change | +| i_cal_property_get_recurrenceid | change | +| i_cal_property_get_requeststatus | change | +| i_cal_property_get_rrule | change | +| i_cal_property_get_trigger | change | +| i_cal_property_get_tzuntil | change | +| i_cal_property_new_acknowledged | change | +| i_cal_property_new_completed | change | +| i_cal_property_new_created | change | +| i_cal_property_new_datemax | change | +| i_cal_property_new_datemin | change | +| i_cal_property_new_dtend | change | +| i_cal_property_new_dtstamp | change | +| i_cal_property_new_dtstart | change | +| i_cal_property_new_due | change | +| i_cal_property_new_duration | change | +| i_cal_property_new_estimatedduration | change | +| i_cal_property_new_exdate | change | +| i_cal_property_new_exrule | change | +| i_cal_property_new_freebusy | change | +| i_cal_property_new_geo | change | +| i_cal_property_new_lastmodified | change | +| i_cal_property_new_maxdate | change | +| i_cal_property_new_mindate | change | +| i_cal_property_new_rdate | change | +| i_cal_property_new_recurrenceid | change | +| i_cal_property_new_requeststatus | change | +| i_cal_property_new_rrule | change | +| i_cal_property_new_trigger | change | +| i_cal_property_new_tzuntil | change | +| i_cal_property_set_acknowledged | change | +| i_cal_property_set_completed | change | +| i_cal_property_set_created | change | +| i_cal_property_set_datemax | change | +| i_cal_property_set_datemin | change | +| i_cal_property_set_dtend | change | +| i_cal_property_set_dtstamp | change | +| i_cal_property_set_dtstart | change | +| i_cal_property_set_due | change | +| i_cal_property_set_duration | change | +| i_cal_property_set_estimatedduration | change | +| i_cal_property_set_exdate | change | +| i_cal_property_set_exrule | change | +| i_cal_property_set_freebusy | change | +| i_cal_property_set_geo | change | +| i_cal_property_set_lastmodified | change | +| i_cal_property_set_maxdate | change | +| i_cal_property_set_mindate | change | +| i_cal_property_set_rdate | change | +| i_cal_property_set_recurrenceid | change | +| i_cal_property_set_requeststatus | change | +| i_cal_property_set_rrule | change | +| i_cal_property_set_trigger | change | +| i_cal_property_set_tzuntil | change | +| i_cal_recur_iterator_new | change | +| i_cal_recur_iterator_next | change | +| i_cal_recur_iterator_set_start | change | +| i_cal_time_add | change | +| i_cal_time_adjust | change | +| i_cal_time_as_timet | change | +| i_cal_time_compare | change | +| i_cal_time_compare_date_only | change | +| i_cal_time_compare_date_only_tz | change | +| i_cal_time_convert_to_zone | change | +| i_cal_time_day_of_week | change | +| i_cal_time_day_of_year | change | +| i_cal_time_normalize | change | +| i_cal_time_span_new | change | +| i_cal_time_start_doy_week | change | +| i_cal_time_subtract | change | +| i_cal_time_week_number | change | +| i_cal_timezone_get_utc_offset | change | +| i_cal_timezone_get_utc_offset_of_utc_time | change | +| i_cal_value_get_date | change | +| i_cal_value_get_datetime | change | +| i_cal_value_get_datetimedate | change | +| i_cal_value_get_datetimeperiod | change | +| i_cal_value_get_duration | change | +| i_cal_value_get_geo | change | +| i_cal_value_get_period | change | +| i_cal_value_get_recur | change | +| i_cal_value_get_requeststatus | change | +| i_cal_value_get_trigger | change | +| i_cal_value_new_date | change | +| i_cal_value_new_datetime | change | +| i_cal_value_new_datetimedate | change | +| i_cal_value_new_datetimeperiod | change | +| i_cal_value_new_duration | change | +| i_cal_value_new_geo | change | +| i_cal_value_new_period | change | +| i_cal_value_new_recur | change | +| i_cal_value_new_requeststatus | change | +| i_cal_value_new_trigger | change | +| i_cal_value_set_date | change | +| i_cal_value_set_datetime | change | +| i_cal_value_set_datetimedate | change | +| i_cal_value_set_datetimeperiod | change | +| i_cal_value_set_duration | change | +| i_cal_value_set_geo | change | +| i_cal_value_set_period | change | +| i_cal_value_set_recur | change | +| i_cal_value_set_requeststatus | change | +| i_cal_value_set_trigger | change | + +## libid3tag + +详见 [libid3tag](./LTS_to_SP2_changed_abi_detail/libid3tag_all_result.md\) + +| function | type | +|:---- |:-- | +| id3_compat_fixup | add | +| id3_compat_lookup | add | +| id3_frametype_lookup | change | + +## libiscsi + +详见 [libiscsi](./LTS_to_SP2_changed_abi_detail/libiscsi_all_result.md\) + +| function | type | +|:---- |:-- | +| iscsi_extended_copy_sync | add | +| iscsi_extended_copy_task | add | +| iscsi_receive_copy_results_sync | add | +| iscsi_receive_copy_results_task | add | +| iscsi_compareandwrite_iov_sync | change | + +## libksba + +详见 [libksba](./LTS_to_SP2_changed_abi_detail/libksba_all_result.md\) + +| function | type | +|:---- |:-- | +| ksba_der_add_bts | add | +| ksba_der_add_der | add | +| ksba_der_add_end | add | +| ksba_der_add_int | add | +| ksba_der_add_oid | add | +| ksba_der_add_ptr | add | +| ksba_der_add_tag | add | +| ksba_der_add_val | add | +| ksba_der_builder_get | add | +| ksba_der_builder_new | add | +| ksba_der_builder_reset | add | +| ksba_der_release | add | +| _ksba_keyinfo_from_sexp | change | + +## libmpc + +详见 [libmpc](./LTS_to_SP2_changed_abi_detail/libmpc_all_result.md\) + +| function | type | +|:---- |:-- | +| mpc_dot | add | +| mpc_sum | add | + +## libnet + +详见 [libnet](./LTS_to_SP2_changed_abi_detail/libnet_all_result.md\) + +| function | type | +|:---- |:-- | +| __libnet_print_vers | remove | +| libnet_build_ospfv2_hello_neighbor | add | +| libnet_adv_cull_header | change | + +## libpsl + +详见 [libpsl](./LTS_to_SP2_changed_abi_detail/libpsl_all_result.md\) + +| function | type | +|:---- |:-- | +| psl_builtin | change | +| psl_free | change | +| psl_is_cookie_domain_acceptable | change | +| psl_is_public_suffix | change | +| psl_is_public_suffix2 | change | +| psl_latest | change | +| psl_load_file | change | +| psl_load_fp | change | +| psl_suffix_count | change | +| psl_suffix_exception_count | change | +| psl_suffix_wildcard_count | change | + +## librepo + +详见 [librepo](./LTS_to_SP2_changed_abi_detail/librepo_all_result.md\) + +| function | type | +|:---- |:-- | +| ensure_socket_dir_exists | add | + +## libsecret + +详见 [libsecret](./LTS_to_SP2_changed_abi_detail/libsecret_all_result.md\) + +| function | type | +|:---- |:-- | +| secret_backend_flags_get_type | add | +| secret_backend_get | add | +| secret_backend_get_finish | add | +| secret_backend_get_type | add | +| secret_file_backend_get_type | add | +| secret_file_collection_clear | add | +| secret_file_collection_get_type | add | +| secret_file_collection_replace | add | +| secret_file_collection_search | add | +| secret_file_collection_write | add | +| secret_file_collection_write_finish | add | +| secret_file_item_deserialize | add | +| secret_file_item_get_type | add | +| secret_file_item_serialize | add | +| secret_password_lookup_binary_finish | add | +| secret_password_lookup_binary_sync | add | +| secret_password_lookupv_binary_sync | add | +| secret_password_search | add | +| secret_password_search_finish | add | +| secret_password_search_sync | add | +| secret_password_searchv | add | +| secret_password_searchv_sync | add | +| secret_password_store_binary | add | +| secret_password_store_binary_sync | add | +| secret_password_storev_binary | add | +| secret_password_storev_binary_sync | add | +| secret_retrievable_get_attributes | add | +| secret_retrievable_get_created | add | +| secret_retrievable_get_label | add | +| secret_retrievable_get_modified | add | +| secret_retrievable_get_type | add | +| secret_retrievable_retrieve_secret | add | +| secret_retrievable_retrieve_secret_finish | add | +| secret_retrievable_retrieve_secret_sync | add | +| secret_value_unref_to_password | add | + +## libvma + +详见 [libvma](./LTS_to_SP2_changed_abi_detail/libvma_all_result.md\) + +| function | type | +|:---- |:-- | +| Floyd_LogCircleInfo | change | +| buffer_pool::find_lkey_by_ib_ctx_thread_safe | change | +| cq_mgr::add_qp_rx | change | +| sockinfo_tcp::accept_clone | change | +| vma_ib_mlx5dv_init_obj | change | + +## libwebsockets + +详见 [libwebsockets](./LTS_to_SP2_changed_abi_detail/libwebsockets_all_result.md\) + +| function | type | +|:---- |:-- | +| interface_to_sa | remove | +| lws_alloc_vfs_file | remove | +| lws_client_connect | remove | +| lws_client_connect_extended | remove | +| lws_context_destroy2 | remove | +| lws_context_init_extensions | remove | +| lws_context_init_server_ssl | remove | +| lws_ext_parse_options | remove | +| lws_extension_callback_pm_deflate | remove | +| lws_plat_change_pollfd | remove | +| lws_plat_check_connection_error | remove | +| lws_plat_context_early_destroy | remove | +| lws_plat_context_early_init | remove | +| lws_plat_context_late_destroy | remove | +| lws_plat_delete_socket_from_fds | remove | +| lws_plat_drop_app_privileges | remove | +| lws_plat_inet_ntop | remove | +| lws_plat_inet_pton | remove | +| lws_plat_init | remove | +| lws_plat_insert_socket_into_fds | remove | +| lws_plat_service | remove | +| lws_plat_service_periodic | remove | +| lws_plat_set_socket_options | remove | +| lws_poll_listen_fd | remove | +| lws_read | remove | +| lws_server_get_canonical_hostname | remove | +| lws_server_socket_service | remove | +| lws_server_socket_service_ssl | remove | +| lws_set_parent_carries_io | remove | +| lws_ssl_capable_read | remove | +| lws_ssl_capable_read_no_ssl | remove | +| lws_ssl_capable_write | remove | +| lws_ssl_capable_write_no_ssl | remove | +| lws_ssl_close | remove | +| lws_ssl_destroy | remove | +| lws_ssl_pending | remove | +| lws_ssl_pending_no_ssl | remove | +| lws_union_transition | remove | +| lws_vhost_get | remove | +| __lws_sul_insert | add | +| __lws_sul_service_ripe | add | +| __lws_system_attach | add | +| lejp_change_callback | add | +| lejp_check_path_match | add | +| lejp_construct | add | +| lejp_destruct | add | +| lejp_error_to_string | add | +| lejp_get_wildcard | add | +| lejp_parse | add | +| lejp_parser_pop | add | +| lejp_parser_push | add | +| lws_add_http_common_headers | add | +| lws_adopt_descriptor_vhost_via_info | add | +| lws_b64_decode_state_init | add | +| lws_b64_decode_stateful | add | +| lws_b64_decode_string_len | add | +| lws_b64_encode_string_url | add | +| lws_base64_size | add | +| lws_buflist_append_segment | add | +| lws_buflist_describe | add | +| lws_buflist_destroy_all_segments | add | +| lws_buflist_linear_copy | add | +| lws_buflist_next_segment_len | add | +| lws_buflist_total_len | add | +| lws_buflist_use_segment | add | +| lws_callback_vhost_protocols_vhost | add | +| lws_client_http_multipart | add | +| lws_cmdline_option | add | +| lws_cmdline_option_handle_builtin | add | +| lws_create_adopt_udp | add | +| lws_dir | add | +| lws_diskcache_create | add | +| lws_diskcache_destroy | add | +| lws_diskcache_finalize_name | add | +| lws_diskcache_prepare | add | +| lws_diskcache_query | add | +| lws_diskcache_secs_to_idle | add | +| lws_diskcache_trim | add | +| lws_dll2_add_before | add | +| lws_dll2_add_head | add | +| lws_dll2_add_sorted | add | +| lws_dll2_add_tail | add | +| lws_dll2_clear | add | +| lws_dll2_foreach_safe | add | +| lws_dll2_owner_clear | add | +| lws_dll2_remove | add | +| lws_explicit_bzero | add | +| lws_filename_purify_inplace | add | +| lws_finalize_write_http_header | add | +| lws_fts_close | add | +| lws_fts_create | add | +| lws_fts_destroy | add | +| lws_fts_file_index | add | +| lws_fts_fill | add | +| lws_fts_open | add | +| lws_fts_search | add | +| lws_fts_serialize | add | +| lws_genaes_create | add | +| lws_genaes_crypt | add | +| lws_genaes_destroy | add | +| lws_gencrypto_bits_to_bytes | add | +| lws_gencrypto_jwe_alg_to_definition | add | +| lws_gencrypto_jwe_enc_to_definition | add | +| lws_gencrypto_jws_alg_to_definition | add | +| lws_gencrypto_padded_length | add | +| lws_genec_destroy | add | +| lws_genec_destroy_elements | add | +| lws_genec_dump | add | +| lws_genecdh_compute_shared_secret | add | +| lws_genecdh_create | add | +| lws_genecdh_new_keypair | add | +| lws_genecdh_set_key | add | +| lws_genecdsa_create | add | +| lws_genecdsa_hash_sig_verify_jws | add | +| lws_genecdsa_hash_sign_jws | add | +| lws_genecdsa_new_keypair | add | +| lws_genecdsa_set_key | add | +| lws_genhmac_destroy | add | +| lws_genhmac_init | add | +| lws_genhmac_size | add | +| lws_genhmac_update | add | +| lws_genrsa_create | add | +| lws_genrsa_destroy | add | +| lws_genrsa_destroy_elements | add | +| lws_genrsa_hash_sig_verify | add | +| lws_genrsa_hash_sign | add | +| lws_genrsa_new_keypair | add | +| lws_genrsa_private_decrypt | add | +| lws_genrsa_private_encrypt | add | +| lws_genrsa_public_decrypt | add | +| lws_genrsa_public_encrypt | add | +| lws_get_effective_uid_gid | add | +| lws_get_opaque_user_data | add | +| lws_get_peer_simple_fd | add | +| lws_get_tsi | add | +| lws_get_udp | add | +| lws_get_vhost_by_name | add | +| lws_get_vhost_iface | add | +| lws_get_vhost_listen_port | add | +| lws_get_vhost_name | add | +| lws_get_vhost_port | add | +| lws_get_vhost_user | add | +| lws_h2_client_stream_long_poll_rxonly | add | +| lws_h2_get_peer_txcredit_estimate | add | +| lws_h2_update_peer_txcredit | add | +| lws_hdr_custom_copy | add | +| lws_hdr_custom_length | add | +| lws_hex_to_byte_array | add | +| lws_http_basic_auth_gen | add | +| lws_http_compression_apply | add | +| lws_http_get_uri_and_method | add | +| lws_http_headers_detach | add | +| lws_http_is_redirected_to_get | add | +| lws_http_mark_sse | add | +| lws_humanize | add | +| lws_jose_destroy | add | +| lws_jose_init | add | +| lws_json_purify_len | add | +| lws_jwa_concat_kdf | add | +| lws_jwe_auth_and_decrypt | add | +| lws_jwe_auth_and_decrypt_cbc_hs | add | +| lws_jwe_be64 | add | +| lws_jwe_create_packet | add | +| lws_jwe_destroy | add | +| lws_jwe_encrypt | add | +| lws_jwe_init | add | +| lws_jwe_json_parse | add | +| lws_jwe_parse_jose | add | +| lws_jwe_render_compact | add | +| lws_jwe_render_flattened | add | +| lws_jwk_destroy | add | +| lws_jwk_dump | add | +| lws_jwk_dup_oct | add | +| lws_jwk_export | add | +| lws_jwk_generate | add | +| lws_jwk_import | add | +| lws_jwk_load | add | +| lws_jwk_rfc7638_fingerprint | add | +| lws_jwk_save | add | +| lws_jwk_strdup_meta | add | +| lws_jws_alloc_element | add | +| lws_jws_b64_compact_map | add | +| lws_jws_base64_enc | add | +| lws_jws_compact_decode | add | +| lws_jws_compact_encode | add | +| lws_jws_destroy | add | +| lws_jws_dup_element | add | +| lws_jws_encode_b64_element | add | +| lws_jws_encode_section | add | +| lws_jws_init | add | +| lws_jws_parse_jose | add | +| lws_jws_randomize_element | add | +| lws_jws_sig_confirm | add | +| lws_jws_sig_confirm_compact | add | +| lws_jws_sig_confirm_compact_b64 | add | +| lws_jws_sig_confirm_compact_b64_map | add | +| lws_jws_sig_confirm_json | add | +| lws_jws_sign_from_b64 | add | +| lws_jws_write_compact | add | +| lws_jws_write_flattened_json | add | +| lws_list_ptr_insert | add | +| lws_now_usecs | add | +| lws_open | add | +| lws_parse_numeric_address | add | +| lws_plat_read_file | add | +| lws_plat_recommended_rsa_bits | add | +| lws_plat_write_cert | add | +| lws_plat_write_file | add | +| lws_pvo_get_str | add | +| lws_pvo_search | add | +| lws_raw_transaction_completed | add | +| lws_retry_get_delay_ms | add | +| lws_retry_sul_schedule | add | +| lws_retry_sul_schedule_retry_wsi | add | +| lws_ring_dump | add | +| lws_sa46_compare_ads | add | +| lws_sa46_parse_numeric_address | add | +| lws_sa46_write_numeric_address | add | +| lws_seq_check_wsi | add | +| lws_seq_create | add | +| lws_seq_destroy | add | +| lws_seq_from_user | add | +| lws_seq_get_context | add | +| lws_seq_name | add | +| lws_seq_queue_event | add | +| lws_seq_timeout_us | add | +| lws_seq_us_since_creation | add | +| lws_ser_ru16be | add | +| lws_ser_ru32be | add | +| lws_ser_ru64be | add | +| lws_ser_wu16be | add | +| lws_ser_wu32be | add | +| lws_ser_wu64be | add | +| lws_set_opaque_user_data | add | +| lws_set_socks | add | +| lws_set_timer_usecs | add | +| lws_spa_create_via_info | add | +| lws_state_reg_deregister | add | +| lws_state_reg_notifier | add | +| lws_state_reg_notifier_list | add | +| lws_state_transition | add | +| lws_state_transition_steps | add | +| lws_strexp_expand | add | +| lws_strexp_init | add | +| lws_strexp_reset_out | add | +| lws_strncpy | add | +| lws_sul_schedule | add | +| lws_system_blob_destroy | add | +| lws_system_blob_direct_set | add | +| lws_system_blob_get | add | +| lws_system_blob_get_single_ptr | add | +| lws_system_blob_get_size | add | +| lws_system_blob_heap_append | add | +| lws_system_blob_heap_empty | add | +| lws_system_context_from_system_mgr | add | +| lws_system_get_blob | add | +| lws_system_get_ops | add | +| lws_system_get_state_manager | add | +| lws_threadpool_create | add | +| lws_threadpool_dequeue | add | +| lws_threadpool_destroy | add | +| lws_threadpool_dump | add | +| lws_threadpool_enqueue | add | +| lws_threadpool_finish | add | +| lws_threadpool_task_status_wsi | add | +| lws_threadpool_task_sync | add | +| lws_timed_callback_vh_protocol | add | +| lws_timed_callback_vh_protocol_us | add | +| lws_timingsafe_bcmp | add | +| lws_tls_acme_sni_cert_create | add | +| lws_tls_acme_sni_csr_create | add | +| lws_tls_cert_updated | add | +| lws_tls_client_vhost_extra_cert_mem | add | +| lws_tls_peer_cert_info | add | +| lws_tls_vhost_cert_info | add | +| lws_tokenize | add | +| lws_tokenize_cstr | add | +| lws_tokenize_init | add | +| lws_validity_confirmed | add | +| lws_vbi_decode | add | +| lws_vbi_encode | add | +| lws_write_numeric_address | add | +| lws_wsi_tx_credit | add | +| lws_x509_create | add | +| lws_x509_destroy | add | +| lws_x509_info | add | +| lws_x509_jwk_privkey_pem | add | +| lws_x509_parse_from_pem | add | +| lws_x509_public_to_jwk | add | +| lws_x509_verify | add | +| lwsac_align | add | +| lwsac_cached_file | add | +| lwsac_detach | add | +| lwsac_extend | add | +| lwsac_free | add | +| lwsac_get_next | add | +| lwsac_get_tail_pos | add | +| lwsac_info | add | +| lwsac_reference | add | +| lwsac_scan_extant | add | +| lwsac_sizeof | add | +| lwsac_total_alloc | add | +| lwsac_total_overhead | add | +| lwsac_unreference | add | +| lwsac_use | add | +| lwsac_use_backfill | add | +| lwsac_use_cached_file_detach | add | +| lwsac_use_cached_file_end | add | +| lwsac_use_cached_file_start | add | +| lwsac_use_zero | add | +| lwsl_emit_stderr_notimestamp | add | +| lwsws_get_config_globals | add | +| lwsws_get_config_vhosts | add | +| _lws_plat_service_tsi | change | +| lws_add_http_header_by_token | change | +| lws_adopt_descriptor_vhost | change | +| lws_chunked_html_process | change | +| lws_client_connect_via_info | change | +| lws_client_reset | change | +| lws_create_context | change | +| lws_create_vhost | change | +| lws_genhash_init | change | +| lws_genhash_size | change | +| lws_get_peer_simple | change | +| lws_get_peer_write_allowance | change | +| lws_get_random | change | +| lws_hdr_copy | change | +| lws_init_vhost_client_ssl | change | +| lws_ring_bump_head | change | +| lws_set_timeout | change | +| lws_spa_create | change | +| lws_token_to_string | change | + +## libxslt + +详见 [libxslt](./LTS_to_SP2_changed_abi_detail/libxslt_all_result.md\) + +| function | type | +|:---- |:-- | +| exsltDateXpathCtxtRegister | change | +| xsltCompMatchClearCache | add | +| xsltParseStylesheetUser | add | +| xslAddCall | change | +| xsltApplyImports | change | +| xsltApplyTemplates | change | +| xsltAttribute | change | +| xsltCallTemplate | change | +| xsltChoose | change | +| xsltComment | change | +| xsltCopy | change | +| xsltCopyOf | change | +| xsltDebug | change | +| xsltDocumentElem | change | +| xsltElement | change | +| xsltForEach | change | +| xsltIf | change | +| xsltNumber | change | +| xsltProcessingInstruction | change | +| xsltSort | change | +| xsltText | change | +| xsltValueOf | change | +| xsltXPathFunctionLookup | change | + +## lm_sensors + +详见 [lm_sensors](./LTS_to_SP2_changed_abi_detail/lm_sensors_all_result.md\) + +| function | type | +|:---- |:-- | +| None | None | + +## nftables + +详见 [nftables](./LTS_to_SP2_changed_abi_detail/nftables_all_result.md\) + +| function | type | +|:---- |:-- | +| __memory_allocation_error | remove | +| __netlink_abi_error | remove | +| __netlink_init_error | remove | +| __stmt_binary_error | remove | +| alloc_nft_expr | remove | +| alloc_nftnl_chain | remove | +| alloc_nftnl_rule | remove | +| alloc_nftnl_set | remove | +| alloc_nftnl_table | remove | +| binop_expr_alloc | remove | +| bitmask_expr_to_binops | remove | +| cache_flush | remove | +| cache_release | remove | +| cache_update | remove | +| chain_add_hash | remove | +| chain_alloc | remove | +| chain_free | remove | +| chain_get | remove | +| chain_hookname_lookup | remove | +| chain_lookup | remove | +| chain_policy2str | remove | +| chain_print_plain | remove | +| chain_type_name_lookup | remove | +| cmd_alloc | remove | +| cmd_alloc_obj_ct | remove | +| cmd_evaluate | remove | +| cmd_free | remove | +| compound_expr_add | remove | +| compound_expr_alloc | remove | +| compound_expr_remove | remove | +| concat_expr_alloc | remove | +| concat_type_alloc | remove | +| concat_type_destroy | remove | +| connlimit_stmt_alloc | remove | +| constant_expr_alloc | remove | +| constant_expr_join | remove | +| constant_expr_splice | remove | +| counter_stmt_alloc | remove | +| ct_dir2str | remove | +| ct_expr_alloc | remove | +| ct_expr_update_type | remove | +| ct_label2str | remove | +| ct_label_table_exit | remove | +| ct_label_table_init | remove | +| ct_stmt_alloc | remove | +| data_unit_parse | remove | +| datatype_lookup | remove | +| datatype_lookup_byname | remove | +| datatype_print | remove | +| devgroup_table_exit | remove | +| devgroup_table_init | remove | +| do_command | remove | +| dup_stmt_alloc | remove | +| erec_add_location | remove | +| erec_create | remove | +| erec_destroy | remove | +| erec_print | remove | +| erec_print_list | remove | +| erec_vcreate | remove | +| expr_alloc | remove | +| expr_basetype | remove | +| expr_binary_error | remove | +| expr_clone | remove | +| expr_cmp | remove | +| expr_describe | remove | +| expr_free | remove | +| expr_get | remove | +| expr_print | remove | +| expr_set_type | remove | +| expr_stmt_alloc | remove | +| exthdr_dependency_kill | remove | +| exthdr_expr_alloc | remove | +| exthdr_find_proto | remove | +| exthdr_find_template | remove | +| exthdr_gen_dependency | remove | +| exthdr_init_raw | remove | +| exthdr_stmt_alloc | remove | +| family2str | remove | +| fib_expr_alloc | remove | +| fib_result_str | remove | +| flag_expr_alloc | remove | +| flow_offload_stmt_alloc | remove | +| flowtable_add_hash | remove | +| flowtable_alloc | remove | +| flowtable_free | remove | +| flowtable_get | remove | +| flowtable_print | remove | +| fwd_stmt_alloc | remove | +| get_rate | remove | +| get_set_decompose | remove | +| get_set_intervals | remove | +| get_unit | remove | +| gmp_init | remove | +| handle_free | remove | +| handle_merge | remove | +| hash_expr_alloc | remove | +| hooknum2str | remove | +| iface_cache_release | remove | +| iface_cache_update | remove | +| interval_map_decompose | remove | +| limit_stmt_alloc | remove | +| list_expr_alloc | remove | +| list_expr_sort | remove | +| log_level | remove | +| log_level_parse | remove | +| log_stmt_alloc | remove | +| map_expr_alloc | remove | +| map_stmt_alloc | remove | +| mapping_expr_alloc | remove | +| mark_table_exit | remove | +| mark_table_init | remove | +| markup_alloc | remove | +| markup_free | remove | +| meta_expr_alloc | remove | +| meta_key_parse | remove | +| meta_stmt_alloc | remove | +| meta_stmt_meta_iiftype | remove | +| meter_stmt_alloc | remove | +| mnl_batch_begin | remove | +| mnl_batch_end | remove | +| mnl_batch_init | remove | +| mnl_batch_ready | remove | +| mnl_batch_reset | remove | +| mnl_batch_talk | remove | +| mnl_err_list_free | remove | +| mnl_genid_get | remove | +| mnl_nft_chain_batch_add | remove | +| mnl_nft_chain_batch_del | remove | +| mnl_nft_chain_dump | remove | +| mnl_nft_event_listener | remove | +| mnl_nft_flowtable_batch_add | remove | +| mnl_nft_flowtable_batch_del | remove | +| mnl_nft_flowtable_dump | remove | +| mnl_nft_obj_batch_add | remove | +| mnl_nft_obj_batch_del | remove | +| mnl_nft_obj_dump | remove | +| mnl_nft_rule_batch_add | remove | +| mnl_nft_rule_batch_del | remove | +| mnl_nft_rule_batch_replace | remove | +| mnl_nft_rule_dump | remove | +| mnl_nft_ruleset_dump | remove | +| mnl_nft_set_batch_add | remove | +| mnl_nft_set_batch_del | remove | +| mnl_nft_set_dump | remove | +| mnl_nft_setelem_batch_add | remove | +| mnl_nft_setelem_batch_del | remove | +| mnl_nft_setelem_batch_flush | remove | +| mnl_nft_setelem_get | remove | +| mnl_nft_setelem_get_one | remove | +| mnl_nft_table_batch_add | remove | +| mnl_nft_table_batch_del | remove | +| mnl_nft_table_dump | remove | +| mnl_seqnum_alloc | remove | +| monitor_alloc | remove | +| monitor_free | remove | +| mpz_bitmask | remove | +| mpz_export_data | remove | +| mpz_get_be16 | remove | +| mpz_get_be32 | remove | +| mpz_get_uint16 | remove | +| mpz_get_uint32 | remove | +| mpz_get_uint64 | remove | +| mpz_get_uint8 | remove | +| mpz_import_data | remove | +| mpz_init_bitmask | remove | +| mpz_lshift_ui | remove | +| mpz_prefixmask | remove | +| mpz_rshift_ui | remove | +| mpz_switch_byteorder | remove | +| must_print_eq_op | remove | +| nat_etype2str | remove | +| nat_stmt_alloc | remove | +| netlink_add_chain_batch | remove | +| netlink_add_flowtable | remove | +| netlink_add_obj | remove | +| netlink_add_rule_batch | remove | +| netlink_add_set_batch | remove | +| netlink_add_setelems_batch | remove | +| netlink_add_table_batch | remove | +| netlink_alloc_data | remove | +| netlink_alloc_value | remove | +| netlink_batch_send | remove | +| netlink_close_sock | remove | +| netlink_del_rule_batch | remove | +| netlink_delete_chain_batch | remove | +| netlink_delete_flowtable | remove | +| netlink_delete_obj | remove | +| netlink_delete_set_batch | remove | +| netlink_delete_setelems_batch | remove | +| netlink_delete_table_batch | remove | +| netlink_delinearize_chain | remove | +| netlink_delinearize_obj | remove | +| netlink_delinearize_rule | remove | +| netlink_delinearize_set | remove | +| netlink_delinearize_setelem | remove | +| netlink_delinearize_table | remove | +| netlink_dump_chain | remove | +| netlink_dump_expr | remove | +| netlink_dump_obj | remove | +| netlink_dump_rule | remove | +| netlink_dump_ruleset | remove | +| netlink_dump_set | remove | +| netlink_echo_callback | remove | +| netlink_events_trace_cb | remove | +| netlink_flush_chain | remove | +| netlink_flush_setelems | remove | +| netlink_gen_data | remove | +| netlink_gen_raw_data | remove | +| netlink_genid_get | remove | +| netlink_get_setelem | remove | +| netlink_io_error | remove | +| netlink_linearize_rule | remove | +| netlink_list_chains | remove | +| netlink_list_flowtables | remove | +| netlink_list_objs | remove | +| netlink_list_setelems | remove | +| netlink_list_sets | remove | +| netlink_list_table | remove | +| netlink_list_tables | remove | +| netlink_markup_parse_cb | remove | +| netlink_monitor | remove | +| netlink_open_sock | remove | +| netlink_parse_set_expr | remove | +| netlink_rename_chain_batch | remove | +| netlink_replace_rule_batch | remove | +| netlink_reset_objs | remove | +| netlink_restart | remove | +| nft__create_buffer | remove | +| nft__delete_buffer | remove | +| nft__flush_buffer | remove | +| nft__scan_buffer | remove | +| nft__scan_bytes | remove | +| nft__scan_string | remove | +| nft__switch_to_buffer | remove | +| nft_alloc | remove | +| nft_cmd_expand | remove | +| nft_ctx_output_get_echo | remove | +| nft_ctx_output_get_handle | remove | +| nft_ctx_output_get_ip2name | remove | +| nft_ctx_output_get_json | remove | +| nft_ctx_output_get_numeric | remove | +| nft_ctx_output_get_stateless | remove | +| nft_ctx_output_set_echo | remove | +| nft_ctx_output_set_handle | remove | +| nft_ctx_output_set_ip2name | remove | +| nft_ctx_output_set_json | remove | +| nft_ctx_output_set_numeric | remove | +| nft_ctx_output_set_stateless | remove | +| nft_free | remove | +| nft_get_column | remove | +| nft_get_debug | remove | +| nft_get_extra | remove | +| nft_get_in | remove | +| nft_get_leng | remove | +| nft_get_lineno | remove | +| nft_get_lloc | remove | +| nft_get_lval | remove | +| nft_get_out | remove | +| nft_get_text | remove | +| nft_gmp_print | remove | +| nft_if_indextoname | remove | +| nft_if_nametoindex | remove | +| nft_lex | remove | +| nft_lex_destroy | remove | +| nft_lex_init | remove | +| nft_lex_init_extra | remove | +| nft_parse | remove | +| nft_pop_buffer_state | remove | +| nft_print | remove | +| nft_push_buffer_state | remove | +| nft_realloc | remove | +| nft_restart | remove | +| nft_set_column | remove | +| nft_set_debug | remove | +| nft_set_extra | remove | +| nft_set_in | remove | +| nft_set_lineno | remove | +| nft_set_lloc | remove | +| nft_set_lval | remove | +| nft_set_out | remove | +| notrack_stmt_alloc | remove | +| numgen_expr_alloc | remove | +| obj_add_hash | remove | +| obj_alloc | remove | +| obj_free | remove | +| obj_get | remove | +| obj_lookup | remove | +| obj_print | remove | +| obj_print_plain | remove | +| obj_type_name | remove | +| obj_type_to_cmd | remove | +| objref_stmt_alloc | remove | +| objref_type_name | remove | +| parser_init | remove | +| payload_can_merge | remove | +| payload_dependency_exists | remove | +| payload_dependency_kill | remove | +| payload_dependency_release | remove | +| payload_dependency_reset | remove | +| payload_dependency_store | remove | +| payload_expr_alloc | remove | +| payload_expr_complete | remove | +| payload_expr_expand | remove | +| payload_expr_join | remove | +| payload_expr_trim | remove | +| payload_gen_dependency | remove | +| payload_hdr_field | remove | +| payload_init_raw | remove | +| payload_is_known | remove | +| payload_is_stacked | remove | +| payload_stmt_alloc | remove | +| prefix_expr_alloc | remove | +| proto_ctx_init | remove | +| proto_ctx_update | remove | +| proto_dev_desc | remove | +| proto_dev_type | remove | +| proto_find_num | remove | +| proto_find_upper | remove | +| queue_stmt_alloc | remove | +| quota_stmt_alloc | remove | +| range_expr_alloc | remove | +| range_expr_value_high | remove | +| range_expr_value_low | remove | +| rate_parse | remove | +| rb_erase | remove | +| rb_first | remove | +| rb_insert_color | remove | +| rb_last | remove | +| rb_next | remove | +| rb_prev | remove | +| rb_replace_node | remove | +| realm_table_meta_exit | remove | +| realm_table_meta_init | remove | +| realm_table_rt_exit | remove | +| realm_table_rt_init | remove | +| reject_stmt_alloc | remove | +| relational_expr_alloc | remove | +| relational_expr_pctx_update | remove | +| rt_expr_alloc | remove | +| rt_expr_update_type | remove | +| rt_symbol_table_free | remove | +| rt_symbol_table_init | remove | +| rule_alloc | remove | +| rule_free | remove | +| rule_get | remove | +| rule_lookup | remove | +| rule_postprocess | remove | +| rule_print | remove | +| scanner_destroy | remove | +| scanner_include_file | remove | +| scanner_init | remove | +| scanner_push_buffer | remove | +| scanner_read_file | remove | +| scope_init | remove | +| scope_release | remove | +| set_add_hash | remove | +| set_alloc | remove | +| set_clone | remove | +| set_datatype_alloc | remove | +| set_datatype_destroy | remove | +| set_elem_expr_alloc | remove | +| set_expr_alloc | remove | +| set_free | remove | +| set_get | remove | +| set_lookup | remove | +| set_lookup_global | remove | +| set_policy2str | remove | +| set_print | remove | +| set_print_plain | remove | +| set_ref_expr_alloc | remove | +| set_stmt_alloc | remove | +| set_to_intervals | remove | +| socket_expr_alloc | remove | +| stmt_alloc | remove | +| stmt_evaluate | remove | +| stmt_free | remove | +| stmt_list_free | remove | +| stmt_print | remove | +| symbol_bind | remove | +| symbol_expr_alloc | remove | +| symbol_get | remove | +| symbol_lookup | remove | +| symbol_parse | remove | +| symbol_table_print | remove | +| symbol_unbind | remove | +| symbolic_constant_parse | remove | +| symbolic_constant_print | remove | +| table_add_hash | remove | +| table_alloc | remove | +| table_free | remove | +| table_get | remove | +| table_lookup | remove | +| tcpopt_expr_alloc | remove | +| tcpopt_find_template | remove | +| tcpopt_init_raw | remove | +| time_parse | remove | +| time_print | remove | +| unary_expr_alloc | remove | +| variable_expr_alloc | remove | +| verdict_expr_alloc | remove | +| verdict_stmt_alloc | remove | +| xfree | remove | +| xmalloc | remove | +| xmalloc_array | remove | +| xrealloc | remove | +| xstrdup | remove | +| xstrunescape | remove | +| xt_stmt_alloc | remove | +| xzalloc | remove | +| nft_ctx_output_get_flags | add | +| nft_ctx_output_set_flags | add | +| nft_ctx_add_include_path | change | +| nft_run_cmd_from_buffer | change | + +## openhpi + +详见 [openhpi](./LTS_to_SP2_changed_abi_detail/openhpi_all_result.md\) + +| function | type | +|:---- |:-- | +| curlerr_to_ov_rest_err | change | + +## OpenIPMI + +详见 [OpenIPMI](./LTS_to_SP2_changed_abi_detail/OpenIPMI_all_result.md\) + +| function | type | +|:---- |:-- | +| sel_select_intr_sigmask | add | +| sel_setup_forked_process | add | +| sel_select_intr_sigmask | add | +| sel_setup_forked_process | add | +| ipmbserv_handle_data | add | +| ipmbserv_init | add | +| ipmbserv_read_config | add | +| chan_init | change | +| debug_log_raw_msg | change | +| handle_asf | change | +| ra_setup | change | + +## openldap + +详见 [openldap](./LTS_to_SP2_changed_abi_detail/openldap_all_result.md\) + +| function | type | +|:---- |:-- | +| ldap_abandon | change | +| ldap_int_initialize_global_options | change | +| ldap_int_sasl_config | change | +| ldap_int_tls_destroy | change | +| ldap_abandon | change | +| ldap_int_initialize_global_options | change | +| ldap_int_sasl_config | change | +| ldap_int_tls_destroy | change | + +## pam + +详见 [pam](./LTS_to_SP2_changed_abi_detail/pam_all_result.md\) + +| function | type | +|:---- |:-- | +| pam_modutil_check_user_in_passwd | add | +| pam_modutil_search_key | add | +| pam_start_confdir | add | +| pam_acct_mgmt | change | +| pam_sm_authenticate | add | +| pam_sm_setcred | add | + +## pkgconf + +详见 [pkgconf](./LTS_to_SP2_changed_abi_detail/pkgconf_all_result.md\) + +| function | type | +|:---- |:-- | +| pkgconf_client_dir_list_build | change | + +## plymouth + +详见 [plymouth](./LTS_to_SP2_changed_abi_detail/plymouth_all_result.md\) + +| function | type | +|:---- |:-- | +| ply_text_progress_bar_get_percent_done | remove | +| ply_text_progress_bar_set_percent_done | remove | +| ply_text_step_bar_get_percent_done | remove | +| ply_text_step_bar_set_percent_done | remove | +| ply_text_progress_bar_get_fraction_done | add | +| ply_text_progress_bar_set_fraction_done | add | +| ply_text_step_bar_get_fraction_done | add | +| ply_text_step_bar_set_fraction_done | add | +| ply_renderer_backend_get_interface | change | +| ply_progress_animation_get_percent_done | remove | +| ply_progress_animation_set_percent_done | remove | +| ply_progress_bar_get_percent_done | remove | +| ply_progress_bar_set_percent_done | remove | +| ply_progress_animation_get_fraction_done | add | +| ply_progress_animation_set_fraction_done | add | +| ply_progress_bar_get_fraction_done | add | +| ply_progress_bar_set_fraction_done | add | +| ply_boot_splash_plugin_get_interface | change | + +## readline + +详见 [readline](./LTS_to_SP2_changed_abi_detail/readline_all_result.md\) + +| function | type | +|:---- |:-- | +| _hs_history_patsearch | add | +| remove_history_range | add | + +## rhash + +详见 [rhash](./LTS_to_SP2_changed_abi_detail/rhash_all_result.md\) + +| function | type | +|:---- |:-- | +| rhash_torrent_add_file | change | +| rhash_torrent_get_default_piece_length | change | +| rhash_transmit | change | + +## subversion + +详见 [subversion](./LTS_to_SP2_changed_abi_detail/subversion_all_result.md\) + +| function | type | +|:---- |:-- | +| svn_repos__dump_magic_header_record | add | +| svn_repos__dump_uuid_header_record | add | +| svn_repos__get_dump_editor | add | +| svn_repos_authz_parse2 | add | +| svn_repos_authz_read4 | add | +| svn_authz__parse | change | +| svn_client__copy_foreign | remove | +| svn_client_shelf_get_paths | remove | +| svn_client_shelf_has_changes | remove | +| svn_client_shelve | remove | +| svn_client_shelves_any | remove | +| svn_client_shelves_delete | remove | +| svn_client_shelves_list | remove | +| svn_client_unshelve | remove | +| svn_client__condense_commit_items2 | add | +| svn_client__get_diff_writer_svn | add | +| svn_client__layout_list | add | +| svn_client__repos_to_wc_copy_by_editor | add | +| svn_client__repos_to_wc_copy_internal | add | +| svn_client__shelf_apply | add | +| svn_client__shelf_close | add | +| svn_client__shelf_delete | add | +| svn_client__shelf_delete_newer_versions | add | +| svn_client__shelf_diff | add | +| svn_client__shelf_get_all_versions | add | +| svn_client__shelf_get_log_message | add | +| svn_client__shelf_get_newest_version | add | +| svn_client__shelf_list | add | +| svn_client__shelf_mods_editor | add | +| svn_client__shelf_open_existing | add | +| svn_client__shelf_open_or_create | add | +| svn_client__shelf_paths_changed | add | +| svn_client__shelf_replay | add | +| svn_client__shelf_revprop_get | add | +| svn_client__shelf_revprop_list | add | +| svn_client__shelf_revprop_set | add | +| svn_client__shelf_revprop_set_all | add | +| svn_client__shelf_save_new_version3 | add | +| svn_client__shelf_set_log_message | add | +| svn_client__shelf_test_apply_file | add | +| svn_client__shelf_unapply | add | +| svn_client__shelf_version_open | add | +| svn_client__shelf_version_status_walk | add | +| svn_client__wc_copy_mods | add | +| svn_client__wc_editor | add | +| svn_client__wc_editor_internal | add | +| svn_client__wc_replay | add | +| svn_client_blame6 | add | +| svn_client_conflict_option_get_moved_to_abspath_candidates2 | add | +| svn_client_conflict_option_get_moved_to_repos_relpath_candidates2 | add | +| svn_client_conflict_option_set_moved_to_abspath2 | add | +| svn_client_conflict_option_set_moved_to_repos_relpath2 | add | +| svn_client_diff7 | add | +| svn_client_diff_peg7 | add | +| svn_client_revert4 | add | +| svn_client__arbitrary_nodes_diff | change | +| svn_diff_hunk__create_adds_single_line | change | +| svn_relpath__internal_style | remove | +| svn_dirent_canonicalize_safe | add | +| svn_dirent_internal_style_safe | add | +| svn_opt_get_canonical_subcommand3 | add | +| svn_opt_get_option_from_code3 | add | +| svn_opt_print_generic_help3 | add | +| svn_opt_print_help5 | add | +| svn_opt_subcommand_help4 | add | +| svn_opt_subcommand_takes_option4 | add | +| svn_relpath__make_internal | add | +| svn_relpath_canonicalize_safe | add | +| svn_uri_canonicalize_safe | add | +| svn_delta_path_driver3 | add | +| svn_delta_path_driver_finish | add | +| svn_delta_path_driver_start | add | +| svn_delta_path_driver_step | add | +| svn_element__tree_set | change | +| svn_wc__find_repos_node_in_wc | remove | +| svn_wc__get_shelves_dir | remove | +| svn_wc__db_find_copies_of_repos_path | add | +| svn_wc__db_find_repos_node_in_wc | add | +| svn_wc__db_find_working_nodes_with_basename | add | +| svn_wc__find_copies_of_repos_path | add | +| svn_wc__find_working_nodes_with_basename | add | +| svn_wc__get_experimental_dir | add | +| svn_wc_revert6 | add | +| svn_wc__conflict_read_tree_conflict | change | +| svn_wc__conflict_skel_add_tree_conflict | change | +| svn_wc__diff7 | change | + +## tcl + +详见 [tcl](./LTS_to_SP2_changed_abi_detail/tcl_all_result.md\) + +| function | type | +|:---- |:-- | +| TclOODefineMixinObjCmd | remove | +| TclSkipUnlink | remove | +| Tcl_EncodingObjCmd | remove | +| TclpUnloadFile | remove | +| TclBN_mp_balance_mul | add | +| TclBN_mp_expt_d_ex | add | +| TclBN_mp_set_ull | add | +| TclBN_mp_signed_rsh | add | +| TclBN_mp_to_radix | add | +| TclBN_mp_to_ubin | add | +| TclAddLiteralObj | change | +| TclBN_mp_unsigned_bin_size | change | + +## xorg-x11-server + +详见 [xorg-x11-server](./LTS_to_SP2_changed_abi_detail/xorg-x11-server_all_result.md\) + +| function | type | +|:---- |:-- | +| glamor_clear_pixmap | add | +| glamor_egl_get_driver_name | add | + +## zstd + +详见 [zstd](./LTS_to_SP2_changed_abi_detail/zstd_all_result.md\) + +| function | type | +|:---- |:-- | +| ZSTDMT_compressCCtx | remove | +| ZSTDMT_compressStream | remove | +| ZSTDMT_compressStream_generic | remove | +| ZSTDMT_compress_advanced | remove | +| ZSTDMT_createCCtx | remove | +| ZSTDMT_createCCtx_advanced | remove | +| ZSTDMT_endStream | remove | +| ZSTDMT_flushStream | remove | +| ZSTDMT_freeCCtx | remove | +| ZSTDMT_getMTCtxParameter | remove | +| ZSTDMT_initCStream | remove | +| ZSTDMT_initCStream_advanced | remove | +| ZSTDMT_initCStream_usingCDict | remove | +| ZSTDMT_resetCStream | remove | +| ZSTDMT_setMTCtxParameter | remove | +| ZSTDMT_sizeof_CCtx | remove | +| ZSTD_CCtxParam_getParameter | remove | +| ZSTD_CCtxParam_setParameter | remove | +| ZSTD_CCtx_resetParameters | remove | +| ZSTD_compress_generic | remove | +| ZSTD_compress_generic_simpleArgs | remove | +| ZSTD_decompress_generic | remove | +| ZSTD_decompress_generic_simpleArgs | remove | +| ZSTD_setDStreamParameter | remove | + diff --git "a/docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" "b/docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" index 333a56434fd39d9fe8ea65edf8781340dd607470..16193448ca95d10616e38571949272ba8bdda93e 100644 --- "a/docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" +++ "b/docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" @@ -1,14 +1,13 @@ -# 法律声明 +# 法律声明 -**版权所有 © 2020 华为技术有限公司。** +**版权所有 © 2023 openEuler 社区。** -您对“本文档”的复制、使用、修改及分发受知识共享\(Creative Commons\)署名—相同方式共享4.0国际公共许可协议\(以下简称“CC BY-SA 4.0”\)的约束。为了方便用户理解,您可以通过访问[https://creativecommons.org/licenses/by-sa/4.0/](https://creativecommons.org/licenses/by-sa/4.0/) 了解CC BY-SA 4.0的概要 \(但不是替代\)。CC BY-SA 4.0的完整协议内容您可以访问如下网址获取:[https://creativecommons.org/licenses/by-sa/4.0/legalcode](https://creativecommons.org/licenses/by-sa/4.0/legalcode)。 +您对“本文档”的复制、使用、修改及分发受知识共享\(Creative Commons\)署名—相同方式共享4.0国际公共许可协议\(以下简称“CC BY-SA 4.0”\)的约束。为了方便用户理解,您可以通过访问[https://creativecommons.org/licenses/by-sa/4.0/](https://creativecommons.org/licenses/by-sa/4.0/) 了解CC BY-SA 4.0的概要\(但不是替代\)。CC BY-SA 4.0的完整协议内容您可以访问如下网址获取:[https://creativecommons.org/licenses/by-sa/4.0/legalcode](https://creativecommons.org/licenses/by-sa/4.0/legalcode)。 **商标声明** -openEuler为华为技术有限公司的商标。本文档提及的其他所有商标或注册商标,由各自的所有人拥有。 +文档中提及的商标或注册商标,由各自所有人拥有。对openEuler商标的使用,应当遵从[openEuler品牌使用规范](https://www.openeuler.org/zh/other/brand/)。 **免责声明** -本文档仅作为使用指导,除非适用法强制规定或者双方有明确书面约定, 华为技术有限公司对本文档中的所有陈述、信息和建议不做任何明示或默示的声明或保证,包括但不限于不侵权,时效性或满足特定目的的担保。 - +本文档仅作为使用指导,除非适用法强制规定或者双方有明确书面约定,openEuler社区对本文档中的所有陈述、信息和建议不做任何明示或默示的声明或保证,包括但不限于不侵权、时效性或满足特定目的的担保。 diff --git "a/docs/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" "b/docs/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" index 68152a1c3f7c2f34581facc027b9d6abf3f6e6bc..3a4ca33980dd782c1041bb9e91d589c817143df4 100644 --- "a/docs/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" +++ "b/docs/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" @@ -5,5 +5,5 @@ openEuler主要包含两个代码仓库: - 代码仓:[https://gitee.com/openeuler](https://gitee.com/openeuler) - 软件包仓:[https://gitee.com/src-openeuler](https://gitee.com/src-openeuler) -openEuler发布件同时也提供source iso,具体请参见“系统安装”的内容。 +openEuler发布件同时也提供source iso,具体请参见“[系统安装](./系统安装.md)”的内容。 diff --git "a/docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" "b/docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" index b80cae46660533e422916e2df9cf9a2ed55188ca..33dc0457578d9f6d413d7ff29b2accec98aa0987 100644 --- "a/docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" +++ "b/docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" @@ -1,5 +1,4 @@ # 用户须知 -- openEuler版本号计数规则由openEuler x.x变更为以年月为版本号,以便用户了解版本发布时间,例如openEuler 20.03表示发布时间为2020年3月。 -- [Python核心团队](https://www.python.org/dev/peps/pep-0373/#update)已经于2020年1月停止对Python 2的维护。2020年,openEuler 20.03 LTS仅修复Python 2的致命CVE,并将于2020年12月31日全面停止维护。请您尽快切换到Python 3。 - +- openEuler版本号计数规则由openEuler x.x变更为以年月为版本号,以便用户了解版本发布时间,例如openEuler 20.03表示发布时间为2020年3月。 +- [Python核心团队](https://www.python.org/dev/peps/pep-0373/#update)已经于2020年1月停止对Python 2的维护。openEuler社区于2020年12月31日全面停止维护,openEuler 20.03 LTS SP3及之后版本仅修复Python 2的致命CVE,请您切换到Python 3。 diff --git "a/docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md" "b/docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md" index 5d32c5e38bc6012d6d1f0afb1c1e7f1fbda8fc0c..7cf6567ef6f195d6edb52f5966f35f482bd6bc0b 100644 --- "a/docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md" +++ "b/docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md" @@ -1,4 +1,4 @@ # 简介 -openEuler是一款开源操作系统。当前openEuler内核源于Linux,支持鲲鹏及其它多种处理器,能够充分释放计算芯片的潜能,是由全球开源贡献者构建的高效、稳定、安全的开源操作系统,适用于数据库、大数据、云计算、人工智能等应用场景。同时,openEuler是一个面向全球的操作系统开源社区,通过社区合作,打造创新平台,构建支持多处理器架构、统一和开放的操作系统,推动软硬件应用生态繁荣发展。 +openEuler是一款开源操作系统。当前openEuler内核源于Linux,支持服务器、云计算、边缘计算、嵌入式等应用场景,支持多样性计算,致力于提供安全、稳定、易用的操作系统,是由全球开源贡献者构建的高效、稳定、安全的开源操作系统,适用于数据库、大数据、云计算、人工智能等应用场景。同时,openEuler是一个面向全球的操作系统开源社区,通过社区合作,打造创新平台,构建支持多处理器架构、统一和开放的操作系统,推动软硬件应用生态繁荣发展。 diff --git "a/docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" "b/docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" index 31c26a6a865942547e511fa14c5161fbac7c7c42..7773ec64e65617e3dfa647a681ed2661ef969abe 100644 --- "a/docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" +++ "b/docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" @@ -1,193 +1,125 @@ -# 系统安装 +# 系统安装 -## 发布件 +## 发布件 -[openEuler发布件](http://repo.openeuler.org/openEuler-20.03-LTS/)如下表所示,包括ISO发布包、容器镜像、虚拟机镜像和方便在线使用的repo源。 +openEuler发布件包括[ISO发布包](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/ISO/)、[虚拟机镜像](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/virtual_machine_img/)、[容器镜像](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/docker_img/)和[repo源](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/)。ISO发布包请参见[表1](#table8396719144315)。虚拟机镜像请参见[表2](#table1995101714610)。容器镜像清单请参见[表3](#table1276911538154)。repo源方便在线使用,repo源目录请参见[表4](#table953512211576)。 -**表 1** openEuler发布件 +**表 1** 发布ISO列表 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    目录类别描述
    ISOISO发布包目录下区分AArch64架构、x86架构和source的ISO发布包。其中: -
      -
    • openEuler-20.03-LTS-aarch64-dvd.isoopenEuler-20.03-LTS-x86_64-dvd.iso:分别为AArch64架构、x86架构的openEuler基础安装软件包ISO,包含openEuler操作系统运行的基础组件,满足开发者基础的开发要求。
      • -
    • openEuler-20.03-LTS-everything-aarch64-dvd.isoopenEuler-20.03-LTS-everything-x86_64-dvd.iso:分别为AArch64架构、x86架构的openEuler全量软件包ISO,除openEuler基础安装软件包的所有软件外,还包含了openEuler社区中已验证的软件包。满足开发者更高级的开发要求。
      • -
    • openEuler-20.03-LTS-debuginfo-aarch64-dvd.isoopenEuler-20.03-LTS-debuginfo-x86_64-dvd.iso:分别为AArch64架构、x86架构的openEuler调试软件包ISO,包含了调试所需的符号表信息,用于软件功能和性能调试。
      • -
    • openEuler-20.03-LTS-source-dvd.iso:openEuler社区所有源码软件包ISO,方便开发者离线使用。
      • -
    -
    说明: -

    每个ISO发布包均有对应的校验文件,用于ISO发布包的完整性校验。

    -
    -
    docker_img容器镜像openEuler容器镜像,仅提供基本的bash环境,作为基础容器镜像使用。目录下区分AArch64架构和x86架构。 -
    说明: -

    容器镜像有对应的校验文件,用于容器镜像的完整性校验。

    -
    -
    virtual_machine_img虚拟机镜像

    openEuler虚拟机镜像,仅提供基本的运行环境,缩短虚拟机部署时间。目录下区分AArch64架构和x86架构。

    -
    说明: -
    -
      -
    • 虚拟机镜像root用户默认密码为:openEuler12#$,首次登录后请及时修改。
      • -
    • 虚拟机镜像有对应的校验文件,用于虚拟机镜像的完整性校验。
      • -
    -
    -
    -
    EPOLrepo源openEuler第三方软件包的repo源,主要来源于第三方和社区贡献,由提供方负责维护。目录下区分AArch64架构和x86架构。
    OSopenEuler基础安装软件包的repo源,提供在线下和版本升级功能,软件包内容和ISO发布包中的基础安装软件包ISO相同。目录下区分AArch64架构和x86架构。
    debuginfoopenEuler调试软件包的repo源,提供在线下载功能,软件包内容和ISO发布包中的调试软件包ISO相同。目录下区分AArch64架构和x86架构。
    everythingopenEuler全量软件包的repo源,提供在线下载和版本升级功能,软件包内容和ISO发布包中的全量软件包ISO相同。目录下区分AArch64架构和x86架构。
    extrasopenEuler扩展软件包的repo源,用于因新增特性而引入的新的软件包发布。目录下区分AArch64架构和x86架构。
    sourceopenEuler社区所有源码软件包的repo源,方便开发者在线使用。
    updateopenEuler升级软件包的repo源,用于已发布版本的bug、CVE的修复和部分软件因特性增强后的更新发布。提供在线下载和版本内软件升级功能。目录下区分AArch64架构和x86架构。
    +| 名称 | 描述 | +| :---- | :---- | +| openEuler-20.03-LTS-SP4-aarch64-dvd.iso | AArch64 架构的基础安装 ISO,包含了运行最小系统的核心组件 | +| openEuler-20.03-LTS-SP4-everything-aarch64-dvd.iso | AArch64 架构的全量安装 ISO,包含了运行完整系统所需的全部组件 | +| openEuler-20.03-LTS-SP4-debug-aarch64-dvd.iso | AArch64 架构下 openEuler 的调试 ISO,包含了调试所需的符号表信息 | +| openEuler-20.03-LTS-SP4-netinst-aarch64-dvd.iso | AArch64 架构下 openEuler 的小型化 ISO,支持网络模式下的系统安装 | +| openEuler-20.03-LTS-SP4-x86_64-dvd.iso | x86_64 架构的基础安装 ISO,包含了运行最小系统的核心组件 | +| openEuler-20.03-LTS-SP4-everything-x86_64-dvd.iso | x86_64 架构的全量安装 ISO,包含了运行完整系统所需的全部组件 | +| openEuler-20.03-LTS-SP4-debug-x86_64-dvd.iso | x86_64 架构下 openEuler 的调试 ISO,包含了调试所需的符号表信息 | +| openEuler-20.03-LTS-SP4-netinst-x86_64-dvd.iso | x86_64 架构下 openEuler 的小型化 ISO,支持网络模式下的系统安装 | +| openEuler-20.03-LTS-SP4-source-dvd.iso | openEuler 源码 ISO | +**表 2** 虚拟机镜像 -## 最小硬件要求 - -安装 openEuler 20.03 LTS 所需的最小硬件要求如[表5](#zh-cn_topic_0182825778_tff48b99c9bf24b84bb602c53229e2541)所示。 - -**表 5** 最小硬件要求 - - - - - - - - - - - - - - - - -

    部件名称

    -

    最小硬件要求

    -

    CPU

    -

    鲲鹏 920(架构为AArch64)

    -

    x86-64(Skylake以上)

    -

    内存

    -

    不小于8GB

    -

    硬盘

    -

    不小于120GB

    -
    +| 名称 | 描述 | +| :---- | :---- | +| openEuler-20.03-LTS-SP4.aarch64.qcow2.xz | AArch64 架构下 openEuler 虚拟机镜像 | +| openEuler-20.03-LTS-SP4.x86_64.qcow2.xz | x86_64 架构下 openEuler 虚拟机镜像 | + +>![本地图片](./public_sys-resources/icon-note.gif) **说明:** +>虚拟机镜像 root 用户默认密码为:openEuler12\#$,首次登录后请及时修改。 + +**表 3** 容器镜像列表 + +| 名称 | 描述 | +| :---- | :---- | +| openEuler-docker.aarch64.tar.xz | AArch64架构下openEuler容器镜像 | +| openEuler-docker.x86_64.tar.xz | x86_64架构下openEuler容器镜像 | + +**表 4** repo源列表 +| 目录 | 描述 | +| :---- | :---- | +| [ISO](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/ISO/) | 存放ISO镜像 | +| [OS](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/) | 存放基础软件包源 | +| [debuginfo](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/debuginfo/) | 存放调试包源 | +| [docker_img](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/docker_img/) | 存放容器镜像 | +| [virtual_machine_img](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/virtual_machine_img/) | 存放虚拟机镜像 | +| [everything](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/) | 存放全量软件包源 | +| [source](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/source/) | 存放源码软件源 | +| [update](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/update/) | 存放升级软件包源 | +| [EPOL](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/) | 存放openEuler扩展包 | +| [raspi_img](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/raspi_img/) | 存放树莓派镜像 | +| [stratovirt_img](http://repo.openeuler.org/openEuler-20.03-LTS-SP4/stratovirt_img/) | 存放StratorVirt镜像 | -## 硬件兼容性 +## 最小硬件要求 + +安装 openEuler 20.03 LTS SP4 所需的最小硬件要求如[表5](#zh-cn_topic_0182825778_tff48b99c9bf24b84bb602c53229e2541)所示。 + +**表 5** 最小硬件要求 + +| 部件名称 | 最小硬件要求 | +| :---- | :---- | +| CPU | 鲲鹏 920(架构为AArch64)
    Skylake以上(架构为x86_64) | +| 内存 | 不小于8GB | +| 硬盘 | 不小于120GB | + +## 硬件兼容性 openEuler已验证支持的服务器和各部件典型配置请参见[表6](#zh-cn_topic_0227922427_table39822012)。openEuler后续将逐步增加对其他服务器的支持,也欢迎广大合作伙伴/开发者参与贡献和验证。 -**表 6** 支持的服务器及典型配置 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    厂商

    -

    服务器名称

    -

    服务器具体型号

    -

    部件名称

    -

    典型配置

    -

    华为

    -

    TaiShan 200

    -

    2280均衡型

    -

    CPU

    -

    HiSilicon Kunpeng 920

    -

    内存

    -

    32G\*4 2933MHz

    -

    RAID卡

    -

    LSI SAS3508

    -

    网络

    -

    TM210

    -

    华为

    -

    FusionServer Pro

    -

    2288H V5(机架服务器)

    -

    CPU

    -

    Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz

    -

    内存

    -

    32*4 2400MHz

    -

    RAID卡

    -

    LSI SAS3508

    -

    网络

    -

    X722

    -
    +**表 6** 支持的服务器及典型配置 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    厂商服务器名称服务器具体型号部件名称典型配置
    华为TaiShan 2002280均衡型CPUKunpeng 920
    内存32G*4 2933MHz
    网络TM210
    华为FusionServer Pro2288H V5(机架服务器)CPUIntel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz
    内存32G*4 2400MHz
    网络X722
    飞腾PhytiumFT-2000+/64CPUFT-2000+/64
    内存镁光16G*32
    网络I350
    diff --git "a/docs/zh/docs/Releasenotes/\350\207\264\350\260\242.md" "b/docs/zh/docs/Releasenotes/\350\207\264\350\260\242.md" index 3b4454db281099fc793b104ff73f8a1aaad60f01..8943e90bc6a6d60e4b14961020918378dc162596 100644 --- "a/docs/zh/docs/Releasenotes/\350\207\264\350\260\242.md" +++ "b/docs/zh/docs/Releasenotes/\350\207\264\350\260\242.md" @@ -1,4 +1,4 @@ # 致谢 -我们忠心地感谢参与和协助openEuler项目的所有成员。是你们的辛勤付出使得版本顺利发布,也为openEuler更好地发展提供可能。 +我们衷心地感谢参与和协助openEuler项目的所有成员。是你们的辛勤付出使得版本顺利发布,也为openEuler更好地发展提供可能。 diff --git "a/docs/zh/docs/Releasenotes/\350\264\246\345\217\267\346\270\205\345\215\225.md" "b/docs/zh/docs/Releasenotes/\350\264\246\345\217\267\346\270\205\345\215\225.md" new file mode 100644 index 0000000000000000000000000000000000000000..c5144113c1e609c1d413a1dbe1f7a60237d2fcf3 --- /dev/null +++ "b/docs/zh/docs/Releasenotes/\350\264\246\345\217\267\346\270\205\345\215\225.md" @@ -0,0 +1,6 @@ +# openEuler账号清单 + +| 用户名 | 默认密码 | 用户用途 | 用户状态 | 登录方式 | 备注 | +|--- |--- | --- | --- |--- |--- | +| root | openEuler12#$| 虚拟机镜像默认用户 | 启用 | 远程登录 | 登录使用openEuler虚拟机镜像安装的虚拟机。 | +| root | openEuler#12 | 登录GRUB2 | 启用 | 本地登录、远程登录 | GRUB (GRand UnifiedBootloader) 是操作系统启动管理器,用来引导不同系统(如Windows、Linux)。
    GRUB2是GRUB的升级版。系统启动时,可以通过GRUB2界面修改启动参数。为了确保系统的启动参数不被任意修改,需要对GRUB2界面进行加密,仅在输入正确的GRUB2口令时才能修改。 | diff --git "a/docs/zh/docs/Releasenotes/\351\231\204\345\275\225.md" "b/docs/zh/docs/Releasenotes/\351\231\204\345\275\225.md" new file mode 100644 index 0000000000000000000000000000000000000000..5605a4bcb0c188b6b78efca80858cdce24dd50c3 --- /dev/null +++ "b/docs/zh/docs/Releasenotes/\351\231\204\345\275\225.md" @@ -0,0 +1,8 @@ +# 附录 + +The following legal information concerns some software in openEuler. + +This product includes the Zend Engine, freely available at http://www.zend.com + +Portions Copyright (c) 2002-2007 Charlie Poole or Copyright (c) 2002-2004 James W. Newkirk, Michael C. Two, Alexei A. Vorontsov or Copyright (c) 2000-2002 Philip A. Craig +Portions of this software are copyright © <2020> The FreeType Project (www.freetype.org). All rights reserved. diff --git "a/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" "b/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" index c7e96f4492c838ffecd5206776dddb0f3f05d318..bccbc814597fde4c473d66046732080a1af06a0e 100644 --- "a/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" +++ "b/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" @@ -2,7 +2,7 @@ ## 概述 -自主访问控制DAC(Discretionary Access Control)基于用户、组和其他权限,决定一个资源是否能被访问的因素是某个资源是否拥有对应用户的权限,它不能使系统管理员创建全面和细粒度的安全策略。SELinux(Security-Enhanced Linux)是Linux内核的一个模块,也是Linux的一个安全子系统。SELinux的实现了强制访问控制MAC(Mandatory Access Control ),每个进程和系统资源都有一个特殊的安全标签,资源能否被访问除了DAC规定的原则外,还需要判断每一类进程是否拥有对某一类资源的访问权限。 +自主访问控制DAC(Discretionary Access Control)是一种最为普遍的访问控制手段,是指对某个客体具有拥有权(或控制权)的主体能够将对该客体的一种访问权或多种访问权自主地授予其它主体,并随时可以将这些权限回收,这种方式基于用户、组和其他权限,决定一个资源是否能被访问的因素是某个资源是否拥有对应用户的权限,这就导致它不能使系统管理员创建全面和细粒度的安全策略。SELinux(Security-Enhanced Linux)是Linux内核的一个模块,也是Linux的一个安全子系统。SELinux实现了强制访问控制MAC(Mandatory Access Control ),每个进程和系统资源都有一个特殊的安全标签,资源能否被访问除了DAC规定的原则外,还需要判断每一类进程是否拥有对某一类资源的访问权限。这种方式能够满足系统管理员创建全面和细粒度的安全策略的需求。 openEuler默认使用SELinux提升系统安全性。SELinux分为三种模式: @@ -10,42 +10,82 @@ openEuler默认使用SELinux提升系统安全性。SELinux分为三种模式: - enforcing:SELinux安全策略被强制执行。 - disabled:不加载SELinux安全策略。 -## 配置说明 -openEuler默认开启SELinux,且默认模式为enforcing,用户可以通过修改/etc/selinux/config中配置项SELINUX的值变更SELinux模式。 - -- 关闭SELinux策略的配置如下: +## 配置说明 +- 获取当前SELinux运行状态: ``` - SELINUX=disabled + # getenforce + Enforcing ``` -- 使用permissive策略的配置如下: - +- SELinux开启的前提下,设置运行状态为enforcing模式: ``` - SELINUX=permissive + # setenforce 1 + # getenforce + Enforcing ``` +- SELinux开启的前提下,设置运行状态为permissive模式: + ``` + # setenforce 0 + # getenforce + Permissive + ``` ->![](public_sys-resources/icon-note.gif) **说明:** ->disabled与另两种模式切换时需重启系统生效。 ->``` -># reboot ->``` - -## SELinux相关命令 - -- 查询SELinux模式。例如下述查询的SELinux模式为Permissive: +- SELinux开启的前提下,设置当前SELinux运行状态为disabled(关闭SELinux,需要重启系统)。 + 1. 修改SELinux配置文件/etc/selinux/config,设置“SELINUX=disabled”。 + ``` + # cat /etc/selinux/config | grep "SELINUX=" + SELINUX=disabled + ``` + 2. 重启系统: + ``` + # reboot + ``` + 3. 状态切换成功: + ``` + # getenforce + Disabled + ``` +- SELinux关闭的前提下,设置SELinux运行状态为permissive: + 1. 修改SELinux配置文件/etc/selinux/config,设置“SELINUX=permissive”: + ``` + # cat /etc/selinux/config | grep "SELINUX=" + SELINUX=permissive + ``` + 2. 在根目录下创建.autorelabel文件: + ``` + # touch /.autorelabel + ``` + 3. 重启系统,此时系统会重启两次: + ``` + # reboot + ``` + 4. 状态切换成功: ``` # getenforce Permissive ``` -- 设置SELinux模式,0表示permissive模式,1表示enforcing模式,例如设置为enforcing模式的命令如下。该命令不能设置disabled模式,且系统重启后,恢复到/etc/selinux/config中设置的模式。 - +- SELinux关闭的前提下,设置SELinux运行状态为enforcing: + 1. 按照上一步骤所述,设置SELinux运行状态为permissive。 + 2. 修改SELinux配置文件/etc/selinux/config,设置“SELINUX=enforcing”: ``` - # setenforce 1 + # cat /etc/selinux/config | grep "SELINUX=" + SELINUX=enforcing + ``` + 3. 重启系统: + ``` + # reboot + ``` + 4. 状态切换成功: ``` + # getenforce + Enforcing + ``` + +## SELinux相关命令 - 查询运行SELinux的系统状态。SELinux status表示SELinux的状态,enabled表示启用SELinux,disabled表示关闭SELinux。Current mode表示SELinux当前的安全策略。 @@ -63,4 +103,123 @@ openEuler默认开启SELinux,且默认模式为enforcing,用户可以通过 Max kernel policy version: 31 ``` +## 策略添加 +- 从audit日志中获取并添加缺失策略(需要audit服务开启且audit日志中已经存在SELinux访问拒绝日志)。 + 1. 查询audit日志中是否有SELinux访问拒绝日志,其中audit日志的路径视具体情况决定。 + ``` + # grep avc /var/log/audit/audit.log* + ``` + 2. 查询缺失规则。 + ``` + # audit2allow -a /var/log/audit/audit.log* + ``` + 3. 根据缺失规则生成一个策略模块,命名为demo。 + ``` + # audit2allow -a /var/log/audit/audit.log* -M demo + ******************** IMPORTANT *********************** + To make this policy package active, execute: + semodule -i demo.pp + ``` + 4. 加载demo策略模块。 + ``` + # semodule -i demo.pp + ``` + +- 编写并添加SELinux策略模块。 + 1. 编写FC文件(涉及新增文件安全上下文需要编写)。 + ``` + # cat demo.fc + /usr/bin/example -- system_u:object_r:example_exec_t:s0 + /resource -- system_u:object_r:resource_file_t:s0 + ``` + 2. 编写TE文件(仅供参考)。 + ``` + # cat demo.te + module demo 1.0; + require + { + role unconfined_r; + role system_r; + type user_devpts_t; + type root_t; + attribute file_type; + attribute domain; + class dir { getattr search add_name create open remove_name rmdir setattr write }; + class file { entrypoint execute getattr open read map setattr write create }; + class process { sigchld rlimitinh siginh transition setcap getcap }; + class unix_stream_socket { accept bind connect listen recvfrom sendto listen create lock read write getattr setattr getopt setopt append shutdown ioctl connectto }; + class capability { chown dac_override dac_read_search }; + class chr_file { append getattr ioctl read write }; + }; + role unconfined_r types example_t; + role system_r types example_t; + type example_exec_t, file_type; + type resource_file_t, file_type; + type example_t, domain; + allow example_t user_devpts_t : chr_file { append getattr ioctl read write }; + allow example_t file_type : dir { getattr search }; + allow example_t example_exec_t : file { entrypoint execute getattr map open read }; + allow domain example_exec_t : file { execute getattr map open read }; + allow example_t example_exec_t : process { sigchld }; + allow domain example_t : process { rlimitinh siginh transition }; + allow example_t resource_file_t : file { create getattr open read setattr write }; + allow example_t root_t : dir { add_name create getattr open remove_name rmdir search setattr write }; + allow example_t example_t : unix_stream_socket { accept append bind connect create getattr getopt ioctl listen listen lock read recvfrom sendto setattr setopt shutdown write }; + allow example_t domain : unix_stream_socket { connectto }; + allow example_t example_t : capability { chown dac_override dac_read_search }; + allow example_t example_t : process { getcap setcap }; + type_transition domain example_exec_t : process example_t; + type_transition example_t root_t : file resource_file_t "resource"; + ``` + 3. 编译demo.te为demo.mod。 + ``` + # checkmodule -Mmo demo.mod demo.te + ``` + 4. 打包demo.mod和demo.fc为策略模块文件。 + ``` + semodule_package -m demo.mod -f demo.fc -o demo.pp + ``` + 5. 加载策略模块。 + ``` + # semodule -i demo.pp + ``` + 6. 删除加载的策略模块。 + ``` + # semodule -r demo + libsemanage.semanage_direct_remove_key: Removing last demo module (no other demo module exists at another priority). + ``` + +## 功能验证 +- SELinux为白名单机制,未配置合理策略的模块可能会由于缺少权限无法正常运行。故对模块进行功能验证并适配合理的规则是很有必要的。 + 1. 查看audit服务是否开启。 + ``` + # systemctl status auditd + ``` + 2. 设置SELinux模式为permissive(仅打印告警而不强制执行,参考 [配置说明](#pzsm) )。 + ``` + # getenforce + Permissive + ``` + 3. 全量跑测试模块的功能用例,查看audit日志中SELinux访问拒绝日志。 + ``` + # grep avc /var/log/audit/audit.log* + ``` + 4. 分析访问拒绝日志,并过滤出缺失的合理规则。 + ``` + type=AVC msg=audit(1596161643.271:1304): avc: denied { read } for pid=1782603 comm="smbd" name=".viminfo" dev="dm-0" ino=2488208 scontext=system_u:system_r:smbd_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file permissive=1 + 表示进程smbd(安全上下文为system_u:system_r:smbd_t:s0)对文件.viminfo(安全上下文为staff_u:object_r:user_home_t:s0)执行文件读操作被权限拒绝。 + permissive=1表示当前运行的是permissive模式,该日志只记录未执行禁止。 + ``` + 5. 参考[策略添加](#策略添加),将缺少的合理规则补全。 + +## 注意事项 + +- 如用户需使能SELinux功能,建议通过dnf升级方式将selinux-policy更新为最新版本,否则应用程序有可能无法正常运行。升级命令示例: + + ``` + dnf update selinux-policy -y + ``` + +- 如果用户由于SELinux配置不当(如误删策略或未配置合理的规则或安全上下文)导致系统无法启动,可以在启动参数中添加selinux=0,关闭SELinux功能,系统即可正常启动。 +- 开启SELinux后,会对访问行为进行权限检查,对操作系统性能会有一定程度(与运行环境访问操作频率相关)的影响。 \ No newline at end of file diff --git "a/docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md" "b/docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md" index c5627ac31c1e94616c3564508a54df4d9fa3b8a7..cf7994621f57f42b4ab7b1c2b5edbb7e9b3acc05 100644 --- "a/docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md" +++ "b/docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md" @@ -205,7 +205,7 @@ ``` -### 其它安全建议 +### 其他安全建议 - net.ipv4.icmp\_echo\_ignore\_all:忽略ICMP请求。 diff --git "a/docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md" "b/docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md" index 6668e941e94a5aa901447a475a99cd7635b85765..ee6c1f4d11793219e2cd99bbd70ddb03851ae59d 100644 --- "a/docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md" +++ "b/docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md" @@ -16,7 +16,7 @@ - 修改配置后,需要重启安全加固服务使配置生效。重启方法请参见[加固生效](#加固生效)对应内容。 - 用户修改加固配置时,仅修改/etc/openEuler\_security/usr-security.conf文件,不建议修改/etc/openEuler\_security/security.conf。security.conf中为基本加固项,仅运行一次。 -- 当重启安全加固服务使配置生效后,在usr-security.conf中删除对应加固项并重启安全加固服务并不能清除之前的配置。 +- 当重启安全加固服务使配置生效后,在usr-security.conf中删除对应加固项并重启安全加固服务并不能清除之前已生效的配置。 - 安全加固操作记录在日志文件/var/log/openEuler-security.log中。 ### 配置格式 @@ -30,7 +30,7 @@ usr-security.conf中的每一行代表一项配置,根据配置内容的不同 - d:注释 - 格式:执行ID@d@对象文件@匹配项 + 格式:执行ID@d@对象文件@匹配项。 功能:将对象文件中以匹配项开头(行首可以有空格)的行注释(在行首添加\#)。 diff --git "a/docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md" "b/docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md" index 5220419c23c2387e4975222aa85bbfd2f3c266c5..4adac4d822e954b3a7d207d63e2eeb5004556132 100644 --- "a/docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md" +++ "b/docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md" @@ -2,10 +2,10 @@ - [授权认证](#授权认证) - [设置网络远程登录的警告信息](#设置网络远程登录的警告信息) - - [禁止通过Ctrl+Alt+Del重启系统](#禁止通过Ctrl+Alt+Del重启系统) + - [禁止通过"Ctrl+Alt+Del"重启系统](#禁止通过ctrlaltdel重启系统) - [设置终端的自动退出时间](#设置终端的自动退出时间) - [设置用户的默认umask值为077](#设置用户的默认umask值为077) - - [设置GRUB2加密口令](#设置GRUB2加密口令) + - [设置GRUB2加密口令](#设置grub2加密口令) - [安全单用户模式](#安全单用户模式) - [禁止交互式启动](#禁止交互式启动) @@ -24,7 +24,7 @@ Authorized users only. All activities may be monitored and reported. ``` -## 禁止通过Ctrl+Alt+Del重启系统 +## 禁止通过"Ctrl+Alt+Del"重启系统 ### 说明 @@ -42,11 +42,16 @@ Authorized users only. All activities may be monitored and reported. ``` 2. 修改/etc/systemd/system.conf文件,将\#CtrlAltDelBurstAction=reboot-force修改为CtrlAltDelBurstAction=none。 -3. 重启systemd,使修改生效,参考命令如下: +3. 使用 root 或具有 sudo 权限的用户重启systemd,使修改生效,参考命令如下: ``` systemctl daemon-reexec ``` + +
    + +>![](./public_sys-resources/icon-notice.gif) **须知:** +>使用 systemctl daemon-reexec 命令可能会导致短暂的系统服务不可用或重启。 ## 设置终端的自动退出时间 @@ -66,7 +71,7 @@ export TMOUT=300 ### 说明 -umask值用于为用户新创建的文件和目录设置缺省权限。如果umask的值设置过小,会使群组用户或其他用户的权限过大,给系统带来安全威胁。因此设置所有用户默认的umask值为0077,即用户创建的目录默认权限为700,文件的默认权限为600。umask值代表的是权限的“补码”,umask值和权限的换算方法请参见[umask值含义](#umask值含义)。 +umask值用于为用户新创建的文件和目录设置缺省权限。如果umask的值设置过小,会使群组用户或其他用户的权限过大,给系统带来安全威胁。因此设置所有用户默认的umask值为0077,即用户创建的目录默认权限为700,文件的默认权限为600。umask值代表的是权限的“补码”,umask值和权限的换算方法请参见[umask值含义](https://docs.openeuler.org/zh/docs/22.03_LTS/docs/SecHarden/%E9%99%84%E5%BD%95.html)。 >![](public_sys-resources/icon-note.gif) **说明:** >openEuler默认已设置用户的默认umask值为022。 @@ -96,7 +101,7 @@ umask值用于为用户新创建的文件和目录设置缺省权限。如果uma ### 说明 -GRUB是GRand UnifiedBootloader的缩写,它是一个操作系统启动管理器,用来引导不同系统(如Windows、Linux),GRUB2是GRUB的升级版。 +GRUB是GRand Unified Bootloader的缩写,它是一个操作系统启动管理器,用来引导不同系统(如Windows、Linux),GRUB2是GRUB的升级版。 系统启动时,可以通过GRUB2界面修改系统的启动参数。为了确保系统的启动参数不被任意修改,需要对GRUB2界面进行加密,仅在输入正确的GRUB2口令时才能修改启动参数。 @@ -105,10 +110,10 @@ GRUB是GRand UnifiedBootloader的缩写,它是一个操作系统启动管理 ### 实现 -1. 使用grub2-mkpasswd-pbkdf2命令生成加密的口令 +1. 使用grub2-mkpasswd-pbkdf2命令生成加密的口令: >![](public_sys-resources/icon-note.gif) **说明:** - >GRUB2加密算法使用sha512。 + >GRUB2加密算法使用PBKDF2。 ``` # grub2-mkpasswd-pbkdf2 @@ -130,8 +135,12 @@ GRUB是GRand UnifiedBootloader的缩写,它是一个操作系统启动管理 ``` >![](public_sys-resources/icon-note.gif) **说明:** - >- superusers字段用于设置GRUB2的超级管理员的账户名。 - >- password\_pbkdf2字段后的参数,第1个参数为GRUB2的账户名,第2个为该账户的加密口令。 + >- 不同模式下grub.cfg文件所在路径: + > - x86架构的 UEFI 模式下路径为/boot/efi/EFI/openEuler/grub.cfg。 + > - x86架构的 legacy BIOS 模式下路径为/boot/grub2/grub.cfg。 + > - aarch64架构下路径为/boot/efi/EFI/openEuler/grub.cfg。 + >- superusers字段用于设置GRUB2的超级管理员的帐户名。 + >- password\_pbkdf2字段后的参数,第1个参数为GRUB2的帐户名,第2个参数为该帐户的加密口令。 ## 安全单用户模式 diff --git "a/docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md" "b/docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md" index a107aefc61f960ff8fad2264186149bdf6a58d94..77fd26d629d110d26c9e996674bc3041a9c64451 100644 --- "a/docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md" +++ "b/docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md" @@ -29,7 +29,7 @@ 用户可以通过手动修改加固配置或执行相关命令对系统进行加固,也可以通过加固工具批量修改加固项。openEuler的安全加固工具security tool以openEuler-security.service服务的形式运行。系统首次启动时会自动运行该服务去执行默认加固策略,且自动设置后续开机不启动该服务。 -用户可以通过修改security.conf,使用安全加固工具实现个性化安全加固的效果。 +用户可以通过修改usr-security.conf,使用安全加固工具实现个性化安全加固的效果。 ### 加固内容 @@ -39,11 +39,11 @@ openEuler系统加固内容主要分为以下5个部分: - 文件权限 - 内核参数 - 授权认证 -- 账号口令 +- 帐号口令 ## 加固影响 -对文件权限、账户口令等安全加固,可能造成用户使用习惯变更,从而影响系统的易用性。影响系统易用性的常见加固项请参见[表1](#zh-cn_topic_0152100325_ta4a48f54ff2849ada7845e2380209917)。 +对文件权限、帐户口令等安全加固,可能造成用户使用习惯变更,从而影响系统的易用性。影响系统易用性的常见加固项请参见[表1](#zh-cn_topic_0152100325_ta4a48f54ff2849ada7845e2380209917)。 **表 1** 加固影响说明 @@ -80,9 +80,9 @@ openEuler系统加固内容主要分为以下5个部分:

    限定登录失败时的尝试次数

    -

    当用户登录系统时,口令连续输错3次,账户将被锁定60秒,锁定期间不能登录系统。

    +

    当用户登录系统时,口令连续输错3次,帐户将被锁定60秒,锁定期间不能登录系统。

    -

    用户不能随意登录系统,账户被锁定后必须等待60秒。

    +

    用户不能随意登录系统,帐户被锁定后必须等待60秒。

    @@ -93,7 +93,7 @@ openEuler系统加固内容主要分为以下5个部分:

    用户需要按照需求修改指定文件或目录的权限。

    -

    +

    口令有效期

    @@ -107,18 +107,18 @@ openEuler系统加固内容主要分为以下5个部分:

    su权限限制

    -

    su命令用于在不同账户之间切换。为了增强系统安全性,有必要对su命令的使用权进行控制,只允许root和wheel群组的账户使用su命令,限制其他账户使用。

    +

    su命令用于在不同帐户之间切换。为了增强系统安全性,有必要对su命令的使用权进行控制,只允许root和wheel群组的帐户使用su命令,限制其他帐户使用。

    -

    普通账户执行su命令失败,必须加入wheel群组才可以su成功。

    +

    普通帐户执行su命令失败,必须加入wheel群组才可以su成功。

    -

    禁止root账户直接SSH登录系统

    +

    禁止root帐户直接SSH登录系统

    -

    设置/etc/ssh/sshd_config文件的PermitRootLogin字段的值为no,用户无法使用root账户直接SSH登录系统。

    +

    设置/etc/ssh/sshd_config文件的PermitRootLogin字段的值为no,用户无法使用root帐户直接SSH登录系统。

    -

    用户需要先使用普通账户SSH登录后,再切换至root账户。

    +

    用户需要先使用普通帐户SSH登录后,再切换至root帐户。

    diff --git "a/docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md" "b/docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md" index 0b52e2e25f5c33897ceac2f2d734f3e2148cc558..b26b4ffbed69ddd755a1614783b94953564a9af6 100644 --- "a/docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md" +++ "b/docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md" @@ -63,13 +63,13 @@ openEuler默认对系统中的常用目录、可执行文件和配置文件设 删除群组ID不存在的文件 -1. 查找群主ID不存在的文件。 +1. 查找群组ID不存在的文件。 ``` find / -nogroup ``` -2. 删除查找到的文件。其中 filename 为用户ID不存在文件的文件名。 +2. 删除查找到的文件。其中 filename 为群组ID不存在文件的文件名。 ``` rm -f filename @@ -154,10 +154,11 @@ umask值用来为新创建的文件和目录设置缺省权限。如果没有设 1. 列举系统中所有的全局可写文件。 ``` - find / -type d \( -perm -o+w \) | grep -v procfind / -type f \( -perm -o+w \) | grep -v proc + find / -type d ( -perm -o+w ) | grep -v proc + find / -type f ( -perm -o+w ) | grep -v proc ``` -2. 查看步骤1列举的所有文件\(粘滞位位的文件和目录可以排除在外\),删除文件或去掉其全局可写权限。使用以下命令去掉权限,其中filename为对应文件名: +2. 查看步骤1列举的所有文件\(粘滞位的文件和目录可以排除在外\),删除文件或去掉其全局可写权限。使用以下命令去掉权限,其中filename为对应文件名: ``` chmod o-w filename @@ -184,9 +185,10 @@ at命令用于创建在指定时间自动执行的任务。为避免任意用户 rm -f /etc/at.deny ``` -2. 将/etc/at.allow的文件属主改为root:root。 +2. 创建/etc/at.allow文件并将/etc/at.allow的文件属主改为root:root。 ``` + touch /etc/at.allow chown root:root /etc/at.allow ``` @@ -211,9 +213,10 @@ cron命令用于创建例行性任务。为避免任意用户通过cron命令安 rm -f /etc/cron.deny ``` -2. 将/etc/cron.allow的文件属主改为root:root。 +2. 创建/etc/cron.allow文件并将/etc/cron.allow的文件属主改为root:root。 ``` + touch /etc/cron.allow chown root:root /etc/cron.allow ``` @@ -228,7 +231,7 @@ cron命令用于创建例行性任务。为避免任意用户通过cron命令安 ### 说明 -sudo命令用于普通用户以root权限执行命令。为了增强系统安全性,有必要对sudo命令的使用权进行控制,只允许roo使用sudo命令,限制其他帐户使用。 +sudo命令用于普通用户以root权限执行命令。为了增强系统安全性,有必要对sudo命令的使用权进行控制,只允许root使用sudo命令,限制其他帐户使用。openEuler默认未限制wheel组内的非root用户使用sudo命令的权限。 ### 实现 diff --git "a/docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md" "b/docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md" index 59b126a5eca48472b30b0eab093ed6d0c5911200..89502bef7dfe94ae406e019154d4b47d4db925f1 100644 --- "a/docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md" +++ "b/docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md" @@ -1,14 +1,14 @@ # 系统服务 - [系统服务](#系统服务) - - [加固SSH服务](#加固SSH服务) + - [加固SSH服务](#加固ssh服务) ## 加固SSH服务 ### 说明 -SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网络服务提供安全性保障的协议。利用SSH协议可以有效防止远程管理过程中的信息泄露问题。透过SSH可以对所有传输的数据进行加密,并防止DNS欺骗和IP欺骗。OpenSSH是SSH协议的免费开源实现。 +SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网络服务提供安全性保障的协议。利用SSH协议可以有效防止远程管理过程中的信息泄露问题。通过SSH可以对所有传输的数据进行加密,并防止DNS欺骗和IP欺骗。OpenSSH是SSH协议的免费开源实现。 加固SSH服务,是指修改SSH服务中的配置来设置系统使用OpenSSH协议时的算法、认证等参数,从而提高系统的安全性。[表1](#zh-cn_topic_0152100390_ta2fdb8e4931b4c1a8f502b3c7d887b95)中详细说明了各加固项含义、建议加固值及其默认策略。 @@ -148,8 +148,8 @@ SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网

    PermitRootLogin

    -

    是否允许root账户直接使用SSH登录系统

    -
    说明:

    若需要直接使用root账户通过SSH登录系统,请修改/etc/ssh/sshd_config文件的PermitRootLogin字段的值为yes。

    +

    是否允许root帐户直接使用SSH登录系统

    +
    说明:

    若需要直接使用root帐户通过SSH登录系统,请修改/etc/ssh/sshd_config文件的PermitRootLogin字段的值为yes。

    no

    @@ -159,7 +159,7 @@ SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网

    PermitEmptyPasswords

    -

    设置是否允许用口令为空的账号登录

    +

    设置是否允许用口令为空的帐号登录

    no

    @@ -278,7 +278,7 @@ SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网

    设置SSH密钥交换算法

    -

    curve25519-sha256,curve25519-sha256@@libssh.org,diffie-hellman-group-exchange-sha256

    +

    curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

       @@ -370,7 +370,7 @@ SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网 - 限制SFTP用户向上跨目录访问 - SFTP是FTP over SSH的安全FTP协议,对于访问SFTP的用户建议使用专用账号,只能上传或下载文件,不能用于SSH登录,同时对SFTP可以访问的目录进行限定,防止目录遍历攻击,具体配置如下: + SFTP是FTP over SSH的安全FTP协议,对于访问SFTP的用户建议使用专用帐号,只能上传或下载文件,不能用于SSH登录,同时对SFTP可以访问的目录进行限定,防止目录遍历攻击,具体配置如下: >![](public_sys-resources/icon-note.gif) **说明:** >sftpgroup为示例用户组,sftpuser为示例用户名。 @@ -416,7 +416,7 @@ SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网 ``` chown root:root /sftp/sftpuser - chmod 777 /sftp/sftpuser + chmod 755 /sftp/sftpuser ``` 8. 修改/etc/ssh/sshd\_config文件 diff --git "a/docs/zh/docs/SecHarden/\350\264\246\346\210\267\345\217\243\344\273\244.md" "b/docs/zh/docs/SecHarden/\350\264\246\346\210\267\345\217\243\344\273\244.md" index b87327bd91dc49d349020e5211a66a37e91c31bd..b192771bc324b040817c363f76163a05e1dfe6d3 100644 --- "a/docs/zh/docs/SecHarden/\350\264\246\346\210\267\345\217\243\344\273\244.md" +++ "b/docs/zh/docs/SecHarden/\350\264\246\346\210\267\345\217\243\344\273\244.md" @@ -1,30 +1,20 @@ -# 账户口令 - -- [账户口令](#账户口令) - - [屏蔽系统帐户](#屏蔽系统帐户) - - [限制使用su命令的帐户](#限制使用su命令的帐户) - - [设置口令复杂度](#设置口令复杂度) - - [设置口令有效期](#设置口令有效期) - - [设置口令的加密算法](#设置口令的加密算法) - - [登录失败超过三次后锁定](#登录失败超过三次后锁定) - - [加固su命令](#加固su命令) - +# 帐户口令 ## 屏蔽系统帐户 ### 说明 -除了用户帐户外,其他账号称为系统账户。系统账户仅系统内部使用,禁止用于登录系统或其他操作,因此屏蔽系统账户。 +除了用户帐户外,其他帐户被称为系统帐户。系统帐户仅供系统内部特定应用使用,禁止用于登录系统或其他操作,因此需要屏蔽系统帐户的登录功能。 ### 实现 将系统帐户的Shell修改为/sbin/nologin。 -``` +```sh usermod -L -s /sbin/nologin $systemaccount ``` ->![](public_sys-resources/icon-note.gif) **说明:** +> ![](public_sys-resources/icon-note.gif) **说明:** > $systemaccount 指系统帐户。 ## 限制使用su命令的帐户 @@ -37,7 +27,7 @@ su命令用于在不同帐户之间切换。为了增强系统安全性,有必 su命令的使用控制通过修改/etc/pam.d/su文件实现,配置如下: -``` +```conf auth required pam_wheel.so use_uid ``` @@ -74,32 +64,29 @@ auth required pam_wheel.so use_uid **密码复杂度要求** -1. 口令长度至少8个字符。 -2. 口令必须包含如下至少3种字符的组合: - - -至少一个小写字母 - - -至少一个大写字母 +1. 口令长度至少8个字符。 +2. 口令必须包含如下至少3种字符的组合: - -至少一个数字 + - 至少一个小写字母 + - 至少一个大写字母 + - 至少一个数字 + - 至少一个特殊字符:\`\~!@\#$%^&\*\(\)-\_=+\\|\[\{\}\];:'",<.\>/?和空格 - -至少一个特殊字符:\`\~!@\#$%^&\*\(\)-\_=+\\|\[\{\}\];:'",<.\>/?和空格 - -3. 口令不能和帐号或者帐号的倒写一样。 -4. 不能修改为过去5次使用过的旧口令。 +3. 口令不能和帐号或者帐号的倒写一样。 +4. 不能修改为过去5次使用过的旧口令。 **配置实现** -在/etc/pam.d/password-auth和/etc/pam.d/system-auth文件中添加如下配置内容: +在/etc/pam.d/password-auth和/etc/pam.d/system-auth文件中password配置项的前两行添加如下配置内容: -``` +```conf password requisite pam_pwquality.so minlen=8 minclass=3 enforce_for_root try_first_pass local_users_only retry=3 dcredit=0 ucredit=0 lcredit=0 ocredit=0 password required pam_pwhistory.so use_authtok remember=5 enforce_for_root ``` **配置项说明** -pam\_pwquality.so和pam\_pwhistory.so的配置项请分别参见[表5](#table201221044172117)和[表6](#table1212544452120)。 +pam\_pwquality.so和pam\_pwhistory.so的配置项请分别参见[表2](#table201221044172117)和[表3](#table1212544452120)。 **表 2** pam\_pwquality.so配置项说明 @@ -183,7 +170,7 @@ pam\_pwquality.so和pam\_pwhistory.so的配置项请分别参见[表5](#table201 ### 实现 -口令有效期的设置通过修改/etc/login.defs文件实现,加固项如[表7](#zh-cn_topic_0152100281_t77b5d0753721450c81911c18b74e82eb)所示。表中所有的加固项都在文件/etc/login.defs中。表中字段直接通过修改配置文件完成。 +口令有效期的设置通过修改/etc/login.defs文件实现,加固项如[表4](#zh-cn_topic_0152100281_t77b5d0753721450c81911c18b74e82eb)所示。表中所有的加固项都在文件/etc/login.defs中。表中字段直接通过修改配置文件完成。 **表 4** login.defs配置项说明所示 @@ -228,8 +215,8 @@ pam\_pwquality.so和pam\_pwhistory.so的配置项请分别参见[表5](#table201 ->![](public_sys-resources/icon-note.gif) **说明:** ->login.defs是设置用户帐号限制的文件,可配置口令的最大过期天数、最大长度约束等。该文件里的配置对root用户无效。如果/etc/shadow文件里有相同的选项,则以/etc/shadow配置为准,即/etc/shadow的配置优先级高于/etc/login.defs。口令过期后用户重新登录时,提示口令过期并强制要求修改,不修改则无法进入系统。 +> ![](public_sys-resources/icon-note.gif) **说明:** +> login.defs是设置用户帐号限制的文件,可配置口令的最大过期天数、最大长度约束等。该文件里的配置对root用户无效。如果/etc/shadow文件里有相同的选项,则以/etc/shadow配置为准,即/etc/shadow的配置优先级高于/etc/login.defs。口令过期后用户重新登录时,提示口令过期并强制要求修改,不修改则无法进入系统。 ## 设置口令的加密算法 @@ -241,7 +228,7 @@ pam\_pwquality.so和pam\_pwhistory.so的配置项请分别参见[表5](#table201 口令的加密算法设置通过修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件实现,添加如下配置: -``` +```conf password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok ``` @@ -270,14 +257,14 @@ password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_au 用户锁定期间,任何输入被判定为无效,锁定时间不因用户的再次输入而重新计时;解锁后,用户的错误输入记录被清空。通过上述设置可以有效防范口令被暴力破解,增强系统的安全性。 ->![](public_sys-resources/icon-note.gif) **说明:** ->openEuler默认口令出错次数的阈值为3次,系统被锁定后自动解锁时间为60秒。 +> ![](public_sys-resources/icon-note.gif) **说明:** +> openEuler默认口令出错次数的阈值为3次,系统被锁定后自动解锁时间为60秒。 ### 实现 -口令复杂度的设置通过修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件实现,设置口令最大的出错次数3次,系统锁定后的解锁时间为300秒的配置如下: +口令复杂度的设置通过修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件实现,设置口令最大的出错次数为3次,系统锁定后的解锁时间为300秒的配置如下: -``` +```conf auth required pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=300 auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=300 auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=300 @@ -325,6 +312,6 @@ auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root u 通过修改/etc/login.defs实现,配置如下: -``` +```conf ALWAYS_SET_PATH=yes ``` diff --git a/docs/zh/docs/StratoVirt/StratoVirtGuide.md b/docs/zh/docs/StratoVirt/StratoVirtGuide.md new file mode 100644 index 0000000000000000000000000000000000000000..f4a7fc9fb1c17a06728a1d5f91eecee87e4e654d --- /dev/null +++ b/docs/zh/docs/StratoVirt/StratoVirtGuide.md @@ -0,0 +1,4 @@ +# StratoVirt用户指南 + +本文档介绍Stratovirt虚拟化,并给出基于openEuler安装StratoVirt的方法,以及StratoVirt虚拟化的使用指导。让用户了解Stratovirt,并指导用户和管理员安装和使用StratoVirt。 + diff --git "a/docs/zh/docs/StratoVirt/StratoVirt\344\273\213\347\273\215.md" "b/docs/zh/docs/StratoVirt/StratoVirt\344\273\213\347\273\215.md" new file mode 100644 index 0000000000000000000000000000000000000000..e18fd63be347368aaab7a7646349aec215be930e --- /dev/null +++ "b/docs/zh/docs/StratoVirt/StratoVirt\344\273\213\347\273\215.md" @@ -0,0 +1,25 @@ +# StratoVirt介绍 + + +## 概述 + +StratoVirt是计算产业中面向云数据中心的企业级虚拟化VMM(Virtual Machine Monitor),实现了一套架构统一支持虚拟机、容器、Serverless三种场景。StratoVirt在轻量低噪、软硬协同、Rust语言级安全等方面具备关键技术竞争优势。 +StratoVirt在架构设计和接口上预留了组件化拼装的能力和接口,StratoVirt可以按需灵活组装高级特性直至演化到支持标准虚拟化,在特性需求、应用场景和轻快灵巧之间找到最佳的平衡点。 + + + +## 架构说明 + +StratoVirt核心架构自顶向下分为三层: + +- OCI兼容接口:兼容QMP(QEMU Machine Protocol)协议,具有完备的OCI(Open Container Initiative)兼容能力。 +- BootLoader:抛弃传统BIOS+GRUB的启动模式,实现了更轻更快的Bootloader。 +- MicroVM:虚拟化层,充分利用软硬协同能力,精简化设备模型;具备低时延资源伸缩能力。 + +整体架构视图如**图1**所示。 + +**图1** StratoVirt整体架构图 + +![](./figures/StratoVirt_architecture.png) + + diff --git a/docs/zh/docs/StratoVirt/figures/StratoVirt_architecture.png b/docs/zh/docs/StratoVirt/figures/StratoVirt_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..fd1a07a5458b2b2a61ca062d8ec68d533dd6df20 Binary files /dev/null and b/docs/zh/docs/StratoVirt/figures/StratoVirt_architecture.png differ diff --git a/docs/zh/docs/StratoVirt/figures/zh-cn_image_0218587436.png b/docs/zh/docs/StratoVirt/figures/zh-cn_image_0218587436.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/zh/docs/StratoVirt/figures/zh-cn_image_0218587436.png differ diff --git a/docs/zh/docs/StratoVirt/figures/zh-cn_image_note.png b/docs/zh/docs/StratoVirt/figures/zh-cn_image_note.png new file mode 100644 index 0000000000000000000000000000000000000000..8d5a343524e14d11a3e2a94be4066fbb2d20599e Binary files /dev/null and b/docs/zh/docs/StratoVirt/figures/zh-cn_image_note.png differ diff --git a/docs/zh/docs/StratoVirt/figures/zh-cn_image_to_know.png b/docs/zh/docs/StratoVirt/figures/zh-cn_image_to_know.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/zh/docs/StratoVirt/figures/zh-cn_image_to_know.png differ diff --git a/docs/zh/docs/StratoVirt/public_sys-resources/icon-caution.gif b/docs/zh/docs/StratoVirt/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/StratoVirt/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/docs/StratoVirt/public_sys-resources/icon-danger.gif b/docs/zh/docs/StratoVirt/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/StratoVirt/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/docs/StratoVirt/public_sys-resources/icon-note.gif b/docs/zh/docs/StratoVirt/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/StratoVirt/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/docs/StratoVirt/public_sys-resources/icon-notice.gif b/docs/zh/docs/StratoVirt/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/docs/StratoVirt/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/docs/StratoVirt/public_sys-resources/icon-tip.gif b/docs/zh/docs/StratoVirt/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/docs/StratoVirt/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/docs/StratoVirt/public_sys-resources/icon-warning.gif b/docs/zh/docs/StratoVirt/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/StratoVirt/public_sys-resources/icon-warning.gif differ diff --git "a/docs/zh/docs/StratoVirt/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" "b/docs/zh/docs/StratoVirt/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" new file mode 100644 index 0000000000000000000000000000000000000000..678be52074fa6e3f9127d10ed3a7bf1fda9eab2e --- /dev/null +++ "b/docs/zh/docs/StratoVirt/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" @@ -0,0 +1,139 @@ +# 准备环境 + + +## 使用说明 + +- StratoVirt 仅支持运行于 x86_64 和 AArch64 处理器架构下并启动相同架构的 Linux 虚拟机。 +- 建议在 openEuler 20.03 LTS SP4 版本编译、调测和部署该版本 StratoVirt。 +- StratoVirt 支持以非 root 权限运行。 + +## 环境要求 + +运行StratoVirt需要具备如下环境: + +- /dev/vhost-vsock设备(用于实现mmio) +- nmap工具 +- Kernel镜像和rootfs镜像 + +## 准备设备和工具 + +- StratoVirt运行需要实现mmio设备,所以运行之前确保存在设备`/dev/vhost-vsock`。 + + 查看该设备是否存在。 + + ``` + $ ls /dev/vhost-vsock + /dev/vhost-vsock + ``` + + 若该设备不存在,请执行如下命令生成/dev/vhost-vsock设备。 + + ``` + $ modprobe vhost_vsock + ``` + + +- 为了能够使用QMP命令,需要安装nmap工具,在配置yum源的前提下,可执行如下命令安装nmap。 + + ``` + # yum install nmap + ``` + +## 准备镜像 + +### 制作kernel镜像 + +当前版本的StratoVirt仅支持x86_64和AArch64平台的PE格式内核镜像。此格式内核映像可通过以下方法生成。 + +1. 获取openEuler的kernel源代码,参考命令如下: + + ``` + $ git clone https://gitee.com/openeuler/kernel + $ cd kernel + ``` + +2. 查看并切换kernel的版本到4.19,参考命令如下: + + ``` + $ git checkout kernel-4.19 + ``` + +3. 配置并编译Linux kernel。可使用推荐配置([获取配置文件](https://gitee.com/openeuler/stratovirt/tree/master/docs/kernel_config)),将其复制到kernel路径下并重命名为`.config`。也可通过以下命令进行交互,根据提示完成kernel配置。 + + ``` + $ make menuconfig + ``` + +4. 使用下面的命令制作并转换kernel镜像为PE格式,转化后的镜像为vmlinux.bin。 + + ``` + $ make -j vmlinux && objcopy -O binary vmlinux vmlinux.bin + ``` + +5. 如果想在x86平台使用bzImzge格式的kernel,可以使用如下命令进行编译。 + + ``` + $ make -j bzImage + ``` + + +## 制作rootfs镜像 + +rootfs镜像是一种文件系统镜像,在StratoVirt启动时可以装载带有init的ext4格式的镜像。下面是制作ext4 rootfs镜像的简单方法。 + +1. 准备一个大小合适的文件(例如在/home中创建10GiB空间大小的文件)。 + + ``` + $ cd /home + $ dd if=/dev/zero of=./rootfs.ext4 bs=1G count=10 + ``` + +2. 在此文件上创建空的ext4文件系统。 + + ``` + $ mkfs.ext4 ./rootfs.ext4 + ``` + +3. 挂载文件镜像。创建/mnt/rootfs,使用root权限,将rootfs.ext4挂载到/mnt/rootfs目录。 + + ``` + $ mkdir /mnt/rootfs + # 返回刚刚创建文件系统的目录(如/home) + $ cd /home + $ sudo mount ./rootfs.ext4 /mnt/rootfs && cd /mnt/rootfs + ``` + +4. 获取对应处理器架构的最新alpine-mini rootfs。 + + + ``` + $ arch=`uname -m` + $ wget http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/$arch/alpine- minirootfs-3.13.0-$arch.tar.gz -O alpine-minirootfs.tar.gz + $ tar -zxvf alpine-minirootfs.tar.gz + $ rm alpine-minirootfs.tar.gz + ``` + +5. 为ext4文件镜像制作一个简单的/sbin/init,参考命令如下: + + ``` + $ rm sbin/init; touch sbin/init && cat > sbin/init < + +>![](./public_sys-resources/icon-notice.gif) **须知:** +>请根据大页使用情况,配置StratoVirt内存规格和大页。如果大页资源不足,虚拟机会启动失败。 + + + + +#### 启动StratoVirt时添加大页配置 + + + + +- 命令行 + + ``` + -mem-path /page/to/hugepages + ``` + + 其中`/page/to/hugepages`为大页文件系统挂载的目录,仅支持绝对路径。 + + +- Json文件 + + ```json + { + "machine-config": { + "mem_path": "/page/to/hugepages", + ... + }, + ... + } + ``` + + 其中`/page/to/hugepages`为大页文件系统挂载的目录,仅支持绝对路径。 + +
    + +>![](./public_sys-resources/icon-caution.gif) **注意:** +>**典型配置**:指定StratoVirt命令行中的mem-path项为:**大页文件系统挂载的目录**。 推荐根据典型配置使用StratoVirt大页特性。 + + + + +### 性能提升 + + +#### 内存底噪 + + +为了实现最佳的内存底噪,开发者可以使用stratovirt主页的wiki提供的方法进行编译与测试: + +https://gitee.com/openeuler/stratovirt/wikis/%E6%80%A7%E8%83%BD%E6%B5%8B%E8%AF%95-%E5%86%85%E5%AD%98%E5%BA%95%E5%99%AA?sort_id=3879743 + + +#### 冷启动时间 + +同时为了降低冷启动时间,也可以使用wiki上提供的方法进行编译测试: + +https://gitee.com/openeuler/stratovirt/wikis/%E6%80%A7%E8%83%BD%E6%B5%8B%E8%AF%95-%E5%86%B7%E5%90%AF%E5%8A%A8%E6%97%B6%E9%97%B4?sort_id=3879744 diff --git "a/docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\347\256\241\347\220\206.md" "b/docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\347\256\241\347\220\206.md" new file mode 100644 index 0000000000000000000000000000000000000000..e36c9e288444696ceae2b052c3acc09ec12c66fc --- /dev/null +++ "b/docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\347\256\241\347\220\206.md" @@ -0,0 +1,349 @@ +# 管理虚拟机 + + +## 概述 + +StratoVirt可以查询虚拟机信息并对虚拟机的资源和生命周期进行管理。由于StratoVirt使用QMP管理虚拟机,所以查询虚拟机信息,也需要先连接到虚拟机。 + + + +## 查询虚拟机信息 + +### 简介: + +StratoVirt可以查询虚拟机状态、vCPU拓扑信息、vCPU上线情况等。 + +### 查询状态 + +使用query-status命令查询虚拟机的运行状态。 + +- 用法: + + **{ "execute": "query-status" }** + +- 示例: + +``` +<- { "execute": "query-status" } +-> { "return": { "running": true,"singlestep": false,"status": "running" } +``` + + + +### 查询拓扑 + +使用query-cpus命令查询所有CPU的拓扑结构。 + +- 用法: + + **{ "execute": "query-cpus" }** + +- 示例: + +``` +<- { "execute": "query-cpus" } +-> {"return":[{"CPU":0,"arch":"x86","current":true,"halted":false,"props":{"core-id":0,"socket-id":0,"thread-id":0},"qom_path":"/machine/unattached/device[0]","thread_id":8439},{"CPU":1,"arch":"x86","current":true,"halted":false,"props":{"core-id":0,"socket-id":1,"thread-id":0},"qom_path":"/machine/unattached/device[1]","thread_id":8440}]} +``` + +### 查询vCPU上线情况 + +使用query-hotpluggable-cpus命令查询所有vCPU的online/offline情况。 + +- 用法: + + **{ "execute": "query-hotpluggable-cpus" }** + +- 示例: + +``` +<- { "execute": "query-hotpluggable-cpus" } +-> {"return":[{"props":{"core-id":0,"socket-id":0,"thread-id":0},"qom-path":"/machine/unattached/device[0]","type":"host-x86-cpu","vcpus-count":1},{"props":{"core-id":0,"socket-id":1,"thread-id":0},"qom-path":"/machine/unattached/device[1]","type":"host-x86-cpu","vcpus-count":1}]} +``` + +其中,online的vCPU具有`qom-path`项,offline的vCPU则没有。 + + + +## 管理虚拟机生命周期 + +### 简介 + +StratoVirt可以对虚拟机进行启动、暂停、恢复、退出等生命周期进行管理。 + +### 创建并启动虚拟机 + +根据虚拟机配置可知,可以通过命令行参数或json文件指定虚拟机配置,并在主机通过stratovirt命令创建并启动虚拟机。 + +- 使用命令行参数给出虚拟机配置,创建并启动虚拟机的命令如下: + +``` +$ /path/to/stratovirt -[参数1] [参数选项] -[参数2] [参数选项] ... +``` + + + +- 使用json文件给出虚拟机配置,创建并启动虚拟机的命令如下: + +``` +$ /path/to/stratovirt \ + -config /path/to/json \ + -api-channel unix:/path/to/socket +``` + +其中,/path/to/json为json配置文件的路径。/path/to/socket为用户指定的socket文件(如/tmp/stratovirt.socket),使用上述命令会自动创建socket文件。为确保虚拟机能够正常启动,在创建socket文件前确保该文件不存在。 + + + +> ![](./figures/zh-cn_image_0218587436.png) +> +> 虚拟机启动后,内部会有eth0和eth1两张网卡。这两张网卡预留用于网卡热插拔。热插的第一张网卡是eth0,热插的第二张网卡是eth1,目前只支持热插2张virtio-net网卡。 + + + +### 连接虚拟机 + +StratoVirt当前采用QMP管理虚拟机,暂停、恢复、退出虚拟机等操作需要通过QMP连接到虚拟机进行管理。 + +在主机上打开新的命令行窗口B,并使用root权限进行api-channel连接,参考命令如下: + +``` +# ncat -U /path/to/socket +``` + +连接建立后,会收到来自StratoVirt的问候消息,如下所示: + +``` +{"QMP":{"version":{"qemu":{"micro":1,"minor":0,"major":4},"package":""},"capabilities":[]}} +``` + +现在,可以在窗口B中输入QMP命令来管理虚拟机。 + + + +> ![](./figures/zh-cn_image_0218587436.png) +> +> QMP提供了stop、cont、quit和query-status等来管理和查询虚拟机状态。 +> +> 管理虚拟机的QMP命令均在窗口B中进行输入。符号:`<-`表示命令输入,`->`表示QMP结果返回。 + + + + + +### 暂停虚拟机 + +QMP提供了stop命令用于暂停虚拟机,即暂停虚拟机所有的vCPU。命令格式如下: + +**{"execute":"stop"}** + +**示例:** + +使用stop暂停该虚拟机的命令和回显如下: + +``` +<- {"execute":"stop"} +-> {"event":"STOP","data":{},"timestamp":{"seconds":1583908726,"microseconds":162739}} +-> {"return":{}} +``` + + + + + +### 恢复虚拟机 + +QMP提供了cont命令用于恢复处于暂停状态suspend的虚拟机,即恢复虚拟机所有vCPU的运行。命令格式如下: + +**{"execute":"cont"}** + +**示例:** + +使用cont恢复该虚拟机的命令和回显如下: + +``` +<- {"execute":"cont"} +-> {"event":"RESUME","data":{},"timestamp":{"seconds":1583908853,"microseconds":411394}} +-> {"return":{}} +``` + + + + + +### 退出虚拟机 + +QMP提供了quit命令用于退出虚拟机,即退出StratoVirt进程。命令格式如下: + +**{"execute":"quit"}** + +**示例:** + +``` +<- {"execute":"quit"} +-> {"return":{}} +-> {"event":"SHUTDOWN","data":{"guest":false,"reason":"host-qmp-quit"},"timestamp":{"ds":1590563776,"microseconds":519808}} +``` + + + +## 管理虚拟机资源 + +### 热插拔磁盘 + +StratoVirt支持在虚拟机运行过程中调整磁盘数量,即在不中断业务前提下,增加或删除虚拟机磁盘。 + +#### 热插磁盘 + +**用法:** + +``` +{"execute": "blockdev-add", "arguments": {"node-name": "drive-0", "file": {"driver": "file", "filename": "/path/to/block"}, "cache": {"direct": true}, "read-only": false}} +{"execute": "device_add", "arguments": {"id": "drive-0", "driver": "virtio-blk-mmio", "addr": "0x1"}} +``` + +**参数** + +- blockdev-add中的node-name要和device_add中的id一致,如上都是drive-0。 + +- /path/to/block是被热插磁盘的镜像路径,不能是启动rootfs的磁盘镜像。 +- 对于addr来说,它从0x0开始与虚拟机的vda映射,0x1与vdb映射,以此类推。为了兼容QMP协议,"addr"也可以用"lun"代替,但是lun=0与客户机的vdb映射。 +- 由于stratovirt支持的最大virtio-blk磁盘数量是4个,热插磁盘时请注意规格约束。 + + +**示例** + +``` +<- {"execute": "blockdev-add", "arguments": {"node-name": "drive-0", "file": {"driver": "file", "filename": "/path/to/block"}, "cache": {"direct": true}, "read-only": false}} +-> {"return": {}} +<- {"execute": "device_add", "arguments": {"id": "drive-0", "driver": "virtio-blk-mmio", "addr": "0x1"}} +-> {"return": {}} +``` + + + +#### 热拔磁盘 + +**用法:** + +**{"execute": "device_del", "arguments": {"id":"drive-0"}}** + +**参数:** + +id 为热拔磁盘的ID号。 + +**示例** + +``` +<- {"execute": "device_del", "arguments": {"id": "drive-0"}} +-> {"event":"DEVICE_DELETED","data":{"device":"drive-0","path":"drive-0"},"timestamp":{"seconds":1598513162,"microseconds":367129}} +-> {"return": {}} +``` + + + +### 热插拔网卡 + +StratoVirt支持在虚拟机运行过程中调整网卡数量,即在不中断业务前提下,给虚拟机增加或删除网卡。 + +#### 热插网卡 + +**准备工作(需要使用root权限)** + +1. 创建并启用Linux网桥,例如网桥名为 qbr0 的参考命令如下: + +```shell +# brctl addbr qbr0 +# ifconfig qbr0 up +``` + +2. 创建并启用 tap 设备,例如设备名为 tap0 的参考命令如下: + +```shell +# ip tuntap add tap0 mode tap +# ifconfig tap0 up +``` + +3. 添加 tap 设备到网桥: + +```shell +# brctl addif qbr0 tap0 +``` + + +**用法** + +``` +{"execute":"netdev_add", "arguments":{"id":"net-0", "ifname":"tap0"}} +{"execute":"device_add", "arguments":{"id":"net-0", "driver":"virtio-net-mmio", "addr":"0x0"}} +``` + +**参数** + +- netdev_add中的id应该和device_add中的id一致,ifname是后端的tap设备名称。 + +- 对于addr来说,它从0x0开始与虚拟机的eth0映射,0x1和虚拟机的eth1映射。 + +- 由于stratovirt支持的最大virtio-net数量为2个,热插网卡时请注意规格约束。 + + +**示例** + +``` +<- {"execute":"netdev_add", "arguments":{"id":"net-0", "ifname":"tap0"}} +-> {"return": {}} +<- {"execute":"device_add", "arguments":{"id":"net-0", "driver":"virtio-net-mmio", "addr":"0x0"}} +-> {"return": {}} +``` + +其中,addr:0x0,对应虚拟机内部的eth0。 + +#### 热拔网卡 + +**用法** + +**{"execute": "device_del", "arguments": {"id": "net-0"}}** + +**参数** + +id:网卡的ID号,例如net-0。 + +**示例** + +``` +<- {"execute": "device_del", "arguments": {"id": "net-0"}} +-> {"event":"DEVICE_DELETED","data":{"device":"net-0","path":"net-0"},"timestamp":{"seconds":1598513339,"microseconds":97310}} +-> {"return": {}} +``` + + + +## Ballon设备使用 + +使用balloon设备可以从虚拟机回收空闲的内存。Balloon通过qmp命令来调用。qmp命令使用如下: + +**用法:** + +``` +{"execute": "balloon", "arguments": {"value": 2147483648‬}} +``` + +**参数:** + +- value: 想要设置的guest内存大小值,单位为字节,内存压缩以页为粒度。如果该值大于虚拟机启动时配置的内存值,则以启动时配置的内存值为准。 + +**示例:** + +启动时配置的内存大小为4GiB,在虚拟机内部通过free命令查询虚拟机空闲内存大于2GiB,那么可以通过qmp命令设置guest内存大小为2147483648字节。 + +``` +<- {"execute": "balloon", "arguments": {"value": 2147483648‬}} +-> {"return": {}} +``` + +查询虚拟机的当前实际内存: + +``` +<- {"execute": "query-balloon"} +-> {"return":{"actual":2147483648}} +``` + diff --git "a/docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" "b/docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" new file mode 100644 index 0000000000000000000000000000000000000000..c35eea0c627bf8e013377cb3ebb37e610a740a76 --- /dev/null +++ "b/docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" @@ -0,0 +1,541 @@ +# 虚拟机配置 + +## 基本配置 + +### 概述 + +不同于Libvirt通过xml文件配置虚拟机的方式,StratoVirt可以通过命令行参数指定配置,也可以通过json文件进行配置。配置包括虚拟机CPU、内存、磁盘等信息。这里给出两种方式的具体操作方法。 + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> 同时使用命令行配置和json文件配置时,以命令行配置为准。 +> +> 本文中的/path/to/socket为用户自定义路径下的socket文件。 + + + + + +### 规格说明 + +- 虚拟机CPU个数:[1, 254] +- 虚拟机内存大小:[256M, 512G] +- 虚拟机磁盘个数(包括热插的磁盘):[0, 4] +- 虚拟机网卡个数(包括热插的网卡):[0, 2] +- 虚拟机console设备仅支持单路连接 +- x86_64平台,最多可以配置11个mmio设备;但是除了磁盘和网卡,建议最多配置4个其他设备;AArch64平台,最多可以配置160个mmio设备;但是除了磁盘和网卡,建议最多配置12个其他设备。 + +### 最小配置 + +StratoVirt能够运行的最小配置为: + +- PE格式或bzImage格式(仅x86_64)的Linux内核镜像 +- 将rootfs镜像设置成virtio-blk设备,并添加到内核参数中 +- 使用api-channel来控制StratoVirt +- 如果要使用ttyS0登录,添加一个串口到启动命令行,并将ttyS0添加到内核参数中 + + + +### 命令行配置 + +**概述** + +命令行配置即通过命令行参数直接指定虚拟机配置内容。 + +**命令格式** + +使用cmdline配置的命令格式如下: + +**$ /path/to/stratovirt** *-[参数1] [参数选项] -[参数2] [参数选项] ...* + +**使用说明** + +1. 首先,为确保可以创建api-channel需要的socket,可以参考如下命令清理环境: + + ``` + $ rm [参数] [用户自定义socket文件路径] + ``` + + +2. 然后,运行cmdline命令。 + + ``` + $ /path/to/stratovirt -[参数1] [参数选项] -[参数2] [参数选项] ... + ``` + + +**参数说明** + +cmdline命令行配置参数请参见下表: + +表1 :命令行配置参数说明 + +| 参数 | 参数选项 | 说明 | +| ---------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | +| -name | *VMname* | 配置虚拟机名称(字符长度:1-255字符) | +| -machine | `[type=vm_type]` `[,dump-guest-core=on]` `[,mem-share=off]` | 配置虚拟机类型,[详细说明](#虚拟机类型) | +| -kernel | /path/to/vmlinux.bin | 配置内核镜像 | +| -append | console=ttyS0 root=/dev/vda reboot=k panic=1 rw | 配置内核命令行参数 | +| -initrd | /path/to/initrd.img | 配置initrd文件 | +| -smp | [cpus=]个数 | 配置cpu个数,范围[1, 254] | +| -m | 内存大小(字节单位)、内存大小M(M单位)、内存大小G(G单位) | 配置内存大小,范围[256M, 512G] | +| -drive | id=rootfs,file=/path/to/rootfs[,readonly=false,direct=true,serial=serial_num,iothread=iothread1,iops=200] | 配置virtio-blk设备,[详细说明](#磁盘配置) | +| -netdev | id=iface_id,netdev=tap0[,mac=mac_address,iothread=iothread2] | 配置virtio-net设备,[详细说明](#net配置) | +| -chardev | id=console_id,path=/path/to/socket | 配置virtio-console,[详细说明](#console) | +| -device | vsock,id=vsock_id,guest-cid=3 | 配置vhost-vsock,[详细说明](#vsock) | +| -api-channel | unix:/path/to/socket | 配置api-channel,运行前须保证socket文件不存在 | +| -serial | stdio | 配置串口设备 | +| -D | /path/to/logfile | 配置日志文件 | +| -pidfile | /path/to/pidfile | 配置pid文件,必须和-daemonize一起使用。运行前须保证pid文件不存在 | +| -disable-seccomp | NA | 关闭Seccomp,默认打开 | +| -daemonize | NA | 开启进程daemon化 | +| -iothread | id="iothread1" | 配置iothread线程,[详细说明](#iothread配置) | +| -balloon | deflate-on-oom=true | 配置balloon设备,[详细说明](#balloon配置) | +| -mem-path | /dev/hugepages | 配置内存大页,详细说明见最佳实践章节 | +| -rng | random_file=/path/to/random_file[,bytes_per_sec=1000000] | 配置virtio-rng设备,[详细说明](#rng配置) | + + + + +**配置示例** + +1. 删除socket文件,确保可以创建api-channel。 + + ``` + $ rm -f /tmp/stratovirt.socket + ``` + + +2. 运行StratoVirt。 + + ``` + $ /path/to/stratovirt \ + -kernel /path/to/vmlinux.bin \ + -append console=ttyS0 root=/dev/vda rw reboot=k panic=1 \ + -drive file=/home/rootfs.ext4,id=rootfs,readonly=false \ + -api-channel unix:/tmp/stratovirt.socket \ + -serial stdio + ``` + + 运行成功后,将根据指定的配置参数创建并启动虚拟机。 + + + +### json配置 + + + +**概述** + +使用json文件配置即在运行StratoVirt创建虚拟机时,读取给定的json文件,该文件中包含了对虚拟机的相关配置。 + +**命令格式** + +使用json文件配置虚拟机的命令格式如下,其中 /path/to/json 为对应文件的路径。 + +**$ /path/to/stratovirt -config** */path/to/json -[参数] [参数选项]* + +**使用说明** + +1. 编写json文件,将虚拟机配置写入该文件。 + +2. 执行StratoVirt创建虚拟机。 + + ``` + $ /path/to/stratovirt -config /path/to/json -[参数] [参数选项] + ``` + +**参数说明** + +json文件中可配置字段及含义请参见下表: + +**表2**:配置文件的字段 + +| 配置参数 | 配置参数选项 | 说明 | +| -------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | +| boot-source | "kernel_image_path": "/path/to/vmlinux.bin","boot_args": "console=ttyS0 reboot=k panic=1 pci=off tsc=reliable ipv6.disable=1 root=/dev/vda quiet","initrd_fs_path": "/path/to/initrd.img" | 配置内核镜像和内核参数, 参数`initrd_fs_path`可选。 | +| machine-config | "type": "MicroVm","vcpu_count": 4,"mem_size": 805306368,"dump_guest_core": false,"mem-share": false,"mem_path":"/path/to/backend" | 配置虚拟cpu和内存大小,参数 `dump_guest_core`,`mem-path`和 `mem-share`可选,。 | +| drive | "drive_id": "rootfs","path_on_host": "/path/to/rootfs.ext4","read_only": false,"direct": true,"serial_num": "xxxxx","iothread": "iothread1","iops": 200 | 配置virtio-blk磁盘 ,参数`serial_num`,`iothread`和`iops`可选。 | +| net | "iface_id": "net0","host_dev_name": "tap0","mac": "xx:xx:xx:xx:xx:xx","iothread": "iothread1" | 配置virtio-net网卡,参数`mac`和`iothread` 可选。 | +| console | "console_id": "charconsole0","socket_path": "/path/to/socket" | 配置virtio-console串口,运行前须保证socket文件不存在 | +| vsock | "vsock_id": "vsock0","guest_cid": 3 | 配置virtio-vsock设备 | +| serial | "stdio": true | 配置串口设备 | +| iothread | "id": "iothread1" | 配置iothread的id,用来创建名为"iothread1"的线程。 | +| balloon | "deflate_on_oom": true | 配置balloon的auto deflate特性 | +|rng | "random_file":"/dev/random","bytes_per_sec":1000000000 | 配置virtio-rng设备 | + + +使用json运行的参数请参见下表: + +表3:使用json运行的参数 + +| 参数 | 参数选项 | 说明 | +| ---------------- | -------------------- | ------------------------------------------------------------ | +| -config | /path/to/json | 配置文件的路径 | +| -api-channel | unix:/path/to/socket | 配置api-channel,运行前须保证socket文件不存在 | +| -D | /path/to/logfile | 配置日志文件 | +| -pidfile | /path/to/pidfile | 配置pid文件,必须配合daemonize使用。运行前须保证pid文件不存在 | +| -disable-seccomp | NA | 关闭Seccomp,默认打开 | +| -daemonize | NA | 开启进程daemon化 | + + + +**配置示例:** + +1. 创建json文件,例如/home/config.json,其内容如下: + +``` +{ + "boot-source": { + "kernel_image_path": "/path/to/vmlinux.bin", + "boot_args": "console=ttyS0 reboot=k panic=1 pci=off tsc=reliable ipv6.disable=1 root=/dev/vda quiet rw" + }, + "machine-config": { + "type": "MicroVm", + "vcpu_count": 2, + "mem_size": 268435456 + }, + "drive": [ + { + "drive_id": "rootfs", + "path_on_host": "/path/to/rootfs", + "serial_num": "11111111", + "direct": true, + "read_only": false, + "iops": 200000, + "iothread": "iothread2" + } + ], + "net": [ + { + "iface_id": "net0", + "host_dev_name": "tap0", + "mac": "0e:90:df:9f:a8:88", + "iothread": "iothread1" + } + ], + "console": [ + { + "console_id": "charconsole0", + "socket_path": "/path/to/console.socket" + } + ], + "serial": { + "stdio": true + }, + "vsock": { + "vsock_id": "vsock-123321132", + "guest_cid": 4 + }, + "iothread": [ + {"id": "iothread1"}, + {"id": "iothread2"} + ] +} +``` + + + +2. 运行StratoVirt,读取json文件配置创建并启动虚拟机。 + +``` +$ /path/to/stratovirt \ + -config /home/config.json \ + -api-channel unix:/tmp/stratovirt.socket +``` + +执行成功后,虚拟机创建并启动成功。 + + + +## 配置说明: + +### 虚拟机类型 + +通过-machine参数来指定启动的虚拟机的类型。 + +参数说明 + +- type:启动虚拟机的类型(当前只支持“MicroVm”类型,可选配置,默认为"MicroVM“类型)。 +- dump-guest-core:进程panic时,是否dump虚拟机内存(可选配置)。 +- mem-share:是否与其他进程共享内存(可选配置)。 + + + +### 磁盘配置 + +虚拟机磁盘配置包含以下配置项 + +- drive_id: 磁盘的id。 +- path_on_host: 磁盘的路径。 +- serial_num: 磁盘的串号(可选配置)。 +- read_only: 是否只读(可选配置)。 +- direct: 是否以“O_DIRECT”模式打开(可选配置)。 +- iothread: 配置iothread属性(可选配置)。 +- iops: 配置磁盘QoS,以限制磁盘的io操作(可选配置)。 + + + +下面对iops和iothread两个配置项进行详细说明: + +#### iops:磁盘QoS + +##### 简介 + +QoS(Quality of Service)是服务质量的意思。在云场景中,单主机内会启动多台虚拟机,当某台虚拟机对磁盘访问压力大时,由于同主机的磁盘访问总带宽有限,这台虚拟机会挤占其他虚拟机的访问带宽,从而造成对其他虚拟机IO影响。为了降低影响,可以为虚拟机配置QoS属性,限制它们对磁盘访问的速率,从而降低对彼此的影响。 + + + +##### 注意事项 + +- 当前QoS支持配置磁盘的iops。 +- iops的设定范围是[0, 1000000],其中0为不限速;实际iops不会超过设定值,并且不会超过后端磁盘实际性能的上限。 +- 只能限制平均iops,无法限速瞬时的突发流量。 + + + +##### 配置方式 + +用法: + +**命令行** + +``` +-drive xxx,iops=200 +``` + +参数: + +- iops:当配置了iops后,本磁盘在虚拟机内部的IO下发速度,不会超过此配置值。 +- xxx:表示磁盘的其他设置。 + +json配置 + +``` +{ + ... + "drive": [ + { + "drive_id": "rootfs", + "path_on_host": "/path/to/block", + ... + "iops": 200 + } + ], + ... +} +``` + + + +#### iothread: + +iothread配置细节见[iothread配置](#配置iothread) + + + + + +### 网卡配置 + +虚拟机网卡的配置包含以下配置项 + +- iface_id:唯一的设备id。 +- host_dev_name:host上的tap设备名。 +- mac:设置虚拟机mac地址(可选配置)。 +- iothread:配置磁盘的iothread属性(可选配置)。 + +网卡iothread配置详见[iothread配置](#配置iothread) + + + +### Console设备配置 + +virtio-console是通用的串口设备,用于guest和host之间传送数据。console设备的配置有如下配置项: + +- console_id: 唯一的设备id +- socket_path:virtio console文件路径 + +在启动stratovirt之前请确保console文件不存在。 + + + +### vsock设备配置 + +vsock也是host和guest间通信的设备,类似于console,但具有更好的性能。配置项: + +- vsock_id: 唯一的设备id。 +- guest_cid: 唯一的context id。 + + + + + +### 配置iothread + +#### 简介 + +当StratoVirt启动了带iothread配置的虚拟机后,会在主机上启动独立于主线程的单独线程,这些单独线程可以用来处理设备的IO请求,一方面提升设备的IO性能,另一方面降低对管理面消息处理的影响。 + +#### 注意事项 + +- 支持配置最多8个iothread线程 +- 支持磁盘和网卡配置iothread属性 +- iothread线程会占用主机CPU资源,在虚拟机内部大IO压力情况下,单个iothread占用的CPU资源取决于磁盘的访问速度,例如普通的SATA盘会占用20%以内CPU资源。 + + + +#### 创建iothread线程 + +用法: + +**命令行:** + +```shell +-iothread id=iothread1 -iothread id=iothread2 +``` + +**json:** + +```json +"iothread": [ + {"id": "iothread1"}, + {"id": "iothread2"} + ] +``` + +参数: + +- id:用于标识此iothread线程,该id可以被设置到磁盘或网卡的iothread属性。当启动参数配置了iothread线程信息,虚拟机启动后会在主机上启动相应id名的线程。 + + + +#### 配置磁盘或网卡的iothread属性 + +用法: + +**命令行配置** + +``` +# 磁盘 +-drive xxx,iothread=iothread1 +# 网卡 +-netdev xxx,iothread=iothread2 +``` + +​ 参数: + +1. iothread:设置成iothread线程的id,指明处理本设备IO的线程。 +2. xxx: 表示磁盘或者网卡的其他配置 + + + +**json配置** + +```json +# 磁盘 +{ + ... + "drive": [ + { + "drive_id": "rootfs", + "path_on_host": "/path/to/block", + ... + "iothread": "iothread1", + } + ], + ... +} +# 网卡 +{ + ... + "net": [ + { + "iface_id": "tap0", + "host_dev_name": "tap0", + "mac": "12:34:56:78:9A:BC", + "iothread": "iothread2" + } + ] +} +``` + + + + + +### 配置balloon设备 + +#### 简介 + +在虚拟机运行过程中,由虚拟机里的balloon驱动来动态占用或释放内存,从而动态改变这台虚拟机当前可用内存,达到内存弹性的效果。 + + + +#### 注意事项 + +- 启用balloon前须确保guest和host的页面大小相同。 +- guest内核须开启balloon特性支持。 +- 开启内存弹性时,有可能造成虚拟机内部轻微卡顿、内存性能下降。 + + + +#### 互斥特性 + +- 大页内存互斥。 +- 在x86下,由于中断数量有限,所以balloon设备和其他virtio的数量(默认使用4个block设备,2个net设备和1个串口设备)总和不得超过11个。 + + + +#### 规格 + +- 每个VM只能配置1个balloon设备。 + + + +#### 配置方式 + +- 命令行 + +``` +-balloon deflate-on-oom=true +``` + +- json文件 + + ```json + { + "balloon": { + "deflate_on_oom": true + }, + ... + } + ``` + + + +>![](./public_sys-resources/icon-note.gif) **说明:** +>1. deflate-on-oom的取值为bool类型,表示是否开启auto deflate特性。开启时,如果balloon已经回收部分内存,当guest需要内存时,balloon设备会自动放气,归还内存给guest。不开启则不会自动归还。 +>2. 使用qmp命令回收虚拟机内存时,应确保回收后虚拟机仍然有足够的内存来保持最基本的运行。否则可能会出现一些操作超时,以及导致虚拟机内部无法申请到空闲内存等现象。 +>3. 如果虚拟机内部开启内存大页,balloon不能回收大页占用内存。 + + +>![](./public_sys-resources/icon-notice.gif) **须知:** +>deflate-on-oom=false时,当Guest中内存不足时,balloon不会自动放气并归还内存,可能会引起Guest内部OOM,进程被Kill,甚至虚拟机无法正常运行。 + + + + +### rng设备配置 + +virtio-rng是半虚拟化的随机数生成器设备,用于为guest提供硬件随机数生成能力。virtio-rng设备包含以下配置项: + +- random_file: 在host上用于生成随机数的字符设备路径,例如/dev/random。 +- bytes_per_sec: 每秒钟从字符设备获取随机数的字符数限制(可选配置)。 + +#### 注意事项 + +- 不配置bytes_per_sec配置项,则为不限速。 +- 如需配置,设定范围为[64, 1000000000],建议此值不应设置过小,以防获取随机数字符速率过慢。 +- bytes_per_sec只能限制平均随机数字符数,无法限制瞬间的突发流量。 +- 用户在配置virtio rng设备时,请检查熵池是否足够,以免引起虚拟机卡顿问题,例如配置字符设备路径为/dev/random,当前熵池大小可通过/proc/sys/kernel/random/entropy_avail查看。 diff --git a/docs/zh/docs/TailorCustom/figures/lack_pack.png b/docs/zh/docs/TailorCustom/figures/lack_pack.png new file mode 100644 index 0000000000000000000000000000000000000000..a4b7f1da15da70f63a86aae360e89017c2b98f2d Binary files /dev/null and b/docs/zh/docs/TailorCustom/figures/lack_pack.png differ diff --git "a/docs/zh/docs/TailorCustom/isocut\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/docs/zh/docs/TailorCustom/isocut\344\275\277\347\224\250\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..d3f686947749372c9c28a3da46437c721f009feb --- /dev/null +++ "b/docs/zh/docs/TailorCustom/isocut\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -0,0 +1,231 @@ +# isocut 使用指南 + +## 简介 + +openEuler 光盘镜像较大,下载、传输镜像很耗时。另外,使用 openEuler 光盘镜像安装操作系统时,会安装镜像所包含的全量 RPM 软件包,用户无法只安装部分所需的软件包。 + +在某些场景下,用户不需要安装镜像提供的全量软件包,或者需要一些额外的软件包。因此,openEuler 提供了镜像裁剪定制工具。通过该工具,用户可以基于 openEuler 光盘镜像裁剪定制仅包含所需 RPM 软件包的 ISO 镜像。这些软件包可以来自原有 ISO 镜像,也可以额外指定,从而满足用户定制需求。 + +本文档介绍 openEuler 镜像裁剪定制工具的安装和使用方法,以指导用户更好的完成镜像裁剪定制。 + +## 软硬件要求 + +使用 openEuler 裁剪定制工具制作 ISO 所使用的机器需要满足如下软硬件要求: + +- CPU 架构为 AArch64 或者 x86_64 +- 操作系统为 openEuler 20.03 LTS SP4 +- 建议预留 30 GB 以上的磁盘空间(用于运行裁剪定制工具和存放 ISO 镜像) + +## 安装工具 + +此处以 openEuler 20.03 LTS SP4 版本的 AArch64 架构为例,介绍 ISO 镜像裁剪定制工具的安装操作。 + +1. 确认机器已安装操作系统 openEuler 20.03 LTS SP4(镜像裁剪定制工具的运行环境)。 + + ``` shell script + # cat /etc/openEuler-release + openEuler release 20.03 (LTS-SP4) + ``` + +2. 下载对应架构的 ISO 镜像(必须是 everything 版本),并存放在任一目录(建议该目录磁盘空间大于 20 GB),此处假设存放在 /home/isocut_iso 目录。 + + AArch64 架构的镜像下载链接为: + + + + > **说明:** + > x86_64 架构的镜像下载链接为: + > + > + +3. 创建文件 /etc/yum.repos.d/local.repo,配置对应 yum 源。配置内容参考如下,其中 baseurl 是用于挂载 ISO 镜像的目录: + + ``` shell script + [local] + name=local + baseurl=file:///home/isocut_mount + gpgcheck=0 + enabled=1 + ``` + +4. 使用 root 权限,挂载光盘镜像到 /home/isocut_mount 目录(请与上述 repo 文件中配置的 baseurl 保持一致)作为 yum 源,参考命令如下: + + ```shell + sudo mount -o loop /home/isocut_iso/openEuler-20.03-LTS-SP4-everything-aarch64-dvd.iso /home/isocut_mount + ``` + +5. 使 yum 源生效: + + ```shell + yum clean all + yum makecache + ``` + +6. 使用 root 权限,安装镜像裁剪定制工具: + + ```shell + sudo yum install -y isocut + ``` + +7. 使用 root 权限,确认工具是否安装成功: + + ```shell + # sudo isocut -h + Checking input ... + usage: isocut [-h] [-t temporary_path] [-r rpm_path] source_iso dest_iso + + Cut openEuler iso to small one + + positional arguments: + source_iso source iso image + dest_iso destination iso image + + optional arguments: + -h, --help show this help message and exit + -t temporary_path temporary path + -r rpm_path extern rpm packages path + -k file_path kickstart file + ``` + +## 裁剪定制镜像 + +此处介绍如何使用镜像裁剪定制工具基于 openEuler 光盘镜像裁剪或添加额外 RPM 软件包制作新镜像的方法。 + +### 命令介绍 + +#### 命令格式 + +镜像裁剪定制工具通过 isocut 命令执行功能。命令的使用格式为: + +**isocut** [ --help | -h ] [ -t <*temp_path*> ] [ -r <*rpm_path*> ] < *source_iso* > < *dest_iso* > + +#### 参数说明 + +| 参数 | 是否必选 | 参数含义 | +| ------------ | -------- | -------------------------------------------------------- | +| --help \| -h | 否 | 查询命令的帮助信息。 | +| -t <*temp_path*> | 否 | 指定工具运行的临时目录 *temp_path*,其中 *temp_path* 为绝对路径。默认为 /tmp 。 | +| -r <*rpm_path*> | 否 | 用户需要额外添加到 ISO 镜像中的 RPM 包路径。 | +| *source_iso* | 是 | 用于裁剪的 ISO 源镜像所在路径和名称。不指定路径时,默认当前路径。 | +| *dest_iso* | 是 | 裁剪定制生成的 ISO 新镜像存放路径和名称。不指定路径时,默认当前路径。 | + +### 软件包来源 + +新镜像的 RPM 包来源有: + +- 原有 ISO 镜像。该情况通过配置文件 /etc/isocut/rpmlist 指定需要安装的 RPM 软件包,配置格式为 "软件包名.对应架构",例如:kernel.aarch64 。 + +- 额外指定。执行 **isocut** 时使用 -r 参数指定软件包所在路径,并将添加的 RPM 包按上述格式添加到配置文件 /etc/isocut/rpmlist 中。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >- 裁剪定制镜像时,若无法找到配置文件中指定的 RPM 包,则镜像中不会添加该 RPM 包。 + >- 若 RPM 包的依赖有问题,则裁剪定制镜像时可能会报错。 + +### 操作指导 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 请不要修改或删除 /etc/isocut/rpmlist 文件中的默认配置项。 +>- isocut 的所有操作需要使用 root 权限。 +>- 待裁剪的源镜像可以为基础镜像,也可以是 everything 版镜像,例子中以基础版镜像 openEuler-20.03-LTS-SP4-aarch64-dvd.iso 为例。 +>- 例子中假设新生成的镜像名称为 new.iso,且存放在 /home/result 路径;运行工具的临时目录为 /home/temp;额外的 RPM 软件包存放在 /home/rpms 目录。 + +1. 修改配置文件 /etc/isocut/rpmlist,指定用户需要安装的 RPM 软件包(来自原有 ISO 镜像)。 + + ``` shell script + sudo vi /etc/isocut/rpmlist + ``` + +2. 确定运行镜像裁剪定制工具的临时目录空间大于 8 GB 。默认临时目录为 /tmp,也可以使用 -t 参数指定其他目录作为临时目录,该目录必须为绝对路径。本例中使用目录 /home/temp,由如下回显可知 /home 目录可用磁盘为 38 GB,满足要求。 + + ```shell + # df -h + Filesystem Size Used Avail Use% Mounted on + devtmpfs 1.2G 0 1.2G 0% /dev + tmpfs 1.5G 0 1.5G 0% /dev/shm + tmpfs 1.5G 23M 1.5G 2% /run + tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup + /dev/mapper/openeuler_openeuler-root 69G 2.8G 63G 5% / + /dev/sda2 976M 114M 796M 13% /boot + /dev/mapper/openeuler_openeuler-home 61G 21G 38G 35% /home + ``` + +3. 执行裁剪定制。 + + **场景一**:新镜像的所有 RPM 包来自原有 ISO 镜像 + + ``` shell script + # sudo isocut -t /home/temp /home/isocut_iso/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /home/result/new.iso + Checking input ... + Checking user ... + Checking necessary tools ... + Initing workspace ... + Copying basic part of iso image ... + Downloading rpms ... + Finish create yum conf + finished + Regenerating repodata ... + Checking rpm deps ... + Getting the description of iso image ... + Remaking iso ... + Adding checksum for iso ... + Adding sha256sum for iso ... + ISO cutout succeeded, enjoy your new image "/home/result/new.iso" + isocut.lock unlocked ... + ``` + + 回显如上,说明新镜像 new.iso 定制成功。 + + **场景二**:新镜像的 RPM 包除来自原有 ISO 镜像,还包含来自 /home/rpms 的额外软件包 + + ```shell + sudo isocut -t /home/temp -r /home/rpms /home/isocut_iso/openEuler-20.03-LTS-SP4-aarch64-dvd.iso /home/result/new.iso + ``` + +## FAQ + +### 默认 rpm 包列表安装系统失败 + +#### 背景描述 + +用户使用 isocut 裁剪镜像时通过配置文件 /etc/isocut/rpmlist 指定需要安装的软件包。 + +由于不同版本会有软件包减少,可能导致裁剪镜像时出现缺包等问题。 +因此 /etc/isocut/rpmlist 中默认只包含 kernel 软件包。 +保证默认配置裁剪镜像必定成功。 + +#### 问题描述 + +使用默认配置裁剪出来的 iso 镜像,能够裁剪成功,但是安装可能失败。 + +安装报错缺包,报错截图如下: + +![](./figures/lack_pack.png) + +#### 原因分析 + +使用默认配置的 RPM 软件包列表,裁剪的 iso 镜像在安装时缺少必要的 RPM 包。 +缺少的包如报错的图示,并且在不同版本中,缺少的 RPM 包也可能是不同的,以安装时实际报错为准。 + +#### 解决方案 + +1. 增加缺少的包 + + 1. 根据报错的提示整理缺少的 RPM 包列表。 + 2. 将上述 RPM 包列表添加到配置文件 /etc/isocut/rpmlist 中。 + 3. 再次裁剪安装 iso 镜像。 + + 以问题描述中的缺包情况为例,修改 rpmlist 配置文件如下: + + ```shell + # cat /etc/isocut/rpmlist + kernel.aarch64 + lvm2.aarch64 + chrony.aarch64 + authselect.aarch64 + shim.aarch64 + efibootmgr.aarch64 + grub2-efi-aa64.aarch64 + dosfstools.aarch64 + ``` diff --git a/docs/zh/docs/TailorCustom/overview.md b/docs/zh/docs/TailorCustom/overview.md new file mode 100644 index 0000000000000000000000000000000000000000..a59750ba597bdf80a9c5b817c6e18f067b7d463e --- /dev/null +++ b/docs/zh/docs/TailorCustom/overview.md @@ -0,0 +1,3 @@ +# 裁剪定制工具使用指南 + +本文主要介绍 openEuler 的裁剪定制工具,包含工具的介绍、安装以及使用等内容。 \ No newline at end of file diff --git a/docs/zh/docs/TailorCustom/public_sys-resources/icon-note.gif b/docs/zh/docs/TailorCustom/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/TailorCustom/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/docs/Virtualization/LibcarePlus.md b/docs/zh/docs/Virtualization/LibcarePlus.md new file mode 100644 index 0000000000000000000000000000000000000000..0285b6bec95889f76dd2ca74e46e4d8d7ebdbd1c --- /dev/null +++ b/docs/zh/docs/Virtualization/LibcarePlus.md @@ -0,0 +1,373 @@ +# LibcarePlus + +- [概述](#概述) +- [软硬件要求](#软硬件要求) +- [注意事项和约束](#注意事项和约束) +- [安装 LibcarePlus](#安装-libcareplus) +- [制作 LibcarePlus 热补丁](#制作-libcareplus-热补丁) +- [应用 LibcarePlus 热补丁](#应用-libcareplus-热补丁) + +## 概述 + +LibcarePlus 是一个用户态进程热补丁框架,可以在不重启进程的情况下对 Linux 系统上运行的目标进程进行热补丁操作。热补丁可以应用于 CVE 漏洞修复,也可以应用于不中断应用服务的紧急 bug 修复。 + +## 软硬件要求 + +在 openEuler 上使用 LibcarePlus,需要满足一定的软硬件要求: + +- 当前仅支持 x86 体系架构。 + +- LibcarePlus 可以在任何支持安装 **libunwind**、 **elfutils** 以及 **binutils** 的 Linux 发行版系统上运行。但目前仅在 openEuler 20.03 LTS SP1 版本进行了验证。 + + +## 注意事项和约束 + +使用 LibcarePlus,需遵循以下热补丁规范和约束: + +- 仅支持对 C 语言编写的代码,不支持汇编语言等。 +- 仅支持用户态程序,不支持动态库打补丁。 +- 代码文件名必须符合 C 语言标识符命名规范:由字母(A-Z,a-z)、数字 (0-9)、下划线“_”组成;并且首字符不能是数字,但可以是字母或者下划线;不能包含“-”、“$”等特殊符号。 +- 不支持增量补丁,即必须卸载原有补丁后,才能加载新的补丁。 +- 不支持补丁自动加载。 +- 不支持补丁查询。 +- 被打热补丁的目标函数的出参和入参不能增加和删除。 +- 静态函数补丁受限于系统中能找到该函数的符号表。 +- 动态库热补丁只能对调用这个动态库的进程打补丁。 +- 以下场景不支持热补丁: + - 死循环函数、不退出函数、inline 函数、初始化函数、NMI 中断处理函数 + - 替换全局变量 + - 修改头文件 + - 数据结构成员变化(新增、删除、修改) + - 动态库、静态函数、静态变量 + - 修改全局变量、TLS 变量、RCU 变量 + - 修改包含 __LINE__ , __FILE__ 等gcc编译宏的 C 文件 + - 修改 intel 矢量汇编指令 + + + +## 安装 LibcarePlus + +### 安装软件依赖 + +LibcarePlus 运行依赖于 **libunwind**、 **elfutils** 和 **binutils**,在配置了 yum 源的 openEuler 系统上,可以参考如下命令安装 LibcarePlus 的依赖软件。 + +``` shell +$ sudo yum install -y binutils elfutils elfutils-libelf-devel libunwind-devel +``` + +#### 安装 LibcarePlus + +```shell +$ yum install LibcarePlus -y +``` + +查看安装是否成功: + +``` shell +$ libcare-ctl -help +usage: libcare-ctl [options] [args] + +Options: + -v - verbose mode + -h - this message + +Commands: + patch - apply patch to a user-space process + unpatch- unapply patch from a user-space process + info - show info on applied patches + server - listen on a unix socket for commands +``` + +## 制作 LibcarePlus 热补丁 + +### 概述 + +LibcarePlus 支持如下方式制作热补丁: + +- 手动制作 +- 通过脚本制作 + +手动制作热补丁的过程繁琐,对于代码量较大的工程,例如QEMU,手动制作热补丁极其困难。建议使用 LibcarePlus 自带脚本一键式地生成热补丁文件。 + +#### 手动制作 + +本节以原文件 foo.c 和补丁文件 bar.c 为例,给出手动制作热补丁的指导。 + +1. 准备 C 语言编写的原文件和补丁文件。例如原文件 foo.c 和补丁文件 bar.c 。 + +
    + 点击展开 foo.c +

    + + ``` c + // foo.c + #include + #include + + void print_hello(void) + { + printf("Hello world!\n"); + } + + int main(void) + { + while (1) { + print_hello(); + sleep(1); + } + } + ``` + +

    +
    + +
    + 点击展开 bar.c +

    + + ``` c + // bar.c + #include + #include + + void print_hello(void) + { + printf("Hello world %s!\n", "being patched"); + } + + int main(void) + { + while (1) { + print_hello(); + sleep(1); + } + } + ``` + +

    +
    + +2. 编译得到原文件和补丁文件的汇编文件 **foo.s** 和 **bar.s**,参考命令如下: + + ``` shell + $ gcc -S foo.c + $ gcc -S bar.c + $ ls + bar.c bar.s foo.c foo.s + ``` + + +3. 使用 **kpatch_gensrc** 对比 foo.s 和 bar.s 差异,生成包含原文件的汇编内容和差异内容的 foobar.s,参考命令如下: + + ``` shell + $ sed -i 's/bar.c/foo.c/' bar.s + $ kpatch_gensrc --os=rhel6 -i foo.s -i bar.s -o foobar.s --force-global + ``` + + 由于 **kpatch_gensrc** 默认对同一 C 语言原文件进行对比,所以对比前需要使用 sed 命令将补丁汇编文件 bar.s 中的 bar.c 改为原文件名称 foo.c。随后调用 **kpatch_gensrc**,指定输入文件为 foo.s 与 bar.s,输出文件为 foobar.s。 + +4. 编译原文件的汇编文件 foo.s 和生成的汇编文件 foobar.s,得到可执行文件 foo 和 foobar,参考命令如下: + + ``` shell + $ gcc -o foo foo.s + $ gcc -o foobar foobar.s -Wl,-q + ``` + + + +5. 利用 **kpatch_strip** 去除可执行程序 foo 和 foobar 的相同内容,保留制作热补丁所需要的内容。 + + ``` shell + $ kpatch_strip --strip foobar foobar.stripped + $ kpatch_strip --rel-fixup foo foobar.stripped + $ strip --strip-unneeded foobar.stripped + $ kpatch_strip --undo-link foo foobar.stripped + ``` + + 上述命令中的各参数含义为: + + - **--strip** 用于去除 foobar 中对于补丁制作无用的 section; + - **--rel-fixup** 用于修复补丁内所访问的变量以及函数的地址; + - **strip --strip-unneeded** 用于去除对于热补丁重定位操作无用的符号信息; + - **--undo-link** 用于将补丁内符号的地址从绝对地址更改为相对地址。 + +6. 制作热补丁文件。 + + 通过以上操作,已经得到了热补丁制作所需的主要内容。接下来需要使用 **kpatch_make** 将原可执行文件的 **Build ID** 以及 **kpatch_strip** 的输出文件 **foobar.stripped** 作为参数传递给 **kpatch_make**,最终生成热补丁文件,参考命令如下: + + ``` shell + $ str=$(readelf -n foo | grep 'Build ID') + $ substr=${str##* } + $ kpatch_make -b $substr -i 0001 foobar.stripped -o foo.kpatch + $ ls + bar.c bar.s foo foobar foobar.s foobar.stripped foo.c foo.kpatch foo.s + ``` + + 至此,就得到了最终的热补丁文件 foo.kpatch。 + +#### 通过脚本制作 + +本节介绍如何利用 LibcarePlus 自带的 **libcare-patch-make** 脚本制作热补丁文件,仍以原文件 foo.c 和补丁文件 bar.c 为例。 + +1. 利用 diff 命令生成 foo.c 和 bar.c 的对比文件,命令如下所示: + + ``` shell + $ diff -up foo.c bar.c > foo.patch + ``` + + foo.patch 文件内容如下所示: + +
    + 点击展开 foo.patch +

    + + + ``` diff + --- foo.c 2020-12-09 15:39:51.159632075 +0800 + +++ bar.c 2020-12-09 15:40:03.818632220 +0800 + @@ -1,10 +1,10 @@ + -// foo.c + +// bar.c + #include + #include + + void i_m_being_patched(void) + { + - printf("i'm unpatched!\n"); + + printf("you patched my %s\n", "tralala"); + } + + int main(void) + ``` + +

    +
    + + +2. 编写编译 foo.c 的 Makefile 文件,具体如下所示: + +
    + 点击展开 Makefile +

    + + ``` makefile + all: foo + + foo: foo.c + $(CC) -o $@ $< + + clean: + rm -f foo + + install: foo + mkdir $$DESTDIR || : + cp foo $$DESTDIR + ``` + +

    +
    + + +3. 编写好 Makefile 之后,直接调用 **libcare-patch-make** 即可。若 **libcare-patch-make** 询问选择哪个文件进行打补丁操作,输入原文件名即可,具体如下所示: + + ``` shell + $ libcare-patch-make --clean -i 0001 foo.patch + rm -f foo + BUILDING ORIGINAL CODE + /usr/local/bin/libcare-cc -o foo foo.c + INSTALLING ORIGINAL OBJECTS INTO /libcareplus/test/lpmake + mkdir $DESTDIR || : + cp foo $DESTDIR + applying foo.patch... + can't find file to patch at input line 3 + Perhaps you used the wrong -p or --strip option? + The text leading up to this was: + -------------------------- + |--- foo.c 2020-12-10 09:43:04.445375845 +0800 + |+++ bar.c 2020-12-10 09:48:36.778379648 +0800 + -------------------------- + File to patch: foo.c + patching file foo.c + BUILDING PATCHED CODE + /usr/local/bin/libcare-cc -o foo foo.c + INSTALLING PATCHED OBJECTS INTO /libcareplus/test/.lpmaketmp/patched + mkdir $DESTDIR || : + cp foo $DESTDIR + MAKING PATCHES + Fixing up relocation printf@@GLIBC_2.2.5+fffffffffffffffc + Fixing up relocation print_hello+0 + patch for /libcareplus/test/lpmake/foo is in /libcareplus/test/patchroot/700297b7bc56a11e1d5a6fb564c2a5bc5b282082.kpatch + ``` + + 执行成功之后,输出显示:热补丁文件位于当前目录的 **patchroot** 目录下,可执行文件则在 **lpmake** 目录下。脚本生成的热补丁文件默认是采用 Build ID 作为热补丁文件的文件名。 + + + +## 应用 LibcarePlus 热补丁 + +本节以原文件 **foo.c** 和补丁文件 **bar.c** 为例,介绍 LibcarePlus 热补丁的应用指导。 + +### 前期准备 + +应用 LibcarePlus 热补丁之前,需要提前准备好原可执行程序 foo、以及热补丁文件 foo.kpatch。 + +### 加载热补丁 + +本节介绍应用 LibcarePlus 热补丁的具体流程。 + +1. 首先在第一个 shell 窗口运行需要打补丁的可执行程序,如下所示: + + ``` shell + $ ./lpmake/foo + Hello world! + Hello world! + Hello world! + ``` + +2. 随后在第二个 shell 窗口运行 **libcare-ctl** 应用热补丁,命令如下所示: + + ``` shell + $ libcare-ctl -v patch -p $(pidof foo) ./patchroot/BuildID.kpatch + ``` + + 若此时热补丁应用成功,第二个 shell 窗口会有如下输出: + + ``` shell + 1 patch hunk(s) have been successfully applied to PID '10999' + ``` + + 而第一个 shell 窗口内运行的目标进程则会出现如下输出: + + ``` shell + Hello world! + Hello world! + Hello world being patched! + Hello world being patched! + ``` + + +### 卸载热补丁 + +本节介绍卸载 LibcarePlus 热补丁的具体流程。 + +1. 在第二个 shell 窗口执行如下命令: + + ``` shell + $ libcare-ctl unpatch -p $(pidof foo) -i 0001 + + ``` + + 此时若热补丁卸载成功,第二个 shell 窗口会有如下输出: + + ``` shell + 1 patch hunk(s) were successfully cancelled from PID '10999' + ``` + +2. 第一个 shell 窗口内运行的目标进程则会出现如下输出: + + ``` shell + Hello world being patched! + Hello world being patched! + Hello world! + Hello world! + ``` diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP1.png b/docs/zh/docs/Virtualization/figures/CertEnrollP1.png new file mode 100644 index 0000000000000000000000000000000000000000..536e0618a3ab5b70937292205242a08237e34712 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP1.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP2.png b/docs/zh/docs/Virtualization/figures/CertEnrollP2.png new file mode 100644 index 0000000000000000000000000000000000000000..0557c8782960188dbe9d84a1d0e66c9b45d2b303 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP2.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP3.png b/docs/zh/docs/Virtualization/figures/CertEnrollP3.png new file mode 100644 index 0000000000000000000000000000000000000000..326fcf1e8d5e3c795ebcde286d8e0fef14bec7d1 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP3.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP4.png b/docs/zh/docs/Virtualization/figures/CertEnrollP4.png new file mode 100644 index 0000000000000000000000000000000000000000..bc77c038e1e3a5ec30d7ba4f805ca937792e9327 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP4.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP5.png b/docs/zh/docs/Virtualization/figures/CertEnrollP5.png new file mode 100644 index 0000000000000000000000000000000000000000..0f22b3cbd84f7c93f74898a926bc3e32f231667f Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP5.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP6.png b/docs/zh/docs/Virtualization/figures/CertEnrollP6.png new file mode 100644 index 0000000000000000000000000000000000000000..08235013ca71f1ec51e9af2f143629d1a6132fe9 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP6.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP7.png b/docs/zh/docs/Virtualization/figures/CertEnrollP7.png new file mode 100644 index 0000000000000000000000000000000000000000..f934521d59dd4a75449fcb2ca8abc54045b9102b Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP7.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP8.png b/docs/zh/docs/Virtualization/figures/CertEnrollP8.png new file mode 100644 index 0000000000000000000000000000000000000000..9a8158e3378bf25dee05b892cc60f424542455d7 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP8.png differ diff --git a/docs/zh/docs/Virtualization/figures/OSBootFlow.png b/docs/zh/docs/Virtualization/figures/OSBootFlow.png new file mode 100644 index 0000000000000000000000000000000000000000..f9c03c86df145636015efaeab4dc076f62754cd9 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/OSBootFlow.png differ diff --git a/docs/zh/docs/Virtualization/figures/SecureBootFlow.png b/docs/zh/docs/Virtualization/figures/SecureBootFlow.png new file mode 100644 index 0000000000000000000000000000000000000000..e76a800931ed6da2af3515d3d9d44388e3d11c01 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/SecureBootFlow.png differ diff --git a/docs/zh/docs/Virtualization/figures/virtual-network-structure.png b/docs/zh/docs/Virtualization/figures/virtual-network-structure.png index af5b2c44fe451371fb16115df15ae8ea8a723e28..6c5255545e4c09d515fe222881bc225c17ce421b 100644 Binary files a/docs/zh/docs/Virtualization/figures/virtual-network-structure.png and b/docs/zh/docs/Virtualization/figures/virtual-network-structure.png differ diff --git a/docs/zh/docs/Virtualization/virtualization.md b/docs/zh/docs/Virtualization/virtualization.md index 936a54e96cdab99468bf904bb7fd53e74d1c2fc3..685c142a4c8b85c9cffb0b28bbaf1aa70494f977 100644 --- a/docs/zh/docs/Virtualization/virtualization.md +++ b/docs/zh/docs/Virtualization/virtualization.md @@ -1 +1,3 @@ -本文档给出虚拟化介绍,并给出基于openEuler的虚拟化安装方法以及如何使用虚拟化,让用户了解虚拟化,并指导用户和管理员安装和使用虚拟化。 \ No newline at end of file +# 虚拟机用户指南 + +本文档给出虚拟化介绍,并给出基于openEuler的虚拟化安装方法、如何使用虚拟化的教程,进而让用户了解虚拟化,并指导管理员及普通用户安装和使用虚拟化。 diff --git a/docs/zh/docs/Virtualization/vmtop.md b/docs/zh/docs/Virtualization/vmtop.md new file mode 100644 index 0000000000000000000000000000000000000000..93f51bf0be82c2123e329c338aa028db81757cf0 --- /dev/null +++ b/docs/zh/docs/Virtualization/vmtop.md @@ -0,0 +1,177 @@ +# 工具使用指南 + +- [vmtop使用指南](#vmtop使用指南) + +## vmtop使用指南 + +### 概述 +vmtop 是运行在宿主机host上的用户态工具。使用vmtop可以实时动态地查看虚拟机资源的使用情况,例如CPU占用率、内存占用率、vCPU陷入陷出次数等。因此,可以使用vmtop作为虚拟化问题定位和性能调优的工具。 + +#### 多架构支持 +当前vmtop支持AArch64和x86_64处理器架构。 + +#### 显示项说明 +不同处理器架构的操作系统,vmtop的显示项存在差异,这里给出各个显示项的含义及其是否在对应架构呈现。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>以下采样差是指指定时间间隔内获取的两次数据的差值。 + +##### **AArch64和x86_64架构公共显示项** +- VM/task-name: 虚拟机/进程名称 +- DID: 虚拟机id +- PID: 虚拟机qemu进程的pid +- %CPU: 进程的CPU占用率 +- EXTsum: kvm exit总次数(采样差) +- S: 进程状态 +- P: 进程所占用的物理CPU号 +- %ST: 被抢占时间与CPU运行时间的比 +- %GUE: 虚拟机内部占用时间与CPU运行时间的比 +- %HYP: 虚拟化开销占比 + +##### 仅AArch64架构的显示项 +- EXThvc: hvc-exit次数(采样差) +- EXTwfe: wfe-exit次数(采样差) +- EXTwfi: wfi-exit次数(采样差) +- EXTmmioU: mmioU-exit次数(采样差) +- EXTmmioK: mmioK-exit次数(采样差) +- EXTfp: fp-exit次数(采样差) +- EXTirq: irq-exit次数(采样差) +- EXTsys64: sys64 exit次数(采样差) +- EXTmabt: mem abort exit次数(采样差) + + +##### 仅x86_64架构的显示项 +- PFfix: 缺页次数(采样差) +- PFgu: 向guest OS注入缺页次数(采样差) +- INvlpg: 冲刷tlb某项次数(tlb其中一项,并不固定) +- EXTio: io VM-exit次数(采样差) +- EXTmmio: mmio VM-exit次数(采样差) +- EXThalt: halt VM-exit次数(采样差) +- EXTsig: 信号处理引起的VM-exit次数(采样差) +- EXTirq: 中断引起的VM-exit次数(采样差) +- EXTnmiW: 处理不可屏蔽中断引起的VM-exit次数(采样差) +- EXTirqW: interruptwindow机制,开启中断使能时exit,以便注入中断(采样差) +- IrqIn: 注入irq中断次数(采样差) +- NmiIn: 注入nmi中断次数(采样差) +- TLBfl: 冲刷整个tlb次数(采样差) +- HostReL: 重载主机状态次数(采样差) +- Hyperv: 模拟Guest操作系统辅助虚拟化调用hypercall的处理次数(采样差) +- EXTcr: 访问CR寄存器退出次数(采样差) +- EXTrmsr: 读msr退出次数(采样差) +- EXTwmsr: 写msr退出次数(采样差) +- EXTapic: 写apic次数(采样差) +- EXTeptv: Ept缺页退出次数(采样差) +- EXTeptm: Ept错误退出次数(采样差) +- EXTpau: Vcpu暂停退出次数(采样差) + +### 使用方法 +vmtop是一款命令行工具,直接以命令行的方式运行 vmtop 即可。 +另外,vmtop还提供了不同可选选项,用于查询不同信息。 + +#### 语法格式 +```sh +vmtop [选项] +``` + +#### 选项说明 +- -d: 设置显示刷新的时间间隔,单位:秒 +- -H: 显示虚拟机的线程信息 +- -n: 设置显示刷新的次数,刷新完成后退出 +- -b: Batch模式显示,可以用于重定向到文件 +- -h: 显示帮助信息 +- -v: 显示版本 +- -p: 监控指定id的虚拟机 + +#### 快捷键 +在vmtop运行状态下使用的快捷键 +- H: 显示或关闭虚拟机线程信息,默认显示该信息 +- up/down: 向上/向下移动显示的虚拟机列表 +- left/right: 向左/向右移动显示的信息,从而显示因屏幕宽度被隐藏的列 +- f: 进入监控项编辑模式,选择要开启的监控项 +- q: 退出vmtop进程 + +### 示例 +在host上直接以命令行的方式运行vmtop +```sh +vmtop +``` +输出如下: +```sh +vmtop - 2020-09-14 09:54:48 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P %ST %GUE %HYP + 2 example 4054916 13.0 0 0 1206 10 0 144 62 174 0 1452 S 106 0.0 99.7 16.0 +``` +可以看到,host上只有一台名称为“example”的虚拟机,ID为2,CPU占用率是13.0%,在1秒内的陷入陷出总次数是1452,虚拟机进程占用的物理CPU为106号CPU,虚拟机内部占用时间与CPU运行时间的比是99.7%。 + +1.显示虚拟机线程信息 +按下‘H’后可以显示线程信息: +```sh +vmtop - 2020-09-14 10:11:27 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P %ST %GUE %HYP + 2 example 4054916 13.0 0 0 1191 17 4 120 76 147 0 1435 S 119 0.0 123.7 4.0 + |_ qemu-kvm 4054916 0.0 0 0 0 0 0 0 0 0 0 0 S 119 0.0 0.0 0.0 + |_ qemu-kvm 4054928 0.0 0 0 0 0 0 0 0 0 0 0 S 119 0.0 0.0 0.0 + |_ signalfd_com 4054929 0.0 0 0 0 0 0 0 0 0 0 0 S 120 0.0 0.0 0.0 + |_ IO mon_iothr 4054932 0.0 0 0 0 0 0 0 0 0 0 0 S 117 0.0 0.0 0.0 + |_ CPU 0/KVM 4054933 3.0 0 0 280 6 4 28 19 41 0 350 S 105 0.0 27.9 0.0 + |_ CPU 1/KVM 4054934 3.0 0 0 260 0 0 16 12 36 0 308 S 31 0.0 20.0 0.0 + |_ CPU 2/KVM 4054935 3.0 0 0 341 0 0 44 20 26 0 387 R 108 0.0 27.9 4.0 + |_ CPU 3/KVM 4054936 5.0 0 0 310 11 0 32 25 44 0 390 S 103 0.0 47.9 0.0 + |_ memory_lock 4054940 0.0 0 0 0 0 0 0 0 0 0 0 S 126 0.0 0.0 0.0 + |_ vnc_worker 4054944 0.0 0 0 0 0 0 0 0 0 0 0 S 118 0.0 0.0 0.0 + |_ worker 4143738 0.0 0 0 0 0 0 0 0 0 0 0 S 120 0.0 0.0 0.0 +``` +example虚拟机有11个线程,其中包括vCPU线程、vnc_worker、IO mon_iotreads等等,每个线程同样会显示详细CPU占用、陷入陷出等信息。 + +2.选择监控项 +按下‘f’进入监控项编辑模式: +```sh +field filter - select which field to be showed +Use up/down to navigate, use space to set whether chosen filed to be showed +'q' to quit to normal display + + * DID + * VM/task-name + * PID + * %CPU + * EXThvc + * EXTwfe + * EXTwfi + * EXTmmioU + * EXTmmioK + * EXTfp + * EXTirq + * EXTsys64 + * EXTmabt + * EXTsum + * S + * P + * %ST + * %GUE + * %HYP +``` +当前所有监控项都默认显示,通过up/down键选择,用space键来设置对应显示项是否显示/隐藏,按‘q’键退出。 +将%ST、%GUE、%HYP设置为隐藏后,输出如下: +```sh +vmtop - 2020-09-14 10:23:25 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P + 2 example 4054916 12.0 0 0 1213 14 1 144 68 168 0 1464 S 125 + |_ qemu-kvm 4054916 0.0 0 0 0 0 0 0 0 0 0 0 S 125 + |_ qemu-kvm 4054928 0.0 0 0 0 0 0 0 0 0 0 0 S 119 + |_ signalfd_com 4054929 0.0 0 0 0 0 0 0 0 0 0 0 S 120 + |_ IO mon_iothr 4054932 0.0 0 0 0 0 0 0 0 0 0 0 S 117 + |_ CPU 0/KVM 4054933 2.0 0 0 303 6 0 29 10 35 0 354 S 98 + |_ CPU 1/KVM 4054934 4.0 0 0 279 0 0 39 17 49 0 345 S 1 + |_ CPU 2/KVM 4054935 3.0 0 0 283 0 0 33 20 40 0 343 S 122 + |_ CPU 3/KVM 4054936 3.0 0 0 348 8 1 43 21 44 0 422 S 110 + |_ memory_lock 4054940 0.0 0 0 0 0 0 0 0 0 0 0 S 126 + |_ vnc_worker 4054944 0.0 0 0 0 0 0 0 0 0 0 0 S 118 + |_ worker 1794 0.0 0 0 0 0 0 0 0 0 0 0 S 126 +``` +%ST、%GUE、%HYP将不会出现在显示界面上。 diff --git "a/docs/zh/docs/Virtualization/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" "b/docs/zh/docs/Virtualization/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" index 2d65647994d3c8720fe4721e4fc2af564642ecf2..6e81459afdf6cc5be3002f65d2ba151daf035613 100644 --- "a/docs/zh/docs/Virtualization/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" +++ "b/docs/zh/docs/Virtualization/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" @@ -1,12 +1,4 @@ # 准备使用环境 - -- [准备使用环境](#准备使用环境) - - [准备虚拟机镜像](#准备虚拟机镜像) - - [准备虚拟机网络](#准备虚拟机网络) - - [准备引导固件](#准备引导固件) - - [非root用户配置](#非root用户配置) - - ## 准备虚拟机镜像 @@ -18,47 +10,46 @@ 制作qcow2格式镜像文件的操作步骤如下: -1. 使用root用户安装qemu-img软件包。 +1. 使用root用户安装qemu-img软件包。 - ``` + ```sh # yum install -y qemu-img ``` -2. 使用qemu-img工具的create命令,创建镜像文件,命令格式为: +2. 使用qemu-img工具的create命令,创建镜像文件,命令格式为: - ``` - $ qemu-img create -f -o + ```sh + # qemu-img create -f -o ``` 其中,各参数含义如下: - - _imgFormat_:镜像格式,取值为raw, qcow2等。 - - _fileOption_:文件选项,用于设置镜像文件的特性,如指定后端镜像文件,压缩,加密等特性。 - - _fileName_:文件名称。 - - _diskSize_:磁盘大小,用于指定块磁盘设备的大小,支持的单位有K、M、G、T,分别代表KiB、MiB、GiB、TiB。 + - _imgFormat_:镜像格式,取值为raw, qcow2等。 + - _fileOption_:文件选项,用于设置镜像文件的特性,如指定后端镜像文件,压缩,加密等特性。 + - _fileName_:文件名称。 + - _diskSize_:磁盘大小,用于指定块磁盘设备的大小,支持的单位有K、M、G、T,分别代表KiB、MiB、GiB、TiB。 - 例如,创建一个磁盘设备大小为4GB、格式为qcow2的镜像文件openEuler-imge.qcow2,命令和回显如下: + 例如,创建一个磁盘设备大小为4GB、格式为qcow2的镜像文件openEuler-image.qcow2,命令和回显如下: - ``` - $ qemu-img create -f qcow2 openEuler-image.qcow2 4G + ```sh + # qemu-img create -f qcow2 openEuler-image.qcow2 4G Formatting 'openEuler-image.qcow2', fmt=qcow2 size=4294967296 cluster_size=65536 lazy_refcounts=off refcount_bits=16 ``` - ### 修改镜像磁盘空间大小 当虚拟机需要更大的磁盘空间时,可以使用qemu-img工具,修改虚拟机镜像磁盘空间的大小,修改方法如下。 -1. 查询当前虚拟机镜像磁盘空间大小,命令如下: +1. 查询当前虚拟机镜像磁盘空间大小,命令如下: - ``` - $ qemu-img info + ```sh + # qemu-img info ``` 例如,查询openEuler-image.qcow2镜像磁盘空间大小的命令和回显如下,说明该镜像磁盘空间大小为4GiB。 - ``` - $ qemu-img info openEuler-image.qcow2 + ```sh + # qemu-img info openEuler-image.qcow2 image: openEuler-image.qcow2 file format: qcow2 virtual size: 4.0G (4294967296 bytes) @@ -71,29 +62,41 @@ corrupt: false ``` -2. 修改镜像磁盘空间大小,命令如下,其中_imgFiLeName_为镜像名称,“+”和“-”分别表示需要增加或减小的镜像磁盘空间大小,单位为K、M、G、T,代表KiB、MiB、GiB、TiB。 +2. 修改镜像磁盘空间大小,命令如下,其中imgFileName为镜像名称,“+”和“-”分别表示需要增加或减小的镜像磁盘空间大小,单位为K、M、G、T,代表KiB、MiB、GiB、TiB。 - ``` - $ qemu-img resize [+|-] + ```sh + # qemu-img resize [+|-] ``` 例如,将上述openEuler-image.qcow2镜像磁盘空间大小扩展到24GiB,即在原来4GiB基础上增加20GiB,命令和回显如下: + ```sh + # qemu-img resize openEuler-image.qcow2 +20G + Image resized. ``` + + 若"qemu-img resize openEuler-image.qcow2 +20G"命令的返回值如下 + qemu-img: Could not open 'openEuler-image.qcow2': Failed to get "write" lock + Is another process using the image [openEuler-image.qcow2]? + 则表示qcow2文件被另外一个进程占用,说明当前qcow2文件已被用来启动虚拟机。若需要执行命令成功,则需要先关闭虚拟机再执行扩展命令,命令和回显如下: + + ```sh + $ virsh destroy + Domain destroyed $ qemu-img resize openEuler-image.qcow2 +20G Image resized. ``` -3. 查询修改后的镜像磁盘空间大小,确认是否修改成功,命令如下: +3. 查询修改后的镜像磁盘空间大小,确认是否修改成功,命令如下: - ``` - $ qemu-img info + ```sh + # qemu-img info ``` 例如,上述openEuler-image.qcow2镜像磁盘空间已扩展到24GiB,命令和回显如下: - ``` - $ qemu-img info openEuler-image.qcow2 + ```sh + # qemu-img info openEuler-image.qcow2 image: openEuler-image.qcow2 file format: qcow2 virtual size: 24G (25769803776 bytes) @@ -106,12 +109,11 @@ corrupt: false ``` - ## 准备虚拟机网络 ### 概述 -为了使虚拟机可以与外部进行网络通信,需要为虚拟机配置网络环境。KVM虚拟化支持Linux网桥、Open vSwitch网桥等多种类型的网桥。如[图1](#fig1785384714917)所示,数据传输路径为“虚拟机 -\> 虚拟网卡设备 -\> Linux网桥或Open vSwitch网桥 -\> 物理网卡”。创建网桥,除了为虚拟机配置虚拟网卡设备外,为主机创建网桥是连接虚拟化网络的关键。 +为了使虚拟机可以与外部进行网络通信,需要为虚拟机配置网络环境。KVM虚拟化支持Linux网桥、Open vSwitch网桥等多种类型的网桥。如[图1](#fig1785384714917)所示,数据传输路径为“虚拟机 -\> 虚拟网卡设备 -\> Linux网桥或Open vSwitch网桥 -\> 物理网卡”。创建网桥,除了为虚拟机配置虚拟网卡设备外,为主机创建网桥是连接虚拟机网络的关键。 本节给出搭建Linux网桥和Open vSwitch网桥的方法,使虚拟机连接到网络,用户可以根据情况选择搭建网桥的类型。 @@ -122,186 +124,178 @@ 以物理网卡eth0绑定到Linux网桥br0的操作为例,使用root用户执行如下命令搭建Linux网桥: -1. 安装bridge-utils软件包。 +1. 安装bridge-utils软件包。 - Linux网桥通常通过brctl工具管理,其对应的安装包为bridge-utils,安装命令如下: + Linux网桥通常通过brctl工具管理,其对应的安装包为bridge-utils;而Linux网络配置和管理工具集的对应安装包为net-tools。可以使用以下命令进行安装: - ``` - # yum install -y bridge-utils + ```sh + # yum install -y bridge-utils net-tools ``` -2. 创建网桥br0。 +2. 创建网桥br0。 - ``` + ```sh # brctl addbr br0 ``` -3. 将物理网卡eth0绑定到Linux网桥。 +3. 将物理网卡eth0绑定到Linux网桥。 - ``` + ```sh + # yum install -y net-tools # brctl addif br0 eth0 ``` -4. eth0与网桥连接后,不再需要IP地址,将eth0的IP设置为0.0.0.0。 + >![](./public_sys-resources/icon-note.gif) **说明:** + >若在ssh远程工具中操作命令brctl addif br0 eth0,ssh远程连接会断开,需要到iBMC界面进行后续如下操作以完成虚拟化网络配置。 +4. eth0与网桥连接后,不再需要IP地址,将eth0的IP设置为0.0.0.0。 - ``` + ```sh # ifconfig eth0 0.0.0.0 ``` -5. 设置br0的IP地址。 - - 如果有DHCP服务器,可以通过dhclient设置动态IP地址。 +5. 设置br0的IP地址。 + - 如果有DHCP服务器,可以通过dhclient设置动态IP地址。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > 若使用DHCP给br0设置动态IP,需先清除原有可能存在的动态IP。输入dhclient -r 命令,清除原有可能存在的动态IP。 - ``` + ```sh # dhclient br0 ``` - - 如果没有DHCP服务器,给br0配置静态IP,例如设置静态IP为192.168.1.2,子网掩码为255.255.255.0。 + - 如果没有DHCP服务器,给br0配置静态IP,例如设置静态IP为192.168.1.2,子网掩码为255.255.255.0。 - ``` + ```sh # ifconfig br0 192.168.1.2 netmask 255.255.255.0 ``` - - ### 搭建Open vSwitch网桥 Open vSwitch网桥,具有更便捷的自动化编排能力。搭建Open vSwitch网桥需要安装网络虚拟化组件,这里介绍总体操作。 -**一、安装Open vSwitch组件** +**一**、安装Open vSwitch组件 使用Open vSwitch提供虚拟网络,需要安装Open vSwitch网络虚拟化组件,使用root用户执行如下命令: -1. 安装Open vSwitch组件。 +1. 关闭 SELinux,否则 ovsdb-server Manager 无法正常工作。 - ``` - # yum install -y openvswitch-kmod - # yum install -y openvswitch + ```sh + # setenforce 0 ``` -2. 启动Open vSwitch服务。 + 查询 SELinux 是否关闭成功,可以参考如下命令和回显。 - ``` - # systemctl start openvswitch + ```sh + # cat /etc/selinux/config | grep -v ^# + SELINUX=disabled + SELINUXTYPE=targeted ``` +2. 安装Open vSwitch组件。 -**二、确认安装是否成功** - -确认Open vSwitch组件是否安装成功,需要检查openvswitch-kmod和openvswitch这两个组件是否安装成功。 + ```sh + # yum install -y openvswitch + ``` -1. 确认openvswitch-kmod组件是否安装成功。若安装成功,可以看到软件包相关信息,命令和回显如下: +3. 启动Open vSwitch服务。 - ``` - $ rpm -qi openvswitch-kmod - Name : openvswitch-kmod - Version : 2.11.1 - Release : 1.oe3 - Architecture: aarch64 - Install Date: Thu 15 Aug 2019 05:07:49 PM CST - Group : System Environment/Daemons - Size : 15766774 - License : GPLv2 - Signature : (none) - Source RPM : openvswitch-kmod-2.11.1-1.oe3.src.rpm - Build Date : Thu 08 Aug 2019 04:33:08 PM CST - Build Host : armbuild10b175b113b44 - Relocations : (not relocatable) - Vendor : OpenSource Security Ralf Spenneberg - URL : http://www.openvswitch.org/ - Summary : Open vSwitch Kernel Modules - Description : - Open vSwitch provides standard network bridging functions augmented with - support for the OpenFlow protocol for remote per-flow control of - traffic. This package contains the kernel modules. + ```sh + # service openvswitch start ``` -2. 确认openvswitch组件是否安装成功。若安装成功,可以看到软件包相关信息,命令和回显如下: +> ![](./public_sys-resources/icon-note.gif) **说明:** +> 启动 Open vSwitch 服务过程中,可以根据需要使用相关服务,其中 ovn-controller-vtep.service 服务必须在普通用户下使用,否则操作会失败。其他服务,需要使用 root 权限。 - ``` +**二**、确认安装是否成功 + +1. 确认Open vSwitch组件是否安装成功,需要检查openvswitch组件是否安装成功。 +若安装成功,可以看到软件包相关信息,命令和回显如下: + + ```sh $ rpm -qi openvswitch - Name : openvswitch - Version : 2.11.1 - Release : 1 + Name: openvswitch + Version : 2.12.0 + Release : 11.oe1 Architecture: aarch64 - Install Date: Thu 15 Aug 2019 05:08:35 PM CST - Group : System Environment/Daemons - Size : 6051185 - License : ASL 2.0 - Signature : (none) - Source RPM : openvswitch-2.11.1-1.src.rpm - Build Date : Thu 08 Aug 2019 05:24:46 PM CST - Build Host : armbuild10b247b121b105 - Relocations : (not relocatable) - Vendor : Nicira, Inc. - URL : http://www.openvswitch.org/ - Summary : Open vSwitch daemon/database/utilities + Install Date: Tue 08 Jun 2021 04:54:31 PM CST + Group: Unspecified + Size: 7456390 + License : ASL 2.0 and ISC + Signature : RSA/SHA1, Mon 07 Jun 2021 01:16:33 AM CST, Key ID d557065eb25e7f66 + Source RPM : openvswitch-2.12.0-11.oe1.src.rpm + Build Date : Mon 07 Jun 2021 01:15:34 AM CST + Build Host : obs-worker-0011 + Packager : http://openeuler.org + Vendor : http://openeuler.org + URL: http://www.openvswitch.org/ + Summary : Production Quality, Multilayer Open Virtual Switch Description : - Open vSwitch provides standard network bridging functions and - support for the OpenFlow protocol for remote per-flow control of - traffic. - ``` + Open vSwitch is a production quality, multilayer virtual switch licensed under + the open source Apache 2.0 license. + ``` + +2. 查看Open vSwitch服务是否启动成功。若服务处于“Active”状态,说明服务启动成功,可以正常使用Open vSwitch提供的命令行工具,命令和回显如下: + + ```sh + $ service openvswitch status + Redirecting to /bin/systemctl status openvswitch.service + ● openvswitch.service - Open vSwitch + Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled; vendor preset: disabled) + Active: active (exited) since Wed 2021-06-16 16:45:41 CST; 17h ago + Process: 151652 ExecStart=/bin/true (code=exited, status=0/SUCCESS) + Main PID: 151652 (code=exited, status=0/SUCCESS) + Tasks: 0 + Memory: 0B + CGroup: /system.slice/openvswitch.service -3. 查看Open vSwitch服务是否启动成功。若服务处于“Active”状态,说明服务启动成功,可以正常使用Open vSwitch提供的命令行工具,命令和回显如下: + Jun 16 16:45:41 openEuler systemd[1]: Starting Open vSwitch... + Jun 16 16:45:41 openEuler systemd[1]: Started Open vSwitch. ``` - $ systemctl status openvswitch - ● openvswitch.service - LSB: Open vSwitch switch - Loaded: loaded (/etc/rc.d/init.d/openvswitch; generated) - Active: active (running) since Sat 2019-08-17 09:47:14 CST; 4min 39s ago - Docs: man:systemd-sysv-generator(8) - Process: 54554 ExecStart=/etc/rc.d/init.d/openvswitch start (code=exited, status=0/SUCCESS) - Tasks: 4 (limit: 9830) - Memory: 22.0M - CGroup: /system.slice/openvswitch.service - ├─54580 ovsdb-server: monitoring pid 54581 (healthy) - ├─54581 ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate> - ├─54602 ovs-vswitchd: monitoring pid 54603 (healthy) - └─54603 ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/open> - ``` - -**三、搭建Open vSwitch网桥** +**三**、搭建Open vSwitch网桥 以创建Open vSwitch一层网桥br0为例,介绍搭建方法,使用root用户执行如下命令: -1. 创建Open vSwitch网桥br0。 +1. 创建Open vSwitch网桥br0。 - ``` + ```sh # ovs-vsctl add-br br0 ``` -2. 将物理网卡eth0添加到br0。 +2. 将物理网卡eth0添加到br0。 - ``` + ```sh # ovs-vsctl add-port br0 eth0 ``` -3. eth0与网桥连接后,不再需要IP地址,将eth0的IP设置为0.0.0.0。 +3. eth0与网桥连接后,不再需要IP地址,将eth0的IP设置为0.0.0.0。 - ``` + ```sh # ifconfig eth0 0.0.0.0 ``` -4. 为OVS网桥br0分配IP。 - - 如果有DHCP服务器,可以通过dhclient设置动态IP地址。 +4. 为OVS网桥br0分配IP。 + - 如果有DHCP服务器,可以通过dhclient设置动态IP地址。 + > ![](./public_sys-resources/icon-note.gif) **说明:** + > + > 若使用DHCP给br0设置动态IP,需先清除原有可能存在的动态IP。输入dhclient -r 命令,清除原有可能存在的动态IP。 - ``` + ```sh # dhclient br0 ``` - - 如果没有DHCP服务器,给br0配置静态IP,例如192.168.1.2。 + - 如果没有DHCP服务器,给br0配置静态IP,例如192.168.1.2。 - ``` + ```sh # ifconfig br0 192.168.1.2 ``` - - ## 准备引导固件 ### 概述 -针对不同的架构,引导的方式有所差异。x86支持UFEI(Unified Extensible Firmware Interface)和BIOS方式启动,AArch64仅支持UFEI方式启动。openEuler默认已安装BIOS启动对应的引导文件,不需要用户额外操作。所以这里仅介绍UEFI启动方式的安装方法。 +针对不同的架构,引导的方式有所差异。x86支持UEFI(Unified Extensible Firmware Interface)和BIOS方式启动,AArch64仅支持UEFI方式启动。openEuler默认已安装BIOS启动对应的引导文件,不需要用户额外操作。所以这里仅介绍UEFI启动方式的安装方法。 统一的可扩展固件接口UEFI是一种全新类型的接口标准,用于开机自检、引导操作系统的启动,是传统BIOS的一种替代方案。EDK II是一套实现了UEFI标准的开源代码,在虚拟化场景中,通常利用EDK II工具集,通过UEFI的方式启动虚拟机。使用EDK II工具需要在虚拟机启动之前安装对应的软件包 ,本节介绍EDK II的安装方法。 @@ -309,31 +303,31 @@ Open vSwitch网桥,具有更便捷的自动化编排能力。搭建Open vSwitc 如果使用UEFI方式引导,需要安装工具集EDK II,AArch64架构对应的安装包为edk2-aarch64,x86架构对应的安装包为edk2-ovmf。这里以AArch64架构为例,给出具体的安装方法,x86架构仅需将edk2-aarch64替换为edk2-ovmf。 -1. 安装edk软件包,使用root用户执行如下命令: +1. 安装edk软件包,使用root用户执行如下命令: 在AArch64架构下edk2的包名为edk2-aarch64 - ``` + ```sh # yum install -y edk2-aarch64 ``` 在x86\_64架构下edk2的包名为edk2-ovmf - ``` + ```sh # yum install -y edk2-ovmf ``` -2. 查询edk软件是否安装成功,命令如下: +2. 查询edk软件是否安装成功,命令如下: - 在AArch64架构下查询如下 + 在AArch64架构下查询如下: - ``` - $ rpm -qi edk2-aarch64 + ```sh + rpm -qi edk2-aarch64 ``` 若edk软件安装成功,回显类似如下: - ``` + ```text Name : edk2-aarch64 Version : 20180815gitcb5f4f45ce Release : 1.oe3 @@ -342,15 +336,15 @@ Open vSwitch网桥,具有更便捷的自动化编排能力。搭建Open vSwitc Group : Applications/Emulators ``` - 在x86\_64架构下查询如下 + 在x86\_64架构下查询如下: - ``` - $ rpm -qi edk2-ovmf + ```sh + rpm -qi edk2-ovmf ``` 若edk软件安装成功,回显类似如下: - ``` + ```text Name : edk2-ovmf Version : 201908 Release : 6.oe1 @@ -368,33 +362,34 @@ openEuler虚拟化使用virsh管理虚拟机。如果希望在非root用户使 允许非root用户使用virsh命令管理虚拟机的配置操作如下,以下命令中的userName请改为实际的非root用户名称: -1. 使用root用户登陆主机。 +1. 使用root用户登录主机。 2. 将非root用户添加到libvirt用户组。 - ``` + ```sh # usermod -a -G libvirt userName ``` 3. 切换到非root用户。 - ``` + ```sh # su userName ``` 4. 配置非root用户的环境变量。使用vim打开~/.bashrc文件: + ```sh + vim ~/.bashrc ``` - $ vim ~/.bashrc - ``` + 并在末尾加上如下内容后保存。 - ``` + ```sh export LIBVIRT_DEFAULT_URI="qemu:///system" ``` 5. 在虚拟机XML配置文件中的domain根元素中添加如下内容,使qemu-kvm进程可以访问磁盘镜像文件。 - ``` + ```conf ``` diff --git "a/docs/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226.md" "b/docs/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226\347\273\204\344\273\266.md" similarity index 70% rename from "docs/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226.md" rename to "docs/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226\347\273\204\344\273\266.md" index a5fa839014d0350c8db502803a811d97be212b4a..e9bcce1a1c73d84907ae6e1ea9e8bbf691464255 100644 --- "a/docs/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226.md" +++ "b/docs/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226\347\273\204\344\273\266.md" @@ -1,27 +1,16 @@ -# 安装虚拟化 +# 安装虚拟化组件 本章介绍在openEuler中安装虚拟化组件的方法。 - -- [安装虚拟化](#安装虚拟化) - - [最低硬件要求](#最低硬件要求) - - [安装虚拟化核心组件](#安装虚拟化核心组件) - - [安装方法](#安装方法) - - [验证安装是否成功](#验证安装是否成功) - - - - - ## 最低硬件要求 在openEuler系统中安装虚拟化组件,最低硬件要求: -- AArch64处理器架构:ARMv8以上并且支持虚拟化扩展 -- x86\_64处理器架构:支持VT-x -- 2核CPU -- 4GB的内存 -- 16GB可用磁盘空间 +- AArch64处理器架构:ARMv8以上并且支持虚拟化扩展 +- x86\_64处理器架构:支持VT-x +- 2核CPU +- 4GB的内存 +- 16GB可用磁盘空间 ## 安装虚拟化核心组件 @@ -29,52 +18,51 @@ #### 前提条件 -- 已经配置yum源。配置方式请参见《openEuler 20.03 LTS 管理员指南》。 -- 安装操作需要root用户权限。 +- 已经配置yum源。配置方式请参见《[openEuler 20.03 LTS SP4 管理员指南](./../Administration/administration.md)》。 +- 安装操作需要root用户权限。 #### 安装步骤 -1. 安装QEMU组件。 +1. 安装QEMU组件。 - ``` + ```sh # yum install -y qemu ``` -2. 安装libvirt组件。 +2. 安装libvirt组件。 - ``` + ```sh # yum install -y libvirt ``` -3. 启动libvirtd服务。 +3. 启动libvirtd服务。 - ``` + ```sh # systemctl start libvirtd ``` - ->![](./public_sys-resources/icon-note.gif) **说明:** +>![本地图片](./public_sys-resources/icon-note.gif) **说明:** >KVM模块已经集成在openEuler内核中,因此不需要单独安装。 ### 验证安装是否成功 -1. 查看内核是否支持KVM虚拟化,即查看/dev/kvm和/sys/module/kvm文件是否存在,命令和回显如下: +1. 查看内核是否支持KVM虚拟化,即查看/dev/kvm和/sys/module/kvm文件是否存在,命令和回显如下: - ``` + ```sh $ ls /dev/kvm /dev/kvm ``` - ``` + ```sh $ ls /sys/module/kvm parameters uevent ``` 若上述文件存在,说明内核支持KVM虚拟化。若上述文件不存在,则说明系统内核编译时未开启KVM虚拟化,需要更换支持KVM虚拟化的Linux内核。 -2. 确认QEMU是否安装成功。若安装成功则可以看到QEMU软件包信息,命令和回显如下: +2. 确认QEMU是否安装成功。若安装成功则可以看到QEMU软件包信息,命令和回显如下: - ``` + ```sh $ rpm -qi qemu Name : qemu Epoch : 2 @@ -106,9 +94,9 @@ As QEMU requires no host kernel patches to run, it is safe and easy to use. ``` -3. 确认libvirt是否安装成功。若安装成功则可以看到libvirt软件包信息,命令和回显如下: +3. 确认libvirt是否安装成功。若安装成功则可以看到libvirt软件包信息,命令和回显如下: - ``` + ```sh $ rpm -qi libvirt Name : libvirt Version : 5.5.0 @@ -131,9 +119,9 @@ the libvirtd server exporting the virtualization support. ``` -4. 查看libvirt服务是否启动成功。若服务处于“Active”状态,说明服务启动成功,可以正常使用libvirt提供的virsh命令行工具,命令和回显如下: +4. 查看libvirt服务是否启动成功。若服务处于“active”状态,说明服务启动成功,可以正常使用libvirt提供的virsh命令行工具,命令和回显如下: - ``` + ```sh $ systemctl status libvirtd ● libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled) @@ -147,5 +135,3 @@ ─40754 /usr/sbin/libvirtd ``` - - diff --git "a/docs/zh/docs/Virtualization/\345\267\245\345\205\267\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/docs/zh/docs/Virtualization/\345\267\245\345\205\267\344\275\277\347\224\250\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..9dfbce3f371520ec73c32b8c8556e300057ee0ca --- /dev/null +++ "b/docs/zh/docs/Virtualization/\345\267\245\345\205\267\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -0,0 +1,2 @@ +# 工具使用指南 +为了方便用户更好地使用虚拟化,openEuler 提供了一系列工具,包括 vmtop、LibcarePlus 等。本章介绍这些工具的安装和使用指导。 diff --git "a/docs/zh/docs/Virtualization/\346\234\200\344\275\263\345\256\236\350\267\265.md" "b/docs/zh/docs/Virtualization/\346\234\200\344\275\263\345\256\236\350\267\265.md" index 655ebd4b7ffcd2286b909ead42db82f9499ff706..5056165e6e4d488e7d27fb0cbc34c735b543ac0e 100644 --- "a/docs/zh/docs/Virtualization/\346\234\200\344\275\263\345\256\236\350\267\265.md" +++ "b/docs/zh/docs/Virtualization/\346\234\200\344\275\263\345\256\236\350\267\265.md" @@ -5,14 +5,15 @@ - [最佳实践](#最佳实践) - [性能最佳实践](#性能最佳实践) - [halt-polling](#halt-polling) - - [IOThread配置](#IOThread配置) + - [IOThread配置](#iothread配置) - [裸设备映射](#裸设备映射) - [kworker隔离绑定](#kworker隔离绑定) - [内存大页](#内存大页) + - [Guest-Idle-Haltpoll](#guest-idle-haltpoll) - [安全最佳实践](#安全最佳实践) - - [Libvirt鉴权](#Libvirt鉴权) + - [Libvirt鉴权](#libvirt鉴权) - [qemu-ga](#qemu-ga) - - [sVirt保护](#sVirt保护) + - [sVirt保护](#svirt保护) @@ -63,7 +64,7 @@ KVM平台上,对虚拟磁盘的读写在后端默认由QEMU主线程负责处 4 ``` -- 给virtio-blk磁盘配置IOThread属性。**<**iothread**\>**表示IOThread线程编号,编号从1开始配置,最大为的配置值,且编号不能重复使用。例如将编号为2的IOThread配置给virtio-blk磁盘使用: +- 给virtio-blk磁盘配置IOThread属性。<**iothread**\>表示IOThread线程编号,编号从1开始配置,最大为的配置值,且编号不能重复使用。例如将编号为2的IOThread配置给virtio-blk磁盘使用: ``` @@ -100,7 +101,7 @@ KVM平台上,对虚拟磁盘的读写在后端默认由QEMU主线程负责处 #### 概述 -配置虚拟机存储设备时,除了将文件配置给虚拟机作为虚拟磁盘使用外,还可以将块设备(物理LUN、逻辑卷等)直接配置给虚拟机使用,从而提升存储性能。该配置方式称为裸设备映射。在该配置方式下,虚拟磁盘向虚拟机呈现为一个SCSI设备,且支持大部分SCSI命令。 +配置虚拟机存储设备时,除了将文件配置给虚拟机作为虚拟磁盘使用外,还可以将块设备(物理LUN、逻辑卷等)直接配置给虚拟机使用,从而提升存储性能。该配置方式称为裸设备映射。在该配置方式下,虚拟磁盘向虚拟机呈现为一个SCSI(Small Computer System Interface,小型计算机系统接口)设备,且支持大部分SCSI命令。 裸设备映射根据后端实现特点,分为虚拟裸设备映射和物理裸设备映射,物理裸设备映射相对虚拟裸设备映射具有更优秀的性能和更丰富的SCSI命令,但物理裸设备映射需要将整块SCSI磁盘挂载给虚拟机使用,如果使用分区、逻辑卷等方式配置,虚拟机将无法识别。 @@ -222,6 +223,55 @@ kworker是Linux内核实现的per-CPU线程,用来执行系统中的workqueue # echo never > /sys/kernel/mm/transparent_hugepage/enabled ``` +### Guest-Idle-Haltpoll + +#### 概述 + +为了保证公平性及降低功耗,当虚拟机vCPU空闲时,虚拟机将执行WFx/HLT指令退出到宿主机中,并触发上下文切换。宿主机将决定在物理CPU上调度其他进程或vCPU,或进入节能模式。但是,虚拟机和宿主机之间的切换、额外的上下文切换以及唤醒IPI中断开销较大,在频繁睡眠和唤醒的业务中该问题尤为突出。Guest-Idle-Haltpoll技术是指当虚拟机vCPU空闲时,不立刻执行WFx/HLT并发生VM-exit,而是在虚拟机内部轮询(polling)一段时间。在该时间段内,其他共享LLC的vCPU在该vCPU上的任务被唤醒不需要发送IPI中断,减少了发送和接收处理IPI的开销及虚拟机陷出(VM-exit)的开销,从而降低任务唤醒的时延。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>由于vCPU在虚拟机内部执行idle-haltpoll会增加vCPU在宿主机的CPU开销,所以开启该特性建议vCPU在宿主机独占物理核。 + +#### 操作指导 + +Guest-Idle-Haltpoll特性默认关闭,这里给出开启该特性的操作指导。 +1. 使能Guest-Idle-Haltpoll特性。 + - 若宿主机处理器架构为x86,可以在虚拟机内核启动参数中配置“cpuidle\_haltpoll.force=Y”强制开启,该方法不依赖宿主机配置vCPU独占物理核。 + ``` + cpuidle_haltpoll.force=Y + ``` + - 若宿主机处理器架构为AArch64,只支持在虚拟机内核启动参数中配置“cpuidle\_haltpoll.force=Y haltpoll.enable=Y”的方式使能该特性。 + + ``` + cpuidle_haltpoll.force=Y haltpoll.enable=Y + ``` + +2. 确认Guest-Idle-Haltpoll特性是否生效。在虚拟机中执行如下命令,若返回haltpoll,说明特性已经生效。 + + ``` + # cat /sys/devices/system/cpu/cpuidle/current_driver + ``` + +3. (可选)配置Guest-Idle-Haltpoll参数。 + 虚拟机的/sys/module/haltpoll/parameters/路径下提供了如下配置文件,用于调整配置参数,用户可以根据业务特点选择调整。 + + - guest\_halt\_poll\_ns: 全局参数,指vCPU空闲后polling的最大时长,默认值为200000(单位ns)。 + - guest\_halt\_poll\_shrink: 当唤醒事件发生在全局guest\_halt\_poll\_ns时间之后,用于收缩当前vCPU guest\_halt\_poll\_ns的除数因子,默认值为2。 + - guest\_halt\_poll\_grow: 当唤醒事件发生在当前vCPU guest\_halt\_poll\_ns之后且在全局guest\_halt\_poll\_ns之前,用于扩展当前vCPU guest\_halt\_poll\_ns的乘数因子,默认值为2。 + - guest\_halt\_poll\_grow\_start: 当系统空闲时,每个vCPU的guest\_halt\_poll\_ns最终会达到零。该参数用于设置当前vCPU guest\_halt\_poll\_ns的初始值,以便vCPU polling时长的收缩和扩展。默认值为50000(单位ns)。 + - guest\_halt\_poll\_allow\_shrink: 允许每个vCPU guest\_halt\_poll\_ns收缩的开关,默认值是Y(Y表示允许收缩,N表示禁止收缩)。 + + 可以使用root权限,参考如下命令修改参数值。其中 _value_ 表示需要设置的参数值, _configFile_ 为对应的配置文件。 + + ``` + # echo value > /sys/module/haltpoll/parameters/configFile + ``` + + 例如设置全局guest\_halt\_poll\_ns为200000ns的命令如下: + + ``` + # echo 200000 > /sys/module/haltpoll/parameters/guest_halt_poll_ns + ``` ## 安全最佳实践 @@ -313,7 +363,7 @@ openEuler默认关闭libvirt远程调用功能,这里给出开启libvirt远程 #### 概述 -qemu-ga(Qemu Guest Agent)它是运行在虚拟机内部的守护进程,它允许用户在host OS上通过QEMU提供带外通道实现对guest OS的多种管理操作:包括文件操作(open、read、write、close,seek、flush等)、内部关机、虚拟机休眠(suspend-disk、suspend-ram、suspend-hybrid),获取虚拟机内部的信息(包括内存,CPU,网卡,OS等相关信息 )等。 +qemu-ga(Qemu Guest Agent)是运行在虚拟机内部的守护进程,它允许用户在host OS上通过QEMU提供带外通道实现对guest OS的多种管理操作:包括文件操作(open、read、write、close,seek、flush等)、内部关机、虚拟机休眠(suspend-disk、suspend-ram、suspend-hybrid),获取虚拟机内部的信息(包括内存,CPU,网卡,OS等相关信息 )等。 在一些对安全要求较高的使用场景,为了防止虚拟机内部信息泄露,qemu-ga提供了黑名单功能,用户可以通过黑名单选择性屏蔽qemu-ga提供的部分功能。 @@ -371,19 +421,18 @@ qemu-ga(Qemu Guest Agent)它是运行在虚拟机内部的守护进程,它 >![](./public_sys-resources/icon-note.gif) **说明:** >更多关于qemu-ga的资料可以参见[https://wiki.qemu.org/Features/GuestAgent](https://wiki.qemu.org/Features/GuestAgent)。 - ### sVirt保护 #### 概述 -在只使用自由访问控制DAC(Discretionary Acces Control)策略的虚拟化环境中,主机上运行的恶意虚拟机可能存在攻击hypervisor或其他虚拟机的情况。为了提升虚拟化场景的安全性,openEuler使用了sVirt保护。sVirt是基于SELinux,适用于KVM虚拟化场景的安全防护技术。虚拟机本质是主机操作系统上的普通进程,sVirt机制在hypervisor将虚拟机对应的QEMU进程进行SELinux标记分类,除了使用type表示虚拟化专有进程和文件,还用不同的的category(在seclevel区间)表示不同虚拟机,每个虚拟机只能访问自身相同category的文件设备,防止虚拟机访问非授权的主机或其他虚拟机的文件和设备,从而防止虚拟机逃逸,提升主机和虚拟机的安全性。 +在只使用自由访问控制DAC(Discretionary Access Control)策略的虚拟化环境中,主机上运行的恶意虚拟机可能存在攻击hypervisor或其他虚拟机的情况。为了提升虚拟化场景的安全性,openEuler使用了sVirt保护。sVirt是基于SELinux,适用于KVM虚拟化场景的安全防护技术。虚拟机本质是主机操作系统上的普通进程,sVirt机制在hypervisor将虚拟机对应的QEMU进程进行SELinux标记分类,除了使用type表示虚拟化专有进程和文件,还用不同的category(在seclevel区间)表示不同虚拟机,每个虚拟机只能访问与自身相同category的文件设备,防止虚拟机访问非授权的主机或其他虚拟机的文件和设备,从而防止虚拟机逃逸,提升主机和虚拟机的安全性。 #### 开启sVirt保护 **一、使用root用户按照如下操作步骤开启主机的SELinux** -1. 登录主机。 -2. 开启主机SELinux功能。 +1. 登录主机。 +2. 开启主机SELinux功能。 1. 修改系统启动的grub.cfg,将selinux设置为1。 ``` @@ -396,13 +445,12 @@ qemu-ga(Qemu Guest Agent)它是运行在虚拟机内部的守护进程,它 SELINUX=enforcing ``` -3. 重启主机。 +3. 重启主机。 ``` # reboot ``` - **二、创建开启sVirt功能的虚拟机** 1. 虚拟机配置文件中添加如下配置: diff --git "a/docs/zh/docs/Virtualization/\347\203\255\350\277\201\347\247\273\350\231\232\346\213\237\346\234\272.md" "b/docs/zh/docs/Virtualization/\347\203\255\350\277\201\347\247\273\350\231\232\346\213\237\346\234\272.md" index 0796679de5acc7e9e5e913044922d0c479e9419b..c21a01ac92347684cd06f5a722ca3b6f66c83876 100644 --- "a/docs/zh/docs/Virtualization/\347\203\255\350\277\201\347\247\273\350\231\232\346\213\237\346\234\272.md" +++ "b/docs/zh/docs/Virtualization/\347\203\255\350\277\201\347\247\273\350\231\232\346\213\237\346\234\272.md" @@ -51,15 +51,32 @@ ### 前提条件 -- 进行热迁移之前要确保源端和目的端主机之间的网络是互通的,并且源端和目的获得资源权限是对等的,即两端同时能够访问到相同的存储资源和网络资源。 - +- 进行热迁移之前要确保源端和目的端主机之间的网络是互通的,并且源端和目的端获得资源权限是对等的,即两端同时能够访问到相同的存储资源和网络资源。 - 在执行虚拟机热迁移前应当对虚拟机进行健康检查,并确保目的端主机有足够的CPU、内存和存储资源。 +### 热迁移脏页率预测(可选) + +用户在迁移前可以使用dirtyrate功能,获取热迁移的内存脏页变化速率,根据虚拟机内存使用情况评估虚拟机是否适合迁移或配置合理的迁移参数。 + +使用方法: + +例如,指定名为*openEulerVM*的虚拟机,计算时间为1s: + +``` +virsh qemu-monitor-command openEulerVM '{"execute":"calc-dirty-rate", "arguments": {"calc-time": 1}}' +``` + +间隔1s后,查询脏页变化速率: + +``` +virsh qemu-monitor-command openEulerVM '{"execute":"query-dirty-rate"}' +``` + ### 设置热迁移参数(可选) 在执行热迁移之前,可以通过使用 virsh migrate-setmaxdowntime命令来指定虚拟机热迁移过程中能够容忍的最大停机时间,这是一个可选的配置项。 -例如,指定名为_openEulerVM_的虚拟机最大停机时间为500ms: +例如,指定名为*openEulerVM*的虚拟机最大停机时间为500ms: ``` # virsh migrate-setmaxdowntime openEulerVM 500 @@ -67,7 +84,7 @@ 同时,可以通过调用virsh migrate-setspeed来限制虚拟机热迁移占用的带宽大小,防止当前虚拟机热迁移的时候占用带宽过大,对主机上的其他虚拟机或者业务造成影响,这个选择同样也是热迁移的一个可选项。 -例如,指定名为_openEulerVM_的虚拟机热迁带宽为500Mbps: +例如,指定名为*openEulerVM*的虚拟机热迁带宽为500MiB/s: ``` # virsh migrate-setspeed openEulerVM --bandwidth 500 @@ -96,7 +113,7 @@ 2. 执行如下命令,进行虚拟机热迁移。 - 例如,将虚拟机_openEulerVM_迁移到目的主机上使用virsh migrate命令。 + 例如,将虚拟机*openEulerVM*迁移到目的主机上使用virsh migrate命令。 ``` # virsh migrate --live --unsafe openEulerVM qemu+ssh:///system @@ -146,3 +163,35 @@ 3. 热迁移完成后命令返回,虚拟机在目的端主机行正常运行,存储设备也被迁移到目的主机上。 +### 热迁移操作(加密传输) + +1. 简介 + +​ 为了能够更好的对虚拟机热迁移过程中数据的加密,openEuler提供了使用TLS(Transport Layer Security,传输层安全性协议)对迁移数据进行加密的特性。几乎QEMU中所有的网络服务都能够使用TLS对会话数据进行加密操作,同时也可以使用X509证书对客户端进行简单的身份认证。 + +2. 应用场景 + +​ 典型应用场景为要求热迁移过程中虚拟机数据在源端和目的端进行传输时保证数据的安全性。 + +3. 注意事项 + +​ 在使用TLS对虚拟机进行热迁移前,需要申请证书,然后在源端和目的端分别设置证书。使用TLS功能前需要打开对端认证配置项,需在/etc/libvirt/qemu.conf文件中设置migrate_tls_x509_verify = 1。 + +​ 单通道TLS热迁移的业务中断时长、迁移时长会有明显增长,迁移带宽上限100~200MiB/s,可能导致迁移失败。 + +​ 支持使用multiFd进行多通道TLS迁移,但会增加CPU开销(多开2个迁移线程),可能影响虚拟机运行;建议通过设置热迁移线程CPU亲和性将热迁移线程享受的CPU资源与虚拟机进程绑定的CPU资源隔离,迁移每台虚拟机建议绑定2个CPU。 + +4. 使用方法 + +单通道热迁移加密传输命令 + +``` +virsh migrate --live --unsafe --tls --domain openEulerVM --desturi qemu+tcp:///system --migrateuri tcp:// +``` + +多通道热迁移加密传输命令 + +``` +virsh migrate --live --unsafe --parallel --tls --domain openEulerVM --desturi qemu+tcp:///system --migrateuri tcp:// +``` + diff --git "a/docs/zh/docs/Virtualization/\347\256\241\347\220\206\347\263\273\347\273\237\350\265\204\346\272\220.md" "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\347\263\273\347\273\237\350\265\204\346\272\220.md" index 0452ffee472f07471233d9e8af34b199aa4675ea..5bf8ec1a02c79481651bfd0cd4b61f63f98f99f7 100644 --- "a/docs/zh/docs/Virtualization/\347\256\241\347\220\206\347\263\273\347\273\237\350\265\204\346\272\220.md" +++ "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\347\263\273\347\273\237\350\265\204\346\272\220.md" @@ -1,27 +1,21 @@ # 管理系统资源 -使用libvirt命令来管理虚拟机的系统资源,如vCPU、虚拟内存资源等。 - -在开始前: - -- 确保主机上运行了libvirtd守护进程。 -- 用virsh list --all命令确认虚拟机已经被定义。 - - [管理系统资源](#管理系统资源) - - [管理虚拟CPU](#管理虚拟CPU) - - [CPU份额](#CPU份额) - - [绑定QEMU进程至物理CPU](#绑定QEMU进程至物理CPU) - - [调整虚拟CPU绑定关系](#调整虚拟CPU绑定关系) - - [CPU热插](#CPU热插) + - [总体说明](#总体说明) + - [管理虚拟CPU](#管理虚拟cpu) - [管理虚拟内存](#管理虚拟内存) - - [NUMA简介](#NUMA简介) - - [配置Host NUMA](#配置Host-NUMA) - - [配置Guest NUMA](#配置Guest-NUMA) - - [内存热插](#内存热插) + +## 总体说明 +openEuler 虚拟化使用libvirt命令来管理虚拟机的系统资源,如vCPU、虚拟内存资源等。 + +在开始前: + +- 确保主机上运行了libvirtd守护进程。 +- 用virsh list --all命令确认虚拟机已经被定义。 ## 管理虚拟CPU @@ -32,7 +26,7 @@ 虚拟化环境下,同一主机上的多个虚拟机竞争使用物理CPU。为了防止某些虚拟机占用过多的物理CPU资源,影响相同主机上其他虚拟机的性能,需要平衡虚拟机vCPU的调度,避免物理CPU的过度竞争。 -CPU份额表示一个虚拟机竞争物理CPU计算资源的能力大小总和。用户通过调整cpu\_shares值能够设置虚拟机抢占物理CPU资源的能力。cpu\_shares值无单位,是一个相对值。虚拟机获得的CPU计算资源,是与其他虚拟机的CPU份额,按相对比例,瓜分物理CPU除预留外可用计算资源。通过调整CPU份额来保证虚拟机CPU计算资源服务质量。 +CPU份额表示一个虚拟机竞争物理CPU计算资源的能力大小总和。用户通过调整cpu\_shares值能够设置虚拟机抢占物理CPU资源的能力。cpu\_shares值无单位,是一个相对值。虚拟机获得的CPU计算资源的方式,是与其他虚拟机的CPU份额,按相对比例,瓜分物理CPU除预留外可用计算资源。通过调整CPU份额来保证虚拟机CPU计算资源服务质量。 #### 操作步骤 @@ -55,7 +49,7 @@ CPU份额表示一个虚拟机竞争物理CPU计算资源的能力大小总和 ``` -- 在线修改:修改处于running状态的虚拟机的当前CPU份额,使用带**--live**参数的virsh schedinfo命令: +- 在线修改:修改处于running状态的虚拟机的当前CPU份额,使用带 --live 参数的virsh schedinfo命令: ``` $ virsh schedinfo --live cpu_shares= @@ -77,9 +71,9 @@ CPU份额表示一个虚拟机竞争物理CPU计算资源的能力大小总和 iothread_quota : -1 ``` - 对cpu\_shares值的修改立即生效,虚拟机_openEulerVM_能得到的运行时间将是原来的2倍。但是这一修改将在虚拟机关机并重新启动后失效。 + 对cpu\_shares值的修改立即生效,虚拟机openEulerVM能得到的运行时间将是原来的2倍。但是这一修改将在虚拟机关机并重新启动后失效。 -- 持久化修改:在libvirt内部配置中修改虚拟机的CPU份额,使用带**--config**参数的virsh schedinfo命令: +- 持久化修改:在libvirt内部配置中修改虚拟机的CPU份额,使用带 --config 参数的virsh schedinfo命令: ``` $ virsh schedinfo --config cpu_shares= @@ -101,14 +95,14 @@ CPU份额表示一个虚拟机竞争物理CPU计算资源的能力大小总和 iothread_quota : 0 ``` - 对cpu\_shares值的修改不会立即生效,在虚拟机openEulerVM下一次启动后才生效,并持久生效。虚拟机openEulerVM能得到的运行时间将是原来的2倍。 + 对cpu\_shares值的修改不会立即生效,而是在虚拟机openEulerVM下一次启动后才生效,并持久生效。虚拟机openEulerVM能得到的运行时间将是原来的2倍。 ### 绑定QEMU进程至物理CPU #### 概述 -QEMU主进程绑定特性是将QEMU主进程绑定到特定的物理CPU范围内,从而保证了运行不同业务的虚拟机不会干扰到邻位虚拟机。例如在一个典型的云计算场景中,一台物理机上会运行多台虚拟机,而每台虚拟机的业务不同,造成了不同程度的资源占用,为了避免存储IO密集的虚拟机对邻位虚拟机的干扰,需要将不同虚拟机处理IO的存储进程完全隔离,由于QEMU主进程是处理前后端的主要服务进程,故需要实现隔离。 +QEMU主进程绑定特性是将QEMU主进程绑定到特定的物理CPU范围内,从而保证了运行不同业务的虚拟机不会干扰到邻位虚拟机。例如在一个典型的云计算场景中,一台物理机上会运行多台虚拟机,而每台虚拟机的业务不同,造成了不同程度的资源占用。为了避免存储IO密集的虚拟机对邻位虚拟机的干扰,需要将不同虚拟机处理IO的存储进程完全隔离,由于QEMU主进程是处理前后端的主要服务进程,故需要实现隔离。 #### 操作步骤 @@ -123,9 +117,9 @@ QEMU主进程绑定特性是将QEMU主进程绑定到特定的物理CPU范围内 *: 0-63 ``` - 这说明虚拟机_openEulerVM_对应的QEMU主进程可以在主机的所有物理CPU上调度。 + 这说明虚拟机openEulerVM对应的QEMU主进程可以在主机的所有物理CPU上调度。 -- 在线绑定:修改处于running状态的虚拟机对应的QEMU进程的绑定关系,使用带**--live**参数的vcpu emulatorpin命令: +- 在线绑定:修改处于running状态的虚拟机对应的QEMU进程的绑定关系,使用带 --live 参数的vcpu emulatorpin命令: ``` $ virsh emulatorpin openEulerVM --live 2-3 @@ -136,9 +130,9 @@ QEMU主进程绑定特性是将QEMU主进程绑定到特定的物理CPU范围内 *: 2-3 ``` - 以上命令把虚拟机_open__Euler__VM_对应的QEMU进程绑定到物理CPU2、3上,即限制了QEMU进程只在这两个物理CPU上调度。这一绑定关系的调整立即生效,但在虚拟机关机并重新启动后失效。 + 以上命令把虚拟机openEulerVM对应的QEMU进程绑定到物理CPU2、3上,即限制了QEMU进程只在这两个物理CPU上调度。这一绑定关系的调整立即生效,但在虚拟机关机并重新启动后失效。 -- 持久化绑定:在libvirt内部配置中修改虚拟机对应的QEMU进程的绑定关系,使用带**--config**参数的virsh emulatorpin命令: +- 持久化绑定:在libvirt内部配置中修改虚拟机对应的QEMU进程的绑定关系,使用带 --config 参数的virsh emulatorpin命令: ``` $ virsh emulatorpin openEulerVM --config 0-3,^1 @@ -149,7 +143,7 @@ QEMU主进程绑定特性是将QEMU主进程绑定到特定的物理CPU范围内 *: 0,2-3 ``` - 以上命令把虚拟机_open__Euler__VM_对应的QEMU进程绑定到物理CPU0、2、3上,即限制了QEMU进程只在这三个物理CPU上调度。**这一绑定关系的调整不会立即生效,在虚拟机下一次启动后才生效,并持久生效**。 + 以上命令把虚拟机openEulerVM对应的QEMU进程绑定到物理CPU0、2、3上,即限制了QEMU进程只在这三个物理CPU上调度。**这一绑定关系的调整不会立即生效,在虚拟机下一次启动后才生效,并持久生效**。 ### 调整虚拟CPU绑定关系 @@ -174,9 +168,9 @@ QEMU主进程绑定特性是将QEMU主进程绑定到特定的物理CPU范围内 3 0-63 ``` - 这说明虚拟机_openEulerVM_的所有vCPU可以在主机的所有物理CPU上调度。 + 这说明虚拟机openEulerVM的所有vCPU可以在主机的所有物理CPU上调度。 -- 在线调整:修改处于running状态的虚拟机的当前vCPU绑定关系,使用带**--live**参数的vcpu vcpupin命令: +- 在线调整:修改处于running状态的虚拟机的当前vCPU绑定关系,使用带 --live 参数的vcpu vcpupin命令: ``` $ virsh vcpupin openEulerVM --live 0 2-3 @@ -190,9 +184,9 @@ QEMU主进程绑定特性是将QEMU主进程绑定到特定的物理CPU范围内 3 0-63 ``` - 以上命令把虚拟机_open__Euler__VM_的vCPU0绑定到PCPU2、3上,即限制了vCPU0只在这两个物理CPU上调度。这一绑定关系的调整立即生效,但在虚拟机关机并重新启动后失效。 + 以上命令把虚拟机openEulerVM的vCPU0绑定到PCPU2、3上,即限制了vCPU0只在这两个物理CPU上调度。这一绑定关系的调整立即生效,但在虚拟机关机并重新启动后失效。 -- 持久化调整:在libvirt内部配置中修改虚拟机的vCPU绑定关系,使用带**--config**参数的virsh vcpupin命令: +- 持久化调整:在libvirt内部配置中修改虚拟机的vCPU绑定关系,使用带 --config 参数的virsh vcpupin命令: ``` $ virsh vcpupin openEulerVM --config 0 0-3,^1 @@ -206,64 +200,94 @@ QEMU主进程绑定特性是将QEMU主进程绑定到特定的物理CPU范围内 3 0-63 ``` - 以上命令把虚拟机_open__Euler__VM_的vCPU0绑定到物理CPU0、2、3上,即限制了vCPU0只在这三个物理CPU上调度。**这一绑定关系的调整不会立即生效,在虚拟机下一次启动后才生效,并持久生效**。 + 以上命令把虚拟机openEulerVM的vCPU0绑定到物理CPU0、2、3上,即限制了vCPU0只在这三个物理CPU上调度。**这一绑定关系的调整不会立即生效,在虚拟机下一次启动后才生效,并持久生效**。 ### CPU热插 #### 概述 -在线调整(热插)虚拟机CPU是指在虚拟机处于运行状态下,为虚拟机热插CPU而不影响虚拟机正常运行的方案。当虚拟机内部业务压力不断增大,会出现所有CPU均处于较高负载的情形。为了不影响虚拟机内的正常业务运行,可以使用CPU在线调整(热插)特性,在不关闭虚拟机情况下增加虚拟机的CPU数目,提升虚拟机的计算能力。 +在线增加(热插)虚拟机CPU是指在虚拟机处于运行状态下,为虚拟机热插CPU而不影响虚拟机正常运行的方案。当虚拟机内部业务压力不断增大,会出现所有CPU均处于较高负载的情形。为了不影响虚拟机内的正常业务运行,可以使用CPU热插功能(在不关闭虚拟机情况下增加虚拟机的CPU数目),提升虚拟机的计算能力。 #### 约束限制 -- 创建虚拟机的时候,指定的主板类型(machine)需为virt-4.1版本及以上。 -- 在配置Guest NUMA的场景中,必须把属于同一个socket的vcpu配置在同一vNode中,否则在热插CPU后可能导致虚拟机softlockup,进而可能导致panic。 -- 迁移、休眠唤醒、快照过程中均不支持虚拟机CPU热插。 +- 如果处理器为AArch64架构,创建虚拟机时指定的虚拟机芯片组类型\(machine\)需为virt-4.1或virt更高版本。如果处理器为x86\_64架构,创建虚拟机时指定的虚拟机芯片组类型\(machine\)需为pc-i440fx-1.5或pc更高版本。 +- 在配置Guest NUMA的场景中,必须把属于同一个socket的vcpu配置在同一vNode中,否则热插CPU后可能导致虚拟机softlockup,进而可能导致虚拟机panic。 +- 虚拟机在迁移、休眠唤醒、快照过程中均不支持CPU热插。 +- 虚拟机CPU热插是否自动上线取决于虚拟机操作系统自身逻辑,虚拟化层不保证热插CPU自动上线。 - CPU热插同时受限于Hypervisor和GuestOS支持的最大CPU数目。 - 虚拟机启动、关闭、重启过程中可能出现热插CPU失效的情况,但再次重启会生效。 -- 热插虚拟机CPU的时候,如果新增CPU数目不是虚拟机CPU拓扑配置项中Cores的整数倍,可能会导致虚拟机内部看到的CPU拓扑是混乱的,强烈建议每次新增的CPU数目为Cores的整数倍。 +- 热插虚拟机CPU的时候,如果新增CPU数目不是虚拟机CPU拓扑配置项中Cores的整数倍,可能会导致虚拟机内部看到的CPU拓扑是混乱的,建议每次新增的CPU数目为Cores的整数倍。 - 若需要热插CPU在线生效且在虚拟机重启后仍有效,virsh setvcpus接口中需要同时传入--config和--live选项, 将热插CPU动作持久化。 #### 操作步骤 -- 创建虚拟机时配置指定的模板 +**一、配置虚拟机XML** - 配置指定虚拟机当前的CPU数目和所支持热插的最大CPU数目上限,同时指定machine类型为virt-4.1及以上 (目前virt machine类型最高为4.1)。 +1. 使用CPU热插功能,需要在创建虚拟机时配置虚拟机当前的CPU数目、虚拟机所支持的最大CPU数目,以及虚拟机芯片组类型(对于AArch64架构,需为virt-4.1及以上版本。对于x86\_64架构,需为pc-i440fx-1.5及以上版本)。这里以AArch64架构虚拟机为例,配置模板如下: ``` - n - - hvm - + + ... + n + + hvm + + ... + ``` - 其中,m为虚拟机当前CPU数目,n为虚拟机支持热插到的最大CPU数目,且满足n大于或等于m。例如,配一个虚拟机当前CPU数目为4,最大支持的热插CPU上限为64的XML配置为: + + >![](./public_sys-resources/icon-note.gif) **说明:** + >- placement的值必须是static。 + >- m为虚拟机当前CPU数目,即虚拟机启动后默认的CPU数目。n为虚拟机支持热插到的最大CPU数目,该值不能超过Hypervisor支持的虚拟机最大CPU规格及GuestOS支持的最大CPU规格。n大于或等于m。 + + 例如,配一个虚拟机当前CPU数目为4,最大支持的热插CPU上限为64的XML配置为: ``` - 64 - - hvm - + + …… + 64 + + hvm + + …… ``` - >![](./public_sys-resources/icon-note.gif) **说明:** - > placement的值必须是static;当前CPU数目是虚拟机启动后默认的CPU数目;热插CPU数目上限是虚拟机CPU热插能到达的上限值,该值不能超过Hypervisor支持的虚拟机最大CPU规格及GuestOS支持的最大CPU规格。 -- 使用virsh命令执行虚拟机CPU热插操作 - virsh进行虚拟机CPU热插操作的命令为virsh setvcpus,具体格式如下: +**二、热插并上线CPU** + +1. 如果热插CPU后需要自动上线热插的CPU,可以使用root权限在虚拟机内部创建udev rules文件/etc/udev/rules.d/99-hotplug-cpu.rules,并在其中定义udev规则,内容参考如下: ``` - virsh setvcpus [--config] [--live] + # automatically online hot-plugged cpu + ACTION=="add", SUBSYSTEM=="cpu", ATTR{online}="1" + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >如果没有使用udev rules自动上线热插CPU,可以在热插CPU后,使用root权限,参考如下命令手动上线: + >``` + >for i in `grep -l 0 /sys/devices/system/cpu/cpu*/online` + >do + > echo 1 > $i + >done + >``` - domain: 参数,必填。指定虚拟机名称。 - count: 参数,必填。指定目标CPU数量。 - --config: 选项,选填。下次启动时仍有效。 - --live: 选项,选填。在线生效。 +2. 利用virsh工具进行虚拟机CPU热插操作。例如给虚拟机openEulerVM热插CPU到6,且在线生效的参考命令如下: + + ``` + virsh setvcpus openEulerVM 6 --live ``` - >![](./public_sys-resources/icon-note.gif) **说明:** - > CPU上线依赖虚拟机内部操作,故CPU热插后需要Guest内部实现CPU自动上线或手动上线。 + >![](./public_sys-resources/icon-note.gif) **说明:** + >virsh setvcpus 进行虚拟机CPU热插操作的格式如下: + >``` + >virsh setvcpus [--config] [--live] + >``` + >- domain: 参数,必填。指定虚拟机名称。 + >- count: 参数,必填。指定目标CPU数目,即热插后虚拟机CPU数目。 + >- --config: 选项,选填。虚拟机下次启动时仍有效。 + >- --live: 选项,选填。在线生效。 ## 管理虚拟内存 @@ -365,13 +389,13 @@ NUMA(Non Uniform Memory Access Architecture) 模式是一种分布式存储 #### 约束限制 -- 创建虚拟机的时候,指定的主板类型(machine)需为virt-4.1版本及以上。 +- 创建虚拟机的时候,AArch64平台上指定的主板类型(machine)需为virt-4.1或更高virt以上,x86平台上指定的主板类型需要为pc-i440fx-1.5以上版本。 - 内存热插特性依赖于Guest NUMA,虚拟机必须配置Guest NUMA,否则无法完成内存热插流程。 -- 热插内存时候必须指定新增内存所属的Gust NUMA node编号,否则内存热插失败。 +- 热插内存时候必须指定新增内存所属的Guest NUMA node编号,否则内存热插失败。 - 虚拟机内核必须支持内存热插能力,否则虚拟机无法识别新增内存或者无法上线内存。 - 配置使用大页的虚拟机,热插内存的容量必须是系统hugepagesz的整数倍,否则会导致热插失败。 - 热插内存的大小必须为Guest物理内存块大小block_size_bytes的整数倍,否则无法正常上线。在Guest内部执行lsmem可以获取block_size_bytes大小。 -- 配置n个virtio-net网卡后,最大可热插次数取值为min{max_slot, 64 - n},原因是要给网卡预留slot。 +- 配置n个virtio-net网卡后,最大可热插次数取值为min{max_slot, 64 - n},因为要给网卡预留slot。 - vhost-user设备和内存热插特性互斥。配置了vhost-user设备的虚拟机不支持内存热插;内存热插后,不支持虚拟机热插vhost-user设备。 - 如果虚拟机操作系统为Linux系列,请确保初始内存大于等于4GB。 - 如果虚拟机操作系统为Windows类型,第一次热插内存必须指定到Guest NUMA node0上,否则热插内存无法被虚拟机识别。 @@ -381,53 +405,67 @@ NUMA(Non Uniform Memory Access Architecture) 模式是一种分布式存储 #### 操作步骤 -在虚拟机创建时候配可热插内存最大范围,预留槽位号,并配置Guest NUMA拓扑结构。 +**一、配置虚拟机XML** + +1. 使用内存热插功能,需要在创建虚拟机时配置可热插内存的最大范围、预留槽位号,并配置Guest NUMA拓扑结构。 + + 例如,为虚拟机配置32GiB初始内存,预留256个槽位号,最大支持1TiB内存上限,2个NUMA node的配置为: -- 创建虚拟机,预留内存热插槽位 ``` - 32 - 1024 - - - - - + + 32 + 1024 + + + + + - + + .... ``` - 上述xml表示为虚拟机配置32G初始内存,预留256个槽位号,最大支持1TB内存上限,2个NUMA node的配置为: - >![](./public_sys-resources/icon-note.gif) **说明:** - >其中: - >- maxMemory字段中slots号表示预留的内存插槽,最大为256; - >- maxMemory表示虚拟机支持的最大物理内存上限; - >- Guest NUMA配置请参考配置Guest NUMA相关章节。 -- 准备内存描述xml文件 +>![](./public_sys-resources/icon-note.gif) **说明:** +>其中: +>maxMemory字段中slots号表示预留的内存插槽,最大取值为256。 +>maxMemory表示虚拟机支持的最大物理内存上限。 +>Guest NUMA配置请参见“配置Guest NUMA”相关章节。 + +**二、热插并上线内存** + +1. 如果热插内存后需要自动上线热插的内存,可以使用root权限在虚拟机内部创建udev rules文件/etc/udev/rules.d/99-hotplug-memory.rules,并在其中定义udev规则,内容参考如下: + + ``` + # automatically online hot-plugged memory + ACTION=="add", SUBSYSTEM=="memory", ATTR{state}="online" + ``` + +2. 根据需要热插的内存大小和虚拟机Guest NUMA Node创建内存描述xml文件。 + + 例如,热插1GiB内存到NUMA node0上: + ``` - + 1024 0 - - ``` - -- 使用virsh attach-device接口为虚拟机热插内存 - ``` - # virsh attach-device openEulerVM memory.xml --live - ``` - 上述命令行中memory.xml是热插内存的描述文件,可选参数--live表示在线生效,也可以加--config表示将热插内存持久化到虚拟机xml文件中。 - -- 热插内存上线 - - 使用shell脚本来完成内存上线的方法为: - ``` - for i in `grep -l offline /sys/devices/system/memory/memory*/state` - do - echo online > $i - done - ``` - 也可以使用udev rules自动完成内存上线。编辑udev rules创建文件/etc/udev/rules.d/99-hotplug-memory.rules - ``` - # automatically online hot-plugged memoryACTION=="add", SUBSYSTEM=="memory", ATTR{state}="online" - ``` + + + ``` + +3. 使用virsh attach-device命令为虚拟机热插内存。其中openEulerVM为虚拟机名称,memory.xml为热插内存的描述文件,--live 表示热插内存在线生效,也可以使用 --config 将热插内存持久化到虚拟机xml文件中。 + + ``` + # virsh attach-device openEulerVM memory.xml --live + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >如果没有使用udev rules自动上线热插内存,也可以使用root权限,参考如下命令手动上线: + >``` + >for i in `grep -l offline /sys/devices/system/memory/memory*/state` + >do + > echo online > $i + >done + >``` + diff --git "a/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\231\232\346\213\237\346\234\272.md" "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\231\232\346\213\237\346\234\272.md" index c44d01d67c29eb945ff2efcbe2971811c97c0003..d81f178d6fc00e7665f8a76eae1b3af068bd0d64 100644 --- "a/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\231\232\346\213\237\346\234\272.md" +++ "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\231\232\346\213\237\346\234\272.md" @@ -8,8 +8,11 @@ - [在线修改虚拟机配置](#在线修改虚拟机配置) - [查询虚拟机信息](#查询虚拟机信息) - [登录虚拟机](#登录虚拟机) - - [使用VNC密码登录](#使用VNC密码登录) - - [配置VNC TLS登录](#配置VNC-TLS登录) + - [使用VNC密码登录](#使用vnc密码登录) + - [配置VNC TLS登录](#配置vnc-tls登录) + - [虚拟机安全启动](#虚拟机安全启动) + - [总体介绍](#总体介绍) + - [安全启动实践](#安全启动实践) ## 虚拟机生命周期 @@ -26,21 +29,21 @@ - 未定义(undefined):虚拟机未定义或未创建,即libvirt认为该虚拟机不存在。 - 关闭状态(shut off):虚拟机已经被定义但未运行,或者虚拟机被终止。 -- 运行中(running):虚拟机处于运行状态。 +- 运行(running):虚拟机处于运行状态。 - 暂停(paused):虚拟机运行被挂起,其运行状态被临时保存在内存中,可以恢复到运行状态。 - 保存(saved):与暂停(paused)状态类似,其运行状态被保存在持久性存储介质中,可以恢复到运行状态。 - 崩溃(crashed):通常是由于内部错误导致虚拟机崩溃,不可恢复到运行状态。 #### 状态转换 -虚拟机不同状态之间可以相关转换,但必须满足一定规则。虚拟机不同状态之间的转换常用规则如[图1](#fig671014583483)所示。 +虚拟机不同状态之间可以相互转换,但必须满足一定规则。虚拟机不同状态之间的转换常用规则如[图1](#fig671014583483)所示。 **图 1** 状态转换图 ![](./figures/status-transition-diagram.png) #### 虚拟机标识 -在libvirt中,完成创建的虚拟机实例称做一个“domain”,其描述了虚拟机的CPU、内存、网络设备、存储设备等各种资源的配置信息。在同一个主机上,每个domain具有唯一标识,通过虚拟机名称Name、UUID、Id表示,对应含义请参见[表1](#table84397266483)。在虚拟机生命周期期间,可以通过虚拟机标识对特定虚拟机进行操作。 +在libvirt中,完成创建的虚拟机实例称作一个“domain”,其描述了虚拟机的CPU、内存、网络设备、存储设备等各种资源的配置信息。在同一个主机上,每个domain具有唯一标识,通过虚拟机名称Name、UUID、Id表示,对应含义请参见[表1](#table84397266483)。在虚拟机生命周期期间,可以通过虚拟机标识对特定虚拟机进行操作。 **表 1** domain标识说明 @@ -82,7 +85,7 @@ #### 前提条件 -- 执行虚拟机生命周期操作之前,需要查询虚拟机状态以确定可以执行对应操作。状态之间的基本转换关系请参见"总体介绍"中的"状态转换"的内容。 +- 执行虚拟机生命周期操作之前,需要查询虚拟机状态以确定可以执行对应操作。状态之间的基本转换关系请参见“总体介绍"中的“状态转换"的内容。 - 具备管理员权限。 - 准备好虚拟机XML配置文件。 @@ -100,9 +103,9 @@ virsh - _obj_:命令操作对象,如指定需要操作的虚拟机。 - _options_:命令选项,该参数可选。 -虚拟机生命周期管理各命令如[表1](#table389518422611)所示。其中VMInstanse为虚拟机名称、虚拟机ID或者虚拟机UUID,XMLFile是虚拟机XML配置文件,DumpFile为转储文件,请根据实际情况修改。 +虚拟机生命周期管理各命令如[表2](#table389518422611)所示。其中VMInstanse为虚拟机名称、虚拟机ID或者虚拟机UUID,XMLFile是虚拟机XML配置文件,DumpFile为转储文件,请根据实际情况修改。 -**表 1** 虚拟机生命周期管理命令 +**表 2** 虚拟机生命周期管理命令 -

    命令

    @@ -328,9 +331,9 @@ virsh edit命令通过编辑“domain”对应的XML配置文件,完成对虚 #### 查询虚拟机基本信息 -Libvirt组件提供了一组查询虚拟机状态信息的命令,包括虚拟机运行状态、设备信息或者调度属性等,使用方法请参见[表1](#table10582103963816)。 +Libvirt组件提供了一组查询虚拟机状态信息的命令,包括虚拟机运行状态、设备信息或者调度属性等,使用方法请参见[表3](#table10582103963816)。 -**表 1** 查询虚拟机基本信息 +**表 3** 查询虚拟机基本信息 - - + + + + + + + + - - + + + + + + + +

    查询的信息内容

    @@ -345,7 +348,7 @@ Libvirt组件提供了一组查询虚拟机状态信息的命令,包括虚拟

    virsh dominfo <VMInstance>

    包括虚拟机ID、UUID,虚拟机规格等信息。

    +

    包括虚拟机ID、UUID、虚拟机规格等信息。

    当前状态

    @@ -439,7 +442,7 @@ Libvirt组件提供了一组查询虚拟机状态信息的命令,包括虚拟 iothread_quota : -1 ``` -- 使用virsh vcpucount查询虚拟机的vCPU数目,从查询结构可知,虚拟机有4个CPU。 +- 使用virsh vcpucount查询虚拟机的vCPU数目,从查询结果可知,虚拟机有4个CPU。 ``` # virsh vcpucount openEulerVM @@ -447,7 +450,7 @@ Libvirt组件提供了一组查询虚拟机状态信息的命令,包括虚拟 current live 4 ``` -- 使用virsh domblklist查询虚拟机磁盘设备信息,从查询结构可知,虚拟机有2个磁盘,sda是qcow2格式的虚拟磁盘,sdb是一个cdrom设备。 +- 使用virsh domblklist查询虚拟机磁盘设备信息,从查询结果可知,虚拟机有2个磁盘,sda是qcow2格式的虚拟磁盘,sdb是一个cdrom设备。 ``` # virsh domblklist openEulerVM @@ -526,7 +529,7 @@ Libvirt组件提供了一组查询虚拟机状态信息的命令,包括虚拟 2. 打开VncViewer软件,输入主机IP和端口号。格式为“主机IP:端口号”,例如:“10.133.205.53:3”。 3. 单击“确定”输入VNC密码(可选),登录到虚拟机VNC进行操作。 -### 配置VNC-TLS登录.md">配置VNC TLS登录 +### 配置VNC TLS登录 #### 概述 @@ -540,7 +543,7 @@ VNC服务端和客户端默认采用明文方式进行数据传输,因此通 VNC开启TLS加密认证模式的操作步骤如下: -1. 登录VNC服务端所在主机登录VNC服务端所在主机,开启或修改服务端配置文件/etc/libvirt/qemu.conf中对应的配置项。相关配置内容如下所示: +1. 登录VNC服务端所在主机,开启或修改服务端配置文件/etc/libvirt/qemu.conf中对应的配置项。相关配置内容如下所示: ``` vnc_listen = "x.x.x.x" # "x.x.x.x"为VNC的侦听地址,请用户根据实际配置,VNC服务端只允许该地址或地址段范围内的客户端连接请求 @@ -647,4 +650,153 @@ VNC开启TLS加密认证模式的操作步骤如下: >- VNC客户端证书的配置请参见各客户端对应的使用说明,由用户自行配置。 >- 登录虚拟机的方式请参见“使用VNC密码登录”。 +## 虚拟机安全启动 + +### 总体介绍 + +#### 概述 + +安全启动(Secure Boot)就是利用公私钥对启动部件进行签名和验证。启动过程中,前一个部件验证后一个部件的数字签名,验证通过后,运行后一个部件,验证不通过则启动失败。安全启动的作用是检测设备启动阶段固件(Firmware)以及软件是否被篡改,防止恶意软件侵入和修改。通过安全启动可以保证系统启动过程中各个部件的完整性,防止没有经过认证的部件被加载运行,从而防止对系统及用户数据产生安全威胁。安全启动是在UEFI启动方式上实现的,Legacy启动方式不支持安全启动。根据UEFI规定,主板出厂的时候可以内置一些可靠的公钥。任何想要在这块主板上加载的操作系统或者硬件驱动程序,都必须通过这些公钥的认证。物理机上的安全启动由物理BIOS完成,虚拟机的安全启动通过软件模拟。虚拟机安全启动流程与host安全启动流程一致,都遵循开源UEFI规范。虚拟化平台上的UEFI由edk组件提供,虚拟机启动时qemu将UEFI镜像映射到内存中,为虚拟机模拟固件启动流程,安全启动正是虚拟机启动过程中edk提供的一个安全保护能力,用来保护虚拟机OS内核不被篡改。安全启动验签顺序:UEFI BIOS->shim->grub->vmlinuz(依次验签通过并加载)。 + +| 中文 | 英文 | 缩略语 | 中文定义/描述 | +| :-----| :----- | :----- | :----- | +| 安全启动 | Secure boot | Secure boot | 安全启动就是启动过程中,前一个部件验证后一个部件的数字签名,验证通过后,运行后一个部件,验证不通过就停下来。通过安全启动可以保证系统启动过程中各个部件的完整性。 | +| 平台密钥 | Platform key | PK | OEM厂商所有,必须为 RSA 2048 或更强,PK为平台拥有者和平台固件之间建立可信关系。平台拥有者将PK的公钥部分PKpub注册到平台固件中,平台拥有者可以使用PK的私有部分PKpriv来改变平台的拥有权或者注册KEK密钥。 | +| 密钥交换密钥 | Key exchange key | KEK | KEK为平台固件和OS之间创建可信关系。每一个操作系统和与平台固件通信的第三方应用在平台固件中注册KEK密钥的公共部分KEKpub。 | +| 签名数据库 | Database white list | DB | 存储验证shim、grub、vmlinuz等组件的密钥。 | +| 签名吊销数据库 | Database black list | DBx | 存储吊销的密钥。 | + +#### 功能说明 + +本次实现的虚拟机安全启动特性基于edk开源项目。非安全启动模式下,Linux基本流程如下: + +**图 1** 系统启动流程图 + +![](./figures/OSBootFlow.png) + +安全启动模式下UEFI BIOS启动后加载的首个组件是系统镜像中的shim,shim与UEFI BIOS进行交互获取存储在UEFI BIOS变量db里面的密钥对grub进行验证,加载grub后同样调用密钥和认证接口对kernel进行验证。Linux启动流程如下: + +**图 2** 安全启动流程图 + +![](./figures/SecureBootFlow.png) + +从整体处理流程上来看,安全启动特性包含多个关键场景,根据场景分析和系统分解,安全启动特性涉及以下几个子系统:UEFI BIOS校验shim,shim校验grub,grub校验kernel。UEFI BIOS对shim进行验证,验证通过则启动shim,不通过则提示错误,无法启动。Shim需要在镜像编译制作过程中使用私钥进行签名,公钥证书导入UEFI BIOS变量区DB中。Shim启动后验证启动grub,验证通过则启动grub,不通过则提示错误,无法启动。Grub需要在镜像编译制作过程中进行签名,使用和shim一样的公私钥对。Grub启动后检查调用shim注册在UEFI BIOS的认证接口和密钥对kernel进行验证,通过则启动内核,不通过则提示错误,grub需要在镜像编译制作过程中进行签名,使用和shim一样的公私钥对。 + +#### 约束限制 + +* 在不支持安全启动的UEFI BIOS上运行,对现有功能没有影响,业务无感知。 +* 安全启动特性依赖UEFI BIOS,必须在UEFI支持此功能的条件下才能发挥作用。 +* 在UEFI BIOS开启安全启动的情况下,如果相关部件没有签名或签名不正确,则无法正常启动系统。 +* 在UEFI BIOS关闭安全启动的情况下,启动过程的验证功能都会被关闭。 +* 安全启动验证链后半段,即shim->grub->kernel引导内核启动这部分的验证链由操作系统镜像实现,若操作系统不支持引导内核安全启动过程,则虚拟机安全启动失败。 +* 当前不提供x86架构使用nvram文件配置虚拟机安全启动 + +### 安全启动实践 + +虚拟机安全启动依赖于UEFI BIOS的实现,UEFI BIOS镜像通过edk rpm包安装,本节以AArch64为例对虚拟机安全启动进行配置。 + +#### 虚拟机配置 + +edk rpm包中的组件安装于/usr/share/edk2/aarch64目录下,包括`QEMU_EFI-pflash.raw`和`vars-template-pflash.raw`。虚拟机启动UEFI BIOS部分xml配置如下: + +``` + + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + /path/to/QEMU-VARS.fd + +``` + +其中/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw为UEFI BIOS镜像路径。/usr/share/edk2/aarch64/vars-template-pflash.raw为nvram镜像模板路径,/path/to/QEMU-VARS.fd为当前虚拟机nvram镜像文件路径,用于保存UEFI BIOS系统中的环境变量。 + +#### 证书导入 + +虚拟机安全启动时的证书从BIOS界面导入,在证书导入前需要将证书文件导入到虚拟机中。可以通过挂载磁盘的方式将证书文件所在目录挂载到虚拟机中,例如制作包含证书的镜像,并在虚拟机的配置文件xml中配置挂载该镜像: + +制作证书文件镜像 + +``` +dd of='/path/to/data.img' if='/dev/zero' bs=1M count=64 +mkfs.vfat -I /path/to/data.img +mkdir /path/to/mnt +mount path/to/data.img /path/to/mnt/ +cp -a /path/to/certificates/* /path/to/mnt/ +umount /path/to/mnt/ +``` +其中,/path/to/certificates/为证书文件所在路径,/path/to/data.img为证书文件镜像所在路径,/path/to/mnt/为镜像挂载路径。 + +在虚拟机xml文件中配置挂载该镜像 + +``` + + + + + + + + + +``` + +启动虚拟机,导入PK证书,流程如下(KEK证书,DB证书导入方式相同): + +虚拟机启动后,点击F2进入bios界面 + +**图 1** 进入bios界面 + +![](./figures/CertEnrollP1.png) + +**图 2** 进入Device Manager + +![](./figures/CertEnrollP2.png) + +**图 3** 进入Custom Secure Boot Options + +![](./figures/CertEnrollP3.png) + +**图 4** 进入PK Options + +![](./figures/CertEnrollP4.png) + +**图 5** Enroll PK + +![](./figures/CertEnrollP5.png) + +在File Explorer界面可以看到很多磁盘目录,其中包括我们通过磁盘挂载的证书文件目录 + +**图 6** File Explorer + +![](./figures/CertEnrollP6.png) + +在磁盘目录中选择要导入的PK证书 + +**图 7** 进入证书所在磁盘 + +![](./figures/CertEnrollP7.png) + +**图 8** 选择Commit Changes and Exit保存导入证书 + +![](./figures/CertEnrollP8.png) + +导入证书后,UEFI BIOS将证书信息以及安全启动属性写入nvram配置文件/path/to/QEMU-VARS.fd中,虚拟机下一次启动时会从/path/to/QEMU-VARS.fd文件中读取相关配置并初始化证书信息以及安全启动属性,自动导入证书并开启安全启动。同样,我们可以将/path/to/QEMU-VARS.fd作为其他相同配置虚拟机的UEFI BIOS启动配置模板文件,通过修改nvram template字段使其他虚拟机启动时自动导入证书并开启安全启动选项,虚拟机xml配置修改如下: + +``` + + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + + +``` + +#### 安全启动观测 + +正确配置虚拟机并导入PK、KEK、DB证书后,虚拟机将以安全启动的方式运行。可以通过在虚拟机配置文件xml中配置串口日志文件观测虚拟机是否为安全启动,串口日志文件的配置方式如下: + +``` + + + +``` +虚拟机加载系统镜像成功后,当串口日志文件中出现"UEFI Secure Boot is enabled"信息时,表明虚拟机当前为安全启动。 diff --git "a/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\256\276\345\244\207.md" "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\256\276\345\244\207.md" index 067c3eb5e65af2525e1522f766d261778d31d881..3d45a8cd915d48644cc52e8ab01ed96df9c7d5ab 100644 --- "a/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\256\276\345\244\207.md" +++ "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\256\276\345\244\207.md" @@ -1,17 +1,4 @@ # 管理设备 -- [管理设备](#管理设备) - - [配置虚拟机PCIe控制器](#配置虚拟机PCIe控制器) - - [管理虚拟磁盘](#管理虚拟磁盘) - - [管理虚拟网卡](#管理虚拟网卡) - - [配置虚拟串口](#配置虚拟串口) - - [管理设备直通](#管理设备直通) - - [PCI直通](#PCI直通) - - [SR-IOV直通](#SR-IOV直通) - - [管理虚拟机USB](#管理虚拟机USB) - - [配置USB控制器](#配置USB控制器) - - [配置USB直通设备](#配置USB直通设备) - - [管理快照](#管理快照) - ## 配置虚拟机PCIe控制器 @@ -23,11 +10,11 @@ 虚拟机PCIe控制器通过XML文件进行配置,PCIe Root、PCIe Root Port和PCIe-PCI-Bridge对应XML中的model分别为pcie-root、pcie-root-port、pcie-to-pci-bridge。 -- 简化配置方法 +- 简化配置方法 在虚拟机的XML文件中写入以下内容,controller的其他属性由libvirt自动填充: - ``` + ```xml @@ -38,11 +25,11 @@ 其中:由于pcie-root和pcie-to-pci-bridge分别占用1个index,因此最终的index等于需要的Root Port数量+1。 -- 完整配制方法 +- 完整配置方法 在虚拟机的XML文件中写入以下内容: - ``` + ```xml @@ -63,38 +50,37 @@ 其中: - - Root Port的chassis和port属性必须依次递增,由于中间插入一个PCIe-PCI-Bridge,chassis编号跳过2,但是port编号仍然连续。 - - Root Port的address function的取值范围为0x0\~0x7。 - - 每个slot最多下挂8个function,挂满之后需要递增slot编号。 + - Root Port的chassis和port属性必须依次递增,由于中间插入一个PCIe-PCI-Bridge,chassis编号跳过2,但是port编号仍然连续。 + - Root Port的address function的取值范围为0x0\~0x7。 + - 每个slot下最多挂8个function,挂满之后需要递增slot编号。 由于完整配置方法相对复杂,建议采用简化配置方法。 - ## 管理虚拟磁盘 ### 概述 虚拟磁盘类型主要包含virtio-blk、virtio-scsi、vhost-scsi等。virtio-blk模拟的是一种block设备,virtio-scsi和vhost-scsi模拟的是一种scsi设备。 -- virtio-blk:普通系统盘和数据盘可用,该种配置下虚拟磁盘在虚拟机内部呈现为vd\[a-z\]或vd\[a-z\]\[a-z\]。 -- virtio-scsi:普通系统盘和数据盘建议选用,该种配置下虚拟磁盘在虚拟机内部呈现为sd\[a-z\]或sd\[a-z\]\[a-z\]。 -- vhost-scsi:对性能要求高的虚拟磁盘建议选用,该种配置下虚拟磁盘在虚拟机内部呈现为sd\[a-z\]或sd\[a-z\]\[a-z\]。 +- virtio-blk:普通系统盘和数据盘可用,该种配置下虚拟磁盘在虚拟机内部呈现为vd\[a-z\]或vd\[a-z\]\[a-z\]。 +- virtio-scsi:普通系统盘和数据盘建议选用,该种配置下虚拟磁盘在虚拟机内部呈现为sd\[a-z\]或sd\[a-z\]\[a-z\]。 +- vhost-scsi:对性能要求高的虚拟磁盘建议选用,该种配置下虚拟磁盘在虚拟机内部呈现为sd\[a-z\]或sd\[a-z\]\[a-z\]。 ### 操作步骤 虚拟磁盘的配置步骤,请参见“虚拟机配置 > 存储设备”。本节以virtio-scsi磁盘为例,介绍挂载和卸载虚拟磁盘的简单方法。 -- 挂载virtio-scsi磁盘: +- 挂载virtio-scsi磁盘: 使用virsh attach-device命令挂载virtio-scsi虚拟磁盘: - ``` - $ virsh attach-device + ```sh + virsh attach-device ``` 上述命令可以为虚拟机在线挂载磁盘,其中磁盘信息由attach-device.xml文件指定。下面是一个attach-device.xml文件的例子: - ``` + ```sh ### attach-device.xml ### @@ -107,17 +93,16 @@ 通过上述命令挂载的磁盘,在虚拟机关机重启后失效。如果需要为虚拟机持久化挂载虚拟磁盘,需要使用带--config参数的virsh attach-device命令。 -- 卸载virtio-scsi磁盘: +- 卸载virtio-scsi磁盘: - 通过在线挂载的磁盘,如果不需要再使用,可以通过virsh detach命令动态卸载: + 通过在线挂载的磁盘,如果不需要再使用,可以通过virsh detach-device命令动态卸载: - ``` - $ virsh detach-device + ```sh + virsh detach-device ``` 其中,detach-device.xml指定了需要卸载的磁盘的XML信息,与动态挂载时的XML信息保持一致。 - ## 管理虚拟网卡 ### 概述 @@ -126,19 +111,19 @@ ### 操作步骤 -虚拟网卡的配置步骤,请参见“虚拟机配置 > 网络设备”。本节以vhost-net网卡为例,介绍挂载和卸载虚拟网卡的简单方法。 +虚拟网卡的配置步骤,请参见“[虚拟机配置 > 网络设备](https://docs.openeuler.org/zh/docs/20.03_LTS_SP4/docs/Virtualization/%E8%99%9A%E6%8B%9F%E6%9C%BA%E9%85%8D%E7%BD%AE.html)”。本节以vhost-net网卡为例,介绍挂载和卸载虚拟网卡的简单方法。 -- 挂载vhost-net网卡: +- 挂载vhost-net网卡: 使用virsh attach-device命令挂载vhost-net虚拟网卡: - ``` - $ virsh attach-device + ```sh + virsh attach-device ``` 上述命令可以为虚拟机在线挂载vhost-net网卡,其中网卡信息由attach-device.xml文件指定。下面是一个attach-device.xml文件的例子: - ``` + ```sh ### attach-device.xml ### @@ -151,17 +136,16 @@ 通过上述命令挂载的vhost-net网卡,在虚拟机关机重启后失效。如果需要为虚拟机持久化挂载虚拟网卡,需要使用带--config参数的virsh attach-device命令。 -- 卸载vhost-net网卡: +- 卸载vhost-net网卡: - 通过在线挂载的网卡,如果不需要再使用,可以通过virsh detach命令动态卸载: + 通过在线挂载的网卡,如果不需要再使用,可以通过virsh detach-device命令动态卸载: - ``` - $ virsh detach-device + ```sh + virsh detach-device ``` 其中,detach-device.xml指定了需要卸载虚拟网卡的XML信息,与动态挂载时的XML信息保持一致。 - ## 配置虚拟串口 ### 概述 @@ -172,28 +156,27 @@ Linux虚拟机串口控制台,即虚拟机串口连接到宿主机的一个伪终端设备,通过宿主机的设备间接实现对虚拟机的交互式操作。在该场景下串口需配置为pty类型,本节介绍pty型串口的配置方法。 -- 在虚拟机的XML配置文件中"devices"节点下添加如下所示的虚拟串口配置项: +- 在虚拟机的XML配置文件中"devices"节点下添加如下所示的虚拟串口配置项: - ``` - - - - - + ```xml + + + + + ``` -- 使用virsh console命令连接到正在运行的虚拟机的pty串口。 +- 使用virsh console命令连接到正在运行的虚拟机的pty串口。 - ``` - $ virsh console + ```sh + virsh console ``` -- 如果要确保没有遗漏任何串口消息,请在启动虚拟机时使用--console选项连接到串口。 +- 如果要确保没有遗漏任何串口消息,请在启动虚拟机时使用--console选项连接到串口。 + ```sh + virsh start --console ``` - $ virsh start --console - ``` - ## 管理设备直通 @@ -205,7 +188,7 @@ Linux虚拟机串口控制台,即虚拟机串口连接到宿主机的一个伪 PCI直通是指将host上的物理PCI设备直接呈现给一台虚拟机,供虚拟机直接访问的一种使用方式。PCI直通使用了vfio设备直通方式,为虚拟机配置PCI直通的xml配置如下: -``` +```xml @@ -270,20 +253,50 @@ PCI直通是指将host上的物理PCI设备直接呈现给一台虚拟机,供
    • on:表示直通设备的ROM呈现给虚拟机,例如:直通网卡虚拟机需要从该网卡的PXE启动时,可以将该选项配置为“on”,HBA卡直通虚拟机需要从ROM中启动时可以将该选项配置为“on”。
    • off:表示直通设备的ROM不呈现给虚拟机。

    hostdev.address type

    +

    hostdev.address.type

    +

    设备在Guest内呈现的类型,与设备实际类型保持一致。

    +

    pci (默认配置)

    +

    hostdev.address.domain

    +

    设备在Guest内呈现的domain号。

    +

    0x0000

    +

    hostdev.address.bus

    PCI设备呈现的Guest内bdf号。

    +

    设备在Guest内呈现的bus号。

    [0x03-0x1e](./slot范围)

    +

    0x00(默认配置),仅可配置为"配置虚拟机PCIe控制器"小节中配置的bus号。

    +

    hostdev.address.slot

    +

    设备在Guest内呈现的slot号。

    +

    可配置slot号的范围:[0x03,0x1e]

    说明:

    -
    • domain为域信息,bus为总线号,slot为插槽号,function为功能
    • 除了slot插槽号,这里其余均默认为0。
    • 第一个slot插槽号0x00被系统占用,第二个slot号0x01被IDE控制器和USB控制器占用,第三个slot号0x02被video占用。
    • 最后一个slot号0x1f被pvchannel占用。
    +
    • 第一个slot插槽号0x00被系统占用,第二个slot号0x01被IDE控制器和USB控制器占用,第三个slot号0x02被video占用。
    • 最后一个slot号0x1f被pvchannel占用。
    +

    hostdev.address.function

    +

    设备在Guest内呈现的function号。

    +

    0x0(默认配置),可配置function号的范围:[0x0,0x7]
    ->![](./public_sys-resources/icon-note.gif) **说明:** ->VFIO直通方式的最小直通单位是iommu\_group,host根据硬件上的ACS位,来划分iommu\_group。同一个iommu\_group中的设备只允许直通给同一台虚拟机(一个PCI设备上的若干个function,如果属于同一个iommu\_group,只允许直通给一个虚拟机使用)。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 注意hostdev.address标签为可选配置项。 +> - VFIO直通方式的最小直通单位是iommu\_group,host根据硬件上的ACS位,来划分iommu\_group。同一个iommu\_group中的设备只允许直通给同一台虚拟机(一个PCI设备上的若干个function,如果属于同一个iommu\_group,只允许直通给一个虚拟机使用)。 ### SR-IOV直通 @@ -291,37 +304,39 @@ PCI直通是指将host上的物理PCI设备直接呈现给一台虚拟机,供 SR-IOV(Single Root I/O Virtualizaiton)是一种基于硬件的虚拟化解决方案,通过SR-IOV技术可以将一个PF(Physical Function)虚拟成多个VF(Virtual Function),每个VF都可以单独被直通给一个虚拟机,极大地提升了硬件资源利用率和虚拟机的I/O性能。一种典型的应用场景就是网卡SR-IOV设备直通,利用SR-IOV技术可以将一个物理网卡(PF)虚拟成多个VF网卡,再把VF直通给虚拟机使用。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->- SR-IOV需要物理硬件支持,使用SR-IOV前请确保要直通的硬件设备支持该能力,并且Host侧的设备驱动程序工作在SR-IOV模式下。 ->- 查询网卡具体型号的办法如下: ->例如下述回显,第一列为网卡的PCI号,19e5:1822为网卡的厂商号设备号。 ->``` -># lspci | grep Ether ->05:00.0 Ethernet controller: Device 19e5:1822 (rev 45) ->07:00.0 Ethernet controller: Device 19e5:1822 (rev 45) ->09:00.0 Ethernet controller: Device 19e5:1822 (rev 45) ->0b:00.0 Ethernet controller: Device 19e5:1822 (rev 45) ->81:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01) ->81:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01) ->``` +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - SR-IOV需要物理硬件支持,使用SR-IOV前请确保要直通的硬件设备支持该能力,并且Host侧的设备驱动程序工作在SR-IOV模式下。 +> - 查询网卡具体型号的办法如下: +> 例如下述回显,第一列为网卡的PCI号,19e5:1822为网卡的厂商号设备号。 +> +> ```sh +> # lspci | grep Ether +> 05:00.0 Ethernet controller: Device 19e5:1822 (rev 45) +> 07:00.0 Ethernet controller: Device 19e5:1822 (rev 45) +> 09:00.0 Ethernet controller: Device 19e5:1822 (rev 45) +> 0b:00.0 Ethernet controller: Device 19e5:1822 (rev 45) +> 81:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01) +> 81:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01) +> ``` #### 操作方法 请使用root用户按照如下操作步骤配置SR-IOV直通网卡: -1. 开启网卡的SR-IOV模式。 - 1. 请确保Guest OS有网卡供应商提供的VF驱动支持,否则Guest OS内VF无法正常工作。 - 2. 在host OS的BIOS中开启SMMU/IOMMU的支持。不同厂家服务器的开启方式可能不同,请参考各服务器的帮助文档。 - 3. HOST驱动配置,开启SR-IOV的VF模式。这里以Hi1822网卡为例,开启16个VF。 +1. 开启网卡的SR-IOV模式。 + 1. 请确保Guest OS有网卡供应商提供的VF驱动支持,否则Guest OS内VF无法正常工作。 + 2. 在host OS的BIOS中开启SMMU/IOMMU的支持。不同厂家服务器的开启方式可能不同,请参考各服务器的帮助文档。 + 3. HOST驱动配置,开启SR-IOV的VF模式。这里以Hi1822网卡为例,开启16个VF。 - ``` + ```sh echo 16 > /sys/class/net/ethX/device/sriov_numvfs ``` -2. 获取PF和VF的PCI BDF信息。 - 1. 获取当前单板上的网卡资源列表,参考命令如下: +2. 获取PF和VF的PCI BDF信息。 + 1. 获取当前单板上的网卡资源列表,参考命令如下: - ``` + ```sh # lspci | grep Eth 03:00.0 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family (4*25GE) (rev 45) 04:00.0 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family (4*25GE) (rev 45) @@ -333,9 +348,9 @@ SR-IOV(Single Root I/O Virtualizaiton)是一种基于硬件的虚拟化解 7d:00.3 Ethernet controller: Huawei Technologies Co., Ltd. Device a221 (rev 20) ``` - 2. 查看VF的PCI BDF信息,参考命令如下: + 2. 查看VF的PCI BDF信息,参考命令如下: - ``` + ```sh # lspci | grep "Virtual Function" 03:00.1 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family Virtual Function (rev 45) 03:00.2 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family Virtual Function (rev 45) @@ -349,50 +364,50 @@ SR-IOV(Single Root I/O Virtualizaiton)是一种基于硬件的虚拟化解 03:01.2 Ethernet controller: Huawei Technologies Co., Ltd. Hi1822 Family Virtual Function (rev 45) ``` - 3. 选择一个可用的VF,根据其BDF信息将其配置写入虚拟机的配置文件中。以03:00.1设备为例,对应的bus号是03,slot号是00,function号是1。 + 3. 选择一个可用的VF,根据其BDF信息将其配置写入虚拟机的配置文件中。以03:00.1设备为例,对应的bus号是03,slot号是00,function号是1。 -3. 识别和管理PF/VF对应关系。 - 1. 识别PF对应的VF关系,以PF 03.00.0为例: +3. 识别和管理PF/VF对应关系。 + 1. 识别PF对应的VF关系,以PF 03.00.0为例: - ``` + ```sh # ls -l /sys/bus/pci/devices/0000\:03\:00.0/ ``` - 可下显示如下的软链接信息,根据信息可以获得其对应的VF编号(virtfnX)和PCI BDF号。 + 可显示如下的软链接信息,根据信息可以获得其对应的VF编号(virtfnX)和PCI BDF号。 - 2. 识别VF对应的PF关系,以VF 03:00.1为例: + 2. 识别VF对应的PF关系,以VF 03:00.1为例: - ``` + ```sh # ls -l /sys/bus/pci/devices/0000\:03\:00.1/ ``` - 可显示下述软连接信息,即可获得其对应PF的PCI BDF号。 + 可显示下述软链接信息,即可获得其对应PF的PCI BDF号。 - ``` + ```sh lrwxrwxrwx 1 root root 0 Mar 28 22:44 physfn -> ../0000:03:00.0 ``` - 3. 获知PF/VF对应的网卡设备名称,例如: + 3. 获知PF/VF对应的网卡设备名称,例如: - ``` + ```sh # ls /sys/bus/pci/devices/0000:03:00.0/net eth0 ``` - 4. 设置VF的mac/vlan/qos信息,确保VF在直通之前处于UP状态。以VF 03:00.1为例,假设PF为eth0,VF编号为0。 + 4. 设置VF的mac/vlan/qos信息,确保VF在直通之前处于UP状态。以VF 03:00.1为例,假设PF为eth0,VF编号为0。 - ``` + ```sh # ip link set eth0 vf 0 mac 90:E2:BA:21:XX:XX # 设置mac地址 # ifconfig eth0 up # ip link set eth0 vf 0 rate 100 # 设置VF出口速率,单位Mbps # ip link show eth0 # 查看mac/vlan/qos信息,确认设置成功 ``` -4. 挂载SR-IOV网卡到虚拟机中。 +4. 挂载SR-IOV网卡到虚拟机中。 创建虚拟机时,在虚拟机配置文件中增加SR-IOV直通的配置项。 - ``` + ```xml @@ -404,7 +419,7 @@ SR-IOV(Single Root I/O Virtualizaiton)是一种基于硬件的虚拟化解 ``` - **表 1** SR-IOV配置选项说明 + **表 2** SR-IOV配置选项说明

    参数名

    @@ -447,20 +462,21 @@ SR-IOV(Single Root I/O Virtualizaiton)是一种基于硬件的虚拟化解
    - >![](./public_sys-resources/icon-note.gif) **说明:** - >关闭SR-IOV功能。 - >在虚拟机使用完毕后(虚拟机关机,所有的VF均没有在使用中的时候),若要关闭SR-IOV功能。执行操作如下: - >这里以Hi1822网卡(eth0对应PF的网口名称)为例: - >``` - >echo 0 > /sys/class/net/eth0/device/sriov_numvfs - >``` + > ![](./public_sys-resources/icon-note.gif) **说明:** + > 关闭SR-IOV功能。 + > 在虚拟机使用完毕后(虚拟机关机,所有的VF均没有在使用中的时候),若要关闭SR-IOV功能。执行操作如下: + > 这里以Hi1822网卡(eth0对应PF的网口名称)为例: + > + > ```sh + > echo 0 > /sys/class/net/eth0/device/sriov_numvfs + > ``` #### HPRE加速器SR-IOV直通 -加速器引擎是TaiShan 200服务器基于Kunpeng 920服务器提供的硬件加速解决方案。HPRE加速器用于加速SSL/TLS应用,可以显著降低处理器消耗,提高处理器效率。 +加速器引擎是TaiShan 200服务器基于Kunpeng 920处理器提供的硬件加速解决方案。HPRE加速器用于加速SSL/TLS应用,可以显著降低处理器消耗,提高处理器效率。 在鲲鹏服务器上,需要把主机Host上的HPRE加速器的VF直通给虚拟机,供虚拟机内部业务使用。 -**表 1** HPRE加速器说明 +**表 3** HPRE加速器说明 | | 说明 | |-------------|-----------------------------------------------------------------------------------------------------| @@ -471,36 +487,37 @@ SR-IOV(Single Root I/O Virtualizaiton)是一种基于硬件的虚拟化解 | VF DeviceID | 0xA259 | | 最大VF数量 | 一个HPRE PF最多支持创建63个VF | - ->![](./public_sys-resources/icon-note.gif) **说明:** ->当虚拟机正在使用VF设备时,不允许卸载Host上的驱动,加速器不支持热插拔。 ->VF操作(VFNUMS为0表示关闭VF,hpre_num用来标识具体的加速器设备): ->``` ->echo $VFNUMS > /sys/class/uacce/hisi_hpre-$hpre_num/device/sriov_numvfs ->``` +> ![](./public_sys-resources/icon-note.gif) **说明:** +> 当虚拟机正在使用VF设备时,不允许卸载Host上的驱动,加速器不支持热插拔。 +> VF操作(VFNUMS为0表示关闭VF,hpre_num用来标识具体的加速器设备): +> +> ```sh +> echo $VFNUMS > /sys/class/uacce/hisi_hpre-$hpre_num/device/sriov_numvfs +> ``` ## 管理虚拟机USB 为了方便在虚拟机内部使用USBkey设备、USB海量存储设备等USB设备,openEuler提供了USB设备直通的功能。用户可以通过USB直通和热插拔相关接口给虚拟机配置直通USB设备、或者在虚拟机处于运行的状态下热插/热拔USB设备。 + ### 配置USB控制器 #### 概述 USB控制器是为虚拟机上的USB设备提供具体USB功能的虚拟控制器设备,在虚拟机内部使用USB设备必须给虚拟机配置USB控制器。当前openEuler支持如下三种USB控制器: -- UHCI(Universal Host Controller Interface):通用主机控制器接口,也称为USB 1.1主机控制器规范。 -- EHCI(Enhanced Host Controller):增强主机控制器接口,也称为USB 2.0主机控制器规范。 -- xHCI(eXtensible Host Controller Interface):可扩展主机控制器接口,也称为USB 3.0主机控制器规范。 +- UHCI(Universal Host Controller Interface):通用主机控制器接口,也称为USB 1.1主机控制器规范。 +- EHCI(Enhanced Host Controller Interface):增强主机控制器接口,也称为USB 2.0主机控制器规范。 +- xHCI(eXtensible Host Controller Interface):可扩展主机控制器接口,也称为USB 3.0主机控制器规范。 #### 注意事项 -- 主机服务器上需存在支持USB 1.1、USB 2.0和USB 3.0标准的USB控制器硬件和模块。 -- 为虚拟机配置USB控制器时,请按照USB 1.1、USB 2.0到USB 3.0的顺序来配置。 -- 一个xHCI控制器有8个端口,最多可以挂载4个USB 3.0设备和4个USB 2.0设备。一个EHCI控制器有6个端口,最多可以挂载6个USB2.0设备。一个UHCI控制器有2个端口,最多可以挂载2个USB 1.1设备。 -- 每台虚拟机最多支持配置一个相同类型的USB控制器。 -- 不支持热插拔USB控制器。 -- 若虚拟机没有安装USB 3.0的驱动,可能无法识别xHCI控制器,USB 3.0驱动下载和安装方法请参见对应OS发行商官方说明。 -- 为了不影响操作系统的兼容性,为虚拟机配置USB接口的tablet设备时,请指定USB控制器bus号为0(默认挂载到USB 1.1控制器上)。 +- 主机服务器上需存在支持USB 1.1、USB 2.0和USB 3.0标准的USB控制器硬件和模块。 +- 为虚拟机配置USB控制器时,请按照USB 1.1、USB 2.0到USB 3.0的顺序来配置。 +- 一个xHCI控制器有8个端口,最多可以挂载4个USB 3.0设备和4个USB 2.0设备。一个EHCI控制器有6个端口,最多可以挂载6个USB2.0设备。一个UHCI控制器有2个端口,最多可以挂载2个USB 1.1设备。 +- 每台虚拟机支持配置多种类型的USB控制器,且每种类型可配置多个。 +- 不支持热插拔USB控制器。 +- 若虚拟机没有安装USB 3.0的驱动,可能无法识别xHCI控制器,USB 3.0驱动下载和安装方法请参见对应OS发行商官方说明。 +- 为了不影响操作系统的兼容性,为虚拟机配置USB接口的tablet设备时,请指定USB控制器bus号为0(默认挂载到USB 1.1控制器上)。 #### 配置方法 @@ -508,21 +525,21 @@ USB控制器是为虚拟机上的USB设备提供具体USB功能的虚拟控制 USB 1.1控制器(UHCI)的XML配置项为: -``` +```xml ``` USB 2.0控制器(EHCI)的XML配置为: -``` +```xml ``` USB 3.0控制器(xHCI)的XML配置为: -``` +```xml ``` @@ -535,10 +552,10 @@ USB 3.0控制器(xHCI)的XML配置为: #### 注意事项 -- 一个USB设备只能直通给一台虚拟机使用 -- 配置了直通USB设备的虚拟机不支持热迁移 -- 虚拟机配置文件中直通的USB设备不存在时,虚拟机会创建失败 -- 对一个正在读写的USB存储设备进行强制热拔操作有可能会损坏USB设备内的文件 +- 一个USB设备只能直通给一台虚拟机使用 +- 配置了直通USB设备的虚拟机不支持热迁移 +- 虚拟机配置文件中直通的USB设备不存在时,虚拟机会创建失败 +- 对一个正在读写的USB存储设备进行强制热拔操作有可能会损坏USB设备内的文件 #### 配置说明 @@ -546,7 +563,7 @@ USB 3.0控制器(xHCI)的XML配置为: USB设备的XML描述: -``` +```xml
    @@ -555,23 +572,23 @@ USB设备的XML描述: ``` -- \
    ,其中,m表示该USB设备在主机上的bus地址,n表示device ID编号。 -- \
    表示该USB设备要挂载到虚拟机指定的USB控制器。其中x表示控制器ID,与虚拟机所配置的USB控制器index编号相对应,y表示port地址。用户配置直通USB设备的时候需要配置这个字段,确保设备挂载的控制器与预期相符。 +- \
    ,其中,m表示该USB设备在主机上的bus地址,n表示device ID编号。 +- \
    表示该USB设备要挂载到虚拟机指定的USB控制器。其中x表示控制器ID,与虚拟机所配置的USB控制器index编号相对应,y表示port地址。用户配置直通USB设备的时候需要配置这个字段,确保设备挂载的控制器与预期相符。 #### 配置方法 配置USB直通的步骤如下: -1. 为虚拟机配置USB控制器,配置方法请参见“虚拟机配置 > 配置USB控制器”。 -2. 查询主机上的USB设备信息。 +1. 为虚拟机配置USB控制器,配置方法请参见“虚拟机配置 > 配置USB控制器”。 +2. 查询主机上的USB设备信息。 通过lsusb命令(需要安装usbutils软件包)查询主机上的USB设备信息,包含bus地址、device地址、设备厂商ID、设备ID和产品描述信息等。例如: - ``` - $ lsusb + ```sh + lsusb ``` - ``` + ```text Bus 008 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 007 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub @@ -587,36 +604,34 @@ USB设备的XML描述: Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub ``` -3. 准备USB设备的XML描述文件,注意在设备热拔之前,请确保USB设备当前不在使用当中,否则可能造成数据丢失。 -4. 执行热插、热拔命令。 +3. 准备USB设备的XML描述文件,注意在设备热拔之前,请确保USB设备当前不在使用当中,否则可能造成数据丢失。 +4. 执行热插、热拔命令。 假设虚拟机名称为openEulerVM,对应的配置文件为usb.xml。 - - 热插USB设备,只对当前运行的虚拟机有效,虚拟机冷重启后需要重新配置。 + - 热插USB设备,只对当前运行的虚拟机有效,虚拟机冷重启后需要重新配置。 - ``` - $ virsh attach-device openEulerVM usb.xml --live + ```sh + virsh attach-device openEulerVM usb.xml --live ``` - - 热插USB设备,持久化该配置,即该虚拟机重启后该设备会自动直通给该虚拟机使用。 + - 热插USB设备,持久化该配置,即该虚拟机重启后该设备会自动直通给该虚拟机使用。 - ``` - $ virsh attach-device openEulerVM usb.xml --config + ```sh + virsh attach-device openEulerVM usb.xml --config ``` - - 热拔USB设备,只对当前运行的虚拟机有效,持久化配置的USB设备在虚拟机重启后USB设备会自动直通给该虚拟机。 + - 热拔USB设备,只对当前运行的虚拟机有效,持久化配置的USB设备在虚拟机重启后USB设备会自动直通给该虚拟机。 - ``` - $ virsh detach-device openEulerVM usb.xml --live + ```sh + virsh detach-device openEulerVM usb.xml --live ``` - - 热拔USB设备,持久化该配置。 + - 热拔USB设备,持久化该配置。 + ```sh + virsh detach-device openEulerVM usb.xml --config ``` - $ virsh detach-device openEulerVM usb.xml --config - ``` - - ## 管理快照 @@ -624,38 +639,127 @@ USB设备的XML描述: 虚拟机在使用过程中可能由于病毒对系统的破坏、系统文件被误删除或误格式化等原因造成虚拟机系统损坏导致系统无法启动。为了使损坏的系统快速恢复,openEuler提供了存储快照功能。openEuler可以在用户不感知的情况下制作虚拟机在某一时刻的快照(制作通常指需要几秒钟),该快照能帮助用户将磁盘快速恢复到某一时刻的状态,例如系统损坏后能快速恢复系统,从而提升系统可靠性。 ->![](./public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >当前存储快照只支持raw、qcow2格式镜像,不支持block块设备。 ### 操作步骤 制作虚拟机存储快照的操作步骤如下: -1. 登录主机,通过virsh domblklist命令查询虚拟机使用的磁盘。 +1. 登录主机,通过virsh domblklist命令查询虚拟机使用的磁盘。 - ``` - $ virsh domblklist openEulerVM + ```sh + # virsh domblklist openEulerVM Target Source --------------------------------------------- vda /mnt/openEuler-image.qcow2 ``` +2. 创建虚拟机磁盘快照*openEuler-snapshot1.qcow2*,命令及回显如下: -1. 创建虚拟机磁盘快照_openEuler-snapshot1.qcow2_,命令及回显如下: - - ``` - $ virsh snapshot-create-as --domain openEulerVM --disk-only --diskspec vda,snapshot=external,file=/mnt/openEuler-snapshot1.qcow2 --atomic + ```sh + # virsh snapshot-create-as --domain openEulerVM --disk-only --diskspec vda,snapshot=external,file=/mnt/openEuler-snapshot1.qcow2 --atomic Domain snapshot 1582605802 created ``` +3. 磁盘快照查询操作。 -1. 磁盘快照查询操作。 - - ``` - $ virsh snapshot-list openEulerVM + ```sh + # virsh snapshot-list openEulerVM Name Creation Time State --------------------------------------------------------- 1582605802 2020-02-25 12:43:22 +0800 disk-snapshot ``` +## 配置磁盘IO悬挂 + +### 总体介绍 + +#### 概述 + +存储故障(比如存储断链)场景下,物理磁盘的IO错误,通过虚拟化层传给虚拟机前端,虚拟机内部收到IO错误,可能导致虚拟机内部的用户文件系统变成read-only状态,需要重启虚拟机或者用户手动恢复,这给用户带来额外的工作量。 + +这种情况下,虚拟化平台提供了一种磁盘IO悬挂的能力,即当存储故障时,虚拟机IO下发到主机侧时将IO悬挂住,在悬挂时间内不对虚拟机内部返回IO错误,这样虚拟机内部的文件系统就不会因为IO错误而变为只读状态,而是呈现为Hang住;同时虚拟机后端按指定的悬挂间隔对IO进行重试。如果存储故障在悬挂时间内恢复正常,悬挂住的IO即可恢复落盘,虚拟机内部文件系统自动恢复运行,不需要重启虚拟机;如果存储故障在悬挂时间内未能恢复正常,则上报错误给虚拟机内部,通知给用户。 + +#### 应用场景 + +使用可能会发生存储面链路断链的云盘作为虚拟磁盘后端的场景。 + +#### 注意事项和约束限制 + +- 磁盘IO悬挂仅支持virtio-blk或virtio-scsi类型的虚拟磁盘。 + +- 磁盘IO悬挂的虚拟磁盘后端一般为可能会发生存储面链路断链的云盘。 + +- 磁盘IO悬挂可对读写IO错误分别使能,同一磁盘的读写IO错误重试间隔和超时时间使用相同配置。 + +- 磁盘IO悬挂重试间隔不包含主机侧实际读写IO的开销,即两次IO重试操作实际间隔会大于配置的IO错误重试间隔。 + +- 磁盘IO悬挂无法区分IO错误的具体类型(如存储断链、扇区坏道、预留冲突等),只要硬件返回IO错误,就会进行悬挂处理。 +- 磁盘IO悬挂时,虚拟机内部IO不会返回,fdisk等访问磁盘的系统命令会卡住,虚拟机内部依赖该命令返回的业务也会一直卡住。 + +- 磁盘IO悬挂时,IO无法正常落盘,可能会导致虚拟机无法优雅关机,需要强制关机。 + +- 磁盘IO悬挂时,无法读取磁盘数据,会造成虚拟机无法正常重启,需要先将虚拟机强制关机,等待存储故障恢复后再重新启动虚拟机。 + +- 存储故障发生后,虽然存在磁盘IO悬挂,依然解决不了以下问题: + + 1. 存储相关高级特性执行失败 + + 高级特性包括:虚拟磁盘热插、虚拟磁盘热拔、创建虚拟磁盘、虚拟机启动、虚拟机关机、虚拟机强制关机、虚拟机休眠、虚拟机唤醒、虚拟机存储热迁移、虚拟机存储热迁移取消、虚拟机创建存储快照、虚拟机存储快照合并、查询虚拟机磁盘容量、磁盘在线扩容、插入虚拟光驱、弹出虚拟机光驱。 + + 2. 虚拟机生命周期执行失败 + +- 配置了磁盘IO悬挂的虚拟机发起热迁移时,应该在目的端磁盘的XML配置中带上与源端相同的磁盘IO悬挂配置。 + +### 磁盘IO悬挂配置 + +#### Qemu命令行配置 + +磁盘IO悬挂功能通过在虚拟磁盘设备上指定`werror=retry` `rerror=retry`进行使能,使用`retry_interval`和`retry_timeout`进行重试策略的配置。`retry_interval`为IO错误重试的间隔,配置范围为0-MAX_LONG,单位为毫秒,未配置时使用默认值1000ms;`retry_timeout`为IO错误重试超时时间,配置范围为0-MAX_LONG,0值表示不会发生超时,单位为毫秒,未配置时使用默认值0。 + +virtio-blk磁盘的磁盘IO悬挂配置如下: + +```shell +-drive file=/path/to/your/storage,format=raw,if=none,id=drive-virtio-disk0,cache=none,aio=native \ +-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,\ +drive=drive-virtio-disk0,id=virtio-disk0,write-cache=on,\ +werror=retry,rerror=retry,retry_interval=2000,retry_timeout=10000 +``` + +virtio-scsi磁盘的磁盘IO悬挂配置如下: + +```shell +-drive file=/path/to/your/storage,format=raw,if=none,id=drive-scsi0-0-0-0,cache=none,aio=native \ +-device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,\ +device_id=drive-scsi0-0-0-0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,write-cache=on,\ +werror=retry,rerror=retry,retry_interval=2000,retry_timeout=10000 +``` + +#### xml配置方式 + +磁盘IO悬挂功能通过在磁盘xml配置中指定`error_policy='retry'` `rerror_policy='retry'`进行使能。主要是配置上`retry_interval`和`retry_timeout`的值。`retry_interval`为IO错误重试的间隔,配置范围为0-MAX_LONG,单位为毫秒,未配置时使用默认值1000ms;`retry_timeout`为IO错误重试超时时间,配置范围为0-MAX_LONG,0值表示不会发生超时,单位为毫秒,未配置时使用默认值0。 + +virtio-blk磁盘的磁盘IO悬挂xml配置如下: + +```xml + + + + + + +``` + +virtio-scsi磁盘的磁盘IO悬挂xml配置如下: + +```xml + + + + + +
    + +``` diff --git "a/docs/zh/docs/Virtualization/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" "b/docs/zh/docs/Virtualization/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" index 0b52022529450f012c9c5bbd30aca38c9b5b4b33..3b3b77cc99a04d8320d350e6c82af54b0d53e2b7 100644 --- "a/docs/zh/docs/Virtualization/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" +++ "b/docs/zh/docs/Virtualization/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" @@ -1,26 +1,8 @@ # 虚拟机配置 - -- [虚拟机配置](#虚拟机配置) - - [总体介绍](#总体介绍) - - [虚拟机描述](#虚拟机描述) - - [虚拟CPU和虚拟内存](#虚拟CPU和虚拟内存) - - [配置虚拟设备](#配置虚拟设备) - - [存储设备](#存储设备) - - [网络设备](#网络设备) - - [总线配置](#总线配置) - - [其它常用设备](#其它常用设备) - - [体系架构相关配置](#体系架构相关配置) - - [其他常见配置项](#其他常见配置项) - - [XML配置文件示例](#XML配置文件示例) - - - - - ## 总体介绍 -#### 概述 +### 概述 Libvirt工具采用XML格式的文件描述一个虚拟机特征,包括虚拟机名称、CPU、内存、磁盘、网卡、鼠标、键盘等信息。用户可以通过修改配置文件,对虚拟机进行管理。本章介绍XML配置文件各个元素的含义,指导用户完成虚拟机配置。 @@ -30,7 +12,7 @@ Libvirt工具采用XML格式的文件描述一个虚拟机特征,包括虚拟 XML配置文件的基本格式如下,其中label代表具体标签名,attribute代表属性,value代表属性值,需要根据实际情况修改。 -``` +```xml VMName 8 @@ -48,39 +30,38 @@ XML配置文件的基本格式如下,其中label代表具体标签名,attrib #### 配置流程 -1. 创建一个根元素为domain的XML配置文件。 -2. 使用标签name,根据命名规则指定唯一的虚拟机名称。 -3. 配置虚拟CPU和虚拟内存等系统资源。 -4. 配置虚拟设备。 - 1. 配置存储设备。 - 2. 配置网络设备。 - 3. 配置外部总线结构。 - 4. 配置鼠标等外部设备。 +1. 创建一个根元素为domain的XML配置文件。 +2. 使用标签name,根据命名规则指定唯一的虚拟机名称。 +3. 配置虚拟CPU和虚拟内存等系统资源。 +4. 配置虚拟设备: + 1. 配置存储设备。 + 2. 配置网络设备。 + 3. 配置外部总线结构。 + 4. 配置鼠标等外部设备。 -5. 保存XML配置文件。 +5. 保存XML配置文件。 ## 虚拟机描述 -#### 概述 +### 概述 本节介绍虚拟机domain根元素和虚拟机名称的配置。 -#### 元素介绍 +### 元素介绍 -- domain:虚拟机XML配置文件的根元素,用于配置运行此虚拟机的hypervisor的类型。 +- domain:虚拟机XML配置文件的根元素,用于配置运行此虚拟机的hypervisor的类型。 属性type:虚拟化中domain的类型。openEuler虚拟化中属性值为kvm。 -- name:虚拟机名称。 +- name:虚拟机名称。 - 虚拟机名称为一个字符串,同一个主机上的虚拟机名称不能重复,虚拟机名称必须由数字、字母、“\_”、“-”、“:”组成,但不支持全数字的字符串,且虚拟机名称不超过64个字符。 + 虚拟机名称为一个字符串,同一个主机上的虚拟机名称不能重复,虚拟机名称必须由数字、字母、“\_”、“-”、“:”、“!”、“@”、“#”、“$”、“%”、“^”、“.”组成,且虚拟机名称不超过64个字符。 - -#### 配置示例 +### 配置示例 例如,虚拟机名称为openEuler的配置如下: -``` +```xml openEuler ... @@ -89,25 +70,47 @@ XML配置文件的基本格式如下,其中label代表具体标签名,attrib ## 虚拟CPU和虚拟内存 -#### 概述 +### 概述 本节介绍虚拟CPU和虚拟内存的常用配置。 -#### 元素介绍 +### 元素介绍 -- vcpu:虚拟处理器的个数。 -- memory:虚拟内存的大小。 +- vcpu:虚拟处理器的个数。 +- memory:虚拟内存的大小。 属性unit:指定内存单位,属性值支持KiB(210 字节),MiB(220 字节),GiB(230 字节),TiB(240 字节)等。 -- cpu:虚拟处理器模式。 +- cpu:虚拟处理器模式。 + + 属性mode:表示虚拟CPU的模式。 - 属性mode:表示虚拟CPU的模式,属性值host-passthrough表示虚拟CPU的架构和特性与主机保持一致。 + - host-passthrough:表示虚拟CPU的架构和特性与主机保持一致。 + + - custom:表示虚拟CPU的架构和特性由此cpu元素控制。 子元素topology:元素cpu的子元素,用于描述虚拟CPU模式的拓扑结构。 - - 子元素topology的属性socket、cores、threads分别描述了虚拟机具有多少个cpu socket,每个cpu socket中包含多少个处理核心(core),每个处理器核心具有多少个超线程(thread),属性值为正整数且三者的乘积等于虚拟CPU的个数。 + - 子元素topology的属性socket、cores、threads分别描述了虚拟机具有多少个cpu socket,每个cpu socket中包含多少个处理核心(core),每个处理器核心具有多少个超线程(threads),属性值为正整数且三者的乘积等于虚拟CPU的个数。 + - ARM架构支持虚拟超线程, 虚拟CPU热插与虚拟超线程功能互斥。 + + 子元素model:元素cpu的子元素,当mode为custom时用于描述CPU的模型。 + 子元素feature:元素cpu的子元素,当mode为custom时用于描述某一特性的使能情况。其中,属性name表示特性的名称,属性policy表示这一特性的使能控制策略: + + - force:表示强制使能该特性,无论主机CPU是否支持该特性。 + + - require:表示使能该特性,当主机CPU不支持该特性并且hypervisor不支持模拟该特性时,创建虚拟机失败。 + + - optional:表示该特性的使能情况与主机上该特性的使能情况保持一致。 + + - disable:禁用该特性。 + + - forbid:禁用该特性,当主机支持该特性时创建虚拟机失败。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >虚拟机内部用户态CPU特性的呈现(如通过lscpu中的Flags呈现的CPU特性)需虚拟机内核的支持,若虚拟机内核版本较旧,可能无法呈现出全部CPU特性。 #### 配置示例 @@ -125,9 +128,25 @@ XML配置文件的基本格式如下,其中label代表具体标签名,attrib ``` +虚拟内存为8GiB,虚拟CPU个数为4,处理模式为custom,model为Kunpeng-920,且禁用pmull特性的配置如下: + +``` + + ... + 4 + 8 + + Kunpeng-920 + + + ... + +``` + ## 配置虚拟设备 虚拟机XML配置文件使用devices元素配置虚拟设备,包括存储设备、网络设备、总线、鼠标等,本节介绍常用的虚拟设备如何配置。 + ### 存储设备 #### 概述 @@ -159,7 +178,8 @@ XML配置文件使用disk元素配置存储设备,disk常见的属性如[表1]

    block:块设备

    file:文件设备

    -

    dir: 目录路径

    +

    dir:目录路径

    +

    network:网络磁盘

    device

    @@ -192,6 +212,10 @@ XML配置文件使用disk元素配置存储设备,disk常见的属性如[表1]

    file:对应file类型,值为对应文件的完全限定路径。

    dev:对应block类型,值为对应主机设备的完全限定路径。

    dir:对应dir类型,值为用作磁盘目录的完全限定路径。

    +

    protocol:使用的协议。

    +

    name: rbd磁盘名称,格式为:$pool/$volume 。

    +

    host name:mon地址。

    +

    port:mon地址的端口。

    driver

    @@ -202,6 +226,10 @@ XML配置文件使用disk元素配置存储设备,disk常见的属性如[表1]

    io:磁盘IO模式,支持“native”和“threads”选项。

    cache:磁盘的cache模式,可选项有“none”、“writethrough”、“writeback”、“directsync”等。

    iothread:指定为磁盘分配的IO线程。

    +

    error_policy:IO写错误发生时的处理策略,可选项有“stop”、“report”、“ignore”、“enospace"、"retry"等。

    +

    rerror_policy:IO读错误发生时的处理策略,可选项有“stop”、“report”、“ignore”、“enospac”、“retry"等。

    +

    retry_interval:IO错误重试间隔,范围为0-MAX_INT,单位为毫秒,仅error_policy=“retry”或rerror_policy=“retry”时可配置。

    +

    retry_timeout:IO错误重试超时时间,范围为0-MAX_INT,单位为毫秒,仅error_policy=“retry”或rerror_policy=“retry”时可配置。

    target

    @@ -233,26 +261,41 @@ XML配置文件使用disk元素配置存储设备,disk常见的属性如[表1] 按照“准备虚拟机镜像”操作完成虚拟机镜像准备后,可以使用如下XML配置文件示例,为虚拟机配置虚拟磁盘。 -例如,该示例为虚拟机配置了两个IO线程,一个块磁盘设备和一个光盘设备,第一个IO线程分配给块磁盘设备使用。该块磁盘设备的后端介质为qcow2格式,且被作为优先启动盘。 +例如,该示例为虚拟机配置了两个IO线程,一个块磁盘设备,一个光盘设备和一个rbd磁盘,第一个IO线程分配给块磁盘设备使用。该块磁盘设备的后端介质为qcow2格式,且被作为优先启动盘。 +在使用rbd磁盘前请确保已经安装qemu-block-rbd驱动,如未安装,请在root下使用如下命令进行安装: + +```sh +# yum install qemu-block-rbd ``` + +配置实例: + +```conf ... 2 - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + ... @@ -334,9 +377,9 @@ XML配置文件中使用元素“interface”,其属性“type”表示虚拟 #### 配置示例 -- 按照“准备虚拟机网络”创建了Linux网桥br0后,配置一个桥接在br0网桥上的virtio类型的虚拟网卡设备,对应的XML配置如下: +- 按照“准备虚拟机网络”创建了Linux网桥br0后,配置一个桥接在br0网桥上的virtio类型的虚拟网卡设备,对应的XML配置如下: - ``` + ```xml ... @@ -349,9 +392,9 @@ XML配置文件中使用元素“interface”,其属性“type”表示虚拟 ``` -- 如果按照“准备虚拟机网络”创建了OVS网桥,配置一个后端使用vhost驱动,且具有四个队列的virtio虚拟网卡设备。 +- 如果按照“准备虚拟机网络”创建了OVS网桥,配置一个后端使用vhost驱动,且具有四个队列的virtio虚拟网卡设备。 - ``` + ```xml ... @@ -366,7 +409,6 @@ XML配置文件中使用元素“interface”,其属性“type”表示虚拟 ``` - ### 总线配置 #### 概述 @@ -375,8 +417,8 @@ XML配置文件中使用元素“interface”,其属性“type”表示虚拟 PCIe总线是一种典型的树结构,具有比较好的扩展性,总线之间通过控制器关联,这里以PCIe总线为例介绍如何为虚拟机配置总线拓扑。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->总线的配置相对比较繁琐,若不需要精确控制设备拓扑结构,可以使用libvirt自动生成的缺省总线配置。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> 总线的配置相对比较繁琐,若不需要精确控制设备拓扑结构,可以使用libvirt自动生成的缺省总线配置。 #### 元素介绍 @@ -384,15 +426,14 @@ PCIe总线是一种典型的树结构,具有比较好的扩展性,总线之 controller:控制器元素,表示一个总线。 -- 属性type:控制器必选属性,表示总线类型。常用取值有“pci”、“usb”、“scsi”、“virtio-serial”、“fdc”、“ccid”。 -- 属性index:控制器必选属性,表示控制器的总线“bus”编号(编号从0开始),可以在地址元素“address”元素中使用。 -- 属性model:控制器必选属性,表示控制器的具体型号,其可选择的值与控制器类型“type”的值相关,对应关系及含义请参见[表1](#table191911761111)。 -- 子元素address:为设备或控制器指定其在总线网络中的挂载位置。 - - 属性type:设备地址类型。常用取值有“pci”、“usb”、“drive”。address的type类型不同, 对应的属性也不同,常用type属性值及其该取值下address的属性请参见[表2](#table1200165711314)。 - -- 子元素model:控制器具体型号的名称。 - - 属性name:指定控制器具体型号的名称,和父元素controller中的属性model对应。 +- 属性type:控制器必选属性,表示总线类型。常用取值有“pci”、“usb”、“scsi”、“virtio-serial”、“fdc”、“ccid”。 +- 属性index:控制器必选属性,表示控制器的总线“bus”编号(编号从0开始),可以在地址元素“address”元素中使用。 +- 属性model:控制器必选属性,表示控制器的具体型号,其可选择的值与控制器类型“type”的值相关,对应关系及含义请参见[表1](#table191911761111)。 +- 子元素address:为设备或控制器指定其在总线网络中的挂载位置。 + - 属性type:设备地址类型。常用取值有“pci”、“usb”、“drive”。address的type类型不同, 对应的属性也不同,常用type属性值及其该取值下address的属性请参见[表2](#table1200165711314)。 +- 子元素model:控制器具体型号的名称。 + - 属性name:指定控制器具体型号的名称,和父元素controller中的属性model对应。 **表 4** controller属性type常用取值和model取值对应关系 @@ -498,39 +539,39 @@ controller:控制器元素,表示一个总线。 该示例给出一个PCIe总线的拓扑结构。PCIe根节点(BUS 0)下挂载了三个PCIe-Root-Port控制器。第一个PCIe-Root-Port控制器(BUS 1)开启了multifunction功能,并在其下挂载一个PCIe-to-PCI-bridge控制器,形成了一个PCI总线(BUS 3),该PCI总线上挂载了一个virtio-serial设备和一个USB 2.0控制器。第二个PCIe-Root-Port控制器(BUS 2)下挂载了一个SCSI控制器。第三个PCIe-Root-Port控制器(BUS 0)下无挂载设备。配置内容如下: -``` +```xml ... - -
    - - -
    - - - -
    - - -
    - - -
    - - -
    - - -
    - - ... - + +
    + + +
    + + + +
    + + +
    + + +
    + + +
    + + +
    + + ... + ``` -### 其它常用设备 +### 其他常用设备 #### 概述 @@ -538,12 +579,11 @@ controller:控制器元素,表示一个总线。 #### 元素介绍 -- serial:串口设备 +- serial:串口设备 属性type:用于指定串口类型。常用属性值为pty、tcp、pipe、file。 - -- video:媒体设备 +- video:媒体设备 属性type:媒体设备类型。AArch架构常用属性值为virtio,x86\_64架构通常使用属性值为vga或cirrus。 @@ -553,34 +593,33 @@ controller:控制器元素,表示一个总线。 例如:给x86\_64架构虚拟机配置16MB的VGA类型的显卡,XML示例如下,其中vram属性代表显存大小,单位默认为KB: - ``` + ```xml ``` -- input:输出设备 +- input:输出设备 属性type:指定输出设备类型。常用属性值为tabe、keyboard,分别表示输出设备为写字板、键盘。 属性bus:指定挂载的总线。常用属性值为USB。 -- emulator:模拟器应用路径 -- graphics:图形设备 +- emulator:模拟器应用路径 +- graphics:图形设备 属性type:指定图形设备类型。常用属性值为vnc。 属性listen:指定侦听的IP地址。 - #### 配置示例 例如,在下面的示例中,配置了虚拟机的模拟器路径,pty串口、virtio媒体设备、USB写字板、USB键盘以及VNC图形设备。 ->![](./public_sys-resources/icon-note.gif) **说明:** ->graphics的type配置为VNC时,建议配置属性passwd,即使用VNC登录时的密码。 +> ![](./public_sys-resources/icon-note.gif) **说明:** +> graphics的type配置为VNC时,建议配置属性passwd,即使用VNC登录时的密码。 -``` +```xml ... @@ -592,35 +631,34 @@ controller:控制器元素,表示一个总线。 - ... - + ... + ``` ## 体系架构相关配置 -#### 概述 +### 概述 XML中还有一部分体系架构相关的配置,这部分配置包括主板,CPU,一些与体系架构相关的feature,本章节主要介绍它们的配置和含义。 -#### 元素介绍 +### 元素介绍 -- os:定义虚拟机启动参数。 +- os:定义虚拟机启动参数。 - 子元素type:指定虚拟机类型,属性arch表示架构类型,如aarch64,属性machine表示虚拟机的芯片组类型,虚拟机支持的芯片组可以通过 **qemu-kvm -machine ?**命令查询,如AArch64结构使用“virt”类型。 + 子元素type:指定虚拟机类型,属性arch表示架构类型,如aarch64,属性machine表示虚拟机的芯片组类型,虚拟机支持的芯片组可以通过 **qemu-kvm -machine ?** 命令查询,如AArch64结构使用“virt”类型。 子元素loader:指定加载固件 ,如配置EDK提供的UEFI文件,属性readonly表示是否是只读文件,值为“yes”或“no”,属性type表示loader的类型,常用的值有“rom”、“pflash”。 子元素nvram:指定nvram文件路径,用于存储UEFI启动配置。 - -- features:hypervisor支持控制一些虚拟机CPU/machine的特性,如高级电源管理接口“acpi”,ARM处理器指定GICv3中断控制器等。 +- features:hypervisor支持控制一些虚拟机CPU/machine的特性,如高级电源管理接口“acpi”,ARM处理器指定GICv3中断控制器等。 #### AArch64架构配置示例 虚拟机的类型为AArch64结构,使用virt芯片组,利用UEFI启动的虚拟机配置如下: -``` +```xml ... @@ -658,77 +696,76 @@ x86\_64架构支持BIOS和UEFI两种启动方式,如果不配置loader,则 ## 其他常见配置项 -#### 概述 +### 概述 除系统资源和虚拟设备外,XML配置文件还需要配置一些其他元素,本节介绍这些元素的配置方法。 -#### 元素介绍 +### 元素介绍 -- iothreads:指定iothread数量,可以用于加速存储设备性能。 +- iothreads:指定iothread数量,可以用于加速存储设备性能。 -- on\_poweroff:虚拟机关闭时采取的动作。 -- on\_reboot:虚拟机重启时采取的动作。 -- on\_crash:虚拟机崩溃时采取的动作。 -- clock:采用的时钟类型。 +- on\_poweroff:虚拟机关闭时采取的动作。 +- on\_reboot:虚拟机重启时采取的动作。 +- on\_crash:虚拟机崩溃时采取的动作。 +- clock:采用的时钟类型。 属性offset:设置虚拟机时钟的同步类型,可选的值有“localtime”、“utc”、“timezone”、“variable”等。 - -#### 配置示例 +### 配置示例 为虚拟机配置两个iothread,用于加速存储设备性能。 -``` +```xml 2 ``` 虚拟机关闭时,销毁虚拟机。 -``` +```xml destroy ``` 虚拟机重启时,重新启动虚拟机。 -``` +```xml restart ``` 虚拟机崩溃时,重新启动虚拟机。 -``` +```xml restart ``` 时钟采用“utc”的同步方式。 -``` +```xml ``` ## XML配置文件示例 -#### 概述 +### 概述 本节给出一个基本的AArch64虚拟机和一个x86\_64虚拟机的XML配置文件示例,供用户参考。 -#### 示例一 +### 示例一 一个包含基本元素的AArch64架构虚拟机的XML配置文件,其内容示例如下: -``` +```xml openEulerVM 8 4 - hvm - /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw - /var/lib/libvirt/qemu/nvram/openEulerVM.fd + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + /var/lib/libvirt/qemu/nvram/openEulerVM.fd - - + + @@ -739,43 +776,43 @@ x86\_64架构支持BIOS和UEFI两种启动方式,如果不配置loader,则 restart restart - /usr/libexec/qemu-kvm - - - - - - - - - - - - - - - - - - + /usr/libexec/qemu-kvm + + + + + + + + + + + + + + + + + + - - - - + + + + ``` -#### 示例二 +### 示例二 一个包含基本元素及总线元素x86\_64架构虚拟机的XML配置文件,其配置示例如下: -``` +```xml openEulerVM 8388608 @@ -846,4 +883,3 @@ x86\_64架构支持BIOS和UEFI两种启动方式,如果不配置loader,则 ``` - diff --git "a/docs/zh/docs/Virtualization/\350\256\244\350\257\206\350\231\232\346\213\237\345\214\226.md" "b/docs/zh/docs/Virtualization/\350\256\244\350\257\206\350\231\232\346\213\237\345\214\226.md" index 988bf7f8a38ee656cd9ef293ebad10130d55beb7..94e1cf4073651fa3fb394df2a48a58edea636aec 100644 --- "a/docs/zh/docs/Virtualization/\350\256\244\350\257\206\350\231\232\346\213\237\345\214\226.md" +++ "b/docs/zh/docs/Virtualization/\350\256\244\350\257\206\350\231\232\346\213\237\345\214\226.md" @@ -2,9 +2,9 @@ ## 简介 -在计算机技术中,虚拟化是一种资源管理技术,它将计算机的各种实体资源(处理器、内存、磁盘、网络适配器等)予以抽象,转换后呈现并可供分割、组合为一个或多个计算机配置环境。这种资源管理技术打破了实体结构不可分割的障碍,使这些资源在虚拟化后不受现有资源的架设方式、地域或物理配置限制,从而让用户可以更好地应用计算机硬件资源,提高资源利用率。 +在计算机技术中,虚拟化是一种资源管理技术,它将计算机的各种实体资源(处理器、内存、磁盘、网络适配器等)予以抽象、转换后呈现,并可分割、组合为一个或多个计算机配置环境。这种资源管理技术打破了实体结构不可分割的障碍,使这些资源在虚拟化后不受现有资源的架设方式、地域或物理配置限制,从而让用户可以更好地应用计算机硬件资源,提高资源利用率。 -虚拟化使得一台物理服务器上可以运行多台虚拟机,虚拟机共享物理机的处理器、内存、I/O资源等,但逻辑上虚拟机之间是互相隔离的。在虚拟化技术中,通常将这个物理服务器称为宿主机,宿主机上运行的虚拟机也叫客户机,虚拟机内部运行的操作系统称为客户机操作系统。在宿主机和虚拟机之间存在一层叫虚拟化层的软件,用于实现虚拟硬件的模拟,通常这个虚拟化层被称为虚拟机监视器,如下图所示: +虚拟化使得一台物理服务器上可以运行多台虚拟机,虚拟机共享物理机的处理器、内存、I/O设备等资源,但逻辑上虚拟机之间是互相隔离的。在虚拟化技术中,通常将这个物理服务器称为宿主机,宿主机上运行的虚拟机也叫客户机,虚拟机内部运行的操作系统称为客户机操作系统。在宿主机和虚拟机之间存在一层叫虚拟化层的软件,用于实现虚拟硬件的模拟,通常这个虚拟化层被称为虚拟机监视器,如下图所示: **图 1** 虚拟化架构 ![](./figures/virtualized-architecture.png) @@ -19,7 +19,7 @@ - 宿主模型 - 这种模型中,物理资源是由宿主机操作系统管理,宿主机操作系统是传统的操作系统,如Linux,Windows等,宿主机操作系统不提供虚拟化能力,提供虚拟化能力的VMM作为系统的一个驱动或者软件运行在宿主操作系统上,VMM通过调用host OS的服务获得资源,实现处理器,内存和I/O设备的模拟,这种模型的虚拟化实现有KVM、Virtual Box等。 + 这种模型中,物理资源是由宿主机操作系统管理。宿主机操作系统是传统的操作系统,如Linux,Windows等,宿主机操作系统不提供虚拟化能力,提供虚拟化能力的VMM作为系统的一个驱动或者软件运行在宿主操作系统上,VMM通过调用host OS的服务获得资源,实现处理器,内存和I/O设备的模拟,这种模型的虚拟化实现有KVM、Virtual Box等。 KVM(Kernel-based Virtual Machine)即基于内核的虚拟机,是Linux的一个内核模块,该内核模块使Linux成为一个hypervisor。KVM架构如[图2](#fig310953013541)所示。KVM本身未模拟任何硬件设备,它用于使能硬件提供的虚拟化能力,比如Intel VT-x, AMD-V, ARM virtualization extensions等。主板、内存及I/O等设备的模拟由用户态的QEMU完成。用户态QEMU配合内核KVM模块共同完成虚拟机的硬件模拟,客户操作系统运行在QEMU和KVM模拟的硬件上。 @@ -71,7 +71,7 @@ openEuler软件包中提供的虚拟化相关组件: - 更高的可用性和更好的运维手段 - 虚拟化提供热迁移,快照,热升级,容灾自动恢复等运维手段,可以在不影响用户的情况下对物理资源进行删除、升级或变更,提高了业务连续性,同时可以实现自动化运维。 + 虚拟化提供热迁移、快照、热升级、容灾自动恢复等运维手段,可以在不影响用户的情况下对物理资源进行删除、升级或变更,提高了业务连续性,同时可以实现自动化运维。 - 提高安全性 diff --git "a/docs/zh/docs/Virtualization/\351\231\204\345\275\225.md" "b/docs/zh/docs/Virtualization/\351\231\204\345\275\225.md" index e7cef501559233400204561b089ca819bc34c4c1..aecca35601ac86db2108798803c9434a6c7a4658 100644 --- "a/docs/zh/docs/Virtualization/\351\231\204\345\275\225.md" +++ "b/docs/zh/docs/Virtualization/\351\231\204\345\275\225.md" @@ -25,7 +25,7 @@

    Domain

    资源的一个可配置集合,包括内存、虚拟CPU,网络设备和磁盘设备。在 Domain 中运行虚拟机。一个 Domain 被分配虚拟资源,可以独立地被启动、停止和重启。

    +

    资源的一个可配置集合,包括内存、虚拟CPU、网络设备和磁盘设备。在 Domain 中运行虚拟机。一个 Domain 被分配虚拟资源,可以独立地被启动、停止和重启。

    Libvirt

    diff --git a/docs/zh/docs/desktop/DDE-User-Manual.md b/docs/zh/docs/desktop/DDE-User-Manual.md new file mode 100644 index 0000000000000000000000000000000000000000..5bb9ac36c0b29d7b53a86e792ce4710a54c317b1 --- /dev/null +++ b/docs/zh/docs/desktop/DDE-User-Manual.md @@ -0,0 +1,902 @@ + + +# DDE桌面环境用户手册 +- [概述](#概述) +- [桌面](#桌面) +- [任务栏](#任务栏) +- [启动器](#启动器) +- [控制中心](#控制中心) +- [键盘交互](#键盘交互) + +## 概述 + +DDE桌面环境是一款美观易用、安全可靠的图形化操作界面。桌面环境主要由桌面、任务栏、启动器、控制中心等组成,是您使用该操作系统的基础,主界面如下图所示。 + +![1|desk](./figures/43.jpg) + +### 欢迎 + +初次进入DDE桌面环境,会自动打开欢迎程序。您可以观看视频了解系统功能,选择桌面样式和图标主题,进一步了解该系统。 + +![welcome](./figures/64.png) + +## 桌面 + +桌面是您登录后看到的主屏幕区域。在桌面上,您可以新建文件/文件夹、排列文件、打开终端、设置壁纸和屏保等,还可以通过启动器 [发送到桌面](#设置快捷方式) 向桌面添加应用的快捷方式。 + +![0|rightbuttonmenu](./figures/41.png) + +### 新建文件夹/文档 + +在桌面新建文件夹或文档,也可以对文件进行常规操作,和在文件管理器中一样。 + +- 在桌面上,单击鼠标右键,单击 **新建文件夹**,输入新建文件夹的名称。 +- 在桌面上,单击鼠标右键,单击 **新建文档**,选择新建文档的类型,输入新建文档的名称。 + +在桌面文件或文件夹上,单击鼠标右键,您可以使用文件管理器的相关功能: + +| 功能 | 说明 | +| ----------- | -------------------------------------------------------- | +| 打开方式 | 选定系统默认打开方式,也可以选择其他关联应用程序来打开。 | +| 剪切 | 移动文件或文件夹。 | +| 复制 | 复制文件或文件夹。 | +| 重命名 | 重命名文件或文件夹。 | +| 删除 | 删除文件或文件夹。 | +| 创建链接 | 创建一个快捷方式。 | +| 标记信息 | 添加标记信息,以对文件或文件夹进行标签化管理。 | +| 压缩/解压缩 | 压缩文件或文件夹,或对压缩文件进行解压。 | +| 属性 | 查看文件或文件夹的基本信息,共享方式,及其权限。 | + +### 设置排列方式 + +您可以对桌面上的图标按照需要进行排序。 + +1. 在桌面上,单击鼠标右键。 +2. 单击 **排序方式**,您可以: + - 单击 **名称**,将按文件的名称顺序显示。 + - 单击 **大小**,将按文件的大小顺序显示。 + - 单击 **类型**,将按文件的类型顺序显示。 + - 单击 **修改时间**,文件将按最近一次的修改日期顺序显示。 + +> ![tips](./figures/icon125-o.svg)窍门:*您也可以勾选 **自动排列**,桌面图标将从上往下,从左往右按照当前排序规则排列,有图标被删除时后面的图标会自动向前填充。* + +### 调整图标大小 + +1. 在桌面上,单击鼠标右键。 +2. 单击 **图标大小**。 +3. 选择一个合适的图标大小。 + +> ![tips](./figures/icon125-o.svg)窍门:*您也可以用 **Ctrl** + ![=](./figures/icon134-o.svg)/![-](./figures/icon132-o.svg) 鼠标滚动来调整桌面和启动器中的图标大小。* + +### 设置显示器 + +从这里快速进入控制中心设置显示器的缩放比例、分辨率和亮度等。 + +1. 在桌面上,单击鼠标右键。 +2. 单击 **显示设置**,快速进入控制中心的显示设置界面。 + +> ![notes](./figures/icon99-o.svg)说明: +> +> *关于显示的设置,具体操作请参阅 [显示设置](#显示设置) 。* + + ### 更改壁纸 + +您可以选择一些精美、时尚的壁纸来美化桌面,让您的电脑显示与众不同。 + + +1. 在桌面上,单击鼠标右键。 +2. 单击 **壁纸与屏保**,在桌面底部预览所有壁纸。 +3. 选择某一壁纸后,壁纸就会在桌面和锁屏中生效。 +4. 您可以单击 **仅设置桌面** 和 **仅设置锁屏** 来控制壁纸的生效范围。 + +![1|wallpaper](./figures/63.jpg) + +              + +> ![tips](./figures/icon125-o.svg)窍门: *您还可以在图片查看器中设置您喜欢的图片为桌面壁纸。* + +### 剪贴板 + +剪贴板展示当前用户登录系统后复制和剪切的所有文本、图片和文件。使用剪贴板可以快速复制其中的某项内容。注销或关机后,剪贴板会自动清空。 + +1. 使用快捷键 **Ctrl** + **Alt** + **V** 唤出剪贴板。 +2. 双击剪贴板内的某一区块,会快速复制当前内容, 且当前区块会被移动到剪贴板顶部。 +3. 选择目标位置粘贴。 +4. 鼠标移入剪贴板的某一区块,单击上方的![close](./figures/icon57-o.svg),删除当前内容;单击顶部的 **全部清除**,清空剪贴板。 + +![1|clipboard](./figures/40.png) + +## 任务栏 + +任务栏是指位于桌面底部的长条,主要由启动器、应用程序图标、托盘区、系统插件等组成。在任务栏,您可以打开启动器、显示桌面、进入工作区,对其上的应用程序进行打开、新建、关闭、强制退出等操作,还可以设置输入法,调节音量,连接网络,查看日历,进入关机界面等。 + +### 认识任务栏图标 + +任务栏图标包括启动器图标、应用程序图标、托盘区图标、系统插件图标等。 + +![1|fashion](./figures/45.png) + +| 图标 | 说明 | 图标 | 说明 | +| ------------------------------------------- | :------------------------------------------ | ------------------------------------------------ | ------------------------------------- | +| ![launcher](./figures/icon66-o.svg) | 启动器 - 点击查看所有已安装的应用。 | ![deepin-toggle-desktop](./figures/icon69-o.svg) | 显示桌面。 | +| ![dde-file-manager](./figures/icon63-o.svg) | 文件管理器 - 点击查看磁盘中的文件、文件夹。 | ![dde-calendar](./figures/icon62-o.svg) | 日历 - 查看日期、新建日程。 | +| ![controlcenter](./figures/icon58-o.svg) | 控制中心 - 点击进入系统设置。 | ![notification](./figures/icon101-o.svg) | 通知中心 - 显示所有系统和应用的通知。 | +| ![onboard](./figures/icon103-o.svg) | 屏幕键盘 - 点击使用虚拟键盘。 | ![shutdown](./figures/icon122-o.svg) | 电源 - 点击进入关机界面。 | +| ![trash](./figures/icon126-o.svg) | 回收站。 | | | + +              + +> ![tips](./figures/icon125-o.svg)窍门:*在高效模式下,单击任务栏最右侧可显示桌面。将鼠标指针移到任务栏上已打开窗口的图标时,会显示相应的预览窗口。* + +### 切换显示模式 + +任务栏提供两种显示模式:时尚模式和高效模式,显示不同的图标大小和应用窗口激活效果。 + + +![1|fashion](./figures/46.png) + +![1|efficient](./figures/63.png) + +              + +您可以通过以下操作来切换显示模式: + +1. 右键单击任务栏。 +2. 在 **模式** 子菜单中选择一种显示模式。 + +### 设置任务栏位置 + +您可以将任务栏放置在桌面的任意方向。 + +1. 右键单击任务栏。 +2. 在 **位置** 子菜单中选择一个方向。 + +### 调整任务栏高度 + +鼠标拖动任务栏边缘,改变任务栏高度。 + +### 显示/隐藏插件 + +1. 右键单击任务栏。 +2. 在 **插件** 子菜单中勾选或取消勾选 **回收站、电源、显示桌面、屏幕键盘、通知中心、时间**,可以设置这些插件在任务栏上的显示和隐藏效果。 + +### 查看通知 + +当有系统或应用通知时,会在桌面上方弹出通知消息。若有按钮,单击按钮执行对应操作;若无按钮,单击关闭此消息。 + +![message](./figures/51.png) + +              + +您还可以单击任务栏上的 ![notification](./figures/icon101-o.svg), 打开通知中心,查看所有通知。 + +### 查看日期时间 + +- 鼠标指针悬停在任务栏的时间上,查看当前日期、星期和时间。 +- 单击时间,打开日历。 + +### 进入关机界面 + +您可以单击任务栏上的 ![shutdown](./figures/icon136-o.svg) 进入关机界面,也可以在启动器的小窗口模式中单击 ![poweroff_normal](./figures/icon136-o.svg)。 + +| 功能 | 说明 | +| ---------------------------------------------------------- | ------------------------------------------------------- | +| 关机![poweroff_normal](./figures/icon136-o.svg) | 关闭电脑。 | +| 重启![reboot_normal](./figures/icon110-o.svg) | 关机后再次重新运行您的电脑。 | +| 锁定![lock_normal](./figures/icon90-o.svg) | 锁定电脑,或按下键盘上的 **Super** + **L** 组合键锁定。 | +| 切换用户![userswitch_normal](./figures/icon128-o.svg) | 选择另一个用户帐户登录。 | +| 注销![logout_normal](./figures/icon92-o.svg) | 清除当前登录用户的信息。 | +| 系统监视器![deepin-system-monitor](./figures/icon68-o.svg) | 快速启动系统监视器。 | + +              + +> ![notes](./figures/icon99-o.svg)说明:*当系统存在多个帐户时才显示 ![userswitch_normal](./figures/icon128-o.svg)。* + + +### 回收站 + +电脑中临时被删除的所有文件您都可以在回收站中找到,回收站中的文件可以被恢复或清空。 + +#### 还原文件 + +对于已删除的文件,您可以进入回收站进行还原,或使用 **Ctrl** + **Z** 还原刚删除的文件。 + +1. 在回收站中,选择要恢复的文件。 +2. 单击鼠标右键,选择 **还原**。 +3. 还原文件到原来的存储路径下。 + +> ![attention](./figures/icon52-o.svg)注意: +> +> *如果原来所在的文件夹已经删除,还原文件时会自动新建文件夹*。 + +#### 清空回收站 + +在回收站中,单击 **清空**,将彻底删除回收站的所有内容。 + +## 启动器 + +启动器 ![launcher](./figures/icon66-o.svg) 帮助您管理系统中已安装的所有应用,在启动器中使用分类导航或搜索功能可以快速找到您需要的应用程序。 + +> ![tips](./figures/icon125-o.svg)窍门:*您可以进入启动器查看新安装的应用。新安装应用的旁边会出现一个小蓝点提示*。 + +### 切换模式 + +启动器有全屏和小窗口两种模式。单击启动器界面右上角的图标来切换模式。 + +两种模式均支持搜索应用、设置快捷方式等操作。 + +小窗口模式还支持快速打开文件管理器、控制中心和进入关机界面等功能。 + +![1|fullscreen](./figures/47.jpg)![1|ini](./figures/52.png) + + +### 排列应用 + +在全屏模式下,系统默认按照安装时间排列所有应用。 + +- 将鼠标悬停在应用图标上,按住鼠标左键不放,将应用图标拖拽到指定的位置自由排列。 +- 单击启动器界面左上角分类图标![category](./figures/icon56-o.svg)进行排列。 + +![1|sortapp](./figures/60.jpg) + +              + +在小窗口模式下,默认按照使用频率排列应用。 + +### 查找应用 + +在启动器中,您可以滚动鼠标滚轮或切换分类导航查找应用。 + +如果知道应用名称,直接在搜索框中输入关键字,快速定位到需要的应用。 + +### 设置快捷方式 + +快捷方式提供了一种简单快捷地启动应用的方法。 + +#### 创建快捷方式 + +将应用发送到桌面或任务栏上,方便您的后续操作。 + +在启动器中,右键单击应用图标,您可以: + +- 单击 **发送到桌面**,在桌面创建快捷方式。 + +- 单击 **发送到任务栏**,将应用固定到任务栏。 + +![0|sendto](./figures/58.png) + +> ![notes](./figures/icon99-o.svg)说明: +> +> *您还可以从启动器拖拽应用图标到任务栏上放置。但是当应用处于运行状态时您将无法拖拽固定,此时您可以右键单击任务栏上的应用图标,选择 **驻留** 将应用固定到任务栏,以便下次使用时从任务栏上快速打开。* + +#### 删除快捷方式 + +您既可以在桌面直接删除应用的快捷方式,也可以在任务栏和启动器中删除。 + +**从任务栏上删除** + +- 在任务栏上,按住鼠标左键不放,将应用图标拖拽到任务栏以外的区域移除快捷方式。 +- 当应用处于运行状态时您将无法拖拽移除,此时可以右键单击任务栏上的应用图标,选择 **移除驻留** 将应用从任务栏上移除。 + +**从启动器中删除** + +在启动器中,右键单击应用图标,您可以: + +- 单击 **从桌面上移除**,删除桌面快捷方式。 +- 单击 **从任务栏上移除**,将固定到任务栏上的应用移除。 + +> ![notes](./figures/icon99-o.svg)说明: +> +> *以上操作,只会删除应用的快捷方式,而不会卸载应用。* + +### 运行应用 + +对于已经创建了桌面快捷方式或固定到任务栏上的应用,您可以通过以下途径来打开应用。 + +- 双击桌面图标,或右键单击桌面图标选择 **打开**。 +- 直接单击任务栏上的应用图标,或右键单击任务栏上的应用图标选择 **打开**。 + +在启动器中,直接单击应用图标打开,或右键单击应用图标选择 **打开**。 + +> ![tips](./figures/icon125-o.svg)窍门:*对于经常使用的应用,您可以在启动器中,右键单击应用图标选择 **开机自动启动**。* + + +## 控制中心 + +DDE桌面操作系统通过控制中心来管理系统的基本设置,包括帐户管理、网络设置、日期和时间、个性化设置、显示设置、系统信息查看等。当您进入桌面环境后,单击任务栏上的 ![controlcenter](./figures/icon58-o.svg) 即可打开控制中心窗口。 + +### 首页介绍 + +控制中心首页主要展示各个设置模块,方便日常查看和快速设置。 + +![2|dcchomepage](./figures/42.png) + +              + +打开控制中心的某一设置模块后,可以通过左侧导航栏快速切换到另一设置模块。 + +![2|cc-navigation](./figures/39.png) + + + +#### 标题栏 + +标题栏包含返回按钮,搜索框,主菜单及窗口按钮。 + +- 返回按钮:若要返回首页,单击 ![back](./figures/icon53-o.svg)。 +- 搜索框:输入关键字后,回车,搜索相应设置。 +- 主菜单:单击![menu](./figures/icon83-o.svg) 进入主菜单。在主菜单中,您可以设置窗口主题,查看版本,或退出控制中心。 + +### 帐户设置 + +在安装系统时您已经创建了一个帐户。在这里,您可以修改帐户设置或创建一个新帐户。 + +![0|account](./figures/38.png) + +#### 创建新帐户 + +1. 在控制中心首页,单击 ![account_normal](./figures/icon49-o.svg)。 +2. 单击![add](./figures/icon50-o.svg)。 +3. 输入用户名、密码和重复密码。 +4. 单击 **创建**。 +5. 在授权对话框输入当前帐户的密码,新帐户就会添加到帐户列表中。 + + + +#### 更改头像 + +1. 在控制中心首页,单击 ![account_normal](./figures/icon49-o.svg)。 +2. 单击列表中的帐户。 +3. 单击帐户头像,选择一个头像或添加本地头像,头像就替换完成了。 + +#### 设置全名 + +帐户全名会显示在帐户列表和系统登录界面,可根据需要设置。 + +1. 在控制中心首页,单击 ![account_normal](./figures/icon49-o.svg)。 +2. 单击列表中的帐户。 +3. 单击 **设置全名** 后的 ![edit](./figures/icon75-o.svg),输入帐户全名。 + + +#### 修改密码 + +1. 在控制中心首页,单击 ![account_normal](./figures/icon49-o.svg)。 +2. 单击当前帐户。 +3. 单击 **修改密码**,进入修改密码页面。 +4. 输入当前密码、新密码和重复密码。 + + +#### 删除帐户 + +1. 在控制中心首页,单击 ![account_normal](./figures/icon49-o.svg)。 +2. 单击其他未登录的帐户。 +3. 单击 **删除帐户** 。 +4. 在弹出的确认界面中单击 **删除**。 + +> ![attention](./figures/icon52-o.svg)注意: +> +> *已登录的帐户无法被删除。* + +#### 权限设置 + +除安装时的第一个帐户是管理员权限外,后面所添加的所有帐户都是普通用户。一个帐户可以在多个用户组内。 + +##### 设置组 + +添加或修改帐户时,可以: + +- 选择系统内已有的组。 +- 选择当前用户同名的组。 +- 选择之前添加帐户时和其他用户同名的组。 + +### 显示设置 + +设置显示器的分辨率、亮度、屏幕方向等,让您的电脑显示到达最佳状态。 + +![0|video](./figures/44.png) + +#### 单屏设置 + +##### 更改分辨率 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 **分辨率**,进入分辨率设置界面。 +3. 在列表中选择合适的分辨率参数。 +4. 单击 **保存**。 + +##### 调节亮度 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 **亮度**,进入亮度设置界面。 + + - 拖动亮度条滑块,调节屏幕亮度。 + - 打开 **自动调节色温** 开关,开启进入护眼模式,自动调节色温。 + - 打开 **手动调节** 亮度开关,可以调节屏幕亮度 。 + +##### 设置屏幕刷新率 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 **刷新率**。 +3. 选择一个合适的刷新率,单击 **保存**。 + +##### 改变屏幕方向 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 ![rotate](./figures/icon112-o.svg) 。 +3. 每单击一下鼠标左键,屏幕逆时针旋转90°。 +4. 要还原为之前的屏幕方向,单击鼠标右键退出;要使用当前屏幕方向,请按下组合键 **Ctrl** + **S** 保存。 + +#### 多屏设置 + +多屏显示,让您的视野无限延伸!使用VGA、HDMI、EDP等线缆将您的电脑和另一台显示器、投影仪等连接起来,同时在多个屏幕显示您电脑上的内容。 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 **多屏显示模式**。 +3. 选择一种显示模式。 + - **复制**将主屏的显示内容复制到其他屏幕。 + - **扩展** 将主屏的显示内容扩展到其他屏幕,扩大桌面区域。 + - **自定义** 设置显示模式,主屏、分辨率、刷新率和屏幕旋转方向。 + +在多屏环境下,按下 **Super** + **P**调出多屏显示模式的OSD。 + +详细操作方法如下。 + +1. 按住 **Super** 不放,再按下 **P** 或鼠标单击来进行模式选择。 +2. 松开按键,确认选择,模式生效。 + +> ![notes](./figures/icon99-o.svg)说明: +> +> *当多屏显示模式为扩展模式时,仅主屏支持桌面图标显示、操作右键菜单等功能,而副屏不支持。* + + +##### 自定义设置 + +1. 在控制中心首页,单击 ![display_normal](./figures/icon72-o.svg)。 +2. 单击 **多屏显示模式** > **自定义**。 +3. 单击 “识别”,查看屏幕名称。 +4. 选择“合并”或“拆分”,然后对多个屏幕进行设置,如主屏、分辨率、刷新率、旋转屏幕等。 +5. 单击 **保存**。 + +> ![notes](./figures/icon99-o.svg)说明: +> +> *合并即复制模式,拆分即扩展模式。* + + + +### 默认程序设置 + +当安装有多个功能相似的应用程序时,可以选择其中的一个应用作为对应文件类型的默认启动程序。 + +![0|default](./figures/39.png) + +#### 设置默认程序 + +1. 右键单击文件,选择 **打开方式** > **选择默认程序**。 +2. 选择一个应用,自动勾选"设为默认",单击 **确定**。 +3. 该应用将自动添加到控制中心的默认程序列表。 + +#### 更改默认程序 + +1. 在控制中心首页,单击 ![default_applications_normal](./figures/icon70-o.svg)。 +2. 选择一个文件类型进入默认程序列表。 +3. 在列表中选择另一个应用程序。 + +#### 添加默认程序 + +1. 在控制中心首页,单击 ![default_applications_normal](./figures/icon70-o.svg)。 +2. 选择文件类型进入默认程序列表。 +3. 单击列表下的![add](./figures/icon50-o.svg),选择desktop文件(一般在/usr/share/applications),或特定的二进制文件。 +4. 该程序将添加到列表,并自动设置为默认程序。 + +#### 删除默认程序 + +在默认程序列表中,您只能删除自己添加的应用程序,不能删除系统已经安装的应用。要删除系统已经安装的应用,只能卸载应用。卸载后该应用将自动从默认程序列表中删除。 + +可用以下方法删除自己添加的默认程序。 + +1. 在控制中心首页,单击 ![default_applications_normal](./figures/icon70-o.svg)。 +2. 选择文件类型进入默认程序列表。 +3. 单击程序后面的![close](./figures/icon57-o.svg),删除默认程序。 + +### 个性化设置 + +在这里,您可以设置系统主题、活动用色、字体等,改变桌面和窗口的外观,设置成您喜欢的显示风格。 + +![0|personalise](./figures/56.png) + +#### 设置窗口主题 + +1. 在控制中心首页,单击 ![personalization_normal](./figures/icon105-o.svg)。 +2. 单击 **通用**,选择一种窗口主题。 +3. 该主题即为系统窗口主题。 + +> ![tips](./figures/icon125-o.svg)窍门:*自动主题表示根据当前时区的时间,根据日出日落的时间自动更换窗口主题。日出后是浅色,日落后是深色。* + +#### 更改活动用色 + +活动用色是指选中某一选项时的强调色。 + +1. 在控制中心首页,单击 ![personalization_normal](./figures/icon105-o.svg)。 +2. 单击 **通用**。 +3. 单击 **活动用色** 下的一种颜色,可实时查看该颜色效果。 + +#### 设置图标主题 + +1. 在控制中心首页,单击 ![personalization_normal](./figures/icon105-o.svg)。 +2. 单击 **图标主题**,选择一款图标样式。 + +#### 设置光标主题 + +1. 在控制中心首页,单击 ![personalization_normal](./figures/icon105-o.svg)。 +2. 单击 **光标主题**,选择一款光标样式。 + +#### 更改系统字体 + +1. 在控制中心首页,单击 ![personalization_normal](./figures/icon105-o.svg)。 +2. 单击 **字体**,进入设置字体界面。 +3. 设置系统字号和字体。 + +### 网络设置 + +登录系统后,您需要连接网络,才能接收邮件、浏览新闻、下载文件、聊天、网上购物等。 + +> ![tips](./figures/icon125-o.svg)窍门:*您可以单击任务栏托盘区的网络图标,查看当前网络状态。* + +![0|network](./figures/54.png) + +#### 有线网络 + +有线网络安全快速稳定,是最常见的网络连接方式。当您设置好路由器后,把网线两端分别插入电脑和路由器,即可连接有线网络。 + +1. 将网线插入电脑上的网络插孔。 +2. 将网线的另一端插入路由器或网络端口。 +3. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +4. 单击 **有线网络**,进入有线网络设置界面。 +5. 打开 **有线网卡**,开启有线网络连接功能。 +6. 当网络连接成功后,桌面右上角将弹出“已连接有线连接”的提示信息。 + +您还可以在有线网络的设置界面,编辑或新建有线网络设置。 + +#### 移动网络 + +当您处于一个没有网络信号的地方时,可以使用无线上网卡来上网。在有电话信号覆盖的任何地方,无线上网卡通过运营商的移动数据网络接入宽带服务。 + +1. 将移动网卡插入电脑上的USB接口中。 +2. 电脑将根据移动网卡和运营商信息,自动适配并自动连接网络。 +3. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +4. 单击 **移动网络**,查看详细设置信息。 + +#### 拨号网络 + +拨号上网(DSL)是指通过本地电话拨号连接到网络的连接方式。配置好调制解调器,把电话线插入电脑的网络接口,创建宽带拨号连接,输入运营商提供的用户名和密码,即可拨号连接到Internet上。 + +##### 新建拨号连接 + +1. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +2. 单击 **DSL**,单击 ![add](./figures/icon50-o.svg)。 +3. 输入宽带名称、帐户、密码。 +4. 单击 **保存**,系统自动创建宽带连接并尝试连接。 + +#### VPN + +VPN即虚拟专用网络,其主要功能是在公用网络上建立专用网络,进行加密通讯。无论您是在外地出差还是在家中办公,只要能上网就能利用VPN访问企业的内网资源。您还可以使用VPN加速访问其他国家的网站。 + +1. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +2. 单击 **VPN**,选择 ![add](./figures/icon50-o.svg) 或 ![import](./figures/icon84-o.svg)。 +3. 选择VPN协议类型,并输入名称、网关、帐号、密码等信息。(导入VPN会自动填充信息) +4. 单击 **保存**,系统自动尝试连接VPN网络。 +5. 您可以将VPN设置导出,备用或共享给其他用户。 + +> ![notes](./figures/icon99-o.svg)说明: +> +> *打开 **仅用于相对应的网络上的资源** 开关,可以不将VPN设置为默认路由,只在特定的网络资源上生效。* + +#### 系统代理 + +1. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +2. 单击 **系统代理**,进入系统代理界面。 + + - 单击 **无**,关闭代理服务器功能。 + - 单击 **手动**,输入代理服务器的地址和端口信息。 + - 单击 **自动**,输入URL,系统将自动配置代理服务器的信息。 + +#### 应用代理 + +1. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +2. 单击 **应用代理**。 +3. 设置应用代理参数。 +4. 单击 **保存**。 + +> ![notes](./figures/icon99-o.svg)说明: +> +> *应用代理设置成功后,打开启动器,右键单击应用图标,可以选择 **使用代理**。* + + +#### 网络详情 + +在网络详情界面,您可以查看MAC、IP地址、网关和其他网络信息。 + +1. 在控制中心首页,单击 ![network_normal](./figures/icon97-o.svg)。 +2. 单击 **网络详情**,进入网络信息界面。 +3. 查看当前有线网络或无线网络的信息。 + +### 声音设置 + +输入输出设备声音的设置(如设置扬声器和麦克风),让您听得更舒适,录音更清晰。 + +![0|sound](./figures/61.png) + + +#### 输出设备 + +1. 在控制中心首页,单击 ![sound_normal](./figures/icon116-o.svg)。 +2. 单击 **输出**,进入输出设备配置界面,您可以: + - 在输出设备后面的下拉框中选择输出设备类型。 + - 通过拖曳滑块调节输出音量和左/右声道平衡。 + - 打开 **音量增强**,音量的可调节区间由0~100% 转变为0~150%。 + +#### 输入设备 + +1. 在控制中心首页,单击 ![sound_normal](./figures/icon116-o.svg)。 +2. 单击 **输入**,进入输入设备配置界面,您可以: + - 在输入设备后面的下拉框中选择输入设备类型。 + - 通过拖曳滑块调节输入音量。 + - 打开 **开启** 按钮,还可以设置 **噪音抑制** 功能。 + +> ![tips](./figures/icon125-o.svg)窍门:*通常,需要调大输入音量,确保能够听到声源的声音,但是音量不宜过大,因为这会导致声音失真。可以对着麦克风以正常说话的音量讲话,并观察反馈音量的变化,变化较明显,则说明输入音量合适。* + +#### 系统音效 + +1. 在控制中心首页,单击 ![sound_normal](./figures/icon116-o.svg)。 +2. 单击 **系统音效**,勾选选项,开启某一事件发生时的声音效果。 + +> ![tips](./figures/icon125-o.svg)窍门:*您可以单击试听音效。* + + +### 时间日期 + +正确选择您所在的时区,一般即可显示正确的日期和时间。您也可以手动修改时间和日期。 + +![0|time](./figures/62.png) + +#### 修改时区 + +在您安装系统时,已选择了系统时区。若要修改系统时区,请按如下步骤设置。 + +1. 在控制中心首页,单击 ![time](./figures/icon124-o.svg)。 +2. 单击 **时区列表**。 +3. 单击 **修改系统时区**, 通过搜索或单击地图选择时区。 +4. 单击 **确定**。 + +#### 添加时区 + +您可以同时使用多个时区,以便查看另一时区的时间。 + +1. 在控制中心首页,单击 ![time](./figures/icon124-o.svg)。 +2. 单击 **时区列表**。 +3. 单击![add](./figures/icon50-o.svg),通过搜索或单击地图选择时区。 +4. 单击 **添加**。 + +#### 删除时区 + +1. 在控制中心首页,单击 ![time](./figures/icon124-o.svg)。 +2. 单击 **时区列表**。 +3. 单击时区列表后面的 **编辑**。 +4. 单击 ![delete](./figures/icon71-o.svg),删除已添加的时区。 + +#### 修改时间和日期 + +默认情况下,系统通过网络自动同步该时区的本地时间和日期。您也可以手动修改时间和日期。手动设置后,自动同步功能会被关闭。 + +1. 在控制中心首页,单击 ![time](./figures/icon124-o.svg)。 +2. 单击 **时间设置** 。 + - 开启或关闭自动同步配置。 + - 设置正确的时间和日期。 +3. 单击 **确定**。 + +#### 设置时间日期格式 + +支持即时设置时间日期的格式。 + +1. 在控制中心首页,单击 ![time](./figures/icon124-o.svg)。 +2. 单击 **格式设置**,可以设置星期、长短日期、长短时间等格式。 + +### 电源管理 + +对系统电源进行一些设置,让系统更安全。 + +![0|power](./figures/57.png) + +              + +#### 设置显示器关闭时间 + +1. 在控制中心首页,单击 ![power_normal](./figures/icon107-o.svg)。 +2. 单击 **使用电源**。 +3. 选择关闭显示器的时间。 + +#### 设置自动锁屏时间 + +1. 在控制中心首页,单击 ![power_normal](./figures/icon107-o.svg)。 +2. 单击 **使用电源**。 +3. 选择自动锁屏的时间。 + +#### 设置电源按钮 + +1. 在控制中心首页,单击 ![power_normal](./figures/icon107-o.svg)。 +2. 单击 **使用电源**。 +3. 选择电源按钮 **关机**、**关闭显示器** 或 **无任何操作**,更改电源设置。 + +更改设置后会即时生效,同时系统通知用户已修改电源设置。 + +### 鼠标 + +鼠标是计算机的常用输入设备。使用鼠标,可以使操作更加简便快捷。 + +![0|mouse](./figures/53.png) + +#### 通用设置 + +1. 在控制中心首页,单击 ![mouse_touchpad_normal](./figures/icon94-o.svg)。 +2. 单击 **通用**。 +3. 开启 **左手模式**,调节鼠标和触控板的**滚动速度**,**双击速度**。 + +> ![notes](./figures/icon99-o.svg)说明: +> +> *开启左手模式后,鼠标的左右键功能互换。* + +#### 鼠标设置 + +插入或连接鼠标后,在控制中心进行相关设置,让其更符合您的使用习惯。 + +1. 在控制中心首页,单击 ![mouse_touchpad_normal](./figures/icon94-o.svg)。 +2. 单击 **鼠标**。 +3. 调节 **指针速度**, 控制鼠标移动时指针移动的速度。 +4. 单击 **自然滚动** / **鼠标加速** 开关,开启相应功能。 + +> ![notes](./figures/icon99-o.svg)说明: +> +> - *开启鼠标加速,提高了指针精确度,鼠标指针在屏幕上的移动距离会根据移动速度的加快而增加。可以根据使用情况开启或关闭。* +> - *自然滚动开启后,鼠标滚轮向下滚动,内容会向下滚动;鼠标滚轮向上滚动,内容会向上滚动。* + +### 键盘和语言 + +在此模块,您可以设置键盘属性,以便符合您的输入习惯,还可以根据国家和语言调整键盘布局,设置系统语言,以及自定义快捷键。 + +![0|keyboard](./figures/59.png) + +#### 键盘属性 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **通用**。 +3. 调节 **重复延迟**/**重复速度**。 +4. 单击“请在此测试”,按下键盘上的任意字符不松开,查看调节效果。 +5. 单击 **启用数字键盘**/**大写锁定提示** 开关,开启相应功能。 + +#### 键盘布局 + +设置键盘布局,可以为当前语言自定义键盘。按下键盘上的按键时,键盘布局会控制哪些字符显示在屏幕上。更改键盘布局后,屏幕上的字符可能与键盘按键上的字符不相符。 + +一般在安装系统时,就已经设置了键盘布局,您也可以添加其他的键盘布局。 + +![layout](./figures/50.png) + +##### 添加键盘布局 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **键盘布局**,进入键盘布局界面。 +3. 单击![add](./figures/icon50-o.svg),单击某一键盘布局即可添加到列表。 + +##### 删除键盘布局 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **键盘布局**,进入键盘布局界面。 +3. 单击”键盘布局“后的 **编辑**。 +4. 单击 ![delete](./figures/icon71-o.svg),删除该键盘布局。 + +##### 切换键盘布局 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **键盘布局**,进入键盘布局界面。 +3. 选择一个键盘布局进行切换。 +4. 切换成功后,该键盘布局将标记为已选择。 + +> ![tips](./figures/icon125-o.svg)窍门:*您也可以选择一组或多组快捷键,按顺序切换已添加的键盘布局。选择 **切换方式**, 让切换后的键盘布局应用于整个系统或当前应用。* + +#### 系统语言 + +系统语言默认为您安装系统时所选择的语言,可以随时更改。 + +##### 添加系统语言 + +您可以添加多个语言到系统语言列表,以便切换系统语言。 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **系统语言**,进入系统语言界面。 +3. 单击 ![add](./figures/icon50-o.svg) 进入语言列表。 +4. 选择语言,该语言将自动添加到系统语言列表。 + +##### 切换系统语言 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **系统语言**,进入系统语言界面。 +3. 选择要切换的语言,系统将自动开始安装语言包。 +4. 语言包安装完成后,需要注销后重新登录,以便设置生效。 + +> ![attention](./figures/icon52-o.svg)注意: +> +> *更改系统语言后,键盘布局可能也会发生改变。重新登录时,请确保使用正确的键盘布局来输入密码。* + + +#### 快捷键 + +快捷键列表显示了系统所有的快捷键。您可以在这里查看、修改和自定义快捷键。 + +![0|shortcut](./figures/59.png) + +##### 查看快捷键 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **快捷键**,进入快捷键设置界面。 +3. 搜索或查看默认的系统快捷键、窗口快捷键和工作区快捷键。 + +##### 修改快捷键 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **快捷键**,进入快捷键设置界面。 +3. 单击需要修改的快捷键。 +4. 使用键盘输入新的快捷键。 + +> ![tips](./figures/icon125-o.svg)窍门:*若要禁用快捷键,请按下键盘上的 ![Backspace](./figures/icon54-o.svg)。若要取消修改快捷键,按下键盘上 **Esc** 键, 或单击下方的”恢复默认”按钮。* + +##### 自定义快捷键 + +您可以为常用的应用自定义一个快捷键。 + +1. 在控制中心首页,单击 ![keyboard_normal](./figures/icon86-o.svg)。 +2. 单击 **快捷键**。 +3. 单击![add](./figures/icon50-o.svg),进入添加快捷键界面。 +4. 输入快捷键名称、命令和快捷键。 +5. 单击 **添加**。 +6. 添加成功后,单击”自定义快捷键“后的 **编辑**。 +7. 单击某个快捷键后 ![delete](./figures/icon71-o.svg), 删除自定义的快捷键。 + +> ![tips](./figures/icon125-o.svg)窍门:*若要修改快捷键,单击输入新的快捷键即可。若要修改自定义快捷键的名称和命令,单击“自定义快捷键”后的 **编辑** ,单击快捷键名称后的 ![edit](./figures/icon75-o.svg),进入修改页面。* + + +### 系统信息 + +您可以查看系统版本、版本授权和电脑硬件等信息,以及该系统的一些协议。 + +![0|info](./figures/48.png) + +#### 关于本机 + +1. 在控制中心首页,单击 ![system_info_normal](./figures/icon120-o.svg)。 +2. 在 **关于本机** 下,您可以查看当前系统版本、版本授权及电脑硬件信息; +3. 若系统未激活,可在此页面单击 **激活**,进行系统激活。 + +#### 版本协议 + +1. 在控制中心首页,单击 ![system_info_normal](./figures/icon120-o.svg)。 +2. 在 **版本协议** 下,查看系统版本协议。 + +#### 最终用户许可协议 + +1. 在控制中心首页,单击 ![system_info_normal](./figures/icon120-o.svg)。 +2. 在 **最终用户许可协议** 下,查看最终用户许可协议。 + + + +## 键盘交互 + +您可以使用键盘在各个界面区域内切换,并选择对象,执行操作。 + +| 按键 | 功能 | +| :----------------------------------------------------------- | :----------------------------------------------------------- | +| **Tab** | 在不同区域或对话框按钮之间切换。 | +| ![Up](./figures/icon127-o.svg) ![Down](./figures/icon73-o.svg) ![Left](./figures/icon88-o.svg) ![Right](./figures/icon111-o.svg) | 在同区域内对不同的对象进行选择。使用 ![Right](./figures/icon111-o.svg) 进入下级菜单,使用 ![Left](./figures/icon88-o.svg) 返回上级菜单。使用![Up](./figures/icon127-o.svg)![Down](./figures/icon73-o.svg) 键进行上下切换 。 | +| **Enter** | 执行选定对象。 | +| **Space** | 在文件管理器中,预览选定对象;在影院和音乐中,开始/暂停播放;在下拉列表中,展开下拉选项(也可使用回车键)。 | +| **Ctrl**+**M** | 打开右键菜单。 | + diff --git a/docs/zh/docs/desktop/Install_XFCE.md b/docs/zh/docs/desktop/Install_XFCE.md new file mode 100644 index 0000000000000000000000000000000000000000..33deea53eb78b47ba95a8b083c70d9d1cb75d7b6 --- /dev/null +++ b/docs/zh/docs/desktop/Install_XFCE.md @@ -0,0 +1,80 @@ +# 在 openEuler 上安装 XFCE + +XFCE是一款轻量级 Linux 桌面,当前版本已经将所有部件从 GTK2 更新到 GTK3,从D-Dbus Glib更新到GDBus,大部分组件支持GObject Introspection(简称 GI,用于产生与解析 C 程序库 API 元信息,以便于动态语言(或托管语言)绑定基于 C + GObject 的程序库)。优化用户体验,加入新特性,并修补大量BUG。与其他UI界面(GNOME、KDE)相比,XFCE占用的内存和CPU使用量非常小,给用户带来亲切和高效的使用体验。 + +XFCE支持x86_64和aarch64两种架构。 + +安装时,建议新建一个管理员用户。 + +1. [下载](https://www.openeuler.org/zh/download/archive/detail/?version=openEuler%2020.03%20LTS%20SP4)openEuler ISO镜像并安装系统,更新软件源(需要配置Everything源,以及EPOL源,下面命令是在最小化安装系统的情况下安装XFCE) + + ```sh + sudo dnf update + ``` + +2. 安装字库 + + ```sh + sudo dnf install dejavu-fonts liberation-fonts gnu-*-fonts google-*-fonts + ``` + +3. 安装Xorg + + ```sh + sudo dnf install xorg-* + ``` + +4. 安装XFCE及组件 + + ```sh + sudo dnf install xfwm4 xfdesktop xfce4-* xfce4-*-plugin network-manager-applet + ``` + +5. 安装登录管理器 + + ```sh + sudo dnf install lightdm lightdm-gtk + ``` + +6. 设置默认桌面为XFCE + 通过root权限用户设置 + + ```sh + echo 'user-session=xfce' >> /etc/lightdm/lightdm.conf.d/60-lightdm-gtk-greeter.conf + ``` + +7. 使用登录管理器登录XFCE + + ```sh + sudo systemctl start lightdm + ``` + + 登录管理器启动后,在右上角左侧选择"xfce-session" + 输入用户名、密码登录 + +8. 设置开机自启动图形界面 + + ```sh + sudo systemctl enable lightdm + sudo systemctl set-default graphical.target + ``` + + 如果默认安装了gdm,建议停用gdm + + ```sh + systemctl disable gdm + ``` + + 重启验证 + + ```sh + sudo reboot + ``` + +9. FAQ + + **Q:为什么lightdm登录界面背景是黑色的?** + + A:登录界面是黑色的是因为lightdm-gtk默认配置文件/etc/lightdm/lightdm-gtk-greeter.conf中没有设置background。 + 可以在该配置文件最后的[greeter]段中设置 background=/usr/share/backgrounds/xfce/xfce-blue.jpg + 然后systemctl restart lightdm 就可以看到背景了。 diff --git a/docs/zh/docs/desktop/Kiran_userguide.md b/docs/zh/docs/desktop/Kiran_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..883eb197ad4c612b616b71695d6a9b7cbd3e6391 --- /dev/null +++ b/docs/zh/docs/desktop/Kiran_userguide.md @@ -0,0 +1,354 @@ +# Kiran桌面环境用户手册 + +## 1.概述 + +Kiran桌面是一款以用户和市场需求为主导的稳定、高效、易用的桌面环境,主要包括了桌面、任务栏、托盘、控制中心和窗口管理等组件。本文介绍了Kiran桌面的使用。 + +## 2.桌面 + +### 2.1.登录界面 + +安装完成后重启系统,系统启动后需要输入登录的用户名和密码才能进入系统,登录界面会显示时间日期、电源按钮、软键盘按钮。界面支持自适应调整,支持屏幕放缩,支持多屏显示,登录框可以跟随鼠标进行屏幕切换。 + +![图1-登录界面](figures/kiran-1.png) + +### 2.2.主界面 + +输入正确的用户名和密码后即可登录系统进入主界面,如下图所示: +![图2-主界面](figures/kiran-2.png) +桌面上放置有几个图标,如计算机、主文件夹、回收站等,位于屏幕底部的一个长条称为面板,从这里可以启动应用程序或在模拟桌面上切换。 + +桌面是用户的工作区域,用户操作和程序运行都是在桌面上。桌面上还有用户希望能方便访问的文件和应用程序图标,用鼠标双击可以运行相应程序或打开文件。可以拖动、添加或删除桌面图标。使用桌面图标可以更加便捷地完成工作。 + +![图3-计算机](figures/kiran-3.png)计算机:双击可以显示从本计算机访问的所有本地和远程磁盘和文件夹。 + +![图4-主文件夹](figures/kiran-4.png)主文件夹:双击可以显示/root(家目录)下的内容。 + +![图5-回收站](figures/kiran-5.png)回收站:暂时存放已删除文件的地方。 + +桌面右键:桌面右键提供了一些图标管理、创建文件夹、创建文档、桌面背景、主题、等快捷方式。 + +创建文件夹:可以创建新的文件夹。 + +创建启动器:可以创建一个新的启动器。 + +创建文档:可以创建空的纯文本文档。 + +打开终端:直接打开终端应用。 + +按名称组织桌面:按名称来进行排序桌面文件。 + +保持对齐:勾选了保持对齐,桌面图标会按照网格对齐排列。 + +更改桌面背景:打开“背景”,以改变桌面或锁屏的背景图片。 + +### 2.3.面板 + +面板通常位于屏幕的底部,上面包括了开始菜单按钮、快速启动区域、经常使用的应用程序与桌面小程序图标和显示当前运行应用程序的任务条。 + +将鼠标停在某个图标上呆几秒钟,会看到一个白色的弹出提示框,内容是对这个图标作用的描述。 +![图6-系统面板](figures/kiran-6.png) + +## 3.任务栏 + +任务栏:显示正在运行的程序或打开的文档,点击任务条上某一项可以最大化或最小化被选中的程序。可以通过在对应项上点击鼠标右键对其运行窗口进行最大化、最小化或关闭等操作。 + +| 组件 | 说明 | +| :------------ | :------------ | +|![图7-开始菜单](figures/kiran-7.png)|开始菜单按钮:相当于Windows中的开始按钮,单击会弹出系统级联的开始菜单| +|![图8-工作区按钮](figures/kiran-8.png)|单机此按钮启动工作区| +|![图9-文件浏览器按钮](figures/kiran-9.png)|单击此按钮启动文件浏览器,可浏览管理文件| +|![图10-终端命令按钮](figures/kiran-10.png)|单击将启动终端| +|![图11-Web浏览器按钮](figures/kiran-11.png)|单击此按钮启动firefox浏览器| +|![图12-网络控制图标](figures/kiran-12.png)|显示当前网络状态,单击可修改系统的网络配置| +|![图13-时钟按钮](figures/kiran-13.png)|显示当前日期和时间,可以根据需要定制显示的样式| + +## 4.控制中心 + +### 4.1.开始菜单设置 + +选择“开始菜单”>“控制中心”>“开始菜单设置”。 + +开始菜单可设置开始菜单样式,根据个人喜好设置开始菜单的显示模式与不透明度,如图所示: + +![图14-开始菜单设置](figures/kiran-14.png) + +开始菜单根据设置的透明度、显示模式而更改,如下图: + +![图15-开始菜单界面](figures/kiran-15.png) + +### 4.2.登录设置 + +选择“开始菜单”>“控制中心”>“登录设置”打开。 + +在kiran桌面,用户可以通过选择控制中心中的登录设置对登录界面环境效果进行设置,其中包括登录界面背景图、是否自动登录、缩放比例、是否允许手动输入用户名登录、是否显示用户列表等,如图所示: +![图16-登录设置](figures/kiran-16.png) + +还可以设置自动登录,设置自动登录的用户和延时,重启系统后会自动登录该用户,无需输入密码。 +![图17-设置自动登录](figures/kiran-17.png) + +### 4.3.显示设置 + +定制显示属性是每个桌面系统所必备的,kiran桌面提供了强大的显示属性定制工具。您可以通过选择“开始菜单”>“控制中心”>“显示设置”进入显示设置界面,如下图所示: +![图18-显示设置](figures/kiran-18.png) + +这里可以设置屏幕旋转、分辨率、刷新率、缩放率和旋转,设置完成后点击“应用”即可。 + +### 4.4.鼠标设置 + +用户可以通过选择控制中心中的“鼠标设置”对鼠标进行配置,可以修改鼠标手持模式为左手和右手模式,调整鼠标移动速度,可以设置是否自动滚动,是否同时按下左右键模拟中键功能。鼠标设置常见界面如图所示: + +![图19-鼠标设置](figures/kiran-19.png) + +### 4.5.帐户管理工具 + +帐户管理工具工具是对用户和组进行管理的一个简单易用工具,您可以通过这个工具对用户和组群进行配置和管理,主要包括: + +1)增加用户,设置用户属性; + +2)修改用户属性; + +3)显示用户属性; + +4)删除用户; + +用户属性包括:帐号、口令(密码)、登录 shell,用户组属性指在该组包含哪些用户。 + +#### 4.5.1.启动帐户管理工具 + +在控制中心中选择启动“帐户管理工具”选项即可启动帐户管理工具,如图所示: +![图20-帐户管理工具](figures/kiran-20.png) + +在这个界面中您可以看到有左侧菜用户栏和右侧详细信息栏两个部分。目前在列出的是系统中的所有用户(除root用户除外)。点击左侧某个用户,详细信息栏将显示用户的基本信息(用户ID、用户类型等)。 + +点击“创建用户”,在右侧出现页面,如下图所示,按照要求填写您要添加的用户名、用户类型、设置密码、头像。填写完毕后,单击“创建”即完成添加。 +![图21-创建帐户](figures/kiran-21.png) + +【注】:如果您已经设置了密码允许的最小位数(例如四位),则您在此处输入的密码位数要不小于 4 位,否则系统将不会接受该密码。 + +单击头像区域打开头像修改功能,系统预设了各种类型的头像供用户选择,用户也可以自己添加头像,点击“确认”后记得保存: +![图22-修改头像](figures/kiran-22.png) + +#### 4.5.2.删除用户 + +首先在左侧信息栏里的欲删除的用户上单击,选中该用户,然后在右侧工具栏上点击“删除”按钮,如下图所示: +![图23-删除用户](figures/kiran-23.png) +![图24-删除确认提示](figures/kiran-24.png) + +在弹出上图所示的对话框中单击“否”撤消删除,单击“是”确认删除。 + +#### 4.5.3.高级设置 + +选择“创建新用户”>“输入帐号密码”>“高级设置”,打开一个对话框,如下图所示,可以设置用户的登录shell、指定用户ID和指定用户目录。 + +![图25-高级设置](figures/kiran-25.png) + +### 4.6. 外观 + +定制显示属性是每个桌面系统所必备的,Kiran桌面为您提供了强大的显示属性定制工具。外观是一个对系统的桌面背景,主题,字体三个方面提供统一配置和管理的工具。 + +选择“开始菜单”>“控制中心”>“外观”,显示的界面如下图所示: + +![图26-外观设置](figures/kiran-26.png) + +#### 4.6.1.主题 + +主题可以对系统的对话框风格,菜单风格,系统面板风格,图标风格进行统一设置或者也可以根据用户的喜好定制。 + +1)主题设置 + +系统中默认已提供了多套主题,可以在主题浏览对话框中浏览主题的相关信息。点击主题浏览对话框中的主题,即可设置系统主题,如图所示: +![图27-主题设置](figures/kiran-27.png) + +2)自定义主题 + +用户可以通过点击“自定义”按钮,来根据用户的喜好定制系统主题,如下图所示:自定义主题包括: + +a.控制; + +b.色彩; + +c.窗口边框; + +d.图标; + +e.指针; + +![图28-自定义主题](figures/kiran-28.png) + +#### 4.6.2.背景 + +用户可以对桌面背景进行设置,可以修改颜色、样式。 + +1)背景图片设置 + +如下图所示,点击壁纸文件浏览对话框中的壁纸,即可将桌面设置为此壁纸。 + +![图29-背景设置](figures/kiran-29.png) + +2)样式 + +用户可以根据自己的喜好通过样式下拉式选择框来调整壁纸填充桌面背景时的方式。填充方式有以下六种方式: + +a.平铺; + +b.缩放; + +c.居中; + +d.比例放大; + +e.伸展; + +f.适合宽度。 + +3)壁纸的添加与删除 + +用户可以通过“添加”按钮添加自己喜欢的壁纸,如下图所示: +![图30-添加壁纸](figures/kiran-30.png) + +点击“打开”即可添加壁纸。 + +同时可以点击“删除”按钮来删除用户不喜欢的壁纸。具体步骤:选择壁纸,点击“删除”。 + +4)桌面背景色彩填充设置 + +用户如果不喜欢用壁纸来设置桌面背景,也可以用色彩来设置背景,在壁纸选择对话框中选择无壁纸选项,即可使用色彩来填充桌面背景。 + +填充色彩的方式有三种: + +a.纯色; + +b.水平梯度; + +c.垂直梯度。 + +![图31-背景图片色彩填充](figures/kiran-31.png) + +#### 4.6.3.字体 + +1)字体设置 + +用户可以通过字体设置来设置系统图形界面的各种类型的字体,字体类型包括以下五种类型: + +a.应用程序字体; + +b.文档字体; + +c.桌面字体; + +d.窗口标题字体; + +e.等宽字体。 +![图32-字体设置](figures/kiran-32.png) + +2)字体效果设置与详情设置 + +字体渲染效果设置 + +用户可以通过字体渲染效果设置来设置系统图形界面的以下四种类型的字体效果: + +a.单色; + +b.最佳形状; + +c.最佳对比; + +d.次像素平滑; + +系统默认使用的最佳形状的字体渲染效果,如下图所示: +![图33-字体渲染设置](figures/kiran-33.png) + +3)字体细节设置 + +字体效果的一些详情设置可以通过“细节”按钮进行设置。详情设置包括: + +a.字体分辨率; + +b.字体平滑度; + +c.字体微调; + +d.字体次像素排序。 + +![图34-字体细节设置](figures/kiran-34.png) + +4)用户可以设置界面,选择是否在菜单显示图标和在按钮中显示图标: +![图35-显示图标与否设置](figures/kiran-35.png) + +## 5.桌面应用 + +### 5.1.文本编辑器 + +要启动文本编辑器,点击“开始菜单”>“所有应用”>“工具”>“pluma”。也可以在shell提示符下键入pluma启动文本编辑器。 + +文本编辑器是所有计算机系统中最常用的一种工具。用户在使用计算机时,往往需要创建自己的文件,无论是一般的文字文件、资料文件,还是编写源程序,这些工作都离不开编辑器。它用于查看和修改纯文本文件,纯文本文件是不包含应用字体或风格格式的普通文本文件,如系统日志和配置文件: + +![图36-文本编辑器](figures/kiran-36.png) + +### 5.2.终端 + +在桌面环境下,可以利用终端程序进入传统的命令操作界面,启动命令行终端的方法是:选择“开始菜单”>“所有应用”>“工具”>“终端”或者桌面面板上的图标: + +![图37-终端](figures/kiran-37.png) + +### 5.3.Firefox火狐浏览器 + +要启动Firefox火狐浏览器,点击“开始菜单”>“所有应用”>“互联网”>“Firefox火狐浏览器”。 + +Firefox火狐浏览器,是一个自由及开放源代码网页浏览器,使用Gecko排版引擎,支持多种操作系统,如Windows、Mac OS X及GNU/Linux等。它体积小速度快,还有其他一些高级特征,主要特性有:标签式浏览、使用网上冲浪更快、可以禁止弹出式窗口、自定制工具栏、扩展管理、更好的搜索特性、快速而方便的侧栏: + +![图38-firefox浏览器](figures/kiran-38.png) + +### 5.4.截图工具 + +选择“开始菜单”>“所有应用”>“图像”>“截图工具”,可以启动截图工具。 + +截图工具是kiranz桌面的一款小巧灵活的屏幕捕捉软件,操作界面简洁、使用极为方便。该软件启动时会在托盘处添加截图工具图标![图39-托盘区截图图标](figures/kiran-39.png),点击该图标后,直接弹出屏幕捕捉界面,可自行选择截图范围。可通过有击该图标打开“打开启动器”,可选择需要抓取的范围是整个桌面,或者方形区域,可设置截图延迟时间,如下图所示: + +![图40-截图界面](figures/kiran-40.png) +![图41-启动器界面](figures/kiran-41.png) + +在弹出的对话框中,点击“√”,即可保存至桌面,如想自定义保存位置,点击“选项”>勾选“自定义保存位置”即可。如下图所示: + +![图42-截图过程](figures/kiran-42.png) + +### 5.5.网络设置 + +Kiran桌面采用了NetworkManager作为网络配置工具,NetworkManager是用来设定、配置和管理各种网络类型的桌面工具,NetworkManager提供了对移动宽带设备、蓝牙、IPv6 提供改进的支持。通过点击“开始菜单-控制中心-网络连接”打开,或者通过点击桌面右下角网络图标选择编辑连接打开,如图所示: + +![图43-网络连接工具](figures/kiran-43.png) + +设置有线连接: + +设备选择当前的网卡,如“ens160”是当前系统的网卡,选中该网卡,点击“编辑”按钮,弹出网卡编辑对话框: +![图44-编辑网络](figures/kiran-44.png) + +“IPv4设置”是用户常用到的设置,这里选择了DHCP的方式获取IP和DNS服务器,系统会自动给用户分配IP地址。 + +有些时候用户会碰到需要手动填写IP地址的情况,这就需要在IPv4设置的上方“方法”下拉菜单中选择“手动”,如下图所示: + +![图45-设置IPV4](figures/kiran-45.png) + +接下来点击“添加”按钮依次输入IP地址、子网掩码和网关,并填写DNS服务器,如下图: + +![图46-设置网络ip和dns等](figures/kiran-46.png) + +填写ip地址、子网掩码、网关和DNS后保存,点击桌面右下角网络图标断开网络后重新连接。 + +### 5.6.时间和日期管理 + +要对系统的日期和时间进行设置,您可以在控制中心中选择“时间和日期管理”选项,也可以通过点击桌面右下角日期区域,系统将弹出如图所示的界面: +![图47-时间和日期管理工具](figures/kiran-47.png) + +自动同步日期和时间:打开“自动同步”并连接外网可以自动同步时间。 + +设置时区:点击“更改时区”按钮,右侧显示如下图所示时区设置对话框,点击需要更改的时区后保存即可修改时区。 + +![图48-修改时区](figures/kiran-48.png) + +手动设置时间:关闭自动同步按钮,点击手动设置时间,可以手动调整年份、月份、日以及时间,修改完成后保存。 +![图49-手动设置时间](figures/kiran-49.png) + +修改日期格式:点击日期时间格式设置可以修改显示的日期格式,可以设置长日期显示格式、短日期显示格式、时间格式、以及是否显示秒: +![图50-修改日期格式](figures/kiran-50.png) diff --git a/docs/zh/docs/desktop/UKUIuserguide.md b/docs/zh/docs/desktop/UKUIuserguide.md new file mode 100644 index 0000000000000000000000000000000000000000..4dfb3e9cf71665b8986bcbfbce4601b1f5a9fbbf --- /dev/null +++ b/docs/zh/docs/desktop/UKUIuserguide.md @@ -0,0 +1,390 @@ +# UKUI 用户指南 + +## 概述 + +桌面是用户进行图形界面操作的基础,UKUI(UbuntuKylin UI)提供了多个功能部件,包括任务栏、开始菜单等,本文主要描述 UKUI 的使用。 + +主界面如下图所示。 + +![图 1 桌面主界面-big](./figures/1.png) + +## 桌面 + +### 桌面图标 + +系统默认放置了计算机、回收站、主文件夹三个图标,鼠标左键双击即可打开页面,功能如下表。 + +| 图标 | 说明 | +| :------------ | :------------ | +| ![](./figures/icon1.png) | 计算机:显示连接到本机的驱动器和硬件| +| ![](./figures/icon2.png) | 回收站:显示移除的文件| +| ![](./figures/icon3.png) | 主文件夹:显示个人主目录| + +另外,右键单击“计算机”,选择“属性”,可显示当前系统版本、内核版本等相关信息。 + +![图 2 “计算机”-“属性”-big](./figures/2.png) + +### 右键菜单 + +在桌面空白处单击鼠标右键,出现的菜单如下图所示,为用户提供了一些快捷功能。 + +![图 3 右键菜单](./figures/3.png) + +部分选项说明如表 2。 + +| 选项 | 说明| +| :------------ | :------------ | +| 新 建 | 可新建文件夹、文本文档、WPS文件 | +| 视图类型 | 提供四种视图类型:小图标、中图标、大图标、超大图标 | +| 排序方式 | 提供根据文件名称、文件类型、文件大小、修改日期排列的四种方式| + +
    + +## 任务栏 + +### 基本功能 + +任务栏位于底部,包括开始菜单、多视图切换、文件浏览器、Firefox网络浏览器、WPS、托盘菜单。 + +![图 4 任务栏](./figures/4.png) + +| 组件 | 说明 | +| :------------ | :------------ | +|![](./figures/icon4.png)| 开始菜单,用于弹出系统菜单,可查找应用和文件 | +|![](./figures/icon5.png)| 多视图切换,可在多个工作区互不干扰进行操作| +|![](./figures/icon6.png)| 文件浏览器,可浏览和管理系统中的文件| +|![](./figures/icon7.png)| Firefox网页浏览器,提供便捷安全的上网方式| +|![](./figures/icon8.png)| WPS办公套件,可以实现办公软件最常用的文字、表格、演示等多种功能| +|窗口显示区 |横条中间空白部分;显示正在运行的程序或打开的文档,可进行关闭窗口、窗口置顶操作。| +|![](./figures/icon9.png)| 托盘菜单,包含了对声音、麒麟天气、网络连接、输入法、通知中心、日期、夜间模式的设置| +|显示桌面| 按钮位于最右侧;最小化桌面的所有窗口,返回桌面;再次单击将恢复窗口| + +
    + +#### 多视图切换 + +点击任务栏“![](./figures/icon5.png)”图标,即可进入如下图所示界面,在多个工作区内选择当下需要工作的操作区。 + +![图 5 多视图切换-big](./figures/5.png) + +#### 预览窗口 + +用户将鼠标移动到任务栏的应用图标上,会对该应用打开的窗口进行小窗口预览,悬停在指定窗口如下图所示为悬停状态,该窗口会微微呈现毛玻璃效果(左),其余窗口为默认状态(右)。 + +![图 6 任务栏预览窗口](./figures/6.png) + +用户通过鼠标右键点击任务栏的应用图标,可关闭该应用。 + +![图 7 任务栏右键预览](./figures/7.png) + +#### 侧边栏 + +侧边栏位于整个桌面的右侧,点击任务栏托盘菜单中的“![](./figures/icon11-o.png)”图标打开收纳菜单,点击侧边栏“![](./figures/icon12-o.png)”图标,弹出侧边栏如下图所示。 + +侧边栏由两部分构成:通知中心、剪切板和小插件。 + +![图 8 侧边栏无消息状态-big](./figures/8.png) + +##### 通知中心 + +通知中心将会显示近期最新的重要信息列表,选择右上角“清空”可将信息列表清空;用户可通过选择右上角“设置”跳转进入控制面板的通知设置界面,能设置显示信息的应用,以及信息的数量。 + +![图 9 通知中心-big](./figures/9.png) + +右侧工作区可设置为按应用折叠的模式。 + +![图 10 按应用折叠通知消息-big](./figures/10.png) + +侧边栏右上角“![](./figures/icon13-o.png)”图标可收纳不重要信息,可以打开不重要的和已被设置为收纳的应用软件信息,消息超过999+后显示成![](./figures/icon14-o.png)的形式表示无穷大。 + +![图 11 消息收纳箱](./figures/11.png) + +##### 剪切板 + +剪切板可保存近期选择复制或剪切的内容,同时可通过表上说明的图标进行相应操作。 + +其中点击“![](./figures/icon15-o.png)”图标,可对剪切板的内容进行编辑。 + +|图标| 说明| 图标 |说明 | +| :------------ | :------------ | :------------ | :------------ | +|![](./figures/icon16.png)| 复制剪切板上的该内容 |![](./figures/icon18.png)| 编辑剪切板上的该内容 | +|![](./figures/icon17.png)| 删除剪切板上的该内容 | | | +
    + +![图 12 剪切板](./figures/12.png) + +![图 13 编辑选中实的剪切板内容](./figures/13.png) + +剪切板的第二个标签为小插件,插件包含:闹钟、笔记本、用户反馈,可供用户快捷选择。 + +![图 14 小插件](./figures/14.png) + +#### 托盘菜单 + +##### 收纳菜单 + +点击任务栏托盘菜单中的“![](./figures/icon19-o.png)”图标打开收纳菜单,收纳菜单中可收纳麒麟天气、输入法、蓝牙、u盘等小工具。 + +![图 15 收纳菜单](./figures/15.png) + +##### 输入法 + +任务栏输入法默认为搜狗输入法,使用快捷键“Ctrl+Space”可切换出来,“Shift”按键切换中英文模式。 + +![图 16 输入法](./figures/16.png) + +##### U盘 + +U盘插入主机后,自动读取U盘数据,点击任务栏中U盘“![](./figures/icon26-o.png)”图标弹窗如下图所示。 + +需要卸载U盘时仅需点击弹出“![](./figures/icon27-o.png)”图标即可。 + +![图 17 U盘状态窗口](./figures/17.png) + +##### 电源 + +没有检测到电源设备时,用户通过点击鼠标左键任务栏中电源“![](./figures/icon28-o.png)”图标。 + +![图 18 无电源设备](./figures/18.png) + +若检测到接入的电源设备,用户通过点击鼠标左键任务栏中电源“![](./figures/icon29-o.png)”图标。 + +![图 19 电源管理器窗口](./figures/19.png) + +用户通过点击鼠标右键任务栏中电源“![](./figures/icon30-o.png)”图标,弹出电源管理器设置菜单,设置调整屏幕亮度、设置电源和休眠两项。 + +![图 20 电源管理器设置](./figures/20.png) + +若电源管理器弹出“电池电量不足”的弹窗后,用户可点击开启节能模式,电源管理器则即刻将本机设为节能模式运行。 + +![图 21 电池电量不足开启节能模式](./figures/21.png) + +##### 网络 + +用户通过鼠标左键点击任务栏上的网络“![](./figures/icon31-o.png)”图标,可根据需要选择有线和无线两种网络连接方式。 + +|图标 |说明| 图标 |说明 | +| :------------ | :------------ | :------------ | :------------ | +|![](./figures/icon32.png)| 网络已连接 |![](./figures/icon37.png)| 网络未连接 | +|![](./figures/icon33.png)| 网络连接受限 |![](./figures/icon38.png)| 网络已上锁 | +|![](./figures/icon34.png)| 网络正在连接 |![](./figures/icon39.png)| Wifi已连接 | +|![](./figures/icon35.png)| Wifi未连接 |![](./figures/icon40.png)| Wifi连接受限 | +|![](./figures/icon36.png)| Wifi已上锁 |![](./figures/icon41.png)| Wifi正在连接 | + +
    + +![图 22 网络连接界面](./figures/22.png) + +- 有线网络 + + 在有线网络连接界面,点击有线网络方案即可展开,查看网络的详细信息。 + + ![图 23 有线网络连接](./figures/23.png) + +- 无线网络 + + 无线网络连接,点击右上角开关按钮打开无线网络连接,并在可用无线网络列表中选择需要连接的WiFi,并键入密码即可通过WiFi上网。 + + ![图 24 无线网络连接](./figures/24.png) + +- 网络设置窗口 + + 用户通过鼠标右键点击任务栏上的网络“![](./figures/icon42-o.png)”图标,弹出网络设置菜单。 + + ![图 25 有线网络设置](./figures/25.png) + + 点击设置网络,即刻进入网络设置窗口。 + + ![图 26 网络设置窗口](./figures/26.png) + +##### 音量 + +用户通过鼠标左键点击任务栏上的音量“![](./figures/icon43-o.png)”图标,打开声音界面。 + +- mini模式 + + 音量mini模式,仅显示扬声器的音量。 + + ![图 27 音量mini模式](./figures/27.png) + +- 按设备 + 音量按设备标签包括输出设备、输入设备。 + + ![图 28 按设备音量列表](./figures/28.png) +- 按应用 + 音量按应用标签包括系统音量、其他应用音量。 + + ![图 29 按应用音量列表](./figures/29.png) + +##### 日历 + +用户通过鼠标左键点击任务栏上的时间日期弹出日历窗口,查看日历、月历、年历窗口。 + +用户可通过筛选年 > 月 > 日查看一日信息,会以大字显示当日日期,并有当日的时间、星期、节气、农历,点击下方宜忌勾选可查看。 + +![图 30 日历查看-big](./figures/30.png) + +##### 夜间模式 + +用户通过鼠标左键点击任务栏上的夜间模式“![](./figures/icon44-o.png)”图标,可设置为夜间模式。 + +#### 高级设置 + +右键单击任务栏,出现的菜单。 + +![图 31 任务栏右键菜单](./figures/31.png) + +用户可对任务栏的布局进行设定,在“设置任务栏”中可进行相关设置。 + +
    + +## 窗口 + +### 窗口管理器 + +窗口管理器为用户提供了如表所示的功能。 + +|功能 |说明 | +| :--------| :----------| +|窗口标题栏| 显示当前窗口的标题名称 | +|最小化/最大化/关闭 |标题栏右侧的三个图标按钮,分别对应最小化窗口、最大化窗口、关闭窗口的功能 | +|侧边滑动 |在窗口右侧提供滑动条,可上下滚动查看页面 | +|窗口堆叠| 允许窗口之间产生重叠 | +|窗口拖拽 |在窗口标题栏长按鼠标左键,可移动窗口到任意位置 | +|窗口大小调整 |将鼠标移至窗口四角,长按左键,可任意调整窗口大小 | + +
    + +### 窗口切换 + +用户有三种方式可以切换: + +- 在任务栏上点击窗口标题; + +- 在桌面上点击不同窗口; + +- 使用快捷键< Alt > + < Tab >; + +
    + +## 开始菜单 + +### 基本功能 + +单击“开始菜单”按钮,菜单具备滑动条功能。 + +![图 32 开始菜单主界面](./figures/32.png) + +#### 右侧分类菜单 + +用户将鼠标停留在开始菜单右侧,会出现一个右侧预展开的提示栏,点击展开,即在右侧默认显示三个分类:“常用软件”、“字母分类”、“功能分类”,其中: + +- 所有软件:列出所有软件,近期使用过的软件将会在此页面置顶显示。 + +- 字母分类:列出系统根据首字母进行分类显示所有软件。 + +- 功能分类:列出系统根据功能进行分类显示所有软件。 + +用户可通过点击右上角开始菜单的全屏图标,查看全屏菜单。 + +![图 33 全屏开始菜单-big](./figures/33.png) + +#### 右侧功能键 + +右下侧显示用户头像、计算机、设置和电源四个选项。 + +##### 用户头像 + +点击“![](./figures/icon45-o.png)”图标,进入控制面板查看用户信息。 + +##### 计算机 + +点击“![](./figures/icon46-o.png)”图标进入计算机:个人主文件夹。 + +##### 设置 + +点击“![](./figures/icon47-o.png)”图标进入控制面板。 + +##### 电源 + +###### 锁定屏幕 + +当用户暂时不需要使用计算机时,可以选择锁屏(不会影响系统当前的运行状态),防止误操作;用户返回后,输入密码即可重新进入系统。 + +在默认设置下,系统在一段空闲时间后,将自动锁定屏幕。 + +锁屏界面如下图所示。 + +![图 34 锁屏界面-big](./figures/34.png) + +###### 切换用户和注销 + +当要选择其他用户登录使用计算机时,可选择“注销”或“切换用户”。 + +此时,系统会关闭所有正在运行的应用;所以,在执行此操作前,请先保存当前工作。 + +###### 关机与重启 + +有两种操作方式: + +1)“开始菜单” > “电源” > “关机” + +会弹出对话框,用户可根据需要选择重启或关机。 + +![图 35 关闭系统对话框-big](./figures/35.png) + +2)“开始菜单” > “关机” 按钮右边菜单 > “关机”/“重启” + +系统将直接关机/重启,不再弹出对话框。 + +### 高级设置 + +右键单击开始菜单图标,提供锁屏、切换用户、注销、重启、关闭五个快捷选项。 + +### 应用 + +用户可以在搜索框中,通过关键字搜索应用。如下图所示,可输入中文,如:搜索用户手册,查询结果会随着输入自动显示出来。 + +![图 36 搜索应用](./figures/36.png) + +通过右键点击开始菜单中的某个应用,弹出右键菜单,可将选中应用固定到“所有软件”、任务栏,可添加该应用到桌面方式,可快捷卸载该应用。 + +![图 37 应用的右键菜单](./figures/37.png) + +各个选项说明如下表。 + +|选项 |说明 | +| :------| :-------- +|固定到所有软件 |将选中软件在所有软件列表中置顶 | +|固定到任务栏 |在任务栏上生成应用的图标 | +|添加到桌面快捷方式| 在桌面生成应用的快捷方式图标 | +|卸载| 卸载软件 | + +
    + +## 常见问题 + +### 锁屏后无法登录系统 + +- 通过Ctrl + Alt + F1切换到字符终端。 + +- 输入用户名和密码后登录。 + +- 执行命令“sudo rm -rf ~/.Xauthority”。 + +- 通过Ctrl + Alt + F7切回图形界面,输入用户密码登录。 + +
    + +## 附录 + +### 快捷键 + +|快捷键 |功能 | +| :------ | :----- | +|F5| 刷新桌面 | +|F1 |打开用户手册 | +|Alt + Tab |切换窗口 | +|win |打开开始菜单 | +|Ctrl + Alt + L| 锁屏 | +|Ctrl + Alt + Delete| 注销 | diff --git a/docs/zh/docs/desktop/Xfce_userguide.md b/docs/zh/docs/desktop/Xfce_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..97f625132b5acd32b9dffab71c49212e99dfc142 --- /dev/null +++ b/docs/zh/docs/desktop/Xfce_userguide.md @@ -0,0 +1,247 @@ +# Xfce 用户指南 + + +## 一 概述 + +Xfce是运行在类Unix操作系统中的一款轻量级桌面环境。Xfce提供了多个功能部件,包括所有应用程序等,本文主要描述 Xfce 的使用。 + +界面如下图所示。 + +![图 1 桌面主界面-big](./figures/xfce-1.png) + +
    + +## 二 桌面 + +### 2.1 桌面图标 + +系统默认放置了文件系统、主文件夹、挂载目录等图标,鼠标左键双击即可打开页面。 + +![图 2 主界面默认图标-big](./figures/xfce-2.png) + +### 2.2 右键菜单 + +在桌面空白处单击鼠标右键,出现的菜单如下图所示,为用户提供了一些快捷功能。 + +![图 3 右键菜单](./figures/xfce-3.png) + +部分选项说明如表。 + +| 选项 | 说明| +| :------------ | :------------ | +| 在新窗口中打开 | 打开对应登录用户的Desktop目录 | +| 创建启动器 | 启动器的自行创建 | +| 创建URL链接 | URL链接的自行创建 | +| 创建文件夹 | 新建文件夹 | +| 创建文档 | 新建文本文档 | +| Open Terminal Here | 新建终端 | +| 排列桌面图标 | 自动排列桌面图标 | +| 桌面设置 | 提供关于背景、菜单、图标的设置 | +| 属性 | 提供关于Desktop的一般、徽标、权限等属性设置 | +| 应用程序 | 所有应用程序 | + +
    + +## 三 任务栏 + +### 3.1 基本功能 + +任务栏位于顶部,包括所有应用程序菜单、窗口显示区、多视图切换、托盘菜单。 + +![图 4 任务栏](./figures/xfce-4.png) + +| 组件 | 说明 | +| :------------ | :------------ | +| 所有应用程序 | 用于弹出所有程序以及设置,可查找应用和设置。| +| 窗口显示区 | 横条中间空白部分;显示正在运行的程序或打开的文档,可进行最小化、最大化、关闭窗口、窗口置顶等操作。| +| 多视图切换 | 可在多个工作区互不干扰进行操作。 | +| 托盘 | 包含了对网络连接、声音、电源、通知中心、日历、登录用户动作的设置。| + +#### 3.1.1 所有应用程序 + +![图 5 所有应用程序-big](./figures/xfce-5.png) + +#### 3.1.2 窗口显示区 + +![图 6 窗口显示区-big](./figures/xfce-6.png) + +#### 3.1.3 多视图切换 + +点击任务栏“![](./figures/xfce-7.png)”中的每个区域图标,即可进入对应的工作区域。 + +例如,通过鼠标在多个工作区内切换选择当下需要工作的操作区。 + +![图 7 多视图切换-big](./figures/xfce-71.png) + +#### 3.1.4 托盘 + +![图 8 托盘菜单-big](./figures/xfce-8.png) + +##### 3.1.4.1 网络 + +用户通过鼠标左键点击任务栏上的网络“![](./figures/xfce-81.png)”图标,可根据需要选择网络连接方式。 + +![图 9 网络连接界面](./figures/xfce-811.png) + +网络设置窗口 + +用户通过鼠标右键点击任务栏上的网络“![](./figures/xfce-81.png)”图标,弹出网络设置菜单。 + +![图 10 网络设置](./figures/xfce-812.png) + +点击 编辑连接,即刻进入网络设置窗口。 + +![图 11 网络设置窗口](./figures/xfce-813.png) + +双击 指定的网络连接 ,例如enp1s0,进入该连接的设置界面。 + +![图 12 有线网络设置窗口](./figures/xfce-814.png) + +##### 3.1.4.2 音量 + +用户通过鼠标左键点击任务栏上的音量“![](./figures/xfce-82.png)”图标,打开声音界面。 + +![图 13 音量设置窗口](./figures/xfce-821.png) + +##### 3.1.4.3 电源 + +用户通过点击鼠标左键任务栏中电源“![](./figures/xfce-83.png)”图标。 + +![图 14 电源设备](./figures/xfce-831.png) + +用户通过点击 电源管理器设置 进行 显示、节点 等配置。 + +![图 15 电源管理器设置](./figures/xfce-832.png) + +##### 3.1.4.4 通知中心 + +用户通过点击鼠标左键任务栏中通知“![](./figures/xfce-84.png)”图标。 + +![图 16 通知中心-big](./figures/xfce-841.png) + +用户可通过选择“请勿打扰”关闭通知。 + +通知中心将会显示重要的近期最新的重要信息列表,选择“清除日志”可将信息列表清空。 + +用户可通过选择“通知设置”跳转进入控制面板的通知设置界面,能设置显示信息的应用,以及信息的数量。 + +![图 17 通知中心-big](./figures/xfce-842.png) + +##### 3.1.4.5 日历 + +用户通过鼠标左键点击任务栏上的时间日期弹出日历窗口,查看日历、月历、年历窗口。 + +用户可通过筛选年 > 月 > 日查看一日信息。 + +![图 18 日历-big](./figures/xfce-85.png) + +用户通过鼠标右键点击任务栏上的时间日期,点击 属性 进行时间设置。 + +![图 19 日期设置-big](./figures/xfce-851.png) + +##### 3.1.4.6 高级设置 + +右键单击任务栏,出现的菜单中点击“面板”。 + +![图 20 任务栏右键菜单](./figures/xfce-86.png) + +用户可对任务栏的布局进行设定,可进行项目的添加、删除等相关设置。 + +![图 21 任务栏右键菜单](./figures/xfce-861.png) + + +##### 3.1.4.7 登录用户动作 + +用户通过鼠标左键点击任务栏上的登录用户,查看相关动作。 + +![图 22 登录用户动作](./figures/xfce-87.png) + +###### 3.1.4.7.1 锁屏 + +当用户暂时不需要使用计算机时,可以选择锁屏(不会影响系统当前的运行状态),防止误操作;用户返回后,输入密码即可重新进入系统。 + +在默认设置下,系统在一段空闲时间后,将自动锁定屏幕。 + +###### 3.1.4.7.2 切换用户 + +选择其他用户登录使用计算机时,可选择“切换用户”。 + +此时,系统会关闭所有正在运行的应用;所以,在执行此操作前,请先保存当前工作。 + +###### 3.1.4.7.3 挂起 + +处于环保节能考虑,可选择“挂起”。 + +此时,相关数据读入内存,注意不能切换电源。 + +###### 3.1.4.7.3 关机 + +用户选择关闭计算机时,可以选择“关机”。 + +在执行此操作前,建议先保存当前工作。 + +###### 3.1.4.7.3 注销 + +选择退出本次图形界面登录时,可选择“注销”。 + +此时,系统会关闭所有正在运行的应用;所以,在执行此操作前,请先保存当前工作。 + +
    + +## 四 快捷操作栏 + +### 4.1 基本功能 + +快捷操作栏位于底部,包括所有显示桌面、终端、文件管理器、网络浏览器、应用程序查找、用户家目录。 + +![图 23 快捷操作栏](./figures/xfce-9.png) + +| 组件 | 说明 | +| :------------ | :------------ | +| 显示桌面 | 最小化桌面的所有窗口,返回桌面;再次单击将恢复窗口 | +| 终端 | 快速打开一个终端 | +| 文件管理器 | 快速打开一个文件管理器 | +| 网络浏览器 | 快速打开一个网络浏览器 | +| 应用程序查找 | 快速打开应用程序查找窗口 | +| 用户家目录 | 快速打开登录用户的家目录 | + +#### 4.1.1 显示桌面 + +用户通过鼠标左键点击快捷操作栏上的“![](./figures/xfce-91.png)”图标,执行 显示桌面 相关操作。 + +![图 24 显示桌面-big](./figures/xfce-911.png) + +#### 4.1.2 终端 + +用户通过鼠标左键点击快捷操作栏上的“![](./figures/xfce-92.png)”图标,打开一个终端。 + +![图 25 终端-big](./figures/xfce-921.png) + +#### 4.1.3 文件管理器 + +用户通过鼠标左键点击快捷操作栏上的“![](./figures/xfce-93.png)”图标,打开一个文件管理器。 + +![图 26 文件管理器-big](./figures/xfce-931.png) + +#### 4.1.4 网络浏览器 + +用户通过鼠标左键点击快捷操作栏上的“![](./figures/xfce-94.png)”图标,打开一个网络浏览器。 + +![图 27 网络浏览器-big](./figures/xfce-941.png) + +#### 4.1.5 应用程序查找 + +用户通过鼠标左键点击快捷操作栏上的“![](./figures/xfce-95.png)”图标,打开一个应用程序查找界面。 + +![图 28 应用程序查找-big](./figures/xfce-951.png) + +#### 4.1.6 用户家目录 + +用户通过鼠标左键点击快捷操作栏上的“![](./figures/xfce-96.png)”图标,点击 打开文件,打开一个用户家目录界面。 + +![图 29 用户家目录-big](./figures/xfce-961.png) + +用户通过鼠标左键点击快捷操作栏上的“![](./figures/xfce-96.png)”图标,点击 在终端中打开,打开一个终端,当前目录为用户家目录。 + +![图 30 用户家目录-big](./figures/xfce-962.png) + diff --git a/docs/zh/docs/desktop/dde.md b/docs/zh/docs/desktop/dde.md new file mode 100644 index 0000000000000000000000000000000000000000..df26ec97326e1b6d7eea35d749711fa14789cac7 --- /dev/null +++ b/docs/zh/docs/desktop/dde.md @@ -0,0 +1,3 @@ +# DDE 用户指南 + +本节主要描述 DDE 桌面环境的安装和使用。 \ No newline at end of file diff --git a/docs/zh/docs/desktop/desktop.md b/docs/zh/docs/desktop/desktop.md new file mode 100644 index 0000000000000000000000000000000000000000..dd9685e7373aba3b6d2e503eefa03b57d417035d --- /dev/null +++ b/docs/zh/docs/desktop/desktop.md @@ -0,0 +1,4 @@ +# 桌面环境用户指南 + +本文介绍四种常用的桌面环境的安装和使用方法,它们提供美观易用、安全可靠的图形化操作界面,给用户带来更好的体验。 + diff --git a/docs/zh/docs/desktop/figures/1.png b/docs/zh/docs/desktop/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/zh/docs/desktop/figures/1.png differ diff --git a/docs/zh/docs/desktop/figures/10.png b/docs/zh/docs/desktop/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/zh/docs/desktop/figures/10.png differ diff --git a/docs/zh/docs/desktop/figures/11.png b/docs/zh/docs/desktop/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/zh/docs/desktop/figures/11.png differ diff --git a/docs/zh/docs/desktop/figures/12.png b/docs/zh/docs/desktop/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/zh/docs/desktop/figures/12.png differ diff --git a/docs/zh/docs/desktop/figures/13.png b/docs/zh/docs/desktop/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/zh/docs/desktop/figures/13.png differ diff --git a/docs/zh/docs/desktop/figures/14.png b/docs/zh/docs/desktop/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/zh/docs/desktop/figures/14.png differ diff --git a/docs/zh/docs/desktop/figures/15.png b/docs/zh/docs/desktop/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/zh/docs/desktop/figures/15.png differ diff --git a/docs/zh/docs/desktop/figures/16.png b/docs/zh/docs/desktop/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/zh/docs/desktop/figures/16.png differ diff --git a/docs/zh/docs/desktop/figures/17.png b/docs/zh/docs/desktop/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/zh/docs/desktop/figures/17.png differ diff --git a/docs/zh/docs/desktop/figures/18.png b/docs/zh/docs/desktop/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/zh/docs/desktop/figures/18.png differ diff --git a/docs/zh/docs/desktop/figures/19.png b/docs/zh/docs/desktop/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/zh/docs/desktop/figures/19.png differ diff --git a/docs/zh/docs/desktop/figures/2.png b/docs/zh/docs/desktop/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/zh/docs/desktop/figures/2.png differ diff --git a/docs/zh/docs/desktop/figures/20.png b/docs/zh/docs/desktop/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/zh/docs/desktop/figures/20.png differ diff --git a/docs/zh/docs/desktop/figures/21.png b/docs/zh/docs/desktop/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/zh/docs/desktop/figures/21.png differ diff --git a/docs/zh/docs/desktop/figures/22.png b/docs/zh/docs/desktop/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/zh/docs/desktop/figures/22.png differ diff --git a/docs/zh/docs/desktop/figures/23.png b/docs/zh/docs/desktop/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/zh/docs/desktop/figures/23.png differ diff --git a/docs/zh/docs/desktop/figures/24.png b/docs/zh/docs/desktop/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/zh/docs/desktop/figures/24.png differ diff --git a/docs/zh/docs/desktop/figures/25.png b/docs/zh/docs/desktop/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/zh/docs/desktop/figures/25.png differ diff --git a/docs/zh/docs/desktop/figures/26.png b/docs/zh/docs/desktop/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/26.png differ diff --git a/docs/zh/docs/desktop/figures/27.png b/docs/zh/docs/desktop/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/zh/docs/desktop/figures/27.png differ diff --git a/docs/zh/docs/desktop/figures/28.png b/docs/zh/docs/desktop/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/zh/docs/desktop/figures/28.png differ diff --git a/docs/zh/docs/desktop/figures/29.png b/docs/zh/docs/desktop/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/zh/docs/desktop/figures/29.png differ diff --git a/docs/zh/docs/desktop/figures/3.png b/docs/zh/docs/desktop/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/zh/docs/desktop/figures/3.png differ diff --git a/docs/zh/docs/desktop/figures/30.png b/docs/zh/docs/desktop/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/zh/docs/desktop/figures/30.png differ diff --git a/docs/zh/docs/desktop/figures/31.png b/docs/zh/docs/desktop/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/zh/docs/desktop/figures/31.png differ diff --git a/docs/zh/docs/desktop/figures/32.png b/docs/zh/docs/desktop/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/zh/docs/desktop/figures/32.png differ diff --git a/docs/zh/docs/desktop/figures/33.png b/docs/zh/docs/desktop/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/zh/docs/desktop/figures/33.png differ diff --git a/docs/zh/docs/desktop/figures/34.png b/docs/zh/docs/desktop/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/zh/docs/desktop/figures/34.png differ diff --git a/docs/zh/docs/desktop/figures/35.png b/docs/zh/docs/desktop/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/zh/docs/desktop/figures/35.png differ diff --git a/docs/zh/docs/desktop/figures/36.png b/docs/zh/docs/desktop/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/zh/docs/desktop/figures/36.png differ diff --git a/docs/zh/docs/desktop/figures/37.png b/docs/zh/docs/desktop/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/zh/docs/desktop/figures/37.png differ diff --git a/docs/zh/docs/desktop/figures/38.png b/docs/zh/docs/desktop/figures/38.png new file mode 100644 index 0000000000000000000000000000000000000000..838f5ff0616a83cdf42edb053f4e72b93bfa644e Binary files /dev/null and b/docs/zh/docs/desktop/figures/38.png differ diff --git a/docs/zh/docs/desktop/figures/39.png b/docs/zh/docs/desktop/figures/39.png new file mode 100644 index 0000000000000000000000000000000000000000..12a379403d73a47b2fa564120a28fdb58d188963 Binary files /dev/null and b/docs/zh/docs/desktop/figures/39.png differ diff --git a/docs/zh/docs/desktop/figures/4.png b/docs/zh/docs/desktop/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/zh/docs/desktop/figures/4.png differ diff --git a/docs/zh/docs/desktop/figures/40.png b/docs/zh/docs/desktop/figures/40.png new file mode 100755 index 0000000000000000000000000000000000000000..bf419894eab852b45604966c62fafa71f051c4df Binary files /dev/null and b/docs/zh/docs/desktop/figures/40.png differ diff --git a/docs/zh/docs/desktop/figures/41.png b/docs/zh/docs/desktop/figures/41.png new file mode 100755 index 0000000000000000000000000000000000000000..f94b0ee72e0d4e9277e9b44b4268cfbdb8402104 Binary files /dev/null and b/docs/zh/docs/desktop/figures/41.png differ diff --git a/docs/zh/docs/desktop/figures/42.png b/docs/zh/docs/desktop/figures/42.png new file mode 100644 index 0000000000000000000000000000000000000000..3182e551c4e4b03885bad6339f1de514b3f55f8c Binary files /dev/null and b/docs/zh/docs/desktop/figures/42.png differ diff --git a/docs/zh/docs/desktop/figures/43.jpg b/docs/zh/docs/desktop/figures/43.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26e9244f58ea9800081fd61ae135477f05b21b40 Binary files /dev/null and b/docs/zh/docs/desktop/figures/43.jpg differ diff --git a/docs/zh/docs/desktop/figures/44.png b/docs/zh/docs/desktop/figures/44.png new file mode 100644 index 0000000000000000000000000000000000000000..c3abaecd6e053272d81e0ad9bd183c6858b4f3c5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/44.png differ diff --git a/docs/zh/docs/desktop/figures/45.png b/docs/zh/docs/desktop/figures/45.png new file mode 100755 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/zh/docs/desktop/figures/45.png differ diff --git a/docs/zh/docs/desktop/figures/46.png b/docs/zh/docs/desktop/figures/46.png new file mode 100755 index 0000000000000000000000000000000000000000..d8ec41c87628bf28c9905523f99ae93aebd13614 Binary files /dev/null and b/docs/zh/docs/desktop/figures/46.png differ diff --git a/docs/zh/docs/desktop/figures/47.jpg b/docs/zh/docs/desktop/figures/47.jpg new file mode 100755 index 0000000000000000000000000000000000000000..bf95f03c8ea0f84a878bc63af20972c9da71bc04 Binary files /dev/null and b/docs/zh/docs/desktop/figures/47.jpg differ diff --git a/docs/zh/docs/desktop/figures/48.png b/docs/zh/docs/desktop/figures/48.png new file mode 100644 index 0000000000000000000000000000000000000000..ef21fa1ce1e2e9848a8dca16e692de673df7c6d7 Binary files /dev/null and b/docs/zh/docs/desktop/figures/48.png differ diff --git a/docs/zh/docs/desktop/figures/49.png b/docs/zh/docs/desktop/figures/49.png new file mode 100644 index 0000000000000000000000000000000000000000..3b77668e5a4d1bdb3043c473dff9b36fa7144714 Binary files /dev/null and b/docs/zh/docs/desktop/figures/49.png differ diff --git a/docs/zh/docs/desktop/figures/5.png b/docs/zh/docs/desktop/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/zh/docs/desktop/figures/5.png differ diff --git a/docs/zh/docs/desktop/figures/50.png b/docs/zh/docs/desktop/figures/50.png new file mode 100644 index 0000000000000000000000000000000000000000..b86a55fe4363f56fc18befc9d27025a75ca427ad Binary files /dev/null and b/docs/zh/docs/desktop/figures/50.png differ diff --git a/docs/zh/docs/desktop/figures/51.png b/docs/zh/docs/desktop/figures/51.png new file mode 100755 index 0000000000000000000000000000000000000000..d427ac871dba9c32eb4ffe736d5352f8408da533 Binary files /dev/null and b/docs/zh/docs/desktop/figures/51.png differ diff --git a/docs/zh/docs/desktop/figures/52.png b/docs/zh/docs/desktop/figures/52.png new file mode 100644 index 0000000000000000000000000000000000000000..0ca0a2db05c70bc25f9bb59e82d074f671cfc74e Binary files /dev/null and b/docs/zh/docs/desktop/figures/52.png differ diff --git a/docs/zh/docs/desktop/figures/53.png b/docs/zh/docs/desktop/figures/53.png new file mode 100644 index 0000000000000000000000000000000000000000..76fbc34a1d5621b83c2d8c93222766acad33350d Binary files /dev/null and b/docs/zh/docs/desktop/figures/53.png differ diff --git a/docs/zh/docs/desktop/figures/54.png b/docs/zh/docs/desktop/figures/54.png new file mode 100644 index 0000000000000000000000000000000000000000..49ecae6f8941a118223f3765c23015df074c4983 Binary files /dev/null and b/docs/zh/docs/desktop/figures/54.png differ diff --git a/docs/zh/docs/desktop/figures/56.png b/docs/zh/docs/desktop/figures/56.png new file mode 100644 index 0000000000000000000000000000000000000000..36fee795bfe593b6246c8d6c2bddea9386b06f45 Binary files /dev/null and b/docs/zh/docs/desktop/figures/56.png differ diff --git a/docs/zh/docs/desktop/figures/57.png b/docs/zh/docs/desktop/figures/57.png new file mode 100644 index 0000000000000000000000000000000000000000..539d06b77b058a933cb154c43641d498050986e0 Binary files /dev/null and b/docs/zh/docs/desktop/figures/57.png differ diff --git a/docs/zh/docs/desktop/figures/58.png b/docs/zh/docs/desktop/figures/58.png new file mode 100755 index 0000000000000000000000000000000000000000..396ca16d873e54505bcdbd41d669366eea7f5dee Binary files /dev/null and b/docs/zh/docs/desktop/figures/58.png differ diff --git a/docs/zh/docs/desktop/figures/59.png b/docs/zh/docs/desktop/figures/59.png new file mode 100644 index 0000000000000000000000000000000000000000..9b1de98ac4fe686937ca844d3e9481548a79ce63 Binary files /dev/null and b/docs/zh/docs/desktop/figures/59.png differ diff --git a/docs/zh/docs/desktop/figures/6.png b/docs/zh/docs/desktop/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/zh/docs/desktop/figures/6.png differ diff --git a/docs/zh/docs/desktop/figures/60.jpg b/docs/zh/docs/desktop/figures/60.jpg new file mode 100755 index 0000000000000000000000000000000000000000..033c88aaadd04f7d4058ec2eb5b2c70498319bf7 Binary files /dev/null and b/docs/zh/docs/desktop/figures/60.jpg differ diff --git a/docs/zh/docs/desktop/figures/61.png b/docs/zh/docs/desktop/figures/61.png new file mode 100644 index 0000000000000000000000000000000000000000..8df17062963a3baf92318a12ec34b1378122687b Binary files /dev/null and b/docs/zh/docs/desktop/figures/61.png differ diff --git a/docs/zh/docs/desktop/figures/62.png b/docs/zh/docs/desktop/figures/62.png new file mode 100644 index 0000000000000000000000000000000000000000..ec312d6c0c22018c1745dd866da71ce9be47fbda Binary files /dev/null and b/docs/zh/docs/desktop/figures/62.png differ diff --git a/docs/zh/docs/desktop/figures/63.jpg b/docs/zh/docs/desktop/figures/63.jpg new file mode 100755 index 0000000000000000000000000000000000000000..504f7cf59768f6fd1cd73a115d01fbc4e15a02e1 Binary files /dev/null and b/docs/zh/docs/desktop/figures/63.jpg differ diff --git a/docs/zh/docs/desktop/figures/63.png b/docs/zh/docs/desktop/figures/63.png new file mode 100755 index 0000000000000000000000000000000000000000..86b051acde857c88479714414f721a7f59cca483 Binary files /dev/null and b/docs/zh/docs/desktop/figures/63.png differ diff --git a/docs/zh/docs/desktop/figures/64.png b/docs/zh/docs/desktop/figures/64.png new file mode 100755 index 0000000000000000000000000000000000000000..cbbd2ede047e735c3766e08b04595f08cd72f5b2 Binary files /dev/null and b/docs/zh/docs/desktop/figures/64.png differ diff --git a/docs/zh/docs/desktop/figures/7.png b/docs/zh/docs/desktop/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/zh/docs/desktop/figures/7.png differ diff --git a/docs/zh/docs/desktop/figures/8.png b/docs/zh/docs/desktop/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/zh/docs/desktop/figures/8.png differ diff --git a/docs/zh/docs/desktop/figures/9.png b/docs/zh/docs/desktop/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/9.png differ diff --git a/docs/zh/docs/desktop/figures/icon1.png b/docs/zh/docs/desktop/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon1.png differ diff --git a/docs/zh/docs/desktop/figures/icon10-o.png b/docs/zh/docs/desktop/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon10-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon101-o.svg b/docs/zh/docs/desktop/figures/icon101-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..af1c5d3dc0277a6ea59e71efb6ca97bdfc782e8e --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon101-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/docs/desktop/figures/icon103-o.svg b/docs/zh/docs/desktop/figures/icon103-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..c06c885725c569ab8db1fe7d595a7c65f18c5142 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon103-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon105-o.svg b/docs/zh/docs/desktop/figures/icon105-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..36c49949fa569330b761c2d65518f36c10435508 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon105-o.svg @@ -0,0 +1,111 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon107-o.svg b/docs/zh/docs/desktop/figures/icon107-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..fb5a3ea756f6ccb7b3e5c31122a433347a908c96 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon107-o.svg @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon11-o.png b/docs/zh/docs/desktop/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon11-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon110-o.svg b/docs/zh/docs/desktop/figures/icon110-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..7958e3f192061592e002e1e8a1bad06ffa86742c --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon110-o.svg @@ -0,0 +1,12 @@ + + + + reboot_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon111-o.svg b/docs/zh/docs/desktop/figures/icon111-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..097d16a08d305a8b3f3b2268ab1ea8342e799377 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon111-o.svg @@ -0,0 +1,13 @@ + + + + Right + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon112-o.svg b/docs/zh/docs/desktop/figures/icon112-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e51628c2b8b10495f3410d219814286696ea2fd5 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon112-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon116-o.svg b/docs/zh/docs/desktop/figures/icon116-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..4d79cd6dbbbfd3969f4e0ad0ad88e27398853505 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon116-o.svg @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon12-o.png b/docs/zh/docs/desktop/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon12-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon120-o.svg b/docs/zh/docs/desktop/figures/icon120-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e895c347d16a200aea46b00428b0b9f1a3c94246 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon120-o.svg @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon122-o.svg b/docs/zh/docs/desktop/figures/icon122-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..7fb014b5fd6097ca37a84d0b6a27dc982d675c8a --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon122-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/docs/desktop/figures/icon124-o.svg b/docs/zh/docs/desktop/figures/icon124-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..960c0ec096c925213f8953398f0e8e5db3cdaed3 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon124-o.svg @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon125-o.svg b/docs/zh/docs/desktop/figures/icon125-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..011c05f4b8f296867cd408a339230323fcbb28dd --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon125-o.svg @@ -0,0 +1,9 @@ + + + tips + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon126-o.svg b/docs/zh/docs/desktop/figures/icon126-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e0a43b6b8beb434090ac0dd3a8fd68c023f11fce --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon126-o.svg @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon127-o.svg b/docs/zh/docs/desktop/figures/icon127-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..bed95d35334a8d0151211054236c0bacddcc0dd3 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon127-o.svg @@ -0,0 +1,13 @@ + + + + Up + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon128-o.svg b/docs/zh/docs/desktop/figures/icon128-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..aa727f3f5d5883b3fb83a79c4b98e8b5bfe4ade6 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon128-o.svg @@ -0,0 +1,12 @@ + + + + userswitch_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon13-o.png b/docs/zh/docs/desktop/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon13-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon132-o.svg b/docs/zh/docs/desktop/figures/icon132-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..588ba9d98864ba67a562fa9179f29405f7687aa0 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon132-o.svg @@ -0,0 +1,15 @@ + + + + - + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon133-o.svg b/docs/zh/docs/desktop/figures/icon133-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..886d90a83e33497d134bdb3dcc864a5c2df53f20 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon133-o.svg @@ -0,0 +1,13 @@ + + + + + + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon134-o.svg b/docs/zh/docs/desktop/figures/icon134-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..784cf383eb0e8f5c7a57a602047be50ad0a3bc05 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon134-o.svg @@ -0,0 +1,15 @@ + + + + = + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon135-o.svg b/docs/zh/docs/desktop/figures/icon135-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..cea628a8f5eb92d10661b690242b6de41ca64816 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon135-o.svg @@ -0,0 +1,15 @@ + + + + ~ + Created with Sketch. + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon136-o.svg b/docs/zh/docs/desktop/figures/icon136-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..24aa139ab2fefaee20935551f1af5aef473719ed --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon136-o.svg @@ -0,0 +1,12 @@ + + + + poweroff_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon14-o.png b/docs/zh/docs/desktop/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon14-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon15-o.png b/docs/zh/docs/desktop/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon15-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon16.png b/docs/zh/docs/desktop/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon16.png differ diff --git a/docs/zh/docs/desktop/figures/icon17.png b/docs/zh/docs/desktop/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon17.png differ diff --git a/docs/zh/docs/desktop/figures/icon18.png b/docs/zh/docs/desktop/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon18.png differ diff --git a/docs/zh/docs/desktop/figures/icon19-o.png b/docs/zh/docs/desktop/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon19-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon2.png b/docs/zh/docs/desktop/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon2.png differ diff --git a/docs/zh/docs/desktop/figures/icon20.png b/docs/zh/docs/desktop/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon20.png differ diff --git a/docs/zh/docs/desktop/figures/icon21.png b/docs/zh/docs/desktop/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon21.png differ diff --git a/docs/zh/docs/desktop/figures/icon22.png b/docs/zh/docs/desktop/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon22.png differ diff --git a/docs/zh/docs/desktop/figures/icon23.png b/docs/zh/docs/desktop/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon23.png differ diff --git a/docs/zh/docs/desktop/figures/icon24.png b/docs/zh/docs/desktop/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon24.png differ diff --git a/docs/zh/docs/desktop/figures/icon25.png b/docs/zh/docs/desktop/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon25.png differ diff --git a/docs/zh/docs/desktop/figures/icon26-o.png b/docs/zh/docs/desktop/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon26-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon27-o.png b/docs/zh/docs/desktop/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon27-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon28-o.png b/docs/zh/docs/desktop/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon28-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon29-o.png b/docs/zh/docs/desktop/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon29-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon3.png b/docs/zh/docs/desktop/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon3.png differ diff --git a/docs/zh/docs/desktop/figures/icon30-o.png b/docs/zh/docs/desktop/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon30-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon31-o.png b/docs/zh/docs/desktop/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon31-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon32.png b/docs/zh/docs/desktop/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon32.png differ diff --git a/docs/zh/docs/desktop/figures/icon33.png b/docs/zh/docs/desktop/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon33.png differ diff --git a/docs/zh/docs/desktop/figures/icon34.png b/docs/zh/docs/desktop/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon34.png differ diff --git a/docs/zh/docs/desktop/figures/icon35.png b/docs/zh/docs/desktop/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon35.png differ diff --git a/docs/zh/docs/desktop/figures/icon36.png b/docs/zh/docs/desktop/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon36.png differ diff --git a/docs/zh/docs/desktop/figures/icon37.png b/docs/zh/docs/desktop/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon37.png differ diff --git a/docs/zh/docs/desktop/figures/icon38.png b/docs/zh/docs/desktop/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon38.png differ diff --git a/docs/zh/docs/desktop/figures/icon39.png b/docs/zh/docs/desktop/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon39.png differ diff --git a/docs/zh/docs/desktop/figures/icon4.png b/docs/zh/docs/desktop/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon4.png differ diff --git a/docs/zh/docs/desktop/figures/icon40.png b/docs/zh/docs/desktop/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon40.png differ diff --git a/docs/zh/docs/desktop/figures/icon41.png b/docs/zh/docs/desktop/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon41.png differ diff --git a/docs/zh/docs/desktop/figures/icon42-o.png b/docs/zh/docs/desktop/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon42-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon42.png b/docs/zh/docs/desktop/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon42.png differ diff --git a/docs/zh/docs/desktop/figures/icon43-o.png b/docs/zh/docs/desktop/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon43-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon44-o.png b/docs/zh/docs/desktop/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon44-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon45-o.png b/docs/zh/docs/desktop/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon45-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon46-o.png b/docs/zh/docs/desktop/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon46-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon47-o.png b/docs/zh/docs/desktop/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon47-o.png differ diff --git a/docs/zh/docs/desktop/figures/icon49-o.svg b/docs/zh/docs/desktop/figures/icon49-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..72ffb173fdb95e1aff5b0001b08ed6b71122b7f2 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon49-o.svg @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon5.png b/docs/zh/docs/desktop/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon5.png differ diff --git a/docs/zh/docs/desktop/figures/icon50-o.svg b/docs/zh/docs/desktop/figures/icon50-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..05026802be4718205065d6369e14cc0b6ef05bc7 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon50-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon52-o.svg b/docs/zh/docs/desktop/figures/icon52-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..23149c05873259cd39721b8ee9c3ab7db86d64c5 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon52-o.svg @@ -0,0 +1,9 @@ + + + attention + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon53-o.svg b/docs/zh/docs/desktop/figures/icon53-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..50e33489ce984b0acfd621da4a8ef837fdf048c1 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon53-o.svg @@ -0,0 +1,11 @@ + + + + previous + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon54-o.svg b/docs/zh/docs/desktop/figures/icon54-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..3b599aef4b822c707d2f646405bb00837aed96fd --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon54-o.svg @@ -0,0 +1,18 @@ + + + + Backspace + Created with Sketch. + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon56-o.svg b/docs/zh/docs/desktop/figures/icon56-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..9f13b6861e3858deec8d57a5301c934acc247069 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon56-o.svg @@ -0,0 +1,19 @@ + + + + Slice 1 + Created with Sketch. + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon57-o.svg b/docs/zh/docs/desktop/figures/icon57-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e6fbfa1381b76ab3fcd45652b33267a7f6c69bb7 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon57-o.svg @@ -0,0 +1,11 @@ + + + + titlebutton/close_normal + Created with Sketch. + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon58-o.svg b/docs/zh/docs/desktop/figures/icon58-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..9746dcacfc8e5d4c4b63233801e37418a190fc8f --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon58-o.svg @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon6.png b/docs/zh/docs/desktop/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon6.png differ diff --git a/docs/zh/docs/desktop/figures/icon62-o.svg b/docs/zh/docs/desktop/figures/icon62-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..09f61b446669df2e05a3351d40d8c30879c7b035 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon62-o.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon63-o.svg b/docs/zh/docs/desktop/figures/icon63-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..06c03ed99260ffadc681475dad35610aedf67f83 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon63-o.svg @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon66-o.svg b/docs/zh/docs/desktop/figures/icon66-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..5793b3846b7fe6a5758379591215b16c7f9e1b52 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon66-o.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon68-o.svg b/docs/zh/docs/desktop/figures/icon68-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..a7748052dfa436116d8742dca28f7d90865231ed --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon68-o.svg @@ -0,0 +1,23 @@ + + + + deepin-system-monitor + Created with Sketch. + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon69-o.svg b/docs/zh/docs/desktop/figures/icon69-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e21dfd00a32a44ee1c8e3882b4ca8239be04690f --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon69-o.svg @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon7.png b/docs/zh/docs/desktop/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon7.png differ diff --git a/docs/zh/docs/desktop/figures/icon70-o.svg b/docs/zh/docs/desktop/figures/icon70-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..b5787a7ffa5ed9519a48c6937c60927fd11fd455 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon70-o.svg @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon71-o.svg b/docs/zh/docs/desktop/figures/icon71-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..669a21f143b06cb45ea3f45f7f071809f2cbc8a8 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon71-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon72-o.svg b/docs/zh/docs/desktop/figures/icon72-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..79067ed9b9ff7912e1742183b461fa056601b9cc --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon72-o.svg @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon73-o.svg b/docs/zh/docs/desktop/figures/icon73-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..cf6292387f5e790db6ebd66184aabcbb39257ee7 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon73-o.svg @@ -0,0 +1,13 @@ + + + + Down + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon75-o.svg b/docs/zh/docs/desktop/figures/icon75-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..ef6823ccc19858f57374f0b78ad31514e8311be3 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon75-o.svg @@ -0,0 +1,3 @@ + + + diff --git a/docs/zh/docs/desktop/figures/icon8.png b/docs/zh/docs/desktop/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon8.png differ diff --git a/docs/zh/docs/desktop/figures/icon83-o.svg b/docs/zh/docs/desktop/figures/icon83-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..35dd6eacc54a933dc9ebc3f3010edfa7363fecc0 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon83-o.svg @@ -0,0 +1,84 @@ + + + + + + image/svg+xml + + img_upload + + + + + + img_upload + Created with Sketch. + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon84-o.svg b/docs/zh/docs/desktop/figures/icon84-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..9bd11b9e7b45b506dd7e1c87d09d545d8f48af06 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon84-o.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon86-o.svg b/docs/zh/docs/desktop/figures/icon86-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..5da20233309c43d4fc7b315f441cde476c835c67 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon86-o.svg @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon88-o.svg b/docs/zh/docs/desktop/figures/icon88-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..c2570c26575fd14cb5e9d9fe77831d2e8f6c9333 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon88-o.svg @@ -0,0 +1,13 @@ + + + + Left + Created with Sketch. + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon9.png b/docs/zh/docs/desktop/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/zh/docs/desktop/figures/icon9.png differ diff --git a/docs/zh/docs/desktop/figures/icon90-o.svg b/docs/zh/docs/desktop/figures/icon90-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..79b5e0a141f7969a8f77ae61f4c240de7187afe9 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon90-o.svg @@ -0,0 +1,12 @@ + + + + lock_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon92-o.svg b/docs/zh/docs/desktop/figures/icon92-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..21341b64a832e1935252aa82e7a4e0b083c16eae --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon92-o.svg @@ -0,0 +1,12 @@ + + + + logout_normal + Created with Sketch. + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/icon94-o.svg b/docs/zh/docs/desktop/figures/icon94-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..a47044149a02101dbd24a3fdb2f3ead77efca6c1 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon94-o.svg @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon97-o.svg b/docs/zh/docs/desktop/figures/icon97-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..4f4670de29d8c86885b5aa806b2c8cdc6fc16dcb --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon97-o.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/zh/docs/desktop/figures/icon99-o.svg b/docs/zh/docs/desktop/figures/icon99-o.svg new file mode 100755 index 0000000000000000000000000000000000000000..e9a3aa60a51404c9390bfbea8d8ff09edc0e2e32 --- /dev/null +++ b/docs/zh/docs/desktop/figures/icon99-o.svg @@ -0,0 +1,11 @@ + + + notes + + + + + + + + \ No newline at end of file diff --git a/docs/zh/docs/desktop/figures/kiran-1.png b/docs/zh/docs/desktop/figures/kiran-1.png new file mode 100644 index 0000000000000000000000000000000000000000..6f17788dce804c004027adfe45628eebffaa48cf Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-1.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-10.png b/docs/zh/docs/desktop/figures/kiran-10.png new file mode 100644 index 0000000000000000000000000000000000000000..18cfa3074af1f4b8d49d064a77b016f24ab8c17c Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-10.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-11.png b/docs/zh/docs/desktop/figures/kiran-11.png new file mode 100644 index 0000000000000000000000000000000000000000..b58fbb7ce8a798d5355855a4ac0638540df74d9e Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-11.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-12.png b/docs/zh/docs/desktop/figures/kiran-12.png new file mode 100644 index 0000000000000000000000000000000000000000..920d0c7112be6bed509773413de36506d748b822 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-12.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-13.png b/docs/zh/docs/desktop/figures/kiran-13.png new file mode 100644 index 0000000000000000000000000000000000000000..473ac4151c65951050800cb73313fee07077a9d6 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-13.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-14.png b/docs/zh/docs/desktop/figures/kiran-14.png new file mode 100644 index 0000000000000000000000000000000000000000..9ba17ddca84d25f112e564b542a971d6e7d4c10a Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-14.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-15.png b/docs/zh/docs/desktop/figures/kiran-15.png new file mode 100644 index 0000000000000000000000000000000000000000..b561a2fccb7f159106065baaf88ff9fa32bba1d8 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-15.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-16.png b/docs/zh/docs/desktop/figures/kiran-16.png new file mode 100644 index 0000000000000000000000000000000000000000..a4d71e812144e74cb854e25f215197368b60017f Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-16.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-17.png b/docs/zh/docs/desktop/figures/kiran-17.png new file mode 100644 index 0000000000000000000000000000000000000000..5f52f0d0885fbcd62af5127df6f464bcd334e2b3 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-17.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-18.png b/docs/zh/docs/desktop/figures/kiran-18.png new file mode 100644 index 0000000000000000000000000000000000000000..bbd1a5dbd99c509d936e51e1bcc5970c2311da9d Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-18.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-19.png b/docs/zh/docs/desktop/figures/kiran-19.png new file mode 100644 index 0000000000000000000000000000000000000000..a9ad75326f5d5463a45b532ae05b110155426083 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-19.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-2.png b/docs/zh/docs/desktop/figures/kiran-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b62c95a0b7d2bcfbc0bbac084ed7df74e5412da5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-2.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-20.png b/docs/zh/docs/desktop/figures/kiran-20.png new file mode 100644 index 0000000000000000000000000000000000000000..a43f8e2dc5ff4b5445386fd0c703bdf6b1e186ec Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-20.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-21.png b/docs/zh/docs/desktop/figures/kiran-21.png new file mode 100644 index 0000000000000000000000000000000000000000..19c758d585016351a1f26fdac48221bdf0710a53 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-21.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-22.png b/docs/zh/docs/desktop/figures/kiran-22.png new file mode 100644 index 0000000000000000000000000000000000000000..703327a3f511c20cd977ae4cd68552ecb3dd6971 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-22.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-23.png b/docs/zh/docs/desktop/figures/kiran-23.png new file mode 100644 index 0000000000000000000000000000000000000000..ddbbd80be5b926ab3446cbb10c22d892487956f8 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-23.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-24.png b/docs/zh/docs/desktop/figures/kiran-24.png new file mode 100644 index 0000000000000000000000000000000000000000..54e864dcfd194db4b1672c05d3e60eb6acc605d9 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-24.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-25.png b/docs/zh/docs/desktop/figures/kiran-25.png new file mode 100644 index 0000000000000000000000000000000000000000..f64461cc2610fb82db1eb27a5562c2ab0737dcf4 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-25.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-26.png b/docs/zh/docs/desktop/figures/kiran-26.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-26.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-27.png b/docs/zh/docs/desktop/figures/kiran-27.png new file mode 100644 index 0000000000000000000000000000000000000000..2bcd5335c14d3e241b732b2ee6c2adf3effbe652 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-27.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-28.png b/docs/zh/docs/desktop/figures/kiran-28.png new file mode 100644 index 0000000000000000000000000000000000000000..1650e93b66f11849ed69a9dacd5c9c5f135fc053 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-28.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-29.png b/docs/zh/docs/desktop/figures/kiran-29.png new file mode 100644 index 0000000000000000000000000000000000000000..5d0b225b54dc5da9053aeb6f4b805e59d8685f7f Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-29.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-3.png b/docs/zh/docs/desktop/figures/kiran-3.png new file mode 100644 index 0000000000000000000000000000000000000000..774ba1ea233c20bf3c7ae661e126e5251aef8662 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-3.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-30.png b/docs/zh/docs/desktop/figures/kiran-30.png new file mode 100644 index 0000000000000000000000000000000000000000..ae7f591fdd3da24fdf30b95785cd07c9959ecb2b Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-30.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-31.png b/docs/zh/docs/desktop/figures/kiran-31.png new file mode 100644 index 0000000000000000000000000000000000000000..fc4127dcd736d084ecabe84b40f165f0b07695b2 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-31.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-32.png b/docs/zh/docs/desktop/figures/kiran-32.png new file mode 100644 index 0000000000000000000000000000000000000000..b02d7b1fbdfa58d63618e99085fd5a0ed517ce4d Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-32.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-33.png b/docs/zh/docs/desktop/figures/kiran-33.png new file mode 100644 index 0000000000000000000000000000000000000000..502f5d272b6200b440b1ce916924e44c987f9922 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-33.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-34.png b/docs/zh/docs/desktop/figures/kiran-34.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ad35752dba85a00024170f88702c3398e0872c Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-34.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-35.png b/docs/zh/docs/desktop/figures/kiran-35.png new file mode 100644 index 0000000000000000000000000000000000000000..6c566afea5f485d79ff7de2ccd3d27a24835f14c Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-35.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-36.png b/docs/zh/docs/desktop/figures/kiran-36.png new file mode 100644 index 0000000000000000000000000000000000000000..842470a94fb6864cdd45f2c9971ec73e7866ea88 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-36.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-37.png b/docs/zh/docs/desktop/figures/kiran-37.png new file mode 100644 index 0000000000000000000000000000000000000000..b827be98850a3626f92ed1cd7b6b76f95d761261 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-37.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-38.png b/docs/zh/docs/desktop/figures/kiran-38.png new file mode 100644 index 0000000000000000000000000000000000000000..f0972490115d0965e8e9006abd2e5e96ac2fc37c Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-38.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-39.png b/docs/zh/docs/desktop/figures/kiran-39.png new file mode 100644 index 0000000000000000000000000000000000000000..f833c66c77737fb7cfbe5b4c4af48b0ba7747cea Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-39.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-4.png b/docs/zh/docs/desktop/figures/kiran-4.png new file mode 100644 index 0000000000000000000000000000000000000000..7a6cf9c1f25266c31ddcb76f093bec664d64bac7 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-4.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-40.png b/docs/zh/docs/desktop/figures/kiran-40.png new file mode 100644 index 0000000000000000000000000000000000000000..da430f32720ef8a032e2c16fe9caabd815f8b62f Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-40.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-41.png b/docs/zh/docs/desktop/figures/kiran-41.png new file mode 100644 index 0000000000000000000000000000000000000000..424f50da38c18c12a235ebb56edd6d02ec1638f0 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-41.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-42.png b/docs/zh/docs/desktop/figures/kiran-42.png new file mode 100644 index 0000000000000000000000000000000000000000..a506b0c4e7fd23c393c34e01b26086dae1ea9c62 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-42.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-43.png b/docs/zh/docs/desktop/figures/kiran-43.png new file mode 100644 index 0000000000000000000000000000000000000000..90ca8be50f4343adcc0cc05b1ae7d0f32efcedc2 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-43.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-44.png b/docs/zh/docs/desktop/figures/kiran-44.png new file mode 100644 index 0000000000000000000000000000000000000000..bc38c38001a8428cf18a05e6cd4a8f46b1d633a2 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-44.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-45.png b/docs/zh/docs/desktop/figures/kiran-45.png new file mode 100644 index 0000000000000000000000000000000000000000..fadb655f342f99c669425480ad48733f1dccb2c9 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-45.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-46.png b/docs/zh/docs/desktop/figures/kiran-46.png new file mode 100644 index 0000000000000000000000000000000000000000..096688c85e47acded83be03a7ff69f9d829d956b Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-46.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-47.png b/docs/zh/docs/desktop/figures/kiran-47.png new file mode 100644 index 0000000000000000000000000000000000000000..3faa55c80eead6bfc9e96f59babcd2100392c2e5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-47.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-48.png b/docs/zh/docs/desktop/figures/kiran-48.png new file mode 100644 index 0000000000000000000000000000000000000000..1e44996d99006ffe793ae29b55035976942ac504 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-48.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-49.png b/docs/zh/docs/desktop/figures/kiran-49.png new file mode 100644 index 0000000000000000000000000000000000000000..000cc37cb59fecc9ea497726f87231df187baf34 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-49.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-5.png b/docs/zh/docs/desktop/figures/kiran-5.png new file mode 100644 index 0000000000000000000000000000000000000000..a27574bb4793e401750fff28e4568403dc489507 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-5.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-50.png b/docs/zh/docs/desktop/figures/kiran-50.png new file mode 100644 index 0000000000000000000000000000000000000000..900efd80a6db6ab00fee3fa519e963f8f0620ba7 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-50.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-6.png b/docs/zh/docs/desktop/figures/kiran-6.png new file mode 100644 index 0000000000000000000000000000000000000000..42c4f0357dfa11b53ca27a4d0d255b67a0f9c5ae Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-6.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-7.png b/docs/zh/docs/desktop/figures/kiran-7.png new file mode 100644 index 0000000000000000000000000000000000000000..254ef11f36d958f6ef7c70853e5f61032f825463 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-7.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-8.png b/docs/zh/docs/desktop/figures/kiran-8.png new file mode 100644 index 0000000000000000000000000000000000000000..29b5845d2fa94cba92719b8649a5e86c926ea911 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-8.png differ diff --git a/docs/zh/docs/desktop/figures/kiran-9.png b/docs/zh/docs/desktop/figures/kiran-9.png new file mode 100644 index 0000000000000000000000000000000000000000..46bcfdd0e1e88ad0f0ade4a3990c3ac5d66060e7 Binary files /dev/null and b/docs/zh/docs/desktop/figures/kiran-9.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-1.png b/docs/zh/docs/desktop/figures/xfce-1.png new file mode 100644 index 0000000000000000000000000000000000000000..9fe068d7b158bcaa0dbbf9e5b542b74fccc921f7 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-1.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-2.png b/docs/zh/docs/desktop/figures/xfce-2.png new file mode 100644 index 0000000000000000000000000000000000000000..9228ba39c19b583210832f5062d9f3d3826584d1 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-2.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-3.png b/docs/zh/docs/desktop/figures/xfce-3.png new file mode 100644 index 0000000000000000000000000000000000000000..a14a320fbb7f38ce4eaacaa5113ece87ddc87085 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-3.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-4.png b/docs/zh/docs/desktop/figures/xfce-4.png new file mode 100644 index 0000000000000000000000000000000000000000..14196902de432dc86002a89a4481bf183540efb5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-4.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-5.png b/docs/zh/docs/desktop/figures/xfce-5.png new file mode 100644 index 0000000000000000000000000000000000000000..2019975fa4ffa0c13e77dae8439fe4afcf915cf7 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-5.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-6.png b/docs/zh/docs/desktop/figures/xfce-6.png new file mode 100644 index 0000000000000000000000000000000000000000..ea0ec07b4dca2b22dacb5ba4c06350e821cf6723 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-6.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-7.png b/docs/zh/docs/desktop/figures/xfce-7.png new file mode 100644 index 0000000000000000000000000000000000000000..d43d55fc1887cdf3b5e9644a0cf6a33730de4506 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-7.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-71.png b/docs/zh/docs/desktop/figures/xfce-71.png new file mode 100644 index 0000000000000000000000000000000000000000..79e35dd1096bd6fcba416a07a8a6689ac4ff5df4 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-71.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-8.png b/docs/zh/docs/desktop/figures/xfce-8.png new file mode 100644 index 0000000000000000000000000000000000000000..1550743ad0cad39cd27897d69024927cabab5d19 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-8.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-81.png b/docs/zh/docs/desktop/figures/xfce-81.png new file mode 100644 index 0000000000000000000000000000000000000000..3534bc5c4d7a173d230219412353772b717ccceb Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-81.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-811.png b/docs/zh/docs/desktop/figures/xfce-811.png new file mode 100644 index 0000000000000000000000000000000000000000..5f3f5d7e43296006f15c5e403989d3bfeae29cca Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-811.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-812.png b/docs/zh/docs/desktop/figures/xfce-812.png new file mode 100644 index 0000000000000000000000000000000000000000..d46ac75fd91ef4dda88b60ce514b41dc41ab7ed3 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-812.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-813.png b/docs/zh/docs/desktop/figures/xfce-813.png new file mode 100644 index 0000000000000000000000000000000000000000..20fb89f9d3b64f1e91e1ed90f5f96d8e21cc6d5d Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-813.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-814.png b/docs/zh/docs/desktop/figures/xfce-814.png new file mode 100644 index 0000000000000000000000000000000000000000..5dd242f737115b352898c7cf6564e15503ba1506 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-814.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-82.png b/docs/zh/docs/desktop/figures/xfce-82.png new file mode 100644 index 0000000000000000000000000000000000000000..f2e5a4c1b0223f051d7de988e740493f9ace8872 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-82.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-821.png b/docs/zh/docs/desktop/figures/xfce-821.png new file mode 100644 index 0000000000000000000000000000000000000000..c5c1f3567dccda3d0d49ae445612d5b9ba27e09a Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-821.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-83.png b/docs/zh/docs/desktop/figures/xfce-83.png new file mode 100644 index 0000000000000000000000000000000000000000..32ce47754669aa66080f523f052ee6f87cb651a5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-83.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-831.png b/docs/zh/docs/desktop/figures/xfce-831.png new file mode 100644 index 0000000000000000000000000000000000000000..2c8b68eba3d60416b52b26612b149221142c0d9a Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-831.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-832.png b/docs/zh/docs/desktop/figures/xfce-832.png new file mode 100644 index 0000000000000000000000000000000000000000..2932aaacf71fa53f1d0c10340df3aebcc016e991 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-832.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-84.png b/docs/zh/docs/desktop/figures/xfce-84.png new file mode 100644 index 0000000000000000000000000000000000000000..e0435c2edf9f68d193cff036215f32c259d378f0 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-84.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-841.png b/docs/zh/docs/desktop/figures/xfce-841.png new file mode 100644 index 0000000000000000000000000000000000000000..c2c06346d4a296bfbe7836139cd943baa1ce6ea5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-841.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-842.png b/docs/zh/docs/desktop/figures/xfce-842.png new file mode 100644 index 0000000000000000000000000000000000000000..101bf6923e3780617d33dde04b92232ca7f87b42 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-842.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-85.png b/docs/zh/docs/desktop/figures/xfce-85.png new file mode 100644 index 0000000000000000000000000000000000000000..21b39638fe4c83e0da5cdc69ecad9b7a22718a55 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-85.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-851.png b/docs/zh/docs/desktop/figures/xfce-851.png new file mode 100644 index 0000000000000000000000000000000000000000..481d6925b4a3c0da5a008b2b595313997fb7a3cc Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-851.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-86.png b/docs/zh/docs/desktop/figures/xfce-86.png new file mode 100644 index 0000000000000000000000000000000000000000..35e8a99e31e4a49eb64b24cfbab825111e40f709 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-86.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-861.png b/docs/zh/docs/desktop/figures/xfce-861.png new file mode 100644 index 0000000000000000000000000000000000000000..b57b1727b178be264122abd792df558efb1a633d Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-861.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-87.png b/docs/zh/docs/desktop/figures/xfce-87.png new file mode 100644 index 0000000000000000000000000000000000000000..49c8464ad8592e892bcc45cabed5cd95d2f14802 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-87.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-9.png b/docs/zh/docs/desktop/figures/xfce-9.png new file mode 100644 index 0000000000000000000000000000000000000000..f6402b34a929e520c27318fe16eb509d31c17131 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-9.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-91.png b/docs/zh/docs/desktop/figures/xfce-91.png new file mode 100644 index 0000000000000000000000000000000000000000..0cdc4824cb3cc1035f5d04863bb5f3eb4d83292b Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-91.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-911.png b/docs/zh/docs/desktop/figures/xfce-911.png new file mode 100644 index 0000000000000000000000000000000000000000..4d6c564e9a74d187d50ebd3f3c05dcb5d1bd5fa0 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-911.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-92.png b/docs/zh/docs/desktop/figures/xfce-92.png new file mode 100644 index 0000000000000000000000000000000000000000..a79f2473d27759c79ecdddcdee380b357babcac1 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-92.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-921.png b/docs/zh/docs/desktop/figures/xfce-921.png new file mode 100644 index 0000000000000000000000000000000000000000..57ed5964cadcc4f5fdfb0810c7a063ea8c5da3ae Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-921.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-93.png b/docs/zh/docs/desktop/figures/xfce-93.png new file mode 100644 index 0000000000000000000000000000000000000000..62d98b23d682341e2b0ee835561c6f52b7fd70b9 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-93.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-931.png b/docs/zh/docs/desktop/figures/xfce-931.png new file mode 100644 index 0000000000000000000000000000000000000000..c7bf69e5f12ea3d6b386c2521b25eea4d67ddccd Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-931.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-94.png b/docs/zh/docs/desktop/figures/xfce-94.png new file mode 100644 index 0000000000000000000000000000000000000000..09118f9047af97152aae746274d6df4f539b5564 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-94.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-941.png b/docs/zh/docs/desktop/figures/xfce-941.png new file mode 100644 index 0000000000000000000000000000000000000000..40929ec09596763782d7ad20f4d6212310b67186 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-941.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-95.png b/docs/zh/docs/desktop/figures/xfce-95.png new file mode 100644 index 0000000000000000000000000000000000000000..bf970f67c835941961ffcc77632079564c2a9ef5 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-95.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-951.png b/docs/zh/docs/desktop/figures/xfce-951.png new file mode 100644 index 0000000000000000000000000000000000000000..835e819b530e821d733005191e57a4038a542ff8 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-951.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-96.png b/docs/zh/docs/desktop/figures/xfce-96.png new file mode 100644 index 0000000000000000000000000000000000000000..0115dd146cb01ecc61a78c1db55be121ff1e0820 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-96.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-961.png b/docs/zh/docs/desktop/figures/xfce-961.png new file mode 100644 index 0000000000000000000000000000000000000000..ce5b5f45527290c8c17e4b8795207f2e57e18a36 Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-961.png differ diff --git a/docs/zh/docs/desktop/figures/xfce-962.png b/docs/zh/docs/desktop/figures/xfce-962.png new file mode 100644 index 0000000000000000000000000000000000000000..57ed5964cadcc4f5fdfb0810c7a063ea8c5da3ae Binary files /dev/null and b/docs/zh/docs/desktop/figures/xfce-962.png differ diff --git a/docs/zh/docs/desktop/kiran.md b/docs/zh/docs/desktop/kiran.md new file mode 100644 index 0000000000000000000000000000000000000000..5fd990d772c067e3523bbf76f74ab4ef5d5b7f3e --- /dev/null +++ b/docs/zh/docs/desktop/kiran.md @@ -0,0 +1,3 @@ +# Kiran 用户指南 + +本节主要描述Kiran桌面环境的安装和使用。 \ No newline at end of file diff --git "a/docs/zh/docs/desktop/kiran\345\256\211\350\243\205\346\211\213\345\206\214.md" "b/docs/zh/docs/desktop/kiran\345\256\211\350\243\205\346\211\213\345\206\214.md" new file mode 100644 index 0000000000000000000000000000000000000000..8985faf791d3a7f3406932f0c8cd0a7e24176782 --- /dev/null +++ "b/docs/zh/docs/desktop/kiran\345\256\211\350\243\205\346\211\213\345\206\214.md" @@ -0,0 +1,23 @@ +# 在 openEuler 上安装 Kiran + +## 简介 +kiran桌面是湖南麒麟信安团队以用户和市场需求为导向,研发的一个安全、稳定、高效、易用的桌面环境。kiran可以支持x86和aarch64架构。 + +## 安装方法 +安装时建议使用root用户或者新建一个管理员用户。 + +1.下载 openEuler 20.03 LTS SP4 镜像并安装系统。 + +2.更新软件源: +``` +sudo dnf update +``` +3.安装kiran-desktop: +``` +sudo dnf -y install kiran-desktop +``` +4.设置以图形界面的方式启动,并重启(`reboot`)。 +``` +systemctl set-default graphical.target +``` +重启系统即可通过kiran桌面登录,您可以尽情使用kiran桌面了。 diff --git a/docs/zh/docs/desktop/ukui.md b/docs/zh/docs/desktop/ukui.md new file mode 100644 index 0000000000000000000000000000000000000000..d017c9b37f36171667f87a486a578ff12bedfb2c --- /dev/null +++ b/docs/zh/docs/desktop/ukui.md @@ -0,0 +1,3 @@ +# UKUI 用户指南 + +本节主要描述 UKUI 桌面环境的安装和使用。 \ No newline at end of file diff --git a/docs/zh/docs/desktop/xfce.md b/docs/zh/docs/desktop/xfce.md new file mode 100644 index 0000000000000000000000000000000000000000..d3c1a81bb98443de34e756960d7a925dfe142964 --- /dev/null +++ b/docs/zh/docs/desktop/xfce.md @@ -0,0 +1,3 @@ +# XFCE 用户指南 + +本节主要描述XFCE桌面环境的安装和使用。 diff --git "a/docs/zh/docs/desktop/\345\256\211\350\243\205DDE.md" "b/docs/zh/docs/desktop/\345\256\211\350\243\205DDE.md" new file mode 100644 index 0000000000000000000000000000000000000000..89cd58f968a0068492e1984f6c2fe724b29760c0 --- /dev/null +++ "b/docs/zh/docs/desktop/\345\256\211\350\243\205DDE.md" @@ -0,0 +1,42 @@ +# 在 openEuler 上安装 DDE + +## 简介 + +DDE是统信软件团队研发的一款功能强大的桌面环境。包含数十款功能强大的桌面应用,是真正意义上的自主自研桌面产品。 + +## 安装方法 + +1. [下载](https://www.openeuler.org/zh/download/archive/detail/?version=openEuler%2020.03%20LTS%20SP4)openEuler ISO镜像并安装系统。 + +2. 更新软件源 + + ```bash + sudo dnf update + ``` + +3. 安装DDE + + ```bash + sudo dnf install dde + ``` + +4. 设置以图形界面的方式启动 + + ```bash + sudo systemctl set-default graphical.target + ``` + +5. 重启 + + ```bash + sudo reboot + ``` + +6. 在重启完成后,使用安装过程中创建的用户或openeuler用户登录桌面。 + +> ![](./public_sys-resources/icon-note.gif)注意: +> + > DDE桌面无法使用root帐号登录。 + > DDE内置了openeuler用户,此用户的密码为openeuler。 + +现在您可以尽情的使用DDE桌面了。 diff --git "a/docs/zh/docs/desktop/\345\256\211\350\243\205UKUI.md" "b/docs/zh/docs/desktop/\345\256\211\350\243\205UKUI.md" new file mode 100644 index 0000000000000000000000000000000000000000..9c3e6edb879b6e3358be115a4851b96a72ab5cce --- /dev/null +++ "b/docs/zh/docs/desktop/\345\256\211\350\243\205UKUI.md" @@ -0,0 +1,21 @@ +# 在 openEuler 上安装 UKUI + +UKUI是麒麟软件团队历经多年打造的一款Linux 桌面,主要基于 GTK 和 QT开发。与其他UI界面相比,UKUI更加注重易用性和敏捷度,各元件相依性小,可以不依赖其他套件而独自运行,给用户带来亲切和高效的使用体验。 + +UKUI支持x86_64和aarch64两种架构。 + +安装时,建议新建一个管理员用户。 + +1.下载 openEuler 20.03 LTS SP4 镜像并安装系统。 +``` +sudo dnf update +``` +2.安装UKUI。 +``` +sudo dnf install ukui +``` +3.在确认正常安装后,如果希望以图形界面的方式启动,请在命令行运行以下代码,并重启(`reboot`)。 +``` +systemctl set-default graphical.target +``` +目前UKUI版本还在不断的更新,最新的安装方法请查阅:openEuler UKUI Issue库。 \ No newline at end of file diff --git "a/docs/zh/docs/eNFS/enfs\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/docs/zh/docs/eNFS/enfs\344\275\277\347\224\250\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..6428d6a3c227982585f87555d0eaff44c3cdd8fe --- /dev/null +++ "b/docs/zh/docs/eNFS/enfs\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -0,0 +1,156 @@ +# eNFS 使用指南 + +## 简介 + +非结构化数据高速增长,用户在数据共享访问、数据频繁改写、数据本地/异地灾备保护,以及数据权限/资源管控等场景,NAS 成为海量非结构化生产业务的最佳选择。在 NAS 生产业务中 NFS 协议使用广泛, 但是原生 NFS 客户端在性能和可靠性方面存在一些不足, 主要体现在以下3个方面: + +1. 一个挂载点仅绑定一个 IP,IO 路径软硬件故障,业务 IO 挂死。 +2. 云内云外跨三层网络双活的链路无法自动切换。 +3. 一个挂载点仅绑定一个 IP,高负载业务场景下 NFS 客户端性能存在瓶颈。 + +eNFS 特性, 对原生 NFS 进行增强, 通过多链路等技术很好的解决这些问题, 极大提升业务的性能与稳定性。eNFS 特性通过 mount 命令进行挂载 NFS 共享时,使用 -o 参数指定本机与 NFS serve 的 IP 列表, eNFS 特性会根据这些 IP 列表创建多条链路, 在进行文件操作时 eNFS 将 IO 通过 RoundRobin 方式负载均衡到多条链路上以提升性能(当前版本负载均衡只支持 NFS V3)。并且在 IO 过程中如果出现部分链路故障,eNFS 也会将超时的 IO 快速分发到可用链路上,以解决业务挂死问题。 + +## 软硬件要求 + +使用 eNFS 特性 所使用的机器需要满足如下软硬件要求: + +- CPU 架构为 AArch64 或者 x86_64 +- 操作系统为 openEuler 20.03 LTS SP4 + +## eNFS 配置 + +eNFS 是对原生NFS 进行增强,配置需要在 NFS 客户端进行操作, 无需在 NFS server 侧配置。 + +通过配置文件 `/etc/enfs/config.ini` 进行参数设置: + +1. 配置路径连通探测周期。 + + ```shell + path_detect_interval=10 + ``` + + 说明: 取值范围是 5 ~ 300, 默认值为 10,单位 : 秒。 + +2. 配置路径连通探测消息超过阈值未返回,将认为链路状态异常。 + + ```shell + path_detect_timeout=10 + ``` + + 说明: 取值范围是 1 ~ 60, 默认值为 10,单位 : 秒。 + +3. 配置 NFS 的文件操作的超时阈值, 当 NFS server 超时未响应时,将 IO 选其他可用链接进行。 + + ```shell + multipath_timeout=0 + ``` + + 说明: 取值范围是 0 ~ 30, 默认值为 0(0:使用 mount 命令指定的 timeo 参数, 不使用 eNFS 模块的配置),单位 : 秒。 + +4. 配置路径连通探测周期。 + + ```shell + multipath_disable=0 + ``` + + 说明: 取值为 0 或者 1, 默认值为 0 (0 :启用 eNFS 特性)。 + +## eNFS使用 + +eNFS 是对原生 NFS 客户端的增强, 访问 NFS server 仍然是使用 mount 命令进行挂载。 如果需要使用 eNFS 功能, 则使用 - o 可选参数 localaddrs 和 remoteaddrs 进行指定 IP 列表。 + +当不输入这 2 个可选参数时, 则是不使用 eNFS 特性, 此时功能与原来 NFS 客户端一致。 + +### 命令格式 + +命令的使用格式为: + + ```shell + mount -t nfs -o [localaddrs=127.17.0.1-127.17.0.4],[remoteaddrs=127.17.0.20-127.17.0.24] 127.17.0.20:/test /mnt/test + ``` + +### 参数说明 + +| 参数 | 是否必选 | 参数含义 | +| -------- | ------- | --------| +| localaddrs | 否 | 当 NFS 客户端本机有多个 IP 可以与 NFS server 连通时, 可以输入此参数指定用于 NFS 挂载的本机 IP 列表,如果不指定则由操作系统进行自动选择 。
    IP 地址段使用‘-’标识,多个 IP 用‘~’隔开,最多8个 IP。 | +| remoteaddrs | 否 | 当 NFS server 有多个 ip 可以与 NFS 客户端连通时, 可以输入此参数指定用于 NFS 挂载的 NFS server IP 列表。
    如果不指定则使用mount参数中 NFS server挂载点的 IP, 如上图示例中的127.17.0.20。
    IP 地址段使用‘-’标识,多个 IP 用‘~’隔开,最多8个 IP。
    注意: remoteaddrs 指定的 IP 列表 必须都归属为 同一个 NFS server 或者 NFS server 集群系统。 | + +后续也可使用 `mount -o remount,[localaddrs=127.17.0.1-127.17.0.4],[remoteaddrs=127.17.0.20-127.17.0.24]` 进行 IP 列表的修改。 + +## eNFS链路状态查看 + +使用 mount 挂载 NFS 共享后,可以查看多条链路的状态。具体操作如下。 + +### 查看步骤 + +1. 先使用 mount 命令查看各个挂载点的 enfs_info 信息。 + + ```shell + [root@localhost ~]# mount + 8.47.219.120:/fszhn1 on /mnt/fszhn1 type nfs (rw,relatime,vers=3,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=8.47.219.120,mountvers=3,mountport=2050,mountproto=udp,local_lock=none,addr=8.47.219.120,remoteaddrs=8.47.219.121~8.47.219.122~8.47.219.123~8.47.219.124,enfs_info=8.47.219.120_1) + ``` + + 其中enfs_info 为 8.47.219.120_1。 + +2. 获取到 enfs_info 后,使用 eNFS 命令查看路径状态和 IO 统计。 + + 1) 查看链路状态, 命令格式: + + ```shell + cat /proc/enfs/8.47.219.120_1/path + ``` + + 其中 8.47.219.120_1 是第一步获取到的 enfs_info 信息。 + + ```shell + [root@localhost ~]# cat /proc/enfs/8.47.219.120_1/path + id local_addr remote_addr path_state xprt_state + 0 8.47.210.220 8.47.219.120 Normal CONNECTED|BOUND + 1 8.47.210.220 8.47.219.121 Normal CONNECTED|BOUND + 2 8.47.210.220 8.47.219.122 Normal CONNECTED|BOUND + 3 8.47.210.220 8.47.219.123 Normal CONNECTED|BOUND + 4 8.47.210.220 8.47.219.124 Normal CONNECTED|BOUND + ``` + + 字段含义 + + | 字段 | 含义 | + | ----------- | ----------------------- | + | id | 链路的序号 | + | local_addr | 此链路的本机 IP | + | remote_addr | 此链路的 NFS server IP | + | path_state | 此链路当前健康状态
    Init     -- 初始状态
    Normal  -- 链路正常
    Fault      -- 链路异常 | + | xprt_state | 此链路当前运行状态
    CONNECTED   -- 已连接
    CONNECTING    -- 正在建立链路
    BOUND    -- 此链路已经可以接收、发送 IO  | + + 2) 查看链路 IO 统计, 命令格式: + + ```shell + cat /proc/enfs/8.47.219.120_1/stat + ``` + + 其中 8.47.219.120_1 是 enfs_info 信息。 + + ```shell + [root@localhost ~]# cat /proc/enfs/8.47.219.120_1/stat + id local_addr remote_addr r_count r_rtt r_exec w_count w_rtt w_exec + 0 8.47.210.220 8.47.219.120 0 0 0 0 0 0 + 1 8.47.210.220 8.47.219.121 0 0 0 6 5 23 + 2 8.47.210.220 8.47.219.122 0 0 0 7 6 17 + 3 8.47.210.220 8.47.219.123 0 0 0 0 0 0 + 4 8.47.210.220 8.47.219.124 0 0 0 0 0 0 + ``` + + 字段含义 + + | 字段 | 含义 | + | ----------- | ---------------------------------------------------------- | + | id | 链路的序号 | + | local_addr | 此链路的本机 IP | + | remote_addr | 此链路的 NFS server IP | + | r_count | 此链路上发送的读 IO 次数 | + | r_rtt | 此链路上发送的读 IO RPC层处理的平均时延, 单位:毫秒 | + | r_exec | 此链路上发送的读 IO NFS server 处理的平均时延, 单位:毫秒 | + | w_count | 此链路上发送的写 IO 次数 | + | w_rtt | 此链路上发送的写 IO RPC层处理的平均时延, 单位:毫秒 | + | w_exec | 此链路上发送的写 IO NFS server 处理的平均时延, 单位:毫秒 | diff --git a/docs/zh/docs/secGear/figures/architecture.png b/docs/zh/docs/secGear/figures/architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..9f2f15ebaa8404ae10cd770b514b7efa78c7538d Binary files /dev/null and b/docs/zh/docs/secGear/figures/architecture.png differ diff --git a/docs/zh/docs/secGear/secGear.md b/docs/zh/docs/secGear/secGear.md new file mode 100644 index 0000000000000000000000000000000000000000..c2bbd422a3a315005adfed7768acb1f6439a8377 --- /dev/null +++ b/docs/zh/docs/secGear/secGear.md @@ -0,0 +1,3 @@ +# secGear 开发指南 + +本文档介绍如何使用 secGear 统一机密计算编程框架开发应用程序,以及所包含工具的使用方法。 \ No newline at end of file diff --git "a/docs/zh/docs/secGear/\344\275\277\347\224\250secGear\345\267\245\345\205\267.md" "b/docs/zh/docs/secGear/\344\275\277\347\224\250secGear\345\267\245\345\205\267.md" new file mode 100644 index 0000000000000000000000000000000000000000..85d79c05a1bfdf5633ca611be3a628c2de659a34 --- /dev/null +++ "b/docs/zh/docs/secGear/\344\275\277\347\224\250secGear\345\267\245\345\205\267.md" @@ -0,0 +1,155 @@ +# 使用 secGear 工具 + +secGear 提供了一套工具集,方便用户开发应用程序。本章介绍相关工具及其使用方法。 + +## 代码生成工具 codegener + +### 简介 + +secGear codegener 是基于 intel SGX SDK edger8r 开发的工具,用于解析 EDL 文件生成中间 C 代码,即辅助生成安全测与非安全侧文件互相调用的代码。 + +secGear codegener 定义的 EDL 文件格式与 intel SGX SDK edger8r 相同,但是不支持 Intel 的完整语法定义: + +- 只能在方法中使用 public,不加 public 的函数声明默认为 private +- 不支持从非安全侧到安全侧,以及安全侧到非安全侧的 Switchless Calls +- OCALL(Outside call) 不支持部分调用模式(如 cdecl,stdcall,fastcall) + +EDL 文件语法为类 C 语言语法,这里主要描述与 C 语言的差异部分: + +| 成员 | 含义 | +| ----------------------- | ------------------------------------------------------------ | +| include "my_type.h" | 使用外部包含文件中定义的类型 | +| trusted | 声明 TA(Trusted Application)侧可用安全函数 | +| untrusted | 声明 TA 侧可用不安全函数 | +| return_type | 定义返回值类型 | +| parameter_type | 定义参数类型 | +| [in , size = len] | 对ecall而言,表示该参数需要将数据从非安全侧传入安全侧,ocall反之(指针类型需要使用此参数,其中 size 表示实际使用的 buffer) | +| [out, size = len] | 对ecall而言,表示该参数需要将数据从安全侧传出到非安全侧,ocall反之(指针类型需要使用此参数,其中 size 表示实际使用的 buffer) | + + + +### 使用说明 + +#### **命令格式** + +codegen 的命令格式如下: + +**codegen** < --trustzone | --sgx > [--trusted-dir | **--untrusted-dir** | --trusted | --untrusted ] edlfile + +#### **参数说明** + +各参数含义如下: + +| **参数** | 是否可选 | 参数含义 | +| ---------------------- | -------- | ------------------------------------------------------------ | +| --trustzone \| --sgx | 必选 | 只在当前运行命令目录下生成机密计算架构对应接口函数,不加参数默认生成 SGX 接口函数 | +| --search-path | 可选 | 用于指定被转译的edl文件所依赖文件的搜索路径 | +| --use-prefix | 可选 | 用于给代理函数名称加上前缀,前缀名为edl的文件名 | +| --header-only | 可选 | 指定代码生成工具只生成头文件 | +| --trusted-dir | 可选 | 指定生成安全侧辅助代码所在目录,不指定该参数默认为当前路径 | +| --untrusted-dir | 可选 | 指定生成非安全侧函数辅助代码所在目录 | +| --trusted | 可选 | 生成安全侧辅助代码 | +| --untrusted | 可选 | 生成非安全侧辅助代码 | +| edlfile | 必选 | 需要转译的 EDL 文件,例如 hello.edl | + + + +#### 示例 + +- 转译 *helloworld.edl* ,在 *enclave-directory* 下生成安全侧辅助代码,*host-directory* 下生成非安全辅助代码的命令示例如下: + +```shell +$ codegen --sgx --trusted-dir enclave-directory --untrusted-dir host-directory helloworld.edl +``` + +- 转译 *helloworld.edl* ,在当前目录生成安全侧辅助代码,不生成非安全辅助代码的命令示例如下: + +```shell +$ codegen --sgx --trusted helloworld.edl +``` + +- 转译 *helloworld.edl* ,在当前目录生成非安全侧辅助代码,不生成安全辅助代码的命令示例如下: + +```shell +$ codegen --sgx --untrusted helloworld.edl +``` + +- 转译 *helloworld.edl* ,在 当前目录生成安全侧和非安全侧辅助代码的命令示例如下: + +```shell +$ codegen --sgx helloworld.edl +``` + + + +## 签名工具 sign_tool + +### 简介 + +secGear sign_tool 是一款命令行工具,包含编译工具链和签名工具,用于 enclave 签名。sign_tool 有两种签名形式: + +- 单步签名:仅适用于 debug 调试模式 +- 两步签名:商用场景。需要从第三方平台或者独立的安全设备获取签名私钥,对 envlave 进行签名 + + + +### 使用指导 + +#### **命令格式** + +sign_tool 包含 sign 指令(对 enclave 进行签名)和 digest 指令(生成摘要值)。命令格式为: + +**sign_tool.sh -d** [sign | digest] **-x** **-i** **-s** [OPTIONS] **–o** + +#### **参数说明** + +| sign 指令参数 | 参数含义 | 是否必选 | +| -------------- | -------------------------------------------------------------| -------------------------------------------- | +| -c | 基本的配置文件 | 仅 trustzone 类型必选 | +| -d | 指定签名工具要进行的操作( sign 或者 digest 或者dump) | 单步仅执行sign,两步需要先执行digest,再执行sign;dump用于生成向intel申请白名单时所需的metadata数据 | +| -i | sign/digest,待签名的库文件;dump,签名后的库文件 | 必选 | +| -k | 单步签名所需私钥(pem文件) | 仅 SGX 类型必选 | +| -m | 安全配置文件 mainfest.txt,由用户自行配置 | 仅 trustzone 类型必选 | +| -o | 输出文件 | 必选 | +| -p | 两步签名所需的签名服务器公钥证书(pem文件) | 仅 SGX 类型必选 | +| -s | 两步签名所需的已签名摘要值 | 必选 | +| -x | encalve type(sgx 或 trustzone) | 必选 | +| -h | 打印帮助信息 | 可选 | + + + +#### **单步签名** + +enclave 类型为 SGX,给 test.enclave 签名,输出签名文件 signed.enclave 的示例如下: + +```shell +$ sign_tool.sh –d sign –x sgx –i test.enclave -k private_test.pem –o signed.enclave +``` + + + +#### **两步签名** + +以 SGX 为例,两步签名的操作步骤如下: + +1. 生成摘要值 + + 使用 sign_tool 签名,生成摘要值 digest.data 和临时中间文件 signdata(该文件在生成签名文件时使用,并在签名后自动删除)。参考命令如下: + + ```shell + $ sign_tool.sh –d digest –x sgx –i input –o digest.data + ``` + +2. 将 digest.data 发送至签名机构或平台,并获取对应签名。 + +3. 使用获取的签名生成签名后的动态库 signed.enclave。 + + ```shell + $ sign_tool.sh –d sign –x sgx–i input –p pub.pem –s signature –o signed.enclave + ``` + +> 说明 +> +> 1.在为 trustzone 类型 enclave 签名时,建议使用绝对路径来指明文件参数,或使用相对于'signtool_v3.py'文件的相对路径 +> +> 2.为发布 Intel SGX 支持的正式版本应用,需要申请 Intel 白名单。流程请参考 Intel 文档: diff --git "a/docs/zh/docs/secGear/\345\256\211\350\243\205secGear.md" "b/docs/zh/docs/secGear/\345\256\211\350\243\205secGear.md" new file mode 100644 index 0000000000000000000000000000000000000000..eb4be0bf1dad05591ee1eec793ce8a24541413c6 --- /dev/null +++ "b/docs/zh/docs/secGear/\345\256\211\350\243\205secGear.md" @@ -0,0 +1,52 @@ +# 安装 secGear + + +## 操作系统 + +openEuler 21.03、openEuler 20.03 LTS SP2 或更高版本 + +## CPU 架构 + +#### x86_64 + +需要有 Intel SGX ( Intel Software Guard Extensions ) 功能 + +#### AArch64 + + - 硬件要求 + + | 项目 | 版本 | + | ------ | --------------------------------------------- | + | 服务器 | TaiShan 200 服务器(型号 2280),仅限双路服务器 | + | 主板 | 鲲鹏主板 | + | BMC | 1711 单板(型号 BC82SMMAB) | + | CPU | 鲲鹏 920 处理器(型号 7260、5250、5220) | + | 机箱 | 不限,建议 8 盘或 12 盘 | + + 要求运行的泰山服务器已经预置了 TrustZone 特性,即预装 iTrustee 安全 OS 以及配套的 BMC、BIOS 固件。 + + - 运行环境要求 + + CA(Client Application)应用需要 REE(Rich Execution Environment)侧 patch 才能实现与 TEE(Trusted Execution Environment)侧的 TA(Trusted Application)应用通信,在安装 secGear 前,请先搭建运行环境,操作如下: + + 1. [搭建 TA/CA 应用运行环境](https://www.hikunpeng.com/document/detail/zh/kunpengcctrustzone/fg-tz/kunpengtrustzone_04_0006.html) + + 2. [申请调测环境TA应用开发者证书](https://www.hikunpeng.com/document/detail/zh/kunpengcctrustzone/fg-tz/kunpengtrustzone_04_0009.html) + +## 安装指导 + +使用 secGear 机密计算编程框架,需要安装 secGear、secGear-devel 开发包。安装前,请确保已经配置了openEuler yum 源。 + +1. 使用 root 权限,安装 secGear 组件,参考命令如下: + + ```shell + #yum install secGear + #yum install secGear-devel + ``` + +2. 查看安装是否成功。参考命令如下,若回显有对应软件包,表示安装成功: + + ```shell + #rpm -q secGear + #rpm -q secGear-devel + ``` \ No newline at end of file diff --git "a/docs/zh/docs/secGear/\345\274\200\345\217\221secGear\345\272\224\347\224\250\347\250\213\345\272\217.md" "b/docs/zh/docs/secGear/\345\274\200\345\217\221secGear\345\272\224\347\224\250\347\250\213\345\272\217.md" new file mode 100644 index 0000000000000000000000000000000000000000..693e7ad44dbd09b6722ac9f784f44a5f1f07c8cd --- /dev/null +++ "b/docs/zh/docs/secGear/\345\274\200\345\217\221secGear\345\272\224\347\224\250\347\250\213\345\272\217.md" @@ -0,0 +1,444 @@ +# secGear 开发指南 + + +这里给出使用 secGear 开发一个 C 语言程序 helloworld 的例子,方便用户理解使用 secGear 开发应用程序。 + +## 目录结构说明 + +使用 secGear 开发的应用程序,遵循统一的目录结构如下: + +``` +├── helloworld +│ ├── CMakeLists.txt +│ ├── enclave +│ │ ├── CMakeLists.txt +│ │ ├── Enclave.config.xml +│ │ ├── Enclave.lds +│ │ ├── hello.c +│ │ ├── manifest.txt.in +│ │ └── rsa_public_key_cloud.pem +│ ├── helloworld.edl +│ └── host +│ ├── CMakeLists.txt +│ └── main.c +``` + +## 快速入门 + +1. 创建程序工作目录 helloworld,并在 helloworld 目录下新建 enclave 和 host + +2. 编写 EDL(Encalve Definition Language)文件 + + 为了确保开发代码的一致性,secGear 提供了 secgear_urts.h 和 secgear_tstdc.edl 用于屏蔽底层 Intel SGX 和 ARM iTrustee 之间的差异。因此,使用到 C 语言函数库时,EDL 文件默认需要导入 secgear_urts.h 和 secgear_tstdc.edl。helloworld.edl 文件参考如下: + + ```c + enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + trusted { + public int get_string([out, size=32]char *buf); + }; + }; + ``` + + 说明:EDL 语法详细信息请参见 Intel SGX 开发指南中对应内容。 + +3. 编写顶层文件 CMakeLists.txt + + 编写顶层文件 CMakeLists.txt,置于 helloworld 工作目录下,用于配置编译时的处理器架构、所需的 EDL 文件等信息。 + + 其中,EDL_FILE 是 EDL 文件,需用户指定,例子中为 helloworld.edl。DPATH 是安全侧加载动态库,配置如例子中所示。 + + ```c + cmake_minimum_required(VERSION 3.12 FATAL_ERROR) + project(HelloWorld C) + set(CMAKE_C_STANDARD 99) + set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + set(EDL_FILE helloworld.edl) + set(LOCAL_ROOT_PATH "$ENV{CC_SDK}") + set(SECGEAR_INSTALL_PATH /lib64/) + if(CC_GP) + set(CODETYPE trustzone) + set(CODEGEN codegen_arm64) + execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID) + string(REPLACE "\n" "" UUID ${UUID}) + add_definitions(-DPATH="/data/${UUID}.sec") + endif() + if(CC_SGX) + set(CODETYPE sgx) + set(CODEGEN codegen_x86_64) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") + endif() + add_subdirectory(${CURRENT_ROOT_PATH}/enclave) + add_subdirectory(${CURRENT_ROOT_PATH}/host) + ``` + + + +4. 编写非安全侧代码和 CMakeLists.txt + + 4.1 编写 main.c + + 编写非安全侧 main.c,置于 host目录。enclave.h 为 secGear 头文件,helloworld_u.h 为辅助代码生成工具生成的头文件。使用 cc_enclave_create 创建安全区 enclave 上下文,cc_enclave_destroy 销毁安全区上下文。 + get_string 为 EDL 文件中定义 trusted 的安全侧函数,注意这里与 EDL 中定义的 get_string 有差别,多出两个参数 context 为安全区上下文,retval 为 EDL 中get_string 的返回值。 + res 为 get_string 调用成功标志。 + + ```c + #include + #include "enclave.h" + #include "helloworld_u.h" + + #define BUF_LEN 32 + + int main() + { + int retval = 0; + char *path = PATH; + char buf[BUF_LEN]; + cc_enclave_t *context = NULL; + cc_enclave_result_t res; + res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); + ... + + res = get_string(context, &retval, buf); + if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { + printf("Ecall enclave error\n"); + } else { + printf("%s\n", buf); + } + + if (context != NULL) { + res = cc_enclave_destroy(context); + ... + } + return res; + } + ``` + + 4.2 编写非安全侧 CMakeLists.txt + + ```c + # 设置编译环境变量 + #set auto code prefix + set(PREFIX helloworld) + #set host exec name + set(OUTPUT secgear_helloworld) + #set host src code + set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c) + + # 使用代码生成工具生成辅助代码。CODEGEN 和 CODETYPE 变量也在顶层 CMakeLists.txt 中定义。--search-path 用于指定 helloword.edl 中导入依赖的其他 EDL 文件路径 + #set auto code + if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) + endif() + + if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SGXSDK}/include) + endif() + + # 设置编译选项和链接选项 + set(CMAKE_C_FLAGS "-fstack-protector-all -W -Wall -Werror -Wextra -Werror=array-bounds -D_FORTIFY_SOURCE=2 -O2 -ftrapv -fPIE") + set(CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack") + + # 编译链接引用目录 + if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + /usr/include/secGear/host_inc + /usr/include/secGear/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH}) + endif() + target_link_libraries(${OUTPUT} secgear) + endif() + if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${SECGEAR_INSTALL_PATH} ${SGXSDK}/lib64) + endif() + set(SGX_MODE HW) + if(${SGX_MODE} STREQUAL HW) + set(Urts_Library_Name sgx_urts) + else() + set(Urts_Library_Name sgx_urts_sim) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES} ${LOCAL_ROOT_PATH}/src/host_src/sgx/sgx_log.c) + target_include_directories(${OUTPUT} PRIVATE + /usr/include/secGear/host_inc + /usr/include/secGear/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${SECGEAR_INSTALL_PATH} ${SGXSDK}/lib64) + endif() + target_link_libraries(${OUTPUT} secgear ${Urts_Library_Name}) + endif() + + # 指定二进制安装目录 + set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + if(CC_GP) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) + endif() + if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) + endif() + ``` + + + +5. 编写安全侧代码、CMakeLists.txt 和配置文件,放在 enclave 目录 + + 5.1 编写安全侧代码 hello.c + + 编写安全侧代码 hello.c,置于 enclave 目录。其中,helloworld_t.h 为辅助代码生成工具,通过 EDL 文件生成的安全侧头文件。 + + ```c + #include + #include + #include "helloworld_t.h" + + #define TA_HELLO_WORLD "secGear hello world!" + #define BUF_MAX 32 + int get_string(char *buf) + { + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; + } + ``` + + 5.2 编写安全侧 CMakeLists.txt + + ``` + #set auto code prefix + set(PREFIX helloworld) + + #set sign key + set(PEM Enclave_private.pem) + + #set sign tool + set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + + #set enclave src code + set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/hello.c) + + #set log level + set(PRINT_LEVEL 3) + add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + + # WHITE_LIS_X 设置 itrustee 白名单,只有这些路径的主机二进制文件可以调用此安全映像,并且最多可以配置 8 个列表路径。WHITE_LIST_OWNER 设置用户,此用户将应用于所有白名单路径。DEVICEPEM 公钥由itrustee 使用,并用于通过动态生成的 aes 密钥加密安全侧的安全动态库。 + if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set itrustee device key + set(DEVICEPEM ${CMAKE_CURRENT_SOURCE_DIR}/rsa_public_key_cloud.pem) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) + endif() + + # SGX 安全侧动态库签名 + if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SGXSDK}/include) + endif() + + # 设置编译选项 + set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + + set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + + # itrustee 需生成 manifest.txt。指定 itrustee 编译选项和头文件、链接文件的搜索路径 + if(CC_GP) + configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt") + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${iTrusteeSDK}/) + set(ITRUSTEE_LIBC ${iTrusteeSDK}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -m ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt + -e ${DEVICEPEM} -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + DESTINATION /data + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + + endif() + + if(CC_SGX) + set(SGX_DIR ${SGXSDK}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${LINK_LIBRARY_PATH}) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH}) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) + endif() + + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) + ``` + + + +6. 编写配置文件 + + 针对使用 Intel SGX 的 x86_64 处理器架构,请编写 Enclave.config.xml 和 Enclave.lds 文件,置于安全侧 enclave 目录。文件的具体配置格式请参见 SGX 官方文档。 + + Enclave.config.xml 参考: + + ```c + + 0 + 0 + 0x40000 + 0x100000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + + ``` + + Enclave.lds 参考: + + ```c + enclave.so + { + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; + }; + ``` + + 将设备公钥文件 rsa_public_key_cloud.pem 复制到 enclave 目录。此处的设备公钥用于使用临时生成的 aes 密钥对安全区动态库进行加密。 + + 说明:rsa_public_key_cloud.pem 文件下载路径:[https://gitee.com/openeuler/itrustee_sdk/blob/master/build/signtools/rsa_public_key_cloud.pem](https://gitee.com/openeuler/itrustee_sdk/blob/master/build/signtools/rsa_public_key_cloud.pem) + + + +7. 编译程序 + + SGX 版本编译命令如下,编译后将生成可执行程序 secgear_helloworld + + ```shell + cmake -DCMAKE_BUILD_TYPE=debug -DCC_SGX=ON -DSGXSDK="PATH" ./ && make + ``` + + + +8. 执行程序 + + ```c + $ ./secgear_helloworld + Create secgear enclave + secgear hello world! + ``` + + diff --git "a/docs/zh/docs/secGear/\346\216\245\345\217\243\345\217\202\350\200\203.md" "b/docs/zh/docs/secGear/\346\216\245\345\217\243\345\217\202\350\200\203.md" new file mode 100644 index 0000000000000000000000000000000000000000..376a69192a67559febdcc28139fe974c9a39eee3 --- /dev/null +++ "b/docs/zh/docs/secGear/\346\216\245\345\217\243\345\217\202\350\200\203.md" @@ -0,0 +1,292 @@ +# 接口说明 + +secGear 机密计算统一编程框架分为安全侧和非安全侧,这里给出用户开发应用程序所需的接口。除这些接口外,安全侧还继承了 ARM TrustZone 和 Intel SGX 的开源 POSIC 接口。 + +## cc_enclave_create + +创建 enclave 接口 + +**功能**: + +初始化接口,函数根据不同 type,调用不同的 TEE 创建函数,完成不同 TEE 方案关于 enclave 上下文初始化,由非安全侧调用 + +**函数声明:** + +cc_enclave_result_t cc_enclave_create(const char* path, enclave_type_t type, uint32_t version,uint32_t flags,const enclave_features_t* features,uint32_t features_count, + cc_enclave_t ** enclave); + +**参数:** + +- Path:入参,要加载的 enclave 路径 +- Type:入参,用来指定 TEE 解决方案, 如 SGX_ENCLAVE_TYPE、GP_ENCLAVE_TYPE、AUTO_ENCLAVE_TYPE +- version:入参,指定的 enclave engine 的版本,目前只有一个版本,取值为 0。 +- Flags:入参,标志位,说明这个 enclave 运行状态,例如调试状态 SECGEAR_DEBUG_FLAG、模拟状态 SECGEAR_SIMULATE_FLAG(目前不支持) +- features:入参,用于设置一些关于 enclave 支持的特性,例如 SGX 的 PCL、 switchless 等。目前不支持,请设置为 NULL +- features_count:入参,入参 features 特性结构体的数量。目前不支持,请设置为 0 +- enclave:出参,创建的 enclave 上下文 + +**返回值:** + +- CE_SUCCESS:认证信息验证成功 +- CE_ERROR_INVALID_PARAMETER:输入参数有误 +- CE_ERROR_OUT_OF_MEMORY:无可用内存 +- CC_FAIL:通用错误 +- CC_ERROR_UNEXPECTED:不可预期错误 +- CC_ERROR_ENCLAVE_MAXIMUM:单个 app 创建的 enclave 数量达到最大 +- CC_ERROR_INVALID_PATH:安全二进制路径无效 +- CC_ERROR_NO_FIND_REGFUNC:enclave 引擎搜索失败 + + + +## cc_enclave_destroy + +销毁 enclave 接口 + +**功能**: + +调用不同 TEE 的退出函数,释放已经创建的 enclave 实体,由非安全侧调用 + +**函数声明:** + +cc_enclave_result_t cc_enclave_destroy (cc_enclave_t ** enclave); + +**参数:** + +- enclave:入参,已经创建 enclave 的上下文 + +**返回值:** + +- CE_SUCCESS:认证信息验证成功 +- CE_ERROR_INVALID_PARAMETER:输入参数有误 +- CE_ERROR_OUT_OF_MEMORY:无可用内存 +- CC_ERROR_NO_FIND_UNREGFUNC:enclave引擎搜索失败 +- CC_FAIL:通用错误 +- CC_ERROR_UNEXPECTED:不可预期错误 + + + +## cc_enclave_generate_random + +随机数生成 + +**功能**: + +用于在安全侧生成密码安全的随机数 + +**函数声明:** + +cc_enclave_result_t cc_enclave_generate_random(void *buffer, size_t size) + +**参数:** + +- *buffer:入参,生成随机数的缓冲区 +- size:入参,缓冲区的长度 + +**返回值:** + +- CE_OK:认证信息验证成功 +- CE_ERROR_INVALID_PARAMETER:输入参数有误 +- CE_ERROR_OUT_OF_MEMORY:无可用内存 + + + +## cc_enclave_seal_data + +数据持久化 + +**功能**: + +用于加密 enclave 内部数据,使数据可以在 enclave 外部持久化存储,由安全侧调用 + +**函数声明:** + +cc_enclave_result_t cc_enclave_seal_data(uint8_t *seal_data, uint32_t seal_data_len, + +​ cc_enclave_sealed_data_t *sealed_data, uint32_t sealed_data_len, + +​ uint8_t *additional_text, uint32_t additional_text_len) + +**参数:** + +- seal_data:入参,需要加密的数据 +- seal_data_len:入参,需要加密数据的长度 +- sealed_data:出参,加密后的数据处理句柄 +- sealed_data_len:出参,加密后的密文长度 +- additional_text:入参,加密所需的附加消息 +- additional_text_len:入参,附加消息长度 + +**返回值:** + +- CE_SUCCESS:数据加密成功 +- CE_ERROR_INVALID_PARAMETER:输入参数有误 +- CE_ERROR_OUT_OF_MEMORY:无可用内存 +- CC_ERROR_SHORT_BUFFER:传入的buffer过小 +- CC_ERROR_GENERIC:底层硬件通用错误 + +## cc_enclave_unseal_data + +数据解密 + +**功能**: + +用于解密 enclave 密封过的数据,用于将外部持久化数据重新导回 enclave 环境中,由安全侧调用 + +**函数声明:** + +cc_enclave_result_t cc_enclave_unseal_data(cc_enclave_sealed_data_t *sealed_data, + + uint8_t *decrypted_data, uint32_t *decrypted_data_len, + + uint8_t *additional_text, uint32_t *additional_text_len) + +**参数:** + +- sealed_data:入参,已加密数据的句柄 +- decrypted_data:出参,解密之后的密文数据buffer +- decrypted_data_len:出参,解密后密文长度 +- additional_text:出参,解密后附加消息 +- additional_text_len:出参,解密后附加消息长度 + +**返回值:** + +- CE_SUCCESS:数据解密成功 +- CE_ERROR_INVALID_PARAMETER:输入参数有误 +- CE_ERROR_OUT_OF_MEMORY:无可用内存 +- CC_ERROR_SHORT_BUFFER:传入的buffer过小 +- CC_ERROR_GENERIC:底层硬件通用错误 + +## cc_enclave_get_sealed_data_size + +获取加密数据的大小 + +**功能**: + +用于 sealed_data 数据的大小,主要用于分配解密后的数据空间,由安全侧与非安全侧皆可调用 + +**函数声明:** + +uint32_t cc_enclave_get_sealed_data_size(const uint32_t add_len, const uint32_t seal_data_len); + +**参数:** + +- add_len:入参,附加消息长度 +- seal_data_len:入参,加密信息的长度 + +**返回值:** + +- UINT32_MAX:参数错误或函数执行错误 +- others:函数执行成功,返回值为当前 sealed_data 结构的大小 + +## cc_enclave_get_encrypted_text_size + +获取加密消息的长度 + +**功能**: + +获取加密数数据中加密消息的长度,由安全侧调用 + +**函数声明:** + +uint32_t cc_enclave_get_encrypted_text_size(const cc_enclave_sealed_data_t *sealed_data); + +**参数:** + +- sealed_data:入参,加密数据的句柄 + +**返回值:** + +- UINT32_MAX:参数错误或函数执行错误 +- others:函数执行成功,返回值为当前 sealed_data 中加密消息的长度 + + + +## cc_enclave_get_add_text_size + +获取附加消息的长度 + +**功能**: + +获取加密数据中附加消息的长度,由安全侧调用 + +**函数声明:** + +uint32_t cc_enclave_get_add_text_size(const cc_enclave_sealed_data_t *sealed_data); + +**参数:** + +- sealed_data:入参,加密数据的句柄 + +**返回值:** + +- UINT32_MAX:参数错误或函数执行错误 +- others:函数执行成功,返回值为当前sealed_data中附加消息的长度 + + + +## cc_enclave_memory_in_enclave + +安全内存检查。当前,本接口只支持Intel SGX调用,不支持iTrustee调用,在iTrustee架构下,用户的安全进程 +无法对非安全侧内存地址进行写入,因此用户编写安全程序时不需要调用此接口进行检查。 + +**功能**: + +用于校验指定长度的内存地址是否都属于安全侧内存,由安全侧调用 + +**函数声明:** + +bool cc_enclave_memory_in_enclave(const void *addr, size_t size) + +**参数:** + +- *addr:入参,指定需要校验的内存地址 +- size:入参,自内存地址起需要校验的长度 + +**返回值:** + +- true:指定区域内存都在安全区范围内 +- false:指定区域的内存有部分或者全部不在安全范围内 + +## cc_enclave_memory_out_enclave + +安全内存检查。当前,本接口只支持Intel SGX调用,不支持iTrustee调用,在iTrustee架构下,用户的安全进程 +无法对非安全侧内存地址进行写入,因此用户编写安全程序时不需要调用此接口进行检查。 + +**功能**: + +用于校验指定长度的内存地址是否都属于非安全侧内存,由安全侧调用 + +**函数声明:** + +bool cc_enclave_memory_out_enclave(const void *addr, size_t size) + +**参数:** + +- *addr:入参,指定需要校验的内存地址 +- size:入参,自内存地址起需要校验的长度 + +**返回值:** + +- true:指定区域内存都在非安全区 +- false:指定区域的内存有部分或者全部在安全区 + +## PrintInfo + +消息打印 + +**功能**: + +用于安全侧日志的打印,本接口输出安全侧用户想打印的信息,输入日志保存在非安全侧/var/log/secgear/secgear.log中 + +**函数声明:** + +void PrintInfo(int level, const char *fmt, ...); + +**参数:** + +- level:入参,日志打印等级,可选项为PRINT_ERROR, PRINT_WARNING, PRINT_STRACE, PRINT_DEBUG +- fmt: 入参,需要输出的字符串 + + +**返回值:** + +- 无 diff --git "a/docs/zh/docs/secGear/\350\256\244\350\257\206secGear.md" "b/docs/zh/docs/secGear/\350\256\244\350\257\206secGear.md" new file mode 100644 index 0000000000000000000000000000000000000000..9c0936ccc5e75144d524300172278290e3cc21a9 --- /dev/null +++ "b/docs/zh/docs/secGear/\350\256\244\350\257\206secGear.md" @@ -0,0 +1,19 @@ +### 概述 + +随着云计算的快速发展,越来越多的企业把计算业务部署到云上,对数据的保护变得更加复杂,同时,数据泄露是云计算面临的重大安全问题。因此,如何保障用户数据在云上的安全变得尤为重要。当前对数据的保护通常注重离线存储安全和网络传输安全,缺乏对数据运行时的安全防护。为了保障云端数据运行时的安全性,方便开发者开发云上应用,openEuler 推出了 secGear 。 + +secGear 是统一机密计算编程框架,提供了易用的开发套件,包括安全区(使用 secGear 编程会将系统区分为安全区域和非安全区域) 生命周期管理、安全开发库、代码辅助生成工具、代码构建与签名工具、安全能力和安全服务组件实现方案。可用于信任环、密态数据库、多方计算、AI安全保护等多种场景。 + +本文档介绍 secGear 的使用方法,以便指导开发者基于 secGear 开发应用程序,从而更好地保护数据。 + +### 架构介绍 + +![](./figures/architecture.png) + +如图所示,secGear 主题包含三个层级(当前仅开源基础层 Base Layer,服务层 Service Layer和中间件层 Middleware Layer逐步开源): + +- 服务层:提供完整的运行在安全侧的安全服务。 + +- 中间件层:提供一套协议接口,满足用户基本安全应用。 + +- 基础层:提供丰富的 enclave 开发接口或工具,并且在安全侧支持 C POSIX APIs 和标准 OpenSSL 接口,用户基于这些接口可以自由开发安全应用程序 。 \ No newline at end of file diff --git "a/docs/zh/docs/sysSentry/AI\351\230\210\345\200\274\346\205\242\347\233\230\346\243\200\346\265\213\346\217\222\344\273\266.md" "b/docs/zh/docs/sysSentry/AI\351\230\210\345\200\274\346\205\242\347\233\230\346\243\200\346\265\213\346\217\222\344\273\266.md" new file mode 100644 index 0000000000000000000000000000000000000000..9cae3b000d57fe69ffb3365795ba80a5f2899610 --- /dev/null +++ "b/docs/zh/docs/sysSentry/AI\351\230\210\345\200\274\346\205\242\347\233\230\346\243\200\346\265\213\346\217\222\344\273\266.md" @@ -0,0 +1,157 @@ +# AI阈值慢盘检测插件 + +用户可通过AI阈值慢盘检测插件进行慢盘故障检测,当巡检插件检测到系统存在慢盘时,会将结果上报给xalarmd服务,用户可通过注册告警或get_alarm命令的方式查看告警结果(注册告警和get_alarm命令可参考《[安装和使用](./安装和使用.md)》。 + +## 使用限制 + +1. AI阈值慢盘检测插件可检出以下四种情况的慢盘: + - 压力大导致的慢盘,上报告警日志中含有关键字"io_press"; + - 盘故障导致的慢盘,上报告警日志中含有关键字"driver_slow"; + - IO栈异常导致的慢盘,上报告警日志中含有关键字"kernel_slow"; + - 未知故障导致的慢盘,上报告警日志中含有关键字"unknown"。 +2. AI阈值慢盘检测插件运行时占用系统性能(cpu利用率、内存使用率、io吞吐等)不超过整个运行环境的5%。 +3. 仅支持openEuler-20.03-LTS-SP4版本,并使用4.19.90内核。 +4. 支持对nvme-ssd、sata-ssd、sata-hdd盘进行慢盘检测。 +5. 仅支持对nvme-ssd、sata-ssd、sata-hdd盘进行慢盘检测,区分盘的方法请参考[常见问题与解决方法 - Q2](./常见问题与解决方法.md#问题2如何区分系统上的盘是什么类型)。 +6. 启动平均阈值巡检前,请确认sysSentry、xalarmd、sentryCollector服务均处于运行状态。 + + +## 安装插件 + +### 前置条件 + +已安装sysSentry巡检插件,sentryCollector采集服务已配置io相关采集项(请参考《[安装和使用](./安装和使用.md)》进行配置) + +### 安装软件包 + +```shell +yum install -y ai_block_io pysentry_notify pysentry_collect python3-numpy +``` + +### 将ai_block_io加入框架管理 + +```shell +[root@openEuler ~]# sentryctl reload ai_block_io +``` + +## 配置文件说明 + +ai_block_io插件配置文件路径:/etc/sysSentry/plugins/ai_block_io.ini,配置文件修改会在下一次启动巡检任务时生效。 + +| 配置段 | 配置项 | 配置项说明 | 默认值 | 必选项 | +| ------------------- | --------------------- | ------------------------------------------------------------ | -------------- | ------ | +| [log] | level | 记录日志的等级,可配置范围是debug/info/warning/error/critical,未配置或值异常时使用默认参数 | info | Y | +| [common] | disk | 磁盘名称,由逗号分隔,default表示当前环境上所有盘,配置异常时仅保留正确字段 | default | Y | +| [common] | stage | 监控阶段,由逗号分隔,目前已支持throtl/wbt/gettag/plug/deadline/hctx/requeue/rq_driver/bio九个阶段,根据盘种类不同提供的stage可能有不同,配置default表示盘支持的所有阶段,未配置时使用默认配置,配置异常时报错退出;注:用户自行配置时,必须包含bio阶段 | default | Y | +| [common] | iotype | io类别,由逗号分隔,共支持两种场景:read、write,未配置时使用默认配置,配置异常时报错退出 | read,write | Y | +| [common] | period_time | 插件的巡检周期,整形类型,单位为秒,数值应为sentryCollector采集周期的整数倍,且倍数不超过sentryCollector的max_save(请参考sentryCollector配置文件) | 1 | Y | +| [algorithm] | train_data_duration | AI阈值算法训练数据采集时长,单位h, 浮点类型,该字段值越大,算法统计结果越稳定。范围为0~720,未配置时使用默认配置,配置异常时报错退出 | 24 | Y | +| [algorithm] | train_update_duration | AI阈值算法阈值更新时长,浮点类型,单位h, 该字段值越小,阈值更新越快,误报越高。范围为0~train_data_duration,未配置时使用默认配置,配置异常时报错退出 | 2 | Y | +| [algorithm] | algorithm_type | AI阈值算法类型,字符串类型,该字段取值可选项为:boxplot/n_sigma,未配置时使用默认配置,配置异常时报错退出 | boxplot | Y | +| [algorithm] | boxplot_parameter | boxplot算法的参数,浮点类型,该字段值越大,对异常的敏感程度就越低。范围为0~10,未配置时使用默认配置,配置异常时报错退出 | 1.5 | N | +| [algorithm] | n_sigma_parameter | n_sigma算法的参数,浮点类型,该字段值越大,对异常的敏感程度就越低。范围为0~10,未配置时使用默认配置,配置异常时报错退出 | 3.0 | N | +| [algorithm] | win_type | AI阈值算法检测窗口类型,适用于不同的检测目的,字符串类型,该字段取值可选项为:not_continuous/continuous/median。未配置时使用默认配置,配置异常时报错退出 | not_continuous | Y | +| [algorithm] | win_size | AI阈值算法检测窗口长度,慢IO检测时只判断窗口内的数据是否为异常,整数类型,范围为0~300。未配置时使用默认配置,配置异常时报错退出 | 30 | Y | +| [algorithm] | win_threshold | AI阈值算法超阈值数量,整形类型,该字段值越小,算法上报异常速度越快,误报越高。范围为1~win_size,未配置时使用默认配置,配置异常时报错退出 | 6 | Y | +| [latency_DISK_TYPE] | read_avg_lim | 读时延平均值上限,单位us,代表窗口中读IO平均时延限制,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | 见下方注释3 | Y | +| [latency_DISK_TYPE] | write_avg_lim | 写时延平均值上限,单位us,代表窗口中写IO平均时延限制,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | 见下方注释3 | Y | +| [latency_DISK_TYPE] | read_tot_lim | 读时延绝对上限,单位us,读时延超过此数据即为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | 见下方注释3 | Y | +| [latency_DISK_TYPE] | write_tot_lim | 写时延绝对上限,单位us,写时延超过此数据即为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | 见下方注释3 | Y | +| [iodump] | read_iodump_lim | 读iodump绝对上限,整形类型,读iodump数量超过此数据即为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | 0 | Y | +| [iodump] | write_iodump_lim | 写iodump绝对上限,整形类型,写iodump数量超过此数据即为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | 0 | Y | + +>![](figures/icon-note.gif)**说明:** +>1. latency_[DISK_TYPE]、iodump配置段的所有参数调整均会影响算法的准确性,且优劣并存:若数值越大,算法漏报率越高,则数值越小,算法误报率越高。需要根据经验进行取舍。 +>2. [DISK_TYPE]为磁盘类型,目前仅支持三类:sata_ssd、nvme_ssd、sata_hdd。 +>3. 目前不同磁盘read_avg_lim/write_avg_lim/read_tot_lim/write_tot_lim默认配置不同,详情如下: +> - sata_ssd盘默认read_avg_lim为10000us, write_avg_lim为10000us, read_tot_lim为50000us, write_tot_lim为50000us; +> - nvme_ssd盘默认read_avg_lim为300us, write_avg_lim为300us, read_tot_lim为500us, write_tot_lim为500us; +> - sata_hdd盘默认read_avg_lim为15000us, write_avg_lim为15000us, read_tot_lim为50000us, write_tot_lim为50000us。 +>4. win_type选择检测类型时,各选项分别代表以下含义: +> - not_continuous:检测窗口内异常点不要求连续; +> - continuous:检测窗口内异常点要求连续; +> - median:检测窗口内所有数据点的中位数是否超过阈值。 +>5. 当选择算法类型是boxplot,boxplot_parameter是必需的;当选择算法类型是n_sigma,n_sigma_parameter是必需的。 + +### 使用AI阈值慢盘检测插件 + +1. 启动巡检 + + ```shell + sentryctl start ai_block_io + ``` + +2. 查看巡检插件状态 + + ```shell + sentryctl status ai_block_io + ``` + + 状态为RUNNING即为运行中,状态为EXITED为退出 + +3. 查看告警信息 + + ```shell + sentryctl get_alarm ai_block_io -s 1 -d + ``` + + 示例: + + ```shell + [ + { + "alarm_id": 1002, + "alarm_type": "ALARM_TYPE_RECOVER", + "alarm_level": "MINOR_ALARM", + "timestamp": "2024-10-28 09:53:41", + "alarm_info": { + "alarm_source": "ai_block_io", + "driver_name": "sda", + "io_type": "write", + "reason": "driver_slow", + "block_stack": "bio,rq_driver", + "alarm_type": "latency", + "details": { + "latency": "{'read': {'bio': [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], 'rq_driver': [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]}, 'write': {'bio': [17.8, 17.9, 18.0, 69.5, 79.2, 79.6, 80.4, 79.9, 81.2, 79.9, 76.2, 81.3, 78.7, 81.0, 81.0, 77.8, 79.1, 78.4, 82.1, 79.2, 80.1, 77.6, 79.5, 81.7, 78.4, 80.6, 77.5, 81.9, 81.1, 78.3], 'rq_driver': [15.1, 15.2, 15.3, 23.7, 28.8, 25.6, 27.0, 24.5, 28.2, 28.0, 26.0, 28.1, 27.3, 28.2, 28.7, 26.4, 26.8, 26.0, 28.1, 26.4, 27.5, 24.8, 27.7, 27.0, 25.7, 29.2, 25.6, 28.8, 27.9, 26.5]}}", + "iodump": "{'read': {'bio': [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], 'rq_driver': [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]}, 'write': {'bio': [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], 'rq_driver': [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]}}", + } + } + } + ] + ``` + + 输出结果中各字段介绍: + + | 字段 | 描述 | + | --- | --- | + | alarm_id | 用户上报告警的id,AI阈值慢盘检测插件的告警id固定为1002 | + | alarm_type | 告警的类型,AI阈值慢盘检测插件的告警类型为ALARM_TYPE_OCCUR,代表告警产生 | + | alarm_level | 告警的等级,AI阈值慢盘检测插件的告警等级为MINOR_ALM,代表系统存在异常,并且已经尝试自动隔离等方式修复 | + | timestamp | 告警上报的时间 | + | alarm_info | 告警内容详细信息,由AI阈值慢盘检测插件的自定义内容,不同的巡检插件上报的内容不一致 | + + alarm_info中各字段解释如下: + + | alarm_info中字段 | 描述 | + | --- | --- | + | alarm_source | 告警插件名称,AI阈值慢盘检测插件的固定值为ai_block_io | + | driver_name | 告警磁盘名称,如sda | + | io_type | 告警io类型,可能存在两种告警:
    1. read:读io慢盘故障告警
    2. write:写io慢盘故障告警 | + | reason | 告警原因,AI阈值慢盘检测插件可能存在以下四种不同告警原因:
    1. io_press,压力大导致的慢盘告警;
    2. driver_slow,盘故障导致的慢盘告警;
    3. kernel_slow,IO栈异常导致的慢盘告警;
    4. unknown,未知故障导致的慢盘告警; | + | block_stack | 慢io出现异常的阶段,可能出现的阶段为bio/throtl/wbt/bfq/rq_driver/gettag/plug/deadline/hctx/requeue共九个阶段的组合,九个阶段的详细介绍可参考[《二次开发指南》 - 插件事件告警上报](./二次开发指南.md#插件事件告警上报) | + | details | 告警日志内记录的信息,仅在get_alarm执行包含"-d/--detailed"选项时展示,内容为上报异常磁盘的latency(io时延数据)和iodump(io超时未完成数量)的信息 | + +4. 停止巡检 + + ```shell + sentryctl stop ai_block_io + ``` + +5. 查看巡检结果信息 + + 在巡检停止后可查看巡检结果信息: + + ```shell + sentryctl get_result ai_block_io + ``` + \ No newline at end of file diff --git a/docs/zh/docs/sysSentry/figures/icon-note.gif b/docs/zh/docs/sysSentry/figures/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/sysSentry/figures/icon-note.gif differ diff --git a/docs/zh/docs/sysSentry/figures/sysSentry.png b/docs/zh/docs/sysSentry/figures/sysSentry.png new file mode 100644 index 0000000000000000000000000000000000000000..35a0f4905a75f69c495633f81809ea14a0179b6b Binary files /dev/null and b/docs/zh/docs/sysSentry/figures/sysSentry.png differ diff --git "a/docs/zh/docs/sysSentry/sysSentry\347\224\250\346\210\267\346\214\207\345\215\227.md" "b/docs/zh/docs/sysSentry/sysSentry\347\224\250\346\210\267\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..0a08add581977e72a78b6d204c3ac6540d15fce0 --- /dev/null +++ "b/docs/zh/docs/sysSentry/sysSentry\347\224\250\346\210\267\346\214\207\345\215\227.md" @@ -0,0 +1,11 @@ +# sysSentry用户指南 +sysSentry主要提供故障巡检框架,该框架通过提供统一的北向故障上报接口以及南向提供支持不同巡检/诊断能力的插件,支持对系统中CPU、内存、磁盘、NPU等硬件故障进行巡检和诊断。 + +![syssentry](figures/sysSentry.png) + +sysSentry功能设计如下: + +1. 统一告警/事件通知服务:通过提供一个统一的告警服务,接收各个插件上报的故障信息,并由该通知服务进行统一转发,各个业务订阅服务可以根据需要进行不同故障的消息订阅。 +2. 统一日志服务:通过提供统一的日志服务,支持各个插件的故障信息进行汇总记录,提升问题定位效率。 +3. 故障诊断/巡检框架:该框架支持以插件化的方式进行各项巡检任务以及诊断任务的开发和配置,不同插件支持独立启动、停止、状态查询、结果查询以及启动方式设置,并且支持C/C++、Python、Shell等不同编程语言的插件。 +4. 轻量级数据采集服务:该服务支持通过内核接口、BIOS、BMC等接口,查询硬件的各个状态信息,供各个插件进行分析和使用,并且支持适配底层不同的架构、版本以及数据采集服务。 \ No newline at end of file diff --git "a/docs/zh/docs/sysSentry/\344\272\214\346\254\241\345\274\200\345\217\221\346\214\207\345\215\227.md" "b/docs/zh/docs/sysSentry/\344\272\214\346\254\241\345\274\200\345\217\221\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..866c143f97e3e49dbaec66cd9bfc7f43b6fbe6e9 --- /dev/null +++ "b/docs/zh/docs/sysSentry/\344\272\214\346\254\241\345\274\200\345\217\221\346\214\207\345\215\227.md" @@ -0,0 +1,488 @@ +# 二次开发指南 + +sysSentry作为一款巡检任务管理框架,除了管理已提供的插件外,也支持对用户开发的插件进行管理,想要开发一款新的插件并通过sysSentry框架进行管理,需要实现以下能力: +1. 编写插件管理配置文件 +2. 完成插件功能开发 + +本文档将详细介绍如何使用sysSentry提供的对外接口开发新的插件。 + +## 插件管理配置文件 + +用户编写的新插件可以通过sysSentry进行管理,为了达到此目的,需要用户为新插件增加对应的配置文件,该文件应放置在`/etc/sysSentry/tasks/`目录下,文件名为`[插件名].mod`,假设插件名为test,配置文件参考: + +```shell +[root@openEuler ~]# cat /etc/sysSentry/tasks/test.mod +[common] +enabled=yes # 必选,是否加载插件 +task_start=/usr/bin/test # 必选,插件启动命令 +task_stop=pkill -f /usr/bin/test # 必选,插件停止命令 +type=oneshot # 必选,插件任务类型 +alarm_id=1100 # 可选,新增alarm_id信息 +alarm_clear_time=5 # 可选,新增告警清理时间 +``` + +详细配置方法请参考[《安装和使用》 - 使用sysSentry巡检框架 - 管理巡检插件 - 配置介绍](./安装和使用.md#管理插件配置介绍) + +## 插件功能开发 + +### 插件使用限制 + +用户开发的新插件需满足如下要求: +1. 插件开发语言无限制,但建议用户优选python或c语言开发,目前sysSentry仅提供python和c语言的二次开发接口; +2. 所有插件必须为可执行文件; +3. 所有插件必须包含停止命令,执行该命令可准确的停止插件任务而不影响系统上其他程序的运行; + +### 获取采集数据(可选) + +如果用户希望通过sentryCollector采集服务获取系统数据,请参考[对接sentryCollector采集服务](#对接sentrycollector采集服务)章节。 + +### 插件事件告警上报 + +用户可通过告警上报接口将插件的告警信息上报到xalarmd服务,并通过get_alarm接口查看告警内容: + +```shell +[root@openEuler ~]# sentryctl get_alarm <插件名> +``` + +sysSentry提供python与c两种语言的对外接口。 + +#### 告警上报使用限制 +1. 告警上报仅支持告警id的范围为1001-1128共128种,其中1001固定为内存巡检占用,1002为慢IO告警占用。 +2. 告警上报最大支持8191个字符。 + +#### python实现插件告警上报 + +需要安装pysentry_notify软件包: + +```shell +[root@openEuler ~]# yum install -y pysentry_notify +``` + +**接口** 告警信息上报 + +| 接口 | xalarm_report(alarm_id, alarm_level, alarm_type, puc_paras) | +| ------ | ------------------------------------------------------------ | +| 描述 | 巡检插件可以通过该接口上报告警信息到xalarmd服务 | +| 参数 | alarm_id -- 告警id,整数类型
    alarm_level -- 告警级别,枚举类型,取值为:MINOR_ALM(一般告警)、MAJOR_ALM(严重告警)和CRITICAL_ALM(致命告警)
    alarm_type -- 告警类别,枚举类型,取值为:ALARM_TYPE_OCCUR(告警产生)和ALARM_TYPE_RECOVER(故障恢复)
    punc_params -- 告警描述信息,字符串类型 | +| 限制 | 1. 告警id限制取值范围为1001-1128。目前1001(内存巡检)、1002(慢IO检测)已被占用,不建议使用
    2. 告警描述信息,最大长度为8191,在慢IO巡检中以json格式通信,具体json中各字段可以参考下面:慢IO上报json格式说明。 | +| 返回值 | 若上报告警成功,则返回值为Ture,否则返回值为False。 | + +慢IO上报json格式说明: + +| 参数名称 | 类型 | 取值说明 | +| ------------ | ---------------- | ------------------------------------------------------------ | +| device_name | 字符串 | 发生慢IO事件的故障盘设备名,例如"/dev/sda" | +| reason | 字符串 | 慢IO事件的故障原因,取值如下范围 disk_slow:可能由于盘侧响应码导致的慢IO;kernel_stack:可能由于内核栈导致的慢IO;high_press:可能由于业务压力大导致的慢IO | +| block_stack | 字符串列表 | 存在异常的IO调用栈列表,例如["bio","rq_driver"],取值范围如下:bio、 throtl、 wbt、 gettag、plug、deadline、 hctx、requeue、rq_driver | +| io_type | 字符串 | 出现慢IO的io类型,取值范围如下:read:读io出现慢io场景;write:写io出现慢io场景 | +| alarm_source | 字符串 | 告警来源插件,取值范围如下:avg_block_io:平均阈值检测插件告警;ai_block_io:ai阈值检测插件告警 | +| alarm_type | 字符串 | 出现慢IO告警的类型,取值范围如下:latency:时延数据超过阈值产生慢io告警;iodump:超时未完成的IO数量超过阈值产生慢IO告警 | +| details | JSON格式数据列表 | 详细的IO时延数据清单 | + +示例: + +```python +from xalarm.sentry_notify import ( + xalarm_report, + MAJOR_ALM, + ALARM_TYPE_OCCUR +) + +ALARM_ID = 1002 +ALARM_MSG = """ +{ +"alarm_info": { + "alarm_source": "avg_block_io", + "driver_name": "sda", + "io_type": "write", + "reason": "IO press", + "block_stack": "bio,wbt", + "alarm_type": "latency", + "details": { + "latency": "gettag: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], rq_driver: [0,0,0,0,0,437.9,0,0,0,0,517,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], bio: [0,0,0,0,0,521.1,0,0,0,0,557.8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], wbt: [0,0,0,0,0,0,8.5,0,0,0,0,12.0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]", + "iodump": "gettag: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], rq_driver: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], bio: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], wbt: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]" + } +} +} +""" + +if __name__ == "__main__": + ret = xalarm_report(ALARM_ID, MAJOR_ALM, ALARM_TYPE_OCCUR, ALARM_MSG) + if ret == -1: + print("send failed.") +``` + +#### c语言实现插件告警上报 + +需要安装libxalarm软件包: + +```shell +[root@openEuler ~]# yum install -y libxalarm +``` + +开发环境还需要安装libxalarm-devel包(构建依赖,非运行依赖): + +```shell +[root@openEuler ~]# yum install -y libxalam-devel +``` + +**接口** 告警信息上报 + +| 接口 | int xalarm_Report(unsigned short usAlarmId, unsigned char ucAlarmLevel, unsigned char ucAlarmType, char *pucParas); | +| ------ | ------------------------------------------------------------ | +| 描述 | sysSentry告警上报接口,用于向xalarmd上报需要转发的告警 | +| 参数 | usAlarmId -- 告警id
    usAlarmLevel -- 告警级别,枚举类型,取值为:MINOR_ALM(一般告警)、MAJOR_ALM(严重告警)或CRITICAL_ALM(致命告警)
    ucAlarmType -- 告警类别,取值范围为ALARM_TYPE_OCCUR(告警产生)或ALARM_TYPE_RECOVER(故障恢复)
    pucParas -- 告警描述信息,长度上限为8191个字符 | +| 限制 | 1. 告警id限制取值范围为1001-1128。目前1001(内存巡检)、1002(慢IO检测)已被占用,不建议使用
    2. 告警描述信息最大长度为8191 | +| 返回值 | 返回0表示成功,失败返回-1 | + +示例: + +```shell +[root@openEuler ~]# cat send_alarm.c +#include +#include +#include +#include + +#define ALARMID 1002 + +int main(int argc, char **argv) +{ + int alarmId = ALARMID; + int level = MAJOR_ALM; + int type = ALARM_TYPE_OCCUR; + unsigned char *msg = "{\"" + "alarm_info\": {" + "\"alarm_source\": \"avg_block_io\"," + "\"driver_name\": \"sda\"," + "\"io_type\": \"write\"," + "\"reason\": \"IO press\"," + "\"block_stack\": \"bio,wbt\"," + "\"alarm_type\": \"latency\"," + "\"details\": {" + "\"latency\": \"gettag: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], rq_driver: [0,0,0,0,0,437.9,0,0,0,0,517,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], bio: [0,0,0,0,0,521.1,0,0,0,0,557.8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], wbt: [0,0,0,0,0,0,8.5,0,0,0,0,12.0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]\"," + "\"iodump\": \"gettag: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], rq_driver: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], bio: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], wbt: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]\"" + "}" + "}" + "}\0"; + + int ret = xalarm_Report(alarmId, level, type, msg); + + if (ret == -1) { + printf("send failed.\n"); + } + + return 0; +} +[root@openEuler ~]# gcc send_alarm.c -o send_alarm -lxalarm +``` + +### 日志记录 + +sysSentry框架运行过程中产生的日志保存在在`/var/log/sysSentry/sysSentry.log`中,可通过查看该日志获取框架运行详情。 + +#### 插件日志记录位置和格式 + +开发巡检插件时,推荐插件运行过程中产生的日志保存在`/var/log/sysSentry/`目录下,文件名命名为`[插件名].log`;日志文件名称推荐和插件名称一致。 + +日志记录相关信息时,推荐日志格式为:`<时间戳> - <日志级别> - [<文件名:行号>] - <日志消息>` +其中时间戳格式为:YYYY-MM-DD HH:MM:SS,FF , 时间戳示例为:`2006-01-02 15:04:05.99` + +日志级别可选项为:debug/info/warning/error/critical。 +选项的含义如下: +- debug:最低级别,用于记录详细的技术信息,帮助开发调试。 +- info:记录程序的正常运行信息,如启动和关闭状态。 +- warning:记录可能引起问题的情况,但不影响程序运行。 +- error:记录严重问题,导致功能失败或程序中断。 +- critical:最高级别,记录非常严重的问题,可能导致程序完全停止运行。 + +推荐程序正常运行时,日志级别设为info。 + +#### 插件日志轮转配置 +sysSentry框架及插件的日志会基于logrotate机制进行自动轮转。日志轮转是一种系统管理技术,用于管理日志文件的大小和数量,以防止日志文件占用过多的磁盘空间。 + +系统每次触发logrotate时会对sysSentry框架及插件的日志文件大小进行判断,如果日志文件超过4096k,则进行logrotate,一个插件/服务的日志最多轮转两次,轮转日志会被压缩。 + +##### 插件日志轮转配置示例 +日志轮转配置可参考`/etc/logrotate.d/sysSentry`文件进行配置。 +当前`/etc/logrotate.d/sysSentry`的配置内容如下: +```shell +/var/log/sysSentry/*.log{ + compress + missingok + notifempty + copytruncate + rotate 2 + size +4096k + hourly +} +``` +其中各项配置项含义为: +- `/var/log/sysSentry/*.log`表明对哪些日志文件进行转储,*为通配符,表示所有`/var/log/sysSentry/`目录下以.log结尾的日志文件。 +- compress表明默认将日志文件进行压缩,节省内存空间。也可配置为nocompress,表明不压缩日志文件。推荐此项默认配置为compress。 +- missingok表明如果日志缺失,logrotate不会报错,也不会停止处理其他日志文件。推荐此配置项默认配置。 +- notifempty表明如果日志文件为空,则不进行转储。推荐此配置项默认配置。 +- copytruncate表明在日志转储时,先将当前的日志文件复制一份,然后将日志文件清空,再将复制的文件进行压缩。这通常用于正在被系统进程使用的日志文件,确保进程可以继续写入新的日志。推荐此配置项默认配置。 +- rotate 2表明在轮转操作后保留2个旧的日志文件。一旦旧的文件数量超过2个,logrotate会自动删除旧的日志文件为新的日志文件腾出空间。可根据需求自行定义所需日志数量大小。 +- size +4096k表明当日志文件大小超过4096k时,将自动触发日志转储操作。可根据需求自行定义所需日志文件大小。 +- hourly表明日志轮转的频率是每小时。可配置项有hourly/daily/weekly/monthly等。示例中表明logrotate每小时轮转日志文件。推荐此项默认配置为hourly。 + +##### 更改插件日志轮转配置 +对新增插件: +1. 可更改`/etc/logrotate.d/sysSentry`已有的配置项内容(注:此举会更改所有`/var/log/sysSentry/`目录下以.log结尾的日志文件配置). +2. 若想对`/var/log/sysSentry/`目录下不同的日志文件设置不同配置,可在`/etc/logrotate.d/sysSentry`对每一个日志文件进行单独配置,如下所示: + ```shell + /var/log/sysSentry/`[日志名一]`.log{ + # 所需配置项等 + } + /var/log/sysSentry/`[日志名二]`.log{ + # 所需配置项等 + } + ``` +请不要对同一日志,设置不同配置。如下例所示: +```shell +# A BAD EXAMPLE +/var/log/sysSentry/*.log{ + compress +} +/var/log/sysSentry/example.log{ + nocompress +} +``` +在该示例中,*为通配符,表示所有`/var/log/sysSentry/`目录下以.log结尾的日志文件,已经包含了example.log,设置为轮转日志需要压缩;但配置文件中又单独设置example.log不需要压缩。该做法可能会造成预期之外的行为。 + +如果手动修改了/etc/logrotate.d/sysSentry文件,可通过logrotate -f /etc/logrotate.d/sysSentry手动触发日志轮转。 +logrotate的其他使用方法请参考 +### 结果上报 + +用户可通过sysSentry提供的接口将插件巡检结果上报给sysSentry服务,并通过get_result命令查看结果: + +```shell +[root@openEuler ~]# sentryctl get_result <插件名> +``` + +提供python与c两种语言的对外接口。 + +#### 结果上报使用限制 + +1. 结果上报接口应在巡检插件运行结束前被调用。 +2. 巡检插件的一个生命中期内仅应上报一次巡检结果。 +3. 巡检插件运行成功或失败均应该上报巡检结果。 + +#### python巡检结果上报接口 + +**结构体** ResultLevel + +```python +class ResultLevel(Enum): + """result level for report_result""" + PASS = 0 # 巡检任务正常运行结束,无异常 + FAIL = 1 # 因缺少依赖、环境不支持等原因跳过/未执行巡检任务 + SKIP = 2 # 因执行命令错误等原因,巡检任务执行失败 + MINOR_ALM = 3 # 巡检任务结束,存在系统存在异常,并且已经尝试自动隔离等方式完成修复 + MAJOR_ALM = 4 # 巡检任务结束,系统存在异常,需要通过重启等方式修复 + CRITICAL_ALM = 5 # 巡检任务结束,致命告警,系统或硬件存在无法修复问题,建议更换 +``` + +**接口** 结果上报 + +| 接口 | int report_result(task_name: str, result_level : ResultLevel, report_data : str) -> int | +| ------ | ------------------------------------------------------------ | +| 描述 | 用于模块工具向sysSentry上报巡检结果 | +| 参数 | task_name -- 巡检任务名称
    result_level -- 巡检结果异常等级,可选参数请参考ResultLevel结构体
    report_data -- 巡检结果详细信息,应为json格式转换而成的字符串 | +| 返回值 | 正常:0,异常:非0 | + +示例: + +```python +[root@openEuler ~]# python3 +Python 3.7.9 (default, Dec 11 2023, 19:40:40) +[GCC 7.3.0] on linux +Type "help", "copyright", "credits" or "license" for more information. +>>> import json +>>> from syssentry.result import ResultLevel, report_result +>>> report_result("test", ResultLevel.PASS, json.dumps({})) +0 +``` + +#### c巡检结果上报接口 + +需要安装libxlaram软件包: + +```shell +[root@openEuler ~]# yum install -y libxlaram +``` +开发环境还需要安装libxalarm-devel包(构建依赖,非运行依赖): +```shell +[root@openEuler ~]# yum install -y libxalam-devel +``` + +**结构体** RESULT_LEVEL + + +```c +enum RESULT_LEVEL { + RESULT_LEVEL_PASS = 0, // 巡检任务正常运行结束,无异常 + RESULT_LEVEL_FAIL = 1, // 因缺少依赖、环境不支持等原因跳过/未执行巡检任务 + RESULT_LEVEL_SKIP = 2, // 因执行命令错误等原因,巡检任务执行失败 + RESULT_LEVEL_MINOR_ALM = 3, // 巡检任务结束,存在系统存在异常,并且已经尝试自动隔离等方式完成修复 + RESULT_LEVEL_MAJOR_ALM = 4, // 巡检任务结束,系统存在异常,需要通过重启等方式修复 + RESULT_LEVEL_CRITICAL_ALM = 5, // 巡检任务结束,致命告警,系统或硬件存在无法修复问题,建议更换 +}; +``` + +接口:结果上报 + +| 接口 | int report_result(const char *task_name, enum RESULT_LEVEL result_level, const char *report_data); | +| ------ | ------------------------------------------------------------ | +| 描述 | 用于模块工具向sysSentry上报巡检结果 | +| 参数 | task_name:巡检任务名称
    result_level:巡检结果异常等级,可选参数请参考RESULT_LEVEL结构体
    report_data:巡检结果详细信息,应为json格式转换而成的字符串 | +| 返回值 | 正常:0,异常:非0 | + +示例: + +```shell +[root@openEuler ~]# cat report_res.c +#include +#include +#include +#include +#include + +int main(int argc, char *argv[]) { + enum RESULT_LEVEL result_lv = 0; + result_lv = RESULT_LEVEL_PASS; + details = "{\"a\": 1, \"b\": 2}"; + int res = report_result(task_name, result_lv, details); + if (res == -1) { + printf("failed send result to sysSentry\n"); + } + + return 0; +} +[root@openEuler ~]# gcc report_res.c -o report_res -lxalarm +``` + +## 对接sentryCollector采集服务 + +sysSentry软件中包含用来做数据采集的服务:sentryCollector,用户可通过sentryCollector服务定期采集系统数据。 + +### 采集使用限制 + +1. 当前仅支持对系统io数据进行采集,并提供ebpf采集和内核无锁采集两种方案; +2. 仅支持对nvme ssd(nvme固态硬盘)、sata ssd(sata固态硬盘)、sata hdd(sata机械硬盘)三种磁盘的数据进行采集; +3. sentryCollector的io数据采集默认使用ebpf采集,如需使用内核无锁采集,请参考[常见问题解决方法 - Q1](./常见问题与解决方法.md#问题1如何使用内核无锁采集方案进行数据采集)进行部署。 + +### io数据采集 + +sentryCollector支持按周期采集指定磁盘的数据,并提供两种采集方式: + +- 内核无锁采集 -- 由内核进行数据采集,并将采集结果上报给用户态读取,需要重编内核实现。 +- ebpf采集 -- 通过使用ebpf向内核打点的方式进行采集,无需重编内核。 + +#### 内核无锁采集和ebpf采集的差异 + +内存无锁采集和ebpf采集在以下几个方面存在区别: +1. 支持采集的阶段不同 +将一个io从发生到结束分成多个不同的阶段,以下是两种采集方式支持的阶段类型: + +| 阶段 | bio | rq_driver | throtl | wbt | gettag | plug | deadline | bpf | requeue | hctx | +| ------------ | ------ | --------- | -------- | ------ | ------ | -------- | -------- | -------- | -------- | -------- | +| 内核无锁采集 | 支持 | 支持 | 支持 | 支持 | 支持 | 支持 | 支持 | 支持 | 支持 | 支持 | +| ebpf采集 | 支持 | 支持 | 不支持 | 支持 | 支持 | 不支持 | 不支持 | 不支持 | 不支持 | 不支持 | + +2. 支持采集的IO类型不同 + +| IO类型 | 内核无锁采集 | ebpf采集 | 数据含义 | +| ------- | ------------ | -------- | ---------- | +| read | 支持 | 支持 | 读IO | +| write | 支持 | 支持 | 写IO | +| flush | 支持 | 不支持 | flush IO | +| discard | 支持 | 不支持 | discard IO | + +除以上两个差异之外,内核无锁采集和ebpf采集方案可采的数据类型、支持系统等数据均相同: +1. 两种采集方案均支持4.19内核,x86_64和aarch64架构。 +2. 两种采集方案均支持采集nvme ssd(nvme固态硬盘)、sata ssd(sata固态硬盘)和sata hdd(sata机械硬盘)三种盘的数据。 +3. 两种采集方案均支持对latency、iodump、iolength、iops数据的采集: + - latency -- 指定周期内的时延数据; + - iodump -- 指定周期内超时未完成的io数量,如io运行超过1秒未完成即为超时; + - iolength -- io队列长度 + - iops -- 每秒内完成的io数量 + +#### 对外接口 + +当前仅提供python语言的接口,需要用户安装pysentry_collect软件包: + +```shell +[root@openEuler ~]# yum install -y pysentry_collect + +``` + +**接口一** 查看磁盘类型 + +| 接口 | get_disk_type(disk) | +| ------ | ------------------------------------------------------------ | +| 描述 | 从采集模块中查询磁盘类型 | +| 参数 | disk – 磁盘名,例:sda,必选参数 | +| 限制 | 磁盘名不超过32个字符 | +| 返回值 | 返回值格式为:{"ret": value1, "message":value2}
    value1取值为0或者其他正整数,0表示成功,其他非零表示失败;
    message是个字符串,表示表示磁盘类型,字符串类型,如果ret为非零,则message为空字符串,当前支持的message对应磁盘类型如下:
    "message": "0" -- nvme_ssd
    "message": "1" -- sata_ssd
    "message": "2" -- sata_hdd
    返回值示例:
    \- 磁盘类型不支持:{"ret": 8, "message": ""} # ret结果非0
    - 函数执行成功:{"ret": 0, "message": "1"} # 磁盘为sata ssd类型 | + +示例: + +```shell +[root@openEuler ~]# python3 +Python 3.7.9 (default, Dec 11 2023, 19:40:40) +[GCC 7.3.0] on linux +Type "help", "copyright", "credits" or "license" for more information. +>>> from sentryCollector.collect_plugin import get_disk_type, Disk_Type +>>> res = get_disk_type("sda") +>>> res +{'ret': 0, 'message': '1'} +>>> curr_disk_type = int(res['message']) +>>> curr_disk_type +1 +>>> Disk_Type[curr_disk_type] +'sata_ssd' +``` + +**接口二** 查询采集是否合法 + +| 接口 | is_iocollect_valid(period, disk_list=None, stage=None) | +| ------ | ------------------------------------------------------------ | +| 描述 | 确认是否在采集范围内,确认周期是否合法 | +| 参数 | period – 用户采集周期,整形,单位秒,必选参数
    disk_list – 磁盘列表,默认为None,代表关注所有磁盘,可选参数。可传入自定义列表,例:["sda", "sdb", "sdv"]
    stage – 采集阶段,默认为None,代表关注所有采集阶段,可选参数。可传入自定义阶段列表,例:["wbt", "bio"] | +| 限制 | 1. 采集周期取值在1到300之间
    2. 磁盘列表磁盘个数不超过10个,如果超过10个,默认取前10个,磁盘列表种的磁盘名不超过32个字符
    3. 采集阶段个数不超过15个,阶段名字符不超过20个字符 | +| 返回值 | 返回值格式为:{"ret": value1, "message":value2}
    value1取值为0或者其他正整数,0表示成功,其他非零表示失败
    message是个字符串,表示有效的磁盘和该磁盘对应的stage,字符串类型,如果字符串为空说明全都不支持,格式如下:
    {"disk_name1": ["stage1", "stage2"], "disk_name2": ["stage1", "stage2"], ...}
    返回值示例:
    - 验证失败:{"ret": 1, "message": {}} # ret结果非0
    - 验证成功,所有盘均不支持采集:{"ret": 0, "message": {}}
    - 部分盘不支持(message中返回支持的盘和对应的阶段):{"ret": 0, "message": {"sda": ["bio", "gettag"], "sdb": ["bio", "gettag"]}} | + +示例: + +```shell +[root@openEuler ~]# python3 +Python 3.7.9 (default, Dec 11 2023, 19:40:40) +[GCC 7.3.0] on linux +Type "help", "copyright", "credits" or "license" for more information. +>>> from sentryCollector.collect_plugin import is_iocollect_valid +>>> is_iocollect_valid(1, ["sda"]) +{'ret': 0, 'message': '{"sda": ["throtl", "wbt", "gettag", "plug", "deadline", "hctx", "requeue", "rq_driver", "bio"]}'} +``` + +**接口三** 查询指定数据 + +| 接口 | get_io_data(period, disk_list, stage, iotype) | +| ------ | ------------------------------------------------------------ | +| 功能 | 确认是否在采集范围内,确认周期是否合法 | +| 参数 | period – 用户采集周期,整形,单位秒,必选参数
    disk_list -- 磁盘列表,必选参数,例:["sda", "sdb", "sdv"]
    stage – 读取的阶段,必选参数,例:["bio", "gettag", "wbt"]。
    iotype – IO类型,列表中对应要获取的IO数据类型,仅支持read/write/flush/discard,必选参数,例:["read", "write"] | +| 限制 | 1. 采集周期取值在1到300之间,并且为period_time值的整数倍,且倍数不超过max_save(两个数值请参考/etc/sysSentry/sentryCollector.conf)
    2. 磁盘列表磁盘个数不超过10个,如果超过10个,默认取前10个,磁盘列表种的磁盘名不超过32个字符
    3. 采集阶段个数不超过15个,阶段名字符不超过20个字符
    4. IO类型个数不超过4个,字符长度不超过7个(最长的长度是discard) | +| 返回值 | 返回值格式为:{"ret": value1, "message":value2}
    value1取值为0或者其他正整数,0表示成功,其他非零表示失败
    message是个字符串,表示采集模块处理过的当前周期数据,字符串类型,格式如下:
    "{"disk_name1": {"stage1": {"read": [latency, iodump, iolength, iops],"write": [write_latency, write_iodump, iolength, iops]},"stage2": {…}},…}"
    返回值示例:
    - 获取数据失败:{"ret": 1, "message": {}} # ret结果非0
    - 获取数据成功:{"ret": 0, "message": "{"sda": {"bio": {"read": [0.1, 0, 100, 19], "write": [0.5, 3, 100, 12]}, "wbt": {}}, "sdb"…}"}
    其中[0.5, 3, 100, 12]对应[时延ns,iodumps数量,io队列长度,iops] | + +示例: + +```shell +[root@openEuler ~]# python3 +Python 3.7.9 (default, Dec 11 2023, 19:40:40) +[GCC 7.3.0] on linux +Type "help", "copyright", "credits" or "license" for more information. +>>> from sentryCollector.collect_plugin import get_io_data +>>> get_io_data(1, ["sda"], ["bio"], ["read"]) +{'ret': 0, 'message': '{"sda": {"bio": {"read": [0, 0, 0, 0]}}}'} +``` \ No newline at end of file diff --git "a/docs/zh/docs/sysSentry/\345\256\211\350\243\205\345\222\214\344\275\277\347\224\250.md" "b/docs/zh/docs/sysSentry/\345\256\211\350\243\205\345\222\214\344\275\277\347\224\250.md" new file mode 100644 index 0000000000000000000000000000000000000000..e5f36d49d84fc95ca49be8abac5250823d8a61ec --- /dev/null +++ "b/docs/zh/docs/sysSentry/\345\256\211\350\243\205\345\222\214\344\275\277\347\224\250.md" @@ -0,0 +1,692 @@ +# sysSentry软件安装与使用 + +## 安装sysSentry巡检框架 + +### 环境准备 + +- 安装openEuler-20.03-LTS-SP4系统,安装方法参考 《[安装指南](https://docs.openeuler.org/zh/docs/20.03_LTS_SP4/docs/Installation/installation.html)》。 +- 安装sysSentry需要使用root权限。 + +### 安装操作 + +1. 配置yum源 + + 在/etc/yum.repos.d/创建新的repo文件(eg. /etc/yum.repos.d/openEuler.repo),文件内容如下: + + ```shell + [root@openEuler ~]# cat /etc/yum.repos.d/openEuler.repo + [osrepo] + name=osrepo + baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/ + enabled=1 + gpgcheck=0 + + [everything] + name=everything + baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/ + enabled=1 + gpgcheck=0 + + [update] + name=update + baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP4/update/$basearch/ + enabled=1 + gpgcheck=0 + + [source] + name=update + baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP4/source/ + enabled=1 + gpgcheck=0 + ``` + +2. 安装sysSentry + + ```shell + [root@openEuler ~]# yum install -y sysSentry pyxalarm + ``` + +## 启动sysSentry巡检框架 + +sysSentry巡检框架提供三个相互独立的服务: + +1. xalarmd服务,用于汇总巡检插件的告警信息,并向已注册告警的用户转发告警信息。 +2. sentryCollector服务,用于周期性采集系统数据并提供给巡检插件。 +3. sysSentry服务,用于管理巡检插件的服务。 + +三个服务均由systemd进行控制,用户在启动sysSentry时可仅启动需要的系统服务即可。 + +### 启动xalarmd服务 + +#### 适用场景 + +1. 当巡检插件使用libxalarm或pyxalarm软件提供的接口,进行告警上报时,需要启动xalarmd服务; +2. 如需使用以下sysSentry提供的插件,请启动xalarmd服务: + - 平均阈值慢io检测插件 -- avg_block_io + - AI阈值慢io检测插件 -- ai_block_io + +#### xalarmd服务配置介绍 + +xalarmd服务配置的路径位于`/etc/sysSentry/xalarm.conf`,以下为配置参数: + +| 配置段 | 配置项 | 配置项说明 | 默认值 | 必选 | +| -------- | ------- | ------------------------------------------------------------ | --------- | ---- | +| [filter] | id_mask | 需要上报的告警类型id,不同id使用","分割,也可以用"-"连接连续的告警范围 | 1001-1128 | Y | +| [log] | level | 日志打印等级,分为debug/info/warning/error/critical五级 | info | Y | + +用户可自行调整参数配置,或直接采用默认配置,默认配置内容如下: + +```ini +[filter] +id_mask = 1001-1128 + +[log] +level=info +``` + +#### 启动方式 + +```shell +[root@openEuler ~]# systemctl start xalarmd +``` + +启动后可查询运行状态,状态为running即为成功: + +```shell +[root@openEuler ~]# systemctl status xalarmd +``` + +#### (可选)设置开机启动 + +```shell +[root@openEuler ~]# systemctl enable xalarmd +``` + + +### 启动sentryCollector服务 + +#### 适用场景 + +1. 当巡检插件使用pysentry_collect软件提供的接口采集系统数据时,需要启动sentryCollector服务,目前sentryCollector仅支持io数据采集,默认使用ebpf采集方式,详细信息可参考《[二次开发指南](./二次开发指南.md)》; +2. 如需使用以下sysSentry提供的插件,请启动sentryCollector服务: + - 平均阈值慢io检测插件 -- avg_block_io + - AI阈值慢io检测插件 -- ai_block_io + +#### sentryCollector服务配置介绍 + +sentryCollector服务配置文件路径是`/etc/sysSentry/collector.conf`,以下为配置参数: + +| 配置段 | 配置项 | 配置项说明 | 默认值 | 必选 | +| -------- | ----------- | ------------------------------------------------------------ | ------- | ---- | +| [common] | modules | 采集哪些模块的数据,多个模块可用逗号拼接,如io、network、memory等,当前仅支持io | io | Y | +| [io] | period_time | IO数据的采集周期,整形类型,单位为秒,默认值为1,范围为1~300,仅在modules配置io时生效 | 1 | N | +| [io] | max_save | 最多保存多少组IO数据,整形类型,默认值为10,范围为1~300,仅在modules配置io时生效 | 10 | N | +| [io] | disk | 需要采集数据的磁盘名称,由逗号分隔,default表示当前环境上所有盘,仅在modules配置io时生效 | default | N | +| [log] | level | 日志打印等级,分为debug/info/warning/error/critical五级 | info | Y | + +用户可自行调整参数配置,或直接采用默认配置,默认配置内容如下: + +```ini +[common] +modules=io + +[io] +period_time=1 +max_save=10 +disk=default + +[log] +level=info +``` + +#### 启动方式 + +```shell +[root@openEuler ~]# systemctl start sentryCollector +``` + +启动后可查询运行状态,状态为running即为成功: + +```shell +[root@openEuler ~]# systemctl status sentryCollector +``` + + +#### (可选)设置开机启动 + +```shell +[root@openEuler ~]# systemctl enable sentryCollector +``` + +### 启动sysSentry服务 + +#### 适用场景 + +sysSentry服务为必须启动的服务。 + +#### sysSentry服务配置介绍 + +sysSentry服务配置的路径位于`/etc/sysSentry/inspect.conf`,以下为配置参数: + +| 配置段 | 配置项 | 配置项说明 | 默认值 | 必选 | +| --------- | -------- | ------------------------------------------------------- | ------ | ---- | +| [inspect] | Interval | 默认周期类型巡检任务间隔时间,单位秒 | 3 | Y | +| [log] | level | 日志打印等级,分为debug/info/warning/error/critical五级 | info | Y | + +用户可自行调整参数配置,或直接采用默认配置,默认配置内容如下: + +```ini +[inspect] +Interval=3 + +[log] +level=info +``` + +#### 启动方式 + +```shell +[root@openEuler ~]# systemctl start sysSentry +``` + +启动后可查询运行状态,状态为running即为成功: + +```shell +[root@openEuler ~]# systemctl status sysSentry +``` + +#### (可选)设置开机启动 + +```shell +[root@openEuler ~]# systemctl enable sysSentry +``` + + + +## 使用sysSentry巡检框架 + +sysSentry巡检框架的主要向用户提供两部分能力: + +1. 管理巡检插件 -- 通过sentryctl命令同时管理多款巡检插件的生命周期、查看告警信息等能力。 +2. 注册/订阅巡检插件告警事件 -- 通过对外接口订阅插件的告警,实时接收插件上报的告警内容。 + +### 管理巡检插件 + +#### 管理插件配置介绍 + +sysSentry可同时管理一款或多款巡检插件,每一款巡检插件都有自己的配置文件,配置文件路径为`/etc/sysSentry/tasks/[插件名].mod`,以下为配置参数: + +| 配置段 | 配置项 | 配置项说明 | 必选 | 是否支持reload指令 | +| -------- | ------------------ | ------------------------------------------------------------ | ---- | ------ | +| [common] | enabled | 插件是否使能,类型为yes/no,分别对应使能和不使能 | Y | Y | +| [common] | task_start | 插件任务拉起时执行的命令 | Y | Y | +| [common] | task_stop | 插件任务中止任务时执行的命令 | Y | Y | +| [common] | type | 插件任务类型,类型为oneshot/period,分别对应单次/周期执行 | Y | N | +| [common] | interval | 插件任务间隔,该配置仅对period类型任务有效,表示该巡检任务周期性拉起的时间间隔,单位秒 | N | Y | +| [common] | heartbeat_interval | 任务心跳检查间隔,单位秒。当框架收到该巡检任务的心跳间隔超过设定值时,框架判定巡检任务状态已失败,并停止巡检任务;不配置该字段时,框架默认关闭对该模块的心跳检查,仅配置时使能心跳检查 | N | Y | +| [common] | onstart | 是否在sysSentry服务启动时拉起该任务,值为yes/no,未配置时period任务默认启动,oneshot任务默认不启动 | N | N | +| [common] | env_file | 指定环境变量的文件路径,该文件内容应为key=value的格式,如配置该参数,在启动任务前会将该文件中的值导入环境变量 | N | N | +| [common] | conflict | 如果当前环境已存在与task_start进程同样的进程时如何处理,非必选配置参数,参数为up/down/kill:
    1. up:当前环境已存在同样的进程时,正常拉起巡检任务;配置为up与不配置conflict参数行为一致
    2. down:当前环境已存在同样的进程时,不再拉起巡检任务
    3. kill:当前环境已存在同样的进程时,先将现有进程杀死,随后拉起巡检任务 | N | N | +| [common] | alarm_id | 告警上报id,id数值为整型,未配置则无法通过get_alarm查询告警信息,范围1001~1128 | N | N | +| [common] | alarm_clear_time | 告警清理时间,单位秒,数值为整型,超时告警信息将被清除,未配置则无法通过get_alarm查询告警信息,范围0~2^31 – 1。 注:0代表每秒都清理告警,是无效值,同样无法通过get_alarm查看到有效信息 | N | N | + +示例: + +```ini +# avg_block_io插件的配置文件如下,路径/etc/sysSentry/tasks/avg_block_io.mod +[common] +enabled=yes +task_start=/usr/bin/python3 /usr/bin/avg_block_io +task_stop=pkill -f /usr/bin/avg_block_io +type=oneshot +alarm_id=1002 +alarm_clear_time=5 +``` + +#### 巡检插件管理命令 + +sysSentry提供了用于管理巡检插件的命令 -- sentryctl,可以用于启动/停止巡检插件任务、查看巡检插件运行状态、查看巡检插件上报信息等功能。 + +1. 启动指定巡检任务 + + ```shell + [root@openEuler ~]# sentryctl start + ``` + +2. 终止指定巡检任务 + + ```shell + [root@openEuler ~]# sentryctl stop + ``` + +3. 列出所有已加载的巡检任务及状态 + + ```shell + [root@openEuler ~]# sentryctl list + ``` + +4. 查询指定巡检任务的状态 + + ```shell + [root@openEuler ~]# sentryctl status + ``` + + 巡检任务共存在四种状态,每种状态的回显信息及对应介绍如下: + + | 状态 | 描述 | + | ------- | ------------------------------------------------------------ | + | RUNNING | 巡检任务正在运行 | + | WAITING | 仅period类型巡检任务可设置此状态,表示period巡检任务等待下一次被调度执行 | + | EXITED | 巡检任务尚未执行,或者oneshot类型的巡检任务执行结束处于此状态 | + | FAILED | 巡检任务未拉起成功,或者巡检任务未正常退出 | + +5. 重载指定巡检任务的配置 + + 当用户修改了巡检任务的配置文件/etc/sysSentry/tasks/.mod时,可通过以下命令重载配置文件: + + ```shell + [root@openEuler ~]# sentryctl reload + ``` + +6. 查询指定任务的告警信息 + + ```shell + [root@openEuler ~]# sentryctl get_alarm [options] + ``` + + options可选参数及释义如下: + + | 参数 | 描述 | + | -------------------------------------- | ------------------------------------------------------------ | + | -s TIME_RANGE, --time_range TIME_RANGE | 展示用户指定时间长度内的告警信息,TIME_RANGE为整形,单位秒,范围为0~2^31-1,默认值为10,即显示10秒内的告警信息 | + | -d, --detailed | 打印详细告警信息 | + + 以avg_block_io为例,输出如下: + + ```shell + [root@openEuler ~]# sentryctl get_alarm avg_block_io -s 1 -d + [ + { + "alarm_id": 1002, + "alarm_type": "ALARM_TYPE_OCCUR", + "alarm_level": "MINOR_ALM", + "timestamp": "YYYY-mm-DD HH:MM:SS", + "alarm_info": { + "driver_name": "sda", + "reason": "disk_slow", + "block_stack": "bio", + "io_type": "read", + "alarm_source": "avg_block_io", + "details": { + "latency": "gettag: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], rq_driver: [0,0,0,0,0,437.9,0,0,0,0,517,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], bio: [0,0,0,0,0,521.1,0,0,0,0,557.8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], wbt: [0,0,0,0,0,0,8.5,0,0,0,0,12.0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]", + "iodump": "gettag: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], rq_driver: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], bio: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], wbt: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]" + } + } + }, + ... + ] + ``` + + 结果中各字段介绍: + + | 字段 | 描述 | + | --- | --- | + | alarm_id | 用户上报告警的id,范围为1001~1128 | + | alarm_type | 告警的类型,共两种:
    1. ALARM_TYPE_OCCUR,告警产生
    2. ALARM_TYPE_RECOVER,故障恢复 | + | alarm_level | 告警的等级,共三级:
    1. MINOR_ALM,一般告警,系统存在异常,并且已经尝试自动隔离等方式修复
    2. MAJOR_ALM,严重告警,系统存在异常,需要通过重启等方式修复
    3. CRITICAL_ALM,致命告警,系统或硬件存在无法修复问题,建议更换 | + | timestamp | 告警上报的时间 | + | alarm_info | 告警内容详细信息,由插件自定义,不同的巡检插件上报的内容不一致,其中details信息仅在指定"-d,--detailed"字段时展示 | + + +7. 查询指定巡检任务的巡检结果 + + ```shell + [root@openEuler ~]# sentryctl get_result + ``` + + 回显信息格式为json格式,内容格式如下: + + ```ini + { + "result": "xxx", + "start_time": "YYYY-mm-DD HH:MM:SS", + "end_time": "YYYY-mm-DD HH:MM:SS", + "error_msg" : "xxx", + "details":{} # detail信息因巡检任务不同而不同,具体信息由巡检模块提供 + } + ``` + + 其中"result"和"error_msg"对应关系如下: + + | result | 对应error_msg信息 | 含义 | + | ------ | --------------- | -------- | + | PASS | "" | 巡检任务正常运行结束,无异常 | + | SKIP | "not supported.maybe some rpm package not be installed." | 因缺少依赖、环境不支持等原因跳过/未执行巡检任务 | + | FAIL | "FAILED. config may be incorrect or the command may be invalid/killed!" | 因执行命令错误等原因,巡检任务执行失败 | + | MINOR_ALM | "the command output shows that the status is 'INFO' or 'GENERAL_WARN'." | 巡检任务结束,存在系统存在异常,并且已经尝试自动隔离等方式完成修复 | + | MAJOR_ALM | "the command output shows that the status is 'WARN' or 'IMPORTANT_WARN'." | 巡检任务结束,系统存在异常,需要通过重启等方式修复 | + | CRITICAL_ALM | "the command output shows that the status is 'FAIL' or 'EMERGENCY_WARN'." | 巡检任务结束,致命告警,系统或硬件存在无法修复问题,建议更换 | + +### 订阅巡检插件告警事件 + +用户可通过创建新的进程订阅并接收告警上报内容,提供python与c两种语言的对外接口。 + +#### 使用限制 + +1. 一个进程仅可订阅一次,不支持一个进程订阅多次告警。 +2. 支持订阅的告警id范围为1001-1128,其中1001为内存巡检告警事件,1002为慢IO告警事件,其他告警id为用户自定义插件告警事件。 +3. 告警模块目前支持多用户订阅,最大支持100个进程同时订阅告警消息,其中sysSentry getalarm功能固定占用一个进程资源。 + +#### python代码注册并获取告警内容 + +需要安装pyxalarm软件包: + +```shell +[root@openEuler ~]# yum install -y pyxalarm +``` + +**结构体** 告警消息结构体定义 + +```python +class Xalarm: + def __init__(self, alarm_id, alarm_type, alarm_level, + tv_sec, tv_usec, msg1): + self._alarm_id = alarm_id # 告警id + self._alarm_type = alarm_type # 告警类型 + self._alarm_level = alarm_level # 告警级别 + self.timetamp = TimevalStu(tv_sec, tv_usec) # 时间戳 + self._msg1 = msg1 # 字符串类型,告警消息 +``` + +**接口一** 告警订阅 + +| 接口 | xalarm_register(callback:callable, id_filter: list[bool]) -> int | +| -------- | ------------------------------------------------------------ | +| 描述 | 用于接收告警的用户注册告警接收,最大支持100个用户创建连接。 | +| 参数 | callback -- callable类型,回调函数,要求回调函数必须满足def callback_func(alarm_info: Xalarm) -> None的定义;
    id_filter -- list[bool]类型,告警类型id列表,若设置id_filter[i]为True,则表明用户设置接收alarm id为1001+i的告警,id_filter长度为128;若设置id_filter[i]为False,表明用户不接收alarm id为1001+i的告警。 | +| 返回值 | 返回值为整型数字,该值为保留参数,仅做结果判断,用于取消告警、更新告警时回传。 | + +**接口二** 取消告警订阅 + +| 接口 | xalarm_unregister(client_id: int)->None | +| -------- | ----------------------------------------------------- | +| 描述 | 用于接收告警的用户取消告警订阅 | +| 参数 | client_id -- int类型,调用xalarm_register接口后的返回值 | +| 返回值 | 无 | + +**接口三** 更新告警订阅 + +| 接口 | xalarm_upgrade(id_filter:list[bool], client_id:int)->bool | +| ------ | ------------------------------------------------------------ | +| 描述 | 用于更新用户订阅的告警 | +| 参数 | id_filter -- list[bool]类型,告警类型id列表,若设置id_filter[i]为True,则表明用户设置接收alarm id为1001+i的告警,id_filter长度为128;若设置id_filter[i]为False,表明用户不接收alarm id为1001+i的告警
    client_id -- nt类型,调用xalarm_register接口后的返回值 | +| 返回值 | bool类型,若为True这表明更新订阅告警成功,否则表明更新告警订阅失败 | + +**接口四** 获取告警id信息 + +| 接口 | xalarm_getid(palarm: Xalarm) -> int | +| ------ | ------------------------------------------------------------ | +| 描述 | 用于获取指定告警的id信息 | +| 参数 | palarm -- Xalarm类类型,告警消息结构体,详情参考:结构体 告警消息结构体定义 | +| 返回值 | int类型,返回告警id,异常情况下返回值为0 | + +**接口五** 获取告警类型信息 + +| 接口 | xalarm_gettype(palarm: Xalarm) -> int | +| ------ | ------------------------------------------------------------ | +| 描述 | 用于获取指定告警的类型信息 | +| 参数 | palarm -- Xalarm类类型,告警消息结构体,详情参考:结构体 告警消息结构体定义 | +| 返回值 | 整数类型,告警类别,取值为:ALARM_TYPE_OCCUR(告警产生)和ALARM_TYPE_RECOVER(告警恢复) | + + **接口六** 获取告警等级信息 + +| 接口 | xalarm_getlevel(palarm: Xalarm) -> int | +| ------ | ------------------------------------------------------------ | +| 描述 | 用于获取指定告警的等级信息 | +| 参数 | palarm -- Xalarm类类型,告警消息结构体,详情参考:结构体 告警消息结构体定义 | +| 返回值 | 整数类型,告警级别,取值如下:
    1. 返回值为1,代表MINOR_ALM,即巡检任务结束,存在系统存在异常,并且已经尝试自动隔离等方式完成修复
    2. 返回值为2,代表MAJOR_ALM,即巡检任务结束,系统存在异常,需要通过重启等方式修复
    3. 返回值为3,代表CRITICAL_ALM,即巡检任务结束,系统存在致命告警,系统或硬件存在无法修复问题,建议更换
    4. 异常情况下返回值为0,表示获取不到告警级别 | + + **接口七** 获取告警时间信息 + +| 接口 | xalarm_gettime(palarm: Xalarm) -> int | +| ------ | ------------------------------------------------------------ | +| 描述 | 用于获取指定告警的时间信息 | +| 参数 | palarm -- Xalarm类类型,告警消息结构体,详情参考:结构体 告警消息结构体定义 | +| 返回值 | 整数类型,表示UTC时间,单位毫秒(ms),异常情况下返回0 | + + **接口八** 获取告警描述信息 + +| 接口 | xalarm_getdesc(palarm: Xalarm) -> int | +| ------ | ------------------------------------------------------------ | +| 描述 | 用于获取指定告警的描述信息 | +| 参数 | palarm -- Xalarm类类型,告警消息结构体,详情参考:结构体 告警消息结构体定义 | +| 返回值 | 字符串类型,返回当前告警消息的描述信息,异常情况下返回None | + +示例: + +```shell +[root@openEuler ~]# cat regi_xalarm.py +import sys +from xalarm.register_xalarm import ( + xalarm_register, + xalarm_unregister, + xalarm_upgrade, + xalarm_getid, + xalarm_getlevel, + xalarm_gettype, + xalarm_gettime, + xalarm_getdesc, + Xalarm, + MAX_NUM_OF_ALARM_ID) +from datetime import datetime +from time import sleep + +def milliseconds_to_formatted_date(milliseconds): + seconds = milliseconds / 1000.0 + dt_object = datetime.fromtimestamp(seconds) + formatted_date = dt_object.strftime('%Y-%m-%d %H:%M:%S') + return formatted_date + +id_filter = [True for _ in range(MAX_NUM_OF_ALARM_ID)] + +def xalarm_callback(alarm_info: Xalarm) -> None: + id_number = xalarm_getid(alarm_info) + if id_number == 0: + print("Recv unexpected alarm id 0.") + return + level = xalarm_getlevel(alarm_info) + type_number = xalarm_gettype(alarm_info) + time_msec = xalarm_gettime(alarm_info) + desc = xalarm_getdesc(alarm_info) + print(f"Recv from id: {id_number}: Level={level}, Type={type_number}, Time={milliseconds_to_formatted_date(time_msec)}, Desc={desc}") + + +if __name__ == "__main__": + client_id = xalarm_register(xalarm_callback, id_filter) + if client_id < 0: + print("connect xalarmd service error!") + sys.exit(1) + sleep(10) + xalarm_unregister(client_id) +``` + +#### c代码注册并获取告警内容 + +需要安装libxlaram软件包 + +```shell +[root@openEuler ~]# yum install -y libxlaram +``` + +开发环境还需要安装libxalarm-devel包(构建依赖,非运行依赖) + +```shell +[root@openEuler ~]# yum install -y libxalam-devel +``` + +**结构体** 告警消息结构体定义 + +```c +struct alarm_info { + unsigned short usAlarmId; + unsigned char ucAlarmLevel; + unsigned char ucAlarmType; + struct timeval AlarmTime; + char pucParas[ALARM_INFO_MAX_PARAS_LEN]; +}; +``` + +**接口一** 注册告警 + +| 接口 | int xalarm_Register(alarm_callback_func callback, struct alarm_subscription_info id_filter) | +| ------ | ------------------------------------------------------------ | +| 描述 | sysSentry告警转发子系统xalarmd告警注册接口 | +| 参数 | callback -- 用户自定义的告警信息处理函数回调
    id_filter -- 用户需要注册接收的告警id列表
    - alarm_subscription_info.id_list:保存告警id的数组,长度为128;数组中一个元素对应用户订阅的一个告警id;支持的告警id范围为[1001, 1128],共128种
    - alarm_subscription_info.len:用户自定义需要接收的告警id个数,不超过128。len的大小需与用户填充到id_list数组的告警id个数一致。如果len小于用户实际填充id_list的元素个数,仅数组中下标为[0, len)的告警id生效 | +| 返回值 | client_id,返回值为整型数字,该值为保留参数,仅做结果判断,用于取消告警、更新告警时回传;失败时返回-1 | + +**接口二** 取消告警订阅 + +| 接口 | void xalarm_UnRegister(int client_id) | +| -------- | ------------------------------------------------ | +| 描述 | sysSentry告警转发子系统xalarmd告警取消订阅接口 | +| 参数 | client_id -- 注册订阅告警时返回的用户唯一标识 | + +**接口三** 更新告警订阅 + +| 接口 | bool xalarm_Upgrade(struct alarm_subscription_info id_filter, int client_id) | +| ------ | ------------------------------------------------------------ | +| 描述 | sysSentry告警转发子系统xalarmd告警更新接口,用于更新用户需要订阅的告警类型 | +| 参数 | id_filter -- 用户需要订阅的告警id列表,定义及用法与xalarm_Register接口中的id_filter参数一致;新的列表将覆盖刷新当前已有的告警id列表
    client_id -- 用户调用xalarm_Register注册时返回的用户标识 | +| 返回值 | 布尔型,表示本次更新订阅告警类型是否成功 | + +用户自定义callback回调函数,回调函数定义: + +```c +typedef void (*alarm_callback_func)(struct alarm_info *palarm); +``` + +下述`接口四`至`接口八`可以被回调函数触发,用于辅助用户获取告警信息。 + +**接口四** 获取告警id信息 + +| 接口 | unsigned short xalarm_getid(const struct alarm_info *palarm); | +| ------ | ------------------------------------------------------------ | +| 描述 | 获取告警id接口 | +| 参数 | alarm_info -- 请参考:结构体 告警消息结构体定义 | +| 返回值 | 告警ID,异常情况下返回值为0 | + +**接口五** 获取告警类型信息 + +| 接口 | unsigned short xalarm_gettype(const struct alarm_info *palarm); | +| ------ | ------------------------------------------------------------ | +| 描述 | 获取告警类型接口 | +| 参数 | alarm_info -- 请参考:结构体 告警消息结构体定义 | +| 返回值 | 整数类型,告警类型,取值为ALARM_TYPE_OCCUR(告警产生)和ALARM_TYPE_RECOVER(告警修复) | + +**接口六** 获取告警等级信息 + +| 接口 | unsigned short xalarm_getlevel(const struct alarm_info *palarm); | +| ------ | ------------------------------------------------------------ | +| 描述 | 获取告警级别接口。 | +| 参数 | alarm_info -- 请参考:结构体 告警消息结构体定义 | +| 返回值 | 整数类型,告警级别,取值如下:
    1. 返回值为1,代表MINOR_ALM,即巡检任务结束,存在系统存在异常,并且已经尝试自动隔离等方式完成修复
    2. 返回值为2,代表MAJOR_ALM,即巡检任务结束,系统存在异常,需要通过重启等方式修复
    3. 返回值为3,代表CRITICAL_ALM,即巡检任务结束,系统存在致命告警,系统或硬件存在无法修复问题,建议更换
    4. 异常情况下返回值为0,表示获取不到告警级别 | + +**接口七** 获取告警时间信息 + +| 接口 | long long xalarm_gettime(const struct alarm_info *palarm); | +| ------ | ------------------------------------------------------------ | +| 描述 | 获取告警时间接口 | +| 参数 | alarm_info -- 请参考:结构体 告警消息结构体定义 | +| 返回值 | long long类型的正整数,表示UTC时间,单位毫秒(ms);异常情况下返回值为0 | + +**接口八** 获取告警描述信息 + +| 接口 | char * xalarm_getdesc(const struct alarm_info *palarm); | +| ------ | ------------------------------------------------------- | +| 描述 | 获取描述信息接口 | +| 参数 | alarm_info -- 请参考:结构体 告警消息结构体定义 | +| 返回值 | 正常:字符串,最长为8191个字符;异常情况下返回值为NULL | + +示例: + +```shell +[root@openEuler ~]# cat regi_xalarm.c +#include +#include +#include +#include + +#define SLEEP_TIME 10 +#define ALARM_ID_1 1001 +#define ALARM_ID_2 1002 +#define ALARM_ID_3 1003 +#define ID_LIST_LENGTH 3 + +void RefreshOutput(void) +{ + int ret = fflush(stdout); + if (ret != 0) { + printf("failed to fflush\n"); + } +} + +void callback(struct alarm_info *param) +{ + int alarmid, alarmlevel, alarmtype; + long long alarmtime; + char *pucParas; + + alarmid = xalarm_getid(param); + alarmlevel = xalarm_getlevel(param); + alarmtype = xalarm_gettype(param); + alarmtime = xalarm_gettime(param); + pucParas = xalarm_getdesc(param); + + printf("[alarmid:%d] [alarmlevel:%d] [alarmtype:%d] [alarmtime:%lld ms] [msg:%s]\n", + alarmid, alarmlevel, alarmtype, alarmtime, pucParas); + + RefreshOutput(); +} + +int main(int argc, char **argv) +{ + int clientId; + int ret; + struct alarm_subscription_info id_filter; + + printf("demo start\n"); + + clientId = xalarm_Register(callback, id_filter); + + if (clientId < 0) { + printf("demo register failed\n"); + return -1; + } else { + printf("xalarm register success, client id is %d\n", clientId); + } + printf("demo waiting alarm\n"); + RefreshOutput(); + sleep(SLEEP_TIME); + + xalarm_UnRegister(clientId); + printf("unregister xalarm success\n"); + RefreshOutput(); + return 0; +} + +[root@openEuler ~]# gcc regi_xalarm.c -o regi_xalarm -lxalarm +``` + +## 使用巡检插件 +sysSentry目前对openEuler-20.03-LTS-SP4版本提供两个巡检插件: + +- 平均阈值慢io检测插件(avg_block_io),通过平均阈值算法实现系统慢io检测,请参考《[平均阈值慢盘检测插件](./平均阈值慢盘检测插件.md)》 +- AI阈值慢io检测插件(ai_block_io),通过AI阈值算法实现系统慢io检测,请参考《[AI阈值慢盘检测插件](./AI阈值慢盘检测插件.md)》 + +除sysSentry已提供的插件外,用户也可以使用sysSentry提供的对外接口开发新的插件,开发方法请参考《[二次开发指南](./二次开发指南.md)》 + + +## sysSentry使用限制 + +1. sysSentry主软件支持x86_64和aarch64两种架构,巡检插件支持的环境请参考具体插件的使用限制。 +2. sysSentry中含有三个后台常驻服务进程,其中sysSentry.service服务为必需启动的进程,xalarmd.service和sentryCollector.service均非必选服务,可根据巡检插件要求启动。 diff --git "a/docs/zh/docs/sysSentry/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" "b/docs/zh/docs/sysSentry/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" new file mode 100644 index 0000000000000000000000000000000000000000..3333ead43d06f517e51ad1037b0eda6deb10d022 --- /dev/null +++ "b/docs/zh/docs/sysSentry/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" @@ -0,0 +1,72 @@ +# 常见问题与解决方法 + +## **问题1:如何使用内核无锁采集方案进行数据采集?** + +内核无锁采集和ebpf采集无法同时使用,且内核无锁采集优先级高于ebpf采集,openEuler-20.03-LTS-SP4版本操作系统上运行sentryCollector服务时默认使用ebpf采集,如需要启动内核无锁采集,需通过以下方法重编内核: + +step1. 下载kernel-source包并解压 + +```shell +[root@openEuler ~]# yumdownloader kernel-source-4.19.90-2409.3.0.0294.oe2003sp4 +# 请跟据机器架构替换[$ARCH]为x86_64或aarch64 +[root@openEuler ~]# rpm2cpio kernel-source-4.19.90-2409.3.0.0294.oe2003sp4.[$ARCH].rpm |cpio -div +[root@openEuler ~]# cd usr/src/linux-4.19.90-2409.3.0.0294.oe2003sp4.[$ARCH]/ +``` + +step2. 配置&构建 + +```shell +[root@openEuler ~]# yum install -y openssl-devel bc rsync gcc gcc-c++ flex bison m4 ncurses-devel elfutils-libelf-devel + +# 搜索BLK_IO_HIERARCHY_STATS,对应的config全部打开后保存退出 +[root@openEuler ~]# make menuconfig + +修改Makefile中的EXTRAVERSION = .blk_io (这里修改会体现在最终构建出来的内核版本号上) + +# 编译 +[root@openEuler ~]# make -j 200 && make modules_install && make install +``` + +step3. 使用新内核重启 + +```shell +[root@openEuler ~]# grubby --info ALL # 查看新编的内核对应的index +[root@openEuler ~]# grubby --set-default-index N # N对应新编内核的index +[root@openEuler ~]# reboot +``` + +step4. 重新启动sysSentry相关服务 + +```shell +[root@openEuler ~]# systemctl restart xalarmd +[root@openEuler ~]# systemctl restart sysSentry +[root@openEuler ~]# systemctl restart sentryCollector +``` + +可以查看环境上是否存在以下目录,请自行替换[disk]为有效磁盘名 + +```shell +[root@openEuler ~]# ll /sys/kernel/debug/block/[disk]/blk_io_hierarchy/ +``` + +如目录存在,则此时sentryCollector服务运行的为内核无锁采集 + +## **问题2:如何区分系统上的盘是什么类型?** + +在环境中通过`lsblk -d`命令可以查看到当前环境上的所有磁盘类型及其rotate情况: +1. nvme_ssd盘:磁盘名以nvme开头且rotate为0 +2. sata_ssd盘:磁盘名以sd开头且rotate为1 +3. sata_hdd盘:磁盘名以sd开头且rotate为0 + +## **问题3:平均阈值插件/AI阈值插件运行时会对系统上的哪些数据进行分析?** +平均阈值插件/AI阈值插件会通过sentryCollector服务获取系统上指定磁盘各阶段的latency和iodump数据并进行数据分析: +- latency:io时延数据,统计周期内io完成的时间信息; +- iodump:io超时未完成数量,如果某个io超过1秒未完成,即为iodump数量加一。 + +sentryCollector采集共有ebpf采集和内核无锁采集两种方式,默认会使用ebpf采集,两种采集的区别及内核无锁采集的使用方法请参考《[二次开发指南](./二次开发指南.md)》文档 + +## **问题4:已经执行了`sentryctl start avg_block_io/ai_block_io`命令,为什么查看状态依然是EXITED?** +可能存在以下原因: + +1. sentryCollector服务未启动,可通过`systemctl status sentryCollector`查看服务是否为运行状态; +2. 配置文件字段异常,可以查看/var/log/sysSentry/avg_block_io.log(或ai_block_io.log)日志文件是否存在报错信息,并根据报错内容修改/etc/sysSentry/plugins/avg_block_io.ini(或ai_block_io.ini)文件。值得注意的是,当period_time配置与sentryCollector采集服务配置不匹配时,avg_block_io报错信息为`"Cannot get valid disk"`而非period_time异常。 \ No newline at end of file diff --git "a/docs/zh/docs/sysSentry/\345\271\263\345\235\207\351\230\210\345\200\274\346\205\242\347\233\230\346\243\200\346\265\213\346\217\222\344\273\266.md" "b/docs/zh/docs/sysSentry/\345\271\263\345\235\207\351\230\210\345\200\274\346\205\242\347\233\230\346\243\200\346\265\213\346\217\222\344\273\266.md" new file mode 100644 index 0000000000000000000000000000000000000000..72c0642a933f44ad268454674fc591a176d590dc --- /dev/null +++ "b/docs/zh/docs/sysSentry/\345\271\263\345\235\207\351\230\210\345\200\274\346\205\242\347\233\230\346\243\200\346\265\213\346\217\222\344\273\266.md" @@ -0,0 +1,163 @@ +# 平均阈值慢盘检测插件 + +用户可通过平均阈值慢盘检测插件进行慢盘故障检测,当巡检插件检测到系统存在慢盘时,会将结果上报给xalarmd服务,用户可通过注册告警或get_alarm命令的方式查看告警结果(注册告警和get_alarm命令可参考《[安装和使用](./安装和使用.md)》。 + +## 使用限制 + +1. 平均阈值慢盘检测插件可检出以下四种情况的慢盘: + - 压力大导致的慢盘,上报告警日志中含有关键字"IO press"; + - 盘故障导致的慢盘,上报告警日志中含有关键字"driver slow"; + - IO栈异常导致的慢盘,上报告警日志中含有关键字"kernel slow"; + - 未知故障导致的慢盘,上报告警日志中含有关键字"unknown". +2. 平均阈值慢盘检测插件运行时占用系统性能(cpu利用率、内存使用率、io吞吐等)不超过整个运行环境的5%。 +3. 平均阈值慢盘检测插件的检出率为80%+,准确率为80%+。 +4. 仅支持openEuler-20.03-LTS-SP4版本,并使用4.19.90内核。 +5. 仅支持对nvme-ssd、sata-ssd、sata-hdd盘进行慢盘检测,区分盘的方法请参考[常见问题与解决方法 - Q2](./常见问题与解决方法.md#问题2如何区分系统上的盘是什么类型)。 +6. 启动平均阈值巡检前,请确认sysSentry、xalarmd、sentryCollector服务均处于运行状态。 + +## 安装插件 + +### 前置条件 + +已安装sysSentry巡检插件,sentryCollector采集服务已配置io相关采集项(请参考《[安装和使用](./安装和使用.md)》进行配置)。 + +### 安装软件包 + +```shell +[root@openEuler ~]# yum install -y avg_block_io pysentry_notify pysentry_collect +``` + +### 将avg_block_io加入框架管理 + +```shell +[root@openEuler ~]# sentryctl reload avg_block_io +``` + +## 配置文件说明 + +avg_block_io插件配置文件路径为/etc/sysSentry/plugins/avg_block_io.ini,对该文件修改会在下一次启动巡检任务时生效。 + +| 配置段 | 配置项 | 配置项说明 | 默认值 | 必选项 | +| -------------------- | ---------------- | ------------------------------------------------------------ | ---------- | ------ | +| [log] | level | 记录日志的等级,可配置范围是debug/info/warning/error/critical,未配置或值异常时使用默认参数 | info | Y | +| [common] | disk | 磁盘名称,由逗号分隔,default表示当前环境上所有盘,配置异常时仅保留正确字段 | default | Y | +| [common] | stage | 监控阶段,由逗号分隔,目前已支持throtl/wbt/gettag/plug/deadline/hctx/requeue/rq_driver/bio九个阶段,根据盘种类不同提供的stage可能有不同,配置default表示盘支持的所有阶段,未配置时使用默认配置,配置异常时报错退出;注:用户自行配置时,必须包含bio阶段 | default | Y | +| [common] | iotype | io类别,由逗号分隔,共支持两种场景:read、write,未配置时使用默认配置,配置异常时报错退出 | read,write | Y | +| [common] | period_time | 插件的巡检周期,整形类型,单位为秒,数值应为sentryCollector采集周期的整数倍,且倍数不超过sentryCollector的max_save(请参考sentryCollector配置文件) | 1 | Y | +| [algorithm] | win_size | 平均阈值算法窗口长度,整形类型,该字段值越大,算法统计结果越稳定。范围为win_threshold~300,未配置时使用默认配置,配置异常时报错退出 | 30 | Y | +| [algorithm] | win_threshold | 平均阈值算法超阈值数量,整形类型,该字段值越小,算法上报异常速度越快,误报越高。范围为1~win_size,未配置时使用默认配置,配置异常时报错退出 | 6 | Y | +| [latency_] | read_avg_lim | 读时延平均值上限,单位us,代表窗口中读IO平均时延限制,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | - | Y | +| [latency_] | write_avg_lim | 写时延平均值上限,单位us,代表窗口中写IO平均时延限制,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | - | Y | +| [latency_] | read_avg_time | 读时延倍数,整形类型,代表读时延数据超过read_avg_lim数据多少倍时,记为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | - | Y | +| [latency_] | write_avg_time | 写时延倍数,整形类型,代表写时延数据超过write_avg_lim数据多少倍时,记为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | - | Y | +| [latency_] | read_tot_lim | 读时延绝对上限,单位us,读时延超过此数据即为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | - | Y | +| [latency_] | write_tot_lim | 写时延绝对上限,单位us,写时延超过此数据即为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | - | Y | +| [iodump] | read_iodump_lim | 读iodump绝对上限,整形类型,读iodump数量超过此数据即为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | 0 | Y | +| [iodump] | write_iodump_lim | 写iodump绝对上限,整形类型,写iodump数量超过此数据即为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | 0 | Y | +| [\_] | read_avg_lim | 指定stage阶段的读时延平均值上限,单位us,代表窗口中读IO平均时延限制,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | - | N | +| [\_] | read_tot_lim | 指定stage阶段的读时延绝对上限,单位us,读时延超过此数据即为异常数据,数值越大,算法漏报率越高,未配置时使用默认配置,配置异常时报错退出 | - | N | + +>![](figures/icon-note.gif)**说明:** +>1. latency_、iodump、\_配置段的所有参数调整均会影响算法的准确性,且优劣并存:若数值越大,算法漏报率越高,则数值越小,算法误报率越高。需要根据经验进行取舍。 +>2. 为磁盘类型,目前仅支持三类:sata_ssd、nvme_ssd、sata_hdd。 +>3. \\_中的stage可以为common.stage参数支持的任意阶段,该部分为可选配置,如果配置后,在进行到对应阶段的故障检测时将使用该部分的参数,而不是latency_或iodump中的参数。 + +## 使用平均阈值慢盘检测插件 + +1. 启动巡检 + + ```shell + [root@openEuler ~]# sentryctl start avg_block_io + ``` + +2. 查看巡检插件状态 + + ```shell + [root@openEuler ~]# sentryctl status avg_block_io + ``` + + 状态为RUNNING即为运行中,状态为EXITED为退出 + +3. 查看告警信息 + + ```shell + [root@openEuler ~]# sentryctl get_alarm avg_block_io -s 1 -d + ``` + + 示例: + ```shell + [ + { + "alarm_id": 1002, + "alarm_type": "ALARM_TYPE_OCCUR", + "alarm_level": "MINOR_ALM", + "timestamp": "2024-10-23 11:56:51", + "alarm_info": { + "alarm_source": "avg_block_io", + "driver_name": "sda", + "io_type": "write", + "reason": "IO press", + "block_stack": "bio,wbt", + "alarm_type": "latency", + "details": { + "latency": "gettag: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], rq_driver: [0,0,0,0,0,437.9,0,0,0,0,517,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], bio: [0,0,0,0,0,521.1,0,0,0,0,557.8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], wbt: [0,0,0,0,0,0,8.5,0,0,0,0,12.0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]", + "iodump": "gettag: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], rq_driver: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], bio: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], wbt: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]" + } + } + } + ] + ``` + 输出结果中各字段介绍: + + | 字段 | 描述 | + | --- | --- | + | alarm_id | 用户上报告警的id,平均阈值慢盘检测插件的告警id固定为1002 | + | alarm_type | 告警的类型,平均阈值慢盘检测插件的告警类型为ALARM_TYPE_OCCUR,代表告警产生 | + | alarm_level | 告警的等级,平均阈值慢盘检测插件的告警等级为MINOR_ALM,代表系统存在异常,并且已经尝试自动隔离等方式修复 | + | timestamp | 告警上报的时间 | + | alarm_info | 告警内容详细信息,由平均阈值慢盘检测插件的自定义内容,不同的巡检插件上报的内容不一致 | + + alarm_info中各字段解释如下: + | alarm_info中字段 | 描述 | + | --- | --- | + | alarm_source | 告警插件名称,平均阈值慢盘检测插件的固定值为avg_block_io | + | driver_name | 告警磁盘名称,如sda | + | io_type | 告警io类型,可能存在两种告警:
    1. read:读io慢盘故障告警
    2. write:写io慢盘故障告警 | + | reason | 告警原因,平均阈值慢盘检测插件可能存在以下四种不同告警原因:
    1. IO press,压力大导致的慢盘告警;
    2. driver slow,盘故障导致的慢盘告警;
    3. kernel slow,IO栈异常导致的慢盘告警;
    4. unknown,未知故障导致的慢盘告警; | + | block_stack | 慢io出现异常的阶段,可能出现的阶段为bio/throtl/wbt/bfq/rq_driver/gettag/plug/deadline/hctx/requeue共九个阶段的组合,九个阶段的详细介绍可参考[《二次开发指南》 - 插件事件告警上报](./二次开发指南.md#插件事件告警上报) | + | details | 告警日志内记录的信息,仅在get_alarm执行包含"-d/--detailed"选项时展示,内容为上报异常磁盘的latency(io时延数据)和iodump(io超时未完成数量)的信息 | + +4. 停止巡检 + + ```shell + sentryctl stop avg_block_io + ``` + +5. 查看巡检结果信息 + 在巡检运行结束后可通过以下命令查看巡检结果: + + ```shell + sentryctl get_result avg_block_io + ``` + + 回显信息格式为json格式,内容格式如下: + + ```ini + { + "result": "PASS", + "start_time": "YYYY-mm-DD HH:MM:SS", + "end_time": "YYYY-mm-DD HH:MM:SS", + "error_msg" : "", + "details":{} # 平均阈值算法中detail信息为空 + } + ``` + 其中"result"和"error_msg"对应关系如下: + + | result | 对应error_msg信息 | 含义 | + | ------ | --------------- | -------- | + | PASS | "" | 巡检任务正常运行结束,无异常 | + | SKIP | "not supported.maybe some rpm package not be installed." | 因缺少依赖、环境不支持等原因跳过/未执行巡检任务 | + | FAIL | "FAILED. config may be incorrect or the command may be invalid/killed!" | 因执行命令错误等原因,巡检任务执行失败 | + | MINOR_ALM | "the command output shows that the status is 'INFO' or 'GENERAL_WARN'." | 巡检任务结束,存在系统存在异常,并且已经尝试自动隔离等方式完成修复 | + | MAJOR_ALM | "the command output shows that the status is 'WARN' or 'IMPORTANT_WARN'." | 巡检任务结束,系统存在异常,需要通过重启等方式修复 | + | CRITICAL_ALM | "the command output shows that the status is 'FAIL' or 'EMERGENCY_WARN'." | 巡检任务结束,致命告警,系统或硬件存在无法修复问题,建议更换 | diff --git a/docs/zh/docs/thirdparty_migration/bisheng.md b/docs/zh/docs/thirdparty_migration/bisheng.md new file mode 100644 index 0000000000000000000000000000000000000000..9e1c3788a1e66c55b26993f1f426f51ef58b6685 --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/bisheng.md @@ -0,0 +1,53 @@ +# 毕昇编译器 安装说明 + +## 毕昇编译器简介 + +毕昇编译器是华为编译器实验室针对鲲鹏等通用处理器架构场景,打造的一款高性能、高可信及易扩展的编译器工具链,增强和引入了多种编译优化技术,支持C/C++/Fortran等编程语言。 + +毕昇编译器已经融入openEuler源,在openEuler操作系统中,可以使用yum源方式安装毕昇编译器;在非openEuler操作系统中,可以通过软件包方式安装毕昇编译器。 + +进入[毕昇编译器产品页](https://www.hikunpeng.com/developer/devkit/compiler/bisheng)获取毕昇编译器详细资源,包括[软件包下载](https://mirrors.huaweicloud.com/kunpeng/archive/compiler/bisheng_compiler/)、[产品文档](https://support.huaweicloud.com/usermanual-hce/hce_02_0051.html)、[在线课程](https://education.huaweicloud.com/courses/course-v1:HuaweiX+CBUCNXK068+Self-paced/about)、[沙箱实验](https://lab.huaweicloud.com/testdetail_497)、[毕昇论坛](https://bbs.huaweicloud.com/forum/forum-1422-1.html)等。 + +## yum源安装方式 + +以下操作均使用root用户执行。 + +1. 在/etc/yum.repos.d/目录下增加配置文件bisheng-compiler.repo,运行如下命令: + + ```shell + cat > /etc/yum.repos.d/bisheng-compiler.repo << EOF + [bisheng-compiler] + name=bisheng-compiler + baseurl=https://repo.oepkgs.net/bisheng/aarch64/ + enabled=1 + gpgcheck=0 + priority=100 + EOF + ``` + +2. 从yum源下载和安装毕昇编译器rpm包 + + ```shell + yum update + yum install bisheng-compiler + ``` + +3. (可选)清空当前窗口的hash表 + + 如果系统中有其他版本的 LLVM 编译器,请在安装毕昇编译器之后立即运行如下命令 + + ```shell + hash -r + ``` + + 防止clang命令被hash捕获,出现毕昇编译器或开源LLVM编译器无法使用的问题。 + +4. 验证安装是否成功 + + 安装完毕后执行如下命令验证毕昇编译器版本: + + ```shell + clang -v + ``` + + 若返回结果已包含bisheng compiler版本信息,说明安装成功。 \ No newline at end of file diff --git a/docs/zh/docs/thirdparty_migration/figures/.keep b/docs/zh/docs/thirdparty_migration/figures/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/zh/docs/thirdparty_migration/figures/calicotag.png b/docs/zh/docs/thirdparty_migration/figures/calicotag.png new file mode 100644 index 0000000000000000000000000000000000000000..3563a3e692ca223d5f13f1d16338ca5cfaac79a5 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/calicotag.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/clusteradd.png b/docs/zh/docs/thirdparty_migration/figures/clusteradd.png new file mode 100644 index 0000000000000000000000000000000000000000..b25de17014deb022c1bc9ab18246c0b51bdff942 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/clusteradd.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/configmaster.png b/docs/zh/docs/thirdparty_migration/figures/configmaster.png new file mode 100644 index 0000000000000000000000000000000000000000..f545b04d33e4e4e823c213cf997c44ec0c548b8b Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/configmaster.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/createuser.png b/docs/zh/docs/thirdparty_migration/figures/createuser.png new file mode 100644 index 0000000000000000000000000000000000000000..9964a86c0cf16073fc790dd5fae724883b612368 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/createuser.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/downloaddocker.png b/docs/zh/docs/thirdparty_migration/figures/downloaddocker.png new file mode 100644 index 0000000000000000000000000000000000000000..2e86a5b102c3641f753bfd367e215b1146901e53 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/downloaddocker.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/extend1.png b/docs/zh/docs/thirdparty_migration/figures/extend1.png new file mode 100644 index 0000000000000000000000000000000000000000..8bdd8e0b1ef60145ea16be676e2f70b9068804fb Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/extend1.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/faq1.png b/docs/zh/docs/thirdparty_migration/figures/faq1.png new file mode 100644 index 0000000000000000000000000000000000000000..6856b9d37975bf518c2aeb144d6bc54ec1a29bec Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/faq1.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env1.png b/docs/zh/docs/thirdparty_migration/figures/host_env1.png new file mode 100644 index 0000000000000000000000000000000000000000..60754da6d76bc817f6dbb05b30ac1749798f584b Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env1.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env10.png b/docs/zh/docs/thirdparty_migration/figures/host_env10.png new file mode 100644 index 0000000000000000000000000000000000000000..16705810949ee42054d345628599dd0fde26504e Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env10.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env11.png b/docs/zh/docs/thirdparty_migration/figures/host_env11.png new file mode 100644 index 0000000000000000000000000000000000000000..16c9a0d4bed1cfff308c9f8f5e93e98f8ba2c72c Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env11.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env5.png b/docs/zh/docs/thirdparty_migration/figures/host_env5.png new file mode 100644 index 0000000000000000000000000000000000000000..deddc3d6af1687939d274c80307d3e2c0ee7bd6c Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env5.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env6.png b/docs/zh/docs/thirdparty_migration/figures/host_env6.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7ca24a78979fe3346eb37793152cceaaee7145 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env6.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env7.png b/docs/zh/docs/thirdparty_migration/figures/host_env7.png new file mode 100644 index 0000000000000000000000000000000000000000..03370058ff0a6e237f291b543195392efcc05f5d Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env7.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env8.png b/docs/zh/docs/thirdparty_migration/figures/host_env8.png new file mode 100644 index 0000000000000000000000000000000000000000..400c79d9ab48fe0e6f91edc83ffb18082263fa71 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env8.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env9.png b/docs/zh/docs/thirdparty_migration/figures/host_env9.png new file mode 100644 index 0000000000000000000000000000000000000000..aa848dfd00347b2e6d3385d6bcb372c49dc0928e Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env9.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/install1.png b/docs/zh/docs/thirdparty_migration/figures/install1.png new file mode 100644 index 0000000000000000000000000000000000000000..a01325bb62e2e2f874d6110df8a19dea197b69e7 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/install1.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/installarm.png b/docs/zh/docs/thirdparty_migration/figures/installarm.png new file mode 100644 index 0000000000000000000000000000000000000000..d400c62147abe8c5c2b7f35e317e757d8aa85f97 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/installarm.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/installx86.png b/docs/zh/docs/thirdparty_migration/figures/installx86.png new file mode 100644 index 0000000000000000000000000000000000000000..3547bcf70e1b17574006e80be3578daf88344ff0 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/installx86.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/modify_timeout_value.png b/docs/zh/docs/thirdparty_migration/figures/modify_timeout_value.png new file mode 100644 index 0000000000000000000000000000000000000000..d9aab7593b2a42df41103abc4ca5a1eb7c6e34d3 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/modify_timeout_value.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run1.png b/docs/zh/docs/thirdparty_migration/figures/run1.png new file mode 100644 index 0000000000000000000000000000000000000000..1c653188ef2d6874a07a5dc185139339dc502dbc Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run1.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run2.png b/docs/zh/docs/thirdparty_migration/figures/run2.png new file mode 100644 index 0000000000000000000000000000000000000000..7d17f2d56c7adf3ccc9ef7a5e53da636561d8795 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run2.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run3.png b/docs/zh/docs/thirdparty_migration/figures/run3.png new file mode 100644 index 0000000000000000000000000000000000000000..cc4d4fbd02e4d60017d5599b74b0fda90843353c Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run3.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run4.png b/docs/zh/docs/thirdparty_migration/figures/run4.png new file mode 100644 index 0000000000000000000000000000000000000000..05ff12603bbabfb188f05c7f47551016b7aa110f Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run4.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run5.png b/docs/zh/docs/thirdparty_migration/figures/run5.png new file mode 100644 index 0000000000000000000000000000000000000000..e149c3286189a4ef4cc93f7add118f43e20cc96c Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run5.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run6.png b/docs/zh/docs/thirdparty_migration/figures/run6.png new file mode 100644 index 0000000000000000000000000000000000000000..27c9263dbf447a0199a2a8d12af1192661efa7bb Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run6.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/stack.png b/docs/zh/docs/thirdparty_migration/figures/stack.png new file mode 100644 index 0000000000000000000000000000000000000000..63edbbbaac901b154d906eaf803f31bf6fe61bbe Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/stack.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/startvm.png b/docs/zh/docs/thirdparty_migration/figures/startvm.png new file mode 100644 index 0000000000000000000000000000000000000000..1254e08e85b6f515791b258e12b9ac4891cc1ffd Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/startvm.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/vmlist.png b/docs/zh/docs/thirdparty_migration/figures/vmlist.png new file mode 100644 index 0000000000000000000000000000000000000000..830261f13c434327c8bb9a01cc4fb5e6988a01c2 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/vmlist.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/x86_build_fail.png b/docs/zh/docs/thirdparty_migration/figures/x86_build_fail.png new file mode 100644 index 0000000000000000000000000000000000000000..2d91001fa9c76c3154fdaffa31c4b2befc4f34c0 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/x86_build_fail.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/yumarm.png b/docs/zh/docs/thirdparty_migration/figures/yumarm.png new file mode 100644 index 0000000000000000000000000000000000000000..538df33bcb5134c2a3f50b12cc5097d25bab1c76 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/yumarm.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/yumx86.png b/docs/zh/docs/thirdparty_migration/figures/yumx86.png new file mode 100644 index 0000000000000000000000000000000000000000..880f54f8836ad7992345e74075ff355209a08f70 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/yumx86.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836364.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836364.png new file mode 100644 index 0000000000000000000000000000000000000000..092be1b363b87b5890c1e825e38f8cc4a6b07980 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836364.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836374.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836374.png new file mode 100644 index 0000000000000000000000000000000000000000..7b407c4ac75025d0beb65a231a30b1129776a45b Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836374.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837434.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837434.png new file mode 100644 index 0000000000000000000000000000000000000000..e947112112a9dff8c3e1d7460dbf00bf2e167adb Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837434.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837436.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837436.png new file mode 100644 index 0000000000000000000000000000000000000000..de9500feba2988934b130bf876a9134e65919f9c Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837436.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838174.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838174.png new file mode 100644 index 0000000000000000000000000000000000000000..771a238544b18a196e8dc4fce484c037ece281c0 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838174.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838176.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838176.png new file mode 100644 index 0000000000000000000000000000000000000000..240395d4cf2625c2fd762b647d8d371eb3f010c7 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838176.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838182.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838182.png new file mode 100644 index 0000000000000000000000000000000000000000..983ec2e4e16e3570897ece58d3499f1e384d3c55 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838182.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838184.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838184.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea8a5003de5e5a1a6bcbf04ccfda6be3c7591e4 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838184.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838200.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838200.png new file mode 100644 index 0000000000000000000000000000000000000000..ff90e70830df6c5c5c06dadb2446e1aad6739ad6 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838200.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838202.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838202.png new file mode 100644 index 0000000000000000000000000000000000000000..1dcf05ec51cc58c710eede1197923494c4c57f98 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838202.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838204.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838204.png new file mode 100644 index 0000000000000000000000000000000000000000..f8d858e1b97d6fb5bec2418b10fb78e47c4914bf Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838204.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838206.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838206.png new file mode 100644 index 0000000000000000000000000000000000000000..5096cabacc305fec55b581432a5cd127cae84362 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838206.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838208.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838208.png new file mode 100644 index 0000000000000000000000000000000000000000..a406893b51db2081c41c91929f17429ad3072d08 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838208.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838210.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838210.png new file mode 100644 index 0000000000000000000000000000000000000000..3d51ce1a6d6b4de233a4d3c81744f64ac18aea8a Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838210.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838212.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838212.png new file mode 100644 index 0000000000000000000000000000000000000000..49c8735599f0e0633eeb046d9f0795df2d0f5870 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838212.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838214.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838214.png new file mode 100644 index 0000000000000000000000000000000000000000..8efa6420b0f2c4fbf6774fe991dcd0242a8a1ea9 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838214.png differ diff --git a/docs/zh/docs/thirdparty_migration/k8sinstall.md b/docs/zh/docs/thirdparty_migration/k8sinstall.md new file mode 100644 index 0000000000000000000000000000000000000000..64c7b7a9aaeb16cd623e46f1f2b63e4aeda13fda --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/k8sinstall.md @@ -0,0 +1,486 @@ +# K8S 迁移至 openEuler 指导 + +- [软件介绍](#软件介绍) +- [环境配置](#环境配置) +- [系统配置](#系统配置) +- [软件安装](#软件安装) +- [软件卸载](#软件卸载) + + + + + +## 软件介绍 + +Kubernetes 集群(以下简称 K8S)是一个开源的容器集群管理平台,可以实现容器集群的自动化部署、自动扩缩容、维护等功能。Kubernetes的目标是促进完善组件和工具的生态系统,以减轻应用程序在云上运行的负担。 + +Kubernetes 集群中存在两种节点,Master 节点和 Worker 节点。Master 节点是集群的控制节点,负责整个集群的管理和控制。针对集群执行的控制命令都是发送给 Master 节点的。Worker 节点是 Kubernetes 集群中的工作负载节点,Worker 上的工作负载由 Master 分配,当某个 Worker 宕机时,Master 会将上面的工作负载转移到其他节点上去。 + +本文描述使用两个节点来搭建 Kubernetes 集群的方法,一个作为 Master 节点,另一个作为 Worker 节点。 + + +## 环境配置 + +### 软件平台 + +| 软件名称 |版本号 |安装方法 | +|:--- |:---- |:---- | +| openEuler | 20.03-LTS-SP4 |iso | +| gnu | 7.3.0 | | +| python3 | 3.7.4 | | +| bash | 5.0.11 | | + +### 必要依赖包 + +| 软件名称 |版本号 |安装方法 | +|:--- |:---- |:---- | +| docker-engine | 18.09.0-101 |见安装docker配置yum源 | +| kubelet | 1.15.10/1.18/1.16 | 见安装k8s组件 | +| kubeadm | 1.15.10/1.18/1.16 | 见安装k8s组件 | +| kubectl | 1.15.10/1.18/1.16 | 见安装k8s组件 | +| kubernetes-cni | 1.15.10/1.18/1.16 | 见安装k8s组件 | + +>![](./public_sys-resources/icon-note.gif) **说明:** +>本文适用于 K8S 1.15.10/1.18/1.16 三个版本,本文以 1.15.10 版本为例说明。 + +## 系统配置 + + +### 修改主机配置 + +分别编辑 Master 和 Worker 节点的`/etc/hosts` 文件,在文件末尾添加 Master 和 Worker 节点的IP。 + +``` +192.168.122.72 master +192.168.122.130 worker +``` + +### 安装 docker 配置 yum 源 + +1. 可选,官方发布的镜像中已配置好 yum 源,不需要另外配置。如系统中没有配置任何 openEuler yum 源,则需要按照如下操作新增 repo 文件,`baseurl`值以发布版本中的源地址为准。 + - aarch64架构 + ``` + $ vim /etc/yum.repos.d/openEuler_aarch64.repo + ``` + + ![](./figures/yumarm.png) + + - x86架构 + + ``` + $ vim /etc/yum.repos.d/openEuler_x86_64.repo + ``` + + ![](./figures/yumx86.png) + +2. 分别在 Master 和 Worker 节点上执行。 +清除缓存中的软件包及旧的headers,重新建立缓存。 + + ``` + $ yum clean all + $ yum makecache + ``` +3. 安装docker并启动相关服务,输出Docker的状态。 + + ``` + $ yum -y install docker-engine + $ systemctl daemon-reload + $ systemctl status docker + $ systemctl restart docker + $ systemctl status docker + $ systemctl enable docker + ``` + +### 关闭防火墙和selinux + +由于 nftables 后端兼容性问题,产生了重复的防火墙规则,需要关闭防火墙;为了使容器可以访问宿主机的文件系统,需要关闭 selinux。 + +分别在 Master 和 Worker 节点上执行如下命令,关闭防火墙和 selinux。 + +``` +$ systemctl stop firewalld +$ systemctl disable firewalld +$ setenforce 0 +$ sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config +``` + +### 配置 kubernetes yum 源 + +1. 分别在 Master 和 Worker 节点上执行如下命令,配置 kubernetes 的 yum 源。 + * aarch64架构 + ``` + cat < /etc/yum.repos.d/kubernetes.repo + + [kubernetes] + name=Kubernetes + baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-aarch64 + enabled=1 + gpgcheck=1 + repo_gpgcheck=1 + gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg + http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg + EOF + ``` + + * x86架构: + ``` + cat < /etc/yum.repos.d/kubernetes.repo + + [kubernetes] + name=Kubernetes + baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 + enabled=1 + gpgcheck=1 + repo_gpgcheck=1 + gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg + http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg + EOF + ``` + +2. 配置完成后,执行如下命令,清除缓存中的软件包及旧的 headers,重新建立缓存。 + ``` + $ yum clean all + $ yum makecache + ``` + + +### 关闭交换分区 + +在安装 K8S 集群时,Linux 的 Swap 内存交换机制需要关闭,否则会因为内存交换影响系统的性能和稳定性。 + +1. 分别在 Master 和 Worker 节点上执行如下命令,关闭交换分区。 + + ``` + $ swapoff -a + $ cp -p /etc/fstab /etc/fstab.bak$(date '+%Y%m%d%H%M%S') + $ sed -i "s/\/dev\/mapper\/openeuler-swap/\#\/dev\/mapper\/openeuler-swap/g" /etc/fstab + ``` + +2. 执行如下命令查看是否修改成功。 + ``` + $ cat /etc/fstab + ``` + + ![](./figures/zh-cn_image_0296836364.png) + +3. 执行如下命令重启系统。 + + ``` + $ reboot + ``` + +## 软件安装 + +### 安装k8s组件 + +分别在 Master 和 Worker 节点上执行如下命令,安装 k8s 组件。 + +``` +$ yum install -y kubelet-1.15.10 kubeadm-1.15.10 kubectl-1.15.10 kubernetes-cni-0.7.5 +``` + +### 配置开机启动项 + +1. 分别在 Master 和 Worker 节点上执行如下命令,配置开机启动 kubelet。 + + ``` + $ systemctl enable kubelet + ``` + +2. 分别在 Master 和 Worker 节点上创建 `/etc/sysctl.d/k8s.conf` 文件,并添加如下内容。 + + ``` + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + net.ipv4.ip_forward = 1 + vm.swappiness=0 + ``` + +3. 分别在 Master 和 Worker 节点上执行如下命令,使修改生效。 + + ``` + $ modprobe br_netfilter + $ sysctl -p /etc/sysctl.d/k8s.conf + ``` + +### 通过Docker下载组件 + +Master 和 Worker 节点通过 Docker 下载其他组件,下载镜像时需要根据架构选择相应的版本,以下命令分别两台节点上执行,操作步骤如下。 + +1. 查看初始化所需镜像,执行如下命令,结果如图所示。 + ``` + $ kubeadm config images list + ``` + ![](./figures/downloaddocker.png) + >![](./public_sys-resources/icon-note.gif) **说明:** + > K8S所需镜像版本有可能会变动,故需查看列表匹配需要下载的Docker镜像,以下镜像版本仅供参考。 + +2. 执行如下命令,从 DockerHub 上下载镜像。 + * aarch64架构 + ``` + $ docker pull gcmirrors/kube-apiserver-arm64:v1.15.10 + $ docker pull gcmirrors/kube-controller-manager-arm64:v1.15.10 + $ docker pull gcmirrors/kube-scheduler-arm64:v1.15.10 + $ docker pull gcmirrors/kube-proxy-arm64:v1.15.10 + $ docker pull gcmirrors/pause-arm64:3.1 + $ docker pull gcmirrors/etcd-arm64:3.3.10 + $ docker pull coredns/coredns:1.3.1 + ``` + * x86架构 + ``` + $ docker pull gcmirrors/kube-apiserver-amd64:v1.15.10 + $ docker pull gcmirrors/kube-controller-manager-amd64:v1.15.10 + $ docker pull gcmirrors/kube-scheduler-amd64:v1.15.10 + $ docker pull gcmirrors/kube-proxy-amd64:v1.15.10 + $ docker pull gcmirrors/pause-amd64:3.1 + $ docker pull gcmirrors/etcd-amd64:3.3.10 + $ docker pull coredns/coredns:1.3.1 + ``` + >![](./public_sys-resources/icon-note.gif) **说明:** + >如果配置了docker镜像库代理,可以直接将标签换为“k8s.gcr.io”并省略以下步骤。 + +3. 执行如下命令,给已下载的镜像打标签。 + * aarch64架构 + ``` + $ docker tag gcmirrors/kube-apiserver-arm64:v1.15.10 k8s.gcr.io/kube-apiserver:v1.15.10 + $ docker tag gcmirrors/kube-controller-manager-arm64:v1.15.10 k8s.gcr.io/kube-controller-manager:v1.15.10 + $ docker tag gcmirrors/kube-scheduler-arm64:v1.15.10 k8s.gcr.io/kube-scheduler:v1.15.10 + $ docker tag gcmirrors/kube-proxy-arm64:v1.15.10 k8s.gcr.io/kube-proxy:v1.15.10 + $ docker tag gcmirrors/pause-arm64:3.1 k8s.gcr.io/pause:3.1 + $ docker tag gcmirrors/etcd-arm64:3.3.10 k8s.gcr.io/etcd:3.3.10 + $ docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1 + ``` + * x86架构 + ``` + $ docker tag gcmirrors/kube-apiserver-amd64:v1.15.10 k8s.gcr.io/kube-apiserver:v1.15.10 + $ docker tag gcmirrors/kube-controller-manager-amd64:v1.15.10 k8s.gcr.io/kube-controller-manager:v1.15.10 + $ docker tag gcmirrors/kube-scheduler-amd64:v1.15.10 k8s.gcr.io/kube-scheduler:v1.15.10 + $ docker tag gcmirrors/kube-proxy-amd64:v1.15.10 k8s.gcr.io/kube-proxy:v1.15.10 + $ docker tag gcmirrors/pause-amd64:3.1 k8s.gcr.io/pause:3.1 + $ docker tag gcmirrors/etcd-amd64:3.3.10 k8s.gcr.io/etcd:3.3.10 + $ docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1 + ``` + +4. 执行如下命令,查看上步中的镜像是否成功打上 k8s 标签,查询结果如下图所示: + + ``` + $ docker images | grep k8s + ``` + + ![](./figures/zh-cn_image_0296836374.png) + +5. 标签打好后,执行如下命令,删除当前环境上的旧镜像。 + * aarch64架构 + ``` + $ docker rmi gcmirrors/kube-apiserver-arm64:v1.15.10 + $ docker rmi gcmirrors/kube-controller-manager-arm64:v1.15.10 + $ docker rmi gcmirrors/kube-scheduler-arm64:v1.15.10 + $ docker rmi gcmirrors/kube-proxy-arm64:v1.15.10 + $ docker rmi gcmirrors/pause-arm64:3.1 + $ docker rmi gcmirrors/etcd-arm64:3.3.10 + $ docker rmi coredns/coredns:1.3.1 + ``` + * x86架构 + ``` + $ docker rmi gcmirrors/kube-apiserver-amd64:v1.15.10 + $ docker rmi gcmirrors/kube-controller-manager-amd64:v1.15.10 + $ docker rmi gcmirrors/kube-scheduler-amd64:v1.15.10 + $ docker rmi gcmirrors/kube-proxy-amd64:v1.15.10 + $ docker rmi gcmirrors/pause-amd64:3.1 + $ docker rmi gcmirrors/etcd-amd64:3.3.10 + $ docker rmi coredns/coredns:1.3.1 + ``` +### 配置 Master 节点 + +1. 在 Master 节点上执行如下命令,进行集群初始化。 + + ``` + $ systemctl daemon-reload + $ systemctl restart kubelet + $ kubeadm init --kubernetes-version v1.15.10 --pod-network-cidr=10.244.0.0/16 + ``` + 集群初始化成功后,界面显示信息如下。 + + ![](./figures/configmaster.png) + + 保存上图中的`kubeadm join`命令,在下文[Worker节点加入集群](#jump2)步骤中需要执行该命令。 + + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > 使用 kubeadm 安装的 Kubernetes 会自动生成集群所需的证书。所有证书都存放在 `/etc/kubernetes/pki` 目录下。 + +2. 按照初始化成功的控制台显示信息配置集群,命令如下所示。 + + ``` + $ mkdir -p $HOME/.kube + $ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config + $ chown $(id -u):$(id -g) $HOME/.kube/config + ``` + +3. 在Master节点执行如下命令,查看集群节点信息。 + ``` + $ kubectl get node + ``` + 由于还没有配置calico网络,当前node状态为未就绪。 + +### 安装calico网络插件 + +1. 分别在 Master 和 Worker 节点上执行如下命令,下载 calico 容器镜像。 + * aarch64架构 + ``` + $ docker pull calico/cni:v3.14.2-arm64 + $ docker pull calico/node:v3.14.2-arm64 + $ docker pull calico/kube-controllers:v3.14.2-arm64 + $ docker pull calico/pod2daemon-flexvol:v3.14.2-arm64 + ``` + * x86架构 + ``` + $ docker pull calico/cni:v3.14.2-amd64 + $ docker pull calico/node:v3.14.2-amd64 + $ docker pull calico/kube-controllers:v3.14.2-amd64 + $ docker pull calico/pod2daemon-flexvol:v3.14.2-amd64 + ``` +2. 分别在 Master 和 Worker 节点上执行如下命令,修改已下载的镜像标签。 + * aarch64架构 + ``` + $ docker tag calico/cni:v3.14.2-arm64 calico/cni:v3.14.2 + $ docker tag calico/node:v3.14.2-arm64 calico/node:v3.14.2 + $ docker tag calico/kube-controllers:v3.14.2-arm64 calico/kube-controllers:v3.14.2 + $ docker tag calico/pod2daemon-flexvol:v3.14.2-arm64 calico/pod2daemon-flexvol:v3.14.2 + ``` + * x86架构 + ``` + $ docker tag calico/cni:v3.14.2-amd64 calico/cni:v3.14.2 + $ docker tag calico/node:v3.14.2-amd64 calico/node:v3.14.2 + $ docker tag calico/kube-controllers:v3.14.2-amd64 calico/kube-controllers:v3.14.2 + $ docker tag calico/pod2daemon-flexvol:v3.14.2-amd64 calico/pod2daemon-flexvol:v3.14.2 + ``` + +3. 执行如下命令,查看是否成功打上 calico 标签。 + + ``` + $ docker images | grep calico + ``` + ![](./figures/calicotag.png) + +4. 分别在 Master 和 Worker 节点上执行如下命令,删除旧镜像。 + * aarch64架构 + ``` + $ docker rmi calico/cni:v3.14.2-arm64 + $ docker rmi calico/node:v3.14.2-arm64 + $ docker rmi calico/kube-controllers:v3.14.2-arm64 + $ docker rmi calico/pod2daemon-flexvol:v3.14.2-arm64 + ``` + * x86架构 + ``` + $ docker rmi calico/cni:v3.14.2-amd64 + $ docker rmi calico/node:v3.14.2-amd64 + $ docker rmi calico/kube-controllers:v3.14.2-amd64 + $ docker rmi calico/pod2daemon-flexvol:v3.14.2-amd64 + ``` +5. 在 Master 节点上执行如下命令,下载 yaml 文件。 + + ``` + $ wget https://docs.projectcalico.org/v3.14/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml --no-check-certificate + ``` + +6. 在 Master 节点上执行如下命令,部署 calico。 + + ``` + $ kubectl apply -f calico.yaml + ``` +7. 在 Master 节点上执行如下命令,查看节点状态,状态为 Ready 即表明安装成功。 + + ``` + $ kubectl get nodes + ``` + + +### 加入集群 + +1. 在 Worker 节点执行[配置 Master 节点](#jump1)中保存的命令,将 Worker 节点加入集群。 + + ``` + $ kubeadm join 192.168.122.72:6443 --token 9hyjsw.102m4qpmr93msfdv --discovery-token-ca-cert-hash sha256:ccf9a7762c7ae08fab3ec0649897b1de8e3ef37cf789517f42ea95fad0bd29b1 + ``` + >![](./public_sys-resources/icon-note.gif) **说明:** + >token默认有效期为24小时,若token超时,可在Master节点上执行命令`kubeadm token create --print-join-command`重新生成。 + +2. 在Master节点上执行如下命令,查看集群中加入的子节点。 + + ``` + $ kubectl get nodes + ``` + +3. 在Master节点上执行如下命令,查看集群中的 pod 状态,所有 pod 状态均为 Running 时表示配置成功,配置成功的界面显示如下图所示。 + + ``` + $ kubectl get pods -A + ``` + + ![](./figures/clusteradd.png) + + + +### 查看状态信息相关命令 + +* 查看所有 pods。 + + ``` + kubectl get pods -A + ``` + +* 查看当前节点上运行在某一命名空间的所有 pod。 + + ``` + kubectl get pods -n $namespace + ``` + +* 查看某一命名空间下 pod 的详细信息。 + + ``` + kubectl get pods -n $namespace -o wide + ``` + +* 查看单个 pod 信息,可用于定位 pod 状态异常问题。 + + ``` + kubectl describe pod $podname -n $namespace + ``` + +* 删除 pod,如果要删除正在运行中的 pod,控制器会马上再创建一个新的。 + + ``` + kubectl delete pods $podname + ``` + + +## 软件卸载 + +如果不需要使用 k8s 集群时,可以按本章节操作,删除 k8s 集群,以下命令需要分别在 Master 和 Worker 节点上执行。 +1. 执行如下命令,清空 k8s 集群设置。 + + ``` + $ kubeadm reset + $ rm –rf $HOME/.kube/config + ``` + +2. 执行如下命令,删除基础组件镜像。 + + ``` + $ docker rmi k8s.gcr.io/kube-apiserver:v1.15.10 + $ docker rmi k8s.gcr.io/kube-controller-manager:v1.15.10 + $ docker rmi k8s.gcr.io/kube-scheduler:v1.15.10 + $ docker rmi k8s.gcr.io/kube-proxy:v1.15.10 + $ docker rmi k8s.gcr.io/pause:3.1 + $ docker rmi k8s.gcr.io/etcd:3.3.10 + $ docker rmi k8s.gcr.io/coredns:1.3.1 + ``` + +3. 执行如下命令,卸载管理软件。 + + ``` + $ yum erase –y kubelet kubectl kubeadm kubernetes-cni + ``` + + diff --git a/docs/zh/docs/thirdparty_migration/openstack.md b/docs/zh/docs/thirdparty_migration/openstack.md new file mode 100644 index 0000000000000000000000000000000000000000..38999e31f01aff7f0ccd19e874666aff0b4efb13 --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/openstack.md @@ -0,0 +1,3 @@ +# OpenStack 用户指南 + +openEuler OpenStack 相关文档已迁移至[OpenStack SIG官网文档](https://openstack-sig.readthedocs.io/zh/latest/)。请访问链接获取详细信息。 diff --git a/docs/zh/docs/thirdparty_migration/prep_install.sh b/docs/zh/docs/thirdparty_migration/prep_install.sh new file mode 100644 index 0000000000000000000000000000000000000000..1161fbff264ca33c993990b6a3372c47a6f159a9 --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/prep_install.sh @@ -0,0 +1,145 @@ +#!/bin/bash +# This script contains the preparations before installing openstack + +HTTPD_CG="/etc/httpd/conf/httpd.conf" +QEMU_CG="/etc/libvirt/qemu.conf" + +EDK2_UEFI_PATH="/usr/share/edk2" +UEFI_DIR_ARM="/usr/share/AAVMF" +UEFI_DIR_X86="/usr/share/OVMF" +DEVSTACK_HOME="/home/stack/devstack" + +# Confirm installation mode for openstack +function install_mode() +{ + if [[ ! `rpm -qa` =~ "openeuler-lsb" ]]; then + echo "Maybe you should confirm whether openeuler-lsb is installed" + exit 1 + fi + + # init function is_openeuler + sed -i "/\# Git Functions/i\\function is_openeuler {\n\tif [[ -z \"\$os_VENDOR\" ]]; then\n\tGetOSVersion\n\tfi\n\n\t[[ \"\$os_VENDOR\" =~ (openEuler) ]]\n}\n" $DEVSTACK_HOME/functions-common + + # build function is_openeuler in functions-common + sed -i "s/elif is_fedora/elif is_fedora || is_openeuler/g" $DEVSTACK_HOME/functions-common + sed -i "/DISTRO=\"f\$os_RELEASE\"/a\ \ \ \ elif [[ \"\$os_VENDOR\" =~ (openEuler) ]]; then\n\tDISTRO=\"openEuler-\$os_RELEASE\"" $DEVSTACK_HOME/functions-common + # build function is_openeuler with remaining + grep -nir "is_fedora" | grep -v functions-common | cut -d ":" -f1 | sort | uniq | for line in `xargs` + do + sed -i "s/is_fedora/is_fedora || is_openeuler/g" $line + done + + # install glance + sed -i "/\${LIBS_FROM_GIT} = 'ALL'/i\\\ \ \ \ if [ \$name == \"glance_store\" ]; then enabled=0; fi" $DEVSTACK_HOME/inc/python + + # source openrc + sed -i "/openstack project list/i\\source openrc admin admin" $DEVSTACK_HOME/lib/neutron_plugins/services/l3 + + # Change VIRTUALENV_CMD + pip3 install virtualenv + sed -i "s/python3 -m venv/virtualenv/g" $DEVSTACK_HOME/stackrc + + # Fixed git branch + sed -i "s/master/stable\/train/g" $DEVSTACK_HOME/stackrc + + # Change pypi repo + sed -i "s/\$cmd_pip install/\$cmd_pip install -i https:\/\/mirrors.aliyun.com\/pypi\/simple/g" $DEVSTACK_HOME/inc/python +} + +# Config mod_wsgi +function mod_wsgi_cg() +{ + sudo ls -al $HTTPD_CG 2>&1 > /dev/null + if [[ $? -ne 0 ]]; then + echo "Maybe you should confirm whether httpd is installed" + exit 1 + fi + + sudo sed -i "/Include conf.modules.d\/\*.conf/i\\LoadModule wsgi_module modules/mod_wsgi_python3.so" $HTTPD_CG +} + +# QEMU support for uefi +function qemu_uefi_init() +{ + sudo ls -al $QEMU_CG 2>&1 > /dev/null + if [[ $? -ne 0 ]]; then + echo "Maybe you should confirm whether qemu is installed" + exit 1 + fi + + if [[ `arch` == aarch64 ]]; then + sudo sed -i '$anvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\",\"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\"]' $QEMU_CG + fi + if [[ `arch` == x86_64 ]]; then + sudo sed -i '$anvram = [\"/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd\",\"/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd"]' $QEMU_CG + fi +} + +# Bugfix when yum install edk2 +function edk2_uefi_init() +{ + if [[ ! -d $EDK2_UEFI_PATH ]]; then + echo "Maybe you should confirm whether edk2 is installed" + exit 1 + fi + + if [[ `arch` == "aarch64" ]]; then + sudo mkdir $UEFI_DIR_ARM && pushd $UEFI_DIR_ARM + sudo ln -s $EDK2_UEFI_PATH/aarch64/QEMU_EFI-pflash.raw AAVMF_CODE.fd + sudo ln -s $EDK2_UEFI_PATH/aarch64/vars-tmplate-pflash.raw AAVMF_VARS.fd + popd + fi + if [[ `arch` == "x86_64" ]]; then + sudo mkdir $UEFI_DIR_X86 && pushd $UEFI_DIR_X86 + sudo ln -s $EDK2_UEFI_PATH/ovmf/OVMF_CODE.fd OVMF_CODE.fd + sudo ln -s $EDK2_UEFI_PATH/ovmf/OVMF_VARS.fd OVMF_VARS.fd + popd + + fi + + qemu_uefi_init +} + +# Fixed libvirt version +function libvirt_version_fixed() +{ + if [[ ! `rpm -qa` =~ "python3-libvirt" ]]; then + echo "Maybe you should confirm whether python3-libvirt is installed" + exit 1 + fi + sudo sed -i "s/pip_uninstall libvirt-python//g" $DEVSTACK_HOME/lib/nova_plugins/functions-libvirt + sudo sed -i "s/pip_install_gr libvirt-python//g" $DEVSTACK_HOME/lib/nova_plugins/functions-libvirt +} + +# The installation system script execution process must depend on +function yum_pkgs() +{ + # install base service + sudo yum install -y gcc-c++ python3-devel tar patch git + # install necessary dependences + sudo yum install -y python3-systemd + sudo yum install -y libffi-devel + sudo yum install -y open-iscsi-devel + sudo yum install -y libxml2 libxml2-devel + sudo yum install -y python3-lxml python3-libxml2 libxslt libxslt-devel + sudo yum install -y pcp-system-tools + sudo yum install -y haproxy + if [[ `arch` == "aarch64" ]]; then + sudo yum install -y edk2-aarch64 edk2-devel python3-edk2-devel + fi + if [[ `arch` == "x86_64" ]]; then + sudo yum install -y edk2-ovmf edk2-devel python3-edk2-devel + fi + sudo yum install -y libvirt* python3-libvirt && libvirt_version_fixed + sudo yum install -y qemu qemu-guest-agent && edk2_uefi_init + sudo yum install -y httpd httpd-devel + sudo yum install -y memcached + sudo yum install -y mariadb-server + sudo yum install -y rabbitmq-server + sudo yum install -y python3-uWSGI python3-mod_wsgi && mod_wsgi_cg + sudo yum install -y python3-copr python3-scss + sudo yum install -y openeuler-lsb && install_mode + sudo yum install -y python3-sqlalchemy python3-SQLAlchemy-Utils +} + +yum_pkgs diff --git a/docs/zh/docs/thirdparty_migration/public_sys-resources/.keep b/docs/zh/docs/thirdparty_migration/public_sys-resources/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-note.gif b/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-notice.gif b/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/docs/thirdparty_migration/springframework.md b/docs/zh/docs/thirdparty_migration/springframework.md new file mode 100644 index 0000000000000000000000000000000000000000..cea8c082cd60d3bfb2dea1c9c30b902e7010df6f --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/springframework.md @@ -0,0 +1,416 @@ +# Spring Framework迁移至 openEuler 指导 + +- [软件介绍](#软件介绍) +- [环境配置](#环境配置) +- [系统配置](#系统配置) +- [软件编译](#软件编译) +- [软件运行](#软件运行) +- [FAQ](#faq) + + +## 软件介绍 + +### Spring Framwork 简介 + +Spring Framework 是为解决 EJB 开发 JavaEE 程序代码冗余,配置复杂等诸多问题而引入的开源框架。Spring 作为容器,提供了对多种技术\(JMS, MQ, UnitTest\)的支持,同时通过 AOP\(事物管理,日志等\)提供了众多方便应用的辅助类,对主流框架提供了良好的支持。 + +Spring Framework 整体框架结构如 [图1](#fig1601161484619)所示: + +**图 1** Spring Framework 整体框架结构 +![](./figures/zh-cn_image_0296838174.png) + +Spring Framework 包括三个核心组件 Spring-Core、Spring-Context 和 Spring-Beans。还包括基础组件Spring-AOP、Spring-Web 和 Spring-Webmvc 等,各个组件的功能说明如下: + +**Spring-Core** +核心容器提供 Spring 框架的基本功能,主要组件是 BeanFactory ,实现对 Bean 的管理。 + +**Spring-Context** +是一个配置文件,向Spring Framework 提供上下文信息。上下文包括企业服务,例如 JNDI,EJB,电子邮件,国际化,校验和调度功能。 + +**Spring-Beans** +实现IOC\(控制反转\)的包,是 Spring Framework 的关键特性。 + +**Spring-AOP** +直接将面向切面的编程功能集成到 Spring 框架中,所以可以很容易的使用 Spring 框架管理任何对象。Spring-AOP 为基于 Spring 的应用程序中的对象提供了事物管理服务,不依赖 EJB 组件,就可以将声明性事物管理集成到应用程序中。 + +**Spring-Web** +建立在 Spring-Context 模块之上,为基于 Web 的应用程序提供上下文。 + +**Spring-Webmvc** +是一个全功能的构建 web 应用程序的 MVC 实现,容纳了大量视图技术。MVC 框架通过策略接口变成了高度可配置的。 + +从上面的介绍可以看出,IOC\(控制反转\)的实现包 Spring-Beans 和 AOP\(依赖注入\)的实现包 Spring-AOP 是整个框架的基础,而 Spring-Core 是整个框架的核心。在此基础上,Spring-Context 提供了上下文环境,为各个模块提供粘合作用。而 web 部分的功能,是依赖 Spring-Web 和 Spring-Webmvc 来实现的。 + + +### Spring Boot 和 Spring Cloud 简介 + +Spring Framework 引入到本地 maven 仓库后,就可以使用这个框架对 Java 程序进行 maven 构建。但 Spring 构建需要配置大量的 xml 文件,开发繁琐。Spring Boot 基于 Spring Framework 来构建,是一种快速构建 Spring 应用的方案,而 Spring Cloud 是构建 Spring Boot的分布式环境,也就是常说的云应用,Spring Boot 起到承上启下的作用。 + +Spring Framework、Spring Boot和Spring Cloud三者的关系如 [图2](#fig1601161484620)所示: + +**图 2** 组件关系 +![](./figures/zh-cn_image_0296838176.png) + +Spring Boot 是 Spring 的一套快速配置方案,可以用来快速开发单个微服务,Spring Cloud 是一个基于 Spring Boot 实现的云应用开发工具;Spring Boot 专注于快速、方便集成单个个体,Spring Cloud 是关注全局的服务治理框架。Spring Boot 可以离开 Spring Cloud 独立使用开发项目,但 Spring Cloud 无法离开 Spring Boot使用。 + +## 环境配置 + +建议部署环境内存大于 2G。 + +### 软件平台 + +| 软件名称 |版本号 |安装方法 | +|:--- |:---- |:---- | +| openEuler | 20.03-LTS-SP4 |iso | +| tar | 1.32 |yum install | +| wget | 1.20.3 |yum install | +| git | 2.27 |yum install | + + +### 必要依赖包 + +| 软件名称 |版本号 |安装方法 | +|:--- |:---- |:---- | +| jdk | 1.8.0 |见基础软件安装 | +| maven | 3.5.4 |见基础软件安装 | + + +## 系统配置 + +### 配置本地 yum 源 + +若环境可以连接互联网,可不用配置本地源,直接用系统配置好的源或者自己添加其他网络源即可。 + +1. 执行以下命令,配置源文件,查看已经配置好的 yum 源的 repo 文件。 + + ``` + # cat /etc/yum.repos.d/openEuler.repo + [base] + name=base + baseurl=file:///mnt + enabled=1 + gpgcheck=0 + ``` + +2. 执行以下命令,挂载源镜像。 + + ``` + # mount /root/openEuler-20.03-LTS-SP4-everything-aarch64-dvd.iso /mnt + ``` + +## 软件编译 + +## 使用本地 yum 源安装基础软件 + +1. 执行以下命令,安装 maven 构建工具。 + + ``` + # yum -y install maven + ``` + +2. 执行以下命令,利用 yum 源,安装 jdk。 + + ``` + # yum -y install java-1.8.0-openjdk-devel + ``` + +3. 安装验证,安装成功输入以下命令,分别查看 maven 和 java 的版本信息以及查看 javac 的使用方法。 + + ``` + # mvn -version + # java -version + # javac -help + ``` + + ![](./figures/install1.png) + + + +### 安装 Spring Framework 到本地 maven 仓库 + +1. 执行以下命令,获取 Spring Framework 工程源码包。 + + ``` + # cd /home + # wget https://github.com/Spring-projects/Spring-framework/archive/v5.2.10.RELEASE.tar.gz + # tar -xvf v5.2.10.RELEASE.tar.gz + ``` + +2. 执行以下命令,编译Spring Framework源码包,编译成功页面显示如下: + + ``` + # cd /home/spring-framework-5.2.10.RELEASE + # ./gradlew build + ``` + + ![](./figures/zh-cn_image_0296838182.png) + +3. 执行以下命令,安装 Spring Framework 到本地 maven 仓库。 + + ``` + # ./gradlew publishToMavenLocal -x javadoc -x dokka -x asciidoctor + ``` + + 安装成功后会在`/root/.m2/repository/org/`文件夹下看到 springframework 文件夹。 + + ![](./figures/zh-cn_image_0296838184.png) + + +### Spring Boot工程 tomcat 用例编译 + +1. 执行以下命令,获取用例源码。 + + ``` + # cd /home + # wget https://github.com/Spring-projects/Spring-boot/archive/v1.5.4.RELEASE.tar.gz + # tar -xvf v1.5.4.RELEASE.tar.gz + # cd /home/spring-boot-1.5.4.RELEASE/spring-boot-samples/spring-boot-sample-tomcat + ``` + +2. 执行以下命令,编译工程。 + + ``` + # mvn package -DskipTests + ``` + +### Spring Cloud 工程用例编译 + +1. 执行以下命令,编译 Spring-cloud-gateway-sample 工程。 + + ``` + # cd /home + # git clone https://github.com/Spring-cloud-samples/Spring-cloud-gateway-sample.git + # cd /home/Spring-cloud-gateway-sample + # mvn package -DskipTests + ``` + +2. 执行以下命令,编译 zuul-server-1.0.0.BUILD-SNAPSHOT 工程。 + + ``` + # cd /home + # git clone https://github.com/Spring-cloud-samples/zuul-server.git + # cd /home/zuul-server + # mvn package -DskipTests + + ``` + +3. 执行以下命令,编译 eureka-0.0.1-SNAPSHOT 工程。 + + ``` + # cd /home + # git clone https://github.com/Spring-cloud-samples/eureka.git + # cd /home/eureka + # mvn package -DskipTests + ``` + +4. 执行以下命令,编译 feign-eureka 工程。 + + ``` + # cd /home + # git clone https://github.com/Spring-cloud-samples/feign-eureka.git + # cd /home/feign-eureka + # mvn package -DskipTests + ``` + + +## 软件运行 + +### Spring Boot单机环境运行示例 + +1. spring-boot-sample-tomcat 若编译成功,会在工程目录的`/home/spring-boot-1.5.4.RELEASE/spring-boot-samples/spring-boot-samples-tomcat/target` 文件夹下生成 spring-boot-sample-tomcat-1.5.4.RELEASE.jar 文件,执行以下命令,运行这个 jar 文件。 + + ``` + # java -jar spring-boot-sample-tomcat-1.5.4.RELEASE.jar + ``` + +2. 待控制台出现 `tomcat start` 字样后,启动新窗口执行以下命令,查看 tomcat 服务运行状态。 + + ``` + # curl http://localhost:8080 + ``` + 回显“helloworld”即表明运行成功。 + +3. 如果要关闭 Spring-Boot 服务,在步骤 1 窗口中,按 “ctrl + c” 组合键关闭服务。 + +### Spring Cloud单机环境运行示例 + + +#### spring-cloud-gateway-sample 工程运行示例。 + +1. spring-cloud-gateway-sample 工程若编译成功,会在工程目录的 `/home/Spring-cloud-gateway-sample/target` 文件夹下生成 spring-cloud-gateway-sample-0.0.1-SNAPSHOT.jar 文件,执行如下命令,运行这个 jar 文件。 + + ``` + # java -jar spring-cloud-gateway-sample-0.0.1-SNAPSHOT.jar + ``` +2. 待控制台出现 `Started DemogatewayApplication` 字样后,启动新窗口执行以下命令,查看 gateway服务运行状态。返回结果如下图所示,即表明运行成功。 + + ``` + # curl http://localhost:8080/get + ``` + ![](./figures/run1.png) +3. 如果要关闭服务,在步骤 1 窗口中,按 “ctrl + c” 组合键关闭服务。 + +#### zuul-server工程运行示例 +1. zuul-server 需要在 eureka 工程运行后再运行。在`/home/eureka/target` 目录下,执行如下命令,启动 eureka 服务。 + + ``` + # java -jar eureka-0.0.1-SNAPSHOT.jar + ``` +2. 待控制台出现 `Started EurekaApplicattion` 字样后,启动新窗口在工程目录`/home/zuul-server/target`下执行以下命令,启动 zuul-server 服务。 + + ``` + # java -jar zuul-server-1.0.0.BUILD-SNAPSHOT.jar + ``` +3. 待控制台出现 `Started ZuulServerApplicatttion` 字样后,启动新窗口执行以下命令查看服务运行状态。 + + ``` + # curl http://localhost:8765 + ``` + zuul-server 服务启动后控制台会输出访问的端口为 8765, curl 访问本地 8765 端口,会看到返回的带有时间戳的 404 信息,同时服务端控制会记录到一次访问事件。 + + curl访问8765端口如下图所示: + + ![](./figures/run3.png) + + 用户访问时服务端打印的日志信息如下图所示: + + ![](./figures/run4.png) +4. 如果要关闭服务,在步骤 2 和 3 窗口中,按 “ctrl + c” 组合键关闭服务。 + +#### feign-eureka工程运行示例 +1. feign-eureka 要在 eureka 工程运行后执行,在`/home/eureka/target` 目录下,执行如下命令,启动 eureka 服务。 + + ``` + # java -jar eureka-0.0.1-SNAPSHOT.jar + ``` +2. 待控制台出现 `Started EurekaApplicattion` 字样后,启动新窗口在工程目录`/home/feign-eureka/server/target`下执行以下命令,启动 feign-eureka 工程的 server。 + + ``` + # java -jar feign-eureka-hello-server-0.0.1-SNAPSHOT.jar + ``` + +3. 待控制台出现 `Started HelloServerApplication` 字样后,启动新窗口在工程目录`/home/feign-eureka/client/target` 下执行以下命令,启动 feign-eureka 工程的 client。 + + ``` + # java -jar feign-eureka-hello-client-0.0.1-SNAPSHOT.jar + ``` + +4. 待控制台出现 `Started HelloClientApplication` 字样后,启动新窗口执行以下命令查看服务运行状态。 + ``` + # curl http://localhost:7211 + ``` + 服务启动后会在client的控制台看到,服务打开了7211端口,curl访问这个端口,获得Hello SERVER信息 + + 工程 feign-eureka 开放 7211 端口如下图所示: + + ![](./figures/run5.png) + + 访问 feign-eureka 服务查看返回结果如下图所示: + + ![](./figures/run6.png) + + + +## FAQ + + +### Spring Framework编译过程中Spring-webmvc:test 失败 + +**问题现象** + +MvcNamespaceTests.java 中的 assert 未通过测试,失败提示信息如下图所示: + +![](./figures/zh-cn_image_0296838200.png) + +**问题原因** + +服务器回传时间存在8小时时差。 + +**解决方法** + +修改工程目录下的文件`spring-webmvc/src/test/java/org/springframework/web/servlet/config/MvcNamespaceTests.java`, + +将handler的date成员时间强制置0,与LocalDate转换的默认Time保持一致。 + +![](./figures/zh-cn_image_0296838204.png) + + +### 任务 asciidoctor 执行失败 + +**问题现象** + +提示找不到`/root/.gem/jruby/1.9`文件夹 + +![](./figures/zh-cn_image_0296838206.png) + + +**问题原因** + +部分 Spring Framework 版本使用的 Gradle 版本在 JDK9 上运行会存在问题\(由于AspectJ升级到1.9版本所导致\)。 + +**解决方法** + +执行命令 `./gradlew clean test` 进行构建 + + +### Spring-test:compileJava执行失败 + +**问题现象** + +Spring-test:compileJava执行失败,页面提示 "error:warnings found and -Werror specified" +![](./figures/zh-cn_image_0296838208.png) + + +**问题原因** + +错误提示是因为 warning 导致的错误,分析 warning 原因,一些旧的 package 已经在 repo 上不存在了\(repo源是由 build.gradle 脚本指定的\),从而导致编译时报出 warning。 + +**解决方法** + +编辑项目的 build.gradle 编译脚本,去除编译参数中的“-Werror”选项 + +![](./figures/zh-cn_image_0296838210.png) + +### repo源失效 + +**问题现象**: + +repo源无效,页面提示“Received status code 403 from server: Forbidden”。 + +![](./figures/zh-cn_image_0296838212.png) + + +**问题原因** + +偶现,一般是由于网络不稳定,或编译脚本中指定的repo源无法提供所需的包所导致。 + +**解决方法** + +检查 build.gradle 文件的 repo 源设置,是否正确,登录 repo 源,看是否存在缺失的文件。 + +![](./figures/zh-cn_image_0296838214.png) + + +以下有效的 repo 源供参考: + +[https://repo.Spring.io/plugins-release](https://repo.Spring.io/plugins-release) + +[https://repo.Springsource.org/plugins-release](https://repo.Springsource.org/plugins-release) + +### build超时导致的失败 + +**问题现象**: + +问题集中体现在网络相关模块的test不通过,例如提示信息,Task :spring-webflux:test FAILED,而且上报失败的代码位置并不是每次编译都会出现。 + +![](./figures/x86_build_fail.png) + +**问题原因** + +通过分析代码,可以得出结论,失败是因为在规定时间内得不到远端服务的回应,产生超时错误,导致构建失败。 + +**解决方法** + +根据编译错误提示的代码位置,延长超时等待时间。具体的操作:修改提示代码处.verify\(Duration.ofSeconds\(TIMEOUT\)\)或.block\(TIMEOUT\),将TIMEOUT的数值,调整为二倍大。例如下图时间一处超时时间由5秒改为10秒。 + +![](./figures/modify_timeout_value.png) \ No newline at end of file diff --git a/docs/zh/docs/thirdparty_migration/thidrparty.md b/docs/zh/docs/thirdparty_migration/thidrparty.md new file mode 100644 index 0000000000000000000000000000000000000000..e7ebe18a72d273592c4fd28d1089b2f493ea774f --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/thidrparty.md @@ -0,0 +1,5 @@ +# 第三方软件移植指南 + +本文档介绍 openEuler 支持第三方软件:Spring(Spring Framework/Spring Boot/Spring Cloud)、OpenStack 和 Kubernetes 的移植与部署方法,以指导用户快速了解并使用其功能。 + +本文档适用于使用 openEuler 系统并希望了解和使用第三方软件的社区开发者、开源爱好者以及合作伙伴。使用人员需要具备基本的 Linux 操作系统知识。 \ No newline at end of file diff --git a/docs/zh/menu/index.md b/docs/zh/menu/index.md new file mode 100644 index 0000000000000000000000000000000000000000..79f7d9dc0c3a9dff8eae77ea51a52566406ec196 --- /dev/null +++ b/docs/zh/menu/index.md @@ -0,0 +1,196 @@ +--- +headless: true +--- +- [法律声明]({{< relref "./docs/Releasenotes/法律声明.md" >}}) +- [发行说明]({{< relref "./docs/Releasenotes/release_notes.md" >}}) + - [用户须知]({{< relref "./docs/Releasenotes/用户须知.md" >}}) + - [账号清单]({{< relref "./docs/Releasenotes/账号清单.md" >}}) + - [简介]({{< relref "./docs/Releasenotes/简介.md" >}}) + - [系统安装]({{< relref "./docs/Releasenotes/系统安装.md" >}}) + - [关键特性]({{< relref "./docs/Releasenotes/关键特性.md" >}}) + - [已知问题]({{< relref "./docs/Releasenotes/已知问题.md" >}}) + - [已修复问题]({{< relref "./docs/Releasenotes/已修复问题.md" >}}) + - [CVE漏洞]({{< relref "./docs/Releasenotes/CVE漏洞.md" >}}) + - [源代码]({{< relref "./docs/Releasenotes/源代码.md" >}}) + - [参与贡献]({{< relref "./docs/Releasenotes/参与贡献.md" >}}) + - [致谢]({{< relref "./docs/Releasenotes/致谢.md" >}}) +- [快速入门]({{< relref "./docs/Quickstart/quick-start.md" >}}) +- [安装指南]({{< relref "./docs/Installation/installation.md" >}}) + - [安装在服务器]({{< relref "./docs/Installation/安装在服务器.md" >}}) + - [安装准备]({{< relref "./docs/Installation/安装准备.md" >}}) + - [安装方式介绍]({{< relref "./docs/Installation/安装方式介绍.md" >}}) + - [安装指导]({{< relref "./docs/Installation/安装指导.md" >}}) + - [使用kickstart自动化安装]({{< relref "./docs/Installation/使用kickstart自动化安装.md" >}}) + - [FAQ]({{< relref "./docs/Installation/FAQ.md" >}}) + - [安装在树莓派]({{< relref "./docs/Installation/安装在树莓派.md" >}}) + - [安装准备]({{< relref "./docs/Installation/安装准备-1.md" >}}) + - [安装方式介绍]({{< relref "./docs/Installation/安装方式介绍-1.md" >}}) + - [安装指导]({{< relref "./docs/Installation/安装指导-1" >}}) + - [FAQ]({{< relref "./docs/Installation/FAQ-1.md" >}}) + - [更多资源]({{< relref "./docs/Installation/更多资源.md" >}}) +- [管理员指南]({{< relref "./docs/Administration/administration.md" >}}) + - [查看系统信息]({{< relref "./docs/Administration/查看系统信息.md" >}}) + - [基础配置]({{< relref "./docs/Administration/基础配置.md" >}}) + - [管理用户和用户组]({{< relref "./docs/Administration/管理用户和用户组.md" >}}) + - [使用DNF管理软件包]({{< relref "./docs/Administration/使用DNF管理软件包.md" >}}) + - [管理服务]({{< relref "./docs/Administration/管理服务.md" >}}) + - [管理进程]({{< relref "./docs/Administration/管理进程.md" >}}) + - [管理内存]({{< relref "./docs/Administration/memory-management.md" >}}) + - [配置网络]({{< relref "./docs/Administration/配置网络.md" >}}) + - [使用LVM管理硬盘]({{< relref "./docs/Administration/使用LVM管理硬盘.md" >}}) + - [使用KAE加速引擎]({{< relref "./docs/Administration/使用KAE加速引擎.md" >}}) + - [搭建服务]({{< relref "./docs/Administration/搭建服务.md" >}}) + - [搭建repo服务器]({{< relref "./docs/Administration/搭建repo服务器.md" >}}) + - [搭建FTP服务器]({{< relref "./docs/Administration/搭建FTP服务器.md" >}}) + - [搭建web服务器]({{< relref "./docs/Administration/搭建web服务器.md" >}}) + - [搭建数据库服务器]({{< relref "./docs/Administration/搭建数据库服务器.md" >}}) + - [FAQ]({{< relref "./docs/Administration/FAQ-54.md" >}}) +- [安全加固指南]({{< relref "./docs/SecHarden/secHarden.md" >}}) + - [操作系统加固概述]({{< relref "./docs/SecHarden/操作系统加固概述.md" >}}) + - [加固指导]({{< relref "./docs/SecHarden/加固指导.md" >}}) + - [账户口令]({{< relref "./docs/SecHarden/账户口令.md" >}}) + - [授权认证]({{< relref "./docs/SecHarden/授权认证.md" >}}) + - [系统服务]({{< relref "./docs/SecHarden/系统服务.md" >}}) + - [文件权限]({{< relref "./docs/SecHarden/文件权限.md" >}}) + - [内核参数]({{< relref "./docs/SecHarden/内核参数.md" >}}) + - [SELinux配置]({{< relref "./docs/SecHarden/SELinux配置.md" >}}) + - [安全加固工具]({{< relref "./docs/SecHarden/安全加固工具.md" >}}) + - [附录]({{< relref "./docs/SecHarden/附录.md" >}}) +- [虚拟化用户指南]({{< relref "./docs/Virtualization/virtualization.md" >}}) + - [认识虚拟化]({{< relref "./docs/Virtualization/认识虚拟化.md" >}}) + - [安装虚拟化组件]({{< relref "./docs/Virtualization/安装虚拟化组件.md" >}}) + - [准备使用环境]({{< relref "./docs/Virtualization/准备使用环境.md" >}}) + - [虚拟机配置]({{< relref "./docs/Virtualization/虚拟机配置.md" >}}) + - [管理虚拟机]({{< relref "./docs/Virtualization/管理虚拟机.md" >}}) + - [热迁移虚拟机]({{< relref "./docs/Virtualization/热迁移虚拟机.md" >}}) + - [管理系统资源]({{< relref "./docs/Virtualization/管理系统资源.md" >}}) + - [管理设备]({{< relref "./docs/Virtualization/管理设备.md" >}}) + - [最佳实践]({{< relref "./docs/Virtualization/最佳实践.md" >}}) + - [工具使用指南]({{< relref "./docs/Virtualization/工具使用指南.md" >}}) + - [vmtop]({{< relref "./docs/Virtualization/vmtop.md" >}}) + - [LibcarePlus]({{< relref "./docs/Virtualization/LibcarePlus.md" >}}) + - [附录]({{< relref "./docs/Virtualization/附录.md" >}}) +- [StratoVirt用户指南]({{< relref "./docs/StratoVirt/StratoVirtGuide.md" >}}) + - [StratoVirt介绍]({{< relref "./docs/StratoVirt/StratoVirt介绍.md" >}}) + - [安装StratoVirt]({{< relref "./docs/StratoVirt/安装StratoVirt.md" >}}) + - [准备使用环境]({{< relref "./docs/StratoVirt/准备使用环境.md" >}}) + - [虚拟机配置]({{< relref "./docs/StratoVirt/虚拟机配置.md" >}}) + - [虚拟机管理]({{< relref "./docs/StratoVirt/虚拟机管理.md" >}}) + - [对接iSula安全容器]({{< relref "./docs/StratoVirt/对接iSula安全容器.md" >}}) + - [最佳实践]({{< relref "./docs/StratoVirt/最佳实践.md" >}}) +- [容器用户指南]({{< relref "./docs/Container/container.md" >}}) + - [iSula容器引擎]({{< relref "./docs/Container/iSula容器引擎.md" >}}) + - [安装、升级与卸载]({{< relref "./docs/Container/安装-升级与卸载.md" >}}) + - [安装与配置]({{< relref "./docs/Container/安装与配置.md" >}}) + - [升级]({{< relref "./docs/Container/升级.md" >}}) + - [卸载]({{< relref "./docs/Container/卸载.md" >}}) + - [使用指南]({{< relref "./docs/Container/使用指南.md" >}}) + - [容器管理]({{< relref "./docs/Container/容器管理.md" >}}) + - [支持CNI网络]({{< relref "./docs/Container/支持CNI网络.md" >}}) + - [容器资源管理]({{< relref "./docs/Container/容器资源管理.md" >}}) + - [特权容器]({{< relref "./docs/Container/特权容器.md" >}}) + - [CRI接口]({{< relref "./docs/Container/CRI接口.md" >}}) + - [镜像管理]({{< relref "./docs/Container/镜像管理.md" >}}) + - [容器健康状态检查]({{< relref "./docs/Container/容器健康状态检查.md" >}}) + - [查询信息]({{< relref "./docs/Container/查询信息.md" >}}) + - [安全特性]({{< relref "./docs/Container/安全特性.md" >}}) + - [支持OCI hooks]({{< relref "./docs/Container/支持OCI-hooks.md" >}}) + - [本地卷管理]({{< relref "./docs/Container/本地卷管理.md" >}}) + - [附录]({{< relref "./docs/Container/附录.md" >}}) + - [系统容器]({{< relref "./docs/Container/系统容器.md" >}}) + - [安装指导]({{< relref "./docs/Container/安装指导.md" >}}) + - [使用指南]({{< relref "./docs/Container/使用指南-1.md" >}}) + - [指定rootfs创建容器]({{< relref "./docs/Container/指定rootfs创建容器.md" >}}) + - [通过systemd启动容器]({{< relref "./docs/Container/通过systemd启动容器.md" >}}) + - [容器内reboot/shutdown]({{< relref "./docs/Container/容器内reboot-shutdown.md" >}}) + - [cgroup路径可配置]({{< relref "./docs/Container/cgroup路径可配置.md" >}}) + - [namespace化内核参数可写]({{< relref "./docs/Container/namespace化内核参数可写.md" >}}) + - [共享内存通道]({{< relref "./docs/Container/共享内存通道.md" >}}) + - [动态加载内核模块]({{< relref "./docs/Container/动态加载内核模块.md" >}}) + - [环境变量持久化]({{< relref "./docs/Container/环境变量持久化.md" >}}) + - [最大句柄数限制]({{< relref "./docs/Container/最大句柄数限制.md" >}}) + - [安全性和隔离性]({{< relref "./docs/Container/安全性和隔离性.md" >}}) + - [容器资源动态管理]({{< relref "./docs/Container/容器资源动态管理.md" >}}) + - [附录]({{< relref "./docs/Container/附录-2.md" >}}) + - [安全容器]({{< relref "./docs/Container/安全容器.md" >}}) + - [安装与配置]({{< relref "./docs/Container/安装与配置-2.md" >}}) + - [使用方法]({{< relref "./docs/Container/使用方法-1.md" >}}) + - [管理安全容器的生命周期]({{< relref "./docs/Container/管理安全容器的生命周期.md" >}}) + - [为安全容器配置资源]({{< relref "./docs/Container/为安全容器配置资源.md" >}}) + - [为安全容器配置网络]({{< relref "./docs/Container/为安全容器配置网络.md" >}}) + - [监控安全容器]({{< relref "./docs/Container/监控安全容器.md" >}}) + - [附录]({{< relref "./docs/Container/附录-3.md" >}}) + - [Docker容器]({{< relref "./docs/Container/Docker容器.md" >}}) + - [安装配置]({{< relref "./docs/Container/安装配置-3.md" >}}) + - [容器管理]({{< relref "./docs/Container/容器管理-3.md" >}}) + - [镜像管理]({{< relref "./docs/Container/镜像管理-3.md" >}}) + - [命令行参考]({{< relref "./docs/Container/命令行参考.md" >}}) + - [容器引擎]({{< relref "./docs/Container/容器引擎-4.md" >}}) + - [容器管理]({{< relref "./docs/Container/容器管理-4.md" >}}) + - [镜像管理]({{< relref "./docs/Container/镜像管理-4.md" >}}) + - [统计信息]({{< relref "./docs/Container/统计信息-4.md" >}}) + - [容器工具]({{< relref "./docs/Container/容器工具.md" >}}) + - [isula-build构建工具]({{< relref "./docs/Container/isula-build构建工具.md" >}}) + - [isula-transform迁移工具]({{< relref "./docs/Container/isula-transform迁移工具.md" >}}) +- [A-Tune用户指南]({{< relref "./docs/A-Tune/A-Tune.md" >}}) + - [认识A-Tune]({{< relref "./docs/A-Tune/认识A-Tune.md" >}}) + - [安装与部署]({{< relref "./docs/A-Tune/安装与部署.md" >}}) + - [使用方法]({{< relref "./docs/A-Tune/使用方法.md" >}}) + - [常见问题与解决方法]({{< relref "./docs/A-Tune/常见问题与解决方法.md" >}}) + - [附录]({{< relref "./docs/A-Tune/附录.md" >}}) +- [应用开发指南]({{< relref "./docs/ApplicationDev/application-development.md" >}}) + - [开发环境准备]({{< relref "./docs/ApplicationDev/开发环境准备.md" >}}) + - [使用GCC编译]({{< relref "./docs/ApplicationDev/使用GCC编译.md" >}}) + - [使用make编译]({{< relref "./docs/ApplicationDev/使用make编译.md" >}}) + - [使用JDK编译]({{< relref "./docs/ApplicationDev/使用JDK编译.md" >}}) + - [构建RPM包]({{< relref "./docs/ApplicationDev/构建RPM包.md" >}}) +- [GCC用户指南]({{< relref "./docs/GCC/overview.md" >}}) + - [用户须知]({{< relref "./docs/GCC/GCC多版本支持用户指南.md" >}}) +- [secGear开发指南]({{< relref "./docs/secGear/secGear.md" >}}) + - [认识secGear]({{< relref "./docs/secGear/认识secGear.md" >}}) + - [安装secGear]({{< relref "./docs/secGear/安装secGear.md" >}}) + - [开发secGear应用程序]({{< relref "./docs/secGear/开发secGear应用程序.md" >}}) + - [使用secGear工具]({{< relref "./docs/secGear/使用secGear工具.md" >}}) + - [接口参考]({{< relref "./docs/secGear/接口参考.md" >}}) +- [HA用户指南]({{< relref "./docs//HA/ha.md" >}}) + - [HA的安装与部署]({{< relref "./docs/HA/HA的安装与部署.md" >}}) + - [HA使用实例]({{< relref "./docs/HA/HA的使用实例.md" >}}) +- [Kubernetes集群部署指南]({{< relref "./docs/Kubernetes/Kubernetes.md" >}}) + - [准备虚拟机]({{< relref "./docs/Kubernetes/准备虚拟机.md" >}}) + - [部署Kubernetes集群]({{< relref "./docs/Kubernetes/部署Kubernetes集群.md" >}}) + - [安装Kubernetes软件包]({{< relref "./docs/Kubernetes/安装Kubernetes软件包.md" >}}) + - [准备证书]({{< relref "./docs/Kubernetes/准备证书.md" >}}) + - [安装etcd]({{< relref "./docs/Kubernetes/安装etcd.md" >}}) + - [部署控制面组件]({{< relref "./docs/Kubernetes/部署控制面组件.md" >}}) + - [部署Node节点组件]({{< relref "./docs/Kubernetes/部署Node节点组件.md" >}}) + - [运行测试pod]({{< relref "./docs/Kubernetes/运行测试pod.md" >}}) +- [第三方软件安装指南]({{< relref "./docs/thirdparty_migration/thidrparty.md" >}}) + - [OpenStack]({{< relref "./docs/thirdparty_migration/openstack.md" >}}) + - [K8S迁移至openEuler指导]({{< relref "./docs/thirdparty_migration/k8sinstall.md" >}}) + - [SpringFramework迁移至openEuler指导]({{< relref "./docs/thirdparty_migration/springframework.md" >}}) + - [毕昇编译器安装教程]({{< relref "./docs/thirdparty_migration/bisheng.md" >}}) +- [桌面环境用户指南]({{< relref "./docs/desktop/desktop.md" >}}) + - [UKUI]({{< relref "./docs/desktop/ukui.md" >}}) + - [安装 UKUI]({{< relref "./docs/desktop/安装UKUI.md" >}}) + - [UKUI 用户指南]({{< relref "./docs/desktop/UKUIuserguide.md" >}}) + - [DDE]({{< relref "./docs/desktop/dde.md" >}}) + - [安装 DDE]({{< relref "./docs/desktop/安装DDE.md" >}}) + - [DDE 用户指南]({{< relref "./docs/desktop/DDE-User-Manual.md" >}}) + - [XFCE]({{< relref "./docs/desktop/xfce.md" >}}) + - [安装 Xfce]({{< relref "./docs/desktop/Install_XFCE.md" >}}) + - [Xfce 用户指南]({{< relref "./docs/desktop/Xfce_userguide.md" >}}) + - [KIRAN]({{< relref "./docs/desktop/kiran.md" >}}) + - [安装 Kiran]({{< relref "./docs/desktop/kiran安装手册.md" >}}) + - [Kiran 用户指南]({{< relref "./docs/desktop/Kiran_userguide.md" >}}) +- [Aops用户指南]({{< relref "./docs/A-Ops/overview.md" >}}) + - [AOps部署指南]({{< relref "./docs/A-Ops/AOps部署指南.md" >}}) + - [AOps漏洞管理模块使用手册]({{< relref "./docs/A-Ops/AOps漏洞管理模块使用手册.md" >}}) +- [镜像裁剪定制工具使用指南]({{< relref "./docs/TailorCustom/overview.md" >}}) + - [isocut 使用指南]({{< relref "./docs/TailorCustom/isocut使用指南.md" >}}) +- [eNFS用户指南]({{< relref "./docs/eNFS/enfs使用指南.md" >}}) +- [sysSentry用户指南]({{< relref "./docs/sysSentry/sysSentry用户指南.md" >}}) + - [安装和使用]({{< relref "./docs/sysSentry/安装和使用.md" >}}) + - [平均阈值慢盘检测插件]({{< relref "./docs/sysSentry/平均阈值慢盘检测插件.md" >}}) + - [AI阈值慢盘检测插件]({{< relref "./docs/sysSentry/AI阈值慢盘检测插件.md" >}}) + - [二次开发指南]({{< relref "./docs/sysSentry/二次开发指南.md" >}}) + - [常见问题与解决方法]({{< relref "./docs/sysSentry/常见问题与解决方法.md" >}}) diff --git a/docs/zh/menu/menu.json b/docs/zh/menu/menu.json deleted file mode 100644 index 5e85545a3c859551a12e039b76f0e25957bdba7a..0000000000000000000000000000000000000000 --- a/docs/zh/menu/menu.json +++ /dev/null @@ -1,815 +0,0 @@ -[ - { - "label": "法律声明", - "path": "docs/Releasenotes/法律声明", - "children": [ - - ] - }, - { - "label": "发行说明", - "path": "docs/Releasenotes/release_notes", - "children": [ - { - "label": "用户须知", - "path": "docs/Releasenotes/用户须知", - "children": [ - - ] - }, - { - "label": "简介", - "path": "docs/Releasenotes/简介", - "children": [ - - ] - }, - { - "label": "系统安装", - "path": "docs/Releasenotes/系统安装", - "children": [ - - ] - }, - { - "label": "关键特性", - "path": "docs/Releasenotes/关键特性", - "children": [ - - ] - }, - { - "label": "已知问题", - "path": "docs/Releasenotes/已知问题", - "children": [ - - ] - }, - { - "label": "已修复问题", - "path": "docs/Releasenotes/已修复问题", - "children": [ - - ] - }, - { - "label": "CVE漏洞", - "path": "docs/Releasenotes/CVE漏洞", - "children": [ - - ] - }, - { - "label": "源代码", - "path": "docs/Releasenotes/源代码", - "children": [ - - ] - }, - { - "label": "参与贡献", - "path": "docs/Releasenotes/参与贡献", - "children": [ - - ] - }, - { - "label": "致谢", - "path": "docs/Releasenotes/致谢", - "children": [ - - ] - } - ] - }, - { - "label": "快速入门", - "path": "docs/Quickstart/quick-start", - "children": [ - - ] - }, - { - "label": "安装指南", - "path": "docs/Installation/installation", - "children": [ - { - "label": "安装准备", - "path": "docs/Installation/安装准备", - "children": [ - - ] - }, - { - "label": "安装方式介绍", - "path": "docs/Installation/安装方式介绍", - "children": [ - - ] - }, - { - "label": "安装指导", - "path": "docs/Installation/安装指导", - "children": [ - - ] - }, - { - "label": "使用kickstart自动化安装", - "path": "docs/Installation/使用kickstart自动化安装", - "children": [ - - ] - }, - { - "label": "FAQ", - "path": "docs/Installation/FAQ", - "children": [ - - ] - } - ] - }, - { - "label": "管理员指南", - "path": "docs/Administration/administration", - "children": [ - { - "label": "查看系统信息", - "path": "docs/Administration/查看系统信息", - "children": [ - - ] - }, - { - "label": "基础配置", - "path": "docs/Administration/基础配置", - "children": [ - - ] - }, - { - "label": "管理用户和用户组", - "path": "docs/Administration/管理用户和用户组", - "children": [ - - ] - }, - { - "label": "使用DNF管理软件包", - "path": "docs/Administration/使用DNF管理软件包", - "children": [ - - ] - }, - { - "label": "管理服务", - "path": "docs/Administration/管理服务", - "children": [ - - ] - }, - { - "label": "管理进程", - "path": "docs/Administration/管理进程", - "children": [ - - ] - }, - { - "label": "配置网络", - "path": "docs/Administration/配置网络", - "children": [ - - ] - }, - { - "label": "使用LVM管理硬盘", - "path": "docs/Administration/使用LVM管理硬盘", - "children": [ - - ] - }, - { - "label": "使用KAE加速引擎", - "path": "docs/Administration/使用KAE加速引擎", - "children": [ - - ] - }, - { - "label": "搭建服务", - "path": "docs/Administration/搭建服务", - "children": [ - { - "label": "搭建repo服务器", - "path": "docs/Administration/搭建repo服务器", - "children": [ - - ] - }, - { - "label": "搭建FTP服务器", - "path": "docs/Administration/搭建FTP服务器", - "children": [ - - ] - }, - { - "label": "搭建web服务器", - "path": "docs/Administration/搭建web服务器", - "children": [ - - ] - }, - { - "label": "搭建数据库服务器", - "path": "docs/Administration/搭建数据库服务器", - "children": [ - - ] - } - ] - }, - { - "label": "FAQ", - "path": "docs/Administration/FAQ-54", - "children": [ - - ] - } - ] - }, - { - "label": "安全加固指南", - "path": "docs/SecHarden/secHarden", - "children": [ - { - "label": "操作系统加固概述", - "path": "docs/SecHarden/操作系统加固概述", - "children": [ - ] - }, - { - "label": "加固指导", - "path": "docs/SecHarden/加固指导", - "children": [ - { - "label": "账户口令", - "path": "docs/SecHarden/账户口令", - "children": [ - - ] - }, - { - "label": "授权认证", - "path": "docs/SecHarden/授权认证", - "children": [ - - ] - }, - { - "label": "系统服务", - "path": "docs/SecHarden/系统服务", - "children": [ - - ] - }, - { - "label": "文件权限", - "path": "docs/SecHarden/文件权限", - "children": [ - - ] - }, - { - "label": "内核参数", - "path": "docs/SecHarden/内核参数", - "children": [ - - ] - }, - { - "label": "SELinux配置", - "path": "docs/SecHarden/SELinux配置", - "children": [ - - ] - } - ] - }, - { - "label": "安全加固工具", - "path": "docs/SecHarden/安全加固工具", - "children": [ - - ] - }, - { - "label": "附录", - "path": "docs/SecHarden/附录", - "children": [ - - ] - } - ] - }, - { - "label": "虚拟化用户指南", - "path": "docs/Virtualization/virtualization", - "children": [ - { - "label": "认识虚拟化", - "path": "docs/Virtualization/认识虚拟化", - "children": [ - - ] - }, - { - "label": "安装虚拟化", - "path": "docs/Virtualization/安装虚拟化", - "children": [ - - ] - }, - { - "label": "准备使用环境", - "path": "docs/Virtualization/准备使用环境", - "children": [ - - ] - }, - { - "label": "虚拟机配置", - "path": "docs/Virtualization/虚拟机配置", - "children": [ - - ] - }, - { - "label": "管理虚拟机", - "path": "docs/Virtualization/管理虚拟机", - "children": [ - - ] - }, - { - "label": "热迁移虚拟机", - "path": "docs/Virtualization/热迁移虚拟机", - "children": [ - - ] - }, - { - "label": "管理系统资源", - "path": "docs/Virtualization/管理系统资源", - "children": [ - - ] - }, - { - "label": "管理设备", - "path": "docs/Virtualization/管理设备", - "children": [ - - ] - }, - { - "label": "最佳实践", - "path": "docs/Virtualization/最佳实践", - "children": [ - - ] - }, - { - "label": "附录", - "path": "docs/Virtualization/附录", - "children": [ - - ] - } - ] - }, - { - "label": "容器用户指南", - "path": "docs/Container/container", - "children": [ - { - "label": "iSula容器引擎", - "path": "docs/Container/iSula容器引擎", - "children": [ - { - "label": "安装、升级与卸载", - "path": "docs/Container/安装-升级与卸载", - "children": [ - { - "label": "安装与配置", - "path": "docs/Container/安装与配置", - "children": [ - - ] - }, - { - "label": "升级", - "path": "docs/Container/升级", - "children": [ - - ] - }, - { - "label": "卸载", - "path": "docs/Container/卸载", - "children": [ - - ] - } - ] - }, - { - "label": "使用指南", - "path": "docs/Container/使用指南", - "children": [ - { - "label": "容器管理", - "path": "docs/Container/容器管理", - "children": [ - - ] - }, - { - "label": "支持CNI网络", - "path": "docs/Container/支持CNI网络", - "children": [ - - ] - }, - { - "label": "特权容器", - "path": "docs/Container/特权容器", - "children": [ - - ] - }, - { - "label": "CRI接口", - "path": "docs/Container/CRI接口", - "children": [ - - ] - }, - { - "label": "镜像管理", - "path": "docs/Container/镜像管理", - "children": [ - - ] - }, - { - "label": "容器健康状态检查", - "path": "docs/Container/容器健康状态检查", - "children": [ - - ] - }, - { - "label": "查询信息", - "path": "docs/Container/查询信息", - "children": [ - - ] - }, - { - "label": "安全特性", - "path": "docs/Container/安全特性", - "children": [ - - ] - }, - { - "label": "支持OCI hooks", - "path": "docs/Container/支持OCI-hooks", - "children": [ - - ] - } - ] - }, - { - "label": "附录", - "path": "docs/Container/附录", - "children": [ - - ] - } - ] - }, - { - "label": "系统容器", - "path": "docs/Container/系统容器", - "children": [ - { - "label": "安装指导", - "path": "docs/Container/安装指导", - "children": [ - - ] - }, - { - "label": "使用指南", - "path": "docs/Container/使用指南-1", - "children": [ - { - "label": "指定rootfs创建容器", - "path": "docs/Container/指定rootfs创建容器", - "children": [ - - ] - }, - { - "label": "通过systemd启动容器", - "path": "docs/Container/通过systemd启动容器", - "children": [ - - ] - }, - { - "label": "容器内reboot/shutdown", - "path": "docs/Container/容器内reboot-shutdown", - "children": [ - - ] - }, - { - "label": "cgroup路径可配置", - "path": "docs/Container/cgroup路径可配置", - "children": [ - - ] - }, - { - "label": "namespace化内核参数可写", - "path": "docs/Container/namespace化内核参数可写", - "children": [ - - ] - }, - { - "label": "共享内存通道", - "path": "docs/Container/共享内存通道", - "children": [ - - ] - }, - { - "label": "动态加载内核模块", - "path": "docs/Container/动态加载内核模块", - "children": [ - - ] - }, - { - "label": "环境变量持久化", - "path": "docs/Container/环境变量持久化", - "children": [ - - ] - }, - { - "label": "最大句柄数限制", - "path": "docs/Container/最大句柄数限制", - "children": [ - - ] - }, - { - "label": "安全性和隔离性", - "path": "docs/Container/安全性和隔离性", - "children": [ - - ] - }, - { - "label": "容器资源动态管理", - "path": "docs/Container/容器资源动态管理", - "children": [ - - ] - } - ] - }, - { - "label": "附录", - "path": "docs/Container/附录-2", - "children": [ - - ] - } - ] - }, - { - "label": "安全容器", - "path": "docs/Container/安全容器", - "children": [ - { - "label": "安装与配置", - "path": "docs/Container/安装与配置-2", - "children": [ - - ] - }, - { - "label": "使用方法", - "path": "docs/Container/使用方法-1", - "children": [ - { - "label": "管理安全容器的生命周期", - "path": "docs/Container/管理安全容器的生命周期", - "children": [ - - ] - }, - { - "label": "为安全容器配置资源", - "path": "docs/Container/为安全容器配置资源", - "children": [ - - ] - }, - { - "label": "为安全容器配置网络", - "path": "docs/Container/为安全容器配置网络", - "children": [ - - ] - }, - { - "label": "监控安全容器", - "path": "docs/Container/监控安全容器", - "children": [ - - ] - } - ] - }, - { - "label": "附录", - "path": "docs/Container/附录-3", - "children": [ - - ] - } - ] - }, - { - "label": "Docker容器", - "path": "docs/Container/Docker容器", - "children": [ - { - "label": "安装配置", - "path": "docs/Container/安装配置-3", - "children": [ - - ] - }, - { - "label": "容器管理", - "path": "docs/Container/容器管理-3", - "children": [ - - ] - }, - { - "label": "镜像管理", - "path": "docs/Container/镜像管理-3", - "children": [ - - ] - }, - { - "label": "命令行参考", - "path": "docs/Container/命令行参考", - "children": [ - { - "label": "容器引擎", - "path": "docs/Container/容器引擎-4", - "children": [ - - ] - }, - { - "label": "容器管理", - "path": "docs/Container/容器管理-4", - "children": [ - - ] - }, - { - "label": "镜像管理", - "path": "docs/Container/镜像管理-4", - "children": [ - - ] - }, - { - "label": "统计信息", - "path": "docs/Container/统计信息-4", - "children": [ - - ] - } - ] - } - ] - }, - { - "label": "isula-build构建工具", - "path": "docs/Container/isula-build构建工具", - "children": [ - - ] - } - ] - }, - { - "label": "A-Tune用户指南", - "path": "docs/A-Tune/A-Tune", - "children": [ - { - "label": "认识A-Tune", - "path": "docs/A-Tune/认识A-Tune", - "children": [ - - ] - }, - { - "label": "安装与部署", - "path": "docs/A-Tune/安装与部署", - "children": [ - - ] - }, - { - "label": "使用方法", - "path": "docs/A-Tune/使用方法", - "children": [ - - ] - }, - { - "label": "常见问题与解决方法", - "path": "docs/A-Tune/常见问题与解决方法", - "children": [ - - ] - }, - { - "label": "附录", - "path": "docs/A-Tune/附录", - "children": [ - - ] - } - ] - }, - { - "label": "应用开发指南", - "path": "docs/ApplicationDev/application-development", - "children": [ - { - "label": "开发环境准备", - "path": "docs/ApplicationDev/开发环境准备", - "children": [ - - ] - }, - { - "label": "使用GCC编译", - "path": "docs/ApplicationDev/使用GCC编译", - "children": [ - - ] - }, - { - "label": "使用make编译", - "path": "docs/ApplicationDev/使用make编译", - "children": [ - - ] - }, - { - "label": "使用JDK编译", - "path": "docs/ApplicationDev/使用JDK编译", - "children": [ - - ] - }, - { - "label": "构建RPM包", - "path": "docs/ApplicationDev/构建RPM包", - "children": [ - - ] - } - ] - } -]